projects / deliverable / linux.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Bluetooth: Add SMP function for generating RPAs
[deliverable/linux.git] / net / bluetooth / mgmt.c
CommitLineData
0381101f
JH		 1/*
2 BlueZ - Bluetooth protocol stack for Linux
ea585ab5 3
0381101f 4 Copyright (C) 2010 Nokia Corporation
ea585ab5 5 Copyright (C) 2011-2012 Intel Corporation
0381101f
JH		 6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
10
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
23*/
24
25/* Bluetooth HCI Management interface */
26
3a9a231d 27#include <linux/module.h>
0381101f
JH		 28#include <asm/unaligned.h>
29
30#include <net/bluetooth/bluetooth.h>
31#include <net/bluetooth/hci_core.h>
32#include <net/bluetooth/mgmt.h>
ac4b7236
MH		 33
34#include "smp.h"
0381101f 35
2da9c55c 36#define MGMT_VERSION 1
40456644 37#define MGMT_REVISION 5
02d98129 38
e70bb2e8
JH		 39static const u16 mgmt_commands[] = {
40 MGMT_OP_READ_INDEX_LIST,
41 MGMT_OP_READ_INFO,
42 MGMT_OP_SET_POWERED,
43 MGMT_OP_SET_DISCOVERABLE,
44 MGMT_OP_SET_CONNECTABLE,
45 MGMT_OP_SET_FAST_CONNECTABLE,
46 MGMT_OP_SET_PAIRABLE,
47 MGMT_OP_SET_LINK_SECURITY,
48 MGMT_OP_SET_SSP,
49 MGMT_OP_SET_HS,
50 MGMT_OP_SET_LE,
51 MGMT_OP_SET_DEV_CLASS,
52 MGMT_OP_SET_LOCAL_NAME,
53 MGMT_OP_ADD_UUID,
54 MGMT_OP_REMOVE_UUID,
55 MGMT_OP_LOAD_LINK_KEYS,
56 MGMT_OP_LOAD_LONG_TERM_KEYS,
57 MGMT_OP_DISCONNECT,
58 MGMT_OP_GET_CONNECTIONS,
59 MGMT_OP_PIN_CODE_REPLY,
60 MGMT_OP_PIN_CODE_NEG_REPLY,
61 MGMT_OP_SET_IO_CAPABILITY,
62 MGMT_OP_PAIR_DEVICE,
63 MGMT_OP_CANCEL_PAIR_DEVICE,
64 MGMT_OP_UNPAIR_DEVICE,
65 MGMT_OP_USER_CONFIRM_REPLY,
66 MGMT_OP_USER_CONFIRM_NEG_REPLY,
67 MGMT_OP_USER_PASSKEY_REPLY,
68 MGMT_OP_USER_PASSKEY_NEG_REPLY,
69 MGMT_OP_READ_LOCAL_OOB_DATA,
70 MGMT_OP_ADD_REMOTE_OOB_DATA,
71 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
72 MGMT_OP_START_DISCOVERY,
73 MGMT_OP_STOP_DISCOVERY,
74 MGMT_OP_CONFIRM_NAME,
75 MGMT_OP_BLOCK_DEVICE,
76 MGMT_OP_UNBLOCK_DEVICE,
cdbaccca 77 MGMT_OP_SET_DEVICE_ID,
4375f103 78 MGMT_OP_SET_ADVERTISING,
0663ca2a 79 MGMT_OP_SET_BREDR,
d13eafce 80 MGMT_OP_SET_STATIC_ADDRESS,
7f72134e 81 MGMT_OP_SET_SCAN_PARAMS,
e98d2ce2 82 MGMT_OP_SET_SECURE_CONN,
4e39ac81 83 MGMT_OP_SET_DEBUG_KEYS,
41edf160 84 MGMT_OP_LOAD_IRKS,
e70bb2e8
JH		 85};
86
87static const u16 mgmt_events[] = {
88 MGMT_EV_CONTROLLER_ERROR,
89 MGMT_EV_INDEX_ADDED,
90 MGMT_EV_INDEX_REMOVED,
91 MGMT_EV_NEW_SETTINGS,
92 MGMT_EV_CLASS_OF_DEV_CHANGED,
93 MGMT_EV_LOCAL_NAME_CHANGED,
94 MGMT_EV_NEW_LINK_KEY,
95 MGMT_EV_NEW_LONG_TERM_KEY,
96 MGMT_EV_DEVICE_CONNECTED,
97 MGMT_EV_DEVICE_DISCONNECTED,
98 MGMT_EV_CONNECT_FAILED,
99 MGMT_EV_PIN_CODE_REQUEST,
100 MGMT_EV_USER_CONFIRM_REQUEST,
101 MGMT_EV_USER_PASSKEY_REQUEST,
102 MGMT_EV_AUTH_FAILED,
103 MGMT_EV_DEVICE_FOUND,
104 MGMT_EV_DISCOVERING,
105 MGMT_EV_DEVICE_BLOCKED,
106 MGMT_EV_DEVICE_UNBLOCKED,
107 MGMT_EV_DEVICE_UNPAIRED,
92a25256 108 MGMT_EV_PASSKEY_NOTIFY,
1b60ef21 109 MGMT_EV_NEW_IRK,
e70bb2e8
JH		 110};
111
17b02e62 112#define CACHE_TIMEOUT msecs_to_jiffies(2 * 1000)
7d78525d 113
4b34ee78
JH		 114#define hdev_is_powered(hdev) (test_bit(HCI_UP, &hdev->flags) && \
115 !test_bit(HCI_AUTO_OFF, &hdev->dev_flags))
116
eec8d2bc
JH		 117struct pending_cmd {
118 struct list_head list;
fc2f4b13 119 u16 opcode;
eec8d2bc 120 int index;
c68fb7ff 121 void *param;
eec8d2bc 122 struct sock *sk;
e9a416b5 123 void *user_data;
eec8d2bc
JH		 124};
125
ca69b795
JH		 126/* HCI to MGMT error code conversion table */
127static u8 mgmt_status_table[] = {
128 MGMT_STATUS_SUCCESS,
129 MGMT_STATUS_UNKNOWN_COMMAND, /* Unknown Command */
130 MGMT_STATUS_NOT_CONNECTED, /* No Connection */
131 MGMT_STATUS_FAILED, /* Hardware Failure */
132 MGMT_STATUS_CONNECT_FAILED, /* Page Timeout */
133 MGMT_STATUS_AUTH_FAILED, /* Authentication Failed */
eadd663a 134 MGMT_STATUS_AUTH_FAILED, /* PIN or Key Missing */
ca69b795
JH		 135 MGMT_STATUS_NO_RESOURCES, /* Memory Full */
136 MGMT_STATUS_TIMEOUT, /* Connection Timeout */
137 MGMT_STATUS_NO_RESOURCES, /* Max Number of Connections */
138 MGMT_STATUS_NO_RESOURCES, /* Max Number of SCO Connections */
139 MGMT_STATUS_ALREADY_CONNECTED, /* ACL Connection Exists */
140 MGMT_STATUS_BUSY, /* Command Disallowed */
141 MGMT_STATUS_NO_RESOURCES, /* Rejected Limited Resources */
142 MGMT_STATUS_REJECTED, /* Rejected Security */
143 MGMT_STATUS_REJECTED, /* Rejected Personal */
144 MGMT_STATUS_TIMEOUT, /* Host Timeout */
145 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Feature */
146 MGMT_STATUS_INVALID_PARAMS, /* Invalid Parameters */
147 MGMT_STATUS_DISCONNECTED, /* OE User Ended Connection */
148 MGMT_STATUS_NO_RESOURCES, /* OE Low Resources */
149 MGMT_STATUS_DISCONNECTED, /* OE Power Off */
150 MGMT_STATUS_DISCONNECTED, /* Connection Terminated */
151 MGMT_STATUS_BUSY, /* Repeated Attempts */
152 MGMT_STATUS_REJECTED, /* Pairing Not Allowed */
153 MGMT_STATUS_FAILED, /* Unknown LMP PDU */
154 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Remote Feature */
155 MGMT_STATUS_REJECTED, /* SCO Offset Rejected */
156 MGMT_STATUS_REJECTED, /* SCO Interval Rejected */
157 MGMT_STATUS_REJECTED, /* Air Mode Rejected */
158 MGMT_STATUS_INVALID_PARAMS, /* Invalid LMP Parameters */
159 MGMT_STATUS_FAILED, /* Unspecified Error */
160 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported LMP Parameter Value */
161 MGMT_STATUS_FAILED, /* Role Change Not Allowed */
162 MGMT_STATUS_TIMEOUT, /* LMP Response Timeout */
163 MGMT_STATUS_FAILED, /* LMP Error Transaction Collision */
164 MGMT_STATUS_FAILED, /* LMP PDU Not Allowed */
165 MGMT_STATUS_REJECTED, /* Encryption Mode Not Accepted */
166 MGMT_STATUS_FAILED, /* Unit Link Key Used */
167 MGMT_STATUS_NOT_SUPPORTED, /* QoS Not Supported */
168 MGMT_STATUS_TIMEOUT, /* Instant Passed */
169 MGMT_STATUS_NOT_SUPPORTED, /* Pairing Not Supported */
170 MGMT_STATUS_FAILED, /* Transaction Collision */
171 MGMT_STATUS_INVALID_PARAMS, /* Unacceptable Parameter */
172 MGMT_STATUS_REJECTED, /* QoS Rejected */
173 MGMT_STATUS_NOT_SUPPORTED, /* Classification Not Supported */
174 MGMT_STATUS_REJECTED, /* Insufficient Security */
175 MGMT_STATUS_INVALID_PARAMS, /* Parameter Out Of Range */
176 MGMT_STATUS_BUSY, /* Role Switch Pending */
177 MGMT_STATUS_FAILED, /* Slot Violation */
178 MGMT_STATUS_FAILED, /* Role Switch Failed */
179 MGMT_STATUS_INVALID_PARAMS, /* EIR Too Large */
180 MGMT_STATUS_NOT_SUPPORTED, /* Simple Pairing Not Supported */
181 MGMT_STATUS_BUSY, /* Host Busy Pairing */
182 MGMT_STATUS_REJECTED, /* Rejected, No Suitable Channel */
183 MGMT_STATUS_BUSY, /* Controller Busy */
184 MGMT_STATUS_INVALID_PARAMS, /* Unsuitable Connection Interval */
185 MGMT_STATUS_TIMEOUT, /* Directed Advertising Timeout */
186 MGMT_STATUS_AUTH_FAILED, /* Terminated Due to MIC Failure */
187 MGMT_STATUS_CONNECT_FAILED, /* Connection Establishment Failed */
188 MGMT_STATUS_CONNECT_FAILED, /* MAC Connection Failed */
189};
190
191static u8 mgmt_status(u8 hci_status)
192{
193 if (hci_status < ARRAY_SIZE(mgmt_status_table))
194 return mgmt_status_table[hci_status];
195
196 return MGMT_STATUS_FAILED;
197}
198
4e51eae9 199static int cmd_status(struct sock *sk, u16 index, u16 cmd, u8 status)
f7b64e69
JH		 200{
201 struct sk_buff *skb;
202 struct mgmt_hdr *hdr;
203 struct mgmt_ev_cmd_status *ev;
56b7d137 204 int err;
f7b64e69 205
34eb525c 206 BT_DBG("sock %p, index %u, cmd %u, status %u", sk, index, cmd, status);
f7b64e69 207
790eff44 208 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev), GFP_KERNEL);
f7b64e69
JH		 209 if (!skb)
210 return -ENOMEM;
211
212 hdr = (void *) skb_put(skb, sizeof(*hdr));
213
612dfce9 214 hdr->opcode = __constant_cpu_to_le16(MGMT_EV_CMD_STATUS);
4e51eae9 215 hdr->index = cpu_to_le16(index);
f7b64e69
JH		 216 hdr->len = cpu_to_le16(sizeof(*ev));
217
218 ev = (void *) skb_put(skb, sizeof(*ev));
219 ev->status = status;
eb55ef07 220 ev->opcode = cpu_to_le16(cmd);
f7b64e69 221
56b7d137
GP		 222 err = sock_queue_rcv_skb(sk, skb);
223 if (err < 0)
f7b64e69
JH		 224 kfree_skb(skb);
225
56b7d137 226 return err;
f7b64e69
JH		 227}
228
aee9b218 229static int cmd_complete(struct sock *sk, u16 index, u16 cmd, u8 status,
04124681 230 void *rp, size_t rp_len)
02d98129
JH		 231{
232 struct sk_buff *skb;
233 struct mgmt_hdr *hdr;
234 struct mgmt_ev_cmd_complete *ev;
56b7d137 235 int err;
02d98129
JH		 236
237 BT_DBG("sock %p", sk);
238
790eff44 239 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev) + rp_len, GFP_KERNEL);
02d98129
JH		 240 if (!skb)
241 return -ENOMEM;
242
243 hdr = (void *) skb_put(skb, sizeof(*hdr));
02d98129 244
612dfce9 245 hdr->opcode = __constant_cpu_to_le16(MGMT_EV_CMD_COMPLETE);
4e51eae9 246 hdr->index = cpu_to_le16(index);
a38528f1 247 hdr->len = cpu_to_le16(sizeof(*ev) + rp_len);
02d98129 248
a38528f1 249 ev = (void *) skb_put(skb, sizeof(*ev) + rp_len);
eb55ef07 250 ev->opcode = cpu_to_le16(cmd);
aee9b218 251 ev->status = status;
8020c16a
SJ		 252
253 if (rp)
254 memcpy(ev->data, rp, rp_len);
02d98129 255
56b7d137
GP		 256 err = sock_queue_rcv_skb(sk, skb);
257 if (err < 0)
02d98129
JH		 258 kfree_skb(skb);
259
e5f0e151 260 return err;
02d98129
JH		 261}
262
04124681
GP		 263static int read_version(struct sock *sk, struct hci_dev *hdev, void *data,
264 u16 data_len)
a38528f1
JH		 265{
266 struct mgmt_rp_read_version rp;
267
268 BT_DBG("sock %p", sk);
269
270 rp.version = MGMT_VERSION;
eb55ef07 271 rp.revision = __constant_cpu_to_le16(MGMT_REVISION);
a38528f1 272
aee9b218 273 return cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_VERSION, 0, &rp,
04124681 274 sizeof(rp));
a38528f1
JH		 275}
276
04124681
GP		 277static int read_commands(struct sock *sk, struct hci_dev *hdev, void *data,
278 u16 data_len)
e70bb2e8
JH		 279{
280 struct mgmt_rp_read_commands *rp;
eb55ef07
MH		 281 const u16 num_commands = ARRAY_SIZE(mgmt_commands);
282 const u16 num_events = ARRAY_SIZE(mgmt_events);
2e3c35ea 283 __le16 *opcode;
e70bb2e8
JH		 284 size_t rp_size;
285 int i, err;
286
287 BT_DBG("sock %p", sk);
288
289 rp_size = sizeof(*rp) + ((num_commands + num_events) * sizeof(u16));
290
291 rp = kmalloc(rp_size, GFP_KERNEL);
292 if (!rp)
293 return -ENOMEM;
294
eb55ef07
MH		 295 rp->num_commands = __constant_cpu_to_le16(num_commands);
296 rp->num_events = __constant_cpu_to_le16(num_events);
e70bb2e8
JH		 297
298 for (i = 0, opcode = rp->opcodes; i < num_commands; i++, opcode++)
299 put_unaligned_le16(mgmt_commands[i], opcode);
300
301 for (i = 0; i < num_events; i++, opcode++)
302 put_unaligned_le16(mgmt_events[i], opcode);
303
aee9b218 304 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_COMMANDS, 0, rp,
04124681 305 rp_size);
e70bb2e8
JH		 306 kfree(rp);
307
308 return err;
309}
310
04124681
GP		 311static int read_index_list(struct sock *sk, struct hci_dev *hdev, void *data,
312 u16 data_len)
faba42eb 313{
faba42eb 314 struct mgmt_rp_read_index_list *rp;
8035ded4 315 struct hci_dev *d;
a38528f1 316 size_t rp_len;
faba42eb 317 u16 count;
476e44cb 318 int err;
faba42eb
JH		 319
320 BT_DBG("sock %p", sk);
321
322 read_lock(&hci_dev_list_lock);
323
324 count = 0;
bb4b2a9a 325 list_for_each_entry(d, &hci_dev_list, list) {
1514b892
MH		 326 if (d->dev_type == HCI_BREDR)
327 count++;
faba42eb
JH		 328 }
329
a38528f1
JH		 330 rp_len = sizeof(*rp) + (2 * count);
331 rp = kmalloc(rp_len, GFP_ATOMIC);
332 if (!rp) {
b2c60d42 333 read_unlock(&hci_dev_list_lock);
faba42eb 334 return -ENOMEM;
b2c60d42 335 }
faba42eb 336
476e44cb 337 count = 0;
8035ded4 338 list_for_each_entry(d, &hci_dev_list, list) {
a8b2d5c2 339 if (test_bit(HCI_SETUP, &d->dev_flags))
ab81cbf9
JH		 340 continue;
341
0736cfa8
MH		 342 if (test_bit(HCI_USER_CHANNEL, &d->dev_flags))
343 continue;
344
1514b892
MH		 345 if (d->dev_type == HCI_BREDR) {
346 rp->index[count++] = cpu_to_le16(d->id);
347 BT_DBG("Added hci%u", d->id);
348 }
faba42eb
JH		 349 }
350
476e44cb
JH		 351 rp->num_controllers = cpu_to_le16(count);
352 rp_len = sizeof(*rp) + (2 * count);
353
faba42eb
JH		 354 read_unlock(&hci_dev_list_lock);
355
aee9b218 356 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_INDEX_LIST, 0, rp,
04124681 357 rp_len);
faba42eb 358
a38528f1
JH		 359 kfree(rp);
360
361 return err;
faba42eb
JH		 362}
363
69ab39ea
JH		 364static u32 get_supported_settings(struct hci_dev *hdev)
365{
366 u32 settings = 0;
367
368 settings |= MGMT_SETTING_POWERED;
69ab39ea 369 settings |= MGMT_SETTING_PAIRABLE;
b1de97d8 370 settings |= MGMT_SETTING_DEBUG_KEYS;
69ab39ea 371
ed3fa31f 372 if (lmp_bredr_capable(hdev)) {
33c525c0 373 settings |= MGMT_SETTING_CONNECTABLE;
1a47aee8
JH		 374 if (hdev->hci_ver >= BLUETOOTH_VER_1_2)
375 settings |= MGMT_SETTING_FAST_CONNECTABLE;
33c525c0 376 settings |= MGMT_SETTING_DISCOVERABLE;
69ab39ea
JH		 377 settings |= MGMT_SETTING_BREDR;
378 settings |= MGMT_SETTING_LINK_SECURITY;
a82974c9
MH		 379
380 if (lmp_ssp_capable(hdev)) {
381 settings |= MGMT_SETTING_SSP;
382 settings |= MGMT_SETTING_HS;
383 }
e98d2ce2 384
5afeac14
MH		 385 if (lmp_sc_capable(hdev) ||
386 test_bit(HCI_FORCE_SC, &hdev->dev_flags))
e98d2ce2 387 settings |= MGMT_SETTING_SECURE_CONN;
848566b3 388 }
d7b7e796 389
eeca6f89 390 if (lmp_le_capable(hdev)) {
9d42820f 391 settings |= MGMT_SETTING_LE;
eeca6f89 392 settings |= MGMT_SETTING_ADVERTISING;
0f4bd942 393 settings |= MGMT_SETTING_PRIVACY;
eeca6f89 394 }
69ab39ea
JH		 395
396 return settings;
397}
398
399static u32 get_current_settings(struct hci_dev *hdev)
400{
401 u32 settings = 0;
402
f1f0eb02 403 if (hdev_is_powered(hdev))
f0d4b78a
MH		 404 settings |= MGMT_SETTING_POWERED;
405
5e5282bb 406 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
69ab39ea
JH		 407 settings |= MGMT_SETTING_CONNECTABLE;
408
1a4d3c4b
JH		 409 if (test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags))
410 settings |= MGMT_SETTING_FAST_CONNECTABLE;
411
5e5282bb 412 if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
69ab39ea
JH		 413 settings |= MGMT_SETTING_DISCOVERABLE;
414
a8b2d5c2 415 if (test_bit(HCI_PAIRABLE, &hdev->dev_flags))
69ab39ea
JH		 416 settings |= MGMT_SETTING_PAIRABLE;
417
56f87901 418 if (test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
69ab39ea
JH		 419 settings |= MGMT_SETTING_BREDR;
420
06199cf8 421 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
69ab39ea
JH		 422 settings |= MGMT_SETTING_LE;
423
47990ea0 424 if (test_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
69ab39ea
JH		 425 settings |= MGMT_SETTING_LINK_SECURITY;
426
84bde9d6 427 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
69ab39ea
JH		 428 settings |= MGMT_SETTING_SSP;
429
6d80dfd0
JH		 430 if (test_bit(HCI_HS_ENABLED, &hdev->dev_flags))
431 settings |= MGMT_SETTING_HS;
432
f3d3444a 433 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags))
eeca6f89
JH		 434 settings |= MGMT_SETTING_ADVERTISING;
435
e98d2ce2
MH		 436 if (test_bit(HCI_SC_ENABLED, &hdev->dev_flags))
437 settings |= MGMT_SETTING_SECURE_CONN;
438
b1de97d8
MH		 439 if (test_bit(HCI_DEBUG_KEYS, &hdev->dev_flags))
440 settings |= MGMT_SETTING_DEBUG_KEYS;
441
0f4bd942
JH		 442 if (test_bit(HCI_PRIVACY, &hdev->dev_flags))
443 settings |= MGMT_SETTING_PRIVACY;
444
69ab39ea
JH		 445 return settings;
446}
447
ef580372
JH		 448#define PNP_INFO_SVCLASS_ID 0x1200
449
213202ed
JH		 450static u8 *create_uuid16_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
451{
452 u8 *ptr = data, *uuids_start = NULL;
453 struct bt_uuid *uuid;
454
455 if (len < 4)
456 return ptr;
457
458 list_for_each_entry(uuid, &hdev->uuids, list) {
459 u16 uuid16;
460
461 if (uuid->size != 16)
462 continue;
463
464 uuid16 = get_unaligned_le16(&uuid->uuid[12]);
465 if (uuid16 < 0x1100)
466 continue;
467
468 if (uuid16 == PNP_INFO_SVCLASS_ID)
469 continue;
470
471 if (!uuids_start) {
472 uuids_start = ptr;
473 uuids_start[0] = 1;
474 uuids_start[1] = EIR_UUID16_ALL;
475 ptr += 2;
476 }
477
478 /* Stop if not enough space to put next UUID */
479 if ((ptr - data) + sizeof(u16) > len) {
480 uuids_start[1] = EIR_UUID16_SOME;
481 break;
482 }
483
484 *ptr++ = (uuid16 & 0x00ff);
485 *ptr++ = (uuid16 & 0xff00) >> 8;
486 uuids_start[0] += sizeof(uuid16);
487 }
488
489 return ptr;
490}
491
cdf1963f
JH		 492static u8 *create_uuid32_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
493{
494 u8 *ptr = data, *uuids_start = NULL;
495 struct bt_uuid *uuid;
496
497 if (len < 6)
498 return ptr;
499
500 list_for_each_entry(uuid, &hdev->uuids, list) {
501 if (uuid->size != 32)
502 continue;
503
504 if (!uuids_start) {
505 uuids_start = ptr;
506 uuids_start[0] = 1;
507 uuids_start[1] = EIR_UUID32_ALL;
508 ptr += 2;
509 }
510
511 /* Stop if not enough space to put next UUID */
512 if ((ptr - data) + sizeof(u32) > len) {
513 uuids_start[1] = EIR_UUID32_SOME;
514 break;
515 }
516
517 memcpy(ptr, &uuid->uuid[12], sizeof(u32));
518 ptr += sizeof(u32);
519 uuids_start[0] += sizeof(u32);
520 }
521
522 return ptr;
523}
524
c00d575b
JH		 525static u8 *create_uuid128_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
526{
527 u8 *ptr = data, *uuids_start = NULL;
528 struct bt_uuid *uuid;
529
530 if (len < 18)
531 return ptr;
532
533 list_for_each_entry(uuid, &hdev->uuids, list) {
534 if (uuid->size != 128)
535 continue;
536
537 if (!uuids_start) {
538 uuids_start = ptr;
539 uuids_start[0] = 1;
540 uuids_start[1] = EIR_UUID128_ALL;
541 ptr += 2;
542 }
543
544 /* Stop if not enough space to put next UUID */
545 if ((ptr - data) + 16 > len) {
546 uuids_start[1] = EIR_UUID128_SOME;
547 break;
548 }
549
550 memcpy(ptr, uuid->uuid, 16);
551 ptr += 16;
552 uuids_start[0] += 16;
553 }
554
555 return ptr;
556}
557
eb2a8d20
JH		 558static struct pending_cmd *mgmt_pending_find(u16 opcode, struct hci_dev *hdev)
559{
560 struct pending_cmd *cmd;
561
562 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
563 if (cmd->opcode == opcode)
564 return cmd;
565 }
566
567 return NULL;
568}
569
f14d8f64
MH		 570static u8 create_scan_rsp_data(struct hci_dev *hdev, u8 *ptr)
571{
7a5f4990
MH		 572 u8 ad_len = 0;
573 size_t name_len;
574
575 name_len = strlen(hdev->dev_name);
576 if (name_len > 0) {
577 size_t max_len = HCI_MAX_AD_LENGTH - ad_len - 2;
578
579 if (name_len > max_len) {
580 name_len = max_len;
581 ptr[1] = EIR_NAME_SHORT;
582 } else
583 ptr[1] = EIR_NAME_COMPLETE;
584
585 ptr[0] = name_len + 1;
586
587 memcpy(ptr + 2, hdev->dev_name, name_len);
588
589 ad_len += (name_len + 2);
590 ptr += (name_len + 2);
591 }
592
593 return ad_len;
f14d8f64
MH		 594}
595
596static void update_scan_rsp_data(struct hci_request *req)
597{
598 struct hci_dev *hdev = req->hdev;
599 struct hci_cp_le_set_scan_rsp_data cp;
600 u8 len;
601
7751ef1b 602 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
f14d8f64
MH		 603 return;
604
605 memset(&cp, 0, sizeof(cp));
606
607 len = create_scan_rsp_data(hdev, cp.data);
608
eb438b5f
JH		 609 if (hdev->scan_rsp_data_len == len &&
610 memcmp(cp.data, hdev->scan_rsp_data, len) == 0)
f14d8f64
MH		 611 return;
612
eb438b5f
JH		 613 memcpy(hdev->scan_rsp_data, cp.data, sizeof(cp.data));
614 hdev->scan_rsp_data_len = len;
f14d8f64
MH		 615
616 cp.length = len;
617
618 hci_req_add(req, HCI_OP_LE_SET_SCAN_RSP_DATA, sizeof(cp), &cp);
619}
620
9a43e25f
JH		 621static u8 get_adv_discov_flags(struct hci_dev *hdev)
622{
623 struct pending_cmd *cmd;
624
625 /* If there's a pending mgmt command the flags will not yet have
626 * their final values, so check for this first.
627 */
628 cmd = mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev);
629 if (cmd) {
630 struct mgmt_mode *cp = cmd->param;
631 if (cp->val == 0x01)
632 return LE_AD_GENERAL;
633 else if (cp->val == 0x02)
634 return LE_AD_LIMITED;
635 } else {
636 if (test_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags))
637 return LE_AD_LIMITED;
638 else if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
639 return LE_AD_GENERAL;
640 }
641
642 return 0;
643}
644
46cad2ed 645static u8 create_adv_data(struct hci_dev *hdev, u8 *ptr)
441ad2d0
MH		 646{
647 u8 ad_len = 0, flags = 0;
441ad2d0 648
9a43e25f 649 flags |= get_adv_discov_flags(hdev);
441ad2d0 650
e834004b 651 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
441ad2d0 652 flags |= LE_AD_NO_BREDR;
441ad2d0
MH		 653
654 if (flags) {
655 BT_DBG("adv flags 0x%02x", flags);
656
657 ptr[0] = 2;
658 ptr[1] = EIR_FLAGS;
659 ptr[2] = flags;
660
661 ad_len += 3;
662 ptr += 3;
663 }
664
665 if (hdev->adv_tx_power != HCI_TX_POWER_INVALID) {
666 ptr[0] = 2;
667 ptr[1] = EIR_TX_POWER;
668 ptr[2] = (u8) hdev->adv_tx_power;
669
670 ad_len += 3;
671 ptr += 3;
672 }
673
441ad2d0
MH		 674 return ad_len;
675}
676
5947f4bc 677static void update_adv_data(struct hci_request *req)
441ad2d0
MH		 678{
679 struct hci_dev *hdev = req->hdev;
680 struct hci_cp_le_set_adv_data cp;
681 u8 len;
682
10994ce6 683 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
441ad2d0
MH		 684 return;
685
686 memset(&cp, 0, sizeof(cp));
687
46cad2ed 688 len = create_adv_data(hdev, cp.data);
441ad2d0
MH		 689
690 if (hdev->adv_data_len == len &&
691 memcmp(cp.data, hdev->adv_data, len) == 0)
692 return;
693
694 memcpy(hdev->adv_data, cp.data, sizeof(cp.data));
695 hdev->adv_data_len = len;
696
697 cp.length = len;
698
699 hci_req_add(req, HCI_OP_LE_SET_ADV_DATA, sizeof(cp), &cp);
700}
701
ef580372
JH		 702static void create_eir(struct hci_dev *hdev, u8 *data)
703{
704 u8 *ptr = data;
ef580372
JH		 705 size_t name_len;
706
707 name_len = strlen(hdev->dev_name);
708
709 if (name_len > 0) {
710 /* EIR Data type */
711 if (name_len > 48) {
712 name_len = 48;
713 ptr[1] = EIR_NAME_SHORT;
714 } else
715 ptr[1] = EIR_NAME_COMPLETE;
716
717 /* EIR Data length */
718 ptr[0] = name_len + 1;
719
720 memcpy(ptr + 2, hdev->dev_name, name_len);
721
ef580372
JH		 722 ptr += (name_len + 2);
723 }
724
bbaf444a 725 if (hdev->inq_tx_power != HCI_TX_POWER_INVALID) {
91c4e9b1
MH		 726 ptr[0] = 2;
727 ptr[1] = EIR_TX_POWER;
728 ptr[2] = (u8) hdev->inq_tx_power;
729
91c4e9b1
MH		 730 ptr += 3;
731 }
732
2b9be137
MH		 733 if (hdev->devid_source > 0) {
734 ptr[0] = 9;
735 ptr[1] = EIR_DEVICE_ID;
736
737 put_unaligned_le16(hdev->devid_source, ptr + 2);
738 put_unaligned_le16(hdev->devid_vendor, ptr + 4);
739 put_unaligned_le16(hdev->devid_product, ptr + 6);
740 put_unaligned_le16(hdev->devid_version, ptr + 8);
741
2b9be137
MH		 742 ptr += 10;
743 }
744
213202ed 745 ptr = create_uuid16_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
cdf1963f 746 ptr = create_uuid32_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
c00d575b 747 ptr = create_uuid128_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
ef580372
JH		 748}
749
890ea898 750static void update_eir(struct hci_request *req)
ef580372 751{
890ea898 752 struct hci_dev *hdev = req->hdev;
ef580372
JH		 753 struct hci_cp_write_eir cp;
754
504c8dcd 755 if (!hdev_is_powered(hdev))
890ea898 756 return;
7770c4aa 757
976eb20e 758 if (!lmp_ext_inq_capable(hdev))
890ea898 759 return;
ef580372 760
84bde9d6 761 if (!test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
890ea898 762 return;
ef580372 763
a8b2d5c2 764 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
890ea898 765 return;
ef580372
JH		 766
767 memset(&cp, 0, sizeof(cp));
768
769 create_eir(hdev, cp.data);
770
771 if (memcmp(cp.data, hdev->eir, sizeof(cp.data)) == 0)
890ea898 772 return;
ef580372
JH		 773
774 memcpy(hdev->eir, cp.data, sizeof(cp.data));
775
890ea898 776 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
ef580372
JH		 777}
778
779static u8 get_service_classes(struct hci_dev *hdev)
780{
781 struct bt_uuid *uuid;
782 u8 val = 0;
783
784 list_for_each_entry(uuid, &hdev->uuids, list)
785 val |= uuid->svc_hint;
786
787 return val;
788}
789
890ea898 790static void update_class(struct hci_request *req)
ef580372 791{
890ea898 792 struct hci_dev *hdev = req->hdev;
ef580372
JH		 793 u8 cod[3];
794
795 BT_DBG("%s", hdev->name);
796
504c8dcd 797 if (!hdev_is_powered(hdev))
890ea898 798 return;
7770c4aa 799
f87ea1da
JH		 800 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
801 return;
802
a8b2d5c2 803 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
890ea898 804 return;
ef580372
JH		 805
806 cod[0] = hdev->minor_class;
807 cod[1] = hdev->major_class;
808 cod[2] = get_service_classes(hdev);
809
6acd7db4
MH		 810 if (test_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags))
811 cod[1] |= 0x20;
812
ef580372 813 if (memcmp(cod, hdev->dev_class, 3) == 0)
890ea898 814 return;
ef580372 815
890ea898 816 hci_req_add(req, HCI_OP_WRITE_CLASS_OF_DEV, sizeof(cod), cod);
ef580372
JH		 817}
818
199a2fb1
JH		 819static u8 get_adv_type(struct hci_dev *hdev)
820{
821 struct pending_cmd *cmd;
822 bool connectable;
823
824 /* If there's a pending mgmt command the flag will not yet have
825 * it's final value, so check for this first.
826 */
827 cmd = mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
828 if (cmd) {
829 struct mgmt_mode *cp = cmd->param;
830 connectable = !!cp->val;
831 } else {
832 connectable = test_bit(HCI_CONNECTABLE, &hdev->dev_flags);
833 }
834
835 return connectable ? LE_ADV_IND : LE_ADV_NONCONN_IND;
836}
837
838static void enable_advertising(struct hci_request *req)
839{
840 struct hci_dev *hdev = req->hdev;
841 struct hci_cp_le_set_adv_param cp;
842 u8 enable = 0x01;
843
844 memset(&cp, 0, sizeof(cp));
845 cp.min_interval = __constant_cpu_to_le16(0x0800);
846 cp.max_interval = __constant_cpu_to_le16(0x0800);
847 cp.type = get_adv_type(hdev);
848 cp.own_address_type = hdev->own_addr_type;
849 cp.channel_map = hdev->le_adv_channel_map;
850
851 hci_req_add(req, HCI_OP_LE_SET_ADV_PARAM, sizeof(cp), &cp);
852
853 hci_req_add(req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable), &enable);
854}
855
856static void disable_advertising(struct hci_request *req)
857{
858 u8 enable = 0x00;
859
860 hci_req_add(req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable), &enable);
861}
862
7d78525d
JH		 863static void service_cache_off(struct work_struct *work)
864{
865 struct hci_dev *hdev = container_of(work, struct hci_dev,
04124681 866 service_cache.work);
890ea898 867 struct hci_request req;
7d78525d 868
a8b2d5c2 869 if (!test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
7d78525d
JH		 870 return;
871
890ea898
JH		 872 hci_req_init(&req, hdev);
873
7d78525d
JH		 874 hci_dev_lock(hdev);
875
890ea898
JH		 876 update_eir(&req);
877 update_class(&req);
7d78525d
JH		 878
879 hci_dev_unlock(hdev);
890ea898
JH		 880
881 hci_req_run(&req, NULL);
7d78525d
JH		 882}
883
6a919082 884static void mgmt_init_hdev(struct sock *sk, struct hci_dev *hdev)
7d78525d 885{
4f87da80 886 if (test_and_set_bit(HCI_MGMT, &hdev->dev_flags))
6a919082
JH		 887 return;
888
4f87da80 889 INIT_DELAYED_WORK(&hdev->service_cache, service_cache_off);
7d78525d 890
4f87da80
JH		 891 /* Non-mgmt controlled devices get this bit set
892 * implicitly so that pairing works for them, however
893 * for mgmt we require user-space to explicitly enable
894 * it
895 */
896 clear_bit(HCI_PAIRABLE, &hdev->dev_flags);
7d78525d
JH		 897}
898
0f4e68cf 899static int read_controller_info(struct sock *sk, struct hci_dev *hdev,
04124681 900 void *data, u16 data_len)
0381101f 901{
a38528f1 902 struct mgmt_rp_read_info rp;
f7b64e69 903
bdb6d971 904 BT_DBG("sock %p %s", sk, hdev->name);
f7b64e69 905
09fd0de5 906 hci_dev_lock(hdev);
f7b64e69 907
dc4fe30b
JH		 908 memset(&rp, 0, sizeof(rp));
909
69ab39ea 910 bacpy(&rp.bdaddr, &hdev->bdaddr);
f7b64e69 911
69ab39ea 912 rp.version = hdev->hci_ver;
eb55ef07 913 rp.manufacturer = cpu_to_le16(hdev->manufacturer);
69ab39ea
JH		 914
915 rp.supported_settings = cpu_to_le32(get_supported_settings(hdev));
916 rp.current_settings = cpu_to_le32(get_current_settings(hdev));
f7b64e69 917
a38528f1 918 memcpy(rp.dev_class, hdev->dev_class, 3);
f7b64e69 919
dc4fe30b 920 memcpy(rp.name, hdev->dev_name, sizeof(hdev->dev_name));
27fcc362 921 memcpy(rp.short_name, hdev->short_name, sizeof(hdev->short_name));
dc4fe30b 922
09fd0de5 923 hci_dev_unlock(hdev);
0381101f 924
bdb6d971 925 return cmd_complete(sk, hdev->id, MGMT_OP_READ_INFO, 0, &rp,
04124681 926 sizeof(rp));
0381101f
JH		 927}
928
eec8d2bc
JH		 929static void mgmt_pending_free(struct pending_cmd *cmd)
930{
931 sock_put(cmd->sk);
c68fb7ff 932 kfree(cmd->param);
eec8d2bc
JH		 933 kfree(cmd);
934}
935
366a0336 936static struct pending_cmd *mgmt_pending_add(struct sock *sk, u16 opcode,
04124681
GP		 937 struct hci_dev *hdev, void *data,
938 u16 len)
eec8d2bc
JH		 939{
940 struct pending_cmd *cmd;
941
12b94565 942 cmd = kmalloc(sizeof(*cmd), GFP_KERNEL);
eec8d2bc 943 if (!cmd)
366a0336 944 return NULL;
eec8d2bc
JH		 945
946 cmd->opcode = opcode;
2e58ef3e 947 cmd->index = hdev->id;
eec8d2bc 948
12b94565 949 cmd->param = kmalloc(len, GFP_KERNEL);
c68fb7ff 950 if (!cmd->param) {
eec8d2bc 951 kfree(cmd);
366a0336 952 return NULL;
eec8d2bc
JH		 953 }
954
8fce6357
SJ		 955 if (data)
956 memcpy(cmd->param, data, len);
eec8d2bc
JH		 957
958 cmd->sk = sk;
959 sock_hold(sk);
960
2e58ef3e 961 list_add(&cmd->list, &hdev->mgmt_pending);
eec8d2bc 962
366a0336 963 return cmd;
eec8d2bc
JH		 964}
965
744cf19e 966static void mgmt_pending_foreach(u16 opcode, struct hci_dev *hdev,
8fc9ced3
GP		 967 void (*cb)(struct pending_cmd *cmd,
968 void *data),
04124681 969 void *data)
eec8d2bc 970{
a3d09356 971 struct pending_cmd *cmd, *tmp;
eec8d2bc 972
a3d09356 973 list_for_each_entry_safe(cmd, tmp, &hdev->mgmt_pending, list) {
b24752fe 974 if (opcode > 0 && cmd->opcode != opcode)
eec8d2bc
JH		 975 continue;
976
eec8d2bc
JH		 977 cb(cmd, data);
978 }
979}
980
a664b5bc 981static void mgmt_pending_remove(struct pending_cmd *cmd)
73f22f62 982{
73f22f62
JH		 983 list_del(&cmd->list);
984 mgmt_pending_free(cmd);
985}
986
69ab39ea 987static int send_settings_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
8680570b 988{
69ab39ea 989 __le32 settings = cpu_to_le32(get_current_settings(hdev));
8680570b 990
aee9b218 991 return cmd_complete(sk, hdev->id, opcode, 0, &settings,
04124681 992 sizeof(settings));
8680570b
JH		 993}
994
bdb6d971 995static int set_powered(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 996 u16 len)
eec8d2bc 997{
650f726d 998 struct mgmt_mode *cp = data;
366a0336 999 struct pending_cmd *cmd;
4b34ee78 1000 int err;
eec8d2bc 1001
bdb6d971 1002 BT_DBG("request for %s", hdev->name);
eec8d2bc 1003
a7e80f25
JH		 1004 if (cp->val != 0x00 && cp->val != 0x01)
1005 return cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
1006 MGMT_STATUS_INVALID_PARAMS);
1007
09fd0de5 1008 hci_dev_lock(hdev);
eec8d2bc 1009
87b95ba6
JH		 1010 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev)) {
1011 err = cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
1012 MGMT_STATUS_BUSY);
1013 goto failed;
1014 }
1015
f0d4b78a
MH		 1016 if (test_and_clear_bit(HCI_AUTO_OFF, &hdev->dev_flags)) {
1017 cancel_delayed_work(&hdev->power_off);
1018
1019 if (cp->val) {
a1d70450
JH		 1020 mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev,
1021 data, len);
1022 err = mgmt_powered(hdev, 1);
f0d4b78a
MH		 1023 goto failed;
1024 }
1025 }
1026
4b34ee78 1027 if (!!cp->val == hdev_is_powered(hdev)) {
69ab39ea 1028 err = send_settings_rsp(sk, MGMT_OP_SET_POWERED, hdev);
eec8d2bc
JH		 1029 goto failed;
1030 }
1031
2e58ef3e 1032 cmd = mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev, data, len);
366a0336
JH		 1033 if (!cmd) {
1034 err = -ENOMEM;
eec8d2bc 1035 goto failed;
366a0336 1036 }
eec8d2bc 1037
72a734ec 1038 if (cp->val)
19202573 1039 queue_work(hdev->req_workqueue, &hdev->power_on);
eec8d2bc 1040 else
19202573 1041 queue_work(hdev->req_workqueue, &hdev->power_off.work);
eec8d2bc 1042
366a0336 1043 err = 0;
eec8d2bc
JH		 1044
1045failed:
09fd0de5 1046 hci_dev_unlock(hdev);
366a0336 1047 return err;
eec8d2bc
JH		 1048}
1049
04124681
GP		 1050static int mgmt_event(u16 event, struct hci_dev *hdev, void *data, u16 data_len,
1051 struct sock *skip_sk)
beadb2bd
JH		 1052{
1053 struct sk_buff *skb;
1054 struct mgmt_hdr *hdr;
1055
790eff44 1056 skb = alloc_skb(sizeof(*hdr) + data_len, GFP_KERNEL);
beadb2bd
JH		 1057 if (!skb)
1058 return -ENOMEM;
1059
1060 hdr = (void *) skb_put(skb, sizeof(*hdr));
1061 hdr->opcode = cpu_to_le16(event);
1062 if (hdev)
1063 hdr->index = cpu_to_le16(hdev->id);
1064 else
612dfce9 1065 hdr->index = __constant_cpu_to_le16(MGMT_INDEX_NONE);
beadb2bd
JH		 1066 hdr->len = cpu_to_le16(data_len);
1067
1068 if (data)
1069 memcpy(skb_put(skb, data_len), data, data_len);
1070
97e0bdeb
MH		 1071 /* Time stamp */
1072 __net_timestamp(skb);
1073
beadb2bd
JH		 1074 hci_send_to_control(skb, skip_sk);
1075 kfree_skb(skb);
1076
1077 return 0;
1078}
1079
1080static int new_settings(struct hci_dev *hdev, struct sock *skip)
1081{
1082 __le32 ev;
1083
1084 ev = cpu_to_le32(get_current_settings(hdev));
1085
1086 return mgmt_event(MGMT_EV_NEW_SETTINGS, hdev, &ev, sizeof(ev), skip);
1087}
1088
bd99abdd
JH		 1089struct cmd_lookup {
1090 struct sock *sk;
1091 struct hci_dev *hdev;
1092 u8 mgmt_status;
1093};
1094
1095static void settings_rsp(struct pending_cmd *cmd, void *data)
1096{
1097 struct cmd_lookup *match = data;
1098
1099 send_settings_rsp(cmd->sk, cmd->opcode, match->hdev);
1100
1101 list_del(&cmd->list);
1102
1103 if (match->sk == NULL) {
1104 match->sk = cmd->sk;
1105 sock_hold(match->sk);
1106 }
1107
1108 mgmt_pending_free(cmd);
1109}
1110
1111static void cmd_status_rsp(struct pending_cmd *cmd, void *data)
1112{
1113 u8 *status = data;
1114
1115 cmd_status(cmd->sk, cmd->index, cmd->opcode, *status);
1116 mgmt_pending_remove(cmd);
1117}
1118
e6fe7986
JH		 1119static u8 mgmt_bredr_support(struct hci_dev *hdev)
1120{
1121 if (!lmp_bredr_capable(hdev))
1122 return MGMT_STATUS_NOT_SUPPORTED;
1123 else if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
1124 return MGMT_STATUS_REJECTED;
1125 else
1126 return MGMT_STATUS_SUCCESS;
1127}
1128
1129static u8 mgmt_le_support(struct hci_dev *hdev)
1130{
1131 if (!lmp_le_capable(hdev))
1132 return MGMT_STATUS_NOT_SUPPORTED;
1133 else if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
1134 return MGMT_STATUS_REJECTED;
1135 else
1136 return MGMT_STATUS_SUCCESS;
1137}
1138
bfaf8c9f
JH		 1139static void set_discoverable_complete(struct hci_dev *hdev, u8 status)
1140{
1141 struct pending_cmd *cmd;
1142 struct mgmt_mode *cp;
970ba524 1143 struct hci_request req;
bfaf8c9f
JH		 1144 bool changed;
1145
1146 BT_DBG("status 0x%02x", status);
1147
1148 hci_dev_lock(hdev);
1149
1150 cmd = mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev);
1151 if (!cmd)
1152 goto unlock;
1153
1154 if (status) {
1155 u8 mgmt_err = mgmt_status(status);
1156 cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
310a3d48 1157 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
bfaf8c9f
JH		 1158 goto remove_cmd;
1159 }
1160
1161 cp = cmd->param;
d4462a07 1162 if (cp->val) {
bfaf8c9f
JH		 1163 changed = !test_and_set_bit(HCI_DISCOVERABLE,
1164 &hdev->dev_flags);
d4462a07
MH		 1165
1166 if (hdev->discov_timeout > 0) {
1167 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
1168 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
1169 to);
1170 }
1171 } else {
bfaf8c9f
JH		 1172 changed = test_and_clear_bit(HCI_DISCOVERABLE,
1173 &hdev->dev_flags);
d4462a07 1174 }
bfaf8c9f
JH		 1175
1176 send_settings_rsp(cmd->sk, MGMT_OP_SET_DISCOVERABLE, hdev);
1177
1178 if (changed)
1179 new_settings(hdev, cmd->sk);
1180
970ba524
MH		 1181 /* When the discoverable mode gets changed, make sure
1182 * that class of device has the limited discoverable
1183 * bit correctly set.
1184 */
1185 hci_req_init(&req, hdev);
1186 update_class(&req);
1187 hci_req_run(&req, NULL);
1188
bfaf8c9f
JH		 1189remove_cmd:
1190 mgmt_pending_remove(cmd);
1191
1192unlock:
1193 hci_dev_unlock(hdev);
1194}
1195
bdb6d971 1196static int set_discoverable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1197 u16 len)
73f22f62 1198{
650f726d 1199 struct mgmt_cp_set_discoverable *cp = data;
366a0336 1200 struct pending_cmd *cmd;
bfaf8c9f 1201 struct hci_request req;
5e5282bb 1202 u16 timeout;
9a43e25f 1203 u8 scan;
73f22f62
JH		 1204 int err;
1205
bdb6d971 1206 BT_DBG("request for %s", hdev->name);
73f22f62 1207
9a43e25f
JH		 1208 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags) &&
1209 !test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
33c525c0 1210 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
9a43e25f 1211 MGMT_STATUS_REJECTED);
33c525c0 1212
310a3d48 1213 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
a7e80f25
JH		 1214 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1215 MGMT_STATUS_INVALID_PARAMS);
1216
1f350c87 1217 timeout = __le16_to_cpu(cp->timeout);
310a3d48
MH		 1218
1219 /* Disabling discoverable requires that no timeout is set,
1220 * and enabling limited discoverable requires a timeout.
1221 */
1222 if ((cp->val == 0x00 && timeout > 0) ||
1223 (cp->val == 0x02 && timeout == 0))
bdb6d971 1224 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 1225 MGMT_STATUS_INVALID_PARAMS);
73f22f62 1226
09fd0de5 1227 hci_dev_lock(hdev);
73f22f62 1228
5e5282bb 1229 if (!hdev_is_powered(hdev) && timeout > 0) {
bdb6d971 1230 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 1231 MGMT_STATUS_NOT_POWERED);
73f22f62
JH		 1232 goto failed;
1233 }
1234
2e58ef3e 1235 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
8ce8e2b5 1236 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
bdb6d971 1237 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 1238 MGMT_STATUS_BUSY);
73f22f62
JH		 1239 goto failed;
1240 }
1241
5e5282bb 1242 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags)) {
bdb6d971 1243 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 1244 MGMT_STATUS_REJECTED);
5e5282bb
JH		 1245 goto failed;
1246 }
1247
1248 if (!hdev_is_powered(hdev)) {
0224d2fa
JH		 1249 bool changed = false;
1250
310a3d48
MH		 1251 /* Setting limited discoverable when powered off is
1252 * not a valid operation since it requires a timeout
1253 * and so no need to check HCI_LIMITED_DISCOVERABLE.
1254 */
0224d2fa
JH		 1255 if (!!cp->val != test_bit(HCI_DISCOVERABLE, &hdev->dev_flags)) {
1256 change_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
1257 changed = true;
1258 }
1259
5e5282bb 1260 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
0224d2fa
JH		 1261 if (err < 0)
1262 goto failed;
1263
1264 if (changed)
1265 err = new_settings(hdev, sk);
1266
5e5282bb
JH		 1267 goto failed;
1268 }
1269
310a3d48
MH		 1270 /* If the current mode is the same, then just update the timeout
1271 * value with the new value. And if only the timeout gets updated,
1272 * then no need for any HCI transactions.
1273 */
1274 if (!!cp->val == test_bit(HCI_DISCOVERABLE, &hdev->dev_flags) &&
1275 (cp->val == 0x02) == test_bit(HCI_LIMITED_DISCOVERABLE,
1276 &hdev->dev_flags)) {
36261547
MH		 1277 cancel_delayed_work(&hdev->discov_off);
1278 hdev->discov_timeout = timeout;
955638ec 1279
36261547
MH		 1280 if (cp->val && hdev->discov_timeout > 0) {
1281 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
955638ec 1282 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
36261547 1283 to);
955638ec
MH		 1284 }
1285
69ab39ea 1286 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
73f22f62
JH		 1287 goto failed;
1288 }
1289
2e58ef3e 1290 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DISCOVERABLE, hdev, data, len);
366a0336
JH		 1291 if (!cmd) {
1292 err = -ENOMEM;
73f22f62 1293 goto failed;
366a0336 1294 }
73f22f62 1295
310a3d48
MH		 1296 /* Cancel any potential discoverable timeout that might be
1297 * still active and store new timeout value. The arming of
1298 * the timeout happens in the complete handler.
1299 */
1300 cancel_delayed_work(&hdev->discov_off);
1301 hdev->discov_timeout = timeout;
1302
b456f87c
JH		 1303 /* Limited discoverable mode */
1304 if (cp->val == 0x02)
1305 set_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
1306 else
1307 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
1308
bfaf8c9f
JH		 1309 hci_req_init(&req, hdev);
1310
9a43e25f
JH		 1311 /* The procedure for LE-only controllers is much simpler - just
1312 * update the advertising data.
1313 */
1314 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
1315 goto update_ad;
1316
73f22f62
JH		 1317 scan = SCAN_PAGE;
1318
310a3d48
MH		 1319 if (cp->val) {
1320 struct hci_cp_write_current_iac_lap hci_cp;
1321
1322 if (cp->val == 0x02) {
1323 /* Limited discoverable mode */
33337dcb 1324 hci_cp.num_iac = min_t(u8, hdev->num_iac, 2);
310a3d48
MH		 1325 hci_cp.iac_lap[0] = 0x00; /* LIAC */
1326 hci_cp.iac_lap[1] = 0x8b;
1327 hci_cp.iac_lap[2] = 0x9e;
1328 hci_cp.iac_lap[3] = 0x33; /* GIAC */
1329 hci_cp.iac_lap[4] = 0x8b;
1330 hci_cp.iac_lap[5] = 0x9e;
1331 } else {
1332 /* General discoverable mode */
310a3d48
MH		 1333 hci_cp.num_iac = 1;
1334 hci_cp.iac_lap[0] = 0x33; /* GIAC */
1335 hci_cp.iac_lap[1] = 0x8b;
1336 hci_cp.iac_lap[2] = 0x9e;
1337 }
1338
1339 hci_req_add(&req, HCI_OP_WRITE_CURRENT_IAC_LAP,
1340 (hci_cp.num_iac * 3) + 1, &hci_cp);
1341
73f22f62 1342 scan |= SCAN_INQUIRY;
310a3d48
MH		 1343 } else {
1344 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
1345 }
73f22f62 1346
310a3d48 1347 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, sizeof(scan), &scan);
bfaf8c9f 1348
9a43e25f
JH		 1349update_ad:
1350 update_adv_data(&req);
1351
bfaf8c9f 1352 err = hci_req_run(&req, set_discoverable_complete);
73f22f62 1353 if (err < 0)
a664b5bc 1354 mgmt_pending_remove(cmd);
73f22f62
JH		 1355
1356failed:
09fd0de5 1357 hci_dev_unlock(hdev);
73f22f62
JH		 1358 return err;
1359}
1360
406d7804
JH		 1361static void write_fast_connectable(struct hci_request *req, bool enable)
1362{
bd98b996 1363 struct hci_dev *hdev = req->hdev;
406d7804
JH		 1364 struct hci_cp_write_page_scan_activity acp;
1365 u8 type;
1366
547003b1
JH		 1367 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
1368 return;
1369
4c01f8b8
JH		 1370 if (hdev->hci_ver < BLUETOOTH_VER_1_2)
1371 return;
1372
406d7804
JH		 1373 if (enable) {
1374 type = PAGE_SCAN_TYPE_INTERLACED;
1375
1376 /* 160 msec page scan interval */
1377 acp.interval = __constant_cpu_to_le16(0x0100);
1378 } else {
1379 type = PAGE_SCAN_TYPE_STANDARD; /* default */
1380
1381 /* default 1.28 sec page scan */
1382 acp.interval = __constant_cpu_to_le16(0x0800);
1383 }
1384
1385 acp.window = __constant_cpu_to_le16(0x0012);
1386
bd98b996
JH		 1387 if (__cpu_to_le16(hdev->page_scan_interval) != acp.interval ||
1388 __cpu_to_le16(hdev->page_scan_window) != acp.window)
1389 hci_req_add(req, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY,
1390 sizeof(acp), &acp);
1391
1392 if (hdev->page_scan_type != type)
1393 hci_req_add(req, HCI_OP_WRITE_PAGE_SCAN_TYPE, 1, &type);
406d7804
JH		 1394}
1395
2b76f453
JH		 1396static void set_connectable_complete(struct hci_dev *hdev, u8 status)
1397{
1398 struct pending_cmd *cmd;
d7b856f9
JH		 1399 struct mgmt_mode *cp;
1400 bool changed;
2b76f453
JH		 1401
1402 BT_DBG("status 0x%02x", status);
1403
1404 hci_dev_lock(hdev);
1405
1406 cmd = mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
1407 if (!cmd)
1408 goto unlock;
1409
37438c1f
JH		 1410 if (status) {
1411 u8 mgmt_err = mgmt_status(status);
1412 cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
1413 goto remove_cmd;
1414 }
1415
d7b856f9
JH		 1416 cp = cmd->param;
1417 if (cp->val)
1418 changed = !test_and_set_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1419 else
1420 changed = test_and_clear_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1421
2b76f453
JH		 1422 send_settings_rsp(cmd->sk, MGMT_OP_SET_CONNECTABLE, hdev);
1423
d7b856f9
JH		 1424 if (changed)
1425 new_settings(hdev, cmd->sk);
1426
37438c1f 1427remove_cmd:
2b76f453
JH		 1428 mgmt_pending_remove(cmd);
1429
1430unlock:
1431 hci_dev_unlock(hdev);
1432}
1433
e8ba3a1f
JH		 1434static int set_connectable_update_settings(struct hci_dev *hdev,
1435 struct sock *sk, u8 val)
1436{
1437 bool changed = false;
1438 int err;
1439
1440 if (!!val != test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
1441 changed = true;
1442
1443 if (val) {
1444 set_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1445 } else {
1446 clear_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1447 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
1448 }
1449
1450 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
1451 if (err < 0)
1452 return err;
1453
1454 if (changed)
1455 return new_settings(hdev, sk);
1456
1457 return 0;
1458}
1459
bdb6d971 1460static int set_connectable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1461 u16 len)
9fbcbb45 1462{
650f726d 1463 struct mgmt_mode *cp = data;
366a0336 1464 struct pending_cmd *cmd;
2b76f453 1465 struct hci_request req;
1987fdc7 1466 u8 scan;
9fbcbb45
JH		 1467 int err;
1468
bdb6d971 1469 BT_DBG("request for %s", hdev->name);
9fbcbb45 1470
1987fdc7
JH		 1471 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags) &&
1472 !test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
33c525c0 1473 return cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1987fdc7 1474 MGMT_STATUS_REJECTED);
33c525c0 1475
a7e80f25
JH		 1476 if (cp->val != 0x00 && cp->val != 0x01)
1477 return cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1478 MGMT_STATUS_INVALID_PARAMS);
1479
09fd0de5 1480 hci_dev_lock(hdev);
9fbcbb45 1481
4b34ee78 1482 if (!hdev_is_powered(hdev)) {
e8ba3a1f 1483 err = set_connectable_update_settings(hdev, sk, cp->val);
9fbcbb45
JH		 1484 goto failed;
1485 }
1486
2e58ef3e 1487 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
8ce8e2b5 1488 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
bdb6d971 1489 err = cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
04124681 1490 MGMT_STATUS_BUSY);
9fbcbb45
JH		 1491 goto failed;
1492 }
1493
2e58ef3e 1494 cmd = mgmt_pending_add(sk, MGMT_OP_SET_CONNECTABLE, hdev, data, len);
366a0336
JH		 1495 if (!cmd) {
1496 err = -ENOMEM;
9fbcbb45 1497 goto failed;
366a0336 1498 }
9fbcbb45 1499
9b74246f 1500 hci_req_init(&req, hdev);
9fbcbb45 1501
9a43e25f
JH		 1502 /* If BR/EDR is not enabled and we disable advertising as a
1503 * by-product of disabling connectable, we need to update the
1504 * advertising flags.
1505 */
1506 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
1507 if (!cp->val) {
1508 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
1509 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
1510 }
1511 update_adv_data(&req);
1512 } else if (cp->val != test_bit(HCI_PSCAN, &hdev->flags)) {
9b74246f
JH		 1513 if (cp->val) {
1514 scan = SCAN_PAGE;
1515 } else {
1516 scan = 0;
1517
1518 if (test_bit(HCI_ISCAN, &hdev->flags) &&
8d6083fe 1519 hdev->discov_timeout > 0)
9b74246f
JH		 1520 cancel_delayed_work(&hdev->discov_off);
1521 }
2b76f453 1522
9b74246f
JH		 1523 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1524 }
2b76f453 1525
4c01f8b8
JH		 1526 /* If we're going from non-connectable to connectable or
1527 * vice-versa when fast connectable is enabled ensure that fast
1528 * connectable gets disabled. write_fast_connectable won't do
1529 * anything if the page scan parameters are already what they
1530 * should be.
1531 */
1532 if (cp->val || test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags))
e36a3769
JH		 1533 write_fast_connectable(&req, false);
1534
1987fdc7
JH		 1535 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags) &&
1536 hci_conn_num(hdev, LE_LINK) == 0) {
1537 disable_advertising(&req);
1538 enable_advertising(&req);
1539 }
1540
2b76f453 1541 err = hci_req_run(&req, set_connectable_complete);
9b74246f 1542 if (err < 0) {
a664b5bc 1543 mgmt_pending_remove(cmd);
9b74246f 1544 if (err == -ENODATA)
a81070ba
JH		 1545 err = set_connectable_update_settings(hdev, sk,
1546 cp->val);
9b74246f
JH		 1547 goto failed;
1548 }
9fbcbb45
JH		 1549
1550failed:
09fd0de5 1551 hci_dev_unlock(hdev);
9fbcbb45
JH		 1552 return err;
1553}
1554
bdb6d971 1555static int set_pairable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1556 u16 len)
c542a06c 1557{
650f726d 1558 struct mgmt_mode *cp = data;
55594356 1559 bool changed;
c542a06c
JH		 1560 int err;
1561
bdb6d971 1562 BT_DBG("request for %s", hdev->name);
c542a06c 1563
a7e80f25
JH		 1564 if (cp->val != 0x00 && cp->val != 0x01)
1565 return cmd_status(sk, hdev->id, MGMT_OP_SET_PAIRABLE,
1566 MGMT_STATUS_INVALID_PARAMS);
1567
09fd0de5 1568 hci_dev_lock(hdev);
c542a06c
JH		 1569
1570 if (cp->val)
55594356 1571 changed = !test_and_set_bit(HCI_PAIRABLE, &hdev->dev_flags);
c542a06c 1572 else
55594356 1573 changed = test_and_clear_bit(HCI_PAIRABLE, &hdev->dev_flags);
c542a06c 1574
69ab39ea 1575 err = send_settings_rsp(sk, MGMT_OP_SET_PAIRABLE, hdev);
c542a06c 1576 if (err < 0)
55594356 1577 goto unlock;
c542a06c 1578
55594356
MH		 1579 if (changed)
1580 err = new_settings(hdev, sk);
c542a06c 1581
55594356 1582unlock:
09fd0de5 1583 hci_dev_unlock(hdev);
c542a06c
JH		 1584 return err;
1585}
1586
04124681
GP		 1587static int set_link_security(struct sock *sk, struct hci_dev *hdev, void *data,
1588 u16 len)
33ef95ed
JH		 1589{
1590 struct mgmt_mode *cp = data;
1591 struct pending_cmd *cmd;
e6fe7986 1592 u8 val, status;
33ef95ed
JH		 1593 int err;
1594
bdb6d971 1595 BT_DBG("request for %s", hdev->name);
33ef95ed 1596
e6fe7986
JH		 1597 status = mgmt_bredr_support(hdev);
1598 if (status)
33c525c0 1599 return cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
e6fe7986 1600 status);
33c525c0 1601
a7e80f25
JH		 1602 if (cp->val != 0x00 && cp->val != 0x01)
1603 return cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1604 MGMT_STATUS_INVALID_PARAMS);
1605
33ef95ed
JH		 1606 hci_dev_lock(hdev);
1607
4b34ee78 1608 if (!hdev_is_powered(hdev)) {
47990ea0
JH		 1609 bool changed = false;
1610
1611 if (!!cp->val != test_bit(HCI_LINK_SECURITY,
8ce8e2b5 1612 &hdev->dev_flags)) {
47990ea0
JH		 1613 change_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
1614 changed = true;
1615 }
1616
1617 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1618 if (err < 0)
1619 goto failed;
1620
1621 if (changed)
1622 err = new_settings(hdev, sk);
1623
33ef95ed
JH		 1624 goto failed;
1625 }
1626
1627 if (mgmt_pending_find(MGMT_OP_SET_LINK_SECURITY, hdev)) {
bdb6d971 1628 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
04124681 1629 MGMT_STATUS_BUSY);
33ef95ed
JH		 1630 goto failed;
1631 }
1632
1633 val = !!cp->val;
1634
1635 if (test_bit(HCI_AUTH, &hdev->flags) == val) {
1636 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1637 goto failed;
1638 }
1639
1640 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LINK_SECURITY, hdev, data, len);
1641 if (!cmd) {
1642 err = -ENOMEM;
1643 goto failed;
1644 }
1645
1646 err = hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE, sizeof(val), &val);
1647 if (err < 0) {
1648 mgmt_pending_remove(cmd);
1649 goto failed;
1650 }
1651
1652failed:
1653 hci_dev_unlock(hdev);
33ef95ed
JH		 1654 return err;
1655}
1656
bdb6d971 1657static int set_ssp(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
ed2c4ee3
JH		 1658{
1659 struct mgmt_mode *cp = data;
1660 struct pending_cmd *cmd;
72ef0c1a 1661 u8 status;
ed2c4ee3
JH		 1662 int err;
1663
bdb6d971 1664 BT_DBG("request for %s", hdev->name);
ed2c4ee3 1665
cdba5281
MH		 1666 status = mgmt_bredr_support(hdev);
1667 if (status)
1668 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP, status);
1669
13ecd8b6
JH		 1670 if (!lmp_ssp_capable(hdev))
1671 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1672 MGMT_STATUS_NOT_SUPPORTED);
ed2c4ee3 1673
a7e80f25
JH		 1674 if (cp->val != 0x00 && cp->val != 0x01)
1675 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1676 MGMT_STATUS_INVALID_PARAMS);
1677
13ecd8b6 1678 hci_dev_lock(hdev);
6c8f12c1 1679
4b34ee78 1680 if (!hdev_is_powered(hdev)) {
9ecb3e24 1681 bool changed;
c0ecddc2 1682
9ecb3e24
MH		 1683 if (cp->val) {
1684 changed = !test_and_set_bit(HCI_SSP_ENABLED,
1685 &hdev->dev_flags);
1686 } else {
1687 changed = test_and_clear_bit(HCI_SSP_ENABLED,
1688 &hdev->dev_flags);
1689 if (!changed)
1690 changed = test_and_clear_bit(HCI_HS_ENABLED,
1691 &hdev->dev_flags);
1692 else
1693 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
c0ecddc2
JH		 1694 }
1695
1696 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1697 if (err < 0)
1698 goto failed;
1699
1700 if (changed)
1701 err = new_settings(hdev, sk);
1702
ed2c4ee3
JH		 1703 goto failed;
1704 }
1705
9ecb3e24
MH		 1706 if (mgmt_pending_find(MGMT_OP_SET_SSP, hdev) ||
1707 mgmt_pending_find(MGMT_OP_SET_HS, hdev)) {
d97dcb66
SJ		 1708 err = cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1709 MGMT_STATUS_BUSY);
ed2c4ee3
JH		 1710 goto failed;
1711 }
1712
72ef0c1a 1713 if (!!cp->val == test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) {
ed2c4ee3
JH		 1714 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1715 goto failed;
1716 }
1717
1718 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SSP, hdev, data, len);
1719 if (!cmd) {
1720 err = -ENOMEM;
1721 goto failed;
1722 }
1723
72ef0c1a 1724 err = hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, 1, &cp->val);
ed2c4ee3
JH		 1725 if (err < 0) {
1726 mgmt_pending_remove(cmd);
1727 goto failed;
1728 }
1729
1730failed:
1731 hci_dev_unlock(hdev);
ed2c4ee3
JH		 1732 return err;
1733}
1734
bdb6d971 1735static int set_hs(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
6d80dfd0
JH		 1736{
1737 struct mgmt_mode *cp = data;
ee392693 1738 bool changed;
e6fe7986 1739 u8 status;
ee392693 1740 int err;
6d80dfd0 1741
bdb6d971 1742 BT_DBG("request for %s", hdev->name);
6d80dfd0 1743
e6fe7986
JH		 1744 status = mgmt_bredr_support(hdev);
1745 if (status)
1746 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS, status);
6d80dfd0 1747
9ecb3e24
MH		 1748 if (!lmp_ssp_capable(hdev))
1749 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1750 MGMT_STATUS_NOT_SUPPORTED);
1751
1752 if (!test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
1753 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1754 MGMT_STATUS_REJECTED);
1755
a7e80f25
JH		 1756 if (cp->val != 0x00 && cp->val != 0x01)
1757 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1758 MGMT_STATUS_INVALID_PARAMS);
1759
ee392693
MH		 1760 hci_dev_lock(hdev);
1761
a0cdf960 1762 if (cp->val) {
ee392693 1763 changed = !test_and_set_bit(HCI_HS_ENABLED, &hdev->dev_flags);
a0cdf960
MH		 1764 } else {
1765 if (hdev_is_powered(hdev)) {
1766 err = cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1767 MGMT_STATUS_REJECTED);
1768 goto unlock;
1769 }
1770
ee392693 1771 changed = test_and_clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
a0cdf960 1772 }
ee392693
MH		 1773
1774 err = send_settings_rsp(sk, MGMT_OP_SET_HS, hdev);
1775 if (err < 0)
1776 goto unlock;
1777
1778 if (changed)
1779 err = new_settings(hdev, sk);
6d80dfd0 1780
ee392693
MH		 1781unlock:
1782 hci_dev_unlock(hdev);
1783 return err;
6d80dfd0
JH		 1784}
1785
416a4ae5
JH		 1786static void le_enable_complete(struct hci_dev *hdev, u8 status)
1787{
1788 struct cmd_lookup match = { NULL, hdev };
1789
1790 if (status) {
1791 u8 mgmt_err = mgmt_status(status);
1792
1793 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, cmd_status_rsp,
1794 &mgmt_err);
1795 return;
1796 }
1797
1798 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, settings_rsp, &match);
1799
1800 new_settings(hdev, match.sk);
1801
1802 if (match.sk)
1803 sock_put(match.sk);
441ad2d0
MH		 1804
1805 /* Make sure the controller has a good default for
1806 * advertising data. Restrict the update to when LE
1807 * has actually been enabled. During power on, the
1808 * update in powered_update_hci will take care of it.
1809 */
1810 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
1811 struct hci_request req;
1812
1813 hci_dev_lock(hdev);
1814
1815 hci_req_init(&req, hdev);
5947f4bc 1816 update_adv_data(&req);
f14d8f64 1817 update_scan_rsp_data(&req);
441ad2d0
MH		 1818 hci_req_run(&req, NULL);
1819
1820 hci_dev_unlock(hdev);
1821 }
416a4ae5
JH		 1822}
1823
bdb6d971 1824static int set_le(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
06199cf8
JH		 1825{
1826 struct mgmt_mode *cp = data;
1827 struct hci_cp_write_le_host_supported hci_cp;
1828 struct pending_cmd *cmd;
416a4ae5 1829 struct hci_request req;
06199cf8 1830 int err;
0b60eba1 1831 u8 val, enabled;
06199cf8 1832
bdb6d971 1833 BT_DBG("request for %s", hdev->name);
06199cf8 1834
13ecd8b6
JH		 1835 if (!lmp_le_capable(hdev))
1836 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1837 MGMT_STATUS_NOT_SUPPORTED);
1de028ce 1838
a7e80f25
JH		 1839 if (cp->val != 0x00 && cp->val != 0x01)
1840 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1841 MGMT_STATUS_INVALID_PARAMS);
1842
c73eee91 1843 /* LE-only devices do not allow toggling LE on/off */
56f87901 1844 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
c73eee91
JH		 1845 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1846 MGMT_STATUS_REJECTED);
1847
13ecd8b6 1848 hci_dev_lock(hdev);
06199cf8
JH		 1849
1850 val = !!cp->val;
ffa88e02 1851 enabled = lmp_host_le_capable(hdev);
06199cf8 1852
0b60eba1 1853 if (!hdev_is_powered(hdev) || val == enabled) {
06199cf8
JH		 1854 bool changed = false;
1855
1856 if (val != test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
1857 change_bit(HCI_LE_ENABLED, &hdev->dev_flags);
1858 changed = true;
1859 }
1860
f3d3444a
JH		 1861 if (!val && test_bit(HCI_ADVERTISING, &hdev->dev_flags)) {
1862 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
eeca6f89
JH		 1863 changed = true;
1864 }
1865
06199cf8
JH		 1866 err = send_settings_rsp(sk, MGMT_OP_SET_LE, hdev);
1867 if (err < 0)
1de028ce 1868 goto unlock;
06199cf8
JH		 1869
1870 if (changed)
1871 err = new_settings(hdev, sk);
1872
1de028ce 1873 goto unlock;
06199cf8
JH		 1874 }
1875
4375f103
JH		 1876 if (mgmt_pending_find(MGMT_OP_SET_LE, hdev) ||
1877 mgmt_pending_find(MGMT_OP_SET_ADVERTISING, hdev)) {
bdb6d971 1878 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
04124681 1879 MGMT_STATUS_BUSY);
1de028ce 1880 goto unlock;
06199cf8
JH		 1881 }
1882
1883 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LE, hdev, data, len);
1884 if (!cmd) {
1885 err = -ENOMEM;
1de028ce 1886 goto unlock;
06199cf8
JH		 1887 }
1888
441ad2d0
MH		 1889 hci_req_init(&req, hdev);
1890
06199cf8
JH		 1891 memset(&hci_cp, 0, sizeof(hci_cp));
1892
1893 if (val) {
1894 hci_cp.le = val;
ffa88e02 1895 hci_cp.simul = lmp_le_br_capable(hdev);
441ad2d0
MH		 1896 } else {
1897 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags))
1898 disable_advertising(&req);
06199cf8
JH		 1899 }
1900
416a4ae5
JH		 1901 hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(hci_cp),
1902 &hci_cp);
1903
1904 err = hci_req_run(&req, le_enable_complete);
0c01bc48 1905 if (err < 0)
06199cf8 1906 mgmt_pending_remove(cmd);
06199cf8 1907
1de028ce
JH		 1908unlock:
1909 hci_dev_unlock(hdev);
06199cf8
JH		 1910 return err;
1911}
1912
0cab9c80
JH		 1913/* This is a helper function to test for pending mgmt commands that can
1914 * cause CoD or EIR HCI commands. We can only allow one such pending
1915 * mgmt command at a time since otherwise we cannot easily track what
1916 * the current values are, will be, and based on that calculate if a new
1917 * HCI command needs to be sent and if yes with what value.
1918 */
1919static bool pending_eir_or_class(struct hci_dev *hdev)
1920{
1921 struct pending_cmd *cmd;
1922
1923 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
1924 switch (cmd->opcode) {
1925 case MGMT_OP_ADD_UUID:
1926 case MGMT_OP_REMOVE_UUID:
1927 case MGMT_OP_SET_DEV_CLASS:
1928 case MGMT_OP_SET_POWERED:
1929 return true;
1930 }
1931 }
1932
1933 return false;
1934}
1935
83be8eca
JH		 1936static const u8 bluetooth_base_uuid[] = {
1937 0xfb, 0x34, 0x9b, 0x5f, 0x80, 0x00, 0x00, 0x80,
1938 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1939};
1940
1941static u8 get_uuid_size(const u8 *uuid)
1942{
1943 u32 val;
1944
1945 if (memcmp(uuid, bluetooth_base_uuid, 12))
1946 return 128;
1947
1948 val = get_unaligned_le32(&uuid[12]);
1949 if (val > 0xffff)
1950 return 32;
1951
1952 return 16;
1953}
1954
92da6097
JH		 1955static void mgmt_class_complete(struct hci_dev *hdev, u16 mgmt_op, u8 status)
1956{
1957 struct pending_cmd *cmd;
1958
1959 hci_dev_lock(hdev);
1960
1961 cmd = mgmt_pending_find(mgmt_op, hdev);
1962 if (!cmd)
1963 goto unlock;
1964
1965 cmd_complete(cmd->sk, cmd->index, cmd->opcode, mgmt_status(status),
1966 hdev->dev_class, 3);
1967
1968 mgmt_pending_remove(cmd);
1969
1970unlock:
1971 hci_dev_unlock(hdev);
1972}
1973
1974static void add_uuid_complete(struct hci_dev *hdev, u8 status)
1975{
1976 BT_DBG("status 0x%02x", status);
1977
1978 mgmt_class_complete(hdev, MGMT_OP_ADD_UUID, status);
1979}
1980
bdb6d971 1981static int add_uuid(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
2aeb9a1a 1982{
650f726d 1983 struct mgmt_cp_add_uuid *cp = data;
90e70454 1984 struct pending_cmd *cmd;
890ea898 1985 struct hci_request req;
2aeb9a1a 1986 struct bt_uuid *uuid;
2aeb9a1a
JH		 1987 int err;
1988
bdb6d971 1989 BT_DBG("request for %s", hdev->name);
2aeb9a1a 1990
09fd0de5 1991 hci_dev_lock(hdev);
2aeb9a1a 1992
0cab9c80 1993 if (pending_eir_or_class(hdev)) {
bdb6d971 1994 err = cmd_status(sk, hdev->id, MGMT_OP_ADD_UUID,
04124681 1995 MGMT_STATUS_BUSY);
c95f0ba7
JH		 1996 goto failed;
1997 }
1998
92c4c204 1999 uuid = kmalloc(sizeof(*uuid), GFP_KERNEL);
2aeb9a1a
JH		 2000 if (!uuid) {
2001 err = -ENOMEM;
2002 goto failed;
2003 }
2004
2005 memcpy(uuid->uuid, cp->uuid, 16);
1aff6f09 2006 uuid->svc_hint = cp->svc_hint;
83be8eca 2007 uuid->size = get_uuid_size(cp->uuid);
2aeb9a1a 2008
de66aa63 2009 list_add_tail(&uuid->list, &hdev->uuids);
2aeb9a1a 2010
890ea898 2011 hci_req_init(&req, hdev);
1aff6f09 2012
890ea898
JH		 2013 update_class(&req);
2014 update_eir(&req);
2015
92da6097
JH		 2016 err = hci_req_run(&req, add_uuid_complete);
2017 if (err < 0) {
2018 if (err != -ENODATA)
2019 goto failed;
80a1e1db 2020
bdb6d971 2021 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_UUID, 0,
04124681 2022 hdev->dev_class, 3);
90e70454
JH		 2023 goto failed;
2024 }
2025
2026 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_UUID, hdev, data, len);
890ea898 2027 if (!cmd) {
90e70454 2028 err = -ENOMEM;
890ea898
JH		 2029 goto failed;
2030 }
2031
2032 err = 0;
2aeb9a1a
JH		 2033
2034failed:
09fd0de5 2035 hci_dev_unlock(hdev);
2aeb9a1a
JH		 2036 return err;
2037}
2038
24b78d0f
JH		 2039static bool enable_service_cache(struct hci_dev *hdev)
2040{
2041 if (!hdev_is_powered(hdev))
2042 return false;
2043
2044 if (!test_and_set_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
46818ed5
JH		 2045 queue_delayed_work(hdev->workqueue, &hdev->service_cache,
2046 CACHE_TIMEOUT);
24b78d0f
JH		 2047 return true;
2048 }
2049
2050 return false;
2051}
2052
92da6097
JH		 2053static void remove_uuid_complete(struct hci_dev *hdev, u8 status)
2054{
2055 BT_DBG("status 0x%02x", status);
2056
2057 mgmt_class_complete(hdev, MGMT_OP_REMOVE_UUID, status);
2058}
2059
bdb6d971 2060static int remove_uuid(struct sock *sk, struct hci_dev *hdev, void *data,
8ce8e2b5 2061 u16 len)
2aeb9a1a 2062{
650f726d 2063 struct mgmt_cp_remove_uuid *cp = data;
90e70454 2064 struct pending_cmd *cmd;
056341c8 2065 struct bt_uuid *match, *tmp;
2aeb9a1a 2066 u8 bt_uuid_any[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
890ea898 2067 struct hci_request req;
2aeb9a1a
JH		 2068 int err, found;
2069
bdb6d971 2070 BT_DBG("request for %s", hdev->name);
2aeb9a1a 2071
09fd0de5 2072 hci_dev_lock(hdev);
2aeb9a1a 2073
0cab9c80 2074 if (pending_eir_or_class(hdev)) {
bdb6d971 2075 err = cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
04124681 2076 MGMT_STATUS_BUSY);
c95f0ba7
JH		 2077 goto unlock;
2078 }
2079
2aeb9a1a 2080 if (memcmp(cp->uuid, bt_uuid_any, 16) == 0) {
35f7498a 2081 hci_uuids_clear(hdev);
4004b6d9 2082
24b78d0f 2083 if (enable_service_cache(hdev)) {
bdb6d971 2084 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID,
04124681 2085 0, hdev->dev_class, 3);
24b78d0f
JH		 2086 goto unlock;
2087 }
4004b6d9 2088
9246a869 2089 goto update_class;
2aeb9a1a
JH		 2090 }
2091
2092 found = 0;
2093
056341c8 2094 list_for_each_entry_safe(match, tmp, &hdev->uuids, list) {
2aeb9a1a
JH		 2095 if (memcmp(match->uuid, cp->uuid, 16) != 0)
2096 continue;
2097
2098 list_del(&match->list);
482049f7 2099 kfree(match);
2aeb9a1a
JH		 2100 found++;
2101 }
2102
2103 if (found == 0) {
bdb6d971 2104 err = cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
04124681 2105 MGMT_STATUS_INVALID_PARAMS);
2aeb9a1a
JH		 2106 goto unlock;
2107 }
2108
9246a869 2109update_class:
890ea898 2110 hci_req_init(&req, hdev);
1aff6f09 2111
890ea898
JH		 2112 update_class(&req);
2113 update_eir(&req);
2114
92da6097
JH		 2115 err = hci_req_run(&req, remove_uuid_complete);
2116 if (err < 0) {
2117 if (err != -ENODATA)
2118 goto unlock;
80a1e1db 2119
bdb6d971 2120 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID, 0,
04124681 2121 hdev->dev_class, 3);
90e70454
JH		 2122 goto unlock;
2123 }
2124
2125 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_UUID, hdev, data, len);
890ea898 2126 if (!cmd) {
90e70454 2127 err = -ENOMEM;
890ea898
JH		 2128 goto unlock;
2129 }
2130
2131 err = 0;
2aeb9a1a
JH		 2132
2133unlock:
09fd0de5 2134 hci_dev_unlock(hdev);
2aeb9a1a
JH		 2135 return err;
2136}
2137
92da6097
JH		 2138static void set_class_complete(struct hci_dev *hdev, u8 status)
2139{
2140 BT_DBG("status 0x%02x", status);
2141
2142 mgmt_class_complete(hdev, MGMT_OP_SET_DEV_CLASS, status);
2143}
2144
bdb6d971 2145static int set_dev_class(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2146 u16 len)
1aff6f09 2147{
650f726d 2148 struct mgmt_cp_set_dev_class *cp = data;
90e70454 2149 struct pending_cmd *cmd;
890ea898 2150 struct hci_request req;
1aff6f09
JH		 2151 int err;
2152
bdb6d971 2153 BT_DBG("request for %s", hdev->name);
1aff6f09 2154
6203fc98 2155 if (!lmp_bredr_capable(hdev))
13ecd8b6
JH		 2156 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2157 MGMT_STATUS_NOT_SUPPORTED);
1aff6f09 2158
0cab9c80 2159 hci_dev_lock(hdev);
ee98f473 2160
0cab9c80
JH		 2161 if (pending_eir_or_class(hdev)) {
2162 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2163 MGMT_STATUS_BUSY);
2164 goto unlock;
2165 }
c95f0ba7 2166
0cab9c80
JH		 2167 if ((cp->minor & 0x03) != 0 || (cp->major & 0xe0) != 0) {
2168 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2169 MGMT_STATUS_INVALID_PARAMS);
2170 goto unlock;
2171 }
575b3a02 2172
932f5ff5
JH		 2173 hdev->major_class = cp->major;
2174 hdev->minor_class = cp->minor;
2175
b5235a65 2176 if (!hdev_is_powered(hdev)) {
bdb6d971 2177 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
04124681 2178 hdev->dev_class, 3);
b5235a65
JH		 2179 goto unlock;
2180 }
2181
890ea898
JH		 2182 hci_req_init(&req, hdev);
2183
a8b2d5c2 2184 if (test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
7d78525d
JH		 2185 hci_dev_unlock(hdev);
2186 cancel_delayed_work_sync(&hdev->service_cache);
2187 hci_dev_lock(hdev);
890ea898 2188 update_eir(&req);
7d78525d 2189 }
14c0b608 2190
890ea898
JH		 2191 update_class(&req);
2192
92da6097
JH		 2193 err = hci_req_run(&req, set_class_complete);
2194 if (err < 0) {
2195 if (err != -ENODATA)
2196 goto unlock;
1aff6f09 2197
bdb6d971 2198 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
04124681 2199 hdev->dev_class, 3);
90e70454
JH		 2200 goto unlock;
2201 }
2202
2203 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DEV_CLASS, hdev, data, len);
890ea898 2204 if (!cmd) {
90e70454 2205 err = -ENOMEM;
890ea898
JH		 2206 goto unlock;
2207 }
2208
2209 err = 0;
1aff6f09 2210
b5235a65 2211unlock:
09fd0de5 2212 hci_dev_unlock(hdev);
1aff6f09
JH		 2213 return err;
2214}
2215
bdb6d971 2216static int load_link_keys(struct sock *sk, struct hci_dev *hdev, void *data,
8ce8e2b5 2217 u16 len)
55ed8ca1 2218{
650f726d 2219 struct mgmt_cp_load_link_keys *cp = data;
4e51eae9 2220 u16 key_count, expected_len;
b1de97d8 2221 bool changed;
a492cd52 2222 int i;
55ed8ca1 2223
9060d5cf
MH		 2224 BT_DBG("request for %s", hdev->name);
2225
2226 if (!lmp_bredr_capable(hdev))
2227 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2228 MGMT_STATUS_NOT_SUPPORTED);
2229
1f350c87 2230 key_count = __le16_to_cpu(cp->key_count);
55ed8ca1 2231
86742e1e
JH		 2232 expected_len = sizeof(*cp) + key_count *
2233 sizeof(struct mgmt_link_key_info);
a492cd52 2234 if (expected_len != len) {
86742e1e 2235 BT_ERR("load_link_keys: expected %u bytes, got %u bytes",
8ce8e2b5 2236 len, expected_len);
bdb6d971 2237 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
04124681 2238 MGMT_STATUS_INVALID_PARAMS);
55ed8ca1
JH		 2239 }
2240
4ae14301
JH		 2241 if (cp->debug_keys != 0x00 && cp->debug_keys != 0x01)
2242 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2243 MGMT_STATUS_INVALID_PARAMS);
2244
bdb6d971 2245 BT_DBG("%s debug_keys %u key_count %u", hdev->name, cp->debug_keys,
8ce8e2b5 2246 key_count);
55ed8ca1 2247
4ee71b20
JH		 2248 for (i = 0; i < key_count; i++) {
2249 struct mgmt_link_key_info *key = &cp->keys[i];
2250
8e991132 2251 if (key->addr.type != BDADDR_BREDR || key->type > 0x08)
4ee71b20
JH		 2252 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2253 MGMT_STATUS_INVALID_PARAMS);
2254 }
2255
09fd0de5 2256 hci_dev_lock(hdev);
55ed8ca1
JH		 2257
2258 hci_link_keys_clear(hdev);
2259
55ed8ca1 2260 if (cp->debug_keys)
b1de97d8 2261 changed = !test_and_set_bit(HCI_DEBUG_KEYS, &hdev->dev_flags);
55ed8ca1 2262 else
b1de97d8
MH		 2263 changed = test_and_clear_bit(HCI_DEBUG_KEYS, &hdev->dev_flags);
2264
2265 if (changed)
2266 new_settings(hdev, NULL);
55ed8ca1 2267
a492cd52 2268 for (i = 0; i < key_count; i++) {
86742e1e 2269 struct mgmt_link_key_info *key = &cp->keys[i];
55ed8ca1 2270
d753fdc4 2271 hci_add_link_key(hdev, NULL, 0, &key->addr.bdaddr, key->val,
04124681 2272 key->type, key->pin_len);
55ed8ca1
JH		 2273 }
2274
bdb6d971 2275 cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS, 0, NULL, 0);
0e5f875a 2276
09fd0de5 2277 hci_dev_unlock(hdev);
55ed8ca1 2278
a492cd52 2279 return 0;
55ed8ca1
JH		 2280}
2281
b1078ad0 2282static int device_unpaired(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 2283 u8 addr_type, struct sock *skip_sk)
b1078ad0
JH		 2284{
2285 struct mgmt_ev_device_unpaired ev;
2286
2287 bacpy(&ev.addr.bdaddr, bdaddr);
2288 ev.addr.type = addr_type;
2289
2290 return mgmt_event(MGMT_EV_DEVICE_UNPAIRED, hdev, &ev, sizeof(ev),
04124681 2291 skip_sk);
b1078ad0
JH		 2292}
2293
bdb6d971 2294static int unpair_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2295 u16 len)
55ed8ca1 2296{
124f6e35
JH		 2297 struct mgmt_cp_unpair_device *cp = data;
2298 struct mgmt_rp_unpair_device rp;
a8a1d19e
JH		 2299 struct hci_cp_disconnect dc;
2300 struct pending_cmd *cmd;
55ed8ca1 2301 struct hci_conn *conn;
55ed8ca1
JH		 2302 int err;
2303
a8a1d19e 2304 memset(&rp, 0, sizeof(rp));
124f6e35
JH		 2305 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2306 rp.addr.type = cp->addr.type;
a8a1d19e 2307
4ee71b20
JH		 2308 if (!bdaddr_type_is_valid(cp->addr.type))
2309 return cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2310 MGMT_STATUS_INVALID_PARAMS,
2311 &rp, sizeof(rp));
2312
118da70b
JH		 2313 if (cp->disconnect != 0x00 && cp->disconnect != 0x01)
2314 return cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2315 MGMT_STATUS_INVALID_PARAMS,
2316 &rp, sizeof(rp));
2317
4ee71b20
JH		 2318 hci_dev_lock(hdev);
2319
86a8cfc6 2320 if (!hdev_is_powered(hdev)) {
bdb6d971 2321 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
04124681 2322 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
86a8cfc6
JH		 2323 goto unlock;
2324 }
2325
e0b2b27e 2326 if (cp->addr.type == BDADDR_BREDR) {
124f6e35 2327 err = hci_remove_link_key(hdev, &cp->addr.bdaddr);
e0b2b27e
JH		 2328 } else {
2329 u8 addr_type;
2330
2331 if (cp->addr.type == BDADDR_LE_PUBLIC)
2332 addr_type = ADDR_LE_DEV_PUBLIC;
2333 else
2334 addr_type = ADDR_LE_DEV_RANDOM;
2335
a7ec7338
JH		 2336 hci_remove_irk(hdev, &cp->addr.bdaddr, addr_type);
2337
e0b2b27e
JH		 2338 err = hci_remove_ltk(hdev, &cp->addr.bdaddr, addr_type);
2339 }
b0dbfb46 2340
55ed8ca1 2341 if (err < 0) {
bdb6d971 2342 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
04124681 2343 MGMT_STATUS_NOT_PAIRED, &rp, sizeof(rp));
55ed8ca1
JH		 2344 goto unlock;
2345 }
2346
86a8cfc6 2347 if (cp->disconnect) {
591f47f3 2348 if (cp->addr.type == BDADDR_BREDR)
86a8cfc6 2349 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
8ce8e2b5 2350 &cp->addr.bdaddr);
86a8cfc6
JH		 2351 else
2352 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK,
8ce8e2b5 2353 &cp->addr.bdaddr);
86a8cfc6
JH		 2354 } else {
2355 conn = NULL;
2356 }
124f6e35 2357
a8a1d19e 2358 if (!conn) {
bdb6d971 2359 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE, 0,
04124681 2360 &rp, sizeof(rp));
b1078ad0 2361 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, sk);
a8a1d19e
JH		 2362 goto unlock;
2363 }
55ed8ca1 2364
124f6e35 2365 cmd = mgmt_pending_add(sk, MGMT_OP_UNPAIR_DEVICE, hdev, cp,
04124681 2366 sizeof(*cp));
a8a1d19e
JH		 2367 if (!cmd) {
2368 err = -ENOMEM;
2369 goto unlock;
55ed8ca1
JH		 2370 }
2371
eb55ef07 2372 dc.handle = cpu_to_le16(conn->handle);
a8a1d19e
JH		 2373 dc.reason = 0x13; /* Remote User Terminated Connection */
2374 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
2375 if (err < 0)
2376 mgmt_pending_remove(cmd);
2377
55ed8ca1 2378unlock:
09fd0de5 2379 hci_dev_unlock(hdev);
55ed8ca1
JH		 2380 return err;
2381}
2382
bdb6d971 2383static int disconnect(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2384 u16 len)
8962ee74 2385{
650f726d 2386 struct mgmt_cp_disconnect *cp = data;
06a63b19 2387 struct mgmt_rp_disconnect rp;
8962ee74 2388 struct hci_cp_disconnect dc;
366a0336 2389 struct pending_cmd *cmd;
8962ee74 2390 struct hci_conn *conn;
8962ee74
JH		 2391 int err;
2392
2393 BT_DBG("");
2394
06a63b19
JH		 2395 memset(&rp, 0, sizeof(rp));
2396 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2397 rp.addr.type = cp->addr.type;
2398
4ee71b20 2399 if (!bdaddr_type_is_valid(cp->addr.type))
06a63b19
JH		 2400 return cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2401 MGMT_STATUS_INVALID_PARAMS,
2402 &rp, sizeof(rp));
4ee71b20 2403
09fd0de5 2404 hci_dev_lock(hdev);
8962ee74
JH		 2405
2406 if (!test_bit(HCI_UP, &hdev->flags)) {
06a63b19
JH		 2407 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2408 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
8962ee74
JH		 2409 goto failed;
2410 }
2411
2e58ef3e 2412 if (mgmt_pending_find(MGMT_OP_DISCONNECT, hdev)) {
06a63b19
JH		 2413 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2414 MGMT_STATUS_BUSY, &rp, sizeof(rp));
8962ee74
JH		 2415 goto failed;
2416 }
2417
591f47f3 2418 if (cp->addr.type == BDADDR_BREDR)
8fc9ced3
GP		 2419 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
2420 &cp->addr.bdaddr);
88c3df13
JH		 2421 else
2422 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
365227e5 2423
f960727e 2424 if (!conn || conn->state == BT_OPEN || conn->state == BT_CLOSED) {
06a63b19
JH		 2425 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2426 MGMT_STATUS_NOT_CONNECTED, &rp, sizeof(rp));
8962ee74
JH		 2427 goto failed;
2428 }
2429
2e58ef3e 2430 cmd = mgmt_pending_add(sk, MGMT_OP_DISCONNECT, hdev, data, len);
366a0336
JH		 2431 if (!cmd) {
2432 err = -ENOMEM;
8962ee74 2433 goto failed;
366a0336 2434 }
8962ee74 2435
eb55ef07 2436 dc.handle = cpu_to_le16(conn->handle);
3701f944 2437 dc.reason = HCI_ERROR_REMOTE_USER_TERM;
8962ee74
JH		 2438
2439 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
2440 if (err < 0)
a664b5bc 2441 mgmt_pending_remove(cmd);
8962ee74
JH		 2442
2443failed:
09fd0de5 2444 hci_dev_unlock(hdev);
8962ee74
JH		 2445 return err;
2446}
2447
57c1477c 2448static u8 link_to_bdaddr(u8 link_type, u8 addr_type)
4c659c39
JH		 2449{
2450 switch (link_type) {
2451 case LE_LINK:
48264f06
JH		 2452 switch (addr_type) {
2453 case ADDR_LE_DEV_PUBLIC:
591f47f3 2454 return BDADDR_LE_PUBLIC;
0ed09148 2455
48264f06 2456 default:
0ed09148 2457 /* Fallback to LE Random address type */
591f47f3 2458 return BDADDR_LE_RANDOM;
48264f06 2459 }
0ed09148 2460
4c659c39 2461 default:
0ed09148 2462 /* Fallback to BR/EDR type */
591f47f3 2463 return BDADDR_BREDR;
4c659c39
JH		 2464 }
2465}
2466
04124681
GP		 2467static int get_connections(struct sock *sk, struct hci_dev *hdev, void *data,
2468 u16 data_len)
2784eb41 2469{
2784eb41 2470 struct mgmt_rp_get_connections *rp;
8035ded4 2471 struct hci_conn *c;
a38528f1 2472 size_t rp_len;
60fc5fb6
JH		 2473 int err;
2474 u16 i;
2784eb41
JH		 2475
2476 BT_DBG("");
2477
09fd0de5 2478 hci_dev_lock(hdev);
2784eb41 2479
5f97c1df 2480 if (!hdev_is_powered(hdev)) {
bdb6d971 2481 err = cmd_status(sk, hdev->id, MGMT_OP_GET_CONNECTIONS,
04124681 2482 MGMT_STATUS_NOT_POWERED);
5f97c1df
JH		 2483 goto unlock;
2484 }
2485
60fc5fb6 2486 i = 0;
b644ba33
JH		 2487 list_for_each_entry(c, &hdev->conn_hash.list, list) {
2488 if (test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
60fc5fb6 2489 i++;
2784eb41
JH		 2490 }
2491
60fc5fb6 2492 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
92c4c204 2493 rp = kmalloc(rp_len, GFP_KERNEL);
a38528f1 2494 if (!rp) {
2784eb41
JH		 2495 err = -ENOMEM;
2496 goto unlock;
2497 }
2498
2784eb41 2499 i = 0;
4c659c39 2500 list_for_each_entry(c, &hdev->conn_hash.list, list) {
b644ba33
JH		 2501 if (!test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
2502 continue;
4c659c39 2503 bacpy(&rp->addr[i].bdaddr, &c->dst);
57c1477c 2504 rp->addr[i].type = link_to_bdaddr(c->type, c->dst_type);
0ed09148 2505 if (c->type == SCO_LINK || c->type == ESCO_LINK)
4c659c39
JH		 2506 continue;
2507 i++;
2508 }
2509
eb55ef07 2510 rp->conn_count = cpu_to_le16(i);
60fc5fb6 2511
4c659c39
JH		 2512 /* Recalculate length in case of filtered SCO connections, etc */
2513 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
2784eb41 2514
bdb6d971 2515 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CONNECTIONS, 0, rp,
04124681 2516 rp_len);
2784eb41 2517
a38528f1 2518 kfree(rp);
5f97c1df
JH		 2519
2520unlock:
09fd0de5 2521 hci_dev_unlock(hdev);
2784eb41
JH		 2522 return err;
2523}
2524
bdb6d971 2525static int send_pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 2526 struct mgmt_cp_pin_code_neg_reply *cp)
96d97a67
WR		 2527{
2528 struct pending_cmd *cmd;
2529 int err;
2530
2e58ef3e 2531 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_NEG_REPLY, hdev, cp,
04124681 2532 sizeof(*cp));
96d97a67
WR		 2533 if (!cmd)
2534 return -ENOMEM;
2535
d8457698 2536 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
04124681 2537 sizeof(cp->addr.bdaddr), &cp->addr.bdaddr);
96d97a67
WR		 2538 if (err < 0)
2539 mgmt_pending_remove(cmd);
2540
2541 return err;
2542}
2543
bdb6d971 2544static int pin_code_reply(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2545 u16 len)
980e1a53 2546{
96d97a67 2547 struct hci_conn *conn;
650f726d 2548 struct mgmt_cp_pin_code_reply *cp = data;
980e1a53 2549 struct hci_cp_pin_code_reply reply;
366a0336 2550 struct pending_cmd *cmd;
980e1a53
JH		 2551 int err;
2552
2553 BT_DBG("");
2554
09fd0de5 2555 hci_dev_lock(hdev);
980e1a53 2556
4b34ee78 2557 if (!hdev_is_powered(hdev)) {
bdb6d971 2558 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
04124681 2559 MGMT_STATUS_NOT_POWERED);
980e1a53
JH		 2560 goto failed;
2561 }
2562
d8457698 2563 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->addr.bdaddr);
96d97a67 2564 if (!conn) {
bdb6d971 2565 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
04124681 2566 MGMT_STATUS_NOT_CONNECTED);
96d97a67
WR		 2567 goto failed;
2568 }
2569
2570 if (conn->pending_sec_level == BT_SECURITY_HIGH && cp->pin_len != 16) {
d8457698
JH		 2571 struct mgmt_cp_pin_code_neg_reply ncp;
2572
2573 memcpy(&ncp.addr, &cp->addr, sizeof(ncp.addr));
96d97a67
WR		 2574
2575 BT_ERR("PIN code is not 16 bytes long");
2576
bdb6d971 2577 err = send_pin_code_neg_reply(sk, hdev, &ncp);
96d97a67 2578 if (err >= 0)
bdb6d971 2579 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
04124681 2580 MGMT_STATUS_INVALID_PARAMS);
96d97a67
WR		 2581
2582 goto failed;
2583 }
2584
00abfe44 2585 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_REPLY, hdev, data, len);
366a0336
JH		 2586 if (!cmd) {
2587 err = -ENOMEM;
980e1a53 2588 goto failed;
366a0336 2589 }
980e1a53 2590
d8457698 2591 bacpy(&reply.bdaddr, &cp->addr.bdaddr);
980e1a53 2592 reply.pin_len = cp->pin_len;
24718ca5 2593 memcpy(reply.pin_code, cp->pin_code, sizeof(reply.pin_code));
980e1a53
JH		 2594
2595 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_REPLY, sizeof(reply), &reply);
2596 if (err < 0)
a664b5bc 2597 mgmt_pending_remove(cmd);
980e1a53
JH		 2598
2599failed:
09fd0de5 2600 hci_dev_unlock(hdev);
980e1a53
JH		 2601 return err;
2602}
2603
04124681
GP		 2604static int set_io_capability(struct sock *sk, struct hci_dev *hdev, void *data,
2605 u16 len)
17fa4b9d 2606{
650f726d 2607 struct mgmt_cp_set_io_capability *cp = data;
17fa4b9d
JH		 2608
2609 BT_DBG("");
2610
09fd0de5 2611 hci_dev_lock(hdev);
17fa4b9d
JH		 2612
2613 hdev->io_capability = cp->io_capability;
2614
2615 BT_DBG("%s IO capability set to 0x%02x", hdev->name,
8ce8e2b5 2616 hdev->io_capability);
17fa4b9d 2617
09fd0de5 2618 hci_dev_unlock(hdev);
17fa4b9d 2619
04124681
GP		 2620 return cmd_complete(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY, 0, NULL,
2621 0);
17fa4b9d
JH		 2622}
2623
6039aa73 2624static struct pending_cmd *find_pairing(struct hci_conn *conn)
e9a416b5
JH		 2625{
2626 struct hci_dev *hdev = conn->hdev;
8035ded4 2627 struct pending_cmd *cmd;
e9a416b5 2628
2e58ef3e 2629 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
e9a416b5
JH		 2630 if (cmd->opcode != MGMT_OP_PAIR_DEVICE)
2631 continue;
2632
e9a416b5
JH		 2633 if (cmd->user_data != conn)
2634 continue;
2635
2636 return cmd;
2637 }
2638
2639 return NULL;
2640}
2641
2642static void pairing_complete(struct pending_cmd *cmd, u8 status)
2643{
2644 struct mgmt_rp_pair_device rp;
2645 struct hci_conn *conn = cmd->user_data;
2646
ba4e564f 2647 bacpy(&rp.addr.bdaddr, &conn->dst);
57c1477c 2648 rp.addr.type = link_to_bdaddr(conn->type, conn->dst_type);
e9a416b5 2649
aee9b218 2650 cmd_complete(cmd->sk, cmd->index, MGMT_OP_PAIR_DEVICE, status,
04124681 2651 &rp, sizeof(rp));
e9a416b5
JH		 2652
2653 /* So we don't get further callbacks for this connection */
2654 conn->connect_cfm_cb = NULL;
2655 conn->security_cfm_cb = NULL;
2656 conn->disconn_cfm_cb = NULL;
2657
76a68ba0 2658 hci_conn_drop(conn);
e9a416b5 2659
a664b5bc 2660 mgmt_pending_remove(cmd);
e9a416b5
JH		 2661}
2662
f4a407be
JH		 2663void mgmt_smp_complete(struct hci_conn *conn, bool complete)
2664{
2665 u8 status = complete ? MGMT_STATUS_SUCCESS : MGMT_STATUS_FAILED;
2666 struct pending_cmd *cmd;
2667
2668 cmd = find_pairing(conn);
2669 if (cmd)
2670 pairing_complete(cmd, status);
2671}
2672
e9a416b5
JH		 2673static void pairing_complete_cb(struct hci_conn *conn, u8 status)
2674{
2675 struct pending_cmd *cmd;
2676
2677 BT_DBG("status %u", status);
2678
2679 cmd = find_pairing(conn);
56e5cb86 2680 if (!cmd)
e9a416b5 2681 BT_DBG("Unable to find a pending command");
56e5cb86 2682 else
e211326c 2683 pairing_complete(cmd, mgmt_status(status));
e9a416b5
JH		 2684}
2685
f4a407be 2686static void le_pairing_complete_cb(struct hci_conn *conn, u8 status)
4c47d739
VA		 2687{
2688 struct pending_cmd *cmd;
2689
2690 BT_DBG("status %u", status);
2691
2692 if (!status)
2693 return;
2694
2695 cmd = find_pairing(conn);
2696 if (!cmd)
2697 BT_DBG("Unable to find a pending command");
2698 else
2699 pairing_complete(cmd, mgmt_status(status));
2700}
2701
bdb6d971 2702static int pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2703 u16 len)
e9a416b5 2704{
650f726d 2705 struct mgmt_cp_pair_device *cp = data;
1425acb7 2706 struct mgmt_rp_pair_device rp;
e9a416b5
JH		 2707 struct pending_cmd *cmd;
2708 u8 sec_level, auth_type;
2709 struct hci_conn *conn;
e9a416b5
JH		 2710 int err;
2711
2712 BT_DBG("");
2713
f950a30e
SJ		 2714 memset(&rp, 0, sizeof(rp));
2715 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2716 rp.addr.type = cp->addr.type;
2717
4ee71b20
JH		 2718 if (!bdaddr_type_is_valid(cp->addr.type))
2719 return cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2720 MGMT_STATUS_INVALID_PARAMS,
2721 &rp, sizeof(rp));
2722
09fd0de5 2723 hci_dev_lock(hdev);
e9a416b5 2724
5f97c1df 2725 if (!hdev_is_powered(hdev)) {
f950a30e
SJ		 2726 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2727 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
5f97c1df
JH		 2728 goto unlock;
2729 }
2730
c908df36
VCG		 2731 sec_level = BT_SECURITY_MEDIUM;
2732 if (cp->io_cap == 0x03)
e9a416b5 2733 auth_type = HCI_AT_DEDICATED_BONDING;
c908df36 2734 else
e9a416b5 2735 auth_type = HCI_AT_DEDICATED_BONDING_MITM;
e9a416b5 2736
591f47f3 2737 if (cp->addr.type == BDADDR_BREDR)
b12f62cf
AG		 2738 conn = hci_connect(hdev, ACL_LINK, &cp->addr.bdaddr,
2739 cp->addr.type, sec_level, auth_type);
7a512d01 2740 else
b12f62cf
AG		 2741 conn = hci_connect(hdev, LE_LINK, &cp->addr.bdaddr,
2742 cp->addr.type, sec_level, auth_type);
7a512d01 2743
30e76272 2744 if (IS_ERR(conn)) {
489dc48e
AK		 2745 int status;
2746
2747 if (PTR_ERR(conn) == -EBUSY)
2748 status = MGMT_STATUS_BUSY;
2749 else
2750 status = MGMT_STATUS_CONNECT_FAILED;
2751
bdb6d971 2752 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
489dc48e 2753 status, &rp,
04124681 2754 sizeof(rp));
e9a416b5
JH		 2755 goto unlock;
2756 }
2757
2758 if (conn->connect_cfm_cb) {
76a68ba0 2759 hci_conn_drop(conn);
bdb6d971 2760 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
04124681 2761 MGMT_STATUS_BUSY, &rp, sizeof(rp));
e9a416b5
JH		 2762 goto unlock;
2763 }
2764
2e58ef3e 2765 cmd = mgmt_pending_add(sk, MGMT_OP_PAIR_DEVICE, hdev, data, len);
e9a416b5
JH		 2766 if (!cmd) {
2767 err = -ENOMEM;
76a68ba0 2768 hci_conn_drop(conn);
e9a416b5
JH		 2769 goto unlock;
2770 }
2771
7a512d01 2772 /* For LE, just connecting isn't a proof that the pairing finished */
f4a407be 2773 if (cp->addr.type == BDADDR_BREDR) {
7a512d01 2774 conn->connect_cfm_cb = pairing_complete_cb;
f4a407be
JH		 2775 conn->security_cfm_cb = pairing_complete_cb;
2776 conn->disconn_cfm_cb = pairing_complete_cb;
2777 } else {
2778 conn->connect_cfm_cb = le_pairing_complete_cb;
2779 conn->security_cfm_cb = le_pairing_complete_cb;
2780 conn->disconn_cfm_cb = le_pairing_complete_cb;
2781 }
7a512d01 2782
e9a416b5
JH		 2783 conn->io_capability = cp->io_cap;
2784 cmd->user_data = conn;
2785
2786 if (conn->state == BT_CONNECTED &&
8ce8e2b5 2787 hci_conn_security(conn, sec_level, auth_type))
e9a416b5
JH		 2788 pairing_complete(cmd, 0);
2789
2790 err = 0;
2791
2792unlock:
09fd0de5 2793 hci_dev_unlock(hdev);
e9a416b5
JH		 2794 return err;
2795}
2796
04124681
GP		 2797static int cancel_pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
2798 u16 len)
28424707 2799{
0f4e68cf 2800 struct mgmt_addr_info *addr = data;
28424707
JH		 2801 struct pending_cmd *cmd;
2802 struct hci_conn *conn;
2803 int err;
2804
2805 BT_DBG("");
2806
28424707
JH		 2807 hci_dev_lock(hdev);
2808
5f97c1df 2809 if (!hdev_is_powered(hdev)) {
bdb6d971 2810 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
04124681 2811 MGMT_STATUS_NOT_POWERED);
5f97c1df
JH		 2812 goto unlock;
2813 }
2814
28424707
JH		 2815 cmd = mgmt_pending_find(MGMT_OP_PAIR_DEVICE, hdev);
2816 if (!cmd) {
bdb6d971 2817 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
04124681 2818 MGMT_STATUS_INVALID_PARAMS);
28424707
JH		 2819 goto unlock;
2820 }
2821
2822 conn = cmd->user_data;
2823
2824 if (bacmp(&addr->bdaddr, &conn->dst) != 0) {
bdb6d971 2825 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
04124681 2826 MGMT_STATUS_INVALID_PARAMS);
28424707
JH		 2827 goto unlock;
2828 }
2829
2830 pairing_complete(cmd, MGMT_STATUS_CANCELLED);
2831
bdb6d971 2832 err = cmd_complete(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE, 0,
04124681 2833 addr, sizeof(*addr));
28424707
JH		 2834unlock:
2835 hci_dev_unlock(hdev);
28424707
JH		 2836 return err;
2837}
2838
bdb6d971 2839static int user_pairing_resp(struct sock *sk, struct hci_dev *hdev,
1707c60e 2840 struct mgmt_addr_info *addr, u16 mgmt_op,
04124681 2841 u16 hci_op, __le32 passkey)
a5c29683 2842{
a5c29683 2843 struct pending_cmd *cmd;
0df4c185 2844 struct hci_conn *conn;
a5c29683
JH		 2845 int err;
2846
09fd0de5 2847 hci_dev_lock(hdev);
08ba5382 2848
4b34ee78 2849 if (!hdev_is_powered(hdev)) {
feb94d3d
JH		 2850 err = cmd_complete(sk, hdev->id, mgmt_op,
2851 MGMT_STATUS_NOT_POWERED, addr,
2852 sizeof(*addr));
0df4c185 2853 goto done;
a5c29683
JH		 2854 }
2855
1707c60e
JH		 2856 if (addr->type == BDADDR_BREDR)
2857 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &addr->bdaddr);
272d90df 2858 else
1707c60e 2859 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &addr->bdaddr);
272d90df
JH		 2860
2861 if (!conn) {
feb94d3d
JH		 2862 err = cmd_complete(sk, hdev->id, mgmt_op,
2863 MGMT_STATUS_NOT_CONNECTED, addr,
2864 sizeof(*addr));
272d90df
JH		 2865 goto done;
2866 }
47c15e2b 2867
1707c60e 2868 if (addr->type == BDADDR_LE_PUBLIC || addr->type == BDADDR_LE_RANDOM) {
47c15e2b 2869 /* Continue with pairing via SMP */
5fe57d9e
BG		 2870 err = smp_user_confirm_reply(conn, mgmt_op, passkey);
2871
2872 if (!err)
feb94d3d
JH		 2873 err = cmd_complete(sk, hdev->id, mgmt_op,
2874 MGMT_STATUS_SUCCESS, addr,
2875 sizeof(*addr));
5fe57d9e 2876 else
feb94d3d
JH		 2877 err = cmd_complete(sk, hdev->id, mgmt_op,
2878 MGMT_STATUS_FAILED, addr,
2879 sizeof(*addr));
47c15e2b 2880
47c15e2b
BG		 2881 goto done;
2882 }
2883
1707c60e 2884 cmd = mgmt_pending_add(sk, mgmt_op, hdev, addr, sizeof(*addr));
a5c29683
JH		 2885 if (!cmd) {
2886 err = -ENOMEM;
0df4c185 2887 goto done;
a5c29683
JH		 2888 }
2889
0df4c185 2890 /* Continue with pairing via HCI */
604086b7
BG		 2891 if (hci_op == HCI_OP_USER_PASSKEY_REPLY) {
2892 struct hci_cp_user_passkey_reply cp;
2893
1707c60e 2894 bacpy(&cp.bdaddr, &addr->bdaddr);
604086b7
BG		 2895 cp.passkey = passkey;
2896 err = hci_send_cmd(hdev, hci_op, sizeof(cp), &cp);
2897 } else
1707c60e
JH		 2898 err = hci_send_cmd(hdev, hci_op, sizeof(addr->bdaddr),
2899 &addr->bdaddr);
604086b7 2900
a664b5bc
JH		 2901 if (err < 0)
2902 mgmt_pending_remove(cmd);
a5c29683 2903
0df4c185 2904done:
09fd0de5 2905 hci_dev_unlock(hdev);
a5c29683
JH		 2906 return err;
2907}
2908
afeb019d
JK		 2909static int pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
2910 void *data, u16 len)
2911{
2912 struct mgmt_cp_pin_code_neg_reply *cp = data;
2913
2914 BT_DBG("");
2915
1707c60e 2916 return user_pairing_resp(sk, hdev, &cp->addr,
afeb019d
JK		 2917 MGMT_OP_PIN_CODE_NEG_REPLY,
2918 HCI_OP_PIN_CODE_NEG_REPLY, 0);
2919}
2920
04124681
GP		 2921static int user_confirm_reply(struct sock *sk, struct hci_dev *hdev, void *data,
2922 u16 len)
0df4c185 2923{
650f726d 2924 struct mgmt_cp_user_confirm_reply *cp = data;
0df4c185
BG		 2925
2926 BT_DBG("");
2927
2928 if (len != sizeof(*cp))
bdb6d971 2929 return cmd_status(sk, hdev->id, MGMT_OP_USER_CONFIRM_REPLY,
04124681 2930 MGMT_STATUS_INVALID_PARAMS);
0df4c185 2931
1707c60e 2932 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 2933 MGMT_OP_USER_CONFIRM_REPLY,
2934 HCI_OP_USER_CONFIRM_REPLY, 0);
0df4c185
BG		 2935}
2936
bdb6d971 2937static int user_confirm_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 2938 void *data, u16 len)
0df4c185 2939{
c9c2659f 2940 struct mgmt_cp_user_confirm_neg_reply *cp = data;
0df4c185
BG		 2941
2942 BT_DBG("");
2943
1707c60e 2944 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 2945 MGMT_OP_USER_CONFIRM_NEG_REPLY,
2946 HCI_OP_USER_CONFIRM_NEG_REPLY, 0);
0df4c185
BG		 2947}
2948
04124681
GP		 2949static int user_passkey_reply(struct sock *sk, struct hci_dev *hdev, void *data,
2950 u16 len)
604086b7 2951{
650f726d 2952 struct mgmt_cp_user_passkey_reply *cp = data;
604086b7
BG		 2953
2954 BT_DBG("");
2955
1707c60e 2956 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 2957 MGMT_OP_USER_PASSKEY_REPLY,
2958 HCI_OP_USER_PASSKEY_REPLY, cp->passkey);
604086b7
BG		 2959}
2960
bdb6d971 2961static int user_passkey_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 2962 void *data, u16 len)
604086b7 2963{
650f726d 2964 struct mgmt_cp_user_passkey_neg_reply *cp = data;
604086b7
BG		 2965
2966 BT_DBG("");
2967
1707c60e 2968 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 2969 MGMT_OP_USER_PASSKEY_NEG_REPLY,
2970 HCI_OP_USER_PASSKEY_NEG_REPLY, 0);
604086b7
BG		 2971}
2972
13928971 2973static void update_name(struct hci_request *req)
2b4bf397 2974{
13928971 2975 struct hci_dev *hdev = req->hdev;
2b4bf397
JH		 2976 struct hci_cp_write_local_name cp;
2977
13928971 2978 memcpy(cp.name, hdev->dev_name, sizeof(cp.name));
2b4bf397 2979
890ea898 2980 hci_req_add(req, HCI_OP_WRITE_LOCAL_NAME, sizeof(cp), &cp);
2b4bf397
JH		 2981}
2982
13928971
JH		 2983static void set_name_complete(struct hci_dev *hdev, u8 status)
2984{
2985 struct mgmt_cp_set_local_name *cp;
2986 struct pending_cmd *cmd;
2987
2988 BT_DBG("status 0x%02x", status);
2989
2990 hci_dev_lock(hdev);
2991
2992 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
2993 if (!cmd)
2994 goto unlock;
2995
2996 cp = cmd->param;
2997
2998 if (status)
2999 cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME,
3000 mgmt_status(status));
3001 else
3002 cmd_complete(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3003 cp, sizeof(*cp));
3004
3005 mgmt_pending_remove(cmd);
3006
3007unlock:
3008 hci_dev_unlock(hdev);
3009}
3010
bdb6d971 3011static int set_local_name(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3012 u16 len)
b312b161 3013{
2b4bf397 3014 struct mgmt_cp_set_local_name *cp = data;
b312b161 3015 struct pending_cmd *cmd;
890ea898 3016 struct hci_request req;
b312b161
JH		 3017 int err;
3018
3019 BT_DBG("");
3020
09fd0de5 3021 hci_dev_lock(hdev);
b312b161 3022
b3f2ca94
JH		 3023 /* If the old values are the same as the new ones just return a
3024 * direct command complete event.
3025 */
3026 if (!memcmp(hdev->dev_name, cp->name, sizeof(hdev->dev_name)) &&
3027 !memcmp(hdev->short_name, cp->short_name,
3028 sizeof(hdev->short_name))) {
3029 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3030 data, len);
3031 goto failed;
3032 }
3033
2b4bf397 3034 memcpy(hdev->short_name, cp->short_name, sizeof(hdev->short_name));
28cc7bde 3035
b5235a65 3036 if (!hdev_is_powered(hdev)) {
2b4bf397 3037 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
28cc7bde
JH		 3038
3039 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
04124681 3040 data, len);
28cc7bde
JH		 3041 if (err < 0)
3042 goto failed;
3043
3044 err = mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, data, len,
04124681 3045 sk);
28cc7bde 3046
b5235a65
JH		 3047 goto failed;
3048 }
3049
28cc7bde 3050 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LOCAL_NAME, hdev, data, len);
b312b161
JH		 3051 if (!cmd) {
3052 err = -ENOMEM;
3053 goto failed;
3054 }
3055
13928971
JH		 3056 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
3057
890ea898 3058 hci_req_init(&req, hdev);
3f985050
JH		 3059
3060 if (lmp_bredr_capable(hdev)) {
3061 update_name(&req);
3062 update_eir(&req);
3063 }
3064
7a5f4990
MH		 3065 /* The name is stored in the scan response data and so
3066 * no need to udpate the advertising data here.
3067 */
3f985050 3068 if (lmp_le_capable(hdev))
7a5f4990 3069 update_scan_rsp_data(&req);
3f985050 3070
13928971 3071 err = hci_req_run(&req, set_name_complete);
b312b161
JH		 3072 if (err < 0)
3073 mgmt_pending_remove(cmd);
3074
3075failed:
09fd0de5 3076 hci_dev_unlock(hdev);
b312b161
JH		 3077 return err;
3078}
3079
0f4e68cf 3080static int read_local_oob_data(struct sock *sk, struct hci_dev *hdev,
04124681 3081 void *data, u16 data_len)
c35938b2 3082{
c35938b2
SJ		 3083 struct pending_cmd *cmd;
3084 int err;
3085
bdb6d971 3086 BT_DBG("%s", hdev->name);
c35938b2 3087
09fd0de5 3088 hci_dev_lock(hdev);
c35938b2 3089
4b34ee78 3090 if (!hdev_is_powered(hdev)) {
bdb6d971 3091 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
04124681 3092 MGMT_STATUS_NOT_POWERED);
c35938b2
SJ		 3093 goto unlock;
3094 }
3095
9a1a1996 3096 if (!lmp_ssp_capable(hdev)) {
bdb6d971 3097 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
04124681 3098 MGMT_STATUS_NOT_SUPPORTED);
c35938b2
SJ		 3099 goto unlock;
3100 }
3101
2e58ef3e 3102 if (mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev)) {
bdb6d971 3103 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
04124681 3104 MGMT_STATUS_BUSY);
c35938b2
SJ		 3105 goto unlock;
3106 }
3107
2e58ef3e 3108 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_DATA, hdev, NULL, 0);
c35938b2
SJ		 3109 if (!cmd) {
3110 err = -ENOMEM;
3111 goto unlock;
3112 }
3113
4d2d2796
MH		 3114 if (test_bit(HCI_SC_ENABLED, &hdev->dev_flags))
3115 err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_EXT_DATA,
3116 0, NULL);
3117 else
3118 err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL);
3119
c35938b2
SJ		 3120 if (err < 0)
3121 mgmt_pending_remove(cmd);
3122
3123unlock:
09fd0de5 3124 hci_dev_unlock(hdev);
c35938b2
SJ		 3125 return err;
3126}
3127
bdb6d971 3128static int add_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
04124681 3129 void *data, u16 len)
2763eda6 3130{
2763eda6
SJ		 3131 int err;
3132
bdb6d971 3133 BT_DBG("%s ", hdev->name);
2763eda6 3134
09fd0de5 3135 hci_dev_lock(hdev);
2763eda6 3136
ec109113
MH		 3137 if (len == MGMT_ADD_REMOTE_OOB_DATA_SIZE) {
3138 struct mgmt_cp_add_remote_oob_data *cp = data;
3139 u8 status;
bf1e3541 3140
ec109113
MH		 3141 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr,
3142 cp->hash, cp->randomizer);
3143 if (err < 0)
3144 status = MGMT_STATUS_FAILED;
3145 else
3146 status = MGMT_STATUS_SUCCESS;
3147
3148 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA,
3149 status, &cp->addr, sizeof(cp->addr));
3150 } else if (len == MGMT_ADD_REMOTE_OOB_EXT_DATA_SIZE) {
3151 struct mgmt_cp_add_remote_oob_ext_data *cp = data;
3152 u8 status;
3153
3154 err = hci_add_remote_oob_ext_data(hdev, &cp->addr.bdaddr,
3155 cp->hash192,
3156 cp->randomizer192,
3157 cp->hash256,
3158 cp->randomizer256);
3159 if (err < 0)
3160 status = MGMT_STATUS_FAILED;
3161 else
3162 status = MGMT_STATUS_SUCCESS;
3163
3164 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA,
3165 status, &cp->addr, sizeof(cp->addr));
3166 } else {
3167 BT_ERR("add_remote_oob_data: invalid length of %u bytes", len);
3168 err = cmd_status(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA,
3169 MGMT_STATUS_INVALID_PARAMS);
3170 }
2763eda6 3171
09fd0de5 3172 hci_dev_unlock(hdev);
2763eda6
SJ		 3173 return err;
3174}
3175
bdb6d971 3176static int remove_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
8ce8e2b5 3177 void *data, u16 len)
2763eda6 3178{
650f726d 3179 struct mgmt_cp_remove_remote_oob_data *cp = data;
bf1e3541 3180 u8 status;
2763eda6
SJ		 3181 int err;
3182
bdb6d971 3183 BT_DBG("%s", hdev->name);
2763eda6 3184
09fd0de5 3185 hci_dev_lock(hdev);
2763eda6 3186
664ce4cc 3187 err = hci_remove_remote_oob_data(hdev, &cp->addr.bdaddr);
2763eda6 3188 if (err < 0)
bf1e3541 3189 status = MGMT_STATUS_INVALID_PARAMS;
2763eda6 3190 else
a6785be2 3191 status = MGMT_STATUS_SUCCESS;
bf1e3541 3192
bdb6d971 3193 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
04124681 3194 status, &cp->addr, sizeof(cp->addr));
2763eda6 3195
09fd0de5 3196 hci_dev_unlock(hdev);
2763eda6
SJ		 3197 return err;
3198}
3199
41dc2bd6
AG		 3200static int mgmt_start_discovery_failed(struct hci_dev *hdev, u8 status)
3201{
3202 struct pending_cmd *cmd;
3203 u8 type;
3204 int err;
3205
3206 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
3207
3208 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
3209 if (!cmd)
3210 return -ENOENT;
3211
3212 type = hdev->discovery.type;
3213
3214 err = cmd_complete(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status),
3215 &type, sizeof(type));
3216 mgmt_pending_remove(cmd);
3217
3218 return err;
3219}
3220
7c307720
AG		 3221static void start_discovery_complete(struct hci_dev *hdev, u8 status)
3222{
3223 BT_DBG("status %d", status);
3224
3225 if (status) {
3226 hci_dev_lock(hdev);
3227 mgmt_start_discovery_failed(hdev, status);
3228 hci_dev_unlock(hdev);
3229 return;
3230 }
3231
3232 hci_dev_lock(hdev);
3233 hci_discovery_set_state(hdev, DISCOVERY_FINDING);
3234 hci_dev_unlock(hdev);
3235
3236 switch (hdev->discovery.type) {
3237 case DISCOV_TYPE_LE:
3238 queue_delayed_work(hdev->workqueue, &hdev->le_scan_disable,
0d8cc935 3239 DISCOV_LE_TIMEOUT);
7c307720
AG		 3240 break;
3241
3242 case DISCOV_TYPE_INTERLEAVED:
3243 queue_delayed_work(hdev->workqueue, &hdev->le_scan_disable,
0d8cc935 3244 DISCOV_INTERLEAVED_TIMEOUT);
7c307720
AG		 3245 break;
3246
3247 case DISCOV_TYPE_BREDR:
3248 break;
3249
3250 default:
3251 BT_ERR("Invalid discovery type %d", hdev->discovery.type);
3252 }
3253}
3254
bdb6d971 3255static int start_discovery(struct sock *sk, struct hci_dev *hdev,
04124681 3256 void *data, u16 len)
14a53664 3257{
650f726d 3258 struct mgmt_cp_start_discovery *cp = data;
14a53664 3259 struct pending_cmd *cmd;
7c307720
AG		 3260 struct hci_cp_le_set_scan_param param_cp;
3261 struct hci_cp_le_set_scan_enable enable_cp;
3262 struct hci_cp_inquiry inq_cp;
3263 struct hci_request req;
3264 /* General inquiry access code (GIAC) */
3265 u8 lap[3] = { 0x33, 0x8b, 0x9e };
e6fe7986 3266 u8 status;
14a53664
JH		 3267 int err;
3268
bdb6d971 3269 BT_DBG("%s", hdev->name);
14a53664 3270
09fd0de5 3271 hci_dev_lock(hdev);
14a53664 3272
4b34ee78 3273 if (!hdev_is_powered(hdev)) {
bdb6d971 3274 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
04124681 3275 MGMT_STATUS_NOT_POWERED);
bd2d1334
JH		 3276 goto failed;
3277 }
3278
642be6c7
AG		 3279 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags)) {
3280 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3281 MGMT_STATUS_BUSY);
3282 goto failed;
3283 }
3284
ff9ef578 3285 if (hdev->discovery.state != DISCOVERY_STOPPED) {
bdb6d971 3286 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
04124681 3287 MGMT_STATUS_BUSY);
ff9ef578
JH		 3288 goto failed;
3289 }
3290
2e58ef3e 3291 cmd = mgmt_pending_add(sk, MGMT_OP_START_DISCOVERY, hdev, NULL, 0);
14a53664
JH		 3292 if (!cmd) {
3293 err = -ENOMEM;
3294 goto failed;
3295 }
3296
4aab14e5
AG		 3297 hdev->discovery.type = cp->type;
3298
7c307720
AG		 3299 hci_req_init(&req, hdev);
3300
4aab14e5 3301 switch (hdev->discovery.type) {
f39799f5 3302 case DISCOV_TYPE_BREDR:
e6fe7986
JH		 3303 status = mgmt_bredr_support(hdev);
3304 if (status) {
04106755 3305 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
e6fe7986 3306 status);
04106755
JH		 3307 mgmt_pending_remove(cmd);
3308 goto failed;
3309 }
3310
7c307720
AG		 3311 if (test_bit(HCI_INQUIRY, &hdev->flags)) {
3312 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3313 MGMT_STATUS_BUSY);
3314 mgmt_pending_remove(cmd);
3315 goto failed;
3316 }
3317
3318 hci_inquiry_cache_flush(hdev);
3319
3320 memset(&inq_cp, 0, sizeof(inq_cp));
3321 memcpy(&inq_cp.lap, lap, sizeof(inq_cp.lap));
0d8cc935 3322 inq_cp.length = DISCOV_BREDR_INQUIRY_LEN;
7c307720 3323 hci_req_add(&req, HCI_OP_INQUIRY, sizeof(inq_cp), &inq_cp);
f39799f5
AG		 3324 break;
3325
3326 case DISCOV_TYPE_LE:
7c307720 3327 case DISCOV_TYPE_INTERLEAVED:
e6fe7986
JH		 3328 status = mgmt_le_support(hdev);
3329 if (status) {
04106755 3330 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
e6fe7986 3331 status);
04106755
JH		 3332 mgmt_pending_remove(cmd);
3333 goto failed;
3334 }
3335
7c307720 3336 if (hdev->discovery.type == DISCOV_TYPE_INTERLEAVED &&
56f87901 3337 !test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
04106755
JH		 3338 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3339 MGMT_STATUS_NOT_SUPPORTED);
3340 mgmt_pending_remove(cmd);
3341 goto failed;
3342 }
3343
f3d3444a 3344 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags)) {
7c307720
AG		 3345 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3346 MGMT_STATUS_REJECTED);
3347 mgmt_pending_remove(cmd);
3348 goto failed;
3349 }
3350
3351 if (test_bit(HCI_LE_SCAN, &hdev->dev_flags)) {
3352 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3353 MGMT_STATUS_BUSY);
3354 mgmt_pending_remove(cmd);
3355 goto failed;
3356 }
3357
3358 memset(&param_cp, 0, sizeof(param_cp));
3359 param_cp.type = LE_SCAN_ACTIVE;
0d8cc935
AG		 3360 param_cp.interval = cpu_to_le16(DISCOV_LE_SCAN_INT);
3361 param_cp.window = cpu_to_le16(DISCOV_LE_SCAN_WIN);
79830f66 3362 param_cp.own_address_type = hdev->own_addr_type;
7c307720
AG		 3363 hci_req_add(&req, HCI_OP_LE_SET_SCAN_PARAM, sizeof(param_cp),
3364 &param_cp);
3365
3366 memset(&enable_cp, 0, sizeof(enable_cp));
3367 enable_cp.enable = LE_SCAN_ENABLE;
3368 enable_cp.filter_dup = LE_SCAN_FILTER_DUP_ENABLE;
3369 hci_req_add(&req, HCI_OP_LE_SET_SCAN_ENABLE, sizeof(enable_cp),
3370 &enable_cp);
5e0452c0
AG		 3371 break;
3372
f39799f5 3373 default:
04106755
JH		 3374 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3375 MGMT_STATUS_INVALID_PARAMS);
3376 mgmt_pending_remove(cmd);
3377 goto failed;
f39799f5 3378 }
3fd24153 3379
7c307720 3380 err = hci_req_run(&req, start_discovery_complete);
14a53664
JH		 3381 if (err < 0)
3382 mgmt_pending_remove(cmd);
ff9ef578
JH		 3383 else
3384 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
14a53664
JH		 3385
3386failed:
09fd0de5 3387 hci_dev_unlock(hdev);
14a53664
JH		 3388 return err;
3389}
3390
1183fdca
AG		 3391static int mgmt_stop_discovery_failed(struct hci_dev *hdev, u8 status)
3392{
3393 struct pending_cmd *cmd;
3394 int err;
3395
3396 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
3397 if (!cmd)
3398 return -ENOENT;
3399
3400 err = cmd_complete(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status),
3401 &hdev->discovery.type, sizeof(hdev->discovery.type));
3402 mgmt_pending_remove(cmd);
3403
3404 return err;
3405}
3406
0e05bba6
AG		 3407static void stop_discovery_complete(struct hci_dev *hdev, u8 status)
3408{
3409 BT_DBG("status %d", status);
3410
3411 hci_dev_lock(hdev);
3412
3413 if (status) {
3414 mgmt_stop_discovery_failed(hdev, status);
3415 goto unlock;
3416 }
3417
3418 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
3419
3420unlock:
3421 hci_dev_unlock(hdev);
3422}
3423
bdb6d971 3424static int stop_discovery(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3425 u16 len)
14a53664 3426{
d930650b 3427 struct mgmt_cp_stop_discovery *mgmt_cp = data;
14a53664 3428 struct pending_cmd *cmd;
30dc78e1
JH		 3429 struct hci_cp_remote_name_req_cancel cp;
3430 struct inquiry_entry *e;
0e05bba6
AG		 3431 struct hci_request req;
3432 struct hci_cp_le_set_scan_enable enable_cp;
14a53664
JH		 3433 int err;
3434
bdb6d971 3435 BT_DBG("%s", hdev->name);
14a53664 3436
09fd0de5 3437 hci_dev_lock(hdev);
14a53664 3438
30dc78e1 3439 if (!hci_discovery_active(hdev)) {
bdb6d971 3440 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
04124681
GP		 3441 MGMT_STATUS_REJECTED, &mgmt_cp->type,
3442 sizeof(mgmt_cp->type));
d930650b
JH		 3443 goto unlock;
3444 }
3445
3446 if (hdev->discovery.type != mgmt_cp->type) {
bdb6d971 3447 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
04124681
GP		 3448 MGMT_STATUS_INVALID_PARAMS, &mgmt_cp->type,
3449 sizeof(mgmt_cp->type));
30dc78e1 3450 goto unlock;
ff9ef578
JH		 3451 }
3452
2e58ef3e 3453 cmd = mgmt_pending_add(sk, MGMT_OP_STOP_DISCOVERY, hdev, NULL, 0);
14a53664
JH		 3454 if (!cmd) {
3455 err = -ENOMEM;
30dc78e1
JH		 3456 goto unlock;
3457 }
3458
0e05bba6
AG		 3459 hci_req_init(&req, hdev);
3460
e0d9727e
AG		 3461 switch (hdev->discovery.state) {
3462 case DISCOVERY_FINDING:
0e05bba6
AG		 3463 if (test_bit(HCI_INQUIRY, &hdev->flags)) {
3464 hci_req_add(&req, HCI_OP_INQUIRY_CANCEL, 0, NULL);
3465 } else {
3466 cancel_delayed_work(&hdev->le_scan_disable);
3467
3468 memset(&enable_cp, 0, sizeof(enable_cp));
3469 enable_cp.enable = LE_SCAN_DISABLE;
3470 hci_req_add(&req, HCI_OP_LE_SET_SCAN_ENABLE,
3471 sizeof(enable_cp), &enable_cp);
3472 }
c9ecc48e 3473
e0d9727e
AG		 3474 break;
3475
3476 case DISCOVERY_RESOLVING:
3477 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY,
8ce8e2b5 3478 NAME_PENDING);
e0d9727e 3479 if (!e) {
30dc78e1 3480 mgmt_pending_remove(cmd);
e0d9727e
AG		 3481 err = cmd_complete(sk, hdev->id,
3482 MGMT_OP_STOP_DISCOVERY, 0,
3483 &mgmt_cp->type,
3484 sizeof(mgmt_cp->type));
3485 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
3486 goto unlock;
3487 }
30dc78e1 3488
e0d9727e 3489 bacpy(&cp.bdaddr, &e->data.bdaddr);
0e05bba6
AG		 3490 hci_req_add(&req, HCI_OP_REMOTE_NAME_REQ_CANCEL, sizeof(cp),
3491 &cp);
e0d9727e
AG		 3492
3493 break;
3494
3495 default:
3496 BT_DBG("unknown discovery state %u", hdev->discovery.state);
0e05bba6
AG		 3497
3498 mgmt_pending_remove(cmd);
3499 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
3500 MGMT_STATUS_FAILED, &mgmt_cp->type,
3501 sizeof(mgmt_cp->type));
3502 goto unlock;
14a53664
JH		 3503 }
3504
0e05bba6 3505 err = hci_req_run(&req, stop_discovery_complete);
14a53664
JH		 3506 if (err < 0)
3507 mgmt_pending_remove(cmd);
ff9ef578
JH		 3508 else
3509 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
14a53664 3510
30dc78e1 3511unlock:
09fd0de5 3512 hci_dev_unlock(hdev);
14a53664
JH		 3513 return err;
3514}
3515
bdb6d971 3516static int confirm_name(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3517 u16 len)
561aafbc 3518{
650f726d 3519 struct mgmt_cp_confirm_name *cp = data;
561aafbc 3520 struct inquiry_entry *e;
561aafbc
JH		 3521 int err;
3522
bdb6d971 3523 BT_DBG("%s", hdev->name);
561aafbc 3524
561aafbc
JH		 3525 hci_dev_lock(hdev);
3526
30dc78e1 3527 if (!hci_discovery_active(hdev)) {
bdb6d971 3528 err = cmd_status(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
04124681 3529 MGMT_STATUS_FAILED);
30dc78e1
JH		 3530 goto failed;
3531 }
3532
a198e7b1 3533 e = hci_inquiry_cache_lookup_unknown(hdev, &cp->addr.bdaddr);
561aafbc 3534 if (!e) {
bdb6d971 3535 err = cmd_status(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
04124681 3536 MGMT_STATUS_INVALID_PARAMS);
561aafbc
JH		 3537 goto failed;
3538 }
3539
3540 if (cp->name_known) {
3541 e->name_state = NAME_KNOWN;
3542 list_del(&e->list);
3543 } else {
3544 e->name_state = NAME_NEEDED;
a3d4e20a 3545 hci_inquiry_cache_update_resolve(hdev, e);
561aafbc
JH		 3546 }
3547
e384662b
JH		 3548 err = cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME, 0, &cp->addr,
3549 sizeof(cp->addr));
561aafbc
JH		 3550
3551failed:
3552 hci_dev_unlock(hdev);
561aafbc
JH		 3553 return err;
3554}
3555
bdb6d971 3556static int block_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3557 u16 len)
7fbec224 3558{
650f726d 3559 struct mgmt_cp_block_device *cp = data;
f0eeea8b 3560 u8 status;
7fbec224
AJ		 3561 int err;
3562
bdb6d971 3563 BT_DBG("%s", hdev->name);
7fbec224 3564
4ee71b20 3565 if (!bdaddr_type_is_valid(cp->addr.type))
5d0846d4
JH		 3566 return cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE,
3567 MGMT_STATUS_INVALID_PARAMS,
3568 &cp->addr, sizeof(cp->addr));
4ee71b20 3569
09fd0de5 3570 hci_dev_lock(hdev);
5e762444 3571
88c1fe4b 3572 err = hci_blacklist_add(hdev, &cp->addr.bdaddr, cp->addr.type);
7fbec224 3573 if (err < 0)
f0eeea8b 3574 status = MGMT_STATUS_FAILED;
7fbec224 3575 else
a6785be2 3576 status = MGMT_STATUS_SUCCESS;
f0eeea8b 3577
bdb6d971 3578 err = cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE, status,
04124681 3579 &cp->addr, sizeof(cp->addr));
5e762444 3580
09fd0de5 3581 hci_dev_unlock(hdev);
7fbec224
AJ		 3582
3583 return err;
3584}
3585
bdb6d971 3586static int unblock_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3587 u16 len)
7fbec224 3588{
650f726d 3589 struct mgmt_cp_unblock_device *cp = data;
f0eeea8b 3590 u8 status;
7fbec224
AJ		 3591 int err;
3592
bdb6d971 3593 BT_DBG("%s", hdev->name);
7fbec224 3594
4ee71b20 3595 if (!bdaddr_type_is_valid(cp->addr.type))
5d0846d4
JH		 3596 return cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE,
3597 MGMT_STATUS_INVALID_PARAMS,
3598 &cp->addr, sizeof(cp->addr));
4ee71b20 3599
09fd0de5 3600 hci_dev_lock(hdev);
5e762444 3601
88c1fe4b 3602 err = hci_blacklist_del(hdev, &cp->addr.bdaddr, cp->addr.type);
7fbec224 3603 if (err < 0)
f0eeea8b 3604 status = MGMT_STATUS_INVALID_PARAMS;
7fbec224 3605 else
a6785be2 3606 status = MGMT_STATUS_SUCCESS;
f0eeea8b 3607
bdb6d971 3608 err = cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE, status,
04124681 3609 &cp->addr, sizeof(cp->addr));
5e762444 3610
09fd0de5 3611 hci_dev_unlock(hdev);
7fbec224
AJ		 3612
3613 return err;
3614}
3615
cdbaccca
MH		 3616static int set_device_id(struct sock *sk, struct hci_dev *hdev, void *data,
3617 u16 len)
3618{
3619 struct mgmt_cp_set_device_id *cp = data;
890ea898 3620 struct hci_request req;
cdbaccca 3621 int err;
c72d4b8a 3622 __u16 source;
cdbaccca
MH		 3623
3624 BT_DBG("%s", hdev->name);
3625
c72d4b8a
SJ		 3626 source = __le16_to_cpu(cp->source);
3627
3628 if (source > 0x0002)
3629 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEVICE_ID,
3630 MGMT_STATUS_INVALID_PARAMS);
3631
cdbaccca
MH		 3632 hci_dev_lock(hdev);
3633
c72d4b8a 3634 hdev->devid_source = source;
cdbaccca
MH		 3635 hdev->devid_vendor = __le16_to_cpu(cp->vendor);
3636 hdev->devid_product = __le16_to_cpu(cp->product);
3637 hdev->devid_version = __le16_to_cpu(cp->version);
3638
3639 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEVICE_ID, 0, NULL, 0);
3640
890ea898
JH		 3641 hci_req_init(&req, hdev);
3642 update_eir(&req);
3643 hci_req_run(&req, NULL);
cdbaccca
MH		 3644
3645 hci_dev_unlock(hdev);
3646
3647 return err;
3648}
3649
4375f103
JH		 3650static void set_advertising_complete(struct hci_dev *hdev, u8 status)
3651{
3652 struct cmd_lookup match = { NULL, hdev };
3653
3654 if (status) {
3655 u8 mgmt_err = mgmt_status(status);
3656
3657 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev,
3658 cmd_status_rsp, &mgmt_err);
3659 return;
3660 }
3661
3662 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev, settings_rsp,
3663 &match);
3664
3665 new_settings(hdev, match.sk);
3666
3667 if (match.sk)
3668 sock_put(match.sk);
3669}
3670
21b5187f
MH		 3671static int set_advertising(struct sock *sk, struct hci_dev *hdev, void *data,
3672 u16 len)
4375f103
JH		 3673{
3674 struct mgmt_mode *cp = data;
3675 struct pending_cmd *cmd;
3676 struct hci_request req;
e6fe7986 3677 u8 val, enabled, status;
4375f103
JH		 3678 int err;
3679
3680 BT_DBG("request for %s", hdev->name);
3681
e6fe7986
JH		 3682 status = mgmt_le_support(hdev);
3683 if (status)
4375f103 3684 return cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
e6fe7986 3685 status);
4375f103
JH		 3686
3687 if (cp->val != 0x00 && cp->val != 0x01)
3688 return cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
3689 MGMT_STATUS_INVALID_PARAMS);
3690
3691 hci_dev_lock(hdev);
3692
3693 val = !!cp->val;
f3d3444a 3694 enabled = test_bit(HCI_ADVERTISING, &hdev->dev_flags);
4375f103 3695
f74ca9b8
JH		 3696 /* The following conditions are ones which mean that we should
3697 * not do any HCI communication but directly send a mgmt
3698 * response to user space (after toggling the flag if
3699 * necessary).
3700 */
3701 if (!hdev_is_powered(hdev) || val == enabled ||
b145edcd 3702 hci_conn_num(hdev, LE_LINK) > 0) {
4375f103
JH		 3703 bool changed = false;
3704
f3d3444a
JH		 3705 if (val != test_bit(HCI_ADVERTISING, &hdev->dev_flags)) {
3706 change_bit(HCI_ADVERTISING, &hdev->dev_flags);
4375f103
JH		 3707 changed = true;
3708 }
3709
3710 err = send_settings_rsp(sk, MGMT_OP_SET_ADVERTISING, hdev);
3711 if (err < 0)
3712 goto unlock;
3713
3714 if (changed)
3715 err = new_settings(hdev, sk);
3716
3717 goto unlock;
3718 }
3719
3720 if (mgmt_pending_find(MGMT_OP_SET_ADVERTISING, hdev) ||
3721 mgmt_pending_find(MGMT_OP_SET_LE, hdev)) {
3722 err = cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
3723 MGMT_STATUS_BUSY);
3724 goto unlock;
3725 }
3726
3727 cmd = mgmt_pending_add(sk, MGMT_OP_SET_ADVERTISING, hdev, data, len);
3728 if (!cmd) {
3729 err = -ENOMEM;
3730 goto unlock;
3731 }
3732
3733 hci_req_init(&req, hdev);
3734
bba3aa55
MH		 3735 if (val)
3736 enable_advertising(&req);
3737 else
3738 disable_advertising(&req);
4375f103
JH		 3739
3740 err = hci_req_run(&req, set_advertising_complete);
3741 if (err < 0)
3742 mgmt_pending_remove(cmd);
3743
3744unlock:
3745 hci_dev_unlock(hdev);
3746 return err;
3747}
3748
d13eafce
MH		 3749static int set_static_address(struct sock *sk, struct hci_dev *hdev,
3750 void *data, u16 len)
3751{
3752 struct mgmt_cp_set_static_address *cp = data;
3753 int err;
3754
3755 BT_DBG("%s", hdev->name);
3756
62af4443 3757 if (!lmp_le_capable(hdev))
d13eafce 3758 return cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
62af4443 3759 MGMT_STATUS_NOT_SUPPORTED);
d13eafce
MH		 3760
3761 if (hdev_is_powered(hdev))
3762 return cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
3763 MGMT_STATUS_REJECTED);
3764
3765 if (bacmp(&cp->bdaddr, BDADDR_ANY)) {
3766 if (!bacmp(&cp->bdaddr, BDADDR_NONE))
3767 return cmd_status(sk, hdev->id,
3768 MGMT_OP_SET_STATIC_ADDRESS,
3769 MGMT_STATUS_INVALID_PARAMS);
3770
3771 /* Two most significant bits shall be set */
3772 if ((cp->bdaddr.b[5] & 0xc0) != 0xc0)
3773 return cmd_status(sk, hdev->id,
3774 MGMT_OP_SET_STATIC_ADDRESS,
3775 MGMT_STATUS_INVALID_PARAMS);
3776 }
3777
3778 hci_dev_lock(hdev);
3779
3780 bacpy(&hdev->static_addr, &cp->bdaddr);
3781
3782 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS, 0, NULL, 0);
3783
3784 hci_dev_unlock(hdev);
3785
3786 return err;
3787}
3788
14b49b9a
MH		 3789static int set_scan_params(struct sock *sk, struct hci_dev *hdev,
3790 void *data, u16 len)
3791{
3792 struct mgmt_cp_set_scan_params *cp = data;
3793 __u16 interval, window;
3794 int err;
3795
3796 BT_DBG("%s", hdev->name);
3797
3798 if (!lmp_le_capable(hdev))
3799 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
3800 MGMT_STATUS_NOT_SUPPORTED);
3801
3802 interval = __le16_to_cpu(cp->interval);
3803
3804 if (interval < 0x0004 || interval > 0x4000)
3805 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
3806 MGMT_STATUS_INVALID_PARAMS);
3807
3808 window = __le16_to_cpu(cp->window);
3809
3810 if (window < 0x0004 || window > 0x4000)
3811 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
3812 MGMT_STATUS_INVALID_PARAMS);
3813
899e1075
MH		 3814 if (window > interval)
3815 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
3816 MGMT_STATUS_INVALID_PARAMS);
3817
14b49b9a
MH		 3818 hci_dev_lock(hdev);
3819
3820 hdev->le_scan_interval = interval;
3821 hdev->le_scan_window = window;
3822
3823 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS, 0, NULL, 0);
3824
3825 hci_dev_unlock(hdev);
3826
3827 return err;
3828}
3829
33e38b3e
JH		 3830static void fast_connectable_complete(struct hci_dev *hdev, u8 status)
3831{
3832 struct pending_cmd *cmd;
3833
3834 BT_DBG("status 0x%02x", status);
3835
3836 hci_dev_lock(hdev);
3837
3838 cmd = mgmt_pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev);
3839 if (!cmd)
3840 goto unlock;
3841
3842 if (status) {
3843 cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
3844 mgmt_status(status));
3845 } else {
1a4d3c4b
JH		 3846 struct mgmt_mode *cp = cmd->param;
3847
3848 if (cp->val)
3849 set_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
3850 else
3851 clear_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
3852
33e38b3e
JH		 3853 send_settings_rsp(cmd->sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev);
3854 new_settings(hdev, cmd->sk);
3855 }
3856
3857 mgmt_pending_remove(cmd);
3858
3859unlock:
3860 hci_dev_unlock(hdev);
3861}
3862
bdb6d971 3863static int set_fast_connectable(struct sock *sk, struct hci_dev *hdev,
04124681 3864 void *data, u16 len)
f6422ec6 3865{
650f726d 3866 struct mgmt_mode *cp = data;
33e38b3e
JH		 3867 struct pending_cmd *cmd;
3868 struct hci_request req;
f6422ec6
AJ		 3869 int err;
3870
bdb6d971 3871 BT_DBG("%s", hdev->name);
f6422ec6 3872
56f87901
JH		 3873 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags) ||
3874 hdev->hci_ver < BLUETOOTH_VER_1_2)
33c525c0
JH		 3875 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
3876 MGMT_STATUS_NOT_SUPPORTED);
3877
a7e80f25
JH		 3878 if (cp->val != 0x00 && cp->val != 0x01)
3879 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
3880 MGMT_STATUS_INVALID_PARAMS);
3881
5400c044 3882 if (!hdev_is_powered(hdev))
bdb6d971 3883 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
04124681 3884 MGMT_STATUS_NOT_POWERED);
5400c044
JH		 3885
3886 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
bdb6d971 3887 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
04124681 3888 MGMT_STATUS_REJECTED);
f6422ec6
AJ		 3889
3890 hci_dev_lock(hdev);
3891
05cbf29f
JH		 3892 if (mgmt_pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev)) {
3893 err = cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
3894 MGMT_STATUS_BUSY);
3895 goto unlock;
3896 }
3897
1a4d3c4b
JH		 3898 if (!!cp->val == test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags)) {
3899 err = send_settings_rsp(sk, MGMT_OP_SET_FAST_CONNECTABLE,
3900 hdev);
3901 goto unlock;
3902 }
3903
33e38b3e
JH		 3904 cmd = mgmt_pending_add(sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev,
3905 data, len);
3906 if (!cmd) {
3907 err = -ENOMEM;
3908 goto unlock;
f6422ec6
AJ		 3909 }
3910
33e38b3e
JH		 3911 hci_req_init(&req, hdev);
3912
406d7804 3913 write_fast_connectable(&req, cp->val);
33e38b3e
JH		 3914
3915 err = hci_req_run(&req, fast_connectable_complete);
f6422ec6 3916 if (err < 0) {
bdb6d971 3917 err = cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
04124681 3918 MGMT_STATUS_FAILED);
33e38b3e 3919 mgmt_pending_remove(cmd);
f6422ec6
AJ		 3920 }
3921
33e38b3e 3922unlock:
f6422ec6 3923 hci_dev_unlock(hdev);
33e38b3e 3924
f6422ec6
AJ		 3925 return err;
3926}
3927
67e5a7a3
JH		 3928static void set_bredr_scan(struct hci_request *req)
3929{
3930 struct hci_dev *hdev = req->hdev;
3931 u8 scan = 0;
3932
3933 /* Ensure that fast connectable is disabled. This function will
3934 * not do anything if the page scan parameters are already what
3935 * they should be.
3936 */
3937 write_fast_connectable(req, false);
3938
3939 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
3940 scan |= SCAN_PAGE;
3941 if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
3942 scan |= SCAN_INQUIRY;
3943
3944 if (scan)
3945 hci_req_add(req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
3946}
3947
0663ca2a
JH		 3948static void set_bredr_complete(struct hci_dev *hdev, u8 status)
3949{
3950 struct pending_cmd *cmd;
3951
3952 BT_DBG("status 0x%02x", status);
3953
3954 hci_dev_lock(hdev);
3955
3956 cmd = mgmt_pending_find(MGMT_OP_SET_BREDR, hdev);
3957 if (!cmd)
3958 goto unlock;
3959
3960 if (status) {
3961 u8 mgmt_err = mgmt_status(status);
3962
3963 /* We need to restore the flag if related HCI commands
3964 * failed.
3965 */
3966 clear_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
3967
3968 cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
3969 } else {
3970 send_settings_rsp(cmd->sk, MGMT_OP_SET_BREDR, hdev);
3971 new_settings(hdev, cmd->sk);
3972 }
3973
3974 mgmt_pending_remove(cmd);
3975
3976unlock:
3977 hci_dev_unlock(hdev);
3978}
3979
3980static int set_bredr(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
3981{
3982 struct mgmt_mode *cp = data;
3983 struct pending_cmd *cmd;
3984 struct hci_request req;
3985 int err;
3986
3987 BT_DBG("request for %s", hdev->name);
3988
3989 if (!lmp_bredr_capable(hdev) || !lmp_le_capable(hdev))
3990 return cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
3991 MGMT_STATUS_NOT_SUPPORTED);
3992
3993 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
3994 return cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
3995 MGMT_STATUS_REJECTED);
3996
3997 if (cp->val != 0x00 && cp->val != 0x01)
3998 return cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
3999 MGMT_STATUS_INVALID_PARAMS);
4000
4001 hci_dev_lock(hdev);
4002
4003 if (cp->val == test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
4004 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
4005 goto unlock;
4006 }
4007
4008 if (!hdev_is_powered(hdev)) {
4009 if (!cp->val) {
0663ca2a
JH		 4010 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
4011 clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
4012 clear_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
4013 clear_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
4014 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
4015 }
4016
4017 change_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
4018
4019 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
4020 if (err < 0)
4021 goto unlock;
4022
4023 err = new_settings(hdev, sk);
4024 goto unlock;
4025 }
4026
4027 /* Reject disabling when powered on */
4028 if (!cp->val) {
4029 err = cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4030 MGMT_STATUS_REJECTED);
4031 goto unlock;
4032 }
4033
4034 if (mgmt_pending_find(MGMT_OP_SET_BREDR, hdev)) {
4035 err = cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4036 MGMT_STATUS_BUSY);
4037 goto unlock;
4038 }
4039
4040 cmd = mgmt_pending_add(sk, MGMT_OP_SET_BREDR, hdev, data, len);
4041 if (!cmd) {
4042 err = -ENOMEM;
4043 goto unlock;
4044 }
4045
5947f4bc 4046 /* We need to flip the bit already here so that update_adv_data
0663ca2a
JH		 4047 * generates the correct flags.
4048 */
4049 set_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
4050
4051 hci_req_init(&req, hdev);
aa8af46e
JH		 4052
4053 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
4054 set_bredr_scan(&req);
4055
f14d8f64
MH		 4056 /* Since only the advertising data flags will change, there
4057 * is no need to update the scan response data.
4058 */
5947f4bc 4059 update_adv_data(&req);
aa8af46e 4060
0663ca2a
JH		 4061 err = hci_req_run(&req, set_bredr_complete);
4062 if (err < 0)
4063 mgmt_pending_remove(cmd);
4064
4065unlock:
4066 hci_dev_unlock(hdev);
4067 return err;
4068}
4069
eac83dc6
MH		 4070static int set_secure_conn(struct sock *sk, struct hci_dev *hdev,
4071 void *data, u16 len)
4072{
4073 struct mgmt_mode *cp = data;
4074 struct pending_cmd *cmd;
0ab04a9c 4075 u8 val, status;
eac83dc6
MH		 4076 int err;
4077
4078 BT_DBG("request for %s", hdev->name);
4079
4080 status = mgmt_bredr_support(hdev);
4081 if (status)
4082 return cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4083 status);
4084
5afeac14
MH		 4085 if (!lmp_sc_capable(hdev) &&
4086 !test_bit(HCI_FORCE_SC, &hdev->dev_flags))
eac83dc6
MH		 4087 return cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4088 MGMT_STATUS_NOT_SUPPORTED);
4089
0ab04a9c 4090 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
eac83dc6
MH		 4091 return cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4092 MGMT_STATUS_INVALID_PARAMS);
4093
4094 hci_dev_lock(hdev);
4095
4096 if (!hdev_is_powered(hdev)) {
4097 bool changed;
4098
0ab04a9c 4099 if (cp->val) {
eac83dc6
MH		 4100 changed = !test_and_set_bit(HCI_SC_ENABLED,
4101 &hdev->dev_flags);
0ab04a9c
MH		 4102 if (cp->val == 0x02)
4103 set_bit(HCI_SC_ONLY, &hdev->dev_flags);
4104 else
4105 clear_bit(HCI_SC_ONLY, &hdev->dev_flags);
4106 } else {
eac83dc6
MH		 4107 changed = test_and_clear_bit(HCI_SC_ENABLED,
4108 &hdev->dev_flags);
0ab04a9c
MH		 4109 clear_bit(HCI_SC_ONLY, &hdev->dev_flags);
4110 }
eac83dc6
MH		 4111
4112 err = send_settings_rsp(sk, MGMT_OP_SET_SECURE_CONN, hdev);
4113 if (err < 0)
4114 goto failed;
4115
4116 if (changed)
4117 err = new_settings(hdev, sk);
4118
4119 goto failed;
4120 }
4121
4122 if (mgmt_pending_find(MGMT_OP_SET_SECURE_CONN, hdev)) {
4123 err = cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4124 MGMT_STATUS_BUSY);
4125 goto failed;
4126 }
4127
0ab04a9c
MH		 4128 val = !!cp->val;
4129
4130 if (val == test_bit(HCI_SC_ENABLED, &hdev->dev_flags) &&
4131 (cp->val == 0x02) == test_bit(HCI_SC_ONLY, &hdev->dev_flags)) {
eac83dc6
MH		 4132 err = send_settings_rsp(sk, MGMT_OP_SET_SECURE_CONN, hdev);
4133 goto failed;
4134 }
4135
4136 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SECURE_CONN, hdev, data, len);
4137 if (!cmd) {
4138 err = -ENOMEM;
4139 goto failed;
4140 }
4141
0ab04a9c 4142 err = hci_send_cmd(hdev, HCI_OP_WRITE_SC_SUPPORT, 1, &val);
eac83dc6
MH		 4143 if (err < 0) {
4144 mgmt_pending_remove(cmd);
4145 goto failed;
4146 }
4147
0ab04a9c
MH		 4148 if (cp->val == 0x02)
4149 set_bit(HCI_SC_ONLY, &hdev->dev_flags);
4150 else
4151 clear_bit(HCI_SC_ONLY, &hdev->dev_flags);
4152
eac83dc6
MH		 4153failed:
4154 hci_dev_unlock(hdev);
4155 return err;
4156}
4157
4e39ac81
MH		 4158static int set_debug_keys(struct sock *sk, struct hci_dev *hdev,
4159 void *data, u16 len)
4160{
4161 struct mgmt_mode *cp = data;
4162 bool changed;
4163 int err;
4164
4165 BT_DBG("request for %s", hdev->name);
4166
4167 if (cp->val != 0x00 && cp->val != 0x01)
4168 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEBUG_KEYS,
4169 MGMT_STATUS_INVALID_PARAMS);
4170
4171 hci_dev_lock(hdev);
4172
4173 if (cp->val)
4174 changed = !test_and_set_bit(HCI_DEBUG_KEYS, &hdev->dev_flags);
4175 else
4176 changed = test_and_clear_bit(HCI_DEBUG_KEYS, &hdev->dev_flags);
4177
4178 err = send_settings_rsp(sk, MGMT_OP_SET_DEBUG_KEYS, hdev);
4179 if (err < 0)
4180 goto unlock;
4181
4182 if (changed)
4183 err = new_settings(hdev, sk);
4184
4185unlock:
4186 hci_dev_unlock(hdev);
4187 return err;
4188}
4189
41edf160
JH		 4190static bool irk_is_valid(struct mgmt_irk_info *irk)
4191{
4192 switch (irk->addr.type) {
4193 case BDADDR_LE_PUBLIC:
4194 return true;
4195
4196 case BDADDR_LE_RANDOM:
4197 /* Two most significant bits shall be set */
4198 if ((irk->addr.bdaddr.b[5] & 0xc0) != 0xc0)
4199 return false;
4200 return true;
4201 }
4202
4203 return false;
4204}
4205
4206static int load_irks(struct sock *sk, struct hci_dev *hdev, void *cp_data,
4207 u16 len)
4208{
4209 struct mgmt_cp_load_irks *cp = cp_data;
4210 u16 irk_count, expected_len;
4211 int i, err;
4212
4213 BT_DBG("request for %s", hdev->name);
4214
4215 if (!lmp_le_capable(hdev))
4216 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
4217 MGMT_STATUS_NOT_SUPPORTED);
4218
4219 irk_count = __le16_to_cpu(cp->irk_count);
4220
4221 expected_len = sizeof(*cp) + irk_count * sizeof(struct mgmt_irk_info);
4222 if (expected_len != len) {
4223 BT_ERR("load_irks: expected %u bytes, got %u bytes",
4224 len, expected_len);
4225 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
4226 MGMT_STATUS_INVALID_PARAMS);
4227 }
4228
4229 BT_DBG("%s irk_count %u", hdev->name, irk_count);
4230
4231 for (i = 0; i < irk_count; i++) {
4232 struct mgmt_irk_info *key = &cp->irks[i];
4233
4234 if (!irk_is_valid(key))
4235 return cmd_status(sk, hdev->id,
4236 MGMT_OP_LOAD_IRKS,
4237 MGMT_STATUS_INVALID_PARAMS);
4238 }
4239
4240 hci_dev_lock(hdev);
4241
4242 hci_smp_irks_clear(hdev);
4243
4244 for (i = 0; i < irk_count; i++) {
4245 struct mgmt_irk_info *irk = &cp->irks[i];
4246 u8 addr_type;
4247
4248 if (irk->addr.type == BDADDR_LE_PUBLIC)
4249 addr_type = ADDR_LE_DEV_PUBLIC;
4250 else
4251 addr_type = ADDR_LE_DEV_RANDOM;
4252
4253 hci_add_irk(hdev, &irk->addr.bdaddr, addr_type, irk->val,
4254 BDADDR_ANY);
4255 }
4256
4257 set_bit(HCI_RPA_RESOLVING, &hdev->dev_flags);
4258
4259 err = cmd_complete(sk, hdev->id, MGMT_OP_LOAD_IRKS, 0, NULL, 0);
4260
4261 hci_dev_unlock(hdev);
4262
4263 return err;
4264}
4265
3f706b72
JH		 4266static bool ltk_is_valid(struct mgmt_ltk_info *key)
4267{
4268 if (key->master != 0x00 && key->master != 0x01)
4269 return false;
490cb0b3
MH		 4270
4271 switch (key->addr.type) {
4272 case BDADDR_LE_PUBLIC:
4273 return true;
4274
4275 case BDADDR_LE_RANDOM:
4276 /* Two most significant bits shall be set */
4277 if ((key->addr.bdaddr.b[5] & 0xc0) != 0xc0)
4278 return false;
4279 return true;
4280 }
4281
4282 return false;
3f706b72
JH		 4283}
4284
bdb6d971 4285static int load_long_term_keys(struct sock *sk, struct hci_dev *hdev,
04124681 4286 void *cp_data, u16 len)
346af67b 4287{
346af67b
VCG		 4288 struct mgmt_cp_load_long_term_keys *cp = cp_data;
4289 u16 key_count, expected_len;
715a5bf2 4290 int i, err;
346af67b 4291
cf99ba13
MH		 4292 BT_DBG("request for %s", hdev->name);
4293
4294 if (!lmp_le_capable(hdev))
4295 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
4296 MGMT_STATUS_NOT_SUPPORTED);
4297
1f350c87 4298 key_count = __le16_to_cpu(cp->key_count);
346af67b
VCG		 4299
4300 expected_len = sizeof(*cp) + key_count *
4301 sizeof(struct mgmt_ltk_info);
4302 if (expected_len != len) {
4303 BT_ERR("load_keys: expected %u bytes, got %u bytes",
8ce8e2b5 4304 len, expected_len);
bdb6d971 4305 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
e57e619f 4306 MGMT_STATUS_INVALID_PARAMS);
346af67b
VCG		 4307 }
4308
bdb6d971 4309 BT_DBG("%s key_count %u", hdev->name, key_count);
346af67b 4310
54ad6d8a
JH		 4311 for (i = 0; i < key_count; i++) {
4312 struct mgmt_ltk_info *key = &cp->keys[i];
4313
3f706b72 4314 if (!ltk_is_valid(key))
54ad6d8a
JH		 4315 return cmd_status(sk, hdev->id,
4316 MGMT_OP_LOAD_LONG_TERM_KEYS,
4317 MGMT_STATUS_INVALID_PARAMS);
4318 }
4319
346af67b
VCG		 4320 hci_dev_lock(hdev);
4321
4322 hci_smp_ltks_clear(hdev);
4323
4324 for (i = 0; i < key_count; i++) {
4325 struct mgmt_ltk_info *key = &cp->keys[i];
79d95a19
MH		 4326 u8 type, addr_type;
4327
4328 if (key->addr.type == BDADDR_LE_PUBLIC)
4329 addr_type = ADDR_LE_DEV_PUBLIC;
4330 else
4331 addr_type = ADDR_LE_DEV_RANDOM;
346af67b
VCG		 4332
4333 if (key->master)
4334 type = HCI_SMP_LTK;
4335 else
4336 type = HCI_SMP_LTK_SLAVE;
4337
35d70271
JH		 4338 hci_add_ltk(hdev, &key->addr.bdaddr, addr_type, type,
4339 key->type, key->val, key->enc_size, key->ediv,
4340 key->rand);
346af67b
VCG		 4341 }
4342
715a5bf2
JH		 4343 err = cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS, 0,
4344 NULL, 0);
4345
346af67b 4346 hci_dev_unlock(hdev);
346af67b 4347
715a5bf2 4348 return err;
346af67b
VCG		 4349}
4350
2e3c35ea 4351static const struct mgmt_handler {
04124681
GP		 4352 int (*func) (struct sock *sk, struct hci_dev *hdev, void *data,
4353 u16 data_len);
be22b54e
JH		 4354 bool var_len;
4355 size_t data_len;
0f4e68cf
JH		 4356} mgmt_handlers[] = {
4357 { NULL }, /* 0x0000 (no command) */
be22b54e
JH		 4358 { read_version, false, MGMT_READ_VERSION_SIZE },
4359 { read_commands, false, MGMT_READ_COMMANDS_SIZE },
4360 { read_index_list, false, MGMT_READ_INDEX_LIST_SIZE },
4361 { read_controller_info, false, MGMT_READ_INFO_SIZE },
4362 { set_powered, false, MGMT_SETTING_SIZE },
4363 { set_discoverable, false, MGMT_SET_DISCOVERABLE_SIZE },
4364 { set_connectable, false, MGMT_SETTING_SIZE },
4365 { set_fast_connectable, false, MGMT_SETTING_SIZE },
4366 { set_pairable, false, MGMT_SETTING_SIZE },
4367 { set_link_security, false, MGMT_SETTING_SIZE },
4368 { set_ssp, false, MGMT_SETTING_SIZE },
4369 { set_hs, false, MGMT_SETTING_SIZE },
4370 { set_le, false, MGMT_SETTING_SIZE },
4371 { set_dev_class, false, MGMT_SET_DEV_CLASS_SIZE },
4372 { set_local_name, false, MGMT_SET_LOCAL_NAME_SIZE },
4373 { add_uuid, false, MGMT_ADD_UUID_SIZE },
4374 { remove_uuid, false, MGMT_REMOVE_UUID_SIZE },
4375 { load_link_keys, true, MGMT_LOAD_LINK_KEYS_SIZE },
4376 { load_long_term_keys, true, MGMT_LOAD_LONG_TERM_KEYS_SIZE },
4377 { disconnect, false, MGMT_DISCONNECT_SIZE },
4378 { get_connections, false, MGMT_GET_CONNECTIONS_SIZE },
4379 { pin_code_reply, false, MGMT_PIN_CODE_REPLY_SIZE },
4380 { pin_code_neg_reply, false, MGMT_PIN_CODE_NEG_REPLY_SIZE },
4381 { set_io_capability, false, MGMT_SET_IO_CAPABILITY_SIZE },
4382 { pair_device, false, MGMT_PAIR_DEVICE_SIZE },
4383 { cancel_pair_device, false, MGMT_CANCEL_PAIR_DEVICE_SIZE },
4384 { unpair_device, false, MGMT_UNPAIR_DEVICE_SIZE },
4385 { user_confirm_reply, false, MGMT_USER_CONFIRM_REPLY_SIZE },
4386 { user_confirm_neg_reply, false, MGMT_USER_CONFIRM_NEG_REPLY_SIZE },
4387 { user_passkey_reply, false, MGMT_USER_PASSKEY_REPLY_SIZE },
4388 { user_passkey_neg_reply, false, MGMT_USER_PASSKEY_NEG_REPLY_SIZE },
4389 { read_local_oob_data, false, MGMT_READ_LOCAL_OOB_DATA_SIZE },
ec109113 4390 { add_remote_oob_data, true, MGMT_ADD_REMOTE_OOB_DATA_SIZE },
be22b54e
JH		 4391 { remove_remote_oob_data, false, MGMT_REMOVE_REMOTE_OOB_DATA_SIZE },
4392 { start_discovery, false, MGMT_START_DISCOVERY_SIZE },
4393 { stop_discovery, false, MGMT_STOP_DISCOVERY_SIZE },
4394 { confirm_name, false, MGMT_CONFIRM_NAME_SIZE },
4395 { block_device, false, MGMT_BLOCK_DEVICE_SIZE },
4396 { unblock_device, false, MGMT_UNBLOCK_DEVICE_SIZE },
cdbaccca 4397 { set_device_id, false, MGMT_SET_DEVICE_ID_SIZE },
4375f103 4398 { set_advertising, false, MGMT_SETTING_SIZE },
0663ca2a 4399 { set_bredr, false, MGMT_SETTING_SIZE },
d13eafce 4400 { set_static_address, false, MGMT_SET_STATIC_ADDRESS_SIZE },
14b49b9a 4401 { set_scan_params, false, MGMT_SET_SCAN_PARAMS_SIZE },
eac83dc6 4402 { set_secure_conn, false, MGMT_SETTING_SIZE },
4e39ac81 4403 { set_debug_keys, false, MGMT_SETTING_SIZE },
41edf160
JH		 4404 { },
4405 { load_irks, true, MGMT_LOAD_IRKS_SIZE },
0f4e68cf
JH		 4406};
4407
4408
0381101f
JH		 4409int mgmt_control(struct sock *sk, struct msghdr *msg, size_t msglen)
4410{
650f726d
VCG		 4411 void *buf;
4412 u8 *cp;
0381101f 4413 struct mgmt_hdr *hdr;
4e51eae9 4414 u16 opcode, index, len;
bdb6d971 4415 struct hci_dev *hdev = NULL;
2e3c35ea 4416 const struct mgmt_handler *handler;
0381101f
JH		 4417 int err;
4418
4419 BT_DBG("got %zu bytes", msglen);
4420
4421 if (msglen < sizeof(*hdr))
4422 return -EINVAL;
4423
e63a15ec 4424 buf = kmalloc(msglen, GFP_KERNEL);
0381101f
JH		 4425 if (!buf)
4426 return -ENOMEM;
4427
4428 if (memcpy_fromiovec(buf, msg->msg_iov, msglen)) {
4429 err = -EFAULT;
4430 goto done;
4431 }
4432
650f726d 4433 hdr = buf;
1f350c87
MH		 4434 opcode = __le16_to_cpu(hdr->opcode);
4435 index = __le16_to_cpu(hdr->index);
4436 len = __le16_to_cpu(hdr->len);
0381101f
JH		 4437
4438 if (len != msglen - sizeof(*hdr)) {
4439 err = -EINVAL;
4440 goto done;
4441 }
4442
0f4e68cf 4443 if (index != MGMT_INDEX_NONE) {
bdb6d971
JH		 4444 hdev = hci_dev_get(index);
4445 if (!hdev) {
4446 err = cmd_status(sk, index, opcode,
04124681 4447 MGMT_STATUS_INVALID_INDEX);
bdb6d971
JH		 4448 goto done;
4449 }
0736cfa8 4450
cebf4cfd
JH		 4451 if (test_bit(HCI_SETUP, &hdev->dev_flags) ||
4452 test_bit(HCI_USER_CHANNEL, &hdev->dev_flags)) {
0736cfa8
MH		 4453 err = cmd_status(sk, index, opcode,
4454 MGMT_STATUS_INVALID_INDEX);
4455 goto done;
4456 }
bdb6d971
JH		 4457 }
4458
0f4e68cf 4459 if (opcode >= ARRAY_SIZE(mgmt_handlers) ||
8ce8e2b5 4460 mgmt_handlers[opcode].func == NULL) {
0381101f 4461 BT_DBG("Unknown op %u", opcode);
ca69b795 4462 err = cmd_status(sk, index, opcode,
04124681 4463 MGMT_STATUS_UNKNOWN_COMMAND);
0f4e68cf
JH		 4464 goto done;
4465 }
4466
4467 if ((hdev && opcode < MGMT_OP_READ_INFO) ||
8ce8e2b5 4468 (!hdev && opcode >= MGMT_OP_READ_INFO)) {
0f4e68cf 4469 err = cmd_status(sk, index, opcode,
04124681 4470 MGMT_STATUS_INVALID_INDEX);
0f4e68cf 4471 goto done;
0381101f
JH		 4472 }
4473
be22b54e
JH		 4474 handler = &mgmt_handlers[opcode];
4475
4476 if ((handler->var_len && len < handler->data_len) ||
8ce8e2b5 4477 (!handler->var_len && len != handler->data_len)) {
be22b54e 4478 err = cmd_status(sk, index, opcode,
04124681 4479 MGMT_STATUS_INVALID_PARAMS);
be22b54e
JH		 4480 goto done;
4481 }
4482
0f4e68cf
JH		 4483 if (hdev)
4484 mgmt_init_hdev(sk, hdev);
4485
4486 cp = buf + sizeof(*hdr);
4487
be22b54e 4488 err = handler->func(sk, hdev, cp, len);
e41d8b4e
JH		 4489 if (err < 0)
4490 goto done;
4491
0381101f
JH		 4492 err = msglen;
4493
4494done:
bdb6d971
JH		 4495 if (hdev)
4496 hci_dev_put(hdev);
4497
0381101f
JH		 4498 kfree(buf);
4499 return err;
4500}
c71e97bf 4501
bf6b56db 4502void mgmt_index_added(struct hci_dev *hdev)
c71e97bf 4503{
1514b892 4504 if (hdev->dev_type != HCI_BREDR)
bf6b56db 4505 return;
bb4b2a9a 4506
bf6b56db 4507 mgmt_event(MGMT_EV_INDEX_ADDED, hdev, NULL, 0, NULL);
c71e97bf
JH		 4508}
4509
bf6b56db 4510void mgmt_index_removed(struct hci_dev *hdev)
c71e97bf 4511{
5f159032 4512 u8 status = MGMT_STATUS_INVALID_INDEX;
b24752fe 4513
1514b892 4514 if (hdev->dev_type != HCI_BREDR)
bf6b56db 4515 return;
bb4b2a9a 4516
744cf19e 4517 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status);
b24752fe 4518
bf6b56db 4519 mgmt_event(MGMT_EV_INDEX_REMOVED, hdev, NULL, 0, NULL);
eec8d2bc
JH		 4520}
4521
229ab39c
JH		 4522static void powered_complete(struct hci_dev *hdev, u8 status)
4523{
4524 struct cmd_lookup match = { NULL, hdev };
4525
4526 BT_DBG("status 0x%02x", status);
4527
4528 hci_dev_lock(hdev);
4529
4530 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
4531
4532 new_settings(hdev, match.sk);
4533
4534 hci_dev_unlock(hdev);
4535
4536 if (match.sk)
4537 sock_put(match.sk);
4538}
4539
70da6243 4540static int powered_update_hci(struct hci_dev *hdev)
5add6af8 4541{
890ea898 4542 struct hci_request req;
70da6243 4543 u8 link_sec;
5add6af8 4544
890ea898
JH		 4545 hci_req_init(&req, hdev);
4546
70da6243
JH		 4547 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags) &&
4548 !lmp_host_ssp_capable(hdev)) {
4549 u8 ssp = 1;
5e5282bb 4550
890ea898 4551 hci_req_add(&req, HCI_OP_WRITE_SSP_MODE, 1, &ssp);
70da6243 4552 }
5add6af8 4553
c73eee91
JH		 4554 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags) &&
4555 lmp_bredr_capable(hdev)) {
70da6243 4556 struct hci_cp_write_le_host_supported cp;
f0ff92fb 4557
70da6243
JH		 4558 cp.le = 1;
4559 cp.simul = lmp_le_br_capable(hdev);
3d1cbdd6 4560
70da6243
JH		 4561 /* Check first if we already have the right
4562 * host state (host features set)
4563 */
4564 if (cp.le != lmp_host_le_capable(hdev) ||
4565 cp.simul != lmp_host_le_br_capable(hdev))
890ea898
JH		 4566 hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED,
4567 sizeof(cp), &cp);
70da6243 4568 }
3d1cbdd6 4569
d13eafce
MH		 4570 if (lmp_le_capable(hdev)) {
4571 /* Set random address to static address if configured */
4572 if (bacmp(&hdev->static_addr, BDADDR_ANY))
4573 hci_req_add(&req, HCI_OP_LE_SET_RANDOM_ADDR, 6,
4574 &hdev->static_addr);
eeca6f89 4575
441ad2d0
MH		 4576 /* Make sure the controller has a good default for
4577 * advertising data. This also applies to the case
4578 * where BR/EDR was toggled during the AUTO_OFF phase.
4579 */
f14d8f64 4580 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
5947f4bc 4581 update_adv_data(&req);
f14d8f64
MH		 4582 update_scan_rsp_data(&req);
4583 }
441ad2d0 4584
bba3aa55
MH		 4585 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags))
4586 enable_advertising(&req);
eeca6f89
JH		 4587 }
4588
70da6243
JH		 4589 link_sec = test_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
4590 if (link_sec != test_bit(HCI_AUTH, &hdev->flags))
890ea898
JH		 4591 hci_req_add(&req, HCI_OP_WRITE_AUTH_ENABLE,
4592 sizeof(link_sec), &link_sec);
562fcc24 4593
70da6243 4594 if (lmp_bredr_capable(hdev)) {
56f87901
JH		 4595 if (test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
4596 set_bredr_scan(&req);
890ea898 4597 update_class(&req);
13928971 4598 update_name(&req);
890ea898 4599 update_eir(&req);
70da6243 4600 }
562fcc24 4601
229ab39c 4602 return hci_req_run(&req, powered_complete);
70da6243 4603}
562fcc24 4604
70da6243
JH		 4605int mgmt_powered(struct hci_dev *hdev, u8 powered)
4606{
4607 struct cmd_lookup match = { NULL, hdev };
229ab39c
JH		 4608 u8 status_not_powered = MGMT_STATUS_NOT_POWERED;
4609 u8 zero_cod[] = { 0, 0, 0 };
70da6243 4610 int err;
f0ff92fb 4611
70da6243
JH		 4612 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
4613 return 0;
4614
70da6243 4615 if (powered) {
229ab39c
JH		 4616 if (powered_update_hci(hdev) == 0)
4617 return 0;
fe038884 4618
229ab39c
JH		 4619 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp,
4620 &match);
4621 goto new_settings;
b24752fe
JH		 4622 }
4623
229ab39c
JH		 4624 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
4625 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status_not_powered);
4626
4627 if (memcmp(hdev->dev_class, zero_cod, sizeof(zero_cod)) != 0)
4628 mgmt_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev,
4629 zero_cod, sizeof(zero_cod), NULL);
4630
4631new_settings:
beadb2bd 4632 err = new_settings(hdev, match.sk);
eec8d2bc
JH		 4633
4634 if (match.sk)
4635 sock_put(match.sk);
4636
7bb895d6 4637 return err;
5add6af8 4638}
73f22f62 4639
3eec705e 4640void mgmt_set_powered_failed(struct hci_dev *hdev, int err)
96570ffc
JH		 4641{
4642 struct pending_cmd *cmd;
4643 u8 status;
4644
4645 cmd = mgmt_pending_find(MGMT_OP_SET_POWERED, hdev);
4646 if (!cmd)
3eec705e 4647 return;
96570ffc
JH		 4648
4649 if (err == -ERFKILL)
4650 status = MGMT_STATUS_RFKILLED;
4651 else
4652 status = MGMT_STATUS_FAILED;
4653
3eec705e 4654 cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_POWERED, status);
96570ffc
JH		 4655
4656 mgmt_pending_remove(cmd);
96570ffc
JH		 4657}
4658
d1967ff8
MH		 4659void mgmt_discoverable_timeout(struct hci_dev *hdev)
4660{
4661 struct hci_request req;
d1967ff8
MH		 4662
4663 hci_dev_lock(hdev);
4664
4665 /* When discoverable timeout triggers, then just make sure
4666 * the limited discoverable flag is cleared. Even in the case
4667 * of a timeout triggered from general discoverable, it is
4668 * safe to unconditionally clear the flag.
4669 */
4670 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
9a43e25f 4671 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
d1967ff8
MH		 4672
4673 hci_req_init(&req, hdev);
4b580614
JH		 4674 if (test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
4675 u8 scan = SCAN_PAGE;
4676 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE,
4677 sizeof(scan), &scan);
4678 }
d1967ff8 4679 update_class(&req);
9a43e25f 4680 update_adv_data(&req);
d1967ff8
MH		 4681 hci_req_run(&req, NULL);
4682
4683 hdev->discov_timeout = 0;
4684
9a43e25f
JH		 4685 new_settings(hdev, NULL);
4686
d1967ff8
MH		 4687 hci_dev_unlock(hdev);
4688}
4689
86a75645 4690void mgmt_discoverable(struct hci_dev *hdev, u8 discoverable)
73f22f62 4691{
86a75645 4692 bool changed;
73f22f62 4693
bfaf8c9f
JH		 4694 /* Nothing needed here if there's a pending command since that
4695 * commands request completion callback takes care of everything
4696 * necessary.
4697 */
4698 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev))
86a75645 4699 return;
bfaf8c9f 4700
9a43e25f 4701 if (discoverable) {
86a75645 4702 changed = !test_and_set_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
9a43e25f
JH		 4703 } else {
4704 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
86a75645 4705 changed = test_and_clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
9a43e25f
JH		 4706 }
4707
4708 if (changed) {
4709 struct hci_request req;
4710
4711 /* In case this change in discoverable was triggered by
4712 * a disabling of connectable there could be a need to
4713 * update the advertising flags.
4714 */
4715 hci_req_init(&req, hdev);
4716 update_adv_data(&req);
4717 hci_req_run(&req, NULL);
73f22f62 4718
86a75645 4719 new_settings(hdev, NULL);
9a43e25f 4720 }
73f22f62 4721}
9fbcbb45 4722
a330916c 4723void mgmt_connectable(struct hci_dev *hdev, u8 connectable)
9fbcbb45 4724{
a330916c 4725 bool changed;
9fbcbb45 4726
d7b856f9
JH		 4727 /* Nothing needed here if there's a pending command since that
4728 * commands request completion callback takes care of everything
4729 * necessary.
4730 */
4731 if (mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev))
a330916c 4732 return;
d7b856f9 4733
a330916c
MH		 4734 if (connectable)
4735 changed = !test_and_set_bit(HCI_CONNECTABLE, &hdev->dev_flags);
4736 else
4737 changed = test_and_clear_bit(HCI_CONNECTABLE, &hdev->dev_flags);
9fbcbb45 4738
beadb2bd 4739 if (changed)
a330916c 4740 new_settings(hdev, NULL);
9fbcbb45 4741}
55ed8ca1 4742
4796e8af 4743void mgmt_write_scan_failed(struct hci_dev *hdev, u8 scan, u8 status)
2d7cee58 4744{
ca69b795
JH		 4745 u8 mgmt_err = mgmt_status(status);
4746
2d7cee58 4747 if (scan & SCAN_PAGE)
744cf19e 4748 mgmt_pending_foreach(MGMT_OP_SET_CONNECTABLE, hdev,
04124681 4749 cmd_status_rsp, &mgmt_err);
2d7cee58
JH		 4750
4751 if (scan & SCAN_INQUIRY)
744cf19e 4752 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, hdev,
04124681 4753 cmd_status_rsp, &mgmt_err);
2d7cee58
JH		 4754}
4755
dc4a5ee2
MH		 4756void mgmt_new_link_key(struct hci_dev *hdev, struct link_key *key,
4757 bool persistent)
55ed8ca1 4758{
86742e1e 4759 struct mgmt_ev_new_link_key ev;
55ed8ca1 4760
a492cd52 4761 memset(&ev, 0, sizeof(ev));
55ed8ca1 4762
a492cd52 4763 ev.store_hint = persistent;
d753fdc4 4764 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
591f47f3 4765 ev.key.addr.type = BDADDR_BREDR;
a492cd52 4766 ev.key.type = key->type;
9b3b4460 4767 memcpy(ev.key.val, key->val, HCI_LINK_KEY_SIZE);
a492cd52 4768 ev.key.pin_len = key->pin_len;
55ed8ca1 4769
dc4a5ee2 4770 mgmt_event(MGMT_EV_NEW_LINK_KEY, hdev, &ev, sizeof(ev), NULL);
55ed8ca1 4771}
f7520543 4772
ba74b666 4773void mgmt_new_ltk(struct hci_dev *hdev, struct smp_ltk *key)
346af67b
VCG		 4774{
4775 struct mgmt_ev_new_long_term_key ev;
4776
4777 memset(&ev, 0, sizeof(ev));
4778
5192d301
MH		 4779 /* Devices using resolvable or non-resolvable random addresses
4780 * without providing an indentity resolving key don't require
4781 * to store long term keys. Their addresses will change the
4782 * next time around.
4783 *
4784 * Only when a remote device provides an identity address
4785 * make sure the long term key is stored. If the remote
4786 * identity is known, the long term keys are internally
4787 * mapped to the identity address. So allow static random
4788 * and public addresses here.
4789 */
ba74b666
JH		 4790 if (key->bdaddr_type == ADDR_LE_DEV_RANDOM &&
4791 (key->bdaddr.b[5] & 0xc0) != 0xc0)
4792 ev.store_hint = 0x00;
4793 else
4794 ev.store_hint = 0x01;
4795
346af67b 4796 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
57c1477c 4797 ev.key.addr.type = link_to_bdaddr(LE_LINK, key->bdaddr_type);
d40f3eef 4798 ev.key.type = key->authenticated;
346af67b
VCG		 4799 ev.key.enc_size = key->enc_size;
4800 ev.key.ediv = key->ediv;
4801
4802 if (key->type == HCI_SMP_LTK)
4803 ev.key.master = 1;
4804
4805 memcpy(ev.key.rand, key->rand, sizeof(key->rand));
4806 memcpy(ev.key.val, key->val, sizeof(key->val));
4807
083368f7 4808 mgmt_event(MGMT_EV_NEW_LONG_TERM_KEY, hdev, &ev, sizeof(ev), NULL);
346af67b
VCG		 4809}
4810
95fbac8a
JH		 4811void mgmt_new_irk(struct hci_dev *hdev, struct smp_irk *irk)
4812{
4813 struct mgmt_ev_new_irk ev;
4814
4815 memset(&ev, 0, sizeof(ev));
4816
bab6d1e5
MH		 4817 /* For identity resolving keys from devices that are already
4818 * using a public address or static random address, do not
4819 * ask for storing this key. The identity resolving key really
4820 * is only mandatory for devices using resovlable random
4821 * addresses.
4822 *
4823 * Storing all identity resolving keys has the downside that
4824 * they will be also loaded on next boot of they system. More
4825 * identity resolving keys, means more time during scanning is
4826 * needed to actually resolve these addresses.
4827 */
4828 if (bacmp(&irk->rpa, BDADDR_ANY))
4829 ev.store_hint = 0x01;
4830 else
4831 ev.store_hint = 0x00;
4832
95fbac8a
JH		 4833 bacpy(&ev.rpa, &irk->rpa);
4834 bacpy(&ev.irk.addr.bdaddr, &irk->bdaddr);
4835 ev.irk.addr.type = link_to_bdaddr(LE_LINK, irk->addr_type);
4836 memcpy(ev.irk.val, irk->val, sizeof(irk->val));
4837
4838 mgmt_event(MGMT_EV_NEW_IRK, hdev, &ev, sizeof(ev), NULL);
4839}
4840
94933991
MH		 4841static inline u16 eir_append_data(u8 *eir, u16 eir_len, u8 type, u8 *data,
4842 u8 data_len)
4843{
4844 eir[eir_len++] = sizeof(type) + data_len;
4845 eir[eir_len++] = type;
4846 memcpy(&eir[eir_len], data, data_len);
4847 eir_len += data_len;
4848
4849 return eir_len;
4850}
4851
ecd90ae7
MH		 4852void mgmt_device_connected(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
4853 u8 addr_type, u32 flags, u8 *name, u8 name_len,
4854 u8 *dev_class)
f7520543 4855{
b644ba33
JH		 4856 char buf[512];
4857 struct mgmt_ev_device_connected *ev = (void *) buf;
4858 u16 eir_len = 0;
f7520543 4859
b644ba33 4860 bacpy(&ev->addr.bdaddr, bdaddr);
57c1477c 4861 ev->addr.type = link_to_bdaddr(link_type, addr_type);
f7520543 4862
c95f0ba7 4863 ev->flags = __cpu_to_le32(flags);
08c79b61 4864
b644ba33
JH		 4865 if (name_len > 0)
4866 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE,
04124681 4867 name, name_len);
b644ba33
JH		 4868
4869 if (dev_class && memcmp(dev_class, "\0\0\0", 3) != 0)
53156385 4870 eir_len = eir_append_data(ev->eir, eir_len,
04124681 4871 EIR_CLASS_OF_DEV, dev_class, 3);
b644ba33 4872
eb55ef07 4873 ev->eir_len = cpu_to_le16(eir_len);
b644ba33 4874
ecd90ae7
MH		 4875 mgmt_event(MGMT_EV_DEVICE_CONNECTED, hdev, buf,
4876 sizeof(*ev) + eir_len, NULL);
f7520543
JH		 4877}
4878
8962ee74
JH		 4879static void disconnect_rsp(struct pending_cmd *cmd, void *data)
4880{
c68fb7ff 4881 struct mgmt_cp_disconnect *cp = cmd->param;
8962ee74 4882 struct sock **sk = data;
a38528f1 4883 struct mgmt_rp_disconnect rp;
8962ee74 4884
88c3df13
JH		 4885 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
4886 rp.addr.type = cp->addr.type;
8962ee74 4887
aee9b218 4888 cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT, 0, &rp,
04124681 4889 sizeof(rp));
8962ee74
JH		 4890
4891 *sk = cmd->sk;
4892 sock_hold(*sk);
4893
a664b5bc 4894 mgmt_pending_remove(cmd);
8962ee74
JH		 4895}
4896
124f6e35 4897static void unpair_device_rsp(struct pending_cmd *cmd, void *data)
a8a1d19e 4898{
b1078ad0 4899 struct hci_dev *hdev = data;
124f6e35
JH		 4900 struct mgmt_cp_unpair_device *cp = cmd->param;
4901 struct mgmt_rp_unpair_device rp;
a8a1d19e
JH		 4902
4903 memset(&rp, 0, sizeof(rp));
124f6e35
JH		 4904 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
4905 rp.addr.type = cp->addr.type;
a8a1d19e 4906
b1078ad0
JH		 4907 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, cmd->sk);
4908
aee9b218 4909 cmd_complete(cmd->sk, cmd->index, cmd->opcode, 0, &rp, sizeof(rp));
a8a1d19e
JH		 4910
4911 mgmt_pending_remove(cmd);
4912}
4913
9b80ec5e
MH		 4914void mgmt_device_disconnected(struct hci_dev *hdev, bdaddr_t *bdaddr,
4915 u8 link_type, u8 addr_type, u8 reason)
f7520543 4916{
f0d6a0ea 4917 struct mgmt_ev_device_disconnected ev;
8962ee74 4918 struct sock *sk = NULL;
8962ee74 4919
57eb776f
AG		 4920 if (link_type != ACL_LINK && link_type != LE_LINK)
4921 return;
4922
744cf19e 4923 mgmt_pending_foreach(MGMT_OP_DISCONNECT, hdev, disconnect_rsp, &sk);
f7520543 4924
f0d6a0ea
MA		 4925 bacpy(&ev.addr.bdaddr, bdaddr);
4926 ev.addr.type = link_to_bdaddr(link_type, addr_type);
4927 ev.reason = reason;
f7520543 4928
9b80ec5e 4929 mgmt_event(MGMT_EV_DEVICE_DISCONNECTED, hdev, &ev, sizeof(ev), sk);
8962ee74
JH		 4930
4931 if (sk)
d97dcb66 4932 sock_put(sk);
8962ee74 4933
124f6e35 4934 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
04124681 4935 hdev);
8962ee74
JH		 4936}
4937
7892924c
MH		 4938void mgmt_disconnect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr,
4939 u8 link_type, u8 addr_type, u8 status)
8962ee74 4940{
3655bba8
AG		 4941 u8 bdaddr_type = link_to_bdaddr(link_type, addr_type);
4942 struct mgmt_cp_disconnect *cp;
88c3df13 4943 struct mgmt_rp_disconnect rp;
8962ee74 4944 struct pending_cmd *cmd;
8962ee74 4945
36a75f1b
JD		 4946 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
4947 hdev);
4948
2e58ef3e 4949 cmd = mgmt_pending_find(MGMT_OP_DISCONNECT, hdev);
8962ee74 4950 if (!cmd)
7892924c 4951 return;
8962ee74 4952
3655bba8
AG		 4953 cp = cmd->param;
4954
4955 if (bacmp(bdaddr, &cp->addr.bdaddr))
4956 return;
4957
4958 if (cp->addr.type != bdaddr_type)
4959 return;
4960
88c3df13 4961 bacpy(&rp.addr.bdaddr, bdaddr);
3655bba8 4962 rp.addr.type = bdaddr_type;
37d9ef76 4963
7892924c
MH		 4964 cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT,
4965 mgmt_status(status), &rp, sizeof(rp));
8962ee74 4966
a664b5bc 4967 mgmt_pending_remove(cmd);
f7520543 4968}
17d5c04c 4969
445608d0
MH		 4970void mgmt_connect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
4971 u8 addr_type, u8 status)
17d5c04c
JH		 4972{
4973 struct mgmt_ev_connect_failed ev;
4974
4c659c39 4975 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 4976 ev.addr.type = link_to_bdaddr(link_type, addr_type);
ca69b795 4977 ev.status = mgmt_status(status);
17d5c04c 4978
445608d0 4979 mgmt_event(MGMT_EV_CONNECT_FAILED, hdev, &ev, sizeof(ev), NULL);
17d5c04c 4980}
980e1a53 4981
ce0e4a0d 4982void mgmt_pin_code_request(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 secure)
980e1a53
JH		 4983{
4984 struct mgmt_ev_pin_code_request ev;
4985
d8457698 4986 bacpy(&ev.addr.bdaddr, bdaddr);
591f47f3 4987 ev.addr.type = BDADDR_BREDR;
a770bb5a 4988 ev.secure = secure;
980e1a53 4989
ce0e4a0d 4990 mgmt_event(MGMT_EV_PIN_CODE_REQUEST, hdev, &ev, sizeof(ev), NULL);
980e1a53
JH		 4991}
4992
e669cf80
MH		 4993void mgmt_pin_code_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
4994 u8 status)
980e1a53
JH		 4995{
4996 struct pending_cmd *cmd;
ac56fb13 4997 struct mgmt_rp_pin_code_reply rp;
980e1a53 4998
2e58ef3e 4999 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_REPLY, hdev);
980e1a53 5000 if (!cmd)
e669cf80 5001 return;
980e1a53 5002
d8457698 5003 bacpy(&rp.addr.bdaddr, bdaddr);
591f47f3 5004 rp.addr.type = BDADDR_BREDR;
ac56fb13 5005
e669cf80
MH		 5006 cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
5007 mgmt_status(status), &rp, sizeof(rp));
980e1a53 5008
a664b5bc 5009 mgmt_pending_remove(cmd);
980e1a53
JH		 5010}
5011
3eb38528
MH		 5012void mgmt_pin_code_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
5013 u8 status)
980e1a53
JH		 5014{
5015 struct pending_cmd *cmd;
ac56fb13 5016 struct mgmt_rp_pin_code_reply rp;
980e1a53 5017
2e58ef3e 5018 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_NEG_REPLY, hdev);
980e1a53 5019 if (!cmd)
3eb38528 5020 return;
980e1a53 5021
d8457698 5022 bacpy(&rp.addr.bdaddr, bdaddr);
591f47f3 5023 rp.addr.type = BDADDR_BREDR;
ac56fb13 5024
3eb38528
MH		 5025 cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_NEG_REPLY,
5026 mgmt_status(status), &rp, sizeof(rp));
980e1a53 5027
a664b5bc 5028 mgmt_pending_remove(cmd);
980e1a53 5029}
a5c29683 5030
744cf19e 5031int mgmt_user_confirm_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681
GP		 5032 u8 link_type, u8 addr_type, __le32 value,
5033 u8 confirm_hint)
a5c29683
JH		 5034{
5035 struct mgmt_ev_user_confirm_request ev;
5036
744cf19e 5037 BT_DBG("%s", hdev->name);
a5c29683 5038
272d90df 5039 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 5040 ev.addr.type = link_to_bdaddr(link_type, addr_type);
55bc1a37 5041 ev.confirm_hint = confirm_hint;
78e8098e 5042 ev.value = value;
a5c29683 5043
744cf19e 5044 return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST, hdev, &ev, sizeof(ev),
04124681 5045 NULL);
a5c29683
JH		 5046}
5047
272d90df 5048int mgmt_user_passkey_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
8ce8e2b5 5049 u8 link_type, u8 addr_type)
604086b7
BG		 5050{
5051 struct mgmt_ev_user_passkey_request ev;
5052
5053 BT_DBG("%s", hdev->name);
5054
272d90df 5055 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 5056 ev.addr.type = link_to_bdaddr(link_type, addr_type);
604086b7
BG		 5057
5058 return mgmt_event(MGMT_EV_USER_PASSKEY_REQUEST, hdev, &ev, sizeof(ev),
04124681 5059 NULL);
604086b7
BG		 5060}
5061
0df4c185 5062static int user_pairing_resp_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
8ce8e2b5
GP		 5063 u8 link_type, u8 addr_type, u8 status,
5064 u8 opcode)
a5c29683
JH		 5065{
5066 struct pending_cmd *cmd;
5067 struct mgmt_rp_user_confirm_reply rp;
5068 int err;
5069
2e58ef3e 5070 cmd = mgmt_pending_find(opcode, hdev);
a5c29683
JH		 5071 if (!cmd)
5072 return -ENOENT;
5073
272d90df 5074 bacpy(&rp.addr.bdaddr, bdaddr);
57c1477c 5075 rp.addr.type = link_to_bdaddr(link_type, addr_type);
aee9b218 5076 err = cmd_complete(cmd->sk, hdev->id, opcode, mgmt_status(status),
04124681 5077 &rp, sizeof(rp));
a5c29683 5078
a664b5bc 5079 mgmt_pending_remove(cmd);
a5c29683
JH		 5080
5081 return err;
5082}
5083
744cf19e 5084int mgmt_user_confirm_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 5085 u8 link_type, u8 addr_type, u8 status)
a5c29683 5086{
272d90df 5087 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
04124681 5088 status, MGMT_OP_USER_CONFIRM_REPLY);
a5c29683
JH		 5089}
5090
272d90df 5091int mgmt_user_confirm_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 5092 u8 link_type, u8 addr_type, u8 status)
a5c29683 5093{
272d90df 5094 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
8fc9ced3
GP		 5095 status,
5096 MGMT_OP_USER_CONFIRM_NEG_REPLY);
a5c29683 5097}
2a611692 5098
604086b7 5099int mgmt_user_passkey_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 5100 u8 link_type, u8 addr_type, u8 status)
604086b7 5101{
272d90df 5102 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
04124681 5103 status, MGMT_OP_USER_PASSKEY_REPLY);
604086b7
BG		 5104}
5105
272d90df 5106int mgmt_user_passkey_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 5107 u8 link_type, u8 addr_type, u8 status)
604086b7 5108{
272d90df 5109 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
8fc9ced3
GP		 5110 status,
5111 MGMT_OP_USER_PASSKEY_NEG_REPLY);
604086b7
BG		 5112}
5113
92a25256
JH		 5114int mgmt_user_passkey_notify(struct hci_dev *hdev, bdaddr_t *bdaddr,
5115 u8 link_type, u8 addr_type, u32 passkey,
5116 u8 entered)
5117{
5118 struct mgmt_ev_passkey_notify ev;
5119
5120 BT_DBG("%s", hdev->name);
5121
5122 bacpy(&ev.addr.bdaddr, bdaddr);
5123 ev.addr.type = link_to_bdaddr(link_type, addr_type);
5124 ev.passkey = __cpu_to_le32(passkey);
5125 ev.entered = entered;
5126
5127 return mgmt_event(MGMT_EV_PASSKEY_NOTIFY, hdev, &ev, sizeof(ev), NULL);
5128}
5129
e546099c
MH		 5130void mgmt_auth_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
5131 u8 addr_type, u8 status)
2a611692
JH		 5132{
5133 struct mgmt_ev_auth_failed ev;
5134
bab73cb6 5135 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 5136 ev.addr.type = link_to_bdaddr(link_type, addr_type);
ca69b795 5137 ev.status = mgmt_status(status);
2a611692 5138
e546099c 5139 mgmt_event(MGMT_EV_AUTH_FAILED, hdev, &ev, sizeof(ev), NULL);
2a611692 5140}
b312b161 5141
464996ae 5142void mgmt_auth_enable_complete(struct hci_dev *hdev, u8 status)
33ef95ed
JH		 5143{
5144 struct cmd_lookup match = { NULL, hdev };
464996ae 5145 bool changed;
33ef95ed
JH		 5146
5147 if (status) {
5148 u8 mgmt_err = mgmt_status(status);
5149 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev,
04124681 5150 cmd_status_rsp, &mgmt_err);
464996ae 5151 return;
33ef95ed
JH		 5152 }
5153
464996ae
MH		 5154 if (test_bit(HCI_AUTH, &hdev->flags))
5155 changed = !test_and_set_bit(HCI_LINK_SECURITY,
5156 &hdev->dev_flags);
5157 else
5158 changed = test_and_clear_bit(HCI_LINK_SECURITY,
5159 &hdev->dev_flags);
47990ea0 5160
33ef95ed 5161 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev, settings_rsp,
04124681 5162 &match);
33ef95ed 5163
47990ea0 5164 if (changed)
464996ae 5165 new_settings(hdev, match.sk);
33ef95ed
JH		 5166
5167 if (match.sk)
5168 sock_put(match.sk);
33ef95ed
JH		 5169}
5170
890ea898 5171static void clear_eir(struct hci_request *req)
cacaf52f 5172{
890ea898 5173 struct hci_dev *hdev = req->hdev;
cacaf52f
JH		 5174 struct hci_cp_write_eir cp;
5175
976eb20e 5176 if (!lmp_ext_inq_capable(hdev))
890ea898 5177 return;
cacaf52f 5178
c80da27e
JH		 5179 memset(hdev->eir, 0, sizeof(hdev->eir));
5180
cacaf52f
JH		 5181 memset(&cp, 0, sizeof(cp));
5182
890ea898 5183 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
cacaf52f
JH		 5184}
5185
3e248560 5186void mgmt_ssp_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
ed2c4ee3
JH		 5187{
5188 struct cmd_lookup match = { NULL, hdev };
890ea898 5189 struct hci_request req;
c0ecddc2 5190 bool changed = false;
ed2c4ee3
JH		 5191
5192 if (status) {
5193 u8 mgmt_err = mgmt_status(status);
c0ecddc2
JH		 5194
5195 if (enable && test_and_clear_bit(HCI_SSP_ENABLED,
9ecb3e24
MH		 5196 &hdev->dev_flags)) {
5197 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
3e248560 5198 new_settings(hdev, NULL);
9ecb3e24 5199 }
c0ecddc2 5200
04124681
GP		 5201 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, cmd_status_rsp,
5202 &mgmt_err);
3e248560 5203 return;
c0ecddc2
JH		 5204 }
5205
5206 if (enable) {
9ecb3e24 5207 changed = !test_and_set_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
c0ecddc2 5208 } else {
9ecb3e24
MH		 5209 changed = test_and_clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
5210 if (!changed)
5211 changed = test_and_clear_bit(HCI_HS_ENABLED,
5212 &hdev->dev_flags);
5213 else
5214 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
ed2c4ee3
JH		 5215 }
5216
5217 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, settings_rsp, &match);
5218
c0ecddc2 5219 if (changed)
3e248560 5220 new_settings(hdev, match.sk);
ed2c4ee3 5221
5fc6ebb1 5222 if (match.sk)
ed2c4ee3
JH		 5223 sock_put(match.sk);
5224
890ea898
JH		 5225 hci_req_init(&req, hdev);
5226
5fc6ebb1 5227 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
890ea898 5228 update_eir(&req);
5fc6ebb1 5229 else
890ea898
JH		 5230 clear_eir(&req);
5231
5232 hci_req_run(&req, NULL);
ed2c4ee3
JH		 5233}
5234
eac83dc6
MH		 5235void mgmt_sc_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
5236{
5237 struct cmd_lookup match = { NULL, hdev };
5238 bool changed = false;
5239
5240 if (status) {
5241 u8 mgmt_err = mgmt_status(status);
5242
0ab04a9c
MH		 5243 if (enable) {
5244 if (test_and_clear_bit(HCI_SC_ENABLED,
5245 &hdev->dev_flags))
5246 new_settings(hdev, NULL);
5247 clear_bit(HCI_SC_ONLY, &hdev->dev_flags);
5248 }
eac83dc6
MH		 5249
5250 mgmt_pending_foreach(MGMT_OP_SET_SECURE_CONN, hdev,
5251 cmd_status_rsp, &mgmt_err);
5252 return;
5253 }
5254
0ab04a9c 5255 if (enable) {
eac83dc6 5256 changed = !test_and_set_bit(HCI_SC_ENABLED, &hdev->dev_flags);
0ab04a9c 5257 } else {
eac83dc6 5258 changed = test_and_clear_bit(HCI_SC_ENABLED, &hdev->dev_flags);
0ab04a9c
MH		 5259 clear_bit(HCI_SC_ONLY, &hdev->dev_flags);
5260 }
eac83dc6
MH		 5261
5262 mgmt_pending_foreach(MGMT_OP_SET_SECURE_CONN, hdev,
5263 settings_rsp, &match);
5264
5265 if (changed)
5266 new_settings(hdev, match.sk);
5267
5268 if (match.sk)
5269 sock_put(match.sk);
5270}
5271
92da6097 5272static void sk_lookup(struct pending_cmd *cmd, void *data)
90e70454
JH		 5273{
5274 struct cmd_lookup *match = data;
5275
90e70454
JH		 5276 if (match->sk == NULL) {
5277 match->sk = cmd->sk;
5278 sock_hold(match->sk);
5279 }
90e70454
JH		 5280}
5281
4e1b0245
MH		 5282void mgmt_set_class_of_dev_complete(struct hci_dev *hdev, u8 *dev_class,
5283 u8 status)
7f9a903c 5284{
90e70454 5285 struct cmd_lookup match = { NULL, hdev, mgmt_status(status) };
7f9a903c 5286
92da6097
JH		 5287 mgmt_pending_foreach(MGMT_OP_SET_DEV_CLASS, hdev, sk_lookup, &match);
5288 mgmt_pending_foreach(MGMT_OP_ADD_UUID, hdev, sk_lookup, &match);
5289 mgmt_pending_foreach(MGMT_OP_REMOVE_UUID, hdev, sk_lookup, &match);
90e70454
JH		 5290
5291 if (!status)
4e1b0245
MH		 5292 mgmt_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev, dev_class, 3,
5293 NULL);
90e70454
JH		 5294
5295 if (match.sk)
5296 sock_put(match.sk);
7f9a903c
MH		 5297}
5298
7667da34 5299void mgmt_set_local_name_complete(struct hci_dev *hdev, u8 *name, u8 status)
b312b161 5300{
b312b161 5301 struct mgmt_cp_set_local_name ev;
13928971 5302 struct pending_cmd *cmd;
28cc7bde 5303
13928971 5304 if (status)
7667da34 5305 return;
b312b161
JH		 5306
5307 memset(&ev, 0, sizeof(ev));
5308 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH);
28cc7bde 5309 memcpy(ev.short_name, hdev->short_name, HCI_MAX_SHORT_NAME_LENGTH);
b312b161 5310
2e58ef3e 5311 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
13928971
JH		 5312 if (!cmd) {
5313 memcpy(hdev->dev_name, name, sizeof(hdev->dev_name));
28cc7bde 5314
13928971
JH		 5315 /* If this is a HCI command related to powering on the
5316 * HCI dev don't send any mgmt signals.
5317 */
5318 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev))
7667da34 5319 return;
890ea898 5320 }
b312b161 5321
7667da34
MH		 5322 mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, &ev, sizeof(ev),
5323 cmd ? cmd->sk : NULL);
b312b161 5324}
c35938b2 5325
4d2d2796
MH		 5326void mgmt_read_local_oob_data_complete(struct hci_dev *hdev, u8 *hash192,
5327 u8 *randomizer192, u8 *hash256,
5328 u8 *randomizer256, u8 status)
c35938b2
SJ		 5329{
5330 struct pending_cmd *cmd;
c35938b2 5331
744cf19e 5332 BT_DBG("%s status %u", hdev->name, status);
c35938b2 5333
2e58ef3e 5334 cmd = mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev);
c35938b2 5335 if (!cmd)
3edaf092 5336 return;
c35938b2
SJ		 5337
5338 if (status) {
3edaf092
MH		 5339 cmd_status(cmd->sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
5340 mgmt_status(status));
c35938b2 5341 } else {
4d2d2796
MH		 5342 if (test_bit(HCI_SC_ENABLED, &hdev->dev_flags) &&
5343 hash256 && randomizer256) {
5344 struct mgmt_rp_read_local_oob_ext_data rp;
5345
5346 memcpy(rp.hash192, hash192, sizeof(rp.hash192));
5347 memcpy(rp.randomizer192, randomizer192,
5348 sizeof(rp.randomizer192));
c35938b2 5349
4d2d2796
MH		 5350 memcpy(rp.hash256, hash256, sizeof(rp.hash256));
5351 memcpy(rp.randomizer256, randomizer256,
5352 sizeof(rp.randomizer256));
c35938b2 5353
4d2d2796
MH		 5354 cmd_complete(cmd->sk, hdev->id,
5355 MGMT_OP_READ_LOCAL_OOB_DATA, 0,
5356 &rp, sizeof(rp));
5357 } else {
5358 struct mgmt_rp_read_local_oob_data rp;
5359
5360 memcpy(rp.hash, hash192, sizeof(rp.hash));
5361 memcpy(rp.randomizer, randomizer192,
5362 sizeof(rp.randomizer));
5363
5364 cmd_complete(cmd->sk, hdev->id,
5365 MGMT_OP_READ_LOCAL_OOB_DATA, 0,
5366 &rp, sizeof(rp));
5367 }
c35938b2
SJ		 5368 }
5369
5370 mgmt_pending_remove(cmd);
c35938b2 5371}
e17acd40 5372
901801b9
MH		 5373void mgmt_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
5374 u8 addr_type, u8 *dev_class, s8 rssi, u8 cfm_name, u8
5375 ssp, u8 *eir, u16 eir_len)
e17acd40 5376{
e319d2e7
JH		 5377 char buf[512];
5378 struct mgmt_ev_device_found *ev = (void *) buf;
5cedbb8d 5379 struct smp_irk *irk;
1dc06093 5380 size_t ev_size;
e17acd40 5381
12602d0c 5382 if (!hci_discovery_active(hdev))
901801b9 5383 return;
12602d0c 5384
1dc06093
JH		 5385 /* Leave 5 bytes for a potential CoD field */
5386 if (sizeof(*ev) + eir_len + 5 > sizeof(buf))
901801b9 5387 return;
7d262f86 5388
1dc06093
JH		 5389 memset(buf, 0, sizeof(buf));
5390
5cedbb8d
JH		 5391 irk = hci_get_irk(hdev, bdaddr, addr_type);
5392 if (irk) {
5393 bacpy(&ev->addr.bdaddr, &irk->bdaddr);
5394 ev->addr.type = link_to_bdaddr(link_type, irk->addr_type);
5395 } else {
5396 bacpy(&ev->addr.bdaddr, bdaddr);
5397 ev->addr.type = link_to_bdaddr(link_type, addr_type);
5398 }
5399
e319d2e7 5400 ev->rssi = rssi;
9a395a80 5401 if (cfm_name)
612dfce9 5402 ev->flags |= __constant_cpu_to_le32(MGMT_DEV_FOUND_CONFIRM_NAME);
388fc8fa 5403 if (!ssp)
612dfce9 5404 ev->flags |= __constant_cpu_to_le32(MGMT_DEV_FOUND_LEGACY_PAIRING);
e17acd40 5405
1dc06093 5406 if (eir_len > 0)
e319d2e7 5407 memcpy(ev->eir, eir, eir_len);
e17acd40 5408
1dc06093
JH		 5409 if (dev_class && !eir_has_data_type(ev->eir, eir_len, EIR_CLASS_OF_DEV))
5410 eir_len = eir_append_data(ev->eir, eir_len, EIR_CLASS_OF_DEV,
04124681 5411 dev_class, 3);
1dc06093 5412
eb55ef07 5413 ev->eir_len = cpu_to_le16(eir_len);
1dc06093 5414 ev_size = sizeof(*ev) + eir_len;
f8523598 5415
901801b9 5416 mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, ev_size, NULL);
e17acd40 5417}
a88a9652 5418
9cf12aee
MH		 5419void mgmt_remote_name(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
5420 u8 addr_type, s8 rssi, u8 *name, u8 name_len)
a88a9652 5421{
b644ba33
JH		 5422 struct mgmt_ev_device_found *ev;
5423 char buf[sizeof(*ev) + HCI_MAX_NAME_LENGTH + 2];
5424 u16 eir_len;
a88a9652 5425
b644ba33 5426 ev = (struct mgmt_ev_device_found *) buf;
a88a9652 5427
b644ba33
JH		 5428 memset(buf, 0, sizeof(buf));
5429
5430 bacpy(&ev->addr.bdaddr, bdaddr);
57c1477c 5431 ev->addr.type = link_to_bdaddr(link_type, addr_type);
b644ba33
JH		 5432 ev->rssi = rssi;
5433
5434 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE, name,
04124681 5435 name_len);
b644ba33 5436
eb55ef07 5437 ev->eir_len = cpu_to_le16(eir_len);
a88a9652 5438
9cf12aee 5439 mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, sizeof(*ev) + eir_len, NULL);
a88a9652 5440}
314b2381 5441
2f1e063b 5442void mgmt_discovering(struct hci_dev *hdev, u8 discovering)
314b2381 5443{
f963e8e9 5444 struct mgmt_ev_discovering ev;
164a6e78
JH		 5445 struct pending_cmd *cmd;
5446
343fb145
AG		 5447 BT_DBG("%s discovering %u", hdev->name, discovering);
5448
164a6e78 5449 if (discovering)
2e58ef3e 5450 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
164a6e78 5451 else
2e58ef3e 5452 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
164a6e78
JH		 5453
5454 if (cmd != NULL) {
f808e166
JH		 5455 u8 type = hdev->discovery.type;
5456
04124681
GP		 5457 cmd_complete(cmd->sk, hdev->id, cmd->opcode, 0, &type,
5458 sizeof(type));
164a6e78
JH		 5459 mgmt_pending_remove(cmd);
5460 }
5461
f963e8e9
JH		 5462 memset(&ev, 0, sizeof(ev));
5463 ev.type = hdev->discovery.type;
5464 ev.discovering = discovering;
5465
2f1e063b 5466 mgmt_event(MGMT_EV_DISCOVERING, hdev, &ev, sizeof(ev), NULL);
314b2381 5467}
5e762444 5468
88c1fe4b 5469int mgmt_device_blocked(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
5e762444
AJ		 5470{
5471 struct pending_cmd *cmd;
5472 struct mgmt_ev_device_blocked ev;
5473
2e58ef3e 5474 cmd = mgmt_pending_find(MGMT_OP_BLOCK_DEVICE, hdev);
5e762444 5475
88c1fe4b
JH		 5476 bacpy(&ev.addr.bdaddr, bdaddr);
5477 ev.addr.type = type;
5e762444 5478
744cf19e 5479 return mgmt_event(MGMT_EV_DEVICE_BLOCKED, hdev, &ev, sizeof(ev),
04124681 5480 cmd ? cmd->sk : NULL);
5e762444
AJ		 5481}
5482
88c1fe4b 5483int mgmt_device_unblocked(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
5e762444
AJ		 5484{
5485 struct pending_cmd *cmd;
5486 struct mgmt_ev_device_unblocked ev;
5487
2e58ef3e 5488 cmd = mgmt_pending_find(MGMT_OP_UNBLOCK_DEVICE, hdev);
5e762444 5489
88c1fe4b
JH		 5490 bacpy(&ev.addr.bdaddr, bdaddr);
5491 ev.addr.type = type;
5e762444 5492
744cf19e 5493 return mgmt_event(MGMT_EV_DEVICE_UNBLOCKED, hdev, &ev, sizeof(ev),
04124681 5494 cmd ? cmd->sk : NULL);
5e762444 5495}
5976e608
MH		 5496
5497static void adv_enable_complete(struct hci_dev *hdev, u8 status)
5498{
5499 BT_DBG("%s status %u", hdev->name, status);
5500
5501 /* Clear the advertising mgmt setting if we failed to re-enable it */
5502 if (status) {
5503 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
a6d811ed 5504 new_settings(hdev, NULL);
5976e608
MH		 5505 }
5506}
5507
5508void mgmt_reenable_advertising(struct hci_dev *hdev)
5509{
5510 struct hci_request req;
5511
b145edcd 5512 if (hci_conn_num(hdev, LE_LINK) > 0)
5976e608
MH		 5513 return;
5514
5515 if (!test_bit(HCI_ADVERTISING, &hdev->dev_flags))
5516 return;
5517
5518 hci_req_init(&req, hdev);
5519 enable_advertising(&req);
5520
5521 /* If this fails we have no option but to let user space know
5522 * that we've disabled advertising.
5523 */
5524 if (hci_req_run(&req, adv_enable_complete) < 0) {
5525 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
a6d811ed 5526 new_settings(hdev, NULL);
5976e608
MH		 5527 }
5528}
Linux kernel - Deliverables
This page took 0.582112 seconds and 5 git commands to generate.