projects / deliverable / linux.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Bluetooth: Introduce a new HCI_BREDR_ENABLED flag
[deliverable/linux.git] / net / bluetooth / mgmt.c
CommitLineData
0381101f
JH		 1/*
2 BlueZ - Bluetooth protocol stack for Linux
ea585ab5 3
0381101f 4 Copyright (C) 2010 Nokia Corporation
ea585ab5 5 Copyright (C) 2011-2012 Intel Corporation
0381101f
JH		 6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
10
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
23*/
24
25/* Bluetooth HCI Management interface */
26
3a9a231d 27#include <linux/module.h>
0381101f
JH		 28#include <asm/unaligned.h>
29
30#include <net/bluetooth/bluetooth.h>
31#include <net/bluetooth/hci_core.h>
32#include <net/bluetooth/mgmt.h>
5fe57d9e 33#include <net/bluetooth/smp.h>
0381101f 34
2da9c55c 35#define MGMT_VERSION 1
3810285c 36#define MGMT_REVISION 3
02d98129 37
e70bb2e8
JH		 38static const u16 mgmt_commands[] = {
39 MGMT_OP_READ_INDEX_LIST,
40 MGMT_OP_READ_INFO,
41 MGMT_OP_SET_POWERED,
42 MGMT_OP_SET_DISCOVERABLE,
43 MGMT_OP_SET_CONNECTABLE,
44 MGMT_OP_SET_FAST_CONNECTABLE,
45 MGMT_OP_SET_PAIRABLE,
46 MGMT_OP_SET_LINK_SECURITY,
47 MGMT_OP_SET_SSP,
48 MGMT_OP_SET_HS,
49 MGMT_OP_SET_LE,
50 MGMT_OP_SET_DEV_CLASS,
51 MGMT_OP_SET_LOCAL_NAME,
52 MGMT_OP_ADD_UUID,
53 MGMT_OP_REMOVE_UUID,
54 MGMT_OP_LOAD_LINK_KEYS,
55 MGMT_OP_LOAD_LONG_TERM_KEYS,
56 MGMT_OP_DISCONNECT,
57 MGMT_OP_GET_CONNECTIONS,
58 MGMT_OP_PIN_CODE_REPLY,
59 MGMT_OP_PIN_CODE_NEG_REPLY,
60 MGMT_OP_SET_IO_CAPABILITY,
61 MGMT_OP_PAIR_DEVICE,
62 MGMT_OP_CANCEL_PAIR_DEVICE,
63 MGMT_OP_UNPAIR_DEVICE,
64 MGMT_OP_USER_CONFIRM_REPLY,
65 MGMT_OP_USER_CONFIRM_NEG_REPLY,
66 MGMT_OP_USER_PASSKEY_REPLY,
67 MGMT_OP_USER_PASSKEY_NEG_REPLY,
68 MGMT_OP_READ_LOCAL_OOB_DATA,
69 MGMT_OP_ADD_REMOTE_OOB_DATA,
70 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
71 MGMT_OP_START_DISCOVERY,
72 MGMT_OP_STOP_DISCOVERY,
73 MGMT_OP_CONFIRM_NAME,
74 MGMT_OP_BLOCK_DEVICE,
75 MGMT_OP_UNBLOCK_DEVICE,
cdbaccca 76 MGMT_OP_SET_DEVICE_ID,
4375f103 77 MGMT_OP_SET_ADVERTISING,
e70bb2e8
JH		 78};
79
80static const u16 mgmt_events[] = {
81 MGMT_EV_CONTROLLER_ERROR,
82 MGMT_EV_INDEX_ADDED,
83 MGMT_EV_INDEX_REMOVED,
84 MGMT_EV_NEW_SETTINGS,
85 MGMT_EV_CLASS_OF_DEV_CHANGED,
86 MGMT_EV_LOCAL_NAME_CHANGED,
87 MGMT_EV_NEW_LINK_KEY,
88 MGMT_EV_NEW_LONG_TERM_KEY,
89 MGMT_EV_DEVICE_CONNECTED,
90 MGMT_EV_DEVICE_DISCONNECTED,
91 MGMT_EV_CONNECT_FAILED,
92 MGMT_EV_PIN_CODE_REQUEST,
93 MGMT_EV_USER_CONFIRM_REQUEST,
94 MGMT_EV_USER_PASSKEY_REQUEST,
95 MGMT_EV_AUTH_FAILED,
96 MGMT_EV_DEVICE_FOUND,
97 MGMT_EV_DISCOVERING,
98 MGMT_EV_DEVICE_BLOCKED,
99 MGMT_EV_DEVICE_UNBLOCKED,
100 MGMT_EV_DEVICE_UNPAIRED,
92a25256 101 MGMT_EV_PASSKEY_NOTIFY,
e70bb2e8
JH		 102};
103
17b02e62 104#define CACHE_TIMEOUT msecs_to_jiffies(2 * 1000)
7d78525d 105
4b34ee78
JH		 106#define hdev_is_powered(hdev) (test_bit(HCI_UP, &hdev->flags) && \
107 !test_bit(HCI_AUTO_OFF, &hdev->dev_flags))
108
eec8d2bc
JH		 109struct pending_cmd {
110 struct list_head list;
fc2f4b13 111 u16 opcode;
eec8d2bc 112 int index;
c68fb7ff 113 void *param;
eec8d2bc 114 struct sock *sk;
e9a416b5 115 void *user_data;
eec8d2bc
JH		 116};
117
ca69b795
JH		 118/* HCI to MGMT error code conversion table */
119static u8 mgmt_status_table[] = {
120 MGMT_STATUS_SUCCESS,
121 MGMT_STATUS_UNKNOWN_COMMAND, /* Unknown Command */
122 MGMT_STATUS_NOT_CONNECTED, /* No Connection */
123 MGMT_STATUS_FAILED, /* Hardware Failure */
124 MGMT_STATUS_CONNECT_FAILED, /* Page Timeout */
125 MGMT_STATUS_AUTH_FAILED, /* Authentication Failed */
126 MGMT_STATUS_NOT_PAIRED, /* PIN or Key Missing */
127 MGMT_STATUS_NO_RESOURCES, /* Memory Full */
128 MGMT_STATUS_TIMEOUT, /* Connection Timeout */
129 MGMT_STATUS_NO_RESOURCES, /* Max Number of Connections */
130 MGMT_STATUS_NO_RESOURCES, /* Max Number of SCO Connections */
131 MGMT_STATUS_ALREADY_CONNECTED, /* ACL Connection Exists */
132 MGMT_STATUS_BUSY, /* Command Disallowed */
133 MGMT_STATUS_NO_RESOURCES, /* Rejected Limited Resources */
134 MGMT_STATUS_REJECTED, /* Rejected Security */
135 MGMT_STATUS_REJECTED, /* Rejected Personal */
136 MGMT_STATUS_TIMEOUT, /* Host Timeout */
137 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Feature */
138 MGMT_STATUS_INVALID_PARAMS, /* Invalid Parameters */
139 MGMT_STATUS_DISCONNECTED, /* OE User Ended Connection */
140 MGMT_STATUS_NO_RESOURCES, /* OE Low Resources */
141 MGMT_STATUS_DISCONNECTED, /* OE Power Off */
142 MGMT_STATUS_DISCONNECTED, /* Connection Terminated */
143 MGMT_STATUS_BUSY, /* Repeated Attempts */
144 MGMT_STATUS_REJECTED, /* Pairing Not Allowed */
145 MGMT_STATUS_FAILED, /* Unknown LMP PDU */
146 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Remote Feature */
147 MGMT_STATUS_REJECTED, /* SCO Offset Rejected */
148 MGMT_STATUS_REJECTED, /* SCO Interval Rejected */
149 MGMT_STATUS_REJECTED, /* Air Mode Rejected */
150 MGMT_STATUS_INVALID_PARAMS, /* Invalid LMP Parameters */
151 MGMT_STATUS_FAILED, /* Unspecified Error */
152 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported LMP Parameter Value */
153 MGMT_STATUS_FAILED, /* Role Change Not Allowed */
154 MGMT_STATUS_TIMEOUT, /* LMP Response Timeout */
155 MGMT_STATUS_FAILED, /* LMP Error Transaction Collision */
156 MGMT_STATUS_FAILED, /* LMP PDU Not Allowed */
157 MGMT_STATUS_REJECTED, /* Encryption Mode Not Accepted */
158 MGMT_STATUS_FAILED, /* Unit Link Key Used */
159 MGMT_STATUS_NOT_SUPPORTED, /* QoS Not Supported */
160 MGMT_STATUS_TIMEOUT, /* Instant Passed */
161 MGMT_STATUS_NOT_SUPPORTED, /* Pairing Not Supported */
162 MGMT_STATUS_FAILED, /* Transaction Collision */
163 MGMT_STATUS_INVALID_PARAMS, /* Unacceptable Parameter */
164 MGMT_STATUS_REJECTED, /* QoS Rejected */
165 MGMT_STATUS_NOT_SUPPORTED, /* Classification Not Supported */
166 MGMT_STATUS_REJECTED, /* Insufficient Security */
167 MGMT_STATUS_INVALID_PARAMS, /* Parameter Out Of Range */
168 MGMT_STATUS_BUSY, /* Role Switch Pending */
169 MGMT_STATUS_FAILED, /* Slot Violation */
170 MGMT_STATUS_FAILED, /* Role Switch Failed */
171 MGMT_STATUS_INVALID_PARAMS, /* EIR Too Large */
172 MGMT_STATUS_NOT_SUPPORTED, /* Simple Pairing Not Supported */
173 MGMT_STATUS_BUSY, /* Host Busy Pairing */
174 MGMT_STATUS_REJECTED, /* Rejected, No Suitable Channel */
175 MGMT_STATUS_BUSY, /* Controller Busy */
176 MGMT_STATUS_INVALID_PARAMS, /* Unsuitable Connection Interval */
177 MGMT_STATUS_TIMEOUT, /* Directed Advertising Timeout */
178 MGMT_STATUS_AUTH_FAILED, /* Terminated Due to MIC Failure */
179 MGMT_STATUS_CONNECT_FAILED, /* Connection Establishment Failed */
180 MGMT_STATUS_CONNECT_FAILED, /* MAC Connection Failed */
181};
182
bb4b2a9a
AE		 183bool mgmt_valid_hdev(struct hci_dev *hdev)
184{
185 return hdev->dev_type == HCI_BREDR;
186}
187
ca69b795
JH		 188static u8 mgmt_status(u8 hci_status)
189{
190 if (hci_status < ARRAY_SIZE(mgmt_status_table))
191 return mgmt_status_table[hci_status];
192
193 return MGMT_STATUS_FAILED;
194}
195
4e51eae9 196static int cmd_status(struct sock *sk, u16 index, u16 cmd, u8 status)
f7b64e69
JH		 197{
198 struct sk_buff *skb;
199 struct mgmt_hdr *hdr;
200 struct mgmt_ev_cmd_status *ev;
56b7d137 201 int err;
f7b64e69 202
34eb525c 203 BT_DBG("sock %p, index %u, cmd %u, status %u", sk, index, cmd, status);
f7b64e69 204
790eff44 205 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev), GFP_KERNEL);
f7b64e69
JH		 206 if (!skb)
207 return -ENOMEM;
208
209 hdr = (void *) skb_put(skb, sizeof(*hdr));
210
612dfce9 211 hdr->opcode = __constant_cpu_to_le16(MGMT_EV_CMD_STATUS);
4e51eae9 212 hdr->index = cpu_to_le16(index);
f7b64e69
JH		 213 hdr->len = cpu_to_le16(sizeof(*ev));
214
215 ev = (void *) skb_put(skb, sizeof(*ev));
216 ev->status = status;
eb55ef07 217 ev->opcode = cpu_to_le16(cmd);
f7b64e69 218
56b7d137
GP		 219 err = sock_queue_rcv_skb(sk, skb);
220 if (err < 0)
f7b64e69
JH		 221 kfree_skb(skb);
222
56b7d137 223 return err;
f7b64e69
JH		 224}
225
aee9b218 226static int cmd_complete(struct sock *sk, u16 index, u16 cmd, u8 status,
04124681 227 void *rp, size_t rp_len)
02d98129
JH		 228{
229 struct sk_buff *skb;
230 struct mgmt_hdr *hdr;
231 struct mgmt_ev_cmd_complete *ev;
56b7d137 232 int err;
02d98129
JH		 233
234 BT_DBG("sock %p", sk);
235
790eff44 236 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev) + rp_len, GFP_KERNEL);
02d98129
JH		 237 if (!skb)
238 return -ENOMEM;
239
240 hdr = (void *) skb_put(skb, sizeof(*hdr));
02d98129 241
612dfce9 242 hdr->opcode = __constant_cpu_to_le16(MGMT_EV_CMD_COMPLETE);
4e51eae9 243 hdr->index = cpu_to_le16(index);
a38528f1 244 hdr->len = cpu_to_le16(sizeof(*ev) + rp_len);
02d98129 245
a38528f1 246 ev = (void *) skb_put(skb, sizeof(*ev) + rp_len);
eb55ef07 247 ev->opcode = cpu_to_le16(cmd);
aee9b218 248 ev->status = status;
8020c16a
SJ		 249
250 if (rp)
251 memcpy(ev->data, rp, rp_len);
02d98129 252
56b7d137
GP		 253 err = sock_queue_rcv_skb(sk, skb);
254 if (err < 0)
02d98129
JH		 255 kfree_skb(skb);
256
e5f0e151 257 return err;
02d98129
JH		 258}
259
04124681
GP		 260static int read_version(struct sock *sk, struct hci_dev *hdev, void *data,
261 u16 data_len)
a38528f1
JH		 262{
263 struct mgmt_rp_read_version rp;
264
265 BT_DBG("sock %p", sk);
266
267 rp.version = MGMT_VERSION;
eb55ef07 268 rp.revision = __constant_cpu_to_le16(MGMT_REVISION);
a38528f1 269
aee9b218 270 return cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_VERSION, 0, &rp,
04124681 271 sizeof(rp));
a38528f1
JH		 272}
273
04124681
GP		 274static int read_commands(struct sock *sk, struct hci_dev *hdev, void *data,
275 u16 data_len)
e70bb2e8
JH		 276{
277 struct mgmt_rp_read_commands *rp;
eb55ef07
MH		 278 const u16 num_commands = ARRAY_SIZE(mgmt_commands);
279 const u16 num_events = ARRAY_SIZE(mgmt_events);
2e3c35ea 280 __le16 *opcode;
e70bb2e8
JH		 281 size_t rp_size;
282 int i, err;
283
284 BT_DBG("sock %p", sk);
285
286 rp_size = sizeof(*rp) + ((num_commands + num_events) * sizeof(u16));
287
288 rp = kmalloc(rp_size, GFP_KERNEL);
289 if (!rp)
290 return -ENOMEM;
291
eb55ef07
MH		 292 rp->num_commands = __constant_cpu_to_le16(num_commands);
293 rp->num_events = __constant_cpu_to_le16(num_events);
e70bb2e8
JH		 294
295 for (i = 0, opcode = rp->opcodes; i < num_commands; i++, opcode++)
296 put_unaligned_le16(mgmt_commands[i], opcode);
297
298 for (i = 0; i < num_events; i++, opcode++)
299 put_unaligned_le16(mgmt_events[i], opcode);
300
aee9b218 301 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_COMMANDS, 0, rp,
04124681 302 rp_size);
e70bb2e8
JH		 303 kfree(rp);
304
305 return err;
306}
307
04124681
GP		 308static int read_index_list(struct sock *sk, struct hci_dev *hdev, void *data,
309 u16 data_len)
faba42eb 310{
faba42eb 311 struct mgmt_rp_read_index_list *rp;
8035ded4 312 struct hci_dev *d;
a38528f1 313 size_t rp_len;
faba42eb 314 u16 count;
476e44cb 315 int err;
faba42eb
JH		 316
317 BT_DBG("sock %p", sk);
318
319 read_lock(&hci_dev_list_lock);
320
321 count = 0;
bb4b2a9a
AE		 322 list_for_each_entry(d, &hci_dev_list, list) {
323 if (!mgmt_valid_hdev(d))
324 continue;
325
faba42eb
JH		 326 count++;
327 }
328
a38528f1
JH		 329 rp_len = sizeof(*rp) + (2 * count);
330 rp = kmalloc(rp_len, GFP_ATOMIC);
331 if (!rp) {
b2c60d42 332 read_unlock(&hci_dev_list_lock);
faba42eb 333 return -ENOMEM;
b2c60d42 334 }
faba42eb 335
476e44cb 336 count = 0;
8035ded4 337 list_for_each_entry(d, &hci_dev_list, list) {
a8b2d5c2 338 if (test_bit(HCI_SETUP, &d->dev_flags))
ab81cbf9
JH		 339 continue;
340
0736cfa8
MH		 341 if (test_bit(HCI_USER_CHANNEL, &d->dev_flags))
342 continue;
343
bb4b2a9a
AE		 344 if (!mgmt_valid_hdev(d))
345 continue;
346
476e44cb 347 rp->index[count++] = cpu_to_le16(d->id);
faba42eb
JH		 348 BT_DBG("Added hci%u", d->id);
349 }
350
476e44cb
JH		 351 rp->num_controllers = cpu_to_le16(count);
352 rp_len = sizeof(*rp) + (2 * count);
353
faba42eb
JH		 354 read_unlock(&hci_dev_list_lock);
355
aee9b218 356 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_INDEX_LIST, 0, rp,
04124681 357 rp_len);
faba42eb 358
a38528f1
JH		 359 kfree(rp);
360
361 return err;
faba42eb
JH		 362}
363
69ab39ea
JH		 364static u32 get_supported_settings(struct hci_dev *hdev)
365{
366 u32 settings = 0;
367
368 settings |= MGMT_SETTING_POWERED;
69ab39ea
JH		 369 settings |= MGMT_SETTING_PAIRABLE;
370
9a1a1996 371 if (lmp_ssp_capable(hdev))
69ab39ea
JH		 372 settings |= MGMT_SETTING_SSP;
373
ed3fa31f 374 if (lmp_bredr_capable(hdev)) {
33c525c0 375 settings |= MGMT_SETTING_CONNECTABLE;
1a47aee8
JH		 376 if (hdev->hci_ver >= BLUETOOTH_VER_1_2)
377 settings |= MGMT_SETTING_FAST_CONNECTABLE;
33c525c0 378 settings |= MGMT_SETTING_DISCOVERABLE;
69ab39ea
JH		 379 settings |= MGMT_SETTING_BREDR;
380 settings |= MGMT_SETTING_LINK_SECURITY;
d7b7e796 381 settings |= MGMT_SETTING_HS;
848566b3 382 }
d7b7e796 383
eeca6f89 384 if (lmp_le_capable(hdev)) {
9d42820f 385 settings |= MGMT_SETTING_LE;
eeca6f89
JH		 386 settings |= MGMT_SETTING_ADVERTISING;
387 }
69ab39ea
JH		 388
389 return settings;
390}
391
392static u32 get_current_settings(struct hci_dev *hdev)
393{
394 u32 settings = 0;
395
f1f0eb02 396 if (hdev_is_powered(hdev))
f0d4b78a
MH		 397 settings |= MGMT_SETTING_POWERED;
398
5e5282bb 399 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
69ab39ea
JH		 400 settings |= MGMT_SETTING_CONNECTABLE;
401
1a4d3c4b
JH		 402 if (test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags))
403 settings |= MGMT_SETTING_FAST_CONNECTABLE;
404
5e5282bb 405 if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
69ab39ea
JH		 406 settings |= MGMT_SETTING_DISCOVERABLE;
407
a8b2d5c2 408 if (test_bit(HCI_PAIRABLE, &hdev->dev_flags))
69ab39ea
JH		 409 settings |= MGMT_SETTING_PAIRABLE;
410
56f87901 411 if (test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
69ab39ea
JH		 412 settings |= MGMT_SETTING_BREDR;
413
06199cf8 414 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
69ab39ea
JH		 415 settings |= MGMT_SETTING_LE;
416
47990ea0 417 if (test_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
69ab39ea
JH		 418 settings |= MGMT_SETTING_LINK_SECURITY;
419
84bde9d6 420 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
69ab39ea
JH		 421 settings |= MGMT_SETTING_SSP;
422
6d80dfd0
JH		 423 if (test_bit(HCI_HS_ENABLED, &hdev->dev_flags))
424 settings |= MGMT_SETTING_HS;
425
eeca6f89
JH		 426 if (test_bit(HCI_LE_PERIPHERAL, &hdev->dev_flags))
427 settings |= MGMT_SETTING_ADVERTISING;
428
69ab39ea
JH		 429 return settings;
430}
431
ef580372
JH		 432#define PNP_INFO_SVCLASS_ID 0x1200
433
213202ed
JH		 434static u8 *create_uuid16_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
435{
436 u8 *ptr = data, *uuids_start = NULL;
437 struct bt_uuid *uuid;
438
439 if (len < 4)
440 return ptr;
441
442 list_for_each_entry(uuid, &hdev->uuids, list) {
443 u16 uuid16;
444
445 if (uuid->size != 16)
446 continue;
447
448 uuid16 = get_unaligned_le16(&uuid->uuid[12]);
449 if (uuid16 < 0x1100)
450 continue;
451
452 if (uuid16 == PNP_INFO_SVCLASS_ID)
453 continue;
454
455 if (!uuids_start) {
456 uuids_start = ptr;
457 uuids_start[0] = 1;
458 uuids_start[1] = EIR_UUID16_ALL;
459 ptr += 2;
460 }
461
462 /* Stop if not enough space to put next UUID */
463 if ((ptr - data) + sizeof(u16) > len) {
464 uuids_start[1] = EIR_UUID16_SOME;
465 break;
466 }
467
468 *ptr++ = (uuid16 & 0x00ff);
469 *ptr++ = (uuid16 & 0xff00) >> 8;
470 uuids_start[0] += sizeof(uuid16);
471 }
472
473 return ptr;
474}
475
cdf1963f
JH		 476static u8 *create_uuid32_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
477{
478 u8 *ptr = data, *uuids_start = NULL;
479 struct bt_uuid *uuid;
480
481 if (len < 6)
482 return ptr;
483
484 list_for_each_entry(uuid, &hdev->uuids, list) {
485 if (uuid->size != 32)
486 continue;
487
488 if (!uuids_start) {
489 uuids_start = ptr;
490 uuids_start[0] = 1;
491 uuids_start[1] = EIR_UUID32_ALL;
492 ptr += 2;
493 }
494
495 /* Stop if not enough space to put next UUID */
496 if ((ptr - data) + sizeof(u32) > len) {
497 uuids_start[1] = EIR_UUID32_SOME;
498 break;
499 }
500
501 memcpy(ptr, &uuid->uuid[12], sizeof(u32));
502 ptr += sizeof(u32);
503 uuids_start[0] += sizeof(u32);
504 }
505
506 return ptr;
507}
508
c00d575b
JH		 509static u8 *create_uuid128_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
510{
511 u8 *ptr = data, *uuids_start = NULL;
512 struct bt_uuid *uuid;
513
514 if (len < 18)
515 return ptr;
516
517 list_for_each_entry(uuid, &hdev->uuids, list) {
518 if (uuid->size != 128)
519 continue;
520
521 if (!uuids_start) {
522 uuids_start = ptr;
523 uuids_start[0] = 1;
524 uuids_start[1] = EIR_UUID128_ALL;
525 ptr += 2;
526 }
527
528 /* Stop if not enough space to put next UUID */
529 if ((ptr - data) + 16 > len) {
530 uuids_start[1] = EIR_UUID128_SOME;
531 break;
532 }
533
534 memcpy(ptr, uuid->uuid, 16);
535 ptr += 16;
536 uuids_start[0] += 16;
537 }
538
539 return ptr;
540}
541
ef580372
JH		 542static void create_eir(struct hci_dev *hdev, u8 *data)
543{
544 u8 *ptr = data;
ef580372
JH		 545 size_t name_len;
546
547 name_len = strlen(hdev->dev_name);
548
549 if (name_len > 0) {
550 /* EIR Data type */
551 if (name_len > 48) {
552 name_len = 48;
553 ptr[1] = EIR_NAME_SHORT;
554 } else
555 ptr[1] = EIR_NAME_COMPLETE;
556
557 /* EIR Data length */
558 ptr[0] = name_len + 1;
559
560 memcpy(ptr + 2, hdev->dev_name, name_len);
561
ef580372
JH		 562 ptr += (name_len + 2);
563 }
564
bbaf444a 565 if (hdev->inq_tx_power != HCI_TX_POWER_INVALID) {
91c4e9b1
MH		 566 ptr[0] = 2;
567 ptr[1] = EIR_TX_POWER;
568 ptr[2] = (u8) hdev->inq_tx_power;
569
91c4e9b1
MH		 570 ptr += 3;
571 }
572
2b9be137
MH		 573 if (hdev->devid_source > 0) {
574 ptr[0] = 9;
575 ptr[1] = EIR_DEVICE_ID;
576
577 put_unaligned_le16(hdev->devid_source, ptr + 2);
578 put_unaligned_le16(hdev->devid_vendor, ptr + 4);
579 put_unaligned_le16(hdev->devid_product, ptr + 6);
580 put_unaligned_le16(hdev->devid_version, ptr + 8);
581
2b9be137
MH		 582 ptr += 10;
583 }
584
213202ed 585 ptr = create_uuid16_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
cdf1963f 586 ptr = create_uuid32_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
c00d575b 587 ptr = create_uuid128_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
ef580372
JH		 588}
589
890ea898 590static void update_eir(struct hci_request *req)
ef580372 591{
890ea898 592 struct hci_dev *hdev = req->hdev;
ef580372
JH		 593 struct hci_cp_write_eir cp;
594
504c8dcd 595 if (!hdev_is_powered(hdev))
890ea898 596 return;
7770c4aa 597
976eb20e 598 if (!lmp_ext_inq_capable(hdev))
890ea898 599 return;
ef580372 600
84bde9d6 601 if (!test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
890ea898 602 return;
ef580372 603
a8b2d5c2 604 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
890ea898 605 return;
ef580372
JH		 606
607 memset(&cp, 0, sizeof(cp));
608
609 create_eir(hdev, cp.data);
610
611 if (memcmp(cp.data, hdev->eir, sizeof(cp.data)) == 0)
890ea898 612 return;
ef580372
JH		 613
614 memcpy(hdev->eir, cp.data, sizeof(cp.data));
615
890ea898 616 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
ef580372
JH		 617}
618
619static u8 get_service_classes(struct hci_dev *hdev)
620{
621 struct bt_uuid *uuid;
622 u8 val = 0;
623
624 list_for_each_entry(uuid, &hdev->uuids, list)
625 val |= uuid->svc_hint;
626
627 return val;
628}
629
890ea898 630static void update_class(struct hci_request *req)
ef580372 631{
890ea898 632 struct hci_dev *hdev = req->hdev;
ef580372
JH		 633 u8 cod[3];
634
635 BT_DBG("%s", hdev->name);
636
504c8dcd 637 if (!hdev_is_powered(hdev))
890ea898 638 return;
7770c4aa 639
a8b2d5c2 640 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
890ea898 641 return;
ef580372
JH		 642
643 cod[0] = hdev->minor_class;
644 cod[1] = hdev->major_class;
645 cod[2] = get_service_classes(hdev);
646
647 if (memcmp(cod, hdev->dev_class, 3) == 0)
890ea898 648 return;
ef580372 649
890ea898 650 hci_req_add(req, HCI_OP_WRITE_CLASS_OF_DEV, sizeof(cod), cod);
ef580372
JH		 651}
652
7d78525d
JH		 653static void service_cache_off(struct work_struct *work)
654{
655 struct hci_dev *hdev = container_of(work, struct hci_dev,
04124681 656 service_cache.work);
890ea898 657 struct hci_request req;
7d78525d 658
a8b2d5c2 659 if (!test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
7d78525d
JH		 660 return;
661
890ea898
JH		 662 hci_req_init(&req, hdev);
663
7d78525d
JH		 664 hci_dev_lock(hdev);
665
890ea898
JH		 666 update_eir(&req);
667 update_class(&req);
7d78525d
JH		 668
669 hci_dev_unlock(hdev);
890ea898
JH		 670
671 hci_req_run(&req, NULL);
7d78525d
JH		 672}
673
6a919082 674static void mgmt_init_hdev(struct sock *sk, struct hci_dev *hdev)
7d78525d 675{
4f87da80 676 if (test_and_set_bit(HCI_MGMT, &hdev->dev_flags))
6a919082
JH		 677 return;
678
4f87da80 679 INIT_DELAYED_WORK(&hdev->service_cache, service_cache_off);
7d78525d 680
4f87da80
JH		 681 /* Non-mgmt controlled devices get this bit set
682 * implicitly so that pairing works for them, however
683 * for mgmt we require user-space to explicitly enable
684 * it
685 */
686 clear_bit(HCI_PAIRABLE, &hdev->dev_flags);
7d78525d
JH		 687}
688
0f4e68cf 689static int read_controller_info(struct sock *sk, struct hci_dev *hdev,
04124681 690 void *data, u16 data_len)
0381101f 691{
a38528f1 692 struct mgmt_rp_read_info rp;
f7b64e69 693
bdb6d971 694 BT_DBG("sock %p %s", sk, hdev->name);
f7b64e69 695
09fd0de5 696 hci_dev_lock(hdev);
f7b64e69 697
dc4fe30b
JH		 698 memset(&rp, 0, sizeof(rp));
699
69ab39ea 700 bacpy(&rp.bdaddr, &hdev->bdaddr);
f7b64e69 701
69ab39ea 702 rp.version = hdev->hci_ver;
eb55ef07 703 rp.manufacturer = cpu_to_le16(hdev->manufacturer);
69ab39ea
JH		 704
705 rp.supported_settings = cpu_to_le32(get_supported_settings(hdev));
706 rp.current_settings = cpu_to_le32(get_current_settings(hdev));
f7b64e69 707
a38528f1 708 memcpy(rp.dev_class, hdev->dev_class, 3);
f7b64e69 709
dc4fe30b 710 memcpy(rp.name, hdev->dev_name, sizeof(hdev->dev_name));
27fcc362 711 memcpy(rp.short_name, hdev->short_name, sizeof(hdev->short_name));
dc4fe30b 712
09fd0de5 713 hci_dev_unlock(hdev);
0381101f 714
bdb6d971 715 return cmd_complete(sk, hdev->id, MGMT_OP_READ_INFO, 0, &rp,
04124681 716 sizeof(rp));
0381101f
JH		 717}
718
eec8d2bc
JH		 719static void mgmt_pending_free(struct pending_cmd *cmd)
720{
721 sock_put(cmd->sk);
c68fb7ff 722 kfree(cmd->param);
eec8d2bc
JH		 723 kfree(cmd);
724}
725
366a0336 726static struct pending_cmd *mgmt_pending_add(struct sock *sk, u16 opcode,
04124681
GP		 727 struct hci_dev *hdev, void *data,
728 u16 len)
eec8d2bc
JH		 729{
730 struct pending_cmd *cmd;
731
12b94565 732 cmd = kmalloc(sizeof(*cmd), GFP_KERNEL);
eec8d2bc 733 if (!cmd)
366a0336 734 return NULL;
eec8d2bc
JH		 735
736 cmd->opcode = opcode;
2e58ef3e 737 cmd->index = hdev->id;
eec8d2bc 738
12b94565 739 cmd->param = kmalloc(len, GFP_KERNEL);
c68fb7ff 740 if (!cmd->param) {
eec8d2bc 741 kfree(cmd);
366a0336 742 return NULL;
eec8d2bc
JH		 743 }
744
8fce6357
SJ		 745 if (data)
746 memcpy(cmd->param, data, len);
eec8d2bc
JH		 747
748 cmd->sk = sk;
749 sock_hold(sk);
750
2e58ef3e 751 list_add(&cmd->list, &hdev->mgmt_pending);
eec8d2bc 752
366a0336 753 return cmd;
eec8d2bc
JH		 754}
755
744cf19e 756static void mgmt_pending_foreach(u16 opcode, struct hci_dev *hdev,
8fc9ced3
GP		 757 void (*cb)(struct pending_cmd *cmd,
758 void *data),
04124681 759 void *data)
eec8d2bc 760{
a3d09356 761 struct pending_cmd *cmd, *tmp;
eec8d2bc 762
a3d09356 763 list_for_each_entry_safe(cmd, tmp, &hdev->mgmt_pending, list) {
b24752fe 764 if (opcode > 0 && cmd->opcode != opcode)
eec8d2bc
JH		 765 continue;
766
eec8d2bc
JH		 767 cb(cmd, data);
768 }
769}
770
2e58ef3e 771static struct pending_cmd *mgmt_pending_find(u16 opcode, struct hci_dev *hdev)
eec8d2bc 772{
8035ded4 773 struct pending_cmd *cmd;
eec8d2bc 774
2e58ef3e 775 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
2aeabcbe
JH		 776 if (cmd->opcode == opcode)
777 return cmd;
eec8d2bc
JH		 778 }
779
780 return NULL;
781}
782
a664b5bc 783static void mgmt_pending_remove(struct pending_cmd *cmd)
73f22f62 784{
73f22f62
JH		 785 list_del(&cmd->list);
786 mgmt_pending_free(cmd);
787}
788
69ab39ea 789static int send_settings_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
8680570b 790{
69ab39ea 791 __le32 settings = cpu_to_le32(get_current_settings(hdev));
8680570b 792
aee9b218 793 return cmd_complete(sk, hdev->id, opcode, 0, &settings,
04124681 794 sizeof(settings));
8680570b
JH		 795}
796
bdb6d971 797static int set_powered(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 798 u16 len)
eec8d2bc 799{
650f726d 800 struct mgmt_mode *cp = data;
366a0336 801 struct pending_cmd *cmd;
4b34ee78 802 int err;
eec8d2bc 803
bdb6d971 804 BT_DBG("request for %s", hdev->name);
eec8d2bc 805
a7e80f25
JH		 806 if (cp->val != 0x00 && cp->val != 0x01)
807 return cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
808 MGMT_STATUS_INVALID_PARAMS);
809
09fd0de5 810 hci_dev_lock(hdev);
eec8d2bc 811
87b95ba6
JH		 812 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev)) {
813 err = cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
814 MGMT_STATUS_BUSY);
815 goto failed;
816 }
817
f0d4b78a
MH		 818 if (test_and_clear_bit(HCI_AUTO_OFF, &hdev->dev_flags)) {
819 cancel_delayed_work(&hdev->power_off);
820
821 if (cp->val) {
a1d70450
JH		 822 mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev,
823 data, len);
824 err = mgmt_powered(hdev, 1);
f0d4b78a
MH		 825 goto failed;
826 }
827 }
828
4b34ee78 829 if (!!cp->val == hdev_is_powered(hdev)) {
69ab39ea 830 err = send_settings_rsp(sk, MGMT_OP_SET_POWERED, hdev);
eec8d2bc
JH		 831 goto failed;
832 }
833
2e58ef3e 834 cmd = mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev, data, len);
366a0336
JH		 835 if (!cmd) {
836 err = -ENOMEM;
eec8d2bc 837 goto failed;
366a0336 838 }
eec8d2bc 839
72a734ec 840 if (cp->val)
19202573 841 queue_work(hdev->req_workqueue, &hdev->power_on);
eec8d2bc 842 else
19202573 843 queue_work(hdev->req_workqueue, &hdev->power_off.work);
eec8d2bc 844
366a0336 845 err = 0;
eec8d2bc
JH		 846
847failed:
09fd0de5 848 hci_dev_unlock(hdev);
366a0336 849 return err;
eec8d2bc
JH		 850}
851
04124681
GP		 852static int mgmt_event(u16 event, struct hci_dev *hdev, void *data, u16 data_len,
853 struct sock *skip_sk)
beadb2bd
JH		 854{
855 struct sk_buff *skb;
856 struct mgmt_hdr *hdr;
857
790eff44 858 skb = alloc_skb(sizeof(*hdr) + data_len, GFP_KERNEL);
beadb2bd
JH		 859 if (!skb)
860 return -ENOMEM;
861
862 hdr = (void *) skb_put(skb, sizeof(*hdr));
863 hdr->opcode = cpu_to_le16(event);
864 if (hdev)
865 hdr->index = cpu_to_le16(hdev->id);
866 else
612dfce9 867 hdr->index = __constant_cpu_to_le16(MGMT_INDEX_NONE);
beadb2bd
JH		 868 hdr->len = cpu_to_le16(data_len);
869
870 if (data)
871 memcpy(skb_put(skb, data_len), data, data_len);
872
97e0bdeb
MH		 873 /* Time stamp */
874 __net_timestamp(skb);
875
beadb2bd
JH		 876 hci_send_to_control(skb, skip_sk);
877 kfree_skb(skb);
878
879 return 0;
880}
881
882static int new_settings(struct hci_dev *hdev, struct sock *skip)
883{
884 __le32 ev;
885
886 ev = cpu_to_le32(get_current_settings(hdev));
887
888 return mgmt_event(MGMT_EV_NEW_SETTINGS, hdev, &ev, sizeof(ev), skip);
889}
890
bd99abdd
JH		 891struct cmd_lookup {
892 struct sock *sk;
893 struct hci_dev *hdev;
894 u8 mgmt_status;
895};
896
897static void settings_rsp(struct pending_cmd *cmd, void *data)
898{
899 struct cmd_lookup *match = data;
900
901 send_settings_rsp(cmd->sk, cmd->opcode, match->hdev);
902
903 list_del(&cmd->list);
904
905 if (match->sk == NULL) {
906 match->sk = cmd->sk;
907 sock_hold(match->sk);
908 }
909
910 mgmt_pending_free(cmd);
911}
912
913static void cmd_status_rsp(struct pending_cmd *cmd, void *data)
914{
915 u8 *status = data;
916
917 cmd_status(cmd->sk, cmd->index, cmd->opcode, *status);
918 mgmt_pending_remove(cmd);
919}
920
bdb6d971 921static int set_discoverable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 922 u16 len)
73f22f62 923{
650f726d 924 struct mgmt_cp_set_discoverable *cp = data;
366a0336 925 struct pending_cmd *cmd;
5e5282bb 926 u16 timeout;
73f22f62
JH		 927 u8 scan;
928 int err;
929
bdb6d971 930 BT_DBG("request for %s", hdev->name);
73f22f62 931
56f87901 932 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
33c525c0
JH		 933 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
934 MGMT_STATUS_NOT_SUPPORTED);
935
a7e80f25
JH		 936 if (cp->val != 0x00 && cp->val != 0x01)
937 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
938 MGMT_STATUS_INVALID_PARAMS);
939
1f350c87 940 timeout = __le16_to_cpu(cp->timeout);
24c54a90 941 if (!cp->val && timeout > 0)
bdb6d971 942 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 943 MGMT_STATUS_INVALID_PARAMS);
73f22f62 944
09fd0de5 945 hci_dev_lock(hdev);
73f22f62 946
5e5282bb 947 if (!hdev_is_powered(hdev) && timeout > 0) {
bdb6d971 948 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 949 MGMT_STATUS_NOT_POWERED);
73f22f62
JH		 950 goto failed;
951 }
952
2e58ef3e 953 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
8ce8e2b5 954 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
bdb6d971 955 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 956 MGMT_STATUS_BUSY);
73f22f62
JH		 957 goto failed;
958 }
959
5e5282bb 960 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags)) {
bdb6d971 961 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 962 MGMT_STATUS_REJECTED);
5e5282bb
JH		 963 goto failed;
964 }
965
966 if (!hdev_is_powered(hdev)) {
0224d2fa
JH		 967 bool changed = false;
968
969 if (!!cp->val != test_bit(HCI_DISCOVERABLE, &hdev->dev_flags)) {
970 change_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
971 changed = true;
972 }
973
5e5282bb 974 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
0224d2fa
JH		 975 if (err < 0)
976 goto failed;
977
978 if (changed)
979 err = new_settings(hdev, sk);
980
5e5282bb
JH		 981 goto failed;
982 }
983
984 if (!!cp->val == test_bit(HCI_DISCOVERABLE, &hdev->dev_flags)) {
955638ec
MH		 985 if (hdev->discov_timeout > 0) {
986 cancel_delayed_work(&hdev->discov_off);
987 hdev->discov_timeout = 0;
988 }
989
990 if (cp->val && timeout > 0) {
991 hdev->discov_timeout = timeout;
992 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
993 msecs_to_jiffies(hdev->discov_timeout * 1000));
994 }
995
69ab39ea 996 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
73f22f62
JH		 997 goto failed;
998 }
999
2e58ef3e 1000 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DISCOVERABLE, hdev, data, len);
366a0336
JH		 1001 if (!cmd) {
1002 err = -ENOMEM;
73f22f62 1003 goto failed;
366a0336 1004 }
73f22f62
JH		 1005
1006 scan = SCAN_PAGE;
1007
72a734ec 1008 if (cp->val)
73f22f62 1009 scan |= SCAN_INQUIRY;
16ab91ab 1010 else
e0f9309f 1011 cancel_delayed_work(&hdev->discov_off);
73f22f62
JH		 1012
1013 err = hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1014 if (err < 0)
a664b5bc 1015 mgmt_pending_remove(cmd);
73f22f62 1016
16ab91ab 1017 if (cp->val)
5e5282bb 1018 hdev->discov_timeout = timeout;
16ab91ab 1019
73f22f62 1020failed:
09fd0de5 1021 hci_dev_unlock(hdev);
73f22f62
JH		 1022 return err;
1023}
1024
406d7804
JH		 1025static void write_fast_connectable(struct hci_request *req, bool enable)
1026{
bd98b996 1027 struct hci_dev *hdev = req->hdev;
406d7804
JH		 1028 struct hci_cp_write_page_scan_activity acp;
1029 u8 type;
1030
4c01f8b8
JH		 1031 if (hdev->hci_ver < BLUETOOTH_VER_1_2)
1032 return;
1033
406d7804
JH		 1034 if (enable) {
1035 type = PAGE_SCAN_TYPE_INTERLACED;
1036
1037 /* 160 msec page scan interval */
1038 acp.interval = __constant_cpu_to_le16(0x0100);
1039 } else {
1040 type = PAGE_SCAN_TYPE_STANDARD; /* default */
1041
1042 /* default 1.28 sec page scan */
1043 acp.interval = __constant_cpu_to_le16(0x0800);
1044 }
1045
1046 acp.window = __constant_cpu_to_le16(0x0012);
1047
bd98b996
JH		 1048 if (__cpu_to_le16(hdev->page_scan_interval) != acp.interval ||
1049 __cpu_to_le16(hdev->page_scan_window) != acp.window)
1050 hci_req_add(req, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY,
1051 sizeof(acp), &acp);
1052
1053 if (hdev->page_scan_type != type)
1054 hci_req_add(req, HCI_OP_WRITE_PAGE_SCAN_TYPE, 1, &type);
406d7804
JH		 1055}
1056
2b76f453
JH		 1057static void set_connectable_complete(struct hci_dev *hdev, u8 status)
1058{
1059 struct pending_cmd *cmd;
1060
1061 BT_DBG("status 0x%02x", status);
1062
1063 hci_dev_lock(hdev);
1064
1065 cmd = mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
1066 if (!cmd)
1067 goto unlock;
1068
1069 send_settings_rsp(cmd->sk, MGMT_OP_SET_CONNECTABLE, hdev);
1070
1071 mgmt_pending_remove(cmd);
1072
1073unlock:
1074 hci_dev_unlock(hdev);
1075}
1076
bdb6d971 1077static int set_connectable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1078 u16 len)
9fbcbb45 1079{
650f726d 1080 struct mgmt_mode *cp = data;
366a0336 1081 struct pending_cmd *cmd;
2b76f453 1082 struct hci_request req;
9fbcbb45
JH		 1083 u8 scan;
1084 int err;
1085
bdb6d971 1086 BT_DBG("request for %s", hdev->name);
9fbcbb45 1087
56f87901 1088 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
33c525c0
JH		 1089 return cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1090 MGMT_STATUS_NOT_SUPPORTED);
1091
a7e80f25
JH		 1092 if (cp->val != 0x00 && cp->val != 0x01)
1093 return cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1094 MGMT_STATUS_INVALID_PARAMS);
1095
09fd0de5 1096 hci_dev_lock(hdev);
9fbcbb45 1097
4b34ee78 1098 if (!hdev_is_powered(hdev)) {
0224d2fa
JH		 1099 bool changed = false;
1100
1101 if (!!cp->val != test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
1102 changed = true;
1103
6bf0e469 1104 if (cp->val) {
5e5282bb 1105 set_bit(HCI_CONNECTABLE, &hdev->dev_flags);
6bf0e469 1106 } else {
5e5282bb
JH		 1107 clear_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1108 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
1109 }
0224d2fa 1110
5e5282bb 1111 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
0224d2fa
JH		 1112 if (err < 0)
1113 goto failed;
1114
1115 if (changed)
1116 err = new_settings(hdev, sk);
1117
9fbcbb45
JH		 1118 goto failed;
1119 }
1120
2e58ef3e 1121 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
8ce8e2b5 1122 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
bdb6d971 1123 err = cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
04124681 1124 MGMT_STATUS_BUSY);
9fbcbb45
JH		 1125 goto failed;
1126 }
1127
5e5282bb 1128 if (!!cp->val == test_bit(HCI_PSCAN, &hdev->flags)) {
69ab39ea 1129 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
9fbcbb45
JH		 1130 goto failed;
1131 }
1132
2e58ef3e 1133 cmd = mgmt_pending_add(sk, MGMT_OP_SET_CONNECTABLE, hdev, data, len);
366a0336
JH		 1134 if (!cmd) {
1135 err = -ENOMEM;
9fbcbb45 1136 goto failed;
366a0336 1137 }
9fbcbb45 1138
6bf0e469 1139 if (cp->val) {
9fbcbb45 1140 scan = SCAN_PAGE;
6bf0e469 1141 } else {
9fbcbb45
JH		 1142 scan = 0;
1143
df2c6c5e 1144 if (test_bit(HCI_ISCAN, &hdev->flags) &&
8ce8e2b5 1145 hdev->discov_timeout > 0)
df2c6c5e
JH		 1146 cancel_delayed_work(&hdev->discov_off);
1147 }
1148
2b76f453
JH		 1149 hci_req_init(&req, hdev);
1150
1151 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1152
4c01f8b8
JH		 1153 /* If we're going from non-connectable to connectable or
1154 * vice-versa when fast connectable is enabled ensure that fast
1155 * connectable gets disabled. write_fast_connectable won't do
1156 * anything if the page scan parameters are already what they
1157 * should be.
1158 */
1159 if (cp->val || test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags))
e36a3769
JH		 1160 write_fast_connectable(&req, false);
1161
2b76f453 1162 err = hci_req_run(&req, set_connectable_complete);
9fbcbb45 1163 if (err < 0)
a664b5bc 1164 mgmt_pending_remove(cmd);
9fbcbb45
JH		 1165
1166failed:
09fd0de5 1167 hci_dev_unlock(hdev);
9fbcbb45
JH		 1168 return err;
1169}
1170
bdb6d971 1171static int set_pairable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1172 u16 len)
c542a06c 1173{
650f726d 1174 struct mgmt_mode *cp = data;
c542a06c
JH		 1175 int err;
1176
bdb6d971 1177 BT_DBG("request for %s", hdev->name);
c542a06c 1178
a7e80f25
JH		 1179 if (cp->val != 0x00 && cp->val != 0x01)
1180 return cmd_status(sk, hdev->id, MGMT_OP_SET_PAIRABLE,
1181 MGMT_STATUS_INVALID_PARAMS);
1182
09fd0de5 1183 hci_dev_lock(hdev);
c542a06c
JH		 1184
1185 if (cp->val)
a8b2d5c2 1186 set_bit(HCI_PAIRABLE, &hdev->dev_flags);
c542a06c 1187 else
a8b2d5c2 1188 clear_bit(HCI_PAIRABLE, &hdev->dev_flags);
c542a06c 1189
69ab39ea 1190 err = send_settings_rsp(sk, MGMT_OP_SET_PAIRABLE, hdev);
c542a06c
JH		 1191 if (err < 0)
1192 goto failed;
1193
beadb2bd 1194 err = new_settings(hdev, sk);
c542a06c
JH		 1195
1196failed:
09fd0de5 1197 hci_dev_unlock(hdev);
c542a06c
JH		 1198 return err;
1199}
1200
04124681
GP		 1201static int set_link_security(struct sock *sk, struct hci_dev *hdev, void *data,
1202 u16 len)
33ef95ed
JH		 1203{
1204 struct mgmt_mode *cp = data;
1205 struct pending_cmd *cmd;
816a11d5 1206 u8 val;
33ef95ed
JH		 1207 int err;
1208
bdb6d971 1209 BT_DBG("request for %s", hdev->name);
33ef95ed 1210
56f87901 1211 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
33c525c0
JH		 1212 return cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1213 MGMT_STATUS_NOT_SUPPORTED);
1214
a7e80f25
JH		 1215 if (cp->val != 0x00 && cp->val != 0x01)
1216 return cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1217 MGMT_STATUS_INVALID_PARAMS);
1218
33ef95ed
JH		 1219 hci_dev_lock(hdev);
1220
4b34ee78 1221 if (!hdev_is_powered(hdev)) {
47990ea0
JH		 1222 bool changed = false;
1223
1224 if (!!cp->val != test_bit(HCI_LINK_SECURITY,
8ce8e2b5 1225 &hdev->dev_flags)) {
47990ea0
JH		 1226 change_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
1227 changed = true;
1228 }
1229
1230 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1231 if (err < 0)
1232 goto failed;
1233
1234 if (changed)
1235 err = new_settings(hdev, sk);
1236
33ef95ed
JH		 1237 goto failed;
1238 }
1239
1240 if (mgmt_pending_find(MGMT_OP_SET_LINK_SECURITY, hdev)) {
bdb6d971 1241 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
04124681 1242 MGMT_STATUS_BUSY);
33ef95ed
JH		 1243 goto failed;
1244 }
1245
1246 val = !!cp->val;
1247
1248 if (test_bit(HCI_AUTH, &hdev->flags) == val) {
1249 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1250 goto failed;
1251 }
1252
1253 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LINK_SECURITY, hdev, data, len);
1254 if (!cmd) {
1255 err = -ENOMEM;
1256 goto failed;
1257 }
1258
1259 err = hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE, sizeof(val), &val);
1260 if (err < 0) {
1261 mgmt_pending_remove(cmd);
1262 goto failed;
1263 }
1264
1265failed:
1266 hci_dev_unlock(hdev);
33ef95ed
JH		 1267 return err;
1268}
1269
bdb6d971 1270static int set_ssp(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
ed2c4ee3
JH		 1271{
1272 struct mgmt_mode *cp = data;
1273 struct pending_cmd *cmd;
816a11d5 1274 u8 val;
ed2c4ee3
JH		 1275 int err;
1276
bdb6d971 1277 BT_DBG("request for %s", hdev->name);
ed2c4ee3 1278
13ecd8b6
JH		 1279 if (!lmp_ssp_capable(hdev))
1280 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1281 MGMT_STATUS_NOT_SUPPORTED);
ed2c4ee3 1282
a7e80f25
JH		 1283 if (cp->val != 0x00 && cp->val != 0x01)
1284 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1285 MGMT_STATUS_INVALID_PARAMS);
1286
13ecd8b6 1287 hci_dev_lock(hdev);
6c8f12c1 1288
c0ecddc2
JH		 1289 val = !!cp->val;
1290
4b34ee78 1291 if (!hdev_is_powered(hdev)) {
c0ecddc2
JH		 1292 bool changed = false;
1293
1294 if (val != test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) {
1295 change_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
1296 changed = true;
1297 }
1298
1299 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1300 if (err < 0)
1301 goto failed;
1302
1303 if (changed)
1304 err = new_settings(hdev, sk);
1305
ed2c4ee3
JH		 1306 goto failed;
1307 }
1308
1309 if (mgmt_pending_find(MGMT_OP_SET_SSP, hdev)) {
d97dcb66
SJ		 1310 err = cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1311 MGMT_STATUS_BUSY);
ed2c4ee3
JH		 1312 goto failed;
1313 }
1314
ed2c4ee3
JH		 1315 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags) == val) {
1316 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1317 goto failed;
1318 }
1319
1320 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SSP, hdev, data, len);
1321 if (!cmd) {
1322 err = -ENOMEM;
1323 goto failed;
1324 }
1325
1326 err = hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, sizeof(val), &val);
1327 if (err < 0) {
1328 mgmt_pending_remove(cmd);
1329 goto failed;
1330 }
1331
1332failed:
1333 hci_dev_unlock(hdev);
ed2c4ee3
JH		 1334 return err;
1335}
1336
bdb6d971 1337static int set_hs(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
6d80dfd0
JH		 1338{
1339 struct mgmt_mode *cp = data;
ee392693
MH		 1340 bool changed;
1341 int err;
6d80dfd0 1342
bdb6d971 1343 BT_DBG("request for %s", hdev->name);
6d80dfd0 1344
56f87901 1345 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
bdb6d971 1346 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
04124681 1347 MGMT_STATUS_NOT_SUPPORTED);
6d80dfd0 1348
a7e80f25
JH		 1349 if (cp->val != 0x00 && cp->val != 0x01)
1350 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1351 MGMT_STATUS_INVALID_PARAMS);
1352
ee392693
MH		 1353 hci_dev_lock(hdev);
1354
6d80dfd0 1355 if (cp->val)
ee392693 1356 changed = !test_and_set_bit(HCI_HS_ENABLED, &hdev->dev_flags);
6d80dfd0 1357 else
ee392693
MH		 1358 changed = test_and_clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
1359
1360 err = send_settings_rsp(sk, MGMT_OP_SET_HS, hdev);
1361 if (err < 0)
1362 goto unlock;
1363
1364 if (changed)
1365 err = new_settings(hdev, sk);
6d80dfd0 1366
ee392693
MH		 1367unlock:
1368 hci_dev_unlock(hdev);
1369 return err;
6d80dfd0
JH		 1370}
1371
416a4ae5
JH		 1372static void le_enable_complete(struct hci_dev *hdev, u8 status)
1373{
1374 struct cmd_lookup match = { NULL, hdev };
1375
1376 if (status) {
1377 u8 mgmt_err = mgmt_status(status);
1378
1379 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, cmd_status_rsp,
1380 &mgmt_err);
1381 return;
1382 }
1383
1384 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, settings_rsp, &match);
1385
1386 new_settings(hdev, match.sk);
1387
1388 if (match.sk)
1389 sock_put(match.sk);
1390}
1391
bdb6d971 1392static int set_le(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
06199cf8
JH		 1393{
1394 struct mgmt_mode *cp = data;
1395 struct hci_cp_write_le_host_supported hci_cp;
1396 struct pending_cmd *cmd;
416a4ae5 1397 struct hci_request req;
06199cf8 1398 int err;
0b60eba1 1399 u8 val, enabled;
06199cf8 1400
bdb6d971 1401 BT_DBG("request for %s", hdev->name);
06199cf8 1402
13ecd8b6
JH		 1403 if (!lmp_le_capable(hdev))
1404 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1405 MGMT_STATUS_NOT_SUPPORTED);
1de028ce 1406
a7e80f25
JH		 1407 if (cp->val != 0x00 && cp->val != 0x01)
1408 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1409 MGMT_STATUS_INVALID_PARAMS);
1410
c73eee91 1411 /* LE-only devices do not allow toggling LE on/off */
56f87901 1412 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
c73eee91
JH		 1413 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1414 MGMT_STATUS_REJECTED);
1415
13ecd8b6 1416 hci_dev_lock(hdev);
06199cf8
JH		 1417
1418 val = !!cp->val;
ffa88e02 1419 enabled = lmp_host_le_capable(hdev);
06199cf8 1420
0b60eba1 1421 if (!hdev_is_powered(hdev) || val == enabled) {
06199cf8
JH		 1422 bool changed = false;
1423
1424 if (val != test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
1425 change_bit(HCI_LE_ENABLED, &hdev->dev_flags);
1426 changed = true;
1427 }
1428
eeca6f89
JH		 1429 if (!val && test_bit(HCI_LE_PERIPHERAL, &hdev->dev_flags)) {
1430 clear_bit(HCI_LE_PERIPHERAL, &hdev->dev_flags);
1431 changed = true;
1432 }
1433
06199cf8
JH		 1434 err = send_settings_rsp(sk, MGMT_OP_SET_LE, hdev);
1435 if (err < 0)
1de028ce 1436 goto unlock;
06199cf8
JH		 1437
1438 if (changed)
1439 err = new_settings(hdev, sk);
1440
1de028ce 1441 goto unlock;
06199cf8
JH		 1442 }
1443
4375f103
JH		 1444 if (mgmt_pending_find(MGMT_OP_SET_LE, hdev) ||
1445 mgmt_pending_find(MGMT_OP_SET_ADVERTISING, hdev)) {
bdb6d971 1446 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
04124681 1447 MGMT_STATUS_BUSY);
1de028ce 1448 goto unlock;
06199cf8
JH		 1449 }
1450
1451 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LE, hdev, data, len);
1452 if (!cmd) {
1453 err = -ENOMEM;
1de028ce 1454 goto unlock;
06199cf8
JH		 1455 }
1456
1457 memset(&hci_cp, 0, sizeof(hci_cp));
1458
1459 if (val) {
1460 hci_cp.le = val;
ffa88e02 1461 hci_cp.simul = lmp_le_br_capable(hdev);
06199cf8
JH		 1462 }
1463
416a4ae5
JH		 1464 hci_req_init(&req, hdev);
1465
eeca6f89
JH		 1466 if (test_bit(HCI_LE_PERIPHERAL, &hdev->dev_flags) && !val)
1467 hci_req_add(&req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(val), &val);
1468
416a4ae5
JH		 1469 hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(hci_cp),
1470 &hci_cp);
1471
1472 err = hci_req_run(&req, le_enable_complete);
0c01bc48 1473 if (err < 0)
06199cf8 1474 mgmt_pending_remove(cmd);
06199cf8 1475
1de028ce
JH		 1476unlock:
1477 hci_dev_unlock(hdev);
06199cf8
JH		 1478 return err;
1479}
1480
0cab9c80
JH		 1481/* This is a helper function to test for pending mgmt commands that can
1482 * cause CoD or EIR HCI commands. We can only allow one such pending
1483 * mgmt command at a time since otherwise we cannot easily track what
1484 * the current values are, will be, and based on that calculate if a new
1485 * HCI command needs to be sent and if yes with what value.
1486 */
1487static bool pending_eir_or_class(struct hci_dev *hdev)
1488{
1489 struct pending_cmd *cmd;
1490
1491 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
1492 switch (cmd->opcode) {
1493 case MGMT_OP_ADD_UUID:
1494 case MGMT_OP_REMOVE_UUID:
1495 case MGMT_OP_SET_DEV_CLASS:
1496 case MGMT_OP_SET_POWERED:
1497 return true;
1498 }
1499 }
1500
1501 return false;
1502}
1503
83be8eca
JH		 1504static const u8 bluetooth_base_uuid[] = {
1505 0xfb, 0x34, 0x9b, 0x5f, 0x80, 0x00, 0x00, 0x80,
1506 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1507};
1508
1509static u8 get_uuid_size(const u8 *uuid)
1510{
1511 u32 val;
1512
1513 if (memcmp(uuid, bluetooth_base_uuid, 12))
1514 return 128;
1515
1516 val = get_unaligned_le32(&uuid[12]);
1517 if (val > 0xffff)
1518 return 32;
1519
1520 return 16;
1521}
1522
92da6097
JH		 1523static void mgmt_class_complete(struct hci_dev *hdev, u16 mgmt_op, u8 status)
1524{
1525 struct pending_cmd *cmd;
1526
1527 hci_dev_lock(hdev);
1528
1529 cmd = mgmt_pending_find(mgmt_op, hdev);
1530 if (!cmd)
1531 goto unlock;
1532
1533 cmd_complete(cmd->sk, cmd->index, cmd->opcode, mgmt_status(status),
1534 hdev->dev_class, 3);
1535
1536 mgmt_pending_remove(cmd);
1537
1538unlock:
1539 hci_dev_unlock(hdev);
1540}
1541
1542static void add_uuid_complete(struct hci_dev *hdev, u8 status)
1543{
1544 BT_DBG("status 0x%02x", status);
1545
1546 mgmt_class_complete(hdev, MGMT_OP_ADD_UUID, status);
1547}
1548
bdb6d971 1549static int add_uuid(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
2aeb9a1a 1550{
650f726d 1551 struct mgmt_cp_add_uuid *cp = data;
90e70454 1552 struct pending_cmd *cmd;
890ea898 1553 struct hci_request req;
2aeb9a1a 1554 struct bt_uuid *uuid;
2aeb9a1a
JH		 1555 int err;
1556
bdb6d971 1557 BT_DBG("request for %s", hdev->name);
2aeb9a1a 1558
09fd0de5 1559 hci_dev_lock(hdev);
2aeb9a1a 1560
0cab9c80 1561 if (pending_eir_or_class(hdev)) {
bdb6d971 1562 err = cmd_status(sk, hdev->id, MGMT_OP_ADD_UUID,
04124681 1563 MGMT_STATUS_BUSY);
c95f0ba7
JH		 1564 goto failed;
1565 }
1566
92c4c204 1567 uuid = kmalloc(sizeof(*uuid), GFP_KERNEL);
2aeb9a1a
JH		 1568 if (!uuid) {
1569 err = -ENOMEM;
1570 goto failed;
1571 }
1572
1573 memcpy(uuid->uuid, cp->uuid, 16);
1aff6f09 1574 uuid->svc_hint = cp->svc_hint;
83be8eca 1575 uuid->size = get_uuid_size(cp->uuid);
2aeb9a1a 1576
de66aa63 1577 list_add_tail(&uuid->list, &hdev->uuids);
2aeb9a1a 1578
890ea898 1579 hci_req_init(&req, hdev);
1aff6f09 1580
890ea898
JH		 1581 update_class(&req);
1582 update_eir(&req);
1583
92da6097
JH		 1584 err = hci_req_run(&req, add_uuid_complete);
1585 if (err < 0) {
1586 if (err != -ENODATA)
1587 goto failed;
80a1e1db 1588
bdb6d971 1589 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_UUID, 0,
04124681 1590 hdev->dev_class, 3);
90e70454
JH		 1591 goto failed;
1592 }
1593
1594 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_UUID, hdev, data, len);
890ea898 1595 if (!cmd) {
90e70454 1596 err = -ENOMEM;
890ea898
JH		 1597 goto failed;
1598 }
1599
1600 err = 0;
2aeb9a1a
JH		 1601
1602failed:
09fd0de5 1603 hci_dev_unlock(hdev);
2aeb9a1a
JH		 1604 return err;
1605}
1606
24b78d0f
JH		 1607static bool enable_service_cache(struct hci_dev *hdev)
1608{
1609 if (!hdev_is_powered(hdev))
1610 return false;
1611
1612 if (!test_and_set_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
46818ed5
JH		 1613 queue_delayed_work(hdev->workqueue, &hdev->service_cache,
1614 CACHE_TIMEOUT);
24b78d0f
JH		 1615 return true;
1616 }
1617
1618 return false;
1619}
1620
92da6097
JH		 1621static void remove_uuid_complete(struct hci_dev *hdev, u8 status)
1622{
1623 BT_DBG("status 0x%02x", status);
1624
1625 mgmt_class_complete(hdev, MGMT_OP_REMOVE_UUID, status);
1626}
1627
bdb6d971 1628static int remove_uuid(struct sock *sk, struct hci_dev *hdev, void *data,
8ce8e2b5 1629 u16 len)
2aeb9a1a 1630{
650f726d 1631 struct mgmt_cp_remove_uuid *cp = data;
90e70454 1632 struct pending_cmd *cmd;
056341c8 1633 struct bt_uuid *match, *tmp;
2aeb9a1a 1634 u8 bt_uuid_any[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
890ea898 1635 struct hci_request req;
2aeb9a1a
JH		 1636 int err, found;
1637
bdb6d971 1638 BT_DBG("request for %s", hdev->name);
2aeb9a1a 1639
09fd0de5 1640 hci_dev_lock(hdev);
2aeb9a1a 1641
0cab9c80 1642 if (pending_eir_or_class(hdev)) {
bdb6d971 1643 err = cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
04124681 1644 MGMT_STATUS_BUSY);
c95f0ba7
JH		 1645 goto unlock;
1646 }
1647
2aeb9a1a
JH		 1648 if (memcmp(cp->uuid, bt_uuid_any, 16) == 0) {
1649 err = hci_uuids_clear(hdev);
4004b6d9 1650
24b78d0f 1651 if (enable_service_cache(hdev)) {
bdb6d971 1652 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID,
04124681 1653 0, hdev->dev_class, 3);
24b78d0f
JH		 1654 goto unlock;
1655 }
4004b6d9 1656
9246a869 1657 goto update_class;
2aeb9a1a
JH		 1658 }
1659
1660 found = 0;
1661
056341c8 1662 list_for_each_entry_safe(match, tmp, &hdev->uuids, list) {
2aeb9a1a
JH		 1663 if (memcmp(match->uuid, cp->uuid, 16) != 0)
1664 continue;
1665
1666 list_del(&match->list);
482049f7 1667 kfree(match);
2aeb9a1a
JH		 1668 found++;
1669 }
1670
1671 if (found == 0) {
bdb6d971 1672 err = cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
04124681 1673 MGMT_STATUS_INVALID_PARAMS);
2aeb9a1a
JH		 1674 goto unlock;
1675 }
1676
9246a869 1677update_class:
890ea898 1678 hci_req_init(&req, hdev);
1aff6f09 1679
890ea898
JH		 1680 update_class(&req);
1681 update_eir(&req);
1682
92da6097
JH		 1683 err = hci_req_run(&req, remove_uuid_complete);
1684 if (err < 0) {
1685 if (err != -ENODATA)
1686 goto unlock;
80a1e1db 1687
bdb6d971 1688 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID, 0,
04124681 1689 hdev->dev_class, 3);
90e70454
JH		 1690 goto unlock;
1691 }
1692
1693 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_UUID, hdev, data, len);
890ea898 1694 if (!cmd) {
90e70454 1695 err = -ENOMEM;
890ea898
JH		 1696 goto unlock;
1697 }
1698
1699 err = 0;
2aeb9a1a
JH		 1700
1701unlock:
09fd0de5 1702 hci_dev_unlock(hdev);
2aeb9a1a
JH		 1703 return err;
1704}
1705
92da6097
JH		 1706static void set_class_complete(struct hci_dev *hdev, u8 status)
1707{
1708 BT_DBG("status 0x%02x", status);
1709
1710 mgmt_class_complete(hdev, MGMT_OP_SET_DEV_CLASS, status);
1711}
1712
bdb6d971 1713static int set_dev_class(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1714 u16 len)
1aff6f09 1715{
650f726d 1716 struct mgmt_cp_set_dev_class *cp = data;
90e70454 1717 struct pending_cmd *cmd;
890ea898 1718 struct hci_request req;
1aff6f09
JH		 1719 int err;
1720
bdb6d971 1721 BT_DBG("request for %s", hdev->name);
1aff6f09 1722
56f87901 1723 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
13ecd8b6
JH		 1724 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
1725 MGMT_STATUS_NOT_SUPPORTED);
1aff6f09 1726
0cab9c80 1727 hci_dev_lock(hdev);
ee98f473 1728
0cab9c80
JH		 1729 if (pending_eir_or_class(hdev)) {
1730 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
1731 MGMT_STATUS_BUSY);
1732 goto unlock;
1733 }
c95f0ba7 1734
0cab9c80
JH		 1735 if ((cp->minor & 0x03) != 0 || (cp->major & 0xe0) != 0) {
1736 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
1737 MGMT_STATUS_INVALID_PARAMS);
1738 goto unlock;
1739 }
575b3a02 1740
932f5ff5
JH		 1741 hdev->major_class = cp->major;
1742 hdev->minor_class = cp->minor;
1743
b5235a65 1744 if (!hdev_is_powered(hdev)) {
bdb6d971 1745 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
04124681 1746 hdev->dev_class, 3);
b5235a65
JH		 1747 goto unlock;
1748 }
1749
890ea898
JH		 1750 hci_req_init(&req, hdev);
1751
a8b2d5c2 1752 if (test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
7d78525d
JH		 1753 hci_dev_unlock(hdev);
1754 cancel_delayed_work_sync(&hdev->service_cache);
1755 hci_dev_lock(hdev);
890ea898 1756 update_eir(&req);
7d78525d 1757 }
14c0b608 1758
890ea898
JH		 1759 update_class(&req);
1760
92da6097
JH		 1761 err = hci_req_run(&req, set_class_complete);
1762 if (err < 0) {
1763 if (err != -ENODATA)
1764 goto unlock;
1aff6f09 1765
bdb6d971 1766 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
04124681 1767 hdev->dev_class, 3);
90e70454
JH		 1768 goto unlock;
1769 }
1770
1771 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DEV_CLASS, hdev, data, len);
890ea898 1772 if (!cmd) {
90e70454 1773 err = -ENOMEM;
890ea898
JH		 1774 goto unlock;
1775 }
1776
1777 err = 0;
1aff6f09 1778
b5235a65 1779unlock:
09fd0de5 1780 hci_dev_unlock(hdev);
1aff6f09
JH		 1781 return err;
1782}
1783
bdb6d971 1784static int load_link_keys(struct sock *sk, struct hci_dev *hdev, void *data,
8ce8e2b5 1785 u16 len)
55ed8ca1 1786{
650f726d 1787 struct mgmt_cp_load_link_keys *cp = data;
4e51eae9 1788 u16 key_count, expected_len;
a492cd52 1789 int i;
55ed8ca1 1790
1f350c87 1791 key_count = __le16_to_cpu(cp->key_count);
55ed8ca1 1792
86742e1e
JH		 1793 expected_len = sizeof(*cp) + key_count *
1794 sizeof(struct mgmt_link_key_info);
a492cd52 1795 if (expected_len != len) {
86742e1e 1796 BT_ERR("load_link_keys: expected %u bytes, got %u bytes",
8ce8e2b5 1797 len, expected_len);
bdb6d971 1798 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
04124681 1799 MGMT_STATUS_INVALID_PARAMS);
55ed8ca1
JH		 1800 }
1801
4ae14301
JH		 1802 if (cp->debug_keys != 0x00 && cp->debug_keys != 0x01)
1803 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
1804 MGMT_STATUS_INVALID_PARAMS);
1805
bdb6d971 1806 BT_DBG("%s debug_keys %u key_count %u", hdev->name, cp->debug_keys,
8ce8e2b5 1807 key_count);
55ed8ca1 1808
4ee71b20
JH		 1809 for (i = 0; i < key_count; i++) {
1810 struct mgmt_link_key_info *key = &cp->keys[i];
1811
1812 if (key->addr.type != BDADDR_BREDR)
1813 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
1814 MGMT_STATUS_INVALID_PARAMS);
1815 }
1816
09fd0de5 1817 hci_dev_lock(hdev);
55ed8ca1
JH		 1818
1819 hci_link_keys_clear(hdev);
1820
55ed8ca1 1821 if (cp->debug_keys)
a8b2d5c2 1822 set_bit(HCI_DEBUG_KEYS, &hdev->dev_flags);
55ed8ca1 1823 else
a8b2d5c2 1824 clear_bit(HCI_DEBUG_KEYS, &hdev->dev_flags);
55ed8ca1 1825
a492cd52 1826 for (i = 0; i < key_count; i++) {
86742e1e 1827 struct mgmt_link_key_info *key = &cp->keys[i];
55ed8ca1 1828
d753fdc4 1829 hci_add_link_key(hdev, NULL, 0, &key->addr.bdaddr, key->val,
04124681 1830 key->type, key->pin_len);
55ed8ca1
JH		 1831 }
1832
bdb6d971 1833 cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS, 0, NULL, 0);
0e5f875a 1834
09fd0de5 1835 hci_dev_unlock(hdev);
55ed8ca1 1836
a492cd52 1837 return 0;
55ed8ca1
JH		 1838}
1839
b1078ad0 1840static int device_unpaired(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 1841 u8 addr_type, struct sock *skip_sk)
b1078ad0
JH		 1842{
1843 struct mgmt_ev_device_unpaired ev;
1844
1845 bacpy(&ev.addr.bdaddr, bdaddr);
1846 ev.addr.type = addr_type;
1847
1848 return mgmt_event(MGMT_EV_DEVICE_UNPAIRED, hdev, &ev, sizeof(ev),
04124681 1849 skip_sk);
b1078ad0
JH		 1850}
1851
bdb6d971 1852static int unpair_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1853 u16 len)
55ed8ca1 1854{
124f6e35
JH		 1855 struct mgmt_cp_unpair_device *cp = data;
1856 struct mgmt_rp_unpair_device rp;
a8a1d19e
JH		 1857 struct hci_cp_disconnect dc;
1858 struct pending_cmd *cmd;
55ed8ca1 1859 struct hci_conn *conn;
55ed8ca1
JH		 1860 int err;
1861
a8a1d19e 1862 memset(&rp, 0, sizeof(rp));
124f6e35
JH		 1863 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
1864 rp.addr.type = cp->addr.type;
a8a1d19e 1865
4ee71b20
JH		 1866 if (!bdaddr_type_is_valid(cp->addr.type))
1867 return cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
1868 MGMT_STATUS_INVALID_PARAMS,
1869 &rp, sizeof(rp));
1870
118da70b
JH		 1871 if (cp->disconnect != 0x00 && cp->disconnect != 0x01)
1872 return cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
1873 MGMT_STATUS_INVALID_PARAMS,
1874 &rp, sizeof(rp));
1875
4ee71b20
JH		 1876 hci_dev_lock(hdev);
1877
86a8cfc6 1878 if (!hdev_is_powered(hdev)) {
bdb6d971 1879 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
04124681 1880 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
86a8cfc6
JH		 1881 goto unlock;
1882 }
1883
591f47f3 1884 if (cp->addr.type == BDADDR_BREDR)
124f6e35
JH		 1885 err = hci_remove_link_key(hdev, &cp->addr.bdaddr);
1886 else
1887 err = hci_remove_ltk(hdev, &cp->addr.bdaddr);
b0dbfb46 1888
55ed8ca1 1889 if (err < 0) {
bdb6d971 1890 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
04124681 1891 MGMT_STATUS_NOT_PAIRED, &rp, sizeof(rp));
55ed8ca1
JH		 1892 goto unlock;
1893 }
1894
86a8cfc6 1895 if (cp->disconnect) {
591f47f3 1896 if (cp->addr.type == BDADDR_BREDR)
86a8cfc6 1897 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
8ce8e2b5 1898 &cp->addr.bdaddr);
86a8cfc6
JH		 1899 else
1900 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK,
8ce8e2b5 1901 &cp->addr.bdaddr);
86a8cfc6
JH		 1902 } else {
1903 conn = NULL;
1904 }
124f6e35 1905
a8a1d19e 1906 if (!conn) {
bdb6d971 1907 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE, 0,
04124681 1908 &rp, sizeof(rp));
b1078ad0 1909 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, sk);
a8a1d19e
JH		 1910 goto unlock;
1911 }
55ed8ca1 1912
124f6e35 1913 cmd = mgmt_pending_add(sk, MGMT_OP_UNPAIR_DEVICE, hdev, cp,
04124681 1914 sizeof(*cp));
a8a1d19e
JH		 1915 if (!cmd) {
1916 err = -ENOMEM;
1917 goto unlock;
55ed8ca1
JH		 1918 }
1919
eb55ef07 1920 dc.handle = cpu_to_le16(conn->handle);
a8a1d19e
JH		 1921 dc.reason = 0x13; /* Remote User Terminated Connection */
1922 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
1923 if (err < 0)
1924 mgmt_pending_remove(cmd);
1925
55ed8ca1 1926unlock:
09fd0de5 1927 hci_dev_unlock(hdev);
55ed8ca1
JH		 1928 return err;
1929}
1930
bdb6d971 1931static int disconnect(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1932 u16 len)
8962ee74 1933{
650f726d 1934 struct mgmt_cp_disconnect *cp = data;
06a63b19 1935 struct mgmt_rp_disconnect rp;
8962ee74 1936 struct hci_cp_disconnect dc;
366a0336 1937 struct pending_cmd *cmd;
8962ee74 1938 struct hci_conn *conn;
8962ee74
JH		 1939 int err;
1940
1941 BT_DBG("");
1942
06a63b19
JH		 1943 memset(&rp, 0, sizeof(rp));
1944 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
1945 rp.addr.type = cp->addr.type;
1946
4ee71b20 1947 if (!bdaddr_type_is_valid(cp->addr.type))
06a63b19
JH		 1948 return cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
1949 MGMT_STATUS_INVALID_PARAMS,
1950 &rp, sizeof(rp));
4ee71b20 1951
09fd0de5 1952 hci_dev_lock(hdev);
8962ee74
JH		 1953
1954 if (!test_bit(HCI_UP, &hdev->flags)) {
06a63b19
JH		 1955 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
1956 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
8962ee74
JH		 1957 goto failed;
1958 }
1959
2e58ef3e 1960 if (mgmt_pending_find(MGMT_OP_DISCONNECT, hdev)) {
06a63b19
JH		 1961 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
1962 MGMT_STATUS_BUSY, &rp, sizeof(rp));
8962ee74
JH		 1963 goto failed;
1964 }
1965
591f47f3 1966 if (cp->addr.type == BDADDR_BREDR)
8fc9ced3
GP		 1967 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
1968 &cp->addr.bdaddr);
88c3df13
JH		 1969 else
1970 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
365227e5 1971
f960727e 1972 if (!conn || conn->state == BT_OPEN || conn->state == BT_CLOSED) {
06a63b19
JH		 1973 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
1974 MGMT_STATUS_NOT_CONNECTED, &rp, sizeof(rp));
8962ee74
JH		 1975 goto failed;
1976 }
1977
2e58ef3e 1978 cmd = mgmt_pending_add(sk, MGMT_OP_DISCONNECT, hdev, data, len);
366a0336
JH		 1979 if (!cmd) {
1980 err = -ENOMEM;
8962ee74 1981 goto failed;
366a0336 1982 }
8962ee74 1983
eb55ef07 1984 dc.handle = cpu_to_le16(conn->handle);
3701f944 1985 dc.reason = HCI_ERROR_REMOTE_USER_TERM;
8962ee74
JH		 1986
1987 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
1988 if (err < 0)
a664b5bc 1989 mgmt_pending_remove(cmd);
8962ee74
JH		 1990
1991failed:
09fd0de5 1992 hci_dev_unlock(hdev);
8962ee74
JH		 1993 return err;
1994}
1995
57c1477c 1996static u8 link_to_bdaddr(u8 link_type, u8 addr_type)
4c659c39
JH		 1997{
1998 switch (link_type) {
1999 case LE_LINK:
48264f06
JH		 2000 switch (addr_type) {
2001 case ADDR_LE_DEV_PUBLIC:
591f47f3 2002 return BDADDR_LE_PUBLIC;
0ed09148 2003
48264f06 2004 default:
0ed09148 2005 /* Fallback to LE Random address type */
591f47f3 2006 return BDADDR_LE_RANDOM;
48264f06 2007 }
0ed09148 2008
4c659c39 2009 default:
0ed09148 2010 /* Fallback to BR/EDR type */
591f47f3 2011 return BDADDR_BREDR;
4c659c39
JH		 2012 }
2013}
2014
04124681
GP		 2015static int get_connections(struct sock *sk, struct hci_dev *hdev, void *data,
2016 u16 data_len)
2784eb41 2017{
2784eb41 2018 struct mgmt_rp_get_connections *rp;
8035ded4 2019 struct hci_conn *c;
a38528f1 2020 size_t rp_len;
60fc5fb6
JH		 2021 int err;
2022 u16 i;
2784eb41
JH		 2023
2024 BT_DBG("");
2025
09fd0de5 2026 hci_dev_lock(hdev);
2784eb41 2027
5f97c1df 2028 if (!hdev_is_powered(hdev)) {
bdb6d971 2029 err = cmd_status(sk, hdev->id, MGMT_OP_GET_CONNECTIONS,
04124681 2030 MGMT_STATUS_NOT_POWERED);
5f97c1df
JH		 2031 goto unlock;
2032 }
2033
60fc5fb6 2034 i = 0;
b644ba33
JH		 2035 list_for_each_entry(c, &hdev->conn_hash.list, list) {
2036 if (test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
60fc5fb6 2037 i++;
2784eb41
JH		 2038 }
2039
60fc5fb6 2040 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
92c4c204 2041 rp = kmalloc(rp_len, GFP_KERNEL);
a38528f1 2042 if (!rp) {
2784eb41
JH		 2043 err = -ENOMEM;
2044 goto unlock;
2045 }
2046
2784eb41 2047 i = 0;
4c659c39 2048 list_for_each_entry(c, &hdev->conn_hash.list, list) {
b644ba33
JH		 2049 if (!test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
2050 continue;
4c659c39 2051 bacpy(&rp->addr[i].bdaddr, &c->dst);
57c1477c 2052 rp->addr[i].type = link_to_bdaddr(c->type, c->dst_type);
0ed09148 2053 if (c->type == SCO_LINK || c->type == ESCO_LINK)
4c659c39
JH		 2054 continue;
2055 i++;
2056 }
2057
eb55ef07 2058 rp->conn_count = cpu_to_le16(i);
60fc5fb6 2059
4c659c39
JH		 2060 /* Recalculate length in case of filtered SCO connections, etc */
2061 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
2784eb41 2062
bdb6d971 2063 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CONNECTIONS, 0, rp,
04124681 2064 rp_len);
2784eb41 2065
a38528f1 2066 kfree(rp);
5f97c1df
JH		 2067
2068unlock:
09fd0de5 2069 hci_dev_unlock(hdev);
2784eb41
JH		 2070 return err;
2071}
2072
bdb6d971 2073static int send_pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 2074 struct mgmt_cp_pin_code_neg_reply *cp)
96d97a67
WR		 2075{
2076 struct pending_cmd *cmd;
2077 int err;
2078
2e58ef3e 2079 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_NEG_REPLY, hdev, cp,
04124681 2080 sizeof(*cp));
96d97a67
WR		 2081 if (!cmd)
2082 return -ENOMEM;
2083
d8457698 2084 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
04124681 2085 sizeof(cp->addr.bdaddr), &cp->addr.bdaddr);
96d97a67
WR		 2086 if (err < 0)
2087 mgmt_pending_remove(cmd);
2088
2089 return err;
2090}
2091
bdb6d971 2092static int pin_code_reply(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2093 u16 len)
980e1a53 2094{
96d97a67 2095 struct hci_conn *conn;
650f726d 2096 struct mgmt_cp_pin_code_reply *cp = data;
980e1a53 2097 struct hci_cp_pin_code_reply reply;
366a0336 2098 struct pending_cmd *cmd;
980e1a53
JH		 2099 int err;
2100
2101 BT_DBG("");
2102
09fd0de5 2103 hci_dev_lock(hdev);
980e1a53 2104
4b34ee78 2105 if (!hdev_is_powered(hdev)) {
bdb6d971 2106 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
04124681 2107 MGMT_STATUS_NOT_POWERED);
980e1a53
JH		 2108 goto failed;
2109 }
2110
d8457698 2111 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->addr.bdaddr);
96d97a67 2112 if (!conn) {
bdb6d971 2113 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
04124681 2114 MGMT_STATUS_NOT_CONNECTED);
96d97a67
WR		 2115 goto failed;
2116 }
2117
2118 if (conn->pending_sec_level == BT_SECURITY_HIGH && cp->pin_len != 16) {
d8457698
JH		 2119 struct mgmt_cp_pin_code_neg_reply ncp;
2120
2121 memcpy(&ncp.addr, &cp->addr, sizeof(ncp.addr));
96d97a67
WR		 2122
2123 BT_ERR("PIN code is not 16 bytes long");
2124
bdb6d971 2125 err = send_pin_code_neg_reply(sk, hdev, &ncp);
96d97a67 2126 if (err >= 0)
bdb6d971 2127 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
04124681 2128 MGMT_STATUS_INVALID_PARAMS);
96d97a67
WR		 2129
2130 goto failed;
2131 }
2132
00abfe44 2133 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_REPLY, hdev, data, len);
366a0336
JH		 2134 if (!cmd) {
2135 err = -ENOMEM;
980e1a53 2136 goto failed;
366a0336 2137 }
980e1a53 2138
d8457698 2139 bacpy(&reply.bdaddr, &cp->addr.bdaddr);
980e1a53 2140 reply.pin_len = cp->pin_len;
24718ca5 2141 memcpy(reply.pin_code, cp->pin_code, sizeof(reply.pin_code));
980e1a53
JH		 2142
2143 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_REPLY, sizeof(reply), &reply);
2144 if (err < 0)
a664b5bc 2145 mgmt_pending_remove(cmd);
980e1a53
JH		 2146
2147failed:
09fd0de5 2148 hci_dev_unlock(hdev);
980e1a53
JH		 2149 return err;
2150}
2151
04124681
GP		 2152static int set_io_capability(struct sock *sk, struct hci_dev *hdev, void *data,
2153 u16 len)
17fa4b9d 2154{
650f726d 2155 struct mgmt_cp_set_io_capability *cp = data;
17fa4b9d
JH		 2156
2157 BT_DBG("");
2158
09fd0de5 2159 hci_dev_lock(hdev);
17fa4b9d
JH		 2160
2161 hdev->io_capability = cp->io_capability;
2162
2163 BT_DBG("%s IO capability set to 0x%02x", hdev->name,
8ce8e2b5 2164 hdev->io_capability);
17fa4b9d 2165
09fd0de5 2166 hci_dev_unlock(hdev);
17fa4b9d 2167
04124681
GP		 2168 return cmd_complete(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY, 0, NULL,
2169 0);
17fa4b9d
JH		 2170}
2171
6039aa73 2172static struct pending_cmd *find_pairing(struct hci_conn *conn)
e9a416b5
JH		 2173{
2174 struct hci_dev *hdev = conn->hdev;
8035ded4 2175 struct pending_cmd *cmd;
e9a416b5 2176
2e58ef3e 2177 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
e9a416b5
JH		 2178 if (cmd->opcode != MGMT_OP_PAIR_DEVICE)
2179 continue;
2180
e9a416b5
JH		 2181 if (cmd->user_data != conn)
2182 continue;
2183
2184 return cmd;
2185 }
2186
2187 return NULL;
2188}
2189
2190static void pairing_complete(struct pending_cmd *cmd, u8 status)
2191{
2192 struct mgmt_rp_pair_device rp;
2193 struct hci_conn *conn = cmd->user_data;
2194
ba4e564f 2195 bacpy(&rp.addr.bdaddr, &conn->dst);
57c1477c 2196 rp.addr.type = link_to_bdaddr(conn->type, conn->dst_type);
e9a416b5 2197
aee9b218 2198 cmd_complete(cmd->sk, cmd->index, MGMT_OP_PAIR_DEVICE, status,
04124681 2199 &rp, sizeof(rp));
e9a416b5
JH		 2200
2201 /* So we don't get further callbacks for this connection */
2202 conn->connect_cfm_cb = NULL;
2203 conn->security_cfm_cb = NULL;
2204 conn->disconn_cfm_cb = NULL;
2205
76a68ba0 2206 hci_conn_drop(conn);
e9a416b5 2207
a664b5bc 2208 mgmt_pending_remove(cmd);
e9a416b5
JH		 2209}
2210
2211static void pairing_complete_cb(struct hci_conn *conn, u8 status)
2212{
2213 struct pending_cmd *cmd;
2214
2215 BT_DBG("status %u", status);
2216
2217 cmd = find_pairing(conn);
56e5cb86 2218 if (!cmd)
e9a416b5 2219 BT_DBG("Unable to find a pending command");
56e5cb86 2220 else
e211326c 2221 pairing_complete(cmd, mgmt_status(status));
e9a416b5
JH		 2222}
2223
4c47d739
VA		 2224static void le_connect_complete_cb(struct hci_conn *conn, u8 status)
2225{
2226 struct pending_cmd *cmd;
2227
2228 BT_DBG("status %u", status);
2229
2230 if (!status)
2231 return;
2232
2233 cmd = find_pairing(conn);
2234 if (!cmd)
2235 BT_DBG("Unable to find a pending command");
2236 else
2237 pairing_complete(cmd, mgmt_status(status));
2238}
2239
bdb6d971 2240static int pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2241 u16 len)
e9a416b5 2242{
650f726d 2243 struct mgmt_cp_pair_device *cp = data;
1425acb7 2244 struct mgmt_rp_pair_device rp;
e9a416b5
JH		 2245 struct pending_cmd *cmd;
2246 u8 sec_level, auth_type;
2247 struct hci_conn *conn;
e9a416b5
JH		 2248 int err;
2249
2250 BT_DBG("");
2251
f950a30e
SJ		 2252 memset(&rp, 0, sizeof(rp));
2253 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2254 rp.addr.type = cp->addr.type;
2255
4ee71b20
JH		 2256 if (!bdaddr_type_is_valid(cp->addr.type))
2257 return cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2258 MGMT_STATUS_INVALID_PARAMS,
2259 &rp, sizeof(rp));
2260
09fd0de5 2261 hci_dev_lock(hdev);
e9a416b5 2262
5f97c1df 2263 if (!hdev_is_powered(hdev)) {
f950a30e
SJ		 2264 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2265 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
5f97c1df
JH		 2266 goto unlock;
2267 }
2268
c908df36
VCG		 2269 sec_level = BT_SECURITY_MEDIUM;
2270 if (cp->io_cap == 0x03)
e9a416b5 2271 auth_type = HCI_AT_DEDICATED_BONDING;
c908df36 2272 else
e9a416b5 2273 auth_type = HCI_AT_DEDICATED_BONDING_MITM;
e9a416b5 2274
591f47f3 2275 if (cp->addr.type == BDADDR_BREDR)
b12f62cf
AG		 2276 conn = hci_connect(hdev, ACL_LINK, &cp->addr.bdaddr,
2277 cp->addr.type, sec_level, auth_type);
7a512d01 2278 else
b12f62cf
AG		 2279 conn = hci_connect(hdev, LE_LINK, &cp->addr.bdaddr,
2280 cp->addr.type, sec_level, auth_type);
7a512d01 2281
30e76272 2282 if (IS_ERR(conn)) {
489dc48e
AK		 2283 int status;
2284
2285 if (PTR_ERR(conn) == -EBUSY)
2286 status = MGMT_STATUS_BUSY;
2287 else
2288 status = MGMT_STATUS_CONNECT_FAILED;
2289
bdb6d971 2290 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
489dc48e 2291 status, &rp,
04124681 2292 sizeof(rp));
e9a416b5
JH		 2293 goto unlock;
2294 }
2295
2296 if (conn->connect_cfm_cb) {
76a68ba0 2297 hci_conn_drop(conn);
bdb6d971 2298 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
04124681 2299 MGMT_STATUS_BUSY, &rp, sizeof(rp));
e9a416b5
JH		 2300 goto unlock;
2301 }
2302
2e58ef3e 2303 cmd = mgmt_pending_add(sk, MGMT_OP_PAIR_DEVICE, hdev, data, len);
e9a416b5
JH		 2304 if (!cmd) {
2305 err = -ENOMEM;
76a68ba0 2306 hci_conn_drop(conn);
e9a416b5
JH		 2307 goto unlock;
2308 }
2309
7a512d01 2310 /* For LE, just connecting isn't a proof that the pairing finished */
591f47f3 2311 if (cp->addr.type == BDADDR_BREDR)
7a512d01 2312 conn->connect_cfm_cb = pairing_complete_cb;
4c47d739
VA		 2313 else
2314 conn->connect_cfm_cb = le_connect_complete_cb;
7a512d01 2315
e9a416b5
JH		 2316 conn->security_cfm_cb = pairing_complete_cb;
2317 conn->disconn_cfm_cb = pairing_complete_cb;
2318 conn->io_capability = cp->io_cap;
2319 cmd->user_data = conn;
2320
2321 if (conn->state == BT_CONNECTED &&
8ce8e2b5 2322 hci_conn_security(conn, sec_level, auth_type))
e9a416b5
JH		 2323 pairing_complete(cmd, 0);
2324
2325 err = 0;
2326
2327unlock:
09fd0de5 2328 hci_dev_unlock(hdev);
e9a416b5
JH		 2329 return err;
2330}
2331
04124681
GP		 2332static int cancel_pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
2333 u16 len)
28424707 2334{
0f4e68cf 2335 struct mgmt_addr_info *addr = data;
28424707
JH		 2336 struct pending_cmd *cmd;
2337 struct hci_conn *conn;
2338 int err;
2339
2340 BT_DBG("");
2341
28424707
JH		 2342 hci_dev_lock(hdev);
2343
5f97c1df 2344 if (!hdev_is_powered(hdev)) {
bdb6d971 2345 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
04124681 2346 MGMT_STATUS_NOT_POWERED);
5f97c1df
JH		 2347 goto unlock;
2348 }
2349
28424707
JH		 2350 cmd = mgmt_pending_find(MGMT_OP_PAIR_DEVICE, hdev);
2351 if (!cmd) {
bdb6d971 2352 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
04124681 2353 MGMT_STATUS_INVALID_PARAMS);
28424707
JH		 2354 goto unlock;
2355 }
2356
2357 conn = cmd->user_data;
2358
2359 if (bacmp(&addr->bdaddr, &conn->dst) != 0) {
bdb6d971 2360 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
04124681 2361 MGMT_STATUS_INVALID_PARAMS);
28424707
JH		 2362 goto unlock;
2363 }
2364
2365 pairing_complete(cmd, MGMT_STATUS_CANCELLED);
2366
bdb6d971 2367 err = cmd_complete(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE, 0,
04124681 2368 addr, sizeof(*addr));
28424707
JH		 2369unlock:
2370 hci_dev_unlock(hdev);
28424707
JH		 2371 return err;
2372}
2373
bdb6d971 2374static int user_pairing_resp(struct sock *sk, struct hci_dev *hdev,
1707c60e 2375 struct mgmt_addr_info *addr, u16 mgmt_op,
04124681 2376 u16 hci_op, __le32 passkey)
a5c29683 2377{
a5c29683 2378 struct pending_cmd *cmd;
0df4c185 2379 struct hci_conn *conn;
a5c29683
JH		 2380 int err;
2381
09fd0de5 2382 hci_dev_lock(hdev);
08ba5382 2383
4b34ee78 2384 if (!hdev_is_powered(hdev)) {
feb94d3d
JH		 2385 err = cmd_complete(sk, hdev->id, mgmt_op,
2386 MGMT_STATUS_NOT_POWERED, addr,
2387 sizeof(*addr));
0df4c185 2388 goto done;
a5c29683
JH		 2389 }
2390
1707c60e
JH		 2391 if (addr->type == BDADDR_BREDR)
2392 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &addr->bdaddr);
272d90df 2393 else
1707c60e 2394 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &addr->bdaddr);
272d90df
JH		 2395
2396 if (!conn) {
feb94d3d
JH		 2397 err = cmd_complete(sk, hdev->id, mgmt_op,
2398 MGMT_STATUS_NOT_CONNECTED, addr,
2399 sizeof(*addr));
272d90df
JH		 2400 goto done;
2401 }
47c15e2b 2402
1707c60e 2403 if (addr->type == BDADDR_LE_PUBLIC || addr->type == BDADDR_LE_RANDOM) {
47c15e2b 2404 /* Continue with pairing via SMP */
5fe57d9e
BG		 2405 err = smp_user_confirm_reply(conn, mgmt_op, passkey);
2406
2407 if (!err)
feb94d3d
JH		 2408 err = cmd_complete(sk, hdev->id, mgmt_op,
2409 MGMT_STATUS_SUCCESS, addr,
2410 sizeof(*addr));
5fe57d9e 2411 else
feb94d3d
JH		 2412 err = cmd_complete(sk, hdev->id, mgmt_op,
2413 MGMT_STATUS_FAILED, addr,
2414 sizeof(*addr));
47c15e2b 2415
47c15e2b
BG		 2416 goto done;
2417 }
2418
1707c60e 2419 cmd = mgmt_pending_add(sk, mgmt_op, hdev, addr, sizeof(*addr));
a5c29683
JH		 2420 if (!cmd) {
2421 err = -ENOMEM;
0df4c185 2422 goto done;
a5c29683
JH		 2423 }
2424
0df4c185 2425 /* Continue with pairing via HCI */
604086b7
BG		 2426 if (hci_op == HCI_OP_USER_PASSKEY_REPLY) {
2427 struct hci_cp_user_passkey_reply cp;
2428
1707c60e 2429 bacpy(&cp.bdaddr, &addr->bdaddr);
604086b7
BG		 2430 cp.passkey = passkey;
2431 err = hci_send_cmd(hdev, hci_op, sizeof(cp), &cp);
2432 } else
1707c60e
JH		 2433 err = hci_send_cmd(hdev, hci_op, sizeof(addr->bdaddr),
2434 &addr->bdaddr);
604086b7 2435
a664b5bc
JH		 2436 if (err < 0)
2437 mgmt_pending_remove(cmd);
a5c29683 2438
0df4c185 2439done:
09fd0de5 2440 hci_dev_unlock(hdev);
a5c29683
JH		 2441 return err;
2442}
2443
afeb019d
JK		 2444static int pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
2445 void *data, u16 len)
2446{
2447 struct mgmt_cp_pin_code_neg_reply *cp = data;
2448
2449 BT_DBG("");
2450
1707c60e 2451 return user_pairing_resp(sk, hdev, &cp->addr,
afeb019d
JK		 2452 MGMT_OP_PIN_CODE_NEG_REPLY,
2453 HCI_OP_PIN_CODE_NEG_REPLY, 0);
2454}
2455
04124681
GP		 2456static int user_confirm_reply(struct sock *sk, struct hci_dev *hdev, void *data,
2457 u16 len)
0df4c185 2458{
650f726d 2459 struct mgmt_cp_user_confirm_reply *cp = data;
0df4c185
BG		 2460
2461 BT_DBG("");
2462
2463 if (len != sizeof(*cp))
bdb6d971 2464 return cmd_status(sk, hdev->id, MGMT_OP_USER_CONFIRM_REPLY,
04124681 2465 MGMT_STATUS_INVALID_PARAMS);
0df4c185 2466
1707c60e 2467 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 2468 MGMT_OP_USER_CONFIRM_REPLY,
2469 HCI_OP_USER_CONFIRM_REPLY, 0);
0df4c185
BG		 2470}
2471
bdb6d971 2472static int user_confirm_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 2473 void *data, u16 len)
0df4c185 2474{
c9c2659f 2475 struct mgmt_cp_user_confirm_neg_reply *cp = data;
0df4c185
BG		 2476
2477 BT_DBG("");
2478
1707c60e 2479 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 2480 MGMT_OP_USER_CONFIRM_NEG_REPLY,
2481 HCI_OP_USER_CONFIRM_NEG_REPLY, 0);
0df4c185
BG		 2482}
2483
04124681
GP		 2484static int user_passkey_reply(struct sock *sk, struct hci_dev *hdev, void *data,
2485 u16 len)
604086b7 2486{
650f726d 2487 struct mgmt_cp_user_passkey_reply *cp = data;
604086b7
BG		 2488
2489 BT_DBG("");
2490
1707c60e 2491 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 2492 MGMT_OP_USER_PASSKEY_REPLY,
2493 HCI_OP_USER_PASSKEY_REPLY, cp->passkey);
604086b7
BG		 2494}
2495
bdb6d971 2496static int user_passkey_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 2497 void *data, u16 len)
604086b7 2498{
650f726d 2499 struct mgmt_cp_user_passkey_neg_reply *cp = data;
604086b7
BG		 2500
2501 BT_DBG("");
2502
1707c60e 2503 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 2504 MGMT_OP_USER_PASSKEY_NEG_REPLY,
2505 HCI_OP_USER_PASSKEY_NEG_REPLY, 0);
604086b7
BG		 2506}
2507
13928971 2508static void update_name(struct hci_request *req)
2b4bf397 2509{
13928971 2510 struct hci_dev *hdev = req->hdev;
2b4bf397
JH		 2511 struct hci_cp_write_local_name cp;
2512
13928971 2513 memcpy(cp.name, hdev->dev_name, sizeof(cp.name));
2b4bf397 2514
890ea898 2515 hci_req_add(req, HCI_OP_WRITE_LOCAL_NAME, sizeof(cp), &cp);
2b4bf397
JH		 2516}
2517
13928971
JH		 2518static void set_name_complete(struct hci_dev *hdev, u8 status)
2519{
2520 struct mgmt_cp_set_local_name *cp;
2521 struct pending_cmd *cmd;
2522
2523 BT_DBG("status 0x%02x", status);
2524
2525 hci_dev_lock(hdev);
2526
2527 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
2528 if (!cmd)
2529 goto unlock;
2530
2531 cp = cmd->param;
2532
2533 if (status)
2534 cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME,
2535 mgmt_status(status));
2536 else
2537 cmd_complete(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
2538 cp, sizeof(*cp));
2539
2540 mgmt_pending_remove(cmd);
2541
2542unlock:
2543 hci_dev_unlock(hdev);
2544}
2545
bdb6d971 2546static int set_local_name(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2547 u16 len)
b312b161 2548{
2b4bf397 2549 struct mgmt_cp_set_local_name *cp = data;
b312b161 2550 struct pending_cmd *cmd;
890ea898 2551 struct hci_request req;
b312b161
JH		 2552 int err;
2553
2554 BT_DBG("");
2555
09fd0de5 2556 hci_dev_lock(hdev);
b312b161 2557
b3f2ca94
JH		 2558 /* If the old values are the same as the new ones just return a
2559 * direct command complete event.
2560 */
2561 if (!memcmp(hdev->dev_name, cp->name, sizeof(hdev->dev_name)) &&
2562 !memcmp(hdev->short_name, cp->short_name,
2563 sizeof(hdev->short_name))) {
2564 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
2565 data, len);
2566 goto failed;
2567 }
2568
2b4bf397 2569 memcpy(hdev->short_name, cp->short_name, sizeof(hdev->short_name));
28cc7bde 2570
b5235a65 2571 if (!hdev_is_powered(hdev)) {
2b4bf397 2572 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
28cc7bde
JH		 2573
2574 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
04124681 2575 data, len);
28cc7bde
JH		 2576 if (err < 0)
2577 goto failed;
2578
2579 err = mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, data, len,
04124681 2580 sk);
28cc7bde 2581
b5235a65
JH		 2582 goto failed;
2583 }
2584
28cc7bde 2585 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LOCAL_NAME, hdev, data, len);
b312b161
JH		 2586 if (!cmd) {
2587 err = -ENOMEM;
2588 goto failed;
2589 }
2590
13928971
JH		 2591 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
2592
890ea898 2593 hci_req_init(&req, hdev);
3f985050
JH		 2594
2595 if (lmp_bredr_capable(hdev)) {
2596 update_name(&req);
2597 update_eir(&req);
2598 }
2599
2600 if (lmp_le_capable(hdev))
2601 hci_update_ad(&req);
2602
13928971 2603 err = hci_req_run(&req, set_name_complete);
b312b161
JH		 2604 if (err < 0)
2605 mgmt_pending_remove(cmd);
2606
2607failed:
09fd0de5 2608 hci_dev_unlock(hdev);
b312b161
JH		 2609 return err;
2610}
2611
0f4e68cf 2612static int read_local_oob_data(struct sock *sk, struct hci_dev *hdev,
04124681 2613 void *data, u16 data_len)
c35938b2 2614{
c35938b2
SJ		 2615 struct pending_cmd *cmd;
2616 int err;
2617
bdb6d971 2618 BT_DBG("%s", hdev->name);
c35938b2 2619
09fd0de5 2620 hci_dev_lock(hdev);
c35938b2 2621
4b34ee78 2622 if (!hdev_is_powered(hdev)) {
bdb6d971 2623 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
04124681 2624 MGMT_STATUS_NOT_POWERED);
c35938b2
SJ		 2625 goto unlock;
2626 }
2627
9a1a1996 2628 if (!lmp_ssp_capable(hdev)) {
bdb6d971 2629 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
04124681 2630 MGMT_STATUS_NOT_SUPPORTED);
c35938b2
SJ		 2631 goto unlock;
2632 }
2633
2e58ef3e 2634 if (mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev)) {
bdb6d971 2635 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
04124681 2636 MGMT_STATUS_BUSY);
c35938b2
SJ		 2637 goto unlock;
2638 }
2639
2e58ef3e 2640 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_DATA, hdev, NULL, 0);
c35938b2
SJ		 2641 if (!cmd) {
2642 err = -ENOMEM;
2643 goto unlock;
2644 }
2645
2646 err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL);
2647 if (err < 0)
2648 mgmt_pending_remove(cmd);
2649
2650unlock:
09fd0de5 2651 hci_dev_unlock(hdev);
c35938b2
SJ		 2652 return err;
2653}
2654
bdb6d971 2655static int add_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
04124681 2656 void *data, u16 len)
2763eda6 2657{
650f726d 2658 struct mgmt_cp_add_remote_oob_data *cp = data;
bf1e3541 2659 u8 status;
2763eda6
SJ		 2660 int err;
2661
bdb6d971 2662 BT_DBG("%s ", hdev->name);
2763eda6 2663
09fd0de5 2664 hci_dev_lock(hdev);
2763eda6 2665
664ce4cc 2666 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr, cp->hash,
04124681 2667 cp->randomizer);
2763eda6 2668 if (err < 0)
bf1e3541 2669 status = MGMT_STATUS_FAILED;
2763eda6 2670 else
a6785be2 2671 status = MGMT_STATUS_SUCCESS;
bf1e3541 2672
bdb6d971 2673 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA, status,
04124681 2674 &cp->addr, sizeof(cp->addr));
2763eda6 2675
09fd0de5 2676 hci_dev_unlock(hdev);
2763eda6
SJ		 2677 return err;
2678}
2679
bdb6d971 2680static int remove_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
8ce8e2b5 2681 void *data, u16 len)
2763eda6 2682{
650f726d 2683 struct mgmt_cp_remove_remote_oob_data *cp = data;
bf1e3541 2684 u8 status;
2763eda6
SJ		 2685 int err;
2686
bdb6d971 2687 BT_DBG("%s", hdev->name);
2763eda6 2688
09fd0de5 2689 hci_dev_lock(hdev);
2763eda6 2690
664ce4cc 2691 err = hci_remove_remote_oob_data(hdev, &cp->addr.bdaddr);
2763eda6 2692 if (err < 0)
bf1e3541 2693 status = MGMT_STATUS_INVALID_PARAMS;
2763eda6 2694 else
a6785be2 2695 status = MGMT_STATUS_SUCCESS;
bf1e3541 2696
bdb6d971 2697 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
04124681 2698 status, &cp->addr, sizeof(cp->addr));
2763eda6 2699
09fd0de5 2700 hci_dev_unlock(hdev);
2763eda6
SJ		 2701 return err;
2702}
2703
41dc2bd6
AG		 2704static int mgmt_start_discovery_failed(struct hci_dev *hdev, u8 status)
2705{
2706 struct pending_cmd *cmd;
2707 u8 type;
2708 int err;
2709
2710 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
2711
2712 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
2713 if (!cmd)
2714 return -ENOENT;
2715
2716 type = hdev->discovery.type;
2717
2718 err = cmd_complete(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status),
2719 &type, sizeof(type));
2720 mgmt_pending_remove(cmd);
2721
2722 return err;
2723}
2724
7c307720
AG		 2725static void start_discovery_complete(struct hci_dev *hdev, u8 status)
2726{
2727 BT_DBG("status %d", status);
2728
2729 if (status) {
2730 hci_dev_lock(hdev);
2731 mgmt_start_discovery_failed(hdev, status);
2732 hci_dev_unlock(hdev);
2733 return;
2734 }
2735
2736 hci_dev_lock(hdev);
2737 hci_discovery_set_state(hdev, DISCOVERY_FINDING);
2738 hci_dev_unlock(hdev);
2739
2740 switch (hdev->discovery.type) {
2741 case DISCOV_TYPE_LE:
2742 queue_delayed_work(hdev->workqueue, &hdev->le_scan_disable,
0d8cc935 2743 DISCOV_LE_TIMEOUT);
7c307720
AG		 2744 break;
2745
2746 case DISCOV_TYPE_INTERLEAVED:
2747 queue_delayed_work(hdev->workqueue, &hdev->le_scan_disable,
0d8cc935 2748 DISCOV_INTERLEAVED_TIMEOUT);
7c307720
AG		 2749 break;
2750
2751 case DISCOV_TYPE_BREDR:
2752 break;
2753
2754 default:
2755 BT_ERR("Invalid discovery type %d", hdev->discovery.type);
2756 }
2757}
2758
bdb6d971 2759static int start_discovery(struct sock *sk, struct hci_dev *hdev,
04124681 2760 void *data, u16 len)
14a53664 2761{
650f726d 2762 struct mgmt_cp_start_discovery *cp = data;
14a53664 2763 struct pending_cmd *cmd;
7c307720
AG		 2764 struct hci_cp_le_set_scan_param param_cp;
2765 struct hci_cp_le_set_scan_enable enable_cp;
2766 struct hci_cp_inquiry inq_cp;
2767 struct hci_request req;
2768 /* General inquiry access code (GIAC) */
2769 u8 lap[3] = { 0x33, 0x8b, 0x9e };
14a53664
JH		 2770 int err;
2771
bdb6d971 2772 BT_DBG("%s", hdev->name);
14a53664 2773
09fd0de5 2774 hci_dev_lock(hdev);
14a53664 2775
4b34ee78 2776 if (!hdev_is_powered(hdev)) {
bdb6d971 2777 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
04124681 2778 MGMT_STATUS_NOT_POWERED);
bd2d1334
JH		 2779 goto failed;
2780 }
2781
642be6c7
AG		 2782 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags)) {
2783 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2784 MGMT_STATUS_BUSY);
2785 goto failed;
2786 }
2787
ff9ef578 2788 if (hdev->discovery.state != DISCOVERY_STOPPED) {
bdb6d971 2789 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
04124681 2790 MGMT_STATUS_BUSY);
ff9ef578
JH		 2791 goto failed;
2792 }
2793
2e58ef3e 2794 cmd = mgmt_pending_add(sk, MGMT_OP_START_DISCOVERY, hdev, NULL, 0);
14a53664
JH		 2795 if (!cmd) {
2796 err = -ENOMEM;
2797 goto failed;
2798 }
2799
4aab14e5
AG		 2800 hdev->discovery.type = cp->type;
2801
7c307720
AG		 2802 hci_req_init(&req, hdev);
2803
4aab14e5 2804 switch (hdev->discovery.type) {
f39799f5 2805 case DISCOV_TYPE_BREDR:
56f87901 2806 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
04106755
JH		 2807 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2808 MGMT_STATUS_NOT_SUPPORTED);
2809 mgmt_pending_remove(cmd);
2810 goto failed;
2811 }
2812
7c307720
AG		 2813 if (test_bit(HCI_INQUIRY, &hdev->flags)) {
2814 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2815 MGMT_STATUS_BUSY);
2816 mgmt_pending_remove(cmd);
2817 goto failed;
2818 }
2819
2820 hci_inquiry_cache_flush(hdev);
2821
2822 memset(&inq_cp, 0, sizeof(inq_cp));
2823 memcpy(&inq_cp.lap, lap, sizeof(inq_cp.lap));
0d8cc935 2824 inq_cp.length = DISCOV_BREDR_INQUIRY_LEN;
7c307720 2825 hci_req_add(&req, HCI_OP_INQUIRY, sizeof(inq_cp), &inq_cp);
f39799f5
AG		 2826 break;
2827
2828 case DISCOV_TYPE_LE:
7c307720 2829 case DISCOV_TYPE_INTERLEAVED:
757aee0f 2830 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
04106755
JH		 2831 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2832 MGMT_STATUS_NOT_SUPPORTED);
2833 mgmt_pending_remove(cmd);
2834 goto failed;
2835 }
2836
7c307720 2837 if (hdev->discovery.type == DISCOV_TYPE_INTERLEAVED &&
56f87901 2838 !test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
04106755
JH		 2839 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2840 MGMT_STATUS_NOT_SUPPORTED);
2841 mgmt_pending_remove(cmd);
2842 goto failed;
2843 }
2844
7c307720
AG		 2845 if (test_bit(HCI_LE_PERIPHERAL, &hdev->dev_flags)) {
2846 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2847 MGMT_STATUS_REJECTED);
2848 mgmt_pending_remove(cmd);
2849 goto failed;
2850 }
2851
2852 if (test_bit(HCI_LE_SCAN, &hdev->dev_flags)) {
2853 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2854 MGMT_STATUS_BUSY);
2855 mgmt_pending_remove(cmd);
2856 goto failed;
2857 }
2858
2859 memset(&param_cp, 0, sizeof(param_cp));
2860 param_cp.type = LE_SCAN_ACTIVE;
0d8cc935
AG		 2861 param_cp.interval = cpu_to_le16(DISCOV_LE_SCAN_INT);
2862 param_cp.window = cpu_to_le16(DISCOV_LE_SCAN_WIN);
7c307720
AG		 2863 hci_req_add(&req, HCI_OP_LE_SET_SCAN_PARAM, sizeof(param_cp),
2864 &param_cp);
2865
2866 memset(&enable_cp, 0, sizeof(enable_cp));
2867 enable_cp.enable = LE_SCAN_ENABLE;
2868 enable_cp.filter_dup = LE_SCAN_FILTER_DUP_ENABLE;
2869 hci_req_add(&req, HCI_OP_LE_SET_SCAN_ENABLE, sizeof(enable_cp),
2870 &enable_cp);
5e0452c0
AG		 2871 break;
2872
f39799f5 2873 default:
04106755
JH		 2874 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2875 MGMT_STATUS_INVALID_PARAMS);
2876 mgmt_pending_remove(cmd);
2877 goto failed;
f39799f5 2878 }
3fd24153 2879
7c307720 2880 err = hci_req_run(&req, start_discovery_complete);
14a53664
JH		 2881 if (err < 0)
2882 mgmt_pending_remove(cmd);
ff9ef578
JH		 2883 else
2884 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
14a53664
JH		 2885
2886failed:
09fd0de5 2887 hci_dev_unlock(hdev);
14a53664
JH		 2888 return err;
2889}
2890
1183fdca
AG		 2891static int mgmt_stop_discovery_failed(struct hci_dev *hdev, u8 status)
2892{
2893 struct pending_cmd *cmd;
2894 int err;
2895
2896 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
2897 if (!cmd)
2898 return -ENOENT;
2899
2900 err = cmd_complete(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status),
2901 &hdev->discovery.type, sizeof(hdev->discovery.type));
2902 mgmt_pending_remove(cmd);
2903
2904 return err;
2905}
2906
0e05bba6
AG		 2907static void stop_discovery_complete(struct hci_dev *hdev, u8 status)
2908{
2909 BT_DBG("status %d", status);
2910
2911 hci_dev_lock(hdev);
2912
2913 if (status) {
2914 mgmt_stop_discovery_failed(hdev, status);
2915 goto unlock;
2916 }
2917
2918 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
2919
2920unlock:
2921 hci_dev_unlock(hdev);
2922}
2923
bdb6d971 2924static int stop_discovery(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2925 u16 len)
14a53664 2926{
d930650b 2927 struct mgmt_cp_stop_discovery *mgmt_cp = data;
14a53664 2928 struct pending_cmd *cmd;
30dc78e1
JH		 2929 struct hci_cp_remote_name_req_cancel cp;
2930 struct inquiry_entry *e;
0e05bba6
AG		 2931 struct hci_request req;
2932 struct hci_cp_le_set_scan_enable enable_cp;
14a53664
JH		 2933 int err;
2934
bdb6d971 2935 BT_DBG("%s", hdev->name);
14a53664 2936
09fd0de5 2937 hci_dev_lock(hdev);
14a53664 2938
30dc78e1 2939 if (!hci_discovery_active(hdev)) {
bdb6d971 2940 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
04124681
GP		 2941 MGMT_STATUS_REJECTED, &mgmt_cp->type,
2942 sizeof(mgmt_cp->type));
d930650b
JH		 2943 goto unlock;
2944 }
2945
2946 if (hdev->discovery.type != mgmt_cp->type) {
bdb6d971 2947 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
04124681
GP		 2948 MGMT_STATUS_INVALID_PARAMS, &mgmt_cp->type,
2949 sizeof(mgmt_cp->type));
30dc78e1 2950 goto unlock;
ff9ef578
JH		 2951 }
2952
2e58ef3e 2953 cmd = mgmt_pending_add(sk, MGMT_OP_STOP_DISCOVERY, hdev, NULL, 0);
14a53664
JH		 2954 if (!cmd) {
2955 err = -ENOMEM;
30dc78e1
JH		 2956 goto unlock;
2957 }
2958
0e05bba6
AG		 2959 hci_req_init(&req, hdev);
2960
e0d9727e
AG		 2961 switch (hdev->discovery.state) {
2962 case DISCOVERY_FINDING:
0e05bba6
AG		 2963 if (test_bit(HCI_INQUIRY, &hdev->flags)) {
2964 hci_req_add(&req, HCI_OP_INQUIRY_CANCEL, 0, NULL);
2965 } else {
2966 cancel_delayed_work(&hdev->le_scan_disable);
2967
2968 memset(&enable_cp, 0, sizeof(enable_cp));
2969 enable_cp.enable = LE_SCAN_DISABLE;
2970 hci_req_add(&req, HCI_OP_LE_SET_SCAN_ENABLE,
2971 sizeof(enable_cp), &enable_cp);
2972 }
c9ecc48e 2973
e0d9727e
AG		 2974 break;
2975
2976 case DISCOVERY_RESOLVING:
2977 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY,
8ce8e2b5 2978 NAME_PENDING);
e0d9727e 2979 if (!e) {
30dc78e1 2980 mgmt_pending_remove(cmd);
e0d9727e
AG		 2981 err = cmd_complete(sk, hdev->id,
2982 MGMT_OP_STOP_DISCOVERY, 0,
2983 &mgmt_cp->type,
2984 sizeof(mgmt_cp->type));
2985 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
2986 goto unlock;
2987 }
30dc78e1 2988
e0d9727e 2989 bacpy(&cp.bdaddr, &e->data.bdaddr);
0e05bba6
AG		 2990 hci_req_add(&req, HCI_OP_REMOTE_NAME_REQ_CANCEL, sizeof(cp),
2991 &cp);
e0d9727e
AG		 2992
2993 break;
2994
2995 default:
2996 BT_DBG("unknown discovery state %u", hdev->discovery.state);
0e05bba6
AG		 2997
2998 mgmt_pending_remove(cmd);
2999 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
3000 MGMT_STATUS_FAILED, &mgmt_cp->type,
3001 sizeof(mgmt_cp->type));
3002 goto unlock;
14a53664
JH		 3003 }
3004
0e05bba6 3005 err = hci_req_run(&req, stop_discovery_complete);
14a53664
JH		 3006 if (err < 0)
3007 mgmt_pending_remove(cmd);
ff9ef578
JH		 3008 else
3009 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
14a53664 3010
30dc78e1 3011unlock:
09fd0de5 3012 hci_dev_unlock(hdev);
14a53664
JH		 3013 return err;
3014}
3015
bdb6d971 3016static int confirm_name(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3017 u16 len)
561aafbc 3018{
650f726d 3019 struct mgmt_cp_confirm_name *cp = data;
561aafbc 3020 struct inquiry_entry *e;
561aafbc
JH		 3021 int err;
3022
bdb6d971 3023 BT_DBG("%s", hdev->name);
561aafbc 3024
561aafbc
JH		 3025 hci_dev_lock(hdev);
3026
30dc78e1 3027 if (!hci_discovery_active(hdev)) {
bdb6d971 3028 err = cmd_status(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
04124681 3029 MGMT_STATUS_FAILED);
30dc78e1
JH		 3030 goto failed;
3031 }
3032
a198e7b1 3033 e = hci_inquiry_cache_lookup_unknown(hdev, &cp->addr.bdaddr);
561aafbc 3034 if (!e) {
bdb6d971 3035 err = cmd_status(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
04124681 3036 MGMT_STATUS_INVALID_PARAMS);
561aafbc
JH		 3037 goto failed;
3038 }
3039
3040 if (cp->name_known) {
3041 e->name_state = NAME_KNOWN;
3042 list_del(&e->list);
3043 } else {
3044 e->name_state = NAME_NEEDED;
a3d4e20a 3045 hci_inquiry_cache_update_resolve(hdev, e);
561aafbc
JH		 3046 }
3047
e384662b
JH		 3048 err = cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME, 0, &cp->addr,
3049 sizeof(cp->addr));
561aafbc
JH		 3050
3051failed:
3052 hci_dev_unlock(hdev);
561aafbc
JH		 3053 return err;
3054}
3055
bdb6d971 3056static int block_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3057 u16 len)
7fbec224 3058{
650f726d 3059 struct mgmt_cp_block_device *cp = data;
f0eeea8b 3060 u8 status;
7fbec224
AJ		 3061 int err;
3062
bdb6d971 3063 BT_DBG("%s", hdev->name);
7fbec224 3064
4ee71b20 3065 if (!bdaddr_type_is_valid(cp->addr.type))
5d0846d4
JH		 3066 return cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE,
3067 MGMT_STATUS_INVALID_PARAMS,
3068 &cp->addr, sizeof(cp->addr));
4ee71b20 3069
09fd0de5 3070 hci_dev_lock(hdev);
5e762444 3071
88c1fe4b 3072 err = hci_blacklist_add(hdev, &cp->addr.bdaddr, cp->addr.type);
7fbec224 3073 if (err < 0)
f0eeea8b 3074 status = MGMT_STATUS_FAILED;
7fbec224 3075 else
a6785be2 3076 status = MGMT_STATUS_SUCCESS;
f0eeea8b 3077
bdb6d971 3078 err = cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE, status,
04124681 3079 &cp->addr, sizeof(cp->addr));
5e762444 3080
09fd0de5 3081 hci_dev_unlock(hdev);
7fbec224
AJ		 3082
3083 return err;
3084}
3085
bdb6d971 3086static int unblock_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3087 u16 len)
7fbec224 3088{
650f726d 3089 struct mgmt_cp_unblock_device *cp = data;
f0eeea8b 3090 u8 status;
7fbec224
AJ		 3091 int err;
3092
bdb6d971 3093 BT_DBG("%s", hdev->name);
7fbec224 3094
4ee71b20 3095 if (!bdaddr_type_is_valid(cp->addr.type))
5d0846d4
JH		 3096 return cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE,
3097 MGMT_STATUS_INVALID_PARAMS,
3098 &cp->addr, sizeof(cp->addr));
4ee71b20 3099
09fd0de5 3100 hci_dev_lock(hdev);
5e762444 3101
88c1fe4b 3102 err = hci_blacklist_del(hdev, &cp->addr.bdaddr, cp->addr.type);
7fbec224 3103 if (err < 0)
f0eeea8b 3104 status = MGMT_STATUS_INVALID_PARAMS;
7fbec224 3105 else
a6785be2 3106 status = MGMT_STATUS_SUCCESS;
f0eeea8b 3107
bdb6d971 3108 err = cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE, status,
04124681 3109 &cp->addr, sizeof(cp->addr));
5e762444 3110
09fd0de5 3111 hci_dev_unlock(hdev);
7fbec224
AJ		 3112
3113 return err;
3114}
3115
cdbaccca
MH		 3116static int set_device_id(struct sock *sk, struct hci_dev *hdev, void *data,
3117 u16 len)
3118{
3119 struct mgmt_cp_set_device_id *cp = data;
890ea898 3120 struct hci_request req;
cdbaccca 3121 int err;
c72d4b8a 3122 __u16 source;
cdbaccca
MH		 3123
3124 BT_DBG("%s", hdev->name);
3125
c72d4b8a
SJ		 3126 source = __le16_to_cpu(cp->source);
3127
3128 if (source > 0x0002)
3129 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEVICE_ID,
3130 MGMT_STATUS_INVALID_PARAMS);
3131
cdbaccca
MH		 3132 hci_dev_lock(hdev);
3133
c72d4b8a 3134 hdev->devid_source = source;
cdbaccca
MH		 3135 hdev->devid_vendor = __le16_to_cpu(cp->vendor);
3136 hdev->devid_product = __le16_to_cpu(cp->product);
3137 hdev->devid_version = __le16_to_cpu(cp->version);
3138
3139 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEVICE_ID, 0, NULL, 0);
3140
890ea898
JH		 3141 hci_req_init(&req, hdev);
3142 update_eir(&req);
3143 hci_req_run(&req, NULL);
cdbaccca
MH		 3144
3145 hci_dev_unlock(hdev);
3146
3147 return err;
3148}
3149
4375f103
JH		 3150static void set_advertising_complete(struct hci_dev *hdev, u8 status)
3151{
3152 struct cmd_lookup match = { NULL, hdev };
3153
3154 if (status) {
3155 u8 mgmt_err = mgmt_status(status);
3156
3157 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev,
3158 cmd_status_rsp, &mgmt_err);
3159 return;
3160 }
3161
3162 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev, settings_rsp,
3163 &match);
3164
3165 new_settings(hdev, match.sk);
3166
3167 if (match.sk)
3168 sock_put(match.sk);
3169}
3170
3171static int set_advertising(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
3172{
3173 struct mgmt_mode *cp = data;
3174 struct pending_cmd *cmd;
3175 struct hci_request req;
3176 u8 val, enabled;
3177 int err;
3178
3179 BT_DBG("request for %s", hdev->name);
3180
3181 if (!lmp_le_capable(hdev))
3182 return cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
3183 MGMT_STATUS_NOT_SUPPORTED);
3184
3185 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
3186 return cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
3187 MGMT_STATUS_REJECTED);
3188
3189 if (cp->val != 0x00 && cp->val != 0x01)
3190 return cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
3191 MGMT_STATUS_INVALID_PARAMS);
3192
3193 hci_dev_lock(hdev);
3194
3195 val = !!cp->val;
3196 enabled = test_bit(HCI_LE_PERIPHERAL, &hdev->dev_flags);
3197
3198 if (!hdev_is_powered(hdev) || val == enabled) {
3199 bool changed = false;
3200
3201 if (val != test_bit(HCI_LE_PERIPHERAL, &hdev->dev_flags)) {
3202 change_bit(HCI_LE_PERIPHERAL, &hdev->dev_flags);
3203 changed = true;
3204 }
3205
3206 err = send_settings_rsp(sk, MGMT_OP_SET_ADVERTISING, hdev);
3207 if (err < 0)
3208 goto unlock;
3209
3210 if (changed)
3211 err = new_settings(hdev, sk);
3212
3213 goto unlock;
3214 }
3215
3216 if (mgmt_pending_find(MGMT_OP_SET_ADVERTISING, hdev) ||
3217 mgmt_pending_find(MGMT_OP_SET_LE, hdev)) {
3218 err = cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
3219 MGMT_STATUS_BUSY);
3220 goto unlock;
3221 }
3222
3223 cmd = mgmt_pending_add(sk, MGMT_OP_SET_ADVERTISING, hdev, data, len);
3224 if (!cmd) {
3225 err = -ENOMEM;
3226 goto unlock;
3227 }
3228
3229 hci_req_init(&req, hdev);
3230
3231 hci_req_add(&req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(val), &val);
3232
3233 err = hci_req_run(&req, set_advertising_complete);
3234 if (err < 0)
3235 mgmt_pending_remove(cmd);
3236
3237unlock:
3238 hci_dev_unlock(hdev);
3239 return err;
3240}
3241
33e38b3e
JH		 3242static void fast_connectable_complete(struct hci_dev *hdev, u8 status)
3243{
3244 struct pending_cmd *cmd;
3245
3246 BT_DBG("status 0x%02x", status);
3247
3248 hci_dev_lock(hdev);
3249
3250 cmd = mgmt_pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev);
3251 if (!cmd)
3252 goto unlock;
3253
3254 if (status) {
3255 cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
3256 mgmt_status(status));
3257 } else {
1a4d3c4b
JH		 3258 struct mgmt_mode *cp = cmd->param;
3259
3260 if (cp->val)
3261 set_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
3262 else
3263 clear_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
3264
33e38b3e
JH		 3265 send_settings_rsp(cmd->sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev);
3266 new_settings(hdev, cmd->sk);
3267 }
3268
3269 mgmt_pending_remove(cmd);
3270
3271unlock:
3272 hci_dev_unlock(hdev);
3273}
3274
bdb6d971 3275static int set_fast_connectable(struct sock *sk, struct hci_dev *hdev,
04124681 3276 void *data, u16 len)
f6422ec6 3277{
650f726d 3278 struct mgmt_mode *cp = data;
33e38b3e
JH		 3279 struct pending_cmd *cmd;
3280 struct hci_request req;
f6422ec6
AJ		 3281 int err;
3282
bdb6d971 3283 BT_DBG("%s", hdev->name);
f6422ec6 3284
56f87901
JH		 3285 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags) ||
3286 hdev->hci_ver < BLUETOOTH_VER_1_2)
33c525c0
JH		 3287 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
3288 MGMT_STATUS_NOT_SUPPORTED);
3289
a7e80f25
JH		 3290 if (cp->val != 0x00 && cp->val != 0x01)
3291 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
3292 MGMT_STATUS_INVALID_PARAMS);
3293
5400c044 3294 if (!hdev_is_powered(hdev))
bdb6d971 3295 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
04124681 3296 MGMT_STATUS_NOT_POWERED);
5400c044
JH		 3297
3298 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
bdb6d971 3299 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
04124681 3300 MGMT_STATUS_REJECTED);
f6422ec6
AJ		 3301
3302 hci_dev_lock(hdev);
3303
05cbf29f
JH		 3304 if (mgmt_pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev)) {
3305 err = cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
3306 MGMT_STATUS_BUSY);
3307 goto unlock;
3308 }
3309
1a4d3c4b
JH		 3310 if (!!cp->val == test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags)) {
3311 err = send_settings_rsp(sk, MGMT_OP_SET_FAST_CONNECTABLE,
3312 hdev);
3313 goto unlock;
3314 }
3315
33e38b3e
JH		 3316 cmd = mgmt_pending_add(sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev,
3317 data, len);
3318 if (!cmd) {
3319 err = -ENOMEM;
3320 goto unlock;
f6422ec6
AJ		 3321 }
3322
33e38b3e
JH		 3323 hci_req_init(&req, hdev);
3324
406d7804 3325 write_fast_connectable(&req, cp->val);
33e38b3e
JH		 3326
3327 err = hci_req_run(&req, fast_connectable_complete);
f6422ec6 3328 if (err < 0) {
bdb6d971 3329 err = cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
04124681 3330 MGMT_STATUS_FAILED);
33e38b3e 3331 mgmt_pending_remove(cmd);
f6422ec6
AJ		 3332 }
3333
33e38b3e 3334unlock:
f6422ec6 3335 hci_dev_unlock(hdev);
33e38b3e 3336
f6422ec6
AJ		 3337 return err;
3338}
3339
3f706b72
JH		 3340static bool ltk_is_valid(struct mgmt_ltk_info *key)
3341{
44b20d33
JH		 3342 if (key->authenticated != 0x00 && key->authenticated != 0x01)
3343 return false;
3f706b72
JH		 3344 if (key->master != 0x00 && key->master != 0x01)
3345 return false;
4ee71b20
JH		 3346 if (!bdaddr_type_is_le(key->addr.type))
3347 return false;
3f706b72
JH		 3348 return true;
3349}
3350
bdb6d971 3351static int load_long_term_keys(struct sock *sk, struct hci_dev *hdev,
04124681 3352 void *cp_data, u16 len)
346af67b 3353{
346af67b
VCG		 3354 struct mgmt_cp_load_long_term_keys *cp = cp_data;
3355 u16 key_count, expected_len;
715a5bf2 3356 int i, err;
346af67b 3357
1f350c87 3358 key_count = __le16_to_cpu(cp->key_count);
346af67b
VCG		 3359
3360 expected_len = sizeof(*cp) + key_count *
3361 sizeof(struct mgmt_ltk_info);
3362 if (expected_len != len) {
3363 BT_ERR("load_keys: expected %u bytes, got %u bytes",
8ce8e2b5 3364 len, expected_len);
bdb6d971 3365 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
e57e619f 3366 MGMT_STATUS_INVALID_PARAMS);
346af67b
VCG		 3367 }
3368
bdb6d971 3369 BT_DBG("%s key_count %u", hdev->name, key_count);
346af67b 3370
54ad6d8a
JH		 3371 for (i = 0; i < key_count; i++) {
3372 struct mgmt_ltk_info *key = &cp->keys[i];
3373
3f706b72 3374 if (!ltk_is_valid(key))
54ad6d8a
JH		 3375 return cmd_status(sk, hdev->id,
3376 MGMT_OP_LOAD_LONG_TERM_KEYS,
3377 MGMT_STATUS_INVALID_PARAMS);
3378 }
3379
346af67b
VCG		 3380 hci_dev_lock(hdev);
3381
3382 hci_smp_ltks_clear(hdev);
3383
3384 for (i = 0; i < key_count; i++) {
3385 struct mgmt_ltk_info *key = &cp->keys[i];
3386 u8 type;
3387
3388 if (key->master)
3389 type = HCI_SMP_LTK;
3390 else
3391 type = HCI_SMP_LTK_SLAVE;
3392
4596fde5 3393 hci_add_ltk(hdev, &key->addr.bdaddr,
378b5b7e 3394 bdaddr_to_le(key->addr.type),
04124681
GP		 3395 type, 0, key->authenticated, key->val,
3396 key->enc_size, key->ediv, key->rand);
346af67b
VCG		 3397 }
3398
715a5bf2
JH		 3399 err = cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS, 0,
3400 NULL, 0);
3401
346af67b 3402 hci_dev_unlock(hdev);
346af67b 3403
715a5bf2 3404 return err;
346af67b
VCG		 3405}
3406
2e3c35ea 3407static const struct mgmt_handler {
04124681
GP		 3408 int (*func) (struct sock *sk, struct hci_dev *hdev, void *data,
3409 u16 data_len);
be22b54e
JH		 3410 bool var_len;
3411 size_t data_len;
0f4e68cf
JH		 3412} mgmt_handlers[] = {
3413 { NULL }, /* 0x0000 (no command) */
be22b54e
JH		 3414 { read_version, false, MGMT_READ_VERSION_SIZE },
3415 { read_commands, false, MGMT_READ_COMMANDS_SIZE },
3416 { read_index_list, false, MGMT_READ_INDEX_LIST_SIZE },
3417 { read_controller_info, false, MGMT_READ_INFO_SIZE },
3418 { set_powered, false, MGMT_SETTING_SIZE },
3419 { set_discoverable, false, MGMT_SET_DISCOVERABLE_SIZE },
3420 { set_connectable, false, MGMT_SETTING_SIZE },
3421 { set_fast_connectable, false, MGMT_SETTING_SIZE },
3422 { set_pairable, false, MGMT_SETTING_SIZE },
3423 { set_link_security, false, MGMT_SETTING_SIZE },
3424 { set_ssp, false, MGMT_SETTING_SIZE },
3425 { set_hs, false, MGMT_SETTING_SIZE },
3426 { set_le, false, MGMT_SETTING_SIZE },
3427 { set_dev_class, false, MGMT_SET_DEV_CLASS_SIZE },
3428 { set_local_name, false, MGMT_SET_LOCAL_NAME_SIZE },
3429 { add_uuid, false, MGMT_ADD_UUID_SIZE },
3430 { remove_uuid, false, MGMT_REMOVE_UUID_SIZE },
3431 { load_link_keys, true, MGMT_LOAD_LINK_KEYS_SIZE },
3432 { load_long_term_keys, true, MGMT_LOAD_LONG_TERM_KEYS_SIZE },
3433 { disconnect, false, MGMT_DISCONNECT_SIZE },
3434 { get_connections, false, MGMT_GET_CONNECTIONS_SIZE },
3435 { pin_code_reply, false, MGMT_PIN_CODE_REPLY_SIZE },
3436 { pin_code_neg_reply, false, MGMT_PIN_CODE_NEG_REPLY_SIZE },
3437 { set_io_capability, false, MGMT_SET_IO_CAPABILITY_SIZE },
3438 { pair_device, false, MGMT_PAIR_DEVICE_SIZE },
3439 { cancel_pair_device, false, MGMT_CANCEL_PAIR_DEVICE_SIZE },
3440 { unpair_device, false, MGMT_UNPAIR_DEVICE_SIZE },
3441 { user_confirm_reply, false, MGMT_USER_CONFIRM_REPLY_SIZE },
3442 { user_confirm_neg_reply, false, MGMT_USER_CONFIRM_NEG_REPLY_SIZE },
3443 { user_passkey_reply, false, MGMT_USER_PASSKEY_REPLY_SIZE },
3444 { user_passkey_neg_reply, false, MGMT_USER_PASSKEY_NEG_REPLY_SIZE },
3445 { read_local_oob_data, false, MGMT_READ_LOCAL_OOB_DATA_SIZE },
3446 { add_remote_oob_data, false, MGMT_ADD_REMOTE_OOB_DATA_SIZE },
3447 { remove_remote_oob_data, false, MGMT_REMOVE_REMOTE_OOB_DATA_SIZE },
3448 { start_discovery, false, MGMT_START_DISCOVERY_SIZE },
3449 { stop_discovery, false, MGMT_STOP_DISCOVERY_SIZE },
3450 { confirm_name, false, MGMT_CONFIRM_NAME_SIZE },
3451 { block_device, false, MGMT_BLOCK_DEVICE_SIZE },
3452 { unblock_device, false, MGMT_UNBLOCK_DEVICE_SIZE },
cdbaccca 3453 { set_device_id, false, MGMT_SET_DEVICE_ID_SIZE },
4375f103 3454 { set_advertising, false, MGMT_SETTING_SIZE },
0f4e68cf
JH		 3455};
3456
3457
0381101f
JH		 3458int mgmt_control(struct sock *sk, struct msghdr *msg, size_t msglen)
3459{
650f726d
VCG		 3460 void *buf;
3461 u8 *cp;
0381101f 3462 struct mgmt_hdr *hdr;
4e51eae9 3463 u16 opcode, index, len;
bdb6d971 3464 struct hci_dev *hdev = NULL;
2e3c35ea 3465 const struct mgmt_handler *handler;
0381101f
JH		 3466 int err;
3467
3468 BT_DBG("got %zu bytes", msglen);
3469
3470 if (msglen < sizeof(*hdr))
3471 return -EINVAL;
3472
e63a15ec 3473 buf = kmalloc(msglen, GFP_KERNEL);
0381101f
JH		 3474 if (!buf)
3475 return -ENOMEM;
3476
3477 if (memcpy_fromiovec(buf, msg->msg_iov, msglen)) {
3478 err = -EFAULT;
3479 goto done;
3480 }
3481
650f726d 3482 hdr = buf;
1f350c87
MH		 3483 opcode = __le16_to_cpu(hdr->opcode);
3484 index = __le16_to_cpu(hdr->index);
3485 len = __le16_to_cpu(hdr->len);
0381101f
JH		 3486
3487 if (len != msglen - sizeof(*hdr)) {
3488 err = -EINVAL;
3489 goto done;
3490 }
3491
0f4e68cf 3492 if (index != MGMT_INDEX_NONE) {
bdb6d971
JH		 3493 hdev = hci_dev_get(index);
3494 if (!hdev) {
3495 err = cmd_status(sk, index, opcode,
04124681 3496 MGMT_STATUS_INVALID_INDEX);
bdb6d971
JH		 3497 goto done;
3498 }
0736cfa8
MH		 3499
3500 if (test_bit(HCI_USER_CHANNEL, &hdev->dev_flags)) {
3501 err = cmd_status(sk, index, opcode,
3502 MGMT_STATUS_INVALID_INDEX);
3503 goto done;
3504 }
bdb6d971
JH		 3505 }
3506
0f4e68cf 3507 if (opcode >= ARRAY_SIZE(mgmt_handlers) ||
8ce8e2b5 3508 mgmt_handlers[opcode].func == NULL) {
0381101f 3509 BT_DBG("Unknown op %u", opcode);
ca69b795 3510 err = cmd_status(sk, index, opcode,
04124681 3511 MGMT_STATUS_UNKNOWN_COMMAND);
0f4e68cf
JH		 3512 goto done;
3513 }
3514
3515 if ((hdev && opcode < MGMT_OP_READ_INFO) ||
8ce8e2b5 3516 (!hdev && opcode >= MGMT_OP_READ_INFO)) {
0f4e68cf 3517 err = cmd_status(sk, index, opcode,
04124681 3518 MGMT_STATUS_INVALID_INDEX);
0f4e68cf 3519 goto done;
0381101f
JH		 3520 }
3521
be22b54e
JH		 3522 handler = &mgmt_handlers[opcode];
3523
3524 if ((handler->var_len && len < handler->data_len) ||
8ce8e2b5 3525 (!handler->var_len && len != handler->data_len)) {
be22b54e 3526 err = cmd_status(sk, index, opcode,
04124681 3527 MGMT_STATUS_INVALID_PARAMS);
be22b54e
JH		 3528 goto done;
3529 }
3530
0f4e68cf
JH		 3531 if (hdev)
3532 mgmt_init_hdev(sk, hdev);
3533
3534 cp = buf + sizeof(*hdr);
3535
be22b54e 3536 err = handler->func(sk, hdev, cp, len);
e41d8b4e
JH		 3537 if (err < 0)
3538 goto done;
3539
0381101f
JH		 3540 err = msglen;
3541
3542done:
bdb6d971
JH		 3543 if (hdev)
3544 hci_dev_put(hdev);
3545
0381101f
JH		 3546 kfree(buf);
3547 return err;
3548}
c71e97bf 3549
744cf19e 3550int mgmt_index_added(struct hci_dev *hdev)
c71e97bf 3551{
bb4b2a9a
AE		 3552 if (!mgmt_valid_hdev(hdev))
3553 return -ENOTSUPP;
3554
744cf19e 3555 return mgmt_event(MGMT_EV_INDEX_ADDED, hdev, NULL, 0, NULL);
c71e97bf
JH		 3556}
3557
744cf19e 3558int mgmt_index_removed(struct hci_dev *hdev)
c71e97bf 3559{
5f159032 3560 u8 status = MGMT_STATUS_INVALID_INDEX;
b24752fe 3561
bb4b2a9a
AE		 3562 if (!mgmt_valid_hdev(hdev))
3563 return -ENOTSUPP;
3564
744cf19e 3565 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status);
b24752fe 3566
744cf19e 3567 return mgmt_event(MGMT_EV_INDEX_REMOVED, hdev, NULL, 0, NULL);
eec8d2bc
JH		 3568}
3569
890ea898 3570static void set_bredr_scan(struct hci_request *req)
7f0ae647 3571{
890ea898 3572 struct hci_dev *hdev = req->hdev;
7f0ae647
JH		 3573 u8 scan = 0;
3574
4c01f8b8
JH		 3575 /* Ensure that fast connectable is disabled. This function will
3576 * not do anything if the page scan parameters are already what
3577 * they should be.
3578 */
3579 write_fast_connectable(req, false);
3580
7f0ae647
JH		 3581 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
3582 scan |= SCAN_PAGE;
3583 if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
3584 scan |= SCAN_INQUIRY;
3585
890ea898
JH		 3586 if (scan)
3587 hci_req_add(req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
7f0ae647
JH		 3588}
3589
229ab39c
JH		 3590static void powered_complete(struct hci_dev *hdev, u8 status)
3591{
3592 struct cmd_lookup match = { NULL, hdev };
3593
3594 BT_DBG("status 0x%02x", status);
3595
3596 hci_dev_lock(hdev);
3597
3598 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
3599
3600 new_settings(hdev, match.sk);
3601
3602 hci_dev_unlock(hdev);
3603
3604 if (match.sk)
3605 sock_put(match.sk);
3606}
3607
70da6243 3608static int powered_update_hci(struct hci_dev *hdev)
5add6af8 3609{
890ea898 3610 struct hci_request req;
70da6243 3611 u8 link_sec;
5add6af8 3612
890ea898
JH		 3613 hci_req_init(&req, hdev);
3614
70da6243
JH		 3615 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags) &&
3616 !lmp_host_ssp_capable(hdev)) {
3617 u8 ssp = 1;
5e5282bb 3618
890ea898 3619 hci_req_add(&req, HCI_OP_WRITE_SSP_MODE, 1, &ssp);
70da6243 3620 }
5add6af8 3621
c73eee91
JH		 3622 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags) &&
3623 lmp_bredr_capable(hdev)) {
70da6243 3624 struct hci_cp_write_le_host_supported cp;
f0ff92fb 3625
70da6243
JH		 3626 cp.le = 1;
3627 cp.simul = lmp_le_br_capable(hdev);
3d1cbdd6 3628
70da6243
JH		 3629 /* Check first if we already have the right
3630 * host state (host features set)
3631 */
3632 if (cp.le != lmp_host_le_capable(hdev) ||
3633 cp.simul != lmp_host_le_br_capable(hdev))
890ea898
JH		 3634 hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED,
3635 sizeof(cp), &cp);
70da6243 3636 }
3d1cbdd6 3637
eeca6f89
JH		 3638 if (test_bit(HCI_LE_PERIPHERAL, &hdev->dev_flags)) {
3639 u8 adv = 0x01;
3640
3641 hci_req_add(&req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(adv), &adv);
3642 }
3643
70da6243
JH		 3644 link_sec = test_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
3645 if (link_sec != test_bit(HCI_AUTH, &hdev->flags))
890ea898
JH		 3646 hci_req_add(&req, HCI_OP_WRITE_AUTH_ENABLE,
3647 sizeof(link_sec), &link_sec);
562fcc24 3648
70da6243 3649 if (lmp_bredr_capable(hdev)) {
56f87901
JH		 3650 if (test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
3651 set_bredr_scan(&req);
890ea898 3652 update_class(&req);
13928971 3653 update_name(&req);
890ea898 3654 update_eir(&req);
70da6243 3655 }
562fcc24 3656
229ab39c 3657 return hci_req_run(&req, powered_complete);
70da6243 3658}
562fcc24 3659
70da6243
JH		 3660int mgmt_powered(struct hci_dev *hdev, u8 powered)
3661{
3662 struct cmd_lookup match = { NULL, hdev };
229ab39c
JH		 3663 u8 status_not_powered = MGMT_STATUS_NOT_POWERED;
3664 u8 zero_cod[] = { 0, 0, 0 };
70da6243 3665 int err;
f0ff92fb 3666
70da6243
JH		 3667 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
3668 return 0;
3669
70da6243 3670 if (powered) {
229ab39c
JH		 3671 if (powered_update_hci(hdev) == 0)
3672 return 0;
fe038884 3673
229ab39c
JH		 3674 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp,
3675 &match);
3676 goto new_settings;
b24752fe
JH		 3677 }
3678
229ab39c
JH		 3679 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
3680 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status_not_powered);
3681
3682 if (memcmp(hdev->dev_class, zero_cod, sizeof(zero_cod)) != 0)
3683 mgmt_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev,
3684 zero_cod, sizeof(zero_cod), NULL);
3685
3686new_settings:
beadb2bd 3687 err = new_settings(hdev, match.sk);
eec8d2bc
JH		 3688
3689 if (match.sk)
3690 sock_put(match.sk);
3691
7bb895d6 3692 return err;
5add6af8 3693}
73f22f62 3694
96570ffc
JH		 3695int mgmt_set_powered_failed(struct hci_dev *hdev, int err)
3696{
3697 struct pending_cmd *cmd;
3698 u8 status;
3699
3700 cmd = mgmt_pending_find(MGMT_OP_SET_POWERED, hdev);
3701 if (!cmd)
3702 return -ENOENT;
3703
3704 if (err == -ERFKILL)
3705 status = MGMT_STATUS_RFKILLED;
3706 else
3707 status = MGMT_STATUS_FAILED;
3708
3709 err = cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_POWERED, status);
3710
3711 mgmt_pending_remove(cmd);
3712
3713 return err;
3714}
3715
744cf19e 3716int mgmt_discoverable(struct hci_dev *hdev, u8 discoverable)
73f22f62 3717{
76a7f3a4 3718 struct cmd_lookup match = { NULL, hdev };
5e5282bb
JH		 3719 bool changed = false;
3720 int err = 0;
73f22f62 3721
5e5282bb
JH		 3722 if (discoverable) {
3723 if (!test_and_set_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
3724 changed = true;
3725 } else {
3726 if (test_and_clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
3727 changed = true;
3728 }
73f22f62 3729
ed9b5f2f 3730 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, hdev, settings_rsp,
04124681 3731 &match);
ed9b5f2f 3732
beadb2bd
JH		 3733 if (changed)
3734 err = new_settings(hdev, match.sk);
5e5282bb 3735
73f22f62
JH		 3736 if (match.sk)
3737 sock_put(match.sk);
3738
7bb895d6 3739 return err;
73f22f62 3740}
9fbcbb45 3741
744cf19e 3742int mgmt_connectable(struct hci_dev *hdev, u8 connectable)
9fbcbb45 3743{
2b76f453 3744 struct pending_cmd *cmd;
5e5282bb
JH		 3745 bool changed = false;
3746 int err = 0;
9fbcbb45 3747
5e5282bb
JH		 3748 if (connectable) {
3749 if (!test_and_set_bit(HCI_CONNECTABLE, &hdev->dev_flags))
3750 changed = true;
3751 } else {
3752 if (test_and_clear_bit(HCI_CONNECTABLE, &hdev->dev_flags))
3753 changed = true;
3754 }
9fbcbb45 3755
2b76f453 3756 cmd = mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
ed9b5f2f 3757
beadb2bd 3758 if (changed)
2b76f453 3759 err = new_settings(hdev, cmd ? cmd->sk : NULL);
9fbcbb45 3760
7bb895d6 3761 return err;
9fbcbb45 3762}
55ed8ca1 3763
744cf19e 3764int mgmt_write_scan_failed(struct hci_dev *hdev, u8 scan, u8 status)
2d7cee58 3765{
ca69b795
JH		 3766 u8 mgmt_err = mgmt_status(status);
3767
2d7cee58 3768 if (scan & SCAN_PAGE)
744cf19e 3769 mgmt_pending_foreach(MGMT_OP_SET_CONNECTABLE, hdev,
04124681 3770 cmd_status_rsp, &mgmt_err);
2d7cee58
JH		 3771
3772 if (scan & SCAN_INQUIRY)
744cf19e 3773 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, hdev,
04124681 3774 cmd_status_rsp, &mgmt_err);
2d7cee58
JH		 3775
3776 return 0;
3777}
3778
53168e5b
CC		 3779int mgmt_new_link_key(struct hci_dev *hdev, struct link_key *key,
3780 bool persistent)
55ed8ca1 3781{
86742e1e 3782 struct mgmt_ev_new_link_key ev;
55ed8ca1 3783
a492cd52 3784 memset(&ev, 0, sizeof(ev));
55ed8ca1 3785
a492cd52 3786 ev.store_hint = persistent;
d753fdc4 3787 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
591f47f3 3788 ev.key.addr.type = BDADDR_BREDR;
a492cd52 3789 ev.key.type = key->type;
9b3b4460 3790 memcpy(ev.key.val, key->val, HCI_LINK_KEY_SIZE);
a492cd52 3791 ev.key.pin_len = key->pin_len;
55ed8ca1 3792
744cf19e 3793 return mgmt_event(MGMT_EV_NEW_LINK_KEY, hdev, &ev, sizeof(ev), NULL);
55ed8ca1 3794}
f7520543 3795
346af67b
VCG		 3796int mgmt_new_ltk(struct hci_dev *hdev, struct smp_ltk *key, u8 persistent)
3797{
3798 struct mgmt_ev_new_long_term_key ev;
3799
3800 memset(&ev, 0, sizeof(ev));
3801
3802 ev.store_hint = persistent;
3803 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
57c1477c 3804 ev.key.addr.type = link_to_bdaddr(LE_LINK, key->bdaddr_type);
346af67b
VCG		 3805 ev.key.authenticated = key->authenticated;
3806 ev.key.enc_size = key->enc_size;
3807 ev.key.ediv = key->ediv;
3808
3809 if (key->type == HCI_SMP_LTK)
3810 ev.key.master = 1;
3811
3812 memcpy(ev.key.rand, key->rand, sizeof(key->rand));
3813 memcpy(ev.key.val, key->val, sizeof(key->val));
3814
04124681
GP		 3815 return mgmt_event(MGMT_EV_NEW_LONG_TERM_KEY, hdev, &ev, sizeof(ev),
3816 NULL);
346af67b
VCG		 3817}
3818
afc747a6 3819int mgmt_device_connected(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
04124681
GP		 3820 u8 addr_type, u32 flags, u8 *name, u8 name_len,
3821 u8 *dev_class)
f7520543 3822{
b644ba33
JH		 3823 char buf[512];
3824 struct mgmt_ev_device_connected *ev = (void *) buf;
3825 u16 eir_len = 0;
f7520543 3826
b644ba33 3827 bacpy(&ev->addr.bdaddr, bdaddr);
57c1477c 3828 ev->addr.type = link_to_bdaddr(link_type, addr_type);
f7520543 3829
c95f0ba7 3830 ev->flags = __cpu_to_le32(flags);
08c79b61 3831
b644ba33
JH		 3832 if (name_len > 0)
3833 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE,
04124681 3834 name, name_len);
b644ba33
JH		 3835
3836 if (dev_class && memcmp(dev_class, "\0\0\0", 3) != 0)
53156385 3837 eir_len = eir_append_data(ev->eir, eir_len,
04124681 3838 EIR_CLASS_OF_DEV, dev_class, 3);
b644ba33 3839
eb55ef07 3840 ev->eir_len = cpu_to_le16(eir_len);
b644ba33
JH		 3841
3842 return mgmt_event(MGMT_EV_DEVICE_CONNECTED, hdev, buf,
04124681 3843 sizeof(*ev) + eir_len, NULL);
f7520543
JH		 3844}
3845
8962ee74
JH		 3846static void disconnect_rsp(struct pending_cmd *cmd, void *data)
3847{
c68fb7ff 3848 struct mgmt_cp_disconnect *cp = cmd->param;
8962ee74 3849 struct sock **sk = data;
a38528f1 3850 struct mgmt_rp_disconnect rp;
8962ee74 3851
88c3df13
JH		 3852 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
3853 rp.addr.type = cp->addr.type;
8962ee74 3854
aee9b218 3855 cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT, 0, &rp,
04124681 3856 sizeof(rp));
8962ee74
JH		 3857
3858 *sk = cmd->sk;
3859 sock_hold(*sk);
3860
a664b5bc 3861 mgmt_pending_remove(cmd);
8962ee74
JH		 3862}
3863
124f6e35 3864static void unpair_device_rsp(struct pending_cmd *cmd, void *data)
a8a1d19e 3865{
b1078ad0 3866 struct hci_dev *hdev = data;
124f6e35
JH		 3867 struct mgmt_cp_unpair_device *cp = cmd->param;
3868 struct mgmt_rp_unpair_device rp;
a8a1d19e
JH		 3869
3870 memset(&rp, 0, sizeof(rp));
124f6e35
JH		 3871 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
3872 rp.addr.type = cp->addr.type;
a8a1d19e 3873
b1078ad0
JH		 3874 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, cmd->sk);
3875
aee9b218 3876 cmd_complete(cmd->sk, cmd->index, cmd->opcode, 0, &rp, sizeof(rp));
a8a1d19e
JH		 3877
3878 mgmt_pending_remove(cmd);
3879}
3880
afc747a6 3881int mgmt_device_disconnected(struct hci_dev *hdev, bdaddr_t *bdaddr,
f0d6a0ea 3882 u8 link_type, u8 addr_type, u8 reason)
f7520543 3883{
f0d6a0ea 3884 struct mgmt_ev_device_disconnected ev;
8962ee74
JH		 3885 struct sock *sk = NULL;
3886 int err;
3887
744cf19e 3888 mgmt_pending_foreach(MGMT_OP_DISCONNECT, hdev, disconnect_rsp, &sk);
f7520543 3889
f0d6a0ea
MA		 3890 bacpy(&ev.addr.bdaddr, bdaddr);
3891 ev.addr.type = link_to_bdaddr(link_type, addr_type);
3892 ev.reason = reason;
f7520543 3893
afc747a6 3894 err = mgmt_event(MGMT_EV_DEVICE_DISCONNECTED, hdev, &ev, sizeof(ev),
04124681 3895 sk);
8962ee74
JH		 3896
3897 if (sk)
d97dcb66 3898 sock_put(sk);
8962ee74 3899
124f6e35 3900 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
04124681 3901 hdev);
a8a1d19e 3902
8962ee74
JH		 3903 return err;
3904}
3905
88c3df13 3906int mgmt_disconnect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 3907 u8 link_type, u8 addr_type, u8 status)
8962ee74 3908{
88c3df13 3909 struct mgmt_rp_disconnect rp;
8962ee74
JH		 3910 struct pending_cmd *cmd;
3911 int err;
3912
36a75f1b
JD		 3913 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
3914 hdev);
3915
2e58ef3e 3916 cmd = mgmt_pending_find(MGMT_OP_DISCONNECT, hdev);
8962ee74
JH		 3917 if (!cmd)
3918 return -ENOENT;
3919
88c3df13 3920 bacpy(&rp.addr.bdaddr, bdaddr);
57c1477c 3921 rp.addr.type = link_to_bdaddr(link_type, addr_type);
37d9ef76 3922
88c3df13 3923 err = cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT,
04124681 3924 mgmt_status(status), &rp, sizeof(rp));
8962ee74 3925
a664b5bc 3926 mgmt_pending_remove(cmd);
8962ee74
JH		 3927
3928 return err;
f7520543 3929}
17d5c04c 3930
48264f06 3931int mgmt_connect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
04124681 3932 u8 addr_type, u8 status)
17d5c04c
JH		 3933{
3934 struct mgmt_ev_connect_failed ev;
3935
4c659c39 3936 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 3937 ev.addr.type = link_to_bdaddr(link_type, addr_type);
ca69b795 3938 ev.status = mgmt_status(status);
17d5c04c 3939
744cf19e 3940 return mgmt_event(MGMT_EV_CONNECT_FAILED, hdev, &ev, sizeof(ev), NULL);
17d5c04c 3941}
980e1a53 3942
744cf19e 3943int mgmt_pin_code_request(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 secure)
980e1a53
JH		 3944{
3945 struct mgmt_ev_pin_code_request ev;
3946
d8457698 3947 bacpy(&ev.addr.bdaddr, bdaddr);
591f47f3 3948 ev.addr.type = BDADDR_BREDR;
a770bb5a 3949 ev.secure = secure;
980e1a53 3950
744cf19e 3951 return mgmt_event(MGMT_EV_PIN_CODE_REQUEST, hdev, &ev, sizeof(ev),
04124681 3952 NULL);
980e1a53
JH		 3953}
3954
744cf19e 3955int mgmt_pin_code_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 3956 u8 status)
980e1a53
JH		 3957{
3958 struct pending_cmd *cmd;
ac56fb13 3959 struct mgmt_rp_pin_code_reply rp;
980e1a53
JH		 3960 int err;
3961
2e58ef3e 3962 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_REPLY, hdev);
980e1a53
JH		 3963 if (!cmd)
3964 return -ENOENT;
3965
d8457698 3966 bacpy(&rp.addr.bdaddr, bdaddr);
591f47f3 3967 rp.addr.type = BDADDR_BREDR;
ac56fb13 3968
aee9b218 3969 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
04124681 3970 mgmt_status(status), &rp, sizeof(rp));
980e1a53 3971
a664b5bc 3972 mgmt_pending_remove(cmd);
980e1a53
JH		 3973
3974 return err;
3975}
3976
744cf19e 3977int mgmt_pin_code_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 3978 u8 status)
980e1a53
JH		 3979{
3980 struct pending_cmd *cmd;
ac56fb13 3981 struct mgmt_rp_pin_code_reply rp;
980e1a53
JH		 3982 int err;
3983
2e58ef3e 3984 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_NEG_REPLY, hdev);
980e1a53
JH		 3985 if (!cmd)
3986 return -ENOENT;
3987
d8457698 3988 bacpy(&rp.addr.bdaddr, bdaddr);
591f47f3 3989 rp.addr.type = BDADDR_BREDR;
ac56fb13 3990
aee9b218 3991 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_NEG_REPLY,
04124681 3992 mgmt_status(status), &rp, sizeof(rp));
980e1a53 3993
a664b5bc 3994 mgmt_pending_remove(cmd);
980e1a53
JH		 3995
3996 return err;
3997}
a5c29683 3998
744cf19e 3999int mgmt_user_confirm_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681
GP		 4000 u8 link_type, u8 addr_type, __le32 value,
4001 u8 confirm_hint)
a5c29683
JH		 4002{
4003 struct mgmt_ev_user_confirm_request ev;
4004
744cf19e 4005 BT_DBG("%s", hdev->name);
a5c29683 4006
272d90df 4007 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 4008 ev.addr.type = link_to_bdaddr(link_type, addr_type);
55bc1a37 4009 ev.confirm_hint = confirm_hint;
78e8098e 4010 ev.value = value;
a5c29683 4011
744cf19e 4012 return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST, hdev, &ev, sizeof(ev),
04124681 4013 NULL);
a5c29683
JH		 4014}
4015
272d90df 4016int mgmt_user_passkey_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
8ce8e2b5 4017 u8 link_type, u8 addr_type)
604086b7
BG		 4018{
4019 struct mgmt_ev_user_passkey_request ev;
4020
4021 BT_DBG("%s", hdev->name);
4022
272d90df 4023 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 4024 ev.addr.type = link_to_bdaddr(link_type, addr_type);
604086b7
BG		 4025
4026 return mgmt_event(MGMT_EV_USER_PASSKEY_REQUEST, hdev, &ev, sizeof(ev),
04124681 4027 NULL);
604086b7
BG		 4028}
4029
0df4c185 4030static int user_pairing_resp_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
8ce8e2b5
GP		 4031 u8 link_type, u8 addr_type, u8 status,
4032 u8 opcode)
a5c29683
JH		 4033{
4034 struct pending_cmd *cmd;
4035 struct mgmt_rp_user_confirm_reply rp;
4036 int err;
4037
2e58ef3e 4038 cmd = mgmt_pending_find(opcode, hdev);
a5c29683
JH		 4039 if (!cmd)
4040 return -ENOENT;
4041
272d90df 4042 bacpy(&rp.addr.bdaddr, bdaddr);
57c1477c 4043 rp.addr.type = link_to_bdaddr(link_type, addr_type);
aee9b218 4044 err = cmd_complete(cmd->sk, hdev->id, opcode, mgmt_status(status),
04124681 4045 &rp, sizeof(rp));
a5c29683 4046
a664b5bc 4047 mgmt_pending_remove(cmd);
a5c29683
JH		 4048
4049 return err;
4050}
4051
744cf19e 4052int mgmt_user_confirm_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 4053 u8 link_type, u8 addr_type, u8 status)
a5c29683 4054{
272d90df 4055 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
04124681 4056 status, MGMT_OP_USER_CONFIRM_REPLY);
a5c29683
JH		 4057}
4058
272d90df 4059int mgmt_user_confirm_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 4060 u8 link_type, u8 addr_type, u8 status)
a5c29683 4061{
272d90df 4062 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
8fc9ced3
GP		 4063 status,
4064 MGMT_OP_USER_CONFIRM_NEG_REPLY);
a5c29683 4065}
2a611692 4066
604086b7 4067int mgmt_user_passkey_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 4068 u8 link_type, u8 addr_type, u8 status)
604086b7 4069{
272d90df 4070 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
04124681 4071 status, MGMT_OP_USER_PASSKEY_REPLY);
604086b7
BG		 4072}
4073
272d90df 4074int mgmt_user_passkey_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 4075 u8 link_type, u8 addr_type, u8 status)
604086b7 4076{
272d90df 4077 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
8fc9ced3
GP		 4078 status,
4079 MGMT_OP_USER_PASSKEY_NEG_REPLY);
604086b7
BG		 4080}
4081
92a25256
JH		 4082int mgmt_user_passkey_notify(struct hci_dev *hdev, bdaddr_t *bdaddr,
4083 u8 link_type, u8 addr_type, u32 passkey,
4084 u8 entered)
4085{
4086 struct mgmt_ev_passkey_notify ev;
4087
4088 BT_DBG("%s", hdev->name);
4089
4090 bacpy(&ev.addr.bdaddr, bdaddr);
4091 ev.addr.type = link_to_bdaddr(link_type, addr_type);
4092 ev.passkey = __cpu_to_le32(passkey);
4093 ev.entered = entered;
4094
4095 return mgmt_event(MGMT_EV_PASSKEY_NOTIFY, hdev, &ev, sizeof(ev), NULL);
4096}
4097
bab73cb6 4098int mgmt_auth_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
04124681 4099 u8 addr_type, u8 status)
2a611692
JH		 4100{
4101 struct mgmt_ev_auth_failed ev;
4102
bab73cb6 4103 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 4104 ev.addr.type = link_to_bdaddr(link_type, addr_type);
ca69b795 4105 ev.status = mgmt_status(status);
2a611692 4106
744cf19e 4107 return mgmt_event(MGMT_EV_AUTH_FAILED, hdev, &ev, sizeof(ev), NULL);
2a611692 4108}
b312b161 4109
33ef95ed
JH		 4110int mgmt_auth_enable_complete(struct hci_dev *hdev, u8 status)
4111{
4112 struct cmd_lookup match = { NULL, hdev };
47990ea0
JH		 4113 bool changed = false;
4114 int err = 0;
33ef95ed
JH		 4115
4116 if (status) {
4117 u8 mgmt_err = mgmt_status(status);
4118 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev,
04124681 4119 cmd_status_rsp, &mgmt_err);
33ef95ed
JH		 4120 return 0;
4121 }
4122
47990ea0
JH		 4123 if (test_bit(HCI_AUTH, &hdev->flags)) {
4124 if (!test_and_set_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
4125 changed = true;
4126 } else {
4127 if (test_and_clear_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
4128 changed = true;
4129 }
4130
33ef95ed 4131 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev, settings_rsp,
04124681 4132 &match);
33ef95ed 4133
47990ea0
JH		 4134 if (changed)
4135 err = new_settings(hdev, match.sk);
33ef95ed
JH		 4136
4137 if (match.sk)
4138 sock_put(match.sk);
4139
4140 return err;
4141}
4142
890ea898 4143static void clear_eir(struct hci_request *req)
cacaf52f 4144{
890ea898 4145 struct hci_dev *hdev = req->hdev;
cacaf52f
JH		 4146 struct hci_cp_write_eir cp;
4147
976eb20e 4148 if (!lmp_ext_inq_capable(hdev))
890ea898 4149 return;
cacaf52f 4150
c80da27e
JH		 4151 memset(hdev->eir, 0, sizeof(hdev->eir));
4152
cacaf52f
JH		 4153 memset(&cp, 0, sizeof(cp));
4154
890ea898 4155 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
cacaf52f
JH		 4156}
4157
c0ecddc2 4158int mgmt_ssp_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
ed2c4ee3
JH		 4159{
4160 struct cmd_lookup match = { NULL, hdev };
890ea898 4161 struct hci_request req;
c0ecddc2
JH		 4162 bool changed = false;
4163 int err = 0;
ed2c4ee3
JH		 4164
4165 if (status) {
4166 u8 mgmt_err = mgmt_status(status);
c0ecddc2
JH		 4167
4168 if (enable && test_and_clear_bit(HCI_SSP_ENABLED,
04124681 4169 &hdev->dev_flags))
c0ecddc2
JH		 4170 err = new_settings(hdev, NULL);
4171
04124681
GP		 4172 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, cmd_status_rsp,
4173 &mgmt_err);
c0ecddc2
JH		 4174
4175 return err;
4176 }
4177
4178 if (enable) {
4179 if (!test_and_set_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
4180 changed = true;
4181 } else {
4182 if (test_and_clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
4183 changed = true;
ed2c4ee3
JH		 4184 }
4185
4186 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, settings_rsp, &match);
4187
c0ecddc2
JH		 4188 if (changed)
4189 err = new_settings(hdev, match.sk);
ed2c4ee3 4190
5fc6ebb1 4191 if (match.sk)
ed2c4ee3
JH		 4192 sock_put(match.sk);
4193
890ea898
JH		 4194 hci_req_init(&req, hdev);
4195
5fc6ebb1 4196 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
890ea898 4197 update_eir(&req);
5fc6ebb1 4198 else
890ea898
JH		 4199 clear_eir(&req);
4200
4201 hci_req_run(&req, NULL);
cacaf52f 4202
ed2c4ee3
JH		 4203 return err;
4204}
4205
92da6097 4206static void sk_lookup(struct pending_cmd *cmd, void *data)
90e70454
JH		 4207{
4208 struct cmd_lookup *match = data;
4209
90e70454
JH		 4210 if (match->sk == NULL) {
4211 match->sk = cmd->sk;
4212 sock_hold(match->sk);
4213 }
90e70454
JH		 4214}
4215
7f9a903c 4216int mgmt_set_class_of_dev_complete(struct hci_dev *hdev, u8 *dev_class,
04124681 4217 u8 status)
7f9a903c 4218{
90e70454
JH		 4219 struct cmd_lookup match = { NULL, hdev, mgmt_status(status) };
4220 int err = 0;
7f9a903c 4221
92da6097
JH		 4222 mgmt_pending_foreach(MGMT_OP_SET_DEV_CLASS, hdev, sk_lookup, &match);
4223 mgmt_pending_foreach(MGMT_OP_ADD_UUID, hdev, sk_lookup, &match);
4224 mgmt_pending_foreach(MGMT_OP_REMOVE_UUID, hdev, sk_lookup, &match);
90e70454
JH		 4225
4226 if (!status)
04124681
GP		 4227 err = mgmt_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev, dev_class,
4228 3, NULL);
90e70454
JH		 4229
4230 if (match.sk)
4231 sock_put(match.sk);
7f9a903c
MH		 4232
4233 return err;
4234}
4235
744cf19e 4236int mgmt_set_local_name_complete(struct hci_dev *hdev, u8 *name, u8 status)
b312b161 4237{
b312b161 4238 struct mgmt_cp_set_local_name ev;
13928971 4239 struct pending_cmd *cmd;
28cc7bde 4240
13928971
JH		 4241 if (status)
4242 return 0;
b312b161
JH		 4243
4244 memset(&ev, 0, sizeof(ev));
4245 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH);
28cc7bde 4246 memcpy(ev.short_name, hdev->short_name, HCI_MAX_SHORT_NAME_LENGTH);
b312b161 4247
2e58ef3e 4248 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
13928971
JH		 4249 if (!cmd) {
4250 memcpy(hdev->dev_name, name, sizeof(hdev->dev_name));
28cc7bde 4251
13928971
JH		 4252 /* If this is a HCI command related to powering on the
4253 * HCI dev don't send any mgmt signals.
4254 */
4255 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev))
4256 return 0;
890ea898 4257 }
b312b161 4258
13928971
JH		 4259 return mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, &ev, sizeof(ev),
4260 cmd ? cmd->sk : NULL);
b312b161 4261}
c35938b2 4262
744cf19e 4263int mgmt_read_local_oob_data_reply_complete(struct hci_dev *hdev, u8 *hash,
04124681 4264 u8 *randomizer, u8 status)
c35938b2
SJ		 4265{
4266 struct pending_cmd *cmd;
4267 int err;
4268
744cf19e 4269 BT_DBG("%s status %u", hdev->name, status);
c35938b2 4270
2e58ef3e 4271 cmd = mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev);
c35938b2
SJ		 4272 if (!cmd)
4273 return -ENOENT;
4274
4275 if (status) {
04124681
GP		 4276 err = cmd_status(cmd->sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
4277 mgmt_status(status));
c35938b2
SJ		 4278 } else {
4279 struct mgmt_rp_read_local_oob_data rp;
4280
4281 memcpy(rp.hash, hash, sizeof(rp.hash));
4282 memcpy(rp.randomizer, randomizer, sizeof(rp.randomizer));
4283
744cf19e 4284 err = cmd_complete(cmd->sk, hdev->id,
04124681
GP		 4285 MGMT_OP_READ_LOCAL_OOB_DATA, 0, &rp,
4286 sizeof(rp));
c35938b2
SJ		 4287 }
4288
4289 mgmt_pending_remove(cmd);
4290
4291 return err;
4292}
e17acd40 4293
48264f06 4294int mgmt_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
04124681
GP		 4295 u8 addr_type, u8 *dev_class, s8 rssi, u8 cfm_name, u8
4296 ssp, u8 *eir, u16 eir_len)
e17acd40 4297{
e319d2e7
JH		 4298 char buf[512];
4299 struct mgmt_ev_device_found *ev = (void *) buf;
1dc06093 4300 size_t ev_size;
e17acd40 4301
12602d0c
AG		 4302 if (!hci_discovery_active(hdev))
4303 return -EPERM;
4304
1dc06093
JH		 4305 /* Leave 5 bytes for a potential CoD field */
4306 if (sizeof(*ev) + eir_len + 5 > sizeof(buf))
7d262f86
AG		 4307 return -EINVAL;
4308
1dc06093
JH		 4309 memset(buf, 0, sizeof(buf));
4310
e319d2e7 4311 bacpy(&ev->addr.bdaddr, bdaddr);
57c1477c 4312 ev->addr.type = link_to_bdaddr(link_type, addr_type);
e319d2e7 4313 ev->rssi = rssi;
9a395a80 4314 if (cfm_name)
612dfce9 4315 ev->flags |= __constant_cpu_to_le32(MGMT_DEV_FOUND_CONFIRM_NAME);
388fc8fa 4316 if (!ssp)
612dfce9 4317 ev->flags |= __constant_cpu_to_le32(MGMT_DEV_FOUND_LEGACY_PAIRING);
e17acd40 4318
1dc06093 4319 if (eir_len > 0)
e319d2e7 4320 memcpy(ev->eir, eir, eir_len);
e17acd40 4321
1dc06093
JH		 4322 if (dev_class && !eir_has_data_type(ev->eir, eir_len, EIR_CLASS_OF_DEV))
4323 eir_len = eir_append_data(ev->eir, eir_len, EIR_CLASS_OF_DEV,
04124681 4324 dev_class, 3);
1dc06093 4325
eb55ef07 4326 ev->eir_len = cpu_to_le16(eir_len);
1dc06093 4327 ev_size = sizeof(*ev) + eir_len;
f8523598 4328
e319d2e7 4329 return mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, ev_size, NULL);
e17acd40 4330}
a88a9652 4331
b644ba33 4332int mgmt_remote_name(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
04124681 4333 u8 addr_type, s8 rssi, u8 *name, u8 name_len)
a88a9652 4334{
b644ba33
JH		 4335 struct mgmt_ev_device_found *ev;
4336 char buf[sizeof(*ev) + HCI_MAX_NAME_LENGTH + 2];
4337 u16 eir_len;
a88a9652 4338
b644ba33 4339 ev = (struct mgmt_ev_device_found *) buf;
a88a9652 4340
b644ba33
JH		 4341 memset(buf, 0, sizeof(buf));
4342
4343 bacpy(&ev->addr.bdaddr, bdaddr);
57c1477c 4344 ev->addr.type = link_to_bdaddr(link_type, addr_type);
b644ba33
JH		 4345 ev->rssi = rssi;
4346
4347 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE, name,
04124681 4348 name_len);
b644ba33 4349
eb55ef07 4350 ev->eir_len = cpu_to_le16(eir_len);
a88a9652 4351
053c7e0c 4352 return mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev,
04124681 4353 sizeof(*ev) + eir_len, NULL);
a88a9652 4354}
314b2381 4355
744cf19e 4356int mgmt_discovering(struct hci_dev *hdev, u8 discovering)
314b2381 4357{
f963e8e9 4358 struct mgmt_ev_discovering ev;
164a6e78
JH		 4359 struct pending_cmd *cmd;
4360
343fb145
AG		 4361 BT_DBG("%s discovering %u", hdev->name, discovering);
4362
164a6e78 4363 if (discovering)
2e58ef3e 4364 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
164a6e78 4365 else
2e58ef3e 4366 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
164a6e78
JH		 4367
4368 if (cmd != NULL) {
f808e166
JH		 4369 u8 type = hdev->discovery.type;
4370
04124681
GP		 4371 cmd_complete(cmd->sk, hdev->id, cmd->opcode, 0, &type,
4372 sizeof(type));
164a6e78
JH		 4373 mgmt_pending_remove(cmd);
4374 }
4375
f963e8e9
JH		 4376 memset(&ev, 0, sizeof(ev));
4377 ev.type = hdev->discovery.type;
4378 ev.discovering = discovering;
4379
4380 return mgmt_event(MGMT_EV_DISCOVERING, hdev, &ev, sizeof(ev), NULL);
314b2381 4381}
5e762444 4382
88c1fe4b 4383int mgmt_device_blocked(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
5e762444
AJ		 4384{
4385 struct pending_cmd *cmd;
4386 struct mgmt_ev_device_blocked ev;
4387
2e58ef3e 4388 cmd = mgmt_pending_find(MGMT_OP_BLOCK_DEVICE, hdev);
5e762444 4389
88c1fe4b
JH		 4390 bacpy(&ev.addr.bdaddr, bdaddr);
4391 ev.addr.type = type;
5e762444 4392
744cf19e 4393 return mgmt_event(MGMT_EV_DEVICE_BLOCKED, hdev, &ev, sizeof(ev),
04124681 4394 cmd ? cmd->sk : NULL);
5e762444
AJ		 4395}
4396
88c1fe4b 4397int mgmt_device_unblocked(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
5e762444
AJ		 4398{
4399 struct pending_cmd *cmd;
4400 struct mgmt_ev_device_unblocked ev;
4401
2e58ef3e 4402 cmd = mgmt_pending_find(MGMT_OP_UNBLOCK_DEVICE, hdev);
5e762444 4403
88c1fe4b
JH		 4404 bacpy(&ev.addr.bdaddr, bdaddr);
4405 ev.addr.type = type;
5e762444 4406
744cf19e 4407 return mgmt_event(MGMT_EV_DEVICE_UNBLOCKED, hdev, &ev, sizeof(ev),
04124681 4408 cmd ? cmd->sk : NULL);
5e762444 4409}
Linux kernel - Deliverables
This page took 0.649386 seconds and 5 git commands to generate.