projects / deliverable / linux.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Bluetooth: Remove unneeded val variable when setting SSP
[deliverable/linux.git] / net / bluetooth / mgmt.c
CommitLineData
0381101f
JH		 1/*
2 BlueZ - Bluetooth protocol stack for Linux
ea585ab5 3
0381101f 4 Copyright (C) 2010 Nokia Corporation
ea585ab5 5 Copyright (C) 2011-2012 Intel Corporation
0381101f
JH		 6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
10
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
23*/
24
25/* Bluetooth HCI Management interface */
26
3a9a231d 27#include <linux/module.h>
0381101f
JH		 28#include <asm/unaligned.h>
29
30#include <net/bluetooth/bluetooth.h>
31#include <net/bluetooth/hci_core.h>
32#include <net/bluetooth/mgmt.h>
5fe57d9e 33#include <net/bluetooth/smp.h>
0381101f 34
2da9c55c 35#define MGMT_VERSION 1
9ab8cf37 36#define MGMT_REVISION 4
02d98129 37
e70bb2e8
JH		 38static const u16 mgmt_commands[] = {
39 MGMT_OP_READ_INDEX_LIST,
40 MGMT_OP_READ_INFO,
41 MGMT_OP_SET_POWERED,
42 MGMT_OP_SET_DISCOVERABLE,
43 MGMT_OP_SET_CONNECTABLE,
44 MGMT_OP_SET_FAST_CONNECTABLE,
45 MGMT_OP_SET_PAIRABLE,
46 MGMT_OP_SET_LINK_SECURITY,
47 MGMT_OP_SET_SSP,
48 MGMT_OP_SET_HS,
49 MGMT_OP_SET_LE,
50 MGMT_OP_SET_DEV_CLASS,
51 MGMT_OP_SET_LOCAL_NAME,
52 MGMT_OP_ADD_UUID,
53 MGMT_OP_REMOVE_UUID,
54 MGMT_OP_LOAD_LINK_KEYS,
55 MGMT_OP_LOAD_LONG_TERM_KEYS,
56 MGMT_OP_DISCONNECT,
57 MGMT_OP_GET_CONNECTIONS,
58 MGMT_OP_PIN_CODE_REPLY,
59 MGMT_OP_PIN_CODE_NEG_REPLY,
60 MGMT_OP_SET_IO_CAPABILITY,
61 MGMT_OP_PAIR_DEVICE,
62 MGMT_OP_CANCEL_PAIR_DEVICE,
63 MGMT_OP_UNPAIR_DEVICE,
64 MGMT_OP_USER_CONFIRM_REPLY,
65 MGMT_OP_USER_CONFIRM_NEG_REPLY,
66 MGMT_OP_USER_PASSKEY_REPLY,
67 MGMT_OP_USER_PASSKEY_NEG_REPLY,
68 MGMT_OP_READ_LOCAL_OOB_DATA,
69 MGMT_OP_ADD_REMOTE_OOB_DATA,
70 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
71 MGMT_OP_START_DISCOVERY,
72 MGMT_OP_STOP_DISCOVERY,
73 MGMT_OP_CONFIRM_NAME,
74 MGMT_OP_BLOCK_DEVICE,
75 MGMT_OP_UNBLOCK_DEVICE,
cdbaccca 76 MGMT_OP_SET_DEVICE_ID,
4375f103 77 MGMT_OP_SET_ADVERTISING,
0663ca2a 78 MGMT_OP_SET_BREDR,
d13eafce 79 MGMT_OP_SET_STATIC_ADDRESS,
e70bb2e8
JH		 80};
81
82static const u16 mgmt_events[] = {
83 MGMT_EV_CONTROLLER_ERROR,
84 MGMT_EV_INDEX_ADDED,
85 MGMT_EV_INDEX_REMOVED,
86 MGMT_EV_NEW_SETTINGS,
87 MGMT_EV_CLASS_OF_DEV_CHANGED,
88 MGMT_EV_LOCAL_NAME_CHANGED,
89 MGMT_EV_NEW_LINK_KEY,
90 MGMT_EV_NEW_LONG_TERM_KEY,
91 MGMT_EV_DEVICE_CONNECTED,
92 MGMT_EV_DEVICE_DISCONNECTED,
93 MGMT_EV_CONNECT_FAILED,
94 MGMT_EV_PIN_CODE_REQUEST,
95 MGMT_EV_USER_CONFIRM_REQUEST,
96 MGMT_EV_USER_PASSKEY_REQUEST,
97 MGMT_EV_AUTH_FAILED,
98 MGMT_EV_DEVICE_FOUND,
99 MGMT_EV_DISCOVERING,
100 MGMT_EV_DEVICE_BLOCKED,
101 MGMT_EV_DEVICE_UNBLOCKED,
102 MGMT_EV_DEVICE_UNPAIRED,
92a25256 103 MGMT_EV_PASSKEY_NOTIFY,
e70bb2e8
JH		 104};
105
17b02e62 106#define CACHE_TIMEOUT msecs_to_jiffies(2 * 1000)
7d78525d 107
4b34ee78
JH		 108#define hdev_is_powered(hdev) (test_bit(HCI_UP, &hdev->flags) && \
109 !test_bit(HCI_AUTO_OFF, &hdev->dev_flags))
110
eec8d2bc
JH		 111struct pending_cmd {
112 struct list_head list;
fc2f4b13 113 u16 opcode;
eec8d2bc 114 int index;
c68fb7ff 115 void *param;
eec8d2bc 116 struct sock *sk;
e9a416b5 117 void *user_data;
eec8d2bc
JH		 118};
119
ca69b795
JH		 120/* HCI to MGMT error code conversion table */
121static u8 mgmt_status_table[] = {
122 MGMT_STATUS_SUCCESS,
123 MGMT_STATUS_UNKNOWN_COMMAND, /* Unknown Command */
124 MGMT_STATUS_NOT_CONNECTED, /* No Connection */
125 MGMT_STATUS_FAILED, /* Hardware Failure */
126 MGMT_STATUS_CONNECT_FAILED, /* Page Timeout */
127 MGMT_STATUS_AUTH_FAILED, /* Authentication Failed */
128 MGMT_STATUS_NOT_PAIRED, /* PIN or Key Missing */
129 MGMT_STATUS_NO_RESOURCES, /* Memory Full */
130 MGMT_STATUS_TIMEOUT, /* Connection Timeout */
131 MGMT_STATUS_NO_RESOURCES, /* Max Number of Connections */
132 MGMT_STATUS_NO_RESOURCES, /* Max Number of SCO Connections */
133 MGMT_STATUS_ALREADY_CONNECTED, /* ACL Connection Exists */
134 MGMT_STATUS_BUSY, /* Command Disallowed */
135 MGMT_STATUS_NO_RESOURCES, /* Rejected Limited Resources */
136 MGMT_STATUS_REJECTED, /* Rejected Security */
137 MGMT_STATUS_REJECTED, /* Rejected Personal */
138 MGMT_STATUS_TIMEOUT, /* Host Timeout */
139 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Feature */
140 MGMT_STATUS_INVALID_PARAMS, /* Invalid Parameters */
141 MGMT_STATUS_DISCONNECTED, /* OE User Ended Connection */
142 MGMT_STATUS_NO_RESOURCES, /* OE Low Resources */
143 MGMT_STATUS_DISCONNECTED, /* OE Power Off */
144 MGMT_STATUS_DISCONNECTED, /* Connection Terminated */
145 MGMT_STATUS_BUSY, /* Repeated Attempts */
146 MGMT_STATUS_REJECTED, /* Pairing Not Allowed */
147 MGMT_STATUS_FAILED, /* Unknown LMP PDU */
148 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Remote Feature */
149 MGMT_STATUS_REJECTED, /* SCO Offset Rejected */
150 MGMT_STATUS_REJECTED, /* SCO Interval Rejected */
151 MGMT_STATUS_REJECTED, /* Air Mode Rejected */
152 MGMT_STATUS_INVALID_PARAMS, /* Invalid LMP Parameters */
153 MGMT_STATUS_FAILED, /* Unspecified Error */
154 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported LMP Parameter Value */
155 MGMT_STATUS_FAILED, /* Role Change Not Allowed */
156 MGMT_STATUS_TIMEOUT, /* LMP Response Timeout */
157 MGMT_STATUS_FAILED, /* LMP Error Transaction Collision */
158 MGMT_STATUS_FAILED, /* LMP PDU Not Allowed */
159 MGMT_STATUS_REJECTED, /* Encryption Mode Not Accepted */
160 MGMT_STATUS_FAILED, /* Unit Link Key Used */
161 MGMT_STATUS_NOT_SUPPORTED, /* QoS Not Supported */
162 MGMT_STATUS_TIMEOUT, /* Instant Passed */
163 MGMT_STATUS_NOT_SUPPORTED, /* Pairing Not Supported */
164 MGMT_STATUS_FAILED, /* Transaction Collision */
165 MGMT_STATUS_INVALID_PARAMS, /* Unacceptable Parameter */
166 MGMT_STATUS_REJECTED, /* QoS Rejected */
167 MGMT_STATUS_NOT_SUPPORTED, /* Classification Not Supported */
168 MGMT_STATUS_REJECTED, /* Insufficient Security */
169 MGMT_STATUS_INVALID_PARAMS, /* Parameter Out Of Range */
170 MGMT_STATUS_BUSY, /* Role Switch Pending */
171 MGMT_STATUS_FAILED, /* Slot Violation */
172 MGMT_STATUS_FAILED, /* Role Switch Failed */
173 MGMT_STATUS_INVALID_PARAMS, /* EIR Too Large */
174 MGMT_STATUS_NOT_SUPPORTED, /* Simple Pairing Not Supported */
175 MGMT_STATUS_BUSY, /* Host Busy Pairing */
176 MGMT_STATUS_REJECTED, /* Rejected, No Suitable Channel */
177 MGMT_STATUS_BUSY, /* Controller Busy */
178 MGMT_STATUS_INVALID_PARAMS, /* Unsuitable Connection Interval */
179 MGMT_STATUS_TIMEOUT, /* Directed Advertising Timeout */
180 MGMT_STATUS_AUTH_FAILED, /* Terminated Due to MIC Failure */
181 MGMT_STATUS_CONNECT_FAILED, /* Connection Establishment Failed */
182 MGMT_STATUS_CONNECT_FAILED, /* MAC Connection Failed */
183};
184
185static u8 mgmt_status(u8 hci_status)
186{
187 if (hci_status < ARRAY_SIZE(mgmt_status_table))
188 return mgmt_status_table[hci_status];
189
190 return MGMT_STATUS_FAILED;
191}
192
4e51eae9 193static int cmd_status(struct sock *sk, u16 index, u16 cmd, u8 status)
f7b64e69
JH		 194{
195 struct sk_buff *skb;
196 struct mgmt_hdr *hdr;
197 struct mgmt_ev_cmd_status *ev;
56b7d137 198 int err;
f7b64e69 199
34eb525c 200 BT_DBG("sock %p, index %u, cmd %u, status %u", sk, index, cmd, status);
f7b64e69 201
790eff44 202 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev), GFP_KERNEL);
f7b64e69
JH		 203 if (!skb)
204 return -ENOMEM;
205
206 hdr = (void *) skb_put(skb, sizeof(*hdr));
207
612dfce9 208 hdr->opcode = __constant_cpu_to_le16(MGMT_EV_CMD_STATUS);
4e51eae9 209 hdr->index = cpu_to_le16(index);
f7b64e69
JH		 210 hdr->len = cpu_to_le16(sizeof(*ev));
211
212 ev = (void *) skb_put(skb, sizeof(*ev));
213 ev->status = status;
eb55ef07 214 ev->opcode = cpu_to_le16(cmd);
f7b64e69 215
56b7d137
GP		 216 err = sock_queue_rcv_skb(sk, skb);
217 if (err < 0)
f7b64e69
JH		 218 kfree_skb(skb);
219
56b7d137 220 return err;
f7b64e69
JH		 221}
222
aee9b218 223static int cmd_complete(struct sock *sk, u16 index, u16 cmd, u8 status,
04124681 224 void *rp, size_t rp_len)
02d98129
JH		 225{
226 struct sk_buff *skb;
227 struct mgmt_hdr *hdr;
228 struct mgmt_ev_cmd_complete *ev;
56b7d137 229 int err;
02d98129
JH		 230
231 BT_DBG("sock %p", sk);
232
790eff44 233 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev) + rp_len, GFP_KERNEL);
02d98129
JH		 234 if (!skb)
235 return -ENOMEM;
236
237 hdr = (void *) skb_put(skb, sizeof(*hdr));
02d98129 238
612dfce9 239 hdr->opcode = __constant_cpu_to_le16(MGMT_EV_CMD_COMPLETE);
4e51eae9 240 hdr->index = cpu_to_le16(index);
a38528f1 241 hdr->len = cpu_to_le16(sizeof(*ev) + rp_len);
02d98129 242
a38528f1 243 ev = (void *) skb_put(skb, sizeof(*ev) + rp_len);
eb55ef07 244 ev->opcode = cpu_to_le16(cmd);
aee9b218 245 ev->status = status;
8020c16a
SJ		 246
247 if (rp)
248 memcpy(ev->data, rp, rp_len);
02d98129 249
56b7d137
GP		 250 err = sock_queue_rcv_skb(sk, skb);
251 if (err < 0)
02d98129
JH		 252 kfree_skb(skb);
253
e5f0e151 254 return err;
02d98129
JH		 255}
256
04124681
GP		 257static int read_version(struct sock *sk, struct hci_dev *hdev, void *data,
258 u16 data_len)
a38528f1
JH		 259{
260 struct mgmt_rp_read_version rp;
261
262 BT_DBG("sock %p", sk);
263
264 rp.version = MGMT_VERSION;
eb55ef07 265 rp.revision = __constant_cpu_to_le16(MGMT_REVISION);
a38528f1 266
aee9b218 267 return cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_VERSION, 0, &rp,
04124681 268 sizeof(rp));
a38528f1
JH		 269}
270
04124681
GP		 271static int read_commands(struct sock *sk, struct hci_dev *hdev, void *data,
272 u16 data_len)
e70bb2e8
JH		 273{
274 struct mgmt_rp_read_commands *rp;
eb55ef07
MH		 275 const u16 num_commands = ARRAY_SIZE(mgmt_commands);
276 const u16 num_events = ARRAY_SIZE(mgmt_events);
2e3c35ea 277 __le16 *opcode;
e70bb2e8
JH		 278 size_t rp_size;
279 int i, err;
280
281 BT_DBG("sock %p", sk);
282
283 rp_size = sizeof(*rp) + ((num_commands + num_events) * sizeof(u16));
284
285 rp = kmalloc(rp_size, GFP_KERNEL);
286 if (!rp)
287 return -ENOMEM;
288
eb55ef07
MH		 289 rp->num_commands = __constant_cpu_to_le16(num_commands);
290 rp->num_events = __constant_cpu_to_le16(num_events);
e70bb2e8
JH		 291
292 for (i = 0, opcode = rp->opcodes; i < num_commands; i++, opcode++)
293 put_unaligned_le16(mgmt_commands[i], opcode);
294
295 for (i = 0; i < num_events; i++, opcode++)
296 put_unaligned_le16(mgmt_events[i], opcode);
297
aee9b218 298 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_COMMANDS, 0, rp,
04124681 299 rp_size);
e70bb2e8
JH		 300 kfree(rp);
301
302 return err;
303}
304
04124681
GP		 305static int read_index_list(struct sock *sk, struct hci_dev *hdev, void *data,
306 u16 data_len)
faba42eb 307{
faba42eb 308 struct mgmt_rp_read_index_list *rp;
8035ded4 309 struct hci_dev *d;
a38528f1 310 size_t rp_len;
faba42eb 311 u16 count;
476e44cb 312 int err;
faba42eb
JH		 313
314 BT_DBG("sock %p", sk);
315
316 read_lock(&hci_dev_list_lock);
317
318 count = 0;
bb4b2a9a 319 list_for_each_entry(d, &hci_dev_list, list) {
1514b892
MH		 320 if (d->dev_type == HCI_BREDR)
321 count++;
faba42eb
JH		 322 }
323
a38528f1
JH		 324 rp_len = sizeof(*rp) + (2 * count);
325 rp = kmalloc(rp_len, GFP_ATOMIC);
326 if (!rp) {
b2c60d42 327 read_unlock(&hci_dev_list_lock);
faba42eb 328 return -ENOMEM;
b2c60d42 329 }
faba42eb 330
476e44cb 331 count = 0;
8035ded4 332 list_for_each_entry(d, &hci_dev_list, list) {
a8b2d5c2 333 if (test_bit(HCI_SETUP, &d->dev_flags))
ab81cbf9
JH		 334 continue;
335
0736cfa8
MH		 336 if (test_bit(HCI_USER_CHANNEL, &d->dev_flags))
337 continue;
338
1514b892
MH		 339 if (d->dev_type == HCI_BREDR) {
340 rp->index[count++] = cpu_to_le16(d->id);
341 BT_DBG("Added hci%u", d->id);
342 }
faba42eb
JH		 343 }
344
476e44cb
JH		 345 rp->num_controllers = cpu_to_le16(count);
346 rp_len = sizeof(*rp) + (2 * count);
347
faba42eb
JH		 348 read_unlock(&hci_dev_list_lock);
349
aee9b218 350 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_INDEX_LIST, 0, rp,
04124681 351 rp_len);
faba42eb 352
a38528f1
JH		 353 kfree(rp);
354
355 return err;
faba42eb
JH		 356}
357
69ab39ea
JH		 358static u32 get_supported_settings(struct hci_dev *hdev)
359{
360 u32 settings = 0;
361
362 settings |= MGMT_SETTING_POWERED;
69ab39ea
JH		 363 settings |= MGMT_SETTING_PAIRABLE;
364
9a1a1996 365 if (lmp_ssp_capable(hdev))
69ab39ea
JH		 366 settings |= MGMT_SETTING_SSP;
367
ed3fa31f 368 if (lmp_bredr_capable(hdev)) {
33c525c0 369 settings |= MGMT_SETTING_CONNECTABLE;
1a47aee8
JH		 370 if (hdev->hci_ver >= BLUETOOTH_VER_1_2)
371 settings |= MGMT_SETTING_FAST_CONNECTABLE;
33c525c0 372 settings |= MGMT_SETTING_DISCOVERABLE;
69ab39ea
JH		 373 settings |= MGMT_SETTING_BREDR;
374 settings |= MGMT_SETTING_LINK_SECURITY;
d7b7e796 375 settings |= MGMT_SETTING_HS;
848566b3 376 }
d7b7e796 377
eeca6f89 378 if (lmp_le_capable(hdev)) {
9d42820f 379 settings |= MGMT_SETTING_LE;
eeca6f89
JH		 380 settings |= MGMT_SETTING_ADVERTISING;
381 }
69ab39ea
JH		 382
383 return settings;
384}
385
386static u32 get_current_settings(struct hci_dev *hdev)
387{
388 u32 settings = 0;
389
f1f0eb02 390 if (hdev_is_powered(hdev))
f0d4b78a
MH		 391 settings |= MGMT_SETTING_POWERED;
392
5e5282bb 393 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
69ab39ea
JH		 394 settings |= MGMT_SETTING_CONNECTABLE;
395
1a4d3c4b
JH		 396 if (test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags))
397 settings |= MGMT_SETTING_FAST_CONNECTABLE;
398
5e5282bb 399 if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
69ab39ea
JH		 400 settings |= MGMT_SETTING_DISCOVERABLE;
401
a8b2d5c2 402 if (test_bit(HCI_PAIRABLE, &hdev->dev_flags))
69ab39ea
JH		 403 settings |= MGMT_SETTING_PAIRABLE;
404
56f87901 405 if (test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
69ab39ea
JH		 406 settings |= MGMT_SETTING_BREDR;
407
06199cf8 408 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
69ab39ea
JH		 409 settings |= MGMT_SETTING_LE;
410
47990ea0 411 if (test_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
69ab39ea
JH		 412 settings |= MGMT_SETTING_LINK_SECURITY;
413
84bde9d6 414 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
69ab39ea
JH		 415 settings |= MGMT_SETTING_SSP;
416
6d80dfd0
JH		 417 if (test_bit(HCI_HS_ENABLED, &hdev->dev_flags))
418 settings |= MGMT_SETTING_HS;
419
f3d3444a 420 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags))
eeca6f89
JH		 421 settings |= MGMT_SETTING_ADVERTISING;
422
69ab39ea
JH		 423 return settings;
424}
425
ef580372
JH		 426#define PNP_INFO_SVCLASS_ID 0x1200
427
213202ed
JH		 428static u8 *create_uuid16_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
429{
430 u8 *ptr = data, *uuids_start = NULL;
431 struct bt_uuid *uuid;
432
433 if (len < 4)
434 return ptr;
435
436 list_for_each_entry(uuid, &hdev->uuids, list) {
437 u16 uuid16;
438
439 if (uuid->size != 16)
440 continue;
441
442 uuid16 = get_unaligned_le16(&uuid->uuid[12]);
443 if (uuid16 < 0x1100)
444 continue;
445
446 if (uuid16 == PNP_INFO_SVCLASS_ID)
447 continue;
448
449 if (!uuids_start) {
450 uuids_start = ptr;
451 uuids_start[0] = 1;
452 uuids_start[1] = EIR_UUID16_ALL;
453 ptr += 2;
454 }
455
456 /* Stop if not enough space to put next UUID */
457 if ((ptr - data) + sizeof(u16) > len) {
458 uuids_start[1] = EIR_UUID16_SOME;
459 break;
460 }
461
462 *ptr++ = (uuid16 & 0x00ff);
463 *ptr++ = (uuid16 & 0xff00) >> 8;
464 uuids_start[0] += sizeof(uuid16);
465 }
466
467 return ptr;
468}
469
cdf1963f
JH		 470static u8 *create_uuid32_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
471{
472 u8 *ptr = data, *uuids_start = NULL;
473 struct bt_uuid *uuid;
474
475 if (len < 6)
476 return ptr;
477
478 list_for_each_entry(uuid, &hdev->uuids, list) {
479 if (uuid->size != 32)
480 continue;
481
482 if (!uuids_start) {
483 uuids_start = ptr;
484 uuids_start[0] = 1;
485 uuids_start[1] = EIR_UUID32_ALL;
486 ptr += 2;
487 }
488
489 /* Stop if not enough space to put next UUID */
490 if ((ptr - data) + sizeof(u32) > len) {
491 uuids_start[1] = EIR_UUID32_SOME;
492 break;
493 }
494
495 memcpy(ptr, &uuid->uuid[12], sizeof(u32));
496 ptr += sizeof(u32);
497 uuids_start[0] += sizeof(u32);
498 }
499
500 return ptr;
501}
502
c00d575b
JH		 503static u8 *create_uuid128_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
504{
505 u8 *ptr = data, *uuids_start = NULL;
506 struct bt_uuid *uuid;
507
508 if (len < 18)
509 return ptr;
510
511 list_for_each_entry(uuid, &hdev->uuids, list) {
512 if (uuid->size != 128)
513 continue;
514
515 if (!uuids_start) {
516 uuids_start = ptr;
517 uuids_start[0] = 1;
518 uuids_start[1] = EIR_UUID128_ALL;
519 ptr += 2;
520 }
521
522 /* Stop if not enough space to put next UUID */
523 if ((ptr - data) + 16 > len) {
524 uuids_start[1] = EIR_UUID128_SOME;
525 break;
526 }
527
528 memcpy(ptr, uuid->uuid, 16);
529 ptr += 16;
530 uuids_start[0] += 16;
531 }
532
533 return ptr;
534}
535
ef580372
JH		 536static void create_eir(struct hci_dev *hdev, u8 *data)
537{
538 u8 *ptr = data;
ef580372
JH		 539 size_t name_len;
540
541 name_len = strlen(hdev->dev_name);
542
543 if (name_len > 0) {
544 /* EIR Data type */
545 if (name_len > 48) {
546 name_len = 48;
547 ptr[1] = EIR_NAME_SHORT;
548 } else
549 ptr[1] = EIR_NAME_COMPLETE;
550
551 /* EIR Data length */
552 ptr[0] = name_len + 1;
553
554 memcpy(ptr + 2, hdev->dev_name, name_len);
555
ef580372
JH		 556 ptr += (name_len + 2);
557 }
558
bbaf444a 559 if (hdev->inq_tx_power != HCI_TX_POWER_INVALID) {
91c4e9b1
MH		 560 ptr[0] = 2;
561 ptr[1] = EIR_TX_POWER;
562 ptr[2] = (u8) hdev->inq_tx_power;
563
91c4e9b1
MH		 564 ptr += 3;
565 }
566
2b9be137
MH		 567 if (hdev->devid_source > 0) {
568 ptr[0] = 9;
569 ptr[1] = EIR_DEVICE_ID;
570
571 put_unaligned_le16(hdev->devid_source, ptr + 2);
572 put_unaligned_le16(hdev->devid_vendor, ptr + 4);
573 put_unaligned_le16(hdev->devid_product, ptr + 6);
574 put_unaligned_le16(hdev->devid_version, ptr + 8);
575
2b9be137
MH		 576 ptr += 10;
577 }
578
213202ed 579 ptr = create_uuid16_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
cdf1963f 580 ptr = create_uuid32_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
c00d575b 581 ptr = create_uuid128_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
ef580372
JH		 582}
583
890ea898 584static void update_eir(struct hci_request *req)
ef580372 585{
890ea898 586 struct hci_dev *hdev = req->hdev;
ef580372
JH		 587 struct hci_cp_write_eir cp;
588
504c8dcd 589 if (!hdev_is_powered(hdev))
890ea898 590 return;
7770c4aa 591
976eb20e 592 if (!lmp_ext_inq_capable(hdev))
890ea898 593 return;
ef580372 594
84bde9d6 595 if (!test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
890ea898 596 return;
ef580372 597
a8b2d5c2 598 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
890ea898 599 return;
ef580372
JH		 600
601 memset(&cp, 0, sizeof(cp));
602
603 create_eir(hdev, cp.data);
604
605 if (memcmp(cp.data, hdev->eir, sizeof(cp.data)) == 0)
890ea898 606 return;
ef580372
JH		 607
608 memcpy(hdev->eir, cp.data, sizeof(cp.data));
609
890ea898 610 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
ef580372
JH		 611}
612
613static u8 get_service_classes(struct hci_dev *hdev)
614{
615 struct bt_uuid *uuid;
616 u8 val = 0;
617
618 list_for_each_entry(uuid, &hdev->uuids, list)
619 val |= uuid->svc_hint;
620
621 return val;
622}
623
890ea898 624static void update_class(struct hci_request *req)
ef580372 625{
890ea898 626 struct hci_dev *hdev = req->hdev;
ef580372
JH		 627 u8 cod[3];
628
629 BT_DBG("%s", hdev->name);
630
504c8dcd 631 if (!hdev_is_powered(hdev))
890ea898 632 return;
7770c4aa 633
a8b2d5c2 634 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
890ea898 635 return;
ef580372
JH		 636
637 cod[0] = hdev->minor_class;
638 cod[1] = hdev->major_class;
639 cod[2] = get_service_classes(hdev);
640
641 if (memcmp(cod, hdev->dev_class, 3) == 0)
890ea898 642 return;
ef580372 643
890ea898 644 hci_req_add(req, HCI_OP_WRITE_CLASS_OF_DEV, sizeof(cod), cod);
ef580372
JH		 645}
646
7d78525d
JH		 647static void service_cache_off(struct work_struct *work)
648{
649 struct hci_dev *hdev = container_of(work, struct hci_dev,
04124681 650 service_cache.work);
890ea898 651 struct hci_request req;
7d78525d 652
a8b2d5c2 653 if (!test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
7d78525d
JH		 654 return;
655
890ea898
JH		 656 hci_req_init(&req, hdev);
657
7d78525d
JH		 658 hci_dev_lock(hdev);
659
890ea898
JH		 660 update_eir(&req);
661 update_class(&req);
7d78525d
JH		 662
663 hci_dev_unlock(hdev);
890ea898
JH		 664
665 hci_req_run(&req, NULL);
7d78525d
JH		 666}
667
6a919082 668static void mgmt_init_hdev(struct sock *sk, struct hci_dev *hdev)
7d78525d 669{
4f87da80 670 if (test_and_set_bit(HCI_MGMT, &hdev->dev_flags))
6a919082
JH		 671 return;
672
4f87da80 673 INIT_DELAYED_WORK(&hdev->service_cache, service_cache_off);
7d78525d 674
4f87da80
JH		 675 /* Non-mgmt controlled devices get this bit set
676 * implicitly so that pairing works for them, however
677 * for mgmt we require user-space to explicitly enable
678 * it
679 */
680 clear_bit(HCI_PAIRABLE, &hdev->dev_flags);
7d78525d
JH		 681}
682
0f4e68cf 683static int read_controller_info(struct sock *sk, struct hci_dev *hdev,
04124681 684 void *data, u16 data_len)
0381101f 685{
a38528f1 686 struct mgmt_rp_read_info rp;
f7b64e69 687
bdb6d971 688 BT_DBG("sock %p %s", sk, hdev->name);
f7b64e69 689
09fd0de5 690 hci_dev_lock(hdev);
f7b64e69 691
dc4fe30b
JH		 692 memset(&rp, 0, sizeof(rp));
693
69ab39ea 694 bacpy(&rp.bdaddr, &hdev->bdaddr);
f7b64e69 695
69ab39ea 696 rp.version = hdev->hci_ver;
eb55ef07 697 rp.manufacturer = cpu_to_le16(hdev->manufacturer);
69ab39ea
JH		 698
699 rp.supported_settings = cpu_to_le32(get_supported_settings(hdev));
700 rp.current_settings = cpu_to_le32(get_current_settings(hdev));
f7b64e69 701
a38528f1 702 memcpy(rp.dev_class, hdev->dev_class, 3);
f7b64e69 703
dc4fe30b 704 memcpy(rp.name, hdev->dev_name, sizeof(hdev->dev_name));
27fcc362 705 memcpy(rp.short_name, hdev->short_name, sizeof(hdev->short_name));
dc4fe30b 706
09fd0de5 707 hci_dev_unlock(hdev);
0381101f 708
bdb6d971 709 return cmd_complete(sk, hdev->id, MGMT_OP_READ_INFO, 0, &rp,
04124681 710 sizeof(rp));
0381101f
JH		 711}
712
eec8d2bc
JH		 713static void mgmt_pending_free(struct pending_cmd *cmd)
714{
715 sock_put(cmd->sk);
c68fb7ff 716 kfree(cmd->param);
eec8d2bc
JH		 717 kfree(cmd);
718}
719
366a0336 720static struct pending_cmd *mgmt_pending_add(struct sock *sk, u16 opcode,
04124681
GP		 721 struct hci_dev *hdev, void *data,
722 u16 len)
eec8d2bc
JH		 723{
724 struct pending_cmd *cmd;
725
12b94565 726 cmd = kmalloc(sizeof(*cmd), GFP_KERNEL);
eec8d2bc 727 if (!cmd)
366a0336 728 return NULL;
eec8d2bc
JH		 729
730 cmd->opcode = opcode;
2e58ef3e 731 cmd->index = hdev->id;
eec8d2bc 732
12b94565 733 cmd->param = kmalloc(len, GFP_KERNEL);
c68fb7ff 734 if (!cmd->param) {
eec8d2bc 735 kfree(cmd);
366a0336 736 return NULL;
eec8d2bc
JH		 737 }
738
8fce6357
SJ		 739 if (data)
740 memcpy(cmd->param, data, len);
eec8d2bc
JH		 741
742 cmd->sk = sk;
743 sock_hold(sk);
744
2e58ef3e 745 list_add(&cmd->list, &hdev->mgmt_pending);
eec8d2bc 746
366a0336 747 return cmd;
eec8d2bc
JH		 748}
749
744cf19e 750static void mgmt_pending_foreach(u16 opcode, struct hci_dev *hdev,
8fc9ced3
GP		 751 void (*cb)(struct pending_cmd *cmd,
752 void *data),
04124681 753 void *data)
eec8d2bc 754{
a3d09356 755 struct pending_cmd *cmd, *tmp;
eec8d2bc 756
a3d09356 757 list_for_each_entry_safe(cmd, tmp, &hdev->mgmt_pending, list) {
b24752fe 758 if (opcode > 0 && cmd->opcode != opcode)
eec8d2bc
JH		 759 continue;
760
eec8d2bc
JH		 761 cb(cmd, data);
762 }
763}
764
2e58ef3e 765static struct pending_cmd *mgmt_pending_find(u16 opcode, struct hci_dev *hdev)
eec8d2bc 766{
8035ded4 767 struct pending_cmd *cmd;
eec8d2bc 768
2e58ef3e 769 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
2aeabcbe
JH		 770 if (cmd->opcode == opcode)
771 return cmd;
eec8d2bc
JH		 772 }
773
774 return NULL;
775}
776
a664b5bc 777static void mgmt_pending_remove(struct pending_cmd *cmd)
73f22f62 778{
73f22f62
JH		 779 list_del(&cmd->list);
780 mgmt_pending_free(cmd);
781}
782
69ab39ea 783static int send_settings_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
8680570b 784{
69ab39ea 785 __le32 settings = cpu_to_le32(get_current_settings(hdev));
8680570b 786
aee9b218 787 return cmd_complete(sk, hdev->id, opcode, 0, &settings,
04124681 788 sizeof(settings));
8680570b
JH		 789}
790
bdb6d971 791static int set_powered(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 792 u16 len)
eec8d2bc 793{
650f726d 794 struct mgmt_mode *cp = data;
366a0336 795 struct pending_cmd *cmd;
4b34ee78 796 int err;
eec8d2bc 797
bdb6d971 798 BT_DBG("request for %s", hdev->name);
eec8d2bc 799
a7e80f25
JH		 800 if (cp->val != 0x00 && cp->val != 0x01)
801 return cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
802 MGMT_STATUS_INVALID_PARAMS);
803
09fd0de5 804 hci_dev_lock(hdev);
eec8d2bc 805
87b95ba6
JH		 806 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev)) {
807 err = cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
808 MGMT_STATUS_BUSY);
809 goto failed;
810 }
811
f0d4b78a
MH		 812 if (test_and_clear_bit(HCI_AUTO_OFF, &hdev->dev_flags)) {
813 cancel_delayed_work(&hdev->power_off);
814
815 if (cp->val) {
a1d70450
JH		 816 mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev,
817 data, len);
818 err = mgmt_powered(hdev, 1);
f0d4b78a
MH		 819 goto failed;
820 }
821 }
822
4b34ee78 823 if (!!cp->val == hdev_is_powered(hdev)) {
69ab39ea 824 err = send_settings_rsp(sk, MGMT_OP_SET_POWERED, hdev);
eec8d2bc
JH		 825 goto failed;
826 }
827
2e58ef3e 828 cmd = mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev, data, len);
366a0336
JH		 829 if (!cmd) {
830 err = -ENOMEM;
eec8d2bc 831 goto failed;
366a0336 832 }
eec8d2bc 833
72a734ec 834 if (cp->val)
19202573 835 queue_work(hdev->req_workqueue, &hdev->power_on);
eec8d2bc 836 else
19202573 837 queue_work(hdev->req_workqueue, &hdev->power_off.work);
eec8d2bc 838
366a0336 839 err = 0;
eec8d2bc
JH		 840
841failed:
09fd0de5 842 hci_dev_unlock(hdev);
366a0336 843 return err;
eec8d2bc
JH		 844}
845
04124681
GP		 846static int mgmt_event(u16 event, struct hci_dev *hdev, void *data, u16 data_len,
847 struct sock *skip_sk)
beadb2bd
JH		 848{
849 struct sk_buff *skb;
850 struct mgmt_hdr *hdr;
851
790eff44 852 skb = alloc_skb(sizeof(*hdr) + data_len, GFP_KERNEL);
beadb2bd
JH		 853 if (!skb)
854 return -ENOMEM;
855
856 hdr = (void *) skb_put(skb, sizeof(*hdr));
857 hdr->opcode = cpu_to_le16(event);
858 if (hdev)
859 hdr->index = cpu_to_le16(hdev->id);
860 else
612dfce9 861 hdr->index = __constant_cpu_to_le16(MGMT_INDEX_NONE);
beadb2bd
JH		 862 hdr->len = cpu_to_le16(data_len);
863
864 if (data)
865 memcpy(skb_put(skb, data_len), data, data_len);
866
97e0bdeb
MH		 867 /* Time stamp */
868 __net_timestamp(skb);
869
beadb2bd
JH		 870 hci_send_to_control(skb, skip_sk);
871 kfree_skb(skb);
872
873 return 0;
874}
875
876static int new_settings(struct hci_dev *hdev, struct sock *skip)
877{
878 __le32 ev;
879
880 ev = cpu_to_le32(get_current_settings(hdev));
881
882 return mgmt_event(MGMT_EV_NEW_SETTINGS, hdev, &ev, sizeof(ev), skip);
883}
884
bd99abdd
JH		 885struct cmd_lookup {
886 struct sock *sk;
887 struct hci_dev *hdev;
888 u8 mgmt_status;
889};
890
891static void settings_rsp(struct pending_cmd *cmd, void *data)
892{
893 struct cmd_lookup *match = data;
894
895 send_settings_rsp(cmd->sk, cmd->opcode, match->hdev);
896
897 list_del(&cmd->list);
898
899 if (match->sk == NULL) {
900 match->sk = cmd->sk;
901 sock_hold(match->sk);
902 }
903
904 mgmt_pending_free(cmd);
905}
906
907static void cmd_status_rsp(struct pending_cmd *cmd, void *data)
908{
909 u8 *status = data;
910
911 cmd_status(cmd->sk, cmd->index, cmd->opcode, *status);
912 mgmt_pending_remove(cmd);
913}
914
e6fe7986
JH		 915static u8 mgmt_bredr_support(struct hci_dev *hdev)
916{
917 if (!lmp_bredr_capable(hdev))
918 return MGMT_STATUS_NOT_SUPPORTED;
919 else if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
920 return MGMT_STATUS_REJECTED;
921 else
922 return MGMT_STATUS_SUCCESS;
923}
924
925static u8 mgmt_le_support(struct hci_dev *hdev)
926{
927 if (!lmp_le_capable(hdev))
928 return MGMT_STATUS_NOT_SUPPORTED;
929 else if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
930 return MGMT_STATUS_REJECTED;
931 else
932 return MGMT_STATUS_SUCCESS;
933}
934
bdb6d971 935static int set_discoverable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 936 u16 len)
73f22f62 937{
650f726d 938 struct mgmt_cp_set_discoverable *cp = data;
366a0336 939 struct pending_cmd *cmd;
5e5282bb 940 u16 timeout;
e6fe7986 941 u8 scan, status;
73f22f62
JH		 942 int err;
943
bdb6d971 944 BT_DBG("request for %s", hdev->name);
73f22f62 945
e6fe7986
JH		 946 status = mgmt_bredr_support(hdev);
947 if (status)
33c525c0 948 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
e6fe7986 949 status);
33c525c0 950
a7e80f25
JH		 951 if (cp->val != 0x00 && cp->val != 0x01)
952 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
953 MGMT_STATUS_INVALID_PARAMS);
954
1f350c87 955 timeout = __le16_to_cpu(cp->timeout);
24c54a90 956 if (!cp->val && timeout > 0)
bdb6d971 957 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 958 MGMT_STATUS_INVALID_PARAMS);
73f22f62 959
09fd0de5 960 hci_dev_lock(hdev);
73f22f62 961
5e5282bb 962 if (!hdev_is_powered(hdev) && timeout > 0) {
bdb6d971 963 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 964 MGMT_STATUS_NOT_POWERED);
73f22f62
JH		 965 goto failed;
966 }
967
2e58ef3e 968 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
8ce8e2b5 969 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
bdb6d971 970 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 971 MGMT_STATUS_BUSY);
73f22f62
JH		 972 goto failed;
973 }
974
5e5282bb 975 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags)) {
bdb6d971 976 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 977 MGMT_STATUS_REJECTED);
5e5282bb
JH		 978 goto failed;
979 }
980
981 if (!hdev_is_powered(hdev)) {
0224d2fa
JH		 982 bool changed = false;
983
984 if (!!cp->val != test_bit(HCI_DISCOVERABLE, &hdev->dev_flags)) {
985 change_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
986 changed = true;
987 }
988
5e5282bb 989 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
0224d2fa
JH		 990 if (err < 0)
991 goto failed;
992
993 if (changed)
994 err = new_settings(hdev, sk);
995
5e5282bb
JH		 996 goto failed;
997 }
998
999 if (!!cp->val == test_bit(HCI_DISCOVERABLE, &hdev->dev_flags)) {
955638ec
MH		 1000 if (hdev->discov_timeout > 0) {
1001 cancel_delayed_work(&hdev->discov_off);
1002 hdev->discov_timeout = 0;
1003 }
1004
1005 if (cp->val && timeout > 0) {
1006 hdev->discov_timeout = timeout;
1007 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
1008 msecs_to_jiffies(hdev->discov_timeout * 1000));
1009 }
1010
69ab39ea 1011 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
73f22f62
JH		 1012 goto failed;
1013 }
1014
2e58ef3e 1015 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DISCOVERABLE, hdev, data, len);
366a0336
JH		 1016 if (!cmd) {
1017 err = -ENOMEM;
73f22f62 1018 goto failed;
366a0336 1019 }
73f22f62
JH		 1020
1021 scan = SCAN_PAGE;
1022
72a734ec 1023 if (cp->val)
73f22f62 1024 scan |= SCAN_INQUIRY;
16ab91ab 1025 else
e0f9309f 1026 cancel_delayed_work(&hdev->discov_off);
73f22f62
JH		 1027
1028 err = hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1029 if (err < 0)
a664b5bc 1030 mgmt_pending_remove(cmd);
73f22f62 1031
16ab91ab 1032 if (cp->val)
5e5282bb 1033 hdev->discov_timeout = timeout;
16ab91ab 1034
73f22f62 1035failed:
09fd0de5 1036 hci_dev_unlock(hdev);
73f22f62
JH		 1037 return err;
1038}
1039
406d7804
JH		 1040static void write_fast_connectable(struct hci_request *req, bool enable)
1041{
bd98b996 1042 struct hci_dev *hdev = req->hdev;
406d7804
JH		 1043 struct hci_cp_write_page_scan_activity acp;
1044 u8 type;
1045
4c01f8b8
JH		 1046 if (hdev->hci_ver < BLUETOOTH_VER_1_2)
1047 return;
1048
406d7804
JH		 1049 if (enable) {
1050 type = PAGE_SCAN_TYPE_INTERLACED;
1051
1052 /* 160 msec page scan interval */
1053 acp.interval = __constant_cpu_to_le16(0x0100);
1054 } else {
1055 type = PAGE_SCAN_TYPE_STANDARD; /* default */
1056
1057 /* default 1.28 sec page scan */
1058 acp.interval = __constant_cpu_to_le16(0x0800);
1059 }
1060
1061 acp.window = __constant_cpu_to_le16(0x0012);
1062
bd98b996
JH		 1063 if (__cpu_to_le16(hdev->page_scan_interval) != acp.interval ||
1064 __cpu_to_le16(hdev->page_scan_window) != acp.window)
1065 hci_req_add(req, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY,
1066 sizeof(acp), &acp);
1067
1068 if (hdev->page_scan_type != type)
1069 hci_req_add(req, HCI_OP_WRITE_PAGE_SCAN_TYPE, 1, &type);
406d7804
JH		 1070}
1071
2b76f453
JH		 1072static void set_connectable_complete(struct hci_dev *hdev, u8 status)
1073{
1074 struct pending_cmd *cmd;
1075
1076 BT_DBG("status 0x%02x", status);
1077
1078 hci_dev_lock(hdev);
1079
1080 cmd = mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
1081 if (!cmd)
1082 goto unlock;
1083
1084 send_settings_rsp(cmd->sk, MGMT_OP_SET_CONNECTABLE, hdev);
1085
1086 mgmt_pending_remove(cmd);
1087
1088unlock:
1089 hci_dev_unlock(hdev);
1090}
1091
bdb6d971 1092static int set_connectable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1093 u16 len)
9fbcbb45 1094{
650f726d 1095 struct mgmt_mode *cp = data;
366a0336 1096 struct pending_cmd *cmd;
2b76f453 1097 struct hci_request req;
e6fe7986 1098 u8 scan, status;
9fbcbb45
JH		 1099 int err;
1100
bdb6d971 1101 BT_DBG("request for %s", hdev->name);
9fbcbb45 1102
e6fe7986
JH		 1103 status = mgmt_bredr_support(hdev);
1104 if (status)
33c525c0 1105 return cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
e6fe7986 1106 status);
33c525c0 1107
a7e80f25
JH		 1108 if (cp->val != 0x00 && cp->val != 0x01)
1109 return cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1110 MGMT_STATUS_INVALID_PARAMS);
1111
09fd0de5 1112 hci_dev_lock(hdev);
9fbcbb45 1113
4b34ee78 1114 if (!hdev_is_powered(hdev)) {
0224d2fa
JH		 1115 bool changed = false;
1116
1117 if (!!cp->val != test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
1118 changed = true;
1119
6bf0e469 1120 if (cp->val) {
5e5282bb 1121 set_bit(HCI_CONNECTABLE, &hdev->dev_flags);
6bf0e469 1122 } else {
5e5282bb
JH		 1123 clear_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1124 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
1125 }
0224d2fa 1126
5e5282bb 1127 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
0224d2fa
JH		 1128 if (err < 0)
1129 goto failed;
1130
1131 if (changed)
1132 err = new_settings(hdev, sk);
1133
9fbcbb45
JH		 1134 goto failed;
1135 }
1136
2e58ef3e 1137 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
8ce8e2b5 1138 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
bdb6d971 1139 err = cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
04124681 1140 MGMT_STATUS_BUSY);
9fbcbb45
JH		 1141 goto failed;
1142 }
1143
5e5282bb 1144 if (!!cp->val == test_bit(HCI_PSCAN, &hdev->flags)) {
69ab39ea 1145 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
9fbcbb45
JH		 1146 goto failed;
1147 }
1148
2e58ef3e 1149 cmd = mgmt_pending_add(sk, MGMT_OP_SET_CONNECTABLE, hdev, data, len);
366a0336
JH		 1150 if (!cmd) {
1151 err = -ENOMEM;
9fbcbb45 1152 goto failed;
366a0336 1153 }
9fbcbb45 1154
6bf0e469 1155 if (cp->val) {
9fbcbb45 1156 scan = SCAN_PAGE;
6bf0e469 1157 } else {
9fbcbb45
JH		 1158 scan = 0;
1159
df2c6c5e 1160 if (test_bit(HCI_ISCAN, &hdev->flags) &&
8ce8e2b5 1161 hdev->discov_timeout > 0)
df2c6c5e
JH		 1162 cancel_delayed_work(&hdev->discov_off);
1163 }
1164
2b76f453
JH		 1165 hci_req_init(&req, hdev);
1166
1167 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1168
4c01f8b8
JH		 1169 /* If we're going from non-connectable to connectable or
1170 * vice-versa when fast connectable is enabled ensure that fast
1171 * connectable gets disabled. write_fast_connectable won't do
1172 * anything if the page scan parameters are already what they
1173 * should be.
1174 */
1175 if (cp->val || test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags))
e36a3769
JH		 1176 write_fast_connectable(&req, false);
1177
2b76f453 1178 err = hci_req_run(&req, set_connectable_complete);
9fbcbb45 1179 if (err < 0)
a664b5bc 1180 mgmt_pending_remove(cmd);
9fbcbb45
JH		 1181
1182failed:
09fd0de5 1183 hci_dev_unlock(hdev);
9fbcbb45
JH		 1184 return err;
1185}
1186
bdb6d971 1187static int set_pairable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1188 u16 len)
c542a06c 1189{
650f726d 1190 struct mgmt_mode *cp = data;
55594356 1191 bool changed;
c542a06c
JH		 1192 int err;
1193
bdb6d971 1194 BT_DBG("request for %s", hdev->name);
c542a06c 1195
a7e80f25
JH		 1196 if (cp->val != 0x00 && cp->val != 0x01)
1197 return cmd_status(sk, hdev->id, MGMT_OP_SET_PAIRABLE,
1198 MGMT_STATUS_INVALID_PARAMS);
1199
09fd0de5 1200 hci_dev_lock(hdev);
c542a06c
JH		 1201
1202 if (cp->val)
55594356 1203 changed = !test_and_set_bit(HCI_PAIRABLE, &hdev->dev_flags);
c542a06c 1204 else
55594356 1205 changed = test_and_clear_bit(HCI_PAIRABLE, &hdev->dev_flags);
c542a06c 1206
69ab39ea 1207 err = send_settings_rsp(sk, MGMT_OP_SET_PAIRABLE, hdev);
c542a06c 1208 if (err < 0)
55594356 1209 goto unlock;
c542a06c 1210
55594356
MH		 1211 if (changed)
1212 err = new_settings(hdev, sk);
c542a06c 1213
55594356 1214unlock:
09fd0de5 1215 hci_dev_unlock(hdev);
c542a06c
JH		 1216 return err;
1217}
1218
04124681
GP		 1219static int set_link_security(struct sock *sk, struct hci_dev *hdev, void *data,
1220 u16 len)
33ef95ed
JH		 1221{
1222 struct mgmt_mode *cp = data;
1223 struct pending_cmd *cmd;
e6fe7986 1224 u8 val, status;
33ef95ed
JH		 1225 int err;
1226
bdb6d971 1227 BT_DBG("request for %s", hdev->name);
33ef95ed 1228
e6fe7986
JH		 1229 status = mgmt_bredr_support(hdev);
1230 if (status)
33c525c0 1231 return cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
e6fe7986 1232 status);
33c525c0 1233
a7e80f25
JH		 1234 if (cp->val != 0x00 && cp->val != 0x01)
1235 return cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1236 MGMT_STATUS_INVALID_PARAMS);
1237
33ef95ed
JH		 1238 hci_dev_lock(hdev);
1239
4b34ee78 1240 if (!hdev_is_powered(hdev)) {
47990ea0
JH		 1241 bool changed = false;
1242
1243 if (!!cp->val != test_bit(HCI_LINK_SECURITY,
8ce8e2b5 1244 &hdev->dev_flags)) {
47990ea0
JH		 1245 change_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
1246 changed = true;
1247 }
1248
1249 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1250 if (err < 0)
1251 goto failed;
1252
1253 if (changed)
1254 err = new_settings(hdev, sk);
1255
33ef95ed
JH		 1256 goto failed;
1257 }
1258
1259 if (mgmt_pending_find(MGMT_OP_SET_LINK_SECURITY, hdev)) {
bdb6d971 1260 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
04124681 1261 MGMT_STATUS_BUSY);
33ef95ed
JH		 1262 goto failed;
1263 }
1264
1265 val = !!cp->val;
1266
1267 if (test_bit(HCI_AUTH, &hdev->flags) == val) {
1268 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1269 goto failed;
1270 }
1271
1272 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LINK_SECURITY, hdev, data, len);
1273 if (!cmd) {
1274 err = -ENOMEM;
1275 goto failed;
1276 }
1277
1278 err = hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE, sizeof(val), &val);
1279 if (err < 0) {
1280 mgmt_pending_remove(cmd);
1281 goto failed;
1282 }
1283
1284failed:
1285 hci_dev_unlock(hdev);
33ef95ed
JH		 1286 return err;
1287}
1288
bdb6d971 1289static int set_ssp(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
ed2c4ee3
JH		 1290{
1291 struct mgmt_mode *cp = data;
1292 struct pending_cmd *cmd;
72ef0c1a 1293 u8 status;
ed2c4ee3
JH		 1294 int err;
1295
bdb6d971 1296 BT_DBG("request for %s", hdev->name);
ed2c4ee3 1297
cdba5281
MH		 1298 status = mgmt_bredr_support(hdev);
1299 if (status)
1300 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP, status);
1301
13ecd8b6
JH		 1302 if (!lmp_ssp_capable(hdev))
1303 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1304 MGMT_STATUS_NOT_SUPPORTED);
ed2c4ee3 1305
a7e80f25
JH		 1306 if (cp->val != 0x00 && cp->val != 0x01)
1307 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1308 MGMT_STATUS_INVALID_PARAMS);
1309
13ecd8b6 1310 hci_dev_lock(hdev);
6c8f12c1 1311
4b34ee78 1312 if (!hdev_is_powered(hdev)) {
c0ecddc2
JH		 1313 bool changed = false;
1314
1315 if (val != test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) {
1316 change_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
1317 changed = true;
1318 }
1319
1320 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1321 if (err < 0)
1322 goto failed;
1323
1324 if (changed)
1325 err = new_settings(hdev, sk);
1326
ed2c4ee3
JH		 1327 goto failed;
1328 }
1329
1330 if (mgmt_pending_find(MGMT_OP_SET_SSP, hdev)) {
d97dcb66
SJ		 1331 err = cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1332 MGMT_STATUS_BUSY);
ed2c4ee3
JH		 1333 goto failed;
1334 }
1335
72ef0c1a 1336 if (!!cp->val == test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) {
ed2c4ee3
JH		 1337 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1338 goto failed;
1339 }
1340
1341 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SSP, hdev, data, len);
1342 if (!cmd) {
1343 err = -ENOMEM;
1344 goto failed;
1345 }
1346
72ef0c1a 1347 err = hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, 1, &cp->val);
ed2c4ee3
JH		 1348 if (err < 0) {
1349 mgmt_pending_remove(cmd);
1350 goto failed;
1351 }
1352
1353failed:
1354 hci_dev_unlock(hdev);
ed2c4ee3
JH		 1355 return err;
1356}
1357
bdb6d971 1358static int set_hs(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
6d80dfd0
JH		 1359{
1360 struct mgmt_mode *cp = data;
ee392693 1361 bool changed;
e6fe7986 1362 u8 status;
ee392693 1363 int err;
6d80dfd0 1364
bdb6d971 1365 BT_DBG("request for %s", hdev->name);
6d80dfd0 1366
e6fe7986
JH		 1367 status = mgmt_bredr_support(hdev);
1368 if (status)
1369 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS, status);
6d80dfd0 1370
a7e80f25
JH		 1371 if (cp->val != 0x00 && cp->val != 0x01)
1372 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1373 MGMT_STATUS_INVALID_PARAMS);
1374
ee392693
MH		 1375 hci_dev_lock(hdev);
1376
a0cdf960 1377 if (cp->val) {
ee392693 1378 changed = !test_and_set_bit(HCI_HS_ENABLED, &hdev->dev_flags);
a0cdf960
MH		 1379 } else {
1380 if (hdev_is_powered(hdev)) {
1381 err = cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1382 MGMT_STATUS_REJECTED);
1383 goto unlock;
1384 }
1385
ee392693 1386 changed = test_and_clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
a0cdf960 1387 }
ee392693
MH		 1388
1389 err = send_settings_rsp(sk, MGMT_OP_SET_HS, hdev);
1390 if (err < 0)
1391 goto unlock;
1392
1393 if (changed)
1394 err = new_settings(hdev, sk);
6d80dfd0 1395
ee392693
MH		 1396unlock:
1397 hci_dev_unlock(hdev);
1398 return err;
6d80dfd0
JH		 1399}
1400
bba3aa55
MH		 1401static void enable_advertising(struct hci_request *req)
1402{
b4faf300
MH		 1403 struct hci_dev *hdev = req->hdev;
1404 struct hci_cp_le_set_adv_param cp;
1405 u8 enable = 0x01;
1406
1407 memset(&cp, 0, sizeof(cp));
1408 cp.min_interval = __constant_cpu_to_le16(0x0800);
1409 cp.max_interval = __constant_cpu_to_le16(0x0800);
1410 cp.type = LE_ADV_IND;
1411 if (bacmp(&hdev->bdaddr, BDADDR_ANY))
1412 cp.own_address_type = ADDR_LE_DEV_PUBLIC;
1413 else
1414 cp.own_address_type = ADDR_LE_DEV_RANDOM;
1415 cp.channel_map = 0x07;
1416
1417 hci_req_add(req, HCI_OP_LE_SET_ADV_PARAM, sizeof(cp), &cp);
bba3aa55 1418
b4faf300 1419 hci_req_add(req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable), &enable);
bba3aa55
MH		 1420}
1421
1422static void disable_advertising(struct hci_request *req)
1423{
b4faf300 1424 u8 enable = 0x00;
bba3aa55 1425
b4faf300 1426 hci_req_add(req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable), &enable);
bba3aa55
MH		 1427}
1428
416a4ae5
JH		 1429static void le_enable_complete(struct hci_dev *hdev, u8 status)
1430{
1431 struct cmd_lookup match = { NULL, hdev };
1432
1433 if (status) {
1434 u8 mgmt_err = mgmt_status(status);
1435
1436 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, cmd_status_rsp,
1437 &mgmt_err);
1438 return;
1439 }
1440
1441 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, settings_rsp, &match);
1442
1443 new_settings(hdev, match.sk);
1444
1445 if (match.sk)
1446 sock_put(match.sk);
1447}
1448
bdb6d971 1449static int set_le(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
06199cf8
JH		 1450{
1451 struct mgmt_mode *cp = data;
1452 struct hci_cp_write_le_host_supported hci_cp;
1453 struct pending_cmd *cmd;
416a4ae5 1454 struct hci_request req;
06199cf8 1455 int err;
0b60eba1 1456 u8 val, enabled;
06199cf8 1457
bdb6d971 1458 BT_DBG("request for %s", hdev->name);
06199cf8 1459
13ecd8b6
JH		 1460 if (!lmp_le_capable(hdev))
1461 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1462 MGMT_STATUS_NOT_SUPPORTED);
1de028ce 1463
a7e80f25
JH		 1464 if (cp->val != 0x00 && cp->val != 0x01)
1465 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1466 MGMT_STATUS_INVALID_PARAMS);
1467
c73eee91 1468 /* LE-only devices do not allow toggling LE on/off */
56f87901 1469 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
c73eee91
JH		 1470 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1471 MGMT_STATUS_REJECTED);
1472
13ecd8b6 1473 hci_dev_lock(hdev);
06199cf8
JH		 1474
1475 val = !!cp->val;
ffa88e02 1476 enabled = lmp_host_le_capable(hdev);
06199cf8 1477
0b60eba1 1478 if (!hdev_is_powered(hdev) || val == enabled) {
06199cf8
JH		 1479 bool changed = false;
1480
1481 if (val != test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
1482 change_bit(HCI_LE_ENABLED, &hdev->dev_flags);
1483 changed = true;
1484 }
1485
f3d3444a
JH		 1486 if (!val && test_bit(HCI_ADVERTISING, &hdev->dev_flags)) {
1487 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
eeca6f89
JH		 1488 changed = true;
1489 }
1490
06199cf8
JH		 1491 err = send_settings_rsp(sk, MGMT_OP_SET_LE, hdev);
1492 if (err < 0)
1de028ce 1493 goto unlock;
06199cf8
JH		 1494
1495 if (changed)
1496 err = new_settings(hdev, sk);
1497
1de028ce 1498 goto unlock;
06199cf8
JH		 1499 }
1500
4375f103
JH		 1501 if (mgmt_pending_find(MGMT_OP_SET_LE, hdev) ||
1502 mgmt_pending_find(MGMT_OP_SET_ADVERTISING, hdev)) {
bdb6d971 1503 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
04124681 1504 MGMT_STATUS_BUSY);
1de028ce 1505 goto unlock;
06199cf8
JH		 1506 }
1507
1508 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LE, hdev, data, len);
1509 if (!cmd) {
1510 err = -ENOMEM;
1de028ce 1511 goto unlock;
06199cf8
JH		 1512 }
1513
1514 memset(&hci_cp, 0, sizeof(hci_cp));
1515
1516 if (val) {
1517 hci_cp.le = val;
ffa88e02 1518 hci_cp.simul = lmp_le_br_capable(hdev);
06199cf8
JH		 1519 }
1520
416a4ae5
JH		 1521 hci_req_init(&req, hdev);
1522
bba3aa55
MH		 1523 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags) && !val)
1524 disable_advertising(&req);
eeca6f89 1525
416a4ae5
JH		 1526 hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(hci_cp),
1527 &hci_cp);
1528
1529 err = hci_req_run(&req, le_enable_complete);
0c01bc48 1530 if (err < 0)
06199cf8 1531 mgmt_pending_remove(cmd);
06199cf8 1532
1de028ce
JH		 1533unlock:
1534 hci_dev_unlock(hdev);
06199cf8
JH		 1535 return err;
1536}
1537
0cab9c80
JH		 1538/* This is a helper function to test for pending mgmt commands that can
1539 * cause CoD or EIR HCI commands. We can only allow one such pending
1540 * mgmt command at a time since otherwise we cannot easily track what
1541 * the current values are, will be, and based on that calculate if a new
1542 * HCI command needs to be sent and if yes with what value.
1543 */
1544static bool pending_eir_or_class(struct hci_dev *hdev)
1545{
1546 struct pending_cmd *cmd;
1547
1548 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
1549 switch (cmd->opcode) {
1550 case MGMT_OP_ADD_UUID:
1551 case MGMT_OP_REMOVE_UUID:
1552 case MGMT_OP_SET_DEV_CLASS:
1553 case MGMT_OP_SET_POWERED:
1554 return true;
1555 }
1556 }
1557
1558 return false;
1559}
1560
83be8eca
JH		 1561static const u8 bluetooth_base_uuid[] = {
1562 0xfb, 0x34, 0x9b, 0x5f, 0x80, 0x00, 0x00, 0x80,
1563 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1564};
1565
1566static u8 get_uuid_size(const u8 *uuid)
1567{
1568 u32 val;
1569
1570 if (memcmp(uuid, bluetooth_base_uuid, 12))
1571 return 128;
1572
1573 val = get_unaligned_le32(&uuid[12]);
1574 if (val > 0xffff)
1575 return 32;
1576
1577 return 16;
1578}
1579
92da6097
JH		 1580static void mgmt_class_complete(struct hci_dev *hdev, u16 mgmt_op, u8 status)
1581{
1582 struct pending_cmd *cmd;
1583
1584 hci_dev_lock(hdev);
1585
1586 cmd = mgmt_pending_find(mgmt_op, hdev);
1587 if (!cmd)
1588 goto unlock;
1589
1590 cmd_complete(cmd->sk, cmd->index, cmd->opcode, mgmt_status(status),
1591 hdev->dev_class, 3);
1592
1593 mgmt_pending_remove(cmd);
1594
1595unlock:
1596 hci_dev_unlock(hdev);
1597}
1598
1599static void add_uuid_complete(struct hci_dev *hdev, u8 status)
1600{
1601 BT_DBG("status 0x%02x", status);
1602
1603 mgmt_class_complete(hdev, MGMT_OP_ADD_UUID, status);
1604}
1605
bdb6d971 1606static int add_uuid(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
2aeb9a1a 1607{
650f726d 1608 struct mgmt_cp_add_uuid *cp = data;
90e70454 1609 struct pending_cmd *cmd;
890ea898 1610 struct hci_request req;
2aeb9a1a 1611 struct bt_uuid *uuid;
2aeb9a1a
JH		 1612 int err;
1613
bdb6d971 1614 BT_DBG("request for %s", hdev->name);
2aeb9a1a 1615
09fd0de5 1616 hci_dev_lock(hdev);
2aeb9a1a 1617
0cab9c80 1618 if (pending_eir_or_class(hdev)) {
bdb6d971 1619 err = cmd_status(sk, hdev->id, MGMT_OP_ADD_UUID,
04124681 1620 MGMT_STATUS_BUSY);
c95f0ba7
JH		 1621 goto failed;
1622 }
1623
92c4c204 1624 uuid = kmalloc(sizeof(*uuid), GFP_KERNEL);
2aeb9a1a
JH		 1625 if (!uuid) {
1626 err = -ENOMEM;
1627 goto failed;
1628 }
1629
1630 memcpy(uuid->uuid, cp->uuid, 16);
1aff6f09 1631 uuid->svc_hint = cp->svc_hint;
83be8eca 1632 uuid->size = get_uuid_size(cp->uuid);
2aeb9a1a 1633
de66aa63 1634 list_add_tail(&uuid->list, &hdev->uuids);
2aeb9a1a 1635
890ea898 1636 hci_req_init(&req, hdev);
1aff6f09 1637
890ea898
JH		 1638 update_class(&req);
1639 update_eir(&req);
1640
92da6097
JH		 1641 err = hci_req_run(&req, add_uuid_complete);
1642 if (err < 0) {
1643 if (err != -ENODATA)
1644 goto failed;
80a1e1db 1645
bdb6d971 1646 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_UUID, 0,
04124681 1647 hdev->dev_class, 3);
90e70454
JH		 1648 goto failed;
1649 }
1650
1651 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_UUID, hdev, data, len);
890ea898 1652 if (!cmd) {
90e70454 1653 err = -ENOMEM;
890ea898
JH		 1654 goto failed;
1655 }
1656
1657 err = 0;
2aeb9a1a
JH		 1658
1659failed:
09fd0de5 1660 hci_dev_unlock(hdev);
2aeb9a1a
JH		 1661 return err;
1662}
1663
24b78d0f
JH		 1664static bool enable_service_cache(struct hci_dev *hdev)
1665{
1666 if (!hdev_is_powered(hdev))
1667 return false;
1668
1669 if (!test_and_set_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
46818ed5
JH		 1670 queue_delayed_work(hdev->workqueue, &hdev->service_cache,
1671 CACHE_TIMEOUT);
24b78d0f
JH		 1672 return true;
1673 }
1674
1675 return false;
1676}
1677
92da6097
JH		 1678static void remove_uuid_complete(struct hci_dev *hdev, u8 status)
1679{
1680 BT_DBG("status 0x%02x", status);
1681
1682 mgmt_class_complete(hdev, MGMT_OP_REMOVE_UUID, status);
1683}
1684
bdb6d971 1685static int remove_uuid(struct sock *sk, struct hci_dev *hdev, void *data,
8ce8e2b5 1686 u16 len)
2aeb9a1a 1687{
650f726d 1688 struct mgmt_cp_remove_uuid *cp = data;
90e70454 1689 struct pending_cmd *cmd;
056341c8 1690 struct bt_uuid *match, *tmp;
2aeb9a1a 1691 u8 bt_uuid_any[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
890ea898 1692 struct hci_request req;
2aeb9a1a
JH		 1693 int err, found;
1694
bdb6d971 1695 BT_DBG("request for %s", hdev->name);
2aeb9a1a 1696
09fd0de5 1697 hci_dev_lock(hdev);
2aeb9a1a 1698
0cab9c80 1699 if (pending_eir_or_class(hdev)) {
bdb6d971 1700 err = cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
04124681 1701 MGMT_STATUS_BUSY);
c95f0ba7
JH		 1702 goto unlock;
1703 }
1704
2aeb9a1a
JH		 1705 if (memcmp(cp->uuid, bt_uuid_any, 16) == 0) {
1706 err = hci_uuids_clear(hdev);
4004b6d9 1707
24b78d0f 1708 if (enable_service_cache(hdev)) {
bdb6d971 1709 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID,
04124681 1710 0, hdev->dev_class, 3);
24b78d0f
JH		 1711 goto unlock;
1712 }
4004b6d9 1713
9246a869 1714 goto update_class;
2aeb9a1a
JH		 1715 }
1716
1717 found = 0;
1718
056341c8 1719 list_for_each_entry_safe(match, tmp, &hdev->uuids, list) {
2aeb9a1a
JH		 1720 if (memcmp(match->uuid, cp->uuid, 16) != 0)
1721 continue;
1722
1723 list_del(&match->list);
482049f7 1724 kfree(match);
2aeb9a1a
JH		 1725 found++;
1726 }
1727
1728 if (found == 0) {
bdb6d971 1729 err = cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
04124681 1730 MGMT_STATUS_INVALID_PARAMS);
2aeb9a1a
JH		 1731 goto unlock;
1732 }
1733
9246a869 1734update_class:
890ea898 1735 hci_req_init(&req, hdev);
1aff6f09 1736
890ea898
JH		 1737 update_class(&req);
1738 update_eir(&req);
1739
92da6097
JH		 1740 err = hci_req_run(&req, remove_uuid_complete);
1741 if (err < 0) {
1742 if (err != -ENODATA)
1743 goto unlock;
80a1e1db 1744
bdb6d971 1745 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID, 0,
04124681 1746 hdev->dev_class, 3);
90e70454
JH		 1747 goto unlock;
1748 }
1749
1750 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_UUID, hdev, data, len);
890ea898 1751 if (!cmd) {
90e70454 1752 err = -ENOMEM;
890ea898
JH		 1753 goto unlock;
1754 }
1755
1756 err = 0;
2aeb9a1a
JH		 1757
1758unlock:
09fd0de5 1759 hci_dev_unlock(hdev);
2aeb9a1a
JH		 1760 return err;
1761}
1762
92da6097
JH		 1763static void set_class_complete(struct hci_dev *hdev, u8 status)
1764{
1765 BT_DBG("status 0x%02x", status);
1766
1767 mgmt_class_complete(hdev, MGMT_OP_SET_DEV_CLASS, status);
1768}
1769
bdb6d971 1770static int set_dev_class(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1771 u16 len)
1aff6f09 1772{
650f726d 1773 struct mgmt_cp_set_dev_class *cp = data;
90e70454 1774 struct pending_cmd *cmd;
890ea898 1775 struct hci_request req;
1aff6f09
JH		 1776 int err;
1777
bdb6d971 1778 BT_DBG("request for %s", hdev->name);
1aff6f09 1779
6203fc98 1780 if (!lmp_bredr_capable(hdev))
13ecd8b6
JH		 1781 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
1782 MGMT_STATUS_NOT_SUPPORTED);
1aff6f09 1783
0cab9c80 1784 hci_dev_lock(hdev);
ee98f473 1785
0cab9c80
JH		 1786 if (pending_eir_or_class(hdev)) {
1787 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
1788 MGMT_STATUS_BUSY);
1789 goto unlock;
1790 }
c95f0ba7 1791
0cab9c80
JH		 1792 if ((cp->minor & 0x03) != 0 || (cp->major & 0xe0) != 0) {
1793 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
1794 MGMT_STATUS_INVALID_PARAMS);
1795 goto unlock;
1796 }
575b3a02 1797
932f5ff5
JH		 1798 hdev->major_class = cp->major;
1799 hdev->minor_class = cp->minor;
1800
b5235a65 1801 if (!hdev_is_powered(hdev)) {
bdb6d971 1802 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
04124681 1803 hdev->dev_class, 3);
b5235a65
JH		 1804 goto unlock;
1805 }
1806
890ea898
JH		 1807 hci_req_init(&req, hdev);
1808
a8b2d5c2 1809 if (test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
7d78525d
JH		 1810 hci_dev_unlock(hdev);
1811 cancel_delayed_work_sync(&hdev->service_cache);
1812 hci_dev_lock(hdev);
890ea898 1813 update_eir(&req);
7d78525d 1814 }
14c0b608 1815
890ea898
JH		 1816 update_class(&req);
1817
92da6097
JH		 1818 err = hci_req_run(&req, set_class_complete);
1819 if (err < 0) {
1820 if (err != -ENODATA)
1821 goto unlock;
1aff6f09 1822
bdb6d971 1823 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
04124681 1824 hdev->dev_class, 3);
90e70454
JH		 1825 goto unlock;
1826 }
1827
1828 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DEV_CLASS, hdev, data, len);
890ea898 1829 if (!cmd) {
90e70454 1830 err = -ENOMEM;
890ea898
JH		 1831 goto unlock;
1832 }
1833
1834 err = 0;
1aff6f09 1835
b5235a65 1836unlock:
09fd0de5 1837 hci_dev_unlock(hdev);
1aff6f09
JH		 1838 return err;
1839}
1840
bdb6d971 1841static int load_link_keys(struct sock *sk, struct hci_dev *hdev, void *data,
8ce8e2b5 1842 u16 len)
55ed8ca1 1843{
650f726d 1844 struct mgmt_cp_load_link_keys *cp = data;
4e51eae9 1845 u16 key_count, expected_len;
a492cd52 1846 int i;
55ed8ca1 1847
9060d5cf
MH		 1848 BT_DBG("request for %s", hdev->name);
1849
1850 if (!lmp_bredr_capable(hdev))
1851 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
1852 MGMT_STATUS_NOT_SUPPORTED);
1853
1f350c87 1854 key_count = __le16_to_cpu(cp->key_count);
55ed8ca1 1855
86742e1e
JH		 1856 expected_len = sizeof(*cp) + key_count *
1857 sizeof(struct mgmt_link_key_info);
a492cd52 1858 if (expected_len != len) {
86742e1e 1859 BT_ERR("load_link_keys: expected %u bytes, got %u bytes",
8ce8e2b5 1860 len, expected_len);
bdb6d971 1861 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
04124681 1862 MGMT_STATUS_INVALID_PARAMS);
55ed8ca1
JH		 1863 }
1864
4ae14301
JH		 1865 if (cp->debug_keys != 0x00 && cp->debug_keys != 0x01)
1866 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
1867 MGMT_STATUS_INVALID_PARAMS);
1868
bdb6d971 1869 BT_DBG("%s debug_keys %u key_count %u", hdev->name, cp->debug_keys,
8ce8e2b5 1870 key_count);
55ed8ca1 1871
4ee71b20
JH		 1872 for (i = 0; i < key_count; i++) {
1873 struct mgmt_link_key_info *key = &cp->keys[i];
1874
1875 if (key->addr.type != BDADDR_BREDR)
1876 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
1877 MGMT_STATUS_INVALID_PARAMS);
1878 }
1879
09fd0de5 1880 hci_dev_lock(hdev);
55ed8ca1
JH		 1881
1882 hci_link_keys_clear(hdev);
1883
55ed8ca1 1884 if (cp->debug_keys)
a8b2d5c2 1885 set_bit(HCI_DEBUG_KEYS, &hdev->dev_flags);
55ed8ca1 1886 else
a8b2d5c2 1887 clear_bit(HCI_DEBUG_KEYS, &hdev->dev_flags);
55ed8ca1 1888
a492cd52 1889 for (i = 0; i < key_count; i++) {
86742e1e 1890 struct mgmt_link_key_info *key = &cp->keys[i];
55ed8ca1 1891
d753fdc4 1892 hci_add_link_key(hdev, NULL, 0, &key->addr.bdaddr, key->val,
04124681 1893 key->type, key->pin_len);
55ed8ca1
JH		 1894 }
1895
bdb6d971 1896 cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS, 0, NULL, 0);
0e5f875a 1897
09fd0de5 1898 hci_dev_unlock(hdev);
55ed8ca1 1899
a492cd52 1900 return 0;
55ed8ca1
JH		 1901}
1902
b1078ad0 1903static int device_unpaired(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 1904 u8 addr_type, struct sock *skip_sk)
b1078ad0
JH		 1905{
1906 struct mgmt_ev_device_unpaired ev;
1907
1908 bacpy(&ev.addr.bdaddr, bdaddr);
1909 ev.addr.type = addr_type;
1910
1911 return mgmt_event(MGMT_EV_DEVICE_UNPAIRED, hdev, &ev, sizeof(ev),
04124681 1912 skip_sk);
b1078ad0
JH		 1913}
1914
bdb6d971 1915static int unpair_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1916 u16 len)
55ed8ca1 1917{
124f6e35
JH		 1918 struct mgmt_cp_unpair_device *cp = data;
1919 struct mgmt_rp_unpair_device rp;
a8a1d19e
JH		 1920 struct hci_cp_disconnect dc;
1921 struct pending_cmd *cmd;
55ed8ca1 1922 struct hci_conn *conn;
55ed8ca1
JH		 1923 int err;
1924
a8a1d19e 1925 memset(&rp, 0, sizeof(rp));
124f6e35
JH		 1926 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
1927 rp.addr.type = cp->addr.type;
a8a1d19e 1928
4ee71b20
JH		 1929 if (!bdaddr_type_is_valid(cp->addr.type))
1930 return cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
1931 MGMT_STATUS_INVALID_PARAMS,
1932 &rp, sizeof(rp));
1933
118da70b
JH		 1934 if (cp->disconnect != 0x00 && cp->disconnect != 0x01)
1935 return cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
1936 MGMT_STATUS_INVALID_PARAMS,
1937 &rp, sizeof(rp));
1938
4ee71b20
JH		 1939 hci_dev_lock(hdev);
1940
86a8cfc6 1941 if (!hdev_is_powered(hdev)) {
bdb6d971 1942 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
04124681 1943 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
86a8cfc6
JH		 1944 goto unlock;
1945 }
1946
591f47f3 1947 if (cp->addr.type == BDADDR_BREDR)
124f6e35
JH		 1948 err = hci_remove_link_key(hdev, &cp->addr.bdaddr);
1949 else
1950 err = hci_remove_ltk(hdev, &cp->addr.bdaddr);
b0dbfb46 1951
55ed8ca1 1952 if (err < 0) {
bdb6d971 1953 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
04124681 1954 MGMT_STATUS_NOT_PAIRED, &rp, sizeof(rp));
55ed8ca1
JH		 1955 goto unlock;
1956 }
1957
86a8cfc6 1958 if (cp->disconnect) {
591f47f3 1959 if (cp->addr.type == BDADDR_BREDR)
86a8cfc6 1960 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
8ce8e2b5 1961 &cp->addr.bdaddr);
86a8cfc6
JH		 1962 else
1963 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK,
8ce8e2b5 1964 &cp->addr.bdaddr);
86a8cfc6
JH		 1965 } else {
1966 conn = NULL;
1967 }
124f6e35 1968
a8a1d19e 1969 if (!conn) {
bdb6d971 1970 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE, 0,
04124681 1971 &rp, sizeof(rp));
b1078ad0 1972 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, sk);
a8a1d19e
JH		 1973 goto unlock;
1974 }
55ed8ca1 1975
124f6e35 1976 cmd = mgmt_pending_add(sk, MGMT_OP_UNPAIR_DEVICE, hdev, cp,
04124681 1977 sizeof(*cp));
a8a1d19e
JH		 1978 if (!cmd) {
1979 err = -ENOMEM;
1980 goto unlock;
55ed8ca1
JH		 1981 }
1982
eb55ef07 1983 dc.handle = cpu_to_le16(conn->handle);
a8a1d19e
JH		 1984 dc.reason = 0x13; /* Remote User Terminated Connection */
1985 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
1986 if (err < 0)
1987 mgmt_pending_remove(cmd);
1988
55ed8ca1 1989unlock:
09fd0de5 1990 hci_dev_unlock(hdev);
55ed8ca1
JH		 1991 return err;
1992}
1993
bdb6d971 1994static int disconnect(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1995 u16 len)
8962ee74 1996{
650f726d 1997 struct mgmt_cp_disconnect *cp = data;
06a63b19 1998 struct mgmt_rp_disconnect rp;
8962ee74 1999 struct hci_cp_disconnect dc;
366a0336 2000 struct pending_cmd *cmd;
8962ee74 2001 struct hci_conn *conn;
8962ee74
JH		 2002 int err;
2003
2004 BT_DBG("");
2005
06a63b19
JH		 2006 memset(&rp, 0, sizeof(rp));
2007 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2008 rp.addr.type = cp->addr.type;
2009
4ee71b20 2010 if (!bdaddr_type_is_valid(cp->addr.type))
06a63b19
JH		 2011 return cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2012 MGMT_STATUS_INVALID_PARAMS,
2013 &rp, sizeof(rp));
4ee71b20 2014
09fd0de5 2015 hci_dev_lock(hdev);
8962ee74
JH		 2016
2017 if (!test_bit(HCI_UP, &hdev->flags)) {
06a63b19
JH		 2018 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2019 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
8962ee74
JH		 2020 goto failed;
2021 }
2022
2e58ef3e 2023 if (mgmt_pending_find(MGMT_OP_DISCONNECT, hdev)) {
06a63b19
JH		 2024 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2025 MGMT_STATUS_BUSY, &rp, sizeof(rp));
8962ee74
JH		 2026 goto failed;
2027 }
2028
591f47f3 2029 if (cp->addr.type == BDADDR_BREDR)
8fc9ced3
GP		 2030 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
2031 &cp->addr.bdaddr);
88c3df13
JH		 2032 else
2033 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
365227e5 2034
f960727e 2035 if (!conn || conn->state == BT_OPEN || conn->state == BT_CLOSED) {
06a63b19
JH		 2036 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2037 MGMT_STATUS_NOT_CONNECTED, &rp, sizeof(rp));
8962ee74
JH		 2038 goto failed;
2039 }
2040
2e58ef3e 2041 cmd = mgmt_pending_add(sk, MGMT_OP_DISCONNECT, hdev, data, len);
366a0336
JH		 2042 if (!cmd) {
2043 err = -ENOMEM;
8962ee74 2044 goto failed;
366a0336 2045 }
8962ee74 2046
eb55ef07 2047 dc.handle = cpu_to_le16(conn->handle);
3701f944 2048 dc.reason = HCI_ERROR_REMOTE_USER_TERM;
8962ee74
JH		 2049
2050 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
2051 if (err < 0)
a664b5bc 2052 mgmt_pending_remove(cmd);
8962ee74
JH		 2053
2054failed:
09fd0de5 2055 hci_dev_unlock(hdev);
8962ee74
JH		 2056 return err;
2057}
2058
57c1477c 2059static u8 link_to_bdaddr(u8 link_type, u8 addr_type)
4c659c39
JH		 2060{
2061 switch (link_type) {
2062 case LE_LINK:
48264f06
JH		 2063 switch (addr_type) {
2064 case ADDR_LE_DEV_PUBLIC:
591f47f3 2065 return BDADDR_LE_PUBLIC;
0ed09148 2066
48264f06 2067 default:
0ed09148 2068 /* Fallback to LE Random address type */
591f47f3 2069 return BDADDR_LE_RANDOM;
48264f06 2070 }
0ed09148 2071
4c659c39 2072 default:
0ed09148 2073 /* Fallback to BR/EDR type */
591f47f3 2074 return BDADDR_BREDR;
4c659c39
JH		 2075 }
2076}
2077
04124681
GP		 2078static int get_connections(struct sock *sk, struct hci_dev *hdev, void *data,
2079 u16 data_len)
2784eb41 2080{
2784eb41 2081 struct mgmt_rp_get_connections *rp;
8035ded4 2082 struct hci_conn *c;
a38528f1 2083 size_t rp_len;
60fc5fb6
JH		 2084 int err;
2085 u16 i;
2784eb41
JH		 2086
2087 BT_DBG("");
2088
09fd0de5 2089 hci_dev_lock(hdev);
2784eb41 2090
5f97c1df 2091 if (!hdev_is_powered(hdev)) {
bdb6d971 2092 err = cmd_status(sk, hdev->id, MGMT_OP_GET_CONNECTIONS,
04124681 2093 MGMT_STATUS_NOT_POWERED);
5f97c1df
JH		 2094 goto unlock;
2095 }
2096
60fc5fb6 2097 i = 0;
b644ba33
JH		 2098 list_for_each_entry(c, &hdev->conn_hash.list, list) {
2099 if (test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
60fc5fb6 2100 i++;
2784eb41
JH		 2101 }
2102
60fc5fb6 2103 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
92c4c204 2104 rp = kmalloc(rp_len, GFP_KERNEL);
a38528f1 2105 if (!rp) {
2784eb41
JH		 2106 err = -ENOMEM;
2107 goto unlock;
2108 }
2109
2784eb41 2110 i = 0;
4c659c39 2111 list_for_each_entry(c, &hdev->conn_hash.list, list) {
b644ba33
JH		 2112 if (!test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
2113 continue;
4c659c39 2114 bacpy(&rp->addr[i].bdaddr, &c->dst);
57c1477c 2115 rp->addr[i].type = link_to_bdaddr(c->type, c->dst_type);
0ed09148 2116 if (c->type == SCO_LINK || c->type == ESCO_LINK)
4c659c39
JH		 2117 continue;
2118 i++;
2119 }
2120
eb55ef07 2121 rp->conn_count = cpu_to_le16(i);
60fc5fb6 2122
4c659c39
JH		 2123 /* Recalculate length in case of filtered SCO connections, etc */
2124 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
2784eb41 2125
bdb6d971 2126 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CONNECTIONS, 0, rp,
04124681 2127 rp_len);
2784eb41 2128
a38528f1 2129 kfree(rp);
5f97c1df
JH		 2130
2131unlock:
09fd0de5 2132 hci_dev_unlock(hdev);
2784eb41
JH		 2133 return err;
2134}
2135
bdb6d971 2136static int send_pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 2137 struct mgmt_cp_pin_code_neg_reply *cp)
96d97a67
WR		 2138{
2139 struct pending_cmd *cmd;
2140 int err;
2141
2e58ef3e 2142 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_NEG_REPLY, hdev, cp,
04124681 2143 sizeof(*cp));
96d97a67
WR		 2144 if (!cmd)
2145 return -ENOMEM;
2146
d8457698 2147 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
04124681 2148 sizeof(cp->addr.bdaddr), &cp->addr.bdaddr);
96d97a67
WR		 2149 if (err < 0)
2150 mgmt_pending_remove(cmd);
2151
2152 return err;
2153}
2154
bdb6d971 2155static int pin_code_reply(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2156 u16 len)
980e1a53 2157{
96d97a67 2158 struct hci_conn *conn;
650f726d 2159 struct mgmt_cp_pin_code_reply *cp = data;
980e1a53 2160 struct hci_cp_pin_code_reply reply;
366a0336 2161 struct pending_cmd *cmd;
980e1a53
JH		 2162 int err;
2163
2164 BT_DBG("");
2165
09fd0de5 2166 hci_dev_lock(hdev);
980e1a53 2167
4b34ee78 2168 if (!hdev_is_powered(hdev)) {
bdb6d971 2169 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
04124681 2170 MGMT_STATUS_NOT_POWERED);
980e1a53
JH		 2171 goto failed;
2172 }
2173
d8457698 2174 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->addr.bdaddr);
96d97a67 2175 if (!conn) {
bdb6d971 2176 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
04124681 2177 MGMT_STATUS_NOT_CONNECTED);
96d97a67
WR		 2178 goto failed;
2179 }
2180
2181 if (conn->pending_sec_level == BT_SECURITY_HIGH && cp->pin_len != 16) {
d8457698
JH		 2182 struct mgmt_cp_pin_code_neg_reply ncp;
2183
2184 memcpy(&ncp.addr, &cp->addr, sizeof(ncp.addr));
96d97a67
WR		 2185
2186 BT_ERR("PIN code is not 16 bytes long");
2187
bdb6d971 2188 err = send_pin_code_neg_reply(sk, hdev, &ncp);
96d97a67 2189 if (err >= 0)
bdb6d971 2190 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
04124681 2191 MGMT_STATUS_INVALID_PARAMS);
96d97a67
WR		 2192
2193 goto failed;
2194 }
2195
00abfe44 2196 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_REPLY, hdev, data, len);
366a0336
JH		 2197 if (!cmd) {
2198 err = -ENOMEM;
980e1a53 2199 goto failed;
366a0336 2200 }
980e1a53 2201
d8457698 2202 bacpy(&reply.bdaddr, &cp->addr.bdaddr);
980e1a53 2203 reply.pin_len = cp->pin_len;
24718ca5 2204 memcpy(reply.pin_code, cp->pin_code, sizeof(reply.pin_code));
980e1a53
JH		 2205
2206 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_REPLY, sizeof(reply), &reply);
2207 if (err < 0)
a664b5bc 2208 mgmt_pending_remove(cmd);
980e1a53
JH		 2209
2210failed:
09fd0de5 2211 hci_dev_unlock(hdev);
980e1a53
JH		 2212 return err;
2213}
2214
04124681
GP		 2215static int set_io_capability(struct sock *sk, struct hci_dev *hdev, void *data,
2216 u16 len)
17fa4b9d 2217{
650f726d 2218 struct mgmt_cp_set_io_capability *cp = data;
17fa4b9d
JH		 2219
2220 BT_DBG("");
2221
09fd0de5 2222 hci_dev_lock(hdev);
17fa4b9d
JH		 2223
2224 hdev->io_capability = cp->io_capability;
2225
2226 BT_DBG("%s IO capability set to 0x%02x", hdev->name,
8ce8e2b5 2227 hdev->io_capability);
17fa4b9d 2228
09fd0de5 2229 hci_dev_unlock(hdev);
17fa4b9d 2230
04124681
GP		 2231 return cmd_complete(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY, 0, NULL,
2232 0);
17fa4b9d
JH		 2233}
2234
6039aa73 2235static struct pending_cmd *find_pairing(struct hci_conn *conn)
e9a416b5
JH		 2236{
2237 struct hci_dev *hdev = conn->hdev;
8035ded4 2238 struct pending_cmd *cmd;
e9a416b5 2239
2e58ef3e 2240 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
e9a416b5
JH		 2241 if (cmd->opcode != MGMT_OP_PAIR_DEVICE)
2242 continue;
2243
e9a416b5
JH		 2244 if (cmd->user_data != conn)
2245 continue;
2246
2247 return cmd;
2248 }
2249
2250 return NULL;
2251}
2252
2253static void pairing_complete(struct pending_cmd *cmd, u8 status)
2254{
2255 struct mgmt_rp_pair_device rp;
2256 struct hci_conn *conn = cmd->user_data;
2257
ba4e564f 2258 bacpy(&rp.addr.bdaddr, &conn->dst);
57c1477c 2259 rp.addr.type = link_to_bdaddr(conn->type, conn->dst_type);
e9a416b5 2260
aee9b218 2261 cmd_complete(cmd->sk, cmd->index, MGMT_OP_PAIR_DEVICE, status,
04124681 2262 &rp, sizeof(rp));
e9a416b5
JH		 2263
2264 /* So we don't get further callbacks for this connection */
2265 conn->connect_cfm_cb = NULL;
2266 conn->security_cfm_cb = NULL;
2267 conn->disconn_cfm_cb = NULL;
2268
76a68ba0 2269 hci_conn_drop(conn);
e9a416b5 2270
a664b5bc 2271 mgmt_pending_remove(cmd);
e9a416b5
JH		 2272}
2273
2274static void pairing_complete_cb(struct hci_conn *conn, u8 status)
2275{
2276 struct pending_cmd *cmd;
2277
2278 BT_DBG("status %u", status);
2279
2280 cmd = find_pairing(conn);
56e5cb86 2281 if (!cmd)
e9a416b5 2282 BT_DBG("Unable to find a pending command");
56e5cb86 2283 else
e211326c 2284 pairing_complete(cmd, mgmt_status(status));
e9a416b5
JH		 2285}
2286
4c47d739
VA		 2287static void le_connect_complete_cb(struct hci_conn *conn, u8 status)
2288{
2289 struct pending_cmd *cmd;
2290
2291 BT_DBG("status %u", status);
2292
2293 if (!status)
2294 return;
2295
2296 cmd = find_pairing(conn);
2297 if (!cmd)
2298 BT_DBG("Unable to find a pending command");
2299 else
2300 pairing_complete(cmd, mgmt_status(status));
2301}
2302
bdb6d971 2303static int pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2304 u16 len)
e9a416b5 2305{
650f726d 2306 struct mgmt_cp_pair_device *cp = data;
1425acb7 2307 struct mgmt_rp_pair_device rp;
e9a416b5
JH		 2308 struct pending_cmd *cmd;
2309 u8 sec_level, auth_type;
2310 struct hci_conn *conn;
e9a416b5
JH		 2311 int err;
2312
2313 BT_DBG("");
2314
f950a30e
SJ		 2315 memset(&rp, 0, sizeof(rp));
2316 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2317 rp.addr.type = cp->addr.type;
2318
4ee71b20
JH		 2319 if (!bdaddr_type_is_valid(cp->addr.type))
2320 return cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2321 MGMT_STATUS_INVALID_PARAMS,
2322 &rp, sizeof(rp));
2323
09fd0de5 2324 hci_dev_lock(hdev);
e9a416b5 2325
5f97c1df 2326 if (!hdev_is_powered(hdev)) {
f950a30e
SJ		 2327 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2328 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
5f97c1df
JH		 2329 goto unlock;
2330 }
2331
c908df36
VCG		 2332 sec_level = BT_SECURITY_MEDIUM;
2333 if (cp->io_cap == 0x03)
e9a416b5 2334 auth_type = HCI_AT_DEDICATED_BONDING;
c908df36 2335 else
e9a416b5 2336 auth_type = HCI_AT_DEDICATED_BONDING_MITM;
e9a416b5 2337
591f47f3 2338 if (cp->addr.type == BDADDR_BREDR)
b12f62cf
AG		 2339 conn = hci_connect(hdev, ACL_LINK, &cp->addr.bdaddr,
2340 cp->addr.type, sec_level, auth_type);
7a512d01 2341 else
b12f62cf
AG		 2342 conn = hci_connect(hdev, LE_LINK, &cp->addr.bdaddr,
2343 cp->addr.type, sec_level, auth_type);
7a512d01 2344
30e76272 2345 if (IS_ERR(conn)) {
489dc48e
AK		 2346 int status;
2347
2348 if (PTR_ERR(conn) == -EBUSY)
2349 status = MGMT_STATUS_BUSY;
2350 else
2351 status = MGMT_STATUS_CONNECT_FAILED;
2352
bdb6d971 2353 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
489dc48e 2354 status, &rp,
04124681 2355 sizeof(rp));
e9a416b5
JH		 2356 goto unlock;
2357 }
2358
2359 if (conn->connect_cfm_cb) {
76a68ba0 2360 hci_conn_drop(conn);
bdb6d971 2361 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
04124681 2362 MGMT_STATUS_BUSY, &rp, sizeof(rp));
e9a416b5
JH		 2363 goto unlock;
2364 }
2365
2e58ef3e 2366 cmd = mgmt_pending_add(sk, MGMT_OP_PAIR_DEVICE, hdev, data, len);
e9a416b5
JH		 2367 if (!cmd) {
2368 err = -ENOMEM;
76a68ba0 2369 hci_conn_drop(conn);
e9a416b5
JH		 2370 goto unlock;
2371 }
2372
7a512d01 2373 /* For LE, just connecting isn't a proof that the pairing finished */
591f47f3 2374 if (cp->addr.type == BDADDR_BREDR)
7a512d01 2375 conn->connect_cfm_cb = pairing_complete_cb;
4c47d739
VA		 2376 else
2377 conn->connect_cfm_cb = le_connect_complete_cb;
7a512d01 2378
e9a416b5
JH		 2379 conn->security_cfm_cb = pairing_complete_cb;
2380 conn->disconn_cfm_cb = pairing_complete_cb;
2381 conn->io_capability = cp->io_cap;
2382 cmd->user_data = conn;
2383
2384 if (conn->state == BT_CONNECTED &&
8ce8e2b5 2385 hci_conn_security(conn, sec_level, auth_type))
e9a416b5
JH		 2386 pairing_complete(cmd, 0);
2387
2388 err = 0;
2389
2390unlock:
09fd0de5 2391 hci_dev_unlock(hdev);
e9a416b5
JH		 2392 return err;
2393}
2394
04124681
GP		 2395static int cancel_pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
2396 u16 len)
28424707 2397{
0f4e68cf 2398 struct mgmt_addr_info *addr = data;
28424707
JH		 2399 struct pending_cmd *cmd;
2400 struct hci_conn *conn;
2401 int err;
2402
2403 BT_DBG("");
2404
28424707
JH		 2405 hci_dev_lock(hdev);
2406
5f97c1df 2407 if (!hdev_is_powered(hdev)) {
bdb6d971 2408 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
04124681 2409 MGMT_STATUS_NOT_POWERED);
5f97c1df
JH		 2410 goto unlock;
2411 }
2412
28424707
JH		 2413 cmd = mgmt_pending_find(MGMT_OP_PAIR_DEVICE, hdev);
2414 if (!cmd) {
bdb6d971 2415 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
04124681 2416 MGMT_STATUS_INVALID_PARAMS);
28424707
JH		 2417 goto unlock;
2418 }
2419
2420 conn = cmd->user_data;
2421
2422 if (bacmp(&addr->bdaddr, &conn->dst) != 0) {
bdb6d971 2423 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
04124681 2424 MGMT_STATUS_INVALID_PARAMS);
28424707
JH		 2425 goto unlock;
2426 }
2427
2428 pairing_complete(cmd, MGMT_STATUS_CANCELLED);
2429
bdb6d971 2430 err = cmd_complete(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE, 0,
04124681 2431 addr, sizeof(*addr));
28424707
JH		 2432unlock:
2433 hci_dev_unlock(hdev);
28424707
JH		 2434 return err;
2435}
2436
bdb6d971 2437static int user_pairing_resp(struct sock *sk, struct hci_dev *hdev,
1707c60e 2438 struct mgmt_addr_info *addr, u16 mgmt_op,
04124681 2439 u16 hci_op, __le32 passkey)
a5c29683 2440{
a5c29683 2441 struct pending_cmd *cmd;
0df4c185 2442 struct hci_conn *conn;
a5c29683
JH		 2443 int err;
2444
09fd0de5 2445 hci_dev_lock(hdev);
08ba5382 2446
4b34ee78 2447 if (!hdev_is_powered(hdev)) {
feb94d3d
JH		 2448 err = cmd_complete(sk, hdev->id, mgmt_op,
2449 MGMT_STATUS_NOT_POWERED, addr,
2450 sizeof(*addr));
0df4c185 2451 goto done;
a5c29683
JH		 2452 }
2453
1707c60e
JH		 2454 if (addr->type == BDADDR_BREDR)
2455 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &addr->bdaddr);
272d90df 2456 else
1707c60e 2457 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &addr->bdaddr);
272d90df
JH		 2458
2459 if (!conn) {
feb94d3d
JH		 2460 err = cmd_complete(sk, hdev->id, mgmt_op,
2461 MGMT_STATUS_NOT_CONNECTED, addr,
2462 sizeof(*addr));
272d90df
JH		 2463 goto done;
2464 }
47c15e2b 2465
1707c60e 2466 if (addr->type == BDADDR_LE_PUBLIC || addr->type == BDADDR_LE_RANDOM) {
47c15e2b 2467 /* Continue with pairing via SMP */
5fe57d9e
BG		 2468 err = smp_user_confirm_reply(conn, mgmt_op, passkey);
2469
2470 if (!err)
feb94d3d
JH		 2471 err = cmd_complete(sk, hdev->id, mgmt_op,
2472 MGMT_STATUS_SUCCESS, addr,
2473 sizeof(*addr));
5fe57d9e 2474 else
feb94d3d
JH		 2475 err = cmd_complete(sk, hdev->id, mgmt_op,
2476 MGMT_STATUS_FAILED, addr,
2477 sizeof(*addr));
47c15e2b 2478
47c15e2b
BG		 2479 goto done;
2480 }
2481
1707c60e 2482 cmd = mgmt_pending_add(sk, mgmt_op, hdev, addr, sizeof(*addr));
a5c29683
JH		 2483 if (!cmd) {
2484 err = -ENOMEM;
0df4c185 2485 goto done;
a5c29683
JH		 2486 }
2487
0df4c185 2488 /* Continue with pairing via HCI */
604086b7
BG		 2489 if (hci_op == HCI_OP_USER_PASSKEY_REPLY) {
2490 struct hci_cp_user_passkey_reply cp;
2491
1707c60e 2492 bacpy(&cp.bdaddr, &addr->bdaddr);
604086b7
BG		 2493 cp.passkey = passkey;
2494 err = hci_send_cmd(hdev, hci_op, sizeof(cp), &cp);
2495 } else
1707c60e
JH		 2496 err = hci_send_cmd(hdev, hci_op, sizeof(addr->bdaddr),
2497 &addr->bdaddr);
604086b7 2498
a664b5bc
JH		 2499 if (err < 0)
2500 mgmt_pending_remove(cmd);
a5c29683 2501
0df4c185 2502done:
09fd0de5 2503 hci_dev_unlock(hdev);
a5c29683
JH		 2504 return err;
2505}
2506
afeb019d
JK		 2507static int pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
2508 void *data, u16 len)
2509{
2510 struct mgmt_cp_pin_code_neg_reply *cp = data;
2511
2512 BT_DBG("");
2513
1707c60e 2514 return user_pairing_resp(sk, hdev, &cp->addr,
afeb019d
JK		 2515 MGMT_OP_PIN_CODE_NEG_REPLY,
2516 HCI_OP_PIN_CODE_NEG_REPLY, 0);
2517}
2518
04124681
GP		 2519static int user_confirm_reply(struct sock *sk, struct hci_dev *hdev, void *data,
2520 u16 len)
0df4c185 2521{
650f726d 2522 struct mgmt_cp_user_confirm_reply *cp = data;
0df4c185
BG		 2523
2524 BT_DBG("");
2525
2526 if (len != sizeof(*cp))
bdb6d971 2527 return cmd_status(sk, hdev->id, MGMT_OP_USER_CONFIRM_REPLY,
04124681 2528 MGMT_STATUS_INVALID_PARAMS);
0df4c185 2529
1707c60e 2530 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 2531 MGMT_OP_USER_CONFIRM_REPLY,
2532 HCI_OP_USER_CONFIRM_REPLY, 0);
0df4c185
BG		 2533}
2534
bdb6d971 2535static int user_confirm_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 2536 void *data, u16 len)
0df4c185 2537{
c9c2659f 2538 struct mgmt_cp_user_confirm_neg_reply *cp = data;
0df4c185
BG		 2539
2540 BT_DBG("");
2541
1707c60e 2542 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 2543 MGMT_OP_USER_CONFIRM_NEG_REPLY,
2544 HCI_OP_USER_CONFIRM_NEG_REPLY, 0);
0df4c185
BG		 2545}
2546
04124681
GP		 2547static int user_passkey_reply(struct sock *sk, struct hci_dev *hdev, void *data,
2548 u16 len)
604086b7 2549{
650f726d 2550 struct mgmt_cp_user_passkey_reply *cp = data;
604086b7
BG		 2551
2552 BT_DBG("");
2553
1707c60e 2554 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 2555 MGMT_OP_USER_PASSKEY_REPLY,
2556 HCI_OP_USER_PASSKEY_REPLY, cp->passkey);
604086b7
BG		 2557}
2558
bdb6d971 2559static int user_passkey_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 2560 void *data, u16 len)
604086b7 2561{
650f726d 2562 struct mgmt_cp_user_passkey_neg_reply *cp = data;
604086b7
BG		 2563
2564 BT_DBG("");
2565
1707c60e 2566 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 2567 MGMT_OP_USER_PASSKEY_NEG_REPLY,
2568 HCI_OP_USER_PASSKEY_NEG_REPLY, 0);
604086b7
BG		 2569}
2570
13928971 2571static void update_name(struct hci_request *req)
2b4bf397 2572{
13928971 2573 struct hci_dev *hdev = req->hdev;
2b4bf397
JH		 2574 struct hci_cp_write_local_name cp;
2575
13928971 2576 memcpy(cp.name, hdev->dev_name, sizeof(cp.name));
2b4bf397 2577
890ea898 2578 hci_req_add(req, HCI_OP_WRITE_LOCAL_NAME, sizeof(cp), &cp);
2b4bf397
JH		 2579}
2580
13928971
JH		 2581static void set_name_complete(struct hci_dev *hdev, u8 status)
2582{
2583 struct mgmt_cp_set_local_name *cp;
2584 struct pending_cmd *cmd;
2585
2586 BT_DBG("status 0x%02x", status);
2587
2588 hci_dev_lock(hdev);
2589
2590 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
2591 if (!cmd)
2592 goto unlock;
2593
2594 cp = cmd->param;
2595
2596 if (status)
2597 cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME,
2598 mgmt_status(status));
2599 else
2600 cmd_complete(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
2601 cp, sizeof(*cp));
2602
2603 mgmt_pending_remove(cmd);
2604
2605unlock:
2606 hci_dev_unlock(hdev);
2607}
2608
bdb6d971 2609static int set_local_name(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2610 u16 len)
b312b161 2611{
2b4bf397 2612 struct mgmt_cp_set_local_name *cp = data;
b312b161 2613 struct pending_cmd *cmd;
890ea898 2614 struct hci_request req;
b312b161
JH		 2615 int err;
2616
2617 BT_DBG("");
2618
09fd0de5 2619 hci_dev_lock(hdev);
b312b161 2620
b3f2ca94
JH		 2621 /* If the old values are the same as the new ones just return a
2622 * direct command complete event.
2623 */
2624 if (!memcmp(hdev->dev_name, cp->name, sizeof(hdev->dev_name)) &&
2625 !memcmp(hdev->short_name, cp->short_name,
2626 sizeof(hdev->short_name))) {
2627 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
2628 data, len);
2629 goto failed;
2630 }
2631
2b4bf397 2632 memcpy(hdev->short_name, cp->short_name, sizeof(hdev->short_name));
28cc7bde 2633
b5235a65 2634 if (!hdev_is_powered(hdev)) {
2b4bf397 2635 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
28cc7bde
JH		 2636
2637 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
04124681 2638 data, len);
28cc7bde
JH		 2639 if (err < 0)
2640 goto failed;
2641
2642 err = mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, data, len,
04124681 2643 sk);
28cc7bde 2644
b5235a65
JH		 2645 goto failed;
2646 }
2647
28cc7bde 2648 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LOCAL_NAME, hdev, data, len);
b312b161
JH		 2649 if (!cmd) {
2650 err = -ENOMEM;
2651 goto failed;
2652 }
2653
13928971
JH		 2654 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
2655
890ea898 2656 hci_req_init(&req, hdev);
3f985050
JH		 2657
2658 if (lmp_bredr_capable(hdev)) {
2659 update_name(&req);
2660 update_eir(&req);
2661 }
2662
2663 if (lmp_le_capable(hdev))
2664 hci_update_ad(&req);
2665
13928971 2666 err = hci_req_run(&req, set_name_complete);
b312b161
JH		 2667 if (err < 0)
2668 mgmt_pending_remove(cmd);
2669
2670failed:
09fd0de5 2671 hci_dev_unlock(hdev);
b312b161
JH		 2672 return err;
2673}
2674
0f4e68cf 2675static int read_local_oob_data(struct sock *sk, struct hci_dev *hdev,
04124681 2676 void *data, u16 data_len)
c35938b2 2677{
c35938b2
SJ		 2678 struct pending_cmd *cmd;
2679 int err;
2680
bdb6d971 2681 BT_DBG("%s", hdev->name);
c35938b2 2682
09fd0de5 2683 hci_dev_lock(hdev);
c35938b2 2684
4b34ee78 2685 if (!hdev_is_powered(hdev)) {
bdb6d971 2686 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
04124681 2687 MGMT_STATUS_NOT_POWERED);
c35938b2
SJ		 2688 goto unlock;
2689 }
2690
9a1a1996 2691 if (!lmp_ssp_capable(hdev)) {
bdb6d971 2692 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
04124681 2693 MGMT_STATUS_NOT_SUPPORTED);
c35938b2
SJ		 2694 goto unlock;
2695 }
2696
2e58ef3e 2697 if (mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev)) {
bdb6d971 2698 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
04124681 2699 MGMT_STATUS_BUSY);
c35938b2
SJ		 2700 goto unlock;
2701 }
2702
2e58ef3e 2703 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_DATA, hdev, NULL, 0);
c35938b2
SJ		 2704 if (!cmd) {
2705 err = -ENOMEM;
2706 goto unlock;
2707 }
2708
2709 err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL);
2710 if (err < 0)
2711 mgmt_pending_remove(cmd);
2712
2713unlock:
09fd0de5 2714 hci_dev_unlock(hdev);
c35938b2
SJ		 2715 return err;
2716}
2717
bdb6d971 2718static int add_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
04124681 2719 void *data, u16 len)
2763eda6 2720{
650f726d 2721 struct mgmt_cp_add_remote_oob_data *cp = data;
bf1e3541 2722 u8 status;
2763eda6
SJ		 2723 int err;
2724
bdb6d971 2725 BT_DBG("%s ", hdev->name);
2763eda6 2726
09fd0de5 2727 hci_dev_lock(hdev);
2763eda6 2728
664ce4cc 2729 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr, cp->hash,
04124681 2730 cp->randomizer);
2763eda6 2731 if (err < 0)
bf1e3541 2732 status = MGMT_STATUS_FAILED;
2763eda6 2733 else
a6785be2 2734 status = MGMT_STATUS_SUCCESS;
bf1e3541 2735
bdb6d971 2736 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA, status,
04124681 2737 &cp->addr, sizeof(cp->addr));
2763eda6 2738
09fd0de5 2739 hci_dev_unlock(hdev);
2763eda6
SJ		 2740 return err;
2741}
2742
bdb6d971 2743static int remove_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
8ce8e2b5 2744 void *data, u16 len)
2763eda6 2745{
650f726d 2746 struct mgmt_cp_remove_remote_oob_data *cp = data;
bf1e3541 2747 u8 status;
2763eda6
SJ		 2748 int err;
2749
bdb6d971 2750 BT_DBG("%s", hdev->name);
2763eda6 2751
09fd0de5 2752 hci_dev_lock(hdev);
2763eda6 2753
664ce4cc 2754 err = hci_remove_remote_oob_data(hdev, &cp->addr.bdaddr);
2763eda6 2755 if (err < 0)
bf1e3541 2756 status = MGMT_STATUS_INVALID_PARAMS;
2763eda6 2757 else
a6785be2 2758 status = MGMT_STATUS_SUCCESS;
bf1e3541 2759
bdb6d971 2760 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
04124681 2761 status, &cp->addr, sizeof(cp->addr));
2763eda6 2762
09fd0de5 2763 hci_dev_unlock(hdev);
2763eda6
SJ		 2764 return err;
2765}
2766
41dc2bd6
AG		 2767static int mgmt_start_discovery_failed(struct hci_dev *hdev, u8 status)
2768{
2769 struct pending_cmd *cmd;
2770 u8 type;
2771 int err;
2772
2773 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
2774
2775 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
2776 if (!cmd)
2777 return -ENOENT;
2778
2779 type = hdev->discovery.type;
2780
2781 err = cmd_complete(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status),
2782 &type, sizeof(type));
2783 mgmt_pending_remove(cmd);
2784
2785 return err;
2786}
2787
7c307720
AG		 2788static void start_discovery_complete(struct hci_dev *hdev, u8 status)
2789{
2790 BT_DBG("status %d", status);
2791
2792 if (status) {
2793 hci_dev_lock(hdev);
2794 mgmt_start_discovery_failed(hdev, status);
2795 hci_dev_unlock(hdev);
2796 return;
2797 }
2798
2799 hci_dev_lock(hdev);
2800 hci_discovery_set_state(hdev, DISCOVERY_FINDING);
2801 hci_dev_unlock(hdev);
2802
2803 switch (hdev->discovery.type) {
2804 case DISCOV_TYPE_LE:
2805 queue_delayed_work(hdev->workqueue, &hdev->le_scan_disable,
0d8cc935 2806 DISCOV_LE_TIMEOUT);
7c307720
AG		 2807 break;
2808
2809 case DISCOV_TYPE_INTERLEAVED:
2810 queue_delayed_work(hdev->workqueue, &hdev->le_scan_disable,
0d8cc935 2811 DISCOV_INTERLEAVED_TIMEOUT);
7c307720
AG		 2812 break;
2813
2814 case DISCOV_TYPE_BREDR:
2815 break;
2816
2817 default:
2818 BT_ERR("Invalid discovery type %d", hdev->discovery.type);
2819 }
2820}
2821
bdb6d971 2822static int start_discovery(struct sock *sk, struct hci_dev *hdev,
04124681 2823 void *data, u16 len)
14a53664 2824{
650f726d 2825 struct mgmt_cp_start_discovery *cp = data;
14a53664 2826 struct pending_cmd *cmd;
7c307720
AG		 2827 struct hci_cp_le_set_scan_param param_cp;
2828 struct hci_cp_le_set_scan_enable enable_cp;
2829 struct hci_cp_inquiry inq_cp;
2830 struct hci_request req;
2831 /* General inquiry access code (GIAC) */
2832 u8 lap[3] = { 0x33, 0x8b, 0x9e };
e6fe7986 2833 u8 status;
14a53664
JH		 2834 int err;
2835
bdb6d971 2836 BT_DBG("%s", hdev->name);
14a53664 2837
09fd0de5 2838 hci_dev_lock(hdev);
14a53664 2839
4b34ee78 2840 if (!hdev_is_powered(hdev)) {
bdb6d971 2841 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
04124681 2842 MGMT_STATUS_NOT_POWERED);
bd2d1334
JH		 2843 goto failed;
2844 }
2845
642be6c7
AG		 2846 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags)) {
2847 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2848 MGMT_STATUS_BUSY);
2849 goto failed;
2850 }
2851
ff9ef578 2852 if (hdev->discovery.state != DISCOVERY_STOPPED) {
bdb6d971 2853 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
04124681 2854 MGMT_STATUS_BUSY);
ff9ef578
JH		 2855 goto failed;
2856 }
2857
2e58ef3e 2858 cmd = mgmt_pending_add(sk, MGMT_OP_START_DISCOVERY, hdev, NULL, 0);
14a53664
JH		 2859 if (!cmd) {
2860 err = -ENOMEM;
2861 goto failed;
2862 }
2863
4aab14e5
AG		 2864 hdev->discovery.type = cp->type;
2865
7c307720
AG		 2866 hci_req_init(&req, hdev);
2867
4aab14e5 2868 switch (hdev->discovery.type) {
f39799f5 2869 case DISCOV_TYPE_BREDR:
e6fe7986
JH		 2870 status = mgmt_bredr_support(hdev);
2871 if (status) {
04106755 2872 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
e6fe7986 2873 status);
04106755
JH		 2874 mgmt_pending_remove(cmd);
2875 goto failed;
2876 }
2877
7c307720
AG		 2878 if (test_bit(HCI_INQUIRY, &hdev->flags)) {
2879 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2880 MGMT_STATUS_BUSY);
2881 mgmt_pending_remove(cmd);
2882 goto failed;
2883 }
2884
2885 hci_inquiry_cache_flush(hdev);
2886
2887 memset(&inq_cp, 0, sizeof(inq_cp));
2888 memcpy(&inq_cp.lap, lap, sizeof(inq_cp.lap));
0d8cc935 2889 inq_cp.length = DISCOV_BREDR_INQUIRY_LEN;
7c307720 2890 hci_req_add(&req, HCI_OP_INQUIRY, sizeof(inq_cp), &inq_cp);
f39799f5
AG		 2891 break;
2892
2893 case DISCOV_TYPE_LE:
7c307720 2894 case DISCOV_TYPE_INTERLEAVED:
e6fe7986
JH		 2895 status = mgmt_le_support(hdev);
2896 if (status) {
04106755 2897 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
e6fe7986 2898 status);
04106755
JH		 2899 mgmt_pending_remove(cmd);
2900 goto failed;
2901 }
2902
7c307720 2903 if (hdev->discovery.type == DISCOV_TYPE_INTERLEAVED &&
56f87901 2904 !test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
04106755
JH		 2905 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2906 MGMT_STATUS_NOT_SUPPORTED);
2907 mgmt_pending_remove(cmd);
2908 goto failed;
2909 }
2910
f3d3444a 2911 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags)) {
7c307720
AG		 2912 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2913 MGMT_STATUS_REJECTED);
2914 mgmt_pending_remove(cmd);
2915 goto failed;
2916 }
2917
2918 if (test_bit(HCI_LE_SCAN, &hdev->dev_flags)) {
2919 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2920 MGMT_STATUS_BUSY);
2921 mgmt_pending_remove(cmd);
2922 goto failed;
2923 }
2924
2925 memset(&param_cp, 0, sizeof(param_cp));
2926 param_cp.type = LE_SCAN_ACTIVE;
0d8cc935
AG		 2927 param_cp.interval = cpu_to_le16(DISCOV_LE_SCAN_INT);
2928 param_cp.window = cpu_to_le16(DISCOV_LE_SCAN_WIN);
c25dfc61
MH		 2929 if (bacmp(&hdev->bdaddr, BDADDR_ANY))
2930 param_cp.own_address_type = ADDR_LE_DEV_PUBLIC;
2931 else
2932 param_cp.own_address_type = ADDR_LE_DEV_RANDOM;
7c307720
AG		 2933 hci_req_add(&req, HCI_OP_LE_SET_SCAN_PARAM, sizeof(param_cp),
2934 &param_cp);
2935
2936 memset(&enable_cp, 0, sizeof(enable_cp));
2937 enable_cp.enable = LE_SCAN_ENABLE;
2938 enable_cp.filter_dup = LE_SCAN_FILTER_DUP_ENABLE;
2939 hci_req_add(&req, HCI_OP_LE_SET_SCAN_ENABLE, sizeof(enable_cp),
2940 &enable_cp);
5e0452c0
AG		 2941 break;
2942
f39799f5 2943 default:
04106755
JH		 2944 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2945 MGMT_STATUS_INVALID_PARAMS);
2946 mgmt_pending_remove(cmd);
2947 goto failed;
f39799f5 2948 }
3fd24153 2949
7c307720 2950 err = hci_req_run(&req, start_discovery_complete);
14a53664
JH		 2951 if (err < 0)
2952 mgmt_pending_remove(cmd);
ff9ef578
JH		 2953 else
2954 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
14a53664
JH		 2955
2956failed:
09fd0de5 2957 hci_dev_unlock(hdev);
14a53664
JH		 2958 return err;
2959}
2960
1183fdca
AG		 2961static int mgmt_stop_discovery_failed(struct hci_dev *hdev, u8 status)
2962{
2963 struct pending_cmd *cmd;
2964 int err;
2965
2966 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
2967 if (!cmd)
2968 return -ENOENT;
2969
2970 err = cmd_complete(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status),
2971 &hdev->discovery.type, sizeof(hdev->discovery.type));
2972 mgmt_pending_remove(cmd);
2973
2974 return err;
2975}
2976
0e05bba6
AG		 2977static void stop_discovery_complete(struct hci_dev *hdev, u8 status)
2978{
2979 BT_DBG("status %d", status);
2980
2981 hci_dev_lock(hdev);
2982
2983 if (status) {
2984 mgmt_stop_discovery_failed(hdev, status);
2985 goto unlock;
2986 }
2987
2988 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
2989
2990unlock:
2991 hci_dev_unlock(hdev);
2992}
2993
bdb6d971 2994static int stop_discovery(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2995 u16 len)
14a53664 2996{
d930650b 2997 struct mgmt_cp_stop_discovery *mgmt_cp = data;
14a53664 2998 struct pending_cmd *cmd;
30dc78e1
JH		 2999 struct hci_cp_remote_name_req_cancel cp;
3000 struct inquiry_entry *e;
0e05bba6
AG		 3001 struct hci_request req;
3002 struct hci_cp_le_set_scan_enable enable_cp;
14a53664
JH		 3003 int err;
3004
bdb6d971 3005 BT_DBG("%s", hdev->name);
14a53664 3006
09fd0de5 3007 hci_dev_lock(hdev);
14a53664 3008
30dc78e1 3009 if (!hci_discovery_active(hdev)) {
bdb6d971 3010 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
04124681
GP		 3011 MGMT_STATUS_REJECTED, &mgmt_cp->type,
3012 sizeof(mgmt_cp->type));
d930650b
JH		 3013 goto unlock;
3014 }
3015
3016 if (hdev->discovery.type != mgmt_cp->type) {
bdb6d971 3017 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
04124681
GP		 3018 MGMT_STATUS_INVALID_PARAMS, &mgmt_cp->type,
3019 sizeof(mgmt_cp->type));
30dc78e1 3020 goto unlock;
ff9ef578
JH		 3021 }
3022
2e58ef3e 3023 cmd = mgmt_pending_add(sk, MGMT_OP_STOP_DISCOVERY, hdev, NULL, 0);
14a53664
JH		 3024 if (!cmd) {
3025 err = -ENOMEM;
30dc78e1
JH		 3026 goto unlock;
3027 }
3028
0e05bba6
AG		 3029 hci_req_init(&req, hdev);
3030
e0d9727e
AG		 3031 switch (hdev->discovery.state) {
3032 case DISCOVERY_FINDING:
0e05bba6
AG		 3033 if (test_bit(HCI_INQUIRY, &hdev->flags)) {
3034 hci_req_add(&req, HCI_OP_INQUIRY_CANCEL, 0, NULL);
3035 } else {
3036 cancel_delayed_work(&hdev->le_scan_disable);
3037
3038 memset(&enable_cp, 0, sizeof(enable_cp));
3039 enable_cp.enable = LE_SCAN_DISABLE;
3040 hci_req_add(&req, HCI_OP_LE_SET_SCAN_ENABLE,
3041 sizeof(enable_cp), &enable_cp);
3042 }
c9ecc48e 3043
e0d9727e
AG		 3044 break;
3045
3046 case DISCOVERY_RESOLVING:
3047 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY,
8ce8e2b5 3048 NAME_PENDING);
e0d9727e 3049 if (!e) {
30dc78e1 3050 mgmt_pending_remove(cmd);
e0d9727e
AG		 3051 err = cmd_complete(sk, hdev->id,
3052 MGMT_OP_STOP_DISCOVERY, 0,
3053 &mgmt_cp->type,
3054 sizeof(mgmt_cp->type));
3055 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
3056 goto unlock;
3057 }
30dc78e1 3058
e0d9727e 3059 bacpy(&cp.bdaddr, &e->data.bdaddr);
0e05bba6
AG		 3060 hci_req_add(&req, HCI_OP_REMOTE_NAME_REQ_CANCEL, sizeof(cp),
3061 &cp);
e0d9727e
AG		 3062
3063 break;
3064
3065 default:
3066 BT_DBG("unknown discovery state %u", hdev->discovery.state);
0e05bba6
AG		 3067
3068 mgmt_pending_remove(cmd);
3069 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
3070 MGMT_STATUS_FAILED, &mgmt_cp->type,
3071 sizeof(mgmt_cp->type));
3072 goto unlock;
14a53664
JH		 3073 }
3074
0e05bba6 3075 err = hci_req_run(&req, stop_discovery_complete);
14a53664
JH		 3076 if (err < 0)
3077 mgmt_pending_remove(cmd);
ff9ef578
JH		 3078 else
3079 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
14a53664 3080
30dc78e1 3081unlock:
09fd0de5 3082 hci_dev_unlock(hdev);
14a53664
JH		 3083 return err;
3084}
3085
bdb6d971 3086static int confirm_name(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3087 u16 len)
561aafbc 3088{
650f726d 3089 struct mgmt_cp_confirm_name *cp = data;
561aafbc 3090 struct inquiry_entry *e;
561aafbc
JH		 3091 int err;
3092
bdb6d971 3093 BT_DBG("%s", hdev->name);
561aafbc 3094
561aafbc
JH		 3095 hci_dev_lock(hdev);
3096
30dc78e1 3097 if (!hci_discovery_active(hdev)) {
bdb6d971 3098 err = cmd_status(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
04124681 3099 MGMT_STATUS_FAILED);
30dc78e1
JH		 3100 goto failed;
3101 }
3102
a198e7b1 3103 e = hci_inquiry_cache_lookup_unknown(hdev, &cp->addr.bdaddr);
561aafbc 3104 if (!e) {
bdb6d971 3105 err = cmd_status(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
04124681 3106 MGMT_STATUS_INVALID_PARAMS);
561aafbc
JH		 3107 goto failed;
3108 }
3109
3110 if (cp->name_known) {
3111 e->name_state = NAME_KNOWN;
3112 list_del(&e->list);
3113 } else {
3114 e->name_state = NAME_NEEDED;
a3d4e20a 3115 hci_inquiry_cache_update_resolve(hdev, e);
561aafbc
JH		 3116 }
3117
e384662b
JH		 3118 err = cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME, 0, &cp->addr,
3119 sizeof(cp->addr));
561aafbc
JH		 3120
3121failed:
3122 hci_dev_unlock(hdev);
561aafbc
JH		 3123 return err;
3124}
3125
bdb6d971 3126static int block_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3127 u16 len)
7fbec224 3128{
650f726d 3129 struct mgmt_cp_block_device *cp = data;
f0eeea8b 3130 u8 status;
7fbec224
AJ		 3131 int err;
3132
bdb6d971 3133 BT_DBG("%s", hdev->name);
7fbec224 3134
4ee71b20 3135 if (!bdaddr_type_is_valid(cp->addr.type))
5d0846d4
JH		 3136 return cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE,
3137 MGMT_STATUS_INVALID_PARAMS,
3138 &cp->addr, sizeof(cp->addr));
4ee71b20 3139
09fd0de5 3140 hci_dev_lock(hdev);
5e762444 3141
88c1fe4b 3142 err = hci_blacklist_add(hdev, &cp->addr.bdaddr, cp->addr.type);
7fbec224 3143 if (err < 0)
f0eeea8b 3144 status = MGMT_STATUS_FAILED;
7fbec224 3145 else
a6785be2 3146 status = MGMT_STATUS_SUCCESS;
f0eeea8b 3147
bdb6d971 3148 err = cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE, status,
04124681 3149 &cp->addr, sizeof(cp->addr));
5e762444 3150
09fd0de5 3151 hci_dev_unlock(hdev);
7fbec224
AJ		 3152
3153 return err;
3154}
3155
bdb6d971 3156static int unblock_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3157 u16 len)
7fbec224 3158{
650f726d 3159 struct mgmt_cp_unblock_device *cp = data;
f0eeea8b 3160 u8 status;
7fbec224
AJ		 3161 int err;
3162
bdb6d971 3163 BT_DBG("%s", hdev->name);
7fbec224 3164
4ee71b20 3165 if (!bdaddr_type_is_valid(cp->addr.type))
5d0846d4
JH		 3166 return cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE,
3167 MGMT_STATUS_INVALID_PARAMS,
3168 &cp->addr, sizeof(cp->addr));
4ee71b20 3169
09fd0de5 3170 hci_dev_lock(hdev);
5e762444 3171
88c1fe4b 3172 err = hci_blacklist_del(hdev, &cp->addr.bdaddr, cp->addr.type);
7fbec224 3173 if (err < 0)
f0eeea8b 3174 status = MGMT_STATUS_INVALID_PARAMS;
7fbec224 3175 else
a6785be2 3176 status = MGMT_STATUS_SUCCESS;
f0eeea8b 3177
bdb6d971 3178 err = cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE, status,
04124681 3179 &cp->addr, sizeof(cp->addr));
5e762444 3180
09fd0de5 3181 hci_dev_unlock(hdev);
7fbec224
AJ		 3182
3183 return err;
3184}
3185
cdbaccca
MH		 3186static int set_device_id(struct sock *sk, struct hci_dev *hdev, void *data,
3187 u16 len)
3188{
3189 struct mgmt_cp_set_device_id *cp = data;
890ea898 3190 struct hci_request req;
cdbaccca 3191 int err;
c72d4b8a 3192 __u16 source;
cdbaccca
MH		 3193
3194 BT_DBG("%s", hdev->name);
3195
c72d4b8a
SJ		 3196 source = __le16_to_cpu(cp->source);
3197
3198 if (source > 0x0002)
3199 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEVICE_ID,
3200 MGMT_STATUS_INVALID_PARAMS);
3201
cdbaccca
MH		 3202 hci_dev_lock(hdev);
3203
c72d4b8a 3204 hdev->devid_source = source;
cdbaccca
MH		 3205 hdev->devid_vendor = __le16_to_cpu(cp->vendor);
3206 hdev->devid_product = __le16_to_cpu(cp->product);
3207 hdev->devid_version = __le16_to_cpu(cp->version);
3208
3209 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEVICE_ID, 0, NULL, 0);
3210
890ea898
JH		 3211 hci_req_init(&req, hdev);
3212 update_eir(&req);
3213 hci_req_run(&req, NULL);
cdbaccca
MH		 3214
3215 hci_dev_unlock(hdev);
3216
3217 return err;
3218}
3219
4375f103
JH		 3220static void set_advertising_complete(struct hci_dev *hdev, u8 status)
3221{
3222 struct cmd_lookup match = { NULL, hdev };
3223
3224 if (status) {
3225 u8 mgmt_err = mgmt_status(status);
3226
3227 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev,
3228 cmd_status_rsp, &mgmt_err);
3229 return;
3230 }
3231
3232 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev, settings_rsp,
3233 &match);
3234
3235 new_settings(hdev, match.sk);
3236
3237 if (match.sk)
3238 sock_put(match.sk);
3239}
3240
3241static int set_advertising(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
3242{
3243 struct mgmt_mode *cp = data;
3244 struct pending_cmd *cmd;
3245 struct hci_request req;
e6fe7986 3246 u8 val, enabled, status;
4375f103
JH		 3247 int err;
3248
3249 BT_DBG("request for %s", hdev->name);
3250
e6fe7986
JH		 3251 status = mgmt_le_support(hdev);
3252 if (status)
4375f103 3253 return cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
e6fe7986 3254 status);
4375f103
JH		 3255
3256 if (cp->val != 0x00 && cp->val != 0x01)
3257 return cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
3258 MGMT_STATUS_INVALID_PARAMS);
3259
3260 hci_dev_lock(hdev);
3261
3262 val = !!cp->val;
f3d3444a 3263 enabled = test_bit(HCI_ADVERTISING, &hdev->dev_flags);
4375f103 3264
f74ca9b8
JH		 3265 /* The following conditions are ones which mean that we should
3266 * not do any HCI communication but directly send a mgmt
3267 * response to user space (after toggling the flag if
3268 * necessary).
3269 */
3270 if (!hdev_is_powered(hdev) || val == enabled ||
3271 hci_conn_hash_lookup_state(hdev, LE_LINK, BT_CONNECTED)) {
4375f103
JH		 3272 bool changed = false;
3273
f3d3444a
JH		 3274 if (val != test_bit(HCI_ADVERTISING, &hdev->dev_flags)) {
3275 change_bit(HCI_ADVERTISING, &hdev->dev_flags);
4375f103
JH		 3276 changed = true;
3277 }
3278
3279 err = send_settings_rsp(sk, MGMT_OP_SET_ADVERTISING, hdev);
3280 if (err < 0)
3281 goto unlock;
3282
3283 if (changed)
3284 err = new_settings(hdev, sk);
3285
3286 goto unlock;
3287 }
3288
3289 if (mgmt_pending_find(MGMT_OP_SET_ADVERTISING, hdev) ||
3290 mgmt_pending_find(MGMT_OP_SET_LE, hdev)) {
3291 err = cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
3292 MGMT_STATUS_BUSY);
3293 goto unlock;
3294 }
3295
3296 cmd = mgmt_pending_add(sk, MGMT_OP_SET_ADVERTISING, hdev, data, len);
3297 if (!cmd) {
3298 err = -ENOMEM;
3299 goto unlock;
3300 }
3301
3302 hci_req_init(&req, hdev);
3303
bba3aa55
MH		 3304 if (val)
3305 enable_advertising(&req);
3306 else
3307 disable_advertising(&req);
4375f103
JH		 3308
3309 err = hci_req_run(&req, set_advertising_complete);
3310 if (err < 0)
3311 mgmt_pending_remove(cmd);
3312
3313unlock:
3314 hci_dev_unlock(hdev);
3315 return err;
3316}
3317
d13eafce
MH		 3318static int set_static_address(struct sock *sk, struct hci_dev *hdev,
3319 void *data, u16 len)
3320{
3321 struct mgmt_cp_set_static_address *cp = data;
3322 int err;
3323
3324 BT_DBG("%s", hdev->name);
3325
62af4443 3326 if (!lmp_le_capable(hdev))
d13eafce 3327 return cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
62af4443 3328 MGMT_STATUS_NOT_SUPPORTED);
d13eafce
MH		 3329
3330 if (hdev_is_powered(hdev))
3331 return cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
3332 MGMT_STATUS_REJECTED);
3333
3334 if (bacmp(&cp->bdaddr, BDADDR_ANY)) {
3335 if (!bacmp(&cp->bdaddr, BDADDR_NONE))
3336 return cmd_status(sk, hdev->id,
3337 MGMT_OP_SET_STATIC_ADDRESS,
3338 MGMT_STATUS_INVALID_PARAMS);
3339
3340 /* Two most significant bits shall be set */
3341 if ((cp->bdaddr.b[5] & 0xc0) != 0xc0)
3342 return cmd_status(sk, hdev->id,
3343 MGMT_OP_SET_STATIC_ADDRESS,
3344 MGMT_STATUS_INVALID_PARAMS);
3345 }
3346
3347 hci_dev_lock(hdev);
3348
3349 bacpy(&hdev->static_addr, &cp->bdaddr);
3350
3351 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS, 0, NULL, 0);
3352
3353 hci_dev_unlock(hdev);
3354
3355 return err;
3356}
3357
33e38b3e
JH		 3358static void fast_connectable_complete(struct hci_dev *hdev, u8 status)
3359{
3360 struct pending_cmd *cmd;
3361
3362 BT_DBG("status 0x%02x", status);
3363
3364 hci_dev_lock(hdev);
3365
3366 cmd = mgmt_pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev);
3367 if (!cmd)
3368 goto unlock;
3369
3370 if (status) {
3371 cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
3372 mgmt_status(status));
3373 } else {
1a4d3c4b
JH		 3374 struct mgmt_mode *cp = cmd->param;
3375
3376 if (cp->val)
3377 set_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
3378 else
3379 clear_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
3380
33e38b3e
JH		 3381 send_settings_rsp(cmd->sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev);
3382 new_settings(hdev, cmd->sk);
3383 }
3384
3385 mgmt_pending_remove(cmd);
3386
3387unlock:
3388 hci_dev_unlock(hdev);
3389}
3390
bdb6d971 3391static int set_fast_connectable(struct sock *sk, struct hci_dev *hdev,
04124681 3392 void *data, u16 len)
f6422ec6 3393{
650f726d 3394 struct mgmt_mode *cp = data;
33e38b3e
JH		 3395 struct pending_cmd *cmd;
3396 struct hci_request req;
f6422ec6
AJ		 3397 int err;
3398
bdb6d971 3399 BT_DBG("%s", hdev->name);
f6422ec6 3400
56f87901
JH		 3401 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags) ||
3402 hdev->hci_ver < BLUETOOTH_VER_1_2)
33c525c0
JH		 3403 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
3404 MGMT_STATUS_NOT_SUPPORTED);
3405
a7e80f25
JH		 3406 if (cp->val != 0x00 && cp->val != 0x01)
3407 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
3408 MGMT_STATUS_INVALID_PARAMS);
3409
5400c044 3410 if (!hdev_is_powered(hdev))
bdb6d971 3411 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
04124681 3412 MGMT_STATUS_NOT_POWERED);
5400c044
JH		 3413
3414 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
bdb6d971 3415 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
04124681 3416 MGMT_STATUS_REJECTED);
f6422ec6
AJ		 3417
3418 hci_dev_lock(hdev);
3419
05cbf29f
JH		 3420 if (mgmt_pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev)) {
3421 err = cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
3422 MGMT_STATUS_BUSY);
3423 goto unlock;
3424 }
3425
1a4d3c4b
JH		 3426 if (!!cp->val == test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags)) {
3427 err = send_settings_rsp(sk, MGMT_OP_SET_FAST_CONNECTABLE,
3428 hdev);
3429 goto unlock;
3430 }
3431
33e38b3e
JH		 3432 cmd = mgmt_pending_add(sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev,
3433 data, len);
3434 if (!cmd) {
3435 err = -ENOMEM;
3436 goto unlock;
f6422ec6
AJ		 3437 }
3438
33e38b3e
JH		 3439 hci_req_init(&req, hdev);
3440
406d7804 3441 write_fast_connectable(&req, cp->val);
33e38b3e
JH		 3442
3443 err = hci_req_run(&req, fast_connectable_complete);
f6422ec6 3444 if (err < 0) {
bdb6d971 3445 err = cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
04124681 3446 MGMT_STATUS_FAILED);
33e38b3e 3447 mgmt_pending_remove(cmd);
f6422ec6
AJ		 3448 }
3449
33e38b3e 3450unlock:
f6422ec6 3451 hci_dev_unlock(hdev);
33e38b3e 3452
f6422ec6
AJ		 3453 return err;
3454}
3455
0663ca2a
JH		 3456static void set_bredr_complete(struct hci_dev *hdev, u8 status)
3457{
3458 struct pending_cmd *cmd;
3459
3460 BT_DBG("status 0x%02x", status);
3461
3462 hci_dev_lock(hdev);
3463
3464 cmd = mgmt_pending_find(MGMT_OP_SET_BREDR, hdev);
3465 if (!cmd)
3466 goto unlock;
3467
3468 if (status) {
3469 u8 mgmt_err = mgmt_status(status);
3470
3471 /* We need to restore the flag if related HCI commands
3472 * failed.
3473 */
3474 clear_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
3475
3476 cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
3477 } else {
3478 send_settings_rsp(cmd->sk, MGMT_OP_SET_BREDR, hdev);
3479 new_settings(hdev, cmd->sk);
3480 }
3481
3482 mgmt_pending_remove(cmd);
3483
3484unlock:
3485 hci_dev_unlock(hdev);
3486}
3487
3488static int set_bredr(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
3489{
3490 struct mgmt_mode *cp = data;
3491 struct pending_cmd *cmd;
3492 struct hci_request req;
3493 int err;
3494
3495 BT_DBG("request for %s", hdev->name);
3496
3497 if (!lmp_bredr_capable(hdev) || !lmp_le_capable(hdev))
3498 return cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
3499 MGMT_STATUS_NOT_SUPPORTED);
3500
3501 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
3502 return cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
3503 MGMT_STATUS_REJECTED);
3504
3505 if (cp->val != 0x00 && cp->val != 0x01)
3506 return cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
3507 MGMT_STATUS_INVALID_PARAMS);
3508
3509 hci_dev_lock(hdev);
3510
3511 if (cp->val == test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
3512 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
3513 goto unlock;
3514 }
3515
3516 if (!hdev_is_powered(hdev)) {
3517 if (!cp->val) {
3518 clear_bit(HCI_CONNECTABLE, &hdev->dev_flags);
3519 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
3520 clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
3521 clear_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
3522 clear_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
3523 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
3524 }
3525
3526 change_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
3527
3528 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
3529 if (err < 0)
3530 goto unlock;
3531
3532 err = new_settings(hdev, sk);
3533 goto unlock;
3534 }
3535
3536 /* Reject disabling when powered on */
3537 if (!cp->val) {
3538 err = cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
3539 MGMT_STATUS_REJECTED);
3540 goto unlock;
3541 }
3542
3543 if (mgmt_pending_find(MGMT_OP_SET_BREDR, hdev)) {
3544 err = cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
3545 MGMT_STATUS_BUSY);
3546 goto unlock;
3547 }
3548
3549 cmd = mgmt_pending_add(sk, MGMT_OP_SET_BREDR, hdev, data, len);
3550 if (!cmd) {
3551 err = -ENOMEM;
3552 goto unlock;
3553 }
3554
3555 /* We need to flip the bit already here so that hci_update_ad
3556 * generates the correct flags.
3557 */
3558 set_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
3559
3560 hci_req_init(&req, hdev);
3561 hci_update_ad(&req);
3562 err = hci_req_run(&req, set_bredr_complete);
3563 if (err < 0)
3564 mgmt_pending_remove(cmd);
3565
3566unlock:
3567 hci_dev_unlock(hdev);
3568 return err;
3569}
3570
3f706b72
JH		 3571static bool ltk_is_valid(struct mgmt_ltk_info *key)
3572{
44b20d33
JH		 3573 if (key->authenticated != 0x00 && key->authenticated != 0x01)
3574 return false;
3f706b72
JH		 3575 if (key->master != 0x00 && key->master != 0x01)
3576 return false;
4ee71b20
JH		 3577 if (!bdaddr_type_is_le(key->addr.type))
3578 return false;
3f706b72
JH		 3579 return true;
3580}
3581
bdb6d971 3582static int load_long_term_keys(struct sock *sk, struct hci_dev *hdev,
04124681 3583 void *cp_data, u16 len)
346af67b 3584{
346af67b
VCG		 3585 struct mgmt_cp_load_long_term_keys *cp = cp_data;
3586 u16 key_count, expected_len;
715a5bf2 3587 int i, err;
346af67b 3588
cf99ba13
MH		 3589 BT_DBG("request for %s", hdev->name);
3590
3591 if (!lmp_le_capable(hdev))
3592 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
3593 MGMT_STATUS_NOT_SUPPORTED);
3594
1f350c87 3595 key_count = __le16_to_cpu(cp->key_count);
346af67b
VCG		 3596
3597 expected_len = sizeof(*cp) + key_count *
3598 sizeof(struct mgmt_ltk_info);
3599 if (expected_len != len) {
3600 BT_ERR("load_keys: expected %u bytes, got %u bytes",
8ce8e2b5 3601 len, expected_len);
bdb6d971 3602 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
e57e619f 3603 MGMT_STATUS_INVALID_PARAMS);
346af67b
VCG		 3604 }
3605
bdb6d971 3606 BT_DBG("%s key_count %u", hdev->name, key_count);
346af67b 3607
54ad6d8a
JH		 3608 for (i = 0; i < key_count; i++) {
3609 struct mgmt_ltk_info *key = &cp->keys[i];
3610
3f706b72 3611 if (!ltk_is_valid(key))
54ad6d8a
JH		 3612 return cmd_status(sk, hdev->id,
3613 MGMT_OP_LOAD_LONG_TERM_KEYS,
3614 MGMT_STATUS_INVALID_PARAMS);
3615 }
3616
346af67b
VCG		 3617 hci_dev_lock(hdev);
3618
3619 hci_smp_ltks_clear(hdev);
3620
3621 for (i = 0; i < key_count; i++) {
3622 struct mgmt_ltk_info *key = &cp->keys[i];
3623 u8 type;
3624
3625 if (key->master)
3626 type = HCI_SMP_LTK;
3627 else
3628 type = HCI_SMP_LTK_SLAVE;
3629
4596fde5 3630 hci_add_ltk(hdev, &key->addr.bdaddr,
378b5b7e 3631 bdaddr_to_le(key->addr.type),
04124681
GP		 3632 type, 0, key->authenticated, key->val,
3633 key->enc_size, key->ediv, key->rand);
346af67b
VCG		 3634 }
3635
715a5bf2
JH		 3636 err = cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS, 0,
3637 NULL, 0);
3638
346af67b 3639 hci_dev_unlock(hdev);
346af67b 3640
715a5bf2 3641 return err;
346af67b
VCG		 3642}
3643
2e3c35ea 3644static const struct mgmt_handler {
04124681
GP		 3645 int (*func) (struct sock *sk, struct hci_dev *hdev, void *data,
3646 u16 data_len);
be22b54e
JH		 3647 bool var_len;
3648 size_t data_len;
0f4e68cf
JH		 3649} mgmt_handlers[] = {
3650 { NULL }, /* 0x0000 (no command) */
be22b54e
JH		 3651 { read_version, false, MGMT_READ_VERSION_SIZE },
3652 { read_commands, false, MGMT_READ_COMMANDS_SIZE },
3653 { read_index_list, false, MGMT_READ_INDEX_LIST_SIZE },
3654 { read_controller_info, false, MGMT_READ_INFO_SIZE },
3655 { set_powered, false, MGMT_SETTING_SIZE },
3656 { set_discoverable, false, MGMT_SET_DISCOVERABLE_SIZE },
3657 { set_connectable, false, MGMT_SETTING_SIZE },
3658 { set_fast_connectable, false, MGMT_SETTING_SIZE },
3659 { set_pairable, false, MGMT_SETTING_SIZE },
3660 { set_link_security, false, MGMT_SETTING_SIZE },
3661 { set_ssp, false, MGMT_SETTING_SIZE },
3662 { set_hs, false, MGMT_SETTING_SIZE },
3663 { set_le, false, MGMT_SETTING_SIZE },
3664 { set_dev_class, false, MGMT_SET_DEV_CLASS_SIZE },
3665 { set_local_name, false, MGMT_SET_LOCAL_NAME_SIZE },
3666 { add_uuid, false, MGMT_ADD_UUID_SIZE },
3667 { remove_uuid, false, MGMT_REMOVE_UUID_SIZE },
3668 { load_link_keys, true, MGMT_LOAD_LINK_KEYS_SIZE },
3669 { load_long_term_keys, true, MGMT_LOAD_LONG_TERM_KEYS_SIZE },
3670 { disconnect, false, MGMT_DISCONNECT_SIZE },
3671 { get_connections, false, MGMT_GET_CONNECTIONS_SIZE },
3672 { pin_code_reply, false, MGMT_PIN_CODE_REPLY_SIZE },
3673 { pin_code_neg_reply, false, MGMT_PIN_CODE_NEG_REPLY_SIZE },
3674 { set_io_capability, false, MGMT_SET_IO_CAPABILITY_SIZE },
3675 { pair_device, false, MGMT_PAIR_DEVICE_SIZE },
3676 { cancel_pair_device, false, MGMT_CANCEL_PAIR_DEVICE_SIZE },
3677 { unpair_device, false, MGMT_UNPAIR_DEVICE_SIZE },
3678 { user_confirm_reply, false, MGMT_USER_CONFIRM_REPLY_SIZE },
3679 { user_confirm_neg_reply, false, MGMT_USER_CONFIRM_NEG_REPLY_SIZE },
3680 { user_passkey_reply, false, MGMT_USER_PASSKEY_REPLY_SIZE },
3681 { user_passkey_neg_reply, false, MGMT_USER_PASSKEY_NEG_REPLY_SIZE },
3682 { read_local_oob_data, false, MGMT_READ_LOCAL_OOB_DATA_SIZE },
3683 { add_remote_oob_data, false, MGMT_ADD_REMOTE_OOB_DATA_SIZE },
3684 { remove_remote_oob_data, false, MGMT_REMOVE_REMOTE_OOB_DATA_SIZE },
3685 { start_discovery, false, MGMT_START_DISCOVERY_SIZE },
3686 { stop_discovery, false, MGMT_STOP_DISCOVERY_SIZE },
3687 { confirm_name, false, MGMT_CONFIRM_NAME_SIZE },
3688 { block_device, false, MGMT_BLOCK_DEVICE_SIZE },
3689 { unblock_device, false, MGMT_UNBLOCK_DEVICE_SIZE },
cdbaccca 3690 { set_device_id, false, MGMT_SET_DEVICE_ID_SIZE },
4375f103 3691 { set_advertising, false, MGMT_SETTING_SIZE },
0663ca2a 3692 { set_bredr, false, MGMT_SETTING_SIZE },
d13eafce 3693 { set_static_address, false, MGMT_SET_STATIC_ADDRESS_SIZE },
0f4e68cf
JH		 3694};
3695
3696
0381101f
JH		 3697int mgmt_control(struct sock *sk, struct msghdr *msg, size_t msglen)
3698{
650f726d
VCG		 3699 void *buf;
3700 u8 *cp;
0381101f 3701 struct mgmt_hdr *hdr;
4e51eae9 3702 u16 opcode, index, len;
bdb6d971 3703 struct hci_dev *hdev = NULL;
2e3c35ea 3704 const struct mgmt_handler *handler;
0381101f
JH		 3705 int err;
3706
3707 BT_DBG("got %zu bytes", msglen);
3708
3709 if (msglen < sizeof(*hdr))
3710 return -EINVAL;
3711
e63a15ec 3712 buf = kmalloc(msglen, GFP_KERNEL);
0381101f
JH		 3713 if (!buf)
3714 return -ENOMEM;
3715
3716 if (memcpy_fromiovec(buf, msg->msg_iov, msglen)) {
3717 err = -EFAULT;
3718 goto done;
3719 }
3720
650f726d 3721 hdr = buf;
1f350c87
MH		 3722 opcode = __le16_to_cpu(hdr->opcode);
3723 index = __le16_to_cpu(hdr->index);
3724 len = __le16_to_cpu(hdr->len);
0381101f
JH		 3725
3726 if (len != msglen - sizeof(*hdr)) {
3727 err = -EINVAL;
3728 goto done;
3729 }
3730
0f4e68cf 3731 if (index != MGMT_INDEX_NONE) {
bdb6d971
JH		 3732 hdev = hci_dev_get(index);
3733 if (!hdev) {
3734 err = cmd_status(sk, index, opcode,
04124681 3735 MGMT_STATUS_INVALID_INDEX);
bdb6d971
JH		 3736 goto done;
3737 }
0736cfa8
MH		 3738
3739 if (test_bit(HCI_USER_CHANNEL, &hdev->dev_flags)) {
3740 err = cmd_status(sk, index, opcode,
3741 MGMT_STATUS_INVALID_INDEX);
3742 goto done;
3743 }
bdb6d971
JH		 3744 }
3745
0f4e68cf 3746 if (opcode >= ARRAY_SIZE(mgmt_handlers) ||
8ce8e2b5 3747 mgmt_handlers[opcode].func == NULL) {
0381101f 3748 BT_DBG("Unknown op %u", opcode);
ca69b795 3749 err = cmd_status(sk, index, opcode,
04124681 3750 MGMT_STATUS_UNKNOWN_COMMAND);
0f4e68cf
JH		 3751 goto done;
3752 }
3753
3754 if ((hdev && opcode < MGMT_OP_READ_INFO) ||
8ce8e2b5 3755 (!hdev && opcode >= MGMT_OP_READ_INFO)) {
0f4e68cf 3756 err = cmd_status(sk, index, opcode,
04124681 3757 MGMT_STATUS_INVALID_INDEX);
0f4e68cf 3758 goto done;
0381101f
JH		 3759 }
3760
be22b54e
JH		 3761 handler = &mgmt_handlers[opcode];
3762
3763 if ((handler->var_len && len < handler->data_len) ||
8ce8e2b5 3764 (!handler->var_len && len != handler->data_len)) {
be22b54e 3765 err = cmd_status(sk, index, opcode,
04124681 3766 MGMT_STATUS_INVALID_PARAMS);
be22b54e
JH		 3767 goto done;
3768 }
3769
0f4e68cf
JH		 3770 if (hdev)
3771 mgmt_init_hdev(sk, hdev);
3772
3773 cp = buf + sizeof(*hdr);
3774
be22b54e 3775 err = handler->func(sk, hdev, cp, len);
e41d8b4e
JH		 3776 if (err < 0)
3777 goto done;
3778
0381101f
JH		 3779 err = msglen;
3780
3781done:
bdb6d971
JH		 3782 if (hdev)
3783 hci_dev_put(hdev);
3784
0381101f
JH		 3785 kfree(buf);
3786 return err;
3787}
c71e97bf 3788
bf6b56db 3789void mgmt_index_added(struct hci_dev *hdev)
c71e97bf 3790{
1514b892 3791 if (hdev->dev_type != HCI_BREDR)
bf6b56db 3792 return;
bb4b2a9a 3793
bf6b56db 3794 mgmt_event(MGMT_EV_INDEX_ADDED, hdev, NULL, 0, NULL);
c71e97bf
JH		 3795}
3796
bf6b56db 3797void mgmt_index_removed(struct hci_dev *hdev)
c71e97bf 3798{
5f159032 3799 u8 status = MGMT_STATUS_INVALID_INDEX;
b24752fe 3800
1514b892 3801 if (hdev->dev_type != HCI_BREDR)
bf6b56db 3802 return;
bb4b2a9a 3803
744cf19e 3804 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status);
b24752fe 3805
bf6b56db 3806 mgmt_event(MGMT_EV_INDEX_REMOVED, hdev, NULL, 0, NULL);
eec8d2bc
JH		 3807}
3808
890ea898 3809static void set_bredr_scan(struct hci_request *req)
7f0ae647 3810{
890ea898 3811 struct hci_dev *hdev = req->hdev;
7f0ae647
JH		 3812 u8 scan = 0;
3813
4c01f8b8
JH		 3814 /* Ensure that fast connectable is disabled. This function will
3815 * not do anything if the page scan parameters are already what
3816 * they should be.
3817 */
3818 write_fast_connectable(req, false);
3819
7f0ae647
JH		 3820 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
3821 scan |= SCAN_PAGE;
3822 if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
3823 scan |= SCAN_INQUIRY;
3824
890ea898
JH		 3825 if (scan)
3826 hci_req_add(req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
7f0ae647
JH		 3827}
3828
229ab39c
JH		 3829static void powered_complete(struct hci_dev *hdev, u8 status)
3830{
3831 struct cmd_lookup match = { NULL, hdev };
3832
3833 BT_DBG("status 0x%02x", status);
3834
3835 hci_dev_lock(hdev);
3836
3837 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
3838
3839 new_settings(hdev, match.sk);
3840
3841 hci_dev_unlock(hdev);
3842
3843 if (match.sk)
3844 sock_put(match.sk);
3845}
3846
70da6243 3847static int powered_update_hci(struct hci_dev *hdev)
5add6af8 3848{
890ea898 3849 struct hci_request req;
70da6243 3850 u8 link_sec;
5add6af8 3851
890ea898
JH		 3852 hci_req_init(&req, hdev);
3853
70da6243
JH		 3854 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags) &&
3855 !lmp_host_ssp_capable(hdev)) {
3856 u8 ssp = 1;
5e5282bb 3857
890ea898 3858 hci_req_add(&req, HCI_OP_WRITE_SSP_MODE, 1, &ssp);
70da6243 3859 }
5add6af8 3860
c73eee91
JH		 3861 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags) &&
3862 lmp_bredr_capable(hdev)) {
70da6243 3863 struct hci_cp_write_le_host_supported cp;
f0ff92fb 3864
70da6243
JH		 3865 cp.le = 1;
3866 cp.simul = lmp_le_br_capable(hdev);
3d1cbdd6 3867
70da6243
JH		 3868 /* Check first if we already have the right
3869 * host state (host features set)
3870 */
3871 if (cp.le != lmp_host_le_capable(hdev) ||
3872 cp.simul != lmp_host_le_br_capable(hdev))
890ea898
JH		 3873 hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED,
3874 sizeof(cp), &cp);
0663ca2a
JH		 3875
3876 /* In case BR/EDR was toggled during the AUTO_OFF phase */
3877 hci_update_ad(&req);
70da6243 3878 }
3d1cbdd6 3879
d13eafce
MH		 3880 if (lmp_le_capable(hdev)) {
3881 /* Set random address to static address if configured */
3882 if (bacmp(&hdev->static_addr, BDADDR_ANY))
3883 hci_req_add(&req, HCI_OP_LE_SET_RANDOM_ADDR, 6,
3884 &hdev->static_addr);
eeca6f89 3885
bba3aa55
MH		 3886 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags))
3887 enable_advertising(&req);
eeca6f89
JH		 3888 }
3889
70da6243
JH		 3890 link_sec = test_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
3891 if (link_sec != test_bit(HCI_AUTH, &hdev->flags))
890ea898
JH		 3892 hci_req_add(&req, HCI_OP_WRITE_AUTH_ENABLE,
3893 sizeof(link_sec), &link_sec);
562fcc24 3894
70da6243 3895 if (lmp_bredr_capable(hdev)) {
56f87901
JH		 3896 if (test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
3897 set_bredr_scan(&req);
890ea898 3898 update_class(&req);
13928971 3899 update_name(&req);
890ea898 3900 update_eir(&req);
70da6243 3901 }
562fcc24 3902
229ab39c 3903 return hci_req_run(&req, powered_complete);
70da6243 3904}
562fcc24 3905
70da6243
JH		 3906int mgmt_powered(struct hci_dev *hdev, u8 powered)
3907{
3908 struct cmd_lookup match = { NULL, hdev };
229ab39c
JH		 3909 u8 status_not_powered = MGMT_STATUS_NOT_POWERED;
3910 u8 zero_cod[] = { 0, 0, 0 };
70da6243 3911 int err;
f0ff92fb 3912
70da6243
JH		 3913 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
3914 return 0;
3915
70da6243 3916 if (powered) {
229ab39c
JH		 3917 if (powered_update_hci(hdev) == 0)
3918 return 0;
fe038884 3919
229ab39c
JH		 3920 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp,
3921 &match);
3922 goto new_settings;
b24752fe
JH		 3923 }
3924
229ab39c
JH		 3925 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
3926 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status_not_powered);
3927
3928 if (memcmp(hdev->dev_class, zero_cod, sizeof(zero_cod)) != 0)
3929 mgmt_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev,
3930 zero_cod, sizeof(zero_cod), NULL);
3931
3932new_settings:
beadb2bd 3933 err = new_settings(hdev, match.sk);
eec8d2bc
JH		 3934
3935 if (match.sk)
3936 sock_put(match.sk);
3937
7bb895d6 3938 return err;
5add6af8 3939}
73f22f62 3940
3eec705e 3941void mgmt_set_powered_failed(struct hci_dev *hdev, int err)
96570ffc
JH		 3942{
3943 struct pending_cmd *cmd;
3944 u8 status;
3945
3946 cmd = mgmt_pending_find(MGMT_OP_SET_POWERED, hdev);
3947 if (!cmd)
3eec705e 3948 return;
96570ffc
JH		 3949
3950 if (err == -ERFKILL)
3951 status = MGMT_STATUS_RFKILLED;
3952 else
3953 status = MGMT_STATUS_FAILED;
3954
3eec705e 3955 cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_POWERED, status);
96570ffc
JH		 3956
3957 mgmt_pending_remove(cmd);
96570ffc
JH		 3958}
3959
744cf19e 3960int mgmt_discoverable(struct hci_dev *hdev, u8 discoverable)
73f22f62 3961{
76a7f3a4 3962 struct cmd_lookup match = { NULL, hdev };
5e5282bb
JH		 3963 bool changed = false;
3964 int err = 0;
73f22f62 3965
5e5282bb
JH		 3966 if (discoverable) {
3967 if (!test_and_set_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
3968 changed = true;
3969 } else {
3970 if (test_and_clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
3971 changed = true;
3972 }
73f22f62 3973
ed9b5f2f 3974 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, hdev, settings_rsp,
04124681 3975 &match);
ed9b5f2f 3976
beadb2bd
JH		 3977 if (changed)
3978 err = new_settings(hdev, match.sk);
5e5282bb 3979
73f22f62
JH		 3980 if (match.sk)
3981 sock_put(match.sk);
3982
7bb895d6 3983 return err;
73f22f62 3984}
9fbcbb45 3985
744cf19e 3986int mgmt_connectable(struct hci_dev *hdev, u8 connectable)
9fbcbb45 3987{
2b76f453 3988 struct pending_cmd *cmd;
5e5282bb
JH		 3989 bool changed = false;
3990 int err = 0;
9fbcbb45 3991
5e5282bb
JH		 3992 if (connectable) {
3993 if (!test_and_set_bit(HCI_CONNECTABLE, &hdev->dev_flags))
3994 changed = true;
3995 } else {
3996 if (test_and_clear_bit(HCI_CONNECTABLE, &hdev->dev_flags))
3997 changed = true;
3998 }
9fbcbb45 3999
2b76f453 4000 cmd = mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
ed9b5f2f 4001
beadb2bd 4002 if (changed)
2b76f453 4003 err = new_settings(hdev, cmd ? cmd->sk : NULL);
9fbcbb45 4004
7bb895d6 4005 return err;
9fbcbb45 4006}
55ed8ca1 4007
744cf19e 4008int mgmt_write_scan_failed(struct hci_dev *hdev, u8 scan, u8 status)
2d7cee58 4009{
ca69b795
JH		 4010 u8 mgmt_err = mgmt_status(status);
4011
2d7cee58 4012 if (scan & SCAN_PAGE)
744cf19e 4013 mgmt_pending_foreach(MGMT_OP_SET_CONNECTABLE, hdev,
04124681 4014 cmd_status_rsp, &mgmt_err);
2d7cee58
JH		 4015
4016 if (scan & SCAN_INQUIRY)
744cf19e 4017 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, hdev,
04124681 4018 cmd_status_rsp, &mgmt_err);
2d7cee58
JH		 4019
4020 return 0;
4021}
4022
53168e5b
CC		 4023int mgmt_new_link_key(struct hci_dev *hdev, struct link_key *key,
4024 bool persistent)
55ed8ca1 4025{
86742e1e 4026 struct mgmt_ev_new_link_key ev;
55ed8ca1 4027
a492cd52 4028 memset(&ev, 0, sizeof(ev));
55ed8ca1 4029
a492cd52 4030 ev.store_hint = persistent;
d753fdc4 4031 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
591f47f3 4032 ev.key.addr.type = BDADDR_BREDR;
a492cd52 4033 ev.key.type = key->type;
9b3b4460 4034 memcpy(ev.key.val, key->val, HCI_LINK_KEY_SIZE);
a492cd52 4035 ev.key.pin_len = key->pin_len;
55ed8ca1 4036
744cf19e 4037 return mgmt_event(MGMT_EV_NEW_LINK_KEY, hdev, &ev, sizeof(ev), NULL);
55ed8ca1 4038}
f7520543 4039
346af67b
VCG		 4040int mgmt_new_ltk(struct hci_dev *hdev, struct smp_ltk *key, u8 persistent)
4041{
4042 struct mgmt_ev_new_long_term_key ev;
4043
4044 memset(&ev, 0, sizeof(ev));
4045
4046 ev.store_hint = persistent;
4047 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
57c1477c 4048 ev.key.addr.type = link_to_bdaddr(LE_LINK, key->bdaddr_type);
346af67b
VCG		 4049 ev.key.authenticated = key->authenticated;
4050 ev.key.enc_size = key->enc_size;
4051 ev.key.ediv = key->ediv;
4052
4053 if (key->type == HCI_SMP_LTK)
4054 ev.key.master = 1;
4055
4056 memcpy(ev.key.rand, key->rand, sizeof(key->rand));
4057 memcpy(ev.key.val, key->val, sizeof(key->val));
4058
04124681
GP		 4059 return mgmt_event(MGMT_EV_NEW_LONG_TERM_KEY, hdev, &ev, sizeof(ev),
4060 NULL);
346af67b
VCG		 4061}
4062
ecd90ae7
MH		 4063void mgmt_device_connected(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
4064 u8 addr_type, u32 flags, u8 *name, u8 name_len,
4065 u8 *dev_class)
f7520543 4066{
b644ba33
JH		 4067 char buf[512];
4068 struct mgmt_ev_device_connected *ev = (void *) buf;
4069 u16 eir_len = 0;
f7520543 4070
b644ba33 4071 bacpy(&ev->addr.bdaddr, bdaddr);
57c1477c 4072 ev->addr.type = link_to_bdaddr(link_type, addr_type);
f7520543 4073
c95f0ba7 4074 ev->flags = __cpu_to_le32(flags);
08c79b61 4075
b644ba33
JH		 4076 if (name_len > 0)
4077 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE,
04124681 4078 name, name_len);
b644ba33
JH		 4079
4080 if (dev_class && memcmp(dev_class, "\0\0\0", 3) != 0)
53156385 4081 eir_len = eir_append_data(ev->eir, eir_len,
04124681 4082 EIR_CLASS_OF_DEV, dev_class, 3);
b644ba33 4083
eb55ef07 4084 ev->eir_len = cpu_to_le16(eir_len);
b644ba33 4085
ecd90ae7
MH		 4086 mgmt_event(MGMT_EV_DEVICE_CONNECTED, hdev, buf,
4087 sizeof(*ev) + eir_len, NULL);
f7520543
JH		 4088}
4089
8962ee74
JH		 4090static void disconnect_rsp(struct pending_cmd *cmd, void *data)
4091{
c68fb7ff 4092 struct mgmt_cp_disconnect *cp = cmd->param;
8962ee74 4093 struct sock **sk = data;
a38528f1 4094 struct mgmt_rp_disconnect rp;
8962ee74 4095
88c3df13
JH		 4096 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
4097 rp.addr.type = cp->addr.type;
8962ee74 4098
aee9b218 4099 cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT, 0, &rp,
04124681 4100 sizeof(rp));
8962ee74
JH		 4101
4102 *sk = cmd->sk;
4103 sock_hold(*sk);
4104
a664b5bc 4105 mgmt_pending_remove(cmd);
8962ee74
JH		 4106}
4107
124f6e35 4108static void unpair_device_rsp(struct pending_cmd *cmd, void *data)
a8a1d19e 4109{
b1078ad0 4110 struct hci_dev *hdev = data;
124f6e35
JH		 4111 struct mgmt_cp_unpair_device *cp = cmd->param;
4112 struct mgmt_rp_unpair_device rp;
a8a1d19e
JH		 4113
4114 memset(&rp, 0, sizeof(rp));
124f6e35
JH		 4115 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
4116 rp.addr.type = cp->addr.type;
a8a1d19e 4117
b1078ad0
JH		 4118 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, cmd->sk);
4119
aee9b218 4120 cmd_complete(cmd->sk, cmd->index, cmd->opcode, 0, &rp, sizeof(rp));
a8a1d19e
JH		 4121
4122 mgmt_pending_remove(cmd);
4123}
4124
9b80ec5e
MH		 4125void mgmt_device_disconnected(struct hci_dev *hdev, bdaddr_t *bdaddr,
4126 u8 link_type, u8 addr_type, u8 reason)
f7520543 4127{
f0d6a0ea 4128 struct mgmt_ev_device_disconnected ev;
8962ee74 4129 struct sock *sk = NULL;
8962ee74 4130
744cf19e 4131 mgmt_pending_foreach(MGMT_OP_DISCONNECT, hdev, disconnect_rsp, &sk);
f7520543 4132
f0d6a0ea
MA		 4133 bacpy(&ev.addr.bdaddr, bdaddr);
4134 ev.addr.type = link_to_bdaddr(link_type, addr_type);
4135 ev.reason = reason;
f7520543 4136
9b80ec5e 4137 mgmt_event(MGMT_EV_DEVICE_DISCONNECTED, hdev, &ev, sizeof(ev), sk);
8962ee74
JH		 4138
4139 if (sk)
d97dcb66 4140 sock_put(sk);
8962ee74 4141
124f6e35 4142 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
04124681 4143 hdev);
8962ee74
JH		 4144}
4145
7892924c
MH		 4146void mgmt_disconnect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr,
4147 u8 link_type, u8 addr_type, u8 status)
8962ee74 4148{
88c3df13 4149 struct mgmt_rp_disconnect rp;
8962ee74 4150 struct pending_cmd *cmd;
8962ee74 4151
36a75f1b
JD		 4152 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
4153 hdev);
4154
2e58ef3e 4155 cmd = mgmt_pending_find(MGMT_OP_DISCONNECT, hdev);
8962ee74 4156 if (!cmd)
7892924c 4157 return;
8962ee74 4158
88c3df13 4159 bacpy(&rp.addr.bdaddr, bdaddr);
57c1477c 4160 rp.addr.type = link_to_bdaddr(link_type, addr_type);
37d9ef76 4161
7892924c
MH		 4162 cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT,
4163 mgmt_status(status), &rp, sizeof(rp));
8962ee74 4164
a664b5bc 4165 mgmt_pending_remove(cmd);
f7520543 4166}
17d5c04c 4167
445608d0
MH		 4168void mgmt_connect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
4169 u8 addr_type, u8 status)
17d5c04c
JH		 4170{
4171 struct mgmt_ev_connect_failed ev;
4172
4c659c39 4173 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 4174 ev.addr.type = link_to_bdaddr(link_type, addr_type);
ca69b795 4175 ev.status = mgmt_status(status);
17d5c04c 4176
445608d0 4177 mgmt_event(MGMT_EV_CONNECT_FAILED, hdev, &ev, sizeof(ev), NULL);
17d5c04c 4178}
980e1a53 4179
744cf19e 4180int mgmt_pin_code_request(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 secure)
980e1a53
JH		 4181{
4182 struct mgmt_ev_pin_code_request ev;
4183
d8457698 4184 bacpy(&ev.addr.bdaddr, bdaddr);
591f47f3 4185 ev.addr.type = BDADDR_BREDR;
a770bb5a 4186 ev.secure = secure;
980e1a53 4187
744cf19e 4188 return mgmt_event(MGMT_EV_PIN_CODE_REQUEST, hdev, &ev, sizeof(ev),
04124681 4189 NULL);
980e1a53
JH		 4190}
4191
744cf19e 4192int mgmt_pin_code_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 4193 u8 status)
980e1a53
JH		 4194{
4195 struct pending_cmd *cmd;
ac56fb13 4196 struct mgmt_rp_pin_code_reply rp;
980e1a53
JH		 4197 int err;
4198
2e58ef3e 4199 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_REPLY, hdev);
980e1a53
JH		 4200 if (!cmd)
4201 return -ENOENT;
4202
d8457698 4203 bacpy(&rp.addr.bdaddr, bdaddr);
591f47f3 4204 rp.addr.type = BDADDR_BREDR;
ac56fb13 4205
aee9b218 4206 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
04124681 4207 mgmt_status(status), &rp, sizeof(rp));
980e1a53 4208
a664b5bc 4209 mgmt_pending_remove(cmd);
980e1a53
JH		 4210
4211 return err;
4212}
4213
744cf19e 4214int mgmt_pin_code_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 4215 u8 status)
980e1a53
JH		 4216{
4217 struct pending_cmd *cmd;
ac56fb13 4218 struct mgmt_rp_pin_code_reply rp;
980e1a53
JH		 4219 int err;
4220
2e58ef3e 4221 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_NEG_REPLY, hdev);
980e1a53
JH		 4222 if (!cmd)
4223 return -ENOENT;
4224
d8457698 4225 bacpy(&rp.addr.bdaddr, bdaddr);
591f47f3 4226 rp.addr.type = BDADDR_BREDR;
ac56fb13 4227
aee9b218 4228 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_NEG_REPLY,
04124681 4229 mgmt_status(status), &rp, sizeof(rp));
980e1a53 4230
a664b5bc 4231 mgmt_pending_remove(cmd);
980e1a53
JH		 4232
4233 return err;
4234}
a5c29683 4235
744cf19e 4236int mgmt_user_confirm_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681
GP		 4237 u8 link_type, u8 addr_type, __le32 value,
4238 u8 confirm_hint)
a5c29683
JH		 4239{
4240 struct mgmt_ev_user_confirm_request ev;
4241
744cf19e 4242 BT_DBG("%s", hdev->name);
a5c29683 4243
272d90df 4244 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 4245 ev.addr.type = link_to_bdaddr(link_type, addr_type);
55bc1a37 4246 ev.confirm_hint = confirm_hint;
78e8098e 4247 ev.value = value;
a5c29683 4248
744cf19e 4249 return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST, hdev, &ev, sizeof(ev),
04124681 4250 NULL);
a5c29683
JH		 4251}
4252
272d90df 4253int mgmt_user_passkey_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
8ce8e2b5 4254 u8 link_type, u8 addr_type)
604086b7
BG		 4255{
4256 struct mgmt_ev_user_passkey_request ev;
4257
4258 BT_DBG("%s", hdev->name);
4259
272d90df 4260 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 4261 ev.addr.type = link_to_bdaddr(link_type, addr_type);
604086b7
BG		 4262
4263 return mgmt_event(MGMT_EV_USER_PASSKEY_REQUEST, hdev, &ev, sizeof(ev),
04124681 4264 NULL);
604086b7
BG		 4265}
4266
0df4c185 4267static int user_pairing_resp_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
8ce8e2b5
GP		 4268 u8 link_type, u8 addr_type, u8 status,
4269 u8 opcode)
a5c29683
JH		 4270{
4271 struct pending_cmd *cmd;
4272 struct mgmt_rp_user_confirm_reply rp;
4273 int err;
4274
2e58ef3e 4275 cmd = mgmt_pending_find(opcode, hdev);
a5c29683
JH		 4276 if (!cmd)
4277 return -ENOENT;
4278
272d90df 4279 bacpy(&rp.addr.bdaddr, bdaddr);
57c1477c 4280 rp.addr.type = link_to_bdaddr(link_type, addr_type);
aee9b218 4281 err = cmd_complete(cmd->sk, hdev->id, opcode, mgmt_status(status),
04124681 4282 &rp, sizeof(rp));
a5c29683 4283
a664b5bc 4284 mgmt_pending_remove(cmd);
a5c29683
JH		 4285
4286 return err;
4287}
4288
744cf19e 4289int mgmt_user_confirm_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 4290 u8 link_type, u8 addr_type, u8 status)
a5c29683 4291{
272d90df 4292 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
04124681 4293 status, MGMT_OP_USER_CONFIRM_REPLY);
a5c29683
JH		 4294}
4295
272d90df 4296int mgmt_user_confirm_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 4297 u8 link_type, u8 addr_type, u8 status)
a5c29683 4298{
272d90df 4299 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
8fc9ced3
GP		 4300 status,
4301 MGMT_OP_USER_CONFIRM_NEG_REPLY);
a5c29683 4302}
2a611692 4303
604086b7 4304int mgmt_user_passkey_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 4305 u8 link_type, u8 addr_type, u8 status)
604086b7 4306{
272d90df 4307 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
04124681 4308 status, MGMT_OP_USER_PASSKEY_REPLY);
604086b7
BG		 4309}
4310
272d90df 4311int mgmt_user_passkey_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 4312 u8 link_type, u8 addr_type, u8 status)
604086b7 4313{
272d90df 4314 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
8fc9ced3
GP		 4315 status,
4316 MGMT_OP_USER_PASSKEY_NEG_REPLY);
604086b7
BG		 4317}
4318
92a25256
JH		 4319int mgmt_user_passkey_notify(struct hci_dev *hdev, bdaddr_t *bdaddr,
4320 u8 link_type, u8 addr_type, u32 passkey,
4321 u8 entered)
4322{
4323 struct mgmt_ev_passkey_notify ev;
4324
4325 BT_DBG("%s", hdev->name);
4326
4327 bacpy(&ev.addr.bdaddr, bdaddr);
4328 ev.addr.type = link_to_bdaddr(link_type, addr_type);
4329 ev.passkey = __cpu_to_le32(passkey);
4330 ev.entered = entered;
4331
4332 return mgmt_event(MGMT_EV_PASSKEY_NOTIFY, hdev, &ev, sizeof(ev), NULL);
4333}
4334
bab73cb6 4335int mgmt_auth_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
04124681 4336 u8 addr_type, u8 status)
2a611692
JH		 4337{
4338 struct mgmt_ev_auth_failed ev;
4339
bab73cb6 4340 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 4341 ev.addr.type = link_to_bdaddr(link_type, addr_type);
ca69b795 4342 ev.status = mgmt_status(status);
2a611692 4343
744cf19e 4344 return mgmt_event(MGMT_EV_AUTH_FAILED, hdev, &ev, sizeof(ev), NULL);
2a611692 4345}
b312b161 4346
33ef95ed
JH		 4347int mgmt_auth_enable_complete(struct hci_dev *hdev, u8 status)
4348{
4349 struct cmd_lookup match = { NULL, hdev };
47990ea0
JH		 4350 bool changed = false;
4351 int err = 0;
33ef95ed
JH		 4352
4353 if (status) {
4354 u8 mgmt_err = mgmt_status(status);
4355 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev,
04124681 4356 cmd_status_rsp, &mgmt_err);
33ef95ed
JH		 4357 return 0;
4358 }
4359
47990ea0
JH		 4360 if (test_bit(HCI_AUTH, &hdev->flags)) {
4361 if (!test_and_set_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
4362 changed = true;
4363 } else {
4364 if (test_and_clear_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
4365 changed = true;
4366 }
4367
33ef95ed 4368 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev, settings_rsp,
04124681 4369 &match);
33ef95ed 4370
47990ea0
JH		 4371 if (changed)
4372 err = new_settings(hdev, match.sk);
33ef95ed
JH		 4373
4374 if (match.sk)
4375 sock_put(match.sk);
4376
4377 return err;
4378}
4379
890ea898 4380static void clear_eir(struct hci_request *req)
cacaf52f 4381{
890ea898 4382 struct hci_dev *hdev = req->hdev;
cacaf52f
JH		 4383 struct hci_cp_write_eir cp;
4384
976eb20e 4385 if (!lmp_ext_inq_capable(hdev))
890ea898 4386 return;
cacaf52f 4387
c80da27e
JH		 4388 memset(hdev->eir, 0, sizeof(hdev->eir));
4389
cacaf52f
JH		 4390 memset(&cp, 0, sizeof(cp));
4391
890ea898 4392 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
cacaf52f
JH		 4393}
4394
c0ecddc2 4395int mgmt_ssp_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
ed2c4ee3
JH		 4396{
4397 struct cmd_lookup match = { NULL, hdev };
890ea898 4398 struct hci_request req;
c0ecddc2
JH		 4399 bool changed = false;
4400 int err = 0;
ed2c4ee3
JH		 4401
4402 if (status) {
4403 u8 mgmt_err = mgmt_status(status);
c0ecddc2
JH		 4404
4405 if (enable && test_and_clear_bit(HCI_SSP_ENABLED,
04124681 4406 &hdev->dev_flags))
c0ecddc2
JH		 4407 err = new_settings(hdev, NULL);
4408
04124681
GP		 4409 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, cmd_status_rsp,
4410 &mgmt_err);
c0ecddc2
JH		 4411
4412 return err;
4413 }
4414
4415 if (enable) {
4416 if (!test_and_set_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
4417 changed = true;
4418 } else {
4419 if (test_and_clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
4420 changed = true;
ed2c4ee3
JH		 4421 }
4422
4423 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, settings_rsp, &match);
4424
c0ecddc2
JH		 4425 if (changed)
4426 err = new_settings(hdev, match.sk);
ed2c4ee3 4427
5fc6ebb1 4428 if (match.sk)
ed2c4ee3
JH		 4429 sock_put(match.sk);
4430
890ea898
JH		 4431 hci_req_init(&req, hdev);
4432
5fc6ebb1 4433 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
890ea898 4434 update_eir(&req);
5fc6ebb1 4435 else
890ea898
JH		 4436 clear_eir(&req);
4437
4438 hci_req_run(&req, NULL);
cacaf52f 4439
ed2c4ee3
JH		 4440 return err;
4441}
4442
92da6097 4443static void sk_lookup(struct pending_cmd *cmd, void *data)
90e70454
JH		 4444{
4445 struct cmd_lookup *match = data;
4446
90e70454
JH		 4447 if (match->sk == NULL) {
4448 match->sk = cmd->sk;
4449 sock_hold(match->sk);
4450 }
90e70454
JH		 4451}
4452
7f9a903c 4453int mgmt_set_class_of_dev_complete(struct hci_dev *hdev, u8 *dev_class,
04124681 4454 u8 status)
7f9a903c 4455{
90e70454
JH		 4456 struct cmd_lookup match = { NULL, hdev, mgmt_status(status) };
4457 int err = 0;
7f9a903c 4458
92da6097
JH		 4459 mgmt_pending_foreach(MGMT_OP_SET_DEV_CLASS, hdev, sk_lookup, &match);
4460 mgmt_pending_foreach(MGMT_OP_ADD_UUID, hdev, sk_lookup, &match);
4461 mgmt_pending_foreach(MGMT_OP_REMOVE_UUID, hdev, sk_lookup, &match);
90e70454
JH		 4462
4463 if (!status)
04124681
GP		 4464 err = mgmt_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev, dev_class,
4465 3, NULL);
90e70454
JH		 4466
4467 if (match.sk)
4468 sock_put(match.sk);
7f9a903c
MH		 4469
4470 return err;
4471}
4472
744cf19e 4473int mgmt_set_local_name_complete(struct hci_dev *hdev, u8 *name, u8 status)
b312b161 4474{
b312b161 4475 struct mgmt_cp_set_local_name ev;
13928971 4476 struct pending_cmd *cmd;
28cc7bde 4477
13928971
JH		 4478 if (status)
4479 return 0;
b312b161
JH		 4480
4481 memset(&ev, 0, sizeof(ev));
4482 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH);
28cc7bde 4483 memcpy(ev.short_name, hdev->short_name, HCI_MAX_SHORT_NAME_LENGTH);
b312b161 4484
2e58ef3e 4485 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
13928971
JH		 4486 if (!cmd) {
4487 memcpy(hdev->dev_name, name, sizeof(hdev->dev_name));
28cc7bde 4488
13928971
JH		 4489 /* If this is a HCI command related to powering on the
4490 * HCI dev don't send any mgmt signals.
4491 */
4492 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev))
4493 return 0;
890ea898 4494 }
b312b161 4495
13928971
JH		 4496 return mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, &ev, sizeof(ev),
4497 cmd ? cmd->sk : NULL);
b312b161 4498}
c35938b2 4499
744cf19e 4500int mgmt_read_local_oob_data_reply_complete(struct hci_dev *hdev, u8 *hash,
04124681 4501 u8 *randomizer, u8 status)
c35938b2
SJ		 4502{
4503 struct pending_cmd *cmd;
4504 int err;
4505
744cf19e 4506 BT_DBG("%s status %u", hdev->name, status);
c35938b2 4507
2e58ef3e 4508 cmd = mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev);
c35938b2
SJ		 4509 if (!cmd)
4510 return -ENOENT;
4511
4512 if (status) {
04124681
GP		 4513 err = cmd_status(cmd->sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
4514 mgmt_status(status));
c35938b2
SJ		 4515 } else {
4516 struct mgmt_rp_read_local_oob_data rp;
4517
4518 memcpy(rp.hash, hash, sizeof(rp.hash));
4519 memcpy(rp.randomizer, randomizer, sizeof(rp.randomizer));
4520
744cf19e 4521 err = cmd_complete(cmd->sk, hdev->id,
04124681
GP		 4522 MGMT_OP_READ_LOCAL_OOB_DATA, 0, &rp,
4523 sizeof(rp));
c35938b2
SJ		 4524 }
4525
4526 mgmt_pending_remove(cmd);
4527
4528 return err;
4529}
e17acd40 4530
901801b9
MH		 4531void mgmt_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
4532 u8 addr_type, u8 *dev_class, s8 rssi, u8 cfm_name, u8
4533 ssp, u8 *eir, u16 eir_len)
e17acd40 4534{
e319d2e7
JH		 4535 char buf[512];
4536 struct mgmt_ev_device_found *ev = (void *) buf;
1dc06093 4537 size_t ev_size;
e17acd40 4538
12602d0c 4539 if (!hci_discovery_active(hdev))
901801b9 4540 return;
12602d0c 4541
1dc06093
JH		 4542 /* Leave 5 bytes for a potential CoD field */
4543 if (sizeof(*ev) + eir_len + 5 > sizeof(buf))
901801b9 4544 return;
7d262f86 4545
1dc06093
JH		 4546 memset(buf, 0, sizeof(buf));
4547
e319d2e7 4548 bacpy(&ev->addr.bdaddr, bdaddr);
57c1477c 4549 ev->addr.type = link_to_bdaddr(link_type, addr_type);
e319d2e7 4550 ev->rssi = rssi;
9a395a80 4551 if (cfm_name)
612dfce9 4552 ev->flags |= __constant_cpu_to_le32(MGMT_DEV_FOUND_CONFIRM_NAME);
388fc8fa 4553 if (!ssp)
612dfce9 4554 ev->flags |= __constant_cpu_to_le32(MGMT_DEV_FOUND_LEGACY_PAIRING);
e17acd40 4555
1dc06093 4556 if (eir_len > 0)
e319d2e7 4557 memcpy(ev->eir, eir, eir_len);
e17acd40 4558
1dc06093
JH		 4559 if (dev_class && !eir_has_data_type(ev->eir, eir_len, EIR_CLASS_OF_DEV))
4560 eir_len = eir_append_data(ev->eir, eir_len, EIR_CLASS_OF_DEV,
04124681 4561 dev_class, 3);
1dc06093 4562
eb55ef07 4563 ev->eir_len = cpu_to_le16(eir_len);
1dc06093 4564 ev_size = sizeof(*ev) + eir_len;
f8523598 4565
901801b9 4566 mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, ev_size, NULL);
e17acd40 4567}
a88a9652 4568
9cf12aee
MH		 4569void mgmt_remote_name(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
4570 u8 addr_type, s8 rssi, u8 *name, u8 name_len)
a88a9652 4571{
b644ba33
JH		 4572 struct mgmt_ev_device_found *ev;
4573 char buf[sizeof(*ev) + HCI_MAX_NAME_LENGTH + 2];
4574 u16 eir_len;
a88a9652 4575
b644ba33 4576 ev = (struct mgmt_ev_device_found *) buf;
a88a9652 4577
b644ba33
JH		 4578 memset(buf, 0, sizeof(buf));
4579
4580 bacpy(&ev->addr.bdaddr, bdaddr);
57c1477c 4581 ev->addr.type = link_to_bdaddr(link_type, addr_type);
b644ba33
JH		 4582 ev->rssi = rssi;
4583
4584 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE, name,
04124681 4585 name_len);
b644ba33 4586
eb55ef07 4587 ev->eir_len = cpu_to_le16(eir_len);
a88a9652 4588
9cf12aee 4589 mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, sizeof(*ev) + eir_len, NULL);
a88a9652 4590}
314b2381 4591
2f1e063b 4592void mgmt_discovering(struct hci_dev *hdev, u8 discovering)
314b2381 4593{
f963e8e9 4594 struct mgmt_ev_discovering ev;
164a6e78
JH		 4595 struct pending_cmd *cmd;
4596
343fb145
AG		 4597 BT_DBG("%s discovering %u", hdev->name, discovering);
4598
164a6e78 4599 if (discovering)
2e58ef3e 4600 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
164a6e78 4601 else
2e58ef3e 4602 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
164a6e78
JH		 4603
4604 if (cmd != NULL) {
f808e166
JH		 4605 u8 type = hdev->discovery.type;
4606
04124681
GP		 4607 cmd_complete(cmd->sk, hdev->id, cmd->opcode, 0, &type,
4608 sizeof(type));
164a6e78
JH		 4609 mgmt_pending_remove(cmd);
4610 }
4611
f963e8e9
JH		 4612 memset(&ev, 0, sizeof(ev));
4613 ev.type = hdev->discovery.type;
4614 ev.discovering = discovering;
4615
2f1e063b 4616 mgmt_event(MGMT_EV_DISCOVERING, hdev, &ev, sizeof(ev), NULL);
314b2381 4617}
5e762444 4618
88c1fe4b 4619int mgmt_device_blocked(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
5e762444
AJ		 4620{
4621 struct pending_cmd *cmd;
4622 struct mgmt_ev_device_blocked ev;
4623
2e58ef3e 4624 cmd = mgmt_pending_find(MGMT_OP_BLOCK_DEVICE, hdev);
5e762444 4625
88c1fe4b
JH		 4626 bacpy(&ev.addr.bdaddr, bdaddr);
4627 ev.addr.type = type;
5e762444 4628
744cf19e 4629 return mgmt_event(MGMT_EV_DEVICE_BLOCKED, hdev, &ev, sizeof(ev),
04124681 4630 cmd ? cmd->sk : NULL);
5e762444
AJ		 4631}
4632
88c1fe4b 4633int mgmt_device_unblocked(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
5e762444
AJ		 4634{
4635 struct pending_cmd *cmd;
4636 struct mgmt_ev_device_unblocked ev;
4637
2e58ef3e 4638 cmd = mgmt_pending_find(MGMT_OP_UNBLOCK_DEVICE, hdev);
5e762444 4639
88c1fe4b
JH		 4640 bacpy(&ev.addr.bdaddr, bdaddr);
4641 ev.addr.type = type;
5e762444 4642
744cf19e 4643 return mgmt_event(MGMT_EV_DEVICE_UNBLOCKED, hdev, &ev, sizeof(ev),
04124681 4644 cmd ? cmd->sk : NULL);
5e762444 4645}
5976e608
MH		 4646
4647static void adv_enable_complete(struct hci_dev *hdev, u8 status)
4648{
4649 BT_DBG("%s status %u", hdev->name, status);
4650
4651 /* Clear the advertising mgmt setting if we failed to re-enable it */
4652 if (status) {
4653 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
a6d811ed 4654 new_settings(hdev, NULL);
5976e608
MH		 4655 }
4656}
4657
4658void mgmt_reenable_advertising(struct hci_dev *hdev)
4659{
4660 struct hci_request req;
4661
4662 if (hdev->conn_hash.le_num)
4663 return;
4664
4665 if (!test_bit(HCI_ADVERTISING, &hdev->dev_flags))
4666 return;
4667
4668 hci_req_init(&req, hdev);
4669 enable_advertising(&req);
4670
4671 /* If this fails we have no option but to let user space know
4672 * that we've disabled advertising.
4673 */
4674 if (hci_req_run(&req, adv_enable_complete) < 0) {
4675 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
a6d811ed 4676 new_settings(hdev, NULL);
5976e608
MH		 4677 }
4678}
Linux kernel - Deliverables
This page took 0.774793 seconds and 5 git commands to generate.