projects / deliverable / linux.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Bluetooth: Fix checking for exact values of boolean mgmt parameters
[deliverable/linux.git] / net / bluetooth / mgmt.c
CommitLineData
0381101f
JH		 1/*
2 BlueZ - Bluetooth protocol stack for Linux
ea585ab5 3
0381101f 4 Copyright (C) 2010 Nokia Corporation
ea585ab5 5 Copyright (C) 2011-2012 Intel Corporation
0381101f
JH		 6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
10
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
23*/
24
25/* Bluetooth HCI Management interface */
26
3a9a231d 27#include <linux/module.h>
0381101f
JH		 28#include <asm/unaligned.h>
29
30#include <net/bluetooth/bluetooth.h>
31#include <net/bluetooth/hci_core.h>
32#include <net/bluetooth/mgmt.h>
5fe57d9e 33#include <net/bluetooth/smp.h>
0381101f 34
d7b7e796 35bool enable_hs;
d7b7e796 36
2da9c55c 37#define MGMT_VERSION 1
23b3b133 38#define MGMT_REVISION 2
02d98129 39
e70bb2e8
JH		 40static const u16 mgmt_commands[] = {
41 MGMT_OP_READ_INDEX_LIST,
42 MGMT_OP_READ_INFO,
43 MGMT_OP_SET_POWERED,
44 MGMT_OP_SET_DISCOVERABLE,
45 MGMT_OP_SET_CONNECTABLE,
46 MGMT_OP_SET_FAST_CONNECTABLE,
47 MGMT_OP_SET_PAIRABLE,
48 MGMT_OP_SET_LINK_SECURITY,
49 MGMT_OP_SET_SSP,
50 MGMT_OP_SET_HS,
51 MGMT_OP_SET_LE,
52 MGMT_OP_SET_DEV_CLASS,
53 MGMT_OP_SET_LOCAL_NAME,
54 MGMT_OP_ADD_UUID,
55 MGMT_OP_REMOVE_UUID,
56 MGMT_OP_LOAD_LINK_KEYS,
57 MGMT_OP_LOAD_LONG_TERM_KEYS,
58 MGMT_OP_DISCONNECT,
59 MGMT_OP_GET_CONNECTIONS,
60 MGMT_OP_PIN_CODE_REPLY,
61 MGMT_OP_PIN_CODE_NEG_REPLY,
62 MGMT_OP_SET_IO_CAPABILITY,
63 MGMT_OP_PAIR_DEVICE,
64 MGMT_OP_CANCEL_PAIR_DEVICE,
65 MGMT_OP_UNPAIR_DEVICE,
66 MGMT_OP_USER_CONFIRM_REPLY,
67 MGMT_OP_USER_CONFIRM_NEG_REPLY,
68 MGMT_OP_USER_PASSKEY_REPLY,
69 MGMT_OP_USER_PASSKEY_NEG_REPLY,
70 MGMT_OP_READ_LOCAL_OOB_DATA,
71 MGMT_OP_ADD_REMOTE_OOB_DATA,
72 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
73 MGMT_OP_START_DISCOVERY,
74 MGMT_OP_STOP_DISCOVERY,
75 MGMT_OP_CONFIRM_NAME,
76 MGMT_OP_BLOCK_DEVICE,
77 MGMT_OP_UNBLOCK_DEVICE,
cdbaccca 78 MGMT_OP_SET_DEVICE_ID,
e70bb2e8
JH		 79};
80
81static const u16 mgmt_events[] = {
82 MGMT_EV_CONTROLLER_ERROR,
83 MGMT_EV_INDEX_ADDED,
84 MGMT_EV_INDEX_REMOVED,
85 MGMT_EV_NEW_SETTINGS,
86 MGMT_EV_CLASS_OF_DEV_CHANGED,
87 MGMT_EV_LOCAL_NAME_CHANGED,
88 MGMT_EV_NEW_LINK_KEY,
89 MGMT_EV_NEW_LONG_TERM_KEY,
90 MGMT_EV_DEVICE_CONNECTED,
91 MGMT_EV_DEVICE_DISCONNECTED,
92 MGMT_EV_CONNECT_FAILED,
93 MGMT_EV_PIN_CODE_REQUEST,
94 MGMT_EV_USER_CONFIRM_REQUEST,
95 MGMT_EV_USER_PASSKEY_REQUEST,
96 MGMT_EV_AUTH_FAILED,
97 MGMT_EV_DEVICE_FOUND,
98 MGMT_EV_DISCOVERING,
99 MGMT_EV_DEVICE_BLOCKED,
100 MGMT_EV_DEVICE_UNBLOCKED,
101 MGMT_EV_DEVICE_UNPAIRED,
92a25256 102 MGMT_EV_PASSKEY_NOTIFY,
e70bb2e8
JH		 103};
104
3fd24153
AG		 105/*
106 * These LE scan and inquiry parameters were chosen according to LE General
107 * Discovery Procedure specification.
108 */
109#define LE_SCAN_TYPE 0x01
110#define LE_SCAN_WIN 0x12
111#define LE_SCAN_INT 0x12
112#define LE_SCAN_TIMEOUT_LE_ONLY 10240 /* TGAP(gen_disc_scan_min) */
5e0452c0 113#define LE_SCAN_TIMEOUT_BREDR_LE 5120 /* TGAP(100)/2 */
3fd24153 114
e8777525 115#define INQUIRY_LEN_BREDR 0x08 /* TGAP(100) */
5e0452c0 116#define INQUIRY_LEN_BREDR_LE 0x04 /* TGAP(100)/2 */
2519a1fc 117
17b02e62 118#define CACHE_TIMEOUT msecs_to_jiffies(2 * 1000)
7d78525d 119
4b34ee78
JH		 120#define hdev_is_powered(hdev) (test_bit(HCI_UP, &hdev->flags) && \
121 !test_bit(HCI_AUTO_OFF, &hdev->dev_flags))
122
eec8d2bc
JH		 123struct pending_cmd {
124 struct list_head list;
fc2f4b13 125 u16 opcode;
eec8d2bc 126 int index;
c68fb7ff 127 void *param;
eec8d2bc 128 struct sock *sk;
e9a416b5 129 void *user_data;
eec8d2bc
JH		 130};
131
ca69b795
JH		 132/* HCI to MGMT error code conversion table */
133static u8 mgmt_status_table[] = {
134 MGMT_STATUS_SUCCESS,
135 MGMT_STATUS_UNKNOWN_COMMAND, /* Unknown Command */
136 MGMT_STATUS_NOT_CONNECTED, /* No Connection */
137 MGMT_STATUS_FAILED, /* Hardware Failure */
138 MGMT_STATUS_CONNECT_FAILED, /* Page Timeout */
139 MGMT_STATUS_AUTH_FAILED, /* Authentication Failed */
140 MGMT_STATUS_NOT_PAIRED, /* PIN or Key Missing */
141 MGMT_STATUS_NO_RESOURCES, /* Memory Full */
142 MGMT_STATUS_TIMEOUT, /* Connection Timeout */
143 MGMT_STATUS_NO_RESOURCES, /* Max Number of Connections */
144 MGMT_STATUS_NO_RESOURCES, /* Max Number of SCO Connections */
145 MGMT_STATUS_ALREADY_CONNECTED, /* ACL Connection Exists */
146 MGMT_STATUS_BUSY, /* Command Disallowed */
147 MGMT_STATUS_NO_RESOURCES, /* Rejected Limited Resources */
148 MGMT_STATUS_REJECTED, /* Rejected Security */
149 MGMT_STATUS_REJECTED, /* Rejected Personal */
150 MGMT_STATUS_TIMEOUT, /* Host Timeout */
151 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Feature */
152 MGMT_STATUS_INVALID_PARAMS, /* Invalid Parameters */
153 MGMT_STATUS_DISCONNECTED, /* OE User Ended Connection */
154 MGMT_STATUS_NO_RESOURCES, /* OE Low Resources */
155 MGMT_STATUS_DISCONNECTED, /* OE Power Off */
156 MGMT_STATUS_DISCONNECTED, /* Connection Terminated */
157 MGMT_STATUS_BUSY, /* Repeated Attempts */
158 MGMT_STATUS_REJECTED, /* Pairing Not Allowed */
159 MGMT_STATUS_FAILED, /* Unknown LMP PDU */
160 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Remote Feature */
161 MGMT_STATUS_REJECTED, /* SCO Offset Rejected */
162 MGMT_STATUS_REJECTED, /* SCO Interval Rejected */
163 MGMT_STATUS_REJECTED, /* Air Mode Rejected */
164 MGMT_STATUS_INVALID_PARAMS, /* Invalid LMP Parameters */
165 MGMT_STATUS_FAILED, /* Unspecified Error */
166 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported LMP Parameter Value */
167 MGMT_STATUS_FAILED, /* Role Change Not Allowed */
168 MGMT_STATUS_TIMEOUT, /* LMP Response Timeout */
169 MGMT_STATUS_FAILED, /* LMP Error Transaction Collision */
170 MGMT_STATUS_FAILED, /* LMP PDU Not Allowed */
171 MGMT_STATUS_REJECTED, /* Encryption Mode Not Accepted */
172 MGMT_STATUS_FAILED, /* Unit Link Key Used */
173 MGMT_STATUS_NOT_SUPPORTED, /* QoS Not Supported */
174 MGMT_STATUS_TIMEOUT, /* Instant Passed */
175 MGMT_STATUS_NOT_SUPPORTED, /* Pairing Not Supported */
176 MGMT_STATUS_FAILED, /* Transaction Collision */
177 MGMT_STATUS_INVALID_PARAMS, /* Unacceptable Parameter */
178 MGMT_STATUS_REJECTED, /* QoS Rejected */
179 MGMT_STATUS_NOT_SUPPORTED, /* Classification Not Supported */
180 MGMT_STATUS_REJECTED, /* Insufficient Security */
181 MGMT_STATUS_INVALID_PARAMS, /* Parameter Out Of Range */
182 MGMT_STATUS_BUSY, /* Role Switch Pending */
183 MGMT_STATUS_FAILED, /* Slot Violation */
184 MGMT_STATUS_FAILED, /* Role Switch Failed */
185 MGMT_STATUS_INVALID_PARAMS, /* EIR Too Large */
186 MGMT_STATUS_NOT_SUPPORTED, /* Simple Pairing Not Supported */
187 MGMT_STATUS_BUSY, /* Host Busy Pairing */
188 MGMT_STATUS_REJECTED, /* Rejected, No Suitable Channel */
189 MGMT_STATUS_BUSY, /* Controller Busy */
190 MGMT_STATUS_INVALID_PARAMS, /* Unsuitable Connection Interval */
191 MGMT_STATUS_TIMEOUT, /* Directed Advertising Timeout */
192 MGMT_STATUS_AUTH_FAILED, /* Terminated Due to MIC Failure */
193 MGMT_STATUS_CONNECT_FAILED, /* Connection Establishment Failed */
194 MGMT_STATUS_CONNECT_FAILED, /* MAC Connection Failed */
195};
196
bb4b2a9a
AE		 197bool mgmt_valid_hdev(struct hci_dev *hdev)
198{
199 return hdev->dev_type == HCI_BREDR;
200}
201
ca69b795
JH		 202static u8 mgmt_status(u8 hci_status)
203{
204 if (hci_status < ARRAY_SIZE(mgmt_status_table))
205 return mgmt_status_table[hci_status];
206
207 return MGMT_STATUS_FAILED;
208}
209
4e51eae9 210static int cmd_status(struct sock *sk, u16 index, u16 cmd, u8 status)
f7b64e69
JH		 211{
212 struct sk_buff *skb;
213 struct mgmt_hdr *hdr;
214 struct mgmt_ev_cmd_status *ev;
56b7d137 215 int err;
f7b64e69 216
34eb525c 217 BT_DBG("sock %p, index %u, cmd %u, status %u", sk, index, cmd, status);
f7b64e69 218
790eff44 219 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev), GFP_KERNEL);
f7b64e69
JH		 220 if (!skb)
221 return -ENOMEM;
222
223 hdr = (void *) skb_put(skb, sizeof(*hdr));
224
612dfce9 225 hdr->opcode = __constant_cpu_to_le16(MGMT_EV_CMD_STATUS);
4e51eae9 226 hdr->index = cpu_to_le16(index);
f7b64e69
JH		 227 hdr->len = cpu_to_le16(sizeof(*ev));
228
229 ev = (void *) skb_put(skb, sizeof(*ev));
230 ev->status = status;
eb55ef07 231 ev->opcode = cpu_to_le16(cmd);
f7b64e69 232
56b7d137
GP		 233 err = sock_queue_rcv_skb(sk, skb);
234 if (err < 0)
f7b64e69
JH		 235 kfree_skb(skb);
236
56b7d137 237 return err;
f7b64e69
JH		 238}
239
aee9b218 240static int cmd_complete(struct sock *sk, u16 index, u16 cmd, u8 status,
04124681 241 void *rp, size_t rp_len)
02d98129
JH		 242{
243 struct sk_buff *skb;
244 struct mgmt_hdr *hdr;
245 struct mgmt_ev_cmd_complete *ev;
56b7d137 246 int err;
02d98129
JH		 247
248 BT_DBG("sock %p", sk);
249
790eff44 250 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev) + rp_len, GFP_KERNEL);
02d98129
JH		 251 if (!skb)
252 return -ENOMEM;
253
254 hdr = (void *) skb_put(skb, sizeof(*hdr));
02d98129 255
612dfce9 256 hdr->opcode = __constant_cpu_to_le16(MGMT_EV_CMD_COMPLETE);
4e51eae9 257 hdr->index = cpu_to_le16(index);
a38528f1 258 hdr->len = cpu_to_le16(sizeof(*ev) + rp_len);
02d98129 259
a38528f1 260 ev = (void *) skb_put(skb, sizeof(*ev) + rp_len);
eb55ef07 261 ev->opcode = cpu_to_le16(cmd);
aee9b218 262 ev->status = status;
8020c16a
SJ		 263
264 if (rp)
265 memcpy(ev->data, rp, rp_len);
02d98129 266
56b7d137
GP		 267 err = sock_queue_rcv_skb(sk, skb);
268 if (err < 0)
02d98129
JH		 269 kfree_skb(skb);
270
e5f0e151 271 return err;
02d98129
JH		 272}
273
04124681
GP		 274static int read_version(struct sock *sk, struct hci_dev *hdev, void *data,
275 u16 data_len)
a38528f1
JH		 276{
277 struct mgmt_rp_read_version rp;
278
279 BT_DBG("sock %p", sk);
280
281 rp.version = MGMT_VERSION;
eb55ef07 282 rp.revision = __constant_cpu_to_le16(MGMT_REVISION);
a38528f1 283
aee9b218 284 return cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_VERSION, 0, &rp,
04124681 285 sizeof(rp));
a38528f1
JH		 286}
287
04124681
GP		 288static int read_commands(struct sock *sk, struct hci_dev *hdev, void *data,
289 u16 data_len)
e70bb2e8
JH		 290{
291 struct mgmt_rp_read_commands *rp;
eb55ef07
MH		 292 const u16 num_commands = ARRAY_SIZE(mgmt_commands);
293 const u16 num_events = ARRAY_SIZE(mgmt_events);
2e3c35ea 294 __le16 *opcode;
e70bb2e8
JH		 295 size_t rp_size;
296 int i, err;
297
298 BT_DBG("sock %p", sk);
299
300 rp_size = sizeof(*rp) + ((num_commands + num_events) * sizeof(u16));
301
302 rp = kmalloc(rp_size, GFP_KERNEL);
303 if (!rp)
304 return -ENOMEM;
305
eb55ef07
MH		 306 rp->num_commands = __constant_cpu_to_le16(num_commands);
307 rp->num_events = __constant_cpu_to_le16(num_events);
e70bb2e8
JH		 308
309 for (i = 0, opcode = rp->opcodes; i < num_commands; i++, opcode++)
310 put_unaligned_le16(mgmt_commands[i], opcode);
311
312 for (i = 0; i < num_events; i++, opcode++)
313 put_unaligned_le16(mgmt_events[i], opcode);
314
aee9b218 315 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_COMMANDS, 0, rp,
04124681 316 rp_size);
e70bb2e8
JH		 317 kfree(rp);
318
319 return err;
320}
321
04124681
GP		 322static int read_index_list(struct sock *sk, struct hci_dev *hdev, void *data,
323 u16 data_len)
faba42eb 324{
faba42eb 325 struct mgmt_rp_read_index_list *rp;
8035ded4 326 struct hci_dev *d;
a38528f1 327 size_t rp_len;
faba42eb 328 u16 count;
476e44cb 329 int err;
faba42eb
JH		 330
331 BT_DBG("sock %p", sk);
332
333 read_lock(&hci_dev_list_lock);
334
335 count = 0;
bb4b2a9a
AE		 336 list_for_each_entry(d, &hci_dev_list, list) {
337 if (!mgmt_valid_hdev(d))
338 continue;
339
faba42eb
JH		 340 count++;
341 }
342
a38528f1
JH		 343 rp_len = sizeof(*rp) + (2 * count);
344 rp = kmalloc(rp_len, GFP_ATOMIC);
345 if (!rp) {
b2c60d42 346 read_unlock(&hci_dev_list_lock);
faba42eb 347 return -ENOMEM;
b2c60d42 348 }
faba42eb 349
476e44cb 350 count = 0;
8035ded4 351 list_for_each_entry(d, &hci_dev_list, list) {
a8b2d5c2 352 if (test_bit(HCI_SETUP, &d->dev_flags))
ab81cbf9
JH		 353 continue;
354
bb4b2a9a
AE		 355 if (!mgmt_valid_hdev(d))
356 continue;
357
476e44cb 358 rp->index[count++] = cpu_to_le16(d->id);
faba42eb
JH		 359 BT_DBG("Added hci%u", d->id);
360 }
361
476e44cb
JH		 362 rp->num_controllers = cpu_to_le16(count);
363 rp_len = sizeof(*rp) + (2 * count);
364
faba42eb
JH		 365 read_unlock(&hci_dev_list_lock);
366
aee9b218 367 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_INDEX_LIST, 0, rp,
04124681 368 rp_len);
faba42eb 369
a38528f1
JH		 370 kfree(rp);
371
372 return err;
faba42eb
JH		 373}
374
69ab39ea
JH		 375static u32 get_supported_settings(struct hci_dev *hdev)
376{
377 u32 settings = 0;
378
379 settings |= MGMT_SETTING_POWERED;
69ab39ea
JH		 380 settings |= MGMT_SETTING_PAIRABLE;
381
9a1a1996 382 if (lmp_ssp_capable(hdev))
69ab39ea
JH		 383 settings |= MGMT_SETTING_SSP;
384
ed3fa31f 385 if (lmp_bredr_capable(hdev)) {
33c525c0
JH		 386 settings |= MGMT_SETTING_CONNECTABLE;
387 settings |= MGMT_SETTING_FAST_CONNECTABLE;
388 settings |= MGMT_SETTING_DISCOVERABLE;
69ab39ea
JH		 389 settings |= MGMT_SETTING_BREDR;
390 settings |= MGMT_SETTING_LINK_SECURITY;
391 }
392
d7b7e796
MH		 393 if (enable_hs)
394 settings |= MGMT_SETTING_HS;
395
c383ddc4 396 if (lmp_le_capable(hdev))
9d42820f 397 settings |= MGMT_SETTING_LE;
69ab39ea
JH		 398
399 return settings;
400}
401
402static u32 get_current_settings(struct hci_dev *hdev)
403{
404 u32 settings = 0;
405
f1f0eb02 406 if (hdev_is_powered(hdev))
f0d4b78a
MH		 407 settings |= MGMT_SETTING_POWERED;
408
5e5282bb 409 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
69ab39ea
JH		 410 settings |= MGMT_SETTING_CONNECTABLE;
411
5e5282bb 412 if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
69ab39ea
JH		 413 settings |= MGMT_SETTING_DISCOVERABLE;
414
a8b2d5c2 415 if (test_bit(HCI_PAIRABLE, &hdev->dev_flags))
69ab39ea
JH		 416 settings |= MGMT_SETTING_PAIRABLE;
417
ed3fa31f 418 if (lmp_bredr_capable(hdev))
69ab39ea
JH		 419 settings |= MGMT_SETTING_BREDR;
420
06199cf8 421 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
69ab39ea
JH		 422 settings |= MGMT_SETTING_LE;
423
47990ea0 424 if (test_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
69ab39ea
JH		 425 settings |= MGMT_SETTING_LINK_SECURITY;
426
84bde9d6 427 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
69ab39ea
JH		 428 settings |= MGMT_SETTING_SSP;
429
6d80dfd0
JH		 430 if (test_bit(HCI_HS_ENABLED, &hdev->dev_flags))
431 settings |= MGMT_SETTING_HS;
432
69ab39ea
JH		 433 return settings;
434}
435
ef580372
JH		 436#define PNP_INFO_SVCLASS_ID 0x1200
437
438static u8 bluetooth_base_uuid[] = {
439 0xFB, 0x34, 0x9B, 0x5F, 0x80, 0x00, 0x00, 0x80,
440 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
441};
442
443static u16 get_uuid16(u8 *uuid128)
444{
445 u32 val;
446 int i;
447
448 for (i = 0; i < 12; i++) {
449 if (bluetooth_base_uuid[i] != uuid128[i])
450 return 0;
451 }
452
3e9fb6d8 453 val = get_unaligned_le32(&uuid128[12]);
ef580372
JH		 454 if (val > 0xffff)
455 return 0;
456
457 return (u16) val;
458}
459
460static void create_eir(struct hci_dev *hdev, u8 *data)
461{
462 u8 *ptr = data;
463 u16 eir_len = 0;
464 u16 uuid16_list[HCI_MAX_EIR_LENGTH / sizeof(u16)];
465 int i, truncated = 0;
466 struct bt_uuid *uuid;
467 size_t name_len;
468
469 name_len = strlen(hdev->dev_name);
470
471 if (name_len > 0) {
472 /* EIR Data type */
473 if (name_len > 48) {
474 name_len = 48;
475 ptr[1] = EIR_NAME_SHORT;
476 } else
477 ptr[1] = EIR_NAME_COMPLETE;
478
479 /* EIR Data length */
480 ptr[0] = name_len + 1;
481
482 memcpy(ptr + 2, hdev->dev_name, name_len);
483
484 eir_len += (name_len + 2);
485 ptr += (name_len + 2);
486 }
487
bbaf444a 488 if (hdev->inq_tx_power != HCI_TX_POWER_INVALID) {
91c4e9b1
MH		 489 ptr[0] = 2;
490 ptr[1] = EIR_TX_POWER;
491 ptr[2] = (u8) hdev->inq_tx_power;
492
493 eir_len += 3;
494 ptr += 3;
495 }
496
2b9be137
MH		 497 if (hdev->devid_source > 0) {
498 ptr[0] = 9;
499 ptr[1] = EIR_DEVICE_ID;
500
501 put_unaligned_le16(hdev->devid_source, ptr + 2);
502 put_unaligned_le16(hdev->devid_vendor, ptr + 4);
503 put_unaligned_le16(hdev->devid_product, ptr + 6);
504 put_unaligned_le16(hdev->devid_version, ptr + 8);
505
506 eir_len += 10;
507 ptr += 10;
508 }
509
ef580372
JH		 510 memset(uuid16_list, 0, sizeof(uuid16_list));
511
512 /* Group all UUID16 types */
513 list_for_each_entry(uuid, &hdev->uuids, list) {
514 u16 uuid16;
515
516 uuid16 = get_uuid16(uuid->uuid);
517 if (uuid16 == 0)
518 return;
519
520 if (uuid16 < 0x1100)
521 continue;
522
523 if (uuid16 == PNP_INFO_SVCLASS_ID)
524 continue;
525
526 /* Stop if not enough space to put next UUID */
527 if (eir_len + 2 + sizeof(u16) > HCI_MAX_EIR_LENGTH) {
528 truncated = 1;
529 break;
530 }
531
532 /* Check for duplicates */
533 for (i = 0; uuid16_list[i] != 0; i++)
534 if (uuid16_list[i] == uuid16)
535 break;
536
537 if (uuid16_list[i] == 0) {
538 uuid16_list[i] = uuid16;
539 eir_len += sizeof(u16);
540 }
541 }
542
543 if (uuid16_list[0] != 0) {
544 u8 *length = ptr;
545
546 /* EIR Data type */
547 ptr[1] = truncated ? EIR_UUID16_SOME : EIR_UUID16_ALL;
548
549 ptr += 2;
550 eir_len += 2;
551
552 for (i = 0; uuid16_list[i] != 0; i++) {
553 *ptr++ = (uuid16_list[i] & 0x00ff);
554 *ptr++ = (uuid16_list[i] & 0xff00) >> 8;
555 }
556
557 /* EIR Data length */
558 *length = (i * sizeof(u16)) + 1;
559 }
560}
561
562static int update_eir(struct hci_dev *hdev)
563{
564 struct hci_cp_write_eir cp;
565
504c8dcd 566 if (!hdev_is_powered(hdev))
7770c4aa
JH		 567 return 0;
568
976eb20e 569 if (!lmp_ext_inq_capable(hdev))
ef580372
JH		 570 return 0;
571
84bde9d6 572 if (!test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
ef580372
JH		 573 return 0;
574
a8b2d5c2 575 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
ef580372
JH		 576 return 0;
577
578 memset(&cp, 0, sizeof(cp));
579
580 create_eir(hdev, cp.data);
581
582 if (memcmp(cp.data, hdev->eir, sizeof(cp.data)) == 0)
583 return 0;
584
585 memcpy(hdev->eir, cp.data, sizeof(cp.data));
586
587 return hci_send_cmd(hdev, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
588}
589
590static u8 get_service_classes(struct hci_dev *hdev)
591{
592 struct bt_uuid *uuid;
593 u8 val = 0;
594
595 list_for_each_entry(uuid, &hdev->uuids, list)
596 val |= uuid->svc_hint;
597
598 return val;
599}
600
601static int update_class(struct hci_dev *hdev)
602{
603 u8 cod[3];
c95f0ba7 604 int err;
ef580372
JH		 605
606 BT_DBG("%s", hdev->name);
607
504c8dcd 608 if (!hdev_is_powered(hdev))
7770c4aa
JH		 609 return 0;
610
a8b2d5c2 611 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
ef580372
JH		 612 return 0;
613
614 cod[0] = hdev->minor_class;
615 cod[1] = hdev->major_class;
616 cod[2] = get_service_classes(hdev);
617
618 if (memcmp(cod, hdev->dev_class, 3) == 0)
619 return 0;
620
c95f0ba7
JH		 621 err = hci_send_cmd(hdev, HCI_OP_WRITE_CLASS_OF_DEV, sizeof(cod), cod);
622 if (err == 0)
623 set_bit(HCI_PENDING_CLASS, &hdev->dev_flags);
624
625 return err;
ef580372
JH		 626}
627
7d78525d
JH		 628static void service_cache_off(struct work_struct *work)
629{
630 struct hci_dev *hdev = container_of(work, struct hci_dev,
04124681 631 service_cache.work);
7d78525d 632
a8b2d5c2 633 if (!test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
7d78525d
JH		 634 return;
635
636 hci_dev_lock(hdev);
637
638 update_eir(hdev);
639 update_class(hdev);
640
641 hci_dev_unlock(hdev);
642}
643
6a919082 644static void mgmt_init_hdev(struct sock *sk, struct hci_dev *hdev)
7d78525d 645{
4f87da80 646 if (test_and_set_bit(HCI_MGMT, &hdev->dev_flags))
6a919082
JH		 647 return;
648
4f87da80 649 INIT_DELAYED_WORK(&hdev->service_cache, service_cache_off);
7d78525d 650
4f87da80
JH		 651 /* Non-mgmt controlled devices get this bit set
652 * implicitly so that pairing works for them, however
653 * for mgmt we require user-space to explicitly enable
654 * it
655 */
656 clear_bit(HCI_PAIRABLE, &hdev->dev_flags);
7d78525d
JH		 657}
658
0f4e68cf 659static int read_controller_info(struct sock *sk, struct hci_dev *hdev,
04124681 660 void *data, u16 data_len)
0381101f 661{
a38528f1 662 struct mgmt_rp_read_info rp;
f7b64e69 663
bdb6d971 664 BT_DBG("sock %p %s", sk, hdev->name);
f7b64e69 665
09fd0de5 666 hci_dev_lock(hdev);
f7b64e69 667
dc4fe30b
JH		 668 memset(&rp, 0, sizeof(rp));
669
69ab39ea 670 bacpy(&rp.bdaddr, &hdev->bdaddr);
f7b64e69 671
69ab39ea 672 rp.version = hdev->hci_ver;
eb55ef07 673 rp.manufacturer = cpu_to_le16(hdev->manufacturer);
69ab39ea
JH		 674
675 rp.supported_settings = cpu_to_le32(get_supported_settings(hdev));
676 rp.current_settings = cpu_to_le32(get_current_settings(hdev));
f7b64e69 677
a38528f1 678 memcpy(rp.dev_class, hdev->dev_class, 3);
f7b64e69 679
dc4fe30b 680 memcpy(rp.name, hdev->dev_name, sizeof(hdev->dev_name));
27fcc362 681 memcpy(rp.short_name, hdev->short_name, sizeof(hdev->short_name));
dc4fe30b 682
09fd0de5 683 hci_dev_unlock(hdev);
0381101f 684
bdb6d971 685 return cmd_complete(sk, hdev->id, MGMT_OP_READ_INFO, 0, &rp,
04124681 686 sizeof(rp));
0381101f
JH		 687}
688
eec8d2bc
JH		 689static void mgmt_pending_free(struct pending_cmd *cmd)
690{
691 sock_put(cmd->sk);
c68fb7ff 692 kfree(cmd->param);
eec8d2bc
JH		 693 kfree(cmd);
694}
695
366a0336 696static struct pending_cmd *mgmt_pending_add(struct sock *sk, u16 opcode,
04124681
GP		 697 struct hci_dev *hdev, void *data,
698 u16 len)
eec8d2bc
JH		 699{
700 struct pending_cmd *cmd;
701
12b94565 702 cmd = kmalloc(sizeof(*cmd), GFP_KERNEL);
eec8d2bc 703 if (!cmd)
366a0336 704 return NULL;
eec8d2bc
JH		 705
706 cmd->opcode = opcode;
2e58ef3e 707 cmd->index = hdev->id;
eec8d2bc 708
12b94565 709 cmd->param = kmalloc(len, GFP_KERNEL);
c68fb7ff 710 if (!cmd->param) {
eec8d2bc 711 kfree(cmd);
366a0336 712 return NULL;
eec8d2bc
JH		 713 }
714
8fce6357
SJ		 715 if (data)
716 memcpy(cmd->param, data, len);
eec8d2bc
JH		 717
718 cmd->sk = sk;
719 sock_hold(sk);
720
2e58ef3e 721 list_add(&cmd->list, &hdev->mgmt_pending);
eec8d2bc 722
366a0336 723 return cmd;
eec8d2bc
JH		 724}
725
744cf19e 726static void mgmt_pending_foreach(u16 opcode, struct hci_dev *hdev,
8fc9ced3
GP		 727 void (*cb)(struct pending_cmd *cmd,
728 void *data),
04124681 729 void *data)
eec8d2bc
JH		 730{
731 struct list_head *p, *n;
732
2e58ef3e 733 list_for_each_safe(p, n, &hdev->mgmt_pending) {
eec8d2bc
JH		 734 struct pending_cmd *cmd;
735
736 cmd = list_entry(p, struct pending_cmd, list);
737
b24752fe 738 if (opcode > 0 && cmd->opcode != opcode)
eec8d2bc
JH		 739 continue;
740
eec8d2bc
JH		 741 cb(cmd, data);
742 }
743}
744
2e58ef3e 745static struct pending_cmd *mgmt_pending_find(u16 opcode, struct hci_dev *hdev)
eec8d2bc 746{
8035ded4 747 struct pending_cmd *cmd;
eec8d2bc 748
2e58ef3e 749 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
2aeabcbe
JH		 750 if (cmd->opcode == opcode)
751 return cmd;
eec8d2bc
JH		 752 }
753
754 return NULL;
755}
756
a664b5bc 757static void mgmt_pending_remove(struct pending_cmd *cmd)
73f22f62 758{
73f22f62
JH		 759 list_del(&cmd->list);
760 mgmt_pending_free(cmd);
761}
762
69ab39ea 763static int send_settings_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
8680570b 764{
69ab39ea 765 __le32 settings = cpu_to_le32(get_current_settings(hdev));
8680570b 766
aee9b218 767 return cmd_complete(sk, hdev->id, opcode, 0, &settings,
04124681 768 sizeof(settings));
8680570b
JH		 769}
770
bdb6d971 771static int set_powered(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 772 u16 len)
eec8d2bc 773{
650f726d 774 struct mgmt_mode *cp = data;
366a0336 775 struct pending_cmd *cmd;
4b34ee78 776 int err;
eec8d2bc 777
bdb6d971 778 BT_DBG("request for %s", hdev->name);
eec8d2bc 779
a7e80f25
JH		 780 if (cp->val != 0x00 && cp->val != 0x01)
781 return cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
782 MGMT_STATUS_INVALID_PARAMS);
783
09fd0de5 784 hci_dev_lock(hdev);
eec8d2bc 785
f0d4b78a
MH		 786 if (test_and_clear_bit(HCI_AUTO_OFF, &hdev->dev_flags)) {
787 cancel_delayed_work(&hdev->power_off);
788
789 if (cp->val) {
790 err = send_settings_rsp(sk, MGMT_OP_SET_POWERED, hdev);
791 mgmt_powered(hdev, 1);
792 goto failed;
793 }
794 }
795
4b34ee78 796 if (!!cp->val == hdev_is_powered(hdev)) {
69ab39ea 797 err = send_settings_rsp(sk, MGMT_OP_SET_POWERED, hdev);
eec8d2bc
JH		 798 goto failed;
799 }
800
2e58ef3e 801 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev)) {
bdb6d971 802 err = cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
04124681 803 MGMT_STATUS_BUSY);
eec8d2bc
JH		 804 goto failed;
805 }
806
2e58ef3e 807 cmd = mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev, data, len);
366a0336
JH		 808 if (!cmd) {
809 err = -ENOMEM;
eec8d2bc 810 goto failed;
366a0336 811 }
eec8d2bc 812
72a734ec 813 if (cp->val)
7f971041 814 schedule_work(&hdev->power_on);
eec8d2bc 815 else
80b7ab33 816 schedule_work(&hdev->power_off.work);
eec8d2bc 817
366a0336 818 err = 0;
eec8d2bc
JH		 819
820failed:
09fd0de5 821 hci_dev_unlock(hdev);
366a0336 822 return err;
eec8d2bc
JH		 823}
824
04124681
GP		 825static int mgmt_event(u16 event, struct hci_dev *hdev, void *data, u16 data_len,
826 struct sock *skip_sk)
beadb2bd
JH		 827{
828 struct sk_buff *skb;
829 struct mgmt_hdr *hdr;
830
790eff44 831 skb = alloc_skb(sizeof(*hdr) + data_len, GFP_KERNEL);
beadb2bd
JH		 832 if (!skb)
833 return -ENOMEM;
834
835 hdr = (void *) skb_put(skb, sizeof(*hdr));
836 hdr->opcode = cpu_to_le16(event);
837 if (hdev)
838 hdr->index = cpu_to_le16(hdev->id);
839 else
612dfce9 840 hdr->index = __constant_cpu_to_le16(MGMT_INDEX_NONE);
beadb2bd
JH		 841 hdr->len = cpu_to_le16(data_len);
842
843 if (data)
844 memcpy(skb_put(skb, data_len), data, data_len);
845
97e0bdeb
MH		 846 /* Time stamp */
847 __net_timestamp(skb);
848
beadb2bd
JH		 849 hci_send_to_control(skb, skip_sk);
850 kfree_skb(skb);
851
852 return 0;
853}
854
855static int new_settings(struct hci_dev *hdev, struct sock *skip)
856{
857 __le32 ev;
858
859 ev = cpu_to_le32(get_current_settings(hdev));
860
861 return mgmt_event(MGMT_EV_NEW_SETTINGS, hdev, &ev, sizeof(ev), skip);
862}
863
bdb6d971 864static int set_discoverable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 865 u16 len)
73f22f62 866{
650f726d 867 struct mgmt_cp_set_discoverable *cp = data;
366a0336 868 struct pending_cmd *cmd;
5e5282bb 869 u16 timeout;
73f22f62
JH		 870 u8 scan;
871 int err;
872
bdb6d971 873 BT_DBG("request for %s", hdev->name);
73f22f62 874
33c525c0
JH		 875 if (!lmp_bredr_capable(hdev))
876 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
877 MGMT_STATUS_NOT_SUPPORTED);
878
a7e80f25
JH		 879 if (cp->val != 0x00 && cp->val != 0x01)
880 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
881 MGMT_STATUS_INVALID_PARAMS);
882
1f350c87 883 timeout = __le16_to_cpu(cp->timeout);
24c54a90 884 if (!cp->val && timeout > 0)
bdb6d971 885 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 886 MGMT_STATUS_INVALID_PARAMS);
73f22f62 887
09fd0de5 888 hci_dev_lock(hdev);
73f22f62 889
5e5282bb 890 if (!hdev_is_powered(hdev) && timeout > 0) {
bdb6d971 891 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 892 MGMT_STATUS_NOT_POWERED);
73f22f62
JH		 893 goto failed;
894 }
895
2e58ef3e 896 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
8ce8e2b5 897 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
bdb6d971 898 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 899 MGMT_STATUS_BUSY);
73f22f62
JH		 900 goto failed;
901 }
902
5e5282bb 903 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags)) {
bdb6d971 904 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 905 MGMT_STATUS_REJECTED);
5e5282bb
JH		 906 goto failed;
907 }
908
909 if (!hdev_is_powered(hdev)) {
0224d2fa
JH		 910 bool changed = false;
911
912 if (!!cp->val != test_bit(HCI_DISCOVERABLE, &hdev->dev_flags)) {
913 change_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
914 changed = true;
915 }
916
5e5282bb 917 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
0224d2fa
JH		 918 if (err < 0)
919 goto failed;
920
921 if (changed)
922 err = new_settings(hdev, sk);
923
5e5282bb
JH		 924 goto failed;
925 }
926
927 if (!!cp->val == test_bit(HCI_DISCOVERABLE, &hdev->dev_flags)) {
955638ec
MH		 928 if (hdev->discov_timeout > 0) {
929 cancel_delayed_work(&hdev->discov_off);
930 hdev->discov_timeout = 0;
931 }
932
933 if (cp->val && timeout > 0) {
934 hdev->discov_timeout = timeout;
935 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
936 msecs_to_jiffies(hdev->discov_timeout * 1000));
937 }
938
69ab39ea 939 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
73f22f62
JH		 940 goto failed;
941 }
942
2e58ef3e 943 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DISCOVERABLE, hdev, data, len);
366a0336
JH		 944 if (!cmd) {
945 err = -ENOMEM;
73f22f62 946 goto failed;
366a0336 947 }
73f22f62
JH		 948
949 scan = SCAN_PAGE;
950
72a734ec 951 if (cp->val)
73f22f62 952 scan |= SCAN_INQUIRY;
16ab91ab 953 else
e0f9309f 954 cancel_delayed_work(&hdev->discov_off);
73f22f62
JH		 955
956 err = hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
957 if (err < 0)
a664b5bc 958 mgmt_pending_remove(cmd);
73f22f62 959
16ab91ab 960 if (cp->val)
5e5282bb 961 hdev->discov_timeout = timeout;
16ab91ab 962
73f22f62 963failed:
09fd0de5 964 hci_dev_unlock(hdev);
73f22f62
JH		 965 return err;
966}
967
bdb6d971 968static int set_connectable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 969 u16 len)
9fbcbb45 970{
650f726d 971 struct mgmt_mode *cp = data;
366a0336 972 struct pending_cmd *cmd;
9fbcbb45
JH		 973 u8 scan;
974 int err;
975
bdb6d971 976 BT_DBG("request for %s", hdev->name);
9fbcbb45 977
33c525c0
JH		 978 if (!lmp_bredr_capable(hdev))
979 return cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
980 MGMT_STATUS_NOT_SUPPORTED);
981
a7e80f25
JH		 982 if (cp->val != 0x00 && cp->val != 0x01)
983 return cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
984 MGMT_STATUS_INVALID_PARAMS);
985
09fd0de5 986 hci_dev_lock(hdev);
9fbcbb45 987
4b34ee78 988 if (!hdev_is_powered(hdev)) {
0224d2fa
JH		 989 bool changed = false;
990
991 if (!!cp->val != test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
992 changed = true;
993
6bf0e469 994 if (cp->val) {
5e5282bb 995 set_bit(HCI_CONNECTABLE, &hdev->dev_flags);
6bf0e469 996 } else {
5e5282bb
JH		 997 clear_bit(HCI_CONNECTABLE, &hdev->dev_flags);
998 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
999 }
0224d2fa 1000
5e5282bb 1001 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
0224d2fa
JH		 1002 if (err < 0)
1003 goto failed;
1004
1005 if (changed)
1006 err = new_settings(hdev, sk);
1007
9fbcbb45
JH		 1008 goto failed;
1009 }
1010
2e58ef3e 1011 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
8ce8e2b5 1012 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
bdb6d971 1013 err = cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
04124681 1014 MGMT_STATUS_BUSY);
9fbcbb45
JH		 1015 goto failed;
1016 }
1017
5e5282bb 1018 if (!!cp->val == test_bit(HCI_PSCAN, &hdev->flags)) {
69ab39ea 1019 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
9fbcbb45
JH		 1020 goto failed;
1021 }
1022
2e58ef3e 1023 cmd = mgmt_pending_add(sk, MGMT_OP_SET_CONNECTABLE, hdev, data, len);
366a0336
JH		 1024 if (!cmd) {
1025 err = -ENOMEM;
9fbcbb45 1026 goto failed;
366a0336 1027 }
9fbcbb45 1028
6bf0e469 1029 if (cp->val) {
9fbcbb45 1030 scan = SCAN_PAGE;
6bf0e469 1031 } else {
9fbcbb45
JH		 1032 scan = 0;
1033
df2c6c5e 1034 if (test_bit(HCI_ISCAN, &hdev->flags) &&
8ce8e2b5 1035 hdev->discov_timeout > 0)
df2c6c5e
JH		 1036 cancel_delayed_work(&hdev->discov_off);
1037 }
1038
9fbcbb45
JH		 1039 err = hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1040 if (err < 0)
a664b5bc 1041 mgmt_pending_remove(cmd);
9fbcbb45
JH		 1042
1043failed:
09fd0de5 1044 hci_dev_unlock(hdev);
9fbcbb45
JH		 1045 return err;
1046}
1047
bdb6d971 1048static int set_pairable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1049 u16 len)
c542a06c 1050{
650f726d 1051 struct mgmt_mode *cp = data;
c542a06c
JH		 1052 int err;
1053
bdb6d971 1054 BT_DBG("request for %s", hdev->name);
c542a06c 1055
a7e80f25
JH		 1056 if (cp->val != 0x00 && cp->val != 0x01)
1057 return cmd_status(sk, hdev->id, MGMT_OP_SET_PAIRABLE,
1058 MGMT_STATUS_INVALID_PARAMS);
1059
09fd0de5 1060 hci_dev_lock(hdev);
c542a06c
JH		 1061
1062 if (cp->val)
a8b2d5c2 1063 set_bit(HCI_PAIRABLE, &hdev->dev_flags);
c542a06c 1064 else
a8b2d5c2 1065 clear_bit(HCI_PAIRABLE, &hdev->dev_flags);
c542a06c 1066
69ab39ea 1067 err = send_settings_rsp(sk, MGMT_OP_SET_PAIRABLE, hdev);
c542a06c
JH		 1068 if (err < 0)
1069 goto failed;
1070
beadb2bd 1071 err = new_settings(hdev, sk);
c542a06c
JH		 1072
1073failed:
09fd0de5 1074 hci_dev_unlock(hdev);
c542a06c
JH		 1075 return err;
1076}
1077
04124681
GP		 1078static int set_link_security(struct sock *sk, struct hci_dev *hdev, void *data,
1079 u16 len)
33ef95ed
JH		 1080{
1081 struct mgmt_mode *cp = data;
1082 struct pending_cmd *cmd;
816a11d5 1083 u8 val;
33ef95ed
JH		 1084 int err;
1085
bdb6d971 1086 BT_DBG("request for %s", hdev->name);
33ef95ed 1087
33c525c0
JH		 1088 if (!lmp_bredr_capable(hdev))
1089 return cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1090 MGMT_STATUS_NOT_SUPPORTED);
1091
a7e80f25
JH		 1092 if (cp->val != 0x00 && cp->val != 0x01)
1093 return cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1094 MGMT_STATUS_INVALID_PARAMS);
1095
33ef95ed
JH		 1096 hci_dev_lock(hdev);
1097
4b34ee78 1098 if (!hdev_is_powered(hdev)) {
47990ea0
JH		 1099 bool changed = false;
1100
1101 if (!!cp->val != test_bit(HCI_LINK_SECURITY,
8ce8e2b5 1102 &hdev->dev_flags)) {
47990ea0
JH		 1103 change_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
1104 changed = true;
1105 }
1106
1107 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1108 if (err < 0)
1109 goto failed;
1110
1111 if (changed)
1112 err = new_settings(hdev, sk);
1113
33ef95ed
JH		 1114 goto failed;
1115 }
1116
1117 if (mgmt_pending_find(MGMT_OP_SET_LINK_SECURITY, hdev)) {
bdb6d971 1118 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
04124681 1119 MGMT_STATUS_BUSY);
33ef95ed
JH		 1120 goto failed;
1121 }
1122
1123 val = !!cp->val;
1124
1125 if (test_bit(HCI_AUTH, &hdev->flags) == val) {
1126 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1127 goto failed;
1128 }
1129
1130 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LINK_SECURITY, hdev, data, len);
1131 if (!cmd) {
1132 err = -ENOMEM;
1133 goto failed;
1134 }
1135
1136 err = hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE, sizeof(val), &val);
1137 if (err < 0) {
1138 mgmt_pending_remove(cmd);
1139 goto failed;
1140 }
1141
1142failed:
1143 hci_dev_unlock(hdev);
33ef95ed
JH		 1144 return err;
1145}
1146
bdb6d971 1147static int set_ssp(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
ed2c4ee3
JH		 1148{
1149 struct mgmt_mode *cp = data;
1150 struct pending_cmd *cmd;
816a11d5 1151 u8 val;
ed2c4ee3
JH		 1152 int err;
1153
bdb6d971 1154 BT_DBG("request for %s", hdev->name);
ed2c4ee3 1155
13ecd8b6
JH		 1156 if (!lmp_ssp_capable(hdev))
1157 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1158 MGMT_STATUS_NOT_SUPPORTED);
ed2c4ee3 1159
a7e80f25
JH		 1160 if (cp->val != 0x00 && cp->val != 0x01)
1161 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1162 MGMT_STATUS_INVALID_PARAMS);
1163
13ecd8b6 1164 hci_dev_lock(hdev);
6c8f12c1 1165
c0ecddc2
JH		 1166 val = !!cp->val;
1167
4b34ee78 1168 if (!hdev_is_powered(hdev)) {
c0ecddc2
JH		 1169 bool changed = false;
1170
1171 if (val != test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) {
1172 change_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
1173 changed = true;
1174 }
1175
1176 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1177 if (err < 0)
1178 goto failed;
1179
1180 if (changed)
1181 err = new_settings(hdev, sk);
1182
ed2c4ee3
JH		 1183 goto failed;
1184 }
1185
1186 if (mgmt_pending_find(MGMT_OP_SET_SSP, hdev)) {
d97dcb66
SJ		 1187 err = cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1188 MGMT_STATUS_BUSY);
ed2c4ee3
JH		 1189 goto failed;
1190 }
1191
ed2c4ee3
JH		 1192 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags) == val) {
1193 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1194 goto failed;
1195 }
1196
1197 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SSP, hdev, data, len);
1198 if (!cmd) {
1199 err = -ENOMEM;
1200 goto failed;
1201 }
1202
1203 err = hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, sizeof(val), &val);
1204 if (err < 0) {
1205 mgmt_pending_remove(cmd);
1206 goto failed;
1207 }
1208
1209failed:
1210 hci_dev_unlock(hdev);
ed2c4ee3
JH		 1211 return err;
1212}
1213
bdb6d971 1214static int set_hs(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
6d80dfd0
JH		 1215{
1216 struct mgmt_mode *cp = data;
6d80dfd0 1217
bdb6d971 1218 BT_DBG("request for %s", hdev->name);
6d80dfd0 1219
bdb6d971
JH		 1220 if (!enable_hs)
1221 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
04124681 1222 MGMT_STATUS_NOT_SUPPORTED);
6d80dfd0 1223
a7e80f25
JH		 1224 if (cp->val != 0x00 && cp->val != 0x01)
1225 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1226 MGMT_STATUS_INVALID_PARAMS);
1227
6d80dfd0
JH		 1228 if (cp->val)
1229 set_bit(HCI_HS_ENABLED, &hdev->dev_flags);
1230 else
1231 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
1232
bdb6d971 1233 return send_settings_rsp(sk, MGMT_OP_SET_HS, hdev);
6d80dfd0
JH		 1234}
1235
bdb6d971 1236static int set_le(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
06199cf8
JH		 1237{
1238 struct mgmt_mode *cp = data;
1239 struct hci_cp_write_le_host_supported hci_cp;
1240 struct pending_cmd *cmd;
06199cf8 1241 int err;
0b60eba1 1242 u8 val, enabled;
06199cf8 1243
bdb6d971 1244 BT_DBG("request for %s", hdev->name);
06199cf8 1245
13ecd8b6
JH		 1246 if (!lmp_le_capable(hdev))
1247 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1248 MGMT_STATUS_NOT_SUPPORTED);
1de028ce 1249
a7e80f25
JH		 1250 if (cp->val != 0x00 && cp->val != 0x01)
1251 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1252 MGMT_STATUS_INVALID_PARAMS);
1253
13ecd8b6 1254 hci_dev_lock(hdev);
06199cf8
JH		 1255
1256 val = !!cp->val;
ffa88e02 1257 enabled = lmp_host_le_capable(hdev);
06199cf8 1258
0b60eba1 1259 if (!hdev_is_powered(hdev) || val == enabled) {
06199cf8
JH		 1260 bool changed = false;
1261
1262 if (val != test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
1263 change_bit(HCI_LE_ENABLED, &hdev->dev_flags);
1264 changed = true;
1265 }
1266
1267 err = send_settings_rsp(sk, MGMT_OP_SET_LE, hdev);
1268 if (err < 0)
1de028ce 1269 goto unlock;
06199cf8
JH		 1270
1271 if (changed)
1272 err = new_settings(hdev, sk);
1273
1de028ce 1274 goto unlock;
06199cf8
JH		 1275 }
1276
1277 if (mgmt_pending_find(MGMT_OP_SET_LE, hdev)) {
bdb6d971 1278 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
04124681 1279 MGMT_STATUS_BUSY);
1de028ce 1280 goto unlock;
06199cf8
JH		 1281 }
1282
1283 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LE, hdev, data, len);
1284 if (!cmd) {
1285 err = -ENOMEM;
1de028ce 1286 goto unlock;
06199cf8
JH		 1287 }
1288
1289 memset(&hci_cp, 0, sizeof(hci_cp));
1290
1291 if (val) {
1292 hci_cp.le = val;
ffa88e02 1293 hci_cp.simul = lmp_le_br_capable(hdev);
06199cf8
JH		 1294 }
1295
04124681
GP		 1296 err = hci_send_cmd(hdev, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(hci_cp),
1297 &hci_cp);
0c01bc48 1298 if (err < 0)
06199cf8 1299 mgmt_pending_remove(cmd);
06199cf8 1300
1de028ce
JH		 1301unlock:
1302 hci_dev_unlock(hdev);
06199cf8
JH		 1303 return err;
1304}
1305
bdb6d971 1306static int add_uuid(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
2aeb9a1a 1307{
650f726d 1308 struct mgmt_cp_add_uuid *cp = data;
90e70454 1309 struct pending_cmd *cmd;
2aeb9a1a 1310 struct bt_uuid *uuid;
2aeb9a1a
JH		 1311 int err;
1312
bdb6d971 1313 BT_DBG("request for %s", hdev->name);
2aeb9a1a 1314
09fd0de5 1315 hci_dev_lock(hdev);
2aeb9a1a 1316
c95f0ba7 1317 if (test_bit(HCI_PENDING_CLASS, &hdev->dev_flags)) {
bdb6d971 1318 err = cmd_status(sk, hdev->id, MGMT_OP_ADD_UUID,
04124681 1319 MGMT_STATUS_BUSY);
c95f0ba7
JH		 1320 goto failed;
1321 }
1322
92c4c204 1323 uuid = kmalloc(sizeof(*uuid), GFP_KERNEL);
2aeb9a1a
JH		 1324 if (!uuid) {
1325 err = -ENOMEM;
1326 goto failed;
1327 }
1328
1329 memcpy(uuid->uuid, cp->uuid, 16);
1aff6f09 1330 uuid->svc_hint = cp->svc_hint;
2aeb9a1a
JH		 1331
1332 list_add(&uuid->list, &hdev->uuids);
1333
1aff6f09
JH		 1334 err = update_class(hdev);
1335 if (err < 0)
1336 goto failed;
1337
80a1e1db
JH		 1338 err = update_eir(hdev);
1339 if (err < 0)
1340 goto failed;
1341
90e70454 1342 if (!test_bit(HCI_PENDING_CLASS, &hdev->dev_flags)) {
bdb6d971 1343 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_UUID, 0,
04124681 1344 hdev->dev_class, 3);
90e70454
JH		 1345 goto failed;
1346 }
1347
1348 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_UUID, hdev, data, len);
0c01bc48 1349 if (!cmd)
90e70454 1350 err = -ENOMEM;
2aeb9a1a
JH		 1351
1352failed:
09fd0de5 1353 hci_dev_unlock(hdev);
2aeb9a1a
JH		 1354 return err;
1355}
1356
24b78d0f
JH		 1357static bool enable_service_cache(struct hci_dev *hdev)
1358{
1359 if (!hdev_is_powered(hdev))
1360 return false;
1361
1362 if (!test_and_set_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
17b02e62 1363 schedule_delayed_work(&hdev->service_cache, CACHE_TIMEOUT);
24b78d0f
JH		 1364 return true;
1365 }
1366
1367 return false;
1368}
1369
bdb6d971 1370static int remove_uuid(struct sock *sk, struct hci_dev *hdev, void *data,
8ce8e2b5 1371 u16 len)
2aeb9a1a 1372{
650f726d 1373 struct mgmt_cp_remove_uuid *cp = data;
90e70454 1374 struct pending_cmd *cmd;
2aeb9a1a 1375 struct list_head *p, *n;
2aeb9a1a 1376 u8 bt_uuid_any[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
2aeb9a1a
JH		 1377 int err, found;
1378
bdb6d971 1379 BT_DBG("request for %s", hdev->name);
2aeb9a1a 1380
09fd0de5 1381 hci_dev_lock(hdev);
2aeb9a1a 1382
c95f0ba7 1383 if (test_bit(HCI_PENDING_CLASS, &hdev->dev_flags)) {
bdb6d971 1384 err = cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
04124681 1385 MGMT_STATUS_BUSY);
c95f0ba7
JH		 1386 goto unlock;
1387 }
1388
2aeb9a1a
JH		 1389 if (memcmp(cp->uuid, bt_uuid_any, 16) == 0) {
1390 err = hci_uuids_clear(hdev);
4004b6d9 1391
24b78d0f 1392 if (enable_service_cache(hdev)) {
bdb6d971 1393 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID,
04124681 1394 0, hdev->dev_class, 3);
24b78d0f
JH		 1395 goto unlock;
1396 }
4004b6d9 1397
9246a869 1398 goto update_class;
2aeb9a1a
JH		 1399 }
1400
1401 found = 0;
1402
1403 list_for_each_safe(p, n, &hdev->uuids) {
1404 struct bt_uuid *match = list_entry(p, struct bt_uuid, list);
1405
1406 if (memcmp(match->uuid, cp->uuid, 16) != 0)
1407 continue;
1408
1409 list_del(&match->list);
482049f7 1410 kfree(match);
2aeb9a1a
JH		 1411 found++;
1412 }
1413
1414 if (found == 0) {
bdb6d971 1415 err = cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
04124681 1416 MGMT_STATUS_INVALID_PARAMS);
2aeb9a1a
JH		 1417 goto unlock;
1418 }
1419
9246a869 1420update_class:
1aff6f09
JH		 1421 err = update_class(hdev);
1422 if (err < 0)
1423 goto unlock;
1424
80a1e1db
JH		 1425 err = update_eir(hdev);
1426 if (err < 0)
1427 goto unlock;
1428
90e70454 1429 if (!test_bit(HCI_PENDING_CLASS, &hdev->dev_flags)) {
bdb6d971 1430 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID, 0,
04124681 1431 hdev->dev_class, 3);
90e70454
JH		 1432 goto unlock;
1433 }
1434
1435 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_UUID, hdev, data, len);
0c01bc48 1436 if (!cmd)
90e70454 1437 err = -ENOMEM;
2aeb9a1a
JH		 1438
1439unlock:
09fd0de5 1440 hci_dev_unlock(hdev);
2aeb9a1a
JH		 1441 return err;
1442}
1443
bdb6d971 1444static int set_dev_class(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1445 u16 len)
1aff6f09 1446{
650f726d 1447 struct mgmt_cp_set_dev_class *cp = data;
90e70454 1448 struct pending_cmd *cmd;
1aff6f09
JH		 1449 int err;
1450
bdb6d971 1451 BT_DBG("request for %s", hdev->name);
1aff6f09 1452
13ecd8b6
JH		 1453 if (!lmp_bredr_capable(hdev))
1454 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
1455 MGMT_STATUS_NOT_SUPPORTED);
1aff6f09 1456
13ecd8b6
JH		 1457 if (test_bit(HCI_PENDING_CLASS, &hdev->dev_flags))
1458 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
1459 MGMT_STATUS_BUSY);
ee98f473 1460
13ecd8b6
JH		 1461 if ((cp->minor & 0x03) != 0 || (cp->major & 0xe0) != 0)
1462 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
1463 MGMT_STATUS_INVALID_PARAMS);
c95f0ba7 1464
13ecd8b6 1465 hci_dev_lock(hdev);
575b3a02 1466
932f5ff5
JH		 1467 hdev->major_class = cp->major;
1468 hdev->minor_class = cp->minor;
1469
b5235a65 1470 if (!hdev_is_powered(hdev)) {
bdb6d971 1471 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
04124681 1472 hdev->dev_class, 3);
b5235a65
JH		 1473 goto unlock;
1474 }
1475
a8b2d5c2 1476 if (test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
7d78525d
JH		 1477 hci_dev_unlock(hdev);
1478 cancel_delayed_work_sync(&hdev->service_cache);
1479 hci_dev_lock(hdev);
14c0b608 1480 update_eir(hdev);
7d78525d 1481 }
14c0b608 1482
1aff6f09 1483 err = update_class(hdev);
90e70454
JH		 1484 if (err < 0)
1485 goto unlock;
1aff6f09 1486
90e70454 1487 if (!test_bit(HCI_PENDING_CLASS, &hdev->dev_flags)) {
bdb6d971 1488 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
04124681 1489 hdev->dev_class, 3);
90e70454
JH		 1490 goto unlock;
1491 }
1492
1493 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DEV_CLASS, hdev, data, len);
0c01bc48 1494 if (!cmd)
90e70454 1495 err = -ENOMEM;
1aff6f09 1496
b5235a65 1497unlock:
09fd0de5 1498 hci_dev_unlock(hdev);
1aff6f09
JH		 1499 return err;
1500}
1501
bdb6d971 1502static int load_link_keys(struct sock *sk, struct hci_dev *hdev, void *data,
8ce8e2b5 1503 u16 len)
55ed8ca1 1504{
650f726d 1505 struct mgmt_cp_load_link_keys *cp = data;
4e51eae9 1506 u16 key_count, expected_len;
a492cd52 1507 int i;
55ed8ca1 1508
1f350c87 1509 key_count = __le16_to_cpu(cp->key_count);
55ed8ca1 1510
86742e1e
JH		 1511 expected_len = sizeof(*cp) + key_count *
1512 sizeof(struct mgmt_link_key_info);
a492cd52 1513 if (expected_len != len) {
86742e1e 1514 BT_ERR("load_link_keys: expected %u bytes, got %u bytes",
8ce8e2b5 1515 len, expected_len);
bdb6d971 1516 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
04124681 1517 MGMT_STATUS_INVALID_PARAMS);
55ed8ca1
JH		 1518 }
1519
bdb6d971 1520 BT_DBG("%s debug_keys %u key_count %u", hdev->name, cp->debug_keys,
8ce8e2b5 1521 key_count);
55ed8ca1 1522
09fd0de5 1523 hci_dev_lock(hdev);
55ed8ca1
JH		 1524
1525 hci_link_keys_clear(hdev);
1526
a8b2d5c2 1527 set_bit(HCI_LINK_KEYS, &hdev->dev_flags);
55ed8ca1
JH		 1528
1529 if (cp->debug_keys)
a8b2d5c2 1530 set_bit(HCI_DEBUG_KEYS, &hdev->dev_flags);
55ed8ca1 1531 else
a8b2d5c2 1532 clear_bit(HCI_DEBUG_KEYS, &hdev->dev_flags);
55ed8ca1 1533
a492cd52 1534 for (i = 0; i < key_count; i++) {
86742e1e 1535 struct mgmt_link_key_info *key = &cp->keys[i];
55ed8ca1 1536
d753fdc4 1537 hci_add_link_key(hdev, NULL, 0, &key->addr.bdaddr, key->val,
04124681 1538 key->type, key->pin_len);
55ed8ca1
JH		 1539 }
1540
bdb6d971 1541 cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS, 0, NULL, 0);
0e5f875a 1542
09fd0de5 1543 hci_dev_unlock(hdev);
55ed8ca1 1544
a492cd52 1545 return 0;
55ed8ca1
JH		 1546}
1547
b1078ad0 1548static int device_unpaired(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 1549 u8 addr_type, struct sock *skip_sk)
b1078ad0
JH		 1550{
1551 struct mgmt_ev_device_unpaired ev;
1552
1553 bacpy(&ev.addr.bdaddr, bdaddr);
1554 ev.addr.type = addr_type;
1555
1556 return mgmt_event(MGMT_EV_DEVICE_UNPAIRED, hdev, &ev, sizeof(ev),
04124681 1557 skip_sk);
b1078ad0
JH		 1558}
1559
bdb6d971 1560static int unpair_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1561 u16 len)
55ed8ca1 1562{
124f6e35
JH		 1563 struct mgmt_cp_unpair_device *cp = data;
1564 struct mgmt_rp_unpair_device rp;
a8a1d19e
JH		 1565 struct hci_cp_disconnect dc;
1566 struct pending_cmd *cmd;
55ed8ca1 1567 struct hci_conn *conn;
55ed8ca1
JH		 1568 int err;
1569
09fd0de5 1570 hci_dev_lock(hdev);
55ed8ca1 1571
a8a1d19e 1572 memset(&rp, 0, sizeof(rp));
124f6e35
JH		 1573 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
1574 rp.addr.type = cp->addr.type;
a8a1d19e 1575
86a8cfc6 1576 if (!hdev_is_powered(hdev)) {
bdb6d971 1577 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
04124681 1578 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
86a8cfc6
JH		 1579 goto unlock;
1580 }
1581
591f47f3 1582 if (cp->addr.type == BDADDR_BREDR)
124f6e35
JH		 1583 err = hci_remove_link_key(hdev, &cp->addr.bdaddr);
1584 else
1585 err = hci_remove_ltk(hdev, &cp->addr.bdaddr);
b0dbfb46 1586
55ed8ca1 1587 if (err < 0) {
bdb6d971 1588 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
04124681 1589 MGMT_STATUS_NOT_PAIRED, &rp, sizeof(rp));
55ed8ca1
JH		 1590 goto unlock;
1591 }
1592
86a8cfc6 1593 if (cp->disconnect) {
591f47f3 1594 if (cp->addr.type == BDADDR_BREDR)
86a8cfc6 1595 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
8ce8e2b5 1596 &cp->addr.bdaddr);
86a8cfc6
JH		 1597 else
1598 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK,
8ce8e2b5 1599 &cp->addr.bdaddr);
86a8cfc6
JH		 1600 } else {
1601 conn = NULL;
1602 }
124f6e35 1603
a8a1d19e 1604 if (!conn) {
bdb6d971 1605 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE, 0,
04124681 1606 &rp, sizeof(rp));
b1078ad0 1607 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, sk);
a8a1d19e
JH		 1608 goto unlock;
1609 }
55ed8ca1 1610
124f6e35 1611 cmd = mgmt_pending_add(sk, MGMT_OP_UNPAIR_DEVICE, hdev, cp,
04124681 1612 sizeof(*cp));
a8a1d19e
JH		 1613 if (!cmd) {
1614 err = -ENOMEM;
1615 goto unlock;
55ed8ca1
JH		 1616 }
1617
eb55ef07 1618 dc.handle = cpu_to_le16(conn->handle);
a8a1d19e
JH		 1619 dc.reason = 0x13; /* Remote User Terminated Connection */
1620 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
1621 if (err < 0)
1622 mgmt_pending_remove(cmd);
1623
55ed8ca1 1624unlock:
09fd0de5 1625 hci_dev_unlock(hdev);
55ed8ca1
JH		 1626 return err;
1627}
1628
bdb6d971 1629static int disconnect(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1630 u16 len)
8962ee74 1631{
650f726d 1632 struct mgmt_cp_disconnect *cp = data;
8962ee74 1633 struct hci_cp_disconnect dc;
366a0336 1634 struct pending_cmd *cmd;
8962ee74 1635 struct hci_conn *conn;
8962ee74
JH		 1636 int err;
1637
1638 BT_DBG("");
1639
09fd0de5 1640 hci_dev_lock(hdev);
8962ee74
JH		 1641
1642 if (!test_bit(HCI_UP, &hdev->flags)) {
bdb6d971 1643 err = cmd_status(sk, hdev->id, MGMT_OP_DISCONNECT,
04124681 1644 MGMT_STATUS_NOT_POWERED);
8962ee74
JH		 1645 goto failed;
1646 }
1647
2e58ef3e 1648 if (mgmt_pending_find(MGMT_OP_DISCONNECT, hdev)) {
bdb6d971 1649 err = cmd_status(sk, hdev->id, MGMT_OP_DISCONNECT,
04124681 1650 MGMT_STATUS_BUSY);
8962ee74
JH		 1651 goto failed;
1652 }
1653
591f47f3 1654 if (cp->addr.type == BDADDR_BREDR)
8fc9ced3
GP		 1655 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
1656 &cp->addr.bdaddr);
88c3df13
JH		 1657 else
1658 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
365227e5 1659
f960727e 1660 if (!conn || conn->state == BT_OPEN || conn->state == BT_CLOSED) {
bdb6d971 1661 err = cmd_status(sk, hdev->id, MGMT_OP_DISCONNECT,
04124681 1662 MGMT_STATUS_NOT_CONNECTED);
8962ee74
JH		 1663 goto failed;
1664 }
1665
2e58ef3e 1666 cmd = mgmt_pending_add(sk, MGMT_OP_DISCONNECT, hdev, data, len);
366a0336
JH		 1667 if (!cmd) {
1668 err = -ENOMEM;
8962ee74 1669 goto failed;
366a0336 1670 }
8962ee74 1671
eb55ef07 1672 dc.handle = cpu_to_le16(conn->handle);
3701f944 1673 dc.reason = HCI_ERROR_REMOTE_USER_TERM;
8962ee74
JH		 1674
1675 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
1676 if (err < 0)
a664b5bc 1677 mgmt_pending_remove(cmd);
8962ee74
JH		 1678
1679failed:
09fd0de5 1680 hci_dev_unlock(hdev);
8962ee74
JH		 1681 return err;
1682}
1683
57c1477c 1684static u8 link_to_bdaddr(u8 link_type, u8 addr_type)
4c659c39
JH		 1685{
1686 switch (link_type) {
1687 case LE_LINK:
48264f06
JH		 1688 switch (addr_type) {
1689 case ADDR_LE_DEV_PUBLIC:
591f47f3 1690 return BDADDR_LE_PUBLIC;
0ed09148 1691
48264f06 1692 default:
0ed09148 1693 /* Fallback to LE Random address type */
591f47f3 1694 return BDADDR_LE_RANDOM;
48264f06 1695 }
0ed09148 1696
4c659c39 1697 default:
0ed09148 1698 /* Fallback to BR/EDR type */
591f47f3 1699 return BDADDR_BREDR;
4c659c39
JH		 1700 }
1701}
1702
04124681
GP		 1703static int get_connections(struct sock *sk, struct hci_dev *hdev, void *data,
1704 u16 data_len)
2784eb41 1705{
2784eb41 1706 struct mgmt_rp_get_connections *rp;
8035ded4 1707 struct hci_conn *c;
a38528f1 1708 size_t rp_len;
60fc5fb6
JH		 1709 int err;
1710 u16 i;
2784eb41
JH		 1711
1712 BT_DBG("");
1713
09fd0de5 1714 hci_dev_lock(hdev);
2784eb41 1715
5f97c1df 1716 if (!hdev_is_powered(hdev)) {
bdb6d971 1717 err = cmd_status(sk, hdev->id, MGMT_OP_GET_CONNECTIONS,
04124681 1718 MGMT_STATUS_NOT_POWERED);
5f97c1df
JH		 1719 goto unlock;
1720 }
1721
60fc5fb6 1722 i = 0;
b644ba33
JH		 1723 list_for_each_entry(c, &hdev->conn_hash.list, list) {
1724 if (test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
60fc5fb6 1725 i++;
2784eb41
JH		 1726 }
1727
60fc5fb6 1728 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
92c4c204 1729 rp = kmalloc(rp_len, GFP_KERNEL);
a38528f1 1730 if (!rp) {
2784eb41
JH		 1731 err = -ENOMEM;
1732 goto unlock;
1733 }
1734
2784eb41 1735 i = 0;
4c659c39 1736 list_for_each_entry(c, &hdev->conn_hash.list, list) {
b644ba33
JH		 1737 if (!test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
1738 continue;
4c659c39 1739 bacpy(&rp->addr[i].bdaddr, &c->dst);
57c1477c 1740 rp->addr[i].type = link_to_bdaddr(c->type, c->dst_type);
0ed09148 1741 if (c->type == SCO_LINK || c->type == ESCO_LINK)
4c659c39
JH		 1742 continue;
1743 i++;
1744 }
1745
eb55ef07 1746 rp->conn_count = cpu_to_le16(i);
60fc5fb6 1747
4c659c39
JH		 1748 /* Recalculate length in case of filtered SCO connections, etc */
1749 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
2784eb41 1750
bdb6d971 1751 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CONNECTIONS, 0, rp,
04124681 1752 rp_len);
2784eb41 1753
a38528f1 1754 kfree(rp);
5f97c1df
JH		 1755
1756unlock:
09fd0de5 1757 hci_dev_unlock(hdev);
2784eb41
JH		 1758 return err;
1759}
1760
bdb6d971 1761static int send_pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 1762 struct mgmt_cp_pin_code_neg_reply *cp)
96d97a67
WR		 1763{
1764 struct pending_cmd *cmd;
1765 int err;
1766
2e58ef3e 1767 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_NEG_REPLY, hdev, cp,
04124681 1768 sizeof(*cp));
96d97a67
WR		 1769 if (!cmd)
1770 return -ENOMEM;
1771
d8457698 1772 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
04124681 1773 sizeof(cp->addr.bdaddr), &cp->addr.bdaddr);
96d97a67
WR		 1774 if (err < 0)
1775 mgmt_pending_remove(cmd);
1776
1777 return err;
1778}
1779
bdb6d971 1780static int pin_code_reply(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1781 u16 len)
980e1a53 1782{
96d97a67 1783 struct hci_conn *conn;
650f726d 1784 struct mgmt_cp_pin_code_reply *cp = data;
980e1a53 1785 struct hci_cp_pin_code_reply reply;
366a0336 1786 struct pending_cmd *cmd;
980e1a53
JH		 1787 int err;
1788
1789 BT_DBG("");
1790
09fd0de5 1791 hci_dev_lock(hdev);
980e1a53 1792
4b34ee78 1793 if (!hdev_is_powered(hdev)) {
bdb6d971 1794 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
04124681 1795 MGMT_STATUS_NOT_POWERED);
980e1a53
JH		 1796 goto failed;
1797 }
1798
d8457698 1799 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->addr.bdaddr);
96d97a67 1800 if (!conn) {
bdb6d971 1801 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
04124681 1802 MGMT_STATUS_NOT_CONNECTED);
96d97a67
WR		 1803 goto failed;
1804 }
1805
1806 if (conn->pending_sec_level == BT_SECURITY_HIGH && cp->pin_len != 16) {
d8457698
JH		 1807 struct mgmt_cp_pin_code_neg_reply ncp;
1808
1809 memcpy(&ncp.addr, &cp->addr, sizeof(ncp.addr));
96d97a67
WR		 1810
1811 BT_ERR("PIN code is not 16 bytes long");
1812
bdb6d971 1813 err = send_pin_code_neg_reply(sk, hdev, &ncp);
96d97a67 1814 if (err >= 0)
bdb6d971 1815 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
04124681 1816 MGMT_STATUS_INVALID_PARAMS);
96d97a67
WR		 1817
1818 goto failed;
1819 }
1820
00abfe44 1821 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_REPLY, hdev, data, len);
366a0336
JH		 1822 if (!cmd) {
1823 err = -ENOMEM;
980e1a53 1824 goto failed;
366a0336 1825 }
980e1a53 1826
d8457698 1827 bacpy(&reply.bdaddr, &cp->addr.bdaddr);
980e1a53 1828 reply.pin_len = cp->pin_len;
24718ca5 1829 memcpy(reply.pin_code, cp->pin_code, sizeof(reply.pin_code));
980e1a53
JH		 1830
1831 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_REPLY, sizeof(reply), &reply);
1832 if (err < 0)
a664b5bc 1833 mgmt_pending_remove(cmd);
980e1a53
JH		 1834
1835failed:
09fd0de5 1836 hci_dev_unlock(hdev);
980e1a53
JH		 1837 return err;
1838}
1839
04124681
GP		 1840static int set_io_capability(struct sock *sk, struct hci_dev *hdev, void *data,
1841 u16 len)
17fa4b9d 1842{
650f726d 1843 struct mgmt_cp_set_io_capability *cp = data;
17fa4b9d
JH		 1844
1845 BT_DBG("");
1846
09fd0de5 1847 hci_dev_lock(hdev);
17fa4b9d
JH		 1848
1849 hdev->io_capability = cp->io_capability;
1850
1851 BT_DBG("%s IO capability set to 0x%02x", hdev->name,
8ce8e2b5 1852 hdev->io_capability);
17fa4b9d 1853
09fd0de5 1854 hci_dev_unlock(hdev);
17fa4b9d 1855
04124681
GP		 1856 return cmd_complete(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY, 0, NULL,
1857 0);
17fa4b9d
JH		 1858}
1859
6039aa73 1860static struct pending_cmd *find_pairing(struct hci_conn *conn)
e9a416b5
JH		 1861{
1862 struct hci_dev *hdev = conn->hdev;
8035ded4 1863 struct pending_cmd *cmd;
e9a416b5 1864
2e58ef3e 1865 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
e9a416b5
JH		 1866 if (cmd->opcode != MGMT_OP_PAIR_DEVICE)
1867 continue;
1868
e9a416b5
JH		 1869 if (cmd->user_data != conn)
1870 continue;
1871
1872 return cmd;
1873 }
1874
1875 return NULL;
1876}
1877
1878static void pairing_complete(struct pending_cmd *cmd, u8 status)
1879{
1880 struct mgmt_rp_pair_device rp;
1881 struct hci_conn *conn = cmd->user_data;
1882
ba4e564f 1883 bacpy(&rp.addr.bdaddr, &conn->dst);
57c1477c 1884 rp.addr.type = link_to_bdaddr(conn->type, conn->dst_type);
e9a416b5 1885
aee9b218 1886 cmd_complete(cmd->sk, cmd->index, MGMT_OP_PAIR_DEVICE, status,
04124681 1887 &rp, sizeof(rp));
e9a416b5
JH		 1888
1889 /* So we don't get further callbacks for this connection */
1890 conn->connect_cfm_cb = NULL;
1891 conn->security_cfm_cb = NULL;
1892 conn->disconn_cfm_cb = NULL;
1893
1894 hci_conn_put(conn);
1895
a664b5bc 1896 mgmt_pending_remove(cmd);
e9a416b5
JH		 1897}
1898
1899static void pairing_complete_cb(struct hci_conn *conn, u8 status)
1900{
1901 struct pending_cmd *cmd;
1902
1903 BT_DBG("status %u", status);
1904
1905 cmd = find_pairing(conn);
56e5cb86 1906 if (!cmd)
e9a416b5 1907 BT_DBG("Unable to find a pending command");
56e5cb86 1908 else
e211326c 1909 pairing_complete(cmd, mgmt_status(status));
e9a416b5
JH		 1910}
1911
4c47d739
VA		 1912static void le_connect_complete_cb(struct hci_conn *conn, u8 status)
1913{
1914 struct pending_cmd *cmd;
1915
1916 BT_DBG("status %u", status);
1917
1918 if (!status)
1919 return;
1920
1921 cmd = find_pairing(conn);
1922 if (!cmd)
1923 BT_DBG("Unable to find a pending command");
1924 else
1925 pairing_complete(cmd, mgmt_status(status));
1926}
1927
bdb6d971 1928static int pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1929 u16 len)
e9a416b5 1930{
650f726d 1931 struct mgmt_cp_pair_device *cp = data;
1425acb7 1932 struct mgmt_rp_pair_device rp;
e9a416b5
JH		 1933 struct pending_cmd *cmd;
1934 u8 sec_level, auth_type;
1935 struct hci_conn *conn;
e9a416b5
JH		 1936 int err;
1937
1938 BT_DBG("");
1939
09fd0de5 1940 hci_dev_lock(hdev);
e9a416b5 1941
5f97c1df 1942 if (!hdev_is_powered(hdev)) {
bdb6d971 1943 err = cmd_status(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
04124681 1944 MGMT_STATUS_NOT_POWERED);
5f97c1df
JH		 1945 goto unlock;
1946 }
1947
c908df36
VCG		 1948 sec_level = BT_SECURITY_MEDIUM;
1949 if (cp->io_cap == 0x03)
e9a416b5 1950 auth_type = HCI_AT_DEDICATED_BONDING;
c908df36 1951 else
e9a416b5 1952 auth_type = HCI_AT_DEDICATED_BONDING_MITM;
e9a416b5 1953
591f47f3 1954 if (cp->addr.type == BDADDR_BREDR)
b12f62cf
AG		 1955 conn = hci_connect(hdev, ACL_LINK, &cp->addr.bdaddr,
1956 cp->addr.type, sec_level, auth_type);
7a512d01 1957 else
b12f62cf
AG		 1958 conn = hci_connect(hdev, LE_LINK, &cp->addr.bdaddr,
1959 cp->addr.type, sec_level, auth_type);
7a512d01 1960
1425acb7
JH		 1961 memset(&rp, 0, sizeof(rp));
1962 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
1963 rp.addr.type = cp->addr.type;
1964
30e76272 1965 if (IS_ERR(conn)) {
489dc48e
AK		 1966 int status;
1967
1968 if (PTR_ERR(conn) == -EBUSY)
1969 status = MGMT_STATUS_BUSY;
1970 else
1971 status = MGMT_STATUS_CONNECT_FAILED;
1972
bdb6d971 1973 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
489dc48e 1974 status, &rp,
04124681 1975 sizeof(rp));
e9a416b5
JH		 1976 goto unlock;
1977 }
1978
1979 if (conn->connect_cfm_cb) {
1980 hci_conn_put(conn);
bdb6d971 1981 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
04124681 1982 MGMT_STATUS_BUSY, &rp, sizeof(rp));
e9a416b5
JH		 1983 goto unlock;
1984 }
1985
2e58ef3e 1986 cmd = mgmt_pending_add(sk, MGMT_OP_PAIR_DEVICE, hdev, data, len);
e9a416b5
JH		 1987 if (!cmd) {
1988 err = -ENOMEM;
1989 hci_conn_put(conn);
1990 goto unlock;
1991 }
1992
7a512d01 1993 /* For LE, just connecting isn't a proof that the pairing finished */
591f47f3 1994 if (cp->addr.type == BDADDR_BREDR)
7a512d01 1995 conn->connect_cfm_cb = pairing_complete_cb;
4c47d739
VA		 1996 else
1997 conn->connect_cfm_cb = le_connect_complete_cb;
7a512d01 1998
e9a416b5
JH		 1999 conn->security_cfm_cb = pairing_complete_cb;
2000 conn->disconn_cfm_cb = pairing_complete_cb;
2001 conn->io_capability = cp->io_cap;
2002 cmd->user_data = conn;
2003
2004 if (conn->state == BT_CONNECTED &&
8ce8e2b5 2005 hci_conn_security(conn, sec_level, auth_type))
e9a416b5
JH		 2006 pairing_complete(cmd, 0);
2007
2008 err = 0;
2009
2010unlock:
09fd0de5 2011 hci_dev_unlock(hdev);
e9a416b5
JH		 2012 return err;
2013}
2014
04124681
GP		 2015static int cancel_pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
2016 u16 len)
28424707 2017{
0f4e68cf 2018 struct mgmt_addr_info *addr = data;
28424707
JH		 2019 struct pending_cmd *cmd;
2020 struct hci_conn *conn;
2021 int err;
2022
2023 BT_DBG("");
2024
28424707
JH		 2025 hci_dev_lock(hdev);
2026
5f97c1df 2027 if (!hdev_is_powered(hdev)) {
bdb6d971 2028 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
04124681 2029 MGMT_STATUS_NOT_POWERED);
5f97c1df
JH		 2030 goto unlock;
2031 }
2032
28424707
JH		 2033 cmd = mgmt_pending_find(MGMT_OP_PAIR_DEVICE, hdev);
2034 if (!cmd) {
bdb6d971 2035 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
04124681 2036 MGMT_STATUS_INVALID_PARAMS);
28424707
JH		 2037 goto unlock;
2038 }
2039
2040 conn = cmd->user_data;
2041
2042 if (bacmp(&addr->bdaddr, &conn->dst) != 0) {
bdb6d971 2043 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
04124681 2044 MGMT_STATUS_INVALID_PARAMS);
28424707
JH		 2045 goto unlock;
2046 }
2047
2048 pairing_complete(cmd, MGMT_STATUS_CANCELLED);
2049
bdb6d971 2050 err = cmd_complete(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE, 0,
04124681 2051 addr, sizeof(*addr));
28424707
JH		 2052unlock:
2053 hci_dev_unlock(hdev);
28424707
JH		 2054 return err;
2055}
2056
bdb6d971 2057static int user_pairing_resp(struct sock *sk, struct hci_dev *hdev,
04124681
GP		 2058 bdaddr_t *bdaddr, u8 type, u16 mgmt_op,
2059 u16 hci_op, __le32 passkey)
a5c29683 2060{
a5c29683 2061 struct pending_cmd *cmd;
0df4c185 2062 struct hci_conn *conn;
a5c29683
JH		 2063 int err;
2064
09fd0de5 2065 hci_dev_lock(hdev);
08ba5382 2066
4b34ee78 2067 if (!hdev_is_powered(hdev)) {
bdb6d971 2068 err = cmd_status(sk, hdev->id, mgmt_op,
04124681 2069 MGMT_STATUS_NOT_POWERED);
0df4c185 2070 goto done;
a5c29683
JH		 2071 }
2072
591f47f3 2073 if (type == BDADDR_BREDR)
272d90df
JH		 2074 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, bdaddr);
2075 else
47c15e2b 2076 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, bdaddr);
272d90df
JH		 2077
2078 if (!conn) {
bdb6d971 2079 err = cmd_status(sk, hdev->id, mgmt_op,
04124681 2080 MGMT_STATUS_NOT_CONNECTED);
272d90df
JH		 2081 goto done;
2082 }
47c15e2b 2083
591f47f3 2084 if (type == BDADDR_LE_PUBLIC || type == BDADDR_LE_RANDOM) {
47c15e2b 2085 /* Continue with pairing via SMP */
5fe57d9e
BG		 2086 err = smp_user_confirm_reply(conn, mgmt_op, passkey);
2087
2088 if (!err)
bdb6d971 2089 err = cmd_status(sk, hdev->id, mgmt_op,
04124681 2090 MGMT_STATUS_SUCCESS);
5fe57d9e 2091 else
bdb6d971 2092 err = cmd_status(sk, hdev->id, mgmt_op,
04124681 2093 MGMT_STATUS_FAILED);
47c15e2b 2094
47c15e2b
BG		 2095 goto done;
2096 }
2097
0df4c185 2098 cmd = mgmt_pending_add(sk, mgmt_op, hdev, bdaddr, sizeof(*bdaddr));
a5c29683
JH		 2099 if (!cmd) {
2100 err = -ENOMEM;
0df4c185 2101 goto done;
a5c29683
JH		 2102 }
2103
0df4c185 2104 /* Continue with pairing via HCI */
604086b7
BG		 2105 if (hci_op == HCI_OP_USER_PASSKEY_REPLY) {
2106 struct hci_cp_user_passkey_reply cp;
2107
2108 bacpy(&cp.bdaddr, bdaddr);
2109 cp.passkey = passkey;
2110 err = hci_send_cmd(hdev, hci_op, sizeof(cp), &cp);
2111 } else
2112 err = hci_send_cmd(hdev, hci_op, sizeof(*bdaddr), bdaddr);
2113
a664b5bc
JH		 2114 if (err < 0)
2115 mgmt_pending_remove(cmd);
a5c29683 2116
0df4c185 2117done:
09fd0de5 2118 hci_dev_unlock(hdev);
a5c29683
JH		 2119 return err;
2120}
2121
afeb019d
JK		 2122static int pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
2123 void *data, u16 len)
2124{
2125 struct mgmt_cp_pin_code_neg_reply *cp = data;
2126
2127 BT_DBG("");
2128
2129 return user_pairing_resp(sk, hdev, &cp->addr.bdaddr, cp->addr.type,
2130 MGMT_OP_PIN_CODE_NEG_REPLY,
2131 HCI_OP_PIN_CODE_NEG_REPLY, 0);
2132}
2133
04124681
GP		 2134static int user_confirm_reply(struct sock *sk, struct hci_dev *hdev, void *data,
2135 u16 len)
0df4c185 2136{
650f726d 2137 struct mgmt_cp_user_confirm_reply *cp = data;
0df4c185
BG		 2138
2139 BT_DBG("");
2140
2141 if (len != sizeof(*cp))
bdb6d971 2142 return cmd_status(sk, hdev->id, MGMT_OP_USER_CONFIRM_REPLY,
04124681 2143 MGMT_STATUS_INVALID_PARAMS);
0df4c185 2144
bdb6d971 2145 return user_pairing_resp(sk, hdev, &cp->addr.bdaddr, cp->addr.type,
04124681
GP		 2146 MGMT_OP_USER_CONFIRM_REPLY,
2147 HCI_OP_USER_CONFIRM_REPLY, 0);
0df4c185
BG		 2148}
2149
bdb6d971 2150static int user_confirm_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 2151 void *data, u16 len)
0df4c185 2152{
c9c2659f 2153 struct mgmt_cp_user_confirm_neg_reply *cp = data;
0df4c185
BG		 2154
2155 BT_DBG("");
2156
bdb6d971 2157 return user_pairing_resp(sk, hdev, &cp->addr.bdaddr, cp->addr.type,
04124681
GP		 2158 MGMT_OP_USER_CONFIRM_NEG_REPLY,
2159 HCI_OP_USER_CONFIRM_NEG_REPLY, 0);
0df4c185
BG		 2160}
2161
04124681
GP		 2162static int user_passkey_reply(struct sock *sk, struct hci_dev *hdev, void *data,
2163 u16 len)
604086b7 2164{
650f726d 2165 struct mgmt_cp_user_passkey_reply *cp = data;
604086b7
BG		 2166
2167 BT_DBG("");
2168
bdb6d971 2169 return user_pairing_resp(sk, hdev, &cp->addr.bdaddr, cp->addr.type,
04124681
GP		 2170 MGMT_OP_USER_PASSKEY_REPLY,
2171 HCI_OP_USER_PASSKEY_REPLY, cp->passkey);
604086b7
BG		 2172}
2173
bdb6d971 2174static int user_passkey_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 2175 void *data, u16 len)
604086b7 2176{
650f726d 2177 struct mgmt_cp_user_passkey_neg_reply *cp = data;
604086b7
BG		 2178
2179 BT_DBG("");
2180
bdb6d971 2181 return user_pairing_resp(sk, hdev, &cp->addr.bdaddr, cp->addr.type,
04124681
GP		 2182 MGMT_OP_USER_PASSKEY_NEG_REPLY,
2183 HCI_OP_USER_PASSKEY_NEG_REPLY, 0);
604086b7
BG		 2184}
2185
2b4bf397
JH		 2186static int update_name(struct hci_dev *hdev, const char *name)
2187{
2188 struct hci_cp_write_local_name cp;
2189
2190 memcpy(cp.name, name, sizeof(cp.name));
2191
2192 return hci_send_cmd(hdev, HCI_OP_WRITE_LOCAL_NAME, sizeof(cp), &cp);
2193}
2194
bdb6d971 2195static int set_local_name(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2196 u16 len)
b312b161 2197{
2b4bf397 2198 struct mgmt_cp_set_local_name *cp = data;
b312b161
JH		 2199 struct pending_cmd *cmd;
2200 int err;
2201
2202 BT_DBG("");
2203
09fd0de5 2204 hci_dev_lock(hdev);
b312b161 2205
2b4bf397 2206 memcpy(hdev->short_name, cp->short_name, sizeof(hdev->short_name));
28cc7bde 2207
b5235a65 2208 if (!hdev_is_powered(hdev)) {
2b4bf397 2209 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
28cc7bde
JH		 2210
2211 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
04124681 2212 data, len);
28cc7bde
JH		 2213 if (err < 0)
2214 goto failed;
2215
2216 err = mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, data, len,
04124681 2217 sk);
28cc7bde 2218
b5235a65
JH		 2219 goto failed;
2220 }
2221
28cc7bde 2222 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LOCAL_NAME, hdev, data, len);
b312b161
JH		 2223 if (!cmd) {
2224 err = -ENOMEM;
2225 goto failed;
2226 }
2227
2b4bf397 2228 err = update_name(hdev, cp->name);
b312b161
JH		 2229 if (err < 0)
2230 mgmt_pending_remove(cmd);
2231
2232failed:
09fd0de5 2233 hci_dev_unlock(hdev);
b312b161
JH		 2234 return err;
2235}
2236
0f4e68cf 2237static int read_local_oob_data(struct sock *sk, struct hci_dev *hdev,
04124681 2238 void *data, u16 data_len)
c35938b2 2239{
c35938b2
SJ		 2240 struct pending_cmd *cmd;
2241 int err;
2242
bdb6d971 2243 BT_DBG("%s", hdev->name);
c35938b2 2244
09fd0de5 2245 hci_dev_lock(hdev);
c35938b2 2246
4b34ee78 2247 if (!hdev_is_powered(hdev)) {
bdb6d971 2248 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
04124681 2249 MGMT_STATUS_NOT_POWERED);
c35938b2
SJ		 2250 goto unlock;
2251 }
2252
9a1a1996 2253 if (!lmp_ssp_capable(hdev)) {
bdb6d971 2254 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
04124681 2255 MGMT_STATUS_NOT_SUPPORTED);
c35938b2
SJ		 2256 goto unlock;
2257 }
2258
2e58ef3e 2259 if (mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev)) {
bdb6d971 2260 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
04124681 2261 MGMT_STATUS_BUSY);
c35938b2
SJ		 2262 goto unlock;
2263 }
2264
2e58ef3e 2265 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_DATA, hdev, NULL, 0);
c35938b2
SJ		 2266 if (!cmd) {
2267 err = -ENOMEM;
2268 goto unlock;
2269 }
2270
2271 err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL);
2272 if (err < 0)
2273 mgmt_pending_remove(cmd);
2274
2275unlock:
09fd0de5 2276 hci_dev_unlock(hdev);
c35938b2
SJ		 2277 return err;
2278}
2279
bdb6d971 2280static int add_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
04124681 2281 void *data, u16 len)
2763eda6 2282{
650f726d 2283 struct mgmt_cp_add_remote_oob_data *cp = data;
bf1e3541 2284 u8 status;
2763eda6
SJ		 2285 int err;
2286
bdb6d971 2287 BT_DBG("%s ", hdev->name);
2763eda6 2288
09fd0de5 2289 hci_dev_lock(hdev);
2763eda6 2290
664ce4cc 2291 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr, cp->hash,
04124681 2292 cp->randomizer);
2763eda6 2293 if (err < 0)
bf1e3541 2294 status = MGMT_STATUS_FAILED;
2763eda6 2295 else
a6785be2 2296 status = MGMT_STATUS_SUCCESS;
bf1e3541 2297
bdb6d971 2298 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA, status,
04124681 2299 &cp->addr, sizeof(cp->addr));
2763eda6 2300
09fd0de5 2301 hci_dev_unlock(hdev);
2763eda6
SJ		 2302 return err;
2303}
2304
bdb6d971 2305static int remove_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
8ce8e2b5 2306 void *data, u16 len)
2763eda6 2307{
650f726d 2308 struct mgmt_cp_remove_remote_oob_data *cp = data;
bf1e3541 2309 u8 status;
2763eda6
SJ		 2310 int err;
2311
bdb6d971 2312 BT_DBG("%s", hdev->name);
2763eda6 2313
09fd0de5 2314 hci_dev_lock(hdev);
2763eda6 2315
664ce4cc 2316 err = hci_remove_remote_oob_data(hdev, &cp->addr.bdaddr);
2763eda6 2317 if (err < 0)
bf1e3541 2318 status = MGMT_STATUS_INVALID_PARAMS;
2763eda6 2319 else
a6785be2 2320 status = MGMT_STATUS_SUCCESS;
bf1e3541 2321
bdb6d971 2322 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
04124681 2323 status, &cp->addr, sizeof(cp->addr));
2763eda6 2324
09fd0de5 2325 hci_dev_unlock(hdev);
2763eda6
SJ		 2326 return err;
2327}
2328
5e0452c0
AG		 2329int mgmt_interleaved_discovery(struct hci_dev *hdev)
2330{
2331 int err;
2332
2333 BT_DBG("%s", hdev->name);
2334
2335 hci_dev_lock(hdev);
2336
2337 err = hci_do_inquiry(hdev, INQUIRY_LEN_BREDR_LE);
2338 if (err < 0)
2339 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
2340
2341 hci_dev_unlock(hdev);
2342
2343 return err;
2344}
2345
bdb6d971 2346static int start_discovery(struct sock *sk, struct hci_dev *hdev,
04124681 2347 void *data, u16 len)
14a53664 2348{
650f726d 2349 struct mgmt_cp_start_discovery *cp = data;
14a53664 2350 struct pending_cmd *cmd;
14a53664
JH		 2351 int err;
2352
bdb6d971 2353 BT_DBG("%s", hdev->name);
14a53664 2354
09fd0de5 2355 hci_dev_lock(hdev);
14a53664 2356
4b34ee78 2357 if (!hdev_is_powered(hdev)) {
bdb6d971 2358 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
04124681 2359 MGMT_STATUS_NOT_POWERED);
bd2d1334
JH		 2360 goto failed;
2361 }
2362
642be6c7
AG		 2363 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags)) {
2364 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2365 MGMT_STATUS_BUSY);
2366 goto failed;
2367 }
2368
ff9ef578 2369 if (hdev->discovery.state != DISCOVERY_STOPPED) {
bdb6d971 2370 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
04124681 2371 MGMT_STATUS_BUSY);
ff9ef578
JH		 2372 goto failed;
2373 }
2374
2e58ef3e 2375 cmd = mgmt_pending_add(sk, MGMT_OP_START_DISCOVERY, hdev, NULL, 0);
14a53664
JH		 2376 if (!cmd) {
2377 err = -ENOMEM;
2378 goto failed;
2379 }
2380
4aab14e5
AG		 2381 hdev->discovery.type = cp->type;
2382
2383 switch (hdev->discovery.type) {
f39799f5 2384 case DISCOV_TYPE_BREDR:
8b90129c
AG		 2385 if (lmp_bredr_capable(hdev))
2386 err = hci_do_inquiry(hdev, INQUIRY_LEN_BREDR);
2387 else
2388 err = -ENOTSUPP;
f39799f5
AG		 2389 break;
2390
2391 case DISCOV_TYPE_LE:
8b90129c
AG		 2392 if (lmp_host_le_capable(hdev))
2393 err = hci_le_scan(hdev, LE_SCAN_TYPE, LE_SCAN_INT,
04124681 2394 LE_SCAN_WIN, LE_SCAN_TIMEOUT_LE_ONLY);
8b90129c
AG		 2395 else
2396 err = -ENOTSUPP;
f39799f5
AG		 2397 break;
2398
5e0452c0 2399 case DISCOV_TYPE_INTERLEAVED:
426c189a
AG		 2400 if (lmp_host_le_capable(hdev) && lmp_bredr_capable(hdev))
2401 err = hci_le_scan(hdev, LE_SCAN_TYPE, LE_SCAN_INT,
04124681
GP		 2402 LE_SCAN_WIN,
2403 LE_SCAN_TIMEOUT_BREDR_LE);
426c189a
AG		 2404 else
2405 err = -ENOTSUPP;
5e0452c0
AG		 2406 break;
2407
f39799f5 2408 default:
3fd24153 2409 err = -EINVAL;
f39799f5 2410 }
3fd24153 2411
14a53664
JH		 2412 if (err < 0)
2413 mgmt_pending_remove(cmd);
ff9ef578
JH		 2414 else
2415 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
14a53664
JH		 2416
2417failed:
09fd0de5 2418 hci_dev_unlock(hdev);
14a53664
JH		 2419 return err;
2420}
2421
bdb6d971 2422static int stop_discovery(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2423 u16 len)
14a53664 2424{
d930650b 2425 struct mgmt_cp_stop_discovery *mgmt_cp = data;
14a53664 2426 struct pending_cmd *cmd;
30dc78e1
JH		 2427 struct hci_cp_remote_name_req_cancel cp;
2428 struct inquiry_entry *e;
14a53664
JH		 2429 int err;
2430
bdb6d971 2431 BT_DBG("%s", hdev->name);
14a53664 2432
09fd0de5 2433 hci_dev_lock(hdev);
14a53664 2434
30dc78e1 2435 if (!hci_discovery_active(hdev)) {
bdb6d971 2436 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
04124681
GP		 2437 MGMT_STATUS_REJECTED, &mgmt_cp->type,
2438 sizeof(mgmt_cp->type));
d930650b
JH		 2439 goto unlock;
2440 }
2441
2442 if (hdev->discovery.type != mgmt_cp->type) {
bdb6d971 2443 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
04124681
GP		 2444 MGMT_STATUS_INVALID_PARAMS, &mgmt_cp->type,
2445 sizeof(mgmt_cp->type));
30dc78e1 2446 goto unlock;
ff9ef578
JH		 2447 }
2448
2e58ef3e 2449 cmd = mgmt_pending_add(sk, MGMT_OP_STOP_DISCOVERY, hdev, NULL, 0);
14a53664
JH		 2450 if (!cmd) {
2451 err = -ENOMEM;
30dc78e1
JH		 2452 goto unlock;
2453 }
2454
e0d9727e
AG		 2455 switch (hdev->discovery.state) {
2456 case DISCOVERY_FINDING:
c9ecc48e
AG		 2457 if (test_bit(HCI_INQUIRY, &hdev->flags))
2458 err = hci_cancel_inquiry(hdev);
2459 else
2460 err = hci_cancel_le_scan(hdev);
2461
e0d9727e
AG		 2462 break;
2463
2464 case DISCOVERY_RESOLVING:
2465 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY,
8ce8e2b5 2466 NAME_PENDING);
e0d9727e 2467 if (!e) {
30dc78e1 2468 mgmt_pending_remove(cmd);
e0d9727e
AG		 2469 err = cmd_complete(sk, hdev->id,
2470 MGMT_OP_STOP_DISCOVERY, 0,
2471 &mgmt_cp->type,
2472 sizeof(mgmt_cp->type));
2473 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
2474 goto unlock;
2475 }
30dc78e1 2476
e0d9727e
AG		 2477 bacpy(&cp.bdaddr, &e->data.bdaddr);
2478 err = hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ_CANCEL,
2479 sizeof(cp), &cp);
2480
2481 break;
2482
2483 default:
2484 BT_DBG("unknown discovery state %u", hdev->discovery.state);
2485 err = -EFAULT;
14a53664
JH		 2486 }
2487
14a53664
JH		 2488 if (err < 0)
2489 mgmt_pending_remove(cmd);
ff9ef578
JH		 2490 else
2491 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
14a53664 2492
30dc78e1 2493unlock:
09fd0de5 2494 hci_dev_unlock(hdev);
14a53664
JH		 2495 return err;
2496}
2497
bdb6d971 2498static int confirm_name(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2499 u16 len)
561aafbc 2500{
650f726d 2501 struct mgmt_cp_confirm_name *cp = data;
561aafbc 2502 struct inquiry_entry *e;
561aafbc
JH		 2503 int err;
2504
bdb6d971 2505 BT_DBG("%s", hdev->name);
561aafbc 2506
561aafbc
JH		 2507 hci_dev_lock(hdev);
2508
30dc78e1 2509 if (!hci_discovery_active(hdev)) {
bdb6d971 2510 err = cmd_status(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
04124681 2511 MGMT_STATUS_FAILED);
30dc78e1
JH		 2512 goto failed;
2513 }
2514
a198e7b1 2515 e = hci_inquiry_cache_lookup_unknown(hdev, &cp->addr.bdaddr);
561aafbc 2516 if (!e) {
bdb6d971 2517 err = cmd_status(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
04124681 2518 MGMT_STATUS_INVALID_PARAMS);
561aafbc
JH		 2519 goto failed;
2520 }
2521
2522 if (cp->name_known) {
2523 e->name_state = NAME_KNOWN;
2524 list_del(&e->list);
2525 } else {
2526 e->name_state = NAME_NEEDED;
a3d4e20a 2527 hci_inquiry_cache_update_resolve(hdev, e);
561aafbc
JH		 2528 }
2529
e384662b
JH		 2530 err = cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME, 0, &cp->addr,
2531 sizeof(cp->addr));
561aafbc
JH		 2532
2533failed:
2534 hci_dev_unlock(hdev);
561aafbc
JH		 2535 return err;
2536}
2537
bdb6d971 2538static int block_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2539 u16 len)
7fbec224 2540{
650f726d 2541 struct mgmt_cp_block_device *cp = data;
f0eeea8b 2542 u8 status;
7fbec224
AJ		 2543 int err;
2544
bdb6d971 2545 BT_DBG("%s", hdev->name);
7fbec224 2546
09fd0de5 2547 hci_dev_lock(hdev);
5e762444 2548
88c1fe4b 2549 err = hci_blacklist_add(hdev, &cp->addr.bdaddr, cp->addr.type);
7fbec224 2550 if (err < 0)
f0eeea8b 2551 status = MGMT_STATUS_FAILED;
7fbec224 2552 else
a6785be2 2553 status = MGMT_STATUS_SUCCESS;
f0eeea8b 2554
bdb6d971 2555 err = cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE, status,
04124681 2556 &cp->addr, sizeof(cp->addr));
5e762444 2557
09fd0de5 2558 hci_dev_unlock(hdev);
7fbec224
AJ		 2559
2560 return err;
2561}
2562
bdb6d971 2563static int unblock_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2564 u16 len)
7fbec224 2565{
650f726d 2566 struct mgmt_cp_unblock_device *cp = data;
f0eeea8b 2567 u8 status;
7fbec224
AJ		 2568 int err;
2569
bdb6d971 2570 BT_DBG("%s", hdev->name);
7fbec224 2571
09fd0de5 2572 hci_dev_lock(hdev);
5e762444 2573
88c1fe4b 2574 err = hci_blacklist_del(hdev, &cp->addr.bdaddr, cp->addr.type);
7fbec224 2575 if (err < 0)
f0eeea8b 2576 status = MGMT_STATUS_INVALID_PARAMS;
7fbec224 2577 else
a6785be2 2578 status = MGMT_STATUS_SUCCESS;
f0eeea8b 2579
bdb6d971 2580 err = cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE, status,
04124681 2581 &cp->addr, sizeof(cp->addr));
5e762444 2582
09fd0de5 2583 hci_dev_unlock(hdev);
7fbec224
AJ		 2584
2585 return err;
2586}
2587
cdbaccca
MH		 2588static int set_device_id(struct sock *sk, struct hci_dev *hdev, void *data,
2589 u16 len)
2590{
2591 struct mgmt_cp_set_device_id *cp = data;
2592 int err;
c72d4b8a 2593 __u16 source;
cdbaccca
MH		 2594
2595 BT_DBG("%s", hdev->name);
2596
c72d4b8a
SJ		 2597 source = __le16_to_cpu(cp->source);
2598
2599 if (source > 0x0002)
2600 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEVICE_ID,
2601 MGMT_STATUS_INVALID_PARAMS);
2602
cdbaccca
MH		 2603 hci_dev_lock(hdev);
2604
c72d4b8a 2605 hdev->devid_source = source;
cdbaccca
MH		 2606 hdev->devid_vendor = __le16_to_cpu(cp->vendor);
2607 hdev->devid_product = __le16_to_cpu(cp->product);
2608 hdev->devid_version = __le16_to_cpu(cp->version);
2609
2610 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEVICE_ID, 0, NULL, 0);
2611
2612 update_eir(hdev);
2613
2614 hci_dev_unlock(hdev);
2615
2616 return err;
2617}
2618
bdb6d971 2619static int set_fast_connectable(struct sock *sk, struct hci_dev *hdev,
04124681 2620 void *data, u16 len)
f6422ec6 2621{
650f726d 2622 struct mgmt_mode *cp = data;
f6422ec6
AJ		 2623 struct hci_cp_write_page_scan_activity acp;
2624 u8 type;
2625 int err;
2626
bdb6d971 2627 BT_DBG("%s", hdev->name);
f6422ec6 2628
33c525c0
JH		 2629 if (!lmp_bredr_capable(hdev))
2630 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
2631 MGMT_STATUS_NOT_SUPPORTED);
2632
a7e80f25
JH		 2633 if (cp->val != 0x00 && cp->val != 0x01)
2634 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
2635 MGMT_STATUS_INVALID_PARAMS);
2636
5400c044 2637 if (!hdev_is_powered(hdev))
bdb6d971 2638 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
04124681 2639 MGMT_STATUS_NOT_POWERED);
5400c044
JH		 2640
2641 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
bdb6d971 2642 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
04124681 2643 MGMT_STATUS_REJECTED);
f6422ec6
AJ		 2644
2645 hci_dev_lock(hdev);
2646
f7c6869c 2647 if (cp->val) {
f6422ec6 2648 type = PAGE_SCAN_TYPE_INTERLACED;
76ec9de8 2649
83ce9a06
JH		 2650 /* 160 msec page scan interval */
2651 acp.interval = __constant_cpu_to_le16(0x0100);
f6422ec6
AJ		 2652 } else {
2653 type = PAGE_SCAN_TYPE_STANDARD; /* default */
76ec9de8
AE		 2654
2655 /* default 1.28 sec page scan */
2656 acp.interval = __constant_cpu_to_le16(0x0800);
f6422ec6
AJ		 2657 }
2658
76ec9de8
AE		 2659 /* default 11.25 msec page scan window */
2660 acp.window = __constant_cpu_to_le16(0x0012);
f6422ec6 2661
04124681
GP		 2662 err = hci_send_cmd(hdev, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY, sizeof(acp),
2663 &acp);
f6422ec6 2664 if (err < 0) {
bdb6d971 2665 err = cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
04124681 2666 MGMT_STATUS_FAILED);
f6422ec6
AJ		 2667 goto done;
2668 }
2669
2670 err = hci_send_cmd(hdev, HCI_OP_WRITE_PAGE_SCAN_TYPE, 1, &type);
2671 if (err < 0) {
bdb6d971 2672 err = cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
04124681 2673 MGMT_STATUS_FAILED);
f6422ec6
AJ		 2674 goto done;
2675 }
2676
bdb6d971 2677 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE, 0,
04124681 2678 NULL, 0);
f6422ec6
AJ		 2679done:
2680 hci_dev_unlock(hdev);
f6422ec6
AJ		 2681 return err;
2682}
2683
bdb6d971 2684static int load_long_term_keys(struct sock *sk, struct hci_dev *hdev,
04124681 2685 void *cp_data, u16 len)
346af67b 2686{
346af67b
VCG		 2687 struct mgmt_cp_load_long_term_keys *cp = cp_data;
2688 u16 key_count, expected_len;
715a5bf2 2689 int i, err;
346af67b 2690
1f350c87 2691 key_count = __le16_to_cpu(cp->key_count);
346af67b
VCG		 2692
2693 expected_len = sizeof(*cp) + key_count *
2694 sizeof(struct mgmt_ltk_info);
2695 if (expected_len != len) {
2696 BT_ERR("load_keys: expected %u bytes, got %u bytes",
8ce8e2b5 2697 len, expected_len);
bdb6d971 2698 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
04124681 2699 EINVAL);
346af67b
VCG		 2700 }
2701
bdb6d971 2702 BT_DBG("%s key_count %u", hdev->name, key_count);
346af67b
VCG		 2703
2704 hci_dev_lock(hdev);
2705
2706 hci_smp_ltks_clear(hdev);
2707
2708 for (i = 0; i < key_count; i++) {
2709 struct mgmt_ltk_info *key = &cp->keys[i];
2710 u8 type;
2711
2712 if (key->master)
2713 type = HCI_SMP_LTK;
2714 else
2715 type = HCI_SMP_LTK_SLAVE;
2716
4596fde5 2717 hci_add_ltk(hdev, &key->addr.bdaddr,
378b5b7e 2718 bdaddr_to_le(key->addr.type),
04124681
GP		 2719 type, 0, key->authenticated, key->val,
2720 key->enc_size, key->ediv, key->rand);
346af67b
VCG		 2721 }
2722
715a5bf2
JH		 2723 err = cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS, 0,
2724 NULL, 0);
2725
346af67b 2726 hci_dev_unlock(hdev);
346af67b 2727
715a5bf2 2728 return err;
346af67b
VCG		 2729}
2730
2e3c35ea 2731static const struct mgmt_handler {
04124681
GP		 2732 int (*func) (struct sock *sk, struct hci_dev *hdev, void *data,
2733 u16 data_len);
be22b54e
JH		 2734 bool var_len;
2735 size_t data_len;
0f4e68cf
JH		 2736} mgmt_handlers[] = {
2737 { NULL }, /* 0x0000 (no command) */
be22b54e
JH		 2738 { read_version, false, MGMT_READ_VERSION_SIZE },
2739 { read_commands, false, MGMT_READ_COMMANDS_SIZE },
2740 { read_index_list, false, MGMT_READ_INDEX_LIST_SIZE },
2741 { read_controller_info, false, MGMT_READ_INFO_SIZE },
2742 { set_powered, false, MGMT_SETTING_SIZE },
2743 { set_discoverable, false, MGMT_SET_DISCOVERABLE_SIZE },
2744 { set_connectable, false, MGMT_SETTING_SIZE },
2745 { set_fast_connectable, false, MGMT_SETTING_SIZE },
2746 { set_pairable, false, MGMT_SETTING_SIZE },
2747 { set_link_security, false, MGMT_SETTING_SIZE },
2748 { set_ssp, false, MGMT_SETTING_SIZE },
2749 { set_hs, false, MGMT_SETTING_SIZE },
2750 { set_le, false, MGMT_SETTING_SIZE },
2751 { set_dev_class, false, MGMT_SET_DEV_CLASS_SIZE },
2752 { set_local_name, false, MGMT_SET_LOCAL_NAME_SIZE },
2753 { add_uuid, false, MGMT_ADD_UUID_SIZE },
2754 { remove_uuid, false, MGMT_REMOVE_UUID_SIZE },
2755 { load_link_keys, true, MGMT_LOAD_LINK_KEYS_SIZE },
2756 { load_long_term_keys, true, MGMT_LOAD_LONG_TERM_KEYS_SIZE },
2757 { disconnect, false, MGMT_DISCONNECT_SIZE },
2758 { get_connections, false, MGMT_GET_CONNECTIONS_SIZE },
2759 { pin_code_reply, false, MGMT_PIN_CODE_REPLY_SIZE },
2760 { pin_code_neg_reply, false, MGMT_PIN_CODE_NEG_REPLY_SIZE },
2761 { set_io_capability, false, MGMT_SET_IO_CAPABILITY_SIZE },
2762 { pair_device, false, MGMT_PAIR_DEVICE_SIZE },
2763 { cancel_pair_device, false, MGMT_CANCEL_PAIR_DEVICE_SIZE },
2764 { unpair_device, false, MGMT_UNPAIR_DEVICE_SIZE },
2765 { user_confirm_reply, false, MGMT_USER_CONFIRM_REPLY_SIZE },
2766 { user_confirm_neg_reply, false, MGMT_USER_CONFIRM_NEG_REPLY_SIZE },
2767 { user_passkey_reply, false, MGMT_USER_PASSKEY_REPLY_SIZE },
2768 { user_passkey_neg_reply, false, MGMT_USER_PASSKEY_NEG_REPLY_SIZE },
2769 { read_local_oob_data, false, MGMT_READ_LOCAL_OOB_DATA_SIZE },
2770 { add_remote_oob_data, false, MGMT_ADD_REMOTE_OOB_DATA_SIZE },
2771 { remove_remote_oob_data, false, MGMT_REMOVE_REMOTE_OOB_DATA_SIZE },
2772 { start_discovery, false, MGMT_START_DISCOVERY_SIZE },
2773 { stop_discovery, false, MGMT_STOP_DISCOVERY_SIZE },
2774 { confirm_name, false, MGMT_CONFIRM_NAME_SIZE },
2775 { block_device, false, MGMT_BLOCK_DEVICE_SIZE },
2776 { unblock_device, false, MGMT_UNBLOCK_DEVICE_SIZE },
cdbaccca 2777 { set_device_id, false, MGMT_SET_DEVICE_ID_SIZE },
0f4e68cf
JH		 2778};
2779
2780
0381101f
JH		 2781int mgmt_control(struct sock *sk, struct msghdr *msg, size_t msglen)
2782{
650f726d
VCG		 2783 void *buf;
2784 u8 *cp;
0381101f 2785 struct mgmt_hdr *hdr;
4e51eae9 2786 u16 opcode, index, len;
bdb6d971 2787 struct hci_dev *hdev = NULL;
2e3c35ea 2788 const struct mgmt_handler *handler;
0381101f
JH		 2789 int err;
2790
2791 BT_DBG("got %zu bytes", msglen);
2792
2793 if (msglen < sizeof(*hdr))
2794 return -EINVAL;
2795
e63a15ec 2796 buf = kmalloc(msglen, GFP_KERNEL);
0381101f
JH		 2797 if (!buf)
2798 return -ENOMEM;
2799
2800 if (memcpy_fromiovec(buf, msg->msg_iov, msglen)) {
2801 err = -EFAULT;
2802 goto done;
2803 }
2804
650f726d 2805 hdr = buf;
1f350c87
MH		 2806 opcode = __le16_to_cpu(hdr->opcode);
2807 index = __le16_to_cpu(hdr->index);
2808 len = __le16_to_cpu(hdr->len);
0381101f
JH		 2809
2810 if (len != msglen - sizeof(*hdr)) {
2811 err = -EINVAL;
2812 goto done;
2813 }
2814
0f4e68cf 2815 if (index != MGMT_INDEX_NONE) {
bdb6d971
JH		 2816 hdev = hci_dev_get(index);
2817 if (!hdev) {
2818 err = cmd_status(sk, index, opcode,
04124681 2819 MGMT_STATUS_INVALID_INDEX);
bdb6d971
JH		 2820 goto done;
2821 }
2822 }
2823
0f4e68cf 2824 if (opcode >= ARRAY_SIZE(mgmt_handlers) ||
8ce8e2b5 2825 mgmt_handlers[opcode].func == NULL) {
0381101f 2826 BT_DBG("Unknown op %u", opcode);
ca69b795 2827 err = cmd_status(sk, index, opcode,
04124681 2828 MGMT_STATUS_UNKNOWN_COMMAND);
0f4e68cf
JH		 2829 goto done;
2830 }
2831
2832 if ((hdev && opcode < MGMT_OP_READ_INFO) ||
8ce8e2b5 2833 (!hdev && opcode >= MGMT_OP_READ_INFO)) {
0f4e68cf 2834 err = cmd_status(sk, index, opcode,
04124681 2835 MGMT_STATUS_INVALID_INDEX);
0f4e68cf 2836 goto done;
0381101f
JH		 2837 }
2838
be22b54e
JH		 2839 handler = &mgmt_handlers[opcode];
2840
2841 if ((handler->var_len && len < handler->data_len) ||
8ce8e2b5 2842 (!handler->var_len && len != handler->data_len)) {
be22b54e 2843 err = cmd_status(sk, index, opcode,
04124681 2844 MGMT_STATUS_INVALID_PARAMS);
be22b54e
JH		 2845 goto done;
2846 }
2847
0f4e68cf
JH		 2848 if (hdev)
2849 mgmt_init_hdev(sk, hdev);
2850
2851 cp = buf + sizeof(*hdr);
2852
be22b54e 2853 err = handler->func(sk, hdev, cp, len);
e41d8b4e
JH		 2854 if (err < 0)
2855 goto done;
2856
0381101f
JH		 2857 err = msglen;
2858
2859done:
bdb6d971
JH		 2860 if (hdev)
2861 hci_dev_put(hdev);
2862
0381101f
JH		 2863 kfree(buf);
2864 return err;
2865}
c71e97bf 2866
b24752fe
JH		 2867static void cmd_status_rsp(struct pending_cmd *cmd, void *data)
2868{
2869 u8 *status = data;
2870
2871 cmd_status(cmd->sk, cmd->index, cmd->opcode, *status);
2872 mgmt_pending_remove(cmd);
2873}
2874
744cf19e 2875int mgmt_index_added(struct hci_dev *hdev)
c71e97bf 2876{
bb4b2a9a
AE		 2877 if (!mgmt_valid_hdev(hdev))
2878 return -ENOTSUPP;
2879
744cf19e 2880 return mgmt_event(MGMT_EV_INDEX_ADDED, hdev, NULL, 0, NULL);
c71e97bf
JH		 2881}
2882
744cf19e 2883int mgmt_index_removed(struct hci_dev *hdev)
c71e97bf 2884{
5f159032 2885 u8 status = MGMT_STATUS_INVALID_INDEX;
b24752fe 2886
bb4b2a9a
AE		 2887 if (!mgmt_valid_hdev(hdev))
2888 return -ENOTSUPP;
2889
744cf19e 2890 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status);
b24752fe 2891
744cf19e 2892 return mgmt_event(MGMT_EV_INDEX_REMOVED, hdev, NULL, 0, NULL);
eec8d2bc
JH		 2893}
2894
73f22f62 2895struct cmd_lookup {
eec8d2bc 2896 struct sock *sk;
69ab39ea 2897 struct hci_dev *hdev;
90e70454 2898 u8 mgmt_status;
eec8d2bc
JH		 2899};
2900
69ab39ea 2901static void settings_rsp(struct pending_cmd *cmd, void *data)
eec8d2bc 2902{
73f22f62 2903 struct cmd_lookup *match = data;
eec8d2bc 2904
69ab39ea 2905 send_settings_rsp(cmd->sk, cmd->opcode, match->hdev);
eec8d2bc
JH		 2906
2907 list_del(&cmd->list);
2908
2909 if (match->sk == NULL) {
2910 match->sk = cmd->sk;
2911 sock_hold(match->sk);
2912 }
2913
2914 mgmt_pending_free(cmd);
c71e97bf 2915}
5add6af8 2916
7f0ae647
JH		 2917static int set_bredr_scan(struct hci_dev *hdev)
2918{
2919 u8 scan = 0;
2920
2921 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
2922 scan |= SCAN_PAGE;
2923 if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
2924 scan |= SCAN_INQUIRY;
2925
2926 if (!scan)
2927 return 0;
2928
2929 return hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
2930}
2931
744cf19e 2932int mgmt_powered(struct hci_dev *hdev, u8 powered)
5add6af8 2933{
76a7f3a4 2934 struct cmd_lookup match = { NULL, hdev };
7bb895d6 2935 int err;
5add6af8 2936
5e5282bb
JH		 2937 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
2938 return 0;
2939
69ab39ea 2940 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
5add6af8 2941
5e5282bb 2942 if (powered) {
6b4b73ee
JH		 2943 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags) &&
2944 !lmp_host_ssp_capable(hdev)) {
3d1cbdd6
AK		 2945 u8 ssp = 1;
2946
2947 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, 1, &ssp);
2948 }
2949
562fcc24
AK		 2950 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
2951 struct hci_cp_write_le_host_supported cp;
2952
2953 cp.le = 1;
ffa88e02 2954 cp.simul = lmp_le_br_capable(hdev);
562fcc24 2955
430a61b8
JH		 2956 /* Check first if we already have the right
2957 * host state (host features set)
2958 */
ffa88e02
GP		 2959 if (cp.le != lmp_host_le_capable(hdev) ||
2960 cp.simul != lmp_host_le_br_capable(hdev))
430a61b8
JH		 2961 hci_send_cmd(hdev,
2962 HCI_OP_WRITE_LE_HOST_SUPPORTED,
2963 sizeof(cp), &cp);
562fcc24
AK		 2964 }
2965
7f0ae647
JH		 2966 if (lmp_bredr_capable(hdev)) {
2967 set_bredr_scan(hdev);
2968 update_class(hdev);
2969 update_name(hdev, hdev->dev_name);
2970 update_eir(hdev);
2971 }
5e5282bb 2972 } else {
d4f68526 2973 u8 status = MGMT_STATUS_NOT_POWERED;
744cf19e 2974 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status);
b24752fe
JH		 2975 }
2976
beadb2bd 2977 err = new_settings(hdev, match.sk);
eec8d2bc
JH		 2978
2979 if (match.sk)
2980 sock_put(match.sk);
2981
7bb895d6 2982 return err;
5add6af8 2983}
73f22f62 2984
744cf19e 2985int mgmt_discoverable(struct hci_dev *hdev, u8 discoverable)
73f22f62 2986{
76a7f3a4 2987 struct cmd_lookup match = { NULL, hdev };
5e5282bb
JH		 2988 bool changed = false;
2989 int err = 0;
73f22f62 2990
5e5282bb
JH		 2991 if (discoverable) {
2992 if (!test_and_set_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
2993 changed = true;
2994 } else {
2995 if (test_and_clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
2996 changed = true;
2997 }
73f22f62 2998
ed9b5f2f 2999 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, hdev, settings_rsp,
04124681 3000 &match);
ed9b5f2f 3001
beadb2bd
JH		 3002 if (changed)
3003 err = new_settings(hdev, match.sk);
5e5282bb 3004
73f22f62
JH		 3005 if (match.sk)
3006 sock_put(match.sk);
3007
7bb895d6 3008 return err;
73f22f62 3009}
9fbcbb45 3010
744cf19e 3011int mgmt_connectable(struct hci_dev *hdev, u8 connectable)
9fbcbb45 3012{
76a7f3a4 3013 struct cmd_lookup match = { NULL, hdev };
5e5282bb
JH		 3014 bool changed = false;
3015 int err = 0;
9fbcbb45 3016
5e5282bb
JH		 3017 if (connectable) {
3018 if (!test_and_set_bit(HCI_CONNECTABLE, &hdev->dev_flags))
3019 changed = true;
3020 } else {
3021 if (test_and_clear_bit(HCI_CONNECTABLE, &hdev->dev_flags))
3022 changed = true;
3023 }
9fbcbb45 3024
ed9b5f2f 3025 mgmt_pending_foreach(MGMT_OP_SET_CONNECTABLE, hdev, settings_rsp,
04124681 3026 &match);
ed9b5f2f 3027
beadb2bd
JH		 3028 if (changed)
3029 err = new_settings(hdev, match.sk);
9fbcbb45
JH		 3030
3031 if (match.sk)
3032 sock_put(match.sk);
3033
7bb895d6 3034 return err;
9fbcbb45 3035}
55ed8ca1 3036
744cf19e 3037int mgmt_write_scan_failed(struct hci_dev *hdev, u8 scan, u8 status)
2d7cee58 3038{
ca69b795
JH		 3039 u8 mgmt_err = mgmt_status(status);
3040
2d7cee58 3041 if (scan & SCAN_PAGE)
744cf19e 3042 mgmt_pending_foreach(MGMT_OP_SET_CONNECTABLE, hdev,
04124681 3043 cmd_status_rsp, &mgmt_err);
2d7cee58
JH		 3044
3045 if (scan & SCAN_INQUIRY)
744cf19e 3046 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, hdev,
04124681 3047 cmd_status_rsp, &mgmt_err);
2d7cee58
JH		 3048
3049 return 0;
3050}
3051
53168e5b
CC		 3052int mgmt_new_link_key(struct hci_dev *hdev, struct link_key *key,
3053 bool persistent)
55ed8ca1 3054{
86742e1e 3055 struct mgmt_ev_new_link_key ev;
55ed8ca1 3056
a492cd52 3057 memset(&ev, 0, sizeof(ev));
55ed8ca1 3058
a492cd52 3059 ev.store_hint = persistent;
d753fdc4 3060 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
591f47f3 3061 ev.key.addr.type = BDADDR_BREDR;
a492cd52 3062 ev.key.type = key->type;
9b3b4460 3063 memcpy(ev.key.val, key->val, HCI_LINK_KEY_SIZE);
a492cd52 3064 ev.key.pin_len = key->pin_len;
55ed8ca1 3065
744cf19e 3066 return mgmt_event(MGMT_EV_NEW_LINK_KEY, hdev, &ev, sizeof(ev), NULL);
55ed8ca1 3067}
f7520543 3068
346af67b
VCG		 3069int mgmt_new_ltk(struct hci_dev *hdev, struct smp_ltk *key, u8 persistent)
3070{
3071 struct mgmt_ev_new_long_term_key ev;
3072
3073 memset(&ev, 0, sizeof(ev));
3074
3075 ev.store_hint = persistent;
3076 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
57c1477c 3077 ev.key.addr.type = link_to_bdaddr(LE_LINK, key->bdaddr_type);
346af67b
VCG		 3078 ev.key.authenticated = key->authenticated;
3079 ev.key.enc_size = key->enc_size;
3080 ev.key.ediv = key->ediv;
3081
3082 if (key->type == HCI_SMP_LTK)
3083 ev.key.master = 1;
3084
3085 memcpy(ev.key.rand, key->rand, sizeof(key->rand));
3086 memcpy(ev.key.val, key->val, sizeof(key->val));
3087
04124681
GP		 3088 return mgmt_event(MGMT_EV_NEW_LONG_TERM_KEY, hdev, &ev, sizeof(ev),
3089 NULL);
346af67b
VCG		 3090}
3091
afc747a6 3092int mgmt_device_connected(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
04124681
GP		 3093 u8 addr_type, u32 flags, u8 *name, u8 name_len,
3094 u8 *dev_class)
f7520543 3095{
b644ba33
JH		 3096 char buf[512];
3097 struct mgmt_ev_device_connected *ev = (void *) buf;
3098 u16 eir_len = 0;
f7520543 3099
b644ba33 3100 bacpy(&ev->addr.bdaddr, bdaddr);
57c1477c 3101 ev->addr.type = link_to_bdaddr(link_type, addr_type);
f7520543 3102
c95f0ba7 3103 ev->flags = __cpu_to_le32(flags);
08c79b61 3104
b644ba33
JH		 3105 if (name_len > 0)
3106 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE,
04124681 3107 name, name_len);
b644ba33
JH		 3108
3109 if (dev_class && memcmp(dev_class, "\0\0\0", 3) != 0)
53156385 3110 eir_len = eir_append_data(ev->eir, eir_len,
04124681 3111 EIR_CLASS_OF_DEV, dev_class, 3);
b644ba33 3112
eb55ef07 3113 ev->eir_len = cpu_to_le16(eir_len);
b644ba33
JH		 3114
3115 return mgmt_event(MGMT_EV_DEVICE_CONNECTED, hdev, buf,
04124681 3116 sizeof(*ev) + eir_len, NULL);
f7520543
JH		 3117}
3118
8962ee74
JH		 3119static void disconnect_rsp(struct pending_cmd *cmd, void *data)
3120{
c68fb7ff 3121 struct mgmt_cp_disconnect *cp = cmd->param;
8962ee74 3122 struct sock **sk = data;
a38528f1 3123 struct mgmt_rp_disconnect rp;
8962ee74 3124
88c3df13
JH		 3125 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
3126 rp.addr.type = cp->addr.type;
8962ee74 3127
aee9b218 3128 cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT, 0, &rp,
04124681 3129 sizeof(rp));
8962ee74
JH		 3130
3131 *sk = cmd->sk;
3132 sock_hold(*sk);
3133
a664b5bc 3134 mgmt_pending_remove(cmd);
8962ee74
JH		 3135}
3136
124f6e35 3137static void unpair_device_rsp(struct pending_cmd *cmd, void *data)
a8a1d19e 3138{
b1078ad0 3139 struct hci_dev *hdev = data;
124f6e35
JH		 3140 struct mgmt_cp_unpair_device *cp = cmd->param;
3141 struct mgmt_rp_unpair_device rp;
a8a1d19e
JH		 3142
3143 memset(&rp, 0, sizeof(rp));
124f6e35
JH		 3144 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
3145 rp.addr.type = cp->addr.type;
a8a1d19e 3146
b1078ad0
JH		 3147 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, cmd->sk);
3148
aee9b218 3149 cmd_complete(cmd->sk, cmd->index, cmd->opcode, 0, &rp, sizeof(rp));
a8a1d19e
JH		 3150
3151 mgmt_pending_remove(cmd);
3152}
3153
afc747a6 3154int mgmt_device_disconnected(struct hci_dev *hdev, bdaddr_t *bdaddr,
f0d6a0ea 3155 u8 link_type, u8 addr_type, u8 reason)
f7520543 3156{
f0d6a0ea 3157 struct mgmt_ev_device_disconnected ev;
8962ee74
JH		 3158 struct sock *sk = NULL;
3159 int err;
3160
744cf19e 3161 mgmt_pending_foreach(MGMT_OP_DISCONNECT, hdev, disconnect_rsp, &sk);
f7520543 3162
f0d6a0ea
MA		 3163 bacpy(&ev.addr.bdaddr, bdaddr);
3164 ev.addr.type = link_to_bdaddr(link_type, addr_type);
3165 ev.reason = reason;
f7520543 3166
afc747a6 3167 err = mgmt_event(MGMT_EV_DEVICE_DISCONNECTED, hdev, &ev, sizeof(ev),
04124681 3168 sk);
8962ee74
JH		 3169
3170 if (sk)
d97dcb66 3171 sock_put(sk);
8962ee74 3172
124f6e35 3173 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
04124681 3174 hdev);
a8a1d19e 3175
8962ee74
JH		 3176 return err;
3177}
3178
88c3df13 3179int mgmt_disconnect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 3180 u8 link_type, u8 addr_type, u8 status)
8962ee74 3181{
88c3df13 3182 struct mgmt_rp_disconnect rp;
8962ee74
JH		 3183 struct pending_cmd *cmd;
3184 int err;
3185
36a75f1b
JD		 3186 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
3187 hdev);
3188
2e58ef3e 3189 cmd = mgmt_pending_find(MGMT_OP_DISCONNECT, hdev);
8962ee74
JH		 3190 if (!cmd)
3191 return -ENOENT;
3192
88c3df13 3193 bacpy(&rp.addr.bdaddr, bdaddr);
57c1477c 3194 rp.addr.type = link_to_bdaddr(link_type, addr_type);
37d9ef76 3195
88c3df13 3196 err = cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT,
04124681 3197 mgmt_status(status), &rp, sizeof(rp));
8962ee74 3198
a664b5bc 3199 mgmt_pending_remove(cmd);
8962ee74
JH		 3200
3201 return err;
f7520543 3202}
17d5c04c 3203
48264f06 3204int mgmt_connect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
04124681 3205 u8 addr_type, u8 status)
17d5c04c
JH		 3206{
3207 struct mgmt_ev_connect_failed ev;
3208
4c659c39 3209 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 3210 ev.addr.type = link_to_bdaddr(link_type, addr_type);
ca69b795 3211 ev.status = mgmt_status(status);
17d5c04c 3212
744cf19e 3213 return mgmt_event(MGMT_EV_CONNECT_FAILED, hdev, &ev, sizeof(ev), NULL);
17d5c04c 3214}
980e1a53 3215
744cf19e 3216int mgmt_pin_code_request(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 secure)
980e1a53
JH		 3217{
3218 struct mgmt_ev_pin_code_request ev;
3219
d8457698 3220 bacpy(&ev.addr.bdaddr, bdaddr);
591f47f3 3221 ev.addr.type = BDADDR_BREDR;
a770bb5a 3222 ev.secure = secure;
980e1a53 3223
744cf19e 3224 return mgmt_event(MGMT_EV_PIN_CODE_REQUEST, hdev, &ev, sizeof(ev),
04124681 3225 NULL);
980e1a53
JH		 3226}
3227
744cf19e 3228int mgmt_pin_code_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 3229 u8 status)
980e1a53
JH		 3230{
3231 struct pending_cmd *cmd;
ac56fb13 3232 struct mgmt_rp_pin_code_reply rp;
980e1a53
JH		 3233 int err;
3234
2e58ef3e 3235 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_REPLY, hdev);
980e1a53
JH		 3236 if (!cmd)
3237 return -ENOENT;
3238
d8457698 3239 bacpy(&rp.addr.bdaddr, bdaddr);
591f47f3 3240 rp.addr.type = BDADDR_BREDR;
ac56fb13 3241
aee9b218 3242 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
04124681 3243 mgmt_status(status), &rp, sizeof(rp));
980e1a53 3244
a664b5bc 3245 mgmt_pending_remove(cmd);
980e1a53
JH		 3246
3247 return err;
3248}
3249
744cf19e 3250int mgmt_pin_code_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 3251 u8 status)
980e1a53
JH		 3252{
3253 struct pending_cmd *cmd;
ac56fb13 3254 struct mgmt_rp_pin_code_reply rp;
980e1a53
JH		 3255 int err;
3256
2e58ef3e 3257 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_NEG_REPLY, hdev);
980e1a53
JH		 3258 if (!cmd)
3259 return -ENOENT;
3260
d8457698 3261 bacpy(&rp.addr.bdaddr, bdaddr);
591f47f3 3262 rp.addr.type = BDADDR_BREDR;
ac56fb13 3263
aee9b218 3264 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_NEG_REPLY,
04124681 3265 mgmt_status(status), &rp, sizeof(rp));
980e1a53 3266
a664b5bc 3267 mgmt_pending_remove(cmd);
980e1a53
JH		 3268
3269 return err;
3270}
a5c29683 3271
744cf19e 3272int mgmt_user_confirm_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681
GP		 3273 u8 link_type, u8 addr_type, __le32 value,
3274 u8 confirm_hint)
a5c29683
JH		 3275{
3276 struct mgmt_ev_user_confirm_request ev;
3277
744cf19e 3278 BT_DBG("%s", hdev->name);
a5c29683 3279
272d90df 3280 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 3281 ev.addr.type = link_to_bdaddr(link_type, addr_type);
55bc1a37 3282 ev.confirm_hint = confirm_hint;
78e8098e 3283 ev.value = value;
a5c29683 3284
744cf19e 3285 return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST, hdev, &ev, sizeof(ev),
04124681 3286 NULL);
a5c29683
JH		 3287}
3288
272d90df 3289int mgmt_user_passkey_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
8ce8e2b5 3290 u8 link_type, u8 addr_type)
604086b7
BG		 3291{
3292 struct mgmt_ev_user_passkey_request ev;
3293
3294 BT_DBG("%s", hdev->name);
3295
272d90df 3296 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 3297 ev.addr.type = link_to_bdaddr(link_type, addr_type);
604086b7
BG		 3298
3299 return mgmt_event(MGMT_EV_USER_PASSKEY_REQUEST, hdev, &ev, sizeof(ev),
04124681 3300 NULL);
604086b7
BG		 3301}
3302
0df4c185 3303static int user_pairing_resp_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
8ce8e2b5
GP		 3304 u8 link_type, u8 addr_type, u8 status,
3305 u8 opcode)
a5c29683
JH		 3306{
3307 struct pending_cmd *cmd;
3308 struct mgmt_rp_user_confirm_reply rp;
3309 int err;
3310
2e58ef3e 3311 cmd = mgmt_pending_find(opcode, hdev);
a5c29683
JH		 3312 if (!cmd)
3313 return -ENOENT;
3314
272d90df 3315 bacpy(&rp.addr.bdaddr, bdaddr);
57c1477c 3316 rp.addr.type = link_to_bdaddr(link_type, addr_type);
aee9b218 3317 err = cmd_complete(cmd->sk, hdev->id, opcode, mgmt_status(status),
04124681 3318 &rp, sizeof(rp));
a5c29683 3319
a664b5bc 3320 mgmt_pending_remove(cmd);
a5c29683
JH		 3321
3322 return err;
3323}
3324
744cf19e 3325int mgmt_user_confirm_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 3326 u8 link_type, u8 addr_type, u8 status)
a5c29683 3327{
272d90df 3328 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
04124681 3329 status, MGMT_OP_USER_CONFIRM_REPLY);
a5c29683
JH		 3330}
3331
272d90df 3332int mgmt_user_confirm_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 3333 u8 link_type, u8 addr_type, u8 status)
a5c29683 3334{
272d90df 3335 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
8fc9ced3
GP		 3336 status,
3337 MGMT_OP_USER_CONFIRM_NEG_REPLY);
a5c29683 3338}
2a611692 3339
604086b7 3340int mgmt_user_passkey_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 3341 u8 link_type, u8 addr_type, u8 status)
604086b7 3342{
272d90df 3343 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
04124681 3344 status, MGMT_OP_USER_PASSKEY_REPLY);
604086b7
BG		 3345}
3346
272d90df 3347int mgmt_user_passkey_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 3348 u8 link_type, u8 addr_type, u8 status)
604086b7 3349{
272d90df 3350 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
8fc9ced3
GP		 3351 status,
3352 MGMT_OP_USER_PASSKEY_NEG_REPLY);
604086b7
BG		 3353}
3354
92a25256
JH		 3355int mgmt_user_passkey_notify(struct hci_dev *hdev, bdaddr_t *bdaddr,
3356 u8 link_type, u8 addr_type, u32 passkey,
3357 u8 entered)
3358{
3359 struct mgmt_ev_passkey_notify ev;
3360
3361 BT_DBG("%s", hdev->name);
3362
3363 bacpy(&ev.addr.bdaddr, bdaddr);
3364 ev.addr.type = link_to_bdaddr(link_type, addr_type);
3365 ev.passkey = __cpu_to_le32(passkey);
3366 ev.entered = entered;
3367
3368 return mgmt_event(MGMT_EV_PASSKEY_NOTIFY, hdev, &ev, sizeof(ev), NULL);
3369}
3370
bab73cb6 3371int mgmt_auth_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
04124681 3372 u8 addr_type, u8 status)
2a611692
JH		 3373{
3374 struct mgmt_ev_auth_failed ev;
3375
bab73cb6 3376 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 3377 ev.addr.type = link_to_bdaddr(link_type, addr_type);
ca69b795 3378 ev.status = mgmt_status(status);
2a611692 3379
744cf19e 3380 return mgmt_event(MGMT_EV_AUTH_FAILED, hdev, &ev, sizeof(ev), NULL);
2a611692 3381}
b312b161 3382
33ef95ed
JH		 3383int mgmt_auth_enable_complete(struct hci_dev *hdev, u8 status)
3384{
3385 struct cmd_lookup match = { NULL, hdev };
47990ea0
JH		 3386 bool changed = false;
3387 int err = 0;
33ef95ed
JH		 3388
3389 if (status) {
3390 u8 mgmt_err = mgmt_status(status);
3391 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev,
04124681 3392 cmd_status_rsp, &mgmt_err);
33ef95ed
JH		 3393 return 0;
3394 }
3395
47990ea0
JH		 3396 if (test_bit(HCI_AUTH, &hdev->flags)) {
3397 if (!test_and_set_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
3398 changed = true;
3399 } else {
3400 if (test_and_clear_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
3401 changed = true;
3402 }
3403
33ef95ed 3404 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev, settings_rsp,
04124681 3405 &match);
33ef95ed 3406
47990ea0
JH		 3407 if (changed)
3408 err = new_settings(hdev, match.sk);
33ef95ed
JH		 3409
3410 if (match.sk)
3411 sock_put(match.sk);
3412
3413 return err;
3414}
3415
cacaf52f
JH		 3416static int clear_eir(struct hci_dev *hdev)
3417{
3418 struct hci_cp_write_eir cp;
3419
976eb20e 3420 if (!lmp_ext_inq_capable(hdev))
cacaf52f
JH		 3421 return 0;
3422
c80da27e
JH		 3423 memset(hdev->eir, 0, sizeof(hdev->eir));
3424
cacaf52f
JH		 3425 memset(&cp, 0, sizeof(cp));
3426
3427 return hci_send_cmd(hdev, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
3428}
3429
c0ecddc2 3430int mgmt_ssp_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
ed2c4ee3
JH		 3431{
3432 struct cmd_lookup match = { NULL, hdev };
c0ecddc2
JH		 3433 bool changed = false;
3434 int err = 0;
ed2c4ee3
JH		 3435
3436 if (status) {
3437 u8 mgmt_err = mgmt_status(status);
c0ecddc2
JH		 3438
3439 if (enable && test_and_clear_bit(HCI_SSP_ENABLED,
04124681 3440 &hdev->dev_flags))
c0ecddc2
JH		 3441 err = new_settings(hdev, NULL);
3442
04124681
GP		 3443 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, cmd_status_rsp,
3444 &mgmt_err);
c0ecddc2
JH		 3445
3446 return err;
3447 }
3448
3449 if (enable) {
3450 if (!test_and_set_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
3451 changed = true;
3452 } else {
3453 if (test_and_clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
3454 changed = true;
ed2c4ee3
JH		 3455 }
3456
3457 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, settings_rsp, &match);
3458
c0ecddc2
JH		 3459 if (changed)
3460 err = new_settings(hdev, match.sk);
ed2c4ee3 3461
5fc6ebb1 3462 if (match.sk)
ed2c4ee3
JH		 3463 sock_put(match.sk);
3464
5fc6ebb1
JH		 3465 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
3466 update_eir(hdev);
3467 else
3468 clear_eir(hdev);
cacaf52f 3469
ed2c4ee3
JH		 3470 return err;
3471}
3472
90e70454
JH		 3473static void class_rsp(struct pending_cmd *cmd, void *data)
3474{
3475 struct cmd_lookup *match = data;
3476
3477 cmd_complete(cmd->sk, cmd->index, cmd->opcode, match->mgmt_status,
04124681 3478 match->hdev->dev_class, 3);
90e70454
JH		 3479
3480 list_del(&cmd->list);
3481
3482 if (match->sk == NULL) {
3483 match->sk = cmd->sk;
3484 sock_hold(match->sk);
3485 }
3486
3487 mgmt_pending_free(cmd);
3488}
3489
7f9a903c 3490int mgmt_set_class_of_dev_complete(struct hci_dev *hdev, u8 *dev_class,
04124681 3491 u8 status)
7f9a903c 3492{
90e70454
JH		 3493 struct cmd_lookup match = { NULL, hdev, mgmt_status(status) };
3494 int err = 0;
7f9a903c 3495
c95f0ba7
JH		 3496 clear_bit(HCI_PENDING_CLASS, &hdev->dev_flags);
3497
90e70454
JH		 3498 mgmt_pending_foreach(MGMT_OP_SET_DEV_CLASS, hdev, class_rsp, &match);
3499 mgmt_pending_foreach(MGMT_OP_ADD_UUID, hdev, class_rsp, &match);
3500 mgmt_pending_foreach(MGMT_OP_REMOVE_UUID, hdev, class_rsp, &match);
3501
3502 if (!status)
04124681
GP		 3503 err = mgmt_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev, dev_class,
3504 3, NULL);
90e70454
JH		 3505
3506 if (match.sk)
3507 sock_put(match.sk);
7f9a903c
MH		 3508
3509 return err;
3510}
3511
744cf19e 3512int mgmt_set_local_name_complete(struct hci_dev *hdev, u8 *name, u8 status)
b312b161
JH		 3513{
3514 struct pending_cmd *cmd;
3515 struct mgmt_cp_set_local_name ev;
28cc7bde
JH		 3516 bool changed = false;
3517 int err = 0;
3518
3519 if (memcmp(name, hdev->dev_name, sizeof(hdev->dev_name)) != 0) {
3520 memcpy(hdev->dev_name, name, sizeof(hdev->dev_name));
3521 changed = true;
3522 }
b312b161
JH		 3523
3524 memset(&ev, 0, sizeof(ev));
3525 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH);
28cc7bde 3526 memcpy(ev.short_name, hdev->short_name, HCI_MAX_SHORT_NAME_LENGTH);
b312b161 3527
2e58ef3e 3528 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
b312b161
JH		 3529 if (!cmd)
3530 goto send_event;
3531
7bdaae4a
JH		 3532 /* Always assume that either the short or the complete name has
3533 * changed if there was a pending mgmt command */
3534 changed = true;
3535
b312b161 3536 if (status) {
744cf19e 3537 err = cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME,
04124681 3538 mgmt_status(status));
b312b161
JH		 3539 goto failed;
3540 }
3541
aee9b218 3542 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0, &ev,
04124681 3543 sizeof(ev));
b312b161
JH		 3544 if (err < 0)
3545 goto failed;
3546
3547send_event:
28cc7bde
JH		 3548 if (changed)
3549 err = mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, &ev,
04124681 3550 sizeof(ev), cmd ? cmd->sk : NULL);
28cc7bde 3551
1225a6bd
JH		 3552 /* EIR is taken care of separately when powering on the
3553 * adapter so only update them here if this is a name change
3554 * unrelated to power on.
3555 */
3556 if (!test_bit(HCI_INIT, &hdev->flags))
3557 update_eir(hdev);
b312b161
JH		 3558
3559failed:
3560 if (cmd)
3561 mgmt_pending_remove(cmd);
3562 return err;
3563}
c35938b2 3564
744cf19e 3565int mgmt_read_local_oob_data_reply_complete(struct hci_dev *hdev, u8 *hash,
04124681 3566 u8 *randomizer, u8 status)
c35938b2
SJ		 3567{
3568 struct pending_cmd *cmd;
3569 int err;
3570
744cf19e 3571 BT_DBG("%s status %u", hdev->name, status);
c35938b2 3572
2e58ef3e 3573 cmd = mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev);
c35938b2
SJ		 3574 if (!cmd)
3575 return -ENOENT;
3576
3577 if (status) {
04124681
GP		 3578 err = cmd_status(cmd->sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3579 mgmt_status(status));
c35938b2
SJ		 3580 } else {
3581 struct mgmt_rp_read_local_oob_data rp;
3582
3583 memcpy(rp.hash, hash, sizeof(rp.hash));
3584 memcpy(rp.randomizer, randomizer, sizeof(rp.randomizer));
3585
744cf19e 3586 err = cmd_complete(cmd->sk, hdev->id,
04124681
GP		 3587 MGMT_OP_READ_LOCAL_OOB_DATA, 0, &rp,
3588 sizeof(rp));
c35938b2
SJ		 3589 }
3590
3591 mgmt_pending_remove(cmd);
3592
3593 return err;
3594}
e17acd40 3595
06199cf8
JH		 3596int mgmt_le_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
3597{
3598 struct cmd_lookup match = { NULL, hdev };
3599 bool changed = false;
3600 int err = 0;
3601
3602 if (status) {
3603 u8 mgmt_err = mgmt_status(status);
3604
3605 if (enable && test_and_clear_bit(HCI_LE_ENABLED,
04124681 3606 &hdev->dev_flags))
d97dcb66 3607 err = new_settings(hdev, NULL);
06199cf8 3608
d97dcb66
SJ		 3609 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, cmd_status_rsp,
3610 &mgmt_err);
06199cf8
JH		 3611
3612 return err;
3613 }
3614
3615 if (enable) {
3616 if (!test_and_set_bit(HCI_LE_ENABLED, &hdev->dev_flags))
3617 changed = true;
3618 } else {
3619 if (test_and_clear_bit(HCI_LE_ENABLED, &hdev->dev_flags))
3620 changed = true;
3621 }
3622
3623 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, settings_rsp, &match);
3624
3625 if (changed)
3626 err = new_settings(hdev, match.sk);
3627
3628 if (match.sk)
3629 sock_put(match.sk);
3630
3631 return err;
3632}
3633
48264f06 3634int mgmt_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
04124681
GP		 3635 u8 addr_type, u8 *dev_class, s8 rssi, u8 cfm_name, u8
3636 ssp, u8 *eir, u16 eir_len)
e17acd40 3637{
e319d2e7
JH		 3638 char buf[512];
3639 struct mgmt_ev_device_found *ev = (void *) buf;
1dc06093 3640 size_t ev_size;
e17acd40 3641
1dc06093
JH		 3642 /* Leave 5 bytes for a potential CoD field */
3643 if (sizeof(*ev) + eir_len + 5 > sizeof(buf))
7d262f86
AG		 3644 return -EINVAL;
3645
1dc06093
JH		 3646 memset(buf, 0, sizeof(buf));
3647
e319d2e7 3648 bacpy(&ev->addr.bdaddr, bdaddr);
57c1477c 3649 ev->addr.type = link_to_bdaddr(link_type, addr_type);
e319d2e7 3650 ev->rssi = rssi;
9a395a80 3651 if (cfm_name)
612dfce9 3652 ev->flags |= __constant_cpu_to_le32(MGMT_DEV_FOUND_CONFIRM_NAME);
388fc8fa 3653 if (!ssp)
612dfce9 3654 ev->flags |= __constant_cpu_to_le32(MGMT_DEV_FOUND_LEGACY_PAIRING);
e17acd40 3655
1dc06093 3656 if (eir_len > 0)
e319d2e7 3657 memcpy(ev->eir, eir, eir_len);
e17acd40 3658
1dc06093
JH		 3659 if (dev_class && !eir_has_data_type(ev->eir, eir_len, EIR_CLASS_OF_DEV))
3660 eir_len = eir_append_data(ev->eir, eir_len, EIR_CLASS_OF_DEV,
04124681 3661 dev_class, 3);
1dc06093 3662
eb55ef07 3663 ev->eir_len = cpu_to_le16(eir_len);
1dc06093 3664 ev_size = sizeof(*ev) + eir_len;
f8523598 3665
e319d2e7 3666 return mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, ev_size, NULL);
e17acd40 3667}
a88a9652 3668
b644ba33 3669int mgmt_remote_name(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
04124681 3670 u8 addr_type, s8 rssi, u8 *name, u8 name_len)
a88a9652 3671{
b644ba33
JH		 3672 struct mgmt_ev_device_found *ev;
3673 char buf[sizeof(*ev) + HCI_MAX_NAME_LENGTH + 2];
3674 u16 eir_len;
a88a9652 3675
b644ba33 3676 ev = (struct mgmt_ev_device_found *) buf;
a88a9652 3677
b644ba33
JH		 3678 memset(buf, 0, sizeof(buf));
3679
3680 bacpy(&ev->addr.bdaddr, bdaddr);
57c1477c 3681 ev->addr.type = link_to_bdaddr(link_type, addr_type);
b644ba33
JH		 3682 ev->rssi = rssi;
3683
3684 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE, name,
04124681 3685 name_len);
b644ba33 3686
eb55ef07 3687 ev->eir_len = cpu_to_le16(eir_len);
a88a9652 3688
053c7e0c 3689 return mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev,
04124681 3690 sizeof(*ev) + eir_len, NULL);
a88a9652 3691}
314b2381 3692
7a135109 3693int mgmt_start_discovery_failed(struct hci_dev *hdev, u8 status)
164a6e78
JH		 3694{
3695 struct pending_cmd *cmd;
f808e166 3696 u8 type;
164a6e78
JH		 3697 int err;
3698
203159d4
AG		 3699 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
3700
2e58ef3e 3701 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
164a6e78
JH		 3702 if (!cmd)
3703 return -ENOENT;
3704
f808e166
JH		 3705 type = hdev->discovery.type;
3706
3707 err = cmd_complete(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status),
04124681 3708 &type, sizeof(type));
164a6e78
JH		 3709 mgmt_pending_remove(cmd);
3710
3711 return err;
3712}
3713
e6d465cb
AG		 3714int mgmt_stop_discovery_failed(struct hci_dev *hdev, u8 status)
3715{
3716 struct pending_cmd *cmd;
3717 int err;
3718
3719 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
3720 if (!cmd)
3721 return -ENOENT;
3722
d930650b 3723 err = cmd_complete(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status),
04124681 3724 &hdev->discovery.type, sizeof(hdev->discovery.type));
164a6e78
JH		 3725 mgmt_pending_remove(cmd);
3726
3727 return err;
3728}
3729
744cf19e 3730int mgmt_discovering(struct hci_dev *hdev, u8 discovering)
314b2381 3731{
f963e8e9 3732 struct mgmt_ev_discovering ev;
164a6e78
JH		 3733 struct pending_cmd *cmd;
3734
343fb145
AG		 3735 BT_DBG("%s discovering %u", hdev->name, discovering);
3736
164a6e78 3737 if (discovering)
2e58ef3e 3738 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
164a6e78 3739 else
2e58ef3e 3740 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
164a6e78
JH		 3741
3742 if (cmd != NULL) {
f808e166
JH		 3743 u8 type = hdev->discovery.type;
3744
04124681
GP		 3745 cmd_complete(cmd->sk, hdev->id, cmd->opcode, 0, &type,
3746 sizeof(type));
164a6e78
JH		 3747 mgmt_pending_remove(cmd);
3748 }
3749
f963e8e9
JH		 3750 memset(&ev, 0, sizeof(ev));
3751 ev.type = hdev->discovery.type;
3752 ev.discovering = discovering;
3753
3754 return mgmt_event(MGMT_EV_DISCOVERING, hdev, &ev, sizeof(ev), NULL);
314b2381 3755}
5e762444 3756
88c1fe4b 3757int mgmt_device_blocked(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
5e762444
AJ		 3758{
3759 struct pending_cmd *cmd;
3760 struct mgmt_ev_device_blocked ev;
3761
2e58ef3e 3762 cmd = mgmt_pending_find(MGMT_OP_BLOCK_DEVICE, hdev);
5e762444 3763
88c1fe4b
JH		 3764 bacpy(&ev.addr.bdaddr, bdaddr);
3765 ev.addr.type = type;
5e762444 3766
744cf19e 3767 return mgmt_event(MGMT_EV_DEVICE_BLOCKED, hdev, &ev, sizeof(ev),
04124681 3768 cmd ? cmd->sk : NULL);
5e762444
AJ		 3769}
3770
88c1fe4b 3771int mgmt_device_unblocked(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
5e762444
AJ		 3772{
3773 struct pending_cmd *cmd;
3774 struct mgmt_ev_device_unblocked ev;
3775
2e58ef3e 3776 cmd = mgmt_pending_find(MGMT_OP_UNBLOCK_DEVICE, hdev);
5e762444 3777
88c1fe4b
JH		 3778 bacpy(&ev.addr.bdaddr, bdaddr);
3779 ev.addr.type = type;
5e762444 3780
744cf19e 3781 return mgmt_event(MGMT_EV_DEVICE_UNBLOCKED, hdev, &ev, sizeof(ev),
04124681 3782 cmd ? cmd->sk : NULL);
5e762444 3783}
d7b7e796
MH		 3784
3785module_param(enable_hs, bool, 0644);
3786MODULE_PARM_DESC(enable_hs, "Enable High Speed support");
Linux kernel - Deliverables
This page took 0.394167 seconds and 5 git commands to generate.