projects / deliverable / linux.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Bluetooth: Remove empty event handler
[deliverable/linux.git] / net / bluetooth / mgmt.c
CommitLineData
0381101f
JH		 1/*
2 BlueZ - Bluetooth protocol stack for Linux
ea585ab5 3
0381101f 4 Copyright (C) 2010 Nokia Corporation
ea585ab5 5 Copyright (C) 2011-2012 Intel Corporation
0381101f
JH		 6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
10
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
23*/
24
25/* Bluetooth HCI Management interface */
26
3a9a231d 27#include <linux/module.h>
0381101f
JH		 28#include <asm/unaligned.h>
29
30#include <net/bluetooth/bluetooth.h>
31#include <net/bluetooth/hci_core.h>
32#include <net/bluetooth/mgmt.h>
5fe57d9e 33#include <net/bluetooth/smp.h>
0381101f 34
d7b7e796 35bool enable_hs;
d7b7e796 36
2da9c55c 37#define MGMT_VERSION 1
3810285c 38#define MGMT_REVISION 3
02d98129 39
e70bb2e8
JH		 40static const u16 mgmt_commands[] = {
41 MGMT_OP_READ_INDEX_LIST,
42 MGMT_OP_READ_INFO,
43 MGMT_OP_SET_POWERED,
44 MGMT_OP_SET_DISCOVERABLE,
45 MGMT_OP_SET_CONNECTABLE,
46 MGMT_OP_SET_FAST_CONNECTABLE,
47 MGMT_OP_SET_PAIRABLE,
48 MGMT_OP_SET_LINK_SECURITY,
49 MGMT_OP_SET_SSP,
50 MGMT_OP_SET_HS,
51 MGMT_OP_SET_LE,
52 MGMT_OP_SET_DEV_CLASS,
53 MGMT_OP_SET_LOCAL_NAME,
54 MGMT_OP_ADD_UUID,
55 MGMT_OP_REMOVE_UUID,
56 MGMT_OP_LOAD_LINK_KEYS,
57 MGMT_OP_LOAD_LONG_TERM_KEYS,
58 MGMT_OP_DISCONNECT,
59 MGMT_OP_GET_CONNECTIONS,
60 MGMT_OP_PIN_CODE_REPLY,
61 MGMT_OP_PIN_CODE_NEG_REPLY,
62 MGMT_OP_SET_IO_CAPABILITY,
63 MGMT_OP_PAIR_DEVICE,
64 MGMT_OP_CANCEL_PAIR_DEVICE,
65 MGMT_OP_UNPAIR_DEVICE,
66 MGMT_OP_USER_CONFIRM_REPLY,
67 MGMT_OP_USER_CONFIRM_NEG_REPLY,
68 MGMT_OP_USER_PASSKEY_REPLY,
69 MGMT_OP_USER_PASSKEY_NEG_REPLY,
70 MGMT_OP_READ_LOCAL_OOB_DATA,
71 MGMT_OP_ADD_REMOTE_OOB_DATA,
72 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
73 MGMT_OP_START_DISCOVERY,
74 MGMT_OP_STOP_DISCOVERY,
75 MGMT_OP_CONFIRM_NAME,
76 MGMT_OP_BLOCK_DEVICE,
77 MGMT_OP_UNBLOCK_DEVICE,
cdbaccca 78 MGMT_OP_SET_DEVICE_ID,
e70bb2e8
JH		 79};
80
81static const u16 mgmt_events[] = {
82 MGMT_EV_CONTROLLER_ERROR,
83 MGMT_EV_INDEX_ADDED,
84 MGMT_EV_INDEX_REMOVED,
85 MGMT_EV_NEW_SETTINGS,
86 MGMT_EV_CLASS_OF_DEV_CHANGED,
87 MGMT_EV_LOCAL_NAME_CHANGED,
88 MGMT_EV_NEW_LINK_KEY,
89 MGMT_EV_NEW_LONG_TERM_KEY,
90 MGMT_EV_DEVICE_CONNECTED,
91 MGMT_EV_DEVICE_DISCONNECTED,
92 MGMT_EV_CONNECT_FAILED,
93 MGMT_EV_PIN_CODE_REQUEST,
94 MGMT_EV_USER_CONFIRM_REQUEST,
95 MGMT_EV_USER_PASSKEY_REQUEST,
96 MGMT_EV_AUTH_FAILED,
97 MGMT_EV_DEVICE_FOUND,
98 MGMT_EV_DISCOVERING,
99 MGMT_EV_DEVICE_BLOCKED,
100 MGMT_EV_DEVICE_UNBLOCKED,
101 MGMT_EV_DEVICE_UNPAIRED,
92a25256 102 MGMT_EV_PASSKEY_NOTIFY,
e70bb2e8
JH		 103};
104
17b02e62 105#define CACHE_TIMEOUT msecs_to_jiffies(2 * 1000)
7d78525d 106
4b34ee78
JH		 107#define hdev_is_powered(hdev) (test_bit(HCI_UP, &hdev->flags) && \
108 !test_bit(HCI_AUTO_OFF, &hdev->dev_flags))
109
eec8d2bc
JH		 110struct pending_cmd {
111 struct list_head list;
fc2f4b13 112 u16 opcode;
eec8d2bc 113 int index;
c68fb7ff 114 void *param;
eec8d2bc 115 struct sock *sk;
e9a416b5 116 void *user_data;
eec8d2bc
JH		 117};
118
ca69b795
JH		 119/* HCI to MGMT error code conversion table */
120static u8 mgmt_status_table[] = {
121 MGMT_STATUS_SUCCESS,
122 MGMT_STATUS_UNKNOWN_COMMAND, /* Unknown Command */
123 MGMT_STATUS_NOT_CONNECTED, /* No Connection */
124 MGMT_STATUS_FAILED, /* Hardware Failure */
125 MGMT_STATUS_CONNECT_FAILED, /* Page Timeout */
126 MGMT_STATUS_AUTH_FAILED, /* Authentication Failed */
127 MGMT_STATUS_NOT_PAIRED, /* PIN or Key Missing */
128 MGMT_STATUS_NO_RESOURCES, /* Memory Full */
129 MGMT_STATUS_TIMEOUT, /* Connection Timeout */
130 MGMT_STATUS_NO_RESOURCES, /* Max Number of Connections */
131 MGMT_STATUS_NO_RESOURCES, /* Max Number of SCO Connections */
132 MGMT_STATUS_ALREADY_CONNECTED, /* ACL Connection Exists */
133 MGMT_STATUS_BUSY, /* Command Disallowed */
134 MGMT_STATUS_NO_RESOURCES, /* Rejected Limited Resources */
135 MGMT_STATUS_REJECTED, /* Rejected Security */
136 MGMT_STATUS_REJECTED, /* Rejected Personal */
137 MGMT_STATUS_TIMEOUT, /* Host Timeout */
138 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Feature */
139 MGMT_STATUS_INVALID_PARAMS, /* Invalid Parameters */
140 MGMT_STATUS_DISCONNECTED, /* OE User Ended Connection */
141 MGMT_STATUS_NO_RESOURCES, /* OE Low Resources */
142 MGMT_STATUS_DISCONNECTED, /* OE Power Off */
143 MGMT_STATUS_DISCONNECTED, /* Connection Terminated */
144 MGMT_STATUS_BUSY, /* Repeated Attempts */
145 MGMT_STATUS_REJECTED, /* Pairing Not Allowed */
146 MGMT_STATUS_FAILED, /* Unknown LMP PDU */
147 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Remote Feature */
148 MGMT_STATUS_REJECTED, /* SCO Offset Rejected */
149 MGMT_STATUS_REJECTED, /* SCO Interval Rejected */
150 MGMT_STATUS_REJECTED, /* Air Mode Rejected */
151 MGMT_STATUS_INVALID_PARAMS, /* Invalid LMP Parameters */
152 MGMT_STATUS_FAILED, /* Unspecified Error */
153 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported LMP Parameter Value */
154 MGMT_STATUS_FAILED, /* Role Change Not Allowed */
155 MGMT_STATUS_TIMEOUT, /* LMP Response Timeout */
156 MGMT_STATUS_FAILED, /* LMP Error Transaction Collision */
157 MGMT_STATUS_FAILED, /* LMP PDU Not Allowed */
158 MGMT_STATUS_REJECTED, /* Encryption Mode Not Accepted */
159 MGMT_STATUS_FAILED, /* Unit Link Key Used */
160 MGMT_STATUS_NOT_SUPPORTED, /* QoS Not Supported */
161 MGMT_STATUS_TIMEOUT, /* Instant Passed */
162 MGMT_STATUS_NOT_SUPPORTED, /* Pairing Not Supported */
163 MGMT_STATUS_FAILED, /* Transaction Collision */
164 MGMT_STATUS_INVALID_PARAMS, /* Unacceptable Parameter */
165 MGMT_STATUS_REJECTED, /* QoS Rejected */
166 MGMT_STATUS_NOT_SUPPORTED, /* Classification Not Supported */
167 MGMT_STATUS_REJECTED, /* Insufficient Security */
168 MGMT_STATUS_INVALID_PARAMS, /* Parameter Out Of Range */
169 MGMT_STATUS_BUSY, /* Role Switch Pending */
170 MGMT_STATUS_FAILED, /* Slot Violation */
171 MGMT_STATUS_FAILED, /* Role Switch Failed */
172 MGMT_STATUS_INVALID_PARAMS, /* EIR Too Large */
173 MGMT_STATUS_NOT_SUPPORTED, /* Simple Pairing Not Supported */
174 MGMT_STATUS_BUSY, /* Host Busy Pairing */
175 MGMT_STATUS_REJECTED, /* Rejected, No Suitable Channel */
176 MGMT_STATUS_BUSY, /* Controller Busy */
177 MGMT_STATUS_INVALID_PARAMS, /* Unsuitable Connection Interval */
178 MGMT_STATUS_TIMEOUT, /* Directed Advertising Timeout */
179 MGMT_STATUS_AUTH_FAILED, /* Terminated Due to MIC Failure */
180 MGMT_STATUS_CONNECT_FAILED, /* Connection Establishment Failed */
181 MGMT_STATUS_CONNECT_FAILED, /* MAC Connection Failed */
182};
183
bb4b2a9a
AE		 184bool mgmt_valid_hdev(struct hci_dev *hdev)
185{
186 return hdev->dev_type == HCI_BREDR;
187}
188
ca69b795
JH		 189static u8 mgmt_status(u8 hci_status)
190{
191 if (hci_status < ARRAY_SIZE(mgmt_status_table))
192 return mgmt_status_table[hci_status];
193
194 return MGMT_STATUS_FAILED;
195}
196
4e51eae9 197static int cmd_status(struct sock *sk, u16 index, u16 cmd, u8 status)
f7b64e69
JH		 198{
199 struct sk_buff *skb;
200 struct mgmt_hdr *hdr;
201 struct mgmt_ev_cmd_status *ev;
56b7d137 202 int err;
f7b64e69 203
34eb525c 204 BT_DBG("sock %p, index %u, cmd %u, status %u", sk, index, cmd, status);
f7b64e69 205
790eff44 206 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev), GFP_KERNEL);
f7b64e69
JH		 207 if (!skb)
208 return -ENOMEM;
209
210 hdr = (void *) skb_put(skb, sizeof(*hdr));
211
612dfce9 212 hdr->opcode = __constant_cpu_to_le16(MGMT_EV_CMD_STATUS);
4e51eae9 213 hdr->index = cpu_to_le16(index);
f7b64e69
JH		 214 hdr->len = cpu_to_le16(sizeof(*ev));
215
216 ev = (void *) skb_put(skb, sizeof(*ev));
217 ev->status = status;
eb55ef07 218 ev->opcode = cpu_to_le16(cmd);
f7b64e69 219
56b7d137
GP		 220 err = sock_queue_rcv_skb(sk, skb);
221 if (err < 0)
f7b64e69
JH		 222 kfree_skb(skb);
223
56b7d137 224 return err;
f7b64e69
JH		 225}
226
aee9b218 227static int cmd_complete(struct sock *sk, u16 index, u16 cmd, u8 status,
04124681 228 void *rp, size_t rp_len)
02d98129
JH		 229{
230 struct sk_buff *skb;
231 struct mgmt_hdr *hdr;
232 struct mgmt_ev_cmd_complete *ev;
56b7d137 233 int err;
02d98129
JH		 234
235 BT_DBG("sock %p", sk);
236
790eff44 237 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev) + rp_len, GFP_KERNEL);
02d98129
JH		 238 if (!skb)
239 return -ENOMEM;
240
241 hdr = (void *) skb_put(skb, sizeof(*hdr));
02d98129 242
612dfce9 243 hdr->opcode = __constant_cpu_to_le16(MGMT_EV_CMD_COMPLETE);
4e51eae9 244 hdr->index = cpu_to_le16(index);
a38528f1 245 hdr->len = cpu_to_le16(sizeof(*ev) + rp_len);
02d98129 246
a38528f1 247 ev = (void *) skb_put(skb, sizeof(*ev) + rp_len);
eb55ef07 248 ev->opcode = cpu_to_le16(cmd);
aee9b218 249 ev->status = status;
8020c16a
SJ		 250
251 if (rp)
252 memcpy(ev->data, rp, rp_len);
02d98129 253
56b7d137
GP		 254 err = sock_queue_rcv_skb(sk, skb);
255 if (err < 0)
02d98129
JH		 256 kfree_skb(skb);
257
e5f0e151 258 return err;
02d98129
JH		 259}
260
04124681
GP		 261static int read_version(struct sock *sk, struct hci_dev *hdev, void *data,
262 u16 data_len)
a38528f1
JH		 263{
264 struct mgmt_rp_read_version rp;
265
266 BT_DBG("sock %p", sk);
267
268 rp.version = MGMT_VERSION;
eb55ef07 269 rp.revision = __constant_cpu_to_le16(MGMT_REVISION);
a38528f1 270
aee9b218 271 return cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_VERSION, 0, &rp,
04124681 272 sizeof(rp));
a38528f1
JH		 273}
274
04124681
GP		 275static int read_commands(struct sock *sk, struct hci_dev *hdev, void *data,
276 u16 data_len)
e70bb2e8
JH		 277{
278 struct mgmt_rp_read_commands *rp;
eb55ef07
MH		 279 const u16 num_commands = ARRAY_SIZE(mgmt_commands);
280 const u16 num_events = ARRAY_SIZE(mgmt_events);
2e3c35ea 281 __le16 *opcode;
e70bb2e8
JH		 282 size_t rp_size;
283 int i, err;
284
285 BT_DBG("sock %p", sk);
286
287 rp_size = sizeof(*rp) + ((num_commands + num_events) * sizeof(u16));
288
289 rp = kmalloc(rp_size, GFP_KERNEL);
290 if (!rp)
291 return -ENOMEM;
292
eb55ef07
MH		 293 rp->num_commands = __constant_cpu_to_le16(num_commands);
294 rp->num_events = __constant_cpu_to_le16(num_events);
e70bb2e8
JH		 295
296 for (i = 0, opcode = rp->opcodes; i < num_commands; i++, opcode++)
297 put_unaligned_le16(mgmt_commands[i], opcode);
298
299 for (i = 0; i < num_events; i++, opcode++)
300 put_unaligned_le16(mgmt_events[i], opcode);
301
aee9b218 302 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_COMMANDS, 0, rp,
04124681 303 rp_size);
e70bb2e8
JH		 304 kfree(rp);
305
306 return err;
307}
308
04124681
GP		 309static int read_index_list(struct sock *sk, struct hci_dev *hdev, void *data,
310 u16 data_len)
faba42eb 311{
faba42eb 312 struct mgmt_rp_read_index_list *rp;
8035ded4 313 struct hci_dev *d;
a38528f1 314 size_t rp_len;
faba42eb 315 u16 count;
476e44cb 316 int err;
faba42eb
JH		 317
318 BT_DBG("sock %p", sk);
319
320 read_lock(&hci_dev_list_lock);
321
322 count = 0;
bb4b2a9a
AE		 323 list_for_each_entry(d, &hci_dev_list, list) {
324 if (!mgmt_valid_hdev(d))
325 continue;
326
faba42eb
JH		 327 count++;
328 }
329
a38528f1
JH		 330 rp_len = sizeof(*rp) + (2 * count);
331 rp = kmalloc(rp_len, GFP_ATOMIC);
332 if (!rp) {
b2c60d42 333 read_unlock(&hci_dev_list_lock);
faba42eb 334 return -ENOMEM;
b2c60d42 335 }
faba42eb 336
476e44cb 337 count = 0;
8035ded4 338 list_for_each_entry(d, &hci_dev_list, list) {
a8b2d5c2 339 if (test_bit(HCI_SETUP, &d->dev_flags))
ab81cbf9
JH		 340 continue;
341
bb4b2a9a
AE		 342 if (!mgmt_valid_hdev(d))
343 continue;
344
476e44cb 345 rp->index[count++] = cpu_to_le16(d->id);
faba42eb
JH		 346 BT_DBG("Added hci%u", d->id);
347 }
348
476e44cb
JH		 349 rp->num_controllers = cpu_to_le16(count);
350 rp_len = sizeof(*rp) + (2 * count);
351
faba42eb
JH		 352 read_unlock(&hci_dev_list_lock);
353
aee9b218 354 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_INDEX_LIST, 0, rp,
04124681 355 rp_len);
faba42eb 356
a38528f1
JH		 357 kfree(rp);
358
359 return err;
faba42eb
JH		 360}
361
69ab39ea
JH		 362static u32 get_supported_settings(struct hci_dev *hdev)
363{
364 u32 settings = 0;
365
366 settings |= MGMT_SETTING_POWERED;
69ab39ea
JH		 367 settings |= MGMT_SETTING_PAIRABLE;
368
9a1a1996 369 if (lmp_ssp_capable(hdev))
69ab39ea
JH		 370 settings |= MGMT_SETTING_SSP;
371
ed3fa31f 372 if (lmp_bredr_capable(hdev)) {
33c525c0 373 settings |= MGMT_SETTING_CONNECTABLE;
1a47aee8
JH		 374 if (hdev->hci_ver >= BLUETOOTH_VER_1_2)
375 settings |= MGMT_SETTING_FAST_CONNECTABLE;
33c525c0 376 settings |= MGMT_SETTING_DISCOVERABLE;
69ab39ea
JH		 377 settings |= MGMT_SETTING_BREDR;
378 settings |= MGMT_SETTING_LINK_SECURITY;
379 }
380
d7b7e796
MH		 381 if (enable_hs)
382 settings |= MGMT_SETTING_HS;
383
c383ddc4 384 if (lmp_le_capable(hdev))
9d42820f 385 settings |= MGMT_SETTING_LE;
69ab39ea
JH		 386
387 return settings;
388}
389
390static u32 get_current_settings(struct hci_dev *hdev)
391{
392 u32 settings = 0;
393
f1f0eb02 394 if (hdev_is_powered(hdev))
f0d4b78a
MH		 395 settings |= MGMT_SETTING_POWERED;
396
5e5282bb 397 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
69ab39ea
JH		 398 settings |= MGMT_SETTING_CONNECTABLE;
399
1a4d3c4b
JH		 400 if (test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags))
401 settings |= MGMT_SETTING_FAST_CONNECTABLE;
402
5e5282bb 403 if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
69ab39ea
JH		 404 settings |= MGMT_SETTING_DISCOVERABLE;
405
a8b2d5c2 406 if (test_bit(HCI_PAIRABLE, &hdev->dev_flags))
69ab39ea
JH		 407 settings |= MGMT_SETTING_PAIRABLE;
408
ed3fa31f 409 if (lmp_bredr_capable(hdev))
69ab39ea
JH		 410 settings |= MGMT_SETTING_BREDR;
411
06199cf8 412 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
69ab39ea
JH		 413 settings |= MGMT_SETTING_LE;
414
47990ea0 415 if (test_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
69ab39ea
JH		 416 settings |= MGMT_SETTING_LINK_SECURITY;
417
84bde9d6 418 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
69ab39ea
JH		 419 settings |= MGMT_SETTING_SSP;
420
6d80dfd0
JH		 421 if (test_bit(HCI_HS_ENABLED, &hdev->dev_flags))
422 settings |= MGMT_SETTING_HS;
423
69ab39ea
JH		 424 return settings;
425}
426
ef580372
JH		 427#define PNP_INFO_SVCLASS_ID 0x1200
428
213202ed
JH		 429static u8 *create_uuid16_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
430{
431 u8 *ptr = data, *uuids_start = NULL;
432 struct bt_uuid *uuid;
433
434 if (len < 4)
435 return ptr;
436
437 list_for_each_entry(uuid, &hdev->uuids, list) {
438 u16 uuid16;
439
440 if (uuid->size != 16)
441 continue;
442
443 uuid16 = get_unaligned_le16(&uuid->uuid[12]);
444 if (uuid16 < 0x1100)
445 continue;
446
447 if (uuid16 == PNP_INFO_SVCLASS_ID)
448 continue;
449
450 if (!uuids_start) {
451 uuids_start = ptr;
452 uuids_start[0] = 1;
453 uuids_start[1] = EIR_UUID16_ALL;
454 ptr += 2;
455 }
456
457 /* Stop if not enough space to put next UUID */
458 if ((ptr - data) + sizeof(u16) > len) {
459 uuids_start[1] = EIR_UUID16_SOME;
460 break;
461 }
462
463 *ptr++ = (uuid16 & 0x00ff);
464 *ptr++ = (uuid16 & 0xff00) >> 8;
465 uuids_start[0] += sizeof(uuid16);
466 }
467
468 return ptr;
469}
470
cdf1963f
JH		 471static u8 *create_uuid32_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
472{
473 u8 *ptr = data, *uuids_start = NULL;
474 struct bt_uuid *uuid;
475
476 if (len < 6)
477 return ptr;
478
479 list_for_each_entry(uuid, &hdev->uuids, list) {
480 if (uuid->size != 32)
481 continue;
482
483 if (!uuids_start) {
484 uuids_start = ptr;
485 uuids_start[0] = 1;
486 uuids_start[1] = EIR_UUID32_ALL;
487 ptr += 2;
488 }
489
490 /* Stop if not enough space to put next UUID */
491 if ((ptr - data) + sizeof(u32) > len) {
492 uuids_start[1] = EIR_UUID32_SOME;
493 break;
494 }
495
496 memcpy(ptr, &uuid->uuid[12], sizeof(u32));
497 ptr += sizeof(u32);
498 uuids_start[0] += sizeof(u32);
499 }
500
501 return ptr;
502}
503
c00d575b
JH		 504static u8 *create_uuid128_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
505{
506 u8 *ptr = data, *uuids_start = NULL;
507 struct bt_uuid *uuid;
508
509 if (len < 18)
510 return ptr;
511
512 list_for_each_entry(uuid, &hdev->uuids, list) {
513 if (uuid->size != 128)
514 continue;
515
516 if (!uuids_start) {
517 uuids_start = ptr;
518 uuids_start[0] = 1;
519 uuids_start[1] = EIR_UUID128_ALL;
520 ptr += 2;
521 }
522
523 /* Stop if not enough space to put next UUID */
524 if ((ptr - data) + 16 > len) {
525 uuids_start[1] = EIR_UUID128_SOME;
526 break;
527 }
528
529 memcpy(ptr, uuid->uuid, 16);
530 ptr += 16;
531 uuids_start[0] += 16;
532 }
533
534 return ptr;
535}
536
ef580372
JH		 537static void create_eir(struct hci_dev *hdev, u8 *data)
538{
539 u8 *ptr = data;
ef580372
JH		 540 size_t name_len;
541
542 name_len = strlen(hdev->dev_name);
543
544 if (name_len > 0) {
545 /* EIR Data type */
546 if (name_len > 48) {
547 name_len = 48;
548 ptr[1] = EIR_NAME_SHORT;
549 } else
550 ptr[1] = EIR_NAME_COMPLETE;
551
552 /* EIR Data length */
553 ptr[0] = name_len + 1;
554
555 memcpy(ptr + 2, hdev->dev_name, name_len);
556
ef580372
JH		 557 ptr += (name_len + 2);
558 }
559
bbaf444a 560 if (hdev->inq_tx_power != HCI_TX_POWER_INVALID) {
91c4e9b1
MH		 561 ptr[0] = 2;
562 ptr[1] = EIR_TX_POWER;
563 ptr[2] = (u8) hdev->inq_tx_power;
564
91c4e9b1
MH		 565 ptr += 3;
566 }
567
2b9be137
MH		 568 if (hdev->devid_source > 0) {
569 ptr[0] = 9;
570 ptr[1] = EIR_DEVICE_ID;
571
572 put_unaligned_le16(hdev->devid_source, ptr + 2);
573 put_unaligned_le16(hdev->devid_vendor, ptr + 4);
574 put_unaligned_le16(hdev->devid_product, ptr + 6);
575 put_unaligned_le16(hdev->devid_version, ptr + 8);
576
2b9be137
MH		 577 ptr += 10;
578 }
579
213202ed 580 ptr = create_uuid16_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
cdf1963f 581 ptr = create_uuid32_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
c00d575b 582 ptr = create_uuid128_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
ef580372
JH		 583}
584
890ea898 585static void update_eir(struct hci_request *req)
ef580372 586{
890ea898 587 struct hci_dev *hdev = req->hdev;
ef580372
JH		 588 struct hci_cp_write_eir cp;
589
504c8dcd 590 if (!hdev_is_powered(hdev))
890ea898 591 return;
7770c4aa 592
976eb20e 593 if (!lmp_ext_inq_capable(hdev))
890ea898 594 return;
ef580372 595
84bde9d6 596 if (!test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
890ea898 597 return;
ef580372 598
a8b2d5c2 599 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
890ea898 600 return;
ef580372
JH		 601
602 memset(&cp, 0, sizeof(cp));
603
604 create_eir(hdev, cp.data);
605
606 if (memcmp(cp.data, hdev->eir, sizeof(cp.data)) == 0)
890ea898 607 return;
ef580372
JH		 608
609 memcpy(hdev->eir, cp.data, sizeof(cp.data));
610
890ea898 611 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
ef580372
JH		 612}
613
614static u8 get_service_classes(struct hci_dev *hdev)
615{
616 struct bt_uuid *uuid;
617 u8 val = 0;
618
619 list_for_each_entry(uuid, &hdev->uuids, list)
620 val |= uuid->svc_hint;
621
622 return val;
623}
624
890ea898 625static void update_class(struct hci_request *req)
ef580372 626{
890ea898 627 struct hci_dev *hdev = req->hdev;
ef580372
JH		 628 u8 cod[3];
629
630 BT_DBG("%s", hdev->name);
631
504c8dcd 632 if (!hdev_is_powered(hdev))
890ea898 633 return;
7770c4aa 634
a8b2d5c2 635 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
890ea898 636 return;
ef580372
JH		 637
638 cod[0] = hdev->minor_class;
639 cod[1] = hdev->major_class;
640 cod[2] = get_service_classes(hdev);
641
642 if (memcmp(cod, hdev->dev_class, 3) == 0)
890ea898 643 return;
ef580372 644
890ea898 645 hci_req_add(req, HCI_OP_WRITE_CLASS_OF_DEV, sizeof(cod), cod);
ef580372
JH		 646}
647
7d78525d
JH		 648static void service_cache_off(struct work_struct *work)
649{
650 struct hci_dev *hdev = container_of(work, struct hci_dev,
04124681 651 service_cache.work);
890ea898 652 struct hci_request req;
7d78525d 653
a8b2d5c2 654 if (!test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
7d78525d
JH		 655 return;
656
890ea898
JH		 657 hci_req_init(&req, hdev);
658
7d78525d
JH		 659 hci_dev_lock(hdev);
660
890ea898
JH		 661 update_eir(&req);
662 update_class(&req);
7d78525d
JH		 663
664 hci_dev_unlock(hdev);
890ea898
JH		 665
666 hci_req_run(&req, NULL);
7d78525d
JH		 667}
668
6a919082 669static void mgmt_init_hdev(struct sock *sk, struct hci_dev *hdev)
7d78525d 670{
4f87da80 671 if (test_and_set_bit(HCI_MGMT, &hdev->dev_flags))
6a919082
JH		 672 return;
673
4f87da80 674 INIT_DELAYED_WORK(&hdev->service_cache, service_cache_off);
7d78525d 675
4f87da80
JH		 676 /* Non-mgmt controlled devices get this bit set
677 * implicitly so that pairing works for them, however
678 * for mgmt we require user-space to explicitly enable
679 * it
680 */
681 clear_bit(HCI_PAIRABLE, &hdev->dev_flags);
7d78525d
JH		 682}
683
0f4e68cf 684static int read_controller_info(struct sock *sk, struct hci_dev *hdev,
04124681 685 void *data, u16 data_len)
0381101f 686{
a38528f1 687 struct mgmt_rp_read_info rp;
f7b64e69 688
bdb6d971 689 BT_DBG("sock %p %s", sk, hdev->name);
f7b64e69 690
09fd0de5 691 hci_dev_lock(hdev);
f7b64e69 692
dc4fe30b
JH		 693 memset(&rp, 0, sizeof(rp));
694
69ab39ea 695 bacpy(&rp.bdaddr, &hdev->bdaddr);
f7b64e69 696
69ab39ea 697 rp.version = hdev->hci_ver;
eb55ef07 698 rp.manufacturer = cpu_to_le16(hdev->manufacturer);
69ab39ea
JH		 699
700 rp.supported_settings = cpu_to_le32(get_supported_settings(hdev));
701 rp.current_settings = cpu_to_le32(get_current_settings(hdev));
f7b64e69 702
a38528f1 703 memcpy(rp.dev_class, hdev->dev_class, 3);
f7b64e69 704
dc4fe30b 705 memcpy(rp.name, hdev->dev_name, sizeof(hdev->dev_name));
27fcc362 706 memcpy(rp.short_name, hdev->short_name, sizeof(hdev->short_name));
dc4fe30b 707
09fd0de5 708 hci_dev_unlock(hdev);
0381101f 709
bdb6d971 710 return cmd_complete(sk, hdev->id, MGMT_OP_READ_INFO, 0, &rp,
04124681 711 sizeof(rp));
0381101f
JH		 712}
713
eec8d2bc
JH		 714static void mgmt_pending_free(struct pending_cmd *cmd)
715{
716 sock_put(cmd->sk);
c68fb7ff 717 kfree(cmd->param);
eec8d2bc
JH		 718 kfree(cmd);
719}
720
366a0336 721static struct pending_cmd *mgmt_pending_add(struct sock *sk, u16 opcode,
04124681
GP		 722 struct hci_dev *hdev, void *data,
723 u16 len)
eec8d2bc
JH		 724{
725 struct pending_cmd *cmd;
726
12b94565 727 cmd = kmalloc(sizeof(*cmd), GFP_KERNEL);
eec8d2bc 728 if (!cmd)
366a0336 729 return NULL;
eec8d2bc
JH		 730
731 cmd->opcode = opcode;
2e58ef3e 732 cmd->index = hdev->id;
eec8d2bc 733
12b94565 734 cmd->param = kmalloc(len, GFP_KERNEL);
c68fb7ff 735 if (!cmd->param) {
eec8d2bc 736 kfree(cmd);
366a0336 737 return NULL;
eec8d2bc
JH		 738 }
739
8fce6357
SJ		 740 if (data)
741 memcpy(cmd->param, data, len);
eec8d2bc
JH		 742
743 cmd->sk = sk;
744 sock_hold(sk);
745
2e58ef3e 746 list_add(&cmd->list, &hdev->mgmt_pending);
eec8d2bc 747
366a0336 748 return cmd;
eec8d2bc
JH		 749}
750
744cf19e 751static void mgmt_pending_foreach(u16 opcode, struct hci_dev *hdev,
8fc9ced3
GP		 752 void (*cb)(struct pending_cmd *cmd,
753 void *data),
04124681 754 void *data)
eec8d2bc 755{
a3d09356 756 struct pending_cmd *cmd, *tmp;
eec8d2bc 757
a3d09356 758 list_for_each_entry_safe(cmd, tmp, &hdev->mgmt_pending, list) {
b24752fe 759 if (opcode > 0 && cmd->opcode != opcode)
eec8d2bc
JH		 760 continue;
761
eec8d2bc
JH		 762 cb(cmd, data);
763 }
764}
765
2e58ef3e 766static struct pending_cmd *mgmt_pending_find(u16 opcode, struct hci_dev *hdev)
eec8d2bc 767{
8035ded4 768 struct pending_cmd *cmd;
eec8d2bc 769
2e58ef3e 770 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
2aeabcbe
JH		 771 if (cmd->opcode == opcode)
772 return cmd;
eec8d2bc
JH		 773 }
774
775 return NULL;
776}
777
a664b5bc 778static void mgmt_pending_remove(struct pending_cmd *cmd)
73f22f62 779{
73f22f62
JH		 780 list_del(&cmd->list);
781 mgmt_pending_free(cmd);
782}
783
69ab39ea 784static int send_settings_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
8680570b 785{
69ab39ea 786 __le32 settings = cpu_to_le32(get_current_settings(hdev));
8680570b 787
aee9b218 788 return cmd_complete(sk, hdev->id, opcode, 0, &settings,
04124681 789 sizeof(settings));
8680570b
JH		 790}
791
bdb6d971 792static int set_powered(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 793 u16 len)
eec8d2bc 794{
650f726d 795 struct mgmt_mode *cp = data;
366a0336 796 struct pending_cmd *cmd;
4b34ee78 797 int err;
eec8d2bc 798
bdb6d971 799 BT_DBG("request for %s", hdev->name);
eec8d2bc 800
a7e80f25
JH		 801 if (cp->val != 0x00 && cp->val != 0x01)
802 return cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
803 MGMT_STATUS_INVALID_PARAMS);
804
09fd0de5 805 hci_dev_lock(hdev);
eec8d2bc 806
f0d4b78a
MH		 807 if (test_and_clear_bit(HCI_AUTO_OFF, &hdev->dev_flags)) {
808 cancel_delayed_work(&hdev->power_off);
809
810 if (cp->val) {
a1d70450
JH		 811 mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev,
812 data, len);
813 err = mgmt_powered(hdev, 1);
f0d4b78a
MH		 814 goto failed;
815 }
816 }
817
4b34ee78 818 if (!!cp->val == hdev_is_powered(hdev)) {
69ab39ea 819 err = send_settings_rsp(sk, MGMT_OP_SET_POWERED, hdev);
eec8d2bc
JH		 820 goto failed;
821 }
822
2e58ef3e 823 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev)) {
bdb6d971 824 err = cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
04124681 825 MGMT_STATUS_BUSY);
eec8d2bc
JH		 826 goto failed;
827 }
828
2e58ef3e 829 cmd = mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev, data, len);
366a0336
JH		 830 if (!cmd) {
831 err = -ENOMEM;
eec8d2bc 832 goto failed;
366a0336 833 }
eec8d2bc 834
72a734ec 835 if (cp->val)
19202573 836 queue_work(hdev->req_workqueue, &hdev->power_on);
eec8d2bc 837 else
19202573 838 queue_work(hdev->req_workqueue, &hdev->power_off.work);
eec8d2bc 839
366a0336 840 err = 0;
eec8d2bc
JH		 841
842failed:
09fd0de5 843 hci_dev_unlock(hdev);
366a0336 844 return err;
eec8d2bc
JH		 845}
846
04124681
GP		 847static int mgmt_event(u16 event, struct hci_dev *hdev, void *data, u16 data_len,
848 struct sock *skip_sk)
beadb2bd
JH		 849{
850 struct sk_buff *skb;
851 struct mgmt_hdr *hdr;
852
790eff44 853 skb = alloc_skb(sizeof(*hdr) + data_len, GFP_KERNEL);
beadb2bd
JH		 854 if (!skb)
855 return -ENOMEM;
856
857 hdr = (void *) skb_put(skb, sizeof(*hdr));
858 hdr->opcode = cpu_to_le16(event);
859 if (hdev)
860 hdr->index = cpu_to_le16(hdev->id);
861 else
612dfce9 862 hdr->index = __constant_cpu_to_le16(MGMT_INDEX_NONE);
beadb2bd
JH		 863 hdr->len = cpu_to_le16(data_len);
864
865 if (data)
866 memcpy(skb_put(skb, data_len), data, data_len);
867
97e0bdeb
MH		 868 /* Time stamp */
869 __net_timestamp(skb);
870
beadb2bd
JH		 871 hci_send_to_control(skb, skip_sk);
872 kfree_skb(skb);
873
874 return 0;
875}
876
877static int new_settings(struct hci_dev *hdev, struct sock *skip)
878{
879 __le32 ev;
880
881 ev = cpu_to_le32(get_current_settings(hdev));
882
883 return mgmt_event(MGMT_EV_NEW_SETTINGS, hdev, &ev, sizeof(ev), skip);
884}
885
bdb6d971 886static int set_discoverable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 887 u16 len)
73f22f62 888{
650f726d 889 struct mgmt_cp_set_discoverable *cp = data;
366a0336 890 struct pending_cmd *cmd;
5e5282bb 891 u16 timeout;
73f22f62
JH		 892 u8 scan;
893 int err;
894
bdb6d971 895 BT_DBG("request for %s", hdev->name);
73f22f62 896
33c525c0
JH		 897 if (!lmp_bredr_capable(hdev))
898 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
899 MGMT_STATUS_NOT_SUPPORTED);
900
a7e80f25
JH		 901 if (cp->val != 0x00 && cp->val != 0x01)
902 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
903 MGMT_STATUS_INVALID_PARAMS);
904
1f350c87 905 timeout = __le16_to_cpu(cp->timeout);
24c54a90 906 if (!cp->val && timeout > 0)
bdb6d971 907 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 908 MGMT_STATUS_INVALID_PARAMS);
73f22f62 909
09fd0de5 910 hci_dev_lock(hdev);
73f22f62 911
5e5282bb 912 if (!hdev_is_powered(hdev) && timeout > 0) {
bdb6d971 913 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 914 MGMT_STATUS_NOT_POWERED);
73f22f62
JH		 915 goto failed;
916 }
917
2e58ef3e 918 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
8ce8e2b5 919 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
bdb6d971 920 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 921 MGMT_STATUS_BUSY);
73f22f62
JH		 922 goto failed;
923 }
924
5e5282bb 925 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags)) {
bdb6d971 926 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 927 MGMT_STATUS_REJECTED);
5e5282bb
JH		 928 goto failed;
929 }
930
931 if (!hdev_is_powered(hdev)) {
0224d2fa
JH		 932 bool changed = false;
933
934 if (!!cp->val != test_bit(HCI_DISCOVERABLE, &hdev->dev_flags)) {
935 change_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
936 changed = true;
937 }
938
5e5282bb 939 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
0224d2fa
JH		 940 if (err < 0)
941 goto failed;
942
943 if (changed)
944 err = new_settings(hdev, sk);
945
5e5282bb
JH		 946 goto failed;
947 }
948
949 if (!!cp->val == test_bit(HCI_DISCOVERABLE, &hdev->dev_flags)) {
955638ec
MH		 950 if (hdev->discov_timeout > 0) {
951 cancel_delayed_work(&hdev->discov_off);
952 hdev->discov_timeout = 0;
953 }
954
955 if (cp->val && timeout > 0) {
956 hdev->discov_timeout = timeout;
957 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
958 msecs_to_jiffies(hdev->discov_timeout * 1000));
959 }
960
69ab39ea 961 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
73f22f62
JH		 962 goto failed;
963 }
964
2e58ef3e 965 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DISCOVERABLE, hdev, data, len);
366a0336
JH		 966 if (!cmd) {
967 err = -ENOMEM;
73f22f62 968 goto failed;
366a0336 969 }
73f22f62
JH		 970
971 scan = SCAN_PAGE;
972
72a734ec 973 if (cp->val)
73f22f62 974 scan |= SCAN_INQUIRY;
16ab91ab 975 else
e0f9309f 976 cancel_delayed_work(&hdev->discov_off);
73f22f62
JH		 977
978 err = hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
979 if (err < 0)
a664b5bc 980 mgmt_pending_remove(cmd);
73f22f62 981
16ab91ab 982 if (cp->val)
5e5282bb 983 hdev->discov_timeout = timeout;
16ab91ab 984
73f22f62 985failed:
09fd0de5 986 hci_dev_unlock(hdev);
73f22f62
JH		 987 return err;
988}
989
406d7804
JH		 990static void write_fast_connectable(struct hci_request *req, bool enable)
991{
bd98b996 992 struct hci_dev *hdev = req->hdev;
406d7804
JH		 993 struct hci_cp_write_page_scan_activity acp;
994 u8 type;
995
4c01f8b8
JH		 996 if (hdev->hci_ver < BLUETOOTH_VER_1_2)
997 return;
998
406d7804
JH		 999 if (enable) {
1000 type = PAGE_SCAN_TYPE_INTERLACED;
1001
1002 /* 160 msec page scan interval */
1003 acp.interval = __constant_cpu_to_le16(0x0100);
1004 } else {
1005 type = PAGE_SCAN_TYPE_STANDARD; /* default */
1006
1007 /* default 1.28 sec page scan */
1008 acp.interval = __constant_cpu_to_le16(0x0800);
1009 }
1010
1011 acp.window = __constant_cpu_to_le16(0x0012);
1012
bd98b996
JH		 1013 if (__cpu_to_le16(hdev->page_scan_interval) != acp.interval ||
1014 __cpu_to_le16(hdev->page_scan_window) != acp.window)
1015 hci_req_add(req, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY,
1016 sizeof(acp), &acp);
1017
1018 if (hdev->page_scan_type != type)
1019 hci_req_add(req, HCI_OP_WRITE_PAGE_SCAN_TYPE, 1, &type);
406d7804
JH		 1020}
1021
2b76f453
JH		 1022static void set_connectable_complete(struct hci_dev *hdev, u8 status)
1023{
1024 struct pending_cmd *cmd;
1025
1026 BT_DBG("status 0x%02x", status);
1027
1028 hci_dev_lock(hdev);
1029
1030 cmd = mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
1031 if (!cmd)
1032 goto unlock;
1033
1034 send_settings_rsp(cmd->sk, MGMT_OP_SET_CONNECTABLE, hdev);
1035
1036 mgmt_pending_remove(cmd);
1037
1038unlock:
1039 hci_dev_unlock(hdev);
1040}
1041
bdb6d971 1042static int set_connectable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1043 u16 len)
9fbcbb45 1044{
650f726d 1045 struct mgmt_mode *cp = data;
366a0336 1046 struct pending_cmd *cmd;
2b76f453 1047 struct hci_request req;
9fbcbb45
JH		 1048 u8 scan;
1049 int err;
1050
bdb6d971 1051 BT_DBG("request for %s", hdev->name);
9fbcbb45 1052
33c525c0
JH		 1053 if (!lmp_bredr_capable(hdev))
1054 return cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1055 MGMT_STATUS_NOT_SUPPORTED);
1056
a7e80f25
JH		 1057 if (cp->val != 0x00 && cp->val != 0x01)
1058 return cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1059 MGMT_STATUS_INVALID_PARAMS);
1060
09fd0de5 1061 hci_dev_lock(hdev);
9fbcbb45 1062
4b34ee78 1063 if (!hdev_is_powered(hdev)) {
0224d2fa
JH		 1064 bool changed = false;
1065
1066 if (!!cp->val != test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
1067 changed = true;
1068
6bf0e469 1069 if (cp->val) {
5e5282bb 1070 set_bit(HCI_CONNECTABLE, &hdev->dev_flags);
6bf0e469 1071 } else {
5e5282bb
JH		 1072 clear_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1073 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
1074 }
0224d2fa 1075
5e5282bb 1076 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
0224d2fa
JH		 1077 if (err < 0)
1078 goto failed;
1079
1080 if (changed)
1081 err = new_settings(hdev, sk);
1082
9fbcbb45
JH		 1083 goto failed;
1084 }
1085
2e58ef3e 1086 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
8ce8e2b5 1087 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
bdb6d971 1088 err = cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
04124681 1089 MGMT_STATUS_BUSY);
9fbcbb45
JH		 1090 goto failed;
1091 }
1092
5e5282bb 1093 if (!!cp->val == test_bit(HCI_PSCAN, &hdev->flags)) {
69ab39ea 1094 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
9fbcbb45
JH		 1095 goto failed;
1096 }
1097
2e58ef3e 1098 cmd = mgmt_pending_add(sk, MGMT_OP_SET_CONNECTABLE, hdev, data, len);
366a0336
JH		 1099 if (!cmd) {
1100 err = -ENOMEM;
9fbcbb45 1101 goto failed;
366a0336 1102 }
9fbcbb45 1103
6bf0e469 1104 if (cp->val) {
9fbcbb45 1105 scan = SCAN_PAGE;
6bf0e469 1106 } else {
9fbcbb45
JH		 1107 scan = 0;
1108
df2c6c5e 1109 if (test_bit(HCI_ISCAN, &hdev->flags) &&
8ce8e2b5 1110 hdev->discov_timeout > 0)
df2c6c5e
JH		 1111 cancel_delayed_work(&hdev->discov_off);
1112 }
1113
2b76f453
JH		 1114 hci_req_init(&req, hdev);
1115
1116 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1117
4c01f8b8
JH		 1118 /* If we're going from non-connectable to connectable or
1119 * vice-versa when fast connectable is enabled ensure that fast
1120 * connectable gets disabled. write_fast_connectable won't do
1121 * anything if the page scan parameters are already what they
1122 * should be.
1123 */
1124 if (cp->val || test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags))
e36a3769
JH		 1125 write_fast_connectable(&req, false);
1126
2b76f453 1127 err = hci_req_run(&req, set_connectable_complete);
9fbcbb45 1128 if (err < 0)
a664b5bc 1129 mgmt_pending_remove(cmd);
9fbcbb45
JH		 1130
1131failed:
09fd0de5 1132 hci_dev_unlock(hdev);
9fbcbb45
JH		 1133 return err;
1134}
1135
bdb6d971 1136static int set_pairable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1137 u16 len)
c542a06c 1138{
650f726d 1139 struct mgmt_mode *cp = data;
c542a06c
JH		 1140 int err;
1141
bdb6d971 1142 BT_DBG("request for %s", hdev->name);
c542a06c 1143
a7e80f25
JH		 1144 if (cp->val != 0x00 && cp->val != 0x01)
1145 return cmd_status(sk, hdev->id, MGMT_OP_SET_PAIRABLE,
1146 MGMT_STATUS_INVALID_PARAMS);
1147
09fd0de5 1148 hci_dev_lock(hdev);
c542a06c
JH		 1149
1150 if (cp->val)
a8b2d5c2 1151 set_bit(HCI_PAIRABLE, &hdev->dev_flags);
c542a06c 1152 else
a8b2d5c2 1153 clear_bit(HCI_PAIRABLE, &hdev->dev_flags);
c542a06c 1154
69ab39ea 1155 err = send_settings_rsp(sk, MGMT_OP_SET_PAIRABLE, hdev);
c542a06c
JH		 1156 if (err < 0)
1157 goto failed;
1158
beadb2bd 1159 err = new_settings(hdev, sk);
c542a06c
JH		 1160
1161failed:
09fd0de5 1162 hci_dev_unlock(hdev);
c542a06c
JH		 1163 return err;
1164}
1165
04124681
GP		 1166static int set_link_security(struct sock *sk, struct hci_dev *hdev, void *data,
1167 u16 len)
33ef95ed
JH		 1168{
1169 struct mgmt_mode *cp = data;
1170 struct pending_cmd *cmd;
816a11d5 1171 u8 val;
33ef95ed
JH		 1172 int err;
1173
bdb6d971 1174 BT_DBG("request for %s", hdev->name);
33ef95ed 1175
33c525c0
JH		 1176 if (!lmp_bredr_capable(hdev))
1177 return cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1178 MGMT_STATUS_NOT_SUPPORTED);
1179
a7e80f25
JH		 1180 if (cp->val != 0x00 && cp->val != 0x01)
1181 return cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1182 MGMT_STATUS_INVALID_PARAMS);
1183
33ef95ed
JH		 1184 hci_dev_lock(hdev);
1185
4b34ee78 1186 if (!hdev_is_powered(hdev)) {
47990ea0
JH		 1187 bool changed = false;
1188
1189 if (!!cp->val != test_bit(HCI_LINK_SECURITY,
8ce8e2b5 1190 &hdev->dev_flags)) {
47990ea0
JH		 1191 change_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
1192 changed = true;
1193 }
1194
1195 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1196 if (err < 0)
1197 goto failed;
1198
1199 if (changed)
1200 err = new_settings(hdev, sk);
1201
33ef95ed
JH		 1202 goto failed;
1203 }
1204
1205 if (mgmt_pending_find(MGMT_OP_SET_LINK_SECURITY, hdev)) {
bdb6d971 1206 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
04124681 1207 MGMT_STATUS_BUSY);
33ef95ed
JH		 1208 goto failed;
1209 }
1210
1211 val = !!cp->val;
1212
1213 if (test_bit(HCI_AUTH, &hdev->flags) == val) {
1214 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1215 goto failed;
1216 }
1217
1218 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LINK_SECURITY, hdev, data, len);
1219 if (!cmd) {
1220 err = -ENOMEM;
1221 goto failed;
1222 }
1223
1224 err = hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE, sizeof(val), &val);
1225 if (err < 0) {
1226 mgmt_pending_remove(cmd);
1227 goto failed;
1228 }
1229
1230failed:
1231 hci_dev_unlock(hdev);
33ef95ed
JH		 1232 return err;
1233}
1234
bdb6d971 1235static int set_ssp(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
ed2c4ee3
JH		 1236{
1237 struct mgmt_mode *cp = data;
1238 struct pending_cmd *cmd;
816a11d5 1239 u8 val;
ed2c4ee3
JH		 1240 int err;
1241
bdb6d971 1242 BT_DBG("request for %s", hdev->name);
ed2c4ee3 1243
13ecd8b6
JH		 1244 if (!lmp_ssp_capable(hdev))
1245 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1246 MGMT_STATUS_NOT_SUPPORTED);
ed2c4ee3 1247
a7e80f25
JH		 1248 if (cp->val != 0x00 && cp->val != 0x01)
1249 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1250 MGMT_STATUS_INVALID_PARAMS);
1251
13ecd8b6 1252 hci_dev_lock(hdev);
6c8f12c1 1253
c0ecddc2
JH		 1254 val = !!cp->val;
1255
4b34ee78 1256 if (!hdev_is_powered(hdev)) {
c0ecddc2
JH		 1257 bool changed = false;
1258
1259 if (val != test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) {
1260 change_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
1261 changed = true;
1262 }
1263
1264 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1265 if (err < 0)
1266 goto failed;
1267
1268 if (changed)
1269 err = new_settings(hdev, sk);
1270
ed2c4ee3
JH		 1271 goto failed;
1272 }
1273
1274 if (mgmt_pending_find(MGMT_OP_SET_SSP, hdev)) {
d97dcb66
SJ		 1275 err = cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1276 MGMT_STATUS_BUSY);
ed2c4ee3
JH		 1277 goto failed;
1278 }
1279
ed2c4ee3
JH		 1280 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags) == val) {
1281 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1282 goto failed;
1283 }
1284
1285 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SSP, hdev, data, len);
1286 if (!cmd) {
1287 err = -ENOMEM;
1288 goto failed;
1289 }
1290
1291 err = hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, sizeof(val), &val);
1292 if (err < 0) {
1293 mgmt_pending_remove(cmd);
1294 goto failed;
1295 }
1296
1297failed:
1298 hci_dev_unlock(hdev);
ed2c4ee3
JH		 1299 return err;
1300}
1301
bdb6d971 1302static int set_hs(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
6d80dfd0
JH		 1303{
1304 struct mgmt_mode *cp = data;
6d80dfd0 1305
bdb6d971 1306 BT_DBG("request for %s", hdev->name);
6d80dfd0 1307
bdb6d971
JH		 1308 if (!enable_hs)
1309 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
04124681 1310 MGMT_STATUS_NOT_SUPPORTED);
6d80dfd0 1311
a7e80f25
JH		 1312 if (cp->val != 0x00 && cp->val != 0x01)
1313 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1314 MGMT_STATUS_INVALID_PARAMS);
1315
6d80dfd0
JH		 1316 if (cp->val)
1317 set_bit(HCI_HS_ENABLED, &hdev->dev_flags);
1318 else
1319 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
1320
bdb6d971 1321 return send_settings_rsp(sk, MGMT_OP_SET_HS, hdev);
6d80dfd0
JH		 1322}
1323
bdb6d971 1324static int set_le(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
06199cf8
JH		 1325{
1326 struct mgmt_mode *cp = data;
1327 struct hci_cp_write_le_host_supported hci_cp;
1328 struct pending_cmd *cmd;
06199cf8 1329 int err;
0b60eba1 1330 u8 val, enabled;
06199cf8 1331
bdb6d971 1332 BT_DBG("request for %s", hdev->name);
06199cf8 1333
13ecd8b6
JH		 1334 if (!lmp_le_capable(hdev))
1335 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1336 MGMT_STATUS_NOT_SUPPORTED);
1de028ce 1337
a7e80f25
JH		 1338 if (cp->val != 0x00 && cp->val != 0x01)
1339 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1340 MGMT_STATUS_INVALID_PARAMS);
1341
c73eee91
JH		 1342 /* LE-only devices do not allow toggling LE on/off */
1343 if (!lmp_bredr_capable(hdev))
1344 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1345 MGMT_STATUS_REJECTED);
1346
13ecd8b6 1347 hci_dev_lock(hdev);
06199cf8
JH		 1348
1349 val = !!cp->val;
ffa88e02 1350 enabled = lmp_host_le_capable(hdev);
06199cf8 1351
0b60eba1 1352 if (!hdev_is_powered(hdev) || val == enabled) {
06199cf8
JH		 1353 bool changed = false;
1354
1355 if (val != test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
1356 change_bit(HCI_LE_ENABLED, &hdev->dev_flags);
1357 changed = true;
1358 }
1359
1360 err = send_settings_rsp(sk, MGMT_OP_SET_LE, hdev);
1361 if (err < 0)
1de028ce 1362 goto unlock;
06199cf8
JH		 1363
1364 if (changed)
1365 err = new_settings(hdev, sk);
1366
1de028ce 1367 goto unlock;
06199cf8
JH		 1368 }
1369
1370 if (mgmt_pending_find(MGMT_OP_SET_LE, hdev)) {
bdb6d971 1371 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
04124681 1372 MGMT_STATUS_BUSY);
1de028ce 1373 goto unlock;
06199cf8
JH		 1374 }
1375
1376 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LE, hdev, data, len);
1377 if (!cmd) {
1378 err = -ENOMEM;
1de028ce 1379 goto unlock;
06199cf8
JH		 1380 }
1381
1382 memset(&hci_cp, 0, sizeof(hci_cp));
1383
1384 if (val) {
1385 hci_cp.le = val;
ffa88e02 1386 hci_cp.simul = lmp_le_br_capable(hdev);
06199cf8
JH		 1387 }
1388
04124681
GP		 1389 err = hci_send_cmd(hdev, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(hci_cp),
1390 &hci_cp);
0c01bc48 1391 if (err < 0)
06199cf8 1392 mgmt_pending_remove(cmd);
06199cf8 1393
1de028ce
JH		 1394unlock:
1395 hci_dev_unlock(hdev);
06199cf8
JH		 1396 return err;
1397}
1398
0cab9c80
JH		 1399/* This is a helper function to test for pending mgmt commands that can
1400 * cause CoD or EIR HCI commands. We can only allow one such pending
1401 * mgmt command at a time since otherwise we cannot easily track what
1402 * the current values are, will be, and based on that calculate if a new
1403 * HCI command needs to be sent and if yes with what value.
1404 */
1405static bool pending_eir_or_class(struct hci_dev *hdev)
1406{
1407 struct pending_cmd *cmd;
1408
1409 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
1410 switch (cmd->opcode) {
1411 case MGMT_OP_ADD_UUID:
1412 case MGMT_OP_REMOVE_UUID:
1413 case MGMT_OP_SET_DEV_CLASS:
1414 case MGMT_OP_SET_POWERED:
1415 return true;
1416 }
1417 }
1418
1419 return false;
1420}
1421
83be8eca
JH		 1422static const u8 bluetooth_base_uuid[] = {
1423 0xfb, 0x34, 0x9b, 0x5f, 0x80, 0x00, 0x00, 0x80,
1424 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1425};
1426
1427static u8 get_uuid_size(const u8 *uuid)
1428{
1429 u32 val;
1430
1431 if (memcmp(uuid, bluetooth_base_uuid, 12))
1432 return 128;
1433
1434 val = get_unaligned_le32(&uuid[12]);
1435 if (val > 0xffff)
1436 return 32;
1437
1438 return 16;
1439}
1440
92da6097
JH		 1441static void mgmt_class_complete(struct hci_dev *hdev, u16 mgmt_op, u8 status)
1442{
1443 struct pending_cmd *cmd;
1444
1445 hci_dev_lock(hdev);
1446
1447 cmd = mgmt_pending_find(mgmt_op, hdev);
1448 if (!cmd)
1449 goto unlock;
1450
1451 cmd_complete(cmd->sk, cmd->index, cmd->opcode, mgmt_status(status),
1452 hdev->dev_class, 3);
1453
1454 mgmt_pending_remove(cmd);
1455
1456unlock:
1457 hci_dev_unlock(hdev);
1458}
1459
1460static void add_uuid_complete(struct hci_dev *hdev, u8 status)
1461{
1462 BT_DBG("status 0x%02x", status);
1463
1464 mgmt_class_complete(hdev, MGMT_OP_ADD_UUID, status);
1465}
1466
bdb6d971 1467static int add_uuid(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
2aeb9a1a 1468{
650f726d 1469 struct mgmt_cp_add_uuid *cp = data;
90e70454 1470 struct pending_cmd *cmd;
890ea898 1471 struct hci_request req;
2aeb9a1a 1472 struct bt_uuid *uuid;
2aeb9a1a
JH		 1473 int err;
1474
bdb6d971 1475 BT_DBG("request for %s", hdev->name);
2aeb9a1a 1476
09fd0de5 1477 hci_dev_lock(hdev);
2aeb9a1a 1478
0cab9c80 1479 if (pending_eir_or_class(hdev)) {
bdb6d971 1480 err = cmd_status(sk, hdev->id, MGMT_OP_ADD_UUID,
04124681 1481 MGMT_STATUS_BUSY);
c95f0ba7
JH		 1482 goto failed;
1483 }
1484
92c4c204 1485 uuid = kmalloc(sizeof(*uuid), GFP_KERNEL);
2aeb9a1a
JH		 1486 if (!uuid) {
1487 err = -ENOMEM;
1488 goto failed;
1489 }
1490
1491 memcpy(uuid->uuid, cp->uuid, 16);
1aff6f09 1492 uuid->svc_hint = cp->svc_hint;
83be8eca 1493 uuid->size = get_uuid_size(cp->uuid);
2aeb9a1a 1494
de66aa63 1495 list_add_tail(&uuid->list, &hdev->uuids);
2aeb9a1a 1496
890ea898 1497 hci_req_init(&req, hdev);
1aff6f09 1498
890ea898
JH		 1499 update_class(&req);
1500 update_eir(&req);
1501
92da6097
JH		 1502 err = hci_req_run(&req, add_uuid_complete);
1503 if (err < 0) {
1504 if (err != -ENODATA)
1505 goto failed;
80a1e1db 1506
bdb6d971 1507 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_UUID, 0,
04124681 1508 hdev->dev_class, 3);
90e70454
JH		 1509 goto failed;
1510 }
1511
1512 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_UUID, hdev, data, len);
890ea898 1513 if (!cmd) {
90e70454 1514 err = -ENOMEM;
890ea898
JH		 1515 goto failed;
1516 }
1517
1518 err = 0;
2aeb9a1a
JH		 1519
1520failed:
09fd0de5 1521 hci_dev_unlock(hdev);
2aeb9a1a
JH		 1522 return err;
1523}
1524
24b78d0f
JH		 1525static bool enable_service_cache(struct hci_dev *hdev)
1526{
1527 if (!hdev_is_powered(hdev))
1528 return false;
1529
1530 if (!test_and_set_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
46818ed5
JH		 1531 queue_delayed_work(hdev->workqueue, &hdev->service_cache,
1532 CACHE_TIMEOUT);
24b78d0f
JH		 1533 return true;
1534 }
1535
1536 return false;
1537}
1538
92da6097
JH		 1539static void remove_uuid_complete(struct hci_dev *hdev, u8 status)
1540{
1541 BT_DBG("status 0x%02x", status);
1542
1543 mgmt_class_complete(hdev, MGMT_OP_REMOVE_UUID, status);
1544}
1545
bdb6d971 1546static int remove_uuid(struct sock *sk, struct hci_dev *hdev, void *data,
8ce8e2b5 1547 u16 len)
2aeb9a1a 1548{
650f726d 1549 struct mgmt_cp_remove_uuid *cp = data;
90e70454 1550 struct pending_cmd *cmd;
056341c8 1551 struct bt_uuid *match, *tmp;
2aeb9a1a 1552 u8 bt_uuid_any[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
890ea898 1553 struct hci_request req;
2aeb9a1a
JH		 1554 int err, found;
1555
bdb6d971 1556 BT_DBG("request for %s", hdev->name);
2aeb9a1a 1557
09fd0de5 1558 hci_dev_lock(hdev);
2aeb9a1a 1559
0cab9c80 1560 if (pending_eir_or_class(hdev)) {
bdb6d971 1561 err = cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
04124681 1562 MGMT_STATUS_BUSY);
c95f0ba7
JH		 1563 goto unlock;
1564 }
1565
2aeb9a1a
JH		 1566 if (memcmp(cp->uuid, bt_uuid_any, 16) == 0) {
1567 err = hci_uuids_clear(hdev);
4004b6d9 1568
24b78d0f 1569 if (enable_service_cache(hdev)) {
bdb6d971 1570 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID,
04124681 1571 0, hdev->dev_class, 3);
24b78d0f
JH		 1572 goto unlock;
1573 }
4004b6d9 1574
9246a869 1575 goto update_class;
2aeb9a1a
JH		 1576 }
1577
1578 found = 0;
1579
056341c8 1580 list_for_each_entry_safe(match, tmp, &hdev->uuids, list) {
2aeb9a1a
JH		 1581 if (memcmp(match->uuid, cp->uuid, 16) != 0)
1582 continue;
1583
1584 list_del(&match->list);
482049f7 1585 kfree(match);
2aeb9a1a
JH		 1586 found++;
1587 }
1588
1589 if (found == 0) {
bdb6d971 1590 err = cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
04124681 1591 MGMT_STATUS_INVALID_PARAMS);
2aeb9a1a
JH		 1592 goto unlock;
1593 }
1594
9246a869 1595update_class:
890ea898 1596 hci_req_init(&req, hdev);
1aff6f09 1597
890ea898
JH		 1598 update_class(&req);
1599 update_eir(&req);
1600
92da6097
JH		 1601 err = hci_req_run(&req, remove_uuid_complete);
1602 if (err < 0) {
1603 if (err != -ENODATA)
1604 goto unlock;
80a1e1db 1605
bdb6d971 1606 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID, 0,
04124681 1607 hdev->dev_class, 3);
90e70454
JH		 1608 goto unlock;
1609 }
1610
1611 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_UUID, hdev, data, len);
890ea898 1612 if (!cmd) {
90e70454 1613 err = -ENOMEM;
890ea898
JH		 1614 goto unlock;
1615 }
1616
1617 err = 0;
2aeb9a1a
JH		 1618
1619unlock:
09fd0de5 1620 hci_dev_unlock(hdev);
2aeb9a1a
JH		 1621 return err;
1622}
1623
92da6097
JH		 1624static void set_class_complete(struct hci_dev *hdev, u8 status)
1625{
1626 BT_DBG("status 0x%02x", status);
1627
1628 mgmt_class_complete(hdev, MGMT_OP_SET_DEV_CLASS, status);
1629}
1630
bdb6d971 1631static int set_dev_class(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1632 u16 len)
1aff6f09 1633{
650f726d 1634 struct mgmt_cp_set_dev_class *cp = data;
90e70454 1635 struct pending_cmd *cmd;
890ea898 1636 struct hci_request req;
1aff6f09
JH		 1637 int err;
1638
bdb6d971 1639 BT_DBG("request for %s", hdev->name);
1aff6f09 1640
13ecd8b6
JH		 1641 if (!lmp_bredr_capable(hdev))
1642 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
1643 MGMT_STATUS_NOT_SUPPORTED);
1aff6f09 1644
0cab9c80 1645 hci_dev_lock(hdev);
ee98f473 1646
0cab9c80
JH		 1647 if (pending_eir_or_class(hdev)) {
1648 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
1649 MGMT_STATUS_BUSY);
1650 goto unlock;
1651 }
c95f0ba7 1652
0cab9c80
JH		 1653 if ((cp->minor & 0x03) != 0 || (cp->major & 0xe0) != 0) {
1654 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
1655 MGMT_STATUS_INVALID_PARAMS);
1656 goto unlock;
1657 }
575b3a02 1658
932f5ff5
JH		 1659 hdev->major_class = cp->major;
1660 hdev->minor_class = cp->minor;
1661
b5235a65 1662 if (!hdev_is_powered(hdev)) {
bdb6d971 1663 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
04124681 1664 hdev->dev_class, 3);
b5235a65
JH		 1665 goto unlock;
1666 }
1667
890ea898
JH		 1668 hci_req_init(&req, hdev);
1669
a8b2d5c2 1670 if (test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
7d78525d
JH		 1671 hci_dev_unlock(hdev);
1672 cancel_delayed_work_sync(&hdev->service_cache);
1673 hci_dev_lock(hdev);
890ea898 1674 update_eir(&req);
7d78525d 1675 }
14c0b608 1676
890ea898
JH		 1677 update_class(&req);
1678
92da6097
JH		 1679 err = hci_req_run(&req, set_class_complete);
1680 if (err < 0) {
1681 if (err != -ENODATA)
1682 goto unlock;
1aff6f09 1683
bdb6d971 1684 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
04124681 1685 hdev->dev_class, 3);
90e70454
JH		 1686 goto unlock;
1687 }
1688
1689 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DEV_CLASS, hdev, data, len);
890ea898 1690 if (!cmd) {
90e70454 1691 err = -ENOMEM;
890ea898
JH		 1692 goto unlock;
1693 }
1694
1695 err = 0;
1aff6f09 1696
b5235a65 1697unlock:
09fd0de5 1698 hci_dev_unlock(hdev);
1aff6f09
JH		 1699 return err;
1700}
1701
bdb6d971 1702static int load_link_keys(struct sock *sk, struct hci_dev *hdev, void *data,
8ce8e2b5 1703 u16 len)
55ed8ca1 1704{
650f726d 1705 struct mgmt_cp_load_link_keys *cp = data;
4e51eae9 1706 u16 key_count, expected_len;
a492cd52 1707 int i;
55ed8ca1 1708
1f350c87 1709 key_count = __le16_to_cpu(cp->key_count);
55ed8ca1 1710
86742e1e
JH		 1711 expected_len = sizeof(*cp) + key_count *
1712 sizeof(struct mgmt_link_key_info);
a492cd52 1713 if (expected_len != len) {
86742e1e 1714 BT_ERR("load_link_keys: expected %u bytes, got %u bytes",
8ce8e2b5 1715 len, expected_len);
bdb6d971 1716 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
04124681 1717 MGMT_STATUS_INVALID_PARAMS);
55ed8ca1
JH		 1718 }
1719
4ae14301
JH		 1720 if (cp->debug_keys != 0x00 && cp->debug_keys != 0x01)
1721 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
1722 MGMT_STATUS_INVALID_PARAMS);
1723
bdb6d971 1724 BT_DBG("%s debug_keys %u key_count %u", hdev->name, cp->debug_keys,
8ce8e2b5 1725 key_count);
55ed8ca1 1726
4ee71b20
JH		 1727 for (i = 0; i < key_count; i++) {
1728 struct mgmt_link_key_info *key = &cp->keys[i];
1729
1730 if (key->addr.type != BDADDR_BREDR)
1731 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
1732 MGMT_STATUS_INVALID_PARAMS);
1733 }
1734
09fd0de5 1735 hci_dev_lock(hdev);
55ed8ca1
JH		 1736
1737 hci_link_keys_clear(hdev);
1738
a8b2d5c2 1739 set_bit(HCI_LINK_KEYS, &hdev->dev_flags);
55ed8ca1
JH		 1740
1741 if (cp->debug_keys)
a8b2d5c2 1742 set_bit(HCI_DEBUG_KEYS, &hdev->dev_flags);
55ed8ca1 1743 else
a8b2d5c2 1744 clear_bit(HCI_DEBUG_KEYS, &hdev->dev_flags);
55ed8ca1 1745
a492cd52 1746 for (i = 0; i < key_count; i++) {
86742e1e 1747 struct mgmt_link_key_info *key = &cp->keys[i];
55ed8ca1 1748
d753fdc4 1749 hci_add_link_key(hdev, NULL, 0, &key->addr.bdaddr, key->val,
04124681 1750 key->type, key->pin_len);
55ed8ca1
JH		 1751 }
1752
bdb6d971 1753 cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS, 0, NULL, 0);
0e5f875a 1754
09fd0de5 1755 hci_dev_unlock(hdev);
55ed8ca1 1756
a492cd52 1757 return 0;
55ed8ca1
JH		 1758}
1759
b1078ad0 1760static int device_unpaired(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 1761 u8 addr_type, struct sock *skip_sk)
b1078ad0
JH		 1762{
1763 struct mgmt_ev_device_unpaired ev;
1764
1765 bacpy(&ev.addr.bdaddr, bdaddr);
1766 ev.addr.type = addr_type;
1767
1768 return mgmt_event(MGMT_EV_DEVICE_UNPAIRED, hdev, &ev, sizeof(ev),
04124681 1769 skip_sk);
b1078ad0
JH		 1770}
1771
bdb6d971 1772static int unpair_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1773 u16 len)
55ed8ca1 1774{
124f6e35
JH		 1775 struct mgmt_cp_unpair_device *cp = data;
1776 struct mgmt_rp_unpair_device rp;
a8a1d19e
JH		 1777 struct hci_cp_disconnect dc;
1778 struct pending_cmd *cmd;
55ed8ca1 1779 struct hci_conn *conn;
55ed8ca1
JH		 1780 int err;
1781
a8a1d19e 1782 memset(&rp, 0, sizeof(rp));
124f6e35
JH		 1783 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
1784 rp.addr.type = cp->addr.type;
a8a1d19e 1785
4ee71b20
JH		 1786 if (!bdaddr_type_is_valid(cp->addr.type))
1787 return cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
1788 MGMT_STATUS_INVALID_PARAMS,
1789 &rp, sizeof(rp));
1790
118da70b
JH		 1791 if (cp->disconnect != 0x00 && cp->disconnect != 0x01)
1792 return cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
1793 MGMT_STATUS_INVALID_PARAMS,
1794 &rp, sizeof(rp));
1795
4ee71b20
JH		 1796 hci_dev_lock(hdev);
1797
86a8cfc6 1798 if (!hdev_is_powered(hdev)) {
bdb6d971 1799 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
04124681 1800 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
86a8cfc6
JH		 1801 goto unlock;
1802 }
1803
591f47f3 1804 if (cp->addr.type == BDADDR_BREDR)
124f6e35
JH		 1805 err = hci_remove_link_key(hdev, &cp->addr.bdaddr);
1806 else
1807 err = hci_remove_ltk(hdev, &cp->addr.bdaddr);
b0dbfb46 1808
55ed8ca1 1809 if (err < 0) {
bdb6d971 1810 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
04124681 1811 MGMT_STATUS_NOT_PAIRED, &rp, sizeof(rp));
55ed8ca1
JH		 1812 goto unlock;
1813 }
1814
86a8cfc6 1815 if (cp->disconnect) {
591f47f3 1816 if (cp->addr.type == BDADDR_BREDR)
86a8cfc6 1817 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
8ce8e2b5 1818 &cp->addr.bdaddr);
86a8cfc6
JH		 1819 else
1820 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK,
8ce8e2b5 1821 &cp->addr.bdaddr);
86a8cfc6
JH		 1822 } else {
1823 conn = NULL;
1824 }
124f6e35 1825
a8a1d19e 1826 if (!conn) {
bdb6d971 1827 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE, 0,
04124681 1828 &rp, sizeof(rp));
b1078ad0 1829 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, sk);
a8a1d19e
JH		 1830 goto unlock;
1831 }
55ed8ca1 1832
124f6e35 1833 cmd = mgmt_pending_add(sk, MGMT_OP_UNPAIR_DEVICE, hdev, cp,
04124681 1834 sizeof(*cp));
a8a1d19e
JH		 1835 if (!cmd) {
1836 err = -ENOMEM;
1837 goto unlock;
55ed8ca1
JH		 1838 }
1839
eb55ef07 1840 dc.handle = cpu_to_le16(conn->handle);
a8a1d19e
JH		 1841 dc.reason = 0x13; /* Remote User Terminated Connection */
1842 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
1843 if (err < 0)
1844 mgmt_pending_remove(cmd);
1845
55ed8ca1 1846unlock:
09fd0de5 1847 hci_dev_unlock(hdev);
55ed8ca1
JH		 1848 return err;
1849}
1850
bdb6d971 1851static int disconnect(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1852 u16 len)
8962ee74 1853{
650f726d 1854 struct mgmt_cp_disconnect *cp = data;
06a63b19 1855 struct mgmt_rp_disconnect rp;
8962ee74 1856 struct hci_cp_disconnect dc;
366a0336 1857 struct pending_cmd *cmd;
8962ee74 1858 struct hci_conn *conn;
8962ee74
JH		 1859 int err;
1860
1861 BT_DBG("");
1862
06a63b19
JH		 1863 memset(&rp, 0, sizeof(rp));
1864 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
1865 rp.addr.type = cp->addr.type;
1866
4ee71b20 1867 if (!bdaddr_type_is_valid(cp->addr.type))
06a63b19
JH		 1868 return cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
1869 MGMT_STATUS_INVALID_PARAMS,
1870 &rp, sizeof(rp));
4ee71b20 1871
09fd0de5 1872 hci_dev_lock(hdev);
8962ee74
JH		 1873
1874 if (!test_bit(HCI_UP, &hdev->flags)) {
06a63b19
JH		 1875 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
1876 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
8962ee74
JH		 1877 goto failed;
1878 }
1879
2e58ef3e 1880 if (mgmt_pending_find(MGMT_OP_DISCONNECT, hdev)) {
06a63b19
JH		 1881 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
1882 MGMT_STATUS_BUSY, &rp, sizeof(rp));
8962ee74
JH		 1883 goto failed;
1884 }
1885
591f47f3 1886 if (cp->addr.type == BDADDR_BREDR)
8fc9ced3
GP		 1887 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
1888 &cp->addr.bdaddr);
88c3df13
JH		 1889 else
1890 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
365227e5 1891
f960727e 1892 if (!conn || conn->state == BT_OPEN || conn->state == BT_CLOSED) {
06a63b19
JH		 1893 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
1894 MGMT_STATUS_NOT_CONNECTED, &rp, sizeof(rp));
8962ee74
JH		 1895 goto failed;
1896 }
1897
2e58ef3e 1898 cmd = mgmt_pending_add(sk, MGMT_OP_DISCONNECT, hdev, data, len);
366a0336
JH		 1899 if (!cmd) {
1900 err = -ENOMEM;
8962ee74 1901 goto failed;
366a0336 1902 }
8962ee74 1903
eb55ef07 1904 dc.handle = cpu_to_le16(conn->handle);
3701f944 1905 dc.reason = HCI_ERROR_REMOTE_USER_TERM;
8962ee74
JH		 1906
1907 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
1908 if (err < 0)
a664b5bc 1909 mgmt_pending_remove(cmd);
8962ee74
JH		 1910
1911failed:
09fd0de5 1912 hci_dev_unlock(hdev);
8962ee74
JH		 1913 return err;
1914}
1915
57c1477c 1916static u8 link_to_bdaddr(u8 link_type, u8 addr_type)
4c659c39
JH		 1917{
1918 switch (link_type) {
1919 case LE_LINK:
48264f06
JH		 1920 switch (addr_type) {
1921 case ADDR_LE_DEV_PUBLIC:
591f47f3 1922 return BDADDR_LE_PUBLIC;
0ed09148 1923
48264f06 1924 default:
0ed09148 1925 /* Fallback to LE Random address type */
591f47f3 1926 return BDADDR_LE_RANDOM;
48264f06 1927 }
0ed09148 1928
4c659c39 1929 default:
0ed09148 1930 /* Fallback to BR/EDR type */
591f47f3 1931 return BDADDR_BREDR;
4c659c39
JH		 1932 }
1933}
1934
04124681
GP		 1935static int get_connections(struct sock *sk, struct hci_dev *hdev, void *data,
1936 u16 data_len)
2784eb41 1937{
2784eb41 1938 struct mgmt_rp_get_connections *rp;
8035ded4 1939 struct hci_conn *c;
a38528f1 1940 size_t rp_len;
60fc5fb6
JH		 1941 int err;
1942 u16 i;
2784eb41
JH		 1943
1944 BT_DBG("");
1945
09fd0de5 1946 hci_dev_lock(hdev);
2784eb41 1947
5f97c1df 1948 if (!hdev_is_powered(hdev)) {
bdb6d971 1949 err = cmd_status(sk, hdev->id, MGMT_OP_GET_CONNECTIONS,
04124681 1950 MGMT_STATUS_NOT_POWERED);
5f97c1df
JH		 1951 goto unlock;
1952 }
1953
60fc5fb6 1954 i = 0;
b644ba33
JH		 1955 list_for_each_entry(c, &hdev->conn_hash.list, list) {
1956 if (test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
60fc5fb6 1957 i++;
2784eb41
JH		 1958 }
1959
60fc5fb6 1960 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
92c4c204 1961 rp = kmalloc(rp_len, GFP_KERNEL);
a38528f1 1962 if (!rp) {
2784eb41
JH		 1963 err = -ENOMEM;
1964 goto unlock;
1965 }
1966
2784eb41 1967 i = 0;
4c659c39 1968 list_for_each_entry(c, &hdev->conn_hash.list, list) {
b644ba33
JH		 1969 if (!test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
1970 continue;
4c659c39 1971 bacpy(&rp->addr[i].bdaddr, &c->dst);
57c1477c 1972 rp->addr[i].type = link_to_bdaddr(c->type, c->dst_type);
0ed09148 1973 if (c->type == SCO_LINK || c->type == ESCO_LINK)
4c659c39
JH		 1974 continue;
1975 i++;
1976 }
1977
eb55ef07 1978 rp->conn_count = cpu_to_le16(i);
60fc5fb6 1979
4c659c39
JH		 1980 /* Recalculate length in case of filtered SCO connections, etc */
1981 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
2784eb41 1982
bdb6d971 1983 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CONNECTIONS, 0, rp,
04124681 1984 rp_len);
2784eb41 1985
a38528f1 1986 kfree(rp);
5f97c1df
JH		 1987
1988unlock:
09fd0de5 1989 hci_dev_unlock(hdev);
2784eb41
JH		 1990 return err;
1991}
1992
bdb6d971 1993static int send_pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 1994 struct mgmt_cp_pin_code_neg_reply *cp)
96d97a67
WR		 1995{
1996 struct pending_cmd *cmd;
1997 int err;
1998
2e58ef3e 1999 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_NEG_REPLY, hdev, cp,
04124681 2000 sizeof(*cp));
96d97a67
WR		 2001 if (!cmd)
2002 return -ENOMEM;
2003
d8457698 2004 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
04124681 2005 sizeof(cp->addr.bdaddr), &cp->addr.bdaddr);
96d97a67
WR		 2006 if (err < 0)
2007 mgmt_pending_remove(cmd);
2008
2009 return err;
2010}
2011
bdb6d971 2012static int pin_code_reply(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2013 u16 len)
980e1a53 2014{
96d97a67 2015 struct hci_conn *conn;
650f726d 2016 struct mgmt_cp_pin_code_reply *cp = data;
980e1a53 2017 struct hci_cp_pin_code_reply reply;
366a0336 2018 struct pending_cmd *cmd;
980e1a53
JH		 2019 int err;
2020
2021 BT_DBG("");
2022
09fd0de5 2023 hci_dev_lock(hdev);
980e1a53 2024
4b34ee78 2025 if (!hdev_is_powered(hdev)) {
bdb6d971 2026 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
04124681 2027 MGMT_STATUS_NOT_POWERED);
980e1a53
JH		 2028 goto failed;
2029 }
2030
d8457698 2031 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->addr.bdaddr);
96d97a67 2032 if (!conn) {
bdb6d971 2033 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
04124681 2034 MGMT_STATUS_NOT_CONNECTED);
96d97a67
WR		 2035 goto failed;
2036 }
2037
2038 if (conn->pending_sec_level == BT_SECURITY_HIGH && cp->pin_len != 16) {
d8457698
JH		 2039 struct mgmt_cp_pin_code_neg_reply ncp;
2040
2041 memcpy(&ncp.addr, &cp->addr, sizeof(ncp.addr));
96d97a67
WR		 2042
2043 BT_ERR("PIN code is not 16 bytes long");
2044
bdb6d971 2045 err = send_pin_code_neg_reply(sk, hdev, &ncp);
96d97a67 2046 if (err >= 0)
bdb6d971 2047 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
04124681 2048 MGMT_STATUS_INVALID_PARAMS);
96d97a67
WR		 2049
2050 goto failed;
2051 }
2052
00abfe44 2053 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_REPLY, hdev, data, len);
366a0336
JH		 2054 if (!cmd) {
2055 err = -ENOMEM;
980e1a53 2056 goto failed;
366a0336 2057 }
980e1a53 2058
d8457698 2059 bacpy(&reply.bdaddr, &cp->addr.bdaddr);
980e1a53 2060 reply.pin_len = cp->pin_len;
24718ca5 2061 memcpy(reply.pin_code, cp->pin_code, sizeof(reply.pin_code));
980e1a53
JH		 2062
2063 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_REPLY, sizeof(reply), &reply);
2064 if (err < 0)
a664b5bc 2065 mgmt_pending_remove(cmd);
980e1a53
JH		 2066
2067failed:
09fd0de5 2068 hci_dev_unlock(hdev);
980e1a53
JH		 2069 return err;
2070}
2071
04124681
GP		 2072static int set_io_capability(struct sock *sk, struct hci_dev *hdev, void *data,
2073 u16 len)
17fa4b9d 2074{
650f726d 2075 struct mgmt_cp_set_io_capability *cp = data;
17fa4b9d
JH		 2076
2077 BT_DBG("");
2078
09fd0de5 2079 hci_dev_lock(hdev);
17fa4b9d
JH		 2080
2081 hdev->io_capability = cp->io_capability;
2082
2083 BT_DBG("%s IO capability set to 0x%02x", hdev->name,
8ce8e2b5 2084 hdev->io_capability);
17fa4b9d 2085
09fd0de5 2086 hci_dev_unlock(hdev);
17fa4b9d 2087
04124681
GP		 2088 return cmd_complete(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY, 0, NULL,
2089 0);
17fa4b9d
JH		 2090}
2091
6039aa73 2092static struct pending_cmd *find_pairing(struct hci_conn *conn)
e9a416b5
JH		 2093{
2094 struct hci_dev *hdev = conn->hdev;
8035ded4 2095 struct pending_cmd *cmd;
e9a416b5 2096
2e58ef3e 2097 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
e9a416b5
JH		 2098 if (cmd->opcode != MGMT_OP_PAIR_DEVICE)
2099 continue;
2100
e9a416b5
JH		 2101 if (cmd->user_data != conn)
2102 continue;
2103
2104 return cmd;
2105 }
2106
2107 return NULL;
2108}
2109
2110static void pairing_complete(struct pending_cmd *cmd, u8 status)
2111{
2112 struct mgmt_rp_pair_device rp;
2113 struct hci_conn *conn = cmd->user_data;
2114
ba4e564f 2115 bacpy(&rp.addr.bdaddr, &conn->dst);
57c1477c 2116 rp.addr.type = link_to_bdaddr(conn->type, conn->dst_type);
e9a416b5 2117
aee9b218 2118 cmd_complete(cmd->sk, cmd->index, MGMT_OP_PAIR_DEVICE, status,
04124681 2119 &rp, sizeof(rp));
e9a416b5
JH		 2120
2121 /* So we don't get further callbacks for this connection */
2122 conn->connect_cfm_cb = NULL;
2123 conn->security_cfm_cb = NULL;
2124 conn->disconn_cfm_cb = NULL;
2125
76a68ba0 2126 hci_conn_drop(conn);
e9a416b5 2127
a664b5bc 2128 mgmt_pending_remove(cmd);
e9a416b5
JH		 2129}
2130
2131static void pairing_complete_cb(struct hci_conn *conn, u8 status)
2132{
2133 struct pending_cmd *cmd;
2134
2135 BT_DBG("status %u", status);
2136
2137 cmd = find_pairing(conn);
56e5cb86 2138 if (!cmd)
e9a416b5 2139 BT_DBG("Unable to find a pending command");
56e5cb86 2140 else
e211326c 2141 pairing_complete(cmd, mgmt_status(status));
e9a416b5
JH		 2142}
2143
4c47d739
VA		 2144static void le_connect_complete_cb(struct hci_conn *conn, u8 status)
2145{
2146 struct pending_cmd *cmd;
2147
2148 BT_DBG("status %u", status);
2149
2150 if (!status)
2151 return;
2152
2153 cmd = find_pairing(conn);
2154 if (!cmd)
2155 BT_DBG("Unable to find a pending command");
2156 else
2157 pairing_complete(cmd, mgmt_status(status));
2158}
2159
bdb6d971 2160static int pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2161 u16 len)
e9a416b5 2162{
650f726d 2163 struct mgmt_cp_pair_device *cp = data;
1425acb7 2164 struct mgmt_rp_pair_device rp;
e9a416b5
JH		 2165 struct pending_cmd *cmd;
2166 u8 sec_level, auth_type;
2167 struct hci_conn *conn;
e9a416b5
JH		 2168 int err;
2169
2170 BT_DBG("");
2171
f950a30e
SJ		 2172 memset(&rp, 0, sizeof(rp));
2173 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2174 rp.addr.type = cp->addr.type;
2175
4ee71b20
JH		 2176 if (!bdaddr_type_is_valid(cp->addr.type))
2177 return cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2178 MGMT_STATUS_INVALID_PARAMS,
2179 &rp, sizeof(rp));
2180
09fd0de5 2181 hci_dev_lock(hdev);
e9a416b5 2182
5f97c1df 2183 if (!hdev_is_powered(hdev)) {
f950a30e
SJ		 2184 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2185 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
5f97c1df
JH		 2186 goto unlock;
2187 }
2188
c908df36
VCG		 2189 sec_level = BT_SECURITY_MEDIUM;
2190 if (cp->io_cap == 0x03)
e9a416b5 2191 auth_type = HCI_AT_DEDICATED_BONDING;
c908df36 2192 else
e9a416b5 2193 auth_type = HCI_AT_DEDICATED_BONDING_MITM;
e9a416b5 2194
591f47f3 2195 if (cp->addr.type == BDADDR_BREDR)
b12f62cf
AG		 2196 conn = hci_connect(hdev, ACL_LINK, &cp->addr.bdaddr,
2197 cp->addr.type, sec_level, auth_type);
7a512d01 2198 else
b12f62cf
AG		 2199 conn = hci_connect(hdev, LE_LINK, &cp->addr.bdaddr,
2200 cp->addr.type, sec_level, auth_type);
7a512d01 2201
30e76272 2202 if (IS_ERR(conn)) {
489dc48e
AK		 2203 int status;
2204
2205 if (PTR_ERR(conn) == -EBUSY)
2206 status = MGMT_STATUS_BUSY;
2207 else
2208 status = MGMT_STATUS_CONNECT_FAILED;
2209
bdb6d971 2210 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
489dc48e 2211 status, &rp,
04124681 2212 sizeof(rp));
e9a416b5
JH		 2213 goto unlock;
2214 }
2215
2216 if (conn->connect_cfm_cb) {
76a68ba0 2217 hci_conn_drop(conn);
bdb6d971 2218 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
04124681 2219 MGMT_STATUS_BUSY, &rp, sizeof(rp));
e9a416b5
JH		 2220 goto unlock;
2221 }
2222
2e58ef3e 2223 cmd = mgmt_pending_add(sk, MGMT_OP_PAIR_DEVICE, hdev, data, len);
e9a416b5
JH		 2224 if (!cmd) {
2225 err = -ENOMEM;
76a68ba0 2226 hci_conn_drop(conn);
e9a416b5
JH		 2227 goto unlock;
2228 }
2229
7a512d01 2230 /* For LE, just connecting isn't a proof that the pairing finished */
591f47f3 2231 if (cp->addr.type == BDADDR_BREDR)
7a512d01 2232 conn->connect_cfm_cb = pairing_complete_cb;
4c47d739
VA		 2233 else
2234 conn->connect_cfm_cb = le_connect_complete_cb;
7a512d01 2235
e9a416b5
JH		 2236 conn->security_cfm_cb = pairing_complete_cb;
2237 conn->disconn_cfm_cb = pairing_complete_cb;
2238 conn->io_capability = cp->io_cap;
2239 cmd->user_data = conn;
2240
2241 if (conn->state == BT_CONNECTED &&
8ce8e2b5 2242 hci_conn_security(conn, sec_level, auth_type))
e9a416b5
JH		 2243 pairing_complete(cmd, 0);
2244
2245 err = 0;
2246
2247unlock:
09fd0de5 2248 hci_dev_unlock(hdev);
e9a416b5
JH		 2249 return err;
2250}
2251
04124681
GP		 2252static int cancel_pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
2253 u16 len)
28424707 2254{
0f4e68cf 2255 struct mgmt_addr_info *addr = data;
28424707
JH		 2256 struct pending_cmd *cmd;
2257 struct hci_conn *conn;
2258 int err;
2259
2260 BT_DBG("");
2261
28424707
JH		 2262 hci_dev_lock(hdev);
2263
5f97c1df 2264 if (!hdev_is_powered(hdev)) {
bdb6d971 2265 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
04124681 2266 MGMT_STATUS_NOT_POWERED);
5f97c1df
JH		 2267 goto unlock;
2268 }
2269
28424707
JH		 2270 cmd = mgmt_pending_find(MGMT_OP_PAIR_DEVICE, hdev);
2271 if (!cmd) {
bdb6d971 2272 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
04124681 2273 MGMT_STATUS_INVALID_PARAMS);
28424707
JH		 2274 goto unlock;
2275 }
2276
2277 conn = cmd->user_data;
2278
2279 if (bacmp(&addr->bdaddr, &conn->dst) != 0) {
bdb6d971 2280 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
04124681 2281 MGMT_STATUS_INVALID_PARAMS);
28424707
JH		 2282 goto unlock;
2283 }
2284
2285 pairing_complete(cmd, MGMT_STATUS_CANCELLED);
2286
bdb6d971 2287 err = cmd_complete(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE, 0,
04124681 2288 addr, sizeof(*addr));
28424707
JH		 2289unlock:
2290 hci_dev_unlock(hdev);
28424707
JH		 2291 return err;
2292}
2293
bdb6d971 2294static int user_pairing_resp(struct sock *sk, struct hci_dev *hdev,
1707c60e 2295 struct mgmt_addr_info *addr, u16 mgmt_op,
04124681 2296 u16 hci_op, __le32 passkey)
a5c29683 2297{
a5c29683 2298 struct pending_cmd *cmd;
0df4c185 2299 struct hci_conn *conn;
a5c29683
JH		 2300 int err;
2301
09fd0de5 2302 hci_dev_lock(hdev);
08ba5382 2303
4b34ee78 2304 if (!hdev_is_powered(hdev)) {
feb94d3d
JH		 2305 err = cmd_complete(sk, hdev->id, mgmt_op,
2306 MGMT_STATUS_NOT_POWERED, addr,
2307 sizeof(*addr));
0df4c185 2308 goto done;
a5c29683
JH		 2309 }
2310
1707c60e
JH		 2311 if (addr->type == BDADDR_BREDR)
2312 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &addr->bdaddr);
272d90df 2313 else
1707c60e 2314 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &addr->bdaddr);
272d90df
JH		 2315
2316 if (!conn) {
feb94d3d
JH		 2317 err = cmd_complete(sk, hdev->id, mgmt_op,
2318 MGMT_STATUS_NOT_CONNECTED, addr,
2319 sizeof(*addr));
272d90df
JH		 2320 goto done;
2321 }
47c15e2b 2322
1707c60e 2323 if (addr->type == BDADDR_LE_PUBLIC || addr->type == BDADDR_LE_RANDOM) {
47c15e2b 2324 /* Continue with pairing via SMP */
5fe57d9e
BG		 2325 err = smp_user_confirm_reply(conn, mgmt_op, passkey);
2326
2327 if (!err)
feb94d3d
JH		 2328 err = cmd_complete(sk, hdev->id, mgmt_op,
2329 MGMT_STATUS_SUCCESS, addr,
2330 sizeof(*addr));
5fe57d9e 2331 else
feb94d3d
JH		 2332 err = cmd_complete(sk, hdev->id, mgmt_op,
2333 MGMT_STATUS_FAILED, addr,
2334 sizeof(*addr));
47c15e2b 2335
47c15e2b
BG		 2336 goto done;
2337 }
2338
1707c60e 2339 cmd = mgmt_pending_add(sk, mgmt_op, hdev, addr, sizeof(*addr));
a5c29683
JH		 2340 if (!cmd) {
2341 err = -ENOMEM;
0df4c185 2342 goto done;
a5c29683
JH		 2343 }
2344
0df4c185 2345 /* Continue with pairing via HCI */
604086b7
BG		 2346 if (hci_op == HCI_OP_USER_PASSKEY_REPLY) {
2347 struct hci_cp_user_passkey_reply cp;
2348
1707c60e 2349 bacpy(&cp.bdaddr, &addr->bdaddr);
604086b7
BG		 2350 cp.passkey = passkey;
2351 err = hci_send_cmd(hdev, hci_op, sizeof(cp), &cp);
2352 } else
1707c60e
JH		 2353 err = hci_send_cmd(hdev, hci_op, sizeof(addr->bdaddr),
2354 &addr->bdaddr);
604086b7 2355
a664b5bc
JH		 2356 if (err < 0)
2357 mgmt_pending_remove(cmd);
a5c29683 2358
0df4c185 2359done:
09fd0de5 2360 hci_dev_unlock(hdev);
a5c29683
JH		 2361 return err;
2362}
2363
afeb019d
JK		 2364static int pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
2365 void *data, u16 len)
2366{
2367 struct mgmt_cp_pin_code_neg_reply *cp = data;
2368
2369 BT_DBG("");
2370
1707c60e 2371 return user_pairing_resp(sk, hdev, &cp->addr,
afeb019d
JK		 2372 MGMT_OP_PIN_CODE_NEG_REPLY,
2373 HCI_OP_PIN_CODE_NEG_REPLY, 0);
2374}
2375
04124681
GP		 2376static int user_confirm_reply(struct sock *sk, struct hci_dev *hdev, void *data,
2377 u16 len)
0df4c185 2378{
650f726d 2379 struct mgmt_cp_user_confirm_reply *cp = data;
0df4c185
BG		 2380
2381 BT_DBG("");
2382
2383 if (len != sizeof(*cp))
bdb6d971 2384 return cmd_status(sk, hdev->id, MGMT_OP_USER_CONFIRM_REPLY,
04124681 2385 MGMT_STATUS_INVALID_PARAMS);
0df4c185 2386
1707c60e 2387 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 2388 MGMT_OP_USER_CONFIRM_REPLY,
2389 HCI_OP_USER_CONFIRM_REPLY, 0);
0df4c185
BG		 2390}
2391
bdb6d971 2392static int user_confirm_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 2393 void *data, u16 len)
0df4c185 2394{
c9c2659f 2395 struct mgmt_cp_user_confirm_neg_reply *cp = data;
0df4c185
BG		 2396
2397 BT_DBG("");
2398
1707c60e 2399 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 2400 MGMT_OP_USER_CONFIRM_NEG_REPLY,
2401 HCI_OP_USER_CONFIRM_NEG_REPLY, 0);
0df4c185
BG		 2402}
2403
04124681
GP		 2404static int user_passkey_reply(struct sock *sk, struct hci_dev *hdev, void *data,
2405 u16 len)
604086b7 2406{
650f726d 2407 struct mgmt_cp_user_passkey_reply *cp = data;
604086b7
BG		 2408
2409 BT_DBG("");
2410
1707c60e 2411 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 2412 MGMT_OP_USER_PASSKEY_REPLY,
2413 HCI_OP_USER_PASSKEY_REPLY, cp->passkey);
604086b7
BG		 2414}
2415
bdb6d971 2416static int user_passkey_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 2417 void *data, u16 len)
604086b7 2418{
650f726d 2419 struct mgmt_cp_user_passkey_neg_reply *cp = data;
604086b7
BG		 2420
2421 BT_DBG("");
2422
1707c60e 2423 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 2424 MGMT_OP_USER_PASSKEY_NEG_REPLY,
2425 HCI_OP_USER_PASSKEY_NEG_REPLY, 0);
604086b7
BG		 2426}
2427
13928971 2428static void update_name(struct hci_request *req)
2b4bf397 2429{
13928971 2430 struct hci_dev *hdev = req->hdev;
2b4bf397
JH		 2431 struct hci_cp_write_local_name cp;
2432
13928971 2433 memcpy(cp.name, hdev->dev_name, sizeof(cp.name));
2b4bf397 2434
890ea898 2435 hci_req_add(req, HCI_OP_WRITE_LOCAL_NAME, sizeof(cp), &cp);
2b4bf397
JH		 2436}
2437
13928971
JH		 2438static void set_name_complete(struct hci_dev *hdev, u8 status)
2439{
2440 struct mgmt_cp_set_local_name *cp;
2441 struct pending_cmd *cmd;
2442
2443 BT_DBG("status 0x%02x", status);
2444
2445 hci_dev_lock(hdev);
2446
2447 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
2448 if (!cmd)
2449 goto unlock;
2450
2451 cp = cmd->param;
2452
2453 if (status)
2454 cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME,
2455 mgmt_status(status));
2456 else
2457 cmd_complete(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
2458 cp, sizeof(*cp));
2459
2460 mgmt_pending_remove(cmd);
2461
2462unlock:
2463 hci_dev_unlock(hdev);
2464}
2465
bdb6d971 2466static int set_local_name(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2467 u16 len)
b312b161 2468{
2b4bf397 2469 struct mgmt_cp_set_local_name *cp = data;
b312b161 2470 struct pending_cmd *cmd;
890ea898 2471 struct hci_request req;
b312b161
JH		 2472 int err;
2473
2474 BT_DBG("");
2475
09fd0de5 2476 hci_dev_lock(hdev);
b312b161 2477
b3f2ca94
JH		 2478 /* If the old values are the same as the new ones just return a
2479 * direct command complete event.
2480 */
2481 if (!memcmp(hdev->dev_name, cp->name, sizeof(hdev->dev_name)) &&
2482 !memcmp(hdev->short_name, cp->short_name,
2483 sizeof(hdev->short_name))) {
2484 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
2485 data, len);
2486 goto failed;
2487 }
2488
2b4bf397 2489 memcpy(hdev->short_name, cp->short_name, sizeof(hdev->short_name));
28cc7bde 2490
b5235a65 2491 if (!hdev_is_powered(hdev)) {
2b4bf397 2492 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
28cc7bde
JH		 2493
2494 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
04124681 2495 data, len);
28cc7bde
JH		 2496 if (err < 0)
2497 goto failed;
2498
2499 err = mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, data, len,
04124681 2500 sk);
28cc7bde 2501
b5235a65
JH		 2502 goto failed;
2503 }
2504
28cc7bde 2505 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LOCAL_NAME, hdev, data, len);
b312b161
JH		 2506 if (!cmd) {
2507 err = -ENOMEM;
2508 goto failed;
2509 }
2510
13928971
JH		 2511 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
2512
890ea898 2513 hci_req_init(&req, hdev);
3f985050
JH		 2514
2515 if (lmp_bredr_capable(hdev)) {
2516 update_name(&req);
2517 update_eir(&req);
2518 }
2519
2520 if (lmp_le_capable(hdev))
2521 hci_update_ad(&req);
2522
13928971 2523 err = hci_req_run(&req, set_name_complete);
b312b161
JH		 2524 if (err < 0)
2525 mgmt_pending_remove(cmd);
2526
2527failed:
09fd0de5 2528 hci_dev_unlock(hdev);
b312b161
JH		 2529 return err;
2530}
2531
0f4e68cf 2532static int read_local_oob_data(struct sock *sk, struct hci_dev *hdev,
04124681 2533 void *data, u16 data_len)
c35938b2 2534{
c35938b2
SJ		 2535 struct pending_cmd *cmd;
2536 int err;
2537
bdb6d971 2538 BT_DBG("%s", hdev->name);
c35938b2 2539
09fd0de5 2540 hci_dev_lock(hdev);
c35938b2 2541
4b34ee78 2542 if (!hdev_is_powered(hdev)) {
bdb6d971 2543 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
04124681 2544 MGMT_STATUS_NOT_POWERED);
c35938b2
SJ		 2545 goto unlock;
2546 }
2547
9a1a1996 2548 if (!lmp_ssp_capable(hdev)) {
bdb6d971 2549 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
04124681 2550 MGMT_STATUS_NOT_SUPPORTED);
c35938b2
SJ		 2551 goto unlock;
2552 }
2553
2e58ef3e 2554 if (mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev)) {
bdb6d971 2555 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
04124681 2556 MGMT_STATUS_BUSY);
c35938b2
SJ		 2557 goto unlock;
2558 }
2559
2e58ef3e 2560 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_DATA, hdev, NULL, 0);
c35938b2
SJ		 2561 if (!cmd) {
2562 err = -ENOMEM;
2563 goto unlock;
2564 }
2565
2566 err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL);
2567 if (err < 0)
2568 mgmt_pending_remove(cmd);
2569
2570unlock:
09fd0de5 2571 hci_dev_unlock(hdev);
c35938b2
SJ		 2572 return err;
2573}
2574
bdb6d971 2575static int add_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
04124681 2576 void *data, u16 len)
2763eda6 2577{
650f726d 2578 struct mgmt_cp_add_remote_oob_data *cp = data;
bf1e3541 2579 u8 status;
2763eda6
SJ		 2580 int err;
2581
bdb6d971 2582 BT_DBG("%s ", hdev->name);
2763eda6 2583
09fd0de5 2584 hci_dev_lock(hdev);
2763eda6 2585
664ce4cc 2586 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr, cp->hash,
04124681 2587 cp->randomizer);
2763eda6 2588 if (err < 0)
bf1e3541 2589 status = MGMT_STATUS_FAILED;
2763eda6 2590 else
a6785be2 2591 status = MGMT_STATUS_SUCCESS;
bf1e3541 2592
bdb6d971 2593 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA, status,
04124681 2594 &cp->addr, sizeof(cp->addr));
2763eda6 2595
09fd0de5 2596 hci_dev_unlock(hdev);
2763eda6
SJ		 2597 return err;
2598}
2599
bdb6d971 2600static int remove_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
8ce8e2b5 2601 void *data, u16 len)
2763eda6 2602{
650f726d 2603 struct mgmt_cp_remove_remote_oob_data *cp = data;
bf1e3541 2604 u8 status;
2763eda6
SJ		 2605 int err;
2606
bdb6d971 2607 BT_DBG("%s", hdev->name);
2763eda6 2608
09fd0de5 2609 hci_dev_lock(hdev);
2763eda6 2610
664ce4cc 2611 err = hci_remove_remote_oob_data(hdev, &cp->addr.bdaddr);
2763eda6 2612 if (err < 0)
bf1e3541 2613 status = MGMT_STATUS_INVALID_PARAMS;
2763eda6 2614 else
a6785be2 2615 status = MGMT_STATUS_SUCCESS;
bf1e3541 2616
bdb6d971 2617 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
04124681 2618 status, &cp->addr, sizeof(cp->addr));
2763eda6 2619
09fd0de5 2620 hci_dev_unlock(hdev);
2763eda6
SJ		 2621 return err;
2622}
2623
41dc2bd6
AG		 2624static int mgmt_start_discovery_failed(struct hci_dev *hdev, u8 status)
2625{
2626 struct pending_cmd *cmd;
2627 u8 type;
2628 int err;
2629
2630 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
2631
2632 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
2633 if (!cmd)
2634 return -ENOENT;
2635
2636 type = hdev->discovery.type;
2637
2638 err = cmd_complete(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status),
2639 &type, sizeof(type));
2640 mgmt_pending_remove(cmd);
2641
2642 return err;
2643}
2644
7c307720
AG		 2645static void start_discovery_complete(struct hci_dev *hdev, u8 status)
2646{
2647 BT_DBG("status %d", status);
2648
2649 if (status) {
2650 hci_dev_lock(hdev);
2651 mgmt_start_discovery_failed(hdev, status);
2652 hci_dev_unlock(hdev);
2653 return;
2654 }
2655
2656 hci_dev_lock(hdev);
2657 hci_discovery_set_state(hdev, DISCOVERY_FINDING);
2658 hci_dev_unlock(hdev);
2659
2660 switch (hdev->discovery.type) {
2661 case DISCOV_TYPE_LE:
2662 queue_delayed_work(hdev->workqueue, &hdev->le_scan_disable,
0d8cc935 2663 DISCOV_LE_TIMEOUT);
7c307720
AG		 2664 break;
2665
2666 case DISCOV_TYPE_INTERLEAVED:
2667 queue_delayed_work(hdev->workqueue, &hdev->le_scan_disable,
0d8cc935 2668 DISCOV_INTERLEAVED_TIMEOUT);
7c307720
AG		 2669 break;
2670
2671 case DISCOV_TYPE_BREDR:
2672 break;
2673
2674 default:
2675 BT_ERR("Invalid discovery type %d", hdev->discovery.type);
2676 }
2677}
2678
bdb6d971 2679static int start_discovery(struct sock *sk, struct hci_dev *hdev,
04124681 2680 void *data, u16 len)
14a53664 2681{
650f726d 2682 struct mgmt_cp_start_discovery *cp = data;
14a53664 2683 struct pending_cmd *cmd;
7c307720
AG		 2684 struct hci_cp_le_set_scan_param param_cp;
2685 struct hci_cp_le_set_scan_enable enable_cp;
2686 struct hci_cp_inquiry inq_cp;
2687 struct hci_request req;
2688 /* General inquiry access code (GIAC) */
2689 u8 lap[3] = { 0x33, 0x8b, 0x9e };
14a53664
JH		 2690 int err;
2691
bdb6d971 2692 BT_DBG("%s", hdev->name);
14a53664 2693
09fd0de5 2694 hci_dev_lock(hdev);
14a53664 2695
4b34ee78 2696 if (!hdev_is_powered(hdev)) {
bdb6d971 2697 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
04124681 2698 MGMT_STATUS_NOT_POWERED);
bd2d1334
JH		 2699 goto failed;
2700 }
2701
642be6c7
AG		 2702 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags)) {
2703 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2704 MGMT_STATUS_BUSY);
2705 goto failed;
2706 }
2707
ff9ef578 2708 if (hdev->discovery.state != DISCOVERY_STOPPED) {
bdb6d971 2709 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
04124681 2710 MGMT_STATUS_BUSY);
ff9ef578
JH		 2711 goto failed;
2712 }
2713
2e58ef3e 2714 cmd = mgmt_pending_add(sk, MGMT_OP_START_DISCOVERY, hdev, NULL, 0);
14a53664
JH		 2715 if (!cmd) {
2716 err = -ENOMEM;
2717 goto failed;
2718 }
2719
4aab14e5
AG		 2720 hdev->discovery.type = cp->type;
2721
7c307720
AG		 2722 hci_req_init(&req, hdev);
2723
4aab14e5 2724 switch (hdev->discovery.type) {
f39799f5 2725 case DISCOV_TYPE_BREDR:
04106755
JH		 2726 if (!lmp_bredr_capable(hdev)) {
2727 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2728 MGMT_STATUS_NOT_SUPPORTED);
2729 mgmt_pending_remove(cmd);
2730 goto failed;
2731 }
2732
7c307720
AG		 2733 if (test_bit(HCI_INQUIRY, &hdev->flags)) {
2734 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2735 MGMT_STATUS_BUSY);
2736 mgmt_pending_remove(cmd);
2737 goto failed;
2738 }
2739
2740 hci_inquiry_cache_flush(hdev);
2741
2742 memset(&inq_cp, 0, sizeof(inq_cp));
2743 memcpy(&inq_cp.lap, lap, sizeof(inq_cp.lap));
0d8cc935 2744 inq_cp.length = DISCOV_BREDR_INQUIRY_LEN;
7c307720 2745 hci_req_add(&req, HCI_OP_INQUIRY, sizeof(inq_cp), &inq_cp);
f39799f5
AG		 2746 break;
2747
2748 case DISCOV_TYPE_LE:
7c307720 2749 case DISCOV_TYPE_INTERLEAVED:
757aee0f 2750 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
04106755
JH		 2751 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2752 MGMT_STATUS_NOT_SUPPORTED);
2753 mgmt_pending_remove(cmd);
2754 goto failed;
2755 }
2756
7c307720
AG		 2757 if (hdev->discovery.type == DISCOV_TYPE_INTERLEAVED &&
2758 !lmp_bredr_capable(hdev)) {
04106755
JH		 2759 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2760 MGMT_STATUS_NOT_SUPPORTED);
2761 mgmt_pending_remove(cmd);
2762 goto failed;
2763 }
2764
7c307720
AG		 2765 if (test_bit(HCI_LE_PERIPHERAL, &hdev->dev_flags)) {
2766 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2767 MGMT_STATUS_REJECTED);
2768 mgmt_pending_remove(cmd);
2769 goto failed;
2770 }
2771
2772 if (test_bit(HCI_LE_SCAN, &hdev->dev_flags)) {
2773 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2774 MGMT_STATUS_BUSY);
2775 mgmt_pending_remove(cmd);
2776 goto failed;
2777 }
2778
2779 memset(&param_cp, 0, sizeof(param_cp));
2780 param_cp.type = LE_SCAN_ACTIVE;
0d8cc935
AG		 2781 param_cp.interval = cpu_to_le16(DISCOV_LE_SCAN_INT);
2782 param_cp.window = cpu_to_le16(DISCOV_LE_SCAN_WIN);
7c307720
AG		 2783 hci_req_add(&req, HCI_OP_LE_SET_SCAN_PARAM, sizeof(param_cp),
2784 &param_cp);
2785
2786 memset(&enable_cp, 0, sizeof(enable_cp));
2787 enable_cp.enable = LE_SCAN_ENABLE;
2788 enable_cp.filter_dup = LE_SCAN_FILTER_DUP_ENABLE;
2789 hci_req_add(&req, HCI_OP_LE_SET_SCAN_ENABLE, sizeof(enable_cp),
2790 &enable_cp);
5e0452c0
AG		 2791 break;
2792
f39799f5 2793 default:
04106755
JH		 2794 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2795 MGMT_STATUS_INVALID_PARAMS);
2796 mgmt_pending_remove(cmd);
2797 goto failed;
f39799f5 2798 }
3fd24153 2799
7c307720 2800 err = hci_req_run(&req, start_discovery_complete);
14a53664
JH		 2801 if (err < 0)
2802 mgmt_pending_remove(cmd);
ff9ef578
JH		 2803 else
2804 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
14a53664
JH		 2805
2806failed:
09fd0de5 2807 hci_dev_unlock(hdev);
14a53664
JH		 2808 return err;
2809}
2810
1183fdca
AG		 2811static int mgmt_stop_discovery_failed(struct hci_dev *hdev, u8 status)
2812{
2813 struct pending_cmd *cmd;
2814 int err;
2815
2816 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
2817 if (!cmd)
2818 return -ENOENT;
2819
2820 err = cmd_complete(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status),
2821 &hdev->discovery.type, sizeof(hdev->discovery.type));
2822 mgmt_pending_remove(cmd);
2823
2824 return err;
2825}
2826
0e05bba6
AG		 2827static void stop_discovery_complete(struct hci_dev *hdev, u8 status)
2828{
2829 BT_DBG("status %d", status);
2830
2831 hci_dev_lock(hdev);
2832
2833 if (status) {
2834 mgmt_stop_discovery_failed(hdev, status);
2835 goto unlock;
2836 }
2837
2838 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
2839
2840unlock:
2841 hci_dev_unlock(hdev);
2842}
2843
bdb6d971 2844static int stop_discovery(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2845 u16 len)
14a53664 2846{
d930650b 2847 struct mgmt_cp_stop_discovery *mgmt_cp = data;
14a53664 2848 struct pending_cmd *cmd;
30dc78e1
JH		 2849 struct hci_cp_remote_name_req_cancel cp;
2850 struct inquiry_entry *e;
0e05bba6
AG		 2851 struct hci_request req;
2852 struct hci_cp_le_set_scan_enable enable_cp;
14a53664
JH		 2853 int err;
2854
bdb6d971 2855 BT_DBG("%s", hdev->name);
14a53664 2856
09fd0de5 2857 hci_dev_lock(hdev);
14a53664 2858
30dc78e1 2859 if (!hci_discovery_active(hdev)) {
bdb6d971 2860 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
04124681
GP		 2861 MGMT_STATUS_REJECTED, &mgmt_cp->type,
2862 sizeof(mgmt_cp->type));
d930650b
JH		 2863 goto unlock;
2864 }
2865
2866 if (hdev->discovery.type != mgmt_cp->type) {
bdb6d971 2867 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
04124681
GP		 2868 MGMT_STATUS_INVALID_PARAMS, &mgmt_cp->type,
2869 sizeof(mgmt_cp->type));
30dc78e1 2870 goto unlock;
ff9ef578
JH		 2871 }
2872
2e58ef3e 2873 cmd = mgmt_pending_add(sk, MGMT_OP_STOP_DISCOVERY, hdev, NULL, 0);
14a53664
JH		 2874 if (!cmd) {
2875 err = -ENOMEM;
30dc78e1
JH		 2876 goto unlock;
2877 }
2878
0e05bba6
AG		 2879 hci_req_init(&req, hdev);
2880
e0d9727e
AG		 2881 switch (hdev->discovery.state) {
2882 case DISCOVERY_FINDING:
0e05bba6
AG		 2883 if (test_bit(HCI_INQUIRY, &hdev->flags)) {
2884 hci_req_add(&req, HCI_OP_INQUIRY_CANCEL, 0, NULL);
2885 } else {
2886 cancel_delayed_work(&hdev->le_scan_disable);
2887
2888 memset(&enable_cp, 0, sizeof(enable_cp));
2889 enable_cp.enable = LE_SCAN_DISABLE;
2890 hci_req_add(&req, HCI_OP_LE_SET_SCAN_ENABLE,
2891 sizeof(enable_cp), &enable_cp);
2892 }
c9ecc48e 2893
e0d9727e
AG		 2894 break;
2895
2896 case DISCOVERY_RESOLVING:
2897 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY,
8ce8e2b5 2898 NAME_PENDING);
e0d9727e 2899 if (!e) {
30dc78e1 2900 mgmt_pending_remove(cmd);
e0d9727e
AG		 2901 err = cmd_complete(sk, hdev->id,
2902 MGMT_OP_STOP_DISCOVERY, 0,
2903 &mgmt_cp->type,
2904 sizeof(mgmt_cp->type));
2905 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
2906 goto unlock;
2907 }
30dc78e1 2908
e0d9727e 2909 bacpy(&cp.bdaddr, &e->data.bdaddr);
0e05bba6
AG		 2910 hci_req_add(&req, HCI_OP_REMOTE_NAME_REQ_CANCEL, sizeof(cp),
2911 &cp);
e0d9727e
AG		 2912
2913 break;
2914
2915 default:
2916 BT_DBG("unknown discovery state %u", hdev->discovery.state);
0e05bba6
AG		 2917
2918 mgmt_pending_remove(cmd);
2919 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
2920 MGMT_STATUS_FAILED, &mgmt_cp->type,
2921 sizeof(mgmt_cp->type));
2922 goto unlock;
14a53664
JH		 2923 }
2924
0e05bba6 2925 err = hci_req_run(&req, stop_discovery_complete);
14a53664
JH		 2926 if (err < 0)
2927 mgmt_pending_remove(cmd);
ff9ef578
JH		 2928 else
2929 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
14a53664 2930
30dc78e1 2931unlock:
09fd0de5 2932 hci_dev_unlock(hdev);
14a53664
JH		 2933 return err;
2934}
2935
bdb6d971 2936static int confirm_name(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2937 u16 len)
561aafbc 2938{
650f726d 2939 struct mgmt_cp_confirm_name *cp = data;
561aafbc 2940 struct inquiry_entry *e;
561aafbc
JH		 2941 int err;
2942
bdb6d971 2943 BT_DBG("%s", hdev->name);
561aafbc 2944
561aafbc
JH		 2945 hci_dev_lock(hdev);
2946
30dc78e1 2947 if (!hci_discovery_active(hdev)) {
bdb6d971 2948 err = cmd_status(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
04124681 2949 MGMT_STATUS_FAILED);
30dc78e1
JH		 2950 goto failed;
2951 }
2952
a198e7b1 2953 e = hci_inquiry_cache_lookup_unknown(hdev, &cp->addr.bdaddr);
561aafbc 2954 if (!e) {
bdb6d971 2955 err = cmd_status(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
04124681 2956 MGMT_STATUS_INVALID_PARAMS);
561aafbc
JH		 2957 goto failed;
2958 }
2959
2960 if (cp->name_known) {
2961 e->name_state = NAME_KNOWN;
2962 list_del(&e->list);
2963 } else {
2964 e->name_state = NAME_NEEDED;
a3d4e20a 2965 hci_inquiry_cache_update_resolve(hdev, e);
561aafbc
JH		 2966 }
2967
e384662b
JH		 2968 err = cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME, 0, &cp->addr,
2969 sizeof(cp->addr));
561aafbc
JH		 2970
2971failed:
2972 hci_dev_unlock(hdev);
561aafbc
JH		 2973 return err;
2974}
2975
bdb6d971 2976static int block_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2977 u16 len)
7fbec224 2978{
650f726d 2979 struct mgmt_cp_block_device *cp = data;
f0eeea8b 2980 u8 status;
7fbec224
AJ		 2981 int err;
2982
bdb6d971 2983 BT_DBG("%s", hdev->name);
7fbec224 2984
4ee71b20 2985 if (!bdaddr_type_is_valid(cp->addr.type))
5d0846d4
JH		 2986 return cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE,
2987 MGMT_STATUS_INVALID_PARAMS,
2988 &cp->addr, sizeof(cp->addr));
4ee71b20 2989
09fd0de5 2990 hci_dev_lock(hdev);
5e762444 2991
88c1fe4b 2992 err = hci_blacklist_add(hdev, &cp->addr.bdaddr, cp->addr.type);
7fbec224 2993 if (err < 0)
f0eeea8b 2994 status = MGMT_STATUS_FAILED;
7fbec224 2995 else
a6785be2 2996 status = MGMT_STATUS_SUCCESS;
f0eeea8b 2997
bdb6d971 2998 err = cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE, status,
04124681 2999 &cp->addr, sizeof(cp->addr));
5e762444 3000
09fd0de5 3001 hci_dev_unlock(hdev);
7fbec224
AJ		 3002
3003 return err;
3004}
3005
bdb6d971 3006static int unblock_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3007 u16 len)
7fbec224 3008{
650f726d 3009 struct mgmt_cp_unblock_device *cp = data;
f0eeea8b 3010 u8 status;
7fbec224
AJ		 3011 int err;
3012
bdb6d971 3013 BT_DBG("%s", hdev->name);
7fbec224 3014
4ee71b20 3015 if (!bdaddr_type_is_valid(cp->addr.type))
5d0846d4
JH		 3016 return cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE,
3017 MGMT_STATUS_INVALID_PARAMS,
3018 &cp->addr, sizeof(cp->addr));
4ee71b20 3019
09fd0de5 3020 hci_dev_lock(hdev);
5e762444 3021
88c1fe4b 3022 err = hci_blacklist_del(hdev, &cp->addr.bdaddr, cp->addr.type);
7fbec224 3023 if (err < 0)
f0eeea8b 3024 status = MGMT_STATUS_INVALID_PARAMS;
7fbec224 3025 else
a6785be2 3026 status = MGMT_STATUS_SUCCESS;
f0eeea8b 3027
bdb6d971 3028 err = cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE, status,
04124681 3029 &cp->addr, sizeof(cp->addr));
5e762444 3030
09fd0de5 3031 hci_dev_unlock(hdev);
7fbec224
AJ		 3032
3033 return err;
3034}
3035
cdbaccca
MH		 3036static int set_device_id(struct sock *sk, struct hci_dev *hdev, void *data,
3037 u16 len)
3038{
3039 struct mgmt_cp_set_device_id *cp = data;
890ea898 3040 struct hci_request req;
cdbaccca 3041 int err;
c72d4b8a 3042 __u16 source;
cdbaccca
MH		 3043
3044 BT_DBG("%s", hdev->name);
3045
c72d4b8a
SJ		 3046 source = __le16_to_cpu(cp->source);
3047
3048 if (source > 0x0002)
3049 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEVICE_ID,
3050 MGMT_STATUS_INVALID_PARAMS);
3051
cdbaccca
MH		 3052 hci_dev_lock(hdev);
3053
c72d4b8a 3054 hdev->devid_source = source;
cdbaccca
MH		 3055 hdev->devid_vendor = __le16_to_cpu(cp->vendor);
3056 hdev->devid_product = __le16_to_cpu(cp->product);
3057 hdev->devid_version = __le16_to_cpu(cp->version);
3058
3059 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEVICE_ID, 0, NULL, 0);
3060
890ea898
JH		 3061 hci_req_init(&req, hdev);
3062 update_eir(&req);
3063 hci_req_run(&req, NULL);
cdbaccca
MH		 3064
3065 hci_dev_unlock(hdev);
3066
3067 return err;
3068}
3069
33e38b3e
JH		 3070static void fast_connectable_complete(struct hci_dev *hdev, u8 status)
3071{
3072 struct pending_cmd *cmd;
3073
3074 BT_DBG("status 0x%02x", status);
3075
3076 hci_dev_lock(hdev);
3077
3078 cmd = mgmt_pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev);
3079 if (!cmd)
3080 goto unlock;
3081
3082 if (status) {
3083 cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
3084 mgmt_status(status));
3085 } else {
1a4d3c4b
JH		 3086 struct mgmt_mode *cp = cmd->param;
3087
3088 if (cp->val)
3089 set_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
3090 else
3091 clear_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
3092
33e38b3e
JH		 3093 send_settings_rsp(cmd->sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev);
3094 new_settings(hdev, cmd->sk);
3095 }
3096
3097 mgmt_pending_remove(cmd);
3098
3099unlock:
3100 hci_dev_unlock(hdev);
3101}
3102
bdb6d971 3103static int set_fast_connectable(struct sock *sk, struct hci_dev *hdev,
04124681 3104 void *data, u16 len)
f6422ec6 3105{
650f726d 3106 struct mgmt_mode *cp = data;
33e38b3e
JH		 3107 struct pending_cmd *cmd;
3108 struct hci_request req;
f6422ec6
AJ		 3109 int err;
3110
bdb6d971 3111 BT_DBG("%s", hdev->name);
f6422ec6 3112
1a47aee8 3113 if (!lmp_bredr_capable(hdev) || hdev->hci_ver < BLUETOOTH_VER_1_2)
33c525c0
JH		 3114 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
3115 MGMT_STATUS_NOT_SUPPORTED);
3116
a7e80f25
JH		 3117 if (cp->val != 0x00 && cp->val != 0x01)
3118 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
3119 MGMT_STATUS_INVALID_PARAMS);
3120
5400c044 3121 if (!hdev_is_powered(hdev))
bdb6d971 3122 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
04124681 3123 MGMT_STATUS_NOT_POWERED);
5400c044
JH		 3124
3125 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
bdb6d971 3126 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
04124681 3127 MGMT_STATUS_REJECTED);
f6422ec6
AJ		 3128
3129 hci_dev_lock(hdev);
3130
05cbf29f
JH		 3131 if (mgmt_pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev)) {
3132 err = cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
3133 MGMT_STATUS_BUSY);
3134 goto unlock;
3135 }
3136
1a4d3c4b
JH		 3137 if (!!cp->val == test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags)) {
3138 err = send_settings_rsp(sk, MGMT_OP_SET_FAST_CONNECTABLE,
3139 hdev);
3140 goto unlock;
3141 }
3142
33e38b3e
JH		 3143 cmd = mgmt_pending_add(sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev,
3144 data, len);
3145 if (!cmd) {
3146 err = -ENOMEM;
3147 goto unlock;
f6422ec6
AJ		 3148 }
3149
33e38b3e
JH		 3150 hci_req_init(&req, hdev);
3151
406d7804 3152 write_fast_connectable(&req, cp->val);
33e38b3e
JH		 3153
3154 err = hci_req_run(&req, fast_connectable_complete);
f6422ec6 3155 if (err < 0) {
bdb6d971 3156 err = cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
04124681 3157 MGMT_STATUS_FAILED);
33e38b3e 3158 mgmt_pending_remove(cmd);
f6422ec6
AJ		 3159 }
3160
33e38b3e 3161unlock:
f6422ec6 3162 hci_dev_unlock(hdev);
33e38b3e 3163
f6422ec6
AJ		 3164 return err;
3165}
3166
3f706b72
JH		 3167static bool ltk_is_valid(struct mgmt_ltk_info *key)
3168{
44b20d33
JH		 3169 if (key->authenticated != 0x00 && key->authenticated != 0x01)
3170 return false;
3f706b72
JH		 3171 if (key->master != 0x00 && key->master != 0x01)
3172 return false;
4ee71b20
JH		 3173 if (!bdaddr_type_is_le(key->addr.type))
3174 return false;
3f706b72
JH		 3175 return true;
3176}
3177
bdb6d971 3178static int load_long_term_keys(struct sock *sk, struct hci_dev *hdev,
04124681 3179 void *cp_data, u16 len)
346af67b 3180{
346af67b
VCG		 3181 struct mgmt_cp_load_long_term_keys *cp = cp_data;
3182 u16 key_count, expected_len;
715a5bf2 3183 int i, err;
346af67b 3184
1f350c87 3185 key_count = __le16_to_cpu(cp->key_count);
346af67b
VCG		 3186
3187 expected_len = sizeof(*cp) + key_count *
3188 sizeof(struct mgmt_ltk_info);
3189 if (expected_len != len) {
3190 BT_ERR("load_keys: expected %u bytes, got %u bytes",
8ce8e2b5 3191 len, expected_len);
bdb6d971 3192 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
e57e619f 3193 MGMT_STATUS_INVALID_PARAMS);
346af67b
VCG		 3194 }
3195
bdb6d971 3196 BT_DBG("%s key_count %u", hdev->name, key_count);
346af67b 3197
54ad6d8a
JH		 3198 for (i = 0; i < key_count; i++) {
3199 struct mgmt_ltk_info *key = &cp->keys[i];
3200
3f706b72 3201 if (!ltk_is_valid(key))
54ad6d8a
JH		 3202 return cmd_status(sk, hdev->id,
3203 MGMT_OP_LOAD_LONG_TERM_KEYS,
3204 MGMT_STATUS_INVALID_PARAMS);
3205 }
3206
346af67b
VCG		 3207 hci_dev_lock(hdev);
3208
3209 hci_smp_ltks_clear(hdev);
3210
3211 for (i = 0; i < key_count; i++) {
3212 struct mgmt_ltk_info *key = &cp->keys[i];
3213 u8 type;
3214
3215 if (key->master)
3216 type = HCI_SMP_LTK;
3217 else
3218 type = HCI_SMP_LTK_SLAVE;
3219
4596fde5 3220 hci_add_ltk(hdev, &key->addr.bdaddr,
378b5b7e 3221 bdaddr_to_le(key->addr.type),
04124681
GP		 3222 type, 0, key->authenticated, key->val,
3223 key->enc_size, key->ediv, key->rand);
346af67b
VCG		 3224 }
3225
715a5bf2
JH		 3226 err = cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS, 0,
3227 NULL, 0);
3228
346af67b 3229 hci_dev_unlock(hdev);
346af67b 3230
715a5bf2 3231 return err;
346af67b
VCG		 3232}
3233
2e3c35ea 3234static const struct mgmt_handler {
04124681
GP		 3235 int (*func) (struct sock *sk, struct hci_dev *hdev, void *data,
3236 u16 data_len);
be22b54e
JH		 3237 bool var_len;
3238 size_t data_len;
0f4e68cf
JH		 3239} mgmt_handlers[] = {
3240 { NULL }, /* 0x0000 (no command) */
be22b54e
JH		 3241 { read_version, false, MGMT_READ_VERSION_SIZE },
3242 { read_commands, false, MGMT_READ_COMMANDS_SIZE },
3243 { read_index_list, false, MGMT_READ_INDEX_LIST_SIZE },
3244 { read_controller_info, false, MGMT_READ_INFO_SIZE },
3245 { set_powered, false, MGMT_SETTING_SIZE },
3246 { set_discoverable, false, MGMT_SET_DISCOVERABLE_SIZE },
3247 { set_connectable, false, MGMT_SETTING_SIZE },
3248 { set_fast_connectable, false, MGMT_SETTING_SIZE },
3249 { set_pairable, false, MGMT_SETTING_SIZE },
3250 { set_link_security, false, MGMT_SETTING_SIZE },
3251 { set_ssp, false, MGMT_SETTING_SIZE },
3252 { set_hs, false, MGMT_SETTING_SIZE },
3253 { set_le, false, MGMT_SETTING_SIZE },
3254 { set_dev_class, false, MGMT_SET_DEV_CLASS_SIZE },
3255 { set_local_name, false, MGMT_SET_LOCAL_NAME_SIZE },
3256 { add_uuid, false, MGMT_ADD_UUID_SIZE },
3257 { remove_uuid, false, MGMT_REMOVE_UUID_SIZE },
3258 { load_link_keys, true, MGMT_LOAD_LINK_KEYS_SIZE },
3259 { load_long_term_keys, true, MGMT_LOAD_LONG_TERM_KEYS_SIZE },
3260 { disconnect, false, MGMT_DISCONNECT_SIZE },
3261 { get_connections, false, MGMT_GET_CONNECTIONS_SIZE },
3262 { pin_code_reply, false, MGMT_PIN_CODE_REPLY_SIZE },
3263 { pin_code_neg_reply, false, MGMT_PIN_CODE_NEG_REPLY_SIZE },
3264 { set_io_capability, false, MGMT_SET_IO_CAPABILITY_SIZE },
3265 { pair_device, false, MGMT_PAIR_DEVICE_SIZE },
3266 { cancel_pair_device, false, MGMT_CANCEL_PAIR_DEVICE_SIZE },
3267 { unpair_device, false, MGMT_UNPAIR_DEVICE_SIZE },
3268 { user_confirm_reply, false, MGMT_USER_CONFIRM_REPLY_SIZE },
3269 { user_confirm_neg_reply, false, MGMT_USER_CONFIRM_NEG_REPLY_SIZE },
3270 { user_passkey_reply, false, MGMT_USER_PASSKEY_REPLY_SIZE },
3271 { user_passkey_neg_reply, false, MGMT_USER_PASSKEY_NEG_REPLY_SIZE },
3272 { read_local_oob_data, false, MGMT_READ_LOCAL_OOB_DATA_SIZE },
3273 { add_remote_oob_data, false, MGMT_ADD_REMOTE_OOB_DATA_SIZE },
3274 { remove_remote_oob_data, false, MGMT_REMOVE_REMOTE_OOB_DATA_SIZE },
3275 { start_discovery, false, MGMT_START_DISCOVERY_SIZE },
3276 { stop_discovery, false, MGMT_STOP_DISCOVERY_SIZE },
3277 { confirm_name, false, MGMT_CONFIRM_NAME_SIZE },
3278 { block_device, false, MGMT_BLOCK_DEVICE_SIZE },
3279 { unblock_device, false, MGMT_UNBLOCK_DEVICE_SIZE },
cdbaccca 3280 { set_device_id, false, MGMT_SET_DEVICE_ID_SIZE },
0f4e68cf
JH		 3281};
3282
3283
0381101f
JH		 3284int mgmt_control(struct sock *sk, struct msghdr *msg, size_t msglen)
3285{
650f726d
VCG		 3286 void *buf;
3287 u8 *cp;
0381101f 3288 struct mgmt_hdr *hdr;
4e51eae9 3289 u16 opcode, index, len;
bdb6d971 3290 struct hci_dev *hdev = NULL;
2e3c35ea 3291 const struct mgmt_handler *handler;
0381101f
JH		 3292 int err;
3293
3294 BT_DBG("got %zu bytes", msglen);
3295
3296 if (msglen < sizeof(*hdr))
3297 return -EINVAL;
3298
e63a15ec 3299 buf = kmalloc(msglen, GFP_KERNEL);
0381101f
JH		 3300 if (!buf)
3301 return -ENOMEM;
3302
3303 if (memcpy_fromiovec(buf, msg->msg_iov, msglen)) {
3304 err = -EFAULT;
3305 goto done;
3306 }
3307
650f726d 3308 hdr = buf;
1f350c87
MH		 3309 opcode = __le16_to_cpu(hdr->opcode);
3310 index = __le16_to_cpu(hdr->index);
3311 len = __le16_to_cpu(hdr->len);
0381101f
JH		 3312
3313 if (len != msglen - sizeof(*hdr)) {
3314 err = -EINVAL;
3315 goto done;
3316 }
3317
0f4e68cf 3318 if (index != MGMT_INDEX_NONE) {
bdb6d971
JH		 3319 hdev = hci_dev_get(index);
3320 if (!hdev) {
3321 err = cmd_status(sk, index, opcode,
04124681 3322 MGMT_STATUS_INVALID_INDEX);
bdb6d971
JH		 3323 goto done;
3324 }
3325 }
3326
0f4e68cf 3327 if (opcode >= ARRAY_SIZE(mgmt_handlers) ||
8ce8e2b5 3328 mgmt_handlers[opcode].func == NULL) {
0381101f 3329 BT_DBG("Unknown op %u", opcode);
ca69b795 3330 err = cmd_status(sk, index, opcode,
04124681 3331 MGMT_STATUS_UNKNOWN_COMMAND);
0f4e68cf
JH		 3332 goto done;
3333 }
3334
3335 if ((hdev && opcode < MGMT_OP_READ_INFO) ||
8ce8e2b5 3336 (!hdev && opcode >= MGMT_OP_READ_INFO)) {
0f4e68cf 3337 err = cmd_status(sk, index, opcode,
04124681 3338 MGMT_STATUS_INVALID_INDEX);
0f4e68cf 3339 goto done;
0381101f
JH		 3340 }
3341
be22b54e
JH		 3342 handler = &mgmt_handlers[opcode];
3343
3344 if ((handler->var_len && len < handler->data_len) ||
8ce8e2b5 3345 (!handler->var_len && len != handler->data_len)) {
be22b54e 3346 err = cmd_status(sk, index, opcode,
04124681 3347 MGMT_STATUS_INVALID_PARAMS);
be22b54e
JH		 3348 goto done;
3349 }
3350
0f4e68cf
JH		 3351 if (hdev)
3352 mgmt_init_hdev(sk, hdev);
3353
3354 cp = buf + sizeof(*hdr);
3355
be22b54e 3356 err = handler->func(sk, hdev, cp, len);
e41d8b4e
JH		 3357 if (err < 0)
3358 goto done;
3359
0381101f
JH		 3360 err = msglen;
3361
3362done:
bdb6d971
JH		 3363 if (hdev)
3364 hci_dev_put(hdev);
3365
0381101f
JH		 3366 kfree(buf);
3367 return err;
3368}
c71e97bf 3369
b24752fe
JH		 3370static void cmd_status_rsp(struct pending_cmd *cmd, void *data)
3371{
3372 u8 *status = data;
3373
3374 cmd_status(cmd->sk, cmd->index, cmd->opcode, *status);
3375 mgmt_pending_remove(cmd);
3376}
3377
744cf19e 3378int mgmt_index_added(struct hci_dev *hdev)
c71e97bf 3379{
bb4b2a9a
AE		 3380 if (!mgmt_valid_hdev(hdev))
3381 return -ENOTSUPP;
3382
744cf19e 3383 return mgmt_event(MGMT_EV_INDEX_ADDED, hdev, NULL, 0, NULL);
c71e97bf
JH		 3384}
3385
744cf19e 3386int mgmt_index_removed(struct hci_dev *hdev)
c71e97bf 3387{
5f159032 3388 u8 status = MGMT_STATUS_INVALID_INDEX;
b24752fe 3389
bb4b2a9a
AE		 3390 if (!mgmt_valid_hdev(hdev))
3391 return -ENOTSUPP;
3392
744cf19e 3393 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status);
b24752fe 3394
744cf19e 3395 return mgmt_event(MGMT_EV_INDEX_REMOVED, hdev, NULL, 0, NULL);
eec8d2bc
JH		 3396}
3397
73f22f62 3398struct cmd_lookup {
eec8d2bc 3399 struct sock *sk;
69ab39ea 3400 struct hci_dev *hdev;
90e70454 3401 u8 mgmt_status;
eec8d2bc
JH		 3402};
3403
69ab39ea 3404static void settings_rsp(struct pending_cmd *cmd, void *data)
eec8d2bc 3405{
73f22f62 3406 struct cmd_lookup *match = data;
eec8d2bc 3407
69ab39ea 3408 send_settings_rsp(cmd->sk, cmd->opcode, match->hdev);
eec8d2bc
JH		 3409
3410 list_del(&cmd->list);
3411
3412 if (match->sk == NULL) {
3413 match->sk = cmd->sk;
3414 sock_hold(match->sk);
3415 }
3416
3417 mgmt_pending_free(cmd);
c71e97bf 3418}
5add6af8 3419
890ea898 3420static void set_bredr_scan(struct hci_request *req)
7f0ae647 3421{
890ea898 3422 struct hci_dev *hdev = req->hdev;
7f0ae647
JH		 3423 u8 scan = 0;
3424
4c01f8b8
JH		 3425 /* Ensure that fast connectable is disabled. This function will
3426 * not do anything if the page scan parameters are already what
3427 * they should be.
3428 */
3429 write_fast_connectable(req, false);
3430
7f0ae647
JH		 3431 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
3432 scan |= SCAN_PAGE;
3433 if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
3434 scan |= SCAN_INQUIRY;
3435
890ea898
JH		 3436 if (scan)
3437 hci_req_add(req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
7f0ae647
JH		 3438}
3439
229ab39c
JH		 3440static void powered_complete(struct hci_dev *hdev, u8 status)
3441{
3442 struct cmd_lookup match = { NULL, hdev };
3443
3444 BT_DBG("status 0x%02x", status);
3445
3446 hci_dev_lock(hdev);
3447
3448 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
3449
3450 new_settings(hdev, match.sk);
3451
3452 hci_dev_unlock(hdev);
3453
3454 if (match.sk)
3455 sock_put(match.sk);
3456}
3457
70da6243 3458static int powered_update_hci(struct hci_dev *hdev)
5add6af8 3459{
890ea898 3460 struct hci_request req;
70da6243 3461 u8 link_sec;
5add6af8 3462
890ea898
JH		 3463 hci_req_init(&req, hdev);
3464
70da6243
JH		 3465 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags) &&
3466 !lmp_host_ssp_capable(hdev)) {
3467 u8 ssp = 1;
5e5282bb 3468
890ea898 3469 hci_req_add(&req, HCI_OP_WRITE_SSP_MODE, 1, &ssp);
70da6243 3470 }
5add6af8 3471
c73eee91
JH		 3472 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags) &&
3473 lmp_bredr_capable(hdev)) {
70da6243 3474 struct hci_cp_write_le_host_supported cp;
f0ff92fb 3475
70da6243
JH		 3476 cp.le = 1;
3477 cp.simul = lmp_le_br_capable(hdev);
3d1cbdd6 3478
70da6243
JH		 3479 /* Check first if we already have the right
3480 * host state (host features set)
3481 */
3482 if (cp.le != lmp_host_le_capable(hdev) ||
3483 cp.simul != lmp_host_le_br_capable(hdev))
890ea898
JH		 3484 hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED,
3485 sizeof(cp), &cp);
70da6243 3486 }
3d1cbdd6 3487
70da6243
JH		 3488 link_sec = test_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
3489 if (link_sec != test_bit(HCI_AUTH, &hdev->flags))
890ea898
JH		 3490 hci_req_add(&req, HCI_OP_WRITE_AUTH_ENABLE,
3491 sizeof(link_sec), &link_sec);
562fcc24 3492
70da6243 3493 if (lmp_bredr_capable(hdev)) {
890ea898
JH		 3494 set_bredr_scan(&req);
3495 update_class(&req);
13928971 3496 update_name(&req);
890ea898 3497 update_eir(&req);
70da6243 3498 }
562fcc24 3499
229ab39c 3500 return hci_req_run(&req, powered_complete);
70da6243 3501}
562fcc24 3502
70da6243
JH		 3503int mgmt_powered(struct hci_dev *hdev, u8 powered)
3504{
3505 struct cmd_lookup match = { NULL, hdev };
229ab39c
JH		 3506 u8 status_not_powered = MGMT_STATUS_NOT_POWERED;
3507 u8 zero_cod[] = { 0, 0, 0 };
70da6243 3508 int err;
f0ff92fb 3509
70da6243
JH		 3510 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
3511 return 0;
3512
70da6243 3513 if (powered) {
229ab39c
JH		 3514 if (powered_update_hci(hdev) == 0)
3515 return 0;
fe038884 3516
229ab39c
JH		 3517 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp,
3518 &match);
3519 goto new_settings;
b24752fe
JH		 3520 }
3521
229ab39c
JH		 3522 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
3523 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status_not_powered);
3524
3525 if (memcmp(hdev->dev_class, zero_cod, sizeof(zero_cod)) != 0)
3526 mgmt_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev,
3527 zero_cod, sizeof(zero_cod), NULL);
3528
3529new_settings:
beadb2bd 3530 err = new_settings(hdev, match.sk);
eec8d2bc
JH		 3531
3532 if (match.sk)
3533 sock_put(match.sk);
3534
7bb895d6 3535 return err;
5add6af8 3536}
73f22f62 3537
96570ffc
JH		 3538int mgmt_set_powered_failed(struct hci_dev *hdev, int err)
3539{
3540 struct pending_cmd *cmd;
3541 u8 status;
3542
3543 cmd = mgmt_pending_find(MGMT_OP_SET_POWERED, hdev);
3544 if (!cmd)
3545 return -ENOENT;
3546
3547 if (err == -ERFKILL)
3548 status = MGMT_STATUS_RFKILLED;
3549 else
3550 status = MGMT_STATUS_FAILED;
3551
3552 err = cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_POWERED, status);
3553
3554 mgmt_pending_remove(cmd);
3555
3556 return err;
3557}
3558
744cf19e 3559int mgmt_discoverable(struct hci_dev *hdev, u8 discoverable)
73f22f62 3560{
76a7f3a4 3561 struct cmd_lookup match = { NULL, hdev };
5e5282bb
JH		 3562 bool changed = false;
3563 int err = 0;
73f22f62 3564
5e5282bb
JH		 3565 if (discoverable) {
3566 if (!test_and_set_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
3567 changed = true;
3568 } else {
3569 if (test_and_clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
3570 changed = true;
3571 }
73f22f62 3572
ed9b5f2f 3573 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, hdev, settings_rsp,
04124681 3574 &match);
ed9b5f2f 3575
beadb2bd
JH		 3576 if (changed)
3577 err = new_settings(hdev, match.sk);
5e5282bb 3578
73f22f62
JH		 3579 if (match.sk)
3580 sock_put(match.sk);
3581
7bb895d6 3582 return err;
73f22f62 3583}
9fbcbb45 3584
744cf19e 3585int mgmt_connectable(struct hci_dev *hdev, u8 connectable)
9fbcbb45 3586{
2b76f453 3587 struct pending_cmd *cmd;
5e5282bb
JH		 3588 bool changed = false;
3589 int err = 0;
9fbcbb45 3590
5e5282bb
JH		 3591 if (connectable) {
3592 if (!test_and_set_bit(HCI_CONNECTABLE, &hdev->dev_flags))
3593 changed = true;
3594 } else {
3595 if (test_and_clear_bit(HCI_CONNECTABLE, &hdev->dev_flags))
3596 changed = true;
3597 }
9fbcbb45 3598
2b76f453 3599 cmd = mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
ed9b5f2f 3600
beadb2bd 3601 if (changed)
2b76f453 3602 err = new_settings(hdev, cmd ? cmd->sk : NULL);
9fbcbb45 3603
7bb895d6 3604 return err;
9fbcbb45 3605}
55ed8ca1 3606
744cf19e 3607int mgmt_write_scan_failed(struct hci_dev *hdev, u8 scan, u8 status)
2d7cee58 3608{
ca69b795
JH		 3609 u8 mgmt_err = mgmt_status(status);
3610
2d7cee58 3611 if (scan & SCAN_PAGE)
744cf19e 3612 mgmt_pending_foreach(MGMT_OP_SET_CONNECTABLE, hdev,
04124681 3613 cmd_status_rsp, &mgmt_err);
2d7cee58
JH		 3614
3615 if (scan & SCAN_INQUIRY)
744cf19e 3616 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, hdev,
04124681 3617 cmd_status_rsp, &mgmt_err);
2d7cee58
JH		 3618
3619 return 0;
3620}
3621
53168e5b
CC		 3622int mgmt_new_link_key(struct hci_dev *hdev, struct link_key *key,
3623 bool persistent)
55ed8ca1 3624{
86742e1e 3625 struct mgmt_ev_new_link_key ev;
55ed8ca1 3626
a492cd52 3627 memset(&ev, 0, sizeof(ev));
55ed8ca1 3628
a492cd52 3629 ev.store_hint = persistent;
d753fdc4 3630 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
591f47f3 3631 ev.key.addr.type = BDADDR_BREDR;
a492cd52 3632 ev.key.type = key->type;
9b3b4460 3633 memcpy(ev.key.val, key->val, HCI_LINK_KEY_SIZE);
a492cd52 3634 ev.key.pin_len = key->pin_len;
55ed8ca1 3635
744cf19e 3636 return mgmt_event(MGMT_EV_NEW_LINK_KEY, hdev, &ev, sizeof(ev), NULL);
55ed8ca1 3637}
f7520543 3638
346af67b
VCG		 3639int mgmt_new_ltk(struct hci_dev *hdev, struct smp_ltk *key, u8 persistent)
3640{
3641 struct mgmt_ev_new_long_term_key ev;
3642
3643 memset(&ev, 0, sizeof(ev));
3644
3645 ev.store_hint = persistent;
3646 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
57c1477c 3647 ev.key.addr.type = link_to_bdaddr(LE_LINK, key->bdaddr_type);
346af67b
VCG		 3648 ev.key.authenticated = key->authenticated;
3649 ev.key.enc_size = key->enc_size;
3650 ev.key.ediv = key->ediv;
3651
3652 if (key->type == HCI_SMP_LTK)
3653 ev.key.master = 1;
3654
3655 memcpy(ev.key.rand, key->rand, sizeof(key->rand));
3656 memcpy(ev.key.val, key->val, sizeof(key->val));
3657
04124681
GP		 3658 return mgmt_event(MGMT_EV_NEW_LONG_TERM_KEY, hdev, &ev, sizeof(ev),
3659 NULL);
346af67b
VCG		 3660}
3661
afc747a6 3662int mgmt_device_connected(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
04124681
GP		 3663 u8 addr_type, u32 flags, u8 *name, u8 name_len,
3664 u8 *dev_class)
f7520543 3665{
b644ba33
JH		 3666 char buf[512];
3667 struct mgmt_ev_device_connected *ev = (void *) buf;
3668 u16 eir_len = 0;
f7520543 3669
b644ba33 3670 bacpy(&ev->addr.bdaddr, bdaddr);
57c1477c 3671 ev->addr.type = link_to_bdaddr(link_type, addr_type);
f7520543 3672
c95f0ba7 3673 ev->flags = __cpu_to_le32(flags);
08c79b61 3674
b644ba33
JH		 3675 if (name_len > 0)
3676 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE,
04124681 3677 name, name_len);
b644ba33
JH		 3678
3679 if (dev_class && memcmp(dev_class, "\0\0\0", 3) != 0)
53156385 3680 eir_len = eir_append_data(ev->eir, eir_len,
04124681 3681 EIR_CLASS_OF_DEV, dev_class, 3);
b644ba33 3682
eb55ef07 3683 ev->eir_len = cpu_to_le16(eir_len);
b644ba33
JH		 3684
3685 return mgmt_event(MGMT_EV_DEVICE_CONNECTED, hdev, buf,
04124681 3686 sizeof(*ev) + eir_len, NULL);
f7520543
JH		 3687}
3688
8962ee74
JH		 3689static void disconnect_rsp(struct pending_cmd *cmd, void *data)
3690{
c68fb7ff 3691 struct mgmt_cp_disconnect *cp = cmd->param;
8962ee74 3692 struct sock **sk = data;
a38528f1 3693 struct mgmt_rp_disconnect rp;
8962ee74 3694
88c3df13
JH		 3695 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
3696 rp.addr.type = cp->addr.type;
8962ee74 3697
aee9b218 3698 cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT, 0, &rp,
04124681 3699 sizeof(rp));
8962ee74
JH		 3700
3701 *sk = cmd->sk;
3702 sock_hold(*sk);
3703
a664b5bc 3704 mgmt_pending_remove(cmd);
8962ee74
JH		 3705}
3706
124f6e35 3707static void unpair_device_rsp(struct pending_cmd *cmd, void *data)
a8a1d19e 3708{
b1078ad0 3709 struct hci_dev *hdev = data;
124f6e35
JH		 3710 struct mgmt_cp_unpair_device *cp = cmd->param;
3711 struct mgmt_rp_unpair_device rp;
a8a1d19e
JH		 3712
3713 memset(&rp, 0, sizeof(rp));
124f6e35
JH		 3714 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
3715 rp.addr.type = cp->addr.type;
a8a1d19e 3716
b1078ad0
JH		 3717 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, cmd->sk);
3718
aee9b218 3719 cmd_complete(cmd->sk, cmd->index, cmd->opcode, 0, &rp, sizeof(rp));
a8a1d19e
JH		 3720
3721 mgmt_pending_remove(cmd);
3722}
3723
afc747a6 3724int mgmt_device_disconnected(struct hci_dev *hdev, bdaddr_t *bdaddr,
f0d6a0ea 3725 u8 link_type, u8 addr_type, u8 reason)
f7520543 3726{
f0d6a0ea 3727 struct mgmt_ev_device_disconnected ev;
8962ee74
JH		 3728 struct sock *sk = NULL;
3729 int err;
3730
744cf19e 3731 mgmt_pending_foreach(MGMT_OP_DISCONNECT, hdev, disconnect_rsp, &sk);
f7520543 3732
f0d6a0ea
MA		 3733 bacpy(&ev.addr.bdaddr, bdaddr);
3734 ev.addr.type = link_to_bdaddr(link_type, addr_type);
3735 ev.reason = reason;
f7520543 3736
afc747a6 3737 err = mgmt_event(MGMT_EV_DEVICE_DISCONNECTED, hdev, &ev, sizeof(ev),
04124681 3738 sk);
8962ee74
JH		 3739
3740 if (sk)
d97dcb66 3741 sock_put(sk);
8962ee74 3742
124f6e35 3743 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
04124681 3744 hdev);
a8a1d19e 3745
8962ee74
JH		 3746 return err;
3747}
3748
88c3df13 3749int mgmt_disconnect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 3750 u8 link_type, u8 addr_type, u8 status)
8962ee74 3751{
88c3df13 3752 struct mgmt_rp_disconnect rp;
8962ee74
JH		 3753 struct pending_cmd *cmd;
3754 int err;
3755
36a75f1b
JD		 3756 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
3757 hdev);
3758
2e58ef3e 3759 cmd = mgmt_pending_find(MGMT_OP_DISCONNECT, hdev);
8962ee74
JH		 3760 if (!cmd)
3761 return -ENOENT;
3762
88c3df13 3763 bacpy(&rp.addr.bdaddr, bdaddr);
57c1477c 3764 rp.addr.type = link_to_bdaddr(link_type, addr_type);
37d9ef76 3765
88c3df13 3766 err = cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT,
04124681 3767 mgmt_status(status), &rp, sizeof(rp));
8962ee74 3768
a664b5bc 3769 mgmt_pending_remove(cmd);
8962ee74
JH		 3770
3771 return err;
f7520543 3772}
17d5c04c 3773
48264f06 3774int mgmt_connect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
04124681 3775 u8 addr_type, u8 status)
17d5c04c
JH		 3776{
3777 struct mgmt_ev_connect_failed ev;
3778
4c659c39 3779 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 3780 ev.addr.type = link_to_bdaddr(link_type, addr_type);
ca69b795 3781 ev.status = mgmt_status(status);
17d5c04c 3782
744cf19e 3783 return mgmt_event(MGMT_EV_CONNECT_FAILED, hdev, &ev, sizeof(ev), NULL);
17d5c04c 3784}
980e1a53 3785
744cf19e 3786int mgmt_pin_code_request(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 secure)
980e1a53
JH		 3787{
3788 struct mgmt_ev_pin_code_request ev;
3789
d8457698 3790 bacpy(&ev.addr.bdaddr, bdaddr);
591f47f3 3791 ev.addr.type = BDADDR_BREDR;
a770bb5a 3792 ev.secure = secure;
980e1a53 3793
744cf19e 3794 return mgmt_event(MGMT_EV_PIN_CODE_REQUEST, hdev, &ev, sizeof(ev),
04124681 3795 NULL);
980e1a53
JH		 3796}
3797
744cf19e 3798int mgmt_pin_code_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 3799 u8 status)
980e1a53
JH		 3800{
3801 struct pending_cmd *cmd;
ac56fb13 3802 struct mgmt_rp_pin_code_reply rp;
980e1a53
JH		 3803 int err;
3804
2e58ef3e 3805 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_REPLY, hdev);
980e1a53
JH		 3806 if (!cmd)
3807 return -ENOENT;
3808
d8457698 3809 bacpy(&rp.addr.bdaddr, bdaddr);
591f47f3 3810 rp.addr.type = BDADDR_BREDR;
ac56fb13 3811
aee9b218 3812 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
04124681 3813 mgmt_status(status), &rp, sizeof(rp));
980e1a53 3814
a664b5bc 3815 mgmt_pending_remove(cmd);
980e1a53
JH		 3816
3817 return err;
3818}
3819
744cf19e 3820int mgmt_pin_code_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 3821 u8 status)
980e1a53
JH		 3822{
3823 struct pending_cmd *cmd;
ac56fb13 3824 struct mgmt_rp_pin_code_reply rp;
980e1a53
JH		 3825 int err;
3826
2e58ef3e 3827 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_NEG_REPLY, hdev);
980e1a53
JH		 3828 if (!cmd)
3829 return -ENOENT;
3830
d8457698 3831 bacpy(&rp.addr.bdaddr, bdaddr);
591f47f3 3832 rp.addr.type = BDADDR_BREDR;
ac56fb13 3833
aee9b218 3834 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_NEG_REPLY,
04124681 3835 mgmt_status(status), &rp, sizeof(rp));
980e1a53 3836
a664b5bc 3837 mgmt_pending_remove(cmd);
980e1a53
JH		 3838
3839 return err;
3840}
a5c29683 3841
744cf19e 3842int mgmt_user_confirm_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681
GP		 3843 u8 link_type, u8 addr_type, __le32 value,
3844 u8 confirm_hint)
a5c29683
JH		 3845{
3846 struct mgmt_ev_user_confirm_request ev;
3847
744cf19e 3848 BT_DBG("%s", hdev->name);
a5c29683 3849
272d90df 3850 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 3851 ev.addr.type = link_to_bdaddr(link_type, addr_type);
55bc1a37 3852 ev.confirm_hint = confirm_hint;
78e8098e 3853 ev.value = value;
a5c29683 3854
744cf19e 3855 return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST, hdev, &ev, sizeof(ev),
04124681 3856 NULL);
a5c29683
JH		 3857}
3858
272d90df 3859int mgmt_user_passkey_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
8ce8e2b5 3860 u8 link_type, u8 addr_type)
604086b7
BG		 3861{
3862 struct mgmt_ev_user_passkey_request ev;
3863
3864 BT_DBG("%s", hdev->name);
3865
272d90df 3866 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 3867 ev.addr.type = link_to_bdaddr(link_type, addr_type);
604086b7
BG		 3868
3869 return mgmt_event(MGMT_EV_USER_PASSKEY_REQUEST, hdev, &ev, sizeof(ev),
04124681 3870 NULL);
604086b7
BG		 3871}
3872
0df4c185 3873static int user_pairing_resp_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
8ce8e2b5
GP		 3874 u8 link_type, u8 addr_type, u8 status,
3875 u8 opcode)
a5c29683
JH		 3876{
3877 struct pending_cmd *cmd;
3878 struct mgmt_rp_user_confirm_reply rp;
3879 int err;
3880
2e58ef3e 3881 cmd = mgmt_pending_find(opcode, hdev);
a5c29683
JH		 3882 if (!cmd)
3883 return -ENOENT;
3884
272d90df 3885 bacpy(&rp.addr.bdaddr, bdaddr);
57c1477c 3886 rp.addr.type = link_to_bdaddr(link_type, addr_type);
aee9b218 3887 err = cmd_complete(cmd->sk, hdev->id, opcode, mgmt_status(status),
04124681 3888 &rp, sizeof(rp));
a5c29683 3889
a664b5bc 3890 mgmt_pending_remove(cmd);
a5c29683
JH		 3891
3892 return err;
3893}
3894
744cf19e 3895int mgmt_user_confirm_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 3896 u8 link_type, u8 addr_type, u8 status)
a5c29683 3897{
272d90df 3898 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
04124681 3899 status, MGMT_OP_USER_CONFIRM_REPLY);
a5c29683
JH		 3900}
3901
272d90df 3902int mgmt_user_confirm_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 3903 u8 link_type, u8 addr_type, u8 status)
a5c29683 3904{
272d90df 3905 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
8fc9ced3
GP		 3906 status,
3907 MGMT_OP_USER_CONFIRM_NEG_REPLY);
a5c29683 3908}
2a611692 3909
604086b7 3910int mgmt_user_passkey_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 3911 u8 link_type, u8 addr_type, u8 status)
604086b7 3912{
272d90df 3913 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
04124681 3914 status, MGMT_OP_USER_PASSKEY_REPLY);
604086b7
BG		 3915}
3916
272d90df 3917int mgmt_user_passkey_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 3918 u8 link_type, u8 addr_type, u8 status)
604086b7 3919{
272d90df 3920 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
8fc9ced3
GP		 3921 status,
3922 MGMT_OP_USER_PASSKEY_NEG_REPLY);
604086b7
BG		 3923}
3924
92a25256
JH		 3925int mgmt_user_passkey_notify(struct hci_dev *hdev, bdaddr_t *bdaddr,
3926 u8 link_type, u8 addr_type, u32 passkey,
3927 u8 entered)
3928{
3929 struct mgmt_ev_passkey_notify ev;
3930
3931 BT_DBG("%s", hdev->name);
3932
3933 bacpy(&ev.addr.bdaddr, bdaddr);
3934 ev.addr.type = link_to_bdaddr(link_type, addr_type);
3935 ev.passkey = __cpu_to_le32(passkey);
3936 ev.entered = entered;
3937
3938 return mgmt_event(MGMT_EV_PASSKEY_NOTIFY, hdev, &ev, sizeof(ev), NULL);
3939}
3940
bab73cb6 3941int mgmt_auth_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
04124681 3942 u8 addr_type, u8 status)
2a611692
JH		 3943{
3944 struct mgmt_ev_auth_failed ev;
3945
bab73cb6 3946 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 3947 ev.addr.type = link_to_bdaddr(link_type, addr_type);
ca69b795 3948 ev.status = mgmt_status(status);
2a611692 3949
744cf19e 3950 return mgmt_event(MGMT_EV_AUTH_FAILED, hdev, &ev, sizeof(ev), NULL);
2a611692 3951}
b312b161 3952
33ef95ed
JH		 3953int mgmt_auth_enable_complete(struct hci_dev *hdev, u8 status)
3954{
3955 struct cmd_lookup match = { NULL, hdev };
47990ea0
JH		 3956 bool changed = false;
3957 int err = 0;
33ef95ed
JH		 3958
3959 if (status) {
3960 u8 mgmt_err = mgmt_status(status);
3961 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev,
04124681 3962 cmd_status_rsp, &mgmt_err);
33ef95ed
JH		 3963 return 0;
3964 }
3965
47990ea0
JH		 3966 if (test_bit(HCI_AUTH, &hdev->flags)) {
3967 if (!test_and_set_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
3968 changed = true;
3969 } else {
3970 if (test_and_clear_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
3971 changed = true;
3972 }
3973
33ef95ed 3974 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev, settings_rsp,
04124681 3975 &match);
33ef95ed 3976
47990ea0
JH		 3977 if (changed)
3978 err = new_settings(hdev, match.sk);
33ef95ed
JH		 3979
3980 if (match.sk)
3981 sock_put(match.sk);
3982
3983 return err;
3984}
3985
890ea898 3986static void clear_eir(struct hci_request *req)
cacaf52f 3987{
890ea898 3988 struct hci_dev *hdev = req->hdev;
cacaf52f
JH		 3989 struct hci_cp_write_eir cp;
3990
976eb20e 3991 if (!lmp_ext_inq_capable(hdev))
890ea898 3992 return;
cacaf52f 3993
c80da27e
JH		 3994 memset(hdev->eir, 0, sizeof(hdev->eir));
3995
cacaf52f
JH		 3996 memset(&cp, 0, sizeof(cp));
3997
890ea898 3998 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
cacaf52f
JH		 3999}
4000
c0ecddc2 4001int mgmt_ssp_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
ed2c4ee3
JH		 4002{
4003 struct cmd_lookup match = { NULL, hdev };
890ea898 4004 struct hci_request req;
c0ecddc2
JH		 4005 bool changed = false;
4006 int err = 0;
ed2c4ee3
JH		 4007
4008 if (status) {
4009 u8 mgmt_err = mgmt_status(status);
c0ecddc2
JH		 4010
4011 if (enable && test_and_clear_bit(HCI_SSP_ENABLED,
04124681 4012 &hdev->dev_flags))
c0ecddc2
JH		 4013 err = new_settings(hdev, NULL);
4014
04124681
GP		 4015 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, cmd_status_rsp,
4016 &mgmt_err);
c0ecddc2
JH		 4017
4018 return err;
4019 }
4020
4021 if (enable) {
4022 if (!test_and_set_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
4023 changed = true;
4024 } else {
4025 if (test_and_clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
4026 changed = true;
ed2c4ee3
JH		 4027 }
4028
4029 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, settings_rsp, &match);
4030
c0ecddc2
JH		 4031 if (changed)
4032 err = new_settings(hdev, match.sk);
ed2c4ee3 4033
5fc6ebb1 4034 if (match.sk)
ed2c4ee3
JH		 4035 sock_put(match.sk);
4036
890ea898
JH		 4037 hci_req_init(&req, hdev);
4038
5fc6ebb1 4039 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
890ea898 4040 update_eir(&req);
5fc6ebb1 4041 else
890ea898
JH		 4042 clear_eir(&req);
4043
4044 hci_req_run(&req, NULL);
cacaf52f 4045
ed2c4ee3
JH		 4046 return err;
4047}
4048
92da6097 4049static void sk_lookup(struct pending_cmd *cmd, void *data)
90e70454
JH		 4050{
4051 struct cmd_lookup *match = data;
4052
90e70454
JH		 4053 if (match->sk == NULL) {
4054 match->sk = cmd->sk;
4055 sock_hold(match->sk);
4056 }
90e70454
JH		 4057}
4058
7f9a903c 4059int mgmt_set_class_of_dev_complete(struct hci_dev *hdev, u8 *dev_class,
04124681 4060 u8 status)
7f9a903c 4061{
90e70454
JH		 4062 struct cmd_lookup match = { NULL, hdev, mgmt_status(status) };
4063 int err = 0;
7f9a903c 4064
92da6097
JH		 4065 mgmt_pending_foreach(MGMT_OP_SET_DEV_CLASS, hdev, sk_lookup, &match);
4066 mgmt_pending_foreach(MGMT_OP_ADD_UUID, hdev, sk_lookup, &match);
4067 mgmt_pending_foreach(MGMT_OP_REMOVE_UUID, hdev, sk_lookup, &match);
90e70454
JH		 4068
4069 if (!status)
04124681
GP		 4070 err = mgmt_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev, dev_class,
4071 3, NULL);
90e70454
JH		 4072
4073 if (match.sk)
4074 sock_put(match.sk);
7f9a903c
MH		 4075
4076 return err;
4077}
4078
744cf19e 4079int mgmt_set_local_name_complete(struct hci_dev *hdev, u8 *name, u8 status)
b312b161 4080{
b312b161 4081 struct mgmt_cp_set_local_name ev;
13928971 4082 struct pending_cmd *cmd;
28cc7bde 4083
13928971
JH		 4084 if (status)
4085 return 0;
b312b161
JH		 4086
4087 memset(&ev, 0, sizeof(ev));
4088 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH);
28cc7bde 4089 memcpy(ev.short_name, hdev->short_name, HCI_MAX_SHORT_NAME_LENGTH);
b312b161 4090
2e58ef3e 4091 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
13928971
JH		 4092 if (!cmd) {
4093 memcpy(hdev->dev_name, name, sizeof(hdev->dev_name));
28cc7bde 4094
13928971
JH		 4095 /* If this is a HCI command related to powering on the
4096 * HCI dev don't send any mgmt signals.
4097 */
4098 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev))
4099 return 0;
890ea898 4100 }
b312b161 4101
13928971
JH		 4102 return mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, &ev, sizeof(ev),
4103 cmd ? cmd->sk : NULL);
b312b161 4104}
c35938b2 4105
744cf19e 4106int mgmt_read_local_oob_data_reply_complete(struct hci_dev *hdev, u8 *hash,
04124681 4107 u8 *randomizer, u8 status)
c35938b2
SJ		 4108{
4109 struct pending_cmd *cmd;
4110 int err;
4111
744cf19e 4112 BT_DBG("%s status %u", hdev->name, status);
c35938b2 4113
2e58ef3e 4114 cmd = mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev);
c35938b2
SJ		 4115 if (!cmd)
4116 return -ENOENT;
4117
4118 if (status) {
04124681
GP		 4119 err = cmd_status(cmd->sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
4120 mgmt_status(status));
c35938b2
SJ		 4121 } else {
4122 struct mgmt_rp_read_local_oob_data rp;
4123
4124 memcpy(rp.hash, hash, sizeof(rp.hash));
4125 memcpy(rp.randomizer, randomizer, sizeof(rp.randomizer));
4126
744cf19e 4127 err = cmd_complete(cmd->sk, hdev->id,
04124681
GP		 4128 MGMT_OP_READ_LOCAL_OOB_DATA, 0, &rp,
4129 sizeof(rp));
c35938b2
SJ		 4130 }
4131
4132 mgmt_pending_remove(cmd);
4133
4134 return err;
4135}
e17acd40 4136
06199cf8
JH		 4137int mgmt_le_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
4138{
4139 struct cmd_lookup match = { NULL, hdev };
4140 bool changed = false;
4141 int err = 0;
4142
4143 if (status) {
4144 u8 mgmt_err = mgmt_status(status);
4145
4146 if (enable && test_and_clear_bit(HCI_LE_ENABLED,
04124681 4147 &hdev->dev_flags))
d97dcb66 4148 err = new_settings(hdev, NULL);
06199cf8 4149
d97dcb66
SJ		 4150 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, cmd_status_rsp,
4151 &mgmt_err);
06199cf8
JH		 4152
4153 return err;
4154 }
4155
4156 if (enable) {
4157 if (!test_and_set_bit(HCI_LE_ENABLED, &hdev->dev_flags))
4158 changed = true;
4159 } else {
4160 if (test_and_clear_bit(HCI_LE_ENABLED, &hdev->dev_flags))
4161 changed = true;
4162 }
4163
4164 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, settings_rsp, &match);
4165
4166 if (changed)
4167 err = new_settings(hdev, match.sk);
4168
4169 if (match.sk)
4170 sock_put(match.sk);
4171
4172 return err;
4173}
4174
48264f06 4175int mgmt_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
04124681
GP		 4176 u8 addr_type, u8 *dev_class, s8 rssi, u8 cfm_name, u8
4177 ssp, u8 *eir, u16 eir_len)
e17acd40 4178{
e319d2e7
JH		 4179 char buf[512];
4180 struct mgmt_ev_device_found *ev = (void *) buf;
1dc06093 4181 size_t ev_size;
e17acd40 4182
1dc06093
JH		 4183 /* Leave 5 bytes for a potential CoD field */
4184 if (sizeof(*ev) + eir_len + 5 > sizeof(buf))
7d262f86
AG		 4185 return -EINVAL;
4186
1dc06093
JH		 4187 memset(buf, 0, sizeof(buf));
4188
e319d2e7 4189 bacpy(&ev->addr.bdaddr, bdaddr);
57c1477c 4190 ev->addr.type = link_to_bdaddr(link_type, addr_type);
e319d2e7 4191 ev->rssi = rssi;
9a395a80 4192 if (cfm_name)
612dfce9 4193 ev->flags |= __constant_cpu_to_le32(MGMT_DEV_FOUND_CONFIRM_NAME);
388fc8fa 4194 if (!ssp)
612dfce9 4195 ev->flags |= __constant_cpu_to_le32(MGMT_DEV_FOUND_LEGACY_PAIRING);
e17acd40 4196
1dc06093 4197 if (eir_len > 0)
e319d2e7 4198 memcpy(ev->eir, eir, eir_len);
e17acd40 4199
1dc06093
JH		 4200 if (dev_class && !eir_has_data_type(ev->eir, eir_len, EIR_CLASS_OF_DEV))
4201 eir_len = eir_append_data(ev->eir, eir_len, EIR_CLASS_OF_DEV,
04124681 4202 dev_class, 3);
1dc06093 4203
eb55ef07 4204 ev->eir_len = cpu_to_le16(eir_len);
1dc06093 4205 ev_size = sizeof(*ev) + eir_len;
f8523598 4206
e319d2e7 4207 return mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, ev_size, NULL);
e17acd40 4208}
a88a9652 4209
b644ba33 4210int mgmt_remote_name(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
04124681 4211 u8 addr_type, s8 rssi, u8 *name, u8 name_len)
a88a9652 4212{
b644ba33
JH		 4213 struct mgmt_ev_device_found *ev;
4214 char buf[sizeof(*ev) + HCI_MAX_NAME_LENGTH + 2];
4215 u16 eir_len;
a88a9652 4216
b644ba33 4217 ev = (struct mgmt_ev_device_found *) buf;
a88a9652 4218
b644ba33
JH		 4219 memset(buf, 0, sizeof(buf));
4220
4221 bacpy(&ev->addr.bdaddr, bdaddr);
57c1477c 4222 ev->addr.type = link_to_bdaddr(link_type, addr_type);
b644ba33
JH		 4223 ev->rssi = rssi;
4224
4225 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE, name,
04124681 4226 name_len);
b644ba33 4227
eb55ef07 4228 ev->eir_len = cpu_to_le16(eir_len);
a88a9652 4229
053c7e0c 4230 return mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev,
04124681 4231 sizeof(*ev) + eir_len, NULL);
a88a9652 4232}
314b2381 4233
744cf19e 4234int mgmt_discovering(struct hci_dev *hdev, u8 discovering)
314b2381 4235{
f963e8e9 4236 struct mgmt_ev_discovering ev;
164a6e78
JH		 4237 struct pending_cmd *cmd;
4238
343fb145
AG		 4239 BT_DBG("%s discovering %u", hdev->name, discovering);
4240
164a6e78 4241 if (discovering)
2e58ef3e 4242 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
164a6e78 4243 else
2e58ef3e 4244 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
164a6e78
JH		 4245
4246 if (cmd != NULL) {
f808e166
JH		 4247 u8 type = hdev->discovery.type;
4248
04124681
GP		 4249 cmd_complete(cmd->sk, hdev->id, cmd->opcode, 0, &type,
4250 sizeof(type));
164a6e78
JH		 4251 mgmt_pending_remove(cmd);
4252 }
4253
f963e8e9
JH		 4254 memset(&ev, 0, sizeof(ev));
4255 ev.type = hdev->discovery.type;
4256 ev.discovering = discovering;
4257
4258 return mgmt_event(MGMT_EV_DISCOVERING, hdev, &ev, sizeof(ev), NULL);
314b2381 4259}
5e762444 4260
88c1fe4b 4261int mgmt_device_blocked(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
5e762444
AJ		 4262{
4263 struct pending_cmd *cmd;
4264 struct mgmt_ev_device_blocked ev;
4265
2e58ef3e 4266 cmd = mgmt_pending_find(MGMT_OP_BLOCK_DEVICE, hdev);
5e762444 4267
88c1fe4b
JH		 4268 bacpy(&ev.addr.bdaddr, bdaddr);
4269 ev.addr.type = type;
5e762444 4270
744cf19e 4271 return mgmt_event(MGMT_EV_DEVICE_BLOCKED, hdev, &ev, sizeof(ev),
04124681 4272 cmd ? cmd->sk : NULL);
5e762444
AJ		 4273}
4274
88c1fe4b 4275int mgmt_device_unblocked(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
5e762444
AJ		 4276{
4277 struct pending_cmd *cmd;
4278 struct mgmt_ev_device_unblocked ev;
4279
2e58ef3e 4280 cmd = mgmt_pending_find(MGMT_OP_UNBLOCK_DEVICE, hdev);
5e762444 4281
88c1fe4b
JH		 4282 bacpy(&ev.addr.bdaddr, bdaddr);
4283 ev.addr.type = type;
5e762444 4284
744cf19e 4285 return mgmt_event(MGMT_EV_DEVICE_UNBLOCKED, hdev, &ev, sizeof(ev),
04124681 4286 cmd ? cmd->sk : NULL);
5e762444 4287}
d7b7e796
MH		 4288
4289module_param(enable_hs, bool, 0644);
4290MODULE_PARM_DESC(enable_hs, "Enable High Speed support");
Linux kernel - Deliverables
This page took 0.481004 seconds and 5 git commands to generate.