projects / deliverable / linux.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Bluetooth: Restrict loading of long term keys to LE capable controllers
[deliverable/linux.git] / net / bluetooth / mgmt.c
CommitLineData
0381101f
JH		 1/*
2 BlueZ - Bluetooth protocol stack for Linux
ea585ab5 3
0381101f 4 Copyright (C) 2010 Nokia Corporation
ea585ab5 5 Copyright (C) 2011-2012 Intel Corporation
0381101f
JH		 6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
10
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
23*/
24
25/* Bluetooth HCI Management interface */
26
3a9a231d 27#include <linux/module.h>
0381101f
JH		 28#include <asm/unaligned.h>
29
30#include <net/bluetooth/bluetooth.h>
31#include <net/bluetooth/hci_core.h>
32#include <net/bluetooth/mgmt.h>
5fe57d9e 33#include <net/bluetooth/smp.h>
0381101f 34
2da9c55c 35#define MGMT_VERSION 1
9ab8cf37 36#define MGMT_REVISION 4
02d98129 37
e70bb2e8
JH		 38static const u16 mgmt_commands[] = {
39 MGMT_OP_READ_INDEX_LIST,
40 MGMT_OP_READ_INFO,
41 MGMT_OP_SET_POWERED,
42 MGMT_OP_SET_DISCOVERABLE,
43 MGMT_OP_SET_CONNECTABLE,
44 MGMT_OP_SET_FAST_CONNECTABLE,
45 MGMT_OP_SET_PAIRABLE,
46 MGMT_OP_SET_LINK_SECURITY,
47 MGMT_OP_SET_SSP,
48 MGMT_OP_SET_HS,
49 MGMT_OP_SET_LE,
50 MGMT_OP_SET_DEV_CLASS,
51 MGMT_OP_SET_LOCAL_NAME,
52 MGMT_OP_ADD_UUID,
53 MGMT_OP_REMOVE_UUID,
54 MGMT_OP_LOAD_LINK_KEYS,
55 MGMT_OP_LOAD_LONG_TERM_KEYS,
56 MGMT_OP_DISCONNECT,
57 MGMT_OP_GET_CONNECTIONS,
58 MGMT_OP_PIN_CODE_REPLY,
59 MGMT_OP_PIN_CODE_NEG_REPLY,
60 MGMT_OP_SET_IO_CAPABILITY,
61 MGMT_OP_PAIR_DEVICE,
62 MGMT_OP_CANCEL_PAIR_DEVICE,
63 MGMT_OP_UNPAIR_DEVICE,
64 MGMT_OP_USER_CONFIRM_REPLY,
65 MGMT_OP_USER_CONFIRM_NEG_REPLY,
66 MGMT_OP_USER_PASSKEY_REPLY,
67 MGMT_OP_USER_PASSKEY_NEG_REPLY,
68 MGMT_OP_READ_LOCAL_OOB_DATA,
69 MGMT_OP_ADD_REMOTE_OOB_DATA,
70 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
71 MGMT_OP_START_DISCOVERY,
72 MGMT_OP_STOP_DISCOVERY,
73 MGMT_OP_CONFIRM_NAME,
74 MGMT_OP_BLOCK_DEVICE,
75 MGMT_OP_UNBLOCK_DEVICE,
cdbaccca 76 MGMT_OP_SET_DEVICE_ID,
4375f103 77 MGMT_OP_SET_ADVERTISING,
0663ca2a 78 MGMT_OP_SET_BREDR,
d13eafce 79 MGMT_OP_SET_STATIC_ADDRESS,
e70bb2e8
JH		 80};
81
82static const u16 mgmt_events[] = {
83 MGMT_EV_CONTROLLER_ERROR,
84 MGMT_EV_INDEX_ADDED,
85 MGMT_EV_INDEX_REMOVED,
86 MGMT_EV_NEW_SETTINGS,
87 MGMT_EV_CLASS_OF_DEV_CHANGED,
88 MGMT_EV_LOCAL_NAME_CHANGED,
89 MGMT_EV_NEW_LINK_KEY,
90 MGMT_EV_NEW_LONG_TERM_KEY,
91 MGMT_EV_DEVICE_CONNECTED,
92 MGMT_EV_DEVICE_DISCONNECTED,
93 MGMT_EV_CONNECT_FAILED,
94 MGMT_EV_PIN_CODE_REQUEST,
95 MGMT_EV_USER_CONFIRM_REQUEST,
96 MGMT_EV_USER_PASSKEY_REQUEST,
97 MGMT_EV_AUTH_FAILED,
98 MGMT_EV_DEVICE_FOUND,
99 MGMT_EV_DISCOVERING,
100 MGMT_EV_DEVICE_BLOCKED,
101 MGMT_EV_DEVICE_UNBLOCKED,
102 MGMT_EV_DEVICE_UNPAIRED,
92a25256 103 MGMT_EV_PASSKEY_NOTIFY,
e70bb2e8
JH		 104};
105
17b02e62 106#define CACHE_TIMEOUT msecs_to_jiffies(2 * 1000)
7d78525d 107
4b34ee78
JH		 108#define hdev_is_powered(hdev) (test_bit(HCI_UP, &hdev->flags) && \
109 !test_bit(HCI_AUTO_OFF, &hdev->dev_flags))
110
eec8d2bc
JH		 111struct pending_cmd {
112 struct list_head list;
fc2f4b13 113 u16 opcode;
eec8d2bc 114 int index;
c68fb7ff 115 void *param;
eec8d2bc 116 struct sock *sk;
e9a416b5 117 void *user_data;
eec8d2bc
JH		 118};
119
ca69b795
JH		 120/* HCI to MGMT error code conversion table */
121static u8 mgmt_status_table[] = {
122 MGMT_STATUS_SUCCESS,
123 MGMT_STATUS_UNKNOWN_COMMAND, /* Unknown Command */
124 MGMT_STATUS_NOT_CONNECTED, /* No Connection */
125 MGMT_STATUS_FAILED, /* Hardware Failure */
126 MGMT_STATUS_CONNECT_FAILED, /* Page Timeout */
127 MGMT_STATUS_AUTH_FAILED, /* Authentication Failed */
128 MGMT_STATUS_NOT_PAIRED, /* PIN or Key Missing */
129 MGMT_STATUS_NO_RESOURCES, /* Memory Full */
130 MGMT_STATUS_TIMEOUT, /* Connection Timeout */
131 MGMT_STATUS_NO_RESOURCES, /* Max Number of Connections */
132 MGMT_STATUS_NO_RESOURCES, /* Max Number of SCO Connections */
133 MGMT_STATUS_ALREADY_CONNECTED, /* ACL Connection Exists */
134 MGMT_STATUS_BUSY, /* Command Disallowed */
135 MGMT_STATUS_NO_RESOURCES, /* Rejected Limited Resources */
136 MGMT_STATUS_REJECTED, /* Rejected Security */
137 MGMT_STATUS_REJECTED, /* Rejected Personal */
138 MGMT_STATUS_TIMEOUT, /* Host Timeout */
139 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Feature */
140 MGMT_STATUS_INVALID_PARAMS, /* Invalid Parameters */
141 MGMT_STATUS_DISCONNECTED, /* OE User Ended Connection */
142 MGMT_STATUS_NO_RESOURCES, /* OE Low Resources */
143 MGMT_STATUS_DISCONNECTED, /* OE Power Off */
144 MGMT_STATUS_DISCONNECTED, /* Connection Terminated */
145 MGMT_STATUS_BUSY, /* Repeated Attempts */
146 MGMT_STATUS_REJECTED, /* Pairing Not Allowed */
147 MGMT_STATUS_FAILED, /* Unknown LMP PDU */
148 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Remote Feature */
149 MGMT_STATUS_REJECTED, /* SCO Offset Rejected */
150 MGMT_STATUS_REJECTED, /* SCO Interval Rejected */
151 MGMT_STATUS_REJECTED, /* Air Mode Rejected */
152 MGMT_STATUS_INVALID_PARAMS, /* Invalid LMP Parameters */
153 MGMT_STATUS_FAILED, /* Unspecified Error */
154 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported LMP Parameter Value */
155 MGMT_STATUS_FAILED, /* Role Change Not Allowed */
156 MGMT_STATUS_TIMEOUT, /* LMP Response Timeout */
157 MGMT_STATUS_FAILED, /* LMP Error Transaction Collision */
158 MGMT_STATUS_FAILED, /* LMP PDU Not Allowed */
159 MGMT_STATUS_REJECTED, /* Encryption Mode Not Accepted */
160 MGMT_STATUS_FAILED, /* Unit Link Key Used */
161 MGMT_STATUS_NOT_SUPPORTED, /* QoS Not Supported */
162 MGMT_STATUS_TIMEOUT, /* Instant Passed */
163 MGMT_STATUS_NOT_SUPPORTED, /* Pairing Not Supported */
164 MGMT_STATUS_FAILED, /* Transaction Collision */
165 MGMT_STATUS_INVALID_PARAMS, /* Unacceptable Parameter */
166 MGMT_STATUS_REJECTED, /* QoS Rejected */
167 MGMT_STATUS_NOT_SUPPORTED, /* Classification Not Supported */
168 MGMT_STATUS_REJECTED, /* Insufficient Security */
169 MGMT_STATUS_INVALID_PARAMS, /* Parameter Out Of Range */
170 MGMT_STATUS_BUSY, /* Role Switch Pending */
171 MGMT_STATUS_FAILED, /* Slot Violation */
172 MGMT_STATUS_FAILED, /* Role Switch Failed */
173 MGMT_STATUS_INVALID_PARAMS, /* EIR Too Large */
174 MGMT_STATUS_NOT_SUPPORTED, /* Simple Pairing Not Supported */
175 MGMT_STATUS_BUSY, /* Host Busy Pairing */
176 MGMT_STATUS_REJECTED, /* Rejected, No Suitable Channel */
177 MGMT_STATUS_BUSY, /* Controller Busy */
178 MGMT_STATUS_INVALID_PARAMS, /* Unsuitable Connection Interval */
179 MGMT_STATUS_TIMEOUT, /* Directed Advertising Timeout */
180 MGMT_STATUS_AUTH_FAILED, /* Terminated Due to MIC Failure */
181 MGMT_STATUS_CONNECT_FAILED, /* Connection Establishment Failed */
182 MGMT_STATUS_CONNECT_FAILED, /* MAC Connection Failed */
183};
184
bb4b2a9a
AE		 185bool mgmt_valid_hdev(struct hci_dev *hdev)
186{
187 return hdev->dev_type == HCI_BREDR;
188}
189
ca69b795
JH		 190static u8 mgmt_status(u8 hci_status)
191{
192 if (hci_status < ARRAY_SIZE(mgmt_status_table))
193 return mgmt_status_table[hci_status];
194
195 return MGMT_STATUS_FAILED;
196}
197
4e51eae9 198static int cmd_status(struct sock *sk, u16 index, u16 cmd, u8 status)
f7b64e69
JH		 199{
200 struct sk_buff *skb;
201 struct mgmt_hdr *hdr;
202 struct mgmt_ev_cmd_status *ev;
56b7d137 203 int err;
f7b64e69 204
34eb525c 205 BT_DBG("sock %p, index %u, cmd %u, status %u", sk, index, cmd, status);
f7b64e69 206
790eff44 207 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev), GFP_KERNEL);
f7b64e69
JH		 208 if (!skb)
209 return -ENOMEM;
210
211 hdr = (void *) skb_put(skb, sizeof(*hdr));
212
612dfce9 213 hdr->opcode = __constant_cpu_to_le16(MGMT_EV_CMD_STATUS);
4e51eae9 214 hdr->index = cpu_to_le16(index);
f7b64e69
JH		 215 hdr->len = cpu_to_le16(sizeof(*ev));
216
217 ev = (void *) skb_put(skb, sizeof(*ev));
218 ev->status = status;
eb55ef07 219 ev->opcode = cpu_to_le16(cmd);
f7b64e69 220
56b7d137
GP		 221 err = sock_queue_rcv_skb(sk, skb);
222 if (err < 0)
f7b64e69
JH		 223 kfree_skb(skb);
224
56b7d137 225 return err;
f7b64e69
JH		 226}
227
aee9b218 228static int cmd_complete(struct sock *sk, u16 index, u16 cmd, u8 status,
04124681 229 void *rp, size_t rp_len)
02d98129
JH		 230{
231 struct sk_buff *skb;
232 struct mgmt_hdr *hdr;
233 struct mgmt_ev_cmd_complete *ev;
56b7d137 234 int err;
02d98129
JH		 235
236 BT_DBG("sock %p", sk);
237
790eff44 238 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev) + rp_len, GFP_KERNEL);
02d98129
JH		 239 if (!skb)
240 return -ENOMEM;
241
242 hdr = (void *) skb_put(skb, sizeof(*hdr));
02d98129 243
612dfce9 244 hdr->opcode = __constant_cpu_to_le16(MGMT_EV_CMD_COMPLETE);
4e51eae9 245 hdr->index = cpu_to_le16(index);
a38528f1 246 hdr->len = cpu_to_le16(sizeof(*ev) + rp_len);
02d98129 247
a38528f1 248 ev = (void *) skb_put(skb, sizeof(*ev) + rp_len);
eb55ef07 249 ev->opcode = cpu_to_le16(cmd);
aee9b218 250 ev->status = status;
8020c16a
SJ		 251
252 if (rp)
253 memcpy(ev->data, rp, rp_len);
02d98129 254
56b7d137
GP		 255 err = sock_queue_rcv_skb(sk, skb);
256 if (err < 0)
02d98129
JH		 257 kfree_skb(skb);
258
e5f0e151 259 return err;
02d98129
JH		 260}
261
04124681
GP		 262static int read_version(struct sock *sk, struct hci_dev *hdev, void *data,
263 u16 data_len)
a38528f1
JH		 264{
265 struct mgmt_rp_read_version rp;
266
267 BT_DBG("sock %p", sk);
268
269 rp.version = MGMT_VERSION;
eb55ef07 270 rp.revision = __constant_cpu_to_le16(MGMT_REVISION);
a38528f1 271
aee9b218 272 return cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_VERSION, 0, &rp,
04124681 273 sizeof(rp));
a38528f1
JH		 274}
275
04124681
GP		 276static int read_commands(struct sock *sk, struct hci_dev *hdev, void *data,
277 u16 data_len)
e70bb2e8
JH		 278{
279 struct mgmt_rp_read_commands *rp;
eb55ef07
MH		 280 const u16 num_commands = ARRAY_SIZE(mgmt_commands);
281 const u16 num_events = ARRAY_SIZE(mgmt_events);
2e3c35ea 282 __le16 *opcode;
e70bb2e8
JH		 283 size_t rp_size;
284 int i, err;
285
286 BT_DBG("sock %p", sk);
287
288 rp_size = sizeof(*rp) + ((num_commands + num_events) * sizeof(u16));
289
290 rp = kmalloc(rp_size, GFP_KERNEL);
291 if (!rp)
292 return -ENOMEM;
293
eb55ef07
MH		 294 rp->num_commands = __constant_cpu_to_le16(num_commands);
295 rp->num_events = __constant_cpu_to_le16(num_events);
e70bb2e8
JH		 296
297 for (i = 0, opcode = rp->opcodes; i < num_commands; i++, opcode++)
298 put_unaligned_le16(mgmt_commands[i], opcode);
299
300 for (i = 0; i < num_events; i++, opcode++)
301 put_unaligned_le16(mgmt_events[i], opcode);
302
aee9b218 303 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_COMMANDS, 0, rp,
04124681 304 rp_size);
e70bb2e8
JH		 305 kfree(rp);
306
307 return err;
308}
309
04124681
GP		 310static int read_index_list(struct sock *sk, struct hci_dev *hdev, void *data,
311 u16 data_len)
faba42eb 312{
faba42eb 313 struct mgmt_rp_read_index_list *rp;
8035ded4 314 struct hci_dev *d;
a38528f1 315 size_t rp_len;
faba42eb 316 u16 count;
476e44cb 317 int err;
faba42eb
JH		 318
319 BT_DBG("sock %p", sk);
320
321 read_lock(&hci_dev_list_lock);
322
323 count = 0;
bb4b2a9a
AE		 324 list_for_each_entry(d, &hci_dev_list, list) {
325 if (!mgmt_valid_hdev(d))
326 continue;
327
faba42eb
JH		 328 count++;
329 }
330
a38528f1
JH		 331 rp_len = sizeof(*rp) + (2 * count);
332 rp = kmalloc(rp_len, GFP_ATOMIC);
333 if (!rp) {
b2c60d42 334 read_unlock(&hci_dev_list_lock);
faba42eb 335 return -ENOMEM;
b2c60d42 336 }
faba42eb 337
476e44cb 338 count = 0;
8035ded4 339 list_for_each_entry(d, &hci_dev_list, list) {
a8b2d5c2 340 if (test_bit(HCI_SETUP, &d->dev_flags))
ab81cbf9
JH		 341 continue;
342
0736cfa8
MH		 343 if (test_bit(HCI_USER_CHANNEL, &d->dev_flags))
344 continue;
345
bb4b2a9a
AE		 346 if (!mgmt_valid_hdev(d))
347 continue;
348
476e44cb 349 rp->index[count++] = cpu_to_le16(d->id);
faba42eb
JH		 350 BT_DBG("Added hci%u", d->id);
351 }
352
476e44cb
JH		 353 rp->num_controllers = cpu_to_le16(count);
354 rp_len = sizeof(*rp) + (2 * count);
355
faba42eb
JH		 356 read_unlock(&hci_dev_list_lock);
357
aee9b218 358 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_INDEX_LIST, 0, rp,
04124681 359 rp_len);
faba42eb 360
a38528f1
JH		 361 kfree(rp);
362
363 return err;
faba42eb
JH		 364}
365
69ab39ea
JH		 366static u32 get_supported_settings(struct hci_dev *hdev)
367{
368 u32 settings = 0;
369
370 settings |= MGMT_SETTING_POWERED;
69ab39ea
JH		 371 settings |= MGMT_SETTING_PAIRABLE;
372
9a1a1996 373 if (lmp_ssp_capable(hdev))
69ab39ea
JH		 374 settings |= MGMT_SETTING_SSP;
375
ed3fa31f 376 if (lmp_bredr_capable(hdev)) {
33c525c0 377 settings |= MGMT_SETTING_CONNECTABLE;
1a47aee8
JH		 378 if (hdev->hci_ver >= BLUETOOTH_VER_1_2)
379 settings |= MGMT_SETTING_FAST_CONNECTABLE;
33c525c0 380 settings |= MGMT_SETTING_DISCOVERABLE;
69ab39ea
JH		 381 settings |= MGMT_SETTING_BREDR;
382 settings |= MGMT_SETTING_LINK_SECURITY;
d7b7e796 383 settings |= MGMT_SETTING_HS;
848566b3 384 }
d7b7e796 385
eeca6f89 386 if (lmp_le_capable(hdev)) {
9d42820f 387 settings |= MGMT_SETTING_LE;
eeca6f89
JH		 388 settings |= MGMT_SETTING_ADVERTISING;
389 }
69ab39ea
JH		 390
391 return settings;
392}
393
394static u32 get_current_settings(struct hci_dev *hdev)
395{
396 u32 settings = 0;
397
f1f0eb02 398 if (hdev_is_powered(hdev))
f0d4b78a
MH		 399 settings |= MGMT_SETTING_POWERED;
400
5e5282bb 401 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
69ab39ea
JH		 402 settings |= MGMT_SETTING_CONNECTABLE;
403
1a4d3c4b
JH		 404 if (test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags))
405 settings |= MGMT_SETTING_FAST_CONNECTABLE;
406
5e5282bb 407 if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
69ab39ea
JH		 408 settings |= MGMT_SETTING_DISCOVERABLE;
409
a8b2d5c2 410 if (test_bit(HCI_PAIRABLE, &hdev->dev_flags))
69ab39ea
JH		 411 settings |= MGMT_SETTING_PAIRABLE;
412
56f87901 413 if (test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
69ab39ea
JH		 414 settings |= MGMT_SETTING_BREDR;
415
06199cf8 416 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
69ab39ea
JH		 417 settings |= MGMT_SETTING_LE;
418
47990ea0 419 if (test_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
69ab39ea
JH		 420 settings |= MGMT_SETTING_LINK_SECURITY;
421
84bde9d6 422 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
69ab39ea
JH		 423 settings |= MGMT_SETTING_SSP;
424
6d80dfd0
JH		 425 if (test_bit(HCI_HS_ENABLED, &hdev->dev_flags))
426 settings |= MGMT_SETTING_HS;
427
eeca6f89
JH		 428 if (test_bit(HCI_LE_PERIPHERAL, &hdev->dev_flags))
429 settings |= MGMT_SETTING_ADVERTISING;
430
69ab39ea
JH		 431 return settings;
432}
433
ef580372
JH		 434#define PNP_INFO_SVCLASS_ID 0x1200
435
213202ed
JH		 436static u8 *create_uuid16_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
437{
438 u8 *ptr = data, *uuids_start = NULL;
439 struct bt_uuid *uuid;
440
441 if (len < 4)
442 return ptr;
443
444 list_for_each_entry(uuid, &hdev->uuids, list) {
445 u16 uuid16;
446
447 if (uuid->size != 16)
448 continue;
449
450 uuid16 = get_unaligned_le16(&uuid->uuid[12]);
451 if (uuid16 < 0x1100)
452 continue;
453
454 if (uuid16 == PNP_INFO_SVCLASS_ID)
455 continue;
456
457 if (!uuids_start) {
458 uuids_start = ptr;
459 uuids_start[0] = 1;
460 uuids_start[1] = EIR_UUID16_ALL;
461 ptr += 2;
462 }
463
464 /* Stop if not enough space to put next UUID */
465 if ((ptr - data) + sizeof(u16) > len) {
466 uuids_start[1] = EIR_UUID16_SOME;
467 break;
468 }
469
470 *ptr++ = (uuid16 & 0x00ff);
471 *ptr++ = (uuid16 & 0xff00) >> 8;
472 uuids_start[0] += sizeof(uuid16);
473 }
474
475 return ptr;
476}
477
cdf1963f
JH		 478static u8 *create_uuid32_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
479{
480 u8 *ptr = data, *uuids_start = NULL;
481 struct bt_uuid *uuid;
482
483 if (len < 6)
484 return ptr;
485
486 list_for_each_entry(uuid, &hdev->uuids, list) {
487 if (uuid->size != 32)
488 continue;
489
490 if (!uuids_start) {
491 uuids_start = ptr;
492 uuids_start[0] = 1;
493 uuids_start[1] = EIR_UUID32_ALL;
494 ptr += 2;
495 }
496
497 /* Stop if not enough space to put next UUID */
498 if ((ptr - data) + sizeof(u32) > len) {
499 uuids_start[1] = EIR_UUID32_SOME;
500 break;
501 }
502
503 memcpy(ptr, &uuid->uuid[12], sizeof(u32));
504 ptr += sizeof(u32);
505 uuids_start[0] += sizeof(u32);
506 }
507
508 return ptr;
509}
510
c00d575b
JH		 511static u8 *create_uuid128_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
512{
513 u8 *ptr = data, *uuids_start = NULL;
514 struct bt_uuid *uuid;
515
516 if (len < 18)
517 return ptr;
518
519 list_for_each_entry(uuid, &hdev->uuids, list) {
520 if (uuid->size != 128)
521 continue;
522
523 if (!uuids_start) {
524 uuids_start = ptr;
525 uuids_start[0] = 1;
526 uuids_start[1] = EIR_UUID128_ALL;
527 ptr += 2;
528 }
529
530 /* Stop if not enough space to put next UUID */
531 if ((ptr - data) + 16 > len) {
532 uuids_start[1] = EIR_UUID128_SOME;
533 break;
534 }
535
536 memcpy(ptr, uuid->uuid, 16);
537 ptr += 16;
538 uuids_start[0] += 16;
539 }
540
541 return ptr;
542}
543
ef580372
JH		 544static void create_eir(struct hci_dev *hdev, u8 *data)
545{
546 u8 *ptr = data;
ef580372
JH		 547 size_t name_len;
548
549 name_len = strlen(hdev->dev_name);
550
551 if (name_len > 0) {
552 /* EIR Data type */
553 if (name_len > 48) {
554 name_len = 48;
555 ptr[1] = EIR_NAME_SHORT;
556 } else
557 ptr[1] = EIR_NAME_COMPLETE;
558
559 /* EIR Data length */
560 ptr[0] = name_len + 1;
561
562 memcpy(ptr + 2, hdev->dev_name, name_len);
563
ef580372
JH		 564 ptr += (name_len + 2);
565 }
566
bbaf444a 567 if (hdev->inq_tx_power != HCI_TX_POWER_INVALID) {
91c4e9b1
MH		 568 ptr[0] = 2;
569 ptr[1] = EIR_TX_POWER;
570 ptr[2] = (u8) hdev->inq_tx_power;
571
91c4e9b1
MH		 572 ptr += 3;
573 }
574
2b9be137
MH		 575 if (hdev->devid_source > 0) {
576 ptr[0] = 9;
577 ptr[1] = EIR_DEVICE_ID;
578
579 put_unaligned_le16(hdev->devid_source, ptr + 2);
580 put_unaligned_le16(hdev->devid_vendor, ptr + 4);
581 put_unaligned_le16(hdev->devid_product, ptr + 6);
582 put_unaligned_le16(hdev->devid_version, ptr + 8);
583
2b9be137
MH		 584 ptr += 10;
585 }
586
213202ed 587 ptr = create_uuid16_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
cdf1963f 588 ptr = create_uuid32_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
c00d575b 589 ptr = create_uuid128_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
ef580372
JH		 590}
591
890ea898 592static void update_eir(struct hci_request *req)
ef580372 593{
890ea898 594 struct hci_dev *hdev = req->hdev;
ef580372
JH		 595 struct hci_cp_write_eir cp;
596
504c8dcd 597 if (!hdev_is_powered(hdev))
890ea898 598 return;
7770c4aa 599
976eb20e 600 if (!lmp_ext_inq_capable(hdev))
890ea898 601 return;
ef580372 602
84bde9d6 603 if (!test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
890ea898 604 return;
ef580372 605
a8b2d5c2 606 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
890ea898 607 return;
ef580372
JH		 608
609 memset(&cp, 0, sizeof(cp));
610
611 create_eir(hdev, cp.data);
612
613 if (memcmp(cp.data, hdev->eir, sizeof(cp.data)) == 0)
890ea898 614 return;
ef580372
JH		 615
616 memcpy(hdev->eir, cp.data, sizeof(cp.data));
617
890ea898 618 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
ef580372
JH		 619}
620
621static u8 get_service_classes(struct hci_dev *hdev)
622{
623 struct bt_uuid *uuid;
624 u8 val = 0;
625
626 list_for_each_entry(uuid, &hdev->uuids, list)
627 val |= uuid->svc_hint;
628
629 return val;
630}
631
890ea898 632static void update_class(struct hci_request *req)
ef580372 633{
890ea898 634 struct hci_dev *hdev = req->hdev;
ef580372
JH		 635 u8 cod[3];
636
637 BT_DBG("%s", hdev->name);
638
504c8dcd 639 if (!hdev_is_powered(hdev))
890ea898 640 return;
7770c4aa 641
a8b2d5c2 642 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
890ea898 643 return;
ef580372
JH		 644
645 cod[0] = hdev->minor_class;
646 cod[1] = hdev->major_class;
647 cod[2] = get_service_classes(hdev);
648
649 if (memcmp(cod, hdev->dev_class, 3) == 0)
890ea898 650 return;
ef580372 651
890ea898 652 hci_req_add(req, HCI_OP_WRITE_CLASS_OF_DEV, sizeof(cod), cod);
ef580372
JH		 653}
654
7d78525d
JH		 655static void service_cache_off(struct work_struct *work)
656{
657 struct hci_dev *hdev = container_of(work, struct hci_dev,
04124681 658 service_cache.work);
890ea898 659 struct hci_request req;
7d78525d 660
a8b2d5c2 661 if (!test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
7d78525d
JH		 662 return;
663
890ea898
JH		 664 hci_req_init(&req, hdev);
665
7d78525d
JH		 666 hci_dev_lock(hdev);
667
890ea898
JH		 668 update_eir(&req);
669 update_class(&req);
7d78525d
JH		 670
671 hci_dev_unlock(hdev);
890ea898
JH		 672
673 hci_req_run(&req, NULL);
7d78525d
JH		 674}
675
6a919082 676static void mgmt_init_hdev(struct sock *sk, struct hci_dev *hdev)
7d78525d 677{
4f87da80 678 if (test_and_set_bit(HCI_MGMT, &hdev->dev_flags))
6a919082
JH		 679 return;
680
4f87da80 681 INIT_DELAYED_WORK(&hdev->service_cache, service_cache_off);
7d78525d 682
4f87da80
JH		 683 /* Non-mgmt controlled devices get this bit set
684 * implicitly so that pairing works for them, however
685 * for mgmt we require user-space to explicitly enable
686 * it
687 */
688 clear_bit(HCI_PAIRABLE, &hdev->dev_flags);
7d78525d
JH		 689}
690
0f4e68cf 691static int read_controller_info(struct sock *sk, struct hci_dev *hdev,
04124681 692 void *data, u16 data_len)
0381101f 693{
a38528f1 694 struct mgmt_rp_read_info rp;
f7b64e69 695
bdb6d971 696 BT_DBG("sock %p %s", sk, hdev->name);
f7b64e69 697
09fd0de5 698 hci_dev_lock(hdev);
f7b64e69 699
dc4fe30b
JH		 700 memset(&rp, 0, sizeof(rp));
701
69ab39ea 702 bacpy(&rp.bdaddr, &hdev->bdaddr);
f7b64e69 703
69ab39ea 704 rp.version = hdev->hci_ver;
eb55ef07 705 rp.manufacturer = cpu_to_le16(hdev->manufacturer);
69ab39ea
JH		 706
707 rp.supported_settings = cpu_to_le32(get_supported_settings(hdev));
708 rp.current_settings = cpu_to_le32(get_current_settings(hdev));
f7b64e69 709
a38528f1 710 memcpy(rp.dev_class, hdev->dev_class, 3);
f7b64e69 711
dc4fe30b 712 memcpy(rp.name, hdev->dev_name, sizeof(hdev->dev_name));
27fcc362 713 memcpy(rp.short_name, hdev->short_name, sizeof(hdev->short_name));
dc4fe30b 714
09fd0de5 715 hci_dev_unlock(hdev);
0381101f 716
bdb6d971 717 return cmd_complete(sk, hdev->id, MGMT_OP_READ_INFO, 0, &rp,
04124681 718 sizeof(rp));
0381101f
JH		 719}
720
eec8d2bc
JH		 721static void mgmt_pending_free(struct pending_cmd *cmd)
722{
723 sock_put(cmd->sk);
c68fb7ff 724 kfree(cmd->param);
eec8d2bc
JH		 725 kfree(cmd);
726}
727
366a0336 728static struct pending_cmd *mgmt_pending_add(struct sock *sk, u16 opcode,
04124681
GP		 729 struct hci_dev *hdev, void *data,
730 u16 len)
eec8d2bc
JH		 731{
732 struct pending_cmd *cmd;
733
12b94565 734 cmd = kmalloc(sizeof(*cmd), GFP_KERNEL);
eec8d2bc 735 if (!cmd)
366a0336 736 return NULL;
eec8d2bc
JH		 737
738 cmd->opcode = opcode;
2e58ef3e 739 cmd->index = hdev->id;
eec8d2bc 740
12b94565 741 cmd->param = kmalloc(len, GFP_KERNEL);
c68fb7ff 742 if (!cmd->param) {
eec8d2bc 743 kfree(cmd);
366a0336 744 return NULL;
eec8d2bc
JH		 745 }
746
8fce6357
SJ		 747 if (data)
748 memcpy(cmd->param, data, len);
eec8d2bc
JH		 749
750 cmd->sk = sk;
751 sock_hold(sk);
752
2e58ef3e 753 list_add(&cmd->list, &hdev->mgmt_pending);
eec8d2bc 754
366a0336 755 return cmd;
eec8d2bc
JH		 756}
757
744cf19e 758static void mgmt_pending_foreach(u16 opcode, struct hci_dev *hdev,
8fc9ced3
GP		 759 void (*cb)(struct pending_cmd *cmd,
760 void *data),
04124681 761 void *data)
eec8d2bc 762{
a3d09356 763 struct pending_cmd *cmd, *tmp;
eec8d2bc 764
a3d09356 765 list_for_each_entry_safe(cmd, tmp, &hdev->mgmt_pending, list) {
b24752fe 766 if (opcode > 0 && cmd->opcode != opcode)
eec8d2bc
JH		 767 continue;
768
eec8d2bc
JH		 769 cb(cmd, data);
770 }
771}
772
2e58ef3e 773static struct pending_cmd *mgmt_pending_find(u16 opcode, struct hci_dev *hdev)
eec8d2bc 774{
8035ded4 775 struct pending_cmd *cmd;
eec8d2bc 776
2e58ef3e 777 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
2aeabcbe
JH		 778 if (cmd->opcode == opcode)
779 return cmd;
eec8d2bc
JH		 780 }
781
782 return NULL;
783}
784
a664b5bc 785static void mgmt_pending_remove(struct pending_cmd *cmd)
73f22f62 786{
73f22f62
JH		 787 list_del(&cmd->list);
788 mgmt_pending_free(cmd);
789}
790
69ab39ea 791static int send_settings_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
8680570b 792{
69ab39ea 793 __le32 settings = cpu_to_le32(get_current_settings(hdev));
8680570b 794
aee9b218 795 return cmd_complete(sk, hdev->id, opcode, 0, &settings,
04124681 796 sizeof(settings));
8680570b
JH		 797}
798
bdb6d971 799static int set_powered(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 800 u16 len)
eec8d2bc 801{
650f726d 802 struct mgmt_mode *cp = data;
366a0336 803 struct pending_cmd *cmd;
4b34ee78 804 int err;
eec8d2bc 805
bdb6d971 806 BT_DBG("request for %s", hdev->name);
eec8d2bc 807
a7e80f25
JH		 808 if (cp->val != 0x00 && cp->val != 0x01)
809 return cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
810 MGMT_STATUS_INVALID_PARAMS);
811
09fd0de5 812 hci_dev_lock(hdev);
eec8d2bc 813
87b95ba6
JH		 814 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev)) {
815 err = cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
816 MGMT_STATUS_BUSY);
817 goto failed;
818 }
819
f0d4b78a
MH		 820 if (test_and_clear_bit(HCI_AUTO_OFF, &hdev->dev_flags)) {
821 cancel_delayed_work(&hdev->power_off);
822
823 if (cp->val) {
a1d70450
JH		 824 mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev,
825 data, len);
826 err = mgmt_powered(hdev, 1);
f0d4b78a
MH		 827 goto failed;
828 }
829 }
830
4b34ee78 831 if (!!cp->val == hdev_is_powered(hdev)) {
69ab39ea 832 err = send_settings_rsp(sk, MGMT_OP_SET_POWERED, hdev);
eec8d2bc
JH		 833 goto failed;
834 }
835
2e58ef3e 836 cmd = mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev, data, len);
366a0336
JH		 837 if (!cmd) {
838 err = -ENOMEM;
eec8d2bc 839 goto failed;
366a0336 840 }
eec8d2bc 841
72a734ec 842 if (cp->val)
19202573 843 queue_work(hdev->req_workqueue, &hdev->power_on);
eec8d2bc 844 else
19202573 845 queue_work(hdev->req_workqueue, &hdev->power_off.work);
eec8d2bc 846
366a0336 847 err = 0;
eec8d2bc
JH		 848
849failed:
09fd0de5 850 hci_dev_unlock(hdev);
366a0336 851 return err;
eec8d2bc
JH		 852}
853
04124681
GP		 854static int mgmt_event(u16 event, struct hci_dev *hdev, void *data, u16 data_len,
855 struct sock *skip_sk)
beadb2bd
JH		 856{
857 struct sk_buff *skb;
858 struct mgmt_hdr *hdr;
859
790eff44 860 skb = alloc_skb(sizeof(*hdr) + data_len, GFP_KERNEL);
beadb2bd
JH		 861 if (!skb)
862 return -ENOMEM;
863
864 hdr = (void *) skb_put(skb, sizeof(*hdr));
865 hdr->opcode = cpu_to_le16(event);
866 if (hdev)
867 hdr->index = cpu_to_le16(hdev->id);
868 else
612dfce9 869 hdr->index = __constant_cpu_to_le16(MGMT_INDEX_NONE);
beadb2bd
JH		 870 hdr->len = cpu_to_le16(data_len);
871
872 if (data)
873 memcpy(skb_put(skb, data_len), data, data_len);
874
97e0bdeb
MH		 875 /* Time stamp */
876 __net_timestamp(skb);
877
beadb2bd
JH		 878 hci_send_to_control(skb, skip_sk);
879 kfree_skb(skb);
880
881 return 0;
882}
883
884static int new_settings(struct hci_dev *hdev, struct sock *skip)
885{
886 __le32 ev;
887
888 ev = cpu_to_le32(get_current_settings(hdev));
889
890 return mgmt_event(MGMT_EV_NEW_SETTINGS, hdev, &ev, sizeof(ev), skip);
891}
892
bd99abdd
JH		 893struct cmd_lookup {
894 struct sock *sk;
895 struct hci_dev *hdev;
896 u8 mgmt_status;
897};
898
899static void settings_rsp(struct pending_cmd *cmd, void *data)
900{
901 struct cmd_lookup *match = data;
902
903 send_settings_rsp(cmd->sk, cmd->opcode, match->hdev);
904
905 list_del(&cmd->list);
906
907 if (match->sk == NULL) {
908 match->sk = cmd->sk;
909 sock_hold(match->sk);
910 }
911
912 mgmt_pending_free(cmd);
913}
914
915static void cmd_status_rsp(struct pending_cmd *cmd, void *data)
916{
917 u8 *status = data;
918
919 cmd_status(cmd->sk, cmd->index, cmd->opcode, *status);
920 mgmt_pending_remove(cmd);
921}
922
e6fe7986
JH		 923static u8 mgmt_bredr_support(struct hci_dev *hdev)
924{
925 if (!lmp_bredr_capable(hdev))
926 return MGMT_STATUS_NOT_SUPPORTED;
927 else if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
928 return MGMT_STATUS_REJECTED;
929 else
930 return MGMT_STATUS_SUCCESS;
931}
932
933static u8 mgmt_le_support(struct hci_dev *hdev)
934{
935 if (!lmp_le_capable(hdev))
936 return MGMT_STATUS_NOT_SUPPORTED;
937 else if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
938 return MGMT_STATUS_REJECTED;
939 else
940 return MGMT_STATUS_SUCCESS;
941}
942
bdb6d971 943static int set_discoverable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 944 u16 len)
73f22f62 945{
650f726d 946 struct mgmt_cp_set_discoverable *cp = data;
366a0336 947 struct pending_cmd *cmd;
5e5282bb 948 u16 timeout;
e6fe7986 949 u8 scan, status;
73f22f62
JH		 950 int err;
951
bdb6d971 952 BT_DBG("request for %s", hdev->name);
73f22f62 953
e6fe7986
JH		 954 status = mgmt_bredr_support(hdev);
955 if (status)
33c525c0 956 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
e6fe7986 957 status);
33c525c0 958
a7e80f25
JH		 959 if (cp->val != 0x00 && cp->val != 0x01)
960 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
961 MGMT_STATUS_INVALID_PARAMS);
962
1f350c87 963 timeout = __le16_to_cpu(cp->timeout);
24c54a90 964 if (!cp->val && timeout > 0)
bdb6d971 965 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 966 MGMT_STATUS_INVALID_PARAMS);
73f22f62 967
09fd0de5 968 hci_dev_lock(hdev);
73f22f62 969
5e5282bb 970 if (!hdev_is_powered(hdev) && timeout > 0) {
bdb6d971 971 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 972 MGMT_STATUS_NOT_POWERED);
73f22f62
JH		 973 goto failed;
974 }
975
2e58ef3e 976 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
8ce8e2b5 977 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
bdb6d971 978 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 979 MGMT_STATUS_BUSY);
73f22f62
JH		 980 goto failed;
981 }
982
5e5282bb 983 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags)) {
bdb6d971 984 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 985 MGMT_STATUS_REJECTED);
5e5282bb
JH		 986 goto failed;
987 }
988
989 if (!hdev_is_powered(hdev)) {
0224d2fa
JH		 990 bool changed = false;
991
992 if (!!cp->val != test_bit(HCI_DISCOVERABLE, &hdev->dev_flags)) {
993 change_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
994 changed = true;
995 }
996
5e5282bb 997 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
0224d2fa
JH		 998 if (err < 0)
999 goto failed;
1000
1001 if (changed)
1002 err = new_settings(hdev, sk);
1003
5e5282bb
JH		 1004 goto failed;
1005 }
1006
1007 if (!!cp->val == test_bit(HCI_DISCOVERABLE, &hdev->dev_flags)) {
955638ec
MH		 1008 if (hdev->discov_timeout > 0) {
1009 cancel_delayed_work(&hdev->discov_off);
1010 hdev->discov_timeout = 0;
1011 }
1012
1013 if (cp->val && timeout > 0) {
1014 hdev->discov_timeout = timeout;
1015 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
1016 msecs_to_jiffies(hdev->discov_timeout * 1000));
1017 }
1018
69ab39ea 1019 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
73f22f62
JH		 1020 goto failed;
1021 }
1022
2e58ef3e 1023 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DISCOVERABLE, hdev, data, len);
366a0336
JH		 1024 if (!cmd) {
1025 err = -ENOMEM;
73f22f62 1026 goto failed;
366a0336 1027 }
73f22f62
JH		 1028
1029 scan = SCAN_PAGE;
1030
72a734ec 1031 if (cp->val)
73f22f62 1032 scan |= SCAN_INQUIRY;
16ab91ab 1033 else
e0f9309f 1034 cancel_delayed_work(&hdev->discov_off);
73f22f62
JH		 1035
1036 err = hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1037 if (err < 0)
a664b5bc 1038 mgmt_pending_remove(cmd);
73f22f62 1039
16ab91ab 1040 if (cp->val)
5e5282bb 1041 hdev->discov_timeout = timeout;
16ab91ab 1042
73f22f62 1043failed:
09fd0de5 1044 hci_dev_unlock(hdev);
73f22f62
JH		 1045 return err;
1046}
1047
406d7804
JH		 1048static void write_fast_connectable(struct hci_request *req, bool enable)
1049{
bd98b996 1050 struct hci_dev *hdev = req->hdev;
406d7804
JH		 1051 struct hci_cp_write_page_scan_activity acp;
1052 u8 type;
1053
4c01f8b8
JH		 1054 if (hdev->hci_ver < BLUETOOTH_VER_1_2)
1055 return;
1056
406d7804
JH		 1057 if (enable) {
1058 type = PAGE_SCAN_TYPE_INTERLACED;
1059
1060 /* 160 msec page scan interval */
1061 acp.interval = __constant_cpu_to_le16(0x0100);
1062 } else {
1063 type = PAGE_SCAN_TYPE_STANDARD; /* default */
1064
1065 /* default 1.28 sec page scan */
1066 acp.interval = __constant_cpu_to_le16(0x0800);
1067 }
1068
1069 acp.window = __constant_cpu_to_le16(0x0012);
1070
bd98b996
JH		 1071 if (__cpu_to_le16(hdev->page_scan_interval) != acp.interval ||
1072 __cpu_to_le16(hdev->page_scan_window) != acp.window)
1073 hci_req_add(req, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY,
1074 sizeof(acp), &acp);
1075
1076 if (hdev->page_scan_type != type)
1077 hci_req_add(req, HCI_OP_WRITE_PAGE_SCAN_TYPE, 1, &type);
406d7804
JH		 1078}
1079
2b76f453
JH		 1080static void set_connectable_complete(struct hci_dev *hdev, u8 status)
1081{
1082 struct pending_cmd *cmd;
1083
1084 BT_DBG("status 0x%02x", status);
1085
1086 hci_dev_lock(hdev);
1087
1088 cmd = mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
1089 if (!cmd)
1090 goto unlock;
1091
1092 send_settings_rsp(cmd->sk, MGMT_OP_SET_CONNECTABLE, hdev);
1093
1094 mgmt_pending_remove(cmd);
1095
1096unlock:
1097 hci_dev_unlock(hdev);
1098}
1099
bdb6d971 1100static int set_connectable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1101 u16 len)
9fbcbb45 1102{
650f726d 1103 struct mgmt_mode *cp = data;
366a0336 1104 struct pending_cmd *cmd;
2b76f453 1105 struct hci_request req;
e6fe7986 1106 u8 scan, status;
9fbcbb45
JH		 1107 int err;
1108
bdb6d971 1109 BT_DBG("request for %s", hdev->name);
9fbcbb45 1110
e6fe7986
JH		 1111 status = mgmt_bredr_support(hdev);
1112 if (status)
33c525c0 1113 return cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
e6fe7986 1114 status);
33c525c0 1115
a7e80f25
JH		 1116 if (cp->val != 0x00 && cp->val != 0x01)
1117 return cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1118 MGMT_STATUS_INVALID_PARAMS);
1119
09fd0de5 1120 hci_dev_lock(hdev);
9fbcbb45 1121
4b34ee78 1122 if (!hdev_is_powered(hdev)) {
0224d2fa
JH		 1123 bool changed = false;
1124
1125 if (!!cp->val != test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
1126 changed = true;
1127
6bf0e469 1128 if (cp->val) {
5e5282bb 1129 set_bit(HCI_CONNECTABLE, &hdev->dev_flags);
6bf0e469 1130 } else {
5e5282bb
JH		 1131 clear_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1132 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
1133 }
0224d2fa 1134
5e5282bb 1135 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
0224d2fa
JH		 1136 if (err < 0)
1137 goto failed;
1138
1139 if (changed)
1140 err = new_settings(hdev, sk);
1141
9fbcbb45
JH		 1142 goto failed;
1143 }
1144
2e58ef3e 1145 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
8ce8e2b5 1146 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
bdb6d971 1147 err = cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
04124681 1148 MGMT_STATUS_BUSY);
9fbcbb45
JH		 1149 goto failed;
1150 }
1151
5e5282bb 1152 if (!!cp->val == test_bit(HCI_PSCAN, &hdev->flags)) {
69ab39ea 1153 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
9fbcbb45
JH		 1154 goto failed;
1155 }
1156
2e58ef3e 1157 cmd = mgmt_pending_add(sk, MGMT_OP_SET_CONNECTABLE, hdev, data, len);
366a0336
JH		 1158 if (!cmd) {
1159 err = -ENOMEM;
9fbcbb45 1160 goto failed;
366a0336 1161 }
9fbcbb45 1162
6bf0e469 1163 if (cp->val) {
9fbcbb45 1164 scan = SCAN_PAGE;
6bf0e469 1165 } else {
9fbcbb45
JH		 1166 scan = 0;
1167
df2c6c5e 1168 if (test_bit(HCI_ISCAN, &hdev->flags) &&
8ce8e2b5 1169 hdev->discov_timeout > 0)
df2c6c5e
JH		 1170 cancel_delayed_work(&hdev->discov_off);
1171 }
1172
2b76f453
JH		 1173 hci_req_init(&req, hdev);
1174
1175 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1176
4c01f8b8
JH		 1177 /* If we're going from non-connectable to connectable or
1178 * vice-versa when fast connectable is enabled ensure that fast
1179 * connectable gets disabled. write_fast_connectable won't do
1180 * anything if the page scan parameters are already what they
1181 * should be.
1182 */
1183 if (cp->val || test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags))
e36a3769
JH		 1184 write_fast_connectable(&req, false);
1185
2b76f453 1186 err = hci_req_run(&req, set_connectable_complete);
9fbcbb45 1187 if (err < 0)
a664b5bc 1188 mgmt_pending_remove(cmd);
9fbcbb45
JH		 1189
1190failed:
09fd0de5 1191 hci_dev_unlock(hdev);
9fbcbb45
JH		 1192 return err;
1193}
1194
bdb6d971 1195static int set_pairable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1196 u16 len)
c542a06c 1197{
650f726d 1198 struct mgmt_mode *cp = data;
c542a06c
JH		 1199 int err;
1200
bdb6d971 1201 BT_DBG("request for %s", hdev->name);
c542a06c 1202
a7e80f25
JH		 1203 if (cp->val != 0x00 && cp->val != 0x01)
1204 return cmd_status(sk, hdev->id, MGMT_OP_SET_PAIRABLE,
1205 MGMT_STATUS_INVALID_PARAMS);
1206
09fd0de5 1207 hci_dev_lock(hdev);
c542a06c
JH		 1208
1209 if (cp->val)
a8b2d5c2 1210 set_bit(HCI_PAIRABLE, &hdev->dev_flags);
c542a06c 1211 else
a8b2d5c2 1212 clear_bit(HCI_PAIRABLE, &hdev->dev_flags);
c542a06c 1213
69ab39ea 1214 err = send_settings_rsp(sk, MGMT_OP_SET_PAIRABLE, hdev);
c542a06c
JH		 1215 if (err < 0)
1216 goto failed;
1217
beadb2bd 1218 err = new_settings(hdev, sk);
c542a06c
JH		 1219
1220failed:
09fd0de5 1221 hci_dev_unlock(hdev);
c542a06c
JH		 1222 return err;
1223}
1224
04124681
GP		 1225static int set_link_security(struct sock *sk, struct hci_dev *hdev, void *data,
1226 u16 len)
33ef95ed
JH		 1227{
1228 struct mgmt_mode *cp = data;
1229 struct pending_cmd *cmd;
e6fe7986 1230 u8 val, status;
33ef95ed
JH		 1231 int err;
1232
bdb6d971 1233 BT_DBG("request for %s", hdev->name);
33ef95ed 1234
e6fe7986
JH		 1235 status = mgmt_bredr_support(hdev);
1236 if (status)
33c525c0 1237 return cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
e6fe7986 1238 status);
33c525c0 1239
a7e80f25
JH		 1240 if (cp->val != 0x00 && cp->val != 0x01)
1241 return cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1242 MGMT_STATUS_INVALID_PARAMS);
1243
33ef95ed
JH		 1244 hci_dev_lock(hdev);
1245
4b34ee78 1246 if (!hdev_is_powered(hdev)) {
47990ea0
JH		 1247 bool changed = false;
1248
1249 if (!!cp->val != test_bit(HCI_LINK_SECURITY,
8ce8e2b5 1250 &hdev->dev_flags)) {
47990ea0
JH		 1251 change_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
1252 changed = true;
1253 }
1254
1255 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1256 if (err < 0)
1257 goto failed;
1258
1259 if (changed)
1260 err = new_settings(hdev, sk);
1261
33ef95ed
JH		 1262 goto failed;
1263 }
1264
1265 if (mgmt_pending_find(MGMT_OP_SET_LINK_SECURITY, hdev)) {
bdb6d971 1266 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
04124681 1267 MGMT_STATUS_BUSY);
33ef95ed
JH		 1268 goto failed;
1269 }
1270
1271 val = !!cp->val;
1272
1273 if (test_bit(HCI_AUTH, &hdev->flags) == val) {
1274 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1275 goto failed;
1276 }
1277
1278 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LINK_SECURITY, hdev, data, len);
1279 if (!cmd) {
1280 err = -ENOMEM;
1281 goto failed;
1282 }
1283
1284 err = hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE, sizeof(val), &val);
1285 if (err < 0) {
1286 mgmt_pending_remove(cmd);
1287 goto failed;
1288 }
1289
1290failed:
1291 hci_dev_unlock(hdev);
33ef95ed
JH		 1292 return err;
1293}
1294
bdb6d971 1295static int set_ssp(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
ed2c4ee3
JH		 1296{
1297 struct mgmt_mode *cp = data;
1298 struct pending_cmd *cmd;
cdba5281 1299 u8 val, status;
ed2c4ee3
JH		 1300 int err;
1301
bdb6d971 1302 BT_DBG("request for %s", hdev->name);
ed2c4ee3 1303
cdba5281
MH		 1304 status = mgmt_bredr_support(hdev);
1305 if (status)
1306 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP, status);
1307
13ecd8b6
JH		 1308 if (!lmp_ssp_capable(hdev))
1309 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1310 MGMT_STATUS_NOT_SUPPORTED);
ed2c4ee3 1311
a7e80f25
JH		 1312 if (cp->val != 0x00 && cp->val != 0x01)
1313 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1314 MGMT_STATUS_INVALID_PARAMS);
1315
13ecd8b6 1316 hci_dev_lock(hdev);
6c8f12c1 1317
c0ecddc2
JH		 1318 val = !!cp->val;
1319
4b34ee78 1320 if (!hdev_is_powered(hdev)) {
c0ecddc2
JH		 1321 bool changed = false;
1322
1323 if (val != test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) {
1324 change_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
1325 changed = true;
1326 }
1327
1328 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1329 if (err < 0)
1330 goto failed;
1331
1332 if (changed)
1333 err = new_settings(hdev, sk);
1334
ed2c4ee3
JH		 1335 goto failed;
1336 }
1337
1338 if (mgmt_pending_find(MGMT_OP_SET_SSP, hdev)) {
d97dcb66
SJ		 1339 err = cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1340 MGMT_STATUS_BUSY);
ed2c4ee3
JH		 1341 goto failed;
1342 }
1343
ed2c4ee3
JH		 1344 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags) == val) {
1345 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1346 goto failed;
1347 }
1348
1349 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SSP, hdev, data, len);
1350 if (!cmd) {
1351 err = -ENOMEM;
1352 goto failed;
1353 }
1354
1355 err = hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, sizeof(val), &val);
1356 if (err < 0) {
1357 mgmt_pending_remove(cmd);
1358 goto failed;
1359 }
1360
1361failed:
1362 hci_dev_unlock(hdev);
ed2c4ee3
JH		 1363 return err;
1364}
1365
bdb6d971 1366static int set_hs(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
6d80dfd0
JH		 1367{
1368 struct mgmt_mode *cp = data;
ee392693 1369 bool changed;
e6fe7986 1370 u8 status;
ee392693 1371 int err;
6d80dfd0 1372
bdb6d971 1373 BT_DBG("request for %s", hdev->name);
6d80dfd0 1374
e6fe7986
JH		 1375 status = mgmt_bredr_support(hdev);
1376 if (status)
1377 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS, status);
6d80dfd0 1378
a7e80f25
JH		 1379 if (cp->val != 0x00 && cp->val != 0x01)
1380 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1381 MGMT_STATUS_INVALID_PARAMS);
1382
ee392693
MH		 1383 hci_dev_lock(hdev);
1384
a0cdf960 1385 if (cp->val) {
ee392693 1386 changed = !test_and_set_bit(HCI_HS_ENABLED, &hdev->dev_flags);
a0cdf960
MH		 1387 } else {
1388 if (hdev_is_powered(hdev)) {
1389 err = cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1390 MGMT_STATUS_REJECTED);
1391 goto unlock;
1392 }
1393
ee392693 1394 changed = test_and_clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
a0cdf960 1395 }
ee392693
MH		 1396
1397 err = send_settings_rsp(sk, MGMT_OP_SET_HS, hdev);
1398 if (err < 0)
1399 goto unlock;
1400
1401 if (changed)
1402 err = new_settings(hdev, sk);
6d80dfd0 1403
ee392693
MH		 1404unlock:
1405 hci_dev_unlock(hdev);
1406 return err;
6d80dfd0
JH		 1407}
1408
416a4ae5
JH		 1409static void le_enable_complete(struct hci_dev *hdev, u8 status)
1410{
1411 struct cmd_lookup match = { NULL, hdev };
1412
1413 if (status) {
1414 u8 mgmt_err = mgmt_status(status);
1415
1416 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, cmd_status_rsp,
1417 &mgmt_err);
1418 return;
1419 }
1420
1421 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, settings_rsp, &match);
1422
1423 new_settings(hdev, match.sk);
1424
1425 if (match.sk)
1426 sock_put(match.sk);
1427}
1428
bdb6d971 1429static int set_le(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
06199cf8
JH		 1430{
1431 struct mgmt_mode *cp = data;
1432 struct hci_cp_write_le_host_supported hci_cp;
1433 struct pending_cmd *cmd;
416a4ae5 1434 struct hci_request req;
06199cf8 1435 int err;
0b60eba1 1436 u8 val, enabled;
06199cf8 1437
bdb6d971 1438 BT_DBG("request for %s", hdev->name);
06199cf8 1439
13ecd8b6
JH		 1440 if (!lmp_le_capable(hdev))
1441 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1442 MGMT_STATUS_NOT_SUPPORTED);
1de028ce 1443
a7e80f25
JH		 1444 if (cp->val != 0x00 && cp->val != 0x01)
1445 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1446 MGMT_STATUS_INVALID_PARAMS);
1447
c73eee91 1448 /* LE-only devices do not allow toggling LE on/off */
56f87901 1449 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
c73eee91
JH		 1450 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1451 MGMT_STATUS_REJECTED);
1452
13ecd8b6 1453 hci_dev_lock(hdev);
06199cf8
JH		 1454
1455 val = !!cp->val;
ffa88e02 1456 enabled = lmp_host_le_capable(hdev);
06199cf8 1457
0b60eba1 1458 if (!hdev_is_powered(hdev) || val == enabled) {
06199cf8
JH		 1459 bool changed = false;
1460
1461 if (val != test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
1462 change_bit(HCI_LE_ENABLED, &hdev->dev_flags);
1463 changed = true;
1464 }
1465
eeca6f89
JH		 1466 if (!val && test_bit(HCI_LE_PERIPHERAL, &hdev->dev_flags)) {
1467 clear_bit(HCI_LE_PERIPHERAL, &hdev->dev_flags);
1468 changed = true;
1469 }
1470
06199cf8
JH		 1471 err = send_settings_rsp(sk, MGMT_OP_SET_LE, hdev);
1472 if (err < 0)
1de028ce 1473 goto unlock;
06199cf8
JH		 1474
1475 if (changed)
1476 err = new_settings(hdev, sk);
1477
1de028ce 1478 goto unlock;
06199cf8
JH		 1479 }
1480
4375f103
JH		 1481 if (mgmt_pending_find(MGMT_OP_SET_LE, hdev) ||
1482 mgmt_pending_find(MGMT_OP_SET_ADVERTISING, hdev)) {
bdb6d971 1483 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
04124681 1484 MGMT_STATUS_BUSY);
1de028ce 1485 goto unlock;
06199cf8
JH		 1486 }
1487
1488 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LE, hdev, data, len);
1489 if (!cmd) {
1490 err = -ENOMEM;
1de028ce 1491 goto unlock;
06199cf8
JH		 1492 }
1493
1494 memset(&hci_cp, 0, sizeof(hci_cp));
1495
1496 if (val) {
1497 hci_cp.le = val;
ffa88e02 1498 hci_cp.simul = lmp_le_br_capable(hdev);
06199cf8
JH		 1499 }
1500
416a4ae5
JH		 1501 hci_req_init(&req, hdev);
1502
eeca6f89
JH		 1503 if (test_bit(HCI_LE_PERIPHERAL, &hdev->dev_flags) && !val)
1504 hci_req_add(&req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(val), &val);
1505
416a4ae5
JH		 1506 hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(hci_cp),
1507 &hci_cp);
1508
1509 err = hci_req_run(&req, le_enable_complete);
0c01bc48 1510 if (err < 0)
06199cf8 1511 mgmt_pending_remove(cmd);
06199cf8 1512
1de028ce
JH		 1513unlock:
1514 hci_dev_unlock(hdev);
06199cf8
JH		 1515 return err;
1516}
1517
0cab9c80
JH		 1518/* This is a helper function to test for pending mgmt commands that can
1519 * cause CoD or EIR HCI commands. We can only allow one such pending
1520 * mgmt command at a time since otherwise we cannot easily track what
1521 * the current values are, will be, and based on that calculate if a new
1522 * HCI command needs to be sent and if yes with what value.
1523 */
1524static bool pending_eir_or_class(struct hci_dev *hdev)
1525{
1526 struct pending_cmd *cmd;
1527
1528 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
1529 switch (cmd->opcode) {
1530 case MGMT_OP_ADD_UUID:
1531 case MGMT_OP_REMOVE_UUID:
1532 case MGMT_OP_SET_DEV_CLASS:
1533 case MGMT_OP_SET_POWERED:
1534 return true;
1535 }
1536 }
1537
1538 return false;
1539}
1540
83be8eca
JH		 1541static const u8 bluetooth_base_uuid[] = {
1542 0xfb, 0x34, 0x9b, 0x5f, 0x80, 0x00, 0x00, 0x80,
1543 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1544};
1545
1546static u8 get_uuid_size(const u8 *uuid)
1547{
1548 u32 val;
1549
1550 if (memcmp(uuid, bluetooth_base_uuid, 12))
1551 return 128;
1552
1553 val = get_unaligned_le32(&uuid[12]);
1554 if (val > 0xffff)
1555 return 32;
1556
1557 return 16;
1558}
1559
92da6097
JH		 1560static void mgmt_class_complete(struct hci_dev *hdev, u16 mgmt_op, u8 status)
1561{
1562 struct pending_cmd *cmd;
1563
1564 hci_dev_lock(hdev);
1565
1566 cmd = mgmt_pending_find(mgmt_op, hdev);
1567 if (!cmd)
1568 goto unlock;
1569
1570 cmd_complete(cmd->sk, cmd->index, cmd->opcode, mgmt_status(status),
1571 hdev->dev_class, 3);
1572
1573 mgmt_pending_remove(cmd);
1574
1575unlock:
1576 hci_dev_unlock(hdev);
1577}
1578
1579static void add_uuid_complete(struct hci_dev *hdev, u8 status)
1580{
1581 BT_DBG("status 0x%02x", status);
1582
1583 mgmt_class_complete(hdev, MGMT_OP_ADD_UUID, status);
1584}
1585
bdb6d971 1586static int add_uuid(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
2aeb9a1a 1587{
650f726d 1588 struct mgmt_cp_add_uuid *cp = data;
90e70454 1589 struct pending_cmd *cmd;
890ea898 1590 struct hci_request req;
2aeb9a1a 1591 struct bt_uuid *uuid;
2aeb9a1a
JH		 1592 int err;
1593
bdb6d971 1594 BT_DBG("request for %s", hdev->name);
2aeb9a1a 1595
09fd0de5 1596 hci_dev_lock(hdev);
2aeb9a1a 1597
0cab9c80 1598 if (pending_eir_or_class(hdev)) {
bdb6d971 1599 err = cmd_status(sk, hdev->id, MGMT_OP_ADD_UUID,
04124681 1600 MGMT_STATUS_BUSY);
c95f0ba7
JH		 1601 goto failed;
1602 }
1603
92c4c204 1604 uuid = kmalloc(sizeof(*uuid), GFP_KERNEL);
2aeb9a1a
JH		 1605 if (!uuid) {
1606 err = -ENOMEM;
1607 goto failed;
1608 }
1609
1610 memcpy(uuid->uuid, cp->uuid, 16);
1aff6f09 1611 uuid->svc_hint = cp->svc_hint;
83be8eca 1612 uuid->size = get_uuid_size(cp->uuid);
2aeb9a1a 1613
de66aa63 1614 list_add_tail(&uuid->list, &hdev->uuids);
2aeb9a1a 1615
890ea898 1616 hci_req_init(&req, hdev);
1aff6f09 1617
890ea898
JH		 1618 update_class(&req);
1619 update_eir(&req);
1620
92da6097
JH		 1621 err = hci_req_run(&req, add_uuid_complete);
1622 if (err < 0) {
1623 if (err != -ENODATA)
1624 goto failed;
80a1e1db 1625
bdb6d971 1626 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_UUID, 0,
04124681 1627 hdev->dev_class, 3);
90e70454
JH		 1628 goto failed;
1629 }
1630
1631 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_UUID, hdev, data, len);
890ea898 1632 if (!cmd) {
90e70454 1633 err = -ENOMEM;
890ea898
JH		 1634 goto failed;
1635 }
1636
1637 err = 0;
2aeb9a1a
JH		 1638
1639failed:
09fd0de5 1640 hci_dev_unlock(hdev);
2aeb9a1a
JH		 1641 return err;
1642}
1643
24b78d0f
JH		 1644static bool enable_service_cache(struct hci_dev *hdev)
1645{
1646 if (!hdev_is_powered(hdev))
1647 return false;
1648
1649 if (!test_and_set_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
46818ed5
JH		 1650 queue_delayed_work(hdev->workqueue, &hdev->service_cache,
1651 CACHE_TIMEOUT);
24b78d0f
JH		 1652 return true;
1653 }
1654
1655 return false;
1656}
1657
92da6097
JH		 1658static void remove_uuid_complete(struct hci_dev *hdev, u8 status)
1659{
1660 BT_DBG("status 0x%02x", status);
1661
1662 mgmt_class_complete(hdev, MGMT_OP_REMOVE_UUID, status);
1663}
1664
bdb6d971 1665static int remove_uuid(struct sock *sk, struct hci_dev *hdev, void *data,
8ce8e2b5 1666 u16 len)
2aeb9a1a 1667{
650f726d 1668 struct mgmt_cp_remove_uuid *cp = data;
90e70454 1669 struct pending_cmd *cmd;
056341c8 1670 struct bt_uuid *match, *tmp;
2aeb9a1a 1671 u8 bt_uuid_any[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
890ea898 1672 struct hci_request req;
2aeb9a1a
JH		 1673 int err, found;
1674
bdb6d971 1675 BT_DBG("request for %s", hdev->name);
2aeb9a1a 1676
09fd0de5 1677 hci_dev_lock(hdev);
2aeb9a1a 1678
0cab9c80 1679 if (pending_eir_or_class(hdev)) {
bdb6d971 1680 err = cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
04124681 1681 MGMT_STATUS_BUSY);
c95f0ba7
JH		 1682 goto unlock;
1683 }
1684
2aeb9a1a
JH		 1685 if (memcmp(cp->uuid, bt_uuid_any, 16) == 0) {
1686 err = hci_uuids_clear(hdev);
4004b6d9 1687
24b78d0f 1688 if (enable_service_cache(hdev)) {
bdb6d971 1689 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID,
04124681 1690 0, hdev->dev_class, 3);
24b78d0f
JH		 1691 goto unlock;
1692 }
4004b6d9 1693
9246a869 1694 goto update_class;
2aeb9a1a
JH		 1695 }
1696
1697 found = 0;
1698
056341c8 1699 list_for_each_entry_safe(match, tmp, &hdev->uuids, list) {
2aeb9a1a
JH		 1700 if (memcmp(match->uuid, cp->uuid, 16) != 0)
1701 continue;
1702
1703 list_del(&match->list);
482049f7 1704 kfree(match);
2aeb9a1a
JH		 1705 found++;
1706 }
1707
1708 if (found == 0) {
bdb6d971 1709 err = cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
04124681 1710 MGMT_STATUS_INVALID_PARAMS);
2aeb9a1a
JH		 1711 goto unlock;
1712 }
1713
9246a869 1714update_class:
890ea898 1715 hci_req_init(&req, hdev);
1aff6f09 1716
890ea898
JH		 1717 update_class(&req);
1718 update_eir(&req);
1719
92da6097
JH		 1720 err = hci_req_run(&req, remove_uuid_complete);
1721 if (err < 0) {
1722 if (err != -ENODATA)
1723 goto unlock;
80a1e1db 1724
bdb6d971 1725 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID, 0,
04124681 1726 hdev->dev_class, 3);
90e70454
JH		 1727 goto unlock;
1728 }
1729
1730 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_UUID, hdev, data, len);
890ea898 1731 if (!cmd) {
90e70454 1732 err = -ENOMEM;
890ea898
JH		 1733 goto unlock;
1734 }
1735
1736 err = 0;
2aeb9a1a
JH		 1737
1738unlock:
09fd0de5 1739 hci_dev_unlock(hdev);
2aeb9a1a
JH		 1740 return err;
1741}
1742
92da6097
JH		 1743static void set_class_complete(struct hci_dev *hdev, u8 status)
1744{
1745 BT_DBG("status 0x%02x", status);
1746
1747 mgmt_class_complete(hdev, MGMT_OP_SET_DEV_CLASS, status);
1748}
1749
bdb6d971 1750static int set_dev_class(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1751 u16 len)
1aff6f09 1752{
650f726d 1753 struct mgmt_cp_set_dev_class *cp = data;
90e70454 1754 struct pending_cmd *cmd;
890ea898 1755 struct hci_request req;
1aff6f09
JH		 1756 int err;
1757
bdb6d971 1758 BT_DBG("request for %s", hdev->name);
1aff6f09 1759
56f87901 1760 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
13ecd8b6
JH		 1761 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
1762 MGMT_STATUS_NOT_SUPPORTED);
1aff6f09 1763
0cab9c80 1764 hci_dev_lock(hdev);
ee98f473 1765
0cab9c80
JH		 1766 if (pending_eir_or_class(hdev)) {
1767 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
1768 MGMT_STATUS_BUSY);
1769 goto unlock;
1770 }
c95f0ba7 1771
0cab9c80
JH		 1772 if ((cp->minor & 0x03) != 0 || (cp->major & 0xe0) != 0) {
1773 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
1774 MGMT_STATUS_INVALID_PARAMS);
1775 goto unlock;
1776 }
575b3a02 1777
932f5ff5
JH		 1778 hdev->major_class = cp->major;
1779 hdev->minor_class = cp->minor;
1780
b5235a65 1781 if (!hdev_is_powered(hdev)) {
bdb6d971 1782 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
04124681 1783 hdev->dev_class, 3);
b5235a65
JH		 1784 goto unlock;
1785 }
1786
890ea898
JH		 1787 hci_req_init(&req, hdev);
1788
a8b2d5c2 1789 if (test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
7d78525d
JH		 1790 hci_dev_unlock(hdev);
1791 cancel_delayed_work_sync(&hdev->service_cache);
1792 hci_dev_lock(hdev);
890ea898 1793 update_eir(&req);
7d78525d 1794 }
14c0b608 1795
890ea898
JH		 1796 update_class(&req);
1797
92da6097
JH		 1798 err = hci_req_run(&req, set_class_complete);
1799 if (err < 0) {
1800 if (err != -ENODATA)
1801 goto unlock;
1aff6f09 1802
bdb6d971 1803 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
04124681 1804 hdev->dev_class, 3);
90e70454
JH		 1805 goto unlock;
1806 }
1807
1808 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DEV_CLASS, hdev, data, len);
890ea898 1809 if (!cmd) {
90e70454 1810 err = -ENOMEM;
890ea898
JH		 1811 goto unlock;
1812 }
1813
1814 err = 0;
1aff6f09 1815
b5235a65 1816unlock:
09fd0de5 1817 hci_dev_unlock(hdev);
1aff6f09
JH		 1818 return err;
1819}
1820
bdb6d971 1821static int load_link_keys(struct sock *sk, struct hci_dev *hdev, void *data,
8ce8e2b5 1822 u16 len)
55ed8ca1 1823{
650f726d 1824 struct mgmt_cp_load_link_keys *cp = data;
4e51eae9 1825 u16 key_count, expected_len;
a492cd52 1826 int i;
55ed8ca1 1827
9060d5cf
MH		 1828 BT_DBG("request for %s", hdev->name);
1829
1830 if (!lmp_bredr_capable(hdev))
1831 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
1832 MGMT_STATUS_NOT_SUPPORTED);
1833
1f350c87 1834 key_count = __le16_to_cpu(cp->key_count);
55ed8ca1 1835
86742e1e
JH		 1836 expected_len = sizeof(*cp) + key_count *
1837 sizeof(struct mgmt_link_key_info);
a492cd52 1838 if (expected_len != len) {
86742e1e 1839 BT_ERR("load_link_keys: expected %u bytes, got %u bytes",
8ce8e2b5 1840 len, expected_len);
bdb6d971 1841 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
04124681 1842 MGMT_STATUS_INVALID_PARAMS);
55ed8ca1
JH		 1843 }
1844
4ae14301
JH		 1845 if (cp->debug_keys != 0x00 && cp->debug_keys != 0x01)
1846 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
1847 MGMT_STATUS_INVALID_PARAMS);
1848
bdb6d971 1849 BT_DBG("%s debug_keys %u key_count %u", hdev->name, cp->debug_keys,
8ce8e2b5 1850 key_count);
55ed8ca1 1851
4ee71b20
JH		 1852 for (i = 0; i < key_count; i++) {
1853 struct mgmt_link_key_info *key = &cp->keys[i];
1854
1855 if (key->addr.type != BDADDR_BREDR)
1856 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
1857 MGMT_STATUS_INVALID_PARAMS);
1858 }
1859
09fd0de5 1860 hci_dev_lock(hdev);
55ed8ca1
JH		 1861
1862 hci_link_keys_clear(hdev);
1863
55ed8ca1 1864 if (cp->debug_keys)
a8b2d5c2 1865 set_bit(HCI_DEBUG_KEYS, &hdev->dev_flags);
55ed8ca1 1866 else
a8b2d5c2 1867 clear_bit(HCI_DEBUG_KEYS, &hdev->dev_flags);
55ed8ca1 1868
a492cd52 1869 for (i = 0; i < key_count; i++) {
86742e1e 1870 struct mgmt_link_key_info *key = &cp->keys[i];
55ed8ca1 1871
d753fdc4 1872 hci_add_link_key(hdev, NULL, 0, &key->addr.bdaddr, key->val,
04124681 1873 key->type, key->pin_len);
55ed8ca1
JH		 1874 }
1875
bdb6d971 1876 cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS, 0, NULL, 0);
0e5f875a 1877
09fd0de5 1878 hci_dev_unlock(hdev);
55ed8ca1 1879
a492cd52 1880 return 0;
55ed8ca1
JH		 1881}
1882
b1078ad0 1883static int device_unpaired(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 1884 u8 addr_type, struct sock *skip_sk)
b1078ad0
JH		 1885{
1886 struct mgmt_ev_device_unpaired ev;
1887
1888 bacpy(&ev.addr.bdaddr, bdaddr);
1889 ev.addr.type = addr_type;
1890
1891 return mgmt_event(MGMT_EV_DEVICE_UNPAIRED, hdev, &ev, sizeof(ev),
04124681 1892 skip_sk);
b1078ad0
JH		 1893}
1894
bdb6d971 1895static int unpair_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1896 u16 len)
55ed8ca1 1897{
124f6e35
JH		 1898 struct mgmt_cp_unpair_device *cp = data;
1899 struct mgmt_rp_unpair_device rp;
a8a1d19e
JH		 1900 struct hci_cp_disconnect dc;
1901 struct pending_cmd *cmd;
55ed8ca1 1902 struct hci_conn *conn;
55ed8ca1
JH		 1903 int err;
1904
a8a1d19e 1905 memset(&rp, 0, sizeof(rp));
124f6e35
JH		 1906 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
1907 rp.addr.type = cp->addr.type;
a8a1d19e 1908
4ee71b20
JH		 1909 if (!bdaddr_type_is_valid(cp->addr.type))
1910 return cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
1911 MGMT_STATUS_INVALID_PARAMS,
1912 &rp, sizeof(rp));
1913
118da70b
JH		 1914 if (cp->disconnect != 0x00 && cp->disconnect != 0x01)
1915 return cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
1916 MGMT_STATUS_INVALID_PARAMS,
1917 &rp, sizeof(rp));
1918
4ee71b20
JH		 1919 hci_dev_lock(hdev);
1920
86a8cfc6 1921 if (!hdev_is_powered(hdev)) {
bdb6d971 1922 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
04124681 1923 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
86a8cfc6
JH		 1924 goto unlock;
1925 }
1926
591f47f3 1927 if (cp->addr.type == BDADDR_BREDR)
124f6e35
JH		 1928 err = hci_remove_link_key(hdev, &cp->addr.bdaddr);
1929 else
1930 err = hci_remove_ltk(hdev, &cp->addr.bdaddr);
b0dbfb46 1931
55ed8ca1 1932 if (err < 0) {
bdb6d971 1933 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
04124681 1934 MGMT_STATUS_NOT_PAIRED, &rp, sizeof(rp));
55ed8ca1
JH		 1935 goto unlock;
1936 }
1937
86a8cfc6 1938 if (cp->disconnect) {
591f47f3 1939 if (cp->addr.type == BDADDR_BREDR)
86a8cfc6 1940 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
8ce8e2b5 1941 &cp->addr.bdaddr);
86a8cfc6
JH		 1942 else
1943 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK,
8ce8e2b5 1944 &cp->addr.bdaddr);
86a8cfc6
JH		 1945 } else {
1946 conn = NULL;
1947 }
124f6e35 1948
a8a1d19e 1949 if (!conn) {
bdb6d971 1950 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE, 0,
04124681 1951 &rp, sizeof(rp));
b1078ad0 1952 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, sk);
a8a1d19e
JH		 1953 goto unlock;
1954 }
55ed8ca1 1955
124f6e35 1956 cmd = mgmt_pending_add(sk, MGMT_OP_UNPAIR_DEVICE, hdev, cp,
04124681 1957 sizeof(*cp));
a8a1d19e
JH		 1958 if (!cmd) {
1959 err = -ENOMEM;
1960 goto unlock;
55ed8ca1
JH		 1961 }
1962
eb55ef07 1963 dc.handle = cpu_to_le16(conn->handle);
a8a1d19e
JH		 1964 dc.reason = 0x13; /* Remote User Terminated Connection */
1965 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
1966 if (err < 0)
1967 mgmt_pending_remove(cmd);
1968
55ed8ca1 1969unlock:
09fd0de5 1970 hci_dev_unlock(hdev);
55ed8ca1
JH		 1971 return err;
1972}
1973
bdb6d971 1974static int disconnect(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1975 u16 len)
8962ee74 1976{
650f726d 1977 struct mgmt_cp_disconnect *cp = data;
06a63b19 1978 struct mgmt_rp_disconnect rp;
8962ee74 1979 struct hci_cp_disconnect dc;
366a0336 1980 struct pending_cmd *cmd;
8962ee74 1981 struct hci_conn *conn;
8962ee74
JH		 1982 int err;
1983
1984 BT_DBG("");
1985
06a63b19
JH		 1986 memset(&rp, 0, sizeof(rp));
1987 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
1988 rp.addr.type = cp->addr.type;
1989
4ee71b20 1990 if (!bdaddr_type_is_valid(cp->addr.type))
06a63b19
JH		 1991 return cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
1992 MGMT_STATUS_INVALID_PARAMS,
1993 &rp, sizeof(rp));
4ee71b20 1994
09fd0de5 1995 hci_dev_lock(hdev);
8962ee74
JH		 1996
1997 if (!test_bit(HCI_UP, &hdev->flags)) {
06a63b19
JH		 1998 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
1999 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
8962ee74
JH		 2000 goto failed;
2001 }
2002
2e58ef3e 2003 if (mgmt_pending_find(MGMT_OP_DISCONNECT, hdev)) {
06a63b19
JH		 2004 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2005 MGMT_STATUS_BUSY, &rp, sizeof(rp));
8962ee74
JH		 2006 goto failed;
2007 }
2008
591f47f3 2009 if (cp->addr.type == BDADDR_BREDR)
8fc9ced3
GP		 2010 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
2011 &cp->addr.bdaddr);
88c3df13
JH		 2012 else
2013 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
365227e5 2014
f960727e 2015 if (!conn || conn->state == BT_OPEN || conn->state == BT_CLOSED) {
06a63b19
JH		 2016 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2017 MGMT_STATUS_NOT_CONNECTED, &rp, sizeof(rp));
8962ee74
JH		 2018 goto failed;
2019 }
2020
2e58ef3e 2021 cmd = mgmt_pending_add(sk, MGMT_OP_DISCONNECT, hdev, data, len);
366a0336
JH		 2022 if (!cmd) {
2023 err = -ENOMEM;
8962ee74 2024 goto failed;
366a0336 2025 }
8962ee74 2026
eb55ef07 2027 dc.handle = cpu_to_le16(conn->handle);
3701f944 2028 dc.reason = HCI_ERROR_REMOTE_USER_TERM;
8962ee74
JH		 2029
2030 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
2031 if (err < 0)
a664b5bc 2032 mgmt_pending_remove(cmd);
8962ee74
JH		 2033
2034failed:
09fd0de5 2035 hci_dev_unlock(hdev);
8962ee74
JH		 2036 return err;
2037}
2038
57c1477c 2039static u8 link_to_bdaddr(u8 link_type, u8 addr_type)
4c659c39
JH		 2040{
2041 switch (link_type) {
2042 case LE_LINK:
48264f06
JH		 2043 switch (addr_type) {
2044 case ADDR_LE_DEV_PUBLIC:
591f47f3 2045 return BDADDR_LE_PUBLIC;
0ed09148 2046
48264f06 2047 default:
0ed09148 2048 /* Fallback to LE Random address type */
591f47f3 2049 return BDADDR_LE_RANDOM;
48264f06 2050 }
0ed09148 2051
4c659c39 2052 default:
0ed09148 2053 /* Fallback to BR/EDR type */
591f47f3 2054 return BDADDR_BREDR;
4c659c39
JH		 2055 }
2056}
2057
04124681
GP		 2058static int get_connections(struct sock *sk, struct hci_dev *hdev, void *data,
2059 u16 data_len)
2784eb41 2060{
2784eb41 2061 struct mgmt_rp_get_connections *rp;
8035ded4 2062 struct hci_conn *c;
a38528f1 2063 size_t rp_len;
60fc5fb6
JH		 2064 int err;
2065 u16 i;
2784eb41
JH		 2066
2067 BT_DBG("");
2068
09fd0de5 2069 hci_dev_lock(hdev);
2784eb41 2070
5f97c1df 2071 if (!hdev_is_powered(hdev)) {
bdb6d971 2072 err = cmd_status(sk, hdev->id, MGMT_OP_GET_CONNECTIONS,
04124681 2073 MGMT_STATUS_NOT_POWERED);
5f97c1df
JH		 2074 goto unlock;
2075 }
2076
60fc5fb6 2077 i = 0;
b644ba33
JH		 2078 list_for_each_entry(c, &hdev->conn_hash.list, list) {
2079 if (test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
60fc5fb6 2080 i++;
2784eb41
JH		 2081 }
2082
60fc5fb6 2083 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
92c4c204 2084 rp = kmalloc(rp_len, GFP_KERNEL);
a38528f1 2085 if (!rp) {
2784eb41
JH		 2086 err = -ENOMEM;
2087 goto unlock;
2088 }
2089
2784eb41 2090 i = 0;
4c659c39 2091 list_for_each_entry(c, &hdev->conn_hash.list, list) {
b644ba33
JH		 2092 if (!test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
2093 continue;
4c659c39 2094 bacpy(&rp->addr[i].bdaddr, &c->dst);
57c1477c 2095 rp->addr[i].type = link_to_bdaddr(c->type, c->dst_type);
0ed09148 2096 if (c->type == SCO_LINK || c->type == ESCO_LINK)
4c659c39
JH		 2097 continue;
2098 i++;
2099 }
2100
eb55ef07 2101 rp->conn_count = cpu_to_le16(i);
60fc5fb6 2102
4c659c39
JH		 2103 /* Recalculate length in case of filtered SCO connections, etc */
2104 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
2784eb41 2105
bdb6d971 2106 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CONNECTIONS, 0, rp,
04124681 2107 rp_len);
2784eb41 2108
a38528f1 2109 kfree(rp);
5f97c1df
JH		 2110
2111unlock:
09fd0de5 2112 hci_dev_unlock(hdev);
2784eb41
JH		 2113 return err;
2114}
2115
bdb6d971 2116static int send_pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 2117 struct mgmt_cp_pin_code_neg_reply *cp)
96d97a67
WR		 2118{
2119 struct pending_cmd *cmd;
2120 int err;
2121
2e58ef3e 2122 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_NEG_REPLY, hdev, cp,
04124681 2123 sizeof(*cp));
96d97a67
WR		 2124 if (!cmd)
2125 return -ENOMEM;
2126
d8457698 2127 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
04124681 2128 sizeof(cp->addr.bdaddr), &cp->addr.bdaddr);
96d97a67
WR		 2129 if (err < 0)
2130 mgmt_pending_remove(cmd);
2131
2132 return err;
2133}
2134
bdb6d971 2135static int pin_code_reply(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2136 u16 len)
980e1a53 2137{
96d97a67 2138 struct hci_conn *conn;
650f726d 2139 struct mgmt_cp_pin_code_reply *cp = data;
980e1a53 2140 struct hci_cp_pin_code_reply reply;
366a0336 2141 struct pending_cmd *cmd;
980e1a53
JH		 2142 int err;
2143
2144 BT_DBG("");
2145
09fd0de5 2146 hci_dev_lock(hdev);
980e1a53 2147
4b34ee78 2148 if (!hdev_is_powered(hdev)) {
bdb6d971 2149 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
04124681 2150 MGMT_STATUS_NOT_POWERED);
980e1a53
JH		 2151 goto failed;
2152 }
2153
d8457698 2154 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->addr.bdaddr);
96d97a67 2155 if (!conn) {
bdb6d971 2156 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
04124681 2157 MGMT_STATUS_NOT_CONNECTED);
96d97a67
WR		 2158 goto failed;
2159 }
2160
2161 if (conn->pending_sec_level == BT_SECURITY_HIGH && cp->pin_len != 16) {
d8457698
JH		 2162 struct mgmt_cp_pin_code_neg_reply ncp;
2163
2164 memcpy(&ncp.addr, &cp->addr, sizeof(ncp.addr));
96d97a67
WR		 2165
2166 BT_ERR("PIN code is not 16 bytes long");
2167
bdb6d971 2168 err = send_pin_code_neg_reply(sk, hdev, &ncp);
96d97a67 2169 if (err >= 0)
bdb6d971 2170 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
04124681 2171 MGMT_STATUS_INVALID_PARAMS);
96d97a67
WR		 2172
2173 goto failed;
2174 }
2175
00abfe44 2176 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_REPLY, hdev, data, len);
366a0336
JH		 2177 if (!cmd) {
2178 err = -ENOMEM;
980e1a53 2179 goto failed;
366a0336 2180 }
980e1a53 2181
d8457698 2182 bacpy(&reply.bdaddr, &cp->addr.bdaddr);
980e1a53 2183 reply.pin_len = cp->pin_len;
24718ca5 2184 memcpy(reply.pin_code, cp->pin_code, sizeof(reply.pin_code));
980e1a53
JH		 2185
2186 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_REPLY, sizeof(reply), &reply);
2187 if (err < 0)
a664b5bc 2188 mgmt_pending_remove(cmd);
980e1a53
JH		 2189
2190failed:
09fd0de5 2191 hci_dev_unlock(hdev);
980e1a53
JH		 2192 return err;
2193}
2194
04124681
GP		 2195static int set_io_capability(struct sock *sk, struct hci_dev *hdev, void *data,
2196 u16 len)
17fa4b9d 2197{
650f726d 2198 struct mgmt_cp_set_io_capability *cp = data;
17fa4b9d
JH		 2199
2200 BT_DBG("");
2201
09fd0de5 2202 hci_dev_lock(hdev);
17fa4b9d
JH		 2203
2204 hdev->io_capability = cp->io_capability;
2205
2206 BT_DBG("%s IO capability set to 0x%02x", hdev->name,
8ce8e2b5 2207 hdev->io_capability);
17fa4b9d 2208
09fd0de5 2209 hci_dev_unlock(hdev);
17fa4b9d 2210
04124681
GP		 2211 return cmd_complete(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY, 0, NULL,
2212 0);
17fa4b9d
JH		 2213}
2214
6039aa73 2215static struct pending_cmd *find_pairing(struct hci_conn *conn)
e9a416b5
JH		 2216{
2217 struct hci_dev *hdev = conn->hdev;
8035ded4 2218 struct pending_cmd *cmd;
e9a416b5 2219
2e58ef3e 2220 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
e9a416b5
JH		 2221 if (cmd->opcode != MGMT_OP_PAIR_DEVICE)
2222 continue;
2223
e9a416b5
JH		 2224 if (cmd->user_data != conn)
2225 continue;
2226
2227 return cmd;
2228 }
2229
2230 return NULL;
2231}
2232
2233static void pairing_complete(struct pending_cmd *cmd, u8 status)
2234{
2235 struct mgmt_rp_pair_device rp;
2236 struct hci_conn *conn = cmd->user_data;
2237
ba4e564f 2238 bacpy(&rp.addr.bdaddr, &conn->dst);
57c1477c 2239 rp.addr.type = link_to_bdaddr(conn->type, conn->dst_type);
e9a416b5 2240
aee9b218 2241 cmd_complete(cmd->sk, cmd->index, MGMT_OP_PAIR_DEVICE, status,
04124681 2242 &rp, sizeof(rp));
e9a416b5
JH		 2243
2244 /* So we don't get further callbacks for this connection */
2245 conn->connect_cfm_cb = NULL;
2246 conn->security_cfm_cb = NULL;
2247 conn->disconn_cfm_cb = NULL;
2248
76a68ba0 2249 hci_conn_drop(conn);
e9a416b5 2250
a664b5bc 2251 mgmt_pending_remove(cmd);
e9a416b5
JH		 2252}
2253
2254static void pairing_complete_cb(struct hci_conn *conn, u8 status)
2255{
2256 struct pending_cmd *cmd;
2257
2258 BT_DBG("status %u", status);
2259
2260 cmd = find_pairing(conn);
56e5cb86 2261 if (!cmd)
e9a416b5 2262 BT_DBG("Unable to find a pending command");
56e5cb86 2263 else
e211326c 2264 pairing_complete(cmd, mgmt_status(status));
e9a416b5
JH		 2265}
2266
4c47d739
VA		 2267static void le_connect_complete_cb(struct hci_conn *conn, u8 status)
2268{
2269 struct pending_cmd *cmd;
2270
2271 BT_DBG("status %u", status);
2272
2273 if (!status)
2274 return;
2275
2276 cmd = find_pairing(conn);
2277 if (!cmd)
2278 BT_DBG("Unable to find a pending command");
2279 else
2280 pairing_complete(cmd, mgmt_status(status));
2281}
2282
bdb6d971 2283static int pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2284 u16 len)
e9a416b5 2285{
650f726d 2286 struct mgmt_cp_pair_device *cp = data;
1425acb7 2287 struct mgmt_rp_pair_device rp;
e9a416b5
JH		 2288 struct pending_cmd *cmd;
2289 u8 sec_level, auth_type;
2290 struct hci_conn *conn;
e9a416b5
JH		 2291 int err;
2292
2293 BT_DBG("");
2294
f950a30e
SJ		 2295 memset(&rp, 0, sizeof(rp));
2296 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2297 rp.addr.type = cp->addr.type;
2298
4ee71b20
JH		 2299 if (!bdaddr_type_is_valid(cp->addr.type))
2300 return cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2301 MGMT_STATUS_INVALID_PARAMS,
2302 &rp, sizeof(rp));
2303
09fd0de5 2304 hci_dev_lock(hdev);
e9a416b5 2305
5f97c1df 2306 if (!hdev_is_powered(hdev)) {
f950a30e
SJ		 2307 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2308 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
5f97c1df
JH		 2309 goto unlock;
2310 }
2311
c908df36
VCG		 2312 sec_level = BT_SECURITY_MEDIUM;
2313 if (cp->io_cap == 0x03)
e9a416b5 2314 auth_type = HCI_AT_DEDICATED_BONDING;
c908df36 2315 else
e9a416b5 2316 auth_type = HCI_AT_DEDICATED_BONDING_MITM;
e9a416b5 2317
591f47f3 2318 if (cp->addr.type == BDADDR_BREDR)
b12f62cf
AG		 2319 conn = hci_connect(hdev, ACL_LINK, &cp->addr.bdaddr,
2320 cp->addr.type, sec_level, auth_type);
7a512d01 2321 else
b12f62cf
AG		 2322 conn = hci_connect(hdev, LE_LINK, &cp->addr.bdaddr,
2323 cp->addr.type, sec_level, auth_type);
7a512d01 2324
30e76272 2325 if (IS_ERR(conn)) {
489dc48e
AK		 2326 int status;
2327
2328 if (PTR_ERR(conn) == -EBUSY)
2329 status = MGMT_STATUS_BUSY;
2330 else
2331 status = MGMT_STATUS_CONNECT_FAILED;
2332
bdb6d971 2333 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
489dc48e 2334 status, &rp,
04124681 2335 sizeof(rp));
e9a416b5
JH		 2336 goto unlock;
2337 }
2338
2339 if (conn->connect_cfm_cb) {
76a68ba0 2340 hci_conn_drop(conn);
bdb6d971 2341 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
04124681 2342 MGMT_STATUS_BUSY, &rp, sizeof(rp));
e9a416b5
JH		 2343 goto unlock;
2344 }
2345
2e58ef3e 2346 cmd = mgmt_pending_add(sk, MGMT_OP_PAIR_DEVICE, hdev, data, len);
e9a416b5
JH		 2347 if (!cmd) {
2348 err = -ENOMEM;
76a68ba0 2349 hci_conn_drop(conn);
e9a416b5
JH		 2350 goto unlock;
2351 }
2352
7a512d01 2353 /* For LE, just connecting isn't a proof that the pairing finished */
591f47f3 2354 if (cp->addr.type == BDADDR_BREDR)
7a512d01 2355 conn->connect_cfm_cb = pairing_complete_cb;
4c47d739
VA		 2356 else
2357 conn->connect_cfm_cb = le_connect_complete_cb;
7a512d01 2358
e9a416b5
JH		 2359 conn->security_cfm_cb = pairing_complete_cb;
2360 conn->disconn_cfm_cb = pairing_complete_cb;
2361 conn->io_capability = cp->io_cap;
2362 cmd->user_data = conn;
2363
2364 if (conn->state == BT_CONNECTED &&
8ce8e2b5 2365 hci_conn_security(conn, sec_level, auth_type))
e9a416b5
JH		 2366 pairing_complete(cmd, 0);
2367
2368 err = 0;
2369
2370unlock:
09fd0de5 2371 hci_dev_unlock(hdev);
e9a416b5
JH		 2372 return err;
2373}
2374
04124681
GP		 2375static int cancel_pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
2376 u16 len)
28424707 2377{
0f4e68cf 2378 struct mgmt_addr_info *addr = data;
28424707
JH		 2379 struct pending_cmd *cmd;
2380 struct hci_conn *conn;
2381 int err;
2382
2383 BT_DBG("");
2384
28424707
JH		 2385 hci_dev_lock(hdev);
2386
5f97c1df 2387 if (!hdev_is_powered(hdev)) {
bdb6d971 2388 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
04124681 2389 MGMT_STATUS_NOT_POWERED);
5f97c1df
JH		 2390 goto unlock;
2391 }
2392
28424707
JH		 2393 cmd = mgmt_pending_find(MGMT_OP_PAIR_DEVICE, hdev);
2394 if (!cmd) {
bdb6d971 2395 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
04124681 2396 MGMT_STATUS_INVALID_PARAMS);
28424707
JH		 2397 goto unlock;
2398 }
2399
2400 conn = cmd->user_data;
2401
2402 if (bacmp(&addr->bdaddr, &conn->dst) != 0) {
bdb6d971 2403 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
04124681 2404 MGMT_STATUS_INVALID_PARAMS);
28424707
JH		 2405 goto unlock;
2406 }
2407
2408 pairing_complete(cmd, MGMT_STATUS_CANCELLED);
2409
bdb6d971 2410 err = cmd_complete(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE, 0,
04124681 2411 addr, sizeof(*addr));
28424707
JH		 2412unlock:
2413 hci_dev_unlock(hdev);
28424707
JH		 2414 return err;
2415}
2416
bdb6d971 2417static int user_pairing_resp(struct sock *sk, struct hci_dev *hdev,
1707c60e 2418 struct mgmt_addr_info *addr, u16 mgmt_op,
04124681 2419 u16 hci_op, __le32 passkey)
a5c29683 2420{
a5c29683 2421 struct pending_cmd *cmd;
0df4c185 2422 struct hci_conn *conn;
a5c29683
JH		 2423 int err;
2424
09fd0de5 2425 hci_dev_lock(hdev);
08ba5382 2426
4b34ee78 2427 if (!hdev_is_powered(hdev)) {
feb94d3d
JH		 2428 err = cmd_complete(sk, hdev->id, mgmt_op,
2429 MGMT_STATUS_NOT_POWERED, addr,
2430 sizeof(*addr));
0df4c185 2431 goto done;
a5c29683
JH		 2432 }
2433
1707c60e
JH		 2434 if (addr->type == BDADDR_BREDR)
2435 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &addr->bdaddr);
272d90df 2436 else
1707c60e 2437 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &addr->bdaddr);
272d90df
JH		 2438
2439 if (!conn) {
feb94d3d
JH		 2440 err = cmd_complete(sk, hdev->id, mgmt_op,
2441 MGMT_STATUS_NOT_CONNECTED, addr,
2442 sizeof(*addr));
272d90df
JH		 2443 goto done;
2444 }
47c15e2b 2445
1707c60e 2446 if (addr->type == BDADDR_LE_PUBLIC || addr->type == BDADDR_LE_RANDOM) {
47c15e2b 2447 /* Continue with pairing via SMP */
5fe57d9e
BG		 2448 err = smp_user_confirm_reply(conn, mgmt_op, passkey);
2449
2450 if (!err)
feb94d3d
JH		 2451 err = cmd_complete(sk, hdev->id, mgmt_op,
2452 MGMT_STATUS_SUCCESS, addr,
2453 sizeof(*addr));
5fe57d9e 2454 else
feb94d3d
JH		 2455 err = cmd_complete(sk, hdev->id, mgmt_op,
2456 MGMT_STATUS_FAILED, addr,
2457 sizeof(*addr));
47c15e2b 2458
47c15e2b
BG		 2459 goto done;
2460 }
2461
1707c60e 2462 cmd = mgmt_pending_add(sk, mgmt_op, hdev, addr, sizeof(*addr));
a5c29683
JH		 2463 if (!cmd) {
2464 err = -ENOMEM;
0df4c185 2465 goto done;
a5c29683
JH		 2466 }
2467
0df4c185 2468 /* Continue with pairing via HCI */
604086b7
BG		 2469 if (hci_op == HCI_OP_USER_PASSKEY_REPLY) {
2470 struct hci_cp_user_passkey_reply cp;
2471
1707c60e 2472 bacpy(&cp.bdaddr, &addr->bdaddr);
604086b7
BG		 2473 cp.passkey = passkey;
2474 err = hci_send_cmd(hdev, hci_op, sizeof(cp), &cp);
2475 } else
1707c60e
JH		 2476 err = hci_send_cmd(hdev, hci_op, sizeof(addr->bdaddr),
2477 &addr->bdaddr);
604086b7 2478
a664b5bc
JH		 2479 if (err < 0)
2480 mgmt_pending_remove(cmd);
a5c29683 2481
0df4c185 2482done:
09fd0de5 2483 hci_dev_unlock(hdev);
a5c29683
JH		 2484 return err;
2485}
2486
afeb019d
JK		 2487static int pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
2488 void *data, u16 len)
2489{
2490 struct mgmt_cp_pin_code_neg_reply *cp = data;
2491
2492 BT_DBG("");
2493
1707c60e 2494 return user_pairing_resp(sk, hdev, &cp->addr,
afeb019d
JK		 2495 MGMT_OP_PIN_CODE_NEG_REPLY,
2496 HCI_OP_PIN_CODE_NEG_REPLY, 0);
2497}
2498
04124681
GP		 2499static int user_confirm_reply(struct sock *sk, struct hci_dev *hdev, void *data,
2500 u16 len)
0df4c185 2501{
650f726d 2502 struct mgmt_cp_user_confirm_reply *cp = data;
0df4c185
BG		 2503
2504 BT_DBG("");
2505
2506 if (len != sizeof(*cp))
bdb6d971 2507 return cmd_status(sk, hdev->id, MGMT_OP_USER_CONFIRM_REPLY,
04124681 2508 MGMT_STATUS_INVALID_PARAMS);
0df4c185 2509
1707c60e 2510 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 2511 MGMT_OP_USER_CONFIRM_REPLY,
2512 HCI_OP_USER_CONFIRM_REPLY, 0);
0df4c185
BG		 2513}
2514
bdb6d971 2515static int user_confirm_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 2516 void *data, u16 len)
0df4c185 2517{
c9c2659f 2518 struct mgmt_cp_user_confirm_neg_reply *cp = data;
0df4c185
BG		 2519
2520 BT_DBG("");
2521
1707c60e 2522 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 2523 MGMT_OP_USER_CONFIRM_NEG_REPLY,
2524 HCI_OP_USER_CONFIRM_NEG_REPLY, 0);
0df4c185
BG		 2525}
2526
04124681
GP		 2527static int user_passkey_reply(struct sock *sk, struct hci_dev *hdev, void *data,
2528 u16 len)
604086b7 2529{
650f726d 2530 struct mgmt_cp_user_passkey_reply *cp = data;
604086b7
BG		 2531
2532 BT_DBG("");
2533
1707c60e 2534 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 2535 MGMT_OP_USER_PASSKEY_REPLY,
2536 HCI_OP_USER_PASSKEY_REPLY, cp->passkey);
604086b7
BG		 2537}
2538
bdb6d971 2539static int user_passkey_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 2540 void *data, u16 len)
604086b7 2541{
650f726d 2542 struct mgmt_cp_user_passkey_neg_reply *cp = data;
604086b7
BG		 2543
2544 BT_DBG("");
2545
1707c60e 2546 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 2547 MGMT_OP_USER_PASSKEY_NEG_REPLY,
2548 HCI_OP_USER_PASSKEY_NEG_REPLY, 0);
604086b7
BG		 2549}
2550
13928971 2551static void update_name(struct hci_request *req)
2b4bf397 2552{
13928971 2553 struct hci_dev *hdev = req->hdev;
2b4bf397
JH		 2554 struct hci_cp_write_local_name cp;
2555
13928971 2556 memcpy(cp.name, hdev->dev_name, sizeof(cp.name));
2b4bf397 2557
890ea898 2558 hci_req_add(req, HCI_OP_WRITE_LOCAL_NAME, sizeof(cp), &cp);
2b4bf397
JH		 2559}
2560
13928971
JH		 2561static void set_name_complete(struct hci_dev *hdev, u8 status)
2562{
2563 struct mgmt_cp_set_local_name *cp;
2564 struct pending_cmd *cmd;
2565
2566 BT_DBG("status 0x%02x", status);
2567
2568 hci_dev_lock(hdev);
2569
2570 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
2571 if (!cmd)
2572 goto unlock;
2573
2574 cp = cmd->param;
2575
2576 if (status)
2577 cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME,
2578 mgmt_status(status));
2579 else
2580 cmd_complete(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
2581 cp, sizeof(*cp));
2582
2583 mgmt_pending_remove(cmd);
2584
2585unlock:
2586 hci_dev_unlock(hdev);
2587}
2588
bdb6d971 2589static int set_local_name(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2590 u16 len)
b312b161 2591{
2b4bf397 2592 struct mgmt_cp_set_local_name *cp = data;
b312b161 2593 struct pending_cmd *cmd;
890ea898 2594 struct hci_request req;
b312b161
JH		 2595 int err;
2596
2597 BT_DBG("");
2598
09fd0de5 2599 hci_dev_lock(hdev);
b312b161 2600
b3f2ca94
JH		 2601 /* If the old values are the same as the new ones just return a
2602 * direct command complete event.
2603 */
2604 if (!memcmp(hdev->dev_name, cp->name, sizeof(hdev->dev_name)) &&
2605 !memcmp(hdev->short_name, cp->short_name,
2606 sizeof(hdev->short_name))) {
2607 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
2608 data, len);
2609 goto failed;
2610 }
2611
2b4bf397 2612 memcpy(hdev->short_name, cp->short_name, sizeof(hdev->short_name));
28cc7bde 2613
b5235a65 2614 if (!hdev_is_powered(hdev)) {
2b4bf397 2615 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
28cc7bde
JH		 2616
2617 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
04124681 2618 data, len);
28cc7bde
JH		 2619 if (err < 0)
2620 goto failed;
2621
2622 err = mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, data, len,
04124681 2623 sk);
28cc7bde 2624
b5235a65
JH		 2625 goto failed;
2626 }
2627
28cc7bde 2628 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LOCAL_NAME, hdev, data, len);
b312b161
JH		 2629 if (!cmd) {
2630 err = -ENOMEM;
2631 goto failed;
2632 }
2633
13928971
JH		 2634 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
2635
890ea898 2636 hci_req_init(&req, hdev);
3f985050
JH		 2637
2638 if (lmp_bredr_capable(hdev)) {
2639 update_name(&req);
2640 update_eir(&req);
2641 }
2642
2643 if (lmp_le_capable(hdev))
2644 hci_update_ad(&req);
2645
13928971 2646 err = hci_req_run(&req, set_name_complete);
b312b161
JH		 2647 if (err < 0)
2648 mgmt_pending_remove(cmd);
2649
2650failed:
09fd0de5 2651 hci_dev_unlock(hdev);
b312b161
JH		 2652 return err;
2653}
2654
0f4e68cf 2655static int read_local_oob_data(struct sock *sk, struct hci_dev *hdev,
04124681 2656 void *data, u16 data_len)
c35938b2 2657{
c35938b2
SJ		 2658 struct pending_cmd *cmd;
2659 int err;
2660
bdb6d971 2661 BT_DBG("%s", hdev->name);
c35938b2 2662
09fd0de5 2663 hci_dev_lock(hdev);
c35938b2 2664
4b34ee78 2665 if (!hdev_is_powered(hdev)) {
bdb6d971 2666 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
04124681 2667 MGMT_STATUS_NOT_POWERED);
c35938b2
SJ		 2668 goto unlock;
2669 }
2670
9a1a1996 2671 if (!lmp_ssp_capable(hdev)) {
bdb6d971 2672 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
04124681 2673 MGMT_STATUS_NOT_SUPPORTED);
c35938b2
SJ		 2674 goto unlock;
2675 }
2676
2e58ef3e 2677 if (mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev)) {
bdb6d971 2678 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
04124681 2679 MGMT_STATUS_BUSY);
c35938b2
SJ		 2680 goto unlock;
2681 }
2682
2e58ef3e 2683 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_DATA, hdev, NULL, 0);
c35938b2
SJ		 2684 if (!cmd) {
2685 err = -ENOMEM;
2686 goto unlock;
2687 }
2688
2689 err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL);
2690 if (err < 0)
2691 mgmt_pending_remove(cmd);
2692
2693unlock:
09fd0de5 2694 hci_dev_unlock(hdev);
c35938b2
SJ		 2695 return err;
2696}
2697
bdb6d971 2698static int add_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
04124681 2699 void *data, u16 len)
2763eda6 2700{
650f726d 2701 struct mgmt_cp_add_remote_oob_data *cp = data;
bf1e3541 2702 u8 status;
2763eda6
SJ		 2703 int err;
2704
bdb6d971 2705 BT_DBG("%s ", hdev->name);
2763eda6 2706
09fd0de5 2707 hci_dev_lock(hdev);
2763eda6 2708
664ce4cc 2709 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr, cp->hash,
04124681 2710 cp->randomizer);
2763eda6 2711 if (err < 0)
bf1e3541 2712 status = MGMT_STATUS_FAILED;
2763eda6 2713 else
a6785be2 2714 status = MGMT_STATUS_SUCCESS;
bf1e3541 2715
bdb6d971 2716 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA, status,
04124681 2717 &cp->addr, sizeof(cp->addr));
2763eda6 2718
09fd0de5 2719 hci_dev_unlock(hdev);
2763eda6
SJ		 2720 return err;
2721}
2722
bdb6d971 2723static int remove_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
8ce8e2b5 2724 void *data, u16 len)
2763eda6 2725{
650f726d 2726 struct mgmt_cp_remove_remote_oob_data *cp = data;
bf1e3541 2727 u8 status;
2763eda6
SJ		 2728 int err;
2729
bdb6d971 2730 BT_DBG("%s", hdev->name);
2763eda6 2731
09fd0de5 2732 hci_dev_lock(hdev);
2763eda6 2733
664ce4cc 2734 err = hci_remove_remote_oob_data(hdev, &cp->addr.bdaddr);
2763eda6 2735 if (err < 0)
bf1e3541 2736 status = MGMT_STATUS_INVALID_PARAMS;
2763eda6 2737 else
a6785be2 2738 status = MGMT_STATUS_SUCCESS;
bf1e3541 2739
bdb6d971 2740 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
04124681 2741 status, &cp->addr, sizeof(cp->addr));
2763eda6 2742
09fd0de5 2743 hci_dev_unlock(hdev);
2763eda6
SJ		 2744 return err;
2745}
2746
41dc2bd6
AG		 2747static int mgmt_start_discovery_failed(struct hci_dev *hdev, u8 status)
2748{
2749 struct pending_cmd *cmd;
2750 u8 type;
2751 int err;
2752
2753 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
2754
2755 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
2756 if (!cmd)
2757 return -ENOENT;
2758
2759 type = hdev->discovery.type;
2760
2761 err = cmd_complete(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status),
2762 &type, sizeof(type));
2763 mgmt_pending_remove(cmd);
2764
2765 return err;
2766}
2767
7c307720
AG		 2768static void start_discovery_complete(struct hci_dev *hdev, u8 status)
2769{
2770 BT_DBG("status %d", status);
2771
2772 if (status) {
2773 hci_dev_lock(hdev);
2774 mgmt_start_discovery_failed(hdev, status);
2775 hci_dev_unlock(hdev);
2776 return;
2777 }
2778
2779 hci_dev_lock(hdev);
2780 hci_discovery_set_state(hdev, DISCOVERY_FINDING);
2781 hci_dev_unlock(hdev);
2782
2783 switch (hdev->discovery.type) {
2784 case DISCOV_TYPE_LE:
2785 queue_delayed_work(hdev->workqueue, &hdev->le_scan_disable,
0d8cc935 2786 DISCOV_LE_TIMEOUT);
7c307720
AG		 2787 break;
2788
2789 case DISCOV_TYPE_INTERLEAVED:
2790 queue_delayed_work(hdev->workqueue, &hdev->le_scan_disable,
0d8cc935 2791 DISCOV_INTERLEAVED_TIMEOUT);
7c307720
AG		 2792 break;
2793
2794 case DISCOV_TYPE_BREDR:
2795 break;
2796
2797 default:
2798 BT_ERR("Invalid discovery type %d", hdev->discovery.type);
2799 }
2800}
2801
bdb6d971 2802static int start_discovery(struct sock *sk, struct hci_dev *hdev,
04124681 2803 void *data, u16 len)
14a53664 2804{
650f726d 2805 struct mgmt_cp_start_discovery *cp = data;
14a53664 2806 struct pending_cmd *cmd;
7c307720
AG		 2807 struct hci_cp_le_set_scan_param param_cp;
2808 struct hci_cp_le_set_scan_enable enable_cp;
2809 struct hci_cp_inquiry inq_cp;
2810 struct hci_request req;
2811 /* General inquiry access code (GIAC) */
2812 u8 lap[3] = { 0x33, 0x8b, 0x9e };
e6fe7986 2813 u8 status;
14a53664
JH		 2814 int err;
2815
bdb6d971 2816 BT_DBG("%s", hdev->name);
14a53664 2817
09fd0de5 2818 hci_dev_lock(hdev);
14a53664 2819
4b34ee78 2820 if (!hdev_is_powered(hdev)) {
bdb6d971 2821 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
04124681 2822 MGMT_STATUS_NOT_POWERED);
bd2d1334
JH		 2823 goto failed;
2824 }
2825
642be6c7
AG		 2826 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags)) {
2827 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2828 MGMT_STATUS_BUSY);
2829 goto failed;
2830 }
2831
ff9ef578 2832 if (hdev->discovery.state != DISCOVERY_STOPPED) {
bdb6d971 2833 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
04124681 2834 MGMT_STATUS_BUSY);
ff9ef578
JH		 2835 goto failed;
2836 }
2837
2e58ef3e 2838 cmd = mgmt_pending_add(sk, MGMT_OP_START_DISCOVERY, hdev, NULL, 0);
14a53664
JH		 2839 if (!cmd) {
2840 err = -ENOMEM;
2841 goto failed;
2842 }
2843
4aab14e5
AG		 2844 hdev->discovery.type = cp->type;
2845
7c307720
AG		 2846 hci_req_init(&req, hdev);
2847
4aab14e5 2848 switch (hdev->discovery.type) {
f39799f5 2849 case DISCOV_TYPE_BREDR:
e6fe7986
JH		 2850 status = mgmt_bredr_support(hdev);
2851 if (status) {
04106755 2852 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
e6fe7986 2853 status);
04106755
JH		 2854 mgmt_pending_remove(cmd);
2855 goto failed;
2856 }
2857
7c307720
AG		 2858 if (test_bit(HCI_INQUIRY, &hdev->flags)) {
2859 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2860 MGMT_STATUS_BUSY);
2861 mgmt_pending_remove(cmd);
2862 goto failed;
2863 }
2864
2865 hci_inquiry_cache_flush(hdev);
2866
2867 memset(&inq_cp, 0, sizeof(inq_cp));
2868 memcpy(&inq_cp.lap, lap, sizeof(inq_cp.lap));
0d8cc935 2869 inq_cp.length = DISCOV_BREDR_INQUIRY_LEN;
7c307720 2870 hci_req_add(&req, HCI_OP_INQUIRY, sizeof(inq_cp), &inq_cp);
f39799f5
AG		 2871 break;
2872
2873 case DISCOV_TYPE_LE:
7c307720 2874 case DISCOV_TYPE_INTERLEAVED:
e6fe7986
JH		 2875 status = mgmt_le_support(hdev);
2876 if (status) {
04106755 2877 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
e6fe7986 2878 status);
04106755
JH		 2879 mgmt_pending_remove(cmd);
2880 goto failed;
2881 }
2882
7c307720 2883 if (hdev->discovery.type == DISCOV_TYPE_INTERLEAVED &&
56f87901 2884 !test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
04106755
JH		 2885 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2886 MGMT_STATUS_NOT_SUPPORTED);
2887 mgmt_pending_remove(cmd);
2888 goto failed;
2889 }
2890
7c307720
AG		 2891 if (test_bit(HCI_LE_PERIPHERAL, &hdev->dev_flags)) {
2892 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2893 MGMT_STATUS_REJECTED);
2894 mgmt_pending_remove(cmd);
2895 goto failed;
2896 }
2897
2898 if (test_bit(HCI_LE_SCAN, &hdev->dev_flags)) {
2899 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2900 MGMT_STATUS_BUSY);
2901 mgmt_pending_remove(cmd);
2902 goto failed;
2903 }
2904
2905 memset(&param_cp, 0, sizeof(param_cp));
2906 param_cp.type = LE_SCAN_ACTIVE;
0d8cc935
AG		 2907 param_cp.interval = cpu_to_le16(DISCOV_LE_SCAN_INT);
2908 param_cp.window = cpu_to_le16(DISCOV_LE_SCAN_WIN);
7c307720
AG		 2909 hci_req_add(&req, HCI_OP_LE_SET_SCAN_PARAM, sizeof(param_cp),
2910 &param_cp);
2911
2912 memset(&enable_cp, 0, sizeof(enable_cp));
2913 enable_cp.enable = LE_SCAN_ENABLE;
2914 enable_cp.filter_dup = LE_SCAN_FILTER_DUP_ENABLE;
2915 hci_req_add(&req, HCI_OP_LE_SET_SCAN_ENABLE, sizeof(enable_cp),
2916 &enable_cp);
5e0452c0
AG		 2917 break;
2918
f39799f5 2919 default:
04106755
JH		 2920 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2921 MGMT_STATUS_INVALID_PARAMS);
2922 mgmt_pending_remove(cmd);
2923 goto failed;
f39799f5 2924 }
3fd24153 2925
7c307720 2926 err = hci_req_run(&req, start_discovery_complete);
14a53664
JH		 2927 if (err < 0)
2928 mgmt_pending_remove(cmd);
ff9ef578
JH		 2929 else
2930 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
14a53664
JH		 2931
2932failed:
09fd0de5 2933 hci_dev_unlock(hdev);
14a53664
JH		 2934 return err;
2935}
2936
1183fdca
AG		 2937static int mgmt_stop_discovery_failed(struct hci_dev *hdev, u8 status)
2938{
2939 struct pending_cmd *cmd;
2940 int err;
2941
2942 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
2943 if (!cmd)
2944 return -ENOENT;
2945
2946 err = cmd_complete(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status),
2947 &hdev->discovery.type, sizeof(hdev->discovery.type));
2948 mgmt_pending_remove(cmd);
2949
2950 return err;
2951}
2952
0e05bba6
AG		 2953static void stop_discovery_complete(struct hci_dev *hdev, u8 status)
2954{
2955 BT_DBG("status %d", status);
2956
2957 hci_dev_lock(hdev);
2958
2959 if (status) {
2960 mgmt_stop_discovery_failed(hdev, status);
2961 goto unlock;
2962 }
2963
2964 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
2965
2966unlock:
2967 hci_dev_unlock(hdev);
2968}
2969
bdb6d971 2970static int stop_discovery(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2971 u16 len)
14a53664 2972{
d930650b 2973 struct mgmt_cp_stop_discovery *mgmt_cp = data;
14a53664 2974 struct pending_cmd *cmd;
30dc78e1
JH		 2975 struct hci_cp_remote_name_req_cancel cp;
2976 struct inquiry_entry *e;
0e05bba6
AG		 2977 struct hci_request req;
2978 struct hci_cp_le_set_scan_enable enable_cp;
14a53664
JH		 2979 int err;
2980
bdb6d971 2981 BT_DBG("%s", hdev->name);
14a53664 2982
09fd0de5 2983 hci_dev_lock(hdev);
14a53664 2984
30dc78e1 2985 if (!hci_discovery_active(hdev)) {
bdb6d971 2986 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
04124681
GP		 2987 MGMT_STATUS_REJECTED, &mgmt_cp->type,
2988 sizeof(mgmt_cp->type));
d930650b
JH		 2989 goto unlock;
2990 }
2991
2992 if (hdev->discovery.type != mgmt_cp->type) {
bdb6d971 2993 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
04124681
GP		 2994 MGMT_STATUS_INVALID_PARAMS, &mgmt_cp->type,
2995 sizeof(mgmt_cp->type));
30dc78e1 2996 goto unlock;
ff9ef578
JH		 2997 }
2998
2e58ef3e 2999 cmd = mgmt_pending_add(sk, MGMT_OP_STOP_DISCOVERY, hdev, NULL, 0);
14a53664
JH		 3000 if (!cmd) {
3001 err = -ENOMEM;
30dc78e1
JH		 3002 goto unlock;
3003 }
3004
0e05bba6
AG		 3005 hci_req_init(&req, hdev);
3006
e0d9727e
AG		 3007 switch (hdev->discovery.state) {
3008 case DISCOVERY_FINDING:
0e05bba6
AG		 3009 if (test_bit(HCI_INQUIRY, &hdev->flags)) {
3010 hci_req_add(&req, HCI_OP_INQUIRY_CANCEL, 0, NULL);
3011 } else {
3012 cancel_delayed_work(&hdev->le_scan_disable);
3013
3014 memset(&enable_cp, 0, sizeof(enable_cp));
3015 enable_cp.enable = LE_SCAN_DISABLE;
3016 hci_req_add(&req, HCI_OP_LE_SET_SCAN_ENABLE,
3017 sizeof(enable_cp), &enable_cp);
3018 }
c9ecc48e 3019
e0d9727e
AG		 3020 break;
3021
3022 case DISCOVERY_RESOLVING:
3023 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY,
8ce8e2b5 3024 NAME_PENDING);
e0d9727e 3025 if (!e) {
30dc78e1 3026 mgmt_pending_remove(cmd);
e0d9727e
AG		 3027 err = cmd_complete(sk, hdev->id,
3028 MGMT_OP_STOP_DISCOVERY, 0,
3029 &mgmt_cp->type,
3030 sizeof(mgmt_cp->type));
3031 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
3032 goto unlock;
3033 }
30dc78e1 3034
e0d9727e 3035 bacpy(&cp.bdaddr, &e->data.bdaddr);
0e05bba6
AG		 3036 hci_req_add(&req, HCI_OP_REMOTE_NAME_REQ_CANCEL, sizeof(cp),
3037 &cp);
e0d9727e
AG		 3038
3039 break;
3040
3041 default:
3042 BT_DBG("unknown discovery state %u", hdev->discovery.state);
0e05bba6
AG		 3043
3044 mgmt_pending_remove(cmd);
3045 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
3046 MGMT_STATUS_FAILED, &mgmt_cp->type,
3047 sizeof(mgmt_cp->type));
3048 goto unlock;
14a53664
JH		 3049 }
3050
0e05bba6 3051 err = hci_req_run(&req, stop_discovery_complete);
14a53664
JH		 3052 if (err < 0)
3053 mgmt_pending_remove(cmd);
ff9ef578
JH		 3054 else
3055 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
14a53664 3056
30dc78e1 3057unlock:
09fd0de5 3058 hci_dev_unlock(hdev);
14a53664
JH		 3059 return err;
3060}
3061
bdb6d971 3062static int confirm_name(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3063 u16 len)
561aafbc 3064{
650f726d 3065 struct mgmt_cp_confirm_name *cp = data;
561aafbc 3066 struct inquiry_entry *e;
561aafbc
JH		 3067 int err;
3068
bdb6d971 3069 BT_DBG("%s", hdev->name);
561aafbc 3070
561aafbc
JH		 3071 hci_dev_lock(hdev);
3072
30dc78e1 3073 if (!hci_discovery_active(hdev)) {
bdb6d971 3074 err = cmd_status(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
04124681 3075 MGMT_STATUS_FAILED);
30dc78e1
JH		 3076 goto failed;
3077 }
3078
a198e7b1 3079 e = hci_inquiry_cache_lookup_unknown(hdev, &cp->addr.bdaddr);
561aafbc 3080 if (!e) {
bdb6d971 3081 err = cmd_status(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
04124681 3082 MGMT_STATUS_INVALID_PARAMS);
561aafbc
JH		 3083 goto failed;
3084 }
3085
3086 if (cp->name_known) {
3087 e->name_state = NAME_KNOWN;
3088 list_del(&e->list);
3089 } else {
3090 e->name_state = NAME_NEEDED;
a3d4e20a 3091 hci_inquiry_cache_update_resolve(hdev, e);
561aafbc
JH		 3092 }
3093
e384662b
JH		 3094 err = cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME, 0, &cp->addr,
3095 sizeof(cp->addr));
561aafbc
JH		 3096
3097failed:
3098 hci_dev_unlock(hdev);
561aafbc
JH		 3099 return err;
3100}
3101
bdb6d971 3102static int block_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3103 u16 len)
7fbec224 3104{
650f726d 3105 struct mgmt_cp_block_device *cp = data;
f0eeea8b 3106 u8 status;
7fbec224
AJ		 3107 int err;
3108
bdb6d971 3109 BT_DBG("%s", hdev->name);
7fbec224 3110
4ee71b20 3111 if (!bdaddr_type_is_valid(cp->addr.type))
5d0846d4
JH		 3112 return cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE,
3113 MGMT_STATUS_INVALID_PARAMS,
3114 &cp->addr, sizeof(cp->addr));
4ee71b20 3115
09fd0de5 3116 hci_dev_lock(hdev);
5e762444 3117
88c1fe4b 3118 err = hci_blacklist_add(hdev, &cp->addr.bdaddr, cp->addr.type);
7fbec224 3119 if (err < 0)
f0eeea8b 3120 status = MGMT_STATUS_FAILED;
7fbec224 3121 else
a6785be2 3122 status = MGMT_STATUS_SUCCESS;
f0eeea8b 3123
bdb6d971 3124 err = cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE, status,
04124681 3125 &cp->addr, sizeof(cp->addr));
5e762444 3126
09fd0de5 3127 hci_dev_unlock(hdev);
7fbec224
AJ		 3128
3129 return err;
3130}
3131
bdb6d971 3132static int unblock_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3133 u16 len)
7fbec224 3134{
650f726d 3135 struct mgmt_cp_unblock_device *cp = data;
f0eeea8b 3136 u8 status;
7fbec224
AJ		 3137 int err;
3138
bdb6d971 3139 BT_DBG("%s", hdev->name);
7fbec224 3140
4ee71b20 3141 if (!bdaddr_type_is_valid(cp->addr.type))
5d0846d4
JH		 3142 return cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE,
3143 MGMT_STATUS_INVALID_PARAMS,
3144 &cp->addr, sizeof(cp->addr));
4ee71b20 3145
09fd0de5 3146 hci_dev_lock(hdev);
5e762444 3147
88c1fe4b 3148 err = hci_blacklist_del(hdev, &cp->addr.bdaddr, cp->addr.type);
7fbec224 3149 if (err < 0)
f0eeea8b 3150 status = MGMT_STATUS_INVALID_PARAMS;
7fbec224 3151 else
a6785be2 3152 status = MGMT_STATUS_SUCCESS;
f0eeea8b 3153
bdb6d971 3154 err = cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE, status,
04124681 3155 &cp->addr, sizeof(cp->addr));
5e762444 3156
09fd0de5 3157 hci_dev_unlock(hdev);
7fbec224
AJ		 3158
3159 return err;
3160}
3161
cdbaccca
MH		 3162static int set_device_id(struct sock *sk, struct hci_dev *hdev, void *data,
3163 u16 len)
3164{
3165 struct mgmt_cp_set_device_id *cp = data;
890ea898 3166 struct hci_request req;
cdbaccca 3167 int err;
c72d4b8a 3168 __u16 source;
cdbaccca
MH		 3169
3170 BT_DBG("%s", hdev->name);
3171
c72d4b8a
SJ		 3172 source = __le16_to_cpu(cp->source);
3173
3174 if (source > 0x0002)
3175 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEVICE_ID,
3176 MGMT_STATUS_INVALID_PARAMS);
3177
cdbaccca
MH		 3178 hci_dev_lock(hdev);
3179
c72d4b8a 3180 hdev->devid_source = source;
cdbaccca
MH		 3181 hdev->devid_vendor = __le16_to_cpu(cp->vendor);
3182 hdev->devid_product = __le16_to_cpu(cp->product);
3183 hdev->devid_version = __le16_to_cpu(cp->version);
3184
3185 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEVICE_ID, 0, NULL, 0);
3186
890ea898
JH		 3187 hci_req_init(&req, hdev);
3188 update_eir(&req);
3189 hci_req_run(&req, NULL);
cdbaccca
MH		 3190
3191 hci_dev_unlock(hdev);
3192
3193 return err;
3194}
3195
4375f103
JH		 3196static void set_advertising_complete(struct hci_dev *hdev, u8 status)
3197{
3198 struct cmd_lookup match = { NULL, hdev };
3199
3200 if (status) {
3201 u8 mgmt_err = mgmt_status(status);
3202
3203 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev,
3204 cmd_status_rsp, &mgmt_err);
3205 return;
3206 }
3207
3208 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev, settings_rsp,
3209 &match);
3210
3211 new_settings(hdev, match.sk);
3212
3213 if (match.sk)
3214 sock_put(match.sk);
3215}
3216
3217static int set_advertising(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
3218{
3219 struct mgmt_mode *cp = data;
3220 struct pending_cmd *cmd;
3221 struct hci_request req;
e6fe7986 3222 u8 val, enabled, status;
4375f103
JH		 3223 int err;
3224
3225 BT_DBG("request for %s", hdev->name);
3226
e6fe7986
JH		 3227 status = mgmt_le_support(hdev);
3228 if (status)
4375f103 3229 return cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
e6fe7986 3230 status);
4375f103
JH		 3231
3232 if (cp->val != 0x00 && cp->val != 0x01)
3233 return cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
3234 MGMT_STATUS_INVALID_PARAMS);
3235
3236 hci_dev_lock(hdev);
3237
3238 val = !!cp->val;
3239 enabled = test_bit(HCI_LE_PERIPHERAL, &hdev->dev_flags);
3240
3241 if (!hdev_is_powered(hdev) || val == enabled) {
3242 bool changed = false;
3243
3244 if (val != test_bit(HCI_LE_PERIPHERAL, &hdev->dev_flags)) {
3245 change_bit(HCI_LE_PERIPHERAL, &hdev->dev_flags);
3246 changed = true;
3247 }
3248
3249 err = send_settings_rsp(sk, MGMT_OP_SET_ADVERTISING, hdev);
3250 if (err < 0)
3251 goto unlock;
3252
3253 if (changed)
3254 err = new_settings(hdev, sk);
3255
3256 goto unlock;
3257 }
3258
3259 if (mgmt_pending_find(MGMT_OP_SET_ADVERTISING, hdev) ||
3260 mgmt_pending_find(MGMT_OP_SET_LE, hdev)) {
3261 err = cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
3262 MGMT_STATUS_BUSY);
3263 goto unlock;
3264 }
3265
3266 cmd = mgmt_pending_add(sk, MGMT_OP_SET_ADVERTISING, hdev, data, len);
3267 if (!cmd) {
3268 err = -ENOMEM;
3269 goto unlock;
3270 }
3271
3272 hci_req_init(&req, hdev);
3273
3274 hci_req_add(&req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(val), &val);
3275
3276 err = hci_req_run(&req, set_advertising_complete);
3277 if (err < 0)
3278 mgmt_pending_remove(cmd);
3279
3280unlock:
3281 hci_dev_unlock(hdev);
3282 return err;
3283}
3284
d13eafce
MH		 3285static int set_static_address(struct sock *sk, struct hci_dev *hdev,
3286 void *data, u16 len)
3287{
3288 struct mgmt_cp_set_static_address *cp = data;
3289 int err;
3290
3291 BT_DBG("%s", hdev->name);
3292
62af4443 3293 if (!lmp_le_capable(hdev))
d13eafce 3294 return cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
62af4443 3295 MGMT_STATUS_NOT_SUPPORTED);
d13eafce
MH		 3296
3297 if (hdev_is_powered(hdev))
3298 return cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
3299 MGMT_STATUS_REJECTED);
3300
3301 if (bacmp(&cp->bdaddr, BDADDR_ANY)) {
3302 if (!bacmp(&cp->bdaddr, BDADDR_NONE))
3303 return cmd_status(sk, hdev->id,
3304 MGMT_OP_SET_STATIC_ADDRESS,
3305 MGMT_STATUS_INVALID_PARAMS);
3306
3307 /* Two most significant bits shall be set */
3308 if ((cp->bdaddr.b[5] & 0xc0) != 0xc0)
3309 return cmd_status(sk, hdev->id,
3310 MGMT_OP_SET_STATIC_ADDRESS,
3311 MGMT_STATUS_INVALID_PARAMS);
3312 }
3313
3314 hci_dev_lock(hdev);
3315
3316 bacpy(&hdev->static_addr, &cp->bdaddr);
3317
3318 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS, 0, NULL, 0);
3319
3320 hci_dev_unlock(hdev);
3321
3322 return err;
3323}
3324
33e38b3e
JH		 3325static void fast_connectable_complete(struct hci_dev *hdev, u8 status)
3326{
3327 struct pending_cmd *cmd;
3328
3329 BT_DBG("status 0x%02x", status);
3330
3331 hci_dev_lock(hdev);
3332
3333 cmd = mgmt_pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev);
3334 if (!cmd)
3335 goto unlock;
3336
3337 if (status) {
3338 cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
3339 mgmt_status(status));
3340 } else {
1a4d3c4b
JH		 3341 struct mgmt_mode *cp = cmd->param;
3342
3343 if (cp->val)
3344 set_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
3345 else
3346 clear_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
3347
33e38b3e
JH		 3348 send_settings_rsp(cmd->sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev);
3349 new_settings(hdev, cmd->sk);
3350 }
3351
3352 mgmt_pending_remove(cmd);
3353
3354unlock:
3355 hci_dev_unlock(hdev);
3356}
3357
bdb6d971 3358static int set_fast_connectable(struct sock *sk, struct hci_dev *hdev,
04124681 3359 void *data, u16 len)
f6422ec6 3360{
650f726d 3361 struct mgmt_mode *cp = data;
33e38b3e
JH		 3362 struct pending_cmd *cmd;
3363 struct hci_request req;
f6422ec6
AJ		 3364 int err;
3365
bdb6d971 3366 BT_DBG("%s", hdev->name);
f6422ec6 3367
56f87901
JH		 3368 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags) ||
3369 hdev->hci_ver < BLUETOOTH_VER_1_2)
33c525c0
JH		 3370 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
3371 MGMT_STATUS_NOT_SUPPORTED);
3372
a7e80f25
JH		 3373 if (cp->val != 0x00 && cp->val != 0x01)
3374 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
3375 MGMT_STATUS_INVALID_PARAMS);
3376
5400c044 3377 if (!hdev_is_powered(hdev))
bdb6d971 3378 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
04124681 3379 MGMT_STATUS_NOT_POWERED);
5400c044
JH		 3380
3381 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
bdb6d971 3382 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
04124681 3383 MGMT_STATUS_REJECTED);
f6422ec6
AJ		 3384
3385 hci_dev_lock(hdev);
3386
05cbf29f
JH		 3387 if (mgmt_pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev)) {
3388 err = cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
3389 MGMT_STATUS_BUSY);
3390 goto unlock;
3391 }
3392
1a4d3c4b
JH		 3393 if (!!cp->val == test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags)) {
3394 err = send_settings_rsp(sk, MGMT_OP_SET_FAST_CONNECTABLE,
3395 hdev);
3396 goto unlock;
3397 }
3398
33e38b3e
JH		 3399 cmd = mgmt_pending_add(sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev,
3400 data, len);
3401 if (!cmd) {
3402 err = -ENOMEM;
3403 goto unlock;
f6422ec6
AJ		 3404 }
3405
33e38b3e
JH		 3406 hci_req_init(&req, hdev);
3407
406d7804 3408 write_fast_connectable(&req, cp->val);
33e38b3e
JH		 3409
3410 err = hci_req_run(&req, fast_connectable_complete);
f6422ec6 3411 if (err < 0) {
bdb6d971 3412 err = cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
04124681 3413 MGMT_STATUS_FAILED);
33e38b3e 3414 mgmt_pending_remove(cmd);
f6422ec6
AJ		 3415 }
3416
33e38b3e 3417unlock:
f6422ec6 3418 hci_dev_unlock(hdev);
33e38b3e 3419
f6422ec6
AJ		 3420 return err;
3421}
3422
0663ca2a
JH		 3423static void set_bredr_complete(struct hci_dev *hdev, u8 status)
3424{
3425 struct pending_cmd *cmd;
3426
3427 BT_DBG("status 0x%02x", status);
3428
3429 hci_dev_lock(hdev);
3430
3431 cmd = mgmt_pending_find(MGMT_OP_SET_BREDR, hdev);
3432 if (!cmd)
3433 goto unlock;
3434
3435 if (status) {
3436 u8 mgmt_err = mgmt_status(status);
3437
3438 /* We need to restore the flag if related HCI commands
3439 * failed.
3440 */
3441 clear_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
3442
3443 cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
3444 } else {
3445 send_settings_rsp(cmd->sk, MGMT_OP_SET_BREDR, hdev);
3446 new_settings(hdev, cmd->sk);
3447 }
3448
3449 mgmt_pending_remove(cmd);
3450
3451unlock:
3452 hci_dev_unlock(hdev);
3453}
3454
3455static int set_bredr(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
3456{
3457 struct mgmt_mode *cp = data;
3458 struct pending_cmd *cmd;
3459 struct hci_request req;
3460 int err;
3461
3462 BT_DBG("request for %s", hdev->name);
3463
3464 if (!lmp_bredr_capable(hdev) || !lmp_le_capable(hdev))
3465 return cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
3466 MGMT_STATUS_NOT_SUPPORTED);
3467
3468 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
3469 return cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
3470 MGMT_STATUS_REJECTED);
3471
3472 if (cp->val != 0x00 && cp->val != 0x01)
3473 return cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
3474 MGMT_STATUS_INVALID_PARAMS);
3475
3476 hci_dev_lock(hdev);
3477
3478 if (cp->val == test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
3479 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
3480 goto unlock;
3481 }
3482
3483 if (!hdev_is_powered(hdev)) {
3484 if (!cp->val) {
3485 clear_bit(HCI_CONNECTABLE, &hdev->dev_flags);
3486 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
3487 clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
3488 clear_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
3489 clear_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
3490 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
3491 }
3492
3493 change_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
3494
3495 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
3496 if (err < 0)
3497 goto unlock;
3498
3499 err = new_settings(hdev, sk);
3500 goto unlock;
3501 }
3502
3503 /* Reject disabling when powered on */
3504 if (!cp->val) {
3505 err = cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
3506 MGMT_STATUS_REJECTED);
3507 goto unlock;
3508 }
3509
3510 if (mgmt_pending_find(MGMT_OP_SET_BREDR, hdev)) {
3511 err = cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
3512 MGMT_STATUS_BUSY);
3513 goto unlock;
3514 }
3515
3516 cmd = mgmt_pending_add(sk, MGMT_OP_SET_BREDR, hdev, data, len);
3517 if (!cmd) {
3518 err = -ENOMEM;
3519 goto unlock;
3520 }
3521
3522 /* We need to flip the bit already here so that hci_update_ad
3523 * generates the correct flags.
3524 */
3525 set_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
3526
3527 hci_req_init(&req, hdev);
3528 hci_update_ad(&req);
3529 err = hci_req_run(&req, set_bredr_complete);
3530 if (err < 0)
3531 mgmt_pending_remove(cmd);
3532
3533unlock:
3534 hci_dev_unlock(hdev);
3535 return err;
3536}
3537
3f706b72
JH		 3538static bool ltk_is_valid(struct mgmt_ltk_info *key)
3539{
44b20d33
JH		 3540 if (key->authenticated != 0x00 && key->authenticated != 0x01)
3541 return false;
3f706b72
JH		 3542 if (key->master != 0x00 && key->master != 0x01)
3543 return false;
4ee71b20
JH		 3544 if (!bdaddr_type_is_le(key->addr.type))
3545 return false;
3f706b72
JH		 3546 return true;
3547}
3548
bdb6d971 3549static int load_long_term_keys(struct sock *sk, struct hci_dev *hdev,
04124681 3550 void *cp_data, u16 len)
346af67b 3551{
346af67b
VCG		 3552 struct mgmt_cp_load_long_term_keys *cp = cp_data;
3553 u16 key_count, expected_len;
715a5bf2 3554 int i, err;
346af67b 3555
cf99ba13
MH		 3556 BT_DBG("request for %s", hdev->name);
3557
3558 if (!lmp_le_capable(hdev))
3559 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
3560 MGMT_STATUS_NOT_SUPPORTED);
3561
1f350c87 3562 key_count = __le16_to_cpu(cp->key_count);
346af67b
VCG		 3563
3564 expected_len = sizeof(*cp) + key_count *
3565 sizeof(struct mgmt_ltk_info);
3566 if (expected_len != len) {
3567 BT_ERR("load_keys: expected %u bytes, got %u bytes",
8ce8e2b5 3568 len, expected_len);
bdb6d971 3569 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
e57e619f 3570 MGMT_STATUS_INVALID_PARAMS);
346af67b
VCG		 3571 }
3572
bdb6d971 3573 BT_DBG("%s key_count %u", hdev->name, key_count);
346af67b 3574
54ad6d8a
JH		 3575 for (i = 0; i < key_count; i++) {
3576 struct mgmt_ltk_info *key = &cp->keys[i];
3577
3f706b72 3578 if (!ltk_is_valid(key))
54ad6d8a
JH		 3579 return cmd_status(sk, hdev->id,
3580 MGMT_OP_LOAD_LONG_TERM_KEYS,
3581 MGMT_STATUS_INVALID_PARAMS);
3582 }
3583
346af67b
VCG		 3584 hci_dev_lock(hdev);
3585
3586 hci_smp_ltks_clear(hdev);
3587
3588 for (i = 0; i < key_count; i++) {
3589 struct mgmt_ltk_info *key = &cp->keys[i];
3590 u8 type;
3591
3592 if (key->master)
3593 type = HCI_SMP_LTK;
3594 else
3595 type = HCI_SMP_LTK_SLAVE;
3596
4596fde5 3597 hci_add_ltk(hdev, &key->addr.bdaddr,
378b5b7e 3598 bdaddr_to_le(key->addr.type),
04124681
GP		 3599 type, 0, key->authenticated, key->val,
3600 key->enc_size, key->ediv, key->rand);
346af67b
VCG		 3601 }
3602
715a5bf2
JH		 3603 err = cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS, 0,
3604 NULL, 0);
3605
346af67b 3606 hci_dev_unlock(hdev);
346af67b 3607
715a5bf2 3608 return err;
346af67b
VCG		 3609}
3610
2e3c35ea 3611static const struct mgmt_handler {
04124681
GP		 3612 int (*func) (struct sock *sk, struct hci_dev *hdev, void *data,
3613 u16 data_len);
be22b54e
JH		 3614 bool var_len;
3615 size_t data_len;
0f4e68cf
JH		 3616} mgmt_handlers[] = {
3617 { NULL }, /* 0x0000 (no command) */
be22b54e
JH		 3618 { read_version, false, MGMT_READ_VERSION_SIZE },
3619 { read_commands, false, MGMT_READ_COMMANDS_SIZE },
3620 { read_index_list, false, MGMT_READ_INDEX_LIST_SIZE },
3621 { read_controller_info, false, MGMT_READ_INFO_SIZE },
3622 { set_powered, false, MGMT_SETTING_SIZE },
3623 { set_discoverable, false, MGMT_SET_DISCOVERABLE_SIZE },
3624 { set_connectable, false, MGMT_SETTING_SIZE },
3625 { set_fast_connectable, false, MGMT_SETTING_SIZE },
3626 { set_pairable, false, MGMT_SETTING_SIZE },
3627 { set_link_security, false, MGMT_SETTING_SIZE },
3628 { set_ssp, false, MGMT_SETTING_SIZE },
3629 { set_hs, false, MGMT_SETTING_SIZE },
3630 { set_le, false, MGMT_SETTING_SIZE },
3631 { set_dev_class, false, MGMT_SET_DEV_CLASS_SIZE },
3632 { set_local_name, false, MGMT_SET_LOCAL_NAME_SIZE },
3633 { add_uuid, false, MGMT_ADD_UUID_SIZE },
3634 { remove_uuid, false, MGMT_REMOVE_UUID_SIZE },
3635 { load_link_keys, true, MGMT_LOAD_LINK_KEYS_SIZE },
3636 { load_long_term_keys, true, MGMT_LOAD_LONG_TERM_KEYS_SIZE },
3637 { disconnect, false, MGMT_DISCONNECT_SIZE },
3638 { get_connections, false, MGMT_GET_CONNECTIONS_SIZE },
3639 { pin_code_reply, false, MGMT_PIN_CODE_REPLY_SIZE },
3640 { pin_code_neg_reply, false, MGMT_PIN_CODE_NEG_REPLY_SIZE },
3641 { set_io_capability, false, MGMT_SET_IO_CAPABILITY_SIZE },
3642 { pair_device, false, MGMT_PAIR_DEVICE_SIZE },
3643 { cancel_pair_device, false, MGMT_CANCEL_PAIR_DEVICE_SIZE },
3644 { unpair_device, false, MGMT_UNPAIR_DEVICE_SIZE },
3645 { user_confirm_reply, false, MGMT_USER_CONFIRM_REPLY_SIZE },
3646 { user_confirm_neg_reply, false, MGMT_USER_CONFIRM_NEG_REPLY_SIZE },
3647 { user_passkey_reply, false, MGMT_USER_PASSKEY_REPLY_SIZE },
3648 { user_passkey_neg_reply, false, MGMT_USER_PASSKEY_NEG_REPLY_SIZE },
3649 { read_local_oob_data, false, MGMT_READ_LOCAL_OOB_DATA_SIZE },
3650 { add_remote_oob_data, false, MGMT_ADD_REMOTE_OOB_DATA_SIZE },
3651 { remove_remote_oob_data, false, MGMT_REMOVE_REMOTE_OOB_DATA_SIZE },
3652 { start_discovery, false, MGMT_START_DISCOVERY_SIZE },
3653 { stop_discovery, false, MGMT_STOP_DISCOVERY_SIZE },
3654 { confirm_name, false, MGMT_CONFIRM_NAME_SIZE },
3655 { block_device, false, MGMT_BLOCK_DEVICE_SIZE },
3656 { unblock_device, false, MGMT_UNBLOCK_DEVICE_SIZE },
cdbaccca 3657 { set_device_id, false, MGMT_SET_DEVICE_ID_SIZE },
4375f103 3658 { set_advertising, false, MGMT_SETTING_SIZE },
0663ca2a 3659 { set_bredr, false, MGMT_SETTING_SIZE },
d13eafce 3660 { set_static_address, false, MGMT_SET_STATIC_ADDRESS_SIZE },
0f4e68cf
JH		 3661};
3662
3663
0381101f
JH		 3664int mgmt_control(struct sock *sk, struct msghdr *msg, size_t msglen)
3665{
650f726d
VCG		 3666 void *buf;
3667 u8 *cp;
0381101f 3668 struct mgmt_hdr *hdr;
4e51eae9 3669 u16 opcode, index, len;
bdb6d971 3670 struct hci_dev *hdev = NULL;
2e3c35ea 3671 const struct mgmt_handler *handler;
0381101f
JH		 3672 int err;
3673
3674 BT_DBG("got %zu bytes", msglen);
3675
3676 if (msglen < sizeof(*hdr))
3677 return -EINVAL;
3678
e63a15ec 3679 buf = kmalloc(msglen, GFP_KERNEL);
0381101f
JH		 3680 if (!buf)
3681 return -ENOMEM;
3682
3683 if (memcpy_fromiovec(buf, msg->msg_iov, msglen)) {
3684 err = -EFAULT;
3685 goto done;
3686 }
3687
650f726d 3688 hdr = buf;
1f350c87
MH		 3689 opcode = __le16_to_cpu(hdr->opcode);
3690 index = __le16_to_cpu(hdr->index);
3691 len = __le16_to_cpu(hdr->len);
0381101f
JH		 3692
3693 if (len != msglen - sizeof(*hdr)) {
3694 err = -EINVAL;
3695 goto done;
3696 }
3697
0f4e68cf 3698 if (index != MGMT_INDEX_NONE) {
bdb6d971
JH		 3699 hdev = hci_dev_get(index);
3700 if (!hdev) {
3701 err = cmd_status(sk, index, opcode,
04124681 3702 MGMT_STATUS_INVALID_INDEX);
bdb6d971
JH		 3703 goto done;
3704 }
0736cfa8
MH		 3705
3706 if (test_bit(HCI_USER_CHANNEL, &hdev->dev_flags)) {
3707 err = cmd_status(sk, index, opcode,
3708 MGMT_STATUS_INVALID_INDEX);
3709 goto done;
3710 }
bdb6d971
JH		 3711 }
3712
0f4e68cf 3713 if (opcode >= ARRAY_SIZE(mgmt_handlers) ||
8ce8e2b5 3714 mgmt_handlers[opcode].func == NULL) {
0381101f 3715 BT_DBG("Unknown op %u", opcode);
ca69b795 3716 err = cmd_status(sk, index, opcode,
04124681 3717 MGMT_STATUS_UNKNOWN_COMMAND);
0f4e68cf
JH		 3718 goto done;
3719 }
3720
3721 if ((hdev && opcode < MGMT_OP_READ_INFO) ||
8ce8e2b5 3722 (!hdev && opcode >= MGMT_OP_READ_INFO)) {
0f4e68cf 3723 err = cmd_status(sk, index, opcode,
04124681 3724 MGMT_STATUS_INVALID_INDEX);
0f4e68cf 3725 goto done;
0381101f
JH		 3726 }
3727
be22b54e
JH		 3728 handler = &mgmt_handlers[opcode];
3729
3730 if ((handler->var_len && len < handler->data_len) ||
8ce8e2b5 3731 (!handler->var_len && len != handler->data_len)) {
be22b54e 3732 err = cmd_status(sk, index, opcode,
04124681 3733 MGMT_STATUS_INVALID_PARAMS);
be22b54e
JH		 3734 goto done;
3735 }
3736
0f4e68cf
JH		 3737 if (hdev)
3738 mgmt_init_hdev(sk, hdev);
3739
3740 cp = buf + sizeof(*hdr);
3741
be22b54e 3742 err = handler->func(sk, hdev, cp, len);
e41d8b4e
JH		 3743 if (err < 0)
3744 goto done;
3745
0381101f
JH		 3746 err = msglen;
3747
3748done:
bdb6d971
JH		 3749 if (hdev)
3750 hci_dev_put(hdev);
3751
0381101f
JH		 3752 kfree(buf);
3753 return err;
3754}
c71e97bf 3755
744cf19e 3756int mgmt_index_added(struct hci_dev *hdev)
c71e97bf 3757{
bb4b2a9a
AE		 3758 if (!mgmt_valid_hdev(hdev))
3759 return -ENOTSUPP;
3760
744cf19e 3761 return mgmt_event(MGMT_EV_INDEX_ADDED, hdev, NULL, 0, NULL);
c71e97bf
JH		 3762}
3763
744cf19e 3764int mgmt_index_removed(struct hci_dev *hdev)
c71e97bf 3765{
5f159032 3766 u8 status = MGMT_STATUS_INVALID_INDEX;
b24752fe 3767
bb4b2a9a
AE		 3768 if (!mgmt_valid_hdev(hdev))
3769 return -ENOTSUPP;
3770
744cf19e 3771 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status);
b24752fe 3772
744cf19e 3773 return mgmt_event(MGMT_EV_INDEX_REMOVED, hdev, NULL, 0, NULL);
eec8d2bc
JH		 3774}
3775
890ea898 3776static void set_bredr_scan(struct hci_request *req)
7f0ae647 3777{
890ea898 3778 struct hci_dev *hdev = req->hdev;
7f0ae647
JH		 3779 u8 scan = 0;
3780
4c01f8b8
JH		 3781 /* Ensure that fast connectable is disabled. This function will
3782 * not do anything if the page scan parameters are already what
3783 * they should be.
3784 */
3785 write_fast_connectable(req, false);
3786
7f0ae647
JH		 3787 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
3788 scan |= SCAN_PAGE;
3789 if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
3790 scan |= SCAN_INQUIRY;
3791
890ea898
JH		 3792 if (scan)
3793 hci_req_add(req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
7f0ae647
JH		 3794}
3795
229ab39c
JH		 3796static void powered_complete(struct hci_dev *hdev, u8 status)
3797{
3798 struct cmd_lookup match = { NULL, hdev };
3799
3800 BT_DBG("status 0x%02x", status);
3801
3802 hci_dev_lock(hdev);
3803
3804 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
3805
3806 new_settings(hdev, match.sk);
3807
3808 hci_dev_unlock(hdev);
3809
3810 if (match.sk)
3811 sock_put(match.sk);
3812}
3813
70da6243 3814static int powered_update_hci(struct hci_dev *hdev)
5add6af8 3815{
890ea898 3816 struct hci_request req;
70da6243 3817 u8 link_sec;
5add6af8 3818
890ea898
JH		 3819 hci_req_init(&req, hdev);
3820
70da6243
JH		 3821 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags) &&
3822 !lmp_host_ssp_capable(hdev)) {
3823 u8 ssp = 1;
5e5282bb 3824
890ea898 3825 hci_req_add(&req, HCI_OP_WRITE_SSP_MODE, 1, &ssp);
70da6243 3826 }
5add6af8 3827
c73eee91
JH		 3828 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags) &&
3829 lmp_bredr_capable(hdev)) {
70da6243 3830 struct hci_cp_write_le_host_supported cp;
f0ff92fb 3831
70da6243
JH		 3832 cp.le = 1;
3833 cp.simul = lmp_le_br_capable(hdev);
3d1cbdd6 3834
70da6243
JH		 3835 /* Check first if we already have the right
3836 * host state (host features set)
3837 */
3838 if (cp.le != lmp_host_le_capable(hdev) ||
3839 cp.simul != lmp_host_le_br_capable(hdev))
890ea898
JH		 3840 hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED,
3841 sizeof(cp), &cp);
0663ca2a
JH		 3842
3843 /* In case BR/EDR was toggled during the AUTO_OFF phase */
3844 hci_update_ad(&req);
70da6243 3845 }
3d1cbdd6 3846
d13eafce
MH		 3847 if (lmp_le_capable(hdev)) {
3848 /* Set random address to static address if configured */
3849 if (bacmp(&hdev->static_addr, BDADDR_ANY))
3850 hci_req_add(&req, HCI_OP_LE_SET_RANDOM_ADDR, 6,
3851 &hdev->static_addr);
3852 }
3853
eeca6f89
JH		 3854 if (test_bit(HCI_LE_PERIPHERAL, &hdev->dev_flags)) {
3855 u8 adv = 0x01;
3856
3857 hci_req_add(&req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(adv), &adv);
3858 }
3859
70da6243
JH		 3860 link_sec = test_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
3861 if (link_sec != test_bit(HCI_AUTH, &hdev->flags))
890ea898
JH		 3862 hci_req_add(&req, HCI_OP_WRITE_AUTH_ENABLE,
3863 sizeof(link_sec), &link_sec);
562fcc24 3864
70da6243 3865 if (lmp_bredr_capable(hdev)) {
56f87901
JH		 3866 if (test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
3867 set_bredr_scan(&req);
890ea898 3868 update_class(&req);
13928971 3869 update_name(&req);
890ea898 3870 update_eir(&req);
70da6243 3871 }
562fcc24 3872
229ab39c 3873 return hci_req_run(&req, powered_complete);
70da6243 3874}
562fcc24 3875
70da6243
JH		 3876int mgmt_powered(struct hci_dev *hdev, u8 powered)
3877{
3878 struct cmd_lookup match = { NULL, hdev };
229ab39c
JH		 3879 u8 status_not_powered = MGMT_STATUS_NOT_POWERED;
3880 u8 zero_cod[] = { 0, 0, 0 };
70da6243 3881 int err;
f0ff92fb 3882
70da6243
JH		 3883 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
3884 return 0;
3885
70da6243 3886 if (powered) {
229ab39c
JH		 3887 if (powered_update_hci(hdev) == 0)
3888 return 0;
fe038884 3889
229ab39c
JH		 3890 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp,
3891 &match);
3892 goto new_settings;
b24752fe
JH		 3893 }
3894
229ab39c
JH		 3895 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
3896 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status_not_powered);
3897
3898 if (memcmp(hdev->dev_class, zero_cod, sizeof(zero_cod)) != 0)
3899 mgmt_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev,
3900 zero_cod, sizeof(zero_cod), NULL);
3901
3902new_settings:
beadb2bd 3903 err = new_settings(hdev, match.sk);
eec8d2bc
JH		 3904
3905 if (match.sk)
3906 sock_put(match.sk);
3907
7bb895d6 3908 return err;
5add6af8 3909}
73f22f62 3910
96570ffc
JH		 3911int mgmt_set_powered_failed(struct hci_dev *hdev, int err)
3912{
3913 struct pending_cmd *cmd;
3914 u8 status;
3915
3916 cmd = mgmt_pending_find(MGMT_OP_SET_POWERED, hdev);
3917 if (!cmd)
3918 return -ENOENT;
3919
3920 if (err == -ERFKILL)
3921 status = MGMT_STATUS_RFKILLED;
3922 else
3923 status = MGMT_STATUS_FAILED;
3924
3925 err = cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_POWERED, status);
3926
3927 mgmt_pending_remove(cmd);
3928
3929 return err;
3930}
3931
744cf19e 3932int mgmt_discoverable(struct hci_dev *hdev, u8 discoverable)
73f22f62 3933{
76a7f3a4 3934 struct cmd_lookup match = { NULL, hdev };
5e5282bb
JH		 3935 bool changed = false;
3936 int err = 0;
73f22f62 3937
5e5282bb
JH		 3938 if (discoverable) {
3939 if (!test_and_set_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
3940 changed = true;
3941 } else {
3942 if (test_and_clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
3943 changed = true;
3944 }
73f22f62 3945
ed9b5f2f 3946 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, hdev, settings_rsp,
04124681 3947 &match);
ed9b5f2f 3948
beadb2bd
JH		 3949 if (changed)
3950 err = new_settings(hdev, match.sk);
5e5282bb 3951
73f22f62
JH		 3952 if (match.sk)
3953 sock_put(match.sk);
3954
7bb895d6 3955 return err;
73f22f62 3956}
9fbcbb45 3957
744cf19e 3958int mgmt_connectable(struct hci_dev *hdev, u8 connectable)
9fbcbb45 3959{
2b76f453 3960 struct pending_cmd *cmd;
5e5282bb
JH		 3961 bool changed = false;
3962 int err = 0;
9fbcbb45 3963
5e5282bb
JH		 3964 if (connectable) {
3965 if (!test_and_set_bit(HCI_CONNECTABLE, &hdev->dev_flags))
3966 changed = true;
3967 } else {
3968 if (test_and_clear_bit(HCI_CONNECTABLE, &hdev->dev_flags))
3969 changed = true;
3970 }
9fbcbb45 3971
2b76f453 3972 cmd = mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
ed9b5f2f 3973
beadb2bd 3974 if (changed)
2b76f453 3975 err = new_settings(hdev, cmd ? cmd->sk : NULL);
9fbcbb45 3976
7bb895d6 3977 return err;
9fbcbb45 3978}
55ed8ca1 3979
744cf19e 3980int mgmt_write_scan_failed(struct hci_dev *hdev, u8 scan, u8 status)
2d7cee58 3981{
ca69b795
JH		 3982 u8 mgmt_err = mgmt_status(status);
3983
2d7cee58 3984 if (scan & SCAN_PAGE)
744cf19e 3985 mgmt_pending_foreach(MGMT_OP_SET_CONNECTABLE, hdev,
04124681 3986 cmd_status_rsp, &mgmt_err);
2d7cee58
JH		 3987
3988 if (scan & SCAN_INQUIRY)
744cf19e 3989 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, hdev,
04124681 3990 cmd_status_rsp, &mgmt_err);
2d7cee58
JH		 3991
3992 return 0;
3993}
3994
53168e5b
CC		 3995int mgmt_new_link_key(struct hci_dev *hdev, struct link_key *key,
3996 bool persistent)
55ed8ca1 3997{
86742e1e 3998 struct mgmt_ev_new_link_key ev;
55ed8ca1 3999
a492cd52 4000 memset(&ev, 0, sizeof(ev));
55ed8ca1 4001
a492cd52 4002 ev.store_hint = persistent;
d753fdc4 4003 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
591f47f3 4004 ev.key.addr.type = BDADDR_BREDR;
a492cd52 4005 ev.key.type = key->type;
9b3b4460 4006 memcpy(ev.key.val, key->val, HCI_LINK_KEY_SIZE);
a492cd52 4007 ev.key.pin_len = key->pin_len;
55ed8ca1 4008
744cf19e 4009 return mgmt_event(MGMT_EV_NEW_LINK_KEY, hdev, &ev, sizeof(ev), NULL);
55ed8ca1 4010}
f7520543 4011
346af67b
VCG		 4012int mgmt_new_ltk(struct hci_dev *hdev, struct smp_ltk *key, u8 persistent)
4013{
4014 struct mgmt_ev_new_long_term_key ev;
4015
4016 memset(&ev, 0, sizeof(ev));
4017
4018 ev.store_hint = persistent;
4019 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
57c1477c 4020 ev.key.addr.type = link_to_bdaddr(LE_LINK, key->bdaddr_type);
346af67b
VCG		 4021 ev.key.authenticated = key->authenticated;
4022 ev.key.enc_size = key->enc_size;
4023 ev.key.ediv = key->ediv;
4024
4025 if (key->type == HCI_SMP_LTK)
4026 ev.key.master = 1;
4027
4028 memcpy(ev.key.rand, key->rand, sizeof(key->rand));
4029 memcpy(ev.key.val, key->val, sizeof(key->val));
4030
04124681
GP		 4031 return mgmt_event(MGMT_EV_NEW_LONG_TERM_KEY, hdev, &ev, sizeof(ev),
4032 NULL);
346af67b
VCG		 4033}
4034
afc747a6 4035int mgmt_device_connected(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
04124681
GP		 4036 u8 addr_type, u32 flags, u8 *name, u8 name_len,
4037 u8 *dev_class)
f7520543 4038{
b644ba33
JH		 4039 char buf[512];
4040 struct mgmt_ev_device_connected *ev = (void *) buf;
4041 u16 eir_len = 0;
f7520543 4042
b644ba33 4043 bacpy(&ev->addr.bdaddr, bdaddr);
57c1477c 4044 ev->addr.type = link_to_bdaddr(link_type, addr_type);
f7520543 4045
c95f0ba7 4046 ev->flags = __cpu_to_le32(flags);
08c79b61 4047
b644ba33
JH		 4048 if (name_len > 0)
4049 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE,
04124681 4050 name, name_len);
b644ba33
JH		 4051
4052 if (dev_class && memcmp(dev_class, "\0\0\0", 3) != 0)
53156385 4053 eir_len = eir_append_data(ev->eir, eir_len,
04124681 4054 EIR_CLASS_OF_DEV, dev_class, 3);
b644ba33 4055
eb55ef07 4056 ev->eir_len = cpu_to_le16(eir_len);
b644ba33
JH		 4057
4058 return mgmt_event(MGMT_EV_DEVICE_CONNECTED, hdev, buf,
04124681 4059 sizeof(*ev) + eir_len, NULL);
f7520543
JH		 4060}
4061
8962ee74
JH		 4062static void disconnect_rsp(struct pending_cmd *cmd, void *data)
4063{
c68fb7ff 4064 struct mgmt_cp_disconnect *cp = cmd->param;
8962ee74 4065 struct sock **sk = data;
a38528f1 4066 struct mgmt_rp_disconnect rp;
8962ee74 4067
88c3df13
JH		 4068 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
4069 rp.addr.type = cp->addr.type;
8962ee74 4070
aee9b218 4071 cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT, 0, &rp,
04124681 4072 sizeof(rp));
8962ee74
JH		 4073
4074 *sk = cmd->sk;
4075 sock_hold(*sk);
4076
a664b5bc 4077 mgmt_pending_remove(cmd);
8962ee74
JH		 4078}
4079
124f6e35 4080static void unpair_device_rsp(struct pending_cmd *cmd, void *data)
a8a1d19e 4081{
b1078ad0 4082 struct hci_dev *hdev = data;
124f6e35
JH		 4083 struct mgmt_cp_unpair_device *cp = cmd->param;
4084 struct mgmt_rp_unpair_device rp;
a8a1d19e
JH		 4085
4086 memset(&rp, 0, sizeof(rp));
124f6e35
JH		 4087 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
4088 rp.addr.type = cp->addr.type;
a8a1d19e 4089
b1078ad0
JH		 4090 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, cmd->sk);
4091
aee9b218 4092 cmd_complete(cmd->sk, cmd->index, cmd->opcode, 0, &rp, sizeof(rp));
a8a1d19e
JH		 4093
4094 mgmt_pending_remove(cmd);
4095}
4096
afc747a6 4097int mgmt_device_disconnected(struct hci_dev *hdev, bdaddr_t *bdaddr,
f0d6a0ea 4098 u8 link_type, u8 addr_type, u8 reason)
f7520543 4099{
f0d6a0ea 4100 struct mgmt_ev_device_disconnected ev;
8962ee74
JH		 4101 struct sock *sk = NULL;
4102 int err;
4103
744cf19e 4104 mgmt_pending_foreach(MGMT_OP_DISCONNECT, hdev, disconnect_rsp, &sk);
f7520543 4105
f0d6a0ea
MA		 4106 bacpy(&ev.addr.bdaddr, bdaddr);
4107 ev.addr.type = link_to_bdaddr(link_type, addr_type);
4108 ev.reason = reason;
f7520543 4109
afc747a6 4110 err = mgmt_event(MGMT_EV_DEVICE_DISCONNECTED, hdev, &ev, sizeof(ev),
04124681 4111 sk);
8962ee74
JH		 4112
4113 if (sk)
d97dcb66 4114 sock_put(sk);
8962ee74 4115
124f6e35 4116 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
04124681 4117 hdev);
a8a1d19e 4118
8962ee74
JH		 4119 return err;
4120}
4121
88c3df13 4122int mgmt_disconnect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 4123 u8 link_type, u8 addr_type, u8 status)
8962ee74 4124{
88c3df13 4125 struct mgmt_rp_disconnect rp;
8962ee74
JH		 4126 struct pending_cmd *cmd;
4127 int err;
4128
36a75f1b
JD		 4129 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
4130 hdev);
4131
2e58ef3e 4132 cmd = mgmt_pending_find(MGMT_OP_DISCONNECT, hdev);
8962ee74
JH		 4133 if (!cmd)
4134 return -ENOENT;
4135
88c3df13 4136 bacpy(&rp.addr.bdaddr, bdaddr);
57c1477c 4137 rp.addr.type = link_to_bdaddr(link_type, addr_type);
37d9ef76 4138
88c3df13 4139 err = cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT,
04124681 4140 mgmt_status(status), &rp, sizeof(rp));
8962ee74 4141
a664b5bc 4142 mgmt_pending_remove(cmd);
8962ee74
JH		 4143
4144 return err;
f7520543 4145}
17d5c04c 4146
48264f06 4147int mgmt_connect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
04124681 4148 u8 addr_type, u8 status)
17d5c04c
JH		 4149{
4150 struct mgmt_ev_connect_failed ev;
4151
4c659c39 4152 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 4153 ev.addr.type = link_to_bdaddr(link_type, addr_type);
ca69b795 4154 ev.status = mgmt_status(status);
17d5c04c 4155
744cf19e 4156 return mgmt_event(MGMT_EV_CONNECT_FAILED, hdev, &ev, sizeof(ev), NULL);
17d5c04c 4157}
980e1a53 4158
744cf19e 4159int mgmt_pin_code_request(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 secure)
980e1a53
JH		 4160{
4161 struct mgmt_ev_pin_code_request ev;
4162
d8457698 4163 bacpy(&ev.addr.bdaddr, bdaddr);
591f47f3 4164 ev.addr.type = BDADDR_BREDR;
a770bb5a 4165 ev.secure = secure;
980e1a53 4166
744cf19e 4167 return mgmt_event(MGMT_EV_PIN_CODE_REQUEST, hdev, &ev, sizeof(ev),
04124681 4168 NULL);
980e1a53
JH		 4169}
4170
744cf19e 4171int mgmt_pin_code_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 4172 u8 status)
980e1a53
JH		 4173{
4174 struct pending_cmd *cmd;
ac56fb13 4175 struct mgmt_rp_pin_code_reply rp;
980e1a53
JH		 4176 int err;
4177
2e58ef3e 4178 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_REPLY, hdev);
980e1a53
JH		 4179 if (!cmd)
4180 return -ENOENT;
4181
d8457698 4182 bacpy(&rp.addr.bdaddr, bdaddr);
591f47f3 4183 rp.addr.type = BDADDR_BREDR;
ac56fb13 4184
aee9b218 4185 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
04124681 4186 mgmt_status(status), &rp, sizeof(rp));
980e1a53 4187
a664b5bc 4188 mgmt_pending_remove(cmd);
980e1a53
JH		 4189
4190 return err;
4191}
4192
744cf19e 4193int mgmt_pin_code_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 4194 u8 status)
980e1a53
JH		 4195{
4196 struct pending_cmd *cmd;
ac56fb13 4197 struct mgmt_rp_pin_code_reply rp;
980e1a53
JH		 4198 int err;
4199
2e58ef3e 4200 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_NEG_REPLY, hdev);
980e1a53
JH		 4201 if (!cmd)
4202 return -ENOENT;
4203
d8457698 4204 bacpy(&rp.addr.bdaddr, bdaddr);
591f47f3 4205 rp.addr.type = BDADDR_BREDR;
ac56fb13 4206
aee9b218 4207 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_NEG_REPLY,
04124681 4208 mgmt_status(status), &rp, sizeof(rp));
980e1a53 4209
a664b5bc 4210 mgmt_pending_remove(cmd);
980e1a53
JH		 4211
4212 return err;
4213}
a5c29683 4214
744cf19e 4215int mgmt_user_confirm_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681
GP		 4216 u8 link_type, u8 addr_type, __le32 value,
4217 u8 confirm_hint)
a5c29683
JH		 4218{
4219 struct mgmt_ev_user_confirm_request ev;
4220
744cf19e 4221 BT_DBG("%s", hdev->name);
a5c29683 4222
272d90df 4223 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 4224 ev.addr.type = link_to_bdaddr(link_type, addr_type);
55bc1a37 4225 ev.confirm_hint = confirm_hint;
78e8098e 4226 ev.value = value;
a5c29683 4227
744cf19e 4228 return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST, hdev, &ev, sizeof(ev),
04124681 4229 NULL);
a5c29683
JH		 4230}
4231
272d90df 4232int mgmt_user_passkey_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
8ce8e2b5 4233 u8 link_type, u8 addr_type)
604086b7
BG		 4234{
4235 struct mgmt_ev_user_passkey_request ev;
4236
4237 BT_DBG("%s", hdev->name);
4238
272d90df 4239 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 4240 ev.addr.type = link_to_bdaddr(link_type, addr_type);
604086b7
BG		 4241
4242 return mgmt_event(MGMT_EV_USER_PASSKEY_REQUEST, hdev, &ev, sizeof(ev),
04124681 4243 NULL);
604086b7
BG		 4244}
4245
0df4c185 4246static int user_pairing_resp_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
8ce8e2b5
GP		 4247 u8 link_type, u8 addr_type, u8 status,
4248 u8 opcode)
a5c29683
JH		 4249{
4250 struct pending_cmd *cmd;
4251 struct mgmt_rp_user_confirm_reply rp;
4252 int err;
4253
2e58ef3e 4254 cmd = mgmt_pending_find(opcode, hdev);
a5c29683
JH		 4255 if (!cmd)
4256 return -ENOENT;
4257
272d90df 4258 bacpy(&rp.addr.bdaddr, bdaddr);
57c1477c 4259 rp.addr.type = link_to_bdaddr(link_type, addr_type);
aee9b218 4260 err = cmd_complete(cmd->sk, hdev->id, opcode, mgmt_status(status),
04124681 4261 &rp, sizeof(rp));
a5c29683 4262
a664b5bc 4263 mgmt_pending_remove(cmd);
a5c29683
JH		 4264
4265 return err;
4266}
4267
744cf19e 4268int mgmt_user_confirm_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 4269 u8 link_type, u8 addr_type, u8 status)
a5c29683 4270{
272d90df 4271 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
04124681 4272 status, MGMT_OP_USER_CONFIRM_REPLY);
a5c29683
JH		 4273}
4274
272d90df 4275int mgmt_user_confirm_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 4276 u8 link_type, u8 addr_type, u8 status)
a5c29683 4277{
272d90df 4278 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
8fc9ced3
GP		 4279 status,
4280 MGMT_OP_USER_CONFIRM_NEG_REPLY);
a5c29683 4281}
2a611692 4282
604086b7 4283int mgmt_user_passkey_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 4284 u8 link_type, u8 addr_type, u8 status)
604086b7 4285{
272d90df 4286 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
04124681 4287 status, MGMT_OP_USER_PASSKEY_REPLY);
604086b7
BG		 4288}
4289
272d90df 4290int mgmt_user_passkey_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 4291 u8 link_type, u8 addr_type, u8 status)
604086b7 4292{
272d90df 4293 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
8fc9ced3
GP		 4294 status,
4295 MGMT_OP_USER_PASSKEY_NEG_REPLY);
604086b7
BG		 4296}
4297
92a25256
JH		 4298int mgmt_user_passkey_notify(struct hci_dev *hdev, bdaddr_t *bdaddr,
4299 u8 link_type, u8 addr_type, u32 passkey,
4300 u8 entered)
4301{
4302 struct mgmt_ev_passkey_notify ev;
4303
4304 BT_DBG("%s", hdev->name);
4305
4306 bacpy(&ev.addr.bdaddr, bdaddr);
4307 ev.addr.type = link_to_bdaddr(link_type, addr_type);
4308 ev.passkey = __cpu_to_le32(passkey);
4309 ev.entered = entered;
4310
4311 return mgmt_event(MGMT_EV_PASSKEY_NOTIFY, hdev, &ev, sizeof(ev), NULL);
4312}
4313
bab73cb6 4314int mgmt_auth_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
04124681 4315 u8 addr_type, u8 status)
2a611692
JH		 4316{
4317 struct mgmt_ev_auth_failed ev;
4318
bab73cb6 4319 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 4320 ev.addr.type = link_to_bdaddr(link_type, addr_type);
ca69b795 4321 ev.status = mgmt_status(status);
2a611692 4322
744cf19e 4323 return mgmt_event(MGMT_EV_AUTH_FAILED, hdev, &ev, sizeof(ev), NULL);
2a611692 4324}
b312b161 4325
33ef95ed
JH		 4326int mgmt_auth_enable_complete(struct hci_dev *hdev, u8 status)
4327{
4328 struct cmd_lookup match = { NULL, hdev };
47990ea0
JH		 4329 bool changed = false;
4330 int err = 0;
33ef95ed
JH		 4331
4332 if (status) {
4333 u8 mgmt_err = mgmt_status(status);
4334 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev,
04124681 4335 cmd_status_rsp, &mgmt_err);
33ef95ed
JH		 4336 return 0;
4337 }
4338
47990ea0
JH		 4339 if (test_bit(HCI_AUTH, &hdev->flags)) {
4340 if (!test_and_set_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
4341 changed = true;
4342 } else {
4343 if (test_and_clear_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
4344 changed = true;
4345 }
4346
33ef95ed 4347 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev, settings_rsp,
04124681 4348 &match);
33ef95ed 4349
47990ea0
JH		 4350 if (changed)
4351 err = new_settings(hdev, match.sk);
33ef95ed
JH		 4352
4353 if (match.sk)
4354 sock_put(match.sk);
4355
4356 return err;
4357}
4358
890ea898 4359static void clear_eir(struct hci_request *req)
cacaf52f 4360{
890ea898 4361 struct hci_dev *hdev = req->hdev;
cacaf52f
JH		 4362 struct hci_cp_write_eir cp;
4363
976eb20e 4364 if (!lmp_ext_inq_capable(hdev))
890ea898 4365 return;
cacaf52f 4366
c80da27e
JH		 4367 memset(hdev->eir, 0, sizeof(hdev->eir));
4368
cacaf52f
JH		 4369 memset(&cp, 0, sizeof(cp));
4370
890ea898 4371 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
cacaf52f
JH		 4372}
4373
c0ecddc2 4374int mgmt_ssp_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
ed2c4ee3
JH		 4375{
4376 struct cmd_lookup match = { NULL, hdev };
890ea898 4377 struct hci_request req;
c0ecddc2
JH		 4378 bool changed = false;
4379 int err = 0;
ed2c4ee3
JH		 4380
4381 if (status) {
4382 u8 mgmt_err = mgmt_status(status);
c0ecddc2
JH		 4383
4384 if (enable && test_and_clear_bit(HCI_SSP_ENABLED,
04124681 4385 &hdev->dev_flags))
c0ecddc2
JH		 4386 err = new_settings(hdev, NULL);
4387
04124681
GP		 4388 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, cmd_status_rsp,
4389 &mgmt_err);
c0ecddc2
JH		 4390
4391 return err;
4392 }
4393
4394 if (enable) {
4395 if (!test_and_set_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
4396 changed = true;
4397 } else {
4398 if (test_and_clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
4399 changed = true;
ed2c4ee3
JH		 4400 }
4401
4402 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, settings_rsp, &match);
4403
c0ecddc2
JH		 4404 if (changed)
4405 err = new_settings(hdev, match.sk);
ed2c4ee3 4406
5fc6ebb1 4407 if (match.sk)
ed2c4ee3
JH		 4408 sock_put(match.sk);
4409
890ea898
JH		 4410 hci_req_init(&req, hdev);
4411
5fc6ebb1 4412 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
890ea898 4413 update_eir(&req);
5fc6ebb1 4414 else
890ea898
JH		 4415 clear_eir(&req);
4416
4417 hci_req_run(&req, NULL);
cacaf52f 4418
ed2c4ee3
JH		 4419 return err;
4420}
4421
92da6097 4422static void sk_lookup(struct pending_cmd *cmd, void *data)
90e70454
JH		 4423{
4424 struct cmd_lookup *match = data;
4425
90e70454
JH		 4426 if (match->sk == NULL) {
4427 match->sk = cmd->sk;
4428 sock_hold(match->sk);
4429 }
90e70454
JH		 4430}
4431
7f9a903c 4432int mgmt_set_class_of_dev_complete(struct hci_dev *hdev, u8 *dev_class,
04124681 4433 u8 status)
7f9a903c 4434{
90e70454
JH		 4435 struct cmd_lookup match = { NULL, hdev, mgmt_status(status) };
4436 int err = 0;
7f9a903c 4437
92da6097
JH		 4438 mgmt_pending_foreach(MGMT_OP_SET_DEV_CLASS, hdev, sk_lookup, &match);
4439 mgmt_pending_foreach(MGMT_OP_ADD_UUID, hdev, sk_lookup, &match);
4440 mgmt_pending_foreach(MGMT_OP_REMOVE_UUID, hdev, sk_lookup, &match);
90e70454
JH		 4441
4442 if (!status)
04124681
GP		 4443 err = mgmt_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev, dev_class,
4444 3, NULL);
90e70454
JH		 4445
4446 if (match.sk)
4447 sock_put(match.sk);
7f9a903c
MH		 4448
4449 return err;
4450}
4451
744cf19e 4452int mgmt_set_local_name_complete(struct hci_dev *hdev, u8 *name, u8 status)
b312b161 4453{
b312b161 4454 struct mgmt_cp_set_local_name ev;
13928971 4455 struct pending_cmd *cmd;
28cc7bde 4456
13928971
JH		 4457 if (status)
4458 return 0;
b312b161
JH		 4459
4460 memset(&ev, 0, sizeof(ev));
4461 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH);
28cc7bde 4462 memcpy(ev.short_name, hdev->short_name, HCI_MAX_SHORT_NAME_LENGTH);
b312b161 4463
2e58ef3e 4464 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
13928971
JH		 4465 if (!cmd) {
4466 memcpy(hdev->dev_name, name, sizeof(hdev->dev_name));
28cc7bde 4467
13928971
JH		 4468 /* If this is a HCI command related to powering on the
4469 * HCI dev don't send any mgmt signals.
4470 */
4471 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev))
4472 return 0;
890ea898 4473 }
b312b161 4474
13928971
JH		 4475 return mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, &ev, sizeof(ev),
4476 cmd ? cmd->sk : NULL);
b312b161 4477}
c35938b2 4478
744cf19e 4479int mgmt_read_local_oob_data_reply_complete(struct hci_dev *hdev, u8 *hash,
04124681 4480 u8 *randomizer, u8 status)
c35938b2
SJ		 4481{
4482 struct pending_cmd *cmd;
4483 int err;
4484
744cf19e 4485 BT_DBG("%s status %u", hdev->name, status);
c35938b2 4486
2e58ef3e 4487 cmd = mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev);
c35938b2
SJ		 4488 if (!cmd)
4489 return -ENOENT;
4490
4491 if (status) {
04124681
GP		 4492 err = cmd_status(cmd->sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
4493 mgmt_status(status));
c35938b2
SJ		 4494 } else {
4495 struct mgmt_rp_read_local_oob_data rp;
4496
4497 memcpy(rp.hash, hash, sizeof(rp.hash));
4498 memcpy(rp.randomizer, randomizer, sizeof(rp.randomizer));
4499
744cf19e 4500 err = cmd_complete(cmd->sk, hdev->id,
04124681
GP		 4501 MGMT_OP_READ_LOCAL_OOB_DATA, 0, &rp,
4502 sizeof(rp));
c35938b2
SJ		 4503 }
4504
4505 mgmt_pending_remove(cmd);
4506
4507 return err;
4508}
e17acd40 4509
48264f06 4510int mgmt_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
04124681
GP		 4511 u8 addr_type, u8 *dev_class, s8 rssi, u8 cfm_name, u8
4512 ssp, u8 *eir, u16 eir_len)
e17acd40 4513{
e319d2e7
JH		 4514 char buf[512];
4515 struct mgmt_ev_device_found *ev = (void *) buf;
1dc06093 4516 size_t ev_size;
e17acd40 4517
12602d0c
AG		 4518 if (!hci_discovery_active(hdev))
4519 return -EPERM;
4520
1dc06093
JH		 4521 /* Leave 5 bytes for a potential CoD field */
4522 if (sizeof(*ev) + eir_len + 5 > sizeof(buf))
7d262f86
AG		 4523 return -EINVAL;
4524
1dc06093
JH		 4525 memset(buf, 0, sizeof(buf));
4526
e319d2e7 4527 bacpy(&ev->addr.bdaddr, bdaddr);
57c1477c 4528 ev->addr.type = link_to_bdaddr(link_type, addr_type);
e319d2e7 4529 ev->rssi = rssi;
9a395a80 4530 if (cfm_name)
612dfce9 4531 ev->flags |= __constant_cpu_to_le32(MGMT_DEV_FOUND_CONFIRM_NAME);
388fc8fa 4532 if (!ssp)
612dfce9 4533 ev->flags |= __constant_cpu_to_le32(MGMT_DEV_FOUND_LEGACY_PAIRING);
e17acd40 4534
1dc06093 4535 if (eir_len > 0)
e319d2e7 4536 memcpy(ev->eir, eir, eir_len);
e17acd40 4537
1dc06093
JH		 4538 if (dev_class && !eir_has_data_type(ev->eir, eir_len, EIR_CLASS_OF_DEV))
4539 eir_len = eir_append_data(ev->eir, eir_len, EIR_CLASS_OF_DEV,
04124681 4540 dev_class, 3);
1dc06093 4541
eb55ef07 4542 ev->eir_len = cpu_to_le16(eir_len);
1dc06093 4543 ev_size = sizeof(*ev) + eir_len;
f8523598 4544
e319d2e7 4545 return mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, ev_size, NULL);
e17acd40 4546}
a88a9652 4547
b644ba33 4548int mgmt_remote_name(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
04124681 4549 u8 addr_type, s8 rssi, u8 *name, u8 name_len)
a88a9652 4550{
b644ba33
JH		 4551 struct mgmt_ev_device_found *ev;
4552 char buf[sizeof(*ev) + HCI_MAX_NAME_LENGTH + 2];
4553 u16 eir_len;
a88a9652 4554
b644ba33 4555 ev = (struct mgmt_ev_device_found *) buf;
a88a9652 4556
b644ba33
JH		 4557 memset(buf, 0, sizeof(buf));
4558
4559 bacpy(&ev->addr.bdaddr, bdaddr);
57c1477c 4560 ev->addr.type = link_to_bdaddr(link_type, addr_type);
b644ba33
JH		 4561 ev->rssi = rssi;
4562
4563 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE, name,
04124681 4564 name_len);
b644ba33 4565
eb55ef07 4566 ev->eir_len = cpu_to_le16(eir_len);
a88a9652 4567
053c7e0c 4568 return mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev,
04124681 4569 sizeof(*ev) + eir_len, NULL);
a88a9652 4570}
314b2381 4571
744cf19e 4572int mgmt_discovering(struct hci_dev *hdev, u8 discovering)
314b2381 4573{
f963e8e9 4574 struct mgmt_ev_discovering ev;
164a6e78
JH		 4575 struct pending_cmd *cmd;
4576
343fb145
AG		 4577 BT_DBG("%s discovering %u", hdev->name, discovering);
4578
164a6e78 4579 if (discovering)
2e58ef3e 4580 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
164a6e78 4581 else
2e58ef3e 4582 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
164a6e78
JH		 4583
4584 if (cmd != NULL) {
f808e166
JH		 4585 u8 type = hdev->discovery.type;
4586
04124681
GP		 4587 cmd_complete(cmd->sk, hdev->id, cmd->opcode, 0, &type,
4588 sizeof(type));
164a6e78
JH		 4589 mgmt_pending_remove(cmd);
4590 }
4591
f963e8e9
JH		 4592 memset(&ev, 0, sizeof(ev));
4593 ev.type = hdev->discovery.type;
4594 ev.discovering = discovering;
4595
4596 return mgmt_event(MGMT_EV_DISCOVERING, hdev, &ev, sizeof(ev), NULL);
314b2381 4597}
5e762444 4598
88c1fe4b 4599int mgmt_device_blocked(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
5e762444
AJ		 4600{
4601 struct pending_cmd *cmd;
4602 struct mgmt_ev_device_blocked ev;
4603
2e58ef3e 4604 cmd = mgmt_pending_find(MGMT_OP_BLOCK_DEVICE, hdev);
5e762444 4605
88c1fe4b
JH		 4606 bacpy(&ev.addr.bdaddr, bdaddr);
4607 ev.addr.type = type;
5e762444 4608
744cf19e 4609 return mgmt_event(MGMT_EV_DEVICE_BLOCKED, hdev, &ev, sizeof(ev),
04124681 4610 cmd ? cmd->sk : NULL);
5e762444
AJ		 4611}
4612
88c1fe4b 4613int mgmt_device_unblocked(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
5e762444
AJ		 4614{
4615 struct pending_cmd *cmd;
4616 struct mgmt_ev_device_unblocked ev;
4617
2e58ef3e 4618 cmd = mgmt_pending_find(MGMT_OP_UNBLOCK_DEVICE, hdev);
5e762444 4619
88c1fe4b
JH		 4620 bacpy(&ev.addr.bdaddr, bdaddr);
4621 ev.addr.type = type;
5e762444 4622
744cf19e 4623 return mgmt_event(MGMT_EV_DEVICE_UNBLOCKED, hdev, &ev, sizeof(ev),
04124681 4624 cmd ? cmd->sk : NULL);
5e762444 4625}
Linux kernel - Deliverables
This page took 0.487411 seconds and 5 git commands to generate.