projects / deliverable / linux.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Bluetooth: Restrict disabling of HS when controller is powered off
[deliverable/linux.git] / net / bluetooth / mgmt.c
CommitLineData
0381101f
JH		 1/*
2 BlueZ - Bluetooth protocol stack for Linux
ea585ab5 3
0381101f 4 Copyright (C) 2010 Nokia Corporation
ea585ab5 5 Copyright (C) 2011-2012 Intel Corporation
0381101f
JH		 6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
10
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
23*/
24
25/* Bluetooth HCI Management interface */
26
3a9a231d 27#include <linux/module.h>
0381101f
JH		 28#include <asm/unaligned.h>
29
30#include <net/bluetooth/bluetooth.h>
31#include <net/bluetooth/hci_core.h>
32#include <net/bluetooth/mgmt.h>
5fe57d9e 33#include <net/bluetooth/smp.h>
0381101f 34
2da9c55c 35#define MGMT_VERSION 1
3810285c 36#define MGMT_REVISION 3
02d98129 37
e70bb2e8
JH		 38static const u16 mgmt_commands[] = {
39 MGMT_OP_READ_INDEX_LIST,
40 MGMT_OP_READ_INFO,
41 MGMT_OP_SET_POWERED,
42 MGMT_OP_SET_DISCOVERABLE,
43 MGMT_OP_SET_CONNECTABLE,
44 MGMT_OP_SET_FAST_CONNECTABLE,
45 MGMT_OP_SET_PAIRABLE,
46 MGMT_OP_SET_LINK_SECURITY,
47 MGMT_OP_SET_SSP,
48 MGMT_OP_SET_HS,
49 MGMT_OP_SET_LE,
50 MGMT_OP_SET_DEV_CLASS,
51 MGMT_OP_SET_LOCAL_NAME,
52 MGMT_OP_ADD_UUID,
53 MGMT_OP_REMOVE_UUID,
54 MGMT_OP_LOAD_LINK_KEYS,
55 MGMT_OP_LOAD_LONG_TERM_KEYS,
56 MGMT_OP_DISCONNECT,
57 MGMT_OP_GET_CONNECTIONS,
58 MGMT_OP_PIN_CODE_REPLY,
59 MGMT_OP_PIN_CODE_NEG_REPLY,
60 MGMT_OP_SET_IO_CAPABILITY,
61 MGMT_OP_PAIR_DEVICE,
62 MGMT_OP_CANCEL_PAIR_DEVICE,
63 MGMT_OP_UNPAIR_DEVICE,
64 MGMT_OP_USER_CONFIRM_REPLY,
65 MGMT_OP_USER_CONFIRM_NEG_REPLY,
66 MGMT_OP_USER_PASSKEY_REPLY,
67 MGMT_OP_USER_PASSKEY_NEG_REPLY,
68 MGMT_OP_READ_LOCAL_OOB_DATA,
69 MGMT_OP_ADD_REMOTE_OOB_DATA,
70 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
71 MGMT_OP_START_DISCOVERY,
72 MGMT_OP_STOP_DISCOVERY,
73 MGMT_OP_CONFIRM_NAME,
74 MGMT_OP_BLOCK_DEVICE,
75 MGMT_OP_UNBLOCK_DEVICE,
cdbaccca 76 MGMT_OP_SET_DEVICE_ID,
4375f103 77 MGMT_OP_SET_ADVERTISING,
0663ca2a 78 MGMT_OP_SET_BREDR,
e70bb2e8
JH		 79};
80
81static const u16 mgmt_events[] = {
82 MGMT_EV_CONTROLLER_ERROR,
83 MGMT_EV_INDEX_ADDED,
84 MGMT_EV_INDEX_REMOVED,
85 MGMT_EV_NEW_SETTINGS,
86 MGMT_EV_CLASS_OF_DEV_CHANGED,
87 MGMT_EV_LOCAL_NAME_CHANGED,
88 MGMT_EV_NEW_LINK_KEY,
89 MGMT_EV_NEW_LONG_TERM_KEY,
90 MGMT_EV_DEVICE_CONNECTED,
91 MGMT_EV_DEVICE_DISCONNECTED,
92 MGMT_EV_CONNECT_FAILED,
93 MGMT_EV_PIN_CODE_REQUEST,
94 MGMT_EV_USER_CONFIRM_REQUEST,
95 MGMT_EV_USER_PASSKEY_REQUEST,
96 MGMT_EV_AUTH_FAILED,
97 MGMT_EV_DEVICE_FOUND,
98 MGMT_EV_DISCOVERING,
99 MGMT_EV_DEVICE_BLOCKED,
100 MGMT_EV_DEVICE_UNBLOCKED,
101 MGMT_EV_DEVICE_UNPAIRED,
92a25256 102 MGMT_EV_PASSKEY_NOTIFY,
e70bb2e8
JH		 103};
104
17b02e62 105#define CACHE_TIMEOUT msecs_to_jiffies(2 * 1000)
7d78525d 106
4b34ee78
JH		 107#define hdev_is_powered(hdev) (test_bit(HCI_UP, &hdev->flags) && \
108 !test_bit(HCI_AUTO_OFF, &hdev->dev_flags))
109
eec8d2bc
JH		 110struct pending_cmd {
111 struct list_head list;
fc2f4b13 112 u16 opcode;
eec8d2bc 113 int index;
c68fb7ff 114 void *param;
eec8d2bc 115 struct sock *sk;
e9a416b5 116 void *user_data;
eec8d2bc
JH		 117};
118
ca69b795
JH		 119/* HCI to MGMT error code conversion table */
120static u8 mgmt_status_table[] = {
121 MGMT_STATUS_SUCCESS,
122 MGMT_STATUS_UNKNOWN_COMMAND, /* Unknown Command */
123 MGMT_STATUS_NOT_CONNECTED, /* No Connection */
124 MGMT_STATUS_FAILED, /* Hardware Failure */
125 MGMT_STATUS_CONNECT_FAILED, /* Page Timeout */
126 MGMT_STATUS_AUTH_FAILED, /* Authentication Failed */
127 MGMT_STATUS_NOT_PAIRED, /* PIN or Key Missing */
128 MGMT_STATUS_NO_RESOURCES, /* Memory Full */
129 MGMT_STATUS_TIMEOUT, /* Connection Timeout */
130 MGMT_STATUS_NO_RESOURCES, /* Max Number of Connections */
131 MGMT_STATUS_NO_RESOURCES, /* Max Number of SCO Connections */
132 MGMT_STATUS_ALREADY_CONNECTED, /* ACL Connection Exists */
133 MGMT_STATUS_BUSY, /* Command Disallowed */
134 MGMT_STATUS_NO_RESOURCES, /* Rejected Limited Resources */
135 MGMT_STATUS_REJECTED, /* Rejected Security */
136 MGMT_STATUS_REJECTED, /* Rejected Personal */
137 MGMT_STATUS_TIMEOUT, /* Host Timeout */
138 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Feature */
139 MGMT_STATUS_INVALID_PARAMS, /* Invalid Parameters */
140 MGMT_STATUS_DISCONNECTED, /* OE User Ended Connection */
141 MGMT_STATUS_NO_RESOURCES, /* OE Low Resources */
142 MGMT_STATUS_DISCONNECTED, /* OE Power Off */
143 MGMT_STATUS_DISCONNECTED, /* Connection Terminated */
144 MGMT_STATUS_BUSY, /* Repeated Attempts */
145 MGMT_STATUS_REJECTED, /* Pairing Not Allowed */
146 MGMT_STATUS_FAILED, /* Unknown LMP PDU */
147 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Remote Feature */
148 MGMT_STATUS_REJECTED, /* SCO Offset Rejected */
149 MGMT_STATUS_REJECTED, /* SCO Interval Rejected */
150 MGMT_STATUS_REJECTED, /* Air Mode Rejected */
151 MGMT_STATUS_INVALID_PARAMS, /* Invalid LMP Parameters */
152 MGMT_STATUS_FAILED, /* Unspecified Error */
153 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported LMP Parameter Value */
154 MGMT_STATUS_FAILED, /* Role Change Not Allowed */
155 MGMT_STATUS_TIMEOUT, /* LMP Response Timeout */
156 MGMT_STATUS_FAILED, /* LMP Error Transaction Collision */
157 MGMT_STATUS_FAILED, /* LMP PDU Not Allowed */
158 MGMT_STATUS_REJECTED, /* Encryption Mode Not Accepted */
159 MGMT_STATUS_FAILED, /* Unit Link Key Used */
160 MGMT_STATUS_NOT_SUPPORTED, /* QoS Not Supported */
161 MGMT_STATUS_TIMEOUT, /* Instant Passed */
162 MGMT_STATUS_NOT_SUPPORTED, /* Pairing Not Supported */
163 MGMT_STATUS_FAILED, /* Transaction Collision */
164 MGMT_STATUS_INVALID_PARAMS, /* Unacceptable Parameter */
165 MGMT_STATUS_REJECTED, /* QoS Rejected */
166 MGMT_STATUS_NOT_SUPPORTED, /* Classification Not Supported */
167 MGMT_STATUS_REJECTED, /* Insufficient Security */
168 MGMT_STATUS_INVALID_PARAMS, /* Parameter Out Of Range */
169 MGMT_STATUS_BUSY, /* Role Switch Pending */
170 MGMT_STATUS_FAILED, /* Slot Violation */
171 MGMT_STATUS_FAILED, /* Role Switch Failed */
172 MGMT_STATUS_INVALID_PARAMS, /* EIR Too Large */
173 MGMT_STATUS_NOT_SUPPORTED, /* Simple Pairing Not Supported */
174 MGMT_STATUS_BUSY, /* Host Busy Pairing */
175 MGMT_STATUS_REJECTED, /* Rejected, No Suitable Channel */
176 MGMT_STATUS_BUSY, /* Controller Busy */
177 MGMT_STATUS_INVALID_PARAMS, /* Unsuitable Connection Interval */
178 MGMT_STATUS_TIMEOUT, /* Directed Advertising Timeout */
179 MGMT_STATUS_AUTH_FAILED, /* Terminated Due to MIC Failure */
180 MGMT_STATUS_CONNECT_FAILED, /* Connection Establishment Failed */
181 MGMT_STATUS_CONNECT_FAILED, /* MAC Connection Failed */
182};
183
bb4b2a9a
AE		 184bool mgmt_valid_hdev(struct hci_dev *hdev)
185{
186 return hdev->dev_type == HCI_BREDR;
187}
188
ca69b795
JH		 189static u8 mgmt_status(u8 hci_status)
190{
191 if (hci_status < ARRAY_SIZE(mgmt_status_table))
192 return mgmt_status_table[hci_status];
193
194 return MGMT_STATUS_FAILED;
195}
196
4e51eae9 197static int cmd_status(struct sock *sk, u16 index, u16 cmd, u8 status)
f7b64e69
JH		 198{
199 struct sk_buff *skb;
200 struct mgmt_hdr *hdr;
201 struct mgmt_ev_cmd_status *ev;
56b7d137 202 int err;
f7b64e69 203
34eb525c 204 BT_DBG("sock %p, index %u, cmd %u, status %u", sk, index, cmd, status);
f7b64e69 205
790eff44 206 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev), GFP_KERNEL);
f7b64e69
JH		 207 if (!skb)
208 return -ENOMEM;
209
210 hdr = (void *) skb_put(skb, sizeof(*hdr));
211
612dfce9 212 hdr->opcode = __constant_cpu_to_le16(MGMT_EV_CMD_STATUS);
4e51eae9 213 hdr->index = cpu_to_le16(index);
f7b64e69
JH		 214 hdr->len = cpu_to_le16(sizeof(*ev));
215
216 ev = (void *) skb_put(skb, sizeof(*ev));
217 ev->status = status;
eb55ef07 218 ev->opcode = cpu_to_le16(cmd);
f7b64e69 219
56b7d137
GP		 220 err = sock_queue_rcv_skb(sk, skb);
221 if (err < 0)
f7b64e69
JH		 222 kfree_skb(skb);
223
56b7d137 224 return err;
f7b64e69
JH		 225}
226
aee9b218 227static int cmd_complete(struct sock *sk, u16 index, u16 cmd, u8 status,
04124681 228 void *rp, size_t rp_len)
02d98129
JH		 229{
230 struct sk_buff *skb;
231 struct mgmt_hdr *hdr;
232 struct mgmt_ev_cmd_complete *ev;
56b7d137 233 int err;
02d98129
JH		 234
235 BT_DBG("sock %p", sk);
236
790eff44 237 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev) + rp_len, GFP_KERNEL);
02d98129
JH		 238 if (!skb)
239 return -ENOMEM;
240
241 hdr = (void *) skb_put(skb, sizeof(*hdr));
02d98129 242
612dfce9 243 hdr->opcode = __constant_cpu_to_le16(MGMT_EV_CMD_COMPLETE);
4e51eae9 244 hdr->index = cpu_to_le16(index);
a38528f1 245 hdr->len = cpu_to_le16(sizeof(*ev) + rp_len);
02d98129 246
a38528f1 247 ev = (void *) skb_put(skb, sizeof(*ev) + rp_len);
eb55ef07 248 ev->opcode = cpu_to_le16(cmd);
aee9b218 249 ev->status = status;
8020c16a
SJ		 250
251 if (rp)
252 memcpy(ev->data, rp, rp_len);
02d98129 253
56b7d137
GP		 254 err = sock_queue_rcv_skb(sk, skb);
255 if (err < 0)
02d98129
JH		 256 kfree_skb(skb);
257
e5f0e151 258 return err;
02d98129
JH		 259}
260
04124681
GP		 261static int read_version(struct sock *sk, struct hci_dev *hdev, void *data,
262 u16 data_len)
a38528f1
JH		 263{
264 struct mgmt_rp_read_version rp;
265
266 BT_DBG("sock %p", sk);
267
268 rp.version = MGMT_VERSION;
eb55ef07 269 rp.revision = __constant_cpu_to_le16(MGMT_REVISION);
a38528f1 270
aee9b218 271 return cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_VERSION, 0, &rp,
04124681 272 sizeof(rp));
a38528f1
JH		 273}
274
04124681
GP		 275static int read_commands(struct sock *sk, struct hci_dev *hdev, void *data,
276 u16 data_len)
e70bb2e8
JH		 277{
278 struct mgmt_rp_read_commands *rp;
eb55ef07
MH		 279 const u16 num_commands = ARRAY_SIZE(mgmt_commands);
280 const u16 num_events = ARRAY_SIZE(mgmt_events);
2e3c35ea 281 __le16 *opcode;
e70bb2e8
JH		 282 size_t rp_size;
283 int i, err;
284
285 BT_DBG("sock %p", sk);
286
287 rp_size = sizeof(*rp) + ((num_commands + num_events) * sizeof(u16));
288
289 rp = kmalloc(rp_size, GFP_KERNEL);
290 if (!rp)
291 return -ENOMEM;
292
eb55ef07
MH		 293 rp->num_commands = __constant_cpu_to_le16(num_commands);
294 rp->num_events = __constant_cpu_to_le16(num_events);
e70bb2e8
JH		 295
296 for (i = 0, opcode = rp->opcodes; i < num_commands; i++, opcode++)
297 put_unaligned_le16(mgmt_commands[i], opcode);
298
299 for (i = 0; i < num_events; i++, opcode++)
300 put_unaligned_le16(mgmt_events[i], opcode);
301
aee9b218 302 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_COMMANDS, 0, rp,
04124681 303 rp_size);
e70bb2e8
JH		 304 kfree(rp);
305
306 return err;
307}
308
04124681
GP		 309static int read_index_list(struct sock *sk, struct hci_dev *hdev, void *data,
310 u16 data_len)
faba42eb 311{
faba42eb 312 struct mgmt_rp_read_index_list *rp;
8035ded4 313 struct hci_dev *d;
a38528f1 314 size_t rp_len;
faba42eb 315 u16 count;
476e44cb 316 int err;
faba42eb
JH		 317
318 BT_DBG("sock %p", sk);
319
320 read_lock(&hci_dev_list_lock);
321
322 count = 0;
bb4b2a9a
AE		 323 list_for_each_entry(d, &hci_dev_list, list) {
324 if (!mgmt_valid_hdev(d))
325 continue;
326
faba42eb
JH		 327 count++;
328 }
329
a38528f1
JH		 330 rp_len = sizeof(*rp) + (2 * count);
331 rp = kmalloc(rp_len, GFP_ATOMIC);
332 if (!rp) {
b2c60d42 333 read_unlock(&hci_dev_list_lock);
faba42eb 334 return -ENOMEM;
b2c60d42 335 }
faba42eb 336
476e44cb 337 count = 0;
8035ded4 338 list_for_each_entry(d, &hci_dev_list, list) {
a8b2d5c2 339 if (test_bit(HCI_SETUP, &d->dev_flags))
ab81cbf9
JH		 340 continue;
341
0736cfa8
MH		 342 if (test_bit(HCI_USER_CHANNEL, &d->dev_flags))
343 continue;
344
bb4b2a9a
AE		 345 if (!mgmt_valid_hdev(d))
346 continue;
347
476e44cb 348 rp->index[count++] = cpu_to_le16(d->id);
faba42eb
JH		 349 BT_DBG("Added hci%u", d->id);
350 }
351
476e44cb
JH		 352 rp->num_controllers = cpu_to_le16(count);
353 rp_len = sizeof(*rp) + (2 * count);
354
faba42eb
JH		 355 read_unlock(&hci_dev_list_lock);
356
aee9b218 357 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_INDEX_LIST, 0, rp,
04124681 358 rp_len);
faba42eb 359
a38528f1
JH		 360 kfree(rp);
361
362 return err;
faba42eb
JH		 363}
364
69ab39ea
JH		 365static u32 get_supported_settings(struct hci_dev *hdev)
366{
367 u32 settings = 0;
368
369 settings |= MGMT_SETTING_POWERED;
69ab39ea
JH		 370 settings |= MGMT_SETTING_PAIRABLE;
371
9a1a1996 372 if (lmp_ssp_capable(hdev))
69ab39ea
JH		 373 settings |= MGMT_SETTING_SSP;
374
ed3fa31f 375 if (lmp_bredr_capable(hdev)) {
33c525c0 376 settings |= MGMT_SETTING_CONNECTABLE;
1a47aee8
JH		 377 if (hdev->hci_ver >= BLUETOOTH_VER_1_2)
378 settings |= MGMT_SETTING_FAST_CONNECTABLE;
33c525c0 379 settings |= MGMT_SETTING_DISCOVERABLE;
69ab39ea
JH		 380 settings |= MGMT_SETTING_BREDR;
381 settings |= MGMT_SETTING_LINK_SECURITY;
d7b7e796 382 settings |= MGMT_SETTING_HS;
848566b3 383 }
d7b7e796 384
eeca6f89 385 if (lmp_le_capable(hdev)) {
9d42820f 386 settings |= MGMT_SETTING_LE;
eeca6f89
JH		 387 settings |= MGMT_SETTING_ADVERTISING;
388 }
69ab39ea
JH		 389
390 return settings;
391}
392
393static u32 get_current_settings(struct hci_dev *hdev)
394{
395 u32 settings = 0;
396
f1f0eb02 397 if (hdev_is_powered(hdev))
f0d4b78a
MH		 398 settings |= MGMT_SETTING_POWERED;
399
5e5282bb 400 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
69ab39ea
JH		 401 settings |= MGMT_SETTING_CONNECTABLE;
402
1a4d3c4b
JH		 403 if (test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags))
404 settings |= MGMT_SETTING_FAST_CONNECTABLE;
405
5e5282bb 406 if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
69ab39ea
JH		 407 settings |= MGMT_SETTING_DISCOVERABLE;
408
a8b2d5c2 409 if (test_bit(HCI_PAIRABLE, &hdev->dev_flags))
69ab39ea
JH		 410 settings |= MGMT_SETTING_PAIRABLE;
411
56f87901 412 if (test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
69ab39ea
JH		 413 settings |= MGMT_SETTING_BREDR;
414
06199cf8 415 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
69ab39ea
JH		 416 settings |= MGMT_SETTING_LE;
417
47990ea0 418 if (test_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
69ab39ea
JH		 419 settings |= MGMT_SETTING_LINK_SECURITY;
420
84bde9d6 421 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
69ab39ea
JH		 422 settings |= MGMT_SETTING_SSP;
423
6d80dfd0
JH		 424 if (test_bit(HCI_HS_ENABLED, &hdev->dev_flags))
425 settings |= MGMT_SETTING_HS;
426
eeca6f89
JH		 427 if (test_bit(HCI_LE_PERIPHERAL, &hdev->dev_flags))
428 settings |= MGMT_SETTING_ADVERTISING;
429
69ab39ea
JH		 430 return settings;
431}
432
ef580372
JH		 433#define PNP_INFO_SVCLASS_ID 0x1200
434
213202ed
JH		 435static u8 *create_uuid16_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
436{
437 u8 *ptr = data, *uuids_start = NULL;
438 struct bt_uuid *uuid;
439
440 if (len < 4)
441 return ptr;
442
443 list_for_each_entry(uuid, &hdev->uuids, list) {
444 u16 uuid16;
445
446 if (uuid->size != 16)
447 continue;
448
449 uuid16 = get_unaligned_le16(&uuid->uuid[12]);
450 if (uuid16 < 0x1100)
451 continue;
452
453 if (uuid16 == PNP_INFO_SVCLASS_ID)
454 continue;
455
456 if (!uuids_start) {
457 uuids_start = ptr;
458 uuids_start[0] = 1;
459 uuids_start[1] = EIR_UUID16_ALL;
460 ptr += 2;
461 }
462
463 /* Stop if not enough space to put next UUID */
464 if ((ptr - data) + sizeof(u16) > len) {
465 uuids_start[1] = EIR_UUID16_SOME;
466 break;
467 }
468
469 *ptr++ = (uuid16 & 0x00ff);
470 *ptr++ = (uuid16 & 0xff00) >> 8;
471 uuids_start[0] += sizeof(uuid16);
472 }
473
474 return ptr;
475}
476
cdf1963f
JH		 477static u8 *create_uuid32_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
478{
479 u8 *ptr = data, *uuids_start = NULL;
480 struct bt_uuid *uuid;
481
482 if (len < 6)
483 return ptr;
484
485 list_for_each_entry(uuid, &hdev->uuids, list) {
486 if (uuid->size != 32)
487 continue;
488
489 if (!uuids_start) {
490 uuids_start = ptr;
491 uuids_start[0] = 1;
492 uuids_start[1] = EIR_UUID32_ALL;
493 ptr += 2;
494 }
495
496 /* Stop if not enough space to put next UUID */
497 if ((ptr - data) + sizeof(u32) > len) {
498 uuids_start[1] = EIR_UUID32_SOME;
499 break;
500 }
501
502 memcpy(ptr, &uuid->uuid[12], sizeof(u32));
503 ptr += sizeof(u32);
504 uuids_start[0] += sizeof(u32);
505 }
506
507 return ptr;
508}
509
c00d575b
JH		 510static u8 *create_uuid128_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
511{
512 u8 *ptr = data, *uuids_start = NULL;
513 struct bt_uuid *uuid;
514
515 if (len < 18)
516 return ptr;
517
518 list_for_each_entry(uuid, &hdev->uuids, list) {
519 if (uuid->size != 128)
520 continue;
521
522 if (!uuids_start) {
523 uuids_start = ptr;
524 uuids_start[0] = 1;
525 uuids_start[1] = EIR_UUID128_ALL;
526 ptr += 2;
527 }
528
529 /* Stop if not enough space to put next UUID */
530 if ((ptr - data) + 16 > len) {
531 uuids_start[1] = EIR_UUID128_SOME;
532 break;
533 }
534
535 memcpy(ptr, uuid->uuid, 16);
536 ptr += 16;
537 uuids_start[0] += 16;
538 }
539
540 return ptr;
541}
542
ef580372
JH		 543static void create_eir(struct hci_dev *hdev, u8 *data)
544{
545 u8 *ptr = data;
ef580372
JH		 546 size_t name_len;
547
548 name_len = strlen(hdev->dev_name);
549
550 if (name_len > 0) {
551 /* EIR Data type */
552 if (name_len > 48) {
553 name_len = 48;
554 ptr[1] = EIR_NAME_SHORT;
555 } else
556 ptr[1] = EIR_NAME_COMPLETE;
557
558 /* EIR Data length */
559 ptr[0] = name_len + 1;
560
561 memcpy(ptr + 2, hdev->dev_name, name_len);
562
ef580372
JH		 563 ptr += (name_len + 2);
564 }
565
bbaf444a 566 if (hdev->inq_tx_power != HCI_TX_POWER_INVALID) {
91c4e9b1
MH		 567 ptr[0] = 2;
568 ptr[1] = EIR_TX_POWER;
569 ptr[2] = (u8) hdev->inq_tx_power;
570
91c4e9b1
MH		 571 ptr += 3;
572 }
573
2b9be137
MH		 574 if (hdev->devid_source > 0) {
575 ptr[0] = 9;
576 ptr[1] = EIR_DEVICE_ID;
577
578 put_unaligned_le16(hdev->devid_source, ptr + 2);
579 put_unaligned_le16(hdev->devid_vendor, ptr + 4);
580 put_unaligned_le16(hdev->devid_product, ptr + 6);
581 put_unaligned_le16(hdev->devid_version, ptr + 8);
582
2b9be137
MH		 583 ptr += 10;
584 }
585
213202ed 586 ptr = create_uuid16_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
cdf1963f 587 ptr = create_uuid32_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
c00d575b 588 ptr = create_uuid128_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
ef580372
JH		 589}
590
890ea898 591static void update_eir(struct hci_request *req)
ef580372 592{
890ea898 593 struct hci_dev *hdev = req->hdev;
ef580372
JH		 594 struct hci_cp_write_eir cp;
595
504c8dcd 596 if (!hdev_is_powered(hdev))
890ea898 597 return;
7770c4aa 598
976eb20e 599 if (!lmp_ext_inq_capable(hdev))
890ea898 600 return;
ef580372 601
84bde9d6 602 if (!test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
890ea898 603 return;
ef580372 604
a8b2d5c2 605 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
890ea898 606 return;
ef580372
JH		 607
608 memset(&cp, 0, sizeof(cp));
609
610 create_eir(hdev, cp.data);
611
612 if (memcmp(cp.data, hdev->eir, sizeof(cp.data)) == 0)
890ea898 613 return;
ef580372
JH		 614
615 memcpy(hdev->eir, cp.data, sizeof(cp.data));
616
890ea898 617 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
ef580372
JH		 618}
619
620static u8 get_service_classes(struct hci_dev *hdev)
621{
622 struct bt_uuid *uuid;
623 u8 val = 0;
624
625 list_for_each_entry(uuid, &hdev->uuids, list)
626 val |= uuid->svc_hint;
627
628 return val;
629}
630
890ea898 631static void update_class(struct hci_request *req)
ef580372 632{
890ea898 633 struct hci_dev *hdev = req->hdev;
ef580372
JH		 634 u8 cod[3];
635
636 BT_DBG("%s", hdev->name);
637
504c8dcd 638 if (!hdev_is_powered(hdev))
890ea898 639 return;
7770c4aa 640
a8b2d5c2 641 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
890ea898 642 return;
ef580372
JH		 643
644 cod[0] = hdev->minor_class;
645 cod[1] = hdev->major_class;
646 cod[2] = get_service_classes(hdev);
647
648 if (memcmp(cod, hdev->dev_class, 3) == 0)
890ea898 649 return;
ef580372 650
890ea898 651 hci_req_add(req, HCI_OP_WRITE_CLASS_OF_DEV, sizeof(cod), cod);
ef580372
JH		 652}
653
7d78525d
JH		 654static void service_cache_off(struct work_struct *work)
655{
656 struct hci_dev *hdev = container_of(work, struct hci_dev,
04124681 657 service_cache.work);
890ea898 658 struct hci_request req;
7d78525d 659
a8b2d5c2 660 if (!test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
7d78525d
JH		 661 return;
662
890ea898
JH		 663 hci_req_init(&req, hdev);
664
7d78525d
JH		 665 hci_dev_lock(hdev);
666
890ea898
JH		 667 update_eir(&req);
668 update_class(&req);
7d78525d
JH		 669
670 hci_dev_unlock(hdev);
890ea898
JH		 671
672 hci_req_run(&req, NULL);
7d78525d
JH		 673}
674
6a919082 675static void mgmt_init_hdev(struct sock *sk, struct hci_dev *hdev)
7d78525d 676{
4f87da80 677 if (test_and_set_bit(HCI_MGMT, &hdev->dev_flags))
6a919082
JH		 678 return;
679
4f87da80 680 INIT_DELAYED_WORK(&hdev->service_cache, service_cache_off);
7d78525d 681
4f87da80
JH		 682 /* Non-mgmt controlled devices get this bit set
683 * implicitly so that pairing works for them, however
684 * for mgmt we require user-space to explicitly enable
685 * it
686 */
687 clear_bit(HCI_PAIRABLE, &hdev->dev_flags);
7d78525d
JH		 688}
689
0f4e68cf 690static int read_controller_info(struct sock *sk, struct hci_dev *hdev,
04124681 691 void *data, u16 data_len)
0381101f 692{
a38528f1 693 struct mgmt_rp_read_info rp;
f7b64e69 694
bdb6d971 695 BT_DBG("sock %p %s", sk, hdev->name);
f7b64e69 696
09fd0de5 697 hci_dev_lock(hdev);
f7b64e69 698
dc4fe30b
JH		 699 memset(&rp, 0, sizeof(rp));
700
69ab39ea 701 bacpy(&rp.bdaddr, &hdev->bdaddr);
f7b64e69 702
69ab39ea 703 rp.version = hdev->hci_ver;
eb55ef07 704 rp.manufacturer = cpu_to_le16(hdev->manufacturer);
69ab39ea
JH		 705
706 rp.supported_settings = cpu_to_le32(get_supported_settings(hdev));
707 rp.current_settings = cpu_to_le32(get_current_settings(hdev));
f7b64e69 708
a38528f1 709 memcpy(rp.dev_class, hdev->dev_class, 3);
f7b64e69 710
dc4fe30b 711 memcpy(rp.name, hdev->dev_name, sizeof(hdev->dev_name));
27fcc362 712 memcpy(rp.short_name, hdev->short_name, sizeof(hdev->short_name));
dc4fe30b 713
09fd0de5 714 hci_dev_unlock(hdev);
0381101f 715
bdb6d971 716 return cmd_complete(sk, hdev->id, MGMT_OP_READ_INFO, 0, &rp,
04124681 717 sizeof(rp));
0381101f
JH		 718}
719
eec8d2bc
JH		 720static void mgmt_pending_free(struct pending_cmd *cmd)
721{
722 sock_put(cmd->sk);
c68fb7ff 723 kfree(cmd->param);
eec8d2bc
JH		 724 kfree(cmd);
725}
726
366a0336 727static struct pending_cmd *mgmt_pending_add(struct sock *sk, u16 opcode,
04124681
GP		 728 struct hci_dev *hdev, void *data,
729 u16 len)
eec8d2bc
JH		 730{
731 struct pending_cmd *cmd;
732
12b94565 733 cmd = kmalloc(sizeof(*cmd), GFP_KERNEL);
eec8d2bc 734 if (!cmd)
366a0336 735 return NULL;
eec8d2bc
JH		 736
737 cmd->opcode = opcode;
2e58ef3e 738 cmd->index = hdev->id;
eec8d2bc 739
12b94565 740 cmd->param = kmalloc(len, GFP_KERNEL);
c68fb7ff 741 if (!cmd->param) {
eec8d2bc 742 kfree(cmd);
366a0336 743 return NULL;
eec8d2bc
JH		 744 }
745
8fce6357
SJ		 746 if (data)
747 memcpy(cmd->param, data, len);
eec8d2bc
JH		 748
749 cmd->sk = sk;
750 sock_hold(sk);
751
2e58ef3e 752 list_add(&cmd->list, &hdev->mgmt_pending);
eec8d2bc 753
366a0336 754 return cmd;
eec8d2bc
JH		 755}
756
744cf19e 757static void mgmt_pending_foreach(u16 opcode, struct hci_dev *hdev,
8fc9ced3
GP		 758 void (*cb)(struct pending_cmd *cmd,
759 void *data),
04124681 760 void *data)
eec8d2bc 761{
a3d09356 762 struct pending_cmd *cmd, *tmp;
eec8d2bc 763
a3d09356 764 list_for_each_entry_safe(cmd, tmp, &hdev->mgmt_pending, list) {
b24752fe 765 if (opcode > 0 && cmd->opcode != opcode)
eec8d2bc
JH		 766 continue;
767
eec8d2bc
JH		 768 cb(cmd, data);
769 }
770}
771
2e58ef3e 772static struct pending_cmd *mgmt_pending_find(u16 opcode, struct hci_dev *hdev)
eec8d2bc 773{
8035ded4 774 struct pending_cmd *cmd;
eec8d2bc 775
2e58ef3e 776 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
2aeabcbe
JH		 777 if (cmd->opcode == opcode)
778 return cmd;
eec8d2bc
JH		 779 }
780
781 return NULL;
782}
783
a664b5bc 784static void mgmt_pending_remove(struct pending_cmd *cmd)
73f22f62 785{
73f22f62
JH		 786 list_del(&cmd->list);
787 mgmt_pending_free(cmd);
788}
789
69ab39ea 790static int send_settings_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
8680570b 791{
69ab39ea 792 __le32 settings = cpu_to_le32(get_current_settings(hdev));
8680570b 793
aee9b218 794 return cmd_complete(sk, hdev->id, opcode, 0, &settings,
04124681 795 sizeof(settings));
8680570b
JH		 796}
797
bdb6d971 798static int set_powered(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 799 u16 len)
eec8d2bc 800{
650f726d 801 struct mgmt_mode *cp = data;
366a0336 802 struct pending_cmd *cmd;
4b34ee78 803 int err;
eec8d2bc 804
bdb6d971 805 BT_DBG("request for %s", hdev->name);
eec8d2bc 806
a7e80f25
JH		 807 if (cp->val != 0x00 && cp->val != 0x01)
808 return cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
809 MGMT_STATUS_INVALID_PARAMS);
810
09fd0de5 811 hci_dev_lock(hdev);
eec8d2bc 812
87b95ba6
JH		 813 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev)) {
814 err = cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
815 MGMT_STATUS_BUSY);
816 goto failed;
817 }
818
f0d4b78a
MH		 819 if (test_and_clear_bit(HCI_AUTO_OFF, &hdev->dev_flags)) {
820 cancel_delayed_work(&hdev->power_off);
821
822 if (cp->val) {
a1d70450
JH		 823 mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev,
824 data, len);
825 err = mgmt_powered(hdev, 1);
f0d4b78a
MH		 826 goto failed;
827 }
828 }
829
4b34ee78 830 if (!!cp->val == hdev_is_powered(hdev)) {
69ab39ea 831 err = send_settings_rsp(sk, MGMT_OP_SET_POWERED, hdev);
eec8d2bc
JH		 832 goto failed;
833 }
834
2e58ef3e 835 cmd = mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev, data, len);
366a0336
JH		 836 if (!cmd) {
837 err = -ENOMEM;
eec8d2bc 838 goto failed;
366a0336 839 }
eec8d2bc 840
72a734ec 841 if (cp->val)
19202573 842 queue_work(hdev->req_workqueue, &hdev->power_on);
eec8d2bc 843 else
19202573 844 queue_work(hdev->req_workqueue, &hdev->power_off.work);
eec8d2bc 845
366a0336 846 err = 0;
eec8d2bc
JH		 847
848failed:
09fd0de5 849 hci_dev_unlock(hdev);
366a0336 850 return err;
eec8d2bc
JH		 851}
852
04124681
GP		 853static int mgmt_event(u16 event, struct hci_dev *hdev, void *data, u16 data_len,
854 struct sock *skip_sk)
beadb2bd
JH		 855{
856 struct sk_buff *skb;
857 struct mgmt_hdr *hdr;
858
790eff44 859 skb = alloc_skb(sizeof(*hdr) + data_len, GFP_KERNEL);
beadb2bd
JH		 860 if (!skb)
861 return -ENOMEM;
862
863 hdr = (void *) skb_put(skb, sizeof(*hdr));
864 hdr->opcode = cpu_to_le16(event);
865 if (hdev)
866 hdr->index = cpu_to_le16(hdev->id);
867 else
612dfce9 868 hdr->index = __constant_cpu_to_le16(MGMT_INDEX_NONE);
beadb2bd
JH		 869 hdr->len = cpu_to_le16(data_len);
870
871 if (data)
872 memcpy(skb_put(skb, data_len), data, data_len);
873
97e0bdeb
MH		 874 /* Time stamp */
875 __net_timestamp(skb);
876
beadb2bd
JH		 877 hci_send_to_control(skb, skip_sk);
878 kfree_skb(skb);
879
880 return 0;
881}
882
883static int new_settings(struct hci_dev *hdev, struct sock *skip)
884{
885 __le32 ev;
886
887 ev = cpu_to_le32(get_current_settings(hdev));
888
889 return mgmt_event(MGMT_EV_NEW_SETTINGS, hdev, &ev, sizeof(ev), skip);
890}
891
bd99abdd
JH		 892struct cmd_lookup {
893 struct sock *sk;
894 struct hci_dev *hdev;
895 u8 mgmt_status;
896};
897
898static void settings_rsp(struct pending_cmd *cmd, void *data)
899{
900 struct cmd_lookup *match = data;
901
902 send_settings_rsp(cmd->sk, cmd->opcode, match->hdev);
903
904 list_del(&cmd->list);
905
906 if (match->sk == NULL) {
907 match->sk = cmd->sk;
908 sock_hold(match->sk);
909 }
910
911 mgmt_pending_free(cmd);
912}
913
914static void cmd_status_rsp(struct pending_cmd *cmd, void *data)
915{
916 u8 *status = data;
917
918 cmd_status(cmd->sk, cmd->index, cmd->opcode, *status);
919 mgmt_pending_remove(cmd);
920}
921
bdb6d971 922static int set_discoverable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 923 u16 len)
73f22f62 924{
650f726d 925 struct mgmt_cp_set_discoverable *cp = data;
366a0336 926 struct pending_cmd *cmd;
5e5282bb 927 u16 timeout;
73f22f62
JH		 928 u8 scan;
929 int err;
930
bdb6d971 931 BT_DBG("request for %s", hdev->name);
73f22f62 932
56f87901 933 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
33c525c0
JH		 934 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
935 MGMT_STATUS_NOT_SUPPORTED);
936
a7e80f25
JH		 937 if (cp->val != 0x00 && cp->val != 0x01)
938 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
939 MGMT_STATUS_INVALID_PARAMS);
940
1f350c87 941 timeout = __le16_to_cpu(cp->timeout);
24c54a90 942 if (!cp->val && timeout > 0)
bdb6d971 943 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 944 MGMT_STATUS_INVALID_PARAMS);
73f22f62 945
09fd0de5 946 hci_dev_lock(hdev);
73f22f62 947
5e5282bb 948 if (!hdev_is_powered(hdev) && timeout > 0) {
bdb6d971 949 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 950 MGMT_STATUS_NOT_POWERED);
73f22f62
JH		 951 goto failed;
952 }
953
2e58ef3e 954 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
8ce8e2b5 955 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
bdb6d971 956 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 957 MGMT_STATUS_BUSY);
73f22f62
JH		 958 goto failed;
959 }
960
5e5282bb 961 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags)) {
bdb6d971 962 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 963 MGMT_STATUS_REJECTED);
5e5282bb
JH		 964 goto failed;
965 }
966
967 if (!hdev_is_powered(hdev)) {
0224d2fa
JH		 968 bool changed = false;
969
970 if (!!cp->val != test_bit(HCI_DISCOVERABLE, &hdev->dev_flags)) {
971 change_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
972 changed = true;
973 }
974
5e5282bb 975 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
0224d2fa
JH		 976 if (err < 0)
977 goto failed;
978
979 if (changed)
980 err = new_settings(hdev, sk);
981
5e5282bb
JH		 982 goto failed;
983 }
984
985 if (!!cp->val == test_bit(HCI_DISCOVERABLE, &hdev->dev_flags)) {
955638ec
MH		 986 if (hdev->discov_timeout > 0) {
987 cancel_delayed_work(&hdev->discov_off);
988 hdev->discov_timeout = 0;
989 }
990
991 if (cp->val && timeout > 0) {
992 hdev->discov_timeout = timeout;
993 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
994 msecs_to_jiffies(hdev->discov_timeout * 1000));
995 }
996
69ab39ea 997 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
73f22f62
JH		 998 goto failed;
999 }
1000
2e58ef3e 1001 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DISCOVERABLE, hdev, data, len);
366a0336
JH		 1002 if (!cmd) {
1003 err = -ENOMEM;
73f22f62 1004 goto failed;
366a0336 1005 }
73f22f62
JH		 1006
1007 scan = SCAN_PAGE;
1008
72a734ec 1009 if (cp->val)
73f22f62 1010 scan |= SCAN_INQUIRY;
16ab91ab 1011 else
e0f9309f 1012 cancel_delayed_work(&hdev->discov_off);
73f22f62
JH		 1013
1014 err = hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1015 if (err < 0)
a664b5bc 1016 mgmt_pending_remove(cmd);
73f22f62 1017
16ab91ab 1018 if (cp->val)
5e5282bb 1019 hdev->discov_timeout = timeout;
16ab91ab 1020
73f22f62 1021failed:
09fd0de5 1022 hci_dev_unlock(hdev);
73f22f62
JH		 1023 return err;
1024}
1025
406d7804
JH		 1026static void write_fast_connectable(struct hci_request *req, bool enable)
1027{
bd98b996 1028 struct hci_dev *hdev = req->hdev;
406d7804
JH		 1029 struct hci_cp_write_page_scan_activity acp;
1030 u8 type;
1031
4c01f8b8
JH		 1032 if (hdev->hci_ver < BLUETOOTH_VER_1_2)
1033 return;
1034
406d7804
JH		 1035 if (enable) {
1036 type = PAGE_SCAN_TYPE_INTERLACED;
1037
1038 /* 160 msec page scan interval */
1039 acp.interval = __constant_cpu_to_le16(0x0100);
1040 } else {
1041 type = PAGE_SCAN_TYPE_STANDARD; /* default */
1042
1043 /* default 1.28 sec page scan */
1044 acp.interval = __constant_cpu_to_le16(0x0800);
1045 }
1046
1047 acp.window = __constant_cpu_to_le16(0x0012);
1048
bd98b996
JH		 1049 if (__cpu_to_le16(hdev->page_scan_interval) != acp.interval ||
1050 __cpu_to_le16(hdev->page_scan_window) != acp.window)
1051 hci_req_add(req, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY,
1052 sizeof(acp), &acp);
1053
1054 if (hdev->page_scan_type != type)
1055 hci_req_add(req, HCI_OP_WRITE_PAGE_SCAN_TYPE, 1, &type);
406d7804
JH		 1056}
1057
2b76f453
JH		 1058static void set_connectable_complete(struct hci_dev *hdev, u8 status)
1059{
1060 struct pending_cmd *cmd;
1061
1062 BT_DBG("status 0x%02x", status);
1063
1064 hci_dev_lock(hdev);
1065
1066 cmd = mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
1067 if (!cmd)
1068 goto unlock;
1069
1070 send_settings_rsp(cmd->sk, MGMT_OP_SET_CONNECTABLE, hdev);
1071
1072 mgmt_pending_remove(cmd);
1073
1074unlock:
1075 hci_dev_unlock(hdev);
1076}
1077
bdb6d971 1078static int set_connectable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1079 u16 len)
9fbcbb45 1080{
650f726d 1081 struct mgmt_mode *cp = data;
366a0336 1082 struct pending_cmd *cmd;
2b76f453 1083 struct hci_request req;
9fbcbb45
JH		 1084 u8 scan;
1085 int err;
1086
bdb6d971 1087 BT_DBG("request for %s", hdev->name);
9fbcbb45 1088
56f87901 1089 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
33c525c0
JH		 1090 return cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1091 MGMT_STATUS_NOT_SUPPORTED);
1092
a7e80f25
JH		 1093 if (cp->val != 0x00 && cp->val != 0x01)
1094 return cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1095 MGMT_STATUS_INVALID_PARAMS);
1096
09fd0de5 1097 hci_dev_lock(hdev);
9fbcbb45 1098
4b34ee78 1099 if (!hdev_is_powered(hdev)) {
0224d2fa
JH		 1100 bool changed = false;
1101
1102 if (!!cp->val != test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
1103 changed = true;
1104
6bf0e469 1105 if (cp->val) {
5e5282bb 1106 set_bit(HCI_CONNECTABLE, &hdev->dev_flags);
6bf0e469 1107 } else {
5e5282bb
JH		 1108 clear_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1109 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
1110 }
0224d2fa 1111
5e5282bb 1112 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
0224d2fa
JH		 1113 if (err < 0)
1114 goto failed;
1115
1116 if (changed)
1117 err = new_settings(hdev, sk);
1118
9fbcbb45
JH		 1119 goto failed;
1120 }
1121
2e58ef3e 1122 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
8ce8e2b5 1123 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
bdb6d971 1124 err = cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
04124681 1125 MGMT_STATUS_BUSY);
9fbcbb45
JH		 1126 goto failed;
1127 }
1128
5e5282bb 1129 if (!!cp->val == test_bit(HCI_PSCAN, &hdev->flags)) {
69ab39ea 1130 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
9fbcbb45
JH		 1131 goto failed;
1132 }
1133
2e58ef3e 1134 cmd = mgmt_pending_add(sk, MGMT_OP_SET_CONNECTABLE, hdev, data, len);
366a0336
JH		 1135 if (!cmd) {
1136 err = -ENOMEM;
9fbcbb45 1137 goto failed;
366a0336 1138 }
9fbcbb45 1139
6bf0e469 1140 if (cp->val) {
9fbcbb45 1141 scan = SCAN_PAGE;
6bf0e469 1142 } else {
9fbcbb45
JH		 1143 scan = 0;
1144
df2c6c5e 1145 if (test_bit(HCI_ISCAN, &hdev->flags) &&
8ce8e2b5 1146 hdev->discov_timeout > 0)
df2c6c5e
JH		 1147 cancel_delayed_work(&hdev->discov_off);
1148 }
1149
2b76f453
JH		 1150 hci_req_init(&req, hdev);
1151
1152 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1153
4c01f8b8
JH		 1154 /* If we're going from non-connectable to connectable or
1155 * vice-versa when fast connectable is enabled ensure that fast
1156 * connectable gets disabled. write_fast_connectable won't do
1157 * anything if the page scan parameters are already what they
1158 * should be.
1159 */
1160 if (cp->val || test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags))
e36a3769
JH		 1161 write_fast_connectable(&req, false);
1162
2b76f453 1163 err = hci_req_run(&req, set_connectable_complete);
9fbcbb45 1164 if (err < 0)
a664b5bc 1165 mgmt_pending_remove(cmd);
9fbcbb45
JH		 1166
1167failed:
09fd0de5 1168 hci_dev_unlock(hdev);
9fbcbb45
JH		 1169 return err;
1170}
1171
bdb6d971 1172static int set_pairable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1173 u16 len)
c542a06c 1174{
650f726d 1175 struct mgmt_mode *cp = data;
c542a06c
JH		 1176 int err;
1177
bdb6d971 1178 BT_DBG("request for %s", hdev->name);
c542a06c 1179
a7e80f25
JH		 1180 if (cp->val != 0x00 && cp->val != 0x01)
1181 return cmd_status(sk, hdev->id, MGMT_OP_SET_PAIRABLE,
1182 MGMT_STATUS_INVALID_PARAMS);
1183
09fd0de5 1184 hci_dev_lock(hdev);
c542a06c
JH		 1185
1186 if (cp->val)
a8b2d5c2 1187 set_bit(HCI_PAIRABLE, &hdev->dev_flags);
c542a06c 1188 else
a8b2d5c2 1189 clear_bit(HCI_PAIRABLE, &hdev->dev_flags);
c542a06c 1190
69ab39ea 1191 err = send_settings_rsp(sk, MGMT_OP_SET_PAIRABLE, hdev);
c542a06c
JH		 1192 if (err < 0)
1193 goto failed;
1194
beadb2bd 1195 err = new_settings(hdev, sk);
c542a06c
JH		 1196
1197failed:
09fd0de5 1198 hci_dev_unlock(hdev);
c542a06c
JH		 1199 return err;
1200}
1201
04124681
GP		 1202static int set_link_security(struct sock *sk, struct hci_dev *hdev, void *data,
1203 u16 len)
33ef95ed
JH		 1204{
1205 struct mgmt_mode *cp = data;
1206 struct pending_cmd *cmd;
816a11d5 1207 u8 val;
33ef95ed
JH		 1208 int err;
1209
bdb6d971 1210 BT_DBG("request for %s", hdev->name);
33ef95ed 1211
56f87901 1212 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
33c525c0
JH		 1213 return cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1214 MGMT_STATUS_NOT_SUPPORTED);
1215
a7e80f25
JH		 1216 if (cp->val != 0x00 && cp->val != 0x01)
1217 return cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1218 MGMT_STATUS_INVALID_PARAMS);
1219
33ef95ed
JH		 1220 hci_dev_lock(hdev);
1221
4b34ee78 1222 if (!hdev_is_powered(hdev)) {
47990ea0
JH		 1223 bool changed = false;
1224
1225 if (!!cp->val != test_bit(HCI_LINK_SECURITY,
8ce8e2b5 1226 &hdev->dev_flags)) {
47990ea0
JH		 1227 change_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
1228 changed = true;
1229 }
1230
1231 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1232 if (err < 0)
1233 goto failed;
1234
1235 if (changed)
1236 err = new_settings(hdev, sk);
1237
33ef95ed
JH		 1238 goto failed;
1239 }
1240
1241 if (mgmt_pending_find(MGMT_OP_SET_LINK_SECURITY, hdev)) {
bdb6d971 1242 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
04124681 1243 MGMT_STATUS_BUSY);
33ef95ed
JH		 1244 goto failed;
1245 }
1246
1247 val = !!cp->val;
1248
1249 if (test_bit(HCI_AUTH, &hdev->flags) == val) {
1250 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1251 goto failed;
1252 }
1253
1254 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LINK_SECURITY, hdev, data, len);
1255 if (!cmd) {
1256 err = -ENOMEM;
1257 goto failed;
1258 }
1259
1260 err = hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE, sizeof(val), &val);
1261 if (err < 0) {
1262 mgmt_pending_remove(cmd);
1263 goto failed;
1264 }
1265
1266failed:
1267 hci_dev_unlock(hdev);
33ef95ed
JH		 1268 return err;
1269}
1270
bdb6d971 1271static int set_ssp(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
ed2c4ee3
JH		 1272{
1273 struct mgmt_mode *cp = data;
1274 struct pending_cmd *cmd;
816a11d5 1275 u8 val;
ed2c4ee3
JH		 1276 int err;
1277
bdb6d971 1278 BT_DBG("request for %s", hdev->name);
ed2c4ee3 1279
13ecd8b6
JH		 1280 if (!lmp_ssp_capable(hdev))
1281 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1282 MGMT_STATUS_NOT_SUPPORTED);
ed2c4ee3 1283
a7e80f25
JH		 1284 if (cp->val != 0x00 && cp->val != 0x01)
1285 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1286 MGMT_STATUS_INVALID_PARAMS);
1287
13ecd8b6 1288 hci_dev_lock(hdev);
6c8f12c1 1289
c0ecddc2
JH		 1290 val = !!cp->val;
1291
4b34ee78 1292 if (!hdev_is_powered(hdev)) {
c0ecddc2
JH		 1293 bool changed = false;
1294
1295 if (val != test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) {
1296 change_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
1297 changed = true;
1298 }
1299
1300 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1301 if (err < 0)
1302 goto failed;
1303
1304 if (changed)
1305 err = new_settings(hdev, sk);
1306
ed2c4ee3
JH		 1307 goto failed;
1308 }
1309
1310 if (mgmt_pending_find(MGMT_OP_SET_SSP, hdev)) {
d97dcb66
SJ		 1311 err = cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1312 MGMT_STATUS_BUSY);
ed2c4ee3
JH		 1313 goto failed;
1314 }
1315
ed2c4ee3
JH		 1316 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags) == val) {
1317 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1318 goto failed;
1319 }
1320
1321 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SSP, hdev, data, len);
1322 if (!cmd) {
1323 err = -ENOMEM;
1324 goto failed;
1325 }
1326
1327 err = hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, sizeof(val), &val);
1328 if (err < 0) {
1329 mgmt_pending_remove(cmd);
1330 goto failed;
1331 }
1332
1333failed:
1334 hci_dev_unlock(hdev);
ed2c4ee3
JH		 1335 return err;
1336}
1337
bdb6d971 1338static int set_hs(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
6d80dfd0
JH		 1339{
1340 struct mgmt_mode *cp = data;
ee392693
MH		 1341 bool changed;
1342 int err;
6d80dfd0 1343
bdb6d971 1344 BT_DBG("request for %s", hdev->name);
6d80dfd0 1345
56f87901 1346 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
bdb6d971 1347 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
04124681 1348 MGMT_STATUS_NOT_SUPPORTED);
6d80dfd0 1349
a7e80f25
JH		 1350 if (cp->val != 0x00 && cp->val != 0x01)
1351 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1352 MGMT_STATUS_INVALID_PARAMS);
1353
ee392693
MH		 1354 hci_dev_lock(hdev);
1355
a0cdf960 1356 if (cp->val) {
ee392693 1357 changed = !test_and_set_bit(HCI_HS_ENABLED, &hdev->dev_flags);
a0cdf960
MH		 1358 } else {
1359 if (hdev_is_powered(hdev)) {
1360 err = cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1361 MGMT_STATUS_REJECTED);
1362 goto unlock;
1363 }
1364
ee392693 1365 changed = test_and_clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
a0cdf960 1366 }
ee392693
MH		 1367
1368 err = send_settings_rsp(sk, MGMT_OP_SET_HS, hdev);
1369 if (err < 0)
1370 goto unlock;
1371
1372 if (changed)
1373 err = new_settings(hdev, sk);
6d80dfd0 1374
ee392693
MH		 1375unlock:
1376 hci_dev_unlock(hdev);
1377 return err;
6d80dfd0
JH		 1378}
1379
416a4ae5
JH		 1380static void le_enable_complete(struct hci_dev *hdev, u8 status)
1381{
1382 struct cmd_lookup match = { NULL, hdev };
1383
1384 if (status) {
1385 u8 mgmt_err = mgmt_status(status);
1386
1387 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, cmd_status_rsp,
1388 &mgmt_err);
1389 return;
1390 }
1391
1392 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, settings_rsp, &match);
1393
1394 new_settings(hdev, match.sk);
1395
1396 if (match.sk)
1397 sock_put(match.sk);
1398}
1399
bdb6d971 1400static int set_le(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
06199cf8
JH		 1401{
1402 struct mgmt_mode *cp = data;
1403 struct hci_cp_write_le_host_supported hci_cp;
1404 struct pending_cmd *cmd;
416a4ae5 1405 struct hci_request req;
06199cf8 1406 int err;
0b60eba1 1407 u8 val, enabled;
06199cf8 1408
bdb6d971 1409 BT_DBG("request for %s", hdev->name);
06199cf8 1410
13ecd8b6
JH		 1411 if (!lmp_le_capable(hdev))
1412 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1413 MGMT_STATUS_NOT_SUPPORTED);
1de028ce 1414
a7e80f25
JH		 1415 if (cp->val != 0x00 && cp->val != 0x01)
1416 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1417 MGMT_STATUS_INVALID_PARAMS);
1418
c73eee91 1419 /* LE-only devices do not allow toggling LE on/off */
56f87901 1420 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
c73eee91
JH		 1421 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1422 MGMT_STATUS_REJECTED);
1423
13ecd8b6 1424 hci_dev_lock(hdev);
06199cf8
JH		 1425
1426 val = !!cp->val;
ffa88e02 1427 enabled = lmp_host_le_capable(hdev);
06199cf8 1428
0b60eba1 1429 if (!hdev_is_powered(hdev) || val == enabled) {
06199cf8
JH		 1430 bool changed = false;
1431
1432 if (val != test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
1433 change_bit(HCI_LE_ENABLED, &hdev->dev_flags);
1434 changed = true;
1435 }
1436
eeca6f89
JH		 1437 if (!val && test_bit(HCI_LE_PERIPHERAL, &hdev->dev_flags)) {
1438 clear_bit(HCI_LE_PERIPHERAL, &hdev->dev_flags);
1439 changed = true;
1440 }
1441
06199cf8
JH		 1442 err = send_settings_rsp(sk, MGMT_OP_SET_LE, hdev);
1443 if (err < 0)
1de028ce 1444 goto unlock;
06199cf8
JH		 1445
1446 if (changed)
1447 err = new_settings(hdev, sk);
1448
1de028ce 1449 goto unlock;
06199cf8
JH		 1450 }
1451
4375f103
JH		 1452 if (mgmt_pending_find(MGMT_OP_SET_LE, hdev) ||
1453 mgmt_pending_find(MGMT_OP_SET_ADVERTISING, hdev)) {
bdb6d971 1454 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
04124681 1455 MGMT_STATUS_BUSY);
1de028ce 1456 goto unlock;
06199cf8
JH		 1457 }
1458
1459 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LE, hdev, data, len);
1460 if (!cmd) {
1461 err = -ENOMEM;
1de028ce 1462 goto unlock;
06199cf8
JH		 1463 }
1464
1465 memset(&hci_cp, 0, sizeof(hci_cp));
1466
1467 if (val) {
1468 hci_cp.le = val;
ffa88e02 1469 hci_cp.simul = lmp_le_br_capable(hdev);
06199cf8
JH		 1470 }
1471
416a4ae5
JH		 1472 hci_req_init(&req, hdev);
1473
eeca6f89
JH		 1474 if (test_bit(HCI_LE_PERIPHERAL, &hdev->dev_flags) && !val)
1475 hci_req_add(&req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(val), &val);
1476
416a4ae5
JH		 1477 hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(hci_cp),
1478 &hci_cp);
1479
1480 err = hci_req_run(&req, le_enable_complete);
0c01bc48 1481 if (err < 0)
06199cf8 1482 mgmt_pending_remove(cmd);
06199cf8 1483
1de028ce
JH		 1484unlock:
1485 hci_dev_unlock(hdev);
06199cf8
JH		 1486 return err;
1487}
1488
0cab9c80
JH		 1489/* This is a helper function to test for pending mgmt commands that can
1490 * cause CoD or EIR HCI commands. We can only allow one such pending
1491 * mgmt command at a time since otherwise we cannot easily track what
1492 * the current values are, will be, and based on that calculate if a new
1493 * HCI command needs to be sent and if yes with what value.
1494 */
1495static bool pending_eir_or_class(struct hci_dev *hdev)
1496{
1497 struct pending_cmd *cmd;
1498
1499 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
1500 switch (cmd->opcode) {
1501 case MGMT_OP_ADD_UUID:
1502 case MGMT_OP_REMOVE_UUID:
1503 case MGMT_OP_SET_DEV_CLASS:
1504 case MGMT_OP_SET_POWERED:
1505 return true;
1506 }
1507 }
1508
1509 return false;
1510}
1511
83be8eca
JH		 1512static const u8 bluetooth_base_uuid[] = {
1513 0xfb, 0x34, 0x9b, 0x5f, 0x80, 0x00, 0x00, 0x80,
1514 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1515};
1516
1517static u8 get_uuid_size(const u8 *uuid)
1518{
1519 u32 val;
1520
1521 if (memcmp(uuid, bluetooth_base_uuid, 12))
1522 return 128;
1523
1524 val = get_unaligned_le32(&uuid[12]);
1525 if (val > 0xffff)
1526 return 32;
1527
1528 return 16;
1529}
1530
92da6097
JH		 1531static void mgmt_class_complete(struct hci_dev *hdev, u16 mgmt_op, u8 status)
1532{
1533 struct pending_cmd *cmd;
1534
1535 hci_dev_lock(hdev);
1536
1537 cmd = mgmt_pending_find(mgmt_op, hdev);
1538 if (!cmd)
1539 goto unlock;
1540
1541 cmd_complete(cmd->sk, cmd->index, cmd->opcode, mgmt_status(status),
1542 hdev->dev_class, 3);
1543
1544 mgmt_pending_remove(cmd);
1545
1546unlock:
1547 hci_dev_unlock(hdev);
1548}
1549
1550static void add_uuid_complete(struct hci_dev *hdev, u8 status)
1551{
1552 BT_DBG("status 0x%02x", status);
1553
1554 mgmt_class_complete(hdev, MGMT_OP_ADD_UUID, status);
1555}
1556
bdb6d971 1557static int add_uuid(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
2aeb9a1a 1558{
650f726d 1559 struct mgmt_cp_add_uuid *cp = data;
90e70454 1560 struct pending_cmd *cmd;
890ea898 1561 struct hci_request req;
2aeb9a1a 1562 struct bt_uuid *uuid;
2aeb9a1a
JH		 1563 int err;
1564
bdb6d971 1565 BT_DBG("request for %s", hdev->name);
2aeb9a1a 1566
09fd0de5 1567 hci_dev_lock(hdev);
2aeb9a1a 1568
0cab9c80 1569 if (pending_eir_or_class(hdev)) {
bdb6d971 1570 err = cmd_status(sk, hdev->id, MGMT_OP_ADD_UUID,
04124681 1571 MGMT_STATUS_BUSY);
c95f0ba7
JH		 1572 goto failed;
1573 }
1574
92c4c204 1575 uuid = kmalloc(sizeof(*uuid), GFP_KERNEL);
2aeb9a1a
JH		 1576 if (!uuid) {
1577 err = -ENOMEM;
1578 goto failed;
1579 }
1580
1581 memcpy(uuid->uuid, cp->uuid, 16);
1aff6f09 1582 uuid->svc_hint = cp->svc_hint;
83be8eca 1583 uuid->size = get_uuid_size(cp->uuid);
2aeb9a1a 1584
de66aa63 1585 list_add_tail(&uuid->list, &hdev->uuids);
2aeb9a1a 1586
890ea898 1587 hci_req_init(&req, hdev);
1aff6f09 1588
890ea898
JH		 1589 update_class(&req);
1590 update_eir(&req);
1591
92da6097
JH		 1592 err = hci_req_run(&req, add_uuid_complete);
1593 if (err < 0) {
1594 if (err != -ENODATA)
1595 goto failed;
80a1e1db 1596
bdb6d971 1597 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_UUID, 0,
04124681 1598 hdev->dev_class, 3);
90e70454
JH		 1599 goto failed;
1600 }
1601
1602 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_UUID, hdev, data, len);
890ea898 1603 if (!cmd) {
90e70454 1604 err = -ENOMEM;
890ea898
JH		 1605 goto failed;
1606 }
1607
1608 err = 0;
2aeb9a1a
JH		 1609
1610failed:
09fd0de5 1611 hci_dev_unlock(hdev);
2aeb9a1a
JH		 1612 return err;
1613}
1614
24b78d0f
JH		 1615static bool enable_service_cache(struct hci_dev *hdev)
1616{
1617 if (!hdev_is_powered(hdev))
1618 return false;
1619
1620 if (!test_and_set_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
46818ed5
JH		 1621 queue_delayed_work(hdev->workqueue, &hdev->service_cache,
1622 CACHE_TIMEOUT);
24b78d0f
JH		 1623 return true;
1624 }
1625
1626 return false;
1627}
1628
92da6097
JH		 1629static void remove_uuid_complete(struct hci_dev *hdev, u8 status)
1630{
1631 BT_DBG("status 0x%02x", status);
1632
1633 mgmt_class_complete(hdev, MGMT_OP_REMOVE_UUID, status);
1634}
1635
bdb6d971 1636static int remove_uuid(struct sock *sk, struct hci_dev *hdev, void *data,
8ce8e2b5 1637 u16 len)
2aeb9a1a 1638{
650f726d 1639 struct mgmt_cp_remove_uuid *cp = data;
90e70454 1640 struct pending_cmd *cmd;
056341c8 1641 struct bt_uuid *match, *tmp;
2aeb9a1a 1642 u8 bt_uuid_any[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
890ea898 1643 struct hci_request req;
2aeb9a1a
JH		 1644 int err, found;
1645
bdb6d971 1646 BT_DBG("request for %s", hdev->name);
2aeb9a1a 1647
09fd0de5 1648 hci_dev_lock(hdev);
2aeb9a1a 1649
0cab9c80 1650 if (pending_eir_or_class(hdev)) {
bdb6d971 1651 err = cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
04124681 1652 MGMT_STATUS_BUSY);
c95f0ba7
JH		 1653 goto unlock;
1654 }
1655
2aeb9a1a
JH		 1656 if (memcmp(cp->uuid, bt_uuid_any, 16) == 0) {
1657 err = hci_uuids_clear(hdev);
4004b6d9 1658
24b78d0f 1659 if (enable_service_cache(hdev)) {
bdb6d971 1660 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID,
04124681 1661 0, hdev->dev_class, 3);
24b78d0f
JH		 1662 goto unlock;
1663 }
4004b6d9 1664
9246a869 1665 goto update_class;
2aeb9a1a
JH		 1666 }
1667
1668 found = 0;
1669
056341c8 1670 list_for_each_entry_safe(match, tmp, &hdev->uuids, list) {
2aeb9a1a
JH		 1671 if (memcmp(match->uuid, cp->uuid, 16) != 0)
1672 continue;
1673
1674 list_del(&match->list);
482049f7 1675 kfree(match);
2aeb9a1a
JH		 1676 found++;
1677 }
1678
1679 if (found == 0) {
bdb6d971 1680 err = cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
04124681 1681 MGMT_STATUS_INVALID_PARAMS);
2aeb9a1a
JH		 1682 goto unlock;
1683 }
1684
9246a869 1685update_class:
890ea898 1686 hci_req_init(&req, hdev);
1aff6f09 1687
890ea898
JH		 1688 update_class(&req);
1689 update_eir(&req);
1690
92da6097
JH		 1691 err = hci_req_run(&req, remove_uuid_complete);
1692 if (err < 0) {
1693 if (err != -ENODATA)
1694 goto unlock;
80a1e1db 1695
bdb6d971 1696 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID, 0,
04124681 1697 hdev->dev_class, 3);
90e70454
JH		 1698 goto unlock;
1699 }
1700
1701 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_UUID, hdev, data, len);
890ea898 1702 if (!cmd) {
90e70454 1703 err = -ENOMEM;
890ea898
JH		 1704 goto unlock;
1705 }
1706
1707 err = 0;
2aeb9a1a
JH		 1708
1709unlock:
09fd0de5 1710 hci_dev_unlock(hdev);
2aeb9a1a
JH		 1711 return err;
1712}
1713
92da6097
JH		 1714static void set_class_complete(struct hci_dev *hdev, u8 status)
1715{
1716 BT_DBG("status 0x%02x", status);
1717
1718 mgmt_class_complete(hdev, MGMT_OP_SET_DEV_CLASS, status);
1719}
1720
bdb6d971 1721static int set_dev_class(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1722 u16 len)
1aff6f09 1723{
650f726d 1724 struct mgmt_cp_set_dev_class *cp = data;
90e70454 1725 struct pending_cmd *cmd;
890ea898 1726 struct hci_request req;
1aff6f09
JH		 1727 int err;
1728
bdb6d971 1729 BT_DBG("request for %s", hdev->name);
1aff6f09 1730
56f87901 1731 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
13ecd8b6
JH		 1732 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
1733 MGMT_STATUS_NOT_SUPPORTED);
1aff6f09 1734
0cab9c80 1735 hci_dev_lock(hdev);
ee98f473 1736
0cab9c80
JH		 1737 if (pending_eir_or_class(hdev)) {
1738 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
1739 MGMT_STATUS_BUSY);
1740 goto unlock;
1741 }
c95f0ba7 1742
0cab9c80
JH		 1743 if ((cp->minor & 0x03) != 0 || (cp->major & 0xe0) != 0) {
1744 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
1745 MGMT_STATUS_INVALID_PARAMS);
1746 goto unlock;
1747 }
575b3a02 1748
932f5ff5
JH		 1749 hdev->major_class = cp->major;
1750 hdev->minor_class = cp->minor;
1751
b5235a65 1752 if (!hdev_is_powered(hdev)) {
bdb6d971 1753 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
04124681 1754 hdev->dev_class, 3);
b5235a65
JH		 1755 goto unlock;
1756 }
1757
890ea898
JH		 1758 hci_req_init(&req, hdev);
1759
a8b2d5c2 1760 if (test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
7d78525d
JH		 1761 hci_dev_unlock(hdev);
1762 cancel_delayed_work_sync(&hdev->service_cache);
1763 hci_dev_lock(hdev);
890ea898 1764 update_eir(&req);
7d78525d 1765 }
14c0b608 1766
890ea898
JH		 1767 update_class(&req);
1768
92da6097
JH		 1769 err = hci_req_run(&req, set_class_complete);
1770 if (err < 0) {
1771 if (err != -ENODATA)
1772 goto unlock;
1aff6f09 1773
bdb6d971 1774 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
04124681 1775 hdev->dev_class, 3);
90e70454
JH		 1776 goto unlock;
1777 }
1778
1779 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DEV_CLASS, hdev, data, len);
890ea898 1780 if (!cmd) {
90e70454 1781 err = -ENOMEM;
890ea898
JH		 1782 goto unlock;
1783 }
1784
1785 err = 0;
1aff6f09 1786
b5235a65 1787unlock:
09fd0de5 1788 hci_dev_unlock(hdev);
1aff6f09
JH		 1789 return err;
1790}
1791
bdb6d971 1792static int load_link_keys(struct sock *sk, struct hci_dev *hdev, void *data,
8ce8e2b5 1793 u16 len)
55ed8ca1 1794{
650f726d 1795 struct mgmt_cp_load_link_keys *cp = data;
4e51eae9 1796 u16 key_count, expected_len;
a492cd52 1797 int i;
55ed8ca1 1798
1f350c87 1799 key_count = __le16_to_cpu(cp->key_count);
55ed8ca1 1800
86742e1e
JH		 1801 expected_len = sizeof(*cp) + key_count *
1802 sizeof(struct mgmt_link_key_info);
a492cd52 1803 if (expected_len != len) {
86742e1e 1804 BT_ERR("load_link_keys: expected %u bytes, got %u bytes",
8ce8e2b5 1805 len, expected_len);
bdb6d971 1806 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
04124681 1807 MGMT_STATUS_INVALID_PARAMS);
55ed8ca1
JH		 1808 }
1809
4ae14301
JH		 1810 if (cp->debug_keys != 0x00 && cp->debug_keys != 0x01)
1811 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
1812 MGMT_STATUS_INVALID_PARAMS);
1813
bdb6d971 1814 BT_DBG("%s debug_keys %u key_count %u", hdev->name, cp->debug_keys,
8ce8e2b5 1815 key_count);
55ed8ca1 1816
4ee71b20
JH		 1817 for (i = 0; i < key_count; i++) {
1818 struct mgmt_link_key_info *key = &cp->keys[i];
1819
1820 if (key->addr.type != BDADDR_BREDR)
1821 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
1822 MGMT_STATUS_INVALID_PARAMS);
1823 }
1824
09fd0de5 1825 hci_dev_lock(hdev);
55ed8ca1
JH		 1826
1827 hci_link_keys_clear(hdev);
1828
55ed8ca1 1829 if (cp->debug_keys)
a8b2d5c2 1830 set_bit(HCI_DEBUG_KEYS, &hdev->dev_flags);
55ed8ca1 1831 else
a8b2d5c2 1832 clear_bit(HCI_DEBUG_KEYS, &hdev->dev_flags);
55ed8ca1 1833
a492cd52 1834 for (i = 0; i < key_count; i++) {
86742e1e 1835 struct mgmt_link_key_info *key = &cp->keys[i];
55ed8ca1 1836
d753fdc4 1837 hci_add_link_key(hdev, NULL, 0, &key->addr.bdaddr, key->val,
04124681 1838 key->type, key->pin_len);
55ed8ca1
JH		 1839 }
1840
bdb6d971 1841 cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS, 0, NULL, 0);
0e5f875a 1842
09fd0de5 1843 hci_dev_unlock(hdev);
55ed8ca1 1844
a492cd52 1845 return 0;
55ed8ca1
JH		 1846}
1847
b1078ad0 1848static int device_unpaired(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 1849 u8 addr_type, struct sock *skip_sk)
b1078ad0
JH		 1850{
1851 struct mgmt_ev_device_unpaired ev;
1852
1853 bacpy(&ev.addr.bdaddr, bdaddr);
1854 ev.addr.type = addr_type;
1855
1856 return mgmt_event(MGMT_EV_DEVICE_UNPAIRED, hdev, &ev, sizeof(ev),
04124681 1857 skip_sk);
b1078ad0
JH		 1858}
1859
bdb6d971 1860static int unpair_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1861 u16 len)
55ed8ca1 1862{
124f6e35
JH		 1863 struct mgmt_cp_unpair_device *cp = data;
1864 struct mgmt_rp_unpair_device rp;
a8a1d19e
JH		 1865 struct hci_cp_disconnect dc;
1866 struct pending_cmd *cmd;
55ed8ca1 1867 struct hci_conn *conn;
55ed8ca1
JH		 1868 int err;
1869
a8a1d19e 1870 memset(&rp, 0, sizeof(rp));
124f6e35
JH		 1871 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
1872 rp.addr.type = cp->addr.type;
a8a1d19e 1873
4ee71b20
JH		 1874 if (!bdaddr_type_is_valid(cp->addr.type))
1875 return cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
1876 MGMT_STATUS_INVALID_PARAMS,
1877 &rp, sizeof(rp));
1878
118da70b
JH		 1879 if (cp->disconnect != 0x00 && cp->disconnect != 0x01)
1880 return cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
1881 MGMT_STATUS_INVALID_PARAMS,
1882 &rp, sizeof(rp));
1883
4ee71b20
JH		 1884 hci_dev_lock(hdev);
1885
86a8cfc6 1886 if (!hdev_is_powered(hdev)) {
bdb6d971 1887 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
04124681 1888 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
86a8cfc6
JH		 1889 goto unlock;
1890 }
1891
591f47f3 1892 if (cp->addr.type == BDADDR_BREDR)
124f6e35
JH		 1893 err = hci_remove_link_key(hdev, &cp->addr.bdaddr);
1894 else
1895 err = hci_remove_ltk(hdev, &cp->addr.bdaddr);
b0dbfb46 1896
55ed8ca1 1897 if (err < 0) {
bdb6d971 1898 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
04124681 1899 MGMT_STATUS_NOT_PAIRED, &rp, sizeof(rp));
55ed8ca1
JH		 1900 goto unlock;
1901 }
1902
86a8cfc6 1903 if (cp->disconnect) {
591f47f3 1904 if (cp->addr.type == BDADDR_BREDR)
86a8cfc6 1905 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
8ce8e2b5 1906 &cp->addr.bdaddr);
86a8cfc6
JH		 1907 else
1908 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK,
8ce8e2b5 1909 &cp->addr.bdaddr);
86a8cfc6
JH		 1910 } else {
1911 conn = NULL;
1912 }
124f6e35 1913
a8a1d19e 1914 if (!conn) {
bdb6d971 1915 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE, 0,
04124681 1916 &rp, sizeof(rp));
b1078ad0 1917 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, sk);
a8a1d19e
JH		 1918 goto unlock;
1919 }
55ed8ca1 1920
124f6e35 1921 cmd = mgmt_pending_add(sk, MGMT_OP_UNPAIR_DEVICE, hdev, cp,
04124681 1922 sizeof(*cp));
a8a1d19e
JH		 1923 if (!cmd) {
1924 err = -ENOMEM;
1925 goto unlock;
55ed8ca1
JH		 1926 }
1927
eb55ef07 1928 dc.handle = cpu_to_le16(conn->handle);
a8a1d19e
JH		 1929 dc.reason = 0x13; /* Remote User Terminated Connection */
1930 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
1931 if (err < 0)
1932 mgmt_pending_remove(cmd);
1933
55ed8ca1 1934unlock:
09fd0de5 1935 hci_dev_unlock(hdev);
55ed8ca1
JH		 1936 return err;
1937}
1938
bdb6d971 1939static int disconnect(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1940 u16 len)
8962ee74 1941{
650f726d 1942 struct mgmt_cp_disconnect *cp = data;
06a63b19 1943 struct mgmt_rp_disconnect rp;
8962ee74 1944 struct hci_cp_disconnect dc;
366a0336 1945 struct pending_cmd *cmd;
8962ee74 1946 struct hci_conn *conn;
8962ee74
JH		 1947 int err;
1948
1949 BT_DBG("");
1950
06a63b19
JH		 1951 memset(&rp, 0, sizeof(rp));
1952 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
1953 rp.addr.type = cp->addr.type;
1954
4ee71b20 1955 if (!bdaddr_type_is_valid(cp->addr.type))
06a63b19
JH		 1956 return cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
1957 MGMT_STATUS_INVALID_PARAMS,
1958 &rp, sizeof(rp));
4ee71b20 1959
09fd0de5 1960 hci_dev_lock(hdev);
8962ee74
JH		 1961
1962 if (!test_bit(HCI_UP, &hdev->flags)) {
06a63b19
JH		 1963 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
1964 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
8962ee74
JH		 1965 goto failed;
1966 }
1967
2e58ef3e 1968 if (mgmt_pending_find(MGMT_OP_DISCONNECT, hdev)) {
06a63b19
JH		 1969 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
1970 MGMT_STATUS_BUSY, &rp, sizeof(rp));
8962ee74
JH		 1971 goto failed;
1972 }
1973
591f47f3 1974 if (cp->addr.type == BDADDR_BREDR)
8fc9ced3
GP		 1975 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
1976 &cp->addr.bdaddr);
88c3df13
JH		 1977 else
1978 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
365227e5 1979
f960727e 1980 if (!conn || conn->state == BT_OPEN || conn->state == BT_CLOSED) {
06a63b19
JH		 1981 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
1982 MGMT_STATUS_NOT_CONNECTED, &rp, sizeof(rp));
8962ee74
JH		 1983 goto failed;
1984 }
1985
2e58ef3e 1986 cmd = mgmt_pending_add(sk, MGMT_OP_DISCONNECT, hdev, data, len);
366a0336
JH		 1987 if (!cmd) {
1988 err = -ENOMEM;
8962ee74 1989 goto failed;
366a0336 1990 }
8962ee74 1991
eb55ef07 1992 dc.handle = cpu_to_le16(conn->handle);
3701f944 1993 dc.reason = HCI_ERROR_REMOTE_USER_TERM;
8962ee74
JH		 1994
1995 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
1996 if (err < 0)
a664b5bc 1997 mgmt_pending_remove(cmd);
8962ee74
JH		 1998
1999failed:
09fd0de5 2000 hci_dev_unlock(hdev);
8962ee74
JH		 2001 return err;
2002}
2003
57c1477c 2004static u8 link_to_bdaddr(u8 link_type, u8 addr_type)
4c659c39
JH		 2005{
2006 switch (link_type) {
2007 case LE_LINK:
48264f06
JH		 2008 switch (addr_type) {
2009 case ADDR_LE_DEV_PUBLIC:
591f47f3 2010 return BDADDR_LE_PUBLIC;
0ed09148 2011
48264f06 2012 default:
0ed09148 2013 /* Fallback to LE Random address type */
591f47f3 2014 return BDADDR_LE_RANDOM;
48264f06 2015 }
0ed09148 2016
4c659c39 2017 default:
0ed09148 2018 /* Fallback to BR/EDR type */
591f47f3 2019 return BDADDR_BREDR;
4c659c39
JH		 2020 }
2021}
2022
04124681
GP		 2023static int get_connections(struct sock *sk, struct hci_dev *hdev, void *data,
2024 u16 data_len)
2784eb41 2025{
2784eb41 2026 struct mgmt_rp_get_connections *rp;
8035ded4 2027 struct hci_conn *c;
a38528f1 2028 size_t rp_len;
60fc5fb6
JH		 2029 int err;
2030 u16 i;
2784eb41
JH		 2031
2032 BT_DBG("");
2033
09fd0de5 2034 hci_dev_lock(hdev);
2784eb41 2035
5f97c1df 2036 if (!hdev_is_powered(hdev)) {
bdb6d971 2037 err = cmd_status(sk, hdev->id, MGMT_OP_GET_CONNECTIONS,
04124681 2038 MGMT_STATUS_NOT_POWERED);
5f97c1df
JH		 2039 goto unlock;
2040 }
2041
60fc5fb6 2042 i = 0;
b644ba33
JH		 2043 list_for_each_entry(c, &hdev->conn_hash.list, list) {
2044 if (test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
60fc5fb6 2045 i++;
2784eb41
JH		 2046 }
2047
60fc5fb6 2048 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
92c4c204 2049 rp = kmalloc(rp_len, GFP_KERNEL);
a38528f1 2050 if (!rp) {
2784eb41
JH		 2051 err = -ENOMEM;
2052 goto unlock;
2053 }
2054
2784eb41 2055 i = 0;
4c659c39 2056 list_for_each_entry(c, &hdev->conn_hash.list, list) {
b644ba33
JH		 2057 if (!test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
2058 continue;
4c659c39 2059 bacpy(&rp->addr[i].bdaddr, &c->dst);
57c1477c 2060 rp->addr[i].type = link_to_bdaddr(c->type, c->dst_type);
0ed09148 2061 if (c->type == SCO_LINK || c->type == ESCO_LINK)
4c659c39
JH		 2062 continue;
2063 i++;
2064 }
2065
eb55ef07 2066 rp->conn_count = cpu_to_le16(i);
60fc5fb6 2067
4c659c39
JH		 2068 /* Recalculate length in case of filtered SCO connections, etc */
2069 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
2784eb41 2070
bdb6d971 2071 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CONNECTIONS, 0, rp,
04124681 2072 rp_len);
2784eb41 2073
a38528f1 2074 kfree(rp);
5f97c1df
JH		 2075
2076unlock:
09fd0de5 2077 hci_dev_unlock(hdev);
2784eb41
JH		 2078 return err;
2079}
2080
bdb6d971 2081static int send_pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 2082 struct mgmt_cp_pin_code_neg_reply *cp)
96d97a67
WR		 2083{
2084 struct pending_cmd *cmd;
2085 int err;
2086
2e58ef3e 2087 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_NEG_REPLY, hdev, cp,
04124681 2088 sizeof(*cp));
96d97a67
WR		 2089 if (!cmd)
2090 return -ENOMEM;
2091
d8457698 2092 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
04124681 2093 sizeof(cp->addr.bdaddr), &cp->addr.bdaddr);
96d97a67
WR		 2094 if (err < 0)
2095 mgmt_pending_remove(cmd);
2096
2097 return err;
2098}
2099
bdb6d971 2100static int pin_code_reply(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2101 u16 len)
980e1a53 2102{
96d97a67 2103 struct hci_conn *conn;
650f726d 2104 struct mgmt_cp_pin_code_reply *cp = data;
980e1a53 2105 struct hci_cp_pin_code_reply reply;
366a0336 2106 struct pending_cmd *cmd;
980e1a53
JH		 2107 int err;
2108
2109 BT_DBG("");
2110
09fd0de5 2111 hci_dev_lock(hdev);
980e1a53 2112
4b34ee78 2113 if (!hdev_is_powered(hdev)) {
bdb6d971 2114 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
04124681 2115 MGMT_STATUS_NOT_POWERED);
980e1a53
JH		 2116 goto failed;
2117 }
2118
d8457698 2119 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->addr.bdaddr);
96d97a67 2120 if (!conn) {
bdb6d971 2121 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
04124681 2122 MGMT_STATUS_NOT_CONNECTED);
96d97a67
WR		 2123 goto failed;
2124 }
2125
2126 if (conn->pending_sec_level == BT_SECURITY_HIGH && cp->pin_len != 16) {
d8457698
JH		 2127 struct mgmt_cp_pin_code_neg_reply ncp;
2128
2129 memcpy(&ncp.addr, &cp->addr, sizeof(ncp.addr));
96d97a67
WR		 2130
2131 BT_ERR("PIN code is not 16 bytes long");
2132
bdb6d971 2133 err = send_pin_code_neg_reply(sk, hdev, &ncp);
96d97a67 2134 if (err >= 0)
bdb6d971 2135 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
04124681 2136 MGMT_STATUS_INVALID_PARAMS);
96d97a67
WR		 2137
2138 goto failed;
2139 }
2140
00abfe44 2141 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_REPLY, hdev, data, len);
366a0336
JH		 2142 if (!cmd) {
2143 err = -ENOMEM;
980e1a53 2144 goto failed;
366a0336 2145 }
980e1a53 2146
d8457698 2147 bacpy(&reply.bdaddr, &cp->addr.bdaddr);
980e1a53 2148 reply.pin_len = cp->pin_len;
24718ca5 2149 memcpy(reply.pin_code, cp->pin_code, sizeof(reply.pin_code));
980e1a53
JH		 2150
2151 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_REPLY, sizeof(reply), &reply);
2152 if (err < 0)
a664b5bc 2153 mgmt_pending_remove(cmd);
980e1a53
JH		 2154
2155failed:
09fd0de5 2156 hci_dev_unlock(hdev);
980e1a53
JH		 2157 return err;
2158}
2159
04124681
GP		 2160static int set_io_capability(struct sock *sk, struct hci_dev *hdev, void *data,
2161 u16 len)
17fa4b9d 2162{
650f726d 2163 struct mgmt_cp_set_io_capability *cp = data;
17fa4b9d
JH		 2164
2165 BT_DBG("");
2166
09fd0de5 2167 hci_dev_lock(hdev);
17fa4b9d
JH		 2168
2169 hdev->io_capability = cp->io_capability;
2170
2171 BT_DBG("%s IO capability set to 0x%02x", hdev->name,
8ce8e2b5 2172 hdev->io_capability);
17fa4b9d 2173
09fd0de5 2174 hci_dev_unlock(hdev);
17fa4b9d 2175
04124681
GP		 2176 return cmd_complete(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY, 0, NULL,
2177 0);
17fa4b9d
JH		 2178}
2179
6039aa73 2180static struct pending_cmd *find_pairing(struct hci_conn *conn)
e9a416b5
JH		 2181{
2182 struct hci_dev *hdev = conn->hdev;
8035ded4 2183 struct pending_cmd *cmd;
e9a416b5 2184
2e58ef3e 2185 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
e9a416b5
JH		 2186 if (cmd->opcode != MGMT_OP_PAIR_DEVICE)
2187 continue;
2188
e9a416b5
JH		 2189 if (cmd->user_data != conn)
2190 continue;
2191
2192 return cmd;
2193 }
2194
2195 return NULL;
2196}
2197
2198static void pairing_complete(struct pending_cmd *cmd, u8 status)
2199{
2200 struct mgmt_rp_pair_device rp;
2201 struct hci_conn *conn = cmd->user_data;
2202
ba4e564f 2203 bacpy(&rp.addr.bdaddr, &conn->dst);
57c1477c 2204 rp.addr.type = link_to_bdaddr(conn->type, conn->dst_type);
e9a416b5 2205
aee9b218 2206 cmd_complete(cmd->sk, cmd->index, MGMT_OP_PAIR_DEVICE, status,
04124681 2207 &rp, sizeof(rp));
e9a416b5
JH		 2208
2209 /* So we don't get further callbacks for this connection */
2210 conn->connect_cfm_cb = NULL;
2211 conn->security_cfm_cb = NULL;
2212 conn->disconn_cfm_cb = NULL;
2213
76a68ba0 2214 hci_conn_drop(conn);
e9a416b5 2215
a664b5bc 2216 mgmt_pending_remove(cmd);
e9a416b5
JH		 2217}
2218
2219static void pairing_complete_cb(struct hci_conn *conn, u8 status)
2220{
2221 struct pending_cmd *cmd;
2222
2223 BT_DBG("status %u", status);
2224
2225 cmd = find_pairing(conn);
56e5cb86 2226 if (!cmd)
e9a416b5 2227 BT_DBG("Unable to find a pending command");
56e5cb86 2228 else
e211326c 2229 pairing_complete(cmd, mgmt_status(status));
e9a416b5
JH		 2230}
2231
4c47d739
VA		 2232static void le_connect_complete_cb(struct hci_conn *conn, u8 status)
2233{
2234 struct pending_cmd *cmd;
2235
2236 BT_DBG("status %u", status);
2237
2238 if (!status)
2239 return;
2240
2241 cmd = find_pairing(conn);
2242 if (!cmd)
2243 BT_DBG("Unable to find a pending command");
2244 else
2245 pairing_complete(cmd, mgmt_status(status));
2246}
2247
bdb6d971 2248static int pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2249 u16 len)
e9a416b5 2250{
650f726d 2251 struct mgmt_cp_pair_device *cp = data;
1425acb7 2252 struct mgmt_rp_pair_device rp;
e9a416b5
JH		 2253 struct pending_cmd *cmd;
2254 u8 sec_level, auth_type;
2255 struct hci_conn *conn;
e9a416b5
JH		 2256 int err;
2257
2258 BT_DBG("");
2259
f950a30e
SJ		 2260 memset(&rp, 0, sizeof(rp));
2261 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2262 rp.addr.type = cp->addr.type;
2263
4ee71b20
JH		 2264 if (!bdaddr_type_is_valid(cp->addr.type))
2265 return cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2266 MGMT_STATUS_INVALID_PARAMS,
2267 &rp, sizeof(rp));
2268
09fd0de5 2269 hci_dev_lock(hdev);
e9a416b5 2270
5f97c1df 2271 if (!hdev_is_powered(hdev)) {
f950a30e
SJ		 2272 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2273 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
5f97c1df
JH		 2274 goto unlock;
2275 }
2276
c908df36
VCG		 2277 sec_level = BT_SECURITY_MEDIUM;
2278 if (cp->io_cap == 0x03)
e9a416b5 2279 auth_type = HCI_AT_DEDICATED_BONDING;
c908df36 2280 else
e9a416b5 2281 auth_type = HCI_AT_DEDICATED_BONDING_MITM;
e9a416b5 2282
591f47f3 2283 if (cp->addr.type == BDADDR_BREDR)
b12f62cf
AG		 2284 conn = hci_connect(hdev, ACL_LINK, &cp->addr.bdaddr,
2285 cp->addr.type, sec_level, auth_type);
7a512d01 2286 else
b12f62cf
AG		 2287 conn = hci_connect(hdev, LE_LINK, &cp->addr.bdaddr,
2288 cp->addr.type, sec_level, auth_type);
7a512d01 2289
30e76272 2290 if (IS_ERR(conn)) {
489dc48e
AK		 2291 int status;
2292
2293 if (PTR_ERR(conn) == -EBUSY)
2294 status = MGMT_STATUS_BUSY;
2295 else
2296 status = MGMT_STATUS_CONNECT_FAILED;
2297
bdb6d971 2298 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
489dc48e 2299 status, &rp,
04124681 2300 sizeof(rp));
e9a416b5
JH		 2301 goto unlock;
2302 }
2303
2304 if (conn->connect_cfm_cb) {
76a68ba0 2305 hci_conn_drop(conn);
bdb6d971 2306 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
04124681 2307 MGMT_STATUS_BUSY, &rp, sizeof(rp));
e9a416b5
JH		 2308 goto unlock;
2309 }
2310
2e58ef3e 2311 cmd = mgmt_pending_add(sk, MGMT_OP_PAIR_DEVICE, hdev, data, len);
e9a416b5
JH		 2312 if (!cmd) {
2313 err = -ENOMEM;
76a68ba0 2314 hci_conn_drop(conn);
e9a416b5
JH		 2315 goto unlock;
2316 }
2317
7a512d01 2318 /* For LE, just connecting isn't a proof that the pairing finished */
591f47f3 2319 if (cp->addr.type == BDADDR_BREDR)
7a512d01 2320 conn->connect_cfm_cb = pairing_complete_cb;
4c47d739
VA		 2321 else
2322 conn->connect_cfm_cb = le_connect_complete_cb;
7a512d01 2323
e9a416b5
JH		 2324 conn->security_cfm_cb = pairing_complete_cb;
2325 conn->disconn_cfm_cb = pairing_complete_cb;
2326 conn->io_capability = cp->io_cap;
2327 cmd->user_data = conn;
2328
2329 if (conn->state == BT_CONNECTED &&
8ce8e2b5 2330 hci_conn_security(conn, sec_level, auth_type))
e9a416b5
JH		 2331 pairing_complete(cmd, 0);
2332
2333 err = 0;
2334
2335unlock:
09fd0de5 2336 hci_dev_unlock(hdev);
e9a416b5
JH		 2337 return err;
2338}
2339
04124681
GP		 2340static int cancel_pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
2341 u16 len)
28424707 2342{
0f4e68cf 2343 struct mgmt_addr_info *addr = data;
28424707
JH		 2344 struct pending_cmd *cmd;
2345 struct hci_conn *conn;
2346 int err;
2347
2348 BT_DBG("");
2349
28424707
JH		 2350 hci_dev_lock(hdev);
2351
5f97c1df 2352 if (!hdev_is_powered(hdev)) {
bdb6d971 2353 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
04124681 2354 MGMT_STATUS_NOT_POWERED);
5f97c1df
JH		 2355 goto unlock;
2356 }
2357
28424707
JH		 2358 cmd = mgmt_pending_find(MGMT_OP_PAIR_DEVICE, hdev);
2359 if (!cmd) {
bdb6d971 2360 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
04124681 2361 MGMT_STATUS_INVALID_PARAMS);
28424707
JH		 2362 goto unlock;
2363 }
2364
2365 conn = cmd->user_data;
2366
2367 if (bacmp(&addr->bdaddr, &conn->dst) != 0) {
bdb6d971 2368 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
04124681 2369 MGMT_STATUS_INVALID_PARAMS);
28424707
JH		 2370 goto unlock;
2371 }
2372
2373 pairing_complete(cmd, MGMT_STATUS_CANCELLED);
2374
bdb6d971 2375 err = cmd_complete(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE, 0,
04124681 2376 addr, sizeof(*addr));
28424707
JH		 2377unlock:
2378 hci_dev_unlock(hdev);
28424707
JH		 2379 return err;
2380}
2381
bdb6d971 2382static int user_pairing_resp(struct sock *sk, struct hci_dev *hdev,
1707c60e 2383 struct mgmt_addr_info *addr, u16 mgmt_op,
04124681 2384 u16 hci_op, __le32 passkey)
a5c29683 2385{
a5c29683 2386 struct pending_cmd *cmd;
0df4c185 2387 struct hci_conn *conn;
a5c29683
JH		 2388 int err;
2389
09fd0de5 2390 hci_dev_lock(hdev);
08ba5382 2391
4b34ee78 2392 if (!hdev_is_powered(hdev)) {
feb94d3d
JH		 2393 err = cmd_complete(sk, hdev->id, mgmt_op,
2394 MGMT_STATUS_NOT_POWERED, addr,
2395 sizeof(*addr));
0df4c185 2396 goto done;
a5c29683
JH		 2397 }
2398
1707c60e
JH		 2399 if (addr->type == BDADDR_BREDR)
2400 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &addr->bdaddr);
272d90df 2401 else
1707c60e 2402 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &addr->bdaddr);
272d90df
JH		 2403
2404 if (!conn) {
feb94d3d
JH		 2405 err = cmd_complete(sk, hdev->id, mgmt_op,
2406 MGMT_STATUS_NOT_CONNECTED, addr,
2407 sizeof(*addr));
272d90df
JH		 2408 goto done;
2409 }
47c15e2b 2410
1707c60e 2411 if (addr->type == BDADDR_LE_PUBLIC || addr->type == BDADDR_LE_RANDOM) {
47c15e2b 2412 /* Continue with pairing via SMP */
5fe57d9e
BG		 2413 err = smp_user_confirm_reply(conn, mgmt_op, passkey);
2414
2415 if (!err)
feb94d3d
JH		 2416 err = cmd_complete(sk, hdev->id, mgmt_op,
2417 MGMT_STATUS_SUCCESS, addr,
2418 sizeof(*addr));
5fe57d9e 2419 else
feb94d3d
JH		 2420 err = cmd_complete(sk, hdev->id, mgmt_op,
2421 MGMT_STATUS_FAILED, addr,
2422 sizeof(*addr));
47c15e2b 2423
47c15e2b
BG		 2424 goto done;
2425 }
2426
1707c60e 2427 cmd = mgmt_pending_add(sk, mgmt_op, hdev, addr, sizeof(*addr));
a5c29683
JH		 2428 if (!cmd) {
2429 err = -ENOMEM;
0df4c185 2430 goto done;
a5c29683
JH		 2431 }
2432
0df4c185 2433 /* Continue with pairing via HCI */
604086b7
BG		 2434 if (hci_op == HCI_OP_USER_PASSKEY_REPLY) {
2435 struct hci_cp_user_passkey_reply cp;
2436
1707c60e 2437 bacpy(&cp.bdaddr, &addr->bdaddr);
604086b7
BG		 2438 cp.passkey = passkey;
2439 err = hci_send_cmd(hdev, hci_op, sizeof(cp), &cp);
2440 } else
1707c60e
JH		 2441 err = hci_send_cmd(hdev, hci_op, sizeof(addr->bdaddr),
2442 &addr->bdaddr);
604086b7 2443
a664b5bc
JH		 2444 if (err < 0)
2445 mgmt_pending_remove(cmd);
a5c29683 2446
0df4c185 2447done:
09fd0de5 2448 hci_dev_unlock(hdev);
a5c29683
JH		 2449 return err;
2450}
2451
afeb019d
JK		 2452static int pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
2453 void *data, u16 len)
2454{
2455 struct mgmt_cp_pin_code_neg_reply *cp = data;
2456
2457 BT_DBG("");
2458
1707c60e 2459 return user_pairing_resp(sk, hdev, &cp->addr,
afeb019d
JK		 2460 MGMT_OP_PIN_CODE_NEG_REPLY,
2461 HCI_OP_PIN_CODE_NEG_REPLY, 0);
2462}
2463
04124681
GP		 2464static int user_confirm_reply(struct sock *sk, struct hci_dev *hdev, void *data,
2465 u16 len)
0df4c185 2466{
650f726d 2467 struct mgmt_cp_user_confirm_reply *cp = data;
0df4c185
BG		 2468
2469 BT_DBG("");
2470
2471 if (len != sizeof(*cp))
bdb6d971 2472 return cmd_status(sk, hdev->id, MGMT_OP_USER_CONFIRM_REPLY,
04124681 2473 MGMT_STATUS_INVALID_PARAMS);
0df4c185 2474
1707c60e 2475 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 2476 MGMT_OP_USER_CONFIRM_REPLY,
2477 HCI_OP_USER_CONFIRM_REPLY, 0);
0df4c185
BG		 2478}
2479
bdb6d971 2480static int user_confirm_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 2481 void *data, u16 len)
0df4c185 2482{
c9c2659f 2483 struct mgmt_cp_user_confirm_neg_reply *cp = data;
0df4c185
BG		 2484
2485 BT_DBG("");
2486
1707c60e 2487 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 2488 MGMT_OP_USER_CONFIRM_NEG_REPLY,
2489 HCI_OP_USER_CONFIRM_NEG_REPLY, 0);
0df4c185
BG		 2490}
2491
04124681
GP		 2492static int user_passkey_reply(struct sock *sk, struct hci_dev *hdev, void *data,
2493 u16 len)
604086b7 2494{
650f726d 2495 struct mgmt_cp_user_passkey_reply *cp = data;
604086b7
BG		 2496
2497 BT_DBG("");
2498
1707c60e 2499 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 2500 MGMT_OP_USER_PASSKEY_REPLY,
2501 HCI_OP_USER_PASSKEY_REPLY, cp->passkey);
604086b7
BG		 2502}
2503
bdb6d971 2504static int user_passkey_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 2505 void *data, u16 len)
604086b7 2506{
650f726d 2507 struct mgmt_cp_user_passkey_neg_reply *cp = data;
604086b7
BG		 2508
2509 BT_DBG("");
2510
1707c60e 2511 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 2512 MGMT_OP_USER_PASSKEY_NEG_REPLY,
2513 HCI_OP_USER_PASSKEY_NEG_REPLY, 0);
604086b7
BG		 2514}
2515
13928971 2516static void update_name(struct hci_request *req)
2b4bf397 2517{
13928971 2518 struct hci_dev *hdev = req->hdev;
2b4bf397
JH		 2519 struct hci_cp_write_local_name cp;
2520
13928971 2521 memcpy(cp.name, hdev->dev_name, sizeof(cp.name));
2b4bf397 2522
890ea898 2523 hci_req_add(req, HCI_OP_WRITE_LOCAL_NAME, sizeof(cp), &cp);
2b4bf397
JH		 2524}
2525
13928971
JH		 2526static void set_name_complete(struct hci_dev *hdev, u8 status)
2527{
2528 struct mgmt_cp_set_local_name *cp;
2529 struct pending_cmd *cmd;
2530
2531 BT_DBG("status 0x%02x", status);
2532
2533 hci_dev_lock(hdev);
2534
2535 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
2536 if (!cmd)
2537 goto unlock;
2538
2539 cp = cmd->param;
2540
2541 if (status)
2542 cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME,
2543 mgmt_status(status));
2544 else
2545 cmd_complete(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
2546 cp, sizeof(*cp));
2547
2548 mgmt_pending_remove(cmd);
2549
2550unlock:
2551 hci_dev_unlock(hdev);
2552}
2553
bdb6d971 2554static int set_local_name(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2555 u16 len)
b312b161 2556{
2b4bf397 2557 struct mgmt_cp_set_local_name *cp = data;
b312b161 2558 struct pending_cmd *cmd;
890ea898 2559 struct hci_request req;
b312b161
JH		 2560 int err;
2561
2562 BT_DBG("");
2563
09fd0de5 2564 hci_dev_lock(hdev);
b312b161 2565
b3f2ca94
JH		 2566 /* If the old values are the same as the new ones just return a
2567 * direct command complete event.
2568 */
2569 if (!memcmp(hdev->dev_name, cp->name, sizeof(hdev->dev_name)) &&
2570 !memcmp(hdev->short_name, cp->short_name,
2571 sizeof(hdev->short_name))) {
2572 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
2573 data, len);
2574 goto failed;
2575 }
2576
2b4bf397 2577 memcpy(hdev->short_name, cp->short_name, sizeof(hdev->short_name));
28cc7bde 2578
b5235a65 2579 if (!hdev_is_powered(hdev)) {
2b4bf397 2580 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
28cc7bde
JH		 2581
2582 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
04124681 2583 data, len);
28cc7bde
JH		 2584 if (err < 0)
2585 goto failed;
2586
2587 err = mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, data, len,
04124681 2588 sk);
28cc7bde 2589
b5235a65
JH		 2590 goto failed;
2591 }
2592
28cc7bde 2593 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LOCAL_NAME, hdev, data, len);
b312b161
JH		 2594 if (!cmd) {
2595 err = -ENOMEM;
2596 goto failed;
2597 }
2598
13928971
JH		 2599 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
2600
890ea898 2601 hci_req_init(&req, hdev);
3f985050
JH		 2602
2603 if (lmp_bredr_capable(hdev)) {
2604 update_name(&req);
2605 update_eir(&req);
2606 }
2607
2608 if (lmp_le_capable(hdev))
2609 hci_update_ad(&req);
2610
13928971 2611 err = hci_req_run(&req, set_name_complete);
b312b161
JH		 2612 if (err < 0)
2613 mgmt_pending_remove(cmd);
2614
2615failed:
09fd0de5 2616 hci_dev_unlock(hdev);
b312b161
JH		 2617 return err;
2618}
2619
0f4e68cf 2620static int read_local_oob_data(struct sock *sk, struct hci_dev *hdev,
04124681 2621 void *data, u16 data_len)
c35938b2 2622{
c35938b2
SJ		 2623 struct pending_cmd *cmd;
2624 int err;
2625
bdb6d971 2626 BT_DBG("%s", hdev->name);
c35938b2 2627
09fd0de5 2628 hci_dev_lock(hdev);
c35938b2 2629
4b34ee78 2630 if (!hdev_is_powered(hdev)) {
bdb6d971 2631 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
04124681 2632 MGMT_STATUS_NOT_POWERED);
c35938b2
SJ		 2633 goto unlock;
2634 }
2635
9a1a1996 2636 if (!lmp_ssp_capable(hdev)) {
bdb6d971 2637 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
04124681 2638 MGMT_STATUS_NOT_SUPPORTED);
c35938b2
SJ		 2639 goto unlock;
2640 }
2641
2e58ef3e 2642 if (mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev)) {
bdb6d971 2643 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
04124681 2644 MGMT_STATUS_BUSY);
c35938b2
SJ		 2645 goto unlock;
2646 }
2647
2e58ef3e 2648 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_DATA, hdev, NULL, 0);
c35938b2
SJ		 2649 if (!cmd) {
2650 err = -ENOMEM;
2651 goto unlock;
2652 }
2653
2654 err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL);
2655 if (err < 0)
2656 mgmt_pending_remove(cmd);
2657
2658unlock:
09fd0de5 2659 hci_dev_unlock(hdev);
c35938b2
SJ		 2660 return err;
2661}
2662
bdb6d971 2663static int add_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
04124681 2664 void *data, u16 len)
2763eda6 2665{
650f726d 2666 struct mgmt_cp_add_remote_oob_data *cp = data;
bf1e3541 2667 u8 status;
2763eda6
SJ		 2668 int err;
2669
bdb6d971 2670 BT_DBG("%s ", hdev->name);
2763eda6 2671
09fd0de5 2672 hci_dev_lock(hdev);
2763eda6 2673
664ce4cc 2674 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr, cp->hash,
04124681 2675 cp->randomizer);
2763eda6 2676 if (err < 0)
bf1e3541 2677 status = MGMT_STATUS_FAILED;
2763eda6 2678 else
a6785be2 2679 status = MGMT_STATUS_SUCCESS;
bf1e3541 2680
bdb6d971 2681 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA, status,
04124681 2682 &cp->addr, sizeof(cp->addr));
2763eda6 2683
09fd0de5 2684 hci_dev_unlock(hdev);
2763eda6
SJ		 2685 return err;
2686}
2687
bdb6d971 2688static int remove_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
8ce8e2b5 2689 void *data, u16 len)
2763eda6 2690{
650f726d 2691 struct mgmt_cp_remove_remote_oob_data *cp = data;
bf1e3541 2692 u8 status;
2763eda6
SJ		 2693 int err;
2694
bdb6d971 2695 BT_DBG("%s", hdev->name);
2763eda6 2696
09fd0de5 2697 hci_dev_lock(hdev);
2763eda6 2698
664ce4cc 2699 err = hci_remove_remote_oob_data(hdev, &cp->addr.bdaddr);
2763eda6 2700 if (err < 0)
bf1e3541 2701 status = MGMT_STATUS_INVALID_PARAMS;
2763eda6 2702 else
a6785be2 2703 status = MGMT_STATUS_SUCCESS;
bf1e3541 2704
bdb6d971 2705 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
04124681 2706 status, &cp->addr, sizeof(cp->addr));
2763eda6 2707
09fd0de5 2708 hci_dev_unlock(hdev);
2763eda6
SJ		 2709 return err;
2710}
2711
41dc2bd6
AG		 2712static int mgmt_start_discovery_failed(struct hci_dev *hdev, u8 status)
2713{
2714 struct pending_cmd *cmd;
2715 u8 type;
2716 int err;
2717
2718 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
2719
2720 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
2721 if (!cmd)
2722 return -ENOENT;
2723
2724 type = hdev->discovery.type;
2725
2726 err = cmd_complete(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status),
2727 &type, sizeof(type));
2728 mgmt_pending_remove(cmd);
2729
2730 return err;
2731}
2732
7c307720
AG		 2733static void start_discovery_complete(struct hci_dev *hdev, u8 status)
2734{
2735 BT_DBG("status %d", status);
2736
2737 if (status) {
2738 hci_dev_lock(hdev);
2739 mgmt_start_discovery_failed(hdev, status);
2740 hci_dev_unlock(hdev);
2741 return;
2742 }
2743
2744 hci_dev_lock(hdev);
2745 hci_discovery_set_state(hdev, DISCOVERY_FINDING);
2746 hci_dev_unlock(hdev);
2747
2748 switch (hdev->discovery.type) {
2749 case DISCOV_TYPE_LE:
2750 queue_delayed_work(hdev->workqueue, &hdev->le_scan_disable,
0d8cc935 2751 DISCOV_LE_TIMEOUT);
7c307720
AG		 2752 break;
2753
2754 case DISCOV_TYPE_INTERLEAVED:
2755 queue_delayed_work(hdev->workqueue, &hdev->le_scan_disable,
0d8cc935 2756 DISCOV_INTERLEAVED_TIMEOUT);
7c307720
AG		 2757 break;
2758
2759 case DISCOV_TYPE_BREDR:
2760 break;
2761
2762 default:
2763 BT_ERR("Invalid discovery type %d", hdev->discovery.type);
2764 }
2765}
2766
bdb6d971 2767static int start_discovery(struct sock *sk, struct hci_dev *hdev,
04124681 2768 void *data, u16 len)
14a53664 2769{
650f726d 2770 struct mgmt_cp_start_discovery *cp = data;
14a53664 2771 struct pending_cmd *cmd;
7c307720
AG		 2772 struct hci_cp_le_set_scan_param param_cp;
2773 struct hci_cp_le_set_scan_enable enable_cp;
2774 struct hci_cp_inquiry inq_cp;
2775 struct hci_request req;
2776 /* General inquiry access code (GIAC) */
2777 u8 lap[3] = { 0x33, 0x8b, 0x9e };
14a53664
JH		 2778 int err;
2779
bdb6d971 2780 BT_DBG("%s", hdev->name);
14a53664 2781
09fd0de5 2782 hci_dev_lock(hdev);
14a53664 2783
4b34ee78 2784 if (!hdev_is_powered(hdev)) {
bdb6d971 2785 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
04124681 2786 MGMT_STATUS_NOT_POWERED);
bd2d1334
JH		 2787 goto failed;
2788 }
2789
642be6c7
AG		 2790 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags)) {
2791 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2792 MGMT_STATUS_BUSY);
2793 goto failed;
2794 }
2795
ff9ef578 2796 if (hdev->discovery.state != DISCOVERY_STOPPED) {
bdb6d971 2797 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
04124681 2798 MGMT_STATUS_BUSY);
ff9ef578
JH		 2799 goto failed;
2800 }
2801
2e58ef3e 2802 cmd = mgmt_pending_add(sk, MGMT_OP_START_DISCOVERY, hdev, NULL, 0);
14a53664
JH		 2803 if (!cmd) {
2804 err = -ENOMEM;
2805 goto failed;
2806 }
2807
4aab14e5
AG		 2808 hdev->discovery.type = cp->type;
2809
7c307720
AG		 2810 hci_req_init(&req, hdev);
2811
4aab14e5 2812 switch (hdev->discovery.type) {
f39799f5 2813 case DISCOV_TYPE_BREDR:
56f87901 2814 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
04106755
JH		 2815 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2816 MGMT_STATUS_NOT_SUPPORTED);
2817 mgmt_pending_remove(cmd);
2818 goto failed;
2819 }
2820
7c307720
AG		 2821 if (test_bit(HCI_INQUIRY, &hdev->flags)) {
2822 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2823 MGMT_STATUS_BUSY);
2824 mgmt_pending_remove(cmd);
2825 goto failed;
2826 }
2827
2828 hci_inquiry_cache_flush(hdev);
2829
2830 memset(&inq_cp, 0, sizeof(inq_cp));
2831 memcpy(&inq_cp.lap, lap, sizeof(inq_cp.lap));
0d8cc935 2832 inq_cp.length = DISCOV_BREDR_INQUIRY_LEN;
7c307720 2833 hci_req_add(&req, HCI_OP_INQUIRY, sizeof(inq_cp), &inq_cp);
f39799f5
AG		 2834 break;
2835
2836 case DISCOV_TYPE_LE:
7c307720 2837 case DISCOV_TYPE_INTERLEAVED:
757aee0f 2838 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
04106755
JH		 2839 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2840 MGMT_STATUS_NOT_SUPPORTED);
2841 mgmt_pending_remove(cmd);
2842 goto failed;
2843 }
2844
7c307720 2845 if (hdev->discovery.type == DISCOV_TYPE_INTERLEAVED &&
56f87901 2846 !test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
04106755
JH		 2847 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2848 MGMT_STATUS_NOT_SUPPORTED);
2849 mgmt_pending_remove(cmd);
2850 goto failed;
2851 }
2852
7c307720
AG		 2853 if (test_bit(HCI_LE_PERIPHERAL, &hdev->dev_flags)) {
2854 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2855 MGMT_STATUS_REJECTED);
2856 mgmt_pending_remove(cmd);
2857 goto failed;
2858 }
2859
2860 if (test_bit(HCI_LE_SCAN, &hdev->dev_flags)) {
2861 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2862 MGMT_STATUS_BUSY);
2863 mgmt_pending_remove(cmd);
2864 goto failed;
2865 }
2866
2867 memset(&param_cp, 0, sizeof(param_cp));
2868 param_cp.type = LE_SCAN_ACTIVE;
0d8cc935
AG		 2869 param_cp.interval = cpu_to_le16(DISCOV_LE_SCAN_INT);
2870 param_cp.window = cpu_to_le16(DISCOV_LE_SCAN_WIN);
7c307720
AG		 2871 hci_req_add(&req, HCI_OP_LE_SET_SCAN_PARAM, sizeof(param_cp),
2872 &param_cp);
2873
2874 memset(&enable_cp, 0, sizeof(enable_cp));
2875 enable_cp.enable = LE_SCAN_ENABLE;
2876 enable_cp.filter_dup = LE_SCAN_FILTER_DUP_ENABLE;
2877 hci_req_add(&req, HCI_OP_LE_SET_SCAN_ENABLE, sizeof(enable_cp),
2878 &enable_cp);
5e0452c0
AG		 2879 break;
2880
f39799f5 2881 default:
04106755
JH		 2882 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2883 MGMT_STATUS_INVALID_PARAMS);
2884 mgmt_pending_remove(cmd);
2885 goto failed;
f39799f5 2886 }
3fd24153 2887
7c307720 2888 err = hci_req_run(&req, start_discovery_complete);
14a53664
JH		 2889 if (err < 0)
2890 mgmt_pending_remove(cmd);
ff9ef578
JH		 2891 else
2892 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
14a53664
JH		 2893
2894failed:
09fd0de5 2895 hci_dev_unlock(hdev);
14a53664
JH		 2896 return err;
2897}
2898
1183fdca
AG		 2899static int mgmt_stop_discovery_failed(struct hci_dev *hdev, u8 status)
2900{
2901 struct pending_cmd *cmd;
2902 int err;
2903
2904 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
2905 if (!cmd)
2906 return -ENOENT;
2907
2908 err = cmd_complete(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status),
2909 &hdev->discovery.type, sizeof(hdev->discovery.type));
2910 mgmt_pending_remove(cmd);
2911
2912 return err;
2913}
2914
0e05bba6
AG		 2915static void stop_discovery_complete(struct hci_dev *hdev, u8 status)
2916{
2917 BT_DBG("status %d", status);
2918
2919 hci_dev_lock(hdev);
2920
2921 if (status) {
2922 mgmt_stop_discovery_failed(hdev, status);
2923 goto unlock;
2924 }
2925
2926 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
2927
2928unlock:
2929 hci_dev_unlock(hdev);
2930}
2931
bdb6d971 2932static int stop_discovery(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2933 u16 len)
14a53664 2934{
d930650b 2935 struct mgmt_cp_stop_discovery *mgmt_cp = data;
14a53664 2936 struct pending_cmd *cmd;
30dc78e1
JH		 2937 struct hci_cp_remote_name_req_cancel cp;
2938 struct inquiry_entry *e;
0e05bba6
AG		 2939 struct hci_request req;
2940 struct hci_cp_le_set_scan_enable enable_cp;
14a53664
JH		 2941 int err;
2942
bdb6d971 2943 BT_DBG("%s", hdev->name);
14a53664 2944
09fd0de5 2945 hci_dev_lock(hdev);
14a53664 2946
30dc78e1 2947 if (!hci_discovery_active(hdev)) {
bdb6d971 2948 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
04124681
GP		 2949 MGMT_STATUS_REJECTED, &mgmt_cp->type,
2950 sizeof(mgmt_cp->type));
d930650b
JH		 2951 goto unlock;
2952 }
2953
2954 if (hdev->discovery.type != mgmt_cp->type) {
bdb6d971 2955 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
04124681
GP		 2956 MGMT_STATUS_INVALID_PARAMS, &mgmt_cp->type,
2957 sizeof(mgmt_cp->type));
30dc78e1 2958 goto unlock;
ff9ef578
JH		 2959 }
2960
2e58ef3e 2961 cmd = mgmt_pending_add(sk, MGMT_OP_STOP_DISCOVERY, hdev, NULL, 0);
14a53664
JH		 2962 if (!cmd) {
2963 err = -ENOMEM;
30dc78e1
JH		 2964 goto unlock;
2965 }
2966
0e05bba6
AG		 2967 hci_req_init(&req, hdev);
2968
e0d9727e
AG		 2969 switch (hdev->discovery.state) {
2970 case DISCOVERY_FINDING:
0e05bba6
AG		 2971 if (test_bit(HCI_INQUIRY, &hdev->flags)) {
2972 hci_req_add(&req, HCI_OP_INQUIRY_CANCEL, 0, NULL);
2973 } else {
2974 cancel_delayed_work(&hdev->le_scan_disable);
2975
2976 memset(&enable_cp, 0, sizeof(enable_cp));
2977 enable_cp.enable = LE_SCAN_DISABLE;
2978 hci_req_add(&req, HCI_OP_LE_SET_SCAN_ENABLE,
2979 sizeof(enable_cp), &enable_cp);
2980 }
c9ecc48e 2981
e0d9727e
AG		 2982 break;
2983
2984 case DISCOVERY_RESOLVING:
2985 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY,
8ce8e2b5 2986 NAME_PENDING);
e0d9727e 2987 if (!e) {
30dc78e1 2988 mgmt_pending_remove(cmd);
e0d9727e
AG		 2989 err = cmd_complete(sk, hdev->id,
2990 MGMT_OP_STOP_DISCOVERY, 0,
2991 &mgmt_cp->type,
2992 sizeof(mgmt_cp->type));
2993 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
2994 goto unlock;
2995 }
30dc78e1 2996
e0d9727e 2997 bacpy(&cp.bdaddr, &e->data.bdaddr);
0e05bba6
AG		 2998 hci_req_add(&req, HCI_OP_REMOTE_NAME_REQ_CANCEL, sizeof(cp),
2999 &cp);
e0d9727e
AG		 3000
3001 break;
3002
3003 default:
3004 BT_DBG("unknown discovery state %u", hdev->discovery.state);
0e05bba6
AG		 3005
3006 mgmt_pending_remove(cmd);
3007 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
3008 MGMT_STATUS_FAILED, &mgmt_cp->type,
3009 sizeof(mgmt_cp->type));
3010 goto unlock;
14a53664
JH		 3011 }
3012
0e05bba6 3013 err = hci_req_run(&req, stop_discovery_complete);
14a53664
JH		 3014 if (err < 0)
3015 mgmt_pending_remove(cmd);
ff9ef578
JH		 3016 else
3017 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
14a53664 3018
30dc78e1 3019unlock:
09fd0de5 3020 hci_dev_unlock(hdev);
14a53664
JH		 3021 return err;
3022}
3023
bdb6d971 3024static int confirm_name(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3025 u16 len)
561aafbc 3026{
650f726d 3027 struct mgmt_cp_confirm_name *cp = data;
561aafbc 3028 struct inquiry_entry *e;
561aafbc
JH		 3029 int err;
3030
bdb6d971 3031 BT_DBG("%s", hdev->name);
561aafbc 3032
561aafbc
JH		 3033 hci_dev_lock(hdev);
3034
30dc78e1 3035 if (!hci_discovery_active(hdev)) {
bdb6d971 3036 err = cmd_status(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
04124681 3037 MGMT_STATUS_FAILED);
30dc78e1
JH		 3038 goto failed;
3039 }
3040
a198e7b1 3041 e = hci_inquiry_cache_lookup_unknown(hdev, &cp->addr.bdaddr);
561aafbc 3042 if (!e) {
bdb6d971 3043 err = cmd_status(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
04124681 3044 MGMT_STATUS_INVALID_PARAMS);
561aafbc
JH		 3045 goto failed;
3046 }
3047
3048 if (cp->name_known) {
3049 e->name_state = NAME_KNOWN;
3050 list_del(&e->list);
3051 } else {
3052 e->name_state = NAME_NEEDED;
a3d4e20a 3053 hci_inquiry_cache_update_resolve(hdev, e);
561aafbc
JH		 3054 }
3055
e384662b
JH		 3056 err = cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME, 0, &cp->addr,
3057 sizeof(cp->addr));
561aafbc
JH		 3058
3059failed:
3060 hci_dev_unlock(hdev);
561aafbc
JH		 3061 return err;
3062}
3063
bdb6d971 3064static int block_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3065 u16 len)
7fbec224 3066{
650f726d 3067 struct mgmt_cp_block_device *cp = data;
f0eeea8b 3068 u8 status;
7fbec224
AJ		 3069 int err;
3070
bdb6d971 3071 BT_DBG("%s", hdev->name);
7fbec224 3072
4ee71b20 3073 if (!bdaddr_type_is_valid(cp->addr.type))
5d0846d4
JH		 3074 return cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE,
3075 MGMT_STATUS_INVALID_PARAMS,
3076 &cp->addr, sizeof(cp->addr));
4ee71b20 3077
09fd0de5 3078 hci_dev_lock(hdev);
5e762444 3079
88c1fe4b 3080 err = hci_blacklist_add(hdev, &cp->addr.bdaddr, cp->addr.type);
7fbec224 3081 if (err < 0)
f0eeea8b 3082 status = MGMT_STATUS_FAILED;
7fbec224 3083 else
a6785be2 3084 status = MGMT_STATUS_SUCCESS;
f0eeea8b 3085
bdb6d971 3086 err = cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE, status,
04124681 3087 &cp->addr, sizeof(cp->addr));
5e762444 3088
09fd0de5 3089 hci_dev_unlock(hdev);
7fbec224
AJ		 3090
3091 return err;
3092}
3093
bdb6d971 3094static int unblock_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3095 u16 len)
7fbec224 3096{
650f726d 3097 struct mgmt_cp_unblock_device *cp = data;
f0eeea8b 3098 u8 status;
7fbec224
AJ		 3099 int err;
3100
bdb6d971 3101 BT_DBG("%s", hdev->name);
7fbec224 3102
4ee71b20 3103 if (!bdaddr_type_is_valid(cp->addr.type))
5d0846d4
JH		 3104 return cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE,
3105 MGMT_STATUS_INVALID_PARAMS,
3106 &cp->addr, sizeof(cp->addr));
4ee71b20 3107
09fd0de5 3108 hci_dev_lock(hdev);
5e762444 3109
88c1fe4b 3110 err = hci_blacklist_del(hdev, &cp->addr.bdaddr, cp->addr.type);
7fbec224 3111 if (err < 0)
f0eeea8b 3112 status = MGMT_STATUS_INVALID_PARAMS;
7fbec224 3113 else
a6785be2 3114 status = MGMT_STATUS_SUCCESS;
f0eeea8b 3115
bdb6d971 3116 err = cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE, status,
04124681 3117 &cp->addr, sizeof(cp->addr));
5e762444 3118
09fd0de5 3119 hci_dev_unlock(hdev);
7fbec224
AJ		 3120
3121 return err;
3122}
3123
cdbaccca
MH		 3124static int set_device_id(struct sock *sk, struct hci_dev *hdev, void *data,
3125 u16 len)
3126{
3127 struct mgmt_cp_set_device_id *cp = data;
890ea898 3128 struct hci_request req;
cdbaccca 3129 int err;
c72d4b8a 3130 __u16 source;
cdbaccca
MH		 3131
3132 BT_DBG("%s", hdev->name);
3133
c72d4b8a
SJ		 3134 source = __le16_to_cpu(cp->source);
3135
3136 if (source > 0x0002)
3137 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEVICE_ID,
3138 MGMT_STATUS_INVALID_PARAMS);
3139
cdbaccca
MH		 3140 hci_dev_lock(hdev);
3141
c72d4b8a 3142 hdev->devid_source = source;
cdbaccca
MH		 3143 hdev->devid_vendor = __le16_to_cpu(cp->vendor);
3144 hdev->devid_product = __le16_to_cpu(cp->product);
3145 hdev->devid_version = __le16_to_cpu(cp->version);
3146
3147 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEVICE_ID, 0, NULL, 0);
3148
890ea898
JH		 3149 hci_req_init(&req, hdev);
3150 update_eir(&req);
3151 hci_req_run(&req, NULL);
cdbaccca
MH		 3152
3153 hci_dev_unlock(hdev);
3154
3155 return err;
3156}
3157
4375f103
JH		 3158static void set_advertising_complete(struct hci_dev *hdev, u8 status)
3159{
3160 struct cmd_lookup match = { NULL, hdev };
3161
3162 if (status) {
3163 u8 mgmt_err = mgmt_status(status);
3164
3165 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev,
3166 cmd_status_rsp, &mgmt_err);
3167 return;
3168 }
3169
3170 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev, settings_rsp,
3171 &match);
3172
3173 new_settings(hdev, match.sk);
3174
3175 if (match.sk)
3176 sock_put(match.sk);
3177}
3178
3179static int set_advertising(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
3180{
3181 struct mgmt_mode *cp = data;
3182 struct pending_cmd *cmd;
3183 struct hci_request req;
3184 u8 val, enabled;
3185 int err;
3186
3187 BT_DBG("request for %s", hdev->name);
3188
3189 if (!lmp_le_capable(hdev))
3190 return cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
3191 MGMT_STATUS_NOT_SUPPORTED);
3192
3193 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
3194 return cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
3195 MGMT_STATUS_REJECTED);
3196
3197 if (cp->val != 0x00 && cp->val != 0x01)
3198 return cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
3199 MGMT_STATUS_INVALID_PARAMS);
3200
3201 hci_dev_lock(hdev);
3202
3203 val = !!cp->val;
3204 enabled = test_bit(HCI_LE_PERIPHERAL, &hdev->dev_flags);
3205
3206 if (!hdev_is_powered(hdev) || val == enabled) {
3207 bool changed = false;
3208
3209 if (val != test_bit(HCI_LE_PERIPHERAL, &hdev->dev_flags)) {
3210 change_bit(HCI_LE_PERIPHERAL, &hdev->dev_flags);
3211 changed = true;
3212 }
3213
3214 err = send_settings_rsp(sk, MGMT_OP_SET_ADVERTISING, hdev);
3215 if (err < 0)
3216 goto unlock;
3217
3218 if (changed)
3219 err = new_settings(hdev, sk);
3220
3221 goto unlock;
3222 }
3223
3224 if (mgmt_pending_find(MGMT_OP_SET_ADVERTISING, hdev) ||
3225 mgmt_pending_find(MGMT_OP_SET_LE, hdev)) {
3226 err = cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
3227 MGMT_STATUS_BUSY);
3228 goto unlock;
3229 }
3230
3231 cmd = mgmt_pending_add(sk, MGMT_OP_SET_ADVERTISING, hdev, data, len);
3232 if (!cmd) {
3233 err = -ENOMEM;
3234 goto unlock;
3235 }
3236
3237 hci_req_init(&req, hdev);
3238
3239 hci_req_add(&req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(val), &val);
3240
3241 err = hci_req_run(&req, set_advertising_complete);
3242 if (err < 0)
3243 mgmt_pending_remove(cmd);
3244
3245unlock:
3246 hci_dev_unlock(hdev);
3247 return err;
3248}
3249
33e38b3e
JH		 3250static void fast_connectable_complete(struct hci_dev *hdev, u8 status)
3251{
3252 struct pending_cmd *cmd;
3253
3254 BT_DBG("status 0x%02x", status);
3255
3256 hci_dev_lock(hdev);
3257
3258 cmd = mgmt_pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev);
3259 if (!cmd)
3260 goto unlock;
3261
3262 if (status) {
3263 cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
3264 mgmt_status(status));
3265 } else {
1a4d3c4b
JH		 3266 struct mgmt_mode *cp = cmd->param;
3267
3268 if (cp->val)
3269 set_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
3270 else
3271 clear_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
3272
33e38b3e
JH		 3273 send_settings_rsp(cmd->sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev);
3274 new_settings(hdev, cmd->sk);
3275 }
3276
3277 mgmt_pending_remove(cmd);
3278
3279unlock:
3280 hci_dev_unlock(hdev);
3281}
3282
bdb6d971 3283static int set_fast_connectable(struct sock *sk, struct hci_dev *hdev,
04124681 3284 void *data, u16 len)
f6422ec6 3285{
650f726d 3286 struct mgmt_mode *cp = data;
33e38b3e
JH		 3287 struct pending_cmd *cmd;
3288 struct hci_request req;
f6422ec6
AJ		 3289 int err;
3290
bdb6d971 3291 BT_DBG("%s", hdev->name);
f6422ec6 3292
56f87901
JH		 3293 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags) ||
3294 hdev->hci_ver < BLUETOOTH_VER_1_2)
33c525c0
JH		 3295 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
3296 MGMT_STATUS_NOT_SUPPORTED);
3297
a7e80f25
JH		 3298 if (cp->val != 0x00 && cp->val != 0x01)
3299 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
3300 MGMT_STATUS_INVALID_PARAMS);
3301
5400c044 3302 if (!hdev_is_powered(hdev))
bdb6d971 3303 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
04124681 3304 MGMT_STATUS_NOT_POWERED);
5400c044
JH		 3305
3306 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
bdb6d971 3307 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
04124681 3308 MGMT_STATUS_REJECTED);
f6422ec6
AJ		 3309
3310 hci_dev_lock(hdev);
3311
05cbf29f
JH		 3312 if (mgmt_pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev)) {
3313 err = cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
3314 MGMT_STATUS_BUSY);
3315 goto unlock;
3316 }
3317
1a4d3c4b
JH		 3318 if (!!cp->val == test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags)) {
3319 err = send_settings_rsp(sk, MGMT_OP_SET_FAST_CONNECTABLE,
3320 hdev);
3321 goto unlock;
3322 }
3323
33e38b3e
JH		 3324 cmd = mgmt_pending_add(sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev,
3325 data, len);
3326 if (!cmd) {
3327 err = -ENOMEM;
3328 goto unlock;
f6422ec6
AJ		 3329 }
3330
33e38b3e
JH		 3331 hci_req_init(&req, hdev);
3332
406d7804 3333 write_fast_connectable(&req, cp->val);
33e38b3e
JH		 3334
3335 err = hci_req_run(&req, fast_connectable_complete);
f6422ec6 3336 if (err < 0) {
bdb6d971 3337 err = cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
04124681 3338 MGMT_STATUS_FAILED);
33e38b3e 3339 mgmt_pending_remove(cmd);
f6422ec6
AJ		 3340 }
3341
33e38b3e 3342unlock:
f6422ec6 3343 hci_dev_unlock(hdev);
33e38b3e 3344
f6422ec6
AJ		 3345 return err;
3346}
3347
0663ca2a
JH		 3348static void set_bredr_complete(struct hci_dev *hdev, u8 status)
3349{
3350 struct pending_cmd *cmd;
3351
3352 BT_DBG("status 0x%02x", status);
3353
3354 hci_dev_lock(hdev);
3355
3356 cmd = mgmt_pending_find(MGMT_OP_SET_BREDR, hdev);
3357 if (!cmd)
3358 goto unlock;
3359
3360 if (status) {
3361 u8 mgmt_err = mgmt_status(status);
3362
3363 /* We need to restore the flag if related HCI commands
3364 * failed.
3365 */
3366 clear_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
3367
3368 cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
3369 } else {
3370 send_settings_rsp(cmd->sk, MGMT_OP_SET_BREDR, hdev);
3371 new_settings(hdev, cmd->sk);
3372 }
3373
3374 mgmt_pending_remove(cmd);
3375
3376unlock:
3377 hci_dev_unlock(hdev);
3378}
3379
3380static int set_bredr(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
3381{
3382 struct mgmt_mode *cp = data;
3383 struct pending_cmd *cmd;
3384 struct hci_request req;
3385 int err;
3386
3387 BT_DBG("request for %s", hdev->name);
3388
3389 if (!lmp_bredr_capable(hdev) || !lmp_le_capable(hdev))
3390 return cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
3391 MGMT_STATUS_NOT_SUPPORTED);
3392
3393 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
3394 return cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
3395 MGMT_STATUS_REJECTED);
3396
3397 if (cp->val != 0x00 && cp->val != 0x01)
3398 return cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
3399 MGMT_STATUS_INVALID_PARAMS);
3400
3401 hci_dev_lock(hdev);
3402
3403 if (cp->val == test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
3404 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
3405 goto unlock;
3406 }
3407
3408 if (!hdev_is_powered(hdev)) {
3409 if (!cp->val) {
3410 clear_bit(HCI_CONNECTABLE, &hdev->dev_flags);
3411 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
3412 clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
3413 clear_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
3414 clear_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
3415 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
3416 }
3417
3418 change_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
3419
3420 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
3421 if (err < 0)
3422 goto unlock;
3423
3424 err = new_settings(hdev, sk);
3425 goto unlock;
3426 }
3427
3428 /* Reject disabling when powered on */
3429 if (!cp->val) {
3430 err = cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
3431 MGMT_STATUS_REJECTED);
3432 goto unlock;
3433 }
3434
3435 if (mgmt_pending_find(MGMT_OP_SET_BREDR, hdev)) {
3436 err = cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
3437 MGMT_STATUS_BUSY);
3438 goto unlock;
3439 }
3440
3441 cmd = mgmt_pending_add(sk, MGMT_OP_SET_BREDR, hdev, data, len);
3442 if (!cmd) {
3443 err = -ENOMEM;
3444 goto unlock;
3445 }
3446
3447 /* We need to flip the bit already here so that hci_update_ad
3448 * generates the correct flags.
3449 */
3450 set_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
3451
3452 hci_req_init(&req, hdev);
3453 hci_update_ad(&req);
3454 err = hci_req_run(&req, set_bredr_complete);
3455 if (err < 0)
3456 mgmt_pending_remove(cmd);
3457
3458unlock:
3459 hci_dev_unlock(hdev);
3460 return err;
3461}
3462
3f706b72
JH		 3463static bool ltk_is_valid(struct mgmt_ltk_info *key)
3464{
44b20d33
JH		 3465 if (key->authenticated != 0x00 && key->authenticated != 0x01)
3466 return false;
3f706b72
JH		 3467 if (key->master != 0x00 && key->master != 0x01)
3468 return false;
4ee71b20
JH		 3469 if (!bdaddr_type_is_le(key->addr.type))
3470 return false;
3f706b72
JH		 3471 return true;
3472}
3473
bdb6d971 3474static int load_long_term_keys(struct sock *sk, struct hci_dev *hdev,
04124681 3475 void *cp_data, u16 len)
346af67b 3476{
346af67b
VCG		 3477 struct mgmt_cp_load_long_term_keys *cp = cp_data;
3478 u16 key_count, expected_len;
715a5bf2 3479 int i, err;
346af67b 3480
1f350c87 3481 key_count = __le16_to_cpu(cp->key_count);
346af67b
VCG		 3482
3483 expected_len = sizeof(*cp) + key_count *
3484 sizeof(struct mgmt_ltk_info);
3485 if (expected_len != len) {
3486 BT_ERR("load_keys: expected %u bytes, got %u bytes",
8ce8e2b5 3487 len, expected_len);
bdb6d971 3488 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
e57e619f 3489 MGMT_STATUS_INVALID_PARAMS);
346af67b
VCG		 3490 }
3491
bdb6d971 3492 BT_DBG("%s key_count %u", hdev->name, key_count);
346af67b 3493
54ad6d8a
JH		 3494 for (i = 0; i < key_count; i++) {
3495 struct mgmt_ltk_info *key = &cp->keys[i];
3496
3f706b72 3497 if (!ltk_is_valid(key))
54ad6d8a
JH		 3498 return cmd_status(sk, hdev->id,
3499 MGMT_OP_LOAD_LONG_TERM_KEYS,
3500 MGMT_STATUS_INVALID_PARAMS);
3501 }
3502
346af67b
VCG		 3503 hci_dev_lock(hdev);
3504
3505 hci_smp_ltks_clear(hdev);
3506
3507 for (i = 0; i < key_count; i++) {
3508 struct mgmt_ltk_info *key = &cp->keys[i];
3509 u8 type;
3510
3511 if (key->master)
3512 type = HCI_SMP_LTK;
3513 else
3514 type = HCI_SMP_LTK_SLAVE;
3515
4596fde5 3516 hci_add_ltk(hdev, &key->addr.bdaddr,
378b5b7e 3517 bdaddr_to_le(key->addr.type),
04124681
GP		 3518 type, 0, key->authenticated, key->val,
3519 key->enc_size, key->ediv, key->rand);
346af67b
VCG		 3520 }
3521
715a5bf2
JH		 3522 err = cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS, 0,
3523 NULL, 0);
3524
346af67b 3525 hci_dev_unlock(hdev);
346af67b 3526
715a5bf2 3527 return err;
346af67b
VCG		 3528}
3529
2e3c35ea 3530static const struct mgmt_handler {
04124681
GP		 3531 int (*func) (struct sock *sk, struct hci_dev *hdev, void *data,
3532 u16 data_len);
be22b54e
JH		 3533 bool var_len;
3534 size_t data_len;
0f4e68cf
JH		 3535} mgmt_handlers[] = {
3536 { NULL }, /* 0x0000 (no command) */
be22b54e
JH		 3537 { read_version, false, MGMT_READ_VERSION_SIZE },
3538 { read_commands, false, MGMT_READ_COMMANDS_SIZE },
3539 { read_index_list, false, MGMT_READ_INDEX_LIST_SIZE },
3540 { read_controller_info, false, MGMT_READ_INFO_SIZE },
3541 { set_powered, false, MGMT_SETTING_SIZE },
3542 { set_discoverable, false, MGMT_SET_DISCOVERABLE_SIZE },
3543 { set_connectable, false, MGMT_SETTING_SIZE },
3544 { set_fast_connectable, false, MGMT_SETTING_SIZE },
3545 { set_pairable, false, MGMT_SETTING_SIZE },
3546 { set_link_security, false, MGMT_SETTING_SIZE },
3547 { set_ssp, false, MGMT_SETTING_SIZE },
3548 { set_hs, false, MGMT_SETTING_SIZE },
3549 { set_le, false, MGMT_SETTING_SIZE },
3550 { set_dev_class, false, MGMT_SET_DEV_CLASS_SIZE },
3551 { set_local_name, false, MGMT_SET_LOCAL_NAME_SIZE },
3552 { add_uuid, false, MGMT_ADD_UUID_SIZE },
3553 { remove_uuid, false, MGMT_REMOVE_UUID_SIZE },
3554 { load_link_keys, true, MGMT_LOAD_LINK_KEYS_SIZE },
3555 { load_long_term_keys, true, MGMT_LOAD_LONG_TERM_KEYS_SIZE },
3556 { disconnect, false, MGMT_DISCONNECT_SIZE },
3557 { get_connections, false, MGMT_GET_CONNECTIONS_SIZE },
3558 { pin_code_reply, false, MGMT_PIN_CODE_REPLY_SIZE },
3559 { pin_code_neg_reply, false, MGMT_PIN_CODE_NEG_REPLY_SIZE },
3560 { set_io_capability, false, MGMT_SET_IO_CAPABILITY_SIZE },
3561 { pair_device, false, MGMT_PAIR_DEVICE_SIZE },
3562 { cancel_pair_device, false, MGMT_CANCEL_PAIR_DEVICE_SIZE },
3563 { unpair_device, false, MGMT_UNPAIR_DEVICE_SIZE },
3564 { user_confirm_reply, false, MGMT_USER_CONFIRM_REPLY_SIZE },
3565 { user_confirm_neg_reply, false, MGMT_USER_CONFIRM_NEG_REPLY_SIZE },
3566 { user_passkey_reply, false, MGMT_USER_PASSKEY_REPLY_SIZE },
3567 { user_passkey_neg_reply, false, MGMT_USER_PASSKEY_NEG_REPLY_SIZE },
3568 { read_local_oob_data, false, MGMT_READ_LOCAL_OOB_DATA_SIZE },
3569 { add_remote_oob_data, false, MGMT_ADD_REMOTE_OOB_DATA_SIZE },
3570 { remove_remote_oob_data, false, MGMT_REMOVE_REMOTE_OOB_DATA_SIZE },
3571 { start_discovery, false, MGMT_START_DISCOVERY_SIZE },
3572 { stop_discovery, false, MGMT_STOP_DISCOVERY_SIZE },
3573 { confirm_name, false, MGMT_CONFIRM_NAME_SIZE },
3574 { block_device, false, MGMT_BLOCK_DEVICE_SIZE },
3575 { unblock_device, false, MGMT_UNBLOCK_DEVICE_SIZE },
cdbaccca 3576 { set_device_id, false, MGMT_SET_DEVICE_ID_SIZE },
4375f103 3577 { set_advertising, false, MGMT_SETTING_SIZE },
0663ca2a 3578 { set_bredr, false, MGMT_SETTING_SIZE },
0f4e68cf
JH		 3579};
3580
3581
0381101f
JH		 3582int mgmt_control(struct sock *sk, struct msghdr *msg, size_t msglen)
3583{
650f726d
VCG		 3584 void *buf;
3585 u8 *cp;
0381101f 3586 struct mgmt_hdr *hdr;
4e51eae9 3587 u16 opcode, index, len;
bdb6d971 3588 struct hci_dev *hdev = NULL;
2e3c35ea 3589 const struct mgmt_handler *handler;
0381101f
JH		 3590 int err;
3591
3592 BT_DBG("got %zu bytes", msglen);
3593
3594 if (msglen < sizeof(*hdr))
3595 return -EINVAL;
3596
e63a15ec 3597 buf = kmalloc(msglen, GFP_KERNEL);
0381101f
JH		 3598 if (!buf)
3599 return -ENOMEM;
3600
3601 if (memcpy_fromiovec(buf, msg->msg_iov, msglen)) {
3602 err = -EFAULT;
3603 goto done;
3604 }
3605
650f726d 3606 hdr = buf;
1f350c87
MH		 3607 opcode = __le16_to_cpu(hdr->opcode);
3608 index = __le16_to_cpu(hdr->index);
3609 len = __le16_to_cpu(hdr->len);
0381101f
JH		 3610
3611 if (len != msglen - sizeof(*hdr)) {
3612 err = -EINVAL;
3613 goto done;
3614 }
3615
0f4e68cf 3616 if (index != MGMT_INDEX_NONE) {
bdb6d971
JH		 3617 hdev = hci_dev_get(index);
3618 if (!hdev) {
3619 err = cmd_status(sk, index, opcode,
04124681 3620 MGMT_STATUS_INVALID_INDEX);
bdb6d971
JH		 3621 goto done;
3622 }
0736cfa8
MH		 3623
3624 if (test_bit(HCI_USER_CHANNEL, &hdev->dev_flags)) {
3625 err = cmd_status(sk, index, opcode,
3626 MGMT_STATUS_INVALID_INDEX);
3627 goto done;
3628 }
bdb6d971
JH		 3629 }
3630
0f4e68cf 3631 if (opcode >= ARRAY_SIZE(mgmt_handlers) ||
8ce8e2b5 3632 mgmt_handlers[opcode].func == NULL) {
0381101f 3633 BT_DBG("Unknown op %u", opcode);
ca69b795 3634 err = cmd_status(sk, index, opcode,
04124681 3635 MGMT_STATUS_UNKNOWN_COMMAND);
0f4e68cf
JH		 3636 goto done;
3637 }
3638
3639 if ((hdev && opcode < MGMT_OP_READ_INFO) ||
8ce8e2b5 3640 (!hdev && opcode >= MGMT_OP_READ_INFO)) {
0f4e68cf 3641 err = cmd_status(sk, index, opcode,
04124681 3642 MGMT_STATUS_INVALID_INDEX);
0f4e68cf 3643 goto done;
0381101f
JH		 3644 }
3645
be22b54e
JH		 3646 handler = &mgmt_handlers[opcode];
3647
3648 if ((handler->var_len && len < handler->data_len) ||
8ce8e2b5 3649 (!handler->var_len && len != handler->data_len)) {
be22b54e 3650 err = cmd_status(sk, index, opcode,
04124681 3651 MGMT_STATUS_INVALID_PARAMS);
be22b54e
JH		 3652 goto done;
3653 }
3654
0f4e68cf
JH		 3655 if (hdev)
3656 mgmt_init_hdev(sk, hdev);
3657
3658 cp = buf + sizeof(*hdr);
3659
be22b54e 3660 err = handler->func(sk, hdev, cp, len);
e41d8b4e
JH		 3661 if (err < 0)
3662 goto done;
3663
0381101f
JH		 3664 err = msglen;
3665
3666done:
bdb6d971
JH		 3667 if (hdev)
3668 hci_dev_put(hdev);
3669
0381101f
JH		 3670 kfree(buf);
3671 return err;
3672}
c71e97bf 3673
744cf19e 3674int mgmt_index_added(struct hci_dev *hdev)
c71e97bf 3675{
bb4b2a9a
AE		 3676 if (!mgmt_valid_hdev(hdev))
3677 return -ENOTSUPP;
3678
744cf19e 3679 return mgmt_event(MGMT_EV_INDEX_ADDED, hdev, NULL, 0, NULL);
c71e97bf
JH		 3680}
3681
744cf19e 3682int mgmt_index_removed(struct hci_dev *hdev)
c71e97bf 3683{
5f159032 3684 u8 status = MGMT_STATUS_INVALID_INDEX;
b24752fe 3685
bb4b2a9a
AE		 3686 if (!mgmt_valid_hdev(hdev))
3687 return -ENOTSUPP;
3688
744cf19e 3689 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status);
b24752fe 3690
744cf19e 3691 return mgmt_event(MGMT_EV_INDEX_REMOVED, hdev, NULL, 0, NULL);
eec8d2bc
JH		 3692}
3693
890ea898 3694static void set_bredr_scan(struct hci_request *req)
7f0ae647 3695{
890ea898 3696 struct hci_dev *hdev = req->hdev;
7f0ae647
JH		 3697 u8 scan = 0;
3698
4c01f8b8
JH		 3699 /* Ensure that fast connectable is disabled. This function will
3700 * not do anything if the page scan parameters are already what
3701 * they should be.
3702 */
3703 write_fast_connectable(req, false);
3704
7f0ae647
JH		 3705 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
3706 scan |= SCAN_PAGE;
3707 if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
3708 scan |= SCAN_INQUIRY;
3709
890ea898
JH		 3710 if (scan)
3711 hci_req_add(req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
7f0ae647
JH		 3712}
3713
229ab39c
JH		 3714static void powered_complete(struct hci_dev *hdev, u8 status)
3715{
3716 struct cmd_lookup match = { NULL, hdev };
3717
3718 BT_DBG("status 0x%02x", status);
3719
3720 hci_dev_lock(hdev);
3721
3722 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
3723
3724 new_settings(hdev, match.sk);
3725
3726 hci_dev_unlock(hdev);
3727
3728 if (match.sk)
3729 sock_put(match.sk);
3730}
3731
70da6243 3732static int powered_update_hci(struct hci_dev *hdev)
5add6af8 3733{
890ea898 3734 struct hci_request req;
70da6243 3735 u8 link_sec;
5add6af8 3736
890ea898
JH		 3737 hci_req_init(&req, hdev);
3738
70da6243
JH		 3739 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags) &&
3740 !lmp_host_ssp_capable(hdev)) {
3741 u8 ssp = 1;
5e5282bb 3742
890ea898 3743 hci_req_add(&req, HCI_OP_WRITE_SSP_MODE, 1, &ssp);
70da6243 3744 }
5add6af8 3745
c73eee91
JH		 3746 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags) &&
3747 lmp_bredr_capable(hdev)) {
70da6243 3748 struct hci_cp_write_le_host_supported cp;
f0ff92fb 3749
70da6243
JH		 3750 cp.le = 1;
3751 cp.simul = lmp_le_br_capable(hdev);
3d1cbdd6 3752
70da6243
JH		 3753 /* Check first if we already have the right
3754 * host state (host features set)
3755 */
3756 if (cp.le != lmp_host_le_capable(hdev) ||
3757 cp.simul != lmp_host_le_br_capable(hdev))
890ea898
JH		 3758 hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED,
3759 sizeof(cp), &cp);
0663ca2a
JH		 3760
3761 /* In case BR/EDR was toggled during the AUTO_OFF phase */
3762 hci_update_ad(&req);
70da6243 3763 }
3d1cbdd6 3764
eeca6f89
JH		 3765 if (test_bit(HCI_LE_PERIPHERAL, &hdev->dev_flags)) {
3766 u8 adv = 0x01;
3767
3768 hci_req_add(&req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(adv), &adv);
3769 }
3770
70da6243
JH		 3771 link_sec = test_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
3772 if (link_sec != test_bit(HCI_AUTH, &hdev->flags))
890ea898
JH		 3773 hci_req_add(&req, HCI_OP_WRITE_AUTH_ENABLE,
3774 sizeof(link_sec), &link_sec);
562fcc24 3775
70da6243 3776 if (lmp_bredr_capable(hdev)) {
56f87901
JH		 3777 if (test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
3778 set_bredr_scan(&req);
890ea898 3779 update_class(&req);
13928971 3780 update_name(&req);
890ea898 3781 update_eir(&req);
70da6243 3782 }
562fcc24 3783
229ab39c 3784 return hci_req_run(&req, powered_complete);
70da6243 3785}
562fcc24 3786
70da6243
JH		 3787int mgmt_powered(struct hci_dev *hdev, u8 powered)
3788{
3789 struct cmd_lookup match = { NULL, hdev };
229ab39c
JH		 3790 u8 status_not_powered = MGMT_STATUS_NOT_POWERED;
3791 u8 zero_cod[] = { 0, 0, 0 };
70da6243 3792 int err;
f0ff92fb 3793
70da6243
JH		 3794 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
3795 return 0;
3796
70da6243 3797 if (powered) {
229ab39c
JH		 3798 if (powered_update_hci(hdev) == 0)
3799 return 0;
fe038884 3800
229ab39c
JH		 3801 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp,
3802 &match);
3803 goto new_settings;
b24752fe
JH		 3804 }
3805
229ab39c
JH		 3806 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
3807 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status_not_powered);
3808
3809 if (memcmp(hdev->dev_class, zero_cod, sizeof(zero_cod)) != 0)
3810 mgmt_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev,
3811 zero_cod, sizeof(zero_cod), NULL);
3812
3813new_settings:
beadb2bd 3814 err = new_settings(hdev, match.sk);
eec8d2bc
JH		 3815
3816 if (match.sk)
3817 sock_put(match.sk);
3818
7bb895d6 3819 return err;
5add6af8 3820}
73f22f62 3821
96570ffc
JH		 3822int mgmt_set_powered_failed(struct hci_dev *hdev, int err)
3823{
3824 struct pending_cmd *cmd;
3825 u8 status;
3826
3827 cmd = mgmt_pending_find(MGMT_OP_SET_POWERED, hdev);
3828 if (!cmd)
3829 return -ENOENT;
3830
3831 if (err == -ERFKILL)
3832 status = MGMT_STATUS_RFKILLED;
3833 else
3834 status = MGMT_STATUS_FAILED;
3835
3836 err = cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_POWERED, status);
3837
3838 mgmt_pending_remove(cmd);
3839
3840 return err;
3841}
3842
744cf19e 3843int mgmt_discoverable(struct hci_dev *hdev, u8 discoverable)
73f22f62 3844{
76a7f3a4 3845 struct cmd_lookup match = { NULL, hdev };
5e5282bb
JH		 3846 bool changed = false;
3847 int err = 0;
73f22f62 3848
5e5282bb
JH		 3849 if (discoverable) {
3850 if (!test_and_set_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
3851 changed = true;
3852 } else {
3853 if (test_and_clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
3854 changed = true;
3855 }
73f22f62 3856
ed9b5f2f 3857 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, hdev, settings_rsp,
04124681 3858 &match);
ed9b5f2f 3859
beadb2bd
JH		 3860 if (changed)
3861 err = new_settings(hdev, match.sk);
5e5282bb 3862
73f22f62
JH		 3863 if (match.sk)
3864 sock_put(match.sk);
3865
7bb895d6 3866 return err;
73f22f62 3867}
9fbcbb45 3868
744cf19e 3869int mgmt_connectable(struct hci_dev *hdev, u8 connectable)
9fbcbb45 3870{
2b76f453 3871 struct pending_cmd *cmd;
5e5282bb
JH		 3872 bool changed = false;
3873 int err = 0;
9fbcbb45 3874
5e5282bb
JH		 3875 if (connectable) {
3876 if (!test_and_set_bit(HCI_CONNECTABLE, &hdev->dev_flags))
3877 changed = true;
3878 } else {
3879 if (test_and_clear_bit(HCI_CONNECTABLE, &hdev->dev_flags))
3880 changed = true;
3881 }
9fbcbb45 3882
2b76f453 3883 cmd = mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
ed9b5f2f 3884
beadb2bd 3885 if (changed)
2b76f453 3886 err = new_settings(hdev, cmd ? cmd->sk : NULL);
9fbcbb45 3887
7bb895d6 3888 return err;
9fbcbb45 3889}
55ed8ca1 3890
744cf19e 3891int mgmt_write_scan_failed(struct hci_dev *hdev, u8 scan, u8 status)
2d7cee58 3892{
ca69b795
JH		 3893 u8 mgmt_err = mgmt_status(status);
3894
2d7cee58 3895 if (scan & SCAN_PAGE)
744cf19e 3896 mgmt_pending_foreach(MGMT_OP_SET_CONNECTABLE, hdev,
04124681 3897 cmd_status_rsp, &mgmt_err);
2d7cee58
JH		 3898
3899 if (scan & SCAN_INQUIRY)
744cf19e 3900 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, hdev,
04124681 3901 cmd_status_rsp, &mgmt_err);
2d7cee58
JH		 3902
3903 return 0;
3904}
3905
53168e5b
CC		 3906int mgmt_new_link_key(struct hci_dev *hdev, struct link_key *key,
3907 bool persistent)
55ed8ca1 3908{
86742e1e 3909 struct mgmt_ev_new_link_key ev;
55ed8ca1 3910
a492cd52 3911 memset(&ev, 0, sizeof(ev));
55ed8ca1 3912
a492cd52 3913 ev.store_hint = persistent;
d753fdc4 3914 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
591f47f3 3915 ev.key.addr.type = BDADDR_BREDR;
a492cd52 3916 ev.key.type = key->type;
9b3b4460 3917 memcpy(ev.key.val, key->val, HCI_LINK_KEY_SIZE);
a492cd52 3918 ev.key.pin_len = key->pin_len;
55ed8ca1 3919
744cf19e 3920 return mgmt_event(MGMT_EV_NEW_LINK_KEY, hdev, &ev, sizeof(ev), NULL);
55ed8ca1 3921}
f7520543 3922
346af67b
VCG		 3923int mgmt_new_ltk(struct hci_dev *hdev, struct smp_ltk *key, u8 persistent)
3924{
3925 struct mgmt_ev_new_long_term_key ev;
3926
3927 memset(&ev, 0, sizeof(ev));
3928
3929 ev.store_hint = persistent;
3930 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
57c1477c 3931 ev.key.addr.type = link_to_bdaddr(LE_LINK, key->bdaddr_type);
346af67b
VCG		 3932 ev.key.authenticated = key->authenticated;
3933 ev.key.enc_size = key->enc_size;
3934 ev.key.ediv = key->ediv;
3935
3936 if (key->type == HCI_SMP_LTK)
3937 ev.key.master = 1;
3938
3939 memcpy(ev.key.rand, key->rand, sizeof(key->rand));
3940 memcpy(ev.key.val, key->val, sizeof(key->val));
3941
04124681
GP		 3942 return mgmt_event(MGMT_EV_NEW_LONG_TERM_KEY, hdev, &ev, sizeof(ev),
3943 NULL);
346af67b
VCG		 3944}
3945
afc747a6 3946int mgmt_device_connected(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
04124681
GP		 3947 u8 addr_type, u32 flags, u8 *name, u8 name_len,
3948 u8 *dev_class)
f7520543 3949{
b644ba33
JH		 3950 char buf[512];
3951 struct mgmt_ev_device_connected *ev = (void *) buf;
3952 u16 eir_len = 0;
f7520543 3953
b644ba33 3954 bacpy(&ev->addr.bdaddr, bdaddr);
57c1477c 3955 ev->addr.type = link_to_bdaddr(link_type, addr_type);
f7520543 3956
c95f0ba7 3957 ev->flags = __cpu_to_le32(flags);
08c79b61 3958
b644ba33
JH		 3959 if (name_len > 0)
3960 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE,
04124681 3961 name, name_len);
b644ba33
JH		 3962
3963 if (dev_class && memcmp(dev_class, "\0\0\0", 3) != 0)
53156385 3964 eir_len = eir_append_data(ev->eir, eir_len,
04124681 3965 EIR_CLASS_OF_DEV, dev_class, 3);
b644ba33 3966
eb55ef07 3967 ev->eir_len = cpu_to_le16(eir_len);
b644ba33
JH		 3968
3969 return mgmt_event(MGMT_EV_DEVICE_CONNECTED, hdev, buf,
04124681 3970 sizeof(*ev) + eir_len, NULL);
f7520543
JH		 3971}
3972
8962ee74
JH		 3973static void disconnect_rsp(struct pending_cmd *cmd, void *data)
3974{
c68fb7ff 3975 struct mgmt_cp_disconnect *cp = cmd->param;
8962ee74 3976 struct sock **sk = data;
a38528f1 3977 struct mgmt_rp_disconnect rp;
8962ee74 3978
88c3df13
JH		 3979 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
3980 rp.addr.type = cp->addr.type;
8962ee74 3981
aee9b218 3982 cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT, 0, &rp,
04124681 3983 sizeof(rp));
8962ee74
JH		 3984
3985 *sk = cmd->sk;
3986 sock_hold(*sk);
3987
a664b5bc 3988 mgmt_pending_remove(cmd);
8962ee74
JH		 3989}
3990
124f6e35 3991static void unpair_device_rsp(struct pending_cmd *cmd, void *data)
a8a1d19e 3992{
b1078ad0 3993 struct hci_dev *hdev = data;
124f6e35
JH		 3994 struct mgmt_cp_unpair_device *cp = cmd->param;
3995 struct mgmt_rp_unpair_device rp;
a8a1d19e
JH		 3996
3997 memset(&rp, 0, sizeof(rp));
124f6e35
JH		 3998 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
3999 rp.addr.type = cp->addr.type;
a8a1d19e 4000
b1078ad0
JH		 4001 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, cmd->sk);
4002
aee9b218 4003 cmd_complete(cmd->sk, cmd->index, cmd->opcode, 0, &rp, sizeof(rp));
a8a1d19e
JH		 4004
4005 mgmt_pending_remove(cmd);
4006}
4007
afc747a6 4008int mgmt_device_disconnected(struct hci_dev *hdev, bdaddr_t *bdaddr,
f0d6a0ea 4009 u8 link_type, u8 addr_type, u8 reason)
f7520543 4010{
f0d6a0ea 4011 struct mgmt_ev_device_disconnected ev;
8962ee74
JH		 4012 struct sock *sk = NULL;
4013 int err;
4014
744cf19e 4015 mgmt_pending_foreach(MGMT_OP_DISCONNECT, hdev, disconnect_rsp, &sk);
f7520543 4016
f0d6a0ea
MA		 4017 bacpy(&ev.addr.bdaddr, bdaddr);
4018 ev.addr.type = link_to_bdaddr(link_type, addr_type);
4019 ev.reason = reason;
f7520543 4020
afc747a6 4021 err = mgmt_event(MGMT_EV_DEVICE_DISCONNECTED, hdev, &ev, sizeof(ev),
04124681 4022 sk);
8962ee74
JH		 4023
4024 if (sk)
d97dcb66 4025 sock_put(sk);
8962ee74 4026
124f6e35 4027 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
04124681 4028 hdev);
a8a1d19e 4029
8962ee74
JH		 4030 return err;
4031}
4032
88c3df13 4033int mgmt_disconnect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 4034 u8 link_type, u8 addr_type, u8 status)
8962ee74 4035{
88c3df13 4036 struct mgmt_rp_disconnect rp;
8962ee74
JH		 4037 struct pending_cmd *cmd;
4038 int err;
4039
36a75f1b
JD		 4040 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
4041 hdev);
4042
2e58ef3e 4043 cmd = mgmt_pending_find(MGMT_OP_DISCONNECT, hdev);
8962ee74
JH		 4044 if (!cmd)
4045 return -ENOENT;
4046
88c3df13 4047 bacpy(&rp.addr.bdaddr, bdaddr);
57c1477c 4048 rp.addr.type = link_to_bdaddr(link_type, addr_type);
37d9ef76 4049
88c3df13 4050 err = cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT,
04124681 4051 mgmt_status(status), &rp, sizeof(rp));
8962ee74 4052
a664b5bc 4053 mgmt_pending_remove(cmd);
8962ee74
JH		 4054
4055 return err;
f7520543 4056}
17d5c04c 4057
48264f06 4058int mgmt_connect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
04124681 4059 u8 addr_type, u8 status)
17d5c04c
JH		 4060{
4061 struct mgmt_ev_connect_failed ev;
4062
4c659c39 4063 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 4064 ev.addr.type = link_to_bdaddr(link_type, addr_type);
ca69b795 4065 ev.status = mgmt_status(status);
17d5c04c 4066
744cf19e 4067 return mgmt_event(MGMT_EV_CONNECT_FAILED, hdev, &ev, sizeof(ev), NULL);
17d5c04c 4068}
980e1a53 4069
744cf19e 4070int mgmt_pin_code_request(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 secure)
980e1a53
JH		 4071{
4072 struct mgmt_ev_pin_code_request ev;
4073
d8457698 4074 bacpy(&ev.addr.bdaddr, bdaddr);
591f47f3 4075 ev.addr.type = BDADDR_BREDR;
a770bb5a 4076 ev.secure = secure;
980e1a53 4077
744cf19e 4078 return mgmt_event(MGMT_EV_PIN_CODE_REQUEST, hdev, &ev, sizeof(ev),
04124681 4079 NULL);
980e1a53
JH		 4080}
4081
744cf19e 4082int mgmt_pin_code_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 4083 u8 status)
980e1a53
JH		 4084{
4085 struct pending_cmd *cmd;
ac56fb13 4086 struct mgmt_rp_pin_code_reply rp;
980e1a53
JH		 4087 int err;
4088
2e58ef3e 4089 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_REPLY, hdev);
980e1a53
JH		 4090 if (!cmd)
4091 return -ENOENT;
4092
d8457698 4093 bacpy(&rp.addr.bdaddr, bdaddr);
591f47f3 4094 rp.addr.type = BDADDR_BREDR;
ac56fb13 4095
aee9b218 4096 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
04124681 4097 mgmt_status(status), &rp, sizeof(rp));
980e1a53 4098
a664b5bc 4099 mgmt_pending_remove(cmd);
980e1a53
JH		 4100
4101 return err;
4102}
4103
744cf19e 4104int mgmt_pin_code_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 4105 u8 status)
980e1a53
JH		 4106{
4107 struct pending_cmd *cmd;
ac56fb13 4108 struct mgmt_rp_pin_code_reply rp;
980e1a53
JH		 4109 int err;
4110
2e58ef3e 4111 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_NEG_REPLY, hdev);
980e1a53
JH		 4112 if (!cmd)
4113 return -ENOENT;
4114
d8457698 4115 bacpy(&rp.addr.bdaddr, bdaddr);
591f47f3 4116 rp.addr.type = BDADDR_BREDR;
ac56fb13 4117
aee9b218 4118 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_NEG_REPLY,
04124681 4119 mgmt_status(status), &rp, sizeof(rp));
980e1a53 4120
a664b5bc 4121 mgmt_pending_remove(cmd);
980e1a53
JH		 4122
4123 return err;
4124}
a5c29683 4125
744cf19e 4126int mgmt_user_confirm_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681
GP		 4127 u8 link_type, u8 addr_type, __le32 value,
4128 u8 confirm_hint)
a5c29683
JH		 4129{
4130 struct mgmt_ev_user_confirm_request ev;
4131
744cf19e 4132 BT_DBG("%s", hdev->name);
a5c29683 4133
272d90df 4134 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 4135 ev.addr.type = link_to_bdaddr(link_type, addr_type);
55bc1a37 4136 ev.confirm_hint = confirm_hint;
78e8098e 4137 ev.value = value;
a5c29683 4138
744cf19e 4139 return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST, hdev, &ev, sizeof(ev),
04124681 4140 NULL);
a5c29683
JH		 4141}
4142
272d90df 4143int mgmt_user_passkey_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
8ce8e2b5 4144 u8 link_type, u8 addr_type)
604086b7
BG		 4145{
4146 struct mgmt_ev_user_passkey_request ev;
4147
4148 BT_DBG("%s", hdev->name);
4149
272d90df 4150 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 4151 ev.addr.type = link_to_bdaddr(link_type, addr_type);
604086b7
BG		 4152
4153 return mgmt_event(MGMT_EV_USER_PASSKEY_REQUEST, hdev, &ev, sizeof(ev),
04124681 4154 NULL);
604086b7
BG		 4155}
4156
0df4c185 4157static int user_pairing_resp_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
8ce8e2b5
GP		 4158 u8 link_type, u8 addr_type, u8 status,
4159 u8 opcode)
a5c29683
JH		 4160{
4161 struct pending_cmd *cmd;
4162 struct mgmt_rp_user_confirm_reply rp;
4163 int err;
4164
2e58ef3e 4165 cmd = mgmt_pending_find(opcode, hdev);
a5c29683
JH		 4166 if (!cmd)
4167 return -ENOENT;
4168
272d90df 4169 bacpy(&rp.addr.bdaddr, bdaddr);
57c1477c 4170 rp.addr.type = link_to_bdaddr(link_type, addr_type);
aee9b218 4171 err = cmd_complete(cmd->sk, hdev->id, opcode, mgmt_status(status),
04124681 4172 &rp, sizeof(rp));
a5c29683 4173
a664b5bc 4174 mgmt_pending_remove(cmd);
a5c29683
JH		 4175
4176 return err;
4177}
4178
744cf19e 4179int mgmt_user_confirm_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 4180 u8 link_type, u8 addr_type, u8 status)
a5c29683 4181{
272d90df 4182 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
04124681 4183 status, MGMT_OP_USER_CONFIRM_REPLY);
a5c29683
JH		 4184}
4185
272d90df 4186int mgmt_user_confirm_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 4187 u8 link_type, u8 addr_type, u8 status)
a5c29683 4188{
272d90df 4189 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
8fc9ced3
GP		 4190 status,
4191 MGMT_OP_USER_CONFIRM_NEG_REPLY);
a5c29683 4192}
2a611692 4193
604086b7 4194int mgmt_user_passkey_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 4195 u8 link_type, u8 addr_type, u8 status)
604086b7 4196{
272d90df 4197 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
04124681 4198 status, MGMT_OP_USER_PASSKEY_REPLY);
604086b7
BG		 4199}
4200
272d90df 4201int mgmt_user_passkey_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 4202 u8 link_type, u8 addr_type, u8 status)
604086b7 4203{
272d90df 4204 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
8fc9ced3
GP		 4205 status,
4206 MGMT_OP_USER_PASSKEY_NEG_REPLY);
604086b7
BG		 4207}
4208
92a25256
JH		 4209int mgmt_user_passkey_notify(struct hci_dev *hdev, bdaddr_t *bdaddr,
4210 u8 link_type, u8 addr_type, u32 passkey,
4211 u8 entered)
4212{
4213 struct mgmt_ev_passkey_notify ev;
4214
4215 BT_DBG("%s", hdev->name);
4216
4217 bacpy(&ev.addr.bdaddr, bdaddr);
4218 ev.addr.type = link_to_bdaddr(link_type, addr_type);
4219 ev.passkey = __cpu_to_le32(passkey);
4220 ev.entered = entered;
4221
4222 return mgmt_event(MGMT_EV_PASSKEY_NOTIFY, hdev, &ev, sizeof(ev), NULL);
4223}
4224
bab73cb6 4225int mgmt_auth_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
04124681 4226 u8 addr_type, u8 status)
2a611692
JH		 4227{
4228 struct mgmt_ev_auth_failed ev;
4229
bab73cb6 4230 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 4231 ev.addr.type = link_to_bdaddr(link_type, addr_type);
ca69b795 4232 ev.status = mgmt_status(status);
2a611692 4233
744cf19e 4234 return mgmt_event(MGMT_EV_AUTH_FAILED, hdev, &ev, sizeof(ev), NULL);
2a611692 4235}
b312b161 4236
33ef95ed
JH		 4237int mgmt_auth_enable_complete(struct hci_dev *hdev, u8 status)
4238{
4239 struct cmd_lookup match = { NULL, hdev };
47990ea0
JH		 4240 bool changed = false;
4241 int err = 0;
33ef95ed
JH		 4242
4243 if (status) {
4244 u8 mgmt_err = mgmt_status(status);
4245 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev,
04124681 4246 cmd_status_rsp, &mgmt_err);
33ef95ed
JH		 4247 return 0;
4248 }
4249
47990ea0
JH		 4250 if (test_bit(HCI_AUTH, &hdev->flags)) {
4251 if (!test_and_set_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
4252 changed = true;
4253 } else {
4254 if (test_and_clear_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
4255 changed = true;
4256 }
4257
33ef95ed 4258 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev, settings_rsp,
04124681 4259 &match);
33ef95ed 4260
47990ea0
JH		 4261 if (changed)
4262 err = new_settings(hdev, match.sk);
33ef95ed
JH		 4263
4264 if (match.sk)
4265 sock_put(match.sk);
4266
4267 return err;
4268}
4269
890ea898 4270static void clear_eir(struct hci_request *req)
cacaf52f 4271{
890ea898 4272 struct hci_dev *hdev = req->hdev;
cacaf52f
JH		 4273 struct hci_cp_write_eir cp;
4274
976eb20e 4275 if (!lmp_ext_inq_capable(hdev))
890ea898 4276 return;
cacaf52f 4277
c80da27e
JH		 4278 memset(hdev->eir, 0, sizeof(hdev->eir));
4279
cacaf52f
JH		 4280 memset(&cp, 0, sizeof(cp));
4281
890ea898 4282 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
cacaf52f
JH		 4283}
4284
c0ecddc2 4285int mgmt_ssp_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
ed2c4ee3
JH		 4286{
4287 struct cmd_lookup match = { NULL, hdev };
890ea898 4288 struct hci_request req;
c0ecddc2
JH		 4289 bool changed = false;
4290 int err = 0;
ed2c4ee3
JH		 4291
4292 if (status) {
4293 u8 mgmt_err = mgmt_status(status);
c0ecddc2
JH		 4294
4295 if (enable && test_and_clear_bit(HCI_SSP_ENABLED,
04124681 4296 &hdev->dev_flags))
c0ecddc2
JH		 4297 err = new_settings(hdev, NULL);
4298
04124681
GP		 4299 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, cmd_status_rsp,
4300 &mgmt_err);
c0ecddc2
JH		 4301
4302 return err;
4303 }
4304
4305 if (enable) {
4306 if (!test_and_set_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
4307 changed = true;
4308 } else {
4309 if (test_and_clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
4310 changed = true;
ed2c4ee3
JH		 4311 }
4312
4313 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, settings_rsp, &match);
4314
c0ecddc2
JH		 4315 if (changed)
4316 err = new_settings(hdev, match.sk);
ed2c4ee3 4317
5fc6ebb1 4318 if (match.sk)
ed2c4ee3
JH		 4319 sock_put(match.sk);
4320
890ea898
JH		 4321 hci_req_init(&req, hdev);
4322
5fc6ebb1 4323 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
890ea898 4324 update_eir(&req);
5fc6ebb1 4325 else
890ea898
JH		 4326 clear_eir(&req);
4327
4328 hci_req_run(&req, NULL);
cacaf52f 4329
ed2c4ee3
JH		 4330 return err;
4331}
4332
92da6097 4333static void sk_lookup(struct pending_cmd *cmd, void *data)
90e70454
JH		 4334{
4335 struct cmd_lookup *match = data;
4336
90e70454
JH		 4337 if (match->sk == NULL) {
4338 match->sk = cmd->sk;
4339 sock_hold(match->sk);
4340 }
90e70454
JH		 4341}
4342
7f9a903c 4343int mgmt_set_class_of_dev_complete(struct hci_dev *hdev, u8 *dev_class,
04124681 4344 u8 status)
7f9a903c 4345{
90e70454
JH		 4346 struct cmd_lookup match = { NULL, hdev, mgmt_status(status) };
4347 int err = 0;
7f9a903c 4348
92da6097
JH		 4349 mgmt_pending_foreach(MGMT_OP_SET_DEV_CLASS, hdev, sk_lookup, &match);
4350 mgmt_pending_foreach(MGMT_OP_ADD_UUID, hdev, sk_lookup, &match);
4351 mgmt_pending_foreach(MGMT_OP_REMOVE_UUID, hdev, sk_lookup, &match);
90e70454
JH		 4352
4353 if (!status)
04124681
GP		 4354 err = mgmt_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev, dev_class,
4355 3, NULL);
90e70454
JH		 4356
4357 if (match.sk)
4358 sock_put(match.sk);
7f9a903c
MH		 4359
4360 return err;
4361}
4362
744cf19e 4363int mgmt_set_local_name_complete(struct hci_dev *hdev, u8 *name, u8 status)
b312b161 4364{
b312b161 4365 struct mgmt_cp_set_local_name ev;
13928971 4366 struct pending_cmd *cmd;
28cc7bde 4367
13928971
JH		 4368 if (status)
4369 return 0;
b312b161
JH		 4370
4371 memset(&ev, 0, sizeof(ev));
4372 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH);
28cc7bde 4373 memcpy(ev.short_name, hdev->short_name, HCI_MAX_SHORT_NAME_LENGTH);
b312b161 4374
2e58ef3e 4375 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
13928971
JH		 4376 if (!cmd) {
4377 memcpy(hdev->dev_name, name, sizeof(hdev->dev_name));
28cc7bde 4378
13928971
JH		 4379 /* If this is a HCI command related to powering on the
4380 * HCI dev don't send any mgmt signals.
4381 */
4382 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev))
4383 return 0;
890ea898 4384 }
b312b161 4385
13928971
JH		 4386 return mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, &ev, sizeof(ev),
4387 cmd ? cmd->sk : NULL);
b312b161 4388}
c35938b2 4389
744cf19e 4390int mgmt_read_local_oob_data_reply_complete(struct hci_dev *hdev, u8 *hash,
04124681 4391 u8 *randomizer, u8 status)
c35938b2
SJ		 4392{
4393 struct pending_cmd *cmd;
4394 int err;
4395
744cf19e 4396 BT_DBG("%s status %u", hdev->name, status);
c35938b2 4397
2e58ef3e 4398 cmd = mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev);
c35938b2
SJ		 4399 if (!cmd)
4400 return -ENOENT;
4401
4402 if (status) {
04124681
GP		 4403 err = cmd_status(cmd->sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
4404 mgmt_status(status));
c35938b2
SJ		 4405 } else {
4406 struct mgmt_rp_read_local_oob_data rp;
4407
4408 memcpy(rp.hash, hash, sizeof(rp.hash));
4409 memcpy(rp.randomizer, randomizer, sizeof(rp.randomizer));
4410
744cf19e 4411 err = cmd_complete(cmd->sk, hdev->id,
04124681
GP		 4412 MGMT_OP_READ_LOCAL_OOB_DATA, 0, &rp,
4413 sizeof(rp));
c35938b2
SJ		 4414 }
4415
4416 mgmt_pending_remove(cmd);
4417
4418 return err;
4419}
e17acd40 4420
48264f06 4421int mgmt_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
04124681
GP		 4422 u8 addr_type, u8 *dev_class, s8 rssi, u8 cfm_name, u8
4423 ssp, u8 *eir, u16 eir_len)
e17acd40 4424{
e319d2e7
JH		 4425 char buf[512];
4426 struct mgmt_ev_device_found *ev = (void *) buf;
1dc06093 4427 size_t ev_size;
e17acd40 4428
12602d0c
AG		 4429 if (!hci_discovery_active(hdev))
4430 return -EPERM;
4431
1dc06093
JH		 4432 /* Leave 5 bytes for a potential CoD field */
4433 if (sizeof(*ev) + eir_len + 5 > sizeof(buf))
7d262f86
AG		 4434 return -EINVAL;
4435
1dc06093
JH		 4436 memset(buf, 0, sizeof(buf));
4437
e319d2e7 4438 bacpy(&ev->addr.bdaddr, bdaddr);
57c1477c 4439 ev->addr.type = link_to_bdaddr(link_type, addr_type);
e319d2e7 4440 ev->rssi = rssi;
9a395a80 4441 if (cfm_name)
612dfce9 4442 ev->flags |= __constant_cpu_to_le32(MGMT_DEV_FOUND_CONFIRM_NAME);
388fc8fa 4443 if (!ssp)
612dfce9 4444 ev->flags |= __constant_cpu_to_le32(MGMT_DEV_FOUND_LEGACY_PAIRING);
e17acd40 4445
1dc06093 4446 if (eir_len > 0)
e319d2e7 4447 memcpy(ev->eir, eir, eir_len);
e17acd40 4448
1dc06093
JH		 4449 if (dev_class && !eir_has_data_type(ev->eir, eir_len, EIR_CLASS_OF_DEV))
4450 eir_len = eir_append_data(ev->eir, eir_len, EIR_CLASS_OF_DEV,
04124681 4451 dev_class, 3);
1dc06093 4452
eb55ef07 4453 ev->eir_len = cpu_to_le16(eir_len);
1dc06093 4454 ev_size = sizeof(*ev) + eir_len;
f8523598 4455
e319d2e7 4456 return mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, ev_size, NULL);
e17acd40 4457}
a88a9652 4458
b644ba33 4459int mgmt_remote_name(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
04124681 4460 u8 addr_type, s8 rssi, u8 *name, u8 name_len)
a88a9652 4461{
b644ba33
JH		 4462 struct mgmt_ev_device_found *ev;
4463 char buf[sizeof(*ev) + HCI_MAX_NAME_LENGTH + 2];
4464 u16 eir_len;
a88a9652 4465
b644ba33 4466 ev = (struct mgmt_ev_device_found *) buf;
a88a9652 4467
b644ba33
JH		 4468 memset(buf, 0, sizeof(buf));
4469
4470 bacpy(&ev->addr.bdaddr, bdaddr);
57c1477c 4471 ev->addr.type = link_to_bdaddr(link_type, addr_type);
b644ba33
JH		 4472 ev->rssi = rssi;
4473
4474 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE, name,
04124681 4475 name_len);
b644ba33 4476
eb55ef07 4477 ev->eir_len = cpu_to_le16(eir_len);
a88a9652 4478
053c7e0c 4479 return mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev,
04124681 4480 sizeof(*ev) + eir_len, NULL);
a88a9652 4481}
314b2381 4482
744cf19e 4483int mgmt_discovering(struct hci_dev *hdev, u8 discovering)
314b2381 4484{
f963e8e9 4485 struct mgmt_ev_discovering ev;
164a6e78
JH		 4486 struct pending_cmd *cmd;
4487
343fb145
AG		 4488 BT_DBG("%s discovering %u", hdev->name, discovering);
4489
164a6e78 4490 if (discovering)
2e58ef3e 4491 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
164a6e78 4492 else
2e58ef3e 4493 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
164a6e78
JH		 4494
4495 if (cmd != NULL) {
f808e166
JH		 4496 u8 type = hdev->discovery.type;
4497
04124681
GP		 4498 cmd_complete(cmd->sk, hdev->id, cmd->opcode, 0, &type,
4499 sizeof(type));
164a6e78
JH		 4500 mgmt_pending_remove(cmd);
4501 }
4502
f963e8e9
JH		 4503 memset(&ev, 0, sizeof(ev));
4504 ev.type = hdev->discovery.type;
4505 ev.discovering = discovering;
4506
4507 return mgmt_event(MGMT_EV_DISCOVERING, hdev, &ev, sizeof(ev), NULL);
314b2381 4508}
5e762444 4509
88c1fe4b 4510int mgmt_device_blocked(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
5e762444
AJ		 4511{
4512 struct pending_cmd *cmd;
4513 struct mgmt_ev_device_blocked ev;
4514
2e58ef3e 4515 cmd = mgmt_pending_find(MGMT_OP_BLOCK_DEVICE, hdev);
5e762444 4516
88c1fe4b
JH		 4517 bacpy(&ev.addr.bdaddr, bdaddr);
4518 ev.addr.type = type;
5e762444 4519
744cf19e 4520 return mgmt_event(MGMT_EV_DEVICE_BLOCKED, hdev, &ev, sizeof(ev),
04124681 4521 cmd ? cmd->sk : NULL);
5e762444
AJ		 4522}
4523
88c1fe4b 4524int mgmt_device_unblocked(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
5e762444
AJ		 4525{
4526 struct pending_cmd *cmd;
4527 struct mgmt_ev_device_unblocked ev;
4528
2e58ef3e 4529 cmd = mgmt_pending_find(MGMT_OP_UNBLOCK_DEVICE, hdev);
5e762444 4530
88c1fe4b
JH		 4531 bacpy(&ev.addr.bdaddr, bdaddr);
4532 ev.addr.type = type;
5e762444 4533
744cf19e 4534 return mgmt_event(MGMT_EV_DEVICE_UNBLOCKED, hdev, &ev, sizeof(ev),
04124681 4535 cmd ? cmd->sk : NULL);
5e762444 4536}
Linux kernel - Deliverables
This page took 0.619978 seconds and 5 git commands to generate.