projects / deliverable / linux.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Bluetooth: Store max TX power level for connection
[deliverable/linux.git] / net / bluetooth / mgmt.c
CommitLineData
0381101f
JH		 1/*
2 BlueZ - Bluetooth protocol stack for Linux
ea585ab5 3
0381101f 4 Copyright (C) 2010 Nokia Corporation
ea585ab5 5 Copyright (C) 2011-2012 Intel Corporation
0381101f
JH		 6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
10
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
23*/
24
25/* Bluetooth HCI Management interface */
26
3a9a231d 27#include <linux/module.h>
0381101f
JH		 28#include <asm/unaligned.h>
29
30#include <net/bluetooth/bluetooth.h>
31#include <net/bluetooth/hci_core.h>
32#include <net/bluetooth/mgmt.h>
ac4b7236
MH		 33
34#include "smp.h"
0381101f 35
2da9c55c 36#define MGMT_VERSION 1
b75cf9cd 37#define MGMT_REVISION 6
02d98129 38
e70bb2e8
JH		 39static const u16 mgmt_commands[] = {
40 MGMT_OP_READ_INDEX_LIST,
41 MGMT_OP_READ_INFO,
42 MGMT_OP_SET_POWERED,
43 MGMT_OP_SET_DISCOVERABLE,
44 MGMT_OP_SET_CONNECTABLE,
45 MGMT_OP_SET_FAST_CONNECTABLE,
46 MGMT_OP_SET_PAIRABLE,
47 MGMT_OP_SET_LINK_SECURITY,
48 MGMT_OP_SET_SSP,
49 MGMT_OP_SET_HS,
50 MGMT_OP_SET_LE,
51 MGMT_OP_SET_DEV_CLASS,
52 MGMT_OP_SET_LOCAL_NAME,
53 MGMT_OP_ADD_UUID,
54 MGMT_OP_REMOVE_UUID,
55 MGMT_OP_LOAD_LINK_KEYS,
56 MGMT_OP_LOAD_LONG_TERM_KEYS,
57 MGMT_OP_DISCONNECT,
58 MGMT_OP_GET_CONNECTIONS,
59 MGMT_OP_PIN_CODE_REPLY,
60 MGMT_OP_PIN_CODE_NEG_REPLY,
61 MGMT_OP_SET_IO_CAPABILITY,
62 MGMT_OP_PAIR_DEVICE,
63 MGMT_OP_CANCEL_PAIR_DEVICE,
64 MGMT_OP_UNPAIR_DEVICE,
65 MGMT_OP_USER_CONFIRM_REPLY,
66 MGMT_OP_USER_CONFIRM_NEG_REPLY,
67 MGMT_OP_USER_PASSKEY_REPLY,
68 MGMT_OP_USER_PASSKEY_NEG_REPLY,
69 MGMT_OP_READ_LOCAL_OOB_DATA,
70 MGMT_OP_ADD_REMOTE_OOB_DATA,
71 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
72 MGMT_OP_START_DISCOVERY,
73 MGMT_OP_STOP_DISCOVERY,
74 MGMT_OP_CONFIRM_NAME,
75 MGMT_OP_BLOCK_DEVICE,
76 MGMT_OP_UNBLOCK_DEVICE,
cdbaccca 77 MGMT_OP_SET_DEVICE_ID,
4375f103 78 MGMT_OP_SET_ADVERTISING,
0663ca2a 79 MGMT_OP_SET_BREDR,
d13eafce 80 MGMT_OP_SET_STATIC_ADDRESS,
7f72134e 81 MGMT_OP_SET_SCAN_PARAMS,
e98d2ce2 82 MGMT_OP_SET_SECURE_CONN,
4e39ac81 83 MGMT_OP_SET_DEBUG_KEYS,
62b04cd1 84 MGMT_OP_SET_PRIVACY,
41edf160 85 MGMT_OP_LOAD_IRKS,
dd983808 86 MGMT_OP_GET_CONN_INFO,
e70bb2e8
JH		 87};
88
89static const u16 mgmt_events[] = {
90 MGMT_EV_CONTROLLER_ERROR,
91 MGMT_EV_INDEX_ADDED,
92 MGMT_EV_INDEX_REMOVED,
93 MGMT_EV_NEW_SETTINGS,
94 MGMT_EV_CLASS_OF_DEV_CHANGED,
95 MGMT_EV_LOCAL_NAME_CHANGED,
96 MGMT_EV_NEW_LINK_KEY,
97 MGMT_EV_NEW_LONG_TERM_KEY,
98 MGMT_EV_DEVICE_CONNECTED,
99 MGMT_EV_DEVICE_DISCONNECTED,
100 MGMT_EV_CONNECT_FAILED,
101 MGMT_EV_PIN_CODE_REQUEST,
102 MGMT_EV_USER_CONFIRM_REQUEST,
103 MGMT_EV_USER_PASSKEY_REQUEST,
104 MGMT_EV_AUTH_FAILED,
105 MGMT_EV_DEVICE_FOUND,
106 MGMT_EV_DISCOVERING,
107 MGMT_EV_DEVICE_BLOCKED,
108 MGMT_EV_DEVICE_UNBLOCKED,
109 MGMT_EV_DEVICE_UNPAIRED,
92a25256 110 MGMT_EV_PASSKEY_NOTIFY,
1b60ef21 111 MGMT_EV_NEW_IRK,
7ee4ea36 112 MGMT_EV_NEW_CSRK,
e70bb2e8
JH		 113};
114
17b02e62 115#define CACHE_TIMEOUT msecs_to_jiffies(2 * 1000)
7d78525d 116
4b34ee78
JH		 117#define hdev_is_powered(hdev) (test_bit(HCI_UP, &hdev->flags) && \
118 !test_bit(HCI_AUTO_OFF, &hdev->dev_flags))
119
eec8d2bc
JH		 120struct pending_cmd {
121 struct list_head list;
fc2f4b13 122 u16 opcode;
eec8d2bc 123 int index;
c68fb7ff 124 void *param;
eec8d2bc 125 struct sock *sk;
e9a416b5 126 void *user_data;
eec8d2bc
JH		 127};
128
ca69b795
JH		 129/* HCI to MGMT error code conversion table */
130static u8 mgmt_status_table[] = {
131 MGMT_STATUS_SUCCESS,
132 MGMT_STATUS_UNKNOWN_COMMAND, /* Unknown Command */
133 MGMT_STATUS_NOT_CONNECTED, /* No Connection */
134 MGMT_STATUS_FAILED, /* Hardware Failure */
135 MGMT_STATUS_CONNECT_FAILED, /* Page Timeout */
136 MGMT_STATUS_AUTH_FAILED, /* Authentication Failed */
eadd663a 137 MGMT_STATUS_AUTH_FAILED, /* PIN or Key Missing */
ca69b795
JH		 138 MGMT_STATUS_NO_RESOURCES, /* Memory Full */
139 MGMT_STATUS_TIMEOUT, /* Connection Timeout */
140 MGMT_STATUS_NO_RESOURCES, /* Max Number of Connections */
141 MGMT_STATUS_NO_RESOURCES, /* Max Number of SCO Connections */
142 MGMT_STATUS_ALREADY_CONNECTED, /* ACL Connection Exists */
143 MGMT_STATUS_BUSY, /* Command Disallowed */
144 MGMT_STATUS_NO_RESOURCES, /* Rejected Limited Resources */
145 MGMT_STATUS_REJECTED, /* Rejected Security */
146 MGMT_STATUS_REJECTED, /* Rejected Personal */
147 MGMT_STATUS_TIMEOUT, /* Host Timeout */
148 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Feature */
149 MGMT_STATUS_INVALID_PARAMS, /* Invalid Parameters */
150 MGMT_STATUS_DISCONNECTED, /* OE User Ended Connection */
151 MGMT_STATUS_NO_RESOURCES, /* OE Low Resources */
152 MGMT_STATUS_DISCONNECTED, /* OE Power Off */
153 MGMT_STATUS_DISCONNECTED, /* Connection Terminated */
154 MGMT_STATUS_BUSY, /* Repeated Attempts */
155 MGMT_STATUS_REJECTED, /* Pairing Not Allowed */
156 MGMT_STATUS_FAILED, /* Unknown LMP PDU */
157 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Remote Feature */
158 MGMT_STATUS_REJECTED, /* SCO Offset Rejected */
159 MGMT_STATUS_REJECTED, /* SCO Interval Rejected */
160 MGMT_STATUS_REJECTED, /* Air Mode Rejected */
161 MGMT_STATUS_INVALID_PARAMS, /* Invalid LMP Parameters */
162 MGMT_STATUS_FAILED, /* Unspecified Error */
163 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported LMP Parameter Value */
164 MGMT_STATUS_FAILED, /* Role Change Not Allowed */
165 MGMT_STATUS_TIMEOUT, /* LMP Response Timeout */
166 MGMT_STATUS_FAILED, /* LMP Error Transaction Collision */
167 MGMT_STATUS_FAILED, /* LMP PDU Not Allowed */
168 MGMT_STATUS_REJECTED, /* Encryption Mode Not Accepted */
169 MGMT_STATUS_FAILED, /* Unit Link Key Used */
170 MGMT_STATUS_NOT_SUPPORTED, /* QoS Not Supported */
171 MGMT_STATUS_TIMEOUT, /* Instant Passed */
172 MGMT_STATUS_NOT_SUPPORTED, /* Pairing Not Supported */
173 MGMT_STATUS_FAILED, /* Transaction Collision */
174 MGMT_STATUS_INVALID_PARAMS, /* Unacceptable Parameter */
175 MGMT_STATUS_REJECTED, /* QoS Rejected */
176 MGMT_STATUS_NOT_SUPPORTED, /* Classification Not Supported */
177 MGMT_STATUS_REJECTED, /* Insufficient Security */
178 MGMT_STATUS_INVALID_PARAMS, /* Parameter Out Of Range */
179 MGMT_STATUS_BUSY, /* Role Switch Pending */
180 MGMT_STATUS_FAILED, /* Slot Violation */
181 MGMT_STATUS_FAILED, /* Role Switch Failed */
182 MGMT_STATUS_INVALID_PARAMS, /* EIR Too Large */
183 MGMT_STATUS_NOT_SUPPORTED, /* Simple Pairing Not Supported */
184 MGMT_STATUS_BUSY, /* Host Busy Pairing */
185 MGMT_STATUS_REJECTED, /* Rejected, No Suitable Channel */
186 MGMT_STATUS_BUSY, /* Controller Busy */
187 MGMT_STATUS_INVALID_PARAMS, /* Unsuitable Connection Interval */
188 MGMT_STATUS_TIMEOUT, /* Directed Advertising Timeout */
189 MGMT_STATUS_AUTH_FAILED, /* Terminated Due to MIC Failure */
190 MGMT_STATUS_CONNECT_FAILED, /* Connection Establishment Failed */
191 MGMT_STATUS_CONNECT_FAILED, /* MAC Connection Failed */
192};
193
194static u8 mgmt_status(u8 hci_status)
195{
196 if (hci_status < ARRAY_SIZE(mgmt_status_table))
197 return mgmt_status_table[hci_status];
198
199 return MGMT_STATUS_FAILED;
200}
201
4e51eae9 202static int cmd_status(struct sock *sk, u16 index, u16 cmd, u8 status)
f7b64e69
JH		 203{
204 struct sk_buff *skb;
205 struct mgmt_hdr *hdr;
206 struct mgmt_ev_cmd_status *ev;
56b7d137 207 int err;
f7b64e69 208
34eb525c 209 BT_DBG("sock %p, index %u, cmd %u, status %u", sk, index, cmd, status);
f7b64e69 210
790eff44 211 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev), GFP_KERNEL);
f7b64e69
JH		 212 if (!skb)
213 return -ENOMEM;
214
215 hdr = (void *) skb_put(skb, sizeof(*hdr));
216
dcf4adbf 217 hdr->opcode = cpu_to_le16(MGMT_EV_CMD_STATUS);
4e51eae9 218 hdr->index = cpu_to_le16(index);
f7b64e69
JH		 219 hdr->len = cpu_to_le16(sizeof(*ev));
220
221 ev = (void *) skb_put(skb, sizeof(*ev));
222 ev->status = status;
eb55ef07 223 ev->opcode = cpu_to_le16(cmd);
f7b64e69 224
56b7d137
GP		 225 err = sock_queue_rcv_skb(sk, skb);
226 if (err < 0)
f7b64e69
JH		 227 kfree_skb(skb);
228
56b7d137 229 return err;
f7b64e69
JH		 230}
231
aee9b218 232static int cmd_complete(struct sock *sk, u16 index, u16 cmd, u8 status,
04124681 233 void *rp, size_t rp_len)
02d98129
JH		 234{
235 struct sk_buff *skb;
236 struct mgmt_hdr *hdr;
237 struct mgmt_ev_cmd_complete *ev;
56b7d137 238 int err;
02d98129
JH		 239
240 BT_DBG("sock %p", sk);
241
790eff44 242 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev) + rp_len, GFP_KERNEL);
02d98129
JH		 243 if (!skb)
244 return -ENOMEM;
245
246 hdr = (void *) skb_put(skb, sizeof(*hdr));
02d98129 247
dcf4adbf 248 hdr->opcode = cpu_to_le16(MGMT_EV_CMD_COMPLETE);
4e51eae9 249 hdr->index = cpu_to_le16(index);
a38528f1 250 hdr->len = cpu_to_le16(sizeof(*ev) + rp_len);
02d98129 251
a38528f1 252 ev = (void *) skb_put(skb, sizeof(*ev) + rp_len);
eb55ef07 253 ev->opcode = cpu_to_le16(cmd);
aee9b218 254 ev->status = status;
8020c16a
SJ		 255
256 if (rp)
257 memcpy(ev->data, rp, rp_len);
02d98129 258
56b7d137
GP		 259 err = sock_queue_rcv_skb(sk, skb);
260 if (err < 0)
02d98129
JH		 261 kfree_skb(skb);
262
e5f0e151 263 return err;
02d98129
JH		 264}
265
04124681
GP		 266static int read_version(struct sock *sk, struct hci_dev *hdev, void *data,
267 u16 data_len)
a38528f1
JH		 268{
269 struct mgmt_rp_read_version rp;
270
271 BT_DBG("sock %p", sk);
272
273 rp.version = MGMT_VERSION;
dcf4adbf 274 rp.revision = cpu_to_le16(MGMT_REVISION);
a38528f1 275
aee9b218 276 return cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_VERSION, 0, &rp,
04124681 277 sizeof(rp));
a38528f1
JH		 278}
279
04124681
GP		 280static int read_commands(struct sock *sk, struct hci_dev *hdev, void *data,
281 u16 data_len)
e70bb2e8
JH		 282{
283 struct mgmt_rp_read_commands *rp;
eb55ef07
MH		 284 const u16 num_commands = ARRAY_SIZE(mgmt_commands);
285 const u16 num_events = ARRAY_SIZE(mgmt_events);
2e3c35ea 286 __le16 *opcode;
e70bb2e8
JH		 287 size_t rp_size;
288 int i, err;
289
290 BT_DBG("sock %p", sk);
291
292 rp_size = sizeof(*rp) + ((num_commands + num_events) * sizeof(u16));
293
294 rp = kmalloc(rp_size, GFP_KERNEL);
295 if (!rp)
296 return -ENOMEM;
297
dcf4adbf
JP		 298 rp->num_commands = cpu_to_le16(num_commands);
299 rp->num_events = cpu_to_le16(num_events);
e70bb2e8
JH		 300
301 for (i = 0, opcode = rp->opcodes; i < num_commands; i++, opcode++)
302 put_unaligned_le16(mgmt_commands[i], opcode);
303
304 for (i = 0; i < num_events; i++, opcode++)
305 put_unaligned_le16(mgmt_events[i], opcode);
306
aee9b218 307 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_COMMANDS, 0, rp,
04124681 308 rp_size);
e70bb2e8
JH		 309 kfree(rp);
310
311 return err;
312}
313
04124681
GP		 314static int read_index_list(struct sock *sk, struct hci_dev *hdev, void *data,
315 u16 data_len)
faba42eb 316{
faba42eb 317 struct mgmt_rp_read_index_list *rp;
8035ded4 318 struct hci_dev *d;
a38528f1 319 size_t rp_len;
faba42eb 320 u16 count;
476e44cb 321 int err;
faba42eb
JH		 322
323 BT_DBG("sock %p", sk);
324
325 read_lock(&hci_dev_list_lock);
326
327 count = 0;
bb4b2a9a 328 list_for_each_entry(d, &hci_dev_list, list) {
1514b892
MH		 329 if (d->dev_type == HCI_BREDR)
330 count++;
faba42eb
JH		 331 }
332
a38528f1
JH		 333 rp_len = sizeof(*rp) + (2 * count);
334 rp = kmalloc(rp_len, GFP_ATOMIC);
335 if (!rp) {
b2c60d42 336 read_unlock(&hci_dev_list_lock);
faba42eb 337 return -ENOMEM;
b2c60d42 338 }
faba42eb 339
476e44cb 340 count = 0;
8035ded4 341 list_for_each_entry(d, &hci_dev_list, list) {
a8b2d5c2 342 if (test_bit(HCI_SETUP, &d->dev_flags))
ab81cbf9
JH		 343 continue;
344
0736cfa8
MH		 345 if (test_bit(HCI_USER_CHANNEL, &d->dev_flags))
346 continue;
347
1514b892
MH		 348 if (d->dev_type == HCI_BREDR) {
349 rp->index[count++] = cpu_to_le16(d->id);
350 BT_DBG("Added hci%u", d->id);
351 }
faba42eb
JH		 352 }
353
476e44cb
JH		 354 rp->num_controllers = cpu_to_le16(count);
355 rp_len = sizeof(*rp) + (2 * count);
356
faba42eb
JH		 357 read_unlock(&hci_dev_list_lock);
358
aee9b218 359 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_INDEX_LIST, 0, rp,
04124681 360 rp_len);
faba42eb 361
a38528f1
JH		 362 kfree(rp);
363
364 return err;
faba42eb
JH		 365}
366
69ab39ea
JH		 367static u32 get_supported_settings(struct hci_dev *hdev)
368{
369 u32 settings = 0;
370
371 settings |= MGMT_SETTING_POWERED;
69ab39ea 372 settings |= MGMT_SETTING_PAIRABLE;
b1de97d8 373 settings |= MGMT_SETTING_DEBUG_KEYS;
69ab39ea 374
ed3fa31f 375 if (lmp_bredr_capable(hdev)) {
33c525c0 376 settings |= MGMT_SETTING_CONNECTABLE;
1a47aee8
JH		 377 if (hdev->hci_ver >= BLUETOOTH_VER_1_2)
378 settings |= MGMT_SETTING_FAST_CONNECTABLE;
33c525c0 379 settings |= MGMT_SETTING_DISCOVERABLE;
69ab39ea
JH		 380 settings |= MGMT_SETTING_BREDR;
381 settings |= MGMT_SETTING_LINK_SECURITY;
a82974c9
MH		 382
383 if (lmp_ssp_capable(hdev)) {
384 settings |= MGMT_SETTING_SSP;
385 settings |= MGMT_SETTING_HS;
386 }
e98d2ce2 387
5afeac14
MH		 388 if (lmp_sc_capable(hdev) ||
389 test_bit(HCI_FORCE_SC, &hdev->dev_flags))
e98d2ce2 390 settings |= MGMT_SETTING_SECURE_CONN;
848566b3 391 }
d7b7e796 392
eeca6f89 393 if (lmp_le_capable(hdev)) {
9d42820f 394 settings |= MGMT_SETTING_LE;
eeca6f89 395 settings |= MGMT_SETTING_ADVERTISING;
0f4bd942 396 settings |= MGMT_SETTING_PRIVACY;
eeca6f89 397 }
69ab39ea
JH		 398
399 return settings;
400}
401
402static u32 get_current_settings(struct hci_dev *hdev)
403{
404 u32 settings = 0;
405
f1f0eb02 406 if (hdev_is_powered(hdev))
f0d4b78a
MH		 407 settings |= MGMT_SETTING_POWERED;
408
5e5282bb 409 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
69ab39ea
JH		 410 settings |= MGMT_SETTING_CONNECTABLE;
411
1a4d3c4b
JH		 412 if (test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags))
413 settings |= MGMT_SETTING_FAST_CONNECTABLE;
414
5e5282bb 415 if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
69ab39ea
JH		 416 settings |= MGMT_SETTING_DISCOVERABLE;
417
a8b2d5c2 418 if (test_bit(HCI_PAIRABLE, &hdev->dev_flags))
69ab39ea
JH		 419 settings |= MGMT_SETTING_PAIRABLE;
420
56f87901 421 if (test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
69ab39ea
JH		 422 settings |= MGMT_SETTING_BREDR;
423
06199cf8 424 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
69ab39ea
JH		 425 settings |= MGMT_SETTING_LE;
426
47990ea0 427 if (test_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
69ab39ea
JH		 428 settings |= MGMT_SETTING_LINK_SECURITY;
429
84bde9d6 430 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
69ab39ea
JH		 431 settings |= MGMT_SETTING_SSP;
432
6d80dfd0
JH		 433 if (test_bit(HCI_HS_ENABLED, &hdev->dev_flags))
434 settings |= MGMT_SETTING_HS;
435
f3d3444a 436 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags))
eeca6f89
JH		 437 settings |= MGMT_SETTING_ADVERTISING;
438
e98d2ce2
MH		 439 if (test_bit(HCI_SC_ENABLED, &hdev->dev_flags))
440 settings |= MGMT_SETTING_SECURE_CONN;
441
b1de97d8
MH		 442 if (test_bit(HCI_DEBUG_KEYS, &hdev->dev_flags))
443 settings |= MGMT_SETTING_DEBUG_KEYS;
444
0f4bd942
JH		 445 if (test_bit(HCI_PRIVACY, &hdev->dev_flags))
446 settings |= MGMT_SETTING_PRIVACY;
447
69ab39ea
JH		 448 return settings;
449}
450
ef580372
JH		 451#define PNP_INFO_SVCLASS_ID 0x1200
452
213202ed
JH		 453static u8 *create_uuid16_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
454{
455 u8 *ptr = data, *uuids_start = NULL;
456 struct bt_uuid *uuid;
457
458 if (len < 4)
459 return ptr;
460
461 list_for_each_entry(uuid, &hdev->uuids, list) {
462 u16 uuid16;
463
464 if (uuid->size != 16)
465 continue;
466
467 uuid16 = get_unaligned_le16(&uuid->uuid[12]);
468 if (uuid16 < 0x1100)
469 continue;
470
471 if (uuid16 == PNP_INFO_SVCLASS_ID)
472 continue;
473
474 if (!uuids_start) {
475 uuids_start = ptr;
476 uuids_start[0] = 1;
477 uuids_start[1] = EIR_UUID16_ALL;
478 ptr += 2;
479 }
480
481 /* Stop if not enough space to put next UUID */
482 if ((ptr - data) + sizeof(u16) > len) {
483 uuids_start[1] = EIR_UUID16_SOME;
484 break;
485 }
486
487 *ptr++ = (uuid16 & 0x00ff);
488 *ptr++ = (uuid16 & 0xff00) >> 8;
489 uuids_start[0] += sizeof(uuid16);
490 }
491
492 return ptr;
493}
494
cdf1963f
JH		 495static u8 *create_uuid32_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
496{
497 u8 *ptr = data, *uuids_start = NULL;
498 struct bt_uuid *uuid;
499
500 if (len < 6)
501 return ptr;
502
503 list_for_each_entry(uuid, &hdev->uuids, list) {
504 if (uuid->size != 32)
505 continue;
506
507 if (!uuids_start) {
508 uuids_start = ptr;
509 uuids_start[0] = 1;
510 uuids_start[1] = EIR_UUID32_ALL;
511 ptr += 2;
512 }
513
514 /* Stop if not enough space to put next UUID */
515 if ((ptr - data) + sizeof(u32) > len) {
516 uuids_start[1] = EIR_UUID32_SOME;
517 break;
518 }
519
520 memcpy(ptr, &uuid->uuid[12], sizeof(u32));
521 ptr += sizeof(u32);
522 uuids_start[0] += sizeof(u32);
523 }
524
525 return ptr;
526}
527
c00d575b
JH		 528static u8 *create_uuid128_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
529{
530 u8 *ptr = data, *uuids_start = NULL;
531 struct bt_uuid *uuid;
532
533 if (len < 18)
534 return ptr;
535
536 list_for_each_entry(uuid, &hdev->uuids, list) {
537 if (uuid->size != 128)
538 continue;
539
540 if (!uuids_start) {
541 uuids_start = ptr;
542 uuids_start[0] = 1;
543 uuids_start[1] = EIR_UUID128_ALL;
544 ptr += 2;
545 }
546
547 /* Stop if not enough space to put next UUID */
548 if ((ptr - data) + 16 > len) {
549 uuids_start[1] = EIR_UUID128_SOME;
550 break;
551 }
552
553 memcpy(ptr, uuid->uuid, 16);
554 ptr += 16;
555 uuids_start[0] += 16;
556 }
557
558 return ptr;
559}
560
eb2a8d20
JH		 561static struct pending_cmd *mgmt_pending_find(u16 opcode, struct hci_dev *hdev)
562{
563 struct pending_cmd *cmd;
564
565 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
566 if (cmd->opcode == opcode)
567 return cmd;
568 }
569
570 return NULL;
571}
572
f14d8f64
MH		 573static u8 create_scan_rsp_data(struct hci_dev *hdev, u8 *ptr)
574{
7a5f4990
MH		 575 u8 ad_len = 0;
576 size_t name_len;
577
578 name_len = strlen(hdev->dev_name);
579 if (name_len > 0) {
580 size_t max_len = HCI_MAX_AD_LENGTH - ad_len - 2;
581
582 if (name_len > max_len) {
583 name_len = max_len;
584 ptr[1] = EIR_NAME_SHORT;
585 } else
586 ptr[1] = EIR_NAME_COMPLETE;
587
588 ptr[0] = name_len + 1;
589
590 memcpy(ptr + 2, hdev->dev_name, name_len);
591
592 ad_len += (name_len + 2);
593 ptr += (name_len + 2);
594 }
595
596 return ad_len;
f14d8f64
MH		 597}
598
599static void update_scan_rsp_data(struct hci_request *req)
600{
601 struct hci_dev *hdev = req->hdev;
602 struct hci_cp_le_set_scan_rsp_data cp;
603 u8 len;
604
7751ef1b 605 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
f14d8f64
MH		 606 return;
607
608 memset(&cp, 0, sizeof(cp));
609
610 len = create_scan_rsp_data(hdev, cp.data);
611
eb438b5f
JH		 612 if (hdev->scan_rsp_data_len == len &&
613 memcmp(cp.data, hdev->scan_rsp_data, len) == 0)
f14d8f64
MH		 614 return;
615
eb438b5f
JH		 616 memcpy(hdev->scan_rsp_data, cp.data, sizeof(cp.data));
617 hdev->scan_rsp_data_len = len;
f14d8f64
MH		 618
619 cp.length = len;
620
621 hci_req_add(req, HCI_OP_LE_SET_SCAN_RSP_DATA, sizeof(cp), &cp);
622}
623
9a43e25f
JH		 624static u8 get_adv_discov_flags(struct hci_dev *hdev)
625{
626 struct pending_cmd *cmd;
627
628 /* If there's a pending mgmt command the flags will not yet have
629 * their final values, so check for this first.
630 */
631 cmd = mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev);
632 if (cmd) {
633 struct mgmt_mode *cp = cmd->param;
634 if (cp->val == 0x01)
635 return LE_AD_GENERAL;
636 else if (cp->val == 0x02)
637 return LE_AD_LIMITED;
638 } else {
639 if (test_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags))
640 return LE_AD_LIMITED;
641 else if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
642 return LE_AD_GENERAL;
643 }
644
645 return 0;
646}
647
46cad2ed 648static u8 create_adv_data(struct hci_dev *hdev, u8 *ptr)
441ad2d0
MH		 649{
650 u8 ad_len = 0, flags = 0;
441ad2d0 651
9a43e25f 652 flags |= get_adv_discov_flags(hdev);
441ad2d0 653
e834004b 654 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
441ad2d0 655 flags |= LE_AD_NO_BREDR;
441ad2d0
MH		 656
657 if (flags) {
658 BT_DBG("adv flags 0x%02x", flags);
659
660 ptr[0] = 2;
661 ptr[1] = EIR_FLAGS;
662 ptr[2] = flags;
663
664 ad_len += 3;
665 ptr += 3;
666 }
667
668 if (hdev->adv_tx_power != HCI_TX_POWER_INVALID) {
669 ptr[0] = 2;
670 ptr[1] = EIR_TX_POWER;
671 ptr[2] = (u8) hdev->adv_tx_power;
672
673 ad_len += 3;
674 ptr += 3;
675 }
676
441ad2d0
MH		 677 return ad_len;
678}
679
5947f4bc 680static void update_adv_data(struct hci_request *req)
441ad2d0
MH		 681{
682 struct hci_dev *hdev = req->hdev;
683 struct hci_cp_le_set_adv_data cp;
684 u8 len;
685
10994ce6 686 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
441ad2d0
MH		 687 return;
688
689 memset(&cp, 0, sizeof(cp));
690
46cad2ed 691 len = create_adv_data(hdev, cp.data);
441ad2d0
MH		 692
693 if (hdev->adv_data_len == len &&
694 memcmp(cp.data, hdev->adv_data, len) == 0)
695 return;
696
697 memcpy(hdev->adv_data, cp.data, sizeof(cp.data));
698 hdev->adv_data_len = len;
699
700 cp.length = len;
701
702 hci_req_add(req, HCI_OP_LE_SET_ADV_DATA, sizeof(cp), &cp);
703}
704
ef580372
JH		 705static void create_eir(struct hci_dev *hdev, u8 *data)
706{
707 u8 *ptr = data;
ef580372
JH		 708 size_t name_len;
709
710 name_len = strlen(hdev->dev_name);
711
712 if (name_len > 0) {
713 /* EIR Data type */
714 if (name_len > 48) {
715 name_len = 48;
716 ptr[1] = EIR_NAME_SHORT;
717 } else
718 ptr[1] = EIR_NAME_COMPLETE;
719
720 /* EIR Data length */
721 ptr[0] = name_len + 1;
722
723 memcpy(ptr + 2, hdev->dev_name, name_len);
724
ef580372
JH		 725 ptr += (name_len + 2);
726 }
727
bbaf444a 728 if (hdev->inq_tx_power != HCI_TX_POWER_INVALID) {
91c4e9b1
MH		 729 ptr[0] = 2;
730 ptr[1] = EIR_TX_POWER;
731 ptr[2] = (u8) hdev->inq_tx_power;
732
91c4e9b1
MH		 733 ptr += 3;
734 }
735
2b9be137
MH		 736 if (hdev->devid_source > 0) {
737 ptr[0] = 9;
738 ptr[1] = EIR_DEVICE_ID;
739
740 put_unaligned_le16(hdev->devid_source, ptr + 2);
741 put_unaligned_le16(hdev->devid_vendor, ptr + 4);
742 put_unaligned_le16(hdev->devid_product, ptr + 6);
743 put_unaligned_le16(hdev->devid_version, ptr + 8);
744
2b9be137
MH		 745 ptr += 10;
746 }
747
213202ed 748 ptr = create_uuid16_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
cdf1963f 749 ptr = create_uuid32_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
c00d575b 750 ptr = create_uuid128_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
ef580372
JH		 751}
752
890ea898 753static void update_eir(struct hci_request *req)
ef580372 754{
890ea898 755 struct hci_dev *hdev = req->hdev;
ef580372
JH		 756 struct hci_cp_write_eir cp;
757
504c8dcd 758 if (!hdev_is_powered(hdev))
890ea898 759 return;
7770c4aa 760
976eb20e 761 if (!lmp_ext_inq_capable(hdev))
890ea898 762 return;
ef580372 763
84bde9d6 764 if (!test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
890ea898 765 return;
ef580372 766
a8b2d5c2 767 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
890ea898 768 return;
ef580372
JH		 769
770 memset(&cp, 0, sizeof(cp));
771
772 create_eir(hdev, cp.data);
773
774 if (memcmp(cp.data, hdev->eir, sizeof(cp.data)) == 0)
890ea898 775 return;
ef580372
JH		 776
777 memcpy(hdev->eir, cp.data, sizeof(cp.data));
778
890ea898 779 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
ef580372
JH		 780}
781
782static u8 get_service_classes(struct hci_dev *hdev)
783{
784 struct bt_uuid *uuid;
785 u8 val = 0;
786
787 list_for_each_entry(uuid, &hdev->uuids, list)
788 val |= uuid->svc_hint;
789
790 return val;
791}
792
890ea898 793static void update_class(struct hci_request *req)
ef580372 794{
890ea898 795 struct hci_dev *hdev = req->hdev;
ef580372
JH		 796 u8 cod[3];
797
798 BT_DBG("%s", hdev->name);
799
504c8dcd 800 if (!hdev_is_powered(hdev))
890ea898 801 return;
7770c4aa 802
f87ea1da
JH		 803 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
804 return;
805
a8b2d5c2 806 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
890ea898 807 return;
ef580372
JH		 808
809 cod[0] = hdev->minor_class;
810 cod[1] = hdev->major_class;
811 cod[2] = get_service_classes(hdev);
812
6acd7db4
MH		 813 if (test_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags))
814 cod[1] |= 0x20;
815
ef580372 816 if (memcmp(cod, hdev->dev_class, 3) == 0)
890ea898 817 return;
ef580372 818
890ea898 819 hci_req_add(req, HCI_OP_WRITE_CLASS_OF_DEV, sizeof(cod), cod);
ef580372
JH		 820}
821
a4858cb9 822static bool get_connectable(struct hci_dev *hdev)
199a2fb1
JH		 823{
824 struct pending_cmd *cmd;
199a2fb1
JH		 825
826 /* If there's a pending mgmt command the flag will not yet have
827 * it's final value, so check for this first.
828 */
829 cmd = mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
830 if (cmd) {
831 struct mgmt_mode *cp = cmd->param;
a4858cb9 832 return cp->val;
199a2fb1
JH		 833 }
834
a4858cb9 835 return test_bit(HCI_CONNECTABLE, &hdev->dev_flags);
199a2fb1
JH		 836}
837
838static void enable_advertising(struct hci_request *req)
839{
840 struct hci_dev *hdev = req->hdev;
841 struct hci_cp_le_set_adv_param cp;
8f2a0601 842 u8 own_addr_type, enable = 0x01;
a4858cb9 843 bool connectable;
199a2fb1 844
8d97250e
JH		 845 /* Clear the HCI_ADVERTISING bit temporarily so that the
846 * hci_update_random_address knows that it's safe to go ahead
847 * and write a new random address. The flag will be set back on
848 * as soon as the SET_ADV_ENABLE HCI command completes.
849 */
850 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
851
a4858cb9 852 connectable = get_connectable(hdev);
8f2a0601 853
a4858cb9
JH		 854 /* Set require_privacy to true only when non-connectable
855 * advertising is used. In that case it is fine to use a
856 * non-resolvable private address.
857 */
858 if (hci_update_random_address(req, !connectable, &own_addr_type) < 0)
8f2a0601
JH		 859 return;
860
41c90c18 861 memset(&cp, 0, sizeof(cp));
dcf4adbf
JP		 862 cp.min_interval = cpu_to_le16(0x0800);
863 cp.max_interval = cpu_to_le16(0x0800);
a4858cb9 864 cp.type = connectable ? LE_ADV_IND : LE_ADV_NONCONN_IND;
8f2a0601 865 cp.own_address_type = own_addr_type;
199a2fb1
JH		 866 cp.channel_map = hdev->le_adv_channel_map;
867
868 hci_req_add(req, HCI_OP_LE_SET_ADV_PARAM, sizeof(cp), &cp);
869
870 hci_req_add(req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable), &enable);
871}
872
873static void disable_advertising(struct hci_request *req)
874{
875 u8 enable = 0x00;
876
877 hci_req_add(req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable), &enable);
878}
879
7d78525d
JH		 880static void service_cache_off(struct work_struct *work)
881{
882 struct hci_dev *hdev = container_of(work, struct hci_dev,
04124681 883 service_cache.work);
890ea898 884 struct hci_request req;
7d78525d 885
a8b2d5c2 886 if (!test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
7d78525d
JH		 887 return;
888
890ea898
JH		 889 hci_req_init(&req, hdev);
890
7d78525d
JH		 891 hci_dev_lock(hdev);
892
890ea898
JH		 893 update_eir(&req);
894 update_class(&req);
7d78525d
JH		 895
896 hci_dev_unlock(hdev);
890ea898
JH		 897
898 hci_req_run(&req, NULL);
7d78525d
JH		 899}
900
d6bfd59c
JH		 901static void rpa_expired(struct work_struct *work)
902{
903 struct hci_dev *hdev = container_of(work, struct hci_dev,
904 rpa_expired.work);
905 struct hci_request req;
906
907 BT_DBG("");
908
909 set_bit(HCI_RPA_EXPIRED, &hdev->dev_flags);
910
911 if (!test_bit(HCI_ADVERTISING, &hdev->dev_flags) ||
912 hci_conn_num(hdev, LE_LINK) > 0)
913 return;
914
915 /* The generation of a new RPA and programming it into the
916 * controller happens in the enable_advertising() function.
917 */
918
919 hci_req_init(&req, hdev);
920
921 disable_advertising(&req);
922 enable_advertising(&req);
923
924 hci_req_run(&req, NULL);
925}
926
6a919082 927static void mgmt_init_hdev(struct sock *sk, struct hci_dev *hdev)
7d78525d 928{
4f87da80 929 if (test_and_set_bit(HCI_MGMT, &hdev->dev_flags))
6a919082
JH		 930 return;
931
4f87da80 932 INIT_DELAYED_WORK(&hdev->service_cache, service_cache_off);
d6bfd59c 933 INIT_DELAYED_WORK(&hdev->rpa_expired, rpa_expired);
7d78525d 934
4f87da80
JH		 935 /* Non-mgmt controlled devices get this bit set
936 * implicitly so that pairing works for them, however
937 * for mgmt we require user-space to explicitly enable
938 * it
939 */
940 clear_bit(HCI_PAIRABLE, &hdev->dev_flags);
7d78525d
JH		 941}
942
0f4e68cf 943static int read_controller_info(struct sock *sk, struct hci_dev *hdev,
04124681 944 void *data, u16 data_len)
0381101f 945{
a38528f1 946 struct mgmt_rp_read_info rp;
f7b64e69 947
bdb6d971 948 BT_DBG("sock %p %s", sk, hdev->name);
f7b64e69 949
09fd0de5 950 hci_dev_lock(hdev);
f7b64e69 951
dc4fe30b
JH		 952 memset(&rp, 0, sizeof(rp));
953
69ab39ea 954 bacpy(&rp.bdaddr, &hdev->bdaddr);
f7b64e69 955
69ab39ea 956 rp.version = hdev->hci_ver;
eb55ef07 957 rp.manufacturer = cpu_to_le16(hdev->manufacturer);
69ab39ea
JH		 958
959 rp.supported_settings = cpu_to_le32(get_supported_settings(hdev));
960 rp.current_settings = cpu_to_le32(get_current_settings(hdev));
f7b64e69 961
a38528f1 962 memcpy(rp.dev_class, hdev->dev_class, 3);
f7b64e69 963
dc4fe30b 964 memcpy(rp.name, hdev->dev_name, sizeof(hdev->dev_name));
27fcc362 965 memcpy(rp.short_name, hdev->short_name, sizeof(hdev->short_name));
dc4fe30b 966
09fd0de5 967 hci_dev_unlock(hdev);
0381101f 968
bdb6d971 969 return cmd_complete(sk, hdev->id, MGMT_OP_READ_INFO, 0, &rp,
04124681 970 sizeof(rp));
0381101f
JH		 971}
972
eec8d2bc
JH		 973static void mgmt_pending_free(struct pending_cmd *cmd)
974{
975 sock_put(cmd->sk);
c68fb7ff 976 kfree(cmd->param);
eec8d2bc
JH		 977 kfree(cmd);
978}
979
366a0336 980static struct pending_cmd *mgmt_pending_add(struct sock *sk, u16 opcode,
04124681
GP		 981 struct hci_dev *hdev, void *data,
982 u16 len)
eec8d2bc
JH		 983{
984 struct pending_cmd *cmd;
985
12b94565 986 cmd = kmalloc(sizeof(*cmd), GFP_KERNEL);
eec8d2bc 987 if (!cmd)
366a0336 988 return NULL;
eec8d2bc
JH		 989
990 cmd->opcode = opcode;
2e58ef3e 991 cmd->index = hdev->id;
eec8d2bc 992
12b94565 993 cmd->param = kmalloc(len, GFP_KERNEL);
c68fb7ff 994 if (!cmd->param) {
eec8d2bc 995 kfree(cmd);
366a0336 996 return NULL;
eec8d2bc
JH		 997 }
998
8fce6357
SJ		 999 if (data)
1000 memcpy(cmd->param, data, len);
eec8d2bc
JH		 1001
1002 cmd->sk = sk;
1003 sock_hold(sk);
1004
2e58ef3e 1005 list_add(&cmd->list, &hdev->mgmt_pending);
eec8d2bc 1006
366a0336 1007 return cmd;
eec8d2bc
JH		 1008}
1009
744cf19e 1010static void mgmt_pending_foreach(u16 opcode, struct hci_dev *hdev,
8fc9ced3
GP		 1011 void (*cb)(struct pending_cmd *cmd,
1012 void *data),
04124681 1013 void *data)
eec8d2bc 1014{
a3d09356 1015 struct pending_cmd *cmd, *tmp;
eec8d2bc 1016
a3d09356 1017 list_for_each_entry_safe(cmd, tmp, &hdev->mgmt_pending, list) {
b24752fe 1018 if (opcode > 0 && cmd->opcode != opcode)
eec8d2bc
JH		 1019 continue;
1020
eec8d2bc
JH		 1021 cb(cmd, data);
1022 }
1023}
1024
a664b5bc 1025static void mgmt_pending_remove(struct pending_cmd *cmd)
73f22f62 1026{
73f22f62
JH		 1027 list_del(&cmd->list);
1028 mgmt_pending_free(cmd);
1029}
1030
69ab39ea 1031static int send_settings_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
8680570b 1032{
69ab39ea 1033 __le32 settings = cpu_to_le32(get_current_settings(hdev));
8680570b 1034
aee9b218 1035 return cmd_complete(sk, hdev->id, opcode, 0, &settings,
04124681 1036 sizeof(settings));
8680570b
JH		 1037}
1038
8b064a3a
JH		 1039static void clean_up_hci_complete(struct hci_dev *hdev, u8 status)
1040{
1041 BT_DBG("%s status 0x%02x", hdev->name, status);
1042
a3172b7e
JH		 1043 if (hci_conn_count(hdev) == 0) {
1044 cancel_delayed_work(&hdev->power_off);
8b064a3a 1045 queue_work(hdev->req_workqueue, &hdev->power_off.work);
a3172b7e 1046 }
8b064a3a
JH		 1047}
1048
1049static int clean_up_hci_state(struct hci_dev *hdev)
1050{
1051 struct hci_request req;
1052 struct hci_conn *conn;
1053
1054 hci_req_init(&req, hdev);
1055
1056 if (test_bit(HCI_ISCAN, &hdev->flags) ||
1057 test_bit(HCI_PSCAN, &hdev->flags)) {
1058 u8 scan = 0x00;
1059 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1060 }
1061
1062 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags))
1063 disable_advertising(&req);
1064
1065 if (test_bit(HCI_LE_SCAN, &hdev->dev_flags)) {
b1efcc28 1066 hci_req_add_le_scan_disable(&req);
8b064a3a
JH		 1067 }
1068
1069 list_for_each_entry(conn, &hdev->conn_hash.list, list) {
1070 struct hci_cp_disconnect dc;
c9910d0f
JH		 1071 struct hci_cp_reject_conn_req rej;
1072
1073 switch (conn->state) {
1074 case BT_CONNECTED:
1075 case BT_CONFIG:
1076 dc.handle = cpu_to_le16(conn->handle);
1077 dc.reason = 0x15; /* Terminated due to Power Off */
1078 hci_req_add(&req, HCI_OP_DISCONNECT, sizeof(dc), &dc);
1079 break;
1080 case BT_CONNECT:
1081 if (conn->type == LE_LINK)
1082 hci_req_add(&req, HCI_OP_LE_CREATE_CONN_CANCEL,
1083 0, NULL);
1084 else if (conn->type == ACL_LINK)
1085 hci_req_add(&req, HCI_OP_CREATE_CONN_CANCEL,
1086 6, &conn->dst);
1087 break;
1088 case BT_CONNECT2:
1089 bacpy(&rej.bdaddr, &conn->dst);
1090 rej.reason = 0x15; /* Terminated due to Power Off */
1091 if (conn->type == ACL_LINK)
1092 hci_req_add(&req, HCI_OP_REJECT_CONN_REQ,
1093 sizeof(rej), &rej);
1094 else if (conn->type == SCO_LINK)
1095 hci_req_add(&req, HCI_OP_REJECT_SYNC_CONN_REQ,
1096 sizeof(rej), &rej);
1097 break;
1098 }
8b064a3a
JH		 1099 }
1100
1101 return hci_req_run(&req, clean_up_hci_complete);
1102}
1103
bdb6d971 1104static int set_powered(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1105 u16 len)
eec8d2bc 1106{
650f726d 1107 struct mgmt_mode *cp = data;
366a0336 1108 struct pending_cmd *cmd;
4b34ee78 1109 int err;
eec8d2bc 1110
bdb6d971 1111 BT_DBG("request for %s", hdev->name);
eec8d2bc 1112
a7e80f25
JH		 1113 if (cp->val != 0x00 && cp->val != 0x01)
1114 return cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
1115 MGMT_STATUS_INVALID_PARAMS);
1116
09fd0de5 1117 hci_dev_lock(hdev);
eec8d2bc 1118
87b95ba6
JH		 1119 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev)) {
1120 err = cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
1121 MGMT_STATUS_BUSY);
1122 goto failed;
1123 }
1124
f0d4b78a
MH		 1125 if (test_and_clear_bit(HCI_AUTO_OFF, &hdev->dev_flags)) {
1126 cancel_delayed_work(&hdev->power_off);
1127
1128 if (cp->val) {
a1d70450
JH		 1129 mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev,
1130 data, len);
1131 err = mgmt_powered(hdev, 1);
f0d4b78a
MH		 1132 goto failed;
1133 }
1134 }
1135
4b34ee78 1136 if (!!cp->val == hdev_is_powered(hdev)) {
69ab39ea 1137 err = send_settings_rsp(sk, MGMT_OP_SET_POWERED, hdev);
eec8d2bc
JH		 1138 goto failed;
1139 }
1140
2e58ef3e 1141 cmd = mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev, data, len);
366a0336
JH		 1142 if (!cmd) {
1143 err = -ENOMEM;
eec8d2bc 1144 goto failed;
366a0336 1145 }
eec8d2bc 1146
8b064a3a 1147 if (cp->val) {
19202573 1148 queue_work(hdev->req_workqueue, &hdev->power_on);
8b064a3a
JH		 1149 err = 0;
1150 } else {
1151 /* Disconnect connections, stop scans, etc */
1152 err = clean_up_hci_state(hdev);
a3172b7e
JH		 1153 if (!err)
1154 queue_delayed_work(hdev->req_workqueue, &hdev->power_off,
1155 HCI_POWER_OFF_TIMEOUT);
eec8d2bc 1156
8b064a3a
JH		 1157 /* ENODATA means there were no HCI commands queued */
1158 if (err == -ENODATA) {
a3172b7e 1159 cancel_delayed_work(&hdev->power_off);
8b064a3a
JH		 1160 queue_work(hdev->req_workqueue, &hdev->power_off.work);
1161 err = 0;
1162 }
1163 }
eec8d2bc
JH		 1164
1165failed:
09fd0de5 1166 hci_dev_unlock(hdev);
366a0336 1167 return err;
eec8d2bc
JH		 1168}
1169
04124681
GP		 1170static int mgmt_event(u16 event, struct hci_dev *hdev, void *data, u16 data_len,
1171 struct sock *skip_sk)
beadb2bd
JH		 1172{
1173 struct sk_buff *skb;
1174 struct mgmt_hdr *hdr;
1175
790eff44 1176 skb = alloc_skb(sizeof(*hdr) + data_len, GFP_KERNEL);
beadb2bd
JH		 1177 if (!skb)
1178 return -ENOMEM;
1179
1180 hdr = (void *) skb_put(skb, sizeof(*hdr));
1181 hdr->opcode = cpu_to_le16(event);
1182 if (hdev)
1183 hdr->index = cpu_to_le16(hdev->id);
1184 else
dcf4adbf 1185 hdr->index = cpu_to_le16(MGMT_INDEX_NONE);
beadb2bd
JH		 1186 hdr->len = cpu_to_le16(data_len);
1187
1188 if (data)
1189 memcpy(skb_put(skb, data_len), data, data_len);
1190
97e0bdeb
MH		 1191 /* Time stamp */
1192 __net_timestamp(skb);
1193
beadb2bd
JH		 1194 hci_send_to_control(skb, skip_sk);
1195 kfree_skb(skb);
1196
1197 return 0;
1198}
1199
1200static int new_settings(struct hci_dev *hdev, struct sock *skip)
1201{
1202 __le32 ev;
1203
1204 ev = cpu_to_le32(get_current_settings(hdev));
1205
1206 return mgmt_event(MGMT_EV_NEW_SETTINGS, hdev, &ev, sizeof(ev), skip);
1207}
1208
bd99abdd
JH		 1209struct cmd_lookup {
1210 struct sock *sk;
1211 struct hci_dev *hdev;
1212 u8 mgmt_status;
1213};
1214
1215static void settings_rsp(struct pending_cmd *cmd, void *data)
1216{
1217 struct cmd_lookup *match = data;
1218
1219 send_settings_rsp(cmd->sk, cmd->opcode, match->hdev);
1220
1221 list_del(&cmd->list);
1222
1223 if (match->sk == NULL) {
1224 match->sk = cmd->sk;
1225 sock_hold(match->sk);
1226 }
1227
1228 mgmt_pending_free(cmd);
1229}
1230
1231static void cmd_status_rsp(struct pending_cmd *cmd, void *data)
1232{
1233 u8 *status = data;
1234
1235 cmd_status(cmd->sk, cmd->index, cmd->opcode, *status);
1236 mgmt_pending_remove(cmd);
1237}
1238
e6fe7986
JH		 1239static u8 mgmt_bredr_support(struct hci_dev *hdev)
1240{
1241 if (!lmp_bredr_capable(hdev))
1242 return MGMT_STATUS_NOT_SUPPORTED;
1243 else if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
1244 return MGMT_STATUS_REJECTED;
1245 else
1246 return MGMT_STATUS_SUCCESS;
1247}
1248
1249static u8 mgmt_le_support(struct hci_dev *hdev)
1250{
1251 if (!lmp_le_capable(hdev))
1252 return MGMT_STATUS_NOT_SUPPORTED;
1253 else if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
1254 return MGMT_STATUS_REJECTED;
1255 else
1256 return MGMT_STATUS_SUCCESS;
1257}
1258
bfaf8c9f
JH		 1259static void set_discoverable_complete(struct hci_dev *hdev, u8 status)
1260{
1261 struct pending_cmd *cmd;
1262 struct mgmt_mode *cp;
970ba524 1263 struct hci_request req;
bfaf8c9f
JH		 1264 bool changed;
1265
1266 BT_DBG("status 0x%02x", status);
1267
1268 hci_dev_lock(hdev);
1269
1270 cmd = mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev);
1271 if (!cmd)
1272 goto unlock;
1273
1274 if (status) {
1275 u8 mgmt_err = mgmt_status(status);
1276 cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
310a3d48 1277 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
bfaf8c9f
JH		 1278 goto remove_cmd;
1279 }
1280
1281 cp = cmd->param;
d4462a07 1282 if (cp->val) {
bfaf8c9f
JH		 1283 changed = !test_and_set_bit(HCI_DISCOVERABLE,
1284 &hdev->dev_flags);
d4462a07
MH		 1285
1286 if (hdev->discov_timeout > 0) {
1287 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
1288 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
1289 to);
1290 }
1291 } else {
bfaf8c9f
JH		 1292 changed = test_and_clear_bit(HCI_DISCOVERABLE,
1293 &hdev->dev_flags);
d4462a07 1294 }
bfaf8c9f
JH		 1295
1296 send_settings_rsp(cmd->sk, MGMT_OP_SET_DISCOVERABLE, hdev);
1297
1298 if (changed)
1299 new_settings(hdev, cmd->sk);
1300
970ba524
MH		 1301 /* When the discoverable mode gets changed, make sure
1302 * that class of device has the limited discoverable
1303 * bit correctly set.
1304 */
1305 hci_req_init(&req, hdev);
1306 update_class(&req);
1307 hci_req_run(&req, NULL);
1308
bfaf8c9f
JH		 1309remove_cmd:
1310 mgmt_pending_remove(cmd);
1311
1312unlock:
1313 hci_dev_unlock(hdev);
1314}
1315
bdb6d971 1316static int set_discoverable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1317 u16 len)
73f22f62 1318{
650f726d 1319 struct mgmt_cp_set_discoverable *cp = data;
366a0336 1320 struct pending_cmd *cmd;
bfaf8c9f 1321 struct hci_request req;
5e5282bb 1322 u16 timeout;
9a43e25f 1323 u8 scan;
73f22f62
JH		 1324 int err;
1325
bdb6d971 1326 BT_DBG("request for %s", hdev->name);
73f22f62 1327
9a43e25f
JH		 1328 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags) &&
1329 !test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
33c525c0 1330 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
9a43e25f 1331 MGMT_STATUS_REJECTED);
33c525c0 1332
310a3d48 1333 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
a7e80f25
JH		 1334 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1335 MGMT_STATUS_INVALID_PARAMS);
1336
1f350c87 1337 timeout = __le16_to_cpu(cp->timeout);
310a3d48
MH		 1338
1339 /* Disabling discoverable requires that no timeout is set,
1340 * and enabling limited discoverable requires a timeout.
1341 */
1342 if ((cp->val == 0x00 && timeout > 0) ||
1343 (cp->val == 0x02 && timeout == 0))
bdb6d971 1344 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 1345 MGMT_STATUS_INVALID_PARAMS);
73f22f62 1346
09fd0de5 1347 hci_dev_lock(hdev);
73f22f62 1348
5e5282bb 1349 if (!hdev_is_powered(hdev) && timeout > 0) {
bdb6d971 1350 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 1351 MGMT_STATUS_NOT_POWERED);
73f22f62
JH		 1352 goto failed;
1353 }
1354
2e58ef3e 1355 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
8ce8e2b5 1356 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
bdb6d971 1357 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 1358 MGMT_STATUS_BUSY);
73f22f62
JH		 1359 goto failed;
1360 }
1361
5e5282bb 1362 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags)) {
bdb6d971 1363 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 1364 MGMT_STATUS_REJECTED);
5e5282bb
JH		 1365 goto failed;
1366 }
1367
1368 if (!hdev_is_powered(hdev)) {
0224d2fa
JH		 1369 bool changed = false;
1370
310a3d48
MH		 1371 /* Setting limited discoverable when powered off is
1372 * not a valid operation since it requires a timeout
1373 * and so no need to check HCI_LIMITED_DISCOVERABLE.
1374 */
0224d2fa
JH		 1375 if (!!cp->val != test_bit(HCI_DISCOVERABLE, &hdev->dev_flags)) {
1376 change_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
1377 changed = true;
1378 }
1379
5e5282bb 1380 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
0224d2fa
JH		 1381 if (err < 0)
1382 goto failed;
1383
1384 if (changed)
1385 err = new_settings(hdev, sk);
1386
5e5282bb
JH		 1387 goto failed;
1388 }
1389
310a3d48
MH		 1390 /* If the current mode is the same, then just update the timeout
1391 * value with the new value. And if only the timeout gets updated,
1392 * then no need for any HCI transactions.
1393 */
1394 if (!!cp->val == test_bit(HCI_DISCOVERABLE, &hdev->dev_flags) &&
1395 (cp->val == 0x02) == test_bit(HCI_LIMITED_DISCOVERABLE,
1396 &hdev->dev_flags)) {
36261547
MH		 1397 cancel_delayed_work(&hdev->discov_off);
1398 hdev->discov_timeout = timeout;
955638ec 1399
36261547
MH		 1400 if (cp->val && hdev->discov_timeout > 0) {
1401 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
955638ec 1402 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
36261547 1403 to);
955638ec
MH		 1404 }
1405
69ab39ea 1406 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
73f22f62
JH		 1407 goto failed;
1408 }
1409
2e58ef3e 1410 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DISCOVERABLE, hdev, data, len);
366a0336
JH		 1411 if (!cmd) {
1412 err = -ENOMEM;
73f22f62 1413 goto failed;
366a0336 1414 }
73f22f62 1415
310a3d48
MH		 1416 /* Cancel any potential discoverable timeout that might be
1417 * still active and store new timeout value. The arming of
1418 * the timeout happens in the complete handler.
1419 */
1420 cancel_delayed_work(&hdev->discov_off);
1421 hdev->discov_timeout = timeout;
1422
b456f87c
JH		 1423 /* Limited discoverable mode */
1424 if (cp->val == 0x02)
1425 set_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
1426 else
1427 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
1428
bfaf8c9f
JH		 1429 hci_req_init(&req, hdev);
1430
9a43e25f
JH		 1431 /* The procedure for LE-only controllers is much simpler - just
1432 * update the advertising data.
1433 */
1434 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
1435 goto update_ad;
1436
73f22f62
JH		 1437 scan = SCAN_PAGE;
1438
310a3d48
MH		 1439 if (cp->val) {
1440 struct hci_cp_write_current_iac_lap hci_cp;
1441
1442 if (cp->val == 0x02) {
1443 /* Limited discoverable mode */
33337dcb 1444 hci_cp.num_iac = min_t(u8, hdev->num_iac, 2);
310a3d48
MH		 1445 hci_cp.iac_lap[0] = 0x00; /* LIAC */
1446 hci_cp.iac_lap[1] = 0x8b;
1447 hci_cp.iac_lap[2] = 0x9e;
1448 hci_cp.iac_lap[3] = 0x33; /* GIAC */
1449 hci_cp.iac_lap[4] = 0x8b;
1450 hci_cp.iac_lap[5] = 0x9e;
1451 } else {
1452 /* General discoverable mode */
310a3d48
MH		 1453 hci_cp.num_iac = 1;
1454 hci_cp.iac_lap[0] = 0x33; /* GIAC */
1455 hci_cp.iac_lap[1] = 0x8b;
1456 hci_cp.iac_lap[2] = 0x9e;
1457 }
1458
1459 hci_req_add(&req, HCI_OP_WRITE_CURRENT_IAC_LAP,
1460 (hci_cp.num_iac * 3) + 1, &hci_cp);
1461
73f22f62 1462 scan |= SCAN_INQUIRY;
310a3d48
MH		 1463 } else {
1464 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
1465 }
73f22f62 1466
310a3d48 1467 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, sizeof(scan), &scan);
bfaf8c9f 1468
9a43e25f
JH		 1469update_ad:
1470 update_adv_data(&req);
1471
bfaf8c9f 1472 err = hci_req_run(&req, set_discoverable_complete);
73f22f62 1473 if (err < 0)
a664b5bc 1474 mgmt_pending_remove(cmd);
73f22f62
JH		 1475
1476failed:
09fd0de5 1477 hci_dev_unlock(hdev);
73f22f62
JH		 1478 return err;
1479}
1480
406d7804
JH		 1481static void write_fast_connectable(struct hci_request *req, bool enable)
1482{
bd98b996 1483 struct hci_dev *hdev = req->hdev;
406d7804
JH		 1484 struct hci_cp_write_page_scan_activity acp;
1485 u8 type;
1486
547003b1
JH		 1487 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
1488 return;
1489
4c01f8b8
JH		 1490 if (hdev->hci_ver < BLUETOOTH_VER_1_2)
1491 return;
1492
406d7804
JH		 1493 if (enable) {
1494 type = PAGE_SCAN_TYPE_INTERLACED;
1495
1496 /* 160 msec page scan interval */
dcf4adbf 1497 acp.interval = cpu_to_le16(0x0100);
406d7804
JH		 1498 } else {
1499 type = PAGE_SCAN_TYPE_STANDARD; /* default */
1500
1501 /* default 1.28 sec page scan */
dcf4adbf 1502 acp.interval = cpu_to_le16(0x0800);
406d7804
JH		 1503 }
1504
dcf4adbf 1505 acp.window = cpu_to_le16(0x0012);
406d7804 1506
bd98b996
JH		 1507 if (__cpu_to_le16(hdev->page_scan_interval) != acp.interval ||
1508 __cpu_to_le16(hdev->page_scan_window) != acp.window)
1509 hci_req_add(req, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY,
1510 sizeof(acp), &acp);
1511
1512 if (hdev->page_scan_type != type)
1513 hci_req_add(req, HCI_OP_WRITE_PAGE_SCAN_TYPE, 1, &type);
406d7804
JH		 1514}
1515
2b76f453
JH		 1516static void set_connectable_complete(struct hci_dev *hdev, u8 status)
1517{
1518 struct pending_cmd *cmd;
d7b856f9
JH		 1519 struct mgmt_mode *cp;
1520 bool changed;
2b76f453
JH		 1521
1522 BT_DBG("status 0x%02x", status);
1523
1524 hci_dev_lock(hdev);
1525
1526 cmd = mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
1527 if (!cmd)
1528 goto unlock;
1529
37438c1f
JH		 1530 if (status) {
1531 u8 mgmt_err = mgmt_status(status);
1532 cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
1533 goto remove_cmd;
1534 }
1535
d7b856f9
JH		 1536 cp = cmd->param;
1537 if (cp->val)
1538 changed = !test_and_set_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1539 else
1540 changed = test_and_clear_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1541
2b76f453
JH		 1542 send_settings_rsp(cmd->sk, MGMT_OP_SET_CONNECTABLE, hdev);
1543
d7b856f9
JH		 1544 if (changed)
1545 new_settings(hdev, cmd->sk);
1546
37438c1f 1547remove_cmd:
2b76f453
JH		 1548 mgmt_pending_remove(cmd);
1549
1550unlock:
1551 hci_dev_unlock(hdev);
1552}
1553
e8ba3a1f
JH		 1554static int set_connectable_update_settings(struct hci_dev *hdev,
1555 struct sock *sk, u8 val)
1556{
1557 bool changed = false;
1558 int err;
1559
1560 if (!!val != test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
1561 changed = true;
1562
1563 if (val) {
1564 set_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1565 } else {
1566 clear_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1567 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
1568 }
1569
1570 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
1571 if (err < 0)
1572 return err;
1573
1574 if (changed)
1575 return new_settings(hdev, sk);
1576
1577 return 0;
1578}
1579
bdb6d971 1580static int set_connectable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1581 u16 len)
9fbcbb45 1582{
650f726d 1583 struct mgmt_mode *cp = data;
366a0336 1584 struct pending_cmd *cmd;
2b76f453 1585 struct hci_request req;
1987fdc7 1586 u8 scan;
9fbcbb45
JH		 1587 int err;
1588
bdb6d971 1589 BT_DBG("request for %s", hdev->name);
9fbcbb45 1590
1987fdc7
JH		 1591 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags) &&
1592 !test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
33c525c0 1593 return cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1987fdc7 1594 MGMT_STATUS_REJECTED);
33c525c0 1595
a7e80f25
JH		 1596 if (cp->val != 0x00 && cp->val != 0x01)
1597 return cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1598 MGMT_STATUS_INVALID_PARAMS);
1599
09fd0de5 1600 hci_dev_lock(hdev);
9fbcbb45 1601
4b34ee78 1602 if (!hdev_is_powered(hdev)) {
e8ba3a1f 1603 err = set_connectable_update_settings(hdev, sk, cp->val);
9fbcbb45
JH		 1604 goto failed;
1605 }
1606
2e58ef3e 1607 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
8ce8e2b5 1608 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
bdb6d971 1609 err = cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
04124681 1610 MGMT_STATUS_BUSY);
9fbcbb45
JH		 1611 goto failed;
1612 }
1613
2e58ef3e 1614 cmd = mgmt_pending_add(sk, MGMT_OP_SET_CONNECTABLE, hdev, data, len);
366a0336
JH		 1615 if (!cmd) {
1616 err = -ENOMEM;
9fbcbb45 1617 goto failed;
366a0336 1618 }
9fbcbb45 1619
9b74246f 1620 hci_req_init(&req, hdev);
9fbcbb45 1621
9a43e25f
JH		 1622 /* If BR/EDR is not enabled and we disable advertising as a
1623 * by-product of disabling connectable, we need to update the
1624 * advertising flags.
1625 */
1626 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
1627 if (!cp->val) {
1628 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
1629 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
1630 }
1631 update_adv_data(&req);
1632 } else if (cp->val != test_bit(HCI_PSCAN, &hdev->flags)) {
9b74246f
JH		 1633 if (cp->val) {
1634 scan = SCAN_PAGE;
1635 } else {
1636 scan = 0;
1637
1638 if (test_bit(HCI_ISCAN, &hdev->flags) &&
8d6083fe 1639 hdev->discov_timeout > 0)
9b74246f
JH		 1640 cancel_delayed_work(&hdev->discov_off);
1641 }
2b76f453 1642
9b74246f
JH		 1643 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1644 }
2b76f453 1645
4c01f8b8
JH		 1646 /* If we're going from non-connectable to connectable or
1647 * vice-versa when fast connectable is enabled ensure that fast
1648 * connectable gets disabled. write_fast_connectable won't do
1649 * anything if the page scan parameters are already what they
1650 * should be.
1651 */
1652 if (cp->val || test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags))
e36a3769
JH		 1653 write_fast_connectable(&req, false);
1654
1987fdc7
JH		 1655 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags) &&
1656 hci_conn_num(hdev, LE_LINK) == 0) {
1657 disable_advertising(&req);
1658 enable_advertising(&req);
1659 }
1660
2b76f453 1661 err = hci_req_run(&req, set_connectable_complete);
9b74246f 1662 if (err < 0) {
a664b5bc 1663 mgmt_pending_remove(cmd);
9b74246f 1664 if (err == -ENODATA)
a81070ba
JH		 1665 err = set_connectable_update_settings(hdev, sk,
1666 cp->val);
9b74246f
JH		 1667 goto failed;
1668 }
9fbcbb45
JH		 1669
1670failed:
09fd0de5 1671 hci_dev_unlock(hdev);
9fbcbb45
JH		 1672 return err;
1673}
1674
bdb6d971 1675static int set_pairable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1676 u16 len)
c542a06c 1677{
650f726d 1678 struct mgmt_mode *cp = data;
55594356 1679 bool changed;
c542a06c
JH		 1680 int err;
1681
bdb6d971 1682 BT_DBG("request for %s", hdev->name);
c542a06c 1683
a7e80f25
JH		 1684 if (cp->val != 0x00 && cp->val != 0x01)
1685 return cmd_status(sk, hdev->id, MGMT_OP_SET_PAIRABLE,
1686 MGMT_STATUS_INVALID_PARAMS);
1687
09fd0de5 1688 hci_dev_lock(hdev);
c542a06c
JH		 1689
1690 if (cp->val)
55594356 1691 changed = !test_and_set_bit(HCI_PAIRABLE, &hdev->dev_flags);
c542a06c 1692 else
55594356 1693 changed = test_and_clear_bit(HCI_PAIRABLE, &hdev->dev_flags);
c542a06c 1694
69ab39ea 1695 err = send_settings_rsp(sk, MGMT_OP_SET_PAIRABLE, hdev);
c542a06c 1696 if (err < 0)
55594356 1697 goto unlock;
c542a06c 1698
55594356
MH		 1699 if (changed)
1700 err = new_settings(hdev, sk);
c542a06c 1701
55594356 1702unlock:
09fd0de5 1703 hci_dev_unlock(hdev);
c542a06c
JH		 1704 return err;
1705}
1706
04124681
GP		 1707static int set_link_security(struct sock *sk, struct hci_dev *hdev, void *data,
1708 u16 len)
33ef95ed
JH		 1709{
1710 struct mgmt_mode *cp = data;
1711 struct pending_cmd *cmd;
e6fe7986 1712 u8 val, status;
33ef95ed
JH		 1713 int err;
1714
bdb6d971 1715 BT_DBG("request for %s", hdev->name);
33ef95ed 1716
e6fe7986
JH		 1717 status = mgmt_bredr_support(hdev);
1718 if (status)
33c525c0 1719 return cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
e6fe7986 1720 status);
33c525c0 1721
a7e80f25
JH		 1722 if (cp->val != 0x00 && cp->val != 0x01)
1723 return cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1724 MGMT_STATUS_INVALID_PARAMS);
1725
33ef95ed
JH		 1726 hci_dev_lock(hdev);
1727
4b34ee78 1728 if (!hdev_is_powered(hdev)) {
47990ea0
JH		 1729 bool changed = false;
1730
1731 if (!!cp->val != test_bit(HCI_LINK_SECURITY,
8ce8e2b5 1732 &hdev->dev_flags)) {
47990ea0
JH		 1733 change_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
1734 changed = true;
1735 }
1736
1737 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1738 if (err < 0)
1739 goto failed;
1740
1741 if (changed)
1742 err = new_settings(hdev, sk);
1743
33ef95ed
JH		 1744 goto failed;
1745 }
1746
1747 if (mgmt_pending_find(MGMT_OP_SET_LINK_SECURITY, hdev)) {
bdb6d971 1748 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
04124681 1749 MGMT_STATUS_BUSY);
33ef95ed
JH		 1750 goto failed;
1751 }
1752
1753 val = !!cp->val;
1754
1755 if (test_bit(HCI_AUTH, &hdev->flags) == val) {
1756 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1757 goto failed;
1758 }
1759
1760 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LINK_SECURITY, hdev, data, len);
1761 if (!cmd) {
1762 err = -ENOMEM;
1763 goto failed;
1764 }
1765
1766 err = hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE, sizeof(val), &val);
1767 if (err < 0) {
1768 mgmt_pending_remove(cmd);
1769 goto failed;
1770 }
1771
1772failed:
1773 hci_dev_unlock(hdev);
33ef95ed
JH		 1774 return err;
1775}
1776
bdb6d971 1777static int set_ssp(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
ed2c4ee3
JH		 1778{
1779 struct mgmt_mode *cp = data;
1780 struct pending_cmd *cmd;
72ef0c1a 1781 u8 status;
ed2c4ee3
JH		 1782 int err;
1783
bdb6d971 1784 BT_DBG("request for %s", hdev->name);
ed2c4ee3 1785
cdba5281
MH		 1786 status = mgmt_bredr_support(hdev);
1787 if (status)
1788 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP, status);
1789
13ecd8b6
JH		 1790 if (!lmp_ssp_capable(hdev))
1791 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1792 MGMT_STATUS_NOT_SUPPORTED);
ed2c4ee3 1793
a7e80f25
JH		 1794 if (cp->val != 0x00 && cp->val != 0x01)
1795 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1796 MGMT_STATUS_INVALID_PARAMS);
1797
13ecd8b6 1798 hci_dev_lock(hdev);
6c8f12c1 1799
4b34ee78 1800 if (!hdev_is_powered(hdev)) {
9ecb3e24 1801 bool changed;
c0ecddc2 1802
9ecb3e24
MH		 1803 if (cp->val) {
1804 changed = !test_and_set_bit(HCI_SSP_ENABLED,
1805 &hdev->dev_flags);
1806 } else {
1807 changed = test_and_clear_bit(HCI_SSP_ENABLED,
1808 &hdev->dev_flags);
1809 if (!changed)
1810 changed = test_and_clear_bit(HCI_HS_ENABLED,
1811 &hdev->dev_flags);
1812 else
1813 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
c0ecddc2
JH		 1814 }
1815
1816 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1817 if (err < 0)
1818 goto failed;
1819
1820 if (changed)
1821 err = new_settings(hdev, sk);
1822
ed2c4ee3
JH		 1823 goto failed;
1824 }
1825
9ecb3e24
MH		 1826 if (mgmt_pending_find(MGMT_OP_SET_SSP, hdev) ||
1827 mgmt_pending_find(MGMT_OP_SET_HS, hdev)) {
d97dcb66
SJ		 1828 err = cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1829 MGMT_STATUS_BUSY);
ed2c4ee3
JH		 1830 goto failed;
1831 }
1832
72ef0c1a 1833 if (!!cp->val == test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) {
ed2c4ee3
JH		 1834 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1835 goto failed;
1836 }
1837
1838 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SSP, hdev, data, len);
1839 if (!cmd) {
1840 err = -ENOMEM;
1841 goto failed;
1842 }
1843
72ef0c1a 1844 err = hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, 1, &cp->val);
ed2c4ee3
JH		 1845 if (err < 0) {
1846 mgmt_pending_remove(cmd);
1847 goto failed;
1848 }
1849
1850failed:
1851 hci_dev_unlock(hdev);
ed2c4ee3
JH		 1852 return err;
1853}
1854
bdb6d971 1855static int set_hs(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
6d80dfd0
JH		 1856{
1857 struct mgmt_mode *cp = data;
ee392693 1858 bool changed;
e6fe7986 1859 u8 status;
ee392693 1860 int err;
6d80dfd0 1861
bdb6d971 1862 BT_DBG("request for %s", hdev->name);
6d80dfd0 1863
e6fe7986
JH		 1864 status = mgmt_bredr_support(hdev);
1865 if (status)
1866 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS, status);
6d80dfd0 1867
9ecb3e24
MH		 1868 if (!lmp_ssp_capable(hdev))
1869 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1870 MGMT_STATUS_NOT_SUPPORTED);
1871
1872 if (!test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
1873 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1874 MGMT_STATUS_REJECTED);
1875
a7e80f25
JH		 1876 if (cp->val != 0x00 && cp->val != 0x01)
1877 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1878 MGMT_STATUS_INVALID_PARAMS);
1879
ee392693
MH		 1880 hci_dev_lock(hdev);
1881
a0cdf960 1882 if (cp->val) {
ee392693 1883 changed = !test_and_set_bit(HCI_HS_ENABLED, &hdev->dev_flags);
a0cdf960
MH		 1884 } else {
1885 if (hdev_is_powered(hdev)) {
1886 err = cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1887 MGMT_STATUS_REJECTED);
1888 goto unlock;
1889 }
1890
ee392693 1891 changed = test_and_clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
a0cdf960 1892 }
ee392693
MH		 1893
1894 err = send_settings_rsp(sk, MGMT_OP_SET_HS, hdev);
1895 if (err < 0)
1896 goto unlock;
1897
1898 if (changed)
1899 err = new_settings(hdev, sk);
6d80dfd0 1900
ee392693
MH		 1901unlock:
1902 hci_dev_unlock(hdev);
1903 return err;
6d80dfd0
JH		 1904}
1905
416a4ae5
JH		 1906static void le_enable_complete(struct hci_dev *hdev, u8 status)
1907{
1908 struct cmd_lookup match = { NULL, hdev };
1909
1910 if (status) {
1911 u8 mgmt_err = mgmt_status(status);
1912
1913 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, cmd_status_rsp,
1914 &mgmt_err);
1915 return;
1916 }
1917
1918 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, settings_rsp, &match);
1919
1920 new_settings(hdev, match.sk);
1921
1922 if (match.sk)
1923 sock_put(match.sk);
441ad2d0
MH		 1924
1925 /* Make sure the controller has a good default for
1926 * advertising data. Restrict the update to when LE
1927 * has actually been enabled. During power on, the
1928 * update in powered_update_hci will take care of it.
1929 */
1930 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
1931 struct hci_request req;
1932
1933 hci_dev_lock(hdev);
1934
1935 hci_req_init(&req, hdev);
5947f4bc 1936 update_adv_data(&req);
f14d8f64 1937 update_scan_rsp_data(&req);
441ad2d0
MH		 1938 hci_req_run(&req, NULL);
1939
1940 hci_dev_unlock(hdev);
1941 }
416a4ae5
JH		 1942}
1943
bdb6d971 1944static int set_le(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
06199cf8
JH		 1945{
1946 struct mgmt_mode *cp = data;
1947 struct hci_cp_write_le_host_supported hci_cp;
1948 struct pending_cmd *cmd;
416a4ae5 1949 struct hci_request req;
06199cf8 1950 int err;
0b60eba1 1951 u8 val, enabled;
06199cf8 1952
bdb6d971 1953 BT_DBG("request for %s", hdev->name);
06199cf8 1954
13ecd8b6
JH		 1955 if (!lmp_le_capable(hdev))
1956 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1957 MGMT_STATUS_NOT_SUPPORTED);
1de028ce 1958
a7e80f25
JH		 1959 if (cp->val != 0x00 && cp->val != 0x01)
1960 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1961 MGMT_STATUS_INVALID_PARAMS);
1962
c73eee91 1963 /* LE-only devices do not allow toggling LE on/off */
56f87901 1964 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
c73eee91
JH		 1965 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1966 MGMT_STATUS_REJECTED);
1967
13ecd8b6 1968 hci_dev_lock(hdev);
06199cf8
JH		 1969
1970 val = !!cp->val;
ffa88e02 1971 enabled = lmp_host_le_capable(hdev);
06199cf8 1972
0b60eba1 1973 if (!hdev_is_powered(hdev) || val == enabled) {
06199cf8
JH		 1974 bool changed = false;
1975
1976 if (val != test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
1977 change_bit(HCI_LE_ENABLED, &hdev->dev_flags);
1978 changed = true;
1979 }
1980
f3d3444a
JH		 1981 if (!val && test_bit(HCI_ADVERTISING, &hdev->dev_flags)) {
1982 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
eeca6f89
JH		 1983 changed = true;
1984 }
1985
06199cf8
JH		 1986 err = send_settings_rsp(sk, MGMT_OP_SET_LE, hdev);
1987 if (err < 0)
1de028ce 1988 goto unlock;
06199cf8
JH		 1989
1990 if (changed)
1991 err = new_settings(hdev, sk);
1992
1de028ce 1993 goto unlock;
06199cf8
JH		 1994 }
1995
4375f103
JH		 1996 if (mgmt_pending_find(MGMT_OP_SET_LE, hdev) ||
1997 mgmt_pending_find(MGMT_OP_SET_ADVERTISING, hdev)) {
bdb6d971 1998 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
04124681 1999 MGMT_STATUS_BUSY);
1de028ce 2000 goto unlock;
06199cf8
JH		 2001 }
2002
2003 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LE, hdev, data, len);
2004 if (!cmd) {
2005 err = -ENOMEM;
1de028ce 2006 goto unlock;
06199cf8
JH		 2007 }
2008
441ad2d0
MH		 2009 hci_req_init(&req, hdev);
2010
06199cf8
JH		 2011 memset(&hci_cp, 0, sizeof(hci_cp));
2012
2013 if (val) {
2014 hci_cp.le = val;
ffa88e02 2015 hci_cp.simul = lmp_le_br_capable(hdev);
441ad2d0
MH		 2016 } else {
2017 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags))
2018 disable_advertising(&req);
06199cf8
JH		 2019 }
2020
416a4ae5
JH		 2021 hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(hci_cp),
2022 &hci_cp);
2023
2024 err = hci_req_run(&req, le_enable_complete);
0c01bc48 2025 if (err < 0)
06199cf8 2026 mgmt_pending_remove(cmd);
06199cf8 2027
1de028ce
JH		 2028unlock:
2029 hci_dev_unlock(hdev);
06199cf8
JH		 2030 return err;
2031}
2032
0cab9c80
JH		 2033/* This is a helper function to test for pending mgmt commands that can
2034 * cause CoD or EIR HCI commands. We can only allow one such pending
2035 * mgmt command at a time since otherwise we cannot easily track what
2036 * the current values are, will be, and based on that calculate if a new
2037 * HCI command needs to be sent and if yes with what value.
2038 */
2039static bool pending_eir_or_class(struct hci_dev *hdev)
2040{
2041 struct pending_cmd *cmd;
2042
2043 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
2044 switch (cmd->opcode) {
2045 case MGMT_OP_ADD_UUID:
2046 case MGMT_OP_REMOVE_UUID:
2047 case MGMT_OP_SET_DEV_CLASS:
2048 case MGMT_OP_SET_POWERED:
2049 return true;
2050 }
2051 }
2052
2053 return false;
2054}
2055
83be8eca
JH		 2056static const u8 bluetooth_base_uuid[] = {
2057 0xfb, 0x34, 0x9b, 0x5f, 0x80, 0x00, 0x00, 0x80,
2058 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2059};
2060
2061static u8 get_uuid_size(const u8 *uuid)
2062{
2063 u32 val;
2064
2065 if (memcmp(uuid, bluetooth_base_uuid, 12))
2066 return 128;
2067
2068 val = get_unaligned_le32(&uuid[12]);
2069 if (val > 0xffff)
2070 return 32;
2071
2072 return 16;
2073}
2074
92da6097
JH		 2075static void mgmt_class_complete(struct hci_dev *hdev, u16 mgmt_op, u8 status)
2076{
2077 struct pending_cmd *cmd;
2078
2079 hci_dev_lock(hdev);
2080
2081 cmd = mgmt_pending_find(mgmt_op, hdev);
2082 if (!cmd)
2083 goto unlock;
2084
2085 cmd_complete(cmd->sk, cmd->index, cmd->opcode, mgmt_status(status),
2086 hdev->dev_class, 3);
2087
2088 mgmt_pending_remove(cmd);
2089
2090unlock:
2091 hci_dev_unlock(hdev);
2092}
2093
2094static void add_uuid_complete(struct hci_dev *hdev, u8 status)
2095{
2096 BT_DBG("status 0x%02x", status);
2097
2098 mgmt_class_complete(hdev, MGMT_OP_ADD_UUID, status);
2099}
2100
bdb6d971 2101static int add_uuid(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
2aeb9a1a 2102{
650f726d 2103 struct mgmt_cp_add_uuid *cp = data;
90e70454 2104 struct pending_cmd *cmd;
890ea898 2105 struct hci_request req;
2aeb9a1a 2106 struct bt_uuid *uuid;
2aeb9a1a
JH		 2107 int err;
2108
bdb6d971 2109 BT_DBG("request for %s", hdev->name);
2aeb9a1a 2110
09fd0de5 2111 hci_dev_lock(hdev);
2aeb9a1a 2112
0cab9c80 2113 if (pending_eir_or_class(hdev)) {
bdb6d971 2114 err = cmd_status(sk, hdev->id, MGMT_OP_ADD_UUID,
04124681 2115 MGMT_STATUS_BUSY);
c95f0ba7
JH		 2116 goto failed;
2117 }
2118
92c4c204 2119 uuid = kmalloc(sizeof(*uuid), GFP_KERNEL);
2aeb9a1a
JH		 2120 if (!uuid) {
2121 err = -ENOMEM;
2122 goto failed;
2123 }
2124
2125 memcpy(uuid->uuid, cp->uuid, 16);
1aff6f09 2126 uuid->svc_hint = cp->svc_hint;
83be8eca 2127 uuid->size = get_uuid_size(cp->uuid);
2aeb9a1a 2128
de66aa63 2129 list_add_tail(&uuid->list, &hdev->uuids);
2aeb9a1a 2130
890ea898 2131 hci_req_init(&req, hdev);
1aff6f09 2132
890ea898
JH		 2133 update_class(&req);
2134 update_eir(&req);
2135
92da6097
JH		 2136 err = hci_req_run(&req, add_uuid_complete);
2137 if (err < 0) {
2138 if (err != -ENODATA)
2139 goto failed;
80a1e1db 2140
bdb6d971 2141 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_UUID, 0,
04124681 2142 hdev->dev_class, 3);
90e70454
JH		 2143 goto failed;
2144 }
2145
2146 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_UUID, hdev, data, len);
890ea898 2147 if (!cmd) {
90e70454 2148 err = -ENOMEM;
890ea898
JH		 2149 goto failed;
2150 }
2151
2152 err = 0;
2aeb9a1a
JH		 2153
2154failed:
09fd0de5 2155 hci_dev_unlock(hdev);
2aeb9a1a
JH		 2156 return err;
2157}
2158
24b78d0f
JH		 2159static bool enable_service_cache(struct hci_dev *hdev)
2160{
2161 if (!hdev_is_powered(hdev))
2162 return false;
2163
2164 if (!test_and_set_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
46818ed5
JH		 2165 queue_delayed_work(hdev->workqueue, &hdev->service_cache,
2166 CACHE_TIMEOUT);
24b78d0f
JH		 2167 return true;
2168 }
2169
2170 return false;
2171}
2172
92da6097
JH		 2173static void remove_uuid_complete(struct hci_dev *hdev, u8 status)
2174{
2175 BT_DBG("status 0x%02x", status);
2176
2177 mgmt_class_complete(hdev, MGMT_OP_REMOVE_UUID, status);
2178}
2179
bdb6d971 2180static int remove_uuid(struct sock *sk, struct hci_dev *hdev, void *data,
8ce8e2b5 2181 u16 len)
2aeb9a1a 2182{
650f726d 2183 struct mgmt_cp_remove_uuid *cp = data;
90e70454 2184 struct pending_cmd *cmd;
056341c8 2185 struct bt_uuid *match, *tmp;
2aeb9a1a 2186 u8 bt_uuid_any[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
890ea898 2187 struct hci_request req;
2aeb9a1a
JH		 2188 int err, found;
2189
bdb6d971 2190 BT_DBG("request for %s", hdev->name);
2aeb9a1a 2191
09fd0de5 2192 hci_dev_lock(hdev);
2aeb9a1a 2193
0cab9c80 2194 if (pending_eir_or_class(hdev)) {
bdb6d971 2195 err = cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
04124681 2196 MGMT_STATUS_BUSY);
c95f0ba7
JH		 2197 goto unlock;
2198 }
2199
2aeb9a1a 2200 if (memcmp(cp->uuid, bt_uuid_any, 16) == 0) {
35f7498a 2201 hci_uuids_clear(hdev);
4004b6d9 2202
24b78d0f 2203 if (enable_service_cache(hdev)) {
bdb6d971 2204 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID,
04124681 2205 0, hdev->dev_class, 3);
24b78d0f
JH		 2206 goto unlock;
2207 }
4004b6d9 2208
9246a869 2209 goto update_class;
2aeb9a1a
JH		 2210 }
2211
2212 found = 0;
2213
056341c8 2214 list_for_each_entry_safe(match, tmp, &hdev->uuids, list) {
2aeb9a1a
JH		 2215 if (memcmp(match->uuid, cp->uuid, 16) != 0)
2216 continue;
2217
2218 list_del(&match->list);
482049f7 2219 kfree(match);
2aeb9a1a
JH		 2220 found++;
2221 }
2222
2223 if (found == 0) {
bdb6d971 2224 err = cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
04124681 2225 MGMT_STATUS_INVALID_PARAMS);
2aeb9a1a
JH		 2226 goto unlock;
2227 }
2228
9246a869 2229update_class:
890ea898 2230 hci_req_init(&req, hdev);
1aff6f09 2231
890ea898
JH		 2232 update_class(&req);
2233 update_eir(&req);
2234
92da6097
JH		 2235 err = hci_req_run(&req, remove_uuid_complete);
2236 if (err < 0) {
2237 if (err != -ENODATA)
2238 goto unlock;
80a1e1db 2239
bdb6d971 2240 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID, 0,
04124681 2241 hdev->dev_class, 3);
90e70454
JH		 2242 goto unlock;
2243 }
2244
2245 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_UUID, hdev, data, len);
890ea898 2246 if (!cmd) {
90e70454 2247 err = -ENOMEM;
890ea898
JH		 2248 goto unlock;
2249 }
2250
2251 err = 0;
2aeb9a1a
JH		 2252
2253unlock:
09fd0de5 2254 hci_dev_unlock(hdev);
2aeb9a1a
JH		 2255 return err;
2256}
2257
92da6097
JH		 2258static void set_class_complete(struct hci_dev *hdev, u8 status)
2259{
2260 BT_DBG("status 0x%02x", status);
2261
2262 mgmt_class_complete(hdev, MGMT_OP_SET_DEV_CLASS, status);
2263}
2264
bdb6d971 2265static int set_dev_class(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2266 u16 len)
1aff6f09 2267{
650f726d 2268 struct mgmt_cp_set_dev_class *cp = data;
90e70454 2269 struct pending_cmd *cmd;
890ea898 2270 struct hci_request req;
1aff6f09
JH		 2271 int err;
2272
bdb6d971 2273 BT_DBG("request for %s", hdev->name);
1aff6f09 2274
6203fc98 2275 if (!lmp_bredr_capable(hdev))
13ecd8b6
JH		 2276 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2277 MGMT_STATUS_NOT_SUPPORTED);
1aff6f09 2278
0cab9c80 2279 hci_dev_lock(hdev);
ee98f473 2280
0cab9c80
JH		 2281 if (pending_eir_or_class(hdev)) {
2282 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2283 MGMT_STATUS_BUSY);
2284 goto unlock;
2285 }
c95f0ba7 2286
0cab9c80
JH		 2287 if ((cp->minor & 0x03) != 0 || (cp->major & 0xe0) != 0) {
2288 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2289 MGMT_STATUS_INVALID_PARAMS);
2290 goto unlock;
2291 }
575b3a02 2292
932f5ff5
JH		 2293 hdev->major_class = cp->major;
2294 hdev->minor_class = cp->minor;
2295
b5235a65 2296 if (!hdev_is_powered(hdev)) {
bdb6d971 2297 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
04124681 2298 hdev->dev_class, 3);
b5235a65
JH		 2299 goto unlock;
2300 }
2301
890ea898
JH		 2302 hci_req_init(&req, hdev);
2303
a8b2d5c2 2304 if (test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
7d78525d
JH		 2305 hci_dev_unlock(hdev);
2306 cancel_delayed_work_sync(&hdev->service_cache);
2307 hci_dev_lock(hdev);
890ea898 2308 update_eir(&req);
7d78525d 2309 }
14c0b608 2310
890ea898
JH		 2311 update_class(&req);
2312
92da6097
JH		 2313 err = hci_req_run(&req, set_class_complete);
2314 if (err < 0) {
2315 if (err != -ENODATA)
2316 goto unlock;
1aff6f09 2317
bdb6d971 2318 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
04124681 2319 hdev->dev_class, 3);
90e70454
JH		 2320 goto unlock;
2321 }
2322
2323 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DEV_CLASS, hdev, data, len);
890ea898 2324 if (!cmd) {
90e70454 2325 err = -ENOMEM;
890ea898
JH		 2326 goto unlock;
2327 }
2328
2329 err = 0;
1aff6f09 2330
b5235a65 2331unlock:
09fd0de5 2332 hci_dev_unlock(hdev);
1aff6f09
JH		 2333 return err;
2334}
2335
bdb6d971 2336static int load_link_keys(struct sock *sk, struct hci_dev *hdev, void *data,
8ce8e2b5 2337 u16 len)
55ed8ca1 2338{
650f726d 2339 struct mgmt_cp_load_link_keys *cp = data;
4e51eae9 2340 u16 key_count, expected_len;
b1de97d8 2341 bool changed;
a492cd52 2342 int i;
55ed8ca1 2343
9060d5cf
MH		 2344 BT_DBG("request for %s", hdev->name);
2345
2346 if (!lmp_bredr_capable(hdev))
2347 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2348 MGMT_STATUS_NOT_SUPPORTED);
2349
1f350c87 2350 key_count = __le16_to_cpu(cp->key_count);
55ed8ca1 2351
86742e1e
JH		 2352 expected_len = sizeof(*cp) + key_count *
2353 sizeof(struct mgmt_link_key_info);
a492cd52 2354 if (expected_len != len) {
86742e1e 2355 BT_ERR("load_link_keys: expected %u bytes, got %u bytes",
2606ecbc 2356 expected_len, len);
bdb6d971 2357 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
04124681 2358 MGMT_STATUS_INVALID_PARAMS);
55ed8ca1
JH		 2359 }
2360
4ae14301
JH		 2361 if (cp->debug_keys != 0x00 && cp->debug_keys != 0x01)
2362 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2363 MGMT_STATUS_INVALID_PARAMS);
2364
bdb6d971 2365 BT_DBG("%s debug_keys %u key_count %u", hdev->name, cp->debug_keys,
8ce8e2b5 2366 key_count);
55ed8ca1 2367
4ee71b20
JH		 2368 for (i = 0; i < key_count; i++) {
2369 struct mgmt_link_key_info *key = &cp->keys[i];
2370
8e991132 2371 if (key->addr.type != BDADDR_BREDR || key->type > 0x08)
4ee71b20
JH		 2372 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2373 MGMT_STATUS_INVALID_PARAMS);
2374 }
2375
09fd0de5 2376 hci_dev_lock(hdev);
55ed8ca1
JH		 2377
2378 hci_link_keys_clear(hdev);
2379
55ed8ca1 2380 if (cp->debug_keys)
b1de97d8 2381 changed = !test_and_set_bit(HCI_DEBUG_KEYS, &hdev->dev_flags);
55ed8ca1 2382 else
b1de97d8
MH		 2383 changed = test_and_clear_bit(HCI_DEBUG_KEYS, &hdev->dev_flags);
2384
2385 if (changed)
2386 new_settings(hdev, NULL);
55ed8ca1 2387
a492cd52 2388 for (i = 0; i < key_count; i++) {
86742e1e 2389 struct mgmt_link_key_info *key = &cp->keys[i];
55ed8ca1 2390
d753fdc4 2391 hci_add_link_key(hdev, NULL, 0, &key->addr.bdaddr, key->val,
04124681 2392 key->type, key->pin_len);
55ed8ca1
JH		 2393 }
2394
bdb6d971 2395 cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS, 0, NULL, 0);
0e5f875a 2396
09fd0de5 2397 hci_dev_unlock(hdev);
55ed8ca1 2398
a492cd52 2399 return 0;
55ed8ca1
JH		 2400}
2401
b1078ad0 2402static int device_unpaired(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 2403 u8 addr_type, struct sock *skip_sk)
b1078ad0
JH		 2404{
2405 struct mgmt_ev_device_unpaired ev;
2406
2407 bacpy(&ev.addr.bdaddr, bdaddr);
2408 ev.addr.type = addr_type;
2409
2410 return mgmt_event(MGMT_EV_DEVICE_UNPAIRED, hdev, &ev, sizeof(ev),
04124681 2411 skip_sk);
b1078ad0
JH		 2412}
2413
bdb6d971 2414static int unpair_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2415 u16 len)
55ed8ca1 2416{
124f6e35
JH		 2417 struct mgmt_cp_unpair_device *cp = data;
2418 struct mgmt_rp_unpair_device rp;
a8a1d19e
JH		 2419 struct hci_cp_disconnect dc;
2420 struct pending_cmd *cmd;
55ed8ca1 2421 struct hci_conn *conn;
55ed8ca1
JH		 2422 int err;
2423
a8a1d19e 2424 memset(&rp, 0, sizeof(rp));
124f6e35
JH		 2425 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2426 rp.addr.type = cp->addr.type;
a8a1d19e 2427
4ee71b20
JH		 2428 if (!bdaddr_type_is_valid(cp->addr.type))
2429 return cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2430 MGMT_STATUS_INVALID_PARAMS,
2431 &rp, sizeof(rp));
2432
118da70b
JH		 2433 if (cp->disconnect != 0x00 && cp->disconnect != 0x01)
2434 return cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2435 MGMT_STATUS_INVALID_PARAMS,
2436 &rp, sizeof(rp));
2437
4ee71b20
JH		 2438 hci_dev_lock(hdev);
2439
86a8cfc6 2440 if (!hdev_is_powered(hdev)) {
bdb6d971 2441 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
04124681 2442 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
86a8cfc6
JH		 2443 goto unlock;
2444 }
2445
e0b2b27e 2446 if (cp->addr.type == BDADDR_BREDR) {
124f6e35 2447 err = hci_remove_link_key(hdev, &cp->addr.bdaddr);
e0b2b27e
JH		 2448 } else {
2449 u8 addr_type;
2450
2451 if (cp->addr.type == BDADDR_LE_PUBLIC)
2452 addr_type = ADDR_LE_DEV_PUBLIC;
2453 else
2454 addr_type = ADDR_LE_DEV_RANDOM;
2455
a7ec7338
JH		 2456 hci_remove_irk(hdev, &cp->addr.bdaddr, addr_type);
2457
a9b0a04c
AG		 2458 hci_conn_params_del(hdev, &cp->addr.bdaddr, addr_type);
2459
e0b2b27e
JH		 2460 err = hci_remove_ltk(hdev, &cp->addr.bdaddr, addr_type);
2461 }
b0dbfb46 2462
55ed8ca1 2463 if (err < 0) {
bdb6d971 2464 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
04124681 2465 MGMT_STATUS_NOT_PAIRED, &rp, sizeof(rp));
55ed8ca1
JH		 2466 goto unlock;
2467 }
2468
86a8cfc6 2469 if (cp->disconnect) {
591f47f3 2470 if (cp->addr.type == BDADDR_BREDR)
86a8cfc6 2471 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
8ce8e2b5 2472 &cp->addr.bdaddr);
86a8cfc6
JH		 2473 else
2474 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK,
8ce8e2b5 2475 &cp->addr.bdaddr);
86a8cfc6
JH		 2476 } else {
2477 conn = NULL;
2478 }
124f6e35 2479
a8a1d19e 2480 if (!conn) {
bdb6d971 2481 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE, 0,
04124681 2482 &rp, sizeof(rp));
b1078ad0 2483 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, sk);
a8a1d19e
JH		 2484 goto unlock;
2485 }
55ed8ca1 2486
124f6e35 2487 cmd = mgmt_pending_add(sk, MGMT_OP_UNPAIR_DEVICE, hdev, cp,
04124681 2488 sizeof(*cp));
a8a1d19e
JH		 2489 if (!cmd) {
2490 err = -ENOMEM;
2491 goto unlock;
55ed8ca1
JH		 2492 }
2493
eb55ef07 2494 dc.handle = cpu_to_le16(conn->handle);
a8a1d19e
JH		 2495 dc.reason = 0x13; /* Remote User Terminated Connection */
2496 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
2497 if (err < 0)
2498 mgmt_pending_remove(cmd);
2499
55ed8ca1 2500unlock:
09fd0de5 2501 hci_dev_unlock(hdev);
55ed8ca1
JH		 2502 return err;
2503}
2504
bdb6d971 2505static int disconnect(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2506 u16 len)
8962ee74 2507{
650f726d 2508 struct mgmt_cp_disconnect *cp = data;
06a63b19 2509 struct mgmt_rp_disconnect rp;
8962ee74 2510 struct hci_cp_disconnect dc;
366a0336 2511 struct pending_cmd *cmd;
8962ee74 2512 struct hci_conn *conn;
8962ee74
JH		 2513 int err;
2514
2515 BT_DBG("");
2516
06a63b19
JH		 2517 memset(&rp, 0, sizeof(rp));
2518 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2519 rp.addr.type = cp->addr.type;
2520
4ee71b20 2521 if (!bdaddr_type_is_valid(cp->addr.type))
06a63b19
JH		 2522 return cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2523 MGMT_STATUS_INVALID_PARAMS,
2524 &rp, sizeof(rp));
4ee71b20 2525
09fd0de5 2526 hci_dev_lock(hdev);
8962ee74
JH		 2527
2528 if (!test_bit(HCI_UP, &hdev->flags)) {
06a63b19
JH		 2529 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2530 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
8962ee74
JH		 2531 goto failed;
2532 }
2533
2e58ef3e 2534 if (mgmt_pending_find(MGMT_OP_DISCONNECT, hdev)) {
06a63b19
JH		 2535 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2536 MGMT_STATUS_BUSY, &rp, sizeof(rp));
8962ee74
JH		 2537 goto failed;
2538 }
2539
591f47f3 2540 if (cp->addr.type == BDADDR_BREDR)
8fc9ced3
GP		 2541 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
2542 &cp->addr.bdaddr);
88c3df13
JH		 2543 else
2544 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
365227e5 2545
f960727e 2546 if (!conn || conn->state == BT_OPEN || conn->state == BT_CLOSED) {
06a63b19
JH		 2547 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2548 MGMT_STATUS_NOT_CONNECTED, &rp, sizeof(rp));
8962ee74
JH		 2549 goto failed;
2550 }
2551
2e58ef3e 2552 cmd = mgmt_pending_add(sk, MGMT_OP_DISCONNECT, hdev, data, len);
366a0336
JH		 2553 if (!cmd) {
2554 err = -ENOMEM;
8962ee74 2555 goto failed;
366a0336 2556 }
8962ee74 2557
eb55ef07 2558 dc.handle = cpu_to_le16(conn->handle);
3701f944 2559 dc.reason = HCI_ERROR_REMOTE_USER_TERM;
8962ee74
JH		 2560
2561 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
2562 if (err < 0)
a664b5bc 2563 mgmt_pending_remove(cmd);
8962ee74
JH		 2564
2565failed:
09fd0de5 2566 hci_dev_unlock(hdev);
8962ee74
JH		 2567 return err;
2568}
2569
57c1477c 2570static u8 link_to_bdaddr(u8 link_type, u8 addr_type)
4c659c39
JH		 2571{
2572 switch (link_type) {
2573 case LE_LINK:
48264f06
JH		 2574 switch (addr_type) {
2575 case ADDR_LE_DEV_PUBLIC:
591f47f3 2576 return BDADDR_LE_PUBLIC;
0ed09148 2577
48264f06 2578 default:
0ed09148 2579 /* Fallback to LE Random address type */
591f47f3 2580 return BDADDR_LE_RANDOM;
48264f06 2581 }
0ed09148 2582
4c659c39 2583 default:
0ed09148 2584 /* Fallback to BR/EDR type */
591f47f3 2585 return BDADDR_BREDR;
4c659c39
JH		 2586 }
2587}
2588
04124681
GP		 2589static int get_connections(struct sock *sk, struct hci_dev *hdev, void *data,
2590 u16 data_len)
2784eb41 2591{
2784eb41 2592 struct mgmt_rp_get_connections *rp;
8035ded4 2593 struct hci_conn *c;
a38528f1 2594 size_t rp_len;
60fc5fb6
JH		 2595 int err;
2596 u16 i;
2784eb41
JH		 2597
2598 BT_DBG("");
2599
09fd0de5 2600 hci_dev_lock(hdev);
2784eb41 2601
5f97c1df 2602 if (!hdev_is_powered(hdev)) {
bdb6d971 2603 err = cmd_status(sk, hdev->id, MGMT_OP_GET_CONNECTIONS,
04124681 2604 MGMT_STATUS_NOT_POWERED);
5f97c1df
JH		 2605 goto unlock;
2606 }
2607
60fc5fb6 2608 i = 0;
b644ba33
JH		 2609 list_for_each_entry(c, &hdev->conn_hash.list, list) {
2610 if (test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
60fc5fb6 2611 i++;
2784eb41
JH		 2612 }
2613
60fc5fb6 2614 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
92c4c204 2615 rp = kmalloc(rp_len, GFP_KERNEL);
a38528f1 2616 if (!rp) {
2784eb41
JH		 2617 err = -ENOMEM;
2618 goto unlock;
2619 }
2620
2784eb41 2621 i = 0;
4c659c39 2622 list_for_each_entry(c, &hdev->conn_hash.list, list) {
b644ba33
JH		 2623 if (!test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
2624 continue;
4c659c39 2625 bacpy(&rp->addr[i].bdaddr, &c->dst);
57c1477c 2626 rp->addr[i].type = link_to_bdaddr(c->type, c->dst_type);
0ed09148 2627 if (c->type == SCO_LINK || c->type == ESCO_LINK)
4c659c39
JH		 2628 continue;
2629 i++;
2630 }
2631
eb55ef07 2632 rp->conn_count = cpu_to_le16(i);
60fc5fb6 2633
4c659c39
JH		 2634 /* Recalculate length in case of filtered SCO connections, etc */
2635 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
2784eb41 2636
bdb6d971 2637 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CONNECTIONS, 0, rp,
04124681 2638 rp_len);
2784eb41 2639
a38528f1 2640 kfree(rp);
5f97c1df
JH		 2641
2642unlock:
09fd0de5 2643 hci_dev_unlock(hdev);
2784eb41
JH		 2644 return err;
2645}
2646
bdb6d971 2647static int send_pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 2648 struct mgmt_cp_pin_code_neg_reply *cp)
96d97a67
WR		 2649{
2650 struct pending_cmd *cmd;
2651 int err;
2652
2e58ef3e 2653 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_NEG_REPLY, hdev, cp,
04124681 2654 sizeof(*cp));
96d97a67
WR		 2655 if (!cmd)
2656 return -ENOMEM;
2657
d8457698 2658 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
04124681 2659 sizeof(cp->addr.bdaddr), &cp->addr.bdaddr);
96d97a67
WR		 2660 if (err < 0)
2661 mgmt_pending_remove(cmd);
2662
2663 return err;
2664}
2665
bdb6d971 2666static int pin_code_reply(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2667 u16 len)
980e1a53 2668{
96d97a67 2669 struct hci_conn *conn;
650f726d 2670 struct mgmt_cp_pin_code_reply *cp = data;
980e1a53 2671 struct hci_cp_pin_code_reply reply;
366a0336 2672 struct pending_cmd *cmd;
980e1a53
JH		 2673 int err;
2674
2675 BT_DBG("");
2676
09fd0de5 2677 hci_dev_lock(hdev);
980e1a53 2678
4b34ee78 2679 if (!hdev_is_powered(hdev)) {
bdb6d971 2680 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
04124681 2681 MGMT_STATUS_NOT_POWERED);
980e1a53
JH		 2682 goto failed;
2683 }
2684
d8457698 2685 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->addr.bdaddr);
96d97a67 2686 if (!conn) {
bdb6d971 2687 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
04124681 2688 MGMT_STATUS_NOT_CONNECTED);
96d97a67
WR		 2689 goto failed;
2690 }
2691
2692 if (conn->pending_sec_level == BT_SECURITY_HIGH && cp->pin_len != 16) {
d8457698
JH		 2693 struct mgmt_cp_pin_code_neg_reply ncp;
2694
2695 memcpy(&ncp.addr, &cp->addr, sizeof(ncp.addr));
96d97a67
WR		 2696
2697 BT_ERR("PIN code is not 16 bytes long");
2698
bdb6d971 2699 err = send_pin_code_neg_reply(sk, hdev, &ncp);
96d97a67 2700 if (err >= 0)
bdb6d971 2701 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
04124681 2702 MGMT_STATUS_INVALID_PARAMS);
96d97a67
WR		 2703
2704 goto failed;
2705 }
2706
00abfe44 2707 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_REPLY, hdev, data, len);
366a0336
JH		 2708 if (!cmd) {
2709 err = -ENOMEM;
980e1a53 2710 goto failed;
366a0336 2711 }
980e1a53 2712
d8457698 2713 bacpy(&reply.bdaddr, &cp->addr.bdaddr);
980e1a53 2714 reply.pin_len = cp->pin_len;
24718ca5 2715 memcpy(reply.pin_code, cp->pin_code, sizeof(reply.pin_code));
980e1a53
JH		 2716
2717 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_REPLY, sizeof(reply), &reply);
2718 if (err < 0)
a664b5bc 2719 mgmt_pending_remove(cmd);
980e1a53
JH		 2720
2721failed:
09fd0de5 2722 hci_dev_unlock(hdev);
980e1a53
JH		 2723 return err;
2724}
2725
04124681
GP		 2726static int set_io_capability(struct sock *sk, struct hci_dev *hdev, void *data,
2727 u16 len)
17fa4b9d 2728{
650f726d 2729 struct mgmt_cp_set_io_capability *cp = data;
17fa4b9d
JH		 2730
2731 BT_DBG("");
2732
09fd0de5 2733 hci_dev_lock(hdev);
17fa4b9d
JH		 2734
2735 hdev->io_capability = cp->io_capability;
2736
2737 BT_DBG("%s IO capability set to 0x%02x", hdev->name,
8ce8e2b5 2738 hdev->io_capability);
17fa4b9d 2739
09fd0de5 2740 hci_dev_unlock(hdev);
17fa4b9d 2741
04124681
GP		 2742 return cmd_complete(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY, 0, NULL,
2743 0);
17fa4b9d
JH		 2744}
2745
6039aa73 2746static struct pending_cmd *find_pairing(struct hci_conn *conn)
e9a416b5
JH		 2747{
2748 struct hci_dev *hdev = conn->hdev;
8035ded4 2749 struct pending_cmd *cmd;
e9a416b5 2750
2e58ef3e 2751 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
e9a416b5
JH		 2752 if (cmd->opcode != MGMT_OP_PAIR_DEVICE)
2753 continue;
2754
e9a416b5
JH		 2755 if (cmd->user_data != conn)
2756 continue;
2757
2758 return cmd;
2759 }
2760
2761 return NULL;
2762}
2763
2764static void pairing_complete(struct pending_cmd *cmd, u8 status)
2765{
2766 struct mgmt_rp_pair_device rp;
2767 struct hci_conn *conn = cmd->user_data;
2768
61b1a7fb
JH		 2769 bacpy(&rp.addr.bdaddr, &conn->dst);
2770 rp.addr.type = link_to_bdaddr(conn->type, conn->dst_type);
e9a416b5 2771
aee9b218 2772 cmd_complete(cmd->sk, cmd->index, MGMT_OP_PAIR_DEVICE, status,
04124681 2773 &rp, sizeof(rp));
e9a416b5
JH		 2774
2775 /* So we don't get further callbacks for this connection */
2776 conn->connect_cfm_cb = NULL;
2777 conn->security_cfm_cb = NULL;
2778 conn->disconn_cfm_cb = NULL;
2779
76a68ba0 2780 hci_conn_drop(conn);
e9a416b5 2781
a664b5bc 2782 mgmt_pending_remove(cmd);
e9a416b5
JH		 2783}
2784
f4a407be
JH		 2785void mgmt_smp_complete(struct hci_conn *conn, bool complete)
2786{
2787 u8 status = complete ? MGMT_STATUS_SUCCESS : MGMT_STATUS_FAILED;
2788 struct pending_cmd *cmd;
2789
2790 cmd = find_pairing(conn);
2791 if (cmd)
2792 pairing_complete(cmd, status);
2793}
2794
e9a416b5
JH		 2795static void pairing_complete_cb(struct hci_conn *conn, u8 status)
2796{
2797 struct pending_cmd *cmd;
2798
2799 BT_DBG("status %u", status);
2800
2801 cmd = find_pairing(conn);
56e5cb86 2802 if (!cmd)
e9a416b5 2803 BT_DBG("Unable to find a pending command");
56e5cb86 2804 else
e211326c 2805 pairing_complete(cmd, mgmt_status(status));
e9a416b5
JH		 2806}
2807
f4a407be 2808static void le_pairing_complete_cb(struct hci_conn *conn, u8 status)
4c47d739
VA		 2809{
2810 struct pending_cmd *cmd;
2811
2812 BT_DBG("status %u", status);
2813
2814 if (!status)
2815 return;
2816
2817 cmd = find_pairing(conn);
2818 if (!cmd)
2819 BT_DBG("Unable to find a pending command");
2820 else
2821 pairing_complete(cmd, mgmt_status(status));
2822}
2823
bdb6d971 2824static int pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2825 u16 len)
e9a416b5 2826{
650f726d 2827 struct mgmt_cp_pair_device *cp = data;
1425acb7 2828 struct mgmt_rp_pair_device rp;
e9a416b5
JH		 2829 struct pending_cmd *cmd;
2830 u8 sec_level, auth_type;
2831 struct hci_conn *conn;
e9a416b5
JH		 2832 int err;
2833
2834 BT_DBG("");
2835
f950a30e
SJ		 2836 memset(&rp, 0, sizeof(rp));
2837 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2838 rp.addr.type = cp->addr.type;
2839
4ee71b20
JH		 2840 if (!bdaddr_type_is_valid(cp->addr.type))
2841 return cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2842 MGMT_STATUS_INVALID_PARAMS,
2843 &rp, sizeof(rp));
2844
09fd0de5 2845 hci_dev_lock(hdev);
e9a416b5 2846
5f97c1df 2847 if (!hdev_is_powered(hdev)) {
f950a30e
SJ		 2848 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2849 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
5f97c1df
JH		 2850 goto unlock;
2851 }
2852
c908df36 2853 sec_level = BT_SECURITY_MEDIUM;
6fd6b915 2854 auth_type = HCI_AT_DEDICATED_BONDING;
e9a416b5 2855
6f77d8c7 2856 if (cp->addr.type == BDADDR_BREDR) {
04a6c589
AG		 2857 conn = hci_connect_acl(hdev, &cp->addr.bdaddr, sec_level,
2858 auth_type);
6f77d8c7
AG		 2859 } else {
2860 u8 addr_type;
2861
2862 /* Convert from L2CAP channel address type to HCI address type
2863 */
2864 if (cp->addr.type == BDADDR_LE_PUBLIC)
2865 addr_type = ADDR_LE_DEV_PUBLIC;
2866 else
2867 addr_type = ADDR_LE_DEV_RANDOM;
2868
2869 conn = hci_connect_le(hdev, &cp->addr.bdaddr, addr_type,
04a6c589 2870 sec_level, auth_type);
6f77d8c7 2871 }
7a512d01 2872
30e76272 2873 if (IS_ERR(conn)) {
489dc48e
AK		 2874 int status;
2875
2876 if (PTR_ERR(conn) == -EBUSY)
2877 status = MGMT_STATUS_BUSY;
2878 else
2879 status = MGMT_STATUS_CONNECT_FAILED;
2880
bdb6d971 2881 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
489dc48e 2882 status, &rp,
04124681 2883 sizeof(rp));
e9a416b5
JH		 2884 goto unlock;
2885 }
2886
2887 if (conn->connect_cfm_cb) {
76a68ba0 2888 hci_conn_drop(conn);
bdb6d971 2889 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
04124681 2890 MGMT_STATUS_BUSY, &rp, sizeof(rp));
e9a416b5
JH		 2891 goto unlock;
2892 }
2893
2e58ef3e 2894 cmd = mgmt_pending_add(sk, MGMT_OP_PAIR_DEVICE, hdev, data, len);
e9a416b5
JH		 2895 if (!cmd) {
2896 err = -ENOMEM;
76a68ba0 2897 hci_conn_drop(conn);
e9a416b5
JH		 2898 goto unlock;
2899 }
2900
7a512d01 2901 /* For LE, just connecting isn't a proof that the pairing finished */
f4a407be 2902 if (cp->addr.type == BDADDR_BREDR) {
7a512d01 2903 conn->connect_cfm_cb = pairing_complete_cb;
f4a407be
JH		 2904 conn->security_cfm_cb = pairing_complete_cb;
2905 conn->disconn_cfm_cb = pairing_complete_cb;
2906 } else {
2907 conn->connect_cfm_cb = le_pairing_complete_cb;
2908 conn->security_cfm_cb = le_pairing_complete_cb;
2909 conn->disconn_cfm_cb = le_pairing_complete_cb;
2910 }
7a512d01 2911
e9a416b5
JH		 2912 conn->io_capability = cp->io_cap;
2913 cmd->user_data = conn;
2914
2915 if (conn->state == BT_CONNECTED &&
8ce8e2b5 2916 hci_conn_security(conn, sec_level, auth_type))
e9a416b5
JH		 2917 pairing_complete(cmd, 0);
2918
2919 err = 0;
2920
2921unlock:
09fd0de5 2922 hci_dev_unlock(hdev);
e9a416b5
JH		 2923 return err;
2924}
2925
04124681
GP		 2926static int cancel_pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
2927 u16 len)
28424707 2928{
0f4e68cf 2929 struct mgmt_addr_info *addr = data;
28424707
JH		 2930 struct pending_cmd *cmd;
2931 struct hci_conn *conn;
2932 int err;
2933
2934 BT_DBG("");
2935
28424707
JH		 2936 hci_dev_lock(hdev);
2937
5f97c1df 2938 if (!hdev_is_powered(hdev)) {
bdb6d971 2939 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
04124681 2940 MGMT_STATUS_NOT_POWERED);
5f97c1df
JH		 2941 goto unlock;
2942 }
2943
28424707
JH		 2944 cmd = mgmt_pending_find(MGMT_OP_PAIR_DEVICE, hdev);
2945 if (!cmd) {
bdb6d971 2946 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
04124681 2947 MGMT_STATUS_INVALID_PARAMS);
28424707
JH		 2948 goto unlock;
2949 }
2950
2951 conn = cmd->user_data;
2952
2953 if (bacmp(&addr->bdaddr, &conn->dst) != 0) {
bdb6d971 2954 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
04124681 2955 MGMT_STATUS_INVALID_PARAMS);
28424707
JH		 2956 goto unlock;
2957 }
2958
2959 pairing_complete(cmd, MGMT_STATUS_CANCELLED);
2960
bdb6d971 2961 err = cmd_complete(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE, 0,
04124681 2962 addr, sizeof(*addr));
28424707
JH		 2963unlock:
2964 hci_dev_unlock(hdev);
28424707
JH		 2965 return err;
2966}
2967
bdb6d971 2968static int user_pairing_resp(struct sock *sk, struct hci_dev *hdev,
1707c60e 2969 struct mgmt_addr_info *addr, u16 mgmt_op,
04124681 2970 u16 hci_op, __le32 passkey)
a5c29683 2971{
a5c29683 2972 struct pending_cmd *cmd;
0df4c185 2973 struct hci_conn *conn;
a5c29683
JH		 2974 int err;
2975
09fd0de5 2976 hci_dev_lock(hdev);
08ba5382 2977
4b34ee78 2978 if (!hdev_is_powered(hdev)) {
feb94d3d
JH		 2979 err = cmd_complete(sk, hdev->id, mgmt_op,
2980 MGMT_STATUS_NOT_POWERED, addr,
2981 sizeof(*addr));
0df4c185 2982 goto done;
a5c29683
JH		 2983 }
2984
1707c60e
JH		 2985 if (addr->type == BDADDR_BREDR)
2986 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &addr->bdaddr);
272d90df 2987 else
1707c60e 2988 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &addr->bdaddr);
272d90df
JH		 2989
2990 if (!conn) {
feb94d3d
JH		 2991 err = cmd_complete(sk, hdev->id, mgmt_op,
2992 MGMT_STATUS_NOT_CONNECTED, addr,
2993 sizeof(*addr));
272d90df
JH		 2994 goto done;
2995 }
47c15e2b 2996
1707c60e 2997 if (addr->type == BDADDR_LE_PUBLIC || addr->type == BDADDR_LE_RANDOM) {
47c15e2b 2998 /* Continue with pairing via SMP */
5fe57d9e
BG		 2999 err = smp_user_confirm_reply(conn, mgmt_op, passkey);
3000
3001 if (!err)
feb94d3d
JH		 3002 err = cmd_complete(sk, hdev->id, mgmt_op,
3003 MGMT_STATUS_SUCCESS, addr,
3004 sizeof(*addr));
5fe57d9e 3005 else
feb94d3d
JH		 3006 err = cmd_complete(sk, hdev->id, mgmt_op,
3007 MGMT_STATUS_FAILED, addr,
3008 sizeof(*addr));
47c15e2b 3009
47c15e2b
BG		 3010 goto done;
3011 }
3012
1707c60e 3013 cmd = mgmt_pending_add(sk, mgmt_op, hdev, addr, sizeof(*addr));
a5c29683
JH		 3014 if (!cmd) {
3015 err = -ENOMEM;
0df4c185 3016 goto done;
a5c29683
JH		 3017 }
3018
0df4c185 3019 /* Continue with pairing via HCI */
604086b7
BG		 3020 if (hci_op == HCI_OP_USER_PASSKEY_REPLY) {
3021 struct hci_cp_user_passkey_reply cp;
3022
1707c60e 3023 bacpy(&cp.bdaddr, &addr->bdaddr);
604086b7
BG		 3024 cp.passkey = passkey;
3025 err = hci_send_cmd(hdev, hci_op, sizeof(cp), &cp);
3026 } else
1707c60e
JH		 3027 err = hci_send_cmd(hdev, hci_op, sizeof(addr->bdaddr),
3028 &addr->bdaddr);
604086b7 3029
a664b5bc
JH		 3030 if (err < 0)
3031 mgmt_pending_remove(cmd);
a5c29683 3032
0df4c185 3033done:
09fd0de5 3034 hci_dev_unlock(hdev);
a5c29683
JH		 3035 return err;
3036}
3037
afeb019d
JK		 3038static int pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
3039 void *data, u16 len)
3040{
3041 struct mgmt_cp_pin_code_neg_reply *cp = data;
3042
3043 BT_DBG("");
3044
1707c60e 3045 return user_pairing_resp(sk, hdev, &cp->addr,
afeb019d
JK		 3046 MGMT_OP_PIN_CODE_NEG_REPLY,
3047 HCI_OP_PIN_CODE_NEG_REPLY, 0);
3048}
3049
04124681
GP		 3050static int user_confirm_reply(struct sock *sk, struct hci_dev *hdev, void *data,
3051 u16 len)
0df4c185 3052{
650f726d 3053 struct mgmt_cp_user_confirm_reply *cp = data;
0df4c185
BG		 3054
3055 BT_DBG("");
3056
3057 if (len != sizeof(*cp))
bdb6d971 3058 return cmd_status(sk, hdev->id, MGMT_OP_USER_CONFIRM_REPLY,
04124681 3059 MGMT_STATUS_INVALID_PARAMS);
0df4c185 3060
1707c60e 3061 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 3062 MGMT_OP_USER_CONFIRM_REPLY,
3063 HCI_OP_USER_CONFIRM_REPLY, 0);
0df4c185
BG		 3064}
3065
bdb6d971 3066static int user_confirm_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 3067 void *data, u16 len)
0df4c185 3068{
c9c2659f 3069 struct mgmt_cp_user_confirm_neg_reply *cp = data;
0df4c185
BG		 3070
3071 BT_DBG("");
3072
1707c60e 3073 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 3074 MGMT_OP_USER_CONFIRM_NEG_REPLY,
3075 HCI_OP_USER_CONFIRM_NEG_REPLY, 0);
0df4c185
BG		 3076}
3077
04124681
GP		 3078static int user_passkey_reply(struct sock *sk, struct hci_dev *hdev, void *data,
3079 u16 len)
604086b7 3080{
650f726d 3081 struct mgmt_cp_user_passkey_reply *cp = data;
604086b7
BG		 3082
3083 BT_DBG("");
3084
1707c60e 3085 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 3086 MGMT_OP_USER_PASSKEY_REPLY,
3087 HCI_OP_USER_PASSKEY_REPLY, cp->passkey);
604086b7
BG		 3088}
3089
bdb6d971 3090static int user_passkey_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 3091 void *data, u16 len)
604086b7 3092{
650f726d 3093 struct mgmt_cp_user_passkey_neg_reply *cp = data;
604086b7
BG		 3094
3095 BT_DBG("");
3096
1707c60e 3097 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 3098 MGMT_OP_USER_PASSKEY_NEG_REPLY,
3099 HCI_OP_USER_PASSKEY_NEG_REPLY, 0);
604086b7
BG		 3100}
3101
13928971 3102static void update_name(struct hci_request *req)
2b4bf397 3103{
13928971 3104 struct hci_dev *hdev = req->hdev;
2b4bf397
JH		 3105 struct hci_cp_write_local_name cp;
3106
13928971 3107 memcpy(cp.name, hdev->dev_name, sizeof(cp.name));
2b4bf397 3108
890ea898 3109 hci_req_add(req, HCI_OP_WRITE_LOCAL_NAME, sizeof(cp), &cp);
2b4bf397
JH		 3110}
3111
13928971
JH		 3112static void set_name_complete(struct hci_dev *hdev, u8 status)
3113{
3114 struct mgmt_cp_set_local_name *cp;
3115 struct pending_cmd *cmd;
3116
3117 BT_DBG("status 0x%02x", status);
3118
3119 hci_dev_lock(hdev);
3120
3121 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
3122 if (!cmd)
3123 goto unlock;
3124
3125 cp = cmd->param;
3126
3127 if (status)
3128 cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME,
3129 mgmt_status(status));
3130 else
3131 cmd_complete(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3132 cp, sizeof(*cp));
3133
3134 mgmt_pending_remove(cmd);
3135
3136unlock:
3137 hci_dev_unlock(hdev);
3138}
3139
bdb6d971 3140static int set_local_name(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3141 u16 len)
b312b161 3142{
2b4bf397 3143 struct mgmt_cp_set_local_name *cp = data;
b312b161 3144 struct pending_cmd *cmd;
890ea898 3145 struct hci_request req;
b312b161
JH		 3146 int err;
3147
3148 BT_DBG("");
3149
09fd0de5 3150 hci_dev_lock(hdev);
b312b161 3151
b3f2ca94
JH		 3152 /* If the old values are the same as the new ones just return a
3153 * direct command complete event.
3154 */
3155 if (!memcmp(hdev->dev_name, cp->name, sizeof(hdev->dev_name)) &&
3156 !memcmp(hdev->short_name, cp->short_name,
3157 sizeof(hdev->short_name))) {
3158 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3159 data, len);
3160 goto failed;
3161 }
3162
2b4bf397 3163 memcpy(hdev->short_name, cp->short_name, sizeof(hdev->short_name));
28cc7bde 3164
b5235a65 3165 if (!hdev_is_powered(hdev)) {
2b4bf397 3166 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
28cc7bde
JH		 3167
3168 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
04124681 3169 data, len);
28cc7bde
JH		 3170 if (err < 0)
3171 goto failed;
3172
3173 err = mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, data, len,
04124681 3174 sk);
28cc7bde 3175
b5235a65
JH		 3176 goto failed;
3177 }
3178
28cc7bde 3179 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LOCAL_NAME, hdev, data, len);
b312b161
JH		 3180 if (!cmd) {
3181 err = -ENOMEM;
3182 goto failed;
3183 }
3184
13928971
JH		 3185 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
3186
890ea898 3187 hci_req_init(&req, hdev);
3f985050
JH		 3188
3189 if (lmp_bredr_capable(hdev)) {
3190 update_name(&req);
3191 update_eir(&req);
3192 }
3193
7a5f4990
MH		 3194 /* The name is stored in the scan response data and so
3195 * no need to udpate the advertising data here.
3196 */
3f985050 3197 if (lmp_le_capable(hdev))
7a5f4990 3198 update_scan_rsp_data(&req);
3f985050 3199
13928971 3200 err = hci_req_run(&req, set_name_complete);
b312b161
JH		 3201 if (err < 0)
3202 mgmt_pending_remove(cmd);
3203
3204failed:
09fd0de5 3205 hci_dev_unlock(hdev);
b312b161
JH		 3206 return err;
3207}
3208
0f4e68cf 3209static int read_local_oob_data(struct sock *sk, struct hci_dev *hdev,
04124681 3210 void *data, u16 data_len)
c35938b2 3211{
c35938b2
SJ		 3212 struct pending_cmd *cmd;
3213 int err;
3214
bdb6d971 3215 BT_DBG("%s", hdev->name);
c35938b2 3216
09fd0de5 3217 hci_dev_lock(hdev);
c35938b2 3218
4b34ee78 3219 if (!hdev_is_powered(hdev)) {
bdb6d971 3220 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
04124681 3221 MGMT_STATUS_NOT_POWERED);
c35938b2
SJ		 3222 goto unlock;
3223 }
3224
9a1a1996 3225 if (!lmp_ssp_capable(hdev)) {
bdb6d971 3226 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
04124681 3227 MGMT_STATUS_NOT_SUPPORTED);
c35938b2
SJ		 3228 goto unlock;
3229 }
3230
2e58ef3e 3231 if (mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev)) {
bdb6d971 3232 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
04124681 3233 MGMT_STATUS_BUSY);
c35938b2
SJ		 3234 goto unlock;
3235 }
3236
2e58ef3e 3237 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_DATA, hdev, NULL, 0);
c35938b2
SJ		 3238 if (!cmd) {
3239 err = -ENOMEM;
3240 goto unlock;
3241 }
3242
4d2d2796
MH		 3243 if (test_bit(HCI_SC_ENABLED, &hdev->dev_flags))
3244 err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_EXT_DATA,
3245 0, NULL);
3246 else
3247 err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL);
3248
c35938b2
SJ		 3249 if (err < 0)
3250 mgmt_pending_remove(cmd);
3251
3252unlock:
09fd0de5 3253 hci_dev_unlock(hdev);
c35938b2
SJ		 3254 return err;
3255}
3256
bdb6d971 3257static int add_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
04124681 3258 void *data, u16 len)
2763eda6 3259{
2763eda6
SJ		 3260 int err;
3261
bdb6d971 3262 BT_DBG("%s ", hdev->name);
2763eda6 3263
09fd0de5 3264 hci_dev_lock(hdev);
2763eda6 3265
ec109113
MH		 3266 if (len == MGMT_ADD_REMOTE_OOB_DATA_SIZE) {
3267 struct mgmt_cp_add_remote_oob_data *cp = data;
3268 u8 status;
bf1e3541 3269
ec109113
MH		 3270 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr,
3271 cp->hash, cp->randomizer);
3272 if (err < 0)
3273 status = MGMT_STATUS_FAILED;
3274 else
3275 status = MGMT_STATUS_SUCCESS;
3276
3277 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA,
3278 status, &cp->addr, sizeof(cp->addr));
3279 } else if (len == MGMT_ADD_REMOTE_OOB_EXT_DATA_SIZE) {
3280 struct mgmt_cp_add_remote_oob_ext_data *cp = data;
3281 u8 status;
3282
3283 err = hci_add_remote_oob_ext_data(hdev, &cp->addr.bdaddr,
3284 cp->hash192,
3285 cp->randomizer192,
3286 cp->hash256,
3287 cp->randomizer256);
3288 if (err < 0)
3289 status = MGMT_STATUS_FAILED;
3290 else
3291 status = MGMT_STATUS_SUCCESS;
3292
3293 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA,
3294 status, &cp->addr, sizeof(cp->addr));
3295 } else {
3296 BT_ERR("add_remote_oob_data: invalid length of %u bytes", len);
3297 err = cmd_status(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA,
3298 MGMT_STATUS_INVALID_PARAMS);
3299 }
2763eda6 3300
09fd0de5 3301 hci_dev_unlock(hdev);
2763eda6
SJ		 3302 return err;
3303}
3304
bdb6d971 3305static int remove_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
8ce8e2b5 3306 void *data, u16 len)
2763eda6 3307{
650f726d 3308 struct mgmt_cp_remove_remote_oob_data *cp = data;
bf1e3541 3309 u8 status;
2763eda6
SJ		 3310 int err;
3311
bdb6d971 3312 BT_DBG("%s", hdev->name);
2763eda6 3313
09fd0de5 3314 hci_dev_lock(hdev);
2763eda6 3315
664ce4cc 3316 err = hci_remove_remote_oob_data(hdev, &cp->addr.bdaddr);
2763eda6 3317 if (err < 0)
bf1e3541 3318 status = MGMT_STATUS_INVALID_PARAMS;
2763eda6 3319 else
a6785be2 3320 status = MGMT_STATUS_SUCCESS;
bf1e3541 3321
bdb6d971 3322 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
04124681 3323 status, &cp->addr, sizeof(cp->addr));
2763eda6 3324
09fd0de5 3325 hci_dev_unlock(hdev);
2763eda6
SJ		 3326 return err;
3327}
3328
41dc2bd6
AG		 3329static int mgmt_start_discovery_failed(struct hci_dev *hdev, u8 status)
3330{
3331 struct pending_cmd *cmd;
3332 u8 type;
3333 int err;
3334
3335 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
3336
3337 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
3338 if (!cmd)
3339 return -ENOENT;
3340
3341 type = hdev->discovery.type;
3342
3343 err = cmd_complete(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status),
3344 &type, sizeof(type));
3345 mgmt_pending_remove(cmd);
3346
3347 return err;
3348}
3349
7c307720
AG		 3350static void start_discovery_complete(struct hci_dev *hdev, u8 status)
3351{
ae55f598
LR		 3352 unsigned long timeout = 0;
3353
7c307720
AG		 3354 BT_DBG("status %d", status);
3355
3356 if (status) {
3357 hci_dev_lock(hdev);
3358 mgmt_start_discovery_failed(hdev, status);
3359 hci_dev_unlock(hdev);
3360 return;
3361 }
3362
3363 hci_dev_lock(hdev);
3364 hci_discovery_set_state(hdev, DISCOVERY_FINDING);
3365 hci_dev_unlock(hdev);
3366
3367 switch (hdev->discovery.type) {
3368 case DISCOV_TYPE_LE:
3d5a76f0 3369 timeout = msecs_to_jiffies(DISCOV_LE_TIMEOUT);
7c307720
AG		 3370 break;
3371
3372 case DISCOV_TYPE_INTERLEAVED:
b9a7a61e 3373 timeout = msecs_to_jiffies(hdev->discov_interleaved_timeout);
7c307720
AG		 3374 break;
3375
3376 case DISCOV_TYPE_BREDR:
3377 break;
3378
3379 default:
3380 BT_ERR("Invalid discovery type %d", hdev->discovery.type);
3381 }
ae55f598
LR		 3382
3383 if (!timeout)
3384 return;
3385
3386 queue_delayed_work(hdev->workqueue, &hdev->le_scan_disable, timeout);
7c307720
AG		 3387}
3388
bdb6d971 3389static int start_discovery(struct sock *sk, struct hci_dev *hdev,
04124681 3390 void *data, u16 len)
14a53664 3391{
650f726d 3392 struct mgmt_cp_start_discovery *cp = data;
14a53664 3393 struct pending_cmd *cmd;
7c307720
AG		 3394 struct hci_cp_le_set_scan_param param_cp;
3395 struct hci_cp_le_set_scan_enable enable_cp;
3396 struct hci_cp_inquiry inq_cp;
3397 struct hci_request req;
3398 /* General inquiry access code (GIAC) */
3399 u8 lap[3] = { 0x33, 0x8b, 0x9e };
d9483943 3400 u8 status, own_addr_type;
14a53664
JH		 3401 int err;
3402
bdb6d971 3403 BT_DBG("%s", hdev->name);
14a53664 3404
09fd0de5 3405 hci_dev_lock(hdev);
14a53664 3406
4b34ee78 3407 if (!hdev_is_powered(hdev)) {
bdb6d971 3408 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
04124681 3409 MGMT_STATUS_NOT_POWERED);
bd2d1334
JH		 3410 goto failed;
3411 }
3412
642be6c7
AG		 3413 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags)) {
3414 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3415 MGMT_STATUS_BUSY);
3416 goto failed;
3417 }
3418
ff9ef578 3419 if (hdev->discovery.state != DISCOVERY_STOPPED) {
bdb6d971 3420 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
04124681 3421 MGMT_STATUS_BUSY);
ff9ef578
JH		 3422 goto failed;
3423 }
3424
2e58ef3e 3425 cmd = mgmt_pending_add(sk, MGMT_OP_START_DISCOVERY, hdev, NULL, 0);
14a53664
JH		 3426 if (!cmd) {
3427 err = -ENOMEM;
3428 goto failed;
3429 }
3430
4aab14e5
AG		 3431 hdev->discovery.type = cp->type;
3432
7c307720
AG		 3433 hci_req_init(&req, hdev);
3434
4aab14e5 3435 switch (hdev->discovery.type) {
f39799f5 3436 case DISCOV_TYPE_BREDR:
e6fe7986
JH		 3437 status = mgmt_bredr_support(hdev);
3438 if (status) {
04106755 3439 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
e6fe7986 3440 status);
04106755
JH		 3441 mgmt_pending_remove(cmd);
3442 goto failed;
3443 }
3444
7c307720
AG		 3445 if (test_bit(HCI_INQUIRY, &hdev->flags)) {
3446 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3447 MGMT_STATUS_BUSY);
3448 mgmt_pending_remove(cmd);
3449 goto failed;
3450 }
3451
3452 hci_inquiry_cache_flush(hdev);
3453
3454 memset(&inq_cp, 0, sizeof(inq_cp));
3455 memcpy(&inq_cp.lap, lap, sizeof(inq_cp.lap));
0d8cc935 3456 inq_cp.length = DISCOV_BREDR_INQUIRY_LEN;
7c307720 3457 hci_req_add(&req, HCI_OP_INQUIRY, sizeof(inq_cp), &inq_cp);
f39799f5
AG		 3458 break;
3459
3460 case DISCOV_TYPE_LE:
7c307720 3461 case DISCOV_TYPE_INTERLEAVED:
e6fe7986
JH		 3462 status = mgmt_le_support(hdev);
3463 if (status) {
04106755 3464 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
e6fe7986 3465 status);
04106755
JH		 3466 mgmt_pending_remove(cmd);
3467 goto failed;
3468 }
3469
7c307720 3470 if (hdev->discovery.type == DISCOV_TYPE_INTERLEAVED &&
56f87901 3471 !test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
04106755
JH		 3472 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3473 MGMT_STATUS_NOT_SUPPORTED);
3474 mgmt_pending_remove(cmd);
3475 goto failed;
3476 }
3477
f3d3444a 3478 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags)) {
7c307720
AG		 3479 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3480 MGMT_STATUS_REJECTED);
3481 mgmt_pending_remove(cmd);
3482 goto failed;
3483 }
3484
c54c3860
AG		 3485 /* If controller is scanning, it means the background scanning
3486 * is running. Thus, we should temporarily stop it in order to
3487 * set the discovery scanning parameters.
3488 */
3489 if (test_bit(HCI_LE_SCAN, &hdev->dev_flags))
3490 hci_req_add_le_scan_disable(&req);
7c307720
AG		 3491
3492 memset(&param_cp, 0, sizeof(param_cp));
d9483943 3493
94b1fc92
MH		 3494 /* All active scans will be done with either a resolvable
3495 * private address (when privacy feature has been enabled)
3496 * or unresolvable private address.
3497 */
3498 err = hci_update_random_address(&req, true, &own_addr_type);
d9483943
JH		 3499 if (err < 0) {
3500 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3501 MGMT_STATUS_FAILED);
3502 mgmt_pending_remove(cmd);
3503 goto failed;
3504 }
3505
7c307720 3506 param_cp.type = LE_SCAN_ACTIVE;
0d8cc935
AG		 3507 param_cp.interval = cpu_to_le16(DISCOV_LE_SCAN_INT);
3508 param_cp.window = cpu_to_le16(DISCOV_LE_SCAN_WIN);
d9483943 3509 param_cp.own_address_type = own_addr_type;
7c307720
AG		 3510 hci_req_add(&req, HCI_OP_LE_SET_SCAN_PARAM, sizeof(param_cp),
3511 &param_cp);
3512
3513 memset(&enable_cp, 0, sizeof(enable_cp));
3514 enable_cp.enable = LE_SCAN_ENABLE;
3515 enable_cp.filter_dup = LE_SCAN_FILTER_DUP_ENABLE;
3516 hci_req_add(&req, HCI_OP_LE_SET_SCAN_ENABLE, sizeof(enable_cp),
3517 &enable_cp);
5e0452c0
AG		 3518 break;
3519
f39799f5 3520 default:
04106755
JH		 3521 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3522 MGMT_STATUS_INVALID_PARAMS);
3523 mgmt_pending_remove(cmd);
3524 goto failed;
f39799f5 3525 }
3fd24153 3526
7c307720 3527 err = hci_req_run(&req, start_discovery_complete);
14a53664
JH		 3528 if (err < 0)
3529 mgmt_pending_remove(cmd);
ff9ef578
JH		 3530 else
3531 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
14a53664
JH		 3532
3533failed:
09fd0de5 3534 hci_dev_unlock(hdev);
14a53664
JH		 3535 return err;
3536}
3537
1183fdca
AG		 3538static int mgmt_stop_discovery_failed(struct hci_dev *hdev, u8 status)
3539{
3540 struct pending_cmd *cmd;
3541 int err;
3542
3543 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
3544 if (!cmd)
3545 return -ENOENT;
3546
3547 err = cmd_complete(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status),
3548 &hdev->discovery.type, sizeof(hdev->discovery.type));
3549 mgmt_pending_remove(cmd);
3550
3551 return err;
3552}
3553
0e05bba6
AG		 3554static void stop_discovery_complete(struct hci_dev *hdev, u8 status)
3555{
3556 BT_DBG("status %d", status);
3557
3558 hci_dev_lock(hdev);
3559
3560 if (status) {
3561 mgmt_stop_discovery_failed(hdev, status);
3562 goto unlock;
3563 }
3564
3565 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
3566
3567unlock:
3568 hci_dev_unlock(hdev);
3569}
3570
bdb6d971 3571static int stop_discovery(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3572 u16 len)
14a53664 3573{
d930650b 3574 struct mgmt_cp_stop_discovery *mgmt_cp = data;
14a53664 3575 struct pending_cmd *cmd;
30dc78e1
JH		 3576 struct hci_cp_remote_name_req_cancel cp;
3577 struct inquiry_entry *e;
0e05bba6 3578 struct hci_request req;
14a53664
JH		 3579 int err;
3580
bdb6d971 3581 BT_DBG("%s", hdev->name);
14a53664 3582
09fd0de5 3583 hci_dev_lock(hdev);
14a53664 3584
30dc78e1 3585 if (!hci_discovery_active(hdev)) {
bdb6d971 3586 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
04124681
GP		 3587 MGMT_STATUS_REJECTED, &mgmt_cp->type,
3588 sizeof(mgmt_cp->type));
d930650b
JH		 3589 goto unlock;
3590 }
3591
3592 if (hdev->discovery.type != mgmt_cp->type) {
bdb6d971 3593 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
04124681
GP		 3594 MGMT_STATUS_INVALID_PARAMS, &mgmt_cp->type,
3595 sizeof(mgmt_cp->type));
30dc78e1 3596 goto unlock;
ff9ef578
JH		 3597 }
3598
2e58ef3e 3599 cmd = mgmt_pending_add(sk, MGMT_OP_STOP_DISCOVERY, hdev, NULL, 0);
14a53664
JH		 3600 if (!cmd) {
3601 err = -ENOMEM;
30dc78e1
JH		 3602 goto unlock;
3603 }
3604
0e05bba6
AG		 3605 hci_req_init(&req, hdev);
3606
e0d9727e
AG		 3607 switch (hdev->discovery.state) {
3608 case DISCOVERY_FINDING:
0e05bba6
AG		 3609 if (test_bit(HCI_INQUIRY, &hdev->flags)) {
3610 hci_req_add(&req, HCI_OP_INQUIRY_CANCEL, 0, NULL);
3611 } else {
3612 cancel_delayed_work(&hdev->le_scan_disable);
3613
b1efcc28 3614 hci_req_add_le_scan_disable(&req);
0e05bba6 3615 }
c9ecc48e 3616
e0d9727e
AG		 3617 break;
3618
3619 case DISCOVERY_RESOLVING:
3620 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY,
8ce8e2b5 3621 NAME_PENDING);
e0d9727e 3622 if (!e) {
30dc78e1 3623 mgmt_pending_remove(cmd);
e0d9727e
AG		 3624 err = cmd_complete(sk, hdev->id,
3625 MGMT_OP_STOP_DISCOVERY, 0,
3626 &mgmt_cp->type,
3627 sizeof(mgmt_cp->type));
3628 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
3629 goto unlock;
3630 }
30dc78e1 3631
e0d9727e 3632 bacpy(&cp.bdaddr, &e->data.bdaddr);
0e05bba6
AG		 3633 hci_req_add(&req, HCI_OP_REMOTE_NAME_REQ_CANCEL, sizeof(cp),
3634 &cp);
e0d9727e
AG		 3635
3636 break;
3637
3638 default:
3639 BT_DBG("unknown discovery state %u", hdev->discovery.state);
0e05bba6
AG		 3640
3641 mgmt_pending_remove(cmd);
3642 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
3643 MGMT_STATUS_FAILED, &mgmt_cp->type,
3644 sizeof(mgmt_cp->type));
3645 goto unlock;
14a53664
JH		 3646 }
3647
0e05bba6 3648 err = hci_req_run(&req, stop_discovery_complete);
14a53664
JH		 3649 if (err < 0)
3650 mgmt_pending_remove(cmd);
ff9ef578
JH		 3651 else
3652 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
14a53664 3653
30dc78e1 3654unlock:
09fd0de5 3655 hci_dev_unlock(hdev);
14a53664
JH		 3656 return err;
3657}
3658
bdb6d971 3659static int confirm_name(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3660 u16 len)
561aafbc 3661{
650f726d 3662 struct mgmt_cp_confirm_name *cp = data;
561aafbc 3663 struct inquiry_entry *e;
561aafbc
JH		 3664 int err;
3665
bdb6d971 3666 BT_DBG("%s", hdev->name);
561aafbc 3667
561aafbc
JH		 3668 hci_dev_lock(hdev);
3669
30dc78e1 3670 if (!hci_discovery_active(hdev)) {
d3a2541d
LR		 3671 err = cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
3672 MGMT_STATUS_FAILED, &cp->addr,
3673 sizeof(cp->addr));
30dc78e1
JH		 3674 goto failed;
3675 }
3676
a198e7b1 3677 e = hci_inquiry_cache_lookup_unknown(hdev, &cp->addr.bdaddr);
561aafbc 3678 if (!e) {
d3a2541d
LR		 3679 err = cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
3680 MGMT_STATUS_INVALID_PARAMS, &cp->addr,
3681 sizeof(cp->addr));
561aafbc
JH		 3682 goto failed;
3683 }
3684
3685 if (cp->name_known) {
3686 e->name_state = NAME_KNOWN;
3687 list_del(&e->list);
3688 } else {
3689 e->name_state = NAME_NEEDED;
a3d4e20a 3690 hci_inquiry_cache_update_resolve(hdev, e);
561aafbc
JH		 3691 }
3692
e384662b
JH		 3693 err = cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME, 0, &cp->addr,
3694 sizeof(cp->addr));
561aafbc
JH		 3695
3696failed:
3697 hci_dev_unlock(hdev);
561aafbc
JH		 3698 return err;
3699}
3700
bdb6d971 3701static int block_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3702 u16 len)
7fbec224 3703{
650f726d 3704 struct mgmt_cp_block_device *cp = data;
f0eeea8b 3705 u8 status;
7fbec224
AJ		 3706 int err;
3707
bdb6d971 3708 BT_DBG("%s", hdev->name);
7fbec224 3709
4ee71b20 3710 if (!bdaddr_type_is_valid(cp->addr.type))
5d0846d4
JH		 3711 return cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE,
3712 MGMT_STATUS_INVALID_PARAMS,
3713 &cp->addr, sizeof(cp->addr));
4ee71b20 3714
09fd0de5 3715 hci_dev_lock(hdev);
5e762444 3716
88c1fe4b 3717 err = hci_blacklist_add(hdev, &cp->addr.bdaddr, cp->addr.type);
7fbec224 3718 if (err < 0)
f0eeea8b 3719 status = MGMT_STATUS_FAILED;
7fbec224 3720 else
a6785be2 3721 status = MGMT_STATUS_SUCCESS;
f0eeea8b 3722
bdb6d971 3723 err = cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE, status,
04124681 3724 &cp->addr, sizeof(cp->addr));
5e762444 3725
09fd0de5 3726 hci_dev_unlock(hdev);
7fbec224
AJ		 3727
3728 return err;
3729}
3730
bdb6d971 3731static int unblock_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3732 u16 len)
7fbec224 3733{
650f726d 3734 struct mgmt_cp_unblock_device *cp = data;
f0eeea8b 3735 u8 status;
7fbec224
AJ		 3736 int err;
3737
bdb6d971 3738 BT_DBG("%s", hdev->name);
7fbec224 3739
4ee71b20 3740 if (!bdaddr_type_is_valid(cp->addr.type))
5d0846d4
JH		 3741 return cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE,
3742 MGMT_STATUS_INVALID_PARAMS,
3743 &cp->addr, sizeof(cp->addr));
4ee71b20 3744
09fd0de5 3745 hci_dev_lock(hdev);
5e762444 3746
88c1fe4b 3747 err = hci_blacklist_del(hdev, &cp->addr.bdaddr, cp->addr.type);
7fbec224 3748 if (err < 0)
f0eeea8b 3749 status = MGMT_STATUS_INVALID_PARAMS;
7fbec224 3750 else
a6785be2 3751 status = MGMT_STATUS_SUCCESS;
f0eeea8b 3752
bdb6d971 3753 err = cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE, status,
04124681 3754 &cp->addr, sizeof(cp->addr));
5e762444 3755
09fd0de5 3756 hci_dev_unlock(hdev);
7fbec224
AJ		 3757
3758 return err;
3759}
3760
cdbaccca
MH		 3761static int set_device_id(struct sock *sk, struct hci_dev *hdev, void *data,
3762 u16 len)
3763{
3764 struct mgmt_cp_set_device_id *cp = data;
890ea898 3765 struct hci_request req;
cdbaccca 3766 int err;
c72d4b8a 3767 __u16 source;
cdbaccca
MH		 3768
3769 BT_DBG("%s", hdev->name);
3770
c72d4b8a
SJ		 3771 source = __le16_to_cpu(cp->source);
3772
3773 if (source > 0x0002)
3774 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEVICE_ID,
3775 MGMT_STATUS_INVALID_PARAMS);
3776
cdbaccca
MH		 3777 hci_dev_lock(hdev);
3778
c72d4b8a 3779 hdev->devid_source = source;
cdbaccca
MH		 3780 hdev->devid_vendor = __le16_to_cpu(cp->vendor);
3781 hdev->devid_product = __le16_to_cpu(cp->product);
3782 hdev->devid_version = __le16_to_cpu(cp->version);
3783
3784 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEVICE_ID, 0, NULL, 0);
3785
890ea898
JH		 3786 hci_req_init(&req, hdev);
3787 update_eir(&req);
3788 hci_req_run(&req, NULL);
cdbaccca
MH		 3789
3790 hci_dev_unlock(hdev);
3791
3792 return err;
3793}
3794
4375f103
JH		 3795static void set_advertising_complete(struct hci_dev *hdev, u8 status)
3796{
3797 struct cmd_lookup match = { NULL, hdev };
3798
3799 if (status) {
3800 u8 mgmt_err = mgmt_status(status);
3801
3802 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev,
3803 cmd_status_rsp, &mgmt_err);
3804 return;
3805 }
3806
3807 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev, settings_rsp,
3808 &match);
3809
3810 new_settings(hdev, match.sk);
3811
3812 if (match.sk)
3813 sock_put(match.sk);
3814}
3815
21b5187f
MH		 3816static int set_advertising(struct sock *sk, struct hci_dev *hdev, void *data,
3817 u16 len)
4375f103
JH		 3818{
3819 struct mgmt_mode *cp = data;
3820 struct pending_cmd *cmd;
3821 struct hci_request req;
e6fe7986 3822 u8 val, enabled, status;
4375f103
JH		 3823 int err;
3824
3825 BT_DBG("request for %s", hdev->name);
3826
e6fe7986
JH		 3827 status = mgmt_le_support(hdev);
3828 if (status)
4375f103 3829 return cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
e6fe7986 3830 status);
4375f103
JH		 3831
3832 if (cp->val != 0x00 && cp->val != 0x01)
3833 return cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
3834 MGMT_STATUS_INVALID_PARAMS);
3835
3836 hci_dev_lock(hdev);
3837
3838 val = !!cp->val;
f3d3444a 3839 enabled = test_bit(HCI_ADVERTISING, &hdev->dev_flags);
4375f103 3840
f74ca9b8
JH		 3841 /* The following conditions are ones which mean that we should
3842 * not do any HCI communication but directly send a mgmt
3843 * response to user space (after toggling the flag if
3844 * necessary).
3845 */
3846 if (!hdev_is_powered(hdev) || val == enabled ||
b145edcd 3847 hci_conn_num(hdev, LE_LINK) > 0) {
4375f103
JH		 3848 bool changed = false;
3849
f3d3444a
JH		 3850 if (val != test_bit(HCI_ADVERTISING, &hdev->dev_flags)) {
3851 change_bit(HCI_ADVERTISING, &hdev->dev_flags);
4375f103
JH		 3852 changed = true;
3853 }
3854
3855 err = send_settings_rsp(sk, MGMT_OP_SET_ADVERTISING, hdev);
3856 if (err < 0)
3857 goto unlock;
3858
3859 if (changed)
3860 err = new_settings(hdev, sk);
3861
3862 goto unlock;
3863 }
3864
3865 if (mgmt_pending_find(MGMT_OP_SET_ADVERTISING, hdev) ||
3866 mgmt_pending_find(MGMT_OP_SET_LE, hdev)) {
3867 err = cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
3868 MGMT_STATUS_BUSY);
3869 goto unlock;
3870 }
3871
3872 cmd = mgmt_pending_add(sk, MGMT_OP_SET_ADVERTISING, hdev, data, len);
3873 if (!cmd) {
3874 err = -ENOMEM;
3875 goto unlock;
3876 }
3877
3878 hci_req_init(&req, hdev);
3879
bba3aa55
MH		 3880 if (val)
3881 enable_advertising(&req);
3882 else
3883 disable_advertising(&req);
4375f103
JH		 3884
3885 err = hci_req_run(&req, set_advertising_complete);
3886 if (err < 0)
3887 mgmt_pending_remove(cmd);
3888
3889unlock:
3890 hci_dev_unlock(hdev);
3891 return err;
3892}
3893
d13eafce
MH		 3894static int set_static_address(struct sock *sk, struct hci_dev *hdev,
3895 void *data, u16 len)
3896{
3897 struct mgmt_cp_set_static_address *cp = data;
3898 int err;
3899
3900 BT_DBG("%s", hdev->name);
3901
62af4443 3902 if (!lmp_le_capable(hdev))
d13eafce 3903 return cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
62af4443 3904 MGMT_STATUS_NOT_SUPPORTED);
d13eafce
MH		 3905
3906 if (hdev_is_powered(hdev))
3907 return cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
3908 MGMT_STATUS_REJECTED);
3909
3910 if (bacmp(&cp->bdaddr, BDADDR_ANY)) {
3911 if (!bacmp(&cp->bdaddr, BDADDR_NONE))
3912 return cmd_status(sk, hdev->id,
3913 MGMT_OP_SET_STATIC_ADDRESS,
3914 MGMT_STATUS_INVALID_PARAMS);
3915
3916 /* Two most significant bits shall be set */
3917 if ((cp->bdaddr.b[5] & 0xc0) != 0xc0)
3918 return cmd_status(sk, hdev->id,
3919 MGMT_OP_SET_STATIC_ADDRESS,
3920 MGMT_STATUS_INVALID_PARAMS);
3921 }
3922
3923 hci_dev_lock(hdev);
3924
3925 bacpy(&hdev->static_addr, &cp->bdaddr);
3926
3927 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS, 0, NULL, 0);
3928
3929 hci_dev_unlock(hdev);
3930
3931 return err;
3932}
3933
14b49b9a
MH		 3934static int set_scan_params(struct sock *sk, struct hci_dev *hdev,
3935 void *data, u16 len)
3936{
3937 struct mgmt_cp_set_scan_params *cp = data;
3938 __u16 interval, window;
3939 int err;
3940
3941 BT_DBG("%s", hdev->name);
3942
3943 if (!lmp_le_capable(hdev))
3944 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
3945 MGMT_STATUS_NOT_SUPPORTED);
3946
3947 interval = __le16_to_cpu(cp->interval);
3948
3949 if (interval < 0x0004 || interval > 0x4000)
3950 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
3951 MGMT_STATUS_INVALID_PARAMS);
3952
3953 window = __le16_to_cpu(cp->window);
3954
3955 if (window < 0x0004 || window > 0x4000)
3956 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
3957 MGMT_STATUS_INVALID_PARAMS);
3958
899e1075
MH		 3959 if (window > interval)
3960 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
3961 MGMT_STATUS_INVALID_PARAMS);
3962
14b49b9a
MH		 3963 hci_dev_lock(hdev);
3964
3965 hdev->le_scan_interval = interval;
3966 hdev->le_scan_window = window;
3967
3968 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS, 0, NULL, 0);
3969
dd2ef8e2
AG		 3970 /* If background scan is running, restart it so new parameters are
3971 * loaded.
3972 */
3973 if (test_bit(HCI_LE_SCAN, &hdev->dev_flags) &&
3974 hdev->discovery.state == DISCOVERY_STOPPED) {
3975 struct hci_request req;
3976
3977 hci_req_init(&req, hdev);
3978
3979 hci_req_add_le_scan_disable(&req);
3980 hci_req_add_le_passive_scan(&req);
3981
3982 hci_req_run(&req, NULL);
3983 }
3984
14b49b9a
MH		 3985 hci_dev_unlock(hdev);
3986
3987 return err;
3988}
3989
33e38b3e
JH		 3990static void fast_connectable_complete(struct hci_dev *hdev, u8 status)
3991{
3992 struct pending_cmd *cmd;
3993
3994 BT_DBG("status 0x%02x", status);
3995
3996 hci_dev_lock(hdev);
3997
3998 cmd = mgmt_pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev);
3999 if (!cmd)
4000 goto unlock;
4001
4002 if (status) {
4003 cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4004 mgmt_status(status));
4005 } else {
1a4d3c4b
JH		 4006 struct mgmt_mode *cp = cmd->param;
4007
4008 if (cp->val)
4009 set_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
4010 else
4011 clear_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
4012
33e38b3e
JH		 4013 send_settings_rsp(cmd->sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev);
4014 new_settings(hdev, cmd->sk);
4015 }
4016
4017 mgmt_pending_remove(cmd);
4018
4019unlock:
4020 hci_dev_unlock(hdev);
4021}
4022
bdb6d971 4023static int set_fast_connectable(struct sock *sk, struct hci_dev *hdev,
04124681 4024 void *data, u16 len)
f6422ec6 4025{
650f726d 4026 struct mgmt_mode *cp = data;
33e38b3e
JH		 4027 struct pending_cmd *cmd;
4028 struct hci_request req;
f6422ec6
AJ		 4029 int err;
4030
bdb6d971 4031 BT_DBG("%s", hdev->name);
f6422ec6 4032
56f87901
JH		 4033 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags) ||
4034 hdev->hci_ver < BLUETOOTH_VER_1_2)
33c525c0
JH		 4035 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4036 MGMT_STATUS_NOT_SUPPORTED);
4037
a7e80f25
JH		 4038 if (cp->val != 0x00 && cp->val != 0x01)
4039 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4040 MGMT_STATUS_INVALID_PARAMS);
4041
5400c044 4042 if (!hdev_is_powered(hdev))
bdb6d971 4043 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
04124681 4044 MGMT_STATUS_NOT_POWERED);
5400c044
JH		 4045
4046 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
bdb6d971 4047 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
04124681 4048 MGMT_STATUS_REJECTED);
f6422ec6
AJ		 4049
4050 hci_dev_lock(hdev);
4051
05cbf29f
JH		 4052 if (mgmt_pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev)) {
4053 err = cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4054 MGMT_STATUS_BUSY);
4055 goto unlock;
4056 }
4057
1a4d3c4b
JH		 4058 if (!!cp->val == test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags)) {
4059 err = send_settings_rsp(sk, MGMT_OP_SET_FAST_CONNECTABLE,
4060 hdev);
4061 goto unlock;
4062 }
4063
33e38b3e
JH		 4064 cmd = mgmt_pending_add(sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev,
4065 data, len);
4066 if (!cmd) {
4067 err = -ENOMEM;
4068 goto unlock;
f6422ec6
AJ		 4069 }
4070
33e38b3e
JH		 4071 hci_req_init(&req, hdev);
4072
406d7804 4073 write_fast_connectable(&req, cp->val);
33e38b3e
JH		 4074
4075 err = hci_req_run(&req, fast_connectable_complete);
f6422ec6 4076 if (err < 0) {
bdb6d971 4077 err = cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
04124681 4078 MGMT_STATUS_FAILED);
33e38b3e 4079 mgmt_pending_remove(cmd);
f6422ec6
AJ		 4080 }
4081
33e38b3e 4082unlock:
f6422ec6 4083 hci_dev_unlock(hdev);
33e38b3e 4084
f6422ec6
AJ		 4085 return err;
4086}
4087
67e5a7a3
JH		 4088static void set_bredr_scan(struct hci_request *req)
4089{
4090 struct hci_dev *hdev = req->hdev;
4091 u8 scan = 0;
4092
4093 /* Ensure that fast connectable is disabled. This function will
4094 * not do anything if the page scan parameters are already what
4095 * they should be.
4096 */
4097 write_fast_connectable(req, false);
4098
4099 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
4100 scan |= SCAN_PAGE;
4101 if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
4102 scan |= SCAN_INQUIRY;
4103
4104 if (scan)
4105 hci_req_add(req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
4106}
4107
0663ca2a
JH		 4108static void set_bredr_complete(struct hci_dev *hdev, u8 status)
4109{
4110 struct pending_cmd *cmd;
4111
4112 BT_DBG("status 0x%02x", status);
4113
4114 hci_dev_lock(hdev);
4115
4116 cmd = mgmt_pending_find(MGMT_OP_SET_BREDR, hdev);
4117 if (!cmd)
4118 goto unlock;
4119
4120 if (status) {
4121 u8 mgmt_err = mgmt_status(status);
4122
4123 /* We need to restore the flag if related HCI commands
4124 * failed.
4125 */
4126 clear_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
4127
4128 cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
4129 } else {
4130 send_settings_rsp(cmd->sk, MGMT_OP_SET_BREDR, hdev);
4131 new_settings(hdev, cmd->sk);
4132 }
4133
4134 mgmt_pending_remove(cmd);
4135
4136unlock:
4137 hci_dev_unlock(hdev);
4138}
4139
4140static int set_bredr(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
4141{
4142 struct mgmt_mode *cp = data;
4143 struct pending_cmd *cmd;
4144 struct hci_request req;
4145 int err;
4146
4147 BT_DBG("request for %s", hdev->name);
4148
4149 if (!lmp_bredr_capable(hdev) || !lmp_le_capable(hdev))
4150 return cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4151 MGMT_STATUS_NOT_SUPPORTED);
4152
4153 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
4154 return cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4155 MGMT_STATUS_REJECTED);
4156
4157 if (cp->val != 0x00 && cp->val != 0x01)
4158 return cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4159 MGMT_STATUS_INVALID_PARAMS);
4160
4161 hci_dev_lock(hdev);
4162
4163 if (cp->val == test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
4164 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
4165 goto unlock;
4166 }
4167
4168 if (!hdev_is_powered(hdev)) {
4169 if (!cp->val) {
0663ca2a
JH		 4170 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
4171 clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
4172 clear_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
4173 clear_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
4174 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
4175 }
4176
4177 change_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
4178
4179 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
4180 if (err < 0)
4181 goto unlock;
4182
4183 err = new_settings(hdev, sk);
4184 goto unlock;
4185 }
4186
4187 /* Reject disabling when powered on */
4188 if (!cp->val) {
4189 err = cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4190 MGMT_STATUS_REJECTED);
4191 goto unlock;
4192 }
4193
4194 if (mgmt_pending_find(MGMT_OP_SET_BREDR, hdev)) {
4195 err = cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4196 MGMT_STATUS_BUSY);
4197 goto unlock;
4198 }
4199
4200 cmd = mgmt_pending_add(sk, MGMT_OP_SET_BREDR, hdev, data, len);
4201 if (!cmd) {
4202 err = -ENOMEM;
4203 goto unlock;
4204 }
4205
5947f4bc 4206 /* We need to flip the bit already here so that update_adv_data
0663ca2a
JH		 4207 * generates the correct flags.
4208 */
4209 set_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
4210
4211 hci_req_init(&req, hdev);
aa8af46e
JH		 4212
4213 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
4214 set_bredr_scan(&req);
4215
f14d8f64
MH		 4216 /* Since only the advertising data flags will change, there
4217 * is no need to update the scan response data.
4218 */
5947f4bc 4219 update_adv_data(&req);
aa8af46e 4220
0663ca2a
JH		 4221 err = hci_req_run(&req, set_bredr_complete);
4222 if (err < 0)
4223 mgmt_pending_remove(cmd);
4224
4225unlock:
4226 hci_dev_unlock(hdev);
4227 return err;
4228}
4229
eac83dc6
MH		 4230static int set_secure_conn(struct sock *sk, struct hci_dev *hdev,
4231 void *data, u16 len)
4232{
4233 struct mgmt_mode *cp = data;
4234 struct pending_cmd *cmd;
0ab04a9c 4235 u8 val, status;
eac83dc6
MH		 4236 int err;
4237
4238 BT_DBG("request for %s", hdev->name);
4239
4240 status = mgmt_bredr_support(hdev);
4241 if (status)
4242 return cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4243 status);
4244
5afeac14
MH		 4245 if (!lmp_sc_capable(hdev) &&
4246 !test_bit(HCI_FORCE_SC, &hdev->dev_flags))
eac83dc6
MH		 4247 return cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4248 MGMT_STATUS_NOT_SUPPORTED);
4249
0ab04a9c 4250 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
eac83dc6
MH		 4251 return cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4252 MGMT_STATUS_INVALID_PARAMS);
4253
4254 hci_dev_lock(hdev);
4255
4256 if (!hdev_is_powered(hdev)) {
4257 bool changed;
4258
0ab04a9c 4259 if (cp->val) {
eac83dc6
MH		 4260 changed = !test_and_set_bit(HCI_SC_ENABLED,
4261 &hdev->dev_flags);
0ab04a9c
MH		 4262 if (cp->val == 0x02)
4263 set_bit(HCI_SC_ONLY, &hdev->dev_flags);
4264 else
4265 clear_bit(HCI_SC_ONLY, &hdev->dev_flags);
4266 } else {
eac83dc6
MH		 4267 changed = test_and_clear_bit(HCI_SC_ENABLED,
4268 &hdev->dev_flags);
0ab04a9c
MH		 4269 clear_bit(HCI_SC_ONLY, &hdev->dev_flags);
4270 }
eac83dc6
MH		 4271
4272 err = send_settings_rsp(sk, MGMT_OP_SET_SECURE_CONN, hdev);
4273 if (err < 0)
4274 goto failed;
4275
4276 if (changed)
4277 err = new_settings(hdev, sk);
4278
4279 goto failed;
4280 }
4281
4282 if (mgmt_pending_find(MGMT_OP_SET_SECURE_CONN, hdev)) {
4283 err = cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4284 MGMT_STATUS_BUSY);
4285 goto failed;
4286 }
4287
0ab04a9c
MH		 4288 val = !!cp->val;
4289
4290 if (val == test_bit(HCI_SC_ENABLED, &hdev->dev_flags) &&
4291 (cp->val == 0x02) == test_bit(HCI_SC_ONLY, &hdev->dev_flags)) {
eac83dc6
MH		 4292 err = send_settings_rsp(sk, MGMT_OP_SET_SECURE_CONN, hdev);
4293 goto failed;
4294 }
4295
4296 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SECURE_CONN, hdev, data, len);
4297 if (!cmd) {
4298 err = -ENOMEM;
4299 goto failed;
4300 }
4301
0ab04a9c 4302 err = hci_send_cmd(hdev, HCI_OP_WRITE_SC_SUPPORT, 1, &val);
eac83dc6
MH		 4303 if (err < 0) {
4304 mgmt_pending_remove(cmd);
4305 goto failed;
4306 }
4307
0ab04a9c
MH		 4308 if (cp->val == 0x02)
4309 set_bit(HCI_SC_ONLY, &hdev->dev_flags);
4310 else
4311 clear_bit(HCI_SC_ONLY, &hdev->dev_flags);
4312
eac83dc6
MH		 4313failed:
4314 hci_dev_unlock(hdev);
4315 return err;
4316}
4317
4e39ac81
MH		 4318static int set_debug_keys(struct sock *sk, struct hci_dev *hdev,
4319 void *data, u16 len)
4320{
4321 struct mgmt_mode *cp = data;
4322 bool changed;
4323 int err;
4324
4325 BT_DBG("request for %s", hdev->name);
4326
4327 if (cp->val != 0x00 && cp->val != 0x01)
4328 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEBUG_KEYS,
4329 MGMT_STATUS_INVALID_PARAMS);
4330
4331 hci_dev_lock(hdev);
4332
4333 if (cp->val)
4334 changed = !test_and_set_bit(HCI_DEBUG_KEYS, &hdev->dev_flags);
4335 else
4336 changed = test_and_clear_bit(HCI_DEBUG_KEYS, &hdev->dev_flags);
4337
4338 err = send_settings_rsp(sk, MGMT_OP_SET_DEBUG_KEYS, hdev);
4339 if (err < 0)
4340 goto unlock;
4341
4342 if (changed)
4343 err = new_settings(hdev, sk);
4344
4345unlock:
4346 hci_dev_unlock(hdev);
4347 return err;
4348}
4349
62b04cd1
JH		 4350static int set_privacy(struct sock *sk, struct hci_dev *hdev, void *cp_data,
4351 u16 len)
4352{
4353 struct mgmt_cp_set_privacy *cp = cp_data;
4354 bool changed;
4355 int err;
4356
4357 BT_DBG("request for %s", hdev->name);
4358
4359 if (!lmp_le_capable(hdev))
4360 return cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
4361 MGMT_STATUS_NOT_SUPPORTED);
4362
4363 if (cp->privacy != 0x00 && cp->privacy != 0x01)
4364 return cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
4365 MGMT_STATUS_INVALID_PARAMS);
4366
4367 if (hdev_is_powered(hdev))
4368 return cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
4369 MGMT_STATUS_REJECTED);
4370
4371 hci_dev_lock(hdev);
4372
c21c0ea0
JH		 4373 /* If user space supports this command it is also expected to
4374 * handle IRKs. Therefore, set the HCI_RPA_RESOLVING flag.
4375 */
4376 set_bit(HCI_RPA_RESOLVING, &hdev->dev_flags);
4377
62b04cd1
JH		 4378 if (cp->privacy) {
4379 changed = !test_and_set_bit(HCI_PRIVACY, &hdev->dev_flags);
4380 memcpy(hdev->irk, cp->irk, sizeof(hdev->irk));
4381 set_bit(HCI_RPA_EXPIRED, &hdev->dev_flags);
4382 } else {
4383 changed = test_and_clear_bit(HCI_PRIVACY, &hdev->dev_flags);
4384 memset(hdev->irk, 0, sizeof(hdev->irk));
4385 clear_bit(HCI_RPA_EXPIRED, &hdev->dev_flags);
4386 }
4387
4388 err = send_settings_rsp(sk, MGMT_OP_SET_PRIVACY, hdev);
4389 if (err < 0)
4390 goto unlock;
4391
4392 if (changed)
4393 err = new_settings(hdev, sk);
4394
4395unlock:
4396 hci_dev_unlock(hdev);
4397 return err;
4398}
4399
41edf160
JH		 4400static bool irk_is_valid(struct mgmt_irk_info *irk)
4401{
4402 switch (irk->addr.type) {
4403 case BDADDR_LE_PUBLIC:
4404 return true;
4405
4406 case BDADDR_LE_RANDOM:
4407 /* Two most significant bits shall be set */
4408 if ((irk->addr.bdaddr.b[5] & 0xc0) != 0xc0)
4409 return false;
4410 return true;
4411 }
4412
4413 return false;
4414}
4415
4416static int load_irks(struct sock *sk, struct hci_dev *hdev, void *cp_data,
4417 u16 len)
4418{
4419 struct mgmt_cp_load_irks *cp = cp_data;
4420 u16 irk_count, expected_len;
4421 int i, err;
4422
4423 BT_DBG("request for %s", hdev->name);
4424
4425 if (!lmp_le_capable(hdev))
4426 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
4427 MGMT_STATUS_NOT_SUPPORTED);
4428
4429 irk_count = __le16_to_cpu(cp->irk_count);
4430
4431 expected_len = sizeof(*cp) + irk_count * sizeof(struct mgmt_irk_info);
4432 if (expected_len != len) {
4433 BT_ERR("load_irks: expected %u bytes, got %u bytes",
2606ecbc 4434 expected_len, len);
41edf160
JH		 4435 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
4436 MGMT_STATUS_INVALID_PARAMS);
4437 }
4438
4439 BT_DBG("%s irk_count %u", hdev->name, irk_count);
4440
4441 for (i = 0; i < irk_count; i++) {
4442 struct mgmt_irk_info *key = &cp->irks[i];
4443
4444 if (!irk_is_valid(key))
4445 return cmd_status(sk, hdev->id,
4446 MGMT_OP_LOAD_IRKS,
4447 MGMT_STATUS_INVALID_PARAMS);
4448 }
4449
4450 hci_dev_lock(hdev);
4451
4452 hci_smp_irks_clear(hdev);
4453
4454 for (i = 0; i < irk_count; i++) {
4455 struct mgmt_irk_info *irk = &cp->irks[i];
4456 u8 addr_type;
4457
4458 if (irk->addr.type == BDADDR_LE_PUBLIC)
4459 addr_type = ADDR_LE_DEV_PUBLIC;
4460 else
4461 addr_type = ADDR_LE_DEV_RANDOM;
4462
4463 hci_add_irk(hdev, &irk->addr.bdaddr, addr_type, irk->val,
4464 BDADDR_ANY);
4465 }
4466
4467 set_bit(HCI_RPA_RESOLVING, &hdev->dev_flags);
4468
4469 err = cmd_complete(sk, hdev->id, MGMT_OP_LOAD_IRKS, 0, NULL, 0);
4470
4471 hci_dev_unlock(hdev);
4472
4473 return err;
4474}
4475
3f706b72
JH		 4476static bool ltk_is_valid(struct mgmt_ltk_info *key)
4477{
4478 if (key->master != 0x00 && key->master != 0x01)
4479 return false;
490cb0b3
MH		 4480
4481 switch (key->addr.type) {
4482 case BDADDR_LE_PUBLIC:
4483 return true;
4484
4485 case BDADDR_LE_RANDOM:
4486 /* Two most significant bits shall be set */
4487 if ((key->addr.bdaddr.b[5] & 0xc0) != 0xc0)
4488 return false;
4489 return true;
4490 }
4491
4492 return false;
3f706b72
JH		 4493}
4494
bdb6d971 4495static int load_long_term_keys(struct sock *sk, struct hci_dev *hdev,
04124681 4496 void *cp_data, u16 len)
346af67b 4497{
346af67b
VCG		 4498 struct mgmt_cp_load_long_term_keys *cp = cp_data;
4499 u16 key_count, expected_len;
715a5bf2 4500 int i, err;
346af67b 4501
cf99ba13
MH		 4502 BT_DBG("request for %s", hdev->name);
4503
4504 if (!lmp_le_capable(hdev))
4505 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
4506 MGMT_STATUS_NOT_SUPPORTED);
4507
1f350c87 4508 key_count = __le16_to_cpu(cp->key_count);
346af67b
VCG		 4509
4510 expected_len = sizeof(*cp) + key_count *
4511 sizeof(struct mgmt_ltk_info);
4512 if (expected_len != len) {
4513 BT_ERR("load_keys: expected %u bytes, got %u bytes",
2606ecbc 4514 expected_len, len);
bdb6d971 4515 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
e57e619f 4516 MGMT_STATUS_INVALID_PARAMS);
346af67b
VCG		 4517 }
4518
bdb6d971 4519 BT_DBG("%s key_count %u", hdev->name, key_count);
346af67b 4520
54ad6d8a
JH		 4521 for (i = 0; i < key_count; i++) {
4522 struct mgmt_ltk_info *key = &cp->keys[i];
4523
3f706b72 4524 if (!ltk_is_valid(key))
54ad6d8a
JH		 4525 return cmd_status(sk, hdev->id,
4526 MGMT_OP_LOAD_LONG_TERM_KEYS,
4527 MGMT_STATUS_INVALID_PARAMS);
4528 }
4529
346af67b
VCG		 4530 hci_dev_lock(hdev);
4531
4532 hci_smp_ltks_clear(hdev);
4533
4534 for (i = 0; i < key_count; i++) {
4535 struct mgmt_ltk_info *key = &cp->keys[i];
79d95a19
MH		 4536 u8 type, addr_type;
4537
4538 if (key->addr.type == BDADDR_LE_PUBLIC)
4539 addr_type = ADDR_LE_DEV_PUBLIC;
4540 else
4541 addr_type = ADDR_LE_DEV_RANDOM;
346af67b
VCG		 4542
4543 if (key->master)
4544 type = HCI_SMP_LTK;
4545 else
4546 type = HCI_SMP_LTK_SLAVE;
4547
35d70271
JH		 4548 hci_add_ltk(hdev, &key->addr.bdaddr, addr_type, type,
4549 key->type, key->val, key->enc_size, key->ediv,
4550 key->rand);
346af67b
VCG		 4551 }
4552
715a5bf2
JH		 4553 err = cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS, 0,
4554 NULL, 0);
4555
346af67b 4556 hci_dev_unlock(hdev);
346af67b 4557
715a5bf2 4558 return err;
346af67b
VCG		 4559}
4560
dd983808
AK		 4561struct cmd_conn_lookup {
4562 struct hci_conn *conn;
4563 bool valid_tx_power;
4564 u8 mgmt_status;
4565};
4566
4567static void get_conn_info_complete(struct pending_cmd *cmd, void *data)
4568{
4569 struct cmd_conn_lookup *match = data;
4570 struct mgmt_cp_get_conn_info *cp;
4571 struct mgmt_rp_get_conn_info rp;
4572 struct hci_conn *conn = cmd->user_data;
4573
4574 if (conn != match->conn)
4575 return;
4576
4577 cp = (struct mgmt_cp_get_conn_info *) cmd->param;
4578
4579 memset(&rp, 0, sizeof(rp));
4580 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
4581 rp.addr.type = cp->addr.type;
4582
4583 if (!match->mgmt_status) {
4584 rp.rssi = conn->rssi;
4585
4586 if (match->valid_tx_power)
4587 rp.tx_power = conn->tx_power;
4588 else
4589 rp.tx_power = HCI_TX_POWER_INVALID;
4590
4591 rp.max_tx_power = HCI_TX_POWER_INVALID;
4592 }
4593
4594 cmd_complete(cmd->sk, cmd->index, MGMT_OP_GET_CONN_INFO,
4595 match->mgmt_status, &rp, sizeof(rp));
4596
4597 hci_conn_drop(conn);
4598
4599 mgmt_pending_remove(cmd);
4600}
4601
4602static void conn_info_refresh_complete(struct hci_dev *hdev, u8 status)
4603{
4604 struct hci_cp_read_rssi *cp;
4605 struct hci_conn *conn;
4606 struct cmd_conn_lookup match;
4607 u16 handle;
4608
4609 BT_DBG("status 0x%02x", status);
4610
4611 hci_dev_lock(hdev);
4612
4613 /* TX power data is valid in case request completed successfully,
4614 * otherwise we assume it's not valid.
4615 */
4616 match.valid_tx_power = !status;
4617
4618 /* Commands sent in request are either Read RSSI or Read Transmit Power
4619 * Level so we check which one was last sent to retrieve connection
4620 * handle. Both commands have handle as first parameter so it's safe to
4621 * cast data on the same command struct.
4622 *
4623 * First command sent is always Read RSSI and we fail only if it fails.
4624 * In other case we simply override error to indicate success as we
4625 * already remembered if TX power value is actually valid.
4626 */
4627 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_RSSI);
4628 if (!cp) {
4629 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_TX_POWER);
4630 status = 0;
4631 }
4632
4633 if (!cp) {
4634 BT_ERR("invalid sent_cmd in response");
4635 goto unlock;
4636 }
4637
4638 handle = __le16_to_cpu(cp->handle);
4639 conn = hci_conn_hash_lookup_handle(hdev, handle);
4640 if (!conn) {
4641 BT_ERR("unknown handle (%d) in response", handle);
4642 goto unlock;
4643 }
4644
4645 match.conn = conn;
4646 match.mgmt_status = mgmt_status(status);
4647
4648 /* Cache refresh is complete, now reply for mgmt request for given
4649 * connection only.
4650 */
4651 mgmt_pending_foreach(MGMT_OP_GET_CONN_INFO, hdev,
4652 get_conn_info_complete, &match);
4653
4654unlock:
4655 hci_dev_unlock(hdev);
4656}
4657
4658static int get_conn_info(struct sock *sk, struct hci_dev *hdev, void *data,
4659 u16 len)
4660{
4661 struct mgmt_cp_get_conn_info *cp = data;
4662 struct mgmt_rp_get_conn_info rp;
4663 struct hci_conn *conn;
4664 unsigned long conn_info_age;
4665 int err = 0;
4666
4667 BT_DBG("%s", hdev->name);
4668
4669 memset(&rp, 0, sizeof(rp));
4670 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
4671 rp.addr.type = cp->addr.type;
4672
4673 if (!bdaddr_type_is_valid(cp->addr.type))
4674 return cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
4675 MGMT_STATUS_INVALID_PARAMS,
4676 &rp, sizeof(rp));
4677
4678 hci_dev_lock(hdev);
4679
4680 if (!hdev_is_powered(hdev)) {
4681 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
4682 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
4683 goto unlock;
4684 }
4685
4686 if (cp->addr.type == BDADDR_BREDR)
4687 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
4688 &cp->addr.bdaddr);
4689 else
4690 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
4691
4692 if (!conn || conn->state != BT_CONNECTED) {
4693 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
4694 MGMT_STATUS_NOT_CONNECTED, &rp, sizeof(rp));
4695 goto unlock;
4696 }
4697
4698 /* To avoid client trying to guess when to poll again for information we
4699 * calculate conn info age as random value between min/max set in hdev.
4700 */
4701 conn_info_age = hdev->conn_info_min_age +
4702 prandom_u32_max(hdev->conn_info_max_age -
4703 hdev->conn_info_min_age);
4704
4705 /* Query controller to refresh cached values if they are too old or were
4706 * never read.
4707 */
4708 if (time_after(jiffies, conn->conn_info_timestamp + conn_info_age) ||
4709 !conn->conn_info_timestamp) {
4710 struct hci_request req;
4711 struct hci_cp_read_tx_power req_txp_cp;
4712 struct hci_cp_read_rssi req_rssi_cp;
4713 struct pending_cmd *cmd;
4714
4715 hci_req_init(&req, hdev);
4716 req_rssi_cp.handle = cpu_to_le16(conn->handle);
4717 hci_req_add(&req, HCI_OP_READ_RSSI, sizeof(req_rssi_cp),
4718 &req_rssi_cp);
4719
f7faab0c
AK		 4720 /* For LE links TX power does not change thus we don't need to
4721 * query for it once value is known.
4722 */
4723 if (!bdaddr_type_is_le(cp->addr.type) ||
4724 conn->tx_power == HCI_TX_POWER_INVALID) {
4725 req_txp_cp.handle = cpu_to_le16(conn->handle);
4726 req_txp_cp.type = 0x00;
4727 hci_req_add(&req, HCI_OP_READ_TX_POWER,
4728 sizeof(req_txp_cp), &req_txp_cp);
4729 }
dd983808
AK		 4730
4731 err = hci_req_run(&req, conn_info_refresh_complete);
4732 if (err < 0)
4733 goto unlock;
4734
4735 cmd = mgmt_pending_add(sk, MGMT_OP_GET_CONN_INFO, hdev,
4736 data, len);
4737 if (!cmd) {
4738 err = -ENOMEM;
4739 goto unlock;
4740 }
4741
4742 hci_conn_hold(conn);
4743 cmd->user_data = conn;
4744
4745 conn->conn_info_timestamp = jiffies;
4746 } else {
4747 /* Cache is valid, just reply with values cached in hci_conn */
4748 rp.rssi = conn->rssi;
4749 rp.tx_power = conn->tx_power;
4750 rp.max_tx_power = HCI_TX_POWER_INVALID;
4751
4752 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
4753 MGMT_STATUS_SUCCESS, &rp, sizeof(rp));
4754 }
4755
4756unlock:
4757 hci_dev_unlock(hdev);
4758 return err;
4759}
4760
2e3c35ea 4761static const struct mgmt_handler {
04124681
GP		 4762 int (*func) (struct sock *sk, struct hci_dev *hdev, void *data,
4763 u16 data_len);
be22b54e
JH		 4764 bool var_len;
4765 size_t data_len;
0f4e68cf
JH		 4766} mgmt_handlers[] = {
4767 { NULL }, /* 0x0000 (no command) */
be22b54e
JH		 4768 { read_version, false, MGMT_READ_VERSION_SIZE },
4769 { read_commands, false, MGMT_READ_COMMANDS_SIZE },
4770 { read_index_list, false, MGMT_READ_INDEX_LIST_SIZE },
4771 { read_controller_info, false, MGMT_READ_INFO_SIZE },
4772 { set_powered, false, MGMT_SETTING_SIZE },
4773 { set_discoverable, false, MGMT_SET_DISCOVERABLE_SIZE },
4774 { set_connectable, false, MGMT_SETTING_SIZE },
4775 { set_fast_connectable, false, MGMT_SETTING_SIZE },
4776 { set_pairable, false, MGMT_SETTING_SIZE },
4777 { set_link_security, false, MGMT_SETTING_SIZE },
4778 { set_ssp, false, MGMT_SETTING_SIZE },
4779 { set_hs, false, MGMT_SETTING_SIZE },
4780 { set_le, false, MGMT_SETTING_SIZE },
4781 { set_dev_class, false, MGMT_SET_DEV_CLASS_SIZE },
4782 { set_local_name, false, MGMT_SET_LOCAL_NAME_SIZE },
4783 { add_uuid, false, MGMT_ADD_UUID_SIZE },
4784 { remove_uuid, false, MGMT_REMOVE_UUID_SIZE },
4785 { load_link_keys, true, MGMT_LOAD_LINK_KEYS_SIZE },
4786 { load_long_term_keys, true, MGMT_LOAD_LONG_TERM_KEYS_SIZE },
4787 { disconnect, false, MGMT_DISCONNECT_SIZE },
4788 { get_connections, false, MGMT_GET_CONNECTIONS_SIZE },
4789 { pin_code_reply, false, MGMT_PIN_CODE_REPLY_SIZE },
4790 { pin_code_neg_reply, false, MGMT_PIN_CODE_NEG_REPLY_SIZE },
4791 { set_io_capability, false, MGMT_SET_IO_CAPABILITY_SIZE },
4792 { pair_device, false, MGMT_PAIR_DEVICE_SIZE },
4793 { cancel_pair_device, false, MGMT_CANCEL_PAIR_DEVICE_SIZE },
4794 { unpair_device, false, MGMT_UNPAIR_DEVICE_SIZE },
4795 { user_confirm_reply, false, MGMT_USER_CONFIRM_REPLY_SIZE },
4796 { user_confirm_neg_reply, false, MGMT_USER_CONFIRM_NEG_REPLY_SIZE },
4797 { user_passkey_reply, false, MGMT_USER_PASSKEY_REPLY_SIZE },
4798 { user_passkey_neg_reply, false, MGMT_USER_PASSKEY_NEG_REPLY_SIZE },
4799 { read_local_oob_data, false, MGMT_READ_LOCAL_OOB_DATA_SIZE },
ec109113 4800 { add_remote_oob_data, true, MGMT_ADD_REMOTE_OOB_DATA_SIZE },
be22b54e
JH		 4801 { remove_remote_oob_data, false, MGMT_REMOVE_REMOTE_OOB_DATA_SIZE },
4802 { start_discovery, false, MGMT_START_DISCOVERY_SIZE },
4803 { stop_discovery, false, MGMT_STOP_DISCOVERY_SIZE },
4804 { confirm_name, false, MGMT_CONFIRM_NAME_SIZE },
4805 { block_device, false, MGMT_BLOCK_DEVICE_SIZE },
4806 { unblock_device, false, MGMT_UNBLOCK_DEVICE_SIZE },
cdbaccca 4807 { set_device_id, false, MGMT_SET_DEVICE_ID_SIZE },
4375f103 4808 { set_advertising, false, MGMT_SETTING_SIZE },
0663ca2a 4809 { set_bredr, false, MGMT_SETTING_SIZE },
d13eafce 4810 { set_static_address, false, MGMT_SET_STATIC_ADDRESS_SIZE },
14b49b9a 4811 { set_scan_params, false, MGMT_SET_SCAN_PARAMS_SIZE },
eac83dc6 4812 { set_secure_conn, false, MGMT_SETTING_SIZE },
4e39ac81 4813 { set_debug_keys, false, MGMT_SETTING_SIZE },
62b04cd1 4814 { set_privacy, false, MGMT_SET_PRIVACY_SIZE },
41edf160 4815 { load_irks, true, MGMT_LOAD_IRKS_SIZE },
dd983808 4816 { get_conn_info, false, MGMT_GET_CONN_INFO_SIZE },
0f4e68cf
JH		 4817};
4818
4819
0381101f
JH		 4820int mgmt_control(struct sock *sk, struct msghdr *msg, size_t msglen)
4821{
650f726d
VCG		 4822 void *buf;
4823 u8 *cp;
0381101f 4824 struct mgmt_hdr *hdr;
4e51eae9 4825 u16 opcode, index, len;
bdb6d971 4826 struct hci_dev *hdev = NULL;
2e3c35ea 4827 const struct mgmt_handler *handler;
0381101f
JH		 4828 int err;
4829
4830 BT_DBG("got %zu bytes", msglen);
4831
4832 if (msglen < sizeof(*hdr))
4833 return -EINVAL;
4834
e63a15ec 4835 buf = kmalloc(msglen, GFP_KERNEL);
0381101f
JH		 4836 if (!buf)
4837 return -ENOMEM;
4838
4839 if (memcpy_fromiovec(buf, msg->msg_iov, msglen)) {
4840 err = -EFAULT;
4841 goto done;
4842 }
4843
650f726d 4844 hdr = buf;
1f350c87
MH		 4845 opcode = __le16_to_cpu(hdr->opcode);
4846 index = __le16_to_cpu(hdr->index);
4847 len = __le16_to_cpu(hdr->len);
0381101f
JH		 4848
4849 if (len != msglen - sizeof(*hdr)) {
4850 err = -EINVAL;
4851 goto done;
4852 }
4853
0f4e68cf 4854 if (index != MGMT_INDEX_NONE) {
bdb6d971
JH		 4855 hdev = hci_dev_get(index);
4856 if (!hdev) {
4857 err = cmd_status(sk, index, opcode,
04124681 4858 MGMT_STATUS_INVALID_INDEX);
bdb6d971
JH		 4859 goto done;
4860 }
0736cfa8 4861
cebf4cfd
JH		 4862 if (test_bit(HCI_SETUP, &hdev->dev_flags) ||
4863 test_bit(HCI_USER_CHANNEL, &hdev->dev_flags)) {
0736cfa8
MH		 4864 err = cmd_status(sk, index, opcode,
4865 MGMT_STATUS_INVALID_INDEX);
4866 goto done;
4867 }
bdb6d971
JH		 4868 }
4869
0f4e68cf 4870 if (opcode >= ARRAY_SIZE(mgmt_handlers) ||
8ce8e2b5 4871 mgmt_handlers[opcode].func == NULL) {
0381101f 4872 BT_DBG("Unknown op %u", opcode);
ca69b795 4873 err = cmd_status(sk, index, opcode,
04124681 4874 MGMT_STATUS_UNKNOWN_COMMAND);
0f4e68cf
JH		 4875 goto done;
4876 }
4877
4878 if ((hdev && opcode < MGMT_OP_READ_INFO) ||
8ce8e2b5 4879 (!hdev && opcode >= MGMT_OP_READ_INFO)) {
0f4e68cf 4880 err = cmd_status(sk, index, opcode,
04124681 4881 MGMT_STATUS_INVALID_INDEX);
0f4e68cf 4882 goto done;
0381101f
JH		 4883 }
4884
be22b54e
JH		 4885 handler = &mgmt_handlers[opcode];
4886
4887 if ((handler->var_len && len < handler->data_len) ||
8ce8e2b5 4888 (!handler->var_len && len != handler->data_len)) {
be22b54e 4889 err = cmd_status(sk, index, opcode,
04124681 4890 MGMT_STATUS_INVALID_PARAMS);
be22b54e
JH		 4891 goto done;
4892 }
4893
0f4e68cf
JH		 4894 if (hdev)
4895 mgmt_init_hdev(sk, hdev);
4896
4897 cp = buf + sizeof(*hdr);
4898
be22b54e 4899 err = handler->func(sk, hdev, cp, len);
e41d8b4e
JH		 4900 if (err < 0)
4901 goto done;
4902
0381101f
JH		 4903 err = msglen;
4904
4905done:
bdb6d971
JH		 4906 if (hdev)
4907 hci_dev_put(hdev);
4908
0381101f
JH		 4909 kfree(buf);
4910 return err;
4911}
c71e97bf 4912
bf6b56db 4913void mgmt_index_added(struct hci_dev *hdev)
c71e97bf 4914{
1514b892 4915 if (hdev->dev_type != HCI_BREDR)
bf6b56db 4916 return;
bb4b2a9a 4917
bf6b56db 4918 mgmt_event(MGMT_EV_INDEX_ADDED, hdev, NULL, 0, NULL);
c71e97bf
JH		 4919}
4920
bf6b56db 4921void mgmt_index_removed(struct hci_dev *hdev)
c71e97bf 4922{
5f159032 4923 u8 status = MGMT_STATUS_INVALID_INDEX;
b24752fe 4924
1514b892 4925 if (hdev->dev_type != HCI_BREDR)
bf6b56db 4926 return;
bb4b2a9a 4927
744cf19e 4928 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status);
b24752fe 4929
bf6b56db 4930 mgmt_event(MGMT_EV_INDEX_REMOVED, hdev, NULL, 0, NULL);
eec8d2bc
JH		 4931}
4932
6046dc3e
AG		 4933/* This function requires the caller holds hdev->lock */
4934static void restart_le_auto_conns(struct hci_dev *hdev)
4935{
4936 struct hci_conn_params *p;
4937
4938 list_for_each_entry(p, &hdev->le_conn_params, list) {
4939 if (p->auto_connect == HCI_AUTO_CONN_ALWAYS)
4940 hci_pend_le_conn_add(hdev, &p->addr, p->addr_type);
4941 }
4942}
4943
229ab39c
JH		 4944static void powered_complete(struct hci_dev *hdev, u8 status)
4945{
4946 struct cmd_lookup match = { NULL, hdev };
4947
4948 BT_DBG("status 0x%02x", status);
4949
4950 hci_dev_lock(hdev);
4951
6046dc3e
AG		 4952 restart_le_auto_conns(hdev);
4953
229ab39c
JH		 4954 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
4955
4956 new_settings(hdev, match.sk);
4957
4958 hci_dev_unlock(hdev);
4959
4960 if (match.sk)
4961 sock_put(match.sk);
4962}
4963
70da6243 4964static int powered_update_hci(struct hci_dev *hdev)
5add6af8 4965{
890ea898 4966 struct hci_request req;
70da6243 4967 u8 link_sec;
5add6af8 4968
890ea898
JH		 4969 hci_req_init(&req, hdev);
4970
70da6243
JH		 4971 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags) &&
4972 !lmp_host_ssp_capable(hdev)) {
4973 u8 ssp = 1;
5e5282bb 4974
890ea898 4975 hci_req_add(&req, HCI_OP_WRITE_SSP_MODE, 1, &ssp);
70da6243 4976 }
5add6af8 4977
c73eee91
JH		 4978 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags) &&
4979 lmp_bredr_capable(hdev)) {
70da6243 4980 struct hci_cp_write_le_host_supported cp;
f0ff92fb 4981
70da6243
JH		 4982 cp.le = 1;
4983 cp.simul = lmp_le_br_capable(hdev);
3d1cbdd6 4984
70da6243
JH		 4985 /* Check first if we already have the right
4986 * host state (host features set)
4987 */
4988 if (cp.le != lmp_host_le_capable(hdev) ||
4989 cp.simul != lmp_host_le_br_capable(hdev))
890ea898
JH		 4990 hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED,
4991 sizeof(cp), &cp);
70da6243 4992 }
3d1cbdd6 4993
d13eafce 4994 if (lmp_le_capable(hdev)) {
441ad2d0
MH		 4995 /* Make sure the controller has a good default for
4996 * advertising data. This also applies to the case
4997 * where BR/EDR was toggled during the AUTO_OFF phase.
4998 */
f14d8f64 4999 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
5947f4bc 5000 update_adv_data(&req);
f14d8f64
MH		 5001 update_scan_rsp_data(&req);
5002 }
441ad2d0 5003
bba3aa55
MH		 5004 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags))
5005 enable_advertising(&req);
eeca6f89
JH		 5006 }
5007
70da6243
JH		 5008 link_sec = test_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
5009 if (link_sec != test_bit(HCI_AUTH, &hdev->flags))
890ea898
JH		 5010 hci_req_add(&req, HCI_OP_WRITE_AUTH_ENABLE,
5011 sizeof(link_sec), &link_sec);
562fcc24 5012
70da6243 5013 if (lmp_bredr_capable(hdev)) {
56f87901
JH		 5014 if (test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
5015 set_bredr_scan(&req);
890ea898 5016 update_class(&req);
13928971 5017 update_name(&req);
890ea898 5018 update_eir(&req);
70da6243 5019 }
562fcc24 5020
229ab39c 5021 return hci_req_run(&req, powered_complete);
70da6243 5022}
562fcc24 5023
70da6243
JH		 5024int mgmt_powered(struct hci_dev *hdev, u8 powered)
5025{
5026 struct cmd_lookup match = { NULL, hdev };
229ab39c
JH		 5027 u8 status_not_powered = MGMT_STATUS_NOT_POWERED;
5028 u8 zero_cod[] = { 0, 0, 0 };
70da6243 5029 int err;
f0ff92fb 5030
70da6243
JH		 5031 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
5032 return 0;
5033
70da6243 5034 if (powered) {
229ab39c
JH		 5035 if (powered_update_hci(hdev) == 0)
5036 return 0;
fe038884 5037
229ab39c
JH		 5038 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp,
5039 &match);
5040 goto new_settings;
b24752fe
JH		 5041 }
5042
229ab39c
JH		 5043 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
5044 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status_not_powered);
5045
5046 if (memcmp(hdev->dev_class, zero_cod, sizeof(zero_cod)) != 0)
5047 mgmt_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev,
5048 zero_cod, sizeof(zero_cod), NULL);
5049
5050new_settings:
beadb2bd 5051 err = new_settings(hdev, match.sk);
eec8d2bc
JH		 5052
5053 if (match.sk)
5054 sock_put(match.sk);
5055
7bb895d6 5056 return err;
5add6af8 5057}
73f22f62 5058
3eec705e 5059void mgmt_set_powered_failed(struct hci_dev *hdev, int err)
96570ffc
JH		 5060{
5061 struct pending_cmd *cmd;
5062 u8 status;
5063
5064 cmd = mgmt_pending_find(MGMT_OP_SET_POWERED, hdev);
5065 if (!cmd)
3eec705e 5066 return;
96570ffc
JH		 5067
5068 if (err == -ERFKILL)
5069 status = MGMT_STATUS_RFKILLED;
5070 else
5071 status = MGMT_STATUS_FAILED;
5072
3eec705e 5073 cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_POWERED, status);
96570ffc
JH		 5074
5075 mgmt_pending_remove(cmd);
96570ffc
JH		 5076}
5077
d1967ff8
MH		 5078void mgmt_discoverable_timeout(struct hci_dev *hdev)
5079{
5080 struct hci_request req;
d1967ff8
MH		 5081
5082 hci_dev_lock(hdev);
5083
5084 /* When discoverable timeout triggers, then just make sure
5085 * the limited discoverable flag is cleared. Even in the case
5086 * of a timeout triggered from general discoverable, it is
5087 * safe to unconditionally clear the flag.
5088 */
5089 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
9a43e25f 5090 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
d1967ff8
MH		 5091
5092 hci_req_init(&req, hdev);
4b580614
JH		 5093 if (test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
5094 u8 scan = SCAN_PAGE;
5095 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE,
5096 sizeof(scan), &scan);
5097 }
d1967ff8 5098 update_class(&req);
9a43e25f 5099 update_adv_data(&req);
d1967ff8
MH		 5100 hci_req_run(&req, NULL);
5101
5102 hdev->discov_timeout = 0;
5103
9a43e25f
JH		 5104 new_settings(hdev, NULL);
5105
d1967ff8
MH		 5106 hci_dev_unlock(hdev);
5107}
5108
86a75645 5109void mgmt_discoverable(struct hci_dev *hdev, u8 discoverable)
73f22f62 5110{
86a75645 5111 bool changed;
73f22f62 5112
bfaf8c9f
JH		 5113 /* Nothing needed here if there's a pending command since that
5114 * commands request completion callback takes care of everything
5115 * necessary.
5116 */
5117 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev))
86a75645 5118 return;
bfaf8c9f 5119
bd107999
JH		 5120 /* Powering off may clear the scan mode - don't let that interfere */
5121 if (!discoverable && mgmt_pending_find(MGMT_OP_SET_POWERED, hdev))
5122 return;
5123
9a43e25f 5124 if (discoverable) {
86a75645 5125 changed = !test_and_set_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
9a43e25f
JH		 5126 } else {
5127 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
86a75645 5128 changed = test_and_clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
9a43e25f
JH		 5129 }
5130
5131 if (changed) {
5132 struct hci_request req;
5133
5134 /* In case this change in discoverable was triggered by
5135 * a disabling of connectable there could be a need to
5136 * update the advertising flags.
5137 */
5138 hci_req_init(&req, hdev);
5139 update_adv_data(&req);
5140 hci_req_run(&req, NULL);
73f22f62 5141
86a75645 5142 new_settings(hdev, NULL);
9a43e25f 5143 }
73f22f62 5144}
9fbcbb45 5145
a330916c 5146void mgmt_connectable(struct hci_dev *hdev, u8 connectable)
9fbcbb45 5147{
a330916c 5148 bool changed;
9fbcbb45 5149
d7b856f9
JH		 5150 /* Nothing needed here if there's a pending command since that
5151 * commands request completion callback takes care of everything
5152 * necessary.
5153 */
5154 if (mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev))
a330916c 5155 return;
d7b856f9 5156
ce3f24cf
JH		 5157 /* Powering off may clear the scan mode - don't let that interfere */
5158 if (!connectable && mgmt_pending_find(MGMT_OP_SET_POWERED, hdev))
5159 return;
5160
a330916c
MH		 5161 if (connectable)
5162 changed = !test_and_set_bit(HCI_CONNECTABLE, &hdev->dev_flags);
5163 else
5164 changed = test_and_clear_bit(HCI_CONNECTABLE, &hdev->dev_flags);
9fbcbb45 5165
beadb2bd 5166 if (changed)
a330916c 5167 new_settings(hdev, NULL);
9fbcbb45 5168}
55ed8ca1 5169
778b235a
JH		 5170void mgmt_advertising(struct hci_dev *hdev, u8 advertising)
5171{
7c4cfab8
JH		 5172 /* Powering off may stop advertising - don't let that interfere */
5173 if (!advertising && mgmt_pending_find(MGMT_OP_SET_POWERED, hdev))
5174 return;
5175
778b235a
JH		 5176 if (advertising)
5177 set_bit(HCI_ADVERTISING, &hdev->dev_flags);
5178 else
5179 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
5180}
5181
4796e8af 5182void mgmt_write_scan_failed(struct hci_dev *hdev, u8 scan, u8 status)
2d7cee58 5183{
ca69b795
JH		 5184 u8 mgmt_err = mgmt_status(status);
5185
2d7cee58 5186 if (scan & SCAN_PAGE)
744cf19e 5187 mgmt_pending_foreach(MGMT_OP_SET_CONNECTABLE, hdev,
04124681 5188 cmd_status_rsp, &mgmt_err);
2d7cee58
JH		 5189
5190 if (scan & SCAN_INQUIRY)
744cf19e 5191 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, hdev,
04124681 5192 cmd_status_rsp, &mgmt_err);
2d7cee58
JH		 5193}
5194
dc4a5ee2
MH		 5195void mgmt_new_link_key(struct hci_dev *hdev, struct link_key *key,
5196 bool persistent)
55ed8ca1 5197{
86742e1e 5198 struct mgmt_ev_new_link_key ev;
55ed8ca1 5199
a492cd52 5200 memset(&ev, 0, sizeof(ev));
55ed8ca1 5201
a492cd52 5202 ev.store_hint = persistent;
d753fdc4 5203 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
591f47f3 5204 ev.key.addr.type = BDADDR_BREDR;
a492cd52 5205 ev.key.type = key->type;
9b3b4460 5206 memcpy(ev.key.val, key->val, HCI_LINK_KEY_SIZE);
a492cd52 5207 ev.key.pin_len = key->pin_len;
55ed8ca1 5208
dc4a5ee2 5209 mgmt_event(MGMT_EV_NEW_LINK_KEY, hdev, &ev, sizeof(ev), NULL);
55ed8ca1 5210}
f7520543 5211
53ac6ab6 5212void mgmt_new_ltk(struct hci_dev *hdev, struct smp_ltk *key, bool persistent)
346af67b
VCG		 5213{
5214 struct mgmt_ev_new_long_term_key ev;
5215
5216 memset(&ev, 0, sizeof(ev));
5217
5192d301
MH		 5218 /* Devices using resolvable or non-resolvable random addresses
5219 * without providing an indentity resolving key don't require
5220 * to store long term keys. Their addresses will change the
5221 * next time around.
5222 *
5223 * Only when a remote device provides an identity address
5224 * make sure the long term key is stored. If the remote
5225 * identity is known, the long term keys are internally
5226 * mapped to the identity address. So allow static random
5227 * and public addresses here.
5228 */
ba74b666
JH		 5229 if (key->bdaddr_type == ADDR_LE_DEV_RANDOM &&
5230 (key->bdaddr.b[5] & 0xc0) != 0xc0)
5231 ev.store_hint = 0x00;
5232 else
53ac6ab6 5233 ev.store_hint = persistent;
ba74b666 5234
346af67b 5235 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
57c1477c 5236 ev.key.addr.type = link_to_bdaddr(LE_LINK, key->bdaddr_type);
d40f3eef 5237 ev.key.type = key->authenticated;
346af67b
VCG		 5238 ev.key.enc_size = key->enc_size;
5239 ev.key.ediv = key->ediv;
fe39c7b2 5240 ev.key.rand = key->rand;
346af67b
VCG		 5241
5242 if (key->type == HCI_SMP_LTK)
5243 ev.key.master = 1;
5244
346af67b
VCG		 5245 memcpy(ev.key.val, key->val, sizeof(key->val));
5246
083368f7 5247 mgmt_event(MGMT_EV_NEW_LONG_TERM_KEY, hdev, &ev, sizeof(ev), NULL);
346af67b
VCG		 5248}
5249
95fbac8a
JH		 5250void mgmt_new_irk(struct hci_dev *hdev, struct smp_irk *irk)
5251{
5252 struct mgmt_ev_new_irk ev;
5253
5254 memset(&ev, 0, sizeof(ev));
5255
bab6d1e5
MH		 5256 /* For identity resolving keys from devices that are already
5257 * using a public address or static random address, do not
5258 * ask for storing this key. The identity resolving key really
5259 * is only mandatory for devices using resovlable random
5260 * addresses.
5261 *
5262 * Storing all identity resolving keys has the downside that
5263 * they will be also loaded on next boot of they system. More
5264 * identity resolving keys, means more time during scanning is
5265 * needed to actually resolve these addresses.
5266 */
5267 if (bacmp(&irk->rpa, BDADDR_ANY))
5268 ev.store_hint = 0x01;
5269 else
5270 ev.store_hint = 0x00;
5271
95fbac8a
JH		 5272 bacpy(&ev.rpa, &irk->rpa);
5273 bacpy(&ev.irk.addr.bdaddr, &irk->bdaddr);
5274 ev.irk.addr.type = link_to_bdaddr(LE_LINK, irk->addr_type);
5275 memcpy(ev.irk.val, irk->val, sizeof(irk->val));
5276
5277 mgmt_event(MGMT_EV_NEW_IRK, hdev, &ev, sizeof(ev), NULL);
5278}
5279
53ac6ab6
MH		 5280void mgmt_new_csrk(struct hci_dev *hdev, struct smp_csrk *csrk,
5281 bool persistent)
7ee4ea36
MH		 5282{
5283 struct mgmt_ev_new_csrk ev;
5284
5285 memset(&ev, 0, sizeof(ev));
5286
5287 /* Devices using resolvable or non-resolvable random addresses
5288 * without providing an indentity resolving key don't require
5289 * to store signature resolving keys. Their addresses will change
5290 * the next time around.
5291 *
5292 * Only when a remote device provides an identity address
5293 * make sure the signature resolving key is stored. So allow
5294 * static random and public addresses here.
5295 */
5296 if (csrk->bdaddr_type == ADDR_LE_DEV_RANDOM &&
5297 (csrk->bdaddr.b[5] & 0xc0) != 0xc0)
5298 ev.store_hint = 0x00;
5299 else
53ac6ab6 5300 ev.store_hint = persistent;
7ee4ea36
MH		 5301
5302 bacpy(&ev.key.addr.bdaddr, &csrk->bdaddr);
5303 ev.key.addr.type = link_to_bdaddr(LE_LINK, csrk->bdaddr_type);
5304 ev.key.master = csrk->master;
5305 memcpy(ev.key.val, csrk->val, sizeof(csrk->val));
5306
5307 mgmt_event(MGMT_EV_NEW_CSRK, hdev, &ev, sizeof(ev), NULL);
5308}
5309
94933991
MH		 5310static inline u16 eir_append_data(u8 *eir, u16 eir_len, u8 type, u8 *data,
5311 u8 data_len)
5312{
5313 eir[eir_len++] = sizeof(type) + data_len;
5314 eir[eir_len++] = type;
5315 memcpy(&eir[eir_len], data, data_len);
5316 eir_len += data_len;
5317
5318 return eir_len;
5319}
5320
ecd90ae7
MH		 5321void mgmt_device_connected(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
5322 u8 addr_type, u32 flags, u8 *name, u8 name_len,
5323 u8 *dev_class)
f7520543 5324{
b644ba33
JH		 5325 char buf[512];
5326 struct mgmt_ev_device_connected *ev = (void *) buf;
5327 u16 eir_len = 0;
f7520543 5328
b644ba33 5329 bacpy(&ev->addr.bdaddr, bdaddr);
57c1477c 5330 ev->addr.type = link_to_bdaddr(link_type, addr_type);
f7520543 5331
c95f0ba7 5332 ev->flags = __cpu_to_le32(flags);
08c79b61 5333
b644ba33
JH		 5334 if (name_len > 0)
5335 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE,
04124681 5336 name, name_len);
b644ba33
JH		 5337
5338 if (dev_class && memcmp(dev_class, "\0\0\0", 3) != 0)
53156385 5339 eir_len = eir_append_data(ev->eir, eir_len,
04124681 5340 EIR_CLASS_OF_DEV, dev_class, 3);
b644ba33 5341
eb55ef07 5342 ev->eir_len = cpu_to_le16(eir_len);
b644ba33 5343
ecd90ae7
MH		 5344 mgmt_event(MGMT_EV_DEVICE_CONNECTED, hdev, buf,
5345 sizeof(*ev) + eir_len, NULL);
f7520543
JH		 5346}
5347
8962ee74
JH		 5348static void disconnect_rsp(struct pending_cmd *cmd, void *data)
5349{
c68fb7ff 5350 struct mgmt_cp_disconnect *cp = cmd->param;
8962ee74 5351 struct sock **sk = data;
a38528f1 5352 struct mgmt_rp_disconnect rp;
8962ee74 5353
88c3df13
JH		 5354 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
5355 rp.addr.type = cp->addr.type;
8962ee74 5356
aee9b218 5357 cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT, 0, &rp,
04124681 5358 sizeof(rp));
8962ee74
JH		 5359
5360 *sk = cmd->sk;
5361 sock_hold(*sk);
5362
a664b5bc 5363 mgmt_pending_remove(cmd);
8962ee74
JH		 5364}
5365
124f6e35 5366static void unpair_device_rsp(struct pending_cmd *cmd, void *data)
a8a1d19e 5367{
b1078ad0 5368 struct hci_dev *hdev = data;
124f6e35
JH		 5369 struct mgmt_cp_unpair_device *cp = cmd->param;
5370 struct mgmt_rp_unpair_device rp;
a8a1d19e
JH		 5371
5372 memset(&rp, 0, sizeof(rp));
124f6e35
JH		 5373 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
5374 rp.addr.type = cp->addr.type;
a8a1d19e 5375
b1078ad0
JH		 5376 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, cmd->sk);
5377
aee9b218 5378 cmd_complete(cmd->sk, cmd->index, cmd->opcode, 0, &rp, sizeof(rp));
a8a1d19e
JH		 5379
5380 mgmt_pending_remove(cmd);
5381}
5382
9b80ec5e 5383void mgmt_device_disconnected(struct hci_dev *hdev, bdaddr_t *bdaddr,
12d4a3b2
JH		 5384 u8 link_type, u8 addr_type, u8 reason,
5385 bool mgmt_connected)
f7520543 5386{
f0d6a0ea 5387 struct mgmt_ev_device_disconnected ev;
8b064a3a 5388 struct pending_cmd *power_off;
8962ee74 5389 struct sock *sk = NULL;
8962ee74 5390
8b064a3a
JH		 5391 power_off = mgmt_pending_find(MGMT_OP_SET_POWERED, hdev);
5392 if (power_off) {
5393 struct mgmt_mode *cp = power_off->param;
5394
5395 /* The connection is still in hci_conn_hash so test for 1
5396 * instead of 0 to know if this is the last one.
5397 */
a3172b7e
JH		 5398 if (!cp->val && hci_conn_count(hdev) == 1) {
5399 cancel_delayed_work(&hdev->power_off);
8b064a3a 5400 queue_work(hdev->req_workqueue, &hdev->power_off.work);
a3172b7e 5401 }
8b064a3a
JH		 5402 }
5403
12d4a3b2
JH		 5404 if (!mgmt_connected)
5405 return;
5406
57eb776f
AG		 5407 if (link_type != ACL_LINK && link_type != LE_LINK)
5408 return;
5409
744cf19e 5410 mgmt_pending_foreach(MGMT_OP_DISCONNECT, hdev, disconnect_rsp, &sk);
f7520543 5411
f0d6a0ea
MA		 5412 bacpy(&ev.addr.bdaddr, bdaddr);
5413 ev.addr.type = link_to_bdaddr(link_type, addr_type);
5414 ev.reason = reason;
f7520543 5415
9b80ec5e 5416 mgmt_event(MGMT_EV_DEVICE_DISCONNECTED, hdev, &ev, sizeof(ev), sk);
8962ee74
JH		 5417
5418 if (sk)
d97dcb66 5419 sock_put(sk);
8962ee74 5420
124f6e35 5421 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
04124681 5422 hdev);
8962ee74
JH		 5423}
5424
7892924c
MH		 5425void mgmt_disconnect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr,
5426 u8 link_type, u8 addr_type, u8 status)
8962ee74 5427{
3655bba8
AG		 5428 u8 bdaddr_type = link_to_bdaddr(link_type, addr_type);
5429 struct mgmt_cp_disconnect *cp;
88c3df13 5430 struct mgmt_rp_disconnect rp;
8962ee74 5431 struct pending_cmd *cmd;
8962ee74 5432
36a75f1b
JD		 5433 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
5434 hdev);
5435
2e58ef3e 5436 cmd = mgmt_pending_find(MGMT_OP_DISCONNECT, hdev);
8962ee74 5437 if (!cmd)
7892924c 5438 return;
8962ee74 5439
3655bba8
AG		 5440 cp = cmd->param;
5441
5442 if (bacmp(bdaddr, &cp->addr.bdaddr))
5443 return;
5444
5445 if (cp->addr.type != bdaddr_type)
5446 return;
5447
88c3df13 5448 bacpy(&rp.addr.bdaddr, bdaddr);
3655bba8 5449 rp.addr.type = bdaddr_type;
37d9ef76 5450
7892924c
MH		 5451 cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT,
5452 mgmt_status(status), &rp, sizeof(rp));
8962ee74 5453
a664b5bc 5454 mgmt_pending_remove(cmd);
f7520543 5455}
17d5c04c 5456
445608d0
MH		 5457void mgmt_connect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
5458 u8 addr_type, u8 status)
17d5c04c
JH		 5459{
5460 struct mgmt_ev_connect_failed ev;
c9910d0f
JH		 5461 struct pending_cmd *power_off;
5462
5463 power_off = mgmt_pending_find(MGMT_OP_SET_POWERED, hdev);
5464 if (power_off) {
5465 struct mgmt_mode *cp = power_off->param;
5466
5467 /* The connection is still in hci_conn_hash so test for 1
5468 * instead of 0 to know if this is the last one.
5469 */
a3172b7e
JH		 5470 if (!cp->val && hci_conn_count(hdev) == 1) {
5471 cancel_delayed_work(&hdev->power_off);
c9910d0f 5472 queue_work(hdev->req_workqueue, &hdev->power_off.work);
a3172b7e 5473 }
c9910d0f 5474 }
17d5c04c 5475
4c659c39 5476 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 5477 ev.addr.type = link_to_bdaddr(link_type, addr_type);
ca69b795 5478 ev.status = mgmt_status(status);
17d5c04c 5479
445608d0 5480 mgmt_event(MGMT_EV_CONNECT_FAILED, hdev, &ev, sizeof(ev), NULL);
17d5c04c 5481}
980e1a53 5482
ce0e4a0d 5483void mgmt_pin_code_request(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 secure)
980e1a53
JH		 5484{
5485 struct mgmt_ev_pin_code_request ev;
5486
d8457698 5487 bacpy(&ev.addr.bdaddr, bdaddr);
591f47f3 5488 ev.addr.type = BDADDR_BREDR;
a770bb5a 5489 ev.secure = secure;
980e1a53 5490
ce0e4a0d 5491 mgmt_event(MGMT_EV_PIN_CODE_REQUEST, hdev, &ev, sizeof(ev), NULL);
980e1a53
JH		 5492}
5493
e669cf80
MH		 5494void mgmt_pin_code_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
5495 u8 status)
980e1a53
JH		 5496{
5497 struct pending_cmd *cmd;
ac56fb13 5498 struct mgmt_rp_pin_code_reply rp;
980e1a53 5499
2e58ef3e 5500 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_REPLY, hdev);
980e1a53 5501 if (!cmd)
e669cf80 5502 return;
980e1a53 5503
d8457698 5504 bacpy(&rp.addr.bdaddr, bdaddr);
591f47f3 5505 rp.addr.type = BDADDR_BREDR;
ac56fb13 5506
e669cf80
MH		 5507 cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
5508 mgmt_status(status), &rp, sizeof(rp));
980e1a53 5509
a664b5bc 5510 mgmt_pending_remove(cmd);
980e1a53
JH		 5511}
5512
3eb38528
MH		 5513void mgmt_pin_code_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
5514 u8 status)
980e1a53
JH		 5515{
5516 struct pending_cmd *cmd;
ac56fb13 5517 struct mgmt_rp_pin_code_reply rp;
980e1a53 5518
2e58ef3e 5519 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_NEG_REPLY, hdev);
980e1a53 5520 if (!cmd)
3eb38528 5521 return;
980e1a53 5522
d8457698 5523 bacpy(&rp.addr.bdaddr, bdaddr);
591f47f3 5524 rp.addr.type = BDADDR_BREDR;
ac56fb13 5525
3eb38528
MH		 5526 cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_NEG_REPLY,
5527 mgmt_status(status), &rp, sizeof(rp));
980e1a53 5528
a664b5bc 5529 mgmt_pending_remove(cmd);
980e1a53 5530}
a5c29683 5531
744cf19e 5532int mgmt_user_confirm_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
39adbffe 5533 u8 link_type, u8 addr_type, u32 value,
04124681 5534 u8 confirm_hint)
a5c29683
JH		 5535{
5536 struct mgmt_ev_user_confirm_request ev;
5537
744cf19e 5538 BT_DBG("%s", hdev->name);
a5c29683 5539
272d90df 5540 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 5541 ev.addr.type = link_to_bdaddr(link_type, addr_type);
55bc1a37 5542 ev.confirm_hint = confirm_hint;
39adbffe 5543 ev.value = cpu_to_le32(value);
a5c29683 5544
744cf19e 5545 return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST, hdev, &ev, sizeof(ev),
04124681 5546 NULL);
a5c29683
JH		 5547}
5548
272d90df 5549int mgmt_user_passkey_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
8ce8e2b5 5550 u8 link_type, u8 addr_type)
604086b7
BG		 5551{
5552 struct mgmt_ev_user_passkey_request ev;
5553
5554 BT_DBG("%s", hdev->name);
5555
272d90df 5556 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 5557 ev.addr.type = link_to_bdaddr(link_type, addr_type);
604086b7
BG		 5558
5559 return mgmt_event(MGMT_EV_USER_PASSKEY_REQUEST, hdev, &ev, sizeof(ev),
04124681 5560 NULL);
604086b7
BG		 5561}
5562
0df4c185 5563static int user_pairing_resp_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
8ce8e2b5
GP		 5564 u8 link_type, u8 addr_type, u8 status,
5565 u8 opcode)
a5c29683
JH		 5566{
5567 struct pending_cmd *cmd;
5568 struct mgmt_rp_user_confirm_reply rp;
5569 int err;
5570
2e58ef3e 5571 cmd = mgmt_pending_find(opcode, hdev);
a5c29683
JH		 5572 if (!cmd)
5573 return -ENOENT;
5574
272d90df 5575 bacpy(&rp.addr.bdaddr, bdaddr);
57c1477c 5576 rp.addr.type = link_to_bdaddr(link_type, addr_type);
aee9b218 5577 err = cmd_complete(cmd->sk, hdev->id, opcode, mgmt_status(status),
04124681 5578 &rp, sizeof(rp));
a5c29683 5579
a664b5bc 5580 mgmt_pending_remove(cmd);
a5c29683
JH		 5581
5582 return err;
5583}
5584
744cf19e 5585int mgmt_user_confirm_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 5586 u8 link_type, u8 addr_type, u8 status)
a5c29683 5587{
272d90df 5588 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
04124681 5589 status, MGMT_OP_USER_CONFIRM_REPLY);
a5c29683
JH		 5590}
5591
272d90df 5592int mgmt_user_confirm_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 5593 u8 link_type, u8 addr_type, u8 status)
a5c29683 5594{
272d90df 5595 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
8fc9ced3
GP		 5596 status,
5597 MGMT_OP_USER_CONFIRM_NEG_REPLY);
a5c29683 5598}
2a611692 5599
604086b7 5600int mgmt_user_passkey_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 5601 u8 link_type, u8 addr_type, u8 status)
604086b7 5602{
272d90df 5603 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
04124681 5604 status, MGMT_OP_USER_PASSKEY_REPLY);
604086b7
BG		 5605}
5606
272d90df 5607int mgmt_user_passkey_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 5608 u8 link_type, u8 addr_type, u8 status)
604086b7 5609{
272d90df 5610 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
8fc9ced3
GP		 5611 status,
5612 MGMT_OP_USER_PASSKEY_NEG_REPLY);
604086b7
BG		 5613}
5614
92a25256
JH		 5615int mgmt_user_passkey_notify(struct hci_dev *hdev, bdaddr_t *bdaddr,
5616 u8 link_type, u8 addr_type, u32 passkey,
5617 u8 entered)
5618{
5619 struct mgmt_ev_passkey_notify ev;
5620
5621 BT_DBG("%s", hdev->name);
5622
5623 bacpy(&ev.addr.bdaddr, bdaddr);
5624 ev.addr.type = link_to_bdaddr(link_type, addr_type);
5625 ev.passkey = __cpu_to_le32(passkey);
5626 ev.entered = entered;
5627
5628 return mgmt_event(MGMT_EV_PASSKEY_NOTIFY, hdev, &ev, sizeof(ev), NULL);
5629}
5630
e546099c
MH		 5631void mgmt_auth_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
5632 u8 addr_type, u8 status)
2a611692
JH		 5633{
5634 struct mgmt_ev_auth_failed ev;
5635
bab73cb6 5636 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 5637 ev.addr.type = link_to_bdaddr(link_type, addr_type);
ca69b795 5638 ev.status = mgmt_status(status);
2a611692 5639
e546099c 5640 mgmt_event(MGMT_EV_AUTH_FAILED, hdev, &ev, sizeof(ev), NULL);
2a611692 5641}
b312b161 5642
464996ae 5643void mgmt_auth_enable_complete(struct hci_dev *hdev, u8 status)
33ef95ed
JH		 5644{
5645 struct cmd_lookup match = { NULL, hdev };
464996ae 5646 bool changed;
33ef95ed
JH		 5647
5648 if (status) {
5649 u8 mgmt_err = mgmt_status(status);
5650 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev,
04124681 5651 cmd_status_rsp, &mgmt_err);
464996ae 5652 return;
33ef95ed
JH		 5653 }
5654
464996ae
MH		 5655 if (test_bit(HCI_AUTH, &hdev->flags))
5656 changed = !test_and_set_bit(HCI_LINK_SECURITY,
5657 &hdev->dev_flags);
5658 else
5659 changed = test_and_clear_bit(HCI_LINK_SECURITY,
5660 &hdev->dev_flags);
47990ea0 5661
33ef95ed 5662 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev, settings_rsp,
04124681 5663 &match);
33ef95ed 5664
47990ea0 5665 if (changed)
464996ae 5666 new_settings(hdev, match.sk);
33ef95ed
JH		 5667
5668 if (match.sk)
5669 sock_put(match.sk);
33ef95ed
JH		 5670}
5671
890ea898 5672static void clear_eir(struct hci_request *req)
cacaf52f 5673{
890ea898 5674 struct hci_dev *hdev = req->hdev;
cacaf52f
JH		 5675 struct hci_cp_write_eir cp;
5676
976eb20e 5677 if (!lmp_ext_inq_capable(hdev))
890ea898 5678 return;
cacaf52f 5679
c80da27e
JH		 5680 memset(hdev->eir, 0, sizeof(hdev->eir));
5681
cacaf52f
JH		 5682 memset(&cp, 0, sizeof(cp));
5683
890ea898 5684 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
cacaf52f
JH		 5685}
5686
3e248560 5687void mgmt_ssp_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
ed2c4ee3
JH		 5688{
5689 struct cmd_lookup match = { NULL, hdev };
890ea898 5690 struct hci_request req;
c0ecddc2 5691 bool changed = false;
ed2c4ee3
JH		 5692
5693 if (status) {
5694 u8 mgmt_err = mgmt_status(status);
c0ecddc2
JH		 5695
5696 if (enable && test_and_clear_bit(HCI_SSP_ENABLED,
9ecb3e24
MH		 5697 &hdev->dev_flags)) {
5698 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
3e248560 5699 new_settings(hdev, NULL);
9ecb3e24 5700 }
c0ecddc2 5701
04124681
GP		 5702 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, cmd_status_rsp,
5703 &mgmt_err);
3e248560 5704 return;
c0ecddc2
JH		 5705 }
5706
5707 if (enable) {
9ecb3e24 5708 changed = !test_and_set_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
c0ecddc2 5709 } else {
9ecb3e24
MH		 5710 changed = test_and_clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
5711 if (!changed)
5712 changed = test_and_clear_bit(HCI_HS_ENABLED,
5713 &hdev->dev_flags);
5714 else
5715 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
ed2c4ee3
JH		 5716 }
5717
5718 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, settings_rsp, &match);
5719
c0ecddc2 5720 if (changed)
3e248560 5721 new_settings(hdev, match.sk);
ed2c4ee3 5722
5fc6ebb1 5723 if (match.sk)
ed2c4ee3
JH		 5724 sock_put(match.sk);
5725
890ea898
JH		 5726 hci_req_init(&req, hdev);
5727
5fc6ebb1 5728 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
890ea898 5729 update_eir(&req);
5fc6ebb1 5730 else
890ea898
JH		 5731 clear_eir(&req);
5732
5733 hci_req_run(&req, NULL);
ed2c4ee3
JH		 5734}
5735
eac83dc6
MH		 5736void mgmt_sc_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
5737{
5738 struct cmd_lookup match = { NULL, hdev };
5739 bool changed = false;
5740
5741 if (status) {
5742 u8 mgmt_err = mgmt_status(status);
5743
0ab04a9c
MH		 5744 if (enable) {
5745 if (test_and_clear_bit(HCI_SC_ENABLED,
5746 &hdev->dev_flags))
5747 new_settings(hdev, NULL);
5748 clear_bit(HCI_SC_ONLY, &hdev->dev_flags);
5749 }
eac83dc6
MH		 5750
5751 mgmt_pending_foreach(MGMT_OP_SET_SECURE_CONN, hdev,
5752 cmd_status_rsp, &mgmt_err);
5753 return;
5754 }
5755
0ab04a9c 5756 if (enable) {
eac83dc6 5757 changed = !test_and_set_bit(HCI_SC_ENABLED, &hdev->dev_flags);
0ab04a9c 5758 } else {
eac83dc6 5759 changed = test_and_clear_bit(HCI_SC_ENABLED, &hdev->dev_flags);
0ab04a9c
MH		 5760 clear_bit(HCI_SC_ONLY, &hdev->dev_flags);
5761 }
eac83dc6
MH		 5762
5763 mgmt_pending_foreach(MGMT_OP_SET_SECURE_CONN, hdev,
5764 settings_rsp, &match);
5765
5766 if (changed)
5767 new_settings(hdev, match.sk);
5768
5769 if (match.sk)
5770 sock_put(match.sk);
5771}
5772
92da6097 5773static void sk_lookup(struct pending_cmd *cmd, void *data)
90e70454
JH		 5774{
5775 struct cmd_lookup *match = data;
5776
90e70454
JH		 5777 if (match->sk == NULL) {
5778 match->sk = cmd->sk;
5779 sock_hold(match->sk);
5780 }
90e70454
JH		 5781}
5782
4e1b0245
MH		 5783void mgmt_set_class_of_dev_complete(struct hci_dev *hdev, u8 *dev_class,
5784 u8 status)
7f9a903c 5785{
90e70454 5786 struct cmd_lookup match = { NULL, hdev, mgmt_status(status) };
7f9a903c 5787
92da6097
JH		 5788 mgmt_pending_foreach(MGMT_OP_SET_DEV_CLASS, hdev, sk_lookup, &match);
5789 mgmt_pending_foreach(MGMT_OP_ADD_UUID, hdev, sk_lookup, &match);
5790 mgmt_pending_foreach(MGMT_OP_REMOVE_UUID, hdev, sk_lookup, &match);
90e70454
JH		 5791
5792 if (!status)
4e1b0245
MH		 5793 mgmt_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev, dev_class, 3,
5794 NULL);
90e70454
JH		 5795
5796 if (match.sk)
5797 sock_put(match.sk);
7f9a903c
MH		 5798}
5799
7667da34 5800void mgmt_set_local_name_complete(struct hci_dev *hdev, u8 *name, u8 status)
b312b161 5801{
b312b161 5802 struct mgmt_cp_set_local_name ev;
13928971 5803 struct pending_cmd *cmd;
28cc7bde 5804
13928971 5805 if (status)
7667da34 5806 return;
b312b161
JH		 5807
5808 memset(&ev, 0, sizeof(ev));
5809 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH);
28cc7bde 5810 memcpy(ev.short_name, hdev->short_name, HCI_MAX_SHORT_NAME_LENGTH);
b312b161 5811
2e58ef3e 5812 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
13928971
JH		 5813 if (!cmd) {
5814 memcpy(hdev->dev_name, name, sizeof(hdev->dev_name));
28cc7bde 5815
13928971
JH		 5816 /* If this is a HCI command related to powering on the
5817 * HCI dev don't send any mgmt signals.
5818 */
5819 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev))
7667da34 5820 return;
890ea898 5821 }
b312b161 5822
7667da34
MH		 5823 mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, &ev, sizeof(ev),
5824 cmd ? cmd->sk : NULL);
b312b161 5825}
c35938b2 5826
4d2d2796
MH		 5827void mgmt_read_local_oob_data_complete(struct hci_dev *hdev, u8 *hash192,
5828 u8 *randomizer192, u8 *hash256,
5829 u8 *randomizer256, u8 status)
c35938b2
SJ		 5830{
5831 struct pending_cmd *cmd;
c35938b2 5832
744cf19e 5833 BT_DBG("%s status %u", hdev->name, status);
c35938b2 5834
2e58ef3e 5835 cmd = mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev);
c35938b2 5836 if (!cmd)
3edaf092 5837 return;
c35938b2
SJ		 5838
5839 if (status) {
3edaf092
MH		 5840 cmd_status(cmd->sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
5841 mgmt_status(status));
c35938b2 5842 } else {
4d2d2796
MH		 5843 if (test_bit(HCI_SC_ENABLED, &hdev->dev_flags) &&
5844 hash256 && randomizer256) {
5845 struct mgmt_rp_read_local_oob_ext_data rp;
5846
5847 memcpy(rp.hash192, hash192, sizeof(rp.hash192));
5848 memcpy(rp.randomizer192, randomizer192,
5849 sizeof(rp.randomizer192));
c35938b2 5850
4d2d2796
MH		 5851 memcpy(rp.hash256, hash256, sizeof(rp.hash256));
5852 memcpy(rp.randomizer256, randomizer256,
5853 sizeof(rp.randomizer256));
c35938b2 5854
4d2d2796
MH		 5855 cmd_complete(cmd->sk, hdev->id,
5856 MGMT_OP_READ_LOCAL_OOB_DATA, 0,
5857 &rp, sizeof(rp));
5858 } else {
5859 struct mgmt_rp_read_local_oob_data rp;
5860
5861 memcpy(rp.hash, hash192, sizeof(rp.hash));
5862 memcpy(rp.randomizer, randomizer192,
5863 sizeof(rp.randomizer));
5864
5865 cmd_complete(cmd->sk, hdev->id,
5866 MGMT_OP_READ_LOCAL_OOB_DATA, 0,
5867 &rp, sizeof(rp));
5868 }
c35938b2
SJ		 5869 }
5870
5871 mgmt_pending_remove(cmd);
c35938b2 5872}
e17acd40 5873
901801b9 5874void mgmt_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
73cf71d9
JH		 5875 u8 addr_type, u8 *dev_class, s8 rssi, u8 cfm_name,
5876 u8 ssp, u8 *eir, u16 eir_len, u8 *scan_rsp,
5d2e9fad 5877 u8 scan_rsp_len)
e17acd40 5878{
e319d2e7
JH		 5879 char buf[512];
5880 struct mgmt_ev_device_found *ev = (void *) buf;
5cedbb8d 5881 struct smp_irk *irk;
1dc06093 5882 size_t ev_size;
e17acd40 5883
12602d0c 5884 if (!hci_discovery_active(hdev))
901801b9 5885 return;
12602d0c 5886
5d2e9fad
JH		 5887 /* Make sure that the buffer is big enough. The 5 extra bytes
5888 * are for the potential CoD field.
5889 */
5890 if (sizeof(*ev) + eir_len + scan_rsp_len + 5 > sizeof(buf))
901801b9 5891 return;
7d262f86 5892
1dc06093
JH		 5893 memset(buf, 0, sizeof(buf));
5894
5cedbb8d
JH		 5895 irk = hci_get_irk(hdev, bdaddr, addr_type);
5896 if (irk) {
5897 bacpy(&ev->addr.bdaddr, &irk->bdaddr);
5898 ev->addr.type = link_to_bdaddr(link_type, irk->addr_type);
5899 } else {
5900 bacpy(&ev->addr.bdaddr, bdaddr);
5901 ev->addr.type = link_to_bdaddr(link_type, addr_type);
5902 }
5903
e319d2e7 5904 ev->rssi = rssi;
9a395a80 5905 if (cfm_name)
dcf4adbf 5906 ev->flags |= cpu_to_le32(MGMT_DEV_FOUND_CONFIRM_NAME);
388fc8fa 5907 if (!ssp)
dcf4adbf 5908 ev->flags |= cpu_to_le32(MGMT_DEV_FOUND_LEGACY_PAIRING);
e17acd40 5909
1dc06093 5910 if (eir_len > 0)
e319d2e7 5911 memcpy(ev->eir, eir, eir_len);
e17acd40 5912
1dc06093
JH		 5913 if (dev_class && !eir_has_data_type(ev->eir, eir_len, EIR_CLASS_OF_DEV))
5914 eir_len = eir_append_data(ev->eir, eir_len, EIR_CLASS_OF_DEV,
04124681 5915 dev_class, 3);
1dc06093 5916
5d2e9fad
JH		 5917 if (scan_rsp_len > 0)
5918 memcpy(ev->eir + eir_len, scan_rsp, scan_rsp_len);
5919
5920 ev->eir_len = cpu_to_le16(eir_len + scan_rsp_len);
5921 ev_size = sizeof(*ev) + eir_len + scan_rsp_len;
f8523598 5922
901801b9 5923 mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, ev_size, NULL);
e17acd40 5924}
a88a9652 5925
9cf12aee
MH		 5926void mgmt_remote_name(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
5927 u8 addr_type, s8 rssi, u8 *name, u8 name_len)
a88a9652 5928{
b644ba33
JH		 5929 struct mgmt_ev_device_found *ev;
5930 char buf[sizeof(*ev) + HCI_MAX_NAME_LENGTH + 2];
5931 u16 eir_len;
a88a9652 5932
b644ba33 5933 ev = (struct mgmt_ev_device_found *) buf;
a88a9652 5934
b644ba33
JH		 5935 memset(buf, 0, sizeof(buf));
5936
5937 bacpy(&ev->addr.bdaddr, bdaddr);
57c1477c 5938 ev->addr.type = link_to_bdaddr(link_type, addr_type);
b644ba33
JH		 5939 ev->rssi = rssi;
5940
5941 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE, name,
04124681 5942 name_len);
b644ba33 5943
eb55ef07 5944 ev->eir_len = cpu_to_le16(eir_len);
a88a9652 5945
9cf12aee 5946 mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, sizeof(*ev) + eir_len, NULL);
a88a9652 5947}
314b2381 5948
2f1e063b 5949void mgmt_discovering(struct hci_dev *hdev, u8 discovering)
314b2381 5950{
f963e8e9 5951 struct mgmt_ev_discovering ev;
164a6e78
JH		 5952 struct pending_cmd *cmd;
5953
343fb145
AG		 5954 BT_DBG("%s discovering %u", hdev->name, discovering);
5955
164a6e78 5956 if (discovering)
2e58ef3e 5957 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
164a6e78 5958 else
2e58ef3e 5959 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
164a6e78
JH		 5960
5961 if (cmd != NULL) {
f808e166
JH		 5962 u8 type = hdev->discovery.type;
5963
04124681
GP		 5964 cmd_complete(cmd->sk, hdev->id, cmd->opcode, 0, &type,
5965 sizeof(type));
164a6e78
JH		 5966 mgmt_pending_remove(cmd);
5967 }
5968
f963e8e9
JH		 5969 memset(&ev, 0, sizeof(ev));
5970 ev.type = hdev->discovery.type;
5971 ev.discovering = discovering;
5972
2f1e063b 5973 mgmt_event(MGMT_EV_DISCOVERING, hdev, &ev, sizeof(ev), NULL);
314b2381 5974}
5e762444 5975
88c1fe4b 5976int mgmt_device_blocked(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
5e762444
AJ		 5977{
5978 struct pending_cmd *cmd;
5979 struct mgmt_ev_device_blocked ev;
5980
2e58ef3e 5981 cmd = mgmt_pending_find(MGMT_OP_BLOCK_DEVICE, hdev);
5e762444 5982
88c1fe4b
JH		 5983 bacpy(&ev.addr.bdaddr, bdaddr);
5984 ev.addr.type = type;
5e762444 5985
744cf19e 5986 return mgmt_event(MGMT_EV_DEVICE_BLOCKED, hdev, &ev, sizeof(ev),
04124681 5987 cmd ? cmd->sk : NULL);
5e762444
AJ		 5988}
5989
88c1fe4b 5990int mgmt_device_unblocked(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
5e762444
AJ		 5991{
5992 struct pending_cmd *cmd;
5993 struct mgmt_ev_device_unblocked ev;
5994
2e58ef3e 5995 cmd = mgmt_pending_find(MGMT_OP_UNBLOCK_DEVICE, hdev);
5e762444 5996
88c1fe4b
JH		 5997 bacpy(&ev.addr.bdaddr, bdaddr);
5998 ev.addr.type = type;
5e762444 5999
744cf19e 6000 return mgmt_event(MGMT_EV_DEVICE_UNBLOCKED, hdev, &ev, sizeof(ev),
04124681 6001 cmd ? cmd->sk : NULL);
5e762444 6002}
5976e608
MH		 6003
6004static void adv_enable_complete(struct hci_dev *hdev, u8 status)
6005{
6006 BT_DBG("%s status %u", hdev->name, status);
6007
6008 /* Clear the advertising mgmt setting if we failed to re-enable it */
6009 if (status) {
6010 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
a6d811ed 6011 new_settings(hdev, NULL);
5976e608
MH		 6012 }
6013}
6014
6015void mgmt_reenable_advertising(struct hci_dev *hdev)
6016{
6017 struct hci_request req;
6018
b145edcd 6019 if (hci_conn_num(hdev, LE_LINK) > 0)
5976e608
MH		 6020 return;
6021
6022 if (!test_bit(HCI_ADVERTISING, &hdev->dev_flags))
6023 return;
6024
6025 hci_req_init(&req, hdev);
6026 enable_advertising(&req);
6027
6028 /* If this fails we have no option but to let user space know
6029 * that we've disabled advertising.
6030 */
6031 if (hci_req_run(&req, adv_enable_complete) < 0) {
6032 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
a6d811ed 6033 new_settings(hdev, NULL);
5976e608
MH		 6034 }
6035}
Linux kernel - Deliverables
This page took 0.634664 seconds and 5 git commands to generate.