projects / deliverable / linux.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Bluetooth: Fix disconnecting connections in non-connected states
[deliverable/linux.git] / net / bluetooth / mgmt.c
CommitLineData
0381101f
JH		 1/*
2 BlueZ - Bluetooth protocol stack for Linux
ea585ab5 3
0381101f 4 Copyright (C) 2010 Nokia Corporation
ea585ab5 5 Copyright (C) 2011-2012 Intel Corporation
0381101f
JH		 6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
10
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
23*/
24
25/* Bluetooth HCI Management interface */
26
3a9a231d 27#include <linux/module.h>
0381101f
JH		 28#include <asm/unaligned.h>
29
30#include <net/bluetooth/bluetooth.h>
31#include <net/bluetooth/hci_core.h>
32#include <net/bluetooth/mgmt.h>
ac4b7236
MH		 33
34#include "smp.h"
0381101f 35
2da9c55c 36#define MGMT_VERSION 1
40456644 37#define MGMT_REVISION 5
02d98129 38
e70bb2e8
JH		 39static const u16 mgmt_commands[] = {
40 MGMT_OP_READ_INDEX_LIST,
41 MGMT_OP_READ_INFO,
42 MGMT_OP_SET_POWERED,
43 MGMT_OP_SET_DISCOVERABLE,
44 MGMT_OP_SET_CONNECTABLE,
45 MGMT_OP_SET_FAST_CONNECTABLE,
46 MGMT_OP_SET_PAIRABLE,
47 MGMT_OP_SET_LINK_SECURITY,
48 MGMT_OP_SET_SSP,
49 MGMT_OP_SET_HS,
50 MGMT_OP_SET_LE,
51 MGMT_OP_SET_DEV_CLASS,
52 MGMT_OP_SET_LOCAL_NAME,
53 MGMT_OP_ADD_UUID,
54 MGMT_OP_REMOVE_UUID,
55 MGMT_OP_LOAD_LINK_KEYS,
56 MGMT_OP_LOAD_LONG_TERM_KEYS,
57 MGMT_OP_DISCONNECT,
58 MGMT_OP_GET_CONNECTIONS,
59 MGMT_OP_PIN_CODE_REPLY,
60 MGMT_OP_PIN_CODE_NEG_REPLY,
61 MGMT_OP_SET_IO_CAPABILITY,
62 MGMT_OP_PAIR_DEVICE,
63 MGMT_OP_CANCEL_PAIR_DEVICE,
64 MGMT_OP_UNPAIR_DEVICE,
65 MGMT_OP_USER_CONFIRM_REPLY,
66 MGMT_OP_USER_CONFIRM_NEG_REPLY,
67 MGMT_OP_USER_PASSKEY_REPLY,
68 MGMT_OP_USER_PASSKEY_NEG_REPLY,
69 MGMT_OP_READ_LOCAL_OOB_DATA,
70 MGMT_OP_ADD_REMOTE_OOB_DATA,
71 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
72 MGMT_OP_START_DISCOVERY,
73 MGMT_OP_STOP_DISCOVERY,
74 MGMT_OP_CONFIRM_NAME,
75 MGMT_OP_BLOCK_DEVICE,
76 MGMT_OP_UNBLOCK_DEVICE,
cdbaccca 77 MGMT_OP_SET_DEVICE_ID,
4375f103 78 MGMT_OP_SET_ADVERTISING,
0663ca2a 79 MGMT_OP_SET_BREDR,
d13eafce 80 MGMT_OP_SET_STATIC_ADDRESS,
7f72134e 81 MGMT_OP_SET_SCAN_PARAMS,
e98d2ce2 82 MGMT_OP_SET_SECURE_CONN,
4e39ac81 83 MGMT_OP_SET_DEBUG_KEYS,
62b04cd1 84 MGMT_OP_SET_PRIVACY,
41edf160 85 MGMT_OP_LOAD_IRKS,
e70bb2e8
JH		 86};
87
88static const u16 mgmt_events[] = {
89 MGMT_EV_CONTROLLER_ERROR,
90 MGMT_EV_INDEX_ADDED,
91 MGMT_EV_INDEX_REMOVED,
92 MGMT_EV_NEW_SETTINGS,
93 MGMT_EV_CLASS_OF_DEV_CHANGED,
94 MGMT_EV_LOCAL_NAME_CHANGED,
95 MGMT_EV_NEW_LINK_KEY,
96 MGMT_EV_NEW_LONG_TERM_KEY,
97 MGMT_EV_DEVICE_CONNECTED,
98 MGMT_EV_DEVICE_DISCONNECTED,
99 MGMT_EV_CONNECT_FAILED,
100 MGMT_EV_PIN_CODE_REQUEST,
101 MGMT_EV_USER_CONFIRM_REQUEST,
102 MGMT_EV_USER_PASSKEY_REQUEST,
103 MGMT_EV_AUTH_FAILED,
104 MGMT_EV_DEVICE_FOUND,
105 MGMT_EV_DISCOVERING,
106 MGMT_EV_DEVICE_BLOCKED,
107 MGMT_EV_DEVICE_UNBLOCKED,
108 MGMT_EV_DEVICE_UNPAIRED,
92a25256 109 MGMT_EV_PASSKEY_NOTIFY,
1b60ef21 110 MGMT_EV_NEW_IRK,
e70bb2e8
JH		 111};
112
17b02e62 113#define CACHE_TIMEOUT msecs_to_jiffies(2 * 1000)
7d78525d 114
4b34ee78
JH		 115#define hdev_is_powered(hdev) (test_bit(HCI_UP, &hdev->flags) && \
116 !test_bit(HCI_AUTO_OFF, &hdev->dev_flags))
117
eec8d2bc
JH		 118struct pending_cmd {
119 struct list_head list;
fc2f4b13 120 u16 opcode;
eec8d2bc 121 int index;
c68fb7ff 122 void *param;
eec8d2bc 123 struct sock *sk;
e9a416b5 124 void *user_data;
eec8d2bc
JH		 125};
126
ca69b795
JH		 127/* HCI to MGMT error code conversion table */
128static u8 mgmt_status_table[] = {
129 MGMT_STATUS_SUCCESS,
130 MGMT_STATUS_UNKNOWN_COMMAND, /* Unknown Command */
131 MGMT_STATUS_NOT_CONNECTED, /* No Connection */
132 MGMT_STATUS_FAILED, /* Hardware Failure */
133 MGMT_STATUS_CONNECT_FAILED, /* Page Timeout */
134 MGMT_STATUS_AUTH_FAILED, /* Authentication Failed */
eadd663a 135 MGMT_STATUS_AUTH_FAILED, /* PIN or Key Missing */
ca69b795
JH		 136 MGMT_STATUS_NO_RESOURCES, /* Memory Full */
137 MGMT_STATUS_TIMEOUT, /* Connection Timeout */
138 MGMT_STATUS_NO_RESOURCES, /* Max Number of Connections */
139 MGMT_STATUS_NO_RESOURCES, /* Max Number of SCO Connections */
140 MGMT_STATUS_ALREADY_CONNECTED, /* ACL Connection Exists */
141 MGMT_STATUS_BUSY, /* Command Disallowed */
142 MGMT_STATUS_NO_RESOURCES, /* Rejected Limited Resources */
143 MGMT_STATUS_REJECTED, /* Rejected Security */
144 MGMT_STATUS_REJECTED, /* Rejected Personal */
145 MGMT_STATUS_TIMEOUT, /* Host Timeout */
146 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Feature */
147 MGMT_STATUS_INVALID_PARAMS, /* Invalid Parameters */
148 MGMT_STATUS_DISCONNECTED, /* OE User Ended Connection */
149 MGMT_STATUS_NO_RESOURCES, /* OE Low Resources */
150 MGMT_STATUS_DISCONNECTED, /* OE Power Off */
151 MGMT_STATUS_DISCONNECTED, /* Connection Terminated */
152 MGMT_STATUS_BUSY, /* Repeated Attempts */
153 MGMT_STATUS_REJECTED, /* Pairing Not Allowed */
154 MGMT_STATUS_FAILED, /* Unknown LMP PDU */
155 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Remote Feature */
156 MGMT_STATUS_REJECTED, /* SCO Offset Rejected */
157 MGMT_STATUS_REJECTED, /* SCO Interval Rejected */
158 MGMT_STATUS_REJECTED, /* Air Mode Rejected */
159 MGMT_STATUS_INVALID_PARAMS, /* Invalid LMP Parameters */
160 MGMT_STATUS_FAILED, /* Unspecified Error */
161 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported LMP Parameter Value */
162 MGMT_STATUS_FAILED, /* Role Change Not Allowed */
163 MGMT_STATUS_TIMEOUT, /* LMP Response Timeout */
164 MGMT_STATUS_FAILED, /* LMP Error Transaction Collision */
165 MGMT_STATUS_FAILED, /* LMP PDU Not Allowed */
166 MGMT_STATUS_REJECTED, /* Encryption Mode Not Accepted */
167 MGMT_STATUS_FAILED, /* Unit Link Key Used */
168 MGMT_STATUS_NOT_SUPPORTED, /* QoS Not Supported */
169 MGMT_STATUS_TIMEOUT, /* Instant Passed */
170 MGMT_STATUS_NOT_SUPPORTED, /* Pairing Not Supported */
171 MGMT_STATUS_FAILED, /* Transaction Collision */
172 MGMT_STATUS_INVALID_PARAMS, /* Unacceptable Parameter */
173 MGMT_STATUS_REJECTED, /* QoS Rejected */
174 MGMT_STATUS_NOT_SUPPORTED, /* Classification Not Supported */
175 MGMT_STATUS_REJECTED, /* Insufficient Security */
176 MGMT_STATUS_INVALID_PARAMS, /* Parameter Out Of Range */
177 MGMT_STATUS_BUSY, /* Role Switch Pending */
178 MGMT_STATUS_FAILED, /* Slot Violation */
179 MGMT_STATUS_FAILED, /* Role Switch Failed */
180 MGMT_STATUS_INVALID_PARAMS, /* EIR Too Large */
181 MGMT_STATUS_NOT_SUPPORTED, /* Simple Pairing Not Supported */
182 MGMT_STATUS_BUSY, /* Host Busy Pairing */
183 MGMT_STATUS_REJECTED, /* Rejected, No Suitable Channel */
184 MGMT_STATUS_BUSY, /* Controller Busy */
185 MGMT_STATUS_INVALID_PARAMS, /* Unsuitable Connection Interval */
186 MGMT_STATUS_TIMEOUT, /* Directed Advertising Timeout */
187 MGMT_STATUS_AUTH_FAILED, /* Terminated Due to MIC Failure */
188 MGMT_STATUS_CONNECT_FAILED, /* Connection Establishment Failed */
189 MGMT_STATUS_CONNECT_FAILED, /* MAC Connection Failed */
190};
191
192static u8 mgmt_status(u8 hci_status)
193{
194 if (hci_status < ARRAY_SIZE(mgmt_status_table))
195 return mgmt_status_table[hci_status];
196
197 return MGMT_STATUS_FAILED;
198}
199
4e51eae9 200static int cmd_status(struct sock *sk, u16 index, u16 cmd, u8 status)
f7b64e69
JH		 201{
202 struct sk_buff *skb;
203 struct mgmt_hdr *hdr;
204 struct mgmt_ev_cmd_status *ev;
56b7d137 205 int err;
f7b64e69 206
34eb525c 207 BT_DBG("sock %p, index %u, cmd %u, status %u", sk, index, cmd, status);
f7b64e69 208
790eff44 209 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev), GFP_KERNEL);
f7b64e69
JH		 210 if (!skb)
211 return -ENOMEM;
212
213 hdr = (void *) skb_put(skb, sizeof(*hdr));
214
612dfce9 215 hdr->opcode = __constant_cpu_to_le16(MGMT_EV_CMD_STATUS);
4e51eae9 216 hdr->index = cpu_to_le16(index);
f7b64e69
JH		 217 hdr->len = cpu_to_le16(sizeof(*ev));
218
219 ev = (void *) skb_put(skb, sizeof(*ev));
220 ev->status = status;
eb55ef07 221 ev->opcode = cpu_to_le16(cmd);
f7b64e69 222
56b7d137
GP		 223 err = sock_queue_rcv_skb(sk, skb);
224 if (err < 0)
f7b64e69
JH		 225 kfree_skb(skb);
226
56b7d137 227 return err;
f7b64e69
JH		 228}
229
aee9b218 230static int cmd_complete(struct sock *sk, u16 index, u16 cmd, u8 status,
04124681 231 void *rp, size_t rp_len)
02d98129
JH		 232{
233 struct sk_buff *skb;
234 struct mgmt_hdr *hdr;
235 struct mgmt_ev_cmd_complete *ev;
56b7d137 236 int err;
02d98129
JH		 237
238 BT_DBG("sock %p", sk);
239
790eff44 240 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev) + rp_len, GFP_KERNEL);
02d98129
JH		 241 if (!skb)
242 return -ENOMEM;
243
244 hdr = (void *) skb_put(skb, sizeof(*hdr));
02d98129 245
612dfce9 246 hdr->opcode = __constant_cpu_to_le16(MGMT_EV_CMD_COMPLETE);
4e51eae9 247 hdr->index = cpu_to_le16(index);
a38528f1 248 hdr->len = cpu_to_le16(sizeof(*ev) + rp_len);
02d98129 249
a38528f1 250 ev = (void *) skb_put(skb, sizeof(*ev) + rp_len);
eb55ef07 251 ev->opcode = cpu_to_le16(cmd);
aee9b218 252 ev->status = status;
8020c16a
SJ		 253
254 if (rp)
255 memcpy(ev->data, rp, rp_len);
02d98129 256
56b7d137
GP		 257 err = sock_queue_rcv_skb(sk, skb);
258 if (err < 0)
02d98129
JH		 259 kfree_skb(skb);
260
e5f0e151 261 return err;
02d98129
JH		 262}
263
04124681
GP		 264static int read_version(struct sock *sk, struct hci_dev *hdev, void *data,
265 u16 data_len)
a38528f1
JH		 266{
267 struct mgmt_rp_read_version rp;
268
269 BT_DBG("sock %p", sk);
270
271 rp.version = MGMT_VERSION;
eb55ef07 272 rp.revision = __constant_cpu_to_le16(MGMT_REVISION);
a38528f1 273
aee9b218 274 return cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_VERSION, 0, &rp,
04124681 275 sizeof(rp));
a38528f1
JH		 276}
277
04124681
GP		 278static int read_commands(struct sock *sk, struct hci_dev *hdev, void *data,
279 u16 data_len)
e70bb2e8
JH		 280{
281 struct mgmt_rp_read_commands *rp;
eb55ef07
MH		 282 const u16 num_commands = ARRAY_SIZE(mgmt_commands);
283 const u16 num_events = ARRAY_SIZE(mgmt_events);
2e3c35ea 284 __le16 *opcode;
e70bb2e8
JH		 285 size_t rp_size;
286 int i, err;
287
288 BT_DBG("sock %p", sk);
289
290 rp_size = sizeof(*rp) + ((num_commands + num_events) * sizeof(u16));
291
292 rp = kmalloc(rp_size, GFP_KERNEL);
293 if (!rp)
294 return -ENOMEM;
295
eb55ef07
MH		 296 rp->num_commands = __constant_cpu_to_le16(num_commands);
297 rp->num_events = __constant_cpu_to_le16(num_events);
e70bb2e8
JH		 298
299 for (i = 0, opcode = rp->opcodes; i < num_commands; i++, opcode++)
300 put_unaligned_le16(mgmt_commands[i], opcode);
301
302 for (i = 0; i < num_events; i++, opcode++)
303 put_unaligned_le16(mgmt_events[i], opcode);
304
aee9b218 305 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_COMMANDS, 0, rp,
04124681 306 rp_size);
e70bb2e8
JH		 307 kfree(rp);
308
309 return err;
310}
311
04124681
GP		 312static int read_index_list(struct sock *sk, struct hci_dev *hdev, void *data,
313 u16 data_len)
faba42eb 314{
faba42eb 315 struct mgmt_rp_read_index_list *rp;
8035ded4 316 struct hci_dev *d;
a38528f1 317 size_t rp_len;
faba42eb 318 u16 count;
476e44cb 319 int err;
faba42eb
JH		 320
321 BT_DBG("sock %p", sk);
322
323 read_lock(&hci_dev_list_lock);
324
325 count = 0;
bb4b2a9a 326 list_for_each_entry(d, &hci_dev_list, list) {
1514b892
MH		 327 if (d->dev_type == HCI_BREDR)
328 count++;
faba42eb
JH		 329 }
330
a38528f1
JH		 331 rp_len = sizeof(*rp) + (2 * count);
332 rp = kmalloc(rp_len, GFP_ATOMIC);
333 if (!rp) {
b2c60d42 334 read_unlock(&hci_dev_list_lock);
faba42eb 335 return -ENOMEM;
b2c60d42 336 }
faba42eb 337
476e44cb 338 count = 0;
8035ded4 339 list_for_each_entry(d, &hci_dev_list, list) {
a8b2d5c2 340 if (test_bit(HCI_SETUP, &d->dev_flags))
ab81cbf9
JH		 341 continue;
342
0736cfa8
MH		 343 if (test_bit(HCI_USER_CHANNEL, &d->dev_flags))
344 continue;
345
1514b892
MH		 346 if (d->dev_type == HCI_BREDR) {
347 rp->index[count++] = cpu_to_le16(d->id);
348 BT_DBG("Added hci%u", d->id);
349 }
faba42eb
JH		 350 }
351
476e44cb
JH		 352 rp->num_controllers = cpu_to_le16(count);
353 rp_len = sizeof(*rp) + (2 * count);
354
faba42eb
JH		 355 read_unlock(&hci_dev_list_lock);
356
aee9b218 357 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_INDEX_LIST, 0, rp,
04124681 358 rp_len);
faba42eb 359
a38528f1
JH		 360 kfree(rp);
361
362 return err;
faba42eb
JH		 363}
364
69ab39ea
JH		 365static u32 get_supported_settings(struct hci_dev *hdev)
366{
367 u32 settings = 0;
368
369 settings |= MGMT_SETTING_POWERED;
69ab39ea 370 settings |= MGMT_SETTING_PAIRABLE;
b1de97d8 371 settings |= MGMT_SETTING_DEBUG_KEYS;
69ab39ea 372
ed3fa31f 373 if (lmp_bredr_capable(hdev)) {
33c525c0 374 settings |= MGMT_SETTING_CONNECTABLE;
1a47aee8
JH		 375 if (hdev->hci_ver >= BLUETOOTH_VER_1_2)
376 settings |= MGMT_SETTING_FAST_CONNECTABLE;
33c525c0 377 settings |= MGMT_SETTING_DISCOVERABLE;
69ab39ea
JH		 378 settings |= MGMT_SETTING_BREDR;
379 settings |= MGMT_SETTING_LINK_SECURITY;
a82974c9
MH		 380
381 if (lmp_ssp_capable(hdev)) {
382 settings |= MGMT_SETTING_SSP;
383 settings |= MGMT_SETTING_HS;
384 }
e98d2ce2 385
5afeac14
MH		 386 if (lmp_sc_capable(hdev) ||
387 test_bit(HCI_FORCE_SC, &hdev->dev_flags))
e98d2ce2 388 settings |= MGMT_SETTING_SECURE_CONN;
848566b3 389 }
d7b7e796 390
eeca6f89 391 if (lmp_le_capable(hdev)) {
9d42820f 392 settings |= MGMT_SETTING_LE;
eeca6f89 393 settings |= MGMT_SETTING_ADVERTISING;
0f4bd942 394 settings |= MGMT_SETTING_PRIVACY;
eeca6f89 395 }
69ab39ea
JH		 396
397 return settings;
398}
399
400static u32 get_current_settings(struct hci_dev *hdev)
401{
402 u32 settings = 0;
403
f1f0eb02 404 if (hdev_is_powered(hdev))
f0d4b78a
MH		 405 settings |= MGMT_SETTING_POWERED;
406
5e5282bb 407 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
69ab39ea
JH		 408 settings |= MGMT_SETTING_CONNECTABLE;
409
1a4d3c4b
JH		 410 if (test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags))
411 settings |= MGMT_SETTING_FAST_CONNECTABLE;
412
5e5282bb 413 if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
69ab39ea
JH		 414 settings |= MGMT_SETTING_DISCOVERABLE;
415
a8b2d5c2 416 if (test_bit(HCI_PAIRABLE, &hdev->dev_flags))
69ab39ea
JH		 417 settings |= MGMT_SETTING_PAIRABLE;
418
56f87901 419 if (test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
69ab39ea
JH		 420 settings |= MGMT_SETTING_BREDR;
421
06199cf8 422 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
69ab39ea
JH		 423 settings |= MGMT_SETTING_LE;
424
47990ea0 425 if (test_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
69ab39ea
JH		 426 settings |= MGMT_SETTING_LINK_SECURITY;
427
84bde9d6 428 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
69ab39ea
JH		 429 settings |= MGMT_SETTING_SSP;
430
6d80dfd0
JH		 431 if (test_bit(HCI_HS_ENABLED, &hdev->dev_flags))
432 settings |= MGMT_SETTING_HS;
433
f3d3444a 434 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags))
eeca6f89
JH		 435 settings |= MGMT_SETTING_ADVERTISING;
436
e98d2ce2
MH		 437 if (test_bit(HCI_SC_ENABLED, &hdev->dev_flags))
438 settings |= MGMT_SETTING_SECURE_CONN;
439
b1de97d8
MH		 440 if (test_bit(HCI_DEBUG_KEYS, &hdev->dev_flags))
441 settings |= MGMT_SETTING_DEBUG_KEYS;
442
0f4bd942
JH		 443 if (test_bit(HCI_PRIVACY, &hdev->dev_flags))
444 settings |= MGMT_SETTING_PRIVACY;
445
69ab39ea
JH		 446 return settings;
447}
448
ef580372
JH		 449#define PNP_INFO_SVCLASS_ID 0x1200
450
213202ed
JH		 451static u8 *create_uuid16_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
452{
453 u8 *ptr = data, *uuids_start = NULL;
454 struct bt_uuid *uuid;
455
456 if (len < 4)
457 return ptr;
458
459 list_for_each_entry(uuid, &hdev->uuids, list) {
460 u16 uuid16;
461
462 if (uuid->size != 16)
463 continue;
464
465 uuid16 = get_unaligned_le16(&uuid->uuid[12]);
466 if (uuid16 < 0x1100)
467 continue;
468
469 if (uuid16 == PNP_INFO_SVCLASS_ID)
470 continue;
471
472 if (!uuids_start) {
473 uuids_start = ptr;
474 uuids_start[0] = 1;
475 uuids_start[1] = EIR_UUID16_ALL;
476 ptr += 2;
477 }
478
479 /* Stop if not enough space to put next UUID */
480 if ((ptr - data) + sizeof(u16) > len) {
481 uuids_start[1] = EIR_UUID16_SOME;
482 break;
483 }
484
485 *ptr++ = (uuid16 & 0x00ff);
486 *ptr++ = (uuid16 & 0xff00) >> 8;
487 uuids_start[0] += sizeof(uuid16);
488 }
489
490 return ptr;
491}
492
cdf1963f
JH		 493static u8 *create_uuid32_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
494{
495 u8 *ptr = data, *uuids_start = NULL;
496 struct bt_uuid *uuid;
497
498 if (len < 6)
499 return ptr;
500
501 list_for_each_entry(uuid, &hdev->uuids, list) {
502 if (uuid->size != 32)
503 continue;
504
505 if (!uuids_start) {
506 uuids_start = ptr;
507 uuids_start[0] = 1;
508 uuids_start[1] = EIR_UUID32_ALL;
509 ptr += 2;
510 }
511
512 /* Stop if not enough space to put next UUID */
513 if ((ptr - data) + sizeof(u32) > len) {
514 uuids_start[1] = EIR_UUID32_SOME;
515 break;
516 }
517
518 memcpy(ptr, &uuid->uuid[12], sizeof(u32));
519 ptr += sizeof(u32);
520 uuids_start[0] += sizeof(u32);
521 }
522
523 return ptr;
524}
525
c00d575b
JH		 526static u8 *create_uuid128_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
527{
528 u8 *ptr = data, *uuids_start = NULL;
529 struct bt_uuid *uuid;
530
531 if (len < 18)
532 return ptr;
533
534 list_for_each_entry(uuid, &hdev->uuids, list) {
535 if (uuid->size != 128)
536 continue;
537
538 if (!uuids_start) {
539 uuids_start = ptr;
540 uuids_start[0] = 1;
541 uuids_start[1] = EIR_UUID128_ALL;
542 ptr += 2;
543 }
544
545 /* Stop if not enough space to put next UUID */
546 if ((ptr - data) + 16 > len) {
547 uuids_start[1] = EIR_UUID128_SOME;
548 break;
549 }
550
551 memcpy(ptr, uuid->uuid, 16);
552 ptr += 16;
553 uuids_start[0] += 16;
554 }
555
556 return ptr;
557}
558
eb2a8d20
JH		 559static struct pending_cmd *mgmt_pending_find(u16 opcode, struct hci_dev *hdev)
560{
561 struct pending_cmd *cmd;
562
563 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
564 if (cmd->opcode == opcode)
565 return cmd;
566 }
567
568 return NULL;
569}
570
f14d8f64
MH		 571static u8 create_scan_rsp_data(struct hci_dev *hdev, u8 *ptr)
572{
7a5f4990
MH		 573 u8 ad_len = 0;
574 size_t name_len;
575
576 name_len = strlen(hdev->dev_name);
577 if (name_len > 0) {
578 size_t max_len = HCI_MAX_AD_LENGTH - ad_len - 2;
579
580 if (name_len > max_len) {
581 name_len = max_len;
582 ptr[1] = EIR_NAME_SHORT;
583 } else
584 ptr[1] = EIR_NAME_COMPLETE;
585
586 ptr[0] = name_len + 1;
587
588 memcpy(ptr + 2, hdev->dev_name, name_len);
589
590 ad_len += (name_len + 2);
591 ptr += (name_len + 2);
592 }
593
594 return ad_len;
f14d8f64
MH		 595}
596
597static void update_scan_rsp_data(struct hci_request *req)
598{
599 struct hci_dev *hdev = req->hdev;
600 struct hci_cp_le_set_scan_rsp_data cp;
601 u8 len;
602
7751ef1b 603 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
f14d8f64
MH		 604 return;
605
606 memset(&cp, 0, sizeof(cp));
607
608 len = create_scan_rsp_data(hdev, cp.data);
609
eb438b5f
JH		 610 if (hdev->scan_rsp_data_len == len &&
611 memcmp(cp.data, hdev->scan_rsp_data, len) == 0)
f14d8f64
MH		 612 return;
613
eb438b5f
JH		 614 memcpy(hdev->scan_rsp_data, cp.data, sizeof(cp.data));
615 hdev->scan_rsp_data_len = len;
f14d8f64
MH		 616
617 cp.length = len;
618
619 hci_req_add(req, HCI_OP_LE_SET_SCAN_RSP_DATA, sizeof(cp), &cp);
620}
621
9a43e25f
JH		 622static u8 get_adv_discov_flags(struct hci_dev *hdev)
623{
624 struct pending_cmd *cmd;
625
626 /* If there's a pending mgmt command the flags will not yet have
627 * their final values, so check for this first.
628 */
629 cmd = mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev);
630 if (cmd) {
631 struct mgmt_mode *cp = cmd->param;
632 if (cp->val == 0x01)
633 return LE_AD_GENERAL;
634 else if (cp->val == 0x02)
635 return LE_AD_LIMITED;
636 } else {
637 if (test_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags))
638 return LE_AD_LIMITED;
639 else if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
640 return LE_AD_GENERAL;
641 }
642
643 return 0;
644}
645
46cad2ed 646static u8 create_adv_data(struct hci_dev *hdev, u8 *ptr)
441ad2d0
MH		 647{
648 u8 ad_len = 0, flags = 0;
441ad2d0 649
9a43e25f 650 flags |= get_adv_discov_flags(hdev);
441ad2d0 651
e834004b 652 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
441ad2d0 653 flags |= LE_AD_NO_BREDR;
441ad2d0
MH		 654
655 if (flags) {
656 BT_DBG("adv flags 0x%02x", flags);
657
658 ptr[0] = 2;
659 ptr[1] = EIR_FLAGS;
660 ptr[2] = flags;
661
662 ad_len += 3;
663 ptr += 3;
664 }
665
666 if (hdev->adv_tx_power != HCI_TX_POWER_INVALID) {
667 ptr[0] = 2;
668 ptr[1] = EIR_TX_POWER;
669 ptr[2] = (u8) hdev->adv_tx_power;
670
671 ad_len += 3;
672 ptr += 3;
673 }
674
441ad2d0
MH		 675 return ad_len;
676}
677
5947f4bc 678static void update_adv_data(struct hci_request *req)
441ad2d0
MH		 679{
680 struct hci_dev *hdev = req->hdev;
681 struct hci_cp_le_set_adv_data cp;
682 u8 len;
683
10994ce6 684 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
441ad2d0
MH		 685 return;
686
687 memset(&cp, 0, sizeof(cp));
688
46cad2ed 689 len = create_adv_data(hdev, cp.data);
441ad2d0
MH		 690
691 if (hdev->adv_data_len == len &&
692 memcmp(cp.data, hdev->adv_data, len) == 0)
693 return;
694
695 memcpy(hdev->adv_data, cp.data, sizeof(cp.data));
696 hdev->adv_data_len = len;
697
698 cp.length = len;
699
700 hci_req_add(req, HCI_OP_LE_SET_ADV_DATA, sizeof(cp), &cp);
701}
702
ef580372
JH		 703static void create_eir(struct hci_dev *hdev, u8 *data)
704{
705 u8 *ptr = data;
ef580372
JH		 706 size_t name_len;
707
708 name_len = strlen(hdev->dev_name);
709
710 if (name_len > 0) {
711 /* EIR Data type */
712 if (name_len > 48) {
713 name_len = 48;
714 ptr[1] = EIR_NAME_SHORT;
715 } else
716 ptr[1] = EIR_NAME_COMPLETE;
717
718 /* EIR Data length */
719 ptr[0] = name_len + 1;
720
721 memcpy(ptr + 2, hdev->dev_name, name_len);
722
ef580372
JH		 723 ptr += (name_len + 2);
724 }
725
bbaf444a 726 if (hdev->inq_tx_power != HCI_TX_POWER_INVALID) {
91c4e9b1
MH		 727 ptr[0] = 2;
728 ptr[1] = EIR_TX_POWER;
729 ptr[2] = (u8) hdev->inq_tx_power;
730
91c4e9b1
MH		 731 ptr += 3;
732 }
733
2b9be137
MH		 734 if (hdev->devid_source > 0) {
735 ptr[0] = 9;
736 ptr[1] = EIR_DEVICE_ID;
737
738 put_unaligned_le16(hdev->devid_source, ptr + 2);
739 put_unaligned_le16(hdev->devid_vendor, ptr + 4);
740 put_unaligned_le16(hdev->devid_product, ptr + 6);
741 put_unaligned_le16(hdev->devid_version, ptr + 8);
742
2b9be137
MH		 743 ptr += 10;
744 }
745
213202ed 746 ptr = create_uuid16_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
cdf1963f 747 ptr = create_uuid32_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
c00d575b 748 ptr = create_uuid128_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
ef580372
JH		 749}
750
890ea898 751static void update_eir(struct hci_request *req)
ef580372 752{
890ea898 753 struct hci_dev *hdev = req->hdev;
ef580372
JH		 754 struct hci_cp_write_eir cp;
755
504c8dcd 756 if (!hdev_is_powered(hdev))
890ea898 757 return;
7770c4aa 758
976eb20e 759 if (!lmp_ext_inq_capable(hdev))
890ea898 760 return;
ef580372 761
84bde9d6 762 if (!test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
890ea898 763 return;
ef580372 764
a8b2d5c2 765 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
890ea898 766 return;
ef580372
JH		 767
768 memset(&cp, 0, sizeof(cp));
769
770 create_eir(hdev, cp.data);
771
772 if (memcmp(cp.data, hdev->eir, sizeof(cp.data)) == 0)
890ea898 773 return;
ef580372
JH		 774
775 memcpy(hdev->eir, cp.data, sizeof(cp.data));
776
890ea898 777 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
ef580372
JH		 778}
779
780static u8 get_service_classes(struct hci_dev *hdev)
781{
782 struct bt_uuid *uuid;
783 u8 val = 0;
784
785 list_for_each_entry(uuid, &hdev->uuids, list)
786 val |= uuid->svc_hint;
787
788 return val;
789}
790
890ea898 791static void update_class(struct hci_request *req)
ef580372 792{
890ea898 793 struct hci_dev *hdev = req->hdev;
ef580372
JH		 794 u8 cod[3];
795
796 BT_DBG("%s", hdev->name);
797
504c8dcd 798 if (!hdev_is_powered(hdev))
890ea898 799 return;
7770c4aa 800
f87ea1da
JH		 801 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
802 return;
803
a8b2d5c2 804 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
890ea898 805 return;
ef580372
JH		 806
807 cod[0] = hdev->minor_class;
808 cod[1] = hdev->major_class;
809 cod[2] = get_service_classes(hdev);
810
6acd7db4
MH		 811 if (test_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags))
812 cod[1] |= 0x20;
813
ef580372 814 if (memcmp(cod, hdev->dev_class, 3) == 0)
890ea898 815 return;
ef580372 816
890ea898 817 hci_req_add(req, HCI_OP_WRITE_CLASS_OF_DEV, sizeof(cod), cod);
ef580372
JH		 818}
819
a4858cb9 820static bool get_connectable(struct hci_dev *hdev)
199a2fb1
JH		 821{
822 struct pending_cmd *cmd;
199a2fb1
JH		 823
824 /* If there's a pending mgmt command the flag will not yet have
825 * it's final value, so check for this first.
826 */
827 cmd = mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
828 if (cmd) {
829 struct mgmt_mode *cp = cmd->param;
a4858cb9 830 return cp->val;
199a2fb1
JH		 831 }
832
a4858cb9 833 return test_bit(HCI_CONNECTABLE, &hdev->dev_flags);
199a2fb1
JH		 834}
835
836static void enable_advertising(struct hci_request *req)
837{
838 struct hci_dev *hdev = req->hdev;
839 struct hci_cp_le_set_adv_param cp;
8f2a0601 840 u8 own_addr_type, enable = 0x01;
a4858cb9 841 bool connectable;
199a2fb1 842
a4858cb9 843 connectable = get_connectable(hdev);
8f2a0601 844
a4858cb9
JH		 845 /* Set require_privacy to true only when non-connectable
846 * advertising is used. In that case it is fine to use a
847 * non-resolvable private address.
848 */
849 if (hci_update_random_address(req, !connectable, &own_addr_type) < 0)
8f2a0601
JH		 850 return;
851
41c90c18 852 memset(&cp, 0, sizeof(cp));
199a2fb1
JH		 853 cp.min_interval = __constant_cpu_to_le16(0x0800);
854 cp.max_interval = __constant_cpu_to_le16(0x0800);
a4858cb9 855 cp.type = connectable ? LE_ADV_IND : LE_ADV_NONCONN_IND;
8f2a0601 856 cp.own_address_type = own_addr_type;
199a2fb1
JH		 857 cp.channel_map = hdev->le_adv_channel_map;
858
859 hci_req_add(req, HCI_OP_LE_SET_ADV_PARAM, sizeof(cp), &cp);
860
861 hci_req_add(req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable), &enable);
862}
863
864static void disable_advertising(struct hci_request *req)
865{
866 u8 enable = 0x00;
867
868 hci_req_add(req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable), &enable);
869}
870
7d78525d
JH		 871static void service_cache_off(struct work_struct *work)
872{
873 struct hci_dev *hdev = container_of(work, struct hci_dev,
04124681 874 service_cache.work);
890ea898 875 struct hci_request req;
7d78525d 876
a8b2d5c2 877 if (!test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
7d78525d
JH		 878 return;
879
890ea898
JH		 880 hci_req_init(&req, hdev);
881
7d78525d
JH		 882 hci_dev_lock(hdev);
883
890ea898
JH		 884 update_eir(&req);
885 update_class(&req);
7d78525d
JH		 886
887 hci_dev_unlock(hdev);
890ea898
JH		 888
889 hci_req_run(&req, NULL);
7d78525d
JH		 890}
891
d6bfd59c
JH		 892static void rpa_expired(struct work_struct *work)
893{
894 struct hci_dev *hdev = container_of(work, struct hci_dev,
895 rpa_expired.work);
896 struct hci_request req;
897
898 BT_DBG("");
899
900 set_bit(HCI_RPA_EXPIRED, &hdev->dev_flags);
901
902 if (!test_bit(HCI_ADVERTISING, &hdev->dev_flags) ||
903 hci_conn_num(hdev, LE_LINK) > 0)
904 return;
905
906 /* The generation of a new RPA and programming it into the
907 * controller happens in the enable_advertising() function.
908 */
909
910 hci_req_init(&req, hdev);
911
912 disable_advertising(&req);
913 enable_advertising(&req);
914
915 hci_req_run(&req, NULL);
916}
917
6a919082 918static void mgmt_init_hdev(struct sock *sk, struct hci_dev *hdev)
7d78525d 919{
4f87da80 920 if (test_and_set_bit(HCI_MGMT, &hdev->dev_flags))
6a919082
JH		 921 return;
922
4f87da80 923 INIT_DELAYED_WORK(&hdev->service_cache, service_cache_off);
d6bfd59c 924 INIT_DELAYED_WORK(&hdev->rpa_expired, rpa_expired);
7d78525d 925
4f87da80
JH		 926 /* Non-mgmt controlled devices get this bit set
927 * implicitly so that pairing works for them, however
928 * for mgmt we require user-space to explicitly enable
929 * it
930 */
931 clear_bit(HCI_PAIRABLE, &hdev->dev_flags);
7d78525d
JH		 932}
933
0f4e68cf 934static int read_controller_info(struct sock *sk, struct hci_dev *hdev,
04124681 935 void *data, u16 data_len)
0381101f 936{
a38528f1 937 struct mgmt_rp_read_info rp;
f7b64e69 938
bdb6d971 939 BT_DBG("sock %p %s", sk, hdev->name);
f7b64e69 940
09fd0de5 941 hci_dev_lock(hdev);
f7b64e69 942
dc4fe30b
JH		 943 memset(&rp, 0, sizeof(rp));
944
69ab39ea 945 bacpy(&rp.bdaddr, &hdev->bdaddr);
f7b64e69 946
69ab39ea 947 rp.version = hdev->hci_ver;
eb55ef07 948 rp.manufacturer = cpu_to_le16(hdev->manufacturer);
69ab39ea
JH		 949
950 rp.supported_settings = cpu_to_le32(get_supported_settings(hdev));
951 rp.current_settings = cpu_to_le32(get_current_settings(hdev));
f7b64e69 952
a38528f1 953 memcpy(rp.dev_class, hdev->dev_class, 3);
f7b64e69 954
dc4fe30b 955 memcpy(rp.name, hdev->dev_name, sizeof(hdev->dev_name));
27fcc362 956 memcpy(rp.short_name, hdev->short_name, sizeof(hdev->short_name));
dc4fe30b 957
09fd0de5 958 hci_dev_unlock(hdev);
0381101f 959
bdb6d971 960 return cmd_complete(sk, hdev->id, MGMT_OP_READ_INFO, 0, &rp,
04124681 961 sizeof(rp));
0381101f
JH		 962}
963
eec8d2bc
JH		 964static void mgmt_pending_free(struct pending_cmd *cmd)
965{
966 sock_put(cmd->sk);
c68fb7ff 967 kfree(cmd->param);
eec8d2bc
JH		 968 kfree(cmd);
969}
970
366a0336 971static struct pending_cmd *mgmt_pending_add(struct sock *sk, u16 opcode,
04124681
GP		 972 struct hci_dev *hdev, void *data,
973 u16 len)
eec8d2bc
JH		 974{
975 struct pending_cmd *cmd;
976
12b94565 977 cmd = kmalloc(sizeof(*cmd), GFP_KERNEL);
eec8d2bc 978 if (!cmd)
366a0336 979 return NULL;
eec8d2bc
JH		 980
981 cmd->opcode = opcode;
2e58ef3e 982 cmd->index = hdev->id;
eec8d2bc 983
12b94565 984 cmd->param = kmalloc(len, GFP_KERNEL);
c68fb7ff 985 if (!cmd->param) {
eec8d2bc 986 kfree(cmd);
366a0336 987 return NULL;
eec8d2bc
JH		 988 }
989
8fce6357
SJ		 990 if (data)
991 memcpy(cmd->param, data, len);
eec8d2bc
JH		 992
993 cmd->sk = sk;
994 sock_hold(sk);
995
2e58ef3e 996 list_add(&cmd->list, &hdev->mgmt_pending);
eec8d2bc 997
366a0336 998 return cmd;
eec8d2bc
JH		 999}
1000
744cf19e 1001static void mgmt_pending_foreach(u16 opcode, struct hci_dev *hdev,
8fc9ced3
GP		 1002 void (*cb)(struct pending_cmd *cmd,
1003 void *data),
04124681 1004 void *data)
eec8d2bc 1005{
a3d09356 1006 struct pending_cmd *cmd, *tmp;
eec8d2bc 1007
a3d09356 1008 list_for_each_entry_safe(cmd, tmp, &hdev->mgmt_pending, list) {
b24752fe 1009 if (opcode > 0 && cmd->opcode != opcode)
eec8d2bc
JH		 1010 continue;
1011
eec8d2bc
JH		 1012 cb(cmd, data);
1013 }
1014}
1015
a664b5bc 1016static void mgmt_pending_remove(struct pending_cmd *cmd)
73f22f62 1017{
73f22f62
JH		 1018 list_del(&cmd->list);
1019 mgmt_pending_free(cmd);
1020}
1021
69ab39ea 1022static int send_settings_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
8680570b 1023{
69ab39ea 1024 __le32 settings = cpu_to_le32(get_current_settings(hdev));
8680570b 1025
aee9b218 1026 return cmd_complete(sk, hdev->id, opcode, 0, &settings,
04124681 1027 sizeof(settings));
8680570b
JH		 1028}
1029
8b064a3a
JH		 1030static void clean_up_hci_complete(struct hci_dev *hdev, u8 status)
1031{
1032 BT_DBG("%s status 0x%02x", hdev->name, status);
1033
1034 if (hci_conn_count(hdev) == 0)
1035 queue_work(hdev->req_workqueue, &hdev->power_off.work);
1036}
1037
1038static int clean_up_hci_state(struct hci_dev *hdev)
1039{
1040 struct hci_request req;
1041 struct hci_conn *conn;
1042
1043 hci_req_init(&req, hdev);
1044
1045 if (test_bit(HCI_ISCAN, &hdev->flags) ||
1046 test_bit(HCI_PSCAN, &hdev->flags)) {
1047 u8 scan = 0x00;
1048 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1049 }
1050
1051 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags))
1052 disable_advertising(&req);
1053
1054 if (test_bit(HCI_LE_SCAN, &hdev->dev_flags)) {
b1efcc28 1055 hci_req_add_le_scan_disable(&req);
8b064a3a
JH		 1056 }
1057
1058 list_for_each_entry(conn, &hdev->conn_hash.list, list) {
1059 struct hci_cp_disconnect dc;
c9910d0f
JH		 1060 struct hci_cp_reject_conn_req rej;
1061
1062 switch (conn->state) {
1063 case BT_CONNECTED:
1064 case BT_CONFIG:
1065 dc.handle = cpu_to_le16(conn->handle);
1066 dc.reason = 0x15; /* Terminated due to Power Off */
1067 hci_req_add(&req, HCI_OP_DISCONNECT, sizeof(dc), &dc);
1068 break;
1069 case BT_CONNECT:
1070 if (conn->type == LE_LINK)
1071 hci_req_add(&req, HCI_OP_LE_CREATE_CONN_CANCEL,
1072 0, NULL);
1073 else if (conn->type == ACL_LINK)
1074 hci_req_add(&req, HCI_OP_CREATE_CONN_CANCEL,
1075 6, &conn->dst);
1076 break;
1077 case BT_CONNECT2:
1078 bacpy(&rej.bdaddr, &conn->dst);
1079 rej.reason = 0x15; /* Terminated due to Power Off */
1080 if (conn->type == ACL_LINK)
1081 hci_req_add(&req, HCI_OP_REJECT_CONN_REQ,
1082 sizeof(rej), &rej);
1083 else if (conn->type == SCO_LINK)
1084 hci_req_add(&req, HCI_OP_REJECT_SYNC_CONN_REQ,
1085 sizeof(rej), &rej);
1086 break;
1087 }
8b064a3a
JH		 1088 }
1089
1090 return hci_req_run(&req, clean_up_hci_complete);
1091}
1092
bdb6d971 1093static int set_powered(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1094 u16 len)
eec8d2bc 1095{
650f726d 1096 struct mgmt_mode *cp = data;
366a0336 1097 struct pending_cmd *cmd;
4b34ee78 1098 int err;
eec8d2bc 1099
bdb6d971 1100 BT_DBG("request for %s", hdev->name);
eec8d2bc 1101
a7e80f25
JH		 1102 if (cp->val != 0x00 && cp->val != 0x01)
1103 return cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
1104 MGMT_STATUS_INVALID_PARAMS);
1105
09fd0de5 1106 hci_dev_lock(hdev);
eec8d2bc 1107
87b95ba6
JH		 1108 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev)) {
1109 err = cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
1110 MGMT_STATUS_BUSY);
1111 goto failed;
1112 }
1113
f0d4b78a
MH		 1114 if (test_and_clear_bit(HCI_AUTO_OFF, &hdev->dev_flags)) {
1115 cancel_delayed_work(&hdev->power_off);
1116
1117 if (cp->val) {
a1d70450
JH		 1118 mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev,
1119 data, len);
1120 err = mgmt_powered(hdev, 1);
f0d4b78a
MH		 1121 goto failed;
1122 }
1123 }
1124
4b34ee78 1125 if (!!cp->val == hdev_is_powered(hdev)) {
69ab39ea 1126 err = send_settings_rsp(sk, MGMT_OP_SET_POWERED, hdev);
eec8d2bc
JH		 1127 goto failed;
1128 }
1129
2e58ef3e 1130 cmd = mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev, data, len);
366a0336
JH		 1131 if (!cmd) {
1132 err = -ENOMEM;
eec8d2bc 1133 goto failed;
366a0336 1134 }
eec8d2bc 1135
8b064a3a 1136 if (cp->val) {
19202573 1137 queue_work(hdev->req_workqueue, &hdev->power_on);
8b064a3a
JH		 1138 err = 0;
1139 } else {
1140 /* Disconnect connections, stop scans, etc */
1141 err = clean_up_hci_state(hdev);
eec8d2bc 1142
8b064a3a
JH		 1143 /* ENODATA means there were no HCI commands queued */
1144 if (err == -ENODATA) {
1145 queue_work(hdev->req_workqueue, &hdev->power_off.work);
1146 err = 0;
1147 }
1148 }
eec8d2bc
JH		 1149
1150failed:
09fd0de5 1151 hci_dev_unlock(hdev);
366a0336 1152 return err;
eec8d2bc
JH		 1153}
1154
04124681
GP		 1155static int mgmt_event(u16 event, struct hci_dev *hdev, void *data, u16 data_len,
1156 struct sock *skip_sk)
beadb2bd
JH		 1157{
1158 struct sk_buff *skb;
1159 struct mgmt_hdr *hdr;
1160
790eff44 1161 skb = alloc_skb(sizeof(*hdr) + data_len, GFP_KERNEL);
beadb2bd
JH		 1162 if (!skb)
1163 return -ENOMEM;
1164
1165 hdr = (void *) skb_put(skb, sizeof(*hdr));
1166 hdr->opcode = cpu_to_le16(event);
1167 if (hdev)
1168 hdr->index = cpu_to_le16(hdev->id);
1169 else
612dfce9 1170 hdr->index = __constant_cpu_to_le16(MGMT_INDEX_NONE);
beadb2bd
JH		 1171 hdr->len = cpu_to_le16(data_len);
1172
1173 if (data)
1174 memcpy(skb_put(skb, data_len), data, data_len);
1175
97e0bdeb
MH		 1176 /* Time stamp */
1177 __net_timestamp(skb);
1178
beadb2bd
JH		 1179 hci_send_to_control(skb, skip_sk);
1180 kfree_skb(skb);
1181
1182 return 0;
1183}
1184
1185static int new_settings(struct hci_dev *hdev, struct sock *skip)
1186{
1187 __le32 ev;
1188
1189 ev = cpu_to_le32(get_current_settings(hdev));
1190
1191 return mgmt_event(MGMT_EV_NEW_SETTINGS, hdev, &ev, sizeof(ev), skip);
1192}
1193
bd99abdd
JH		 1194struct cmd_lookup {
1195 struct sock *sk;
1196 struct hci_dev *hdev;
1197 u8 mgmt_status;
1198};
1199
1200static void settings_rsp(struct pending_cmd *cmd, void *data)
1201{
1202 struct cmd_lookup *match = data;
1203
1204 send_settings_rsp(cmd->sk, cmd->opcode, match->hdev);
1205
1206 list_del(&cmd->list);
1207
1208 if (match->sk == NULL) {
1209 match->sk = cmd->sk;
1210 sock_hold(match->sk);
1211 }
1212
1213 mgmt_pending_free(cmd);
1214}
1215
1216static void cmd_status_rsp(struct pending_cmd *cmd, void *data)
1217{
1218 u8 *status = data;
1219
1220 cmd_status(cmd->sk, cmd->index, cmd->opcode, *status);
1221 mgmt_pending_remove(cmd);
1222}
1223
e6fe7986
JH		 1224static u8 mgmt_bredr_support(struct hci_dev *hdev)
1225{
1226 if (!lmp_bredr_capable(hdev))
1227 return MGMT_STATUS_NOT_SUPPORTED;
1228 else if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
1229 return MGMT_STATUS_REJECTED;
1230 else
1231 return MGMT_STATUS_SUCCESS;
1232}
1233
1234static u8 mgmt_le_support(struct hci_dev *hdev)
1235{
1236 if (!lmp_le_capable(hdev))
1237 return MGMT_STATUS_NOT_SUPPORTED;
1238 else if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
1239 return MGMT_STATUS_REJECTED;
1240 else
1241 return MGMT_STATUS_SUCCESS;
1242}
1243
bfaf8c9f
JH		 1244static void set_discoverable_complete(struct hci_dev *hdev, u8 status)
1245{
1246 struct pending_cmd *cmd;
1247 struct mgmt_mode *cp;
970ba524 1248 struct hci_request req;
bfaf8c9f
JH		 1249 bool changed;
1250
1251 BT_DBG("status 0x%02x", status);
1252
1253 hci_dev_lock(hdev);
1254
1255 cmd = mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev);
1256 if (!cmd)
1257 goto unlock;
1258
1259 if (status) {
1260 u8 mgmt_err = mgmt_status(status);
1261 cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
310a3d48 1262 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
bfaf8c9f
JH		 1263 goto remove_cmd;
1264 }
1265
1266 cp = cmd->param;
d4462a07 1267 if (cp->val) {
bfaf8c9f
JH		 1268 changed = !test_and_set_bit(HCI_DISCOVERABLE,
1269 &hdev->dev_flags);
d4462a07
MH		 1270
1271 if (hdev->discov_timeout > 0) {
1272 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
1273 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
1274 to);
1275 }
1276 } else {
bfaf8c9f
JH		 1277 changed = test_and_clear_bit(HCI_DISCOVERABLE,
1278 &hdev->dev_flags);
d4462a07 1279 }
bfaf8c9f
JH		 1280
1281 send_settings_rsp(cmd->sk, MGMT_OP_SET_DISCOVERABLE, hdev);
1282
1283 if (changed)
1284 new_settings(hdev, cmd->sk);
1285
970ba524
MH		 1286 /* When the discoverable mode gets changed, make sure
1287 * that class of device has the limited discoverable
1288 * bit correctly set.
1289 */
1290 hci_req_init(&req, hdev);
1291 update_class(&req);
1292 hci_req_run(&req, NULL);
1293
bfaf8c9f
JH		 1294remove_cmd:
1295 mgmt_pending_remove(cmd);
1296
1297unlock:
1298 hci_dev_unlock(hdev);
1299}
1300
bdb6d971 1301static int set_discoverable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1302 u16 len)
73f22f62 1303{
650f726d 1304 struct mgmt_cp_set_discoverable *cp = data;
366a0336 1305 struct pending_cmd *cmd;
bfaf8c9f 1306 struct hci_request req;
5e5282bb 1307 u16 timeout;
9a43e25f 1308 u8 scan;
73f22f62
JH		 1309 int err;
1310
bdb6d971 1311 BT_DBG("request for %s", hdev->name);
73f22f62 1312
9a43e25f
JH		 1313 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags) &&
1314 !test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
33c525c0 1315 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
9a43e25f 1316 MGMT_STATUS_REJECTED);
33c525c0 1317
310a3d48 1318 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
a7e80f25
JH		 1319 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1320 MGMT_STATUS_INVALID_PARAMS);
1321
1f350c87 1322 timeout = __le16_to_cpu(cp->timeout);
310a3d48
MH		 1323
1324 /* Disabling discoverable requires that no timeout is set,
1325 * and enabling limited discoverable requires a timeout.
1326 */
1327 if ((cp->val == 0x00 && timeout > 0) ||
1328 (cp->val == 0x02 && timeout == 0))
bdb6d971 1329 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 1330 MGMT_STATUS_INVALID_PARAMS);
73f22f62 1331
09fd0de5 1332 hci_dev_lock(hdev);
73f22f62 1333
5e5282bb 1334 if (!hdev_is_powered(hdev) && timeout > 0) {
bdb6d971 1335 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 1336 MGMT_STATUS_NOT_POWERED);
73f22f62
JH		 1337 goto failed;
1338 }
1339
2e58ef3e 1340 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
8ce8e2b5 1341 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
bdb6d971 1342 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 1343 MGMT_STATUS_BUSY);
73f22f62
JH		 1344 goto failed;
1345 }
1346
5e5282bb 1347 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags)) {
bdb6d971 1348 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 1349 MGMT_STATUS_REJECTED);
5e5282bb
JH		 1350 goto failed;
1351 }
1352
1353 if (!hdev_is_powered(hdev)) {
0224d2fa
JH		 1354 bool changed = false;
1355
310a3d48
MH		 1356 /* Setting limited discoverable when powered off is
1357 * not a valid operation since it requires a timeout
1358 * and so no need to check HCI_LIMITED_DISCOVERABLE.
1359 */
0224d2fa
JH		 1360 if (!!cp->val != test_bit(HCI_DISCOVERABLE, &hdev->dev_flags)) {
1361 change_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
1362 changed = true;
1363 }
1364
5e5282bb 1365 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
0224d2fa
JH		 1366 if (err < 0)
1367 goto failed;
1368
1369 if (changed)
1370 err = new_settings(hdev, sk);
1371
5e5282bb
JH		 1372 goto failed;
1373 }
1374
310a3d48
MH		 1375 /* If the current mode is the same, then just update the timeout
1376 * value with the new value. And if only the timeout gets updated,
1377 * then no need for any HCI transactions.
1378 */
1379 if (!!cp->val == test_bit(HCI_DISCOVERABLE, &hdev->dev_flags) &&
1380 (cp->val == 0x02) == test_bit(HCI_LIMITED_DISCOVERABLE,
1381 &hdev->dev_flags)) {
36261547
MH		 1382 cancel_delayed_work(&hdev->discov_off);
1383 hdev->discov_timeout = timeout;
955638ec 1384
36261547
MH		 1385 if (cp->val && hdev->discov_timeout > 0) {
1386 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
955638ec 1387 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
36261547 1388 to);
955638ec
MH		 1389 }
1390
69ab39ea 1391 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
73f22f62
JH		 1392 goto failed;
1393 }
1394
2e58ef3e 1395 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DISCOVERABLE, hdev, data, len);
366a0336
JH		 1396 if (!cmd) {
1397 err = -ENOMEM;
73f22f62 1398 goto failed;
366a0336 1399 }
73f22f62 1400
310a3d48
MH		 1401 /* Cancel any potential discoverable timeout that might be
1402 * still active and store new timeout value. The arming of
1403 * the timeout happens in the complete handler.
1404 */
1405 cancel_delayed_work(&hdev->discov_off);
1406 hdev->discov_timeout = timeout;
1407
b456f87c
JH		 1408 /* Limited discoverable mode */
1409 if (cp->val == 0x02)
1410 set_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
1411 else
1412 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
1413
bfaf8c9f
JH		 1414 hci_req_init(&req, hdev);
1415
9a43e25f
JH		 1416 /* The procedure for LE-only controllers is much simpler - just
1417 * update the advertising data.
1418 */
1419 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
1420 goto update_ad;
1421
73f22f62
JH		 1422 scan = SCAN_PAGE;
1423
310a3d48
MH		 1424 if (cp->val) {
1425 struct hci_cp_write_current_iac_lap hci_cp;
1426
1427 if (cp->val == 0x02) {
1428 /* Limited discoverable mode */
33337dcb 1429 hci_cp.num_iac = min_t(u8, hdev->num_iac, 2);
310a3d48
MH		 1430 hci_cp.iac_lap[0] = 0x00; /* LIAC */
1431 hci_cp.iac_lap[1] = 0x8b;
1432 hci_cp.iac_lap[2] = 0x9e;
1433 hci_cp.iac_lap[3] = 0x33; /* GIAC */
1434 hci_cp.iac_lap[4] = 0x8b;
1435 hci_cp.iac_lap[5] = 0x9e;
1436 } else {
1437 /* General discoverable mode */
310a3d48
MH		 1438 hci_cp.num_iac = 1;
1439 hci_cp.iac_lap[0] = 0x33; /* GIAC */
1440 hci_cp.iac_lap[1] = 0x8b;
1441 hci_cp.iac_lap[2] = 0x9e;
1442 }
1443
1444 hci_req_add(&req, HCI_OP_WRITE_CURRENT_IAC_LAP,
1445 (hci_cp.num_iac * 3) + 1, &hci_cp);
1446
73f22f62 1447 scan |= SCAN_INQUIRY;
310a3d48
MH		 1448 } else {
1449 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
1450 }
73f22f62 1451
310a3d48 1452 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, sizeof(scan), &scan);
bfaf8c9f 1453
9a43e25f
JH		 1454update_ad:
1455 update_adv_data(&req);
1456
bfaf8c9f 1457 err = hci_req_run(&req, set_discoverable_complete);
73f22f62 1458 if (err < 0)
a664b5bc 1459 mgmt_pending_remove(cmd);
73f22f62
JH		 1460
1461failed:
09fd0de5 1462 hci_dev_unlock(hdev);
73f22f62
JH		 1463 return err;
1464}
1465
406d7804
JH		 1466static void write_fast_connectable(struct hci_request *req, bool enable)
1467{
bd98b996 1468 struct hci_dev *hdev = req->hdev;
406d7804
JH		 1469 struct hci_cp_write_page_scan_activity acp;
1470 u8 type;
1471
547003b1
JH		 1472 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
1473 return;
1474
4c01f8b8
JH		 1475 if (hdev->hci_ver < BLUETOOTH_VER_1_2)
1476 return;
1477
406d7804
JH		 1478 if (enable) {
1479 type = PAGE_SCAN_TYPE_INTERLACED;
1480
1481 /* 160 msec page scan interval */
1482 acp.interval = __constant_cpu_to_le16(0x0100);
1483 } else {
1484 type = PAGE_SCAN_TYPE_STANDARD; /* default */
1485
1486 /* default 1.28 sec page scan */
1487 acp.interval = __constant_cpu_to_le16(0x0800);
1488 }
1489
1490 acp.window = __constant_cpu_to_le16(0x0012);
1491
bd98b996
JH		 1492 if (__cpu_to_le16(hdev->page_scan_interval) != acp.interval ||
1493 __cpu_to_le16(hdev->page_scan_window) != acp.window)
1494 hci_req_add(req, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY,
1495 sizeof(acp), &acp);
1496
1497 if (hdev->page_scan_type != type)
1498 hci_req_add(req, HCI_OP_WRITE_PAGE_SCAN_TYPE, 1, &type);
406d7804
JH		 1499}
1500
2b76f453
JH		 1501static void set_connectable_complete(struct hci_dev *hdev, u8 status)
1502{
1503 struct pending_cmd *cmd;
d7b856f9
JH		 1504 struct mgmt_mode *cp;
1505 bool changed;
2b76f453
JH		 1506
1507 BT_DBG("status 0x%02x", status);
1508
1509 hci_dev_lock(hdev);
1510
1511 cmd = mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
1512 if (!cmd)
1513 goto unlock;
1514
37438c1f
JH		 1515 if (status) {
1516 u8 mgmt_err = mgmt_status(status);
1517 cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
1518 goto remove_cmd;
1519 }
1520
d7b856f9
JH		 1521 cp = cmd->param;
1522 if (cp->val)
1523 changed = !test_and_set_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1524 else
1525 changed = test_and_clear_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1526
2b76f453
JH		 1527 send_settings_rsp(cmd->sk, MGMT_OP_SET_CONNECTABLE, hdev);
1528
d7b856f9
JH		 1529 if (changed)
1530 new_settings(hdev, cmd->sk);
1531
37438c1f 1532remove_cmd:
2b76f453
JH		 1533 mgmt_pending_remove(cmd);
1534
1535unlock:
1536 hci_dev_unlock(hdev);
1537}
1538
e8ba3a1f
JH		 1539static int set_connectable_update_settings(struct hci_dev *hdev,
1540 struct sock *sk, u8 val)
1541{
1542 bool changed = false;
1543 int err;
1544
1545 if (!!val != test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
1546 changed = true;
1547
1548 if (val) {
1549 set_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1550 } else {
1551 clear_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1552 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
1553 }
1554
1555 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
1556 if (err < 0)
1557 return err;
1558
1559 if (changed)
1560 return new_settings(hdev, sk);
1561
1562 return 0;
1563}
1564
bdb6d971 1565static int set_connectable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1566 u16 len)
9fbcbb45 1567{
650f726d 1568 struct mgmt_mode *cp = data;
366a0336 1569 struct pending_cmd *cmd;
2b76f453 1570 struct hci_request req;
1987fdc7 1571 u8 scan;
9fbcbb45
JH		 1572 int err;
1573
bdb6d971 1574 BT_DBG("request for %s", hdev->name);
9fbcbb45 1575
1987fdc7
JH		 1576 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags) &&
1577 !test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
33c525c0 1578 return cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1987fdc7 1579 MGMT_STATUS_REJECTED);
33c525c0 1580
a7e80f25
JH		 1581 if (cp->val != 0x00 && cp->val != 0x01)
1582 return cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1583 MGMT_STATUS_INVALID_PARAMS);
1584
09fd0de5 1585 hci_dev_lock(hdev);
9fbcbb45 1586
4b34ee78 1587 if (!hdev_is_powered(hdev)) {
e8ba3a1f 1588 err = set_connectable_update_settings(hdev, sk, cp->val);
9fbcbb45
JH		 1589 goto failed;
1590 }
1591
2e58ef3e 1592 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
8ce8e2b5 1593 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
bdb6d971 1594 err = cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
04124681 1595 MGMT_STATUS_BUSY);
9fbcbb45
JH		 1596 goto failed;
1597 }
1598
2e58ef3e 1599 cmd = mgmt_pending_add(sk, MGMT_OP_SET_CONNECTABLE, hdev, data, len);
366a0336
JH		 1600 if (!cmd) {
1601 err = -ENOMEM;
9fbcbb45 1602 goto failed;
366a0336 1603 }
9fbcbb45 1604
9b74246f 1605 hci_req_init(&req, hdev);
9fbcbb45 1606
9a43e25f
JH		 1607 /* If BR/EDR is not enabled and we disable advertising as a
1608 * by-product of disabling connectable, we need to update the
1609 * advertising flags.
1610 */
1611 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
1612 if (!cp->val) {
1613 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
1614 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
1615 }
1616 update_adv_data(&req);
1617 } else if (cp->val != test_bit(HCI_PSCAN, &hdev->flags)) {
9b74246f
JH		 1618 if (cp->val) {
1619 scan = SCAN_PAGE;
1620 } else {
1621 scan = 0;
1622
1623 if (test_bit(HCI_ISCAN, &hdev->flags) &&
8d6083fe 1624 hdev->discov_timeout > 0)
9b74246f
JH		 1625 cancel_delayed_work(&hdev->discov_off);
1626 }
2b76f453 1627
9b74246f
JH		 1628 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1629 }
2b76f453 1630
4c01f8b8
JH		 1631 /* If we're going from non-connectable to connectable or
1632 * vice-versa when fast connectable is enabled ensure that fast
1633 * connectable gets disabled. write_fast_connectable won't do
1634 * anything if the page scan parameters are already what they
1635 * should be.
1636 */
1637 if (cp->val || test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags))
e36a3769
JH		 1638 write_fast_connectable(&req, false);
1639
1987fdc7
JH		 1640 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags) &&
1641 hci_conn_num(hdev, LE_LINK) == 0) {
1642 disable_advertising(&req);
1643 enable_advertising(&req);
1644 }
1645
2b76f453 1646 err = hci_req_run(&req, set_connectable_complete);
9b74246f 1647 if (err < 0) {
a664b5bc 1648 mgmt_pending_remove(cmd);
9b74246f 1649 if (err == -ENODATA)
a81070ba
JH		 1650 err = set_connectable_update_settings(hdev, sk,
1651 cp->val);
9b74246f
JH		 1652 goto failed;
1653 }
9fbcbb45
JH		 1654
1655failed:
09fd0de5 1656 hci_dev_unlock(hdev);
9fbcbb45
JH		 1657 return err;
1658}
1659
bdb6d971 1660static int set_pairable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1661 u16 len)
c542a06c 1662{
650f726d 1663 struct mgmt_mode *cp = data;
55594356 1664 bool changed;
c542a06c
JH		 1665 int err;
1666
bdb6d971 1667 BT_DBG("request for %s", hdev->name);
c542a06c 1668
a7e80f25
JH		 1669 if (cp->val != 0x00 && cp->val != 0x01)
1670 return cmd_status(sk, hdev->id, MGMT_OP_SET_PAIRABLE,
1671 MGMT_STATUS_INVALID_PARAMS);
1672
09fd0de5 1673 hci_dev_lock(hdev);
c542a06c
JH		 1674
1675 if (cp->val)
55594356 1676 changed = !test_and_set_bit(HCI_PAIRABLE, &hdev->dev_flags);
c542a06c 1677 else
55594356 1678 changed = test_and_clear_bit(HCI_PAIRABLE, &hdev->dev_flags);
c542a06c 1679
69ab39ea 1680 err = send_settings_rsp(sk, MGMT_OP_SET_PAIRABLE, hdev);
c542a06c 1681 if (err < 0)
55594356 1682 goto unlock;
c542a06c 1683
55594356
MH		 1684 if (changed)
1685 err = new_settings(hdev, sk);
c542a06c 1686
55594356 1687unlock:
09fd0de5 1688 hci_dev_unlock(hdev);
c542a06c
JH		 1689 return err;
1690}
1691
04124681
GP		 1692static int set_link_security(struct sock *sk, struct hci_dev *hdev, void *data,
1693 u16 len)
33ef95ed
JH		 1694{
1695 struct mgmt_mode *cp = data;
1696 struct pending_cmd *cmd;
e6fe7986 1697 u8 val, status;
33ef95ed
JH		 1698 int err;
1699
bdb6d971 1700 BT_DBG("request for %s", hdev->name);
33ef95ed 1701
e6fe7986
JH		 1702 status = mgmt_bredr_support(hdev);
1703 if (status)
33c525c0 1704 return cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
e6fe7986 1705 status);
33c525c0 1706
a7e80f25
JH		 1707 if (cp->val != 0x00 && cp->val != 0x01)
1708 return cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1709 MGMT_STATUS_INVALID_PARAMS);
1710
33ef95ed
JH		 1711 hci_dev_lock(hdev);
1712
4b34ee78 1713 if (!hdev_is_powered(hdev)) {
47990ea0
JH		 1714 bool changed = false;
1715
1716 if (!!cp->val != test_bit(HCI_LINK_SECURITY,
8ce8e2b5 1717 &hdev->dev_flags)) {
47990ea0
JH		 1718 change_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
1719 changed = true;
1720 }
1721
1722 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1723 if (err < 0)
1724 goto failed;
1725
1726 if (changed)
1727 err = new_settings(hdev, sk);
1728
33ef95ed
JH		 1729 goto failed;
1730 }
1731
1732 if (mgmt_pending_find(MGMT_OP_SET_LINK_SECURITY, hdev)) {
bdb6d971 1733 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
04124681 1734 MGMT_STATUS_BUSY);
33ef95ed
JH		 1735 goto failed;
1736 }
1737
1738 val = !!cp->val;
1739
1740 if (test_bit(HCI_AUTH, &hdev->flags) == val) {
1741 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1742 goto failed;
1743 }
1744
1745 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LINK_SECURITY, hdev, data, len);
1746 if (!cmd) {
1747 err = -ENOMEM;
1748 goto failed;
1749 }
1750
1751 err = hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE, sizeof(val), &val);
1752 if (err < 0) {
1753 mgmt_pending_remove(cmd);
1754 goto failed;
1755 }
1756
1757failed:
1758 hci_dev_unlock(hdev);
33ef95ed
JH		 1759 return err;
1760}
1761
bdb6d971 1762static int set_ssp(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
ed2c4ee3
JH		 1763{
1764 struct mgmt_mode *cp = data;
1765 struct pending_cmd *cmd;
72ef0c1a 1766 u8 status;
ed2c4ee3
JH		 1767 int err;
1768
bdb6d971 1769 BT_DBG("request for %s", hdev->name);
ed2c4ee3 1770
cdba5281
MH		 1771 status = mgmt_bredr_support(hdev);
1772 if (status)
1773 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP, status);
1774
13ecd8b6
JH		 1775 if (!lmp_ssp_capable(hdev))
1776 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1777 MGMT_STATUS_NOT_SUPPORTED);
ed2c4ee3 1778
a7e80f25
JH		 1779 if (cp->val != 0x00 && cp->val != 0x01)
1780 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1781 MGMT_STATUS_INVALID_PARAMS);
1782
13ecd8b6 1783 hci_dev_lock(hdev);
6c8f12c1 1784
4b34ee78 1785 if (!hdev_is_powered(hdev)) {
9ecb3e24 1786 bool changed;
c0ecddc2 1787
9ecb3e24
MH		 1788 if (cp->val) {
1789 changed = !test_and_set_bit(HCI_SSP_ENABLED,
1790 &hdev->dev_flags);
1791 } else {
1792 changed = test_and_clear_bit(HCI_SSP_ENABLED,
1793 &hdev->dev_flags);
1794 if (!changed)
1795 changed = test_and_clear_bit(HCI_HS_ENABLED,
1796 &hdev->dev_flags);
1797 else
1798 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
c0ecddc2
JH		 1799 }
1800
1801 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1802 if (err < 0)
1803 goto failed;
1804
1805 if (changed)
1806 err = new_settings(hdev, sk);
1807
ed2c4ee3
JH		 1808 goto failed;
1809 }
1810
9ecb3e24
MH		 1811 if (mgmt_pending_find(MGMT_OP_SET_SSP, hdev) ||
1812 mgmt_pending_find(MGMT_OP_SET_HS, hdev)) {
d97dcb66
SJ		 1813 err = cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1814 MGMT_STATUS_BUSY);
ed2c4ee3
JH		 1815 goto failed;
1816 }
1817
72ef0c1a 1818 if (!!cp->val == test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) {
ed2c4ee3
JH		 1819 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1820 goto failed;
1821 }
1822
1823 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SSP, hdev, data, len);
1824 if (!cmd) {
1825 err = -ENOMEM;
1826 goto failed;
1827 }
1828
72ef0c1a 1829 err = hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, 1, &cp->val);
ed2c4ee3
JH		 1830 if (err < 0) {
1831 mgmt_pending_remove(cmd);
1832 goto failed;
1833 }
1834
1835failed:
1836 hci_dev_unlock(hdev);
ed2c4ee3
JH		 1837 return err;
1838}
1839
bdb6d971 1840static int set_hs(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
6d80dfd0
JH		 1841{
1842 struct mgmt_mode *cp = data;
ee392693 1843 bool changed;
e6fe7986 1844 u8 status;
ee392693 1845 int err;
6d80dfd0 1846
bdb6d971 1847 BT_DBG("request for %s", hdev->name);
6d80dfd0 1848
e6fe7986
JH		 1849 status = mgmt_bredr_support(hdev);
1850 if (status)
1851 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS, status);
6d80dfd0 1852
9ecb3e24
MH		 1853 if (!lmp_ssp_capable(hdev))
1854 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1855 MGMT_STATUS_NOT_SUPPORTED);
1856
1857 if (!test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
1858 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1859 MGMT_STATUS_REJECTED);
1860
a7e80f25
JH		 1861 if (cp->val != 0x00 && cp->val != 0x01)
1862 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1863 MGMT_STATUS_INVALID_PARAMS);
1864
ee392693
MH		 1865 hci_dev_lock(hdev);
1866
a0cdf960 1867 if (cp->val) {
ee392693 1868 changed = !test_and_set_bit(HCI_HS_ENABLED, &hdev->dev_flags);
a0cdf960
MH		 1869 } else {
1870 if (hdev_is_powered(hdev)) {
1871 err = cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1872 MGMT_STATUS_REJECTED);
1873 goto unlock;
1874 }
1875
ee392693 1876 changed = test_and_clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
a0cdf960 1877 }
ee392693
MH		 1878
1879 err = send_settings_rsp(sk, MGMT_OP_SET_HS, hdev);
1880 if (err < 0)
1881 goto unlock;
1882
1883 if (changed)
1884 err = new_settings(hdev, sk);
6d80dfd0 1885
ee392693
MH		 1886unlock:
1887 hci_dev_unlock(hdev);
1888 return err;
6d80dfd0
JH		 1889}
1890
416a4ae5
JH		 1891static void le_enable_complete(struct hci_dev *hdev, u8 status)
1892{
1893 struct cmd_lookup match = { NULL, hdev };
1894
1895 if (status) {
1896 u8 mgmt_err = mgmt_status(status);
1897
1898 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, cmd_status_rsp,
1899 &mgmt_err);
1900 return;
1901 }
1902
1903 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, settings_rsp, &match);
1904
1905 new_settings(hdev, match.sk);
1906
1907 if (match.sk)
1908 sock_put(match.sk);
441ad2d0
MH		 1909
1910 /* Make sure the controller has a good default for
1911 * advertising data. Restrict the update to when LE
1912 * has actually been enabled. During power on, the
1913 * update in powered_update_hci will take care of it.
1914 */
1915 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
1916 struct hci_request req;
1917
1918 hci_dev_lock(hdev);
1919
1920 hci_req_init(&req, hdev);
5947f4bc 1921 update_adv_data(&req);
f14d8f64 1922 update_scan_rsp_data(&req);
441ad2d0
MH		 1923 hci_req_run(&req, NULL);
1924
1925 hci_dev_unlock(hdev);
1926 }
416a4ae5
JH		 1927}
1928
bdb6d971 1929static int set_le(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
06199cf8
JH		 1930{
1931 struct mgmt_mode *cp = data;
1932 struct hci_cp_write_le_host_supported hci_cp;
1933 struct pending_cmd *cmd;
416a4ae5 1934 struct hci_request req;
06199cf8 1935 int err;
0b60eba1 1936 u8 val, enabled;
06199cf8 1937
bdb6d971 1938 BT_DBG("request for %s", hdev->name);
06199cf8 1939
13ecd8b6
JH		 1940 if (!lmp_le_capable(hdev))
1941 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1942 MGMT_STATUS_NOT_SUPPORTED);
1de028ce 1943
a7e80f25
JH		 1944 if (cp->val != 0x00 && cp->val != 0x01)
1945 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1946 MGMT_STATUS_INVALID_PARAMS);
1947
c73eee91 1948 /* LE-only devices do not allow toggling LE on/off */
56f87901 1949 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
c73eee91
JH		 1950 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1951 MGMT_STATUS_REJECTED);
1952
13ecd8b6 1953 hci_dev_lock(hdev);
06199cf8
JH		 1954
1955 val = !!cp->val;
ffa88e02 1956 enabled = lmp_host_le_capable(hdev);
06199cf8 1957
0b60eba1 1958 if (!hdev_is_powered(hdev) || val == enabled) {
06199cf8
JH		 1959 bool changed = false;
1960
1961 if (val != test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
1962 change_bit(HCI_LE_ENABLED, &hdev->dev_flags);
1963 changed = true;
1964 }
1965
f3d3444a
JH		 1966 if (!val && test_bit(HCI_ADVERTISING, &hdev->dev_flags)) {
1967 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
eeca6f89
JH		 1968 changed = true;
1969 }
1970
06199cf8
JH		 1971 err = send_settings_rsp(sk, MGMT_OP_SET_LE, hdev);
1972 if (err < 0)
1de028ce 1973 goto unlock;
06199cf8
JH		 1974
1975 if (changed)
1976 err = new_settings(hdev, sk);
1977
1de028ce 1978 goto unlock;
06199cf8
JH		 1979 }
1980
4375f103
JH		 1981 if (mgmt_pending_find(MGMT_OP_SET_LE, hdev) ||
1982 mgmt_pending_find(MGMT_OP_SET_ADVERTISING, hdev)) {
bdb6d971 1983 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
04124681 1984 MGMT_STATUS_BUSY);
1de028ce 1985 goto unlock;
06199cf8
JH		 1986 }
1987
1988 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LE, hdev, data, len);
1989 if (!cmd) {
1990 err = -ENOMEM;
1de028ce 1991 goto unlock;
06199cf8
JH		 1992 }
1993
441ad2d0
MH		 1994 hci_req_init(&req, hdev);
1995
06199cf8
JH		 1996 memset(&hci_cp, 0, sizeof(hci_cp));
1997
1998 if (val) {
1999 hci_cp.le = val;
ffa88e02 2000 hci_cp.simul = lmp_le_br_capable(hdev);
441ad2d0
MH		 2001 } else {
2002 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags))
2003 disable_advertising(&req);
06199cf8
JH		 2004 }
2005
416a4ae5
JH		 2006 hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(hci_cp),
2007 &hci_cp);
2008
2009 err = hci_req_run(&req, le_enable_complete);
0c01bc48 2010 if (err < 0)
06199cf8 2011 mgmt_pending_remove(cmd);
06199cf8 2012
1de028ce
JH		 2013unlock:
2014 hci_dev_unlock(hdev);
06199cf8
JH		 2015 return err;
2016}
2017
0cab9c80
JH		 2018/* This is a helper function to test for pending mgmt commands that can
2019 * cause CoD or EIR HCI commands. We can only allow one such pending
2020 * mgmt command at a time since otherwise we cannot easily track what
2021 * the current values are, will be, and based on that calculate if a new
2022 * HCI command needs to be sent and if yes with what value.
2023 */
2024static bool pending_eir_or_class(struct hci_dev *hdev)
2025{
2026 struct pending_cmd *cmd;
2027
2028 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
2029 switch (cmd->opcode) {
2030 case MGMT_OP_ADD_UUID:
2031 case MGMT_OP_REMOVE_UUID:
2032 case MGMT_OP_SET_DEV_CLASS:
2033 case MGMT_OP_SET_POWERED:
2034 return true;
2035 }
2036 }
2037
2038 return false;
2039}
2040
83be8eca
JH		 2041static const u8 bluetooth_base_uuid[] = {
2042 0xfb, 0x34, 0x9b, 0x5f, 0x80, 0x00, 0x00, 0x80,
2043 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2044};
2045
2046static u8 get_uuid_size(const u8 *uuid)
2047{
2048 u32 val;
2049
2050 if (memcmp(uuid, bluetooth_base_uuid, 12))
2051 return 128;
2052
2053 val = get_unaligned_le32(&uuid[12]);
2054 if (val > 0xffff)
2055 return 32;
2056
2057 return 16;
2058}
2059
92da6097
JH		 2060static void mgmt_class_complete(struct hci_dev *hdev, u16 mgmt_op, u8 status)
2061{
2062 struct pending_cmd *cmd;
2063
2064 hci_dev_lock(hdev);
2065
2066 cmd = mgmt_pending_find(mgmt_op, hdev);
2067 if (!cmd)
2068 goto unlock;
2069
2070 cmd_complete(cmd->sk, cmd->index, cmd->opcode, mgmt_status(status),
2071 hdev->dev_class, 3);
2072
2073 mgmt_pending_remove(cmd);
2074
2075unlock:
2076 hci_dev_unlock(hdev);
2077}
2078
2079static void add_uuid_complete(struct hci_dev *hdev, u8 status)
2080{
2081 BT_DBG("status 0x%02x", status);
2082
2083 mgmt_class_complete(hdev, MGMT_OP_ADD_UUID, status);
2084}
2085
bdb6d971 2086static int add_uuid(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
2aeb9a1a 2087{
650f726d 2088 struct mgmt_cp_add_uuid *cp = data;
90e70454 2089 struct pending_cmd *cmd;
890ea898 2090 struct hci_request req;
2aeb9a1a 2091 struct bt_uuid *uuid;
2aeb9a1a
JH		 2092 int err;
2093
bdb6d971 2094 BT_DBG("request for %s", hdev->name);
2aeb9a1a 2095
09fd0de5 2096 hci_dev_lock(hdev);
2aeb9a1a 2097
0cab9c80 2098 if (pending_eir_or_class(hdev)) {
bdb6d971 2099 err = cmd_status(sk, hdev->id, MGMT_OP_ADD_UUID,
04124681 2100 MGMT_STATUS_BUSY);
c95f0ba7
JH		 2101 goto failed;
2102 }
2103
92c4c204 2104 uuid = kmalloc(sizeof(*uuid), GFP_KERNEL);
2aeb9a1a
JH		 2105 if (!uuid) {
2106 err = -ENOMEM;
2107 goto failed;
2108 }
2109
2110 memcpy(uuid->uuid, cp->uuid, 16);
1aff6f09 2111 uuid->svc_hint = cp->svc_hint;
83be8eca 2112 uuid->size = get_uuid_size(cp->uuid);
2aeb9a1a 2113
de66aa63 2114 list_add_tail(&uuid->list, &hdev->uuids);
2aeb9a1a 2115
890ea898 2116 hci_req_init(&req, hdev);
1aff6f09 2117
890ea898
JH		 2118 update_class(&req);
2119 update_eir(&req);
2120
92da6097
JH		 2121 err = hci_req_run(&req, add_uuid_complete);
2122 if (err < 0) {
2123 if (err != -ENODATA)
2124 goto failed;
80a1e1db 2125
bdb6d971 2126 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_UUID, 0,
04124681 2127 hdev->dev_class, 3);
90e70454
JH		 2128 goto failed;
2129 }
2130
2131 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_UUID, hdev, data, len);
890ea898 2132 if (!cmd) {
90e70454 2133 err = -ENOMEM;
890ea898
JH		 2134 goto failed;
2135 }
2136
2137 err = 0;
2aeb9a1a
JH		 2138
2139failed:
09fd0de5 2140 hci_dev_unlock(hdev);
2aeb9a1a
JH		 2141 return err;
2142}
2143
24b78d0f
JH		 2144static bool enable_service_cache(struct hci_dev *hdev)
2145{
2146 if (!hdev_is_powered(hdev))
2147 return false;
2148
2149 if (!test_and_set_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
46818ed5
JH		 2150 queue_delayed_work(hdev->workqueue, &hdev->service_cache,
2151 CACHE_TIMEOUT);
24b78d0f
JH		 2152 return true;
2153 }
2154
2155 return false;
2156}
2157
92da6097
JH		 2158static void remove_uuid_complete(struct hci_dev *hdev, u8 status)
2159{
2160 BT_DBG("status 0x%02x", status);
2161
2162 mgmt_class_complete(hdev, MGMT_OP_REMOVE_UUID, status);
2163}
2164
bdb6d971 2165static int remove_uuid(struct sock *sk, struct hci_dev *hdev, void *data,
8ce8e2b5 2166 u16 len)
2aeb9a1a 2167{
650f726d 2168 struct mgmt_cp_remove_uuid *cp = data;
90e70454 2169 struct pending_cmd *cmd;
056341c8 2170 struct bt_uuid *match, *tmp;
2aeb9a1a 2171 u8 bt_uuid_any[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
890ea898 2172 struct hci_request req;
2aeb9a1a
JH		 2173 int err, found;
2174
bdb6d971 2175 BT_DBG("request for %s", hdev->name);
2aeb9a1a 2176
09fd0de5 2177 hci_dev_lock(hdev);
2aeb9a1a 2178
0cab9c80 2179 if (pending_eir_or_class(hdev)) {
bdb6d971 2180 err = cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
04124681 2181 MGMT_STATUS_BUSY);
c95f0ba7
JH		 2182 goto unlock;
2183 }
2184
2aeb9a1a 2185 if (memcmp(cp->uuid, bt_uuid_any, 16) == 0) {
35f7498a 2186 hci_uuids_clear(hdev);
4004b6d9 2187
24b78d0f 2188 if (enable_service_cache(hdev)) {
bdb6d971 2189 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID,
04124681 2190 0, hdev->dev_class, 3);
24b78d0f
JH		 2191 goto unlock;
2192 }
4004b6d9 2193
9246a869 2194 goto update_class;
2aeb9a1a
JH		 2195 }
2196
2197 found = 0;
2198
056341c8 2199 list_for_each_entry_safe(match, tmp, &hdev->uuids, list) {
2aeb9a1a
JH		 2200 if (memcmp(match->uuid, cp->uuid, 16) != 0)
2201 continue;
2202
2203 list_del(&match->list);
482049f7 2204 kfree(match);
2aeb9a1a
JH		 2205 found++;
2206 }
2207
2208 if (found == 0) {
bdb6d971 2209 err = cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
04124681 2210 MGMT_STATUS_INVALID_PARAMS);
2aeb9a1a
JH		 2211 goto unlock;
2212 }
2213
9246a869 2214update_class:
890ea898 2215 hci_req_init(&req, hdev);
1aff6f09 2216
890ea898
JH		 2217 update_class(&req);
2218 update_eir(&req);
2219
92da6097
JH		 2220 err = hci_req_run(&req, remove_uuid_complete);
2221 if (err < 0) {
2222 if (err != -ENODATA)
2223 goto unlock;
80a1e1db 2224
bdb6d971 2225 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID, 0,
04124681 2226 hdev->dev_class, 3);
90e70454
JH		 2227 goto unlock;
2228 }
2229
2230 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_UUID, hdev, data, len);
890ea898 2231 if (!cmd) {
90e70454 2232 err = -ENOMEM;
890ea898
JH		 2233 goto unlock;
2234 }
2235
2236 err = 0;
2aeb9a1a
JH		 2237
2238unlock:
09fd0de5 2239 hci_dev_unlock(hdev);
2aeb9a1a
JH		 2240 return err;
2241}
2242
92da6097
JH		 2243static void set_class_complete(struct hci_dev *hdev, u8 status)
2244{
2245 BT_DBG("status 0x%02x", status);
2246
2247 mgmt_class_complete(hdev, MGMT_OP_SET_DEV_CLASS, status);
2248}
2249
bdb6d971 2250static int set_dev_class(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2251 u16 len)
1aff6f09 2252{
650f726d 2253 struct mgmt_cp_set_dev_class *cp = data;
90e70454 2254 struct pending_cmd *cmd;
890ea898 2255 struct hci_request req;
1aff6f09
JH		 2256 int err;
2257
bdb6d971 2258 BT_DBG("request for %s", hdev->name);
1aff6f09 2259
6203fc98 2260 if (!lmp_bredr_capable(hdev))
13ecd8b6
JH		 2261 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2262 MGMT_STATUS_NOT_SUPPORTED);
1aff6f09 2263
0cab9c80 2264 hci_dev_lock(hdev);
ee98f473 2265
0cab9c80
JH		 2266 if (pending_eir_or_class(hdev)) {
2267 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2268 MGMT_STATUS_BUSY);
2269 goto unlock;
2270 }
c95f0ba7 2271
0cab9c80
JH		 2272 if ((cp->minor & 0x03) != 0 || (cp->major & 0xe0) != 0) {
2273 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2274 MGMT_STATUS_INVALID_PARAMS);
2275 goto unlock;
2276 }
575b3a02 2277
932f5ff5
JH		 2278 hdev->major_class = cp->major;
2279 hdev->minor_class = cp->minor;
2280
b5235a65 2281 if (!hdev_is_powered(hdev)) {
bdb6d971 2282 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
04124681 2283 hdev->dev_class, 3);
b5235a65
JH		 2284 goto unlock;
2285 }
2286
890ea898
JH		 2287 hci_req_init(&req, hdev);
2288
a8b2d5c2 2289 if (test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
7d78525d
JH		 2290 hci_dev_unlock(hdev);
2291 cancel_delayed_work_sync(&hdev->service_cache);
2292 hci_dev_lock(hdev);
890ea898 2293 update_eir(&req);
7d78525d 2294 }
14c0b608 2295
890ea898
JH		 2296 update_class(&req);
2297
92da6097
JH		 2298 err = hci_req_run(&req, set_class_complete);
2299 if (err < 0) {
2300 if (err != -ENODATA)
2301 goto unlock;
1aff6f09 2302
bdb6d971 2303 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
04124681 2304 hdev->dev_class, 3);
90e70454
JH		 2305 goto unlock;
2306 }
2307
2308 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DEV_CLASS, hdev, data, len);
890ea898 2309 if (!cmd) {
90e70454 2310 err = -ENOMEM;
890ea898
JH		 2311 goto unlock;
2312 }
2313
2314 err = 0;
1aff6f09 2315
b5235a65 2316unlock:
09fd0de5 2317 hci_dev_unlock(hdev);
1aff6f09
JH		 2318 return err;
2319}
2320
bdb6d971 2321static int load_link_keys(struct sock *sk, struct hci_dev *hdev, void *data,
8ce8e2b5 2322 u16 len)
55ed8ca1 2323{
650f726d 2324 struct mgmt_cp_load_link_keys *cp = data;
4e51eae9 2325 u16 key_count, expected_len;
b1de97d8 2326 bool changed;
a492cd52 2327 int i;
55ed8ca1 2328
9060d5cf
MH		 2329 BT_DBG("request for %s", hdev->name);
2330
2331 if (!lmp_bredr_capable(hdev))
2332 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2333 MGMT_STATUS_NOT_SUPPORTED);
2334
1f350c87 2335 key_count = __le16_to_cpu(cp->key_count);
55ed8ca1 2336
86742e1e
JH		 2337 expected_len = sizeof(*cp) + key_count *
2338 sizeof(struct mgmt_link_key_info);
a492cd52 2339 if (expected_len != len) {
86742e1e 2340 BT_ERR("load_link_keys: expected %u bytes, got %u bytes",
8ce8e2b5 2341 len, expected_len);
bdb6d971 2342 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
04124681 2343 MGMT_STATUS_INVALID_PARAMS);
55ed8ca1
JH		 2344 }
2345
4ae14301
JH		 2346 if (cp->debug_keys != 0x00 && cp->debug_keys != 0x01)
2347 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2348 MGMT_STATUS_INVALID_PARAMS);
2349
bdb6d971 2350 BT_DBG("%s debug_keys %u key_count %u", hdev->name, cp->debug_keys,
8ce8e2b5 2351 key_count);
55ed8ca1 2352
4ee71b20
JH		 2353 for (i = 0; i < key_count; i++) {
2354 struct mgmt_link_key_info *key = &cp->keys[i];
2355
8e991132 2356 if (key->addr.type != BDADDR_BREDR || key->type > 0x08)
4ee71b20
JH		 2357 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2358 MGMT_STATUS_INVALID_PARAMS);
2359 }
2360
09fd0de5 2361 hci_dev_lock(hdev);
55ed8ca1
JH		 2362
2363 hci_link_keys_clear(hdev);
2364
55ed8ca1 2365 if (cp->debug_keys)
b1de97d8 2366 changed = !test_and_set_bit(HCI_DEBUG_KEYS, &hdev->dev_flags);
55ed8ca1 2367 else
b1de97d8
MH		 2368 changed = test_and_clear_bit(HCI_DEBUG_KEYS, &hdev->dev_flags);
2369
2370 if (changed)
2371 new_settings(hdev, NULL);
55ed8ca1 2372
a492cd52 2373 for (i = 0; i < key_count; i++) {
86742e1e 2374 struct mgmt_link_key_info *key = &cp->keys[i];
55ed8ca1 2375
d753fdc4 2376 hci_add_link_key(hdev, NULL, 0, &key->addr.bdaddr, key->val,
04124681 2377 key->type, key->pin_len);
55ed8ca1
JH		 2378 }
2379
bdb6d971 2380 cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS, 0, NULL, 0);
0e5f875a 2381
09fd0de5 2382 hci_dev_unlock(hdev);
55ed8ca1 2383
a492cd52 2384 return 0;
55ed8ca1
JH		 2385}
2386
b1078ad0 2387static int device_unpaired(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 2388 u8 addr_type, struct sock *skip_sk)
b1078ad0
JH		 2389{
2390 struct mgmt_ev_device_unpaired ev;
2391
2392 bacpy(&ev.addr.bdaddr, bdaddr);
2393 ev.addr.type = addr_type;
2394
2395 return mgmt_event(MGMT_EV_DEVICE_UNPAIRED, hdev, &ev, sizeof(ev),
04124681 2396 skip_sk);
b1078ad0
JH		 2397}
2398
bdb6d971 2399static int unpair_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2400 u16 len)
55ed8ca1 2401{
124f6e35
JH		 2402 struct mgmt_cp_unpair_device *cp = data;
2403 struct mgmt_rp_unpair_device rp;
a8a1d19e
JH		 2404 struct hci_cp_disconnect dc;
2405 struct pending_cmd *cmd;
55ed8ca1 2406 struct hci_conn *conn;
55ed8ca1
JH		 2407 int err;
2408
a8a1d19e 2409 memset(&rp, 0, sizeof(rp));
124f6e35
JH		 2410 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2411 rp.addr.type = cp->addr.type;
a8a1d19e 2412
4ee71b20
JH		 2413 if (!bdaddr_type_is_valid(cp->addr.type))
2414 return cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2415 MGMT_STATUS_INVALID_PARAMS,
2416 &rp, sizeof(rp));
2417
118da70b
JH		 2418 if (cp->disconnect != 0x00 && cp->disconnect != 0x01)
2419 return cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2420 MGMT_STATUS_INVALID_PARAMS,
2421 &rp, sizeof(rp));
2422
4ee71b20
JH		 2423 hci_dev_lock(hdev);
2424
86a8cfc6 2425 if (!hdev_is_powered(hdev)) {
bdb6d971 2426 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
04124681 2427 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
86a8cfc6
JH		 2428 goto unlock;
2429 }
2430
e0b2b27e 2431 if (cp->addr.type == BDADDR_BREDR) {
124f6e35 2432 err = hci_remove_link_key(hdev, &cp->addr.bdaddr);
e0b2b27e
JH		 2433 } else {
2434 u8 addr_type;
2435
2436 if (cp->addr.type == BDADDR_LE_PUBLIC)
2437 addr_type = ADDR_LE_DEV_PUBLIC;
2438 else
2439 addr_type = ADDR_LE_DEV_RANDOM;
2440
a7ec7338
JH		 2441 hci_remove_irk(hdev, &cp->addr.bdaddr, addr_type);
2442
a9b0a04c
AG		 2443 hci_conn_params_del(hdev, &cp->addr.bdaddr, addr_type);
2444
e0b2b27e
JH		 2445 err = hci_remove_ltk(hdev, &cp->addr.bdaddr, addr_type);
2446 }
b0dbfb46 2447
55ed8ca1 2448 if (err < 0) {
bdb6d971 2449 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
04124681 2450 MGMT_STATUS_NOT_PAIRED, &rp, sizeof(rp));
55ed8ca1
JH		 2451 goto unlock;
2452 }
2453
86a8cfc6 2454 if (cp->disconnect) {
591f47f3 2455 if (cp->addr.type == BDADDR_BREDR)
86a8cfc6 2456 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
8ce8e2b5 2457 &cp->addr.bdaddr);
86a8cfc6
JH		 2458 else
2459 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK,
8ce8e2b5 2460 &cp->addr.bdaddr);
86a8cfc6
JH		 2461 } else {
2462 conn = NULL;
2463 }
124f6e35 2464
a8a1d19e 2465 if (!conn) {
bdb6d971 2466 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE, 0,
04124681 2467 &rp, sizeof(rp));
b1078ad0 2468 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, sk);
a8a1d19e
JH		 2469 goto unlock;
2470 }
55ed8ca1 2471
124f6e35 2472 cmd = mgmt_pending_add(sk, MGMT_OP_UNPAIR_DEVICE, hdev, cp,
04124681 2473 sizeof(*cp));
a8a1d19e
JH		 2474 if (!cmd) {
2475 err = -ENOMEM;
2476 goto unlock;
55ed8ca1
JH		 2477 }
2478
eb55ef07 2479 dc.handle = cpu_to_le16(conn->handle);
a8a1d19e
JH		 2480 dc.reason = 0x13; /* Remote User Terminated Connection */
2481 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
2482 if (err < 0)
2483 mgmt_pending_remove(cmd);
2484
55ed8ca1 2485unlock:
09fd0de5 2486 hci_dev_unlock(hdev);
55ed8ca1
JH		 2487 return err;
2488}
2489
bdb6d971 2490static int disconnect(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2491 u16 len)
8962ee74 2492{
650f726d 2493 struct mgmt_cp_disconnect *cp = data;
06a63b19 2494 struct mgmt_rp_disconnect rp;
8962ee74 2495 struct hci_cp_disconnect dc;
366a0336 2496 struct pending_cmd *cmd;
8962ee74 2497 struct hci_conn *conn;
8962ee74
JH		 2498 int err;
2499
2500 BT_DBG("");
2501
06a63b19
JH		 2502 memset(&rp, 0, sizeof(rp));
2503 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2504 rp.addr.type = cp->addr.type;
2505
4ee71b20 2506 if (!bdaddr_type_is_valid(cp->addr.type))
06a63b19
JH		 2507 return cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2508 MGMT_STATUS_INVALID_PARAMS,
2509 &rp, sizeof(rp));
4ee71b20 2510
09fd0de5 2511 hci_dev_lock(hdev);
8962ee74
JH		 2512
2513 if (!test_bit(HCI_UP, &hdev->flags)) {
06a63b19
JH		 2514 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2515 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
8962ee74
JH		 2516 goto failed;
2517 }
2518
2e58ef3e 2519 if (mgmt_pending_find(MGMT_OP_DISCONNECT, hdev)) {
06a63b19
JH		 2520 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2521 MGMT_STATUS_BUSY, &rp, sizeof(rp));
8962ee74
JH		 2522 goto failed;
2523 }
2524
591f47f3 2525 if (cp->addr.type == BDADDR_BREDR)
8fc9ced3
GP		 2526 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
2527 &cp->addr.bdaddr);
88c3df13
JH		 2528 else
2529 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
365227e5 2530
f960727e 2531 if (!conn || conn->state == BT_OPEN || conn->state == BT_CLOSED) {
06a63b19
JH		 2532 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2533 MGMT_STATUS_NOT_CONNECTED, &rp, sizeof(rp));
8962ee74
JH		 2534 goto failed;
2535 }
2536
2e58ef3e 2537 cmd = mgmt_pending_add(sk, MGMT_OP_DISCONNECT, hdev, data, len);
366a0336
JH		 2538 if (!cmd) {
2539 err = -ENOMEM;
8962ee74 2540 goto failed;
366a0336 2541 }
8962ee74 2542
eb55ef07 2543 dc.handle = cpu_to_le16(conn->handle);
3701f944 2544 dc.reason = HCI_ERROR_REMOTE_USER_TERM;
8962ee74
JH		 2545
2546 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
2547 if (err < 0)
a664b5bc 2548 mgmt_pending_remove(cmd);
8962ee74
JH		 2549
2550failed:
09fd0de5 2551 hci_dev_unlock(hdev);
8962ee74
JH		 2552 return err;
2553}
2554
57c1477c 2555static u8 link_to_bdaddr(u8 link_type, u8 addr_type)
4c659c39
JH		 2556{
2557 switch (link_type) {
2558 case LE_LINK:
48264f06
JH		 2559 switch (addr_type) {
2560 case ADDR_LE_DEV_PUBLIC:
591f47f3 2561 return BDADDR_LE_PUBLIC;
0ed09148 2562
48264f06 2563 default:
0ed09148 2564 /* Fallback to LE Random address type */
591f47f3 2565 return BDADDR_LE_RANDOM;
48264f06 2566 }
0ed09148 2567
4c659c39 2568 default:
0ed09148 2569 /* Fallback to BR/EDR type */
591f47f3 2570 return BDADDR_BREDR;
4c659c39
JH		 2571 }
2572}
2573
04124681
GP		 2574static int get_connections(struct sock *sk, struct hci_dev *hdev, void *data,
2575 u16 data_len)
2784eb41 2576{
2784eb41 2577 struct mgmt_rp_get_connections *rp;
8035ded4 2578 struct hci_conn *c;
a38528f1 2579 size_t rp_len;
60fc5fb6
JH		 2580 int err;
2581 u16 i;
2784eb41
JH		 2582
2583 BT_DBG("");
2584
09fd0de5 2585 hci_dev_lock(hdev);
2784eb41 2586
5f97c1df 2587 if (!hdev_is_powered(hdev)) {
bdb6d971 2588 err = cmd_status(sk, hdev->id, MGMT_OP_GET_CONNECTIONS,
04124681 2589 MGMT_STATUS_NOT_POWERED);
5f97c1df
JH		 2590 goto unlock;
2591 }
2592
60fc5fb6 2593 i = 0;
b644ba33
JH		 2594 list_for_each_entry(c, &hdev->conn_hash.list, list) {
2595 if (test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
60fc5fb6 2596 i++;
2784eb41
JH		 2597 }
2598
60fc5fb6 2599 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
92c4c204 2600 rp = kmalloc(rp_len, GFP_KERNEL);
a38528f1 2601 if (!rp) {
2784eb41
JH		 2602 err = -ENOMEM;
2603 goto unlock;
2604 }
2605
2784eb41 2606 i = 0;
4c659c39 2607 list_for_each_entry(c, &hdev->conn_hash.list, list) {
b644ba33
JH		 2608 if (!test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
2609 continue;
4c659c39 2610 bacpy(&rp->addr[i].bdaddr, &c->dst);
57c1477c 2611 rp->addr[i].type = link_to_bdaddr(c->type, c->dst_type);
0ed09148 2612 if (c->type == SCO_LINK || c->type == ESCO_LINK)
4c659c39
JH		 2613 continue;
2614 i++;
2615 }
2616
eb55ef07 2617 rp->conn_count = cpu_to_le16(i);
60fc5fb6 2618
4c659c39
JH		 2619 /* Recalculate length in case of filtered SCO connections, etc */
2620 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
2784eb41 2621
bdb6d971 2622 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CONNECTIONS, 0, rp,
04124681 2623 rp_len);
2784eb41 2624
a38528f1 2625 kfree(rp);
5f97c1df
JH		 2626
2627unlock:
09fd0de5 2628 hci_dev_unlock(hdev);
2784eb41
JH		 2629 return err;
2630}
2631
bdb6d971 2632static int send_pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 2633 struct mgmt_cp_pin_code_neg_reply *cp)
96d97a67
WR		 2634{
2635 struct pending_cmd *cmd;
2636 int err;
2637
2e58ef3e 2638 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_NEG_REPLY, hdev, cp,
04124681 2639 sizeof(*cp));
96d97a67
WR		 2640 if (!cmd)
2641 return -ENOMEM;
2642
d8457698 2643 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
04124681 2644 sizeof(cp->addr.bdaddr), &cp->addr.bdaddr);
96d97a67
WR		 2645 if (err < 0)
2646 mgmt_pending_remove(cmd);
2647
2648 return err;
2649}
2650
bdb6d971 2651static int pin_code_reply(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2652 u16 len)
980e1a53 2653{
96d97a67 2654 struct hci_conn *conn;
650f726d 2655 struct mgmt_cp_pin_code_reply *cp = data;
980e1a53 2656 struct hci_cp_pin_code_reply reply;
366a0336 2657 struct pending_cmd *cmd;
980e1a53
JH		 2658 int err;
2659
2660 BT_DBG("");
2661
09fd0de5 2662 hci_dev_lock(hdev);
980e1a53 2663
4b34ee78 2664 if (!hdev_is_powered(hdev)) {
bdb6d971 2665 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
04124681 2666 MGMT_STATUS_NOT_POWERED);
980e1a53
JH		 2667 goto failed;
2668 }
2669
d8457698 2670 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->addr.bdaddr);
96d97a67 2671 if (!conn) {
bdb6d971 2672 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
04124681 2673 MGMT_STATUS_NOT_CONNECTED);
96d97a67
WR		 2674 goto failed;
2675 }
2676
2677 if (conn->pending_sec_level == BT_SECURITY_HIGH && cp->pin_len != 16) {
d8457698
JH		 2678 struct mgmt_cp_pin_code_neg_reply ncp;
2679
2680 memcpy(&ncp.addr, &cp->addr, sizeof(ncp.addr));
96d97a67
WR		 2681
2682 BT_ERR("PIN code is not 16 bytes long");
2683
bdb6d971 2684 err = send_pin_code_neg_reply(sk, hdev, &ncp);
96d97a67 2685 if (err >= 0)
bdb6d971 2686 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
04124681 2687 MGMT_STATUS_INVALID_PARAMS);
96d97a67
WR		 2688
2689 goto failed;
2690 }
2691
00abfe44 2692 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_REPLY, hdev, data, len);
366a0336
JH		 2693 if (!cmd) {
2694 err = -ENOMEM;
980e1a53 2695 goto failed;
366a0336 2696 }
980e1a53 2697
d8457698 2698 bacpy(&reply.bdaddr, &cp->addr.bdaddr);
980e1a53 2699 reply.pin_len = cp->pin_len;
24718ca5 2700 memcpy(reply.pin_code, cp->pin_code, sizeof(reply.pin_code));
980e1a53
JH		 2701
2702 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_REPLY, sizeof(reply), &reply);
2703 if (err < 0)
a664b5bc 2704 mgmt_pending_remove(cmd);
980e1a53
JH		 2705
2706failed:
09fd0de5 2707 hci_dev_unlock(hdev);
980e1a53
JH		 2708 return err;
2709}
2710
04124681
GP		 2711static int set_io_capability(struct sock *sk, struct hci_dev *hdev, void *data,
2712 u16 len)
17fa4b9d 2713{
650f726d 2714 struct mgmt_cp_set_io_capability *cp = data;
17fa4b9d
JH		 2715
2716 BT_DBG("");
2717
09fd0de5 2718 hci_dev_lock(hdev);
17fa4b9d
JH		 2719
2720 hdev->io_capability = cp->io_capability;
2721
2722 BT_DBG("%s IO capability set to 0x%02x", hdev->name,
8ce8e2b5 2723 hdev->io_capability);
17fa4b9d 2724
09fd0de5 2725 hci_dev_unlock(hdev);
17fa4b9d 2726
04124681
GP		 2727 return cmd_complete(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY, 0, NULL,
2728 0);
17fa4b9d
JH		 2729}
2730
6039aa73 2731static struct pending_cmd *find_pairing(struct hci_conn *conn)
e9a416b5
JH		 2732{
2733 struct hci_dev *hdev = conn->hdev;
8035ded4 2734 struct pending_cmd *cmd;
e9a416b5 2735
2e58ef3e 2736 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
e9a416b5
JH		 2737 if (cmd->opcode != MGMT_OP_PAIR_DEVICE)
2738 continue;
2739
e9a416b5
JH		 2740 if (cmd->user_data != conn)
2741 continue;
2742
2743 return cmd;
2744 }
2745
2746 return NULL;
2747}
2748
2749static void pairing_complete(struct pending_cmd *cmd, u8 status)
2750{
2751 struct mgmt_rp_pair_device rp;
2752 struct hci_conn *conn = cmd->user_data;
2753
ba4e564f 2754 bacpy(&rp.addr.bdaddr, &conn->dst);
57c1477c 2755 rp.addr.type = link_to_bdaddr(conn->type, conn->dst_type);
e9a416b5 2756
aee9b218 2757 cmd_complete(cmd->sk, cmd->index, MGMT_OP_PAIR_DEVICE, status,
04124681 2758 &rp, sizeof(rp));
e9a416b5
JH		 2759
2760 /* So we don't get further callbacks for this connection */
2761 conn->connect_cfm_cb = NULL;
2762 conn->security_cfm_cb = NULL;
2763 conn->disconn_cfm_cb = NULL;
2764
76a68ba0 2765 hci_conn_drop(conn);
e9a416b5 2766
a664b5bc 2767 mgmt_pending_remove(cmd);
e9a416b5
JH		 2768}
2769
f4a407be
JH		 2770void mgmt_smp_complete(struct hci_conn *conn, bool complete)
2771{
2772 u8 status = complete ? MGMT_STATUS_SUCCESS : MGMT_STATUS_FAILED;
2773 struct pending_cmd *cmd;
2774
2775 cmd = find_pairing(conn);
2776 if (cmd)
2777 pairing_complete(cmd, status);
2778}
2779
e9a416b5
JH		 2780static void pairing_complete_cb(struct hci_conn *conn, u8 status)
2781{
2782 struct pending_cmd *cmd;
2783
2784 BT_DBG("status %u", status);
2785
2786 cmd = find_pairing(conn);
56e5cb86 2787 if (!cmd)
e9a416b5 2788 BT_DBG("Unable to find a pending command");
56e5cb86 2789 else
e211326c 2790 pairing_complete(cmd, mgmt_status(status));
e9a416b5
JH		 2791}
2792
f4a407be 2793static void le_pairing_complete_cb(struct hci_conn *conn, u8 status)
4c47d739
VA		 2794{
2795 struct pending_cmd *cmd;
2796
2797 BT_DBG("status %u", status);
2798
2799 if (!status)
2800 return;
2801
2802 cmd = find_pairing(conn);
2803 if (!cmd)
2804 BT_DBG("Unable to find a pending command");
2805 else
2806 pairing_complete(cmd, mgmt_status(status));
2807}
2808
bdb6d971 2809static int pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2810 u16 len)
e9a416b5 2811{
650f726d 2812 struct mgmt_cp_pair_device *cp = data;
1425acb7 2813 struct mgmt_rp_pair_device rp;
e9a416b5
JH		 2814 struct pending_cmd *cmd;
2815 u8 sec_level, auth_type;
2816 struct hci_conn *conn;
e9a416b5
JH		 2817 int err;
2818
2819 BT_DBG("");
2820
f950a30e
SJ		 2821 memset(&rp, 0, sizeof(rp));
2822 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2823 rp.addr.type = cp->addr.type;
2824
4ee71b20
JH		 2825 if (!bdaddr_type_is_valid(cp->addr.type))
2826 return cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2827 MGMT_STATUS_INVALID_PARAMS,
2828 &rp, sizeof(rp));
2829
09fd0de5 2830 hci_dev_lock(hdev);
e9a416b5 2831
5f97c1df 2832 if (!hdev_is_powered(hdev)) {
f950a30e
SJ		 2833 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2834 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
5f97c1df
JH		 2835 goto unlock;
2836 }
2837
c908df36
VCG		 2838 sec_level = BT_SECURITY_MEDIUM;
2839 if (cp->io_cap == 0x03)
e9a416b5 2840 auth_type = HCI_AT_DEDICATED_BONDING;
c908df36 2841 else
e9a416b5 2842 auth_type = HCI_AT_DEDICATED_BONDING_MITM;
e9a416b5 2843
6f77d8c7 2844 if (cp->addr.type == BDADDR_BREDR) {
04a6c589
AG		 2845 conn = hci_connect_acl(hdev, &cp->addr.bdaddr, sec_level,
2846 auth_type);
6f77d8c7
AG		 2847 } else {
2848 u8 addr_type;
2849
2850 /* Convert from L2CAP channel address type to HCI address type
2851 */
2852 if (cp->addr.type == BDADDR_LE_PUBLIC)
2853 addr_type = ADDR_LE_DEV_PUBLIC;
2854 else
2855 addr_type = ADDR_LE_DEV_RANDOM;
2856
2857 conn = hci_connect_le(hdev, &cp->addr.bdaddr, addr_type,
04a6c589 2858 sec_level, auth_type);
6f77d8c7 2859 }
7a512d01 2860
30e76272 2861 if (IS_ERR(conn)) {
489dc48e
AK		 2862 int status;
2863
2864 if (PTR_ERR(conn) == -EBUSY)
2865 status = MGMT_STATUS_BUSY;
2866 else
2867 status = MGMT_STATUS_CONNECT_FAILED;
2868
bdb6d971 2869 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
489dc48e 2870 status, &rp,
04124681 2871 sizeof(rp));
e9a416b5
JH		 2872 goto unlock;
2873 }
2874
2875 if (conn->connect_cfm_cb) {
76a68ba0 2876 hci_conn_drop(conn);
bdb6d971 2877 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
04124681 2878 MGMT_STATUS_BUSY, &rp, sizeof(rp));
e9a416b5
JH		 2879 goto unlock;
2880 }
2881
2e58ef3e 2882 cmd = mgmt_pending_add(sk, MGMT_OP_PAIR_DEVICE, hdev, data, len);
e9a416b5
JH		 2883 if (!cmd) {
2884 err = -ENOMEM;
76a68ba0 2885 hci_conn_drop(conn);
e9a416b5
JH		 2886 goto unlock;
2887 }
2888
7a512d01 2889 /* For LE, just connecting isn't a proof that the pairing finished */
f4a407be 2890 if (cp->addr.type == BDADDR_BREDR) {
7a512d01 2891 conn->connect_cfm_cb = pairing_complete_cb;
f4a407be
JH		 2892 conn->security_cfm_cb = pairing_complete_cb;
2893 conn->disconn_cfm_cb = pairing_complete_cb;
2894 } else {
2895 conn->connect_cfm_cb = le_pairing_complete_cb;
2896 conn->security_cfm_cb = le_pairing_complete_cb;
2897 conn->disconn_cfm_cb = le_pairing_complete_cb;
2898 }
7a512d01 2899
e9a416b5
JH		 2900 conn->io_capability = cp->io_cap;
2901 cmd->user_data = conn;
2902
2903 if (conn->state == BT_CONNECTED &&
8ce8e2b5 2904 hci_conn_security(conn, sec_level, auth_type))
e9a416b5
JH		 2905 pairing_complete(cmd, 0);
2906
2907 err = 0;
2908
2909unlock:
09fd0de5 2910 hci_dev_unlock(hdev);
e9a416b5
JH		 2911 return err;
2912}
2913
04124681
GP		 2914static int cancel_pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
2915 u16 len)
28424707 2916{
0f4e68cf 2917 struct mgmt_addr_info *addr = data;
28424707
JH		 2918 struct pending_cmd *cmd;
2919 struct hci_conn *conn;
2920 int err;
2921
2922 BT_DBG("");
2923
28424707
JH		 2924 hci_dev_lock(hdev);
2925
5f97c1df 2926 if (!hdev_is_powered(hdev)) {
bdb6d971 2927 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
04124681 2928 MGMT_STATUS_NOT_POWERED);
5f97c1df
JH		 2929 goto unlock;
2930 }
2931
28424707
JH		 2932 cmd = mgmt_pending_find(MGMT_OP_PAIR_DEVICE, hdev);
2933 if (!cmd) {
bdb6d971 2934 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
04124681 2935 MGMT_STATUS_INVALID_PARAMS);
28424707
JH		 2936 goto unlock;
2937 }
2938
2939 conn = cmd->user_data;
2940
2941 if (bacmp(&addr->bdaddr, &conn->dst) != 0) {
bdb6d971 2942 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
04124681 2943 MGMT_STATUS_INVALID_PARAMS);
28424707
JH		 2944 goto unlock;
2945 }
2946
2947 pairing_complete(cmd, MGMT_STATUS_CANCELLED);
2948
bdb6d971 2949 err = cmd_complete(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE, 0,
04124681 2950 addr, sizeof(*addr));
28424707
JH		 2951unlock:
2952 hci_dev_unlock(hdev);
28424707
JH		 2953 return err;
2954}
2955
bdb6d971 2956static int user_pairing_resp(struct sock *sk, struct hci_dev *hdev,
1707c60e 2957 struct mgmt_addr_info *addr, u16 mgmt_op,
04124681 2958 u16 hci_op, __le32 passkey)
a5c29683 2959{
a5c29683 2960 struct pending_cmd *cmd;
0df4c185 2961 struct hci_conn *conn;
a5c29683
JH		 2962 int err;
2963
09fd0de5 2964 hci_dev_lock(hdev);
08ba5382 2965
4b34ee78 2966 if (!hdev_is_powered(hdev)) {
feb94d3d
JH		 2967 err = cmd_complete(sk, hdev->id, mgmt_op,
2968 MGMT_STATUS_NOT_POWERED, addr,
2969 sizeof(*addr));
0df4c185 2970 goto done;
a5c29683
JH		 2971 }
2972
1707c60e
JH		 2973 if (addr->type == BDADDR_BREDR)
2974 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &addr->bdaddr);
272d90df 2975 else
1707c60e 2976 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &addr->bdaddr);
272d90df
JH		 2977
2978 if (!conn) {
feb94d3d
JH		 2979 err = cmd_complete(sk, hdev->id, mgmt_op,
2980 MGMT_STATUS_NOT_CONNECTED, addr,
2981 sizeof(*addr));
272d90df
JH		 2982 goto done;
2983 }
47c15e2b 2984
1707c60e 2985 if (addr->type == BDADDR_LE_PUBLIC || addr->type == BDADDR_LE_RANDOM) {
47c15e2b 2986 /* Continue with pairing via SMP */
5fe57d9e
BG		 2987 err = smp_user_confirm_reply(conn, mgmt_op, passkey);
2988
2989 if (!err)
feb94d3d
JH		 2990 err = cmd_complete(sk, hdev->id, mgmt_op,
2991 MGMT_STATUS_SUCCESS, addr,
2992 sizeof(*addr));
5fe57d9e 2993 else
feb94d3d
JH		 2994 err = cmd_complete(sk, hdev->id, mgmt_op,
2995 MGMT_STATUS_FAILED, addr,
2996 sizeof(*addr));
47c15e2b 2997
47c15e2b
BG		 2998 goto done;
2999 }
3000
1707c60e 3001 cmd = mgmt_pending_add(sk, mgmt_op, hdev, addr, sizeof(*addr));
a5c29683
JH		 3002 if (!cmd) {
3003 err = -ENOMEM;
0df4c185 3004 goto done;
a5c29683
JH		 3005 }
3006
0df4c185 3007 /* Continue with pairing via HCI */
604086b7
BG		 3008 if (hci_op == HCI_OP_USER_PASSKEY_REPLY) {
3009 struct hci_cp_user_passkey_reply cp;
3010
1707c60e 3011 bacpy(&cp.bdaddr, &addr->bdaddr);
604086b7
BG		 3012 cp.passkey = passkey;
3013 err = hci_send_cmd(hdev, hci_op, sizeof(cp), &cp);
3014 } else
1707c60e
JH		 3015 err = hci_send_cmd(hdev, hci_op, sizeof(addr->bdaddr),
3016 &addr->bdaddr);
604086b7 3017
a664b5bc
JH		 3018 if (err < 0)
3019 mgmt_pending_remove(cmd);
a5c29683 3020
0df4c185 3021done:
09fd0de5 3022 hci_dev_unlock(hdev);
a5c29683
JH		 3023 return err;
3024}
3025
afeb019d
JK		 3026static int pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
3027 void *data, u16 len)
3028{
3029 struct mgmt_cp_pin_code_neg_reply *cp = data;
3030
3031 BT_DBG("");
3032
1707c60e 3033 return user_pairing_resp(sk, hdev, &cp->addr,
afeb019d
JK		 3034 MGMT_OP_PIN_CODE_NEG_REPLY,
3035 HCI_OP_PIN_CODE_NEG_REPLY, 0);
3036}
3037
04124681
GP		 3038static int user_confirm_reply(struct sock *sk, struct hci_dev *hdev, void *data,
3039 u16 len)
0df4c185 3040{
650f726d 3041 struct mgmt_cp_user_confirm_reply *cp = data;
0df4c185
BG		 3042
3043 BT_DBG("");
3044
3045 if (len != sizeof(*cp))
bdb6d971 3046 return cmd_status(sk, hdev->id, MGMT_OP_USER_CONFIRM_REPLY,
04124681 3047 MGMT_STATUS_INVALID_PARAMS);
0df4c185 3048
1707c60e 3049 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 3050 MGMT_OP_USER_CONFIRM_REPLY,
3051 HCI_OP_USER_CONFIRM_REPLY, 0);
0df4c185
BG		 3052}
3053
bdb6d971 3054static int user_confirm_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 3055 void *data, u16 len)
0df4c185 3056{
c9c2659f 3057 struct mgmt_cp_user_confirm_neg_reply *cp = data;
0df4c185
BG		 3058
3059 BT_DBG("");
3060
1707c60e 3061 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 3062 MGMT_OP_USER_CONFIRM_NEG_REPLY,
3063 HCI_OP_USER_CONFIRM_NEG_REPLY, 0);
0df4c185
BG		 3064}
3065
04124681
GP		 3066static int user_passkey_reply(struct sock *sk, struct hci_dev *hdev, void *data,
3067 u16 len)
604086b7 3068{
650f726d 3069 struct mgmt_cp_user_passkey_reply *cp = data;
604086b7
BG		 3070
3071 BT_DBG("");
3072
1707c60e 3073 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 3074 MGMT_OP_USER_PASSKEY_REPLY,
3075 HCI_OP_USER_PASSKEY_REPLY, cp->passkey);
604086b7
BG		 3076}
3077
bdb6d971 3078static int user_passkey_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 3079 void *data, u16 len)
604086b7 3080{
650f726d 3081 struct mgmt_cp_user_passkey_neg_reply *cp = data;
604086b7
BG		 3082
3083 BT_DBG("");
3084
1707c60e 3085 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 3086 MGMT_OP_USER_PASSKEY_NEG_REPLY,
3087 HCI_OP_USER_PASSKEY_NEG_REPLY, 0);
604086b7
BG		 3088}
3089
13928971 3090static void update_name(struct hci_request *req)
2b4bf397 3091{
13928971 3092 struct hci_dev *hdev = req->hdev;
2b4bf397
JH		 3093 struct hci_cp_write_local_name cp;
3094
13928971 3095 memcpy(cp.name, hdev->dev_name, sizeof(cp.name));
2b4bf397 3096
890ea898 3097 hci_req_add(req, HCI_OP_WRITE_LOCAL_NAME, sizeof(cp), &cp);
2b4bf397
JH		 3098}
3099
13928971
JH		 3100static void set_name_complete(struct hci_dev *hdev, u8 status)
3101{
3102 struct mgmt_cp_set_local_name *cp;
3103 struct pending_cmd *cmd;
3104
3105 BT_DBG("status 0x%02x", status);
3106
3107 hci_dev_lock(hdev);
3108
3109 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
3110 if (!cmd)
3111 goto unlock;
3112
3113 cp = cmd->param;
3114
3115 if (status)
3116 cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME,
3117 mgmt_status(status));
3118 else
3119 cmd_complete(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3120 cp, sizeof(*cp));
3121
3122 mgmt_pending_remove(cmd);
3123
3124unlock:
3125 hci_dev_unlock(hdev);
3126}
3127
bdb6d971 3128static int set_local_name(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3129 u16 len)
b312b161 3130{
2b4bf397 3131 struct mgmt_cp_set_local_name *cp = data;
b312b161 3132 struct pending_cmd *cmd;
890ea898 3133 struct hci_request req;
b312b161
JH		 3134 int err;
3135
3136 BT_DBG("");
3137
09fd0de5 3138 hci_dev_lock(hdev);
b312b161 3139
b3f2ca94
JH		 3140 /* If the old values are the same as the new ones just return a
3141 * direct command complete event.
3142 */
3143 if (!memcmp(hdev->dev_name, cp->name, sizeof(hdev->dev_name)) &&
3144 !memcmp(hdev->short_name, cp->short_name,
3145 sizeof(hdev->short_name))) {
3146 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3147 data, len);
3148 goto failed;
3149 }
3150
2b4bf397 3151 memcpy(hdev->short_name, cp->short_name, sizeof(hdev->short_name));
28cc7bde 3152
b5235a65 3153 if (!hdev_is_powered(hdev)) {
2b4bf397 3154 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
28cc7bde
JH		 3155
3156 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
04124681 3157 data, len);
28cc7bde
JH		 3158 if (err < 0)
3159 goto failed;
3160
3161 err = mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, data, len,
04124681 3162 sk);
28cc7bde 3163
b5235a65
JH		 3164 goto failed;
3165 }
3166
28cc7bde 3167 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LOCAL_NAME, hdev, data, len);
b312b161
JH		 3168 if (!cmd) {
3169 err = -ENOMEM;
3170 goto failed;
3171 }
3172
13928971
JH		 3173 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
3174
890ea898 3175 hci_req_init(&req, hdev);
3f985050
JH		 3176
3177 if (lmp_bredr_capable(hdev)) {
3178 update_name(&req);
3179 update_eir(&req);
3180 }
3181
7a5f4990
MH		 3182 /* The name is stored in the scan response data and so
3183 * no need to udpate the advertising data here.
3184 */
3f985050 3185 if (lmp_le_capable(hdev))
7a5f4990 3186 update_scan_rsp_data(&req);
3f985050 3187
13928971 3188 err = hci_req_run(&req, set_name_complete);
b312b161
JH		 3189 if (err < 0)
3190 mgmt_pending_remove(cmd);
3191
3192failed:
09fd0de5 3193 hci_dev_unlock(hdev);
b312b161
JH		 3194 return err;
3195}
3196
0f4e68cf 3197static int read_local_oob_data(struct sock *sk, struct hci_dev *hdev,
04124681 3198 void *data, u16 data_len)
c35938b2 3199{
c35938b2
SJ		 3200 struct pending_cmd *cmd;
3201 int err;
3202
bdb6d971 3203 BT_DBG("%s", hdev->name);
c35938b2 3204
09fd0de5 3205 hci_dev_lock(hdev);
c35938b2 3206
4b34ee78 3207 if (!hdev_is_powered(hdev)) {
bdb6d971 3208 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
04124681 3209 MGMT_STATUS_NOT_POWERED);
c35938b2
SJ		 3210 goto unlock;
3211 }
3212
9a1a1996 3213 if (!lmp_ssp_capable(hdev)) {
bdb6d971 3214 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
04124681 3215 MGMT_STATUS_NOT_SUPPORTED);
c35938b2
SJ		 3216 goto unlock;
3217 }
3218
2e58ef3e 3219 if (mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev)) {
bdb6d971 3220 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
04124681 3221 MGMT_STATUS_BUSY);
c35938b2
SJ		 3222 goto unlock;
3223 }
3224
2e58ef3e 3225 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_DATA, hdev, NULL, 0);
c35938b2
SJ		 3226 if (!cmd) {
3227 err = -ENOMEM;
3228 goto unlock;
3229 }
3230
4d2d2796
MH		 3231 if (test_bit(HCI_SC_ENABLED, &hdev->dev_flags))
3232 err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_EXT_DATA,
3233 0, NULL);
3234 else
3235 err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL);
3236
c35938b2
SJ		 3237 if (err < 0)
3238 mgmt_pending_remove(cmd);
3239
3240unlock:
09fd0de5 3241 hci_dev_unlock(hdev);
c35938b2
SJ		 3242 return err;
3243}
3244
bdb6d971 3245static int add_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
04124681 3246 void *data, u16 len)
2763eda6 3247{
2763eda6
SJ		 3248 int err;
3249
bdb6d971 3250 BT_DBG("%s ", hdev->name);
2763eda6 3251
09fd0de5 3252 hci_dev_lock(hdev);
2763eda6 3253
ec109113
MH		 3254 if (len == MGMT_ADD_REMOTE_OOB_DATA_SIZE) {
3255 struct mgmt_cp_add_remote_oob_data *cp = data;
3256 u8 status;
bf1e3541 3257
ec109113
MH		 3258 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr,
3259 cp->hash, cp->randomizer);
3260 if (err < 0)
3261 status = MGMT_STATUS_FAILED;
3262 else
3263 status = MGMT_STATUS_SUCCESS;
3264
3265 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA,
3266 status, &cp->addr, sizeof(cp->addr));
3267 } else if (len == MGMT_ADD_REMOTE_OOB_EXT_DATA_SIZE) {
3268 struct mgmt_cp_add_remote_oob_ext_data *cp = data;
3269 u8 status;
3270
3271 err = hci_add_remote_oob_ext_data(hdev, &cp->addr.bdaddr,
3272 cp->hash192,
3273 cp->randomizer192,
3274 cp->hash256,
3275 cp->randomizer256);
3276 if (err < 0)
3277 status = MGMT_STATUS_FAILED;
3278 else
3279 status = MGMT_STATUS_SUCCESS;
3280
3281 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA,
3282 status, &cp->addr, sizeof(cp->addr));
3283 } else {
3284 BT_ERR("add_remote_oob_data: invalid length of %u bytes", len);
3285 err = cmd_status(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA,
3286 MGMT_STATUS_INVALID_PARAMS);
3287 }
2763eda6 3288
09fd0de5 3289 hci_dev_unlock(hdev);
2763eda6
SJ		 3290 return err;
3291}
3292
bdb6d971 3293static int remove_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
8ce8e2b5 3294 void *data, u16 len)
2763eda6 3295{
650f726d 3296 struct mgmt_cp_remove_remote_oob_data *cp = data;
bf1e3541 3297 u8 status;
2763eda6
SJ		 3298 int err;
3299
bdb6d971 3300 BT_DBG("%s", hdev->name);
2763eda6 3301
09fd0de5 3302 hci_dev_lock(hdev);
2763eda6 3303
664ce4cc 3304 err = hci_remove_remote_oob_data(hdev, &cp->addr.bdaddr);
2763eda6 3305 if (err < 0)
bf1e3541 3306 status = MGMT_STATUS_INVALID_PARAMS;
2763eda6 3307 else
a6785be2 3308 status = MGMT_STATUS_SUCCESS;
bf1e3541 3309
bdb6d971 3310 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
04124681 3311 status, &cp->addr, sizeof(cp->addr));
2763eda6 3312
09fd0de5 3313 hci_dev_unlock(hdev);
2763eda6
SJ		 3314 return err;
3315}
3316
41dc2bd6
AG		 3317static int mgmt_start_discovery_failed(struct hci_dev *hdev, u8 status)
3318{
3319 struct pending_cmd *cmd;
3320 u8 type;
3321 int err;
3322
3323 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
3324
3325 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
3326 if (!cmd)
3327 return -ENOENT;
3328
3329 type = hdev->discovery.type;
3330
3331 err = cmd_complete(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status),
3332 &type, sizeof(type));
3333 mgmt_pending_remove(cmd);
3334
3335 return err;
3336}
3337
7c307720
AG		 3338static void start_discovery_complete(struct hci_dev *hdev, u8 status)
3339{
3340 BT_DBG("status %d", status);
3341
3342 if (status) {
3343 hci_dev_lock(hdev);
3344 mgmt_start_discovery_failed(hdev, status);
3345 hci_dev_unlock(hdev);
3346 return;
3347 }
3348
3349 hci_dev_lock(hdev);
3350 hci_discovery_set_state(hdev, DISCOVERY_FINDING);
3351 hci_dev_unlock(hdev);
3352
3353 switch (hdev->discovery.type) {
3354 case DISCOV_TYPE_LE:
3355 queue_delayed_work(hdev->workqueue, &hdev->le_scan_disable,
0d8cc935 3356 DISCOV_LE_TIMEOUT);
7c307720
AG		 3357 break;
3358
3359 case DISCOV_TYPE_INTERLEAVED:
3360 queue_delayed_work(hdev->workqueue, &hdev->le_scan_disable,
0d8cc935 3361 DISCOV_INTERLEAVED_TIMEOUT);
7c307720
AG		 3362 break;
3363
3364 case DISCOV_TYPE_BREDR:
3365 break;
3366
3367 default:
3368 BT_ERR("Invalid discovery type %d", hdev->discovery.type);
3369 }
3370}
3371
bdb6d971 3372static int start_discovery(struct sock *sk, struct hci_dev *hdev,
04124681 3373 void *data, u16 len)
14a53664 3374{
650f726d 3375 struct mgmt_cp_start_discovery *cp = data;
14a53664 3376 struct pending_cmd *cmd;
7c307720
AG		 3377 struct hci_cp_le_set_scan_param param_cp;
3378 struct hci_cp_le_set_scan_enable enable_cp;
3379 struct hci_cp_inquiry inq_cp;
3380 struct hci_request req;
3381 /* General inquiry access code (GIAC) */
3382 u8 lap[3] = { 0x33, 0x8b, 0x9e };
d9483943 3383 u8 status, own_addr_type;
14a53664
JH		 3384 int err;
3385
bdb6d971 3386 BT_DBG("%s", hdev->name);
14a53664 3387
09fd0de5 3388 hci_dev_lock(hdev);
14a53664 3389
4b34ee78 3390 if (!hdev_is_powered(hdev)) {
bdb6d971 3391 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
04124681 3392 MGMT_STATUS_NOT_POWERED);
bd2d1334
JH		 3393 goto failed;
3394 }
3395
642be6c7
AG		 3396 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags)) {
3397 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3398 MGMT_STATUS_BUSY);
3399 goto failed;
3400 }
3401
ff9ef578 3402 if (hdev->discovery.state != DISCOVERY_STOPPED) {
bdb6d971 3403 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
04124681 3404 MGMT_STATUS_BUSY);
ff9ef578
JH		 3405 goto failed;
3406 }
3407
2e58ef3e 3408 cmd = mgmt_pending_add(sk, MGMT_OP_START_DISCOVERY, hdev, NULL, 0);
14a53664
JH		 3409 if (!cmd) {
3410 err = -ENOMEM;
3411 goto failed;
3412 }
3413
4aab14e5
AG		 3414 hdev->discovery.type = cp->type;
3415
7c307720
AG		 3416 hci_req_init(&req, hdev);
3417
4aab14e5 3418 switch (hdev->discovery.type) {
f39799f5 3419 case DISCOV_TYPE_BREDR:
e6fe7986
JH		 3420 status = mgmt_bredr_support(hdev);
3421 if (status) {
04106755 3422 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
e6fe7986 3423 status);
04106755
JH		 3424 mgmt_pending_remove(cmd);
3425 goto failed;
3426 }
3427
7c307720
AG		 3428 if (test_bit(HCI_INQUIRY, &hdev->flags)) {
3429 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3430 MGMT_STATUS_BUSY);
3431 mgmt_pending_remove(cmd);
3432 goto failed;
3433 }
3434
3435 hci_inquiry_cache_flush(hdev);
3436
3437 memset(&inq_cp, 0, sizeof(inq_cp));
3438 memcpy(&inq_cp.lap, lap, sizeof(inq_cp.lap));
0d8cc935 3439 inq_cp.length = DISCOV_BREDR_INQUIRY_LEN;
7c307720 3440 hci_req_add(&req, HCI_OP_INQUIRY, sizeof(inq_cp), &inq_cp);
f39799f5
AG		 3441 break;
3442
3443 case DISCOV_TYPE_LE:
7c307720 3444 case DISCOV_TYPE_INTERLEAVED:
e6fe7986
JH		 3445 status = mgmt_le_support(hdev);
3446 if (status) {
04106755 3447 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
e6fe7986 3448 status);
04106755
JH		 3449 mgmt_pending_remove(cmd);
3450 goto failed;
3451 }
3452
7c307720 3453 if (hdev->discovery.type == DISCOV_TYPE_INTERLEAVED &&
56f87901 3454 !test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
04106755
JH		 3455 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3456 MGMT_STATUS_NOT_SUPPORTED);
3457 mgmt_pending_remove(cmd);
3458 goto failed;
3459 }
3460
f3d3444a 3461 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags)) {
7c307720
AG		 3462 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3463 MGMT_STATUS_REJECTED);
3464 mgmt_pending_remove(cmd);
3465 goto failed;
3466 }
3467
c54c3860
AG		 3468 /* If controller is scanning, it means the background scanning
3469 * is running. Thus, we should temporarily stop it in order to
3470 * set the discovery scanning parameters.
3471 */
3472 if (test_bit(HCI_LE_SCAN, &hdev->dev_flags))
3473 hci_req_add_le_scan_disable(&req);
7c307720
AG		 3474
3475 memset(&param_cp, 0, sizeof(param_cp));
d9483943 3476
94b1fc92
MH		 3477 /* All active scans will be done with either a resolvable
3478 * private address (when privacy feature has been enabled)
3479 * or unresolvable private address.
3480 */
3481 err = hci_update_random_address(&req, true, &own_addr_type);
d9483943
JH		 3482 if (err < 0) {
3483 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3484 MGMT_STATUS_FAILED);
3485 mgmt_pending_remove(cmd);
3486 goto failed;
3487 }
3488
7c307720 3489 param_cp.type = LE_SCAN_ACTIVE;
0d8cc935
AG		 3490 param_cp.interval = cpu_to_le16(DISCOV_LE_SCAN_INT);
3491 param_cp.window = cpu_to_le16(DISCOV_LE_SCAN_WIN);
d9483943 3492 param_cp.own_address_type = own_addr_type;
7c307720
AG		 3493 hci_req_add(&req, HCI_OP_LE_SET_SCAN_PARAM, sizeof(param_cp),
3494 &param_cp);
3495
3496 memset(&enable_cp, 0, sizeof(enable_cp));
3497 enable_cp.enable = LE_SCAN_ENABLE;
3498 enable_cp.filter_dup = LE_SCAN_FILTER_DUP_ENABLE;
3499 hci_req_add(&req, HCI_OP_LE_SET_SCAN_ENABLE, sizeof(enable_cp),
3500 &enable_cp);
5e0452c0
AG		 3501 break;
3502
f39799f5 3503 default:
04106755
JH		 3504 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3505 MGMT_STATUS_INVALID_PARAMS);
3506 mgmt_pending_remove(cmd);
3507 goto failed;
f39799f5 3508 }
3fd24153 3509
7c307720 3510 err = hci_req_run(&req, start_discovery_complete);
14a53664
JH		 3511 if (err < 0)
3512 mgmt_pending_remove(cmd);
ff9ef578
JH		 3513 else
3514 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
14a53664
JH		 3515
3516failed:
09fd0de5 3517 hci_dev_unlock(hdev);
14a53664
JH		 3518 return err;
3519}
3520
1183fdca
AG		 3521static int mgmt_stop_discovery_failed(struct hci_dev *hdev, u8 status)
3522{
3523 struct pending_cmd *cmd;
3524 int err;
3525
3526 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
3527 if (!cmd)
3528 return -ENOENT;
3529
3530 err = cmd_complete(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status),
3531 &hdev->discovery.type, sizeof(hdev->discovery.type));
3532 mgmt_pending_remove(cmd);
3533
3534 return err;
3535}
3536
0e05bba6
AG		 3537static void stop_discovery_complete(struct hci_dev *hdev, u8 status)
3538{
3539 BT_DBG("status %d", status);
3540
3541 hci_dev_lock(hdev);
3542
3543 if (status) {
3544 mgmt_stop_discovery_failed(hdev, status);
3545 goto unlock;
3546 }
3547
3548 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
3549
3550unlock:
3551 hci_dev_unlock(hdev);
3552}
3553
bdb6d971 3554static int stop_discovery(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3555 u16 len)
14a53664 3556{
d930650b 3557 struct mgmt_cp_stop_discovery *mgmt_cp = data;
14a53664 3558 struct pending_cmd *cmd;
30dc78e1
JH		 3559 struct hci_cp_remote_name_req_cancel cp;
3560 struct inquiry_entry *e;
0e05bba6 3561 struct hci_request req;
14a53664
JH		 3562 int err;
3563
bdb6d971 3564 BT_DBG("%s", hdev->name);
14a53664 3565
09fd0de5 3566 hci_dev_lock(hdev);
14a53664 3567
30dc78e1 3568 if (!hci_discovery_active(hdev)) {
bdb6d971 3569 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
04124681
GP		 3570 MGMT_STATUS_REJECTED, &mgmt_cp->type,
3571 sizeof(mgmt_cp->type));
d930650b
JH		 3572 goto unlock;
3573 }
3574
3575 if (hdev->discovery.type != mgmt_cp->type) {
bdb6d971 3576 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
04124681
GP		 3577 MGMT_STATUS_INVALID_PARAMS, &mgmt_cp->type,
3578 sizeof(mgmt_cp->type));
30dc78e1 3579 goto unlock;
ff9ef578
JH		 3580 }
3581
2e58ef3e 3582 cmd = mgmt_pending_add(sk, MGMT_OP_STOP_DISCOVERY, hdev, NULL, 0);
14a53664
JH		 3583 if (!cmd) {
3584 err = -ENOMEM;
30dc78e1
JH		 3585 goto unlock;
3586 }
3587
0e05bba6
AG		 3588 hci_req_init(&req, hdev);
3589
e0d9727e
AG		 3590 switch (hdev->discovery.state) {
3591 case DISCOVERY_FINDING:
0e05bba6
AG		 3592 if (test_bit(HCI_INQUIRY, &hdev->flags)) {
3593 hci_req_add(&req, HCI_OP_INQUIRY_CANCEL, 0, NULL);
3594 } else {
3595 cancel_delayed_work(&hdev->le_scan_disable);
3596
b1efcc28 3597 hci_req_add_le_scan_disable(&req);
0e05bba6 3598 }
c9ecc48e 3599
e0d9727e
AG		 3600 break;
3601
3602 case DISCOVERY_RESOLVING:
3603 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY,
8ce8e2b5 3604 NAME_PENDING);
e0d9727e 3605 if (!e) {
30dc78e1 3606 mgmt_pending_remove(cmd);
e0d9727e
AG		 3607 err = cmd_complete(sk, hdev->id,
3608 MGMT_OP_STOP_DISCOVERY, 0,
3609 &mgmt_cp->type,
3610 sizeof(mgmt_cp->type));
3611 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
3612 goto unlock;
3613 }
30dc78e1 3614
e0d9727e 3615 bacpy(&cp.bdaddr, &e->data.bdaddr);
0e05bba6
AG		 3616 hci_req_add(&req, HCI_OP_REMOTE_NAME_REQ_CANCEL, sizeof(cp),
3617 &cp);
e0d9727e
AG		 3618
3619 break;
3620
3621 default:
3622 BT_DBG("unknown discovery state %u", hdev->discovery.state);
0e05bba6
AG		 3623
3624 mgmt_pending_remove(cmd);
3625 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
3626 MGMT_STATUS_FAILED, &mgmt_cp->type,
3627 sizeof(mgmt_cp->type));
3628 goto unlock;
14a53664
JH		 3629 }
3630
0e05bba6 3631 err = hci_req_run(&req, stop_discovery_complete);
14a53664
JH		 3632 if (err < 0)
3633 mgmt_pending_remove(cmd);
ff9ef578
JH		 3634 else
3635 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
14a53664 3636
30dc78e1 3637unlock:
09fd0de5 3638 hci_dev_unlock(hdev);
14a53664
JH		 3639 return err;
3640}
3641
bdb6d971 3642static int confirm_name(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3643 u16 len)
561aafbc 3644{
650f726d 3645 struct mgmt_cp_confirm_name *cp = data;
561aafbc 3646 struct inquiry_entry *e;
561aafbc
JH		 3647 int err;
3648
bdb6d971 3649 BT_DBG("%s", hdev->name);
561aafbc 3650
561aafbc
JH		 3651 hci_dev_lock(hdev);
3652
30dc78e1 3653 if (!hci_discovery_active(hdev)) {
d3a2541d
LR		 3654 err = cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
3655 MGMT_STATUS_FAILED, &cp->addr,
3656 sizeof(cp->addr));
30dc78e1
JH		 3657 goto failed;
3658 }
3659
a198e7b1 3660 e = hci_inquiry_cache_lookup_unknown(hdev, &cp->addr.bdaddr);
561aafbc 3661 if (!e) {
d3a2541d
LR		 3662 err = cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
3663 MGMT_STATUS_INVALID_PARAMS, &cp->addr,
3664 sizeof(cp->addr));
561aafbc
JH		 3665 goto failed;
3666 }
3667
3668 if (cp->name_known) {
3669 e->name_state = NAME_KNOWN;
3670 list_del(&e->list);
3671 } else {
3672 e->name_state = NAME_NEEDED;
a3d4e20a 3673 hci_inquiry_cache_update_resolve(hdev, e);
561aafbc
JH		 3674 }
3675
e384662b
JH		 3676 err = cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME, 0, &cp->addr,
3677 sizeof(cp->addr));
561aafbc
JH		 3678
3679failed:
3680 hci_dev_unlock(hdev);
561aafbc
JH		 3681 return err;
3682}
3683
bdb6d971 3684static int block_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3685 u16 len)
7fbec224 3686{
650f726d 3687 struct mgmt_cp_block_device *cp = data;
f0eeea8b 3688 u8 status;
7fbec224
AJ		 3689 int err;
3690
bdb6d971 3691 BT_DBG("%s", hdev->name);
7fbec224 3692
4ee71b20 3693 if (!bdaddr_type_is_valid(cp->addr.type))
5d0846d4
JH		 3694 return cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE,
3695 MGMT_STATUS_INVALID_PARAMS,
3696 &cp->addr, sizeof(cp->addr));
4ee71b20 3697
09fd0de5 3698 hci_dev_lock(hdev);
5e762444 3699
88c1fe4b 3700 err = hci_blacklist_add(hdev, &cp->addr.bdaddr, cp->addr.type);
7fbec224 3701 if (err < 0)
f0eeea8b 3702 status = MGMT_STATUS_FAILED;
7fbec224 3703 else
a6785be2 3704 status = MGMT_STATUS_SUCCESS;
f0eeea8b 3705
bdb6d971 3706 err = cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE, status,
04124681 3707 &cp->addr, sizeof(cp->addr));
5e762444 3708
09fd0de5 3709 hci_dev_unlock(hdev);
7fbec224
AJ		 3710
3711 return err;
3712}
3713
bdb6d971 3714static int unblock_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3715 u16 len)
7fbec224 3716{
650f726d 3717 struct mgmt_cp_unblock_device *cp = data;
f0eeea8b 3718 u8 status;
7fbec224
AJ		 3719 int err;
3720
bdb6d971 3721 BT_DBG("%s", hdev->name);
7fbec224 3722
4ee71b20 3723 if (!bdaddr_type_is_valid(cp->addr.type))
5d0846d4
JH		 3724 return cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE,
3725 MGMT_STATUS_INVALID_PARAMS,
3726 &cp->addr, sizeof(cp->addr));
4ee71b20 3727
09fd0de5 3728 hci_dev_lock(hdev);
5e762444 3729
88c1fe4b 3730 err = hci_blacklist_del(hdev, &cp->addr.bdaddr, cp->addr.type);
7fbec224 3731 if (err < 0)
f0eeea8b 3732 status = MGMT_STATUS_INVALID_PARAMS;
7fbec224 3733 else
a6785be2 3734 status = MGMT_STATUS_SUCCESS;
f0eeea8b 3735
bdb6d971 3736 err = cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE, status,
04124681 3737 &cp->addr, sizeof(cp->addr));
5e762444 3738
09fd0de5 3739 hci_dev_unlock(hdev);
7fbec224
AJ		 3740
3741 return err;
3742}
3743
cdbaccca
MH		 3744static int set_device_id(struct sock *sk, struct hci_dev *hdev, void *data,
3745 u16 len)
3746{
3747 struct mgmt_cp_set_device_id *cp = data;
890ea898 3748 struct hci_request req;
cdbaccca 3749 int err;
c72d4b8a 3750 __u16 source;
cdbaccca
MH		 3751
3752 BT_DBG("%s", hdev->name);
3753
c72d4b8a
SJ		 3754 source = __le16_to_cpu(cp->source);
3755
3756 if (source > 0x0002)
3757 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEVICE_ID,
3758 MGMT_STATUS_INVALID_PARAMS);
3759
cdbaccca
MH		 3760 hci_dev_lock(hdev);
3761
c72d4b8a 3762 hdev->devid_source = source;
cdbaccca
MH		 3763 hdev->devid_vendor = __le16_to_cpu(cp->vendor);
3764 hdev->devid_product = __le16_to_cpu(cp->product);
3765 hdev->devid_version = __le16_to_cpu(cp->version);
3766
3767 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEVICE_ID, 0, NULL, 0);
3768
890ea898
JH		 3769 hci_req_init(&req, hdev);
3770 update_eir(&req);
3771 hci_req_run(&req, NULL);
cdbaccca
MH		 3772
3773 hci_dev_unlock(hdev);
3774
3775 return err;
3776}
3777
4375f103
JH		 3778static void set_advertising_complete(struct hci_dev *hdev, u8 status)
3779{
3780 struct cmd_lookup match = { NULL, hdev };
3781
3782 if (status) {
3783 u8 mgmt_err = mgmt_status(status);
3784
3785 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev,
3786 cmd_status_rsp, &mgmt_err);
3787 return;
3788 }
3789
3790 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev, settings_rsp,
3791 &match);
3792
3793 new_settings(hdev, match.sk);
3794
3795 if (match.sk)
3796 sock_put(match.sk);
3797}
3798
21b5187f
MH		 3799static int set_advertising(struct sock *sk, struct hci_dev *hdev, void *data,
3800 u16 len)
4375f103
JH		 3801{
3802 struct mgmt_mode *cp = data;
3803 struct pending_cmd *cmd;
3804 struct hci_request req;
e6fe7986 3805 u8 val, enabled, status;
4375f103
JH		 3806 int err;
3807
3808 BT_DBG("request for %s", hdev->name);
3809
e6fe7986
JH		 3810 status = mgmt_le_support(hdev);
3811 if (status)
4375f103 3812 return cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
e6fe7986 3813 status);
4375f103
JH		 3814
3815 if (cp->val != 0x00 && cp->val != 0x01)
3816 return cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
3817 MGMT_STATUS_INVALID_PARAMS);
3818
3819 hci_dev_lock(hdev);
3820
3821 val = !!cp->val;
f3d3444a 3822 enabled = test_bit(HCI_ADVERTISING, &hdev->dev_flags);
4375f103 3823
f74ca9b8
JH		 3824 /* The following conditions are ones which mean that we should
3825 * not do any HCI communication but directly send a mgmt
3826 * response to user space (after toggling the flag if
3827 * necessary).
3828 */
3829 if (!hdev_is_powered(hdev) || val == enabled ||
b145edcd 3830 hci_conn_num(hdev, LE_LINK) > 0) {
4375f103
JH		 3831 bool changed = false;
3832
f3d3444a
JH		 3833 if (val != test_bit(HCI_ADVERTISING, &hdev->dev_flags)) {
3834 change_bit(HCI_ADVERTISING, &hdev->dev_flags);
4375f103
JH		 3835 changed = true;
3836 }
3837
3838 err = send_settings_rsp(sk, MGMT_OP_SET_ADVERTISING, hdev);
3839 if (err < 0)
3840 goto unlock;
3841
3842 if (changed)
3843 err = new_settings(hdev, sk);
3844
3845 goto unlock;
3846 }
3847
3848 if (mgmt_pending_find(MGMT_OP_SET_ADVERTISING, hdev) ||
3849 mgmt_pending_find(MGMT_OP_SET_LE, hdev)) {
3850 err = cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
3851 MGMT_STATUS_BUSY);
3852 goto unlock;
3853 }
3854
3855 cmd = mgmt_pending_add(sk, MGMT_OP_SET_ADVERTISING, hdev, data, len);
3856 if (!cmd) {
3857 err = -ENOMEM;
3858 goto unlock;
3859 }
3860
3861 hci_req_init(&req, hdev);
3862
bba3aa55
MH		 3863 if (val)
3864 enable_advertising(&req);
3865 else
3866 disable_advertising(&req);
4375f103
JH		 3867
3868 err = hci_req_run(&req, set_advertising_complete);
3869 if (err < 0)
3870 mgmt_pending_remove(cmd);
3871
3872unlock:
3873 hci_dev_unlock(hdev);
3874 return err;
3875}
3876
d13eafce
MH		 3877static int set_static_address(struct sock *sk, struct hci_dev *hdev,
3878 void *data, u16 len)
3879{
3880 struct mgmt_cp_set_static_address *cp = data;
3881 int err;
3882
3883 BT_DBG("%s", hdev->name);
3884
62af4443 3885 if (!lmp_le_capable(hdev))
d13eafce 3886 return cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
62af4443 3887 MGMT_STATUS_NOT_SUPPORTED);
d13eafce
MH		 3888
3889 if (hdev_is_powered(hdev))
3890 return cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
3891 MGMT_STATUS_REJECTED);
3892
3893 if (bacmp(&cp->bdaddr, BDADDR_ANY)) {
3894 if (!bacmp(&cp->bdaddr, BDADDR_NONE))
3895 return cmd_status(sk, hdev->id,
3896 MGMT_OP_SET_STATIC_ADDRESS,
3897 MGMT_STATUS_INVALID_PARAMS);
3898
3899 /* Two most significant bits shall be set */
3900 if ((cp->bdaddr.b[5] & 0xc0) != 0xc0)
3901 return cmd_status(sk, hdev->id,
3902 MGMT_OP_SET_STATIC_ADDRESS,
3903 MGMT_STATUS_INVALID_PARAMS);
3904 }
3905
3906 hci_dev_lock(hdev);
3907
3908 bacpy(&hdev->static_addr, &cp->bdaddr);
3909
3910 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS, 0, NULL, 0);
3911
3912 hci_dev_unlock(hdev);
3913
3914 return err;
3915}
3916
14b49b9a
MH		 3917static int set_scan_params(struct sock *sk, struct hci_dev *hdev,
3918 void *data, u16 len)
3919{
3920 struct mgmt_cp_set_scan_params *cp = data;
3921 __u16 interval, window;
3922 int err;
3923
3924 BT_DBG("%s", hdev->name);
3925
3926 if (!lmp_le_capable(hdev))
3927 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
3928 MGMT_STATUS_NOT_SUPPORTED);
3929
3930 interval = __le16_to_cpu(cp->interval);
3931
3932 if (interval < 0x0004 || interval > 0x4000)
3933 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
3934 MGMT_STATUS_INVALID_PARAMS);
3935
3936 window = __le16_to_cpu(cp->window);
3937
3938 if (window < 0x0004 || window > 0x4000)
3939 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
3940 MGMT_STATUS_INVALID_PARAMS);
3941
899e1075
MH		 3942 if (window > interval)
3943 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
3944 MGMT_STATUS_INVALID_PARAMS);
3945
14b49b9a
MH		 3946 hci_dev_lock(hdev);
3947
3948 hdev->le_scan_interval = interval;
3949 hdev->le_scan_window = window;
3950
3951 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS, 0, NULL, 0);
3952
dd2ef8e2
AG		 3953 /* If background scan is running, restart it so new parameters are
3954 * loaded.
3955 */
3956 if (test_bit(HCI_LE_SCAN, &hdev->dev_flags) &&
3957 hdev->discovery.state == DISCOVERY_STOPPED) {
3958 struct hci_request req;
3959
3960 hci_req_init(&req, hdev);
3961
3962 hci_req_add_le_scan_disable(&req);
3963 hci_req_add_le_passive_scan(&req);
3964
3965 hci_req_run(&req, NULL);
3966 }
3967
14b49b9a
MH		 3968 hci_dev_unlock(hdev);
3969
3970 return err;
3971}
3972
33e38b3e
JH		 3973static void fast_connectable_complete(struct hci_dev *hdev, u8 status)
3974{
3975 struct pending_cmd *cmd;
3976
3977 BT_DBG("status 0x%02x", status);
3978
3979 hci_dev_lock(hdev);
3980
3981 cmd = mgmt_pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev);
3982 if (!cmd)
3983 goto unlock;
3984
3985 if (status) {
3986 cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
3987 mgmt_status(status));
3988 } else {
1a4d3c4b
JH		 3989 struct mgmt_mode *cp = cmd->param;
3990
3991 if (cp->val)
3992 set_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
3993 else
3994 clear_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
3995
33e38b3e
JH		 3996 send_settings_rsp(cmd->sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev);
3997 new_settings(hdev, cmd->sk);
3998 }
3999
4000 mgmt_pending_remove(cmd);
4001
4002unlock:
4003 hci_dev_unlock(hdev);
4004}
4005
bdb6d971 4006static int set_fast_connectable(struct sock *sk, struct hci_dev *hdev,
04124681 4007 void *data, u16 len)
f6422ec6 4008{
650f726d 4009 struct mgmt_mode *cp = data;
33e38b3e
JH		 4010 struct pending_cmd *cmd;
4011 struct hci_request req;
f6422ec6
AJ		 4012 int err;
4013
bdb6d971 4014 BT_DBG("%s", hdev->name);
f6422ec6 4015
56f87901
JH		 4016 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags) ||
4017 hdev->hci_ver < BLUETOOTH_VER_1_2)
33c525c0
JH		 4018 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4019 MGMT_STATUS_NOT_SUPPORTED);
4020
a7e80f25
JH		 4021 if (cp->val != 0x00 && cp->val != 0x01)
4022 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4023 MGMT_STATUS_INVALID_PARAMS);
4024
5400c044 4025 if (!hdev_is_powered(hdev))
bdb6d971 4026 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
04124681 4027 MGMT_STATUS_NOT_POWERED);
5400c044
JH		 4028
4029 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
bdb6d971 4030 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
04124681 4031 MGMT_STATUS_REJECTED);
f6422ec6
AJ		 4032
4033 hci_dev_lock(hdev);
4034
05cbf29f
JH		 4035 if (mgmt_pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev)) {
4036 err = cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4037 MGMT_STATUS_BUSY);
4038 goto unlock;
4039 }
4040
1a4d3c4b
JH		 4041 if (!!cp->val == test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags)) {
4042 err = send_settings_rsp(sk, MGMT_OP_SET_FAST_CONNECTABLE,
4043 hdev);
4044 goto unlock;
4045 }
4046
33e38b3e
JH		 4047 cmd = mgmt_pending_add(sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev,
4048 data, len);
4049 if (!cmd) {
4050 err = -ENOMEM;
4051 goto unlock;
f6422ec6
AJ		 4052 }
4053
33e38b3e
JH		 4054 hci_req_init(&req, hdev);
4055
406d7804 4056 write_fast_connectable(&req, cp->val);
33e38b3e
JH		 4057
4058 err = hci_req_run(&req, fast_connectable_complete);
f6422ec6 4059 if (err < 0) {
bdb6d971 4060 err = cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
04124681 4061 MGMT_STATUS_FAILED);
33e38b3e 4062 mgmt_pending_remove(cmd);
f6422ec6
AJ		 4063 }
4064
33e38b3e 4065unlock:
f6422ec6 4066 hci_dev_unlock(hdev);
33e38b3e 4067
f6422ec6
AJ		 4068 return err;
4069}
4070
67e5a7a3
JH		 4071static void set_bredr_scan(struct hci_request *req)
4072{
4073 struct hci_dev *hdev = req->hdev;
4074 u8 scan = 0;
4075
4076 /* Ensure that fast connectable is disabled. This function will
4077 * not do anything if the page scan parameters are already what
4078 * they should be.
4079 */
4080 write_fast_connectable(req, false);
4081
4082 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
4083 scan |= SCAN_PAGE;
4084 if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
4085 scan |= SCAN_INQUIRY;
4086
4087 if (scan)
4088 hci_req_add(req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
4089}
4090
0663ca2a
JH		 4091static void set_bredr_complete(struct hci_dev *hdev, u8 status)
4092{
4093 struct pending_cmd *cmd;
4094
4095 BT_DBG("status 0x%02x", status);
4096
4097 hci_dev_lock(hdev);
4098
4099 cmd = mgmt_pending_find(MGMT_OP_SET_BREDR, hdev);
4100 if (!cmd)
4101 goto unlock;
4102
4103 if (status) {
4104 u8 mgmt_err = mgmt_status(status);
4105
4106 /* We need to restore the flag if related HCI commands
4107 * failed.
4108 */
4109 clear_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
4110
4111 cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
4112 } else {
4113 send_settings_rsp(cmd->sk, MGMT_OP_SET_BREDR, hdev);
4114 new_settings(hdev, cmd->sk);
4115 }
4116
4117 mgmt_pending_remove(cmd);
4118
4119unlock:
4120 hci_dev_unlock(hdev);
4121}
4122
4123static int set_bredr(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
4124{
4125 struct mgmt_mode *cp = data;
4126 struct pending_cmd *cmd;
4127 struct hci_request req;
4128 int err;
4129
4130 BT_DBG("request for %s", hdev->name);
4131
4132 if (!lmp_bredr_capable(hdev) || !lmp_le_capable(hdev))
4133 return cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4134 MGMT_STATUS_NOT_SUPPORTED);
4135
4136 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
4137 return cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4138 MGMT_STATUS_REJECTED);
4139
4140 if (cp->val != 0x00 && cp->val != 0x01)
4141 return cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4142 MGMT_STATUS_INVALID_PARAMS);
4143
4144 hci_dev_lock(hdev);
4145
4146 if (cp->val == test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
4147 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
4148 goto unlock;
4149 }
4150
4151 if (!hdev_is_powered(hdev)) {
4152 if (!cp->val) {
0663ca2a
JH		 4153 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
4154 clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
4155 clear_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
4156 clear_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
4157 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
4158 }
4159
4160 change_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
4161
4162 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
4163 if (err < 0)
4164 goto unlock;
4165
4166 err = new_settings(hdev, sk);
4167 goto unlock;
4168 }
4169
4170 /* Reject disabling when powered on */
4171 if (!cp->val) {
4172 err = cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4173 MGMT_STATUS_REJECTED);
4174 goto unlock;
4175 }
4176
4177 if (mgmt_pending_find(MGMT_OP_SET_BREDR, hdev)) {
4178 err = cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4179 MGMT_STATUS_BUSY);
4180 goto unlock;
4181 }
4182
4183 cmd = mgmt_pending_add(sk, MGMT_OP_SET_BREDR, hdev, data, len);
4184 if (!cmd) {
4185 err = -ENOMEM;
4186 goto unlock;
4187 }
4188
5947f4bc 4189 /* We need to flip the bit already here so that update_adv_data
0663ca2a
JH		 4190 * generates the correct flags.
4191 */
4192 set_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
4193
4194 hci_req_init(&req, hdev);
aa8af46e
JH		 4195
4196 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
4197 set_bredr_scan(&req);
4198
f14d8f64
MH		 4199 /* Since only the advertising data flags will change, there
4200 * is no need to update the scan response data.
4201 */
5947f4bc 4202 update_adv_data(&req);
aa8af46e 4203
0663ca2a
JH		 4204 err = hci_req_run(&req, set_bredr_complete);
4205 if (err < 0)
4206 mgmt_pending_remove(cmd);
4207
4208unlock:
4209 hci_dev_unlock(hdev);
4210 return err;
4211}
4212
eac83dc6
MH		 4213static int set_secure_conn(struct sock *sk, struct hci_dev *hdev,
4214 void *data, u16 len)
4215{
4216 struct mgmt_mode *cp = data;
4217 struct pending_cmd *cmd;
0ab04a9c 4218 u8 val, status;
eac83dc6
MH		 4219 int err;
4220
4221 BT_DBG("request for %s", hdev->name);
4222
4223 status = mgmt_bredr_support(hdev);
4224 if (status)
4225 return cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4226 status);
4227
5afeac14
MH		 4228 if (!lmp_sc_capable(hdev) &&
4229 !test_bit(HCI_FORCE_SC, &hdev->dev_flags))
eac83dc6
MH		 4230 return cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4231 MGMT_STATUS_NOT_SUPPORTED);
4232
0ab04a9c 4233 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
eac83dc6
MH		 4234 return cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4235 MGMT_STATUS_INVALID_PARAMS);
4236
4237 hci_dev_lock(hdev);
4238
4239 if (!hdev_is_powered(hdev)) {
4240 bool changed;
4241
0ab04a9c 4242 if (cp->val) {
eac83dc6
MH		 4243 changed = !test_and_set_bit(HCI_SC_ENABLED,
4244 &hdev->dev_flags);
0ab04a9c
MH		 4245 if (cp->val == 0x02)
4246 set_bit(HCI_SC_ONLY, &hdev->dev_flags);
4247 else
4248 clear_bit(HCI_SC_ONLY, &hdev->dev_flags);
4249 } else {
eac83dc6
MH		 4250 changed = test_and_clear_bit(HCI_SC_ENABLED,
4251 &hdev->dev_flags);
0ab04a9c
MH		 4252 clear_bit(HCI_SC_ONLY, &hdev->dev_flags);
4253 }
eac83dc6
MH		 4254
4255 err = send_settings_rsp(sk, MGMT_OP_SET_SECURE_CONN, hdev);
4256 if (err < 0)
4257 goto failed;
4258
4259 if (changed)
4260 err = new_settings(hdev, sk);
4261
4262 goto failed;
4263 }
4264
4265 if (mgmt_pending_find(MGMT_OP_SET_SECURE_CONN, hdev)) {
4266 err = cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4267 MGMT_STATUS_BUSY);
4268 goto failed;
4269 }
4270
0ab04a9c
MH		 4271 val = !!cp->val;
4272
4273 if (val == test_bit(HCI_SC_ENABLED, &hdev->dev_flags) &&
4274 (cp->val == 0x02) == test_bit(HCI_SC_ONLY, &hdev->dev_flags)) {
eac83dc6
MH		 4275 err = send_settings_rsp(sk, MGMT_OP_SET_SECURE_CONN, hdev);
4276 goto failed;
4277 }
4278
4279 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SECURE_CONN, hdev, data, len);
4280 if (!cmd) {
4281 err = -ENOMEM;
4282 goto failed;
4283 }
4284
0ab04a9c 4285 err = hci_send_cmd(hdev, HCI_OP_WRITE_SC_SUPPORT, 1, &val);
eac83dc6
MH		 4286 if (err < 0) {
4287 mgmt_pending_remove(cmd);
4288 goto failed;
4289 }
4290
0ab04a9c
MH		 4291 if (cp->val == 0x02)
4292 set_bit(HCI_SC_ONLY, &hdev->dev_flags);
4293 else
4294 clear_bit(HCI_SC_ONLY, &hdev->dev_flags);
4295
eac83dc6
MH		 4296failed:
4297 hci_dev_unlock(hdev);
4298 return err;
4299}
4300
4e39ac81
MH		 4301static int set_debug_keys(struct sock *sk, struct hci_dev *hdev,
4302 void *data, u16 len)
4303{
4304 struct mgmt_mode *cp = data;
4305 bool changed;
4306 int err;
4307
4308 BT_DBG("request for %s", hdev->name);
4309
4310 if (cp->val != 0x00 && cp->val != 0x01)
4311 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEBUG_KEYS,
4312 MGMT_STATUS_INVALID_PARAMS);
4313
4314 hci_dev_lock(hdev);
4315
4316 if (cp->val)
4317 changed = !test_and_set_bit(HCI_DEBUG_KEYS, &hdev->dev_flags);
4318 else
4319 changed = test_and_clear_bit(HCI_DEBUG_KEYS, &hdev->dev_flags);
4320
4321 err = send_settings_rsp(sk, MGMT_OP_SET_DEBUG_KEYS, hdev);
4322 if (err < 0)
4323 goto unlock;
4324
4325 if (changed)
4326 err = new_settings(hdev, sk);
4327
4328unlock:
4329 hci_dev_unlock(hdev);
4330 return err;
4331}
4332
62b04cd1
JH		 4333static int set_privacy(struct sock *sk, struct hci_dev *hdev, void *cp_data,
4334 u16 len)
4335{
4336 struct mgmt_cp_set_privacy *cp = cp_data;
4337 bool changed;
4338 int err;
4339
4340 BT_DBG("request for %s", hdev->name);
4341
4342 if (!lmp_le_capable(hdev))
4343 return cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
4344 MGMT_STATUS_NOT_SUPPORTED);
4345
4346 if (cp->privacy != 0x00 && cp->privacy != 0x01)
4347 return cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
4348 MGMT_STATUS_INVALID_PARAMS);
4349
4350 if (hdev_is_powered(hdev))
4351 return cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
4352 MGMT_STATUS_REJECTED);
4353
4354 hci_dev_lock(hdev);
4355
c21c0ea0
JH		 4356 /* If user space supports this command it is also expected to
4357 * handle IRKs. Therefore, set the HCI_RPA_RESOLVING flag.
4358 */
4359 set_bit(HCI_RPA_RESOLVING, &hdev->dev_flags);
4360
62b04cd1
JH		 4361 if (cp->privacy) {
4362 changed = !test_and_set_bit(HCI_PRIVACY, &hdev->dev_flags);
4363 memcpy(hdev->irk, cp->irk, sizeof(hdev->irk));
4364 set_bit(HCI_RPA_EXPIRED, &hdev->dev_flags);
4365 } else {
4366 changed = test_and_clear_bit(HCI_PRIVACY, &hdev->dev_flags);
4367 memset(hdev->irk, 0, sizeof(hdev->irk));
4368 clear_bit(HCI_RPA_EXPIRED, &hdev->dev_flags);
4369 }
4370
4371 err = send_settings_rsp(sk, MGMT_OP_SET_PRIVACY, hdev);
4372 if (err < 0)
4373 goto unlock;
4374
4375 if (changed)
4376 err = new_settings(hdev, sk);
4377
4378unlock:
4379 hci_dev_unlock(hdev);
4380 return err;
4381}
4382
41edf160
JH		 4383static bool irk_is_valid(struct mgmt_irk_info *irk)
4384{
4385 switch (irk->addr.type) {
4386 case BDADDR_LE_PUBLIC:
4387 return true;
4388
4389 case BDADDR_LE_RANDOM:
4390 /* Two most significant bits shall be set */
4391 if ((irk->addr.bdaddr.b[5] & 0xc0) != 0xc0)
4392 return false;
4393 return true;
4394 }
4395
4396 return false;
4397}
4398
4399static int load_irks(struct sock *sk, struct hci_dev *hdev, void *cp_data,
4400 u16 len)
4401{
4402 struct mgmt_cp_load_irks *cp = cp_data;
4403 u16 irk_count, expected_len;
4404 int i, err;
4405
4406 BT_DBG("request for %s", hdev->name);
4407
4408 if (!lmp_le_capable(hdev))
4409 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
4410 MGMT_STATUS_NOT_SUPPORTED);
4411
4412 irk_count = __le16_to_cpu(cp->irk_count);
4413
4414 expected_len = sizeof(*cp) + irk_count * sizeof(struct mgmt_irk_info);
4415 if (expected_len != len) {
4416 BT_ERR("load_irks: expected %u bytes, got %u bytes",
4417 len, expected_len);
4418 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
4419 MGMT_STATUS_INVALID_PARAMS);
4420 }
4421
4422 BT_DBG("%s irk_count %u", hdev->name, irk_count);
4423
4424 for (i = 0; i < irk_count; i++) {
4425 struct mgmt_irk_info *key = &cp->irks[i];
4426
4427 if (!irk_is_valid(key))
4428 return cmd_status(sk, hdev->id,
4429 MGMT_OP_LOAD_IRKS,
4430 MGMT_STATUS_INVALID_PARAMS);
4431 }
4432
4433 hci_dev_lock(hdev);
4434
4435 hci_smp_irks_clear(hdev);
4436
4437 for (i = 0; i < irk_count; i++) {
4438 struct mgmt_irk_info *irk = &cp->irks[i];
4439 u8 addr_type;
4440
4441 if (irk->addr.type == BDADDR_LE_PUBLIC)
4442 addr_type = ADDR_LE_DEV_PUBLIC;
4443 else
4444 addr_type = ADDR_LE_DEV_RANDOM;
4445
4446 hci_add_irk(hdev, &irk->addr.bdaddr, addr_type, irk->val,
4447 BDADDR_ANY);
4448 }
4449
4450 set_bit(HCI_RPA_RESOLVING, &hdev->dev_flags);
4451
4452 err = cmd_complete(sk, hdev->id, MGMT_OP_LOAD_IRKS, 0, NULL, 0);
4453
4454 hci_dev_unlock(hdev);
4455
4456 return err;
4457}
4458
3f706b72
JH		 4459static bool ltk_is_valid(struct mgmt_ltk_info *key)
4460{
4461 if (key->master != 0x00 && key->master != 0x01)
4462 return false;
490cb0b3
MH		 4463
4464 switch (key->addr.type) {
4465 case BDADDR_LE_PUBLIC:
4466 return true;
4467
4468 case BDADDR_LE_RANDOM:
4469 /* Two most significant bits shall be set */
4470 if ((key->addr.bdaddr.b[5] & 0xc0) != 0xc0)
4471 return false;
4472 return true;
4473 }
4474
4475 return false;
3f706b72
JH		 4476}
4477
bdb6d971 4478static int load_long_term_keys(struct sock *sk, struct hci_dev *hdev,
04124681 4479 void *cp_data, u16 len)
346af67b 4480{
346af67b
VCG		 4481 struct mgmt_cp_load_long_term_keys *cp = cp_data;
4482 u16 key_count, expected_len;
715a5bf2 4483 int i, err;
346af67b 4484
cf99ba13
MH		 4485 BT_DBG("request for %s", hdev->name);
4486
4487 if (!lmp_le_capable(hdev))
4488 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
4489 MGMT_STATUS_NOT_SUPPORTED);
4490
1f350c87 4491 key_count = __le16_to_cpu(cp->key_count);
346af67b
VCG		 4492
4493 expected_len = sizeof(*cp) + key_count *
4494 sizeof(struct mgmt_ltk_info);
4495 if (expected_len != len) {
4496 BT_ERR("load_keys: expected %u bytes, got %u bytes",
8ce8e2b5 4497 len, expected_len);
bdb6d971 4498 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
e57e619f 4499 MGMT_STATUS_INVALID_PARAMS);
346af67b
VCG		 4500 }
4501
bdb6d971 4502 BT_DBG("%s key_count %u", hdev->name, key_count);
346af67b 4503
54ad6d8a
JH		 4504 for (i = 0; i < key_count; i++) {
4505 struct mgmt_ltk_info *key = &cp->keys[i];
4506
3f706b72 4507 if (!ltk_is_valid(key))
54ad6d8a
JH		 4508 return cmd_status(sk, hdev->id,
4509 MGMT_OP_LOAD_LONG_TERM_KEYS,
4510 MGMT_STATUS_INVALID_PARAMS);
4511 }
4512
346af67b
VCG		 4513 hci_dev_lock(hdev);
4514
4515 hci_smp_ltks_clear(hdev);
4516
4517 for (i = 0; i < key_count; i++) {
4518 struct mgmt_ltk_info *key = &cp->keys[i];
79d95a19
MH		 4519 u8 type, addr_type;
4520
4521 if (key->addr.type == BDADDR_LE_PUBLIC)
4522 addr_type = ADDR_LE_DEV_PUBLIC;
4523 else
4524 addr_type = ADDR_LE_DEV_RANDOM;
346af67b
VCG		 4525
4526 if (key->master)
4527 type = HCI_SMP_LTK;
4528 else
4529 type = HCI_SMP_LTK_SLAVE;
4530
35d70271
JH		 4531 hci_add_ltk(hdev, &key->addr.bdaddr, addr_type, type,
4532 key->type, key->val, key->enc_size, key->ediv,
4533 key->rand);
346af67b
VCG		 4534 }
4535
715a5bf2
JH		 4536 err = cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS, 0,
4537 NULL, 0);
4538
346af67b 4539 hci_dev_unlock(hdev);
346af67b 4540
715a5bf2 4541 return err;
346af67b
VCG		 4542}
4543
2e3c35ea 4544static const struct mgmt_handler {
04124681
GP		 4545 int (*func) (struct sock *sk, struct hci_dev *hdev, void *data,
4546 u16 data_len);
be22b54e
JH		 4547 bool var_len;
4548 size_t data_len;
0f4e68cf
JH		 4549} mgmt_handlers[] = {
4550 { NULL }, /* 0x0000 (no command) */
be22b54e
JH		 4551 { read_version, false, MGMT_READ_VERSION_SIZE },
4552 { read_commands, false, MGMT_READ_COMMANDS_SIZE },
4553 { read_index_list, false, MGMT_READ_INDEX_LIST_SIZE },
4554 { read_controller_info, false, MGMT_READ_INFO_SIZE },
4555 { set_powered, false, MGMT_SETTING_SIZE },
4556 { set_discoverable, false, MGMT_SET_DISCOVERABLE_SIZE },
4557 { set_connectable, false, MGMT_SETTING_SIZE },
4558 { set_fast_connectable, false, MGMT_SETTING_SIZE },
4559 { set_pairable, false, MGMT_SETTING_SIZE },
4560 { set_link_security, false, MGMT_SETTING_SIZE },
4561 { set_ssp, false, MGMT_SETTING_SIZE },
4562 { set_hs, false, MGMT_SETTING_SIZE },
4563 { set_le, false, MGMT_SETTING_SIZE },
4564 { set_dev_class, false, MGMT_SET_DEV_CLASS_SIZE },
4565 { set_local_name, false, MGMT_SET_LOCAL_NAME_SIZE },
4566 { add_uuid, false, MGMT_ADD_UUID_SIZE },
4567 { remove_uuid, false, MGMT_REMOVE_UUID_SIZE },
4568 { load_link_keys, true, MGMT_LOAD_LINK_KEYS_SIZE },
4569 { load_long_term_keys, true, MGMT_LOAD_LONG_TERM_KEYS_SIZE },
4570 { disconnect, false, MGMT_DISCONNECT_SIZE },
4571 { get_connections, false, MGMT_GET_CONNECTIONS_SIZE },
4572 { pin_code_reply, false, MGMT_PIN_CODE_REPLY_SIZE },
4573 { pin_code_neg_reply, false, MGMT_PIN_CODE_NEG_REPLY_SIZE },
4574 { set_io_capability, false, MGMT_SET_IO_CAPABILITY_SIZE },
4575 { pair_device, false, MGMT_PAIR_DEVICE_SIZE },
4576 { cancel_pair_device, false, MGMT_CANCEL_PAIR_DEVICE_SIZE },
4577 { unpair_device, false, MGMT_UNPAIR_DEVICE_SIZE },
4578 { user_confirm_reply, false, MGMT_USER_CONFIRM_REPLY_SIZE },
4579 { user_confirm_neg_reply, false, MGMT_USER_CONFIRM_NEG_REPLY_SIZE },
4580 { user_passkey_reply, false, MGMT_USER_PASSKEY_REPLY_SIZE },
4581 { user_passkey_neg_reply, false, MGMT_USER_PASSKEY_NEG_REPLY_SIZE },
4582 { read_local_oob_data, false, MGMT_READ_LOCAL_OOB_DATA_SIZE },
ec109113 4583 { add_remote_oob_data, true, MGMT_ADD_REMOTE_OOB_DATA_SIZE },
be22b54e
JH		 4584 { remove_remote_oob_data, false, MGMT_REMOVE_REMOTE_OOB_DATA_SIZE },
4585 { start_discovery, false, MGMT_START_DISCOVERY_SIZE },
4586 { stop_discovery, false, MGMT_STOP_DISCOVERY_SIZE },
4587 { confirm_name, false, MGMT_CONFIRM_NAME_SIZE },
4588 { block_device, false, MGMT_BLOCK_DEVICE_SIZE },
4589 { unblock_device, false, MGMT_UNBLOCK_DEVICE_SIZE },
cdbaccca 4590 { set_device_id, false, MGMT_SET_DEVICE_ID_SIZE },
4375f103 4591 { set_advertising, false, MGMT_SETTING_SIZE },
0663ca2a 4592 { set_bredr, false, MGMT_SETTING_SIZE },
d13eafce 4593 { set_static_address, false, MGMT_SET_STATIC_ADDRESS_SIZE },
14b49b9a 4594 { set_scan_params, false, MGMT_SET_SCAN_PARAMS_SIZE },
eac83dc6 4595 { set_secure_conn, false, MGMT_SETTING_SIZE },
4e39ac81 4596 { set_debug_keys, false, MGMT_SETTING_SIZE },
62b04cd1 4597 { set_privacy, false, MGMT_SET_PRIVACY_SIZE },
41edf160 4598 { load_irks, true, MGMT_LOAD_IRKS_SIZE },
0f4e68cf
JH		 4599};
4600
4601
0381101f
JH		 4602int mgmt_control(struct sock *sk, struct msghdr *msg, size_t msglen)
4603{
650f726d
VCG		 4604 void *buf;
4605 u8 *cp;
0381101f 4606 struct mgmt_hdr *hdr;
4e51eae9 4607 u16 opcode, index, len;
bdb6d971 4608 struct hci_dev *hdev = NULL;
2e3c35ea 4609 const struct mgmt_handler *handler;
0381101f
JH		 4610 int err;
4611
4612 BT_DBG("got %zu bytes", msglen);
4613
4614 if (msglen < sizeof(*hdr))
4615 return -EINVAL;
4616
e63a15ec 4617 buf = kmalloc(msglen, GFP_KERNEL);
0381101f
JH		 4618 if (!buf)
4619 return -ENOMEM;
4620
4621 if (memcpy_fromiovec(buf, msg->msg_iov, msglen)) {
4622 err = -EFAULT;
4623 goto done;
4624 }
4625
650f726d 4626 hdr = buf;
1f350c87
MH		 4627 opcode = __le16_to_cpu(hdr->opcode);
4628 index = __le16_to_cpu(hdr->index);
4629 len = __le16_to_cpu(hdr->len);
0381101f
JH		 4630
4631 if (len != msglen - sizeof(*hdr)) {
4632 err = -EINVAL;
4633 goto done;
4634 }
4635
0f4e68cf 4636 if (index != MGMT_INDEX_NONE) {
bdb6d971
JH		 4637 hdev = hci_dev_get(index);
4638 if (!hdev) {
4639 err = cmd_status(sk, index, opcode,
04124681 4640 MGMT_STATUS_INVALID_INDEX);
bdb6d971
JH		 4641 goto done;
4642 }
0736cfa8 4643
cebf4cfd
JH		 4644 if (test_bit(HCI_SETUP, &hdev->dev_flags) ||
4645 test_bit(HCI_USER_CHANNEL, &hdev->dev_flags)) {
0736cfa8
MH		 4646 err = cmd_status(sk, index, opcode,
4647 MGMT_STATUS_INVALID_INDEX);
4648 goto done;
4649 }
bdb6d971
JH		 4650 }
4651
0f4e68cf 4652 if (opcode >= ARRAY_SIZE(mgmt_handlers) ||
8ce8e2b5 4653 mgmt_handlers[opcode].func == NULL) {
0381101f 4654 BT_DBG("Unknown op %u", opcode);
ca69b795 4655 err = cmd_status(sk, index, opcode,
04124681 4656 MGMT_STATUS_UNKNOWN_COMMAND);
0f4e68cf
JH		 4657 goto done;
4658 }
4659
4660 if ((hdev && opcode < MGMT_OP_READ_INFO) ||
8ce8e2b5 4661 (!hdev && opcode >= MGMT_OP_READ_INFO)) {
0f4e68cf 4662 err = cmd_status(sk, index, opcode,
04124681 4663 MGMT_STATUS_INVALID_INDEX);
0f4e68cf 4664 goto done;
0381101f
JH		 4665 }
4666
be22b54e
JH		 4667 handler = &mgmt_handlers[opcode];
4668
4669 if ((handler->var_len && len < handler->data_len) ||
8ce8e2b5 4670 (!handler->var_len && len != handler->data_len)) {
be22b54e 4671 err = cmd_status(sk, index, opcode,
04124681 4672 MGMT_STATUS_INVALID_PARAMS);
be22b54e
JH		 4673 goto done;
4674 }
4675
0f4e68cf
JH		 4676 if (hdev)
4677 mgmt_init_hdev(sk, hdev);
4678
4679 cp = buf + sizeof(*hdr);
4680
be22b54e 4681 err = handler->func(sk, hdev, cp, len);
e41d8b4e
JH		 4682 if (err < 0)
4683 goto done;
4684
0381101f
JH		 4685 err = msglen;
4686
4687done:
bdb6d971
JH		 4688 if (hdev)
4689 hci_dev_put(hdev);
4690
0381101f
JH		 4691 kfree(buf);
4692 return err;
4693}
c71e97bf 4694
bf6b56db 4695void mgmt_index_added(struct hci_dev *hdev)
c71e97bf 4696{
1514b892 4697 if (hdev->dev_type != HCI_BREDR)
bf6b56db 4698 return;
bb4b2a9a 4699
bf6b56db 4700 mgmt_event(MGMT_EV_INDEX_ADDED, hdev, NULL, 0, NULL);
c71e97bf
JH		 4701}
4702
bf6b56db 4703void mgmt_index_removed(struct hci_dev *hdev)
c71e97bf 4704{
5f159032 4705 u8 status = MGMT_STATUS_INVALID_INDEX;
b24752fe 4706
1514b892 4707 if (hdev->dev_type != HCI_BREDR)
bf6b56db 4708 return;
bb4b2a9a 4709
744cf19e 4710 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status);
b24752fe 4711
bf6b56db 4712 mgmt_event(MGMT_EV_INDEX_REMOVED, hdev, NULL, 0, NULL);
eec8d2bc
JH		 4713}
4714
6046dc3e
AG		 4715/* This function requires the caller holds hdev->lock */
4716static void restart_le_auto_conns(struct hci_dev *hdev)
4717{
4718 struct hci_conn_params *p;
4719
4720 list_for_each_entry(p, &hdev->le_conn_params, list) {
4721 if (p->auto_connect == HCI_AUTO_CONN_ALWAYS)
4722 hci_pend_le_conn_add(hdev, &p->addr, p->addr_type);
4723 }
4724}
4725
229ab39c
JH		 4726static void powered_complete(struct hci_dev *hdev, u8 status)
4727{
4728 struct cmd_lookup match = { NULL, hdev };
4729
4730 BT_DBG("status 0x%02x", status);
4731
4732 hci_dev_lock(hdev);
4733
6046dc3e
AG		 4734 restart_le_auto_conns(hdev);
4735
229ab39c
JH		 4736 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
4737
4738 new_settings(hdev, match.sk);
4739
4740 hci_dev_unlock(hdev);
4741
4742 if (match.sk)
4743 sock_put(match.sk);
4744}
4745
70da6243 4746static int powered_update_hci(struct hci_dev *hdev)
5add6af8 4747{
890ea898 4748 struct hci_request req;
70da6243 4749 u8 link_sec;
5add6af8 4750
890ea898
JH		 4751 hci_req_init(&req, hdev);
4752
70da6243
JH		 4753 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags) &&
4754 !lmp_host_ssp_capable(hdev)) {
4755 u8 ssp = 1;
5e5282bb 4756
890ea898 4757 hci_req_add(&req, HCI_OP_WRITE_SSP_MODE, 1, &ssp);
70da6243 4758 }
5add6af8 4759
c73eee91
JH		 4760 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags) &&
4761 lmp_bredr_capable(hdev)) {
70da6243 4762 struct hci_cp_write_le_host_supported cp;
f0ff92fb 4763
70da6243
JH		 4764 cp.le = 1;
4765 cp.simul = lmp_le_br_capable(hdev);
3d1cbdd6 4766
70da6243
JH		 4767 /* Check first if we already have the right
4768 * host state (host features set)
4769 */
4770 if (cp.le != lmp_host_le_capable(hdev) ||
4771 cp.simul != lmp_host_le_br_capable(hdev))
890ea898
JH		 4772 hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED,
4773 sizeof(cp), &cp);
70da6243 4774 }
3d1cbdd6 4775
d13eafce 4776 if (lmp_le_capable(hdev)) {
441ad2d0
MH		 4777 /* Make sure the controller has a good default for
4778 * advertising data. This also applies to the case
4779 * where BR/EDR was toggled during the AUTO_OFF phase.
4780 */
f14d8f64 4781 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
5947f4bc 4782 update_adv_data(&req);
f14d8f64
MH		 4783 update_scan_rsp_data(&req);
4784 }
441ad2d0 4785
bba3aa55
MH		 4786 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags))
4787 enable_advertising(&req);
eeca6f89
JH		 4788 }
4789
70da6243
JH		 4790 link_sec = test_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
4791 if (link_sec != test_bit(HCI_AUTH, &hdev->flags))
890ea898
JH		 4792 hci_req_add(&req, HCI_OP_WRITE_AUTH_ENABLE,
4793 sizeof(link_sec), &link_sec);
562fcc24 4794
70da6243 4795 if (lmp_bredr_capable(hdev)) {
56f87901
JH		 4796 if (test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
4797 set_bredr_scan(&req);
890ea898 4798 update_class(&req);
13928971 4799 update_name(&req);
890ea898 4800 update_eir(&req);
70da6243 4801 }
562fcc24 4802
229ab39c 4803 return hci_req_run(&req, powered_complete);
70da6243 4804}
562fcc24 4805
70da6243
JH		 4806int mgmt_powered(struct hci_dev *hdev, u8 powered)
4807{
4808 struct cmd_lookup match = { NULL, hdev };
229ab39c
JH		 4809 u8 status_not_powered = MGMT_STATUS_NOT_POWERED;
4810 u8 zero_cod[] = { 0, 0, 0 };
70da6243 4811 int err;
f0ff92fb 4812
70da6243
JH		 4813 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
4814 return 0;
4815
70da6243 4816 if (powered) {
229ab39c
JH		 4817 if (powered_update_hci(hdev) == 0)
4818 return 0;
fe038884 4819
229ab39c
JH		 4820 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp,
4821 &match);
4822 goto new_settings;
b24752fe
JH		 4823 }
4824
229ab39c
JH		 4825 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
4826 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status_not_powered);
4827
4828 if (memcmp(hdev->dev_class, zero_cod, sizeof(zero_cod)) != 0)
4829 mgmt_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev,
4830 zero_cod, sizeof(zero_cod), NULL);
4831
4832new_settings:
beadb2bd 4833 err = new_settings(hdev, match.sk);
eec8d2bc
JH		 4834
4835 if (match.sk)
4836 sock_put(match.sk);
4837
7bb895d6 4838 return err;
5add6af8 4839}
73f22f62 4840
3eec705e 4841void mgmt_set_powered_failed(struct hci_dev *hdev, int err)
96570ffc
JH		 4842{
4843 struct pending_cmd *cmd;
4844 u8 status;
4845
4846 cmd = mgmt_pending_find(MGMT_OP_SET_POWERED, hdev);
4847 if (!cmd)
3eec705e 4848 return;
96570ffc
JH		 4849
4850 if (err == -ERFKILL)
4851 status = MGMT_STATUS_RFKILLED;
4852 else
4853 status = MGMT_STATUS_FAILED;
4854
3eec705e 4855 cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_POWERED, status);
96570ffc
JH		 4856
4857 mgmt_pending_remove(cmd);
96570ffc
JH		 4858}
4859
d1967ff8
MH		 4860void mgmt_discoverable_timeout(struct hci_dev *hdev)
4861{
4862 struct hci_request req;
d1967ff8
MH		 4863
4864 hci_dev_lock(hdev);
4865
4866 /* When discoverable timeout triggers, then just make sure
4867 * the limited discoverable flag is cleared. Even in the case
4868 * of a timeout triggered from general discoverable, it is
4869 * safe to unconditionally clear the flag.
4870 */
4871 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
9a43e25f 4872 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
d1967ff8
MH		 4873
4874 hci_req_init(&req, hdev);
4b580614
JH		 4875 if (test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
4876 u8 scan = SCAN_PAGE;
4877 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE,
4878 sizeof(scan), &scan);
4879 }
d1967ff8 4880 update_class(&req);
9a43e25f 4881 update_adv_data(&req);
d1967ff8
MH		 4882 hci_req_run(&req, NULL);
4883
4884 hdev->discov_timeout = 0;
4885
9a43e25f
JH		 4886 new_settings(hdev, NULL);
4887
d1967ff8
MH		 4888 hci_dev_unlock(hdev);
4889}
4890
86a75645 4891void mgmt_discoverable(struct hci_dev *hdev, u8 discoverable)
73f22f62 4892{
86a75645 4893 bool changed;
73f22f62 4894
bfaf8c9f
JH		 4895 /* Nothing needed here if there's a pending command since that
4896 * commands request completion callback takes care of everything
4897 * necessary.
4898 */
4899 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev))
86a75645 4900 return;
bfaf8c9f 4901
bd107999
JH		 4902 /* Powering off may clear the scan mode - don't let that interfere */
4903 if (!discoverable && mgmt_pending_find(MGMT_OP_SET_POWERED, hdev))
4904 return;
4905
9a43e25f 4906 if (discoverable) {
86a75645 4907 changed = !test_and_set_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
9a43e25f
JH		 4908 } else {
4909 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
86a75645 4910 changed = test_and_clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
9a43e25f
JH		 4911 }
4912
4913 if (changed) {
4914 struct hci_request req;
4915
4916 /* In case this change in discoverable was triggered by
4917 * a disabling of connectable there could be a need to
4918 * update the advertising flags.
4919 */
4920 hci_req_init(&req, hdev);
4921 update_adv_data(&req);
4922 hci_req_run(&req, NULL);
73f22f62 4923
86a75645 4924 new_settings(hdev, NULL);
9a43e25f 4925 }
73f22f62 4926}
9fbcbb45 4927
a330916c 4928void mgmt_connectable(struct hci_dev *hdev, u8 connectable)
9fbcbb45 4929{
a330916c 4930 bool changed;
9fbcbb45 4931
d7b856f9
JH		 4932 /* Nothing needed here if there's a pending command since that
4933 * commands request completion callback takes care of everything
4934 * necessary.
4935 */
4936 if (mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev))
a330916c 4937 return;
d7b856f9 4938
ce3f24cf
JH		 4939 /* Powering off may clear the scan mode - don't let that interfere */
4940 if (!connectable && mgmt_pending_find(MGMT_OP_SET_POWERED, hdev))
4941 return;
4942
a330916c
MH		 4943 if (connectable)
4944 changed = !test_and_set_bit(HCI_CONNECTABLE, &hdev->dev_flags);
4945 else
4946 changed = test_and_clear_bit(HCI_CONNECTABLE, &hdev->dev_flags);
9fbcbb45 4947
beadb2bd 4948 if (changed)
a330916c 4949 new_settings(hdev, NULL);
9fbcbb45 4950}
55ed8ca1 4951
778b235a
JH		 4952void mgmt_advertising(struct hci_dev *hdev, u8 advertising)
4953{
7c4cfab8
JH		 4954 /* Powering off may stop advertising - don't let that interfere */
4955 if (!advertising && mgmt_pending_find(MGMT_OP_SET_POWERED, hdev))
4956 return;
4957
778b235a
JH		 4958 if (advertising)
4959 set_bit(HCI_ADVERTISING, &hdev->dev_flags);
4960 else
4961 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
4962}
4963
4796e8af 4964void mgmt_write_scan_failed(struct hci_dev *hdev, u8 scan, u8 status)
2d7cee58 4965{
ca69b795
JH		 4966 u8 mgmt_err = mgmt_status(status);
4967
2d7cee58 4968 if (scan & SCAN_PAGE)
744cf19e 4969 mgmt_pending_foreach(MGMT_OP_SET_CONNECTABLE, hdev,
04124681 4970 cmd_status_rsp, &mgmt_err);
2d7cee58
JH		 4971
4972 if (scan & SCAN_INQUIRY)
744cf19e 4973 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, hdev,
04124681 4974 cmd_status_rsp, &mgmt_err);
2d7cee58
JH		 4975}
4976
dc4a5ee2
MH		 4977void mgmt_new_link_key(struct hci_dev *hdev, struct link_key *key,
4978 bool persistent)
55ed8ca1 4979{
86742e1e 4980 struct mgmt_ev_new_link_key ev;
55ed8ca1 4981
a492cd52 4982 memset(&ev, 0, sizeof(ev));
55ed8ca1 4983
a492cd52 4984 ev.store_hint = persistent;
d753fdc4 4985 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
591f47f3 4986 ev.key.addr.type = BDADDR_BREDR;
a492cd52 4987 ev.key.type = key->type;
9b3b4460 4988 memcpy(ev.key.val, key->val, HCI_LINK_KEY_SIZE);
a492cd52 4989 ev.key.pin_len = key->pin_len;
55ed8ca1 4990
dc4a5ee2 4991 mgmt_event(MGMT_EV_NEW_LINK_KEY, hdev, &ev, sizeof(ev), NULL);
55ed8ca1 4992}
f7520543 4993
ba74b666 4994void mgmt_new_ltk(struct hci_dev *hdev, struct smp_ltk *key)
346af67b
VCG		 4995{
4996 struct mgmt_ev_new_long_term_key ev;
4997
4998 memset(&ev, 0, sizeof(ev));
4999
5192d301
MH		 5000 /* Devices using resolvable or non-resolvable random addresses
5001 * without providing an indentity resolving key don't require
5002 * to store long term keys. Their addresses will change the
5003 * next time around.
5004 *
5005 * Only when a remote device provides an identity address
5006 * make sure the long term key is stored. If the remote
5007 * identity is known, the long term keys are internally
5008 * mapped to the identity address. So allow static random
5009 * and public addresses here.
5010 */
ba74b666
JH		 5011 if (key->bdaddr_type == ADDR_LE_DEV_RANDOM &&
5012 (key->bdaddr.b[5] & 0xc0) != 0xc0)
5013 ev.store_hint = 0x00;
5014 else
5015 ev.store_hint = 0x01;
5016
346af67b 5017 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
57c1477c 5018 ev.key.addr.type = link_to_bdaddr(LE_LINK, key->bdaddr_type);
d40f3eef 5019 ev.key.type = key->authenticated;
346af67b
VCG		 5020 ev.key.enc_size = key->enc_size;
5021 ev.key.ediv = key->ediv;
5022
5023 if (key->type == HCI_SMP_LTK)
5024 ev.key.master = 1;
5025
5026 memcpy(ev.key.rand, key->rand, sizeof(key->rand));
5027 memcpy(ev.key.val, key->val, sizeof(key->val));
5028
083368f7 5029 mgmt_event(MGMT_EV_NEW_LONG_TERM_KEY, hdev, &ev, sizeof(ev), NULL);
346af67b
VCG		 5030}
5031
95fbac8a
JH		 5032void mgmt_new_irk(struct hci_dev *hdev, struct smp_irk *irk)
5033{
5034 struct mgmt_ev_new_irk ev;
5035
5036 memset(&ev, 0, sizeof(ev));
5037
bab6d1e5
MH		 5038 /* For identity resolving keys from devices that are already
5039 * using a public address or static random address, do not
5040 * ask for storing this key. The identity resolving key really
5041 * is only mandatory for devices using resovlable random
5042 * addresses.
5043 *
5044 * Storing all identity resolving keys has the downside that
5045 * they will be also loaded on next boot of they system. More
5046 * identity resolving keys, means more time during scanning is
5047 * needed to actually resolve these addresses.
5048 */
5049 if (bacmp(&irk->rpa, BDADDR_ANY))
5050 ev.store_hint = 0x01;
5051 else
5052 ev.store_hint = 0x00;
5053
95fbac8a
JH		 5054 bacpy(&ev.rpa, &irk->rpa);
5055 bacpy(&ev.irk.addr.bdaddr, &irk->bdaddr);
5056 ev.irk.addr.type = link_to_bdaddr(LE_LINK, irk->addr_type);
5057 memcpy(ev.irk.val, irk->val, sizeof(irk->val));
5058
5059 mgmt_event(MGMT_EV_NEW_IRK, hdev, &ev, sizeof(ev), NULL);
5060}
5061
94933991
MH		 5062static inline u16 eir_append_data(u8 *eir, u16 eir_len, u8 type, u8 *data,
5063 u8 data_len)
5064{
5065 eir[eir_len++] = sizeof(type) + data_len;
5066 eir[eir_len++] = type;
5067 memcpy(&eir[eir_len], data, data_len);
5068 eir_len += data_len;
5069
5070 return eir_len;
5071}
5072
ecd90ae7
MH		 5073void mgmt_device_connected(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
5074 u8 addr_type, u32 flags, u8 *name, u8 name_len,
5075 u8 *dev_class)
f7520543 5076{
b644ba33
JH		 5077 char buf[512];
5078 struct mgmt_ev_device_connected *ev = (void *) buf;
5079 u16 eir_len = 0;
f7520543 5080
b644ba33 5081 bacpy(&ev->addr.bdaddr, bdaddr);
57c1477c 5082 ev->addr.type = link_to_bdaddr(link_type, addr_type);
f7520543 5083
c95f0ba7 5084 ev->flags = __cpu_to_le32(flags);
08c79b61 5085
b644ba33
JH		 5086 if (name_len > 0)
5087 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE,
04124681 5088 name, name_len);
b644ba33
JH		 5089
5090 if (dev_class && memcmp(dev_class, "\0\0\0", 3) != 0)
53156385 5091 eir_len = eir_append_data(ev->eir, eir_len,
04124681 5092 EIR_CLASS_OF_DEV, dev_class, 3);
b644ba33 5093
eb55ef07 5094 ev->eir_len = cpu_to_le16(eir_len);
b644ba33 5095
ecd90ae7
MH		 5096 mgmt_event(MGMT_EV_DEVICE_CONNECTED, hdev, buf,
5097 sizeof(*ev) + eir_len, NULL);
f7520543
JH		 5098}
5099
8962ee74
JH		 5100static void disconnect_rsp(struct pending_cmd *cmd, void *data)
5101{
c68fb7ff 5102 struct mgmt_cp_disconnect *cp = cmd->param;
8962ee74 5103 struct sock **sk = data;
a38528f1 5104 struct mgmt_rp_disconnect rp;
8962ee74 5105
88c3df13
JH		 5106 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
5107 rp.addr.type = cp->addr.type;
8962ee74 5108
aee9b218 5109 cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT, 0, &rp,
04124681 5110 sizeof(rp));
8962ee74
JH		 5111
5112 *sk = cmd->sk;
5113 sock_hold(*sk);
5114
a664b5bc 5115 mgmt_pending_remove(cmd);
8962ee74
JH		 5116}
5117
124f6e35 5118static void unpair_device_rsp(struct pending_cmd *cmd, void *data)
a8a1d19e 5119{
b1078ad0 5120 struct hci_dev *hdev = data;
124f6e35
JH		 5121 struct mgmt_cp_unpair_device *cp = cmd->param;
5122 struct mgmt_rp_unpair_device rp;
a8a1d19e
JH		 5123
5124 memset(&rp, 0, sizeof(rp));
124f6e35
JH		 5125 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
5126 rp.addr.type = cp->addr.type;
a8a1d19e 5127
b1078ad0
JH		 5128 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, cmd->sk);
5129
aee9b218 5130 cmd_complete(cmd->sk, cmd->index, cmd->opcode, 0, &rp, sizeof(rp));
a8a1d19e
JH		 5131
5132 mgmt_pending_remove(cmd);
5133}
5134
9b80ec5e 5135void mgmt_device_disconnected(struct hci_dev *hdev, bdaddr_t *bdaddr,
12d4a3b2
JH		 5136 u8 link_type, u8 addr_type, u8 reason,
5137 bool mgmt_connected)
f7520543 5138{
f0d6a0ea 5139 struct mgmt_ev_device_disconnected ev;
8b064a3a 5140 struct pending_cmd *power_off;
8962ee74 5141 struct sock *sk = NULL;
8962ee74 5142
8b064a3a
JH		 5143 power_off = mgmt_pending_find(MGMT_OP_SET_POWERED, hdev);
5144 if (power_off) {
5145 struct mgmt_mode *cp = power_off->param;
5146
5147 /* The connection is still in hci_conn_hash so test for 1
5148 * instead of 0 to know if this is the last one.
5149 */
5150 if (!cp->val && hci_conn_count(hdev) == 1)
5151 queue_work(hdev->req_workqueue, &hdev->power_off.work);
5152 }
5153
12d4a3b2
JH		 5154 if (!mgmt_connected)
5155 return;
5156
57eb776f
AG		 5157 if (link_type != ACL_LINK && link_type != LE_LINK)
5158 return;
5159
744cf19e 5160 mgmt_pending_foreach(MGMT_OP_DISCONNECT, hdev, disconnect_rsp, &sk);
f7520543 5161
f0d6a0ea
MA		 5162 bacpy(&ev.addr.bdaddr, bdaddr);
5163 ev.addr.type = link_to_bdaddr(link_type, addr_type);
5164 ev.reason = reason;
f7520543 5165
9b80ec5e 5166 mgmt_event(MGMT_EV_DEVICE_DISCONNECTED, hdev, &ev, sizeof(ev), sk);
8962ee74
JH		 5167
5168 if (sk)
d97dcb66 5169 sock_put(sk);
8962ee74 5170
124f6e35 5171 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
04124681 5172 hdev);
8962ee74
JH		 5173}
5174
7892924c
MH		 5175void mgmt_disconnect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr,
5176 u8 link_type, u8 addr_type, u8 status)
8962ee74 5177{
3655bba8
AG		 5178 u8 bdaddr_type = link_to_bdaddr(link_type, addr_type);
5179 struct mgmt_cp_disconnect *cp;
88c3df13 5180 struct mgmt_rp_disconnect rp;
8962ee74 5181 struct pending_cmd *cmd;
8962ee74 5182
36a75f1b
JD		 5183 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
5184 hdev);
5185
2e58ef3e 5186 cmd = mgmt_pending_find(MGMT_OP_DISCONNECT, hdev);
8962ee74 5187 if (!cmd)
7892924c 5188 return;
8962ee74 5189
3655bba8
AG		 5190 cp = cmd->param;
5191
5192 if (bacmp(bdaddr, &cp->addr.bdaddr))
5193 return;
5194
5195 if (cp->addr.type != bdaddr_type)
5196 return;
5197
88c3df13 5198 bacpy(&rp.addr.bdaddr, bdaddr);
3655bba8 5199 rp.addr.type = bdaddr_type;
37d9ef76 5200
7892924c
MH		 5201 cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT,
5202 mgmt_status(status), &rp, sizeof(rp));
8962ee74 5203
a664b5bc 5204 mgmt_pending_remove(cmd);
f7520543 5205}
17d5c04c 5206
445608d0
MH		 5207void mgmt_connect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
5208 u8 addr_type, u8 status)
17d5c04c
JH		 5209{
5210 struct mgmt_ev_connect_failed ev;
c9910d0f
JH		 5211 struct pending_cmd *power_off;
5212
5213 power_off = mgmt_pending_find(MGMT_OP_SET_POWERED, hdev);
5214 if (power_off) {
5215 struct mgmt_mode *cp = power_off->param;
5216
5217 /* The connection is still in hci_conn_hash so test for 1
5218 * instead of 0 to know if this is the last one.
5219 */
5220 if (!cp->val && hci_conn_count(hdev) == 1)
5221 queue_work(hdev->req_workqueue, &hdev->power_off.work);
5222 }
17d5c04c 5223
4c659c39 5224 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 5225 ev.addr.type = link_to_bdaddr(link_type, addr_type);
ca69b795 5226 ev.status = mgmt_status(status);
17d5c04c 5227
445608d0 5228 mgmt_event(MGMT_EV_CONNECT_FAILED, hdev, &ev, sizeof(ev), NULL);
17d5c04c 5229}
980e1a53 5230
ce0e4a0d 5231void mgmt_pin_code_request(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 secure)
980e1a53
JH		 5232{
5233 struct mgmt_ev_pin_code_request ev;
5234
d8457698 5235 bacpy(&ev.addr.bdaddr, bdaddr);
591f47f3 5236 ev.addr.type = BDADDR_BREDR;
a770bb5a 5237 ev.secure = secure;
980e1a53 5238
ce0e4a0d 5239 mgmt_event(MGMT_EV_PIN_CODE_REQUEST, hdev, &ev, sizeof(ev), NULL);
980e1a53
JH		 5240}
5241
e669cf80
MH		 5242void mgmt_pin_code_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
5243 u8 status)
980e1a53
JH		 5244{
5245 struct pending_cmd *cmd;
ac56fb13 5246 struct mgmt_rp_pin_code_reply rp;
980e1a53 5247
2e58ef3e 5248 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_REPLY, hdev);
980e1a53 5249 if (!cmd)
e669cf80 5250 return;
980e1a53 5251
d8457698 5252 bacpy(&rp.addr.bdaddr, bdaddr);
591f47f3 5253 rp.addr.type = BDADDR_BREDR;
ac56fb13 5254
e669cf80
MH		 5255 cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
5256 mgmt_status(status), &rp, sizeof(rp));
980e1a53 5257
a664b5bc 5258 mgmt_pending_remove(cmd);
980e1a53
JH		 5259}
5260
3eb38528
MH		 5261void mgmt_pin_code_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
5262 u8 status)
980e1a53
JH		 5263{
5264 struct pending_cmd *cmd;
ac56fb13 5265 struct mgmt_rp_pin_code_reply rp;
980e1a53 5266
2e58ef3e 5267 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_NEG_REPLY, hdev);
980e1a53 5268 if (!cmd)
3eb38528 5269 return;
980e1a53 5270
d8457698 5271 bacpy(&rp.addr.bdaddr, bdaddr);
591f47f3 5272 rp.addr.type = BDADDR_BREDR;
ac56fb13 5273
3eb38528
MH		 5274 cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_NEG_REPLY,
5275 mgmt_status(status), &rp, sizeof(rp));
980e1a53 5276
a664b5bc 5277 mgmt_pending_remove(cmd);
980e1a53 5278}
a5c29683 5279
744cf19e 5280int mgmt_user_confirm_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681
GP		 5281 u8 link_type, u8 addr_type, __le32 value,
5282 u8 confirm_hint)
a5c29683
JH		 5283{
5284 struct mgmt_ev_user_confirm_request ev;
5285
744cf19e 5286 BT_DBG("%s", hdev->name);
a5c29683 5287
272d90df 5288 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 5289 ev.addr.type = link_to_bdaddr(link_type, addr_type);
55bc1a37 5290 ev.confirm_hint = confirm_hint;
78e8098e 5291 ev.value = value;
a5c29683 5292
744cf19e 5293 return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST, hdev, &ev, sizeof(ev),
04124681 5294 NULL);
a5c29683
JH		 5295}
5296
272d90df 5297int mgmt_user_passkey_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
8ce8e2b5 5298 u8 link_type, u8 addr_type)
604086b7
BG		 5299{
5300 struct mgmt_ev_user_passkey_request ev;
5301
5302 BT_DBG("%s", hdev->name);
5303
272d90df 5304 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 5305 ev.addr.type = link_to_bdaddr(link_type, addr_type);
604086b7
BG		 5306
5307 return mgmt_event(MGMT_EV_USER_PASSKEY_REQUEST, hdev, &ev, sizeof(ev),
04124681 5308 NULL);
604086b7
BG		 5309}
5310
0df4c185 5311static int user_pairing_resp_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
8ce8e2b5
GP		 5312 u8 link_type, u8 addr_type, u8 status,
5313 u8 opcode)
a5c29683
JH		 5314{
5315 struct pending_cmd *cmd;
5316 struct mgmt_rp_user_confirm_reply rp;
5317 int err;
5318
2e58ef3e 5319 cmd = mgmt_pending_find(opcode, hdev);
a5c29683
JH		 5320 if (!cmd)
5321 return -ENOENT;
5322
272d90df 5323 bacpy(&rp.addr.bdaddr, bdaddr);
57c1477c 5324 rp.addr.type = link_to_bdaddr(link_type, addr_type);
aee9b218 5325 err = cmd_complete(cmd->sk, hdev->id, opcode, mgmt_status(status),
04124681 5326 &rp, sizeof(rp));
a5c29683 5327
a664b5bc 5328 mgmt_pending_remove(cmd);
a5c29683
JH		 5329
5330 return err;
5331}
5332
744cf19e 5333int mgmt_user_confirm_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 5334 u8 link_type, u8 addr_type, u8 status)
a5c29683 5335{
272d90df 5336 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
04124681 5337 status, MGMT_OP_USER_CONFIRM_REPLY);
a5c29683
JH		 5338}
5339
272d90df 5340int mgmt_user_confirm_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 5341 u8 link_type, u8 addr_type, u8 status)
a5c29683 5342{
272d90df 5343 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
8fc9ced3
GP		 5344 status,
5345 MGMT_OP_USER_CONFIRM_NEG_REPLY);
a5c29683 5346}
2a611692 5347
604086b7 5348int mgmt_user_passkey_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 5349 u8 link_type, u8 addr_type, u8 status)
604086b7 5350{
272d90df 5351 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
04124681 5352 status, MGMT_OP_USER_PASSKEY_REPLY);
604086b7
BG		 5353}
5354
272d90df 5355int mgmt_user_passkey_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 5356 u8 link_type, u8 addr_type, u8 status)
604086b7 5357{
272d90df 5358 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
8fc9ced3
GP		 5359 status,
5360 MGMT_OP_USER_PASSKEY_NEG_REPLY);
604086b7
BG		 5361}
5362
92a25256
JH		 5363int mgmt_user_passkey_notify(struct hci_dev *hdev, bdaddr_t *bdaddr,
5364 u8 link_type, u8 addr_type, u32 passkey,
5365 u8 entered)
5366{
5367 struct mgmt_ev_passkey_notify ev;
5368
5369 BT_DBG("%s", hdev->name);
5370
5371 bacpy(&ev.addr.bdaddr, bdaddr);
5372 ev.addr.type = link_to_bdaddr(link_type, addr_type);
5373 ev.passkey = __cpu_to_le32(passkey);
5374 ev.entered = entered;
5375
5376 return mgmt_event(MGMT_EV_PASSKEY_NOTIFY, hdev, &ev, sizeof(ev), NULL);
5377}
5378
e546099c
MH		 5379void mgmt_auth_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
5380 u8 addr_type, u8 status)
2a611692
JH		 5381{
5382 struct mgmt_ev_auth_failed ev;
5383
bab73cb6 5384 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 5385 ev.addr.type = link_to_bdaddr(link_type, addr_type);
ca69b795 5386 ev.status = mgmt_status(status);
2a611692 5387
e546099c 5388 mgmt_event(MGMT_EV_AUTH_FAILED, hdev, &ev, sizeof(ev), NULL);
2a611692 5389}
b312b161 5390
464996ae 5391void mgmt_auth_enable_complete(struct hci_dev *hdev, u8 status)
33ef95ed
JH		 5392{
5393 struct cmd_lookup match = { NULL, hdev };
464996ae 5394 bool changed;
33ef95ed
JH		 5395
5396 if (status) {
5397 u8 mgmt_err = mgmt_status(status);
5398 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev,
04124681 5399 cmd_status_rsp, &mgmt_err);
464996ae 5400 return;
33ef95ed
JH		 5401 }
5402
464996ae
MH		 5403 if (test_bit(HCI_AUTH, &hdev->flags))
5404 changed = !test_and_set_bit(HCI_LINK_SECURITY,
5405 &hdev->dev_flags);
5406 else
5407 changed = test_and_clear_bit(HCI_LINK_SECURITY,
5408 &hdev->dev_flags);
47990ea0 5409
33ef95ed 5410 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev, settings_rsp,
04124681 5411 &match);
33ef95ed 5412
47990ea0 5413 if (changed)
464996ae 5414 new_settings(hdev, match.sk);
33ef95ed
JH		 5415
5416 if (match.sk)
5417 sock_put(match.sk);
33ef95ed
JH		 5418}
5419
890ea898 5420static void clear_eir(struct hci_request *req)
cacaf52f 5421{
890ea898 5422 struct hci_dev *hdev = req->hdev;
cacaf52f
JH		 5423 struct hci_cp_write_eir cp;
5424
976eb20e 5425 if (!lmp_ext_inq_capable(hdev))
890ea898 5426 return;
cacaf52f 5427
c80da27e
JH		 5428 memset(hdev->eir, 0, sizeof(hdev->eir));
5429
cacaf52f
JH		 5430 memset(&cp, 0, sizeof(cp));
5431
890ea898 5432 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
cacaf52f
JH		 5433}
5434
3e248560 5435void mgmt_ssp_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
ed2c4ee3
JH		 5436{
5437 struct cmd_lookup match = { NULL, hdev };
890ea898 5438 struct hci_request req;
c0ecddc2 5439 bool changed = false;
ed2c4ee3
JH		 5440
5441 if (status) {
5442 u8 mgmt_err = mgmt_status(status);
c0ecddc2
JH		 5443
5444 if (enable && test_and_clear_bit(HCI_SSP_ENABLED,
9ecb3e24
MH		 5445 &hdev->dev_flags)) {
5446 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
3e248560 5447 new_settings(hdev, NULL);
9ecb3e24 5448 }
c0ecddc2 5449
04124681
GP		 5450 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, cmd_status_rsp,
5451 &mgmt_err);
3e248560 5452 return;
c0ecddc2
JH		 5453 }
5454
5455 if (enable) {
9ecb3e24 5456 changed = !test_and_set_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
c0ecddc2 5457 } else {
9ecb3e24
MH		 5458 changed = test_and_clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
5459 if (!changed)
5460 changed = test_and_clear_bit(HCI_HS_ENABLED,
5461 &hdev->dev_flags);
5462 else
5463 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
ed2c4ee3
JH		 5464 }
5465
5466 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, settings_rsp, &match);
5467
c0ecddc2 5468 if (changed)
3e248560 5469 new_settings(hdev, match.sk);
ed2c4ee3 5470
5fc6ebb1 5471 if (match.sk)
ed2c4ee3
JH		 5472 sock_put(match.sk);
5473
890ea898
JH		 5474 hci_req_init(&req, hdev);
5475
5fc6ebb1 5476 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
890ea898 5477 update_eir(&req);
5fc6ebb1 5478 else
890ea898
JH		 5479 clear_eir(&req);
5480
5481 hci_req_run(&req, NULL);
ed2c4ee3
JH		 5482}
5483
eac83dc6
MH		 5484void mgmt_sc_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
5485{
5486 struct cmd_lookup match = { NULL, hdev };
5487 bool changed = false;
5488
5489 if (status) {
5490 u8 mgmt_err = mgmt_status(status);
5491
0ab04a9c
MH		 5492 if (enable) {
5493 if (test_and_clear_bit(HCI_SC_ENABLED,
5494 &hdev->dev_flags))
5495 new_settings(hdev, NULL);
5496 clear_bit(HCI_SC_ONLY, &hdev->dev_flags);
5497 }
eac83dc6
MH		 5498
5499 mgmt_pending_foreach(MGMT_OP_SET_SECURE_CONN, hdev,
5500 cmd_status_rsp, &mgmt_err);
5501 return;
5502 }
5503
0ab04a9c 5504 if (enable) {
eac83dc6 5505 changed = !test_and_set_bit(HCI_SC_ENABLED, &hdev->dev_flags);
0ab04a9c 5506 } else {
eac83dc6 5507 changed = test_and_clear_bit(HCI_SC_ENABLED, &hdev->dev_flags);
0ab04a9c
MH		 5508 clear_bit(HCI_SC_ONLY, &hdev->dev_flags);
5509 }
eac83dc6
MH		 5510
5511 mgmt_pending_foreach(MGMT_OP_SET_SECURE_CONN, hdev,
5512 settings_rsp, &match);
5513
5514 if (changed)
5515 new_settings(hdev, match.sk);
5516
5517 if (match.sk)
5518 sock_put(match.sk);
5519}
5520
92da6097 5521static void sk_lookup(struct pending_cmd *cmd, void *data)
90e70454
JH		 5522{
5523 struct cmd_lookup *match = data;
5524
90e70454
JH		 5525 if (match->sk == NULL) {
5526 match->sk = cmd->sk;
5527 sock_hold(match->sk);
5528 }
90e70454
JH		 5529}
5530
4e1b0245
MH		 5531void mgmt_set_class_of_dev_complete(struct hci_dev *hdev, u8 *dev_class,
5532 u8 status)
7f9a903c 5533{
90e70454 5534 struct cmd_lookup match = { NULL, hdev, mgmt_status(status) };
7f9a903c 5535
92da6097
JH		 5536 mgmt_pending_foreach(MGMT_OP_SET_DEV_CLASS, hdev, sk_lookup, &match);
5537 mgmt_pending_foreach(MGMT_OP_ADD_UUID, hdev, sk_lookup, &match);
5538 mgmt_pending_foreach(MGMT_OP_REMOVE_UUID, hdev, sk_lookup, &match);
90e70454
JH		 5539
5540 if (!status)
4e1b0245
MH		 5541 mgmt_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev, dev_class, 3,
5542 NULL);
90e70454
JH		 5543
5544 if (match.sk)
5545 sock_put(match.sk);
7f9a903c
MH		 5546}
5547
7667da34 5548void mgmt_set_local_name_complete(struct hci_dev *hdev, u8 *name, u8 status)
b312b161 5549{
b312b161 5550 struct mgmt_cp_set_local_name ev;
13928971 5551 struct pending_cmd *cmd;
28cc7bde 5552
13928971 5553 if (status)
7667da34 5554 return;
b312b161
JH		 5555
5556 memset(&ev, 0, sizeof(ev));
5557 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH);
28cc7bde 5558 memcpy(ev.short_name, hdev->short_name, HCI_MAX_SHORT_NAME_LENGTH);
b312b161 5559
2e58ef3e 5560 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
13928971
JH		 5561 if (!cmd) {
5562 memcpy(hdev->dev_name, name, sizeof(hdev->dev_name));
28cc7bde 5563
13928971
JH		 5564 /* If this is a HCI command related to powering on the
5565 * HCI dev don't send any mgmt signals.
5566 */
5567 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev))
7667da34 5568 return;
890ea898 5569 }
b312b161 5570
7667da34
MH		 5571 mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, &ev, sizeof(ev),
5572 cmd ? cmd->sk : NULL);
b312b161 5573}
c35938b2 5574
4d2d2796
MH		 5575void mgmt_read_local_oob_data_complete(struct hci_dev *hdev, u8 *hash192,
5576 u8 *randomizer192, u8 *hash256,
5577 u8 *randomizer256, u8 status)
c35938b2
SJ		 5578{
5579 struct pending_cmd *cmd;
c35938b2 5580
744cf19e 5581 BT_DBG("%s status %u", hdev->name, status);
c35938b2 5582
2e58ef3e 5583 cmd = mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev);
c35938b2 5584 if (!cmd)
3edaf092 5585 return;
c35938b2
SJ		 5586
5587 if (status) {
3edaf092
MH		 5588 cmd_status(cmd->sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
5589 mgmt_status(status));
c35938b2 5590 } else {
4d2d2796
MH		 5591 if (test_bit(HCI_SC_ENABLED, &hdev->dev_flags) &&
5592 hash256 && randomizer256) {
5593 struct mgmt_rp_read_local_oob_ext_data rp;
5594
5595 memcpy(rp.hash192, hash192, sizeof(rp.hash192));
5596 memcpy(rp.randomizer192, randomizer192,
5597 sizeof(rp.randomizer192));
c35938b2 5598
4d2d2796
MH		 5599 memcpy(rp.hash256, hash256, sizeof(rp.hash256));
5600 memcpy(rp.randomizer256, randomizer256,
5601 sizeof(rp.randomizer256));
c35938b2 5602
4d2d2796
MH		 5603 cmd_complete(cmd->sk, hdev->id,
5604 MGMT_OP_READ_LOCAL_OOB_DATA, 0,
5605 &rp, sizeof(rp));
5606 } else {
5607 struct mgmt_rp_read_local_oob_data rp;
5608
5609 memcpy(rp.hash, hash192, sizeof(rp.hash));
5610 memcpy(rp.randomizer, randomizer192,
5611 sizeof(rp.randomizer));
5612
5613 cmd_complete(cmd->sk, hdev->id,
5614 MGMT_OP_READ_LOCAL_OOB_DATA, 0,
5615 &rp, sizeof(rp));
5616 }
c35938b2
SJ		 5617 }
5618
5619 mgmt_pending_remove(cmd);
c35938b2 5620}
e17acd40 5621
901801b9
MH		 5622void mgmt_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
5623 u8 addr_type, u8 *dev_class, s8 rssi, u8 cfm_name, u8
5624 ssp, u8 *eir, u16 eir_len)
e17acd40 5625{
e319d2e7
JH		 5626 char buf[512];
5627 struct mgmt_ev_device_found *ev = (void *) buf;
5cedbb8d 5628 struct smp_irk *irk;
1dc06093 5629 size_t ev_size;
e17acd40 5630
12602d0c 5631 if (!hci_discovery_active(hdev))
901801b9 5632 return;
12602d0c 5633
1dc06093
JH		 5634 /* Leave 5 bytes for a potential CoD field */
5635 if (sizeof(*ev) + eir_len + 5 > sizeof(buf))
901801b9 5636 return;
7d262f86 5637
1dc06093
JH		 5638 memset(buf, 0, sizeof(buf));
5639
5cedbb8d
JH		 5640 irk = hci_get_irk(hdev, bdaddr, addr_type);
5641 if (irk) {
5642 bacpy(&ev->addr.bdaddr, &irk->bdaddr);
5643 ev->addr.type = link_to_bdaddr(link_type, irk->addr_type);
5644 } else {
5645 bacpy(&ev->addr.bdaddr, bdaddr);
5646 ev->addr.type = link_to_bdaddr(link_type, addr_type);
5647 }
5648
e319d2e7 5649 ev->rssi = rssi;
9a395a80 5650 if (cfm_name)
612dfce9 5651 ev->flags |= __constant_cpu_to_le32(MGMT_DEV_FOUND_CONFIRM_NAME);
388fc8fa 5652 if (!ssp)
612dfce9 5653 ev->flags |= __constant_cpu_to_le32(MGMT_DEV_FOUND_LEGACY_PAIRING);
e17acd40 5654
1dc06093 5655 if (eir_len > 0)
e319d2e7 5656 memcpy(ev->eir, eir, eir_len);
e17acd40 5657
1dc06093
JH		 5658 if (dev_class && !eir_has_data_type(ev->eir, eir_len, EIR_CLASS_OF_DEV))
5659 eir_len = eir_append_data(ev->eir, eir_len, EIR_CLASS_OF_DEV,
04124681 5660 dev_class, 3);
1dc06093 5661
eb55ef07 5662 ev->eir_len = cpu_to_le16(eir_len);
1dc06093 5663 ev_size = sizeof(*ev) + eir_len;
f8523598 5664
901801b9 5665 mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, ev_size, NULL);
e17acd40 5666}
a88a9652 5667
9cf12aee
MH		 5668void mgmt_remote_name(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
5669 u8 addr_type, s8 rssi, u8 *name, u8 name_len)
a88a9652 5670{
b644ba33
JH		 5671 struct mgmt_ev_device_found *ev;
5672 char buf[sizeof(*ev) + HCI_MAX_NAME_LENGTH + 2];
5673 u16 eir_len;
a88a9652 5674
b644ba33 5675 ev = (struct mgmt_ev_device_found *) buf;
a88a9652 5676
b644ba33
JH		 5677 memset(buf, 0, sizeof(buf));
5678
5679 bacpy(&ev->addr.bdaddr, bdaddr);
57c1477c 5680 ev->addr.type = link_to_bdaddr(link_type, addr_type);
b644ba33
JH		 5681 ev->rssi = rssi;
5682
5683 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE, name,
04124681 5684 name_len);
b644ba33 5685
eb55ef07 5686 ev->eir_len = cpu_to_le16(eir_len);
a88a9652 5687
9cf12aee 5688 mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, sizeof(*ev) + eir_len, NULL);
a88a9652 5689}
314b2381 5690
2f1e063b 5691void mgmt_discovering(struct hci_dev *hdev, u8 discovering)
314b2381 5692{
f963e8e9 5693 struct mgmt_ev_discovering ev;
164a6e78
JH		 5694 struct pending_cmd *cmd;
5695
343fb145
AG		 5696 BT_DBG("%s discovering %u", hdev->name, discovering);
5697
164a6e78 5698 if (discovering)
2e58ef3e 5699 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
164a6e78 5700 else
2e58ef3e 5701 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
164a6e78
JH		 5702
5703 if (cmd != NULL) {
f808e166
JH		 5704 u8 type = hdev->discovery.type;
5705
04124681
GP		 5706 cmd_complete(cmd->sk, hdev->id, cmd->opcode, 0, &type,
5707 sizeof(type));
164a6e78
JH		 5708 mgmt_pending_remove(cmd);
5709 }
5710
f963e8e9
JH		 5711 memset(&ev, 0, sizeof(ev));
5712 ev.type = hdev->discovery.type;
5713 ev.discovering = discovering;
5714
2f1e063b 5715 mgmt_event(MGMT_EV_DISCOVERING, hdev, &ev, sizeof(ev), NULL);
314b2381 5716}
5e762444 5717
88c1fe4b 5718int mgmt_device_blocked(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
5e762444
AJ		 5719{
5720 struct pending_cmd *cmd;
5721 struct mgmt_ev_device_blocked ev;
5722
2e58ef3e 5723 cmd = mgmt_pending_find(MGMT_OP_BLOCK_DEVICE, hdev);
5e762444 5724
88c1fe4b
JH		 5725 bacpy(&ev.addr.bdaddr, bdaddr);
5726 ev.addr.type = type;
5e762444 5727
744cf19e 5728 return mgmt_event(MGMT_EV_DEVICE_BLOCKED, hdev, &ev, sizeof(ev),
04124681 5729 cmd ? cmd->sk : NULL);
5e762444
AJ		 5730}
5731
88c1fe4b 5732int mgmt_device_unblocked(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
5e762444
AJ		 5733{
5734 struct pending_cmd *cmd;
5735 struct mgmt_ev_device_unblocked ev;
5736
2e58ef3e 5737 cmd = mgmt_pending_find(MGMT_OP_UNBLOCK_DEVICE, hdev);
5e762444 5738
88c1fe4b
JH		 5739 bacpy(&ev.addr.bdaddr, bdaddr);
5740 ev.addr.type = type;
5e762444 5741
744cf19e 5742 return mgmt_event(MGMT_EV_DEVICE_UNBLOCKED, hdev, &ev, sizeof(ev),
04124681 5743 cmd ? cmd->sk : NULL);
5e762444 5744}
5976e608
MH		 5745
5746static void adv_enable_complete(struct hci_dev *hdev, u8 status)
5747{
5748 BT_DBG("%s status %u", hdev->name, status);
5749
5750 /* Clear the advertising mgmt setting if we failed to re-enable it */
5751 if (status) {
5752 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
a6d811ed 5753 new_settings(hdev, NULL);
5976e608
MH		 5754 }
5755}
5756
5757void mgmt_reenable_advertising(struct hci_dev *hdev)
5758{
5759 struct hci_request req;
5760
b145edcd 5761 if (hci_conn_num(hdev, LE_LINK) > 0)
5976e608
MH		 5762 return;
5763
5764 if (!test_bit(HCI_ADVERTISING, &hdev->dev_flags))
5765 return;
5766
5767 hci_req_init(&req, hdev);
5768 enable_advertising(&req);
5769
5770 /* If this fails we have no option but to let user space know
5771 * that we've disabled advertising.
5772 */
5773 if (hci_req_run(&req, adv_enable_complete) < 0) {
5774 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
a6d811ed 5775 new_settings(hdev, NULL);
5976e608
MH		 5776 }
5777}
Linux kernel - Deliverables
This page took 0.613183 seconds and 5 git commands to generate.