projects / deliverable / linux.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Bluetooth: Move a2mp.h header file into net/bluetooth/
[deliverable/linux.git] / net / bluetooth / mgmt.c
CommitLineData
0381101f
JH		 1/*
2 BlueZ - Bluetooth protocol stack for Linux
ea585ab5 3
0381101f 4 Copyright (C) 2010 Nokia Corporation
ea585ab5 5 Copyright (C) 2011-2012 Intel Corporation
0381101f
JH		 6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
10
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
23*/
24
25/* Bluetooth HCI Management interface */
26
3a9a231d 27#include <linux/module.h>
0381101f
JH		 28#include <asm/unaligned.h>
29
30#include <net/bluetooth/bluetooth.h>
31#include <net/bluetooth/hci_core.h>
32#include <net/bluetooth/mgmt.h>
5fe57d9e 33#include <net/bluetooth/smp.h>
0381101f 34
2da9c55c 35#define MGMT_VERSION 1
9ab8cf37 36#define MGMT_REVISION 4
02d98129 37
e70bb2e8
JH		 38static const u16 mgmt_commands[] = {
39 MGMT_OP_READ_INDEX_LIST,
40 MGMT_OP_READ_INFO,
41 MGMT_OP_SET_POWERED,
42 MGMT_OP_SET_DISCOVERABLE,
43 MGMT_OP_SET_CONNECTABLE,
44 MGMT_OP_SET_FAST_CONNECTABLE,
45 MGMT_OP_SET_PAIRABLE,
46 MGMT_OP_SET_LINK_SECURITY,
47 MGMT_OP_SET_SSP,
48 MGMT_OP_SET_HS,
49 MGMT_OP_SET_LE,
50 MGMT_OP_SET_DEV_CLASS,
51 MGMT_OP_SET_LOCAL_NAME,
52 MGMT_OP_ADD_UUID,
53 MGMT_OP_REMOVE_UUID,
54 MGMT_OP_LOAD_LINK_KEYS,
55 MGMT_OP_LOAD_LONG_TERM_KEYS,
56 MGMT_OP_DISCONNECT,
57 MGMT_OP_GET_CONNECTIONS,
58 MGMT_OP_PIN_CODE_REPLY,
59 MGMT_OP_PIN_CODE_NEG_REPLY,
60 MGMT_OP_SET_IO_CAPABILITY,
61 MGMT_OP_PAIR_DEVICE,
62 MGMT_OP_CANCEL_PAIR_DEVICE,
63 MGMT_OP_UNPAIR_DEVICE,
64 MGMT_OP_USER_CONFIRM_REPLY,
65 MGMT_OP_USER_CONFIRM_NEG_REPLY,
66 MGMT_OP_USER_PASSKEY_REPLY,
67 MGMT_OP_USER_PASSKEY_NEG_REPLY,
68 MGMT_OP_READ_LOCAL_OOB_DATA,
69 MGMT_OP_ADD_REMOTE_OOB_DATA,
70 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
71 MGMT_OP_START_DISCOVERY,
72 MGMT_OP_STOP_DISCOVERY,
73 MGMT_OP_CONFIRM_NAME,
74 MGMT_OP_BLOCK_DEVICE,
75 MGMT_OP_UNBLOCK_DEVICE,
cdbaccca 76 MGMT_OP_SET_DEVICE_ID,
4375f103 77 MGMT_OP_SET_ADVERTISING,
0663ca2a 78 MGMT_OP_SET_BREDR,
d13eafce 79 MGMT_OP_SET_STATIC_ADDRESS,
e70bb2e8
JH		 80};
81
82static const u16 mgmt_events[] = {
83 MGMT_EV_CONTROLLER_ERROR,
84 MGMT_EV_INDEX_ADDED,
85 MGMT_EV_INDEX_REMOVED,
86 MGMT_EV_NEW_SETTINGS,
87 MGMT_EV_CLASS_OF_DEV_CHANGED,
88 MGMT_EV_LOCAL_NAME_CHANGED,
89 MGMT_EV_NEW_LINK_KEY,
90 MGMT_EV_NEW_LONG_TERM_KEY,
91 MGMT_EV_DEVICE_CONNECTED,
92 MGMT_EV_DEVICE_DISCONNECTED,
93 MGMT_EV_CONNECT_FAILED,
94 MGMT_EV_PIN_CODE_REQUEST,
95 MGMT_EV_USER_CONFIRM_REQUEST,
96 MGMT_EV_USER_PASSKEY_REQUEST,
97 MGMT_EV_AUTH_FAILED,
98 MGMT_EV_DEVICE_FOUND,
99 MGMT_EV_DISCOVERING,
100 MGMT_EV_DEVICE_BLOCKED,
101 MGMT_EV_DEVICE_UNBLOCKED,
102 MGMT_EV_DEVICE_UNPAIRED,
92a25256 103 MGMT_EV_PASSKEY_NOTIFY,
e70bb2e8
JH		 104};
105
17b02e62 106#define CACHE_TIMEOUT msecs_to_jiffies(2 * 1000)
7d78525d 107
4b34ee78
JH		 108#define hdev_is_powered(hdev) (test_bit(HCI_UP, &hdev->flags) && \
109 !test_bit(HCI_AUTO_OFF, &hdev->dev_flags))
110
eec8d2bc
JH		 111struct pending_cmd {
112 struct list_head list;
fc2f4b13 113 u16 opcode;
eec8d2bc 114 int index;
c68fb7ff 115 void *param;
eec8d2bc 116 struct sock *sk;
e9a416b5 117 void *user_data;
eec8d2bc
JH		 118};
119
ca69b795
JH		 120/* HCI to MGMT error code conversion table */
121static u8 mgmt_status_table[] = {
122 MGMT_STATUS_SUCCESS,
123 MGMT_STATUS_UNKNOWN_COMMAND, /* Unknown Command */
124 MGMT_STATUS_NOT_CONNECTED, /* No Connection */
125 MGMT_STATUS_FAILED, /* Hardware Failure */
126 MGMT_STATUS_CONNECT_FAILED, /* Page Timeout */
127 MGMT_STATUS_AUTH_FAILED, /* Authentication Failed */
128 MGMT_STATUS_NOT_PAIRED, /* PIN or Key Missing */
129 MGMT_STATUS_NO_RESOURCES, /* Memory Full */
130 MGMT_STATUS_TIMEOUT, /* Connection Timeout */
131 MGMT_STATUS_NO_RESOURCES, /* Max Number of Connections */
132 MGMT_STATUS_NO_RESOURCES, /* Max Number of SCO Connections */
133 MGMT_STATUS_ALREADY_CONNECTED, /* ACL Connection Exists */
134 MGMT_STATUS_BUSY, /* Command Disallowed */
135 MGMT_STATUS_NO_RESOURCES, /* Rejected Limited Resources */
136 MGMT_STATUS_REJECTED, /* Rejected Security */
137 MGMT_STATUS_REJECTED, /* Rejected Personal */
138 MGMT_STATUS_TIMEOUT, /* Host Timeout */
139 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Feature */
140 MGMT_STATUS_INVALID_PARAMS, /* Invalid Parameters */
141 MGMT_STATUS_DISCONNECTED, /* OE User Ended Connection */
142 MGMT_STATUS_NO_RESOURCES, /* OE Low Resources */
143 MGMT_STATUS_DISCONNECTED, /* OE Power Off */
144 MGMT_STATUS_DISCONNECTED, /* Connection Terminated */
145 MGMT_STATUS_BUSY, /* Repeated Attempts */
146 MGMT_STATUS_REJECTED, /* Pairing Not Allowed */
147 MGMT_STATUS_FAILED, /* Unknown LMP PDU */
148 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Remote Feature */
149 MGMT_STATUS_REJECTED, /* SCO Offset Rejected */
150 MGMT_STATUS_REJECTED, /* SCO Interval Rejected */
151 MGMT_STATUS_REJECTED, /* Air Mode Rejected */
152 MGMT_STATUS_INVALID_PARAMS, /* Invalid LMP Parameters */
153 MGMT_STATUS_FAILED, /* Unspecified Error */
154 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported LMP Parameter Value */
155 MGMT_STATUS_FAILED, /* Role Change Not Allowed */
156 MGMT_STATUS_TIMEOUT, /* LMP Response Timeout */
157 MGMT_STATUS_FAILED, /* LMP Error Transaction Collision */
158 MGMT_STATUS_FAILED, /* LMP PDU Not Allowed */
159 MGMT_STATUS_REJECTED, /* Encryption Mode Not Accepted */
160 MGMT_STATUS_FAILED, /* Unit Link Key Used */
161 MGMT_STATUS_NOT_SUPPORTED, /* QoS Not Supported */
162 MGMT_STATUS_TIMEOUT, /* Instant Passed */
163 MGMT_STATUS_NOT_SUPPORTED, /* Pairing Not Supported */
164 MGMT_STATUS_FAILED, /* Transaction Collision */
165 MGMT_STATUS_INVALID_PARAMS, /* Unacceptable Parameter */
166 MGMT_STATUS_REJECTED, /* QoS Rejected */
167 MGMT_STATUS_NOT_SUPPORTED, /* Classification Not Supported */
168 MGMT_STATUS_REJECTED, /* Insufficient Security */
169 MGMT_STATUS_INVALID_PARAMS, /* Parameter Out Of Range */
170 MGMT_STATUS_BUSY, /* Role Switch Pending */
171 MGMT_STATUS_FAILED, /* Slot Violation */
172 MGMT_STATUS_FAILED, /* Role Switch Failed */
173 MGMT_STATUS_INVALID_PARAMS, /* EIR Too Large */
174 MGMT_STATUS_NOT_SUPPORTED, /* Simple Pairing Not Supported */
175 MGMT_STATUS_BUSY, /* Host Busy Pairing */
176 MGMT_STATUS_REJECTED, /* Rejected, No Suitable Channel */
177 MGMT_STATUS_BUSY, /* Controller Busy */
178 MGMT_STATUS_INVALID_PARAMS, /* Unsuitable Connection Interval */
179 MGMT_STATUS_TIMEOUT, /* Directed Advertising Timeout */
180 MGMT_STATUS_AUTH_FAILED, /* Terminated Due to MIC Failure */
181 MGMT_STATUS_CONNECT_FAILED, /* Connection Establishment Failed */
182 MGMT_STATUS_CONNECT_FAILED, /* MAC Connection Failed */
183};
184
185static u8 mgmt_status(u8 hci_status)
186{
187 if (hci_status < ARRAY_SIZE(mgmt_status_table))
188 return mgmt_status_table[hci_status];
189
190 return MGMT_STATUS_FAILED;
191}
192
4e51eae9 193static int cmd_status(struct sock *sk, u16 index, u16 cmd, u8 status)
f7b64e69
JH		 194{
195 struct sk_buff *skb;
196 struct mgmt_hdr *hdr;
197 struct mgmt_ev_cmd_status *ev;
56b7d137 198 int err;
f7b64e69 199
34eb525c 200 BT_DBG("sock %p, index %u, cmd %u, status %u", sk, index, cmd, status);
f7b64e69 201
790eff44 202 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev), GFP_KERNEL);
f7b64e69
JH		 203 if (!skb)
204 return -ENOMEM;
205
206 hdr = (void *) skb_put(skb, sizeof(*hdr));
207
612dfce9 208 hdr->opcode = __constant_cpu_to_le16(MGMT_EV_CMD_STATUS);
4e51eae9 209 hdr->index = cpu_to_le16(index);
f7b64e69
JH		 210 hdr->len = cpu_to_le16(sizeof(*ev));
211
212 ev = (void *) skb_put(skb, sizeof(*ev));
213 ev->status = status;
eb55ef07 214 ev->opcode = cpu_to_le16(cmd);
f7b64e69 215
56b7d137
GP		 216 err = sock_queue_rcv_skb(sk, skb);
217 if (err < 0)
f7b64e69
JH		 218 kfree_skb(skb);
219
56b7d137 220 return err;
f7b64e69
JH		 221}
222
aee9b218 223static int cmd_complete(struct sock *sk, u16 index, u16 cmd, u8 status,
04124681 224 void *rp, size_t rp_len)
02d98129
JH		 225{
226 struct sk_buff *skb;
227 struct mgmt_hdr *hdr;
228 struct mgmt_ev_cmd_complete *ev;
56b7d137 229 int err;
02d98129
JH		 230
231 BT_DBG("sock %p", sk);
232
790eff44 233 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev) + rp_len, GFP_KERNEL);
02d98129
JH		 234 if (!skb)
235 return -ENOMEM;
236
237 hdr = (void *) skb_put(skb, sizeof(*hdr));
02d98129 238
612dfce9 239 hdr->opcode = __constant_cpu_to_le16(MGMT_EV_CMD_COMPLETE);
4e51eae9 240 hdr->index = cpu_to_le16(index);
a38528f1 241 hdr->len = cpu_to_le16(sizeof(*ev) + rp_len);
02d98129 242
a38528f1 243 ev = (void *) skb_put(skb, sizeof(*ev) + rp_len);
eb55ef07 244 ev->opcode = cpu_to_le16(cmd);
aee9b218 245 ev->status = status;
8020c16a
SJ		 246
247 if (rp)
248 memcpy(ev->data, rp, rp_len);
02d98129 249
56b7d137
GP		 250 err = sock_queue_rcv_skb(sk, skb);
251 if (err < 0)
02d98129
JH		 252 kfree_skb(skb);
253
e5f0e151 254 return err;
02d98129
JH		 255}
256
04124681
GP		 257static int read_version(struct sock *sk, struct hci_dev *hdev, void *data,
258 u16 data_len)
a38528f1
JH		 259{
260 struct mgmt_rp_read_version rp;
261
262 BT_DBG("sock %p", sk);
263
264 rp.version = MGMT_VERSION;
eb55ef07 265 rp.revision = __constant_cpu_to_le16(MGMT_REVISION);
a38528f1 266
aee9b218 267 return cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_VERSION, 0, &rp,
04124681 268 sizeof(rp));
a38528f1
JH		 269}
270
04124681
GP		 271static int read_commands(struct sock *sk, struct hci_dev *hdev, void *data,
272 u16 data_len)
e70bb2e8
JH		 273{
274 struct mgmt_rp_read_commands *rp;
eb55ef07
MH		 275 const u16 num_commands = ARRAY_SIZE(mgmt_commands);
276 const u16 num_events = ARRAY_SIZE(mgmt_events);
2e3c35ea 277 __le16 *opcode;
e70bb2e8
JH		 278 size_t rp_size;
279 int i, err;
280
281 BT_DBG("sock %p", sk);
282
283 rp_size = sizeof(*rp) + ((num_commands + num_events) * sizeof(u16));
284
285 rp = kmalloc(rp_size, GFP_KERNEL);
286 if (!rp)
287 return -ENOMEM;
288
eb55ef07
MH		 289 rp->num_commands = __constant_cpu_to_le16(num_commands);
290 rp->num_events = __constant_cpu_to_le16(num_events);
e70bb2e8
JH		 291
292 for (i = 0, opcode = rp->opcodes; i < num_commands; i++, opcode++)
293 put_unaligned_le16(mgmt_commands[i], opcode);
294
295 for (i = 0; i < num_events; i++, opcode++)
296 put_unaligned_le16(mgmt_events[i], opcode);
297
aee9b218 298 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_COMMANDS, 0, rp,
04124681 299 rp_size);
e70bb2e8
JH		 300 kfree(rp);
301
302 return err;
303}
304
04124681
GP		 305static int read_index_list(struct sock *sk, struct hci_dev *hdev, void *data,
306 u16 data_len)
faba42eb 307{
faba42eb 308 struct mgmt_rp_read_index_list *rp;
8035ded4 309 struct hci_dev *d;
a38528f1 310 size_t rp_len;
faba42eb 311 u16 count;
476e44cb 312 int err;
faba42eb
JH		 313
314 BT_DBG("sock %p", sk);
315
316 read_lock(&hci_dev_list_lock);
317
318 count = 0;
bb4b2a9a 319 list_for_each_entry(d, &hci_dev_list, list) {
1514b892
MH		 320 if (d->dev_type == HCI_BREDR)
321 count++;
faba42eb
JH		 322 }
323
a38528f1
JH		 324 rp_len = sizeof(*rp) + (2 * count);
325 rp = kmalloc(rp_len, GFP_ATOMIC);
326 if (!rp) {
b2c60d42 327 read_unlock(&hci_dev_list_lock);
faba42eb 328 return -ENOMEM;
b2c60d42 329 }
faba42eb 330
476e44cb 331 count = 0;
8035ded4 332 list_for_each_entry(d, &hci_dev_list, list) {
a8b2d5c2 333 if (test_bit(HCI_SETUP, &d->dev_flags))
ab81cbf9
JH		 334 continue;
335
0736cfa8
MH		 336 if (test_bit(HCI_USER_CHANNEL, &d->dev_flags))
337 continue;
338
1514b892
MH		 339 if (d->dev_type == HCI_BREDR) {
340 rp->index[count++] = cpu_to_le16(d->id);
341 BT_DBG("Added hci%u", d->id);
342 }
faba42eb
JH		 343 }
344
476e44cb
JH		 345 rp->num_controllers = cpu_to_le16(count);
346 rp_len = sizeof(*rp) + (2 * count);
347
faba42eb
JH		 348 read_unlock(&hci_dev_list_lock);
349
aee9b218 350 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_INDEX_LIST, 0, rp,
04124681 351 rp_len);
faba42eb 352
a38528f1
JH		 353 kfree(rp);
354
355 return err;
faba42eb
JH		 356}
357
69ab39ea
JH		 358static u32 get_supported_settings(struct hci_dev *hdev)
359{
360 u32 settings = 0;
361
362 settings |= MGMT_SETTING_POWERED;
69ab39ea
JH		 363 settings |= MGMT_SETTING_PAIRABLE;
364
9a1a1996 365 if (lmp_ssp_capable(hdev))
69ab39ea
JH		 366 settings |= MGMT_SETTING_SSP;
367
ed3fa31f 368 if (lmp_bredr_capable(hdev)) {
33c525c0 369 settings |= MGMT_SETTING_CONNECTABLE;
1a47aee8
JH		 370 if (hdev->hci_ver >= BLUETOOTH_VER_1_2)
371 settings |= MGMT_SETTING_FAST_CONNECTABLE;
33c525c0 372 settings |= MGMT_SETTING_DISCOVERABLE;
69ab39ea
JH		 373 settings |= MGMT_SETTING_BREDR;
374 settings |= MGMT_SETTING_LINK_SECURITY;
d7b7e796 375 settings |= MGMT_SETTING_HS;
848566b3 376 }
d7b7e796 377
eeca6f89 378 if (lmp_le_capable(hdev)) {
9d42820f 379 settings |= MGMT_SETTING_LE;
eeca6f89
JH		 380 settings |= MGMT_SETTING_ADVERTISING;
381 }
69ab39ea
JH		 382
383 return settings;
384}
385
386static u32 get_current_settings(struct hci_dev *hdev)
387{
388 u32 settings = 0;
389
f1f0eb02 390 if (hdev_is_powered(hdev))
f0d4b78a
MH		 391 settings |= MGMT_SETTING_POWERED;
392
5e5282bb 393 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
69ab39ea
JH		 394 settings |= MGMT_SETTING_CONNECTABLE;
395
1a4d3c4b
JH		 396 if (test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags))
397 settings |= MGMT_SETTING_FAST_CONNECTABLE;
398
5e5282bb 399 if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
69ab39ea
JH		 400 settings |= MGMT_SETTING_DISCOVERABLE;
401
a8b2d5c2 402 if (test_bit(HCI_PAIRABLE, &hdev->dev_flags))
69ab39ea
JH		 403 settings |= MGMT_SETTING_PAIRABLE;
404
56f87901 405 if (test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
69ab39ea
JH		 406 settings |= MGMT_SETTING_BREDR;
407
06199cf8 408 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
69ab39ea
JH		 409 settings |= MGMT_SETTING_LE;
410
47990ea0 411 if (test_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
69ab39ea
JH		 412 settings |= MGMT_SETTING_LINK_SECURITY;
413
84bde9d6 414 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
69ab39ea
JH		 415 settings |= MGMT_SETTING_SSP;
416
6d80dfd0
JH		 417 if (test_bit(HCI_HS_ENABLED, &hdev->dev_flags))
418 settings |= MGMT_SETTING_HS;
419
f3d3444a 420 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags))
eeca6f89
JH		 421 settings |= MGMT_SETTING_ADVERTISING;
422
69ab39ea
JH		 423 return settings;
424}
425
ef580372
JH		 426#define PNP_INFO_SVCLASS_ID 0x1200
427
213202ed
JH		 428static u8 *create_uuid16_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
429{
430 u8 *ptr = data, *uuids_start = NULL;
431 struct bt_uuid *uuid;
432
433 if (len < 4)
434 return ptr;
435
436 list_for_each_entry(uuid, &hdev->uuids, list) {
437 u16 uuid16;
438
439 if (uuid->size != 16)
440 continue;
441
442 uuid16 = get_unaligned_le16(&uuid->uuid[12]);
443 if (uuid16 < 0x1100)
444 continue;
445
446 if (uuid16 == PNP_INFO_SVCLASS_ID)
447 continue;
448
449 if (!uuids_start) {
450 uuids_start = ptr;
451 uuids_start[0] = 1;
452 uuids_start[1] = EIR_UUID16_ALL;
453 ptr += 2;
454 }
455
456 /* Stop if not enough space to put next UUID */
457 if ((ptr - data) + sizeof(u16) > len) {
458 uuids_start[1] = EIR_UUID16_SOME;
459 break;
460 }
461
462 *ptr++ = (uuid16 & 0x00ff);
463 *ptr++ = (uuid16 & 0xff00) >> 8;
464 uuids_start[0] += sizeof(uuid16);
465 }
466
467 return ptr;
468}
469
cdf1963f
JH		 470static u8 *create_uuid32_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
471{
472 u8 *ptr = data, *uuids_start = NULL;
473 struct bt_uuid *uuid;
474
475 if (len < 6)
476 return ptr;
477
478 list_for_each_entry(uuid, &hdev->uuids, list) {
479 if (uuid->size != 32)
480 continue;
481
482 if (!uuids_start) {
483 uuids_start = ptr;
484 uuids_start[0] = 1;
485 uuids_start[1] = EIR_UUID32_ALL;
486 ptr += 2;
487 }
488
489 /* Stop if not enough space to put next UUID */
490 if ((ptr - data) + sizeof(u32) > len) {
491 uuids_start[1] = EIR_UUID32_SOME;
492 break;
493 }
494
495 memcpy(ptr, &uuid->uuid[12], sizeof(u32));
496 ptr += sizeof(u32);
497 uuids_start[0] += sizeof(u32);
498 }
499
500 return ptr;
501}
502
c00d575b
JH		 503static u8 *create_uuid128_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
504{
505 u8 *ptr = data, *uuids_start = NULL;
506 struct bt_uuid *uuid;
507
508 if (len < 18)
509 return ptr;
510
511 list_for_each_entry(uuid, &hdev->uuids, list) {
512 if (uuid->size != 128)
513 continue;
514
515 if (!uuids_start) {
516 uuids_start = ptr;
517 uuids_start[0] = 1;
518 uuids_start[1] = EIR_UUID128_ALL;
519 ptr += 2;
520 }
521
522 /* Stop if not enough space to put next UUID */
523 if ((ptr - data) + 16 > len) {
524 uuids_start[1] = EIR_UUID128_SOME;
525 break;
526 }
527
528 memcpy(ptr, uuid->uuid, 16);
529 ptr += 16;
530 uuids_start[0] += 16;
531 }
532
533 return ptr;
534}
535
ef580372
JH		 536static void create_eir(struct hci_dev *hdev, u8 *data)
537{
538 u8 *ptr = data;
ef580372
JH		 539 size_t name_len;
540
541 name_len = strlen(hdev->dev_name);
542
543 if (name_len > 0) {
544 /* EIR Data type */
545 if (name_len > 48) {
546 name_len = 48;
547 ptr[1] = EIR_NAME_SHORT;
548 } else
549 ptr[1] = EIR_NAME_COMPLETE;
550
551 /* EIR Data length */
552 ptr[0] = name_len + 1;
553
554 memcpy(ptr + 2, hdev->dev_name, name_len);
555
ef580372
JH		 556 ptr += (name_len + 2);
557 }
558
bbaf444a 559 if (hdev->inq_tx_power != HCI_TX_POWER_INVALID) {
91c4e9b1
MH		 560 ptr[0] = 2;
561 ptr[1] = EIR_TX_POWER;
562 ptr[2] = (u8) hdev->inq_tx_power;
563
91c4e9b1
MH		 564 ptr += 3;
565 }
566
2b9be137
MH		 567 if (hdev->devid_source > 0) {
568 ptr[0] = 9;
569 ptr[1] = EIR_DEVICE_ID;
570
571 put_unaligned_le16(hdev->devid_source, ptr + 2);
572 put_unaligned_le16(hdev->devid_vendor, ptr + 4);
573 put_unaligned_le16(hdev->devid_product, ptr + 6);
574 put_unaligned_le16(hdev->devid_version, ptr + 8);
575
2b9be137
MH		 576 ptr += 10;
577 }
578
213202ed 579 ptr = create_uuid16_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
cdf1963f 580 ptr = create_uuid32_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
c00d575b 581 ptr = create_uuid128_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
ef580372
JH		 582}
583
890ea898 584static void update_eir(struct hci_request *req)
ef580372 585{
890ea898 586 struct hci_dev *hdev = req->hdev;
ef580372
JH		 587 struct hci_cp_write_eir cp;
588
504c8dcd 589 if (!hdev_is_powered(hdev))
890ea898 590 return;
7770c4aa 591
976eb20e 592 if (!lmp_ext_inq_capable(hdev))
890ea898 593 return;
ef580372 594
84bde9d6 595 if (!test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
890ea898 596 return;
ef580372 597
a8b2d5c2 598 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
890ea898 599 return;
ef580372
JH		 600
601 memset(&cp, 0, sizeof(cp));
602
603 create_eir(hdev, cp.data);
604
605 if (memcmp(cp.data, hdev->eir, sizeof(cp.data)) == 0)
890ea898 606 return;
ef580372
JH		 607
608 memcpy(hdev->eir, cp.data, sizeof(cp.data));
609
890ea898 610 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
ef580372
JH		 611}
612
613static u8 get_service_classes(struct hci_dev *hdev)
614{
615 struct bt_uuid *uuid;
616 u8 val = 0;
617
618 list_for_each_entry(uuid, &hdev->uuids, list)
619 val |= uuid->svc_hint;
620
621 return val;
622}
623
890ea898 624static void update_class(struct hci_request *req)
ef580372 625{
890ea898 626 struct hci_dev *hdev = req->hdev;
ef580372
JH		 627 u8 cod[3];
628
629 BT_DBG("%s", hdev->name);
630
504c8dcd 631 if (!hdev_is_powered(hdev))
890ea898 632 return;
7770c4aa 633
a8b2d5c2 634 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
890ea898 635 return;
ef580372
JH		 636
637 cod[0] = hdev->minor_class;
638 cod[1] = hdev->major_class;
639 cod[2] = get_service_classes(hdev);
640
641 if (memcmp(cod, hdev->dev_class, 3) == 0)
890ea898 642 return;
ef580372 643
890ea898 644 hci_req_add(req, HCI_OP_WRITE_CLASS_OF_DEV, sizeof(cod), cod);
ef580372
JH		 645}
646
7d78525d
JH		 647static void service_cache_off(struct work_struct *work)
648{
649 struct hci_dev *hdev = container_of(work, struct hci_dev,
04124681 650 service_cache.work);
890ea898 651 struct hci_request req;
7d78525d 652
a8b2d5c2 653 if (!test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
7d78525d
JH		 654 return;
655
890ea898
JH		 656 hci_req_init(&req, hdev);
657
7d78525d
JH		 658 hci_dev_lock(hdev);
659
890ea898
JH		 660 update_eir(&req);
661 update_class(&req);
7d78525d
JH		 662
663 hci_dev_unlock(hdev);
890ea898
JH		 664
665 hci_req_run(&req, NULL);
7d78525d
JH		 666}
667
6a919082 668static void mgmt_init_hdev(struct sock *sk, struct hci_dev *hdev)
7d78525d 669{
4f87da80 670 if (test_and_set_bit(HCI_MGMT, &hdev->dev_flags))
6a919082
JH		 671 return;
672
4f87da80 673 INIT_DELAYED_WORK(&hdev->service_cache, service_cache_off);
7d78525d 674
4f87da80
JH		 675 /* Non-mgmt controlled devices get this bit set
676 * implicitly so that pairing works for them, however
677 * for mgmt we require user-space to explicitly enable
678 * it
679 */
680 clear_bit(HCI_PAIRABLE, &hdev->dev_flags);
7d78525d
JH		 681}
682
0f4e68cf 683static int read_controller_info(struct sock *sk, struct hci_dev *hdev,
04124681 684 void *data, u16 data_len)
0381101f 685{
a38528f1 686 struct mgmt_rp_read_info rp;
f7b64e69 687
bdb6d971 688 BT_DBG("sock %p %s", sk, hdev->name);
f7b64e69 689
09fd0de5 690 hci_dev_lock(hdev);
f7b64e69 691
dc4fe30b
JH		 692 memset(&rp, 0, sizeof(rp));
693
69ab39ea 694 bacpy(&rp.bdaddr, &hdev->bdaddr);
f7b64e69 695
69ab39ea 696 rp.version = hdev->hci_ver;
eb55ef07 697 rp.manufacturer = cpu_to_le16(hdev->manufacturer);
69ab39ea
JH		 698
699 rp.supported_settings = cpu_to_le32(get_supported_settings(hdev));
700 rp.current_settings = cpu_to_le32(get_current_settings(hdev));
f7b64e69 701
a38528f1 702 memcpy(rp.dev_class, hdev->dev_class, 3);
f7b64e69 703
dc4fe30b 704 memcpy(rp.name, hdev->dev_name, sizeof(hdev->dev_name));
27fcc362 705 memcpy(rp.short_name, hdev->short_name, sizeof(hdev->short_name));
dc4fe30b 706
09fd0de5 707 hci_dev_unlock(hdev);
0381101f 708
bdb6d971 709 return cmd_complete(sk, hdev->id, MGMT_OP_READ_INFO, 0, &rp,
04124681 710 sizeof(rp));
0381101f
JH		 711}
712
eec8d2bc
JH		 713static void mgmt_pending_free(struct pending_cmd *cmd)
714{
715 sock_put(cmd->sk);
c68fb7ff 716 kfree(cmd->param);
eec8d2bc
JH		 717 kfree(cmd);
718}
719
366a0336 720static struct pending_cmd *mgmt_pending_add(struct sock *sk, u16 opcode,
04124681
GP		 721 struct hci_dev *hdev, void *data,
722 u16 len)
eec8d2bc
JH		 723{
724 struct pending_cmd *cmd;
725
12b94565 726 cmd = kmalloc(sizeof(*cmd), GFP_KERNEL);
eec8d2bc 727 if (!cmd)
366a0336 728 return NULL;
eec8d2bc
JH		 729
730 cmd->opcode = opcode;
2e58ef3e 731 cmd->index = hdev->id;
eec8d2bc 732
12b94565 733 cmd->param = kmalloc(len, GFP_KERNEL);
c68fb7ff 734 if (!cmd->param) {
eec8d2bc 735 kfree(cmd);
366a0336 736 return NULL;
eec8d2bc
JH		 737 }
738
8fce6357
SJ		 739 if (data)
740 memcpy(cmd->param, data, len);
eec8d2bc
JH		 741
742 cmd->sk = sk;
743 sock_hold(sk);
744
2e58ef3e 745 list_add(&cmd->list, &hdev->mgmt_pending);
eec8d2bc 746
366a0336 747 return cmd;
eec8d2bc
JH		 748}
749
744cf19e 750static void mgmt_pending_foreach(u16 opcode, struct hci_dev *hdev,
8fc9ced3
GP		 751 void (*cb)(struct pending_cmd *cmd,
752 void *data),
04124681 753 void *data)
eec8d2bc 754{
a3d09356 755 struct pending_cmd *cmd, *tmp;
eec8d2bc 756
a3d09356 757 list_for_each_entry_safe(cmd, tmp, &hdev->mgmt_pending, list) {
b24752fe 758 if (opcode > 0 && cmd->opcode != opcode)
eec8d2bc
JH		 759 continue;
760
eec8d2bc
JH		 761 cb(cmd, data);
762 }
763}
764
2e58ef3e 765static struct pending_cmd *mgmt_pending_find(u16 opcode, struct hci_dev *hdev)
eec8d2bc 766{
8035ded4 767 struct pending_cmd *cmd;
eec8d2bc 768
2e58ef3e 769 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
2aeabcbe
JH		 770 if (cmd->opcode == opcode)
771 return cmd;
eec8d2bc
JH		 772 }
773
774 return NULL;
775}
776
a664b5bc 777static void mgmt_pending_remove(struct pending_cmd *cmd)
73f22f62 778{
73f22f62
JH		 779 list_del(&cmd->list);
780 mgmt_pending_free(cmd);
781}
782
69ab39ea 783static int send_settings_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
8680570b 784{
69ab39ea 785 __le32 settings = cpu_to_le32(get_current_settings(hdev));
8680570b 786
aee9b218 787 return cmd_complete(sk, hdev->id, opcode, 0, &settings,
04124681 788 sizeof(settings));
8680570b
JH		 789}
790
bdb6d971 791static int set_powered(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 792 u16 len)
eec8d2bc 793{
650f726d 794 struct mgmt_mode *cp = data;
366a0336 795 struct pending_cmd *cmd;
4b34ee78 796 int err;
eec8d2bc 797
bdb6d971 798 BT_DBG("request for %s", hdev->name);
eec8d2bc 799
a7e80f25
JH		 800 if (cp->val != 0x00 && cp->val != 0x01)
801 return cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
802 MGMT_STATUS_INVALID_PARAMS);
803
09fd0de5 804 hci_dev_lock(hdev);
eec8d2bc 805
87b95ba6
JH		 806 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev)) {
807 err = cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
808 MGMT_STATUS_BUSY);
809 goto failed;
810 }
811
f0d4b78a
MH		 812 if (test_and_clear_bit(HCI_AUTO_OFF, &hdev->dev_flags)) {
813 cancel_delayed_work(&hdev->power_off);
814
815 if (cp->val) {
a1d70450
JH		 816 mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev,
817 data, len);
818 err = mgmt_powered(hdev, 1);
f0d4b78a
MH		 819 goto failed;
820 }
821 }
822
4b34ee78 823 if (!!cp->val == hdev_is_powered(hdev)) {
69ab39ea 824 err = send_settings_rsp(sk, MGMT_OP_SET_POWERED, hdev);
eec8d2bc
JH		 825 goto failed;
826 }
827
2e58ef3e 828 cmd = mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev, data, len);
366a0336
JH		 829 if (!cmd) {
830 err = -ENOMEM;
eec8d2bc 831 goto failed;
366a0336 832 }
eec8d2bc 833
72a734ec 834 if (cp->val)
19202573 835 queue_work(hdev->req_workqueue, &hdev->power_on);
eec8d2bc 836 else
19202573 837 queue_work(hdev->req_workqueue, &hdev->power_off.work);
eec8d2bc 838
366a0336 839 err = 0;
eec8d2bc
JH		 840
841failed:
09fd0de5 842 hci_dev_unlock(hdev);
366a0336 843 return err;
eec8d2bc
JH		 844}
845
04124681
GP		 846static int mgmt_event(u16 event, struct hci_dev *hdev, void *data, u16 data_len,
847 struct sock *skip_sk)
beadb2bd
JH		 848{
849 struct sk_buff *skb;
850 struct mgmt_hdr *hdr;
851
790eff44 852 skb = alloc_skb(sizeof(*hdr) + data_len, GFP_KERNEL);
beadb2bd
JH		 853 if (!skb)
854 return -ENOMEM;
855
856 hdr = (void *) skb_put(skb, sizeof(*hdr));
857 hdr->opcode = cpu_to_le16(event);
858 if (hdev)
859 hdr->index = cpu_to_le16(hdev->id);
860 else
612dfce9 861 hdr->index = __constant_cpu_to_le16(MGMT_INDEX_NONE);
beadb2bd
JH		 862 hdr->len = cpu_to_le16(data_len);
863
864 if (data)
865 memcpy(skb_put(skb, data_len), data, data_len);
866
97e0bdeb
MH		 867 /* Time stamp */
868 __net_timestamp(skb);
869
beadb2bd
JH		 870 hci_send_to_control(skb, skip_sk);
871 kfree_skb(skb);
872
873 return 0;
874}
875
876static int new_settings(struct hci_dev *hdev, struct sock *skip)
877{
878 __le32 ev;
879
880 ev = cpu_to_le32(get_current_settings(hdev));
881
882 return mgmt_event(MGMT_EV_NEW_SETTINGS, hdev, &ev, sizeof(ev), skip);
883}
884
bd99abdd
JH		 885struct cmd_lookup {
886 struct sock *sk;
887 struct hci_dev *hdev;
888 u8 mgmt_status;
889};
890
891static void settings_rsp(struct pending_cmd *cmd, void *data)
892{
893 struct cmd_lookup *match = data;
894
895 send_settings_rsp(cmd->sk, cmd->opcode, match->hdev);
896
897 list_del(&cmd->list);
898
899 if (match->sk == NULL) {
900 match->sk = cmd->sk;
901 sock_hold(match->sk);
902 }
903
904 mgmt_pending_free(cmd);
905}
906
907static void cmd_status_rsp(struct pending_cmd *cmd, void *data)
908{
909 u8 *status = data;
910
911 cmd_status(cmd->sk, cmd->index, cmd->opcode, *status);
912 mgmt_pending_remove(cmd);
913}
914
e6fe7986
JH		 915static u8 mgmt_bredr_support(struct hci_dev *hdev)
916{
917 if (!lmp_bredr_capable(hdev))
918 return MGMT_STATUS_NOT_SUPPORTED;
919 else if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
920 return MGMT_STATUS_REJECTED;
921 else
922 return MGMT_STATUS_SUCCESS;
923}
924
925static u8 mgmt_le_support(struct hci_dev *hdev)
926{
927 if (!lmp_le_capable(hdev))
928 return MGMT_STATUS_NOT_SUPPORTED;
929 else if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
930 return MGMT_STATUS_REJECTED;
931 else
932 return MGMT_STATUS_SUCCESS;
933}
934
bdb6d971 935static int set_discoverable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 936 u16 len)
73f22f62 937{
650f726d 938 struct mgmt_cp_set_discoverable *cp = data;
366a0336 939 struct pending_cmd *cmd;
5e5282bb 940 u16 timeout;
e6fe7986 941 u8 scan, status;
73f22f62
JH		 942 int err;
943
bdb6d971 944 BT_DBG("request for %s", hdev->name);
73f22f62 945
e6fe7986
JH		 946 status = mgmt_bredr_support(hdev);
947 if (status)
33c525c0 948 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
e6fe7986 949 status);
33c525c0 950
a7e80f25
JH		 951 if (cp->val != 0x00 && cp->val != 0x01)
952 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
953 MGMT_STATUS_INVALID_PARAMS);
954
1f350c87 955 timeout = __le16_to_cpu(cp->timeout);
24c54a90 956 if (!cp->val && timeout > 0)
bdb6d971 957 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 958 MGMT_STATUS_INVALID_PARAMS);
73f22f62 959
09fd0de5 960 hci_dev_lock(hdev);
73f22f62 961
5e5282bb 962 if (!hdev_is_powered(hdev) && timeout > 0) {
bdb6d971 963 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 964 MGMT_STATUS_NOT_POWERED);
73f22f62
JH		 965 goto failed;
966 }
967
2e58ef3e 968 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
8ce8e2b5 969 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
bdb6d971 970 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 971 MGMT_STATUS_BUSY);
73f22f62
JH		 972 goto failed;
973 }
974
5e5282bb 975 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags)) {
bdb6d971 976 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 977 MGMT_STATUS_REJECTED);
5e5282bb
JH		 978 goto failed;
979 }
980
981 if (!hdev_is_powered(hdev)) {
0224d2fa
JH		 982 bool changed = false;
983
984 if (!!cp->val != test_bit(HCI_DISCOVERABLE, &hdev->dev_flags)) {
985 change_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
986 changed = true;
987 }
988
5e5282bb 989 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
0224d2fa
JH		 990 if (err < 0)
991 goto failed;
992
993 if (changed)
994 err = new_settings(hdev, sk);
995
5e5282bb
JH		 996 goto failed;
997 }
998
999 if (!!cp->val == test_bit(HCI_DISCOVERABLE, &hdev->dev_flags)) {
955638ec
MH		 1000 if (hdev->discov_timeout > 0) {
1001 cancel_delayed_work(&hdev->discov_off);
1002 hdev->discov_timeout = 0;
1003 }
1004
1005 if (cp->val && timeout > 0) {
1006 hdev->discov_timeout = timeout;
1007 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
1008 msecs_to_jiffies(hdev->discov_timeout * 1000));
1009 }
1010
69ab39ea 1011 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
73f22f62
JH		 1012 goto failed;
1013 }
1014
2e58ef3e 1015 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DISCOVERABLE, hdev, data, len);
366a0336
JH		 1016 if (!cmd) {
1017 err = -ENOMEM;
73f22f62 1018 goto failed;
366a0336 1019 }
73f22f62
JH		 1020
1021 scan = SCAN_PAGE;
1022
72a734ec 1023 if (cp->val)
73f22f62 1024 scan |= SCAN_INQUIRY;
16ab91ab 1025 else
e0f9309f 1026 cancel_delayed_work(&hdev->discov_off);
73f22f62
JH		 1027
1028 err = hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1029 if (err < 0)
a664b5bc 1030 mgmt_pending_remove(cmd);
73f22f62 1031
16ab91ab 1032 if (cp->val)
5e5282bb 1033 hdev->discov_timeout = timeout;
16ab91ab 1034
73f22f62 1035failed:
09fd0de5 1036 hci_dev_unlock(hdev);
73f22f62
JH		 1037 return err;
1038}
1039
406d7804
JH		 1040static void write_fast_connectable(struct hci_request *req, bool enable)
1041{
bd98b996 1042 struct hci_dev *hdev = req->hdev;
406d7804
JH		 1043 struct hci_cp_write_page_scan_activity acp;
1044 u8 type;
1045
4c01f8b8
JH		 1046 if (hdev->hci_ver < BLUETOOTH_VER_1_2)
1047 return;
1048
406d7804
JH		 1049 if (enable) {
1050 type = PAGE_SCAN_TYPE_INTERLACED;
1051
1052 /* 160 msec page scan interval */
1053 acp.interval = __constant_cpu_to_le16(0x0100);
1054 } else {
1055 type = PAGE_SCAN_TYPE_STANDARD; /* default */
1056
1057 /* default 1.28 sec page scan */
1058 acp.interval = __constant_cpu_to_le16(0x0800);
1059 }
1060
1061 acp.window = __constant_cpu_to_le16(0x0012);
1062
bd98b996
JH		 1063 if (__cpu_to_le16(hdev->page_scan_interval) != acp.interval ||
1064 __cpu_to_le16(hdev->page_scan_window) != acp.window)
1065 hci_req_add(req, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY,
1066 sizeof(acp), &acp);
1067
1068 if (hdev->page_scan_type != type)
1069 hci_req_add(req, HCI_OP_WRITE_PAGE_SCAN_TYPE, 1, &type);
406d7804
JH		 1070}
1071
2b76f453
JH		 1072static void set_connectable_complete(struct hci_dev *hdev, u8 status)
1073{
1074 struct pending_cmd *cmd;
1075
1076 BT_DBG("status 0x%02x", status);
1077
1078 hci_dev_lock(hdev);
1079
1080 cmd = mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
1081 if (!cmd)
1082 goto unlock;
1083
1084 send_settings_rsp(cmd->sk, MGMT_OP_SET_CONNECTABLE, hdev);
1085
1086 mgmt_pending_remove(cmd);
1087
1088unlock:
1089 hci_dev_unlock(hdev);
1090}
1091
bdb6d971 1092static int set_connectable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1093 u16 len)
9fbcbb45 1094{
650f726d 1095 struct mgmt_mode *cp = data;
366a0336 1096 struct pending_cmd *cmd;
2b76f453 1097 struct hci_request req;
e6fe7986 1098 u8 scan, status;
9fbcbb45
JH		 1099 int err;
1100
bdb6d971 1101 BT_DBG("request for %s", hdev->name);
9fbcbb45 1102
e6fe7986
JH		 1103 status = mgmt_bredr_support(hdev);
1104 if (status)
33c525c0 1105 return cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
e6fe7986 1106 status);
33c525c0 1107
a7e80f25
JH		 1108 if (cp->val != 0x00 && cp->val != 0x01)
1109 return cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1110 MGMT_STATUS_INVALID_PARAMS);
1111
09fd0de5 1112 hci_dev_lock(hdev);
9fbcbb45 1113
4b34ee78 1114 if (!hdev_is_powered(hdev)) {
0224d2fa
JH		 1115 bool changed = false;
1116
1117 if (!!cp->val != test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
1118 changed = true;
1119
6bf0e469 1120 if (cp->val) {
5e5282bb 1121 set_bit(HCI_CONNECTABLE, &hdev->dev_flags);
6bf0e469 1122 } else {
5e5282bb
JH		 1123 clear_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1124 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
1125 }
0224d2fa 1126
5e5282bb 1127 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
0224d2fa
JH		 1128 if (err < 0)
1129 goto failed;
1130
1131 if (changed)
1132 err = new_settings(hdev, sk);
1133
9fbcbb45
JH		 1134 goto failed;
1135 }
1136
2e58ef3e 1137 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
8ce8e2b5 1138 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
bdb6d971 1139 err = cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
04124681 1140 MGMT_STATUS_BUSY);
9fbcbb45
JH		 1141 goto failed;
1142 }
1143
5e5282bb 1144 if (!!cp->val == test_bit(HCI_PSCAN, &hdev->flags)) {
69ab39ea 1145 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
9fbcbb45
JH		 1146 goto failed;
1147 }
1148
2e58ef3e 1149 cmd = mgmt_pending_add(sk, MGMT_OP_SET_CONNECTABLE, hdev, data, len);
366a0336
JH		 1150 if (!cmd) {
1151 err = -ENOMEM;
9fbcbb45 1152 goto failed;
366a0336 1153 }
9fbcbb45 1154
6bf0e469 1155 if (cp->val) {
9fbcbb45 1156 scan = SCAN_PAGE;
6bf0e469 1157 } else {
9fbcbb45
JH		 1158 scan = 0;
1159
df2c6c5e 1160 if (test_bit(HCI_ISCAN, &hdev->flags) &&
8ce8e2b5 1161 hdev->discov_timeout > 0)
df2c6c5e
JH		 1162 cancel_delayed_work(&hdev->discov_off);
1163 }
1164
2b76f453
JH		 1165 hci_req_init(&req, hdev);
1166
1167 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1168
4c01f8b8
JH		 1169 /* If we're going from non-connectable to connectable or
1170 * vice-versa when fast connectable is enabled ensure that fast
1171 * connectable gets disabled. write_fast_connectable won't do
1172 * anything if the page scan parameters are already what they
1173 * should be.
1174 */
1175 if (cp->val || test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags))
e36a3769
JH		 1176 write_fast_connectable(&req, false);
1177
2b76f453 1178 err = hci_req_run(&req, set_connectable_complete);
9fbcbb45 1179 if (err < 0)
a664b5bc 1180 mgmt_pending_remove(cmd);
9fbcbb45
JH		 1181
1182failed:
09fd0de5 1183 hci_dev_unlock(hdev);
9fbcbb45
JH		 1184 return err;
1185}
1186
bdb6d971 1187static int set_pairable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1188 u16 len)
c542a06c 1189{
650f726d 1190 struct mgmt_mode *cp = data;
55594356 1191 bool changed;
c542a06c
JH		 1192 int err;
1193
bdb6d971 1194 BT_DBG("request for %s", hdev->name);
c542a06c 1195
a7e80f25
JH		 1196 if (cp->val != 0x00 && cp->val != 0x01)
1197 return cmd_status(sk, hdev->id, MGMT_OP_SET_PAIRABLE,
1198 MGMT_STATUS_INVALID_PARAMS);
1199
09fd0de5 1200 hci_dev_lock(hdev);
c542a06c
JH		 1201
1202 if (cp->val)
55594356 1203 changed = !test_and_set_bit(HCI_PAIRABLE, &hdev->dev_flags);
c542a06c 1204 else
55594356 1205 changed = test_and_clear_bit(HCI_PAIRABLE, &hdev->dev_flags);
c542a06c 1206
69ab39ea 1207 err = send_settings_rsp(sk, MGMT_OP_SET_PAIRABLE, hdev);
c542a06c 1208 if (err < 0)
55594356 1209 goto unlock;
c542a06c 1210
55594356
MH		 1211 if (changed)
1212 err = new_settings(hdev, sk);
c542a06c 1213
55594356 1214unlock:
09fd0de5 1215 hci_dev_unlock(hdev);
c542a06c
JH		 1216 return err;
1217}
1218
04124681
GP		 1219static int set_link_security(struct sock *sk, struct hci_dev *hdev, void *data,
1220 u16 len)
33ef95ed
JH		 1221{
1222 struct mgmt_mode *cp = data;
1223 struct pending_cmd *cmd;
e6fe7986 1224 u8 val, status;
33ef95ed
JH		 1225 int err;
1226
bdb6d971 1227 BT_DBG("request for %s", hdev->name);
33ef95ed 1228
e6fe7986
JH		 1229 status = mgmt_bredr_support(hdev);
1230 if (status)
33c525c0 1231 return cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
e6fe7986 1232 status);
33c525c0 1233
a7e80f25
JH		 1234 if (cp->val != 0x00 && cp->val != 0x01)
1235 return cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1236 MGMT_STATUS_INVALID_PARAMS);
1237
33ef95ed
JH		 1238 hci_dev_lock(hdev);
1239
4b34ee78 1240 if (!hdev_is_powered(hdev)) {
47990ea0
JH		 1241 bool changed = false;
1242
1243 if (!!cp->val != test_bit(HCI_LINK_SECURITY,
8ce8e2b5 1244 &hdev->dev_flags)) {
47990ea0
JH		 1245 change_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
1246 changed = true;
1247 }
1248
1249 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1250 if (err < 0)
1251 goto failed;
1252
1253 if (changed)
1254 err = new_settings(hdev, sk);
1255
33ef95ed
JH		 1256 goto failed;
1257 }
1258
1259 if (mgmt_pending_find(MGMT_OP_SET_LINK_SECURITY, hdev)) {
bdb6d971 1260 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
04124681 1261 MGMT_STATUS_BUSY);
33ef95ed
JH		 1262 goto failed;
1263 }
1264
1265 val = !!cp->val;
1266
1267 if (test_bit(HCI_AUTH, &hdev->flags) == val) {
1268 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1269 goto failed;
1270 }
1271
1272 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LINK_SECURITY, hdev, data, len);
1273 if (!cmd) {
1274 err = -ENOMEM;
1275 goto failed;
1276 }
1277
1278 err = hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE, sizeof(val), &val);
1279 if (err < 0) {
1280 mgmt_pending_remove(cmd);
1281 goto failed;
1282 }
1283
1284failed:
1285 hci_dev_unlock(hdev);
33ef95ed
JH		 1286 return err;
1287}
1288
bdb6d971 1289static int set_ssp(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
ed2c4ee3
JH		 1290{
1291 struct mgmt_mode *cp = data;
1292 struct pending_cmd *cmd;
72ef0c1a 1293 u8 status;
ed2c4ee3
JH		 1294 int err;
1295
bdb6d971 1296 BT_DBG("request for %s", hdev->name);
ed2c4ee3 1297
cdba5281
MH		 1298 status = mgmt_bredr_support(hdev);
1299 if (status)
1300 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP, status);
1301
13ecd8b6
JH		 1302 if (!lmp_ssp_capable(hdev))
1303 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1304 MGMT_STATUS_NOT_SUPPORTED);
ed2c4ee3 1305
a7e80f25
JH		 1306 if (cp->val != 0x00 && cp->val != 0x01)
1307 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1308 MGMT_STATUS_INVALID_PARAMS);
1309
13ecd8b6 1310 hci_dev_lock(hdev);
6c8f12c1 1311
4b34ee78 1312 if (!hdev_is_powered(hdev)) {
9ecb3e24 1313 bool changed;
c0ecddc2 1314
9ecb3e24
MH		 1315 if (cp->val) {
1316 changed = !test_and_set_bit(HCI_SSP_ENABLED,
1317 &hdev->dev_flags);
1318 } else {
1319 changed = test_and_clear_bit(HCI_SSP_ENABLED,
1320 &hdev->dev_flags);
1321 if (!changed)
1322 changed = test_and_clear_bit(HCI_HS_ENABLED,
1323 &hdev->dev_flags);
1324 else
1325 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
c0ecddc2
JH		 1326 }
1327
1328 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1329 if (err < 0)
1330 goto failed;
1331
1332 if (changed)
1333 err = new_settings(hdev, sk);
1334
ed2c4ee3
JH		 1335 goto failed;
1336 }
1337
9ecb3e24
MH		 1338 if (mgmt_pending_find(MGMT_OP_SET_SSP, hdev) ||
1339 mgmt_pending_find(MGMT_OP_SET_HS, hdev)) {
d97dcb66
SJ		 1340 err = cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1341 MGMT_STATUS_BUSY);
ed2c4ee3
JH		 1342 goto failed;
1343 }
1344
72ef0c1a 1345 if (!!cp->val == test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) {
ed2c4ee3
JH		 1346 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1347 goto failed;
1348 }
1349
1350 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SSP, hdev, data, len);
1351 if (!cmd) {
1352 err = -ENOMEM;
1353 goto failed;
1354 }
1355
72ef0c1a 1356 err = hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, 1, &cp->val);
ed2c4ee3
JH		 1357 if (err < 0) {
1358 mgmt_pending_remove(cmd);
1359 goto failed;
1360 }
1361
1362failed:
1363 hci_dev_unlock(hdev);
ed2c4ee3
JH		 1364 return err;
1365}
1366
bdb6d971 1367static int set_hs(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
6d80dfd0
JH		 1368{
1369 struct mgmt_mode *cp = data;
ee392693 1370 bool changed;
e6fe7986 1371 u8 status;
ee392693 1372 int err;
6d80dfd0 1373
bdb6d971 1374 BT_DBG("request for %s", hdev->name);
6d80dfd0 1375
e6fe7986
JH		 1376 status = mgmt_bredr_support(hdev);
1377 if (status)
1378 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS, status);
6d80dfd0 1379
9ecb3e24
MH		 1380 if (!lmp_ssp_capable(hdev))
1381 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1382 MGMT_STATUS_NOT_SUPPORTED);
1383
1384 if (!test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
1385 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1386 MGMT_STATUS_REJECTED);
1387
a7e80f25
JH		 1388 if (cp->val != 0x00 && cp->val != 0x01)
1389 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1390 MGMT_STATUS_INVALID_PARAMS);
1391
ee392693
MH		 1392 hci_dev_lock(hdev);
1393
a0cdf960 1394 if (cp->val) {
ee392693 1395 changed = !test_and_set_bit(HCI_HS_ENABLED, &hdev->dev_flags);
a0cdf960
MH		 1396 } else {
1397 if (hdev_is_powered(hdev)) {
1398 err = cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1399 MGMT_STATUS_REJECTED);
1400 goto unlock;
1401 }
1402
ee392693 1403 changed = test_and_clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
a0cdf960 1404 }
ee392693
MH		 1405
1406 err = send_settings_rsp(sk, MGMT_OP_SET_HS, hdev);
1407 if (err < 0)
1408 goto unlock;
1409
1410 if (changed)
1411 err = new_settings(hdev, sk);
6d80dfd0 1412
ee392693
MH		 1413unlock:
1414 hci_dev_unlock(hdev);
1415 return err;
6d80dfd0
JH		 1416}
1417
bba3aa55
MH		 1418static void enable_advertising(struct hci_request *req)
1419{
b4faf300
MH		 1420 struct hci_dev *hdev = req->hdev;
1421 struct hci_cp_le_set_adv_param cp;
1422 u8 enable = 0x01;
1423
1424 memset(&cp, 0, sizeof(cp));
1425 cp.min_interval = __constant_cpu_to_le16(0x0800);
1426 cp.max_interval = __constant_cpu_to_le16(0x0800);
1427 cp.type = LE_ADV_IND;
1428 if (bacmp(&hdev->bdaddr, BDADDR_ANY))
1429 cp.own_address_type = ADDR_LE_DEV_PUBLIC;
1430 else
1431 cp.own_address_type = ADDR_LE_DEV_RANDOM;
1432 cp.channel_map = 0x07;
1433
1434 hci_req_add(req, HCI_OP_LE_SET_ADV_PARAM, sizeof(cp), &cp);
bba3aa55 1435
b4faf300 1436 hci_req_add(req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable), &enable);
bba3aa55
MH		 1437}
1438
1439static void disable_advertising(struct hci_request *req)
1440{
b4faf300 1441 u8 enable = 0x00;
bba3aa55 1442
b4faf300 1443 hci_req_add(req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable), &enable);
bba3aa55
MH		 1444}
1445
416a4ae5
JH		 1446static void le_enable_complete(struct hci_dev *hdev, u8 status)
1447{
1448 struct cmd_lookup match = { NULL, hdev };
1449
1450 if (status) {
1451 u8 mgmt_err = mgmt_status(status);
1452
1453 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, cmd_status_rsp,
1454 &mgmt_err);
1455 return;
1456 }
1457
1458 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, settings_rsp, &match);
1459
1460 new_settings(hdev, match.sk);
1461
1462 if (match.sk)
1463 sock_put(match.sk);
1464}
1465
bdb6d971 1466static int set_le(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
06199cf8
JH		 1467{
1468 struct mgmt_mode *cp = data;
1469 struct hci_cp_write_le_host_supported hci_cp;
1470 struct pending_cmd *cmd;
416a4ae5 1471 struct hci_request req;
06199cf8 1472 int err;
0b60eba1 1473 u8 val, enabled;
06199cf8 1474
bdb6d971 1475 BT_DBG("request for %s", hdev->name);
06199cf8 1476
13ecd8b6
JH		 1477 if (!lmp_le_capable(hdev))
1478 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1479 MGMT_STATUS_NOT_SUPPORTED);
1de028ce 1480
a7e80f25
JH		 1481 if (cp->val != 0x00 && cp->val != 0x01)
1482 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1483 MGMT_STATUS_INVALID_PARAMS);
1484
c73eee91 1485 /* LE-only devices do not allow toggling LE on/off */
56f87901 1486 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
c73eee91
JH		 1487 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1488 MGMT_STATUS_REJECTED);
1489
13ecd8b6 1490 hci_dev_lock(hdev);
06199cf8
JH		 1491
1492 val = !!cp->val;
ffa88e02 1493 enabled = lmp_host_le_capable(hdev);
06199cf8 1494
0b60eba1 1495 if (!hdev_is_powered(hdev) || val == enabled) {
06199cf8
JH		 1496 bool changed = false;
1497
1498 if (val != test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
1499 change_bit(HCI_LE_ENABLED, &hdev->dev_flags);
1500 changed = true;
1501 }
1502
f3d3444a
JH		 1503 if (!val && test_bit(HCI_ADVERTISING, &hdev->dev_flags)) {
1504 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
eeca6f89
JH		 1505 changed = true;
1506 }
1507
06199cf8
JH		 1508 err = send_settings_rsp(sk, MGMT_OP_SET_LE, hdev);
1509 if (err < 0)
1de028ce 1510 goto unlock;
06199cf8
JH		 1511
1512 if (changed)
1513 err = new_settings(hdev, sk);
1514
1de028ce 1515 goto unlock;
06199cf8
JH		 1516 }
1517
4375f103
JH		 1518 if (mgmt_pending_find(MGMT_OP_SET_LE, hdev) ||
1519 mgmt_pending_find(MGMT_OP_SET_ADVERTISING, hdev)) {
bdb6d971 1520 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
04124681 1521 MGMT_STATUS_BUSY);
1de028ce 1522 goto unlock;
06199cf8
JH		 1523 }
1524
1525 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LE, hdev, data, len);
1526 if (!cmd) {
1527 err = -ENOMEM;
1de028ce 1528 goto unlock;
06199cf8
JH		 1529 }
1530
1531 memset(&hci_cp, 0, sizeof(hci_cp));
1532
1533 if (val) {
1534 hci_cp.le = val;
ffa88e02 1535 hci_cp.simul = lmp_le_br_capable(hdev);
06199cf8
JH		 1536 }
1537
416a4ae5
JH		 1538 hci_req_init(&req, hdev);
1539
bba3aa55
MH		 1540 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags) && !val)
1541 disable_advertising(&req);
eeca6f89 1542
416a4ae5
JH		 1543 hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(hci_cp),
1544 &hci_cp);
1545
1546 err = hci_req_run(&req, le_enable_complete);
0c01bc48 1547 if (err < 0)
06199cf8 1548 mgmt_pending_remove(cmd);
06199cf8 1549
1de028ce
JH		 1550unlock:
1551 hci_dev_unlock(hdev);
06199cf8
JH		 1552 return err;
1553}
1554
0cab9c80
JH		 1555/* This is a helper function to test for pending mgmt commands that can
1556 * cause CoD or EIR HCI commands. We can only allow one such pending
1557 * mgmt command at a time since otherwise we cannot easily track what
1558 * the current values are, will be, and based on that calculate if a new
1559 * HCI command needs to be sent and if yes with what value.
1560 */
1561static bool pending_eir_or_class(struct hci_dev *hdev)
1562{
1563 struct pending_cmd *cmd;
1564
1565 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
1566 switch (cmd->opcode) {
1567 case MGMT_OP_ADD_UUID:
1568 case MGMT_OP_REMOVE_UUID:
1569 case MGMT_OP_SET_DEV_CLASS:
1570 case MGMT_OP_SET_POWERED:
1571 return true;
1572 }
1573 }
1574
1575 return false;
1576}
1577
83be8eca
JH		 1578static const u8 bluetooth_base_uuid[] = {
1579 0xfb, 0x34, 0x9b, 0x5f, 0x80, 0x00, 0x00, 0x80,
1580 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1581};
1582
1583static u8 get_uuid_size(const u8 *uuid)
1584{
1585 u32 val;
1586
1587 if (memcmp(uuid, bluetooth_base_uuid, 12))
1588 return 128;
1589
1590 val = get_unaligned_le32(&uuid[12]);
1591 if (val > 0xffff)
1592 return 32;
1593
1594 return 16;
1595}
1596
92da6097
JH		 1597static void mgmt_class_complete(struct hci_dev *hdev, u16 mgmt_op, u8 status)
1598{
1599 struct pending_cmd *cmd;
1600
1601 hci_dev_lock(hdev);
1602
1603 cmd = mgmt_pending_find(mgmt_op, hdev);
1604 if (!cmd)
1605 goto unlock;
1606
1607 cmd_complete(cmd->sk, cmd->index, cmd->opcode, mgmt_status(status),
1608 hdev->dev_class, 3);
1609
1610 mgmt_pending_remove(cmd);
1611
1612unlock:
1613 hci_dev_unlock(hdev);
1614}
1615
1616static void add_uuid_complete(struct hci_dev *hdev, u8 status)
1617{
1618 BT_DBG("status 0x%02x", status);
1619
1620 mgmt_class_complete(hdev, MGMT_OP_ADD_UUID, status);
1621}
1622
bdb6d971 1623static int add_uuid(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
2aeb9a1a 1624{
650f726d 1625 struct mgmt_cp_add_uuid *cp = data;
90e70454 1626 struct pending_cmd *cmd;
890ea898 1627 struct hci_request req;
2aeb9a1a 1628 struct bt_uuid *uuid;
2aeb9a1a
JH		 1629 int err;
1630
bdb6d971 1631 BT_DBG("request for %s", hdev->name);
2aeb9a1a 1632
09fd0de5 1633 hci_dev_lock(hdev);
2aeb9a1a 1634
0cab9c80 1635 if (pending_eir_or_class(hdev)) {
bdb6d971 1636 err = cmd_status(sk, hdev->id, MGMT_OP_ADD_UUID,
04124681 1637 MGMT_STATUS_BUSY);
c95f0ba7
JH		 1638 goto failed;
1639 }
1640
92c4c204 1641 uuid = kmalloc(sizeof(*uuid), GFP_KERNEL);
2aeb9a1a
JH		 1642 if (!uuid) {
1643 err = -ENOMEM;
1644 goto failed;
1645 }
1646
1647 memcpy(uuid->uuid, cp->uuid, 16);
1aff6f09 1648 uuid->svc_hint = cp->svc_hint;
83be8eca 1649 uuid->size = get_uuid_size(cp->uuid);
2aeb9a1a 1650
de66aa63 1651 list_add_tail(&uuid->list, &hdev->uuids);
2aeb9a1a 1652
890ea898 1653 hci_req_init(&req, hdev);
1aff6f09 1654
890ea898
JH		 1655 update_class(&req);
1656 update_eir(&req);
1657
92da6097
JH		 1658 err = hci_req_run(&req, add_uuid_complete);
1659 if (err < 0) {
1660 if (err != -ENODATA)
1661 goto failed;
80a1e1db 1662
bdb6d971 1663 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_UUID, 0,
04124681 1664 hdev->dev_class, 3);
90e70454
JH		 1665 goto failed;
1666 }
1667
1668 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_UUID, hdev, data, len);
890ea898 1669 if (!cmd) {
90e70454 1670 err = -ENOMEM;
890ea898
JH		 1671 goto failed;
1672 }
1673
1674 err = 0;
2aeb9a1a
JH		 1675
1676failed:
09fd0de5 1677 hci_dev_unlock(hdev);
2aeb9a1a
JH		 1678 return err;
1679}
1680
24b78d0f
JH		 1681static bool enable_service_cache(struct hci_dev *hdev)
1682{
1683 if (!hdev_is_powered(hdev))
1684 return false;
1685
1686 if (!test_and_set_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
46818ed5
JH		 1687 queue_delayed_work(hdev->workqueue, &hdev->service_cache,
1688 CACHE_TIMEOUT);
24b78d0f
JH		 1689 return true;
1690 }
1691
1692 return false;
1693}
1694
92da6097
JH		 1695static void remove_uuid_complete(struct hci_dev *hdev, u8 status)
1696{
1697 BT_DBG("status 0x%02x", status);
1698
1699 mgmt_class_complete(hdev, MGMT_OP_REMOVE_UUID, status);
1700}
1701
bdb6d971 1702static int remove_uuid(struct sock *sk, struct hci_dev *hdev, void *data,
8ce8e2b5 1703 u16 len)
2aeb9a1a 1704{
650f726d 1705 struct mgmt_cp_remove_uuid *cp = data;
90e70454 1706 struct pending_cmd *cmd;
056341c8 1707 struct bt_uuid *match, *tmp;
2aeb9a1a 1708 u8 bt_uuid_any[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
890ea898 1709 struct hci_request req;
2aeb9a1a
JH		 1710 int err, found;
1711
bdb6d971 1712 BT_DBG("request for %s", hdev->name);
2aeb9a1a 1713
09fd0de5 1714 hci_dev_lock(hdev);
2aeb9a1a 1715
0cab9c80 1716 if (pending_eir_or_class(hdev)) {
bdb6d971 1717 err = cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
04124681 1718 MGMT_STATUS_BUSY);
c95f0ba7
JH		 1719 goto unlock;
1720 }
1721
2aeb9a1a
JH		 1722 if (memcmp(cp->uuid, bt_uuid_any, 16) == 0) {
1723 err = hci_uuids_clear(hdev);
4004b6d9 1724
24b78d0f 1725 if (enable_service_cache(hdev)) {
bdb6d971 1726 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID,
04124681 1727 0, hdev->dev_class, 3);
24b78d0f
JH		 1728 goto unlock;
1729 }
4004b6d9 1730
9246a869 1731 goto update_class;
2aeb9a1a
JH		 1732 }
1733
1734 found = 0;
1735
056341c8 1736 list_for_each_entry_safe(match, tmp, &hdev->uuids, list) {
2aeb9a1a
JH		 1737 if (memcmp(match->uuid, cp->uuid, 16) != 0)
1738 continue;
1739
1740 list_del(&match->list);
482049f7 1741 kfree(match);
2aeb9a1a
JH		 1742 found++;
1743 }
1744
1745 if (found == 0) {
bdb6d971 1746 err = cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
04124681 1747 MGMT_STATUS_INVALID_PARAMS);
2aeb9a1a
JH		 1748 goto unlock;
1749 }
1750
9246a869 1751update_class:
890ea898 1752 hci_req_init(&req, hdev);
1aff6f09 1753
890ea898
JH		 1754 update_class(&req);
1755 update_eir(&req);
1756
92da6097
JH		 1757 err = hci_req_run(&req, remove_uuid_complete);
1758 if (err < 0) {
1759 if (err != -ENODATA)
1760 goto unlock;
80a1e1db 1761
bdb6d971 1762 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID, 0,
04124681 1763 hdev->dev_class, 3);
90e70454
JH		 1764 goto unlock;
1765 }
1766
1767 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_UUID, hdev, data, len);
890ea898 1768 if (!cmd) {
90e70454 1769 err = -ENOMEM;
890ea898
JH		 1770 goto unlock;
1771 }
1772
1773 err = 0;
2aeb9a1a
JH		 1774
1775unlock:
09fd0de5 1776 hci_dev_unlock(hdev);
2aeb9a1a
JH		 1777 return err;
1778}
1779
92da6097
JH		 1780static void set_class_complete(struct hci_dev *hdev, u8 status)
1781{
1782 BT_DBG("status 0x%02x", status);
1783
1784 mgmt_class_complete(hdev, MGMT_OP_SET_DEV_CLASS, status);
1785}
1786
bdb6d971 1787static int set_dev_class(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1788 u16 len)
1aff6f09 1789{
650f726d 1790 struct mgmt_cp_set_dev_class *cp = data;
90e70454 1791 struct pending_cmd *cmd;
890ea898 1792 struct hci_request req;
1aff6f09
JH		 1793 int err;
1794
bdb6d971 1795 BT_DBG("request for %s", hdev->name);
1aff6f09 1796
6203fc98 1797 if (!lmp_bredr_capable(hdev))
13ecd8b6
JH		 1798 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
1799 MGMT_STATUS_NOT_SUPPORTED);
1aff6f09 1800
0cab9c80 1801 hci_dev_lock(hdev);
ee98f473 1802
0cab9c80
JH		 1803 if (pending_eir_or_class(hdev)) {
1804 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
1805 MGMT_STATUS_BUSY);
1806 goto unlock;
1807 }
c95f0ba7 1808
0cab9c80
JH		 1809 if ((cp->minor & 0x03) != 0 || (cp->major & 0xe0) != 0) {
1810 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
1811 MGMT_STATUS_INVALID_PARAMS);
1812 goto unlock;
1813 }
575b3a02 1814
932f5ff5
JH		 1815 hdev->major_class = cp->major;
1816 hdev->minor_class = cp->minor;
1817
b5235a65 1818 if (!hdev_is_powered(hdev)) {
bdb6d971 1819 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
04124681 1820 hdev->dev_class, 3);
b5235a65
JH		 1821 goto unlock;
1822 }
1823
890ea898
JH		 1824 hci_req_init(&req, hdev);
1825
a8b2d5c2 1826 if (test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
7d78525d
JH		 1827 hci_dev_unlock(hdev);
1828 cancel_delayed_work_sync(&hdev->service_cache);
1829 hci_dev_lock(hdev);
890ea898 1830 update_eir(&req);
7d78525d 1831 }
14c0b608 1832
890ea898
JH		 1833 update_class(&req);
1834
92da6097
JH		 1835 err = hci_req_run(&req, set_class_complete);
1836 if (err < 0) {
1837 if (err != -ENODATA)
1838 goto unlock;
1aff6f09 1839
bdb6d971 1840 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
04124681 1841 hdev->dev_class, 3);
90e70454
JH		 1842 goto unlock;
1843 }
1844
1845 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DEV_CLASS, hdev, data, len);
890ea898 1846 if (!cmd) {
90e70454 1847 err = -ENOMEM;
890ea898
JH		 1848 goto unlock;
1849 }
1850
1851 err = 0;
1aff6f09 1852
b5235a65 1853unlock:
09fd0de5 1854 hci_dev_unlock(hdev);
1aff6f09
JH		 1855 return err;
1856}
1857
bdb6d971 1858static int load_link_keys(struct sock *sk, struct hci_dev *hdev, void *data,
8ce8e2b5 1859 u16 len)
55ed8ca1 1860{
650f726d 1861 struct mgmt_cp_load_link_keys *cp = data;
4e51eae9 1862 u16 key_count, expected_len;
a492cd52 1863 int i;
55ed8ca1 1864
9060d5cf
MH		 1865 BT_DBG("request for %s", hdev->name);
1866
1867 if (!lmp_bredr_capable(hdev))
1868 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
1869 MGMT_STATUS_NOT_SUPPORTED);
1870
1f350c87 1871 key_count = __le16_to_cpu(cp->key_count);
55ed8ca1 1872
86742e1e
JH		 1873 expected_len = sizeof(*cp) + key_count *
1874 sizeof(struct mgmt_link_key_info);
a492cd52 1875 if (expected_len != len) {
86742e1e 1876 BT_ERR("load_link_keys: expected %u bytes, got %u bytes",
8ce8e2b5 1877 len, expected_len);
bdb6d971 1878 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
04124681 1879 MGMT_STATUS_INVALID_PARAMS);
55ed8ca1
JH		 1880 }
1881
4ae14301
JH		 1882 if (cp->debug_keys != 0x00 && cp->debug_keys != 0x01)
1883 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
1884 MGMT_STATUS_INVALID_PARAMS);
1885
bdb6d971 1886 BT_DBG("%s debug_keys %u key_count %u", hdev->name, cp->debug_keys,
8ce8e2b5 1887 key_count);
55ed8ca1 1888
4ee71b20
JH		 1889 for (i = 0; i < key_count; i++) {
1890 struct mgmt_link_key_info *key = &cp->keys[i];
1891
1892 if (key->addr.type != BDADDR_BREDR)
1893 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
1894 MGMT_STATUS_INVALID_PARAMS);
1895 }
1896
09fd0de5 1897 hci_dev_lock(hdev);
55ed8ca1
JH		 1898
1899 hci_link_keys_clear(hdev);
1900
55ed8ca1 1901 if (cp->debug_keys)
a8b2d5c2 1902 set_bit(HCI_DEBUG_KEYS, &hdev->dev_flags);
55ed8ca1 1903 else
a8b2d5c2 1904 clear_bit(HCI_DEBUG_KEYS, &hdev->dev_flags);
55ed8ca1 1905
a492cd52 1906 for (i = 0; i < key_count; i++) {
86742e1e 1907 struct mgmt_link_key_info *key = &cp->keys[i];
55ed8ca1 1908
d753fdc4 1909 hci_add_link_key(hdev, NULL, 0, &key->addr.bdaddr, key->val,
04124681 1910 key->type, key->pin_len);
55ed8ca1
JH		 1911 }
1912
bdb6d971 1913 cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS, 0, NULL, 0);
0e5f875a 1914
09fd0de5 1915 hci_dev_unlock(hdev);
55ed8ca1 1916
a492cd52 1917 return 0;
55ed8ca1
JH		 1918}
1919
b1078ad0 1920static int device_unpaired(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 1921 u8 addr_type, struct sock *skip_sk)
b1078ad0
JH		 1922{
1923 struct mgmt_ev_device_unpaired ev;
1924
1925 bacpy(&ev.addr.bdaddr, bdaddr);
1926 ev.addr.type = addr_type;
1927
1928 return mgmt_event(MGMT_EV_DEVICE_UNPAIRED, hdev, &ev, sizeof(ev),
04124681 1929 skip_sk);
b1078ad0
JH		 1930}
1931
bdb6d971 1932static int unpair_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1933 u16 len)
55ed8ca1 1934{
124f6e35
JH		 1935 struct mgmt_cp_unpair_device *cp = data;
1936 struct mgmt_rp_unpair_device rp;
a8a1d19e
JH		 1937 struct hci_cp_disconnect dc;
1938 struct pending_cmd *cmd;
55ed8ca1 1939 struct hci_conn *conn;
55ed8ca1
JH		 1940 int err;
1941
a8a1d19e 1942 memset(&rp, 0, sizeof(rp));
124f6e35
JH		 1943 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
1944 rp.addr.type = cp->addr.type;
a8a1d19e 1945
4ee71b20
JH		 1946 if (!bdaddr_type_is_valid(cp->addr.type))
1947 return cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
1948 MGMT_STATUS_INVALID_PARAMS,
1949 &rp, sizeof(rp));
1950
118da70b
JH		 1951 if (cp->disconnect != 0x00 && cp->disconnect != 0x01)
1952 return cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
1953 MGMT_STATUS_INVALID_PARAMS,
1954 &rp, sizeof(rp));
1955
4ee71b20
JH		 1956 hci_dev_lock(hdev);
1957
86a8cfc6 1958 if (!hdev_is_powered(hdev)) {
bdb6d971 1959 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
04124681 1960 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
86a8cfc6
JH		 1961 goto unlock;
1962 }
1963
591f47f3 1964 if (cp->addr.type == BDADDR_BREDR)
124f6e35
JH		 1965 err = hci_remove_link_key(hdev, &cp->addr.bdaddr);
1966 else
1967 err = hci_remove_ltk(hdev, &cp->addr.bdaddr);
b0dbfb46 1968
55ed8ca1 1969 if (err < 0) {
bdb6d971 1970 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
04124681 1971 MGMT_STATUS_NOT_PAIRED, &rp, sizeof(rp));
55ed8ca1
JH		 1972 goto unlock;
1973 }
1974
86a8cfc6 1975 if (cp->disconnect) {
591f47f3 1976 if (cp->addr.type == BDADDR_BREDR)
86a8cfc6 1977 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
8ce8e2b5 1978 &cp->addr.bdaddr);
86a8cfc6
JH		 1979 else
1980 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK,
8ce8e2b5 1981 &cp->addr.bdaddr);
86a8cfc6
JH		 1982 } else {
1983 conn = NULL;
1984 }
124f6e35 1985
a8a1d19e 1986 if (!conn) {
bdb6d971 1987 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE, 0,
04124681 1988 &rp, sizeof(rp));
b1078ad0 1989 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, sk);
a8a1d19e
JH		 1990 goto unlock;
1991 }
55ed8ca1 1992
124f6e35 1993 cmd = mgmt_pending_add(sk, MGMT_OP_UNPAIR_DEVICE, hdev, cp,
04124681 1994 sizeof(*cp));
a8a1d19e
JH		 1995 if (!cmd) {
1996 err = -ENOMEM;
1997 goto unlock;
55ed8ca1
JH		 1998 }
1999
eb55ef07 2000 dc.handle = cpu_to_le16(conn->handle);
a8a1d19e
JH		 2001 dc.reason = 0x13; /* Remote User Terminated Connection */
2002 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
2003 if (err < 0)
2004 mgmt_pending_remove(cmd);
2005
55ed8ca1 2006unlock:
09fd0de5 2007 hci_dev_unlock(hdev);
55ed8ca1
JH		 2008 return err;
2009}
2010
bdb6d971 2011static int disconnect(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2012 u16 len)
8962ee74 2013{
650f726d 2014 struct mgmt_cp_disconnect *cp = data;
06a63b19 2015 struct mgmt_rp_disconnect rp;
8962ee74 2016 struct hci_cp_disconnect dc;
366a0336 2017 struct pending_cmd *cmd;
8962ee74 2018 struct hci_conn *conn;
8962ee74
JH		 2019 int err;
2020
2021 BT_DBG("");
2022
06a63b19
JH		 2023 memset(&rp, 0, sizeof(rp));
2024 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2025 rp.addr.type = cp->addr.type;
2026
4ee71b20 2027 if (!bdaddr_type_is_valid(cp->addr.type))
06a63b19
JH		 2028 return cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2029 MGMT_STATUS_INVALID_PARAMS,
2030 &rp, sizeof(rp));
4ee71b20 2031
09fd0de5 2032 hci_dev_lock(hdev);
8962ee74
JH		 2033
2034 if (!test_bit(HCI_UP, &hdev->flags)) {
06a63b19
JH		 2035 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2036 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
8962ee74
JH		 2037 goto failed;
2038 }
2039
2e58ef3e 2040 if (mgmt_pending_find(MGMT_OP_DISCONNECT, hdev)) {
06a63b19
JH		 2041 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2042 MGMT_STATUS_BUSY, &rp, sizeof(rp));
8962ee74
JH		 2043 goto failed;
2044 }
2045
591f47f3 2046 if (cp->addr.type == BDADDR_BREDR)
8fc9ced3
GP		 2047 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
2048 &cp->addr.bdaddr);
88c3df13
JH		 2049 else
2050 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
365227e5 2051
f960727e 2052 if (!conn || conn->state == BT_OPEN || conn->state == BT_CLOSED) {
06a63b19
JH		 2053 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2054 MGMT_STATUS_NOT_CONNECTED, &rp, sizeof(rp));
8962ee74
JH		 2055 goto failed;
2056 }
2057
2e58ef3e 2058 cmd = mgmt_pending_add(sk, MGMT_OP_DISCONNECT, hdev, data, len);
366a0336
JH		 2059 if (!cmd) {
2060 err = -ENOMEM;
8962ee74 2061 goto failed;
366a0336 2062 }
8962ee74 2063
eb55ef07 2064 dc.handle = cpu_to_le16(conn->handle);
3701f944 2065 dc.reason = HCI_ERROR_REMOTE_USER_TERM;
8962ee74
JH		 2066
2067 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
2068 if (err < 0)
a664b5bc 2069 mgmt_pending_remove(cmd);
8962ee74
JH		 2070
2071failed:
09fd0de5 2072 hci_dev_unlock(hdev);
8962ee74
JH		 2073 return err;
2074}
2075
57c1477c 2076static u8 link_to_bdaddr(u8 link_type, u8 addr_type)
4c659c39
JH		 2077{
2078 switch (link_type) {
2079 case LE_LINK:
48264f06
JH		 2080 switch (addr_type) {
2081 case ADDR_LE_DEV_PUBLIC:
591f47f3 2082 return BDADDR_LE_PUBLIC;
0ed09148 2083
48264f06 2084 default:
0ed09148 2085 /* Fallback to LE Random address type */
591f47f3 2086 return BDADDR_LE_RANDOM;
48264f06 2087 }
0ed09148 2088
4c659c39 2089 default:
0ed09148 2090 /* Fallback to BR/EDR type */
591f47f3 2091 return BDADDR_BREDR;
4c659c39
JH		 2092 }
2093}
2094
04124681
GP		 2095static int get_connections(struct sock *sk, struct hci_dev *hdev, void *data,
2096 u16 data_len)
2784eb41 2097{
2784eb41 2098 struct mgmt_rp_get_connections *rp;
8035ded4 2099 struct hci_conn *c;
a38528f1 2100 size_t rp_len;
60fc5fb6
JH		 2101 int err;
2102 u16 i;
2784eb41
JH		 2103
2104 BT_DBG("");
2105
09fd0de5 2106 hci_dev_lock(hdev);
2784eb41 2107
5f97c1df 2108 if (!hdev_is_powered(hdev)) {
bdb6d971 2109 err = cmd_status(sk, hdev->id, MGMT_OP_GET_CONNECTIONS,
04124681 2110 MGMT_STATUS_NOT_POWERED);
5f97c1df
JH		 2111 goto unlock;
2112 }
2113
60fc5fb6 2114 i = 0;
b644ba33
JH		 2115 list_for_each_entry(c, &hdev->conn_hash.list, list) {
2116 if (test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
60fc5fb6 2117 i++;
2784eb41
JH		 2118 }
2119
60fc5fb6 2120 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
92c4c204 2121 rp = kmalloc(rp_len, GFP_KERNEL);
a38528f1 2122 if (!rp) {
2784eb41
JH		 2123 err = -ENOMEM;
2124 goto unlock;
2125 }
2126
2784eb41 2127 i = 0;
4c659c39 2128 list_for_each_entry(c, &hdev->conn_hash.list, list) {
b644ba33
JH		 2129 if (!test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
2130 continue;
4c659c39 2131 bacpy(&rp->addr[i].bdaddr, &c->dst);
57c1477c 2132 rp->addr[i].type = link_to_bdaddr(c->type, c->dst_type);
0ed09148 2133 if (c->type == SCO_LINK || c->type == ESCO_LINK)
4c659c39
JH		 2134 continue;
2135 i++;
2136 }
2137
eb55ef07 2138 rp->conn_count = cpu_to_le16(i);
60fc5fb6 2139
4c659c39
JH		 2140 /* Recalculate length in case of filtered SCO connections, etc */
2141 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
2784eb41 2142
bdb6d971 2143 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CONNECTIONS, 0, rp,
04124681 2144 rp_len);
2784eb41 2145
a38528f1 2146 kfree(rp);
5f97c1df
JH		 2147
2148unlock:
09fd0de5 2149 hci_dev_unlock(hdev);
2784eb41
JH		 2150 return err;
2151}
2152
bdb6d971 2153static int send_pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 2154 struct mgmt_cp_pin_code_neg_reply *cp)
96d97a67
WR		 2155{
2156 struct pending_cmd *cmd;
2157 int err;
2158
2e58ef3e 2159 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_NEG_REPLY, hdev, cp,
04124681 2160 sizeof(*cp));
96d97a67
WR		 2161 if (!cmd)
2162 return -ENOMEM;
2163
d8457698 2164 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
04124681 2165 sizeof(cp->addr.bdaddr), &cp->addr.bdaddr);
96d97a67
WR		 2166 if (err < 0)
2167 mgmt_pending_remove(cmd);
2168
2169 return err;
2170}
2171
bdb6d971 2172static int pin_code_reply(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2173 u16 len)
980e1a53 2174{
96d97a67 2175 struct hci_conn *conn;
650f726d 2176 struct mgmt_cp_pin_code_reply *cp = data;
980e1a53 2177 struct hci_cp_pin_code_reply reply;
366a0336 2178 struct pending_cmd *cmd;
980e1a53
JH		 2179 int err;
2180
2181 BT_DBG("");
2182
09fd0de5 2183 hci_dev_lock(hdev);
980e1a53 2184
4b34ee78 2185 if (!hdev_is_powered(hdev)) {
bdb6d971 2186 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
04124681 2187 MGMT_STATUS_NOT_POWERED);
980e1a53
JH		 2188 goto failed;
2189 }
2190
d8457698 2191 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->addr.bdaddr);
96d97a67 2192 if (!conn) {
bdb6d971 2193 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
04124681 2194 MGMT_STATUS_NOT_CONNECTED);
96d97a67
WR		 2195 goto failed;
2196 }
2197
2198 if (conn->pending_sec_level == BT_SECURITY_HIGH && cp->pin_len != 16) {
d8457698
JH		 2199 struct mgmt_cp_pin_code_neg_reply ncp;
2200
2201 memcpy(&ncp.addr, &cp->addr, sizeof(ncp.addr));
96d97a67
WR		 2202
2203 BT_ERR("PIN code is not 16 bytes long");
2204
bdb6d971 2205 err = send_pin_code_neg_reply(sk, hdev, &ncp);
96d97a67 2206 if (err >= 0)
bdb6d971 2207 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
04124681 2208 MGMT_STATUS_INVALID_PARAMS);
96d97a67
WR		 2209
2210 goto failed;
2211 }
2212
00abfe44 2213 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_REPLY, hdev, data, len);
366a0336
JH		 2214 if (!cmd) {
2215 err = -ENOMEM;
980e1a53 2216 goto failed;
366a0336 2217 }
980e1a53 2218
d8457698 2219 bacpy(&reply.bdaddr, &cp->addr.bdaddr);
980e1a53 2220 reply.pin_len = cp->pin_len;
24718ca5 2221 memcpy(reply.pin_code, cp->pin_code, sizeof(reply.pin_code));
980e1a53
JH		 2222
2223 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_REPLY, sizeof(reply), &reply);
2224 if (err < 0)
a664b5bc 2225 mgmt_pending_remove(cmd);
980e1a53
JH		 2226
2227failed:
09fd0de5 2228 hci_dev_unlock(hdev);
980e1a53
JH		 2229 return err;
2230}
2231
04124681
GP		 2232static int set_io_capability(struct sock *sk, struct hci_dev *hdev, void *data,
2233 u16 len)
17fa4b9d 2234{
650f726d 2235 struct mgmt_cp_set_io_capability *cp = data;
17fa4b9d
JH		 2236
2237 BT_DBG("");
2238
09fd0de5 2239 hci_dev_lock(hdev);
17fa4b9d
JH		 2240
2241 hdev->io_capability = cp->io_capability;
2242
2243 BT_DBG("%s IO capability set to 0x%02x", hdev->name,
8ce8e2b5 2244 hdev->io_capability);
17fa4b9d 2245
09fd0de5 2246 hci_dev_unlock(hdev);
17fa4b9d 2247
04124681
GP		 2248 return cmd_complete(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY, 0, NULL,
2249 0);
17fa4b9d
JH		 2250}
2251
6039aa73 2252static struct pending_cmd *find_pairing(struct hci_conn *conn)
e9a416b5
JH		 2253{
2254 struct hci_dev *hdev = conn->hdev;
8035ded4 2255 struct pending_cmd *cmd;
e9a416b5 2256
2e58ef3e 2257 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
e9a416b5
JH		 2258 if (cmd->opcode != MGMT_OP_PAIR_DEVICE)
2259 continue;
2260
e9a416b5
JH		 2261 if (cmd->user_data != conn)
2262 continue;
2263
2264 return cmd;
2265 }
2266
2267 return NULL;
2268}
2269
2270static void pairing_complete(struct pending_cmd *cmd, u8 status)
2271{
2272 struct mgmt_rp_pair_device rp;
2273 struct hci_conn *conn = cmd->user_data;
2274
ba4e564f 2275 bacpy(&rp.addr.bdaddr, &conn->dst);
57c1477c 2276 rp.addr.type = link_to_bdaddr(conn->type, conn->dst_type);
e9a416b5 2277
aee9b218 2278 cmd_complete(cmd->sk, cmd->index, MGMT_OP_PAIR_DEVICE, status,
04124681 2279 &rp, sizeof(rp));
e9a416b5
JH		 2280
2281 /* So we don't get further callbacks for this connection */
2282 conn->connect_cfm_cb = NULL;
2283 conn->security_cfm_cb = NULL;
2284 conn->disconn_cfm_cb = NULL;
2285
76a68ba0 2286 hci_conn_drop(conn);
e9a416b5 2287
a664b5bc 2288 mgmt_pending_remove(cmd);
e9a416b5
JH		 2289}
2290
2291static void pairing_complete_cb(struct hci_conn *conn, u8 status)
2292{
2293 struct pending_cmd *cmd;
2294
2295 BT_DBG("status %u", status);
2296
2297 cmd = find_pairing(conn);
56e5cb86 2298 if (!cmd)
e9a416b5 2299 BT_DBG("Unable to find a pending command");
56e5cb86 2300 else
e211326c 2301 pairing_complete(cmd, mgmt_status(status));
e9a416b5
JH		 2302}
2303
4c47d739
VA		 2304static void le_connect_complete_cb(struct hci_conn *conn, u8 status)
2305{
2306 struct pending_cmd *cmd;
2307
2308 BT_DBG("status %u", status);
2309
2310 if (!status)
2311 return;
2312
2313 cmd = find_pairing(conn);
2314 if (!cmd)
2315 BT_DBG("Unable to find a pending command");
2316 else
2317 pairing_complete(cmd, mgmt_status(status));
2318}
2319
bdb6d971 2320static int pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2321 u16 len)
e9a416b5 2322{
650f726d 2323 struct mgmt_cp_pair_device *cp = data;
1425acb7 2324 struct mgmt_rp_pair_device rp;
e9a416b5
JH		 2325 struct pending_cmd *cmd;
2326 u8 sec_level, auth_type;
2327 struct hci_conn *conn;
e9a416b5
JH		 2328 int err;
2329
2330 BT_DBG("");
2331
f950a30e
SJ		 2332 memset(&rp, 0, sizeof(rp));
2333 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2334 rp.addr.type = cp->addr.type;
2335
4ee71b20
JH		 2336 if (!bdaddr_type_is_valid(cp->addr.type))
2337 return cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2338 MGMT_STATUS_INVALID_PARAMS,
2339 &rp, sizeof(rp));
2340
09fd0de5 2341 hci_dev_lock(hdev);
e9a416b5 2342
5f97c1df 2343 if (!hdev_is_powered(hdev)) {
f950a30e
SJ		 2344 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2345 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
5f97c1df
JH		 2346 goto unlock;
2347 }
2348
c908df36
VCG		 2349 sec_level = BT_SECURITY_MEDIUM;
2350 if (cp->io_cap == 0x03)
e9a416b5 2351 auth_type = HCI_AT_DEDICATED_BONDING;
c908df36 2352 else
e9a416b5 2353 auth_type = HCI_AT_DEDICATED_BONDING_MITM;
e9a416b5 2354
591f47f3 2355 if (cp->addr.type == BDADDR_BREDR)
b12f62cf
AG		 2356 conn = hci_connect(hdev, ACL_LINK, &cp->addr.bdaddr,
2357 cp->addr.type, sec_level, auth_type);
7a512d01 2358 else
b12f62cf
AG		 2359 conn = hci_connect(hdev, LE_LINK, &cp->addr.bdaddr,
2360 cp->addr.type, sec_level, auth_type);
7a512d01 2361
30e76272 2362 if (IS_ERR(conn)) {
489dc48e
AK		 2363 int status;
2364
2365 if (PTR_ERR(conn) == -EBUSY)
2366 status = MGMT_STATUS_BUSY;
2367 else
2368 status = MGMT_STATUS_CONNECT_FAILED;
2369
bdb6d971 2370 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
489dc48e 2371 status, &rp,
04124681 2372 sizeof(rp));
e9a416b5
JH		 2373 goto unlock;
2374 }
2375
2376 if (conn->connect_cfm_cb) {
76a68ba0 2377 hci_conn_drop(conn);
bdb6d971 2378 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
04124681 2379 MGMT_STATUS_BUSY, &rp, sizeof(rp));
e9a416b5
JH		 2380 goto unlock;
2381 }
2382
2e58ef3e 2383 cmd = mgmt_pending_add(sk, MGMT_OP_PAIR_DEVICE, hdev, data, len);
e9a416b5
JH		 2384 if (!cmd) {
2385 err = -ENOMEM;
76a68ba0 2386 hci_conn_drop(conn);
e9a416b5
JH		 2387 goto unlock;
2388 }
2389
7a512d01 2390 /* For LE, just connecting isn't a proof that the pairing finished */
591f47f3 2391 if (cp->addr.type == BDADDR_BREDR)
7a512d01 2392 conn->connect_cfm_cb = pairing_complete_cb;
4c47d739
VA		 2393 else
2394 conn->connect_cfm_cb = le_connect_complete_cb;
7a512d01 2395
e9a416b5
JH		 2396 conn->security_cfm_cb = pairing_complete_cb;
2397 conn->disconn_cfm_cb = pairing_complete_cb;
2398 conn->io_capability = cp->io_cap;
2399 cmd->user_data = conn;
2400
2401 if (conn->state == BT_CONNECTED &&
8ce8e2b5 2402 hci_conn_security(conn, sec_level, auth_type))
e9a416b5
JH		 2403 pairing_complete(cmd, 0);
2404
2405 err = 0;
2406
2407unlock:
09fd0de5 2408 hci_dev_unlock(hdev);
e9a416b5
JH		 2409 return err;
2410}
2411
04124681
GP		 2412static int cancel_pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
2413 u16 len)
28424707 2414{
0f4e68cf 2415 struct mgmt_addr_info *addr = data;
28424707
JH		 2416 struct pending_cmd *cmd;
2417 struct hci_conn *conn;
2418 int err;
2419
2420 BT_DBG("");
2421
28424707
JH		 2422 hci_dev_lock(hdev);
2423
5f97c1df 2424 if (!hdev_is_powered(hdev)) {
bdb6d971 2425 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
04124681 2426 MGMT_STATUS_NOT_POWERED);
5f97c1df
JH		 2427 goto unlock;
2428 }
2429
28424707
JH		 2430 cmd = mgmt_pending_find(MGMT_OP_PAIR_DEVICE, hdev);
2431 if (!cmd) {
bdb6d971 2432 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
04124681 2433 MGMT_STATUS_INVALID_PARAMS);
28424707
JH		 2434 goto unlock;
2435 }
2436
2437 conn = cmd->user_data;
2438
2439 if (bacmp(&addr->bdaddr, &conn->dst) != 0) {
bdb6d971 2440 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
04124681 2441 MGMT_STATUS_INVALID_PARAMS);
28424707
JH		 2442 goto unlock;
2443 }
2444
2445 pairing_complete(cmd, MGMT_STATUS_CANCELLED);
2446
bdb6d971 2447 err = cmd_complete(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE, 0,
04124681 2448 addr, sizeof(*addr));
28424707
JH		 2449unlock:
2450 hci_dev_unlock(hdev);
28424707
JH		 2451 return err;
2452}
2453
bdb6d971 2454static int user_pairing_resp(struct sock *sk, struct hci_dev *hdev,
1707c60e 2455 struct mgmt_addr_info *addr, u16 mgmt_op,
04124681 2456 u16 hci_op, __le32 passkey)
a5c29683 2457{
a5c29683 2458 struct pending_cmd *cmd;
0df4c185 2459 struct hci_conn *conn;
a5c29683
JH		 2460 int err;
2461
09fd0de5 2462 hci_dev_lock(hdev);
08ba5382 2463
4b34ee78 2464 if (!hdev_is_powered(hdev)) {
feb94d3d
JH		 2465 err = cmd_complete(sk, hdev->id, mgmt_op,
2466 MGMT_STATUS_NOT_POWERED, addr,
2467 sizeof(*addr));
0df4c185 2468 goto done;
a5c29683
JH		 2469 }
2470
1707c60e
JH		 2471 if (addr->type == BDADDR_BREDR)
2472 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &addr->bdaddr);
272d90df 2473 else
1707c60e 2474 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &addr->bdaddr);
272d90df
JH		 2475
2476 if (!conn) {
feb94d3d
JH		 2477 err = cmd_complete(sk, hdev->id, mgmt_op,
2478 MGMT_STATUS_NOT_CONNECTED, addr,
2479 sizeof(*addr));
272d90df
JH		 2480 goto done;
2481 }
47c15e2b 2482
1707c60e 2483 if (addr->type == BDADDR_LE_PUBLIC || addr->type == BDADDR_LE_RANDOM) {
47c15e2b 2484 /* Continue with pairing via SMP */
5fe57d9e
BG		 2485 err = smp_user_confirm_reply(conn, mgmt_op, passkey);
2486
2487 if (!err)
feb94d3d
JH		 2488 err = cmd_complete(sk, hdev->id, mgmt_op,
2489 MGMT_STATUS_SUCCESS, addr,
2490 sizeof(*addr));
5fe57d9e 2491 else
feb94d3d
JH		 2492 err = cmd_complete(sk, hdev->id, mgmt_op,
2493 MGMT_STATUS_FAILED, addr,
2494 sizeof(*addr));
47c15e2b 2495
47c15e2b
BG		 2496 goto done;
2497 }
2498
1707c60e 2499 cmd = mgmt_pending_add(sk, mgmt_op, hdev, addr, sizeof(*addr));
a5c29683
JH		 2500 if (!cmd) {
2501 err = -ENOMEM;
0df4c185 2502 goto done;
a5c29683
JH		 2503 }
2504
0df4c185 2505 /* Continue with pairing via HCI */
604086b7
BG		 2506 if (hci_op == HCI_OP_USER_PASSKEY_REPLY) {
2507 struct hci_cp_user_passkey_reply cp;
2508
1707c60e 2509 bacpy(&cp.bdaddr, &addr->bdaddr);
604086b7
BG		 2510 cp.passkey = passkey;
2511 err = hci_send_cmd(hdev, hci_op, sizeof(cp), &cp);
2512 } else
1707c60e
JH		 2513 err = hci_send_cmd(hdev, hci_op, sizeof(addr->bdaddr),
2514 &addr->bdaddr);
604086b7 2515
a664b5bc
JH		 2516 if (err < 0)
2517 mgmt_pending_remove(cmd);
a5c29683 2518
0df4c185 2519done:
09fd0de5 2520 hci_dev_unlock(hdev);
a5c29683
JH		 2521 return err;
2522}
2523
afeb019d
JK		 2524static int pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
2525 void *data, u16 len)
2526{
2527 struct mgmt_cp_pin_code_neg_reply *cp = data;
2528
2529 BT_DBG("");
2530
1707c60e 2531 return user_pairing_resp(sk, hdev, &cp->addr,
afeb019d
JK		 2532 MGMT_OP_PIN_CODE_NEG_REPLY,
2533 HCI_OP_PIN_CODE_NEG_REPLY, 0);
2534}
2535
04124681
GP		 2536static int user_confirm_reply(struct sock *sk, struct hci_dev *hdev, void *data,
2537 u16 len)
0df4c185 2538{
650f726d 2539 struct mgmt_cp_user_confirm_reply *cp = data;
0df4c185
BG		 2540
2541 BT_DBG("");
2542
2543 if (len != sizeof(*cp))
bdb6d971 2544 return cmd_status(sk, hdev->id, MGMT_OP_USER_CONFIRM_REPLY,
04124681 2545 MGMT_STATUS_INVALID_PARAMS);
0df4c185 2546
1707c60e 2547 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 2548 MGMT_OP_USER_CONFIRM_REPLY,
2549 HCI_OP_USER_CONFIRM_REPLY, 0);
0df4c185
BG		 2550}
2551
bdb6d971 2552static int user_confirm_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 2553 void *data, u16 len)
0df4c185 2554{
c9c2659f 2555 struct mgmt_cp_user_confirm_neg_reply *cp = data;
0df4c185
BG		 2556
2557 BT_DBG("");
2558
1707c60e 2559 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 2560 MGMT_OP_USER_CONFIRM_NEG_REPLY,
2561 HCI_OP_USER_CONFIRM_NEG_REPLY, 0);
0df4c185
BG		 2562}
2563
04124681
GP		 2564static int user_passkey_reply(struct sock *sk, struct hci_dev *hdev, void *data,
2565 u16 len)
604086b7 2566{
650f726d 2567 struct mgmt_cp_user_passkey_reply *cp = data;
604086b7
BG		 2568
2569 BT_DBG("");
2570
1707c60e 2571 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 2572 MGMT_OP_USER_PASSKEY_REPLY,
2573 HCI_OP_USER_PASSKEY_REPLY, cp->passkey);
604086b7
BG		 2574}
2575
bdb6d971 2576static int user_passkey_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 2577 void *data, u16 len)
604086b7 2578{
650f726d 2579 struct mgmt_cp_user_passkey_neg_reply *cp = data;
604086b7
BG		 2580
2581 BT_DBG("");
2582
1707c60e 2583 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 2584 MGMT_OP_USER_PASSKEY_NEG_REPLY,
2585 HCI_OP_USER_PASSKEY_NEG_REPLY, 0);
604086b7
BG		 2586}
2587
13928971 2588static void update_name(struct hci_request *req)
2b4bf397 2589{
13928971 2590 struct hci_dev *hdev = req->hdev;
2b4bf397
JH		 2591 struct hci_cp_write_local_name cp;
2592
13928971 2593 memcpy(cp.name, hdev->dev_name, sizeof(cp.name));
2b4bf397 2594
890ea898 2595 hci_req_add(req, HCI_OP_WRITE_LOCAL_NAME, sizeof(cp), &cp);
2b4bf397
JH		 2596}
2597
13928971
JH		 2598static void set_name_complete(struct hci_dev *hdev, u8 status)
2599{
2600 struct mgmt_cp_set_local_name *cp;
2601 struct pending_cmd *cmd;
2602
2603 BT_DBG("status 0x%02x", status);
2604
2605 hci_dev_lock(hdev);
2606
2607 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
2608 if (!cmd)
2609 goto unlock;
2610
2611 cp = cmd->param;
2612
2613 if (status)
2614 cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME,
2615 mgmt_status(status));
2616 else
2617 cmd_complete(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
2618 cp, sizeof(*cp));
2619
2620 mgmt_pending_remove(cmd);
2621
2622unlock:
2623 hci_dev_unlock(hdev);
2624}
2625
bdb6d971 2626static int set_local_name(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2627 u16 len)
b312b161 2628{
2b4bf397 2629 struct mgmt_cp_set_local_name *cp = data;
b312b161 2630 struct pending_cmd *cmd;
890ea898 2631 struct hci_request req;
b312b161
JH		 2632 int err;
2633
2634 BT_DBG("");
2635
09fd0de5 2636 hci_dev_lock(hdev);
b312b161 2637
b3f2ca94
JH		 2638 /* If the old values are the same as the new ones just return a
2639 * direct command complete event.
2640 */
2641 if (!memcmp(hdev->dev_name, cp->name, sizeof(hdev->dev_name)) &&
2642 !memcmp(hdev->short_name, cp->short_name,
2643 sizeof(hdev->short_name))) {
2644 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
2645 data, len);
2646 goto failed;
2647 }
2648
2b4bf397 2649 memcpy(hdev->short_name, cp->short_name, sizeof(hdev->short_name));
28cc7bde 2650
b5235a65 2651 if (!hdev_is_powered(hdev)) {
2b4bf397 2652 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
28cc7bde
JH		 2653
2654 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
04124681 2655 data, len);
28cc7bde
JH		 2656 if (err < 0)
2657 goto failed;
2658
2659 err = mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, data, len,
04124681 2660 sk);
28cc7bde 2661
b5235a65
JH		 2662 goto failed;
2663 }
2664
28cc7bde 2665 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LOCAL_NAME, hdev, data, len);
b312b161
JH		 2666 if (!cmd) {
2667 err = -ENOMEM;
2668 goto failed;
2669 }
2670
13928971
JH		 2671 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
2672
890ea898 2673 hci_req_init(&req, hdev);
3f985050
JH		 2674
2675 if (lmp_bredr_capable(hdev)) {
2676 update_name(&req);
2677 update_eir(&req);
2678 }
2679
2680 if (lmp_le_capable(hdev))
2681 hci_update_ad(&req);
2682
13928971 2683 err = hci_req_run(&req, set_name_complete);
b312b161
JH		 2684 if (err < 0)
2685 mgmt_pending_remove(cmd);
2686
2687failed:
09fd0de5 2688 hci_dev_unlock(hdev);
b312b161
JH		 2689 return err;
2690}
2691
0f4e68cf 2692static int read_local_oob_data(struct sock *sk, struct hci_dev *hdev,
04124681 2693 void *data, u16 data_len)
c35938b2 2694{
c35938b2
SJ		 2695 struct pending_cmd *cmd;
2696 int err;
2697
bdb6d971 2698 BT_DBG("%s", hdev->name);
c35938b2 2699
09fd0de5 2700 hci_dev_lock(hdev);
c35938b2 2701
4b34ee78 2702 if (!hdev_is_powered(hdev)) {
bdb6d971 2703 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
04124681 2704 MGMT_STATUS_NOT_POWERED);
c35938b2
SJ		 2705 goto unlock;
2706 }
2707
9a1a1996 2708 if (!lmp_ssp_capable(hdev)) {
bdb6d971 2709 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
04124681 2710 MGMT_STATUS_NOT_SUPPORTED);
c35938b2
SJ		 2711 goto unlock;
2712 }
2713
2e58ef3e 2714 if (mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev)) {
bdb6d971 2715 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
04124681 2716 MGMT_STATUS_BUSY);
c35938b2
SJ		 2717 goto unlock;
2718 }
2719
2e58ef3e 2720 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_DATA, hdev, NULL, 0);
c35938b2
SJ		 2721 if (!cmd) {
2722 err = -ENOMEM;
2723 goto unlock;
2724 }
2725
2726 err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL);
2727 if (err < 0)
2728 mgmt_pending_remove(cmd);
2729
2730unlock:
09fd0de5 2731 hci_dev_unlock(hdev);
c35938b2
SJ		 2732 return err;
2733}
2734
bdb6d971 2735static int add_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
04124681 2736 void *data, u16 len)
2763eda6 2737{
650f726d 2738 struct mgmt_cp_add_remote_oob_data *cp = data;
bf1e3541 2739 u8 status;
2763eda6
SJ		 2740 int err;
2741
bdb6d971 2742 BT_DBG("%s ", hdev->name);
2763eda6 2743
09fd0de5 2744 hci_dev_lock(hdev);
2763eda6 2745
664ce4cc 2746 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr, cp->hash,
04124681 2747 cp->randomizer);
2763eda6 2748 if (err < 0)
bf1e3541 2749 status = MGMT_STATUS_FAILED;
2763eda6 2750 else
a6785be2 2751 status = MGMT_STATUS_SUCCESS;
bf1e3541 2752
bdb6d971 2753 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA, status,
04124681 2754 &cp->addr, sizeof(cp->addr));
2763eda6 2755
09fd0de5 2756 hci_dev_unlock(hdev);
2763eda6
SJ		 2757 return err;
2758}
2759
bdb6d971 2760static int remove_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
8ce8e2b5 2761 void *data, u16 len)
2763eda6 2762{
650f726d 2763 struct mgmt_cp_remove_remote_oob_data *cp = data;
bf1e3541 2764 u8 status;
2763eda6
SJ		 2765 int err;
2766
bdb6d971 2767 BT_DBG("%s", hdev->name);
2763eda6 2768
09fd0de5 2769 hci_dev_lock(hdev);
2763eda6 2770
664ce4cc 2771 err = hci_remove_remote_oob_data(hdev, &cp->addr.bdaddr);
2763eda6 2772 if (err < 0)
bf1e3541 2773 status = MGMT_STATUS_INVALID_PARAMS;
2763eda6 2774 else
a6785be2 2775 status = MGMT_STATUS_SUCCESS;
bf1e3541 2776
bdb6d971 2777 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
04124681 2778 status, &cp->addr, sizeof(cp->addr));
2763eda6 2779
09fd0de5 2780 hci_dev_unlock(hdev);
2763eda6
SJ		 2781 return err;
2782}
2783
41dc2bd6
AG		 2784static int mgmt_start_discovery_failed(struct hci_dev *hdev, u8 status)
2785{
2786 struct pending_cmd *cmd;
2787 u8 type;
2788 int err;
2789
2790 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
2791
2792 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
2793 if (!cmd)
2794 return -ENOENT;
2795
2796 type = hdev->discovery.type;
2797
2798 err = cmd_complete(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status),
2799 &type, sizeof(type));
2800 mgmt_pending_remove(cmd);
2801
2802 return err;
2803}
2804
7c307720
AG		 2805static void start_discovery_complete(struct hci_dev *hdev, u8 status)
2806{
2807 BT_DBG("status %d", status);
2808
2809 if (status) {
2810 hci_dev_lock(hdev);
2811 mgmt_start_discovery_failed(hdev, status);
2812 hci_dev_unlock(hdev);
2813 return;
2814 }
2815
2816 hci_dev_lock(hdev);
2817 hci_discovery_set_state(hdev, DISCOVERY_FINDING);
2818 hci_dev_unlock(hdev);
2819
2820 switch (hdev->discovery.type) {
2821 case DISCOV_TYPE_LE:
2822 queue_delayed_work(hdev->workqueue, &hdev->le_scan_disable,
0d8cc935 2823 DISCOV_LE_TIMEOUT);
7c307720
AG		 2824 break;
2825
2826 case DISCOV_TYPE_INTERLEAVED:
2827 queue_delayed_work(hdev->workqueue, &hdev->le_scan_disable,
0d8cc935 2828 DISCOV_INTERLEAVED_TIMEOUT);
7c307720
AG		 2829 break;
2830
2831 case DISCOV_TYPE_BREDR:
2832 break;
2833
2834 default:
2835 BT_ERR("Invalid discovery type %d", hdev->discovery.type);
2836 }
2837}
2838
bdb6d971 2839static int start_discovery(struct sock *sk, struct hci_dev *hdev,
04124681 2840 void *data, u16 len)
14a53664 2841{
650f726d 2842 struct mgmt_cp_start_discovery *cp = data;
14a53664 2843 struct pending_cmd *cmd;
7c307720
AG		 2844 struct hci_cp_le_set_scan_param param_cp;
2845 struct hci_cp_le_set_scan_enable enable_cp;
2846 struct hci_cp_inquiry inq_cp;
2847 struct hci_request req;
2848 /* General inquiry access code (GIAC) */
2849 u8 lap[3] = { 0x33, 0x8b, 0x9e };
e6fe7986 2850 u8 status;
14a53664
JH		 2851 int err;
2852
bdb6d971 2853 BT_DBG("%s", hdev->name);
14a53664 2854
09fd0de5 2855 hci_dev_lock(hdev);
14a53664 2856
4b34ee78 2857 if (!hdev_is_powered(hdev)) {
bdb6d971 2858 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
04124681 2859 MGMT_STATUS_NOT_POWERED);
bd2d1334
JH		 2860 goto failed;
2861 }
2862
642be6c7
AG		 2863 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags)) {
2864 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2865 MGMT_STATUS_BUSY);
2866 goto failed;
2867 }
2868
ff9ef578 2869 if (hdev->discovery.state != DISCOVERY_STOPPED) {
bdb6d971 2870 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
04124681 2871 MGMT_STATUS_BUSY);
ff9ef578
JH		 2872 goto failed;
2873 }
2874
2e58ef3e 2875 cmd = mgmt_pending_add(sk, MGMT_OP_START_DISCOVERY, hdev, NULL, 0);
14a53664
JH		 2876 if (!cmd) {
2877 err = -ENOMEM;
2878 goto failed;
2879 }
2880
4aab14e5
AG		 2881 hdev->discovery.type = cp->type;
2882
7c307720
AG		 2883 hci_req_init(&req, hdev);
2884
4aab14e5 2885 switch (hdev->discovery.type) {
f39799f5 2886 case DISCOV_TYPE_BREDR:
e6fe7986
JH		 2887 status = mgmt_bredr_support(hdev);
2888 if (status) {
04106755 2889 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
e6fe7986 2890 status);
04106755
JH		 2891 mgmt_pending_remove(cmd);
2892 goto failed;
2893 }
2894
7c307720
AG		 2895 if (test_bit(HCI_INQUIRY, &hdev->flags)) {
2896 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2897 MGMT_STATUS_BUSY);
2898 mgmt_pending_remove(cmd);
2899 goto failed;
2900 }
2901
2902 hci_inquiry_cache_flush(hdev);
2903
2904 memset(&inq_cp, 0, sizeof(inq_cp));
2905 memcpy(&inq_cp.lap, lap, sizeof(inq_cp.lap));
0d8cc935 2906 inq_cp.length = DISCOV_BREDR_INQUIRY_LEN;
7c307720 2907 hci_req_add(&req, HCI_OP_INQUIRY, sizeof(inq_cp), &inq_cp);
f39799f5
AG		 2908 break;
2909
2910 case DISCOV_TYPE_LE:
7c307720 2911 case DISCOV_TYPE_INTERLEAVED:
e6fe7986
JH		 2912 status = mgmt_le_support(hdev);
2913 if (status) {
04106755 2914 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
e6fe7986 2915 status);
04106755
JH		 2916 mgmt_pending_remove(cmd);
2917 goto failed;
2918 }
2919
7c307720 2920 if (hdev->discovery.type == DISCOV_TYPE_INTERLEAVED &&
56f87901 2921 !test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
04106755
JH		 2922 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2923 MGMT_STATUS_NOT_SUPPORTED);
2924 mgmt_pending_remove(cmd);
2925 goto failed;
2926 }
2927
f3d3444a 2928 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags)) {
7c307720
AG		 2929 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2930 MGMT_STATUS_REJECTED);
2931 mgmt_pending_remove(cmd);
2932 goto failed;
2933 }
2934
2935 if (test_bit(HCI_LE_SCAN, &hdev->dev_flags)) {
2936 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2937 MGMT_STATUS_BUSY);
2938 mgmt_pending_remove(cmd);
2939 goto failed;
2940 }
2941
2942 memset(&param_cp, 0, sizeof(param_cp));
2943 param_cp.type = LE_SCAN_ACTIVE;
0d8cc935
AG		 2944 param_cp.interval = cpu_to_le16(DISCOV_LE_SCAN_INT);
2945 param_cp.window = cpu_to_le16(DISCOV_LE_SCAN_WIN);
c25dfc61
MH		 2946 if (bacmp(&hdev->bdaddr, BDADDR_ANY))
2947 param_cp.own_address_type = ADDR_LE_DEV_PUBLIC;
2948 else
2949 param_cp.own_address_type = ADDR_LE_DEV_RANDOM;
7c307720
AG		 2950 hci_req_add(&req, HCI_OP_LE_SET_SCAN_PARAM, sizeof(param_cp),
2951 &param_cp);
2952
2953 memset(&enable_cp, 0, sizeof(enable_cp));
2954 enable_cp.enable = LE_SCAN_ENABLE;
2955 enable_cp.filter_dup = LE_SCAN_FILTER_DUP_ENABLE;
2956 hci_req_add(&req, HCI_OP_LE_SET_SCAN_ENABLE, sizeof(enable_cp),
2957 &enable_cp);
5e0452c0
AG		 2958 break;
2959
f39799f5 2960 default:
04106755
JH		 2961 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2962 MGMT_STATUS_INVALID_PARAMS);
2963 mgmt_pending_remove(cmd);
2964 goto failed;
f39799f5 2965 }
3fd24153 2966
7c307720 2967 err = hci_req_run(&req, start_discovery_complete);
14a53664
JH		 2968 if (err < 0)
2969 mgmt_pending_remove(cmd);
ff9ef578
JH		 2970 else
2971 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
14a53664
JH		 2972
2973failed:
09fd0de5 2974 hci_dev_unlock(hdev);
14a53664
JH		 2975 return err;
2976}
2977
1183fdca
AG		 2978static int mgmt_stop_discovery_failed(struct hci_dev *hdev, u8 status)
2979{
2980 struct pending_cmd *cmd;
2981 int err;
2982
2983 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
2984 if (!cmd)
2985 return -ENOENT;
2986
2987 err = cmd_complete(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status),
2988 &hdev->discovery.type, sizeof(hdev->discovery.type));
2989 mgmt_pending_remove(cmd);
2990
2991 return err;
2992}
2993
0e05bba6
AG		 2994static void stop_discovery_complete(struct hci_dev *hdev, u8 status)
2995{
2996 BT_DBG("status %d", status);
2997
2998 hci_dev_lock(hdev);
2999
3000 if (status) {
3001 mgmt_stop_discovery_failed(hdev, status);
3002 goto unlock;
3003 }
3004
3005 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
3006
3007unlock:
3008 hci_dev_unlock(hdev);
3009}
3010
bdb6d971 3011static int stop_discovery(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3012 u16 len)
14a53664 3013{
d930650b 3014 struct mgmt_cp_stop_discovery *mgmt_cp = data;
14a53664 3015 struct pending_cmd *cmd;
30dc78e1
JH		 3016 struct hci_cp_remote_name_req_cancel cp;
3017 struct inquiry_entry *e;
0e05bba6
AG		 3018 struct hci_request req;
3019 struct hci_cp_le_set_scan_enable enable_cp;
14a53664
JH		 3020 int err;
3021
bdb6d971 3022 BT_DBG("%s", hdev->name);
14a53664 3023
09fd0de5 3024 hci_dev_lock(hdev);
14a53664 3025
30dc78e1 3026 if (!hci_discovery_active(hdev)) {
bdb6d971 3027 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
04124681
GP		 3028 MGMT_STATUS_REJECTED, &mgmt_cp->type,
3029 sizeof(mgmt_cp->type));
d930650b
JH		 3030 goto unlock;
3031 }
3032
3033 if (hdev->discovery.type != mgmt_cp->type) {
bdb6d971 3034 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
04124681
GP		 3035 MGMT_STATUS_INVALID_PARAMS, &mgmt_cp->type,
3036 sizeof(mgmt_cp->type));
30dc78e1 3037 goto unlock;
ff9ef578
JH		 3038 }
3039
2e58ef3e 3040 cmd = mgmt_pending_add(sk, MGMT_OP_STOP_DISCOVERY, hdev, NULL, 0);
14a53664
JH		 3041 if (!cmd) {
3042 err = -ENOMEM;
30dc78e1
JH		 3043 goto unlock;
3044 }
3045
0e05bba6
AG		 3046 hci_req_init(&req, hdev);
3047
e0d9727e
AG		 3048 switch (hdev->discovery.state) {
3049 case DISCOVERY_FINDING:
0e05bba6
AG		 3050 if (test_bit(HCI_INQUIRY, &hdev->flags)) {
3051 hci_req_add(&req, HCI_OP_INQUIRY_CANCEL, 0, NULL);
3052 } else {
3053 cancel_delayed_work(&hdev->le_scan_disable);
3054
3055 memset(&enable_cp, 0, sizeof(enable_cp));
3056 enable_cp.enable = LE_SCAN_DISABLE;
3057 hci_req_add(&req, HCI_OP_LE_SET_SCAN_ENABLE,
3058 sizeof(enable_cp), &enable_cp);
3059 }
c9ecc48e 3060
e0d9727e
AG		 3061 break;
3062
3063 case DISCOVERY_RESOLVING:
3064 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY,
8ce8e2b5 3065 NAME_PENDING);
e0d9727e 3066 if (!e) {
30dc78e1 3067 mgmt_pending_remove(cmd);
e0d9727e
AG		 3068 err = cmd_complete(sk, hdev->id,
3069 MGMT_OP_STOP_DISCOVERY, 0,
3070 &mgmt_cp->type,
3071 sizeof(mgmt_cp->type));
3072 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
3073 goto unlock;
3074 }
30dc78e1 3075
e0d9727e 3076 bacpy(&cp.bdaddr, &e->data.bdaddr);
0e05bba6
AG		 3077 hci_req_add(&req, HCI_OP_REMOTE_NAME_REQ_CANCEL, sizeof(cp),
3078 &cp);
e0d9727e
AG		 3079
3080 break;
3081
3082 default:
3083 BT_DBG("unknown discovery state %u", hdev->discovery.state);
0e05bba6
AG		 3084
3085 mgmt_pending_remove(cmd);
3086 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
3087 MGMT_STATUS_FAILED, &mgmt_cp->type,
3088 sizeof(mgmt_cp->type));
3089 goto unlock;
14a53664
JH		 3090 }
3091
0e05bba6 3092 err = hci_req_run(&req, stop_discovery_complete);
14a53664
JH		 3093 if (err < 0)
3094 mgmt_pending_remove(cmd);
ff9ef578
JH		 3095 else
3096 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
14a53664 3097
30dc78e1 3098unlock:
09fd0de5 3099 hci_dev_unlock(hdev);
14a53664
JH		 3100 return err;
3101}
3102
bdb6d971 3103static int confirm_name(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3104 u16 len)
561aafbc 3105{
650f726d 3106 struct mgmt_cp_confirm_name *cp = data;
561aafbc 3107 struct inquiry_entry *e;
561aafbc
JH		 3108 int err;
3109
bdb6d971 3110 BT_DBG("%s", hdev->name);
561aafbc 3111
561aafbc
JH		 3112 hci_dev_lock(hdev);
3113
30dc78e1 3114 if (!hci_discovery_active(hdev)) {
bdb6d971 3115 err = cmd_status(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
04124681 3116 MGMT_STATUS_FAILED);
30dc78e1
JH		 3117 goto failed;
3118 }
3119
a198e7b1 3120 e = hci_inquiry_cache_lookup_unknown(hdev, &cp->addr.bdaddr);
561aafbc 3121 if (!e) {
bdb6d971 3122 err = cmd_status(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
04124681 3123 MGMT_STATUS_INVALID_PARAMS);
561aafbc
JH		 3124 goto failed;
3125 }
3126
3127 if (cp->name_known) {
3128 e->name_state = NAME_KNOWN;
3129 list_del(&e->list);
3130 } else {
3131 e->name_state = NAME_NEEDED;
a3d4e20a 3132 hci_inquiry_cache_update_resolve(hdev, e);
561aafbc
JH		 3133 }
3134
e384662b
JH		 3135 err = cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME, 0, &cp->addr,
3136 sizeof(cp->addr));
561aafbc
JH		 3137
3138failed:
3139 hci_dev_unlock(hdev);
561aafbc
JH		 3140 return err;
3141}
3142
bdb6d971 3143static int block_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3144 u16 len)
7fbec224 3145{
650f726d 3146 struct mgmt_cp_block_device *cp = data;
f0eeea8b 3147 u8 status;
7fbec224
AJ		 3148 int err;
3149
bdb6d971 3150 BT_DBG("%s", hdev->name);
7fbec224 3151
4ee71b20 3152 if (!bdaddr_type_is_valid(cp->addr.type))
5d0846d4
JH		 3153 return cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE,
3154 MGMT_STATUS_INVALID_PARAMS,
3155 &cp->addr, sizeof(cp->addr));
4ee71b20 3156
09fd0de5 3157 hci_dev_lock(hdev);
5e762444 3158
88c1fe4b 3159 err = hci_blacklist_add(hdev, &cp->addr.bdaddr, cp->addr.type);
7fbec224 3160 if (err < 0)
f0eeea8b 3161 status = MGMT_STATUS_FAILED;
7fbec224 3162 else
a6785be2 3163 status = MGMT_STATUS_SUCCESS;
f0eeea8b 3164
bdb6d971 3165 err = cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE, status,
04124681 3166 &cp->addr, sizeof(cp->addr));
5e762444 3167
09fd0de5 3168 hci_dev_unlock(hdev);
7fbec224
AJ		 3169
3170 return err;
3171}
3172
bdb6d971 3173static int unblock_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3174 u16 len)
7fbec224 3175{
650f726d 3176 struct mgmt_cp_unblock_device *cp = data;
f0eeea8b 3177 u8 status;
7fbec224
AJ		 3178 int err;
3179
bdb6d971 3180 BT_DBG("%s", hdev->name);
7fbec224 3181
4ee71b20 3182 if (!bdaddr_type_is_valid(cp->addr.type))
5d0846d4
JH		 3183 return cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE,
3184 MGMT_STATUS_INVALID_PARAMS,
3185 &cp->addr, sizeof(cp->addr));
4ee71b20 3186
09fd0de5 3187 hci_dev_lock(hdev);
5e762444 3188
88c1fe4b 3189 err = hci_blacklist_del(hdev, &cp->addr.bdaddr, cp->addr.type);
7fbec224 3190 if (err < 0)
f0eeea8b 3191 status = MGMT_STATUS_INVALID_PARAMS;
7fbec224 3192 else
a6785be2 3193 status = MGMT_STATUS_SUCCESS;
f0eeea8b 3194
bdb6d971 3195 err = cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE, status,
04124681 3196 &cp->addr, sizeof(cp->addr));
5e762444 3197
09fd0de5 3198 hci_dev_unlock(hdev);
7fbec224
AJ		 3199
3200 return err;
3201}
3202
cdbaccca
MH		 3203static int set_device_id(struct sock *sk, struct hci_dev *hdev, void *data,
3204 u16 len)
3205{
3206 struct mgmt_cp_set_device_id *cp = data;
890ea898 3207 struct hci_request req;
cdbaccca 3208 int err;
c72d4b8a 3209 __u16 source;
cdbaccca
MH		 3210
3211 BT_DBG("%s", hdev->name);
3212
c72d4b8a
SJ		 3213 source = __le16_to_cpu(cp->source);
3214
3215 if (source > 0x0002)
3216 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEVICE_ID,
3217 MGMT_STATUS_INVALID_PARAMS);
3218
cdbaccca
MH		 3219 hci_dev_lock(hdev);
3220
c72d4b8a 3221 hdev->devid_source = source;
cdbaccca
MH		 3222 hdev->devid_vendor = __le16_to_cpu(cp->vendor);
3223 hdev->devid_product = __le16_to_cpu(cp->product);
3224 hdev->devid_version = __le16_to_cpu(cp->version);
3225
3226 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEVICE_ID, 0, NULL, 0);
3227
890ea898
JH		 3228 hci_req_init(&req, hdev);
3229 update_eir(&req);
3230 hci_req_run(&req, NULL);
cdbaccca
MH		 3231
3232 hci_dev_unlock(hdev);
3233
3234 return err;
3235}
3236
4375f103
JH		 3237static void set_advertising_complete(struct hci_dev *hdev, u8 status)
3238{
3239 struct cmd_lookup match = { NULL, hdev };
3240
3241 if (status) {
3242 u8 mgmt_err = mgmt_status(status);
3243
3244 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev,
3245 cmd_status_rsp, &mgmt_err);
3246 return;
3247 }
3248
3249 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev, settings_rsp,
3250 &match);
3251
3252 new_settings(hdev, match.sk);
3253
3254 if (match.sk)
3255 sock_put(match.sk);
3256}
3257
21b5187f
MH		 3258static int set_advertising(struct sock *sk, struct hci_dev *hdev, void *data,
3259 u16 len)
4375f103
JH		 3260{
3261 struct mgmt_mode *cp = data;
3262 struct pending_cmd *cmd;
3263 struct hci_request req;
e6fe7986 3264 u8 val, enabled, status;
4375f103
JH		 3265 int err;
3266
3267 BT_DBG("request for %s", hdev->name);
3268
e6fe7986
JH		 3269 status = mgmt_le_support(hdev);
3270 if (status)
4375f103 3271 return cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
e6fe7986 3272 status);
4375f103
JH		 3273
3274 if (cp->val != 0x00 && cp->val != 0x01)
3275 return cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
3276 MGMT_STATUS_INVALID_PARAMS);
3277
3278 hci_dev_lock(hdev);
3279
3280 val = !!cp->val;
f3d3444a 3281 enabled = test_bit(HCI_ADVERTISING, &hdev->dev_flags);
4375f103 3282
f74ca9b8
JH		 3283 /* The following conditions are ones which mean that we should
3284 * not do any HCI communication but directly send a mgmt
3285 * response to user space (after toggling the flag if
3286 * necessary).
3287 */
3288 if (!hdev_is_powered(hdev) || val == enabled ||
b145edcd 3289 hci_conn_num(hdev, LE_LINK) > 0) {
4375f103
JH		 3290 bool changed = false;
3291
f3d3444a
JH		 3292 if (val != test_bit(HCI_ADVERTISING, &hdev->dev_flags)) {
3293 change_bit(HCI_ADVERTISING, &hdev->dev_flags);
4375f103
JH		 3294 changed = true;
3295 }
3296
3297 err = send_settings_rsp(sk, MGMT_OP_SET_ADVERTISING, hdev);
3298 if (err < 0)
3299 goto unlock;
3300
3301 if (changed)
3302 err = new_settings(hdev, sk);
3303
3304 goto unlock;
3305 }
3306
3307 if (mgmt_pending_find(MGMT_OP_SET_ADVERTISING, hdev) ||
3308 mgmt_pending_find(MGMT_OP_SET_LE, hdev)) {
3309 err = cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
3310 MGMT_STATUS_BUSY);
3311 goto unlock;
3312 }
3313
3314 cmd = mgmt_pending_add(sk, MGMT_OP_SET_ADVERTISING, hdev, data, len);
3315 if (!cmd) {
3316 err = -ENOMEM;
3317 goto unlock;
3318 }
3319
3320 hci_req_init(&req, hdev);
3321
bba3aa55
MH		 3322 if (val)
3323 enable_advertising(&req);
3324 else
3325 disable_advertising(&req);
4375f103
JH		 3326
3327 err = hci_req_run(&req, set_advertising_complete);
3328 if (err < 0)
3329 mgmt_pending_remove(cmd);
3330
3331unlock:
3332 hci_dev_unlock(hdev);
3333 return err;
3334}
3335
d13eafce
MH		 3336static int set_static_address(struct sock *sk, struct hci_dev *hdev,
3337 void *data, u16 len)
3338{
3339 struct mgmt_cp_set_static_address *cp = data;
3340 int err;
3341
3342 BT_DBG("%s", hdev->name);
3343
62af4443 3344 if (!lmp_le_capable(hdev))
d13eafce 3345 return cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
62af4443 3346 MGMT_STATUS_NOT_SUPPORTED);
d13eafce
MH		 3347
3348 if (hdev_is_powered(hdev))
3349 return cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
3350 MGMT_STATUS_REJECTED);
3351
3352 if (bacmp(&cp->bdaddr, BDADDR_ANY)) {
3353 if (!bacmp(&cp->bdaddr, BDADDR_NONE))
3354 return cmd_status(sk, hdev->id,
3355 MGMT_OP_SET_STATIC_ADDRESS,
3356 MGMT_STATUS_INVALID_PARAMS);
3357
3358 /* Two most significant bits shall be set */
3359 if ((cp->bdaddr.b[5] & 0xc0) != 0xc0)
3360 return cmd_status(sk, hdev->id,
3361 MGMT_OP_SET_STATIC_ADDRESS,
3362 MGMT_STATUS_INVALID_PARAMS);
3363 }
3364
3365 hci_dev_lock(hdev);
3366
3367 bacpy(&hdev->static_addr, &cp->bdaddr);
3368
3369 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS, 0, NULL, 0);
3370
3371 hci_dev_unlock(hdev);
3372
3373 return err;
3374}
3375
33e38b3e
JH		 3376static void fast_connectable_complete(struct hci_dev *hdev, u8 status)
3377{
3378 struct pending_cmd *cmd;
3379
3380 BT_DBG("status 0x%02x", status);
3381
3382 hci_dev_lock(hdev);
3383
3384 cmd = mgmt_pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev);
3385 if (!cmd)
3386 goto unlock;
3387
3388 if (status) {
3389 cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
3390 mgmt_status(status));
3391 } else {
1a4d3c4b
JH		 3392 struct mgmt_mode *cp = cmd->param;
3393
3394 if (cp->val)
3395 set_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
3396 else
3397 clear_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
3398
33e38b3e
JH		 3399 send_settings_rsp(cmd->sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev);
3400 new_settings(hdev, cmd->sk);
3401 }
3402
3403 mgmt_pending_remove(cmd);
3404
3405unlock:
3406 hci_dev_unlock(hdev);
3407}
3408
bdb6d971 3409static int set_fast_connectable(struct sock *sk, struct hci_dev *hdev,
04124681 3410 void *data, u16 len)
f6422ec6 3411{
650f726d 3412 struct mgmt_mode *cp = data;
33e38b3e
JH		 3413 struct pending_cmd *cmd;
3414 struct hci_request req;
f6422ec6
AJ		 3415 int err;
3416
bdb6d971 3417 BT_DBG("%s", hdev->name);
f6422ec6 3418
56f87901
JH		 3419 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags) ||
3420 hdev->hci_ver < BLUETOOTH_VER_1_2)
33c525c0
JH		 3421 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
3422 MGMT_STATUS_NOT_SUPPORTED);
3423
a7e80f25
JH		 3424 if (cp->val != 0x00 && cp->val != 0x01)
3425 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
3426 MGMT_STATUS_INVALID_PARAMS);
3427
5400c044 3428 if (!hdev_is_powered(hdev))
bdb6d971 3429 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
04124681 3430 MGMT_STATUS_NOT_POWERED);
5400c044
JH		 3431
3432 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
bdb6d971 3433 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
04124681 3434 MGMT_STATUS_REJECTED);
f6422ec6
AJ		 3435
3436 hci_dev_lock(hdev);
3437
05cbf29f
JH		 3438 if (mgmt_pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev)) {
3439 err = cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
3440 MGMT_STATUS_BUSY);
3441 goto unlock;
3442 }
3443
1a4d3c4b
JH		 3444 if (!!cp->val == test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags)) {
3445 err = send_settings_rsp(sk, MGMT_OP_SET_FAST_CONNECTABLE,
3446 hdev);
3447 goto unlock;
3448 }
3449
33e38b3e
JH		 3450 cmd = mgmt_pending_add(sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev,
3451 data, len);
3452 if (!cmd) {
3453 err = -ENOMEM;
3454 goto unlock;
f6422ec6
AJ		 3455 }
3456
33e38b3e
JH		 3457 hci_req_init(&req, hdev);
3458
406d7804 3459 write_fast_connectable(&req, cp->val);
33e38b3e
JH		 3460
3461 err = hci_req_run(&req, fast_connectable_complete);
f6422ec6 3462 if (err < 0) {
bdb6d971 3463 err = cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
04124681 3464 MGMT_STATUS_FAILED);
33e38b3e 3465 mgmt_pending_remove(cmd);
f6422ec6
AJ		 3466 }
3467
33e38b3e 3468unlock:
f6422ec6 3469 hci_dev_unlock(hdev);
33e38b3e 3470
f6422ec6
AJ		 3471 return err;
3472}
3473
0663ca2a
JH		 3474static void set_bredr_complete(struct hci_dev *hdev, u8 status)
3475{
3476 struct pending_cmd *cmd;
3477
3478 BT_DBG("status 0x%02x", status);
3479
3480 hci_dev_lock(hdev);
3481
3482 cmd = mgmt_pending_find(MGMT_OP_SET_BREDR, hdev);
3483 if (!cmd)
3484 goto unlock;
3485
3486 if (status) {
3487 u8 mgmt_err = mgmt_status(status);
3488
3489 /* We need to restore the flag if related HCI commands
3490 * failed.
3491 */
3492 clear_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
3493
3494 cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
3495 } else {
3496 send_settings_rsp(cmd->sk, MGMT_OP_SET_BREDR, hdev);
3497 new_settings(hdev, cmd->sk);
3498 }
3499
3500 mgmt_pending_remove(cmd);
3501
3502unlock:
3503 hci_dev_unlock(hdev);
3504}
3505
3506static int set_bredr(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
3507{
3508 struct mgmt_mode *cp = data;
3509 struct pending_cmd *cmd;
3510 struct hci_request req;
3511 int err;
3512
3513 BT_DBG("request for %s", hdev->name);
3514
3515 if (!lmp_bredr_capable(hdev) || !lmp_le_capable(hdev))
3516 return cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
3517 MGMT_STATUS_NOT_SUPPORTED);
3518
3519 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
3520 return cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
3521 MGMT_STATUS_REJECTED);
3522
3523 if (cp->val != 0x00 && cp->val != 0x01)
3524 return cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
3525 MGMT_STATUS_INVALID_PARAMS);
3526
3527 hci_dev_lock(hdev);
3528
3529 if (cp->val == test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
3530 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
3531 goto unlock;
3532 }
3533
3534 if (!hdev_is_powered(hdev)) {
3535 if (!cp->val) {
3536 clear_bit(HCI_CONNECTABLE, &hdev->dev_flags);
3537 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
3538 clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
3539 clear_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
3540 clear_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
3541 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
3542 }
3543
3544 change_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
3545
3546 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
3547 if (err < 0)
3548 goto unlock;
3549
3550 err = new_settings(hdev, sk);
3551 goto unlock;
3552 }
3553
3554 /* Reject disabling when powered on */
3555 if (!cp->val) {
3556 err = cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
3557 MGMT_STATUS_REJECTED);
3558 goto unlock;
3559 }
3560
3561 if (mgmt_pending_find(MGMT_OP_SET_BREDR, hdev)) {
3562 err = cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
3563 MGMT_STATUS_BUSY);
3564 goto unlock;
3565 }
3566
3567 cmd = mgmt_pending_add(sk, MGMT_OP_SET_BREDR, hdev, data, len);
3568 if (!cmd) {
3569 err = -ENOMEM;
3570 goto unlock;
3571 }
3572
3573 /* We need to flip the bit already here so that hci_update_ad
3574 * generates the correct flags.
3575 */
3576 set_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
3577
3578 hci_req_init(&req, hdev);
3579 hci_update_ad(&req);
3580 err = hci_req_run(&req, set_bredr_complete);
3581 if (err < 0)
3582 mgmt_pending_remove(cmd);
3583
3584unlock:
3585 hci_dev_unlock(hdev);
3586 return err;
3587}
3588
3f706b72
JH		 3589static bool ltk_is_valid(struct mgmt_ltk_info *key)
3590{
44b20d33
JH		 3591 if (key->authenticated != 0x00 && key->authenticated != 0x01)
3592 return false;
3f706b72
JH		 3593 if (key->master != 0x00 && key->master != 0x01)
3594 return false;
4ee71b20
JH		 3595 if (!bdaddr_type_is_le(key->addr.type))
3596 return false;
3f706b72
JH		 3597 return true;
3598}
3599
bdb6d971 3600static int load_long_term_keys(struct sock *sk, struct hci_dev *hdev,
04124681 3601 void *cp_data, u16 len)
346af67b 3602{
346af67b
VCG		 3603 struct mgmt_cp_load_long_term_keys *cp = cp_data;
3604 u16 key_count, expected_len;
715a5bf2 3605 int i, err;
346af67b 3606
cf99ba13
MH		 3607 BT_DBG("request for %s", hdev->name);
3608
3609 if (!lmp_le_capable(hdev))
3610 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
3611 MGMT_STATUS_NOT_SUPPORTED);
3612
1f350c87 3613 key_count = __le16_to_cpu(cp->key_count);
346af67b
VCG		 3614
3615 expected_len = sizeof(*cp) + key_count *
3616 sizeof(struct mgmt_ltk_info);
3617 if (expected_len != len) {
3618 BT_ERR("load_keys: expected %u bytes, got %u bytes",
8ce8e2b5 3619 len, expected_len);
bdb6d971 3620 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
e57e619f 3621 MGMT_STATUS_INVALID_PARAMS);
346af67b
VCG		 3622 }
3623
bdb6d971 3624 BT_DBG("%s key_count %u", hdev->name, key_count);
346af67b 3625
54ad6d8a
JH		 3626 for (i = 0; i < key_count; i++) {
3627 struct mgmt_ltk_info *key = &cp->keys[i];
3628
3f706b72 3629 if (!ltk_is_valid(key))
54ad6d8a
JH		 3630 return cmd_status(sk, hdev->id,
3631 MGMT_OP_LOAD_LONG_TERM_KEYS,
3632 MGMT_STATUS_INVALID_PARAMS);
3633 }
3634
346af67b
VCG		 3635 hci_dev_lock(hdev);
3636
3637 hci_smp_ltks_clear(hdev);
3638
3639 for (i = 0; i < key_count; i++) {
3640 struct mgmt_ltk_info *key = &cp->keys[i];
3641 u8 type;
3642
3643 if (key->master)
3644 type = HCI_SMP_LTK;
3645 else
3646 type = HCI_SMP_LTK_SLAVE;
3647
4596fde5 3648 hci_add_ltk(hdev, &key->addr.bdaddr,
378b5b7e 3649 bdaddr_to_le(key->addr.type),
04124681
GP		 3650 type, 0, key->authenticated, key->val,
3651 key->enc_size, key->ediv, key->rand);
346af67b
VCG		 3652 }
3653
715a5bf2
JH		 3654 err = cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS, 0,
3655 NULL, 0);
3656
346af67b 3657 hci_dev_unlock(hdev);
346af67b 3658
715a5bf2 3659 return err;
346af67b
VCG		 3660}
3661
2e3c35ea 3662static const struct mgmt_handler {
04124681
GP		 3663 int (*func) (struct sock *sk, struct hci_dev *hdev, void *data,
3664 u16 data_len);
be22b54e
JH		 3665 bool var_len;
3666 size_t data_len;
0f4e68cf
JH		 3667} mgmt_handlers[] = {
3668 { NULL }, /* 0x0000 (no command) */
be22b54e
JH		 3669 { read_version, false, MGMT_READ_VERSION_SIZE },
3670 { read_commands, false, MGMT_READ_COMMANDS_SIZE },
3671 { read_index_list, false, MGMT_READ_INDEX_LIST_SIZE },
3672 { read_controller_info, false, MGMT_READ_INFO_SIZE },
3673 { set_powered, false, MGMT_SETTING_SIZE },
3674 { set_discoverable, false, MGMT_SET_DISCOVERABLE_SIZE },
3675 { set_connectable, false, MGMT_SETTING_SIZE },
3676 { set_fast_connectable, false, MGMT_SETTING_SIZE },
3677 { set_pairable, false, MGMT_SETTING_SIZE },
3678 { set_link_security, false, MGMT_SETTING_SIZE },
3679 { set_ssp, false, MGMT_SETTING_SIZE },
3680 { set_hs, false, MGMT_SETTING_SIZE },
3681 { set_le, false, MGMT_SETTING_SIZE },
3682 { set_dev_class, false, MGMT_SET_DEV_CLASS_SIZE },
3683 { set_local_name, false, MGMT_SET_LOCAL_NAME_SIZE },
3684 { add_uuid, false, MGMT_ADD_UUID_SIZE },
3685 { remove_uuid, false, MGMT_REMOVE_UUID_SIZE },
3686 { load_link_keys, true, MGMT_LOAD_LINK_KEYS_SIZE },
3687 { load_long_term_keys, true, MGMT_LOAD_LONG_TERM_KEYS_SIZE },
3688 { disconnect, false, MGMT_DISCONNECT_SIZE },
3689 { get_connections, false, MGMT_GET_CONNECTIONS_SIZE },
3690 { pin_code_reply, false, MGMT_PIN_CODE_REPLY_SIZE },
3691 { pin_code_neg_reply, false, MGMT_PIN_CODE_NEG_REPLY_SIZE },
3692 { set_io_capability, false, MGMT_SET_IO_CAPABILITY_SIZE },
3693 { pair_device, false, MGMT_PAIR_DEVICE_SIZE },
3694 { cancel_pair_device, false, MGMT_CANCEL_PAIR_DEVICE_SIZE },
3695 { unpair_device, false, MGMT_UNPAIR_DEVICE_SIZE },
3696 { user_confirm_reply, false, MGMT_USER_CONFIRM_REPLY_SIZE },
3697 { user_confirm_neg_reply, false, MGMT_USER_CONFIRM_NEG_REPLY_SIZE },
3698 { user_passkey_reply, false, MGMT_USER_PASSKEY_REPLY_SIZE },
3699 { user_passkey_neg_reply, false, MGMT_USER_PASSKEY_NEG_REPLY_SIZE },
3700 { read_local_oob_data, false, MGMT_READ_LOCAL_OOB_DATA_SIZE },
3701 { add_remote_oob_data, false, MGMT_ADD_REMOTE_OOB_DATA_SIZE },
3702 { remove_remote_oob_data, false, MGMT_REMOVE_REMOTE_OOB_DATA_SIZE },
3703 { start_discovery, false, MGMT_START_DISCOVERY_SIZE },
3704 { stop_discovery, false, MGMT_STOP_DISCOVERY_SIZE },
3705 { confirm_name, false, MGMT_CONFIRM_NAME_SIZE },
3706 { block_device, false, MGMT_BLOCK_DEVICE_SIZE },
3707 { unblock_device, false, MGMT_UNBLOCK_DEVICE_SIZE },
cdbaccca 3708 { set_device_id, false, MGMT_SET_DEVICE_ID_SIZE },
4375f103 3709 { set_advertising, false, MGMT_SETTING_SIZE },
0663ca2a 3710 { set_bredr, false, MGMT_SETTING_SIZE },
d13eafce 3711 { set_static_address, false, MGMT_SET_STATIC_ADDRESS_SIZE },
0f4e68cf
JH		 3712};
3713
3714
0381101f
JH		 3715int mgmt_control(struct sock *sk, struct msghdr *msg, size_t msglen)
3716{
650f726d
VCG		 3717 void *buf;
3718 u8 *cp;
0381101f 3719 struct mgmt_hdr *hdr;
4e51eae9 3720 u16 opcode, index, len;
bdb6d971 3721 struct hci_dev *hdev = NULL;
2e3c35ea 3722 const struct mgmt_handler *handler;
0381101f
JH		 3723 int err;
3724
3725 BT_DBG("got %zu bytes", msglen);
3726
3727 if (msglen < sizeof(*hdr))
3728 return -EINVAL;
3729
e63a15ec 3730 buf = kmalloc(msglen, GFP_KERNEL);
0381101f
JH		 3731 if (!buf)
3732 return -ENOMEM;
3733
3734 if (memcpy_fromiovec(buf, msg->msg_iov, msglen)) {
3735 err = -EFAULT;
3736 goto done;
3737 }
3738
650f726d 3739 hdr = buf;
1f350c87
MH		 3740 opcode = __le16_to_cpu(hdr->opcode);
3741 index = __le16_to_cpu(hdr->index);
3742 len = __le16_to_cpu(hdr->len);
0381101f
JH		 3743
3744 if (len != msglen - sizeof(*hdr)) {
3745 err = -EINVAL;
3746 goto done;
3747 }
3748
0f4e68cf 3749 if (index != MGMT_INDEX_NONE) {
bdb6d971
JH		 3750 hdev = hci_dev_get(index);
3751 if (!hdev) {
3752 err = cmd_status(sk, index, opcode,
04124681 3753 MGMT_STATUS_INVALID_INDEX);
bdb6d971
JH		 3754 goto done;
3755 }
0736cfa8 3756
cebf4cfd
JH		 3757 if (test_bit(HCI_SETUP, &hdev->dev_flags) ||
3758 test_bit(HCI_USER_CHANNEL, &hdev->dev_flags)) {
0736cfa8
MH		 3759 err = cmd_status(sk, index, opcode,
3760 MGMT_STATUS_INVALID_INDEX);
3761 goto done;
3762 }
bdb6d971
JH		 3763 }
3764
0f4e68cf 3765 if (opcode >= ARRAY_SIZE(mgmt_handlers) ||
8ce8e2b5 3766 mgmt_handlers[opcode].func == NULL) {
0381101f 3767 BT_DBG("Unknown op %u", opcode);
ca69b795 3768 err = cmd_status(sk, index, opcode,
04124681 3769 MGMT_STATUS_UNKNOWN_COMMAND);
0f4e68cf
JH		 3770 goto done;
3771 }
3772
3773 if ((hdev && opcode < MGMT_OP_READ_INFO) ||
8ce8e2b5 3774 (!hdev && opcode >= MGMT_OP_READ_INFO)) {
0f4e68cf 3775 err = cmd_status(sk, index, opcode,
04124681 3776 MGMT_STATUS_INVALID_INDEX);
0f4e68cf 3777 goto done;
0381101f
JH		 3778 }
3779
be22b54e
JH		 3780 handler = &mgmt_handlers[opcode];
3781
3782 if ((handler->var_len && len < handler->data_len) ||
8ce8e2b5 3783 (!handler->var_len && len != handler->data_len)) {
be22b54e 3784 err = cmd_status(sk, index, opcode,
04124681 3785 MGMT_STATUS_INVALID_PARAMS);
be22b54e
JH		 3786 goto done;
3787 }
3788
0f4e68cf
JH		 3789 if (hdev)
3790 mgmt_init_hdev(sk, hdev);
3791
3792 cp = buf + sizeof(*hdr);
3793
be22b54e 3794 err = handler->func(sk, hdev, cp, len);
e41d8b4e
JH		 3795 if (err < 0)
3796 goto done;
3797
0381101f
JH		 3798 err = msglen;
3799
3800done:
bdb6d971
JH		 3801 if (hdev)
3802 hci_dev_put(hdev);
3803
0381101f
JH		 3804 kfree(buf);
3805 return err;
3806}
c71e97bf 3807
bf6b56db 3808void mgmt_index_added(struct hci_dev *hdev)
c71e97bf 3809{
1514b892 3810 if (hdev->dev_type != HCI_BREDR)
bf6b56db 3811 return;
bb4b2a9a 3812
bf6b56db 3813 mgmt_event(MGMT_EV_INDEX_ADDED, hdev, NULL, 0, NULL);
c71e97bf
JH		 3814}
3815
bf6b56db 3816void mgmt_index_removed(struct hci_dev *hdev)
c71e97bf 3817{
5f159032 3818 u8 status = MGMT_STATUS_INVALID_INDEX;
b24752fe 3819
1514b892 3820 if (hdev->dev_type != HCI_BREDR)
bf6b56db 3821 return;
bb4b2a9a 3822
744cf19e 3823 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status);
b24752fe 3824
bf6b56db 3825 mgmt_event(MGMT_EV_INDEX_REMOVED, hdev, NULL, 0, NULL);
eec8d2bc
JH		 3826}
3827
890ea898 3828static void set_bredr_scan(struct hci_request *req)
7f0ae647 3829{
890ea898 3830 struct hci_dev *hdev = req->hdev;
7f0ae647
JH		 3831 u8 scan = 0;
3832
4c01f8b8
JH		 3833 /* Ensure that fast connectable is disabled. This function will
3834 * not do anything if the page scan parameters are already what
3835 * they should be.
3836 */
3837 write_fast_connectable(req, false);
3838
7f0ae647
JH		 3839 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
3840 scan |= SCAN_PAGE;
3841 if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
3842 scan |= SCAN_INQUIRY;
3843
890ea898
JH		 3844 if (scan)
3845 hci_req_add(req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
7f0ae647
JH		 3846}
3847
229ab39c
JH		 3848static void powered_complete(struct hci_dev *hdev, u8 status)
3849{
3850 struct cmd_lookup match = { NULL, hdev };
3851
3852 BT_DBG("status 0x%02x", status);
3853
3854 hci_dev_lock(hdev);
3855
3856 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
3857
3858 new_settings(hdev, match.sk);
3859
3860 hci_dev_unlock(hdev);
3861
3862 if (match.sk)
3863 sock_put(match.sk);
3864}
3865
70da6243 3866static int powered_update_hci(struct hci_dev *hdev)
5add6af8 3867{
890ea898 3868 struct hci_request req;
70da6243 3869 u8 link_sec;
5add6af8 3870
890ea898
JH		 3871 hci_req_init(&req, hdev);
3872
70da6243
JH		 3873 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags) &&
3874 !lmp_host_ssp_capable(hdev)) {
3875 u8 ssp = 1;
5e5282bb 3876
890ea898 3877 hci_req_add(&req, HCI_OP_WRITE_SSP_MODE, 1, &ssp);
70da6243 3878 }
5add6af8 3879
c73eee91
JH		 3880 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags) &&
3881 lmp_bredr_capable(hdev)) {
70da6243 3882 struct hci_cp_write_le_host_supported cp;
f0ff92fb 3883
70da6243
JH		 3884 cp.le = 1;
3885 cp.simul = lmp_le_br_capable(hdev);
3d1cbdd6 3886
70da6243
JH		 3887 /* Check first if we already have the right
3888 * host state (host features set)
3889 */
3890 if (cp.le != lmp_host_le_capable(hdev) ||
3891 cp.simul != lmp_host_le_br_capable(hdev))
890ea898
JH		 3892 hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED,
3893 sizeof(cp), &cp);
0663ca2a
JH		 3894
3895 /* In case BR/EDR was toggled during the AUTO_OFF phase */
3896 hci_update_ad(&req);
70da6243 3897 }
3d1cbdd6 3898
d13eafce
MH		 3899 if (lmp_le_capable(hdev)) {
3900 /* Set random address to static address if configured */
3901 if (bacmp(&hdev->static_addr, BDADDR_ANY))
3902 hci_req_add(&req, HCI_OP_LE_SET_RANDOM_ADDR, 6,
3903 &hdev->static_addr);
eeca6f89 3904
bba3aa55
MH		 3905 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags))
3906 enable_advertising(&req);
eeca6f89
JH		 3907 }
3908
70da6243
JH		 3909 link_sec = test_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
3910 if (link_sec != test_bit(HCI_AUTH, &hdev->flags))
890ea898
JH		 3911 hci_req_add(&req, HCI_OP_WRITE_AUTH_ENABLE,
3912 sizeof(link_sec), &link_sec);
562fcc24 3913
70da6243 3914 if (lmp_bredr_capable(hdev)) {
56f87901
JH		 3915 if (test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
3916 set_bredr_scan(&req);
890ea898 3917 update_class(&req);
13928971 3918 update_name(&req);
890ea898 3919 update_eir(&req);
70da6243 3920 }
562fcc24 3921
229ab39c 3922 return hci_req_run(&req, powered_complete);
70da6243 3923}
562fcc24 3924
70da6243
JH		 3925int mgmt_powered(struct hci_dev *hdev, u8 powered)
3926{
3927 struct cmd_lookup match = { NULL, hdev };
229ab39c
JH		 3928 u8 status_not_powered = MGMT_STATUS_NOT_POWERED;
3929 u8 zero_cod[] = { 0, 0, 0 };
70da6243 3930 int err;
f0ff92fb 3931
70da6243
JH		 3932 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
3933 return 0;
3934
70da6243 3935 if (powered) {
229ab39c
JH		 3936 if (powered_update_hci(hdev) == 0)
3937 return 0;
fe038884 3938
229ab39c
JH		 3939 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp,
3940 &match);
3941 goto new_settings;
b24752fe
JH		 3942 }
3943
229ab39c
JH		 3944 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
3945 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status_not_powered);
3946
3947 if (memcmp(hdev->dev_class, zero_cod, sizeof(zero_cod)) != 0)
3948 mgmt_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev,
3949 zero_cod, sizeof(zero_cod), NULL);
3950
3951new_settings:
beadb2bd 3952 err = new_settings(hdev, match.sk);
eec8d2bc
JH		 3953
3954 if (match.sk)
3955 sock_put(match.sk);
3956
7bb895d6 3957 return err;
5add6af8 3958}
73f22f62 3959
3eec705e 3960void mgmt_set_powered_failed(struct hci_dev *hdev, int err)
96570ffc
JH		 3961{
3962 struct pending_cmd *cmd;
3963 u8 status;
3964
3965 cmd = mgmt_pending_find(MGMT_OP_SET_POWERED, hdev);
3966 if (!cmd)
3eec705e 3967 return;
96570ffc
JH		 3968
3969 if (err == -ERFKILL)
3970 status = MGMT_STATUS_RFKILLED;
3971 else
3972 status = MGMT_STATUS_FAILED;
3973
3eec705e 3974 cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_POWERED, status);
96570ffc
JH		 3975
3976 mgmt_pending_remove(cmd);
96570ffc
JH		 3977}
3978
744cf19e 3979int mgmt_discoverable(struct hci_dev *hdev, u8 discoverable)
73f22f62 3980{
76a7f3a4 3981 struct cmd_lookup match = { NULL, hdev };
5e5282bb
JH		 3982 bool changed = false;
3983 int err = 0;
73f22f62 3984
5e5282bb
JH		 3985 if (discoverable) {
3986 if (!test_and_set_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
3987 changed = true;
3988 } else {
3989 if (test_and_clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
3990 changed = true;
3991 }
73f22f62 3992
ed9b5f2f 3993 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, hdev, settings_rsp,
04124681 3994 &match);
ed9b5f2f 3995
beadb2bd
JH		 3996 if (changed)
3997 err = new_settings(hdev, match.sk);
5e5282bb 3998
73f22f62
JH		 3999 if (match.sk)
4000 sock_put(match.sk);
4001
7bb895d6 4002 return err;
73f22f62 4003}
9fbcbb45 4004
744cf19e 4005int mgmt_connectable(struct hci_dev *hdev, u8 connectable)
9fbcbb45 4006{
2b76f453 4007 struct pending_cmd *cmd;
5e5282bb
JH		 4008 bool changed = false;
4009 int err = 0;
9fbcbb45 4010
5e5282bb
JH		 4011 if (connectable) {
4012 if (!test_and_set_bit(HCI_CONNECTABLE, &hdev->dev_flags))
4013 changed = true;
4014 } else {
4015 if (test_and_clear_bit(HCI_CONNECTABLE, &hdev->dev_flags))
4016 changed = true;
4017 }
9fbcbb45 4018
2b76f453 4019 cmd = mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
ed9b5f2f 4020
beadb2bd 4021 if (changed)
2b76f453 4022 err = new_settings(hdev, cmd ? cmd->sk : NULL);
9fbcbb45 4023
7bb895d6 4024 return err;
9fbcbb45 4025}
55ed8ca1 4026
744cf19e 4027int mgmt_write_scan_failed(struct hci_dev *hdev, u8 scan, u8 status)
2d7cee58 4028{
ca69b795
JH		 4029 u8 mgmt_err = mgmt_status(status);
4030
2d7cee58 4031 if (scan & SCAN_PAGE)
744cf19e 4032 mgmt_pending_foreach(MGMT_OP_SET_CONNECTABLE, hdev,
04124681 4033 cmd_status_rsp, &mgmt_err);
2d7cee58
JH		 4034
4035 if (scan & SCAN_INQUIRY)
744cf19e 4036 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, hdev,
04124681 4037 cmd_status_rsp, &mgmt_err);
2d7cee58
JH		 4038
4039 return 0;
4040}
4041
53168e5b
CC		 4042int mgmt_new_link_key(struct hci_dev *hdev, struct link_key *key,
4043 bool persistent)
55ed8ca1 4044{
86742e1e 4045 struct mgmt_ev_new_link_key ev;
55ed8ca1 4046
a492cd52 4047 memset(&ev, 0, sizeof(ev));
55ed8ca1 4048
a492cd52 4049 ev.store_hint = persistent;
d753fdc4 4050 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
591f47f3 4051 ev.key.addr.type = BDADDR_BREDR;
a492cd52 4052 ev.key.type = key->type;
9b3b4460 4053 memcpy(ev.key.val, key->val, HCI_LINK_KEY_SIZE);
a492cd52 4054 ev.key.pin_len = key->pin_len;
55ed8ca1 4055
744cf19e 4056 return mgmt_event(MGMT_EV_NEW_LINK_KEY, hdev, &ev, sizeof(ev), NULL);
55ed8ca1 4057}
f7520543 4058
346af67b
VCG		 4059int mgmt_new_ltk(struct hci_dev *hdev, struct smp_ltk *key, u8 persistent)
4060{
4061 struct mgmt_ev_new_long_term_key ev;
4062
4063 memset(&ev, 0, sizeof(ev));
4064
4065 ev.store_hint = persistent;
4066 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
57c1477c 4067 ev.key.addr.type = link_to_bdaddr(LE_LINK, key->bdaddr_type);
346af67b
VCG		 4068 ev.key.authenticated = key->authenticated;
4069 ev.key.enc_size = key->enc_size;
4070 ev.key.ediv = key->ediv;
4071
4072 if (key->type == HCI_SMP_LTK)
4073 ev.key.master = 1;
4074
4075 memcpy(ev.key.rand, key->rand, sizeof(key->rand));
4076 memcpy(ev.key.val, key->val, sizeof(key->val));
4077
04124681
GP		 4078 return mgmt_event(MGMT_EV_NEW_LONG_TERM_KEY, hdev, &ev, sizeof(ev),
4079 NULL);
346af67b
VCG		 4080}
4081
ecd90ae7
MH		 4082void mgmt_device_connected(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
4083 u8 addr_type, u32 flags, u8 *name, u8 name_len,
4084 u8 *dev_class)
f7520543 4085{
b644ba33
JH		 4086 char buf[512];
4087 struct mgmt_ev_device_connected *ev = (void *) buf;
4088 u16 eir_len = 0;
f7520543 4089
b644ba33 4090 bacpy(&ev->addr.bdaddr, bdaddr);
57c1477c 4091 ev->addr.type = link_to_bdaddr(link_type, addr_type);
f7520543 4092
c95f0ba7 4093 ev->flags = __cpu_to_le32(flags);
08c79b61 4094
b644ba33
JH		 4095 if (name_len > 0)
4096 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE,
04124681 4097 name, name_len);
b644ba33
JH		 4098
4099 if (dev_class && memcmp(dev_class, "\0\0\0", 3) != 0)
53156385 4100 eir_len = eir_append_data(ev->eir, eir_len,
04124681 4101 EIR_CLASS_OF_DEV, dev_class, 3);
b644ba33 4102
eb55ef07 4103 ev->eir_len = cpu_to_le16(eir_len);
b644ba33 4104
ecd90ae7
MH		 4105 mgmt_event(MGMT_EV_DEVICE_CONNECTED, hdev, buf,
4106 sizeof(*ev) + eir_len, NULL);
f7520543
JH		 4107}
4108
8962ee74
JH		 4109static void disconnect_rsp(struct pending_cmd *cmd, void *data)
4110{
c68fb7ff 4111 struct mgmt_cp_disconnect *cp = cmd->param;
8962ee74 4112 struct sock **sk = data;
a38528f1 4113 struct mgmt_rp_disconnect rp;
8962ee74 4114
88c3df13
JH		 4115 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
4116 rp.addr.type = cp->addr.type;
8962ee74 4117
aee9b218 4118 cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT, 0, &rp,
04124681 4119 sizeof(rp));
8962ee74
JH		 4120
4121 *sk = cmd->sk;
4122 sock_hold(*sk);
4123
a664b5bc 4124 mgmt_pending_remove(cmd);
8962ee74
JH		 4125}
4126
124f6e35 4127static void unpair_device_rsp(struct pending_cmd *cmd, void *data)
a8a1d19e 4128{
b1078ad0 4129 struct hci_dev *hdev = data;
124f6e35
JH		 4130 struct mgmt_cp_unpair_device *cp = cmd->param;
4131 struct mgmt_rp_unpair_device rp;
a8a1d19e
JH		 4132
4133 memset(&rp, 0, sizeof(rp));
124f6e35
JH		 4134 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
4135 rp.addr.type = cp->addr.type;
a8a1d19e 4136
b1078ad0
JH		 4137 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, cmd->sk);
4138
aee9b218 4139 cmd_complete(cmd->sk, cmd->index, cmd->opcode, 0, &rp, sizeof(rp));
a8a1d19e
JH		 4140
4141 mgmt_pending_remove(cmd);
4142}
4143
9b80ec5e
MH		 4144void mgmt_device_disconnected(struct hci_dev *hdev, bdaddr_t *bdaddr,
4145 u8 link_type, u8 addr_type, u8 reason)
f7520543 4146{
f0d6a0ea 4147 struct mgmt_ev_device_disconnected ev;
8962ee74 4148 struct sock *sk = NULL;
8962ee74 4149
744cf19e 4150 mgmt_pending_foreach(MGMT_OP_DISCONNECT, hdev, disconnect_rsp, &sk);
f7520543 4151
f0d6a0ea
MA		 4152 bacpy(&ev.addr.bdaddr, bdaddr);
4153 ev.addr.type = link_to_bdaddr(link_type, addr_type);
4154 ev.reason = reason;
f7520543 4155
9b80ec5e 4156 mgmt_event(MGMT_EV_DEVICE_DISCONNECTED, hdev, &ev, sizeof(ev), sk);
8962ee74
JH		 4157
4158 if (sk)
d97dcb66 4159 sock_put(sk);
8962ee74 4160
124f6e35 4161 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
04124681 4162 hdev);
8962ee74
JH		 4163}
4164
7892924c
MH		 4165void mgmt_disconnect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr,
4166 u8 link_type, u8 addr_type, u8 status)
8962ee74 4167{
88c3df13 4168 struct mgmt_rp_disconnect rp;
8962ee74 4169 struct pending_cmd *cmd;
8962ee74 4170
36a75f1b
JD		 4171 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
4172 hdev);
4173
2e58ef3e 4174 cmd = mgmt_pending_find(MGMT_OP_DISCONNECT, hdev);
8962ee74 4175 if (!cmd)
7892924c 4176 return;
8962ee74 4177
88c3df13 4178 bacpy(&rp.addr.bdaddr, bdaddr);
57c1477c 4179 rp.addr.type = link_to_bdaddr(link_type, addr_type);
37d9ef76 4180
7892924c
MH		 4181 cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT,
4182 mgmt_status(status), &rp, sizeof(rp));
8962ee74 4183
a664b5bc 4184 mgmt_pending_remove(cmd);
f7520543 4185}
17d5c04c 4186
445608d0
MH		 4187void mgmt_connect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
4188 u8 addr_type, u8 status)
17d5c04c
JH		 4189{
4190 struct mgmt_ev_connect_failed ev;
4191
4c659c39 4192 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 4193 ev.addr.type = link_to_bdaddr(link_type, addr_type);
ca69b795 4194 ev.status = mgmt_status(status);
17d5c04c 4195
445608d0 4196 mgmt_event(MGMT_EV_CONNECT_FAILED, hdev, &ev, sizeof(ev), NULL);
17d5c04c 4197}
980e1a53 4198
744cf19e 4199int mgmt_pin_code_request(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 secure)
980e1a53
JH		 4200{
4201 struct mgmt_ev_pin_code_request ev;
4202
d8457698 4203 bacpy(&ev.addr.bdaddr, bdaddr);
591f47f3 4204 ev.addr.type = BDADDR_BREDR;
a770bb5a 4205 ev.secure = secure;
980e1a53 4206
744cf19e 4207 return mgmt_event(MGMT_EV_PIN_CODE_REQUEST, hdev, &ev, sizeof(ev),
04124681 4208 NULL);
980e1a53
JH		 4209}
4210
744cf19e 4211int mgmt_pin_code_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 4212 u8 status)
980e1a53
JH		 4213{
4214 struct pending_cmd *cmd;
ac56fb13 4215 struct mgmt_rp_pin_code_reply rp;
980e1a53
JH		 4216 int err;
4217
2e58ef3e 4218 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_REPLY, hdev);
980e1a53
JH		 4219 if (!cmd)
4220 return -ENOENT;
4221
d8457698 4222 bacpy(&rp.addr.bdaddr, bdaddr);
591f47f3 4223 rp.addr.type = BDADDR_BREDR;
ac56fb13 4224
aee9b218 4225 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
04124681 4226 mgmt_status(status), &rp, sizeof(rp));
980e1a53 4227
a664b5bc 4228 mgmt_pending_remove(cmd);
980e1a53
JH		 4229
4230 return err;
4231}
4232
744cf19e 4233int mgmt_pin_code_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 4234 u8 status)
980e1a53
JH		 4235{
4236 struct pending_cmd *cmd;
ac56fb13 4237 struct mgmt_rp_pin_code_reply rp;
980e1a53
JH		 4238 int err;
4239
2e58ef3e 4240 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_NEG_REPLY, hdev);
980e1a53
JH		 4241 if (!cmd)
4242 return -ENOENT;
4243
d8457698 4244 bacpy(&rp.addr.bdaddr, bdaddr);
591f47f3 4245 rp.addr.type = BDADDR_BREDR;
ac56fb13 4246
aee9b218 4247 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_NEG_REPLY,
04124681 4248 mgmt_status(status), &rp, sizeof(rp));
980e1a53 4249
a664b5bc 4250 mgmt_pending_remove(cmd);
980e1a53
JH		 4251
4252 return err;
4253}
a5c29683 4254
744cf19e 4255int mgmt_user_confirm_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681
GP		 4256 u8 link_type, u8 addr_type, __le32 value,
4257 u8 confirm_hint)
a5c29683
JH		 4258{
4259 struct mgmt_ev_user_confirm_request ev;
4260
744cf19e 4261 BT_DBG("%s", hdev->name);
a5c29683 4262
272d90df 4263 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 4264 ev.addr.type = link_to_bdaddr(link_type, addr_type);
55bc1a37 4265 ev.confirm_hint = confirm_hint;
78e8098e 4266 ev.value = value;
a5c29683 4267
744cf19e 4268 return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST, hdev, &ev, sizeof(ev),
04124681 4269 NULL);
a5c29683
JH		 4270}
4271
272d90df 4272int mgmt_user_passkey_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
8ce8e2b5 4273 u8 link_type, u8 addr_type)
604086b7
BG		 4274{
4275 struct mgmt_ev_user_passkey_request ev;
4276
4277 BT_DBG("%s", hdev->name);
4278
272d90df 4279 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 4280 ev.addr.type = link_to_bdaddr(link_type, addr_type);
604086b7
BG		 4281
4282 return mgmt_event(MGMT_EV_USER_PASSKEY_REQUEST, hdev, &ev, sizeof(ev),
04124681 4283 NULL);
604086b7
BG		 4284}
4285
0df4c185 4286static int user_pairing_resp_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
8ce8e2b5
GP		 4287 u8 link_type, u8 addr_type, u8 status,
4288 u8 opcode)
a5c29683
JH		 4289{
4290 struct pending_cmd *cmd;
4291 struct mgmt_rp_user_confirm_reply rp;
4292 int err;
4293
2e58ef3e 4294 cmd = mgmt_pending_find(opcode, hdev);
a5c29683
JH		 4295 if (!cmd)
4296 return -ENOENT;
4297
272d90df 4298 bacpy(&rp.addr.bdaddr, bdaddr);
57c1477c 4299 rp.addr.type = link_to_bdaddr(link_type, addr_type);
aee9b218 4300 err = cmd_complete(cmd->sk, hdev->id, opcode, mgmt_status(status),
04124681 4301 &rp, sizeof(rp));
a5c29683 4302
a664b5bc 4303 mgmt_pending_remove(cmd);
a5c29683
JH		 4304
4305 return err;
4306}
4307
744cf19e 4308int mgmt_user_confirm_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 4309 u8 link_type, u8 addr_type, u8 status)
a5c29683 4310{
272d90df 4311 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
04124681 4312 status, MGMT_OP_USER_CONFIRM_REPLY);
a5c29683
JH		 4313}
4314
272d90df 4315int mgmt_user_confirm_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 4316 u8 link_type, u8 addr_type, u8 status)
a5c29683 4317{
272d90df 4318 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
8fc9ced3
GP		 4319 status,
4320 MGMT_OP_USER_CONFIRM_NEG_REPLY);
a5c29683 4321}
2a611692 4322
604086b7 4323int mgmt_user_passkey_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 4324 u8 link_type, u8 addr_type, u8 status)
604086b7 4325{
272d90df 4326 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
04124681 4327 status, MGMT_OP_USER_PASSKEY_REPLY);
604086b7
BG		 4328}
4329
272d90df 4330int mgmt_user_passkey_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 4331 u8 link_type, u8 addr_type, u8 status)
604086b7 4332{
272d90df 4333 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
8fc9ced3
GP		 4334 status,
4335 MGMT_OP_USER_PASSKEY_NEG_REPLY);
604086b7
BG		 4336}
4337
92a25256
JH		 4338int mgmt_user_passkey_notify(struct hci_dev *hdev, bdaddr_t *bdaddr,
4339 u8 link_type, u8 addr_type, u32 passkey,
4340 u8 entered)
4341{
4342 struct mgmt_ev_passkey_notify ev;
4343
4344 BT_DBG("%s", hdev->name);
4345
4346 bacpy(&ev.addr.bdaddr, bdaddr);
4347 ev.addr.type = link_to_bdaddr(link_type, addr_type);
4348 ev.passkey = __cpu_to_le32(passkey);
4349 ev.entered = entered;
4350
4351 return mgmt_event(MGMT_EV_PASSKEY_NOTIFY, hdev, &ev, sizeof(ev), NULL);
4352}
4353
bab73cb6 4354int mgmt_auth_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
04124681 4355 u8 addr_type, u8 status)
2a611692
JH		 4356{
4357 struct mgmt_ev_auth_failed ev;
4358
bab73cb6 4359 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 4360 ev.addr.type = link_to_bdaddr(link_type, addr_type);
ca69b795 4361 ev.status = mgmt_status(status);
2a611692 4362
744cf19e 4363 return mgmt_event(MGMT_EV_AUTH_FAILED, hdev, &ev, sizeof(ev), NULL);
2a611692 4364}
b312b161 4365
33ef95ed
JH		 4366int mgmt_auth_enable_complete(struct hci_dev *hdev, u8 status)
4367{
4368 struct cmd_lookup match = { NULL, hdev };
47990ea0
JH		 4369 bool changed = false;
4370 int err = 0;
33ef95ed
JH		 4371
4372 if (status) {
4373 u8 mgmt_err = mgmt_status(status);
4374 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev,
04124681 4375 cmd_status_rsp, &mgmt_err);
33ef95ed
JH		 4376 return 0;
4377 }
4378
47990ea0
JH		 4379 if (test_bit(HCI_AUTH, &hdev->flags)) {
4380 if (!test_and_set_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
4381 changed = true;
4382 } else {
4383 if (test_and_clear_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
4384 changed = true;
4385 }
4386
33ef95ed 4387 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev, settings_rsp,
04124681 4388 &match);
33ef95ed 4389
47990ea0
JH		 4390 if (changed)
4391 err = new_settings(hdev, match.sk);
33ef95ed
JH		 4392
4393 if (match.sk)
4394 sock_put(match.sk);
4395
4396 return err;
4397}
4398
890ea898 4399static void clear_eir(struct hci_request *req)
cacaf52f 4400{
890ea898 4401 struct hci_dev *hdev = req->hdev;
cacaf52f
JH		 4402 struct hci_cp_write_eir cp;
4403
976eb20e 4404 if (!lmp_ext_inq_capable(hdev))
890ea898 4405 return;
cacaf52f 4406
c80da27e
JH		 4407 memset(hdev->eir, 0, sizeof(hdev->eir));
4408
cacaf52f
JH		 4409 memset(&cp, 0, sizeof(cp));
4410
890ea898 4411 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
cacaf52f
JH		 4412}
4413
c0ecddc2 4414int mgmt_ssp_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
ed2c4ee3
JH		 4415{
4416 struct cmd_lookup match = { NULL, hdev };
890ea898 4417 struct hci_request req;
c0ecddc2
JH		 4418 bool changed = false;
4419 int err = 0;
ed2c4ee3
JH		 4420
4421 if (status) {
4422 u8 mgmt_err = mgmt_status(status);
c0ecddc2
JH		 4423
4424 if (enable && test_and_clear_bit(HCI_SSP_ENABLED,
9ecb3e24
MH		 4425 &hdev->dev_flags)) {
4426 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
c0ecddc2 4427 err = new_settings(hdev, NULL);
9ecb3e24 4428 }
c0ecddc2 4429
04124681
GP		 4430 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, cmd_status_rsp,
4431 &mgmt_err);
c0ecddc2
JH		 4432
4433 return err;
4434 }
4435
4436 if (enable) {
9ecb3e24 4437 changed = !test_and_set_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
c0ecddc2 4438 } else {
9ecb3e24
MH		 4439 changed = test_and_clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
4440 if (!changed)
4441 changed = test_and_clear_bit(HCI_HS_ENABLED,
4442 &hdev->dev_flags);
4443 else
4444 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
ed2c4ee3
JH		 4445 }
4446
4447 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, settings_rsp, &match);
4448
c0ecddc2
JH		 4449 if (changed)
4450 err = new_settings(hdev, match.sk);
ed2c4ee3 4451
5fc6ebb1 4452 if (match.sk)
ed2c4ee3
JH		 4453 sock_put(match.sk);
4454
890ea898
JH		 4455 hci_req_init(&req, hdev);
4456
5fc6ebb1 4457 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
890ea898 4458 update_eir(&req);
5fc6ebb1 4459 else
890ea898
JH		 4460 clear_eir(&req);
4461
4462 hci_req_run(&req, NULL);
cacaf52f 4463
ed2c4ee3
JH		 4464 return err;
4465}
4466
92da6097 4467static void sk_lookup(struct pending_cmd *cmd, void *data)
90e70454
JH		 4468{
4469 struct cmd_lookup *match = data;
4470
90e70454
JH		 4471 if (match->sk == NULL) {
4472 match->sk = cmd->sk;
4473 sock_hold(match->sk);
4474 }
90e70454
JH		 4475}
4476
7f9a903c 4477int mgmt_set_class_of_dev_complete(struct hci_dev *hdev, u8 *dev_class,
04124681 4478 u8 status)
7f9a903c 4479{
90e70454
JH		 4480 struct cmd_lookup match = { NULL, hdev, mgmt_status(status) };
4481 int err = 0;
7f9a903c 4482
92da6097
JH		 4483 mgmt_pending_foreach(MGMT_OP_SET_DEV_CLASS, hdev, sk_lookup, &match);
4484 mgmt_pending_foreach(MGMT_OP_ADD_UUID, hdev, sk_lookup, &match);
4485 mgmt_pending_foreach(MGMT_OP_REMOVE_UUID, hdev, sk_lookup, &match);
90e70454
JH		 4486
4487 if (!status)
04124681
GP		 4488 err = mgmt_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev, dev_class,
4489 3, NULL);
90e70454
JH		 4490
4491 if (match.sk)
4492 sock_put(match.sk);
7f9a903c
MH		 4493
4494 return err;
4495}
4496
744cf19e 4497int mgmt_set_local_name_complete(struct hci_dev *hdev, u8 *name, u8 status)
b312b161 4498{
b312b161 4499 struct mgmt_cp_set_local_name ev;
13928971 4500 struct pending_cmd *cmd;
28cc7bde 4501
13928971
JH		 4502 if (status)
4503 return 0;
b312b161
JH		 4504
4505 memset(&ev, 0, sizeof(ev));
4506 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH);
28cc7bde 4507 memcpy(ev.short_name, hdev->short_name, HCI_MAX_SHORT_NAME_LENGTH);
b312b161 4508
2e58ef3e 4509 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
13928971
JH		 4510 if (!cmd) {
4511 memcpy(hdev->dev_name, name, sizeof(hdev->dev_name));
28cc7bde 4512
13928971
JH		 4513 /* If this is a HCI command related to powering on the
4514 * HCI dev don't send any mgmt signals.
4515 */
4516 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev))
4517 return 0;
890ea898 4518 }
b312b161 4519
13928971
JH		 4520 return mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, &ev, sizeof(ev),
4521 cmd ? cmd->sk : NULL);
b312b161 4522}
c35938b2 4523
744cf19e 4524int mgmt_read_local_oob_data_reply_complete(struct hci_dev *hdev, u8 *hash,
04124681 4525 u8 *randomizer, u8 status)
c35938b2
SJ		 4526{
4527 struct pending_cmd *cmd;
4528 int err;
4529
744cf19e 4530 BT_DBG("%s status %u", hdev->name, status);
c35938b2 4531
2e58ef3e 4532 cmd = mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev);
c35938b2
SJ		 4533 if (!cmd)
4534 return -ENOENT;
4535
4536 if (status) {
04124681
GP		 4537 err = cmd_status(cmd->sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
4538 mgmt_status(status));
c35938b2
SJ		 4539 } else {
4540 struct mgmt_rp_read_local_oob_data rp;
4541
4542 memcpy(rp.hash, hash, sizeof(rp.hash));
4543 memcpy(rp.randomizer, randomizer, sizeof(rp.randomizer));
4544
744cf19e 4545 err = cmd_complete(cmd->sk, hdev->id,
04124681
GP		 4546 MGMT_OP_READ_LOCAL_OOB_DATA, 0, &rp,
4547 sizeof(rp));
c35938b2
SJ		 4548 }
4549
4550 mgmt_pending_remove(cmd);
4551
4552 return err;
4553}
e17acd40 4554
901801b9
MH		 4555void mgmt_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
4556 u8 addr_type, u8 *dev_class, s8 rssi, u8 cfm_name, u8
4557 ssp, u8 *eir, u16 eir_len)
e17acd40 4558{
e319d2e7
JH		 4559 char buf[512];
4560 struct mgmt_ev_device_found *ev = (void *) buf;
1dc06093 4561 size_t ev_size;
e17acd40 4562
12602d0c 4563 if (!hci_discovery_active(hdev))
901801b9 4564 return;
12602d0c 4565
1dc06093
JH		 4566 /* Leave 5 bytes for a potential CoD field */
4567 if (sizeof(*ev) + eir_len + 5 > sizeof(buf))
901801b9 4568 return;
7d262f86 4569
1dc06093
JH		 4570 memset(buf, 0, sizeof(buf));
4571
e319d2e7 4572 bacpy(&ev->addr.bdaddr, bdaddr);
57c1477c 4573 ev->addr.type = link_to_bdaddr(link_type, addr_type);
e319d2e7 4574 ev->rssi = rssi;
9a395a80 4575 if (cfm_name)
612dfce9 4576 ev->flags |= __constant_cpu_to_le32(MGMT_DEV_FOUND_CONFIRM_NAME);
388fc8fa 4577 if (!ssp)
612dfce9 4578 ev->flags |= __constant_cpu_to_le32(MGMT_DEV_FOUND_LEGACY_PAIRING);
e17acd40 4579
1dc06093 4580 if (eir_len > 0)
e319d2e7 4581 memcpy(ev->eir, eir, eir_len);
e17acd40 4582
1dc06093
JH		 4583 if (dev_class && !eir_has_data_type(ev->eir, eir_len, EIR_CLASS_OF_DEV))
4584 eir_len = eir_append_data(ev->eir, eir_len, EIR_CLASS_OF_DEV,
04124681 4585 dev_class, 3);
1dc06093 4586
eb55ef07 4587 ev->eir_len = cpu_to_le16(eir_len);
1dc06093 4588 ev_size = sizeof(*ev) + eir_len;
f8523598 4589
901801b9 4590 mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, ev_size, NULL);
e17acd40 4591}
a88a9652 4592
9cf12aee
MH		 4593void mgmt_remote_name(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
4594 u8 addr_type, s8 rssi, u8 *name, u8 name_len)
a88a9652 4595{
b644ba33
JH		 4596 struct mgmt_ev_device_found *ev;
4597 char buf[sizeof(*ev) + HCI_MAX_NAME_LENGTH + 2];
4598 u16 eir_len;
a88a9652 4599
b644ba33 4600 ev = (struct mgmt_ev_device_found *) buf;
a88a9652 4601
b644ba33
JH		 4602 memset(buf, 0, sizeof(buf));
4603
4604 bacpy(&ev->addr.bdaddr, bdaddr);
57c1477c 4605 ev->addr.type = link_to_bdaddr(link_type, addr_type);
b644ba33
JH		 4606 ev->rssi = rssi;
4607
4608 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE, name,
04124681 4609 name_len);
b644ba33 4610
eb55ef07 4611 ev->eir_len = cpu_to_le16(eir_len);
a88a9652 4612
9cf12aee 4613 mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, sizeof(*ev) + eir_len, NULL);
a88a9652 4614}
314b2381 4615
2f1e063b 4616void mgmt_discovering(struct hci_dev *hdev, u8 discovering)
314b2381 4617{
f963e8e9 4618 struct mgmt_ev_discovering ev;
164a6e78
JH		 4619 struct pending_cmd *cmd;
4620
343fb145
AG		 4621 BT_DBG("%s discovering %u", hdev->name, discovering);
4622
164a6e78 4623 if (discovering)
2e58ef3e 4624 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
164a6e78 4625 else
2e58ef3e 4626 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
164a6e78
JH		 4627
4628 if (cmd != NULL) {
f808e166
JH		 4629 u8 type = hdev->discovery.type;
4630
04124681
GP		 4631 cmd_complete(cmd->sk, hdev->id, cmd->opcode, 0, &type,
4632 sizeof(type));
164a6e78
JH		 4633 mgmt_pending_remove(cmd);
4634 }
4635
f963e8e9
JH		 4636 memset(&ev, 0, sizeof(ev));
4637 ev.type = hdev->discovery.type;
4638 ev.discovering = discovering;
4639
2f1e063b 4640 mgmt_event(MGMT_EV_DISCOVERING, hdev, &ev, sizeof(ev), NULL);
314b2381 4641}
5e762444 4642
88c1fe4b 4643int mgmt_device_blocked(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
5e762444
AJ		 4644{
4645 struct pending_cmd *cmd;
4646 struct mgmt_ev_device_blocked ev;
4647
2e58ef3e 4648 cmd = mgmt_pending_find(MGMT_OP_BLOCK_DEVICE, hdev);
5e762444 4649
88c1fe4b
JH		 4650 bacpy(&ev.addr.bdaddr, bdaddr);
4651 ev.addr.type = type;
5e762444 4652
744cf19e 4653 return mgmt_event(MGMT_EV_DEVICE_BLOCKED, hdev, &ev, sizeof(ev),
04124681 4654 cmd ? cmd->sk : NULL);
5e762444
AJ		 4655}
4656
88c1fe4b 4657int mgmt_device_unblocked(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
5e762444
AJ		 4658{
4659 struct pending_cmd *cmd;
4660 struct mgmt_ev_device_unblocked ev;
4661
2e58ef3e 4662 cmd = mgmt_pending_find(MGMT_OP_UNBLOCK_DEVICE, hdev);
5e762444 4663
88c1fe4b
JH		 4664 bacpy(&ev.addr.bdaddr, bdaddr);
4665 ev.addr.type = type;
5e762444 4666
744cf19e 4667 return mgmt_event(MGMT_EV_DEVICE_UNBLOCKED, hdev, &ev, sizeof(ev),
04124681 4668 cmd ? cmd->sk : NULL);
5e762444 4669}
5976e608
MH		 4670
4671static void adv_enable_complete(struct hci_dev *hdev, u8 status)
4672{
4673 BT_DBG("%s status %u", hdev->name, status);
4674
4675 /* Clear the advertising mgmt setting if we failed to re-enable it */
4676 if (status) {
4677 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
a6d811ed 4678 new_settings(hdev, NULL);
5976e608
MH		 4679 }
4680}
4681
4682void mgmt_reenable_advertising(struct hci_dev *hdev)
4683{
4684 struct hci_request req;
4685
b145edcd 4686 if (hci_conn_num(hdev, LE_LINK) > 0)
5976e608
MH		 4687 return;
4688
4689 if (!test_bit(HCI_ADVERTISING, &hdev->dev_flags))
4690 return;
4691
4692 hci_req_init(&req, hdev);
4693 enable_advertising(&req);
4694
4695 /* If this fails we have no option but to let user space know
4696 * that we've disabled advertising.
4697 */
4698 if (hci_req_run(&req, adv_enable_complete) < 0) {
4699 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
a6d811ed 4700 new_settings(hdev, NULL);
5976e608
MH		 4701 }
4702}
Linux kernel - Deliverables
This page took 0.643751 seconds and 5 git commands to generate.