projects / deliverable / linux.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Bluetooth: Make mgmt_set_powered_failed() return void
[deliverable/linux.git] / net / bluetooth / mgmt.c
CommitLineData
0381101f
JH		 1/*
2 BlueZ - Bluetooth protocol stack for Linux
ea585ab5 3
0381101f 4 Copyright (C) 2010 Nokia Corporation
ea585ab5 5 Copyright (C) 2011-2012 Intel Corporation
0381101f
JH		 6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
10
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
23*/
24
25/* Bluetooth HCI Management interface */
26
3a9a231d 27#include <linux/module.h>
0381101f
JH		 28#include <asm/unaligned.h>
29
30#include <net/bluetooth/bluetooth.h>
31#include <net/bluetooth/hci_core.h>
32#include <net/bluetooth/mgmt.h>
5fe57d9e 33#include <net/bluetooth/smp.h>
0381101f 34
2da9c55c 35#define MGMT_VERSION 1
9ab8cf37 36#define MGMT_REVISION 4
02d98129 37
e70bb2e8
JH		 38static const u16 mgmt_commands[] = {
39 MGMT_OP_READ_INDEX_LIST,
40 MGMT_OP_READ_INFO,
41 MGMT_OP_SET_POWERED,
42 MGMT_OP_SET_DISCOVERABLE,
43 MGMT_OP_SET_CONNECTABLE,
44 MGMT_OP_SET_FAST_CONNECTABLE,
45 MGMT_OP_SET_PAIRABLE,
46 MGMT_OP_SET_LINK_SECURITY,
47 MGMT_OP_SET_SSP,
48 MGMT_OP_SET_HS,
49 MGMT_OP_SET_LE,
50 MGMT_OP_SET_DEV_CLASS,
51 MGMT_OP_SET_LOCAL_NAME,
52 MGMT_OP_ADD_UUID,
53 MGMT_OP_REMOVE_UUID,
54 MGMT_OP_LOAD_LINK_KEYS,
55 MGMT_OP_LOAD_LONG_TERM_KEYS,
56 MGMT_OP_DISCONNECT,
57 MGMT_OP_GET_CONNECTIONS,
58 MGMT_OP_PIN_CODE_REPLY,
59 MGMT_OP_PIN_CODE_NEG_REPLY,
60 MGMT_OP_SET_IO_CAPABILITY,
61 MGMT_OP_PAIR_DEVICE,
62 MGMT_OP_CANCEL_PAIR_DEVICE,
63 MGMT_OP_UNPAIR_DEVICE,
64 MGMT_OP_USER_CONFIRM_REPLY,
65 MGMT_OP_USER_CONFIRM_NEG_REPLY,
66 MGMT_OP_USER_PASSKEY_REPLY,
67 MGMT_OP_USER_PASSKEY_NEG_REPLY,
68 MGMT_OP_READ_LOCAL_OOB_DATA,
69 MGMT_OP_ADD_REMOTE_OOB_DATA,
70 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
71 MGMT_OP_START_DISCOVERY,
72 MGMT_OP_STOP_DISCOVERY,
73 MGMT_OP_CONFIRM_NAME,
74 MGMT_OP_BLOCK_DEVICE,
75 MGMT_OP_UNBLOCK_DEVICE,
cdbaccca 76 MGMT_OP_SET_DEVICE_ID,
4375f103 77 MGMT_OP_SET_ADVERTISING,
0663ca2a 78 MGMT_OP_SET_BREDR,
d13eafce 79 MGMT_OP_SET_STATIC_ADDRESS,
e70bb2e8
JH		 80};
81
82static const u16 mgmt_events[] = {
83 MGMT_EV_CONTROLLER_ERROR,
84 MGMT_EV_INDEX_ADDED,
85 MGMT_EV_INDEX_REMOVED,
86 MGMT_EV_NEW_SETTINGS,
87 MGMT_EV_CLASS_OF_DEV_CHANGED,
88 MGMT_EV_LOCAL_NAME_CHANGED,
89 MGMT_EV_NEW_LINK_KEY,
90 MGMT_EV_NEW_LONG_TERM_KEY,
91 MGMT_EV_DEVICE_CONNECTED,
92 MGMT_EV_DEVICE_DISCONNECTED,
93 MGMT_EV_CONNECT_FAILED,
94 MGMT_EV_PIN_CODE_REQUEST,
95 MGMT_EV_USER_CONFIRM_REQUEST,
96 MGMT_EV_USER_PASSKEY_REQUEST,
97 MGMT_EV_AUTH_FAILED,
98 MGMT_EV_DEVICE_FOUND,
99 MGMT_EV_DISCOVERING,
100 MGMT_EV_DEVICE_BLOCKED,
101 MGMT_EV_DEVICE_UNBLOCKED,
102 MGMT_EV_DEVICE_UNPAIRED,
92a25256 103 MGMT_EV_PASSKEY_NOTIFY,
e70bb2e8
JH		 104};
105
17b02e62 106#define CACHE_TIMEOUT msecs_to_jiffies(2 * 1000)
7d78525d 107
4b34ee78
JH		 108#define hdev_is_powered(hdev) (test_bit(HCI_UP, &hdev->flags) && \
109 !test_bit(HCI_AUTO_OFF, &hdev->dev_flags))
110
eec8d2bc
JH		 111struct pending_cmd {
112 struct list_head list;
fc2f4b13 113 u16 opcode;
eec8d2bc 114 int index;
c68fb7ff 115 void *param;
eec8d2bc 116 struct sock *sk;
e9a416b5 117 void *user_data;
eec8d2bc
JH		 118};
119
ca69b795
JH		 120/* HCI to MGMT error code conversion table */
121static u8 mgmt_status_table[] = {
122 MGMT_STATUS_SUCCESS,
123 MGMT_STATUS_UNKNOWN_COMMAND, /* Unknown Command */
124 MGMT_STATUS_NOT_CONNECTED, /* No Connection */
125 MGMT_STATUS_FAILED, /* Hardware Failure */
126 MGMT_STATUS_CONNECT_FAILED, /* Page Timeout */
127 MGMT_STATUS_AUTH_FAILED, /* Authentication Failed */
128 MGMT_STATUS_NOT_PAIRED, /* PIN or Key Missing */
129 MGMT_STATUS_NO_RESOURCES, /* Memory Full */
130 MGMT_STATUS_TIMEOUT, /* Connection Timeout */
131 MGMT_STATUS_NO_RESOURCES, /* Max Number of Connections */
132 MGMT_STATUS_NO_RESOURCES, /* Max Number of SCO Connections */
133 MGMT_STATUS_ALREADY_CONNECTED, /* ACL Connection Exists */
134 MGMT_STATUS_BUSY, /* Command Disallowed */
135 MGMT_STATUS_NO_RESOURCES, /* Rejected Limited Resources */
136 MGMT_STATUS_REJECTED, /* Rejected Security */
137 MGMT_STATUS_REJECTED, /* Rejected Personal */
138 MGMT_STATUS_TIMEOUT, /* Host Timeout */
139 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Feature */
140 MGMT_STATUS_INVALID_PARAMS, /* Invalid Parameters */
141 MGMT_STATUS_DISCONNECTED, /* OE User Ended Connection */
142 MGMT_STATUS_NO_RESOURCES, /* OE Low Resources */
143 MGMT_STATUS_DISCONNECTED, /* OE Power Off */
144 MGMT_STATUS_DISCONNECTED, /* Connection Terminated */
145 MGMT_STATUS_BUSY, /* Repeated Attempts */
146 MGMT_STATUS_REJECTED, /* Pairing Not Allowed */
147 MGMT_STATUS_FAILED, /* Unknown LMP PDU */
148 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Remote Feature */
149 MGMT_STATUS_REJECTED, /* SCO Offset Rejected */
150 MGMT_STATUS_REJECTED, /* SCO Interval Rejected */
151 MGMT_STATUS_REJECTED, /* Air Mode Rejected */
152 MGMT_STATUS_INVALID_PARAMS, /* Invalid LMP Parameters */
153 MGMT_STATUS_FAILED, /* Unspecified Error */
154 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported LMP Parameter Value */
155 MGMT_STATUS_FAILED, /* Role Change Not Allowed */
156 MGMT_STATUS_TIMEOUT, /* LMP Response Timeout */
157 MGMT_STATUS_FAILED, /* LMP Error Transaction Collision */
158 MGMT_STATUS_FAILED, /* LMP PDU Not Allowed */
159 MGMT_STATUS_REJECTED, /* Encryption Mode Not Accepted */
160 MGMT_STATUS_FAILED, /* Unit Link Key Used */
161 MGMT_STATUS_NOT_SUPPORTED, /* QoS Not Supported */
162 MGMT_STATUS_TIMEOUT, /* Instant Passed */
163 MGMT_STATUS_NOT_SUPPORTED, /* Pairing Not Supported */
164 MGMT_STATUS_FAILED, /* Transaction Collision */
165 MGMT_STATUS_INVALID_PARAMS, /* Unacceptable Parameter */
166 MGMT_STATUS_REJECTED, /* QoS Rejected */
167 MGMT_STATUS_NOT_SUPPORTED, /* Classification Not Supported */
168 MGMT_STATUS_REJECTED, /* Insufficient Security */
169 MGMT_STATUS_INVALID_PARAMS, /* Parameter Out Of Range */
170 MGMT_STATUS_BUSY, /* Role Switch Pending */
171 MGMT_STATUS_FAILED, /* Slot Violation */
172 MGMT_STATUS_FAILED, /* Role Switch Failed */
173 MGMT_STATUS_INVALID_PARAMS, /* EIR Too Large */
174 MGMT_STATUS_NOT_SUPPORTED, /* Simple Pairing Not Supported */
175 MGMT_STATUS_BUSY, /* Host Busy Pairing */
176 MGMT_STATUS_REJECTED, /* Rejected, No Suitable Channel */
177 MGMT_STATUS_BUSY, /* Controller Busy */
178 MGMT_STATUS_INVALID_PARAMS, /* Unsuitable Connection Interval */
179 MGMT_STATUS_TIMEOUT, /* Directed Advertising Timeout */
180 MGMT_STATUS_AUTH_FAILED, /* Terminated Due to MIC Failure */
181 MGMT_STATUS_CONNECT_FAILED, /* Connection Establishment Failed */
182 MGMT_STATUS_CONNECT_FAILED, /* MAC Connection Failed */
183};
184
185static u8 mgmt_status(u8 hci_status)
186{
187 if (hci_status < ARRAY_SIZE(mgmt_status_table))
188 return mgmt_status_table[hci_status];
189
190 return MGMT_STATUS_FAILED;
191}
192
4e51eae9 193static int cmd_status(struct sock *sk, u16 index, u16 cmd, u8 status)
f7b64e69
JH		 194{
195 struct sk_buff *skb;
196 struct mgmt_hdr *hdr;
197 struct mgmt_ev_cmd_status *ev;
56b7d137 198 int err;
f7b64e69 199
34eb525c 200 BT_DBG("sock %p, index %u, cmd %u, status %u", sk, index, cmd, status);
f7b64e69 201
790eff44 202 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev), GFP_KERNEL);
f7b64e69
JH		 203 if (!skb)
204 return -ENOMEM;
205
206 hdr = (void *) skb_put(skb, sizeof(*hdr));
207
612dfce9 208 hdr->opcode = __constant_cpu_to_le16(MGMT_EV_CMD_STATUS);
4e51eae9 209 hdr->index = cpu_to_le16(index);
f7b64e69
JH		 210 hdr->len = cpu_to_le16(sizeof(*ev));
211
212 ev = (void *) skb_put(skb, sizeof(*ev));
213 ev->status = status;
eb55ef07 214 ev->opcode = cpu_to_le16(cmd);
f7b64e69 215
56b7d137
GP		 216 err = sock_queue_rcv_skb(sk, skb);
217 if (err < 0)
f7b64e69
JH		 218 kfree_skb(skb);
219
56b7d137 220 return err;
f7b64e69
JH		 221}
222
aee9b218 223static int cmd_complete(struct sock *sk, u16 index, u16 cmd, u8 status,
04124681 224 void *rp, size_t rp_len)
02d98129
JH		 225{
226 struct sk_buff *skb;
227 struct mgmt_hdr *hdr;
228 struct mgmt_ev_cmd_complete *ev;
56b7d137 229 int err;
02d98129
JH		 230
231 BT_DBG("sock %p", sk);
232
790eff44 233 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev) + rp_len, GFP_KERNEL);
02d98129
JH		 234 if (!skb)
235 return -ENOMEM;
236
237 hdr = (void *) skb_put(skb, sizeof(*hdr));
02d98129 238
612dfce9 239 hdr->opcode = __constant_cpu_to_le16(MGMT_EV_CMD_COMPLETE);
4e51eae9 240 hdr->index = cpu_to_le16(index);
a38528f1 241 hdr->len = cpu_to_le16(sizeof(*ev) + rp_len);
02d98129 242
a38528f1 243 ev = (void *) skb_put(skb, sizeof(*ev) + rp_len);
eb55ef07 244 ev->opcode = cpu_to_le16(cmd);
aee9b218 245 ev->status = status;
8020c16a
SJ		 246
247 if (rp)
248 memcpy(ev->data, rp, rp_len);
02d98129 249
56b7d137
GP		 250 err = sock_queue_rcv_skb(sk, skb);
251 if (err < 0)
02d98129
JH		 252 kfree_skb(skb);
253
e5f0e151 254 return err;
02d98129
JH		 255}
256
04124681
GP		 257static int read_version(struct sock *sk, struct hci_dev *hdev, void *data,
258 u16 data_len)
a38528f1
JH		 259{
260 struct mgmt_rp_read_version rp;
261
262 BT_DBG("sock %p", sk);
263
264 rp.version = MGMT_VERSION;
eb55ef07 265 rp.revision = __constant_cpu_to_le16(MGMT_REVISION);
a38528f1 266
aee9b218 267 return cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_VERSION, 0, &rp,
04124681 268 sizeof(rp));
a38528f1
JH		 269}
270
04124681
GP		 271static int read_commands(struct sock *sk, struct hci_dev *hdev, void *data,
272 u16 data_len)
e70bb2e8
JH		 273{
274 struct mgmt_rp_read_commands *rp;
eb55ef07
MH		 275 const u16 num_commands = ARRAY_SIZE(mgmt_commands);
276 const u16 num_events = ARRAY_SIZE(mgmt_events);
2e3c35ea 277 __le16 *opcode;
e70bb2e8
JH		 278 size_t rp_size;
279 int i, err;
280
281 BT_DBG("sock %p", sk);
282
283 rp_size = sizeof(*rp) + ((num_commands + num_events) * sizeof(u16));
284
285 rp = kmalloc(rp_size, GFP_KERNEL);
286 if (!rp)
287 return -ENOMEM;
288
eb55ef07
MH		 289 rp->num_commands = __constant_cpu_to_le16(num_commands);
290 rp->num_events = __constant_cpu_to_le16(num_events);
e70bb2e8
JH		 291
292 for (i = 0, opcode = rp->opcodes; i < num_commands; i++, opcode++)
293 put_unaligned_le16(mgmt_commands[i], opcode);
294
295 for (i = 0; i < num_events; i++, opcode++)
296 put_unaligned_le16(mgmt_events[i], opcode);
297
aee9b218 298 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_COMMANDS, 0, rp,
04124681 299 rp_size);
e70bb2e8
JH		 300 kfree(rp);
301
302 return err;
303}
304
04124681
GP		 305static int read_index_list(struct sock *sk, struct hci_dev *hdev, void *data,
306 u16 data_len)
faba42eb 307{
faba42eb 308 struct mgmt_rp_read_index_list *rp;
8035ded4 309 struct hci_dev *d;
a38528f1 310 size_t rp_len;
faba42eb 311 u16 count;
476e44cb 312 int err;
faba42eb
JH		 313
314 BT_DBG("sock %p", sk);
315
316 read_lock(&hci_dev_list_lock);
317
318 count = 0;
bb4b2a9a 319 list_for_each_entry(d, &hci_dev_list, list) {
1514b892
MH		 320 if (d->dev_type == HCI_BREDR)
321 count++;
faba42eb
JH		 322 }
323
a38528f1
JH		 324 rp_len = sizeof(*rp) + (2 * count);
325 rp = kmalloc(rp_len, GFP_ATOMIC);
326 if (!rp) {
b2c60d42 327 read_unlock(&hci_dev_list_lock);
faba42eb 328 return -ENOMEM;
b2c60d42 329 }
faba42eb 330
476e44cb 331 count = 0;
8035ded4 332 list_for_each_entry(d, &hci_dev_list, list) {
a8b2d5c2 333 if (test_bit(HCI_SETUP, &d->dev_flags))
ab81cbf9
JH		 334 continue;
335
0736cfa8
MH		 336 if (test_bit(HCI_USER_CHANNEL, &d->dev_flags))
337 continue;
338
1514b892
MH		 339 if (d->dev_type == HCI_BREDR) {
340 rp->index[count++] = cpu_to_le16(d->id);
341 BT_DBG("Added hci%u", d->id);
342 }
faba42eb
JH		 343 }
344
476e44cb
JH		 345 rp->num_controllers = cpu_to_le16(count);
346 rp_len = sizeof(*rp) + (2 * count);
347
faba42eb
JH		 348 read_unlock(&hci_dev_list_lock);
349
aee9b218 350 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_INDEX_LIST, 0, rp,
04124681 351 rp_len);
faba42eb 352
a38528f1
JH		 353 kfree(rp);
354
355 return err;
faba42eb
JH		 356}
357
69ab39ea
JH		 358static u32 get_supported_settings(struct hci_dev *hdev)
359{
360 u32 settings = 0;
361
362 settings |= MGMT_SETTING_POWERED;
69ab39ea
JH		 363 settings |= MGMT_SETTING_PAIRABLE;
364
9a1a1996 365 if (lmp_ssp_capable(hdev))
69ab39ea
JH		 366 settings |= MGMT_SETTING_SSP;
367
ed3fa31f 368 if (lmp_bredr_capable(hdev)) {
33c525c0 369 settings |= MGMT_SETTING_CONNECTABLE;
1a47aee8
JH		 370 if (hdev->hci_ver >= BLUETOOTH_VER_1_2)
371 settings |= MGMT_SETTING_FAST_CONNECTABLE;
33c525c0 372 settings |= MGMT_SETTING_DISCOVERABLE;
69ab39ea
JH		 373 settings |= MGMT_SETTING_BREDR;
374 settings |= MGMT_SETTING_LINK_SECURITY;
d7b7e796 375 settings |= MGMT_SETTING_HS;
848566b3 376 }
d7b7e796 377
eeca6f89 378 if (lmp_le_capable(hdev)) {
9d42820f 379 settings |= MGMT_SETTING_LE;
eeca6f89
JH		 380 settings |= MGMT_SETTING_ADVERTISING;
381 }
69ab39ea
JH		 382
383 return settings;
384}
385
386static u32 get_current_settings(struct hci_dev *hdev)
387{
388 u32 settings = 0;
389
f1f0eb02 390 if (hdev_is_powered(hdev))
f0d4b78a
MH		 391 settings |= MGMT_SETTING_POWERED;
392
5e5282bb 393 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
69ab39ea
JH		 394 settings |= MGMT_SETTING_CONNECTABLE;
395
1a4d3c4b
JH		 396 if (test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags))
397 settings |= MGMT_SETTING_FAST_CONNECTABLE;
398
5e5282bb 399 if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
69ab39ea
JH		 400 settings |= MGMT_SETTING_DISCOVERABLE;
401
a8b2d5c2 402 if (test_bit(HCI_PAIRABLE, &hdev->dev_flags))
69ab39ea
JH		 403 settings |= MGMT_SETTING_PAIRABLE;
404
56f87901 405 if (test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
69ab39ea
JH		 406 settings |= MGMT_SETTING_BREDR;
407
06199cf8 408 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
69ab39ea
JH		 409 settings |= MGMT_SETTING_LE;
410
47990ea0 411 if (test_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
69ab39ea
JH		 412 settings |= MGMT_SETTING_LINK_SECURITY;
413
84bde9d6 414 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
69ab39ea
JH		 415 settings |= MGMT_SETTING_SSP;
416
6d80dfd0
JH		 417 if (test_bit(HCI_HS_ENABLED, &hdev->dev_flags))
418 settings |= MGMT_SETTING_HS;
419
f3d3444a 420 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags))
eeca6f89
JH		 421 settings |= MGMT_SETTING_ADVERTISING;
422
69ab39ea
JH		 423 return settings;
424}
425
ef580372
JH		 426#define PNP_INFO_SVCLASS_ID 0x1200
427
213202ed
JH		 428static u8 *create_uuid16_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
429{
430 u8 *ptr = data, *uuids_start = NULL;
431 struct bt_uuid *uuid;
432
433 if (len < 4)
434 return ptr;
435
436 list_for_each_entry(uuid, &hdev->uuids, list) {
437 u16 uuid16;
438
439 if (uuid->size != 16)
440 continue;
441
442 uuid16 = get_unaligned_le16(&uuid->uuid[12]);
443 if (uuid16 < 0x1100)
444 continue;
445
446 if (uuid16 == PNP_INFO_SVCLASS_ID)
447 continue;
448
449 if (!uuids_start) {
450 uuids_start = ptr;
451 uuids_start[0] = 1;
452 uuids_start[1] = EIR_UUID16_ALL;
453 ptr += 2;
454 }
455
456 /* Stop if not enough space to put next UUID */
457 if ((ptr - data) + sizeof(u16) > len) {
458 uuids_start[1] = EIR_UUID16_SOME;
459 break;
460 }
461
462 *ptr++ = (uuid16 & 0x00ff);
463 *ptr++ = (uuid16 & 0xff00) >> 8;
464 uuids_start[0] += sizeof(uuid16);
465 }
466
467 return ptr;
468}
469
cdf1963f
JH		 470static u8 *create_uuid32_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
471{
472 u8 *ptr = data, *uuids_start = NULL;
473 struct bt_uuid *uuid;
474
475 if (len < 6)
476 return ptr;
477
478 list_for_each_entry(uuid, &hdev->uuids, list) {
479 if (uuid->size != 32)
480 continue;
481
482 if (!uuids_start) {
483 uuids_start = ptr;
484 uuids_start[0] = 1;
485 uuids_start[1] = EIR_UUID32_ALL;
486 ptr += 2;
487 }
488
489 /* Stop if not enough space to put next UUID */
490 if ((ptr - data) + sizeof(u32) > len) {
491 uuids_start[1] = EIR_UUID32_SOME;
492 break;
493 }
494
495 memcpy(ptr, &uuid->uuid[12], sizeof(u32));
496 ptr += sizeof(u32);
497 uuids_start[0] += sizeof(u32);
498 }
499
500 return ptr;
501}
502
c00d575b
JH		 503static u8 *create_uuid128_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
504{
505 u8 *ptr = data, *uuids_start = NULL;
506 struct bt_uuid *uuid;
507
508 if (len < 18)
509 return ptr;
510
511 list_for_each_entry(uuid, &hdev->uuids, list) {
512 if (uuid->size != 128)
513 continue;
514
515 if (!uuids_start) {
516 uuids_start = ptr;
517 uuids_start[0] = 1;
518 uuids_start[1] = EIR_UUID128_ALL;
519 ptr += 2;
520 }
521
522 /* Stop if not enough space to put next UUID */
523 if ((ptr - data) + 16 > len) {
524 uuids_start[1] = EIR_UUID128_SOME;
525 break;
526 }
527
528 memcpy(ptr, uuid->uuid, 16);
529 ptr += 16;
530 uuids_start[0] += 16;
531 }
532
533 return ptr;
534}
535
ef580372
JH		 536static void create_eir(struct hci_dev *hdev, u8 *data)
537{
538 u8 *ptr = data;
ef580372
JH		 539 size_t name_len;
540
541 name_len = strlen(hdev->dev_name);
542
543 if (name_len > 0) {
544 /* EIR Data type */
545 if (name_len > 48) {
546 name_len = 48;
547 ptr[1] = EIR_NAME_SHORT;
548 } else
549 ptr[1] = EIR_NAME_COMPLETE;
550
551 /* EIR Data length */
552 ptr[0] = name_len + 1;
553
554 memcpy(ptr + 2, hdev->dev_name, name_len);
555
ef580372
JH		 556 ptr += (name_len + 2);
557 }
558
bbaf444a 559 if (hdev->inq_tx_power != HCI_TX_POWER_INVALID) {
91c4e9b1
MH		 560 ptr[0] = 2;
561 ptr[1] = EIR_TX_POWER;
562 ptr[2] = (u8) hdev->inq_tx_power;
563
91c4e9b1
MH		 564 ptr += 3;
565 }
566
2b9be137
MH		 567 if (hdev->devid_source > 0) {
568 ptr[0] = 9;
569 ptr[1] = EIR_DEVICE_ID;
570
571 put_unaligned_le16(hdev->devid_source, ptr + 2);
572 put_unaligned_le16(hdev->devid_vendor, ptr + 4);
573 put_unaligned_le16(hdev->devid_product, ptr + 6);
574 put_unaligned_le16(hdev->devid_version, ptr + 8);
575
2b9be137
MH		 576 ptr += 10;
577 }
578
213202ed 579 ptr = create_uuid16_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
cdf1963f 580 ptr = create_uuid32_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
c00d575b 581 ptr = create_uuid128_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
ef580372
JH		 582}
583
890ea898 584static void update_eir(struct hci_request *req)
ef580372 585{
890ea898 586 struct hci_dev *hdev = req->hdev;
ef580372
JH		 587 struct hci_cp_write_eir cp;
588
504c8dcd 589 if (!hdev_is_powered(hdev))
890ea898 590 return;
7770c4aa 591
976eb20e 592 if (!lmp_ext_inq_capable(hdev))
890ea898 593 return;
ef580372 594
84bde9d6 595 if (!test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
890ea898 596 return;
ef580372 597
a8b2d5c2 598 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
890ea898 599 return;
ef580372
JH		 600
601 memset(&cp, 0, sizeof(cp));
602
603 create_eir(hdev, cp.data);
604
605 if (memcmp(cp.data, hdev->eir, sizeof(cp.data)) == 0)
890ea898 606 return;
ef580372
JH		 607
608 memcpy(hdev->eir, cp.data, sizeof(cp.data));
609
890ea898 610 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
ef580372
JH		 611}
612
613static u8 get_service_classes(struct hci_dev *hdev)
614{
615 struct bt_uuid *uuid;
616 u8 val = 0;
617
618 list_for_each_entry(uuid, &hdev->uuids, list)
619 val |= uuid->svc_hint;
620
621 return val;
622}
623
890ea898 624static void update_class(struct hci_request *req)
ef580372 625{
890ea898 626 struct hci_dev *hdev = req->hdev;
ef580372
JH		 627 u8 cod[3];
628
629 BT_DBG("%s", hdev->name);
630
504c8dcd 631 if (!hdev_is_powered(hdev))
890ea898 632 return;
7770c4aa 633
a8b2d5c2 634 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
890ea898 635 return;
ef580372
JH		 636
637 cod[0] = hdev->minor_class;
638 cod[1] = hdev->major_class;
639 cod[2] = get_service_classes(hdev);
640
641 if (memcmp(cod, hdev->dev_class, 3) == 0)
890ea898 642 return;
ef580372 643
890ea898 644 hci_req_add(req, HCI_OP_WRITE_CLASS_OF_DEV, sizeof(cod), cod);
ef580372
JH		 645}
646
7d78525d
JH		 647static void service_cache_off(struct work_struct *work)
648{
649 struct hci_dev *hdev = container_of(work, struct hci_dev,
04124681 650 service_cache.work);
890ea898 651 struct hci_request req;
7d78525d 652
a8b2d5c2 653 if (!test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
7d78525d
JH		 654 return;
655
890ea898
JH		 656 hci_req_init(&req, hdev);
657
7d78525d
JH		 658 hci_dev_lock(hdev);
659
890ea898
JH		 660 update_eir(&req);
661 update_class(&req);
7d78525d
JH		 662
663 hci_dev_unlock(hdev);
890ea898
JH		 664
665 hci_req_run(&req, NULL);
7d78525d
JH		 666}
667
6a919082 668static void mgmt_init_hdev(struct sock *sk, struct hci_dev *hdev)
7d78525d 669{
4f87da80 670 if (test_and_set_bit(HCI_MGMT, &hdev->dev_flags))
6a919082
JH		 671 return;
672
4f87da80 673 INIT_DELAYED_WORK(&hdev->service_cache, service_cache_off);
7d78525d 674
4f87da80
JH		 675 /* Non-mgmt controlled devices get this bit set
676 * implicitly so that pairing works for them, however
677 * for mgmt we require user-space to explicitly enable
678 * it
679 */
680 clear_bit(HCI_PAIRABLE, &hdev->dev_flags);
7d78525d
JH		 681}
682
0f4e68cf 683static int read_controller_info(struct sock *sk, struct hci_dev *hdev,
04124681 684 void *data, u16 data_len)
0381101f 685{
a38528f1 686 struct mgmt_rp_read_info rp;
f7b64e69 687
bdb6d971 688 BT_DBG("sock %p %s", sk, hdev->name);
f7b64e69 689
09fd0de5 690 hci_dev_lock(hdev);
f7b64e69 691
dc4fe30b
JH		 692 memset(&rp, 0, sizeof(rp));
693
69ab39ea 694 bacpy(&rp.bdaddr, &hdev->bdaddr);
f7b64e69 695
69ab39ea 696 rp.version = hdev->hci_ver;
eb55ef07 697 rp.manufacturer = cpu_to_le16(hdev->manufacturer);
69ab39ea
JH		 698
699 rp.supported_settings = cpu_to_le32(get_supported_settings(hdev));
700 rp.current_settings = cpu_to_le32(get_current_settings(hdev));
f7b64e69 701
a38528f1 702 memcpy(rp.dev_class, hdev->dev_class, 3);
f7b64e69 703
dc4fe30b 704 memcpy(rp.name, hdev->dev_name, sizeof(hdev->dev_name));
27fcc362 705 memcpy(rp.short_name, hdev->short_name, sizeof(hdev->short_name));
dc4fe30b 706
09fd0de5 707 hci_dev_unlock(hdev);
0381101f 708
bdb6d971 709 return cmd_complete(sk, hdev->id, MGMT_OP_READ_INFO, 0, &rp,
04124681 710 sizeof(rp));
0381101f
JH		 711}
712
eec8d2bc
JH		 713static void mgmt_pending_free(struct pending_cmd *cmd)
714{
715 sock_put(cmd->sk);
c68fb7ff 716 kfree(cmd->param);
eec8d2bc
JH		 717 kfree(cmd);
718}
719
366a0336 720static struct pending_cmd *mgmt_pending_add(struct sock *sk, u16 opcode,
04124681
GP		 721 struct hci_dev *hdev, void *data,
722 u16 len)
eec8d2bc
JH		 723{
724 struct pending_cmd *cmd;
725
12b94565 726 cmd = kmalloc(sizeof(*cmd), GFP_KERNEL);
eec8d2bc 727 if (!cmd)
366a0336 728 return NULL;
eec8d2bc
JH		 729
730 cmd->opcode = opcode;
2e58ef3e 731 cmd->index = hdev->id;
eec8d2bc 732
12b94565 733 cmd->param = kmalloc(len, GFP_KERNEL);
c68fb7ff 734 if (!cmd->param) {
eec8d2bc 735 kfree(cmd);
366a0336 736 return NULL;
eec8d2bc
JH		 737 }
738
8fce6357
SJ		 739 if (data)
740 memcpy(cmd->param, data, len);
eec8d2bc
JH		 741
742 cmd->sk = sk;
743 sock_hold(sk);
744
2e58ef3e 745 list_add(&cmd->list, &hdev->mgmt_pending);
eec8d2bc 746
366a0336 747 return cmd;
eec8d2bc
JH		 748}
749
744cf19e 750static void mgmt_pending_foreach(u16 opcode, struct hci_dev *hdev,
8fc9ced3
GP		 751 void (*cb)(struct pending_cmd *cmd,
752 void *data),
04124681 753 void *data)
eec8d2bc 754{
a3d09356 755 struct pending_cmd *cmd, *tmp;
eec8d2bc 756
a3d09356 757 list_for_each_entry_safe(cmd, tmp, &hdev->mgmt_pending, list) {
b24752fe 758 if (opcode > 0 && cmd->opcode != opcode)
eec8d2bc
JH		 759 continue;
760
eec8d2bc
JH		 761 cb(cmd, data);
762 }
763}
764
2e58ef3e 765static struct pending_cmd *mgmt_pending_find(u16 opcode, struct hci_dev *hdev)
eec8d2bc 766{
8035ded4 767 struct pending_cmd *cmd;
eec8d2bc 768
2e58ef3e 769 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
2aeabcbe
JH		 770 if (cmd->opcode == opcode)
771 return cmd;
eec8d2bc
JH		 772 }
773
774 return NULL;
775}
776
a664b5bc 777static void mgmt_pending_remove(struct pending_cmd *cmd)
73f22f62 778{
73f22f62
JH		 779 list_del(&cmd->list);
780 mgmt_pending_free(cmd);
781}
782
69ab39ea 783static int send_settings_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
8680570b 784{
69ab39ea 785 __le32 settings = cpu_to_le32(get_current_settings(hdev));
8680570b 786
aee9b218 787 return cmd_complete(sk, hdev->id, opcode, 0, &settings,
04124681 788 sizeof(settings));
8680570b
JH		 789}
790
bdb6d971 791static int set_powered(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 792 u16 len)
eec8d2bc 793{
650f726d 794 struct mgmt_mode *cp = data;
366a0336 795 struct pending_cmd *cmd;
4b34ee78 796 int err;
eec8d2bc 797
bdb6d971 798 BT_DBG("request for %s", hdev->name);
eec8d2bc 799
a7e80f25
JH		 800 if (cp->val != 0x00 && cp->val != 0x01)
801 return cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
802 MGMT_STATUS_INVALID_PARAMS);
803
09fd0de5 804 hci_dev_lock(hdev);
eec8d2bc 805
87b95ba6
JH		 806 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev)) {
807 err = cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
808 MGMT_STATUS_BUSY);
809 goto failed;
810 }
811
f0d4b78a
MH		 812 if (test_and_clear_bit(HCI_AUTO_OFF, &hdev->dev_flags)) {
813 cancel_delayed_work(&hdev->power_off);
814
815 if (cp->val) {
a1d70450
JH		 816 mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev,
817 data, len);
818 err = mgmt_powered(hdev, 1);
f0d4b78a
MH		 819 goto failed;
820 }
821 }
822
4b34ee78 823 if (!!cp->val == hdev_is_powered(hdev)) {
69ab39ea 824 err = send_settings_rsp(sk, MGMT_OP_SET_POWERED, hdev);
eec8d2bc
JH		 825 goto failed;
826 }
827
2e58ef3e 828 cmd = mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev, data, len);
366a0336
JH		 829 if (!cmd) {
830 err = -ENOMEM;
eec8d2bc 831 goto failed;
366a0336 832 }
eec8d2bc 833
72a734ec 834 if (cp->val)
19202573 835 queue_work(hdev->req_workqueue, &hdev->power_on);
eec8d2bc 836 else
19202573 837 queue_work(hdev->req_workqueue, &hdev->power_off.work);
eec8d2bc 838
366a0336 839 err = 0;
eec8d2bc
JH		 840
841failed:
09fd0de5 842 hci_dev_unlock(hdev);
366a0336 843 return err;
eec8d2bc
JH		 844}
845
04124681
GP		 846static int mgmt_event(u16 event, struct hci_dev *hdev, void *data, u16 data_len,
847 struct sock *skip_sk)
beadb2bd
JH		 848{
849 struct sk_buff *skb;
850 struct mgmt_hdr *hdr;
851
790eff44 852 skb = alloc_skb(sizeof(*hdr) + data_len, GFP_KERNEL);
beadb2bd
JH		 853 if (!skb)
854 return -ENOMEM;
855
856 hdr = (void *) skb_put(skb, sizeof(*hdr));
857 hdr->opcode = cpu_to_le16(event);
858 if (hdev)
859 hdr->index = cpu_to_le16(hdev->id);
860 else
612dfce9 861 hdr->index = __constant_cpu_to_le16(MGMT_INDEX_NONE);
beadb2bd
JH		 862 hdr->len = cpu_to_le16(data_len);
863
864 if (data)
865 memcpy(skb_put(skb, data_len), data, data_len);
866
97e0bdeb
MH		 867 /* Time stamp */
868 __net_timestamp(skb);
869
beadb2bd
JH		 870 hci_send_to_control(skb, skip_sk);
871 kfree_skb(skb);
872
873 return 0;
874}
875
876static int new_settings(struct hci_dev *hdev, struct sock *skip)
877{
878 __le32 ev;
879
880 ev = cpu_to_le32(get_current_settings(hdev));
881
882 return mgmt_event(MGMT_EV_NEW_SETTINGS, hdev, &ev, sizeof(ev), skip);
883}
884
bd99abdd
JH		 885struct cmd_lookup {
886 struct sock *sk;
887 struct hci_dev *hdev;
888 u8 mgmt_status;
889};
890
891static void settings_rsp(struct pending_cmd *cmd, void *data)
892{
893 struct cmd_lookup *match = data;
894
895 send_settings_rsp(cmd->sk, cmd->opcode, match->hdev);
896
897 list_del(&cmd->list);
898
899 if (match->sk == NULL) {
900 match->sk = cmd->sk;
901 sock_hold(match->sk);
902 }
903
904 mgmt_pending_free(cmd);
905}
906
907static void cmd_status_rsp(struct pending_cmd *cmd, void *data)
908{
909 u8 *status = data;
910
911 cmd_status(cmd->sk, cmd->index, cmd->opcode, *status);
912 mgmt_pending_remove(cmd);
913}
914
e6fe7986
JH		 915static u8 mgmt_bredr_support(struct hci_dev *hdev)
916{
917 if (!lmp_bredr_capable(hdev))
918 return MGMT_STATUS_NOT_SUPPORTED;
919 else if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
920 return MGMT_STATUS_REJECTED;
921 else
922 return MGMT_STATUS_SUCCESS;
923}
924
925static u8 mgmt_le_support(struct hci_dev *hdev)
926{
927 if (!lmp_le_capable(hdev))
928 return MGMT_STATUS_NOT_SUPPORTED;
929 else if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
930 return MGMT_STATUS_REJECTED;
931 else
932 return MGMT_STATUS_SUCCESS;
933}
934
bdb6d971 935static int set_discoverable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 936 u16 len)
73f22f62 937{
650f726d 938 struct mgmt_cp_set_discoverable *cp = data;
366a0336 939 struct pending_cmd *cmd;
5e5282bb 940 u16 timeout;
e6fe7986 941 u8 scan, status;
73f22f62
JH		 942 int err;
943
bdb6d971 944 BT_DBG("request for %s", hdev->name);
73f22f62 945
e6fe7986
JH		 946 status = mgmt_bredr_support(hdev);
947 if (status)
33c525c0 948 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
e6fe7986 949 status);
33c525c0 950
a7e80f25
JH		 951 if (cp->val != 0x00 && cp->val != 0x01)
952 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
953 MGMT_STATUS_INVALID_PARAMS);
954
1f350c87 955 timeout = __le16_to_cpu(cp->timeout);
24c54a90 956 if (!cp->val && timeout > 0)
bdb6d971 957 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 958 MGMT_STATUS_INVALID_PARAMS);
73f22f62 959
09fd0de5 960 hci_dev_lock(hdev);
73f22f62 961
5e5282bb 962 if (!hdev_is_powered(hdev) && timeout > 0) {
bdb6d971 963 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 964 MGMT_STATUS_NOT_POWERED);
73f22f62
JH		 965 goto failed;
966 }
967
2e58ef3e 968 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
8ce8e2b5 969 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
bdb6d971 970 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 971 MGMT_STATUS_BUSY);
73f22f62
JH		 972 goto failed;
973 }
974
5e5282bb 975 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags)) {
bdb6d971 976 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 977 MGMT_STATUS_REJECTED);
5e5282bb
JH		 978 goto failed;
979 }
980
981 if (!hdev_is_powered(hdev)) {
0224d2fa
JH		 982 bool changed = false;
983
984 if (!!cp->val != test_bit(HCI_DISCOVERABLE, &hdev->dev_flags)) {
985 change_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
986 changed = true;
987 }
988
5e5282bb 989 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
0224d2fa
JH		 990 if (err < 0)
991 goto failed;
992
993 if (changed)
994 err = new_settings(hdev, sk);
995
5e5282bb
JH		 996 goto failed;
997 }
998
999 if (!!cp->val == test_bit(HCI_DISCOVERABLE, &hdev->dev_flags)) {
955638ec
MH		 1000 if (hdev->discov_timeout > 0) {
1001 cancel_delayed_work(&hdev->discov_off);
1002 hdev->discov_timeout = 0;
1003 }
1004
1005 if (cp->val && timeout > 0) {
1006 hdev->discov_timeout = timeout;
1007 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
1008 msecs_to_jiffies(hdev->discov_timeout * 1000));
1009 }
1010
69ab39ea 1011 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
73f22f62
JH		 1012 goto failed;
1013 }
1014
2e58ef3e 1015 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DISCOVERABLE, hdev, data, len);
366a0336
JH		 1016 if (!cmd) {
1017 err = -ENOMEM;
73f22f62 1018 goto failed;
366a0336 1019 }
73f22f62
JH		 1020
1021 scan = SCAN_PAGE;
1022
72a734ec 1023 if (cp->val)
73f22f62 1024 scan |= SCAN_INQUIRY;
16ab91ab 1025 else
e0f9309f 1026 cancel_delayed_work(&hdev->discov_off);
73f22f62
JH		 1027
1028 err = hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1029 if (err < 0)
a664b5bc 1030 mgmt_pending_remove(cmd);
73f22f62 1031
16ab91ab 1032 if (cp->val)
5e5282bb 1033 hdev->discov_timeout = timeout;
16ab91ab 1034
73f22f62 1035failed:
09fd0de5 1036 hci_dev_unlock(hdev);
73f22f62
JH		 1037 return err;
1038}
1039
406d7804
JH		 1040static void write_fast_connectable(struct hci_request *req, bool enable)
1041{
bd98b996 1042 struct hci_dev *hdev = req->hdev;
406d7804
JH		 1043 struct hci_cp_write_page_scan_activity acp;
1044 u8 type;
1045
4c01f8b8
JH		 1046 if (hdev->hci_ver < BLUETOOTH_VER_1_2)
1047 return;
1048
406d7804
JH		 1049 if (enable) {
1050 type = PAGE_SCAN_TYPE_INTERLACED;
1051
1052 /* 160 msec page scan interval */
1053 acp.interval = __constant_cpu_to_le16(0x0100);
1054 } else {
1055 type = PAGE_SCAN_TYPE_STANDARD; /* default */
1056
1057 /* default 1.28 sec page scan */
1058 acp.interval = __constant_cpu_to_le16(0x0800);
1059 }
1060
1061 acp.window = __constant_cpu_to_le16(0x0012);
1062
bd98b996
JH		 1063 if (__cpu_to_le16(hdev->page_scan_interval) != acp.interval ||
1064 __cpu_to_le16(hdev->page_scan_window) != acp.window)
1065 hci_req_add(req, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY,
1066 sizeof(acp), &acp);
1067
1068 if (hdev->page_scan_type != type)
1069 hci_req_add(req, HCI_OP_WRITE_PAGE_SCAN_TYPE, 1, &type);
406d7804
JH		 1070}
1071
2b76f453
JH		 1072static void set_connectable_complete(struct hci_dev *hdev, u8 status)
1073{
1074 struct pending_cmd *cmd;
1075
1076 BT_DBG("status 0x%02x", status);
1077
1078 hci_dev_lock(hdev);
1079
1080 cmd = mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
1081 if (!cmd)
1082 goto unlock;
1083
1084 send_settings_rsp(cmd->sk, MGMT_OP_SET_CONNECTABLE, hdev);
1085
1086 mgmt_pending_remove(cmd);
1087
1088unlock:
1089 hci_dev_unlock(hdev);
1090}
1091
bdb6d971 1092static int set_connectable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1093 u16 len)
9fbcbb45 1094{
650f726d 1095 struct mgmt_mode *cp = data;
366a0336 1096 struct pending_cmd *cmd;
2b76f453 1097 struct hci_request req;
e6fe7986 1098 u8 scan, status;
9fbcbb45
JH		 1099 int err;
1100
bdb6d971 1101 BT_DBG("request for %s", hdev->name);
9fbcbb45 1102
e6fe7986
JH		 1103 status = mgmt_bredr_support(hdev);
1104 if (status)
33c525c0 1105 return cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
e6fe7986 1106 status);
33c525c0 1107
a7e80f25
JH		 1108 if (cp->val != 0x00 && cp->val != 0x01)
1109 return cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1110 MGMT_STATUS_INVALID_PARAMS);
1111
09fd0de5 1112 hci_dev_lock(hdev);
9fbcbb45 1113
4b34ee78 1114 if (!hdev_is_powered(hdev)) {
0224d2fa
JH		 1115 bool changed = false;
1116
1117 if (!!cp->val != test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
1118 changed = true;
1119
6bf0e469 1120 if (cp->val) {
5e5282bb 1121 set_bit(HCI_CONNECTABLE, &hdev->dev_flags);
6bf0e469 1122 } else {
5e5282bb
JH		 1123 clear_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1124 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
1125 }
0224d2fa 1126
5e5282bb 1127 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
0224d2fa
JH		 1128 if (err < 0)
1129 goto failed;
1130
1131 if (changed)
1132 err = new_settings(hdev, sk);
1133
9fbcbb45
JH		 1134 goto failed;
1135 }
1136
2e58ef3e 1137 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
8ce8e2b5 1138 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
bdb6d971 1139 err = cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
04124681 1140 MGMT_STATUS_BUSY);
9fbcbb45
JH		 1141 goto failed;
1142 }
1143
5e5282bb 1144 if (!!cp->val == test_bit(HCI_PSCAN, &hdev->flags)) {
69ab39ea 1145 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
9fbcbb45
JH		 1146 goto failed;
1147 }
1148
2e58ef3e 1149 cmd = mgmt_pending_add(sk, MGMT_OP_SET_CONNECTABLE, hdev, data, len);
366a0336
JH		 1150 if (!cmd) {
1151 err = -ENOMEM;
9fbcbb45 1152 goto failed;
366a0336 1153 }
9fbcbb45 1154
6bf0e469 1155 if (cp->val) {
9fbcbb45 1156 scan = SCAN_PAGE;
6bf0e469 1157 } else {
9fbcbb45
JH		 1158 scan = 0;
1159
df2c6c5e 1160 if (test_bit(HCI_ISCAN, &hdev->flags) &&
8ce8e2b5 1161 hdev->discov_timeout > 0)
df2c6c5e
JH		 1162 cancel_delayed_work(&hdev->discov_off);
1163 }
1164
2b76f453
JH		 1165 hci_req_init(&req, hdev);
1166
1167 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1168
4c01f8b8
JH		 1169 /* If we're going from non-connectable to connectable or
1170 * vice-versa when fast connectable is enabled ensure that fast
1171 * connectable gets disabled. write_fast_connectable won't do
1172 * anything if the page scan parameters are already what they
1173 * should be.
1174 */
1175 if (cp->val || test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags))
e36a3769
JH		 1176 write_fast_connectable(&req, false);
1177
2b76f453 1178 err = hci_req_run(&req, set_connectable_complete);
9fbcbb45 1179 if (err < 0)
a664b5bc 1180 mgmt_pending_remove(cmd);
9fbcbb45
JH		 1181
1182failed:
09fd0de5 1183 hci_dev_unlock(hdev);
9fbcbb45
JH		 1184 return err;
1185}
1186
bdb6d971 1187static int set_pairable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1188 u16 len)
c542a06c 1189{
650f726d 1190 struct mgmt_mode *cp = data;
55594356 1191 bool changed;
c542a06c
JH		 1192 int err;
1193
bdb6d971 1194 BT_DBG("request for %s", hdev->name);
c542a06c 1195
a7e80f25
JH		 1196 if (cp->val != 0x00 && cp->val != 0x01)
1197 return cmd_status(sk, hdev->id, MGMT_OP_SET_PAIRABLE,
1198 MGMT_STATUS_INVALID_PARAMS);
1199
09fd0de5 1200 hci_dev_lock(hdev);
c542a06c
JH		 1201
1202 if (cp->val)
55594356 1203 changed = !test_and_set_bit(HCI_PAIRABLE, &hdev->dev_flags);
c542a06c 1204 else
55594356 1205 changed = test_and_clear_bit(HCI_PAIRABLE, &hdev->dev_flags);
c542a06c 1206
69ab39ea 1207 err = send_settings_rsp(sk, MGMT_OP_SET_PAIRABLE, hdev);
c542a06c 1208 if (err < 0)
55594356 1209 goto unlock;
c542a06c 1210
55594356
MH		 1211 if (changed)
1212 err = new_settings(hdev, sk);
c542a06c 1213
55594356 1214unlock:
09fd0de5 1215 hci_dev_unlock(hdev);
c542a06c
JH		 1216 return err;
1217}
1218
04124681
GP		 1219static int set_link_security(struct sock *sk, struct hci_dev *hdev, void *data,
1220 u16 len)
33ef95ed
JH		 1221{
1222 struct mgmt_mode *cp = data;
1223 struct pending_cmd *cmd;
e6fe7986 1224 u8 val, status;
33ef95ed
JH		 1225 int err;
1226
bdb6d971 1227 BT_DBG("request for %s", hdev->name);
33ef95ed 1228
e6fe7986
JH		 1229 status = mgmt_bredr_support(hdev);
1230 if (status)
33c525c0 1231 return cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
e6fe7986 1232 status);
33c525c0 1233
a7e80f25
JH		 1234 if (cp->val != 0x00 && cp->val != 0x01)
1235 return cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1236 MGMT_STATUS_INVALID_PARAMS);
1237
33ef95ed
JH		 1238 hci_dev_lock(hdev);
1239
4b34ee78 1240 if (!hdev_is_powered(hdev)) {
47990ea0
JH		 1241 bool changed = false;
1242
1243 if (!!cp->val != test_bit(HCI_LINK_SECURITY,
8ce8e2b5 1244 &hdev->dev_flags)) {
47990ea0
JH		 1245 change_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
1246 changed = true;
1247 }
1248
1249 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1250 if (err < 0)
1251 goto failed;
1252
1253 if (changed)
1254 err = new_settings(hdev, sk);
1255
33ef95ed
JH		 1256 goto failed;
1257 }
1258
1259 if (mgmt_pending_find(MGMT_OP_SET_LINK_SECURITY, hdev)) {
bdb6d971 1260 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
04124681 1261 MGMT_STATUS_BUSY);
33ef95ed
JH		 1262 goto failed;
1263 }
1264
1265 val = !!cp->val;
1266
1267 if (test_bit(HCI_AUTH, &hdev->flags) == val) {
1268 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1269 goto failed;
1270 }
1271
1272 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LINK_SECURITY, hdev, data, len);
1273 if (!cmd) {
1274 err = -ENOMEM;
1275 goto failed;
1276 }
1277
1278 err = hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE, sizeof(val), &val);
1279 if (err < 0) {
1280 mgmt_pending_remove(cmd);
1281 goto failed;
1282 }
1283
1284failed:
1285 hci_dev_unlock(hdev);
33ef95ed
JH		 1286 return err;
1287}
1288
bdb6d971 1289static int set_ssp(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
ed2c4ee3
JH		 1290{
1291 struct mgmt_mode *cp = data;
1292 struct pending_cmd *cmd;
cdba5281 1293 u8 val, status;
ed2c4ee3
JH		 1294 int err;
1295
bdb6d971 1296 BT_DBG("request for %s", hdev->name);
ed2c4ee3 1297
cdba5281
MH		 1298 status = mgmt_bredr_support(hdev);
1299 if (status)
1300 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP, status);
1301
13ecd8b6
JH		 1302 if (!lmp_ssp_capable(hdev))
1303 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1304 MGMT_STATUS_NOT_SUPPORTED);
ed2c4ee3 1305
a7e80f25
JH		 1306 if (cp->val != 0x00 && cp->val != 0x01)
1307 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1308 MGMT_STATUS_INVALID_PARAMS);
1309
13ecd8b6 1310 hci_dev_lock(hdev);
6c8f12c1 1311
c0ecddc2
JH		 1312 val = !!cp->val;
1313
4b34ee78 1314 if (!hdev_is_powered(hdev)) {
c0ecddc2
JH		 1315 bool changed = false;
1316
1317 if (val != test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) {
1318 change_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
1319 changed = true;
1320 }
1321
1322 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1323 if (err < 0)
1324 goto failed;
1325
1326 if (changed)
1327 err = new_settings(hdev, sk);
1328
ed2c4ee3
JH		 1329 goto failed;
1330 }
1331
1332 if (mgmt_pending_find(MGMT_OP_SET_SSP, hdev)) {
d97dcb66
SJ		 1333 err = cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1334 MGMT_STATUS_BUSY);
ed2c4ee3
JH		 1335 goto failed;
1336 }
1337
ed2c4ee3
JH		 1338 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags) == val) {
1339 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1340 goto failed;
1341 }
1342
1343 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SSP, hdev, data, len);
1344 if (!cmd) {
1345 err = -ENOMEM;
1346 goto failed;
1347 }
1348
1349 err = hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, sizeof(val), &val);
1350 if (err < 0) {
1351 mgmt_pending_remove(cmd);
1352 goto failed;
1353 }
1354
1355failed:
1356 hci_dev_unlock(hdev);
ed2c4ee3
JH		 1357 return err;
1358}
1359
bdb6d971 1360static int set_hs(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
6d80dfd0
JH		 1361{
1362 struct mgmt_mode *cp = data;
ee392693 1363 bool changed;
e6fe7986 1364 u8 status;
ee392693 1365 int err;
6d80dfd0 1366
bdb6d971 1367 BT_DBG("request for %s", hdev->name);
6d80dfd0 1368
e6fe7986
JH		 1369 status = mgmt_bredr_support(hdev);
1370 if (status)
1371 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS, status);
6d80dfd0 1372
a7e80f25
JH		 1373 if (cp->val != 0x00 && cp->val != 0x01)
1374 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1375 MGMT_STATUS_INVALID_PARAMS);
1376
ee392693
MH		 1377 hci_dev_lock(hdev);
1378
a0cdf960 1379 if (cp->val) {
ee392693 1380 changed = !test_and_set_bit(HCI_HS_ENABLED, &hdev->dev_flags);
a0cdf960
MH		 1381 } else {
1382 if (hdev_is_powered(hdev)) {
1383 err = cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1384 MGMT_STATUS_REJECTED);
1385 goto unlock;
1386 }
1387
ee392693 1388 changed = test_and_clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
a0cdf960 1389 }
ee392693
MH		 1390
1391 err = send_settings_rsp(sk, MGMT_OP_SET_HS, hdev);
1392 if (err < 0)
1393 goto unlock;
1394
1395 if (changed)
1396 err = new_settings(hdev, sk);
6d80dfd0 1397
ee392693
MH		 1398unlock:
1399 hci_dev_unlock(hdev);
1400 return err;
6d80dfd0
JH		 1401}
1402
bba3aa55
MH		 1403static void enable_advertising(struct hci_request *req)
1404{
b4faf300
MH		 1405 struct hci_dev *hdev = req->hdev;
1406 struct hci_cp_le_set_adv_param cp;
1407 u8 enable = 0x01;
1408
1409 memset(&cp, 0, sizeof(cp));
1410 cp.min_interval = __constant_cpu_to_le16(0x0800);
1411 cp.max_interval = __constant_cpu_to_le16(0x0800);
1412 cp.type = LE_ADV_IND;
1413 if (bacmp(&hdev->bdaddr, BDADDR_ANY))
1414 cp.own_address_type = ADDR_LE_DEV_PUBLIC;
1415 else
1416 cp.own_address_type = ADDR_LE_DEV_RANDOM;
1417 cp.channel_map = 0x07;
1418
1419 hci_req_add(req, HCI_OP_LE_SET_ADV_PARAM, sizeof(cp), &cp);
bba3aa55 1420
b4faf300 1421 hci_req_add(req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable), &enable);
bba3aa55
MH		 1422}
1423
1424static void disable_advertising(struct hci_request *req)
1425{
b4faf300 1426 u8 enable = 0x00;
bba3aa55 1427
b4faf300 1428 hci_req_add(req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable), &enable);
bba3aa55
MH		 1429}
1430
416a4ae5
JH		 1431static void le_enable_complete(struct hci_dev *hdev, u8 status)
1432{
1433 struct cmd_lookup match = { NULL, hdev };
1434
1435 if (status) {
1436 u8 mgmt_err = mgmt_status(status);
1437
1438 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, cmd_status_rsp,
1439 &mgmt_err);
1440 return;
1441 }
1442
1443 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, settings_rsp, &match);
1444
1445 new_settings(hdev, match.sk);
1446
1447 if (match.sk)
1448 sock_put(match.sk);
1449}
1450
bdb6d971 1451static int set_le(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
06199cf8
JH		 1452{
1453 struct mgmt_mode *cp = data;
1454 struct hci_cp_write_le_host_supported hci_cp;
1455 struct pending_cmd *cmd;
416a4ae5 1456 struct hci_request req;
06199cf8 1457 int err;
0b60eba1 1458 u8 val, enabled;
06199cf8 1459
bdb6d971 1460 BT_DBG("request for %s", hdev->name);
06199cf8 1461
13ecd8b6
JH		 1462 if (!lmp_le_capable(hdev))
1463 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1464 MGMT_STATUS_NOT_SUPPORTED);
1de028ce 1465
a7e80f25
JH		 1466 if (cp->val != 0x00 && cp->val != 0x01)
1467 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1468 MGMT_STATUS_INVALID_PARAMS);
1469
c73eee91 1470 /* LE-only devices do not allow toggling LE on/off */
56f87901 1471 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
c73eee91
JH		 1472 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1473 MGMT_STATUS_REJECTED);
1474
13ecd8b6 1475 hci_dev_lock(hdev);
06199cf8
JH		 1476
1477 val = !!cp->val;
ffa88e02 1478 enabled = lmp_host_le_capable(hdev);
06199cf8 1479
0b60eba1 1480 if (!hdev_is_powered(hdev) || val == enabled) {
06199cf8
JH		 1481 bool changed = false;
1482
1483 if (val != test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
1484 change_bit(HCI_LE_ENABLED, &hdev->dev_flags);
1485 changed = true;
1486 }
1487
f3d3444a
JH		 1488 if (!val && test_bit(HCI_ADVERTISING, &hdev->dev_flags)) {
1489 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
eeca6f89
JH		 1490 changed = true;
1491 }
1492
06199cf8
JH		 1493 err = send_settings_rsp(sk, MGMT_OP_SET_LE, hdev);
1494 if (err < 0)
1de028ce 1495 goto unlock;
06199cf8
JH		 1496
1497 if (changed)
1498 err = new_settings(hdev, sk);
1499
1de028ce 1500 goto unlock;
06199cf8
JH		 1501 }
1502
4375f103
JH		 1503 if (mgmt_pending_find(MGMT_OP_SET_LE, hdev) ||
1504 mgmt_pending_find(MGMT_OP_SET_ADVERTISING, hdev)) {
bdb6d971 1505 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
04124681 1506 MGMT_STATUS_BUSY);
1de028ce 1507 goto unlock;
06199cf8
JH		 1508 }
1509
1510 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LE, hdev, data, len);
1511 if (!cmd) {
1512 err = -ENOMEM;
1de028ce 1513 goto unlock;
06199cf8
JH		 1514 }
1515
1516 memset(&hci_cp, 0, sizeof(hci_cp));
1517
1518 if (val) {
1519 hci_cp.le = val;
ffa88e02 1520 hci_cp.simul = lmp_le_br_capable(hdev);
06199cf8
JH		 1521 }
1522
416a4ae5
JH		 1523 hci_req_init(&req, hdev);
1524
bba3aa55
MH		 1525 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags) && !val)
1526 disable_advertising(&req);
eeca6f89 1527
416a4ae5
JH		 1528 hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(hci_cp),
1529 &hci_cp);
1530
1531 err = hci_req_run(&req, le_enable_complete);
0c01bc48 1532 if (err < 0)
06199cf8 1533 mgmt_pending_remove(cmd);
06199cf8 1534
1de028ce
JH		 1535unlock:
1536 hci_dev_unlock(hdev);
06199cf8
JH		 1537 return err;
1538}
1539
0cab9c80
JH		 1540/* This is a helper function to test for pending mgmt commands that can
1541 * cause CoD or EIR HCI commands. We can only allow one such pending
1542 * mgmt command at a time since otherwise we cannot easily track what
1543 * the current values are, will be, and based on that calculate if a new
1544 * HCI command needs to be sent and if yes with what value.
1545 */
1546static bool pending_eir_or_class(struct hci_dev *hdev)
1547{
1548 struct pending_cmd *cmd;
1549
1550 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
1551 switch (cmd->opcode) {
1552 case MGMT_OP_ADD_UUID:
1553 case MGMT_OP_REMOVE_UUID:
1554 case MGMT_OP_SET_DEV_CLASS:
1555 case MGMT_OP_SET_POWERED:
1556 return true;
1557 }
1558 }
1559
1560 return false;
1561}
1562
83be8eca
JH		 1563static const u8 bluetooth_base_uuid[] = {
1564 0xfb, 0x34, 0x9b, 0x5f, 0x80, 0x00, 0x00, 0x80,
1565 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1566};
1567
1568static u8 get_uuid_size(const u8 *uuid)
1569{
1570 u32 val;
1571
1572 if (memcmp(uuid, bluetooth_base_uuid, 12))
1573 return 128;
1574
1575 val = get_unaligned_le32(&uuid[12]);
1576 if (val > 0xffff)
1577 return 32;
1578
1579 return 16;
1580}
1581
92da6097
JH		 1582static void mgmt_class_complete(struct hci_dev *hdev, u16 mgmt_op, u8 status)
1583{
1584 struct pending_cmd *cmd;
1585
1586 hci_dev_lock(hdev);
1587
1588 cmd = mgmt_pending_find(mgmt_op, hdev);
1589 if (!cmd)
1590 goto unlock;
1591
1592 cmd_complete(cmd->sk, cmd->index, cmd->opcode, mgmt_status(status),
1593 hdev->dev_class, 3);
1594
1595 mgmt_pending_remove(cmd);
1596
1597unlock:
1598 hci_dev_unlock(hdev);
1599}
1600
1601static void add_uuid_complete(struct hci_dev *hdev, u8 status)
1602{
1603 BT_DBG("status 0x%02x", status);
1604
1605 mgmt_class_complete(hdev, MGMT_OP_ADD_UUID, status);
1606}
1607
bdb6d971 1608static int add_uuid(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
2aeb9a1a 1609{
650f726d 1610 struct mgmt_cp_add_uuid *cp = data;
90e70454 1611 struct pending_cmd *cmd;
890ea898 1612 struct hci_request req;
2aeb9a1a 1613 struct bt_uuid *uuid;
2aeb9a1a
JH		 1614 int err;
1615
bdb6d971 1616 BT_DBG("request for %s", hdev->name);
2aeb9a1a 1617
09fd0de5 1618 hci_dev_lock(hdev);
2aeb9a1a 1619
0cab9c80 1620 if (pending_eir_or_class(hdev)) {
bdb6d971 1621 err = cmd_status(sk, hdev->id, MGMT_OP_ADD_UUID,
04124681 1622 MGMT_STATUS_BUSY);
c95f0ba7
JH		 1623 goto failed;
1624 }
1625
92c4c204 1626 uuid = kmalloc(sizeof(*uuid), GFP_KERNEL);
2aeb9a1a
JH		 1627 if (!uuid) {
1628 err = -ENOMEM;
1629 goto failed;
1630 }
1631
1632 memcpy(uuid->uuid, cp->uuid, 16);
1aff6f09 1633 uuid->svc_hint = cp->svc_hint;
83be8eca 1634 uuid->size = get_uuid_size(cp->uuid);
2aeb9a1a 1635
de66aa63 1636 list_add_tail(&uuid->list, &hdev->uuids);
2aeb9a1a 1637
890ea898 1638 hci_req_init(&req, hdev);
1aff6f09 1639
890ea898
JH		 1640 update_class(&req);
1641 update_eir(&req);
1642
92da6097
JH		 1643 err = hci_req_run(&req, add_uuid_complete);
1644 if (err < 0) {
1645 if (err != -ENODATA)
1646 goto failed;
80a1e1db 1647
bdb6d971 1648 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_UUID, 0,
04124681 1649 hdev->dev_class, 3);
90e70454
JH		 1650 goto failed;
1651 }
1652
1653 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_UUID, hdev, data, len);
890ea898 1654 if (!cmd) {
90e70454 1655 err = -ENOMEM;
890ea898
JH		 1656 goto failed;
1657 }
1658
1659 err = 0;
2aeb9a1a
JH		 1660
1661failed:
09fd0de5 1662 hci_dev_unlock(hdev);
2aeb9a1a
JH		 1663 return err;
1664}
1665
24b78d0f
JH		 1666static bool enable_service_cache(struct hci_dev *hdev)
1667{
1668 if (!hdev_is_powered(hdev))
1669 return false;
1670
1671 if (!test_and_set_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
46818ed5
JH		 1672 queue_delayed_work(hdev->workqueue, &hdev->service_cache,
1673 CACHE_TIMEOUT);
24b78d0f
JH		 1674 return true;
1675 }
1676
1677 return false;
1678}
1679
92da6097
JH		 1680static void remove_uuid_complete(struct hci_dev *hdev, u8 status)
1681{
1682 BT_DBG("status 0x%02x", status);
1683
1684 mgmt_class_complete(hdev, MGMT_OP_REMOVE_UUID, status);
1685}
1686
bdb6d971 1687static int remove_uuid(struct sock *sk, struct hci_dev *hdev, void *data,
8ce8e2b5 1688 u16 len)
2aeb9a1a 1689{
650f726d 1690 struct mgmt_cp_remove_uuid *cp = data;
90e70454 1691 struct pending_cmd *cmd;
056341c8 1692 struct bt_uuid *match, *tmp;
2aeb9a1a 1693 u8 bt_uuid_any[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
890ea898 1694 struct hci_request req;
2aeb9a1a
JH		 1695 int err, found;
1696
bdb6d971 1697 BT_DBG("request for %s", hdev->name);
2aeb9a1a 1698
09fd0de5 1699 hci_dev_lock(hdev);
2aeb9a1a 1700
0cab9c80 1701 if (pending_eir_or_class(hdev)) {
bdb6d971 1702 err = cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
04124681 1703 MGMT_STATUS_BUSY);
c95f0ba7
JH		 1704 goto unlock;
1705 }
1706
2aeb9a1a
JH		 1707 if (memcmp(cp->uuid, bt_uuid_any, 16) == 0) {
1708 err = hci_uuids_clear(hdev);
4004b6d9 1709
24b78d0f 1710 if (enable_service_cache(hdev)) {
bdb6d971 1711 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID,
04124681 1712 0, hdev->dev_class, 3);
24b78d0f
JH		 1713 goto unlock;
1714 }
4004b6d9 1715
9246a869 1716 goto update_class;
2aeb9a1a
JH		 1717 }
1718
1719 found = 0;
1720
056341c8 1721 list_for_each_entry_safe(match, tmp, &hdev->uuids, list) {
2aeb9a1a
JH		 1722 if (memcmp(match->uuid, cp->uuid, 16) != 0)
1723 continue;
1724
1725 list_del(&match->list);
482049f7 1726 kfree(match);
2aeb9a1a
JH		 1727 found++;
1728 }
1729
1730 if (found == 0) {
bdb6d971 1731 err = cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
04124681 1732 MGMT_STATUS_INVALID_PARAMS);
2aeb9a1a
JH		 1733 goto unlock;
1734 }
1735
9246a869 1736update_class:
890ea898 1737 hci_req_init(&req, hdev);
1aff6f09 1738
890ea898
JH		 1739 update_class(&req);
1740 update_eir(&req);
1741
92da6097
JH		 1742 err = hci_req_run(&req, remove_uuid_complete);
1743 if (err < 0) {
1744 if (err != -ENODATA)
1745 goto unlock;
80a1e1db 1746
bdb6d971 1747 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID, 0,
04124681 1748 hdev->dev_class, 3);
90e70454
JH		 1749 goto unlock;
1750 }
1751
1752 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_UUID, hdev, data, len);
890ea898 1753 if (!cmd) {
90e70454 1754 err = -ENOMEM;
890ea898
JH		 1755 goto unlock;
1756 }
1757
1758 err = 0;
2aeb9a1a
JH		 1759
1760unlock:
09fd0de5 1761 hci_dev_unlock(hdev);
2aeb9a1a
JH		 1762 return err;
1763}
1764
92da6097
JH		 1765static void set_class_complete(struct hci_dev *hdev, u8 status)
1766{
1767 BT_DBG("status 0x%02x", status);
1768
1769 mgmt_class_complete(hdev, MGMT_OP_SET_DEV_CLASS, status);
1770}
1771
bdb6d971 1772static int set_dev_class(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1773 u16 len)
1aff6f09 1774{
650f726d 1775 struct mgmt_cp_set_dev_class *cp = data;
90e70454 1776 struct pending_cmd *cmd;
890ea898 1777 struct hci_request req;
1aff6f09
JH		 1778 int err;
1779
bdb6d971 1780 BT_DBG("request for %s", hdev->name);
1aff6f09 1781
6203fc98 1782 if (!lmp_bredr_capable(hdev))
13ecd8b6
JH		 1783 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
1784 MGMT_STATUS_NOT_SUPPORTED);
1aff6f09 1785
0cab9c80 1786 hci_dev_lock(hdev);
ee98f473 1787
0cab9c80
JH		 1788 if (pending_eir_or_class(hdev)) {
1789 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
1790 MGMT_STATUS_BUSY);
1791 goto unlock;
1792 }
c95f0ba7 1793
0cab9c80
JH		 1794 if ((cp->minor & 0x03) != 0 || (cp->major & 0xe0) != 0) {
1795 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
1796 MGMT_STATUS_INVALID_PARAMS);
1797 goto unlock;
1798 }
575b3a02 1799
932f5ff5
JH		 1800 hdev->major_class = cp->major;
1801 hdev->minor_class = cp->minor;
1802
b5235a65 1803 if (!hdev_is_powered(hdev)) {
bdb6d971 1804 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
04124681 1805 hdev->dev_class, 3);
b5235a65
JH		 1806 goto unlock;
1807 }
1808
890ea898
JH		 1809 hci_req_init(&req, hdev);
1810
a8b2d5c2 1811 if (test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
7d78525d
JH		 1812 hci_dev_unlock(hdev);
1813 cancel_delayed_work_sync(&hdev->service_cache);
1814 hci_dev_lock(hdev);
890ea898 1815 update_eir(&req);
7d78525d 1816 }
14c0b608 1817
890ea898
JH		 1818 update_class(&req);
1819
92da6097
JH		 1820 err = hci_req_run(&req, set_class_complete);
1821 if (err < 0) {
1822 if (err != -ENODATA)
1823 goto unlock;
1aff6f09 1824
bdb6d971 1825 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
04124681 1826 hdev->dev_class, 3);
90e70454
JH		 1827 goto unlock;
1828 }
1829
1830 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DEV_CLASS, hdev, data, len);
890ea898 1831 if (!cmd) {
90e70454 1832 err = -ENOMEM;
890ea898
JH		 1833 goto unlock;
1834 }
1835
1836 err = 0;
1aff6f09 1837
b5235a65 1838unlock:
09fd0de5 1839 hci_dev_unlock(hdev);
1aff6f09
JH		 1840 return err;
1841}
1842
bdb6d971 1843static int load_link_keys(struct sock *sk, struct hci_dev *hdev, void *data,
8ce8e2b5 1844 u16 len)
55ed8ca1 1845{
650f726d 1846 struct mgmt_cp_load_link_keys *cp = data;
4e51eae9 1847 u16 key_count, expected_len;
a492cd52 1848 int i;
55ed8ca1 1849
9060d5cf
MH		 1850 BT_DBG("request for %s", hdev->name);
1851
1852 if (!lmp_bredr_capable(hdev))
1853 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
1854 MGMT_STATUS_NOT_SUPPORTED);
1855
1f350c87 1856 key_count = __le16_to_cpu(cp->key_count);
55ed8ca1 1857
86742e1e
JH		 1858 expected_len = sizeof(*cp) + key_count *
1859 sizeof(struct mgmt_link_key_info);
a492cd52 1860 if (expected_len != len) {
86742e1e 1861 BT_ERR("load_link_keys: expected %u bytes, got %u bytes",
8ce8e2b5 1862 len, expected_len);
bdb6d971 1863 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
04124681 1864 MGMT_STATUS_INVALID_PARAMS);
55ed8ca1
JH		 1865 }
1866
4ae14301
JH		 1867 if (cp->debug_keys != 0x00 && cp->debug_keys != 0x01)
1868 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
1869 MGMT_STATUS_INVALID_PARAMS);
1870
bdb6d971 1871 BT_DBG("%s debug_keys %u key_count %u", hdev->name, cp->debug_keys,
8ce8e2b5 1872 key_count);
55ed8ca1 1873
4ee71b20
JH		 1874 for (i = 0; i < key_count; i++) {
1875 struct mgmt_link_key_info *key = &cp->keys[i];
1876
1877 if (key->addr.type != BDADDR_BREDR)
1878 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
1879 MGMT_STATUS_INVALID_PARAMS);
1880 }
1881
09fd0de5 1882 hci_dev_lock(hdev);
55ed8ca1
JH		 1883
1884 hci_link_keys_clear(hdev);
1885
55ed8ca1 1886 if (cp->debug_keys)
a8b2d5c2 1887 set_bit(HCI_DEBUG_KEYS, &hdev->dev_flags);
55ed8ca1 1888 else
a8b2d5c2 1889 clear_bit(HCI_DEBUG_KEYS, &hdev->dev_flags);
55ed8ca1 1890
a492cd52 1891 for (i = 0; i < key_count; i++) {
86742e1e 1892 struct mgmt_link_key_info *key = &cp->keys[i];
55ed8ca1 1893
d753fdc4 1894 hci_add_link_key(hdev, NULL, 0, &key->addr.bdaddr, key->val,
04124681 1895 key->type, key->pin_len);
55ed8ca1
JH		 1896 }
1897
bdb6d971 1898 cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS, 0, NULL, 0);
0e5f875a 1899
09fd0de5 1900 hci_dev_unlock(hdev);
55ed8ca1 1901
a492cd52 1902 return 0;
55ed8ca1
JH		 1903}
1904
b1078ad0 1905static int device_unpaired(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 1906 u8 addr_type, struct sock *skip_sk)
b1078ad0
JH		 1907{
1908 struct mgmt_ev_device_unpaired ev;
1909
1910 bacpy(&ev.addr.bdaddr, bdaddr);
1911 ev.addr.type = addr_type;
1912
1913 return mgmt_event(MGMT_EV_DEVICE_UNPAIRED, hdev, &ev, sizeof(ev),
04124681 1914 skip_sk);
b1078ad0
JH		 1915}
1916
bdb6d971 1917static int unpair_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1918 u16 len)
55ed8ca1 1919{
124f6e35
JH		 1920 struct mgmt_cp_unpair_device *cp = data;
1921 struct mgmt_rp_unpair_device rp;
a8a1d19e
JH		 1922 struct hci_cp_disconnect dc;
1923 struct pending_cmd *cmd;
55ed8ca1 1924 struct hci_conn *conn;
55ed8ca1
JH		 1925 int err;
1926
a8a1d19e 1927 memset(&rp, 0, sizeof(rp));
124f6e35
JH		 1928 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
1929 rp.addr.type = cp->addr.type;
a8a1d19e 1930
4ee71b20
JH		 1931 if (!bdaddr_type_is_valid(cp->addr.type))
1932 return cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
1933 MGMT_STATUS_INVALID_PARAMS,
1934 &rp, sizeof(rp));
1935
118da70b
JH		 1936 if (cp->disconnect != 0x00 && cp->disconnect != 0x01)
1937 return cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
1938 MGMT_STATUS_INVALID_PARAMS,
1939 &rp, sizeof(rp));
1940
4ee71b20
JH		 1941 hci_dev_lock(hdev);
1942
86a8cfc6 1943 if (!hdev_is_powered(hdev)) {
bdb6d971 1944 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
04124681 1945 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
86a8cfc6
JH		 1946 goto unlock;
1947 }
1948
591f47f3 1949 if (cp->addr.type == BDADDR_BREDR)
124f6e35
JH		 1950 err = hci_remove_link_key(hdev, &cp->addr.bdaddr);
1951 else
1952 err = hci_remove_ltk(hdev, &cp->addr.bdaddr);
b0dbfb46 1953
55ed8ca1 1954 if (err < 0) {
bdb6d971 1955 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
04124681 1956 MGMT_STATUS_NOT_PAIRED, &rp, sizeof(rp));
55ed8ca1
JH		 1957 goto unlock;
1958 }
1959
86a8cfc6 1960 if (cp->disconnect) {
591f47f3 1961 if (cp->addr.type == BDADDR_BREDR)
86a8cfc6 1962 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
8ce8e2b5 1963 &cp->addr.bdaddr);
86a8cfc6
JH		 1964 else
1965 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK,
8ce8e2b5 1966 &cp->addr.bdaddr);
86a8cfc6
JH		 1967 } else {
1968 conn = NULL;
1969 }
124f6e35 1970
a8a1d19e 1971 if (!conn) {
bdb6d971 1972 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE, 0,
04124681 1973 &rp, sizeof(rp));
b1078ad0 1974 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, sk);
a8a1d19e
JH		 1975 goto unlock;
1976 }
55ed8ca1 1977
124f6e35 1978 cmd = mgmt_pending_add(sk, MGMT_OP_UNPAIR_DEVICE, hdev, cp,
04124681 1979 sizeof(*cp));
a8a1d19e
JH		 1980 if (!cmd) {
1981 err = -ENOMEM;
1982 goto unlock;
55ed8ca1
JH		 1983 }
1984
eb55ef07 1985 dc.handle = cpu_to_le16(conn->handle);
a8a1d19e
JH		 1986 dc.reason = 0x13; /* Remote User Terminated Connection */
1987 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
1988 if (err < 0)
1989 mgmt_pending_remove(cmd);
1990
55ed8ca1 1991unlock:
09fd0de5 1992 hci_dev_unlock(hdev);
55ed8ca1
JH		 1993 return err;
1994}
1995
bdb6d971 1996static int disconnect(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1997 u16 len)
8962ee74 1998{
650f726d 1999 struct mgmt_cp_disconnect *cp = data;
06a63b19 2000 struct mgmt_rp_disconnect rp;
8962ee74 2001 struct hci_cp_disconnect dc;
366a0336 2002 struct pending_cmd *cmd;
8962ee74 2003 struct hci_conn *conn;
8962ee74
JH		 2004 int err;
2005
2006 BT_DBG("");
2007
06a63b19
JH		 2008 memset(&rp, 0, sizeof(rp));
2009 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2010 rp.addr.type = cp->addr.type;
2011
4ee71b20 2012 if (!bdaddr_type_is_valid(cp->addr.type))
06a63b19
JH		 2013 return cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2014 MGMT_STATUS_INVALID_PARAMS,
2015 &rp, sizeof(rp));
4ee71b20 2016
09fd0de5 2017 hci_dev_lock(hdev);
8962ee74
JH		 2018
2019 if (!test_bit(HCI_UP, &hdev->flags)) {
06a63b19
JH		 2020 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2021 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
8962ee74
JH		 2022 goto failed;
2023 }
2024
2e58ef3e 2025 if (mgmt_pending_find(MGMT_OP_DISCONNECT, hdev)) {
06a63b19
JH		 2026 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2027 MGMT_STATUS_BUSY, &rp, sizeof(rp));
8962ee74
JH		 2028 goto failed;
2029 }
2030
591f47f3 2031 if (cp->addr.type == BDADDR_BREDR)
8fc9ced3
GP		 2032 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
2033 &cp->addr.bdaddr);
88c3df13
JH		 2034 else
2035 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
365227e5 2036
f960727e 2037 if (!conn || conn->state == BT_OPEN || conn->state == BT_CLOSED) {
06a63b19
JH		 2038 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2039 MGMT_STATUS_NOT_CONNECTED, &rp, sizeof(rp));
8962ee74
JH		 2040 goto failed;
2041 }
2042
2e58ef3e 2043 cmd = mgmt_pending_add(sk, MGMT_OP_DISCONNECT, hdev, data, len);
366a0336
JH		 2044 if (!cmd) {
2045 err = -ENOMEM;
8962ee74 2046 goto failed;
366a0336 2047 }
8962ee74 2048
eb55ef07 2049 dc.handle = cpu_to_le16(conn->handle);
3701f944 2050 dc.reason = HCI_ERROR_REMOTE_USER_TERM;
8962ee74
JH		 2051
2052 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
2053 if (err < 0)
a664b5bc 2054 mgmt_pending_remove(cmd);
8962ee74
JH		 2055
2056failed:
09fd0de5 2057 hci_dev_unlock(hdev);
8962ee74
JH		 2058 return err;
2059}
2060
57c1477c 2061static u8 link_to_bdaddr(u8 link_type, u8 addr_type)
4c659c39
JH		 2062{
2063 switch (link_type) {
2064 case LE_LINK:
48264f06
JH		 2065 switch (addr_type) {
2066 case ADDR_LE_DEV_PUBLIC:
591f47f3 2067 return BDADDR_LE_PUBLIC;
0ed09148 2068
48264f06 2069 default:
0ed09148 2070 /* Fallback to LE Random address type */
591f47f3 2071 return BDADDR_LE_RANDOM;
48264f06 2072 }
0ed09148 2073
4c659c39 2074 default:
0ed09148 2075 /* Fallback to BR/EDR type */
591f47f3 2076 return BDADDR_BREDR;
4c659c39
JH		 2077 }
2078}
2079
04124681
GP		 2080static int get_connections(struct sock *sk, struct hci_dev *hdev, void *data,
2081 u16 data_len)
2784eb41 2082{
2784eb41 2083 struct mgmt_rp_get_connections *rp;
8035ded4 2084 struct hci_conn *c;
a38528f1 2085 size_t rp_len;
60fc5fb6
JH		 2086 int err;
2087 u16 i;
2784eb41
JH		 2088
2089 BT_DBG("");
2090
09fd0de5 2091 hci_dev_lock(hdev);
2784eb41 2092
5f97c1df 2093 if (!hdev_is_powered(hdev)) {
bdb6d971 2094 err = cmd_status(sk, hdev->id, MGMT_OP_GET_CONNECTIONS,
04124681 2095 MGMT_STATUS_NOT_POWERED);
5f97c1df
JH		 2096 goto unlock;
2097 }
2098
60fc5fb6 2099 i = 0;
b644ba33
JH		 2100 list_for_each_entry(c, &hdev->conn_hash.list, list) {
2101 if (test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
60fc5fb6 2102 i++;
2784eb41
JH		 2103 }
2104
60fc5fb6 2105 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
92c4c204 2106 rp = kmalloc(rp_len, GFP_KERNEL);
a38528f1 2107 if (!rp) {
2784eb41
JH		 2108 err = -ENOMEM;
2109 goto unlock;
2110 }
2111
2784eb41 2112 i = 0;
4c659c39 2113 list_for_each_entry(c, &hdev->conn_hash.list, list) {
b644ba33
JH		 2114 if (!test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
2115 continue;
4c659c39 2116 bacpy(&rp->addr[i].bdaddr, &c->dst);
57c1477c 2117 rp->addr[i].type = link_to_bdaddr(c->type, c->dst_type);
0ed09148 2118 if (c->type == SCO_LINK || c->type == ESCO_LINK)
4c659c39
JH		 2119 continue;
2120 i++;
2121 }
2122
eb55ef07 2123 rp->conn_count = cpu_to_le16(i);
60fc5fb6 2124
4c659c39
JH		 2125 /* Recalculate length in case of filtered SCO connections, etc */
2126 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
2784eb41 2127
bdb6d971 2128 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CONNECTIONS, 0, rp,
04124681 2129 rp_len);
2784eb41 2130
a38528f1 2131 kfree(rp);
5f97c1df
JH		 2132
2133unlock:
09fd0de5 2134 hci_dev_unlock(hdev);
2784eb41
JH		 2135 return err;
2136}
2137
bdb6d971 2138static int send_pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 2139 struct mgmt_cp_pin_code_neg_reply *cp)
96d97a67
WR		 2140{
2141 struct pending_cmd *cmd;
2142 int err;
2143
2e58ef3e 2144 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_NEG_REPLY, hdev, cp,
04124681 2145 sizeof(*cp));
96d97a67
WR		 2146 if (!cmd)
2147 return -ENOMEM;
2148
d8457698 2149 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
04124681 2150 sizeof(cp->addr.bdaddr), &cp->addr.bdaddr);
96d97a67
WR		 2151 if (err < 0)
2152 mgmt_pending_remove(cmd);
2153
2154 return err;
2155}
2156
bdb6d971 2157static int pin_code_reply(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2158 u16 len)
980e1a53 2159{
96d97a67 2160 struct hci_conn *conn;
650f726d 2161 struct mgmt_cp_pin_code_reply *cp = data;
980e1a53 2162 struct hci_cp_pin_code_reply reply;
366a0336 2163 struct pending_cmd *cmd;
980e1a53
JH		 2164 int err;
2165
2166 BT_DBG("");
2167
09fd0de5 2168 hci_dev_lock(hdev);
980e1a53 2169
4b34ee78 2170 if (!hdev_is_powered(hdev)) {
bdb6d971 2171 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
04124681 2172 MGMT_STATUS_NOT_POWERED);
980e1a53
JH		 2173 goto failed;
2174 }
2175
d8457698 2176 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->addr.bdaddr);
96d97a67 2177 if (!conn) {
bdb6d971 2178 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
04124681 2179 MGMT_STATUS_NOT_CONNECTED);
96d97a67
WR		 2180 goto failed;
2181 }
2182
2183 if (conn->pending_sec_level == BT_SECURITY_HIGH && cp->pin_len != 16) {
d8457698
JH		 2184 struct mgmt_cp_pin_code_neg_reply ncp;
2185
2186 memcpy(&ncp.addr, &cp->addr, sizeof(ncp.addr));
96d97a67
WR		 2187
2188 BT_ERR("PIN code is not 16 bytes long");
2189
bdb6d971 2190 err = send_pin_code_neg_reply(sk, hdev, &ncp);
96d97a67 2191 if (err >= 0)
bdb6d971 2192 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
04124681 2193 MGMT_STATUS_INVALID_PARAMS);
96d97a67
WR		 2194
2195 goto failed;
2196 }
2197
00abfe44 2198 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_REPLY, hdev, data, len);
366a0336
JH		 2199 if (!cmd) {
2200 err = -ENOMEM;
980e1a53 2201 goto failed;
366a0336 2202 }
980e1a53 2203
d8457698 2204 bacpy(&reply.bdaddr, &cp->addr.bdaddr);
980e1a53 2205 reply.pin_len = cp->pin_len;
24718ca5 2206 memcpy(reply.pin_code, cp->pin_code, sizeof(reply.pin_code));
980e1a53
JH		 2207
2208 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_REPLY, sizeof(reply), &reply);
2209 if (err < 0)
a664b5bc 2210 mgmt_pending_remove(cmd);
980e1a53
JH		 2211
2212failed:
09fd0de5 2213 hci_dev_unlock(hdev);
980e1a53
JH		 2214 return err;
2215}
2216
04124681
GP		 2217static int set_io_capability(struct sock *sk, struct hci_dev *hdev, void *data,
2218 u16 len)
17fa4b9d 2219{
650f726d 2220 struct mgmt_cp_set_io_capability *cp = data;
17fa4b9d
JH		 2221
2222 BT_DBG("");
2223
09fd0de5 2224 hci_dev_lock(hdev);
17fa4b9d
JH		 2225
2226 hdev->io_capability = cp->io_capability;
2227
2228 BT_DBG("%s IO capability set to 0x%02x", hdev->name,
8ce8e2b5 2229 hdev->io_capability);
17fa4b9d 2230
09fd0de5 2231 hci_dev_unlock(hdev);
17fa4b9d 2232
04124681
GP		 2233 return cmd_complete(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY, 0, NULL,
2234 0);
17fa4b9d
JH		 2235}
2236
6039aa73 2237static struct pending_cmd *find_pairing(struct hci_conn *conn)
e9a416b5
JH		 2238{
2239 struct hci_dev *hdev = conn->hdev;
8035ded4 2240 struct pending_cmd *cmd;
e9a416b5 2241
2e58ef3e 2242 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
e9a416b5
JH		 2243 if (cmd->opcode != MGMT_OP_PAIR_DEVICE)
2244 continue;
2245
e9a416b5
JH		 2246 if (cmd->user_data != conn)
2247 continue;
2248
2249 return cmd;
2250 }
2251
2252 return NULL;
2253}
2254
2255static void pairing_complete(struct pending_cmd *cmd, u8 status)
2256{
2257 struct mgmt_rp_pair_device rp;
2258 struct hci_conn *conn = cmd->user_data;
2259
ba4e564f 2260 bacpy(&rp.addr.bdaddr, &conn->dst);
57c1477c 2261 rp.addr.type = link_to_bdaddr(conn->type, conn->dst_type);
e9a416b5 2262
aee9b218 2263 cmd_complete(cmd->sk, cmd->index, MGMT_OP_PAIR_DEVICE, status,
04124681 2264 &rp, sizeof(rp));
e9a416b5
JH		 2265
2266 /* So we don't get further callbacks for this connection */
2267 conn->connect_cfm_cb = NULL;
2268 conn->security_cfm_cb = NULL;
2269 conn->disconn_cfm_cb = NULL;
2270
76a68ba0 2271 hci_conn_drop(conn);
e9a416b5 2272
a664b5bc 2273 mgmt_pending_remove(cmd);
e9a416b5
JH		 2274}
2275
2276static void pairing_complete_cb(struct hci_conn *conn, u8 status)
2277{
2278 struct pending_cmd *cmd;
2279
2280 BT_DBG("status %u", status);
2281
2282 cmd = find_pairing(conn);
56e5cb86 2283 if (!cmd)
e9a416b5 2284 BT_DBG("Unable to find a pending command");
56e5cb86 2285 else
e211326c 2286 pairing_complete(cmd, mgmt_status(status));
e9a416b5
JH		 2287}
2288
4c47d739
VA		 2289static void le_connect_complete_cb(struct hci_conn *conn, u8 status)
2290{
2291 struct pending_cmd *cmd;
2292
2293 BT_DBG("status %u", status);
2294
2295 if (!status)
2296 return;
2297
2298 cmd = find_pairing(conn);
2299 if (!cmd)
2300 BT_DBG("Unable to find a pending command");
2301 else
2302 pairing_complete(cmd, mgmt_status(status));
2303}
2304
bdb6d971 2305static int pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2306 u16 len)
e9a416b5 2307{
650f726d 2308 struct mgmt_cp_pair_device *cp = data;
1425acb7 2309 struct mgmt_rp_pair_device rp;
e9a416b5
JH		 2310 struct pending_cmd *cmd;
2311 u8 sec_level, auth_type;
2312 struct hci_conn *conn;
e9a416b5
JH		 2313 int err;
2314
2315 BT_DBG("");
2316
f950a30e
SJ		 2317 memset(&rp, 0, sizeof(rp));
2318 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2319 rp.addr.type = cp->addr.type;
2320
4ee71b20
JH		 2321 if (!bdaddr_type_is_valid(cp->addr.type))
2322 return cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2323 MGMT_STATUS_INVALID_PARAMS,
2324 &rp, sizeof(rp));
2325
09fd0de5 2326 hci_dev_lock(hdev);
e9a416b5 2327
5f97c1df 2328 if (!hdev_is_powered(hdev)) {
f950a30e
SJ		 2329 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2330 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
5f97c1df
JH		 2331 goto unlock;
2332 }
2333
c908df36
VCG		 2334 sec_level = BT_SECURITY_MEDIUM;
2335 if (cp->io_cap == 0x03)
e9a416b5 2336 auth_type = HCI_AT_DEDICATED_BONDING;
c908df36 2337 else
e9a416b5 2338 auth_type = HCI_AT_DEDICATED_BONDING_MITM;
e9a416b5 2339
591f47f3 2340 if (cp->addr.type == BDADDR_BREDR)
b12f62cf
AG		 2341 conn = hci_connect(hdev, ACL_LINK, &cp->addr.bdaddr,
2342 cp->addr.type, sec_level, auth_type);
7a512d01 2343 else
b12f62cf
AG		 2344 conn = hci_connect(hdev, LE_LINK, &cp->addr.bdaddr,
2345 cp->addr.type, sec_level, auth_type);
7a512d01 2346
30e76272 2347 if (IS_ERR(conn)) {
489dc48e
AK		 2348 int status;
2349
2350 if (PTR_ERR(conn) == -EBUSY)
2351 status = MGMT_STATUS_BUSY;
2352 else
2353 status = MGMT_STATUS_CONNECT_FAILED;
2354
bdb6d971 2355 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
489dc48e 2356 status, &rp,
04124681 2357 sizeof(rp));
e9a416b5
JH		 2358 goto unlock;
2359 }
2360
2361 if (conn->connect_cfm_cb) {
76a68ba0 2362 hci_conn_drop(conn);
bdb6d971 2363 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
04124681 2364 MGMT_STATUS_BUSY, &rp, sizeof(rp));
e9a416b5
JH		 2365 goto unlock;
2366 }
2367
2e58ef3e 2368 cmd = mgmt_pending_add(sk, MGMT_OP_PAIR_DEVICE, hdev, data, len);
e9a416b5
JH		 2369 if (!cmd) {
2370 err = -ENOMEM;
76a68ba0 2371 hci_conn_drop(conn);
e9a416b5
JH		 2372 goto unlock;
2373 }
2374
7a512d01 2375 /* For LE, just connecting isn't a proof that the pairing finished */
591f47f3 2376 if (cp->addr.type == BDADDR_BREDR)
7a512d01 2377 conn->connect_cfm_cb = pairing_complete_cb;
4c47d739
VA		 2378 else
2379 conn->connect_cfm_cb = le_connect_complete_cb;
7a512d01 2380
e9a416b5
JH		 2381 conn->security_cfm_cb = pairing_complete_cb;
2382 conn->disconn_cfm_cb = pairing_complete_cb;
2383 conn->io_capability = cp->io_cap;
2384 cmd->user_data = conn;
2385
2386 if (conn->state == BT_CONNECTED &&
8ce8e2b5 2387 hci_conn_security(conn, sec_level, auth_type))
e9a416b5
JH		 2388 pairing_complete(cmd, 0);
2389
2390 err = 0;
2391
2392unlock:
09fd0de5 2393 hci_dev_unlock(hdev);
e9a416b5
JH		 2394 return err;
2395}
2396
04124681
GP		 2397static int cancel_pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
2398 u16 len)
28424707 2399{
0f4e68cf 2400 struct mgmt_addr_info *addr = data;
28424707
JH		 2401 struct pending_cmd *cmd;
2402 struct hci_conn *conn;
2403 int err;
2404
2405 BT_DBG("");
2406
28424707
JH		 2407 hci_dev_lock(hdev);
2408
5f97c1df 2409 if (!hdev_is_powered(hdev)) {
bdb6d971 2410 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
04124681 2411 MGMT_STATUS_NOT_POWERED);
5f97c1df
JH		 2412 goto unlock;
2413 }
2414
28424707
JH		 2415 cmd = mgmt_pending_find(MGMT_OP_PAIR_DEVICE, hdev);
2416 if (!cmd) {
bdb6d971 2417 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
04124681 2418 MGMT_STATUS_INVALID_PARAMS);
28424707
JH		 2419 goto unlock;
2420 }
2421
2422 conn = cmd->user_data;
2423
2424 if (bacmp(&addr->bdaddr, &conn->dst) != 0) {
bdb6d971 2425 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
04124681 2426 MGMT_STATUS_INVALID_PARAMS);
28424707
JH		 2427 goto unlock;
2428 }
2429
2430 pairing_complete(cmd, MGMT_STATUS_CANCELLED);
2431
bdb6d971 2432 err = cmd_complete(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE, 0,
04124681 2433 addr, sizeof(*addr));
28424707
JH		 2434unlock:
2435 hci_dev_unlock(hdev);
28424707
JH		 2436 return err;
2437}
2438
bdb6d971 2439static int user_pairing_resp(struct sock *sk, struct hci_dev *hdev,
1707c60e 2440 struct mgmt_addr_info *addr, u16 mgmt_op,
04124681 2441 u16 hci_op, __le32 passkey)
a5c29683 2442{
a5c29683 2443 struct pending_cmd *cmd;
0df4c185 2444 struct hci_conn *conn;
a5c29683
JH		 2445 int err;
2446
09fd0de5 2447 hci_dev_lock(hdev);
08ba5382 2448
4b34ee78 2449 if (!hdev_is_powered(hdev)) {
feb94d3d
JH		 2450 err = cmd_complete(sk, hdev->id, mgmt_op,
2451 MGMT_STATUS_NOT_POWERED, addr,
2452 sizeof(*addr));
0df4c185 2453 goto done;
a5c29683
JH		 2454 }
2455
1707c60e
JH		 2456 if (addr->type == BDADDR_BREDR)
2457 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &addr->bdaddr);
272d90df 2458 else
1707c60e 2459 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &addr->bdaddr);
272d90df
JH		 2460
2461 if (!conn) {
feb94d3d
JH		 2462 err = cmd_complete(sk, hdev->id, mgmt_op,
2463 MGMT_STATUS_NOT_CONNECTED, addr,
2464 sizeof(*addr));
272d90df
JH		 2465 goto done;
2466 }
47c15e2b 2467
1707c60e 2468 if (addr->type == BDADDR_LE_PUBLIC || addr->type == BDADDR_LE_RANDOM) {
47c15e2b 2469 /* Continue with pairing via SMP */
5fe57d9e
BG		 2470 err = smp_user_confirm_reply(conn, mgmt_op, passkey);
2471
2472 if (!err)
feb94d3d
JH		 2473 err = cmd_complete(sk, hdev->id, mgmt_op,
2474 MGMT_STATUS_SUCCESS, addr,
2475 sizeof(*addr));
5fe57d9e 2476 else
feb94d3d
JH		 2477 err = cmd_complete(sk, hdev->id, mgmt_op,
2478 MGMT_STATUS_FAILED, addr,
2479 sizeof(*addr));
47c15e2b 2480
47c15e2b
BG		 2481 goto done;
2482 }
2483
1707c60e 2484 cmd = mgmt_pending_add(sk, mgmt_op, hdev, addr, sizeof(*addr));
a5c29683
JH		 2485 if (!cmd) {
2486 err = -ENOMEM;
0df4c185 2487 goto done;
a5c29683
JH		 2488 }
2489
0df4c185 2490 /* Continue with pairing via HCI */
604086b7
BG		 2491 if (hci_op == HCI_OP_USER_PASSKEY_REPLY) {
2492 struct hci_cp_user_passkey_reply cp;
2493
1707c60e 2494 bacpy(&cp.bdaddr, &addr->bdaddr);
604086b7
BG		 2495 cp.passkey = passkey;
2496 err = hci_send_cmd(hdev, hci_op, sizeof(cp), &cp);
2497 } else
1707c60e
JH		 2498 err = hci_send_cmd(hdev, hci_op, sizeof(addr->bdaddr),
2499 &addr->bdaddr);
604086b7 2500
a664b5bc
JH		 2501 if (err < 0)
2502 mgmt_pending_remove(cmd);
a5c29683 2503
0df4c185 2504done:
09fd0de5 2505 hci_dev_unlock(hdev);
a5c29683
JH		 2506 return err;
2507}
2508
afeb019d
JK		 2509static int pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
2510 void *data, u16 len)
2511{
2512 struct mgmt_cp_pin_code_neg_reply *cp = data;
2513
2514 BT_DBG("");
2515
1707c60e 2516 return user_pairing_resp(sk, hdev, &cp->addr,
afeb019d
JK		 2517 MGMT_OP_PIN_CODE_NEG_REPLY,
2518 HCI_OP_PIN_CODE_NEG_REPLY, 0);
2519}
2520
04124681
GP		 2521static int user_confirm_reply(struct sock *sk, struct hci_dev *hdev, void *data,
2522 u16 len)
0df4c185 2523{
650f726d 2524 struct mgmt_cp_user_confirm_reply *cp = data;
0df4c185
BG		 2525
2526 BT_DBG("");
2527
2528 if (len != sizeof(*cp))
bdb6d971 2529 return cmd_status(sk, hdev->id, MGMT_OP_USER_CONFIRM_REPLY,
04124681 2530 MGMT_STATUS_INVALID_PARAMS);
0df4c185 2531
1707c60e 2532 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 2533 MGMT_OP_USER_CONFIRM_REPLY,
2534 HCI_OP_USER_CONFIRM_REPLY, 0);
0df4c185
BG		 2535}
2536
bdb6d971 2537static int user_confirm_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 2538 void *data, u16 len)
0df4c185 2539{
c9c2659f 2540 struct mgmt_cp_user_confirm_neg_reply *cp = data;
0df4c185
BG		 2541
2542 BT_DBG("");
2543
1707c60e 2544 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 2545 MGMT_OP_USER_CONFIRM_NEG_REPLY,
2546 HCI_OP_USER_CONFIRM_NEG_REPLY, 0);
0df4c185
BG		 2547}
2548
04124681
GP		 2549static int user_passkey_reply(struct sock *sk, struct hci_dev *hdev, void *data,
2550 u16 len)
604086b7 2551{
650f726d 2552 struct mgmt_cp_user_passkey_reply *cp = data;
604086b7
BG		 2553
2554 BT_DBG("");
2555
1707c60e 2556 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 2557 MGMT_OP_USER_PASSKEY_REPLY,
2558 HCI_OP_USER_PASSKEY_REPLY, cp->passkey);
604086b7
BG		 2559}
2560
bdb6d971 2561static int user_passkey_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 2562 void *data, u16 len)
604086b7 2563{
650f726d 2564 struct mgmt_cp_user_passkey_neg_reply *cp = data;
604086b7
BG		 2565
2566 BT_DBG("");
2567
1707c60e 2568 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 2569 MGMT_OP_USER_PASSKEY_NEG_REPLY,
2570 HCI_OP_USER_PASSKEY_NEG_REPLY, 0);
604086b7
BG		 2571}
2572
13928971 2573static void update_name(struct hci_request *req)
2b4bf397 2574{
13928971 2575 struct hci_dev *hdev = req->hdev;
2b4bf397
JH		 2576 struct hci_cp_write_local_name cp;
2577
13928971 2578 memcpy(cp.name, hdev->dev_name, sizeof(cp.name));
2b4bf397 2579
890ea898 2580 hci_req_add(req, HCI_OP_WRITE_LOCAL_NAME, sizeof(cp), &cp);
2b4bf397
JH		 2581}
2582
13928971
JH		 2583static void set_name_complete(struct hci_dev *hdev, u8 status)
2584{
2585 struct mgmt_cp_set_local_name *cp;
2586 struct pending_cmd *cmd;
2587
2588 BT_DBG("status 0x%02x", status);
2589
2590 hci_dev_lock(hdev);
2591
2592 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
2593 if (!cmd)
2594 goto unlock;
2595
2596 cp = cmd->param;
2597
2598 if (status)
2599 cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME,
2600 mgmt_status(status));
2601 else
2602 cmd_complete(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
2603 cp, sizeof(*cp));
2604
2605 mgmt_pending_remove(cmd);
2606
2607unlock:
2608 hci_dev_unlock(hdev);
2609}
2610
bdb6d971 2611static int set_local_name(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2612 u16 len)
b312b161 2613{
2b4bf397 2614 struct mgmt_cp_set_local_name *cp = data;
b312b161 2615 struct pending_cmd *cmd;
890ea898 2616 struct hci_request req;
b312b161
JH		 2617 int err;
2618
2619 BT_DBG("");
2620
09fd0de5 2621 hci_dev_lock(hdev);
b312b161 2622
b3f2ca94
JH		 2623 /* If the old values are the same as the new ones just return a
2624 * direct command complete event.
2625 */
2626 if (!memcmp(hdev->dev_name, cp->name, sizeof(hdev->dev_name)) &&
2627 !memcmp(hdev->short_name, cp->short_name,
2628 sizeof(hdev->short_name))) {
2629 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
2630 data, len);
2631 goto failed;
2632 }
2633
2b4bf397 2634 memcpy(hdev->short_name, cp->short_name, sizeof(hdev->short_name));
28cc7bde 2635
b5235a65 2636 if (!hdev_is_powered(hdev)) {
2b4bf397 2637 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
28cc7bde
JH		 2638
2639 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
04124681 2640 data, len);
28cc7bde
JH		 2641 if (err < 0)
2642 goto failed;
2643
2644 err = mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, data, len,
04124681 2645 sk);
28cc7bde 2646
b5235a65
JH		 2647 goto failed;
2648 }
2649
28cc7bde 2650 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LOCAL_NAME, hdev, data, len);
b312b161
JH		 2651 if (!cmd) {
2652 err = -ENOMEM;
2653 goto failed;
2654 }
2655
13928971
JH		 2656 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
2657
890ea898 2658 hci_req_init(&req, hdev);
3f985050
JH		 2659
2660 if (lmp_bredr_capable(hdev)) {
2661 update_name(&req);
2662 update_eir(&req);
2663 }
2664
2665 if (lmp_le_capable(hdev))
2666 hci_update_ad(&req);
2667
13928971 2668 err = hci_req_run(&req, set_name_complete);
b312b161
JH		 2669 if (err < 0)
2670 mgmt_pending_remove(cmd);
2671
2672failed:
09fd0de5 2673 hci_dev_unlock(hdev);
b312b161
JH		 2674 return err;
2675}
2676
0f4e68cf 2677static int read_local_oob_data(struct sock *sk, struct hci_dev *hdev,
04124681 2678 void *data, u16 data_len)
c35938b2 2679{
c35938b2
SJ		 2680 struct pending_cmd *cmd;
2681 int err;
2682
bdb6d971 2683 BT_DBG("%s", hdev->name);
c35938b2 2684
09fd0de5 2685 hci_dev_lock(hdev);
c35938b2 2686
4b34ee78 2687 if (!hdev_is_powered(hdev)) {
bdb6d971 2688 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
04124681 2689 MGMT_STATUS_NOT_POWERED);
c35938b2
SJ		 2690 goto unlock;
2691 }
2692
9a1a1996 2693 if (!lmp_ssp_capable(hdev)) {
bdb6d971 2694 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
04124681 2695 MGMT_STATUS_NOT_SUPPORTED);
c35938b2
SJ		 2696 goto unlock;
2697 }
2698
2e58ef3e 2699 if (mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev)) {
bdb6d971 2700 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
04124681 2701 MGMT_STATUS_BUSY);
c35938b2
SJ		 2702 goto unlock;
2703 }
2704
2e58ef3e 2705 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_DATA, hdev, NULL, 0);
c35938b2
SJ		 2706 if (!cmd) {
2707 err = -ENOMEM;
2708 goto unlock;
2709 }
2710
2711 err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL);
2712 if (err < 0)
2713 mgmt_pending_remove(cmd);
2714
2715unlock:
09fd0de5 2716 hci_dev_unlock(hdev);
c35938b2
SJ		 2717 return err;
2718}
2719
bdb6d971 2720static int add_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
04124681 2721 void *data, u16 len)
2763eda6 2722{
650f726d 2723 struct mgmt_cp_add_remote_oob_data *cp = data;
bf1e3541 2724 u8 status;
2763eda6
SJ		 2725 int err;
2726
bdb6d971 2727 BT_DBG("%s ", hdev->name);
2763eda6 2728
09fd0de5 2729 hci_dev_lock(hdev);
2763eda6 2730
664ce4cc 2731 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr, cp->hash,
04124681 2732 cp->randomizer);
2763eda6 2733 if (err < 0)
bf1e3541 2734 status = MGMT_STATUS_FAILED;
2763eda6 2735 else
a6785be2 2736 status = MGMT_STATUS_SUCCESS;
bf1e3541 2737
bdb6d971 2738 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA, status,
04124681 2739 &cp->addr, sizeof(cp->addr));
2763eda6 2740
09fd0de5 2741 hci_dev_unlock(hdev);
2763eda6
SJ		 2742 return err;
2743}
2744
bdb6d971 2745static int remove_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
8ce8e2b5 2746 void *data, u16 len)
2763eda6 2747{
650f726d 2748 struct mgmt_cp_remove_remote_oob_data *cp = data;
bf1e3541 2749 u8 status;
2763eda6
SJ		 2750 int err;
2751
bdb6d971 2752 BT_DBG("%s", hdev->name);
2763eda6 2753
09fd0de5 2754 hci_dev_lock(hdev);
2763eda6 2755
664ce4cc 2756 err = hci_remove_remote_oob_data(hdev, &cp->addr.bdaddr);
2763eda6 2757 if (err < 0)
bf1e3541 2758 status = MGMT_STATUS_INVALID_PARAMS;
2763eda6 2759 else
a6785be2 2760 status = MGMT_STATUS_SUCCESS;
bf1e3541 2761
bdb6d971 2762 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
04124681 2763 status, &cp->addr, sizeof(cp->addr));
2763eda6 2764
09fd0de5 2765 hci_dev_unlock(hdev);
2763eda6
SJ		 2766 return err;
2767}
2768
41dc2bd6
AG		 2769static int mgmt_start_discovery_failed(struct hci_dev *hdev, u8 status)
2770{
2771 struct pending_cmd *cmd;
2772 u8 type;
2773 int err;
2774
2775 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
2776
2777 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
2778 if (!cmd)
2779 return -ENOENT;
2780
2781 type = hdev->discovery.type;
2782
2783 err = cmd_complete(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status),
2784 &type, sizeof(type));
2785 mgmt_pending_remove(cmd);
2786
2787 return err;
2788}
2789
7c307720
AG		 2790static void start_discovery_complete(struct hci_dev *hdev, u8 status)
2791{
2792 BT_DBG("status %d", status);
2793
2794 if (status) {
2795 hci_dev_lock(hdev);
2796 mgmt_start_discovery_failed(hdev, status);
2797 hci_dev_unlock(hdev);
2798 return;
2799 }
2800
2801 hci_dev_lock(hdev);
2802 hci_discovery_set_state(hdev, DISCOVERY_FINDING);
2803 hci_dev_unlock(hdev);
2804
2805 switch (hdev->discovery.type) {
2806 case DISCOV_TYPE_LE:
2807 queue_delayed_work(hdev->workqueue, &hdev->le_scan_disable,
0d8cc935 2808 DISCOV_LE_TIMEOUT);
7c307720
AG		 2809 break;
2810
2811 case DISCOV_TYPE_INTERLEAVED:
2812 queue_delayed_work(hdev->workqueue, &hdev->le_scan_disable,
0d8cc935 2813 DISCOV_INTERLEAVED_TIMEOUT);
7c307720
AG		 2814 break;
2815
2816 case DISCOV_TYPE_BREDR:
2817 break;
2818
2819 default:
2820 BT_ERR("Invalid discovery type %d", hdev->discovery.type);
2821 }
2822}
2823
bdb6d971 2824static int start_discovery(struct sock *sk, struct hci_dev *hdev,
04124681 2825 void *data, u16 len)
14a53664 2826{
650f726d 2827 struct mgmt_cp_start_discovery *cp = data;
14a53664 2828 struct pending_cmd *cmd;
7c307720
AG		 2829 struct hci_cp_le_set_scan_param param_cp;
2830 struct hci_cp_le_set_scan_enable enable_cp;
2831 struct hci_cp_inquiry inq_cp;
2832 struct hci_request req;
2833 /* General inquiry access code (GIAC) */
2834 u8 lap[3] = { 0x33, 0x8b, 0x9e };
e6fe7986 2835 u8 status;
14a53664
JH		 2836 int err;
2837
bdb6d971 2838 BT_DBG("%s", hdev->name);
14a53664 2839
09fd0de5 2840 hci_dev_lock(hdev);
14a53664 2841
4b34ee78 2842 if (!hdev_is_powered(hdev)) {
bdb6d971 2843 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
04124681 2844 MGMT_STATUS_NOT_POWERED);
bd2d1334
JH		 2845 goto failed;
2846 }
2847
642be6c7
AG		 2848 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags)) {
2849 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2850 MGMT_STATUS_BUSY);
2851 goto failed;
2852 }
2853
ff9ef578 2854 if (hdev->discovery.state != DISCOVERY_STOPPED) {
bdb6d971 2855 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
04124681 2856 MGMT_STATUS_BUSY);
ff9ef578
JH		 2857 goto failed;
2858 }
2859
2e58ef3e 2860 cmd = mgmt_pending_add(sk, MGMT_OP_START_DISCOVERY, hdev, NULL, 0);
14a53664
JH		 2861 if (!cmd) {
2862 err = -ENOMEM;
2863 goto failed;
2864 }
2865
4aab14e5
AG		 2866 hdev->discovery.type = cp->type;
2867
7c307720
AG		 2868 hci_req_init(&req, hdev);
2869
4aab14e5 2870 switch (hdev->discovery.type) {
f39799f5 2871 case DISCOV_TYPE_BREDR:
e6fe7986
JH		 2872 status = mgmt_bredr_support(hdev);
2873 if (status) {
04106755 2874 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
e6fe7986 2875 status);
04106755
JH		 2876 mgmt_pending_remove(cmd);
2877 goto failed;
2878 }
2879
7c307720
AG		 2880 if (test_bit(HCI_INQUIRY, &hdev->flags)) {
2881 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2882 MGMT_STATUS_BUSY);
2883 mgmt_pending_remove(cmd);
2884 goto failed;
2885 }
2886
2887 hci_inquiry_cache_flush(hdev);
2888
2889 memset(&inq_cp, 0, sizeof(inq_cp));
2890 memcpy(&inq_cp.lap, lap, sizeof(inq_cp.lap));
0d8cc935 2891 inq_cp.length = DISCOV_BREDR_INQUIRY_LEN;
7c307720 2892 hci_req_add(&req, HCI_OP_INQUIRY, sizeof(inq_cp), &inq_cp);
f39799f5
AG		 2893 break;
2894
2895 case DISCOV_TYPE_LE:
7c307720 2896 case DISCOV_TYPE_INTERLEAVED:
e6fe7986
JH		 2897 status = mgmt_le_support(hdev);
2898 if (status) {
04106755 2899 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
e6fe7986 2900 status);
04106755
JH		 2901 mgmt_pending_remove(cmd);
2902 goto failed;
2903 }
2904
7c307720 2905 if (hdev->discovery.type == DISCOV_TYPE_INTERLEAVED &&
56f87901 2906 !test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
04106755
JH		 2907 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2908 MGMT_STATUS_NOT_SUPPORTED);
2909 mgmt_pending_remove(cmd);
2910 goto failed;
2911 }
2912
f3d3444a 2913 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags)) {
7c307720
AG		 2914 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2915 MGMT_STATUS_REJECTED);
2916 mgmt_pending_remove(cmd);
2917 goto failed;
2918 }
2919
2920 if (test_bit(HCI_LE_SCAN, &hdev->dev_flags)) {
2921 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2922 MGMT_STATUS_BUSY);
2923 mgmt_pending_remove(cmd);
2924 goto failed;
2925 }
2926
2927 memset(&param_cp, 0, sizeof(param_cp));
2928 param_cp.type = LE_SCAN_ACTIVE;
0d8cc935
AG		 2929 param_cp.interval = cpu_to_le16(DISCOV_LE_SCAN_INT);
2930 param_cp.window = cpu_to_le16(DISCOV_LE_SCAN_WIN);
c25dfc61
MH		 2931 if (bacmp(&hdev->bdaddr, BDADDR_ANY))
2932 param_cp.own_address_type = ADDR_LE_DEV_PUBLIC;
2933 else
2934 param_cp.own_address_type = ADDR_LE_DEV_RANDOM;
7c307720
AG		 2935 hci_req_add(&req, HCI_OP_LE_SET_SCAN_PARAM, sizeof(param_cp),
2936 &param_cp);
2937
2938 memset(&enable_cp, 0, sizeof(enable_cp));
2939 enable_cp.enable = LE_SCAN_ENABLE;
2940 enable_cp.filter_dup = LE_SCAN_FILTER_DUP_ENABLE;
2941 hci_req_add(&req, HCI_OP_LE_SET_SCAN_ENABLE, sizeof(enable_cp),
2942 &enable_cp);
5e0452c0
AG		 2943 break;
2944
f39799f5 2945 default:
04106755
JH		 2946 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2947 MGMT_STATUS_INVALID_PARAMS);
2948 mgmt_pending_remove(cmd);
2949 goto failed;
f39799f5 2950 }
3fd24153 2951
7c307720 2952 err = hci_req_run(&req, start_discovery_complete);
14a53664
JH		 2953 if (err < 0)
2954 mgmt_pending_remove(cmd);
ff9ef578
JH		 2955 else
2956 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
14a53664
JH		 2957
2958failed:
09fd0de5 2959 hci_dev_unlock(hdev);
14a53664
JH		 2960 return err;
2961}
2962
1183fdca
AG		 2963static int mgmt_stop_discovery_failed(struct hci_dev *hdev, u8 status)
2964{
2965 struct pending_cmd *cmd;
2966 int err;
2967
2968 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
2969 if (!cmd)
2970 return -ENOENT;
2971
2972 err = cmd_complete(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status),
2973 &hdev->discovery.type, sizeof(hdev->discovery.type));
2974 mgmt_pending_remove(cmd);
2975
2976 return err;
2977}
2978
0e05bba6
AG		 2979static void stop_discovery_complete(struct hci_dev *hdev, u8 status)
2980{
2981 BT_DBG("status %d", status);
2982
2983 hci_dev_lock(hdev);
2984
2985 if (status) {
2986 mgmt_stop_discovery_failed(hdev, status);
2987 goto unlock;
2988 }
2989
2990 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
2991
2992unlock:
2993 hci_dev_unlock(hdev);
2994}
2995
bdb6d971 2996static int stop_discovery(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2997 u16 len)
14a53664 2998{
d930650b 2999 struct mgmt_cp_stop_discovery *mgmt_cp = data;
14a53664 3000 struct pending_cmd *cmd;
30dc78e1
JH		 3001 struct hci_cp_remote_name_req_cancel cp;
3002 struct inquiry_entry *e;
0e05bba6
AG		 3003 struct hci_request req;
3004 struct hci_cp_le_set_scan_enable enable_cp;
14a53664
JH		 3005 int err;
3006
bdb6d971 3007 BT_DBG("%s", hdev->name);
14a53664 3008
09fd0de5 3009 hci_dev_lock(hdev);
14a53664 3010
30dc78e1 3011 if (!hci_discovery_active(hdev)) {
bdb6d971 3012 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
04124681
GP		 3013 MGMT_STATUS_REJECTED, &mgmt_cp->type,
3014 sizeof(mgmt_cp->type));
d930650b
JH		 3015 goto unlock;
3016 }
3017
3018 if (hdev->discovery.type != mgmt_cp->type) {
bdb6d971 3019 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
04124681
GP		 3020 MGMT_STATUS_INVALID_PARAMS, &mgmt_cp->type,
3021 sizeof(mgmt_cp->type));
30dc78e1 3022 goto unlock;
ff9ef578
JH		 3023 }
3024
2e58ef3e 3025 cmd = mgmt_pending_add(sk, MGMT_OP_STOP_DISCOVERY, hdev, NULL, 0);
14a53664
JH		 3026 if (!cmd) {
3027 err = -ENOMEM;
30dc78e1
JH		 3028 goto unlock;
3029 }
3030
0e05bba6
AG		 3031 hci_req_init(&req, hdev);
3032
e0d9727e
AG		 3033 switch (hdev->discovery.state) {
3034 case DISCOVERY_FINDING:
0e05bba6
AG		 3035 if (test_bit(HCI_INQUIRY, &hdev->flags)) {
3036 hci_req_add(&req, HCI_OP_INQUIRY_CANCEL, 0, NULL);
3037 } else {
3038 cancel_delayed_work(&hdev->le_scan_disable);
3039
3040 memset(&enable_cp, 0, sizeof(enable_cp));
3041 enable_cp.enable = LE_SCAN_DISABLE;
3042 hci_req_add(&req, HCI_OP_LE_SET_SCAN_ENABLE,
3043 sizeof(enable_cp), &enable_cp);
3044 }
c9ecc48e 3045
e0d9727e
AG		 3046 break;
3047
3048 case DISCOVERY_RESOLVING:
3049 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY,
8ce8e2b5 3050 NAME_PENDING);
e0d9727e 3051 if (!e) {
30dc78e1 3052 mgmt_pending_remove(cmd);
e0d9727e
AG		 3053 err = cmd_complete(sk, hdev->id,
3054 MGMT_OP_STOP_DISCOVERY, 0,
3055 &mgmt_cp->type,
3056 sizeof(mgmt_cp->type));
3057 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
3058 goto unlock;
3059 }
30dc78e1 3060
e0d9727e 3061 bacpy(&cp.bdaddr, &e->data.bdaddr);
0e05bba6
AG		 3062 hci_req_add(&req, HCI_OP_REMOTE_NAME_REQ_CANCEL, sizeof(cp),
3063 &cp);
e0d9727e
AG		 3064
3065 break;
3066
3067 default:
3068 BT_DBG("unknown discovery state %u", hdev->discovery.state);
0e05bba6
AG		 3069
3070 mgmt_pending_remove(cmd);
3071 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
3072 MGMT_STATUS_FAILED, &mgmt_cp->type,
3073 sizeof(mgmt_cp->type));
3074 goto unlock;
14a53664
JH		 3075 }
3076
0e05bba6 3077 err = hci_req_run(&req, stop_discovery_complete);
14a53664
JH		 3078 if (err < 0)
3079 mgmt_pending_remove(cmd);
ff9ef578
JH		 3080 else
3081 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
14a53664 3082
30dc78e1 3083unlock:
09fd0de5 3084 hci_dev_unlock(hdev);
14a53664
JH		 3085 return err;
3086}
3087
bdb6d971 3088static int confirm_name(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3089 u16 len)
561aafbc 3090{
650f726d 3091 struct mgmt_cp_confirm_name *cp = data;
561aafbc 3092 struct inquiry_entry *e;
561aafbc
JH		 3093 int err;
3094
bdb6d971 3095 BT_DBG("%s", hdev->name);
561aafbc 3096
561aafbc
JH		 3097 hci_dev_lock(hdev);
3098
30dc78e1 3099 if (!hci_discovery_active(hdev)) {
bdb6d971 3100 err = cmd_status(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
04124681 3101 MGMT_STATUS_FAILED);
30dc78e1
JH		 3102 goto failed;
3103 }
3104
a198e7b1 3105 e = hci_inquiry_cache_lookup_unknown(hdev, &cp->addr.bdaddr);
561aafbc 3106 if (!e) {
bdb6d971 3107 err = cmd_status(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
04124681 3108 MGMT_STATUS_INVALID_PARAMS);
561aafbc
JH		 3109 goto failed;
3110 }
3111
3112 if (cp->name_known) {
3113 e->name_state = NAME_KNOWN;
3114 list_del(&e->list);
3115 } else {
3116 e->name_state = NAME_NEEDED;
a3d4e20a 3117 hci_inquiry_cache_update_resolve(hdev, e);
561aafbc
JH		 3118 }
3119
e384662b
JH		 3120 err = cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME, 0, &cp->addr,
3121 sizeof(cp->addr));
561aafbc
JH		 3122
3123failed:
3124 hci_dev_unlock(hdev);
561aafbc
JH		 3125 return err;
3126}
3127
bdb6d971 3128static int block_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3129 u16 len)
7fbec224 3130{
650f726d 3131 struct mgmt_cp_block_device *cp = data;
f0eeea8b 3132 u8 status;
7fbec224
AJ		 3133 int err;
3134
bdb6d971 3135 BT_DBG("%s", hdev->name);
7fbec224 3136
4ee71b20 3137 if (!bdaddr_type_is_valid(cp->addr.type))
5d0846d4
JH		 3138 return cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE,
3139 MGMT_STATUS_INVALID_PARAMS,
3140 &cp->addr, sizeof(cp->addr));
4ee71b20 3141
09fd0de5 3142 hci_dev_lock(hdev);
5e762444 3143
88c1fe4b 3144 err = hci_blacklist_add(hdev, &cp->addr.bdaddr, cp->addr.type);
7fbec224 3145 if (err < 0)
f0eeea8b 3146 status = MGMT_STATUS_FAILED;
7fbec224 3147 else
a6785be2 3148 status = MGMT_STATUS_SUCCESS;
f0eeea8b 3149
bdb6d971 3150 err = cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE, status,
04124681 3151 &cp->addr, sizeof(cp->addr));
5e762444 3152
09fd0de5 3153 hci_dev_unlock(hdev);
7fbec224
AJ		 3154
3155 return err;
3156}
3157
bdb6d971 3158static int unblock_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3159 u16 len)
7fbec224 3160{
650f726d 3161 struct mgmt_cp_unblock_device *cp = data;
f0eeea8b 3162 u8 status;
7fbec224
AJ		 3163 int err;
3164
bdb6d971 3165 BT_DBG("%s", hdev->name);
7fbec224 3166
4ee71b20 3167 if (!bdaddr_type_is_valid(cp->addr.type))
5d0846d4
JH		 3168 return cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE,
3169 MGMT_STATUS_INVALID_PARAMS,
3170 &cp->addr, sizeof(cp->addr));
4ee71b20 3171
09fd0de5 3172 hci_dev_lock(hdev);
5e762444 3173
88c1fe4b 3174 err = hci_blacklist_del(hdev, &cp->addr.bdaddr, cp->addr.type);
7fbec224 3175 if (err < 0)
f0eeea8b 3176 status = MGMT_STATUS_INVALID_PARAMS;
7fbec224 3177 else
a6785be2 3178 status = MGMT_STATUS_SUCCESS;
f0eeea8b 3179
bdb6d971 3180 err = cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE, status,
04124681 3181 &cp->addr, sizeof(cp->addr));
5e762444 3182
09fd0de5 3183 hci_dev_unlock(hdev);
7fbec224
AJ		 3184
3185 return err;
3186}
3187
cdbaccca
MH		 3188static int set_device_id(struct sock *sk, struct hci_dev *hdev, void *data,
3189 u16 len)
3190{
3191 struct mgmt_cp_set_device_id *cp = data;
890ea898 3192 struct hci_request req;
cdbaccca 3193 int err;
c72d4b8a 3194 __u16 source;
cdbaccca
MH		 3195
3196 BT_DBG("%s", hdev->name);
3197
c72d4b8a
SJ		 3198 source = __le16_to_cpu(cp->source);
3199
3200 if (source > 0x0002)
3201 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEVICE_ID,
3202 MGMT_STATUS_INVALID_PARAMS);
3203
cdbaccca
MH		 3204 hci_dev_lock(hdev);
3205
c72d4b8a 3206 hdev->devid_source = source;
cdbaccca
MH		 3207 hdev->devid_vendor = __le16_to_cpu(cp->vendor);
3208 hdev->devid_product = __le16_to_cpu(cp->product);
3209 hdev->devid_version = __le16_to_cpu(cp->version);
3210
3211 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEVICE_ID, 0, NULL, 0);
3212
890ea898
JH		 3213 hci_req_init(&req, hdev);
3214 update_eir(&req);
3215 hci_req_run(&req, NULL);
cdbaccca
MH		 3216
3217 hci_dev_unlock(hdev);
3218
3219 return err;
3220}
3221
4375f103
JH		 3222static void set_advertising_complete(struct hci_dev *hdev, u8 status)
3223{
3224 struct cmd_lookup match = { NULL, hdev };
3225
3226 if (status) {
3227 u8 mgmt_err = mgmt_status(status);
3228
3229 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev,
3230 cmd_status_rsp, &mgmt_err);
3231 return;
3232 }
3233
3234 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev, settings_rsp,
3235 &match);
3236
3237 new_settings(hdev, match.sk);
3238
3239 if (match.sk)
3240 sock_put(match.sk);
3241}
3242
3243static int set_advertising(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
3244{
3245 struct mgmt_mode *cp = data;
3246 struct pending_cmd *cmd;
3247 struct hci_request req;
e6fe7986 3248 u8 val, enabled, status;
4375f103
JH		 3249 int err;
3250
3251 BT_DBG("request for %s", hdev->name);
3252
e6fe7986
JH		 3253 status = mgmt_le_support(hdev);
3254 if (status)
4375f103 3255 return cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
e6fe7986 3256 status);
4375f103
JH		 3257
3258 if (cp->val != 0x00 && cp->val != 0x01)
3259 return cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
3260 MGMT_STATUS_INVALID_PARAMS);
3261
3262 hci_dev_lock(hdev);
3263
3264 val = !!cp->val;
f3d3444a 3265 enabled = test_bit(HCI_ADVERTISING, &hdev->dev_flags);
4375f103
JH		 3266
3267 if (!hdev_is_powered(hdev) || val == enabled) {
3268 bool changed = false;
3269
f3d3444a
JH		 3270 if (val != test_bit(HCI_ADVERTISING, &hdev->dev_flags)) {
3271 change_bit(HCI_ADVERTISING, &hdev->dev_flags);
4375f103
JH		 3272 changed = true;
3273 }
3274
3275 err = send_settings_rsp(sk, MGMT_OP_SET_ADVERTISING, hdev);
3276 if (err < 0)
3277 goto unlock;
3278
3279 if (changed)
3280 err = new_settings(hdev, sk);
3281
3282 goto unlock;
3283 }
3284
3285 if (mgmt_pending_find(MGMT_OP_SET_ADVERTISING, hdev) ||
3286 mgmt_pending_find(MGMT_OP_SET_LE, hdev)) {
3287 err = cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
3288 MGMT_STATUS_BUSY);
3289 goto unlock;
3290 }
3291
3292 cmd = mgmt_pending_add(sk, MGMT_OP_SET_ADVERTISING, hdev, data, len);
3293 if (!cmd) {
3294 err = -ENOMEM;
3295 goto unlock;
3296 }
3297
3298 hci_req_init(&req, hdev);
3299
bba3aa55
MH		 3300 if (val)
3301 enable_advertising(&req);
3302 else
3303 disable_advertising(&req);
4375f103
JH		 3304
3305 err = hci_req_run(&req, set_advertising_complete);
3306 if (err < 0)
3307 mgmt_pending_remove(cmd);
3308
3309unlock:
3310 hci_dev_unlock(hdev);
3311 return err;
3312}
3313
d13eafce
MH		 3314static int set_static_address(struct sock *sk, struct hci_dev *hdev,
3315 void *data, u16 len)
3316{
3317 struct mgmt_cp_set_static_address *cp = data;
3318 int err;
3319
3320 BT_DBG("%s", hdev->name);
3321
62af4443 3322 if (!lmp_le_capable(hdev))
d13eafce 3323 return cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
62af4443 3324 MGMT_STATUS_NOT_SUPPORTED);
d13eafce
MH		 3325
3326 if (hdev_is_powered(hdev))
3327 return cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
3328 MGMT_STATUS_REJECTED);
3329
3330 if (bacmp(&cp->bdaddr, BDADDR_ANY)) {
3331 if (!bacmp(&cp->bdaddr, BDADDR_NONE))
3332 return cmd_status(sk, hdev->id,
3333 MGMT_OP_SET_STATIC_ADDRESS,
3334 MGMT_STATUS_INVALID_PARAMS);
3335
3336 /* Two most significant bits shall be set */
3337 if ((cp->bdaddr.b[5] & 0xc0) != 0xc0)
3338 return cmd_status(sk, hdev->id,
3339 MGMT_OP_SET_STATIC_ADDRESS,
3340 MGMT_STATUS_INVALID_PARAMS);
3341 }
3342
3343 hci_dev_lock(hdev);
3344
3345 bacpy(&hdev->static_addr, &cp->bdaddr);
3346
3347 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS, 0, NULL, 0);
3348
3349 hci_dev_unlock(hdev);
3350
3351 return err;
3352}
3353
33e38b3e
JH		 3354static void fast_connectable_complete(struct hci_dev *hdev, u8 status)
3355{
3356 struct pending_cmd *cmd;
3357
3358 BT_DBG("status 0x%02x", status);
3359
3360 hci_dev_lock(hdev);
3361
3362 cmd = mgmt_pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev);
3363 if (!cmd)
3364 goto unlock;
3365
3366 if (status) {
3367 cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
3368 mgmt_status(status));
3369 } else {
1a4d3c4b
JH		 3370 struct mgmt_mode *cp = cmd->param;
3371
3372 if (cp->val)
3373 set_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
3374 else
3375 clear_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
3376
33e38b3e
JH		 3377 send_settings_rsp(cmd->sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev);
3378 new_settings(hdev, cmd->sk);
3379 }
3380
3381 mgmt_pending_remove(cmd);
3382
3383unlock:
3384 hci_dev_unlock(hdev);
3385}
3386
bdb6d971 3387static int set_fast_connectable(struct sock *sk, struct hci_dev *hdev,
04124681 3388 void *data, u16 len)
f6422ec6 3389{
650f726d 3390 struct mgmt_mode *cp = data;
33e38b3e
JH		 3391 struct pending_cmd *cmd;
3392 struct hci_request req;
f6422ec6
AJ		 3393 int err;
3394
bdb6d971 3395 BT_DBG("%s", hdev->name);
f6422ec6 3396
56f87901
JH		 3397 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags) ||
3398 hdev->hci_ver < BLUETOOTH_VER_1_2)
33c525c0
JH		 3399 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
3400 MGMT_STATUS_NOT_SUPPORTED);
3401
a7e80f25
JH		 3402 if (cp->val != 0x00 && cp->val != 0x01)
3403 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
3404 MGMT_STATUS_INVALID_PARAMS);
3405
5400c044 3406 if (!hdev_is_powered(hdev))
bdb6d971 3407 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
04124681 3408 MGMT_STATUS_NOT_POWERED);
5400c044
JH		 3409
3410 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
bdb6d971 3411 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
04124681 3412 MGMT_STATUS_REJECTED);
f6422ec6
AJ		 3413
3414 hci_dev_lock(hdev);
3415
05cbf29f
JH		 3416 if (mgmt_pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev)) {
3417 err = cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
3418 MGMT_STATUS_BUSY);
3419 goto unlock;
3420 }
3421
1a4d3c4b
JH		 3422 if (!!cp->val == test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags)) {
3423 err = send_settings_rsp(sk, MGMT_OP_SET_FAST_CONNECTABLE,
3424 hdev);
3425 goto unlock;
3426 }
3427
33e38b3e
JH		 3428 cmd = mgmt_pending_add(sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev,
3429 data, len);
3430 if (!cmd) {
3431 err = -ENOMEM;
3432 goto unlock;
f6422ec6
AJ		 3433 }
3434
33e38b3e
JH		 3435 hci_req_init(&req, hdev);
3436
406d7804 3437 write_fast_connectable(&req, cp->val);
33e38b3e
JH		 3438
3439 err = hci_req_run(&req, fast_connectable_complete);
f6422ec6 3440 if (err < 0) {
bdb6d971 3441 err = cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
04124681 3442 MGMT_STATUS_FAILED);
33e38b3e 3443 mgmt_pending_remove(cmd);
f6422ec6
AJ		 3444 }
3445
33e38b3e 3446unlock:
f6422ec6 3447 hci_dev_unlock(hdev);
33e38b3e 3448
f6422ec6
AJ		 3449 return err;
3450}
3451
0663ca2a
JH		 3452static void set_bredr_complete(struct hci_dev *hdev, u8 status)
3453{
3454 struct pending_cmd *cmd;
3455
3456 BT_DBG("status 0x%02x", status);
3457
3458 hci_dev_lock(hdev);
3459
3460 cmd = mgmt_pending_find(MGMT_OP_SET_BREDR, hdev);
3461 if (!cmd)
3462 goto unlock;
3463
3464 if (status) {
3465 u8 mgmt_err = mgmt_status(status);
3466
3467 /* We need to restore the flag if related HCI commands
3468 * failed.
3469 */
3470 clear_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
3471
3472 cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
3473 } else {
3474 send_settings_rsp(cmd->sk, MGMT_OP_SET_BREDR, hdev);
3475 new_settings(hdev, cmd->sk);
3476 }
3477
3478 mgmt_pending_remove(cmd);
3479
3480unlock:
3481 hci_dev_unlock(hdev);
3482}
3483
3484static int set_bredr(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
3485{
3486 struct mgmt_mode *cp = data;
3487 struct pending_cmd *cmd;
3488 struct hci_request req;
3489 int err;
3490
3491 BT_DBG("request for %s", hdev->name);
3492
3493 if (!lmp_bredr_capable(hdev) || !lmp_le_capable(hdev))
3494 return cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
3495 MGMT_STATUS_NOT_SUPPORTED);
3496
3497 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
3498 return cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
3499 MGMT_STATUS_REJECTED);
3500
3501 if (cp->val != 0x00 && cp->val != 0x01)
3502 return cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
3503 MGMT_STATUS_INVALID_PARAMS);
3504
3505 hci_dev_lock(hdev);
3506
3507 if (cp->val == test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
3508 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
3509 goto unlock;
3510 }
3511
3512 if (!hdev_is_powered(hdev)) {
3513 if (!cp->val) {
3514 clear_bit(HCI_CONNECTABLE, &hdev->dev_flags);
3515 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
3516 clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
3517 clear_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
3518 clear_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
3519 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
3520 }
3521
3522 change_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
3523
3524 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
3525 if (err < 0)
3526 goto unlock;
3527
3528 err = new_settings(hdev, sk);
3529 goto unlock;
3530 }
3531
3532 /* Reject disabling when powered on */
3533 if (!cp->val) {
3534 err = cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
3535 MGMT_STATUS_REJECTED);
3536 goto unlock;
3537 }
3538
3539 if (mgmt_pending_find(MGMT_OP_SET_BREDR, hdev)) {
3540 err = cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
3541 MGMT_STATUS_BUSY);
3542 goto unlock;
3543 }
3544
3545 cmd = mgmt_pending_add(sk, MGMT_OP_SET_BREDR, hdev, data, len);
3546 if (!cmd) {
3547 err = -ENOMEM;
3548 goto unlock;
3549 }
3550
3551 /* We need to flip the bit already here so that hci_update_ad
3552 * generates the correct flags.
3553 */
3554 set_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
3555
3556 hci_req_init(&req, hdev);
3557 hci_update_ad(&req);
3558 err = hci_req_run(&req, set_bredr_complete);
3559 if (err < 0)
3560 mgmt_pending_remove(cmd);
3561
3562unlock:
3563 hci_dev_unlock(hdev);
3564 return err;
3565}
3566
3f706b72
JH		 3567static bool ltk_is_valid(struct mgmt_ltk_info *key)
3568{
44b20d33
JH		 3569 if (key->authenticated != 0x00 && key->authenticated != 0x01)
3570 return false;
3f706b72
JH		 3571 if (key->master != 0x00 && key->master != 0x01)
3572 return false;
4ee71b20
JH		 3573 if (!bdaddr_type_is_le(key->addr.type))
3574 return false;
3f706b72
JH		 3575 return true;
3576}
3577
bdb6d971 3578static int load_long_term_keys(struct sock *sk, struct hci_dev *hdev,
04124681 3579 void *cp_data, u16 len)
346af67b 3580{
346af67b
VCG		 3581 struct mgmt_cp_load_long_term_keys *cp = cp_data;
3582 u16 key_count, expected_len;
715a5bf2 3583 int i, err;
346af67b 3584
cf99ba13
MH		 3585 BT_DBG("request for %s", hdev->name);
3586
3587 if (!lmp_le_capable(hdev))
3588 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
3589 MGMT_STATUS_NOT_SUPPORTED);
3590
1f350c87 3591 key_count = __le16_to_cpu(cp->key_count);
346af67b
VCG		 3592
3593 expected_len = sizeof(*cp) + key_count *
3594 sizeof(struct mgmt_ltk_info);
3595 if (expected_len != len) {
3596 BT_ERR("load_keys: expected %u bytes, got %u bytes",
8ce8e2b5 3597 len, expected_len);
bdb6d971 3598 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
e57e619f 3599 MGMT_STATUS_INVALID_PARAMS);
346af67b
VCG		 3600 }
3601
bdb6d971 3602 BT_DBG("%s key_count %u", hdev->name, key_count);
346af67b 3603
54ad6d8a
JH		 3604 for (i = 0; i < key_count; i++) {
3605 struct mgmt_ltk_info *key = &cp->keys[i];
3606
3f706b72 3607 if (!ltk_is_valid(key))
54ad6d8a
JH		 3608 return cmd_status(sk, hdev->id,
3609 MGMT_OP_LOAD_LONG_TERM_KEYS,
3610 MGMT_STATUS_INVALID_PARAMS);
3611 }
3612
346af67b
VCG		 3613 hci_dev_lock(hdev);
3614
3615 hci_smp_ltks_clear(hdev);
3616
3617 for (i = 0; i < key_count; i++) {
3618 struct mgmt_ltk_info *key = &cp->keys[i];
3619 u8 type;
3620
3621 if (key->master)
3622 type = HCI_SMP_LTK;
3623 else
3624 type = HCI_SMP_LTK_SLAVE;
3625
4596fde5 3626 hci_add_ltk(hdev, &key->addr.bdaddr,
378b5b7e 3627 bdaddr_to_le(key->addr.type),
04124681
GP		 3628 type, 0, key->authenticated, key->val,
3629 key->enc_size, key->ediv, key->rand);
346af67b
VCG		 3630 }
3631
715a5bf2
JH		 3632 err = cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS, 0,
3633 NULL, 0);
3634
346af67b 3635 hci_dev_unlock(hdev);
346af67b 3636
715a5bf2 3637 return err;
346af67b
VCG		 3638}
3639
2e3c35ea 3640static const struct mgmt_handler {
04124681
GP		 3641 int (*func) (struct sock *sk, struct hci_dev *hdev, void *data,
3642 u16 data_len);
be22b54e
JH		 3643 bool var_len;
3644 size_t data_len;
0f4e68cf
JH		 3645} mgmt_handlers[] = {
3646 { NULL }, /* 0x0000 (no command) */
be22b54e
JH		 3647 { read_version, false, MGMT_READ_VERSION_SIZE },
3648 { read_commands, false, MGMT_READ_COMMANDS_SIZE },
3649 { read_index_list, false, MGMT_READ_INDEX_LIST_SIZE },
3650 { read_controller_info, false, MGMT_READ_INFO_SIZE },
3651 { set_powered, false, MGMT_SETTING_SIZE },
3652 { set_discoverable, false, MGMT_SET_DISCOVERABLE_SIZE },
3653 { set_connectable, false, MGMT_SETTING_SIZE },
3654 { set_fast_connectable, false, MGMT_SETTING_SIZE },
3655 { set_pairable, false, MGMT_SETTING_SIZE },
3656 { set_link_security, false, MGMT_SETTING_SIZE },
3657 { set_ssp, false, MGMT_SETTING_SIZE },
3658 { set_hs, false, MGMT_SETTING_SIZE },
3659 { set_le, false, MGMT_SETTING_SIZE },
3660 { set_dev_class, false, MGMT_SET_DEV_CLASS_SIZE },
3661 { set_local_name, false, MGMT_SET_LOCAL_NAME_SIZE },
3662 { add_uuid, false, MGMT_ADD_UUID_SIZE },
3663 { remove_uuid, false, MGMT_REMOVE_UUID_SIZE },
3664 { load_link_keys, true, MGMT_LOAD_LINK_KEYS_SIZE },
3665 { load_long_term_keys, true, MGMT_LOAD_LONG_TERM_KEYS_SIZE },
3666 { disconnect, false, MGMT_DISCONNECT_SIZE },
3667 { get_connections, false, MGMT_GET_CONNECTIONS_SIZE },
3668 { pin_code_reply, false, MGMT_PIN_CODE_REPLY_SIZE },
3669 { pin_code_neg_reply, false, MGMT_PIN_CODE_NEG_REPLY_SIZE },
3670 { set_io_capability, false, MGMT_SET_IO_CAPABILITY_SIZE },
3671 { pair_device, false, MGMT_PAIR_DEVICE_SIZE },
3672 { cancel_pair_device, false, MGMT_CANCEL_PAIR_DEVICE_SIZE },
3673 { unpair_device, false, MGMT_UNPAIR_DEVICE_SIZE },
3674 { user_confirm_reply, false, MGMT_USER_CONFIRM_REPLY_SIZE },
3675 { user_confirm_neg_reply, false, MGMT_USER_CONFIRM_NEG_REPLY_SIZE },
3676 { user_passkey_reply, false, MGMT_USER_PASSKEY_REPLY_SIZE },
3677 { user_passkey_neg_reply, false, MGMT_USER_PASSKEY_NEG_REPLY_SIZE },
3678 { read_local_oob_data, false, MGMT_READ_LOCAL_OOB_DATA_SIZE },
3679 { add_remote_oob_data, false, MGMT_ADD_REMOTE_OOB_DATA_SIZE },
3680 { remove_remote_oob_data, false, MGMT_REMOVE_REMOTE_OOB_DATA_SIZE },
3681 { start_discovery, false, MGMT_START_DISCOVERY_SIZE },
3682 { stop_discovery, false, MGMT_STOP_DISCOVERY_SIZE },
3683 { confirm_name, false, MGMT_CONFIRM_NAME_SIZE },
3684 { block_device, false, MGMT_BLOCK_DEVICE_SIZE },
3685 { unblock_device, false, MGMT_UNBLOCK_DEVICE_SIZE },
cdbaccca 3686 { set_device_id, false, MGMT_SET_DEVICE_ID_SIZE },
4375f103 3687 { set_advertising, false, MGMT_SETTING_SIZE },
0663ca2a 3688 { set_bredr, false, MGMT_SETTING_SIZE },
d13eafce 3689 { set_static_address, false, MGMT_SET_STATIC_ADDRESS_SIZE },
0f4e68cf
JH		 3690};
3691
3692
0381101f
JH		 3693int mgmt_control(struct sock *sk, struct msghdr *msg, size_t msglen)
3694{
650f726d
VCG		 3695 void *buf;
3696 u8 *cp;
0381101f 3697 struct mgmt_hdr *hdr;
4e51eae9 3698 u16 opcode, index, len;
bdb6d971 3699 struct hci_dev *hdev = NULL;
2e3c35ea 3700 const struct mgmt_handler *handler;
0381101f
JH		 3701 int err;
3702
3703 BT_DBG("got %zu bytes", msglen);
3704
3705 if (msglen < sizeof(*hdr))
3706 return -EINVAL;
3707
e63a15ec 3708 buf = kmalloc(msglen, GFP_KERNEL);
0381101f
JH		 3709 if (!buf)
3710 return -ENOMEM;
3711
3712 if (memcpy_fromiovec(buf, msg->msg_iov, msglen)) {
3713 err = -EFAULT;
3714 goto done;
3715 }
3716
650f726d 3717 hdr = buf;
1f350c87
MH		 3718 opcode = __le16_to_cpu(hdr->opcode);
3719 index = __le16_to_cpu(hdr->index);
3720 len = __le16_to_cpu(hdr->len);
0381101f
JH		 3721
3722 if (len != msglen - sizeof(*hdr)) {
3723 err = -EINVAL;
3724 goto done;
3725 }
3726
0f4e68cf 3727 if (index != MGMT_INDEX_NONE) {
bdb6d971
JH		 3728 hdev = hci_dev_get(index);
3729 if (!hdev) {
3730 err = cmd_status(sk, index, opcode,
04124681 3731 MGMT_STATUS_INVALID_INDEX);
bdb6d971
JH		 3732 goto done;
3733 }
0736cfa8
MH		 3734
3735 if (test_bit(HCI_USER_CHANNEL, &hdev->dev_flags)) {
3736 err = cmd_status(sk, index, opcode,
3737 MGMT_STATUS_INVALID_INDEX);
3738 goto done;
3739 }
bdb6d971
JH		 3740 }
3741
0f4e68cf 3742 if (opcode >= ARRAY_SIZE(mgmt_handlers) ||
8ce8e2b5 3743 mgmt_handlers[opcode].func == NULL) {
0381101f 3744 BT_DBG("Unknown op %u", opcode);
ca69b795 3745 err = cmd_status(sk, index, opcode,
04124681 3746 MGMT_STATUS_UNKNOWN_COMMAND);
0f4e68cf
JH		 3747 goto done;
3748 }
3749
3750 if ((hdev && opcode < MGMT_OP_READ_INFO) ||
8ce8e2b5 3751 (!hdev && opcode >= MGMT_OP_READ_INFO)) {
0f4e68cf 3752 err = cmd_status(sk, index, opcode,
04124681 3753 MGMT_STATUS_INVALID_INDEX);
0f4e68cf 3754 goto done;
0381101f
JH		 3755 }
3756
be22b54e
JH		 3757 handler = &mgmt_handlers[opcode];
3758
3759 if ((handler->var_len && len < handler->data_len) ||
8ce8e2b5 3760 (!handler->var_len && len != handler->data_len)) {
be22b54e 3761 err = cmd_status(sk, index, opcode,
04124681 3762 MGMT_STATUS_INVALID_PARAMS);
be22b54e
JH		 3763 goto done;
3764 }
3765
0f4e68cf
JH		 3766 if (hdev)
3767 mgmt_init_hdev(sk, hdev);
3768
3769 cp = buf + sizeof(*hdr);
3770
be22b54e 3771 err = handler->func(sk, hdev, cp, len);
e41d8b4e
JH		 3772 if (err < 0)
3773 goto done;
3774
0381101f
JH		 3775 err = msglen;
3776
3777done:
bdb6d971
JH		 3778 if (hdev)
3779 hci_dev_put(hdev);
3780
0381101f
JH		 3781 kfree(buf);
3782 return err;
3783}
c71e97bf 3784
bf6b56db 3785void mgmt_index_added(struct hci_dev *hdev)
c71e97bf 3786{
1514b892 3787 if (hdev->dev_type != HCI_BREDR)
bf6b56db 3788 return;
bb4b2a9a 3789
bf6b56db 3790 mgmt_event(MGMT_EV_INDEX_ADDED, hdev, NULL, 0, NULL);
c71e97bf
JH		 3791}
3792
bf6b56db 3793void mgmt_index_removed(struct hci_dev *hdev)
c71e97bf 3794{
5f159032 3795 u8 status = MGMT_STATUS_INVALID_INDEX;
b24752fe 3796
1514b892 3797 if (hdev->dev_type != HCI_BREDR)
bf6b56db 3798 return;
bb4b2a9a 3799
744cf19e 3800 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status);
b24752fe 3801
bf6b56db 3802 mgmt_event(MGMT_EV_INDEX_REMOVED, hdev, NULL, 0, NULL);
eec8d2bc
JH		 3803}
3804
890ea898 3805static void set_bredr_scan(struct hci_request *req)
7f0ae647 3806{
890ea898 3807 struct hci_dev *hdev = req->hdev;
7f0ae647
JH		 3808 u8 scan = 0;
3809
4c01f8b8
JH		 3810 /* Ensure that fast connectable is disabled. This function will
3811 * not do anything if the page scan parameters are already what
3812 * they should be.
3813 */
3814 write_fast_connectable(req, false);
3815
7f0ae647
JH		 3816 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
3817 scan |= SCAN_PAGE;
3818 if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
3819 scan |= SCAN_INQUIRY;
3820
890ea898
JH		 3821 if (scan)
3822 hci_req_add(req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
7f0ae647
JH		 3823}
3824
229ab39c
JH		 3825static void powered_complete(struct hci_dev *hdev, u8 status)
3826{
3827 struct cmd_lookup match = { NULL, hdev };
3828
3829 BT_DBG("status 0x%02x", status);
3830
3831 hci_dev_lock(hdev);
3832
3833 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
3834
3835 new_settings(hdev, match.sk);
3836
3837 hci_dev_unlock(hdev);
3838
3839 if (match.sk)
3840 sock_put(match.sk);
3841}
3842
70da6243 3843static int powered_update_hci(struct hci_dev *hdev)
5add6af8 3844{
890ea898 3845 struct hci_request req;
70da6243 3846 u8 link_sec;
5add6af8 3847
890ea898
JH		 3848 hci_req_init(&req, hdev);
3849
70da6243
JH		 3850 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags) &&
3851 !lmp_host_ssp_capable(hdev)) {
3852 u8 ssp = 1;
5e5282bb 3853
890ea898 3854 hci_req_add(&req, HCI_OP_WRITE_SSP_MODE, 1, &ssp);
70da6243 3855 }
5add6af8 3856
c73eee91
JH		 3857 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags) &&
3858 lmp_bredr_capable(hdev)) {
70da6243 3859 struct hci_cp_write_le_host_supported cp;
f0ff92fb 3860
70da6243
JH		 3861 cp.le = 1;
3862 cp.simul = lmp_le_br_capable(hdev);
3d1cbdd6 3863
70da6243
JH		 3864 /* Check first if we already have the right
3865 * host state (host features set)
3866 */
3867 if (cp.le != lmp_host_le_capable(hdev) ||
3868 cp.simul != lmp_host_le_br_capable(hdev))
890ea898
JH		 3869 hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED,
3870 sizeof(cp), &cp);
0663ca2a
JH		 3871
3872 /* In case BR/EDR was toggled during the AUTO_OFF phase */
3873 hci_update_ad(&req);
70da6243 3874 }
3d1cbdd6 3875
d13eafce
MH		 3876 if (lmp_le_capable(hdev)) {
3877 /* Set random address to static address if configured */
3878 if (bacmp(&hdev->static_addr, BDADDR_ANY))
3879 hci_req_add(&req, HCI_OP_LE_SET_RANDOM_ADDR, 6,
3880 &hdev->static_addr);
eeca6f89 3881
bba3aa55
MH		 3882 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags))
3883 enable_advertising(&req);
eeca6f89
JH		 3884 }
3885
70da6243
JH		 3886 link_sec = test_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
3887 if (link_sec != test_bit(HCI_AUTH, &hdev->flags))
890ea898
JH		 3888 hci_req_add(&req, HCI_OP_WRITE_AUTH_ENABLE,
3889 sizeof(link_sec), &link_sec);
562fcc24 3890
70da6243 3891 if (lmp_bredr_capable(hdev)) {
56f87901
JH		 3892 if (test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
3893 set_bredr_scan(&req);
890ea898 3894 update_class(&req);
13928971 3895 update_name(&req);
890ea898 3896 update_eir(&req);
70da6243 3897 }
562fcc24 3898
229ab39c 3899 return hci_req_run(&req, powered_complete);
70da6243 3900}
562fcc24 3901
70da6243
JH		 3902int mgmt_powered(struct hci_dev *hdev, u8 powered)
3903{
3904 struct cmd_lookup match = { NULL, hdev };
229ab39c
JH		 3905 u8 status_not_powered = MGMT_STATUS_NOT_POWERED;
3906 u8 zero_cod[] = { 0, 0, 0 };
70da6243 3907 int err;
f0ff92fb 3908
70da6243
JH		 3909 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
3910 return 0;
3911
70da6243 3912 if (powered) {
229ab39c
JH		 3913 if (powered_update_hci(hdev) == 0)
3914 return 0;
fe038884 3915
229ab39c
JH		 3916 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp,
3917 &match);
3918 goto new_settings;
b24752fe
JH		 3919 }
3920
229ab39c
JH		 3921 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
3922 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status_not_powered);
3923
3924 if (memcmp(hdev->dev_class, zero_cod, sizeof(zero_cod)) != 0)
3925 mgmt_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev,
3926 zero_cod, sizeof(zero_cod), NULL);
3927
3928new_settings:
beadb2bd 3929 err = new_settings(hdev, match.sk);
eec8d2bc
JH		 3930
3931 if (match.sk)
3932 sock_put(match.sk);
3933
7bb895d6 3934 return err;
5add6af8 3935}
73f22f62 3936
3eec705e 3937void mgmt_set_powered_failed(struct hci_dev *hdev, int err)
96570ffc
JH		 3938{
3939 struct pending_cmd *cmd;
3940 u8 status;
3941
3942 cmd = mgmt_pending_find(MGMT_OP_SET_POWERED, hdev);
3943 if (!cmd)
3eec705e 3944 return;
96570ffc
JH		 3945
3946 if (err == -ERFKILL)
3947 status = MGMT_STATUS_RFKILLED;
3948 else
3949 status = MGMT_STATUS_FAILED;
3950
3eec705e 3951 cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_POWERED, status);
96570ffc
JH		 3952
3953 mgmt_pending_remove(cmd);
96570ffc
JH		 3954}
3955
744cf19e 3956int mgmt_discoverable(struct hci_dev *hdev, u8 discoverable)
73f22f62 3957{
76a7f3a4 3958 struct cmd_lookup match = { NULL, hdev };
5e5282bb
JH		 3959 bool changed = false;
3960 int err = 0;
73f22f62 3961
5e5282bb
JH		 3962 if (discoverable) {
3963 if (!test_and_set_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
3964 changed = true;
3965 } else {
3966 if (test_and_clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
3967 changed = true;
3968 }
73f22f62 3969
ed9b5f2f 3970 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, hdev, settings_rsp,
04124681 3971 &match);
ed9b5f2f 3972
beadb2bd
JH		 3973 if (changed)
3974 err = new_settings(hdev, match.sk);
5e5282bb 3975
73f22f62
JH		 3976 if (match.sk)
3977 sock_put(match.sk);
3978
7bb895d6 3979 return err;
73f22f62 3980}
9fbcbb45 3981
744cf19e 3982int mgmt_connectable(struct hci_dev *hdev, u8 connectable)
9fbcbb45 3983{
2b76f453 3984 struct pending_cmd *cmd;
5e5282bb
JH		 3985 bool changed = false;
3986 int err = 0;
9fbcbb45 3987
5e5282bb
JH		 3988 if (connectable) {
3989 if (!test_and_set_bit(HCI_CONNECTABLE, &hdev->dev_flags))
3990 changed = true;
3991 } else {
3992 if (test_and_clear_bit(HCI_CONNECTABLE, &hdev->dev_flags))
3993 changed = true;
3994 }
9fbcbb45 3995
2b76f453 3996 cmd = mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
ed9b5f2f 3997
beadb2bd 3998 if (changed)
2b76f453 3999 err = new_settings(hdev, cmd ? cmd->sk : NULL);
9fbcbb45 4000
7bb895d6 4001 return err;
9fbcbb45 4002}
55ed8ca1 4003
744cf19e 4004int mgmt_write_scan_failed(struct hci_dev *hdev, u8 scan, u8 status)
2d7cee58 4005{
ca69b795
JH		 4006 u8 mgmt_err = mgmt_status(status);
4007
2d7cee58 4008 if (scan & SCAN_PAGE)
744cf19e 4009 mgmt_pending_foreach(MGMT_OP_SET_CONNECTABLE, hdev,
04124681 4010 cmd_status_rsp, &mgmt_err);
2d7cee58
JH		 4011
4012 if (scan & SCAN_INQUIRY)
744cf19e 4013 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, hdev,
04124681 4014 cmd_status_rsp, &mgmt_err);
2d7cee58
JH		 4015
4016 return 0;
4017}
4018
53168e5b
CC		 4019int mgmt_new_link_key(struct hci_dev *hdev, struct link_key *key,
4020 bool persistent)
55ed8ca1 4021{
86742e1e 4022 struct mgmt_ev_new_link_key ev;
55ed8ca1 4023
a492cd52 4024 memset(&ev, 0, sizeof(ev));
55ed8ca1 4025
a492cd52 4026 ev.store_hint = persistent;
d753fdc4 4027 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
591f47f3 4028 ev.key.addr.type = BDADDR_BREDR;
a492cd52 4029 ev.key.type = key->type;
9b3b4460 4030 memcpy(ev.key.val, key->val, HCI_LINK_KEY_SIZE);
a492cd52 4031 ev.key.pin_len = key->pin_len;
55ed8ca1 4032
744cf19e 4033 return mgmt_event(MGMT_EV_NEW_LINK_KEY, hdev, &ev, sizeof(ev), NULL);
55ed8ca1 4034}
f7520543 4035
346af67b
VCG		 4036int mgmt_new_ltk(struct hci_dev *hdev, struct smp_ltk *key, u8 persistent)
4037{
4038 struct mgmt_ev_new_long_term_key ev;
4039
4040 memset(&ev, 0, sizeof(ev));
4041
4042 ev.store_hint = persistent;
4043 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
57c1477c 4044 ev.key.addr.type = link_to_bdaddr(LE_LINK, key->bdaddr_type);
346af67b
VCG		 4045 ev.key.authenticated = key->authenticated;
4046 ev.key.enc_size = key->enc_size;
4047 ev.key.ediv = key->ediv;
4048
4049 if (key->type == HCI_SMP_LTK)
4050 ev.key.master = 1;
4051
4052 memcpy(ev.key.rand, key->rand, sizeof(key->rand));
4053 memcpy(ev.key.val, key->val, sizeof(key->val));
4054
04124681
GP		 4055 return mgmt_event(MGMT_EV_NEW_LONG_TERM_KEY, hdev, &ev, sizeof(ev),
4056 NULL);
346af67b
VCG		 4057}
4058
afc747a6 4059int mgmt_device_connected(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
04124681
GP		 4060 u8 addr_type, u32 flags, u8 *name, u8 name_len,
4061 u8 *dev_class)
f7520543 4062{
b644ba33
JH		 4063 char buf[512];
4064 struct mgmt_ev_device_connected *ev = (void *) buf;
4065 u16 eir_len = 0;
f7520543 4066
b644ba33 4067 bacpy(&ev->addr.bdaddr, bdaddr);
57c1477c 4068 ev->addr.type = link_to_bdaddr(link_type, addr_type);
f7520543 4069
c95f0ba7 4070 ev->flags = __cpu_to_le32(flags);
08c79b61 4071
b644ba33
JH		 4072 if (name_len > 0)
4073 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE,
04124681 4074 name, name_len);
b644ba33
JH		 4075
4076 if (dev_class && memcmp(dev_class, "\0\0\0", 3) != 0)
53156385 4077 eir_len = eir_append_data(ev->eir, eir_len,
04124681 4078 EIR_CLASS_OF_DEV, dev_class, 3);
b644ba33 4079
eb55ef07 4080 ev->eir_len = cpu_to_le16(eir_len);
b644ba33
JH		 4081
4082 return mgmt_event(MGMT_EV_DEVICE_CONNECTED, hdev, buf,
04124681 4083 sizeof(*ev) + eir_len, NULL);
f7520543
JH		 4084}
4085
8962ee74
JH		 4086static void disconnect_rsp(struct pending_cmd *cmd, void *data)
4087{
c68fb7ff 4088 struct mgmt_cp_disconnect *cp = cmd->param;
8962ee74 4089 struct sock **sk = data;
a38528f1 4090 struct mgmt_rp_disconnect rp;
8962ee74 4091
88c3df13
JH		 4092 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
4093 rp.addr.type = cp->addr.type;
8962ee74 4094
aee9b218 4095 cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT, 0, &rp,
04124681 4096 sizeof(rp));
8962ee74
JH		 4097
4098 *sk = cmd->sk;
4099 sock_hold(*sk);
4100
a664b5bc 4101 mgmt_pending_remove(cmd);
8962ee74
JH		 4102}
4103
124f6e35 4104static void unpair_device_rsp(struct pending_cmd *cmd, void *data)
a8a1d19e 4105{
b1078ad0 4106 struct hci_dev *hdev = data;
124f6e35
JH		 4107 struct mgmt_cp_unpair_device *cp = cmd->param;
4108 struct mgmt_rp_unpair_device rp;
a8a1d19e
JH		 4109
4110 memset(&rp, 0, sizeof(rp));
124f6e35
JH		 4111 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
4112 rp.addr.type = cp->addr.type;
a8a1d19e 4113
b1078ad0
JH		 4114 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, cmd->sk);
4115
aee9b218 4116 cmd_complete(cmd->sk, cmd->index, cmd->opcode, 0, &rp, sizeof(rp));
a8a1d19e
JH		 4117
4118 mgmt_pending_remove(cmd);
4119}
4120
afc747a6 4121int mgmt_device_disconnected(struct hci_dev *hdev, bdaddr_t *bdaddr,
f0d6a0ea 4122 u8 link_type, u8 addr_type, u8 reason)
f7520543 4123{
f0d6a0ea 4124 struct mgmt_ev_device_disconnected ev;
8962ee74
JH		 4125 struct sock *sk = NULL;
4126 int err;
4127
744cf19e 4128 mgmt_pending_foreach(MGMT_OP_DISCONNECT, hdev, disconnect_rsp, &sk);
f7520543 4129
f0d6a0ea
MA		 4130 bacpy(&ev.addr.bdaddr, bdaddr);
4131 ev.addr.type = link_to_bdaddr(link_type, addr_type);
4132 ev.reason = reason;
f7520543 4133
afc747a6 4134 err = mgmt_event(MGMT_EV_DEVICE_DISCONNECTED, hdev, &ev, sizeof(ev),
04124681 4135 sk);
8962ee74
JH		 4136
4137 if (sk)
d97dcb66 4138 sock_put(sk);
8962ee74 4139
124f6e35 4140 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
04124681 4141 hdev);
a8a1d19e 4142
8962ee74
JH		 4143 return err;
4144}
4145
88c3df13 4146int mgmt_disconnect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 4147 u8 link_type, u8 addr_type, u8 status)
8962ee74 4148{
88c3df13 4149 struct mgmt_rp_disconnect rp;
8962ee74
JH		 4150 struct pending_cmd *cmd;
4151 int err;
4152
36a75f1b
JD		 4153 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
4154 hdev);
4155
2e58ef3e 4156 cmd = mgmt_pending_find(MGMT_OP_DISCONNECT, hdev);
8962ee74
JH		 4157 if (!cmd)
4158 return -ENOENT;
4159
88c3df13 4160 bacpy(&rp.addr.bdaddr, bdaddr);
57c1477c 4161 rp.addr.type = link_to_bdaddr(link_type, addr_type);
37d9ef76 4162
88c3df13 4163 err = cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT,
04124681 4164 mgmt_status(status), &rp, sizeof(rp));
8962ee74 4165
a664b5bc 4166 mgmt_pending_remove(cmd);
8962ee74
JH		 4167
4168 return err;
f7520543 4169}
17d5c04c 4170
48264f06 4171int mgmt_connect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
04124681 4172 u8 addr_type, u8 status)
17d5c04c
JH		 4173{
4174 struct mgmt_ev_connect_failed ev;
4175
4c659c39 4176 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 4177 ev.addr.type = link_to_bdaddr(link_type, addr_type);
ca69b795 4178 ev.status = mgmt_status(status);
17d5c04c 4179
744cf19e 4180 return mgmt_event(MGMT_EV_CONNECT_FAILED, hdev, &ev, sizeof(ev), NULL);
17d5c04c 4181}
980e1a53 4182
744cf19e 4183int mgmt_pin_code_request(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 secure)
980e1a53
JH		 4184{
4185 struct mgmt_ev_pin_code_request ev;
4186
d8457698 4187 bacpy(&ev.addr.bdaddr, bdaddr);
591f47f3 4188 ev.addr.type = BDADDR_BREDR;
a770bb5a 4189 ev.secure = secure;
980e1a53 4190
744cf19e 4191 return mgmt_event(MGMT_EV_PIN_CODE_REQUEST, hdev, &ev, sizeof(ev),
04124681 4192 NULL);
980e1a53
JH		 4193}
4194
744cf19e 4195int mgmt_pin_code_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 4196 u8 status)
980e1a53
JH		 4197{
4198 struct pending_cmd *cmd;
ac56fb13 4199 struct mgmt_rp_pin_code_reply rp;
980e1a53
JH		 4200 int err;
4201
2e58ef3e 4202 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_REPLY, hdev);
980e1a53
JH		 4203 if (!cmd)
4204 return -ENOENT;
4205
d8457698 4206 bacpy(&rp.addr.bdaddr, bdaddr);
591f47f3 4207 rp.addr.type = BDADDR_BREDR;
ac56fb13 4208
aee9b218 4209 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
04124681 4210 mgmt_status(status), &rp, sizeof(rp));
980e1a53 4211
a664b5bc 4212 mgmt_pending_remove(cmd);
980e1a53
JH		 4213
4214 return err;
4215}
4216
744cf19e 4217int mgmt_pin_code_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 4218 u8 status)
980e1a53
JH		 4219{
4220 struct pending_cmd *cmd;
ac56fb13 4221 struct mgmt_rp_pin_code_reply rp;
980e1a53
JH		 4222 int err;
4223
2e58ef3e 4224 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_NEG_REPLY, hdev);
980e1a53
JH		 4225 if (!cmd)
4226 return -ENOENT;
4227
d8457698 4228 bacpy(&rp.addr.bdaddr, bdaddr);
591f47f3 4229 rp.addr.type = BDADDR_BREDR;
ac56fb13 4230
aee9b218 4231 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_NEG_REPLY,
04124681 4232 mgmt_status(status), &rp, sizeof(rp));
980e1a53 4233
a664b5bc 4234 mgmt_pending_remove(cmd);
980e1a53
JH		 4235
4236 return err;
4237}
a5c29683 4238
744cf19e 4239int mgmt_user_confirm_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681
GP		 4240 u8 link_type, u8 addr_type, __le32 value,
4241 u8 confirm_hint)
a5c29683
JH		 4242{
4243 struct mgmt_ev_user_confirm_request ev;
4244
744cf19e 4245 BT_DBG("%s", hdev->name);
a5c29683 4246
272d90df 4247 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 4248 ev.addr.type = link_to_bdaddr(link_type, addr_type);
55bc1a37 4249 ev.confirm_hint = confirm_hint;
78e8098e 4250 ev.value = value;
a5c29683 4251
744cf19e 4252 return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST, hdev, &ev, sizeof(ev),
04124681 4253 NULL);
a5c29683
JH		 4254}
4255
272d90df 4256int mgmt_user_passkey_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
8ce8e2b5 4257 u8 link_type, u8 addr_type)
604086b7
BG		 4258{
4259 struct mgmt_ev_user_passkey_request ev;
4260
4261 BT_DBG("%s", hdev->name);
4262
272d90df 4263 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 4264 ev.addr.type = link_to_bdaddr(link_type, addr_type);
604086b7
BG		 4265
4266 return mgmt_event(MGMT_EV_USER_PASSKEY_REQUEST, hdev, &ev, sizeof(ev),
04124681 4267 NULL);
604086b7
BG		 4268}
4269
0df4c185 4270static int user_pairing_resp_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
8ce8e2b5
GP		 4271 u8 link_type, u8 addr_type, u8 status,
4272 u8 opcode)
a5c29683
JH		 4273{
4274 struct pending_cmd *cmd;
4275 struct mgmt_rp_user_confirm_reply rp;
4276 int err;
4277
2e58ef3e 4278 cmd = mgmt_pending_find(opcode, hdev);
a5c29683
JH		 4279 if (!cmd)
4280 return -ENOENT;
4281
272d90df 4282 bacpy(&rp.addr.bdaddr, bdaddr);
57c1477c 4283 rp.addr.type = link_to_bdaddr(link_type, addr_type);
aee9b218 4284 err = cmd_complete(cmd->sk, hdev->id, opcode, mgmt_status(status),
04124681 4285 &rp, sizeof(rp));
a5c29683 4286
a664b5bc 4287 mgmt_pending_remove(cmd);
a5c29683
JH		 4288
4289 return err;
4290}
4291
744cf19e 4292int mgmt_user_confirm_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 4293 u8 link_type, u8 addr_type, u8 status)
a5c29683 4294{
272d90df 4295 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
04124681 4296 status, MGMT_OP_USER_CONFIRM_REPLY);
a5c29683
JH		 4297}
4298
272d90df 4299int mgmt_user_confirm_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 4300 u8 link_type, u8 addr_type, u8 status)
a5c29683 4301{
272d90df 4302 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
8fc9ced3
GP		 4303 status,
4304 MGMT_OP_USER_CONFIRM_NEG_REPLY);
a5c29683 4305}
2a611692 4306
604086b7 4307int mgmt_user_passkey_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 4308 u8 link_type, u8 addr_type, u8 status)
604086b7 4309{
272d90df 4310 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
04124681 4311 status, MGMT_OP_USER_PASSKEY_REPLY);
604086b7
BG		 4312}
4313
272d90df 4314int mgmt_user_passkey_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 4315 u8 link_type, u8 addr_type, u8 status)
604086b7 4316{
272d90df 4317 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
8fc9ced3
GP		 4318 status,
4319 MGMT_OP_USER_PASSKEY_NEG_REPLY);
604086b7
BG		 4320}
4321
92a25256
JH		 4322int mgmt_user_passkey_notify(struct hci_dev *hdev, bdaddr_t *bdaddr,
4323 u8 link_type, u8 addr_type, u32 passkey,
4324 u8 entered)
4325{
4326 struct mgmt_ev_passkey_notify ev;
4327
4328 BT_DBG("%s", hdev->name);
4329
4330 bacpy(&ev.addr.bdaddr, bdaddr);
4331 ev.addr.type = link_to_bdaddr(link_type, addr_type);
4332 ev.passkey = __cpu_to_le32(passkey);
4333 ev.entered = entered;
4334
4335 return mgmt_event(MGMT_EV_PASSKEY_NOTIFY, hdev, &ev, sizeof(ev), NULL);
4336}
4337
bab73cb6 4338int mgmt_auth_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
04124681 4339 u8 addr_type, u8 status)
2a611692
JH		 4340{
4341 struct mgmt_ev_auth_failed ev;
4342
bab73cb6 4343 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 4344 ev.addr.type = link_to_bdaddr(link_type, addr_type);
ca69b795 4345 ev.status = mgmt_status(status);
2a611692 4346
744cf19e 4347 return mgmt_event(MGMT_EV_AUTH_FAILED, hdev, &ev, sizeof(ev), NULL);
2a611692 4348}
b312b161 4349
33ef95ed
JH		 4350int mgmt_auth_enable_complete(struct hci_dev *hdev, u8 status)
4351{
4352 struct cmd_lookup match = { NULL, hdev };
47990ea0
JH		 4353 bool changed = false;
4354 int err = 0;
33ef95ed
JH		 4355
4356 if (status) {
4357 u8 mgmt_err = mgmt_status(status);
4358 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev,
04124681 4359 cmd_status_rsp, &mgmt_err);
33ef95ed
JH		 4360 return 0;
4361 }
4362
47990ea0
JH		 4363 if (test_bit(HCI_AUTH, &hdev->flags)) {
4364 if (!test_and_set_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
4365 changed = true;
4366 } else {
4367 if (test_and_clear_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
4368 changed = true;
4369 }
4370
33ef95ed 4371 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev, settings_rsp,
04124681 4372 &match);
33ef95ed 4373
47990ea0
JH		 4374 if (changed)
4375 err = new_settings(hdev, match.sk);
33ef95ed
JH		 4376
4377 if (match.sk)
4378 sock_put(match.sk);
4379
4380 return err;
4381}
4382
890ea898 4383static void clear_eir(struct hci_request *req)
cacaf52f 4384{
890ea898 4385 struct hci_dev *hdev = req->hdev;
cacaf52f
JH		 4386 struct hci_cp_write_eir cp;
4387
976eb20e 4388 if (!lmp_ext_inq_capable(hdev))
890ea898 4389 return;
cacaf52f 4390
c80da27e
JH		 4391 memset(hdev->eir, 0, sizeof(hdev->eir));
4392
cacaf52f
JH		 4393 memset(&cp, 0, sizeof(cp));
4394
890ea898 4395 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
cacaf52f
JH		 4396}
4397
c0ecddc2 4398int mgmt_ssp_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
ed2c4ee3
JH		 4399{
4400 struct cmd_lookup match = { NULL, hdev };
890ea898 4401 struct hci_request req;
c0ecddc2
JH		 4402 bool changed = false;
4403 int err = 0;
ed2c4ee3
JH		 4404
4405 if (status) {
4406 u8 mgmt_err = mgmt_status(status);
c0ecddc2
JH		 4407
4408 if (enable && test_and_clear_bit(HCI_SSP_ENABLED,
04124681 4409 &hdev->dev_flags))
c0ecddc2
JH		 4410 err = new_settings(hdev, NULL);
4411
04124681
GP		 4412 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, cmd_status_rsp,
4413 &mgmt_err);
c0ecddc2
JH		 4414
4415 return err;
4416 }
4417
4418 if (enable) {
4419 if (!test_and_set_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
4420 changed = true;
4421 } else {
4422 if (test_and_clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
4423 changed = true;
ed2c4ee3
JH		 4424 }
4425
4426 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, settings_rsp, &match);
4427
c0ecddc2
JH		 4428 if (changed)
4429 err = new_settings(hdev, match.sk);
ed2c4ee3 4430
5fc6ebb1 4431 if (match.sk)
ed2c4ee3
JH		 4432 sock_put(match.sk);
4433
890ea898
JH		 4434 hci_req_init(&req, hdev);
4435
5fc6ebb1 4436 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
890ea898 4437 update_eir(&req);
5fc6ebb1 4438 else
890ea898
JH		 4439 clear_eir(&req);
4440
4441 hci_req_run(&req, NULL);
cacaf52f 4442
ed2c4ee3
JH		 4443 return err;
4444}
4445
92da6097 4446static void sk_lookup(struct pending_cmd *cmd, void *data)
90e70454
JH		 4447{
4448 struct cmd_lookup *match = data;
4449
90e70454
JH		 4450 if (match->sk == NULL) {
4451 match->sk = cmd->sk;
4452 sock_hold(match->sk);
4453 }
90e70454
JH		 4454}
4455
7f9a903c 4456int mgmt_set_class_of_dev_complete(struct hci_dev *hdev, u8 *dev_class,
04124681 4457 u8 status)
7f9a903c 4458{
90e70454
JH		 4459 struct cmd_lookup match = { NULL, hdev, mgmt_status(status) };
4460 int err = 0;
7f9a903c 4461
92da6097
JH		 4462 mgmt_pending_foreach(MGMT_OP_SET_DEV_CLASS, hdev, sk_lookup, &match);
4463 mgmt_pending_foreach(MGMT_OP_ADD_UUID, hdev, sk_lookup, &match);
4464 mgmt_pending_foreach(MGMT_OP_REMOVE_UUID, hdev, sk_lookup, &match);
90e70454
JH		 4465
4466 if (!status)
04124681
GP		 4467 err = mgmt_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev, dev_class,
4468 3, NULL);
90e70454
JH		 4469
4470 if (match.sk)
4471 sock_put(match.sk);
7f9a903c
MH		 4472
4473 return err;
4474}
4475
744cf19e 4476int mgmt_set_local_name_complete(struct hci_dev *hdev, u8 *name, u8 status)
b312b161 4477{
b312b161 4478 struct mgmt_cp_set_local_name ev;
13928971 4479 struct pending_cmd *cmd;
28cc7bde 4480
13928971
JH		 4481 if (status)
4482 return 0;
b312b161
JH		 4483
4484 memset(&ev, 0, sizeof(ev));
4485 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH);
28cc7bde 4486 memcpy(ev.short_name, hdev->short_name, HCI_MAX_SHORT_NAME_LENGTH);
b312b161 4487
2e58ef3e 4488 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
13928971
JH		 4489 if (!cmd) {
4490 memcpy(hdev->dev_name, name, sizeof(hdev->dev_name));
28cc7bde 4491
13928971
JH		 4492 /* If this is a HCI command related to powering on the
4493 * HCI dev don't send any mgmt signals.
4494 */
4495 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev))
4496 return 0;
890ea898 4497 }
b312b161 4498
13928971
JH		 4499 return mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, &ev, sizeof(ev),
4500 cmd ? cmd->sk : NULL);
b312b161 4501}
c35938b2 4502
744cf19e 4503int mgmt_read_local_oob_data_reply_complete(struct hci_dev *hdev, u8 *hash,
04124681 4504 u8 *randomizer, u8 status)
c35938b2
SJ		 4505{
4506 struct pending_cmd *cmd;
4507 int err;
4508
744cf19e 4509 BT_DBG("%s status %u", hdev->name, status);
c35938b2 4510
2e58ef3e 4511 cmd = mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev);
c35938b2
SJ		 4512 if (!cmd)
4513 return -ENOENT;
4514
4515 if (status) {
04124681
GP		 4516 err = cmd_status(cmd->sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
4517 mgmt_status(status));
c35938b2
SJ		 4518 } else {
4519 struct mgmt_rp_read_local_oob_data rp;
4520
4521 memcpy(rp.hash, hash, sizeof(rp.hash));
4522 memcpy(rp.randomizer, randomizer, sizeof(rp.randomizer));
4523
744cf19e 4524 err = cmd_complete(cmd->sk, hdev->id,
04124681
GP		 4525 MGMT_OP_READ_LOCAL_OOB_DATA, 0, &rp,
4526 sizeof(rp));
c35938b2
SJ		 4527 }
4528
4529 mgmt_pending_remove(cmd);
4530
4531 return err;
4532}
e17acd40 4533
48264f06 4534int mgmt_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
04124681
GP		 4535 u8 addr_type, u8 *dev_class, s8 rssi, u8 cfm_name, u8
4536 ssp, u8 *eir, u16 eir_len)
e17acd40 4537{
e319d2e7
JH		 4538 char buf[512];
4539 struct mgmt_ev_device_found *ev = (void *) buf;
1dc06093 4540 size_t ev_size;
e17acd40 4541
12602d0c
AG		 4542 if (!hci_discovery_active(hdev))
4543 return -EPERM;
4544
1dc06093
JH		 4545 /* Leave 5 bytes for a potential CoD field */
4546 if (sizeof(*ev) + eir_len + 5 > sizeof(buf))
7d262f86
AG		 4547 return -EINVAL;
4548
1dc06093
JH		 4549 memset(buf, 0, sizeof(buf));
4550
e319d2e7 4551 bacpy(&ev->addr.bdaddr, bdaddr);
57c1477c 4552 ev->addr.type = link_to_bdaddr(link_type, addr_type);
e319d2e7 4553 ev->rssi = rssi;
9a395a80 4554 if (cfm_name)
612dfce9 4555 ev->flags |= __constant_cpu_to_le32(MGMT_DEV_FOUND_CONFIRM_NAME);
388fc8fa 4556 if (!ssp)
612dfce9 4557 ev->flags |= __constant_cpu_to_le32(MGMT_DEV_FOUND_LEGACY_PAIRING);
e17acd40 4558
1dc06093 4559 if (eir_len > 0)
e319d2e7 4560 memcpy(ev->eir, eir, eir_len);
e17acd40 4561
1dc06093
JH		 4562 if (dev_class && !eir_has_data_type(ev->eir, eir_len, EIR_CLASS_OF_DEV))
4563 eir_len = eir_append_data(ev->eir, eir_len, EIR_CLASS_OF_DEV,
04124681 4564 dev_class, 3);
1dc06093 4565
eb55ef07 4566 ev->eir_len = cpu_to_le16(eir_len);
1dc06093 4567 ev_size = sizeof(*ev) + eir_len;
f8523598 4568
e319d2e7 4569 return mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, ev_size, NULL);
e17acd40 4570}
a88a9652 4571
b644ba33 4572int mgmt_remote_name(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
04124681 4573 u8 addr_type, s8 rssi, u8 *name, u8 name_len)
a88a9652 4574{
b644ba33
JH		 4575 struct mgmt_ev_device_found *ev;
4576 char buf[sizeof(*ev) + HCI_MAX_NAME_LENGTH + 2];
4577 u16 eir_len;
a88a9652 4578
b644ba33 4579 ev = (struct mgmt_ev_device_found *) buf;
a88a9652 4580
b644ba33
JH		 4581 memset(buf, 0, sizeof(buf));
4582
4583 bacpy(&ev->addr.bdaddr, bdaddr);
57c1477c 4584 ev->addr.type = link_to_bdaddr(link_type, addr_type);
b644ba33
JH		 4585 ev->rssi = rssi;
4586
4587 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE, name,
04124681 4588 name_len);
b644ba33 4589
eb55ef07 4590 ev->eir_len = cpu_to_le16(eir_len);
a88a9652 4591
053c7e0c 4592 return mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev,
04124681 4593 sizeof(*ev) + eir_len, NULL);
a88a9652 4594}
314b2381 4595
744cf19e 4596int mgmt_discovering(struct hci_dev *hdev, u8 discovering)
314b2381 4597{
f963e8e9 4598 struct mgmt_ev_discovering ev;
164a6e78
JH		 4599 struct pending_cmd *cmd;
4600
343fb145
AG		 4601 BT_DBG("%s discovering %u", hdev->name, discovering);
4602
164a6e78 4603 if (discovering)
2e58ef3e 4604 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
164a6e78 4605 else
2e58ef3e 4606 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
164a6e78
JH		 4607
4608 if (cmd != NULL) {
f808e166
JH		 4609 u8 type = hdev->discovery.type;
4610
04124681
GP		 4611 cmd_complete(cmd->sk, hdev->id, cmd->opcode, 0, &type,
4612 sizeof(type));
164a6e78
JH		 4613 mgmt_pending_remove(cmd);
4614 }
4615
f963e8e9
JH		 4616 memset(&ev, 0, sizeof(ev));
4617 ev.type = hdev->discovery.type;
4618 ev.discovering = discovering;
4619
4620 return mgmt_event(MGMT_EV_DISCOVERING, hdev, &ev, sizeof(ev), NULL);
314b2381 4621}
5e762444 4622
88c1fe4b 4623int mgmt_device_blocked(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
5e762444
AJ		 4624{
4625 struct pending_cmd *cmd;
4626 struct mgmt_ev_device_blocked ev;
4627
2e58ef3e 4628 cmd = mgmt_pending_find(MGMT_OP_BLOCK_DEVICE, hdev);
5e762444 4629
88c1fe4b
JH		 4630 bacpy(&ev.addr.bdaddr, bdaddr);
4631 ev.addr.type = type;
5e762444 4632
744cf19e 4633 return mgmt_event(MGMT_EV_DEVICE_BLOCKED, hdev, &ev, sizeof(ev),
04124681 4634 cmd ? cmd->sk : NULL);
5e762444
AJ		 4635}
4636
88c1fe4b 4637int mgmt_device_unblocked(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
5e762444
AJ		 4638{
4639 struct pending_cmd *cmd;
4640 struct mgmt_ev_device_unblocked ev;
4641
2e58ef3e 4642 cmd = mgmt_pending_find(MGMT_OP_UNBLOCK_DEVICE, hdev);
5e762444 4643
88c1fe4b
JH		 4644 bacpy(&ev.addr.bdaddr, bdaddr);
4645 ev.addr.type = type;
5e762444 4646
744cf19e 4647 return mgmt_event(MGMT_EV_DEVICE_UNBLOCKED, hdev, &ev, sizeof(ev),
04124681 4648 cmd ? cmd->sk : NULL);
5e762444 4649}
5976e608
MH		 4650
4651static void adv_enable_complete(struct hci_dev *hdev, u8 status)
4652{
4653 BT_DBG("%s status %u", hdev->name, status);
4654
4655 /* Clear the advertising mgmt setting if we failed to re-enable it */
4656 if (status) {
4657 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
a6d811ed 4658 new_settings(hdev, NULL);
5976e608
MH		 4659 }
4660}
4661
4662void mgmt_reenable_advertising(struct hci_dev *hdev)
4663{
4664 struct hci_request req;
4665
4666 if (hdev->conn_hash.le_num)
4667 return;
4668
4669 if (!test_bit(HCI_ADVERTISING, &hdev->dev_flags))
4670 return;
4671
4672 hci_req_init(&req, hdev);
4673 enable_advertising(&req);
4674
4675 /* If this fails we have no option but to let user space know
4676 * that we've disabled advertising.
4677 */
4678 if (hci_req_run(&req, adv_enable_complete) < 0) {
4679 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
a6d811ed 4680 new_settings(hdev, NULL);
5976e608
MH		 4681 }
4682}
Linux kernel - Deliverables
This page took 0.485673 seconds and 5 git commands to generate.