projects / deliverable / linux.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Bluetooth: Enable Secure Connection during power on if configured
[deliverable/linux.git] / net / bluetooth / mgmt.c
CommitLineData
0381101f
JH		 1/*
2 BlueZ - Bluetooth protocol stack for Linux
ea585ab5 3
0381101f 4 Copyright (C) 2010 Nokia Corporation
ea585ab5 5 Copyright (C) 2011-2012 Intel Corporation
0381101f
JH		 6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
10
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
23*/
24
25/* Bluetooth HCI Management interface */
26
3a9a231d 27#include <linux/module.h>
0381101f
JH		 28#include <asm/unaligned.h>
29
30#include <net/bluetooth/bluetooth.h>
31#include <net/bluetooth/hci_core.h>
32#include <net/bluetooth/mgmt.h>
ac4b7236
MH		 33
34#include "smp.h"
0381101f 35
2da9c55c 36#define MGMT_VERSION 1
9ab8cf37 37#define MGMT_REVISION 4
02d98129 38
e70bb2e8
JH		 39static const u16 mgmt_commands[] = {
40 MGMT_OP_READ_INDEX_LIST,
41 MGMT_OP_READ_INFO,
42 MGMT_OP_SET_POWERED,
43 MGMT_OP_SET_DISCOVERABLE,
44 MGMT_OP_SET_CONNECTABLE,
45 MGMT_OP_SET_FAST_CONNECTABLE,
46 MGMT_OP_SET_PAIRABLE,
47 MGMT_OP_SET_LINK_SECURITY,
48 MGMT_OP_SET_SSP,
49 MGMT_OP_SET_HS,
50 MGMT_OP_SET_LE,
51 MGMT_OP_SET_DEV_CLASS,
52 MGMT_OP_SET_LOCAL_NAME,
53 MGMT_OP_ADD_UUID,
54 MGMT_OP_REMOVE_UUID,
55 MGMT_OP_LOAD_LINK_KEYS,
56 MGMT_OP_LOAD_LONG_TERM_KEYS,
57 MGMT_OP_DISCONNECT,
58 MGMT_OP_GET_CONNECTIONS,
59 MGMT_OP_PIN_CODE_REPLY,
60 MGMT_OP_PIN_CODE_NEG_REPLY,
61 MGMT_OP_SET_IO_CAPABILITY,
62 MGMT_OP_PAIR_DEVICE,
63 MGMT_OP_CANCEL_PAIR_DEVICE,
64 MGMT_OP_UNPAIR_DEVICE,
65 MGMT_OP_USER_CONFIRM_REPLY,
66 MGMT_OP_USER_CONFIRM_NEG_REPLY,
67 MGMT_OP_USER_PASSKEY_REPLY,
68 MGMT_OP_USER_PASSKEY_NEG_REPLY,
69 MGMT_OP_READ_LOCAL_OOB_DATA,
70 MGMT_OP_ADD_REMOTE_OOB_DATA,
71 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
72 MGMT_OP_START_DISCOVERY,
73 MGMT_OP_STOP_DISCOVERY,
74 MGMT_OP_CONFIRM_NAME,
75 MGMT_OP_BLOCK_DEVICE,
76 MGMT_OP_UNBLOCK_DEVICE,
cdbaccca 77 MGMT_OP_SET_DEVICE_ID,
4375f103 78 MGMT_OP_SET_ADVERTISING,
0663ca2a 79 MGMT_OP_SET_BREDR,
d13eafce 80 MGMT_OP_SET_STATIC_ADDRESS,
7f72134e 81 MGMT_OP_SET_SCAN_PARAMS,
e98d2ce2 82 MGMT_OP_SET_SECURE_CONN,
e70bb2e8
JH		 83};
84
85static const u16 mgmt_events[] = {
86 MGMT_EV_CONTROLLER_ERROR,
87 MGMT_EV_INDEX_ADDED,
88 MGMT_EV_INDEX_REMOVED,
89 MGMT_EV_NEW_SETTINGS,
90 MGMT_EV_CLASS_OF_DEV_CHANGED,
91 MGMT_EV_LOCAL_NAME_CHANGED,
92 MGMT_EV_NEW_LINK_KEY,
93 MGMT_EV_NEW_LONG_TERM_KEY,
94 MGMT_EV_DEVICE_CONNECTED,
95 MGMT_EV_DEVICE_DISCONNECTED,
96 MGMT_EV_CONNECT_FAILED,
97 MGMT_EV_PIN_CODE_REQUEST,
98 MGMT_EV_USER_CONFIRM_REQUEST,
99 MGMT_EV_USER_PASSKEY_REQUEST,
100 MGMT_EV_AUTH_FAILED,
101 MGMT_EV_DEVICE_FOUND,
102 MGMT_EV_DISCOVERING,
103 MGMT_EV_DEVICE_BLOCKED,
104 MGMT_EV_DEVICE_UNBLOCKED,
105 MGMT_EV_DEVICE_UNPAIRED,
92a25256 106 MGMT_EV_PASSKEY_NOTIFY,
e70bb2e8
JH		 107};
108
17b02e62 109#define CACHE_TIMEOUT msecs_to_jiffies(2 * 1000)
7d78525d 110
4b34ee78
JH		 111#define hdev_is_powered(hdev) (test_bit(HCI_UP, &hdev->flags) && \
112 !test_bit(HCI_AUTO_OFF, &hdev->dev_flags))
113
eec8d2bc
JH		 114struct pending_cmd {
115 struct list_head list;
fc2f4b13 116 u16 opcode;
eec8d2bc 117 int index;
c68fb7ff 118 void *param;
eec8d2bc 119 struct sock *sk;
e9a416b5 120 void *user_data;
eec8d2bc
JH		 121};
122
ca69b795
JH		 123/* HCI to MGMT error code conversion table */
124static u8 mgmt_status_table[] = {
125 MGMT_STATUS_SUCCESS,
126 MGMT_STATUS_UNKNOWN_COMMAND, /* Unknown Command */
127 MGMT_STATUS_NOT_CONNECTED, /* No Connection */
128 MGMT_STATUS_FAILED, /* Hardware Failure */
129 MGMT_STATUS_CONNECT_FAILED, /* Page Timeout */
130 MGMT_STATUS_AUTH_FAILED, /* Authentication Failed */
131 MGMT_STATUS_NOT_PAIRED, /* PIN or Key Missing */
132 MGMT_STATUS_NO_RESOURCES, /* Memory Full */
133 MGMT_STATUS_TIMEOUT, /* Connection Timeout */
134 MGMT_STATUS_NO_RESOURCES, /* Max Number of Connections */
135 MGMT_STATUS_NO_RESOURCES, /* Max Number of SCO Connections */
136 MGMT_STATUS_ALREADY_CONNECTED, /* ACL Connection Exists */
137 MGMT_STATUS_BUSY, /* Command Disallowed */
138 MGMT_STATUS_NO_RESOURCES, /* Rejected Limited Resources */
139 MGMT_STATUS_REJECTED, /* Rejected Security */
140 MGMT_STATUS_REJECTED, /* Rejected Personal */
141 MGMT_STATUS_TIMEOUT, /* Host Timeout */
142 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Feature */
143 MGMT_STATUS_INVALID_PARAMS, /* Invalid Parameters */
144 MGMT_STATUS_DISCONNECTED, /* OE User Ended Connection */
145 MGMT_STATUS_NO_RESOURCES, /* OE Low Resources */
146 MGMT_STATUS_DISCONNECTED, /* OE Power Off */
147 MGMT_STATUS_DISCONNECTED, /* Connection Terminated */
148 MGMT_STATUS_BUSY, /* Repeated Attempts */
149 MGMT_STATUS_REJECTED, /* Pairing Not Allowed */
150 MGMT_STATUS_FAILED, /* Unknown LMP PDU */
151 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Remote Feature */
152 MGMT_STATUS_REJECTED, /* SCO Offset Rejected */
153 MGMT_STATUS_REJECTED, /* SCO Interval Rejected */
154 MGMT_STATUS_REJECTED, /* Air Mode Rejected */
155 MGMT_STATUS_INVALID_PARAMS, /* Invalid LMP Parameters */
156 MGMT_STATUS_FAILED, /* Unspecified Error */
157 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported LMP Parameter Value */
158 MGMT_STATUS_FAILED, /* Role Change Not Allowed */
159 MGMT_STATUS_TIMEOUT, /* LMP Response Timeout */
160 MGMT_STATUS_FAILED, /* LMP Error Transaction Collision */
161 MGMT_STATUS_FAILED, /* LMP PDU Not Allowed */
162 MGMT_STATUS_REJECTED, /* Encryption Mode Not Accepted */
163 MGMT_STATUS_FAILED, /* Unit Link Key Used */
164 MGMT_STATUS_NOT_SUPPORTED, /* QoS Not Supported */
165 MGMT_STATUS_TIMEOUT, /* Instant Passed */
166 MGMT_STATUS_NOT_SUPPORTED, /* Pairing Not Supported */
167 MGMT_STATUS_FAILED, /* Transaction Collision */
168 MGMT_STATUS_INVALID_PARAMS, /* Unacceptable Parameter */
169 MGMT_STATUS_REJECTED, /* QoS Rejected */
170 MGMT_STATUS_NOT_SUPPORTED, /* Classification Not Supported */
171 MGMT_STATUS_REJECTED, /* Insufficient Security */
172 MGMT_STATUS_INVALID_PARAMS, /* Parameter Out Of Range */
173 MGMT_STATUS_BUSY, /* Role Switch Pending */
174 MGMT_STATUS_FAILED, /* Slot Violation */
175 MGMT_STATUS_FAILED, /* Role Switch Failed */
176 MGMT_STATUS_INVALID_PARAMS, /* EIR Too Large */
177 MGMT_STATUS_NOT_SUPPORTED, /* Simple Pairing Not Supported */
178 MGMT_STATUS_BUSY, /* Host Busy Pairing */
179 MGMT_STATUS_REJECTED, /* Rejected, No Suitable Channel */
180 MGMT_STATUS_BUSY, /* Controller Busy */
181 MGMT_STATUS_INVALID_PARAMS, /* Unsuitable Connection Interval */
182 MGMT_STATUS_TIMEOUT, /* Directed Advertising Timeout */
183 MGMT_STATUS_AUTH_FAILED, /* Terminated Due to MIC Failure */
184 MGMT_STATUS_CONNECT_FAILED, /* Connection Establishment Failed */
185 MGMT_STATUS_CONNECT_FAILED, /* MAC Connection Failed */
186};
187
188static u8 mgmt_status(u8 hci_status)
189{
190 if (hci_status < ARRAY_SIZE(mgmt_status_table))
191 return mgmt_status_table[hci_status];
192
193 return MGMT_STATUS_FAILED;
194}
195
4e51eae9 196static int cmd_status(struct sock *sk, u16 index, u16 cmd, u8 status)
f7b64e69
JH		 197{
198 struct sk_buff *skb;
199 struct mgmt_hdr *hdr;
200 struct mgmt_ev_cmd_status *ev;
56b7d137 201 int err;
f7b64e69 202
34eb525c 203 BT_DBG("sock %p, index %u, cmd %u, status %u", sk, index, cmd, status);
f7b64e69 204
790eff44 205 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev), GFP_KERNEL);
f7b64e69
JH		 206 if (!skb)
207 return -ENOMEM;
208
209 hdr = (void *) skb_put(skb, sizeof(*hdr));
210
612dfce9 211 hdr->opcode = __constant_cpu_to_le16(MGMT_EV_CMD_STATUS);
4e51eae9 212 hdr->index = cpu_to_le16(index);
f7b64e69
JH		 213 hdr->len = cpu_to_le16(sizeof(*ev));
214
215 ev = (void *) skb_put(skb, sizeof(*ev));
216 ev->status = status;
eb55ef07 217 ev->opcode = cpu_to_le16(cmd);
f7b64e69 218
56b7d137
GP		 219 err = sock_queue_rcv_skb(sk, skb);
220 if (err < 0)
f7b64e69
JH		 221 kfree_skb(skb);
222
56b7d137 223 return err;
f7b64e69
JH		 224}
225
aee9b218 226static int cmd_complete(struct sock *sk, u16 index, u16 cmd, u8 status,
04124681 227 void *rp, size_t rp_len)
02d98129
JH		 228{
229 struct sk_buff *skb;
230 struct mgmt_hdr *hdr;
231 struct mgmt_ev_cmd_complete *ev;
56b7d137 232 int err;
02d98129
JH		 233
234 BT_DBG("sock %p", sk);
235
790eff44 236 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev) + rp_len, GFP_KERNEL);
02d98129
JH		 237 if (!skb)
238 return -ENOMEM;
239
240 hdr = (void *) skb_put(skb, sizeof(*hdr));
02d98129 241
612dfce9 242 hdr->opcode = __constant_cpu_to_le16(MGMT_EV_CMD_COMPLETE);
4e51eae9 243 hdr->index = cpu_to_le16(index);
a38528f1 244 hdr->len = cpu_to_le16(sizeof(*ev) + rp_len);
02d98129 245
a38528f1 246 ev = (void *) skb_put(skb, sizeof(*ev) + rp_len);
eb55ef07 247 ev->opcode = cpu_to_le16(cmd);
aee9b218 248 ev->status = status;
8020c16a
SJ		 249
250 if (rp)
251 memcpy(ev->data, rp, rp_len);
02d98129 252
56b7d137
GP		 253 err = sock_queue_rcv_skb(sk, skb);
254 if (err < 0)
02d98129
JH		 255 kfree_skb(skb);
256
e5f0e151 257 return err;
02d98129
JH		 258}
259
04124681
GP		 260static int read_version(struct sock *sk, struct hci_dev *hdev, void *data,
261 u16 data_len)
a38528f1
JH		 262{
263 struct mgmt_rp_read_version rp;
264
265 BT_DBG("sock %p", sk);
266
267 rp.version = MGMT_VERSION;
eb55ef07 268 rp.revision = __constant_cpu_to_le16(MGMT_REVISION);
a38528f1 269
aee9b218 270 return cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_VERSION, 0, &rp,
04124681 271 sizeof(rp));
a38528f1
JH		 272}
273
04124681
GP		 274static int read_commands(struct sock *sk, struct hci_dev *hdev, void *data,
275 u16 data_len)
e70bb2e8
JH		 276{
277 struct mgmt_rp_read_commands *rp;
eb55ef07
MH		 278 const u16 num_commands = ARRAY_SIZE(mgmt_commands);
279 const u16 num_events = ARRAY_SIZE(mgmt_events);
2e3c35ea 280 __le16 *opcode;
e70bb2e8
JH		 281 size_t rp_size;
282 int i, err;
283
284 BT_DBG("sock %p", sk);
285
286 rp_size = sizeof(*rp) + ((num_commands + num_events) * sizeof(u16));
287
288 rp = kmalloc(rp_size, GFP_KERNEL);
289 if (!rp)
290 return -ENOMEM;
291
eb55ef07
MH		 292 rp->num_commands = __constant_cpu_to_le16(num_commands);
293 rp->num_events = __constant_cpu_to_le16(num_events);
e70bb2e8
JH		 294
295 for (i = 0, opcode = rp->opcodes; i < num_commands; i++, opcode++)
296 put_unaligned_le16(mgmt_commands[i], opcode);
297
298 for (i = 0; i < num_events; i++, opcode++)
299 put_unaligned_le16(mgmt_events[i], opcode);
300
aee9b218 301 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_COMMANDS, 0, rp,
04124681 302 rp_size);
e70bb2e8
JH		 303 kfree(rp);
304
305 return err;
306}
307
04124681
GP		 308static int read_index_list(struct sock *sk, struct hci_dev *hdev, void *data,
309 u16 data_len)
faba42eb 310{
faba42eb 311 struct mgmt_rp_read_index_list *rp;
8035ded4 312 struct hci_dev *d;
a38528f1 313 size_t rp_len;
faba42eb 314 u16 count;
476e44cb 315 int err;
faba42eb
JH		 316
317 BT_DBG("sock %p", sk);
318
319 read_lock(&hci_dev_list_lock);
320
321 count = 0;
bb4b2a9a 322 list_for_each_entry(d, &hci_dev_list, list) {
1514b892
MH		 323 if (d->dev_type == HCI_BREDR)
324 count++;
faba42eb
JH		 325 }
326
a38528f1
JH		 327 rp_len = sizeof(*rp) + (2 * count);
328 rp = kmalloc(rp_len, GFP_ATOMIC);
329 if (!rp) {
b2c60d42 330 read_unlock(&hci_dev_list_lock);
faba42eb 331 return -ENOMEM;
b2c60d42 332 }
faba42eb 333
476e44cb 334 count = 0;
8035ded4 335 list_for_each_entry(d, &hci_dev_list, list) {
a8b2d5c2 336 if (test_bit(HCI_SETUP, &d->dev_flags))
ab81cbf9
JH		 337 continue;
338
0736cfa8
MH		 339 if (test_bit(HCI_USER_CHANNEL, &d->dev_flags))
340 continue;
341
1514b892
MH		 342 if (d->dev_type == HCI_BREDR) {
343 rp->index[count++] = cpu_to_le16(d->id);
344 BT_DBG("Added hci%u", d->id);
345 }
faba42eb
JH		 346 }
347
476e44cb
JH		 348 rp->num_controllers = cpu_to_le16(count);
349 rp_len = sizeof(*rp) + (2 * count);
350
faba42eb
JH		 351 read_unlock(&hci_dev_list_lock);
352
aee9b218 353 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_INDEX_LIST, 0, rp,
04124681 354 rp_len);
faba42eb 355
a38528f1
JH		 356 kfree(rp);
357
358 return err;
faba42eb
JH		 359}
360
69ab39ea
JH		 361static u32 get_supported_settings(struct hci_dev *hdev)
362{
363 u32 settings = 0;
364
365 settings |= MGMT_SETTING_POWERED;
69ab39ea
JH		 366 settings |= MGMT_SETTING_PAIRABLE;
367
ed3fa31f 368 if (lmp_bredr_capable(hdev)) {
33c525c0 369 settings |= MGMT_SETTING_CONNECTABLE;
1a47aee8
JH		 370 if (hdev->hci_ver >= BLUETOOTH_VER_1_2)
371 settings |= MGMT_SETTING_FAST_CONNECTABLE;
33c525c0 372 settings |= MGMT_SETTING_DISCOVERABLE;
69ab39ea
JH		 373 settings |= MGMT_SETTING_BREDR;
374 settings |= MGMT_SETTING_LINK_SECURITY;
a82974c9
MH		 375
376 if (lmp_ssp_capable(hdev)) {
377 settings |= MGMT_SETTING_SSP;
378 settings |= MGMT_SETTING_HS;
379 }
e98d2ce2
MH		 380
381 if (lmp_sc_capable(hdev))
382 settings |= MGMT_SETTING_SECURE_CONN;
848566b3 383 }
d7b7e796 384
eeca6f89 385 if (lmp_le_capable(hdev)) {
9d42820f 386 settings |= MGMT_SETTING_LE;
eeca6f89
JH		 387 settings |= MGMT_SETTING_ADVERTISING;
388 }
69ab39ea
JH		 389
390 return settings;
391}
392
393static u32 get_current_settings(struct hci_dev *hdev)
394{
395 u32 settings = 0;
396
f1f0eb02 397 if (hdev_is_powered(hdev))
f0d4b78a
MH		 398 settings |= MGMT_SETTING_POWERED;
399
5e5282bb 400 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
69ab39ea
JH		 401 settings |= MGMT_SETTING_CONNECTABLE;
402
1a4d3c4b
JH		 403 if (test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags))
404 settings |= MGMT_SETTING_FAST_CONNECTABLE;
405
5e5282bb 406 if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
69ab39ea
JH		 407 settings |= MGMT_SETTING_DISCOVERABLE;
408
a8b2d5c2 409 if (test_bit(HCI_PAIRABLE, &hdev->dev_flags))
69ab39ea
JH		 410 settings |= MGMT_SETTING_PAIRABLE;
411
56f87901 412 if (test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
69ab39ea
JH		 413 settings |= MGMT_SETTING_BREDR;
414
06199cf8 415 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
69ab39ea
JH		 416 settings |= MGMT_SETTING_LE;
417
47990ea0 418 if (test_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
69ab39ea
JH		 419 settings |= MGMT_SETTING_LINK_SECURITY;
420
84bde9d6 421 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
69ab39ea
JH		 422 settings |= MGMT_SETTING_SSP;
423
6d80dfd0
JH		 424 if (test_bit(HCI_HS_ENABLED, &hdev->dev_flags))
425 settings |= MGMT_SETTING_HS;
426
f3d3444a 427 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags))
eeca6f89
JH		 428 settings |= MGMT_SETTING_ADVERTISING;
429
e98d2ce2
MH		 430 if (test_bit(HCI_SC_ENABLED, &hdev->dev_flags))
431 settings |= MGMT_SETTING_SECURE_CONN;
432
69ab39ea
JH		 433 return settings;
434}
435
ef580372
JH		 436#define PNP_INFO_SVCLASS_ID 0x1200
437
213202ed
JH		 438static u8 *create_uuid16_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
439{
440 u8 *ptr = data, *uuids_start = NULL;
441 struct bt_uuid *uuid;
442
443 if (len < 4)
444 return ptr;
445
446 list_for_each_entry(uuid, &hdev->uuids, list) {
447 u16 uuid16;
448
449 if (uuid->size != 16)
450 continue;
451
452 uuid16 = get_unaligned_le16(&uuid->uuid[12]);
453 if (uuid16 < 0x1100)
454 continue;
455
456 if (uuid16 == PNP_INFO_SVCLASS_ID)
457 continue;
458
459 if (!uuids_start) {
460 uuids_start = ptr;
461 uuids_start[0] = 1;
462 uuids_start[1] = EIR_UUID16_ALL;
463 ptr += 2;
464 }
465
466 /* Stop if not enough space to put next UUID */
467 if ((ptr - data) + sizeof(u16) > len) {
468 uuids_start[1] = EIR_UUID16_SOME;
469 break;
470 }
471
472 *ptr++ = (uuid16 & 0x00ff);
473 *ptr++ = (uuid16 & 0xff00) >> 8;
474 uuids_start[0] += sizeof(uuid16);
475 }
476
477 return ptr;
478}
479
cdf1963f
JH		 480static u8 *create_uuid32_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
481{
482 u8 *ptr = data, *uuids_start = NULL;
483 struct bt_uuid *uuid;
484
485 if (len < 6)
486 return ptr;
487
488 list_for_each_entry(uuid, &hdev->uuids, list) {
489 if (uuid->size != 32)
490 continue;
491
492 if (!uuids_start) {
493 uuids_start = ptr;
494 uuids_start[0] = 1;
495 uuids_start[1] = EIR_UUID32_ALL;
496 ptr += 2;
497 }
498
499 /* Stop if not enough space to put next UUID */
500 if ((ptr - data) + sizeof(u32) > len) {
501 uuids_start[1] = EIR_UUID32_SOME;
502 break;
503 }
504
505 memcpy(ptr, &uuid->uuid[12], sizeof(u32));
506 ptr += sizeof(u32);
507 uuids_start[0] += sizeof(u32);
508 }
509
510 return ptr;
511}
512
c00d575b
JH		 513static u8 *create_uuid128_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
514{
515 u8 *ptr = data, *uuids_start = NULL;
516 struct bt_uuid *uuid;
517
518 if (len < 18)
519 return ptr;
520
521 list_for_each_entry(uuid, &hdev->uuids, list) {
522 if (uuid->size != 128)
523 continue;
524
525 if (!uuids_start) {
526 uuids_start = ptr;
527 uuids_start[0] = 1;
528 uuids_start[1] = EIR_UUID128_ALL;
529 ptr += 2;
530 }
531
532 /* Stop if not enough space to put next UUID */
533 if ((ptr - data) + 16 > len) {
534 uuids_start[1] = EIR_UUID128_SOME;
535 break;
536 }
537
538 memcpy(ptr, uuid->uuid, 16);
539 ptr += 16;
540 uuids_start[0] += 16;
541 }
542
543 return ptr;
544}
545
eb2a8d20
JH		 546static struct pending_cmd *mgmt_pending_find(u16 opcode, struct hci_dev *hdev)
547{
548 struct pending_cmd *cmd;
549
550 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
551 if (cmd->opcode == opcode)
552 return cmd;
553 }
554
555 return NULL;
556}
557
f14d8f64
MH		 558static u8 create_scan_rsp_data(struct hci_dev *hdev, u8 *ptr)
559{
7a5f4990
MH		 560 u8 ad_len = 0;
561 size_t name_len;
562
563 name_len = strlen(hdev->dev_name);
564 if (name_len > 0) {
565 size_t max_len = HCI_MAX_AD_LENGTH - ad_len - 2;
566
567 if (name_len > max_len) {
568 name_len = max_len;
569 ptr[1] = EIR_NAME_SHORT;
570 } else
571 ptr[1] = EIR_NAME_COMPLETE;
572
573 ptr[0] = name_len + 1;
574
575 memcpy(ptr + 2, hdev->dev_name, name_len);
576
577 ad_len += (name_len + 2);
578 ptr += (name_len + 2);
579 }
580
581 return ad_len;
f14d8f64
MH		 582}
583
584static void update_scan_rsp_data(struct hci_request *req)
585{
586 struct hci_dev *hdev = req->hdev;
587 struct hci_cp_le_set_scan_rsp_data cp;
588 u8 len;
589
7751ef1b 590 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
f14d8f64
MH		 591 return;
592
593 memset(&cp, 0, sizeof(cp));
594
595 len = create_scan_rsp_data(hdev, cp.data);
596
eb438b5f
JH		 597 if (hdev->scan_rsp_data_len == len &&
598 memcmp(cp.data, hdev->scan_rsp_data, len) == 0)
f14d8f64
MH		 599 return;
600
eb438b5f
JH		 601 memcpy(hdev->scan_rsp_data, cp.data, sizeof(cp.data));
602 hdev->scan_rsp_data_len = len;
f14d8f64
MH		 603
604 cp.length = len;
605
606 hci_req_add(req, HCI_OP_LE_SET_SCAN_RSP_DATA, sizeof(cp), &cp);
607}
608
9a43e25f
JH		 609static u8 get_adv_discov_flags(struct hci_dev *hdev)
610{
611 struct pending_cmd *cmd;
612
613 /* If there's a pending mgmt command the flags will not yet have
614 * their final values, so check for this first.
615 */
616 cmd = mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev);
617 if (cmd) {
618 struct mgmt_mode *cp = cmd->param;
619 if (cp->val == 0x01)
620 return LE_AD_GENERAL;
621 else if (cp->val == 0x02)
622 return LE_AD_LIMITED;
623 } else {
624 if (test_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags))
625 return LE_AD_LIMITED;
626 else if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
627 return LE_AD_GENERAL;
628 }
629
630 return 0;
631}
632
46cad2ed 633static u8 create_adv_data(struct hci_dev *hdev, u8 *ptr)
441ad2d0
MH		 634{
635 u8 ad_len = 0, flags = 0;
441ad2d0 636
9a43e25f 637 flags |= get_adv_discov_flags(hdev);
441ad2d0
MH		 638
639 if (test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
640 if (lmp_le_br_capable(hdev))
641 flags |= LE_AD_SIM_LE_BREDR_CTRL;
642 if (lmp_host_le_br_capable(hdev))
643 flags |= LE_AD_SIM_LE_BREDR_HOST;
644 } else {
645 flags |= LE_AD_NO_BREDR;
646 }
647
648 if (flags) {
649 BT_DBG("adv flags 0x%02x", flags);
650
651 ptr[0] = 2;
652 ptr[1] = EIR_FLAGS;
653 ptr[2] = flags;
654
655 ad_len += 3;
656 ptr += 3;
657 }
658
659 if (hdev->adv_tx_power != HCI_TX_POWER_INVALID) {
660 ptr[0] = 2;
661 ptr[1] = EIR_TX_POWER;
662 ptr[2] = (u8) hdev->adv_tx_power;
663
664 ad_len += 3;
665 ptr += 3;
666 }
667
441ad2d0
MH		 668 return ad_len;
669}
670
5947f4bc 671static void update_adv_data(struct hci_request *req)
441ad2d0
MH		 672{
673 struct hci_dev *hdev = req->hdev;
674 struct hci_cp_le_set_adv_data cp;
675 u8 len;
676
10994ce6 677 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
441ad2d0
MH		 678 return;
679
680 memset(&cp, 0, sizeof(cp));
681
46cad2ed 682 len = create_adv_data(hdev, cp.data);
441ad2d0
MH		 683
684 if (hdev->adv_data_len == len &&
685 memcmp(cp.data, hdev->adv_data, len) == 0)
686 return;
687
688 memcpy(hdev->adv_data, cp.data, sizeof(cp.data));
689 hdev->adv_data_len = len;
690
691 cp.length = len;
692
693 hci_req_add(req, HCI_OP_LE_SET_ADV_DATA, sizeof(cp), &cp);
694}
695
ef580372
JH		 696static void create_eir(struct hci_dev *hdev, u8 *data)
697{
698 u8 *ptr = data;
ef580372
JH		 699 size_t name_len;
700
701 name_len = strlen(hdev->dev_name);
702
703 if (name_len > 0) {
704 /* EIR Data type */
705 if (name_len > 48) {
706 name_len = 48;
707 ptr[1] = EIR_NAME_SHORT;
708 } else
709 ptr[1] = EIR_NAME_COMPLETE;
710
711 /* EIR Data length */
712 ptr[0] = name_len + 1;
713
714 memcpy(ptr + 2, hdev->dev_name, name_len);
715
ef580372
JH		 716 ptr += (name_len + 2);
717 }
718
bbaf444a 719 if (hdev->inq_tx_power != HCI_TX_POWER_INVALID) {
91c4e9b1
MH		 720 ptr[0] = 2;
721 ptr[1] = EIR_TX_POWER;
722 ptr[2] = (u8) hdev->inq_tx_power;
723
91c4e9b1
MH		 724 ptr += 3;
725 }
726
2b9be137
MH		 727 if (hdev->devid_source > 0) {
728 ptr[0] = 9;
729 ptr[1] = EIR_DEVICE_ID;
730
731 put_unaligned_le16(hdev->devid_source, ptr + 2);
732 put_unaligned_le16(hdev->devid_vendor, ptr + 4);
733 put_unaligned_le16(hdev->devid_product, ptr + 6);
734 put_unaligned_le16(hdev->devid_version, ptr + 8);
735
2b9be137
MH		 736 ptr += 10;
737 }
738
213202ed 739 ptr = create_uuid16_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
cdf1963f 740 ptr = create_uuid32_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
c00d575b 741 ptr = create_uuid128_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
ef580372
JH		 742}
743
890ea898 744static void update_eir(struct hci_request *req)
ef580372 745{
890ea898 746 struct hci_dev *hdev = req->hdev;
ef580372
JH		 747 struct hci_cp_write_eir cp;
748
504c8dcd 749 if (!hdev_is_powered(hdev))
890ea898 750 return;
7770c4aa 751
976eb20e 752 if (!lmp_ext_inq_capable(hdev))
890ea898 753 return;
ef580372 754
84bde9d6 755 if (!test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
890ea898 756 return;
ef580372 757
a8b2d5c2 758 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
890ea898 759 return;
ef580372
JH		 760
761 memset(&cp, 0, sizeof(cp));
762
763 create_eir(hdev, cp.data);
764
765 if (memcmp(cp.data, hdev->eir, sizeof(cp.data)) == 0)
890ea898 766 return;
ef580372
JH		 767
768 memcpy(hdev->eir, cp.data, sizeof(cp.data));
769
890ea898 770 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
ef580372
JH		 771}
772
773static u8 get_service_classes(struct hci_dev *hdev)
774{
775 struct bt_uuid *uuid;
776 u8 val = 0;
777
778 list_for_each_entry(uuid, &hdev->uuids, list)
779 val |= uuid->svc_hint;
780
781 return val;
782}
783
890ea898 784static void update_class(struct hci_request *req)
ef580372 785{
890ea898 786 struct hci_dev *hdev = req->hdev;
ef580372
JH		 787 u8 cod[3];
788
789 BT_DBG("%s", hdev->name);
790
504c8dcd 791 if (!hdev_is_powered(hdev))
890ea898 792 return;
7770c4aa 793
f87ea1da
JH		 794 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
795 return;
796
a8b2d5c2 797 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
890ea898 798 return;
ef580372
JH		 799
800 cod[0] = hdev->minor_class;
801 cod[1] = hdev->major_class;
802 cod[2] = get_service_classes(hdev);
803
6acd7db4
MH		 804 if (test_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags))
805 cod[1] |= 0x20;
806
ef580372 807 if (memcmp(cod, hdev->dev_class, 3) == 0)
890ea898 808 return;
ef580372 809
890ea898 810 hci_req_add(req, HCI_OP_WRITE_CLASS_OF_DEV, sizeof(cod), cod);
ef580372
JH		 811}
812
7d78525d
JH		 813static void service_cache_off(struct work_struct *work)
814{
815 struct hci_dev *hdev = container_of(work, struct hci_dev,
04124681 816 service_cache.work);
890ea898 817 struct hci_request req;
7d78525d 818
a8b2d5c2 819 if (!test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
7d78525d
JH		 820 return;
821
890ea898
JH		 822 hci_req_init(&req, hdev);
823
7d78525d
JH		 824 hci_dev_lock(hdev);
825
890ea898
JH		 826 update_eir(&req);
827 update_class(&req);
7d78525d
JH		 828
829 hci_dev_unlock(hdev);
890ea898
JH		 830
831 hci_req_run(&req, NULL);
7d78525d
JH		 832}
833
6a919082 834static void mgmt_init_hdev(struct sock *sk, struct hci_dev *hdev)
7d78525d 835{
4f87da80 836 if (test_and_set_bit(HCI_MGMT, &hdev->dev_flags))
6a919082
JH		 837 return;
838
4f87da80 839 INIT_DELAYED_WORK(&hdev->service_cache, service_cache_off);
7d78525d 840
4f87da80
JH		 841 /* Non-mgmt controlled devices get this bit set
842 * implicitly so that pairing works for them, however
843 * for mgmt we require user-space to explicitly enable
844 * it
845 */
846 clear_bit(HCI_PAIRABLE, &hdev->dev_flags);
7d78525d
JH		 847}
848
0f4e68cf 849static int read_controller_info(struct sock *sk, struct hci_dev *hdev,
04124681 850 void *data, u16 data_len)
0381101f 851{
a38528f1 852 struct mgmt_rp_read_info rp;
f7b64e69 853
bdb6d971 854 BT_DBG("sock %p %s", sk, hdev->name);
f7b64e69 855
09fd0de5 856 hci_dev_lock(hdev);
f7b64e69 857
dc4fe30b
JH		 858 memset(&rp, 0, sizeof(rp));
859
69ab39ea 860 bacpy(&rp.bdaddr, &hdev->bdaddr);
f7b64e69 861
69ab39ea 862 rp.version = hdev->hci_ver;
eb55ef07 863 rp.manufacturer = cpu_to_le16(hdev->manufacturer);
69ab39ea
JH		 864
865 rp.supported_settings = cpu_to_le32(get_supported_settings(hdev));
866 rp.current_settings = cpu_to_le32(get_current_settings(hdev));
f7b64e69 867
a38528f1 868 memcpy(rp.dev_class, hdev->dev_class, 3);
f7b64e69 869
dc4fe30b 870 memcpy(rp.name, hdev->dev_name, sizeof(hdev->dev_name));
27fcc362 871 memcpy(rp.short_name, hdev->short_name, sizeof(hdev->short_name));
dc4fe30b 872
09fd0de5 873 hci_dev_unlock(hdev);
0381101f 874
bdb6d971 875 return cmd_complete(sk, hdev->id, MGMT_OP_READ_INFO, 0, &rp,
04124681 876 sizeof(rp));
0381101f
JH		 877}
878
eec8d2bc
JH		 879static void mgmt_pending_free(struct pending_cmd *cmd)
880{
881 sock_put(cmd->sk);
c68fb7ff 882 kfree(cmd->param);
eec8d2bc
JH		 883 kfree(cmd);
884}
885
366a0336 886static struct pending_cmd *mgmt_pending_add(struct sock *sk, u16 opcode,
04124681
GP		 887 struct hci_dev *hdev, void *data,
888 u16 len)
eec8d2bc
JH		 889{
890 struct pending_cmd *cmd;
891
12b94565 892 cmd = kmalloc(sizeof(*cmd), GFP_KERNEL);
eec8d2bc 893 if (!cmd)
366a0336 894 return NULL;
eec8d2bc
JH		 895
896 cmd->opcode = opcode;
2e58ef3e 897 cmd->index = hdev->id;
eec8d2bc 898
12b94565 899 cmd->param = kmalloc(len, GFP_KERNEL);
c68fb7ff 900 if (!cmd->param) {
eec8d2bc 901 kfree(cmd);
366a0336 902 return NULL;
eec8d2bc
JH		 903 }
904
8fce6357
SJ		 905 if (data)
906 memcpy(cmd->param, data, len);
eec8d2bc
JH		 907
908 cmd->sk = sk;
909 sock_hold(sk);
910
2e58ef3e 911 list_add(&cmd->list, &hdev->mgmt_pending);
eec8d2bc 912
366a0336 913 return cmd;
eec8d2bc
JH		 914}
915
744cf19e 916static void mgmt_pending_foreach(u16 opcode, struct hci_dev *hdev,
8fc9ced3
GP		 917 void (*cb)(struct pending_cmd *cmd,
918 void *data),
04124681 919 void *data)
eec8d2bc 920{
a3d09356 921 struct pending_cmd *cmd, *tmp;
eec8d2bc 922
a3d09356 923 list_for_each_entry_safe(cmd, tmp, &hdev->mgmt_pending, list) {
b24752fe 924 if (opcode > 0 && cmd->opcode != opcode)
eec8d2bc
JH		 925 continue;
926
eec8d2bc
JH		 927 cb(cmd, data);
928 }
929}
930
a664b5bc 931static void mgmt_pending_remove(struct pending_cmd *cmd)
73f22f62 932{
73f22f62
JH		 933 list_del(&cmd->list);
934 mgmt_pending_free(cmd);
935}
936
69ab39ea 937static int send_settings_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
8680570b 938{
69ab39ea 939 __le32 settings = cpu_to_le32(get_current_settings(hdev));
8680570b 940
aee9b218 941 return cmd_complete(sk, hdev->id, opcode, 0, &settings,
04124681 942 sizeof(settings));
8680570b
JH		 943}
944
bdb6d971 945static int set_powered(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 946 u16 len)
eec8d2bc 947{
650f726d 948 struct mgmt_mode *cp = data;
366a0336 949 struct pending_cmd *cmd;
4b34ee78 950 int err;
eec8d2bc 951
bdb6d971 952 BT_DBG("request for %s", hdev->name);
eec8d2bc 953
a7e80f25
JH		 954 if (cp->val != 0x00 && cp->val != 0x01)
955 return cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
956 MGMT_STATUS_INVALID_PARAMS);
957
09fd0de5 958 hci_dev_lock(hdev);
eec8d2bc 959
87b95ba6
JH		 960 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev)) {
961 err = cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
962 MGMT_STATUS_BUSY);
963 goto failed;
964 }
965
f0d4b78a
MH		 966 if (test_and_clear_bit(HCI_AUTO_OFF, &hdev->dev_flags)) {
967 cancel_delayed_work(&hdev->power_off);
968
969 if (cp->val) {
a1d70450
JH		 970 mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev,
971 data, len);
972 err = mgmt_powered(hdev, 1);
f0d4b78a
MH		 973 goto failed;
974 }
975 }
976
4b34ee78 977 if (!!cp->val == hdev_is_powered(hdev)) {
69ab39ea 978 err = send_settings_rsp(sk, MGMT_OP_SET_POWERED, hdev);
eec8d2bc
JH		 979 goto failed;
980 }
981
2e58ef3e 982 cmd = mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev, data, len);
366a0336
JH		 983 if (!cmd) {
984 err = -ENOMEM;
eec8d2bc 985 goto failed;
366a0336 986 }
eec8d2bc 987
72a734ec 988 if (cp->val)
19202573 989 queue_work(hdev->req_workqueue, &hdev->power_on);
eec8d2bc 990 else
19202573 991 queue_work(hdev->req_workqueue, &hdev->power_off.work);
eec8d2bc 992
366a0336 993 err = 0;
eec8d2bc
JH		 994
995failed:
09fd0de5 996 hci_dev_unlock(hdev);
366a0336 997 return err;
eec8d2bc
JH		 998}
999
04124681
GP		 1000static int mgmt_event(u16 event, struct hci_dev *hdev, void *data, u16 data_len,
1001 struct sock *skip_sk)
beadb2bd
JH		 1002{
1003 struct sk_buff *skb;
1004 struct mgmt_hdr *hdr;
1005
790eff44 1006 skb = alloc_skb(sizeof(*hdr) + data_len, GFP_KERNEL);
beadb2bd
JH		 1007 if (!skb)
1008 return -ENOMEM;
1009
1010 hdr = (void *) skb_put(skb, sizeof(*hdr));
1011 hdr->opcode = cpu_to_le16(event);
1012 if (hdev)
1013 hdr->index = cpu_to_le16(hdev->id);
1014 else
612dfce9 1015 hdr->index = __constant_cpu_to_le16(MGMT_INDEX_NONE);
beadb2bd
JH		 1016 hdr->len = cpu_to_le16(data_len);
1017
1018 if (data)
1019 memcpy(skb_put(skb, data_len), data, data_len);
1020
97e0bdeb
MH		 1021 /* Time stamp */
1022 __net_timestamp(skb);
1023
beadb2bd
JH		 1024 hci_send_to_control(skb, skip_sk);
1025 kfree_skb(skb);
1026
1027 return 0;
1028}
1029
1030static int new_settings(struct hci_dev *hdev, struct sock *skip)
1031{
1032 __le32 ev;
1033
1034 ev = cpu_to_le32(get_current_settings(hdev));
1035
1036 return mgmt_event(MGMT_EV_NEW_SETTINGS, hdev, &ev, sizeof(ev), skip);
1037}
1038
bd99abdd
JH		 1039struct cmd_lookup {
1040 struct sock *sk;
1041 struct hci_dev *hdev;
1042 u8 mgmt_status;
1043};
1044
1045static void settings_rsp(struct pending_cmd *cmd, void *data)
1046{
1047 struct cmd_lookup *match = data;
1048
1049 send_settings_rsp(cmd->sk, cmd->opcode, match->hdev);
1050
1051 list_del(&cmd->list);
1052
1053 if (match->sk == NULL) {
1054 match->sk = cmd->sk;
1055 sock_hold(match->sk);
1056 }
1057
1058 mgmt_pending_free(cmd);
1059}
1060
1061static void cmd_status_rsp(struct pending_cmd *cmd, void *data)
1062{
1063 u8 *status = data;
1064
1065 cmd_status(cmd->sk, cmd->index, cmd->opcode, *status);
1066 mgmt_pending_remove(cmd);
1067}
1068
e6fe7986
JH		 1069static u8 mgmt_bredr_support(struct hci_dev *hdev)
1070{
1071 if (!lmp_bredr_capable(hdev))
1072 return MGMT_STATUS_NOT_SUPPORTED;
1073 else if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
1074 return MGMT_STATUS_REJECTED;
1075 else
1076 return MGMT_STATUS_SUCCESS;
1077}
1078
1079static u8 mgmt_le_support(struct hci_dev *hdev)
1080{
1081 if (!lmp_le_capable(hdev))
1082 return MGMT_STATUS_NOT_SUPPORTED;
1083 else if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
1084 return MGMT_STATUS_REJECTED;
1085 else
1086 return MGMT_STATUS_SUCCESS;
1087}
1088
bfaf8c9f
JH		 1089static void set_discoverable_complete(struct hci_dev *hdev, u8 status)
1090{
1091 struct pending_cmd *cmd;
1092 struct mgmt_mode *cp;
970ba524 1093 struct hci_request req;
bfaf8c9f
JH		 1094 bool changed;
1095
1096 BT_DBG("status 0x%02x", status);
1097
1098 hci_dev_lock(hdev);
1099
1100 cmd = mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev);
1101 if (!cmd)
1102 goto unlock;
1103
1104 if (status) {
1105 u8 mgmt_err = mgmt_status(status);
1106 cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
310a3d48 1107 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
bfaf8c9f
JH		 1108 goto remove_cmd;
1109 }
1110
1111 cp = cmd->param;
d4462a07 1112 if (cp->val) {
bfaf8c9f
JH		 1113 changed = !test_and_set_bit(HCI_DISCOVERABLE,
1114 &hdev->dev_flags);
d4462a07
MH		 1115
1116 if (hdev->discov_timeout > 0) {
1117 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
1118 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
1119 to);
1120 }
1121 } else {
bfaf8c9f
JH		 1122 changed = test_and_clear_bit(HCI_DISCOVERABLE,
1123 &hdev->dev_flags);
d4462a07 1124 }
bfaf8c9f
JH		 1125
1126 send_settings_rsp(cmd->sk, MGMT_OP_SET_DISCOVERABLE, hdev);
1127
1128 if (changed)
1129 new_settings(hdev, cmd->sk);
1130
970ba524
MH		 1131 /* When the discoverable mode gets changed, make sure
1132 * that class of device has the limited discoverable
1133 * bit correctly set.
1134 */
1135 hci_req_init(&req, hdev);
1136 update_class(&req);
1137 hci_req_run(&req, NULL);
1138
bfaf8c9f
JH		 1139remove_cmd:
1140 mgmt_pending_remove(cmd);
1141
1142unlock:
1143 hci_dev_unlock(hdev);
1144}
1145
bdb6d971 1146static int set_discoverable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1147 u16 len)
73f22f62 1148{
650f726d 1149 struct mgmt_cp_set_discoverable *cp = data;
366a0336 1150 struct pending_cmd *cmd;
bfaf8c9f 1151 struct hci_request req;
5e5282bb 1152 u16 timeout;
9a43e25f 1153 u8 scan;
73f22f62
JH		 1154 int err;
1155
bdb6d971 1156 BT_DBG("request for %s", hdev->name);
73f22f62 1157
9a43e25f
JH		 1158 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags) &&
1159 !test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
33c525c0 1160 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
9a43e25f 1161 MGMT_STATUS_REJECTED);
33c525c0 1162
310a3d48 1163 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
a7e80f25
JH		 1164 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1165 MGMT_STATUS_INVALID_PARAMS);
1166
1f350c87 1167 timeout = __le16_to_cpu(cp->timeout);
310a3d48
MH		 1168
1169 /* Disabling discoverable requires that no timeout is set,
1170 * and enabling limited discoverable requires a timeout.
1171 */
1172 if ((cp->val == 0x00 && timeout > 0) ||
1173 (cp->val == 0x02 && timeout == 0))
bdb6d971 1174 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 1175 MGMT_STATUS_INVALID_PARAMS);
73f22f62 1176
09fd0de5 1177 hci_dev_lock(hdev);
73f22f62 1178
5e5282bb 1179 if (!hdev_is_powered(hdev) && timeout > 0) {
bdb6d971 1180 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 1181 MGMT_STATUS_NOT_POWERED);
73f22f62
JH		 1182 goto failed;
1183 }
1184
2e58ef3e 1185 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
8ce8e2b5 1186 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
bdb6d971 1187 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 1188 MGMT_STATUS_BUSY);
73f22f62
JH		 1189 goto failed;
1190 }
1191
5e5282bb 1192 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags)) {
bdb6d971 1193 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 1194 MGMT_STATUS_REJECTED);
5e5282bb
JH		 1195 goto failed;
1196 }
1197
1198 if (!hdev_is_powered(hdev)) {
0224d2fa
JH		 1199 bool changed = false;
1200
310a3d48
MH		 1201 /* Setting limited discoverable when powered off is
1202 * not a valid operation since it requires a timeout
1203 * and so no need to check HCI_LIMITED_DISCOVERABLE.
1204 */
0224d2fa
JH		 1205 if (!!cp->val != test_bit(HCI_DISCOVERABLE, &hdev->dev_flags)) {
1206 change_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
1207 changed = true;
1208 }
1209
5e5282bb 1210 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
0224d2fa
JH		 1211 if (err < 0)
1212 goto failed;
1213
1214 if (changed)
1215 err = new_settings(hdev, sk);
1216
5e5282bb
JH		 1217 goto failed;
1218 }
1219
310a3d48
MH		 1220 /* If the current mode is the same, then just update the timeout
1221 * value with the new value. And if only the timeout gets updated,
1222 * then no need for any HCI transactions.
1223 */
1224 if (!!cp->val == test_bit(HCI_DISCOVERABLE, &hdev->dev_flags) &&
1225 (cp->val == 0x02) == test_bit(HCI_LIMITED_DISCOVERABLE,
1226 &hdev->dev_flags)) {
36261547
MH		 1227 cancel_delayed_work(&hdev->discov_off);
1228 hdev->discov_timeout = timeout;
955638ec 1229
36261547
MH		 1230 if (cp->val && hdev->discov_timeout > 0) {
1231 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
955638ec 1232 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
36261547 1233 to);
955638ec
MH		 1234 }
1235
69ab39ea 1236 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
73f22f62
JH		 1237 goto failed;
1238 }
1239
2e58ef3e 1240 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DISCOVERABLE, hdev, data, len);
366a0336
JH		 1241 if (!cmd) {
1242 err = -ENOMEM;
73f22f62 1243 goto failed;
366a0336 1244 }
73f22f62 1245
310a3d48
MH		 1246 /* Cancel any potential discoverable timeout that might be
1247 * still active and store new timeout value. The arming of
1248 * the timeout happens in the complete handler.
1249 */
1250 cancel_delayed_work(&hdev->discov_off);
1251 hdev->discov_timeout = timeout;
1252
b456f87c
JH		 1253 /* Limited discoverable mode */
1254 if (cp->val == 0x02)
1255 set_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
1256 else
1257 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
1258
bfaf8c9f
JH		 1259 hci_req_init(&req, hdev);
1260
9a43e25f
JH		 1261 /* The procedure for LE-only controllers is much simpler - just
1262 * update the advertising data.
1263 */
1264 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
1265 goto update_ad;
1266
73f22f62
JH		 1267 scan = SCAN_PAGE;
1268
310a3d48
MH		 1269 if (cp->val) {
1270 struct hci_cp_write_current_iac_lap hci_cp;
1271
1272 if (cp->val == 0x02) {
1273 /* Limited discoverable mode */
33337dcb 1274 hci_cp.num_iac = min_t(u8, hdev->num_iac, 2);
310a3d48
MH		 1275 hci_cp.iac_lap[0] = 0x00; /* LIAC */
1276 hci_cp.iac_lap[1] = 0x8b;
1277 hci_cp.iac_lap[2] = 0x9e;
1278 hci_cp.iac_lap[3] = 0x33; /* GIAC */
1279 hci_cp.iac_lap[4] = 0x8b;
1280 hci_cp.iac_lap[5] = 0x9e;
1281 } else {
1282 /* General discoverable mode */
310a3d48
MH		 1283 hci_cp.num_iac = 1;
1284 hci_cp.iac_lap[0] = 0x33; /* GIAC */
1285 hci_cp.iac_lap[1] = 0x8b;
1286 hci_cp.iac_lap[2] = 0x9e;
1287 }
1288
1289 hci_req_add(&req, HCI_OP_WRITE_CURRENT_IAC_LAP,
1290 (hci_cp.num_iac * 3) + 1, &hci_cp);
1291
73f22f62 1292 scan |= SCAN_INQUIRY;
310a3d48
MH		 1293 } else {
1294 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
1295 }
73f22f62 1296
310a3d48 1297 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, sizeof(scan), &scan);
bfaf8c9f 1298
9a43e25f
JH		 1299update_ad:
1300 update_adv_data(&req);
1301
bfaf8c9f 1302 err = hci_req_run(&req, set_discoverable_complete);
73f22f62 1303 if (err < 0)
a664b5bc 1304 mgmt_pending_remove(cmd);
73f22f62
JH		 1305
1306failed:
09fd0de5 1307 hci_dev_unlock(hdev);
73f22f62
JH		 1308 return err;
1309}
1310
406d7804
JH		 1311static void write_fast_connectable(struct hci_request *req, bool enable)
1312{
bd98b996 1313 struct hci_dev *hdev = req->hdev;
406d7804
JH		 1314 struct hci_cp_write_page_scan_activity acp;
1315 u8 type;
1316
547003b1
JH		 1317 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
1318 return;
1319
4c01f8b8
JH		 1320 if (hdev->hci_ver < BLUETOOTH_VER_1_2)
1321 return;
1322
406d7804
JH		 1323 if (enable) {
1324 type = PAGE_SCAN_TYPE_INTERLACED;
1325
1326 /* 160 msec page scan interval */
1327 acp.interval = __constant_cpu_to_le16(0x0100);
1328 } else {
1329 type = PAGE_SCAN_TYPE_STANDARD; /* default */
1330
1331 /* default 1.28 sec page scan */
1332 acp.interval = __constant_cpu_to_le16(0x0800);
1333 }
1334
1335 acp.window = __constant_cpu_to_le16(0x0012);
1336
bd98b996
JH		 1337 if (__cpu_to_le16(hdev->page_scan_interval) != acp.interval ||
1338 __cpu_to_le16(hdev->page_scan_window) != acp.window)
1339 hci_req_add(req, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY,
1340 sizeof(acp), &acp);
1341
1342 if (hdev->page_scan_type != type)
1343 hci_req_add(req, HCI_OP_WRITE_PAGE_SCAN_TYPE, 1, &type);
406d7804
JH		 1344}
1345
1987fdc7
JH		 1346static u8 get_adv_type(struct hci_dev *hdev)
1347{
1348 struct pending_cmd *cmd;
1349 bool connectable;
1350
1351 /* If there's a pending mgmt command the flag will not yet have
1352 * it's final value, so check for this first.
1353 */
1354 cmd = mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
1355 if (cmd) {
1356 struct mgmt_mode *cp = cmd->param;
1357 connectable = !!cp->val;
1358 } else {
1359 connectable = test_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1360 }
1361
1362 return connectable ? LE_ADV_IND : LE_ADV_NONCONN_IND;
1363}
1364
95c66e75
JH		 1365static void enable_advertising(struct hci_request *req)
1366{
1367 struct hci_dev *hdev = req->hdev;
1368 struct hci_cp_le_set_adv_param cp;
1369 u8 enable = 0x01;
1370
1371 memset(&cp, 0, sizeof(cp));
1372 cp.min_interval = __constant_cpu_to_le16(0x0800);
1373 cp.max_interval = __constant_cpu_to_le16(0x0800);
1987fdc7 1374 cp.type = get_adv_type(hdev);
79830f66 1375 cp.own_address_type = hdev->own_addr_type;
95c66e75
JH		 1376 cp.channel_map = 0x07;
1377
1378 hci_req_add(req, HCI_OP_LE_SET_ADV_PARAM, sizeof(cp), &cp);
1379
1380 hci_req_add(req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable), &enable);
1381}
1382
1383static void disable_advertising(struct hci_request *req)
1384{
1385 u8 enable = 0x00;
1386
1387 hci_req_add(req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable), &enable);
1388}
1389
2b76f453
JH		 1390static void set_connectable_complete(struct hci_dev *hdev, u8 status)
1391{
1392 struct pending_cmd *cmd;
d7b856f9
JH		 1393 struct mgmt_mode *cp;
1394 bool changed;
2b76f453
JH		 1395
1396 BT_DBG("status 0x%02x", status);
1397
1398 hci_dev_lock(hdev);
1399
1400 cmd = mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
1401 if (!cmd)
1402 goto unlock;
1403
37438c1f
JH		 1404 if (status) {
1405 u8 mgmt_err = mgmt_status(status);
1406 cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
1407 goto remove_cmd;
1408 }
1409
d7b856f9
JH		 1410 cp = cmd->param;
1411 if (cp->val)
1412 changed = !test_and_set_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1413 else
1414 changed = test_and_clear_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1415
2b76f453
JH		 1416 send_settings_rsp(cmd->sk, MGMT_OP_SET_CONNECTABLE, hdev);
1417
d7b856f9
JH		 1418 if (changed)
1419 new_settings(hdev, cmd->sk);
1420
37438c1f 1421remove_cmd:
2b76f453
JH		 1422 mgmt_pending_remove(cmd);
1423
1424unlock:
1425 hci_dev_unlock(hdev);
1426}
1427
e8ba3a1f
JH		 1428static int set_connectable_update_settings(struct hci_dev *hdev,
1429 struct sock *sk, u8 val)
1430{
1431 bool changed = false;
1432 int err;
1433
1434 if (!!val != test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
1435 changed = true;
1436
1437 if (val) {
1438 set_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1439 } else {
1440 clear_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1441 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
1442 }
1443
1444 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
1445 if (err < 0)
1446 return err;
1447
1448 if (changed)
1449 return new_settings(hdev, sk);
1450
1451 return 0;
1452}
1453
bdb6d971 1454static int set_connectable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1455 u16 len)
9fbcbb45 1456{
650f726d 1457 struct mgmt_mode *cp = data;
366a0336 1458 struct pending_cmd *cmd;
2b76f453 1459 struct hci_request req;
1987fdc7 1460 u8 scan;
9fbcbb45
JH		 1461 int err;
1462
bdb6d971 1463 BT_DBG("request for %s", hdev->name);
9fbcbb45 1464
1987fdc7
JH		 1465 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags) &&
1466 !test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
33c525c0 1467 return cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1987fdc7 1468 MGMT_STATUS_REJECTED);
33c525c0 1469
a7e80f25
JH		 1470 if (cp->val != 0x00 && cp->val != 0x01)
1471 return cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1472 MGMT_STATUS_INVALID_PARAMS);
1473
09fd0de5 1474 hci_dev_lock(hdev);
9fbcbb45 1475
4b34ee78 1476 if (!hdev_is_powered(hdev)) {
e8ba3a1f 1477 err = set_connectable_update_settings(hdev, sk, cp->val);
9fbcbb45
JH		 1478 goto failed;
1479 }
1480
2e58ef3e 1481 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
8ce8e2b5 1482 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
bdb6d971 1483 err = cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
04124681 1484 MGMT_STATUS_BUSY);
9fbcbb45
JH		 1485 goto failed;
1486 }
1487
2e58ef3e 1488 cmd = mgmt_pending_add(sk, MGMT_OP_SET_CONNECTABLE, hdev, data, len);
366a0336
JH		 1489 if (!cmd) {
1490 err = -ENOMEM;
9fbcbb45 1491 goto failed;
366a0336 1492 }
9fbcbb45 1493
9b74246f 1494 hci_req_init(&req, hdev);
9fbcbb45 1495
9a43e25f
JH		 1496 /* If BR/EDR is not enabled and we disable advertising as a
1497 * by-product of disabling connectable, we need to update the
1498 * advertising flags.
1499 */
1500 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
1501 if (!cp->val) {
1502 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
1503 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
1504 }
1505 update_adv_data(&req);
1506 } else if (cp->val != test_bit(HCI_PSCAN, &hdev->flags)) {
9b74246f
JH		 1507 if (cp->val) {
1508 scan = SCAN_PAGE;
1509 } else {
1510 scan = 0;
1511
1512 if (test_bit(HCI_ISCAN, &hdev->flags) &&
8d6083fe 1513 hdev->discov_timeout > 0)
9b74246f
JH		 1514 cancel_delayed_work(&hdev->discov_off);
1515 }
2b76f453 1516
9b74246f
JH		 1517 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1518 }
2b76f453 1519
4c01f8b8
JH		 1520 /* If we're going from non-connectable to connectable or
1521 * vice-versa when fast connectable is enabled ensure that fast
1522 * connectable gets disabled. write_fast_connectable won't do
1523 * anything if the page scan parameters are already what they
1524 * should be.
1525 */
1526 if (cp->val || test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags))
e36a3769
JH		 1527 write_fast_connectable(&req, false);
1528
1987fdc7
JH		 1529 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags) &&
1530 hci_conn_num(hdev, LE_LINK) == 0) {
1531 disable_advertising(&req);
1532 enable_advertising(&req);
1533 }
1534
2b76f453 1535 err = hci_req_run(&req, set_connectable_complete);
9b74246f 1536 if (err < 0) {
a664b5bc 1537 mgmt_pending_remove(cmd);
9b74246f 1538 if (err == -ENODATA)
a81070ba
JH		 1539 err = set_connectable_update_settings(hdev, sk,
1540 cp->val);
9b74246f
JH		 1541 goto failed;
1542 }
9fbcbb45
JH		 1543
1544failed:
09fd0de5 1545 hci_dev_unlock(hdev);
9fbcbb45
JH		 1546 return err;
1547}
1548
bdb6d971 1549static int set_pairable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1550 u16 len)
c542a06c 1551{
650f726d 1552 struct mgmt_mode *cp = data;
55594356 1553 bool changed;
c542a06c
JH		 1554 int err;
1555
bdb6d971 1556 BT_DBG("request for %s", hdev->name);
c542a06c 1557
a7e80f25
JH		 1558 if (cp->val != 0x00 && cp->val != 0x01)
1559 return cmd_status(sk, hdev->id, MGMT_OP_SET_PAIRABLE,
1560 MGMT_STATUS_INVALID_PARAMS);
1561
09fd0de5 1562 hci_dev_lock(hdev);
c542a06c
JH		 1563
1564 if (cp->val)
55594356 1565 changed = !test_and_set_bit(HCI_PAIRABLE, &hdev->dev_flags);
c542a06c 1566 else
55594356 1567 changed = test_and_clear_bit(HCI_PAIRABLE, &hdev->dev_flags);
c542a06c 1568
69ab39ea 1569 err = send_settings_rsp(sk, MGMT_OP_SET_PAIRABLE, hdev);
c542a06c 1570 if (err < 0)
55594356 1571 goto unlock;
c542a06c 1572
55594356
MH		 1573 if (changed)
1574 err = new_settings(hdev, sk);
c542a06c 1575
55594356 1576unlock:
09fd0de5 1577 hci_dev_unlock(hdev);
c542a06c
JH		 1578 return err;
1579}
1580
04124681
GP		 1581static int set_link_security(struct sock *sk, struct hci_dev *hdev, void *data,
1582 u16 len)
33ef95ed
JH		 1583{
1584 struct mgmt_mode *cp = data;
1585 struct pending_cmd *cmd;
e6fe7986 1586 u8 val, status;
33ef95ed
JH		 1587 int err;
1588
bdb6d971 1589 BT_DBG("request for %s", hdev->name);
33ef95ed 1590
e6fe7986
JH		 1591 status = mgmt_bredr_support(hdev);
1592 if (status)
33c525c0 1593 return cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
e6fe7986 1594 status);
33c525c0 1595
a7e80f25
JH		 1596 if (cp->val != 0x00 && cp->val != 0x01)
1597 return cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1598 MGMT_STATUS_INVALID_PARAMS);
1599
33ef95ed
JH		 1600 hci_dev_lock(hdev);
1601
4b34ee78 1602 if (!hdev_is_powered(hdev)) {
47990ea0
JH		 1603 bool changed = false;
1604
1605 if (!!cp->val != test_bit(HCI_LINK_SECURITY,
8ce8e2b5 1606 &hdev->dev_flags)) {
47990ea0
JH		 1607 change_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
1608 changed = true;
1609 }
1610
1611 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1612 if (err < 0)
1613 goto failed;
1614
1615 if (changed)
1616 err = new_settings(hdev, sk);
1617
33ef95ed
JH		 1618 goto failed;
1619 }
1620
1621 if (mgmt_pending_find(MGMT_OP_SET_LINK_SECURITY, hdev)) {
bdb6d971 1622 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
04124681 1623 MGMT_STATUS_BUSY);
33ef95ed
JH		 1624 goto failed;
1625 }
1626
1627 val = !!cp->val;
1628
1629 if (test_bit(HCI_AUTH, &hdev->flags) == val) {
1630 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1631 goto failed;
1632 }
1633
1634 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LINK_SECURITY, hdev, data, len);
1635 if (!cmd) {
1636 err = -ENOMEM;
1637 goto failed;
1638 }
1639
1640 err = hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE, sizeof(val), &val);
1641 if (err < 0) {
1642 mgmt_pending_remove(cmd);
1643 goto failed;
1644 }
1645
1646failed:
1647 hci_dev_unlock(hdev);
33ef95ed
JH		 1648 return err;
1649}
1650
bdb6d971 1651static int set_ssp(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
ed2c4ee3
JH		 1652{
1653 struct mgmt_mode *cp = data;
1654 struct pending_cmd *cmd;
72ef0c1a 1655 u8 status;
ed2c4ee3
JH		 1656 int err;
1657
bdb6d971 1658 BT_DBG("request for %s", hdev->name);
ed2c4ee3 1659
cdba5281
MH		 1660 status = mgmt_bredr_support(hdev);
1661 if (status)
1662 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP, status);
1663
13ecd8b6
JH		 1664 if (!lmp_ssp_capable(hdev))
1665 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1666 MGMT_STATUS_NOT_SUPPORTED);
ed2c4ee3 1667
a7e80f25
JH		 1668 if (cp->val != 0x00 && cp->val != 0x01)
1669 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1670 MGMT_STATUS_INVALID_PARAMS);
1671
13ecd8b6 1672 hci_dev_lock(hdev);
6c8f12c1 1673
4b34ee78 1674 if (!hdev_is_powered(hdev)) {
9ecb3e24 1675 bool changed;
c0ecddc2 1676
9ecb3e24
MH		 1677 if (cp->val) {
1678 changed = !test_and_set_bit(HCI_SSP_ENABLED,
1679 &hdev->dev_flags);
1680 } else {
1681 changed = test_and_clear_bit(HCI_SSP_ENABLED,
1682 &hdev->dev_flags);
1683 if (!changed)
1684 changed = test_and_clear_bit(HCI_HS_ENABLED,
1685 &hdev->dev_flags);
1686 else
1687 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
c0ecddc2
JH		 1688 }
1689
1690 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1691 if (err < 0)
1692 goto failed;
1693
1694 if (changed)
1695 err = new_settings(hdev, sk);
1696
ed2c4ee3
JH		 1697 goto failed;
1698 }
1699
9ecb3e24
MH		 1700 if (mgmt_pending_find(MGMT_OP_SET_SSP, hdev) ||
1701 mgmt_pending_find(MGMT_OP_SET_HS, hdev)) {
d97dcb66
SJ		 1702 err = cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1703 MGMT_STATUS_BUSY);
ed2c4ee3
JH		 1704 goto failed;
1705 }
1706
72ef0c1a 1707 if (!!cp->val == test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) {
ed2c4ee3
JH		 1708 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1709 goto failed;
1710 }
1711
1712 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SSP, hdev, data, len);
1713 if (!cmd) {
1714 err = -ENOMEM;
1715 goto failed;
1716 }
1717
72ef0c1a 1718 err = hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, 1, &cp->val);
ed2c4ee3
JH		 1719 if (err < 0) {
1720 mgmt_pending_remove(cmd);
1721 goto failed;
1722 }
1723
1724failed:
1725 hci_dev_unlock(hdev);
ed2c4ee3
JH		 1726 return err;
1727}
1728
bdb6d971 1729static int set_hs(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
6d80dfd0
JH		 1730{
1731 struct mgmt_mode *cp = data;
ee392693 1732 bool changed;
e6fe7986 1733 u8 status;
ee392693 1734 int err;
6d80dfd0 1735
bdb6d971 1736 BT_DBG("request for %s", hdev->name);
6d80dfd0 1737
e6fe7986
JH		 1738 status = mgmt_bredr_support(hdev);
1739 if (status)
1740 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS, status);
6d80dfd0 1741
9ecb3e24
MH		 1742 if (!lmp_ssp_capable(hdev))
1743 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1744 MGMT_STATUS_NOT_SUPPORTED);
1745
1746 if (!test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
1747 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1748 MGMT_STATUS_REJECTED);
1749
a7e80f25
JH		 1750 if (cp->val != 0x00 && cp->val != 0x01)
1751 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1752 MGMT_STATUS_INVALID_PARAMS);
1753
ee392693
MH		 1754 hci_dev_lock(hdev);
1755
a0cdf960 1756 if (cp->val) {
ee392693 1757 changed = !test_and_set_bit(HCI_HS_ENABLED, &hdev->dev_flags);
a0cdf960
MH		 1758 } else {
1759 if (hdev_is_powered(hdev)) {
1760 err = cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1761 MGMT_STATUS_REJECTED);
1762 goto unlock;
1763 }
1764
ee392693 1765 changed = test_and_clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
a0cdf960 1766 }
ee392693
MH		 1767
1768 err = send_settings_rsp(sk, MGMT_OP_SET_HS, hdev);
1769 if (err < 0)
1770 goto unlock;
1771
1772 if (changed)
1773 err = new_settings(hdev, sk);
6d80dfd0 1774
ee392693
MH		 1775unlock:
1776 hci_dev_unlock(hdev);
1777 return err;
6d80dfd0
JH		 1778}
1779
416a4ae5
JH		 1780static void le_enable_complete(struct hci_dev *hdev, u8 status)
1781{
1782 struct cmd_lookup match = { NULL, hdev };
1783
1784 if (status) {
1785 u8 mgmt_err = mgmt_status(status);
1786
1787 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, cmd_status_rsp,
1788 &mgmt_err);
1789 return;
1790 }
1791
1792 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, settings_rsp, &match);
1793
1794 new_settings(hdev, match.sk);
1795
1796 if (match.sk)
1797 sock_put(match.sk);
441ad2d0
MH		 1798
1799 /* Make sure the controller has a good default for
1800 * advertising data. Restrict the update to when LE
1801 * has actually been enabled. During power on, the
1802 * update in powered_update_hci will take care of it.
1803 */
1804 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
1805 struct hci_request req;
1806
1807 hci_dev_lock(hdev);
1808
1809 hci_req_init(&req, hdev);
5947f4bc 1810 update_adv_data(&req);
f14d8f64 1811 update_scan_rsp_data(&req);
441ad2d0
MH		 1812 hci_req_run(&req, NULL);
1813
1814 hci_dev_unlock(hdev);
1815 }
416a4ae5
JH		 1816}
1817
bdb6d971 1818static int set_le(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
06199cf8
JH		 1819{
1820 struct mgmt_mode *cp = data;
1821 struct hci_cp_write_le_host_supported hci_cp;
1822 struct pending_cmd *cmd;
416a4ae5 1823 struct hci_request req;
06199cf8 1824 int err;
0b60eba1 1825 u8 val, enabled;
06199cf8 1826
bdb6d971 1827 BT_DBG("request for %s", hdev->name);
06199cf8 1828
13ecd8b6
JH		 1829 if (!lmp_le_capable(hdev))
1830 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1831 MGMT_STATUS_NOT_SUPPORTED);
1de028ce 1832
a7e80f25
JH		 1833 if (cp->val != 0x00 && cp->val != 0x01)
1834 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1835 MGMT_STATUS_INVALID_PARAMS);
1836
c73eee91 1837 /* LE-only devices do not allow toggling LE on/off */
56f87901 1838 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
c73eee91
JH		 1839 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1840 MGMT_STATUS_REJECTED);
1841
13ecd8b6 1842 hci_dev_lock(hdev);
06199cf8
JH		 1843
1844 val = !!cp->val;
ffa88e02 1845 enabled = lmp_host_le_capable(hdev);
06199cf8 1846
0b60eba1 1847 if (!hdev_is_powered(hdev) || val == enabled) {
06199cf8
JH		 1848 bool changed = false;
1849
1850 if (val != test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
1851 change_bit(HCI_LE_ENABLED, &hdev->dev_flags);
1852 changed = true;
1853 }
1854
f3d3444a
JH		 1855 if (!val && test_bit(HCI_ADVERTISING, &hdev->dev_flags)) {
1856 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
eeca6f89
JH		 1857 changed = true;
1858 }
1859
06199cf8
JH		 1860 err = send_settings_rsp(sk, MGMT_OP_SET_LE, hdev);
1861 if (err < 0)
1de028ce 1862 goto unlock;
06199cf8
JH		 1863
1864 if (changed)
1865 err = new_settings(hdev, sk);
1866
1de028ce 1867 goto unlock;
06199cf8
JH		 1868 }
1869
4375f103
JH		 1870 if (mgmt_pending_find(MGMT_OP_SET_LE, hdev) ||
1871 mgmt_pending_find(MGMT_OP_SET_ADVERTISING, hdev)) {
bdb6d971 1872 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
04124681 1873 MGMT_STATUS_BUSY);
1de028ce 1874 goto unlock;
06199cf8
JH		 1875 }
1876
1877 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LE, hdev, data, len);
1878 if (!cmd) {
1879 err = -ENOMEM;
1de028ce 1880 goto unlock;
06199cf8
JH		 1881 }
1882
441ad2d0
MH		 1883 hci_req_init(&req, hdev);
1884
06199cf8
JH		 1885 memset(&hci_cp, 0, sizeof(hci_cp));
1886
1887 if (val) {
1888 hci_cp.le = val;
ffa88e02 1889 hci_cp.simul = lmp_le_br_capable(hdev);
441ad2d0
MH		 1890 } else {
1891 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags))
1892 disable_advertising(&req);
06199cf8
JH		 1893 }
1894
416a4ae5
JH		 1895 hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(hci_cp),
1896 &hci_cp);
1897
1898 err = hci_req_run(&req, le_enable_complete);
0c01bc48 1899 if (err < 0)
06199cf8 1900 mgmt_pending_remove(cmd);
06199cf8 1901
1de028ce
JH		 1902unlock:
1903 hci_dev_unlock(hdev);
06199cf8
JH		 1904 return err;
1905}
1906
0cab9c80
JH		 1907/* This is a helper function to test for pending mgmt commands that can
1908 * cause CoD or EIR HCI commands. We can only allow one such pending
1909 * mgmt command at a time since otherwise we cannot easily track what
1910 * the current values are, will be, and based on that calculate if a new
1911 * HCI command needs to be sent and if yes with what value.
1912 */
1913static bool pending_eir_or_class(struct hci_dev *hdev)
1914{
1915 struct pending_cmd *cmd;
1916
1917 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
1918 switch (cmd->opcode) {
1919 case MGMT_OP_ADD_UUID:
1920 case MGMT_OP_REMOVE_UUID:
1921 case MGMT_OP_SET_DEV_CLASS:
1922 case MGMT_OP_SET_POWERED:
1923 return true;
1924 }
1925 }
1926
1927 return false;
1928}
1929
83be8eca
JH		 1930static const u8 bluetooth_base_uuid[] = {
1931 0xfb, 0x34, 0x9b, 0x5f, 0x80, 0x00, 0x00, 0x80,
1932 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1933};
1934
1935static u8 get_uuid_size(const u8 *uuid)
1936{
1937 u32 val;
1938
1939 if (memcmp(uuid, bluetooth_base_uuid, 12))
1940 return 128;
1941
1942 val = get_unaligned_le32(&uuid[12]);
1943 if (val > 0xffff)
1944 return 32;
1945
1946 return 16;
1947}
1948
92da6097
JH		 1949static void mgmt_class_complete(struct hci_dev *hdev, u16 mgmt_op, u8 status)
1950{
1951 struct pending_cmd *cmd;
1952
1953 hci_dev_lock(hdev);
1954
1955 cmd = mgmt_pending_find(mgmt_op, hdev);
1956 if (!cmd)
1957 goto unlock;
1958
1959 cmd_complete(cmd->sk, cmd->index, cmd->opcode, mgmt_status(status),
1960 hdev->dev_class, 3);
1961
1962 mgmt_pending_remove(cmd);
1963
1964unlock:
1965 hci_dev_unlock(hdev);
1966}
1967
1968static void add_uuid_complete(struct hci_dev *hdev, u8 status)
1969{
1970 BT_DBG("status 0x%02x", status);
1971
1972 mgmt_class_complete(hdev, MGMT_OP_ADD_UUID, status);
1973}
1974
bdb6d971 1975static int add_uuid(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
2aeb9a1a 1976{
650f726d 1977 struct mgmt_cp_add_uuid *cp = data;
90e70454 1978 struct pending_cmd *cmd;
890ea898 1979 struct hci_request req;
2aeb9a1a 1980 struct bt_uuid *uuid;
2aeb9a1a
JH		 1981 int err;
1982
bdb6d971 1983 BT_DBG("request for %s", hdev->name);
2aeb9a1a 1984
09fd0de5 1985 hci_dev_lock(hdev);
2aeb9a1a 1986
0cab9c80 1987 if (pending_eir_or_class(hdev)) {
bdb6d971 1988 err = cmd_status(sk, hdev->id, MGMT_OP_ADD_UUID,
04124681 1989 MGMT_STATUS_BUSY);
c95f0ba7
JH		 1990 goto failed;
1991 }
1992
92c4c204 1993 uuid = kmalloc(sizeof(*uuid), GFP_KERNEL);
2aeb9a1a
JH		 1994 if (!uuid) {
1995 err = -ENOMEM;
1996 goto failed;
1997 }
1998
1999 memcpy(uuid->uuid, cp->uuid, 16);
1aff6f09 2000 uuid->svc_hint = cp->svc_hint;
83be8eca 2001 uuid->size = get_uuid_size(cp->uuid);
2aeb9a1a 2002
de66aa63 2003 list_add_tail(&uuid->list, &hdev->uuids);
2aeb9a1a 2004
890ea898 2005 hci_req_init(&req, hdev);
1aff6f09 2006
890ea898
JH		 2007 update_class(&req);
2008 update_eir(&req);
2009
92da6097
JH		 2010 err = hci_req_run(&req, add_uuid_complete);
2011 if (err < 0) {
2012 if (err != -ENODATA)
2013 goto failed;
80a1e1db 2014
bdb6d971 2015 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_UUID, 0,
04124681 2016 hdev->dev_class, 3);
90e70454
JH		 2017 goto failed;
2018 }
2019
2020 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_UUID, hdev, data, len);
890ea898 2021 if (!cmd) {
90e70454 2022 err = -ENOMEM;
890ea898
JH		 2023 goto failed;
2024 }
2025
2026 err = 0;
2aeb9a1a
JH		 2027
2028failed:
09fd0de5 2029 hci_dev_unlock(hdev);
2aeb9a1a
JH		 2030 return err;
2031}
2032
24b78d0f
JH		 2033static bool enable_service_cache(struct hci_dev *hdev)
2034{
2035 if (!hdev_is_powered(hdev))
2036 return false;
2037
2038 if (!test_and_set_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
46818ed5
JH		 2039 queue_delayed_work(hdev->workqueue, &hdev->service_cache,
2040 CACHE_TIMEOUT);
24b78d0f
JH		 2041 return true;
2042 }
2043
2044 return false;
2045}
2046
92da6097
JH		 2047static void remove_uuid_complete(struct hci_dev *hdev, u8 status)
2048{
2049 BT_DBG("status 0x%02x", status);
2050
2051 mgmt_class_complete(hdev, MGMT_OP_REMOVE_UUID, status);
2052}
2053
bdb6d971 2054static int remove_uuid(struct sock *sk, struct hci_dev *hdev, void *data,
8ce8e2b5 2055 u16 len)
2aeb9a1a 2056{
650f726d 2057 struct mgmt_cp_remove_uuid *cp = data;
90e70454 2058 struct pending_cmd *cmd;
056341c8 2059 struct bt_uuid *match, *tmp;
2aeb9a1a 2060 u8 bt_uuid_any[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
890ea898 2061 struct hci_request req;
2aeb9a1a
JH		 2062 int err, found;
2063
bdb6d971 2064 BT_DBG("request for %s", hdev->name);
2aeb9a1a 2065
09fd0de5 2066 hci_dev_lock(hdev);
2aeb9a1a 2067
0cab9c80 2068 if (pending_eir_or_class(hdev)) {
bdb6d971 2069 err = cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
04124681 2070 MGMT_STATUS_BUSY);
c95f0ba7
JH		 2071 goto unlock;
2072 }
2073
2aeb9a1a
JH		 2074 if (memcmp(cp->uuid, bt_uuid_any, 16) == 0) {
2075 err = hci_uuids_clear(hdev);
4004b6d9 2076
24b78d0f 2077 if (enable_service_cache(hdev)) {
bdb6d971 2078 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID,
04124681 2079 0, hdev->dev_class, 3);
24b78d0f
JH		 2080 goto unlock;
2081 }
4004b6d9 2082
9246a869 2083 goto update_class;
2aeb9a1a
JH		 2084 }
2085
2086 found = 0;
2087
056341c8 2088 list_for_each_entry_safe(match, tmp, &hdev->uuids, list) {
2aeb9a1a
JH		 2089 if (memcmp(match->uuid, cp->uuid, 16) != 0)
2090 continue;
2091
2092 list_del(&match->list);
482049f7 2093 kfree(match);
2aeb9a1a
JH		 2094 found++;
2095 }
2096
2097 if (found == 0) {
bdb6d971 2098 err = cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
04124681 2099 MGMT_STATUS_INVALID_PARAMS);
2aeb9a1a
JH		 2100 goto unlock;
2101 }
2102
9246a869 2103update_class:
890ea898 2104 hci_req_init(&req, hdev);
1aff6f09 2105
890ea898
JH		 2106 update_class(&req);
2107 update_eir(&req);
2108
92da6097
JH		 2109 err = hci_req_run(&req, remove_uuid_complete);
2110 if (err < 0) {
2111 if (err != -ENODATA)
2112 goto unlock;
80a1e1db 2113
bdb6d971 2114 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID, 0,
04124681 2115 hdev->dev_class, 3);
90e70454
JH		 2116 goto unlock;
2117 }
2118
2119 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_UUID, hdev, data, len);
890ea898 2120 if (!cmd) {
90e70454 2121 err = -ENOMEM;
890ea898
JH		 2122 goto unlock;
2123 }
2124
2125 err = 0;
2aeb9a1a
JH		 2126
2127unlock:
09fd0de5 2128 hci_dev_unlock(hdev);
2aeb9a1a
JH		 2129 return err;
2130}
2131
92da6097
JH		 2132static void set_class_complete(struct hci_dev *hdev, u8 status)
2133{
2134 BT_DBG("status 0x%02x", status);
2135
2136 mgmt_class_complete(hdev, MGMT_OP_SET_DEV_CLASS, status);
2137}
2138
bdb6d971 2139static int set_dev_class(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2140 u16 len)
1aff6f09 2141{
650f726d 2142 struct mgmt_cp_set_dev_class *cp = data;
90e70454 2143 struct pending_cmd *cmd;
890ea898 2144 struct hci_request req;
1aff6f09
JH		 2145 int err;
2146
bdb6d971 2147 BT_DBG("request for %s", hdev->name);
1aff6f09 2148
6203fc98 2149 if (!lmp_bredr_capable(hdev))
13ecd8b6
JH		 2150 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2151 MGMT_STATUS_NOT_SUPPORTED);
1aff6f09 2152
0cab9c80 2153 hci_dev_lock(hdev);
ee98f473 2154
0cab9c80
JH		 2155 if (pending_eir_or_class(hdev)) {
2156 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2157 MGMT_STATUS_BUSY);
2158 goto unlock;
2159 }
c95f0ba7 2160
0cab9c80
JH		 2161 if ((cp->minor & 0x03) != 0 || (cp->major & 0xe0) != 0) {
2162 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2163 MGMT_STATUS_INVALID_PARAMS);
2164 goto unlock;
2165 }
575b3a02 2166
932f5ff5
JH		 2167 hdev->major_class = cp->major;
2168 hdev->minor_class = cp->minor;
2169
b5235a65 2170 if (!hdev_is_powered(hdev)) {
bdb6d971 2171 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
04124681 2172 hdev->dev_class, 3);
b5235a65
JH		 2173 goto unlock;
2174 }
2175
890ea898
JH		 2176 hci_req_init(&req, hdev);
2177
a8b2d5c2 2178 if (test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
7d78525d
JH		 2179 hci_dev_unlock(hdev);
2180 cancel_delayed_work_sync(&hdev->service_cache);
2181 hci_dev_lock(hdev);
890ea898 2182 update_eir(&req);
7d78525d 2183 }
14c0b608 2184
890ea898
JH		 2185 update_class(&req);
2186
92da6097
JH		 2187 err = hci_req_run(&req, set_class_complete);
2188 if (err < 0) {
2189 if (err != -ENODATA)
2190 goto unlock;
1aff6f09 2191
bdb6d971 2192 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
04124681 2193 hdev->dev_class, 3);
90e70454
JH		 2194 goto unlock;
2195 }
2196
2197 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DEV_CLASS, hdev, data, len);
890ea898 2198 if (!cmd) {
90e70454 2199 err = -ENOMEM;
890ea898
JH		 2200 goto unlock;
2201 }
2202
2203 err = 0;
1aff6f09 2204
b5235a65 2205unlock:
09fd0de5 2206 hci_dev_unlock(hdev);
1aff6f09
JH		 2207 return err;
2208}
2209
bdb6d971 2210static int load_link_keys(struct sock *sk, struct hci_dev *hdev, void *data,
8ce8e2b5 2211 u16 len)
55ed8ca1 2212{
650f726d 2213 struct mgmt_cp_load_link_keys *cp = data;
4e51eae9 2214 u16 key_count, expected_len;
a492cd52 2215 int i;
55ed8ca1 2216
9060d5cf
MH		 2217 BT_DBG("request for %s", hdev->name);
2218
2219 if (!lmp_bredr_capable(hdev))
2220 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2221 MGMT_STATUS_NOT_SUPPORTED);
2222
1f350c87 2223 key_count = __le16_to_cpu(cp->key_count);
55ed8ca1 2224
86742e1e
JH		 2225 expected_len = sizeof(*cp) + key_count *
2226 sizeof(struct mgmt_link_key_info);
a492cd52 2227 if (expected_len != len) {
86742e1e 2228 BT_ERR("load_link_keys: expected %u bytes, got %u bytes",
8ce8e2b5 2229 len, expected_len);
bdb6d971 2230 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
04124681 2231 MGMT_STATUS_INVALID_PARAMS);
55ed8ca1
JH		 2232 }
2233
4ae14301
JH		 2234 if (cp->debug_keys != 0x00 && cp->debug_keys != 0x01)
2235 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2236 MGMT_STATUS_INVALID_PARAMS);
2237
bdb6d971 2238 BT_DBG("%s debug_keys %u key_count %u", hdev->name, cp->debug_keys,
8ce8e2b5 2239 key_count);
55ed8ca1 2240
4ee71b20
JH		 2241 for (i = 0; i < key_count; i++) {
2242 struct mgmt_link_key_info *key = &cp->keys[i];
2243
2244 if (key->addr.type != BDADDR_BREDR)
2245 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2246 MGMT_STATUS_INVALID_PARAMS);
2247 }
2248
09fd0de5 2249 hci_dev_lock(hdev);
55ed8ca1
JH		 2250
2251 hci_link_keys_clear(hdev);
2252
55ed8ca1 2253 if (cp->debug_keys)
a8b2d5c2 2254 set_bit(HCI_DEBUG_KEYS, &hdev->dev_flags);
55ed8ca1 2255 else
a8b2d5c2 2256 clear_bit(HCI_DEBUG_KEYS, &hdev->dev_flags);
55ed8ca1 2257
a492cd52 2258 for (i = 0; i < key_count; i++) {
86742e1e 2259 struct mgmt_link_key_info *key = &cp->keys[i];
55ed8ca1 2260
d753fdc4 2261 hci_add_link_key(hdev, NULL, 0, &key->addr.bdaddr, key->val,
04124681 2262 key->type, key->pin_len);
55ed8ca1
JH		 2263 }
2264
bdb6d971 2265 cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS, 0, NULL, 0);
0e5f875a 2266
09fd0de5 2267 hci_dev_unlock(hdev);
55ed8ca1 2268
a492cd52 2269 return 0;
55ed8ca1
JH		 2270}
2271
b1078ad0 2272static int device_unpaired(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 2273 u8 addr_type, struct sock *skip_sk)
b1078ad0
JH		 2274{
2275 struct mgmt_ev_device_unpaired ev;
2276
2277 bacpy(&ev.addr.bdaddr, bdaddr);
2278 ev.addr.type = addr_type;
2279
2280 return mgmt_event(MGMT_EV_DEVICE_UNPAIRED, hdev, &ev, sizeof(ev),
04124681 2281 skip_sk);
b1078ad0
JH		 2282}
2283
bdb6d971 2284static int unpair_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2285 u16 len)
55ed8ca1 2286{
124f6e35
JH		 2287 struct mgmt_cp_unpair_device *cp = data;
2288 struct mgmt_rp_unpair_device rp;
a8a1d19e
JH		 2289 struct hci_cp_disconnect dc;
2290 struct pending_cmd *cmd;
55ed8ca1 2291 struct hci_conn *conn;
55ed8ca1
JH		 2292 int err;
2293
a8a1d19e 2294 memset(&rp, 0, sizeof(rp));
124f6e35
JH		 2295 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2296 rp.addr.type = cp->addr.type;
a8a1d19e 2297
4ee71b20
JH		 2298 if (!bdaddr_type_is_valid(cp->addr.type))
2299 return cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2300 MGMT_STATUS_INVALID_PARAMS,
2301 &rp, sizeof(rp));
2302
118da70b
JH		 2303 if (cp->disconnect != 0x00 && cp->disconnect != 0x01)
2304 return cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2305 MGMT_STATUS_INVALID_PARAMS,
2306 &rp, sizeof(rp));
2307
4ee71b20
JH		 2308 hci_dev_lock(hdev);
2309
86a8cfc6 2310 if (!hdev_is_powered(hdev)) {
bdb6d971 2311 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
04124681 2312 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
86a8cfc6
JH		 2313 goto unlock;
2314 }
2315
591f47f3 2316 if (cp->addr.type == BDADDR_BREDR)
124f6e35
JH		 2317 err = hci_remove_link_key(hdev, &cp->addr.bdaddr);
2318 else
2319 err = hci_remove_ltk(hdev, &cp->addr.bdaddr);
b0dbfb46 2320
55ed8ca1 2321 if (err < 0) {
bdb6d971 2322 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
04124681 2323 MGMT_STATUS_NOT_PAIRED, &rp, sizeof(rp));
55ed8ca1
JH		 2324 goto unlock;
2325 }
2326
86a8cfc6 2327 if (cp->disconnect) {
591f47f3 2328 if (cp->addr.type == BDADDR_BREDR)
86a8cfc6 2329 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
8ce8e2b5 2330 &cp->addr.bdaddr);
86a8cfc6
JH		 2331 else
2332 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK,
8ce8e2b5 2333 &cp->addr.bdaddr);
86a8cfc6
JH		 2334 } else {
2335 conn = NULL;
2336 }
124f6e35 2337
a8a1d19e 2338 if (!conn) {
bdb6d971 2339 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE, 0,
04124681 2340 &rp, sizeof(rp));
b1078ad0 2341 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, sk);
a8a1d19e
JH		 2342 goto unlock;
2343 }
55ed8ca1 2344
124f6e35 2345 cmd = mgmt_pending_add(sk, MGMT_OP_UNPAIR_DEVICE, hdev, cp,
04124681 2346 sizeof(*cp));
a8a1d19e
JH		 2347 if (!cmd) {
2348 err = -ENOMEM;
2349 goto unlock;
55ed8ca1
JH		 2350 }
2351
eb55ef07 2352 dc.handle = cpu_to_le16(conn->handle);
a8a1d19e
JH		 2353 dc.reason = 0x13; /* Remote User Terminated Connection */
2354 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
2355 if (err < 0)
2356 mgmt_pending_remove(cmd);
2357
55ed8ca1 2358unlock:
09fd0de5 2359 hci_dev_unlock(hdev);
55ed8ca1
JH		 2360 return err;
2361}
2362
bdb6d971 2363static int disconnect(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2364 u16 len)
8962ee74 2365{
650f726d 2366 struct mgmt_cp_disconnect *cp = data;
06a63b19 2367 struct mgmt_rp_disconnect rp;
8962ee74 2368 struct hci_cp_disconnect dc;
366a0336 2369 struct pending_cmd *cmd;
8962ee74 2370 struct hci_conn *conn;
8962ee74
JH		 2371 int err;
2372
2373 BT_DBG("");
2374
06a63b19
JH		 2375 memset(&rp, 0, sizeof(rp));
2376 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2377 rp.addr.type = cp->addr.type;
2378
4ee71b20 2379 if (!bdaddr_type_is_valid(cp->addr.type))
06a63b19
JH		 2380 return cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2381 MGMT_STATUS_INVALID_PARAMS,
2382 &rp, sizeof(rp));
4ee71b20 2383
09fd0de5 2384 hci_dev_lock(hdev);
8962ee74
JH		 2385
2386 if (!test_bit(HCI_UP, &hdev->flags)) {
06a63b19
JH		 2387 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2388 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
8962ee74
JH		 2389 goto failed;
2390 }
2391
2e58ef3e 2392 if (mgmt_pending_find(MGMT_OP_DISCONNECT, hdev)) {
06a63b19
JH		 2393 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2394 MGMT_STATUS_BUSY, &rp, sizeof(rp));
8962ee74
JH		 2395 goto failed;
2396 }
2397
591f47f3 2398 if (cp->addr.type == BDADDR_BREDR)
8fc9ced3
GP		 2399 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
2400 &cp->addr.bdaddr);
88c3df13
JH		 2401 else
2402 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
365227e5 2403
f960727e 2404 if (!conn || conn->state == BT_OPEN || conn->state == BT_CLOSED) {
06a63b19
JH		 2405 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2406 MGMT_STATUS_NOT_CONNECTED, &rp, sizeof(rp));
8962ee74
JH		 2407 goto failed;
2408 }
2409
2e58ef3e 2410 cmd = mgmt_pending_add(sk, MGMT_OP_DISCONNECT, hdev, data, len);
366a0336
JH		 2411 if (!cmd) {
2412 err = -ENOMEM;
8962ee74 2413 goto failed;
366a0336 2414 }
8962ee74 2415
eb55ef07 2416 dc.handle = cpu_to_le16(conn->handle);
3701f944 2417 dc.reason = HCI_ERROR_REMOTE_USER_TERM;
8962ee74
JH		 2418
2419 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
2420 if (err < 0)
a664b5bc 2421 mgmt_pending_remove(cmd);
8962ee74
JH		 2422
2423failed:
09fd0de5 2424 hci_dev_unlock(hdev);
8962ee74
JH		 2425 return err;
2426}
2427
57c1477c 2428static u8 link_to_bdaddr(u8 link_type, u8 addr_type)
4c659c39
JH		 2429{
2430 switch (link_type) {
2431 case LE_LINK:
48264f06
JH		 2432 switch (addr_type) {
2433 case ADDR_LE_DEV_PUBLIC:
591f47f3 2434 return BDADDR_LE_PUBLIC;
0ed09148 2435
48264f06 2436 default:
0ed09148 2437 /* Fallback to LE Random address type */
591f47f3 2438 return BDADDR_LE_RANDOM;
48264f06 2439 }
0ed09148 2440
4c659c39 2441 default:
0ed09148 2442 /* Fallback to BR/EDR type */
591f47f3 2443 return BDADDR_BREDR;
4c659c39
JH		 2444 }
2445}
2446
04124681
GP		 2447static int get_connections(struct sock *sk, struct hci_dev *hdev, void *data,
2448 u16 data_len)
2784eb41 2449{
2784eb41 2450 struct mgmt_rp_get_connections *rp;
8035ded4 2451 struct hci_conn *c;
a38528f1 2452 size_t rp_len;
60fc5fb6
JH		 2453 int err;
2454 u16 i;
2784eb41
JH		 2455
2456 BT_DBG("");
2457
09fd0de5 2458 hci_dev_lock(hdev);
2784eb41 2459
5f97c1df 2460 if (!hdev_is_powered(hdev)) {
bdb6d971 2461 err = cmd_status(sk, hdev->id, MGMT_OP_GET_CONNECTIONS,
04124681 2462 MGMT_STATUS_NOT_POWERED);
5f97c1df
JH		 2463 goto unlock;
2464 }
2465
60fc5fb6 2466 i = 0;
b644ba33
JH		 2467 list_for_each_entry(c, &hdev->conn_hash.list, list) {
2468 if (test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
60fc5fb6 2469 i++;
2784eb41
JH		 2470 }
2471
60fc5fb6 2472 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
92c4c204 2473 rp = kmalloc(rp_len, GFP_KERNEL);
a38528f1 2474 if (!rp) {
2784eb41
JH		 2475 err = -ENOMEM;
2476 goto unlock;
2477 }
2478
2784eb41 2479 i = 0;
4c659c39 2480 list_for_each_entry(c, &hdev->conn_hash.list, list) {
b644ba33
JH		 2481 if (!test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
2482 continue;
4c659c39 2483 bacpy(&rp->addr[i].bdaddr, &c->dst);
57c1477c 2484 rp->addr[i].type = link_to_bdaddr(c->type, c->dst_type);
0ed09148 2485 if (c->type == SCO_LINK || c->type == ESCO_LINK)
4c659c39
JH		 2486 continue;
2487 i++;
2488 }
2489
eb55ef07 2490 rp->conn_count = cpu_to_le16(i);
60fc5fb6 2491
4c659c39
JH		 2492 /* Recalculate length in case of filtered SCO connections, etc */
2493 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
2784eb41 2494
bdb6d971 2495 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CONNECTIONS, 0, rp,
04124681 2496 rp_len);
2784eb41 2497
a38528f1 2498 kfree(rp);
5f97c1df
JH		 2499
2500unlock:
09fd0de5 2501 hci_dev_unlock(hdev);
2784eb41
JH		 2502 return err;
2503}
2504
bdb6d971 2505static int send_pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 2506 struct mgmt_cp_pin_code_neg_reply *cp)
96d97a67
WR		 2507{
2508 struct pending_cmd *cmd;
2509 int err;
2510
2e58ef3e 2511 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_NEG_REPLY, hdev, cp,
04124681 2512 sizeof(*cp));
96d97a67
WR		 2513 if (!cmd)
2514 return -ENOMEM;
2515
d8457698 2516 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
04124681 2517 sizeof(cp->addr.bdaddr), &cp->addr.bdaddr);
96d97a67
WR		 2518 if (err < 0)
2519 mgmt_pending_remove(cmd);
2520
2521 return err;
2522}
2523
bdb6d971 2524static int pin_code_reply(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2525 u16 len)
980e1a53 2526{
96d97a67 2527 struct hci_conn *conn;
650f726d 2528 struct mgmt_cp_pin_code_reply *cp = data;
980e1a53 2529 struct hci_cp_pin_code_reply reply;
366a0336 2530 struct pending_cmd *cmd;
980e1a53
JH		 2531 int err;
2532
2533 BT_DBG("");
2534
09fd0de5 2535 hci_dev_lock(hdev);
980e1a53 2536
4b34ee78 2537 if (!hdev_is_powered(hdev)) {
bdb6d971 2538 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
04124681 2539 MGMT_STATUS_NOT_POWERED);
980e1a53
JH		 2540 goto failed;
2541 }
2542
d8457698 2543 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->addr.bdaddr);
96d97a67 2544 if (!conn) {
bdb6d971 2545 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
04124681 2546 MGMT_STATUS_NOT_CONNECTED);
96d97a67
WR		 2547 goto failed;
2548 }
2549
2550 if (conn->pending_sec_level == BT_SECURITY_HIGH && cp->pin_len != 16) {
d8457698
JH		 2551 struct mgmt_cp_pin_code_neg_reply ncp;
2552
2553 memcpy(&ncp.addr, &cp->addr, sizeof(ncp.addr));
96d97a67
WR		 2554
2555 BT_ERR("PIN code is not 16 bytes long");
2556
bdb6d971 2557 err = send_pin_code_neg_reply(sk, hdev, &ncp);
96d97a67 2558 if (err >= 0)
bdb6d971 2559 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
04124681 2560 MGMT_STATUS_INVALID_PARAMS);
96d97a67
WR		 2561
2562 goto failed;
2563 }
2564
00abfe44 2565 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_REPLY, hdev, data, len);
366a0336
JH		 2566 if (!cmd) {
2567 err = -ENOMEM;
980e1a53 2568 goto failed;
366a0336 2569 }
980e1a53 2570
d8457698 2571 bacpy(&reply.bdaddr, &cp->addr.bdaddr);
980e1a53 2572 reply.pin_len = cp->pin_len;
24718ca5 2573 memcpy(reply.pin_code, cp->pin_code, sizeof(reply.pin_code));
980e1a53
JH		 2574
2575 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_REPLY, sizeof(reply), &reply);
2576 if (err < 0)
a664b5bc 2577 mgmt_pending_remove(cmd);
980e1a53
JH		 2578
2579failed:
09fd0de5 2580 hci_dev_unlock(hdev);
980e1a53
JH		 2581 return err;
2582}
2583
04124681
GP		 2584static int set_io_capability(struct sock *sk, struct hci_dev *hdev, void *data,
2585 u16 len)
17fa4b9d 2586{
650f726d 2587 struct mgmt_cp_set_io_capability *cp = data;
17fa4b9d
JH		 2588
2589 BT_DBG("");
2590
09fd0de5 2591 hci_dev_lock(hdev);
17fa4b9d
JH		 2592
2593 hdev->io_capability = cp->io_capability;
2594
2595 BT_DBG("%s IO capability set to 0x%02x", hdev->name,
8ce8e2b5 2596 hdev->io_capability);
17fa4b9d 2597
09fd0de5 2598 hci_dev_unlock(hdev);
17fa4b9d 2599
04124681
GP		 2600 return cmd_complete(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY, 0, NULL,
2601 0);
17fa4b9d
JH		 2602}
2603
6039aa73 2604static struct pending_cmd *find_pairing(struct hci_conn *conn)
e9a416b5
JH		 2605{
2606 struct hci_dev *hdev = conn->hdev;
8035ded4 2607 struct pending_cmd *cmd;
e9a416b5 2608
2e58ef3e 2609 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
e9a416b5
JH		 2610 if (cmd->opcode != MGMT_OP_PAIR_DEVICE)
2611 continue;
2612
e9a416b5
JH		 2613 if (cmd->user_data != conn)
2614 continue;
2615
2616 return cmd;
2617 }
2618
2619 return NULL;
2620}
2621
2622static void pairing_complete(struct pending_cmd *cmd, u8 status)
2623{
2624 struct mgmt_rp_pair_device rp;
2625 struct hci_conn *conn = cmd->user_data;
2626
ba4e564f 2627 bacpy(&rp.addr.bdaddr, &conn->dst);
57c1477c 2628 rp.addr.type = link_to_bdaddr(conn->type, conn->dst_type);
e9a416b5 2629
aee9b218 2630 cmd_complete(cmd->sk, cmd->index, MGMT_OP_PAIR_DEVICE, status,
04124681 2631 &rp, sizeof(rp));
e9a416b5
JH		 2632
2633 /* So we don't get further callbacks for this connection */
2634 conn->connect_cfm_cb = NULL;
2635 conn->security_cfm_cb = NULL;
2636 conn->disconn_cfm_cb = NULL;
2637
76a68ba0 2638 hci_conn_drop(conn);
e9a416b5 2639
a664b5bc 2640 mgmt_pending_remove(cmd);
e9a416b5
JH		 2641}
2642
2643static void pairing_complete_cb(struct hci_conn *conn, u8 status)
2644{
2645 struct pending_cmd *cmd;
2646
2647 BT_DBG("status %u", status);
2648
2649 cmd = find_pairing(conn);
56e5cb86 2650 if (!cmd)
e9a416b5 2651 BT_DBG("Unable to find a pending command");
56e5cb86 2652 else
e211326c 2653 pairing_complete(cmd, mgmt_status(status));
e9a416b5
JH		 2654}
2655
4c47d739
VA		 2656static void le_connect_complete_cb(struct hci_conn *conn, u8 status)
2657{
2658 struct pending_cmd *cmd;
2659
2660 BT_DBG("status %u", status);
2661
2662 if (!status)
2663 return;
2664
2665 cmd = find_pairing(conn);
2666 if (!cmd)
2667 BT_DBG("Unable to find a pending command");
2668 else
2669 pairing_complete(cmd, mgmt_status(status));
2670}
2671
bdb6d971 2672static int pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2673 u16 len)
e9a416b5 2674{
650f726d 2675 struct mgmt_cp_pair_device *cp = data;
1425acb7 2676 struct mgmt_rp_pair_device rp;
e9a416b5
JH		 2677 struct pending_cmd *cmd;
2678 u8 sec_level, auth_type;
2679 struct hci_conn *conn;
e9a416b5
JH		 2680 int err;
2681
2682 BT_DBG("");
2683
f950a30e
SJ		 2684 memset(&rp, 0, sizeof(rp));
2685 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2686 rp.addr.type = cp->addr.type;
2687
4ee71b20
JH		 2688 if (!bdaddr_type_is_valid(cp->addr.type))
2689 return cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2690 MGMT_STATUS_INVALID_PARAMS,
2691 &rp, sizeof(rp));
2692
09fd0de5 2693 hci_dev_lock(hdev);
e9a416b5 2694
5f97c1df 2695 if (!hdev_is_powered(hdev)) {
f950a30e
SJ		 2696 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2697 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
5f97c1df
JH		 2698 goto unlock;
2699 }
2700
c908df36
VCG		 2701 sec_level = BT_SECURITY_MEDIUM;
2702 if (cp->io_cap == 0x03)
e9a416b5 2703 auth_type = HCI_AT_DEDICATED_BONDING;
c908df36 2704 else
e9a416b5 2705 auth_type = HCI_AT_DEDICATED_BONDING_MITM;
e9a416b5 2706
591f47f3 2707 if (cp->addr.type == BDADDR_BREDR)
b12f62cf
AG		 2708 conn = hci_connect(hdev, ACL_LINK, &cp->addr.bdaddr,
2709 cp->addr.type, sec_level, auth_type);
7a512d01 2710 else
b12f62cf
AG		 2711 conn = hci_connect(hdev, LE_LINK, &cp->addr.bdaddr,
2712 cp->addr.type, sec_level, auth_type);
7a512d01 2713
30e76272 2714 if (IS_ERR(conn)) {
489dc48e
AK		 2715 int status;
2716
2717 if (PTR_ERR(conn) == -EBUSY)
2718 status = MGMT_STATUS_BUSY;
2719 else
2720 status = MGMT_STATUS_CONNECT_FAILED;
2721
bdb6d971 2722 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
489dc48e 2723 status, &rp,
04124681 2724 sizeof(rp));
e9a416b5
JH		 2725 goto unlock;
2726 }
2727
2728 if (conn->connect_cfm_cb) {
76a68ba0 2729 hci_conn_drop(conn);
bdb6d971 2730 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
04124681 2731 MGMT_STATUS_BUSY, &rp, sizeof(rp));
e9a416b5
JH		 2732 goto unlock;
2733 }
2734
2e58ef3e 2735 cmd = mgmt_pending_add(sk, MGMT_OP_PAIR_DEVICE, hdev, data, len);
e9a416b5
JH		 2736 if (!cmd) {
2737 err = -ENOMEM;
76a68ba0 2738 hci_conn_drop(conn);
e9a416b5
JH		 2739 goto unlock;
2740 }
2741
7a512d01 2742 /* For LE, just connecting isn't a proof that the pairing finished */
591f47f3 2743 if (cp->addr.type == BDADDR_BREDR)
7a512d01 2744 conn->connect_cfm_cb = pairing_complete_cb;
4c47d739
VA		 2745 else
2746 conn->connect_cfm_cb = le_connect_complete_cb;
7a512d01 2747
e9a416b5
JH		 2748 conn->security_cfm_cb = pairing_complete_cb;
2749 conn->disconn_cfm_cb = pairing_complete_cb;
2750 conn->io_capability = cp->io_cap;
2751 cmd->user_data = conn;
2752
2753 if (conn->state == BT_CONNECTED &&
8ce8e2b5 2754 hci_conn_security(conn, sec_level, auth_type))
e9a416b5
JH		 2755 pairing_complete(cmd, 0);
2756
2757 err = 0;
2758
2759unlock:
09fd0de5 2760 hci_dev_unlock(hdev);
e9a416b5
JH		 2761 return err;
2762}
2763
04124681
GP		 2764static int cancel_pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
2765 u16 len)
28424707 2766{
0f4e68cf 2767 struct mgmt_addr_info *addr = data;
28424707
JH		 2768 struct pending_cmd *cmd;
2769 struct hci_conn *conn;
2770 int err;
2771
2772 BT_DBG("");
2773
28424707
JH		 2774 hci_dev_lock(hdev);
2775
5f97c1df 2776 if (!hdev_is_powered(hdev)) {
bdb6d971 2777 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
04124681 2778 MGMT_STATUS_NOT_POWERED);
5f97c1df
JH		 2779 goto unlock;
2780 }
2781
28424707
JH		 2782 cmd = mgmt_pending_find(MGMT_OP_PAIR_DEVICE, hdev);
2783 if (!cmd) {
bdb6d971 2784 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
04124681 2785 MGMT_STATUS_INVALID_PARAMS);
28424707
JH		 2786 goto unlock;
2787 }
2788
2789 conn = cmd->user_data;
2790
2791 if (bacmp(&addr->bdaddr, &conn->dst) != 0) {
bdb6d971 2792 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
04124681 2793 MGMT_STATUS_INVALID_PARAMS);
28424707
JH		 2794 goto unlock;
2795 }
2796
2797 pairing_complete(cmd, MGMT_STATUS_CANCELLED);
2798
bdb6d971 2799 err = cmd_complete(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE, 0,
04124681 2800 addr, sizeof(*addr));
28424707
JH		 2801unlock:
2802 hci_dev_unlock(hdev);
28424707
JH		 2803 return err;
2804}
2805
bdb6d971 2806static int user_pairing_resp(struct sock *sk, struct hci_dev *hdev,
1707c60e 2807 struct mgmt_addr_info *addr, u16 mgmt_op,
04124681 2808 u16 hci_op, __le32 passkey)
a5c29683 2809{
a5c29683 2810 struct pending_cmd *cmd;
0df4c185 2811 struct hci_conn *conn;
a5c29683
JH		 2812 int err;
2813
09fd0de5 2814 hci_dev_lock(hdev);
08ba5382 2815
4b34ee78 2816 if (!hdev_is_powered(hdev)) {
feb94d3d
JH		 2817 err = cmd_complete(sk, hdev->id, mgmt_op,
2818 MGMT_STATUS_NOT_POWERED, addr,
2819 sizeof(*addr));
0df4c185 2820 goto done;
a5c29683
JH		 2821 }
2822
1707c60e
JH		 2823 if (addr->type == BDADDR_BREDR)
2824 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &addr->bdaddr);
272d90df 2825 else
1707c60e 2826 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &addr->bdaddr);
272d90df
JH		 2827
2828 if (!conn) {
feb94d3d
JH		 2829 err = cmd_complete(sk, hdev->id, mgmt_op,
2830 MGMT_STATUS_NOT_CONNECTED, addr,
2831 sizeof(*addr));
272d90df
JH		 2832 goto done;
2833 }
47c15e2b 2834
1707c60e 2835 if (addr->type == BDADDR_LE_PUBLIC || addr->type == BDADDR_LE_RANDOM) {
47c15e2b 2836 /* Continue with pairing via SMP */
5fe57d9e
BG		 2837 err = smp_user_confirm_reply(conn, mgmt_op, passkey);
2838
2839 if (!err)
feb94d3d
JH		 2840 err = cmd_complete(sk, hdev->id, mgmt_op,
2841 MGMT_STATUS_SUCCESS, addr,
2842 sizeof(*addr));
5fe57d9e 2843 else
feb94d3d
JH		 2844 err = cmd_complete(sk, hdev->id, mgmt_op,
2845 MGMT_STATUS_FAILED, addr,
2846 sizeof(*addr));
47c15e2b 2847
47c15e2b
BG		 2848 goto done;
2849 }
2850
1707c60e 2851 cmd = mgmt_pending_add(sk, mgmt_op, hdev, addr, sizeof(*addr));
a5c29683
JH		 2852 if (!cmd) {
2853 err = -ENOMEM;
0df4c185 2854 goto done;
a5c29683
JH		 2855 }
2856
0df4c185 2857 /* Continue with pairing via HCI */
604086b7
BG		 2858 if (hci_op == HCI_OP_USER_PASSKEY_REPLY) {
2859 struct hci_cp_user_passkey_reply cp;
2860
1707c60e 2861 bacpy(&cp.bdaddr, &addr->bdaddr);
604086b7
BG		 2862 cp.passkey = passkey;
2863 err = hci_send_cmd(hdev, hci_op, sizeof(cp), &cp);
2864 } else
1707c60e
JH		 2865 err = hci_send_cmd(hdev, hci_op, sizeof(addr->bdaddr),
2866 &addr->bdaddr);
604086b7 2867
a664b5bc
JH		 2868 if (err < 0)
2869 mgmt_pending_remove(cmd);
a5c29683 2870
0df4c185 2871done:
09fd0de5 2872 hci_dev_unlock(hdev);
a5c29683
JH		 2873 return err;
2874}
2875
afeb019d
JK		 2876static int pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
2877 void *data, u16 len)
2878{
2879 struct mgmt_cp_pin_code_neg_reply *cp = data;
2880
2881 BT_DBG("");
2882
1707c60e 2883 return user_pairing_resp(sk, hdev, &cp->addr,
afeb019d
JK		 2884 MGMT_OP_PIN_CODE_NEG_REPLY,
2885 HCI_OP_PIN_CODE_NEG_REPLY, 0);
2886}
2887
04124681
GP		 2888static int user_confirm_reply(struct sock *sk, struct hci_dev *hdev, void *data,
2889 u16 len)
0df4c185 2890{
650f726d 2891 struct mgmt_cp_user_confirm_reply *cp = data;
0df4c185
BG		 2892
2893 BT_DBG("");
2894
2895 if (len != sizeof(*cp))
bdb6d971 2896 return cmd_status(sk, hdev->id, MGMT_OP_USER_CONFIRM_REPLY,
04124681 2897 MGMT_STATUS_INVALID_PARAMS);
0df4c185 2898
1707c60e 2899 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 2900 MGMT_OP_USER_CONFIRM_REPLY,
2901 HCI_OP_USER_CONFIRM_REPLY, 0);
0df4c185
BG		 2902}
2903
bdb6d971 2904static int user_confirm_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 2905 void *data, u16 len)
0df4c185 2906{
c9c2659f 2907 struct mgmt_cp_user_confirm_neg_reply *cp = data;
0df4c185
BG		 2908
2909 BT_DBG("");
2910
1707c60e 2911 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 2912 MGMT_OP_USER_CONFIRM_NEG_REPLY,
2913 HCI_OP_USER_CONFIRM_NEG_REPLY, 0);
0df4c185
BG		 2914}
2915
04124681
GP		 2916static int user_passkey_reply(struct sock *sk, struct hci_dev *hdev, void *data,
2917 u16 len)
604086b7 2918{
650f726d 2919 struct mgmt_cp_user_passkey_reply *cp = data;
604086b7
BG		 2920
2921 BT_DBG("");
2922
1707c60e 2923 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 2924 MGMT_OP_USER_PASSKEY_REPLY,
2925 HCI_OP_USER_PASSKEY_REPLY, cp->passkey);
604086b7
BG		 2926}
2927
bdb6d971 2928static int user_passkey_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 2929 void *data, u16 len)
604086b7 2930{
650f726d 2931 struct mgmt_cp_user_passkey_neg_reply *cp = data;
604086b7
BG		 2932
2933 BT_DBG("");
2934
1707c60e 2935 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 2936 MGMT_OP_USER_PASSKEY_NEG_REPLY,
2937 HCI_OP_USER_PASSKEY_NEG_REPLY, 0);
604086b7
BG		 2938}
2939
13928971 2940static void update_name(struct hci_request *req)
2b4bf397 2941{
13928971 2942 struct hci_dev *hdev = req->hdev;
2b4bf397
JH		 2943 struct hci_cp_write_local_name cp;
2944
13928971 2945 memcpy(cp.name, hdev->dev_name, sizeof(cp.name));
2b4bf397 2946
890ea898 2947 hci_req_add(req, HCI_OP_WRITE_LOCAL_NAME, sizeof(cp), &cp);
2b4bf397
JH		 2948}
2949
13928971
JH		 2950static void set_name_complete(struct hci_dev *hdev, u8 status)
2951{
2952 struct mgmt_cp_set_local_name *cp;
2953 struct pending_cmd *cmd;
2954
2955 BT_DBG("status 0x%02x", status);
2956
2957 hci_dev_lock(hdev);
2958
2959 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
2960 if (!cmd)
2961 goto unlock;
2962
2963 cp = cmd->param;
2964
2965 if (status)
2966 cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME,
2967 mgmt_status(status));
2968 else
2969 cmd_complete(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
2970 cp, sizeof(*cp));
2971
2972 mgmt_pending_remove(cmd);
2973
2974unlock:
2975 hci_dev_unlock(hdev);
2976}
2977
bdb6d971 2978static int set_local_name(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2979 u16 len)
b312b161 2980{
2b4bf397 2981 struct mgmt_cp_set_local_name *cp = data;
b312b161 2982 struct pending_cmd *cmd;
890ea898 2983 struct hci_request req;
b312b161
JH		 2984 int err;
2985
2986 BT_DBG("");
2987
09fd0de5 2988 hci_dev_lock(hdev);
b312b161 2989
b3f2ca94
JH		 2990 /* If the old values are the same as the new ones just return a
2991 * direct command complete event.
2992 */
2993 if (!memcmp(hdev->dev_name, cp->name, sizeof(hdev->dev_name)) &&
2994 !memcmp(hdev->short_name, cp->short_name,
2995 sizeof(hdev->short_name))) {
2996 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
2997 data, len);
2998 goto failed;
2999 }
3000
2b4bf397 3001 memcpy(hdev->short_name, cp->short_name, sizeof(hdev->short_name));
28cc7bde 3002
b5235a65 3003 if (!hdev_is_powered(hdev)) {
2b4bf397 3004 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
28cc7bde
JH		 3005
3006 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
04124681 3007 data, len);
28cc7bde
JH		 3008 if (err < 0)
3009 goto failed;
3010
3011 err = mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, data, len,
04124681 3012 sk);
28cc7bde 3013
b5235a65
JH		 3014 goto failed;
3015 }
3016
28cc7bde 3017 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LOCAL_NAME, hdev, data, len);
b312b161
JH		 3018 if (!cmd) {
3019 err = -ENOMEM;
3020 goto failed;
3021 }
3022
13928971
JH		 3023 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
3024
890ea898 3025 hci_req_init(&req, hdev);
3f985050
JH		 3026
3027 if (lmp_bredr_capable(hdev)) {
3028 update_name(&req);
3029 update_eir(&req);
3030 }
3031
7a5f4990
MH		 3032 /* The name is stored in the scan response data and so
3033 * no need to udpate the advertising data here.
3034 */
3f985050 3035 if (lmp_le_capable(hdev))
7a5f4990 3036 update_scan_rsp_data(&req);
3f985050 3037
13928971 3038 err = hci_req_run(&req, set_name_complete);
b312b161
JH		 3039 if (err < 0)
3040 mgmt_pending_remove(cmd);
3041
3042failed:
09fd0de5 3043 hci_dev_unlock(hdev);
b312b161
JH		 3044 return err;
3045}
3046
0f4e68cf 3047static int read_local_oob_data(struct sock *sk, struct hci_dev *hdev,
04124681 3048 void *data, u16 data_len)
c35938b2 3049{
c35938b2
SJ		 3050 struct pending_cmd *cmd;
3051 int err;
3052
bdb6d971 3053 BT_DBG("%s", hdev->name);
c35938b2 3054
09fd0de5 3055 hci_dev_lock(hdev);
c35938b2 3056
4b34ee78 3057 if (!hdev_is_powered(hdev)) {
bdb6d971 3058 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
04124681 3059 MGMT_STATUS_NOT_POWERED);
c35938b2
SJ		 3060 goto unlock;
3061 }
3062
9a1a1996 3063 if (!lmp_ssp_capable(hdev)) {
bdb6d971 3064 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
04124681 3065 MGMT_STATUS_NOT_SUPPORTED);
c35938b2
SJ		 3066 goto unlock;
3067 }
3068
2e58ef3e 3069 if (mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev)) {
bdb6d971 3070 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
04124681 3071 MGMT_STATUS_BUSY);
c35938b2
SJ		 3072 goto unlock;
3073 }
3074
2e58ef3e 3075 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_DATA, hdev, NULL, 0);
c35938b2
SJ		 3076 if (!cmd) {
3077 err = -ENOMEM;
3078 goto unlock;
3079 }
3080
3081 err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL);
3082 if (err < 0)
3083 mgmt_pending_remove(cmd);
3084
3085unlock:
09fd0de5 3086 hci_dev_unlock(hdev);
c35938b2
SJ		 3087 return err;
3088}
3089
bdb6d971 3090static int add_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
04124681 3091 void *data, u16 len)
2763eda6 3092{
650f726d 3093 struct mgmt_cp_add_remote_oob_data *cp = data;
bf1e3541 3094 u8 status;
2763eda6
SJ		 3095 int err;
3096
bdb6d971 3097 BT_DBG("%s ", hdev->name);
2763eda6 3098
09fd0de5 3099 hci_dev_lock(hdev);
2763eda6 3100
664ce4cc 3101 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr, cp->hash,
04124681 3102 cp->randomizer);
2763eda6 3103 if (err < 0)
bf1e3541 3104 status = MGMT_STATUS_FAILED;
2763eda6 3105 else
a6785be2 3106 status = MGMT_STATUS_SUCCESS;
bf1e3541 3107
bdb6d971 3108 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA, status,
04124681 3109 &cp->addr, sizeof(cp->addr));
2763eda6 3110
09fd0de5 3111 hci_dev_unlock(hdev);
2763eda6
SJ		 3112 return err;
3113}
3114
bdb6d971 3115static int remove_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
8ce8e2b5 3116 void *data, u16 len)
2763eda6 3117{
650f726d 3118 struct mgmt_cp_remove_remote_oob_data *cp = data;
bf1e3541 3119 u8 status;
2763eda6
SJ		 3120 int err;
3121
bdb6d971 3122 BT_DBG("%s", hdev->name);
2763eda6 3123
09fd0de5 3124 hci_dev_lock(hdev);
2763eda6 3125
664ce4cc 3126 err = hci_remove_remote_oob_data(hdev, &cp->addr.bdaddr);
2763eda6 3127 if (err < 0)
bf1e3541 3128 status = MGMT_STATUS_INVALID_PARAMS;
2763eda6 3129 else
a6785be2 3130 status = MGMT_STATUS_SUCCESS;
bf1e3541 3131
bdb6d971 3132 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
04124681 3133 status, &cp->addr, sizeof(cp->addr));
2763eda6 3134
09fd0de5 3135 hci_dev_unlock(hdev);
2763eda6
SJ		 3136 return err;
3137}
3138
41dc2bd6
AG		 3139static int mgmt_start_discovery_failed(struct hci_dev *hdev, u8 status)
3140{
3141 struct pending_cmd *cmd;
3142 u8 type;
3143 int err;
3144
3145 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
3146
3147 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
3148 if (!cmd)
3149 return -ENOENT;
3150
3151 type = hdev->discovery.type;
3152
3153 err = cmd_complete(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status),
3154 &type, sizeof(type));
3155 mgmt_pending_remove(cmd);
3156
3157 return err;
3158}
3159
7c307720
AG		 3160static void start_discovery_complete(struct hci_dev *hdev, u8 status)
3161{
3162 BT_DBG("status %d", status);
3163
3164 if (status) {
3165 hci_dev_lock(hdev);
3166 mgmt_start_discovery_failed(hdev, status);
3167 hci_dev_unlock(hdev);
3168 return;
3169 }
3170
3171 hci_dev_lock(hdev);
3172 hci_discovery_set_state(hdev, DISCOVERY_FINDING);
3173 hci_dev_unlock(hdev);
3174
3175 switch (hdev->discovery.type) {
3176 case DISCOV_TYPE_LE:
3177 queue_delayed_work(hdev->workqueue, &hdev->le_scan_disable,
0d8cc935 3178 DISCOV_LE_TIMEOUT);
7c307720
AG		 3179 break;
3180
3181 case DISCOV_TYPE_INTERLEAVED:
3182 queue_delayed_work(hdev->workqueue, &hdev->le_scan_disable,
0d8cc935 3183 DISCOV_INTERLEAVED_TIMEOUT);
7c307720
AG		 3184 break;
3185
3186 case DISCOV_TYPE_BREDR:
3187 break;
3188
3189 default:
3190 BT_ERR("Invalid discovery type %d", hdev->discovery.type);
3191 }
3192}
3193
bdb6d971 3194static int start_discovery(struct sock *sk, struct hci_dev *hdev,
04124681 3195 void *data, u16 len)
14a53664 3196{
650f726d 3197 struct mgmt_cp_start_discovery *cp = data;
14a53664 3198 struct pending_cmd *cmd;
7c307720
AG		 3199 struct hci_cp_le_set_scan_param param_cp;
3200 struct hci_cp_le_set_scan_enable enable_cp;
3201 struct hci_cp_inquiry inq_cp;
3202 struct hci_request req;
3203 /* General inquiry access code (GIAC) */
3204 u8 lap[3] = { 0x33, 0x8b, 0x9e };
e6fe7986 3205 u8 status;
14a53664
JH		 3206 int err;
3207
bdb6d971 3208 BT_DBG("%s", hdev->name);
14a53664 3209
09fd0de5 3210 hci_dev_lock(hdev);
14a53664 3211
4b34ee78 3212 if (!hdev_is_powered(hdev)) {
bdb6d971 3213 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
04124681 3214 MGMT_STATUS_NOT_POWERED);
bd2d1334
JH		 3215 goto failed;
3216 }
3217
642be6c7
AG		 3218 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags)) {
3219 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3220 MGMT_STATUS_BUSY);
3221 goto failed;
3222 }
3223
ff9ef578 3224 if (hdev->discovery.state != DISCOVERY_STOPPED) {
bdb6d971 3225 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
04124681 3226 MGMT_STATUS_BUSY);
ff9ef578
JH		 3227 goto failed;
3228 }
3229
2e58ef3e 3230 cmd = mgmt_pending_add(sk, MGMT_OP_START_DISCOVERY, hdev, NULL, 0);
14a53664
JH		 3231 if (!cmd) {
3232 err = -ENOMEM;
3233 goto failed;
3234 }
3235
4aab14e5
AG		 3236 hdev->discovery.type = cp->type;
3237
7c307720
AG		 3238 hci_req_init(&req, hdev);
3239
4aab14e5 3240 switch (hdev->discovery.type) {
f39799f5 3241 case DISCOV_TYPE_BREDR:
e6fe7986
JH		 3242 status = mgmt_bredr_support(hdev);
3243 if (status) {
04106755 3244 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
e6fe7986 3245 status);
04106755
JH		 3246 mgmt_pending_remove(cmd);
3247 goto failed;
3248 }
3249
7c307720
AG		 3250 if (test_bit(HCI_INQUIRY, &hdev->flags)) {
3251 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3252 MGMT_STATUS_BUSY);
3253 mgmt_pending_remove(cmd);
3254 goto failed;
3255 }
3256
3257 hci_inquiry_cache_flush(hdev);
3258
3259 memset(&inq_cp, 0, sizeof(inq_cp));
3260 memcpy(&inq_cp.lap, lap, sizeof(inq_cp.lap));
0d8cc935 3261 inq_cp.length = DISCOV_BREDR_INQUIRY_LEN;
7c307720 3262 hci_req_add(&req, HCI_OP_INQUIRY, sizeof(inq_cp), &inq_cp);
f39799f5
AG		 3263 break;
3264
3265 case DISCOV_TYPE_LE:
7c307720 3266 case DISCOV_TYPE_INTERLEAVED:
e6fe7986
JH		 3267 status = mgmt_le_support(hdev);
3268 if (status) {
04106755 3269 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
e6fe7986 3270 status);
04106755
JH		 3271 mgmt_pending_remove(cmd);
3272 goto failed;
3273 }
3274
7c307720 3275 if (hdev->discovery.type == DISCOV_TYPE_INTERLEAVED &&
56f87901 3276 !test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
04106755
JH		 3277 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3278 MGMT_STATUS_NOT_SUPPORTED);
3279 mgmt_pending_remove(cmd);
3280 goto failed;
3281 }
3282
f3d3444a 3283 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags)) {
7c307720
AG		 3284 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3285 MGMT_STATUS_REJECTED);
3286 mgmt_pending_remove(cmd);
3287 goto failed;
3288 }
3289
3290 if (test_bit(HCI_LE_SCAN, &hdev->dev_flags)) {
3291 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3292 MGMT_STATUS_BUSY);
3293 mgmt_pending_remove(cmd);
3294 goto failed;
3295 }
3296
3297 memset(&param_cp, 0, sizeof(param_cp));
3298 param_cp.type = LE_SCAN_ACTIVE;
0d8cc935
AG		 3299 param_cp.interval = cpu_to_le16(DISCOV_LE_SCAN_INT);
3300 param_cp.window = cpu_to_le16(DISCOV_LE_SCAN_WIN);
79830f66 3301 param_cp.own_address_type = hdev->own_addr_type;
7c307720
AG		 3302 hci_req_add(&req, HCI_OP_LE_SET_SCAN_PARAM, sizeof(param_cp),
3303 &param_cp);
3304
3305 memset(&enable_cp, 0, sizeof(enable_cp));
3306 enable_cp.enable = LE_SCAN_ENABLE;
3307 enable_cp.filter_dup = LE_SCAN_FILTER_DUP_ENABLE;
3308 hci_req_add(&req, HCI_OP_LE_SET_SCAN_ENABLE, sizeof(enable_cp),
3309 &enable_cp);
5e0452c0
AG		 3310 break;
3311
f39799f5 3312 default:
04106755
JH		 3313 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3314 MGMT_STATUS_INVALID_PARAMS);
3315 mgmt_pending_remove(cmd);
3316 goto failed;
f39799f5 3317 }
3fd24153 3318
7c307720 3319 err = hci_req_run(&req, start_discovery_complete);
14a53664
JH		 3320 if (err < 0)
3321 mgmt_pending_remove(cmd);
ff9ef578
JH		 3322 else
3323 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
14a53664
JH		 3324
3325failed:
09fd0de5 3326 hci_dev_unlock(hdev);
14a53664
JH		 3327 return err;
3328}
3329
1183fdca
AG		 3330static int mgmt_stop_discovery_failed(struct hci_dev *hdev, u8 status)
3331{
3332 struct pending_cmd *cmd;
3333 int err;
3334
3335 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
3336 if (!cmd)
3337 return -ENOENT;
3338
3339 err = cmd_complete(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status),
3340 &hdev->discovery.type, sizeof(hdev->discovery.type));
3341 mgmt_pending_remove(cmd);
3342
3343 return err;
3344}
3345
0e05bba6
AG		 3346static void stop_discovery_complete(struct hci_dev *hdev, u8 status)
3347{
3348 BT_DBG("status %d", status);
3349
3350 hci_dev_lock(hdev);
3351
3352 if (status) {
3353 mgmt_stop_discovery_failed(hdev, status);
3354 goto unlock;
3355 }
3356
3357 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
3358
3359unlock:
3360 hci_dev_unlock(hdev);
3361}
3362
bdb6d971 3363static int stop_discovery(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3364 u16 len)
14a53664 3365{
d930650b 3366 struct mgmt_cp_stop_discovery *mgmt_cp = data;
14a53664 3367 struct pending_cmd *cmd;
30dc78e1
JH		 3368 struct hci_cp_remote_name_req_cancel cp;
3369 struct inquiry_entry *e;
0e05bba6
AG		 3370 struct hci_request req;
3371 struct hci_cp_le_set_scan_enable enable_cp;
14a53664
JH		 3372 int err;
3373
bdb6d971 3374 BT_DBG("%s", hdev->name);
14a53664 3375
09fd0de5 3376 hci_dev_lock(hdev);
14a53664 3377
30dc78e1 3378 if (!hci_discovery_active(hdev)) {
bdb6d971 3379 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
04124681
GP		 3380 MGMT_STATUS_REJECTED, &mgmt_cp->type,
3381 sizeof(mgmt_cp->type));
d930650b
JH		 3382 goto unlock;
3383 }
3384
3385 if (hdev->discovery.type != mgmt_cp->type) {
bdb6d971 3386 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
04124681
GP		 3387 MGMT_STATUS_INVALID_PARAMS, &mgmt_cp->type,
3388 sizeof(mgmt_cp->type));
30dc78e1 3389 goto unlock;
ff9ef578
JH		 3390 }
3391
2e58ef3e 3392 cmd = mgmt_pending_add(sk, MGMT_OP_STOP_DISCOVERY, hdev, NULL, 0);
14a53664
JH		 3393 if (!cmd) {
3394 err = -ENOMEM;
30dc78e1
JH		 3395 goto unlock;
3396 }
3397
0e05bba6
AG		 3398 hci_req_init(&req, hdev);
3399
e0d9727e
AG		 3400 switch (hdev->discovery.state) {
3401 case DISCOVERY_FINDING:
0e05bba6
AG		 3402 if (test_bit(HCI_INQUIRY, &hdev->flags)) {
3403 hci_req_add(&req, HCI_OP_INQUIRY_CANCEL, 0, NULL);
3404 } else {
3405 cancel_delayed_work(&hdev->le_scan_disable);
3406
3407 memset(&enable_cp, 0, sizeof(enable_cp));
3408 enable_cp.enable = LE_SCAN_DISABLE;
3409 hci_req_add(&req, HCI_OP_LE_SET_SCAN_ENABLE,
3410 sizeof(enable_cp), &enable_cp);
3411 }
c9ecc48e 3412
e0d9727e
AG		 3413 break;
3414
3415 case DISCOVERY_RESOLVING:
3416 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY,
8ce8e2b5 3417 NAME_PENDING);
e0d9727e 3418 if (!e) {
30dc78e1 3419 mgmt_pending_remove(cmd);
e0d9727e
AG		 3420 err = cmd_complete(sk, hdev->id,
3421 MGMT_OP_STOP_DISCOVERY, 0,
3422 &mgmt_cp->type,
3423 sizeof(mgmt_cp->type));
3424 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
3425 goto unlock;
3426 }
30dc78e1 3427
e0d9727e 3428 bacpy(&cp.bdaddr, &e->data.bdaddr);
0e05bba6
AG		 3429 hci_req_add(&req, HCI_OP_REMOTE_NAME_REQ_CANCEL, sizeof(cp),
3430 &cp);
e0d9727e
AG		 3431
3432 break;
3433
3434 default:
3435 BT_DBG("unknown discovery state %u", hdev->discovery.state);
0e05bba6
AG		 3436
3437 mgmt_pending_remove(cmd);
3438 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
3439 MGMT_STATUS_FAILED, &mgmt_cp->type,
3440 sizeof(mgmt_cp->type));
3441 goto unlock;
14a53664
JH		 3442 }
3443
0e05bba6 3444 err = hci_req_run(&req, stop_discovery_complete);
14a53664
JH		 3445 if (err < 0)
3446 mgmt_pending_remove(cmd);
ff9ef578
JH		 3447 else
3448 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
14a53664 3449
30dc78e1 3450unlock:
09fd0de5 3451 hci_dev_unlock(hdev);
14a53664
JH		 3452 return err;
3453}
3454
bdb6d971 3455static int confirm_name(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3456 u16 len)
561aafbc 3457{
650f726d 3458 struct mgmt_cp_confirm_name *cp = data;
561aafbc 3459 struct inquiry_entry *e;
561aafbc
JH		 3460 int err;
3461
bdb6d971 3462 BT_DBG("%s", hdev->name);
561aafbc 3463
561aafbc
JH		 3464 hci_dev_lock(hdev);
3465
30dc78e1 3466 if (!hci_discovery_active(hdev)) {
bdb6d971 3467 err = cmd_status(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
04124681 3468 MGMT_STATUS_FAILED);
30dc78e1
JH		 3469 goto failed;
3470 }
3471
a198e7b1 3472 e = hci_inquiry_cache_lookup_unknown(hdev, &cp->addr.bdaddr);
561aafbc 3473 if (!e) {
bdb6d971 3474 err = cmd_status(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
04124681 3475 MGMT_STATUS_INVALID_PARAMS);
561aafbc
JH		 3476 goto failed;
3477 }
3478
3479 if (cp->name_known) {
3480 e->name_state = NAME_KNOWN;
3481 list_del(&e->list);
3482 } else {
3483 e->name_state = NAME_NEEDED;
a3d4e20a 3484 hci_inquiry_cache_update_resolve(hdev, e);
561aafbc
JH		 3485 }
3486
e384662b
JH		 3487 err = cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME, 0, &cp->addr,
3488 sizeof(cp->addr));
561aafbc
JH		 3489
3490failed:
3491 hci_dev_unlock(hdev);
561aafbc
JH		 3492 return err;
3493}
3494
bdb6d971 3495static int block_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3496 u16 len)
7fbec224 3497{
650f726d 3498 struct mgmt_cp_block_device *cp = data;
f0eeea8b 3499 u8 status;
7fbec224
AJ		 3500 int err;
3501
bdb6d971 3502 BT_DBG("%s", hdev->name);
7fbec224 3503
4ee71b20 3504 if (!bdaddr_type_is_valid(cp->addr.type))
5d0846d4
JH		 3505 return cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE,
3506 MGMT_STATUS_INVALID_PARAMS,
3507 &cp->addr, sizeof(cp->addr));
4ee71b20 3508
09fd0de5 3509 hci_dev_lock(hdev);
5e762444 3510
88c1fe4b 3511 err = hci_blacklist_add(hdev, &cp->addr.bdaddr, cp->addr.type);
7fbec224 3512 if (err < 0)
f0eeea8b 3513 status = MGMT_STATUS_FAILED;
7fbec224 3514 else
a6785be2 3515 status = MGMT_STATUS_SUCCESS;
f0eeea8b 3516
bdb6d971 3517 err = cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE, status,
04124681 3518 &cp->addr, sizeof(cp->addr));
5e762444 3519
09fd0de5 3520 hci_dev_unlock(hdev);
7fbec224
AJ		 3521
3522 return err;
3523}
3524
bdb6d971 3525static int unblock_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3526 u16 len)
7fbec224 3527{
650f726d 3528 struct mgmt_cp_unblock_device *cp = data;
f0eeea8b 3529 u8 status;
7fbec224
AJ		 3530 int err;
3531
bdb6d971 3532 BT_DBG("%s", hdev->name);
7fbec224 3533
4ee71b20 3534 if (!bdaddr_type_is_valid(cp->addr.type))
5d0846d4
JH		 3535 return cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE,
3536 MGMT_STATUS_INVALID_PARAMS,
3537 &cp->addr, sizeof(cp->addr));
4ee71b20 3538
09fd0de5 3539 hci_dev_lock(hdev);
5e762444 3540
88c1fe4b 3541 err = hci_blacklist_del(hdev, &cp->addr.bdaddr, cp->addr.type);
7fbec224 3542 if (err < 0)
f0eeea8b 3543 status = MGMT_STATUS_INVALID_PARAMS;
7fbec224 3544 else
a6785be2 3545 status = MGMT_STATUS_SUCCESS;
f0eeea8b 3546
bdb6d971 3547 err = cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE, status,
04124681 3548 &cp->addr, sizeof(cp->addr));
5e762444 3549
09fd0de5 3550 hci_dev_unlock(hdev);
7fbec224
AJ		 3551
3552 return err;
3553}
3554
cdbaccca
MH		 3555static int set_device_id(struct sock *sk, struct hci_dev *hdev, void *data,
3556 u16 len)
3557{
3558 struct mgmt_cp_set_device_id *cp = data;
890ea898 3559 struct hci_request req;
cdbaccca 3560 int err;
c72d4b8a 3561 __u16 source;
cdbaccca
MH		 3562
3563 BT_DBG("%s", hdev->name);
3564
c72d4b8a
SJ		 3565 source = __le16_to_cpu(cp->source);
3566
3567 if (source > 0x0002)
3568 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEVICE_ID,
3569 MGMT_STATUS_INVALID_PARAMS);
3570
cdbaccca
MH		 3571 hci_dev_lock(hdev);
3572
c72d4b8a 3573 hdev->devid_source = source;
cdbaccca
MH		 3574 hdev->devid_vendor = __le16_to_cpu(cp->vendor);
3575 hdev->devid_product = __le16_to_cpu(cp->product);
3576 hdev->devid_version = __le16_to_cpu(cp->version);
3577
3578 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEVICE_ID, 0, NULL, 0);
3579
890ea898
JH		 3580 hci_req_init(&req, hdev);
3581 update_eir(&req);
3582 hci_req_run(&req, NULL);
cdbaccca
MH		 3583
3584 hci_dev_unlock(hdev);
3585
3586 return err;
3587}
3588
4375f103
JH		 3589static void set_advertising_complete(struct hci_dev *hdev, u8 status)
3590{
3591 struct cmd_lookup match = { NULL, hdev };
3592
3593 if (status) {
3594 u8 mgmt_err = mgmt_status(status);
3595
3596 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev,
3597 cmd_status_rsp, &mgmt_err);
3598 return;
3599 }
3600
3601 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev, settings_rsp,
3602 &match);
3603
3604 new_settings(hdev, match.sk);
3605
3606 if (match.sk)
3607 sock_put(match.sk);
3608}
3609
21b5187f
MH		 3610static int set_advertising(struct sock *sk, struct hci_dev *hdev, void *data,
3611 u16 len)
4375f103
JH		 3612{
3613 struct mgmt_mode *cp = data;
3614 struct pending_cmd *cmd;
3615 struct hci_request req;
e6fe7986 3616 u8 val, enabled, status;
4375f103
JH		 3617 int err;
3618
3619 BT_DBG("request for %s", hdev->name);
3620
e6fe7986
JH		 3621 status = mgmt_le_support(hdev);
3622 if (status)
4375f103 3623 return cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
e6fe7986 3624 status);
4375f103
JH		 3625
3626 if (cp->val != 0x00 && cp->val != 0x01)
3627 return cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
3628 MGMT_STATUS_INVALID_PARAMS);
3629
3630 hci_dev_lock(hdev);
3631
3632 val = !!cp->val;
f3d3444a 3633 enabled = test_bit(HCI_ADVERTISING, &hdev->dev_flags);
4375f103 3634
f74ca9b8
JH		 3635 /* The following conditions are ones which mean that we should
3636 * not do any HCI communication but directly send a mgmt
3637 * response to user space (after toggling the flag if
3638 * necessary).
3639 */
3640 if (!hdev_is_powered(hdev) || val == enabled ||
b145edcd 3641 hci_conn_num(hdev, LE_LINK) > 0) {
4375f103
JH		 3642 bool changed = false;
3643
f3d3444a
JH		 3644 if (val != test_bit(HCI_ADVERTISING, &hdev->dev_flags)) {
3645 change_bit(HCI_ADVERTISING, &hdev->dev_flags);
4375f103
JH		 3646 changed = true;
3647 }
3648
3649 err = send_settings_rsp(sk, MGMT_OP_SET_ADVERTISING, hdev);
3650 if (err < 0)
3651 goto unlock;
3652
3653 if (changed)
3654 err = new_settings(hdev, sk);
3655
3656 goto unlock;
3657 }
3658
3659 if (mgmt_pending_find(MGMT_OP_SET_ADVERTISING, hdev) ||
3660 mgmt_pending_find(MGMT_OP_SET_LE, hdev)) {
3661 err = cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
3662 MGMT_STATUS_BUSY);
3663 goto unlock;
3664 }
3665
3666 cmd = mgmt_pending_add(sk, MGMT_OP_SET_ADVERTISING, hdev, data, len);
3667 if (!cmd) {
3668 err = -ENOMEM;
3669 goto unlock;
3670 }
3671
3672 hci_req_init(&req, hdev);
3673
bba3aa55
MH		 3674 if (val)
3675 enable_advertising(&req);
3676 else
3677 disable_advertising(&req);
4375f103
JH		 3678
3679 err = hci_req_run(&req, set_advertising_complete);
3680 if (err < 0)
3681 mgmt_pending_remove(cmd);
3682
3683unlock:
3684 hci_dev_unlock(hdev);
3685 return err;
3686}
3687
d13eafce
MH		 3688static int set_static_address(struct sock *sk, struct hci_dev *hdev,
3689 void *data, u16 len)
3690{
3691 struct mgmt_cp_set_static_address *cp = data;
3692 int err;
3693
3694 BT_DBG("%s", hdev->name);
3695
62af4443 3696 if (!lmp_le_capable(hdev))
d13eafce 3697 return cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
62af4443 3698 MGMT_STATUS_NOT_SUPPORTED);
d13eafce
MH		 3699
3700 if (hdev_is_powered(hdev))
3701 return cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
3702 MGMT_STATUS_REJECTED);
3703
3704 if (bacmp(&cp->bdaddr, BDADDR_ANY)) {
3705 if (!bacmp(&cp->bdaddr, BDADDR_NONE))
3706 return cmd_status(sk, hdev->id,
3707 MGMT_OP_SET_STATIC_ADDRESS,
3708 MGMT_STATUS_INVALID_PARAMS);
3709
3710 /* Two most significant bits shall be set */
3711 if ((cp->bdaddr.b[5] & 0xc0) != 0xc0)
3712 return cmd_status(sk, hdev->id,
3713 MGMT_OP_SET_STATIC_ADDRESS,
3714 MGMT_STATUS_INVALID_PARAMS);
3715 }
3716
3717 hci_dev_lock(hdev);
3718
3719 bacpy(&hdev->static_addr, &cp->bdaddr);
3720
3721 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS, 0, NULL, 0);
3722
3723 hci_dev_unlock(hdev);
3724
3725 return err;
3726}
3727
14b49b9a
MH		 3728static int set_scan_params(struct sock *sk, struct hci_dev *hdev,
3729 void *data, u16 len)
3730{
3731 struct mgmt_cp_set_scan_params *cp = data;
3732 __u16 interval, window;
3733 int err;
3734
3735 BT_DBG("%s", hdev->name);
3736
3737 if (!lmp_le_capable(hdev))
3738 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
3739 MGMT_STATUS_NOT_SUPPORTED);
3740
3741 interval = __le16_to_cpu(cp->interval);
3742
3743 if (interval < 0x0004 || interval > 0x4000)
3744 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
3745 MGMT_STATUS_INVALID_PARAMS);
3746
3747 window = __le16_to_cpu(cp->window);
3748
3749 if (window < 0x0004 || window > 0x4000)
3750 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
3751 MGMT_STATUS_INVALID_PARAMS);
3752
899e1075
MH		 3753 if (window > interval)
3754 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
3755 MGMT_STATUS_INVALID_PARAMS);
3756
14b49b9a
MH		 3757 hci_dev_lock(hdev);
3758
3759 hdev->le_scan_interval = interval;
3760 hdev->le_scan_window = window;
3761
3762 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS, 0, NULL, 0);
3763
3764 hci_dev_unlock(hdev);
3765
3766 return err;
3767}
3768
33e38b3e
JH		 3769static void fast_connectable_complete(struct hci_dev *hdev, u8 status)
3770{
3771 struct pending_cmd *cmd;
3772
3773 BT_DBG("status 0x%02x", status);
3774
3775 hci_dev_lock(hdev);
3776
3777 cmd = mgmt_pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev);
3778 if (!cmd)
3779 goto unlock;
3780
3781 if (status) {
3782 cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
3783 mgmt_status(status));
3784 } else {
1a4d3c4b
JH		 3785 struct mgmt_mode *cp = cmd->param;
3786
3787 if (cp->val)
3788 set_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
3789 else
3790 clear_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
3791
33e38b3e
JH		 3792 send_settings_rsp(cmd->sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev);
3793 new_settings(hdev, cmd->sk);
3794 }
3795
3796 mgmt_pending_remove(cmd);
3797
3798unlock:
3799 hci_dev_unlock(hdev);
3800}
3801
bdb6d971 3802static int set_fast_connectable(struct sock *sk, struct hci_dev *hdev,
04124681 3803 void *data, u16 len)
f6422ec6 3804{
650f726d 3805 struct mgmt_mode *cp = data;
33e38b3e
JH		 3806 struct pending_cmd *cmd;
3807 struct hci_request req;
f6422ec6
AJ		 3808 int err;
3809
bdb6d971 3810 BT_DBG("%s", hdev->name);
f6422ec6 3811
56f87901
JH		 3812 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags) ||
3813 hdev->hci_ver < BLUETOOTH_VER_1_2)
33c525c0
JH		 3814 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
3815 MGMT_STATUS_NOT_SUPPORTED);
3816
a7e80f25
JH		 3817 if (cp->val != 0x00 && cp->val != 0x01)
3818 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
3819 MGMT_STATUS_INVALID_PARAMS);
3820
5400c044 3821 if (!hdev_is_powered(hdev))
bdb6d971 3822 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
04124681 3823 MGMT_STATUS_NOT_POWERED);
5400c044
JH		 3824
3825 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
bdb6d971 3826 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
04124681 3827 MGMT_STATUS_REJECTED);
f6422ec6
AJ		 3828
3829 hci_dev_lock(hdev);
3830
05cbf29f
JH		 3831 if (mgmt_pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev)) {
3832 err = cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
3833 MGMT_STATUS_BUSY);
3834 goto unlock;
3835 }
3836
1a4d3c4b
JH		 3837 if (!!cp->val == test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags)) {
3838 err = send_settings_rsp(sk, MGMT_OP_SET_FAST_CONNECTABLE,
3839 hdev);
3840 goto unlock;
3841 }
3842
33e38b3e
JH		 3843 cmd = mgmt_pending_add(sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev,
3844 data, len);
3845 if (!cmd) {
3846 err = -ENOMEM;
3847 goto unlock;
f6422ec6
AJ		 3848 }
3849
33e38b3e
JH		 3850 hci_req_init(&req, hdev);
3851
406d7804 3852 write_fast_connectable(&req, cp->val);
33e38b3e
JH		 3853
3854 err = hci_req_run(&req, fast_connectable_complete);
f6422ec6 3855 if (err < 0) {
bdb6d971 3856 err = cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
04124681 3857 MGMT_STATUS_FAILED);
33e38b3e 3858 mgmt_pending_remove(cmd);
f6422ec6
AJ		 3859 }
3860
33e38b3e 3861unlock:
f6422ec6 3862 hci_dev_unlock(hdev);
33e38b3e 3863
f6422ec6
AJ		 3864 return err;
3865}
3866
67e5a7a3
JH		 3867static void set_bredr_scan(struct hci_request *req)
3868{
3869 struct hci_dev *hdev = req->hdev;
3870 u8 scan = 0;
3871
3872 /* Ensure that fast connectable is disabled. This function will
3873 * not do anything if the page scan parameters are already what
3874 * they should be.
3875 */
3876 write_fast_connectable(req, false);
3877
3878 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
3879 scan |= SCAN_PAGE;
3880 if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
3881 scan |= SCAN_INQUIRY;
3882
3883 if (scan)
3884 hci_req_add(req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
3885}
3886
0663ca2a
JH		 3887static void set_bredr_complete(struct hci_dev *hdev, u8 status)
3888{
3889 struct pending_cmd *cmd;
3890
3891 BT_DBG("status 0x%02x", status);
3892
3893 hci_dev_lock(hdev);
3894
3895 cmd = mgmt_pending_find(MGMT_OP_SET_BREDR, hdev);
3896 if (!cmd)
3897 goto unlock;
3898
3899 if (status) {
3900 u8 mgmt_err = mgmt_status(status);
3901
3902 /* We need to restore the flag if related HCI commands
3903 * failed.
3904 */
3905 clear_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
3906
3907 cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
3908 } else {
3909 send_settings_rsp(cmd->sk, MGMT_OP_SET_BREDR, hdev);
3910 new_settings(hdev, cmd->sk);
3911 }
3912
3913 mgmt_pending_remove(cmd);
3914
3915unlock:
3916 hci_dev_unlock(hdev);
3917}
3918
3919static int set_bredr(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
3920{
3921 struct mgmt_mode *cp = data;
3922 struct pending_cmd *cmd;
3923 struct hci_request req;
3924 int err;
3925
3926 BT_DBG("request for %s", hdev->name);
3927
3928 if (!lmp_bredr_capable(hdev) || !lmp_le_capable(hdev))
3929 return cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
3930 MGMT_STATUS_NOT_SUPPORTED);
3931
3932 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
3933 return cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
3934 MGMT_STATUS_REJECTED);
3935
3936 if (cp->val != 0x00 && cp->val != 0x01)
3937 return cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
3938 MGMT_STATUS_INVALID_PARAMS);
3939
3940 hci_dev_lock(hdev);
3941
3942 if (cp->val == test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
3943 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
3944 goto unlock;
3945 }
3946
3947 if (!hdev_is_powered(hdev)) {
3948 if (!cp->val) {
0663ca2a
JH		 3949 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
3950 clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
3951 clear_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
3952 clear_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
3953 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
3954 }
3955
3956 change_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
3957
3958 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
3959 if (err < 0)
3960 goto unlock;
3961
3962 err = new_settings(hdev, sk);
3963 goto unlock;
3964 }
3965
3966 /* Reject disabling when powered on */
3967 if (!cp->val) {
3968 err = cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
3969 MGMT_STATUS_REJECTED);
3970 goto unlock;
3971 }
3972
3973 if (mgmt_pending_find(MGMT_OP_SET_BREDR, hdev)) {
3974 err = cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
3975 MGMT_STATUS_BUSY);
3976 goto unlock;
3977 }
3978
3979 cmd = mgmt_pending_add(sk, MGMT_OP_SET_BREDR, hdev, data, len);
3980 if (!cmd) {
3981 err = -ENOMEM;
3982 goto unlock;
3983 }
3984
5947f4bc 3985 /* We need to flip the bit already here so that update_adv_data
0663ca2a
JH		 3986 * generates the correct flags.
3987 */
3988 set_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
3989
3990 hci_req_init(&req, hdev);
aa8af46e
JH		 3991
3992 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
3993 set_bredr_scan(&req);
3994
f14d8f64
MH		 3995 /* Since only the advertising data flags will change, there
3996 * is no need to update the scan response data.
3997 */
5947f4bc 3998 update_adv_data(&req);
aa8af46e 3999
0663ca2a
JH		 4000 err = hci_req_run(&req, set_bredr_complete);
4001 if (err < 0)
4002 mgmt_pending_remove(cmd);
4003
4004unlock:
4005 hci_dev_unlock(hdev);
4006 return err;
4007}
4008
eac83dc6
MH		 4009static int set_secure_conn(struct sock *sk, struct hci_dev *hdev,
4010 void *data, u16 len)
4011{
4012 struct mgmt_mode *cp = data;
4013 struct pending_cmd *cmd;
4014 u8 status;
4015 int err;
4016
4017 BT_DBG("request for %s", hdev->name);
4018
4019 status = mgmt_bredr_support(hdev);
4020 if (status)
4021 return cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4022 status);
4023
4024 if (!lmp_sc_capable(hdev))
4025 return cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4026 MGMT_STATUS_NOT_SUPPORTED);
4027
4028 if (cp->val != 0x00 && cp->val != 0x01)
4029 return cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4030 MGMT_STATUS_INVALID_PARAMS);
4031
4032 hci_dev_lock(hdev);
4033
4034 if (!hdev_is_powered(hdev)) {
4035 bool changed;
4036
4037 if (cp->val)
4038 changed = !test_and_set_bit(HCI_SC_ENABLED,
4039 &hdev->dev_flags);
4040 else
4041 changed = test_and_clear_bit(HCI_SC_ENABLED,
4042 &hdev->dev_flags);
4043
4044 err = send_settings_rsp(sk, MGMT_OP_SET_SECURE_CONN, hdev);
4045 if (err < 0)
4046 goto failed;
4047
4048 if (changed)
4049 err = new_settings(hdev, sk);
4050
4051 goto failed;
4052 }
4053
4054 if (mgmt_pending_find(MGMT_OP_SET_SECURE_CONN, hdev)) {
4055 err = cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4056 MGMT_STATUS_BUSY);
4057 goto failed;
4058 }
4059
4060 if (!!cp->val == test_bit(HCI_SC_ENABLED, &hdev->dev_flags)) {
4061 err = send_settings_rsp(sk, MGMT_OP_SET_SECURE_CONN, hdev);
4062 goto failed;
4063 }
4064
4065 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SECURE_CONN, hdev, data, len);
4066 if (!cmd) {
4067 err = -ENOMEM;
4068 goto failed;
4069 }
4070
4071 err = hci_send_cmd(hdev, HCI_OP_WRITE_SC_SUPPORT, 1, &cp->val);
4072 if (err < 0) {
4073 mgmt_pending_remove(cmd);
4074 goto failed;
4075 }
4076
4077failed:
4078 hci_dev_unlock(hdev);
4079 return err;
4080}
4081
3f706b72
JH		 4082static bool ltk_is_valid(struct mgmt_ltk_info *key)
4083{
44b20d33
JH		 4084 if (key->authenticated != 0x00 && key->authenticated != 0x01)
4085 return false;
3f706b72
JH		 4086 if (key->master != 0x00 && key->master != 0x01)
4087 return false;
4ee71b20
JH		 4088 if (!bdaddr_type_is_le(key->addr.type))
4089 return false;
3f706b72
JH		 4090 return true;
4091}
4092
bdb6d971 4093static int load_long_term_keys(struct sock *sk, struct hci_dev *hdev,
04124681 4094 void *cp_data, u16 len)
346af67b 4095{
346af67b
VCG		 4096 struct mgmt_cp_load_long_term_keys *cp = cp_data;
4097 u16 key_count, expected_len;
715a5bf2 4098 int i, err;
346af67b 4099
cf99ba13
MH		 4100 BT_DBG("request for %s", hdev->name);
4101
4102 if (!lmp_le_capable(hdev))
4103 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
4104 MGMT_STATUS_NOT_SUPPORTED);
4105
1f350c87 4106 key_count = __le16_to_cpu(cp->key_count);
346af67b
VCG		 4107
4108 expected_len = sizeof(*cp) + key_count *
4109 sizeof(struct mgmt_ltk_info);
4110 if (expected_len != len) {
4111 BT_ERR("load_keys: expected %u bytes, got %u bytes",
8ce8e2b5 4112 len, expected_len);
bdb6d971 4113 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
e57e619f 4114 MGMT_STATUS_INVALID_PARAMS);
346af67b
VCG		 4115 }
4116
bdb6d971 4117 BT_DBG("%s key_count %u", hdev->name, key_count);
346af67b 4118
54ad6d8a
JH		 4119 for (i = 0; i < key_count; i++) {
4120 struct mgmt_ltk_info *key = &cp->keys[i];
4121
3f706b72 4122 if (!ltk_is_valid(key))
54ad6d8a
JH		 4123 return cmd_status(sk, hdev->id,
4124 MGMT_OP_LOAD_LONG_TERM_KEYS,
4125 MGMT_STATUS_INVALID_PARAMS);
4126 }
4127
346af67b
VCG		 4128 hci_dev_lock(hdev);
4129
4130 hci_smp_ltks_clear(hdev);
4131
4132 for (i = 0; i < key_count; i++) {
4133 struct mgmt_ltk_info *key = &cp->keys[i];
79d95a19
MH		 4134 u8 type, addr_type;
4135
4136 if (key->addr.type == BDADDR_LE_PUBLIC)
4137 addr_type = ADDR_LE_DEV_PUBLIC;
4138 else
4139 addr_type = ADDR_LE_DEV_RANDOM;
346af67b
VCG		 4140
4141 if (key->master)
4142 type = HCI_SMP_LTK;
4143 else
4144 type = HCI_SMP_LTK_SLAVE;
4145
79d95a19 4146 hci_add_ltk(hdev, &key->addr.bdaddr, addr_type,
04124681
GP		 4147 type, 0, key->authenticated, key->val,
4148 key->enc_size, key->ediv, key->rand);
346af67b
VCG		 4149 }
4150
715a5bf2
JH		 4151 err = cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS, 0,
4152 NULL, 0);
4153
346af67b 4154 hci_dev_unlock(hdev);
346af67b 4155
715a5bf2 4156 return err;
346af67b
VCG		 4157}
4158
2e3c35ea 4159static const struct mgmt_handler {
04124681
GP		 4160 int (*func) (struct sock *sk, struct hci_dev *hdev, void *data,
4161 u16 data_len);
be22b54e
JH		 4162 bool var_len;
4163 size_t data_len;
0f4e68cf
JH		 4164} mgmt_handlers[] = {
4165 { NULL }, /* 0x0000 (no command) */
be22b54e
JH		 4166 { read_version, false, MGMT_READ_VERSION_SIZE },
4167 { read_commands, false, MGMT_READ_COMMANDS_SIZE },
4168 { read_index_list, false, MGMT_READ_INDEX_LIST_SIZE },
4169 { read_controller_info, false, MGMT_READ_INFO_SIZE },
4170 { set_powered, false, MGMT_SETTING_SIZE },
4171 { set_discoverable, false, MGMT_SET_DISCOVERABLE_SIZE },
4172 { set_connectable, false, MGMT_SETTING_SIZE },
4173 { set_fast_connectable, false, MGMT_SETTING_SIZE },
4174 { set_pairable, false, MGMT_SETTING_SIZE },
4175 { set_link_security, false, MGMT_SETTING_SIZE },
4176 { set_ssp, false, MGMT_SETTING_SIZE },
4177 { set_hs, false, MGMT_SETTING_SIZE },
4178 { set_le, false, MGMT_SETTING_SIZE },
4179 { set_dev_class, false, MGMT_SET_DEV_CLASS_SIZE },
4180 { set_local_name, false, MGMT_SET_LOCAL_NAME_SIZE },
4181 { add_uuid, false, MGMT_ADD_UUID_SIZE },
4182 { remove_uuid, false, MGMT_REMOVE_UUID_SIZE },
4183 { load_link_keys, true, MGMT_LOAD_LINK_KEYS_SIZE },
4184 { load_long_term_keys, true, MGMT_LOAD_LONG_TERM_KEYS_SIZE },
4185 { disconnect, false, MGMT_DISCONNECT_SIZE },
4186 { get_connections, false, MGMT_GET_CONNECTIONS_SIZE },
4187 { pin_code_reply, false, MGMT_PIN_CODE_REPLY_SIZE },
4188 { pin_code_neg_reply, false, MGMT_PIN_CODE_NEG_REPLY_SIZE },
4189 { set_io_capability, false, MGMT_SET_IO_CAPABILITY_SIZE },
4190 { pair_device, false, MGMT_PAIR_DEVICE_SIZE },
4191 { cancel_pair_device, false, MGMT_CANCEL_PAIR_DEVICE_SIZE },
4192 { unpair_device, false, MGMT_UNPAIR_DEVICE_SIZE },
4193 { user_confirm_reply, false, MGMT_USER_CONFIRM_REPLY_SIZE },
4194 { user_confirm_neg_reply, false, MGMT_USER_CONFIRM_NEG_REPLY_SIZE },
4195 { user_passkey_reply, false, MGMT_USER_PASSKEY_REPLY_SIZE },
4196 { user_passkey_neg_reply, false, MGMT_USER_PASSKEY_NEG_REPLY_SIZE },
4197 { read_local_oob_data, false, MGMT_READ_LOCAL_OOB_DATA_SIZE },
4198 { add_remote_oob_data, false, MGMT_ADD_REMOTE_OOB_DATA_SIZE },
4199 { remove_remote_oob_data, false, MGMT_REMOVE_REMOTE_OOB_DATA_SIZE },
4200 { start_discovery, false, MGMT_START_DISCOVERY_SIZE },
4201 { stop_discovery, false, MGMT_STOP_DISCOVERY_SIZE },
4202 { confirm_name, false, MGMT_CONFIRM_NAME_SIZE },
4203 { block_device, false, MGMT_BLOCK_DEVICE_SIZE },
4204 { unblock_device, false, MGMT_UNBLOCK_DEVICE_SIZE },
cdbaccca 4205 { set_device_id, false, MGMT_SET_DEVICE_ID_SIZE },
4375f103 4206 { set_advertising, false, MGMT_SETTING_SIZE },
0663ca2a 4207 { set_bredr, false, MGMT_SETTING_SIZE },
d13eafce 4208 { set_static_address, false, MGMT_SET_STATIC_ADDRESS_SIZE },
14b49b9a 4209 { set_scan_params, false, MGMT_SET_SCAN_PARAMS_SIZE },
eac83dc6 4210 { set_secure_conn, false, MGMT_SETTING_SIZE },
0f4e68cf
JH		 4211};
4212
4213
0381101f
JH		 4214int mgmt_control(struct sock *sk, struct msghdr *msg, size_t msglen)
4215{
650f726d
VCG		 4216 void *buf;
4217 u8 *cp;
0381101f 4218 struct mgmt_hdr *hdr;
4e51eae9 4219 u16 opcode, index, len;
bdb6d971 4220 struct hci_dev *hdev = NULL;
2e3c35ea 4221 const struct mgmt_handler *handler;
0381101f
JH		 4222 int err;
4223
4224 BT_DBG("got %zu bytes", msglen);
4225
4226 if (msglen < sizeof(*hdr))
4227 return -EINVAL;
4228
e63a15ec 4229 buf = kmalloc(msglen, GFP_KERNEL);
0381101f
JH		 4230 if (!buf)
4231 return -ENOMEM;
4232
4233 if (memcpy_fromiovec(buf, msg->msg_iov, msglen)) {
4234 err = -EFAULT;
4235 goto done;
4236 }
4237
650f726d 4238 hdr = buf;
1f350c87
MH		 4239 opcode = __le16_to_cpu(hdr->opcode);
4240 index = __le16_to_cpu(hdr->index);
4241 len = __le16_to_cpu(hdr->len);
0381101f
JH		 4242
4243 if (len != msglen - sizeof(*hdr)) {
4244 err = -EINVAL;
4245 goto done;
4246 }
4247
0f4e68cf 4248 if (index != MGMT_INDEX_NONE) {
bdb6d971
JH		 4249 hdev = hci_dev_get(index);
4250 if (!hdev) {
4251 err = cmd_status(sk, index, opcode,
04124681 4252 MGMT_STATUS_INVALID_INDEX);
bdb6d971
JH		 4253 goto done;
4254 }
0736cfa8 4255
cebf4cfd
JH		 4256 if (test_bit(HCI_SETUP, &hdev->dev_flags) ||
4257 test_bit(HCI_USER_CHANNEL, &hdev->dev_flags)) {
0736cfa8
MH		 4258 err = cmd_status(sk, index, opcode,
4259 MGMT_STATUS_INVALID_INDEX);
4260 goto done;
4261 }
bdb6d971
JH		 4262 }
4263
0f4e68cf 4264 if (opcode >= ARRAY_SIZE(mgmt_handlers) ||
8ce8e2b5 4265 mgmt_handlers[opcode].func == NULL) {
0381101f 4266 BT_DBG("Unknown op %u", opcode);
ca69b795 4267 err = cmd_status(sk, index, opcode,
04124681 4268 MGMT_STATUS_UNKNOWN_COMMAND);
0f4e68cf
JH		 4269 goto done;
4270 }
4271
4272 if ((hdev && opcode < MGMT_OP_READ_INFO) ||
8ce8e2b5 4273 (!hdev && opcode >= MGMT_OP_READ_INFO)) {
0f4e68cf 4274 err = cmd_status(sk, index, opcode,
04124681 4275 MGMT_STATUS_INVALID_INDEX);
0f4e68cf 4276 goto done;
0381101f
JH		 4277 }
4278
be22b54e
JH		 4279 handler = &mgmt_handlers[opcode];
4280
4281 if ((handler->var_len && len < handler->data_len) ||
8ce8e2b5 4282 (!handler->var_len && len != handler->data_len)) {
be22b54e 4283 err = cmd_status(sk, index, opcode,
04124681 4284 MGMT_STATUS_INVALID_PARAMS);
be22b54e
JH		 4285 goto done;
4286 }
4287
0f4e68cf
JH		 4288 if (hdev)
4289 mgmt_init_hdev(sk, hdev);
4290
4291 cp = buf + sizeof(*hdr);
4292
be22b54e 4293 err = handler->func(sk, hdev, cp, len);
e41d8b4e
JH		 4294 if (err < 0)
4295 goto done;
4296
0381101f
JH		 4297 err = msglen;
4298
4299done:
bdb6d971
JH		 4300 if (hdev)
4301 hci_dev_put(hdev);
4302
0381101f
JH		 4303 kfree(buf);
4304 return err;
4305}
c71e97bf 4306
bf6b56db 4307void mgmt_index_added(struct hci_dev *hdev)
c71e97bf 4308{
1514b892 4309 if (hdev->dev_type != HCI_BREDR)
bf6b56db 4310 return;
bb4b2a9a 4311
bf6b56db 4312 mgmt_event(MGMT_EV_INDEX_ADDED, hdev, NULL, 0, NULL);
c71e97bf
JH		 4313}
4314
bf6b56db 4315void mgmt_index_removed(struct hci_dev *hdev)
c71e97bf 4316{
5f159032 4317 u8 status = MGMT_STATUS_INVALID_INDEX;
b24752fe 4318
1514b892 4319 if (hdev->dev_type != HCI_BREDR)
bf6b56db 4320 return;
bb4b2a9a 4321
744cf19e 4322 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status);
b24752fe 4323
bf6b56db 4324 mgmt_event(MGMT_EV_INDEX_REMOVED, hdev, NULL, 0, NULL);
eec8d2bc
JH		 4325}
4326
229ab39c
JH		 4327static void powered_complete(struct hci_dev *hdev, u8 status)
4328{
4329 struct cmd_lookup match = { NULL, hdev };
4330
4331 BT_DBG("status 0x%02x", status);
4332
4333 hci_dev_lock(hdev);
4334
4335 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
4336
4337 new_settings(hdev, match.sk);
4338
4339 hci_dev_unlock(hdev);
4340
4341 if (match.sk)
4342 sock_put(match.sk);
4343}
4344
70da6243 4345static int powered_update_hci(struct hci_dev *hdev)
5add6af8 4346{
890ea898 4347 struct hci_request req;
70da6243 4348 u8 link_sec;
5add6af8 4349
890ea898
JH		 4350 hci_req_init(&req, hdev);
4351
70da6243
JH		 4352 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags) &&
4353 !lmp_host_ssp_capable(hdev)) {
4354 u8 ssp = 1;
5e5282bb 4355
890ea898 4356 hci_req_add(&req, HCI_OP_WRITE_SSP_MODE, 1, &ssp);
70da6243 4357 }
5add6af8 4358
c73eee91
JH		 4359 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags) &&
4360 lmp_bredr_capable(hdev)) {
70da6243 4361 struct hci_cp_write_le_host_supported cp;
f0ff92fb 4362
70da6243
JH		 4363 cp.le = 1;
4364 cp.simul = lmp_le_br_capable(hdev);
3d1cbdd6 4365
70da6243
JH		 4366 /* Check first if we already have the right
4367 * host state (host features set)
4368 */
4369 if (cp.le != lmp_host_le_capable(hdev) ||
4370 cp.simul != lmp_host_le_br_capable(hdev))
890ea898
JH		 4371 hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED,
4372 sizeof(cp), &cp);
70da6243 4373 }
3d1cbdd6 4374
d13eafce
MH		 4375 if (lmp_le_capable(hdev)) {
4376 /* Set random address to static address if configured */
4377 if (bacmp(&hdev->static_addr, BDADDR_ANY))
4378 hci_req_add(&req, HCI_OP_LE_SET_RANDOM_ADDR, 6,
4379 &hdev->static_addr);
eeca6f89 4380
441ad2d0
MH		 4381 /* Make sure the controller has a good default for
4382 * advertising data. This also applies to the case
4383 * where BR/EDR was toggled during the AUTO_OFF phase.
4384 */
f14d8f64 4385 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
5947f4bc 4386 update_adv_data(&req);
f14d8f64
MH		 4387 update_scan_rsp_data(&req);
4388 }
441ad2d0 4389
bba3aa55
MH		 4390 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags))
4391 enable_advertising(&req);
eeca6f89
JH		 4392 }
4393
70da6243
JH		 4394 link_sec = test_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
4395 if (link_sec != test_bit(HCI_AUTH, &hdev->flags))
890ea898
JH		 4396 hci_req_add(&req, HCI_OP_WRITE_AUTH_ENABLE,
4397 sizeof(link_sec), &link_sec);
562fcc24 4398
70da6243 4399 if (lmp_bredr_capable(hdev)) {
56f87901
JH		 4400 if (test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
4401 set_bredr_scan(&req);
890ea898 4402 update_class(&req);
13928971 4403 update_name(&req);
890ea898 4404 update_eir(&req);
70da6243 4405 }
562fcc24 4406
229ab39c 4407 return hci_req_run(&req, powered_complete);
70da6243 4408}
562fcc24 4409
70da6243
JH		 4410int mgmt_powered(struct hci_dev *hdev, u8 powered)
4411{
4412 struct cmd_lookup match = { NULL, hdev };
229ab39c
JH		 4413 u8 status_not_powered = MGMT_STATUS_NOT_POWERED;
4414 u8 zero_cod[] = { 0, 0, 0 };
70da6243 4415 int err;
f0ff92fb 4416
70da6243
JH		 4417 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
4418 return 0;
4419
70da6243 4420 if (powered) {
229ab39c
JH		 4421 if (powered_update_hci(hdev) == 0)
4422 return 0;
fe038884 4423
229ab39c
JH		 4424 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp,
4425 &match);
4426 goto new_settings;
b24752fe
JH		 4427 }
4428
229ab39c
JH		 4429 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
4430 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status_not_powered);
4431
4432 if (memcmp(hdev->dev_class, zero_cod, sizeof(zero_cod)) != 0)
4433 mgmt_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev,
4434 zero_cod, sizeof(zero_cod), NULL);
4435
4436new_settings:
beadb2bd 4437 err = new_settings(hdev, match.sk);
eec8d2bc
JH		 4438
4439 if (match.sk)
4440 sock_put(match.sk);
4441
7bb895d6 4442 return err;
5add6af8 4443}
73f22f62 4444
3eec705e 4445void mgmt_set_powered_failed(struct hci_dev *hdev, int err)
96570ffc
JH		 4446{
4447 struct pending_cmd *cmd;
4448 u8 status;
4449
4450 cmd = mgmt_pending_find(MGMT_OP_SET_POWERED, hdev);
4451 if (!cmd)
3eec705e 4452 return;
96570ffc
JH		 4453
4454 if (err == -ERFKILL)
4455 status = MGMT_STATUS_RFKILLED;
4456 else
4457 status = MGMT_STATUS_FAILED;
4458
3eec705e 4459 cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_POWERED, status);
96570ffc
JH		 4460
4461 mgmt_pending_remove(cmd);
96570ffc
JH		 4462}
4463
d1967ff8
MH		 4464void mgmt_discoverable_timeout(struct hci_dev *hdev)
4465{
4466 struct hci_request req;
d1967ff8
MH		 4467
4468 hci_dev_lock(hdev);
4469
4470 /* When discoverable timeout triggers, then just make sure
4471 * the limited discoverable flag is cleared. Even in the case
4472 * of a timeout triggered from general discoverable, it is
4473 * safe to unconditionally clear the flag.
4474 */
4475 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
9a43e25f 4476 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
d1967ff8
MH		 4477
4478 hci_req_init(&req, hdev);
4b580614
JH		 4479 if (test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
4480 u8 scan = SCAN_PAGE;
4481 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE,
4482 sizeof(scan), &scan);
4483 }
d1967ff8 4484 update_class(&req);
9a43e25f 4485 update_adv_data(&req);
d1967ff8
MH		 4486 hci_req_run(&req, NULL);
4487
4488 hdev->discov_timeout = 0;
4489
9a43e25f
JH		 4490 new_settings(hdev, NULL);
4491
d1967ff8
MH		 4492 hci_dev_unlock(hdev);
4493}
4494
86a75645 4495void mgmt_discoverable(struct hci_dev *hdev, u8 discoverable)
73f22f62 4496{
86a75645 4497 bool changed;
73f22f62 4498
bfaf8c9f
JH		 4499 /* Nothing needed here if there's a pending command since that
4500 * commands request completion callback takes care of everything
4501 * necessary.
4502 */
4503 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev))
86a75645 4504 return;
bfaf8c9f 4505
9a43e25f 4506 if (discoverable) {
86a75645 4507 changed = !test_and_set_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
9a43e25f
JH		 4508 } else {
4509 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
86a75645 4510 changed = test_and_clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
9a43e25f
JH		 4511 }
4512
4513 if (changed) {
4514 struct hci_request req;
4515
4516 /* In case this change in discoverable was triggered by
4517 * a disabling of connectable there could be a need to
4518 * update the advertising flags.
4519 */
4520 hci_req_init(&req, hdev);
4521 update_adv_data(&req);
4522 hci_req_run(&req, NULL);
73f22f62 4523
86a75645 4524 new_settings(hdev, NULL);
9a43e25f 4525 }
73f22f62 4526}
9fbcbb45 4527
a330916c 4528void mgmt_connectable(struct hci_dev *hdev, u8 connectable)
9fbcbb45 4529{
a330916c 4530 bool changed;
9fbcbb45 4531
d7b856f9
JH		 4532 /* Nothing needed here if there's a pending command since that
4533 * commands request completion callback takes care of everything
4534 * necessary.
4535 */
4536 if (mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev))
a330916c 4537 return;
d7b856f9 4538
a330916c
MH		 4539 if (connectable)
4540 changed = !test_and_set_bit(HCI_CONNECTABLE, &hdev->dev_flags);
4541 else
4542 changed = test_and_clear_bit(HCI_CONNECTABLE, &hdev->dev_flags);
9fbcbb45 4543
beadb2bd 4544 if (changed)
a330916c 4545 new_settings(hdev, NULL);
9fbcbb45 4546}
55ed8ca1 4547
4796e8af 4548void mgmt_write_scan_failed(struct hci_dev *hdev, u8 scan, u8 status)
2d7cee58 4549{
ca69b795
JH		 4550 u8 mgmt_err = mgmt_status(status);
4551
2d7cee58 4552 if (scan & SCAN_PAGE)
744cf19e 4553 mgmt_pending_foreach(MGMT_OP_SET_CONNECTABLE, hdev,
04124681 4554 cmd_status_rsp, &mgmt_err);
2d7cee58
JH		 4555
4556 if (scan & SCAN_INQUIRY)
744cf19e 4557 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, hdev,
04124681 4558 cmd_status_rsp, &mgmt_err);
2d7cee58
JH		 4559}
4560
dc4a5ee2
MH		 4561void mgmt_new_link_key(struct hci_dev *hdev, struct link_key *key,
4562 bool persistent)
55ed8ca1 4563{
86742e1e 4564 struct mgmt_ev_new_link_key ev;
55ed8ca1 4565
a492cd52 4566 memset(&ev, 0, sizeof(ev));
55ed8ca1 4567
a492cd52 4568 ev.store_hint = persistent;
d753fdc4 4569 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
591f47f3 4570 ev.key.addr.type = BDADDR_BREDR;
a492cd52 4571 ev.key.type = key->type;
9b3b4460 4572 memcpy(ev.key.val, key->val, HCI_LINK_KEY_SIZE);
a492cd52 4573 ev.key.pin_len = key->pin_len;
55ed8ca1 4574
dc4a5ee2 4575 mgmt_event(MGMT_EV_NEW_LINK_KEY, hdev, &ev, sizeof(ev), NULL);
55ed8ca1 4576}
f7520543 4577
083368f7 4578void mgmt_new_ltk(struct hci_dev *hdev, struct smp_ltk *key, u8 persistent)
346af67b
VCG		 4579{
4580 struct mgmt_ev_new_long_term_key ev;
4581
4582 memset(&ev, 0, sizeof(ev));
4583
4584 ev.store_hint = persistent;
4585 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
57c1477c 4586 ev.key.addr.type = link_to_bdaddr(LE_LINK, key->bdaddr_type);
346af67b
VCG		 4587 ev.key.authenticated = key->authenticated;
4588 ev.key.enc_size = key->enc_size;
4589 ev.key.ediv = key->ediv;
4590
4591 if (key->type == HCI_SMP_LTK)
4592 ev.key.master = 1;
4593
4594 memcpy(ev.key.rand, key->rand, sizeof(key->rand));
4595 memcpy(ev.key.val, key->val, sizeof(key->val));
4596
083368f7 4597 mgmt_event(MGMT_EV_NEW_LONG_TERM_KEY, hdev, &ev, sizeof(ev), NULL);
346af67b
VCG		 4598}
4599
94933991
MH		 4600static inline u16 eir_append_data(u8 *eir, u16 eir_len, u8 type, u8 *data,
4601 u8 data_len)
4602{
4603 eir[eir_len++] = sizeof(type) + data_len;
4604 eir[eir_len++] = type;
4605 memcpy(&eir[eir_len], data, data_len);
4606 eir_len += data_len;
4607
4608 return eir_len;
4609}
4610
ecd90ae7
MH		 4611void mgmt_device_connected(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
4612 u8 addr_type, u32 flags, u8 *name, u8 name_len,
4613 u8 *dev_class)
f7520543 4614{
b644ba33
JH		 4615 char buf[512];
4616 struct mgmt_ev_device_connected *ev = (void *) buf;
4617 u16 eir_len = 0;
f7520543 4618
b644ba33 4619 bacpy(&ev->addr.bdaddr, bdaddr);
57c1477c 4620 ev->addr.type = link_to_bdaddr(link_type, addr_type);
f7520543 4621
c95f0ba7 4622 ev->flags = __cpu_to_le32(flags);
08c79b61 4623
b644ba33
JH		 4624 if (name_len > 0)
4625 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE,
04124681 4626 name, name_len);
b644ba33
JH		 4627
4628 if (dev_class && memcmp(dev_class, "\0\0\0", 3) != 0)
53156385 4629 eir_len = eir_append_data(ev->eir, eir_len,
04124681 4630 EIR_CLASS_OF_DEV, dev_class, 3);
b644ba33 4631
eb55ef07 4632 ev->eir_len = cpu_to_le16(eir_len);
b644ba33 4633
ecd90ae7
MH		 4634 mgmt_event(MGMT_EV_DEVICE_CONNECTED, hdev, buf,
4635 sizeof(*ev) + eir_len, NULL);
f7520543
JH		 4636}
4637
8962ee74
JH		 4638static void disconnect_rsp(struct pending_cmd *cmd, void *data)
4639{
c68fb7ff 4640 struct mgmt_cp_disconnect *cp = cmd->param;
8962ee74 4641 struct sock **sk = data;
a38528f1 4642 struct mgmt_rp_disconnect rp;
8962ee74 4643
88c3df13
JH		 4644 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
4645 rp.addr.type = cp->addr.type;
8962ee74 4646
aee9b218 4647 cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT, 0, &rp,
04124681 4648 sizeof(rp));
8962ee74
JH		 4649
4650 *sk = cmd->sk;
4651 sock_hold(*sk);
4652
a664b5bc 4653 mgmt_pending_remove(cmd);
8962ee74
JH		 4654}
4655
124f6e35 4656static void unpair_device_rsp(struct pending_cmd *cmd, void *data)
a8a1d19e 4657{
b1078ad0 4658 struct hci_dev *hdev = data;
124f6e35
JH		 4659 struct mgmt_cp_unpair_device *cp = cmd->param;
4660 struct mgmt_rp_unpair_device rp;
a8a1d19e
JH		 4661
4662 memset(&rp, 0, sizeof(rp));
124f6e35
JH		 4663 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
4664 rp.addr.type = cp->addr.type;
a8a1d19e 4665
b1078ad0
JH		 4666 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, cmd->sk);
4667
aee9b218 4668 cmd_complete(cmd->sk, cmd->index, cmd->opcode, 0, &rp, sizeof(rp));
a8a1d19e
JH		 4669
4670 mgmt_pending_remove(cmd);
4671}
4672
9b80ec5e
MH		 4673void mgmt_device_disconnected(struct hci_dev *hdev, bdaddr_t *bdaddr,
4674 u8 link_type, u8 addr_type, u8 reason)
f7520543 4675{
f0d6a0ea 4676 struct mgmt_ev_device_disconnected ev;
8962ee74 4677 struct sock *sk = NULL;
8962ee74 4678
57eb776f
AG		 4679 if (link_type != ACL_LINK && link_type != LE_LINK)
4680 return;
4681
744cf19e 4682 mgmt_pending_foreach(MGMT_OP_DISCONNECT, hdev, disconnect_rsp, &sk);
f7520543 4683
f0d6a0ea
MA		 4684 bacpy(&ev.addr.bdaddr, bdaddr);
4685 ev.addr.type = link_to_bdaddr(link_type, addr_type);
4686 ev.reason = reason;
f7520543 4687
9b80ec5e 4688 mgmt_event(MGMT_EV_DEVICE_DISCONNECTED, hdev, &ev, sizeof(ev), sk);
8962ee74
JH		 4689
4690 if (sk)
d97dcb66 4691 sock_put(sk);
8962ee74 4692
124f6e35 4693 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
04124681 4694 hdev);
8962ee74
JH		 4695}
4696
7892924c
MH		 4697void mgmt_disconnect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr,
4698 u8 link_type, u8 addr_type, u8 status)
8962ee74 4699{
3655bba8
AG		 4700 u8 bdaddr_type = link_to_bdaddr(link_type, addr_type);
4701 struct mgmt_cp_disconnect *cp;
88c3df13 4702 struct mgmt_rp_disconnect rp;
8962ee74 4703 struct pending_cmd *cmd;
8962ee74 4704
36a75f1b
JD		 4705 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
4706 hdev);
4707
2e58ef3e 4708 cmd = mgmt_pending_find(MGMT_OP_DISCONNECT, hdev);
8962ee74 4709 if (!cmd)
7892924c 4710 return;
8962ee74 4711
3655bba8
AG		 4712 cp = cmd->param;
4713
4714 if (bacmp(bdaddr, &cp->addr.bdaddr))
4715 return;
4716
4717 if (cp->addr.type != bdaddr_type)
4718 return;
4719
88c3df13 4720 bacpy(&rp.addr.bdaddr, bdaddr);
3655bba8 4721 rp.addr.type = bdaddr_type;
37d9ef76 4722
7892924c
MH		 4723 cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT,
4724 mgmt_status(status), &rp, sizeof(rp));
8962ee74 4725
a664b5bc 4726 mgmt_pending_remove(cmd);
f7520543 4727}
17d5c04c 4728
445608d0
MH		 4729void mgmt_connect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
4730 u8 addr_type, u8 status)
17d5c04c
JH		 4731{
4732 struct mgmt_ev_connect_failed ev;
4733
4c659c39 4734 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 4735 ev.addr.type = link_to_bdaddr(link_type, addr_type);
ca69b795 4736 ev.status = mgmt_status(status);
17d5c04c 4737
445608d0 4738 mgmt_event(MGMT_EV_CONNECT_FAILED, hdev, &ev, sizeof(ev), NULL);
17d5c04c 4739}
980e1a53 4740
ce0e4a0d 4741void mgmt_pin_code_request(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 secure)
980e1a53
JH		 4742{
4743 struct mgmt_ev_pin_code_request ev;
4744
d8457698 4745 bacpy(&ev.addr.bdaddr, bdaddr);
591f47f3 4746 ev.addr.type = BDADDR_BREDR;
a770bb5a 4747 ev.secure = secure;
980e1a53 4748
ce0e4a0d 4749 mgmt_event(MGMT_EV_PIN_CODE_REQUEST, hdev, &ev, sizeof(ev), NULL);
980e1a53
JH		 4750}
4751
e669cf80
MH		 4752void mgmt_pin_code_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
4753 u8 status)
980e1a53
JH		 4754{
4755 struct pending_cmd *cmd;
ac56fb13 4756 struct mgmt_rp_pin_code_reply rp;
980e1a53 4757
2e58ef3e 4758 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_REPLY, hdev);
980e1a53 4759 if (!cmd)
e669cf80 4760 return;
980e1a53 4761
d8457698 4762 bacpy(&rp.addr.bdaddr, bdaddr);
591f47f3 4763 rp.addr.type = BDADDR_BREDR;
ac56fb13 4764
e669cf80
MH		 4765 cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
4766 mgmt_status(status), &rp, sizeof(rp));
980e1a53 4767
a664b5bc 4768 mgmt_pending_remove(cmd);
980e1a53
JH		 4769}
4770
3eb38528
MH		 4771void mgmt_pin_code_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
4772 u8 status)
980e1a53
JH		 4773{
4774 struct pending_cmd *cmd;
ac56fb13 4775 struct mgmt_rp_pin_code_reply rp;
980e1a53 4776
2e58ef3e 4777 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_NEG_REPLY, hdev);
980e1a53 4778 if (!cmd)
3eb38528 4779 return;
980e1a53 4780
d8457698 4781 bacpy(&rp.addr.bdaddr, bdaddr);
591f47f3 4782 rp.addr.type = BDADDR_BREDR;
ac56fb13 4783
3eb38528
MH		 4784 cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_NEG_REPLY,
4785 mgmt_status(status), &rp, sizeof(rp));
980e1a53 4786
a664b5bc 4787 mgmt_pending_remove(cmd);
980e1a53 4788}
a5c29683 4789
744cf19e 4790int mgmt_user_confirm_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681
GP		 4791 u8 link_type, u8 addr_type, __le32 value,
4792 u8 confirm_hint)
a5c29683
JH		 4793{
4794 struct mgmt_ev_user_confirm_request ev;
4795
744cf19e 4796 BT_DBG("%s", hdev->name);
a5c29683 4797
272d90df 4798 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 4799 ev.addr.type = link_to_bdaddr(link_type, addr_type);
55bc1a37 4800 ev.confirm_hint = confirm_hint;
78e8098e 4801 ev.value = value;
a5c29683 4802
744cf19e 4803 return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST, hdev, &ev, sizeof(ev),
04124681 4804 NULL);
a5c29683
JH		 4805}
4806
272d90df 4807int mgmt_user_passkey_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
8ce8e2b5 4808 u8 link_type, u8 addr_type)
604086b7
BG		 4809{
4810 struct mgmt_ev_user_passkey_request ev;
4811
4812 BT_DBG("%s", hdev->name);
4813
272d90df 4814 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 4815 ev.addr.type = link_to_bdaddr(link_type, addr_type);
604086b7
BG		 4816
4817 return mgmt_event(MGMT_EV_USER_PASSKEY_REQUEST, hdev, &ev, sizeof(ev),
04124681 4818 NULL);
604086b7
BG		 4819}
4820
0df4c185 4821static int user_pairing_resp_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
8ce8e2b5
GP		 4822 u8 link_type, u8 addr_type, u8 status,
4823 u8 opcode)
a5c29683
JH		 4824{
4825 struct pending_cmd *cmd;
4826 struct mgmt_rp_user_confirm_reply rp;
4827 int err;
4828
2e58ef3e 4829 cmd = mgmt_pending_find(opcode, hdev);
a5c29683
JH		 4830 if (!cmd)
4831 return -ENOENT;
4832
272d90df 4833 bacpy(&rp.addr.bdaddr, bdaddr);
57c1477c 4834 rp.addr.type = link_to_bdaddr(link_type, addr_type);
aee9b218 4835 err = cmd_complete(cmd->sk, hdev->id, opcode, mgmt_status(status),
04124681 4836 &rp, sizeof(rp));
a5c29683 4837
a664b5bc 4838 mgmt_pending_remove(cmd);
a5c29683
JH		 4839
4840 return err;
4841}
4842
744cf19e 4843int mgmt_user_confirm_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 4844 u8 link_type, u8 addr_type, u8 status)
a5c29683 4845{
272d90df 4846 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
04124681 4847 status, MGMT_OP_USER_CONFIRM_REPLY);
a5c29683
JH		 4848}
4849
272d90df 4850int mgmt_user_confirm_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 4851 u8 link_type, u8 addr_type, u8 status)
a5c29683 4852{
272d90df 4853 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
8fc9ced3
GP		 4854 status,
4855 MGMT_OP_USER_CONFIRM_NEG_REPLY);
a5c29683 4856}
2a611692 4857
604086b7 4858int mgmt_user_passkey_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 4859 u8 link_type, u8 addr_type, u8 status)
604086b7 4860{
272d90df 4861 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
04124681 4862 status, MGMT_OP_USER_PASSKEY_REPLY);
604086b7
BG		 4863}
4864
272d90df 4865int mgmt_user_passkey_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 4866 u8 link_type, u8 addr_type, u8 status)
604086b7 4867{
272d90df 4868 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
8fc9ced3
GP		 4869 status,
4870 MGMT_OP_USER_PASSKEY_NEG_REPLY);
604086b7
BG		 4871}
4872
92a25256
JH		 4873int mgmt_user_passkey_notify(struct hci_dev *hdev, bdaddr_t *bdaddr,
4874 u8 link_type, u8 addr_type, u32 passkey,
4875 u8 entered)
4876{
4877 struct mgmt_ev_passkey_notify ev;
4878
4879 BT_DBG("%s", hdev->name);
4880
4881 bacpy(&ev.addr.bdaddr, bdaddr);
4882 ev.addr.type = link_to_bdaddr(link_type, addr_type);
4883 ev.passkey = __cpu_to_le32(passkey);
4884 ev.entered = entered;
4885
4886 return mgmt_event(MGMT_EV_PASSKEY_NOTIFY, hdev, &ev, sizeof(ev), NULL);
4887}
4888
e546099c
MH		 4889void mgmt_auth_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
4890 u8 addr_type, u8 status)
2a611692
JH		 4891{
4892 struct mgmt_ev_auth_failed ev;
4893
bab73cb6 4894 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 4895 ev.addr.type = link_to_bdaddr(link_type, addr_type);
ca69b795 4896 ev.status = mgmt_status(status);
2a611692 4897
e546099c 4898 mgmt_event(MGMT_EV_AUTH_FAILED, hdev, &ev, sizeof(ev), NULL);
2a611692 4899}
b312b161 4900
464996ae 4901void mgmt_auth_enable_complete(struct hci_dev *hdev, u8 status)
33ef95ed
JH		 4902{
4903 struct cmd_lookup match = { NULL, hdev };
464996ae 4904 bool changed;
33ef95ed
JH		 4905
4906 if (status) {
4907 u8 mgmt_err = mgmt_status(status);
4908 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev,
04124681 4909 cmd_status_rsp, &mgmt_err);
464996ae 4910 return;
33ef95ed
JH		 4911 }
4912
464996ae
MH		 4913 if (test_bit(HCI_AUTH, &hdev->flags))
4914 changed = !test_and_set_bit(HCI_LINK_SECURITY,
4915 &hdev->dev_flags);
4916 else
4917 changed = test_and_clear_bit(HCI_LINK_SECURITY,
4918 &hdev->dev_flags);
47990ea0 4919
33ef95ed 4920 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev, settings_rsp,
04124681 4921 &match);
33ef95ed 4922
47990ea0 4923 if (changed)
464996ae 4924 new_settings(hdev, match.sk);
33ef95ed
JH		 4925
4926 if (match.sk)
4927 sock_put(match.sk);
33ef95ed
JH		 4928}
4929
890ea898 4930static void clear_eir(struct hci_request *req)
cacaf52f 4931{
890ea898 4932 struct hci_dev *hdev = req->hdev;
cacaf52f
JH		 4933 struct hci_cp_write_eir cp;
4934
976eb20e 4935 if (!lmp_ext_inq_capable(hdev))
890ea898 4936 return;
cacaf52f 4937
c80da27e
JH		 4938 memset(hdev->eir, 0, sizeof(hdev->eir));
4939
cacaf52f
JH		 4940 memset(&cp, 0, sizeof(cp));
4941
890ea898 4942 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
cacaf52f
JH		 4943}
4944
3e248560 4945void mgmt_ssp_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
ed2c4ee3
JH		 4946{
4947 struct cmd_lookup match = { NULL, hdev };
890ea898 4948 struct hci_request req;
c0ecddc2 4949 bool changed = false;
ed2c4ee3
JH		 4950
4951 if (status) {
4952 u8 mgmt_err = mgmt_status(status);
c0ecddc2
JH		 4953
4954 if (enable && test_and_clear_bit(HCI_SSP_ENABLED,
9ecb3e24
MH		 4955 &hdev->dev_flags)) {
4956 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
3e248560 4957 new_settings(hdev, NULL);
9ecb3e24 4958 }
c0ecddc2 4959
04124681
GP		 4960 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, cmd_status_rsp,
4961 &mgmt_err);
3e248560 4962 return;
c0ecddc2
JH		 4963 }
4964
4965 if (enable) {
9ecb3e24 4966 changed = !test_and_set_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
c0ecddc2 4967 } else {
9ecb3e24
MH		 4968 changed = test_and_clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
4969 if (!changed)
4970 changed = test_and_clear_bit(HCI_HS_ENABLED,
4971 &hdev->dev_flags);
4972 else
4973 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
ed2c4ee3
JH		 4974 }
4975
4976 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, settings_rsp, &match);
4977
c0ecddc2 4978 if (changed)
3e248560 4979 new_settings(hdev, match.sk);
ed2c4ee3 4980
5fc6ebb1 4981 if (match.sk)
ed2c4ee3
JH		 4982 sock_put(match.sk);
4983
890ea898
JH		 4984 hci_req_init(&req, hdev);
4985
5fc6ebb1 4986 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
890ea898 4987 update_eir(&req);
5fc6ebb1 4988 else
890ea898
JH		 4989 clear_eir(&req);
4990
4991 hci_req_run(&req, NULL);
ed2c4ee3
JH		 4992}
4993
eac83dc6
MH		 4994void mgmt_sc_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
4995{
4996 struct cmd_lookup match = { NULL, hdev };
4997 bool changed = false;
4998
4999 if (status) {
5000 u8 mgmt_err = mgmt_status(status);
5001
5002 if (enable && test_and_clear_bit(HCI_SC_ENABLED,
5003 &hdev->dev_flags))
5004 new_settings(hdev, NULL);
5005
5006 mgmt_pending_foreach(MGMT_OP_SET_SECURE_CONN, hdev,
5007 cmd_status_rsp, &mgmt_err);
5008 return;
5009 }
5010
5011 if (enable)
5012 changed = !test_and_set_bit(HCI_SC_ENABLED, &hdev->dev_flags);
5013 else
5014 changed = test_and_clear_bit(HCI_SC_ENABLED, &hdev->dev_flags);
5015
5016 mgmt_pending_foreach(MGMT_OP_SET_SECURE_CONN, hdev,
5017 settings_rsp, &match);
5018
5019 if (changed)
5020 new_settings(hdev, match.sk);
5021
5022 if (match.sk)
5023 sock_put(match.sk);
5024}
5025
92da6097 5026static void sk_lookup(struct pending_cmd *cmd, void *data)
90e70454
JH		 5027{
5028 struct cmd_lookup *match = data;
5029
90e70454
JH		 5030 if (match->sk == NULL) {
5031 match->sk = cmd->sk;
5032 sock_hold(match->sk);
5033 }
90e70454
JH		 5034}
5035
4e1b0245
MH		 5036void mgmt_set_class_of_dev_complete(struct hci_dev *hdev, u8 *dev_class,
5037 u8 status)
7f9a903c 5038{
90e70454 5039 struct cmd_lookup match = { NULL, hdev, mgmt_status(status) };
7f9a903c 5040
92da6097
JH		 5041 mgmt_pending_foreach(MGMT_OP_SET_DEV_CLASS, hdev, sk_lookup, &match);
5042 mgmt_pending_foreach(MGMT_OP_ADD_UUID, hdev, sk_lookup, &match);
5043 mgmt_pending_foreach(MGMT_OP_REMOVE_UUID, hdev, sk_lookup, &match);
90e70454
JH		 5044
5045 if (!status)
4e1b0245
MH		 5046 mgmt_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev, dev_class, 3,
5047 NULL);
90e70454
JH		 5048
5049 if (match.sk)
5050 sock_put(match.sk);
7f9a903c
MH		 5051}
5052
7667da34 5053void mgmt_set_local_name_complete(struct hci_dev *hdev, u8 *name, u8 status)
b312b161 5054{
b312b161 5055 struct mgmt_cp_set_local_name ev;
13928971 5056 struct pending_cmd *cmd;
28cc7bde 5057
13928971 5058 if (status)
7667da34 5059 return;
b312b161
JH		 5060
5061 memset(&ev, 0, sizeof(ev));
5062 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH);
28cc7bde 5063 memcpy(ev.short_name, hdev->short_name, HCI_MAX_SHORT_NAME_LENGTH);
b312b161 5064
2e58ef3e 5065 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
13928971
JH		 5066 if (!cmd) {
5067 memcpy(hdev->dev_name, name, sizeof(hdev->dev_name));
28cc7bde 5068
13928971
JH		 5069 /* If this is a HCI command related to powering on the
5070 * HCI dev don't send any mgmt signals.
5071 */
5072 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev))
7667da34 5073 return;
890ea898 5074 }
b312b161 5075
7667da34
MH		 5076 mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, &ev, sizeof(ev),
5077 cmd ? cmd->sk : NULL);
b312b161 5078}
c35938b2 5079
3edaf092
MH		 5080void mgmt_read_local_oob_data_reply_complete(struct hci_dev *hdev, u8 *hash,
5081 u8 *randomizer, u8 status)
c35938b2
SJ		 5082{
5083 struct pending_cmd *cmd;
c35938b2 5084
744cf19e 5085 BT_DBG("%s status %u", hdev->name, status);
c35938b2 5086
2e58ef3e 5087 cmd = mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev);
c35938b2 5088 if (!cmd)
3edaf092 5089 return;
c35938b2
SJ		 5090
5091 if (status) {
3edaf092
MH		 5092 cmd_status(cmd->sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
5093 mgmt_status(status));
c35938b2
SJ		 5094 } else {
5095 struct mgmt_rp_read_local_oob_data rp;
5096
5097 memcpy(rp.hash, hash, sizeof(rp.hash));
5098 memcpy(rp.randomizer, randomizer, sizeof(rp.randomizer));
5099
3edaf092
MH		 5100 cmd_complete(cmd->sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
5101 0, &rp, sizeof(rp));
c35938b2
SJ		 5102 }
5103
5104 mgmt_pending_remove(cmd);
c35938b2 5105}
e17acd40 5106
901801b9
MH		 5107void mgmt_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
5108 u8 addr_type, u8 *dev_class, s8 rssi, u8 cfm_name, u8
5109 ssp, u8 *eir, u16 eir_len)
e17acd40 5110{
e319d2e7
JH		 5111 char buf[512];
5112 struct mgmt_ev_device_found *ev = (void *) buf;
1dc06093 5113 size_t ev_size;
e17acd40 5114
12602d0c 5115 if (!hci_discovery_active(hdev))
901801b9 5116 return;
12602d0c 5117
1dc06093
JH		 5118 /* Leave 5 bytes for a potential CoD field */
5119 if (sizeof(*ev) + eir_len + 5 > sizeof(buf))
901801b9 5120 return;
7d262f86 5121
1dc06093
JH		 5122 memset(buf, 0, sizeof(buf));
5123
e319d2e7 5124 bacpy(&ev->addr.bdaddr, bdaddr);
57c1477c 5125 ev->addr.type = link_to_bdaddr(link_type, addr_type);
e319d2e7 5126 ev->rssi = rssi;
9a395a80 5127 if (cfm_name)
612dfce9 5128 ev->flags |= __constant_cpu_to_le32(MGMT_DEV_FOUND_CONFIRM_NAME);
388fc8fa 5129 if (!ssp)
612dfce9 5130 ev->flags |= __constant_cpu_to_le32(MGMT_DEV_FOUND_LEGACY_PAIRING);
e17acd40 5131
1dc06093 5132 if (eir_len > 0)
e319d2e7 5133 memcpy(ev->eir, eir, eir_len);
e17acd40 5134
1dc06093
JH		 5135 if (dev_class && !eir_has_data_type(ev->eir, eir_len, EIR_CLASS_OF_DEV))
5136 eir_len = eir_append_data(ev->eir, eir_len, EIR_CLASS_OF_DEV,
04124681 5137 dev_class, 3);
1dc06093 5138
eb55ef07 5139 ev->eir_len = cpu_to_le16(eir_len);
1dc06093 5140 ev_size = sizeof(*ev) + eir_len;
f8523598 5141
901801b9 5142 mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, ev_size, NULL);
e17acd40 5143}
a88a9652 5144
9cf12aee
MH		 5145void mgmt_remote_name(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
5146 u8 addr_type, s8 rssi, u8 *name, u8 name_len)
a88a9652 5147{
b644ba33
JH		 5148 struct mgmt_ev_device_found *ev;
5149 char buf[sizeof(*ev) + HCI_MAX_NAME_LENGTH + 2];
5150 u16 eir_len;
a88a9652 5151
b644ba33 5152 ev = (struct mgmt_ev_device_found *) buf;
a88a9652 5153
b644ba33
JH		 5154 memset(buf, 0, sizeof(buf));
5155
5156 bacpy(&ev->addr.bdaddr, bdaddr);
57c1477c 5157 ev->addr.type = link_to_bdaddr(link_type, addr_type);
b644ba33
JH		 5158 ev->rssi = rssi;
5159
5160 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE, name,
04124681 5161 name_len);
b644ba33 5162
eb55ef07 5163 ev->eir_len = cpu_to_le16(eir_len);
a88a9652 5164
9cf12aee 5165 mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, sizeof(*ev) + eir_len, NULL);
a88a9652 5166}
314b2381 5167
2f1e063b 5168void mgmt_discovering(struct hci_dev *hdev, u8 discovering)
314b2381 5169{
f963e8e9 5170 struct mgmt_ev_discovering ev;
164a6e78
JH		 5171 struct pending_cmd *cmd;
5172
343fb145
AG		 5173 BT_DBG("%s discovering %u", hdev->name, discovering);
5174
164a6e78 5175 if (discovering)
2e58ef3e 5176 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
164a6e78 5177 else
2e58ef3e 5178 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
164a6e78
JH		 5179
5180 if (cmd != NULL) {
f808e166
JH		 5181 u8 type = hdev->discovery.type;
5182
04124681
GP		 5183 cmd_complete(cmd->sk, hdev->id, cmd->opcode, 0, &type,
5184 sizeof(type));
164a6e78
JH		 5185 mgmt_pending_remove(cmd);
5186 }
5187
f963e8e9
JH		 5188 memset(&ev, 0, sizeof(ev));
5189 ev.type = hdev->discovery.type;
5190 ev.discovering = discovering;
5191
2f1e063b 5192 mgmt_event(MGMT_EV_DISCOVERING, hdev, &ev, sizeof(ev), NULL);
314b2381 5193}
5e762444 5194
88c1fe4b 5195int mgmt_device_blocked(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
5e762444
AJ		 5196{
5197 struct pending_cmd *cmd;
5198 struct mgmt_ev_device_blocked ev;
5199
2e58ef3e 5200 cmd = mgmt_pending_find(MGMT_OP_BLOCK_DEVICE, hdev);
5e762444 5201
88c1fe4b
JH		 5202 bacpy(&ev.addr.bdaddr, bdaddr);
5203 ev.addr.type = type;
5e762444 5204
744cf19e 5205 return mgmt_event(MGMT_EV_DEVICE_BLOCKED, hdev, &ev, sizeof(ev),
04124681 5206 cmd ? cmd->sk : NULL);
5e762444
AJ		 5207}
5208
88c1fe4b 5209int mgmt_device_unblocked(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
5e762444
AJ		 5210{
5211 struct pending_cmd *cmd;
5212 struct mgmt_ev_device_unblocked ev;
5213
2e58ef3e 5214 cmd = mgmt_pending_find(MGMT_OP_UNBLOCK_DEVICE, hdev);
5e762444 5215
88c1fe4b
JH		 5216 bacpy(&ev.addr.bdaddr, bdaddr);
5217 ev.addr.type = type;
5e762444 5218
744cf19e 5219 return mgmt_event(MGMT_EV_DEVICE_UNBLOCKED, hdev, &ev, sizeof(ev),
04124681 5220 cmd ? cmd->sk : NULL);
5e762444 5221}
5976e608
MH		 5222
5223static void adv_enable_complete(struct hci_dev *hdev, u8 status)
5224{
5225 BT_DBG("%s status %u", hdev->name, status);
5226
5227 /* Clear the advertising mgmt setting if we failed to re-enable it */
5228 if (status) {
5229 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
a6d811ed 5230 new_settings(hdev, NULL);
5976e608
MH		 5231 }
5232}
5233
5234void mgmt_reenable_advertising(struct hci_dev *hdev)
5235{
5236 struct hci_request req;
5237
b145edcd 5238 if (hci_conn_num(hdev, LE_LINK) > 0)
5976e608
MH		 5239 return;
5240
5241 if (!test_bit(HCI_ADVERTISING, &hdev->dev_flags))
5242 return;
5243
5244 hci_req_init(&req, hdev);
5245 enable_advertising(&req);
5246
5247 /* If this fails we have no option but to let user space know
5248 * that we've disabled advertising.
5249 */
5250 if (hci_req_run(&req, adv_enable_complete) < 0) {
5251 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
a6d811ed 5252 new_settings(hdev, NULL);
5976e608
MH		 5253 }
5254}
Linux kernel - Deliverables
This page took 0.57415 seconds and 5 git commands to generate.