projects / deliverable / linux.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Bluetooth: Add new mgmt setting for LE advertising
[deliverable/linux.git] / net / bluetooth / mgmt.c
CommitLineData
0381101f
JH		 1/*
2 BlueZ - Bluetooth protocol stack for Linux
ea585ab5 3
0381101f 4 Copyright (C) 2010 Nokia Corporation
ea585ab5 5 Copyright (C) 2011-2012 Intel Corporation
0381101f
JH		 6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
10
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
23*/
24
25/* Bluetooth HCI Management interface */
26
3a9a231d 27#include <linux/module.h>
0381101f
JH		 28#include <asm/unaligned.h>
29
30#include <net/bluetooth/bluetooth.h>
31#include <net/bluetooth/hci_core.h>
32#include <net/bluetooth/mgmt.h>
5fe57d9e 33#include <net/bluetooth/smp.h>
0381101f 34
d7b7e796 35bool enable_hs;
d7b7e796 36
2da9c55c 37#define MGMT_VERSION 1
3810285c 38#define MGMT_REVISION 3
02d98129 39
e70bb2e8
JH		 40static const u16 mgmt_commands[] = {
41 MGMT_OP_READ_INDEX_LIST,
42 MGMT_OP_READ_INFO,
43 MGMT_OP_SET_POWERED,
44 MGMT_OP_SET_DISCOVERABLE,
45 MGMT_OP_SET_CONNECTABLE,
46 MGMT_OP_SET_FAST_CONNECTABLE,
47 MGMT_OP_SET_PAIRABLE,
48 MGMT_OP_SET_LINK_SECURITY,
49 MGMT_OP_SET_SSP,
50 MGMT_OP_SET_HS,
51 MGMT_OP_SET_LE,
52 MGMT_OP_SET_DEV_CLASS,
53 MGMT_OP_SET_LOCAL_NAME,
54 MGMT_OP_ADD_UUID,
55 MGMT_OP_REMOVE_UUID,
56 MGMT_OP_LOAD_LINK_KEYS,
57 MGMT_OP_LOAD_LONG_TERM_KEYS,
58 MGMT_OP_DISCONNECT,
59 MGMT_OP_GET_CONNECTIONS,
60 MGMT_OP_PIN_CODE_REPLY,
61 MGMT_OP_PIN_CODE_NEG_REPLY,
62 MGMT_OP_SET_IO_CAPABILITY,
63 MGMT_OP_PAIR_DEVICE,
64 MGMT_OP_CANCEL_PAIR_DEVICE,
65 MGMT_OP_UNPAIR_DEVICE,
66 MGMT_OP_USER_CONFIRM_REPLY,
67 MGMT_OP_USER_CONFIRM_NEG_REPLY,
68 MGMT_OP_USER_PASSKEY_REPLY,
69 MGMT_OP_USER_PASSKEY_NEG_REPLY,
70 MGMT_OP_READ_LOCAL_OOB_DATA,
71 MGMT_OP_ADD_REMOTE_OOB_DATA,
72 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
73 MGMT_OP_START_DISCOVERY,
74 MGMT_OP_STOP_DISCOVERY,
75 MGMT_OP_CONFIRM_NAME,
76 MGMT_OP_BLOCK_DEVICE,
77 MGMT_OP_UNBLOCK_DEVICE,
cdbaccca 78 MGMT_OP_SET_DEVICE_ID,
e70bb2e8
JH		 79};
80
81static const u16 mgmt_events[] = {
82 MGMT_EV_CONTROLLER_ERROR,
83 MGMT_EV_INDEX_ADDED,
84 MGMT_EV_INDEX_REMOVED,
85 MGMT_EV_NEW_SETTINGS,
86 MGMT_EV_CLASS_OF_DEV_CHANGED,
87 MGMT_EV_LOCAL_NAME_CHANGED,
88 MGMT_EV_NEW_LINK_KEY,
89 MGMT_EV_NEW_LONG_TERM_KEY,
90 MGMT_EV_DEVICE_CONNECTED,
91 MGMT_EV_DEVICE_DISCONNECTED,
92 MGMT_EV_CONNECT_FAILED,
93 MGMT_EV_PIN_CODE_REQUEST,
94 MGMT_EV_USER_CONFIRM_REQUEST,
95 MGMT_EV_USER_PASSKEY_REQUEST,
96 MGMT_EV_AUTH_FAILED,
97 MGMT_EV_DEVICE_FOUND,
98 MGMT_EV_DISCOVERING,
99 MGMT_EV_DEVICE_BLOCKED,
100 MGMT_EV_DEVICE_UNBLOCKED,
101 MGMT_EV_DEVICE_UNPAIRED,
92a25256 102 MGMT_EV_PASSKEY_NOTIFY,
e70bb2e8
JH		 103};
104
17b02e62 105#define CACHE_TIMEOUT msecs_to_jiffies(2 * 1000)
7d78525d 106
4b34ee78
JH		 107#define hdev_is_powered(hdev) (test_bit(HCI_UP, &hdev->flags) && \
108 !test_bit(HCI_AUTO_OFF, &hdev->dev_flags))
109
eec8d2bc
JH		 110struct pending_cmd {
111 struct list_head list;
fc2f4b13 112 u16 opcode;
eec8d2bc 113 int index;
c68fb7ff 114 void *param;
eec8d2bc 115 struct sock *sk;
e9a416b5 116 void *user_data;
eec8d2bc
JH		 117};
118
ca69b795
JH		 119/* HCI to MGMT error code conversion table */
120static u8 mgmt_status_table[] = {
121 MGMT_STATUS_SUCCESS,
122 MGMT_STATUS_UNKNOWN_COMMAND, /* Unknown Command */
123 MGMT_STATUS_NOT_CONNECTED, /* No Connection */
124 MGMT_STATUS_FAILED, /* Hardware Failure */
125 MGMT_STATUS_CONNECT_FAILED, /* Page Timeout */
126 MGMT_STATUS_AUTH_FAILED, /* Authentication Failed */
127 MGMT_STATUS_NOT_PAIRED, /* PIN or Key Missing */
128 MGMT_STATUS_NO_RESOURCES, /* Memory Full */
129 MGMT_STATUS_TIMEOUT, /* Connection Timeout */
130 MGMT_STATUS_NO_RESOURCES, /* Max Number of Connections */
131 MGMT_STATUS_NO_RESOURCES, /* Max Number of SCO Connections */
132 MGMT_STATUS_ALREADY_CONNECTED, /* ACL Connection Exists */
133 MGMT_STATUS_BUSY, /* Command Disallowed */
134 MGMT_STATUS_NO_RESOURCES, /* Rejected Limited Resources */
135 MGMT_STATUS_REJECTED, /* Rejected Security */
136 MGMT_STATUS_REJECTED, /* Rejected Personal */
137 MGMT_STATUS_TIMEOUT, /* Host Timeout */
138 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Feature */
139 MGMT_STATUS_INVALID_PARAMS, /* Invalid Parameters */
140 MGMT_STATUS_DISCONNECTED, /* OE User Ended Connection */
141 MGMT_STATUS_NO_RESOURCES, /* OE Low Resources */
142 MGMT_STATUS_DISCONNECTED, /* OE Power Off */
143 MGMT_STATUS_DISCONNECTED, /* Connection Terminated */
144 MGMT_STATUS_BUSY, /* Repeated Attempts */
145 MGMT_STATUS_REJECTED, /* Pairing Not Allowed */
146 MGMT_STATUS_FAILED, /* Unknown LMP PDU */
147 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Remote Feature */
148 MGMT_STATUS_REJECTED, /* SCO Offset Rejected */
149 MGMT_STATUS_REJECTED, /* SCO Interval Rejected */
150 MGMT_STATUS_REJECTED, /* Air Mode Rejected */
151 MGMT_STATUS_INVALID_PARAMS, /* Invalid LMP Parameters */
152 MGMT_STATUS_FAILED, /* Unspecified Error */
153 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported LMP Parameter Value */
154 MGMT_STATUS_FAILED, /* Role Change Not Allowed */
155 MGMT_STATUS_TIMEOUT, /* LMP Response Timeout */
156 MGMT_STATUS_FAILED, /* LMP Error Transaction Collision */
157 MGMT_STATUS_FAILED, /* LMP PDU Not Allowed */
158 MGMT_STATUS_REJECTED, /* Encryption Mode Not Accepted */
159 MGMT_STATUS_FAILED, /* Unit Link Key Used */
160 MGMT_STATUS_NOT_SUPPORTED, /* QoS Not Supported */
161 MGMT_STATUS_TIMEOUT, /* Instant Passed */
162 MGMT_STATUS_NOT_SUPPORTED, /* Pairing Not Supported */
163 MGMT_STATUS_FAILED, /* Transaction Collision */
164 MGMT_STATUS_INVALID_PARAMS, /* Unacceptable Parameter */
165 MGMT_STATUS_REJECTED, /* QoS Rejected */
166 MGMT_STATUS_NOT_SUPPORTED, /* Classification Not Supported */
167 MGMT_STATUS_REJECTED, /* Insufficient Security */
168 MGMT_STATUS_INVALID_PARAMS, /* Parameter Out Of Range */
169 MGMT_STATUS_BUSY, /* Role Switch Pending */
170 MGMT_STATUS_FAILED, /* Slot Violation */
171 MGMT_STATUS_FAILED, /* Role Switch Failed */
172 MGMT_STATUS_INVALID_PARAMS, /* EIR Too Large */
173 MGMT_STATUS_NOT_SUPPORTED, /* Simple Pairing Not Supported */
174 MGMT_STATUS_BUSY, /* Host Busy Pairing */
175 MGMT_STATUS_REJECTED, /* Rejected, No Suitable Channel */
176 MGMT_STATUS_BUSY, /* Controller Busy */
177 MGMT_STATUS_INVALID_PARAMS, /* Unsuitable Connection Interval */
178 MGMT_STATUS_TIMEOUT, /* Directed Advertising Timeout */
179 MGMT_STATUS_AUTH_FAILED, /* Terminated Due to MIC Failure */
180 MGMT_STATUS_CONNECT_FAILED, /* Connection Establishment Failed */
181 MGMT_STATUS_CONNECT_FAILED, /* MAC Connection Failed */
182};
183
bb4b2a9a
AE		 184bool mgmt_valid_hdev(struct hci_dev *hdev)
185{
186 return hdev->dev_type == HCI_BREDR;
187}
188
ca69b795
JH		 189static u8 mgmt_status(u8 hci_status)
190{
191 if (hci_status < ARRAY_SIZE(mgmt_status_table))
192 return mgmt_status_table[hci_status];
193
194 return MGMT_STATUS_FAILED;
195}
196
4e51eae9 197static int cmd_status(struct sock *sk, u16 index, u16 cmd, u8 status)
f7b64e69
JH		 198{
199 struct sk_buff *skb;
200 struct mgmt_hdr *hdr;
201 struct mgmt_ev_cmd_status *ev;
56b7d137 202 int err;
f7b64e69 203
34eb525c 204 BT_DBG("sock %p, index %u, cmd %u, status %u", sk, index, cmd, status);
f7b64e69 205
790eff44 206 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev), GFP_KERNEL);
f7b64e69
JH		 207 if (!skb)
208 return -ENOMEM;
209
210 hdr = (void *) skb_put(skb, sizeof(*hdr));
211
612dfce9 212 hdr->opcode = __constant_cpu_to_le16(MGMT_EV_CMD_STATUS);
4e51eae9 213 hdr->index = cpu_to_le16(index);
f7b64e69
JH		 214 hdr->len = cpu_to_le16(sizeof(*ev));
215
216 ev = (void *) skb_put(skb, sizeof(*ev));
217 ev->status = status;
eb55ef07 218 ev->opcode = cpu_to_le16(cmd);
f7b64e69 219
56b7d137
GP		 220 err = sock_queue_rcv_skb(sk, skb);
221 if (err < 0)
f7b64e69
JH		 222 kfree_skb(skb);
223
56b7d137 224 return err;
f7b64e69
JH		 225}
226
aee9b218 227static int cmd_complete(struct sock *sk, u16 index, u16 cmd, u8 status,
04124681 228 void *rp, size_t rp_len)
02d98129
JH		 229{
230 struct sk_buff *skb;
231 struct mgmt_hdr *hdr;
232 struct mgmt_ev_cmd_complete *ev;
56b7d137 233 int err;
02d98129
JH		 234
235 BT_DBG("sock %p", sk);
236
790eff44 237 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev) + rp_len, GFP_KERNEL);
02d98129
JH		 238 if (!skb)
239 return -ENOMEM;
240
241 hdr = (void *) skb_put(skb, sizeof(*hdr));
02d98129 242
612dfce9 243 hdr->opcode = __constant_cpu_to_le16(MGMT_EV_CMD_COMPLETE);
4e51eae9 244 hdr->index = cpu_to_le16(index);
a38528f1 245 hdr->len = cpu_to_le16(sizeof(*ev) + rp_len);
02d98129 246
a38528f1 247 ev = (void *) skb_put(skb, sizeof(*ev) + rp_len);
eb55ef07 248 ev->opcode = cpu_to_le16(cmd);
aee9b218 249 ev->status = status;
8020c16a
SJ		 250
251 if (rp)
252 memcpy(ev->data, rp, rp_len);
02d98129 253
56b7d137
GP		 254 err = sock_queue_rcv_skb(sk, skb);
255 if (err < 0)
02d98129
JH		 256 kfree_skb(skb);
257
e5f0e151 258 return err;
02d98129
JH		 259}
260
04124681
GP		 261static int read_version(struct sock *sk, struct hci_dev *hdev, void *data,
262 u16 data_len)
a38528f1
JH		 263{
264 struct mgmt_rp_read_version rp;
265
266 BT_DBG("sock %p", sk);
267
268 rp.version = MGMT_VERSION;
eb55ef07 269 rp.revision = __constant_cpu_to_le16(MGMT_REVISION);
a38528f1 270
aee9b218 271 return cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_VERSION, 0, &rp,
04124681 272 sizeof(rp));
a38528f1
JH		 273}
274
04124681
GP		 275static int read_commands(struct sock *sk, struct hci_dev *hdev, void *data,
276 u16 data_len)
e70bb2e8
JH		 277{
278 struct mgmt_rp_read_commands *rp;
eb55ef07
MH		 279 const u16 num_commands = ARRAY_SIZE(mgmt_commands);
280 const u16 num_events = ARRAY_SIZE(mgmt_events);
2e3c35ea 281 __le16 *opcode;
e70bb2e8
JH		 282 size_t rp_size;
283 int i, err;
284
285 BT_DBG("sock %p", sk);
286
287 rp_size = sizeof(*rp) + ((num_commands + num_events) * sizeof(u16));
288
289 rp = kmalloc(rp_size, GFP_KERNEL);
290 if (!rp)
291 return -ENOMEM;
292
eb55ef07
MH		 293 rp->num_commands = __constant_cpu_to_le16(num_commands);
294 rp->num_events = __constant_cpu_to_le16(num_events);
e70bb2e8
JH		 295
296 for (i = 0, opcode = rp->opcodes; i < num_commands; i++, opcode++)
297 put_unaligned_le16(mgmt_commands[i], opcode);
298
299 for (i = 0; i < num_events; i++, opcode++)
300 put_unaligned_le16(mgmt_events[i], opcode);
301
aee9b218 302 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_COMMANDS, 0, rp,
04124681 303 rp_size);
e70bb2e8
JH		 304 kfree(rp);
305
306 return err;
307}
308
04124681
GP		 309static int read_index_list(struct sock *sk, struct hci_dev *hdev, void *data,
310 u16 data_len)
faba42eb 311{
faba42eb 312 struct mgmt_rp_read_index_list *rp;
8035ded4 313 struct hci_dev *d;
a38528f1 314 size_t rp_len;
faba42eb 315 u16 count;
476e44cb 316 int err;
faba42eb
JH		 317
318 BT_DBG("sock %p", sk);
319
320 read_lock(&hci_dev_list_lock);
321
322 count = 0;
bb4b2a9a
AE		 323 list_for_each_entry(d, &hci_dev_list, list) {
324 if (!mgmt_valid_hdev(d))
325 continue;
326
faba42eb
JH		 327 count++;
328 }
329
a38528f1
JH		 330 rp_len = sizeof(*rp) + (2 * count);
331 rp = kmalloc(rp_len, GFP_ATOMIC);
332 if (!rp) {
b2c60d42 333 read_unlock(&hci_dev_list_lock);
faba42eb 334 return -ENOMEM;
b2c60d42 335 }
faba42eb 336
476e44cb 337 count = 0;
8035ded4 338 list_for_each_entry(d, &hci_dev_list, list) {
a8b2d5c2 339 if (test_bit(HCI_SETUP, &d->dev_flags))
ab81cbf9
JH		 340 continue;
341
0736cfa8
MH		 342 if (test_bit(HCI_USER_CHANNEL, &d->dev_flags))
343 continue;
344
bb4b2a9a
AE		 345 if (!mgmt_valid_hdev(d))
346 continue;
347
476e44cb 348 rp->index[count++] = cpu_to_le16(d->id);
faba42eb
JH		 349 BT_DBG("Added hci%u", d->id);
350 }
351
476e44cb
JH		 352 rp->num_controllers = cpu_to_le16(count);
353 rp_len = sizeof(*rp) + (2 * count);
354
faba42eb
JH		 355 read_unlock(&hci_dev_list_lock);
356
aee9b218 357 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_INDEX_LIST, 0, rp,
04124681 358 rp_len);
faba42eb 359
a38528f1
JH		 360 kfree(rp);
361
362 return err;
faba42eb
JH		 363}
364
69ab39ea
JH		 365static u32 get_supported_settings(struct hci_dev *hdev)
366{
367 u32 settings = 0;
368
369 settings |= MGMT_SETTING_POWERED;
69ab39ea
JH		 370 settings |= MGMT_SETTING_PAIRABLE;
371
9a1a1996 372 if (lmp_ssp_capable(hdev))
69ab39ea
JH		 373 settings |= MGMT_SETTING_SSP;
374
ed3fa31f 375 if (lmp_bredr_capable(hdev)) {
33c525c0 376 settings |= MGMT_SETTING_CONNECTABLE;
1a47aee8
JH		 377 if (hdev->hci_ver >= BLUETOOTH_VER_1_2)
378 settings |= MGMT_SETTING_FAST_CONNECTABLE;
33c525c0 379 settings |= MGMT_SETTING_DISCOVERABLE;
69ab39ea
JH		 380 settings |= MGMT_SETTING_BREDR;
381 settings |= MGMT_SETTING_LINK_SECURITY;
382 }
383
d7b7e796
MH		 384 if (enable_hs)
385 settings |= MGMT_SETTING_HS;
386
eeca6f89 387 if (lmp_le_capable(hdev)) {
9d42820f 388 settings |= MGMT_SETTING_LE;
eeca6f89
JH		 389 settings |= MGMT_SETTING_ADVERTISING;
390 }
69ab39ea
JH		 391
392 return settings;
393}
394
395static u32 get_current_settings(struct hci_dev *hdev)
396{
397 u32 settings = 0;
398
f1f0eb02 399 if (hdev_is_powered(hdev))
f0d4b78a
MH		 400 settings |= MGMT_SETTING_POWERED;
401
5e5282bb 402 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
69ab39ea
JH		 403 settings |= MGMT_SETTING_CONNECTABLE;
404
1a4d3c4b
JH		 405 if (test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags))
406 settings |= MGMT_SETTING_FAST_CONNECTABLE;
407
5e5282bb 408 if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
69ab39ea
JH		 409 settings |= MGMT_SETTING_DISCOVERABLE;
410
a8b2d5c2 411 if (test_bit(HCI_PAIRABLE, &hdev->dev_flags))
69ab39ea
JH		 412 settings |= MGMT_SETTING_PAIRABLE;
413
ed3fa31f 414 if (lmp_bredr_capable(hdev))
69ab39ea
JH		 415 settings |= MGMT_SETTING_BREDR;
416
06199cf8 417 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
69ab39ea
JH		 418 settings |= MGMT_SETTING_LE;
419
47990ea0 420 if (test_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
69ab39ea
JH		 421 settings |= MGMT_SETTING_LINK_SECURITY;
422
84bde9d6 423 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
69ab39ea
JH		 424 settings |= MGMT_SETTING_SSP;
425
6d80dfd0
JH		 426 if (test_bit(HCI_HS_ENABLED, &hdev->dev_flags))
427 settings |= MGMT_SETTING_HS;
428
eeca6f89
JH		 429 if (test_bit(HCI_LE_PERIPHERAL, &hdev->dev_flags))
430 settings |= MGMT_SETTING_ADVERTISING;
431
69ab39ea
JH		 432 return settings;
433}
434
ef580372
JH		 435#define PNP_INFO_SVCLASS_ID 0x1200
436
213202ed
JH		 437static u8 *create_uuid16_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
438{
439 u8 *ptr = data, *uuids_start = NULL;
440 struct bt_uuid *uuid;
441
442 if (len < 4)
443 return ptr;
444
445 list_for_each_entry(uuid, &hdev->uuids, list) {
446 u16 uuid16;
447
448 if (uuid->size != 16)
449 continue;
450
451 uuid16 = get_unaligned_le16(&uuid->uuid[12]);
452 if (uuid16 < 0x1100)
453 continue;
454
455 if (uuid16 == PNP_INFO_SVCLASS_ID)
456 continue;
457
458 if (!uuids_start) {
459 uuids_start = ptr;
460 uuids_start[0] = 1;
461 uuids_start[1] = EIR_UUID16_ALL;
462 ptr += 2;
463 }
464
465 /* Stop if not enough space to put next UUID */
466 if ((ptr - data) + sizeof(u16) > len) {
467 uuids_start[1] = EIR_UUID16_SOME;
468 break;
469 }
470
471 *ptr++ = (uuid16 & 0x00ff);
472 *ptr++ = (uuid16 & 0xff00) >> 8;
473 uuids_start[0] += sizeof(uuid16);
474 }
475
476 return ptr;
477}
478
cdf1963f
JH		 479static u8 *create_uuid32_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
480{
481 u8 *ptr = data, *uuids_start = NULL;
482 struct bt_uuid *uuid;
483
484 if (len < 6)
485 return ptr;
486
487 list_for_each_entry(uuid, &hdev->uuids, list) {
488 if (uuid->size != 32)
489 continue;
490
491 if (!uuids_start) {
492 uuids_start = ptr;
493 uuids_start[0] = 1;
494 uuids_start[1] = EIR_UUID32_ALL;
495 ptr += 2;
496 }
497
498 /* Stop if not enough space to put next UUID */
499 if ((ptr - data) + sizeof(u32) > len) {
500 uuids_start[1] = EIR_UUID32_SOME;
501 break;
502 }
503
504 memcpy(ptr, &uuid->uuid[12], sizeof(u32));
505 ptr += sizeof(u32);
506 uuids_start[0] += sizeof(u32);
507 }
508
509 return ptr;
510}
511
c00d575b
JH		 512static u8 *create_uuid128_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
513{
514 u8 *ptr = data, *uuids_start = NULL;
515 struct bt_uuid *uuid;
516
517 if (len < 18)
518 return ptr;
519
520 list_for_each_entry(uuid, &hdev->uuids, list) {
521 if (uuid->size != 128)
522 continue;
523
524 if (!uuids_start) {
525 uuids_start = ptr;
526 uuids_start[0] = 1;
527 uuids_start[1] = EIR_UUID128_ALL;
528 ptr += 2;
529 }
530
531 /* Stop if not enough space to put next UUID */
532 if ((ptr - data) + 16 > len) {
533 uuids_start[1] = EIR_UUID128_SOME;
534 break;
535 }
536
537 memcpy(ptr, uuid->uuid, 16);
538 ptr += 16;
539 uuids_start[0] += 16;
540 }
541
542 return ptr;
543}
544
ef580372
JH		 545static void create_eir(struct hci_dev *hdev, u8 *data)
546{
547 u8 *ptr = data;
ef580372
JH		 548 size_t name_len;
549
550 name_len = strlen(hdev->dev_name);
551
552 if (name_len > 0) {
553 /* EIR Data type */
554 if (name_len > 48) {
555 name_len = 48;
556 ptr[1] = EIR_NAME_SHORT;
557 } else
558 ptr[1] = EIR_NAME_COMPLETE;
559
560 /* EIR Data length */
561 ptr[0] = name_len + 1;
562
563 memcpy(ptr + 2, hdev->dev_name, name_len);
564
ef580372
JH		 565 ptr += (name_len + 2);
566 }
567
bbaf444a 568 if (hdev->inq_tx_power != HCI_TX_POWER_INVALID) {
91c4e9b1
MH		 569 ptr[0] = 2;
570 ptr[1] = EIR_TX_POWER;
571 ptr[2] = (u8) hdev->inq_tx_power;
572
91c4e9b1
MH		 573 ptr += 3;
574 }
575
2b9be137
MH		 576 if (hdev->devid_source > 0) {
577 ptr[0] = 9;
578 ptr[1] = EIR_DEVICE_ID;
579
580 put_unaligned_le16(hdev->devid_source, ptr + 2);
581 put_unaligned_le16(hdev->devid_vendor, ptr + 4);
582 put_unaligned_le16(hdev->devid_product, ptr + 6);
583 put_unaligned_le16(hdev->devid_version, ptr + 8);
584
2b9be137
MH		 585 ptr += 10;
586 }
587
213202ed 588 ptr = create_uuid16_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
cdf1963f 589 ptr = create_uuid32_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
c00d575b 590 ptr = create_uuid128_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
ef580372
JH		 591}
592
890ea898 593static void update_eir(struct hci_request *req)
ef580372 594{
890ea898 595 struct hci_dev *hdev = req->hdev;
ef580372
JH		 596 struct hci_cp_write_eir cp;
597
504c8dcd 598 if (!hdev_is_powered(hdev))
890ea898 599 return;
7770c4aa 600
976eb20e 601 if (!lmp_ext_inq_capable(hdev))
890ea898 602 return;
ef580372 603
84bde9d6 604 if (!test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
890ea898 605 return;
ef580372 606
a8b2d5c2 607 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
890ea898 608 return;
ef580372
JH		 609
610 memset(&cp, 0, sizeof(cp));
611
612 create_eir(hdev, cp.data);
613
614 if (memcmp(cp.data, hdev->eir, sizeof(cp.data)) == 0)
890ea898 615 return;
ef580372
JH		 616
617 memcpy(hdev->eir, cp.data, sizeof(cp.data));
618
890ea898 619 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
ef580372
JH		 620}
621
622static u8 get_service_classes(struct hci_dev *hdev)
623{
624 struct bt_uuid *uuid;
625 u8 val = 0;
626
627 list_for_each_entry(uuid, &hdev->uuids, list)
628 val |= uuid->svc_hint;
629
630 return val;
631}
632
890ea898 633static void update_class(struct hci_request *req)
ef580372 634{
890ea898 635 struct hci_dev *hdev = req->hdev;
ef580372
JH		 636 u8 cod[3];
637
638 BT_DBG("%s", hdev->name);
639
504c8dcd 640 if (!hdev_is_powered(hdev))
890ea898 641 return;
7770c4aa 642
a8b2d5c2 643 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
890ea898 644 return;
ef580372
JH		 645
646 cod[0] = hdev->minor_class;
647 cod[1] = hdev->major_class;
648 cod[2] = get_service_classes(hdev);
649
650 if (memcmp(cod, hdev->dev_class, 3) == 0)
890ea898 651 return;
ef580372 652
890ea898 653 hci_req_add(req, HCI_OP_WRITE_CLASS_OF_DEV, sizeof(cod), cod);
ef580372
JH		 654}
655
7d78525d
JH		 656static void service_cache_off(struct work_struct *work)
657{
658 struct hci_dev *hdev = container_of(work, struct hci_dev,
04124681 659 service_cache.work);
890ea898 660 struct hci_request req;
7d78525d 661
a8b2d5c2 662 if (!test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
7d78525d
JH		 663 return;
664
890ea898
JH		 665 hci_req_init(&req, hdev);
666
7d78525d
JH		 667 hci_dev_lock(hdev);
668
890ea898
JH		 669 update_eir(&req);
670 update_class(&req);
7d78525d
JH		 671
672 hci_dev_unlock(hdev);
890ea898
JH		 673
674 hci_req_run(&req, NULL);
7d78525d
JH		 675}
676
6a919082 677static void mgmt_init_hdev(struct sock *sk, struct hci_dev *hdev)
7d78525d 678{
4f87da80 679 if (test_and_set_bit(HCI_MGMT, &hdev->dev_flags))
6a919082
JH		 680 return;
681
4f87da80 682 INIT_DELAYED_WORK(&hdev->service_cache, service_cache_off);
7d78525d 683
4f87da80
JH		 684 /* Non-mgmt controlled devices get this bit set
685 * implicitly so that pairing works for them, however
686 * for mgmt we require user-space to explicitly enable
687 * it
688 */
689 clear_bit(HCI_PAIRABLE, &hdev->dev_flags);
7d78525d
JH		 690}
691
0f4e68cf 692static int read_controller_info(struct sock *sk, struct hci_dev *hdev,
04124681 693 void *data, u16 data_len)
0381101f 694{
a38528f1 695 struct mgmt_rp_read_info rp;
f7b64e69 696
bdb6d971 697 BT_DBG("sock %p %s", sk, hdev->name);
f7b64e69 698
09fd0de5 699 hci_dev_lock(hdev);
f7b64e69 700
dc4fe30b
JH		 701 memset(&rp, 0, sizeof(rp));
702
69ab39ea 703 bacpy(&rp.bdaddr, &hdev->bdaddr);
f7b64e69 704
69ab39ea 705 rp.version = hdev->hci_ver;
eb55ef07 706 rp.manufacturer = cpu_to_le16(hdev->manufacturer);
69ab39ea
JH		 707
708 rp.supported_settings = cpu_to_le32(get_supported_settings(hdev));
709 rp.current_settings = cpu_to_le32(get_current_settings(hdev));
f7b64e69 710
a38528f1 711 memcpy(rp.dev_class, hdev->dev_class, 3);
f7b64e69 712
dc4fe30b 713 memcpy(rp.name, hdev->dev_name, sizeof(hdev->dev_name));
27fcc362 714 memcpy(rp.short_name, hdev->short_name, sizeof(hdev->short_name));
dc4fe30b 715
09fd0de5 716 hci_dev_unlock(hdev);
0381101f 717
bdb6d971 718 return cmd_complete(sk, hdev->id, MGMT_OP_READ_INFO, 0, &rp,
04124681 719 sizeof(rp));
0381101f
JH		 720}
721
eec8d2bc
JH		 722static void mgmt_pending_free(struct pending_cmd *cmd)
723{
724 sock_put(cmd->sk);
c68fb7ff 725 kfree(cmd->param);
eec8d2bc
JH		 726 kfree(cmd);
727}
728
366a0336 729static struct pending_cmd *mgmt_pending_add(struct sock *sk, u16 opcode,
04124681
GP		 730 struct hci_dev *hdev, void *data,
731 u16 len)
eec8d2bc
JH		 732{
733 struct pending_cmd *cmd;
734
12b94565 735 cmd = kmalloc(sizeof(*cmd), GFP_KERNEL);
eec8d2bc 736 if (!cmd)
366a0336 737 return NULL;
eec8d2bc
JH		 738
739 cmd->opcode = opcode;
2e58ef3e 740 cmd->index = hdev->id;
eec8d2bc 741
12b94565 742 cmd->param = kmalloc(len, GFP_KERNEL);
c68fb7ff 743 if (!cmd->param) {
eec8d2bc 744 kfree(cmd);
366a0336 745 return NULL;
eec8d2bc
JH		 746 }
747
8fce6357
SJ		 748 if (data)
749 memcpy(cmd->param, data, len);
eec8d2bc
JH		 750
751 cmd->sk = sk;
752 sock_hold(sk);
753
2e58ef3e 754 list_add(&cmd->list, &hdev->mgmt_pending);
eec8d2bc 755
366a0336 756 return cmd;
eec8d2bc
JH		 757}
758
744cf19e 759static void mgmt_pending_foreach(u16 opcode, struct hci_dev *hdev,
8fc9ced3
GP		 760 void (*cb)(struct pending_cmd *cmd,
761 void *data),
04124681 762 void *data)
eec8d2bc 763{
a3d09356 764 struct pending_cmd *cmd, *tmp;
eec8d2bc 765
a3d09356 766 list_for_each_entry_safe(cmd, tmp, &hdev->mgmt_pending, list) {
b24752fe 767 if (opcode > 0 && cmd->opcode != opcode)
eec8d2bc
JH		 768 continue;
769
eec8d2bc
JH		 770 cb(cmd, data);
771 }
772}
773
2e58ef3e 774static struct pending_cmd *mgmt_pending_find(u16 opcode, struct hci_dev *hdev)
eec8d2bc 775{
8035ded4 776 struct pending_cmd *cmd;
eec8d2bc 777
2e58ef3e 778 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
2aeabcbe
JH		 779 if (cmd->opcode == opcode)
780 return cmd;
eec8d2bc
JH		 781 }
782
783 return NULL;
784}
785
a664b5bc 786static void mgmt_pending_remove(struct pending_cmd *cmd)
73f22f62 787{
73f22f62
JH		 788 list_del(&cmd->list);
789 mgmt_pending_free(cmd);
790}
791
69ab39ea 792static int send_settings_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
8680570b 793{
69ab39ea 794 __le32 settings = cpu_to_le32(get_current_settings(hdev));
8680570b 795
aee9b218 796 return cmd_complete(sk, hdev->id, opcode, 0, &settings,
04124681 797 sizeof(settings));
8680570b
JH		 798}
799
bdb6d971 800static int set_powered(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 801 u16 len)
eec8d2bc 802{
650f726d 803 struct mgmt_mode *cp = data;
366a0336 804 struct pending_cmd *cmd;
4b34ee78 805 int err;
eec8d2bc 806
bdb6d971 807 BT_DBG("request for %s", hdev->name);
eec8d2bc 808
a7e80f25
JH		 809 if (cp->val != 0x00 && cp->val != 0x01)
810 return cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
811 MGMT_STATUS_INVALID_PARAMS);
812
09fd0de5 813 hci_dev_lock(hdev);
eec8d2bc 814
87b95ba6
JH		 815 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev)) {
816 err = cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
817 MGMT_STATUS_BUSY);
818 goto failed;
819 }
820
f0d4b78a
MH		 821 if (test_and_clear_bit(HCI_AUTO_OFF, &hdev->dev_flags)) {
822 cancel_delayed_work(&hdev->power_off);
823
824 if (cp->val) {
a1d70450
JH		 825 mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev,
826 data, len);
827 err = mgmt_powered(hdev, 1);
f0d4b78a
MH		 828 goto failed;
829 }
830 }
831
4b34ee78 832 if (!!cp->val == hdev_is_powered(hdev)) {
69ab39ea 833 err = send_settings_rsp(sk, MGMT_OP_SET_POWERED, hdev);
eec8d2bc
JH		 834 goto failed;
835 }
836
2e58ef3e 837 cmd = mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev, data, len);
366a0336
JH		 838 if (!cmd) {
839 err = -ENOMEM;
eec8d2bc 840 goto failed;
366a0336 841 }
eec8d2bc 842
72a734ec 843 if (cp->val)
19202573 844 queue_work(hdev->req_workqueue, &hdev->power_on);
eec8d2bc 845 else
19202573 846 queue_work(hdev->req_workqueue, &hdev->power_off.work);
eec8d2bc 847
366a0336 848 err = 0;
eec8d2bc
JH		 849
850failed:
09fd0de5 851 hci_dev_unlock(hdev);
366a0336 852 return err;
eec8d2bc
JH		 853}
854
04124681
GP		 855static int mgmt_event(u16 event, struct hci_dev *hdev, void *data, u16 data_len,
856 struct sock *skip_sk)
beadb2bd
JH		 857{
858 struct sk_buff *skb;
859 struct mgmt_hdr *hdr;
860
790eff44 861 skb = alloc_skb(sizeof(*hdr) + data_len, GFP_KERNEL);
beadb2bd
JH		 862 if (!skb)
863 return -ENOMEM;
864
865 hdr = (void *) skb_put(skb, sizeof(*hdr));
866 hdr->opcode = cpu_to_le16(event);
867 if (hdev)
868 hdr->index = cpu_to_le16(hdev->id);
869 else
612dfce9 870 hdr->index = __constant_cpu_to_le16(MGMT_INDEX_NONE);
beadb2bd
JH		 871 hdr->len = cpu_to_le16(data_len);
872
873 if (data)
874 memcpy(skb_put(skb, data_len), data, data_len);
875
97e0bdeb
MH		 876 /* Time stamp */
877 __net_timestamp(skb);
878
beadb2bd
JH		 879 hci_send_to_control(skb, skip_sk);
880 kfree_skb(skb);
881
882 return 0;
883}
884
885static int new_settings(struct hci_dev *hdev, struct sock *skip)
886{
887 __le32 ev;
888
889 ev = cpu_to_le32(get_current_settings(hdev));
890
891 return mgmt_event(MGMT_EV_NEW_SETTINGS, hdev, &ev, sizeof(ev), skip);
892}
893
bd99abdd
JH		 894struct cmd_lookup {
895 struct sock *sk;
896 struct hci_dev *hdev;
897 u8 mgmt_status;
898};
899
900static void settings_rsp(struct pending_cmd *cmd, void *data)
901{
902 struct cmd_lookup *match = data;
903
904 send_settings_rsp(cmd->sk, cmd->opcode, match->hdev);
905
906 list_del(&cmd->list);
907
908 if (match->sk == NULL) {
909 match->sk = cmd->sk;
910 sock_hold(match->sk);
911 }
912
913 mgmt_pending_free(cmd);
914}
915
916static void cmd_status_rsp(struct pending_cmd *cmd, void *data)
917{
918 u8 *status = data;
919
920 cmd_status(cmd->sk, cmd->index, cmd->opcode, *status);
921 mgmt_pending_remove(cmd);
922}
923
bdb6d971 924static int set_discoverable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 925 u16 len)
73f22f62 926{
650f726d 927 struct mgmt_cp_set_discoverable *cp = data;
366a0336 928 struct pending_cmd *cmd;
5e5282bb 929 u16 timeout;
73f22f62
JH		 930 u8 scan;
931 int err;
932
bdb6d971 933 BT_DBG("request for %s", hdev->name);
73f22f62 934
33c525c0
JH		 935 if (!lmp_bredr_capable(hdev))
936 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
937 MGMT_STATUS_NOT_SUPPORTED);
938
a7e80f25
JH		 939 if (cp->val != 0x00 && cp->val != 0x01)
940 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
941 MGMT_STATUS_INVALID_PARAMS);
942
1f350c87 943 timeout = __le16_to_cpu(cp->timeout);
24c54a90 944 if (!cp->val && timeout > 0)
bdb6d971 945 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 946 MGMT_STATUS_INVALID_PARAMS);
73f22f62 947
09fd0de5 948 hci_dev_lock(hdev);
73f22f62 949
5e5282bb 950 if (!hdev_is_powered(hdev) && timeout > 0) {
bdb6d971 951 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 952 MGMT_STATUS_NOT_POWERED);
73f22f62
JH		 953 goto failed;
954 }
955
2e58ef3e 956 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
8ce8e2b5 957 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
bdb6d971 958 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 959 MGMT_STATUS_BUSY);
73f22f62
JH		 960 goto failed;
961 }
962
5e5282bb 963 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags)) {
bdb6d971 964 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 965 MGMT_STATUS_REJECTED);
5e5282bb
JH		 966 goto failed;
967 }
968
969 if (!hdev_is_powered(hdev)) {
0224d2fa
JH		 970 bool changed = false;
971
972 if (!!cp->val != test_bit(HCI_DISCOVERABLE, &hdev->dev_flags)) {
973 change_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
974 changed = true;
975 }
976
5e5282bb 977 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
0224d2fa
JH		 978 if (err < 0)
979 goto failed;
980
981 if (changed)
982 err = new_settings(hdev, sk);
983
5e5282bb
JH		 984 goto failed;
985 }
986
987 if (!!cp->val == test_bit(HCI_DISCOVERABLE, &hdev->dev_flags)) {
955638ec
MH		 988 if (hdev->discov_timeout > 0) {
989 cancel_delayed_work(&hdev->discov_off);
990 hdev->discov_timeout = 0;
991 }
992
993 if (cp->val && timeout > 0) {
994 hdev->discov_timeout = timeout;
995 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
996 msecs_to_jiffies(hdev->discov_timeout * 1000));
997 }
998
69ab39ea 999 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
73f22f62
JH		 1000 goto failed;
1001 }
1002
2e58ef3e 1003 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DISCOVERABLE, hdev, data, len);
366a0336
JH		 1004 if (!cmd) {
1005 err = -ENOMEM;
73f22f62 1006 goto failed;
366a0336 1007 }
73f22f62
JH		 1008
1009 scan = SCAN_PAGE;
1010
72a734ec 1011 if (cp->val)
73f22f62 1012 scan |= SCAN_INQUIRY;
16ab91ab 1013 else
e0f9309f 1014 cancel_delayed_work(&hdev->discov_off);
73f22f62
JH		 1015
1016 err = hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1017 if (err < 0)
a664b5bc 1018 mgmt_pending_remove(cmd);
73f22f62 1019
16ab91ab 1020 if (cp->val)
5e5282bb 1021 hdev->discov_timeout = timeout;
16ab91ab 1022
73f22f62 1023failed:
09fd0de5 1024 hci_dev_unlock(hdev);
73f22f62
JH		 1025 return err;
1026}
1027
406d7804
JH		 1028static void write_fast_connectable(struct hci_request *req, bool enable)
1029{
bd98b996 1030 struct hci_dev *hdev = req->hdev;
406d7804
JH		 1031 struct hci_cp_write_page_scan_activity acp;
1032 u8 type;
1033
4c01f8b8
JH		 1034 if (hdev->hci_ver < BLUETOOTH_VER_1_2)
1035 return;
1036
406d7804
JH		 1037 if (enable) {
1038 type = PAGE_SCAN_TYPE_INTERLACED;
1039
1040 /* 160 msec page scan interval */
1041 acp.interval = __constant_cpu_to_le16(0x0100);
1042 } else {
1043 type = PAGE_SCAN_TYPE_STANDARD; /* default */
1044
1045 /* default 1.28 sec page scan */
1046 acp.interval = __constant_cpu_to_le16(0x0800);
1047 }
1048
1049 acp.window = __constant_cpu_to_le16(0x0012);
1050
bd98b996
JH		 1051 if (__cpu_to_le16(hdev->page_scan_interval) != acp.interval ||
1052 __cpu_to_le16(hdev->page_scan_window) != acp.window)
1053 hci_req_add(req, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY,
1054 sizeof(acp), &acp);
1055
1056 if (hdev->page_scan_type != type)
1057 hci_req_add(req, HCI_OP_WRITE_PAGE_SCAN_TYPE, 1, &type);
406d7804
JH		 1058}
1059
2b76f453
JH		 1060static void set_connectable_complete(struct hci_dev *hdev, u8 status)
1061{
1062 struct pending_cmd *cmd;
1063
1064 BT_DBG("status 0x%02x", status);
1065
1066 hci_dev_lock(hdev);
1067
1068 cmd = mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
1069 if (!cmd)
1070 goto unlock;
1071
1072 send_settings_rsp(cmd->sk, MGMT_OP_SET_CONNECTABLE, hdev);
1073
1074 mgmt_pending_remove(cmd);
1075
1076unlock:
1077 hci_dev_unlock(hdev);
1078}
1079
bdb6d971 1080static int set_connectable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1081 u16 len)
9fbcbb45 1082{
650f726d 1083 struct mgmt_mode *cp = data;
366a0336 1084 struct pending_cmd *cmd;
2b76f453 1085 struct hci_request req;
9fbcbb45
JH		 1086 u8 scan;
1087 int err;
1088
bdb6d971 1089 BT_DBG("request for %s", hdev->name);
9fbcbb45 1090
33c525c0
JH		 1091 if (!lmp_bredr_capable(hdev))
1092 return cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1093 MGMT_STATUS_NOT_SUPPORTED);
1094
a7e80f25
JH		 1095 if (cp->val != 0x00 && cp->val != 0x01)
1096 return cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1097 MGMT_STATUS_INVALID_PARAMS);
1098
09fd0de5 1099 hci_dev_lock(hdev);
9fbcbb45 1100
4b34ee78 1101 if (!hdev_is_powered(hdev)) {
0224d2fa
JH		 1102 bool changed = false;
1103
1104 if (!!cp->val != test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
1105 changed = true;
1106
6bf0e469 1107 if (cp->val) {
5e5282bb 1108 set_bit(HCI_CONNECTABLE, &hdev->dev_flags);
6bf0e469 1109 } else {
5e5282bb
JH		 1110 clear_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1111 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
1112 }
0224d2fa 1113
5e5282bb 1114 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
0224d2fa
JH		 1115 if (err < 0)
1116 goto failed;
1117
1118 if (changed)
1119 err = new_settings(hdev, sk);
1120
9fbcbb45
JH		 1121 goto failed;
1122 }
1123
2e58ef3e 1124 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
8ce8e2b5 1125 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
bdb6d971 1126 err = cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
04124681 1127 MGMT_STATUS_BUSY);
9fbcbb45
JH		 1128 goto failed;
1129 }
1130
5e5282bb 1131 if (!!cp->val == test_bit(HCI_PSCAN, &hdev->flags)) {
69ab39ea 1132 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
9fbcbb45
JH		 1133 goto failed;
1134 }
1135
2e58ef3e 1136 cmd = mgmt_pending_add(sk, MGMT_OP_SET_CONNECTABLE, hdev, data, len);
366a0336
JH		 1137 if (!cmd) {
1138 err = -ENOMEM;
9fbcbb45 1139 goto failed;
366a0336 1140 }
9fbcbb45 1141
6bf0e469 1142 if (cp->val) {
9fbcbb45 1143 scan = SCAN_PAGE;
6bf0e469 1144 } else {
9fbcbb45
JH		 1145 scan = 0;
1146
df2c6c5e 1147 if (test_bit(HCI_ISCAN, &hdev->flags) &&
8ce8e2b5 1148 hdev->discov_timeout > 0)
df2c6c5e
JH		 1149 cancel_delayed_work(&hdev->discov_off);
1150 }
1151
2b76f453
JH		 1152 hci_req_init(&req, hdev);
1153
1154 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1155
4c01f8b8
JH		 1156 /* If we're going from non-connectable to connectable or
1157 * vice-versa when fast connectable is enabled ensure that fast
1158 * connectable gets disabled. write_fast_connectable won't do
1159 * anything if the page scan parameters are already what they
1160 * should be.
1161 */
1162 if (cp->val || test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags))
e36a3769
JH		 1163 write_fast_connectable(&req, false);
1164
2b76f453 1165 err = hci_req_run(&req, set_connectable_complete);
9fbcbb45 1166 if (err < 0)
a664b5bc 1167 mgmt_pending_remove(cmd);
9fbcbb45
JH		 1168
1169failed:
09fd0de5 1170 hci_dev_unlock(hdev);
9fbcbb45
JH		 1171 return err;
1172}
1173
bdb6d971 1174static int set_pairable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1175 u16 len)
c542a06c 1176{
650f726d 1177 struct mgmt_mode *cp = data;
c542a06c
JH		 1178 int err;
1179
bdb6d971 1180 BT_DBG("request for %s", hdev->name);
c542a06c 1181
a7e80f25
JH		 1182 if (cp->val != 0x00 && cp->val != 0x01)
1183 return cmd_status(sk, hdev->id, MGMT_OP_SET_PAIRABLE,
1184 MGMT_STATUS_INVALID_PARAMS);
1185
09fd0de5 1186 hci_dev_lock(hdev);
c542a06c
JH		 1187
1188 if (cp->val)
a8b2d5c2 1189 set_bit(HCI_PAIRABLE, &hdev->dev_flags);
c542a06c 1190 else
a8b2d5c2 1191 clear_bit(HCI_PAIRABLE, &hdev->dev_flags);
c542a06c 1192
69ab39ea 1193 err = send_settings_rsp(sk, MGMT_OP_SET_PAIRABLE, hdev);
c542a06c
JH		 1194 if (err < 0)
1195 goto failed;
1196
beadb2bd 1197 err = new_settings(hdev, sk);
c542a06c
JH		 1198
1199failed:
09fd0de5 1200 hci_dev_unlock(hdev);
c542a06c
JH		 1201 return err;
1202}
1203
04124681
GP		 1204static int set_link_security(struct sock *sk, struct hci_dev *hdev, void *data,
1205 u16 len)
33ef95ed
JH		 1206{
1207 struct mgmt_mode *cp = data;
1208 struct pending_cmd *cmd;
816a11d5 1209 u8 val;
33ef95ed
JH		 1210 int err;
1211
bdb6d971 1212 BT_DBG("request for %s", hdev->name);
33ef95ed 1213
33c525c0
JH		 1214 if (!lmp_bredr_capable(hdev))
1215 return cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1216 MGMT_STATUS_NOT_SUPPORTED);
1217
a7e80f25
JH		 1218 if (cp->val != 0x00 && cp->val != 0x01)
1219 return cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1220 MGMT_STATUS_INVALID_PARAMS);
1221
33ef95ed
JH		 1222 hci_dev_lock(hdev);
1223
4b34ee78 1224 if (!hdev_is_powered(hdev)) {
47990ea0
JH		 1225 bool changed = false;
1226
1227 if (!!cp->val != test_bit(HCI_LINK_SECURITY,
8ce8e2b5 1228 &hdev->dev_flags)) {
47990ea0
JH		 1229 change_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
1230 changed = true;
1231 }
1232
1233 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1234 if (err < 0)
1235 goto failed;
1236
1237 if (changed)
1238 err = new_settings(hdev, sk);
1239
33ef95ed
JH		 1240 goto failed;
1241 }
1242
1243 if (mgmt_pending_find(MGMT_OP_SET_LINK_SECURITY, hdev)) {
bdb6d971 1244 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
04124681 1245 MGMT_STATUS_BUSY);
33ef95ed
JH		 1246 goto failed;
1247 }
1248
1249 val = !!cp->val;
1250
1251 if (test_bit(HCI_AUTH, &hdev->flags) == val) {
1252 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1253 goto failed;
1254 }
1255
1256 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LINK_SECURITY, hdev, data, len);
1257 if (!cmd) {
1258 err = -ENOMEM;
1259 goto failed;
1260 }
1261
1262 err = hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE, sizeof(val), &val);
1263 if (err < 0) {
1264 mgmt_pending_remove(cmd);
1265 goto failed;
1266 }
1267
1268failed:
1269 hci_dev_unlock(hdev);
33ef95ed
JH		 1270 return err;
1271}
1272
bdb6d971 1273static int set_ssp(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
ed2c4ee3
JH		 1274{
1275 struct mgmt_mode *cp = data;
1276 struct pending_cmd *cmd;
816a11d5 1277 u8 val;
ed2c4ee3
JH		 1278 int err;
1279
bdb6d971 1280 BT_DBG("request for %s", hdev->name);
ed2c4ee3 1281
13ecd8b6
JH		 1282 if (!lmp_ssp_capable(hdev))
1283 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1284 MGMT_STATUS_NOT_SUPPORTED);
ed2c4ee3 1285
a7e80f25
JH		 1286 if (cp->val != 0x00 && cp->val != 0x01)
1287 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1288 MGMT_STATUS_INVALID_PARAMS);
1289
13ecd8b6 1290 hci_dev_lock(hdev);
6c8f12c1 1291
c0ecddc2
JH		 1292 val = !!cp->val;
1293
4b34ee78 1294 if (!hdev_is_powered(hdev)) {
c0ecddc2
JH		 1295 bool changed = false;
1296
1297 if (val != test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) {
1298 change_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
1299 changed = true;
1300 }
1301
1302 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1303 if (err < 0)
1304 goto failed;
1305
1306 if (changed)
1307 err = new_settings(hdev, sk);
1308
ed2c4ee3
JH		 1309 goto failed;
1310 }
1311
1312 if (mgmt_pending_find(MGMT_OP_SET_SSP, hdev)) {
d97dcb66
SJ		 1313 err = cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1314 MGMT_STATUS_BUSY);
ed2c4ee3
JH		 1315 goto failed;
1316 }
1317
ed2c4ee3
JH		 1318 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags) == val) {
1319 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1320 goto failed;
1321 }
1322
1323 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SSP, hdev, data, len);
1324 if (!cmd) {
1325 err = -ENOMEM;
1326 goto failed;
1327 }
1328
1329 err = hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, sizeof(val), &val);
1330 if (err < 0) {
1331 mgmt_pending_remove(cmd);
1332 goto failed;
1333 }
1334
1335failed:
1336 hci_dev_unlock(hdev);
ed2c4ee3
JH		 1337 return err;
1338}
1339
bdb6d971 1340static int set_hs(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
6d80dfd0
JH		 1341{
1342 struct mgmt_mode *cp = data;
6d80dfd0 1343
bdb6d971 1344 BT_DBG("request for %s", hdev->name);
6d80dfd0 1345
bdb6d971
JH		 1346 if (!enable_hs)
1347 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
04124681 1348 MGMT_STATUS_NOT_SUPPORTED);
6d80dfd0 1349
a7e80f25
JH		 1350 if (cp->val != 0x00 && cp->val != 0x01)
1351 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1352 MGMT_STATUS_INVALID_PARAMS);
1353
6d80dfd0
JH		 1354 if (cp->val)
1355 set_bit(HCI_HS_ENABLED, &hdev->dev_flags);
1356 else
1357 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
1358
bdb6d971 1359 return send_settings_rsp(sk, MGMT_OP_SET_HS, hdev);
6d80dfd0
JH		 1360}
1361
416a4ae5
JH		 1362static void le_enable_complete(struct hci_dev *hdev, u8 status)
1363{
1364 struct cmd_lookup match = { NULL, hdev };
1365
1366 if (status) {
1367 u8 mgmt_err = mgmt_status(status);
1368
1369 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, cmd_status_rsp,
1370 &mgmt_err);
1371 return;
1372 }
1373
1374 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, settings_rsp, &match);
1375
1376 new_settings(hdev, match.sk);
1377
1378 if (match.sk)
1379 sock_put(match.sk);
1380}
1381
bdb6d971 1382static int set_le(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
06199cf8
JH		 1383{
1384 struct mgmt_mode *cp = data;
1385 struct hci_cp_write_le_host_supported hci_cp;
1386 struct pending_cmd *cmd;
416a4ae5 1387 struct hci_request req;
06199cf8 1388 int err;
0b60eba1 1389 u8 val, enabled;
06199cf8 1390
bdb6d971 1391 BT_DBG("request for %s", hdev->name);
06199cf8 1392
13ecd8b6
JH		 1393 if (!lmp_le_capable(hdev))
1394 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1395 MGMT_STATUS_NOT_SUPPORTED);
1de028ce 1396
a7e80f25
JH		 1397 if (cp->val != 0x00 && cp->val != 0x01)
1398 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1399 MGMT_STATUS_INVALID_PARAMS);
1400
c73eee91
JH		 1401 /* LE-only devices do not allow toggling LE on/off */
1402 if (!lmp_bredr_capable(hdev))
1403 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1404 MGMT_STATUS_REJECTED);
1405
13ecd8b6 1406 hci_dev_lock(hdev);
06199cf8
JH		 1407
1408 val = !!cp->val;
ffa88e02 1409 enabled = lmp_host_le_capable(hdev);
06199cf8 1410
0b60eba1 1411 if (!hdev_is_powered(hdev) || val == enabled) {
06199cf8
JH		 1412 bool changed = false;
1413
1414 if (val != test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
1415 change_bit(HCI_LE_ENABLED, &hdev->dev_flags);
1416 changed = true;
1417 }
1418
eeca6f89
JH		 1419 if (!val && test_bit(HCI_LE_PERIPHERAL, &hdev->dev_flags)) {
1420 clear_bit(HCI_LE_PERIPHERAL, &hdev->dev_flags);
1421 changed = true;
1422 }
1423
06199cf8
JH		 1424 err = send_settings_rsp(sk, MGMT_OP_SET_LE, hdev);
1425 if (err < 0)
1de028ce 1426 goto unlock;
06199cf8
JH		 1427
1428 if (changed)
1429 err = new_settings(hdev, sk);
1430
1de028ce 1431 goto unlock;
06199cf8
JH		 1432 }
1433
1434 if (mgmt_pending_find(MGMT_OP_SET_LE, hdev)) {
bdb6d971 1435 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
04124681 1436 MGMT_STATUS_BUSY);
1de028ce 1437 goto unlock;
06199cf8
JH		 1438 }
1439
1440 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LE, hdev, data, len);
1441 if (!cmd) {
1442 err = -ENOMEM;
1de028ce 1443 goto unlock;
06199cf8
JH		 1444 }
1445
1446 memset(&hci_cp, 0, sizeof(hci_cp));
1447
1448 if (val) {
1449 hci_cp.le = val;
ffa88e02 1450 hci_cp.simul = lmp_le_br_capable(hdev);
06199cf8
JH		 1451 }
1452
416a4ae5
JH		 1453 hci_req_init(&req, hdev);
1454
eeca6f89
JH		 1455 if (test_bit(HCI_LE_PERIPHERAL, &hdev->dev_flags) && !val)
1456 hci_req_add(&req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(val), &val);
1457
416a4ae5
JH		 1458 hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(hci_cp),
1459 &hci_cp);
1460
1461 err = hci_req_run(&req, le_enable_complete);
0c01bc48 1462 if (err < 0)
06199cf8 1463 mgmt_pending_remove(cmd);
06199cf8 1464
1de028ce
JH		 1465unlock:
1466 hci_dev_unlock(hdev);
06199cf8
JH		 1467 return err;
1468}
1469
0cab9c80
JH		 1470/* This is a helper function to test for pending mgmt commands that can
1471 * cause CoD or EIR HCI commands. We can only allow one such pending
1472 * mgmt command at a time since otherwise we cannot easily track what
1473 * the current values are, will be, and based on that calculate if a new
1474 * HCI command needs to be sent and if yes with what value.
1475 */
1476static bool pending_eir_or_class(struct hci_dev *hdev)
1477{
1478 struct pending_cmd *cmd;
1479
1480 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
1481 switch (cmd->opcode) {
1482 case MGMT_OP_ADD_UUID:
1483 case MGMT_OP_REMOVE_UUID:
1484 case MGMT_OP_SET_DEV_CLASS:
1485 case MGMT_OP_SET_POWERED:
1486 return true;
1487 }
1488 }
1489
1490 return false;
1491}
1492
83be8eca
JH		 1493static const u8 bluetooth_base_uuid[] = {
1494 0xfb, 0x34, 0x9b, 0x5f, 0x80, 0x00, 0x00, 0x80,
1495 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1496};
1497
1498static u8 get_uuid_size(const u8 *uuid)
1499{
1500 u32 val;
1501
1502 if (memcmp(uuid, bluetooth_base_uuid, 12))
1503 return 128;
1504
1505 val = get_unaligned_le32(&uuid[12]);
1506 if (val > 0xffff)
1507 return 32;
1508
1509 return 16;
1510}
1511
92da6097
JH		 1512static void mgmt_class_complete(struct hci_dev *hdev, u16 mgmt_op, u8 status)
1513{
1514 struct pending_cmd *cmd;
1515
1516 hci_dev_lock(hdev);
1517
1518 cmd = mgmt_pending_find(mgmt_op, hdev);
1519 if (!cmd)
1520 goto unlock;
1521
1522 cmd_complete(cmd->sk, cmd->index, cmd->opcode, mgmt_status(status),
1523 hdev->dev_class, 3);
1524
1525 mgmt_pending_remove(cmd);
1526
1527unlock:
1528 hci_dev_unlock(hdev);
1529}
1530
1531static void add_uuid_complete(struct hci_dev *hdev, u8 status)
1532{
1533 BT_DBG("status 0x%02x", status);
1534
1535 mgmt_class_complete(hdev, MGMT_OP_ADD_UUID, status);
1536}
1537
bdb6d971 1538static int add_uuid(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
2aeb9a1a 1539{
650f726d 1540 struct mgmt_cp_add_uuid *cp = data;
90e70454 1541 struct pending_cmd *cmd;
890ea898 1542 struct hci_request req;
2aeb9a1a 1543 struct bt_uuid *uuid;
2aeb9a1a
JH		 1544 int err;
1545
bdb6d971 1546 BT_DBG("request for %s", hdev->name);
2aeb9a1a 1547
09fd0de5 1548 hci_dev_lock(hdev);
2aeb9a1a 1549
0cab9c80 1550 if (pending_eir_or_class(hdev)) {
bdb6d971 1551 err = cmd_status(sk, hdev->id, MGMT_OP_ADD_UUID,
04124681 1552 MGMT_STATUS_BUSY);
c95f0ba7
JH		 1553 goto failed;
1554 }
1555
92c4c204 1556 uuid = kmalloc(sizeof(*uuid), GFP_KERNEL);
2aeb9a1a
JH		 1557 if (!uuid) {
1558 err = -ENOMEM;
1559 goto failed;
1560 }
1561
1562 memcpy(uuid->uuid, cp->uuid, 16);
1aff6f09 1563 uuid->svc_hint = cp->svc_hint;
83be8eca 1564 uuid->size = get_uuid_size(cp->uuid);
2aeb9a1a 1565
de66aa63 1566 list_add_tail(&uuid->list, &hdev->uuids);
2aeb9a1a 1567
890ea898 1568 hci_req_init(&req, hdev);
1aff6f09 1569
890ea898
JH		 1570 update_class(&req);
1571 update_eir(&req);
1572
92da6097
JH		 1573 err = hci_req_run(&req, add_uuid_complete);
1574 if (err < 0) {
1575 if (err != -ENODATA)
1576 goto failed;
80a1e1db 1577
bdb6d971 1578 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_UUID, 0,
04124681 1579 hdev->dev_class, 3);
90e70454
JH		 1580 goto failed;
1581 }
1582
1583 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_UUID, hdev, data, len);
890ea898 1584 if (!cmd) {
90e70454 1585 err = -ENOMEM;
890ea898
JH		 1586 goto failed;
1587 }
1588
1589 err = 0;
2aeb9a1a
JH		 1590
1591failed:
09fd0de5 1592 hci_dev_unlock(hdev);
2aeb9a1a
JH		 1593 return err;
1594}
1595
24b78d0f
JH		 1596static bool enable_service_cache(struct hci_dev *hdev)
1597{
1598 if (!hdev_is_powered(hdev))
1599 return false;
1600
1601 if (!test_and_set_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
46818ed5
JH		 1602 queue_delayed_work(hdev->workqueue, &hdev->service_cache,
1603 CACHE_TIMEOUT);
24b78d0f
JH		 1604 return true;
1605 }
1606
1607 return false;
1608}
1609
92da6097
JH		 1610static void remove_uuid_complete(struct hci_dev *hdev, u8 status)
1611{
1612 BT_DBG("status 0x%02x", status);
1613
1614 mgmt_class_complete(hdev, MGMT_OP_REMOVE_UUID, status);
1615}
1616
bdb6d971 1617static int remove_uuid(struct sock *sk, struct hci_dev *hdev, void *data,
8ce8e2b5 1618 u16 len)
2aeb9a1a 1619{
650f726d 1620 struct mgmt_cp_remove_uuid *cp = data;
90e70454 1621 struct pending_cmd *cmd;
056341c8 1622 struct bt_uuid *match, *tmp;
2aeb9a1a 1623 u8 bt_uuid_any[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
890ea898 1624 struct hci_request req;
2aeb9a1a
JH		 1625 int err, found;
1626
bdb6d971 1627 BT_DBG("request for %s", hdev->name);
2aeb9a1a 1628
09fd0de5 1629 hci_dev_lock(hdev);
2aeb9a1a 1630
0cab9c80 1631 if (pending_eir_or_class(hdev)) {
bdb6d971 1632 err = cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
04124681 1633 MGMT_STATUS_BUSY);
c95f0ba7
JH		 1634 goto unlock;
1635 }
1636
2aeb9a1a
JH		 1637 if (memcmp(cp->uuid, bt_uuid_any, 16) == 0) {
1638 err = hci_uuids_clear(hdev);
4004b6d9 1639
24b78d0f 1640 if (enable_service_cache(hdev)) {
bdb6d971 1641 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID,
04124681 1642 0, hdev->dev_class, 3);
24b78d0f
JH		 1643 goto unlock;
1644 }
4004b6d9 1645
9246a869 1646 goto update_class;
2aeb9a1a
JH		 1647 }
1648
1649 found = 0;
1650
056341c8 1651 list_for_each_entry_safe(match, tmp, &hdev->uuids, list) {
2aeb9a1a
JH		 1652 if (memcmp(match->uuid, cp->uuid, 16) != 0)
1653 continue;
1654
1655 list_del(&match->list);
482049f7 1656 kfree(match);
2aeb9a1a
JH		 1657 found++;
1658 }
1659
1660 if (found == 0) {
bdb6d971 1661 err = cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
04124681 1662 MGMT_STATUS_INVALID_PARAMS);
2aeb9a1a
JH		 1663 goto unlock;
1664 }
1665
9246a869 1666update_class:
890ea898 1667 hci_req_init(&req, hdev);
1aff6f09 1668
890ea898
JH		 1669 update_class(&req);
1670 update_eir(&req);
1671
92da6097
JH		 1672 err = hci_req_run(&req, remove_uuid_complete);
1673 if (err < 0) {
1674 if (err != -ENODATA)
1675 goto unlock;
80a1e1db 1676
bdb6d971 1677 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID, 0,
04124681 1678 hdev->dev_class, 3);
90e70454
JH		 1679 goto unlock;
1680 }
1681
1682 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_UUID, hdev, data, len);
890ea898 1683 if (!cmd) {
90e70454 1684 err = -ENOMEM;
890ea898
JH		 1685 goto unlock;
1686 }
1687
1688 err = 0;
2aeb9a1a
JH		 1689
1690unlock:
09fd0de5 1691 hci_dev_unlock(hdev);
2aeb9a1a
JH		 1692 return err;
1693}
1694
92da6097
JH		 1695static void set_class_complete(struct hci_dev *hdev, u8 status)
1696{
1697 BT_DBG("status 0x%02x", status);
1698
1699 mgmt_class_complete(hdev, MGMT_OP_SET_DEV_CLASS, status);
1700}
1701
bdb6d971 1702static int set_dev_class(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1703 u16 len)
1aff6f09 1704{
650f726d 1705 struct mgmt_cp_set_dev_class *cp = data;
90e70454 1706 struct pending_cmd *cmd;
890ea898 1707 struct hci_request req;
1aff6f09
JH		 1708 int err;
1709
bdb6d971 1710 BT_DBG("request for %s", hdev->name);
1aff6f09 1711
13ecd8b6
JH		 1712 if (!lmp_bredr_capable(hdev))
1713 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
1714 MGMT_STATUS_NOT_SUPPORTED);
1aff6f09 1715
0cab9c80 1716 hci_dev_lock(hdev);
ee98f473 1717
0cab9c80
JH		 1718 if (pending_eir_or_class(hdev)) {
1719 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
1720 MGMT_STATUS_BUSY);
1721 goto unlock;
1722 }
c95f0ba7 1723
0cab9c80
JH		 1724 if ((cp->minor & 0x03) != 0 || (cp->major & 0xe0) != 0) {
1725 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
1726 MGMT_STATUS_INVALID_PARAMS);
1727 goto unlock;
1728 }
575b3a02 1729
932f5ff5
JH		 1730 hdev->major_class = cp->major;
1731 hdev->minor_class = cp->minor;
1732
b5235a65 1733 if (!hdev_is_powered(hdev)) {
bdb6d971 1734 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
04124681 1735 hdev->dev_class, 3);
b5235a65
JH		 1736 goto unlock;
1737 }
1738
890ea898
JH		 1739 hci_req_init(&req, hdev);
1740
a8b2d5c2 1741 if (test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
7d78525d
JH		 1742 hci_dev_unlock(hdev);
1743 cancel_delayed_work_sync(&hdev->service_cache);
1744 hci_dev_lock(hdev);
890ea898 1745 update_eir(&req);
7d78525d 1746 }
14c0b608 1747
890ea898
JH		 1748 update_class(&req);
1749
92da6097
JH		 1750 err = hci_req_run(&req, set_class_complete);
1751 if (err < 0) {
1752 if (err != -ENODATA)
1753 goto unlock;
1aff6f09 1754
bdb6d971 1755 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
04124681 1756 hdev->dev_class, 3);
90e70454
JH		 1757 goto unlock;
1758 }
1759
1760 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DEV_CLASS, hdev, data, len);
890ea898 1761 if (!cmd) {
90e70454 1762 err = -ENOMEM;
890ea898
JH		 1763 goto unlock;
1764 }
1765
1766 err = 0;
1aff6f09 1767
b5235a65 1768unlock:
09fd0de5 1769 hci_dev_unlock(hdev);
1aff6f09
JH		 1770 return err;
1771}
1772
bdb6d971 1773static int load_link_keys(struct sock *sk, struct hci_dev *hdev, void *data,
8ce8e2b5 1774 u16 len)
55ed8ca1 1775{
650f726d 1776 struct mgmt_cp_load_link_keys *cp = data;
4e51eae9 1777 u16 key_count, expected_len;
a492cd52 1778 int i;
55ed8ca1 1779
1f350c87 1780 key_count = __le16_to_cpu(cp->key_count);
55ed8ca1 1781
86742e1e
JH		 1782 expected_len = sizeof(*cp) + key_count *
1783 sizeof(struct mgmt_link_key_info);
a492cd52 1784 if (expected_len != len) {
86742e1e 1785 BT_ERR("load_link_keys: expected %u bytes, got %u bytes",
8ce8e2b5 1786 len, expected_len);
bdb6d971 1787 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
04124681 1788 MGMT_STATUS_INVALID_PARAMS);
55ed8ca1
JH		 1789 }
1790
4ae14301
JH		 1791 if (cp->debug_keys != 0x00 && cp->debug_keys != 0x01)
1792 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
1793 MGMT_STATUS_INVALID_PARAMS);
1794
bdb6d971 1795 BT_DBG("%s debug_keys %u key_count %u", hdev->name, cp->debug_keys,
8ce8e2b5 1796 key_count);
55ed8ca1 1797
4ee71b20
JH		 1798 for (i = 0; i < key_count; i++) {
1799 struct mgmt_link_key_info *key = &cp->keys[i];
1800
1801 if (key->addr.type != BDADDR_BREDR)
1802 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
1803 MGMT_STATUS_INVALID_PARAMS);
1804 }
1805
09fd0de5 1806 hci_dev_lock(hdev);
55ed8ca1
JH		 1807
1808 hci_link_keys_clear(hdev);
1809
55ed8ca1 1810 if (cp->debug_keys)
a8b2d5c2 1811 set_bit(HCI_DEBUG_KEYS, &hdev->dev_flags);
55ed8ca1 1812 else
a8b2d5c2 1813 clear_bit(HCI_DEBUG_KEYS, &hdev->dev_flags);
55ed8ca1 1814
a492cd52 1815 for (i = 0; i < key_count; i++) {
86742e1e 1816 struct mgmt_link_key_info *key = &cp->keys[i];
55ed8ca1 1817
d753fdc4 1818 hci_add_link_key(hdev, NULL, 0, &key->addr.bdaddr, key->val,
04124681 1819 key->type, key->pin_len);
55ed8ca1
JH		 1820 }
1821
bdb6d971 1822 cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS, 0, NULL, 0);
0e5f875a 1823
09fd0de5 1824 hci_dev_unlock(hdev);
55ed8ca1 1825
a492cd52 1826 return 0;
55ed8ca1
JH		 1827}
1828
b1078ad0 1829static int device_unpaired(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 1830 u8 addr_type, struct sock *skip_sk)
b1078ad0
JH		 1831{
1832 struct mgmt_ev_device_unpaired ev;
1833
1834 bacpy(&ev.addr.bdaddr, bdaddr);
1835 ev.addr.type = addr_type;
1836
1837 return mgmt_event(MGMT_EV_DEVICE_UNPAIRED, hdev, &ev, sizeof(ev),
04124681 1838 skip_sk);
b1078ad0
JH		 1839}
1840
bdb6d971 1841static int unpair_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1842 u16 len)
55ed8ca1 1843{
124f6e35
JH		 1844 struct mgmt_cp_unpair_device *cp = data;
1845 struct mgmt_rp_unpair_device rp;
a8a1d19e
JH		 1846 struct hci_cp_disconnect dc;
1847 struct pending_cmd *cmd;
55ed8ca1 1848 struct hci_conn *conn;
55ed8ca1
JH		 1849 int err;
1850
a8a1d19e 1851 memset(&rp, 0, sizeof(rp));
124f6e35
JH		 1852 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
1853 rp.addr.type = cp->addr.type;
a8a1d19e 1854
4ee71b20
JH		 1855 if (!bdaddr_type_is_valid(cp->addr.type))
1856 return cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
1857 MGMT_STATUS_INVALID_PARAMS,
1858 &rp, sizeof(rp));
1859
118da70b
JH		 1860 if (cp->disconnect != 0x00 && cp->disconnect != 0x01)
1861 return cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
1862 MGMT_STATUS_INVALID_PARAMS,
1863 &rp, sizeof(rp));
1864
4ee71b20
JH		 1865 hci_dev_lock(hdev);
1866
86a8cfc6 1867 if (!hdev_is_powered(hdev)) {
bdb6d971 1868 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
04124681 1869 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
86a8cfc6
JH		 1870 goto unlock;
1871 }
1872
591f47f3 1873 if (cp->addr.type == BDADDR_BREDR)
124f6e35
JH		 1874 err = hci_remove_link_key(hdev, &cp->addr.bdaddr);
1875 else
1876 err = hci_remove_ltk(hdev, &cp->addr.bdaddr);
b0dbfb46 1877
55ed8ca1 1878 if (err < 0) {
bdb6d971 1879 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
04124681 1880 MGMT_STATUS_NOT_PAIRED, &rp, sizeof(rp));
55ed8ca1
JH		 1881 goto unlock;
1882 }
1883
86a8cfc6 1884 if (cp->disconnect) {
591f47f3 1885 if (cp->addr.type == BDADDR_BREDR)
86a8cfc6 1886 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
8ce8e2b5 1887 &cp->addr.bdaddr);
86a8cfc6
JH		 1888 else
1889 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK,
8ce8e2b5 1890 &cp->addr.bdaddr);
86a8cfc6
JH		 1891 } else {
1892 conn = NULL;
1893 }
124f6e35 1894
a8a1d19e 1895 if (!conn) {
bdb6d971 1896 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE, 0,
04124681 1897 &rp, sizeof(rp));
b1078ad0 1898 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, sk);
a8a1d19e
JH		 1899 goto unlock;
1900 }
55ed8ca1 1901
124f6e35 1902 cmd = mgmt_pending_add(sk, MGMT_OP_UNPAIR_DEVICE, hdev, cp,
04124681 1903 sizeof(*cp));
a8a1d19e
JH		 1904 if (!cmd) {
1905 err = -ENOMEM;
1906 goto unlock;
55ed8ca1
JH		 1907 }
1908
eb55ef07 1909 dc.handle = cpu_to_le16(conn->handle);
a8a1d19e
JH		 1910 dc.reason = 0x13; /* Remote User Terminated Connection */
1911 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
1912 if (err < 0)
1913 mgmt_pending_remove(cmd);
1914
55ed8ca1 1915unlock:
09fd0de5 1916 hci_dev_unlock(hdev);
55ed8ca1
JH		 1917 return err;
1918}
1919
bdb6d971 1920static int disconnect(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1921 u16 len)
8962ee74 1922{
650f726d 1923 struct mgmt_cp_disconnect *cp = data;
06a63b19 1924 struct mgmt_rp_disconnect rp;
8962ee74 1925 struct hci_cp_disconnect dc;
366a0336 1926 struct pending_cmd *cmd;
8962ee74 1927 struct hci_conn *conn;
8962ee74
JH		 1928 int err;
1929
1930 BT_DBG("");
1931
06a63b19
JH		 1932 memset(&rp, 0, sizeof(rp));
1933 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
1934 rp.addr.type = cp->addr.type;
1935
4ee71b20 1936 if (!bdaddr_type_is_valid(cp->addr.type))
06a63b19
JH		 1937 return cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
1938 MGMT_STATUS_INVALID_PARAMS,
1939 &rp, sizeof(rp));
4ee71b20 1940
09fd0de5 1941 hci_dev_lock(hdev);
8962ee74
JH		 1942
1943 if (!test_bit(HCI_UP, &hdev->flags)) {
06a63b19
JH		 1944 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
1945 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
8962ee74
JH		 1946 goto failed;
1947 }
1948
2e58ef3e 1949 if (mgmt_pending_find(MGMT_OP_DISCONNECT, hdev)) {
06a63b19
JH		 1950 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
1951 MGMT_STATUS_BUSY, &rp, sizeof(rp));
8962ee74
JH		 1952 goto failed;
1953 }
1954
591f47f3 1955 if (cp->addr.type == BDADDR_BREDR)
8fc9ced3
GP		 1956 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
1957 &cp->addr.bdaddr);
88c3df13
JH		 1958 else
1959 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
365227e5 1960
f960727e 1961 if (!conn || conn->state == BT_OPEN || conn->state == BT_CLOSED) {
06a63b19
JH		 1962 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
1963 MGMT_STATUS_NOT_CONNECTED, &rp, sizeof(rp));
8962ee74
JH		 1964 goto failed;
1965 }
1966
2e58ef3e 1967 cmd = mgmt_pending_add(sk, MGMT_OP_DISCONNECT, hdev, data, len);
366a0336
JH		 1968 if (!cmd) {
1969 err = -ENOMEM;
8962ee74 1970 goto failed;
366a0336 1971 }
8962ee74 1972
eb55ef07 1973 dc.handle = cpu_to_le16(conn->handle);
3701f944 1974 dc.reason = HCI_ERROR_REMOTE_USER_TERM;
8962ee74
JH		 1975
1976 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
1977 if (err < 0)
a664b5bc 1978 mgmt_pending_remove(cmd);
8962ee74
JH		 1979
1980failed:
09fd0de5 1981 hci_dev_unlock(hdev);
8962ee74
JH		 1982 return err;
1983}
1984
57c1477c 1985static u8 link_to_bdaddr(u8 link_type, u8 addr_type)
4c659c39
JH		 1986{
1987 switch (link_type) {
1988 case LE_LINK:
48264f06
JH		 1989 switch (addr_type) {
1990 case ADDR_LE_DEV_PUBLIC:
591f47f3 1991 return BDADDR_LE_PUBLIC;
0ed09148 1992
48264f06 1993 default:
0ed09148 1994 /* Fallback to LE Random address type */
591f47f3 1995 return BDADDR_LE_RANDOM;
48264f06 1996 }
0ed09148 1997
4c659c39 1998 default:
0ed09148 1999 /* Fallback to BR/EDR type */
591f47f3 2000 return BDADDR_BREDR;
4c659c39
JH		 2001 }
2002}
2003
04124681
GP		 2004static int get_connections(struct sock *sk, struct hci_dev *hdev, void *data,
2005 u16 data_len)
2784eb41 2006{
2784eb41 2007 struct mgmt_rp_get_connections *rp;
8035ded4 2008 struct hci_conn *c;
a38528f1 2009 size_t rp_len;
60fc5fb6
JH		 2010 int err;
2011 u16 i;
2784eb41
JH		 2012
2013 BT_DBG("");
2014
09fd0de5 2015 hci_dev_lock(hdev);
2784eb41 2016
5f97c1df 2017 if (!hdev_is_powered(hdev)) {
bdb6d971 2018 err = cmd_status(sk, hdev->id, MGMT_OP_GET_CONNECTIONS,
04124681 2019 MGMT_STATUS_NOT_POWERED);
5f97c1df
JH		 2020 goto unlock;
2021 }
2022
60fc5fb6 2023 i = 0;
b644ba33
JH		 2024 list_for_each_entry(c, &hdev->conn_hash.list, list) {
2025 if (test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
60fc5fb6 2026 i++;
2784eb41
JH		 2027 }
2028
60fc5fb6 2029 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
92c4c204 2030 rp = kmalloc(rp_len, GFP_KERNEL);
a38528f1 2031 if (!rp) {
2784eb41
JH		 2032 err = -ENOMEM;
2033 goto unlock;
2034 }
2035
2784eb41 2036 i = 0;
4c659c39 2037 list_for_each_entry(c, &hdev->conn_hash.list, list) {
b644ba33
JH		 2038 if (!test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
2039 continue;
4c659c39 2040 bacpy(&rp->addr[i].bdaddr, &c->dst);
57c1477c 2041 rp->addr[i].type = link_to_bdaddr(c->type, c->dst_type);
0ed09148 2042 if (c->type == SCO_LINK || c->type == ESCO_LINK)
4c659c39
JH		 2043 continue;
2044 i++;
2045 }
2046
eb55ef07 2047 rp->conn_count = cpu_to_le16(i);
60fc5fb6 2048
4c659c39
JH		 2049 /* Recalculate length in case of filtered SCO connections, etc */
2050 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
2784eb41 2051
bdb6d971 2052 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CONNECTIONS, 0, rp,
04124681 2053 rp_len);
2784eb41 2054
a38528f1 2055 kfree(rp);
5f97c1df
JH		 2056
2057unlock:
09fd0de5 2058 hci_dev_unlock(hdev);
2784eb41
JH		 2059 return err;
2060}
2061
bdb6d971 2062static int send_pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 2063 struct mgmt_cp_pin_code_neg_reply *cp)
96d97a67
WR		 2064{
2065 struct pending_cmd *cmd;
2066 int err;
2067
2e58ef3e 2068 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_NEG_REPLY, hdev, cp,
04124681 2069 sizeof(*cp));
96d97a67
WR		 2070 if (!cmd)
2071 return -ENOMEM;
2072
d8457698 2073 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
04124681 2074 sizeof(cp->addr.bdaddr), &cp->addr.bdaddr);
96d97a67
WR		 2075 if (err < 0)
2076 mgmt_pending_remove(cmd);
2077
2078 return err;
2079}
2080
bdb6d971 2081static int pin_code_reply(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2082 u16 len)
980e1a53 2083{
96d97a67 2084 struct hci_conn *conn;
650f726d 2085 struct mgmt_cp_pin_code_reply *cp = data;
980e1a53 2086 struct hci_cp_pin_code_reply reply;
366a0336 2087 struct pending_cmd *cmd;
980e1a53
JH		 2088 int err;
2089
2090 BT_DBG("");
2091
09fd0de5 2092 hci_dev_lock(hdev);
980e1a53 2093
4b34ee78 2094 if (!hdev_is_powered(hdev)) {
bdb6d971 2095 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
04124681 2096 MGMT_STATUS_NOT_POWERED);
980e1a53
JH		 2097 goto failed;
2098 }
2099
d8457698 2100 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->addr.bdaddr);
96d97a67 2101 if (!conn) {
bdb6d971 2102 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
04124681 2103 MGMT_STATUS_NOT_CONNECTED);
96d97a67
WR		 2104 goto failed;
2105 }
2106
2107 if (conn->pending_sec_level == BT_SECURITY_HIGH && cp->pin_len != 16) {
d8457698
JH		 2108 struct mgmt_cp_pin_code_neg_reply ncp;
2109
2110 memcpy(&ncp.addr, &cp->addr, sizeof(ncp.addr));
96d97a67
WR		 2111
2112 BT_ERR("PIN code is not 16 bytes long");
2113
bdb6d971 2114 err = send_pin_code_neg_reply(sk, hdev, &ncp);
96d97a67 2115 if (err >= 0)
bdb6d971 2116 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
04124681 2117 MGMT_STATUS_INVALID_PARAMS);
96d97a67
WR		 2118
2119 goto failed;
2120 }
2121
00abfe44 2122 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_REPLY, hdev, data, len);
366a0336
JH		 2123 if (!cmd) {
2124 err = -ENOMEM;
980e1a53 2125 goto failed;
366a0336 2126 }
980e1a53 2127
d8457698 2128 bacpy(&reply.bdaddr, &cp->addr.bdaddr);
980e1a53 2129 reply.pin_len = cp->pin_len;
24718ca5 2130 memcpy(reply.pin_code, cp->pin_code, sizeof(reply.pin_code));
980e1a53
JH		 2131
2132 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_REPLY, sizeof(reply), &reply);
2133 if (err < 0)
a664b5bc 2134 mgmt_pending_remove(cmd);
980e1a53
JH		 2135
2136failed:
09fd0de5 2137 hci_dev_unlock(hdev);
980e1a53
JH		 2138 return err;
2139}
2140
04124681
GP		 2141static int set_io_capability(struct sock *sk, struct hci_dev *hdev, void *data,
2142 u16 len)
17fa4b9d 2143{
650f726d 2144 struct mgmt_cp_set_io_capability *cp = data;
17fa4b9d
JH		 2145
2146 BT_DBG("");
2147
09fd0de5 2148 hci_dev_lock(hdev);
17fa4b9d
JH		 2149
2150 hdev->io_capability = cp->io_capability;
2151
2152 BT_DBG("%s IO capability set to 0x%02x", hdev->name,
8ce8e2b5 2153 hdev->io_capability);
17fa4b9d 2154
09fd0de5 2155 hci_dev_unlock(hdev);
17fa4b9d 2156
04124681
GP		 2157 return cmd_complete(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY, 0, NULL,
2158 0);
17fa4b9d
JH		 2159}
2160
6039aa73 2161static struct pending_cmd *find_pairing(struct hci_conn *conn)
e9a416b5
JH		 2162{
2163 struct hci_dev *hdev = conn->hdev;
8035ded4 2164 struct pending_cmd *cmd;
e9a416b5 2165
2e58ef3e 2166 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
e9a416b5
JH		 2167 if (cmd->opcode != MGMT_OP_PAIR_DEVICE)
2168 continue;
2169
e9a416b5
JH		 2170 if (cmd->user_data != conn)
2171 continue;
2172
2173 return cmd;
2174 }
2175
2176 return NULL;
2177}
2178
2179static void pairing_complete(struct pending_cmd *cmd, u8 status)
2180{
2181 struct mgmt_rp_pair_device rp;
2182 struct hci_conn *conn = cmd->user_data;
2183
ba4e564f 2184 bacpy(&rp.addr.bdaddr, &conn->dst);
57c1477c 2185 rp.addr.type = link_to_bdaddr(conn->type, conn->dst_type);
e9a416b5 2186
aee9b218 2187 cmd_complete(cmd->sk, cmd->index, MGMT_OP_PAIR_DEVICE, status,
04124681 2188 &rp, sizeof(rp));
e9a416b5
JH		 2189
2190 /* So we don't get further callbacks for this connection */
2191 conn->connect_cfm_cb = NULL;
2192 conn->security_cfm_cb = NULL;
2193 conn->disconn_cfm_cb = NULL;
2194
76a68ba0 2195 hci_conn_drop(conn);
e9a416b5 2196
a664b5bc 2197 mgmt_pending_remove(cmd);
e9a416b5
JH		 2198}
2199
2200static void pairing_complete_cb(struct hci_conn *conn, u8 status)
2201{
2202 struct pending_cmd *cmd;
2203
2204 BT_DBG("status %u", status);
2205
2206 cmd = find_pairing(conn);
56e5cb86 2207 if (!cmd)
e9a416b5 2208 BT_DBG("Unable to find a pending command");
56e5cb86 2209 else
e211326c 2210 pairing_complete(cmd, mgmt_status(status));
e9a416b5
JH		 2211}
2212
4c47d739
VA		 2213static void le_connect_complete_cb(struct hci_conn *conn, u8 status)
2214{
2215 struct pending_cmd *cmd;
2216
2217 BT_DBG("status %u", status);
2218
2219 if (!status)
2220 return;
2221
2222 cmd = find_pairing(conn);
2223 if (!cmd)
2224 BT_DBG("Unable to find a pending command");
2225 else
2226 pairing_complete(cmd, mgmt_status(status));
2227}
2228
bdb6d971 2229static int pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2230 u16 len)
e9a416b5 2231{
650f726d 2232 struct mgmt_cp_pair_device *cp = data;
1425acb7 2233 struct mgmt_rp_pair_device rp;
e9a416b5
JH		 2234 struct pending_cmd *cmd;
2235 u8 sec_level, auth_type;
2236 struct hci_conn *conn;
e9a416b5
JH		 2237 int err;
2238
2239 BT_DBG("");
2240
f950a30e
SJ		 2241 memset(&rp, 0, sizeof(rp));
2242 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2243 rp.addr.type = cp->addr.type;
2244
4ee71b20
JH		 2245 if (!bdaddr_type_is_valid(cp->addr.type))
2246 return cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2247 MGMT_STATUS_INVALID_PARAMS,
2248 &rp, sizeof(rp));
2249
09fd0de5 2250 hci_dev_lock(hdev);
e9a416b5 2251
5f97c1df 2252 if (!hdev_is_powered(hdev)) {
f950a30e
SJ		 2253 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2254 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
5f97c1df
JH		 2255 goto unlock;
2256 }
2257
c908df36
VCG		 2258 sec_level = BT_SECURITY_MEDIUM;
2259 if (cp->io_cap == 0x03)
e9a416b5 2260 auth_type = HCI_AT_DEDICATED_BONDING;
c908df36 2261 else
e9a416b5 2262 auth_type = HCI_AT_DEDICATED_BONDING_MITM;
e9a416b5 2263
591f47f3 2264 if (cp->addr.type == BDADDR_BREDR)
b12f62cf
AG		 2265 conn = hci_connect(hdev, ACL_LINK, &cp->addr.bdaddr,
2266 cp->addr.type, sec_level, auth_type);
7a512d01 2267 else
b12f62cf
AG		 2268 conn = hci_connect(hdev, LE_LINK, &cp->addr.bdaddr,
2269 cp->addr.type, sec_level, auth_type);
7a512d01 2270
30e76272 2271 if (IS_ERR(conn)) {
489dc48e
AK		 2272 int status;
2273
2274 if (PTR_ERR(conn) == -EBUSY)
2275 status = MGMT_STATUS_BUSY;
2276 else
2277 status = MGMT_STATUS_CONNECT_FAILED;
2278
bdb6d971 2279 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
489dc48e 2280 status, &rp,
04124681 2281 sizeof(rp));
e9a416b5
JH		 2282 goto unlock;
2283 }
2284
2285 if (conn->connect_cfm_cb) {
76a68ba0 2286 hci_conn_drop(conn);
bdb6d971 2287 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
04124681 2288 MGMT_STATUS_BUSY, &rp, sizeof(rp));
e9a416b5
JH		 2289 goto unlock;
2290 }
2291
2e58ef3e 2292 cmd = mgmt_pending_add(sk, MGMT_OP_PAIR_DEVICE, hdev, data, len);
e9a416b5
JH		 2293 if (!cmd) {
2294 err = -ENOMEM;
76a68ba0 2295 hci_conn_drop(conn);
e9a416b5
JH		 2296 goto unlock;
2297 }
2298
7a512d01 2299 /* For LE, just connecting isn't a proof that the pairing finished */
591f47f3 2300 if (cp->addr.type == BDADDR_BREDR)
7a512d01 2301 conn->connect_cfm_cb = pairing_complete_cb;
4c47d739
VA		 2302 else
2303 conn->connect_cfm_cb = le_connect_complete_cb;
7a512d01 2304
e9a416b5
JH		 2305 conn->security_cfm_cb = pairing_complete_cb;
2306 conn->disconn_cfm_cb = pairing_complete_cb;
2307 conn->io_capability = cp->io_cap;
2308 cmd->user_data = conn;
2309
2310 if (conn->state == BT_CONNECTED &&
8ce8e2b5 2311 hci_conn_security(conn, sec_level, auth_type))
e9a416b5
JH		 2312 pairing_complete(cmd, 0);
2313
2314 err = 0;
2315
2316unlock:
09fd0de5 2317 hci_dev_unlock(hdev);
e9a416b5
JH		 2318 return err;
2319}
2320
04124681
GP		 2321static int cancel_pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
2322 u16 len)
28424707 2323{
0f4e68cf 2324 struct mgmt_addr_info *addr = data;
28424707
JH		 2325 struct pending_cmd *cmd;
2326 struct hci_conn *conn;
2327 int err;
2328
2329 BT_DBG("");
2330
28424707
JH		 2331 hci_dev_lock(hdev);
2332
5f97c1df 2333 if (!hdev_is_powered(hdev)) {
bdb6d971 2334 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
04124681 2335 MGMT_STATUS_NOT_POWERED);
5f97c1df
JH		 2336 goto unlock;
2337 }
2338
28424707
JH		 2339 cmd = mgmt_pending_find(MGMT_OP_PAIR_DEVICE, hdev);
2340 if (!cmd) {
bdb6d971 2341 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
04124681 2342 MGMT_STATUS_INVALID_PARAMS);
28424707
JH		 2343 goto unlock;
2344 }
2345
2346 conn = cmd->user_data;
2347
2348 if (bacmp(&addr->bdaddr, &conn->dst) != 0) {
bdb6d971 2349 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
04124681 2350 MGMT_STATUS_INVALID_PARAMS);
28424707
JH		 2351 goto unlock;
2352 }
2353
2354 pairing_complete(cmd, MGMT_STATUS_CANCELLED);
2355
bdb6d971 2356 err = cmd_complete(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE, 0,
04124681 2357 addr, sizeof(*addr));
28424707
JH		 2358unlock:
2359 hci_dev_unlock(hdev);
28424707
JH		 2360 return err;
2361}
2362
bdb6d971 2363static int user_pairing_resp(struct sock *sk, struct hci_dev *hdev,
1707c60e 2364 struct mgmt_addr_info *addr, u16 mgmt_op,
04124681 2365 u16 hci_op, __le32 passkey)
a5c29683 2366{
a5c29683 2367 struct pending_cmd *cmd;
0df4c185 2368 struct hci_conn *conn;
a5c29683
JH		 2369 int err;
2370
09fd0de5 2371 hci_dev_lock(hdev);
08ba5382 2372
4b34ee78 2373 if (!hdev_is_powered(hdev)) {
feb94d3d
JH		 2374 err = cmd_complete(sk, hdev->id, mgmt_op,
2375 MGMT_STATUS_NOT_POWERED, addr,
2376 sizeof(*addr));
0df4c185 2377 goto done;
a5c29683
JH		 2378 }
2379
1707c60e
JH		 2380 if (addr->type == BDADDR_BREDR)
2381 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &addr->bdaddr);
272d90df 2382 else
1707c60e 2383 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &addr->bdaddr);
272d90df
JH		 2384
2385 if (!conn) {
feb94d3d
JH		 2386 err = cmd_complete(sk, hdev->id, mgmt_op,
2387 MGMT_STATUS_NOT_CONNECTED, addr,
2388 sizeof(*addr));
272d90df
JH		 2389 goto done;
2390 }
47c15e2b 2391
1707c60e 2392 if (addr->type == BDADDR_LE_PUBLIC || addr->type == BDADDR_LE_RANDOM) {
47c15e2b 2393 /* Continue with pairing via SMP */
5fe57d9e
BG		 2394 err = smp_user_confirm_reply(conn, mgmt_op, passkey);
2395
2396 if (!err)
feb94d3d
JH		 2397 err = cmd_complete(sk, hdev->id, mgmt_op,
2398 MGMT_STATUS_SUCCESS, addr,
2399 sizeof(*addr));
5fe57d9e 2400 else
feb94d3d
JH		 2401 err = cmd_complete(sk, hdev->id, mgmt_op,
2402 MGMT_STATUS_FAILED, addr,
2403 sizeof(*addr));
47c15e2b 2404
47c15e2b
BG		 2405 goto done;
2406 }
2407
1707c60e 2408 cmd = mgmt_pending_add(sk, mgmt_op, hdev, addr, sizeof(*addr));
a5c29683
JH		 2409 if (!cmd) {
2410 err = -ENOMEM;
0df4c185 2411 goto done;
a5c29683
JH		 2412 }
2413
0df4c185 2414 /* Continue with pairing via HCI */
604086b7
BG		 2415 if (hci_op == HCI_OP_USER_PASSKEY_REPLY) {
2416 struct hci_cp_user_passkey_reply cp;
2417
1707c60e 2418 bacpy(&cp.bdaddr, &addr->bdaddr);
604086b7
BG		 2419 cp.passkey = passkey;
2420 err = hci_send_cmd(hdev, hci_op, sizeof(cp), &cp);
2421 } else
1707c60e
JH		 2422 err = hci_send_cmd(hdev, hci_op, sizeof(addr->bdaddr),
2423 &addr->bdaddr);
604086b7 2424
a664b5bc
JH		 2425 if (err < 0)
2426 mgmt_pending_remove(cmd);
a5c29683 2427
0df4c185 2428done:
09fd0de5 2429 hci_dev_unlock(hdev);
a5c29683
JH		 2430 return err;
2431}
2432
afeb019d
JK		 2433static int pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
2434 void *data, u16 len)
2435{
2436 struct mgmt_cp_pin_code_neg_reply *cp = data;
2437
2438 BT_DBG("");
2439
1707c60e 2440 return user_pairing_resp(sk, hdev, &cp->addr,
afeb019d
JK		 2441 MGMT_OP_PIN_CODE_NEG_REPLY,
2442 HCI_OP_PIN_CODE_NEG_REPLY, 0);
2443}
2444
04124681
GP		 2445static int user_confirm_reply(struct sock *sk, struct hci_dev *hdev, void *data,
2446 u16 len)
0df4c185 2447{
650f726d 2448 struct mgmt_cp_user_confirm_reply *cp = data;
0df4c185
BG		 2449
2450 BT_DBG("");
2451
2452 if (len != sizeof(*cp))
bdb6d971 2453 return cmd_status(sk, hdev->id, MGMT_OP_USER_CONFIRM_REPLY,
04124681 2454 MGMT_STATUS_INVALID_PARAMS);
0df4c185 2455
1707c60e 2456 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 2457 MGMT_OP_USER_CONFIRM_REPLY,
2458 HCI_OP_USER_CONFIRM_REPLY, 0);
0df4c185
BG		 2459}
2460
bdb6d971 2461static int user_confirm_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 2462 void *data, u16 len)
0df4c185 2463{
c9c2659f 2464 struct mgmt_cp_user_confirm_neg_reply *cp = data;
0df4c185
BG		 2465
2466 BT_DBG("");
2467
1707c60e 2468 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 2469 MGMT_OP_USER_CONFIRM_NEG_REPLY,
2470 HCI_OP_USER_CONFIRM_NEG_REPLY, 0);
0df4c185
BG		 2471}
2472
04124681
GP		 2473static int user_passkey_reply(struct sock *sk, struct hci_dev *hdev, void *data,
2474 u16 len)
604086b7 2475{
650f726d 2476 struct mgmt_cp_user_passkey_reply *cp = data;
604086b7
BG		 2477
2478 BT_DBG("");
2479
1707c60e 2480 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 2481 MGMT_OP_USER_PASSKEY_REPLY,
2482 HCI_OP_USER_PASSKEY_REPLY, cp->passkey);
604086b7
BG		 2483}
2484
bdb6d971 2485static int user_passkey_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 2486 void *data, u16 len)
604086b7 2487{
650f726d 2488 struct mgmt_cp_user_passkey_neg_reply *cp = data;
604086b7
BG		 2489
2490 BT_DBG("");
2491
1707c60e 2492 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 2493 MGMT_OP_USER_PASSKEY_NEG_REPLY,
2494 HCI_OP_USER_PASSKEY_NEG_REPLY, 0);
604086b7
BG		 2495}
2496
13928971 2497static void update_name(struct hci_request *req)
2b4bf397 2498{
13928971 2499 struct hci_dev *hdev = req->hdev;
2b4bf397
JH		 2500 struct hci_cp_write_local_name cp;
2501
13928971 2502 memcpy(cp.name, hdev->dev_name, sizeof(cp.name));
2b4bf397 2503
890ea898 2504 hci_req_add(req, HCI_OP_WRITE_LOCAL_NAME, sizeof(cp), &cp);
2b4bf397
JH		 2505}
2506
13928971
JH		 2507static void set_name_complete(struct hci_dev *hdev, u8 status)
2508{
2509 struct mgmt_cp_set_local_name *cp;
2510 struct pending_cmd *cmd;
2511
2512 BT_DBG("status 0x%02x", status);
2513
2514 hci_dev_lock(hdev);
2515
2516 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
2517 if (!cmd)
2518 goto unlock;
2519
2520 cp = cmd->param;
2521
2522 if (status)
2523 cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME,
2524 mgmt_status(status));
2525 else
2526 cmd_complete(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
2527 cp, sizeof(*cp));
2528
2529 mgmt_pending_remove(cmd);
2530
2531unlock:
2532 hci_dev_unlock(hdev);
2533}
2534
bdb6d971 2535static int set_local_name(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2536 u16 len)
b312b161 2537{
2b4bf397 2538 struct mgmt_cp_set_local_name *cp = data;
b312b161 2539 struct pending_cmd *cmd;
890ea898 2540 struct hci_request req;
b312b161
JH		 2541 int err;
2542
2543 BT_DBG("");
2544
09fd0de5 2545 hci_dev_lock(hdev);
b312b161 2546
b3f2ca94
JH		 2547 /* If the old values are the same as the new ones just return a
2548 * direct command complete event.
2549 */
2550 if (!memcmp(hdev->dev_name, cp->name, sizeof(hdev->dev_name)) &&
2551 !memcmp(hdev->short_name, cp->short_name,
2552 sizeof(hdev->short_name))) {
2553 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
2554 data, len);
2555 goto failed;
2556 }
2557
2b4bf397 2558 memcpy(hdev->short_name, cp->short_name, sizeof(hdev->short_name));
28cc7bde 2559
b5235a65 2560 if (!hdev_is_powered(hdev)) {
2b4bf397 2561 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
28cc7bde
JH		 2562
2563 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
04124681 2564 data, len);
28cc7bde
JH		 2565 if (err < 0)
2566 goto failed;
2567
2568 err = mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, data, len,
04124681 2569 sk);
28cc7bde 2570
b5235a65
JH		 2571 goto failed;
2572 }
2573
28cc7bde 2574 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LOCAL_NAME, hdev, data, len);
b312b161
JH		 2575 if (!cmd) {
2576 err = -ENOMEM;
2577 goto failed;
2578 }
2579
13928971
JH		 2580 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
2581
890ea898 2582 hci_req_init(&req, hdev);
3f985050
JH		 2583
2584 if (lmp_bredr_capable(hdev)) {
2585 update_name(&req);
2586 update_eir(&req);
2587 }
2588
2589 if (lmp_le_capable(hdev))
2590 hci_update_ad(&req);
2591
13928971 2592 err = hci_req_run(&req, set_name_complete);
b312b161
JH		 2593 if (err < 0)
2594 mgmt_pending_remove(cmd);
2595
2596failed:
09fd0de5 2597 hci_dev_unlock(hdev);
b312b161
JH		 2598 return err;
2599}
2600
0f4e68cf 2601static int read_local_oob_data(struct sock *sk, struct hci_dev *hdev,
04124681 2602 void *data, u16 data_len)
c35938b2 2603{
c35938b2
SJ		 2604 struct pending_cmd *cmd;
2605 int err;
2606
bdb6d971 2607 BT_DBG("%s", hdev->name);
c35938b2 2608
09fd0de5 2609 hci_dev_lock(hdev);
c35938b2 2610
4b34ee78 2611 if (!hdev_is_powered(hdev)) {
bdb6d971 2612 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
04124681 2613 MGMT_STATUS_NOT_POWERED);
c35938b2
SJ		 2614 goto unlock;
2615 }
2616
9a1a1996 2617 if (!lmp_ssp_capable(hdev)) {
bdb6d971 2618 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
04124681 2619 MGMT_STATUS_NOT_SUPPORTED);
c35938b2
SJ		 2620 goto unlock;
2621 }
2622
2e58ef3e 2623 if (mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev)) {
bdb6d971 2624 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
04124681 2625 MGMT_STATUS_BUSY);
c35938b2
SJ		 2626 goto unlock;
2627 }
2628
2e58ef3e 2629 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_DATA, hdev, NULL, 0);
c35938b2
SJ		 2630 if (!cmd) {
2631 err = -ENOMEM;
2632 goto unlock;
2633 }
2634
2635 err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL);
2636 if (err < 0)
2637 mgmt_pending_remove(cmd);
2638
2639unlock:
09fd0de5 2640 hci_dev_unlock(hdev);
c35938b2
SJ		 2641 return err;
2642}
2643
bdb6d971 2644static int add_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
04124681 2645 void *data, u16 len)
2763eda6 2646{
650f726d 2647 struct mgmt_cp_add_remote_oob_data *cp = data;
bf1e3541 2648 u8 status;
2763eda6
SJ		 2649 int err;
2650
bdb6d971 2651 BT_DBG("%s ", hdev->name);
2763eda6 2652
09fd0de5 2653 hci_dev_lock(hdev);
2763eda6 2654
664ce4cc 2655 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr, cp->hash,
04124681 2656 cp->randomizer);
2763eda6 2657 if (err < 0)
bf1e3541 2658 status = MGMT_STATUS_FAILED;
2763eda6 2659 else
a6785be2 2660 status = MGMT_STATUS_SUCCESS;
bf1e3541 2661
bdb6d971 2662 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA, status,
04124681 2663 &cp->addr, sizeof(cp->addr));
2763eda6 2664
09fd0de5 2665 hci_dev_unlock(hdev);
2763eda6
SJ		 2666 return err;
2667}
2668
bdb6d971 2669static int remove_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
8ce8e2b5 2670 void *data, u16 len)
2763eda6 2671{
650f726d 2672 struct mgmt_cp_remove_remote_oob_data *cp = data;
bf1e3541 2673 u8 status;
2763eda6
SJ		 2674 int err;
2675
bdb6d971 2676 BT_DBG("%s", hdev->name);
2763eda6 2677
09fd0de5 2678 hci_dev_lock(hdev);
2763eda6 2679
664ce4cc 2680 err = hci_remove_remote_oob_data(hdev, &cp->addr.bdaddr);
2763eda6 2681 if (err < 0)
bf1e3541 2682 status = MGMT_STATUS_INVALID_PARAMS;
2763eda6 2683 else
a6785be2 2684 status = MGMT_STATUS_SUCCESS;
bf1e3541 2685
bdb6d971 2686 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
04124681 2687 status, &cp->addr, sizeof(cp->addr));
2763eda6 2688
09fd0de5 2689 hci_dev_unlock(hdev);
2763eda6
SJ		 2690 return err;
2691}
2692
41dc2bd6
AG		 2693static int mgmt_start_discovery_failed(struct hci_dev *hdev, u8 status)
2694{
2695 struct pending_cmd *cmd;
2696 u8 type;
2697 int err;
2698
2699 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
2700
2701 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
2702 if (!cmd)
2703 return -ENOENT;
2704
2705 type = hdev->discovery.type;
2706
2707 err = cmd_complete(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status),
2708 &type, sizeof(type));
2709 mgmt_pending_remove(cmd);
2710
2711 return err;
2712}
2713
7c307720
AG		 2714static void start_discovery_complete(struct hci_dev *hdev, u8 status)
2715{
2716 BT_DBG("status %d", status);
2717
2718 if (status) {
2719 hci_dev_lock(hdev);
2720 mgmt_start_discovery_failed(hdev, status);
2721 hci_dev_unlock(hdev);
2722 return;
2723 }
2724
2725 hci_dev_lock(hdev);
2726 hci_discovery_set_state(hdev, DISCOVERY_FINDING);
2727 hci_dev_unlock(hdev);
2728
2729 switch (hdev->discovery.type) {
2730 case DISCOV_TYPE_LE:
2731 queue_delayed_work(hdev->workqueue, &hdev->le_scan_disable,
0d8cc935 2732 DISCOV_LE_TIMEOUT);
7c307720
AG		 2733 break;
2734
2735 case DISCOV_TYPE_INTERLEAVED:
2736 queue_delayed_work(hdev->workqueue, &hdev->le_scan_disable,
0d8cc935 2737 DISCOV_INTERLEAVED_TIMEOUT);
7c307720
AG		 2738 break;
2739
2740 case DISCOV_TYPE_BREDR:
2741 break;
2742
2743 default:
2744 BT_ERR("Invalid discovery type %d", hdev->discovery.type);
2745 }
2746}
2747
bdb6d971 2748static int start_discovery(struct sock *sk, struct hci_dev *hdev,
04124681 2749 void *data, u16 len)
14a53664 2750{
650f726d 2751 struct mgmt_cp_start_discovery *cp = data;
14a53664 2752 struct pending_cmd *cmd;
7c307720
AG		 2753 struct hci_cp_le_set_scan_param param_cp;
2754 struct hci_cp_le_set_scan_enable enable_cp;
2755 struct hci_cp_inquiry inq_cp;
2756 struct hci_request req;
2757 /* General inquiry access code (GIAC) */
2758 u8 lap[3] = { 0x33, 0x8b, 0x9e };
14a53664
JH		 2759 int err;
2760
bdb6d971 2761 BT_DBG("%s", hdev->name);
14a53664 2762
09fd0de5 2763 hci_dev_lock(hdev);
14a53664 2764
4b34ee78 2765 if (!hdev_is_powered(hdev)) {
bdb6d971 2766 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
04124681 2767 MGMT_STATUS_NOT_POWERED);
bd2d1334
JH		 2768 goto failed;
2769 }
2770
642be6c7
AG		 2771 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags)) {
2772 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2773 MGMT_STATUS_BUSY);
2774 goto failed;
2775 }
2776
ff9ef578 2777 if (hdev->discovery.state != DISCOVERY_STOPPED) {
bdb6d971 2778 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
04124681 2779 MGMT_STATUS_BUSY);
ff9ef578
JH		 2780 goto failed;
2781 }
2782
2e58ef3e 2783 cmd = mgmt_pending_add(sk, MGMT_OP_START_DISCOVERY, hdev, NULL, 0);
14a53664
JH		 2784 if (!cmd) {
2785 err = -ENOMEM;
2786 goto failed;
2787 }
2788
4aab14e5
AG		 2789 hdev->discovery.type = cp->type;
2790
7c307720
AG		 2791 hci_req_init(&req, hdev);
2792
4aab14e5 2793 switch (hdev->discovery.type) {
f39799f5 2794 case DISCOV_TYPE_BREDR:
04106755
JH		 2795 if (!lmp_bredr_capable(hdev)) {
2796 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2797 MGMT_STATUS_NOT_SUPPORTED);
2798 mgmt_pending_remove(cmd);
2799 goto failed;
2800 }
2801
7c307720
AG		 2802 if (test_bit(HCI_INQUIRY, &hdev->flags)) {
2803 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2804 MGMT_STATUS_BUSY);
2805 mgmt_pending_remove(cmd);
2806 goto failed;
2807 }
2808
2809 hci_inquiry_cache_flush(hdev);
2810
2811 memset(&inq_cp, 0, sizeof(inq_cp));
2812 memcpy(&inq_cp.lap, lap, sizeof(inq_cp.lap));
0d8cc935 2813 inq_cp.length = DISCOV_BREDR_INQUIRY_LEN;
7c307720 2814 hci_req_add(&req, HCI_OP_INQUIRY, sizeof(inq_cp), &inq_cp);
f39799f5
AG		 2815 break;
2816
2817 case DISCOV_TYPE_LE:
7c307720 2818 case DISCOV_TYPE_INTERLEAVED:
757aee0f 2819 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
04106755
JH		 2820 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2821 MGMT_STATUS_NOT_SUPPORTED);
2822 mgmt_pending_remove(cmd);
2823 goto failed;
2824 }
2825
7c307720
AG		 2826 if (hdev->discovery.type == DISCOV_TYPE_INTERLEAVED &&
2827 !lmp_bredr_capable(hdev)) {
04106755
JH		 2828 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2829 MGMT_STATUS_NOT_SUPPORTED);
2830 mgmt_pending_remove(cmd);
2831 goto failed;
2832 }
2833
7c307720
AG		 2834 if (test_bit(HCI_LE_PERIPHERAL, &hdev->dev_flags)) {
2835 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2836 MGMT_STATUS_REJECTED);
2837 mgmt_pending_remove(cmd);
2838 goto failed;
2839 }
2840
2841 if (test_bit(HCI_LE_SCAN, &hdev->dev_flags)) {
2842 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2843 MGMT_STATUS_BUSY);
2844 mgmt_pending_remove(cmd);
2845 goto failed;
2846 }
2847
2848 memset(&param_cp, 0, sizeof(param_cp));
2849 param_cp.type = LE_SCAN_ACTIVE;
0d8cc935
AG		 2850 param_cp.interval = cpu_to_le16(DISCOV_LE_SCAN_INT);
2851 param_cp.window = cpu_to_le16(DISCOV_LE_SCAN_WIN);
7c307720
AG		 2852 hci_req_add(&req, HCI_OP_LE_SET_SCAN_PARAM, sizeof(param_cp),
2853 &param_cp);
2854
2855 memset(&enable_cp, 0, sizeof(enable_cp));
2856 enable_cp.enable = LE_SCAN_ENABLE;
2857 enable_cp.filter_dup = LE_SCAN_FILTER_DUP_ENABLE;
2858 hci_req_add(&req, HCI_OP_LE_SET_SCAN_ENABLE, sizeof(enable_cp),
2859 &enable_cp);
5e0452c0
AG		 2860 break;
2861
f39799f5 2862 default:
04106755
JH		 2863 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2864 MGMT_STATUS_INVALID_PARAMS);
2865 mgmt_pending_remove(cmd);
2866 goto failed;
f39799f5 2867 }
3fd24153 2868
7c307720 2869 err = hci_req_run(&req, start_discovery_complete);
14a53664
JH		 2870 if (err < 0)
2871 mgmt_pending_remove(cmd);
ff9ef578
JH		 2872 else
2873 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
14a53664
JH		 2874
2875failed:
09fd0de5 2876 hci_dev_unlock(hdev);
14a53664
JH		 2877 return err;
2878}
2879
1183fdca
AG		 2880static int mgmt_stop_discovery_failed(struct hci_dev *hdev, u8 status)
2881{
2882 struct pending_cmd *cmd;
2883 int err;
2884
2885 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
2886 if (!cmd)
2887 return -ENOENT;
2888
2889 err = cmd_complete(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status),
2890 &hdev->discovery.type, sizeof(hdev->discovery.type));
2891 mgmt_pending_remove(cmd);
2892
2893 return err;
2894}
2895
0e05bba6
AG		 2896static void stop_discovery_complete(struct hci_dev *hdev, u8 status)
2897{
2898 BT_DBG("status %d", status);
2899
2900 hci_dev_lock(hdev);
2901
2902 if (status) {
2903 mgmt_stop_discovery_failed(hdev, status);
2904 goto unlock;
2905 }
2906
2907 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
2908
2909unlock:
2910 hci_dev_unlock(hdev);
2911}
2912
bdb6d971 2913static int stop_discovery(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2914 u16 len)
14a53664 2915{
d930650b 2916 struct mgmt_cp_stop_discovery *mgmt_cp = data;
14a53664 2917 struct pending_cmd *cmd;
30dc78e1
JH		 2918 struct hci_cp_remote_name_req_cancel cp;
2919 struct inquiry_entry *e;
0e05bba6
AG		 2920 struct hci_request req;
2921 struct hci_cp_le_set_scan_enable enable_cp;
14a53664
JH		 2922 int err;
2923
bdb6d971 2924 BT_DBG("%s", hdev->name);
14a53664 2925
09fd0de5 2926 hci_dev_lock(hdev);
14a53664 2927
30dc78e1 2928 if (!hci_discovery_active(hdev)) {
bdb6d971 2929 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
04124681
GP		 2930 MGMT_STATUS_REJECTED, &mgmt_cp->type,
2931 sizeof(mgmt_cp->type));
d930650b
JH		 2932 goto unlock;
2933 }
2934
2935 if (hdev->discovery.type != mgmt_cp->type) {
bdb6d971 2936 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
04124681
GP		 2937 MGMT_STATUS_INVALID_PARAMS, &mgmt_cp->type,
2938 sizeof(mgmt_cp->type));
30dc78e1 2939 goto unlock;
ff9ef578
JH		 2940 }
2941
2e58ef3e 2942 cmd = mgmt_pending_add(sk, MGMT_OP_STOP_DISCOVERY, hdev, NULL, 0);
14a53664
JH		 2943 if (!cmd) {
2944 err = -ENOMEM;
30dc78e1
JH		 2945 goto unlock;
2946 }
2947
0e05bba6
AG		 2948 hci_req_init(&req, hdev);
2949
e0d9727e
AG		 2950 switch (hdev->discovery.state) {
2951 case DISCOVERY_FINDING:
0e05bba6
AG		 2952 if (test_bit(HCI_INQUIRY, &hdev->flags)) {
2953 hci_req_add(&req, HCI_OP_INQUIRY_CANCEL, 0, NULL);
2954 } else {
2955 cancel_delayed_work(&hdev->le_scan_disable);
2956
2957 memset(&enable_cp, 0, sizeof(enable_cp));
2958 enable_cp.enable = LE_SCAN_DISABLE;
2959 hci_req_add(&req, HCI_OP_LE_SET_SCAN_ENABLE,
2960 sizeof(enable_cp), &enable_cp);
2961 }
c9ecc48e 2962
e0d9727e
AG		 2963 break;
2964
2965 case DISCOVERY_RESOLVING:
2966 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY,
8ce8e2b5 2967 NAME_PENDING);
e0d9727e 2968 if (!e) {
30dc78e1 2969 mgmt_pending_remove(cmd);
e0d9727e
AG		 2970 err = cmd_complete(sk, hdev->id,
2971 MGMT_OP_STOP_DISCOVERY, 0,
2972 &mgmt_cp->type,
2973 sizeof(mgmt_cp->type));
2974 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
2975 goto unlock;
2976 }
30dc78e1 2977
e0d9727e 2978 bacpy(&cp.bdaddr, &e->data.bdaddr);
0e05bba6
AG		 2979 hci_req_add(&req, HCI_OP_REMOTE_NAME_REQ_CANCEL, sizeof(cp),
2980 &cp);
e0d9727e
AG		 2981
2982 break;
2983
2984 default:
2985 BT_DBG("unknown discovery state %u", hdev->discovery.state);
0e05bba6
AG		 2986
2987 mgmt_pending_remove(cmd);
2988 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
2989 MGMT_STATUS_FAILED, &mgmt_cp->type,
2990 sizeof(mgmt_cp->type));
2991 goto unlock;
14a53664
JH		 2992 }
2993
0e05bba6 2994 err = hci_req_run(&req, stop_discovery_complete);
14a53664
JH		 2995 if (err < 0)
2996 mgmt_pending_remove(cmd);
ff9ef578
JH		 2997 else
2998 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
14a53664 2999
30dc78e1 3000unlock:
09fd0de5 3001 hci_dev_unlock(hdev);
14a53664
JH		 3002 return err;
3003}
3004
bdb6d971 3005static int confirm_name(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3006 u16 len)
561aafbc 3007{
650f726d 3008 struct mgmt_cp_confirm_name *cp = data;
561aafbc 3009 struct inquiry_entry *e;
561aafbc
JH		 3010 int err;
3011
bdb6d971 3012 BT_DBG("%s", hdev->name);
561aafbc 3013
561aafbc
JH		 3014 hci_dev_lock(hdev);
3015
30dc78e1 3016 if (!hci_discovery_active(hdev)) {
bdb6d971 3017 err = cmd_status(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
04124681 3018 MGMT_STATUS_FAILED);
30dc78e1
JH		 3019 goto failed;
3020 }
3021
a198e7b1 3022 e = hci_inquiry_cache_lookup_unknown(hdev, &cp->addr.bdaddr);
561aafbc 3023 if (!e) {
bdb6d971 3024 err = cmd_status(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
04124681 3025 MGMT_STATUS_INVALID_PARAMS);
561aafbc
JH		 3026 goto failed;
3027 }
3028
3029 if (cp->name_known) {
3030 e->name_state = NAME_KNOWN;
3031 list_del(&e->list);
3032 } else {
3033 e->name_state = NAME_NEEDED;
a3d4e20a 3034 hci_inquiry_cache_update_resolve(hdev, e);
561aafbc
JH		 3035 }
3036
e384662b
JH		 3037 err = cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME, 0, &cp->addr,
3038 sizeof(cp->addr));
561aafbc
JH		 3039
3040failed:
3041 hci_dev_unlock(hdev);
561aafbc
JH		 3042 return err;
3043}
3044
bdb6d971 3045static int block_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3046 u16 len)
7fbec224 3047{
650f726d 3048 struct mgmt_cp_block_device *cp = data;
f0eeea8b 3049 u8 status;
7fbec224
AJ		 3050 int err;
3051
bdb6d971 3052 BT_DBG("%s", hdev->name);
7fbec224 3053
4ee71b20 3054 if (!bdaddr_type_is_valid(cp->addr.type))
5d0846d4
JH		 3055 return cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE,
3056 MGMT_STATUS_INVALID_PARAMS,
3057 &cp->addr, sizeof(cp->addr));
4ee71b20 3058
09fd0de5 3059 hci_dev_lock(hdev);
5e762444 3060
88c1fe4b 3061 err = hci_blacklist_add(hdev, &cp->addr.bdaddr, cp->addr.type);
7fbec224 3062 if (err < 0)
f0eeea8b 3063 status = MGMT_STATUS_FAILED;
7fbec224 3064 else
a6785be2 3065 status = MGMT_STATUS_SUCCESS;
f0eeea8b 3066
bdb6d971 3067 err = cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE, status,
04124681 3068 &cp->addr, sizeof(cp->addr));
5e762444 3069
09fd0de5 3070 hci_dev_unlock(hdev);
7fbec224
AJ		 3071
3072 return err;
3073}
3074
bdb6d971 3075static int unblock_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3076 u16 len)
7fbec224 3077{
650f726d 3078 struct mgmt_cp_unblock_device *cp = data;
f0eeea8b 3079 u8 status;
7fbec224
AJ		 3080 int err;
3081
bdb6d971 3082 BT_DBG("%s", hdev->name);
7fbec224 3083
4ee71b20 3084 if (!bdaddr_type_is_valid(cp->addr.type))
5d0846d4
JH		 3085 return cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE,
3086 MGMT_STATUS_INVALID_PARAMS,
3087 &cp->addr, sizeof(cp->addr));
4ee71b20 3088
09fd0de5 3089 hci_dev_lock(hdev);
5e762444 3090
88c1fe4b 3091 err = hci_blacklist_del(hdev, &cp->addr.bdaddr, cp->addr.type);
7fbec224 3092 if (err < 0)
f0eeea8b 3093 status = MGMT_STATUS_INVALID_PARAMS;
7fbec224 3094 else
a6785be2 3095 status = MGMT_STATUS_SUCCESS;
f0eeea8b 3096
bdb6d971 3097 err = cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE, status,
04124681 3098 &cp->addr, sizeof(cp->addr));
5e762444 3099
09fd0de5 3100 hci_dev_unlock(hdev);
7fbec224
AJ		 3101
3102 return err;
3103}
3104
cdbaccca
MH		 3105static int set_device_id(struct sock *sk, struct hci_dev *hdev, void *data,
3106 u16 len)
3107{
3108 struct mgmt_cp_set_device_id *cp = data;
890ea898 3109 struct hci_request req;
cdbaccca 3110 int err;
c72d4b8a 3111 __u16 source;
cdbaccca
MH		 3112
3113 BT_DBG("%s", hdev->name);
3114
c72d4b8a
SJ		 3115 source = __le16_to_cpu(cp->source);
3116
3117 if (source > 0x0002)
3118 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEVICE_ID,
3119 MGMT_STATUS_INVALID_PARAMS);
3120
cdbaccca
MH		 3121 hci_dev_lock(hdev);
3122
c72d4b8a 3123 hdev->devid_source = source;
cdbaccca
MH		 3124 hdev->devid_vendor = __le16_to_cpu(cp->vendor);
3125 hdev->devid_product = __le16_to_cpu(cp->product);
3126 hdev->devid_version = __le16_to_cpu(cp->version);
3127
3128 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEVICE_ID, 0, NULL, 0);
3129
890ea898
JH		 3130 hci_req_init(&req, hdev);
3131 update_eir(&req);
3132 hci_req_run(&req, NULL);
cdbaccca
MH		 3133
3134 hci_dev_unlock(hdev);
3135
3136 return err;
3137}
3138
33e38b3e
JH		 3139static void fast_connectable_complete(struct hci_dev *hdev, u8 status)
3140{
3141 struct pending_cmd *cmd;
3142
3143 BT_DBG("status 0x%02x", status);
3144
3145 hci_dev_lock(hdev);
3146
3147 cmd = mgmt_pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev);
3148 if (!cmd)
3149 goto unlock;
3150
3151 if (status) {
3152 cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
3153 mgmt_status(status));
3154 } else {
1a4d3c4b
JH		 3155 struct mgmt_mode *cp = cmd->param;
3156
3157 if (cp->val)
3158 set_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
3159 else
3160 clear_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
3161
33e38b3e
JH		 3162 send_settings_rsp(cmd->sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev);
3163 new_settings(hdev, cmd->sk);
3164 }
3165
3166 mgmt_pending_remove(cmd);
3167
3168unlock:
3169 hci_dev_unlock(hdev);
3170}
3171
bdb6d971 3172static int set_fast_connectable(struct sock *sk, struct hci_dev *hdev,
04124681 3173 void *data, u16 len)
f6422ec6 3174{
650f726d 3175 struct mgmt_mode *cp = data;
33e38b3e
JH		 3176 struct pending_cmd *cmd;
3177 struct hci_request req;
f6422ec6
AJ		 3178 int err;
3179
bdb6d971 3180 BT_DBG("%s", hdev->name);
f6422ec6 3181
1a47aee8 3182 if (!lmp_bredr_capable(hdev) || hdev->hci_ver < BLUETOOTH_VER_1_2)
33c525c0
JH		 3183 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
3184 MGMT_STATUS_NOT_SUPPORTED);
3185
a7e80f25
JH		 3186 if (cp->val != 0x00 && cp->val != 0x01)
3187 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
3188 MGMT_STATUS_INVALID_PARAMS);
3189
5400c044 3190 if (!hdev_is_powered(hdev))
bdb6d971 3191 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
04124681 3192 MGMT_STATUS_NOT_POWERED);
5400c044
JH		 3193
3194 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
bdb6d971 3195 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
04124681 3196 MGMT_STATUS_REJECTED);
f6422ec6
AJ		 3197
3198 hci_dev_lock(hdev);
3199
05cbf29f
JH		 3200 if (mgmt_pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev)) {
3201 err = cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
3202 MGMT_STATUS_BUSY);
3203 goto unlock;
3204 }
3205
1a4d3c4b
JH		 3206 if (!!cp->val == test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags)) {
3207 err = send_settings_rsp(sk, MGMT_OP_SET_FAST_CONNECTABLE,
3208 hdev);
3209 goto unlock;
3210 }
3211
33e38b3e
JH		 3212 cmd = mgmt_pending_add(sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev,
3213 data, len);
3214 if (!cmd) {
3215 err = -ENOMEM;
3216 goto unlock;
f6422ec6
AJ		 3217 }
3218
33e38b3e
JH		 3219 hci_req_init(&req, hdev);
3220
406d7804 3221 write_fast_connectable(&req, cp->val);
33e38b3e
JH		 3222
3223 err = hci_req_run(&req, fast_connectable_complete);
f6422ec6 3224 if (err < 0) {
bdb6d971 3225 err = cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
04124681 3226 MGMT_STATUS_FAILED);
33e38b3e 3227 mgmt_pending_remove(cmd);
f6422ec6
AJ		 3228 }
3229
33e38b3e 3230unlock:
f6422ec6 3231 hci_dev_unlock(hdev);
33e38b3e 3232
f6422ec6
AJ		 3233 return err;
3234}
3235
3f706b72
JH		 3236static bool ltk_is_valid(struct mgmt_ltk_info *key)
3237{
44b20d33
JH		 3238 if (key->authenticated != 0x00 && key->authenticated != 0x01)
3239 return false;
3f706b72
JH		 3240 if (key->master != 0x00 && key->master != 0x01)
3241 return false;
4ee71b20
JH		 3242 if (!bdaddr_type_is_le(key->addr.type))
3243 return false;
3f706b72
JH		 3244 return true;
3245}
3246
bdb6d971 3247static int load_long_term_keys(struct sock *sk, struct hci_dev *hdev,
04124681 3248 void *cp_data, u16 len)
346af67b 3249{
346af67b
VCG		 3250 struct mgmt_cp_load_long_term_keys *cp = cp_data;
3251 u16 key_count, expected_len;
715a5bf2 3252 int i, err;
346af67b 3253
1f350c87 3254 key_count = __le16_to_cpu(cp->key_count);
346af67b
VCG		 3255
3256 expected_len = sizeof(*cp) + key_count *
3257 sizeof(struct mgmt_ltk_info);
3258 if (expected_len != len) {
3259 BT_ERR("load_keys: expected %u bytes, got %u bytes",
8ce8e2b5 3260 len, expected_len);
bdb6d971 3261 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
e57e619f 3262 MGMT_STATUS_INVALID_PARAMS);
346af67b
VCG		 3263 }
3264
bdb6d971 3265 BT_DBG("%s key_count %u", hdev->name, key_count);
346af67b 3266
54ad6d8a
JH		 3267 for (i = 0; i < key_count; i++) {
3268 struct mgmt_ltk_info *key = &cp->keys[i];
3269
3f706b72 3270 if (!ltk_is_valid(key))
54ad6d8a
JH		 3271 return cmd_status(sk, hdev->id,
3272 MGMT_OP_LOAD_LONG_TERM_KEYS,
3273 MGMT_STATUS_INVALID_PARAMS);
3274 }
3275
346af67b
VCG		 3276 hci_dev_lock(hdev);
3277
3278 hci_smp_ltks_clear(hdev);
3279
3280 for (i = 0; i < key_count; i++) {
3281 struct mgmt_ltk_info *key = &cp->keys[i];
3282 u8 type;
3283
3284 if (key->master)
3285 type = HCI_SMP_LTK;
3286 else
3287 type = HCI_SMP_LTK_SLAVE;
3288
4596fde5 3289 hci_add_ltk(hdev, &key->addr.bdaddr,
378b5b7e 3290 bdaddr_to_le(key->addr.type),
04124681
GP		 3291 type, 0, key->authenticated, key->val,
3292 key->enc_size, key->ediv, key->rand);
346af67b
VCG		 3293 }
3294
715a5bf2
JH		 3295 err = cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS, 0,
3296 NULL, 0);
3297
346af67b 3298 hci_dev_unlock(hdev);
346af67b 3299
715a5bf2 3300 return err;
346af67b
VCG		 3301}
3302
2e3c35ea 3303static const struct mgmt_handler {
04124681
GP		 3304 int (*func) (struct sock *sk, struct hci_dev *hdev, void *data,
3305 u16 data_len);
be22b54e
JH		 3306 bool var_len;
3307 size_t data_len;
0f4e68cf
JH		 3308} mgmt_handlers[] = {
3309 { NULL }, /* 0x0000 (no command) */
be22b54e
JH		 3310 { read_version, false, MGMT_READ_VERSION_SIZE },
3311 { read_commands, false, MGMT_READ_COMMANDS_SIZE },
3312 { read_index_list, false, MGMT_READ_INDEX_LIST_SIZE },
3313 { read_controller_info, false, MGMT_READ_INFO_SIZE },
3314 { set_powered, false, MGMT_SETTING_SIZE },
3315 { set_discoverable, false, MGMT_SET_DISCOVERABLE_SIZE },
3316 { set_connectable, false, MGMT_SETTING_SIZE },
3317 { set_fast_connectable, false, MGMT_SETTING_SIZE },
3318 { set_pairable, false, MGMT_SETTING_SIZE },
3319 { set_link_security, false, MGMT_SETTING_SIZE },
3320 { set_ssp, false, MGMT_SETTING_SIZE },
3321 { set_hs, false, MGMT_SETTING_SIZE },
3322 { set_le, false, MGMT_SETTING_SIZE },
3323 { set_dev_class, false, MGMT_SET_DEV_CLASS_SIZE },
3324 { set_local_name, false, MGMT_SET_LOCAL_NAME_SIZE },
3325 { add_uuid, false, MGMT_ADD_UUID_SIZE },
3326 { remove_uuid, false, MGMT_REMOVE_UUID_SIZE },
3327 { load_link_keys, true, MGMT_LOAD_LINK_KEYS_SIZE },
3328 { load_long_term_keys, true, MGMT_LOAD_LONG_TERM_KEYS_SIZE },
3329 { disconnect, false, MGMT_DISCONNECT_SIZE },
3330 { get_connections, false, MGMT_GET_CONNECTIONS_SIZE },
3331 { pin_code_reply, false, MGMT_PIN_CODE_REPLY_SIZE },
3332 { pin_code_neg_reply, false, MGMT_PIN_CODE_NEG_REPLY_SIZE },
3333 { set_io_capability, false, MGMT_SET_IO_CAPABILITY_SIZE },
3334 { pair_device, false, MGMT_PAIR_DEVICE_SIZE },
3335 { cancel_pair_device, false, MGMT_CANCEL_PAIR_DEVICE_SIZE },
3336 { unpair_device, false, MGMT_UNPAIR_DEVICE_SIZE },
3337 { user_confirm_reply, false, MGMT_USER_CONFIRM_REPLY_SIZE },
3338 { user_confirm_neg_reply, false, MGMT_USER_CONFIRM_NEG_REPLY_SIZE },
3339 { user_passkey_reply, false, MGMT_USER_PASSKEY_REPLY_SIZE },
3340 { user_passkey_neg_reply, false, MGMT_USER_PASSKEY_NEG_REPLY_SIZE },
3341 { read_local_oob_data, false, MGMT_READ_LOCAL_OOB_DATA_SIZE },
3342 { add_remote_oob_data, false, MGMT_ADD_REMOTE_OOB_DATA_SIZE },
3343 { remove_remote_oob_data, false, MGMT_REMOVE_REMOTE_OOB_DATA_SIZE },
3344 { start_discovery, false, MGMT_START_DISCOVERY_SIZE },
3345 { stop_discovery, false, MGMT_STOP_DISCOVERY_SIZE },
3346 { confirm_name, false, MGMT_CONFIRM_NAME_SIZE },
3347 { block_device, false, MGMT_BLOCK_DEVICE_SIZE },
3348 { unblock_device, false, MGMT_UNBLOCK_DEVICE_SIZE },
cdbaccca 3349 { set_device_id, false, MGMT_SET_DEVICE_ID_SIZE },
0f4e68cf
JH		 3350};
3351
3352
0381101f
JH		 3353int mgmt_control(struct sock *sk, struct msghdr *msg, size_t msglen)
3354{
650f726d
VCG		 3355 void *buf;
3356 u8 *cp;
0381101f 3357 struct mgmt_hdr *hdr;
4e51eae9 3358 u16 opcode, index, len;
bdb6d971 3359 struct hci_dev *hdev = NULL;
2e3c35ea 3360 const struct mgmt_handler *handler;
0381101f
JH		 3361 int err;
3362
3363 BT_DBG("got %zu bytes", msglen);
3364
3365 if (msglen < sizeof(*hdr))
3366 return -EINVAL;
3367
e63a15ec 3368 buf = kmalloc(msglen, GFP_KERNEL);
0381101f
JH		 3369 if (!buf)
3370 return -ENOMEM;
3371
3372 if (memcpy_fromiovec(buf, msg->msg_iov, msglen)) {
3373 err = -EFAULT;
3374 goto done;
3375 }
3376
650f726d 3377 hdr = buf;
1f350c87
MH		 3378 opcode = __le16_to_cpu(hdr->opcode);
3379 index = __le16_to_cpu(hdr->index);
3380 len = __le16_to_cpu(hdr->len);
0381101f
JH		 3381
3382 if (len != msglen - sizeof(*hdr)) {
3383 err = -EINVAL;
3384 goto done;
3385 }
3386
0f4e68cf 3387 if (index != MGMT_INDEX_NONE) {
bdb6d971
JH		 3388 hdev = hci_dev_get(index);
3389 if (!hdev) {
3390 err = cmd_status(sk, index, opcode,
04124681 3391 MGMT_STATUS_INVALID_INDEX);
bdb6d971
JH		 3392 goto done;
3393 }
0736cfa8
MH		 3394
3395 if (test_bit(HCI_USER_CHANNEL, &hdev->dev_flags)) {
3396 err = cmd_status(sk, index, opcode,
3397 MGMT_STATUS_INVALID_INDEX);
3398 goto done;
3399 }
bdb6d971
JH		 3400 }
3401
0f4e68cf 3402 if (opcode >= ARRAY_SIZE(mgmt_handlers) ||
8ce8e2b5 3403 mgmt_handlers[opcode].func == NULL) {
0381101f 3404 BT_DBG("Unknown op %u", opcode);
ca69b795 3405 err = cmd_status(sk, index, opcode,
04124681 3406 MGMT_STATUS_UNKNOWN_COMMAND);
0f4e68cf
JH		 3407 goto done;
3408 }
3409
3410 if ((hdev && opcode < MGMT_OP_READ_INFO) ||
8ce8e2b5 3411 (!hdev && opcode >= MGMT_OP_READ_INFO)) {
0f4e68cf 3412 err = cmd_status(sk, index, opcode,
04124681 3413 MGMT_STATUS_INVALID_INDEX);
0f4e68cf 3414 goto done;
0381101f
JH		 3415 }
3416
be22b54e
JH		 3417 handler = &mgmt_handlers[opcode];
3418
3419 if ((handler->var_len && len < handler->data_len) ||
8ce8e2b5 3420 (!handler->var_len && len != handler->data_len)) {
be22b54e 3421 err = cmd_status(sk, index, opcode,
04124681 3422 MGMT_STATUS_INVALID_PARAMS);
be22b54e
JH		 3423 goto done;
3424 }
3425
0f4e68cf
JH		 3426 if (hdev)
3427 mgmt_init_hdev(sk, hdev);
3428
3429 cp = buf + sizeof(*hdr);
3430
be22b54e 3431 err = handler->func(sk, hdev, cp, len);
e41d8b4e
JH		 3432 if (err < 0)
3433 goto done;
3434
0381101f
JH		 3435 err = msglen;
3436
3437done:
bdb6d971
JH		 3438 if (hdev)
3439 hci_dev_put(hdev);
3440
0381101f
JH		 3441 kfree(buf);
3442 return err;
3443}
c71e97bf 3444
744cf19e 3445int mgmt_index_added(struct hci_dev *hdev)
c71e97bf 3446{
bb4b2a9a
AE		 3447 if (!mgmt_valid_hdev(hdev))
3448 return -ENOTSUPP;
3449
744cf19e 3450 return mgmt_event(MGMT_EV_INDEX_ADDED, hdev, NULL, 0, NULL);
c71e97bf
JH		 3451}
3452
744cf19e 3453int mgmt_index_removed(struct hci_dev *hdev)
c71e97bf 3454{
5f159032 3455 u8 status = MGMT_STATUS_INVALID_INDEX;
b24752fe 3456
bb4b2a9a
AE		 3457 if (!mgmt_valid_hdev(hdev))
3458 return -ENOTSUPP;
3459
744cf19e 3460 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status);
b24752fe 3461
744cf19e 3462 return mgmt_event(MGMT_EV_INDEX_REMOVED, hdev, NULL, 0, NULL);
eec8d2bc
JH		 3463}
3464
890ea898 3465static void set_bredr_scan(struct hci_request *req)
7f0ae647 3466{
890ea898 3467 struct hci_dev *hdev = req->hdev;
7f0ae647
JH		 3468 u8 scan = 0;
3469
4c01f8b8
JH		 3470 /* Ensure that fast connectable is disabled. This function will
3471 * not do anything if the page scan parameters are already what
3472 * they should be.
3473 */
3474 write_fast_connectable(req, false);
3475
7f0ae647
JH		 3476 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
3477 scan |= SCAN_PAGE;
3478 if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
3479 scan |= SCAN_INQUIRY;
3480
890ea898
JH		 3481 if (scan)
3482 hci_req_add(req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
7f0ae647
JH		 3483}
3484
229ab39c
JH		 3485static void powered_complete(struct hci_dev *hdev, u8 status)
3486{
3487 struct cmd_lookup match = { NULL, hdev };
3488
3489 BT_DBG("status 0x%02x", status);
3490
3491 hci_dev_lock(hdev);
3492
3493 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
3494
3495 new_settings(hdev, match.sk);
3496
3497 hci_dev_unlock(hdev);
3498
3499 if (match.sk)
3500 sock_put(match.sk);
3501}
3502
70da6243 3503static int powered_update_hci(struct hci_dev *hdev)
5add6af8 3504{
890ea898 3505 struct hci_request req;
70da6243 3506 u8 link_sec;
5add6af8 3507
890ea898
JH		 3508 hci_req_init(&req, hdev);
3509
70da6243
JH		 3510 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags) &&
3511 !lmp_host_ssp_capable(hdev)) {
3512 u8 ssp = 1;
5e5282bb 3513
890ea898 3514 hci_req_add(&req, HCI_OP_WRITE_SSP_MODE, 1, &ssp);
70da6243 3515 }
5add6af8 3516
c73eee91
JH		 3517 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags) &&
3518 lmp_bredr_capable(hdev)) {
70da6243 3519 struct hci_cp_write_le_host_supported cp;
f0ff92fb 3520
70da6243
JH		 3521 cp.le = 1;
3522 cp.simul = lmp_le_br_capable(hdev);
3d1cbdd6 3523
70da6243
JH		 3524 /* Check first if we already have the right
3525 * host state (host features set)
3526 */
3527 if (cp.le != lmp_host_le_capable(hdev) ||
3528 cp.simul != lmp_host_le_br_capable(hdev))
890ea898
JH		 3529 hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED,
3530 sizeof(cp), &cp);
70da6243 3531 }
3d1cbdd6 3532
eeca6f89
JH		 3533 if (test_bit(HCI_LE_PERIPHERAL, &hdev->dev_flags)) {
3534 u8 adv = 0x01;
3535
3536 hci_req_add(&req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(adv), &adv);
3537 }
3538
70da6243
JH		 3539 link_sec = test_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
3540 if (link_sec != test_bit(HCI_AUTH, &hdev->flags))
890ea898
JH		 3541 hci_req_add(&req, HCI_OP_WRITE_AUTH_ENABLE,
3542 sizeof(link_sec), &link_sec);
562fcc24 3543
70da6243 3544 if (lmp_bredr_capable(hdev)) {
890ea898
JH		 3545 set_bredr_scan(&req);
3546 update_class(&req);
13928971 3547 update_name(&req);
890ea898 3548 update_eir(&req);
70da6243 3549 }
562fcc24 3550
229ab39c 3551 return hci_req_run(&req, powered_complete);
70da6243 3552}
562fcc24 3553
70da6243
JH		 3554int mgmt_powered(struct hci_dev *hdev, u8 powered)
3555{
3556 struct cmd_lookup match = { NULL, hdev };
229ab39c
JH		 3557 u8 status_not_powered = MGMT_STATUS_NOT_POWERED;
3558 u8 zero_cod[] = { 0, 0, 0 };
70da6243 3559 int err;
f0ff92fb 3560
70da6243
JH		 3561 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
3562 return 0;
3563
70da6243 3564 if (powered) {
229ab39c
JH		 3565 if (powered_update_hci(hdev) == 0)
3566 return 0;
fe038884 3567
229ab39c
JH		 3568 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp,
3569 &match);
3570 goto new_settings;
b24752fe
JH		 3571 }
3572
229ab39c
JH		 3573 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
3574 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status_not_powered);
3575
3576 if (memcmp(hdev->dev_class, zero_cod, sizeof(zero_cod)) != 0)
3577 mgmt_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev,
3578 zero_cod, sizeof(zero_cod), NULL);
3579
3580new_settings:
beadb2bd 3581 err = new_settings(hdev, match.sk);
eec8d2bc
JH		 3582
3583 if (match.sk)
3584 sock_put(match.sk);
3585
7bb895d6 3586 return err;
5add6af8 3587}
73f22f62 3588
96570ffc
JH		 3589int mgmt_set_powered_failed(struct hci_dev *hdev, int err)
3590{
3591 struct pending_cmd *cmd;
3592 u8 status;
3593
3594 cmd = mgmt_pending_find(MGMT_OP_SET_POWERED, hdev);
3595 if (!cmd)
3596 return -ENOENT;
3597
3598 if (err == -ERFKILL)
3599 status = MGMT_STATUS_RFKILLED;
3600 else
3601 status = MGMT_STATUS_FAILED;
3602
3603 err = cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_POWERED, status);
3604
3605 mgmt_pending_remove(cmd);
3606
3607 return err;
3608}
3609
744cf19e 3610int mgmt_discoverable(struct hci_dev *hdev, u8 discoverable)
73f22f62 3611{
76a7f3a4 3612 struct cmd_lookup match = { NULL, hdev };
5e5282bb
JH		 3613 bool changed = false;
3614 int err = 0;
73f22f62 3615
5e5282bb
JH		 3616 if (discoverable) {
3617 if (!test_and_set_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
3618 changed = true;
3619 } else {
3620 if (test_and_clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
3621 changed = true;
3622 }
73f22f62 3623
ed9b5f2f 3624 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, hdev, settings_rsp,
04124681 3625 &match);
ed9b5f2f 3626
beadb2bd
JH		 3627 if (changed)
3628 err = new_settings(hdev, match.sk);
5e5282bb 3629
73f22f62
JH		 3630 if (match.sk)
3631 sock_put(match.sk);
3632
7bb895d6 3633 return err;
73f22f62 3634}
9fbcbb45 3635
744cf19e 3636int mgmt_connectable(struct hci_dev *hdev, u8 connectable)
9fbcbb45 3637{
2b76f453 3638 struct pending_cmd *cmd;
5e5282bb
JH		 3639 bool changed = false;
3640 int err = 0;
9fbcbb45 3641
5e5282bb
JH		 3642 if (connectable) {
3643 if (!test_and_set_bit(HCI_CONNECTABLE, &hdev->dev_flags))
3644 changed = true;
3645 } else {
3646 if (test_and_clear_bit(HCI_CONNECTABLE, &hdev->dev_flags))
3647 changed = true;
3648 }
9fbcbb45 3649
2b76f453 3650 cmd = mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
ed9b5f2f 3651
beadb2bd 3652 if (changed)
2b76f453 3653 err = new_settings(hdev, cmd ? cmd->sk : NULL);
9fbcbb45 3654
7bb895d6 3655 return err;
9fbcbb45 3656}
55ed8ca1 3657
744cf19e 3658int mgmt_write_scan_failed(struct hci_dev *hdev, u8 scan, u8 status)
2d7cee58 3659{
ca69b795
JH		 3660 u8 mgmt_err = mgmt_status(status);
3661
2d7cee58 3662 if (scan & SCAN_PAGE)
744cf19e 3663 mgmt_pending_foreach(MGMT_OP_SET_CONNECTABLE, hdev,
04124681 3664 cmd_status_rsp, &mgmt_err);
2d7cee58
JH		 3665
3666 if (scan & SCAN_INQUIRY)
744cf19e 3667 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, hdev,
04124681 3668 cmd_status_rsp, &mgmt_err);
2d7cee58
JH		 3669
3670 return 0;
3671}
3672
53168e5b
CC		 3673int mgmt_new_link_key(struct hci_dev *hdev, struct link_key *key,
3674 bool persistent)
55ed8ca1 3675{
86742e1e 3676 struct mgmt_ev_new_link_key ev;
55ed8ca1 3677
a492cd52 3678 memset(&ev, 0, sizeof(ev));
55ed8ca1 3679
a492cd52 3680 ev.store_hint = persistent;
d753fdc4 3681 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
591f47f3 3682 ev.key.addr.type = BDADDR_BREDR;
a492cd52 3683 ev.key.type = key->type;
9b3b4460 3684 memcpy(ev.key.val, key->val, HCI_LINK_KEY_SIZE);
a492cd52 3685 ev.key.pin_len = key->pin_len;
55ed8ca1 3686
744cf19e 3687 return mgmt_event(MGMT_EV_NEW_LINK_KEY, hdev, &ev, sizeof(ev), NULL);
55ed8ca1 3688}
f7520543 3689
346af67b
VCG		 3690int mgmt_new_ltk(struct hci_dev *hdev, struct smp_ltk *key, u8 persistent)
3691{
3692 struct mgmt_ev_new_long_term_key ev;
3693
3694 memset(&ev, 0, sizeof(ev));
3695
3696 ev.store_hint = persistent;
3697 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
57c1477c 3698 ev.key.addr.type = link_to_bdaddr(LE_LINK, key->bdaddr_type);
346af67b
VCG		 3699 ev.key.authenticated = key->authenticated;
3700 ev.key.enc_size = key->enc_size;
3701 ev.key.ediv = key->ediv;
3702
3703 if (key->type == HCI_SMP_LTK)
3704 ev.key.master = 1;
3705
3706 memcpy(ev.key.rand, key->rand, sizeof(key->rand));
3707 memcpy(ev.key.val, key->val, sizeof(key->val));
3708
04124681
GP		 3709 return mgmt_event(MGMT_EV_NEW_LONG_TERM_KEY, hdev, &ev, sizeof(ev),
3710 NULL);
346af67b
VCG		 3711}
3712
afc747a6 3713int mgmt_device_connected(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
04124681
GP		 3714 u8 addr_type, u32 flags, u8 *name, u8 name_len,
3715 u8 *dev_class)
f7520543 3716{
b644ba33
JH		 3717 char buf[512];
3718 struct mgmt_ev_device_connected *ev = (void *) buf;
3719 u16 eir_len = 0;
f7520543 3720
b644ba33 3721 bacpy(&ev->addr.bdaddr, bdaddr);
57c1477c 3722 ev->addr.type = link_to_bdaddr(link_type, addr_type);
f7520543 3723
c95f0ba7 3724 ev->flags = __cpu_to_le32(flags);
08c79b61 3725
b644ba33
JH		 3726 if (name_len > 0)
3727 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE,
04124681 3728 name, name_len);
b644ba33
JH		 3729
3730 if (dev_class && memcmp(dev_class, "\0\0\0", 3) != 0)
53156385 3731 eir_len = eir_append_data(ev->eir, eir_len,
04124681 3732 EIR_CLASS_OF_DEV, dev_class, 3);
b644ba33 3733
eb55ef07 3734 ev->eir_len = cpu_to_le16(eir_len);
b644ba33
JH		 3735
3736 return mgmt_event(MGMT_EV_DEVICE_CONNECTED, hdev, buf,
04124681 3737 sizeof(*ev) + eir_len, NULL);
f7520543
JH		 3738}
3739
8962ee74
JH		 3740static void disconnect_rsp(struct pending_cmd *cmd, void *data)
3741{
c68fb7ff 3742 struct mgmt_cp_disconnect *cp = cmd->param;
8962ee74 3743 struct sock **sk = data;
a38528f1 3744 struct mgmt_rp_disconnect rp;
8962ee74 3745
88c3df13
JH		 3746 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
3747 rp.addr.type = cp->addr.type;
8962ee74 3748
aee9b218 3749 cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT, 0, &rp,
04124681 3750 sizeof(rp));
8962ee74
JH		 3751
3752 *sk = cmd->sk;
3753 sock_hold(*sk);
3754
a664b5bc 3755 mgmt_pending_remove(cmd);
8962ee74
JH		 3756}
3757
124f6e35 3758static void unpair_device_rsp(struct pending_cmd *cmd, void *data)
a8a1d19e 3759{
b1078ad0 3760 struct hci_dev *hdev = data;
124f6e35
JH		 3761 struct mgmt_cp_unpair_device *cp = cmd->param;
3762 struct mgmt_rp_unpair_device rp;
a8a1d19e
JH		 3763
3764 memset(&rp, 0, sizeof(rp));
124f6e35
JH		 3765 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
3766 rp.addr.type = cp->addr.type;
a8a1d19e 3767
b1078ad0
JH		 3768 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, cmd->sk);
3769
aee9b218 3770 cmd_complete(cmd->sk, cmd->index, cmd->opcode, 0, &rp, sizeof(rp));
a8a1d19e
JH		 3771
3772 mgmt_pending_remove(cmd);
3773}
3774
afc747a6 3775int mgmt_device_disconnected(struct hci_dev *hdev, bdaddr_t *bdaddr,
f0d6a0ea 3776 u8 link_type, u8 addr_type, u8 reason)
f7520543 3777{
f0d6a0ea 3778 struct mgmt_ev_device_disconnected ev;
8962ee74
JH		 3779 struct sock *sk = NULL;
3780 int err;
3781
744cf19e 3782 mgmt_pending_foreach(MGMT_OP_DISCONNECT, hdev, disconnect_rsp, &sk);
f7520543 3783
f0d6a0ea
MA		 3784 bacpy(&ev.addr.bdaddr, bdaddr);
3785 ev.addr.type = link_to_bdaddr(link_type, addr_type);
3786 ev.reason = reason;
f7520543 3787
afc747a6 3788 err = mgmt_event(MGMT_EV_DEVICE_DISCONNECTED, hdev, &ev, sizeof(ev),
04124681 3789 sk);
8962ee74
JH		 3790
3791 if (sk)
d97dcb66 3792 sock_put(sk);
8962ee74 3793
124f6e35 3794 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
04124681 3795 hdev);
a8a1d19e 3796
8962ee74
JH		 3797 return err;
3798}
3799
88c3df13 3800int mgmt_disconnect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 3801 u8 link_type, u8 addr_type, u8 status)
8962ee74 3802{
88c3df13 3803 struct mgmt_rp_disconnect rp;
8962ee74
JH		 3804 struct pending_cmd *cmd;
3805 int err;
3806
36a75f1b
JD		 3807 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
3808 hdev);
3809
2e58ef3e 3810 cmd = mgmt_pending_find(MGMT_OP_DISCONNECT, hdev);
8962ee74
JH		 3811 if (!cmd)
3812 return -ENOENT;
3813
88c3df13 3814 bacpy(&rp.addr.bdaddr, bdaddr);
57c1477c 3815 rp.addr.type = link_to_bdaddr(link_type, addr_type);
37d9ef76 3816
88c3df13 3817 err = cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT,
04124681 3818 mgmt_status(status), &rp, sizeof(rp));
8962ee74 3819
a664b5bc 3820 mgmt_pending_remove(cmd);
8962ee74
JH		 3821
3822 return err;
f7520543 3823}
17d5c04c 3824
48264f06 3825int mgmt_connect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
04124681 3826 u8 addr_type, u8 status)
17d5c04c
JH		 3827{
3828 struct mgmt_ev_connect_failed ev;
3829
4c659c39 3830 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 3831 ev.addr.type = link_to_bdaddr(link_type, addr_type);
ca69b795 3832 ev.status = mgmt_status(status);
17d5c04c 3833
744cf19e 3834 return mgmt_event(MGMT_EV_CONNECT_FAILED, hdev, &ev, sizeof(ev), NULL);
17d5c04c 3835}
980e1a53 3836
744cf19e 3837int mgmt_pin_code_request(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 secure)
980e1a53
JH		 3838{
3839 struct mgmt_ev_pin_code_request ev;
3840
d8457698 3841 bacpy(&ev.addr.bdaddr, bdaddr);
591f47f3 3842 ev.addr.type = BDADDR_BREDR;
a770bb5a 3843 ev.secure = secure;
980e1a53 3844
744cf19e 3845 return mgmt_event(MGMT_EV_PIN_CODE_REQUEST, hdev, &ev, sizeof(ev),
04124681 3846 NULL);
980e1a53
JH		 3847}
3848
744cf19e 3849int mgmt_pin_code_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 3850 u8 status)
980e1a53
JH		 3851{
3852 struct pending_cmd *cmd;
ac56fb13 3853 struct mgmt_rp_pin_code_reply rp;
980e1a53
JH		 3854 int err;
3855
2e58ef3e 3856 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_REPLY, hdev);
980e1a53
JH		 3857 if (!cmd)
3858 return -ENOENT;
3859
d8457698 3860 bacpy(&rp.addr.bdaddr, bdaddr);
591f47f3 3861 rp.addr.type = BDADDR_BREDR;
ac56fb13 3862
aee9b218 3863 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
04124681 3864 mgmt_status(status), &rp, sizeof(rp));
980e1a53 3865
a664b5bc 3866 mgmt_pending_remove(cmd);
980e1a53
JH		 3867
3868 return err;
3869}
3870
744cf19e 3871int mgmt_pin_code_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 3872 u8 status)
980e1a53
JH		 3873{
3874 struct pending_cmd *cmd;
ac56fb13 3875 struct mgmt_rp_pin_code_reply rp;
980e1a53
JH		 3876 int err;
3877
2e58ef3e 3878 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_NEG_REPLY, hdev);
980e1a53
JH		 3879 if (!cmd)
3880 return -ENOENT;
3881
d8457698 3882 bacpy(&rp.addr.bdaddr, bdaddr);
591f47f3 3883 rp.addr.type = BDADDR_BREDR;
ac56fb13 3884
aee9b218 3885 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_NEG_REPLY,
04124681 3886 mgmt_status(status), &rp, sizeof(rp));
980e1a53 3887
a664b5bc 3888 mgmt_pending_remove(cmd);
980e1a53
JH		 3889
3890 return err;
3891}
a5c29683 3892
744cf19e 3893int mgmt_user_confirm_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681
GP		 3894 u8 link_type, u8 addr_type, __le32 value,
3895 u8 confirm_hint)
a5c29683
JH		 3896{
3897 struct mgmt_ev_user_confirm_request ev;
3898
744cf19e 3899 BT_DBG("%s", hdev->name);
a5c29683 3900
272d90df 3901 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 3902 ev.addr.type = link_to_bdaddr(link_type, addr_type);
55bc1a37 3903 ev.confirm_hint = confirm_hint;
78e8098e 3904 ev.value = value;
a5c29683 3905
744cf19e 3906 return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST, hdev, &ev, sizeof(ev),
04124681 3907 NULL);
a5c29683
JH		 3908}
3909
272d90df 3910int mgmt_user_passkey_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
8ce8e2b5 3911 u8 link_type, u8 addr_type)
604086b7
BG		 3912{
3913 struct mgmt_ev_user_passkey_request ev;
3914
3915 BT_DBG("%s", hdev->name);
3916
272d90df 3917 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 3918 ev.addr.type = link_to_bdaddr(link_type, addr_type);
604086b7
BG		 3919
3920 return mgmt_event(MGMT_EV_USER_PASSKEY_REQUEST, hdev, &ev, sizeof(ev),
04124681 3921 NULL);
604086b7
BG		 3922}
3923
0df4c185 3924static int user_pairing_resp_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
8ce8e2b5
GP		 3925 u8 link_type, u8 addr_type, u8 status,
3926 u8 opcode)
a5c29683
JH		 3927{
3928 struct pending_cmd *cmd;
3929 struct mgmt_rp_user_confirm_reply rp;
3930 int err;
3931
2e58ef3e 3932 cmd = mgmt_pending_find(opcode, hdev);
a5c29683
JH		 3933 if (!cmd)
3934 return -ENOENT;
3935
272d90df 3936 bacpy(&rp.addr.bdaddr, bdaddr);
57c1477c 3937 rp.addr.type = link_to_bdaddr(link_type, addr_type);
aee9b218 3938 err = cmd_complete(cmd->sk, hdev->id, opcode, mgmt_status(status),
04124681 3939 &rp, sizeof(rp));
a5c29683 3940
a664b5bc 3941 mgmt_pending_remove(cmd);
a5c29683
JH		 3942
3943 return err;
3944}
3945
744cf19e 3946int mgmt_user_confirm_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 3947 u8 link_type, u8 addr_type, u8 status)
a5c29683 3948{
272d90df 3949 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
04124681 3950 status, MGMT_OP_USER_CONFIRM_REPLY);
a5c29683
JH		 3951}
3952
272d90df 3953int mgmt_user_confirm_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 3954 u8 link_type, u8 addr_type, u8 status)
a5c29683 3955{
272d90df 3956 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
8fc9ced3
GP		 3957 status,
3958 MGMT_OP_USER_CONFIRM_NEG_REPLY);
a5c29683 3959}
2a611692 3960
604086b7 3961int mgmt_user_passkey_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 3962 u8 link_type, u8 addr_type, u8 status)
604086b7 3963{
272d90df 3964 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
04124681 3965 status, MGMT_OP_USER_PASSKEY_REPLY);
604086b7
BG		 3966}
3967
272d90df 3968int mgmt_user_passkey_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 3969 u8 link_type, u8 addr_type, u8 status)
604086b7 3970{
272d90df 3971 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
8fc9ced3
GP		 3972 status,
3973 MGMT_OP_USER_PASSKEY_NEG_REPLY);
604086b7
BG		 3974}
3975
92a25256
JH		 3976int mgmt_user_passkey_notify(struct hci_dev *hdev, bdaddr_t *bdaddr,
3977 u8 link_type, u8 addr_type, u32 passkey,
3978 u8 entered)
3979{
3980 struct mgmt_ev_passkey_notify ev;
3981
3982 BT_DBG("%s", hdev->name);
3983
3984 bacpy(&ev.addr.bdaddr, bdaddr);
3985 ev.addr.type = link_to_bdaddr(link_type, addr_type);
3986 ev.passkey = __cpu_to_le32(passkey);
3987 ev.entered = entered;
3988
3989 return mgmt_event(MGMT_EV_PASSKEY_NOTIFY, hdev, &ev, sizeof(ev), NULL);
3990}
3991
bab73cb6 3992int mgmt_auth_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
04124681 3993 u8 addr_type, u8 status)
2a611692
JH		 3994{
3995 struct mgmt_ev_auth_failed ev;
3996
bab73cb6 3997 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 3998 ev.addr.type = link_to_bdaddr(link_type, addr_type);
ca69b795 3999 ev.status = mgmt_status(status);
2a611692 4000
744cf19e 4001 return mgmt_event(MGMT_EV_AUTH_FAILED, hdev, &ev, sizeof(ev), NULL);
2a611692 4002}
b312b161 4003
33ef95ed
JH		 4004int mgmt_auth_enable_complete(struct hci_dev *hdev, u8 status)
4005{
4006 struct cmd_lookup match = { NULL, hdev };
47990ea0
JH		 4007 bool changed = false;
4008 int err = 0;
33ef95ed
JH		 4009
4010 if (status) {
4011 u8 mgmt_err = mgmt_status(status);
4012 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev,
04124681 4013 cmd_status_rsp, &mgmt_err);
33ef95ed
JH		 4014 return 0;
4015 }
4016
47990ea0
JH		 4017 if (test_bit(HCI_AUTH, &hdev->flags)) {
4018 if (!test_and_set_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
4019 changed = true;
4020 } else {
4021 if (test_and_clear_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
4022 changed = true;
4023 }
4024
33ef95ed 4025 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev, settings_rsp,
04124681 4026 &match);
33ef95ed 4027
47990ea0
JH		 4028 if (changed)
4029 err = new_settings(hdev, match.sk);
33ef95ed
JH		 4030
4031 if (match.sk)
4032 sock_put(match.sk);
4033
4034 return err;
4035}
4036
890ea898 4037static void clear_eir(struct hci_request *req)
cacaf52f 4038{
890ea898 4039 struct hci_dev *hdev = req->hdev;
cacaf52f
JH		 4040 struct hci_cp_write_eir cp;
4041
976eb20e 4042 if (!lmp_ext_inq_capable(hdev))
890ea898 4043 return;
cacaf52f 4044
c80da27e
JH		 4045 memset(hdev->eir, 0, sizeof(hdev->eir));
4046
cacaf52f
JH		 4047 memset(&cp, 0, sizeof(cp));
4048
890ea898 4049 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
cacaf52f
JH		 4050}
4051
c0ecddc2 4052int mgmt_ssp_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
ed2c4ee3
JH		 4053{
4054 struct cmd_lookup match = { NULL, hdev };
890ea898 4055 struct hci_request req;
c0ecddc2
JH		 4056 bool changed = false;
4057 int err = 0;
ed2c4ee3
JH		 4058
4059 if (status) {
4060 u8 mgmt_err = mgmt_status(status);
c0ecddc2
JH		 4061
4062 if (enable && test_and_clear_bit(HCI_SSP_ENABLED,
04124681 4063 &hdev->dev_flags))
c0ecddc2
JH		 4064 err = new_settings(hdev, NULL);
4065
04124681
GP		 4066 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, cmd_status_rsp,
4067 &mgmt_err);
c0ecddc2
JH		 4068
4069 return err;
4070 }
4071
4072 if (enable) {
4073 if (!test_and_set_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
4074 changed = true;
4075 } else {
4076 if (test_and_clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
4077 changed = true;
ed2c4ee3
JH		 4078 }
4079
4080 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, settings_rsp, &match);
4081
c0ecddc2
JH		 4082 if (changed)
4083 err = new_settings(hdev, match.sk);
ed2c4ee3 4084
5fc6ebb1 4085 if (match.sk)
ed2c4ee3
JH		 4086 sock_put(match.sk);
4087
890ea898
JH		 4088 hci_req_init(&req, hdev);
4089
5fc6ebb1 4090 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
890ea898 4091 update_eir(&req);
5fc6ebb1 4092 else
890ea898
JH		 4093 clear_eir(&req);
4094
4095 hci_req_run(&req, NULL);
cacaf52f 4096
ed2c4ee3
JH		 4097 return err;
4098}
4099
92da6097 4100static void sk_lookup(struct pending_cmd *cmd, void *data)
90e70454
JH		 4101{
4102 struct cmd_lookup *match = data;
4103
90e70454
JH		 4104 if (match->sk == NULL) {
4105 match->sk = cmd->sk;
4106 sock_hold(match->sk);
4107 }
90e70454
JH		 4108}
4109
7f9a903c 4110int mgmt_set_class_of_dev_complete(struct hci_dev *hdev, u8 *dev_class,
04124681 4111 u8 status)
7f9a903c 4112{
90e70454
JH		 4113 struct cmd_lookup match = { NULL, hdev, mgmt_status(status) };
4114 int err = 0;
7f9a903c 4115
92da6097
JH		 4116 mgmt_pending_foreach(MGMT_OP_SET_DEV_CLASS, hdev, sk_lookup, &match);
4117 mgmt_pending_foreach(MGMT_OP_ADD_UUID, hdev, sk_lookup, &match);
4118 mgmt_pending_foreach(MGMT_OP_REMOVE_UUID, hdev, sk_lookup, &match);
90e70454
JH		 4119
4120 if (!status)
04124681
GP		 4121 err = mgmt_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev, dev_class,
4122 3, NULL);
90e70454
JH		 4123
4124 if (match.sk)
4125 sock_put(match.sk);
7f9a903c
MH		 4126
4127 return err;
4128}
4129
744cf19e 4130int mgmt_set_local_name_complete(struct hci_dev *hdev, u8 *name, u8 status)
b312b161 4131{
b312b161 4132 struct mgmt_cp_set_local_name ev;
13928971 4133 struct pending_cmd *cmd;
28cc7bde 4134
13928971
JH		 4135 if (status)
4136 return 0;
b312b161
JH		 4137
4138 memset(&ev, 0, sizeof(ev));
4139 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH);
28cc7bde 4140 memcpy(ev.short_name, hdev->short_name, HCI_MAX_SHORT_NAME_LENGTH);
b312b161 4141
2e58ef3e 4142 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
13928971
JH		 4143 if (!cmd) {
4144 memcpy(hdev->dev_name, name, sizeof(hdev->dev_name));
28cc7bde 4145
13928971
JH		 4146 /* If this is a HCI command related to powering on the
4147 * HCI dev don't send any mgmt signals.
4148 */
4149 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev))
4150 return 0;
890ea898 4151 }
b312b161 4152
13928971
JH		 4153 return mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, &ev, sizeof(ev),
4154 cmd ? cmd->sk : NULL);
b312b161 4155}
c35938b2 4156
744cf19e 4157int mgmt_read_local_oob_data_reply_complete(struct hci_dev *hdev, u8 *hash,
04124681 4158 u8 *randomizer, u8 status)
c35938b2
SJ		 4159{
4160 struct pending_cmd *cmd;
4161 int err;
4162
744cf19e 4163 BT_DBG("%s status %u", hdev->name, status);
c35938b2 4164
2e58ef3e 4165 cmd = mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev);
c35938b2
SJ		 4166 if (!cmd)
4167 return -ENOENT;
4168
4169 if (status) {
04124681
GP		 4170 err = cmd_status(cmd->sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
4171 mgmt_status(status));
c35938b2
SJ		 4172 } else {
4173 struct mgmt_rp_read_local_oob_data rp;
4174
4175 memcpy(rp.hash, hash, sizeof(rp.hash));
4176 memcpy(rp.randomizer, randomizer, sizeof(rp.randomizer));
4177
744cf19e 4178 err = cmd_complete(cmd->sk, hdev->id,
04124681
GP		 4179 MGMT_OP_READ_LOCAL_OOB_DATA, 0, &rp,
4180 sizeof(rp));
c35938b2
SJ		 4181 }
4182
4183 mgmt_pending_remove(cmd);
4184
4185 return err;
4186}
e17acd40 4187
48264f06 4188int mgmt_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
04124681
GP		 4189 u8 addr_type, u8 *dev_class, s8 rssi, u8 cfm_name, u8
4190 ssp, u8 *eir, u16 eir_len)
e17acd40 4191{
e319d2e7
JH		 4192 char buf[512];
4193 struct mgmt_ev_device_found *ev = (void *) buf;
1dc06093 4194 size_t ev_size;
e17acd40 4195
12602d0c
AG		 4196 if (!hci_discovery_active(hdev))
4197 return -EPERM;
4198
1dc06093
JH		 4199 /* Leave 5 bytes for a potential CoD field */
4200 if (sizeof(*ev) + eir_len + 5 > sizeof(buf))
7d262f86
AG		 4201 return -EINVAL;
4202
1dc06093
JH		 4203 memset(buf, 0, sizeof(buf));
4204
e319d2e7 4205 bacpy(&ev->addr.bdaddr, bdaddr);
57c1477c 4206 ev->addr.type = link_to_bdaddr(link_type, addr_type);
e319d2e7 4207 ev->rssi = rssi;
9a395a80 4208 if (cfm_name)
612dfce9 4209 ev->flags |= __constant_cpu_to_le32(MGMT_DEV_FOUND_CONFIRM_NAME);
388fc8fa 4210 if (!ssp)
612dfce9 4211 ev->flags |= __constant_cpu_to_le32(MGMT_DEV_FOUND_LEGACY_PAIRING);
e17acd40 4212
1dc06093 4213 if (eir_len > 0)
e319d2e7 4214 memcpy(ev->eir, eir, eir_len);
e17acd40 4215
1dc06093
JH		 4216 if (dev_class && !eir_has_data_type(ev->eir, eir_len, EIR_CLASS_OF_DEV))
4217 eir_len = eir_append_data(ev->eir, eir_len, EIR_CLASS_OF_DEV,
04124681 4218 dev_class, 3);
1dc06093 4219
eb55ef07 4220 ev->eir_len = cpu_to_le16(eir_len);
1dc06093 4221 ev_size = sizeof(*ev) + eir_len;
f8523598 4222
e319d2e7 4223 return mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, ev_size, NULL);
e17acd40 4224}
a88a9652 4225
b644ba33 4226int mgmt_remote_name(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
04124681 4227 u8 addr_type, s8 rssi, u8 *name, u8 name_len)
a88a9652 4228{
b644ba33
JH		 4229 struct mgmt_ev_device_found *ev;
4230 char buf[sizeof(*ev) + HCI_MAX_NAME_LENGTH + 2];
4231 u16 eir_len;
a88a9652 4232
b644ba33 4233 ev = (struct mgmt_ev_device_found *) buf;
a88a9652 4234
b644ba33
JH		 4235 memset(buf, 0, sizeof(buf));
4236
4237 bacpy(&ev->addr.bdaddr, bdaddr);
57c1477c 4238 ev->addr.type = link_to_bdaddr(link_type, addr_type);
b644ba33
JH		 4239 ev->rssi = rssi;
4240
4241 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE, name,
04124681 4242 name_len);
b644ba33 4243
eb55ef07 4244 ev->eir_len = cpu_to_le16(eir_len);
a88a9652 4245
053c7e0c 4246 return mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev,
04124681 4247 sizeof(*ev) + eir_len, NULL);
a88a9652 4248}
314b2381 4249
744cf19e 4250int mgmt_discovering(struct hci_dev *hdev, u8 discovering)
314b2381 4251{
f963e8e9 4252 struct mgmt_ev_discovering ev;
164a6e78
JH		 4253 struct pending_cmd *cmd;
4254
343fb145
AG		 4255 BT_DBG("%s discovering %u", hdev->name, discovering);
4256
164a6e78 4257 if (discovering)
2e58ef3e 4258 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
164a6e78 4259 else
2e58ef3e 4260 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
164a6e78
JH		 4261
4262 if (cmd != NULL) {
f808e166
JH		 4263 u8 type = hdev->discovery.type;
4264
04124681
GP		 4265 cmd_complete(cmd->sk, hdev->id, cmd->opcode, 0, &type,
4266 sizeof(type));
164a6e78
JH		 4267 mgmt_pending_remove(cmd);
4268 }
4269
f963e8e9
JH		 4270 memset(&ev, 0, sizeof(ev));
4271 ev.type = hdev->discovery.type;
4272 ev.discovering = discovering;
4273
4274 return mgmt_event(MGMT_EV_DISCOVERING, hdev, &ev, sizeof(ev), NULL);
314b2381 4275}
5e762444 4276
88c1fe4b 4277int mgmt_device_blocked(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
5e762444
AJ		 4278{
4279 struct pending_cmd *cmd;
4280 struct mgmt_ev_device_blocked ev;
4281
2e58ef3e 4282 cmd = mgmt_pending_find(MGMT_OP_BLOCK_DEVICE, hdev);
5e762444 4283
88c1fe4b
JH		 4284 bacpy(&ev.addr.bdaddr, bdaddr);
4285 ev.addr.type = type;
5e762444 4286
744cf19e 4287 return mgmt_event(MGMT_EV_DEVICE_BLOCKED, hdev, &ev, sizeof(ev),
04124681 4288 cmd ? cmd->sk : NULL);
5e762444
AJ		 4289}
4290
88c1fe4b 4291int mgmt_device_unblocked(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
5e762444
AJ		 4292{
4293 struct pending_cmd *cmd;
4294 struct mgmt_ev_device_unblocked ev;
4295
2e58ef3e 4296 cmd = mgmt_pending_find(MGMT_OP_UNBLOCK_DEVICE, hdev);
5e762444 4297
88c1fe4b
JH		 4298 bacpy(&ev.addr.bdaddr, bdaddr);
4299 ev.addr.type = type;
5e762444 4300
744cf19e 4301 return mgmt_event(MGMT_EV_DEVICE_UNBLOCKED, hdev, &ev, sizeof(ev),
04124681 4302 cmd ? cmd->sk : NULL);
5e762444 4303}
d7b7e796
MH		 4304
4305module_param(enable_hs, bool, 0644);
4306MODULE_PARM_DESC(enable_hs, "Enable High Speed support");
Linux kernel - Deliverables
This page took 0.606963 seconds and 5 git commands to generate.