projects / deliverable / linux.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Bluetooth: Replace BDADDR_LOCAL with BDADDR_NONE
[deliverable/linux.git] / net / bluetooth / mgmt.c
CommitLineData
0381101f
JH		 1/*
2 BlueZ - Bluetooth protocol stack for Linux
ea585ab5 3
0381101f 4 Copyright (C) 2010 Nokia Corporation
ea585ab5 5 Copyright (C) 2011-2012 Intel Corporation
0381101f
JH		 6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
10
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
23*/
24
25/* Bluetooth HCI Management interface */
26
3a9a231d 27#include <linux/module.h>
0381101f
JH		 28#include <asm/unaligned.h>
29
30#include <net/bluetooth/bluetooth.h>
31#include <net/bluetooth/hci_core.h>
32#include <net/bluetooth/mgmt.h>
5fe57d9e 33#include <net/bluetooth/smp.h>
0381101f 34
d7b7e796 35bool enable_hs;
d7b7e796 36
2da9c55c 37#define MGMT_VERSION 1
3810285c 38#define MGMT_REVISION 3
02d98129 39
e70bb2e8
JH		 40static const u16 mgmt_commands[] = {
41 MGMT_OP_READ_INDEX_LIST,
42 MGMT_OP_READ_INFO,
43 MGMT_OP_SET_POWERED,
44 MGMT_OP_SET_DISCOVERABLE,
45 MGMT_OP_SET_CONNECTABLE,
46 MGMT_OP_SET_FAST_CONNECTABLE,
47 MGMT_OP_SET_PAIRABLE,
48 MGMT_OP_SET_LINK_SECURITY,
49 MGMT_OP_SET_SSP,
50 MGMT_OP_SET_HS,
51 MGMT_OP_SET_LE,
52 MGMT_OP_SET_DEV_CLASS,
53 MGMT_OP_SET_LOCAL_NAME,
54 MGMT_OP_ADD_UUID,
55 MGMT_OP_REMOVE_UUID,
56 MGMT_OP_LOAD_LINK_KEYS,
57 MGMT_OP_LOAD_LONG_TERM_KEYS,
58 MGMT_OP_DISCONNECT,
59 MGMT_OP_GET_CONNECTIONS,
60 MGMT_OP_PIN_CODE_REPLY,
61 MGMT_OP_PIN_CODE_NEG_REPLY,
62 MGMT_OP_SET_IO_CAPABILITY,
63 MGMT_OP_PAIR_DEVICE,
64 MGMT_OP_CANCEL_PAIR_DEVICE,
65 MGMT_OP_UNPAIR_DEVICE,
66 MGMT_OP_USER_CONFIRM_REPLY,
67 MGMT_OP_USER_CONFIRM_NEG_REPLY,
68 MGMT_OP_USER_PASSKEY_REPLY,
69 MGMT_OP_USER_PASSKEY_NEG_REPLY,
70 MGMT_OP_READ_LOCAL_OOB_DATA,
71 MGMT_OP_ADD_REMOTE_OOB_DATA,
72 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
73 MGMT_OP_START_DISCOVERY,
74 MGMT_OP_STOP_DISCOVERY,
75 MGMT_OP_CONFIRM_NAME,
76 MGMT_OP_BLOCK_DEVICE,
77 MGMT_OP_UNBLOCK_DEVICE,
cdbaccca 78 MGMT_OP_SET_DEVICE_ID,
4375f103 79 MGMT_OP_SET_ADVERTISING,
e70bb2e8
JH		 80};
81
82static const u16 mgmt_events[] = {
83 MGMT_EV_CONTROLLER_ERROR,
84 MGMT_EV_INDEX_ADDED,
85 MGMT_EV_INDEX_REMOVED,
86 MGMT_EV_NEW_SETTINGS,
87 MGMT_EV_CLASS_OF_DEV_CHANGED,
88 MGMT_EV_LOCAL_NAME_CHANGED,
89 MGMT_EV_NEW_LINK_KEY,
90 MGMT_EV_NEW_LONG_TERM_KEY,
91 MGMT_EV_DEVICE_CONNECTED,
92 MGMT_EV_DEVICE_DISCONNECTED,
93 MGMT_EV_CONNECT_FAILED,
94 MGMT_EV_PIN_CODE_REQUEST,
95 MGMT_EV_USER_CONFIRM_REQUEST,
96 MGMT_EV_USER_PASSKEY_REQUEST,
97 MGMT_EV_AUTH_FAILED,
98 MGMT_EV_DEVICE_FOUND,
99 MGMT_EV_DISCOVERING,
100 MGMT_EV_DEVICE_BLOCKED,
101 MGMT_EV_DEVICE_UNBLOCKED,
102 MGMT_EV_DEVICE_UNPAIRED,
92a25256 103 MGMT_EV_PASSKEY_NOTIFY,
e70bb2e8
JH		 104};
105
17b02e62 106#define CACHE_TIMEOUT msecs_to_jiffies(2 * 1000)
7d78525d 107
4b34ee78
JH		 108#define hdev_is_powered(hdev) (test_bit(HCI_UP, &hdev->flags) && \
109 !test_bit(HCI_AUTO_OFF, &hdev->dev_flags))
110
eec8d2bc
JH		 111struct pending_cmd {
112 struct list_head list;
fc2f4b13 113 u16 opcode;
eec8d2bc 114 int index;
c68fb7ff 115 void *param;
eec8d2bc 116 struct sock *sk;
e9a416b5 117 void *user_data;
eec8d2bc
JH		 118};
119
ca69b795
JH		 120/* HCI to MGMT error code conversion table */
121static u8 mgmt_status_table[] = {
122 MGMT_STATUS_SUCCESS,
123 MGMT_STATUS_UNKNOWN_COMMAND, /* Unknown Command */
124 MGMT_STATUS_NOT_CONNECTED, /* No Connection */
125 MGMT_STATUS_FAILED, /* Hardware Failure */
126 MGMT_STATUS_CONNECT_FAILED, /* Page Timeout */
127 MGMT_STATUS_AUTH_FAILED, /* Authentication Failed */
128 MGMT_STATUS_NOT_PAIRED, /* PIN or Key Missing */
129 MGMT_STATUS_NO_RESOURCES, /* Memory Full */
130 MGMT_STATUS_TIMEOUT, /* Connection Timeout */
131 MGMT_STATUS_NO_RESOURCES, /* Max Number of Connections */
132 MGMT_STATUS_NO_RESOURCES, /* Max Number of SCO Connections */
133 MGMT_STATUS_ALREADY_CONNECTED, /* ACL Connection Exists */
134 MGMT_STATUS_BUSY, /* Command Disallowed */
135 MGMT_STATUS_NO_RESOURCES, /* Rejected Limited Resources */
136 MGMT_STATUS_REJECTED, /* Rejected Security */
137 MGMT_STATUS_REJECTED, /* Rejected Personal */
138 MGMT_STATUS_TIMEOUT, /* Host Timeout */
139 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Feature */
140 MGMT_STATUS_INVALID_PARAMS, /* Invalid Parameters */
141 MGMT_STATUS_DISCONNECTED, /* OE User Ended Connection */
142 MGMT_STATUS_NO_RESOURCES, /* OE Low Resources */
143 MGMT_STATUS_DISCONNECTED, /* OE Power Off */
144 MGMT_STATUS_DISCONNECTED, /* Connection Terminated */
145 MGMT_STATUS_BUSY, /* Repeated Attempts */
146 MGMT_STATUS_REJECTED, /* Pairing Not Allowed */
147 MGMT_STATUS_FAILED, /* Unknown LMP PDU */
148 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Remote Feature */
149 MGMT_STATUS_REJECTED, /* SCO Offset Rejected */
150 MGMT_STATUS_REJECTED, /* SCO Interval Rejected */
151 MGMT_STATUS_REJECTED, /* Air Mode Rejected */
152 MGMT_STATUS_INVALID_PARAMS, /* Invalid LMP Parameters */
153 MGMT_STATUS_FAILED, /* Unspecified Error */
154 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported LMP Parameter Value */
155 MGMT_STATUS_FAILED, /* Role Change Not Allowed */
156 MGMT_STATUS_TIMEOUT, /* LMP Response Timeout */
157 MGMT_STATUS_FAILED, /* LMP Error Transaction Collision */
158 MGMT_STATUS_FAILED, /* LMP PDU Not Allowed */
159 MGMT_STATUS_REJECTED, /* Encryption Mode Not Accepted */
160 MGMT_STATUS_FAILED, /* Unit Link Key Used */
161 MGMT_STATUS_NOT_SUPPORTED, /* QoS Not Supported */
162 MGMT_STATUS_TIMEOUT, /* Instant Passed */
163 MGMT_STATUS_NOT_SUPPORTED, /* Pairing Not Supported */
164 MGMT_STATUS_FAILED, /* Transaction Collision */
165 MGMT_STATUS_INVALID_PARAMS, /* Unacceptable Parameter */
166 MGMT_STATUS_REJECTED, /* QoS Rejected */
167 MGMT_STATUS_NOT_SUPPORTED, /* Classification Not Supported */
168 MGMT_STATUS_REJECTED, /* Insufficient Security */
169 MGMT_STATUS_INVALID_PARAMS, /* Parameter Out Of Range */
170 MGMT_STATUS_BUSY, /* Role Switch Pending */
171 MGMT_STATUS_FAILED, /* Slot Violation */
172 MGMT_STATUS_FAILED, /* Role Switch Failed */
173 MGMT_STATUS_INVALID_PARAMS, /* EIR Too Large */
174 MGMT_STATUS_NOT_SUPPORTED, /* Simple Pairing Not Supported */
175 MGMT_STATUS_BUSY, /* Host Busy Pairing */
176 MGMT_STATUS_REJECTED, /* Rejected, No Suitable Channel */
177 MGMT_STATUS_BUSY, /* Controller Busy */
178 MGMT_STATUS_INVALID_PARAMS, /* Unsuitable Connection Interval */
179 MGMT_STATUS_TIMEOUT, /* Directed Advertising Timeout */
180 MGMT_STATUS_AUTH_FAILED, /* Terminated Due to MIC Failure */
181 MGMT_STATUS_CONNECT_FAILED, /* Connection Establishment Failed */
182 MGMT_STATUS_CONNECT_FAILED, /* MAC Connection Failed */
183};
184
bb4b2a9a
AE		 185bool mgmt_valid_hdev(struct hci_dev *hdev)
186{
187 return hdev->dev_type == HCI_BREDR;
188}
189
ca69b795
JH		 190static u8 mgmt_status(u8 hci_status)
191{
192 if (hci_status < ARRAY_SIZE(mgmt_status_table))
193 return mgmt_status_table[hci_status];
194
195 return MGMT_STATUS_FAILED;
196}
197
4e51eae9 198static int cmd_status(struct sock *sk, u16 index, u16 cmd, u8 status)
f7b64e69
JH		 199{
200 struct sk_buff *skb;
201 struct mgmt_hdr *hdr;
202 struct mgmt_ev_cmd_status *ev;
56b7d137 203 int err;
f7b64e69 204
34eb525c 205 BT_DBG("sock %p, index %u, cmd %u, status %u", sk, index, cmd, status);
f7b64e69 206
790eff44 207 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev), GFP_KERNEL);
f7b64e69
JH		 208 if (!skb)
209 return -ENOMEM;
210
211 hdr = (void *) skb_put(skb, sizeof(*hdr));
212
612dfce9 213 hdr->opcode = __constant_cpu_to_le16(MGMT_EV_CMD_STATUS);
4e51eae9 214 hdr->index = cpu_to_le16(index);
f7b64e69
JH		 215 hdr->len = cpu_to_le16(sizeof(*ev));
216
217 ev = (void *) skb_put(skb, sizeof(*ev));
218 ev->status = status;
eb55ef07 219 ev->opcode = cpu_to_le16(cmd);
f7b64e69 220
56b7d137
GP		 221 err = sock_queue_rcv_skb(sk, skb);
222 if (err < 0)
f7b64e69
JH		 223 kfree_skb(skb);
224
56b7d137 225 return err;
f7b64e69
JH		 226}
227
aee9b218 228static int cmd_complete(struct sock *sk, u16 index, u16 cmd, u8 status,
04124681 229 void *rp, size_t rp_len)
02d98129
JH		 230{
231 struct sk_buff *skb;
232 struct mgmt_hdr *hdr;
233 struct mgmt_ev_cmd_complete *ev;
56b7d137 234 int err;
02d98129
JH		 235
236 BT_DBG("sock %p", sk);
237
790eff44 238 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev) + rp_len, GFP_KERNEL);
02d98129
JH		 239 if (!skb)
240 return -ENOMEM;
241
242 hdr = (void *) skb_put(skb, sizeof(*hdr));
02d98129 243
612dfce9 244 hdr->opcode = __constant_cpu_to_le16(MGMT_EV_CMD_COMPLETE);
4e51eae9 245 hdr->index = cpu_to_le16(index);
a38528f1 246 hdr->len = cpu_to_le16(sizeof(*ev) + rp_len);
02d98129 247
a38528f1 248 ev = (void *) skb_put(skb, sizeof(*ev) + rp_len);
eb55ef07 249 ev->opcode = cpu_to_le16(cmd);
aee9b218 250 ev->status = status;
8020c16a
SJ		 251
252 if (rp)
253 memcpy(ev->data, rp, rp_len);
02d98129 254
56b7d137
GP		 255 err = sock_queue_rcv_skb(sk, skb);
256 if (err < 0)
02d98129
JH		 257 kfree_skb(skb);
258
e5f0e151 259 return err;
02d98129
JH		 260}
261
04124681
GP		 262static int read_version(struct sock *sk, struct hci_dev *hdev, void *data,
263 u16 data_len)
a38528f1
JH		 264{
265 struct mgmt_rp_read_version rp;
266
267 BT_DBG("sock %p", sk);
268
269 rp.version = MGMT_VERSION;
eb55ef07 270 rp.revision = __constant_cpu_to_le16(MGMT_REVISION);
a38528f1 271
aee9b218 272 return cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_VERSION, 0, &rp,
04124681 273 sizeof(rp));
a38528f1
JH		 274}
275
04124681
GP		 276static int read_commands(struct sock *sk, struct hci_dev *hdev, void *data,
277 u16 data_len)
e70bb2e8
JH		 278{
279 struct mgmt_rp_read_commands *rp;
eb55ef07
MH		 280 const u16 num_commands = ARRAY_SIZE(mgmt_commands);
281 const u16 num_events = ARRAY_SIZE(mgmt_events);
2e3c35ea 282 __le16 *opcode;
e70bb2e8
JH		 283 size_t rp_size;
284 int i, err;
285
286 BT_DBG("sock %p", sk);
287
288 rp_size = sizeof(*rp) + ((num_commands + num_events) * sizeof(u16));
289
290 rp = kmalloc(rp_size, GFP_KERNEL);
291 if (!rp)
292 return -ENOMEM;
293
eb55ef07
MH		 294 rp->num_commands = __constant_cpu_to_le16(num_commands);
295 rp->num_events = __constant_cpu_to_le16(num_events);
e70bb2e8
JH		 296
297 for (i = 0, opcode = rp->opcodes; i < num_commands; i++, opcode++)
298 put_unaligned_le16(mgmt_commands[i], opcode);
299
300 for (i = 0; i < num_events; i++, opcode++)
301 put_unaligned_le16(mgmt_events[i], opcode);
302
aee9b218 303 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_COMMANDS, 0, rp,
04124681 304 rp_size);
e70bb2e8
JH		 305 kfree(rp);
306
307 return err;
308}
309
04124681
GP		 310static int read_index_list(struct sock *sk, struct hci_dev *hdev, void *data,
311 u16 data_len)
faba42eb 312{
faba42eb 313 struct mgmt_rp_read_index_list *rp;
8035ded4 314 struct hci_dev *d;
a38528f1 315 size_t rp_len;
faba42eb 316 u16 count;
476e44cb 317 int err;
faba42eb
JH		 318
319 BT_DBG("sock %p", sk);
320
321 read_lock(&hci_dev_list_lock);
322
323 count = 0;
bb4b2a9a
AE		 324 list_for_each_entry(d, &hci_dev_list, list) {
325 if (!mgmt_valid_hdev(d))
326 continue;
327
faba42eb
JH		 328 count++;
329 }
330
a38528f1
JH		 331 rp_len = sizeof(*rp) + (2 * count);
332 rp = kmalloc(rp_len, GFP_ATOMIC);
333 if (!rp) {
b2c60d42 334 read_unlock(&hci_dev_list_lock);
faba42eb 335 return -ENOMEM;
b2c60d42 336 }
faba42eb 337
476e44cb 338 count = 0;
8035ded4 339 list_for_each_entry(d, &hci_dev_list, list) {
a8b2d5c2 340 if (test_bit(HCI_SETUP, &d->dev_flags))
ab81cbf9
JH		 341 continue;
342
0736cfa8
MH		 343 if (test_bit(HCI_USER_CHANNEL, &d->dev_flags))
344 continue;
345
bb4b2a9a
AE		 346 if (!mgmt_valid_hdev(d))
347 continue;
348
476e44cb 349 rp->index[count++] = cpu_to_le16(d->id);
faba42eb
JH		 350 BT_DBG("Added hci%u", d->id);
351 }
352
476e44cb
JH		 353 rp->num_controllers = cpu_to_le16(count);
354 rp_len = sizeof(*rp) + (2 * count);
355
faba42eb
JH		 356 read_unlock(&hci_dev_list_lock);
357
aee9b218 358 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_INDEX_LIST, 0, rp,
04124681 359 rp_len);
faba42eb 360
a38528f1
JH		 361 kfree(rp);
362
363 return err;
faba42eb
JH		 364}
365
69ab39ea
JH		 366static u32 get_supported_settings(struct hci_dev *hdev)
367{
368 u32 settings = 0;
369
370 settings |= MGMT_SETTING_POWERED;
69ab39ea
JH		 371 settings |= MGMT_SETTING_PAIRABLE;
372
9a1a1996 373 if (lmp_ssp_capable(hdev))
69ab39ea
JH		 374 settings |= MGMT_SETTING_SSP;
375
ed3fa31f 376 if (lmp_bredr_capable(hdev)) {
33c525c0 377 settings |= MGMT_SETTING_CONNECTABLE;
1a47aee8
JH		 378 if (hdev->hci_ver >= BLUETOOTH_VER_1_2)
379 settings |= MGMT_SETTING_FAST_CONNECTABLE;
33c525c0 380 settings |= MGMT_SETTING_DISCOVERABLE;
69ab39ea
JH		 381 settings |= MGMT_SETTING_BREDR;
382 settings |= MGMT_SETTING_LINK_SECURITY;
383 }
384
d7b7e796
MH		 385 if (enable_hs)
386 settings |= MGMT_SETTING_HS;
387
eeca6f89 388 if (lmp_le_capable(hdev)) {
9d42820f 389 settings |= MGMT_SETTING_LE;
eeca6f89
JH		 390 settings |= MGMT_SETTING_ADVERTISING;
391 }
69ab39ea
JH		 392
393 return settings;
394}
395
396static u32 get_current_settings(struct hci_dev *hdev)
397{
398 u32 settings = 0;
399
f1f0eb02 400 if (hdev_is_powered(hdev))
f0d4b78a
MH		 401 settings |= MGMT_SETTING_POWERED;
402
5e5282bb 403 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
69ab39ea
JH		 404 settings |= MGMT_SETTING_CONNECTABLE;
405
1a4d3c4b
JH		 406 if (test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags))
407 settings |= MGMT_SETTING_FAST_CONNECTABLE;
408
5e5282bb 409 if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
69ab39ea
JH		 410 settings |= MGMT_SETTING_DISCOVERABLE;
411
a8b2d5c2 412 if (test_bit(HCI_PAIRABLE, &hdev->dev_flags))
69ab39ea
JH		 413 settings |= MGMT_SETTING_PAIRABLE;
414
ed3fa31f 415 if (lmp_bredr_capable(hdev))
69ab39ea
JH		 416 settings |= MGMT_SETTING_BREDR;
417
06199cf8 418 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
69ab39ea
JH		 419 settings |= MGMT_SETTING_LE;
420
47990ea0 421 if (test_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
69ab39ea
JH		 422 settings |= MGMT_SETTING_LINK_SECURITY;
423
84bde9d6 424 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
69ab39ea
JH		 425 settings |= MGMT_SETTING_SSP;
426
6d80dfd0
JH		 427 if (test_bit(HCI_HS_ENABLED, &hdev->dev_flags))
428 settings |= MGMT_SETTING_HS;
429
eeca6f89
JH		 430 if (test_bit(HCI_LE_PERIPHERAL, &hdev->dev_flags))
431 settings |= MGMT_SETTING_ADVERTISING;
432
69ab39ea
JH		 433 return settings;
434}
435
ef580372
JH		 436#define PNP_INFO_SVCLASS_ID 0x1200
437
213202ed
JH		 438static u8 *create_uuid16_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
439{
440 u8 *ptr = data, *uuids_start = NULL;
441 struct bt_uuid *uuid;
442
443 if (len < 4)
444 return ptr;
445
446 list_for_each_entry(uuid, &hdev->uuids, list) {
447 u16 uuid16;
448
449 if (uuid->size != 16)
450 continue;
451
452 uuid16 = get_unaligned_le16(&uuid->uuid[12]);
453 if (uuid16 < 0x1100)
454 continue;
455
456 if (uuid16 == PNP_INFO_SVCLASS_ID)
457 continue;
458
459 if (!uuids_start) {
460 uuids_start = ptr;
461 uuids_start[0] = 1;
462 uuids_start[1] = EIR_UUID16_ALL;
463 ptr += 2;
464 }
465
466 /* Stop if not enough space to put next UUID */
467 if ((ptr - data) + sizeof(u16) > len) {
468 uuids_start[1] = EIR_UUID16_SOME;
469 break;
470 }
471
472 *ptr++ = (uuid16 & 0x00ff);
473 *ptr++ = (uuid16 & 0xff00) >> 8;
474 uuids_start[0] += sizeof(uuid16);
475 }
476
477 return ptr;
478}
479
cdf1963f
JH		 480static u8 *create_uuid32_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
481{
482 u8 *ptr = data, *uuids_start = NULL;
483 struct bt_uuid *uuid;
484
485 if (len < 6)
486 return ptr;
487
488 list_for_each_entry(uuid, &hdev->uuids, list) {
489 if (uuid->size != 32)
490 continue;
491
492 if (!uuids_start) {
493 uuids_start = ptr;
494 uuids_start[0] = 1;
495 uuids_start[1] = EIR_UUID32_ALL;
496 ptr += 2;
497 }
498
499 /* Stop if not enough space to put next UUID */
500 if ((ptr - data) + sizeof(u32) > len) {
501 uuids_start[1] = EIR_UUID32_SOME;
502 break;
503 }
504
505 memcpy(ptr, &uuid->uuid[12], sizeof(u32));
506 ptr += sizeof(u32);
507 uuids_start[0] += sizeof(u32);
508 }
509
510 return ptr;
511}
512
c00d575b
JH		 513static u8 *create_uuid128_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
514{
515 u8 *ptr = data, *uuids_start = NULL;
516 struct bt_uuid *uuid;
517
518 if (len < 18)
519 return ptr;
520
521 list_for_each_entry(uuid, &hdev->uuids, list) {
522 if (uuid->size != 128)
523 continue;
524
525 if (!uuids_start) {
526 uuids_start = ptr;
527 uuids_start[0] = 1;
528 uuids_start[1] = EIR_UUID128_ALL;
529 ptr += 2;
530 }
531
532 /* Stop if not enough space to put next UUID */
533 if ((ptr - data) + 16 > len) {
534 uuids_start[1] = EIR_UUID128_SOME;
535 break;
536 }
537
538 memcpy(ptr, uuid->uuid, 16);
539 ptr += 16;
540 uuids_start[0] += 16;
541 }
542
543 return ptr;
544}
545
ef580372
JH		 546static void create_eir(struct hci_dev *hdev, u8 *data)
547{
548 u8 *ptr = data;
ef580372
JH		 549 size_t name_len;
550
551 name_len = strlen(hdev->dev_name);
552
553 if (name_len > 0) {
554 /* EIR Data type */
555 if (name_len > 48) {
556 name_len = 48;
557 ptr[1] = EIR_NAME_SHORT;
558 } else
559 ptr[1] = EIR_NAME_COMPLETE;
560
561 /* EIR Data length */
562 ptr[0] = name_len + 1;
563
564 memcpy(ptr + 2, hdev->dev_name, name_len);
565
ef580372
JH		 566 ptr += (name_len + 2);
567 }
568
bbaf444a 569 if (hdev->inq_tx_power != HCI_TX_POWER_INVALID) {
91c4e9b1
MH		 570 ptr[0] = 2;
571 ptr[1] = EIR_TX_POWER;
572 ptr[2] = (u8) hdev->inq_tx_power;
573
91c4e9b1
MH		 574 ptr += 3;
575 }
576
2b9be137
MH		 577 if (hdev->devid_source > 0) {
578 ptr[0] = 9;
579 ptr[1] = EIR_DEVICE_ID;
580
581 put_unaligned_le16(hdev->devid_source, ptr + 2);
582 put_unaligned_le16(hdev->devid_vendor, ptr + 4);
583 put_unaligned_le16(hdev->devid_product, ptr + 6);
584 put_unaligned_le16(hdev->devid_version, ptr + 8);
585
2b9be137
MH		 586 ptr += 10;
587 }
588
213202ed 589 ptr = create_uuid16_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
cdf1963f 590 ptr = create_uuid32_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
c00d575b 591 ptr = create_uuid128_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
ef580372
JH		 592}
593
890ea898 594static void update_eir(struct hci_request *req)
ef580372 595{
890ea898 596 struct hci_dev *hdev = req->hdev;
ef580372
JH		 597 struct hci_cp_write_eir cp;
598
504c8dcd 599 if (!hdev_is_powered(hdev))
890ea898 600 return;
7770c4aa 601
976eb20e 602 if (!lmp_ext_inq_capable(hdev))
890ea898 603 return;
ef580372 604
84bde9d6 605 if (!test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
890ea898 606 return;
ef580372 607
a8b2d5c2 608 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
890ea898 609 return;
ef580372
JH		 610
611 memset(&cp, 0, sizeof(cp));
612
613 create_eir(hdev, cp.data);
614
615 if (memcmp(cp.data, hdev->eir, sizeof(cp.data)) == 0)
890ea898 616 return;
ef580372
JH		 617
618 memcpy(hdev->eir, cp.data, sizeof(cp.data));
619
890ea898 620 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
ef580372
JH		 621}
622
623static u8 get_service_classes(struct hci_dev *hdev)
624{
625 struct bt_uuid *uuid;
626 u8 val = 0;
627
628 list_for_each_entry(uuid, &hdev->uuids, list)
629 val |= uuid->svc_hint;
630
631 return val;
632}
633
890ea898 634static void update_class(struct hci_request *req)
ef580372 635{
890ea898 636 struct hci_dev *hdev = req->hdev;
ef580372
JH		 637 u8 cod[3];
638
639 BT_DBG("%s", hdev->name);
640
504c8dcd 641 if (!hdev_is_powered(hdev))
890ea898 642 return;
7770c4aa 643
a8b2d5c2 644 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
890ea898 645 return;
ef580372
JH		 646
647 cod[0] = hdev->minor_class;
648 cod[1] = hdev->major_class;
649 cod[2] = get_service_classes(hdev);
650
651 if (memcmp(cod, hdev->dev_class, 3) == 0)
890ea898 652 return;
ef580372 653
890ea898 654 hci_req_add(req, HCI_OP_WRITE_CLASS_OF_DEV, sizeof(cod), cod);
ef580372
JH		 655}
656
7d78525d
JH		 657static void service_cache_off(struct work_struct *work)
658{
659 struct hci_dev *hdev = container_of(work, struct hci_dev,
04124681 660 service_cache.work);
890ea898 661 struct hci_request req;
7d78525d 662
a8b2d5c2 663 if (!test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
7d78525d
JH		 664 return;
665
890ea898
JH		 666 hci_req_init(&req, hdev);
667
7d78525d
JH		 668 hci_dev_lock(hdev);
669
890ea898
JH		 670 update_eir(&req);
671 update_class(&req);
7d78525d
JH		 672
673 hci_dev_unlock(hdev);
890ea898
JH		 674
675 hci_req_run(&req, NULL);
7d78525d
JH		 676}
677
6a919082 678static void mgmt_init_hdev(struct sock *sk, struct hci_dev *hdev)
7d78525d 679{
4f87da80 680 if (test_and_set_bit(HCI_MGMT, &hdev->dev_flags))
6a919082
JH		 681 return;
682
4f87da80 683 INIT_DELAYED_WORK(&hdev->service_cache, service_cache_off);
7d78525d 684
4f87da80
JH		 685 /* Non-mgmt controlled devices get this bit set
686 * implicitly so that pairing works for them, however
687 * for mgmt we require user-space to explicitly enable
688 * it
689 */
690 clear_bit(HCI_PAIRABLE, &hdev->dev_flags);
7d78525d
JH		 691}
692
0f4e68cf 693static int read_controller_info(struct sock *sk, struct hci_dev *hdev,
04124681 694 void *data, u16 data_len)
0381101f 695{
a38528f1 696 struct mgmt_rp_read_info rp;
f7b64e69 697
bdb6d971 698 BT_DBG("sock %p %s", sk, hdev->name);
f7b64e69 699
09fd0de5 700 hci_dev_lock(hdev);
f7b64e69 701
dc4fe30b
JH		 702 memset(&rp, 0, sizeof(rp));
703
69ab39ea 704 bacpy(&rp.bdaddr, &hdev->bdaddr);
f7b64e69 705
69ab39ea 706 rp.version = hdev->hci_ver;
eb55ef07 707 rp.manufacturer = cpu_to_le16(hdev->manufacturer);
69ab39ea
JH		 708
709 rp.supported_settings = cpu_to_le32(get_supported_settings(hdev));
710 rp.current_settings = cpu_to_le32(get_current_settings(hdev));
f7b64e69 711
a38528f1 712 memcpy(rp.dev_class, hdev->dev_class, 3);
f7b64e69 713
dc4fe30b 714 memcpy(rp.name, hdev->dev_name, sizeof(hdev->dev_name));
27fcc362 715 memcpy(rp.short_name, hdev->short_name, sizeof(hdev->short_name));
dc4fe30b 716
09fd0de5 717 hci_dev_unlock(hdev);
0381101f 718
bdb6d971 719 return cmd_complete(sk, hdev->id, MGMT_OP_READ_INFO, 0, &rp,
04124681 720 sizeof(rp));
0381101f
JH		 721}
722
eec8d2bc
JH		 723static void mgmt_pending_free(struct pending_cmd *cmd)
724{
725 sock_put(cmd->sk);
c68fb7ff 726 kfree(cmd->param);
eec8d2bc
JH		 727 kfree(cmd);
728}
729
366a0336 730static struct pending_cmd *mgmt_pending_add(struct sock *sk, u16 opcode,
04124681
GP		 731 struct hci_dev *hdev, void *data,
732 u16 len)
eec8d2bc
JH		 733{
734 struct pending_cmd *cmd;
735
12b94565 736 cmd = kmalloc(sizeof(*cmd), GFP_KERNEL);
eec8d2bc 737 if (!cmd)
366a0336 738 return NULL;
eec8d2bc
JH		 739
740 cmd->opcode = opcode;
2e58ef3e 741 cmd->index = hdev->id;
eec8d2bc 742
12b94565 743 cmd->param = kmalloc(len, GFP_KERNEL);
c68fb7ff 744 if (!cmd->param) {
eec8d2bc 745 kfree(cmd);
366a0336 746 return NULL;
eec8d2bc
JH		 747 }
748
8fce6357
SJ		 749 if (data)
750 memcpy(cmd->param, data, len);
eec8d2bc
JH		 751
752 cmd->sk = sk;
753 sock_hold(sk);
754
2e58ef3e 755 list_add(&cmd->list, &hdev->mgmt_pending);
eec8d2bc 756
366a0336 757 return cmd;
eec8d2bc
JH		 758}
759
744cf19e 760static void mgmt_pending_foreach(u16 opcode, struct hci_dev *hdev,
8fc9ced3
GP		 761 void (*cb)(struct pending_cmd *cmd,
762 void *data),
04124681 763 void *data)
eec8d2bc 764{
a3d09356 765 struct pending_cmd *cmd, *tmp;
eec8d2bc 766
a3d09356 767 list_for_each_entry_safe(cmd, tmp, &hdev->mgmt_pending, list) {
b24752fe 768 if (opcode > 0 && cmd->opcode != opcode)
eec8d2bc
JH		 769 continue;
770
eec8d2bc
JH		 771 cb(cmd, data);
772 }
773}
774
2e58ef3e 775static struct pending_cmd *mgmt_pending_find(u16 opcode, struct hci_dev *hdev)
eec8d2bc 776{
8035ded4 777 struct pending_cmd *cmd;
eec8d2bc 778
2e58ef3e 779 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
2aeabcbe
JH		 780 if (cmd->opcode == opcode)
781 return cmd;
eec8d2bc
JH		 782 }
783
784 return NULL;
785}
786
a664b5bc 787static void mgmt_pending_remove(struct pending_cmd *cmd)
73f22f62 788{
73f22f62
JH		 789 list_del(&cmd->list);
790 mgmt_pending_free(cmd);
791}
792
69ab39ea 793static int send_settings_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
8680570b 794{
69ab39ea 795 __le32 settings = cpu_to_le32(get_current_settings(hdev));
8680570b 796
aee9b218 797 return cmd_complete(sk, hdev->id, opcode, 0, &settings,
04124681 798 sizeof(settings));
8680570b
JH		 799}
800
bdb6d971 801static int set_powered(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 802 u16 len)
eec8d2bc 803{
650f726d 804 struct mgmt_mode *cp = data;
366a0336 805 struct pending_cmd *cmd;
4b34ee78 806 int err;
eec8d2bc 807
bdb6d971 808 BT_DBG("request for %s", hdev->name);
eec8d2bc 809
a7e80f25
JH		 810 if (cp->val != 0x00 && cp->val != 0x01)
811 return cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
812 MGMT_STATUS_INVALID_PARAMS);
813
09fd0de5 814 hci_dev_lock(hdev);
eec8d2bc 815
87b95ba6
JH		 816 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev)) {
817 err = cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
818 MGMT_STATUS_BUSY);
819 goto failed;
820 }
821
f0d4b78a
MH		 822 if (test_and_clear_bit(HCI_AUTO_OFF, &hdev->dev_flags)) {
823 cancel_delayed_work(&hdev->power_off);
824
825 if (cp->val) {
a1d70450
JH		 826 mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev,
827 data, len);
828 err = mgmt_powered(hdev, 1);
f0d4b78a
MH		 829 goto failed;
830 }
831 }
832
4b34ee78 833 if (!!cp->val == hdev_is_powered(hdev)) {
69ab39ea 834 err = send_settings_rsp(sk, MGMT_OP_SET_POWERED, hdev);
eec8d2bc
JH		 835 goto failed;
836 }
837
2e58ef3e 838 cmd = mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev, data, len);
366a0336
JH		 839 if (!cmd) {
840 err = -ENOMEM;
eec8d2bc 841 goto failed;
366a0336 842 }
eec8d2bc 843
72a734ec 844 if (cp->val)
19202573 845 queue_work(hdev->req_workqueue, &hdev->power_on);
eec8d2bc 846 else
19202573 847 queue_work(hdev->req_workqueue, &hdev->power_off.work);
eec8d2bc 848
366a0336 849 err = 0;
eec8d2bc
JH		 850
851failed:
09fd0de5 852 hci_dev_unlock(hdev);
366a0336 853 return err;
eec8d2bc
JH		 854}
855
04124681
GP		 856static int mgmt_event(u16 event, struct hci_dev *hdev, void *data, u16 data_len,
857 struct sock *skip_sk)
beadb2bd
JH		 858{
859 struct sk_buff *skb;
860 struct mgmt_hdr *hdr;
861
790eff44 862 skb = alloc_skb(sizeof(*hdr) + data_len, GFP_KERNEL);
beadb2bd
JH		 863 if (!skb)
864 return -ENOMEM;
865
866 hdr = (void *) skb_put(skb, sizeof(*hdr));
867 hdr->opcode = cpu_to_le16(event);
868 if (hdev)
869 hdr->index = cpu_to_le16(hdev->id);
870 else
612dfce9 871 hdr->index = __constant_cpu_to_le16(MGMT_INDEX_NONE);
beadb2bd
JH		 872 hdr->len = cpu_to_le16(data_len);
873
874 if (data)
875 memcpy(skb_put(skb, data_len), data, data_len);
876
97e0bdeb
MH		 877 /* Time stamp */
878 __net_timestamp(skb);
879
beadb2bd
JH		 880 hci_send_to_control(skb, skip_sk);
881 kfree_skb(skb);
882
883 return 0;
884}
885
886static int new_settings(struct hci_dev *hdev, struct sock *skip)
887{
888 __le32 ev;
889
890 ev = cpu_to_le32(get_current_settings(hdev));
891
892 return mgmt_event(MGMT_EV_NEW_SETTINGS, hdev, &ev, sizeof(ev), skip);
893}
894
bd99abdd
JH		 895struct cmd_lookup {
896 struct sock *sk;
897 struct hci_dev *hdev;
898 u8 mgmt_status;
899};
900
901static void settings_rsp(struct pending_cmd *cmd, void *data)
902{
903 struct cmd_lookup *match = data;
904
905 send_settings_rsp(cmd->sk, cmd->opcode, match->hdev);
906
907 list_del(&cmd->list);
908
909 if (match->sk == NULL) {
910 match->sk = cmd->sk;
911 sock_hold(match->sk);
912 }
913
914 mgmt_pending_free(cmd);
915}
916
917static void cmd_status_rsp(struct pending_cmd *cmd, void *data)
918{
919 u8 *status = data;
920
921 cmd_status(cmd->sk, cmd->index, cmd->opcode, *status);
922 mgmt_pending_remove(cmd);
923}
924
bdb6d971 925static int set_discoverable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 926 u16 len)
73f22f62 927{
650f726d 928 struct mgmt_cp_set_discoverable *cp = data;
366a0336 929 struct pending_cmd *cmd;
5e5282bb 930 u16 timeout;
73f22f62
JH		 931 u8 scan;
932 int err;
933
bdb6d971 934 BT_DBG("request for %s", hdev->name);
73f22f62 935
33c525c0
JH		 936 if (!lmp_bredr_capable(hdev))
937 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
938 MGMT_STATUS_NOT_SUPPORTED);
939
a7e80f25
JH		 940 if (cp->val != 0x00 && cp->val != 0x01)
941 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
942 MGMT_STATUS_INVALID_PARAMS);
943
1f350c87 944 timeout = __le16_to_cpu(cp->timeout);
24c54a90 945 if (!cp->val && timeout > 0)
bdb6d971 946 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 947 MGMT_STATUS_INVALID_PARAMS);
73f22f62 948
09fd0de5 949 hci_dev_lock(hdev);
73f22f62 950
5e5282bb 951 if (!hdev_is_powered(hdev) && timeout > 0) {
bdb6d971 952 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 953 MGMT_STATUS_NOT_POWERED);
73f22f62
JH		 954 goto failed;
955 }
956
2e58ef3e 957 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
8ce8e2b5 958 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
bdb6d971 959 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 960 MGMT_STATUS_BUSY);
73f22f62
JH		 961 goto failed;
962 }
963
5e5282bb 964 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags)) {
bdb6d971 965 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 966 MGMT_STATUS_REJECTED);
5e5282bb
JH		 967 goto failed;
968 }
969
970 if (!hdev_is_powered(hdev)) {
0224d2fa
JH		 971 bool changed = false;
972
973 if (!!cp->val != test_bit(HCI_DISCOVERABLE, &hdev->dev_flags)) {
974 change_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
975 changed = true;
976 }
977
5e5282bb 978 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
0224d2fa
JH		 979 if (err < 0)
980 goto failed;
981
982 if (changed)
983 err = new_settings(hdev, sk);
984
5e5282bb
JH		 985 goto failed;
986 }
987
988 if (!!cp->val == test_bit(HCI_DISCOVERABLE, &hdev->dev_flags)) {
955638ec
MH		 989 if (hdev->discov_timeout > 0) {
990 cancel_delayed_work(&hdev->discov_off);
991 hdev->discov_timeout = 0;
992 }
993
994 if (cp->val && timeout > 0) {
995 hdev->discov_timeout = timeout;
996 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
997 msecs_to_jiffies(hdev->discov_timeout * 1000));
998 }
999
69ab39ea 1000 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
73f22f62
JH		 1001 goto failed;
1002 }
1003
2e58ef3e 1004 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DISCOVERABLE, hdev, data, len);
366a0336
JH		 1005 if (!cmd) {
1006 err = -ENOMEM;
73f22f62 1007 goto failed;
366a0336 1008 }
73f22f62
JH		 1009
1010 scan = SCAN_PAGE;
1011
72a734ec 1012 if (cp->val)
73f22f62 1013 scan |= SCAN_INQUIRY;
16ab91ab 1014 else
e0f9309f 1015 cancel_delayed_work(&hdev->discov_off);
73f22f62
JH		 1016
1017 err = hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1018 if (err < 0)
a664b5bc 1019 mgmt_pending_remove(cmd);
73f22f62 1020
16ab91ab 1021 if (cp->val)
5e5282bb 1022 hdev->discov_timeout = timeout;
16ab91ab 1023
73f22f62 1024failed:
09fd0de5 1025 hci_dev_unlock(hdev);
73f22f62
JH		 1026 return err;
1027}
1028
406d7804
JH		 1029static void write_fast_connectable(struct hci_request *req, bool enable)
1030{
bd98b996 1031 struct hci_dev *hdev = req->hdev;
406d7804
JH		 1032 struct hci_cp_write_page_scan_activity acp;
1033 u8 type;
1034
4c01f8b8
JH		 1035 if (hdev->hci_ver < BLUETOOTH_VER_1_2)
1036 return;
1037
406d7804
JH		 1038 if (enable) {
1039 type = PAGE_SCAN_TYPE_INTERLACED;
1040
1041 /* 160 msec page scan interval */
1042 acp.interval = __constant_cpu_to_le16(0x0100);
1043 } else {
1044 type = PAGE_SCAN_TYPE_STANDARD; /* default */
1045
1046 /* default 1.28 sec page scan */
1047 acp.interval = __constant_cpu_to_le16(0x0800);
1048 }
1049
1050 acp.window = __constant_cpu_to_le16(0x0012);
1051
bd98b996
JH		 1052 if (__cpu_to_le16(hdev->page_scan_interval) != acp.interval ||
1053 __cpu_to_le16(hdev->page_scan_window) != acp.window)
1054 hci_req_add(req, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY,
1055 sizeof(acp), &acp);
1056
1057 if (hdev->page_scan_type != type)
1058 hci_req_add(req, HCI_OP_WRITE_PAGE_SCAN_TYPE, 1, &type);
406d7804
JH		 1059}
1060
2b76f453
JH		 1061static void set_connectable_complete(struct hci_dev *hdev, u8 status)
1062{
1063 struct pending_cmd *cmd;
1064
1065 BT_DBG("status 0x%02x", status);
1066
1067 hci_dev_lock(hdev);
1068
1069 cmd = mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
1070 if (!cmd)
1071 goto unlock;
1072
1073 send_settings_rsp(cmd->sk, MGMT_OP_SET_CONNECTABLE, hdev);
1074
1075 mgmt_pending_remove(cmd);
1076
1077unlock:
1078 hci_dev_unlock(hdev);
1079}
1080
bdb6d971 1081static int set_connectable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1082 u16 len)
9fbcbb45 1083{
650f726d 1084 struct mgmt_mode *cp = data;
366a0336 1085 struct pending_cmd *cmd;
2b76f453 1086 struct hci_request req;
9fbcbb45
JH		 1087 u8 scan;
1088 int err;
1089
bdb6d971 1090 BT_DBG("request for %s", hdev->name);
9fbcbb45 1091
33c525c0
JH		 1092 if (!lmp_bredr_capable(hdev))
1093 return cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1094 MGMT_STATUS_NOT_SUPPORTED);
1095
a7e80f25
JH		 1096 if (cp->val != 0x00 && cp->val != 0x01)
1097 return cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1098 MGMT_STATUS_INVALID_PARAMS);
1099
09fd0de5 1100 hci_dev_lock(hdev);
9fbcbb45 1101
4b34ee78 1102 if (!hdev_is_powered(hdev)) {
0224d2fa
JH		 1103 bool changed = false;
1104
1105 if (!!cp->val != test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
1106 changed = true;
1107
6bf0e469 1108 if (cp->val) {
5e5282bb 1109 set_bit(HCI_CONNECTABLE, &hdev->dev_flags);
6bf0e469 1110 } else {
5e5282bb
JH		 1111 clear_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1112 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
1113 }
0224d2fa 1114
5e5282bb 1115 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
0224d2fa
JH		 1116 if (err < 0)
1117 goto failed;
1118
1119 if (changed)
1120 err = new_settings(hdev, sk);
1121
9fbcbb45
JH		 1122 goto failed;
1123 }
1124
2e58ef3e 1125 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
8ce8e2b5 1126 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
bdb6d971 1127 err = cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
04124681 1128 MGMT_STATUS_BUSY);
9fbcbb45
JH		 1129 goto failed;
1130 }
1131
5e5282bb 1132 if (!!cp->val == test_bit(HCI_PSCAN, &hdev->flags)) {
69ab39ea 1133 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
9fbcbb45
JH		 1134 goto failed;
1135 }
1136
2e58ef3e 1137 cmd = mgmt_pending_add(sk, MGMT_OP_SET_CONNECTABLE, hdev, data, len);
366a0336
JH		 1138 if (!cmd) {
1139 err = -ENOMEM;
9fbcbb45 1140 goto failed;
366a0336 1141 }
9fbcbb45 1142
6bf0e469 1143 if (cp->val) {
9fbcbb45 1144 scan = SCAN_PAGE;
6bf0e469 1145 } else {
9fbcbb45
JH		 1146 scan = 0;
1147
df2c6c5e 1148 if (test_bit(HCI_ISCAN, &hdev->flags) &&
8ce8e2b5 1149 hdev->discov_timeout > 0)
df2c6c5e
JH		 1150 cancel_delayed_work(&hdev->discov_off);
1151 }
1152
2b76f453
JH		 1153 hci_req_init(&req, hdev);
1154
1155 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1156
4c01f8b8
JH		 1157 /* If we're going from non-connectable to connectable or
1158 * vice-versa when fast connectable is enabled ensure that fast
1159 * connectable gets disabled. write_fast_connectable won't do
1160 * anything if the page scan parameters are already what they
1161 * should be.
1162 */
1163 if (cp->val || test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags))
e36a3769
JH		 1164 write_fast_connectable(&req, false);
1165
2b76f453 1166 err = hci_req_run(&req, set_connectable_complete);
9fbcbb45 1167 if (err < 0)
a664b5bc 1168 mgmt_pending_remove(cmd);
9fbcbb45
JH		 1169
1170failed:
09fd0de5 1171 hci_dev_unlock(hdev);
9fbcbb45
JH		 1172 return err;
1173}
1174
bdb6d971 1175static int set_pairable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1176 u16 len)
c542a06c 1177{
650f726d 1178 struct mgmt_mode *cp = data;
c542a06c
JH		 1179 int err;
1180
bdb6d971 1181 BT_DBG("request for %s", hdev->name);
c542a06c 1182
a7e80f25
JH		 1183 if (cp->val != 0x00 && cp->val != 0x01)
1184 return cmd_status(sk, hdev->id, MGMT_OP_SET_PAIRABLE,
1185 MGMT_STATUS_INVALID_PARAMS);
1186
09fd0de5 1187 hci_dev_lock(hdev);
c542a06c
JH		 1188
1189 if (cp->val)
a8b2d5c2 1190 set_bit(HCI_PAIRABLE, &hdev->dev_flags);
c542a06c 1191 else
a8b2d5c2 1192 clear_bit(HCI_PAIRABLE, &hdev->dev_flags);
c542a06c 1193
69ab39ea 1194 err = send_settings_rsp(sk, MGMT_OP_SET_PAIRABLE, hdev);
c542a06c
JH		 1195 if (err < 0)
1196 goto failed;
1197
beadb2bd 1198 err = new_settings(hdev, sk);
c542a06c
JH		 1199
1200failed:
09fd0de5 1201 hci_dev_unlock(hdev);
c542a06c
JH		 1202 return err;
1203}
1204
04124681
GP		 1205static int set_link_security(struct sock *sk, struct hci_dev *hdev, void *data,
1206 u16 len)
33ef95ed
JH		 1207{
1208 struct mgmt_mode *cp = data;
1209 struct pending_cmd *cmd;
816a11d5 1210 u8 val;
33ef95ed
JH		 1211 int err;
1212
bdb6d971 1213 BT_DBG("request for %s", hdev->name);
33ef95ed 1214
33c525c0
JH		 1215 if (!lmp_bredr_capable(hdev))
1216 return cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1217 MGMT_STATUS_NOT_SUPPORTED);
1218
a7e80f25
JH		 1219 if (cp->val != 0x00 && cp->val != 0x01)
1220 return cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1221 MGMT_STATUS_INVALID_PARAMS);
1222
33ef95ed
JH		 1223 hci_dev_lock(hdev);
1224
4b34ee78 1225 if (!hdev_is_powered(hdev)) {
47990ea0
JH		 1226 bool changed = false;
1227
1228 if (!!cp->val != test_bit(HCI_LINK_SECURITY,
8ce8e2b5 1229 &hdev->dev_flags)) {
47990ea0
JH		 1230 change_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
1231 changed = true;
1232 }
1233
1234 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1235 if (err < 0)
1236 goto failed;
1237
1238 if (changed)
1239 err = new_settings(hdev, sk);
1240
33ef95ed
JH		 1241 goto failed;
1242 }
1243
1244 if (mgmt_pending_find(MGMT_OP_SET_LINK_SECURITY, hdev)) {
bdb6d971 1245 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
04124681 1246 MGMT_STATUS_BUSY);
33ef95ed
JH		 1247 goto failed;
1248 }
1249
1250 val = !!cp->val;
1251
1252 if (test_bit(HCI_AUTH, &hdev->flags) == val) {
1253 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1254 goto failed;
1255 }
1256
1257 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LINK_SECURITY, hdev, data, len);
1258 if (!cmd) {
1259 err = -ENOMEM;
1260 goto failed;
1261 }
1262
1263 err = hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE, sizeof(val), &val);
1264 if (err < 0) {
1265 mgmt_pending_remove(cmd);
1266 goto failed;
1267 }
1268
1269failed:
1270 hci_dev_unlock(hdev);
33ef95ed
JH		 1271 return err;
1272}
1273
bdb6d971 1274static int set_ssp(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
ed2c4ee3
JH		 1275{
1276 struct mgmt_mode *cp = data;
1277 struct pending_cmd *cmd;
816a11d5 1278 u8 val;
ed2c4ee3
JH		 1279 int err;
1280
bdb6d971 1281 BT_DBG("request for %s", hdev->name);
ed2c4ee3 1282
13ecd8b6
JH		 1283 if (!lmp_ssp_capable(hdev))
1284 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1285 MGMT_STATUS_NOT_SUPPORTED);
ed2c4ee3 1286
a7e80f25
JH		 1287 if (cp->val != 0x00 && cp->val != 0x01)
1288 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1289 MGMT_STATUS_INVALID_PARAMS);
1290
13ecd8b6 1291 hci_dev_lock(hdev);
6c8f12c1 1292
c0ecddc2
JH		 1293 val = !!cp->val;
1294
4b34ee78 1295 if (!hdev_is_powered(hdev)) {
c0ecddc2
JH		 1296 bool changed = false;
1297
1298 if (val != test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) {
1299 change_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
1300 changed = true;
1301 }
1302
1303 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1304 if (err < 0)
1305 goto failed;
1306
1307 if (changed)
1308 err = new_settings(hdev, sk);
1309
ed2c4ee3
JH		 1310 goto failed;
1311 }
1312
1313 if (mgmt_pending_find(MGMT_OP_SET_SSP, hdev)) {
d97dcb66
SJ		 1314 err = cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1315 MGMT_STATUS_BUSY);
ed2c4ee3
JH		 1316 goto failed;
1317 }
1318
ed2c4ee3
JH		 1319 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags) == val) {
1320 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1321 goto failed;
1322 }
1323
1324 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SSP, hdev, data, len);
1325 if (!cmd) {
1326 err = -ENOMEM;
1327 goto failed;
1328 }
1329
1330 err = hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, sizeof(val), &val);
1331 if (err < 0) {
1332 mgmt_pending_remove(cmd);
1333 goto failed;
1334 }
1335
1336failed:
1337 hci_dev_unlock(hdev);
ed2c4ee3
JH		 1338 return err;
1339}
1340
bdb6d971 1341static int set_hs(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
6d80dfd0
JH		 1342{
1343 struct mgmt_mode *cp = data;
6d80dfd0 1344
bdb6d971 1345 BT_DBG("request for %s", hdev->name);
6d80dfd0 1346
bdb6d971
JH		 1347 if (!enable_hs)
1348 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
04124681 1349 MGMT_STATUS_NOT_SUPPORTED);
6d80dfd0 1350
a7e80f25
JH		 1351 if (cp->val != 0x00 && cp->val != 0x01)
1352 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1353 MGMT_STATUS_INVALID_PARAMS);
1354
6d80dfd0
JH		 1355 if (cp->val)
1356 set_bit(HCI_HS_ENABLED, &hdev->dev_flags);
1357 else
1358 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
1359
bdb6d971 1360 return send_settings_rsp(sk, MGMT_OP_SET_HS, hdev);
6d80dfd0
JH		 1361}
1362
416a4ae5
JH		 1363static void le_enable_complete(struct hci_dev *hdev, u8 status)
1364{
1365 struct cmd_lookup match = { NULL, hdev };
1366
1367 if (status) {
1368 u8 mgmt_err = mgmt_status(status);
1369
1370 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, cmd_status_rsp,
1371 &mgmt_err);
1372 return;
1373 }
1374
1375 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, settings_rsp, &match);
1376
1377 new_settings(hdev, match.sk);
1378
1379 if (match.sk)
1380 sock_put(match.sk);
1381}
1382
bdb6d971 1383static int set_le(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
06199cf8
JH		 1384{
1385 struct mgmt_mode *cp = data;
1386 struct hci_cp_write_le_host_supported hci_cp;
1387 struct pending_cmd *cmd;
416a4ae5 1388 struct hci_request req;
06199cf8 1389 int err;
0b60eba1 1390 u8 val, enabled;
06199cf8 1391
bdb6d971 1392 BT_DBG("request for %s", hdev->name);
06199cf8 1393
13ecd8b6
JH		 1394 if (!lmp_le_capable(hdev))
1395 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1396 MGMT_STATUS_NOT_SUPPORTED);
1de028ce 1397
a7e80f25
JH		 1398 if (cp->val != 0x00 && cp->val != 0x01)
1399 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1400 MGMT_STATUS_INVALID_PARAMS);
1401
c73eee91
JH		 1402 /* LE-only devices do not allow toggling LE on/off */
1403 if (!lmp_bredr_capable(hdev))
1404 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1405 MGMT_STATUS_REJECTED);
1406
13ecd8b6 1407 hci_dev_lock(hdev);
06199cf8
JH		 1408
1409 val = !!cp->val;
ffa88e02 1410 enabled = lmp_host_le_capable(hdev);
06199cf8 1411
0b60eba1 1412 if (!hdev_is_powered(hdev) || val == enabled) {
06199cf8
JH		 1413 bool changed = false;
1414
1415 if (val != test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
1416 change_bit(HCI_LE_ENABLED, &hdev->dev_flags);
1417 changed = true;
1418 }
1419
eeca6f89
JH		 1420 if (!val && test_bit(HCI_LE_PERIPHERAL, &hdev->dev_flags)) {
1421 clear_bit(HCI_LE_PERIPHERAL, &hdev->dev_flags);
1422 changed = true;
1423 }
1424
06199cf8
JH		 1425 err = send_settings_rsp(sk, MGMT_OP_SET_LE, hdev);
1426 if (err < 0)
1de028ce 1427 goto unlock;
06199cf8
JH		 1428
1429 if (changed)
1430 err = new_settings(hdev, sk);
1431
1de028ce 1432 goto unlock;
06199cf8
JH		 1433 }
1434
4375f103
JH		 1435 if (mgmt_pending_find(MGMT_OP_SET_LE, hdev) ||
1436 mgmt_pending_find(MGMT_OP_SET_ADVERTISING, hdev)) {
bdb6d971 1437 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
04124681 1438 MGMT_STATUS_BUSY);
1de028ce 1439 goto unlock;
06199cf8
JH		 1440 }
1441
1442 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LE, hdev, data, len);
1443 if (!cmd) {
1444 err = -ENOMEM;
1de028ce 1445 goto unlock;
06199cf8
JH		 1446 }
1447
1448 memset(&hci_cp, 0, sizeof(hci_cp));
1449
1450 if (val) {
1451 hci_cp.le = val;
ffa88e02 1452 hci_cp.simul = lmp_le_br_capable(hdev);
06199cf8
JH		 1453 }
1454
416a4ae5
JH		 1455 hci_req_init(&req, hdev);
1456
eeca6f89
JH		 1457 if (test_bit(HCI_LE_PERIPHERAL, &hdev->dev_flags) && !val)
1458 hci_req_add(&req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(val), &val);
1459
416a4ae5
JH		 1460 hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(hci_cp),
1461 &hci_cp);
1462
1463 err = hci_req_run(&req, le_enable_complete);
0c01bc48 1464 if (err < 0)
06199cf8 1465 mgmt_pending_remove(cmd);
06199cf8 1466
1de028ce
JH		 1467unlock:
1468 hci_dev_unlock(hdev);
06199cf8
JH		 1469 return err;
1470}
1471
0cab9c80
JH		 1472/* This is a helper function to test for pending mgmt commands that can
1473 * cause CoD or EIR HCI commands. We can only allow one such pending
1474 * mgmt command at a time since otherwise we cannot easily track what
1475 * the current values are, will be, and based on that calculate if a new
1476 * HCI command needs to be sent and if yes with what value.
1477 */
1478static bool pending_eir_or_class(struct hci_dev *hdev)
1479{
1480 struct pending_cmd *cmd;
1481
1482 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
1483 switch (cmd->opcode) {
1484 case MGMT_OP_ADD_UUID:
1485 case MGMT_OP_REMOVE_UUID:
1486 case MGMT_OP_SET_DEV_CLASS:
1487 case MGMT_OP_SET_POWERED:
1488 return true;
1489 }
1490 }
1491
1492 return false;
1493}
1494
83be8eca
JH		 1495static const u8 bluetooth_base_uuid[] = {
1496 0xfb, 0x34, 0x9b, 0x5f, 0x80, 0x00, 0x00, 0x80,
1497 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1498};
1499
1500static u8 get_uuid_size(const u8 *uuid)
1501{
1502 u32 val;
1503
1504 if (memcmp(uuid, bluetooth_base_uuid, 12))
1505 return 128;
1506
1507 val = get_unaligned_le32(&uuid[12]);
1508 if (val > 0xffff)
1509 return 32;
1510
1511 return 16;
1512}
1513
92da6097
JH		 1514static void mgmt_class_complete(struct hci_dev *hdev, u16 mgmt_op, u8 status)
1515{
1516 struct pending_cmd *cmd;
1517
1518 hci_dev_lock(hdev);
1519
1520 cmd = mgmt_pending_find(mgmt_op, hdev);
1521 if (!cmd)
1522 goto unlock;
1523
1524 cmd_complete(cmd->sk, cmd->index, cmd->opcode, mgmt_status(status),
1525 hdev->dev_class, 3);
1526
1527 mgmt_pending_remove(cmd);
1528
1529unlock:
1530 hci_dev_unlock(hdev);
1531}
1532
1533static void add_uuid_complete(struct hci_dev *hdev, u8 status)
1534{
1535 BT_DBG("status 0x%02x", status);
1536
1537 mgmt_class_complete(hdev, MGMT_OP_ADD_UUID, status);
1538}
1539
bdb6d971 1540static int add_uuid(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
2aeb9a1a 1541{
650f726d 1542 struct mgmt_cp_add_uuid *cp = data;
90e70454 1543 struct pending_cmd *cmd;
890ea898 1544 struct hci_request req;
2aeb9a1a 1545 struct bt_uuid *uuid;
2aeb9a1a
JH		 1546 int err;
1547
bdb6d971 1548 BT_DBG("request for %s", hdev->name);
2aeb9a1a 1549
09fd0de5 1550 hci_dev_lock(hdev);
2aeb9a1a 1551
0cab9c80 1552 if (pending_eir_or_class(hdev)) {
bdb6d971 1553 err = cmd_status(sk, hdev->id, MGMT_OP_ADD_UUID,
04124681 1554 MGMT_STATUS_BUSY);
c95f0ba7
JH		 1555 goto failed;
1556 }
1557
92c4c204 1558 uuid = kmalloc(sizeof(*uuid), GFP_KERNEL);
2aeb9a1a
JH		 1559 if (!uuid) {
1560 err = -ENOMEM;
1561 goto failed;
1562 }
1563
1564 memcpy(uuid->uuid, cp->uuid, 16);
1aff6f09 1565 uuid->svc_hint = cp->svc_hint;
83be8eca 1566 uuid->size = get_uuid_size(cp->uuid);
2aeb9a1a 1567
de66aa63 1568 list_add_tail(&uuid->list, &hdev->uuids);
2aeb9a1a 1569
890ea898 1570 hci_req_init(&req, hdev);
1aff6f09 1571
890ea898
JH		 1572 update_class(&req);
1573 update_eir(&req);
1574
92da6097
JH		 1575 err = hci_req_run(&req, add_uuid_complete);
1576 if (err < 0) {
1577 if (err != -ENODATA)
1578 goto failed;
80a1e1db 1579
bdb6d971 1580 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_UUID, 0,
04124681 1581 hdev->dev_class, 3);
90e70454
JH		 1582 goto failed;
1583 }
1584
1585 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_UUID, hdev, data, len);
890ea898 1586 if (!cmd) {
90e70454 1587 err = -ENOMEM;
890ea898
JH		 1588 goto failed;
1589 }
1590
1591 err = 0;
2aeb9a1a
JH		 1592
1593failed:
09fd0de5 1594 hci_dev_unlock(hdev);
2aeb9a1a
JH		 1595 return err;
1596}
1597
24b78d0f
JH		 1598static bool enable_service_cache(struct hci_dev *hdev)
1599{
1600 if (!hdev_is_powered(hdev))
1601 return false;
1602
1603 if (!test_and_set_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
46818ed5
JH		 1604 queue_delayed_work(hdev->workqueue, &hdev->service_cache,
1605 CACHE_TIMEOUT);
24b78d0f
JH		 1606 return true;
1607 }
1608
1609 return false;
1610}
1611
92da6097
JH		 1612static void remove_uuid_complete(struct hci_dev *hdev, u8 status)
1613{
1614 BT_DBG("status 0x%02x", status);
1615
1616 mgmt_class_complete(hdev, MGMT_OP_REMOVE_UUID, status);
1617}
1618
bdb6d971 1619static int remove_uuid(struct sock *sk, struct hci_dev *hdev, void *data,
8ce8e2b5 1620 u16 len)
2aeb9a1a 1621{
650f726d 1622 struct mgmt_cp_remove_uuid *cp = data;
90e70454 1623 struct pending_cmd *cmd;
056341c8 1624 struct bt_uuid *match, *tmp;
2aeb9a1a 1625 u8 bt_uuid_any[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
890ea898 1626 struct hci_request req;
2aeb9a1a
JH		 1627 int err, found;
1628
bdb6d971 1629 BT_DBG("request for %s", hdev->name);
2aeb9a1a 1630
09fd0de5 1631 hci_dev_lock(hdev);
2aeb9a1a 1632
0cab9c80 1633 if (pending_eir_or_class(hdev)) {
bdb6d971 1634 err = cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
04124681 1635 MGMT_STATUS_BUSY);
c95f0ba7
JH		 1636 goto unlock;
1637 }
1638
2aeb9a1a
JH		 1639 if (memcmp(cp->uuid, bt_uuid_any, 16) == 0) {
1640 err = hci_uuids_clear(hdev);
4004b6d9 1641
24b78d0f 1642 if (enable_service_cache(hdev)) {
bdb6d971 1643 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID,
04124681 1644 0, hdev->dev_class, 3);
24b78d0f
JH		 1645 goto unlock;
1646 }
4004b6d9 1647
9246a869 1648 goto update_class;
2aeb9a1a
JH		 1649 }
1650
1651 found = 0;
1652
056341c8 1653 list_for_each_entry_safe(match, tmp, &hdev->uuids, list) {
2aeb9a1a
JH		 1654 if (memcmp(match->uuid, cp->uuid, 16) != 0)
1655 continue;
1656
1657 list_del(&match->list);
482049f7 1658 kfree(match);
2aeb9a1a
JH		 1659 found++;
1660 }
1661
1662 if (found == 0) {
bdb6d971 1663 err = cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
04124681 1664 MGMT_STATUS_INVALID_PARAMS);
2aeb9a1a
JH		 1665 goto unlock;
1666 }
1667
9246a869 1668update_class:
890ea898 1669 hci_req_init(&req, hdev);
1aff6f09 1670
890ea898
JH		 1671 update_class(&req);
1672 update_eir(&req);
1673
92da6097
JH		 1674 err = hci_req_run(&req, remove_uuid_complete);
1675 if (err < 0) {
1676 if (err != -ENODATA)
1677 goto unlock;
80a1e1db 1678
bdb6d971 1679 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID, 0,
04124681 1680 hdev->dev_class, 3);
90e70454
JH		 1681 goto unlock;
1682 }
1683
1684 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_UUID, hdev, data, len);
890ea898 1685 if (!cmd) {
90e70454 1686 err = -ENOMEM;
890ea898
JH		 1687 goto unlock;
1688 }
1689
1690 err = 0;
2aeb9a1a
JH		 1691
1692unlock:
09fd0de5 1693 hci_dev_unlock(hdev);
2aeb9a1a
JH		 1694 return err;
1695}
1696
92da6097
JH		 1697static void set_class_complete(struct hci_dev *hdev, u8 status)
1698{
1699 BT_DBG("status 0x%02x", status);
1700
1701 mgmt_class_complete(hdev, MGMT_OP_SET_DEV_CLASS, status);
1702}
1703
bdb6d971 1704static int set_dev_class(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1705 u16 len)
1aff6f09 1706{
650f726d 1707 struct mgmt_cp_set_dev_class *cp = data;
90e70454 1708 struct pending_cmd *cmd;
890ea898 1709 struct hci_request req;
1aff6f09
JH		 1710 int err;
1711
bdb6d971 1712 BT_DBG("request for %s", hdev->name);
1aff6f09 1713
13ecd8b6
JH		 1714 if (!lmp_bredr_capable(hdev))
1715 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
1716 MGMT_STATUS_NOT_SUPPORTED);
1aff6f09 1717
0cab9c80 1718 hci_dev_lock(hdev);
ee98f473 1719
0cab9c80
JH		 1720 if (pending_eir_or_class(hdev)) {
1721 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
1722 MGMT_STATUS_BUSY);
1723 goto unlock;
1724 }
c95f0ba7 1725
0cab9c80
JH		 1726 if ((cp->minor & 0x03) != 0 || (cp->major & 0xe0) != 0) {
1727 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
1728 MGMT_STATUS_INVALID_PARAMS);
1729 goto unlock;
1730 }
575b3a02 1731
932f5ff5
JH		 1732 hdev->major_class = cp->major;
1733 hdev->minor_class = cp->minor;
1734
b5235a65 1735 if (!hdev_is_powered(hdev)) {
bdb6d971 1736 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
04124681 1737 hdev->dev_class, 3);
b5235a65
JH		 1738 goto unlock;
1739 }
1740
890ea898
JH		 1741 hci_req_init(&req, hdev);
1742
a8b2d5c2 1743 if (test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
7d78525d
JH		 1744 hci_dev_unlock(hdev);
1745 cancel_delayed_work_sync(&hdev->service_cache);
1746 hci_dev_lock(hdev);
890ea898 1747 update_eir(&req);
7d78525d 1748 }
14c0b608 1749
890ea898
JH		 1750 update_class(&req);
1751
92da6097
JH		 1752 err = hci_req_run(&req, set_class_complete);
1753 if (err < 0) {
1754 if (err != -ENODATA)
1755 goto unlock;
1aff6f09 1756
bdb6d971 1757 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
04124681 1758 hdev->dev_class, 3);
90e70454
JH		 1759 goto unlock;
1760 }
1761
1762 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DEV_CLASS, hdev, data, len);
890ea898 1763 if (!cmd) {
90e70454 1764 err = -ENOMEM;
890ea898
JH		 1765 goto unlock;
1766 }
1767
1768 err = 0;
1aff6f09 1769
b5235a65 1770unlock:
09fd0de5 1771 hci_dev_unlock(hdev);
1aff6f09
JH		 1772 return err;
1773}
1774
bdb6d971 1775static int load_link_keys(struct sock *sk, struct hci_dev *hdev, void *data,
8ce8e2b5 1776 u16 len)
55ed8ca1 1777{
650f726d 1778 struct mgmt_cp_load_link_keys *cp = data;
4e51eae9 1779 u16 key_count, expected_len;
a492cd52 1780 int i;
55ed8ca1 1781
1f350c87 1782 key_count = __le16_to_cpu(cp->key_count);
55ed8ca1 1783
86742e1e
JH		 1784 expected_len = sizeof(*cp) + key_count *
1785 sizeof(struct mgmt_link_key_info);
a492cd52 1786 if (expected_len != len) {
86742e1e 1787 BT_ERR("load_link_keys: expected %u bytes, got %u bytes",
8ce8e2b5 1788 len, expected_len);
bdb6d971 1789 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
04124681 1790 MGMT_STATUS_INVALID_PARAMS);
55ed8ca1
JH		 1791 }
1792
4ae14301
JH		 1793 if (cp->debug_keys != 0x00 && cp->debug_keys != 0x01)
1794 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
1795 MGMT_STATUS_INVALID_PARAMS);
1796
bdb6d971 1797 BT_DBG("%s debug_keys %u key_count %u", hdev->name, cp->debug_keys,
8ce8e2b5 1798 key_count);
55ed8ca1 1799
4ee71b20
JH		 1800 for (i = 0; i < key_count; i++) {
1801 struct mgmt_link_key_info *key = &cp->keys[i];
1802
1803 if (key->addr.type != BDADDR_BREDR)
1804 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
1805 MGMT_STATUS_INVALID_PARAMS);
1806 }
1807
09fd0de5 1808 hci_dev_lock(hdev);
55ed8ca1
JH		 1809
1810 hci_link_keys_clear(hdev);
1811
55ed8ca1 1812 if (cp->debug_keys)
a8b2d5c2 1813 set_bit(HCI_DEBUG_KEYS, &hdev->dev_flags);
55ed8ca1 1814 else
a8b2d5c2 1815 clear_bit(HCI_DEBUG_KEYS, &hdev->dev_flags);
55ed8ca1 1816
a492cd52 1817 for (i = 0; i < key_count; i++) {
86742e1e 1818 struct mgmt_link_key_info *key = &cp->keys[i];
55ed8ca1 1819
d753fdc4 1820 hci_add_link_key(hdev, NULL, 0, &key->addr.bdaddr, key->val,
04124681 1821 key->type, key->pin_len);
55ed8ca1
JH		 1822 }
1823
bdb6d971 1824 cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS, 0, NULL, 0);
0e5f875a 1825
09fd0de5 1826 hci_dev_unlock(hdev);
55ed8ca1 1827
a492cd52 1828 return 0;
55ed8ca1
JH		 1829}
1830
b1078ad0 1831static int device_unpaired(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 1832 u8 addr_type, struct sock *skip_sk)
b1078ad0
JH		 1833{
1834 struct mgmt_ev_device_unpaired ev;
1835
1836 bacpy(&ev.addr.bdaddr, bdaddr);
1837 ev.addr.type = addr_type;
1838
1839 return mgmt_event(MGMT_EV_DEVICE_UNPAIRED, hdev, &ev, sizeof(ev),
04124681 1840 skip_sk);
b1078ad0
JH		 1841}
1842
bdb6d971 1843static int unpair_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1844 u16 len)
55ed8ca1 1845{
124f6e35
JH		 1846 struct mgmt_cp_unpair_device *cp = data;
1847 struct mgmt_rp_unpair_device rp;
a8a1d19e
JH		 1848 struct hci_cp_disconnect dc;
1849 struct pending_cmd *cmd;
55ed8ca1 1850 struct hci_conn *conn;
55ed8ca1
JH		 1851 int err;
1852
a8a1d19e 1853 memset(&rp, 0, sizeof(rp));
124f6e35
JH		 1854 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
1855 rp.addr.type = cp->addr.type;
a8a1d19e 1856
4ee71b20
JH		 1857 if (!bdaddr_type_is_valid(cp->addr.type))
1858 return cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
1859 MGMT_STATUS_INVALID_PARAMS,
1860 &rp, sizeof(rp));
1861
118da70b
JH		 1862 if (cp->disconnect != 0x00 && cp->disconnect != 0x01)
1863 return cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
1864 MGMT_STATUS_INVALID_PARAMS,
1865 &rp, sizeof(rp));
1866
4ee71b20
JH		 1867 hci_dev_lock(hdev);
1868
86a8cfc6 1869 if (!hdev_is_powered(hdev)) {
bdb6d971 1870 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
04124681 1871 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
86a8cfc6
JH		 1872 goto unlock;
1873 }
1874
591f47f3 1875 if (cp->addr.type == BDADDR_BREDR)
124f6e35
JH		 1876 err = hci_remove_link_key(hdev, &cp->addr.bdaddr);
1877 else
1878 err = hci_remove_ltk(hdev, &cp->addr.bdaddr);
b0dbfb46 1879
55ed8ca1 1880 if (err < 0) {
bdb6d971 1881 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
04124681 1882 MGMT_STATUS_NOT_PAIRED, &rp, sizeof(rp));
55ed8ca1
JH		 1883 goto unlock;
1884 }
1885
86a8cfc6 1886 if (cp->disconnect) {
591f47f3 1887 if (cp->addr.type == BDADDR_BREDR)
86a8cfc6 1888 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
8ce8e2b5 1889 &cp->addr.bdaddr);
86a8cfc6
JH		 1890 else
1891 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK,
8ce8e2b5 1892 &cp->addr.bdaddr);
86a8cfc6
JH		 1893 } else {
1894 conn = NULL;
1895 }
124f6e35 1896
a8a1d19e 1897 if (!conn) {
bdb6d971 1898 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE, 0,
04124681 1899 &rp, sizeof(rp));
b1078ad0 1900 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, sk);
a8a1d19e
JH		 1901 goto unlock;
1902 }
55ed8ca1 1903
124f6e35 1904 cmd = mgmt_pending_add(sk, MGMT_OP_UNPAIR_DEVICE, hdev, cp,
04124681 1905 sizeof(*cp));
a8a1d19e
JH		 1906 if (!cmd) {
1907 err = -ENOMEM;
1908 goto unlock;
55ed8ca1
JH		 1909 }
1910
eb55ef07 1911 dc.handle = cpu_to_le16(conn->handle);
a8a1d19e
JH		 1912 dc.reason = 0x13; /* Remote User Terminated Connection */
1913 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
1914 if (err < 0)
1915 mgmt_pending_remove(cmd);
1916
55ed8ca1 1917unlock:
09fd0de5 1918 hci_dev_unlock(hdev);
55ed8ca1
JH		 1919 return err;
1920}
1921
bdb6d971 1922static int disconnect(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1923 u16 len)
8962ee74 1924{
650f726d 1925 struct mgmt_cp_disconnect *cp = data;
06a63b19 1926 struct mgmt_rp_disconnect rp;
8962ee74 1927 struct hci_cp_disconnect dc;
366a0336 1928 struct pending_cmd *cmd;
8962ee74 1929 struct hci_conn *conn;
8962ee74
JH		 1930 int err;
1931
1932 BT_DBG("");
1933
06a63b19
JH		 1934 memset(&rp, 0, sizeof(rp));
1935 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
1936 rp.addr.type = cp->addr.type;
1937
4ee71b20 1938 if (!bdaddr_type_is_valid(cp->addr.type))
06a63b19
JH		 1939 return cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
1940 MGMT_STATUS_INVALID_PARAMS,
1941 &rp, sizeof(rp));
4ee71b20 1942
09fd0de5 1943 hci_dev_lock(hdev);
8962ee74
JH		 1944
1945 if (!test_bit(HCI_UP, &hdev->flags)) {
06a63b19
JH		 1946 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
1947 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
8962ee74
JH		 1948 goto failed;
1949 }
1950
2e58ef3e 1951 if (mgmt_pending_find(MGMT_OP_DISCONNECT, hdev)) {
06a63b19
JH		 1952 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
1953 MGMT_STATUS_BUSY, &rp, sizeof(rp));
8962ee74
JH		 1954 goto failed;
1955 }
1956
591f47f3 1957 if (cp->addr.type == BDADDR_BREDR)
8fc9ced3
GP		 1958 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
1959 &cp->addr.bdaddr);
88c3df13
JH		 1960 else
1961 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
365227e5 1962
f960727e 1963 if (!conn || conn->state == BT_OPEN || conn->state == BT_CLOSED) {
06a63b19
JH		 1964 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
1965 MGMT_STATUS_NOT_CONNECTED, &rp, sizeof(rp));
8962ee74
JH		 1966 goto failed;
1967 }
1968
2e58ef3e 1969 cmd = mgmt_pending_add(sk, MGMT_OP_DISCONNECT, hdev, data, len);
366a0336
JH		 1970 if (!cmd) {
1971 err = -ENOMEM;
8962ee74 1972 goto failed;
366a0336 1973 }
8962ee74 1974
eb55ef07 1975 dc.handle = cpu_to_le16(conn->handle);
3701f944 1976 dc.reason = HCI_ERROR_REMOTE_USER_TERM;
8962ee74
JH		 1977
1978 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
1979 if (err < 0)
a664b5bc 1980 mgmt_pending_remove(cmd);
8962ee74
JH		 1981
1982failed:
09fd0de5 1983 hci_dev_unlock(hdev);
8962ee74
JH		 1984 return err;
1985}
1986
57c1477c 1987static u8 link_to_bdaddr(u8 link_type, u8 addr_type)
4c659c39
JH		 1988{
1989 switch (link_type) {
1990 case LE_LINK:
48264f06
JH		 1991 switch (addr_type) {
1992 case ADDR_LE_DEV_PUBLIC:
591f47f3 1993 return BDADDR_LE_PUBLIC;
0ed09148 1994
48264f06 1995 default:
0ed09148 1996 /* Fallback to LE Random address type */
591f47f3 1997 return BDADDR_LE_RANDOM;
48264f06 1998 }
0ed09148 1999
4c659c39 2000 default:
0ed09148 2001 /* Fallback to BR/EDR type */
591f47f3 2002 return BDADDR_BREDR;
4c659c39
JH		 2003 }
2004}
2005
04124681
GP		 2006static int get_connections(struct sock *sk, struct hci_dev *hdev, void *data,
2007 u16 data_len)
2784eb41 2008{
2784eb41 2009 struct mgmt_rp_get_connections *rp;
8035ded4 2010 struct hci_conn *c;
a38528f1 2011 size_t rp_len;
60fc5fb6
JH		 2012 int err;
2013 u16 i;
2784eb41
JH		 2014
2015 BT_DBG("");
2016
09fd0de5 2017 hci_dev_lock(hdev);
2784eb41 2018
5f97c1df 2019 if (!hdev_is_powered(hdev)) {
bdb6d971 2020 err = cmd_status(sk, hdev->id, MGMT_OP_GET_CONNECTIONS,
04124681 2021 MGMT_STATUS_NOT_POWERED);
5f97c1df
JH		 2022 goto unlock;
2023 }
2024
60fc5fb6 2025 i = 0;
b644ba33
JH		 2026 list_for_each_entry(c, &hdev->conn_hash.list, list) {
2027 if (test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
60fc5fb6 2028 i++;
2784eb41
JH		 2029 }
2030
60fc5fb6 2031 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
92c4c204 2032 rp = kmalloc(rp_len, GFP_KERNEL);
a38528f1 2033 if (!rp) {
2784eb41
JH		 2034 err = -ENOMEM;
2035 goto unlock;
2036 }
2037
2784eb41 2038 i = 0;
4c659c39 2039 list_for_each_entry(c, &hdev->conn_hash.list, list) {
b644ba33
JH		 2040 if (!test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
2041 continue;
4c659c39 2042 bacpy(&rp->addr[i].bdaddr, &c->dst);
57c1477c 2043 rp->addr[i].type = link_to_bdaddr(c->type, c->dst_type);
0ed09148 2044 if (c->type == SCO_LINK || c->type == ESCO_LINK)
4c659c39
JH		 2045 continue;
2046 i++;
2047 }
2048
eb55ef07 2049 rp->conn_count = cpu_to_le16(i);
60fc5fb6 2050
4c659c39
JH		 2051 /* Recalculate length in case of filtered SCO connections, etc */
2052 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
2784eb41 2053
bdb6d971 2054 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CONNECTIONS, 0, rp,
04124681 2055 rp_len);
2784eb41 2056
a38528f1 2057 kfree(rp);
5f97c1df
JH		 2058
2059unlock:
09fd0de5 2060 hci_dev_unlock(hdev);
2784eb41
JH		 2061 return err;
2062}
2063
bdb6d971 2064static int send_pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 2065 struct mgmt_cp_pin_code_neg_reply *cp)
96d97a67
WR		 2066{
2067 struct pending_cmd *cmd;
2068 int err;
2069
2e58ef3e 2070 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_NEG_REPLY, hdev, cp,
04124681 2071 sizeof(*cp));
96d97a67
WR		 2072 if (!cmd)
2073 return -ENOMEM;
2074
d8457698 2075 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
04124681 2076 sizeof(cp->addr.bdaddr), &cp->addr.bdaddr);
96d97a67
WR		 2077 if (err < 0)
2078 mgmt_pending_remove(cmd);
2079
2080 return err;
2081}
2082
bdb6d971 2083static int pin_code_reply(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2084 u16 len)
980e1a53 2085{
96d97a67 2086 struct hci_conn *conn;
650f726d 2087 struct mgmt_cp_pin_code_reply *cp = data;
980e1a53 2088 struct hci_cp_pin_code_reply reply;
366a0336 2089 struct pending_cmd *cmd;
980e1a53
JH		 2090 int err;
2091
2092 BT_DBG("");
2093
09fd0de5 2094 hci_dev_lock(hdev);
980e1a53 2095
4b34ee78 2096 if (!hdev_is_powered(hdev)) {
bdb6d971 2097 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
04124681 2098 MGMT_STATUS_NOT_POWERED);
980e1a53
JH		 2099 goto failed;
2100 }
2101
d8457698 2102 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->addr.bdaddr);
96d97a67 2103 if (!conn) {
bdb6d971 2104 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
04124681 2105 MGMT_STATUS_NOT_CONNECTED);
96d97a67
WR		 2106 goto failed;
2107 }
2108
2109 if (conn->pending_sec_level == BT_SECURITY_HIGH && cp->pin_len != 16) {
d8457698
JH		 2110 struct mgmt_cp_pin_code_neg_reply ncp;
2111
2112 memcpy(&ncp.addr, &cp->addr, sizeof(ncp.addr));
96d97a67
WR		 2113
2114 BT_ERR("PIN code is not 16 bytes long");
2115
bdb6d971 2116 err = send_pin_code_neg_reply(sk, hdev, &ncp);
96d97a67 2117 if (err >= 0)
bdb6d971 2118 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
04124681 2119 MGMT_STATUS_INVALID_PARAMS);
96d97a67
WR		 2120
2121 goto failed;
2122 }
2123
00abfe44 2124 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_REPLY, hdev, data, len);
366a0336
JH		 2125 if (!cmd) {
2126 err = -ENOMEM;
980e1a53 2127 goto failed;
366a0336 2128 }
980e1a53 2129
d8457698 2130 bacpy(&reply.bdaddr, &cp->addr.bdaddr);
980e1a53 2131 reply.pin_len = cp->pin_len;
24718ca5 2132 memcpy(reply.pin_code, cp->pin_code, sizeof(reply.pin_code));
980e1a53
JH		 2133
2134 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_REPLY, sizeof(reply), &reply);
2135 if (err < 0)
a664b5bc 2136 mgmt_pending_remove(cmd);
980e1a53
JH		 2137
2138failed:
09fd0de5 2139 hci_dev_unlock(hdev);
980e1a53
JH		 2140 return err;
2141}
2142
04124681
GP		 2143static int set_io_capability(struct sock *sk, struct hci_dev *hdev, void *data,
2144 u16 len)
17fa4b9d 2145{
650f726d 2146 struct mgmt_cp_set_io_capability *cp = data;
17fa4b9d
JH		 2147
2148 BT_DBG("");
2149
09fd0de5 2150 hci_dev_lock(hdev);
17fa4b9d
JH		 2151
2152 hdev->io_capability = cp->io_capability;
2153
2154 BT_DBG("%s IO capability set to 0x%02x", hdev->name,
8ce8e2b5 2155 hdev->io_capability);
17fa4b9d 2156
09fd0de5 2157 hci_dev_unlock(hdev);
17fa4b9d 2158
04124681
GP		 2159 return cmd_complete(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY, 0, NULL,
2160 0);
17fa4b9d
JH		 2161}
2162
6039aa73 2163static struct pending_cmd *find_pairing(struct hci_conn *conn)
e9a416b5
JH		 2164{
2165 struct hci_dev *hdev = conn->hdev;
8035ded4 2166 struct pending_cmd *cmd;
e9a416b5 2167
2e58ef3e 2168 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
e9a416b5
JH		 2169 if (cmd->opcode != MGMT_OP_PAIR_DEVICE)
2170 continue;
2171
e9a416b5
JH		 2172 if (cmd->user_data != conn)
2173 continue;
2174
2175 return cmd;
2176 }
2177
2178 return NULL;
2179}
2180
2181static void pairing_complete(struct pending_cmd *cmd, u8 status)
2182{
2183 struct mgmt_rp_pair_device rp;
2184 struct hci_conn *conn = cmd->user_data;
2185
ba4e564f 2186 bacpy(&rp.addr.bdaddr, &conn->dst);
57c1477c 2187 rp.addr.type = link_to_bdaddr(conn->type, conn->dst_type);
e9a416b5 2188
aee9b218 2189 cmd_complete(cmd->sk, cmd->index, MGMT_OP_PAIR_DEVICE, status,
04124681 2190 &rp, sizeof(rp));
e9a416b5
JH		 2191
2192 /* So we don't get further callbacks for this connection */
2193 conn->connect_cfm_cb = NULL;
2194 conn->security_cfm_cb = NULL;
2195 conn->disconn_cfm_cb = NULL;
2196
76a68ba0 2197 hci_conn_drop(conn);
e9a416b5 2198
a664b5bc 2199 mgmt_pending_remove(cmd);
e9a416b5
JH		 2200}
2201
2202static void pairing_complete_cb(struct hci_conn *conn, u8 status)
2203{
2204 struct pending_cmd *cmd;
2205
2206 BT_DBG("status %u", status);
2207
2208 cmd = find_pairing(conn);
56e5cb86 2209 if (!cmd)
e9a416b5 2210 BT_DBG("Unable to find a pending command");
56e5cb86 2211 else
e211326c 2212 pairing_complete(cmd, mgmt_status(status));
e9a416b5
JH		 2213}
2214
4c47d739
VA		 2215static void le_connect_complete_cb(struct hci_conn *conn, u8 status)
2216{
2217 struct pending_cmd *cmd;
2218
2219 BT_DBG("status %u", status);
2220
2221 if (!status)
2222 return;
2223
2224 cmd = find_pairing(conn);
2225 if (!cmd)
2226 BT_DBG("Unable to find a pending command");
2227 else
2228 pairing_complete(cmd, mgmt_status(status));
2229}
2230
bdb6d971 2231static int pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2232 u16 len)
e9a416b5 2233{
650f726d 2234 struct mgmt_cp_pair_device *cp = data;
1425acb7 2235 struct mgmt_rp_pair_device rp;
e9a416b5
JH		 2236 struct pending_cmd *cmd;
2237 u8 sec_level, auth_type;
2238 struct hci_conn *conn;
e9a416b5
JH		 2239 int err;
2240
2241 BT_DBG("");
2242
f950a30e
SJ		 2243 memset(&rp, 0, sizeof(rp));
2244 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2245 rp.addr.type = cp->addr.type;
2246
4ee71b20
JH		 2247 if (!bdaddr_type_is_valid(cp->addr.type))
2248 return cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2249 MGMT_STATUS_INVALID_PARAMS,
2250 &rp, sizeof(rp));
2251
09fd0de5 2252 hci_dev_lock(hdev);
e9a416b5 2253
5f97c1df 2254 if (!hdev_is_powered(hdev)) {
f950a30e
SJ		 2255 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2256 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
5f97c1df
JH		 2257 goto unlock;
2258 }
2259
c908df36
VCG		 2260 sec_level = BT_SECURITY_MEDIUM;
2261 if (cp->io_cap == 0x03)
e9a416b5 2262 auth_type = HCI_AT_DEDICATED_BONDING;
c908df36 2263 else
e9a416b5 2264 auth_type = HCI_AT_DEDICATED_BONDING_MITM;
e9a416b5 2265
591f47f3 2266 if (cp->addr.type == BDADDR_BREDR)
b12f62cf
AG		 2267 conn = hci_connect(hdev, ACL_LINK, &cp->addr.bdaddr,
2268 cp->addr.type, sec_level, auth_type);
7a512d01 2269 else
b12f62cf
AG		 2270 conn = hci_connect(hdev, LE_LINK, &cp->addr.bdaddr,
2271 cp->addr.type, sec_level, auth_type);
7a512d01 2272
30e76272 2273 if (IS_ERR(conn)) {
489dc48e
AK		 2274 int status;
2275
2276 if (PTR_ERR(conn) == -EBUSY)
2277 status = MGMT_STATUS_BUSY;
2278 else
2279 status = MGMT_STATUS_CONNECT_FAILED;
2280
bdb6d971 2281 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
489dc48e 2282 status, &rp,
04124681 2283 sizeof(rp));
e9a416b5
JH		 2284 goto unlock;
2285 }
2286
2287 if (conn->connect_cfm_cb) {
76a68ba0 2288 hci_conn_drop(conn);
bdb6d971 2289 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
04124681 2290 MGMT_STATUS_BUSY, &rp, sizeof(rp));
e9a416b5
JH		 2291 goto unlock;
2292 }
2293
2e58ef3e 2294 cmd = mgmt_pending_add(sk, MGMT_OP_PAIR_DEVICE, hdev, data, len);
e9a416b5
JH		 2295 if (!cmd) {
2296 err = -ENOMEM;
76a68ba0 2297 hci_conn_drop(conn);
e9a416b5
JH		 2298 goto unlock;
2299 }
2300
7a512d01 2301 /* For LE, just connecting isn't a proof that the pairing finished */
591f47f3 2302 if (cp->addr.type == BDADDR_BREDR)
7a512d01 2303 conn->connect_cfm_cb = pairing_complete_cb;
4c47d739
VA		 2304 else
2305 conn->connect_cfm_cb = le_connect_complete_cb;
7a512d01 2306
e9a416b5
JH		 2307 conn->security_cfm_cb = pairing_complete_cb;
2308 conn->disconn_cfm_cb = pairing_complete_cb;
2309 conn->io_capability = cp->io_cap;
2310 cmd->user_data = conn;
2311
2312 if (conn->state == BT_CONNECTED &&
8ce8e2b5 2313 hci_conn_security(conn, sec_level, auth_type))
e9a416b5
JH		 2314 pairing_complete(cmd, 0);
2315
2316 err = 0;
2317
2318unlock:
09fd0de5 2319 hci_dev_unlock(hdev);
e9a416b5
JH		 2320 return err;
2321}
2322
04124681
GP		 2323static int cancel_pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
2324 u16 len)
28424707 2325{
0f4e68cf 2326 struct mgmt_addr_info *addr = data;
28424707
JH		 2327 struct pending_cmd *cmd;
2328 struct hci_conn *conn;
2329 int err;
2330
2331 BT_DBG("");
2332
28424707
JH		 2333 hci_dev_lock(hdev);
2334
5f97c1df 2335 if (!hdev_is_powered(hdev)) {
bdb6d971 2336 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
04124681 2337 MGMT_STATUS_NOT_POWERED);
5f97c1df
JH		 2338 goto unlock;
2339 }
2340
28424707
JH		 2341 cmd = mgmt_pending_find(MGMT_OP_PAIR_DEVICE, hdev);
2342 if (!cmd) {
bdb6d971 2343 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
04124681 2344 MGMT_STATUS_INVALID_PARAMS);
28424707
JH		 2345 goto unlock;
2346 }
2347
2348 conn = cmd->user_data;
2349
2350 if (bacmp(&addr->bdaddr, &conn->dst) != 0) {
bdb6d971 2351 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
04124681 2352 MGMT_STATUS_INVALID_PARAMS);
28424707
JH		 2353 goto unlock;
2354 }
2355
2356 pairing_complete(cmd, MGMT_STATUS_CANCELLED);
2357
bdb6d971 2358 err = cmd_complete(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE, 0,
04124681 2359 addr, sizeof(*addr));
28424707
JH		 2360unlock:
2361 hci_dev_unlock(hdev);
28424707
JH		 2362 return err;
2363}
2364
bdb6d971 2365static int user_pairing_resp(struct sock *sk, struct hci_dev *hdev,
1707c60e 2366 struct mgmt_addr_info *addr, u16 mgmt_op,
04124681 2367 u16 hci_op, __le32 passkey)
a5c29683 2368{
a5c29683 2369 struct pending_cmd *cmd;
0df4c185 2370 struct hci_conn *conn;
a5c29683
JH		 2371 int err;
2372
09fd0de5 2373 hci_dev_lock(hdev);
08ba5382 2374
4b34ee78 2375 if (!hdev_is_powered(hdev)) {
feb94d3d
JH		 2376 err = cmd_complete(sk, hdev->id, mgmt_op,
2377 MGMT_STATUS_NOT_POWERED, addr,
2378 sizeof(*addr));
0df4c185 2379 goto done;
a5c29683
JH		 2380 }
2381
1707c60e
JH		 2382 if (addr->type == BDADDR_BREDR)
2383 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &addr->bdaddr);
272d90df 2384 else
1707c60e 2385 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &addr->bdaddr);
272d90df
JH		 2386
2387 if (!conn) {
feb94d3d
JH		 2388 err = cmd_complete(sk, hdev->id, mgmt_op,
2389 MGMT_STATUS_NOT_CONNECTED, addr,
2390 sizeof(*addr));
272d90df
JH		 2391 goto done;
2392 }
47c15e2b 2393
1707c60e 2394 if (addr->type == BDADDR_LE_PUBLIC || addr->type == BDADDR_LE_RANDOM) {
47c15e2b 2395 /* Continue with pairing via SMP */
5fe57d9e
BG		 2396 err = smp_user_confirm_reply(conn, mgmt_op, passkey);
2397
2398 if (!err)
feb94d3d
JH		 2399 err = cmd_complete(sk, hdev->id, mgmt_op,
2400 MGMT_STATUS_SUCCESS, addr,
2401 sizeof(*addr));
5fe57d9e 2402 else
feb94d3d
JH		 2403 err = cmd_complete(sk, hdev->id, mgmt_op,
2404 MGMT_STATUS_FAILED, addr,
2405 sizeof(*addr));
47c15e2b 2406
47c15e2b
BG		 2407 goto done;
2408 }
2409
1707c60e 2410 cmd = mgmt_pending_add(sk, mgmt_op, hdev, addr, sizeof(*addr));
a5c29683
JH		 2411 if (!cmd) {
2412 err = -ENOMEM;
0df4c185 2413 goto done;
a5c29683
JH		 2414 }
2415
0df4c185 2416 /* Continue with pairing via HCI */
604086b7
BG		 2417 if (hci_op == HCI_OP_USER_PASSKEY_REPLY) {
2418 struct hci_cp_user_passkey_reply cp;
2419
1707c60e 2420 bacpy(&cp.bdaddr, &addr->bdaddr);
604086b7
BG		 2421 cp.passkey = passkey;
2422 err = hci_send_cmd(hdev, hci_op, sizeof(cp), &cp);
2423 } else
1707c60e
JH		 2424 err = hci_send_cmd(hdev, hci_op, sizeof(addr->bdaddr),
2425 &addr->bdaddr);
604086b7 2426
a664b5bc
JH		 2427 if (err < 0)
2428 mgmt_pending_remove(cmd);
a5c29683 2429
0df4c185 2430done:
09fd0de5 2431 hci_dev_unlock(hdev);
a5c29683
JH		 2432 return err;
2433}
2434
afeb019d
JK		 2435static int pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
2436 void *data, u16 len)
2437{
2438 struct mgmt_cp_pin_code_neg_reply *cp = data;
2439
2440 BT_DBG("");
2441
1707c60e 2442 return user_pairing_resp(sk, hdev, &cp->addr,
afeb019d
JK		 2443 MGMT_OP_PIN_CODE_NEG_REPLY,
2444 HCI_OP_PIN_CODE_NEG_REPLY, 0);
2445}
2446
04124681
GP		 2447static int user_confirm_reply(struct sock *sk, struct hci_dev *hdev, void *data,
2448 u16 len)
0df4c185 2449{
650f726d 2450 struct mgmt_cp_user_confirm_reply *cp = data;
0df4c185
BG		 2451
2452 BT_DBG("");
2453
2454 if (len != sizeof(*cp))
bdb6d971 2455 return cmd_status(sk, hdev->id, MGMT_OP_USER_CONFIRM_REPLY,
04124681 2456 MGMT_STATUS_INVALID_PARAMS);
0df4c185 2457
1707c60e 2458 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 2459 MGMT_OP_USER_CONFIRM_REPLY,
2460 HCI_OP_USER_CONFIRM_REPLY, 0);
0df4c185
BG		 2461}
2462
bdb6d971 2463static int user_confirm_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 2464 void *data, u16 len)
0df4c185 2465{
c9c2659f 2466 struct mgmt_cp_user_confirm_neg_reply *cp = data;
0df4c185
BG		 2467
2468 BT_DBG("");
2469
1707c60e 2470 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 2471 MGMT_OP_USER_CONFIRM_NEG_REPLY,
2472 HCI_OP_USER_CONFIRM_NEG_REPLY, 0);
0df4c185
BG		 2473}
2474
04124681
GP		 2475static int user_passkey_reply(struct sock *sk, struct hci_dev *hdev, void *data,
2476 u16 len)
604086b7 2477{
650f726d 2478 struct mgmt_cp_user_passkey_reply *cp = data;
604086b7
BG		 2479
2480 BT_DBG("");
2481
1707c60e 2482 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 2483 MGMT_OP_USER_PASSKEY_REPLY,
2484 HCI_OP_USER_PASSKEY_REPLY, cp->passkey);
604086b7
BG		 2485}
2486
bdb6d971 2487static int user_passkey_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 2488 void *data, u16 len)
604086b7 2489{
650f726d 2490 struct mgmt_cp_user_passkey_neg_reply *cp = data;
604086b7
BG		 2491
2492 BT_DBG("");
2493
1707c60e 2494 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 2495 MGMT_OP_USER_PASSKEY_NEG_REPLY,
2496 HCI_OP_USER_PASSKEY_NEG_REPLY, 0);
604086b7
BG		 2497}
2498
13928971 2499static void update_name(struct hci_request *req)
2b4bf397 2500{
13928971 2501 struct hci_dev *hdev = req->hdev;
2b4bf397
JH		 2502 struct hci_cp_write_local_name cp;
2503
13928971 2504 memcpy(cp.name, hdev->dev_name, sizeof(cp.name));
2b4bf397 2505
890ea898 2506 hci_req_add(req, HCI_OP_WRITE_LOCAL_NAME, sizeof(cp), &cp);
2b4bf397
JH		 2507}
2508
13928971
JH		 2509static void set_name_complete(struct hci_dev *hdev, u8 status)
2510{
2511 struct mgmt_cp_set_local_name *cp;
2512 struct pending_cmd *cmd;
2513
2514 BT_DBG("status 0x%02x", status);
2515
2516 hci_dev_lock(hdev);
2517
2518 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
2519 if (!cmd)
2520 goto unlock;
2521
2522 cp = cmd->param;
2523
2524 if (status)
2525 cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME,
2526 mgmt_status(status));
2527 else
2528 cmd_complete(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
2529 cp, sizeof(*cp));
2530
2531 mgmt_pending_remove(cmd);
2532
2533unlock:
2534 hci_dev_unlock(hdev);
2535}
2536
bdb6d971 2537static int set_local_name(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2538 u16 len)
b312b161 2539{
2b4bf397 2540 struct mgmt_cp_set_local_name *cp = data;
b312b161 2541 struct pending_cmd *cmd;
890ea898 2542 struct hci_request req;
b312b161
JH		 2543 int err;
2544
2545 BT_DBG("");
2546
09fd0de5 2547 hci_dev_lock(hdev);
b312b161 2548
b3f2ca94
JH		 2549 /* If the old values are the same as the new ones just return a
2550 * direct command complete event.
2551 */
2552 if (!memcmp(hdev->dev_name, cp->name, sizeof(hdev->dev_name)) &&
2553 !memcmp(hdev->short_name, cp->short_name,
2554 sizeof(hdev->short_name))) {
2555 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
2556 data, len);
2557 goto failed;
2558 }
2559
2b4bf397 2560 memcpy(hdev->short_name, cp->short_name, sizeof(hdev->short_name));
28cc7bde 2561
b5235a65 2562 if (!hdev_is_powered(hdev)) {
2b4bf397 2563 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
28cc7bde
JH		 2564
2565 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
04124681 2566 data, len);
28cc7bde
JH		 2567 if (err < 0)
2568 goto failed;
2569
2570 err = mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, data, len,
04124681 2571 sk);
28cc7bde 2572
b5235a65
JH		 2573 goto failed;
2574 }
2575
28cc7bde 2576 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LOCAL_NAME, hdev, data, len);
b312b161
JH		 2577 if (!cmd) {
2578 err = -ENOMEM;
2579 goto failed;
2580 }
2581
13928971
JH		 2582 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
2583
890ea898 2584 hci_req_init(&req, hdev);
3f985050
JH		 2585
2586 if (lmp_bredr_capable(hdev)) {
2587 update_name(&req);
2588 update_eir(&req);
2589 }
2590
2591 if (lmp_le_capable(hdev))
2592 hci_update_ad(&req);
2593
13928971 2594 err = hci_req_run(&req, set_name_complete);
b312b161
JH		 2595 if (err < 0)
2596 mgmt_pending_remove(cmd);
2597
2598failed:
09fd0de5 2599 hci_dev_unlock(hdev);
b312b161
JH		 2600 return err;
2601}
2602
0f4e68cf 2603static int read_local_oob_data(struct sock *sk, struct hci_dev *hdev,
04124681 2604 void *data, u16 data_len)
c35938b2 2605{
c35938b2
SJ		 2606 struct pending_cmd *cmd;
2607 int err;
2608
bdb6d971 2609 BT_DBG("%s", hdev->name);
c35938b2 2610
09fd0de5 2611 hci_dev_lock(hdev);
c35938b2 2612
4b34ee78 2613 if (!hdev_is_powered(hdev)) {
bdb6d971 2614 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
04124681 2615 MGMT_STATUS_NOT_POWERED);
c35938b2
SJ		 2616 goto unlock;
2617 }
2618
9a1a1996 2619 if (!lmp_ssp_capable(hdev)) {
bdb6d971 2620 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
04124681 2621 MGMT_STATUS_NOT_SUPPORTED);
c35938b2
SJ		 2622 goto unlock;
2623 }
2624
2e58ef3e 2625 if (mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev)) {
bdb6d971 2626 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
04124681 2627 MGMT_STATUS_BUSY);
c35938b2
SJ		 2628 goto unlock;
2629 }
2630
2e58ef3e 2631 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_DATA, hdev, NULL, 0);
c35938b2
SJ		 2632 if (!cmd) {
2633 err = -ENOMEM;
2634 goto unlock;
2635 }
2636
2637 err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL);
2638 if (err < 0)
2639 mgmt_pending_remove(cmd);
2640
2641unlock:
09fd0de5 2642 hci_dev_unlock(hdev);
c35938b2
SJ		 2643 return err;
2644}
2645
bdb6d971 2646static int add_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
04124681 2647 void *data, u16 len)
2763eda6 2648{
650f726d 2649 struct mgmt_cp_add_remote_oob_data *cp = data;
bf1e3541 2650 u8 status;
2763eda6
SJ		 2651 int err;
2652
bdb6d971 2653 BT_DBG("%s ", hdev->name);
2763eda6 2654
09fd0de5 2655 hci_dev_lock(hdev);
2763eda6 2656
664ce4cc 2657 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr, cp->hash,
04124681 2658 cp->randomizer);
2763eda6 2659 if (err < 0)
bf1e3541 2660 status = MGMT_STATUS_FAILED;
2763eda6 2661 else
a6785be2 2662 status = MGMT_STATUS_SUCCESS;
bf1e3541 2663
bdb6d971 2664 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA, status,
04124681 2665 &cp->addr, sizeof(cp->addr));
2763eda6 2666
09fd0de5 2667 hci_dev_unlock(hdev);
2763eda6
SJ		 2668 return err;
2669}
2670
bdb6d971 2671static int remove_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
8ce8e2b5 2672 void *data, u16 len)
2763eda6 2673{
650f726d 2674 struct mgmt_cp_remove_remote_oob_data *cp = data;
bf1e3541 2675 u8 status;
2763eda6
SJ		 2676 int err;
2677
bdb6d971 2678 BT_DBG("%s", hdev->name);
2763eda6 2679
09fd0de5 2680 hci_dev_lock(hdev);
2763eda6 2681
664ce4cc 2682 err = hci_remove_remote_oob_data(hdev, &cp->addr.bdaddr);
2763eda6 2683 if (err < 0)
bf1e3541 2684 status = MGMT_STATUS_INVALID_PARAMS;
2763eda6 2685 else
a6785be2 2686 status = MGMT_STATUS_SUCCESS;
bf1e3541 2687
bdb6d971 2688 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
04124681 2689 status, &cp->addr, sizeof(cp->addr));
2763eda6 2690
09fd0de5 2691 hci_dev_unlock(hdev);
2763eda6
SJ		 2692 return err;
2693}
2694
41dc2bd6
AG		 2695static int mgmt_start_discovery_failed(struct hci_dev *hdev, u8 status)
2696{
2697 struct pending_cmd *cmd;
2698 u8 type;
2699 int err;
2700
2701 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
2702
2703 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
2704 if (!cmd)
2705 return -ENOENT;
2706
2707 type = hdev->discovery.type;
2708
2709 err = cmd_complete(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status),
2710 &type, sizeof(type));
2711 mgmt_pending_remove(cmd);
2712
2713 return err;
2714}
2715
7c307720
AG		 2716static void start_discovery_complete(struct hci_dev *hdev, u8 status)
2717{
2718 BT_DBG("status %d", status);
2719
2720 if (status) {
2721 hci_dev_lock(hdev);
2722 mgmt_start_discovery_failed(hdev, status);
2723 hci_dev_unlock(hdev);
2724 return;
2725 }
2726
2727 hci_dev_lock(hdev);
2728 hci_discovery_set_state(hdev, DISCOVERY_FINDING);
2729 hci_dev_unlock(hdev);
2730
2731 switch (hdev->discovery.type) {
2732 case DISCOV_TYPE_LE:
2733 queue_delayed_work(hdev->workqueue, &hdev->le_scan_disable,
0d8cc935 2734 DISCOV_LE_TIMEOUT);
7c307720
AG		 2735 break;
2736
2737 case DISCOV_TYPE_INTERLEAVED:
2738 queue_delayed_work(hdev->workqueue, &hdev->le_scan_disable,
0d8cc935 2739 DISCOV_INTERLEAVED_TIMEOUT);
7c307720
AG		 2740 break;
2741
2742 case DISCOV_TYPE_BREDR:
2743 break;
2744
2745 default:
2746 BT_ERR("Invalid discovery type %d", hdev->discovery.type);
2747 }
2748}
2749
bdb6d971 2750static int start_discovery(struct sock *sk, struct hci_dev *hdev,
04124681 2751 void *data, u16 len)
14a53664 2752{
650f726d 2753 struct mgmt_cp_start_discovery *cp = data;
14a53664 2754 struct pending_cmd *cmd;
7c307720
AG		 2755 struct hci_cp_le_set_scan_param param_cp;
2756 struct hci_cp_le_set_scan_enable enable_cp;
2757 struct hci_cp_inquiry inq_cp;
2758 struct hci_request req;
2759 /* General inquiry access code (GIAC) */
2760 u8 lap[3] = { 0x33, 0x8b, 0x9e };
14a53664
JH		 2761 int err;
2762
bdb6d971 2763 BT_DBG("%s", hdev->name);
14a53664 2764
09fd0de5 2765 hci_dev_lock(hdev);
14a53664 2766
4b34ee78 2767 if (!hdev_is_powered(hdev)) {
bdb6d971 2768 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
04124681 2769 MGMT_STATUS_NOT_POWERED);
bd2d1334
JH		 2770 goto failed;
2771 }
2772
642be6c7
AG		 2773 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags)) {
2774 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2775 MGMT_STATUS_BUSY);
2776 goto failed;
2777 }
2778
ff9ef578 2779 if (hdev->discovery.state != DISCOVERY_STOPPED) {
bdb6d971 2780 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
04124681 2781 MGMT_STATUS_BUSY);
ff9ef578
JH		 2782 goto failed;
2783 }
2784
2e58ef3e 2785 cmd = mgmt_pending_add(sk, MGMT_OP_START_DISCOVERY, hdev, NULL, 0);
14a53664
JH		 2786 if (!cmd) {
2787 err = -ENOMEM;
2788 goto failed;
2789 }
2790
4aab14e5
AG		 2791 hdev->discovery.type = cp->type;
2792
7c307720
AG		 2793 hci_req_init(&req, hdev);
2794
4aab14e5 2795 switch (hdev->discovery.type) {
f39799f5 2796 case DISCOV_TYPE_BREDR:
04106755
JH		 2797 if (!lmp_bredr_capable(hdev)) {
2798 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2799 MGMT_STATUS_NOT_SUPPORTED);
2800 mgmt_pending_remove(cmd);
2801 goto failed;
2802 }
2803
7c307720
AG		 2804 if (test_bit(HCI_INQUIRY, &hdev->flags)) {
2805 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2806 MGMT_STATUS_BUSY);
2807 mgmt_pending_remove(cmd);
2808 goto failed;
2809 }
2810
2811 hci_inquiry_cache_flush(hdev);
2812
2813 memset(&inq_cp, 0, sizeof(inq_cp));
2814 memcpy(&inq_cp.lap, lap, sizeof(inq_cp.lap));
0d8cc935 2815 inq_cp.length = DISCOV_BREDR_INQUIRY_LEN;
7c307720 2816 hci_req_add(&req, HCI_OP_INQUIRY, sizeof(inq_cp), &inq_cp);
f39799f5
AG		 2817 break;
2818
2819 case DISCOV_TYPE_LE:
7c307720 2820 case DISCOV_TYPE_INTERLEAVED:
757aee0f 2821 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
04106755
JH		 2822 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2823 MGMT_STATUS_NOT_SUPPORTED);
2824 mgmt_pending_remove(cmd);
2825 goto failed;
2826 }
2827
7c307720
AG		 2828 if (hdev->discovery.type == DISCOV_TYPE_INTERLEAVED &&
2829 !lmp_bredr_capable(hdev)) {
04106755
JH		 2830 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2831 MGMT_STATUS_NOT_SUPPORTED);
2832 mgmt_pending_remove(cmd);
2833 goto failed;
2834 }
2835
7c307720
AG		 2836 if (test_bit(HCI_LE_PERIPHERAL, &hdev->dev_flags)) {
2837 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2838 MGMT_STATUS_REJECTED);
2839 mgmt_pending_remove(cmd);
2840 goto failed;
2841 }
2842
2843 if (test_bit(HCI_LE_SCAN, &hdev->dev_flags)) {
2844 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2845 MGMT_STATUS_BUSY);
2846 mgmt_pending_remove(cmd);
2847 goto failed;
2848 }
2849
2850 memset(&param_cp, 0, sizeof(param_cp));
2851 param_cp.type = LE_SCAN_ACTIVE;
0d8cc935
AG		 2852 param_cp.interval = cpu_to_le16(DISCOV_LE_SCAN_INT);
2853 param_cp.window = cpu_to_le16(DISCOV_LE_SCAN_WIN);
7c307720
AG		 2854 hci_req_add(&req, HCI_OP_LE_SET_SCAN_PARAM, sizeof(param_cp),
2855 &param_cp);
2856
2857 memset(&enable_cp, 0, sizeof(enable_cp));
2858 enable_cp.enable = LE_SCAN_ENABLE;
2859 enable_cp.filter_dup = LE_SCAN_FILTER_DUP_ENABLE;
2860 hci_req_add(&req, HCI_OP_LE_SET_SCAN_ENABLE, sizeof(enable_cp),
2861 &enable_cp);
5e0452c0
AG		 2862 break;
2863
f39799f5 2864 default:
04106755
JH		 2865 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2866 MGMT_STATUS_INVALID_PARAMS);
2867 mgmt_pending_remove(cmd);
2868 goto failed;
f39799f5 2869 }
3fd24153 2870
7c307720 2871 err = hci_req_run(&req, start_discovery_complete);
14a53664
JH		 2872 if (err < 0)
2873 mgmt_pending_remove(cmd);
ff9ef578
JH		 2874 else
2875 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
14a53664
JH		 2876
2877failed:
09fd0de5 2878 hci_dev_unlock(hdev);
14a53664
JH		 2879 return err;
2880}
2881
1183fdca
AG		 2882static int mgmt_stop_discovery_failed(struct hci_dev *hdev, u8 status)
2883{
2884 struct pending_cmd *cmd;
2885 int err;
2886
2887 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
2888 if (!cmd)
2889 return -ENOENT;
2890
2891 err = cmd_complete(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status),
2892 &hdev->discovery.type, sizeof(hdev->discovery.type));
2893 mgmt_pending_remove(cmd);
2894
2895 return err;
2896}
2897
0e05bba6
AG		 2898static void stop_discovery_complete(struct hci_dev *hdev, u8 status)
2899{
2900 BT_DBG("status %d", status);
2901
2902 hci_dev_lock(hdev);
2903
2904 if (status) {
2905 mgmt_stop_discovery_failed(hdev, status);
2906 goto unlock;
2907 }
2908
2909 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
2910
2911unlock:
2912 hci_dev_unlock(hdev);
2913}
2914
bdb6d971 2915static int stop_discovery(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2916 u16 len)
14a53664 2917{
d930650b 2918 struct mgmt_cp_stop_discovery *mgmt_cp = data;
14a53664 2919 struct pending_cmd *cmd;
30dc78e1
JH		 2920 struct hci_cp_remote_name_req_cancel cp;
2921 struct inquiry_entry *e;
0e05bba6
AG		 2922 struct hci_request req;
2923 struct hci_cp_le_set_scan_enable enable_cp;
14a53664
JH		 2924 int err;
2925
bdb6d971 2926 BT_DBG("%s", hdev->name);
14a53664 2927
09fd0de5 2928 hci_dev_lock(hdev);
14a53664 2929
30dc78e1 2930 if (!hci_discovery_active(hdev)) {
bdb6d971 2931 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
04124681
GP		 2932 MGMT_STATUS_REJECTED, &mgmt_cp->type,
2933 sizeof(mgmt_cp->type));
d930650b
JH		 2934 goto unlock;
2935 }
2936
2937 if (hdev->discovery.type != mgmt_cp->type) {
bdb6d971 2938 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
04124681
GP		 2939 MGMT_STATUS_INVALID_PARAMS, &mgmt_cp->type,
2940 sizeof(mgmt_cp->type));
30dc78e1 2941 goto unlock;
ff9ef578
JH		 2942 }
2943
2e58ef3e 2944 cmd = mgmt_pending_add(sk, MGMT_OP_STOP_DISCOVERY, hdev, NULL, 0);
14a53664
JH		 2945 if (!cmd) {
2946 err = -ENOMEM;
30dc78e1
JH		 2947 goto unlock;
2948 }
2949
0e05bba6
AG		 2950 hci_req_init(&req, hdev);
2951
e0d9727e
AG		 2952 switch (hdev->discovery.state) {
2953 case DISCOVERY_FINDING:
0e05bba6
AG		 2954 if (test_bit(HCI_INQUIRY, &hdev->flags)) {
2955 hci_req_add(&req, HCI_OP_INQUIRY_CANCEL, 0, NULL);
2956 } else {
2957 cancel_delayed_work(&hdev->le_scan_disable);
2958
2959 memset(&enable_cp, 0, sizeof(enable_cp));
2960 enable_cp.enable = LE_SCAN_DISABLE;
2961 hci_req_add(&req, HCI_OP_LE_SET_SCAN_ENABLE,
2962 sizeof(enable_cp), &enable_cp);
2963 }
c9ecc48e 2964
e0d9727e
AG		 2965 break;
2966
2967 case DISCOVERY_RESOLVING:
2968 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY,
8ce8e2b5 2969 NAME_PENDING);
e0d9727e 2970 if (!e) {
30dc78e1 2971 mgmt_pending_remove(cmd);
e0d9727e
AG		 2972 err = cmd_complete(sk, hdev->id,
2973 MGMT_OP_STOP_DISCOVERY, 0,
2974 &mgmt_cp->type,
2975 sizeof(mgmt_cp->type));
2976 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
2977 goto unlock;
2978 }
30dc78e1 2979
e0d9727e 2980 bacpy(&cp.bdaddr, &e->data.bdaddr);
0e05bba6
AG		 2981 hci_req_add(&req, HCI_OP_REMOTE_NAME_REQ_CANCEL, sizeof(cp),
2982 &cp);
e0d9727e
AG		 2983
2984 break;
2985
2986 default:
2987 BT_DBG("unknown discovery state %u", hdev->discovery.state);
0e05bba6
AG		 2988
2989 mgmt_pending_remove(cmd);
2990 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
2991 MGMT_STATUS_FAILED, &mgmt_cp->type,
2992 sizeof(mgmt_cp->type));
2993 goto unlock;
14a53664
JH		 2994 }
2995
0e05bba6 2996 err = hci_req_run(&req, stop_discovery_complete);
14a53664
JH		 2997 if (err < 0)
2998 mgmt_pending_remove(cmd);
ff9ef578
JH		 2999 else
3000 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
14a53664 3001
30dc78e1 3002unlock:
09fd0de5 3003 hci_dev_unlock(hdev);
14a53664
JH		 3004 return err;
3005}
3006
bdb6d971 3007static int confirm_name(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3008 u16 len)
561aafbc 3009{
650f726d 3010 struct mgmt_cp_confirm_name *cp = data;
561aafbc 3011 struct inquiry_entry *e;
561aafbc
JH		 3012 int err;
3013
bdb6d971 3014 BT_DBG("%s", hdev->name);
561aafbc 3015
561aafbc
JH		 3016 hci_dev_lock(hdev);
3017
30dc78e1 3018 if (!hci_discovery_active(hdev)) {
bdb6d971 3019 err = cmd_status(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
04124681 3020 MGMT_STATUS_FAILED);
30dc78e1
JH		 3021 goto failed;
3022 }
3023
a198e7b1 3024 e = hci_inquiry_cache_lookup_unknown(hdev, &cp->addr.bdaddr);
561aafbc 3025 if (!e) {
bdb6d971 3026 err = cmd_status(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
04124681 3027 MGMT_STATUS_INVALID_PARAMS);
561aafbc
JH		 3028 goto failed;
3029 }
3030
3031 if (cp->name_known) {
3032 e->name_state = NAME_KNOWN;
3033 list_del(&e->list);
3034 } else {
3035 e->name_state = NAME_NEEDED;
a3d4e20a 3036 hci_inquiry_cache_update_resolve(hdev, e);
561aafbc
JH		 3037 }
3038
e384662b
JH		 3039 err = cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME, 0, &cp->addr,
3040 sizeof(cp->addr));
561aafbc
JH		 3041
3042failed:
3043 hci_dev_unlock(hdev);
561aafbc
JH		 3044 return err;
3045}
3046
bdb6d971 3047static int block_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3048 u16 len)
7fbec224 3049{
650f726d 3050 struct mgmt_cp_block_device *cp = data;
f0eeea8b 3051 u8 status;
7fbec224
AJ		 3052 int err;
3053
bdb6d971 3054 BT_DBG("%s", hdev->name);
7fbec224 3055
4ee71b20 3056 if (!bdaddr_type_is_valid(cp->addr.type))
5d0846d4
JH		 3057 return cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE,
3058 MGMT_STATUS_INVALID_PARAMS,
3059 &cp->addr, sizeof(cp->addr));
4ee71b20 3060
09fd0de5 3061 hci_dev_lock(hdev);
5e762444 3062
88c1fe4b 3063 err = hci_blacklist_add(hdev, &cp->addr.bdaddr, cp->addr.type);
7fbec224 3064 if (err < 0)
f0eeea8b 3065 status = MGMT_STATUS_FAILED;
7fbec224 3066 else
a6785be2 3067 status = MGMT_STATUS_SUCCESS;
f0eeea8b 3068
bdb6d971 3069 err = cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE, status,
04124681 3070 &cp->addr, sizeof(cp->addr));
5e762444 3071
09fd0de5 3072 hci_dev_unlock(hdev);
7fbec224
AJ		 3073
3074 return err;
3075}
3076
bdb6d971 3077static int unblock_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3078 u16 len)
7fbec224 3079{
650f726d 3080 struct mgmt_cp_unblock_device *cp = data;
f0eeea8b 3081 u8 status;
7fbec224
AJ		 3082 int err;
3083
bdb6d971 3084 BT_DBG("%s", hdev->name);
7fbec224 3085
4ee71b20 3086 if (!bdaddr_type_is_valid(cp->addr.type))
5d0846d4
JH		 3087 return cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE,
3088 MGMT_STATUS_INVALID_PARAMS,
3089 &cp->addr, sizeof(cp->addr));
4ee71b20 3090
09fd0de5 3091 hci_dev_lock(hdev);
5e762444 3092
88c1fe4b 3093 err = hci_blacklist_del(hdev, &cp->addr.bdaddr, cp->addr.type);
7fbec224 3094 if (err < 0)
f0eeea8b 3095 status = MGMT_STATUS_INVALID_PARAMS;
7fbec224 3096 else
a6785be2 3097 status = MGMT_STATUS_SUCCESS;
f0eeea8b 3098
bdb6d971 3099 err = cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE, status,
04124681 3100 &cp->addr, sizeof(cp->addr));
5e762444 3101
09fd0de5 3102 hci_dev_unlock(hdev);
7fbec224
AJ		 3103
3104 return err;
3105}
3106
cdbaccca
MH		 3107static int set_device_id(struct sock *sk, struct hci_dev *hdev, void *data,
3108 u16 len)
3109{
3110 struct mgmt_cp_set_device_id *cp = data;
890ea898 3111 struct hci_request req;
cdbaccca 3112 int err;
c72d4b8a 3113 __u16 source;
cdbaccca
MH		 3114
3115 BT_DBG("%s", hdev->name);
3116
c72d4b8a
SJ		 3117 source = __le16_to_cpu(cp->source);
3118
3119 if (source > 0x0002)
3120 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEVICE_ID,
3121 MGMT_STATUS_INVALID_PARAMS);
3122
cdbaccca
MH		 3123 hci_dev_lock(hdev);
3124
c72d4b8a 3125 hdev->devid_source = source;
cdbaccca
MH		 3126 hdev->devid_vendor = __le16_to_cpu(cp->vendor);
3127 hdev->devid_product = __le16_to_cpu(cp->product);
3128 hdev->devid_version = __le16_to_cpu(cp->version);
3129
3130 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEVICE_ID, 0, NULL, 0);
3131
890ea898
JH		 3132 hci_req_init(&req, hdev);
3133 update_eir(&req);
3134 hci_req_run(&req, NULL);
cdbaccca
MH		 3135
3136 hci_dev_unlock(hdev);
3137
3138 return err;
3139}
3140
4375f103
JH		 3141static void set_advertising_complete(struct hci_dev *hdev, u8 status)
3142{
3143 struct cmd_lookup match = { NULL, hdev };
3144
3145 if (status) {
3146 u8 mgmt_err = mgmt_status(status);
3147
3148 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev,
3149 cmd_status_rsp, &mgmt_err);
3150 return;
3151 }
3152
3153 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev, settings_rsp,
3154 &match);
3155
3156 new_settings(hdev, match.sk);
3157
3158 if (match.sk)
3159 sock_put(match.sk);
3160}
3161
3162static int set_advertising(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
3163{
3164 struct mgmt_mode *cp = data;
3165 struct pending_cmd *cmd;
3166 struct hci_request req;
3167 u8 val, enabled;
3168 int err;
3169
3170 BT_DBG("request for %s", hdev->name);
3171
3172 if (!lmp_le_capable(hdev))
3173 return cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
3174 MGMT_STATUS_NOT_SUPPORTED);
3175
3176 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
3177 return cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
3178 MGMT_STATUS_REJECTED);
3179
3180 if (cp->val != 0x00 && cp->val != 0x01)
3181 return cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
3182 MGMT_STATUS_INVALID_PARAMS);
3183
3184 hci_dev_lock(hdev);
3185
3186 val = !!cp->val;
3187 enabled = test_bit(HCI_LE_PERIPHERAL, &hdev->dev_flags);
3188
3189 if (!hdev_is_powered(hdev) || val == enabled) {
3190 bool changed = false;
3191
3192 if (val != test_bit(HCI_LE_PERIPHERAL, &hdev->dev_flags)) {
3193 change_bit(HCI_LE_PERIPHERAL, &hdev->dev_flags);
3194 changed = true;
3195 }
3196
3197 err = send_settings_rsp(sk, MGMT_OP_SET_ADVERTISING, hdev);
3198 if (err < 0)
3199 goto unlock;
3200
3201 if (changed)
3202 err = new_settings(hdev, sk);
3203
3204 goto unlock;
3205 }
3206
3207 if (mgmt_pending_find(MGMT_OP_SET_ADVERTISING, hdev) ||
3208 mgmt_pending_find(MGMT_OP_SET_LE, hdev)) {
3209 err = cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
3210 MGMT_STATUS_BUSY);
3211 goto unlock;
3212 }
3213
3214 cmd = mgmt_pending_add(sk, MGMT_OP_SET_ADVERTISING, hdev, data, len);
3215 if (!cmd) {
3216 err = -ENOMEM;
3217 goto unlock;
3218 }
3219
3220 hci_req_init(&req, hdev);
3221
3222 hci_req_add(&req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(val), &val);
3223
3224 err = hci_req_run(&req, set_advertising_complete);
3225 if (err < 0)
3226 mgmt_pending_remove(cmd);
3227
3228unlock:
3229 hci_dev_unlock(hdev);
3230 return err;
3231}
3232
33e38b3e
JH		 3233static void fast_connectable_complete(struct hci_dev *hdev, u8 status)
3234{
3235 struct pending_cmd *cmd;
3236
3237 BT_DBG("status 0x%02x", status);
3238
3239 hci_dev_lock(hdev);
3240
3241 cmd = mgmt_pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev);
3242 if (!cmd)
3243 goto unlock;
3244
3245 if (status) {
3246 cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
3247 mgmt_status(status));
3248 } else {
1a4d3c4b
JH		 3249 struct mgmt_mode *cp = cmd->param;
3250
3251 if (cp->val)
3252 set_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
3253 else
3254 clear_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
3255
33e38b3e
JH		 3256 send_settings_rsp(cmd->sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev);
3257 new_settings(hdev, cmd->sk);
3258 }
3259
3260 mgmt_pending_remove(cmd);
3261
3262unlock:
3263 hci_dev_unlock(hdev);
3264}
3265
bdb6d971 3266static int set_fast_connectable(struct sock *sk, struct hci_dev *hdev,
04124681 3267 void *data, u16 len)
f6422ec6 3268{
650f726d 3269 struct mgmt_mode *cp = data;
33e38b3e
JH		 3270 struct pending_cmd *cmd;
3271 struct hci_request req;
f6422ec6
AJ		 3272 int err;
3273
bdb6d971 3274 BT_DBG("%s", hdev->name);
f6422ec6 3275
1a47aee8 3276 if (!lmp_bredr_capable(hdev) || hdev->hci_ver < BLUETOOTH_VER_1_2)
33c525c0
JH		 3277 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
3278 MGMT_STATUS_NOT_SUPPORTED);
3279
a7e80f25
JH		 3280 if (cp->val != 0x00 && cp->val != 0x01)
3281 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
3282 MGMT_STATUS_INVALID_PARAMS);
3283
5400c044 3284 if (!hdev_is_powered(hdev))
bdb6d971 3285 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
04124681 3286 MGMT_STATUS_NOT_POWERED);
5400c044
JH		 3287
3288 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
bdb6d971 3289 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
04124681 3290 MGMT_STATUS_REJECTED);
f6422ec6
AJ		 3291
3292 hci_dev_lock(hdev);
3293
05cbf29f
JH		 3294 if (mgmt_pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev)) {
3295 err = cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
3296 MGMT_STATUS_BUSY);
3297 goto unlock;
3298 }
3299
1a4d3c4b
JH		 3300 if (!!cp->val == test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags)) {
3301 err = send_settings_rsp(sk, MGMT_OP_SET_FAST_CONNECTABLE,
3302 hdev);
3303 goto unlock;
3304 }
3305
33e38b3e
JH		 3306 cmd = mgmt_pending_add(sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev,
3307 data, len);
3308 if (!cmd) {
3309 err = -ENOMEM;
3310 goto unlock;
f6422ec6
AJ		 3311 }
3312
33e38b3e
JH		 3313 hci_req_init(&req, hdev);
3314
406d7804 3315 write_fast_connectable(&req, cp->val);
33e38b3e
JH		 3316
3317 err = hci_req_run(&req, fast_connectable_complete);
f6422ec6 3318 if (err < 0) {
bdb6d971 3319 err = cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
04124681 3320 MGMT_STATUS_FAILED);
33e38b3e 3321 mgmt_pending_remove(cmd);
f6422ec6
AJ		 3322 }
3323
33e38b3e 3324unlock:
f6422ec6 3325 hci_dev_unlock(hdev);
33e38b3e 3326
f6422ec6
AJ		 3327 return err;
3328}
3329
3f706b72
JH		 3330static bool ltk_is_valid(struct mgmt_ltk_info *key)
3331{
44b20d33
JH		 3332 if (key->authenticated != 0x00 && key->authenticated != 0x01)
3333 return false;
3f706b72
JH		 3334 if (key->master != 0x00 && key->master != 0x01)
3335 return false;
4ee71b20
JH		 3336 if (!bdaddr_type_is_le(key->addr.type))
3337 return false;
3f706b72
JH		 3338 return true;
3339}
3340
bdb6d971 3341static int load_long_term_keys(struct sock *sk, struct hci_dev *hdev,
04124681 3342 void *cp_data, u16 len)
346af67b 3343{
346af67b
VCG		 3344 struct mgmt_cp_load_long_term_keys *cp = cp_data;
3345 u16 key_count, expected_len;
715a5bf2 3346 int i, err;
346af67b 3347
1f350c87 3348 key_count = __le16_to_cpu(cp->key_count);
346af67b
VCG		 3349
3350 expected_len = sizeof(*cp) + key_count *
3351 sizeof(struct mgmt_ltk_info);
3352 if (expected_len != len) {
3353 BT_ERR("load_keys: expected %u bytes, got %u bytes",
8ce8e2b5 3354 len, expected_len);
bdb6d971 3355 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
e57e619f 3356 MGMT_STATUS_INVALID_PARAMS);
346af67b
VCG		 3357 }
3358
bdb6d971 3359 BT_DBG("%s key_count %u", hdev->name, key_count);
346af67b 3360
54ad6d8a
JH		 3361 for (i = 0; i < key_count; i++) {
3362 struct mgmt_ltk_info *key = &cp->keys[i];
3363
3f706b72 3364 if (!ltk_is_valid(key))
54ad6d8a
JH		 3365 return cmd_status(sk, hdev->id,
3366 MGMT_OP_LOAD_LONG_TERM_KEYS,
3367 MGMT_STATUS_INVALID_PARAMS);
3368 }
3369
346af67b
VCG		 3370 hci_dev_lock(hdev);
3371
3372 hci_smp_ltks_clear(hdev);
3373
3374 for (i = 0; i < key_count; i++) {
3375 struct mgmt_ltk_info *key = &cp->keys[i];
3376 u8 type;
3377
3378 if (key->master)
3379 type = HCI_SMP_LTK;
3380 else
3381 type = HCI_SMP_LTK_SLAVE;
3382
4596fde5 3383 hci_add_ltk(hdev, &key->addr.bdaddr,
378b5b7e 3384 bdaddr_to_le(key->addr.type),
04124681
GP		 3385 type, 0, key->authenticated, key->val,
3386 key->enc_size, key->ediv, key->rand);
346af67b
VCG		 3387 }
3388
715a5bf2
JH		 3389 err = cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS, 0,
3390 NULL, 0);
3391
346af67b 3392 hci_dev_unlock(hdev);
346af67b 3393
715a5bf2 3394 return err;
346af67b
VCG		 3395}
3396
2e3c35ea 3397static const struct mgmt_handler {
04124681
GP		 3398 int (*func) (struct sock *sk, struct hci_dev *hdev, void *data,
3399 u16 data_len);
be22b54e
JH		 3400 bool var_len;
3401 size_t data_len;
0f4e68cf
JH		 3402} mgmt_handlers[] = {
3403 { NULL }, /* 0x0000 (no command) */
be22b54e
JH		 3404 { read_version, false, MGMT_READ_VERSION_SIZE },
3405 { read_commands, false, MGMT_READ_COMMANDS_SIZE },
3406 { read_index_list, false, MGMT_READ_INDEX_LIST_SIZE },
3407 { read_controller_info, false, MGMT_READ_INFO_SIZE },
3408 { set_powered, false, MGMT_SETTING_SIZE },
3409 { set_discoverable, false, MGMT_SET_DISCOVERABLE_SIZE },
3410 { set_connectable, false, MGMT_SETTING_SIZE },
3411 { set_fast_connectable, false, MGMT_SETTING_SIZE },
3412 { set_pairable, false, MGMT_SETTING_SIZE },
3413 { set_link_security, false, MGMT_SETTING_SIZE },
3414 { set_ssp, false, MGMT_SETTING_SIZE },
3415 { set_hs, false, MGMT_SETTING_SIZE },
3416 { set_le, false, MGMT_SETTING_SIZE },
3417 { set_dev_class, false, MGMT_SET_DEV_CLASS_SIZE },
3418 { set_local_name, false, MGMT_SET_LOCAL_NAME_SIZE },
3419 { add_uuid, false, MGMT_ADD_UUID_SIZE },
3420 { remove_uuid, false, MGMT_REMOVE_UUID_SIZE },
3421 { load_link_keys, true, MGMT_LOAD_LINK_KEYS_SIZE },
3422 { load_long_term_keys, true, MGMT_LOAD_LONG_TERM_KEYS_SIZE },
3423 { disconnect, false, MGMT_DISCONNECT_SIZE },
3424 { get_connections, false, MGMT_GET_CONNECTIONS_SIZE },
3425 { pin_code_reply, false, MGMT_PIN_CODE_REPLY_SIZE },
3426 { pin_code_neg_reply, false, MGMT_PIN_CODE_NEG_REPLY_SIZE },
3427 { set_io_capability, false, MGMT_SET_IO_CAPABILITY_SIZE },
3428 { pair_device, false, MGMT_PAIR_DEVICE_SIZE },
3429 { cancel_pair_device, false, MGMT_CANCEL_PAIR_DEVICE_SIZE },
3430 { unpair_device, false, MGMT_UNPAIR_DEVICE_SIZE },
3431 { user_confirm_reply, false, MGMT_USER_CONFIRM_REPLY_SIZE },
3432 { user_confirm_neg_reply, false, MGMT_USER_CONFIRM_NEG_REPLY_SIZE },
3433 { user_passkey_reply, false, MGMT_USER_PASSKEY_REPLY_SIZE },
3434 { user_passkey_neg_reply, false, MGMT_USER_PASSKEY_NEG_REPLY_SIZE },
3435 { read_local_oob_data, false, MGMT_READ_LOCAL_OOB_DATA_SIZE },
3436 { add_remote_oob_data, false, MGMT_ADD_REMOTE_OOB_DATA_SIZE },
3437 { remove_remote_oob_data, false, MGMT_REMOVE_REMOTE_OOB_DATA_SIZE },
3438 { start_discovery, false, MGMT_START_DISCOVERY_SIZE },
3439 { stop_discovery, false, MGMT_STOP_DISCOVERY_SIZE },
3440 { confirm_name, false, MGMT_CONFIRM_NAME_SIZE },
3441 { block_device, false, MGMT_BLOCK_DEVICE_SIZE },
3442 { unblock_device, false, MGMT_UNBLOCK_DEVICE_SIZE },
cdbaccca 3443 { set_device_id, false, MGMT_SET_DEVICE_ID_SIZE },
4375f103 3444 { set_advertising, false, MGMT_SETTING_SIZE },
0f4e68cf
JH		 3445};
3446
3447
0381101f
JH		 3448int mgmt_control(struct sock *sk, struct msghdr *msg, size_t msglen)
3449{
650f726d
VCG		 3450 void *buf;
3451 u8 *cp;
0381101f 3452 struct mgmt_hdr *hdr;
4e51eae9 3453 u16 opcode, index, len;
bdb6d971 3454 struct hci_dev *hdev = NULL;
2e3c35ea 3455 const struct mgmt_handler *handler;
0381101f
JH		 3456 int err;
3457
3458 BT_DBG("got %zu bytes", msglen);
3459
3460 if (msglen < sizeof(*hdr))
3461 return -EINVAL;
3462
e63a15ec 3463 buf = kmalloc(msglen, GFP_KERNEL);
0381101f
JH		 3464 if (!buf)
3465 return -ENOMEM;
3466
3467 if (memcpy_fromiovec(buf, msg->msg_iov, msglen)) {
3468 err = -EFAULT;
3469 goto done;
3470 }
3471
650f726d 3472 hdr = buf;
1f350c87
MH		 3473 opcode = __le16_to_cpu(hdr->opcode);
3474 index = __le16_to_cpu(hdr->index);
3475 len = __le16_to_cpu(hdr->len);
0381101f
JH		 3476
3477 if (len != msglen - sizeof(*hdr)) {
3478 err = -EINVAL;
3479 goto done;
3480 }
3481
0f4e68cf 3482 if (index != MGMT_INDEX_NONE) {
bdb6d971
JH		 3483 hdev = hci_dev_get(index);
3484 if (!hdev) {
3485 err = cmd_status(sk, index, opcode,
04124681 3486 MGMT_STATUS_INVALID_INDEX);
bdb6d971
JH		 3487 goto done;
3488 }
0736cfa8
MH		 3489
3490 if (test_bit(HCI_USER_CHANNEL, &hdev->dev_flags)) {
3491 err = cmd_status(sk, index, opcode,
3492 MGMT_STATUS_INVALID_INDEX);
3493 goto done;
3494 }
bdb6d971
JH		 3495 }
3496
0f4e68cf 3497 if (opcode >= ARRAY_SIZE(mgmt_handlers) ||
8ce8e2b5 3498 mgmt_handlers[opcode].func == NULL) {
0381101f 3499 BT_DBG("Unknown op %u", opcode);
ca69b795 3500 err = cmd_status(sk, index, opcode,
04124681 3501 MGMT_STATUS_UNKNOWN_COMMAND);
0f4e68cf
JH		 3502 goto done;
3503 }
3504
3505 if ((hdev && opcode < MGMT_OP_READ_INFO) ||
8ce8e2b5 3506 (!hdev && opcode >= MGMT_OP_READ_INFO)) {
0f4e68cf 3507 err = cmd_status(sk, index, opcode,
04124681 3508 MGMT_STATUS_INVALID_INDEX);
0f4e68cf 3509 goto done;
0381101f
JH		 3510 }
3511
be22b54e
JH		 3512 handler = &mgmt_handlers[opcode];
3513
3514 if ((handler->var_len && len < handler->data_len) ||
8ce8e2b5 3515 (!handler->var_len && len != handler->data_len)) {
be22b54e 3516 err = cmd_status(sk, index, opcode,
04124681 3517 MGMT_STATUS_INVALID_PARAMS);
be22b54e
JH		 3518 goto done;
3519 }
3520
0f4e68cf
JH		 3521 if (hdev)
3522 mgmt_init_hdev(sk, hdev);
3523
3524 cp = buf + sizeof(*hdr);
3525
be22b54e 3526 err = handler->func(sk, hdev, cp, len);
e41d8b4e
JH		 3527 if (err < 0)
3528 goto done;
3529
0381101f
JH		 3530 err = msglen;
3531
3532done:
bdb6d971
JH		 3533 if (hdev)
3534 hci_dev_put(hdev);
3535
0381101f
JH		 3536 kfree(buf);
3537 return err;
3538}
c71e97bf 3539
744cf19e 3540int mgmt_index_added(struct hci_dev *hdev)
c71e97bf 3541{
bb4b2a9a
AE		 3542 if (!mgmt_valid_hdev(hdev))
3543 return -ENOTSUPP;
3544
744cf19e 3545 return mgmt_event(MGMT_EV_INDEX_ADDED, hdev, NULL, 0, NULL);
c71e97bf
JH		 3546}
3547
744cf19e 3548int mgmt_index_removed(struct hci_dev *hdev)
c71e97bf 3549{
5f159032 3550 u8 status = MGMT_STATUS_INVALID_INDEX;
b24752fe 3551
bb4b2a9a
AE		 3552 if (!mgmt_valid_hdev(hdev))
3553 return -ENOTSUPP;
3554
744cf19e 3555 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status);
b24752fe 3556
744cf19e 3557 return mgmt_event(MGMT_EV_INDEX_REMOVED, hdev, NULL, 0, NULL);
eec8d2bc
JH		 3558}
3559
890ea898 3560static void set_bredr_scan(struct hci_request *req)
7f0ae647 3561{
890ea898 3562 struct hci_dev *hdev = req->hdev;
7f0ae647
JH		 3563 u8 scan = 0;
3564
4c01f8b8
JH		 3565 /* Ensure that fast connectable is disabled. This function will
3566 * not do anything if the page scan parameters are already what
3567 * they should be.
3568 */
3569 write_fast_connectable(req, false);
3570
7f0ae647
JH		 3571 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
3572 scan |= SCAN_PAGE;
3573 if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
3574 scan |= SCAN_INQUIRY;
3575
890ea898
JH		 3576 if (scan)
3577 hci_req_add(req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
7f0ae647
JH		 3578}
3579
229ab39c
JH		 3580static void powered_complete(struct hci_dev *hdev, u8 status)
3581{
3582 struct cmd_lookup match = { NULL, hdev };
3583
3584 BT_DBG("status 0x%02x", status);
3585
3586 hci_dev_lock(hdev);
3587
3588 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
3589
3590 new_settings(hdev, match.sk);
3591
3592 hci_dev_unlock(hdev);
3593
3594 if (match.sk)
3595 sock_put(match.sk);
3596}
3597
70da6243 3598static int powered_update_hci(struct hci_dev *hdev)
5add6af8 3599{
890ea898 3600 struct hci_request req;
70da6243 3601 u8 link_sec;
5add6af8 3602
890ea898
JH		 3603 hci_req_init(&req, hdev);
3604
70da6243
JH		 3605 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags) &&
3606 !lmp_host_ssp_capable(hdev)) {
3607 u8 ssp = 1;
5e5282bb 3608
890ea898 3609 hci_req_add(&req, HCI_OP_WRITE_SSP_MODE, 1, &ssp);
70da6243 3610 }
5add6af8 3611
c73eee91
JH		 3612 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags) &&
3613 lmp_bredr_capable(hdev)) {
70da6243 3614 struct hci_cp_write_le_host_supported cp;
f0ff92fb 3615
70da6243
JH		 3616 cp.le = 1;
3617 cp.simul = lmp_le_br_capable(hdev);
3d1cbdd6 3618
70da6243
JH		 3619 /* Check first if we already have the right
3620 * host state (host features set)
3621 */
3622 if (cp.le != lmp_host_le_capable(hdev) ||
3623 cp.simul != lmp_host_le_br_capable(hdev))
890ea898
JH		 3624 hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED,
3625 sizeof(cp), &cp);
70da6243 3626 }
3d1cbdd6 3627
eeca6f89
JH		 3628 if (test_bit(HCI_LE_PERIPHERAL, &hdev->dev_flags)) {
3629 u8 adv = 0x01;
3630
3631 hci_req_add(&req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(adv), &adv);
3632 }
3633
70da6243
JH		 3634 link_sec = test_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
3635 if (link_sec != test_bit(HCI_AUTH, &hdev->flags))
890ea898
JH		 3636 hci_req_add(&req, HCI_OP_WRITE_AUTH_ENABLE,
3637 sizeof(link_sec), &link_sec);
562fcc24 3638
70da6243 3639 if (lmp_bredr_capable(hdev)) {
890ea898
JH		 3640 set_bredr_scan(&req);
3641 update_class(&req);
13928971 3642 update_name(&req);
890ea898 3643 update_eir(&req);
70da6243 3644 }
562fcc24 3645
229ab39c 3646 return hci_req_run(&req, powered_complete);
70da6243 3647}
562fcc24 3648
70da6243
JH		 3649int mgmt_powered(struct hci_dev *hdev, u8 powered)
3650{
3651 struct cmd_lookup match = { NULL, hdev };
229ab39c
JH		 3652 u8 status_not_powered = MGMT_STATUS_NOT_POWERED;
3653 u8 zero_cod[] = { 0, 0, 0 };
70da6243 3654 int err;
f0ff92fb 3655
70da6243
JH		 3656 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
3657 return 0;
3658
70da6243 3659 if (powered) {
229ab39c
JH		 3660 if (powered_update_hci(hdev) == 0)
3661 return 0;
fe038884 3662
229ab39c
JH		 3663 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp,
3664 &match);
3665 goto new_settings;
b24752fe
JH		 3666 }
3667
229ab39c
JH		 3668 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
3669 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status_not_powered);
3670
3671 if (memcmp(hdev->dev_class, zero_cod, sizeof(zero_cod)) != 0)
3672 mgmt_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev,
3673 zero_cod, sizeof(zero_cod), NULL);
3674
3675new_settings:
beadb2bd 3676 err = new_settings(hdev, match.sk);
eec8d2bc
JH		 3677
3678 if (match.sk)
3679 sock_put(match.sk);
3680
7bb895d6 3681 return err;
5add6af8 3682}
73f22f62 3683
96570ffc
JH		 3684int mgmt_set_powered_failed(struct hci_dev *hdev, int err)
3685{
3686 struct pending_cmd *cmd;
3687 u8 status;
3688
3689 cmd = mgmt_pending_find(MGMT_OP_SET_POWERED, hdev);
3690 if (!cmd)
3691 return -ENOENT;
3692
3693 if (err == -ERFKILL)
3694 status = MGMT_STATUS_RFKILLED;
3695 else
3696 status = MGMT_STATUS_FAILED;
3697
3698 err = cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_POWERED, status);
3699
3700 mgmt_pending_remove(cmd);
3701
3702 return err;
3703}
3704
744cf19e 3705int mgmt_discoverable(struct hci_dev *hdev, u8 discoverable)
73f22f62 3706{
76a7f3a4 3707 struct cmd_lookup match = { NULL, hdev };
5e5282bb
JH		 3708 bool changed = false;
3709 int err = 0;
73f22f62 3710
5e5282bb
JH		 3711 if (discoverable) {
3712 if (!test_and_set_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
3713 changed = true;
3714 } else {
3715 if (test_and_clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
3716 changed = true;
3717 }
73f22f62 3718
ed9b5f2f 3719 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, hdev, settings_rsp,
04124681 3720 &match);
ed9b5f2f 3721
beadb2bd
JH		 3722 if (changed)
3723 err = new_settings(hdev, match.sk);
5e5282bb 3724
73f22f62
JH		 3725 if (match.sk)
3726 sock_put(match.sk);
3727
7bb895d6 3728 return err;
73f22f62 3729}
9fbcbb45 3730
744cf19e 3731int mgmt_connectable(struct hci_dev *hdev, u8 connectable)
9fbcbb45 3732{
2b76f453 3733 struct pending_cmd *cmd;
5e5282bb
JH		 3734 bool changed = false;
3735 int err = 0;
9fbcbb45 3736
5e5282bb
JH		 3737 if (connectable) {
3738 if (!test_and_set_bit(HCI_CONNECTABLE, &hdev->dev_flags))
3739 changed = true;
3740 } else {
3741 if (test_and_clear_bit(HCI_CONNECTABLE, &hdev->dev_flags))
3742 changed = true;
3743 }
9fbcbb45 3744
2b76f453 3745 cmd = mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
ed9b5f2f 3746
beadb2bd 3747 if (changed)
2b76f453 3748 err = new_settings(hdev, cmd ? cmd->sk : NULL);
9fbcbb45 3749
7bb895d6 3750 return err;
9fbcbb45 3751}
55ed8ca1 3752
744cf19e 3753int mgmt_write_scan_failed(struct hci_dev *hdev, u8 scan, u8 status)
2d7cee58 3754{
ca69b795
JH		 3755 u8 mgmt_err = mgmt_status(status);
3756
2d7cee58 3757 if (scan & SCAN_PAGE)
744cf19e 3758 mgmt_pending_foreach(MGMT_OP_SET_CONNECTABLE, hdev,
04124681 3759 cmd_status_rsp, &mgmt_err);
2d7cee58
JH		 3760
3761 if (scan & SCAN_INQUIRY)
744cf19e 3762 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, hdev,
04124681 3763 cmd_status_rsp, &mgmt_err);
2d7cee58
JH		 3764
3765 return 0;
3766}
3767
53168e5b
CC		 3768int mgmt_new_link_key(struct hci_dev *hdev, struct link_key *key,
3769 bool persistent)
55ed8ca1 3770{
86742e1e 3771 struct mgmt_ev_new_link_key ev;
55ed8ca1 3772
a492cd52 3773 memset(&ev, 0, sizeof(ev));
55ed8ca1 3774
a492cd52 3775 ev.store_hint = persistent;
d753fdc4 3776 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
591f47f3 3777 ev.key.addr.type = BDADDR_BREDR;
a492cd52 3778 ev.key.type = key->type;
9b3b4460 3779 memcpy(ev.key.val, key->val, HCI_LINK_KEY_SIZE);
a492cd52 3780 ev.key.pin_len = key->pin_len;
55ed8ca1 3781
744cf19e 3782 return mgmt_event(MGMT_EV_NEW_LINK_KEY, hdev, &ev, sizeof(ev), NULL);
55ed8ca1 3783}
f7520543 3784
346af67b
VCG		 3785int mgmt_new_ltk(struct hci_dev *hdev, struct smp_ltk *key, u8 persistent)
3786{
3787 struct mgmt_ev_new_long_term_key ev;
3788
3789 memset(&ev, 0, sizeof(ev));
3790
3791 ev.store_hint = persistent;
3792 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
57c1477c 3793 ev.key.addr.type = link_to_bdaddr(LE_LINK, key->bdaddr_type);
346af67b
VCG		 3794 ev.key.authenticated = key->authenticated;
3795 ev.key.enc_size = key->enc_size;
3796 ev.key.ediv = key->ediv;
3797
3798 if (key->type == HCI_SMP_LTK)
3799 ev.key.master = 1;
3800
3801 memcpy(ev.key.rand, key->rand, sizeof(key->rand));
3802 memcpy(ev.key.val, key->val, sizeof(key->val));
3803
04124681
GP		 3804 return mgmt_event(MGMT_EV_NEW_LONG_TERM_KEY, hdev, &ev, sizeof(ev),
3805 NULL);
346af67b
VCG		 3806}
3807
afc747a6 3808int mgmt_device_connected(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
04124681
GP		 3809 u8 addr_type, u32 flags, u8 *name, u8 name_len,
3810 u8 *dev_class)
f7520543 3811{
b644ba33
JH		 3812 char buf[512];
3813 struct mgmt_ev_device_connected *ev = (void *) buf;
3814 u16 eir_len = 0;
f7520543 3815
b644ba33 3816 bacpy(&ev->addr.bdaddr, bdaddr);
57c1477c 3817 ev->addr.type = link_to_bdaddr(link_type, addr_type);
f7520543 3818
c95f0ba7 3819 ev->flags = __cpu_to_le32(flags);
08c79b61 3820
b644ba33
JH		 3821 if (name_len > 0)
3822 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE,
04124681 3823 name, name_len);
b644ba33
JH		 3824
3825 if (dev_class && memcmp(dev_class, "\0\0\0", 3) != 0)
53156385 3826 eir_len = eir_append_data(ev->eir, eir_len,
04124681 3827 EIR_CLASS_OF_DEV, dev_class, 3);
b644ba33 3828
eb55ef07 3829 ev->eir_len = cpu_to_le16(eir_len);
b644ba33
JH		 3830
3831 return mgmt_event(MGMT_EV_DEVICE_CONNECTED, hdev, buf,
04124681 3832 sizeof(*ev) + eir_len, NULL);
f7520543
JH		 3833}
3834
8962ee74
JH		 3835static void disconnect_rsp(struct pending_cmd *cmd, void *data)
3836{
c68fb7ff 3837 struct mgmt_cp_disconnect *cp = cmd->param;
8962ee74 3838 struct sock **sk = data;
a38528f1 3839 struct mgmt_rp_disconnect rp;
8962ee74 3840
88c3df13
JH		 3841 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
3842 rp.addr.type = cp->addr.type;
8962ee74 3843
aee9b218 3844 cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT, 0, &rp,
04124681 3845 sizeof(rp));
8962ee74
JH		 3846
3847 *sk = cmd->sk;
3848 sock_hold(*sk);
3849
a664b5bc 3850 mgmt_pending_remove(cmd);
8962ee74
JH		 3851}
3852
124f6e35 3853static void unpair_device_rsp(struct pending_cmd *cmd, void *data)
a8a1d19e 3854{
b1078ad0 3855 struct hci_dev *hdev = data;
124f6e35
JH		 3856 struct mgmt_cp_unpair_device *cp = cmd->param;
3857 struct mgmt_rp_unpair_device rp;
a8a1d19e
JH		 3858
3859 memset(&rp, 0, sizeof(rp));
124f6e35
JH		 3860 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
3861 rp.addr.type = cp->addr.type;
a8a1d19e 3862
b1078ad0
JH		 3863 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, cmd->sk);
3864
aee9b218 3865 cmd_complete(cmd->sk, cmd->index, cmd->opcode, 0, &rp, sizeof(rp));
a8a1d19e
JH		 3866
3867 mgmt_pending_remove(cmd);
3868}
3869
afc747a6 3870int mgmt_device_disconnected(struct hci_dev *hdev, bdaddr_t *bdaddr,
f0d6a0ea 3871 u8 link_type, u8 addr_type, u8 reason)
f7520543 3872{
f0d6a0ea 3873 struct mgmt_ev_device_disconnected ev;
8962ee74
JH		 3874 struct sock *sk = NULL;
3875 int err;
3876
744cf19e 3877 mgmt_pending_foreach(MGMT_OP_DISCONNECT, hdev, disconnect_rsp, &sk);
f7520543 3878
f0d6a0ea
MA		 3879 bacpy(&ev.addr.bdaddr, bdaddr);
3880 ev.addr.type = link_to_bdaddr(link_type, addr_type);
3881 ev.reason = reason;
f7520543 3882
afc747a6 3883 err = mgmt_event(MGMT_EV_DEVICE_DISCONNECTED, hdev, &ev, sizeof(ev),
04124681 3884 sk);
8962ee74
JH		 3885
3886 if (sk)
d97dcb66 3887 sock_put(sk);
8962ee74 3888
124f6e35 3889 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
04124681 3890 hdev);
a8a1d19e 3891
8962ee74
JH		 3892 return err;
3893}
3894
88c3df13 3895int mgmt_disconnect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 3896 u8 link_type, u8 addr_type, u8 status)
8962ee74 3897{
88c3df13 3898 struct mgmt_rp_disconnect rp;
8962ee74
JH		 3899 struct pending_cmd *cmd;
3900 int err;
3901
36a75f1b
JD		 3902 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
3903 hdev);
3904
2e58ef3e 3905 cmd = mgmt_pending_find(MGMT_OP_DISCONNECT, hdev);
8962ee74
JH		 3906 if (!cmd)
3907 return -ENOENT;
3908
88c3df13 3909 bacpy(&rp.addr.bdaddr, bdaddr);
57c1477c 3910 rp.addr.type = link_to_bdaddr(link_type, addr_type);
37d9ef76 3911
88c3df13 3912 err = cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT,
04124681 3913 mgmt_status(status), &rp, sizeof(rp));
8962ee74 3914
a664b5bc 3915 mgmt_pending_remove(cmd);
8962ee74
JH		 3916
3917 return err;
f7520543 3918}
17d5c04c 3919
48264f06 3920int mgmt_connect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
04124681 3921 u8 addr_type, u8 status)
17d5c04c
JH		 3922{
3923 struct mgmt_ev_connect_failed ev;
3924
4c659c39 3925 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 3926 ev.addr.type = link_to_bdaddr(link_type, addr_type);
ca69b795 3927 ev.status = mgmt_status(status);
17d5c04c 3928
744cf19e 3929 return mgmt_event(MGMT_EV_CONNECT_FAILED, hdev, &ev, sizeof(ev), NULL);
17d5c04c 3930}
980e1a53 3931
744cf19e 3932int mgmt_pin_code_request(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 secure)
980e1a53
JH		 3933{
3934 struct mgmt_ev_pin_code_request ev;
3935
d8457698 3936 bacpy(&ev.addr.bdaddr, bdaddr);
591f47f3 3937 ev.addr.type = BDADDR_BREDR;
a770bb5a 3938 ev.secure = secure;
980e1a53 3939
744cf19e 3940 return mgmt_event(MGMT_EV_PIN_CODE_REQUEST, hdev, &ev, sizeof(ev),
04124681 3941 NULL);
980e1a53
JH		 3942}
3943
744cf19e 3944int mgmt_pin_code_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 3945 u8 status)
980e1a53
JH		 3946{
3947 struct pending_cmd *cmd;
ac56fb13 3948 struct mgmt_rp_pin_code_reply rp;
980e1a53
JH		 3949 int err;
3950
2e58ef3e 3951 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_REPLY, hdev);
980e1a53
JH		 3952 if (!cmd)
3953 return -ENOENT;
3954
d8457698 3955 bacpy(&rp.addr.bdaddr, bdaddr);
591f47f3 3956 rp.addr.type = BDADDR_BREDR;
ac56fb13 3957
aee9b218 3958 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
04124681 3959 mgmt_status(status), &rp, sizeof(rp));
980e1a53 3960
a664b5bc 3961 mgmt_pending_remove(cmd);
980e1a53
JH		 3962
3963 return err;
3964}
3965
744cf19e 3966int mgmt_pin_code_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 3967 u8 status)
980e1a53
JH		 3968{
3969 struct pending_cmd *cmd;
ac56fb13 3970 struct mgmt_rp_pin_code_reply rp;
980e1a53
JH		 3971 int err;
3972
2e58ef3e 3973 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_NEG_REPLY, hdev);
980e1a53
JH		 3974 if (!cmd)
3975 return -ENOENT;
3976
d8457698 3977 bacpy(&rp.addr.bdaddr, bdaddr);
591f47f3 3978 rp.addr.type = BDADDR_BREDR;
ac56fb13 3979
aee9b218 3980 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_NEG_REPLY,
04124681 3981 mgmt_status(status), &rp, sizeof(rp));
980e1a53 3982
a664b5bc 3983 mgmt_pending_remove(cmd);
980e1a53
JH		 3984
3985 return err;
3986}
a5c29683 3987
744cf19e 3988int mgmt_user_confirm_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681
GP		 3989 u8 link_type, u8 addr_type, __le32 value,
3990 u8 confirm_hint)
a5c29683
JH		 3991{
3992 struct mgmt_ev_user_confirm_request ev;
3993
744cf19e 3994 BT_DBG("%s", hdev->name);
a5c29683 3995
272d90df 3996 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 3997 ev.addr.type = link_to_bdaddr(link_type, addr_type);
55bc1a37 3998 ev.confirm_hint = confirm_hint;
78e8098e 3999 ev.value = value;
a5c29683 4000
744cf19e 4001 return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST, hdev, &ev, sizeof(ev),
04124681 4002 NULL);
a5c29683
JH		 4003}
4004
272d90df 4005int mgmt_user_passkey_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
8ce8e2b5 4006 u8 link_type, u8 addr_type)
604086b7
BG		 4007{
4008 struct mgmt_ev_user_passkey_request ev;
4009
4010 BT_DBG("%s", hdev->name);
4011
272d90df 4012 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 4013 ev.addr.type = link_to_bdaddr(link_type, addr_type);
604086b7
BG		 4014
4015 return mgmt_event(MGMT_EV_USER_PASSKEY_REQUEST, hdev, &ev, sizeof(ev),
04124681 4016 NULL);
604086b7
BG		 4017}
4018
0df4c185 4019static int user_pairing_resp_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
8ce8e2b5
GP		 4020 u8 link_type, u8 addr_type, u8 status,
4021 u8 opcode)
a5c29683
JH		 4022{
4023 struct pending_cmd *cmd;
4024 struct mgmt_rp_user_confirm_reply rp;
4025 int err;
4026
2e58ef3e 4027 cmd = mgmt_pending_find(opcode, hdev);
a5c29683
JH		 4028 if (!cmd)
4029 return -ENOENT;
4030
272d90df 4031 bacpy(&rp.addr.bdaddr, bdaddr);
57c1477c 4032 rp.addr.type = link_to_bdaddr(link_type, addr_type);
aee9b218 4033 err = cmd_complete(cmd->sk, hdev->id, opcode, mgmt_status(status),
04124681 4034 &rp, sizeof(rp));
a5c29683 4035
a664b5bc 4036 mgmt_pending_remove(cmd);
a5c29683
JH		 4037
4038 return err;
4039}
4040
744cf19e 4041int mgmt_user_confirm_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 4042 u8 link_type, u8 addr_type, u8 status)
a5c29683 4043{
272d90df 4044 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
04124681 4045 status, MGMT_OP_USER_CONFIRM_REPLY);
a5c29683
JH		 4046}
4047
272d90df 4048int mgmt_user_confirm_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 4049 u8 link_type, u8 addr_type, u8 status)
a5c29683 4050{
272d90df 4051 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
8fc9ced3
GP		 4052 status,
4053 MGMT_OP_USER_CONFIRM_NEG_REPLY);
a5c29683 4054}
2a611692 4055
604086b7 4056int mgmt_user_passkey_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 4057 u8 link_type, u8 addr_type, u8 status)
604086b7 4058{
272d90df 4059 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
04124681 4060 status, MGMT_OP_USER_PASSKEY_REPLY);
604086b7
BG		 4061}
4062
272d90df 4063int mgmt_user_passkey_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 4064 u8 link_type, u8 addr_type, u8 status)
604086b7 4065{
272d90df 4066 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
8fc9ced3
GP		 4067 status,
4068 MGMT_OP_USER_PASSKEY_NEG_REPLY);
604086b7
BG		 4069}
4070
92a25256
JH		 4071int mgmt_user_passkey_notify(struct hci_dev *hdev, bdaddr_t *bdaddr,
4072 u8 link_type, u8 addr_type, u32 passkey,
4073 u8 entered)
4074{
4075 struct mgmt_ev_passkey_notify ev;
4076
4077 BT_DBG("%s", hdev->name);
4078
4079 bacpy(&ev.addr.bdaddr, bdaddr);
4080 ev.addr.type = link_to_bdaddr(link_type, addr_type);
4081 ev.passkey = __cpu_to_le32(passkey);
4082 ev.entered = entered;
4083
4084 return mgmt_event(MGMT_EV_PASSKEY_NOTIFY, hdev, &ev, sizeof(ev), NULL);
4085}
4086
bab73cb6 4087int mgmt_auth_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
04124681 4088 u8 addr_type, u8 status)
2a611692
JH		 4089{
4090 struct mgmt_ev_auth_failed ev;
4091
bab73cb6 4092 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 4093 ev.addr.type = link_to_bdaddr(link_type, addr_type);
ca69b795 4094 ev.status = mgmt_status(status);
2a611692 4095
744cf19e 4096 return mgmt_event(MGMT_EV_AUTH_FAILED, hdev, &ev, sizeof(ev), NULL);
2a611692 4097}
b312b161 4098
33ef95ed
JH		 4099int mgmt_auth_enable_complete(struct hci_dev *hdev, u8 status)
4100{
4101 struct cmd_lookup match = { NULL, hdev };
47990ea0
JH		 4102 bool changed = false;
4103 int err = 0;
33ef95ed
JH		 4104
4105 if (status) {
4106 u8 mgmt_err = mgmt_status(status);
4107 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev,
04124681 4108 cmd_status_rsp, &mgmt_err);
33ef95ed
JH		 4109 return 0;
4110 }
4111
47990ea0
JH		 4112 if (test_bit(HCI_AUTH, &hdev->flags)) {
4113 if (!test_and_set_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
4114 changed = true;
4115 } else {
4116 if (test_and_clear_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
4117 changed = true;
4118 }
4119
33ef95ed 4120 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev, settings_rsp,
04124681 4121 &match);
33ef95ed 4122
47990ea0
JH		 4123 if (changed)
4124 err = new_settings(hdev, match.sk);
33ef95ed
JH		 4125
4126 if (match.sk)
4127 sock_put(match.sk);
4128
4129 return err;
4130}
4131
890ea898 4132static void clear_eir(struct hci_request *req)
cacaf52f 4133{
890ea898 4134 struct hci_dev *hdev = req->hdev;
cacaf52f
JH		 4135 struct hci_cp_write_eir cp;
4136
976eb20e 4137 if (!lmp_ext_inq_capable(hdev))
890ea898 4138 return;
cacaf52f 4139
c80da27e
JH		 4140 memset(hdev->eir, 0, sizeof(hdev->eir));
4141
cacaf52f
JH		 4142 memset(&cp, 0, sizeof(cp));
4143
890ea898 4144 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
cacaf52f
JH		 4145}
4146
c0ecddc2 4147int mgmt_ssp_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
ed2c4ee3
JH		 4148{
4149 struct cmd_lookup match = { NULL, hdev };
890ea898 4150 struct hci_request req;
c0ecddc2
JH		 4151 bool changed = false;
4152 int err = 0;
ed2c4ee3
JH		 4153
4154 if (status) {
4155 u8 mgmt_err = mgmt_status(status);
c0ecddc2
JH		 4156
4157 if (enable && test_and_clear_bit(HCI_SSP_ENABLED,
04124681 4158 &hdev->dev_flags))
c0ecddc2
JH		 4159 err = new_settings(hdev, NULL);
4160
04124681
GP		 4161 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, cmd_status_rsp,
4162 &mgmt_err);
c0ecddc2
JH		 4163
4164 return err;
4165 }
4166
4167 if (enable) {
4168 if (!test_and_set_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
4169 changed = true;
4170 } else {
4171 if (test_and_clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
4172 changed = true;
ed2c4ee3
JH		 4173 }
4174
4175 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, settings_rsp, &match);
4176
c0ecddc2
JH		 4177 if (changed)
4178 err = new_settings(hdev, match.sk);
ed2c4ee3 4179
5fc6ebb1 4180 if (match.sk)
ed2c4ee3
JH		 4181 sock_put(match.sk);
4182
890ea898
JH		 4183 hci_req_init(&req, hdev);
4184
5fc6ebb1 4185 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
890ea898 4186 update_eir(&req);
5fc6ebb1 4187 else
890ea898
JH		 4188 clear_eir(&req);
4189
4190 hci_req_run(&req, NULL);
cacaf52f 4191
ed2c4ee3
JH		 4192 return err;
4193}
4194
92da6097 4195static void sk_lookup(struct pending_cmd *cmd, void *data)
90e70454
JH		 4196{
4197 struct cmd_lookup *match = data;
4198
90e70454
JH		 4199 if (match->sk == NULL) {
4200 match->sk = cmd->sk;
4201 sock_hold(match->sk);
4202 }
90e70454
JH		 4203}
4204
7f9a903c 4205int mgmt_set_class_of_dev_complete(struct hci_dev *hdev, u8 *dev_class,
04124681 4206 u8 status)
7f9a903c 4207{
90e70454
JH		 4208 struct cmd_lookup match = { NULL, hdev, mgmt_status(status) };
4209 int err = 0;
7f9a903c 4210
92da6097
JH		 4211 mgmt_pending_foreach(MGMT_OP_SET_DEV_CLASS, hdev, sk_lookup, &match);
4212 mgmt_pending_foreach(MGMT_OP_ADD_UUID, hdev, sk_lookup, &match);
4213 mgmt_pending_foreach(MGMT_OP_REMOVE_UUID, hdev, sk_lookup, &match);
90e70454
JH		 4214
4215 if (!status)
04124681
GP		 4216 err = mgmt_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev, dev_class,
4217 3, NULL);
90e70454
JH		 4218
4219 if (match.sk)
4220 sock_put(match.sk);
7f9a903c
MH		 4221
4222 return err;
4223}
4224
744cf19e 4225int mgmt_set_local_name_complete(struct hci_dev *hdev, u8 *name, u8 status)
b312b161 4226{
b312b161 4227 struct mgmt_cp_set_local_name ev;
13928971 4228 struct pending_cmd *cmd;
28cc7bde 4229
13928971
JH		 4230 if (status)
4231 return 0;
b312b161
JH		 4232
4233 memset(&ev, 0, sizeof(ev));
4234 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH);
28cc7bde 4235 memcpy(ev.short_name, hdev->short_name, HCI_MAX_SHORT_NAME_LENGTH);
b312b161 4236
2e58ef3e 4237 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
13928971
JH		 4238 if (!cmd) {
4239 memcpy(hdev->dev_name, name, sizeof(hdev->dev_name));
28cc7bde 4240
13928971
JH		 4241 /* If this is a HCI command related to powering on the
4242 * HCI dev don't send any mgmt signals.
4243 */
4244 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev))
4245 return 0;
890ea898 4246 }
b312b161 4247
13928971
JH		 4248 return mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, &ev, sizeof(ev),
4249 cmd ? cmd->sk : NULL);
b312b161 4250}
c35938b2 4251
744cf19e 4252int mgmt_read_local_oob_data_reply_complete(struct hci_dev *hdev, u8 *hash,
04124681 4253 u8 *randomizer, u8 status)
c35938b2
SJ		 4254{
4255 struct pending_cmd *cmd;
4256 int err;
4257
744cf19e 4258 BT_DBG("%s status %u", hdev->name, status);
c35938b2 4259
2e58ef3e 4260 cmd = mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev);
c35938b2
SJ		 4261 if (!cmd)
4262 return -ENOENT;
4263
4264 if (status) {
04124681
GP		 4265 err = cmd_status(cmd->sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
4266 mgmt_status(status));
c35938b2
SJ		 4267 } else {
4268 struct mgmt_rp_read_local_oob_data rp;
4269
4270 memcpy(rp.hash, hash, sizeof(rp.hash));
4271 memcpy(rp.randomizer, randomizer, sizeof(rp.randomizer));
4272
744cf19e 4273 err = cmd_complete(cmd->sk, hdev->id,
04124681
GP		 4274 MGMT_OP_READ_LOCAL_OOB_DATA, 0, &rp,
4275 sizeof(rp));
c35938b2
SJ		 4276 }
4277
4278 mgmt_pending_remove(cmd);
4279
4280 return err;
4281}
e17acd40 4282
48264f06 4283int mgmt_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
04124681
GP		 4284 u8 addr_type, u8 *dev_class, s8 rssi, u8 cfm_name, u8
4285 ssp, u8 *eir, u16 eir_len)
e17acd40 4286{
e319d2e7
JH		 4287 char buf[512];
4288 struct mgmt_ev_device_found *ev = (void *) buf;
1dc06093 4289 size_t ev_size;
e17acd40 4290
12602d0c
AG		 4291 if (!hci_discovery_active(hdev))
4292 return -EPERM;
4293
1dc06093
JH		 4294 /* Leave 5 bytes for a potential CoD field */
4295 if (sizeof(*ev) + eir_len + 5 > sizeof(buf))
7d262f86
AG		 4296 return -EINVAL;
4297
1dc06093
JH		 4298 memset(buf, 0, sizeof(buf));
4299
e319d2e7 4300 bacpy(&ev->addr.bdaddr, bdaddr);
57c1477c 4301 ev->addr.type = link_to_bdaddr(link_type, addr_type);
e319d2e7 4302 ev->rssi = rssi;
9a395a80 4303 if (cfm_name)
612dfce9 4304 ev->flags |= __constant_cpu_to_le32(MGMT_DEV_FOUND_CONFIRM_NAME);
388fc8fa 4305 if (!ssp)
612dfce9 4306 ev->flags |= __constant_cpu_to_le32(MGMT_DEV_FOUND_LEGACY_PAIRING);
e17acd40 4307
1dc06093 4308 if (eir_len > 0)
e319d2e7 4309 memcpy(ev->eir, eir, eir_len);
e17acd40 4310
1dc06093
JH		 4311 if (dev_class && !eir_has_data_type(ev->eir, eir_len, EIR_CLASS_OF_DEV))
4312 eir_len = eir_append_data(ev->eir, eir_len, EIR_CLASS_OF_DEV,
04124681 4313 dev_class, 3);
1dc06093 4314
eb55ef07 4315 ev->eir_len = cpu_to_le16(eir_len);
1dc06093 4316 ev_size = sizeof(*ev) + eir_len;
f8523598 4317
e319d2e7 4318 return mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, ev_size, NULL);
e17acd40 4319}
a88a9652 4320
b644ba33 4321int mgmt_remote_name(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
04124681 4322 u8 addr_type, s8 rssi, u8 *name, u8 name_len)
a88a9652 4323{
b644ba33
JH		 4324 struct mgmt_ev_device_found *ev;
4325 char buf[sizeof(*ev) + HCI_MAX_NAME_LENGTH + 2];
4326 u16 eir_len;
a88a9652 4327
b644ba33 4328 ev = (struct mgmt_ev_device_found *) buf;
a88a9652 4329
b644ba33
JH		 4330 memset(buf, 0, sizeof(buf));
4331
4332 bacpy(&ev->addr.bdaddr, bdaddr);
57c1477c 4333 ev->addr.type = link_to_bdaddr(link_type, addr_type);
b644ba33
JH		 4334 ev->rssi = rssi;
4335
4336 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE, name,
04124681 4337 name_len);
b644ba33 4338
eb55ef07 4339 ev->eir_len = cpu_to_le16(eir_len);
a88a9652 4340
053c7e0c 4341 return mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev,
04124681 4342 sizeof(*ev) + eir_len, NULL);
a88a9652 4343}
314b2381 4344
744cf19e 4345int mgmt_discovering(struct hci_dev *hdev, u8 discovering)
314b2381 4346{
f963e8e9 4347 struct mgmt_ev_discovering ev;
164a6e78
JH		 4348 struct pending_cmd *cmd;
4349
343fb145
AG		 4350 BT_DBG("%s discovering %u", hdev->name, discovering);
4351
164a6e78 4352 if (discovering)
2e58ef3e 4353 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
164a6e78 4354 else
2e58ef3e 4355 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
164a6e78
JH		 4356
4357 if (cmd != NULL) {
f808e166
JH		 4358 u8 type = hdev->discovery.type;
4359
04124681
GP		 4360 cmd_complete(cmd->sk, hdev->id, cmd->opcode, 0, &type,
4361 sizeof(type));
164a6e78
JH		 4362 mgmt_pending_remove(cmd);
4363 }
4364
f963e8e9
JH		 4365 memset(&ev, 0, sizeof(ev));
4366 ev.type = hdev->discovery.type;
4367 ev.discovering = discovering;
4368
4369 return mgmt_event(MGMT_EV_DISCOVERING, hdev, &ev, sizeof(ev), NULL);
314b2381 4370}
5e762444 4371
88c1fe4b 4372int mgmt_device_blocked(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
5e762444
AJ		 4373{
4374 struct pending_cmd *cmd;
4375 struct mgmt_ev_device_blocked ev;
4376
2e58ef3e 4377 cmd = mgmt_pending_find(MGMT_OP_BLOCK_DEVICE, hdev);
5e762444 4378
88c1fe4b
JH		 4379 bacpy(&ev.addr.bdaddr, bdaddr);
4380 ev.addr.type = type;
5e762444 4381
744cf19e 4382 return mgmt_event(MGMT_EV_DEVICE_BLOCKED, hdev, &ev, sizeof(ev),
04124681 4383 cmd ? cmd->sk : NULL);
5e762444
AJ		 4384}
4385
88c1fe4b 4386int mgmt_device_unblocked(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
5e762444
AJ		 4387{
4388 struct pending_cmd *cmd;
4389 struct mgmt_ev_device_unblocked ev;
4390
2e58ef3e 4391 cmd = mgmt_pending_find(MGMT_OP_UNBLOCK_DEVICE, hdev);
5e762444 4392
88c1fe4b
JH		 4393 bacpy(&ev.addr.bdaddr, bdaddr);
4394 ev.addr.type = type;
5e762444 4395
744cf19e 4396 return mgmt_event(MGMT_EV_DEVICE_UNBLOCKED, hdev, &ev, sizeof(ev),
04124681 4397 cmd ? cmd->sk : NULL);
5e762444 4398}
d7b7e796
MH		 4399
4400module_param(enable_hs, bool, 0644);
4401MODULE_PARM_DESC(enable_hs, "Enable High Speed support");
Linux kernel - Deliverables
This page took 0.701158 seconds and 5 git commands to generate.