projects / deliverable / linux.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Bluetooth: Add mgmt defines for privacy
[deliverable/linux.git] / net / bluetooth / mgmt.c
CommitLineData
0381101f
JH		 1/*
2 BlueZ - Bluetooth protocol stack for Linux
ea585ab5 3
0381101f 4 Copyright (C) 2010 Nokia Corporation
ea585ab5 5 Copyright (C) 2011-2012 Intel Corporation
0381101f
JH		 6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
10
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
23*/
24
25/* Bluetooth HCI Management interface */
26
3a9a231d 27#include <linux/module.h>
0381101f
JH		 28#include <asm/unaligned.h>
29
30#include <net/bluetooth/bluetooth.h>
31#include <net/bluetooth/hci_core.h>
32#include <net/bluetooth/mgmt.h>
ac4b7236
MH		 33
34#include "smp.h"
0381101f 35
2da9c55c 36#define MGMT_VERSION 1
40456644 37#define MGMT_REVISION 5
02d98129 38
e70bb2e8
JH		 39static const u16 mgmt_commands[] = {
40 MGMT_OP_READ_INDEX_LIST,
41 MGMT_OP_READ_INFO,
42 MGMT_OP_SET_POWERED,
43 MGMT_OP_SET_DISCOVERABLE,
44 MGMT_OP_SET_CONNECTABLE,
45 MGMT_OP_SET_FAST_CONNECTABLE,
46 MGMT_OP_SET_PAIRABLE,
47 MGMT_OP_SET_LINK_SECURITY,
48 MGMT_OP_SET_SSP,
49 MGMT_OP_SET_HS,
50 MGMT_OP_SET_LE,
51 MGMT_OP_SET_DEV_CLASS,
52 MGMT_OP_SET_LOCAL_NAME,
53 MGMT_OP_ADD_UUID,
54 MGMT_OP_REMOVE_UUID,
55 MGMT_OP_LOAD_LINK_KEYS,
56 MGMT_OP_LOAD_LONG_TERM_KEYS,
57 MGMT_OP_DISCONNECT,
58 MGMT_OP_GET_CONNECTIONS,
59 MGMT_OP_PIN_CODE_REPLY,
60 MGMT_OP_PIN_CODE_NEG_REPLY,
61 MGMT_OP_SET_IO_CAPABILITY,
62 MGMT_OP_PAIR_DEVICE,
63 MGMT_OP_CANCEL_PAIR_DEVICE,
64 MGMT_OP_UNPAIR_DEVICE,
65 MGMT_OP_USER_CONFIRM_REPLY,
66 MGMT_OP_USER_CONFIRM_NEG_REPLY,
67 MGMT_OP_USER_PASSKEY_REPLY,
68 MGMT_OP_USER_PASSKEY_NEG_REPLY,
69 MGMT_OP_READ_LOCAL_OOB_DATA,
70 MGMT_OP_ADD_REMOTE_OOB_DATA,
71 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
72 MGMT_OP_START_DISCOVERY,
73 MGMT_OP_STOP_DISCOVERY,
74 MGMT_OP_CONFIRM_NAME,
75 MGMT_OP_BLOCK_DEVICE,
76 MGMT_OP_UNBLOCK_DEVICE,
cdbaccca 77 MGMT_OP_SET_DEVICE_ID,
4375f103 78 MGMT_OP_SET_ADVERTISING,
0663ca2a 79 MGMT_OP_SET_BREDR,
d13eafce 80 MGMT_OP_SET_STATIC_ADDRESS,
7f72134e 81 MGMT_OP_SET_SCAN_PARAMS,
e98d2ce2 82 MGMT_OP_SET_SECURE_CONN,
4e39ac81 83 MGMT_OP_SET_DEBUG_KEYS,
41edf160 84 MGMT_OP_LOAD_IRKS,
e70bb2e8
JH		 85};
86
87static const u16 mgmt_events[] = {
88 MGMT_EV_CONTROLLER_ERROR,
89 MGMT_EV_INDEX_ADDED,
90 MGMT_EV_INDEX_REMOVED,
91 MGMT_EV_NEW_SETTINGS,
92 MGMT_EV_CLASS_OF_DEV_CHANGED,
93 MGMT_EV_LOCAL_NAME_CHANGED,
94 MGMT_EV_NEW_LINK_KEY,
95 MGMT_EV_NEW_LONG_TERM_KEY,
96 MGMT_EV_DEVICE_CONNECTED,
97 MGMT_EV_DEVICE_DISCONNECTED,
98 MGMT_EV_CONNECT_FAILED,
99 MGMT_EV_PIN_CODE_REQUEST,
100 MGMT_EV_USER_CONFIRM_REQUEST,
101 MGMT_EV_USER_PASSKEY_REQUEST,
102 MGMT_EV_AUTH_FAILED,
103 MGMT_EV_DEVICE_FOUND,
104 MGMT_EV_DISCOVERING,
105 MGMT_EV_DEVICE_BLOCKED,
106 MGMT_EV_DEVICE_UNBLOCKED,
107 MGMT_EV_DEVICE_UNPAIRED,
92a25256 108 MGMT_EV_PASSKEY_NOTIFY,
1b60ef21 109 MGMT_EV_NEW_IRK,
e70bb2e8
JH		 110};
111
17b02e62 112#define CACHE_TIMEOUT msecs_to_jiffies(2 * 1000)
7d78525d 113
4b34ee78
JH		 114#define hdev_is_powered(hdev) (test_bit(HCI_UP, &hdev->flags) && \
115 !test_bit(HCI_AUTO_OFF, &hdev->dev_flags))
116
eec8d2bc
JH		 117struct pending_cmd {
118 struct list_head list;
fc2f4b13 119 u16 opcode;
eec8d2bc 120 int index;
c68fb7ff 121 void *param;
eec8d2bc 122 struct sock *sk;
e9a416b5 123 void *user_data;
eec8d2bc
JH		 124};
125
ca69b795
JH		 126/* HCI to MGMT error code conversion table */
127static u8 mgmt_status_table[] = {
128 MGMT_STATUS_SUCCESS,
129 MGMT_STATUS_UNKNOWN_COMMAND, /* Unknown Command */
130 MGMT_STATUS_NOT_CONNECTED, /* No Connection */
131 MGMT_STATUS_FAILED, /* Hardware Failure */
132 MGMT_STATUS_CONNECT_FAILED, /* Page Timeout */
133 MGMT_STATUS_AUTH_FAILED, /* Authentication Failed */
eadd663a 134 MGMT_STATUS_AUTH_FAILED, /* PIN or Key Missing */
ca69b795
JH		 135 MGMT_STATUS_NO_RESOURCES, /* Memory Full */
136 MGMT_STATUS_TIMEOUT, /* Connection Timeout */
137 MGMT_STATUS_NO_RESOURCES, /* Max Number of Connections */
138 MGMT_STATUS_NO_RESOURCES, /* Max Number of SCO Connections */
139 MGMT_STATUS_ALREADY_CONNECTED, /* ACL Connection Exists */
140 MGMT_STATUS_BUSY, /* Command Disallowed */
141 MGMT_STATUS_NO_RESOURCES, /* Rejected Limited Resources */
142 MGMT_STATUS_REJECTED, /* Rejected Security */
143 MGMT_STATUS_REJECTED, /* Rejected Personal */
144 MGMT_STATUS_TIMEOUT, /* Host Timeout */
145 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Feature */
146 MGMT_STATUS_INVALID_PARAMS, /* Invalid Parameters */
147 MGMT_STATUS_DISCONNECTED, /* OE User Ended Connection */
148 MGMT_STATUS_NO_RESOURCES, /* OE Low Resources */
149 MGMT_STATUS_DISCONNECTED, /* OE Power Off */
150 MGMT_STATUS_DISCONNECTED, /* Connection Terminated */
151 MGMT_STATUS_BUSY, /* Repeated Attempts */
152 MGMT_STATUS_REJECTED, /* Pairing Not Allowed */
153 MGMT_STATUS_FAILED, /* Unknown LMP PDU */
154 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Remote Feature */
155 MGMT_STATUS_REJECTED, /* SCO Offset Rejected */
156 MGMT_STATUS_REJECTED, /* SCO Interval Rejected */
157 MGMT_STATUS_REJECTED, /* Air Mode Rejected */
158 MGMT_STATUS_INVALID_PARAMS, /* Invalid LMP Parameters */
159 MGMT_STATUS_FAILED, /* Unspecified Error */
160 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported LMP Parameter Value */
161 MGMT_STATUS_FAILED, /* Role Change Not Allowed */
162 MGMT_STATUS_TIMEOUT, /* LMP Response Timeout */
163 MGMT_STATUS_FAILED, /* LMP Error Transaction Collision */
164 MGMT_STATUS_FAILED, /* LMP PDU Not Allowed */
165 MGMT_STATUS_REJECTED, /* Encryption Mode Not Accepted */
166 MGMT_STATUS_FAILED, /* Unit Link Key Used */
167 MGMT_STATUS_NOT_SUPPORTED, /* QoS Not Supported */
168 MGMT_STATUS_TIMEOUT, /* Instant Passed */
169 MGMT_STATUS_NOT_SUPPORTED, /* Pairing Not Supported */
170 MGMT_STATUS_FAILED, /* Transaction Collision */
171 MGMT_STATUS_INVALID_PARAMS, /* Unacceptable Parameter */
172 MGMT_STATUS_REJECTED, /* QoS Rejected */
173 MGMT_STATUS_NOT_SUPPORTED, /* Classification Not Supported */
174 MGMT_STATUS_REJECTED, /* Insufficient Security */
175 MGMT_STATUS_INVALID_PARAMS, /* Parameter Out Of Range */
176 MGMT_STATUS_BUSY, /* Role Switch Pending */
177 MGMT_STATUS_FAILED, /* Slot Violation */
178 MGMT_STATUS_FAILED, /* Role Switch Failed */
179 MGMT_STATUS_INVALID_PARAMS, /* EIR Too Large */
180 MGMT_STATUS_NOT_SUPPORTED, /* Simple Pairing Not Supported */
181 MGMT_STATUS_BUSY, /* Host Busy Pairing */
182 MGMT_STATUS_REJECTED, /* Rejected, No Suitable Channel */
183 MGMT_STATUS_BUSY, /* Controller Busy */
184 MGMT_STATUS_INVALID_PARAMS, /* Unsuitable Connection Interval */
185 MGMT_STATUS_TIMEOUT, /* Directed Advertising Timeout */
186 MGMT_STATUS_AUTH_FAILED, /* Terminated Due to MIC Failure */
187 MGMT_STATUS_CONNECT_FAILED, /* Connection Establishment Failed */
188 MGMT_STATUS_CONNECT_FAILED, /* MAC Connection Failed */
189};
190
191static u8 mgmt_status(u8 hci_status)
192{
193 if (hci_status < ARRAY_SIZE(mgmt_status_table))
194 return mgmt_status_table[hci_status];
195
196 return MGMT_STATUS_FAILED;
197}
198
4e51eae9 199static int cmd_status(struct sock *sk, u16 index, u16 cmd, u8 status)
f7b64e69
JH		 200{
201 struct sk_buff *skb;
202 struct mgmt_hdr *hdr;
203 struct mgmt_ev_cmd_status *ev;
56b7d137 204 int err;
f7b64e69 205
34eb525c 206 BT_DBG("sock %p, index %u, cmd %u, status %u", sk, index, cmd, status);
f7b64e69 207
790eff44 208 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev), GFP_KERNEL);
f7b64e69
JH		 209 if (!skb)
210 return -ENOMEM;
211
212 hdr = (void *) skb_put(skb, sizeof(*hdr));
213
612dfce9 214 hdr->opcode = __constant_cpu_to_le16(MGMT_EV_CMD_STATUS);
4e51eae9 215 hdr->index = cpu_to_le16(index);
f7b64e69
JH		 216 hdr->len = cpu_to_le16(sizeof(*ev));
217
218 ev = (void *) skb_put(skb, sizeof(*ev));
219 ev->status = status;
eb55ef07 220 ev->opcode = cpu_to_le16(cmd);
f7b64e69 221
56b7d137
GP		 222 err = sock_queue_rcv_skb(sk, skb);
223 if (err < 0)
f7b64e69
JH		 224 kfree_skb(skb);
225
56b7d137 226 return err;
f7b64e69
JH		 227}
228
aee9b218 229static int cmd_complete(struct sock *sk, u16 index, u16 cmd, u8 status,
04124681 230 void *rp, size_t rp_len)
02d98129
JH		 231{
232 struct sk_buff *skb;
233 struct mgmt_hdr *hdr;
234 struct mgmt_ev_cmd_complete *ev;
56b7d137 235 int err;
02d98129
JH		 236
237 BT_DBG("sock %p", sk);
238
790eff44 239 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev) + rp_len, GFP_KERNEL);
02d98129
JH		 240 if (!skb)
241 return -ENOMEM;
242
243 hdr = (void *) skb_put(skb, sizeof(*hdr));
02d98129 244
612dfce9 245 hdr->opcode = __constant_cpu_to_le16(MGMT_EV_CMD_COMPLETE);
4e51eae9 246 hdr->index = cpu_to_le16(index);
a38528f1 247 hdr->len = cpu_to_le16(sizeof(*ev) + rp_len);
02d98129 248
a38528f1 249 ev = (void *) skb_put(skb, sizeof(*ev) + rp_len);
eb55ef07 250 ev->opcode = cpu_to_le16(cmd);
aee9b218 251 ev->status = status;
8020c16a
SJ		 252
253 if (rp)
254 memcpy(ev->data, rp, rp_len);
02d98129 255
56b7d137
GP		 256 err = sock_queue_rcv_skb(sk, skb);
257 if (err < 0)
02d98129
JH		 258 kfree_skb(skb);
259
e5f0e151 260 return err;
02d98129
JH		 261}
262
04124681
GP		 263static int read_version(struct sock *sk, struct hci_dev *hdev, void *data,
264 u16 data_len)
a38528f1
JH		 265{
266 struct mgmt_rp_read_version rp;
267
268 BT_DBG("sock %p", sk);
269
270 rp.version = MGMT_VERSION;
eb55ef07 271 rp.revision = __constant_cpu_to_le16(MGMT_REVISION);
a38528f1 272
aee9b218 273 return cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_VERSION, 0, &rp,
04124681 274 sizeof(rp));
a38528f1
JH		 275}
276
04124681
GP		 277static int read_commands(struct sock *sk, struct hci_dev *hdev, void *data,
278 u16 data_len)
e70bb2e8
JH		 279{
280 struct mgmt_rp_read_commands *rp;
eb55ef07
MH		 281 const u16 num_commands = ARRAY_SIZE(mgmt_commands);
282 const u16 num_events = ARRAY_SIZE(mgmt_events);
2e3c35ea 283 __le16 *opcode;
e70bb2e8
JH		 284 size_t rp_size;
285 int i, err;
286
287 BT_DBG("sock %p", sk);
288
289 rp_size = sizeof(*rp) + ((num_commands + num_events) * sizeof(u16));
290
291 rp = kmalloc(rp_size, GFP_KERNEL);
292 if (!rp)
293 return -ENOMEM;
294
eb55ef07
MH		 295 rp->num_commands = __constant_cpu_to_le16(num_commands);
296 rp->num_events = __constant_cpu_to_le16(num_events);
e70bb2e8
JH		 297
298 for (i = 0, opcode = rp->opcodes; i < num_commands; i++, opcode++)
299 put_unaligned_le16(mgmt_commands[i], opcode);
300
301 for (i = 0; i < num_events; i++, opcode++)
302 put_unaligned_le16(mgmt_events[i], opcode);
303
aee9b218 304 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_COMMANDS, 0, rp,
04124681 305 rp_size);
e70bb2e8
JH		 306 kfree(rp);
307
308 return err;
309}
310
04124681
GP		 311static int read_index_list(struct sock *sk, struct hci_dev *hdev, void *data,
312 u16 data_len)
faba42eb 313{
faba42eb 314 struct mgmt_rp_read_index_list *rp;
8035ded4 315 struct hci_dev *d;
a38528f1 316 size_t rp_len;
faba42eb 317 u16 count;
476e44cb 318 int err;
faba42eb
JH		 319
320 BT_DBG("sock %p", sk);
321
322 read_lock(&hci_dev_list_lock);
323
324 count = 0;
bb4b2a9a 325 list_for_each_entry(d, &hci_dev_list, list) {
1514b892
MH		 326 if (d->dev_type == HCI_BREDR)
327 count++;
faba42eb
JH		 328 }
329
a38528f1
JH		 330 rp_len = sizeof(*rp) + (2 * count);
331 rp = kmalloc(rp_len, GFP_ATOMIC);
332 if (!rp) {
b2c60d42 333 read_unlock(&hci_dev_list_lock);
faba42eb 334 return -ENOMEM;
b2c60d42 335 }
faba42eb 336
476e44cb 337 count = 0;
8035ded4 338 list_for_each_entry(d, &hci_dev_list, list) {
a8b2d5c2 339 if (test_bit(HCI_SETUP, &d->dev_flags))
ab81cbf9
JH		 340 continue;
341
0736cfa8
MH		 342 if (test_bit(HCI_USER_CHANNEL, &d->dev_flags))
343 continue;
344
1514b892
MH		 345 if (d->dev_type == HCI_BREDR) {
346 rp->index[count++] = cpu_to_le16(d->id);
347 BT_DBG("Added hci%u", d->id);
348 }
faba42eb
JH		 349 }
350
476e44cb
JH		 351 rp->num_controllers = cpu_to_le16(count);
352 rp_len = sizeof(*rp) + (2 * count);
353
faba42eb
JH		 354 read_unlock(&hci_dev_list_lock);
355
aee9b218 356 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_INDEX_LIST, 0, rp,
04124681 357 rp_len);
faba42eb 358
a38528f1
JH		 359 kfree(rp);
360
361 return err;
faba42eb
JH		 362}
363
69ab39ea
JH		 364static u32 get_supported_settings(struct hci_dev *hdev)
365{
366 u32 settings = 0;
367
368 settings |= MGMT_SETTING_POWERED;
69ab39ea 369 settings |= MGMT_SETTING_PAIRABLE;
b1de97d8 370 settings |= MGMT_SETTING_DEBUG_KEYS;
69ab39ea 371
ed3fa31f 372 if (lmp_bredr_capable(hdev)) {
33c525c0 373 settings |= MGMT_SETTING_CONNECTABLE;
1a47aee8
JH		 374 if (hdev->hci_ver >= BLUETOOTH_VER_1_2)
375 settings |= MGMT_SETTING_FAST_CONNECTABLE;
33c525c0 376 settings |= MGMT_SETTING_DISCOVERABLE;
69ab39ea
JH		 377 settings |= MGMT_SETTING_BREDR;
378 settings |= MGMT_SETTING_LINK_SECURITY;
a82974c9
MH		 379
380 if (lmp_ssp_capable(hdev)) {
381 settings |= MGMT_SETTING_SSP;
382 settings |= MGMT_SETTING_HS;
383 }
e98d2ce2 384
5afeac14
MH		 385 if (lmp_sc_capable(hdev) ||
386 test_bit(HCI_FORCE_SC, &hdev->dev_flags))
e98d2ce2 387 settings |= MGMT_SETTING_SECURE_CONN;
848566b3 388 }
d7b7e796 389
eeca6f89 390 if (lmp_le_capable(hdev)) {
9d42820f 391 settings |= MGMT_SETTING_LE;
eeca6f89
JH		 392 settings |= MGMT_SETTING_ADVERTISING;
393 }
69ab39ea
JH		 394
395 return settings;
396}
397
398static u32 get_current_settings(struct hci_dev *hdev)
399{
400 u32 settings = 0;
401
f1f0eb02 402 if (hdev_is_powered(hdev))
f0d4b78a
MH		 403 settings |= MGMT_SETTING_POWERED;
404
5e5282bb 405 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
69ab39ea
JH		 406 settings |= MGMT_SETTING_CONNECTABLE;
407
1a4d3c4b
JH		 408 if (test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags))
409 settings |= MGMT_SETTING_FAST_CONNECTABLE;
410
5e5282bb 411 if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
69ab39ea
JH		 412 settings |= MGMT_SETTING_DISCOVERABLE;
413
a8b2d5c2 414 if (test_bit(HCI_PAIRABLE, &hdev->dev_flags))
69ab39ea
JH		 415 settings |= MGMT_SETTING_PAIRABLE;
416
56f87901 417 if (test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
69ab39ea
JH		 418 settings |= MGMT_SETTING_BREDR;
419
06199cf8 420 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
69ab39ea
JH		 421 settings |= MGMT_SETTING_LE;
422
47990ea0 423 if (test_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
69ab39ea
JH		 424 settings |= MGMT_SETTING_LINK_SECURITY;
425
84bde9d6 426 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
69ab39ea
JH		 427 settings |= MGMT_SETTING_SSP;
428
6d80dfd0
JH		 429 if (test_bit(HCI_HS_ENABLED, &hdev->dev_flags))
430 settings |= MGMT_SETTING_HS;
431
f3d3444a 432 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags))
eeca6f89
JH		 433 settings |= MGMT_SETTING_ADVERTISING;
434
e98d2ce2
MH		 435 if (test_bit(HCI_SC_ENABLED, &hdev->dev_flags))
436 settings |= MGMT_SETTING_SECURE_CONN;
437
b1de97d8
MH		 438 if (test_bit(HCI_DEBUG_KEYS, &hdev->dev_flags))
439 settings |= MGMT_SETTING_DEBUG_KEYS;
440
69ab39ea
JH		 441 return settings;
442}
443
ef580372
JH		 444#define PNP_INFO_SVCLASS_ID 0x1200
445
213202ed
JH		 446static u8 *create_uuid16_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
447{
448 u8 *ptr = data, *uuids_start = NULL;
449 struct bt_uuid *uuid;
450
451 if (len < 4)
452 return ptr;
453
454 list_for_each_entry(uuid, &hdev->uuids, list) {
455 u16 uuid16;
456
457 if (uuid->size != 16)
458 continue;
459
460 uuid16 = get_unaligned_le16(&uuid->uuid[12]);
461 if (uuid16 < 0x1100)
462 continue;
463
464 if (uuid16 == PNP_INFO_SVCLASS_ID)
465 continue;
466
467 if (!uuids_start) {
468 uuids_start = ptr;
469 uuids_start[0] = 1;
470 uuids_start[1] = EIR_UUID16_ALL;
471 ptr += 2;
472 }
473
474 /* Stop if not enough space to put next UUID */
475 if ((ptr - data) + sizeof(u16) > len) {
476 uuids_start[1] = EIR_UUID16_SOME;
477 break;
478 }
479
480 *ptr++ = (uuid16 & 0x00ff);
481 *ptr++ = (uuid16 & 0xff00) >> 8;
482 uuids_start[0] += sizeof(uuid16);
483 }
484
485 return ptr;
486}
487
cdf1963f
JH		 488static u8 *create_uuid32_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
489{
490 u8 *ptr = data, *uuids_start = NULL;
491 struct bt_uuid *uuid;
492
493 if (len < 6)
494 return ptr;
495
496 list_for_each_entry(uuid, &hdev->uuids, list) {
497 if (uuid->size != 32)
498 continue;
499
500 if (!uuids_start) {
501 uuids_start = ptr;
502 uuids_start[0] = 1;
503 uuids_start[1] = EIR_UUID32_ALL;
504 ptr += 2;
505 }
506
507 /* Stop if not enough space to put next UUID */
508 if ((ptr - data) + sizeof(u32) > len) {
509 uuids_start[1] = EIR_UUID32_SOME;
510 break;
511 }
512
513 memcpy(ptr, &uuid->uuid[12], sizeof(u32));
514 ptr += sizeof(u32);
515 uuids_start[0] += sizeof(u32);
516 }
517
518 return ptr;
519}
520
c00d575b
JH		 521static u8 *create_uuid128_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
522{
523 u8 *ptr = data, *uuids_start = NULL;
524 struct bt_uuid *uuid;
525
526 if (len < 18)
527 return ptr;
528
529 list_for_each_entry(uuid, &hdev->uuids, list) {
530 if (uuid->size != 128)
531 continue;
532
533 if (!uuids_start) {
534 uuids_start = ptr;
535 uuids_start[0] = 1;
536 uuids_start[1] = EIR_UUID128_ALL;
537 ptr += 2;
538 }
539
540 /* Stop if not enough space to put next UUID */
541 if ((ptr - data) + 16 > len) {
542 uuids_start[1] = EIR_UUID128_SOME;
543 break;
544 }
545
546 memcpy(ptr, uuid->uuid, 16);
547 ptr += 16;
548 uuids_start[0] += 16;
549 }
550
551 return ptr;
552}
553
eb2a8d20
JH		 554static struct pending_cmd *mgmt_pending_find(u16 opcode, struct hci_dev *hdev)
555{
556 struct pending_cmd *cmd;
557
558 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
559 if (cmd->opcode == opcode)
560 return cmd;
561 }
562
563 return NULL;
564}
565
f14d8f64
MH		 566static u8 create_scan_rsp_data(struct hci_dev *hdev, u8 *ptr)
567{
7a5f4990
MH		 568 u8 ad_len = 0;
569 size_t name_len;
570
571 name_len = strlen(hdev->dev_name);
572 if (name_len > 0) {
573 size_t max_len = HCI_MAX_AD_LENGTH - ad_len - 2;
574
575 if (name_len > max_len) {
576 name_len = max_len;
577 ptr[1] = EIR_NAME_SHORT;
578 } else
579 ptr[1] = EIR_NAME_COMPLETE;
580
581 ptr[0] = name_len + 1;
582
583 memcpy(ptr + 2, hdev->dev_name, name_len);
584
585 ad_len += (name_len + 2);
586 ptr += (name_len + 2);
587 }
588
589 return ad_len;
f14d8f64
MH		 590}
591
592static void update_scan_rsp_data(struct hci_request *req)
593{
594 struct hci_dev *hdev = req->hdev;
595 struct hci_cp_le_set_scan_rsp_data cp;
596 u8 len;
597
7751ef1b 598 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
f14d8f64
MH		 599 return;
600
601 memset(&cp, 0, sizeof(cp));
602
603 len = create_scan_rsp_data(hdev, cp.data);
604
eb438b5f
JH		 605 if (hdev->scan_rsp_data_len == len &&
606 memcmp(cp.data, hdev->scan_rsp_data, len) == 0)
f14d8f64
MH		 607 return;
608
eb438b5f
JH		 609 memcpy(hdev->scan_rsp_data, cp.data, sizeof(cp.data));
610 hdev->scan_rsp_data_len = len;
f14d8f64
MH		 611
612 cp.length = len;
613
614 hci_req_add(req, HCI_OP_LE_SET_SCAN_RSP_DATA, sizeof(cp), &cp);
615}
616
9a43e25f
JH		 617static u8 get_adv_discov_flags(struct hci_dev *hdev)
618{
619 struct pending_cmd *cmd;
620
621 /* If there's a pending mgmt command the flags will not yet have
622 * their final values, so check for this first.
623 */
624 cmd = mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev);
625 if (cmd) {
626 struct mgmt_mode *cp = cmd->param;
627 if (cp->val == 0x01)
628 return LE_AD_GENERAL;
629 else if (cp->val == 0x02)
630 return LE_AD_LIMITED;
631 } else {
632 if (test_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags))
633 return LE_AD_LIMITED;
634 else if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
635 return LE_AD_GENERAL;
636 }
637
638 return 0;
639}
640
46cad2ed 641static u8 create_adv_data(struct hci_dev *hdev, u8 *ptr)
441ad2d0
MH		 642{
643 u8 ad_len = 0, flags = 0;
441ad2d0 644
9a43e25f 645 flags |= get_adv_discov_flags(hdev);
441ad2d0 646
e834004b 647 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
441ad2d0 648 flags |= LE_AD_NO_BREDR;
441ad2d0
MH		 649
650 if (flags) {
651 BT_DBG("adv flags 0x%02x", flags);
652
653 ptr[0] = 2;
654 ptr[1] = EIR_FLAGS;
655 ptr[2] = flags;
656
657 ad_len += 3;
658 ptr += 3;
659 }
660
661 if (hdev->adv_tx_power != HCI_TX_POWER_INVALID) {
662 ptr[0] = 2;
663 ptr[1] = EIR_TX_POWER;
664 ptr[2] = (u8) hdev->adv_tx_power;
665
666 ad_len += 3;
667 ptr += 3;
668 }
669
441ad2d0
MH		 670 return ad_len;
671}
672
5947f4bc 673static void update_adv_data(struct hci_request *req)
441ad2d0
MH		 674{
675 struct hci_dev *hdev = req->hdev;
676 struct hci_cp_le_set_adv_data cp;
677 u8 len;
678
10994ce6 679 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
441ad2d0
MH		 680 return;
681
682 memset(&cp, 0, sizeof(cp));
683
46cad2ed 684 len = create_adv_data(hdev, cp.data);
441ad2d0
MH		 685
686 if (hdev->adv_data_len == len &&
687 memcmp(cp.data, hdev->adv_data, len) == 0)
688 return;
689
690 memcpy(hdev->adv_data, cp.data, sizeof(cp.data));
691 hdev->adv_data_len = len;
692
693 cp.length = len;
694
695 hci_req_add(req, HCI_OP_LE_SET_ADV_DATA, sizeof(cp), &cp);
696}
697
ef580372
JH		 698static void create_eir(struct hci_dev *hdev, u8 *data)
699{
700 u8 *ptr = data;
ef580372
JH		 701 size_t name_len;
702
703 name_len = strlen(hdev->dev_name);
704
705 if (name_len > 0) {
706 /* EIR Data type */
707 if (name_len > 48) {
708 name_len = 48;
709 ptr[1] = EIR_NAME_SHORT;
710 } else
711 ptr[1] = EIR_NAME_COMPLETE;
712
713 /* EIR Data length */
714 ptr[0] = name_len + 1;
715
716 memcpy(ptr + 2, hdev->dev_name, name_len);
717
ef580372
JH		 718 ptr += (name_len + 2);
719 }
720
bbaf444a 721 if (hdev->inq_tx_power != HCI_TX_POWER_INVALID) {
91c4e9b1
MH		 722 ptr[0] = 2;
723 ptr[1] = EIR_TX_POWER;
724 ptr[2] = (u8) hdev->inq_tx_power;
725
91c4e9b1
MH		 726 ptr += 3;
727 }
728
2b9be137
MH		 729 if (hdev->devid_source > 0) {
730 ptr[0] = 9;
731 ptr[1] = EIR_DEVICE_ID;
732
733 put_unaligned_le16(hdev->devid_source, ptr + 2);
734 put_unaligned_le16(hdev->devid_vendor, ptr + 4);
735 put_unaligned_le16(hdev->devid_product, ptr + 6);
736 put_unaligned_le16(hdev->devid_version, ptr + 8);
737
2b9be137
MH		 738 ptr += 10;
739 }
740
213202ed 741 ptr = create_uuid16_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
cdf1963f 742 ptr = create_uuid32_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
c00d575b 743 ptr = create_uuid128_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
ef580372
JH		 744}
745
890ea898 746static void update_eir(struct hci_request *req)
ef580372 747{
890ea898 748 struct hci_dev *hdev = req->hdev;
ef580372
JH		 749 struct hci_cp_write_eir cp;
750
504c8dcd 751 if (!hdev_is_powered(hdev))
890ea898 752 return;
7770c4aa 753
976eb20e 754 if (!lmp_ext_inq_capable(hdev))
890ea898 755 return;
ef580372 756
84bde9d6 757 if (!test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
890ea898 758 return;
ef580372 759
a8b2d5c2 760 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
890ea898 761 return;
ef580372
JH		 762
763 memset(&cp, 0, sizeof(cp));
764
765 create_eir(hdev, cp.data);
766
767 if (memcmp(cp.data, hdev->eir, sizeof(cp.data)) == 0)
890ea898 768 return;
ef580372
JH		 769
770 memcpy(hdev->eir, cp.data, sizeof(cp.data));
771
890ea898 772 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
ef580372
JH		 773}
774
775static u8 get_service_classes(struct hci_dev *hdev)
776{
777 struct bt_uuid *uuid;
778 u8 val = 0;
779
780 list_for_each_entry(uuid, &hdev->uuids, list)
781 val |= uuid->svc_hint;
782
783 return val;
784}
785
890ea898 786static void update_class(struct hci_request *req)
ef580372 787{
890ea898 788 struct hci_dev *hdev = req->hdev;
ef580372
JH		 789 u8 cod[3];
790
791 BT_DBG("%s", hdev->name);
792
504c8dcd 793 if (!hdev_is_powered(hdev))
890ea898 794 return;
7770c4aa 795
f87ea1da
JH		 796 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
797 return;
798
a8b2d5c2 799 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
890ea898 800 return;
ef580372
JH		 801
802 cod[0] = hdev->minor_class;
803 cod[1] = hdev->major_class;
804 cod[2] = get_service_classes(hdev);
805
6acd7db4
MH		 806 if (test_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags))
807 cod[1] |= 0x20;
808
ef580372 809 if (memcmp(cod, hdev->dev_class, 3) == 0)
890ea898 810 return;
ef580372 811
890ea898 812 hci_req_add(req, HCI_OP_WRITE_CLASS_OF_DEV, sizeof(cod), cod);
ef580372
JH		 813}
814
199a2fb1
JH		 815static u8 get_adv_type(struct hci_dev *hdev)
816{
817 struct pending_cmd *cmd;
818 bool connectable;
819
820 /* If there's a pending mgmt command the flag will not yet have
821 * it's final value, so check for this first.
822 */
823 cmd = mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
824 if (cmd) {
825 struct mgmt_mode *cp = cmd->param;
826 connectable = !!cp->val;
827 } else {
828 connectable = test_bit(HCI_CONNECTABLE, &hdev->dev_flags);
829 }
830
831 return connectable ? LE_ADV_IND : LE_ADV_NONCONN_IND;
832}
833
834static void enable_advertising(struct hci_request *req)
835{
836 struct hci_dev *hdev = req->hdev;
837 struct hci_cp_le_set_adv_param cp;
838 u8 enable = 0x01;
839
840 memset(&cp, 0, sizeof(cp));
841 cp.min_interval = __constant_cpu_to_le16(0x0800);
842 cp.max_interval = __constant_cpu_to_le16(0x0800);
843 cp.type = get_adv_type(hdev);
844 cp.own_address_type = hdev->own_addr_type;
845 cp.channel_map = hdev->le_adv_channel_map;
846
847 hci_req_add(req, HCI_OP_LE_SET_ADV_PARAM, sizeof(cp), &cp);
848
849 hci_req_add(req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable), &enable);
850}
851
852static void disable_advertising(struct hci_request *req)
853{
854 u8 enable = 0x00;
855
856 hci_req_add(req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable), &enable);
857}
858
7d78525d
JH		 859static void service_cache_off(struct work_struct *work)
860{
861 struct hci_dev *hdev = container_of(work, struct hci_dev,
04124681 862 service_cache.work);
890ea898 863 struct hci_request req;
7d78525d 864
a8b2d5c2 865 if (!test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
7d78525d
JH		 866 return;
867
890ea898
JH		 868 hci_req_init(&req, hdev);
869
7d78525d
JH		 870 hci_dev_lock(hdev);
871
890ea898
JH		 872 update_eir(&req);
873 update_class(&req);
7d78525d
JH		 874
875 hci_dev_unlock(hdev);
890ea898
JH		 876
877 hci_req_run(&req, NULL);
7d78525d
JH		 878}
879
6a919082 880static void mgmt_init_hdev(struct sock *sk, struct hci_dev *hdev)
7d78525d 881{
4f87da80 882 if (test_and_set_bit(HCI_MGMT, &hdev->dev_flags))
6a919082
JH		 883 return;
884
4f87da80 885 INIT_DELAYED_WORK(&hdev->service_cache, service_cache_off);
7d78525d 886
4f87da80
JH		 887 /* Non-mgmt controlled devices get this bit set
888 * implicitly so that pairing works for them, however
889 * for mgmt we require user-space to explicitly enable
890 * it
891 */
892 clear_bit(HCI_PAIRABLE, &hdev->dev_flags);
7d78525d
JH		 893}
894
0f4e68cf 895static int read_controller_info(struct sock *sk, struct hci_dev *hdev,
04124681 896 void *data, u16 data_len)
0381101f 897{
a38528f1 898 struct mgmt_rp_read_info rp;
f7b64e69 899
bdb6d971 900 BT_DBG("sock %p %s", sk, hdev->name);
f7b64e69 901
09fd0de5 902 hci_dev_lock(hdev);
f7b64e69 903
dc4fe30b
JH		 904 memset(&rp, 0, sizeof(rp));
905
69ab39ea 906 bacpy(&rp.bdaddr, &hdev->bdaddr);
f7b64e69 907
69ab39ea 908 rp.version = hdev->hci_ver;
eb55ef07 909 rp.manufacturer = cpu_to_le16(hdev->manufacturer);
69ab39ea
JH		 910
911 rp.supported_settings = cpu_to_le32(get_supported_settings(hdev));
912 rp.current_settings = cpu_to_le32(get_current_settings(hdev));
f7b64e69 913
a38528f1 914 memcpy(rp.dev_class, hdev->dev_class, 3);
f7b64e69 915
dc4fe30b 916 memcpy(rp.name, hdev->dev_name, sizeof(hdev->dev_name));
27fcc362 917 memcpy(rp.short_name, hdev->short_name, sizeof(hdev->short_name));
dc4fe30b 918
09fd0de5 919 hci_dev_unlock(hdev);
0381101f 920
bdb6d971 921 return cmd_complete(sk, hdev->id, MGMT_OP_READ_INFO, 0, &rp,
04124681 922 sizeof(rp));
0381101f
JH		 923}
924
eec8d2bc
JH		 925static void mgmt_pending_free(struct pending_cmd *cmd)
926{
927 sock_put(cmd->sk);
c68fb7ff 928 kfree(cmd->param);
eec8d2bc
JH		 929 kfree(cmd);
930}
931
366a0336 932static struct pending_cmd *mgmt_pending_add(struct sock *sk, u16 opcode,
04124681
GP		 933 struct hci_dev *hdev, void *data,
934 u16 len)
eec8d2bc
JH		 935{
936 struct pending_cmd *cmd;
937
12b94565 938 cmd = kmalloc(sizeof(*cmd), GFP_KERNEL);
eec8d2bc 939 if (!cmd)
366a0336 940 return NULL;
eec8d2bc
JH		 941
942 cmd->opcode = opcode;
2e58ef3e 943 cmd->index = hdev->id;
eec8d2bc 944
12b94565 945 cmd->param = kmalloc(len, GFP_KERNEL);
c68fb7ff 946 if (!cmd->param) {
eec8d2bc 947 kfree(cmd);
366a0336 948 return NULL;
eec8d2bc
JH		 949 }
950
8fce6357
SJ		 951 if (data)
952 memcpy(cmd->param, data, len);
eec8d2bc
JH		 953
954 cmd->sk = sk;
955 sock_hold(sk);
956
2e58ef3e 957 list_add(&cmd->list, &hdev->mgmt_pending);
eec8d2bc 958
366a0336 959 return cmd;
eec8d2bc
JH		 960}
961
744cf19e 962static void mgmt_pending_foreach(u16 opcode, struct hci_dev *hdev,
8fc9ced3
GP		 963 void (*cb)(struct pending_cmd *cmd,
964 void *data),
04124681 965 void *data)
eec8d2bc 966{
a3d09356 967 struct pending_cmd *cmd, *tmp;
eec8d2bc 968
a3d09356 969 list_for_each_entry_safe(cmd, tmp, &hdev->mgmt_pending, list) {
b24752fe 970 if (opcode > 0 && cmd->opcode != opcode)
eec8d2bc
JH		 971 continue;
972
eec8d2bc
JH		 973 cb(cmd, data);
974 }
975}
976
a664b5bc 977static void mgmt_pending_remove(struct pending_cmd *cmd)
73f22f62 978{
73f22f62
JH		 979 list_del(&cmd->list);
980 mgmt_pending_free(cmd);
981}
982
69ab39ea 983static int send_settings_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
8680570b 984{
69ab39ea 985 __le32 settings = cpu_to_le32(get_current_settings(hdev));
8680570b 986
aee9b218 987 return cmd_complete(sk, hdev->id, opcode, 0, &settings,
04124681 988 sizeof(settings));
8680570b
JH		 989}
990
bdb6d971 991static int set_powered(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 992 u16 len)
eec8d2bc 993{
650f726d 994 struct mgmt_mode *cp = data;
366a0336 995 struct pending_cmd *cmd;
4b34ee78 996 int err;
eec8d2bc 997
bdb6d971 998 BT_DBG("request for %s", hdev->name);
eec8d2bc 999
a7e80f25
JH		 1000 if (cp->val != 0x00 && cp->val != 0x01)
1001 return cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
1002 MGMT_STATUS_INVALID_PARAMS);
1003
09fd0de5 1004 hci_dev_lock(hdev);
eec8d2bc 1005
87b95ba6
JH		 1006 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev)) {
1007 err = cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
1008 MGMT_STATUS_BUSY);
1009 goto failed;
1010 }
1011
f0d4b78a
MH		 1012 if (test_and_clear_bit(HCI_AUTO_OFF, &hdev->dev_flags)) {
1013 cancel_delayed_work(&hdev->power_off);
1014
1015 if (cp->val) {
a1d70450
JH		 1016 mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev,
1017 data, len);
1018 err = mgmt_powered(hdev, 1);
f0d4b78a
MH		 1019 goto failed;
1020 }
1021 }
1022
4b34ee78 1023 if (!!cp->val == hdev_is_powered(hdev)) {
69ab39ea 1024 err = send_settings_rsp(sk, MGMT_OP_SET_POWERED, hdev);
eec8d2bc
JH		 1025 goto failed;
1026 }
1027
2e58ef3e 1028 cmd = mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev, data, len);
366a0336
JH		 1029 if (!cmd) {
1030 err = -ENOMEM;
eec8d2bc 1031 goto failed;
366a0336 1032 }
eec8d2bc 1033
72a734ec 1034 if (cp->val)
19202573 1035 queue_work(hdev->req_workqueue, &hdev->power_on);
eec8d2bc 1036 else
19202573 1037 queue_work(hdev->req_workqueue, &hdev->power_off.work);
eec8d2bc 1038
366a0336 1039 err = 0;
eec8d2bc
JH		 1040
1041failed:
09fd0de5 1042 hci_dev_unlock(hdev);
366a0336 1043 return err;
eec8d2bc
JH		 1044}
1045
04124681
GP		 1046static int mgmt_event(u16 event, struct hci_dev *hdev, void *data, u16 data_len,
1047 struct sock *skip_sk)
beadb2bd
JH		 1048{
1049 struct sk_buff *skb;
1050 struct mgmt_hdr *hdr;
1051
790eff44 1052 skb = alloc_skb(sizeof(*hdr) + data_len, GFP_KERNEL);
beadb2bd
JH		 1053 if (!skb)
1054 return -ENOMEM;
1055
1056 hdr = (void *) skb_put(skb, sizeof(*hdr));
1057 hdr->opcode = cpu_to_le16(event);
1058 if (hdev)
1059 hdr->index = cpu_to_le16(hdev->id);
1060 else
612dfce9 1061 hdr->index = __constant_cpu_to_le16(MGMT_INDEX_NONE);
beadb2bd
JH		 1062 hdr->len = cpu_to_le16(data_len);
1063
1064 if (data)
1065 memcpy(skb_put(skb, data_len), data, data_len);
1066
97e0bdeb
MH		 1067 /* Time stamp */
1068 __net_timestamp(skb);
1069
beadb2bd
JH		 1070 hci_send_to_control(skb, skip_sk);
1071 kfree_skb(skb);
1072
1073 return 0;
1074}
1075
1076static int new_settings(struct hci_dev *hdev, struct sock *skip)
1077{
1078 __le32 ev;
1079
1080 ev = cpu_to_le32(get_current_settings(hdev));
1081
1082 return mgmt_event(MGMT_EV_NEW_SETTINGS, hdev, &ev, sizeof(ev), skip);
1083}
1084
bd99abdd
JH		 1085struct cmd_lookup {
1086 struct sock *sk;
1087 struct hci_dev *hdev;
1088 u8 mgmt_status;
1089};
1090
1091static void settings_rsp(struct pending_cmd *cmd, void *data)
1092{
1093 struct cmd_lookup *match = data;
1094
1095 send_settings_rsp(cmd->sk, cmd->opcode, match->hdev);
1096
1097 list_del(&cmd->list);
1098
1099 if (match->sk == NULL) {
1100 match->sk = cmd->sk;
1101 sock_hold(match->sk);
1102 }
1103
1104 mgmt_pending_free(cmd);
1105}
1106
1107static void cmd_status_rsp(struct pending_cmd *cmd, void *data)
1108{
1109 u8 *status = data;
1110
1111 cmd_status(cmd->sk, cmd->index, cmd->opcode, *status);
1112 mgmt_pending_remove(cmd);
1113}
1114
e6fe7986
JH		 1115static u8 mgmt_bredr_support(struct hci_dev *hdev)
1116{
1117 if (!lmp_bredr_capable(hdev))
1118 return MGMT_STATUS_NOT_SUPPORTED;
1119 else if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
1120 return MGMT_STATUS_REJECTED;
1121 else
1122 return MGMT_STATUS_SUCCESS;
1123}
1124
1125static u8 mgmt_le_support(struct hci_dev *hdev)
1126{
1127 if (!lmp_le_capable(hdev))
1128 return MGMT_STATUS_NOT_SUPPORTED;
1129 else if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
1130 return MGMT_STATUS_REJECTED;
1131 else
1132 return MGMT_STATUS_SUCCESS;
1133}
1134
bfaf8c9f
JH		 1135static void set_discoverable_complete(struct hci_dev *hdev, u8 status)
1136{
1137 struct pending_cmd *cmd;
1138 struct mgmt_mode *cp;
970ba524 1139 struct hci_request req;
bfaf8c9f
JH		 1140 bool changed;
1141
1142 BT_DBG("status 0x%02x", status);
1143
1144 hci_dev_lock(hdev);
1145
1146 cmd = mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev);
1147 if (!cmd)
1148 goto unlock;
1149
1150 if (status) {
1151 u8 mgmt_err = mgmt_status(status);
1152 cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
310a3d48 1153 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
bfaf8c9f
JH		 1154 goto remove_cmd;
1155 }
1156
1157 cp = cmd->param;
d4462a07 1158 if (cp->val) {
bfaf8c9f
JH		 1159 changed = !test_and_set_bit(HCI_DISCOVERABLE,
1160 &hdev->dev_flags);
d4462a07
MH		 1161
1162 if (hdev->discov_timeout > 0) {
1163 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
1164 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
1165 to);
1166 }
1167 } else {
bfaf8c9f
JH		 1168 changed = test_and_clear_bit(HCI_DISCOVERABLE,
1169 &hdev->dev_flags);
d4462a07 1170 }
bfaf8c9f
JH		 1171
1172 send_settings_rsp(cmd->sk, MGMT_OP_SET_DISCOVERABLE, hdev);
1173
1174 if (changed)
1175 new_settings(hdev, cmd->sk);
1176
970ba524
MH		 1177 /* When the discoverable mode gets changed, make sure
1178 * that class of device has the limited discoverable
1179 * bit correctly set.
1180 */
1181 hci_req_init(&req, hdev);
1182 update_class(&req);
1183 hci_req_run(&req, NULL);
1184
bfaf8c9f
JH		 1185remove_cmd:
1186 mgmt_pending_remove(cmd);
1187
1188unlock:
1189 hci_dev_unlock(hdev);
1190}
1191
bdb6d971 1192static int set_discoverable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1193 u16 len)
73f22f62 1194{
650f726d 1195 struct mgmt_cp_set_discoverable *cp = data;
366a0336 1196 struct pending_cmd *cmd;
bfaf8c9f 1197 struct hci_request req;
5e5282bb 1198 u16 timeout;
9a43e25f 1199 u8 scan;
73f22f62
JH		 1200 int err;
1201
bdb6d971 1202 BT_DBG("request for %s", hdev->name);
73f22f62 1203
9a43e25f
JH		 1204 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags) &&
1205 !test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
33c525c0 1206 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
9a43e25f 1207 MGMT_STATUS_REJECTED);
33c525c0 1208
310a3d48 1209 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
a7e80f25
JH		 1210 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1211 MGMT_STATUS_INVALID_PARAMS);
1212
1f350c87 1213 timeout = __le16_to_cpu(cp->timeout);
310a3d48
MH		 1214
1215 /* Disabling discoverable requires that no timeout is set,
1216 * and enabling limited discoverable requires a timeout.
1217 */
1218 if ((cp->val == 0x00 && timeout > 0) ||
1219 (cp->val == 0x02 && timeout == 0))
bdb6d971 1220 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 1221 MGMT_STATUS_INVALID_PARAMS);
73f22f62 1222
09fd0de5 1223 hci_dev_lock(hdev);
73f22f62 1224
5e5282bb 1225 if (!hdev_is_powered(hdev) && timeout > 0) {
bdb6d971 1226 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 1227 MGMT_STATUS_NOT_POWERED);
73f22f62
JH		 1228 goto failed;
1229 }
1230
2e58ef3e 1231 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
8ce8e2b5 1232 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
bdb6d971 1233 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 1234 MGMT_STATUS_BUSY);
73f22f62
JH		 1235 goto failed;
1236 }
1237
5e5282bb 1238 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags)) {
bdb6d971 1239 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 1240 MGMT_STATUS_REJECTED);
5e5282bb
JH		 1241 goto failed;
1242 }
1243
1244 if (!hdev_is_powered(hdev)) {
0224d2fa
JH		 1245 bool changed = false;
1246
310a3d48
MH		 1247 /* Setting limited discoverable when powered off is
1248 * not a valid operation since it requires a timeout
1249 * and so no need to check HCI_LIMITED_DISCOVERABLE.
1250 */
0224d2fa
JH		 1251 if (!!cp->val != test_bit(HCI_DISCOVERABLE, &hdev->dev_flags)) {
1252 change_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
1253 changed = true;
1254 }
1255
5e5282bb 1256 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
0224d2fa
JH		 1257 if (err < 0)
1258 goto failed;
1259
1260 if (changed)
1261 err = new_settings(hdev, sk);
1262
5e5282bb
JH		 1263 goto failed;
1264 }
1265
310a3d48
MH		 1266 /* If the current mode is the same, then just update the timeout
1267 * value with the new value. And if only the timeout gets updated,
1268 * then no need for any HCI transactions.
1269 */
1270 if (!!cp->val == test_bit(HCI_DISCOVERABLE, &hdev->dev_flags) &&
1271 (cp->val == 0x02) == test_bit(HCI_LIMITED_DISCOVERABLE,
1272 &hdev->dev_flags)) {
36261547
MH		 1273 cancel_delayed_work(&hdev->discov_off);
1274 hdev->discov_timeout = timeout;
955638ec 1275
36261547
MH		 1276 if (cp->val && hdev->discov_timeout > 0) {
1277 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
955638ec 1278 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
36261547 1279 to);
955638ec
MH		 1280 }
1281
69ab39ea 1282 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
73f22f62
JH		 1283 goto failed;
1284 }
1285
2e58ef3e 1286 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DISCOVERABLE, hdev, data, len);
366a0336
JH		 1287 if (!cmd) {
1288 err = -ENOMEM;
73f22f62 1289 goto failed;
366a0336 1290 }
73f22f62 1291
310a3d48
MH		 1292 /* Cancel any potential discoverable timeout that might be
1293 * still active and store new timeout value. The arming of
1294 * the timeout happens in the complete handler.
1295 */
1296 cancel_delayed_work(&hdev->discov_off);
1297 hdev->discov_timeout = timeout;
1298
b456f87c
JH		 1299 /* Limited discoverable mode */
1300 if (cp->val == 0x02)
1301 set_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
1302 else
1303 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
1304
bfaf8c9f
JH		 1305 hci_req_init(&req, hdev);
1306
9a43e25f
JH		 1307 /* The procedure for LE-only controllers is much simpler - just
1308 * update the advertising data.
1309 */
1310 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
1311 goto update_ad;
1312
73f22f62
JH		 1313 scan = SCAN_PAGE;
1314
310a3d48
MH		 1315 if (cp->val) {
1316 struct hci_cp_write_current_iac_lap hci_cp;
1317
1318 if (cp->val == 0x02) {
1319 /* Limited discoverable mode */
33337dcb 1320 hci_cp.num_iac = min_t(u8, hdev->num_iac, 2);
310a3d48
MH		 1321 hci_cp.iac_lap[0] = 0x00; /* LIAC */
1322 hci_cp.iac_lap[1] = 0x8b;
1323 hci_cp.iac_lap[2] = 0x9e;
1324 hci_cp.iac_lap[3] = 0x33; /* GIAC */
1325 hci_cp.iac_lap[4] = 0x8b;
1326 hci_cp.iac_lap[5] = 0x9e;
1327 } else {
1328 /* General discoverable mode */
310a3d48
MH		 1329 hci_cp.num_iac = 1;
1330 hci_cp.iac_lap[0] = 0x33; /* GIAC */
1331 hci_cp.iac_lap[1] = 0x8b;
1332 hci_cp.iac_lap[2] = 0x9e;
1333 }
1334
1335 hci_req_add(&req, HCI_OP_WRITE_CURRENT_IAC_LAP,
1336 (hci_cp.num_iac * 3) + 1, &hci_cp);
1337
73f22f62 1338 scan |= SCAN_INQUIRY;
310a3d48
MH		 1339 } else {
1340 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
1341 }
73f22f62 1342
310a3d48 1343 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, sizeof(scan), &scan);
bfaf8c9f 1344
9a43e25f
JH		 1345update_ad:
1346 update_adv_data(&req);
1347
bfaf8c9f 1348 err = hci_req_run(&req, set_discoverable_complete);
73f22f62 1349 if (err < 0)
a664b5bc 1350 mgmt_pending_remove(cmd);
73f22f62
JH		 1351
1352failed:
09fd0de5 1353 hci_dev_unlock(hdev);
73f22f62
JH		 1354 return err;
1355}
1356
406d7804
JH		 1357static void write_fast_connectable(struct hci_request *req, bool enable)
1358{
bd98b996 1359 struct hci_dev *hdev = req->hdev;
406d7804
JH		 1360 struct hci_cp_write_page_scan_activity acp;
1361 u8 type;
1362
547003b1
JH		 1363 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
1364 return;
1365
4c01f8b8
JH		 1366 if (hdev->hci_ver < BLUETOOTH_VER_1_2)
1367 return;
1368
406d7804
JH		 1369 if (enable) {
1370 type = PAGE_SCAN_TYPE_INTERLACED;
1371
1372 /* 160 msec page scan interval */
1373 acp.interval = __constant_cpu_to_le16(0x0100);
1374 } else {
1375 type = PAGE_SCAN_TYPE_STANDARD; /* default */
1376
1377 /* default 1.28 sec page scan */
1378 acp.interval = __constant_cpu_to_le16(0x0800);
1379 }
1380
1381 acp.window = __constant_cpu_to_le16(0x0012);
1382
bd98b996
JH		 1383 if (__cpu_to_le16(hdev->page_scan_interval) != acp.interval ||
1384 __cpu_to_le16(hdev->page_scan_window) != acp.window)
1385 hci_req_add(req, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY,
1386 sizeof(acp), &acp);
1387
1388 if (hdev->page_scan_type != type)
1389 hci_req_add(req, HCI_OP_WRITE_PAGE_SCAN_TYPE, 1, &type);
406d7804
JH		 1390}
1391
2b76f453
JH		 1392static void set_connectable_complete(struct hci_dev *hdev, u8 status)
1393{
1394 struct pending_cmd *cmd;
d7b856f9
JH		 1395 struct mgmt_mode *cp;
1396 bool changed;
2b76f453
JH		 1397
1398 BT_DBG("status 0x%02x", status);
1399
1400 hci_dev_lock(hdev);
1401
1402 cmd = mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
1403 if (!cmd)
1404 goto unlock;
1405
37438c1f
JH		 1406 if (status) {
1407 u8 mgmt_err = mgmt_status(status);
1408 cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
1409 goto remove_cmd;
1410 }
1411
d7b856f9
JH		 1412 cp = cmd->param;
1413 if (cp->val)
1414 changed = !test_and_set_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1415 else
1416 changed = test_and_clear_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1417
2b76f453
JH		 1418 send_settings_rsp(cmd->sk, MGMT_OP_SET_CONNECTABLE, hdev);
1419
d7b856f9
JH		 1420 if (changed)
1421 new_settings(hdev, cmd->sk);
1422
37438c1f 1423remove_cmd:
2b76f453
JH		 1424 mgmt_pending_remove(cmd);
1425
1426unlock:
1427 hci_dev_unlock(hdev);
1428}
1429
e8ba3a1f
JH		 1430static int set_connectable_update_settings(struct hci_dev *hdev,
1431 struct sock *sk, u8 val)
1432{
1433 bool changed = false;
1434 int err;
1435
1436 if (!!val != test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
1437 changed = true;
1438
1439 if (val) {
1440 set_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1441 } else {
1442 clear_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1443 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
1444 }
1445
1446 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
1447 if (err < 0)
1448 return err;
1449
1450 if (changed)
1451 return new_settings(hdev, sk);
1452
1453 return 0;
1454}
1455
bdb6d971 1456static int set_connectable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1457 u16 len)
9fbcbb45 1458{
650f726d 1459 struct mgmt_mode *cp = data;
366a0336 1460 struct pending_cmd *cmd;
2b76f453 1461 struct hci_request req;
1987fdc7 1462 u8 scan;
9fbcbb45
JH		 1463 int err;
1464
bdb6d971 1465 BT_DBG("request for %s", hdev->name);
9fbcbb45 1466
1987fdc7
JH		 1467 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags) &&
1468 !test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
33c525c0 1469 return cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1987fdc7 1470 MGMT_STATUS_REJECTED);
33c525c0 1471
a7e80f25
JH		 1472 if (cp->val != 0x00 && cp->val != 0x01)
1473 return cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1474 MGMT_STATUS_INVALID_PARAMS);
1475
09fd0de5 1476 hci_dev_lock(hdev);
9fbcbb45 1477
4b34ee78 1478 if (!hdev_is_powered(hdev)) {
e8ba3a1f 1479 err = set_connectable_update_settings(hdev, sk, cp->val);
9fbcbb45
JH		 1480 goto failed;
1481 }
1482
2e58ef3e 1483 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
8ce8e2b5 1484 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
bdb6d971 1485 err = cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
04124681 1486 MGMT_STATUS_BUSY);
9fbcbb45
JH		 1487 goto failed;
1488 }
1489
2e58ef3e 1490 cmd = mgmt_pending_add(sk, MGMT_OP_SET_CONNECTABLE, hdev, data, len);
366a0336
JH		 1491 if (!cmd) {
1492 err = -ENOMEM;
9fbcbb45 1493 goto failed;
366a0336 1494 }
9fbcbb45 1495
9b74246f 1496 hci_req_init(&req, hdev);
9fbcbb45 1497
9a43e25f
JH		 1498 /* If BR/EDR is not enabled and we disable advertising as a
1499 * by-product of disabling connectable, we need to update the
1500 * advertising flags.
1501 */
1502 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
1503 if (!cp->val) {
1504 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
1505 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
1506 }
1507 update_adv_data(&req);
1508 } else if (cp->val != test_bit(HCI_PSCAN, &hdev->flags)) {
9b74246f
JH		 1509 if (cp->val) {
1510 scan = SCAN_PAGE;
1511 } else {
1512 scan = 0;
1513
1514 if (test_bit(HCI_ISCAN, &hdev->flags) &&
8d6083fe 1515 hdev->discov_timeout > 0)
9b74246f
JH		 1516 cancel_delayed_work(&hdev->discov_off);
1517 }
2b76f453 1518
9b74246f
JH		 1519 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1520 }
2b76f453 1521
4c01f8b8
JH		 1522 /* If we're going from non-connectable to connectable or
1523 * vice-versa when fast connectable is enabled ensure that fast
1524 * connectable gets disabled. write_fast_connectable won't do
1525 * anything if the page scan parameters are already what they
1526 * should be.
1527 */
1528 if (cp->val || test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags))
e36a3769
JH		 1529 write_fast_connectable(&req, false);
1530
1987fdc7
JH		 1531 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags) &&
1532 hci_conn_num(hdev, LE_LINK) == 0) {
1533 disable_advertising(&req);
1534 enable_advertising(&req);
1535 }
1536
2b76f453 1537 err = hci_req_run(&req, set_connectable_complete);
9b74246f 1538 if (err < 0) {
a664b5bc 1539 mgmt_pending_remove(cmd);
9b74246f 1540 if (err == -ENODATA)
a81070ba
JH		 1541 err = set_connectable_update_settings(hdev, sk,
1542 cp->val);
9b74246f
JH		 1543 goto failed;
1544 }
9fbcbb45
JH		 1545
1546failed:
09fd0de5 1547 hci_dev_unlock(hdev);
9fbcbb45
JH		 1548 return err;
1549}
1550
bdb6d971 1551static int set_pairable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1552 u16 len)
c542a06c 1553{
650f726d 1554 struct mgmt_mode *cp = data;
55594356 1555 bool changed;
c542a06c
JH		 1556 int err;
1557
bdb6d971 1558 BT_DBG("request for %s", hdev->name);
c542a06c 1559
a7e80f25
JH		 1560 if (cp->val != 0x00 && cp->val != 0x01)
1561 return cmd_status(sk, hdev->id, MGMT_OP_SET_PAIRABLE,
1562 MGMT_STATUS_INVALID_PARAMS);
1563
09fd0de5 1564 hci_dev_lock(hdev);
c542a06c
JH		 1565
1566 if (cp->val)
55594356 1567 changed = !test_and_set_bit(HCI_PAIRABLE, &hdev->dev_flags);
c542a06c 1568 else
55594356 1569 changed = test_and_clear_bit(HCI_PAIRABLE, &hdev->dev_flags);
c542a06c 1570
69ab39ea 1571 err = send_settings_rsp(sk, MGMT_OP_SET_PAIRABLE, hdev);
c542a06c 1572 if (err < 0)
55594356 1573 goto unlock;
c542a06c 1574
55594356
MH		 1575 if (changed)
1576 err = new_settings(hdev, sk);
c542a06c 1577
55594356 1578unlock:
09fd0de5 1579 hci_dev_unlock(hdev);
c542a06c
JH		 1580 return err;
1581}
1582
04124681
GP		 1583static int set_link_security(struct sock *sk, struct hci_dev *hdev, void *data,
1584 u16 len)
33ef95ed
JH		 1585{
1586 struct mgmt_mode *cp = data;
1587 struct pending_cmd *cmd;
e6fe7986 1588 u8 val, status;
33ef95ed
JH		 1589 int err;
1590
bdb6d971 1591 BT_DBG("request for %s", hdev->name);
33ef95ed 1592
e6fe7986
JH		 1593 status = mgmt_bredr_support(hdev);
1594 if (status)
33c525c0 1595 return cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
e6fe7986 1596 status);
33c525c0 1597
a7e80f25
JH		 1598 if (cp->val != 0x00 && cp->val != 0x01)
1599 return cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1600 MGMT_STATUS_INVALID_PARAMS);
1601
33ef95ed
JH		 1602 hci_dev_lock(hdev);
1603
4b34ee78 1604 if (!hdev_is_powered(hdev)) {
47990ea0
JH		 1605 bool changed = false;
1606
1607 if (!!cp->val != test_bit(HCI_LINK_SECURITY,
8ce8e2b5 1608 &hdev->dev_flags)) {
47990ea0
JH		 1609 change_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
1610 changed = true;
1611 }
1612
1613 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1614 if (err < 0)
1615 goto failed;
1616
1617 if (changed)
1618 err = new_settings(hdev, sk);
1619
33ef95ed
JH		 1620 goto failed;
1621 }
1622
1623 if (mgmt_pending_find(MGMT_OP_SET_LINK_SECURITY, hdev)) {
bdb6d971 1624 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
04124681 1625 MGMT_STATUS_BUSY);
33ef95ed
JH		 1626 goto failed;
1627 }
1628
1629 val = !!cp->val;
1630
1631 if (test_bit(HCI_AUTH, &hdev->flags) == val) {
1632 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1633 goto failed;
1634 }
1635
1636 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LINK_SECURITY, hdev, data, len);
1637 if (!cmd) {
1638 err = -ENOMEM;
1639 goto failed;
1640 }
1641
1642 err = hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE, sizeof(val), &val);
1643 if (err < 0) {
1644 mgmt_pending_remove(cmd);
1645 goto failed;
1646 }
1647
1648failed:
1649 hci_dev_unlock(hdev);
33ef95ed
JH		 1650 return err;
1651}
1652
bdb6d971 1653static int set_ssp(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
ed2c4ee3
JH		 1654{
1655 struct mgmt_mode *cp = data;
1656 struct pending_cmd *cmd;
72ef0c1a 1657 u8 status;
ed2c4ee3
JH		 1658 int err;
1659
bdb6d971 1660 BT_DBG("request for %s", hdev->name);
ed2c4ee3 1661
cdba5281
MH		 1662 status = mgmt_bredr_support(hdev);
1663 if (status)
1664 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP, status);
1665
13ecd8b6
JH		 1666 if (!lmp_ssp_capable(hdev))
1667 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1668 MGMT_STATUS_NOT_SUPPORTED);
ed2c4ee3 1669
a7e80f25
JH		 1670 if (cp->val != 0x00 && cp->val != 0x01)
1671 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1672 MGMT_STATUS_INVALID_PARAMS);
1673
13ecd8b6 1674 hci_dev_lock(hdev);
6c8f12c1 1675
4b34ee78 1676 if (!hdev_is_powered(hdev)) {
9ecb3e24 1677 bool changed;
c0ecddc2 1678
9ecb3e24
MH		 1679 if (cp->val) {
1680 changed = !test_and_set_bit(HCI_SSP_ENABLED,
1681 &hdev->dev_flags);
1682 } else {
1683 changed = test_and_clear_bit(HCI_SSP_ENABLED,
1684 &hdev->dev_flags);
1685 if (!changed)
1686 changed = test_and_clear_bit(HCI_HS_ENABLED,
1687 &hdev->dev_flags);
1688 else
1689 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
c0ecddc2
JH		 1690 }
1691
1692 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1693 if (err < 0)
1694 goto failed;
1695
1696 if (changed)
1697 err = new_settings(hdev, sk);
1698
ed2c4ee3
JH		 1699 goto failed;
1700 }
1701
9ecb3e24
MH		 1702 if (mgmt_pending_find(MGMT_OP_SET_SSP, hdev) ||
1703 mgmt_pending_find(MGMT_OP_SET_HS, hdev)) {
d97dcb66
SJ		 1704 err = cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1705 MGMT_STATUS_BUSY);
ed2c4ee3
JH		 1706 goto failed;
1707 }
1708
72ef0c1a 1709 if (!!cp->val == test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) {
ed2c4ee3
JH		 1710 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1711 goto failed;
1712 }
1713
1714 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SSP, hdev, data, len);
1715 if (!cmd) {
1716 err = -ENOMEM;
1717 goto failed;
1718 }
1719
72ef0c1a 1720 err = hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, 1, &cp->val);
ed2c4ee3
JH		 1721 if (err < 0) {
1722 mgmt_pending_remove(cmd);
1723 goto failed;
1724 }
1725
1726failed:
1727 hci_dev_unlock(hdev);
ed2c4ee3
JH		 1728 return err;
1729}
1730
bdb6d971 1731static int set_hs(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
6d80dfd0
JH		 1732{
1733 struct mgmt_mode *cp = data;
ee392693 1734 bool changed;
e6fe7986 1735 u8 status;
ee392693 1736 int err;
6d80dfd0 1737
bdb6d971 1738 BT_DBG("request for %s", hdev->name);
6d80dfd0 1739
e6fe7986
JH		 1740 status = mgmt_bredr_support(hdev);
1741 if (status)
1742 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS, status);
6d80dfd0 1743
9ecb3e24
MH		 1744 if (!lmp_ssp_capable(hdev))
1745 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1746 MGMT_STATUS_NOT_SUPPORTED);
1747
1748 if (!test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
1749 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1750 MGMT_STATUS_REJECTED);
1751
a7e80f25
JH		 1752 if (cp->val != 0x00 && cp->val != 0x01)
1753 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1754 MGMT_STATUS_INVALID_PARAMS);
1755
ee392693
MH		 1756 hci_dev_lock(hdev);
1757
a0cdf960 1758 if (cp->val) {
ee392693 1759 changed = !test_and_set_bit(HCI_HS_ENABLED, &hdev->dev_flags);
a0cdf960
MH		 1760 } else {
1761 if (hdev_is_powered(hdev)) {
1762 err = cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1763 MGMT_STATUS_REJECTED);
1764 goto unlock;
1765 }
1766
ee392693 1767 changed = test_and_clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
a0cdf960 1768 }
ee392693
MH		 1769
1770 err = send_settings_rsp(sk, MGMT_OP_SET_HS, hdev);
1771 if (err < 0)
1772 goto unlock;
1773
1774 if (changed)
1775 err = new_settings(hdev, sk);
6d80dfd0 1776
ee392693
MH		 1777unlock:
1778 hci_dev_unlock(hdev);
1779 return err;
6d80dfd0
JH		 1780}
1781
416a4ae5
JH		 1782static void le_enable_complete(struct hci_dev *hdev, u8 status)
1783{
1784 struct cmd_lookup match = { NULL, hdev };
1785
1786 if (status) {
1787 u8 mgmt_err = mgmt_status(status);
1788
1789 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, cmd_status_rsp,
1790 &mgmt_err);
1791 return;
1792 }
1793
1794 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, settings_rsp, &match);
1795
1796 new_settings(hdev, match.sk);
1797
1798 if (match.sk)
1799 sock_put(match.sk);
441ad2d0
MH		 1800
1801 /* Make sure the controller has a good default for
1802 * advertising data. Restrict the update to when LE
1803 * has actually been enabled. During power on, the
1804 * update in powered_update_hci will take care of it.
1805 */
1806 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
1807 struct hci_request req;
1808
1809 hci_dev_lock(hdev);
1810
1811 hci_req_init(&req, hdev);
5947f4bc 1812 update_adv_data(&req);
f14d8f64 1813 update_scan_rsp_data(&req);
441ad2d0
MH		 1814 hci_req_run(&req, NULL);
1815
1816 hci_dev_unlock(hdev);
1817 }
416a4ae5
JH		 1818}
1819
bdb6d971 1820static int set_le(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
06199cf8
JH		 1821{
1822 struct mgmt_mode *cp = data;
1823 struct hci_cp_write_le_host_supported hci_cp;
1824 struct pending_cmd *cmd;
416a4ae5 1825 struct hci_request req;
06199cf8 1826 int err;
0b60eba1 1827 u8 val, enabled;
06199cf8 1828
bdb6d971 1829 BT_DBG("request for %s", hdev->name);
06199cf8 1830
13ecd8b6
JH		 1831 if (!lmp_le_capable(hdev))
1832 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1833 MGMT_STATUS_NOT_SUPPORTED);
1de028ce 1834
a7e80f25
JH		 1835 if (cp->val != 0x00 && cp->val != 0x01)
1836 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1837 MGMT_STATUS_INVALID_PARAMS);
1838
c73eee91 1839 /* LE-only devices do not allow toggling LE on/off */
56f87901 1840 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
c73eee91
JH		 1841 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1842 MGMT_STATUS_REJECTED);
1843
13ecd8b6 1844 hci_dev_lock(hdev);
06199cf8
JH		 1845
1846 val = !!cp->val;
ffa88e02 1847 enabled = lmp_host_le_capable(hdev);
06199cf8 1848
0b60eba1 1849 if (!hdev_is_powered(hdev) || val == enabled) {
06199cf8
JH		 1850 bool changed = false;
1851
1852 if (val != test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
1853 change_bit(HCI_LE_ENABLED, &hdev->dev_flags);
1854 changed = true;
1855 }
1856
f3d3444a
JH		 1857 if (!val && test_bit(HCI_ADVERTISING, &hdev->dev_flags)) {
1858 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
eeca6f89
JH		 1859 changed = true;
1860 }
1861
06199cf8
JH		 1862 err = send_settings_rsp(sk, MGMT_OP_SET_LE, hdev);
1863 if (err < 0)
1de028ce 1864 goto unlock;
06199cf8
JH		 1865
1866 if (changed)
1867 err = new_settings(hdev, sk);
1868
1de028ce 1869 goto unlock;
06199cf8
JH		 1870 }
1871
4375f103
JH		 1872 if (mgmt_pending_find(MGMT_OP_SET_LE, hdev) ||
1873 mgmt_pending_find(MGMT_OP_SET_ADVERTISING, hdev)) {
bdb6d971 1874 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
04124681 1875 MGMT_STATUS_BUSY);
1de028ce 1876 goto unlock;
06199cf8
JH		 1877 }
1878
1879 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LE, hdev, data, len);
1880 if (!cmd) {
1881 err = -ENOMEM;
1de028ce 1882 goto unlock;
06199cf8
JH		 1883 }
1884
441ad2d0
MH		 1885 hci_req_init(&req, hdev);
1886
06199cf8
JH		 1887 memset(&hci_cp, 0, sizeof(hci_cp));
1888
1889 if (val) {
1890 hci_cp.le = val;
ffa88e02 1891 hci_cp.simul = lmp_le_br_capable(hdev);
441ad2d0
MH		 1892 } else {
1893 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags))
1894 disable_advertising(&req);
06199cf8
JH		 1895 }
1896
416a4ae5
JH		 1897 hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(hci_cp),
1898 &hci_cp);
1899
1900 err = hci_req_run(&req, le_enable_complete);
0c01bc48 1901 if (err < 0)
06199cf8 1902 mgmt_pending_remove(cmd);
06199cf8 1903
1de028ce
JH		 1904unlock:
1905 hci_dev_unlock(hdev);
06199cf8
JH		 1906 return err;
1907}
1908
0cab9c80
JH		 1909/* This is a helper function to test for pending mgmt commands that can
1910 * cause CoD or EIR HCI commands. We can only allow one such pending
1911 * mgmt command at a time since otherwise we cannot easily track what
1912 * the current values are, will be, and based on that calculate if a new
1913 * HCI command needs to be sent and if yes with what value.
1914 */
1915static bool pending_eir_or_class(struct hci_dev *hdev)
1916{
1917 struct pending_cmd *cmd;
1918
1919 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
1920 switch (cmd->opcode) {
1921 case MGMT_OP_ADD_UUID:
1922 case MGMT_OP_REMOVE_UUID:
1923 case MGMT_OP_SET_DEV_CLASS:
1924 case MGMT_OP_SET_POWERED:
1925 return true;
1926 }
1927 }
1928
1929 return false;
1930}
1931
83be8eca
JH		 1932static const u8 bluetooth_base_uuid[] = {
1933 0xfb, 0x34, 0x9b, 0x5f, 0x80, 0x00, 0x00, 0x80,
1934 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1935};
1936
1937static u8 get_uuid_size(const u8 *uuid)
1938{
1939 u32 val;
1940
1941 if (memcmp(uuid, bluetooth_base_uuid, 12))
1942 return 128;
1943
1944 val = get_unaligned_le32(&uuid[12]);
1945 if (val > 0xffff)
1946 return 32;
1947
1948 return 16;
1949}
1950
92da6097
JH		 1951static void mgmt_class_complete(struct hci_dev *hdev, u16 mgmt_op, u8 status)
1952{
1953 struct pending_cmd *cmd;
1954
1955 hci_dev_lock(hdev);
1956
1957 cmd = mgmt_pending_find(mgmt_op, hdev);
1958 if (!cmd)
1959 goto unlock;
1960
1961 cmd_complete(cmd->sk, cmd->index, cmd->opcode, mgmt_status(status),
1962 hdev->dev_class, 3);
1963
1964 mgmt_pending_remove(cmd);
1965
1966unlock:
1967 hci_dev_unlock(hdev);
1968}
1969
1970static void add_uuid_complete(struct hci_dev *hdev, u8 status)
1971{
1972 BT_DBG("status 0x%02x", status);
1973
1974 mgmt_class_complete(hdev, MGMT_OP_ADD_UUID, status);
1975}
1976
bdb6d971 1977static int add_uuid(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
2aeb9a1a 1978{
650f726d 1979 struct mgmt_cp_add_uuid *cp = data;
90e70454 1980 struct pending_cmd *cmd;
890ea898 1981 struct hci_request req;
2aeb9a1a 1982 struct bt_uuid *uuid;
2aeb9a1a
JH		 1983 int err;
1984
bdb6d971 1985 BT_DBG("request for %s", hdev->name);
2aeb9a1a 1986
09fd0de5 1987 hci_dev_lock(hdev);
2aeb9a1a 1988
0cab9c80 1989 if (pending_eir_or_class(hdev)) {
bdb6d971 1990 err = cmd_status(sk, hdev->id, MGMT_OP_ADD_UUID,
04124681 1991 MGMT_STATUS_BUSY);
c95f0ba7
JH		 1992 goto failed;
1993 }
1994
92c4c204 1995 uuid = kmalloc(sizeof(*uuid), GFP_KERNEL);
2aeb9a1a
JH		 1996 if (!uuid) {
1997 err = -ENOMEM;
1998 goto failed;
1999 }
2000
2001 memcpy(uuid->uuid, cp->uuid, 16);
1aff6f09 2002 uuid->svc_hint = cp->svc_hint;
83be8eca 2003 uuid->size = get_uuid_size(cp->uuid);
2aeb9a1a 2004
de66aa63 2005 list_add_tail(&uuid->list, &hdev->uuids);
2aeb9a1a 2006
890ea898 2007 hci_req_init(&req, hdev);
1aff6f09 2008
890ea898
JH		 2009 update_class(&req);
2010 update_eir(&req);
2011
92da6097
JH		 2012 err = hci_req_run(&req, add_uuid_complete);
2013 if (err < 0) {
2014 if (err != -ENODATA)
2015 goto failed;
80a1e1db 2016
bdb6d971 2017 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_UUID, 0,
04124681 2018 hdev->dev_class, 3);
90e70454
JH		 2019 goto failed;
2020 }
2021
2022 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_UUID, hdev, data, len);
890ea898 2023 if (!cmd) {
90e70454 2024 err = -ENOMEM;
890ea898
JH		 2025 goto failed;
2026 }
2027
2028 err = 0;
2aeb9a1a
JH		 2029
2030failed:
09fd0de5 2031 hci_dev_unlock(hdev);
2aeb9a1a
JH		 2032 return err;
2033}
2034
24b78d0f
JH		 2035static bool enable_service_cache(struct hci_dev *hdev)
2036{
2037 if (!hdev_is_powered(hdev))
2038 return false;
2039
2040 if (!test_and_set_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
46818ed5
JH		 2041 queue_delayed_work(hdev->workqueue, &hdev->service_cache,
2042 CACHE_TIMEOUT);
24b78d0f
JH		 2043 return true;
2044 }
2045
2046 return false;
2047}
2048
92da6097
JH		 2049static void remove_uuid_complete(struct hci_dev *hdev, u8 status)
2050{
2051 BT_DBG("status 0x%02x", status);
2052
2053 mgmt_class_complete(hdev, MGMT_OP_REMOVE_UUID, status);
2054}
2055
bdb6d971 2056static int remove_uuid(struct sock *sk, struct hci_dev *hdev, void *data,
8ce8e2b5 2057 u16 len)
2aeb9a1a 2058{
650f726d 2059 struct mgmt_cp_remove_uuid *cp = data;
90e70454 2060 struct pending_cmd *cmd;
056341c8 2061 struct bt_uuid *match, *tmp;
2aeb9a1a 2062 u8 bt_uuid_any[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
890ea898 2063 struct hci_request req;
2aeb9a1a
JH		 2064 int err, found;
2065
bdb6d971 2066 BT_DBG("request for %s", hdev->name);
2aeb9a1a 2067
09fd0de5 2068 hci_dev_lock(hdev);
2aeb9a1a 2069
0cab9c80 2070 if (pending_eir_or_class(hdev)) {
bdb6d971 2071 err = cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
04124681 2072 MGMT_STATUS_BUSY);
c95f0ba7
JH		 2073 goto unlock;
2074 }
2075
2aeb9a1a 2076 if (memcmp(cp->uuid, bt_uuid_any, 16) == 0) {
35f7498a 2077 hci_uuids_clear(hdev);
4004b6d9 2078
24b78d0f 2079 if (enable_service_cache(hdev)) {
bdb6d971 2080 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID,
04124681 2081 0, hdev->dev_class, 3);
24b78d0f
JH		 2082 goto unlock;
2083 }
4004b6d9 2084
9246a869 2085 goto update_class;
2aeb9a1a
JH		 2086 }
2087
2088 found = 0;
2089
056341c8 2090 list_for_each_entry_safe(match, tmp, &hdev->uuids, list) {
2aeb9a1a
JH		 2091 if (memcmp(match->uuid, cp->uuid, 16) != 0)
2092 continue;
2093
2094 list_del(&match->list);
482049f7 2095 kfree(match);
2aeb9a1a
JH		 2096 found++;
2097 }
2098
2099 if (found == 0) {
bdb6d971 2100 err = cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
04124681 2101 MGMT_STATUS_INVALID_PARAMS);
2aeb9a1a
JH		 2102 goto unlock;
2103 }
2104
9246a869 2105update_class:
890ea898 2106 hci_req_init(&req, hdev);
1aff6f09 2107
890ea898
JH		 2108 update_class(&req);
2109 update_eir(&req);
2110
92da6097
JH		 2111 err = hci_req_run(&req, remove_uuid_complete);
2112 if (err < 0) {
2113 if (err != -ENODATA)
2114 goto unlock;
80a1e1db 2115
bdb6d971 2116 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID, 0,
04124681 2117 hdev->dev_class, 3);
90e70454
JH		 2118 goto unlock;
2119 }
2120
2121 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_UUID, hdev, data, len);
890ea898 2122 if (!cmd) {
90e70454 2123 err = -ENOMEM;
890ea898
JH		 2124 goto unlock;
2125 }
2126
2127 err = 0;
2aeb9a1a
JH		 2128
2129unlock:
09fd0de5 2130 hci_dev_unlock(hdev);
2aeb9a1a
JH		 2131 return err;
2132}
2133
92da6097
JH		 2134static void set_class_complete(struct hci_dev *hdev, u8 status)
2135{
2136 BT_DBG("status 0x%02x", status);
2137
2138 mgmt_class_complete(hdev, MGMT_OP_SET_DEV_CLASS, status);
2139}
2140
bdb6d971 2141static int set_dev_class(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2142 u16 len)
1aff6f09 2143{
650f726d 2144 struct mgmt_cp_set_dev_class *cp = data;
90e70454 2145 struct pending_cmd *cmd;
890ea898 2146 struct hci_request req;
1aff6f09
JH		 2147 int err;
2148
bdb6d971 2149 BT_DBG("request for %s", hdev->name);
1aff6f09 2150
6203fc98 2151 if (!lmp_bredr_capable(hdev))
13ecd8b6
JH		 2152 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2153 MGMT_STATUS_NOT_SUPPORTED);
1aff6f09 2154
0cab9c80 2155 hci_dev_lock(hdev);
ee98f473 2156
0cab9c80
JH		 2157 if (pending_eir_or_class(hdev)) {
2158 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2159 MGMT_STATUS_BUSY);
2160 goto unlock;
2161 }
c95f0ba7 2162
0cab9c80
JH		 2163 if ((cp->minor & 0x03) != 0 || (cp->major & 0xe0) != 0) {
2164 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2165 MGMT_STATUS_INVALID_PARAMS);
2166 goto unlock;
2167 }
575b3a02 2168
932f5ff5
JH		 2169 hdev->major_class = cp->major;
2170 hdev->minor_class = cp->minor;
2171
b5235a65 2172 if (!hdev_is_powered(hdev)) {
bdb6d971 2173 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
04124681 2174 hdev->dev_class, 3);
b5235a65
JH		 2175 goto unlock;
2176 }
2177
890ea898
JH		 2178 hci_req_init(&req, hdev);
2179
a8b2d5c2 2180 if (test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
7d78525d
JH		 2181 hci_dev_unlock(hdev);
2182 cancel_delayed_work_sync(&hdev->service_cache);
2183 hci_dev_lock(hdev);
890ea898 2184 update_eir(&req);
7d78525d 2185 }
14c0b608 2186
890ea898
JH		 2187 update_class(&req);
2188
92da6097
JH		 2189 err = hci_req_run(&req, set_class_complete);
2190 if (err < 0) {
2191 if (err != -ENODATA)
2192 goto unlock;
1aff6f09 2193
bdb6d971 2194 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
04124681 2195 hdev->dev_class, 3);
90e70454
JH		 2196 goto unlock;
2197 }
2198
2199 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DEV_CLASS, hdev, data, len);
890ea898 2200 if (!cmd) {
90e70454 2201 err = -ENOMEM;
890ea898
JH		 2202 goto unlock;
2203 }
2204
2205 err = 0;
1aff6f09 2206
b5235a65 2207unlock:
09fd0de5 2208 hci_dev_unlock(hdev);
1aff6f09
JH		 2209 return err;
2210}
2211
bdb6d971 2212static int load_link_keys(struct sock *sk, struct hci_dev *hdev, void *data,
8ce8e2b5 2213 u16 len)
55ed8ca1 2214{
650f726d 2215 struct mgmt_cp_load_link_keys *cp = data;
4e51eae9 2216 u16 key_count, expected_len;
b1de97d8 2217 bool changed;
a492cd52 2218 int i;
55ed8ca1 2219
9060d5cf
MH		 2220 BT_DBG("request for %s", hdev->name);
2221
2222 if (!lmp_bredr_capable(hdev))
2223 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2224 MGMT_STATUS_NOT_SUPPORTED);
2225
1f350c87 2226 key_count = __le16_to_cpu(cp->key_count);
55ed8ca1 2227
86742e1e
JH		 2228 expected_len = sizeof(*cp) + key_count *
2229 sizeof(struct mgmt_link_key_info);
a492cd52 2230 if (expected_len != len) {
86742e1e 2231 BT_ERR("load_link_keys: expected %u bytes, got %u bytes",
8ce8e2b5 2232 len, expected_len);
bdb6d971 2233 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
04124681 2234 MGMT_STATUS_INVALID_PARAMS);
55ed8ca1
JH		 2235 }
2236
4ae14301
JH		 2237 if (cp->debug_keys != 0x00 && cp->debug_keys != 0x01)
2238 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2239 MGMT_STATUS_INVALID_PARAMS);
2240
bdb6d971 2241 BT_DBG("%s debug_keys %u key_count %u", hdev->name, cp->debug_keys,
8ce8e2b5 2242 key_count);
55ed8ca1 2243
4ee71b20
JH		 2244 for (i = 0; i < key_count; i++) {
2245 struct mgmt_link_key_info *key = &cp->keys[i];
2246
8e991132 2247 if (key->addr.type != BDADDR_BREDR || key->type > 0x08)
4ee71b20
JH		 2248 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2249 MGMT_STATUS_INVALID_PARAMS);
2250 }
2251
09fd0de5 2252 hci_dev_lock(hdev);
55ed8ca1
JH		 2253
2254 hci_link_keys_clear(hdev);
2255
55ed8ca1 2256 if (cp->debug_keys)
b1de97d8 2257 changed = !test_and_set_bit(HCI_DEBUG_KEYS, &hdev->dev_flags);
55ed8ca1 2258 else
b1de97d8
MH		 2259 changed = test_and_clear_bit(HCI_DEBUG_KEYS, &hdev->dev_flags);
2260
2261 if (changed)
2262 new_settings(hdev, NULL);
55ed8ca1 2263
a492cd52 2264 for (i = 0; i < key_count; i++) {
86742e1e 2265 struct mgmt_link_key_info *key = &cp->keys[i];
55ed8ca1 2266
d753fdc4 2267 hci_add_link_key(hdev, NULL, 0, &key->addr.bdaddr, key->val,
04124681 2268 key->type, key->pin_len);
55ed8ca1
JH		 2269 }
2270
bdb6d971 2271 cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS, 0, NULL, 0);
0e5f875a 2272
09fd0de5 2273 hci_dev_unlock(hdev);
55ed8ca1 2274
a492cd52 2275 return 0;
55ed8ca1
JH		 2276}
2277
b1078ad0 2278static int device_unpaired(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 2279 u8 addr_type, struct sock *skip_sk)
b1078ad0
JH		 2280{
2281 struct mgmt_ev_device_unpaired ev;
2282
2283 bacpy(&ev.addr.bdaddr, bdaddr);
2284 ev.addr.type = addr_type;
2285
2286 return mgmt_event(MGMT_EV_DEVICE_UNPAIRED, hdev, &ev, sizeof(ev),
04124681 2287 skip_sk);
b1078ad0
JH		 2288}
2289
bdb6d971 2290static int unpair_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2291 u16 len)
55ed8ca1 2292{
124f6e35
JH		 2293 struct mgmt_cp_unpair_device *cp = data;
2294 struct mgmt_rp_unpair_device rp;
a8a1d19e
JH		 2295 struct hci_cp_disconnect dc;
2296 struct pending_cmd *cmd;
55ed8ca1 2297 struct hci_conn *conn;
55ed8ca1
JH		 2298 int err;
2299
a8a1d19e 2300 memset(&rp, 0, sizeof(rp));
124f6e35
JH		 2301 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2302 rp.addr.type = cp->addr.type;
a8a1d19e 2303
4ee71b20
JH		 2304 if (!bdaddr_type_is_valid(cp->addr.type))
2305 return cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2306 MGMT_STATUS_INVALID_PARAMS,
2307 &rp, sizeof(rp));
2308
118da70b
JH		 2309 if (cp->disconnect != 0x00 && cp->disconnect != 0x01)
2310 return cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2311 MGMT_STATUS_INVALID_PARAMS,
2312 &rp, sizeof(rp));
2313
4ee71b20
JH		 2314 hci_dev_lock(hdev);
2315
86a8cfc6 2316 if (!hdev_is_powered(hdev)) {
bdb6d971 2317 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
04124681 2318 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
86a8cfc6
JH		 2319 goto unlock;
2320 }
2321
e0b2b27e 2322 if (cp->addr.type == BDADDR_BREDR) {
124f6e35 2323 err = hci_remove_link_key(hdev, &cp->addr.bdaddr);
e0b2b27e
JH		 2324 } else {
2325 u8 addr_type;
2326
2327 if (cp->addr.type == BDADDR_LE_PUBLIC)
2328 addr_type = ADDR_LE_DEV_PUBLIC;
2329 else
2330 addr_type = ADDR_LE_DEV_RANDOM;
2331
a7ec7338
JH		 2332 hci_remove_irk(hdev, &cp->addr.bdaddr, addr_type);
2333
e0b2b27e
JH		 2334 err = hci_remove_ltk(hdev, &cp->addr.bdaddr, addr_type);
2335 }
b0dbfb46 2336
55ed8ca1 2337 if (err < 0) {
bdb6d971 2338 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
04124681 2339 MGMT_STATUS_NOT_PAIRED, &rp, sizeof(rp));
55ed8ca1
JH		 2340 goto unlock;
2341 }
2342
86a8cfc6 2343 if (cp->disconnect) {
591f47f3 2344 if (cp->addr.type == BDADDR_BREDR)
86a8cfc6 2345 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
8ce8e2b5 2346 &cp->addr.bdaddr);
86a8cfc6
JH		 2347 else
2348 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK,
8ce8e2b5 2349 &cp->addr.bdaddr);
86a8cfc6
JH		 2350 } else {
2351 conn = NULL;
2352 }
124f6e35 2353
a8a1d19e 2354 if (!conn) {
bdb6d971 2355 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE, 0,
04124681 2356 &rp, sizeof(rp));
b1078ad0 2357 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, sk);
a8a1d19e
JH		 2358 goto unlock;
2359 }
55ed8ca1 2360
124f6e35 2361 cmd = mgmt_pending_add(sk, MGMT_OP_UNPAIR_DEVICE, hdev, cp,
04124681 2362 sizeof(*cp));
a8a1d19e
JH		 2363 if (!cmd) {
2364 err = -ENOMEM;
2365 goto unlock;
55ed8ca1
JH		 2366 }
2367
eb55ef07 2368 dc.handle = cpu_to_le16(conn->handle);
a8a1d19e
JH		 2369 dc.reason = 0x13; /* Remote User Terminated Connection */
2370 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
2371 if (err < 0)
2372 mgmt_pending_remove(cmd);
2373
55ed8ca1 2374unlock:
09fd0de5 2375 hci_dev_unlock(hdev);
55ed8ca1
JH		 2376 return err;
2377}
2378
bdb6d971 2379static int disconnect(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2380 u16 len)
8962ee74 2381{
650f726d 2382 struct mgmt_cp_disconnect *cp = data;
06a63b19 2383 struct mgmt_rp_disconnect rp;
8962ee74 2384 struct hci_cp_disconnect dc;
366a0336 2385 struct pending_cmd *cmd;
8962ee74 2386 struct hci_conn *conn;
8962ee74
JH		 2387 int err;
2388
2389 BT_DBG("");
2390
06a63b19
JH		 2391 memset(&rp, 0, sizeof(rp));
2392 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2393 rp.addr.type = cp->addr.type;
2394
4ee71b20 2395 if (!bdaddr_type_is_valid(cp->addr.type))
06a63b19
JH		 2396 return cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2397 MGMT_STATUS_INVALID_PARAMS,
2398 &rp, sizeof(rp));
4ee71b20 2399
09fd0de5 2400 hci_dev_lock(hdev);
8962ee74
JH		 2401
2402 if (!test_bit(HCI_UP, &hdev->flags)) {
06a63b19
JH		 2403 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2404 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
8962ee74
JH		 2405 goto failed;
2406 }
2407
2e58ef3e 2408 if (mgmt_pending_find(MGMT_OP_DISCONNECT, hdev)) {
06a63b19
JH		 2409 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2410 MGMT_STATUS_BUSY, &rp, sizeof(rp));
8962ee74
JH		 2411 goto failed;
2412 }
2413
591f47f3 2414 if (cp->addr.type == BDADDR_BREDR)
8fc9ced3
GP		 2415 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
2416 &cp->addr.bdaddr);
88c3df13
JH		 2417 else
2418 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
365227e5 2419
f960727e 2420 if (!conn || conn->state == BT_OPEN || conn->state == BT_CLOSED) {
06a63b19
JH		 2421 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2422 MGMT_STATUS_NOT_CONNECTED, &rp, sizeof(rp));
8962ee74
JH		 2423 goto failed;
2424 }
2425
2e58ef3e 2426 cmd = mgmt_pending_add(sk, MGMT_OP_DISCONNECT, hdev, data, len);
366a0336
JH		 2427 if (!cmd) {
2428 err = -ENOMEM;
8962ee74 2429 goto failed;
366a0336 2430 }
8962ee74 2431
eb55ef07 2432 dc.handle = cpu_to_le16(conn->handle);
3701f944 2433 dc.reason = HCI_ERROR_REMOTE_USER_TERM;
8962ee74
JH		 2434
2435 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
2436 if (err < 0)
a664b5bc 2437 mgmt_pending_remove(cmd);
8962ee74
JH		 2438
2439failed:
09fd0de5 2440 hci_dev_unlock(hdev);
8962ee74
JH		 2441 return err;
2442}
2443
57c1477c 2444static u8 link_to_bdaddr(u8 link_type, u8 addr_type)
4c659c39
JH		 2445{
2446 switch (link_type) {
2447 case LE_LINK:
48264f06
JH		 2448 switch (addr_type) {
2449 case ADDR_LE_DEV_PUBLIC:
591f47f3 2450 return BDADDR_LE_PUBLIC;
0ed09148 2451
48264f06 2452 default:
0ed09148 2453 /* Fallback to LE Random address type */
591f47f3 2454 return BDADDR_LE_RANDOM;
48264f06 2455 }
0ed09148 2456
4c659c39 2457 default:
0ed09148 2458 /* Fallback to BR/EDR type */
591f47f3 2459 return BDADDR_BREDR;
4c659c39
JH		 2460 }
2461}
2462
04124681
GP		 2463static int get_connections(struct sock *sk, struct hci_dev *hdev, void *data,
2464 u16 data_len)
2784eb41 2465{
2784eb41 2466 struct mgmt_rp_get_connections *rp;
8035ded4 2467 struct hci_conn *c;
a38528f1 2468 size_t rp_len;
60fc5fb6
JH		 2469 int err;
2470 u16 i;
2784eb41
JH		 2471
2472 BT_DBG("");
2473
09fd0de5 2474 hci_dev_lock(hdev);
2784eb41 2475
5f97c1df 2476 if (!hdev_is_powered(hdev)) {
bdb6d971 2477 err = cmd_status(sk, hdev->id, MGMT_OP_GET_CONNECTIONS,
04124681 2478 MGMT_STATUS_NOT_POWERED);
5f97c1df
JH		 2479 goto unlock;
2480 }
2481
60fc5fb6 2482 i = 0;
b644ba33
JH		 2483 list_for_each_entry(c, &hdev->conn_hash.list, list) {
2484 if (test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
60fc5fb6 2485 i++;
2784eb41
JH		 2486 }
2487
60fc5fb6 2488 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
92c4c204 2489 rp = kmalloc(rp_len, GFP_KERNEL);
a38528f1 2490 if (!rp) {
2784eb41
JH		 2491 err = -ENOMEM;
2492 goto unlock;
2493 }
2494
2784eb41 2495 i = 0;
4c659c39 2496 list_for_each_entry(c, &hdev->conn_hash.list, list) {
b644ba33
JH		 2497 if (!test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
2498 continue;
4c659c39 2499 bacpy(&rp->addr[i].bdaddr, &c->dst);
57c1477c 2500 rp->addr[i].type = link_to_bdaddr(c->type, c->dst_type);
0ed09148 2501 if (c->type == SCO_LINK || c->type == ESCO_LINK)
4c659c39
JH		 2502 continue;
2503 i++;
2504 }
2505
eb55ef07 2506 rp->conn_count = cpu_to_le16(i);
60fc5fb6 2507
4c659c39
JH		 2508 /* Recalculate length in case of filtered SCO connections, etc */
2509 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
2784eb41 2510
bdb6d971 2511 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CONNECTIONS, 0, rp,
04124681 2512 rp_len);
2784eb41 2513
a38528f1 2514 kfree(rp);
5f97c1df
JH		 2515
2516unlock:
09fd0de5 2517 hci_dev_unlock(hdev);
2784eb41
JH		 2518 return err;
2519}
2520
bdb6d971 2521static int send_pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 2522 struct mgmt_cp_pin_code_neg_reply *cp)
96d97a67
WR		 2523{
2524 struct pending_cmd *cmd;
2525 int err;
2526
2e58ef3e 2527 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_NEG_REPLY, hdev, cp,
04124681 2528 sizeof(*cp));
96d97a67
WR		 2529 if (!cmd)
2530 return -ENOMEM;
2531
d8457698 2532 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
04124681 2533 sizeof(cp->addr.bdaddr), &cp->addr.bdaddr);
96d97a67
WR		 2534 if (err < 0)
2535 mgmt_pending_remove(cmd);
2536
2537 return err;
2538}
2539
bdb6d971 2540static int pin_code_reply(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2541 u16 len)
980e1a53 2542{
96d97a67 2543 struct hci_conn *conn;
650f726d 2544 struct mgmt_cp_pin_code_reply *cp = data;
980e1a53 2545 struct hci_cp_pin_code_reply reply;
366a0336 2546 struct pending_cmd *cmd;
980e1a53
JH		 2547 int err;
2548
2549 BT_DBG("");
2550
09fd0de5 2551 hci_dev_lock(hdev);
980e1a53 2552
4b34ee78 2553 if (!hdev_is_powered(hdev)) {
bdb6d971 2554 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
04124681 2555 MGMT_STATUS_NOT_POWERED);
980e1a53
JH		 2556 goto failed;
2557 }
2558
d8457698 2559 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->addr.bdaddr);
96d97a67 2560 if (!conn) {
bdb6d971 2561 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
04124681 2562 MGMT_STATUS_NOT_CONNECTED);
96d97a67
WR		 2563 goto failed;
2564 }
2565
2566 if (conn->pending_sec_level == BT_SECURITY_HIGH && cp->pin_len != 16) {
d8457698
JH		 2567 struct mgmt_cp_pin_code_neg_reply ncp;
2568
2569 memcpy(&ncp.addr, &cp->addr, sizeof(ncp.addr));
96d97a67
WR		 2570
2571 BT_ERR("PIN code is not 16 bytes long");
2572
bdb6d971 2573 err = send_pin_code_neg_reply(sk, hdev, &ncp);
96d97a67 2574 if (err >= 0)
bdb6d971 2575 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
04124681 2576 MGMT_STATUS_INVALID_PARAMS);
96d97a67
WR		 2577
2578 goto failed;
2579 }
2580
00abfe44 2581 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_REPLY, hdev, data, len);
366a0336
JH		 2582 if (!cmd) {
2583 err = -ENOMEM;
980e1a53 2584 goto failed;
366a0336 2585 }
980e1a53 2586
d8457698 2587 bacpy(&reply.bdaddr, &cp->addr.bdaddr);
980e1a53 2588 reply.pin_len = cp->pin_len;
24718ca5 2589 memcpy(reply.pin_code, cp->pin_code, sizeof(reply.pin_code));
980e1a53
JH		 2590
2591 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_REPLY, sizeof(reply), &reply);
2592 if (err < 0)
a664b5bc 2593 mgmt_pending_remove(cmd);
980e1a53
JH		 2594
2595failed:
09fd0de5 2596 hci_dev_unlock(hdev);
980e1a53
JH		 2597 return err;
2598}
2599
04124681
GP		 2600static int set_io_capability(struct sock *sk, struct hci_dev *hdev, void *data,
2601 u16 len)
17fa4b9d 2602{
650f726d 2603 struct mgmt_cp_set_io_capability *cp = data;
17fa4b9d
JH		 2604
2605 BT_DBG("");
2606
09fd0de5 2607 hci_dev_lock(hdev);
17fa4b9d
JH		 2608
2609 hdev->io_capability = cp->io_capability;
2610
2611 BT_DBG("%s IO capability set to 0x%02x", hdev->name,
8ce8e2b5 2612 hdev->io_capability);
17fa4b9d 2613
09fd0de5 2614 hci_dev_unlock(hdev);
17fa4b9d 2615
04124681
GP		 2616 return cmd_complete(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY, 0, NULL,
2617 0);
17fa4b9d
JH		 2618}
2619
6039aa73 2620static struct pending_cmd *find_pairing(struct hci_conn *conn)
e9a416b5
JH		 2621{
2622 struct hci_dev *hdev = conn->hdev;
8035ded4 2623 struct pending_cmd *cmd;
e9a416b5 2624
2e58ef3e 2625 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
e9a416b5
JH		 2626 if (cmd->opcode != MGMT_OP_PAIR_DEVICE)
2627 continue;
2628
e9a416b5
JH		 2629 if (cmd->user_data != conn)
2630 continue;
2631
2632 return cmd;
2633 }
2634
2635 return NULL;
2636}
2637
2638static void pairing_complete(struct pending_cmd *cmd, u8 status)
2639{
2640 struct mgmt_rp_pair_device rp;
2641 struct hci_conn *conn = cmd->user_data;
2642
ba4e564f 2643 bacpy(&rp.addr.bdaddr, &conn->dst);
57c1477c 2644 rp.addr.type = link_to_bdaddr(conn->type, conn->dst_type);
e9a416b5 2645
aee9b218 2646 cmd_complete(cmd->sk, cmd->index, MGMT_OP_PAIR_DEVICE, status,
04124681 2647 &rp, sizeof(rp));
e9a416b5
JH		 2648
2649 /* So we don't get further callbacks for this connection */
2650 conn->connect_cfm_cb = NULL;
2651 conn->security_cfm_cb = NULL;
2652 conn->disconn_cfm_cb = NULL;
2653
76a68ba0 2654 hci_conn_drop(conn);
e9a416b5 2655
a664b5bc 2656 mgmt_pending_remove(cmd);
e9a416b5
JH		 2657}
2658
f4a407be
JH		 2659void mgmt_smp_complete(struct hci_conn *conn, bool complete)
2660{
2661 u8 status = complete ? MGMT_STATUS_SUCCESS : MGMT_STATUS_FAILED;
2662 struct pending_cmd *cmd;
2663
2664 cmd = find_pairing(conn);
2665 if (cmd)
2666 pairing_complete(cmd, status);
2667}
2668
e9a416b5
JH		 2669static void pairing_complete_cb(struct hci_conn *conn, u8 status)
2670{
2671 struct pending_cmd *cmd;
2672
2673 BT_DBG("status %u", status);
2674
2675 cmd = find_pairing(conn);
56e5cb86 2676 if (!cmd)
e9a416b5 2677 BT_DBG("Unable to find a pending command");
56e5cb86 2678 else
e211326c 2679 pairing_complete(cmd, mgmt_status(status));
e9a416b5
JH		 2680}
2681
f4a407be 2682static void le_pairing_complete_cb(struct hci_conn *conn, u8 status)
4c47d739
VA		 2683{
2684 struct pending_cmd *cmd;
2685
2686 BT_DBG("status %u", status);
2687
2688 if (!status)
2689 return;
2690
2691 cmd = find_pairing(conn);
2692 if (!cmd)
2693 BT_DBG("Unable to find a pending command");
2694 else
2695 pairing_complete(cmd, mgmt_status(status));
2696}
2697
bdb6d971 2698static int pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2699 u16 len)
e9a416b5 2700{
650f726d 2701 struct mgmt_cp_pair_device *cp = data;
1425acb7 2702 struct mgmt_rp_pair_device rp;
e9a416b5
JH		 2703 struct pending_cmd *cmd;
2704 u8 sec_level, auth_type;
2705 struct hci_conn *conn;
e9a416b5
JH		 2706 int err;
2707
2708 BT_DBG("");
2709
f950a30e
SJ		 2710 memset(&rp, 0, sizeof(rp));
2711 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2712 rp.addr.type = cp->addr.type;
2713
4ee71b20
JH		 2714 if (!bdaddr_type_is_valid(cp->addr.type))
2715 return cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2716 MGMT_STATUS_INVALID_PARAMS,
2717 &rp, sizeof(rp));
2718
09fd0de5 2719 hci_dev_lock(hdev);
e9a416b5 2720
5f97c1df 2721 if (!hdev_is_powered(hdev)) {
f950a30e
SJ		 2722 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2723 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
5f97c1df
JH		 2724 goto unlock;
2725 }
2726
c908df36
VCG		 2727 sec_level = BT_SECURITY_MEDIUM;
2728 if (cp->io_cap == 0x03)
e9a416b5 2729 auth_type = HCI_AT_DEDICATED_BONDING;
c908df36 2730 else
e9a416b5 2731 auth_type = HCI_AT_DEDICATED_BONDING_MITM;
e9a416b5 2732
591f47f3 2733 if (cp->addr.type == BDADDR_BREDR)
b12f62cf
AG		 2734 conn = hci_connect(hdev, ACL_LINK, &cp->addr.bdaddr,
2735 cp->addr.type, sec_level, auth_type);
7a512d01 2736 else
b12f62cf
AG		 2737 conn = hci_connect(hdev, LE_LINK, &cp->addr.bdaddr,
2738 cp->addr.type, sec_level, auth_type);
7a512d01 2739
30e76272 2740 if (IS_ERR(conn)) {
489dc48e
AK		 2741 int status;
2742
2743 if (PTR_ERR(conn) == -EBUSY)
2744 status = MGMT_STATUS_BUSY;
2745 else
2746 status = MGMT_STATUS_CONNECT_FAILED;
2747
bdb6d971 2748 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
489dc48e 2749 status, &rp,
04124681 2750 sizeof(rp));
e9a416b5
JH		 2751 goto unlock;
2752 }
2753
2754 if (conn->connect_cfm_cb) {
76a68ba0 2755 hci_conn_drop(conn);
bdb6d971 2756 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
04124681 2757 MGMT_STATUS_BUSY, &rp, sizeof(rp));
e9a416b5
JH		 2758 goto unlock;
2759 }
2760
2e58ef3e 2761 cmd = mgmt_pending_add(sk, MGMT_OP_PAIR_DEVICE, hdev, data, len);
e9a416b5
JH		 2762 if (!cmd) {
2763 err = -ENOMEM;
76a68ba0 2764 hci_conn_drop(conn);
e9a416b5
JH		 2765 goto unlock;
2766 }
2767
7a512d01 2768 /* For LE, just connecting isn't a proof that the pairing finished */
f4a407be 2769 if (cp->addr.type == BDADDR_BREDR) {
7a512d01 2770 conn->connect_cfm_cb = pairing_complete_cb;
f4a407be
JH		 2771 conn->security_cfm_cb = pairing_complete_cb;
2772 conn->disconn_cfm_cb = pairing_complete_cb;
2773 } else {
2774 conn->connect_cfm_cb = le_pairing_complete_cb;
2775 conn->security_cfm_cb = le_pairing_complete_cb;
2776 conn->disconn_cfm_cb = le_pairing_complete_cb;
2777 }
7a512d01 2778
e9a416b5
JH		 2779 conn->io_capability = cp->io_cap;
2780 cmd->user_data = conn;
2781
2782 if (conn->state == BT_CONNECTED &&
8ce8e2b5 2783 hci_conn_security(conn, sec_level, auth_type))
e9a416b5
JH		 2784 pairing_complete(cmd, 0);
2785
2786 err = 0;
2787
2788unlock:
09fd0de5 2789 hci_dev_unlock(hdev);
e9a416b5
JH		 2790 return err;
2791}
2792
04124681
GP		 2793static int cancel_pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
2794 u16 len)
28424707 2795{
0f4e68cf 2796 struct mgmt_addr_info *addr = data;
28424707
JH		 2797 struct pending_cmd *cmd;
2798 struct hci_conn *conn;
2799 int err;
2800
2801 BT_DBG("");
2802
28424707
JH		 2803 hci_dev_lock(hdev);
2804
5f97c1df 2805 if (!hdev_is_powered(hdev)) {
bdb6d971 2806 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
04124681 2807 MGMT_STATUS_NOT_POWERED);
5f97c1df
JH		 2808 goto unlock;
2809 }
2810
28424707
JH		 2811 cmd = mgmt_pending_find(MGMT_OP_PAIR_DEVICE, hdev);
2812 if (!cmd) {
bdb6d971 2813 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
04124681 2814 MGMT_STATUS_INVALID_PARAMS);
28424707
JH		 2815 goto unlock;
2816 }
2817
2818 conn = cmd->user_data;
2819
2820 if (bacmp(&addr->bdaddr, &conn->dst) != 0) {
bdb6d971 2821 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
04124681 2822 MGMT_STATUS_INVALID_PARAMS);
28424707
JH		 2823 goto unlock;
2824 }
2825
2826 pairing_complete(cmd, MGMT_STATUS_CANCELLED);
2827
bdb6d971 2828 err = cmd_complete(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE, 0,
04124681 2829 addr, sizeof(*addr));
28424707
JH		 2830unlock:
2831 hci_dev_unlock(hdev);
28424707
JH		 2832 return err;
2833}
2834
bdb6d971 2835static int user_pairing_resp(struct sock *sk, struct hci_dev *hdev,
1707c60e 2836 struct mgmt_addr_info *addr, u16 mgmt_op,
04124681 2837 u16 hci_op, __le32 passkey)
a5c29683 2838{
a5c29683 2839 struct pending_cmd *cmd;
0df4c185 2840 struct hci_conn *conn;
a5c29683
JH		 2841 int err;
2842
09fd0de5 2843 hci_dev_lock(hdev);
08ba5382 2844
4b34ee78 2845 if (!hdev_is_powered(hdev)) {
feb94d3d
JH		 2846 err = cmd_complete(sk, hdev->id, mgmt_op,
2847 MGMT_STATUS_NOT_POWERED, addr,
2848 sizeof(*addr));
0df4c185 2849 goto done;
a5c29683
JH		 2850 }
2851
1707c60e
JH		 2852 if (addr->type == BDADDR_BREDR)
2853 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &addr->bdaddr);
272d90df 2854 else
1707c60e 2855 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &addr->bdaddr);
272d90df
JH		 2856
2857 if (!conn) {
feb94d3d
JH		 2858 err = cmd_complete(sk, hdev->id, mgmt_op,
2859 MGMT_STATUS_NOT_CONNECTED, addr,
2860 sizeof(*addr));
272d90df
JH		 2861 goto done;
2862 }
47c15e2b 2863
1707c60e 2864 if (addr->type == BDADDR_LE_PUBLIC || addr->type == BDADDR_LE_RANDOM) {
47c15e2b 2865 /* Continue with pairing via SMP */
5fe57d9e
BG		 2866 err = smp_user_confirm_reply(conn, mgmt_op, passkey);
2867
2868 if (!err)
feb94d3d
JH		 2869 err = cmd_complete(sk, hdev->id, mgmt_op,
2870 MGMT_STATUS_SUCCESS, addr,
2871 sizeof(*addr));
5fe57d9e 2872 else
feb94d3d
JH		 2873 err = cmd_complete(sk, hdev->id, mgmt_op,
2874 MGMT_STATUS_FAILED, addr,
2875 sizeof(*addr));
47c15e2b 2876
47c15e2b
BG		 2877 goto done;
2878 }
2879
1707c60e 2880 cmd = mgmt_pending_add(sk, mgmt_op, hdev, addr, sizeof(*addr));
a5c29683
JH		 2881 if (!cmd) {
2882 err = -ENOMEM;
0df4c185 2883 goto done;
a5c29683
JH		 2884 }
2885
0df4c185 2886 /* Continue with pairing via HCI */
604086b7
BG		 2887 if (hci_op == HCI_OP_USER_PASSKEY_REPLY) {
2888 struct hci_cp_user_passkey_reply cp;
2889
1707c60e 2890 bacpy(&cp.bdaddr, &addr->bdaddr);
604086b7
BG		 2891 cp.passkey = passkey;
2892 err = hci_send_cmd(hdev, hci_op, sizeof(cp), &cp);
2893 } else
1707c60e
JH		 2894 err = hci_send_cmd(hdev, hci_op, sizeof(addr->bdaddr),
2895 &addr->bdaddr);
604086b7 2896
a664b5bc
JH		 2897 if (err < 0)
2898 mgmt_pending_remove(cmd);
a5c29683 2899
0df4c185 2900done:
09fd0de5 2901 hci_dev_unlock(hdev);
a5c29683
JH		 2902 return err;
2903}
2904
afeb019d
JK		 2905static int pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
2906 void *data, u16 len)
2907{
2908 struct mgmt_cp_pin_code_neg_reply *cp = data;
2909
2910 BT_DBG("");
2911
1707c60e 2912 return user_pairing_resp(sk, hdev, &cp->addr,
afeb019d
JK		 2913 MGMT_OP_PIN_CODE_NEG_REPLY,
2914 HCI_OP_PIN_CODE_NEG_REPLY, 0);
2915}
2916
04124681
GP		 2917static int user_confirm_reply(struct sock *sk, struct hci_dev *hdev, void *data,
2918 u16 len)
0df4c185 2919{
650f726d 2920 struct mgmt_cp_user_confirm_reply *cp = data;
0df4c185
BG		 2921
2922 BT_DBG("");
2923
2924 if (len != sizeof(*cp))
bdb6d971 2925 return cmd_status(sk, hdev->id, MGMT_OP_USER_CONFIRM_REPLY,
04124681 2926 MGMT_STATUS_INVALID_PARAMS);
0df4c185 2927
1707c60e 2928 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 2929 MGMT_OP_USER_CONFIRM_REPLY,
2930 HCI_OP_USER_CONFIRM_REPLY, 0);
0df4c185
BG		 2931}
2932
bdb6d971 2933static int user_confirm_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 2934 void *data, u16 len)
0df4c185 2935{
c9c2659f 2936 struct mgmt_cp_user_confirm_neg_reply *cp = data;
0df4c185
BG		 2937
2938 BT_DBG("");
2939
1707c60e 2940 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 2941 MGMT_OP_USER_CONFIRM_NEG_REPLY,
2942 HCI_OP_USER_CONFIRM_NEG_REPLY, 0);
0df4c185
BG		 2943}
2944
04124681
GP		 2945static int user_passkey_reply(struct sock *sk, struct hci_dev *hdev, void *data,
2946 u16 len)
604086b7 2947{
650f726d 2948 struct mgmt_cp_user_passkey_reply *cp = data;
604086b7
BG		 2949
2950 BT_DBG("");
2951
1707c60e 2952 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 2953 MGMT_OP_USER_PASSKEY_REPLY,
2954 HCI_OP_USER_PASSKEY_REPLY, cp->passkey);
604086b7
BG		 2955}
2956
bdb6d971 2957static int user_passkey_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 2958 void *data, u16 len)
604086b7 2959{
650f726d 2960 struct mgmt_cp_user_passkey_neg_reply *cp = data;
604086b7
BG		 2961
2962 BT_DBG("");
2963
1707c60e 2964 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 2965 MGMT_OP_USER_PASSKEY_NEG_REPLY,
2966 HCI_OP_USER_PASSKEY_NEG_REPLY, 0);
604086b7
BG		 2967}
2968
13928971 2969static void update_name(struct hci_request *req)
2b4bf397 2970{
13928971 2971 struct hci_dev *hdev = req->hdev;
2b4bf397
JH		 2972 struct hci_cp_write_local_name cp;
2973
13928971 2974 memcpy(cp.name, hdev->dev_name, sizeof(cp.name));
2b4bf397 2975
890ea898 2976 hci_req_add(req, HCI_OP_WRITE_LOCAL_NAME, sizeof(cp), &cp);
2b4bf397
JH		 2977}
2978
13928971
JH		 2979static void set_name_complete(struct hci_dev *hdev, u8 status)
2980{
2981 struct mgmt_cp_set_local_name *cp;
2982 struct pending_cmd *cmd;
2983
2984 BT_DBG("status 0x%02x", status);
2985
2986 hci_dev_lock(hdev);
2987
2988 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
2989 if (!cmd)
2990 goto unlock;
2991
2992 cp = cmd->param;
2993
2994 if (status)
2995 cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME,
2996 mgmt_status(status));
2997 else
2998 cmd_complete(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
2999 cp, sizeof(*cp));
3000
3001 mgmt_pending_remove(cmd);
3002
3003unlock:
3004 hci_dev_unlock(hdev);
3005}
3006
bdb6d971 3007static int set_local_name(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3008 u16 len)
b312b161 3009{
2b4bf397 3010 struct mgmt_cp_set_local_name *cp = data;
b312b161 3011 struct pending_cmd *cmd;
890ea898 3012 struct hci_request req;
b312b161
JH		 3013 int err;
3014
3015 BT_DBG("");
3016
09fd0de5 3017 hci_dev_lock(hdev);
b312b161 3018
b3f2ca94
JH		 3019 /* If the old values are the same as the new ones just return a
3020 * direct command complete event.
3021 */
3022 if (!memcmp(hdev->dev_name, cp->name, sizeof(hdev->dev_name)) &&
3023 !memcmp(hdev->short_name, cp->short_name,
3024 sizeof(hdev->short_name))) {
3025 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3026 data, len);
3027 goto failed;
3028 }
3029
2b4bf397 3030 memcpy(hdev->short_name, cp->short_name, sizeof(hdev->short_name));
28cc7bde 3031
b5235a65 3032 if (!hdev_is_powered(hdev)) {
2b4bf397 3033 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
28cc7bde
JH		 3034
3035 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
04124681 3036 data, len);
28cc7bde
JH		 3037 if (err < 0)
3038 goto failed;
3039
3040 err = mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, data, len,
04124681 3041 sk);
28cc7bde 3042
b5235a65
JH		 3043 goto failed;
3044 }
3045
28cc7bde 3046 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LOCAL_NAME, hdev, data, len);
b312b161
JH		 3047 if (!cmd) {
3048 err = -ENOMEM;
3049 goto failed;
3050 }
3051
13928971
JH		 3052 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
3053
890ea898 3054 hci_req_init(&req, hdev);
3f985050
JH		 3055
3056 if (lmp_bredr_capable(hdev)) {
3057 update_name(&req);
3058 update_eir(&req);
3059 }
3060
7a5f4990
MH		 3061 /* The name is stored in the scan response data and so
3062 * no need to udpate the advertising data here.
3063 */
3f985050 3064 if (lmp_le_capable(hdev))
7a5f4990 3065 update_scan_rsp_data(&req);
3f985050 3066
13928971 3067 err = hci_req_run(&req, set_name_complete);
b312b161
JH		 3068 if (err < 0)
3069 mgmt_pending_remove(cmd);
3070
3071failed:
09fd0de5 3072 hci_dev_unlock(hdev);
b312b161
JH		 3073 return err;
3074}
3075
0f4e68cf 3076static int read_local_oob_data(struct sock *sk, struct hci_dev *hdev,
04124681 3077 void *data, u16 data_len)
c35938b2 3078{
c35938b2
SJ		 3079 struct pending_cmd *cmd;
3080 int err;
3081
bdb6d971 3082 BT_DBG("%s", hdev->name);
c35938b2 3083
09fd0de5 3084 hci_dev_lock(hdev);
c35938b2 3085
4b34ee78 3086 if (!hdev_is_powered(hdev)) {
bdb6d971 3087 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
04124681 3088 MGMT_STATUS_NOT_POWERED);
c35938b2
SJ		 3089 goto unlock;
3090 }
3091
9a1a1996 3092 if (!lmp_ssp_capable(hdev)) {
bdb6d971 3093 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
04124681 3094 MGMT_STATUS_NOT_SUPPORTED);
c35938b2
SJ		 3095 goto unlock;
3096 }
3097
2e58ef3e 3098 if (mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev)) {
bdb6d971 3099 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
04124681 3100 MGMT_STATUS_BUSY);
c35938b2
SJ		 3101 goto unlock;
3102 }
3103
2e58ef3e 3104 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_DATA, hdev, NULL, 0);
c35938b2
SJ		 3105 if (!cmd) {
3106 err = -ENOMEM;
3107 goto unlock;
3108 }
3109
4d2d2796
MH		 3110 if (test_bit(HCI_SC_ENABLED, &hdev->dev_flags))
3111 err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_EXT_DATA,
3112 0, NULL);
3113 else
3114 err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL);
3115
c35938b2
SJ		 3116 if (err < 0)
3117 mgmt_pending_remove(cmd);
3118
3119unlock:
09fd0de5 3120 hci_dev_unlock(hdev);
c35938b2
SJ		 3121 return err;
3122}
3123
bdb6d971 3124static int add_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
04124681 3125 void *data, u16 len)
2763eda6 3126{
2763eda6
SJ		 3127 int err;
3128
bdb6d971 3129 BT_DBG("%s ", hdev->name);
2763eda6 3130
09fd0de5 3131 hci_dev_lock(hdev);
2763eda6 3132
ec109113
MH		 3133 if (len == MGMT_ADD_REMOTE_OOB_DATA_SIZE) {
3134 struct mgmt_cp_add_remote_oob_data *cp = data;
3135 u8 status;
bf1e3541 3136
ec109113
MH		 3137 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr,
3138 cp->hash, cp->randomizer);
3139 if (err < 0)
3140 status = MGMT_STATUS_FAILED;
3141 else
3142 status = MGMT_STATUS_SUCCESS;
3143
3144 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA,
3145 status, &cp->addr, sizeof(cp->addr));
3146 } else if (len == MGMT_ADD_REMOTE_OOB_EXT_DATA_SIZE) {
3147 struct mgmt_cp_add_remote_oob_ext_data *cp = data;
3148 u8 status;
3149
3150 err = hci_add_remote_oob_ext_data(hdev, &cp->addr.bdaddr,
3151 cp->hash192,
3152 cp->randomizer192,
3153 cp->hash256,
3154 cp->randomizer256);
3155 if (err < 0)
3156 status = MGMT_STATUS_FAILED;
3157 else
3158 status = MGMT_STATUS_SUCCESS;
3159
3160 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA,
3161 status, &cp->addr, sizeof(cp->addr));
3162 } else {
3163 BT_ERR("add_remote_oob_data: invalid length of %u bytes", len);
3164 err = cmd_status(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA,
3165 MGMT_STATUS_INVALID_PARAMS);
3166 }
2763eda6 3167
09fd0de5 3168 hci_dev_unlock(hdev);
2763eda6
SJ		 3169 return err;
3170}
3171
bdb6d971 3172static int remove_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
8ce8e2b5 3173 void *data, u16 len)
2763eda6 3174{
650f726d 3175 struct mgmt_cp_remove_remote_oob_data *cp = data;
bf1e3541 3176 u8 status;
2763eda6
SJ		 3177 int err;
3178
bdb6d971 3179 BT_DBG("%s", hdev->name);
2763eda6 3180
09fd0de5 3181 hci_dev_lock(hdev);
2763eda6 3182
664ce4cc 3183 err = hci_remove_remote_oob_data(hdev, &cp->addr.bdaddr);
2763eda6 3184 if (err < 0)
bf1e3541 3185 status = MGMT_STATUS_INVALID_PARAMS;
2763eda6 3186 else
a6785be2 3187 status = MGMT_STATUS_SUCCESS;
bf1e3541 3188
bdb6d971 3189 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
04124681 3190 status, &cp->addr, sizeof(cp->addr));
2763eda6 3191
09fd0de5 3192 hci_dev_unlock(hdev);
2763eda6
SJ		 3193 return err;
3194}
3195
41dc2bd6
AG		 3196static int mgmt_start_discovery_failed(struct hci_dev *hdev, u8 status)
3197{
3198 struct pending_cmd *cmd;
3199 u8 type;
3200 int err;
3201
3202 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
3203
3204 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
3205 if (!cmd)
3206 return -ENOENT;
3207
3208 type = hdev->discovery.type;
3209
3210 err = cmd_complete(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status),
3211 &type, sizeof(type));
3212 mgmt_pending_remove(cmd);
3213
3214 return err;
3215}
3216
7c307720
AG		 3217static void start_discovery_complete(struct hci_dev *hdev, u8 status)
3218{
3219 BT_DBG("status %d", status);
3220
3221 if (status) {
3222 hci_dev_lock(hdev);
3223 mgmt_start_discovery_failed(hdev, status);
3224 hci_dev_unlock(hdev);
3225 return;
3226 }
3227
3228 hci_dev_lock(hdev);
3229 hci_discovery_set_state(hdev, DISCOVERY_FINDING);
3230 hci_dev_unlock(hdev);
3231
3232 switch (hdev->discovery.type) {
3233 case DISCOV_TYPE_LE:
3234 queue_delayed_work(hdev->workqueue, &hdev->le_scan_disable,
0d8cc935 3235 DISCOV_LE_TIMEOUT);
7c307720
AG		 3236 break;
3237
3238 case DISCOV_TYPE_INTERLEAVED:
3239 queue_delayed_work(hdev->workqueue, &hdev->le_scan_disable,
0d8cc935 3240 DISCOV_INTERLEAVED_TIMEOUT);
7c307720
AG		 3241 break;
3242
3243 case DISCOV_TYPE_BREDR:
3244 break;
3245
3246 default:
3247 BT_ERR("Invalid discovery type %d", hdev->discovery.type);
3248 }
3249}
3250
bdb6d971 3251static int start_discovery(struct sock *sk, struct hci_dev *hdev,
04124681 3252 void *data, u16 len)
14a53664 3253{
650f726d 3254 struct mgmt_cp_start_discovery *cp = data;
14a53664 3255 struct pending_cmd *cmd;
7c307720
AG		 3256 struct hci_cp_le_set_scan_param param_cp;
3257 struct hci_cp_le_set_scan_enable enable_cp;
3258 struct hci_cp_inquiry inq_cp;
3259 struct hci_request req;
3260 /* General inquiry access code (GIAC) */
3261 u8 lap[3] = { 0x33, 0x8b, 0x9e };
e6fe7986 3262 u8 status;
14a53664
JH		 3263 int err;
3264
bdb6d971 3265 BT_DBG("%s", hdev->name);
14a53664 3266
09fd0de5 3267 hci_dev_lock(hdev);
14a53664 3268
4b34ee78 3269 if (!hdev_is_powered(hdev)) {
bdb6d971 3270 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
04124681 3271 MGMT_STATUS_NOT_POWERED);
bd2d1334
JH		 3272 goto failed;
3273 }
3274
642be6c7
AG		 3275 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags)) {
3276 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3277 MGMT_STATUS_BUSY);
3278 goto failed;
3279 }
3280
ff9ef578 3281 if (hdev->discovery.state != DISCOVERY_STOPPED) {
bdb6d971 3282 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
04124681 3283 MGMT_STATUS_BUSY);
ff9ef578
JH		 3284 goto failed;
3285 }
3286
2e58ef3e 3287 cmd = mgmt_pending_add(sk, MGMT_OP_START_DISCOVERY, hdev, NULL, 0);
14a53664
JH		 3288 if (!cmd) {
3289 err = -ENOMEM;
3290 goto failed;
3291 }
3292
4aab14e5
AG		 3293 hdev->discovery.type = cp->type;
3294
7c307720
AG		 3295 hci_req_init(&req, hdev);
3296
4aab14e5 3297 switch (hdev->discovery.type) {
f39799f5 3298 case DISCOV_TYPE_BREDR:
e6fe7986
JH		 3299 status = mgmt_bredr_support(hdev);
3300 if (status) {
04106755 3301 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
e6fe7986 3302 status);
04106755
JH		 3303 mgmt_pending_remove(cmd);
3304 goto failed;
3305 }
3306
7c307720
AG		 3307 if (test_bit(HCI_INQUIRY, &hdev->flags)) {
3308 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3309 MGMT_STATUS_BUSY);
3310 mgmt_pending_remove(cmd);
3311 goto failed;
3312 }
3313
3314 hci_inquiry_cache_flush(hdev);
3315
3316 memset(&inq_cp, 0, sizeof(inq_cp));
3317 memcpy(&inq_cp.lap, lap, sizeof(inq_cp.lap));
0d8cc935 3318 inq_cp.length = DISCOV_BREDR_INQUIRY_LEN;
7c307720 3319 hci_req_add(&req, HCI_OP_INQUIRY, sizeof(inq_cp), &inq_cp);
f39799f5
AG		 3320 break;
3321
3322 case DISCOV_TYPE_LE:
7c307720 3323 case DISCOV_TYPE_INTERLEAVED:
e6fe7986
JH		 3324 status = mgmt_le_support(hdev);
3325 if (status) {
04106755 3326 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
e6fe7986 3327 status);
04106755
JH		 3328 mgmt_pending_remove(cmd);
3329 goto failed;
3330 }
3331
7c307720 3332 if (hdev->discovery.type == DISCOV_TYPE_INTERLEAVED &&
56f87901 3333 !test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
04106755
JH		 3334 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3335 MGMT_STATUS_NOT_SUPPORTED);
3336 mgmt_pending_remove(cmd);
3337 goto failed;
3338 }
3339
f3d3444a 3340 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags)) {
7c307720
AG		 3341 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3342 MGMT_STATUS_REJECTED);
3343 mgmt_pending_remove(cmd);
3344 goto failed;
3345 }
3346
3347 if (test_bit(HCI_LE_SCAN, &hdev->dev_flags)) {
3348 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3349 MGMT_STATUS_BUSY);
3350 mgmt_pending_remove(cmd);
3351 goto failed;
3352 }
3353
3354 memset(&param_cp, 0, sizeof(param_cp));
3355 param_cp.type = LE_SCAN_ACTIVE;
0d8cc935
AG		 3356 param_cp.interval = cpu_to_le16(DISCOV_LE_SCAN_INT);
3357 param_cp.window = cpu_to_le16(DISCOV_LE_SCAN_WIN);
79830f66 3358 param_cp.own_address_type = hdev->own_addr_type;
7c307720
AG		 3359 hci_req_add(&req, HCI_OP_LE_SET_SCAN_PARAM, sizeof(param_cp),
3360 &param_cp);
3361
3362 memset(&enable_cp, 0, sizeof(enable_cp));
3363 enable_cp.enable = LE_SCAN_ENABLE;
3364 enable_cp.filter_dup = LE_SCAN_FILTER_DUP_ENABLE;
3365 hci_req_add(&req, HCI_OP_LE_SET_SCAN_ENABLE, sizeof(enable_cp),
3366 &enable_cp);
5e0452c0
AG		 3367 break;
3368
f39799f5 3369 default:
04106755
JH		 3370 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3371 MGMT_STATUS_INVALID_PARAMS);
3372 mgmt_pending_remove(cmd);
3373 goto failed;
f39799f5 3374 }
3fd24153 3375
7c307720 3376 err = hci_req_run(&req, start_discovery_complete);
14a53664
JH		 3377 if (err < 0)
3378 mgmt_pending_remove(cmd);
ff9ef578
JH		 3379 else
3380 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
14a53664
JH		 3381
3382failed:
09fd0de5 3383 hci_dev_unlock(hdev);
14a53664
JH		 3384 return err;
3385}
3386
1183fdca
AG		 3387static int mgmt_stop_discovery_failed(struct hci_dev *hdev, u8 status)
3388{
3389 struct pending_cmd *cmd;
3390 int err;
3391
3392 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
3393 if (!cmd)
3394 return -ENOENT;
3395
3396 err = cmd_complete(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status),
3397 &hdev->discovery.type, sizeof(hdev->discovery.type));
3398 mgmt_pending_remove(cmd);
3399
3400 return err;
3401}
3402
0e05bba6
AG		 3403static void stop_discovery_complete(struct hci_dev *hdev, u8 status)
3404{
3405 BT_DBG("status %d", status);
3406
3407 hci_dev_lock(hdev);
3408
3409 if (status) {
3410 mgmt_stop_discovery_failed(hdev, status);
3411 goto unlock;
3412 }
3413
3414 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
3415
3416unlock:
3417 hci_dev_unlock(hdev);
3418}
3419
bdb6d971 3420static int stop_discovery(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3421 u16 len)
14a53664 3422{
d930650b 3423 struct mgmt_cp_stop_discovery *mgmt_cp = data;
14a53664 3424 struct pending_cmd *cmd;
30dc78e1
JH		 3425 struct hci_cp_remote_name_req_cancel cp;
3426 struct inquiry_entry *e;
0e05bba6
AG		 3427 struct hci_request req;
3428 struct hci_cp_le_set_scan_enable enable_cp;
14a53664
JH		 3429 int err;
3430
bdb6d971 3431 BT_DBG("%s", hdev->name);
14a53664 3432
09fd0de5 3433 hci_dev_lock(hdev);
14a53664 3434
30dc78e1 3435 if (!hci_discovery_active(hdev)) {
bdb6d971 3436 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
04124681
GP		 3437 MGMT_STATUS_REJECTED, &mgmt_cp->type,
3438 sizeof(mgmt_cp->type));
d930650b
JH		 3439 goto unlock;
3440 }
3441
3442 if (hdev->discovery.type != mgmt_cp->type) {
bdb6d971 3443 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
04124681
GP		 3444 MGMT_STATUS_INVALID_PARAMS, &mgmt_cp->type,
3445 sizeof(mgmt_cp->type));
30dc78e1 3446 goto unlock;
ff9ef578
JH		 3447 }
3448
2e58ef3e 3449 cmd = mgmt_pending_add(sk, MGMT_OP_STOP_DISCOVERY, hdev, NULL, 0);
14a53664
JH		 3450 if (!cmd) {
3451 err = -ENOMEM;
30dc78e1
JH		 3452 goto unlock;
3453 }
3454
0e05bba6
AG		 3455 hci_req_init(&req, hdev);
3456
e0d9727e
AG		 3457 switch (hdev->discovery.state) {
3458 case DISCOVERY_FINDING:
0e05bba6
AG		 3459 if (test_bit(HCI_INQUIRY, &hdev->flags)) {
3460 hci_req_add(&req, HCI_OP_INQUIRY_CANCEL, 0, NULL);
3461 } else {
3462 cancel_delayed_work(&hdev->le_scan_disable);
3463
3464 memset(&enable_cp, 0, sizeof(enable_cp));
3465 enable_cp.enable = LE_SCAN_DISABLE;
3466 hci_req_add(&req, HCI_OP_LE_SET_SCAN_ENABLE,
3467 sizeof(enable_cp), &enable_cp);
3468 }
c9ecc48e 3469
e0d9727e
AG		 3470 break;
3471
3472 case DISCOVERY_RESOLVING:
3473 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY,
8ce8e2b5 3474 NAME_PENDING);
e0d9727e 3475 if (!e) {
30dc78e1 3476 mgmt_pending_remove(cmd);
e0d9727e
AG		 3477 err = cmd_complete(sk, hdev->id,
3478 MGMT_OP_STOP_DISCOVERY, 0,
3479 &mgmt_cp->type,
3480 sizeof(mgmt_cp->type));
3481 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
3482 goto unlock;
3483 }
30dc78e1 3484
e0d9727e 3485 bacpy(&cp.bdaddr, &e->data.bdaddr);
0e05bba6
AG		 3486 hci_req_add(&req, HCI_OP_REMOTE_NAME_REQ_CANCEL, sizeof(cp),
3487 &cp);
e0d9727e
AG		 3488
3489 break;
3490
3491 default:
3492 BT_DBG("unknown discovery state %u", hdev->discovery.state);
0e05bba6
AG		 3493
3494 mgmt_pending_remove(cmd);
3495 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
3496 MGMT_STATUS_FAILED, &mgmt_cp->type,
3497 sizeof(mgmt_cp->type));
3498 goto unlock;
14a53664
JH		 3499 }
3500
0e05bba6 3501 err = hci_req_run(&req, stop_discovery_complete);
14a53664
JH		 3502 if (err < 0)
3503 mgmt_pending_remove(cmd);
ff9ef578
JH		 3504 else
3505 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
14a53664 3506
30dc78e1 3507unlock:
09fd0de5 3508 hci_dev_unlock(hdev);
14a53664
JH		 3509 return err;
3510}
3511
bdb6d971 3512static int confirm_name(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3513 u16 len)
561aafbc 3514{
650f726d 3515 struct mgmt_cp_confirm_name *cp = data;
561aafbc 3516 struct inquiry_entry *e;
561aafbc
JH		 3517 int err;
3518
bdb6d971 3519 BT_DBG("%s", hdev->name);
561aafbc 3520
561aafbc
JH		 3521 hci_dev_lock(hdev);
3522
30dc78e1 3523 if (!hci_discovery_active(hdev)) {
bdb6d971 3524 err = cmd_status(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
04124681 3525 MGMT_STATUS_FAILED);
30dc78e1
JH		 3526 goto failed;
3527 }
3528
a198e7b1 3529 e = hci_inquiry_cache_lookup_unknown(hdev, &cp->addr.bdaddr);
561aafbc 3530 if (!e) {
bdb6d971 3531 err = cmd_status(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
04124681 3532 MGMT_STATUS_INVALID_PARAMS);
561aafbc
JH		 3533 goto failed;
3534 }
3535
3536 if (cp->name_known) {
3537 e->name_state = NAME_KNOWN;
3538 list_del(&e->list);
3539 } else {
3540 e->name_state = NAME_NEEDED;
a3d4e20a 3541 hci_inquiry_cache_update_resolve(hdev, e);
561aafbc
JH		 3542 }
3543
e384662b
JH		 3544 err = cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME, 0, &cp->addr,
3545 sizeof(cp->addr));
561aafbc
JH		 3546
3547failed:
3548 hci_dev_unlock(hdev);
561aafbc
JH		 3549 return err;
3550}
3551
bdb6d971 3552static int block_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3553 u16 len)
7fbec224 3554{
650f726d 3555 struct mgmt_cp_block_device *cp = data;
f0eeea8b 3556 u8 status;
7fbec224
AJ		 3557 int err;
3558
bdb6d971 3559 BT_DBG("%s", hdev->name);
7fbec224 3560
4ee71b20 3561 if (!bdaddr_type_is_valid(cp->addr.type))
5d0846d4
JH		 3562 return cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE,
3563 MGMT_STATUS_INVALID_PARAMS,
3564 &cp->addr, sizeof(cp->addr));
4ee71b20 3565
09fd0de5 3566 hci_dev_lock(hdev);
5e762444 3567
88c1fe4b 3568 err = hci_blacklist_add(hdev, &cp->addr.bdaddr, cp->addr.type);
7fbec224 3569 if (err < 0)
f0eeea8b 3570 status = MGMT_STATUS_FAILED;
7fbec224 3571 else
a6785be2 3572 status = MGMT_STATUS_SUCCESS;
f0eeea8b 3573
bdb6d971 3574 err = cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE, status,
04124681 3575 &cp->addr, sizeof(cp->addr));
5e762444 3576
09fd0de5 3577 hci_dev_unlock(hdev);
7fbec224
AJ		 3578
3579 return err;
3580}
3581
bdb6d971 3582static int unblock_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3583 u16 len)
7fbec224 3584{
650f726d 3585 struct mgmt_cp_unblock_device *cp = data;
f0eeea8b 3586 u8 status;
7fbec224
AJ		 3587 int err;
3588
bdb6d971 3589 BT_DBG("%s", hdev->name);
7fbec224 3590
4ee71b20 3591 if (!bdaddr_type_is_valid(cp->addr.type))
5d0846d4
JH		 3592 return cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE,
3593 MGMT_STATUS_INVALID_PARAMS,
3594 &cp->addr, sizeof(cp->addr));
4ee71b20 3595
09fd0de5 3596 hci_dev_lock(hdev);
5e762444 3597
88c1fe4b 3598 err = hci_blacklist_del(hdev, &cp->addr.bdaddr, cp->addr.type);
7fbec224 3599 if (err < 0)
f0eeea8b 3600 status = MGMT_STATUS_INVALID_PARAMS;
7fbec224 3601 else
a6785be2 3602 status = MGMT_STATUS_SUCCESS;
f0eeea8b 3603
bdb6d971 3604 err = cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE, status,
04124681 3605 &cp->addr, sizeof(cp->addr));
5e762444 3606
09fd0de5 3607 hci_dev_unlock(hdev);
7fbec224
AJ		 3608
3609 return err;
3610}
3611
cdbaccca
MH		 3612static int set_device_id(struct sock *sk, struct hci_dev *hdev, void *data,
3613 u16 len)
3614{
3615 struct mgmt_cp_set_device_id *cp = data;
890ea898 3616 struct hci_request req;
cdbaccca 3617 int err;
c72d4b8a 3618 __u16 source;
cdbaccca
MH		 3619
3620 BT_DBG("%s", hdev->name);
3621
c72d4b8a
SJ		 3622 source = __le16_to_cpu(cp->source);
3623
3624 if (source > 0x0002)
3625 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEVICE_ID,
3626 MGMT_STATUS_INVALID_PARAMS);
3627
cdbaccca
MH		 3628 hci_dev_lock(hdev);
3629
c72d4b8a 3630 hdev->devid_source = source;
cdbaccca
MH		 3631 hdev->devid_vendor = __le16_to_cpu(cp->vendor);
3632 hdev->devid_product = __le16_to_cpu(cp->product);
3633 hdev->devid_version = __le16_to_cpu(cp->version);
3634
3635 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEVICE_ID, 0, NULL, 0);
3636
890ea898
JH		 3637 hci_req_init(&req, hdev);
3638 update_eir(&req);
3639 hci_req_run(&req, NULL);
cdbaccca
MH		 3640
3641 hci_dev_unlock(hdev);
3642
3643 return err;
3644}
3645
4375f103
JH		 3646static void set_advertising_complete(struct hci_dev *hdev, u8 status)
3647{
3648 struct cmd_lookup match = { NULL, hdev };
3649
3650 if (status) {
3651 u8 mgmt_err = mgmt_status(status);
3652
3653 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev,
3654 cmd_status_rsp, &mgmt_err);
3655 return;
3656 }
3657
3658 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev, settings_rsp,
3659 &match);
3660
3661 new_settings(hdev, match.sk);
3662
3663 if (match.sk)
3664 sock_put(match.sk);
3665}
3666
21b5187f
MH		 3667static int set_advertising(struct sock *sk, struct hci_dev *hdev, void *data,
3668 u16 len)
4375f103
JH		 3669{
3670 struct mgmt_mode *cp = data;
3671 struct pending_cmd *cmd;
3672 struct hci_request req;
e6fe7986 3673 u8 val, enabled, status;
4375f103
JH		 3674 int err;
3675
3676 BT_DBG("request for %s", hdev->name);
3677
e6fe7986
JH		 3678 status = mgmt_le_support(hdev);
3679 if (status)
4375f103 3680 return cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
e6fe7986 3681 status);
4375f103
JH		 3682
3683 if (cp->val != 0x00 && cp->val != 0x01)
3684 return cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
3685 MGMT_STATUS_INVALID_PARAMS);
3686
3687 hci_dev_lock(hdev);
3688
3689 val = !!cp->val;
f3d3444a 3690 enabled = test_bit(HCI_ADVERTISING, &hdev->dev_flags);
4375f103 3691
f74ca9b8
JH		 3692 /* The following conditions are ones which mean that we should
3693 * not do any HCI communication but directly send a mgmt
3694 * response to user space (after toggling the flag if
3695 * necessary).
3696 */
3697 if (!hdev_is_powered(hdev) || val == enabled ||
b145edcd 3698 hci_conn_num(hdev, LE_LINK) > 0) {
4375f103
JH		 3699 bool changed = false;
3700
f3d3444a
JH		 3701 if (val != test_bit(HCI_ADVERTISING, &hdev->dev_flags)) {
3702 change_bit(HCI_ADVERTISING, &hdev->dev_flags);
4375f103
JH		 3703 changed = true;
3704 }
3705
3706 err = send_settings_rsp(sk, MGMT_OP_SET_ADVERTISING, hdev);
3707 if (err < 0)
3708 goto unlock;
3709
3710 if (changed)
3711 err = new_settings(hdev, sk);
3712
3713 goto unlock;
3714 }
3715
3716 if (mgmt_pending_find(MGMT_OP_SET_ADVERTISING, hdev) ||
3717 mgmt_pending_find(MGMT_OP_SET_LE, hdev)) {
3718 err = cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
3719 MGMT_STATUS_BUSY);
3720 goto unlock;
3721 }
3722
3723 cmd = mgmt_pending_add(sk, MGMT_OP_SET_ADVERTISING, hdev, data, len);
3724 if (!cmd) {
3725 err = -ENOMEM;
3726 goto unlock;
3727 }
3728
3729 hci_req_init(&req, hdev);
3730
bba3aa55
MH		 3731 if (val)
3732 enable_advertising(&req);
3733 else
3734 disable_advertising(&req);
4375f103
JH		 3735
3736 err = hci_req_run(&req, set_advertising_complete);
3737 if (err < 0)
3738 mgmt_pending_remove(cmd);
3739
3740unlock:
3741 hci_dev_unlock(hdev);
3742 return err;
3743}
3744
d13eafce
MH		 3745static int set_static_address(struct sock *sk, struct hci_dev *hdev,
3746 void *data, u16 len)
3747{
3748 struct mgmt_cp_set_static_address *cp = data;
3749 int err;
3750
3751 BT_DBG("%s", hdev->name);
3752
62af4443 3753 if (!lmp_le_capable(hdev))
d13eafce 3754 return cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
62af4443 3755 MGMT_STATUS_NOT_SUPPORTED);
d13eafce
MH		 3756
3757 if (hdev_is_powered(hdev))
3758 return cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
3759 MGMT_STATUS_REJECTED);
3760
3761 if (bacmp(&cp->bdaddr, BDADDR_ANY)) {
3762 if (!bacmp(&cp->bdaddr, BDADDR_NONE))
3763 return cmd_status(sk, hdev->id,
3764 MGMT_OP_SET_STATIC_ADDRESS,
3765 MGMT_STATUS_INVALID_PARAMS);
3766
3767 /* Two most significant bits shall be set */
3768 if ((cp->bdaddr.b[5] & 0xc0) != 0xc0)
3769 return cmd_status(sk, hdev->id,
3770 MGMT_OP_SET_STATIC_ADDRESS,
3771 MGMT_STATUS_INVALID_PARAMS);
3772 }
3773
3774 hci_dev_lock(hdev);
3775
3776 bacpy(&hdev->static_addr, &cp->bdaddr);
3777
3778 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS, 0, NULL, 0);
3779
3780 hci_dev_unlock(hdev);
3781
3782 return err;
3783}
3784
14b49b9a
MH		 3785static int set_scan_params(struct sock *sk, struct hci_dev *hdev,
3786 void *data, u16 len)
3787{
3788 struct mgmt_cp_set_scan_params *cp = data;
3789 __u16 interval, window;
3790 int err;
3791
3792 BT_DBG("%s", hdev->name);
3793
3794 if (!lmp_le_capable(hdev))
3795 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
3796 MGMT_STATUS_NOT_SUPPORTED);
3797
3798 interval = __le16_to_cpu(cp->interval);
3799
3800 if (interval < 0x0004 || interval > 0x4000)
3801 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
3802 MGMT_STATUS_INVALID_PARAMS);
3803
3804 window = __le16_to_cpu(cp->window);
3805
3806 if (window < 0x0004 || window > 0x4000)
3807 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
3808 MGMT_STATUS_INVALID_PARAMS);
3809
899e1075
MH		 3810 if (window > interval)
3811 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
3812 MGMT_STATUS_INVALID_PARAMS);
3813
14b49b9a
MH		 3814 hci_dev_lock(hdev);
3815
3816 hdev->le_scan_interval = interval;
3817 hdev->le_scan_window = window;
3818
3819 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS, 0, NULL, 0);
3820
3821 hci_dev_unlock(hdev);
3822
3823 return err;
3824}
3825
33e38b3e
JH		 3826static void fast_connectable_complete(struct hci_dev *hdev, u8 status)
3827{
3828 struct pending_cmd *cmd;
3829
3830 BT_DBG("status 0x%02x", status);
3831
3832 hci_dev_lock(hdev);
3833
3834 cmd = mgmt_pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev);
3835 if (!cmd)
3836 goto unlock;
3837
3838 if (status) {
3839 cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
3840 mgmt_status(status));
3841 } else {
1a4d3c4b
JH		 3842 struct mgmt_mode *cp = cmd->param;
3843
3844 if (cp->val)
3845 set_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
3846 else
3847 clear_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
3848
33e38b3e
JH		 3849 send_settings_rsp(cmd->sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev);
3850 new_settings(hdev, cmd->sk);
3851 }
3852
3853 mgmt_pending_remove(cmd);
3854
3855unlock:
3856 hci_dev_unlock(hdev);
3857}
3858
bdb6d971 3859static int set_fast_connectable(struct sock *sk, struct hci_dev *hdev,
04124681 3860 void *data, u16 len)
f6422ec6 3861{
650f726d 3862 struct mgmt_mode *cp = data;
33e38b3e
JH		 3863 struct pending_cmd *cmd;
3864 struct hci_request req;
f6422ec6
AJ		 3865 int err;
3866
bdb6d971 3867 BT_DBG("%s", hdev->name);
f6422ec6 3868
56f87901
JH		 3869 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags) ||
3870 hdev->hci_ver < BLUETOOTH_VER_1_2)
33c525c0
JH		 3871 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
3872 MGMT_STATUS_NOT_SUPPORTED);
3873
a7e80f25
JH		 3874 if (cp->val != 0x00 && cp->val != 0x01)
3875 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
3876 MGMT_STATUS_INVALID_PARAMS);
3877
5400c044 3878 if (!hdev_is_powered(hdev))
bdb6d971 3879 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
04124681 3880 MGMT_STATUS_NOT_POWERED);
5400c044
JH		 3881
3882 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
bdb6d971 3883 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
04124681 3884 MGMT_STATUS_REJECTED);
f6422ec6
AJ		 3885
3886 hci_dev_lock(hdev);
3887
05cbf29f
JH		 3888 if (mgmt_pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev)) {
3889 err = cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
3890 MGMT_STATUS_BUSY);
3891 goto unlock;
3892 }
3893
1a4d3c4b
JH		 3894 if (!!cp->val == test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags)) {
3895 err = send_settings_rsp(sk, MGMT_OP_SET_FAST_CONNECTABLE,
3896 hdev);
3897 goto unlock;
3898 }
3899
33e38b3e
JH		 3900 cmd = mgmt_pending_add(sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev,
3901 data, len);
3902 if (!cmd) {
3903 err = -ENOMEM;
3904 goto unlock;
f6422ec6
AJ		 3905 }
3906
33e38b3e
JH		 3907 hci_req_init(&req, hdev);
3908
406d7804 3909 write_fast_connectable(&req, cp->val);
33e38b3e
JH		 3910
3911 err = hci_req_run(&req, fast_connectable_complete);
f6422ec6 3912 if (err < 0) {
bdb6d971 3913 err = cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
04124681 3914 MGMT_STATUS_FAILED);
33e38b3e 3915 mgmt_pending_remove(cmd);
f6422ec6
AJ		 3916 }
3917
33e38b3e 3918unlock:
f6422ec6 3919 hci_dev_unlock(hdev);
33e38b3e 3920
f6422ec6
AJ		 3921 return err;
3922}
3923
67e5a7a3
JH		 3924static void set_bredr_scan(struct hci_request *req)
3925{
3926 struct hci_dev *hdev = req->hdev;
3927 u8 scan = 0;
3928
3929 /* Ensure that fast connectable is disabled. This function will
3930 * not do anything if the page scan parameters are already what
3931 * they should be.
3932 */
3933 write_fast_connectable(req, false);
3934
3935 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
3936 scan |= SCAN_PAGE;
3937 if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
3938 scan |= SCAN_INQUIRY;
3939
3940 if (scan)
3941 hci_req_add(req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
3942}
3943
0663ca2a
JH		 3944static void set_bredr_complete(struct hci_dev *hdev, u8 status)
3945{
3946 struct pending_cmd *cmd;
3947
3948 BT_DBG("status 0x%02x", status);
3949
3950 hci_dev_lock(hdev);
3951
3952 cmd = mgmt_pending_find(MGMT_OP_SET_BREDR, hdev);
3953 if (!cmd)
3954 goto unlock;
3955
3956 if (status) {
3957 u8 mgmt_err = mgmt_status(status);
3958
3959 /* We need to restore the flag if related HCI commands
3960 * failed.
3961 */
3962 clear_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
3963
3964 cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
3965 } else {
3966 send_settings_rsp(cmd->sk, MGMT_OP_SET_BREDR, hdev);
3967 new_settings(hdev, cmd->sk);
3968 }
3969
3970 mgmt_pending_remove(cmd);
3971
3972unlock:
3973 hci_dev_unlock(hdev);
3974}
3975
3976static int set_bredr(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
3977{
3978 struct mgmt_mode *cp = data;
3979 struct pending_cmd *cmd;
3980 struct hci_request req;
3981 int err;
3982
3983 BT_DBG("request for %s", hdev->name);
3984
3985 if (!lmp_bredr_capable(hdev) || !lmp_le_capable(hdev))
3986 return cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
3987 MGMT_STATUS_NOT_SUPPORTED);
3988
3989 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
3990 return cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
3991 MGMT_STATUS_REJECTED);
3992
3993 if (cp->val != 0x00 && cp->val != 0x01)
3994 return cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
3995 MGMT_STATUS_INVALID_PARAMS);
3996
3997 hci_dev_lock(hdev);
3998
3999 if (cp->val == test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
4000 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
4001 goto unlock;
4002 }
4003
4004 if (!hdev_is_powered(hdev)) {
4005 if (!cp->val) {
0663ca2a
JH		 4006 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
4007 clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
4008 clear_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
4009 clear_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
4010 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
4011 }
4012
4013 change_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
4014
4015 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
4016 if (err < 0)
4017 goto unlock;
4018
4019 err = new_settings(hdev, sk);
4020 goto unlock;
4021 }
4022
4023 /* Reject disabling when powered on */
4024 if (!cp->val) {
4025 err = cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4026 MGMT_STATUS_REJECTED);
4027 goto unlock;
4028 }
4029
4030 if (mgmt_pending_find(MGMT_OP_SET_BREDR, hdev)) {
4031 err = cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4032 MGMT_STATUS_BUSY);
4033 goto unlock;
4034 }
4035
4036 cmd = mgmt_pending_add(sk, MGMT_OP_SET_BREDR, hdev, data, len);
4037 if (!cmd) {
4038 err = -ENOMEM;
4039 goto unlock;
4040 }
4041
5947f4bc 4042 /* We need to flip the bit already here so that update_adv_data
0663ca2a
JH		 4043 * generates the correct flags.
4044 */
4045 set_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
4046
4047 hci_req_init(&req, hdev);
aa8af46e
JH		 4048
4049 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
4050 set_bredr_scan(&req);
4051
f14d8f64
MH		 4052 /* Since only the advertising data flags will change, there
4053 * is no need to update the scan response data.
4054 */
5947f4bc 4055 update_adv_data(&req);
aa8af46e 4056
0663ca2a
JH		 4057 err = hci_req_run(&req, set_bredr_complete);
4058 if (err < 0)
4059 mgmt_pending_remove(cmd);
4060
4061unlock:
4062 hci_dev_unlock(hdev);
4063 return err;
4064}
4065
eac83dc6
MH		 4066static int set_secure_conn(struct sock *sk, struct hci_dev *hdev,
4067 void *data, u16 len)
4068{
4069 struct mgmt_mode *cp = data;
4070 struct pending_cmd *cmd;
0ab04a9c 4071 u8 val, status;
eac83dc6
MH		 4072 int err;
4073
4074 BT_DBG("request for %s", hdev->name);
4075
4076 status = mgmt_bredr_support(hdev);
4077 if (status)
4078 return cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4079 status);
4080
5afeac14
MH		 4081 if (!lmp_sc_capable(hdev) &&
4082 !test_bit(HCI_FORCE_SC, &hdev->dev_flags))
eac83dc6
MH		 4083 return cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4084 MGMT_STATUS_NOT_SUPPORTED);
4085
0ab04a9c 4086 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
eac83dc6
MH		 4087 return cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4088 MGMT_STATUS_INVALID_PARAMS);
4089
4090 hci_dev_lock(hdev);
4091
4092 if (!hdev_is_powered(hdev)) {
4093 bool changed;
4094
0ab04a9c 4095 if (cp->val) {
eac83dc6
MH		 4096 changed = !test_and_set_bit(HCI_SC_ENABLED,
4097 &hdev->dev_flags);
0ab04a9c
MH		 4098 if (cp->val == 0x02)
4099 set_bit(HCI_SC_ONLY, &hdev->dev_flags);
4100 else
4101 clear_bit(HCI_SC_ONLY, &hdev->dev_flags);
4102 } else {
eac83dc6
MH		 4103 changed = test_and_clear_bit(HCI_SC_ENABLED,
4104 &hdev->dev_flags);
0ab04a9c
MH		 4105 clear_bit(HCI_SC_ONLY, &hdev->dev_flags);
4106 }
eac83dc6
MH		 4107
4108 err = send_settings_rsp(sk, MGMT_OP_SET_SECURE_CONN, hdev);
4109 if (err < 0)
4110 goto failed;
4111
4112 if (changed)
4113 err = new_settings(hdev, sk);
4114
4115 goto failed;
4116 }
4117
4118 if (mgmt_pending_find(MGMT_OP_SET_SECURE_CONN, hdev)) {
4119 err = cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4120 MGMT_STATUS_BUSY);
4121 goto failed;
4122 }
4123
0ab04a9c
MH		 4124 val = !!cp->val;
4125
4126 if (val == test_bit(HCI_SC_ENABLED, &hdev->dev_flags) &&
4127 (cp->val == 0x02) == test_bit(HCI_SC_ONLY, &hdev->dev_flags)) {
eac83dc6
MH		 4128 err = send_settings_rsp(sk, MGMT_OP_SET_SECURE_CONN, hdev);
4129 goto failed;
4130 }
4131
4132 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SECURE_CONN, hdev, data, len);
4133 if (!cmd) {
4134 err = -ENOMEM;
4135 goto failed;
4136 }
4137
0ab04a9c 4138 err = hci_send_cmd(hdev, HCI_OP_WRITE_SC_SUPPORT, 1, &val);
eac83dc6
MH		 4139 if (err < 0) {
4140 mgmt_pending_remove(cmd);
4141 goto failed;
4142 }
4143
0ab04a9c
MH		 4144 if (cp->val == 0x02)
4145 set_bit(HCI_SC_ONLY, &hdev->dev_flags);
4146 else
4147 clear_bit(HCI_SC_ONLY, &hdev->dev_flags);
4148
eac83dc6
MH		 4149failed:
4150 hci_dev_unlock(hdev);
4151 return err;
4152}
4153
4e39ac81
MH		 4154static int set_debug_keys(struct sock *sk, struct hci_dev *hdev,
4155 void *data, u16 len)
4156{
4157 struct mgmt_mode *cp = data;
4158 bool changed;
4159 int err;
4160
4161 BT_DBG("request for %s", hdev->name);
4162
4163 if (cp->val != 0x00 && cp->val != 0x01)
4164 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEBUG_KEYS,
4165 MGMT_STATUS_INVALID_PARAMS);
4166
4167 hci_dev_lock(hdev);
4168
4169 if (cp->val)
4170 changed = !test_and_set_bit(HCI_DEBUG_KEYS, &hdev->dev_flags);
4171 else
4172 changed = test_and_clear_bit(HCI_DEBUG_KEYS, &hdev->dev_flags);
4173
4174 err = send_settings_rsp(sk, MGMT_OP_SET_DEBUG_KEYS, hdev);
4175 if (err < 0)
4176 goto unlock;
4177
4178 if (changed)
4179 err = new_settings(hdev, sk);
4180
4181unlock:
4182 hci_dev_unlock(hdev);
4183 return err;
4184}
4185
41edf160
JH		 4186static bool irk_is_valid(struct mgmt_irk_info *irk)
4187{
4188 switch (irk->addr.type) {
4189 case BDADDR_LE_PUBLIC:
4190 return true;
4191
4192 case BDADDR_LE_RANDOM:
4193 /* Two most significant bits shall be set */
4194 if ((irk->addr.bdaddr.b[5] & 0xc0) != 0xc0)
4195 return false;
4196 return true;
4197 }
4198
4199 return false;
4200}
4201
4202static int load_irks(struct sock *sk, struct hci_dev *hdev, void *cp_data,
4203 u16 len)
4204{
4205 struct mgmt_cp_load_irks *cp = cp_data;
4206 u16 irk_count, expected_len;
4207 int i, err;
4208
4209 BT_DBG("request for %s", hdev->name);
4210
4211 if (!lmp_le_capable(hdev))
4212 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
4213 MGMT_STATUS_NOT_SUPPORTED);
4214
4215 irk_count = __le16_to_cpu(cp->irk_count);
4216
4217 expected_len = sizeof(*cp) + irk_count * sizeof(struct mgmt_irk_info);
4218 if (expected_len != len) {
4219 BT_ERR("load_irks: expected %u bytes, got %u bytes",
4220 len, expected_len);
4221 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
4222 MGMT_STATUS_INVALID_PARAMS);
4223 }
4224
4225 BT_DBG("%s irk_count %u", hdev->name, irk_count);
4226
4227 for (i = 0; i < irk_count; i++) {
4228 struct mgmt_irk_info *key = &cp->irks[i];
4229
4230 if (!irk_is_valid(key))
4231 return cmd_status(sk, hdev->id,
4232 MGMT_OP_LOAD_IRKS,
4233 MGMT_STATUS_INVALID_PARAMS);
4234 }
4235
4236 hci_dev_lock(hdev);
4237
4238 hci_smp_irks_clear(hdev);
4239
4240 for (i = 0; i < irk_count; i++) {
4241 struct mgmt_irk_info *irk = &cp->irks[i];
4242 u8 addr_type;
4243
4244 if (irk->addr.type == BDADDR_LE_PUBLIC)
4245 addr_type = ADDR_LE_DEV_PUBLIC;
4246 else
4247 addr_type = ADDR_LE_DEV_RANDOM;
4248
4249 hci_add_irk(hdev, &irk->addr.bdaddr, addr_type, irk->val,
4250 BDADDR_ANY);
4251 }
4252
4253 set_bit(HCI_RPA_RESOLVING, &hdev->dev_flags);
4254
4255 err = cmd_complete(sk, hdev->id, MGMT_OP_LOAD_IRKS, 0, NULL, 0);
4256
4257 hci_dev_unlock(hdev);
4258
4259 return err;
4260}
4261
3f706b72
JH		 4262static bool ltk_is_valid(struct mgmt_ltk_info *key)
4263{
4264 if (key->master != 0x00 && key->master != 0x01)
4265 return false;
490cb0b3
MH		 4266
4267 switch (key->addr.type) {
4268 case BDADDR_LE_PUBLIC:
4269 return true;
4270
4271 case BDADDR_LE_RANDOM:
4272 /* Two most significant bits shall be set */
4273 if ((key->addr.bdaddr.b[5] & 0xc0) != 0xc0)
4274 return false;
4275 return true;
4276 }
4277
4278 return false;
3f706b72
JH		 4279}
4280
bdb6d971 4281static int load_long_term_keys(struct sock *sk, struct hci_dev *hdev,
04124681 4282 void *cp_data, u16 len)
346af67b 4283{
346af67b
VCG		 4284 struct mgmt_cp_load_long_term_keys *cp = cp_data;
4285 u16 key_count, expected_len;
715a5bf2 4286 int i, err;
346af67b 4287
cf99ba13
MH		 4288 BT_DBG("request for %s", hdev->name);
4289
4290 if (!lmp_le_capable(hdev))
4291 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
4292 MGMT_STATUS_NOT_SUPPORTED);
4293
1f350c87 4294 key_count = __le16_to_cpu(cp->key_count);
346af67b
VCG		 4295
4296 expected_len = sizeof(*cp) + key_count *
4297 sizeof(struct mgmt_ltk_info);
4298 if (expected_len != len) {
4299 BT_ERR("load_keys: expected %u bytes, got %u bytes",
8ce8e2b5 4300 len, expected_len);
bdb6d971 4301 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
e57e619f 4302 MGMT_STATUS_INVALID_PARAMS);
346af67b
VCG		 4303 }
4304
bdb6d971 4305 BT_DBG("%s key_count %u", hdev->name, key_count);
346af67b 4306
54ad6d8a
JH		 4307 for (i = 0; i < key_count; i++) {
4308 struct mgmt_ltk_info *key = &cp->keys[i];
4309
3f706b72 4310 if (!ltk_is_valid(key))
54ad6d8a
JH		 4311 return cmd_status(sk, hdev->id,
4312 MGMT_OP_LOAD_LONG_TERM_KEYS,
4313 MGMT_STATUS_INVALID_PARAMS);
4314 }
4315
346af67b
VCG		 4316 hci_dev_lock(hdev);
4317
4318 hci_smp_ltks_clear(hdev);
4319
4320 for (i = 0; i < key_count; i++) {
4321 struct mgmt_ltk_info *key = &cp->keys[i];
79d95a19
MH		 4322 u8 type, addr_type;
4323
4324 if (key->addr.type == BDADDR_LE_PUBLIC)
4325 addr_type = ADDR_LE_DEV_PUBLIC;
4326 else
4327 addr_type = ADDR_LE_DEV_RANDOM;
346af67b
VCG		 4328
4329 if (key->master)
4330 type = HCI_SMP_LTK;
4331 else
4332 type = HCI_SMP_LTK_SLAVE;
4333
35d70271
JH		 4334 hci_add_ltk(hdev, &key->addr.bdaddr, addr_type, type,
4335 key->type, key->val, key->enc_size, key->ediv,
4336 key->rand);
346af67b
VCG		 4337 }
4338
715a5bf2
JH		 4339 err = cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS, 0,
4340 NULL, 0);
4341
346af67b 4342 hci_dev_unlock(hdev);
346af67b 4343
715a5bf2 4344 return err;
346af67b
VCG		 4345}
4346
2e3c35ea 4347static const struct mgmt_handler {
04124681
GP		 4348 int (*func) (struct sock *sk, struct hci_dev *hdev, void *data,
4349 u16 data_len);
be22b54e
JH		 4350 bool var_len;
4351 size_t data_len;
0f4e68cf
JH		 4352} mgmt_handlers[] = {
4353 { NULL }, /* 0x0000 (no command) */
be22b54e
JH		 4354 { read_version, false, MGMT_READ_VERSION_SIZE },
4355 { read_commands, false, MGMT_READ_COMMANDS_SIZE },
4356 { read_index_list, false, MGMT_READ_INDEX_LIST_SIZE },
4357 { read_controller_info, false, MGMT_READ_INFO_SIZE },
4358 { set_powered, false, MGMT_SETTING_SIZE },
4359 { set_discoverable, false, MGMT_SET_DISCOVERABLE_SIZE },
4360 { set_connectable, false, MGMT_SETTING_SIZE },
4361 { set_fast_connectable, false, MGMT_SETTING_SIZE },
4362 { set_pairable, false, MGMT_SETTING_SIZE },
4363 { set_link_security, false, MGMT_SETTING_SIZE },
4364 { set_ssp, false, MGMT_SETTING_SIZE },
4365 { set_hs, false, MGMT_SETTING_SIZE },
4366 { set_le, false, MGMT_SETTING_SIZE },
4367 { set_dev_class, false, MGMT_SET_DEV_CLASS_SIZE },
4368 { set_local_name, false, MGMT_SET_LOCAL_NAME_SIZE },
4369 { add_uuid, false, MGMT_ADD_UUID_SIZE },
4370 { remove_uuid, false, MGMT_REMOVE_UUID_SIZE },
4371 { load_link_keys, true, MGMT_LOAD_LINK_KEYS_SIZE },
4372 { load_long_term_keys, true, MGMT_LOAD_LONG_TERM_KEYS_SIZE },
4373 { disconnect, false, MGMT_DISCONNECT_SIZE },
4374 { get_connections, false, MGMT_GET_CONNECTIONS_SIZE },
4375 { pin_code_reply, false, MGMT_PIN_CODE_REPLY_SIZE },
4376 { pin_code_neg_reply, false, MGMT_PIN_CODE_NEG_REPLY_SIZE },
4377 { set_io_capability, false, MGMT_SET_IO_CAPABILITY_SIZE },
4378 { pair_device, false, MGMT_PAIR_DEVICE_SIZE },
4379 { cancel_pair_device, false, MGMT_CANCEL_PAIR_DEVICE_SIZE },
4380 { unpair_device, false, MGMT_UNPAIR_DEVICE_SIZE },
4381 { user_confirm_reply, false, MGMT_USER_CONFIRM_REPLY_SIZE },
4382 { user_confirm_neg_reply, false, MGMT_USER_CONFIRM_NEG_REPLY_SIZE },
4383 { user_passkey_reply, false, MGMT_USER_PASSKEY_REPLY_SIZE },
4384 { user_passkey_neg_reply, false, MGMT_USER_PASSKEY_NEG_REPLY_SIZE },
4385 { read_local_oob_data, false, MGMT_READ_LOCAL_OOB_DATA_SIZE },
ec109113 4386 { add_remote_oob_data, true, MGMT_ADD_REMOTE_OOB_DATA_SIZE },
be22b54e
JH		 4387 { remove_remote_oob_data, false, MGMT_REMOVE_REMOTE_OOB_DATA_SIZE },
4388 { start_discovery, false, MGMT_START_DISCOVERY_SIZE },
4389 { stop_discovery, false, MGMT_STOP_DISCOVERY_SIZE },
4390 { confirm_name, false, MGMT_CONFIRM_NAME_SIZE },
4391 { block_device, false, MGMT_BLOCK_DEVICE_SIZE },
4392 { unblock_device, false, MGMT_UNBLOCK_DEVICE_SIZE },
cdbaccca 4393 { set_device_id, false, MGMT_SET_DEVICE_ID_SIZE },
4375f103 4394 { set_advertising, false, MGMT_SETTING_SIZE },
0663ca2a 4395 { set_bredr, false, MGMT_SETTING_SIZE },
d13eafce 4396 { set_static_address, false, MGMT_SET_STATIC_ADDRESS_SIZE },
14b49b9a 4397 { set_scan_params, false, MGMT_SET_SCAN_PARAMS_SIZE },
eac83dc6 4398 { set_secure_conn, false, MGMT_SETTING_SIZE },
4e39ac81 4399 { set_debug_keys, false, MGMT_SETTING_SIZE },
41edf160
JH		 4400 { },
4401 { load_irks, true, MGMT_LOAD_IRKS_SIZE },
0f4e68cf
JH		 4402};
4403
4404
0381101f
JH		 4405int mgmt_control(struct sock *sk, struct msghdr *msg, size_t msglen)
4406{
650f726d
VCG		 4407 void *buf;
4408 u8 *cp;
0381101f 4409 struct mgmt_hdr *hdr;
4e51eae9 4410 u16 opcode, index, len;
bdb6d971 4411 struct hci_dev *hdev = NULL;
2e3c35ea 4412 const struct mgmt_handler *handler;
0381101f
JH		 4413 int err;
4414
4415 BT_DBG("got %zu bytes", msglen);
4416
4417 if (msglen < sizeof(*hdr))
4418 return -EINVAL;
4419
e63a15ec 4420 buf = kmalloc(msglen, GFP_KERNEL);
0381101f
JH		 4421 if (!buf)
4422 return -ENOMEM;
4423
4424 if (memcpy_fromiovec(buf, msg->msg_iov, msglen)) {
4425 err = -EFAULT;
4426 goto done;
4427 }
4428
650f726d 4429 hdr = buf;
1f350c87
MH		 4430 opcode = __le16_to_cpu(hdr->opcode);
4431 index = __le16_to_cpu(hdr->index);
4432 len = __le16_to_cpu(hdr->len);
0381101f
JH		 4433
4434 if (len != msglen - sizeof(*hdr)) {
4435 err = -EINVAL;
4436 goto done;
4437 }
4438
0f4e68cf 4439 if (index != MGMT_INDEX_NONE) {
bdb6d971
JH		 4440 hdev = hci_dev_get(index);
4441 if (!hdev) {
4442 err = cmd_status(sk, index, opcode,
04124681 4443 MGMT_STATUS_INVALID_INDEX);
bdb6d971
JH		 4444 goto done;
4445 }
0736cfa8 4446
cebf4cfd
JH		 4447 if (test_bit(HCI_SETUP, &hdev->dev_flags) ||
4448 test_bit(HCI_USER_CHANNEL, &hdev->dev_flags)) {
0736cfa8
MH		 4449 err = cmd_status(sk, index, opcode,
4450 MGMT_STATUS_INVALID_INDEX);
4451 goto done;
4452 }
bdb6d971
JH		 4453 }
4454
0f4e68cf 4455 if (opcode >= ARRAY_SIZE(mgmt_handlers) ||
8ce8e2b5 4456 mgmt_handlers[opcode].func == NULL) {
0381101f 4457 BT_DBG("Unknown op %u", opcode);
ca69b795 4458 err = cmd_status(sk, index, opcode,
04124681 4459 MGMT_STATUS_UNKNOWN_COMMAND);
0f4e68cf
JH		 4460 goto done;
4461 }
4462
4463 if ((hdev && opcode < MGMT_OP_READ_INFO) ||
8ce8e2b5 4464 (!hdev && opcode >= MGMT_OP_READ_INFO)) {
0f4e68cf 4465 err = cmd_status(sk, index, opcode,
04124681 4466 MGMT_STATUS_INVALID_INDEX);
0f4e68cf 4467 goto done;
0381101f
JH		 4468 }
4469
be22b54e
JH		 4470 handler = &mgmt_handlers[opcode];
4471
4472 if ((handler->var_len && len < handler->data_len) ||
8ce8e2b5 4473 (!handler->var_len && len != handler->data_len)) {
be22b54e 4474 err = cmd_status(sk, index, opcode,
04124681 4475 MGMT_STATUS_INVALID_PARAMS);
be22b54e
JH		 4476 goto done;
4477 }
4478
0f4e68cf
JH		 4479 if (hdev)
4480 mgmt_init_hdev(sk, hdev);
4481
4482 cp = buf + sizeof(*hdr);
4483
be22b54e 4484 err = handler->func(sk, hdev, cp, len);
e41d8b4e
JH		 4485 if (err < 0)
4486 goto done;
4487
0381101f
JH		 4488 err = msglen;
4489
4490done:
bdb6d971
JH		 4491 if (hdev)
4492 hci_dev_put(hdev);
4493
0381101f
JH		 4494 kfree(buf);
4495 return err;
4496}
c71e97bf 4497
bf6b56db 4498void mgmt_index_added(struct hci_dev *hdev)
c71e97bf 4499{
1514b892 4500 if (hdev->dev_type != HCI_BREDR)
bf6b56db 4501 return;
bb4b2a9a 4502
bf6b56db 4503 mgmt_event(MGMT_EV_INDEX_ADDED, hdev, NULL, 0, NULL);
c71e97bf
JH		 4504}
4505
bf6b56db 4506void mgmt_index_removed(struct hci_dev *hdev)
c71e97bf 4507{
5f159032 4508 u8 status = MGMT_STATUS_INVALID_INDEX;
b24752fe 4509
1514b892 4510 if (hdev->dev_type != HCI_BREDR)
bf6b56db 4511 return;
bb4b2a9a 4512
744cf19e 4513 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status);
b24752fe 4514
bf6b56db 4515 mgmt_event(MGMT_EV_INDEX_REMOVED, hdev, NULL, 0, NULL);
eec8d2bc
JH		 4516}
4517
229ab39c
JH		 4518static void powered_complete(struct hci_dev *hdev, u8 status)
4519{
4520 struct cmd_lookup match = { NULL, hdev };
4521
4522 BT_DBG("status 0x%02x", status);
4523
4524 hci_dev_lock(hdev);
4525
4526 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
4527
4528 new_settings(hdev, match.sk);
4529
4530 hci_dev_unlock(hdev);
4531
4532 if (match.sk)
4533 sock_put(match.sk);
4534}
4535
70da6243 4536static int powered_update_hci(struct hci_dev *hdev)
5add6af8 4537{
890ea898 4538 struct hci_request req;
70da6243 4539 u8 link_sec;
5add6af8 4540
890ea898
JH		 4541 hci_req_init(&req, hdev);
4542
70da6243
JH		 4543 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags) &&
4544 !lmp_host_ssp_capable(hdev)) {
4545 u8 ssp = 1;
5e5282bb 4546
890ea898 4547 hci_req_add(&req, HCI_OP_WRITE_SSP_MODE, 1, &ssp);
70da6243 4548 }
5add6af8 4549
c73eee91
JH		 4550 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags) &&
4551 lmp_bredr_capable(hdev)) {
70da6243 4552 struct hci_cp_write_le_host_supported cp;
f0ff92fb 4553
70da6243
JH		 4554 cp.le = 1;
4555 cp.simul = lmp_le_br_capable(hdev);
3d1cbdd6 4556
70da6243
JH		 4557 /* Check first if we already have the right
4558 * host state (host features set)
4559 */
4560 if (cp.le != lmp_host_le_capable(hdev) ||
4561 cp.simul != lmp_host_le_br_capable(hdev))
890ea898
JH		 4562 hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED,
4563 sizeof(cp), &cp);
70da6243 4564 }
3d1cbdd6 4565
d13eafce
MH		 4566 if (lmp_le_capable(hdev)) {
4567 /* Set random address to static address if configured */
4568 if (bacmp(&hdev->static_addr, BDADDR_ANY))
4569 hci_req_add(&req, HCI_OP_LE_SET_RANDOM_ADDR, 6,
4570 &hdev->static_addr);
eeca6f89 4571
441ad2d0
MH		 4572 /* Make sure the controller has a good default for
4573 * advertising data. This also applies to the case
4574 * where BR/EDR was toggled during the AUTO_OFF phase.
4575 */
f14d8f64 4576 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
5947f4bc 4577 update_adv_data(&req);
f14d8f64
MH		 4578 update_scan_rsp_data(&req);
4579 }
441ad2d0 4580
bba3aa55
MH		 4581 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags))
4582 enable_advertising(&req);
eeca6f89
JH		 4583 }
4584
70da6243
JH		 4585 link_sec = test_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
4586 if (link_sec != test_bit(HCI_AUTH, &hdev->flags))
890ea898
JH		 4587 hci_req_add(&req, HCI_OP_WRITE_AUTH_ENABLE,
4588 sizeof(link_sec), &link_sec);
562fcc24 4589
70da6243 4590 if (lmp_bredr_capable(hdev)) {
56f87901
JH		 4591 if (test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
4592 set_bredr_scan(&req);
890ea898 4593 update_class(&req);
13928971 4594 update_name(&req);
890ea898 4595 update_eir(&req);
70da6243 4596 }
562fcc24 4597
229ab39c 4598 return hci_req_run(&req, powered_complete);
70da6243 4599}
562fcc24 4600
70da6243
JH		 4601int mgmt_powered(struct hci_dev *hdev, u8 powered)
4602{
4603 struct cmd_lookup match = { NULL, hdev };
229ab39c
JH		 4604 u8 status_not_powered = MGMT_STATUS_NOT_POWERED;
4605 u8 zero_cod[] = { 0, 0, 0 };
70da6243 4606 int err;
f0ff92fb 4607
70da6243
JH		 4608 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
4609 return 0;
4610
70da6243 4611 if (powered) {
229ab39c
JH		 4612 if (powered_update_hci(hdev) == 0)
4613 return 0;
fe038884 4614
229ab39c
JH		 4615 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp,
4616 &match);
4617 goto new_settings;
b24752fe
JH		 4618 }
4619
229ab39c
JH		 4620 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
4621 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status_not_powered);
4622
4623 if (memcmp(hdev->dev_class, zero_cod, sizeof(zero_cod)) != 0)
4624 mgmt_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev,
4625 zero_cod, sizeof(zero_cod), NULL);
4626
4627new_settings:
beadb2bd 4628 err = new_settings(hdev, match.sk);
eec8d2bc
JH		 4629
4630 if (match.sk)
4631 sock_put(match.sk);
4632
7bb895d6 4633 return err;
5add6af8 4634}
73f22f62 4635
3eec705e 4636void mgmt_set_powered_failed(struct hci_dev *hdev, int err)
96570ffc
JH		 4637{
4638 struct pending_cmd *cmd;
4639 u8 status;
4640
4641 cmd = mgmt_pending_find(MGMT_OP_SET_POWERED, hdev);
4642 if (!cmd)
3eec705e 4643 return;
96570ffc
JH		 4644
4645 if (err == -ERFKILL)
4646 status = MGMT_STATUS_RFKILLED;
4647 else
4648 status = MGMT_STATUS_FAILED;
4649
3eec705e 4650 cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_POWERED, status);
96570ffc
JH		 4651
4652 mgmt_pending_remove(cmd);
96570ffc
JH		 4653}
4654
d1967ff8
MH		 4655void mgmt_discoverable_timeout(struct hci_dev *hdev)
4656{
4657 struct hci_request req;
d1967ff8
MH		 4658
4659 hci_dev_lock(hdev);
4660
4661 /* When discoverable timeout triggers, then just make sure
4662 * the limited discoverable flag is cleared. Even in the case
4663 * of a timeout triggered from general discoverable, it is
4664 * safe to unconditionally clear the flag.
4665 */
4666 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
9a43e25f 4667 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
d1967ff8
MH		 4668
4669 hci_req_init(&req, hdev);
4b580614
JH		 4670 if (test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
4671 u8 scan = SCAN_PAGE;
4672 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE,
4673 sizeof(scan), &scan);
4674 }
d1967ff8 4675 update_class(&req);
9a43e25f 4676 update_adv_data(&req);
d1967ff8
MH		 4677 hci_req_run(&req, NULL);
4678
4679 hdev->discov_timeout = 0;
4680
9a43e25f
JH		 4681 new_settings(hdev, NULL);
4682
d1967ff8
MH		 4683 hci_dev_unlock(hdev);
4684}
4685
86a75645 4686void mgmt_discoverable(struct hci_dev *hdev, u8 discoverable)
73f22f62 4687{
86a75645 4688 bool changed;
73f22f62 4689
bfaf8c9f
JH		 4690 /* Nothing needed here if there's a pending command since that
4691 * commands request completion callback takes care of everything
4692 * necessary.
4693 */
4694 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev))
86a75645 4695 return;
bfaf8c9f 4696
9a43e25f 4697 if (discoverable) {
86a75645 4698 changed = !test_and_set_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
9a43e25f
JH		 4699 } else {
4700 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
86a75645 4701 changed = test_and_clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
9a43e25f
JH		 4702 }
4703
4704 if (changed) {
4705 struct hci_request req;
4706
4707 /* In case this change in discoverable was triggered by
4708 * a disabling of connectable there could be a need to
4709 * update the advertising flags.
4710 */
4711 hci_req_init(&req, hdev);
4712 update_adv_data(&req);
4713 hci_req_run(&req, NULL);
73f22f62 4714
86a75645 4715 new_settings(hdev, NULL);
9a43e25f 4716 }
73f22f62 4717}
9fbcbb45 4718
a330916c 4719void mgmt_connectable(struct hci_dev *hdev, u8 connectable)
9fbcbb45 4720{
a330916c 4721 bool changed;
9fbcbb45 4722
d7b856f9
JH		 4723 /* Nothing needed here if there's a pending command since that
4724 * commands request completion callback takes care of everything
4725 * necessary.
4726 */
4727 if (mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev))
a330916c 4728 return;
d7b856f9 4729
a330916c
MH		 4730 if (connectable)
4731 changed = !test_and_set_bit(HCI_CONNECTABLE, &hdev->dev_flags);
4732 else
4733 changed = test_and_clear_bit(HCI_CONNECTABLE, &hdev->dev_flags);
9fbcbb45 4734
beadb2bd 4735 if (changed)
a330916c 4736 new_settings(hdev, NULL);
9fbcbb45 4737}
55ed8ca1 4738
4796e8af 4739void mgmt_write_scan_failed(struct hci_dev *hdev, u8 scan, u8 status)
2d7cee58 4740{
ca69b795
JH		 4741 u8 mgmt_err = mgmt_status(status);
4742
2d7cee58 4743 if (scan & SCAN_PAGE)
744cf19e 4744 mgmt_pending_foreach(MGMT_OP_SET_CONNECTABLE, hdev,
04124681 4745 cmd_status_rsp, &mgmt_err);
2d7cee58
JH		 4746
4747 if (scan & SCAN_INQUIRY)
744cf19e 4748 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, hdev,
04124681 4749 cmd_status_rsp, &mgmt_err);
2d7cee58
JH		 4750}
4751
dc4a5ee2
MH		 4752void mgmt_new_link_key(struct hci_dev *hdev, struct link_key *key,
4753 bool persistent)
55ed8ca1 4754{
86742e1e 4755 struct mgmt_ev_new_link_key ev;
55ed8ca1 4756
a492cd52 4757 memset(&ev, 0, sizeof(ev));
55ed8ca1 4758
a492cd52 4759 ev.store_hint = persistent;
d753fdc4 4760 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
591f47f3 4761 ev.key.addr.type = BDADDR_BREDR;
a492cd52 4762 ev.key.type = key->type;
9b3b4460 4763 memcpy(ev.key.val, key->val, HCI_LINK_KEY_SIZE);
a492cd52 4764 ev.key.pin_len = key->pin_len;
55ed8ca1 4765
dc4a5ee2 4766 mgmt_event(MGMT_EV_NEW_LINK_KEY, hdev, &ev, sizeof(ev), NULL);
55ed8ca1 4767}
f7520543 4768
ba74b666 4769void mgmt_new_ltk(struct hci_dev *hdev, struct smp_ltk *key)
346af67b
VCG		 4770{
4771 struct mgmt_ev_new_long_term_key ev;
4772
4773 memset(&ev, 0, sizeof(ev));
4774
5192d301
MH		 4775 /* Devices using resolvable or non-resolvable random addresses
4776 * without providing an indentity resolving key don't require
4777 * to store long term keys. Their addresses will change the
4778 * next time around.
4779 *
4780 * Only when a remote device provides an identity address
4781 * make sure the long term key is stored. If the remote
4782 * identity is known, the long term keys are internally
4783 * mapped to the identity address. So allow static random
4784 * and public addresses here.
4785 */
ba74b666
JH		 4786 if (key->bdaddr_type == ADDR_LE_DEV_RANDOM &&
4787 (key->bdaddr.b[5] & 0xc0) != 0xc0)
4788 ev.store_hint = 0x00;
4789 else
4790 ev.store_hint = 0x01;
4791
346af67b 4792 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
57c1477c 4793 ev.key.addr.type = link_to_bdaddr(LE_LINK, key->bdaddr_type);
d40f3eef 4794 ev.key.type = key->authenticated;
346af67b
VCG		 4795 ev.key.enc_size = key->enc_size;
4796 ev.key.ediv = key->ediv;
4797
4798 if (key->type == HCI_SMP_LTK)
4799 ev.key.master = 1;
4800
4801 memcpy(ev.key.rand, key->rand, sizeof(key->rand));
4802 memcpy(ev.key.val, key->val, sizeof(key->val));
4803
083368f7 4804 mgmt_event(MGMT_EV_NEW_LONG_TERM_KEY, hdev, &ev, sizeof(ev), NULL);
346af67b
VCG		 4805}
4806
95fbac8a
JH		 4807void mgmt_new_irk(struct hci_dev *hdev, struct smp_irk *irk)
4808{
4809 struct mgmt_ev_new_irk ev;
4810
4811 memset(&ev, 0, sizeof(ev));
4812
bab6d1e5
MH		 4813 /* For identity resolving keys from devices that are already
4814 * using a public address or static random address, do not
4815 * ask for storing this key. The identity resolving key really
4816 * is only mandatory for devices using resovlable random
4817 * addresses.
4818 *
4819 * Storing all identity resolving keys has the downside that
4820 * they will be also loaded on next boot of they system. More
4821 * identity resolving keys, means more time during scanning is
4822 * needed to actually resolve these addresses.
4823 */
4824 if (bacmp(&irk->rpa, BDADDR_ANY))
4825 ev.store_hint = 0x01;
4826 else
4827 ev.store_hint = 0x00;
4828
95fbac8a
JH		 4829 bacpy(&ev.rpa, &irk->rpa);
4830 bacpy(&ev.irk.addr.bdaddr, &irk->bdaddr);
4831 ev.irk.addr.type = link_to_bdaddr(LE_LINK, irk->addr_type);
4832 memcpy(ev.irk.val, irk->val, sizeof(irk->val));
4833
4834 mgmt_event(MGMT_EV_NEW_IRK, hdev, &ev, sizeof(ev), NULL);
4835}
4836
94933991
MH		 4837static inline u16 eir_append_data(u8 *eir, u16 eir_len, u8 type, u8 *data,
4838 u8 data_len)
4839{
4840 eir[eir_len++] = sizeof(type) + data_len;
4841 eir[eir_len++] = type;
4842 memcpy(&eir[eir_len], data, data_len);
4843 eir_len += data_len;
4844
4845 return eir_len;
4846}
4847
ecd90ae7
MH		 4848void mgmt_device_connected(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
4849 u8 addr_type, u32 flags, u8 *name, u8 name_len,
4850 u8 *dev_class)
f7520543 4851{
b644ba33
JH		 4852 char buf[512];
4853 struct mgmt_ev_device_connected *ev = (void *) buf;
4854 u16 eir_len = 0;
f7520543 4855
b644ba33 4856 bacpy(&ev->addr.bdaddr, bdaddr);
57c1477c 4857 ev->addr.type = link_to_bdaddr(link_type, addr_type);
f7520543 4858
c95f0ba7 4859 ev->flags = __cpu_to_le32(flags);
08c79b61 4860
b644ba33
JH		 4861 if (name_len > 0)
4862 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE,
04124681 4863 name, name_len);
b644ba33
JH		 4864
4865 if (dev_class && memcmp(dev_class, "\0\0\0", 3) != 0)
53156385 4866 eir_len = eir_append_data(ev->eir, eir_len,
04124681 4867 EIR_CLASS_OF_DEV, dev_class, 3);
b644ba33 4868
eb55ef07 4869 ev->eir_len = cpu_to_le16(eir_len);
b644ba33 4870
ecd90ae7
MH		 4871 mgmt_event(MGMT_EV_DEVICE_CONNECTED, hdev, buf,
4872 sizeof(*ev) + eir_len, NULL);
f7520543
JH		 4873}
4874
8962ee74
JH		 4875static void disconnect_rsp(struct pending_cmd *cmd, void *data)
4876{
c68fb7ff 4877 struct mgmt_cp_disconnect *cp = cmd->param;
8962ee74 4878 struct sock **sk = data;
a38528f1 4879 struct mgmt_rp_disconnect rp;
8962ee74 4880
88c3df13
JH		 4881 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
4882 rp.addr.type = cp->addr.type;
8962ee74 4883
aee9b218 4884 cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT, 0, &rp,
04124681 4885 sizeof(rp));
8962ee74
JH		 4886
4887 *sk = cmd->sk;
4888 sock_hold(*sk);
4889
a664b5bc 4890 mgmt_pending_remove(cmd);
8962ee74
JH		 4891}
4892
124f6e35 4893static void unpair_device_rsp(struct pending_cmd *cmd, void *data)
a8a1d19e 4894{
b1078ad0 4895 struct hci_dev *hdev = data;
124f6e35
JH		 4896 struct mgmt_cp_unpair_device *cp = cmd->param;
4897 struct mgmt_rp_unpair_device rp;
a8a1d19e
JH		 4898
4899 memset(&rp, 0, sizeof(rp));
124f6e35
JH		 4900 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
4901 rp.addr.type = cp->addr.type;
a8a1d19e 4902
b1078ad0
JH		 4903 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, cmd->sk);
4904
aee9b218 4905 cmd_complete(cmd->sk, cmd->index, cmd->opcode, 0, &rp, sizeof(rp));
a8a1d19e
JH		 4906
4907 mgmt_pending_remove(cmd);
4908}
4909
9b80ec5e
MH		 4910void mgmt_device_disconnected(struct hci_dev *hdev, bdaddr_t *bdaddr,
4911 u8 link_type, u8 addr_type, u8 reason)
f7520543 4912{
f0d6a0ea 4913 struct mgmt_ev_device_disconnected ev;
8962ee74 4914 struct sock *sk = NULL;
8962ee74 4915
57eb776f
AG		 4916 if (link_type != ACL_LINK && link_type != LE_LINK)
4917 return;
4918
744cf19e 4919 mgmt_pending_foreach(MGMT_OP_DISCONNECT, hdev, disconnect_rsp, &sk);
f7520543 4920
f0d6a0ea
MA		 4921 bacpy(&ev.addr.bdaddr, bdaddr);
4922 ev.addr.type = link_to_bdaddr(link_type, addr_type);
4923 ev.reason = reason;
f7520543 4924
9b80ec5e 4925 mgmt_event(MGMT_EV_DEVICE_DISCONNECTED, hdev, &ev, sizeof(ev), sk);
8962ee74
JH		 4926
4927 if (sk)
d97dcb66 4928 sock_put(sk);
8962ee74 4929
124f6e35 4930 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
04124681 4931 hdev);
8962ee74
JH		 4932}
4933
7892924c
MH		 4934void mgmt_disconnect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr,
4935 u8 link_type, u8 addr_type, u8 status)
8962ee74 4936{
3655bba8
AG		 4937 u8 bdaddr_type = link_to_bdaddr(link_type, addr_type);
4938 struct mgmt_cp_disconnect *cp;
88c3df13 4939 struct mgmt_rp_disconnect rp;
8962ee74 4940 struct pending_cmd *cmd;
8962ee74 4941
36a75f1b
JD		 4942 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
4943 hdev);
4944
2e58ef3e 4945 cmd = mgmt_pending_find(MGMT_OP_DISCONNECT, hdev);
8962ee74 4946 if (!cmd)
7892924c 4947 return;
8962ee74 4948
3655bba8
AG		 4949 cp = cmd->param;
4950
4951 if (bacmp(bdaddr, &cp->addr.bdaddr))
4952 return;
4953
4954 if (cp->addr.type != bdaddr_type)
4955 return;
4956
88c3df13 4957 bacpy(&rp.addr.bdaddr, bdaddr);
3655bba8 4958 rp.addr.type = bdaddr_type;
37d9ef76 4959
7892924c
MH		 4960 cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT,
4961 mgmt_status(status), &rp, sizeof(rp));
8962ee74 4962
a664b5bc 4963 mgmt_pending_remove(cmd);
f7520543 4964}
17d5c04c 4965
445608d0
MH		 4966void mgmt_connect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
4967 u8 addr_type, u8 status)
17d5c04c
JH		 4968{
4969 struct mgmt_ev_connect_failed ev;
4970
4c659c39 4971 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 4972 ev.addr.type = link_to_bdaddr(link_type, addr_type);
ca69b795 4973 ev.status = mgmt_status(status);
17d5c04c 4974
445608d0 4975 mgmt_event(MGMT_EV_CONNECT_FAILED, hdev, &ev, sizeof(ev), NULL);
17d5c04c 4976}
980e1a53 4977
ce0e4a0d 4978void mgmt_pin_code_request(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 secure)
980e1a53
JH		 4979{
4980 struct mgmt_ev_pin_code_request ev;
4981
d8457698 4982 bacpy(&ev.addr.bdaddr, bdaddr);
591f47f3 4983 ev.addr.type = BDADDR_BREDR;
a770bb5a 4984 ev.secure = secure;
980e1a53 4985
ce0e4a0d 4986 mgmt_event(MGMT_EV_PIN_CODE_REQUEST, hdev, &ev, sizeof(ev), NULL);
980e1a53
JH		 4987}
4988
e669cf80
MH		 4989void mgmt_pin_code_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
4990 u8 status)
980e1a53
JH		 4991{
4992 struct pending_cmd *cmd;
ac56fb13 4993 struct mgmt_rp_pin_code_reply rp;
980e1a53 4994
2e58ef3e 4995 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_REPLY, hdev);
980e1a53 4996 if (!cmd)
e669cf80 4997 return;
980e1a53 4998
d8457698 4999 bacpy(&rp.addr.bdaddr, bdaddr);
591f47f3 5000 rp.addr.type = BDADDR_BREDR;
ac56fb13 5001
e669cf80
MH		 5002 cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
5003 mgmt_status(status), &rp, sizeof(rp));
980e1a53 5004
a664b5bc 5005 mgmt_pending_remove(cmd);
980e1a53
JH		 5006}
5007
3eb38528
MH		 5008void mgmt_pin_code_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
5009 u8 status)
980e1a53
JH		 5010{
5011 struct pending_cmd *cmd;
ac56fb13 5012 struct mgmt_rp_pin_code_reply rp;
980e1a53 5013
2e58ef3e 5014 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_NEG_REPLY, hdev);
980e1a53 5015 if (!cmd)
3eb38528 5016 return;
980e1a53 5017
d8457698 5018 bacpy(&rp.addr.bdaddr, bdaddr);
591f47f3 5019 rp.addr.type = BDADDR_BREDR;
ac56fb13 5020
3eb38528
MH		 5021 cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_NEG_REPLY,
5022 mgmt_status(status), &rp, sizeof(rp));
980e1a53 5023
a664b5bc 5024 mgmt_pending_remove(cmd);
980e1a53 5025}
a5c29683 5026
744cf19e 5027int mgmt_user_confirm_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681
GP		 5028 u8 link_type, u8 addr_type, __le32 value,
5029 u8 confirm_hint)
a5c29683
JH		 5030{
5031 struct mgmt_ev_user_confirm_request ev;
5032
744cf19e 5033 BT_DBG("%s", hdev->name);
a5c29683 5034
272d90df 5035 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 5036 ev.addr.type = link_to_bdaddr(link_type, addr_type);
55bc1a37 5037 ev.confirm_hint = confirm_hint;
78e8098e 5038 ev.value = value;
a5c29683 5039
744cf19e 5040 return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST, hdev, &ev, sizeof(ev),
04124681 5041 NULL);
a5c29683
JH		 5042}
5043
272d90df 5044int mgmt_user_passkey_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
8ce8e2b5 5045 u8 link_type, u8 addr_type)
604086b7
BG		 5046{
5047 struct mgmt_ev_user_passkey_request ev;
5048
5049 BT_DBG("%s", hdev->name);
5050
272d90df 5051 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 5052 ev.addr.type = link_to_bdaddr(link_type, addr_type);
604086b7
BG		 5053
5054 return mgmt_event(MGMT_EV_USER_PASSKEY_REQUEST, hdev, &ev, sizeof(ev),
04124681 5055 NULL);
604086b7
BG		 5056}
5057
0df4c185 5058static int user_pairing_resp_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
8ce8e2b5
GP		 5059 u8 link_type, u8 addr_type, u8 status,
5060 u8 opcode)
a5c29683
JH		 5061{
5062 struct pending_cmd *cmd;
5063 struct mgmt_rp_user_confirm_reply rp;
5064 int err;
5065
2e58ef3e 5066 cmd = mgmt_pending_find(opcode, hdev);
a5c29683
JH		 5067 if (!cmd)
5068 return -ENOENT;
5069
272d90df 5070 bacpy(&rp.addr.bdaddr, bdaddr);
57c1477c 5071 rp.addr.type = link_to_bdaddr(link_type, addr_type);
aee9b218 5072 err = cmd_complete(cmd->sk, hdev->id, opcode, mgmt_status(status),
04124681 5073 &rp, sizeof(rp));
a5c29683 5074
a664b5bc 5075 mgmt_pending_remove(cmd);
a5c29683
JH		 5076
5077 return err;
5078}
5079
744cf19e 5080int mgmt_user_confirm_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 5081 u8 link_type, u8 addr_type, u8 status)
a5c29683 5082{
272d90df 5083 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
04124681 5084 status, MGMT_OP_USER_CONFIRM_REPLY);
a5c29683
JH		 5085}
5086
272d90df 5087int mgmt_user_confirm_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 5088 u8 link_type, u8 addr_type, u8 status)
a5c29683 5089{
272d90df 5090 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
8fc9ced3
GP		 5091 status,
5092 MGMT_OP_USER_CONFIRM_NEG_REPLY);
a5c29683 5093}
2a611692 5094
604086b7 5095int mgmt_user_passkey_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 5096 u8 link_type, u8 addr_type, u8 status)
604086b7 5097{
272d90df 5098 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
04124681 5099 status, MGMT_OP_USER_PASSKEY_REPLY);
604086b7
BG		 5100}
5101
272d90df 5102int mgmt_user_passkey_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 5103 u8 link_type, u8 addr_type, u8 status)
604086b7 5104{
272d90df 5105 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
8fc9ced3
GP		 5106 status,
5107 MGMT_OP_USER_PASSKEY_NEG_REPLY);
604086b7
BG		 5108}
5109
92a25256
JH		 5110int mgmt_user_passkey_notify(struct hci_dev *hdev, bdaddr_t *bdaddr,
5111 u8 link_type, u8 addr_type, u32 passkey,
5112 u8 entered)
5113{
5114 struct mgmt_ev_passkey_notify ev;
5115
5116 BT_DBG("%s", hdev->name);
5117
5118 bacpy(&ev.addr.bdaddr, bdaddr);
5119 ev.addr.type = link_to_bdaddr(link_type, addr_type);
5120 ev.passkey = __cpu_to_le32(passkey);
5121 ev.entered = entered;
5122
5123 return mgmt_event(MGMT_EV_PASSKEY_NOTIFY, hdev, &ev, sizeof(ev), NULL);
5124}
5125
e546099c
MH		 5126void mgmt_auth_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
5127 u8 addr_type, u8 status)
2a611692
JH		 5128{
5129 struct mgmt_ev_auth_failed ev;
5130
bab73cb6 5131 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 5132 ev.addr.type = link_to_bdaddr(link_type, addr_type);
ca69b795 5133 ev.status = mgmt_status(status);
2a611692 5134
e546099c 5135 mgmt_event(MGMT_EV_AUTH_FAILED, hdev, &ev, sizeof(ev), NULL);
2a611692 5136}
b312b161 5137
464996ae 5138void mgmt_auth_enable_complete(struct hci_dev *hdev, u8 status)
33ef95ed
JH		 5139{
5140 struct cmd_lookup match = { NULL, hdev };
464996ae 5141 bool changed;
33ef95ed
JH		 5142
5143 if (status) {
5144 u8 mgmt_err = mgmt_status(status);
5145 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev,
04124681 5146 cmd_status_rsp, &mgmt_err);
464996ae 5147 return;
33ef95ed
JH		 5148 }
5149
464996ae
MH		 5150 if (test_bit(HCI_AUTH, &hdev->flags))
5151 changed = !test_and_set_bit(HCI_LINK_SECURITY,
5152 &hdev->dev_flags);
5153 else
5154 changed = test_and_clear_bit(HCI_LINK_SECURITY,
5155 &hdev->dev_flags);
47990ea0 5156
33ef95ed 5157 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev, settings_rsp,
04124681 5158 &match);
33ef95ed 5159
47990ea0 5160 if (changed)
464996ae 5161 new_settings(hdev, match.sk);
33ef95ed
JH		 5162
5163 if (match.sk)
5164 sock_put(match.sk);
33ef95ed
JH		 5165}
5166
890ea898 5167static void clear_eir(struct hci_request *req)
cacaf52f 5168{
890ea898 5169 struct hci_dev *hdev = req->hdev;
cacaf52f
JH		 5170 struct hci_cp_write_eir cp;
5171
976eb20e 5172 if (!lmp_ext_inq_capable(hdev))
890ea898 5173 return;
cacaf52f 5174
c80da27e
JH		 5175 memset(hdev->eir, 0, sizeof(hdev->eir));
5176
cacaf52f
JH		 5177 memset(&cp, 0, sizeof(cp));
5178
890ea898 5179 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
cacaf52f
JH		 5180}
5181
3e248560 5182void mgmt_ssp_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
ed2c4ee3
JH		 5183{
5184 struct cmd_lookup match = { NULL, hdev };
890ea898 5185 struct hci_request req;
c0ecddc2 5186 bool changed = false;
ed2c4ee3
JH		 5187
5188 if (status) {
5189 u8 mgmt_err = mgmt_status(status);
c0ecddc2
JH		 5190
5191 if (enable && test_and_clear_bit(HCI_SSP_ENABLED,
9ecb3e24
MH		 5192 &hdev->dev_flags)) {
5193 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
3e248560 5194 new_settings(hdev, NULL);
9ecb3e24 5195 }
c0ecddc2 5196
04124681
GP		 5197 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, cmd_status_rsp,
5198 &mgmt_err);
3e248560 5199 return;
c0ecddc2
JH		 5200 }
5201
5202 if (enable) {
9ecb3e24 5203 changed = !test_and_set_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
c0ecddc2 5204 } else {
9ecb3e24
MH		 5205 changed = test_and_clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
5206 if (!changed)
5207 changed = test_and_clear_bit(HCI_HS_ENABLED,
5208 &hdev->dev_flags);
5209 else
5210 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
ed2c4ee3
JH		 5211 }
5212
5213 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, settings_rsp, &match);
5214
c0ecddc2 5215 if (changed)
3e248560 5216 new_settings(hdev, match.sk);
ed2c4ee3 5217
5fc6ebb1 5218 if (match.sk)
ed2c4ee3
JH		 5219 sock_put(match.sk);
5220
890ea898
JH		 5221 hci_req_init(&req, hdev);
5222
5fc6ebb1 5223 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
890ea898 5224 update_eir(&req);
5fc6ebb1 5225 else
890ea898
JH		 5226 clear_eir(&req);
5227
5228 hci_req_run(&req, NULL);
ed2c4ee3
JH		 5229}
5230
eac83dc6
MH		 5231void mgmt_sc_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
5232{
5233 struct cmd_lookup match = { NULL, hdev };
5234 bool changed = false;
5235
5236 if (status) {
5237 u8 mgmt_err = mgmt_status(status);
5238
0ab04a9c
MH		 5239 if (enable) {
5240 if (test_and_clear_bit(HCI_SC_ENABLED,
5241 &hdev->dev_flags))
5242 new_settings(hdev, NULL);
5243 clear_bit(HCI_SC_ONLY, &hdev->dev_flags);
5244 }
eac83dc6
MH		 5245
5246 mgmt_pending_foreach(MGMT_OP_SET_SECURE_CONN, hdev,
5247 cmd_status_rsp, &mgmt_err);
5248 return;
5249 }
5250
0ab04a9c 5251 if (enable) {
eac83dc6 5252 changed = !test_and_set_bit(HCI_SC_ENABLED, &hdev->dev_flags);
0ab04a9c 5253 } else {
eac83dc6 5254 changed = test_and_clear_bit(HCI_SC_ENABLED, &hdev->dev_flags);
0ab04a9c
MH		 5255 clear_bit(HCI_SC_ONLY, &hdev->dev_flags);
5256 }
eac83dc6
MH		 5257
5258 mgmt_pending_foreach(MGMT_OP_SET_SECURE_CONN, hdev,
5259 settings_rsp, &match);
5260
5261 if (changed)
5262 new_settings(hdev, match.sk);
5263
5264 if (match.sk)
5265 sock_put(match.sk);
5266}
5267
92da6097 5268static void sk_lookup(struct pending_cmd *cmd, void *data)
90e70454
JH		 5269{
5270 struct cmd_lookup *match = data;
5271
90e70454
JH		 5272 if (match->sk == NULL) {
5273 match->sk = cmd->sk;
5274 sock_hold(match->sk);
5275 }
90e70454
JH		 5276}
5277
4e1b0245
MH		 5278void mgmt_set_class_of_dev_complete(struct hci_dev *hdev, u8 *dev_class,
5279 u8 status)
7f9a903c 5280{
90e70454 5281 struct cmd_lookup match = { NULL, hdev, mgmt_status(status) };
7f9a903c 5282
92da6097
JH		 5283 mgmt_pending_foreach(MGMT_OP_SET_DEV_CLASS, hdev, sk_lookup, &match);
5284 mgmt_pending_foreach(MGMT_OP_ADD_UUID, hdev, sk_lookup, &match);
5285 mgmt_pending_foreach(MGMT_OP_REMOVE_UUID, hdev, sk_lookup, &match);
90e70454
JH		 5286
5287 if (!status)
4e1b0245
MH		 5288 mgmt_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev, dev_class, 3,
5289 NULL);
90e70454
JH		 5290
5291 if (match.sk)
5292 sock_put(match.sk);
7f9a903c
MH		 5293}
5294
7667da34 5295void mgmt_set_local_name_complete(struct hci_dev *hdev, u8 *name, u8 status)
b312b161 5296{
b312b161 5297 struct mgmt_cp_set_local_name ev;
13928971 5298 struct pending_cmd *cmd;
28cc7bde 5299
13928971 5300 if (status)
7667da34 5301 return;
b312b161
JH		 5302
5303 memset(&ev, 0, sizeof(ev));
5304 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH);
28cc7bde 5305 memcpy(ev.short_name, hdev->short_name, HCI_MAX_SHORT_NAME_LENGTH);
b312b161 5306
2e58ef3e 5307 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
13928971
JH		 5308 if (!cmd) {
5309 memcpy(hdev->dev_name, name, sizeof(hdev->dev_name));
28cc7bde 5310
13928971
JH		 5311 /* If this is a HCI command related to powering on the
5312 * HCI dev don't send any mgmt signals.
5313 */
5314 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev))
7667da34 5315 return;
890ea898 5316 }
b312b161 5317
7667da34
MH		 5318 mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, &ev, sizeof(ev),
5319 cmd ? cmd->sk : NULL);
b312b161 5320}
c35938b2 5321
4d2d2796
MH		 5322void mgmt_read_local_oob_data_complete(struct hci_dev *hdev, u8 *hash192,
5323 u8 *randomizer192, u8 *hash256,
5324 u8 *randomizer256, u8 status)
c35938b2
SJ		 5325{
5326 struct pending_cmd *cmd;
c35938b2 5327
744cf19e 5328 BT_DBG("%s status %u", hdev->name, status);
c35938b2 5329
2e58ef3e 5330 cmd = mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev);
c35938b2 5331 if (!cmd)
3edaf092 5332 return;
c35938b2
SJ		 5333
5334 if (status) {
3edaf092
MH		 5335 cmd_status(cmd->sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
5336 mgmt_status(status));
c35938b2 5337 } else {
4d2d2796
MH		 5338 if (test_bit(HCI_SC_ENABLED, &hdev->dev_flags) &&
5339 hash256 && randomizer256) {
5340 struct mgmt_rp_read_local_oob_ext_data rp;
5341
5342 memcpy(rp.hash192, hash192, sizeof(rp.hash192));
5343 memcpy(rp.randomizer192, randomizer192,
5344 sizeof(rp.randomizer192));
c35938b2 5345
4d2d2796
MH		 5346 memcpy(rp.hash256, hash256, sizeof(rp.hash256));
5347 memcpy(rp.randomizer256, randomizer256,
5348 sizeof(rp.randomizer256));
c35938b2 5349
4d2d2796
MH		 5350 cmd_complete(cmd->sk, hdev->id,
5351 MGMT_OP_READ_LOCAL_OOB_DATA, 0,
5352 &rp, sizeof(rp));
5353 } else {
5354 struct mgmt_rp_read_local_oob_data rp;
5355
5356 memcpy(rp.hash, hash192, sizeof(rp.hash));
5357 memcpy(rp.randomizer, randomizer192,
5358 sizeof(rp.randomizer));
5359
5360 cmd_complete(cmd->sk, hdev->id,
5361 MGMT_OP_READ_LOCAL_OOB_DATA, 0,
5362 &rp, sizeof(rp));
5363 }
c35938b2
SJ		 5364 }
5365
5366 mgmt_pending_remove(cmd);
c35938b2 5367}
e17acd40 5368
901801b9
MH		 5369void mgmt_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
5370 u8 addr_type, u8 *dev_class, s8 rssi, u8 cfm_name, u8
5371 ssp, u8 *eir, u16 eir_len)
e17acd40 5372{
e319d2e7
JH		 5373 char buf[512];
5374 struct mgmt_ev_device_found *ev = (void *) buf;
5cedbb8d 5375 struct smp_irk *irk;
1dc06093 5376 size_t ev_size;
e17acd40 5377
12602d0c 5378 if (!hci_discovery_active(hdev))
901801b9 5379 return;
12602d0c 5380
1dc06093
JH		 5381 /* Leave 5 bytes for a potential CoD field */
5382 if (sizeof(*ev) + eir_len + 5 > sizeof(buf))
901801b9 5383 return;
7d262f86 5384
1dc06093
JH		 5385 memset(buf, 0, sizeof(buf));
5386
5cedbb8d
JH		 5387 irk = hci_get_irk(hdev, bdaddr, addr_type);
5388 if (irk) {
5389 bacpy(&ev->addr.bdaddr, &irk->bdaddr);
5390 ev->addr.type = link_to_bdaddr(link_type, irk->addr_type);
5391 } else {
5392 bacpy(&ev->addr.bdaddr, bdaddr);
5393 ev->addr.type = link_to_bdaddr(link_type, addr_type);
5394 }
5395
e319d2e7 5396 ev->rssi = rssi;
9a395a80 5397 if (cfm_name)
612dfce9 5398 ev->flags |= __constant_cpu_to_le32(MGMT_DEV_FOUND_CONFIRM_NAME);
388fc8fa 5399 if (!ssp)
612dfce9 5400 ev->flags |= __constant_cpu_to_le32(MGMT_DEV_FOUND_LEGACY_PAIRING);
e17acd40 5401
1dc06093 5402 if (eir_len > 0)
e319d2e7 5403 memcpy(ev->eir, eir, eir_len);
e17acd40 5404
1dc06093
JH		 5405 if (dev_class && !eir_has_data_type(ev->eir, eir_len, EIR_CLASS_OF_DEV))
5406 eir_len = eir_append_data(ev->eir, eir_len, EIR_CLASS_OF_DEV,
04124681 5407 dev_class, 3);
1dc06093 5408
eb55ef07 5409 ev->eir_len = cpu_to_le16(eir_len);
1dc06093 5410 ev_size = sizeof(*ev) + eir_len;
f8523598 5411
901801b9 5412 mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, ev_size, NULL);
e17acd40 5413}
a88a9652 5414
9cf12aee
MH		 5415void mgmt_remote_name(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
5416 u8 addr_type, s8 rssi, u8 *name, u8 name_len)
a88a9652 5417{
b644ba33
JH		 5418 struct mgmt_ev_device_found *ev;
5419 char buf[sizeof(*ev) + HCI_MAX_NAME_LENGTH + 2];
5420 u16 eir_len;
a88a9652 5421
b644ba33 5422 ev = (struct mgmt_ev_device_found *) buf;
a88a9652 5423
b644ba33
JH		 5424 memset(buf, 0, sizeof(buf));
5425
5426 bacpy(&ev->addr.bdaddr, bdaddr);
57c1477c 5427 ev->addr.type = link_to_bdaddr(link_type, addr_type);
b644ba33
JH		 5428 ev->rssi = rssi;
5429
5430 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE, name,
04124681 5431 name_len);
b644ba33 5432
eb55ef07 5433 ev->eir_len = cpu_to_le16(eir_len);
a88a9652 5434
9cf12aee 5435 mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, sizeof(*ev) + eir_len, NULL);
a88a9652 5436}
314b2381 5437
2f1e063b 5438void mgmt_discovering(struct hci_dev *hdev, u8 discovering)
314b2381 5439{
f963e8e9 5440 struct mgmt_ev_discovering ev;
164a6e78
JH		 5441 struct pending_cmd *cmd;
5442
343fb145
AG		 5443 BT_DBG("%s discovering %u", hdev->name, discovering);
5444
164a6e78 5445 if (discovering)
2e58ef3e 5446 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
164a6e78 5447 else
2e58ef3e 5448 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
164a6e78
JH		 5449
5450 if (cmd != NULL) {
f808e166
JH		 5451 u8 type = hdev->discovery.type;
5452
04124681
GP		 5453 cmd_complete(cmd->sk, hdev->id, cmd->opcode, 0, &type,
5454 sizeof(type));
164a6e78
JH		 5455 mgmt_pending_remove(cmd);
5456 }
5457
f963e8e9
JH		 5458 memset(&ev, 0, sizeof(ev));
5459 ev.type = hdev->discovery.type;
5460 ev.discovering = discovering;
5461
2f1e063b 5462 mgmt_event(MGMT_EV_DISCOVERING, hdev, &ev, sizeof(ev), NULL);
314b2381 5463}
5e762444 5464
88c1fe4b 5465int mgmt_device_blocked(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
5e762444
AJ		 5466{
5467 struct pending_cmd *cmd;
5468 struct mgmt_ev_device_blocked ev;
5469
2e58ef3e 5470 cmd = mgmt_pending_find(MGMT_OP_BLOCK_DEVICE, hdev);
5e762444 5471
88c1fe4b
JH		 5472 bacpy(&ev.addr.bdaddr, bdaddr);
5473 ev.addr.type = type;
5e762444 5474
744cf19e 5475 return mgmt_event(MGMT_EV_DEVICE_BLOCKED, hdev, &ev, sizeof(ev),
04124681 5476 cmd ? cmd->sk : NULL);
5e762444
AJ		 5477}
5478
88c1fe4b 5479int mgmt_device_unblocked(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
5e762444
AJ		 5480{
5481 struct pending_cmd *cmd;
5482 struct mgmt_ev_device_unblocked ev;
5483
2e58ef3e 5484 cmd = mgmt_pending_find(MGMT_OP_UNBLOCK_DEVICE, hdev);
5e762444 5485
88c1fe4b
JH		 5486 bacpy(&ev.addr.bdaddr, bdaddr);
5487 ev.addr.type = type;
5e762444 5488
744cf19e 5489 return mgmt_event(MGMT_EV_DEVICE_UNBLOCKED, hdev, &ev, sizeof(ev),
04124681 5490 cmd ? cmd->sk : NULL);
5e762444 5491}
5976e608
MH		 5492
5493static void adv_enable_complete(struct hci_dev *hdev, u8 status)
5494{
5495 BT_DBG("%s status %u", hdev->name, status);
5496
5497 /* Clear the advertising mgmt setting if we failed to re-enable it */
5498 if (status) {
5499 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
a6d811ed 5500 new_settings(hdev, NULL);
5976e608
MH		 5501 }
5502}
5503
5504void mgmt_reenable_advertising(struct hci_dev *hdev)
5505{
5506 struct hci_request req;
5507
b145edcd 5508 if (hci_conn_num(hdev, LE_LINK) > 0)
5976e608
MH		 5509 return;
5510
5511 if (!test_bit(HCI_ADVERTISING, &hdev->dev_flags))
5512 return;
5513
5514 hci_req_init(&req, hdev);
5515 enable_advertising(&req);
5516
5517 /* If this fails we have no option but to let user space know
5518 * that we've disabled advertising.
5519 */
5520 if (hci_req_run(&req, adv_enable_complete) < 0) {
5521 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
a6d811ed 5522 new_settings(hdev, NULL);
5976e608
MH		 5523 }
5524}
Linux kernel - Deliverables
This page took 0.85893 seconds and 5 git commands to generate.