projects / deliverable / linux.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Bluetooth: Add HCI command structure for writing current IAC LAP
[deliverable/linux.git] / net / bluetooth / mgmt.c
CommitLineData
0381101f
JH		 1/*
2 BlueZ - Bluetooth protocol stack for Linux
ea585ab5 3
0381101f 4 Copyright (C) 2010 Nokia Corporation
ea585ab5 5 Copyright (C) 2011-2012 Intel Corporation
0381101f
JH		 6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
10
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
23*/
24
25/* Bluetooth HCI Management interface */
26
3a9a231d 27#include <linux/module.h>
0381101f
JH		 28#include <asm/unaligned.h>
29
30#include <net/bluetooth/bluetooth.h>
31#include <net/bluetooth/hci_core.h>
32#include <net/bluetooth/mgmt.h>
ac4b7236
MH		 33
34#include "smp.h"
0381101f 35
2da9c55c 36#define MGMT_VERSION 1
9ab8cf37 37#define MGMT_REVISION 4
02d98129 38
e70bb2e8
JH		 39static const u16 mgmt_commands[] = {
40 MGMT_OP_READ_INDEX_LIST,
41 MGMT_OP_READ_INFO,
42 MGMT_OP_SET_POWERED,
43 MGMT_OP_SET_DISCOVERABLE,
44 MGMT_OP_SET_CONNECTABLE,
45 MGMT_OP_SET_FAST_CONNECTABLE,
46 MGMT_OP_SET_PAIRABLE,
47 MGMT_OP_SET_LINK_SECURITY,
48 MGMT_OP_SET_SSP,
49 MGMT_OP_SET_HS,
50 MGMT_OP_SET_LE,
51 MGMT_OP_SET_DEV_CLASS,
52 MGMT_OP_SET_LOCAL_NAME,
53 MGMT_OP_ADD_UUID,
54 MGMT_OP_REMOVE_UUID,
55 MGMT_OP_LOAD_LINK_KEYS,
56 MGMT_OP_LOAD_LONG_TERM_KEYS,
57 MGMT_OP_DISCONNECT,
58 MGMT_OP_GET_CONNECTIONS,
59 MGMT_OP_PIN_CODE_REPLY,
60 MGMT_OP_PIN_CODE_NEG_REPLY,
61 MGMT_OP_SET_IO_CAPABILITY,
62 MGMT_OP_PAIR_DEVICE,
63 MGMT_OP_CANCEL_PAIR_DEVICE,
64 MGMT_OP_UNPAIR_DEVICE,
65 MGMT_OP_USER_CONFIRM_REPLY,
66 MGMT_OP_USER_CONFIRM_NEG_REPLY,
67 MGMT_OP_USER_PASSKEY_REPLY,
68 MGMT_OP_USER_PASSKEY_NEG_REPLY,
69 MGMT_OP_READ_LOCAL_OOB_DATA,
70 MGMT_OP_ADD_REMOTE_OOB_DATA,
71 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
72 MGMT_OP_START_DISCOVERY,
73 MGMT_OP_STOP_DISCOVERY,
74 MGMT_OP_CONFIRM_NAME,
75 MGMT_OP_BLOCK_DEVICE,
76 MGMT_OP_UNBLOCK_DEVICE,
cdbaccca 77 MGMT_OP_SET_DEVICE_ID,
4375f103 78 MGMT_OP_SET_ADVERTISING,
0663ca2a 79 MGMT_OP_SET_BREDR,
d13eafce 80 MGMT_OP_SET_STATIC_ADDRESS,
7f72134e 81 MGMT_OP_SET_SCAN_PARAMS,
e70bb2e8
JH		 82};
83
84static const u16 mgmt_events[] = {
85 MGMT_EV_CONTROLLER_ERROR,
86 MGMT_EV_INDEX_ADDED,
87 MGMT_EV_INDEX_REMOVED,
88 MGMT_EV_NEW_SETTINGS,
89 MGMT_EV_CLASS_OF_DEV_CHANGED,
90 MGMT_EV_LOCAL_NAME_CHANGED,
91 MGMT_EV_NEW_LINK_KEY,
92 MGMT_EV_NEW_LONG_TERM_KEY,
93 MGMT_EV_DEVICE_CONNECTED,
94 MGMT_EV_DEVICE_DISCONNECTED,
95 MGMT_EV_CONNECT_FAILED,
96 MGMT_EV_PIN_CODE_REQUEST,
97 MGMT_EV_USER_CONFIRM_REQUEST,
98 MGMT_EV_USER_PASSKEY_REQUEST,
99 MGMT_EV_AUTH_FAILED,
100 MGMT_EV_DEVICE_FOUND,
101 MGMT_EV_DISCOVERING,
102 MGMT_EV_DEVICE_BLOCKED,
103 MGMT_EV_DEVICE_UNBLOCKED,
104 MGMT_EV_DEVICE_UNPAIRED,
92a25256 105 MGMT_EV_PASSKEY_NOTIFY,
e70bb2e8
JH		 106};
107
17b02e62 108#define CACHE_TIMEOUT msecs_to_jiffies(2 * 1000)
7d78525d 109
4b34ee78
JH		 110#define hdev_is_powered(hdev) (test_bit(HCI_UP, &hdev->flags) && \
111 !test_bit(HCI_AUTO_OFF, &hdev->dev_flags))
112
eec8d2bc
JH		 113struct pending_cmd {
114 struct list_head list;
fc2f4b13 115 u16 opcode;
eec8d2bc 116 int index;
c68fb7ff 117 void *param;
eec8d2bc 118 struct sock *sk;
e9a416b5 119 void *user_data;
eec8d2bc
JH		 120};
121
ca69b795
JH		 122/* HCI to MGMT error code conversion table */
123static u8 mgmt_status_table[] = {
124 MGMT_STATUS_SUCCESS,
125 MGMT_STATUS_UNKNOWN_COMMAND, /* Unknown Command */
126 MGMT_STATUS_NOT_CONNECTED, /* No Connection */
127 MGMT_STATUS_FAILED, /* Hardware Failure */
128 MGMT_STATUS_CONNECT_FAILED, /* Page Timeout */
129 MGMT_STATUS_AUTH_FAILED, /* Authentication Failed */
130 MGMT_STATUS_NOT_PAIRED, /* PIN or Key Missing */
131 MGMT_STATUS_NO_RESOURCES, /* Memory Full */
132 MGMT_STATUS_TIMEOUT, /* Connection Timeout */
133 MGMT_STATUS_NO_RESOURCES, /* Max Number of Connections */
134 MGMT_STATUS_NO_RESOURCES, /* Max Number of SCO Connections */
135 MGMT_STATUS_ALREADY_CONNECTED, /* ACL Connection Exists */
136 MGMT_STATUS_BUSY, /* Command Disallowed */
137 MGMT_STATUS_NO_RESOURCES, /* Rejected Limited Resources */
138 MGMT_STATUS_REJECTED, /* Rejected Security */
139 MGMT_STATUS_REJECTED, /* Rejected Personal */
140 MGMT_STATUS_TIMEOUT, /* Host Timeout */
141 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Feature */
142 MGMT_STATUS_INVALID_PARAMS, /* Invalid Parameters */
143 MGMT_STATUS_DISCONNECTED, /* OE User Ended Connection */
144 MGMT_STATUS_NO_RESOURCES, /* OE Low Resources */
145 MGMT_STATUS_DISCONNECTED, /* OE Power Off */
146 MGMT_STATUS_DISCONNECTED, /* Connection Terminated */
147 MGMT_STATUS_BUSY, /* Repeated Attempts */
148 MGMT_STATUS_REJECTED, /* Pairing Not Allowed */
149 MGMT_STATUS_FAILED, /* Unknown LMP PDU */
150 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Remote Feature */
151 MGMT_STATUS_REJECTED, /* SCO Offset Rejected */
152 MGMT_STATUS_REJECTED, /* SCO Interval Rejected */
153 MGMT_STATUS_REJECTED, /* Air Mode Rejected */
154 MGMT_STATUS_INVALID_PARAMS, /* Invalid LMP Parameters */
155 MGMT_STATUS_FAILED, /* Unspecified Error */
156 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported LMP Parameter Value */
157 MGMT_STATUS_FAILED, /* Role Change Not Allowed */
158 MGMT_STATUS_TIMEOUT, /* LMP Response Timeout */
159 MGMT_STATUS_FAILED, /* LMP Error Transaction Collision */
160 MGMT_STATUS_FAILED, /* LMP PDU Not Allowed */
161 MGMT_STATUS_REJECTED, /* Encryption Mode Not Accepted */
162 MGMT_STATUS_FAILED, /* Unit Link Key Used */
163 MGMT_STATUS_NOT_SUPPORTED, /* QoS Not Supported */
164 MGMT_STATUS_TIMEOUT, /* Instant Passed */
165 MGMT_STATUS_NOT_SUPPORTED, /* Pairing Not Supported */
166 MGMT_STATUS_FAILED, /* Transaction Collision */
167 MGMT_STATUS_INVALID_PARAMS, /* Unacceptable Parameter */
168 MGMT_STATUS_REJECTED, /* QoS Rejected */
169 MGMT_STATUS_NOT_SUPPORTED, /* Classification Not Supported */
170 MGMT_STATUS_REJECTED, /* Insufficient Security */
171 MGMT_STATUS_INVALID_PARAMS, /* Parameter Out Of Range */
172 MGMT_STATUS_BUSY, /* Role Switch Pending */
173 MGMT_STATUS_FAILED, /* Slot Violation */
174 MGMT_STATUS_FAILED, /* Role Switch Failed */
175 MGMT_STATUS_INVALID_PARAMS, /* EIR Too Large */
176 MGMT_STATUS_NOT_SUPPORTED, /* Simple Pairing Not Supported */
177 MGMT_STATUS_BUSY, /* Host Busy Pairing */
178 MGMT_STATUS_REJECTED, /* Rejected, No Suitable Channel */
179 MGMT_STATUS_BUSY, /* Controller Busy */
180 MGMT_STATUS_INVALID_PARAMS, /* Unsuitable Connection Interval */
181 MGMT_STATUS_TIMEOUT, /* Directed Advertising Timeout */
182 MGMT_STATUS_AUTH_FAILED, /* Terminated Due to MIC Failure */
183 MGMT_STATUS_CONNECT_FAILED, /* Connection Establishment Failed */
184 MGMT_STATUS_CONNECT_FAILED, /* MAC Connection Failed */
185};
186
187static u8 mgmt_status(u8 hci_status)
188{
189 if (hci_status < ARRAY_SIZE(mgmt_status_table))
190 return mgmt_status_table[hci_status];
191
192 return MGMT_STATUS_FAILED;
193}
194
4e51eae9 195static int cmd_status(struct sock *sk, u16 index, u16 cmd, u8 status)
f7b64e69
JH		 196{
197 struct sk_buff *skb;
198 struct mgmt_hdr *hdr;
199 struct mgmt_ev_cmd_status *ev;
56b7d137 200 int err;
f7b64e69 201
34eb525c 202 BT_DBG("sock %p, index %u, cmd %u, status %u", sk, index, cmd, status);
f7b64e69 203
790eff44 204 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev), GFP_KERNEL);
f7b64e69
JH		 205 if (!skb)
206 return -ENOMEM;
207
208 hdr = (void *) skb_put(skb, sizeof(*hdr));
209
612dfce9 210 hdr->opcode = __constant_cpu_to_le16(MGMT_EV_CMD_STATUS);
4e51eae9 211 hdr->index = cpu_to_le16(index);
f7b64e69
JH		 212 hdr->len = cpu_to_le16(sizeof(*ev));
213
214 ev = (void *) skb_put(skb, sizeof(*ev));
215 ev->status = status;
eb55ef07 216 ev->opcode = cpu_to_le16(cmd);
f7b64e69 217
56b7d137
GP		 218 err = sock_queue_rcv_skb(sk, skb);
219 if (err < 0)
f7b64e69
JH		 220 kfree_skb(skb);
221
56b7d137 222 return err;
f7b64e69
JH		 223}
224
aee9b218 225static int cmd_complete(struct sock *sk, u16 index, u16 cmd, u8 status,
04124681 226 void *rp, size_t rp_len)
02d98129
JH		 227{
228 struct sk_buff *skb;
229 struct mgmt_hdr *hdr;
230 struct mgmt_ev_cmd_complete *ev;
56b7d137 231 int err;
02d98129
JH		 232
233 BT_DBG("sock %p", sk);
234
790eff44 235 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev) + rp_len, GFP_KERNEL);
02d98129
JH		 236 if (!skb)
237 return -ENOMEM;
238
239 hdr = (void *) skb_put(skb, sizeof(*hdr));
02d98129 240
612dfce9 241 hdr->opcode = __constant_cpu_to_le16(MGMT_EV_CMD_COMPLETE);
4e51eae9 242 hdr->index = cpu_to_le16(index);
a38528f1 243 hdr->len = cpu_to_le16(sizeof(*ev) + rp_len);
02d98129 244
a38528f1 245 ev = (void *) skb_put(skb, sizeof(*ev) + rp_len);
eb55ef07 246 ev->opcode = cpu_to_le16(cmd);
aee9b218 247 ev->status = status;
8020c16a
SJ		 248
249 if (rp)
250 memcpy(ev->data, rp, rp_len);
02d98129 251
56b7d137
GP		 252 err = sock_queue_rcv_skb(sk, skb);
253 if (err < 0)
02d98129
JH		 254 kfree_skb(skb);
255
e5f0e151 256 return err;
02d98129
JH		 257}
258
04124681
GP		 259static int read_version(struct sock *sk, struct hci_dev *hdev, void *data,
260 u16 data_len)
a38528f1
JH		 261{
262 struct mgmt_rp_read_version rp;
263
264 BT_DBG("sock %p", sk);
265
266 rp.version = MGMT_VERSION;
eb55ef07 267 rp.revision = __constant_cpu_to_le16(MGMT_REVISION);
a38528f1 268
aee9b218 269 return cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_VERSION, 0, &rp,
04124681 270 sizeof(rp));
a38528f1
JH		 271}
272
04124681
GP		 273static int read_commands(struct sock *sk, struct hci_dev *hdev, void *data,
274 u16 data_len)
e70bb2e8
JH		 275{
276 struct mgmt_rp_read_commands *rp;
eb55ef07
MH		 277 const u16 num_commands = ARRAY_SIZE(mgmt_commands);
278 const u16 num_events = ARRAY_SIZE(mgmt_events);
2e3c35ea 279 __le16 *opcode;
e70bb2e8
JH		 280 size_t rp_size;
281 int i, err;
282
283 BT_DBG("sock %p", sk);
284
285 rp_size = sizeof(*rp) + ((num_commands + num_events) * sizeof(u16));
286
287 rp = kmalloc(rp_size, GFP_KERNEL);
288 if (!rp)
289 return -ENOMEM;
290
eb55ef07
MH		 291 rp->num_commands = __constant_cpu_to_le16(num_commands);
292 rp->num_events = __constant_cpu_to_le16(num_events);
e70bb2e8
JH		 293
294 for (i = 0, opcode = rp->opcodes; i < num_commands; i++, opcode++)
295 put_unaligned_le16(mgmt_commands[i], opcode);
296
297 for (i = 0; i < num_events; i++, opcode++)
298 put_unaligned_le16(mgmt_events[i], opcode);
299
aee9b218 300 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_COMMANDS, 0, rp,
04124681 301 rp_size);
e70bb2e8
JH		 302 kfree(rp);
303
304 return err;
305}
306
04124681
GP		 307static int read_index_list(struct sock *sk, struct hci_dev *hdev, void *data,
308 u16 data_len)
faba42eb 309{
faba42eb 310 struct mgmt_rp_read_index_list *rp;
8035ded4 311 struct hci_dev *d;
a38528f1 312 size_t rp_len;
faba42eb 313 u16 count;
476e44cb 314 int err;
faba42eb
JH		 315
316 BT_DBG("sock %p", sk);
317
318 read_lock(&hci_dev_list_lock);
319
320 count = 0;
bb4b2a9a 321 list_for_each_entry(d, &hci_dev_list, list) {
1514b892
MH		 322 if (d->dev_type == HCI_BREDR)
323 count++;
faba42eb
JH		 324 }
325
a38528f1
JH		 326 rp_len = sizeof(*rp) + (2 * count);
327 rp = kmalloc(rp_len, GFP_ATOMIC);
328 if (!rp) {
b2c60d42 329 read_unlock(&hci_dev_list_lock);
faba42eb 330 return -ENOMEM;
b2c60d42 331 }
faba42eb 332
476e44cb 333 count = 0;
8035ded4 334 list_for_each_entry(d, &hci_dev_list, list) {
a8b2d5c2 335 if (test_bit(HCI_SETUP, &d->dev_flags))
ab81cbf9
JH		 336 continue;
337
0736cfa8
MH		 338 if (test_bit(HCI_USER_CHANNEL, &d->dev_flags))
339 continue;
340
1514b892
MH		 341 if (d->dev_type == HCI_BREDR) {
342 rp->index[count++] = cpu_to_le16(d->id);
343 BT_DBG("Added hci%u", d->id);
344 }
faba42eb
JH		 345 }
346
476e44cb
JH		 347 rp->num_controllers = cpu_to_le16(count);
348 rp_len = sizeof(*rp) + (2 * count);
349
faba42eb
JH		 350 read_unlock(&hci_dev_list_lock);
351
aee9b218 352 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_INDEX_LIST, 0, rp,
04124681 353 rp_len);
faba42eb 354
a38528f1
JH		 355 kfree(rp);
356
357 return err;
faba42eb
JH		 358}
359
69ab39ea
JH		 360static u32 get_supported_settings(struct hci_dev *hdev)
361{
362 u32 settings = 0;
363
364 settings |= MGMT_SETTING_POWERED;
69ab39ea
JH		 365 settings |= MGMT_SETTING_PAIRABLE;
366
ed3fa31f 367 if (lmp_bredr_capable(hdev)) {
33c525c0 368 settings |= MGMT_SETTING_CONNECTABLE;
1a47aee8
JH		 369 if (hdev->hci_ver >= BLUETOOTH_VER_1_2)
370 settings |= MGMT_SETTING_FAST_CONNECTABLE;
33c525c0 371 settings |= MGMT_SETTING_DISCOVERABLE;
69ab39ea
JH		 372 settings |= MGMT_SETTING_BREDR;
373 settings |= MGMT_SETTING_LINK_SECURITY;
a82974c9
MH		 374
375 if (lmp_ssp_capable(hdev)) {
376 settings |= MGMT_SETTING_SSP;
377 settings |= MGMT_SETTING_HS;
378 }
848566b3 379 }
d7b7e796 380
eeca6f89 381 if (lmp_le_capable(hdev)) {
9d42820f 382 settings |= MGMT_SETTING_LE;
eeca6f89
JH		 383 settings |= MGMT_SETTING_ADVERTISING;
384 }
69ab39ea
JH		 385
386 return settings;
387}
388
389static u32 get_current_settings(struct hci_dev *hdev)
390{
391 u32 settings = 0;
392
f1f0eb02 393 if (hdev_is_powered(hdev))
f0d4b78a
MH		 394 settings |= MGMT_SETTING_POWERED;
395
5e5282bb 396 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
69ab39ea
JH		 397 settings |= MGMT_SETTING_CONNECTABLE;
398
1a4d3c4b
JH		 399 if (test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags))
400 settings |= MGMT_SETTING_FAST_CONNECTABLE;
401
5e5282bb 402 if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
69ab39ea
JH		 403 settings |= MGMT_SETTING_DISCOVERABLE;
404
a8b2d5c2 405 if (test_bit(HCI_PAIRABLE, &hdev->dev_flags))
69ab39ea
JH		 406 settings |= MGMT_SETTING_PAIRABLE;
407
56f87901 408 if (test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
69ab39ea
JH		 409 settings |= MGMT_SETTING_BREDR;
410
06199cf8 411 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
69ab39ea
JH		 412 settings |= MGMT_SETTING_LE;
413
47990ea0 414 if (test_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
69ab39ea
JH		 415 settings |= MGMT_SETTING_LINK_SECURITY;
416
84bde9d6 417 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
69ab39ea
JH		 418 settings |= MGMT_SETTING_SSP;
419
6d80dfd0
JH		 420 if (test_bit(HCI_HS_ENABLED, &hdev->dev_flags))
421 settings |= MGMT_SETTING_HS;
422
f3d3444a 423 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags))
eeca6f89
JH		 424 settings |= MGMT_SETTING_ADVERTISING;
425
69ab39ea
JH		 426 return settings;
427}
428
ef580372
JH		 429#define PNP_INFO_SVCLASS_ID 0x1200
430
213202ed
JH		 431static u8 *create_uuid16_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
432{
433 u8 *ptr = data, *uuids_start = NULL;
434 struct bt_uuid *uuid;
435
436 if (len < 4)
437 return ptr;
438
439 list_for_each_entry(uuid, &hdev->uuids, list) {
440 u16 uuid16;
441
442 if (uuid->size != 16)
443 continue;
444
445 uuid16 = get_unaligned_le16(&uuid->uuid[12]);
446 if (uuid16 < 0x1100)
447 continue;
448
449 if (uuid16 == PNP_INFO_SVCLASS_ID)
450 continue;
451
452 if (!uuids_start) {
453 uuids_start = ptr;
454 uuids_start[0] = 1;
455 uuids_start[1] = EIR_UUID16_ALL;
456 ptr += 2;
457 }
458
459 /* Stop if not enough space to put next UUID */
460 if ((ptr - data) + sizeof(u16) > len) {
461 uuids_start[1] = EIR_UUID16_SOME;
462 break;
463 }
464
465 *ptr++ = (uuid16 & 0x00ff);
466 *ptr++ = (uuid16 & 0xff00) >> 8;
467 uuids_start[0] += sizeof(uuid16);
468 }
469
470 return ptr;
471}
472
cdf1963f
JH		 473static u8 *create_uuid32_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
474{
475 u8 *ptr = data, *uuids_start = NULL;
476 struct bt_uuid *uuid;
477
478 if (len < 6)
479 return ptr;
480
481 list_for_each_entry(uuid, &hdev->uuids, list) {
482 if (uuid->size != 32)
483 continue;
484
485 if (!uuids_start) {
486 uuids_start = ptr;
487 uuids_start[0] = 1;
488 uuids_start[1] = EIR_UUID32_ALL;
489 ptr += 2;
490 }
491
492 /* Stop if not enough space to put next UUID */
493 if ((ptr - data) + sizeof(u32) > len) {
494 uuids_start[1] = EIR_UUID32_SOME;
495 break;
496 }
497
498 memcpy(ptr, &uuid->uuid[12], sizeof(u32));
499 ptr += sizeof(u32);
500 uuids_start[0] += sizeof(u32);
501 }
502
503 return ptr;
504}
505
c00d575b
JH		 506static u8 *create_uuid128_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
507{
508 u8 *ptr = data, *uuids_start = NULL;
509 struct bt_uuid *uuid;
510
511 if (len < 18)
512 return ptr;
513
514 list_for_each_entry(uuid, &hdev->uuids, list) {
515 if (uuid->size != 128)
516 continue;
517
518 if (!uuids_start) {
519 uuids_start = ptr;
520 uuids_start[0] = 1;
521 uuids_start[1] = EIR_UUID128_ALL;
522 ptr += 2;
523 }
524
525 /* Stop if not enough space to put next UUID */
526 if ((ptr - data) + 16 > len) {
527 uuids_start[1] = EIR_UUID128_SOME;
528 break;
529 }
530
531 memcpy(ptr, uuid->uuid, 16);
532 ptr += 16;
533 uuids_start[0] += 16;
534 }
535
536 return ptr;
537}
538
441ad2d0
MH		 539static u8 create_ad(struct hci_dev *hdev, u8 *ptr)
540{
541 u8 ad_len = 0, flags = 0;
542 size_t name_len;
543
544 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags))
545 flags |= LE_AD_GENERAL;
546
547 if (test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
548 if (lmp_le_br_capable(hdev))
549 flags |= LE_AD_SIM_LE_BREDR_CTRL;
550 if (lmp_host_le_br_capable(hdev))
551 flags |= LE_AD_SIM_LE_BREDR_HOST;
552 } else {
553 flags |= LE_AD_NO_BREDR;
554 }
555
556 if (flags) {
557 BT_DBG("adv flags 0x%02x", flags);
558
559 ptr[0] = 2;
560 ptr[1] = EIR_FLAGS;
561 ptr[2] = flags;
562
563 ad_len += 3;
564 ptr += 3;
565 }
566
567 if (hdev->adv_tx_power != HCI_TX_POWER_INVALID) {
568 ptr[0] = 2;
569 ptr[1] = EIR_TX_POWER;
570 ptr[2] = (u8) hdev->adv_tx_power;
571
572 ad_len += 3;
573 ptr += 3;
574 }
575
576 name_len = strlen(hdev->dev_name);
577 if (name_len > 0) {
578 size_t max_len = HCI_MAX_AD_LENGTH - ad_len - 2;
579
580 if (name_len > max_len) {
581 name_len = max_len;
582 ptr[1] = EIR_NAME_SHORT;
583 } else
584 ptr[1] = EIR_NAME_COMPLETE;
585
586 ptr[0] = name_len + 1;
587
588 memcpy(ptr + 2, hdev->dev_name, name_len);
589
590 ad_len += (name_len + 2);
591 ptr += (name_len + 2);
592 }
593
594 return ad_len;
595}
596
597static void update_ad(struct hci_request *req)
598{
599 struct hci_dev *hdev = req->hdev;
600 struct hci_cp_le_set_adv_data cp;
601 u8 len;
602
603 if (!lmp_le_capable(hdev))
604 return;
605
606 memset(&cp, 0, sizeof(cp));
607
608 len = create_ad(hdev, cp.data);
609
610 if (hdev->adv_data_len == len &&
611 memcmp(cp.data, hdev->adv_data, len) == 0)
612 return;
613
614 memcpy(hdev->adv_data, cp.data, sizeof(cp.data));
615 hdev->adv_data_len = len;
616
617 cp.length = len;
618
619 hci_req_add(req, HCI_OP_LE_SET_ADV_DATA, sizeof(cp), &cp);
620}
621
ef580372
JH		 622static void create_eir(struct hci_dev *hdev, u8 *data)
623{
624 u8 *ptr = data;
ef580372
JH		 625 size_t name_len;
626
627 name_len = strlen(hdev->dev_name);
628
629 if (name_len > 0) {
630 /* EIR Data type */
631 if (name_len > 48) {
632 name_len = 48;
633 ptr[1] = EIR_NAME_SHORT;
634 } else
635 ptr[1] = EIR_NAME_COMPLETE;
636
637 /* EIR Data length */
638 ptr[0] = name_len + 1;
639
640 memcpy(ptr + 2, hdev->dev_name, name_len);
641
ef580372
JH		 642 ptr += (name_len + 2);
643 }
644
bbaf444a 645 if (hdev->inq_tx_power != HCI_TX_POWER_INVALID) {
91c4e9b1
MH		 646 ptr[0] = 2;
647 ptr[1] = EIR_TX_POWER;
648 ptr[2] = (u8) hdev->inq_tx_power;
649
91c4e9b1
MH		 650 ptr += 3;
651 }
652
2b9be137
MH		 653 if (hdev->devid_source > 0) {
654 ptr[0] = 9;
655 ptr[1] = EIR_DEVICE_ID;
656
657 put_unaligned_le16(hdev->devid_source, ptr + 2);
658 put_unaligned_le16(hdev->devid_vendor, ptr + 4);
659 put_unaligned_le16(hdev->devid_product, ptr + 6);
660 put_unaligned_le16(hdev->devid_version, ptr + 8);
661
2b9be137
MH		 662 ptr += 10;
663 }
664
213202ed 665 ptr = create_uuid16_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
cdf1963f 666 ptr = create_uuid32_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
c00d575b 667 ptr = create_uuid128_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
ef580372
JH		 668}
669
890ea898 670static void update_eir(struct hci_request *req)
ef580372 671{
890ea898 672 struct hci_dev *hdev = req->hdev;
ef580372
JH		 673 struct hci_cp_write_eir cp;
674
504c8dcd 675 if (!hdev_is_powered(hdev))
890ea898 676 return;
7770c4aa 677
976eb20e 678 if (!lmp_ext_inq_capable(hdev))
890ea898 679 return;
ef580372 680
84bde9d6 681 if (!test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
890ea898 682 return;
ef580372 683
a8b2d5c2 684 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
890ea898 685 return;
ef580372
JH		 686
687 memset(&cp, 0, sizeof(cp));
688
689 create_eir(hdev, cp.data);
690
691 if (memcmp(cp.data, hdev->eir, sizeof(cp.data)) == 0)
890ea898 692 return;
ef580372
JH		 693
694 memcpy(hdev->eir, cp.data, sizeof(cp.data));
695
890ea898 696 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
ef580372
JH		 697}
698
699static u8 get_service_classes(struct hci_dev *hdev)
700{
701 struct bt_uuid *uuid;
702 u8 val = 0;
703
704 list_for_each_entry(uuid, &hdev->uuids, list)
705 val |= uuid->svc_hint;
706
707 return val;
708}
709
890ea898 710static void update_class(struct hci_request *req)
ef580372 711{
890ea898 712 struct hci_dev *hdev = req->hdev;
ef580372
JH		 713 u8 cod[3];
714
715 BT_DBG("%s", hdev->name);
716
504c8dcd 717 if (!hdev_is_powered(hdev))
890ea898 718 return;
7770c4aa 719
a8b2d5c2 720 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
890ea898 721 return;
ef580372
JH		 722
723 cod[0] = hdev->minor_class;
724 cod[1] = hdev->major_class;
725 cod[2] = get_service_classes(hdev);
726
6acd7db4
MH		 727 if (test_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags))
728 cod[1] |= 0x20;
729
ef580372 730 if (memcmp(cod, hdev->dev_class, 3) == 0)
890ea898 731 return;
ef580372 732
890ea898 733 hci_req_add(req, HCI_OP_WRITE_CLASS_OF_DEV, sizeof(cod), cod);
ef580372
JH		 734}
735
7d78525d
JH		 736static void service_cache_off(struct work_struct *work)
737{
738 struct hci_dev *hdev = container_of(work, struct hci_dev,
04124681 739 service_cache.work);
890ea898 740 struct hci_request req;
7d78525d 741
a8b2d5c2 742 if (!test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
7d78525d
JH		 743 return;
744
890ea898
JH		 745 hci_req_init(&req, hdev);
746
7d78525d
JH		 747 hci_dev_lock(hdev);
748
890ea898
JH		 749 update_eir(&req);
750 update_class(&req);
7d78525d
JH		 751
752 hci_dev_unlock(hdev);
890ea898
JH		 753
754 hci_req_run(&req, NULL);
7d78525d
JH		 755}
756
6a919082 757static void mgmt_init_hdev(struct sock *sk, struct hci_dev *hdev)
7d78525d 758{
4f87da80 759 if (test_and_set_bit(HCI_MGMT, &hdev->dev_flags))
6a919082
JH		 760 return;
761
4f87da80 762 INIT_DELAYED_WORK(&hdev->service_cache, service_cache_off);
7d78525d 763
4f87da80
JH		 764 /* Non-mgmt controlled devices get this bit set
765 * implicitly so that pairing works for them, however
766 * for mgmt we require user-space to explicitly enable
767 * it
768 */
769 clear_bit(HCI_PAIRABLE, &hdev->dev_flags);
7d78525d
JH		 770}
771
0f4e68cf 772static int read_controller_info(struct sock *sk, struct hci_dev *hdev,
04124681 773 void *data, u16 data_len)
0381101f 774{
a38528f1 775 struct mgmt_rp_read_info rp;
f7b64e69 776
bdb6d971 777 BT_DBG("sock %p %s", sk, hdev->name);
f7b64e69 778
09fd0de5 779 hci_dev_lock(hdev);
f7b64e69 780
dc4fe30b
JH		 781 memset(&rp, 0, sizeof(rp));
782
69ab39ea 783 bacpy(&rp.bdaddr, &hdev->bdaddr);
f7b64e69 784
69ab39ea 785 rp.version = hdev->hci_ver;
eb55ef07 786 rp.manufacturer = cpu_to_le16(hdev->manufacturer);
69ab39ea
JH		 787
788 rp.supported_settings = cpu_to_le32(get_supported_settings(hdev));
789 rp.current_settings = cpu_to_le32(get_current_settings(hdev));
f7b64e69 790
a38528f1 791 memcpy(rp.dev_class, hdev->dev_class, 3);
f7b64e69 792
dc4fe30b 793 memcpy(rp.name, hdev->dev_name, sizeof(hdev->dev_name));
27fcc362 794 memcpy(rp.short_name, hdev->short_name, sizeof(hdev->short_name));
dc4fe30b 795
09fd0de5 796 hci_dev_unlock(hdev);
0381101f 797
bdb6d971 798 return cmd_complete(sk, hdev->id, MGMT_OP_READ_INFO, 0, &rp,
04124681 799 sizeof(rp));
0381101f
JH		 800}
801
eec8d2bc
JH		 802static void mgmt_pending_free(struct pending_cmd *cmd)
803{
804 sock_put(cmd->sk);
c68fb7ff 805 kfree(cmd->param);
eec8d2bc
JH		 806 kfree(cmd);
807}
808
366a0336 809static struct pending_cmd *mgmt_pending_add(struct sock *sk, u16 opcode,
04124681
GP		 810 struct hci_dev *hdev, void *data,
811 u16 len)
eec8d2bc
JH		 812{
813 struct pending_cmd *cmd;
814
12b94565 815 cmd = kmalloc(sizeof(*cmd), GFP_KERNEL);
eec8d2bc 816 if (!cmd)
366a0336 817 return NULL;
eec8d2bc
JH		 818
819 cmd->opcode = opcode;
2e58ef3e 820 cmd->index = hdev->id;
eec8d2bc 821
12b94565 822 cmd->param = kmalloc(len, GFP_KERNEL);
c68fb7ff 823 if (!cmd->param) {
eec8d2bc 824 kfree(cmd);
366a0336 825 return NULL;
eec8d2bc
JH		 826 }
827
8fce6357
SJ		 828 if (data)
829 memcpy(cmd->param, data, len);
eec8d2bc
JH		 830
831 cmd->sk = sk;
832 sock_hold(sk);
833
2e58ef3e 834 list_add(&cmd->list, &hdev->mgmt_pending);
eec8d2bc 835
366a0336 836 return cmd;
eec8d2bc
JH		 837}
838
744cf19e 839static void mgmt_pending_foreach(u16 opcode, struct hci_dev *hdev,
8fc9ced3
GP		 840 void (*cb)(struct pending_cmd *cmd,
841 void *data),
04124681 842 void *data)
eec8d2bc 843{
a3d09356 844 struct pending_cmd *cmd, *tmp;
eec8d2bc 845
a3d09356 846 list_for_each_entry_safe(cmd, tmp, &hdev->mgmt_pending, list) {
b24752fe 847 if (opcode > 0 && cmd->opcode != opcode)
eec8d2bc
JH		 848 continue;
849
eec8d2bc
JH		 850 cb(cmd, data);
851 }
852}
853
2e58ef3e 854static struct pending_cmd *mgmt_pending_find(u16 opcode, struct hci_dev *hdev)
eec8d2bc 855{
8035ded4 856 struct pending_cmd *cmd;
eec8d2bc 857
2e58ef3e 858 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
2aeabcbe
JH		 859 if (cmd->opcode == opcode)
860 return cmd;
eec8d2bc
JH		 861 }
862
863 return NULL;
864}
865
a664b5bc 866static void mgmt_pending_remove(struct pending_cmd *cmd)
73f22f62 867{
73f22f62
JH		 868 list_del(&cmd->list);
869 mgmt_pending_free(cmd);
870}
871
69ab39ea 872static int send_settings_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
8680570b 873{
69ab39ea 874 __le32 settings = cpu_to_le32(get_current_settings(hdev));
8680570b 875
aee9b218 876 return cmd_complete(sk, hdev->id, opcode, 0, &settings,
04124681 877 sizeof(settings));
8680570b
JH		 878}
879
bdb6d971 880static int set_powered(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 881 u16 len)
eec8d2bc 882{
650f726d 883 struct mgmt_mode *cp = data;
366a0336 884 struct pending_cmd *cmd;
4b34ee78 885 int err;
eec8d2bc 886
bdb6d971 887 BT_DBG("request for %s", hdev->name);
eec8d2bc 888
a7e80f25
JH		 889 if (cp->val != 0x00 && cp->val != 0x01)
890 return cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
891 MGMT_STATUS_INVALID_PARAMS);
892
09fd0de5 893 hci_dev_lock(hdev);
eec8d2bc 894
87b95ba6
JH		 895 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev)) {
896 err = cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
897 MGMT_STATUS_BUSY);
898 goto failed;
899 }
900
f0d4b78a
MH		 901 if (test_and_clear_bit(HCI_AUTO_OFF, &hdev->dev_flags)) {
902 cancel_delayed_work(&hdev->power_off);
903
904 if (cp->val) {
a1d70450
JH		 905 mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev,
906 data, len);
907 err = mgmt_powered(hdev, 1);
f0d4b78a
MH		 908 goto failed;
909 }
910 }
911
4b34ee78 912 if (!!cp->val == hdev_is_powered(hdev)) {
69ab39ea 913 err = send_settings_rsp(sk, MGMT_OP_SET_POWERED, hdev);
eec8d2bc
JH		 914 goto failed;
915 }
916
2e58ef3e 917 cmd = mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev, data, len);
366a0336
JH		 918 if (!cmd) {
919 err = -ENOMEM;
eec8d2bc 920 goto failed;
366a0336 921 }
eec8d2bc 922
72a734ec 923 if (cp->val)
19202573 924 queue_work(hdev->req_workqueue, &hdev->power_on);
eec8d2bc 925 else
19202573 926 queue_work(hdev->req_workqueue, &hdev->power_off.work);
eec8d2bc 927
366a0336 928 err = 0;
eec8d2bc
JH		 929
930failed:
09fd0de5 931 hci_dev_unlock(hdev);
366a0336 932 return err;
eec8d2bc
JH		 933}
934
04124681
GP		 935static int mgmt_event(u16 event, struct hci_dev *hdev, void *data, u16 data_len,
936 struct sock *skip_sk)
beadb2bd
JH		 937{
938 struct sk_buff *skb;
939 struct mgmt_hdr *hdr;
940
790eff44 941 skb = alloc_skb(sizeof(*hdr) + data_len, GFP_KERNEL);
beadb2bd
JH		 942 if (!skb)
943 return -ENOMEM;
944
945 hdr = (void *) skb_put(skb, sizeof(*hdr));
946 hdr->opcode = cpu_to_le16(event);
947 if (hdev)
948 hdr->index = cpu_to_le16(hdev->id);
949 else
612dfce9 950 hdr->index = __constant_cpu_to_le16(MGMT_INDEX_NONE);
beadb2bd
JH		 951 hdr->len = cpu_to_le16(data_len);
952
953 if (data)
954 memcpy(skb_put(skb, data_len), data, data_len);
955
97e0bdeb
MH		 956 /* Time stamp */
957 __net_timestamp(skb);
958
beadb2bd
JH		 959 hci_send_to_control(skb, skip_sk);
960 kfree_skb(skb);
961
962 return 0;
963}
964
965static int new_settings(struct hci_dev *hdev, struct sock *skip)
966{
967 __le32 ev;
968
969 ev = cpu_to_le32(get_current_settings(hdev));
970
971 return mgmt_event(MGMT_EV_NEW_SETTINGS, hdev, &ev, sizeof(ev), skip);
972}
973
bd99abdd
JH		 974struct cmd_lookup {
975 struct sock *sk;
976 struct hci_dev *hdev;
977 u8 mgmt_status;
978};
979
980static void settings_rsp(struct pending_cmd *cmd, void *data)
981{
982 struct cmd_lookup *match = data;
983
984 send_settings_rsp(cmd->sk, cmd->opcode, match->hdev);
985
986 list_del(&cmd->list);
987
988 if (match->sk == NULL) {
989 match->sk = cmd->sk;
990 sock_hold(match->sk);
991 }
992
993 mgmt_pending_free(cmd);
994}
995
996static void cmd_status_rsp(struct pending_cmd *cmd, void *data)
997{
998 u8 *status = data;
999
1000 cmd_status(cmd->sk, cmd->index, cmd->opcode, *status);
1001 mgmt_pending_remove(cmd);
1002}
1003
e6fe7986
JH		 1004static u8 mgmt_bredr_support(struct hci_dev *hdev)
1005{
1006 if (!lmp_bredr_capable(hdev))
1007 return MGMT_STATUS_NOT_SUPPORTED;
1008 else if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
1009 return MGMT_STATUS_REJECTED;
1010 else
1011 return MGMT_STATUS_SUCCESS;
1012}
1013
1014static u8 mgmt_le_support(struct hci_dev *hdev)
1015{
1016 if (!lmp_le_capable(hdev))
1017 return MGMT_STATUS_NOT_SUPPORTED;
1018 else if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
1019 return MGMT_STATUS_REJECTED;
1020 else
1021 return MGMT_STATUS_SUCCESS;
1022}
1023
bfaf8c9f
JH		 1024static void set_discoverable_complete(struct hci_dev *hdev, u8 status)
1025{
1026 struct pending_cmd *cmd;
1027 struct mgmt_mode *cp;
970ba524 1028 struct hci_request req;
bfaf8c9f
JH		 1029 bool changed;
1030
1031 BT_DBG("status 0x%02x", status);
1032
1033 hci_dev_lock(hdev);
1034
1035 cmd = mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev);
1036 if (!cmd)
1037 goto unlock;
1038
1039 if (status) {
1040 u8 mgmt_err = mgmt_status(status);
1041 cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
1042 goto remove_cmd;
1043 }
1044
1045 cp = cmd->param;
d4462a07 1046 if (cp->val) {
bfaf8c9f
JH		 1047 changed = !test_and_set_bit(HCI_DISCOVERABLE,
1048 &hdev->dev_flags);
d4462a07
MH		 1049
1050 if (hdev->discov_timeout > 0) {
1051 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
1052 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
1053 to);
1054 }
1055 } else {
bfaf8c9f
JH		 1056 changed = test_and_clear_bit(HCI_DISCOVERABLE,
1057 &hdev->dev_flags);
d4462a07 1058 }
bfaf8c9f
JH		 1059
1060 send_settings_rsp(cmd->sk, MGMT_OP_SET_DISCOVERABLE, hdev);
1061
1062 if (changed)
1063 new_settings(hdev, cmd->sk);
1064
970ba524
MH		 1065 /* When the discoverable mode gets changed, make sure
1066 * that class of device has the limited discoverable
1067 * bit correctly set.
1068 */
1069 hci_req_init(&req, hdev);
1070 update_class(&req);
1071 hci_req_run(&req, NULL);
1072
bfaf8c9f
JH		 1073remove_cmd:
1074 mgmt_pending_remove(cmd);
1075
1076unlock:
1077 hci_dev_unlock(hdev);
1078}
1079
bdb6d971 1080static int set_discoverable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1081 u16 len)
73f22f62 1082{
650f726d 1083 struct mgmt_cp_set_discoverable *cp = data;
366a0336 1084 struct pending_cmd *cmd;
bfaf8c9f 1085 struct hci_request req;
5e5282bb 1086 u16 timeout;
e6fe7986 1087 u8 scan, status;
73f22f62
JH		 1088 int err;
1089
bdb6d971 1090 BT_DBG("request for %s", hdev->name);
73f22f62 1091
e6fe7986
JH		 1092 status = mgmt_bredr_support(hdev);
1093 if (status)
33c525c0 1094 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
e6fe7986 1095 status);
33c525c0 1096
a7e80f25
JH		 1097 if (cp->val != 0x00 && cp->val != 0x01)
1098 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1099 MGMT_STATUS_INVALID_PARAMS);
1100
1f350c87 1101 timeout = __le16_to_cpu(cp->timeout);
24c54a90 1102 if (!cp->val && timeout > 0)
bdb6d971 1103 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 1104 MGMT_STATUS_INVALID_PARAMS);
73f22f62 1105
09fd0de5 1106 hci_dev_lock(hdev);
73f22f62 1107
5e5282bb 1108 if (!hdev_is_powered(hdev) && timeout > 0) {
bdb6d971 1109 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 1110 MGMT_STATUS_NOT_POWERED);
73f22f62
JH		 1111 goto failed;
1112 }
1113
2e58ef3e 1114 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
8ce8e2b5 1115 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
bdb6d971 1116 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 1117 MGMT_STATUS_BUSY);
73f22f62
JH		 1118 goto failed;
1119 }
1120
5e5282bb 1121 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags)) {
bdb6d971 1122 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 1123 MGMT_STATUS_REJECTED);
5e5282bb
JH		 1124 goto failed;
1125 }
1126
1127 if (!hdev_is_powered(hdev)) {
0224d2fa
JH		 1128 bool changed = false;
1129
1130 if (!!cp->val != test_bit(HCI_DISCOVERABLE, &hdev->dev_flags)) {
1131 change_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
1132 changed = true;
1133 }
1134
5e5282bb 1135 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
0224d2fa
JH		 1136 if (err < 0)
1137 goto failed;
1138
1139 if (changed)
1140 err = new_settings(hdev, sk);
1141
5e5282bb
JH		 1142 goto failed;
1143 }
1144
1145 if (!!cp->val == test_bit(HCI_DISCOVERABLE, &hdev->dev_flags)) {
36261547
MH		 1146 cancel_delayed_work(&hdev->discov_off);
1147 hdev->discov_timeout = timeout;
955638ec 1148
36261547
MH		 1149 if (cp->val && hdev->discov_timeout > 0) {
1150 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
955638ec 1151 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
36261547 1152 to);
955638ec
MH		 1153 }
1154
69ab39ea 1155 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
73f22f62
JH		 1156 goto failed;
1157 }
1158
2e58ef3e 1159 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DISCOVERABLE, hdev, data, len);
366a0336
JH		 1160 if (!cmd) {
1161 err = -ENOMEM;
73f22f62 1162 goto failed;
366a0336 1163 }
73f22f62 1164
bfaf8c9f
JH		 1165 hci_req_init(&req, hdev);
1166
73f22f62
JH		 1167 scan = SCAN_PAGE;
1168
72a734ec 1169 if (cp->val)
73f22f62 1170 scan |= SCAN_INQUIRY;
16ab91ab 1171 else
e0f9309f 1172 cancel_delayed_work(&hdev->discov_off);
73f22f62 1173
bfaf8c9f
JH		 1174 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1175
1176 err = hci_req_run(&req, set_discoverable_complete);
73f22f62 1177 if (err < 0)
a664b5bc 1178 mgmt_pending_remove(cmd);
73f22f62 1179
16ab91ab 1180 if (cp->val)
5e5282bb 1181 hdev->discov_timeout = timeout;
16ab91ab 1182
73f22f62 1183failed:
09fd0de5 1184 hci_dev_unlock(hdev);
73f22f62
JH		 1185 return err;
1186}
1187
406d7804
JH		 1188static void write_fast_connectable(struct hci_request *req, bool enable)
1189{
bd98b996 1190 struct hci_dev *hdev = req->hdev;
406d7804
JH		 1191 struct hci_cp_write_page_scan_activity acp;
1192 u8 type;
1193
4c01f8b8
JH		 1194 if (hdev->hci_ver < BLUETOOTH_VER_1_2)
1195 return;
1196
406d7804
JH		 1197 if (enable) {
1198 type = PAGE_SCAN_TYPE_INTERLACED;
1199
1200 /* 160 msec page scan interval */
1201 acp.interval = __constant_cpu_to_le16(0x0100);
1202 } else {
1203 type = PAGE_SCAN_TYPE_STANDARD; /* default */
1204
1205 /* default 1.28 sec page scan */
1206 acp.interval = __constant_cpu_to_le16(0x0800);
1207 }
1208
1209 acp.window = __constant_cpu_to_le16(0x0012);
1210
bd98b996
JH		 1211 if (__cpu_to_le16(hdev->page_scan_interval) != acp.interval ||
1212 __cpu_to_le16(hdev->page_scan_window) != acp.window)
1213 hci_req_add(req, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY,
1214 sizeof(acp), &acp);
1215
1216 if (hdev->page_scan_type != type)
1217 hci_req_add(req, HCI_OP_WRITE_PAGE_SCAN_TYPE, 1, &type);
406d7804
JH		 1218}
1219
1987fdc7
JH		 1220static u8 get_adv_type(struct hci_dev *hdev)
1221{
1222 struct pending_cmd *cmd;
1223 bool connectable;
1224
1225 /* If there's a pending mgmt command the flag will not yet have
1226 * it's final value, so check for this first.
1227 */
1228 cmd = mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
1229 if (cmd) {
1230 struct mgmt_mode *cp = cmd->param;
1231 connectable = !!cp->val;
1232 } else {
1233 connectable = test_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1234 }
1235
1236 return connectable ? LE_ADV_IND : LE_ADV_NONCONN_IND;
1237}
1238
95c66e75
JH		 1239static void enable_advertising(struct hci_request *req)
1240{
1241 struct hci_dev *hdev = req->hdev;
1242 struct hci_cp_le_set_adv_param cp;
1243 u8 enable = 0x01;
1244
1245 memset(&cp, 0, sizeof(cp));
1246 cp.min_interval = __constant_cpu_to_le16(0x0800);
1247 cp.max_interval = __constant_cpu_to_le16(0x0800);
1987fdc7 1248 cp.type = get_adv_type(hdev);
95c66e75
JH		 1249 if (bacmp(&hdev->bdaddr, BDADDR_ANY))
1250 cp.own_address_type = ADDR_LE_DEV_PUBLIC;
1251 else
1252 cp.own_address_type = ADDR_LE_DEV_RANDOM;
1253 cp.channel_map = 0x07;
1254
1255 hci_req_add(req, HCI_OP_LE_SET_ADV_PARAM, sizeof(cp), &cp);
1256
1257 hci_req_add(req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable), &enable);
1258}
1259
1260static void disable_advertising(struct hci_request *req)
1261{
1262 u8 enable = 0x00;
1263
1264 hci_req_add(req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable), &enable);
1265}
1266
2b76f453
JH		 1267static void set_connectable_complete(struct hci_dev *hdev, u8 status)
1268{
1269 struct pending_cmd *cmd;
d7b856f9
JH		 1270 struct mgmt_mode *cp;
1271 bool changed;
2b76f453
JH		 1272
1273 BT_DBG("status 0x%02x", status);
1274
1275 hci_dev_lock(hdev);
1276
1277 cmd = mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
1278 if (!cmd)
1279 goto unlock;
1280
37438c1f
JH		 1281 if (status) {
1282 u8 mgmt_err = mgmt_status(status);
1283 cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
1284 goto remove_cmd;
1285 }
1286
d7b856f9
JH		 1287 cp = cmd->param;
1288 if (cp->val)
1289 changed = !test_and_set_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1290 else
1291 changed = test_and_clear_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1292
2b76f453
JH		 1293 send_settings_rsp(cmd->sk, MGMT_OP_SET_CONNECTABLE, hdev);
1294
d7b856f9
JH		 1295 if (changed)
1296 new_settings(hdev, cmd->sk);
1297
37438c1f 1298remove_cmd:
2b76f453
JH		 1299 mgmt_pending_remove(cmd);
1300
1301unlock:
1302 hci_dev_unlock(hdev);
1303}
1304
bdb6d971 1305static int set_connectable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1306 u16 len)
9fbcbb45 1307{
650f726d 1308 struct mgmt_mode *cp = data;
366a0336 1309 struct pending_cmd *cmd;
2b76f453 1310 struct hci_request req;
1987fdc7 1311 u8 scan;
9fbcbb45
JH		 1312 int err;
1313
bdb6d971 1314 BT_DBG("request for %s", hdev->name);
9fbcbb45 1315
1987fdc7
JH		 1316 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags) &&
1317 !test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
33c525c0 1318 return cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1987fdc7 1319 MGMT_STATUS_REJECTED);
33c525c0 1320
a7e80f25
JH		 1321 if (cp->val != 0x00 && cp->val != 0x01)
1322 return cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1323 MGMT_STATUS_INVALID_PARAMS);
1324
09fd0de5 1325 hci_dev_lock(hdev);
9fbcbb45 1326
4b34ee78 1327 if (!hdev_is_powered(hdev)) {
0224d2fa
JH		 1328 bool changed = false;
1329
1330 if (!!cp->val != test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
1331 changed = true;
1332
6bf0e469 1333 if (cp->val) {
5e5282bb 1334 set_bit(HCI_CONNECTABLE, &hdev->dev_flags);
6bf0e469 1335 } else {
5e5282bb
JH		 1336 clear_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1337 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
1338 }
0224d2fa 1339
5e5282bb 1340 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
0224d2fa
JH		 1341 if (err < 0)
1342 goto failed;
1343
1344 if (changed)
1345 err = new_settings(hdev, sk);
1346
9fbcbb45
JH		 1347 goto failed;
1348 }
1349
2e58ef3e 1350 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
8ce8e2b5 1351 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
bdb6d971 1352 err = cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
04124681 1353 MGMT_STATUS_BUSY);
9fbcbb45
JH		 1354 goto failed;
1355 }
1356
2e58ef3e 1357 cmd = mgmt_pending_add(sk, MGMT_OP_SET_CONNECTABLE, hdev, data, len);
366a0336
JH		 1358 if (!cmd) {
1359 err = -ENOMEM;
9fbcbb45 1360 goto failed;
366a0336 1361 }
9fbcbb45 1362
9b74246f 1363 hci_req_init(&req, hdev);
9fbcbb45 1364
9b74246f
JH		 1365 if (test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags) &&
1366 cp->val != test_bit(HCI_PSCAN, &hdev->flags)) {
9b74246f
JH		 1367 if (cp->val) {
1368 scan = SCAN_PAGE;
1369 } else {
1370 scan = 0;
1371
1372 if (test_bit(HCI_ISCAN, &hdev->flags) &&
8d6083fe 1373 hdev->discov_timeout > 0)
9b74246f
JH		 1374 cancel_delayed_work(&hdev->discov_off);
1375 }
2b76f453 1376
9b74246f
JH		 1377 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1378 }
2b76f453 1379
4c01f8b8
JH		 1380 /* If we're going from non-connectable to connectable or
1381 * vice-versa when fast connectable is enabled ensure that fast
1382 * connectable gets disabled. write_fast_connectable won't do
1383 * anything if the page scan parameters are already what they
1384 * should be.
1385 */
1386 if (cp->val || test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags))
e36a3769
JH		 1387 write_fast_connectable(&req, false);
1388
1987fdc7
JH		 1389 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags) &&
1390 hci_conn_num(hdev, LE_LINK) == 0) {
1391 disable_advertising(&req);
1392 enable_advertising(&req);
1393 }
1394
2b76f453 1395 err = hci_req_run(&req, set_connectable_complete);
9b74246f 1396 if (err < 0) {
a664b5bc 1397 mgmt_pending_remove(cmd);
9b74246f
JH		 1398 if (err == -ENODATA)
1399 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE,
1400 hdev);
1401 goto failed;
1402 }
9fbcbb45
JH		 1403
1404failed:
09fd0de5 1405 hci_dev_unlock(hdev);
9fbcbb45
JH		 1406 return err;
1407}
1408
bdb6d971 1409static int set_pairable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1410 u16 len)
c542a06c 1411{
650f726d 1412 struct mgmt_mode *cp = data;
55594356 1413 bool changed;
c542a06c
JH		 1414 int err;
1415
bdb6d971 1416 BT_DBG("request for %s", hdev->name);
c542a06c 1417
a7e80f25
JH		 1418 if (cp->val != 0x00 && cp->val != 0x01)
1419 return cmd_status(sk, hdev->id, MGMT_OP_SET_PAIRABLE,
1420 MGMT_STATUS_INVALID_PARAMS);
1421
09fd0de5 1422 hci_dev_lock(hdev);
c542a06c
JH		 1423
1424 if (cp->val)
55594356 1425 changed = !test_and_set_bit(HCI_PAIRABLE, &hdev->dev_flags);
c542a06c 1426 else
55594356 1427 changed = test_and_clear_bit(HCI_PAIRABLE, &hdev->dev_flags);
c542a06c 1428
69ab39ea 1429 err = send_settings_rsp(sk, MGMT_OP_SET_PAIRABLE, hdev);
c542a06c 1430 if (err < 0)
55594356 1431 goto unlock;
c542a06c 1432
55594356
MH		 1433 if (changed)
1434 err = new_settings(hdev, sk);
c542a06c 1435
55594356 1436unlock:
09fd0de5 1437 hci_dev_unlock(hdev);
c542a06c
JH		 1438 return err;
1439}
1440
04124681
GP		 1441static int set_link_security(struct sock *sk, struct hci_dev *hdev, void *data,
1442 u16 len)
33ef95ed
JH		 1443{
1444 struct mgmt_mode *cp = data;
1445 struct pending_cmd *cmd;
e6fe7986 1446 u8 val, status;
33ef95ed
JH		 1447 int err;
1448
bdb6d971 1449 BT_DBG("request for %s", hdev->name);
33ef95ed 1450
e6fe7986
JH		 1451 status = mgmt_bredr_support(hdev);
1452 if (status)
33c525c0 1453 return cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
e6fe7986 1454 status);
33c525c0 1455
a7e80f25
JH		 1456 if (cp->val != 0x00 && cp->val != 0x01)
1457 return cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1458 MGMT_STATUS_INVALID_PARAMS);
1459
33ef95ed
JH		 1460 hci_dev_lock(hdev);
1461
4b34ee78 1462 if (!hdev_is_powered(hdev)) {
47990ea0
JH		 1463 bool changed = false;
1464
1465 if (!!cp->val != test_bit(HCI_LINK_SECURITY,
8ce8e2b5 1466 &hdev->dev_flags)) {
47990ea0
JH		 1467 change_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
1468 changed = true;
1469 }
1470
1471 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1472 if (err < 0)
1473 goto failed;
1474
1475 if (changed)
1476 err = new_settings(hdev, sk);
1477
33ef95ed
JH		 1478 goto failed;
1479 }
1480
1481 if (mgmt_pending_find(MGMT_OP_SET_LINK_SECURITY, hdev)) {
bdb6d971 1482 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
04124681 1483 MGMT_STATUS_BUSY);
33ef95ed
JH		 1484 goto failed;
1485 }
1486
1487 val = !!cp->val;
1488
1489 if (test_bit(HCI_AUTH, &hdev->flags) == val) {
1490 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1491 goto failed;
1492 }
1493
1494 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LINK_SECURITY, hdev, data, len);
1495 if (!cmd) {
1496 err = -ENOMEM;
1497 goto failed;
1498 }
1499
1500 err = hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE, sizeof(val), &val);
1501 if (err < 0) {
1502 mgmt_pending_remove(cmd);
1503 goto failed;
1504 }
1505
1506failed:
1507 hci_dev_unlock(hdev);
33ef95ed
JH		 1508 return err;
1509}
1510
bdb6d971 1511static int set_ssp(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
ed2c4ee3
JH		 1512{
1513 struct mgmt_mode *cp = data;
1514 struct pending_cmd *cmd;
72ef0c1a 1515 u8 status;
ed2c4ee3
JH		 1516 int err;
1517
bdb6d971 1518 BT_DBG("request for %s", hdev->name);
ed2c4ee3 1519
cdba5281
MH		 1520 status = mgmt_bredr_support(hdev);
1521 if (status)
1522 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP, status);
1523
13ecd8b6
JH		 1524 if (!lmp_ssp_capable(hdev))
1525 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1526 MGMT_STATUS_NOT_SUPPORTED);
ed2c4ee3 1527
a7e80f25
JH		 1528 if (cp->val != 0x00 && cp->val != 0x01)
1529 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1530 MGMT_STATUS_INVALID_PARAMS);
1531
13ecd8b6 1532 hci_dev_lock(hdev);
6c8f12c1 1533
4b34ee78 1534 if (!hdev_is_powered(hdev)) {
9ecb3e24 1535 bool changed;
c0ecddc2 1536
9ecb3e24
MH		 1537 if (cp->val) {
1538 changed = !test_and_set_bit(HCI_SSP_ENABLED,
1539 &hdev->dev_flags);
1540 } else {
1541 changed = test_and_clear_bit(HCI_SSP_ENABLED,
1542 &hdev->dev_flags);
1543 if (!changed)
1544 changed = test_and_clear_bit(HCI_HS_ENABLED,
1545 &hdev->dev_flags);
1546 else
1547 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
c0ecddc2
JH		 1548 }
1549
1550 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1551 if (err < 0)
1552 goto failed;
1553
1554 if (changed)
1555 err = new_settings(hdev, sk);
1556
ed2c4ee3
JH		 1557 goto failed;
1558 }
1559
9ecb3e24
MH		 1560 if (mgmt_pending_find(MGMT_OP_SET_SSP, hdev) ||
1561 mgmt_pending_find(MGMT_OP_SET_HS, hdev)) {
d97dcb66
SJ		 1562 err = cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1563 MGMT_STATUS_BUSY);
ed2c4ee3
JH		 1564 goto failed;
1565 }
1566
72ef0c1a 1567 if (!!cp->val == test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) {
ed2c4ee3
JH		 1568 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1569 goto failed;
1570 }
1571
1572 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SSP, hdev, data, len);
1573 if (!cmd) {
1574 err = -ENOMEM;
1575 goto failed;
1576 }
1577
72ef0c1a 1578 err = hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, 1, &cp->val);
ed2c4ee3
JH		 1579 if (err < 0) {
1580 mgmt_pending_remove(cmd);
1581 goto failed;
1582 }
1583
1584failed:
1585 hci_dev_unlock(hdev);
ed2c4ee3
JH		 1586 return err;
1587}
1588
bdb6d971 1589static int set_hs(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
6d80dfd0
JH		 1590{
1591 struct mgmt_mode *cp = data;
ee392693 1592 bool changed;
e6fe7986 1593 u8 status;
ee392693 1594 int err;
6d80dfd0 1595
bdb6d971 1596 BT_DBG("request for %s", hdev->name);
6d80dfd0 1597
e6fe7986
JH		 1598 status = mgmt_bredr_support(hdev);
1599 if (status)
1600 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS, status);
6d80dfd0 1601
9ecb3e24
MH		 1602 if (!lmp_ssp_capable(hdev))
1603 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1604 MGMT_STATUS_NOT_SUPPORTED);
1605
1606 if (!test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
1607 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1608 MGMT_STATUS_REJECTED);
1609
a7e80f25
JH		 1610 if (cp->val != 0x00 && cp->val != 0x01)
1611 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1612 MGMT_STATUS_INVALID_PARAMS);
1613
ee392693
MH		 1614 hci_dev_lock(hdev);
1615
a0cdf960 1616 if (cp->val) {
ee392693 1617 changed = !test_and_set_bit(HCI_HS_ENABLED, &hdev->dev_flags);
a0cdf960
MH		 1618 } else {
1619 if (hdev_is_powered(hdev)) {
1620 err = cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1621 MGMT_STATUS_REJECTED);
1622 goto unlock;
1623 }
1624
ee392693 1625 changed = test_and_clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
a0cdf960 1626 }
ee392693
MH		 1627
1628 err = send_settings_rsp(sk, MGMT_OP_SET_HS, hdev);
1629 if (err < 0)
1630 goto unlock;
1631
1632 if (changed)
1633 err = new_settings(hdev, sk);
6d80dfd0 1634
ee392693
MH		 1635unlock:
1636 hci_dev_unlock(hdev);
1637 return err;
6d80dfd0
JH		 1638}
1639
416a4ae5
JH		 1640static void le_enable_complete(struct hci_dev *hdev, u8 status)
1641{
1642 struct cmd_lookup match = { NULL, hdev };
1643
1644 if (status) {
1645 u8 mgmt_err = mgmt_status(status);
1646
1647 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, cmd_status_rsp,
1648 &mgmt_err);
1649 return;
1650 }
1651
1652 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, settings_rsp, &match);
1653
1654 new_settings(hdev, match.sk);
1655
1656 if (match.sk)
1657 sock_put(match.sk);
441ad2d0
MH		 1658
1659 /* Make sure the controller has a good default for
1660 * advertising data. Restrict the update to when LE
1661 * has actually been enabled. During power on, the
1662 * update in powered_update_hci will take care of it.
1663 */
1664 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
1665 struct hci_request req;
1666
1667 hci_dev_lock(hdev);
1668
1669 hci_req_init(&req, hdev);
1670 update_ad(&req);
1671 hci_req_run(&req, NULL);
1672
1673 hci_dev_unlock(hdev);
1674 }
416a4ae5
JH		 1675}
1676
bdb6d971 1677static int set_le(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
06199cf8
JH		 1678{
1679 struct mgmt_mode *cp = data;
1680 struct hci_cp_write_le_host_supported hci_cp;
1681 struct pending_cmd *cmd;
416a4ae5 1682 struct hci_request req;
06199cf8 1683 int err;
0b60eba1 1684 u8 val, enabled;
06199cf8 1685
bdb6d971 1686 BT_DBG("request for %s", hdev->name);
06199cf8 1687
13ecd8b6
JH		 1688 if (!lmp_le_capable(hdev))
1689 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1690 MGMT_STATUS_NOT_SUPPORTED);
1de028ce 1691
a7e80f25
JH		 1692 if (cp->val != 0x00 && cp->val != 0x01)
1693 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1694 MGMT_STATUS_INVALID_PARAMS);
1695
c73eee91 1696 /* LE-only devices do not allow toggling LE on/off */
56f87901 1697 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
c73eee91
JH		 1698 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1699 MGMT_STATUS_REJECTED);
1700
13ecd8b6 1701 hci_dev_lock(hdev);
06199cf8
JH		 1702
1703 val = !!cp->val;
ffa88e02 1704 enabled = lmp_host_le_capable(hdev);
06199cf8 1705
0b60eba1 1706 if (!hdev_is_powered(hdev) || val == enabled) {
06199cf8
JH		 1707 bool changed = false;
1708
1709 if (val != test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
1710 change_bit(HCI_LE_ENABLED, &hdev->dev_flags);
1711 changed = true;
1712 }
1713
f3d3444a
JH		 1714 if (!val && test_bit(HCI_ADVERTISING, &hdev->dev_flags)) {
1715 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
eeca6f89
JH		 1716 changed = true;
1717 }
1718
06199cf8
JH		 1719 err = send_settings_rsp(sk, MGMT_OP_SET_LE, hdev);
1720 if (err < 0)
1de028ce 1721 goto unlock;
06199cf8
JH		 1722
1723 if (changed)
1724 err = new_settings(hdev, sk);
1725
1de028ce 1726 goto unlock;
06199cf8
JH		 1727 }
1728
4375f103
JH		 1729 if (mgmt_pending_find(MGMT_OP_SET_LE, hdev) ||
1730 mgmt_pending_find(MGMT_OP_SET_ADVERTISING, hdev)) {
bdb6d971 1731 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
04124681 1732 MGMT_STATUS_BUSY);
1de028ce 1733 goto unlock;
06199cf8
JH		 1734 }
1735
1736 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LE, hdev, data, len);
1737 if (!cmd) {
1738 err = -ENOMEM;
1de028ce 1739 goto unlock;
06199cf8
JH		 1740 }
1741
441ad2d0
MH		 1742 hci_req_init(&req, hdev);
1743
06199cf8
JH		 1744 memset(&hci_cp, 0, sizeof(hci_cp));
1745
1746 if (val) {
1747 hci_cp.le = val;
ffa88e02 1748 hci_cp.simul = lmp_le_br_capable(hdev);
441ad2d0
MH		 1749 } else {
1750 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags))
1751 disable_advertising(&req);
06199cf8
JH		 1752 }
1753
416a4ae5
JH		 1754 hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(hci_cp),
1755 &hci_cp);
1756
1757 err = hci_req_run(&req, le_enable_complete);
0c01bc48 1758 if (err < 0)
06199cf8 1759 mgmt_pending_remove(cmd);
06199cf8 1760
1de028ce
JH		 1761unlock:
1762 hci_dev_unlock(hdev);
06199cf8
JH		 1763 return err;
1764}
1765
0cab9c80
JH		 1766/* This is a helper function to test for pending mgmt commands that can
1767 * cause CoD or EIR HCI commands. We can only allow one such pending
1768 * mgmt command at a time since otherwise we cannot easily track what
1769 * the current values are, will be, and based on that calculate if a new
1770 * HCI command needs to be sent and if yes with what value.
1771 */
1772static bool pending_eir_or_class(struct hci_dev *hdev)
1773{
1774 struct pending_cmd *cmd;
1775
1776 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
1777 switch (cmd->opcode) {
1778 case MGMT_OP_ADD_UUID:
1779 case MGMT_OP_REMOVE_UUID:
1780 case MGMT_OP_SET_DEV_CLASS:
1781 case MGMT_OP_SET_POWERED:
1782 return true;
1783 }
1784 }
1785
1786 return false;
1787}
1788
83be8eca
JH		 1789static const u8 bluetooth_base_uuid[] = {
1790 0xfb, 0x34, 0x9b, 0x5f, 0x80, 0x00, 0x00, 0x80,
1791 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1792};
1793
1794static u8 get_uuid_size(const u8 *uuid)
1795{
1796 u32 val;
1797
1798 if (memcmp(uuid, bluetooth_base_uuid, 12))
1799 return 128;
1800
1801 val = get_unaligned_le32(&uuid[12]);
1802 if (val > 0xffff)
1803 return 32;
1804
1805 return 16;
1806}
1807
92da6097
JH		 1808static void mgmt_class_complete(struct hci_dev *hdev, u16 mgmt_op, u8 status)
1809{
1810 struct pending_cmd *cmd;
1811
1812 hci_dev_lock(hdev);
1813
1814 cmd = mgmt_pending_find(mgmt_op, hdev);
1815 if (!cmd)
1816 goto unlock;
1817
1818 cmd_complete(cmd->sk, cmd->index, cmd->opcode, mgmt_status(status),
1819 hdev->dev_class, 3);
1820
1821 mgmt_pending_remove(cmd);
1822
1823unlock:
1824 hci_dev_unlock(hdev);
1825}
1826
1827static void add_uuid_complete(struct hci_dev *hdev, u8 status)
1828{
1829 BT_DBG("status 0x%02x", status);
1830
1831 mgmt_class_complete(hdev, MGMT_OP_ADD_UUID, status);
1832}
1833
bdb6d971 1834static int add_uuid(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
2aeb9a1a 1835{
650f726d 1836 struct mgmt_cp_add_uuid *cp = data;
90e70454 1837 struct pending_cmd *cmd;
890ea898 1838 struct hci_request req;
2aeb9a1a 1839 struct bt_uuid *uuid;
2aeb9a1a
JH		 1840 int err;
1841
bdb6d971 1842 BT_DBG("request for %s", hdev->name);
2aeb9a1a 1843
09fd0de5 1844 hci_dev_lock(hdev);
2aeb9a1a 1845
0cab9c80 1846 if (pending_eir_or_class(hdev)) {
bdb6d971 1847 err = cmd_status(sk, hdev->id, MGMT_OP_ADD_UUID,
04124681 1848 MGMT_STATUS_BUSY);
c95f0ba7
JH		 1849 goto failed;
1850 }
1851
92c4c204 1852 uuid = kmalloc(sizeof(*uuid), GFP_KERNEL);
2aeb9a1a
JH		 1853 if (!uuid) {
1854 err = -ENOMEM;
1855 goto failed;
1856 }
1857
1858 memcpy(uuid->uuid, cp->uuid, 16);
1aff6f09 1859 uuid->svc_hint = cp->svc_hint;
83be8eca 1860 uuid->size = get_uuid_size(cp->uuid);
2aeb9a1a 1861
de66aa63 1862 list_add_tail(&uuid->list, &hdev->uuids);
2aeb9a1a 1863
890ea898 1864 hci_req_init(&req, hdev);
1aff6f09 1865
890ea898
JH		 1866 update_class(&req);
1867 update_eir(&req);
1868
92da6097
JH		 1869 err = hci_req_run(&req, add_uuid_complete);
1870 if (err < 0) {
1871 if (err != -ENODATA)
1872 goto failed;
80a1e1db 1873
bdb6d971 1874 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_UUID, 0,
04124681 1875 hdev->dev_class, 3);
90e70454
JH		 1876 goto failed;
1877 }
1878
1879 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_UUID, hdev, data, len);
890ea898 1880 if (!cmd) {
90e70454 1881 err = -ENOMEM;
890ea898
JH		 1882 goto failed;
1883 }
1884
1885 err = 0;
2aeb9a1a
JH		 1886
1887failed:
09fd0de5 1888 hci_dev_unlock(hdev);
2aeb9a1a
JH		 1889 return err;
1890}
1891
24b78d0f
JH		 1892static bool enable_service_cache(struct hci_dev *hdev)
1893{
1894 if (!hdev_is_powered(hdev))
1895 return false;
1896
1897 if (!test_and_set_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
46818ed5
JH		 1898 queue_delayed_work(hdev->workqueue, &hdev->service_cache,
1899 CACHE_TIMEOUT);
24b78d0f
JH		 1900 return true;
1901 }
1902
1903 return false;
1904}
1905
92da6097
JH		 1906static void remove_uuid_complete(struct hci_dev *hdev, u8 status)
1907{
1908 BT_DBG("status 0x%02x", status);
1909
1910 mgmt_class_complete(hdev, MGMT_OP_REMOVE_UUID, status);
1911}
1912
bdb6d971 1913static int remove_uuid(struct sock *sk, struct hci_dev *hdev, void *data,
8ce8e2b5 1914 u16 len)
2aeb9a1a 1915{
650f726d 1916 struct mgmt_cp_remove_uuid *cp = data;
90e70454 1917 struct pending_cmd *cmd;
056341c8 1918 struct bt_uuid *match, *tmp;
2aeb9a1a 1919 u8 bt_uuid_any[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
890ea898 1920 struct hci_request req;
2aeb9a1a
JH		 1921 int err, found;
1922
bdb6d971 1923 BT_DBG("request for %s", hdev->name);
2aeb9a1a 1924
09fd0de5 1925 hci_dev_lock(hdev);
2aeb9a1a 1926
0cab9c80 1927 if (pending_eir_or_class(hdev)) {
bdb6d971 1928 err = cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
04124681 1929 MGMT_STATUS_BUSY);
c95f0ba7
JH		 1930 goto unlock;
1931 }
1932
2aeb9a1a
JH		 1933 if (memcmp(cp->uuid, bt_uuid_any, 16) == 0) {
1934 err = hci_uuids_clear(hdev);
4004b6d9 1935
24b78d0f 1936 if (enable_service_cache(hdev)) {
bdb6d971 1937 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID,
04124681 1938 0, hdev->dev_class, 3);
24b78d0f
JH		 1939 goto unlock;
1940 }
4004b6d9 1941
9246a869 1942 goto update_class;
2aeb9a1a
JH		 1943 }
1944
1945 found = 0;
1946
056341c8 1947 list_for_each_entry_safe(match, tmp, &hdev->uuids, list) {
2aeb9a1a
JH		 1948 if (memcmp(match->uuid, cp->uuid, 16) != 0)
1949 continue;
1950
1951 list_del(&match->list);
482049f7 1952 kfree(match);
2aeb9a1a
JH		 1953 found++;
1954 }
1955
1956 if (found == 0) {
bdb6d971 1957 err = cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
04124681 1958 MGMT_STATUS_INVALID_PARAMS);
2aeb9a1a
JH		 1959 goto unlock;
1960 }
1961
9246a869 1962update_class:
890ea898 1963 hci_req_init(&req, hdev);
1aff6f09 1964
890ea898
JH		 1965 update_class(&req);
1966 update_eir(&req);
1967
92da6097
JH		 1968 err = hci_req_run(&req, remove_uuid_complete);
1969 if (err < 0) {
1970 if (err != -ENODATA)
1971 goto unlock;
80a1e1db 1972
bdb6d971 1973 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID, 0,
04124681 1974 hdev->dev_class, 3);
90e70454
JH		 1975 goto unlock;
1976 }
1977
1978 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_UUID, hdev, data, len);
890ea898 1979 if (!cmd) {
90e70454 1980 err = -ENOMEM;
890ea898
JH		 1981 goto unlock;
1982 }
1983
1984 err = 0;
2aeb9a1a
JH		 1985
1986unlock:
09fd0de5 1987 hci_dev_unlock(hdev);
2aeb9a1a
JH		 1988 return err;
1989}
1990
92da6097
JH		 1991static void set_class_complete(struct hci_dev *hdev, u8 status)
1992{
1993 BT_DBG("status 0x%02x", status);
1994
1995 mgmt_class_complete(hdev, MGMT_OP_SET_DEV_CLASS, status);
1996}
1997
bdb6d971 1998static int set_dev_class(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1999 u16 len)
1aff6f09 2000{
650f726d 2001 struct mgmt_cp_set_dev_class *cp = data;
90e70454 2002 struct pending_cmd *cmd;
890ea898 2003 struct hci_request req;
1aff6f09
JH		 2004 int err;
2005
bdb6d971 2006 BT_DBG("request for %s", hdev->name);
1aff6f09 2007
6203fc98 2008 if (!lmp_bredr_capable(hdev))
13ecd8b6
JH		 2009 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2010 MGMT_STATUS_NOT_SUPPORTED);
1aff6f09 2011
0cab9c80 2012 hci_dev_lock(hdev);
ee98f473 2013
0cab9c80
JH		 2014 if (pending_eir_or_class(hdev)) {
2015 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2016 MGMT_STATUS_BUSY);
2017 goto unlock;
2018 }
c95f0ba7 2019
0cab9c80
JH		 2020 if ((cp->minor & 0x03) != 0 || (cp->major & 0xe0) != 0) {
2021 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2022 MGMT_STATUS_INVALID_PARAMS);
2023 goto unlock;
2024 }
575b3a02 2025
932f5ff5
JH		 2026 hdev->major_class = cp->major;
2027 hdev->minor_class = cp->minor;
2028
b5235a65 2029 if (!hdev_is_powered(hdev)) {
bdb6d971 2030 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
04124681 2031 hdev->dev_class, 3);
b5235a65
JH		 2032 goto unlock;
2033 }
2034
890ea898
JH		 2035 hci_req_init(&req, hdev);
2036
a8b2d5c2 2037 if (test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
7d78525d
JH		 2038 hci_dev_unlock(hdev);
2039 cancel_delayed_work_sync(&hdev->service_cache);
2040 hci_dev_lock(hdev);
890ea898 2041 update_eir(&req);
7d78525d 2042 }
14c0b608 2043
890ea898
JH		 2044 update_class(&req);
2045
92da6097
JH		 2046 err = hci_req_run(&req, set_class_complete);
2047 if (err < 0) {
2048 if (err != -ENODATA)
2049 goto unlock;
1aff6f09 2050
bdb6d971 2051 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
04124681 2052 hdev->dev_class, 3);
90e70454
JH		 2053 goto unlock;
2054 }
2055
2056 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DEV_CLASS, hdev, data, len);
890ea898 2057 if (!cmd) {
90e70454 2058 err = -ENOMEM;
890ea898
JH		 2059 goto unlock;
2060 }
2061
2062 err = 0;
1aff6f09 2063
b5235a65 2064unlock:
09fd0de5 2065 hci_dev_unlock(hdev);
1aff6f09
JH		 2066 return err;
2067}
2068
bdb6d971 2069static int load_link_keys(struct sock *sk, struct hci_dev *hdev, void *data,
8ce8e2b5 2070 u16 len)
55ed8ca1 2071{
650f726d 2072 struct mgmt_cp_load_link_keys *cp = data;
4e51eae9 2073 u16 key_count, expected_len;
a492cd52 2074 int i;
55ed8ca1 2075
9060d5cf
MH		 2076 BT_DBG("request for %s", hdev->name);
2077
2078 if (!lmp_bredr_capable(hdev))
2079 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2080 MGMT_STATUS_NOT_SUPPORTED);
2081
1f350c87 2082 key_count = __le16_to_cpu(cp->key_count);
55ed8ca1 2083
86742e1e
JH		 2084 expected_len = sizeof(*cp) + key_count *
2085 sizeof(struct mgmt_link_key_info);
a492cd52 2086 if (expected_len != len) {
86742e1e 2087 BT_ERR("load_link_keys: expected %u bytes, got %u bytes",
8ce8e2b5 2088 len, expected_len);
bdb6d971 2089 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
04124681 2090 MGMT_STATUS_INVALID_PARAMS);
55ed8ca1
JH		 2091 }
2092
4ae14301
JH		 2093 if (cp->debug_keys != 0x00 && cp->debug_keys != 0x01)
2094 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2095 MGMT_STATUS_INVALID_PARAMS);
2096
bdb6d971 2097 BT_DBG("%s debug_keys %u key_count %u", hdev->name, cp->debug_keys,
8ce8e2b5 2098 key_count);
55ed8ca1 2099
4ee71b20
JH		 2100 for (i = 0; i < key_count; i++) {
2101 struct mgmt_link_key_info *key = &cp->keys[i];
2102
2103 if (key->addr.type != BDADDR_BREDR)
2104 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2105 MGMT_STATUS_INVALID_PARAMS);
2106 }
2107
09fd0de5 2108 hci_dev_lock(hdev);
55ed8ca1
JH		 2109
2110 hci_link_keys_clear(hdev);
2111
55ed8ca1 2112 if (cp->debug_keys)
a8b2d5c2 2113 set_bit(HCI_DEBUG_KEYS, &hdev->dev_flags);
55ed8ca1 2114 else
a8b2d5c2 2115 clear_bit(HCI_DEBUG_KEYS, &hdev->dev_flags);
55ed8ca1 2116
a492cd52 2117 for (i = 0; i < key_count; i++) {
86742e1e 2118 struct mgmt_link_key_info *key = &cp->keys[i];
55ed8ca1 2119
d753fdc4 2120 hci_add_link_key(hdev, NULL, 0, &key->addr.bdaddr, key->val,
04124681 2121 key->type, key->pin_len);
55ed8ca1
JH		 2122 }
2123
bdb6d971 2124 cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS, 0, NULL, 0);
0e5f875a 2125
09fd0de5 2126 hci_dev_unlock(hdev);
55ed8ca1 2127
a492cd52 2128 return 0;
55ed8ca1
JH		 2129}
2130
b1078ad0 2131static int device_unpaired(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 2132 u8 addr_type, struct sock *skip_sk)
b1078ad0
JH		 2133{
2134 struct mgmt_ev_device_unpaired ev;
2135
2136 bacpy(&ev.addr.bdaddr, bdaddr);
2137 ev.addr.type = addr_type;
2138
2139 return mgmt_event(MGMT_EV_DEVICE_UNPAIRED, hdev, &ev, sizeof(ev),
04124681 2140 skip_sk);
b1078ad0
JH		 2141}
2142
bdb6d971 2143static int unpair_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2144 u16 len)
55ed8ca1 2145{
124f6e35
JH		 2146 struct mgmt_cp_unpair_device *cp = data;
2147 struct mgmt_rp_unpair_device rp;
a8a1d19e
JH		 2148 struct hci_cp_disconnect dc;
2149 struct pending_cmd *cmd;
55ed8ca1 2150 struct hci_conn *conn;
55ed8ca1
JH		 2151 int err;
2152
a8a1d19e 2153 memset(&rp, 0, sizeof(rp));
124f6e35
JH		 2154 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2155 rp.addr.type = cp->addr.type;
a8a1d19e 2156
4ee71b20
JH		 2157 if (!bdaddr_type_is_valid(cp->addr.type))
2158 return cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2159 MGMT_STATUS_INVALID_PARAMS,
2160 &rp, sizeof(rp));
2161
118da70b
JH		 2162 if (cp->disconnect != 0x00 && cp->disconnect != 0x01)
2163 return cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2164 MGMT_STATUS_INVALID_PARAMS,
2165 &rp, sizeof(rp));
2166
4ee71b20
JH		 2167 hci_dev_lock(hdev);
2168
86a8cfc6 2169 if (!hdev_is_powered(hdev)) {
bdb6d971 2170 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
04124681 2171 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
86a8cfc6
JH		 2172 goto unlock;
2173 }
2174
591f47f3 2175 if (cp->addr.type == BDADDR_BREDR)
124f6e35
JH		 2176 err = hci_remove_link_key(hdev, &cp->addr.bdaddr);
2177 else
2178 err = hci_remove_ltk(hdev, &cp->addr.bdaddr);
b0dbfb46 2179
55ed8ca1 2180 if (err < 0) {
bdb6d971 2181 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
04124681 2182 MGMT_STATUS_NOT_PAIRED, &rp, sizeof(rp));
55ed8ca1
JH		 2183 goto unlock;
2184 }
2185
86a8cfc6 2186 if (cp->disconnect) {
591f47f3 2187 if (cp->addr.type == BDADDR_BREDR)
86a8cfc6 2188 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
8ce8e2b5 2189 &cp->addr.bdaddr);
86a8cfc6
JH		 2190 else
2191 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK,
8ce8e2b5 2192 &cp->addr.bdaddr);
86a8cfc6
JH		 2193 } else {
2194 conn = NULL;
2195 }
124f6e35 2196
a8a1d19e 2197 if (!conn) {
bdb6d971 2198 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE, 0,
04124681 2199 &rp, sizeof(rp));
b1078ad0 2200 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, sk);
a8a1d19e
JH		 2201 goto unlock;
2202 }
55ed8ca1 2203
124f6e35 2204 cmd = mgmt_pending_add(sk, MGMT_OP_UNPAIR_DEVICE, hdev, cp,
04124681 2205 sizeof(*cp));
a8a1d19e
JH		 2206 if (!cmd) {
2207 err = -ENOMEM;
2208 goto unlock;
55ed8ca1
JH		 2209 }
2210
eb55ef07 2211 dc.handle = cpu_to_le16(conn->handle);
a8a1d19e
JH		 2212 dc.reason = 0x13; /* Remote User Terminated Connection */
2213 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
2214 if (err < 0)
2215 mgmt_pending_remove(cmd);
2216
55ed8ca1 2217unlock:
09fd0de5 2218 hci_dev_unlock(hdev);
55ed8ca1
JH		 2219 return err;
2220}
2221
bdb6d971 2222static int disconnect(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2223 u16 len)
8962ee74 2224{
650f726d 2225 struct mgmt_cp_disconnect *cp = data;
06a63b19 2226 struct mgmt_rp_disconnect rp;
8962ee74 2227 struct hci_cp_disconnect dc;
366a0336 2228 struct pending_cmd *cmd;
8962ee74 2229 struct hci_conn *conn;
8962ee74
JH		 2230 int err;
2231
2232 BT_DBG("");
2233
06a63b19
JH		 2234 memset(&rp, 0, sizeof(rp));
2235 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2236 rp.addr.type = cp->addr.type;
2237
4ee71b20 2238 if (!bdaddr_type_is_valid(cp->addr.type))
06a63b19
JH		 2239 return cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2240 MGMT_STATUS_INVALID_PARAMS,
2241 &rp, sizeof(rp));
4ee71b20 2242
09fd0de5 2243 hci_dev_lock(hdev);
8962ee74
JH		 2244
2245 if (!test_bit(HCI_UP, &hdev->flags)) {
06a63b19
JH		 2246 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2247 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
8962ee74
JH		 2248 goto failed;
2249 }
2250
2e58ef3e 2251 if (mgmt_pending_find(MGMT_OP_DISCONNECT, hdev)) {
06a63b19
JH		 2252 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2253 MGMT_STATUS_BUSY, &rp, sizeof(rp));
8962ee74
JH		 2254 goto failed;
2255 }
2256
591f47f3 2257 if (cp->addr.type == BDADDR_BREDR)
8fc9ced3
GP		 2258 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
2259 &cp->addr.bdaddr);
88c3df13
JH		 2260 else
2261 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
365227e5 2262
f960727e 2263 if (!conn || conn->state == BT_OPEN || conn->state == BT_CLOSED) {
06a63b19
JH		 2264 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2265 MGMT_STATUS_NOT_CONNECTED, &rp, sizeof(rp));
8962ee74
JH		 2266 goto failed;
2267 }
2268
2e58ef3e 2269 cmd = mgmt_pending_add(sk, MGMT_OP_DISCONNECT, hdev, data, len);
366a0336
JH		 2270 if (!cmd) {
2271 err = -ENOMEM;
8962ee74 2272 goto failed;
366a0336 2273 }
8962ee74 2274
eb55ef07 2275 dc.handle = cpu_to_le16(conn->handle);
3701f944 2276 dc.reason = HCI_ERROR_REMOTE_USER_TERM;
8962ee74
JH		 2277
2278 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
2279 if (err < 0)
a664b5bc 2280 mgmt_pending_remove(cmd);
8962ee74
JH		 2281
2282failed:
09fd0de5 2283 hci_dev_unlock(hdev);
8962ee74
JH		 2284 return err;
2285}
2286
57c1477c 2287static u8 link_to_bdaddr(u8 link_type, u8 addr_type)
4c659c39
JH		 2288{
2289 switch (link_type) {
2290 case LE_LINK:
48264f06
JH		 2291 switch (addr_type) {
2292 case ADDR_LE_DEV_PUBLIC:
591f47f3 2293 return BDADDR_LE_PUBLIC;
0ed09148 2294
48264f06 2295 default:
0ed09148 2296 /* Fallback to LE Random address type */
591f47f3 2297 return BDADDR_LE_RANDOM;
48264f06 2298 }
0ed09148 2299
4c659c39 2300 default:
0ed09148 2301 /* Fallback to BR/EDR type */
591f47f3 2302 return BDADDR_BREDR;
4c659c39
JH		 2303 }
2304}
2305
04124681
GP		 2306static int get_connections(struct sock *sk, struct hci_dev *hdev, void *data,
2307 u16 data_len)
2784eb41 2308{
2784eb41 2309 struct mgmt_rp_get_connections *rp;
8035ded4 2310 struct hci_conn *c;
a38528f1 2311 size_t rp_len;
60fc5fb6
JH		 2312 int err;
2313 u16 i;
2784eb41
JH		 2314
2315 BT_DBG("");
2316
09fd0de5 2317 hci_dev_lock(hdev);
2784eb41 2318
5f97c1df 2319 if (!hdev_is_powered(hdev)) {
bdb6d971 2320 err = cmd_status(sk, hdev->id, MGMT_OP_GET_CONNECTIONS,
04124681 2321 MGMT_STATUS_NOT_POWERED);
5f97c1df
JH		 2322 goto unlock;
2323 }
2324
60fc5fb6 2325 i = 0;
b644ba33
JH		 2326 list_for_each_entry(c, &hdev->conn_hash.list, list) {
2327 if (test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
60fc5fb6 2328 i++;
2784eb41
JH		 2329 }
2330
60fc5fb6 2331 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
92c4c204 2332 rp = kmalloc(rp_len, GFP_KERNEL);
a38528f1 2333 if (!rp) {
2784eb41
JH		 2334 err = -ENOMEM;
2335 goto unlock;
2336 }
2337
2784eb41 2338 i = 0;
4c659c39 2339 list_for_each_entry(c, &hdev->conn_hash.list, list) {
b644ba33
JH		 2340 if (!test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
2341 continue;
4c659c39 2342 bacpy(&rp->addr[i].bdaddr, &c->dst);
57c1477c 2343 rp->addr[i].type = link_to_bdaddr(c->type, c->dst_type);
0ed09148 2344 if (c->type == SCO_LINK || c->type == ESCO_LINK)
4c659c39
JH		 2345 continue;
2346 i++;
2347 }
2348
eb55ef07 2349 rp->conn_count = cpu_to_le16(i);
60fc5fb6 2350
4c659c39
JH		 2351 /* Recalculate length in case of filtered SCO connections, etc */
2352 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
2784eb41 2353
bdb6d971 2354 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CONNECTIONS, 0, rp,
04124681 2355 rp_len);
2784eb41 2356
a38528f1 2357 kfree(rp);
5f97c1df
JH		 2358
2359unlock:
09fd0de5 2360 hci_dev_unlock(hdev);
2784eb41
JH		 2361 return err;
2362}
2363
bdb6d971 2364static int send_pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 2365 struct mgmt_cp_pin_code_neg_reply *cp)
96d97a67
WR		 2366{
2367 struct pending_cmd *cmd;
2368 int err;
2369
2e58ef3e 2370 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_NEG_REPLY, hdev, cp,
04124681 2371 sizeof(*cp));
96d97a67
WR		 2372 if (!cmd)
2373 return -ENOMEM;
2374
d8457698 2375 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
04124681 2376 sizeof(cp->addr.bdaddr), &cp->addr.bdaddr);
96d97a67
WR		 2377 if (err < 0)
2378 mgmt_pending_remove(cmd);
2379
2380 return err;
2381}
2382
bdb6d971 2383static int pin_code_reply(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2384 u16 len)
980e1a53 2385{
96d97a67 2386 struct hci_conn *conn;
650f726d 2387 struct mgmt_cp_pin_code_reply *cp = data;
980e1a53 2388 struct hci_cp_pin_code_reply reply;
366a0336 2389 struct pending_cmd *cmd;
980e1a53
JH		 2390 int err;
2391
2392 BT_DBG("");
2393
09fd0de5 2394 hci_dev_lock(hdev);
980e1a53 2395
4b34ee78 2396 if (!hdev_is_powered(hdev)) {
bdb6d971 2397 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
04124681 2398 MGMT_STATUS_NOT_POWERED);
980e1a53
JH		 2399 goto failed;
2400 }
2401
d8457698 2402 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->addr.bdaddr);
96d97a67 2403 if (!conn) {
bdb6d971 2404 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
04124681 2405 MGMT_STATUS_NOT_CONNECTED);
96d97a67
WR		 2406 goto failed;
2407 }
2408
2409 if (conn->pending_sec_level == BT_SECURITY_HIGH && cp->pin_len != 16) {
d8457698
JH		 2410 struct mgmt_cp_pin_code_neg_reply ncp;
2411
2412 memcpy(&ncp.addr, &cp->addr, sizeof(ncp.addr));
96d97a67
WR		 2413
2414 BT_ERR("PIN code is not 16 bytes long");
2415
bdb6d971 2416 err = send_pin_code_neg_reply(sk, hdev, &ncp);
96d97a67 2417 if (err >= 0)
bdb6d971 2418 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
04124681 2419 MGMT_STATUS_INVALID_PARAMS);
96d97a67
WR		 2420
2421 goto failed;
2422 }
2423
00abfe44 2424 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_REPLY, hdev, data, len);
366a0336
JH		 2425 if (!cmd) {
2426 err = -ENOMEM;
980e1a53 2427 goto failed;
366a0336 2428 }
980e1a53 2429
d8457698 2430 bacpy(&reply.bdaddr, &cp->addr.bdaddr);
980e1a53 2431 reply.pin_len = cp->pin_len;
24718ca5 2432 memcpy(reply.pin_code, cp->pin_code, sizeof(reply.pin_code));
980e1a53
JH		 2433
2434 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_REPLY, sizeof(reply), &reply);
2435 if (err < 0)
a664b5bc 2436 mgmt_pending_remove(cmd);
980e1a53
JH		 2437
2438failed:
09fd0de5 2439 hci_dev_unlock(hdev);
980e1a53
JH		 2440 return err;
2441}
2442
04124681
GP		 2443static int set_io_capability(struct sock *sk, struct hci_dev *hdev, void *data,
2444 u16 len)
17fa4b9d 2445{
650f726d 2446 struct mgmt_cp_set_io_capability *cp = data;
17fa4b9d
JH		 2447
2448 BT_DBG("");
2449
09fd0de5 2450 hci_dev_lock(hdev);
17fa4b9d
JH		 2451
2452 hdev->io_capability = cp->io_capability;
2453
2454 BT_DBG("%s IO capability set to 0x%02x", hdev->name,
8ce8e2b5 2455 hdev->io_capability);
17fa4b9d 2456
09fd0de5 2457 hci_dev_unlock(hdev);
17fa4b9d 2458
04124681
GP		 2459 return cmd_complete(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY, 0, NULL,
2460 0);
17fa4b9d
JH		 2461}
2462
6039aa73 2463static struct pending_cmd *find_pairing(struct hci_conn *conn)
e9a416b5
JH		 2464{
2465 struct hci_dev *hdev = conn->hdev;
8035ded4 2466 struct pending_cmd *cmd;
e9a416b5 2467
2e58ef3e 2468 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
e9a416b5
JH		 2469 if (cmd->opcode != MGMT_OP_PAIR_DEVICE)
2470 continue;
2471
e9a416b5
JH		 2472 if (cmd->user_data != conn)
2473 continue;
2474
2475 return cmd;
2476 }
2477
2478 return NULL;
2479}
2480
2481static void pairing_complete(struct pending_cmd *cmd, u8 status)
2482{
2483 struct mgmt_rp_pair_device rp;
2484 struct hci_conn *conn = cmd->user_data;
2485
ba4e564f 2486 bacpy(&rp.addr.bdaddr, &conn->dst);
57c1477c 2487 rp.addr.type = link_to_bdaddr(conn->type, conn->dst_type);
e9a416b5 2488
aee9b218 2489 cmd_complete(cmd->sk, cmd->index, MGMT_OP_PAIR_DEVICE, status,
04124681 2490 &rp, sizeof(rp));
e9a416b5
JH		 2491
2492 /* So we don't get further callbacks for this connection */
2493 conn->connect_cfm_cb = NULL;
2494 conn->security_cfm_cb = NULL;
2495 conn->disconn_cfm_cb = NULL;
2496
76a68ba0 2497 hci_conn_drop(conn);
e9a416b5 2498
a664b5bc 2499 mgmt_pending_remove(cmd);
e9a416b5
JH		 2500}
2501
2502static void pairing_complete_cb(struct hci_conn *conn, u8 status)
2503{
2504 struct pending_cmd *cmd;
2505
2506 BT_DBG("status %u", status);
2507
2508 cmd = find_pairing(conn);
56e5cb86 2509 if (!cmd)
e9a416b5 2510 BT_DBG("Unable to find a pending command");
56e5cb86 2511 else
e211326c 2512 pairing_complete(cmd, mgmt_status(status));
e9a416b5
JH		 2513}
2514
4c47d739
VA		 2515static void le_connect_complete_cb(struct hci_conn *conn, u8 status)
2516{
2517 struct pending_cmd *cmd;
2518
2519 BT_DBG("status %u", status);
2520
2521 if (!status)
2522 return;
2523
2524 cmd = find_pairing(conn);
2525 if (!cmd)
2526 BT_DBG("Unable to find a pending command");
2527 else
2528 pairing_complete(cmd, mgmt_status(status));
2529}
2530
bdb6d971 2531static int pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2532 u16 len)
e9a416b5 2533{
650f726d 2534 struct mgmt_cp_pair_device *cp = data;
1425acb7 2535 struct mgmt_rp_pair_device rp;
e9a416b5
JH		 2536 struct pending_cmd *cmd;
2537 u8 sec_level, auth_type;
2538 struct hci_conn *conn;
e9a416b5
JH		 2539 int err;
2540
2541 BT_DBG("");
2542
f950a30e
SJ		 2543 memset(&rp, 0, sizeof(rp));
2544 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2545 rp.addr.type = cp->addr.type;
2546
4ee71b20
JH		 2547 if (!bdaddr_type_is_valid(cp->addr.type))
2548 return cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2549 MGMT_STATUS_INVALID_PARAMS,
2550 &rp, sizeof(rp));
2551
09fd0de5 2552 hci_dev_lock(hdev);
e9a416b5 2553
5f97c1df 2554 if (!hdev_is_powered(hdev)) {
f950a30e
SJ		 2555 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2556 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
5f97c1df
JH		 2557 goto unlock;
2558 }
2559
c908df36
VCG		 2560 sec_level = BT_SECURITY_MEDIUM;
2561 if (cp->io_cap == 0x03)
e9a416b5 2562 auth_type = HCI_AT_DEDICATED_BONDING;
c908df36 2563 else
e9a416b5 2564 auth_type = HCI_AT_DEDICATED_BONDING_MITM;
e9a416b5 2565
591f47f3 2566 if (cp->addr.type == BDADDR_BREDR)
b12f62cf
AG		 2567 conn = hci_connect(hdev, ACL_LINK, &cp->addr.bdaddr,
2568 cp->addr.type, sec_level, auth_type);
7a512d01 2569 else
b12f62cf
AG		 2570 conn = hci_connect(hdev, LE_LINK, &cp->addr.bdaddr,
2571 cp->addr.type, sec_level, auth_type);
7a512d01 2572
30e76272 2573 if (IS_ERR(conn)) {
489dc48e
AK		 2574 int status;
2575
2576 if (PTR_ERR(conn) == -EBUSY)
2577 status = MGMT_STATUS_BUSY;
2578 else
2579 status = MGMT_STATUS_CONNECT_FAILED;
2580
bdb6d971 2581 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
489dc48e 2582 status, &rp,
04124681 2583 sizeof(rp));
e9a416b5
JH		 2584 goto unlock;
2585 }
2586
2587 if (conn->connect_cfm_cb) {
76a68ba0 2588 hci_conn_drop(conn);
bdb6d971 2589 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
04124681 2590 MGMT_STATUS_BUSY, &rp, sizeof(rp));
e9a416b5
JH		 2591 goto unlock;
2592 }
2593
2e58ef3e 2594 cmd = mgmt_pending_add(sk, MGMT_OP_PAIR_DEVICE, hdev, data, len);
e9a416b5
JH		 2595 if (!cmd) {
2596 err = -ENOMEM;
76a68ba0 2597 hci_conn_drop(conn);
e9a416b5
JH		 2598 goto unlock;
2599 }
2600
7a512d01 2601 /* For LE, just connecting isn't a proof that the pairing finished */
591f47f3 2602 if (cp->addr.type == BDADDR_BREDR)
7a512d01 2603 conn->connect_cfm_cb = pairing_complete_cb;
4c47d739
VA		 2604 else
2605 conn->connect_cfm_cb = le_connect_complete_cb;
7a512d01 2606
e9a416b5
JH		 2607 conn->security_cfm_cb = pairing_complete_cb;
2608 conn->disconn_cfm_cb = pairing_complete_cb;
2609 conn->io_capability = cp->io_cap;
2610 cmd->user_data = conn;
2611
2612 if (conn->state == BT_CONNECTED &&
8ce8e2b5 2613 hci_conn_security(conn, sec_level, auth_type))
e9a416b5
JH		 2614 pairing_complete(cmd, 0);
2615
2616 err = 0;
2617
2618unlock:
09fd0de5 2619 hci_dev_unlock(hdev);
e9a416b5
JH		 2620 return err;
2621}
2622
04124681
GP		 2623static int cancel_pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
2624 u16 len)
28424707 2625{
0f4e68cf 2626 struct mgmt_addr_info *addr = data;
28424707
JH		 2627 struct pending_cmd *cmd;
2628 struct hci_conn *conn;
2629 int err;
2630
2631 BT_DBG("");
2632
28424707
JH		 2633 hci_dev_lock(hdev);
2634
5f97c1df 2635 if (!hdev_is_powered(hdev)) {
bdb6d971 2636 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
04124681 2637 MGMT_STATUS_NOT_POWERED);
5f97c1df
JH		 2638 goto unlock;
2639 }
2640
28424707
JH		 2641 cmd = mgmt_pending_find(MGMT_OP_PAIR_DEVICE, hdev);
2642 if (!cmd) {
bdb6d971 2643 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
04124681 2644 MGMT_STATUS_INVALID_PARAMS);
28424707
JH		 2645 goto unlock;
2646 }
2647
2648 conn = cmd->user_data;
2649
2650 if (bacmp(&addr->bdaddr, &conn->dst) != 0) {
bdb6d971 2651 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
04124681 2652 MGMT_STATUS_INVALID_PARAMS);
28424707
JH		 2653 goto unlock;
2654 }
2655
2656 pairing_complete(cmd, MGMT_STATUS_CANCELLED);
2657
bdb6d971 2658 err = cmd_complete(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE, 0,
04124681 2659 addr, sizeof(*addr));
28424707
JH		 2660unlock:
2661 hci_dev_unlock(hdev);
28424707
JH		 2662 return err;
2663}
2664
bdb6d971 2665static int user_pairing_resp(struct sock *sk, struct hci_dev *hdev,
1707c60e 2666 struct mgmt_addr_info *addr, u16 mgmt_op,
04124681 2667 u16 hci_op, __le32 passkey)
a5c29683 2668{
a5c29683 2669 struct pending_cmd *cmd;
0df4c185 2670 struct hci_conn *conn;
a5c29683
JH		 2671 int err;
2672
09fd0de5 2673 hci_dev_lock(hdev);
08ba5382 2674
4b34ee78 2675 if (!hdev_is_powered(hdev)) {
feb94d3d
JH		 2676 err = cmd_complete(sk, hdev->id, mgmt_op,
2677 MGMT_STATUS_NOT_POWERED, addr,
2678 sizeof(*addr));
0df4c185 2679 goto done;
a5c29683
JH		 2680 }
2681
1707c60e
JH		 2682 if (addr->type == BDADDR_BREDR)
2683 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &addr->bdaddr);
272d90df 2684 else
1707c60e 2685 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &addr->bdaddr);
272d90df
JH		 2686
2687 if (!conn) {
feb94d3d
JH		 2688 err = cmd_complete(sk, hdev->id, mgmt_op,
2689 MGMT_STATUS_NOT_CONNECTED, addr,
2690 sizeof(*addr));
272d90df
JH		 2691 goto done;
2692 }
47c15e2b 2693
1707c60e 2694 if (addr->type == BDADDR_LE_PUBLIC || addr->type == BDADDR_LE_RANDOM) {
47c15e2b 2695 /* Continue with pairing via SMP */
5fe57d9e
BG		 2696 err = smp_user_confirm_reply(conn, mgmt_op, passkey);
2697
2698 if (!err)
feb94d3d
JH		 2699 err = cmd_complete(sk, hdev->id, mgmt_op,
2700 MGMT_STATUS_SUCCESS, addr,
2701 sizeof(*addr));
5fe57d9e 2702 else
feb94d3d
JH		 2703 err = cmd_complete(sk, hdev->id, mgmt_op,
2704 MGMT_STATUS_FAILED, addr,
2705 sizeof(*addr));
47c15e2b 2706
47c15e2b
BG		 2707 goto done;
2708 }
2709
1707c60e 2710 cmd = mgmt_pending_add(sk, mgmt_op, hdev, addr, sizeof(*addr));
a5c29683
JH		 2711 if (!cmd) {
2712 err = -ENOMEM;
0df4c185 2713 goto done;
a5c29683
JH		 2714 }
2715
0df4c185 2716 /* Continue with pairing via HCI */
604086b7
BG		 2717 if (hci_op == HCI_OP_USER_PASSKEY_REPLY) {
2718 struct hci_cp_user_passkey_reply cp;
2719
1707c60e 2720 bacpy(&cp.bdaddr, &addr->bdaddr);
604086b7
BG		 2721 cp.passkey = passkey;
2722 err = hci_send_cmd(hdev, hci_op, sizeof(cp), &cp);
2723 } else
1707c60e
JH		 2724 err = hci_send_cmd(hdev, hci_op, sizeof(addr->bdaddr),
2725 &addr->bdaddr);
604086b7 2726
a664b5bc
JH		 2727 if (err < 0)
2728 mgmt_pending_remove(cmd);
a5c29683 2729
0df4c185 2730done:
09fd0de5 2731 hci_dev_unlock(hdev);
a5c29683
JH		 2732 return err;
2733}
2734
afeb019d
JK		 2735static int pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
2736 void *data, u16 len)
2737{
2738 struct mgmt_cp_pin_code_neg_reply *cp = data;
2739
2740 BT_DBG("");
2741
1707c60e 2742 return user_pairing_resp(sk, hdev, &cp->addr,
afeb019d
JK		 2743 MGMT_OP_PIN_CODE_NEG_REPLY,
2744 HCI_OP_PIN_CODE_NEG_REPLY, 0);
2745}
2746
04124681
GP		 2747static int user_confirm_reply(struct sock *sk, struct hci_dev *hdev, void *data,
2748 u16 len)
0df4c185 2749{
650f726d 2750 struct mgmt_cp_user_confirm_reply *cp = data;
0df4c185
BG		 2751
2752 BT_DBG("");
2753
2754 if (len != sizeof(*cp))
bdb6d971 2755 return cmd_status(sk, hdev->id, MGMT_OP_USER_CONFIRM_REPLY,
04124681 2756 MGMT_STATUS_INVALID_PARAMS);
0df4c185 2757
1707c60e 2758 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 2759 MGMT_OP_USER_CONFIRM_REPLY,
2760 HCI_OP_USER_CONFIRM_REPLY, 0);
0df4c185
BG		 2761}
2762
bdb6d971 2763static int user_confirm_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 2764 void *data, u16 len)
0df4c185 2765{
c9c2659f 2766 struct mgmt_cp_user_confirm_neg_reply *cp = data;
0df4c185
BG		 2767
2768 BT_DBG("");
2769
1707c60e 2770 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 2771 MGMT_OP_USER_CONFIRM_NEG_REPLY,
2772 HCI_OP_USER_CONFIRM_NEG_REPLY, 0);
0df4c185
BG		 2773}
2774
04124681
GP		 2775static int user_passkey_reply(struct sock *sk, struct hci_dev *hdev, void *data,
2776 u16 len)
604086b7 2777{
650f726d 2778 struct mgmt_cp_user_passkey_reply *cp = data;
604086b7
BG		 2779
2780 BT_DBG("");
2781
1707c60e 2782 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 2783 MGMT_OP_USER_PASSKEY_REPLY,
2784 HCI_OP_USER_PASSKEY_REPLY, cp->passkey);
604086b7
BG		 2785}
2786
bdb6d971 2787static int user_passkey_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 2788 void *data, u16 len)
604086b7 2789{
650f726d 2790 struct mgmt_cp_user_passkey_neg_reply *cp = data;
604086b7
BG		 2791
2792 BT_DBG("");
2793
1707c60e 2794 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 2795 MGMT_OP_USER_PASSKEY_NEG_REPLY,
2796 HCI_OP_USER_PASSKEY_NEG_REPLY, 0);
604086b7
BG		 2797}
2798
13928971 2799static void update_name(struct hci_request *req)
2b4bf397 2800{
13928971 2801 struct hci_dev *hdev = req->hdev;
2b4bf397
JH		 2802 struct hci_cp_write_local_name cp;
2803
13928971 2804 memcpy(cp.name, hdev->dev_name, sizeof(cp.name));
2b4bf397 2805
890ea898 2806 hci_req_add(req, HCI_OP_WRITE_LOCAL_NAME, sizeof(cp), &cp);
2b4bf397
JH		 2807}
2808
13928971
JH		 2809static void set_name_complete(struct hci_dev *hdev, u8 status)
2810{
2811 struct mgmt_cp_set_local_name *cp;
2812 struct pending_cmd *cmd;
2813
2814 BT_DBG("status 0x%02x", status);
2815
2816 hci_dev_lock(hdev);
2817
2818 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
2819 if (!cmd)
2820 goto unlock;
2821
2822 cp = cmd->param;
2823
2824 if (status)
2825 cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME,
2826 mgmt_status(status));
2827 else
2828 cmd_complete(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
2829 cp, sizeof(*cp));
2830
2831 mgmt_pending_remove(cmd);
2832
2833unlock:
2834 hci_dev_unlock(hdev);
2835}
2836
bdb6d971 2837static int set_local_name(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2838 u16 len)
b312b161 2839{
2b4bf397 2840 struct mgmt_cp_set_local_name *cp = data;
b312b161 2841 struct pending_cmd *cmd;
890ea898 2842 struct hci_request req;
b312b161
JH		 2843 int err;
2844
2845 BT_DBG("");
2846
09fd0de5 2847 hci_dev_lock(hdev);
b312b161 2848
b3f2ca94
JH		 2849 /* If the old values are the same as the new ones just return a
2850 * direct command complete event.
2851 */
2852 if (!memcmp(hdev->dev_name, cp->name, sizeof(hdev->dev_name)) &&
2853 !memcmp(hdev->short_name, cp->short_name,
2854 sizeof(hdev->short_name))) {
2855 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
2856 data, len);
2857 goto failed;
2858 }
2859
2b4bf397 2860 memcpy(hdev->short_name, cp->short_name, sizeof(hdev->short_name));
28cc7bde 2861
b5235a65 2862 if (!hdev_is_powered(hdev)) {
2b4bf397 2863 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
28cc7bde
JH		 2864
2865 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
04124681 2866 data, len);
28cc7bde
JH		 2867 if (err < 0)
2868 goto failed;
2869
2870 err = mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, data, len,
04124681 2871 sk);
28cc7bde 2872
b5235a65
JH		 2873 goto failed;
2874 }
2875
28cc7bde 2876 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LOCAL_NAME, hdev, data, len);
b312b161
JH		 2877 if (!cmd) {
2878 err = -ENOMEM;
2879 goto failed;
2880 }
2881
13928971
JH		 2882 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
2883
890ea898 2884 hci_req_init(&req, hdev);
3f985050
JH		 2885
2886 if (lmp_bredr_capable(hdev)) {
2887 update_name(&req);
2888 update_eir(&req);
2889 }
2890
2891 if (lmp_le_capable(hdev))
441ad2d0 2892 update_ad(&req);
3f985050 2893
13928971 2894 err = hci_req_run(&req, set_name_complete);
b312b161
JH		 2895 if (err < 0)
2896 mgmt_pending_remove(cmd);
2897
2898failed:
09fd0de5 2899 hci_dev_unlock(hdev);
b312b161
JH		 2900 return err;
2901}
2902
0f4e68cf 2903static int read_local_oob_data(struct sock *sk, struct hci_dev *hdev,
04124681 2904 void *data, u16 data_len)
c35938b2 2905{
c35938b2
SJ		 2906 struct pending_cmd *cmd;
2907 int err;
2908
bdb6d971 2909 BT_DBG("%s", hdev->name);
c35938b2 2910
09fd0de5 2911 hci_dev_lock(hdev);
c35938b2 2912
4b34ee78 2913 if (!hdev_is_powered(hdev)) {
bdb6d971 2914 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
04124681 2915 MGMT_STATUS_NOT_POWERED);
c35938b2
SJ		 2916 goto unlock;
2917 }
2918
9a1a1996 2919 if (!lmp_ssp_capable(hdev)) {
bdb6d971 2920 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
04124681 2921 MGMT_STATUS_NOT_SUPPORTED);
c35938b2
SJ		 2922 goto unlock;
2923 }
2924
2e58ef3e 2925 if (mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev)) {
bdb6d971 2926 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
04124681 2927 MGMT_STATUS_BUSY);
c35938b2
SJ		 2928 goto unlock;
2929 }
2930
2e58ef3e 2931 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_DATA, hdev, NULL, 0);
c35938b2
SJ		 2932 if (!cmd) {
2933 err = -ENOMEM;
2934 goto unlock;
2935 }
2936
2937 err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL);
2938 if (err < 0)
2939 mgmt_pending_remove(cmd);
2940
2941unlock:
09fd0de5 2942 hci_dev_unlock(hdev);
c35938b2
SJ		 2943 return err;
2944}
2945
bdb6d971 2946static int add_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
04124681 2947 void *data, u16 len)
2763eda6 2948{
650f726d 2949 struct mgmt_cp_add_remote_oob_data *cp = data;
bf1e3541 2950 u8 status;
2763eda6
SJ		 2951 int err;
2952
bdb6d971 2953 BT_DBG("%s ", hdev->name);
2763eda6 2954
09fd0de5 2955 hci_dev_lock(hdev);
2763eda6 2956
664ce4cc 2957 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr, cp->hash,
04124681 2958 cp->randomizer);
2763eda6 2959 if (err < 0)
bf1e3541 2960 status = MGMT_STATUS_FAILED;
2763eda6 2961 else
a6785be2 2962 status = MGMT_STATUS_SUCCESS;
bf1e3541 2963
bdb6d971 2964 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA, status,
04124681 2965 &cp->addr, sizeof(cp->addr));
2763eda6 2966
09fd0de5 2967 hci_dev_unlock(hdev);
2763eda6
SJ		 2968 return err;
2969}
2970
bdb6d971 2971static int remove_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
8ce8e2b5 2972 void *data, u16 len)
2763eda6 2973{
650f726d 2974 struct mgmt_cp_remove_remote_oob_data *cp = data;
bf1e3541 2975 u8 status;
2763eda6
SJ		 2976 int err;
2977
bdb6d971 2978 BT_DBG("%s", hdev->name);
2763eda6 2979
09fd0de5 2980 hci_dev_lock(hdev);
2763eda6 2981
664ce4cc 2982 err = hci_remove_remote_oob_data(hdev, &cp->addr.bdaddr);
2763eda6 2983 if (err < 0)
bf1e3541 2984 status = MGMT_STATUS_INVALID_PARAMS;
2763eda6 2985 else
a6785be2 2986 status = MGMT_STATUS_SUCCESS;
bf1e3541 2987
bdb6d971 2988 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
04124681 2989 status, &cp->addr, sizeof(cp->addr));
2763eda6 2990
09fd0de5 2991 hci_dev_unlock(hdev);
2763eda6
SJ		 2992 return err;
2993}
2994
41dc2bd6
AG		 2995static int mgmt_start_discovery_failed(struct hci_dev *hdev, u8 status)
2996{
2997 struct pending_cmd *cmd;
2998 u8 type;
2999 int err;
3000
3001 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
3002
3003 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
3004 if (!cmd)
3005 return -ENOENT;
3006
3007 type = hdev->discovery.type;
3008
3009 err = cmd_complete(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status),
3010 &type, sizeof(type));
3011 mgmt_pending_remove(cmd);
3012
3013 return err;
3014}
3015
7c307720
AG		 3016static void start_discovery_complete(struct hci_dev *hdev, u8 status)
3017{
3018 BT_DBG("status %d", status);
3019
3020 if (status) {
3021 hci_dev_lock(hdev);
3022 mgmt_start_discovery_failed(hdev, status);
3023 hci_dev_unlock(hdev);
3024 return;
3025 }
3026
3027 hci_dev_lock(hdev);
3028 hci_discovery_set_state(hdev, DISCOVERY_FINDING);
3029 hci_dev_unlock(hdev);
3030
3031 switch (hdev->discovery.type) {
3032 case DISCOV_TYPE_LE:
3033 queue_delayed_work(hdev->workqueue, &hdev->le_scan_disable,
0d8cc935 3034 DISCOV_LE_TIMEOUT);
7c307720
AG		 3035 break;
3036
3037 case DISCOV_TYPE_INTERLEAVED:
3038 queue_delayed_work(hdev->workqueue, &hdev->le_scan_disable,
0d8cc935 3039 DISCOV_INTERLEAVED_TIMEOUT);
7c307720
AG		 3040 break;
3041
3042 case DISCOV_TYPE_BREDR:
3043 break;
3044
3045 default:
3046 BT_ERR("Invalid discovery type %d", hdev->discovery.type);
3047 }
3048}
3049
bdb6d971 3050static int start_discovery(struct sock *sk, struct hci_dev *hdev,
04124681 3051 void *data, u16 len)
14a53664 3052{
650f726d 3053 struct mgmt_cp_start_discovery *cp = data;
14a53664 3054 struct pending_cmd *cmd;
7c307720
AG		 3055 struct hci_cp_le_set_scan_param param_cp;
3056 struct hci_cp_le_set_scan_enable enable_cp;
3057 struct hci_cp_inquiry inq_cp;
3058 struct hci_request req;
3059 /* General inquiry access code (GIAC) */
3060 u8 lap[3] = { 0x33, 0x8b, 0x9e };
e6fe7986 3061 u8 status;
14a53664
JH		 3062 int err;
3063
bdb6d971 3064 BT_DBG("%s", hdev->name);
14a53664 3065
09fd0de5 3066 hci_dev_lock(hdev);
14a53664 3067
4b34ee78 3068 if (!hdev_is_powered(hdev)) {
bdb6d971 3069 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
04124681 3070 MGMT_STATUS_NOT_POWERED);
bd2d1334
JH		 3071 goto failed;
3072 }
3073
642be6c7
AG		 3074 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags)) {
3075 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3076 MGMT_STATUS_BUSY);
3077 goto failed;
3078 }
3079
ff9ef578 3080 if (hdev->discovery.state != DISCOVERY_STOPPED) {
bdb6d971 3081 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
04124681 3082 MGMT_STATUS_BUSY);
ff9ef578
JH		 3083 goto failed;
3084 }
3085
2e58ef3e 3086 cmd = mgmt_pending_add(sk, MGMT_OP_START_DISCOVERY, hdev, NULL, 0);
14a53664
JH		 3087 if (!cmd) {
3088 err = -ENOMEM;
3089 goto failed;
3090 }
3091
4aab14e5
AG		 3092 hdev->discovery.type = cp->type;
3093
7c307720
AG		 3094 hci_req_init(&req, hdev);
3095
4aab14e5 3096 switch (hdev->discovery.type) {
f39799f5 3097 case DISCOV_TYPE_BREDR:
e6fe7986
JH		 3098 status = mgmt_bredr_support(hdev);
3099 if (status) {
04106755 3100 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
e6fe7986 3101 status);
04106755
JH		 3102 mgmt_pending_remove(cmd);
3103 goto failed;
3104 }
3105
7c307720
AG		 3106 if (test_bit(HCI_INQUIRY, &hdev->flags)) {
3107 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3108 MGMT_STATUS_BUSY);
3109 mgmt_pending_remove(cmd);
3110 goto failed;
3111 }
3112
3113 hci_inquiry_cache_flush(hdev);
3114
3115 memset(&inq_cp, 0, sizeof(inq_cp));
3116 memcpy(&inq_cp.lap, lap, sizeof(inq_cp.lap));
0d8cc935 3117 inq_cp.length = DISCOV_BREDR_INQUIRY_LEN;
7c307720 3118 hci_req_add(&req, HCI_OP_INQUIRY, sizeof(inq_cp), &inq_cp);
f39799f5
AG		 3119 break;
3120
3121 case DISCOV_TYPE_LE:
7c307720 3122 case DISCOV_TYPE_INTERLEAVED:
e6fe7986
JH		 3123 status = mgmt_le_support(hdev);
3124 if (status) {
04106755 3125 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
e6fe7986 3126 status);
04106755
JH		 3127 mgmt_pending_remove(cmd);
3128 goto failed;
3129 }
3130
7c307720 3131 if (hdev->discovery.type == DISCOV_TYPE_INTERLEAVED &&
56f87901 3132 !test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
04106755
JH		 3133 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3134 MGMT_STATUS_NOT_SUPPORTED);
3135 mgmt_pending_remove(cmd);
3136 goto failed;
3137 }
3138
f3d3444a 3139 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags)) {
7c307720
AG		 3140 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3141 MGMT_STATUS_REJECTED);
3142 mgmt_pending_remove(cmd);
3143 goto failed;
3144 }
3145
3146 if (test_bit(HCI_LE_SCAN, &hdev->dev_flags)) {
3147 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3148 MGMT_STATUS_BUSY);
3149 mgmt_pending_remove(cmd);
3150 goto failed;
3151 }
3152
3153 memset(&param_cp, 0, sizeof(param_cp));
3154 param_cp.type = LE_SCAN_ACTIVE;
0d8cc935
AG		 3155 param_cp.interval = cpu_to_le16(DISCOV_LE_SCAN_INT);
3156 param_cp.window = cpu_to_le16(DISCOV_LE_SCAN_WIN);
c25dfc61
MH		 3157 if (bacmp(&hdev->bdaddr, BDADDR_ANY))
3158 param_cp.own_address_type = ADDR_LE_DEV_PUBLIC;
3159 else
3160 param_cp.own_address_type = ADDR_LE_DEV_RANDOM;
7c307720
AG		 3161 hci_req_add(&req, HCI_OP_LE_SET_SCAN_PARAM, sizeof(param_cp),
3162 &param_cp);
3163
3164 memset(&enable_cp, 0, sizeof(enable_cp));
3165 enable_cp.enable = LE_SCAN_ENABLE;
3166 enable_cp.filter_dup = LE_SCAN_FILTER_DUP_ENABLE;
3167 hci_req_add(&req, HCI_OP_LE_SET_SCAN_ENABLE, sizeof(enable_cp),
3168 &enable_cp);
5e0452c0
AG		 3169 break;
3170
f39799f5 3171 default:
04106755
JH		 3172 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3173 MGMT_STATUS_INVALID_PARAMS);
3174 mgmt_pending_remove(cmd);
3175 goto failed;
f39799f5 3176 }
3fd24153 3177
7c307720 3178 err = hci_req_run(&req, start_discovery_complete);
14a53664
JH		 3179 if (err < 0)
3180 mgmt_pending_remove(cmd);
ff9ef578
JH		 3181 else
3182 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
14a53664
JH		 3183
3184failed:
09fd0de5 3185 hci_dev_unlock(hdev);
14a53664
JH		 3186 return err;
3187}
3188
1183fdca
AG		 3189static int mgmt_stop_discovery_failed(struct hci_dev *hdev, u8 status)
3190{
3191 struct pending_cmd *cmd;
3192 int err;
3193
3194 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
3195 if (!cmd)
3196 return -ENOENT;
3197
3198 err = cmd_complete(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status),
3199 &hdev->discovery.type, sizeof(hdev->discovery.type));
3200 mgmt_pending_remove(cmd);
3201
3202 return err;
3203}
3204
0e05bba6
AG		 3205static void stop_discovery_complete(struct hci_dev *hdev, u8 status)
3206{
3207 BT_DBG("status %d", status);
3208
3209 hci_dev_lock(hdev);
3210
3211 if (status) {
3212 mgmt_stop_discovery_failed(hdev, status);
3213 goto unlock;
3214 }
3215
3216 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
3217
3218unlock:
3219 hci_dev_unlock(hdev);
3220}
3221
bdb6d971 3222static int stop_discovery(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3223 u16 len)
14a53664 3224{
d930650b 3225 struct mgmt_cp_stop_discovery *mgmt_cp = data;
14a53664 3226 struct pending_cmd *cmd;
30dc78e1
JH		 3227 struct hci_cp_remote_name_req_cancel cp;
3228 struct inquiry_entry *e;
0e05bba6
AG		 3229 struct hci_request req;
3230 struct hci_cp_le_set_scan_enable enable_cp;
14a53664
JH		 3231 int err;
3232
bdb6d971 3233 BT_DBG("%s", hdev->name);
14a53664 3234
09fd0de5 3235 hci_dev_lock(hdev);
14a53664 3236
30dc78e1 3237 if (!hci_discovery_active(hdev)) {
bdb6d971 3238 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
04124681
GP		 3239 MGMT_STATUS_REJECTED, &mgmt_cp->type,
3240 sizeof(mgmt_cp->type));
d930650b
JH		 3241 goto unlock;
3242 }
3243
3244 if (hdev->discovery.type != mgmt_cp->type) {
bdb6d971 3245 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
04124681
GP		 3246 MGMT_STATUS_INVALID_PARAMS, &mgmt_cp->type,
3247 sizeof(mgmt_cp->type));
30dc78e1 3248 goto unlock;
ff9ef578
JH		 3249 }
3250
2e58ef3e 3251 cmd = mgmt_pending_add(sk, MGMT_OP_STOP_DISCOVERY, hdev, NULL, 0);
14a53664
JH		 3252 if (!cmd) {
3253 err = -ENOMEM;
30dc78e1
JH		 3254 goto unlock;
3255 }
3256
0e05bba6
AG		 3257 hci_req_init(&req, hdev);
3258
e0d9727e
AG		 3259 switch (hdev->discovery.state) {
3260 case DISCOVERY_FINDING:
0e05bba6
AG		 3261 if (test_bit(HCI_INQUIRY, &hdev->flags)) {
3262 hci_req_add(&req, HCI_OP_INQUIRY_CANCEL, 0, NULL);
3263 } else {
3264 cancel_delayed_work(&hdev->le_scan_disable);
3265
3266 memset(&enable_cp, 0, sizeof(enable_cp));
3267 enable_cp.enable = LE_SCAN_DISABLE;
3268 hci_req_add(&req, HCI_OP_LE_SET_SCAN_ENABLE,
3269 sizeof(enable_cp), &enable_cp);
3270 }
c9ecc48e 3271
e0d9727e
AG		 3272 break;
3273
3274 case DISCOVERY_RESOLVING:
3275 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY,
8ce8e2b5 3276 NAME_PENDING);
e0d9727e 3277 if (!e) {
30dc78e1 3278 mgmt_pending_remove(cmd);
e0d9727e
AG		 3279 err = cmd_complete(sk, hdev->id,
3280 MGMT_OP_STOP_DISCOVERY, 0,
3281 &mgmt_cp->type,
3282 sizeof(mgmt_cp->type));
3283 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
3284 goto unlock;
3285 }
30dc78e1 3286
e0d9727e 3287 bacpy(&cp.bdaddr, &e->data.bdaddr);
0e05bba6
AG		 3288 hci_req_add(&req, HCI_OP_REMOTE_NAME_REQ_CANCEL, sizeof(cp),
3289 &cp);
e0d9727e
AG		 3290
3291 break;
3292
3293 default:
3294 BT_DBG("unknown discovery state %u", hdev->discovery.state);
0e05bba6
AG		 3295
3296 mgmt_pending_remove(cmd);
3297 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
3298 MGMT_STATUS_FAILED, &mgmt_cp->type,
3299 sizeof(mgmt_cp->type));
3300 goto unlock;
14a53664
JH		 3301 }
3302
0e05bba6 3303 err = hci_req_run(&req, stop_discovery_complete);
14a53664
JH		 3304 if (err < 0)
3305 mgmt_pending_remove(cmd);
ff9ef578
JH		 3306 else
3307 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
14a53664 3308
30dc78e1 3309unlock:
09fd0de5 3310 hci_dev_unlock(hdev);
14a53664
JH		 3311 return err;
3312}
3313
bdb6d971 3314static int confirm_name(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3315 u16 len)
561aafbc 3316{
650f726d 3317 struct mgmt_cp_confirm_name *cp = data;
561aafbc 3318 struct inquiry_entry *e;
561aafbc
JH		 3319 int err;
3320
bdb6d971 3321 BT_DBG("%s", hdev->name);
561aafbc 3322
561aafbc
JH		 3323 hci_dev_lock(hdev);
3324
30dc78e1 3325 if (!hci_discovery_active(hdev)) {
bdb6d971 3326 err = cmd_status(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
04124681 3327 MGMT_STATUS_FAILED);
30dc78e1
JH		 3328 goto failed;
3329 }
3330
a198e7b1 3331 e = hci_inquiry_cache_lookup_unknown(hdev, &cp->addr.bdaddr);
561aafbc 3332 if (!e) {
bdb6d971 3333 err = cmd_status(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
04124681 3334 MGMT_STATUS_INVALID_PARAMS);
561aafbc
JH		 3335 goto failed;
3336 }
3337
3338 if (cp->name_known) {
3339 e->name_state = NAME_KNOWN;
3340 list_del(&e->list);
3341 } else {
3342 e->name_state = NAME_NEEDED;
a3d4e20a 3343 hci_inquiry_cache_update_resolve(hdev, e);
561aafbc
JH		 3344 }
3345
e384662b
JH		 3346 err = cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME, 0, &cp->addr,
3347 sizeof(cp->addr));
561aafbc
JH		 3348
3349failed:
3350 hci_dev_unlock(hdev);
561aafbc
JH		 3351 return err;
3352}
3353
bdb6d971 3354static int block_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3355 u16 len)
7fbec224 3356{
650f726d 3357 struct mgmt_cp_block_device *cp = data;
f0eeea8b 3358 u8 status;
7fbec224
AJ		 3359 int err;
3360
bdb6d971 3361 BT_DBG("%s", hdev->name);
7fbec224 3362
4ee71b20 3363 if (!bdaddr_type_is_valid(cp->addr.type))
5d0846d4
JH		 3364 return cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE,
3365 MGMT_STATUS_INVALID_PARAMS,
3366 &cp->addr, sizeof(cp->addr));
4ee71b20 3367
09fd0de5 3368 hci_dev_lock(hdev);
5e762444 3369
88c1fe4b 3370 err = hci_blacklist_add(hdev, &cp->addr.bdaddr, cp->addr.type);
7fbec224 3371 if (err < 0)
f0eeea8b 3372 status = MGMT_STATUS_FAILED;
7fbec224 3373 else
a6785be2 3374 status = MGMT_STATUS_SUCCESS;
f0eeea8b 3375
bdb6d971 3376 err = cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE, status,
04124681 3377 &cp->addr, sizeof(cp->addr));
5e762444 3378
09fd0de5 3379 hci_dev_unlock(hdev);
7fbec224
AJ		 3380
3381 return err;
3382}
3383
bdb6d971 3384static int unblock_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3385 u16 len)
7fbec224 3386{
650f726d 3387 struct mgmt_cp_unblock_device *cp = data;
f0eeea8b 3388 u8 status;
7fbec224
AJ		 3389 int err;
3390
bdb6d971 3391 BT_DBG("%s", hdev->name);
7fbec224 3392
4ee71b20 3393 if (!bdaddr_type_is_valid(cp->addr.type))
5d0846d4
JH		 3394 return cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE,
3395 MGMT_STATUS_INVALID_PARAMS,
3396 &cp->addr, sizeof(cp->addr));
4ee71b20 3397
09fd0de5 3398 hci_dev_lock(hdev);
5e762444 3399
88c1fe4b 3400 err = hci_blacklist_del(hdev, &cp->addr.bdaddr, cp->addr.type);
7fbec224 3401 if (err < 0)
f0eeea8b 3402 status = MGMT_STATUS_INVALID_PARAMS;
7fbec224 3403 else
a6785be2 3404 status = MGMT_STATUS_SUCCESS;
f0eeea8b 3405
bdb6d971 3406 err = cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE, status,
04124681 3407 &cp->addr, sizeof(cp->addr));
5e762444 3408
09fd0de5 3409 hci_dev_unlock(hdev);
7fbec224
AJ		 3410
3411 return err;
3412}
3413
cdbaccca
MH		 3414static int set_device_id(struct sock *sk, struct hci_dev *hdev, void *data,
3415 u16 len)
3416{
3417 struct mgmt_cp_set_device_id *cp = data;
890ea898 3418 struct hci_request req;
cdbaccca 3419 int err;
c72d4b8a 3420 __u16 source;
cdbaccca
MH		 3421
3422 BT_DBG("%s", hdev->name);
3423
c72d4b8a
SJ		 3424 source = __le16_to_cpu(cp->source);
3425
3426 if (source > 0x0002)
3427 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEVICE_ID,
3428 MGMT_STATUS_INVALID_PARAMS);
3429
cdbaccca
MH		 3430 hci_dev_lock(hdev);
3431
c72d4b8a 3432 hdev->devid_source = source;
cdbaccca
MH		 3433 hdev->devid_vendor = __le16_to_cpu(cp->vendor);
3434 hdev->devid_product = __le16_to_cpu(cp->product);
3435 hdev->devid_version = __le16_to_cpu(cp->version);
3436
3437 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEVICE_ID, 0, NULL, 0);
3438
890ea898
JH		 3439 hci_req_init(&req, hdev);
3440 update_eir(&req);
3441 hci_req_run(&req, NULL);
cdbaccca
MH		 3442
3443 hci_dev_unlock(hdev);
3444
3445 return err;
3446}
3447
4375f103
JH		 3448static void set_advertising_complete(struct hci_dev *hdev, u8 status)
3449{
3450 struct cmd_lookup match = { NULL, hdev };
3451
3452 if (status) {
3453 u8 mgmt_err = mgmt_status(status);
3454
3455 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev,
3456 cmd_status_rsp, &mgmt_err);
3457 return;
3458 }
3459
3460 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev, settings_rsp,
3461 &match);
3462
3463 new_settings(hdev, match.sk);
3464
3465 if (match.sk)
3466 sock_put(match.sk);
3467}
3468
21b5187f
MH		 3469static int set_advertising(struct sock *sk, struct hci_dev *hdev, void *data,
3470 u16 len)
4375f103
JH		 3471{
3472 struct mgmt_mode *cp = data;
3473 struct pending_cmd *cmd;
3474 struct hci_request req;
e6fe7986 3475 u8 val, enabled, status;
4375f103
JH		 3476 int err;
3477
3478 BT_DBG("request for %s", hdev->name);
3479
e6fe7986
JH		 3480 status = mgmt_le_support(hdev);
3481 if (status)
4375f103 3482 return cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
e6fe7986 3483 status);
4375f103
JH		 3484
3485 if (cp->val != 0x00 && cp->val != 0x01)
3486 return cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
3487 MGMT_STATUS_INVALID_PARAMS);
3488
3489 hci_dev_lock(hdev);
3490
3491 val = !!cp->val;
f3d3444a 3492 enabled = test_bit(HCI_ADVERTISING, &hdev->dev_flags);
4375f103 3493
f74ca9b8
JH		 3494 /* The following conditions are ones which mean that we should
3495 * not do any HCI communication but directly send a mgmt
3496 * response to user space (after toggling the flag if
3497 * necessary).
3498 */
3499 if (!hdev_is_powered(hdev) || val == enabled ||
b145edcd 3500 hci_conn_num(hdev, LE_LINK) > 0) {
4375f103
JH		 3501 bool changed = false;
3502
f3d3444a
JH		 3503 if (val != test_bit(HCI_ADVERTISING, &hdev->dev_flags)) {
3504 change_bit(HCI_ADVERTISING, &hdev->dev_flags);
4375f103
JH		 3505 changed = true;
3506 }
3507
3508 err = send_settings_rsp(sk, MGMT_OP_SET_ADVERTISING, hdev);
3509 if (err < 0)
3510 goto unlock;
3511
3512 if (changed)
3513 err = new_settings(hdev, sk);
3514
3515 goto unlock;
3516 }
3517
3518 if (mgmt_pending_find(MGMT_OP_SET_ADVERTISING, hdev) ||
3519 mgmt_pending_find(MGMT_OP_SET_LE, hdev)) {
3520 err = cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
3521 MGMT_STATUS_BUSY);
3522 goto unlock;
3523 }
3524
3525 cmd = mgmt_pending_add(sk, MGMT_OP_SET_ADVERTISING, hdev, data, len);
3526 if (!cmd) {
3527 err = -ENOMEM;
3528 goto unlock;
3529 }
3530
3531 hci_req_init(&req, hdev);
3532
bba3aa55
MH		 3533 if (val)
3534 enable_advertising(&req);
3535 else
3536 disable_advertising(&req);
4375f103
JH		 3537
3538 err = hci_req_run(&req, set_advertising_complete);
3539 if (err < 0)
3540 mgmt_pending_remove(cmd);
3541
3542unlock:
3543 hci_dev_unlock(hdev);
3544 return err;
3545}
3546
d13eafce
MH		 3547static int set_static_address(struct sock *sk, struct hci_dev *hdev,
3548 void *data, u16 len)
3549{
3550 struct mgmt_cp_set_static_address *cp = data;
3551 int err;
3552
3553 BT_DBG("%s", hdev->name);
3554
62af4443 3555 if (!lmp_le_capable(hdev))
d13eafce 3556 return cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
62af4443 3557 MGMT_STATUS_NOT_SUPPORTED);
d13eafce
MH		 3558
3559 if (hdev_is_powered(hdev))
3560 return cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
3561 MGMT_STATUS_REJECTED);
3562
3563 if (bacmp(&cp->bdaddr, BDADDR_ANY)) {
3564 if (!bacmp(&cp->bdaddr, BDADDR_NONE))
3565 return cmd_status(sk, hdev->id,
3566 MGMT_OP_SET_STATIC_ADDRESS,
3567 MGMT_STATUS_INVALID_PARAMS);
3568
3569 /* Two most significant bits shall be set */
3570 if ((cp->bdaddr.b[5] & 0xc0) != 0xc0)
3571 return cmd_status(sk, hdev->id,
3572 MGMT_OP_SET_STATIC_ADDRESS,
3573 MGMT_STATUS_INVALID_PARAMS);
3574 }
3575
3576 hci_dev_lock(hdev);
3577
3578 bacpy(&hdev->static_addr, &cp->bdaddr);
3579
3580 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS, 0, NULL, 0);
3581
3582 hci_dev_unlock(hdev);
3583
3584 return err;
3585}
3586
14b49b9a
MH		 3587static int set_scan_params(struct sock *sk, struct hci_dev *hdev,
3588 void *data, u16 len)
3589{
3590 struct mgmt_cp_set_scan_params *cp = data;
3591 __u16 interval, window;
3592 int err;
3593
3594 BT_DBG("%s", hdev->name);
3595
3596 if (!lmp_le_capable(hdev))
3597 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
3598 MGMT_STATUS_NOT_SUPPORTED);
3599
3600 interval = __le16_to_cpu(cp->interval);
3601
3602 if (interval < 0x0004 || interval > 0x4000)
3603 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
3604 MGMT_STATUS_INVALID_PARAMS);
3605
3606 window = __le16_to_cpu(cp->window);
3607
3608 if (window < 0x0004 || window > 0x4000)
3609 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
3610 MGMT_STATUS_INVALID_PARAMS);
3611
899e1075
MH		 3612 if (window > interval)
3613 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
3614 MGMT_STATUS_INVALID_PARAMS);
3615
14b49b9a
MH		 3616 hci_dev_lock(hdev);
3617
3618 hdev->le_scan_interval = interval;
3619 hdev->le_scan_window = window;
3620
3621 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS, 0, NULL, 0);
3622
3623 hci_dev_unlock(hdev);
3624
3625 return err;
3626}
3627
33e38b3e
JH		 3628static void fast_connectable_complete(struct hci_dev *hdev, u8 status)
3629{
3630 struct pending_cmd *cmd;
3631
3632 BT_DBG("status 0x%02x", status);
3633
3634 hci_dev_lock(hdev);
3635
3636 cmd = mgmt_pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev);
3637 if (!cmd)
3638 goto unlock;
3639
3640 if (status) {
3641 cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
3642 mgmt_status(status));
3643 } else {
1a4d3c4b
JH		 3644 struct mgmt_mode *cp = cmd->param;
3645
3646 if (cp->val)
3647 set_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
3648 else
3649 clear_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
3650
33e38b3e
JH		 3651 send_settings_rsp(cmd->sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev);
3652 new_settings(hdev, cmd->sk);
3653 }
3654
3655 mgmt_pending_remove(cmd);
3656
3657unlock:
3658 hci_dev_unlock(hdev);
3659}
3660
bdb6d971 3661static int set_fast_connectable(struct sock *sk, struct hci_dev *hdev,
04124681 3662 void *data, u16 len)
f6422ec6 3663{
650f726d 3664 struct mgmt_mode *cp = data;
33e38b3e
JH		 3665 struct pending_cmd *cmd;
3666 struct hci_request req;
f6422ec6
AJ		 3667 int err;
3668
bdb6d971 3669 BT_DBG("%s", hdev->name);
f6422ec6 3670
56f87901
JH		 3671 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags) ||
3672 hdev->hci_ver < BLUETOOTH_VER_1_2)
33c525c0
JH		 3673 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
3674 MGMT_STATUS_NOT_SUPPORTED);
3675
a7e80f25
JH		 3676 if (cp->val != 0x00 && cp->val != 0x01)
3677 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
3678 MGMT_STATUS_INVALID_PARAMS);
3679
5400c044 3680 if (!hdev_is_powered(hdev))
bdb6d971 3681 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
04124681 3682 MGMT_STATUS_NOT_POWERED);
5400c044
JH		 3683
3684 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
bdb6d971 3685 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
04124681 3686 MGMT_STATUS_REJECTED);
f6422ec6
AJ		 3687
3688 hci_dev_lock(hdev);
3689
05cbf29f
JH		 3690 if (mgmt_pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev)) {
3691 err = cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
3692 MGMT_STATUS_BUSY);
3693 goto unlock;
3694 }
3695
1a4d3c4b
JH		 3696 if (!!cp->val == test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags)) {
3697 err = send_settings_rsp(sk, MGMT_OP_SET_FAST_CONNECTABLE,
3698 hdev);
3699 goto unlock;
3700 }
3701
33e38b3e
JH		 3702 cmd = mgmt_pending_add(sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev,
3703 data, len);
3704 if (!cmd) {
3705 err = -ENOMEM;
3706 goto unlock;
f6422ec6
AJ		 3707 }
3708
33e38b3e
JH		 3709 hci_req_init(&req, hdev);
3710
406d7804 3711 write_fast_connectable(&req, cp->val);
33e38b3e
JH		 3712
3713 err = hci_req_run(&req, fast_connectable_complete);
f6422ec6 3714 if (err < 0) {
bdb6d971 3715 err = cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
04124681 3716 MGMT_STATUS_FAILED);
33e38b3e 3717 mgmt_pending_remove(cmd);
f6422ec6
AJ		 3718 }
3719
33e38b3e 3720unlock:
f6422ec6 3721 hci_dev_unlock(hdev);
33e38b3e 3722
f6422ec6
AJ		 3723 return err;
3724}
3725
67e5a7a3
JH		 3726static void set_bredr_scan(struct hci_request *req)
3727{
3728 struct hci_dev *hdev = req->hdev;
3729 u8 scan = 0;
3730
3731 /* Ensure that fast connectable is disabled. This function will
3732 * not do anything if the page scan parameters are already what
3733 * they should be.
3734 */
3735 write_fast_connectable(req, false);
3736
3737 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
3738 scan |= SCAN_PAGE;
3739 if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
3740 scan |= SCAN_INQUIRY;
3741
3742 if (scan)
3743 hci_req_add(req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
3744}
3745
0663ca2a
JH		 3746static void set_bredr_complete(struct hci_dev *hdev, u8 status)
3747{
3748 struct pending_cmd *cmd;
3749
3750 BT_DBG("status 0x%02x", status);
3751
3752 hci_dev_lock(hdev);
3753
3754 cmd = mgmt_pending_find(MGMT_OP_SET_BREDR, hdev);
3755 if (!cmd)
3756 goto unlock;
3757
3758 if (status) {
3759 u8 mgmt_err = mgmt_status(status);
3760
3761 /* We need to restore the flag if related HCI commands
3762 * failed.
3763 */
3764 clear_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
3765
3766 cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
3767 } else {
3768 send_settings_rsp(cmd->sk, MGMT_OP_SET_BREDR, hdev);
3769 new_settings(hdev, cmd->sk);
3770 }
3771
3772 mgmt_pending_remove(cmd);
3773
3774unlock:
3775 hci_dev_unlock(hdev);
3776}
3777
3778static int set_bredr(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
3779{
3780 struct mgmt_mode *cp = data;
3781 struct pending_cmd *cmd;
3782 struct hci_request req;
3783 int err;
3784
3785 BT_DBG("request for %s", hdev->name);
3786
3787 if (!lmp_bredr_capable(hdev) || !lmp_le_capable(hdev))
3788 return cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
3789 MGMT_STATUS_NOT_SUPPORTED);
3790
3791 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
3792 return cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
3793 MGMT_STATUS_REJECTED);
3794
3795 if (cp->val != 0x00 && cp->val != 0x01)
3796 return cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
3797 MGMT_STATUS_INVALID_PARAMS);
3798
3799 hci_dev_lock(hdev);
3800
3801 if (cp->val == test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
3802 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
3803 goto unlock;
3804 }
3805
3806 if (!hdev_is_powered(hdev)) {
3807 if (!cp->val) {
0663ca2a
JH		 3808 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
3809 clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
3810 clear_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
3811 clear_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
3812 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
3813 }
3814
3815 change_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
3816
3817 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
3818 if (err < 0)
3819 goto unlock;
3820
3821 err = new_settings(hdev, sk);
3822 goto unlock;
3823 }
3824
3825 /* Reject disabling when powered on */
3826 if (!cp->val) {
3827 err = cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
3828 MGMT_STATUS_REJECTED);
3829 goto unlock;
3830 }
3831
3832 if (mgmt_pending_find(MGMT_OP_SET_BREDR, hdev)) {
3833 err = cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
3834 MGMT_STATUS_BUSY);
3835 goto unlock;
3836 }
3837
3838 cmd = mgmt_pending_add(sk, MGMT_OP_SET_BREDR, hdev, data, len);
3839 if (!cmd) {
3840 err = -ENOMEM;
3841 goto unlock;
3842 }
3843
441ad2d0 3844 /* We need to flip the bit already here so that update_ad
0663ca2a
JH		 3845 * generates the correct flags.
3846 */
3847 set_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
3848
3849 hci_req_init(&req, hdev);
aa8af46e
JH		 3850
3851 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
3852 set_bredr_scan(&req);
3853
441ad2d0 3854 update_ad(&req);
aa8af46e 3855
0663ca2a
JH		 3856 err = hci_req_run(&req, set_bredr_complete);
3857 if (err < 0)
3858 mgmt_pending_remove(cmd);
3859
3860unlock:
3861 hci_dev_unlock(hdev);
3862 return err;
3863}
3864
3f706b72
JH		 3865static bool ltk_is_valid(struct mgmt_ltk_info *key)
3866{
44b20d33
JH		 3867 if (key->authenticated != 0x00 && key->authenticated != 0x01)
3868 return false;
3f706b72
JH		 3869 if (key->master != 0x00 && key->master != 0x01)
3870 return false;
4ee71b20
JH		 3871 if (!bdaddr_type_is_le(key->addr.type))
3872 return false;
3f706b72
JH		 3873 return true;
3874}
3875
bdb6d971 3876static int load_long_term_keys(struct sock *sk, struct hci_dev *hdev,
04124681 3877 void *cp_data, u16 len)
346af67b 3878{
346af67b
VCG		 3879 struct mgmt_cp_load_long_term_keys *cp = cp_data;
3880 u16 key_count, expected_len;
715a5bf2 3881 int i, err;
346af67b 3882
cf99ba13
MH		 3883 BT_DBG("request for %s", hdev->name);
3884
3885 if (!lmp_le_capable(hdev))
3886 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
3887 MGMT_STATUS_NOT_SUPPORTED);
3888
1f350c87 3889 key_count = __le16_to_cpu(cp->key_count);
346af67b
VCG		 3890
3891 expected_len = sizeof(*cp) + key_count *
3892 sizeof(struct mgmt_ltk_info);
3893 if (expected_len != len) {
3894 BT_ERR("load_keys: expected %u bytes, got %u bytes",
8ce8e2b5 3895 len, expected_len);
bdb6d971 3896 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
e57e619f 3897 MGMT_STATUS_INVALID_PARAMS);
346af67b
VCG		 3898 }
3899
bdb6d971 3900 BT_DBG("%s key_count %u", hdev->name, key_count);
346af67b 3901
54ad6d8a
JH		 3902 for (i = 0; i < key_count; i++) {
3903 struct mgmt_ltk_info *key = &cp->keys[i];
3904
3f706b72 3905 if (!ltk_is_valid(key))
54ad6d8a
JH		 3906 return cmd_status(sk, hdev->id,
3907 MGMT_OP_LOAD_LONG_TERM_KEYS,
3908 MGMT_STATUS_INVALID_PARAMS);
3909 }
3910
346af67b
VCG		 3911 hci_dev_lock(hdev);
3912
3913 hci_smp_ltks_clear(hdev);
3914
3915 for (i = 0; i < key_count; i++) {
3916 struct mgmt_ltk_info *key = &cp->keys[i];
79d95a19
MH		 3917 u8 type, addr_type;
3918
3919 if (key->addr.type == BDADDR_LE_PUBLIC)
3920 addr_type = ADDR_LE_DEV_PUBLIC;
3921 else
3922 addr_type = ADDR_LE_DEV_RANDOM;
346af67b
VCG		 3923
3924 if (key->master)
3925 type = HCI_SMP_LTK;
3926 else
3927 type = HCI_SMP_LTK_SLAVE;
3928
79d95a19 3929 hci_add_ltk(hdev, &key->addr.bdaddr, addr_type,
04124681
GP		 3930 type, 0, key->authenticated, key->val,
3931 key->enc_size, key->ediv, key->rand);
346af67b
VCG		 3932 }
3933
715a5bf2
JH		 3934 err = cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS, 0,
3935 NULL, 0);
3936
346af67b 3937 hci_dev_unlock(hdev);
346af67b 3938
715a5bf2 3939 return err;
346af67b
VCG		 3940}
3941
2e3c35ea 3942static const struct mgmt_handler {
04124681
GP		 3943 int (*func) (struct sock *sk, struct hci_dev *hdev, void *data,
3944 u16 data_len);
be22b54e
JH		 3945 bool var_len;
3946 size_t data_len;
0f4e68cf
JH		 3947} mgmt_handlers[] = {
3948 { NULL }, /* 0x0000 (no command) */
be22b54e
JH		 3949 { read_version, false, MGMT_READ_VERSION_SIZE },
3950 { read_commands, false, MGMT_READ_COMMANDS_SIZE },
3951 { read_index_list, false, MGMT_READ_INDEX_LIST_SIZE },
3952 { read_controller_info, false, MGMT_READ_INFO_SIZE },
3953 { set_powered, false, MGMT_SETTING_SIZE },
3954 { set_discoverable, false, MGMT_SET_DISCOVERABLE_SIZE },
3955 { set_connectable, false, MGMT_SETTING_SIZE },
3956 { set_fast_connectable, false, MGMT_SETTING_SIZE },
3957 { set_pairable, false, MGMT_SETTING_SIZE },
3958 { set_link_security, false, MGMT_SETTING_SIZE },
3959 { set_ssp, false, MGMT_SETTING_SIZE },
3960 { set_hs, false, MGMT_SETTING_SIZE },
3961 { set_le, false, MGMT_SETTING_SIZE },
3962 { set_dev_class, false, MGMT_SET_DEV_CLASS_SIZE },
3963 { set_local_name, false, MGMT_SET_LOCAL_NAME_SIZE },
3964 { add_uuid, false, MGMT_ADD_UUID_SIZE },
3965 { remove_uuid, false, MGMT_REMOVE_UUID_SIZE },
3966 { load_link_keys, true, MGMT_LOAD_LINK_KEYS_SIZE },
3967 { load_long_term_keys, true, MGMT_LOAD_LONG_TERM_KEYS_SIZE },
3968 { disconnect, false, MGMT_DISCONNECT_SIZE },
3969 { get_connections, false, MGMT_GET_CONNECTIONS_SIZE },
3970 { pin_code_reply, false, MGMT_PIN_CODE_REPLY_SIZE },
3971 { pin_code_neg_reply, false, MGMT_PIN_CODE_NEG_REPLY_SIZE },
3972 { set_io_capability, false, MGMT_SET_IO_CAPABILITY_SIZE },
3973 { pair_device, false, MGMT_PAIR_DEVICE_SIZE },
3974 { cancel_pair_device, false, MGMT_CANCEL_PAIR_DEVICE_SIZE },
3975 { unpair_device, false, MGMT_UNPAIR_DEVICE_SIZE },
3976 { user_confirm_reply, false, MGMT_USER_CONFIRM_REPLY_SIZE },
3977 { user_confirm_neg_reply, false, MGMT_USER_CONFIRM_NEG_REPLY_SIZE },
3978 { user_passkey_reply, false, MGMT_USER_PASSKEY_REPLY_SIZE },
3979 { user_passkey_neg_reply, false, MGMT_USER_PASSKEY_NEG_REPLY_SIZE },
3980 { read_local_oob_data, false, MGMT_READ_LOCAL_OOB_DATA_SIZE },
3981 { add_remote_oob_data, false, MGMT_ADD_REMOTE_OOB_DATA_SIZE },
3982 { remove_remote_oob_data, false, MGMT_REMOVE_REMOTE_OOB_DATA_SIZE },
3983 { start_discovery, false, MGMT_START_DISCOVERY_SIZE },
3984 { stop_discovery, false, MGMT_STOP_DISCOVERY_SIZE },
3985 { confirm_name, false, MGMT_CONFIRM_NAME_SIZE },
3986 { block_device, false, MGMT_BLOCK_DEVICE_SIZE },
3987 { unblock_device, false, MGMT_UNBLOCK_DEVICE_SIZE },
cdbaccca 3988 { set_device_id, false, MGMT_SET_DEVICE_ID_SIZE },
4375f103 3989 { set_advertising, false, MGMT_SETTING_SIZE },
0663ca2a 3990 { set_bredr, false, MGMT_SETTING_SIZE },
d13eafce 3991 { set_static_address, false, MGMT_SET_STATIC_ADDRESS_SIZE },
14b49b9a 3992 { set_scan_params, false, MGMT_SET_SCAN_PARAMS_SIZE },
0f4e68cf
JH		 3993};
3994
3995
0381101f
JH		 3996int mgmt_control(struct sock *sk, struct msghdr *msg, size_t msglen)
3997{
650f726d
VCG		 3998 void *buf;
3999 u8 *cp;
0381101f 4000 struct mgmt_hdr *hdr;
4e51eae9 4001 u16 opcode, index, len;
bdb6d971 4002 struct hci_dev *hdev = NULL;
2e3c35ea 4003 const struct mgmt_handler *handler;
0381101f
JH		 4004 int err;
4005
4006 BT_DBG("got %zu bytes", msglen);
4007
4008 if (msglen < sizeof(*hdr))
4009 return -EINVAL;
4010
e63a15ec 4011 buf = kmalloc(msglen, GFP_KERNEL);
0381101f
JH		 4012 if (!buf)
4013 return -ENOMEM;
4014
4015 if (memcpy_fromiovec(buf, msg->msg_iov, msglen)) {
4016 err = -EFAULT;
4017 goto done;
4018 }
4019
650f726d 4020 hdr = buf;
1f350c87
MH		 4021 opcode = __le16_to_cpu(hdr->opcode);
4022 index = __le16_to_cpu(hdr->index);
4023 len = __le16_to_cpu(hdr->len);
0381101f
JH		 4024
4025 if (len != msglen - sizeof(*hdr)) {
4026 err = -EINVAL;
4027 goto done;
4028 }
4029
0f4e68cf 4030 if (index != MGMT_INDEX_NONE) {
bdb6d971
JH		 4031 hdev = hci_dev_get(index);
4032 if (!hdev) {
4033 err = cmd_status(sk, index, opcode,
04124681 4034 MGMT_STATUS_INVALID_INDEX);
bdb6d971
JH		 4035 goto done;
4036 }
0736cfa8 4037
cebf4cfd
JH		 4038 if (test_bit(HCI_SETUP, &hdev->dev_flags) ||
4039 test_bit(HCI_USER_CHANNEL, &hdev->dev_flags)) {
0736cfa8
MH		 4040 err = cmd_status(sk, index, opcode,
4041 MGMT_STATUS_INVALID_INDEX);
4042 goto done;
4043 }
bdb6d971
JH		 4044 }
4045
0f4e68cf 4046 if (opcode >= ARRAY_SIZE(mgmt_handlers) ||
8ce8e2b5 4047 mgmt_handlers[opcode].func == NULL) {
0381101f 4048 BT_DBG("Unknown op %u", opcode);
ca69b795 4049 err = cmd_status(sk, index, opcode,
04124681 4050 MGMT_STATUS_UNKNOWN_COMMAND);
0f4e68cf
JH		 4051 goto done;
4052 }
4053
4054 if ((hdev && opcode < MGMT_OP_READ_INFO) ||
8ce8e2b5 4055 (!hdev && opcode >= MGMT_OP_READ_INFO)) {
0f4e68cf 4056 err = cmd_status(sk, index, opcode,
04124681 4057 MGMT_STATUS_INVALID_INDEX);
0f4e68cf 4058 goto done;
0381101f
JH		 4059 }
4060
be22b54e
JH		 4061 handler = &mgmt_handlers[opcode];
4062
4063 if ((handler->var_len && len < handler->data_len) ||
8ce8e2b5 4064 (!handler->var_len && len != handler->data_len)) {
be22b54e 4065 err = cmd_status(sk, index, opcode,
04124681 4066 MGMT_STATUS_INVALID_PARAMS);
be22b54e
JH		 4067 goto done;
4068 }
4069
0f4e68cf
JH		 4070 if (hdev)
4071 mgmt_init_hdev(sk, hdev);
4072
4073 cp = buf + sizeof(*hdr);
4074
be22b54e 4075 err = handler->func(sk, hdev, cp, len);
e41d8b4e
JH		 4076 if (err < 0)
4077 goto done;
4078
0381101f
JH		 4079 err = msglen;
4080
4081done:
bdb6d971
JH		 4082 if (hdev)
4083 hci_dev_put(hdev);
4084
0381101f
JH		 4085 kfree(buf);
4086 return err;
4087}
c71e97bf 4088
bf6b56db 4089void mgmt_index_added(struct hci_dev *hdev)
c71e97bf 4090{
1514b892 4091 if (hdev->dev_type != HCI_BREDR)
bf6b56db 4092 return;
bb4b2a9a 4093
bf6b56db 4094 mgmt_event(MGMT_EV_INDEX_ADDED, hdev, NULL, 0, NULL);
c71e97bf
JH		 4095}
4096
bf6b56db 4097void mgmt_index_removed(struct hci_dev *hdev)
c71e97bf 4098{
5f159032 4099 u8 status = MGMT_STATUS_INVALID_INDEX;
b24752fe 4100
1514b892 4101 if (hdev->dev_type != HCI_BREDR)
bf6b56db 4102 return;
bb4b2a9a 4103
744cf19e 4104 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status);
b24752fe 4105
bf6b56db 4106 mgmt_event(MGMT_EV_INDEX_REMOVED, hdev, NULL, 0, NULL);
eec8d2bc
JH		 4107}
4108
229ab39c
JH		 4109static void powered_complete(struct hci_dev *hdev, u8 status)
4110{
4111 struct cmd_lookup match = { NULL, hdev };
4112
4113 BT_DBG("status 0x%02x", status);
4114
4115 hci_dev_lock(hdev);
4116
4117 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
4118
4119 new_settings(hdev, match.sk);
4120
4121 hci_dev_unlock(hdev);
4122
4123 if (match.sk)
4124 sock_put(match.sk);
4125}
4126
70da6243 4127static int powered_update_hci(struct hci_dev *hdev)
5add6af8 4128{
890ea898 4129 struct hci_request req;
70da6243 4130 u8 link_sec;
5add6af8 4131
890ea898
JH		 4132 hci_req_init(&req, hdev);
4133
70da6243
JH		 4134 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags) &&
4135 !lmp_host_ssp_capable(hdev)) {
4136 u8 ssp = 1;
5e5282bb 4137
890ea898 4138 hci_req_add(&req, HCI_OP_WRITE_SSP_MODE, 1, &ssp);
70da6243 4139 }
5add6af8 4140
c73eee91
JH		 4141 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags) &&
4142 lmp_bredr_capable(hdev)) {
70da6243 4143 struct hci_cp_write_le_host_supported cp;
f0ff92fb 4144
70da6243
JH		 4145 cp.le = 1;
4146 cp.simul = lmp_le_br_capable(hdev);
3d1cbdd6 4147
70da6243
JH		 4148 /* Check first if we already have the right
4149 * host state (host features set)
4150 */
4151 if (cp.le != lmp_host_le_capable(hdev) ||
4152 cp.simul != lmp_host_le_br_capable(hdev))
890ea898
JH		 4153 hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED,
4154 sizeof(cp), &cp);
70da6243 4155 }
3d1cbdd6 4156
d13eafce
MH		 4157 if (lmp_le_capable(hdev)) {
4158 /* Set random address to static address if configured */
4159 if (bacmp(&hdev->static_addr, BDADDR_ANY))
4160 hci_req_add(&req, HCI_OP_LE_SET_RANDOM_ADDR, 6,
4161 &hdev->static_addr);
eeca6f89 4162
441ad2d0
MH		 4163 /* Make sure the controller has a good default for
4164 * advertising data. This also applies to the case
4165 * where BR/EDR was toggled during the AUTO_OFF phase.
4166 */
4167 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
4168 update_ad(&req);
4169
bba3aa55
MH		 4170 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags))
4171 enable_advertising(&req);
eeca6f89
JH		 4172 }
4173
70da6243
JH		 4174 link_sec = test_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
4175 if (link_sec != test_bit(HCI_AUTH, &hdev->flags))
890ea898
JH		 4176 hci_req_add(&req, HCI_OP_WRITE_AUTH_ENABLE,
4177 sizeof(link_sec), &link_sec);
562fcc24 4178
70da6243 4179 if (lmp_bredr_capable(hdev)) {
56f87901
JH		 4180 if (test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
4181 set_bredr_scan(&req);
890ea898 4182 update_class(&req);
13928971 4183 update_name(&req);
890ea898 4184 update_eir(&req);
70da6243 4185 }
562fcc24 4186
229ab39c 4187 return hci_req_run(&req, powered_complete);
70da6243 4188}
562fcc24 4189
70da6243
JH		 4190int mgmt_powered(struct hci_dev *hdev, u8 powered)
4191{
4192 struct cmd_lookup match = { NULL, hdev };
229ab39c
JH		 4193 u8 status_not_powered = MGMT_STATUS_NOT_POWERED;
4194 u8 zero_cod[] = { 0, 0, 0 };
70da6243 4195 int err;
f0ff92fb 4196
70da6243
JH		 4197 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
4198 return 0;
4199
70da6243 4200 if (powered) {
229ab39c
JH		 4201 if (powered_update_hci(hdev) == 0)
4202 return 0;
fe038884 4203
229ab39c
JH		 4204 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp,
4205 &match);
4206 goto new_settings;
b24752fe
JH		 4207 }
4208
229ab39c
JH		 4209 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
4210 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status_not_powered);
4211
4212 if (memcmp(hdev->dev_class, zero_cod, sizeof(zero_cod)) != 0)
4213 mgmt_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev,
4214 zero_cod, sizeof(zero_cod), NULL);
4215
4216new_settings:
beadb2bd 4217 err = new_settings(hdev, match.sk);
eec8d2bc
JH		 4218
4219 if (match.sk)
4220 sock_put(match.sk);
4221
7bb895d6 4222 return err;
5add6af8 4223}
73f22f62 4224
3eec705e 4225void mgmt_set_powered_failed(struct hci_dev *hdev, int err)
96570ffc
JH		 4226{
4227 struct pending_cmd *cmd;
4228 u8 status;
4229
4230 cmd = mgmt_pending_find(MGMT_OP_SET_POWERED, hdev);
4231 if (!cmd)
3eec705e 4232 return;
96570ffc
JH		 4233
4234 if (err == -ERFKILL)
4235 status = MGMT_STATUS_RFKILLED;
4236 else
4237 status = MGMT_STATUS_FAILED;
4238
3eec705e 4239 cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_POWERED, status);
96570ffc
JH		 4240
4241 mgmt_pending_remove(cmd);
96570ffc
JH		 4242}
4243
86a75645 4244void mgmt_discoverable(struct hci_dev *hdev, u8 discoverable)
73f22f62 4245{
86a75645 4246 bool changed;
73f22f62 4247
bfaf8c9f
JH		 4248 /* Nothing needed here if there's a pending command since that
4249 * commands request completion callback takes care of everything
4250 * necessary.
4251 */
4252 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev))
86a75645 4253 return;
bfaf8c9f 4254
86a75645
MH		 4255 if (discoverable)
4256 changed = !test_and_set_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
4257 else
4258 changed = test_and_clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
73f22f62 4259
beadb2bd 4260 if (changed)
86a75645 4261 new_settings(hdev, NULL);
73f22f62 4262}
9fbcbb45 4263
a330916c 4264void mgmt_connectable(struct hci_dev *hdev, u8 connectable)
9fbcbb45 4265{
a330916c 4266 bool changed;
9fbcbb45 4267
d7b856f9
JH		 4268 /* Nothing needed here if there's a pending command since that
4269 * commands request completion callback takes care of everything
4270 * necessary.
4271 */
4272 if (mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev))
a330916c 4273 return;
d7b856f9 4274
a330916c
MH		 4275 if (connectable)
4276 changed = !test_and_set_bit(HCI_CONNECTABLE, &hdev->dev_flags);
4277 else
4278 changed = test_and_clear_bit(HCI_CONNECTABLE, &hdev->dev_flags);
9fbcbb45 4279
beadb2bd 4280 if (changed)
a330916c 4281 new_settings(hdev, NULL);
9fbcbb45 4282}
55ed8ca1 4283
4796e8af 4284void mgmt_write_scan_failed(struct hci_dev *hdev, u8 scan, u8 status)
2d7cee58 4285{
ca69b795
JH		 4286 u8 mgmt_err = mgmt_status(status);
4287
2d7cee58 4288 if (scan & SCAN_PAGE)
744cf19e 4289 mgmt_pending_foreach(MGMT_OP_SET_CONNECTABLE, hdev,
04124681 4290 cmd_status_rsp, &mgmt_err);
2d7cee58
JH		 4291
4292 if (scan & SCAN_INQUIRY)
744cf19e 4293 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, hdev,
04124681 4294 cmd_status_rsp, &mgmt_err);
2d7cee58
JH		 4295}
4296
53168e5b
CC		 4297int mgmt_new_link_key(struct hci_dev *hdev, struct link_key *key,
4298 bool persistent)
55ed8ca1 4299{
86742e1e 4300 struct mgmt_ev_new_link_key ev;
55ed8ca1 4301
a492cd52 4302 memset(&ev, 0, sizeof(ev));
55ed8ca1 4303
a492cd52 4304 ev.store_hint = persistent;
d753fdc4 4305 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
591f47f3 4306 ev.key.addr.type = BDADDR_BREDR;
a492cd52 4307 ev.key.type = key->type;
9b3b4460 4308 memcpy(ev.key.val, key->val, HCI_LINK_KEY_SIZE);
a492cd52 4309 ev.key.pin_len = key->pin_len;
55ed8ca1 4310
744cf19e 4311 return mgmt_event(MGMT_EV_NEW_LINK_KEY, hdev, &ev, sizeof(ev), NULL);
55ed8ca1 4312}
f7520543 4313
346af67b
VCG		 4314int mgmt_new_ltk(struct hci_dev *hdev, struct smp_ltk *key, u8 persistent)
4315{
4316 struct mgmt_ev_new_long_term_key ev;
4317
4318 memset(&ev, 0, sizeof(ev));
4319
4320 ev.store_hint = persistent;
4321 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
57c1477c 4322 ev.key.addr.type = link_to_bdaddr(LE_LINK, key->bdaddr_type);
346af67b
VCG		 4323 ev.key.authenticated = key->authenticated;
4324 ev.key.enc_size = key->enc_size;
4325 ev.key.ediv = key->ediv;
4326
4327 if (key->type == HCI_SMP_LTK)
4328 ev.key.master = 1;
4329
4330 memcpy(ev.key.rand, key->rand, sizeof(key->rand));
4331 memcpy(ev.key.val, key->val, sizeof(key->val));
4332
04124681
GP		 4333 return mgmt_event(MGMT_EV_NEW_LONG_TERM_KEY, hdev, &ev, sizeof(ev),
4334 NULL);
346af67b
VCG		 4335}
4336
ecd90ae7
MH		 4337void mgmt_device_connected(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
4338 u8 addr_type, u32 flags, u8 *name, u8 name_len,
4339 u8 *dev_class)
f7520543 4340{
b644ba33
JH		 4341 char buf[512];
4342 struct mgmt_ev_device_connected *ev = (void *) buf;
4343 u16 eir_len = 0;
f7520543 4344
b644ba33 4345 bacpy(&ev->addr.bdaddr, bdaddr);
57c1477c 4346 ev->addr.type = link_to_bdaddr(link_type, addr_type);
f7520543 4347
c95f0ba7 4348 ev->flags = __cpu_to_le32(flags);
08c79b61 4349
b644ba33
JH		 4350 if (name_len > 0)
4351 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE,
04124681 4352 name, name_len);
b644ba33
JH		 4353
4354 if (dev_class && memcmp(dev_class, "\0\0\0", 3) != 0)
53156385 4355 eir_len = eir_append_data(ev->eir, eir_len,
04124681 4356 EIR_CLASS_OF_DEV, dev_class, 3);
b644ba33 4357
eb55ef07 4358 ev->eir_len = cpu_to_le16(eir_len);
b644ba33 4359
ecd90ae7
MH		 4360 mgmt_event(MGMT_EV_DEVICE_CONNECTED, hdev, buf,
4361 sizeof(*ev) + eir_len, NULL);
f7520543
JH		 4362}
4363
8962ee74
JH		 4364static void disconnect_rsp(struct pending_cmd *cmd, void *data)
4365{
c68fb7ff 4366 struct mgmt_cp_disconnect *cp = cmd->param;
8962ee74 4367 struct sock **sk = data;
a38528f1 4368 struct mgmt_rp_disconnect rp;
8962ee74 4369
88c3df13
JH		 4370 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
4371 rp.addr.type = cp->addr.type;
8962ee74 4372
aee9b218 4373 cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT, 0, &rp,
04124681 4374 sizeof(rp));
8962ee74
JH		 4375
4376 *sk = cmd->sk;
4377 sock_hold(*sk);
4378
a664b5bc 4379 mgmt_pending_remove(cmd);
8962ee74
JH		 4380}
4381
124f6e35 4382static void unpair_device_rsp(struct pending_cmd *cmd, void *data)
a8a1d19e 4383{
b1078ad0 4384 struct hci_dev *hdev = data;
124f6e35
JH		 4385 struct mgmt_cp_unpair_device *cp = cmd->param;
4386 struct mgmt_rp_unpair_device rp;
a8a1d19e
JH		 4387
4388 memset(&rp, 0, sizeof(rp));
124f6e35
JH		 4389 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
4390 rp.addr.type = cp->addr.type;
a8a1d19e 4391
b1078ad0
JH		 4392 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, cmd->sk);
4393
aee9b218 4394 cmd_complete(cmd->sk, cmd->index, cmd->opcode, 0, &rp, sizeof(rp));
a8a1d19e
JH		 4395
4396 mgmt_pending_remove(cmd);
4397}
4398
9b80ec5e
MH		 4399void mgmt_device_disconnected(struct hci_dev *hdev, bdaddr_t *bdaddr,
4400 u8 link_type, u8 addr_type, u8 reason)
f7520543 4401{
f0d6a0ea 4402 struct mgmt_ev_device_disconnected ev;
8962ee74 4403 struct sock *sk = NULL;
8962ee74 4404
744cf19e 4405 mgmt_pending_foreach(MGMT_OP_DISCONNECT, hdev, disconnect_rsp, &sk);
f7520543 4406
f0d6a0ea
MA		 4407 bacpy(&ev.addr.bdaddr, bdaddr);
4408 ev.addr.type = link_to_bdaddr(link_type, addr_type);
4409 ev.reason = reason;
f7520543 4410
9b80ec5e 4411 mgmt_event(MGMT_EV_DEVICE_DISCONNECTED, hdev, &ev, sizeof(ev), sk);
8962ee74
JH		 4412
4413 if (sk)
d97dcb66 4414 sock_put(sk);
8962ee74 4415
124f6e35 4416 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
04124681 4417 hdev);
8962ee74
JH		 4418}
4419
7892924c
MH		 4420void mgmt_disconnect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr,
4421 u8 link_type, u8 addr_type, u8 status)
8962ee74 4422{
88c3df13 4423 struct mgmt_rp_disconnect rp;
8962ee74 4424 struct pending_cmd *cmd;
8962ee74 4425
36a75f1b
JD		 4426 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
4427 hdev);
4428
2e58ef3e 4429 cmd = mgmt_pending_find(MGMT_OP_DISCONNECT, hdev);
8962ee74 4430 if (!cmd)
7892924c 4431 return;
8962ee74 4432
88c3df13 4433 bacpy(&rp.addr.bdaddr, bdaddr);
57c1477c 4434 rp.addr.type = link_to_bdaddr(link_type, addr_type);
37d9ef76 4435
7892924c
MH		 4436 cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT,
4437 mgmt_status(status), &rp, sizeof(rp));
8962ee74 4438
a664b5bc 4439 mgmt_pending_remove(cmd);
f7520543 4440}
17d5c04c 4441
445608d0
MH		 4442void mgmt_connect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
4443 u8 addr_type, u8 status)
17d5c04c
JH		 4444{
4445 struct mgmt_ev_connect_failed ev;
4446
4c659c39 4447 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 4448 ev.addr.type = link_to_bdaddr(link_type, addr_type);
ca69b795 4449 ev.status = mgmt_status(status);
17d5c04c 4450
445608d0 4451 mgmt_event(MGMT_EV_CONNECT_FAILED, hdev, &ev, sizeof(ev), NULL);
17d5c04c 4452}
980e1a53 4453
744cf19e 4454int mgmt_pin_code_request(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 secure)
980e1a53
JH		 4455{
4456 struct mgmt_ev_pin_code_request ev;
4457
d8457698 4458 bacpy(&ev.addr.bdaddr, bdaddr);
591f47f3 4459 ev.addr.type = BDADDR_BREDR;
a770bb5a 4460 ev.secure = secure;
980e1a53 4461
744cf19e 4462 return mgmt_event(MGMT_EV_PIN_CODE_REQUEST, hdev, &ev, sizeof(ev),
04124681 4463 NULL);
980e1a53
JH		 4464}
4465
744cf19e 4466int mgmt_pin_code_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 4467 u8 status)
980e1a53
JH		 4468{
4469 struct pending_cmd *cmd;
ac56fb13 4470 struct mgmt_rp_pin_code_reply rp;
980e1a53
JH		 4471 int err;
4472
2e58ef3e 4473 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_REPLY, hdev);
980e1a53
JH		 4474 if (!cmd)
4475 return -ENOENT;
4476
d8457698 4477 bacpy(&rp.addr.bdaddr, bdaddr);
591f47f3 4478 rp.addr.type = BDADDR_BREDR;
ac56fb13 4479
aee9b218 4480 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
04124681 4481 mgmt_status(status), &rp, sizeof(rp));
980e1a53 4482
a664b5bc 4483 mgmt_pending_remove(cmd);
980e1a53
JH		 4484
4485 return err;
4486}
4487
744cf19e 4488int mgmt_pin_code_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 4489 u8 status)
980e1a53
JH		 4490{
4491 struct pending_cmd *cmd;
ac56fb13 4492 struct mgmt_rp_pin_code_reply rp;
980e1a53
JH		 4493 int err;
4494
2e58ef3e 4495 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_NEG_REPLY, hdev);
980e1a53
JH		 4496 if (!cmd)
4497 return -ENOENT;
4498
d8457698 4499 bacpy(&rp.addr.bdaddr, bdaddr);
591f47f3 4500 rp.addr.type = BDADDR_BREDR;
ac56fb13 4501
aee9b218 4502 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_NEG_REPLY,
04124681 4503 mgmt_status(status), &rp, sizeof(rp));
980e1a53 4504
a664b5bc 4505 mgmt_pending_remove(cmd);
980e1a53
JH		 4506
4507 return err;
4508}
a5c29683 4509
744cf19e 4510int mgmt_user_confirm_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681
GP		 4511 u8 link_type, u8 addr_type, __le32 value,
4512 u8 confirm_hint)
a5c29683
JH		 4513{
4514 struct mgmt_ev_user_confirm_request ev;
4515
744cf19e 4516 BT_DBG("%s", hdev->name);
a5c29683 4517
272d90df 4518 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 4519 ev.addr.type = link_to_bdaddr(link_type, addr_type);
55bc1a37 4520 ev.confirm_hint = confirm_hint;
78e8098e 4521 ev.value = value;
a5c29683 4522
744cf19e 4523 return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST, hdev, &ev, sizeof(ev),
04124681 4524 NULL);
a5c29683
JH		 4525}
4526
272d90df 4527int mgmt_user_passkey_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
8ce8e2b5 4528 u8 link_type, u8 addr_type)
604086b7
BG		 4529{
4530 struct mgmt_ev_user_passkey_request ev;
4531
4532 BT_DBG("%s", hdev->name);
4533
272d90df 4534 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 4535 ev.addr.type = link_to_bdaddr(link_type, addr_type);
604086b7
BG		 4536
4537 return mgmt_event(MGMT_EV_USER_PASSKEY_REQUEST, hdev, &ev, sizeof(ev),
04124681 4538 NULL);
604086b7
BG		 4539}
4540
0df4c185 4541static int user_pairing_resp_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
8ce8e2b5
GP		 4542 u8 link_type, u8 addr_type, u8 status,
4543 u8 opcode)
a5c29683
JH		 4544{
4545 struct pending_cmd *cmd;
4546 struct mgmt_rp_user_confirm_reply rp;
4547 int err;
4548
2e58ef3e 4549 cmd = mgmt_pending_find(opcode, hdev);
a5c29683
JH		 4550 if (!cmd)
4551 return -ENOENT;
4552
272d90df 4553 bacpy(&rp.addr.bdaddr, bdaddr);
57c1477c 4554 rp.addr.type = link_to_bdaddr(link_type, addr_type);
aee9b218 4555 err = cmd_complete(cmd->sk, hdev->id, opcode, mgmt_status(status),
04124681 4556 &rp, sizeof(rp));
a5c29683 4557
a664b5bc 4558 mgmt_pending_remove(cmd);
a5c29683
JH		 4559
4560 return err;
4561}
4562
744cf19e 4563int mgmt_user_confirm_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 4564 u8 link_type, u8 addr_type, u8 status)
a5c29683 4565{
272d90df 4566 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
04124681 4567 status, MGMT_OP_USER_CONFIRM_REPLY);
a5c29683
JH		 4568}
4569
272d90df 4570int mgmt_user_confirm_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 4571 u8 link_type, u8 addr_type, u8 status)
a5c29683 4572{
272d90df 4573 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
8fc9ced3
GP		 4574 status,
4575 MGMT_OP_USER_CONFIRM_NEG_REPLY);
a5c29683 4576}
2a611692 4577
604086b7 4578int mgmt_user_passkey_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 4579 u8 link_type, u8 addr_type, u8 status)
604086b7 4580{
272d90df 4581 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
04124681 4582 status, MGMT_OP_USER_PASSKEY_REPLY);
604086b7
BG		 4583}
4584
272d90df 4585int mgmt_user_passkey_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 4586 u8 link_type, u8 addr_type, u8 status)
604086b7 4587{
272d90df 4588 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
8fc9ced3
GP		 4589 status,
4590 MGMT_OP_USER_PASSKEY_NEG_REPLY);
604086b7
BG		 4591}
4592
92a25256
JH		 4593int mgmt_user_passkey_notify(struct hci_dev *hdev, bdaddr_t *bdaddr,
4594 u8 link_type, u8 addr_type, u32 passkey,
4595 u8 entered)
4596{
4597 struct mgmt_ev_passkey_notify ev;
4598
4599 BT_DBG("%s", hdev->name);
4600
4601 bacpy(&ev.addr.bdaddr, bdaddr);
4602 ev.addr.type = link_to_bdaddr(link_type, addr_type);
4603 ev.passkey = __cpu_to_le32(passkey);
4604 ev.entered = entered;
4605
4606 return mgmt_event(MGMT_EV_PASSKEY_NOTIFY, hdev, &ev, sizeof(ev), NULL);
4607}
4608
bab73cb6 4609int mgmt_auth_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
04124681 4610 u8 addr_type, u8 status)
2a611692
JH		 4611{
4612 struct mgmt_ev_auth_failed ev;
4613
bab73cb6 4614 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 4615 ev.addr.type = link_to_bdaddr(link_type, addr_type);
ca69b795 4616 ev.status = mgmt_status(status);
2a611692 4617
744cf19e 4618 return mgmt_event(MGMT_EV_AUTH_FAILED, hdev, &ev, sizeof(ev), NULL);
2a611692 4619}
b312b161 4620
33ef95ed
JH		 4621int mgmt_auth_enable_complete(struct hci_dev *hdev, u8 status)
4622{
4623 struct cmd_lookup match = { NULL, hdev };
47990ea0
JH		 4624 bool changed = false;
4625 int err = 0;
33ef95ed
JH		 4626
4627 if (status) {
4628 u8 mgmt_err = mgmt_status(status);
4629 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev,
04124681 4630 cmd_status_rsp, &mgmt_err);
33ef95ed
JH		 4631 return 0;
4632 }
4633
47990ea0
JH		 4634 if (test_bit(HCI_AUTH, &hdev->flags)) {
4635 if (!test_and_set_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
4636 changed = true;
4637 } else {
4638 if (test_and_clear_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
4639 changed = true;
4640 }
4641
33ef95ed 4642 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev, settings_rsp,
04124681 4643 &match);
33ef95ed 4644
47990ea0
JH		 4645 if (changed)
4646 err = new_settings(hdev, match.sk);
33ef95ed
JH		 4647
4648 if (match.sk)
4649 sock_put(match.sk);
4650
4651 return err;
4652}
4653
890ea898 4654static void clear_eir(struct hci_request *req)
cacaf52f 4655{
890ea898 4656 struct hci_dev *hdev = req->hdev;
cacaf52f
JH		 4657 struct hci_cp_write_eir cp;
4658
976eb20e 4659 if (!lmp_ext_inq_capable(hdev))
890ea898 4660 return;
cacaf52f 4661
c80da27e
JH		 4662 memset(hdev->eir, 0, sizeof(hdev->eir));
4663
cacaf52f
JH		 4664 memset(&cp, 0, sizeof(cp));
4665
890ea898 4666 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
cacaf52f
JH		 4667}
4668
c0ecddc2 4669int mgmt_ssp_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
ed2c4ee3
JH		 4670{
4671 struct cmd_lookup match = { NULL, hdev };
890ea898 4672 struct hci_request req;
c0ecddc2
JH		 4673 bool changed = false;
4674 int err = 0;
ed2c4ee3
JH		 4675
4676 if (status) {
4677 u8 mgmt_err = mgmt_status(status);
c0ecddc2
JH		 4678
4679 if (enable && test_and_clear_bit(HCI_SSP_ENABLED,
9ecb3e24
MH		 4680 &hdev->dev_flags)) {
4681 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
c0ecddc2 4682 err = new_settings(hdev, NULL);
9ecb3e24 4683 }
c0ecddc2 4684
04124681
GP		 4685 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, cmd_status_rsp,
4686 &mgmt_err);
c0ecddc2
JH		 4687
4688 return err;
4689 }
4690
4691 if (enable) {
9ecb3e24 4692 changed = !test_and_set_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
c0ecddc2 4693 } else {
9ecb3e24
MH		 4694 changed = test_and_clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
4695 if (!changed)
4696 changed = test_and_clear_bit(HCI_HS_ENABLED,
4697 &hdev->dev_flags);
4698 else
4699 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
ed2c4ee3
JH		 4700 }
4701
4702 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, settings_rsp, &match);
4703
c0ecddc2
JH		 4704 if (changed)
4705 err = new_settings(hdev, match.sk);
ed2c4ee3 4706
5fc6ebb1 4707 if (match.sk)
ed2c4ee3
JH		 4708 sock_put(match.sk);
4709
890ea898
JH		 4710 hci_req_init(&req, hdev);
4711
5fc6ebb1 4712 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
890ea898 4713 update_eir(&req);
5fc6ebb1 4714 else
890ea898
JH		 4715 clear_eir(&req);
4716
4717 hci_req_run(&req, NULL);
cacaf52f 4718
ed2c4ee3
JH		 4719 return err;
4720}
4721
92da6097 4722static void sk_lookup(struct pending_cmd *cmd, void *data)
90e70454
JH		 4723{
4724 struct cmd_lookup *match = data;
4725
90e70454
JH		 4726 if (match->sk == NULL) {
4727 match->sk = cmd->sk;
4728 sock_hold(match->sk);
4729 }
90e70454
JH		 4730}
4731
7f9a903c 4732int mgmt_set_class_of_dev_complete(struct hci_dev *hdev, u8 *dev_class,
04124681 4733 u8 status)
7f9a903c 4734{
90e70454
JH		 4735 struct cmd_lookup match = { NULL, hdev, mgmt_status(status) };
4736 int err = 0;
7f9a903c 4737
92da6097
JH		 4738 mgmt_pending_foreach(MGMT_OP_SET_DEV_CLASS, hdev, sk_lookup, &match);
4739 mgmt_pending_foreach(MGMT_OP_ADD_UUID, hdev, sk_lookup, &match);
4740 mgmt_pending_foreach(MGMT_OP_REMOVE_UUID, hdev, sk_lookup, &match);
90e70454
JH		 4741
4742 if (!status)
04124681
GP		 4743 err = mgmt_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev, dev_class,
4744 3, NULL);
90e70454
JH		 4745
4746 if (match.sk)
4747 sock_put(match.sk);
7f9a903c
MH		 4748
4749 return err;
4750}
4751
744cf19e 4752int mgmt_set_local_name_complete(struct hci_dev *hdev, u8 *name, u8 status)
b312b161 4753{
b312b161 4754 struct mgmt_cp_set_local_name ev;
13928971 4755 struct pending_cmd *cmd;
28cc7bde 4756
13928971
JH		 4757 if (status)
4758 return 0;
b312b161
JH		 4759
4760 memset(&ev, 0, sizeof(ev));
4761 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH);
28cc7bde 4762 memcpy(ev.short_name, hdev->short_name, HCI_MAX_SHORT_NAME_LENGTH);
b312b161 4763
2e58ef3e 4764 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
13928971
JH		 4765 if (!cmd) {
4766 memcpy(hdev->dev_name, name, sizeof(hdev->dev_name));
28cc7bde 4767
13928971
JH		 4768 /* If this is a HCI command related to powering on the
4769 * HCI dev don't send any mgmt signals.
4770 */
4771 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev))
4772 return 0;
890ea898 4773 }
b312b161 4774
13928971
JH		 4775 return mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, &ev, sizeof(ev),
4776 cmd ? cmd->sk : NULL);
b312b161 4777}
c35938b2 4778
744cf19e 4779int mgmt_read_local_oob_data_reply_complete(struct hci_dev *hdev, u8 *hash,
04124681 4780 u8 *randomizer, u8 status)
c35938b2
SJ		 4781{
4782 struct pending_cmd *cmd;
4783 int err;
4784
744cf19e 4785 BT_DBG("%s status %u", hdev->name, status);
c35938b2 4786
2e58ef3e 4787 cmd = mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev);
c35938b2
SJ		 4788 if (!cmd)
4789 return -ENOENT;
4790
4791 if (status) {
04124681
GP		 4792 err = cmd_status(cmd->sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
4793 mgmt_status(status));
c35938b2
SJ		 4794 } else {
4795 struct mgmt_rp_read_local_oob_data rp;
4796
4797 memcpy(rp.hash, hash, sizeof(rp.hash));
4798 memcpy(rp.randomizer, randomizer, sizeof(rp.randomizer));
4799
744cf19e 4800 err = cmd_complete(cmd->sk, hdev->id,
04124681
GP		 4801 MGMT_OP_READ_LOCAL_OOB_DATA, 0, &rp,
4802 sizeof(rp));
c35938b2
SJ		 4803 }
4804
4805 mgmt_pending_remove(cmd);
4806
4807 return err;
4808}
e17acd40 4809
901801b9
MH		 4810void mgmt_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
4811 u8 addr_type, u8 *dev_class, s8 rssi, u8 cfm_name, u8
4812 ssp, u8 *eir, u16 eir_len)
e17acd40 4813{
e319d2e7
JH		 4814 char buf[512];
4815 struct mgmt_ev_device_found *ev = (void *) buf;
1dc06093 4816 size_t ev_size;
e17acd40 4817
12602d0c 4818 if (!hci_discovery_active(hdev))
901801b9 4819 return;
12602d0c 4820
1dc06093
JH		 4821 /* Leave 5 bytes for a potential CoD field */
4822 if (sizeof(*ev) + eir_len + 5 > sizeof(buf))
901801b9 4823 return;
7d262f86 4824
1dc06093
JH		 4825 memset(buf, 0, sizeof(buf));
4826
e319d2e7 4827 bacpy(&ev->addr.bdaddr, bdaddr);
57c1477c 4828 ev->addr.type = link_to_bdaddr(link_type, addr_type);
e319d2e7 4829 ev->rssi = rssi;
9a395a80 4830 if (cfm_name)
612dfce9 4831 ev->flags |= __constant_cpu_to_le32(MGMT_DEV_FOUND_CONFIRM_NAME);
388fc8fa 4832 if (!ssp)
612dfce9 4833 ev->flags |= __constant_cpu_to_le32(MGMT_DEV_FOUND_LEGACY_PAIRING);
e17acd40 4834
1dc06093 4835 if (eir_len > 0)
e319d2e7 4836 memcpy(ev->eir, eir, eir_len);
e17acd40 4837
1dc06093
JH		 4838 if (dev_class && !eir_has_data_type(ev->eir, eir_len, EIR_CLASS_OF_DEV))
4839 eir_len = eir_append_data(ev->eir, eir_len, EIR_CLASS_OF_DEV,
04124681 4840 dev_class, 3);
1dc06093 4841
eb55ef07 4842 ev->eir_len = cpu_to_le16(eir_len);
1dc06093 4843 ev_size = sizeof(*ev) + eir_len;
f8523598 4844
901801b9 4845 mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, ev_size, NULL);
e17acd40 4846}
a88a9652 4847
9cf12aee
MH		 4848void mgmt_remote_name(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
4849 u8 addr_type, s8 rssi, u8 *name, u8 name_len)
a88a9652 4850{
b644ba33
JH		 4851 struct mgmt_ev_device_found *ev;
4852 char buf[sizeof(*ev) + HCI_MAX_NAME_LENGTH + 2];
4853 u16 eir_len;
a88a9652 4854
b644ba33 4855 ev = (struct mgmt_ev_device_found *) buf;
a88a9652 4856
b644ba33
JH		 4857 memset(buf, 0, sizeof(buf));
4858
4859 bacpy(&ev->addr.bdaddr, bdaddr);
57c1477c 4860 ev->addr.type = link_to_bdaddr(link_type, addr_type);
b644ba33
JH		 4861 ev->rssi = rssi;
4862
4863 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE, name,
04124681 4864 name_len);
b644ba33 4865
eb55ef07 4866 ev->eir_len = cpu_to_le16(eir_len);
a88a9652 4867
9cf12aee 4868 mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, sizeof(*ev) + eir_len, NULL);
a88a9652 4869}
314b2381 4870
2f1e063b 4871void mgmt_discovering(struct hci_dev *hdev, u8 discovering)
314b2381 4872{
f963e8e9 4873 struct mgmt_ev_discovering ev;
164a6e78
JH		 4874 struct pending_cmd *cmd;
4875
343fb145
AG		 4876 BT_DBG("%s discovering %u", hdev->name, discovering);
4877
164a6e78 4878 if (discovering)
2e58ef3e 4879 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
164a6e78 4880 else
2e58ef3e 4881 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
164a6e78
JH		 4882
4883 if (cmd != NULL) {
f808e166
JH		 4884 u8 type = hdev->discovery.type;
4885
04124681
GP		 4886 cmd_complete(cmd->sk, hdev->id, cmd->opcode, 0, &type,
4887 sizeof(type));
164a6e78
JH		 4888 mgmt_pending_remove(cmd);
4889 }
4890
f963e8e9
JH		 4891 memset(&ev, 0, sizeof(ev));
4892 ev.type = hdev->discovery.type;
4893 ev.discovering = discovering;
4894
2f1e063b 4895 mgmt_event(MGMT_EV_DISCOVERING, hdev, &ev, sizeof(ev), NULL);
314b2381 4896}
5e762444 4897
88c1fe4b 4898int mgmt_device_blocked(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
5e762444
AJ		 4899{
4900 struct pending_cmd *cmd;
4901 struct mgmt_ev_device_blocked ev;
4902
2e58ef3e 4903 cmd = mgmt_pending_find(MGMT_OP_BLOCK_DEVICE, hdev);
5e762444 4904
88c1fe4b
JH		 4905 bacpy(&ev.addr.bdaddr, bdaddr);
4906 ev.addr.type = type;
5e762444 4907
744cf19e 4908 return mgmt_event(MGMT_EV_DEVICE_BLOCKED, hdev, &ev, sizeof(ev),
04124681 4909 cmd ? cmd->sk : NULL);
5e762444
AJ		 4910}
4911
88c1fe4b 4912int mgmt_device_unblocked(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
5e762444
AJ		 4913{
4914 struct pending_cmd *cmd;
4915 struct mgmt_ev_device_unblocked ev;
4916
2e58ef3e 4917 cmd = mgmt_pending_find(MGMT_OP_UNBLOCK_DEVICE, hdev);
5e762444 4918
88c1fe4b
JH		 4919 bacpy(&ev.addr.bdaddr, bdaddr);
4920 ev.addr.type = type;
5e762444 4921
744cf19e 4922 return mgmt_event(MGMT_EV_DEVICE_UNBLOCKED, hdev, &ev, sizeof(ev),
04124681 4923 cmd ? cmd->sk : NULL);
5e762444 4924}
5976e608
MH		 4925
4926static void adv_enable_complete(struct hci_dev *hdev, u8 status)
4927{
4928 BT_DBG("%s status %u", hdev->name, status);
4929
4930 /* Clear the advertising mgmt setting if we failed to re-enable it */
4931 if (status) {
4932 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
a6d811ed 4933 new_settings(hdev, NULL);
5976e608
MH		 4934 }
4935}
4936
4937void mgmt_reenable_advertising(struct hci_dev *hdev)
4938{
4939 struct hci_request req;
4940
b145edcd 4941 if (hci_conn_num(hdev, LE_LINK) > 0)
5976e608
MH		 4942 return;
4943
4944 if (!test_bit(HCI_ADVERTISING, &hdev->dev_flags))
4945 return;
4946
4947 hci_req_init(&req, hdev);
4948 enable_advertising(&req);
4949
4950 /* If this fails we have no option but to let user space know
4951 * that we've disabled advertising.
4952 */
4953 if (hci_req_run(&req, adv_enable_complete) < 0) {
4954 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
a6d811ed 4955 new_settings(hdev, NULL);
5976e608
MH		 4956 }
4957}
Linux kernel - Deliverables
This page took 0.522106 seconds and 5 git commands to generate.