projects / deliverable / linux.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Bluetooth: Use hci_request for discoverable timeout handling
[deliverable/linux.git] / net / bluetooth / mgmt.c
CommitLineData
0381101f
JH		 1/*
2 BlueZ - Bluetooth protocol stack for Linux
ea585ab5 3
0381101f 4 Copyright (C) 2010 Nokia Corporation
ea585ab5 5 Copyright (C) 2011-2012 Intel Corporation
0381101f
JH		 6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
10
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
23*/
24
25/* Bluetooth HCI Management interface */
26
3a9a231d 27#include <linux/module.h>
0381101f
JH		 28#include <asm/unaligned.h>
29
30#include <net/bluetooth/bluetooth.h>
31#include <net/bluetooth/hci_core.h>
32#include <net/bluetooth/mgmt.h>
ac4b7236
MH		 33
34#include "smp.h"
0381101f 35
2da9c55c 36#define MGMT_VERSION 1
9ab8cf37 37#define MGMT_REVISION 4
02d98129 38
e70bb2e8
JH		 39static const u16 mgmt_commands[] = {
40 MGMT_OP_READ_INDEX_LIST,
41 MGMT_OP_READ_INFO,
42 MGMT_OP_SET_POWERED,
43 MGMT_OP_SET_DISCOVERABLE,
44 MGMT_OP_SET_CONNECTABLE,
45 MGMT_OP_SET_FAST_CONNECTABLE,
46 MGMT_OP_SET_PAIRABLE,
47 MGMT_OP_SET_LINK_SECURITY,
48 MGMT_OP_SET_SSP,
49 MGMT_OP_SET_HS,
50 MGMT_OP_SET_LE,
51 MGMT_OP_SET_DEV_CLASS,
52 MGMT_OP_SET_LOCAL_NAME,
53 MGMT_OP_ADD_UUID,
54 MGMT_OP_REMOVE_UUID,
55 MGMT_OP_LOAD_LINK_KEYS,
56 MGMT_OP_LOAD_LONG_TERM_KEYS,
57 MGMT_OP_DISCONNECT,
58 MGMT_OP_GET_CONNECTIONS,
59 MGMT_OP_PIN_CODE_REPLY,
60 MGMT_OP_PIN_CODE_NEG_REPLY,
61 MGMT_OP_SET_IO_CAPABILITY,
62 MGMT_OP_PAIR_DEVICE,
63 MGMT_OP_CANCEL_PAIR_DEVICE,
64 MGMT_OP_UNPAIR_DEVICE,
65 MGMT_OP_USER_CONFIRM_REPLY,
66 MGMT_OP_USER_CONFIRM_NEG_REPLY,
67 MGMT_OP_USER_PASSKEY_REPLY,
68 MGMT_OP_USER_PASSKEY_NEG_REPLY,
69 MGMT_OP_READ_LOCAL_OOB_DATA,
70 MGMT_OP_ADD_REMOTE_OOB_DATA,
71 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
72 MGMT_OP_START_DISCOVERY,
73 MGMT_OP_STOP_DISCOVERY,
74 MGMT_OP_CONFIRM_NAME,
75 MGMT_OP_BLOCK_DEVICE,
76 MGMT_OP_UNBLOCK_DEVICE,
cdbaccca 77 MGMT_OP_SET_DEVICE_ID,
4375f103 78 MGMT_OP_SET_ADVERTISING,
0663ca2a 79 MGMT_OP_SET_BREDR,
d13eafce 80 MGMT_OP_SET_STATIC_ADDRESS,
7f72134e 81 MGMT_OP_SET_SCAN_PARAMS,
e70bb2e8
JH		 82};
83
84static const u16 mgmt_events[] = {
85 MGMT_EV_CONTROLLER_ERROR,
86 MGMT_EV_INDEX_ADDED,
87 MGMT_EV_INDEX_REMOVED,
88 MGMT_EV_NEW_SETTINGS,
89 MGMT_EV_CLASS_OF_DEV_CHANGED,
90 MGMT_EV_LOCAL_NAME_CHANGED,
91 MGMT_EV_NEW_LINK_KEY,
92 MGMT_EV_NEW_LONG_TERM_KEY,
93 MGMT_EV_DEVICE_CONNECTED,
94 MGMT_EV_DEVICE_DISCONNECTED,
95 MGMT_EV_CONNECT_FAILED,
96 MGMT_EV_PIN_CODE_REQUEST,
97 MGMT_EV_USER_CONFIRM_REQUEST,
98 MGMT_EV_USER_PASSKEY_REQUEST,
99 MGMT_EV_AUTH_FAILED,
100 MGMT_EV_DEVICE_FOUND,
101 MGMT_EV_DISCOVERING,
102 MGMT_EV_DEVICE_BLOCKED,
103 MGMT_EV_DEVICE_UNBLOCKED,
104 MGMT_EV_DEVICE_UNPAIRED,
92a25256 105 MGMT_EV_PASSKEY_NOTIFY,
e70bb2e8
JH		 106};
107
17b02e62 108#define CACHE_TIMEOUT msecs_to_jiffies(2 * 1000)
7d78525d 109
4b34ee78
JH		 110#define hdev_is_powered(hdev) (test_bit(HCI_UP, &hdev->flags) && \
111 !test_bit(HCI_AUTO_OFF, &hdev->dev_flags))
112
eec8d2bc
JH		 113struct pending_cmd {
114 struct list_head list;
fc2f4b13 115 u16 opcode;
eec8d2bc 116 int index;
c68fb7ff 117 void *param;
eec8d2bc 118 struct sock *sk;
e9a416b5 119 void *user_data;
eec8d2bc
JH		 120};
121
ca69b795
JH		 122/* HCI to MGMT error code conversion table */
123static u8 mgmt_status_table[] = {
124 MGMT_STATUS_SUCCESS,
125 MGMT_STATUS_UNKNOWN_COMMAND, /* Unknown Command */
126 MGMT_STATUS_NOT_CONNECTED, /* No Connection */
127 MGMT_STATUS_FAILED, /* Hardware Failure */
128 MGMT_STATUS_CONNECT_FAILED, /* Page Timeout */
129 MGMT_STATUS_AUTH_FAILED, /* Authentication Failed */
130 MGMT_STATUS_NOT_PAIRED, /* PIN or Key Missing */
131 MGMT_STATUS_NO_RESOURCES, /* Memory Full */
132 MGMT_STATUS_TIMEOUT, /* Connection Timeout */
133 MGMT_STATUS_NO_RESOURCES, /* Max Number of Connections */
134 MGMT_STATUS_NO_RESOURCES, /* Max Number of SCO Connections */
135 MGMT_STATUS_ALREADY_CONNECTED, /* ACL Connection Exists */
136 MGMT_STATUS_BUSY, /* Command Disallowed */
137 MGMT_STATUS_NO_RESOURCES, /* Rejected Limited Resources */
138 MGMT_STATUS_REJECTED, /* Rejected Security */
139 MGMT_STATUS_REJECTED, /* Rejected Personal */
140 MGMT_STATUS_TIMEOUT, /* Host Timeout */
141 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Feature */
142 MGMT_STATUS_INVALID_PARAMS, /* Invalid Parameters */
143 MGMT_STATUS_DISCONNECTED, /* OE User Ended Connection */
144 MGMT_STATUS_NO_RESOURCES, /* OE Low Resources */
145 MGMT_STATUS_DISCONNECTED, /* OE Power Off */
146 MGMT_STATUS_DISCONNECTED, /* Connection Terminated */
147 MGMT_STATUS_BUSY, /* Repeated Attempts */
148 MGMT_STATUS_REJECTED, /* Pairing Not Allowed */
149 MGMT_STATUS_FAILED, /* Unknown LMP PDU */
150 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Remote Feature */
151 MGMT_STATUS_REJECTED, /* SCO Offset Rejected */
152 MGMT_STATUS_REJECTED, /* SCO Interval Rejected */
153 MGMT_STATUS_REJECTED, /* Air Mode Rejected */
154 MGMT_STATUS_INVALID_PARAMS, /* Invalid LMP Parameters */
155 MGMT_STATUS_FAILED, /* Unspecified Error */
156 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported LMP Parameter Value */
157 MGMT_STATUS_FAILED, /* Role Change Not Allowed */
158 MGMT_STATUS_TIMEOUT, /* LMP Response Timeout */
159 MGMT_STATUS_FAILED, /* LMP Error Transaction Collision */
160 MGMT_STATUS_FAILED, /* LMP PDU Not Allowed */
161 MGMT_STATUS_REJECTED, /* Encryption Mode Not Accepted */
162 MGMT_STATUS_FAILED, /* Unit Link Key Used */
163 MGMT_STATUS_NOT_SUPPORTED, /* QoS Not Supported */
164 MGMT_STATUS_TIMEOUT, /* Instant Passed */
165 MGMT_STATUS_NOT_SUPPORTED, /* Pairing Not Supported */
166 MGMT_STATUS_FAILED, /* Transaction Collision */
167 MGMT_STATUS_INVALID_PARAMS, /* Unacceptable Parameter */
168 MGMT_STATUS_REJECTED, /* QoS Rejected */
169 MGMT_STATUS_NOT_SUPPORTED, /* Classification Not Supported */
170 MGMT_STATUS_REJECTED, /* Insufficient Security */
171 MGMT_STATUS_INVALID_PARAMS, /* Parameter Out Of Range */
172 MGMT_STATUS_BUSY, /* Role Switch Pending */
173 MGMT_STATUS_FAILED, /* Slot Violation */
174 MGMT_STATUS_FAILED, /* Role Switch Failed */
175 MGMT_STATUS_INVALID_PARAMS, /* EIR Too Large */
176 MGMT_STATUS_NOT_SUPPORTED, /* Simple Pairing Not Supported */
177 MGMT_STATUS_BUSY, /* Host Busy Pairing */
178 MGMT_STATUS_REJECTED, /* Rejected, No Suitable Channel */
179 MGMT_STATUS_BUSY, /* Controller Busy */
180 MGMT_STATUS_INVALID_PARAMS, /* Unsuitable Connection Interval */
181 MGMT_STATUS_TIMEOUT, /* Directed Advertising Timeout */
182 MGMT_STATUS_AUTH_FAILED, /* Terminated Due to MIC Failure */
183 MGMT_STATUS_CONNECT_FAILED, /* Connection Establishment Failed */
184 MGMT_STATUS_CONNECT_FAILED, /* MAC Connection Failed */
185};
186
187static u8 mgmt_status(u8 hci_status)
188{
189 if (hci_status < ARRAY_SIZE(mgmt_status_table))
190 return mgmt_status_table[hci_status];
191
192 return MGMT_STATUS_FAILED;
193}
194
4e51eae9 195static int cmd_status(struct sock *sk, u16 index, u16 cmd, u8 status)
f7b64e69
JH		 196{
197 struct sk_buff *skb;
198 struct mgmt_hdr *hdr;
199 struct mgmt_ev_cmd_status *ev;
56b7d137 200 int err;
f7b64e69 201
34eb525c 202 BT_DBG("sock %p, index %u, cmd %u, status %u", sk, index, cmd, status);
f7b64e69 203
790eff44 204 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev), GFP_KERNEL);
f7b64e69
JH		 205 if (!skb)
206 return -ENOMEM;
207
208 hdr = (void *) skb_put(skb, sizeof(*hdr));
209
612dfce9 210 hdr->opcode = __constant_cpu_to_le16(MGMT_EV_CMD_STATUS);
4e51eae9 211 hdr->index = cpu_to_le16(index);
f7b64e69
JH		 212 hdr->len = cpu_to_le16(sizeof(*ev));
213
214 ev = (void *) skb_put(skb, sizeof(*ev));
215 ev->status = status;
eb55ef07 216 ev->opcode = cpu_to_le16(cmd);
f7b64e69 217
56b7d137
GP		 218 err = sock_queue_rcv_skb(sk, skb);
219 if (err < 0)
f7b64e69
JH		 220 kfree_skb(skb);
221
56b7d137 222 return err;
f7b64e69
JH		 223}
224
aee9b218 225static int cmd_complete(struct sock *sk, u16 index, u16 cmd, u8 status,
04124681 226 void *rp, size_t rp_len)
02d98129
JH		 227{
228 struct sk_buff *skb;
229 struct mgmt_hdr *hdr;
230 struct mgmt_ev_cmd_complete *ev;
56b7d137 231 int err;
02d98129
JH		 232
233 BT_DBG("sock %p", sk);
234
790eff44 235 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev) + rp_len, GFP_KERNEL);
02d98129
JH		 236 if (!skb)
237 return -ENOMEM;
238
239 hdr = (void *) skb_put(skb, sizeof(*hdr));
02d98129 240
612dfce9 241 hdr->opcode = __constant_cpu_to_le16(MGMT_EV_CMD_COMPLETE);
4e51eae9 242 hdr->index = cpu_to_le16(index);
a38528f1 243 hdr->len = cpu_to_le16(sizeof(*ev) + rp_len);
02d98129 244
a38528f1 245 ev = (void *) skb_put(skb, sizeof(*ev) + rp_len);
eb55ef07 246 ev->opcode = cpu_to_le16(cmd);
aee9b218 247 ev->status = status;
8020c16a
SJ		 248
249 if (rp)
250 memcpy(ev->data, rp, rp_len);
02d98129 251
56b7d137
GP		 252 err = sock_queue_rcv_skb(sk, skb);
253 if (err < 0)
02d98129
JH		 254 kfree_skb(skb);
255
e5f0e151 256 return err;
02d98129
JH		 257}
258
04124681
GP		 259static int read_version(struct sock *sk, struct hci_dev *hdev, void *data,
260 u16 data_len)
a38528f1
JH		 261{
262 struct mgmt_rp_read_version rp;
263
264 BT_DBG("sock %p", sk);
265
266 rp.version = MGMT_VERSION;
eb55ef07 267 rp.revision = __constant_cpu_to_le16(MGMT_REVISION);
a38528f1 268
aee9b218 269 return cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_VERSION, 0, &rp,
04124681 270 sizeof(rp));
a38528f1
JH		 271}
272
04124681
GP		 273static int read_commands(struct sock *sk, struct hci_dev *hdev, void *data,
274 u16 data_len)
e70bb2e8
JH		 275{
276 struct mgmt_rp_read_commands *rp;
eb55ef07
MH		 277 const u16 num_commands = ARRAY_SIZE(mgmt_commands);
278 const u16 num_events = ARRAY_SIZE(mgmt_events);
2e3c35ea 279 __le16 *opcode;
e70bb2e8
JH		 280 size_t rp_size;
281 int i, err;
282
283 BT_DBG("sock %p", sk);
284
285 rp_size = sizeof(*rp) + ((num_commands + num_events) * sizeof(u16));
286
287 rp = kmalloc(rp_size, GFP_KERNEL);
288 if (!rp)
289 return -ENOMEM;
290
eb55ef07
MH		 291 rp->num_commands = __constant_cpu_to_le16(num_commands);
292 rp->num_events = __constant_cpu_to_le16(num_events);
e70bb2e8
JH		 293
294 for (i = 0, opcode = rp->opcodes; i < num_commands; i++, opcode++)
295 put_unaligned_le16(mgmt_commands[i], opcode);
296
297 for (i = 0; i < num_events; i++, opcode++)
298 put_unaligned_le16(mgmt_events[i], opcode);
299
aee9b218 300 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_COMMANDS, 0, rp,
04124681 301 rp_size);
e70bb2e8
JH		 302 kfree(rp);
303
304 return err;
305}
306
04124681
GP		 307static int read_index_list(struct sock *sk, struct hci_dev *hdev, void *data,
308 u16 data_len)
faba42eb 309{
faba42eb 310 struct mgmt_rp_read_index_list *rp;
8035ded4 311 struct hci_dev *d;
a38528f1 312 size_t rp_len;
faba42eb 313 u16 count;
476e44cb 314 int err;
faba42eb
JH		 315
316 BT_DBG("sock %p", sk);
317
318 read_lock(&hci_dev_list_lock);
319
320 count = 0;
bb4b2a9a 321 list_for_each_entry(d, &hci_dev_list, list) {
1514b892
MH		 322 if (d->dev_type == HCI_BREDR)
323 count++;
faba42eb
JH		 324 }
325
a38528f1
JH		 326 rp_len = sizeof(*rp) + (2 * count);
327 rp = kmalloc(rp_len, GFP_ATOMIC);
328 if (!rp) {
b2c60d42 329 read_unlock(&hci_dev_list_lock);
faba42eb 330 return -ENOMEM;
b2c60d42 331 }
faba42eb 332
476e44cb 333 count = 0;
8035ded4 334 list_for_each_entry(d, &hci_dev_list, list) {
a8b2d5c2 335 if (test_bit(HCI_SETUP, &d->dev_flags))
ab81cbf9
JH		 336 continue;
337
0736cfa8
MH		 338 if (test_bit(HCI_USER_CHANNEL, &d->dev_flags))
339 continue;
340
1514b892
MH		 341 if (d->dev_type == HCI_BREDR) {
342 rp->index[count++] = cpu_to_le16(d->id);
343 BT_DBG("Added hci%u", d->id);
344 }
faba42eb
JH		 345 }
346
476e44cb
JH		 347 rp->num_controllers = cpu_to_le16(count);
348 rp_len = sizeof(*rp) + (2 * count);
349
faba42eb
JH		 350 read_unlock(&hci_dev_list_lock);
351
aee9b218 352 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_INDEX_LIST, 0, rp,
04124681 353 rp_len);
faba42eb 354
a38528f1
JH		 355 kfree(rp);
356
357 return err;
faba42eb
JH		 358}
359
69ab39ea
JH		 360static u32 get_supported_settings(struct hci_dev *hdev)
361{
362 u32 settings = 0;
363
364 settings |= MGMT_SETTING_POWERED;
69ab39ea
JH		 365 settings |= MGMT_SETTING_PAIRABLE;
366
ed3fa31f 367 if (lmp_bredr_capable(hdev)) {
33c525c0 368 settings |= MGMT_SETTING_CONNECTABLE;
1a47aee8
JH		 369 if (hdev->hci_ver >= BLUETOOTH_VER_1_2)
370 settings |= MGMT_SETTING_FAST_CONNECTABLE;
33c525c0 371 settings |= MGMT_SETTING_DISCOVERABLE;
69ab39ea
JH		 372 settings |= MGMT_SETTING_BREDR;
373 settings |= MGMT_SETTING_LINK_SECURITY;
a82974c9
MH		 374
375 if (lmp_ssp_capable(hdev)) {
376 settings |= MGMT_SETTING_SSP;
377 settings |= MGMT_SETTING_HS;
378 }
848566b3 379 }
d7b7e796 380
eeca6f89 381 if (lmp_le_capable(hdev)) {
9d42820f 382 settings |= MGMT_SETTING_LE;
eeca6f89
JH		 383 settings |= MGMT_SETTING_ADVERTISING;
384 }
69ab39ea
JH		 385
386 return settings;
387}
388
389static u32 get_current_settings(struct hci_dev *hdev)
390{
391 u32 settings = 0;
392
f1f0eb02 393 if (hdev_is_powered(hdev))
f0d4b78a
MH		 394 settings |= MGMT_SETTING_POWERED;
395
5e5282bb 396 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
69ab39ea
JH		 397 settings |= MGMT_SETTING_CONNECTABLE;
398
1a4d3c4b
JH		 399 if (test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags))
400 settings |= MGMT_SETTING_FAST_CONNECTABLE;
401
5e5282bb 402 if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
69ab39ea
JH		 403 settings |= MGMT_SETTING_DISCOVERABLE;
404
a8b2d5c2 405 if (test_bit(HCI_PAIRABLE, &hdev->dev_flags))
69ab39ea
JH		 406 settings |= MGMT_SETTING_PAIRABLE;
407
56f87901 408 if (test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
69ab39ea
JH		 409 settings |= MGMT_SETTING_BREDR;
410
06199cf8 411 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
69ab39ea
JH		 412 settings |= MGMT_SETTING_LE;
413
47990ea0 414 if (test_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
69ab39ea
JH		 415 settings |= MGMT_SETTING_LINK_SECURITY;
416
84bde9d6 417 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
69ab39ea
JH		 418 settings |= MGMT_SETTING_SSP;
419
6d80dfd0
JH		 420 if (test_bit(HCI_HS_ENABLED, &hdev->dev_flags))
421 settings |= MGMT_SETTING_HS;
422
f3d3444a 423 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags))
eeca6f89
JH		 424 settings |= MGMT_SETTING_ADVERTISING;
425
69ab39ea
JH		 426 return settings;
427}
428
ef580372
JH		 429#define PNP_INFO_SVCLASS_ID 0x1200
430
213202ed
JH		 431static u8 *create_uuid16_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
432{
433 u8 *ptr = data, *uuids_start = NULL;
434 struct bt_uuid *uuid;
435
436 if (len < 4)
437 return ptr;
438
439 list_for_each_entry(uuid, &hdev->uuids, list) {
440 u16 uuid16;
441
442 if (uuid->size != 16)
443 continue;
444
445 uuid16 = get_unaligned_le16(&uuid->uuid[12]);
446 if (uuid16 < 0x1100)
447 continue;
448
449 if (uuid16 == PNP_INFO_SVCLASS_ID)
450 continue;
451
452 if (!uuids_start) {
453 uuids_start = ptr;
454 uuids_start[0] = 1;
455 uuids_start[1] = EIR_UUID16_ALL;
456 ptr += 2;
457 }
458
459 /* Stop if not enough space to put next UUID */
460 if ((ptr - data) + sizeof(u16) > len) {
461 uuids_start[1] = EIR_UUID16_SOME;
462 break;
463 }
464
465 *ptr++ = (uuid16 & 0x00ff);
466 *ptr++ = (uuid16 & 0xff00) >> 8;
467 uuids_start[0] += sizeof(uuid16);
468 }
469
470 return ptr;
471}
472
cdf1963f
JH		 473static u8 *create_uuid32_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
474{
475 u8 *ptr = data, *uuids_start = NULL;
476 struct bt_uuid *uuid;
477
478 if (len < 6)
479 return ptr;
480
481 list_for_each_entry(uuid, &hdev->uuids, list) {
482 if (uuid->size != 32)
483 continue;
484
485 if (!uuids_start) {
486 uuids_start = ptr;
487 uuids_start[0] = 1;
488 uuids_start[1] = EIR_UUID32_ALL;
489 ptr += 2;
490 }
491
492 /* Stop if not enough space to put next UUID */
493 if ((ptr - data) + sizeof(u32) > len) {
494 uuids_start[1] = EIR_UUID32_SOME;
495 break;
496 }
497
498 memcpy(ptr, &uuid->uuid[12], sizeof(u32));
499 ptr += sizeof(u32);
500 uuids_start[0] += sizeof(u32);
501 }
502
503 return ptr;
504}
505
c00d575b
JH		 506static u8 *create_uuid128_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
507{
508 u8 *ptr = data, *uuids_start = NULL;
509 struct bt_uuid *uuid;
510
511 if (len < 18)
512 return ptr;
513
514 list_for_each_entry(uuid, &hdev->uuids, list) {
515 if (uuid->size != 128)
516 continue;
517
518 if (!uuids_start) {
519 uuids_start = ptr;
520 uuids_start[0] = 1;
521 uuids_start[1] = EIR_UUID128_ALL;
522 ptr += 2;
523 }
524
525 /* Stop if not enough space to put next UUID */
526 if ((ptr - data) + 16 > len) {
527 uuids_start[1] = EIR_UUID128_SOME;
528 break;
529 }
530
531 memcpy(ptr, uuid->uuid, 16);
532 ptr += 16;
533 uuids_start[0] += 16;
534 }
535
536 return ptr;
537}
538
ef580372
JH		 539static void create_eir(struct hci_dev *hdev, u8 *data)
540{
541 u8 *ptr = data;
ef580372
JH		 542 size_t name_len;
543
544 name_len = strlen(hdev->dev_name);
545
546 if (name_len > 0) {
547 /* EIR Data type */
548 if (name_len > 48) {
549 name_len = 48;
550 ptr[1] = EIR_NAME_SHORT;
551 } else
552 ptr[1] = EIR_NAME_COMPLETE;
553
554 /* EIR Data length */
555 ptr[0] = name_len + 1;
556
557 memcpy(ptr + 2, hdev->dev_name, name_len);
558
ef580372
JH		 559 ptr += (name_len + 2);
560 }
561
bbaf444a 562 if (hdev->inq_tx_power != HCI_TX_POWER_INVALID) {
91c4e9b1
MH		 563 ptr[0] = 2;
564 ptr[1] = EIR_TX_POWER;
565 ptr[2] = (u8) hdev->inq_tx_power;
566
91c4e9b1
MH		 567 ptr += 3;
568 }
569
2b9be137
MH		 570 if (hdev->devid_source > 0) {
571 ptr[0] = 9;
572 ptr[1] = EIR_DEVICE_ID;
573
574 put_unaligned_le16(hdev->devid_source, ptr + 2);
575 put_unaligned_le16(hdev->devid_vendor, ptr + 4);
576 put_unaligned_le16(hdev->devid_product, ptr + 6);
577 put_unaligned_le16(hdev->devid_version, ptr + 8);
578
2b9be137
MH		 579 ptr += 10;
580 }
581
213202ed 582 ptr = create_uuid16_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
cdf1963f 583 ptr = create_uuid32_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
c00d575b 584 ptr = create_uuid128_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
ef580372
JH		 585}
586
890ea898 587static void update_eir(struct hci_request *req)
ef580372 588{
890ea898 589 struct hci_dev *hdev = req->hdev;
ef580372
JH		 590 struct hci_cp_write_eir cp;
591
504c8dcd 592 if (!hdev_is_powered(hdev))
890ea898 593 return;
7770c4aa 594
976eb20e 595 if (!lmp_ext_inq_capable(hdev))
890ea898 596 return;
ef580372 597
84bde9d6 598 if (!test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
890ea898 599 return;
ef580372 600
a8b2d5c2 601 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
890ea898 602 return;
ef580372
JH		 603
604 memset(&cp, 0, sizeof(cp));
605
606 create_eir(hdev, cp.data);
607
608 if (memcmp(cp.data, hdev->eir, sizeof(cp.data)) == 0)
890ea898 609 return;
ef580372
JH		 610
611 memcpy(hdev->eir, cp.data, sizeof(cp.data));
612
890ea898 613 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
ef580372
JH		 614}
615
616static u8 get_service_classes(struct hci_dev *hdev)
617{
618 struct bt_uuid *uuid;
619 u8 val = 0;
620
621 list_for_each_entry(uuid, &hdev->uuids, list)
622 val |= uuid->svc_hint;
623
624 return val;
625}
626
890ea898 627static void update_class(struct hci_request *req)
ef580372 628{
890ea898 629 struct hci_dev *hdev = req->hdev;
ef580372
JH		 630 u8 cod[3];
631
632 BT_DBG("%s", hdev->name);
633
504c8dcd 634 if (!hdev_is_powered(hdev))
890ea898 635 return;
7770c4aa 636
a8b2d5c2 637 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
890ea898 638 return;
ef580372
JH		 639
640 cod[0] = hdev->minor_class;
641 cod[1] = hdev->major_class;
642 cod[2] = get_service_classes(hdev);
643
644 if (memcmp(cod, hdev->dev_class, 3) == 0)
890ea898 645 return;
ef580372 646
890ea898 647 hci_req_add(req, HCI_OP_WRITE_CLASS_OF_DEV, sizeof(cod), cod);
ef580372
JH		 648}
649
7d78525d
JH		 650static void service_cache_off(struct work_struct *work)
651{
652 struct hci_dev *hdev = container_of(work, struct hci_dev,
04124681 653 service_cache.work);
890ea898 654 struct hci_request req;
7d78525d 655
a8b2d5c2 656 if (!test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
7d78525d
JH		 657 return;
658
890ea898
JH		 659 hci_req_init(&req, hdev);
660
7d78525d
JH		 661 hci_dev_lock(hdev);
662
890ea898
JH		 663 update_eir(&req);
664 update_class(&req);
7d78525d
JH		 665
666 hci_dev_unlock(hdev);
890ea898
JH		 667
668 hci_req_run(&req, NULL);
7d78525d
JH		 669}
670
6a919082 671static void mgmt_init_hdev(struct sock *sk, struct hci_dev *hdev)
7d78525d 672{
4f87da80 673 if (test_and_set_bit(HCI_MGMT, &hdev->dev_flags))
6a919082
JH		 674 return;
675
4f87da80 676 INIT_DELAYED_WORK(&hdev->service_cache, service_cache_off);
7d78525d 677
4f87da80
JH		 678 /* Non-mgmt controlled devices get this bit set
679 * implicitly so that pairing works for them, however
680 * for mgmt we require user-space to explicitly enable
681 * it
682 */
683 clear_bit(HCI_PAIRABLE, &hdev->dev_flags);
7d78525d
JH		 684}
685
0f4e68cf 686static int read_controller_info(struct sock *sk, struct hci_dev *hdev,
04124681 687 void *data, u16 data_len)
0381101f 688{
a38528f1 689 struct mgmt_rp_read_info rp;
f7b64e69 690
bdb6d971 691 BT_DBG("sock %p %s", sk, hdev->name);
f7b64e69 692
09fd0de5 693 hci_dev_lock(hdev);
f7b64e69 694
dc4fe30b
JH		 695 memset(&rp, 0, sizeof(rp));
696
69ab39ea 697 bacpy(&rp.bdaddr, &hdev->bdaddr);
f7b64e69 698
69ab39ea 699 rp.version = hdev->hci_ver;
eb55ef07 700 rp.manufacturer = cpu_to_le16(hdev->manufacturer);
69ab39ea
JH		 701
702 rp.supported_settings = cpu_to_le32(get_supported_settings(hdev));
703 rp.current_settings = cpu_to_le32(get_current_settings(hdev));
f7b64e69 704
a38528f1 705 memcpy(rp.dev_class, hdev->dev_class, 3);
f7b64e69 706
dc4fe30b 707 memcpy(rp.name, hdev->dev_name, sizeof(hdev->dev_name));
27fcc362 708 memcpy(rp.short_name, hdev->short_name, sizeof(hdev->short_name));
dc4fe30b 709
09fd0de5 710 hci_dev_unlock(hdev);
0381101f 711
bdb6d971 712 return cmd_complete(sk, hdev->id, MGMT_OP_READ_INFO, 0, &rp,
04124681 713 sizeof(rp));
0381101f
JH		 714}
715
eec8d2bc
JH		 716static void mgmt_pending_free(struct pending_cmd *cmd)
717{
718 sock_put(cmd->sk);
c68fb7ff 719 kfree(cmd->param);
eec8d2bc
JH		 720 kfree(cmd);
721}
722
366a0336 723static struct pending_cmd *mgmt_pending_add(struct sock *sk, u16 opcode,
04124681
GP		 724 struct hci_dev *hdev, void *data,
725 u16 len)
eec8d2bc
JH		 726{
727 struct pending_cmd *cmd;
728
12b94565 729 cmd = kmalloc(sizeof(*cmd), GFP_KERNEL);
eec8d2bc 730 if (!cmd)
366a0336 731 return NULL;
eec8d2bc
JH		 732
733 cmd->opcode = opcode;
2e58ef3e 734 cmd->index = hdev->id;
eec8d2bc 735
12b94565 736 cmd->param = kmalloc(len, GFP_KERNEL);
c68fb7ff 737 if (!cmd->param) {
eec8d2bc 738 kfree(cmd);
366a0336 739 return NULL;
eec8d2bc
JH		 740 }
741
8fce6357
SJ		 742 if (data)
743 memcpy(cmd->param, data, len);
eec8d2bc
JH		 744
745 cmd->sk = sk;
746 sock_hold(sk);
747
2e58ef3e 748 list_add(&cmd->list, &hdev->mgmt_pending);
eec8d2bc 749
366a0336 750 return cmd;
eec8d2bc
JH		 751}
752
744cf19e 753static void mgmt_pending_foreach(u16 opcode, struct hci_dev *hdev,
8fc9ced3
GP		 754 void (*cb)(struct pending_cmd *cmd,
755 void *data),
04124681 756 void *data)
eec8d2bc 757{
a3d09356 758 struct pending_cmd *cmd, *tmp;
eec8d2bc 759
a3d09356 760 list_for_each_entry_safe(cmd, tmp, &hdev->mgmt_pending, list) {
b24752fe 761 if (opcode > 0 && cmd->opcode != opcode)
eec8d2bc
JH		 762 continue;
763
eec8d2bc
JH		 764 cb(cmd, data);
765 }
766}
767
2e58ef3e 768static struct pending_cmd *mgmt_pending_find(u16 opcode, struct hci_dev *hdev)
eec8d2bc 769{
8035ded4 770 struct pending_cmd *cmd;
eec8d2bc 771
2e58ef3e 772 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
2aeabcbe
JH		 773 if (cmd->opcode == opcode)
774 return cmd;
eec8d2bc
JH		 775 }
776
777 return NULL;
778}
779
a664b5bc 780static void mgmt_pending_remove(struct pending_cmd *cmd)
73f22f62 781{
73f22f62
JH		 782 list_del(&cmd->list);
783 mgmt_pending_free(cmd);
784}
785
69ab39ea 786static int send_settings_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
8680570b 787{
69ab39ea 788 __le32 settings = cpu_to_le32(get_current_settings(hdev));
8680570b 789
aee9b218 790 return cmd_complete(sk, hdev->id, opcode, 0, &settings,
04124681 791 sizeof(settings));
8680570b
JH		 792}
793
bdb6d971 794static int set_powered(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 795 u16 len)
eec8d2bc 796{
650f726d 797 struct mgmt_mode *cp = data;
366a0336 798 struct pending_cmd *cmd;
4b34ee78 799 int err;
eec8d2bc 800
bdb6d971 801 BT_DBG("request for %s", hdev->name);
eec8d2bc 802
a7e80f25
JH		 803 if (cp->val != 0x00 && cp->val != 0x01)
804 return cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
805 MGMT_STATUS_INVALID_PARAMS);
806
09fd0de5 807 hci_dev_lock(hdev);
eec8d2bc 808
87b95ba6
JH		 809 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev)) {
810 err = cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
811 MGMT_STATUS_BUSY);
812 goto failed;
813 }
814
f0d4b78a
MH		 815 if (test_and_clear_bit(HCI_AUTO_OFF, &hdev->dev_flags)) {
816 cancel_delayed_work(&hdev->power_off);
817
818 if (cp->val) {
a1d70450
JH		 819 mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev,
820 data, len);
821 err = mgmt_powered(hdev, 1);
f0d4b78a
MH		 822 goto failed;
823 }
824 }
825
4b34ee78 826 if (!!cp->val == hdev_is_powered(hdev)) {
69ab39ea 827 err = send_settings_rsp(sk, MGMT_OP_SET_POWERED, hdev);
eec8d2bc
JH		 828 goto failed;
829 }
830
2e58ef3e 831 cmd = mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev, data, len);
366a0336
JH		 832 if (!cmd) {
833 err = -ENOMEM;
eec8d2bc 834 goto failed;
366a0336 835 }
eec8d2bc 836
72a734ec 837 if (cp->val)
19202573 838 queue_work(hdev->req_workqueue, &hdev->power_on);
eec8d2bc 839 else
19202573 840 queue_work(hdev->req_workqueue, &hdev->power_off.work);
eec8d2bc 841
366a0336 842 err = 0;
eec8d2bc
JH		 843
844failed:
09fd0de5 845 hci_dev_unlock(hdev);
366a0336 846 return err;
eec8d2bc
JH		 847}
848
04124681
GP		 849static int mgmt_event(u16 event, struct hci_dev *hdev, void *data, u16 data_len,
850 struct sock *skip_sk)
beadb2bd
JH		 851{
852 struct sk_buff *skb;
853 struct mgmt_hdr *hdr;
854
790eff44 855 skb = alloc_skb(sizeof(*hdr) + data_len, GFP_KERNEL);
beadb2bd
JH		 856 if (!skb)
857 return -ENOMEM;
858
859 hdr = (void *) skb_put(skb, sizeof(*hdr));
860 hdr->opcode = cpu_to_le16(event);
861 if (hdev)
862 hdr->index = cpu_to_le16(hdev->id);
863 else
612dfce9 864 hdr->index = __constant_cpu_to_le16(MGMT_INDEX_NONE);
beadb2bd
JH		 865 hdr->len = cpu_to_le16(data_len);
866
867 if (data)
868 memcpy(skb_put(skb, data_len), data, data_len);
869
97e0bdeb
MH		 870 /* Time stamp */
871 __net_timestamp(skb);
872
beadb2bd
JH		 873 hci_send_to_control(skb, skip_sk);
874 kfree_skb(skb);
875
876 return 0;
877}
878
879static int new_settings(struct hci_dev *hdev, struct sock *skip)
880{
881 __le32 ev;
882
883 ev = cpu_to_le32(get_current_settings(hdev));
884
885 return mgmt_event(MGMT_EV_NEW_SETTINGS, hdev, &ev, sizeof(ev), skip);
886}
887
bd99abdd
JH		 888struct cmd_lookup {
889 struct sock *sk;
890 struct hci_dev *hdev;
891 u8 mgmt_status;
892};
893
894static void settings_rsp(struct pending_cmd *cmd, void *data)
895{
896 struct cmd_lookup *match = data;
897
898 send_settings_rsp(cmd->sk, cmd->opcode, match->hdev);
899
900 list_del(&cmd->list);
901
902 if (match->sk == NULL) {
903 match->sk = cmd->sk;
904 sock_hold(match->sk);
905 }
906
907 mgmt_pending_free(cmd);
908}
909
910static void cmd_status_rsp(struct pending_cmd *cmd, void *data)
911{
912 u8 *status = data;
913
914 cmd_status(cmd->sk, cmd->index, cmd->opcode, *status);
915 mgmt_pending_remove(cmd);
916}
917
e6fe7986
JH		 918static u8 mgmt_bredr_support(struct hci_dev *hdev)
919{
920 if (!lmp_bredr_capable(hdev))
921 return MGMT_STATUS_NOT_SUPPORTED;
922 else if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
923 return MGMT_STATUS_REJECTED;
924 else
925 return MGMT_STATUS_SUCCESS;
926}
927
928static u8 mgmt_le_support(struct hci_dev *hdev)
929{
930 if (!lmp_le_capable(hdev))
931 return MGMT_STATUS_NOT_SUPPORTED;
932 else if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
933 return MGMT_STATUS_REJECTED;
934 else
935 return MGMT_STATUS_SUCCESS;
936}
937
bfaf8c9f
JH		 938static void set_discoverable_complete(struct hci_dev *hdev, u8 status)
939{
940 struct pending_cmd *cmd;
941 struct mgmt_mode *cp;
942 bool changed;
943
944 BT_DBG("status 0x%02x", status);
945
946 hci_dev_lock(hdev);
947
948 cmd = mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev);
949 if (!cmd)
950 goto unlock;
951
952 if (status) {
953 u8 mgmt_err = mgmt_status(status);
954 cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
955 goto remove_cmd;
956 }
957
958 cp = cmd->param;
959 if (cp->val)
960 changed = !test_and_set_bit(HCI_DISCOVERABLE,
961 &hdev->dev_flags);
962 else
963 changed = test_and_clear_bit(HCI_DISCOVERABLE,
964 &hdev->dev_flags);
965
966 send_settings_rsp(cmd->sk, MGMT_OP_SET_DISCOVERABLE, hdev);
967
968 if (changed)
969 new_settings(hdev, cmd->sk);
970
971remove_cmd:
972 mgmt_pending_remove(cmd);
973
974unlock:
975 hci_dev_unlock(hdev);
976}
977
bdb6d971 978static int set_discoverable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 979 u16 len)
73f22f62 980{
650f726d 981 struct mgmt_cp_set_discoverable *cp = data;
366a0336 982 struct pending_cmd *cmd;
bfaf8c9f 983 struct hci_request req;
5e5282bb 984 u16 timeout;
e6fe7986 985 u8 scan, status;
73f22f62
JH		 986 int err;
987
bdb6d971 988 BT_DBG("request for %s", hdev->name);
73f22f62 989
e6fe7986
JH		 990 status = mgmt_bredr_support(hdev);
991 if (status)
33c525c0 992 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
e6fe7986 993 status);
33c525c0 994
a7e80f25
JH		 995 if (cp->val != 0x00 && cp->val != 0x01)
996 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
997 MGMT_STATUS_INVALID_PARAMS);
998
1f350c87 999 timeout = __le16_to_cpu(cp->timeout);
24c54a90 1000 if (!cp->val && timeout > 0)
bdb6d971 1001 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 1002 MGMT_STATUS_INVALID_PARAMS);
73f22f62 1003
09fd0de5 1004 hci_dev_lock(hdev);
73f22f62 1005
5e5282bb 1006 if (!hdev_is_powered(hdev) && timeout > 0) {
bdb6d971 1007 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 1008 MGMT_STATUS_NOT_POWERED);
73f22f62
JH		 1009 goto failed;
1010 }
1011
2e58ef3e 1012 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
8ce8e2b5 1013 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
bdb6d971 1014 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 1015 MGMT_STATUS_BUSY);
73f22f62
JH		 1016 goto failed;
1017 }
1018
5e5282bb 1019 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags)) {
bdb6d971 1020 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 1021 MGMT_STATUS_REJECTED);
5e5282bb
JH		 1022 goto failed;
1023 }
1024
1025 if (!hdev_is_powered(hdev)) {
0224d2fa
JH		 1026 bool changed = false;
1027
1028 if (!!cp->val != test_bit(HCI_DISCOVERABLE, &hdev->dev_flags)) {
1029 change_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
1030 changed = true;
1031 }
1032
5e5282bb 1033 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
0224d2fa
JH		 1034 if (err < 0)
1035 goto failed;
1036
1037 if (changed)
1038 err = new_settings(hdev, sk);
1039
5e5282bb
JH		 1040 goto failed;
1041 }
1042
1043 if (!!cp->val == test_bit(HCI_DISCOVERABLE, &hdev->dev_flags)) {
955638ec
MH		 1044 if (hdev->discov_timeout > 0) {
1045 cancel_delayed_work(&hdev->discov_off);
1046 hdev->discov_timeout = 0;
1047 }
1048
1049 if (cp->val && timeout > 0) {
1050 hdev->discov_timeout = timeout;
1051 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
1052 msecs_to_jiffies(hdev->discov_timeout * 1000));
1053 }
1054
69ab39ea 1055 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
73f22f62
JH		 1056 goto failed;
1057 }
1058
2e58ef3e 1059 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DISCOVERABLE, hdev, data, len);
366a0336
JH		 1060 if (!cmd) {
1061 err = -ENOMEM;
73f22f62 1062 goto failed;
366a0336 1063 }
73f22f62 1064
bfaf8c9f
JH		 1065 hci_req_init(&req, hdev);
1066
73f22f62
JH		 1067 scan = SCAN_PAGE;
1068
72a734ec 1069 if (cp->val)
73f22f62 1070 scan |= SCAN_INQUIRY;
16ab91ab 1071 else
e0f9309f 1072 cancel_delayed_work(&hdev->discov_off);
73f22f62 1073
bfaf8c9f
JH		 1074 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1075
1076 err = hci_req_run(&req, set_discoverable_complete);
73f22f62 1077 if (err < 0)
a664b5bc 1078 mgmt_pending_remove(cmd);
73f22f62 1079
16ab91ab 1080 if (cp->val)
5e5282bb 1081 hdev->discov_timeout = timeout;
16ab91ab 1082
73f22f62 1083failed:
09fd0de5 1084 hci_dev_unlock(hdev);
73f22f62
JH		 1085 return err;
1086}
1087
406d7804
JH		 1088static void write_fast_connectable(struct hci_request *req, bool enable)
1089{
bd98b996 1090 struct hci_dev *hdev = req->hdev;
406d7804
JH		 1091 struct hci_cp_write_page_scan_activity acp;
1092 u8 type;
1093
4c01f8b8
JH		 1094 if (hdev->hci_ver < BLUETOOTH_VER_1_2)
1095 return;
1096
406d7804
JH		 1097 if (enable) {
1098 type = PAGE_SCAN_TYPE_INTERLACED;
1099
1100 /* 160 msec page scan interval */
1101 acp.interval = __constant_cpu_to_le16(0x0100);
1102 } else {
1103 type = PAGE_SCAN_TYPE_STANDARD; /* default */
1104
1105 /* default 1.28 sec page scan */
1106 acp.interval = __constant_cpu_to_le16(0x0800);
1107 }
1108
1109 acp.window = __constant_cpu_to_le16(0x0012);
1110
bd98b996
JH		 1111 if (__cpu_to_le16(hdev->page_scan_interval) != acp.interval ||
1112 __cpu_to_le16(hdev->page_scan_window) != acp.window)
1113 hci_req_add(req, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY,
1114 sizeof(acp), &acp);
1115
1116 if (hdev->page_scan_type != type)
1117 hci_req_add(req, HCI_OP_WRITE_PAGE_SCAN_TYPE, 1, &type);
406d7804
JH		 1118}
1119
1987fdc7
JH		 1120static u8 get_adv_type(struct hci_dev *hdev)
1121{
1122 struct pending_cmd *cmd;
1123 bool connectable;
1124
1125 /* If there's a pending mgmt command the flag will not yet have
1126 * it's final value, so check for this first.
1127 */
1128 cmd = mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
1129 if (cmd) {
1130 struct mgmt_mode *cp = cmd->param;
1131 connectable = !!cp->val;
1132 } else {
1133 connectable = test_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1134 }
1135
1136 return connectable ? LE_ADV_IND : LE_ADV_NONCONN_IND;
1137}
1138
95c66e75
JH		 1139static void enable_advertising(struct hci_request *req)
1140{
1141 struct hci_dev *hdev = req->hdev;
1142 struct hci_cp_le_set_adv_param cp;
1143 u8 enable = 0x01;
1144
1145 memset(&cp, 0, sizeof(cp));
1146 cp.min_interval = __constant_cpu_to_le16(0x0800);
1147 cp.max_interval = __constant_cpu_to_le16(0x0800);
1987fdc7 1148 cp.type = get_adv_type(hdev);
95c66e75
JH		 1149 if (bacmp(&hdev->bdaddr, BDADDR_ANY))
1150 cp.own_address_type = ADDR_LE_DEV_PUBLIC;
1151 else
1152 cp.own_address_type = ADDR_LE_DEV_RANDOM;
1153 cp.channel_map = 0x07;
1154
1155 hci_req_add(req, HCI_OP_LE_SET_ADV_PARAM, sizeof(cp), &cp);
1156
1157 hci_req_add(req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable), &enable);
1158}
1159
1160static void disable_advertising(struct hci_request *req)
1161{
1162 u8 enable = 0x00;
1163
1164 hci_req_add(req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable), &enable);
1165}
1166
2b76f453
JH		 1167static void set_connectable_complete(struct hci_dev *hdev, u8 status)
1168{
1169 struct pending_cmd *cmd;
d7b856f9
JH		 1170 struct mgmt_mode *cp;
1171 bool changed;
2b76f453
JH		 1172
1173 BT_DBG("status 0x%02x", status);
1174
1175 hci_dev_lock(hdev);
1176
1177 cmd = mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
1178 if (!cmd)
1179 goto unlock;
1180
37438c1f
JH		 1181 if (status) {
1182 u8 mgmt_err = mgmt_status(status);
1183 cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
1184 goto remove_cmd;
1185 }
1186
d7b856f9
JH		 1187 cp = cmd->param;
1188 if (cp->val)
1189 changed = !test_and_set_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1190 else
1191 changed = test_and_clear_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1192
2b76f453
JH		 1193 send_settings_rsp(cmd->sk, MGMT_OP_SET_CONNECTABLE, hdev);
1194
d7b856f9
JH		 1195 if (changed)
1196 new_settings(hdev, cmd->sk);
1197
37438c1f 1198remove_cmd:
2b76f453
JH		 1199 mgmt_pending_remove(cmd);
1200
1201unlock:
1202 hci_dev_unlock(hdev);
1203}
1204
bdb6d971 1205static int set_connectable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1206 u16 len)
9fbcbb45 1207{
650f726d 1208 struct mgmt_mode *cp = data;
366a0336 1209 struct pending_cmd *cmd;
2b76f453 1210 struct hci_request req;
1987fdc7 1211 u8 scan;
9fbcbb45
JH		 1212 int err;
1213
bdb6d971 1214 BT_DBG("request for %s", hdev->name);
9fbcbb45 1215
1987fdc7
JH		 1216 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags) &&
1217 !test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
33c525c0 1218 return cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1987fdc7 1219 MGMT_STATUS_REJECTED);
33c525c0 1220
a7e80f25
JH		 1221 if (cp->val != 0x00 && cp->val != 0x01)
1222 return cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1223 MGMT_STATUS_INVALID_PARAMS);
1224
09fd0de5 1225 hci_dev_lock(hdev);
9fbcbb45 1226
4b34ee78 1227 if (!hdev_is_powered(hdev)) {
0224d2fa
JH		 1228 bool changed = false;
1229
1230 if (!!cp->val != test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
1231 changed = true;
1232
6bf0e469 1233 if (cp->val) {
5e5282bb 1234 set_bit(HCI_CONNECTABLE, &hdev->dev_flags);
6bf0e469 1235 } else {
5e5282bb
JH		 1236 clear_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1237 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
1238 }
0224d2fa 1239
5e5282bb 1240 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
0224d2fa
JH		 1241 if (err < 0)
1242 goto failed;
1243
1244 if (changed)
1245 err = new_settings(hdev, sk);
1246
9fbcbb45
JH		 1247 goto failed;
1248 }
1249
2e58ef3e 1250 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
8ce8e2b5 1251 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
bdb6d971 1252 err = cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
04124681 1253 MGMT_STATUS_BUSY);
9fbcbb45
JH		 1254 goto failed;
1255 }
1256
2e58ef3e 1257 cmd = mgmt_pending_add(sk, MGMT_OP_SET_CONNECTABLE, hdev, data, len);
366a0336
JH		 1258 if (!cmd) {
1259 err = -ENOMEM;
9fbcbb45 1260 goto failed;
366a0336 1261 }
9fbcbb45 1262
9b74246f 1263 hci_req_init(&req, hdev);
9fbcbb45 1264
9b74246f
JH		 1265 if (test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags) &&
1266 cp->val != test_bit(HCI_PSCAN, &hdev->flags)) {
9b74246f
JH		 1267 if (cp->val) {
1268 scan = SCAN_PAGE;
1269 } else {
1270 scan = 0;
1271
1272 if (test_bit(HCI_ISCAN, &hdev->flags) &&
8d6083fe 1273 hdev->discov_timeout > 0)
9b74246f
JH		 1274 cancel_delayed_work(&hdev->discov_off);
1275 }
2b76f453 1276
9b74246f
JH		 1277 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1278 }
2b76f453 1279
4c01f8b8
JH		 1280 /* If we're going from non-connectable to connectable or
1281 * vice-versa when fast connectable is enabled ensure that fast
1282 * connectable gets disabled. write_fast_connectable won't do
1283 * anything if the page scan parameters are already what they
1284 * should be.
1285 */
1286 if (cp->val || test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags))
e36a3769
JH		 1287 write_fast_connectable(&req, false);
1288
1987fdc7
JH		 1289 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags) &&
1290 hci_conn_num(hdev, LE_LINK) == 0) {
1291 disable_advertising(&req);
1292 enable_advertising(&req);
1293 }
1294
2b76f453 1295 err = hci_req_run(&req, set_connectable_complete);
9b74246f 1296 if (err < 0) {
a664b5bc 1297 mgmt_pending_remove(cmd);
9b74246f
JH		 1298 if (err == -ENODATA)
1299 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE,
1300 hdev);
1301 goto failed;
1302 }
9fbcbb45
JH		 1303
1304failed:
09fd0de5 1305 hci_dev_unlock(hdev);
9fbcbb45
JH		 1306 return err;
1307}
1308
bdb6d971 1309static int set_pairable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1310 u16 len)
c542a06c 1311{
650f726d 1312 struct mgmt_mode *cp = data;
55594356 1313 bool changed;
c542a06c
JH		 1314 int err;
1315
bdb6d971 1316 BT_DBG("request for %s", hdev->name);
c542a06c 1317
a7e80f25
JH		 1318 if (cp->val != 0x00 && cp->val != 0x01)
1319 return cmd_status(sk, hdev->id, MGMT_OP_SET_PAIRABLE,
1320 MGMT_STATUS_INVALID_PARAMS);
1321
09fd0de5 1322 hci_dev_lock(hdev);
c542a06c
JH		 1323
1324 if (cp->val)
55594356 1325 changed = !test_and_set_bit(HCI_PAIRABLE, &hdev->dev_flags);
c542a06c 1326 else
55594356 1327 changed = test_and_clear_bit(HCI_PAIRABLE, &hdev->dev_flags);
c542a06c 1328
69ab39ea 1329 err = send_settings_rsp(sk, MGMT_OP_SET_PAIRABLE, hdev);
c542a06c 1330 if (err < 0)
55594356 1331 goto unlock;
c542a06c 1332
55594356
MH		 1333 if (changed)
1334 err = new_settings(hdev, sk);
c542a06c 1335
55594356 1336unlock:
09fd0de5 1337 hci_dev_unlock(hdev);
c542a06c
JH		 1338 return err;
1339}
1340
04124681
GP		 1341static int set_link_security(struct sock *sk, struct hci_dev *hdev, void *data,
1342 u16 len)
33ef95ed
JH		 1343{
1344 struct mgmt_mode *cp = data;
1345 struct pending_cmd *cmd;
e6fe7986 1346 u8 val, status;
33ef95ed
JH		 1347 int err;
1348
bdb6d971 1349 BT_DBG("request for %s", hdev->name);
33ef95ed 1350
e6fe7986
JH		 1351 status = mgmt_bredr_support(hdev);
1352 if (status)
33c525c0 1353 return cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
e6fe7986 1354 status);
33c525c0 1355
a7e80f25
JH		 1356 if (cp->val != 0x00 && cp->val != 0x01)
1357 return cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1358 MGMT_STATUS_INVALID_PARAMS);
1359
33ef95ed
JH		 1360 hci_dev_lock(hdev);
1361
4b34ee78 1362 if (!hdev_is_powered(hdev)) {
47990ea0
JH		 1363 bool changed = false;
1364
1365 if (!!cp->val != test_bit(HCI_LINK_SECURITY,
8ce8e2b5 1366 &hdev->dev_flags)) {
47990ea0
JH		 1367 change_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
1368 changed = true;
1369 }
1370
1371 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1372 if (err < 0)
1373 goto failed;
1374
1375 if (changed)
1376 err = new_settings(hdev, sk);
1377
33ef95ed
JH		 1378 goto failed;
1379 }
1380
1381 if (mgmt_pending_find(MGMT_OP_SET_LINK_SECURITY, hdev)) {
bdb6d971 1382 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
04124681 1383 MGMT_STATUS_BUSY);
33ef95ed
JH		 1384 goto failed;
1385 }
1386
1387 val = !!cp->val;
1388
1389 if (test_bit(HCI_AUTH, &hdev->flags) == val) {
1390 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1391 goto failed;
1392 }
1393
1394 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LINK_SECURITY, hdev, data, len);
1395 if (!cmd) {
1396 err = -ENOMEM;
1397 goto failed;
1398 }
1399
1400 err = hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE, sizeof(val), &val);
1401 if (err < 0) {
1402 mgmt_pending_remove(cmd);
1403 goto failed;
1404 }
1405
1406failed:
1407 hci_dev_unlock(hdev);
33ef95ed
JH		 1408 return err;
1409}
1410
bdb6d971 1411static int set_ssp(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
ed2c4ee3
JH		 1412{
1413 struct mgmt_mode *cp = data;
1414 struct pending_cmd *cmd;
72ef0c1a 1415 u8 status;
ed2c4ee3
JH		 1416 int err;
1417
bdb6d971 1418 BT_DBG("request for %s", hdev->name);
ed2c4ee3 1419
cdba5281
MH		 1420 status = mgmt_bredr_support(hdev);
1421 if (status)
1422 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP, status);
1423
13ecd8b6
JH		 1424 if (!lmp_ssp_capable(hdev))
1425 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1426 MGMT_STATUS_NOT_SUPPORTED);
ed2c4ee3 1427
a7e80f25
JH		 1428 if (cp->val != 0x00 && cp->val != 0x01)
1429 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1430 MGMT_STATUS_INVALID_PARAMS);
1431
13ecd8b6 1432 hci_dev_lock(hdev);
6c8f12c1 1433
4b34ee78 1434 if (!hdev_is_powered(hdev)) {
9ecb3e24 1435 bool changed;
c0ecddc2 1436
9ecb3e24
MH		 1437 if (cp->val) {
1438 changed = !test_and_set_bit(HCI_SSP_ENABLED,
1439 &hdev->dev_flags);
1440 } else {
1441 changed = test_and_clear_bit(HCI_SSP_ENABLED,
1442 &hdev->dev_flags);
1443 if (!changed)
1444 changed = test_and_clear_bit(HCI_HS_ENABLED,
1445 &hdev->dev_flags);
1446 else
1447 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
c0ecddc2
JH		 1448 }
1449
1450 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1451 if (err < 0)
1452 goto failed;
1453
1454 if (changed)
1455 err = new_settings(hdev, sk);
1456
ed2c4ee3
JH		 1457 goto failed;
1458 }
1459
9ecb3e24
MH		 1460 if (mgmt_pending_find(MGMT_OP_SET_SSP, hdev) ||
1461 mgmt_pending_find(MGMT_OP_SET_HS, hdev)) {
d97dcb66
SJ		 1462 err = cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1463 MGMT_STATUS_BUSY);
ed2c4ee3
JH		 1464 goto failed;
1465 }
1466
72ef0c1a 1467 if (!!cp->val == test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) {
ed2c4ee3
JH		 1468 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1469 goto failed;
1470 }
1471
1472 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SSP, hdev, data, len);
1473 if (!cmd) {
1474 err = -ENOMEM;
1475 goto failed;
1476 }
1477
72ef0c1a 1478 err = hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, 1, &cp->val);
ed2c4ee3
JH		 1479 if (err < 0) {
1480 mgmt_pending_remove(cmd);
1481 goto failed;
1482 }
1483
1484failed:
1485 hci_dev_unlock(hdev);
ed2c4ee3
JH		 1486 return err;
1487}
1488
bdb6d971 1489static int set_hs(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
6d80dfd0
JH		 1490{
1491 struct mgmt_mode *cp = data;
ee392693 1492 bool changed;
e6fe7986 1493 u8 status;
ee392693 1494 int err;
6d80dfd0 1495
bdb6d971 1496 BT_DBG("request for %s", hdev->name);
6d80dfd0 1497
e6fe7986
JH		 1498 status = mgmt_bredr_support(hdev);
1499 if (status)
1500 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS, status);
6d80dfd0 1501
9ecb3e24
MH		 1502 if (!lmp_ssp_capable(hdev))
1503 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1504 MGMT_STATUS_NOT_SUPPORTED);
1505
1506 if (!test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
1507 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1508 MGMT_STATUS_REJECTED);
1509
a7e80f25
JH		 1510 if (cp->val != 0x00 && cp->val != 0x01)
1511 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1512 MGMT_STATUS_INVALID_PARAMS);
1513
ee392693
MH		 1514 hci_dev_lock(hdev);
1515
a0cdf960 1516 if (cp->val) {
ee392693 1517 changed = !test_and_set_bit(HCI_HS_ENABLED, &hdev->dev_flags);
a0cdf960
MH		 1518 } else {
1519 if (hdev_is_powered(hdev)) {
1520 err = cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1521 MGMT_STATUS_REJECTED);
1522 goto unlock;
1523 }
1524
ee392693 1525 changed = test_and_clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
a0cdf960 1526 }
ee392693
MH		 1527
1528 err = send_settings_rsp(sk, MGMT_OP_SET_HS, hdev);
1529 if (err < 0)
1530 goto unlock;
1531
1532 if (changed)
1533 err = new_settings(hdev, sk);
6d80dfd0 1534
ee392693
MH		 1535unlock:
1536 hci_dev_unlock(hdev);
1537 return err;
6d80dfd0
JH		 1538}
1539
416a4ae5
JH		 1540static void le_enable_complete(struct hci_dev *hdev, u8 status)
1541{
1542 struct cmd_lookup match = { NULL, hdev };
1543
1544 if (status) {
1545 u8 mgmt_err = mgmt_status(status);
1546
1547 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, cmd_status_rsp,
1548 &mgmt_err);
1549 return;
1550 }
1551
1552 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, settings_rsp, &match);
1553
1554 new_settings(hdev, match.sk);
1555
1556 if (match.sk)
1557 sock_put(match.sk);
1558}
1559
bdb6d971 1560static int set_le(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
06199cf8
JH		 1561{
1562 struct mgmt_mode *cp = data;
1563 struct hci_cp_write_le_host_supported hci_cp;
1564 struct pending_cmd *cmd;
416a4ae5 1565 struct hci_request req;
06199cf8 1566 int err;
0b60eba1 1567 u8 val, enabled;
06199cf8 1568
bdb6d971 1569 BT_DBG("request for %s", hdev->name);
06199cf8 1570
13ecd8b6
JH		 1571 if (!lmp_le_capable(hdev))
1572 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1573 MGMT_STATUS_NOT_SUPPORTED);
1de028ce 1574
a7e80f25
JH		 1575 if (cp->val != 0x00 && cp->val != 0x01)
1576 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1577 MGMT_STATUS_INVALID_PARAMS);
1578
c73eee91 1579 /* LE-only devices do not allow toggling LE on/off */
56f87901 1580 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
c73eee91
JH		 1581 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1582 MGMT_STATUS_REJECTED);
1583
13ecd8b6 1584 hci_dev_lock(hdev);
06199cf8
JH		 1585
1586 val = !!cp->val;
ffa88e02 1587 enabled = lmp_host_le_capable(hdev);
06199cf8 1588
0b60eba1 1589 if (!hdev_is_powered(hdev) || val == enabled) {
06199cf8
JH		 1590 bool changed = false;
1591
1592 if (val != test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
1593 change_bit(HCI_LE_ENABLED, &hdev->dev_flags);
1594 changed = true;
1595 }
1596
f3d3444a
JH		 1597 if (!val && test_bit(HCI_ADVERTISING, &hdev->dev_flags)) {
1598 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
eeca6f89
JH		 1599 changed = true;
1600 }
1601
06199cf8
JH		 1602 err = send_settings_rsp(sk, MGMT_OP_SET_LE, hdev);
1603 if (err < 0)
1de028ce 1604 goto unlock;
06199cf8
JH		 1605
1606 if (changed)
1607 err = new_settings(hdev, sk);
1608
1de028ce 1609 goto unlock;
06199cf8
JH		 1610 }
1611
4375f103
JH		 1612 if (mgmt_pending_find(MGMT_OP_SET_LE, hdev) ||
1613 mgmt_pending_find(MGMT_OP_SET_ADVERTISING, hdev)) {
bdb6d971 1614 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
04124681 1615 MGMT_STATUS_BUSY);
1de028ce 1616 goto unlock;
06199cf8
JH		 1617 }
1618
1619 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LE, hdev, data, len);
1620 if (!cmd) {
1621 err = -ENOMEM;
1de028ce 1622 goto unlock;
06199cf8
JH		 1623 }
1624
1625 memset(&hci_cp, 0, sizeof(hci_cp));
1626
1627 if (val) {
1628 hci_cp.le = val;
ffa88e02 1629 hci_cp.simul = lmp_le_br_capable(hdev);
06199cf8
JH		 1630 }
1631
416a4ae5
JH		 1632 hci_req_init(&req, hdev);
1633
bba3aa55
MH		 1634 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags) && !val)
1635 disable_advertising(&req);
eeca6f89 1636
416a4ae5
JH		 1637 hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(hci_cp),
1638 &hci_cp);
1639
1640 err = hci_req_run(&req, le_enable_complete);
0c01bc48 1641 if (err < 0)
06199cf8 1642 mgmt_pending_remove(cmd);
06199cf8 1643
1de028ce
JH		 1644unlock:
1645 hci_dev_unlock(hdev);
06199cf8
JH		 1646 return err;
1647}
1648
0cab9c80
JH		 1649/* This is a helper function to test for pending mgmt commands that can
1650 * cause CoD or EIR HCI commands. We can only allow one such pending
1651 * mgmt command at a time since otherwise we cannot easily track what
1652 * the current values are, will be, and based on that calculate if a new
1653 * HCI command needs to be sent and if yes with what value.
1654 */
1655static bool pending_eir_or_class(struct hci_dev *hdev)
1656{
1657 struct pending_cmd *cmd;
1658
1659 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
1660 switch (cmd->opcode) {
1661 case MGMT_OP_ADD_UUID:
1662 case MGMT_OP_REMOVE_UUID:
1663 case MGMT_OP_SET_DEV_CLASS:
1664 case MGMT_OP_SET_POWERED:
1665 return true;
1666 }
1667 }
1668
1669 return false;
1670}
1671
83be8eca
JH		 1672static const u8 bluetooth_base_uuid[] = {
1673 0xfb, 0x34, 0x9b, 0x5f, 0x80, 0x00, 0x00, 0x80,
1674 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1675};
1676
1677static u8 get_uuid_size(const u8 *uuid)
1678{
1679 u32 val;
1680
1681 if (memcmp(uuid, bluetooth_base_uuid, 12))
1682 return 128;
1683
1684 val = get_unaligned_le32(&uuid[12]);
1685 if (val > 0xffff)
1686 return 32;
1687
1688 return 16;
1689}
1690
92da6097
JH		 1691static void mgmt_class_complete(struct hci_dev *hdev, u16 mgmt_op, u8 status)
1692{
1693 struct pending_cmd *cmd;
1694
1695 hci_dev_lock(hdev);
1696
1697 cmd = mgmt_pending_find(mgmt_op, hdev);
1698 if (!cmd)
1699 goto unlock;
1700
1701 cmd_complete(cmd->sk, cmd->index, cmd->opcode, mgmt_status(status),
1702 hdev->dev_class, 3);
1703
1704 mgmt_pending_remove(cmd);
1705
1706unlock:
1707 hci_dev_unlock(hdev);
1708}
1709
1710static void add_uuid_complete(struct hci_dev *hdev, u8 status)
1711{
1712 BT_DBG("status 0x%02x", status);
1713
1714 mgmt_class_complete(hdev, MGMT_OP_ADD_UUID, status);
1715}
1716
bdb6d971 1717static int add_uuid(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
2aeb9a1a 1718{
650f726d 1719 struct mgmt_cp_add_uuid *cp = data;
90e70454 1720 struct pending_cmd *cmd;
890ea898 1721 struct hci_request req;
2aeb9a1a 1722 struct bt_uuid *uuid;
2aeb9a1a
JH		 1723 int err;
1724
bdb6d971 1725 BT_DBG("request for %s", hdev->name);
2aeb9a1a 1726
09fd0de5 1727 hci_dev_lock(hdev);
2aeb9a1a 1728
0cab9c80 1729 if (pending_eir_or_class(hdev)) {
bdb6d971 1730 err = cmd_status(sk, hdev->id, MGMT_OP_ADD_UUID,
04124681 1731 MGMT_STATUS_BUSY);
c95f0ba7
JH		 1732 goto failed;
1733 }
1734
92c4c204 1735 uuid = kmalloc(sizeof(*uuid), GFP_KERNEL);
2aeb9a1a
JH		 1736 if (!uuid) {
1737 err = -ENOMEM;
1738 goto failed;
1739 }
1740
1741 memcpy(uuid->uuid, cp->uuid, 16);
1aff6f09 1742 uuid->svc_hint = cp->svc_hint;
83be8eca 1743 uuid->size = get_uuid_size(cp->uuid);
2aeb9a1a 1744
de66aa63 1745 list_add_tail(&uuid->list, &hdev->uuids);
2aeb9a1a 1746
890ea898 1747 hci_req_init(&req, hdev);
1aff6f09 1748
890ea898
JH		 1749 update_class(&req);
1750 update_eir(&req);
1751
92da6097
JH		 1752 err = hci_req_run(&req, add_uuid_complete);
1753 if (err < 0) {
1754 if (err != -ENODATA)
1755 goto failed;
80a1e1db 1756
bdb6d971 1757 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_UUID, 0,
04124681 1758 hdev->dev_class, 3);
90e70454
JH		 1759 goto failed;
1760 }
1761
1762 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_UUID, hdev, data, len);
890ea898 1763 if (!cmd) {
90e70454 1764 err = -ENOMEM;
890ea898
JH		 1765 goto failed;
1766 }
1767
1768 err = 0;
2aeb9a1a
JH		 1769
1770failed:
09fd0de5 1771 hci_dev_unlock(hdev);
2aeb9a1a
JH		 1772 return err;
1773}
1774
24b78d0f
JH		 1775static bool enable_service_cache(struct hci_dev *hdev)
1776{
1777 if (!hdev_is_powered(hdev))
1778 return false;
1779
1780 if (!test_and_set_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
46818ed5
JH		 1781 queue_delayed_work(hdev->workqueue, &hdev->service_cache,
1782 CACHE_TIMEOUT);
24b78d0f
JH		 1783 return true;
1784 }
1785
1786 return false;
1787}
1788
92da6097
JH		 1789static void remove_uuid_complete(struct hci_dev *hdev, u8 status)
1790{
1791 BT_DBG("status 0x%02x", status);
1792
1793 mgmt_class_complete(hdev, MGMT_OP_REMOVE_UUID, status);
1794}
1795
bdb6d971 1796static int remove_uuid(struct sock *sk, struct hci_dev *hdev, void *data,
8ce8e2b5 1797 u16 len)
2aeb9a1a 1798{
650f726d 1799 struct mgmt_cp_remove_uuid *cp = data;
90e70454 1800 struct pending_cmd *cmd;
056341c8 1801 struct bt_uuid *match, *tmp;
2aeb9a1a 1802 u8 bt_uuid_any[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
890ea898 1803 struct hci_request req;
2aeb9a1a
JH		 1804 int err, found;
1805
bdb6d971 1806 BT_DBG("request for %s", hdev->name);
2aeb9a1a 1807
09fd0de5 1808 hci_dev_lock(hdev);
2aeb9a1a 1809
0cab9c80 1810 if (pending_eir_or_class(hdev)) {
bdb6d971 1811 err = cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
04124681 1812 MGMT_STATUS_BUSY);
c95f0ba7
JH		 1813 goto unlock;
1814 }
1815
2aeb9a1a
JH		 1816 if (memcmp(cp->uuid, bt_uuid_any, 16) == 0) {
1817 err = hci_uuids_clear(hdev);
4004b6d9 1818
24b78d0f 1819 if (enable_service_cache(hdev)) {
bdb6d971 1820 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID,
04124681 1821 0, hdev->dev_class, 3);
24b78d0f
JH		 1822 goto unlock;
1823 }
4004b6d9 1824
9246a869 1825 goto update_class;
2aeb9a1a
JH		 1826 }
1827
1828 found = 0;
1829
056341c8 1830 list_for_each_entry_safe(match, tmp, &hdev->uuids, list) {
2aeb9a1a
JH		 1831 if (memcmp(match->uuid, cp->uuid, 16) != 0)
1832 continue;
1833
1834 list_del(&match->list);
482049f7 1835 kfree(match);
2aeb9a1a
JH		 1836 found++;
1837 }
1838
1839 if (found == 0) {
bdb6d971 1840 err = cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
04124681 1841 MGMT_STATUS_INVALID_PARAMS);
2aeb9a1a
JH		 1842 goto unlock;
1843 }
1844
9246a869 1845update_class:
890ea898 1846 hci_req_init(&req, hdev);
1aff6f09 1847
890ea898
JH		 1848 update_class(&req);
1849 update_eir(&req);
1850
92da6097
JH		 1851 err = hci_req_run(&req, remove_uuid_complete);
1852 if (err < 0) {
1853 if (err != -ENODATA)
1854 goto unlock;
80a1e1db 1855
bdb6d971 1856 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID, 0,
04124681 1857 hdev->dev_class, 3);
90e70454
JH		 1858 goto unlock;
1859 }
1860
1861 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_UUID, hdev, data, len);
890ea898 1862 if (!cmd) {
90e70454 1863 err = -ENOMEM;
890ea898
JH		 1864 goto unlock;
1865 }
1866
1867 err = 0;
2aeb9a1a
JH		 1868
1869unlock:
09fd0de5 1870 hci_dev_unlock(hdev);
2aeb9a1a
JH		 1871 return err;
1872}
1873
92da6097
JH		 1874static void set_class_complete(struct hci_dev *hdev, u8 status)
1875{
1876 BT_DBG("status 0x%02x", status);
1877
1878 mgmt_class_complete(hdev, MGMT_OP_SET_DEV_CLASS, status);
1879}
1880
bdb6d971 1881static int set_dev_class(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1882 u16 len)
1aff6f09 1883{
650f726d 1884 struct mgmt_cp_set_dev_class *cp = data;
90e70454 1885 struct pending_cmd *cmd;
890ea898 1886 struct hci_request req;
1aff6f09
JH		 1887 int err;
1888
bdb6d971 1889 BT_DBG("request for %s", hdev->name);
1aff6f09 1890
6203fc98 1891 if (!lmp_bredr_capable(hdev))
13ecd8b6
JH		 1892 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
1893 MGMT_STATUS_NOT_SUPPORTED);
1aff6f09 1894
0cab9c80 1895 hci_dev_lock(hdev);
ee98f473 1896
0cab9c80
JH		 1897 if (pending_eir_or_class(hdev)) {
1898 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
1899 MGMT_STATUS_BUSY);
1900 goto unlock;
1901 }
c95f0ba7 1902
0cab9c80
JH		 1903 if ((cp->minor & 0x03) != 0 || (cp->major & 0xe0) != 0) {
1904 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
1905 MGMT_STATUS_INVALID_PARAMS);
1906 goto unlock;
1907 }
575b3a02 1908
932f5ff5
JH		 1909 hdev->major_class = cp->major;
1910 hdev->minor_class = cp->minor;
1911
b5235a65 1912 if (!hdev_is_powered(hdev)) {
bdb6d971 1913 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
04124681 1914 hdev->dev_class, 3);
b5235a65
JH		 1915 goto unlock;
1916 }
1917
890ea898
JH		 1918 hci_req_init(&req, hdev);
1919
a8b2d5c2 1920 if (test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
7d78525d
JH		 1921 hci_dev_unlock(hdev);
1922 cancel_delayed_work_sync(&hdev->service_cache);
1923 hci_dev_lock(hdev);
890ea898 1924 update_eir(&req);
7d78525d 1925 }
14c0b608 1926
890ea898
JH		 1927 update_class(&req);
1928
92da6097
JH		 1929 err = hci_req_run(&req, set_class_complete);
1930 if (err < 0) {
1931 if (err != -ENODATA)
1932 goto unlock;
1aff6f09 1933
bdb6d971 1934 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
04124681 1935 hdev->dev_class, 3);
90e70454
JH		 1936 goto unlock;
1937 }
1938
1939 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DEV_CLASS, hdev, data, len);
890ea898 1940 if (!cmd) {
90e70454 1941 err = -ENOMEM;
890ea898
JH		 1942 goto unlock;
1943 }
1944
1945 err = 0;
1aff6f09 1946
b5235a65 1947unlock:
09fd0de5 1948 hci_dev_unlock(hdev);
1aff6f09
JH		 1949 return err;
1950}
1951
bdb6d971 1952static int load_link_keys(struct sock *sk, struct hci_dev *hdev, void *data,
8ce8e2b5 1953 u16 len)
55ed8ca1 1954{
650f726d 1955 struct mgmt_cp_load_link_keys *cp = data;
4e51eae9 1956 u16 key_count, expected_len;
a492cd52 1957 int i;
55ed8ca1 1958
9060d5cf
MH		 1959 BT_DBG("request for %s", hdev->name);
1960
1961 if (!lmp_bredr_capable(hdev))
1962 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
1963 MGMT_STATUS_NOT_SUPPORTED);
1964
1f350c87 1965 key_count = __le16_to_cpu(cp->key_count);
55ed8ca1 1966
86742e1e
JH		 1967 expected_len = sizeof(*cp) + key_count *
1968 sizeof(struct mgmt_link_key_info);
a492cd52 1969 if (expected_len != len) {
86742e1e 1970 BT_ERR("load_link_keys: expected %u bytes, got %u bytes",
8ce8e2b5 1971 len, expected_len);
bdb6d971 1972 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
04124681 1973 MGMT_STATUS_INVALID_PARAMS);
55ed8ca1
JH		 1974 }
1975
4ae14301
JH		 1976 if (cp->debug_keys != 0x00 && cp->debug_keys != 0x01)
1977 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
1978 MGMT_STATUS_INVALID_PARAMS);
1979
bdb6d971 1980 BT_DBG("%s debug_keys %u key_count %u", hdev->name, cp->debug_keys,
8ce8e2b5 1981 key_count);
55ed8ca1 1982
4ee71b20
JH		 1983 for (i = 0; i < key_count; i++) {
1984 struct mgmt_link_key_info *key = &cp->keys[i];
1985
1986 if (key->addr.type != BDADDR_BREDR)
1987 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
1988 MGMT_STATUS_INVALID_PARAMS);
1989 }
1990
09fd0de5 1991 hci_dev_lock(hdev);
55ed8ca1
JH		 1992
1993 hci_link_keys_clear(hdev);
1994
55ed8ca1 1995 if (cp->debug_keys)
a8b2d5c2 1996 set_bit(HCI_DEBUG_KEYS, &hdev->dev_flags);
55ed8ca1 1997 else
a8b2d5c2 1998 clear_bit(HCI_DEBUG_KEYS, &hdev->dev_flags);
55ed8ca1 1999
a492cd52 2000 for (i = 0; i < key_count; i++) {
86742e1e 2001 struct mgmt_link_key_info *key = &cp->keys[i];
55ed8ca1 2002
d753fdc4 2003 hci_add_link_key(hdev, NULL, 0, &key->addr.bdaddr, key->val,
04124681 2004 key->type, key->pin_len);
55ed8ca1
JH		 2005 }
2006
bdb6d971 2007 cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS, 0, NULL, 0);
0e5f875a 2008
09fd0de5 2009 hci_dev_unlock(hdev);
55ed8ca1 2010
a492cd52 2011 return 0;
55ed8ca1
JH		 2012}
2013
b1078ad0 2014static int device_unpaired(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 2015 u8 addr_type, struct sock *skip_sk)
b1078ad0
JH		 2016{
2017 struct mgmt_ev_device_unpaired ev;
2018
2019 bacpy(&ev.addr.bdaddr, bdaddr);
2020 ev.addr.type = addr_type;
2021
2022 return mgmt_event(MGMT_EV_DEVICE_UNPAIRED, hdev, &ev, sizeof(ev),
04124681 2023 skip_sk);
b1078ad0
JH		 2024}
2025
bdb6d971 2026static int unpair_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2027 u16 len)
55ed8ca1 2028{
124f6e35
JH		 2029 struct mgmt_cp_unpair_device *cp = data;
2030 struct mgmt_rp_unpair_device rp;
a8a1d19e
JH		 2031 struct hci_cp_disconnect dc;
2032 struct pending_cmd *cmd;
55ed8ca1 2033 struct hci_conn *conn;
55ed8ca1
JH		 2034 int err;
2035
a8a1d19e 2036 memset(&rp, 0, sizeof(rp));
124f6e35
JH		 2037 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2038 rp.addr.type = cp->addr.type;
a8a1d19e 2039
4ee71b20
JH		 2040 if (!bdaddr_type_is_valid(cp->addr.type))
2041 return cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2042 MGMT_STATUS_INVALID_PARAMS,
2043 &rp, sizeof(rp));
2044
118da70b
JH		 2045 if (cp->disconnect != 0x00 && cp->disconnect != 0x01)
2046 return cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2047 MGMT_STATUS_INVALID_PARAMS,
2048 &rp, sizeof(rp));
2049
4ee71b20
JH		 2050 hci_dev_lock(hdev);
2051
86a8cfc6 2052 if (!hdev_is_powered(hdev)) {
bdb6d971 2053 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
04124681 2054 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
86a8cfc6
JH		 2055 goto unlock;
2056 }
2057
591f47f3 2058 if (cp->addr.type == BDADDR_BREDR)
124f6e35
JH		 2059 err = hci_remove_link_key(hdev, &cp->addr.bdaddr);
2060 else
2061 err = hci_remove_ltk(hdev, &cp->addr.bdaddr);
b0dbfb46 2062
55ed8ca1 2063 if (err < 0) {
bdb6d971 2064 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
04124681 2065 MGMT_STATUS_NOT_PAIRED, &rp, sizeof(rp));
55ed8ca1
JH		 2066 goto unlock;
2067 }
2068
86a8cfc6 2069 if (cp->disconnect) {
591f47f3 2070 if (cp->addr.type == BDADDR_BREDR)
86a8cfc6 2071 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
8ce8e2b5 2072 &cp->addr.bdaddr);
86a8cfc6
JH		 2073 else
2074 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK,
8ce8e2b5 2075 &cp->addr.bdaddr);
86a8cfc6
JH		 2076 } else {
2077 conn = NULL;
2078 }
124f6e35 2079
a8a1d19e 2080 if (!conn) {
bdb6d971 2081 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE, 0,
04124681 2082 &rp, sizeof(rp));
b1078ad0 2083 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, sk);
a8a1d19e
JH		 2084 goto unlock;
2085 }
55ed8ca1 2086
124f6e35 2087 cmd = mgmt_pending_add(sk, MGMT_OP_UNPAIR_DEVICE, hdev, cp,
04124681 2088 sizeof(*cp));
a8a1d19e
JH		 2089 if (!cmd) {
2090 err = -ENOMEM;
2091 goto unlock;
55ed8ca1
JH		 2092 }
2093
eb55ef07 2094 dc.handle = cpu_to_le16(conn->handle);
a8a1d19e
JH		 2095 dc.reason = 0x13; /* Remote User Terminated Connection */
2096 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
2097 if (err < 0)
2098 mgmt_pending_remove(cmd);
2099
55ed8ca1 2100unlock:
09fd0de5 2101 hci_dev_unlock(hdev);
55ed8ca1
JH		 2102 return err;
2103}
2104
bdb6d971 2105static int disconnect(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2106 u16 len)
8962ee74 2107{
650f726d 2108 struct mgmt_cp_disconnect *cp = data;
06a63b19 2109 struct mgmt_rp_disconnect rp;
8962ee74 2110 struct hci_cp_disconnect dc;
366a0336 2111 struct pending_cmd *cmd;
8962ee74 2112 struct hci_conn *conn;
8962ee74
JH		 2113 int err;
2114
2115 BT_DBG("");
2116
06a63b19
JH		 2117 memset(&rp, 0, sizeof(rp));
2118 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2119 rp.addr.type = cp->addr.type;
2120
4ee71b20 2121 if (!bdaddr_type_is_valid(cp->addr.type))
06a63b19
JH		 2122 return cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2123 MGMT_STATUS_INVALID_PARAMS,
2124 &rp, sizeof(rp));
4ee71b20 2125
09fd0de5 2126 hci_dev_lock(hdev);
8962ee74
JH		 2127
2128 if (!test_bit(HCI_UP, &hdev->flags)) {
06a63b19
JH		 2129 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2130 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
8962ee74
JH		 2131 goto failed;
2132 }
2133
2e58ef3e 2134 if (mgmt_pending_find(MGMT_OP_DISCONNECT, hdev)) {
06a63b19
JH		 2135 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2136 MGMT_STATUS_BUSY, &rp, sizeof(rp));
8962ee74
JH		 2137 goto failed;
2138 }
2139
591f47f3 2140 if (cp->addr.type == BDADDR_BREDR)
8fc9ced3
GP		 2141 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
2142 &cp->addr.bdaddr);
88c3df13
JH		 2143 else
2144 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
365227e5 2145
f960727e 2146 if (!conn || conn->state == BT_OPEN || conn->state == BT_CLOSED) {
06a63b19
JH		 2147 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2148 MGMT_STATUS_NOT_CONNECTED, &rp, sizeof(rp));
8962ee74
JH		 2149 goto failed;
2150 }
2151
2e58ef3e 2152 cmd = mgmt_pending_add(sk, MGMT_OP_DISCONNECT, hdev, data, len);
366a0336
JH		 2153 if (!cmd) {
2154 err = -ENOMEM;
8962ee74 2155 goto failed;
366a0336 2156 }
8962ee74 2157
eb55ef07 2158 dc.handle = cpu_to_le16(conn->handle);
3701f944 2159 dc.reason = HCI_ERROR_REMOTE_USER_TERM;
8962ee74
JH		 2160
2161 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
2162 if (err < 0)
a664b5bc 2163 mgmt_pending_remove(cmd);
8962ee74
JH		 2164
2165failed:
09fd0de5 2166 hci_dev_unlock(hdev);
8962ee74
JH		 2167 return err;
2168}
2169
57c1477c 2170static u8 link_to_bdaddr(u8 link_type, u8 addr_type)
4c659c39
JH		 2171{
2172 switch (link_type) {
2173 case LE_LINK:
48264f06
JH		 2174 switch (addr_type) {
2175 case ADDR_LE_DEV_PUBLIC:
591f47f3 2176 return BDADDR_LE_PUBLIC;
0ed09148 2177
48264f06 2178 default:
0ed09148 2179 /* Fallback to LE Random address type */
591f47f3 2180 return BDADDR_LE_RANDOM;
48264f06 2181 }
0ed09148 2182
4c659c39 2183 default:
0ed09148 2184 /* Fallback to BR/EDR type */
591f47f3 2185 return BDADDR_BREDR;
4c659c39
JH		 2186 }
2187}
2188
04124681
GP		 2189static int get_connections(struct sock *sk, struct hci_dev *hdev, void *data,
2190 u16 data_len)
2784eb41 2191{
2784eb41 2192 struct mgmt_rp_get_connections *rp;
8035ded4 2193 struct hci_conn *c;
a38528f1 2194 size_t rp_len;
60fc5fb6
JH		 2195 int err;
2196 u16 i;
2784eb41
JH		 2197
2198 BT_DBG("");
2199
09fd0de5 2200 hci_dev_lock(hdev);
2784eb41 2201
5f97c1df 2202 if (!hdev_is_powered(hdev)) {
bdb6d971 2203 err = cmd_status(sk, hdev->id, MGMT_OP_GET_CONNECTIONS,
04124681 2204 MGMT_STATUS_NOT_POWERED);
5f97c1df
JH		 2205 goto unlock;
2206 }
2207
60fc5fb6 2208 i = 0;
b644ba33
JH		 2209 list_for_each_entry(c, &hdev->conn_hash.list, list) {
2210 if (test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
60fc5fb6 2211 i++;
2784eb41
JH		 2212 }
2213
60fc5fb6 2214 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
92c4c204 2215 rp = kmalloc(rp_len, GFP_KERNEL);
a38528f1 2216 if (!rp) {
2784eb41
JH		 2217 err = -ENOMEM;
2218 goto unlock;
2219 }
2220
2784eb41 2221 i = 0;
4c659c39 2222 list_for_each_entry(c, &hdev->conn_hash.list, list) {
b644ba33
JH		 2223 if (!test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
2224 continue;
4c659c39 2225 bacpy(&rp->addr[i].bdaddr, &c->dst);
57c1477c 2226 rp->addr[i].type = link_to_bdaddr(c->type, c->dst_type);
0ed09148 2227 if (c->type == SCO_LINK || c->type == ESCO_LINK)
4c659c39
JH		 2228 continue;
2229 i++;
2230 }
2231
eb55ef07 2232 rp->conn_count = cpu_to_le16(i);
60fc5fb6 2233
4c659c39
JH		 2234 /* Recalculate length in case of filtered SCO connections, etc */
2235 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
2784eb41 2236
bdb6d971 2237 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CONNECTIONS, 0, rp,
04124681 2238 rp_len);
2784eb41 2239
a38528f1 2240 kfree(rp);
5f97c1df
JH		 2241
2242unlock:
09fd0de5 2243 hci_dev_unlock(hdev);
2784eb41
JH		 2244 return err;
2245}
2246
bdb6d971 2247static int send_pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 2248 struct mgmt_cp_pin_code_neg_reply *cp)
96d97a67
WR		 2249{
2250 struct pending_cmd *cmd;
2251 int err;
2252
2e58ef3e 2253 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_NEG_REPLY, hdev, cp,
04124681 2254 sizeof(*cp));
96d97a67
WR		 2255 if (!cmd)
2256 return -ENOMEM;
2257
d8457698 2258 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
04124681 2259 sizeof(cp->addr.bdaddr), &cp->addr.bdaddr);
96d97a67
WR		 2260 if (err < 0)
2261 mgmt_pending_remove(cmd);
2262
2263 return err;
2264}
2265
bdb6d971 2266static int pin_code_reply(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2267 u16 len)
980e1a53 2268{
96d97a67 2269 struct hci_conn *conn;
650f726d 2270 struct mgmt_cp_pin_code_reply *cp = data;
980e1a53 2271 struct hci_cp_pin_code_reply reply;
366a0336 2272 struct pending_cmd *cmd;
980e1a53
JH		 2273 int err;
2274
2275 BT_DBG("");
2276
09fd0de5 2277 hci_dev_lock(hdev);
980e1a53 2278
4b34ee78 2279 if (!hdev_is_powered(hdev)) {
bdb6d971 2280 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
04124681 2281 MGMT_STATUS_NOT_POWERED);
980e1a53
JH		 2282 goto failed;
2283 }
2284
d8457698 2285 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->addr.bdaddr);
96d97a67 2286 if (!conn) {
bdb6d971 2287 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
04124681 2288 MGMT_STATUS_NOT_CONNECTED);
96d97a67
WR		 2289 goto failed;
2290 }
2291
2292 if (conn->pending_sec_level == BT_SECURITY_HIGH && cp->pin_len != 16) {
d8457698
JH		 2293 struct mgmt_cp_pin_code_neg_reply ncp;
2294
2295 memcpy(&ncp.addr, &cp->addr, sizeof(ncp.addr));
96d97a67
WR		 2296
2297 BT_ERR("PIN code is not 16 bytes long");
2298
bdb6d971 2299 err = send_pin_code_neg_reply(sk, hdev, &ncp);
96d97a67 2300 if (err >= 0)
bdb6d971 2301 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
04124681 2302 MGMT_STATUS_INVALID_PARAMS);
96d97a67
WR		 2303
2304 goto failed;
2305 }
2306
00abfe44 2307 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_REPLY, hdev, data, len);
366a0336
JH		 2308 if (!cmd) {
2309 err = -ENOMEM;
980e1a53 2310 goto failed;
366a0336 2311 }
980e1a53 2312
d8457698 2313 bacpy(&reply.bdaddr, &cp->addr.bdaddr);
980e1a53 2314 reply.pin_len = cp->pin_len;
24718ca5 2315 memcpy(reply.pin_code, cp->pin_code, sizeof(reply.pin_code));
980e1a53
JH		 2316
2317 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_REPLY, sizeof(reply), &reply);
2318 if (err < 0)
a664b5bc 2319 mgmt_pending_remove(cmd);
980e1a53
JH		 2320
2321failed:
09fd0de5 2322 hci_dev_unlock(hdev);
980e1a53
JH		 2323 return err;
2324}
2325
04124681
GP		 2326static int set_io_capability(struct sock *sk, struct hci_dev *hdev, void *data,
2327 u16 len)
17fa4b9d 2328{
650f726d 2329 struct mgmt_cp_set_io_capability *cp = data;
17fa4b9d
JH		 2330
2331 BT_DBG("");
2332
09fd0de5 2333 hci_dev_lock(hdev);
17fa4b9d
JH		 2334
2335 hdev->io_capability = cp->io_capability;
2336
2337 BT_DBG("%s IO capability set to 0x%02x", hdev->name,
8ce8e2b5 2338 hdev->io_capability);
17fa4b9d 2339
09fd0de5 2340 hci_dev_unlock(hdev);
17fa4b9d 2341
04124681
GP		 2342 return cmd_complete(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY, 0, NULL,
2343 0);
17fa4b9d
JH		 2344}
2345
6039aa73 2346static struct pending_cmd *find_pairing(struct hci_conn *conn)
e9a416b5
JH		 2347{
2348 struct hci_dev *hdev = conn->hdev;
8035ded4 2349 struct pending_cmd *cmd;
e9a416b5 2350
2e58ef3e 2351 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
e9a416b5
JH		 2352 if (cmd->opcode != MGMT_OP_PAIR_DEVICE)
2353 continue;
2354
e9a416b5
JH		 2355 if (cmd->user_data != conn)
2356 continue;
2357
2358 return cmd;
2359 }
2360
2361 return NULL;
2362}
2363
2364static void pairing_complete(struct pending_cmd *cmd, u8 status)
2365{
2366 struct mgmt_rp_pair_device rp;
2367 struct hci_conn *conn = cmd->user_data;
2368
ba4e564f 2369 bacpy(&rp.addr.bdaddr, &conn->dst);
57c1477c 2370 rp.addr.type = link_to_bdaddr(conn->type, conn->dst_type);
e9a416b5 2371
aee9b218 2372 cmd_complete(cmd->sk, cmd->index, MGMT_OP_PAIR_DEVICE, status,
04124681 2373 &rp, sizeof(rp));
e9a416b5
JH		 2374
2375 /* So we don't get further callbacks for this connection */
2376 conn->connect_cfm_cb = NULL;
2377 conn->security_cfm_cb = NULL;
2378 conn->disconn_cfm_cb = NULL;
2379
76a68ba0 2380 hci_conn_drop(conn);
e9a416b5 2381
a664b5bc 2382 mgmt_pending_remove(cmd);
e9a416b5
JH		 2383}
2384
2385static void pairing_complete_cb(struct hci_conn *conn, u8 status)
2386{
2387 struct pending_cmd *cmd;
2388
2389 BT_DBG("status %u", status);
2390
2391 cmd = find_pairing(conn);
56e5cb86 2392 if (!cmd)
e9a416b5 2393 BT_DBG("Unable to find a pending command");
56e5cb86 2394 else
e211326c 2395 pairing_complete(cmd, mgmt_status(status));
e9a416b5
JH		 2396}
2397
4c47d739
VA		 2398static void le_connect_complete_cb(struct hci_conn *conn, u8 status)
2399{
2400 struct pending_cmd *cmd;
2401
2402 BT_DBG("status %u", status);
2403
2404 if (!status)
2405 return;
2406
2407 cmd = find_pairing(conn);
2408 if (!cmd)
2409 BT_DBG("Unable to find a pending command");
2410 else
2411 pairing_complete(cmd, mgmt_status(status));
2412}
2413
bdb6d971 2414static int pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2415 u16 len)
e9a416b5 2416{
650f726d 2417 struct mgmt_cp_pair_device *cp = data;
1425acb7 2418 struct mgmt_rp_pair_device rp;
e9a416b5
JH		 2419 struct pending_cmd *cmd;
2420 u8 sec_level, auth_type;
2421 struct hci_conn *conn;
e9a416b5
JH		 2422 int err;
2423
2424 BT_DBG("");
2425
f950a30e
SJ		 2426 memset(&rp, 0, sizeof(rp));
2427 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2428 rp.addr.type = cp->addr.type;
2429
4ee71b20
JH		 2430 if (!bdaddr_type_is_valid(cp->addr.type))
2431 return cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2432 MGMT_STATUS_INVALID_PARAMS,
2433 &rp, sizeof(rp));
2434
09fd0de5 2435 hci_dev_lock(hdev);
e9a416b5 2436
5f97c1df 2437 if (!hdev_is_powered(hdev)) {
f950a30e
SJ		 2438 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2439 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
5f97c1df
JH		 2440 goto unlock;
2441 }
2442
c908df36
VCG		 2443 sec_level = BT_SECURITY_MEDIUM;
2444 if (cp->io_cap == 0x03)
e9a416b5 2445 auth_type = HCI_AT_DEDICATED_BONDING;
c908df36 2446 else
e9a416b5 2447 auth_type = HCI_AT_DEDICATED_BONDING_MITM;
e9a416b5 2448
591f47f3 2449 if (cp->addr.type == BDADDR_BREDR)
b12f62cf
AG		 2450 conn = hci_connect(hdev, ACL_LINK, &cp->addr.bdaddr,
2451 cp->addr.type, sec_level, auth_type);
7a512d01 2452 else
b12f62cf
AG		 2453 conn = hci_connect(hdev, LE_LINK, &cp->addr.bdaddr,
2454 cp->addr.type, sec_level, auth_type);
7a512d01 2455
30e76272 2456 if (IS_ERR(conn)) {
489dc48e
AK		 2457 int status;
2458
2459 if (PTR_ERR(conn) == -EBUSY)
2460 status = MGMT_STATUS_BUSY;
2461 else
2462 status = MGMT_STATUS_CONNECT_FAILED;
2463
bdb6d971 2464 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
489dc48e 2465 status, &rp,
04124681 2466 sizeof(rp));
e9a416b5
JH		 2467 goto unlock;
2468 }
2469
2470 if (conn->connect_cfm_cb) {
76a68ba0 2471 hci_conn_drop(conn);
bdb6d971 2472 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
04124681 2473 MGMT_STATUS_BUSY, &rp, sizeof(rp));
e9a416b5
JH		 2474 goto unlock;
2475 }
2476
2e58ef3e 2477 cmd = mgmt_pending_add(sk, MGMT_OP_PAIR_DEVICE, hdev, data, len);
e9a416b5
JH		 2478 if (!cmd) {
2479 err = -ENOMEM;
76a68ba0 2480 hci_conn_drop(conn);
e9a416b5
JH		 2481 goto unlock;
2482 }
2483
7a512d01 2484 /* For LE, just connecting isn't a proof that the pairing finished */
591f47f3 2485 if (cp->addr.type == BDADDR_BREDR)
7a512d01 2486 conn->connect_cfm_cb = pairing_complete_cb;
4c47d739
VA		 2487 else
2488 conn->connect_cfm_cb = le_connect_complete_cb;
7a512d01 2489
e9a416b5
JH		 2490 conn->security_cfm_cb = pairing_complete_cb;
2491 conn->disconn_cfm_cb = pairing_complete_cb;
2492 conn->io_capability = cp->io_cap;
2493 cmd->user_data = conn;
2494
2495 if (conn->state == BT_CONNECTED &&
8ce8e2b5 2496 hci_conn_security(conn, sec_level, auth_type))
e9a416b5
JH		 2497 pairing_complete(cmd, 0);
2498
2499 err = 0;
2500
2501unlock:
09fd0de5 2502 hci_dev_unlock(hdev);
e9a416b5
JH		 2503 return err;
2504}
2505
04124681
GP		 2506static int cancel_pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
2507 u16 len)
28424707 2508{
0f4e68cf 2509 struct mgmt_addr_info *addr = data;
28424707
JH		 2510 struct pending_cmd *cmd;
2511 struct hci_conn *conn;
2512 int err;
2513
2514 BT_DBG("");
2515
28424707
JH		 2516 hci_dev_lock(hdev);
2517
5f97c1df 2518 if (!hdev_is_powered(hdev)) {
bdb6d971 2519 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
04124681 2520 MGMT_STATUS_NOT_POWERED);
5f97c1df
JH		 2521 goto unlock;
2522 }
2523
28424707
JH		 2524 cmd = mgmt_pending_find(MGMT_OP_PAIR_DEVICE, hdev);
2525 if (!cmd) {
bdb6d971 2526 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
04124681 2527 MGMT_STATUS_INVALID_PARAMS);
28424707
JH		 2528 goto unlock;
2529 }
2530
2531 conn = cmd->user_data;
2532
2533 if (bacmp(&addr->bdaddr, &conn->dst) != 0) {
bdb6d971 2534 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
04124681 2535 MGMT_STATUS_INVALID_PARAMS);
28424707
JH		 2536 goto unlock;
2537 }
2538
2539 pairing_complete(cmd, MGMT_STATUS_CANCELLED);
2540
bdb6d971 2541 err = cmd_complete(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE, 0,
04124681 2542 addr, sizeof(*addr));
28424707
JH		 2543unlock:
2544 hci_dev_unlock(hdev);
28424707
JH		 2545 return err;
2546}
2547
bdb6d971 2548static int user_pairing_resp(struct sock *sk, struct hci_dev *hdev,
1707c60e 2549 struct mgmt_addr_info *addr, u16 mgmt_op,
04124681 2550 u16 hci_op, __le32 passkey)
a5c29683 2551{
a5c29683 2552 struct pending_cmd *cmd;
0df4c185 2553 struct hci_conn *conn;
a5c29683
JH		 2554 int err;
2555
09fd0de5 2556 hci_dev_lock(hdev);
08ba5382 2557
4b34ee78 2558 if (!hdev_is_powered(hdev)) {
feb94d3d
JH		 2559 err = cmd_complete(sk, hdev->id, mgmt_op,
2560 MGMT_STATUS_NOT_POWERED, addr,
2561 sizeof(*addr));
0df4c185 2562 goto done;
a5c29683
JH		 2563 }
2564
1707c60e
JH		 2565 if (addr->type == BDADDR_BREDR)
2566 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &addr->bdaddr);
272d90df 2567 else
1707c60e 2568 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &addr->bdaddr);
272d90df
JH		 2569
2570 if (!conn) {
feb94d3d
JH		 2571 err = cmd_complete(sk, hdev->id, mgmt_op,
2572 MGMT_STATUS_NOT_CONNECTED, addr,
2573 sizeof(*addr));
272d90df
JH		 2574 goto done;
2575 }
47c15e2b 2576
1707c60e 2577 if (addr->type == BDADDR_LE_PUBLIC || addr->type == BDADDR_LE_RANDOM) {
47c15e2b 2578 /* Continue with pairing via SMP */
5fe57d9e
BG		 2579 err = smp_user_confirm_reply(conn, mgmt_op, passkey);
2580
2581 if (!err)
feb94d3d
JH		 2582 err = cmd_complete(sk, hdev->id, mgmt_op,
2583 MGMT_STATUS_SUCCESS, addr,
2584 sizeof(*addr));
5fe57d9e 2585 else
feb94d3d
JH		 2586 err = cmd_complete(sk, hdev->id, mgmt_op,
2587 MGMT_STATUS_FAILED, addr,
2588 sizeof(*addr));
47c15e2b 2589
47c15e2b
BG		 2590 goto done;
2591 }
2592
1707c60e 2593 cmd = mgmt_pending_add(sk, mgmt_op, hdev, addr, sizeof(*addr));
a5c29683
JH		 2594 if (!cmd) {
2595 err = -ENOMEM;
0df4c185 2596 goto done;
a5c29683
JH		 2597 }
2598
0df4c185 2599 /* Continue with pairing via HCI */
604086b7
BG		 2600 if (hci_op == HCI_OP_USER_PASSKEY_REPLY) {
2601 struct hci_cp_user_passkey_reply cp;
2602
1707c60e 2603 bacpy(&cp.bdaddr, &addr->bdaddr);
604086b7
BG		 2604 cp.passkey = passkey;
2605 err = hci_send_cmd(hdev, hci_op, sizeof(cp), &cp);
2606 } else
1707c60e
JH		 2607 err = hci_send_cmd(hdev, hci_op, sizeof(addr->bdaddr),
2608 &addr->bdaddr);
604086b7 2609
a664b5bc
JH		 2610 if (err < 0)
2611 mgmt_pending_remove(cmd);
a5c29683 2612
0df4c185 2613done:
09fd0de5 2614 hci_dev_unlock(hdev);
a5c29683
JH		 2615 return err;
2616}
2617
afeb019d
JK		 2618static int pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
2619 void *data, u16 len)
2620{
2621 struct mgmt_cp_pin_code_neg_reply *cp = data;
2622
2623 BT_DBG("");
2624
1707c60e 2625 return user_pairing_resp(sk, hdev, &cp->addr,
afeb019d
JK		 2626 MGMT_OP_PIN_CODE_NEG_REPLY,
2627 HCI_OP_PIN_CODE_NEG_REPLY, 0);
2628}
2629
04124681
GP		 2630static int user_confirm_reply(struct sock *sk, struct hci_dev *hdev, void *data,
2631 u16 len)
0df4c185 2632{
650f726d 2633 struct mgmt_cp_user_confirm_reply *cp = data;
0df4c185
BG		 2634
2635 BT_DBG("");
2636
2637 if (len != sizeof(*cp))
bdb6d971 2638 return cmd_status(sk, hdev->id, MGMT_OP_USER_CONFIRM_REPLY,
04124681 2639 MGMT_STATUS_INVALID_PARAMS);
0df4c185 2640
1707c60e 2641 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 2642 MGMT_OP_USER_CONFIRM_REPLY,
2643 HCI_OP_USER_CONFIRM_REPLY, 0);
0df4c185
BG		 2644}
2645
bdb6d971 2646static int user_confirm_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 2647 void *data, u16 len)
0df4c185 2648{
c9c2659f 2649 struct mgmt_cp_user_confirm_neg_reply *cp = data;
0df4c185
BG		 2650
2651 BT_DBG("");
2652
1707c60e 2653 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 2654 MGMT_OP_USER_CONFIRM_NEG_REPLY,
2655 HCI_OP_USER_CONFIRM_NEG_REPLY, 0);
0df4c185
BG		 2656}
2657
04124681
GP		 2658static int user_passkey_reply(struct sock *sk, struct hci_dev *hdev, void *data,
2659 u16 len)
604086b7 2660{
650f726d 2661 struct mgmt_cp_user_passkey_reply *cp = data;
604086b7
BG		 2662
2663 BT_DBG("");
2664
1707c60e 2665 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 2666 MGMT_OP_USER_PASSKEY_REPLY,
2667 HCI_OP_USER_PASSKEY_REPLY, cp->passkey);
604086b7
BG		 2668}
2669
bdb6d971 2670static int user_passkey_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 2671 void *data, u16 len)
604086b7 2672{
650f726d 2673 struct mgmt_cp_user_passkey_neg_reply *cp = data;
604086b7
BG		 2674
2675 BT_DBG("");
2676
1707c60e 2677 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 2678 MGMT_OP_USER_PASSKEY_NEG_REPLY,
2679 HCI_OP_USER_PASSKEY_NEG_REPLY, 0);
604086b7
BG		 2680}
2681
13928971 2682static void update_name(struct hci_request *req)
2b4bf397 2683{
13928971 2684 struct hci_dev *hdev = req->hdev;
2b4bf397
JH		 2685 struct hci_cp_write_local_name cp;
2686
13928971 2687 memcpy(cp.name, hdev->dev_name, sizeof(cp.name));
2b4bf397 2688
890ea898 2689 hci_req_add(req, HCI_OP_WRITE_LOCAL_NAME, sizeof(cp), &cp);
2b4bf397
JH		 2690}
2691
13928971
JH		 2692static void set_name_complete(struct hci_dev *hdev, u8 status)
2693{
2694 struct mgmt_cp_set_local_name *cp;
2695 struct pending_cmd *cmd;
2696
2697 BT_DBG("status 0x%02x", status);
2698
2699 hci_dev_lock(hdev);
2700
2701 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
2702 if (!cmd)
2703 goto unlock;
2704
2705 cp = cmd->param;
2706
2707 if (status)
2708 cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME,
2709 mgmt_status(status));
2710 else
2711 cmd_complete(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
2712 cp, sizeof(*cp));
2713
2714 mgmt_pending_remove(cmd);
2715
2716unlock:
2717 hci_dev_unlock(hdev);
2718}
2719
bdb6d971 2720static int set_local_name(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2721 u16 len)
b312b161 2722{
2b4bf397 2723 struct mgmt_cp_set_local_name *cp = data;
b312b161 2724 struct pending_cmd *cmd;
890ea898 2725 struct hci_request req;
b312b161
JH		 2726 int err;
2727
2728 BT_DBG("");
2729
09fd0de5 2730 hci_dev_lock(hdev);
b312b161 2731
b3f2ca94
JH		 2732 /* If the old values are the same as the new ones just return a
2733 * direct command complete event.
2734 */
2735 if (!memcmp(hdev->dev_name, cp->name, sizeof(hdev->dev_name)) &&
2736 !memcmp(hdev->short_name, cp->short_name,
2737 sizeof(hdev->short_name))) {
2738 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
2739 data, len);
2740 goto failed;
2741 }
2742
2b4bf397 2743 memcpy(hdev->short_name, cp->short_name, sizeof(hdev->short_name));
28cc7bde 2744
b5235a65 2745 if (!hdev_is_powered(hdev)) {
2b4bf397 2746 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
28cc7bde
JH		 2747
2748 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
04124681 2749 data, len);
28cc7bde
JH		 2750 if (err < 0)
2751 goto failed;
2752
2753 err = mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, data, len,
04124681 2754 sk);
28cc7bde 2755
b5235a65
JH		 2756 goto failed;
2757 }
2758
28cc7bde 2759 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LOCAL_NAME, hdev, data, len);
b312b161
JH		 2760 if (!cmd) {
2761 err = -ENOMEM;
2762 goto failed;
2763 }
2764
13928971
JH		 2765 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
2766
890ea898 2767 hci_req_init(&req, hdev);
3f985050
JH		 2768
2769 if (lmp_bredr_capable(hdev)) {
2770 update_name(&req);
2771 update_eir(&req);
2772 }
2773
2774 if (lmp_le_capable(hdev))
2775 hci_update_ad(&req);
2776
13928971 2777 err = hci_req_run(&req, set_name_complete);
b312b161
JH		 2778 if (err < 0)
2779 mgmt_pending_remove(cmd);
2780
2781failed:
09fd0de5 2782 hci_dev_unlock(hdev);
b312b161
JH		 2783 return err;
2784}
2785
0f4e68cf 2786static int read_local_oob_data(struct sock *sk, struct hci_dev *hdev,
04124681 2787 void *data, u16 data_len)
c35938b2 2788{
c35938b2
SJ		 2789 struct pending_cmd *cmd;
2790 int err;
2791
bdb6d971 2792 BT_DBG("%s", hdev->name);
c35938b2 2793
09fd0de5 2794 hci_dev_lock(hdev);
c35938b2 2795
4b34ee78 2796 if (!hdev_is_powered(hdev)) {
bdb6d971 2797 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
04124681 2798 MGMT_STATUS_NOT_POWERED);
c35938b2
SJ		 2799 goto unlock;
2800 }
2801
9a1a1996 2802 if (!lmp_ssp_capable(hdev)) {
bdb6d971 2803 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
04124681 2804 MGMT_STATUS_NOT_SUPPORTED);
c35938b2
SJ		 2805 goto unlock;
2806 }
2807
2e58ef3e 2808 if (mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev)) {
bdb6d971 2809 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
04124681 2810 MGMT_STATUS_BUSY);
c35938b2
SJ		 2811 goto unlock;
2812 }
2813
2e58ef3e 2814 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_DATA, hdev, NULL, 0);
c35938b2
SJ		 2815 if (!cmd) {
2816 err = -ENOMEM;
2817 goto unlock;
2818 }
2819
2820 err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL);
2821 if (err < 0)
2822 mgmt_pending_remove(cmd);
2823
2824unlock:
09fd0de5 2825 hci_dev_unlock(hdev);
c35938b2
SJ		 2826 return err;
2827}
2828
bdb6d971 2829static int add_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
04124681 2830 void *data, u16 len)
2763eda6 2831{
650f726d 2832 struct mgmt_cp_add_remote_oob_data *cp = data;
bf1e3541 2833 u8 status;
2763eda6
SJ		 2834 int err;
2835
bdb6d971 2836 BT_DBG("%s ", hdev->name);
2763eda6 2837
09fd0de5 2838 hci_dev_lock(hdev);
2763eda6 2839
664ce4cc 2840 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr, cp->hash,
04124681 2841 cp->randomizer);
2763eda6 2842 if (err < 0)
bf1e3541 2843 status = MGMT_STATUS_FAILED;
2763eda6 2844 else
a6785be2 2845 status = MGMT_STATUS_SUCCESS;
bf1e3541 2846
bdb6d971 2847 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA, status,
04124681 2848 &cp->addr, sizeof(cp->addr));
2763eda6 2849
09fd0de5 2850 hci_dev_unlock(hdev);
2763eda6
SJ		 2851 return err;
2852}
2853
bdb6d971 2854static int remove_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
8ce8e2b5 2855 void *data, u16 len)
2763eda6 2856{
650f726d 2857 struct mgmt_cp_remove_remote_oob_data *cp = data;
bf1e3541 2858 u8 status;
2763eda6
SJ		 2859 int err;
2860
bdb6d971 2861 BT_DBG("%s", hdev->name);
2763eda6 2862
09fd0de5 2863 hci_dev_lock(hdev);
2763eda6 2864
664ce4cc 2865 err = hci_remove_remote_oob_data(hdev, &cp->addr.bdaddr);
2763eda6 2866 if (err < 0)
bf1e3541 2867 status = MGMT_STATUS_INVALID_PARAMS;
2763eda6 2868 else
a6785be2 2869 status = MGMT_STATUS_SUCCESS;
bf1e3541 2870
bdb6d971 2871 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
04124681 2872 status, &cp->addr, sizeof(cp->addr));
2763eda6 2873
09fd0de5 2874 hci_dev_unlock(hdev);
2763eda6
SJ		 2875 return err;
2876}
2877
41dc2bd6
AG		 2878static int mgmt_start_discovery_failed(struct hci_dev *hdev, u8 status)
2879{
2880 struct pending_cmd *cmd;
2881 u8 type;
2882 int err;
2883
2884 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
2885
2886 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
2887 if (!cmd)
2888 return -ENOENT;
2889
2890 type = hdev->discovery.type;
2891
2892 err = cmd_complete(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status),
2893 &type, sizeof(type));
2894 mgmt_pending_remove(cmd);
2895
2896 return err;
2897}
2898
7c307720
AG		 2899static void start_discovery_complete(struct hci_dev *hdev, u8 status)
2900{
2901 BT_DBG("status %d", status);
2902
2903 if (status) {
2904 hci_dev_lock(hdev);
2905 mgmt_start_discovery_failed(hdev, status);
2906 hci_dev_unlock(hdev);
2907 return;
2908 }
2909
2910 hci_dev_lock(hdev);
2911 hci_discovery_set_state(hdev, DISCOVERY_FINDING);
2912 hci_dev_unlock(hdev);
2913
2914 switch (hdev->discovery.type) {
2915 case DISCOV_TYPE_LE:
2916 queue_delayed_work(hdev->workqueue, &hdev->le_scan_disable,
0d8cc935 2917 DISCOV_LE_TIMEOUT);
7c307720
AG		 2918 break;
2919
2920 case DISCOV_TYPE_INTERLEAVED:
2921 queue_delayed_work(hdev->workqueue, &hdev->le_scan_disable,
0d8cc935 2922 DISCOV_INTERLEAVED_TIMEOUT);
7c307720
AG		 2923 break;
2924
2925 case DISCOV_TYPE_BREDR:
2926 break;
2927
2928 default:
2929 BT_ERR("Invalid discovery type %d", hdev->discovery.type);
2930 }
2931}
2932
bdb6d971 2933static int start_discovery(struct sock *sk, struct hci_dev *hdev,
04124681 2934 void *data, u16 len)
14a53664 2935{
650f726d 2936 struct mgmt_cp_start_discovery *cp = data;
14a53664 2937 struct pending_cmd *cmd;
7c307720
AG		 2938 struct hci_cp_le_set_scan_param param_cp;
2939 struct hci_cp_le_set_scan_enable enable_cp;
2940 struct hci_cp_inquiry inq_cp;
2941 struct hci_request req;
2942 /* General inquiry access code (GIAC) */
2943 u8 lap[3] = { 0x33, 0x8b, 0x9e };
e6fe7986 2944 u8 status;
14a53664
JH		 2945 int err;
2946
bdb6d971 2947 BT_DBG("%s", hdev->name);
14a53664 2948
09fd0de5 2949 hci_dev_lock(hdev);
14a53664 2950
4b34ee78 2951 if (!hdev_is_powered(hdev)) {
bdb6d971 2952 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
04124681 2953 MGMT_STATUS_NOT_POWERED);
bd2d1334
JH		 2954 goto failed;
2955 }
2956
642be6c7
AG		 2957 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags)) {
2958 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2959 MGMT_STATUS_BUSY);
2960 goto failed;
2961 }
2962
ff9ef578 2963 if (hdev->discovery.state != DISCOVERY_STOPPED) {
bdb6d971 2964 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
04124681 2965 MGMT_STATUS_BUSY);
ff9ef578
JH		 2966 goto failed;
2967 }
2968
2e58ef3e 2969 cmd = mgmt_pending_add(sk, MGMT_OP_START_DISCOVERY, hdev, NULL, 0);
14a53664
JH		 2970 if (!cmd) {
2971 err = -ENOMEM;
2972 goto failed;
2973 }
2974
4aab14e5
AG		 2975 hdev->discovery.type = cp->type;
2976
7c307720
AG		 2977 hci_req_init(&req, hdev);
2978
4aab14e5 2979 switch (hdev->discovery.type) {
f39799f5 2980 case DISCOV_TYPE_BREDR:
e6fe7986
JH		 2981 status = mgmt_bredr_support(hdev);
2982 if (status) {
04106755 2983 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
e6fe7986 2984 status);
04106755
JH		 2985 mgmt_pending_remove(cmd);
2986 goto failed;
2987 }
2988
7c307720
AG		 2989 if (test_bit(HCI_INQUIRY, &hdev->flags)) {
2990 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2991 MGMT_STATUS_BUSY);
2992 mgmt_pending_remove(cmd);
2993 goto failed;
2994 }
2995
2996 hci_inquiry_cache_flush(hdev);
2997
2998 memset(&inq_cp, 0, sizeof(inq_cp));
2999 memcpy(&inq_cp.lap, lap, sizeof(inq_cp.lap));
0d8cc935 3000 inq_cp.length = DISCOV_BREDR_INQUIRY_LEN;
7c307720 3001 hci_req_add(&req, HCI_OP_INQUIRY, sizeof(inq_cp), &inq_cp);
f39799f5
AG		 3002 break;
3003
3004 case DISCOV_TYPE_LE:
7c307720 3005 case DISCOV_TYPE_INTERLEAVED:
e6fe7986
JH		 3006 status = mgmt_le_support(hdev);
3007 if (status) {
04106755 3008 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
e6fe7986 3009 status);
04106755
JH		 3010 mgmt_pending_remove(cmd);
3011 goto failed;
3012 }
3013
7c307720 3014 if (hdev->discovery.type == DISCOV_TYPE_INTERLEAVED &&
56f87901 3015 !test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
04106755
JH		 3016 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3017 MGMT_STATUS_NOT_SUPPORTED);
3018 mgmt_pending_remove(cmd);
3019 goto failed;
3020 }
3021
f3d3444a 3022 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags)) {
7c307720
AG		 3023 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3024 MGMT_STATUS_REJECTED);
3025 mgmt_pending_remove(cmd);
3026 goto failed;
3027 }
3028
3029 if (test_bit(HCI_LE_SCAN, &hdev->dev_flags)) {
3030 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3031 MGMT_STATUS_BUSY);
3032 mgmt_pending_remove(cmd);
3033 goto failed;
3034 }
3035
3036 memset(&param_cp, 0, sizeof(param_cp));
3037 param_cp.type = LE_SCAN_ACTIVE;
0d8cc935
AG		 3038 param_cp.interval = cpu_to_le16(DISCOV_LE_SCAN_INT);
3039 param_cp.window = cpu_to_le16(DISCOV_LE_SCAN_WIN);
c25dfc61
MH		 3040 if (bacmp(&hdev->bdaddr, BDADDR_ANY))
3041 param_cp.own_address_type = ADDR_LE_DEV_PUBLIC;
3042 else
3043 param_cp.own_address_type = ADDR_LE_DEV_RANDOM;
7c307720
AG		 3044 hci_req_add(&req, HCI_OP_LE_SET_SCAN_PARAM, sizeof(param_cp),
3045 &param_cp);
3046
3047 memset(&enable_cp, 0, sizeof(enable_cp));
3048 enable_cp.enable = LE_SCAN_ENABLE;
3049 enable_cp.filter_dup = LE_SCAN_FILTER_DUP_ENABLE;
3050 hci_req_add(&req, HCI_OP_LE_SET_SCAN_ENABLE, sizeof(enable_cp),
3051 &enable_cp);
5e0452c0
AG		 3052 break;
3053
f39799f5 3054 default:
04106755
JH		 3055 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3056 MGMT_STATUS_INVALID_PARAMS);
3057 mgmt_pending_remove(cmd);
3058 goto failed;
f39799f5 3059 }
3fd24153 3060
7c307720 3061 err = hci_req_run(&req, start_discovery_complete);
14a53664
JH		 3062 if (err < 0)
3063 mgmt_pending_remove(cmd);
ff9ef578
JH		 3064 else
3065 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
14a53664
JH		 3066
3067failed:
09fd0de5 3068 hci_dev_unlock(hdev);
14a53664
JH		 3069 return err;
3070}
3071
1183fdca
AG		 3072static int mgmt_stop_discovery_failed(struct hci_dev *hdev, u8 status)
3073{
3074 struct pending_cmd *cmd;
3075 int err;
3076
3077 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
3078 if (!cmd)
3079 return -ENOENT;
3080
3081 err = cmd_complete(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status),
3082 &hdev->discovery.type, sizeof(hdev->discovery.type));
3083 mgmt_pending_remove(cmd);
3084
3085 return err;
3086}
3087
0e05bba6
AG		 3088static void stop_discovery_complete(struct hci_dev *hdev, u8 status)
3089{
3090 BT_DBG("status %d", status);
3091
3092 hci_dev_lock(hdev);
3093
3094 if (status) {
3095 mgmt_stop_discovery_failed(hdev, status);
3096 goto unlock;
3097 }
3098
3099 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
3100
3101unlock:
3102 hci_dev_unlock(hdev);
3103}
3104
bdb6d971 3105static int stop_discovery(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3106 u16 len)
14a53664 3107{
d930650b 3108 struct mgmt_cp_stop_discovery *mgmt_cp = data;
14a53664 3109 struct pending_cmd *cmd;
30dc78e1
JH		 3110 struct hci_cp_remote_name_req_cancel cp;
3111 struct inquiry_entry *e;
0e05bba6
AG		 3112 struct hci_request req;
3113 struct hci_cp_le_set_scan_enable enable_cp;
14a53664
JH		 3114 int err;
3115
bdb6d971 3116 BT_DBG("%s", hdev->name);
14a53664 3117
09fd0de5 3118 hci_dev_lock(hdev);
14a53664 3119
30dc78e1 3120 if (!hci_discovery_active(hdev)) {
bdb6d971 3121 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
04124681
GP		 3122 MGMT_STATUS_REJECTED, &mgmt_cp->type,
3123 sizeof(mgmt_cp->type));
d930650b
JH		 3124 goto unlock;
3125 }
3126
3127 if (hdev->discovery.type != mgmt_cp->type) {
bdb6d971 3128 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
04124681
GP		 3129 MGMT_STATUS_INVALID_PARAMS, &mgmt_cp->type,
3130 sizeof(mgmt_cp->type));
30dc78e1 3131 goto unlock;
ff9ef578
JH		 3132 }
3133
2e58ef3e 3134 cmd = mgmt_pending_add(sk, MGMT_OP_STOP_DISCOVERY, hdev, NULL, 0);
14a53664
JH		 3135 if (!cmd) {
3136 err = -ENOMEM;
30dc78e1
JH		 3137 goto unlock;
3138 }
3139
0e05bba6
AG		 3140 hci_req_init(&req, hdev);
3141
e0d9727e
AG		 3142 switch (hdev->discovery.state) {
3143 case DISCOVERY_FINDING:
0e05bba6
AG		 3144 if (test_bit(HCI_INQUIRY, &hdev->flags)) {
3145 hci_req_add(&req, HCI_OP_INQUIRY_CANCEL, 0, NULL);
3146 } else {
3147 cancel_delayed_work(&hdev->le_scan_disable);
3148
3149 memset(&enable_cp, 0, sizeof(enable_cp));
3150 enable_cp.enable = LE_SCAN_DISABLE;
3151 hci_req_add(&req, HCI_OP_LE_SET_SCAN_ENABLE,
3152 sizeof(enable_cp), &enable_cp);
3153 }
c9ecc48e 3154
e0d9727e
AG		 3155 break;
3156
3157 case DISCOVERY_RESOLVING:
3158 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY,
8ce8e2b5 3159 NAME_PENDING);
e0d9727e 3160 if (!e) {
30dc78e1 3161 mgmt_pending_remove(cmd);
e0d9727e
AG		 3162 err = cmd_complete(sk, hdev->id,
3163 MGMT_OP_STOP_DISCOVERY, 0,
3164 &mgmt_cp->type,
3165 sizeof(mgmt_cp->type));
3166 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
3167 goto unlock;
3168 }
30dc78e1 3169
e0d9727e 3170 bacpy(&cp.bdaddr, &e->data.bdaddr);
0e05bba6
AG		 3171 hci_req_add(&req, HCI_OP_REMOTE_NAME_REQ_CANCEL, sizeof(cp),
3172 &cp);
e0d9727e
AG		 3173
3174 break;
3175
3176 default:
3177 BT_DBG("unknown discovery state %u", hdev->discovery.state);
0e05bba6
AG		 3178
3179 mgmt_pending_remove(cmd);
3180 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
3181 MGMT_STATUS_FAILED, &mgmt_cp->type,
3182 sizeof(mgmt_cp->type));
3183 goto unlock;
14a53664
JH		 3184 }
3185
0e05bba6 3186 err = hci_req_run(&req, stop_discovery_complete);
14a53664
JH		 3187 if (err < 0)
3188 mgmt_pending_remove(cmd);
ff9ef578
JH		 3189 else
3190 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
14a53664 3191
30dc78e1 3192unlock:
09fd0de5 3193 hci_dev_unlock(hdev);
14a53664
JH		 3194 return err;
3195}
3196
bdb6d971 3197static int confirm_name(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3198 u16 len)
561aafbc 3199{
650f726d 3200 struct mgmt_cp_confirm_name *cp = data;
561aafbc 3201 struct inquiry_entry *e;
561aafbc
JH		 3202 int err;
3203
bdb6d971 3204 BT_DBG("%s", hdev->name);
561aafbc 3205
561aafbc
JH		 3206 hci_dev_lock(hdev);
3207
30dc78e1 3208 if (!hci_discovery_active(hdev)) {
bdb6d971 3209 err = cmd_status(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
04124681 3210 MGMT_STATUS_FAILED);
30dc78e1
JH		 3211 goto failed;
3212 }
3213
a198e7b1 3214 e = hci_inquiry_cache_lookup_unknown(hdev, &cp->addr.bdaddr);
561aafbc 3215 if (!e) {
bdb6d971 3216 err = cmd_status(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
04124681 3217 MGMT_STATUS_INVALID_PARAMS);
561aafbc
JH		 3218 goto failed;
3219 }
3220
3221 if (cp->name_known) {
3222 e->name_state = NAME_KNOWN;
3223 list_del(&e->list);
3224 } else {
3225 e->name_state = NAME_NEEDED;
a3d4e20a 3226 hci_inquiry_cache_update_resolve(hdev, e);
561aafbc
JH		 3227 }
3228
e384662b
JH		 3229 err = cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME, 0, &cp->addr,
3230 sizeof(cp->addr));
561aafbc
JH		 3231
3232failed:
3233 hci_dev_unlock(hdev);
561aafbc
JH		 3234 return err;
3235}
3236
bdb6d971 3237static int block_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3238 u16 len)
7fbec224 3239{
650f726d 3240 struct mgmt_cp_block_device *cp = data;
f0eeea8b 3241 u8 status;
7fbec224
AJ		 3242 int err;
3243
bdb6d971 3244 BT_DBG("%s", hdev->name);
7fbec224 3245
4ee71b20 3246 if (!bdaddr_type_is_valid(cp->addr.type))
5d0846d4
JH		 3247 return cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE,
3248 MGMT_STATUS_INVALID_PARAMS,
3249 &cp->addr, sizeof(cp->addr));
4ee71b20 3250
09fd0de5 3251 hci_dev_lock(hdev);
5e762444 3252
88c1fe4b 3253 err = hci_blacklist_add(hdev, &cp->addr.bdaddr, cp->addr.type);
7fbec224 3254 if (err < 0)
f0eeea8b 3255 status = MGMT_STATUS_FAILED;
7fbec224 3256 else
a6785be2 3257 status = MGMT_STATUS_SUCCESS;
f0eeea8b 3258
bdb6d971 3259 err = cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE, status,
04124681 3260 &cp->addr, sizeof(cp->addr));
5e762444 3261
09fd0de5 3262 hci_dev_unlock(hdev);
7fbec224
AJ		 3263
3264 return err;
3265}
3266
bdb6d971 3267static int unblock_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3268 u16 len)
7fbec224 3269{
650f726d 3270 struct mgmt_cp_unblock_device *cp = data;
f0eeea8b 3271 u8 status;
7fbec224
AJ		 3272 int err;
3273
bdb6d971 3274 BT_DBG("%s", hdev->name);
7fbec224 3275
4ee71b20 3276 if (!bdaddr_type_is_valid(cp->addr.type))
5d0846d4
JH		 3277 return cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE,
3278 MGMT_STATUS_INVALID_PARAMS,
3279 &cp->addr, sizeof(cp->addr));
4ee71b20 3280
09fd0de5 3281 hci_dev_lock(hdev);
5e762444 3282
88c1fe4b 3283 err = hci_blacklist_del(hdev, &cp->addr.bdaddr, cp->addr.type);
7fbec224 3284 if (err < 0)
f0eeea8b 3285 status = MGMT_STATUS_INVALID_PARAMS;
7fbec224 3286 else
a6785be2 3287 status = MGMT_STATUS_SUCCESS;
f0eeea8b 3288
bdb6d971 3289 err = cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE, status,
04124681 3290 &cp->addr, sizeof(cp->addr));
5e762444 3291
09fd0de5 3292 hci_dev_unlock(hdev);
7fbec224
AJ		 3293
3294 return err;
3295}
3296
cdbaccca
MH		 3297static int set_device_id(struct sock *sk, struct hci_dev *hdev, void *data,
3298 u16 len)
3299{
3300 struct mgmt_cp_set_device_id *cp = data;
890ea898 3301 struct hci_request req;
cdbaccca 3302 int err;
c72d4b8a 3303 __u16 source;
cdbaccca
MH		 3304
3305 BT_DBG("%s", hdev->name);
3306
c72d4b8a
SJ		 3307 source = __le16_to_cpu(cp->source);
3308
3309 if (source > 0x0002)
3310 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEVICE_ID,
3311 MGMT_STATUS_INVALID_PARAMS);
3312
cdbaccca
MH		 3313 hci_dev_lock(hdev);
3314
c72d4b8a 3315 hdev->devid_source = source;
cdbaccca
MH		 3316 hdev->devid_vendor = __le16_to_cpu(cp->vendor);
3317 hdev->devid_product = __le16_to_cpu(cp->product);
3318 hdev->devid_version = __le16_to_cpu(cp->version);
3319
3320 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEVICE_ID, 0, NULL, 0);
3321
890ea898
JH		 3322 hci_req_init(&req, hdev);
3323 update_eir(&req);
3324 hci_req_run(&req, NULL);
cdbaccca
MH		 3325
3326 hci_dev_unlock(hdev);
3327
3328 return err;
3329}
3330
4375f103
JH		 3331static void set_advertising_complete(struct hci_dev *hdev, u8 status)
3332{
3333 struct cmd_lookup match = { NULL, hdev };
3334
3335 if (status) {
3336 u8 mgmt_err = mgmt_status(status);
3337
3338 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev,
3339 cmd_status_rsp, &mgmt_err);
3340 return;
3341 }
3342
3343 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev, settings_rsp,
3344 &match);
3345
3346 new_settings(hdev, match.sk);
3347
3348 if (match.sk)
3349 sock_put(match.sk);
3350}
3351
21b5187f
MH		 3352static int set_advertising(struct sock *sk, struct hci_dev *hdev, void *data,
3353 u16 len)
4375f103
JH		 3354{
3355 struct mgmt_mode *cp = data;
3356 struct pending_cmd *cmd;
3357 struct hci_request req;
e6fe7986 3358 u8 val, enabled, status;
4375f103
JH		 3359 int err;
3360
3361 BT_DBG("request for %s", hdev->name);
3362
e6fe7986
JH		 3363 status = mgmt_le_support(hdev);
3364 if (status)
4375f103 3365 return cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
e6fe7986 3366 status);
4375f103
JH		 3367
3368 if (cp->val != 0x00 && cp->val != 0x01)
3369 return cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
3370 MGMT_STATUS_INVALID_PARAMS);
3371
3372 hci_dev_lock(hdev);
3373
3374 val = !!cp->val;
f3d3444a 3375 enabled = test_bit(HCI_ADVERTISING, &hdev->dev_flags);
4375f103 3376
f74ca9b8
JH		 3377 /* The following conditions are ones which mean that we should
3378 * not do any HCI communication but directly send a mgmt
3379 * response to user space (after toggling the flag if
3380 * necessary).
3381 */
3382 if (!hdev_is_powered(hdev) || val == enabled ||
b145edcd 3383 hci_conn_num(hdev, LE_LINK) > 0) {
4375f103
JH		 3384 bool changed = false;
3385
f3d3444a
JH		 3386 if (val != test_bit(HCI_ADVERTISING, &hdev->dev_flags)) {
3387 change_bit(HCI_ADVERTISING, &hdev->dev_flags);
4375f103
JH		 3388 changed = true;
3389 }
3390
3391 err = send_settings_rsp(sk, MGMT_OP_SET_ADVERTISING, hdev);
3392 if (err < 0)
3393 goto unlock;
3394
3395 if (changed)
3396 err = new_settings(hdev, sk);
3397
3398 goto unlock;
3399 }
3400
3401 if (mgmt_pending_find(MGMT_OP_SET_ADVERTISING, hdev) ||
3402 mgmt_pending_find(MGMT_OP_SET_LE, hdev)) {
3403 err = cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
3404 MGMT_STATUS_BUSY);
3405 goto unlock;
3406 }
3407
3408 cmd = mgmt_pending_add(sk, MGMT_OP_SET_ADVERTISING, hdev, data, len);
3409 if (!cmd) {
3410 err = -ENOMEM;
3411 goto unlock;
3412 }
3413
3414 hci_req_init(&req, hdev);
3415
bba3aa55
MH		 3416 if (val)
3417 enable_advertising(&req);
3418 else
3419 disable_advertising(&req);
4375f103
JH		 3420
3421 err = hci_req_run(&req, set_advertising_complete);
3422 if (err < 0)
3423 mgmt_pending_remove(cmd);
3424
3425unlock:
3426 hci_dev_unlock(hdev);
3427 return err;
3428}
3429
d13eafce
MH		 3430static int set_static_address(struct sock *sk, struct hci_dev *hdev,
3431 void *data, u16 len)
3432{
3433 struct mgmt_cp_set_static_address *cp = data;
3434 int err;
3435
3436 BT_DBG("%s", hdev->name);
3437
62af4443 3438 if (!lmp_le_capable(hdev))
d13eafce 3439 return cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
62af4443 3440 MGMT_STATUS_NOT_SUPPORTED);
d13eafce
MH		 3441
3442 if (hdev_is_powered(hdev))
3443 return cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
3444 MGMT_STATUS_REJECTED);
3445
3446 if (bacmp(&cp->bdaddr, BDADDR_ANY)) {
3447 if (!bacmp(&cp->bdaddr, BDADDR_NONE))
3448 return cmd_status(sk, hdev->id,
3449 MGMT_OP_SET_STATIC_ADDRESS,
3450 MGMT_STATUS_INVALID_PARAMS);
3451
3452 /* Two most significant bits shall be set */
3453 if ((cp->bdaddr.b[5] & 0xc0) != 0xc0)
3454 return cmd_status(sk, hdev->id,
3455 MGMT_OP_SET_STATIC_ADDRESS,
3456 MGMT_STATUS_INVALID_PARAMS);
3457 }
3458
3459 hci_dev_lock(hdev);
3460
3461 bacpy(&hdev->static_addr, &cp->bdaddr);
3462
3463 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS, 0, NULL, 0);
3464
3465 hci_dev_unlock(hdev);
3466
3467 return err;
3468}
3469
14b49b9a
MH		 3470static int set_scan_params(struct sock *sk, struct hci_dev *hdev,
3471 void *data, u16 len)
3472{
3473 struct mgmt_cp_set_scan_params *cp = data;
3474 __u16 interval, window;
3475 int err;
3476
3477 BT_DBG("%s", hdev->name);
3478
3479 if (!lmp_le_capable(hdev))
3480 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
3481 MGMT_STATUS_NOT_SUPPORTED);
3482
3483 interval = __le16_to_cpu(cp->interval);
3484
3485 if (interval < 0x0004 || interval > 0x4000)
3486 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
3487 MGMT_STATUS_INVALID_PARAMS);
3488
3489 window = __le16_to_cpu(cp->window);
3490
3491 if (window < 0x0004 || window > 0x4000)
3492 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
3493 MGMT_STATUS_INVALID_PARAMS);
3494
899e1075
MH		 3495 if (window > interval)
3496 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
3497 MGMT_STATUS_INVALID_PARAMS);
3498
14b49b9a
MH		 3499 hci_dev_lock(hdev);
3500
3501 hdev->le_scan_interval = interval;
3502 hdev->le_scan_window = window;
3503
3504 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS, 0, NULL, 0);
3505
3506 hci_dev_unlock(hdev);
3507
3508 return err;
3509}
3510
33e38b3e
JH		 3511static void fast_connectable_complete(struct hci_dev *hdev, u8 status)
3512{
3513 struct pending_cmd *cmd;
3514
3515 BT_DBG("status 0x%02x", status);
3516
3517 hci_dev_lock(hdev);
3518
3519 cmd = mgmt_pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev);
3520 if (!cmd)
3521 goto unlock;
3522
3523 if (status) {
3524 cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
3525 mgmt_status(status));
3526 } else {
1a4d3c4b
JH		 3527 struct mgmt_mode *cp = cmd->param;
3528
3529 if (cp->val)
3530 set_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
3531 else
3532 clear_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
3533
33e38b3e
JH		 3534 send_settings_rsp(cmd->sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev);
3535 new_settings(hdev, cmd->sk);
3536 }
3537
3538 mgmt_pending_remove(cmd);
3539
3540unlock:
3541 hci_dev_unlock(hdev);
3542}
3543
bdb6d971 3544static int set_fast_connectable(struct sock *sk, struct hci_dev *hdev,
04124681 3545 void *data, u16 len)
f6422ec6 3546{
650f726d 3547 struct mgmt_mode *cp = data;
33e38b3e
JH		 3548 struct pending_cmd *cmd;
3549 struct hci_request req;
f6422ec6
AJ		 3550 int err;
3551
bdb6d971 3552 BT_DBG("%s", hdev->name);
f6422ec6 3553
56f87901
JH		 3554 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags) ||
3555 hdev->hci_ver < BLUETOOTH_VER_1_2)
33c525c0
JH		 3556 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
3557 MGMT_STATUS_NOT_SUPPORTED);
3558
a7e80f25
JH		 3559 if (cp->val != 0x00 && cp->val != 0x01)
3560 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
3561 MGMT_STATUS_INVALID_PARAMS);
3562
5400c044 3563 if (!hdev_is_powered(hdev))
bdb6d971 3564 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
04124681 3565 MGMT_STATUS_NOT_POWERED);
5400c044
JH		 3566
3567 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
bdb6d971 3568 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
04124681 3569 MGMT_STATUS_REJECTED);
f6422ec6
AJ		 3570
3571 hci_dev_lock(hdev);
3572
05cbf29f
JH		 3573 if (mgmt_pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev)) {
3574 err = cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
3575 MGMT_STATUS_BUSY);
3576 goto unlock;
3577 }
3578
1a4d3c4b
JH		 3579 if (!!cp->val == test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags)) {
3580 err = send_settings_rsp(sk, MGMT_OP_SET_FAST_CONNECTABLE,
3581 hdev);
3582 goto unlock;
3583 }
3584
33e38b3e
JH		 3585 cmd = mgmt_pending_add(sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev,
3586 data, len);
3587 if (!cmd) {
3588 err = -ENOMEM;
3589 goto unlock;
f6422ec6
AJ		 3590 }
3591
33e38b3e
JH		 3592 hci_req_init(&req, hdev);
3593
406d7804 3594 write_fast_connectable(&req, cp->val);
33e38b3e
JH		 3595
3596 err = hci_req_run(&req, fast_connectable_complete);
f6422ec6 3597 if (err < 0) {
bdb6d971 3598 err = cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
04124681 3599 MGMT_STATUS_FAILED);
33e38b3e 3600 mgmt_pending_remove(cmd);
f6422ec6
AJ		 3601 }
3602
33e38b3e 3603unlock:
f6422ec6 3604 hci_dev_unlock(hdev);
33e38b3e 3605
f6422ec6
AJ		 3606 return err;
3607}
3608
67e5a7a3
JH		 3609static void set_bredr_scan(struct hci_request *req)
3610{
3611 struct hci_dev *hdev = req->hdev;
3612 u8 scan = 0;
3613
3614 /* Ensure that fast connectable is disabled. This function will
3615 * not do anything if the page scan parameters are already what
3616 * they should be.
3617 */
3618 write_fast_connectable(req, false);
3619
3620 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
3621 scan |= SCAN_PAGE;
3622 if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
3623 scan |= SCAN_INQUIRY;
3624
3625 if (scan)
3626 hci_req_add(req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
3627}
3628
0663ca2a
JH		 3629static void set_bredr_complete(struct hci_dev *hdev, u8 status)
3630{
3631 struct pending_cmd *cmd;
3632
3633 BT_DBG("status 0x%02x", status);
3634
3635 hci_dev_lock(hdev);
3636
3637 cmd = mgmt_pending_find(MGMT_OP_SET_BREDR, hdev);
3638 if (!cmd)
3639 goto unlock;
3640
3641 if (status) {
3642 u8 mgmt_err = mgmt_status(status);
3643
3644 /* We need to restore the flag if related HCI commands
3645 * failed.
3646 */
3647 clear_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
3648
3649 cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
3650 } else {
3651 send_settings_rsp(cmd->sk, MGMT_OP_SET_BREDR, hdev);
3652 new_settings(hdev, cmd->sk);
3653 }
3654
3655 mgmt_pending_remove(cmd);
3656
3657unlock:
3658 hci_dev_unlock(hdev);
3659}
3660
3661static int set_bredr(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
3662{
3663 struct mgmt_mode *cp = data;
3664 struct pending_cmd *cmd;
3665 struct hci_request req;
3666 int err;
3667
3668 BT_DBG("request for %s", hdev->name);
3669
3670 if (!lmp_bredr_capable(hdev) || !lmp_le_capable(hdev))
3671 return cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
3672 MGMT_STATUS_NOT_SUPPORTED);
3673
3674 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
3675 return cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
3676 MGMT_STATUS_REJECTED);
3677
3678 if (cp->val != 0x00 && cp->val != 0x01)
3679 return cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
3680 MGMT_STATUS_INVALID_PARAMS);
3681
3682 hci_dev_lock(hdev);
3683
3684 if (cp->val == test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
3685 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
3686 goto unlock;
3687 }
3688
3689 if (!hdev_is_powered(hdev)) {
3690 if (!cp->val) {
0663ca2a
JH		 3691 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
3692 clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
3693 clear_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
3694 clear_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
3695 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
3696 }
3697
3698 change_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
3699
3700 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
3701 if (err < 0)
3702 goto unlock;
3703
3704 err = new_settings(hdev, sk);
3705 goto unlock;
3706 }
3707
3708 /* Reject disabling when powered on */
3709 if (!cp->val) {
3710 err = cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
3711 MGMT_STATUS_REJECTED);
3712 goto unlock;
3713 }
3714
3715 if (mgmt_pending_find(MGMT_OP_SET_BREDR, hdev)) {
3716 err = cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
3717 MGMT_STATUS_BUSY);
3718 goto unlock;
3719 }
3720
3721 cmd = mgmt_pending_add(sk, MGMT_OP_SET_BREDR, hdev, data, len);
3722 if (!cmd) {
3723 err = -ENOMEM;
3724 goto unlock;
3725 }
3726
3727 /* We need to flip the bit already here so that hci_update_ad
3728 * generates the correct flags.
3729 */
3730 set_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
3731
3732 hci_req_init(&req, hdev);
aa8af46e
JH		 3733
3734 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
3735 set_bredr_scan(&req);
3736
0663ca2a 3737 hci_update_ad(&req);
aa8af46e 3738
0663ca2a
JH		 3739 err = hci_req_run(&req, set_bredr_complete);
3740 if (err < 0)
3741 mgmt_pending_remove(cmd);
3742
3743unlock:
3744 hci_dev_unlock(hdev);
3745 return err;
3746}
3747
3f706b72
JH		 3748static bool ltk_is_valid(struct mgmt_ltk_info *key)
3749{
44b20d33
JH		 3750 if (key->authenticated != 0x00 && key->authenticated != 0x01)
3751 return false;
3f706b72
JH		 3752 if (key->master != 0x00 && key->master != 0x01)
3753 return false;
4ee71b20
JH		 3754 if (!bdaddr_type_is_le(key->addr.type))
3755 return false;
3f706b72
JH		 3756 return true;
3757}
3758
bdb6d971 3759static int load_long_term_keys(struct sock *sk, struct hci_dev *hdev,
04124681 3760 void *cp_data, u16 len)
346af67b 3761{
346af67b
VCG		 3762 struct mgmt_cp_load_long_term_keys *cp = cp_data;
3763 u16 key_count, expected_len;
715a5bf2 3764 int i, err;
346af67b 3765
cf99ba13
MH		 3766 BT_DBG("request for %s", hdev->name);
3767
3768 if (!lmp_le_capable(hdev))
3769 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
3770 MGMT_STATUS_NOT_SUPPORTED);
3771
1f350c87 3772 key_count = __le16_to_cpu(cp->key_count);
346af67b
VCG		 3773
3774 expected_len = sizeof(*cp) + key_count *
3775 sizeof(struct mgmt_ltk_info);
3776 if (expected_len != len) {
3777 BT_ERR("load_keys: expected %u bytes, got %u bytes",
8ce8e2b5 3778 len, expected_len);
bdb6d971 3779 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
e57e619f 3780 MGMT_STATUS_INVALID_PARAMS);
346af67b
VCG		 3781 }
3782
bdb6d971 3783 BT_DBG("%s key_count %u", hdev->name, key_count);
346af67b 3784
54ad6d8a
JH		 3785 for (i = 0; i < key_count; i++) {
3786 struct mgmt_ltk_info *key = &cp->keys[i];
3787
3f706b72 3788 if (!ltk_is_valid(key))
54ad6d8a
JH		 3789 return cmd_status(sk, hdev->id,
3790 MGMT_OP_LOAD_LONG_TERM_KEYS,
3791 MGMT_STATUS_INVALID_PARAMS);
3792 }
3793
346af67b
VCG		 3794 hci_dev_lock(hdev);
3795
3796 hci_smp_ltks_clear(hdev);
3797
3798 for (i = 0; i < key_count; i++) {
3799 struct mgmt_ltk_info *key = &cp->keys[i];
79d95a19
MH		 3800 u8 type, addr_type;
3801
3802 if (key->addr.type == BDADDR_LE_PUBLIC)
3803 addr_type = ADDR_LE_DEV_PUBLIC;
3804 else
3805 addr_type = ADDR_LE_DEV_RANDOM;
346af67b
VCG		 3806
3807 if (key->master)
3808 type = HCI_SMP_LTK;
3809 else
3810 type = HCI_SMP_LTK_SLAVE;
3811
79d95a19 3812 hci_add_ltk(hdev, &key->addr.bdaddr, addr_type,
04124681
GP		 3813 type, 0, key->authenticated, key->val,
3814 key->enc_size, key->ediv, key->rand);
346af67b
VCG		 3815 }
3816
715a5bf2
JH		 3817 err = cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS, 0,
3818 NULL, 0);
3819
346af67b 3820 hci_dev_unlock(hdev);
346af67b 3821
715a5bf2 3822 return err;
346af67b
VCG		 3823}
3824
2e3c35ea 3825static const struct mgmt_handler {
04124681
GP		 3826 int (*func) (struct sock *sk, struct hci_dev *hdev, void *data,
3827 u16 data_len);
be22b54e
JH		 3828 bool var_len;
3829 size_t data_len;
0f4e68cf
JH		 3830} mgmt_handlers[] = {
3831 { NULL }, /* 0x0000 (no command) */
be22b54e
JH		 3832 { read_version, false, MGMT_READ_VERSION_SIZE },
3833 { read_commands, false, MGMT_READ_COMMANDS_SIZE },
3834 { read_index_list, false, MGMT_READ_INDEX_LIST_SIZE },
3835 { read_controller_info, false, MGMT_READ_INFO_SIZE },
3836 { set_powered, false, MGMT_SETTING_SIZE },
3837 { set_discoverable, false, MGMT_SET_DISCOVERABLE_SIZE },
3838 { set_connectable, false, MGMT_SETTING_SIZE },
3839 { set_fast_connectable, false, MGMT_SETTING_SIZE },
3840 { set_pairable, false, MGMT_SETTING_SIZE },
3841 { set_link_security, false, MGMT_SETTING_SIZE },
3842 { set_ssp, false, MGMT_SETTING_SIZE },
3843 { set_hs, false, MGMT_SETTING_SIZE },
3844 { set_le, false, MGMT_SETTING_SIZE },
3845 { set_dev_class, false, MGMT_SET_DEV_CLASS_SIZE },
3846 { set_local_name, false, MGMT_SET_LOCAL_NAME_SIZE },
3847 { add_uuid, false, MGMT_ADD_UUID_SIZE },
3848 { remove_uuid, false, MGMT_REMOVE_UUID_SIZE },
3849 { load_link_keys, true, MGMT_LOAD_LINK_KEYS_SIZE },
3850 { load_long_term_keys, true, MGMT_LOAD_LONG_TERM_KEYS_SIZE },
3851 { disconnect, false, MGMT_DISCONNECT_SIZE },
3852 { get_connections, false, MGMT_GET_CONNECTIONS_SIZE },
3853 { pin_code_reply, false, MGMT_PIN_CODE_REPLY_SIZE },
3854 { pin_code_neg_reply, false, MGMT_PIN_CODE_NEG_REPLY_SIZE },
3855 { set_io_capability, false, MGMT_SET_IO_CAPABILITY_SIZE },
3856 { pair_device, false, MGMT_PAIR_DEVICE_SIZE },
3857 { cancel_pair_device, false, MGMT_CANCEL_PAIR_DEVICE_SIZE },
3858 { unpair_device, false, MGMT_UNPAIR_DEVICE_SIZE },
3859 { user_confirm_reply, false, MGMT_USER_CONFIRM_REPLY_SIZE },
3860 { user_confirm_neg_reply, false, MGMT_USER_CONFIRM_NEG_REPLY_SIZE },
3861 { user_passkey_reply, false, MGMT_USER_PASSKEY_REPLY_SIZE },
3862 { user_passkey_neg_reply, false, MGMT_USER_PASSKEY_NEG_REPLY_SIZE },
3863 { read_local_oob_data, false, MGMT_READ_LOCAL_OOB_DATA_SIZE },
3864 { add_remote_oob_data, false, MGMT_ADD_REMOTE_OOB_DATA_SIZE },
3865 { remove_remote_oob_data, false, MGMT_REMOVE_REMOTE_OOB_DATA_SIZE },
3866 { start_discovery, false, MGMT_START_DISCOVERY_SIZE },
3867 { stop_discovery, false, MGMT_STOP_DISCOVERY_SIZE },
3868 { confirm_name, false, MGMT_CONFIRM_NAME_SIZE },
3869 { block_device, false, MGMT_BLOCK_DEVICE_SIZE },
3870 { unblock_device, false, MGMT_UNBLOCK_DEVICE_SIZE },
cdbaccca 3871 { set_device_id, false, MGMT_SET_DEVICE_ID_SIZE },
4375f103 3872 { set_advertising, false, MGMT_SETTING_SIZE },
0663ca2a 3873 { set_bredr, false, MGMT_SETTING_SIZE },
d13eafce 3874 { set_static_address, false, MGMT_SET_STATIC_ADDRESS_SIZE },
14b49b9a 3875 { set_scan_params, false, MGMT_SET_SCAN_PARAMS_SIZE },
0f4e68cf
JH		 3876};
3877
3878
0381101f
JH		 3879int mgmt_control(struct sock *sk, struct msghdr *msg, size_t msglen)
3880{
650f726d
VCG		 3881 void *buf;
3882 u8 *cp;
0381101f 3883 struct mgmt_hdr *hdr;
4e51eae9 3884 u16 opcode, index, len;
bdb6d971 3885 struct hci_dev *hdev = NULL;
2e3c35ea 3886 const struct mgmt_handler *handler;
0381101f
JH		 3887 int err;
3888
3889 BT_DBG("got %zu bytes", msglen);
3890
3891 if (msglen < sizeof(*hdr))
3892 return -EINVAL;
3893
e63a15ec 3894 buf = kmalloc(msglen, GFP_KERNEL);
0381101f
JH		 3895 if (!buf)
3896 return -ENOMEM;
3897
3898 if (memcpy_fromiovec(buf, msg->msg_iov, msglen)) {
3899 err = -EFAULT;
3900 goto done;
3901 }
3902
650f726d 3903 hdr = buf;
1f350c87
MH		 3904 opcode = __le16_to_cpu(hdr->opcode);
3905 index = __le16_to_cpu(hdr->index);
3906 len = __le16_to_cpu(hdr->len);
0381101f
JH		 3907
3908 if (len != msglen - sizeof(*hdr)) {
3909 err = -EINVAL;
3910 goto done;
3911 }
3912
0f4e68cf 3913 if (index != MGMT_INDEX_NONE) {
bdb6d971
JH		 3914 hdev = hci_dev_get(index);
3915 if (!hdev) {
3916 err = cmd_status(sk, index, opcode,
04124681 3917 MGMT_STATUS_INVALID_INDEX);
bdb6d971
JH		 3918 goto done;
3919 }
0736cfa8 3920
cebf4cfd
JH		 3921 if (test_bit(HCI_SETUP, &hdev->dev_flags) ||
3922 test_bit(HCI_USER_CHANNEL, &hdev->dev_flags)) {
0736cfa8
MH		 3923 err = cmd_status(sk, index, opcode,
3924 MGMT_STATUS_INVALID_INDEX);
3925 goto done;
3926 }
bdb6d971
JH		 3927 }
3928
0f4e68cf 3929 if (opcode >= ARRAY_SIZE(mgmt_handlers) ||
8ce8e2b5 3930 mgmt_handlers[opcode].func == NULL) {
0381101f 3931 BT_DBG("Unknown op %u", opcode);
ca69b795 3932 err = cmd_status(sk, index, opcode,
04124681 3933 MGMT_STATUS_UNKNOWN_COMMAND);
0f4e68cf
JH		 3934 goto done;
3935 }
3936
3937 if ((hdev && opcode < MGMT_OP_READ_INFO) ||
8ce8e2b5 3938 (!hdev && opcode >= MGMT_OP_READ_INFO)) {
0f4e68cf 3939 err = cmd_status(sk, index, opcode,
04124681 3940 MGMT_STATUS_INVALID_INDEX);
0f4e68cf 3941 goto done;
0381101f
JH		 3942 }
3943
be22b54e
JH		 3944 handler = &mgmt_handlers[opcode];
3945
3946 if ((handler->var_len && len < handler->data_len) ||
8ce8e2b5 3947 (!handler->var_len && len != handler->data_len)) {
be22b54e 3948 err = cmd_status(sk, index, opcode,
04124681 3949 MGMT_STATUS_INVALID_PARAMS);
be22b54e
JH		 3950 goto done;
3951 }
3952
0f4e68cf
JH		 3953 if (hdev)
3954 mgmt_init_hdev(sk, hdev);
3955
3956 cp = buf + sizeof(*hdr);
3957
be22b54e 3958 err = handler->func(sk, hdev, cp, len);
e41d8b4e
JH		 3959 if (err < 0)
3960 goto done;
3961
0381101f
JH		 3962 err = msglen;
3963
3964done:
bdb6d971
JH		 3965 if (hdev)
3966 hci_dev_put(hdev);
3967
0381101f
JH		 3968 kfree(buf);
3969 return err;
3970}
c71e97bf 3971
bf6b56db 3972void mgmt_index_added(struct hci_dev *hdev)
c71e97bf 3973{
1514b892 3974 if (hdev->dev_type != HCI_BREDR)
bf6b56db 3975 return;
bb4b2a9a 3976
bf6b56db 3977 mgmt_event(MGMT_EV_INDEX_ADDED, hdev, NULL, 0, NULL);
c71e97bf
JH		 3978}
3979
bf6b56db 3980void mgmt_index_removed(struct hci_dev *hdev)
c71e97bf 3981{
5f159032 3982 u8 status = MGMT_STATUS_INVALID_INDEX;
b24752fe 3983
1514b892 3984 if (hdev->dev_type != HCI_BREDR)
bf6b56db 3985 return;
bb4b2a9a 3986
744cf19e 3987 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status);
b24752fe 3988
bf6b56db 3989 mgmt_event(MGMT_EV_INDEX_REMOVED, hdev, NULL, 0, NULL);
eec8d2bc
JH		 3990}
3991
229ab39c
JH		 3992static void powered_complete(struct hci_dev *hdev, u8 status)
3993{
3994 struct cmd_lookup match = { NULL, hdev };
3995
3996 BT_DBG("status 0x%02x", status);
3997
3998 hci_dev_lock(hdev);
3999
4000 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
4001
4002 new_settings(hdev, match.sk);
4003
4004 hci_dev_unlock(hdev);
4005
4006 if (match.sk)
4007 sock_put(match.sk);
4008}
4009
70da6243 4010static int powered_update_hci(struct hci_dev *hdev)
5add6af8 4011{
890ea898 4012 struct hci_request req;
70da6243 4013 u8 link_sec;
5add6af8 4014
890ea898
JH		 4015 hci_req_init(&req, hdev);
4016
70da6243
JH		 4017 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags) &&
4018 !lmp_host_ssp_capable(hdev)) {
4019 u8 ssp = 1;
5e5282bb 4020
890ea898 4021 hci_req_add(&req, HCI_OP_WRITE_SSP_MODE, 1, &ssp);
70da6243 4022 }
5add6af8 4023
c73eee91
JH		 4024 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags) &&
4025 lmp_bredr_capable(hdev)) {
70da6243 4026 struct hci_cp_write_le_host_supported cp;
f0ff92fb 4027
70da6243
JH		 4028 cp.le = 1;
4029 cp.simul = lmp_le_br_capable(hdev);
3d1cbdd6 4030
70da6243
JH		 4031 /* Check first if we already have the right
4032 * host state (host features set)
4033 */
4034 if (cp.le != lmp_host_le_capable(hdev) ||
4035 cp.simul != lmp_host_le_br_capable(hdev))
890ea898
JH		 4036 hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED,
4037 sizeof(cp), &cp);
0663ca2a
JH		 4038
4039 /* In case BR/EDR was toggled during the AUTO_OFF phase */
4040 hci_update_ad(&req);
70da6243 4041 }
3d1cbdd6 4042
d13eafce
MH		 4043 if (lmp_le_capable(hdev)) {
4044 /* Set random address to static address if configured */
4045 if (bacmp(&hdev->static_addr, BDADDR_ANY))
4046 hci_req_add(&req, HCI_OP_LE_SET_RANDOM_ADDR, 6,
4047 &hdev->static_addr);
eeca6f89 4048
bba3aa55
MH		 4049 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags))
4050 enable_advertising(&req);
eeca6f89
JH		 4051 }
4052
70da6243
JH		 4053 link_sec = test_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
4054 if (link_sec != test_bit(HCI_AUTH, &hdev->flags))
890ea898
JH		 4055 hci_req_add(&req, HCI_OP_WRITE_AUTH_ENABLE,
4056 sizeof(link_sec), &link_sec);
562fcc24 4057
70da6243 4058 if (lmp_bredr_capable(hdev)) {
56f87901
JH		 4059 if (test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
4060 set_bredr_scan(&req);
890ea898 4061 update_class(&req);
13928971 4062 update_name(&req);
890ea898 4063 update_eir(&req);
70da6243 4064 }
562fcc24 4065
229ab39c 4066 return hci_req_run(&req, powered_complete);
70da6243 4067}
562fcc24 4068
70da6243
JH		 4069int mgmt_powered(struct hci_dev *hdev, u8 powered)
4070{
4071 struct cmd_lookup match = { NULL, hdev };
229ab39c
JH		 4072 u8 status_not_powered = MGMT_STATUS_NOT_POWERED;
4073 u8 zero_cod[] = { 0, 0, 0 };
70da6243 4074 int err;
f0ff92fb 4075
70da6243
JH		 4076 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
4077 return 0;
4078
70da6243 4079 if (powered) {
229ab39c
JH		 4080 if (powered_update_hci(hdev) == 0)
4081 return 0;
fe038884 4082
229ab39c
JH		 4083 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp,
4084 &match);
4085 goto new_settings;
b24752fe
JH		 4086 }
4087
229ab39c
JH		 4088 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
4089 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status_not_powered);
4090
4091 if (memcmp(hdev->dev_class, zero_cod, sizeof(zero_cod)) != 0)
4092 mgmt_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev,
4093 zero_cod, sizeof(zero_cod), NULL);
4094
4095new_settings:
beadb2bd 4096 err = new_settings(hdev, match.sk);
eec8d2bc
JH		 4097
4098 if (match.sk)
4099 sock_put(match.sk);
4100
7bb895d6 4101 return err;
5add6af8 4102}
73f22f62 4103
3eec705e 4104void mgmt_set_powered_failed(struct hci_dev *hdev, int err)
96570ffc
JH		 4105{
4106 struct pending_cmd *cmd;
4107 u8 status;
4108
4109 cmd = mgmt_pending_find(MGMT_OP_SET_POWERED, hdev);
4110 if (!cmd)
3eec705e 4111 return;
96570ffc
JH		 4112
4113 if (err == -ERFKILL)
4114 status = MGMT_STATUS_RFKILLED;
4115 else
4116 status = MGMT_STATUS_FAILED;
4117
3eec705e 4118 cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_POWERED, status);
96570ffc
JH		 4119
4120 mgmt_pending_remove(cmd);
96570ffc
JH		 4121}
4122
744cf19e 4123int mgmt_discoverable(struct hci_dev *hdev, u8 discoverable)
73f22f62 4124{
5e5282bb
JH		 4125 bool changed = false;
4126 int err = 0;
73f22f62 4127
bfaf8c9f
JH		 4128 /* Nothing needed here if there's a pending command since that
4129 * commands request completion callback takes care of everything
4130 * necessary.
4131 */
4132 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev))
4133 return 0;
4134
5e5282bb
JH		 4135 if (discoverable) {
4136 if (!test_and_set_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
4137 changed = true;
4138 } else {
4139 if (test_and_clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
4140 changed = true;
4141 }
73f22f62 4142
beadb2bd 4143 if (changed)
bfaf8c9f 4144 err = new_settings(hdev, NULL);
73f22f62 4145
7bb895d6 4146 return err;
73f22f62 4147}
9fbcbb45 4148
744cf19e 4149int mgmt_connectable(struct hci_dev *hdev, u8 connectable)
9fbcbb45 4150{
5e5282bb
JH		 4151 bool changed = false;
4152 int err = 0;
9fbcbb45 4153
d7b856f9
JH		 4154 /* Nothing needed here if there's a pending command since that
4155 * commands request completion callback takes care of everything
4156 * necessary.
4157 */
4158 if (mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev))
4159 return 0;
4160
5e5282bb
JH		 4161 if (connectable) {
4162 if (!test_and_set_bit(HCI_CONNECTABLE, &hdev->dev_flags))
4163 changed = true;
4164 } else {
4165 if (test_and_clear_bit(HCI_CONNECTABLE, &hdev->dev_flags))
4166 changed = true;
4167 }
9fbcbb45 4168
beadb2bd 4169 if (changed)
d7b856f9 4170 err = new_settings(hdev, NULL);
9fbcbb45 4171
7bb895d6 4172 return err;
9fbcbb45 4173}
55ed8ca1 4174
744cf19e 4175int mgmt_write_scan_failed(struct hci_dev *hdev, u8 scan, u8 status)
2d7cee58 4176{
ca69b795
JH		 4177 u8 mgmt_err = mgmt_status(status);
4178
2d7cee58 4179 if (scan & SCAN_PAGE)
744cf19e 4180 mgmt_pending_foreach(MGMT_OP_SET_CONNECTABLE, hdev,
04124681 4181 cmd_status_rsp, &mgmt_err);
2d7cee58
JH		 4182
4183 if (scan & SCAN_INQUIRY)
744cf19e 4184 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, hdev,
04124681 4185 cmd_status_rsp, &mgmt_err);
2d7cee58
JH		 4186
4187 return 0;
4188}
4189
53168e5b
CC		 4190int mgmt_new_link_key(struct hci_dev *hdev, struct link_key *key,
4191 bool persistent)
55ed8ca1 4192{
86742e1e 4193 struct mgmt_ev_new_link_key ev;
55ed8ca1 4194
a492cd52 4195 memset(&ev, 0, sizeof(ev));
55ed8ca1 4196
a492cd52 4197 ev.store_hint = persistent;
d753fdc4 4198 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
591f47f3 4199 ev.key.addr.type = BDADDR_BREDR;
a492cd52 4200 ev.key.type = key->type;
9b3b4460 4201 memcpy(ev.key.val, key->val, HCI_LINK_KEY_SIZE);
a492cd52 4202 ev.key.pin_len = key->pin_len;
55ed8ca1 4203
744cf19e 4204 return mgmt_event(MGMT_EV_NEW_LINK_KEY, hdev, &ev, sizeof(ev), NULL);
55ed8ca1 4205}
f7520543 4206
346af67b
VCG		 4207int mgmt_new_ltk(struct hci_dev *hdev, struct smp_ltk *key, u8 persistent)
4208{
4209 struct mgmt_ev_new_long_term_key ev;
4210
4211 memset(&ev, 0, sizeof(ev));
4212
4213 ev.store_hint = persistent;
4214 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
57c1477c 4215 ev.key.addr.type = link_to_bdaddr(LE_LINK, key->bdaddr_type);
346af67b
VCG		 4216 ev.key.authenticated = key->authenticated;
4217 ev.key.enc_size = key->enc_size;
4218 ev.key.ediv = key->ediv;
4219
4220 if (key->type == HCI_SMP_LTK)
4221 ev.key.master = 1;
4222
4223 memcpy(ev.key.rand, key->rand, sizeof(key->rand));
4224 memcpy(ev.key.val, key->val, sizeof(key->val));
4225
04124681
GP		 4226 return mgmt_event(MGMT_EV_NEW_LONG_TERM_KEY, hdev, &ev, sizeof(ev),
4227 NULL);
346af67b
VCG		 4228}
4229
ecd90ae7
MH		 4230void mgmt_device_connected(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
4231 u8 addr_type, u32 flags, u8 *name, u8 name_len,
4232 u8 *dev_class)
f7520543 4233{
b644ba33
JH		 4234 char buf[512];
4235 struct mgmt_ev_device_connected *ev = (void *) buf;
4236 u16 eir_len = 0;
f7520543 4237
b644ba33 4238 bacpy(&ev->addr.bdaddr, bdaddr);
57c1477c 4239 ev->addr.type = link_to_bdaddr(link_type, addr_type);
f7520543 4240
c95f0ba7 4241 ev->flags = __cpu_to_le32(flags);
08c79b61 4242
b644ba33
JH		 4243 if (name_len > 0)
4244 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE,
04124681 4245 name, name_len);
b644ba33
JH		 4246
4247 if (dev_class && memcmp(dev_class, "\0\0\0", 3) != 0)
53156385 4248 eir_len = eir_append_data(ev->eir, eir_len,
04124681 4249 EIR_CLASS_OF_DEV, dev_class, 3);
b644ba33 4250
eb55ef07 4251 ev->eir_len = cpu_to_le16(eir_len);
b644ba33 4252
ecd90ae7
MH		 4253 mgmt_event(MGMT_EV_DEVICE_CONNECTED, hdev, buf,
4254 sizeof(*ev) + eir_len, NULL);
f7520543
JH		 4255}
4256
8962ee74
JH		 4257static void disconnect_rsp(struct pending_cmd *cmd, void *data)
4258{
c68fb7ff 4259 struct mgmt_cp_disconnect *cp = cmd->param;
8962ee74 4260 struct sock **sk = data;
a38528f1 4261 struct mgmt_rp_disconnect rp;
8962ee74 4262
88c3df13
JH		 4263 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
4264 rp.addr.type = cp->addr.type;
8962ee74 4265
aee9b218 4266 cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT, 0, &rp,
04124681 4267 sizeof(rp));
8962ee74
JH		 4268
4269 *sk = cmd->sk;
4270 sock_hold(*sk);
4271
a664b5bc 4272 mgmt_pending_remove(cmd);
8962ee74
JH		 4273}
4274
124f6e35 4275static void unpair_device_rsp(struct pending_cmd *cmd, void *data)
a8a1d19e 4276{
b1078ad0 4277 struct hci_dev *hdev = data;
124f6e35
JH		 4278 struct mgmt_cp_unpair_device *cp = cmd->param;
4279 struct mgmt_rp_unpair_device rp;
a8a1d19e
JH		 4280
4281 memset(&rp, 0, sizeof(rp));
124f6e35
JH		 4282 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
4283 rp.addr.type = cp->addr.type;
a8a1d19e 4284
b1078ad0
JH		 4285 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, cmd->sk);
4286
aee9b218 4287 cmd_complete(cmd->sk, cmd->index, cmd->opcode, 0, &rp, sizeof(rp));
a8a1d19e
JH		 4288
4289 mgmt_pending_remove(cmd);
4290}
4291
9b80ec5e
MH		 4292void mgmt_device_disconnected(struct hci_dev *hdev, bdaddr_t *bdaddr,
4293 u8 link_type, u8 addr_type, u8 reason)
f7520543 4294{
f0d6a0ea 4295 struct mgmt_ev_device_disconnected ev;
8962ee74 4296 struct sock *sk = NULL;
8962ee74 4297
744cf19e 4298 mgmt_pending_foreach(MGMT_OP_DISCONNECT, hdev, disconnect_rsp, &sk);
f7520543 4299
f0d6a0ea
MA		 4300 bacpy(&ev.addr.bdaddr, bdaddr);
4301 ev.addr.type = link_to_bdaddr(link_type, addr_type);
4302 ev.reason = reason;
f7520543 4303
9b80ec5e 4304 mgmt_event(MGMT_EV_DEVICE_DISCONNECTED, hdev, &ev, sizeof(ev), sk);
8962ee74
JH		 4305
4306 if (sk)
d97dcb66 4307 sock_put(sk);
8962ee74 4308
124f6e35 4309 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
04124681 4310 hdev);
8962ee74
JH		 4311}
4312
7892924c
MH		 4313void mgmt_disconnect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr,
4314 u8 link_type, u8 addr_type, u8 status)
8962ee74 4315{
88c3df13 4316 struct mgmt_rp_disconnect rp;
8962ee74 4317 struct pending_cmd *cmd;
8962ee74 4318
36a75f1b
JD		 4319 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
4320 hdev);
4321
2e58ef3e 4322 cmd = mgmt_pending_find(MGMT_OP_DISCONNECT, hdev);
8962ee74 4323 if (!cmd)
7892924c 4324 return;
8962ee74 4325
88c3df13 4326 bacpy(&rp.addr.bdaddr, bdaddr);
57c1477c 4327 rp.addr.type = link_to_bdaddr(link_type, addr_type);
37d9ef76 4328
7892924c
MH		 4329 cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT,
4330 mgmt_status(status), &rp, sizeof(rp));
8962ee74 4331
a664b5bc 4332 mgmt_pending_remove(cmd);
f7520543 4333}
17d5c04c 4334
445608d0
MH		 4335void mgmt_connect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
4336 u8 addr_type, u8 status)
17d5c04c
JH		 4337{
4338 struct mgmt_ev_connect_failed ev;
4339
4c659c39 4340 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 4341 ev.addr.type = link_to_bdaddr(link_type, addr_type);
ca69b795 4342 ev.status = mgmt_status(status);
17d5c04c 4343
445608d0 4344 mgmt_event(MGMT_EV_CONNECT_FAILED, hdev, &ev, sizeof(ev), NULL);
17d5c04c 4345}
980e1a53 4346
744cf19e 4347int mgmt_pin_code_request(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 secure)
980e1a53
JH		 4348{
4349 struct mgmt_ev_pin_code_request ev;
4350
d8457698 4351 bacpy(&ev.addr.bdaddr, bdaddr);
591f47f3 4352 ev.addr.type = BDADDR_BREDR;
a770bb5a 4353 ev.secure = secure;
980e1a53 4354
744cf19e 4355 return mgmt_event(MGMT_EV_PIN_CODE_REQUEST, hdev, &ev, sizeof(ev),
04124681 4356 NULL);
980e1a53
JH		 4357}
4358
744cf19e 4359int mgmt_pin_code_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 4360 u8 status)
980e1a53
JH		 4361{
4362 struct pending_cmd *cmd;
ac56fb13 4363 struct mgmt_rp_pin_code_reply rp;
980e1a53
JH		 4364 int err;
4365
2e58ef3e 4366 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_REPLY, hdev);
980e1a53
JH		 4367 if (!cmd)
4368 return -ENOENT;
4369
d8457698 4370 bacpy(&rp.addr.bdaddr, bdaddr);
591f47f3 4371 rp.addr.type = BDADDR_BREDR;
ac56fb13 4372
aee9b218 4373 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
04124681 4374 mgmt_status(status), &rp, sizeof(rp));
980e1a53 4375
a664b5bc 4376 mgmt_pending_remove(cmd);
980e1a53
JH		 4377
4378 return err;
4379}
4380
744cf19e 4381int mgmt_pin_code_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 4382 u8 status)
980e1a53
JH		 4383{
4384 struct pending_cmd *cmd;
ac56fb13 4385 struct mgmt_rp_pin_code_reply rp;
980e1a53
JH		 4386 int err;
4387
2e58ef3e 4388 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_NEG_REPLY, hdev);
980e1a53
JH		 4389 if (!cmd)
4390 return -ENOENT;
4391
d8457698 4392 bacpy(&rp.addr.bdaddr, bdaddr);
591f47f3 4393 rp.addr.type = BDADDR_BREDR;
ac56fb13 4394
aee9b218 4395 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_NEG_REPLY,
04124681 4396 mgmt_status(status), &rp, sizeof(rp));
980e1a53 4397
a664b5bc 4398 mgmt_pending_remove(cmd);
980e1a53
JH		 4399
4400 return err;
4401}
a5c29683 4402
744cf19e 4403int mgmt_user_confirm_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681
GP		 4404 u8 link_type, u8 addr_type, __le32 value,
4405 u8 confirm_hint)
a5c29683
JH		 4406{
4407 struct mgmt_ev_user_confirm_request ev;
4408
744cf19e 4409 BT_DBG("%s", hdev->name);
a5c29683 4410
272d90df 4411 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 4412 ev.addr.type = link_to_bdaddr(link_type, addr_type);
55bc1a37 4413 ev.confirm_hint = confirm_hint;
78e8098e 4414 ev.value = value;
a5c29683 4415
744cf19e 4416 return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST, hdev, &ev, sizeof(ev),
04124681 4417 NULL);
a5c29683
JH		 4418}
4419
272d90df 4420int mgmt_user_passkey_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
8ce8e2b5 4421 u8 link_type, u8 addr_type)
604086b7
BG		 4422{
4423 struct mgmt_ev_user_passkey_request ev;
4424
4425 BT_DBG("%s", hdev->name);
4426
272d90df 4427 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 4428 ev.addr.type = link_to_bdaddr(link_type, addr_type);
604086b7
BG		 4429
4430 return mgmt_event(MGMT_EV_USER_PASSKEY_REQUEST, hdev, &ev, sizeof(ev),
04124681 4431 NULL);
604086b7
BG		 4432}
4433
0df4c185 4434static int user_pairing_resp_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
8ce8e2b5
GP		 4435 u8 link_type, u8 addr_type, u8 status,
4436 u8 opcode)
a5c29683
JH		 4437{
4438 struct pending_cmd *cmd;
4439 struct mgmt_rp_user_confirm_reply rp;
4440 int err;
4441
2e58ef3e 4442 cmd = mgmt_pending_find(opcode, hdev);
a5c29683
JH		 4443 if (!cmd)
4444 return -ENOENT;
4445
272d90df 4446 bacpy(&rp.addr.bdaddr, bdaddr);
57c1477c 4447 rp.addr.type = link_to_bdaddr(link_type, addr_type);
aee9b218 4448 err = cmd_complete(cmd->sk, hdev->id, opcode, mgmt_status(status),
04124681 4449 &rp, sizeof(rp));
a5c29683 4450
a664b5bc 4451 mgmt_pending_remove(cmd);
a5c29683
JH		 4452
4453 return err;
4454}
4455
744cf19e 4456int mgmt_user_confirm_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 4457 u8 link_type, u8 addr_type, u8 status)
a5c29683 4458{
272d90df 4459 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
04124681 4460 status, MGMT_OP_USER_CONFIRM_REPLY);
a5c29683
JH		 4461}
4462
272d90df 4463int mgmt_user_confirm_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 4464 u8 link_type, u8 addr_type, u8 status)
a5c29683 4465{
272d90df 4466 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
8fc9ced3
GP		 4467 status,
4468 MGMT_OP_USER_CONFIRM_NEG_REPLY);
a5c29683 4469}
2a611692 4470
604086b7 4471int mgmt_user_passkey_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 4472 u8 link_type, u8 addr_type, u8 status)
604086b7 4473{
272d90df 4474 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
04124681 4475 status, MGMT_OP_USER_PASSKEY_REPLY);
604086b7
BG		 4476}
4477
272d90df 4478int mgmt_user_passkey_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 4479 u8 link_type, u8 addr_type, u8 status)
604086b7 4480{
272d90df 4481 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
8fc9ced3
GP		 4482 status,
4483 MGMT_OP_USER_PASSKEY_NEG_REPLY);
604086b7
BG		 4484}
4485
92a25256
JH		 4486int mgmt_user_passkey_notify(struct hci_dev *hdev, bdaddr_t *bdaddr,
4487 u8 link_type, u8 addr_type, u32 passkey,
4488 u8 entered)
4489{
4490 struct mgmt_ev_passkey_notify ev;
4491
4492 BT_DBG("%s", hdev->name);
4493
4494 bacpy(&ev.addr.bdaddr, bdaddr);
4495 ev.addr.type = link_to_bdaddr(link_type, addr_type);
4496 ev.passkey = __cpu_to_le32(passkey);
4497 ev.entered = entered;
4498
4499 return mgmt_event(MGMT_EV_PASSKEY_NOTIFY, hdev, &ev, sizeof(ev), NULL);
4500}
4501
bab73cb6 4502int mgmt_auth_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
04124681 4503 u8 addr_type, u8 status)
2a611692
JH		 4504{
4505 struct mgmt_ev_auth_failed ev;
4506
bab73cb6 4507 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 4508 ev.addr.type = link_to_bdaddr(link_type, addr_type);
ca69b795 4509 ev.status = mgmt_status(status);
2a611692 4510
744cf19e 4511 return mgmt_event(MGMT_EV_AUTH_FAILED, hdev, &ev, sizeof(ev), NULL);
2a611692 4512}
b312b161 4513
33ef95ed
JH		 4514int mgmt_auth_enable_complete(struct hci_dev *hdev, u8 status)
4515{
4516 struct cmd_lookup match = { NULL, hdev };
47990ea0
JH		 4517 bool changed = false;
4518 int err = 0;
33ef95ed
JH		 4519
4520 if (status) {
4521 u8 mgmt_err = mgmt_status(status);
4522 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev,
04124681 4523 cmd_status_rsp, &mgmt_err);
33ef95ed
JH		 4524 return 0;
4525 }
4526
47990ea0
JH		 4527 if (test_bit(HCI_AUTH, &hdev->flags)) {
4528 if (!test_and_set_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
4529 changed = true;
4530 } else {
4531 if (test_and_clear_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
4532 changed = true;
4533 }
4534
33ef95ed 4535 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev, settings_rsp,
04124681 4536 &match);
33ef95ed 4537
47990ea0
JH		 4538 if (changed)
4539 err = new_settings(hdev, match.sk);
33ef95ed
JH		 4540
4541 if (match.sk)
4542 sock_put(match.sk);
4543
4544 return err;
4545}
4546
890ea898 4547static void clear_eir(struct hci_request *req)
cacaf52f 4548{
890ea898 4549 struct hci_dev *hdev = req->hdev;
cacaf52f
JH		 4550 struct hci_cp_write_eir cp;
4551
976eb20e 4552 if (!lmp_ext_inq_capable(hdev))
890ea898 4553 return;
cacaf52f 4554
c80da27e
JH		 4555 memset(hdev->eir, 0, sizeof(hdev->eir));
4556
cacaf52f
JH		 4557 memset(&cp, 0, sizeof(cp));
4558
890ea898 4559 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
cacaf52f
JH		 4560}
4561
c0ecddc2 4562int mgmt_ssp_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
ed2c4ee3
JH		 4563{
4564 struct cmd_lookup match = { NULL, hdev };
890ea898 4565 struct hci_request req;
c0ecddc2
JH		 4566 bool changed = false;
4567 int err = 0;
ed2c4ee3
JH		 4568
4569 if (status) {
4570 u8 mgmt_err = mgmt_status(status);
c0ecddc2
JH		 4571
4572 if (enable && test_and_clear_bit(HCI_SSP_ENABLED,
9ecb3e24
MH		 4573 &hdev->dev_flags)) {
4574 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
c0ecddc2 4575 err = new_settings(hdev, NULL);
9ecb3e24 4576 }
c0ecddc2 4577
04124681
GP		 4578 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, cmd_status_rsp,
4579 &mgmt_err);
c0ecddc2
JH		 4580
4581 return err;
4582 }
4583
4584 if (enable) {
9ecb3e24 4585 changed = !test_and_set_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
c0ecddc2 4586 } else {
9ecb3e24
MH		 4587 changed = test_and_clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
4588 if (!changed)
4589 changed = test_and_clear_bit(HCI_HS_ENABLED,
4590 &hdev->dev_flags);
4591 else
4592 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
ed2c4ee3
JH		 4593 }
4594
4595 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, settings_rsp, &match);
4596
c0ecddc2
JH		 4597 if (changed)
4598 err = new_settings(hdev, match.sk);
ed2c4ee3 4599
5fc6ebb1 4600 if (match.sk)
ed2c4ee3
JH		 4601 sock_put(match.sk);
4602
890ea898
JH		 4603 hci_req_init(&req, hdev);
4604
5fc6ebb1 4605 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
890ea898 4606 update_eir(&req);
5fc6ebb1 4607 else
890ea898
JH		 4608 clear_eir(&req);
4609
4610 hci_req_run(&req, NULL);
cacaf52f 4611
ed2c4ee3
JH		 4612 return err;
4613}
4614
92da6097 4615static void sk_lookup(struct pending_cmd *cmd, void *data)
90e70454
JH		 4616{
4617 struct cmd_lookup *match = data;
4618
90e70454
JH		 4619 if (match->sk == NULL) {
4620 match->sk = cmd->sk;
4621 sock_hold(match->sk);
4622 }
90e70454
JH		 4623}
4624
7f9a903c 4625int mgmt_set_class_of_dev_complete(struct hci_dev *hdev, u8 *dev_class,
04124681 4626 u8 status)
7f9a903c 4627{
90e70454
JH		 4628 struct cmd_lookup match = { NULL, hdev, mgmt_status(status) };
4629 int err = 0;
7f9a903c 4630
92da6097
JH		 4631 mgmt_pending_foreach(MGMT_OP_SET_DEV_CLASS, hdev, sk_lookup, &match);
4632 mgmt_pending_foreach(MGMT_OP_ADD_UUID, hdev, sk_lookup, &match);
4633 mgmt_pending_foreach(MGMT_OP_REMOVE_UUID, hdev, sk_lookup, &match);
90e70454
JH		 4634
4635 if (!status)
04124681
GP		 4636 err = mgmt_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev, dev_class,
4637 3, NULL);
90e70454
JH		 4638
4639 if (match.sk)
4640 sock_put(match.sk);
7f9a903c
MH		 4641
4642 return err;
4643}
4644
744cf19e 4645int mgmt_set_local_name_complete(struct hci_dev *hdev, u8 *name, u8 status)
b312b161 4646{
b312b161 4647 struct mgmt_cp_set_local_name ev;
13928971 4648 struct pending_cmd *cmd;
28cc7bde 4649
13928971
JH		 4650 if (status)
4651 return 0;
b312b161
JH		 4652
4653 memset(&ev, 0, sizeof(ev));
4654 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH);
28cc7bde 4655 memcpy(ev.short_name, hdev->short_name, HCI_MAX_SHORT_NAME_LENGTH);
b312b161 4656
2e58ef3e 4657 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
13928971
JH		 4658 if (!cmd) {
4659 memcpy(hdev->dev_name, name, sizeof(hdev->dev_name));
28cc7bde 4660
13928971
JH		 4661 /* If this is a HCI command related to powering on the
4662 * HCI dev don't send any mgmt signals.
4663 */
4664 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev))
4665 return 0;
890ea898 4666 }
b312b161 4667
13928971
JH		 4668 return mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, &ev, sizeof(ev),
4669 cmd ? cmd->sk : NULL);
b312b161 4670}
c35938b2 4671
744cf19e 4672int mgmt_read_local_oob_data_reply_complete(struct hci_dev *hdev, u8 *hash,
04124681 4673 u8 *randomizer, u8 status)
c35938b2
SJ		 4674{
4675 struct pending_cmd *cmd;
4676 int err;
4677
744cf19e 4678 BT_DBG("%s status %u", hdev->name, status);
c35938b2 4679
2e58ef3e 4680 cmd = mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev);
c35938b2
SJ		 4681 if (!cmd)
4682 return -ENOENT;
4683
4684 if (status) {
04124681
GP		 4685 err = cmd_status(cmd->sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
4686 mgmt_status(status));
c35938b2
SJ		 4687 } else {
4688 struct mgmt_rp_read_local_oob_data rp;
4689
4690 memcpy(rp.hash, hash, sizeof(rp.hash));
4691 memcpy(rp.randomizer, randomizer, sizeof(rp.randomizer));
4692
744cf19e 4693 err = cmd_complete(cmd->sk, hdev->id,
04124681
GP		 4694 MGMT_OP_READ_LOCAL_OOB_DATA, 0, &rp,
4695 sizeof(rp));
c35938b2
SJ		 4696 }
4697
4698 mgmt_pending_remove(cmd);
4699
4700 return err;
4701}
e17acd40 4702
901801b9
MH		 4703void mgmt_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
4704 u8 addr_type, u8 *dev_class, s8 rssi, u8 cfm_name, u8
4705 ssp, u8 *eir, u16 eir_len)
e17acd40 4706{
e319d2e7
JH		 4707 char buf[512];
4708 struct mgmt_ev_device_found *ev = (void *) buf;
1dc06093 4709 size_t ev_size;
e17acd40 4710
12602d0c 4711 if (!hci_discovery_active(hdev))
901801b9 4712 return;
12602d0c 4713
1dc06093
JH		 4714 /* Leave 5 bytes for a potential CoD field */
4715 if (sizeof(*ev) + eir_len + 5 > sizeof(buf))
901801b9 4716 return;
7d262f86 4717
1dc06093
JH		 4718 memset(buf, 0, sizeof(buf));
4719
e319d2e7 4720 bacpy(&ev->addr.bdaddr, bdaddr);
57c1477c 4721 ev->addr.type = link_to_bdaddr(link_type, addr_type);
e319d2e7 4722 ev->rssi = rssi;
9a395a80 4723 if (cfm_name)
612dfce9 4724 ev->flags |= __constant_cpu_to_le32(MGMT_DEV_FOUND_CONFIRM_NAME);
388fc8fa 4725 if (!ssp)
612dfce9 4726 ev->flags |= __constant_cpu_to_le32(MGMT_DEV_FOUND_LEGACY_PAIRING);
e17acd40 4727
1dc06093 4728 if (eir_len > 0)
e319d2e7 4729 memcpy(ev->eir, eir, eir_len);
e17acd40 4730
1dc06093
JH		 4731 if (dev_class && !eir_has_data_type(ev->eir, eir_len, EIR_CLASS_OF_DEV))
4732 eir_len = eir_append_data(ev->eir, eir_len, EIR_CLASS_OF_DEV,
04124681 4733 dev_class, 3);
1dc06093 4734
eb55ef07 4735 ev->eir_len = cpu_to_le16(eir_len);
1dc06093 4736 ev_size = sizeof(*ev) + eir_len;
f8523598 4737
901801b9 4738 mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, ev_size, NULL);
e17acd40 4739}
a88a9652 4740
9cf12aee
MH		 4741void mgmt_remote_name(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
4742 u8 addr_type, s8 rssi, u8 *name, u8 name_len)
a88a9652 4743{
b644ba33
JH		 4744 struct mgmt_ev_device_found *ev;
4745 char buf[sizeof(*ev) + HCI_MAX_NAME_LENGTH + 2];
4746 u16 eir_len;
a88a9652 4747
b644ba33 4748 ev = (struct mgmt_ev_device_found *) buf;
a88a9652 4749
b644ba33
JH		 4750 memset(buf, 0, sizeof(buf));
4751
4752 bacpy(&ev->addr.bdaddr, bdaddr);
57c1477c 4753 ev->addr.type = link_to_bdaddr(link_type, addr_type);
b644ba33
JH		 4754 ev->rssi = rssi;
4755
4756 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE, name,
04124681 4757 name_len);
b644ba33 4758
eb55ef07 4759 ev->eir_len = cpu_to_le16(eir_len);
a88a9652 4760
9cf12aee 4761 mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, sizeof(*ev) + eir_len, NULL);
a88a9652 4762}
314b2381 4763
2f1e063b 4764void mgmt_discovering(struct hci_dev *hdev, u8 discovering)
314b2381 4765{
f963e8e9 4766 struct mgmt_ev_discovering ev;
164a6e78
JH		 4767 struct pending_cmd *cmd;
4768
343fb145
AG		 4769 BT_DBG("%s discovering %u", hdev->name, discovering);
4770
164a6e78 4771 if (discovering)
2e58ef3e 4772 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
164a6e78 4773 else
2e58ef3e 4774 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
164a6e78
JH		 4775
4776 if (cmd != NULL) {
f808e166
JH		 4777 u8 type = hdev->discovery.type;
4778
04124681
GP		 4779 cmd_complete(cmd->sk, hdev->id, cmd->opcode, 0, &type,
4780 sizeof(type));
164a6e78
JH		 4781 mgmt_pending_remove(cmd);
4782 }
4783
f963e8e9
JH		 4784 memset(&ev, 0, sizeof(ev));
4785 ev.type = hdev->discovery.type;
4786 ev.discovering = discovering;
4787
2f1e063b 4788 mgmt_event(MGMT_EV_DISCOVERING, hdev, &ev, sizeof(ev), NULL);
314b2381 4789}
5e762444 4790
88c1fe4b 4791int mgmt_device_blocked(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
5e762444
AJ		 4792{
4793 struct pending_cmd *cmd;
4794 struct mgmt_ev_device_blocked ev;
4795
2e58ef3e 4796 cmd = mgmt_pending_find(MGMT_OP_BLOCK_DEVICE, hdev);
5e762444 4797
88c1fe4b
JH		 4798 bacpy(&ev.addr.bdaddr, bdaddr);
4799 ev.addr.type = type;
5e762444 4800
744cf19e 4801 return mgmt_event(MGMT_EV_DEVICE_BLOCKED, hdev, &ev, sizeof(ev),
04124681 4802 cmd ? cmd->sk : NULL);
5e762444
AJ		 4803}
4804
88c1fe4b 4805int mgmt_device_unblocked(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
5e762444
AJ		 4806{
4807 struct pending_cmd *cmd;
4808 struct mgmt_ev_device_unblocked ev;
4809
2e58ef3e 4810 cmd = mgmt_pending_find(MGMT_OP_UNBLOCK_DEVICE, hdev);
5e762444 4811
88c1fe4b
JH		 4812 bacpy(&ev.addr.bdaddr, bdaddr);
4813 ev.addr.type = type;
5e762444 4814
744cf19e 4815 return mgmt_event(MGMT_EV_DEVICE_UNBLOCKED, hdev, &ev, sizeof(ev),
04124681 4816 cmd ? cmd->sk : NULL);
5e762444 4817}
5976e608
MH		 4818
4819static void adv_enable_complete(struct hci_dev *hdev, u8 status)
4820{
4821 BT_DBG("%s status %u", hdev->name, status);
4822
4823 /* Clear the advertising mgmt setting if we failed to re-enable it */
4824 if (status) {
4825 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
a6d811ed 4826 new_settings(hdev, NULL);
5976e608
MH		 4827 }
4828}
4829
4830void mgmt_reenable_advertising(struct hci_dev *hdev)
4831{
4832 struct hci_request req;
4833
b145edcd 4834 if (hci_conn_num(hdev, LE_LINK) > 0)
5976e608
MH		 4835 return;
4836
4837 if (!test_bit(HCI_ADVERTISING, &hdev->dev_flags))
4838 return;
4839
4840 hci_req_init(&req, hdev);
4841 enable_advertising(&req);
4842
4843 /* If this fails we have no option but to let user space know
4844 * that we've disabled advertising.
4845 */
4846 if (hci_req_run(&req, adv_enable_complete) < 0) {
4847 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
a6d811ed 4848 new_settings(hdev, NULL);
5976e608
MH		 4849 }
4850}
Linux kernel - Deliverables
This page took 0.513282 seconds and 5 git commands to generate.