projects / deliverable / linux.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Bluetooth: Set the scan response data when needed
[deliverable/linux.git] / net / bluetooth / mgmt.c
CommitLineData
0381101f
JH		 1/*
2 BlueZ - Bluetooth protocol stack for Linux
ea585ab5 3
0381101f 4 Copyright (C) 2010 Nokia Corporation
ea585ab5 5 Copyright (C) 2011-2012 Intel Corporation
0381101f
JH		 6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
10
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
23*/
24
25/* Bluetooth HCI Management interface */
26
3a9a231d 27#include <linux/module.h>
0381101f
JH		 28#include <asm/unaligned.h>
29
30#include <net/bluetooth/bluetooth.h>
31#include <net/bluetooth/hci_core.h>
32#include <net/bluetooth/mgmt.h>
ac4b7236
MH		 33
34#include "smp.h"
0381101f 35
2da9c55c 36#define MGMT_VERSION 1
9ab8cf37 37#define MGMT_REVISION 4
02d98129 38
e70bb2e8
JH		 39static const u16 mgmt_commands[] = {
40 MGMT_OP_READ_INDEX_LIST,
41 MGMT_OP_READ_INFO,
42 MGMT_OP_SET_POWERED,
43 MGMT_OP_SET_DISCOVERABLE,
44 MGMT_OP_SET_CONNECTABLE,
45 MGMT_OP_SET_FAST_CONNECTABLE,
46 MGMT_OP_SET_PAIRABLE,
47 MGMT_OP_SET_LINK_SECURITY,
48 MGMT_OP_SET_SSP,
49 MGMT_OP_SET_HS,
50 MGMT_OP_SET_LE,
51 MGMT_OP_SET_DEV_CLASS,
52 MGMT_OP_SET_LOCAL_NAME,
53 MGMT_OP_ADD_UUID,
54 MGMT_OP_REMOVE_UUID,
55 MGMT_OP_LOAD_LINK_KEYS,
56 MGMT_OP_LOAD_LONG_TERM_KEYS,
57 MGMT_OP_DISCONNECT,
58 MGMT_OP_GET_CONNECTIONS,
59 MGMT_OP_PIN_CODE_REPLY,
60 MGMT_OP_PIN_CODE_NEG_REPLY,
61 MGMT_OP_SET_IO_CAPABILITY,
62 MGMT_OP_PAIR_DEVICE,
63 MGMT_OP_CANCEL_PAIR_DEVICE,
64 MGMT_OP_UNPAIR_DEVICE,
65 MGMT_OP_USER_CONFIRM_REPLY,
66 MGMT_OP_USER_CONFIRM_NEG_REPLY,
67 MGMT_OP_USER_PASSKEY_REPLY,
68 MGMT_OP_USER_PASSKEY_NEG_REPLY,
69 MGMT_OP_READ_LOCAL_OOB_DATA,
70 MGMT_OP_ADD_REMOTE_OOB_DATA,
71 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
72 MGMT_OP_START_DISCOVERY,
73 MGMT_OP_STOP_DISCOVERY,
74 MGMT_OP_CONFIRM_NAME,
75 MGMT_OP_BLOCK_DEVICE,
76 MGMT_OP_UNBLOCK_DEVICE,
cdbaccca 77 MGMT_OP_SET_DEVICE_ID,
4375f103 78 MGMT_OP_SET_ADVERTISING,
0663ca2a 79 MGMT_OP_SET_BREDR,
d13eafce 80 MGMT_OP_SET_STATIC_ADDRESS,
7f72134e 81 MGMT_OP_SET_SCAN_PARAMS,
e70bb2e8
JH		 82};
83
84static const u16 mgmt_events[] = {
85 MGMT_EV_CONTROLLER_ERROR,
86 MGMT_EV_INDEX_ADDED,
87 MGMT_EV_INDEX_REMOVED,
88 MGMT_EV_NEW_SETTINGS,
89 MGMT_EV_CLASS_OF_DEV_CHANGED,
90 MGMT_EV_LOCAL_NAME_CHANGED,
91 MGMT_EV_NEW_LINK_KEY,
92 MGMT_EV_NEW_LONG_TERM_KEY,
93 MGMT_EV_DEVICE_CONNECTED,
94 MGMT_EV_DEVICE_DISCONNECTED,
95 MGMT_EV_CONNECT_FAILED,
96 MGMT_EV_PIN_CODE_REQUEST,
97 MGMT_EV_USER_CONFIRM_REQUEST,
98 MGMT_EV_USER_PASSKEY_REQUEST,
99 MGMT_EV_AUTH_FAILED,
100 MGMT_EV_DEVICE_FOUND,
101 MGMT_EV_DISCOVERING,
102 MGMT_EV_DEVICE_BLOCKED,
103 MGMT_EV_DEVICE_UNBLOCKED,
104 MGMT_EV_DEVICE_UNPAIRED,
92a25256 105 MGMT_EV_PASSKEY_NOTIFY,
e70bb2e8
JH		 106};
107
17b02e62 108#define CACHE_TIMEOUT msecs_to_jiffies(2 * 1000)
7d78525d 109
4b34ee78
JH		 110#define hdev_is_powered(hdev) (test_bit(HCI_UP, &hdev->flags) && \
111 !test_bit(HCI_AUTO_OFF, &hdev->dev_flags))
112
eec8d2bc
JH		 113struct pending_cmd {
114 struct list_head list;
fc2f4b13 115 u16 opcode;
eec8d2bc 116 int index;
c68fb7ff 117 void *param;
eec8d2bc 118 struct sock *sk;
e9a416b5 119 void *user_data;
eec8d2bc
JH		 120};
121
ca69b795
JH		 122/* HCI to MGMT error code conversion table */
123static u8 mgmt_status_table[] = {
124 MGMT_STATUS_SUCCESS,
125 MGMT_STATUS_UNKNOWN_COMMAND, /* Unknown Command */
126 MGMT_STATUS_NOT_CONNECTED, /* No Connection */
127 MGMT_STATUS_FAILED, /* Hardware Failure */
128 MGMT_STATUS_CONNECT_FAILED, /* Page Timeout */
129 MGMT_STATUS_AUTH_FAILED, /* Authentication Failed */
130 MGMT_STATUS_NOT_PAIRED, /* PIN or Key Missing */
131 MGMT_STATUS_NO_RESOURCES, /* Memory Full */
132 MGMT_STATUS_TIMEOUT, /* Connection Timeout */
133 MGMT_STATUS_NO_RESOURCES, /* Max Number of Connections */
134 MGMT_STATUS_NO_RESOURCES, /* Max Number of SCO Connections */
135 MGMT_STATUS_ALREADY_CONNECTED, /* ACL Connection Exists */
136 MGMT_STATUS_BUSY, /* Command Disallowed */
137 MGMT_STATUS_NO_RESOURCES, /* Rejected Limited Resources */
138 MGMT_STATUS_REJECTED, /* Rejected Security */
139 MGMT_STATUS_REJECTED, /* Rejected Personal */
140 MGMT_STATUS_TIMEOUT, /* Host Timeout */
141 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Feature */
142 MGMT_STATUS_INVALID_PARAMS, /* Invalid Parameters */
143 MGMT_STATUS_DISCONNECTED, /* OE User Ended Connection */
144 MGMT_STATUS_NO_RESOURCES, /* OE Low Resources */
145 MGMT_STATUS_DISCONNECTED, /* OE Power Off */
146 MGMT_STATUS_DISCONNECTED, /* Connection Terminated */
147 MGMT_STATUS_BUSY, /* Repeated Attempts */
148 MGMT_STATUS_REJECTED, /* Pairing Not Allowed */
149 MGMT_STATUS_FAILED, /* Unknown LMP PDU */
150 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Remote Feature */
151 MGMT_STATUS_REJECTED, /* SCO Offset Rejected */
152 MGMT_STATUS_REJECTED, /* SCO Interval Rejected */
153 MGMT_STATUS_REJECTED, /* Air Mode Rejected */
154 MGMT_STATUS_INVALID_PARAMS, /* Invalid LMP Parameters */
155 MGMT_STATUS_FAILED, /* Unspecified Error */
156 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported LMP Parameter Value */
157 MGMT_STATUS_FAILED, /* Role Change Not Allowed */
158 MGMT_STATUS_TIMEOUT, /* LMP Response Timeout */
159 MGMT_STATUS_FAILED, /* LMP Error Transaction Collision */
160 MGMT_STATUS_FAILED, /* LMP PDU Not Allowed */
161 MGMT_STATUS_REJECTED, /* Encryption Mode Not Accepted */
162 MGMT_STATUS_FAILED, /* Unit Link Key Used */
163 MGMT_STATUS_NOT_SUPPORTED, /* QoS Not Supported */
164 MGMT_STATUS_TIMEOUT, /* Instant Passed */
165 MGMT_STATUS_NOT_SUPPORTED, /* Pairing Not Supported */
166 MGMT_STATUS_FAILED, /* Transaction Collision */
167 MGMT_STATUS_INVALID_PARAMS, /* Unacceptable Parameter */
168 MGMT_STATUS_REJECTED, /* QoS Rejected */
169 MGMT_STATUS_NOT_SUPPORTED, /* Classification Not Supported */
170 MGMT_STATUS_REJECTED, /* Insufficient Security */
171 MGMT_STATUS_INVALID_PARAMS, /* Parameter Out Of Range */
172 MGMT_STATUS_BUSY, /* Role Switch Pending */
173 MGMT_STATUS_FAILED, /* Slot Violation */
174 MGMT_STATUS_FAILED, /* Role Switch Failed */
175 MGMT_STATUS_INVALID_PARAMS, /* EIR Too Large */
176 MGMT_STATUS_NOT_SUPPORTED, /* Simple Pairing Not Supported */
177 MGMT_STATUS_BUSY, /* Host Busy Pairing */
178 MGMT_STATUS_REJECTED, /* Rejected, No Suitable Channel */
179 MGMT_STATUS_BUSY, /* Controller Busy */
180 MGMT_STATUS_INVALID_PARAMS, /* Unsuitable Connection Interval */
181 MGMT_STATUS_TIMEOUT, /* Directed Advertising Timeout */
182 MGMT_STATUS_AUTH_FAILED, /* Terminated Due to MIC Failure */
183 MGMT_STATUS_CONNECT_FAILED, /* Connection Establishment Failed */
184 MGMT_STATUS_CONNECT_FAILED, /* MAC Connection Failed */
185};
186
187static u8 mgmt_status(u8 hci_status)
188{
189 if (hci_status < ARRAY_SIZE(mgmt_status_table))
190 return mgmt_status_table[hci_status];
191
192 return MGMT_STATUS_FAILED;
193}
194
4e51eae9 195static int cmd_status(struct sock *sk, u16 index, u16 cmd, u8 status)
f7b64e69
JH		 196{
197 struct sk_buff *skb;
198 struct mgmt_hdr *hdr;
199 struct mgmt_ev_cmd_status *ev;
56b7d137 200 int err;
f7b64e69 201
34eb525c 202 BT_DBG("sock %p, index %u, cmd %u, status %u", sk, index, cmd, status);
f7b64e69 203
790eff44 204 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev), GFP_KERNEL);
f7b64e69
JH		 205 if (!skb)
206 return -ENOMEM;
207
208 hdr = (void *) skb_put(skb, sizeof(*hdr));
209
612dfce9 210 hdr->opcode = __constant_cpu_to_le16(MGMT_EV_CMD_STATUS);
4e51eae9 211 hdr->index = cpu_to_le16(index);
f7b64e69
JH		 212 hdr->len = cpu_to_le16(sizeof(*ev));
213
214 ev = (void *) skb_put(skb, sizeof(*ev));
215 ev->status = status;
eb55ef07 216 ev->opcode = cpu_to_le16(cmd);
f7b64e69 217
56b7d137
GP		 218 err = sock_queue_rcv_skb(sk, skb);
219 if (err < 0)
f7b64e69
JH		 220 kfree_skb(skb);
221
56b7d137 222 return err;
f7b64e69
JH		 223}
224
aee9b218 225static int cmd_complete(struct sock *sk, u16 index, u16 cmd, u8 status,
04124681 226 void *rp, size_t rp_len)
02d98129
JH		 227{
228 struct sk_buff *skb;
229 struct mgmt_hdr *hdr;
230 struct mgmt_ev_cmd_complete *ev;
56b7d137 231 int err;
02d98129
JH		 232
233 BT_DBG("sock %p", sk);
234
790eff44 235 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev) + rp_len, GFP_KERNEL);
02d98129
JH		 236 if (!skb)
237 return -ENOMEM;
238
239 hdr = (void *) skb_put(skb, sizeof(*hdr));
02d98129 240
612dfce9 241 hdr->opcode = __constant_cpu_to_le16(MGMT_EV_CMD_COMPLETE);
4e51eae9 242 hdr->index = cpu_to_le16(index);
a38528f1 243 hdr->len = cpu_to_le16(sizeof(*ev) + rp_len);
02d98129 244
a38528f1 245 ev = (void *) skb_put(skb, sizeof(*ev) + rp_len);
eb55ef07 246 ev->opcode = cpu_to_le16(cmd);
aee9b218 247 ev->status = status;
8020c16a
SJ		 248
249 if (rp)
250 memcpy(ev->data, rp, rp_len);
02d98129 251
56b7d137
GP		 252 err = sock_queue_rcv_skb(sk, skb);
253 if (err < 0)
02d98129
JH		 254 kfree_skb(skb);
255
e5f0e151 256 return err;
02d98129
JH		 257}
258
04124681
GP		 259static int read_version(struct sock *sk, struct hci_dev *hdev, void *data,
260 u16 data_len)
a38528f1
JH		 261{
262 struct mgmt_rp_read_version rp;
263
264 BT_DBG("sock %p", sk);
265
266 rp.version = MGMT_VERSION;
eb55ef07 267 rp.revision = __constant_cpu_to_le16(MGMT_REVISION);
a38528f1 268
aee9b218 269 return cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_VERSION, 0, &rp,
04124681 270 sizeof(rp));
a38528f1
JH		 271}
272
04124681
GP		 273static int read_commands(struct sock *sk, struct hci_dev *hdev, void *data,
274 u16 data_len)
e70bb2e8
JH		 275{
276 struct mgmt_rp_read_commands *rp;
eb55ef07
MH		 277 const u16 num_commands = ARRAY_SIZE(mgmt_commands);
278 const u16 num_events = ARRAY_SIZE(mgmt_events);
2e3c35ea 279 __le16 *opcode;
e70bb2e8
JH		 280 size_t rp_size;
281 int i, err;
282
283 BT_DBG("sock %p", sk);
284
285 rp_size = sizeof(*rp) + ((num_commands + num_events) * sizeof(u16));
286
287 rp = kmalloc(rp_size, GFP_KERNEL);
288 if (!rp)
289 return -ENOMEM;
290
eb55ef07
MH		 291 rp->num_commands = __constant_cpu_to_le16(num_commands);
292 rp->num_events = __constant_cpu_to_le16(num_events);
e70bb2e8
JH		 293
294 for (i = 0, opcode = rp->opcodes; i < num_commands; i++, opcode++)
295 put_unaligned_le16(mgmt_commands[i], opcode);
296
297 for (i = 0; i < num_events; i++, opcode++)
298 put_unaligned_le16(mgmt_events[i], opcode);
299
aee9b218 300 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_COMMANDS, 0, rp,
04124681 301 rp_size);
e70bb2e8
JH		 302 kfree(rp);
303
304 return err;
305}
306
04124681
GP		 307static int read_index_list(struct sock *sk, struct hci_dev *hdev, void *data,
308 u16 data_len)
faba42eb 309{
faba42eb 310 struct mgmt_rp_read_index_list *rp;
8035ded4 311 struct hci_dev *d;
a38528f1 312 size_t rp_len;
faba42eb 313 u16 count;
476e44cb 314 int err;
faba42eb
JH		 315
316 BT_DBG("sock %p", sk);
317
318 read_lock(&hci_dev_list_lock);
319
320 count = 0;
bb4b2a9a 321 list_for_each_entry(d, &hci_dev_list, list) {
1514b892
MH		 322 if (d->dev_type == HCI_BREDR)
323 count++;
faba42eb
JH		 324 }
325
a38528f1
JH		 326 rp_len = sizeof(*rp) + (2 * count);
327 rp = kmalloc(rp_len, GFP_ATOMIC);
328 if (!rp) {
b2c60d42 329 read_unlock(&hci_dev_list_lock);
faba42eb 330 return -ENOMEM;
b2c60d42 331 }
faba42eb 332
476e44cb 333 count = 0;
8035ded4 334 list_for_each_entry(d, &hci_dev_list, list) {
a8b2d5c2 335 if (test_bit(HCI_SETUP, &d->dev_flags))
ab81cbf9
JH		 336 continue;
337
0736cfa8
MH		 338 if (test_bit(HCI_USER_CHANNEL, &d->dev_flags))
339 continue;
340
1514b892
MH		 341 if (d->dev_type == HCI_BREDR) {
342 rp->index[count++] = cpu_to_le16(d->id);
343 BT_DBG("Added hci%u", d->id);
344 }
faba42eb
JH		 345 }
346
476e44cb
JH		 347 rp->num_controllers = cpu_to_le16(count);
348 rp_len = sizeof(*rp) + (2 * count);
349
faba42eb
JH		 350 read_unlock(&hci_dev_list_lock);
351
aee9b218 352 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_INDEX_LIST, 0, rp,
04124681 353 rp_len);
faba42eb 354
a38528f1
JH		 355 kfree(rp);
356
357 return err;
faba42eb
JH		 358}
359
69ab39ea
JH		 360static u32 get_supported_settings(struct hci_dev *hdev)
361{
362 u32 settings = 0;
363
364 settings |= MGMT_SETTING_POWERED;
69ab39ea
JH		 365 settings |= MGMT_SETTING_PAIRABLE;
366
ed3fa31f 367 if (lmp_bredr_capable(hdev)) {
33c525c0 368 settings |= MGMT_SETTING_CONNECTABLE;
1a47aee8
JH		 369 if (hdev->hci_ver >= BLUETOOTH_VER_1_2)
370 settings |= MGMT_SETTING_FAST_CONNECTABLE;
33c525c0 371 settings |= MGMT_SETTING_DISCOVERABLE;
69ab39ea
JH		 372 settings |= MGMT_SETTING_BREDR;
373 settings |= MGMT_SETTING_LINK_SECURITY;
a82974c9
MH		 374
375 if (lmp_ssp_capable(hdev)) {
376 settings |= MGMT_SETTING_SSP;
377 settings |= MGMT_SETTING_HS;
378 }
848566b3 379 }
d7b7e796 380
eeca6f89 381 if (lmp_le_capable(hdev)) {
9d42820f 382 settings |= MGMT_SETTING_LE;
eeca6f89
JH		 383 settings |= MGMT_SETTING_ADVERTISING;
384 }
69ab39ea
JH		 385
386 return settings;
387}
388
389static u32 get_current_settings(struct hci_dev *hdev)
390{
391 u32 settings = 0;
392
f1f0eb02 393 if (hdev_is_powered(hdev))
f0d4b78a
MH		 394 settings |= MGMT_SETTING_POWERED;
395
5e5282bb 396 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
69ab39ea
JH		 397 settings |= MGMT_SETTING_CONNECTABLE;
398
1a4d3c4b
JH		 399 if (test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags))
400 settings |= MGMT_SETTING_FAST_CONNECTABLE;
401
5e5282bb 402 if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
69ab39ea
JH		 403 settings |= MGMT_SETTING_DISCOVERABLE;
404
a8b2d5c2 405 if (test_bit(HCI_PAIRABLE, &hdev->dev_flags))
69ab39ea
JH		 406 settings |= MGMT_SETTING_PAIRABLE;
407
56f87901 408 if (test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
69ab39ea
JH		 409 settings |= MGMT_SETTING_BREDR;
410
06199cf8 411 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
69ab39ea
JH		 412 settings |= MGMT_SETTING_LE;
413
47990ea0 414 if (test_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
69ab39ea
JH		 415 settings |= MGMT_SETTING_LINK_SECURITY;
416
84bde9d6 417 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
69ab39ea
JH		 418 settings |= MGMT_SETTING_SSP;
419
6d80dfd0
JH		 420 if (test_bit(HCI_HS_ENABLED, &hdev->dev_flags))
421 settings |= MGMT_SETTING_HS;
422
f3d3444a 423 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags))
eeca6f89
JH		 424 settings |= MGMT_SETTING_ADVERTISING;
425
69ab39ea
JH		 426 return settings;
427}
428
ef580372
JH		 429#define PNP_INFO_SVCLASS_ID 0x1200
430
213202ed
JH		 431static u8 *create_uuid16_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
432{
433 u8 *ptr = data, *uuids_start = NULL;
434 struct bt_uuid *uuid;
435
436 if (len < 4)
437 return ptr;
438
439 list_for_each_entry(uuid, &hdev->uuids, list) {
440 u16 uuid16;
441
442 if (uuid->size != 16)
443 continue;
444
445 uuid16 = get_unaligned_le16(&uuid->uuid[12]);
446 if (uuid16 < 0x1100)
447 continue;
448
449 if (uuid16 == PNP_INFO_SVCLASS_ID)
450 continue;
451
452 if (!uuids_start) {
453 uuids_start = ptr;
454 uuids_start[0] = 1;
455 uuids_start[1] = EIR_UUID16_ALL;
456 ptr += 2;
457 }
458
459 /* Stop if not enough space to put next UUID */
460 if ((ptr - data) + sizeof(u16) > len) {
461 uuids_start[1] = EIR_UUID16_SOME;
462 break;
463 }
464
465 *ptr++ = (uuid16 & 0x00ff);
466 *ptr++ = (uuid16 & 0xff00) >> 8;
467 uuids_start[0] += sizeof(uuid16);
468 }
469
470 return ptr;
471}
472
cdf1963f
JH		 473static u8 *create_uuid32_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
474{
475 u8 *ptr = data, *uuids_start = NULL;
476 struct bt_uuid *uuid;
477
478 if (len < 6)
479 return ptr;
480
481 list_for_each_entry(uuid, &hdev->uuids, list) {
482 if (uuid->size != 32)
483 continue;
484
485 if (!uuids_start) {
486 uuids_start = ptr;
487 uuids_start[0] = 1;
488 uuids_start[1] = EIR_UUID32_ALL;
489 ptr += 2;
490 }
491
492 /* Stop if not enough space to put next UUID */
493 if ((ptr - data) + sizeof(u32) > len) {
494 uuids_start[1] = EIR_UUID32_SOME;
495 break;
496 }
497
498 memcpy(ptr, &uuid->uuid[12], sizeof(u32));
499 ptr += sizeof(u32);
500 uuids_start[0] += sizeof(u32);
501 }
502
503 return ptr;
504}
505
c00d575b
JH		 506static u8 *create_uuid128_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
507{
508 u8 *ptr = data, *uuids_start = NULL;
509 struct bt_uuid *uuid;
510
511 if (len < 18)
512 return ptr;
513
514 list_for_each_entry(uuid, &hdev->uuids, list) {
515 if (uuid->size != 128)
516 continue;
517
518 if (!uuids_start) {
519 uuids_start = ptr;
520 uuids_start[0] = 1;
521 uuids_start[1] = EIR_UUID128_ALL;
522 ptr += 2;
523 }
524
525 /* Stop if not enough space to put next UUID */
526 if ((ptr - data) + 16 > len) {
527 uuids_start[1] = EIR_UUID128_SOME;
528 break;
529 }
530
531 memcpy(ptr, uuid->uuid, 16);
532 ptr += 16;
533 uuids_start[0] += 16;
534 }
535
536 return ptr;
537}
538
f14d8f64
MH		 539static u8 create_scan_rsp_data(struct hci_dev *hdev, u8 *ptr)
540{
541 return 0;
542}
543
544static void update_scan_rsp_data(struct hci_request *req)
545{
546 struct hci_dev *hdev = req->hdev;
547 struct hci_cp_le_set_scan_rsp_data cp;
548 u8 len;
549
550 if (!lmp_le_capable(hdev))
551 return;
552
553 memset(&cp, 0, sizeof(cp));
554
555 len = create_scan_rsp_data(hdev, cp.data);
556
557 if (hdev->adv_data_len == len &&
558 memcmp(cp.data, hdev->adv_data, len) == 0)
559 return;
560
561 memcpy(hdev->adv_data, cp.data, sizeof(cp.data));
562 hdev->adv_data_len = len;
563
564 cp.length = len;
565
566 hci_req_add(req, HCI_OP_LE_SET_SCAN_RSP_DATA, sizeof(cp), &cp);
567}
568
46cad2ed 569static u8 create_adv_data(struct hci_dev *hdev, u8 *ptr)
441ad2d0
MH		 570{
571 u8 ad_len = 0, flags = 0;
572 size_t name_len;
573
574 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags))
575 flags |= LE_AD_GENERAL;
576
577 if (test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
578 if (lmp_le_br_capable(hdev))
579 flags |= LE_AD_SIM_LE_BREDR_CTRL;
580 if (lmp_host_le_br_capable(hdev))
581 flags |= LE_AD_SIM_LE_BREDR_HOST;
582 } else {
583 flags |= LE_AD_NO_BREDR;
584 }
585
586 if (flags) {
587 BT_DBG("adv flags 0x%02x", flags);
588
589 ptr[0] = 2;
590 ptr[1] = EIR_FLAGS;
591 ptr[2] = flags;
592
593 ad_len += 3;
594 ptr += 3;
595 }
596
597 if (hdev->adv_tx_power != HCI_TX_POWER_INVALID) {
598 ptr[0] = 2;
599 ptr[1] = EIR_TX_POWER;
600 ptr[2] = (u8) hdev->adv_tx_power;
601
602 ad_len += 3;
603 ptr += 3;
604 }
605
606 name_len = strlen(hdev->dev_name);
607 if (name_len > 0) {
608 size_t max_len = HCI_MAX_AD_LENGTH - ad_len - 2;
609
610 if (name_len > max_len) {
611 name_len = max_len;
612 ptr[1] = EIR_NAME_SHORT;
613 } else
614 ptr[1] = EIR_NAME_COMPLETE;
615
616 ptr[0] = name_len + 1;
617
618 memcpy(ptr + 2, hdev->dev_name, name_len);
619
620 ad_len += (name_len + 2);
621 ptr += (name_len + 2);
622 }
623
624 return ad_len;
625}
626
627static void update_ad(struct hci_request *req)
628{
629 struct hci_dev *hdev = req->hdev;
630 struct hci_cp_le_set_adv_data cp;
631 u8 len;
632
633 if (!lmp_le_capable(hdev))
634 return;
635
636 memset(&cp, 0, sizeof(cp));
637
46cad2ed 638 len = create_adv_data(hdev, cp.data);
441ad2d0
MH		 639
640 if (hdev->adv_data_len == len &&
641 memcmp(cp.data, hdev->adv_data, len) == 0)
642 return;
643
644 memcpy(hdev->adv_data, cp.data, sizeof(cp.data));
645 hdev->adv_data_len = len;
646
647 cp.length = len;
648
649 hci_req_add(req, HCI_OP_LE_SET_ADV_DATA, sizeof(cp), &cp);
650}
651
ef580372
JH		 652static void create_eir(struct hci_dev *hdev, u8 *data)
653{
654 u8 *ptr = data;
ef580372
JH		 655 size_t name_len;
656
657 name_len = strlen(hdev->dev_name);
658
659 if (name_len > 0) {
660 /* EIR Data type */
661 if (name_len > 48) {
662 name_len = 48;
663 ptr[1] = EIR_NAME_SHORT;
664 } else
665 ptr[1] = EIR_NAME_COMPLETE;
666
667 /* EIR Data length */
668 ptr[0] = name_len + 1;
669
670 memcpy(ptr + 2, hdev->dev_name, name_len);
671
ef580372
JH		 672 ptr += (name_len + 2);
673 }
674
bbaf444a 675 if (hdev->inq_tx_power != HCI_TX_POWER_INVALID) {
91c4e9b1
MH		 676 ptr[0] = 2;
677 ptr[1] = EIR_TX_POWER;
678 ptr[2] = (u8) hdev->inq_tx_power;
679
91c4e9b1
MH		 680 ptr += 3;
681 }
682
2b9be137
MH		 683 if (hdev->devid_source > 0) {
684 ptr[0] = 9;
685 ptr[1] = EIR_DEVICE_ID;
686
687 put_unaligned_le16(hdev->devid_source, ptr + 2);
688 put_unaligned_le16(hdev->devid_vendor, ptr + 4);
689 put_unaligned_le16(hdev->devid_product, ptr + 6);
690 put_unaligned_le16(hdev->devid_version, ptr + 8);
691
2b9be137
MH		 692 ptr += 10;
693 }
694
213202ed 695 ptr = create_uuid16_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
cdf1963f 696 ptr = create_uuid32_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
c00d575b 697 ptr = create_uuid128_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
ef580372
JH		 698}
699
890ea898 700static void update_eir(struct hci_request *req)
ef580372 701{
890ea898 702 struct hci_dev *hdev = req->hdev;
ef580372
JH		 703 struct hci_cp_write_eir cp;
704
504c8dcd 705 if (!hdev_is_powered(hdev))
890ea898 706 return;
7770c4aa 707
976eb20e 708 if (!lmp_ext_inq_capable(hdev))
890ea898 709 return;
ef580372 710
84bde9d6 711 if (!test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
890ea898 712 return;
ef580372 713
a8b2d5c2 714 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
890ea898 715 return;
ef580372
JH		 716
717 memset(&cp, 0, sizeof(cp));
718
719 create_eir(hdev, cp.data);
720
721 if (memcmp(cp.data, hdev->eir, sizeof(cp.data)) == 0)
890ea898 722 return;
ef580372
JH		 723
724 memcpy(hdev->eir, cp.data, sizeof(cp.data));
725
890ea898 726 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
ef580372
JH		 727}
728
729static u8 get_service_classes(struct hci_dev *hdev)
730{
731 struct bt_uuid *uuid;
732 u8 val = 0;
733
734 list_for_each_entry(uuid, &hdev->uuids, list)
735 val |= uuid->svc_hint;
736
737 return val;
738}
739
890ea898 740static void update_class(struct hci_request *req)
ef580372 741{
890ea898 742 struct hci_dev *hdev = req->hdev;
ef580372
JH		 743 u8 cod[3];
744
745 BT_DBG("%s", hdev->name);
746
504c8dcd 747 if (!hdev_is_powered(hdev))
890ea898 748 return;
7770c4aa 749
a8b2d5c2 750 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
890ea898 751 return;
ef580372
JH		 752
753 cod[0] = hdev->minor_class;
754 cod[1] = hdev->major_class;
755 cod[2] = get_service_classes(hdev);
756
6acd7db4
MH		 757 if (test_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags))
758 cod[1] |= 0x20;
759
ef580372 760 if (memcmp(cod, hdev->dev_class, 3) == 0)
890ea898 761 return;
ef580372 762
890ea898 763 hci_req_add(req, HCI_OP_WRITE_CLASS_OF_DEV, sizeof(cod), cod);
ef580372
JH		 764}
765
7d78525d
JH		 766static void service_cache_off(struct work_struct *work)
767{
768 struct hci_dev *hdev = container_of(work, struct hci_dev,
04124681 769 service_cache.work);
890ea898 770 struct hci_request req;
7d78525d 771
a8b2d5c2 772 if (!test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
7d78525d
JH		 773 return;
774
890ea898
JH		 775 hci_req_init(&req, hdev);
776
7d78525d
JH		 777 hci_dev_lock(hdev);
778
890ea898
JH		 779 update_eir(&req);
780 update_class(&req);
7d78525d
JH		 781
782 hci_dev_unlock(hdev);
890ea898
JH		 783
784 hci_req_run(&req, NULL);
7d78525d
JH		 785}
786
6a919082 787static void mgmt_init_hdev(struct sock *sk, struct hci_dev *hdev)
7d78525d 788{
4f87da80 789 if (test_and_set_bit(HCI_MGMT, &hdev->dev_flags))
6a919082
JH		 790 return;
791
4f87da80 792 INIT_DELAYED_WORK(&hdev->service_cache, service_cache_off);
7d78525d 793
4f87da80
JH		 794 /* Non-mgmt controlled devices get this bit set
795 * implicitly so that pairing works for them, however
796 * for mgmt we require user-space to explicitly enable
797 * it
798 */
799 clear_bit(HCI_PAIRABLE, &hdev->dev_flags);
7d78525d
JH		 800}
801
0f4e68cf 802static int read_controller_info(struct sock *sk, struct hci_dev *hdev,
04124681 803 void *data, u16 data_len)
0381101f 804{
a38528f1 805 struct mgmt_rp_read_info rp;
f7b64e69 806
bdb6d971 807 BT_DBG("sock %p %s", sk, hdev->name);
f7b64e69 808
09fd0de5 809 hci_dev_lock(hdev);
f7b64e69 810
dc4fe30b
JH		 811 memset(&rp, 0, sizeof(rp));
812
69ab39ea 813 bacpy(&rp.bdaddr, &hdev->bdaddr);
f7b64e69 814
69ab39ea 815 rp.version = hdev->hci_ver;
eb55ef07 816 rp.manufacturer = cpu_to_le16(hdev->manufacturer);
69ab39ea
JH		 817
818 rp.supported_settings = cpu_to_le32(get_supported_settings(hdev));
819 rp.current_settings = cpu_to_le32(get_current_settings(hdev));
f7b64e69 820
a38528f1 821 memcpy(rp.dev_class, hdev->dev_class, 3);
f7b64e69 822
dc4fe30b 823 memcpy(rp.name, hdev->dev_name, sizeof(hdev->dev_name));
27fcc362 824 memcpy(rp.short_name, hdev->short_name, sizeof(hdev->short_name));
dc4fe30b 825
09fd0de5 826 hci_dev_unlock(hdev);
0381101f 827
bdb6d971 828 return cmd_complete(sk, hdev->id, MGMT_OP_READ_INFO, 0, &rp,
04124681 829 sizeof(rp));
0381101f
JH		 830}
831
eec8d2bc
JH		 832static void mgmt_pending_free(struct pending_cmd *cmd)
833{
834 sock_put(cmd->sk);
c68fb7ff 835 kfree(cmd->param);
eec8d2bc
JH		 836 kfree(cmd);
837}
838
366a0336 839static struct pending_cmd *mgmt_pending_add(struct sock *sk, u16 opcode,
04124681
GP		 840 struct hci_dev *hdev, void *data,
841 u16 len)
eec8d2bc
JH		 842{
843 struct pending_cmd *cmd;
844
12b94565 845 cmd = kmalloc(sizeof(*cmd), GFP_KERNEL);
eec8d2bc 846 if (!cmd)
366a0336 847 return NULL;
eec8d2bc
JH		 848
849 cmd->opcode = opcode;
2e58ef3e 850 cmd->index = hdev->id;
eec8d2bc 851
12b94565 852 cmd->param = kmalloc(len, GFP_KERNEL);
c68fb7ff 853 if (!cmd->param) {
eec8d2bc 854 kfree(cmd);
366a0336 855 return NULL;
eec8d2bc
JH		 856 }
857
8fce6357
SJ		 858 if (data)
859 memcpy(cmd->param, data, len);
eec8d2bc
JH		 860
861 cmd->sk = sk;
862 sock_hold(sk);
863
2e58ef3e 864 list_add(&cmd->list, &hdev->mgmt_pending);
eec8d2bc 865
366a0336 866 return cmd;
eec8d2bc
JH		 867}
868
744cf19e 869static void mgmt_pending_foreach(u16 opcode, struct hci_dev *hdev,
8fc9ced3
GP		 870 void (*cb)(struct pending_cmd *cmd,
871 void *data),
04124681 872 void *data)
eec8d2bc 873{
a3d09356 874 struct pending_cmd *cmd, *tmp;
eec8d2bc 875
a3d09356 876 list_for_each_entry_safe(cmd, tmp, &hdev->mgmt_pending, list) {
b24752fe 877 if (opcode > 0 && cmd->opcode != opcode)
eec8d2bc
JH		 878 continue;
879
eec8d2bc
JH		 880 cb(cmd, data);
881 }
882}
883
2e58ef3e 884static struct pending_cmd *mgmt_pending_find(u16 opcode, struct hci_dev *hdev)
eec8d2bc 885{
8035ded4 886 struct pending_cmd *cmd;
eec8d2bc 887
2e58ef3e 888 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
2aeabcbe
JH		 889 if (cmd->opcode == opcode)
890 return cmd;
eec8d2bc
JH		 891 }
892
893 return NULL;
894}
895
a664b5bc 896static void mgmt_pending_remove(struct pending_cmd *cmd)
73f22f62 897{
73f22f62
JH		 898 list_del(&cmd->list);
899 mgmt_pending_free(cmd);
900}
901
69ab39ea 902static int send_settings_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
8680570b 903{
69ab39ea 904 __le32 settings = cpu_to_le32(get_current_settings(hdev));
8680570b 905
aee9b218 906 return cmd_complete(sk, hdev->id, opcode, 0, &settings,
04124681 907 sizeof(settings));
8680570b
JH		 908}
909
bdb6d971 910static int set_powered(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 911 u16 len)
eec8d2bc 912{
650f726d 913 struct mgmt_mode *cp = data;
366a0336 914 struct pending_cmd *cmd;
4b34ee78 915 int err;
eec8d2bc 916
bdb6d971 917 BT_DBG("request for %s", hdev->name);
eec8d2bc 918
a7e80f25
JH		 919 if (cp->val != 0x00 && cp->val != 0x01)
920 return cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
921 MGMT_STATUS_INVALID_PARAMS);
922
09fd0de5 923 hci_dev_lock(hdev);
eec8d2bc 924
87b95ba6
JH		 925 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev)) {
926 err = cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
927 MGMT_STATUS_BUSY);
928 goto failed;
929 }
930
f0d4b78a
MH		 931 if (test_and_clear_bit(HCI_AUTO_OFF, &hdev->dev_flags)) {
932 cancel_delayed_work(&hdev->power_off);
933
934 if (cp->val) {
a1d70450
JH		 935 mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev,
936 data, len);
937 err = mgmt_powered(hdev, 1);
f0d4b78a
MH		 938 goto failed;
939 }
940 }
941
4b34ee78 942 if (!!cp->val == hdev_is_powered(hdev)) {
69ab39ea 943 err = send_settings_rsp(sk, MGMT_OP_SET_POWERED, hdev);
eec8d2bc
JH		 944 goto failed;
945 }
946
2e58ef3e 947 cmd = mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev, data, len);
366a0336
JH		 948 if (!cmd) {
949 err = -ENOMEM;
eec8d2bc 950 goto failed;
366a0336 951 }
eec8d2bc 952
72a734ec 953 if (cp->val)
19202573 954 queue_work(hdev->req_workqueue, &hdev->power_on);
eec8d2bc 955 else
19202573 956 queue_work(hdev->req_workqueue, &hdev->power_off.work);
eec8d2bc 957
366a0336 958 err = 0;
eec8d2bc
JH		 959
960failed:
09fd0de5 961 hci_dev_unlock(hdev);
366a0336 962 return err;
eec8d2bc
JH		 963}
964
04124681
GP		 965static int mgmt_event(u16 event, struct hci_dev *hdev, void *data, u16 data_len,
966 struct sock *skip_sk)
beadb2bd
JH		 967{
968 struct sk_buff *skb;
969 struct mgmt_hdr *hdr;
970
790eff44 971 skb = alloc_skb(sizeof(*hdr) + data_len, GFP_KERNEL);
beadb2bd
JH		 972 if (!skb)
973 return -ENOMEM;
974
975 hdr = (void *) skb_put(skb, sizeof(*hdr));
976 hdr->opcode = cpu_to_le16(event);
977 if (hdev)
978 hdr->index = cpu_to_le16(hdev->id);
979 else
612dfce9 980 hdr->index = __constant_cpu_to_le16(MGMT_INDEX_NONE);
beadb2bd
JH		 981 hdr->len = cpu_to_le16(data_len);
982
983 if (data)
984 memcpy(skb_put(skb, data_len), data, data_len);
985
97e0bdeb
MH		 986 /* Time stamp */
987 __net_timestamp(skb);
988
beadb2bd
JH		 989 hci_send_to_control(skb, skip_sk);
990 kfree_skb(skb);
991
992 return 0;
993}
994
995static int new_settings(struct hci_dev *hdev, struct sock *skip)
996{
997 __le32 ev;
998
999 ev = cpu_to_le32(get_current_settings(hdev));
1000
1001 return mgmt_event(MGMT_EV_NEW_SETTINGS, hdev, &ev, sizeof(ev), skip);
1002}
1003
bd99abdd
JH		 1004struct cmd_lookup {
1005 struct sock *sk;
1006 struct hci_dev *hdev;
1007 u8 mgmt_status;
1008};
1009
1010static void settings_rsp(struct pending_cmd *cmd, void *data)
1011{
1012 struct cmd_lookup *match = data;
1013
1014 send_settings_rsp(cmd->sk, cmd->opcode, match->hdev);
1015
1016 list_del(&cmd->list);
1017
1018 if (match->sk == NULL) {
1019 match->sk = cmd->sk;
1020 sock_hold(match->sk);
1021 }
1022
1023 mgmt_pending_free(cmd);
1024}
1025
1026static void cmd_status_rsp(struct pending_cmd *cmd, void *data)
1027{
1028 u8 *status = data;
1029
1030 cmd_status(cmd->sk, cmd->index, cmd->opcode, *status);
1031 mgmt_pending_remove(cmd);
1032}
1033
e6fe7986
JH		 1034static u8 mgmt_bredr_support(struct hci_dev *hdev)
1035{
1036 if (!lmp_bredr_capable(hdev))
1037 return MGMT_STATUS_NOT_SUPPORTED;
1038 else if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
1039 return MGMT_STATUS_REJECTED;
1040 else
1041 return MGMT_STATUS_SUCCESS;
1042}
1043
1044static u8 mgmt_le_support(struct hci_dev *hdev)
1045{
1046 if (!lmp_le_capable(hdev))
1047 return MGMT_STATUS_NOT_SUPPORTED;
1048 else if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
1049 return MGMT_STATUS_REJECTED;
1050 else
1051 return MGMT_STATUS_SUCCESS;
1052}
1053
bfaf8c9f
JH		 1054static void set_discoverable_complete(struct hci_dev *hdev, u8 status)
1055{
1056 struct pending_cmd *cmd;
1057 struct mgmt_mode *cp;
970ba524 1058 struct hci_request req;
bfaf8c9f
JH		 1059 bool changed;
1060
1061 BT_DBG("status 0x%02x", status);
1062
1063 hci_dev_lock(hdev);
1064
1065 cmd = mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev);
1066 if (!cmd)
1067 goto unlock;
1068
1069 if (status) {
1070 u8 mgmt_err = mgmt_status(status);
1071 cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
310a3d48 1072 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
bfaf8c9f
JH		 1073 goto remove_cmd;
1074 }
1075
1076 cp = cmd->param;
d4462a07 1077 if (cp->val) {
bfaf8c9f
JH		 1078 changed = !test_and_set_bit(HCI_DISCOVERABLE,
1079 &hdev->dev_flags);
d4462a07
MH		 1080
1081 if (hdev->discov_timeout > 0) {
1082 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
1083 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
1084 to);
1085 }
1086 } else {
bfaf8c9f
JH		 1087 changed = test_and_clear_bit(HCI_DISCOVERABLE,
1088 &hdev->dev_flags);
d4462a07 1089 }
bfaf8c9f
JH		 1090
1091 send_settings_rsp(cmd->sk, MGMT_OP_SET_DISCOVERABLE, hdev);
1092
1093 if (changed)
1094 new_settings(hdev, cmd->sk);
1095
970ba524
MH		 1096 /* When the discoverable mode gets changed, make sure
1097 * that class of device has the limited discoverable
1098 * bit correctly set.
1099 */
1100 hci_req_init(&req, hdev);
1101 update_class(&req);
1102 hci_req_run(&req, NULL);
1103
bfaf8c9f
JH		 1104remove_cmd:
1105 mgmt_pending_remove(cmd);
1106
1107unlock:
1108 hci_dev_unlock(hdev);
1109}
1110
bdb6d971 1111static int set_discoverable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1112 u16 len)
73f22f62 1113{
650f726d 1114 struct mgmt_cp_set_discoverable *cp = data;
366a0336 1115 struct pending_cmd *cmd;
bfaf8c9f 1116 struct hci_request req;
5e5282bb 1117 u16 timeout;
e6fe7986 1118 u8 scan, status;
73f22f62
JH		 1119 int err;
1120
bdb6d971 1121 BT_DBG("request for %s", hdev->name);
73f22f62 1122
e6fe7986
JH		 1123 status = mgmt_bredr_support(hdev);
1124 if (status)
33c525c0 1125 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
e6fe7986 1126 status);
33c525c0 1127
310a3d48 1128 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
a7e80f25
JH		 1129 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1130 MGMT_STATUS_INVALID_PARAMS);
1131
1f350c87 1132 timeout = __le16_to_cpu(cp->timeout);
310a3d48
MH		 1133
1134 /* Disabling discoverable requires that no timeout is set,
1135 * and enabling limited discoverable requires a timeout.
1136 */
1137 if ((cp->val == 0x00 && timeout > 0) ||
1138 (cp->val == 0x02 && timeout == 0))
bdb6d971 1139 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 1140 MGMT_STATUS_INVALID_PARAMS);
73f22f62 1141
09fd0de5 1142 hci_dev_lock(hdev);
73f22f62 1143
5e5282bb 1144 if (!hdev_is_powered(hdev) && timeout > 0) {
bdb6d971 1145 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 1146 MGMT_STATUS_NOT_POWERED);
73f22f62
JH		 1147 goto failed;
1148 }
1149
2e58ef3e 1150 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
8ce8e2b5 1151 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
bdb6d971 1152 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 1153 MGMT_STATUS_BUSY);
73f22f62
JH		 1154 goto failed;
1155 }
1156
5e5282bb 1157 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags)) {
bdb6d971 1158 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 1159 MGMT_STATUS_REJECTED);
5e5282bb
JH		 1160 goto failed;
1161 }
1162
1163 if (!hdev_is_powered(hdev)) {
0224d2fa
JH		 1164 bool changed = false;
1165
310a3d48
MH		 1166 /* Setting limited discoverable when powered off is
1167 * not a valid operation since it requires a timeout
1168 * and so no need to check HCI_LIMITED_DISCOVERABLE.
1169 */
0224d2fa
JH		 1170 if (!!cp->val != test_bit(HCI_DISCOVERABLE, &hdev->dev_flags)) {
1171 change_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
1172 changed = true;
1173 }
1174
5e5282bb 1175 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
0224d2fa
JH		 1176 if (err < 0)
1177 goto failed;
1178
1179 if (changed)
1180 err = new_settings(hdev, sk);
1181
5e5282bb
JH		 1182 goto failed;
1183 }
1184
310a3d48
MH		 1185 /* If the current mode is the same, then just update the timeout
1186 * value with the new value. And if only the timeout gets updated,
1187 * then no need for any HCI transactions.
1188 */
1189 if (!!cp->val == test_bit(HCI_DISCOVERABLE, &hdev->dev_flags) &&
1190 (cp->val == 0x02) == test_bit(HCI_LIMITED_DISCOVERABLE,
1191 &hdev->dev_flags)) {
36261547
MH		 1192 cancel_delayed_work(&hdev->discov_off);
1193 hdev->discov_timeout = timeout;
955638ec 1194
36261547
MH		 1195 if (cp->val && hdev->discov_timeout > 0) {
1196 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
955638ec 1197 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
36261547 1198 to);
955638ec
MH		 1199 }
1200
69ab39ea 1201 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
73f22f62
JH		 1202 goto failed;
1203 }
1204
2e58ef3e 1205 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DISCOVERABLE, hdev, data, len);
366a0336
JH		 1206 if (!cmd) {
1207 err = -ENOMEM;
73f22f62 1208 goto failed;
366a0336 1209 }
73f22f62 1210
310a3d48
MH		 1211 /* Cancel any potential discoverable timeout that might be
1212 * still active and store new timeout value. The arming of
1213 * the timeout happens in the complete handler.
1214 */
1215 cancel_delayed_work(&hdev->discov_off);
1216 hdev->discov_timeout = timeout;
1217
bfaf8c9f
JH		 1218 hci_req_init(&req, hdev);
1219
73f22f62
JH		 1220 scan = SCAN_PAGE;
1221
310a3d48
MH		 1222 if (cp->val) {
1223 struct hci_cp_write_current_iac_lap hci_cp;
1224
1225 if (cp->val == 0x02) {
1226 /* Limited discoverable mode */
1227 set_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
1228
1229 hci_cp.num_iac = 2;
1230 hci_cp.iac_lap[0] = 0x00; /* LIAC */
1231 hci_cp.iac_lap[1] = 0x8b;
1232 hci_cp.iac_lap[2] = 0x9e;
1233 hci_cp.iac_lap[3] = 0x33; /* GIAC */
1234 hci_cp.iac_lap[4] = 0x8b;
1235 hci_cp.iac_lap[5] = 0x9e;
1236 } else {
1237 /* General discoverable mode */
1238 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
1239
1240 hci_cp.num_iac = 1;
1241 hci_cp.iac_lap[0] = 0x33; /* GIAC */
1242 hci_cp.iac_lap[1] = 0x8b;
1243 hci_cp.iac_lap[2] = 0x9e;
1244 }
1245
1246 hci_req_add(&req, HCI_OP_WRITE_CURRENT_IAC_LAP,
1247 (hci_cp.num_iac * 3) + 1, &hci_cp);
1248
73f22f62 1249 scan |= SCAN_INQUIRY;
310a3d48
MH		 1250 } else {
1251 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
1252 }
73f22f62 1253
310a3d48 1254 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, sizeof(scan), &scan);
bfaf8c9f
JH		 1255
1256 err = hci_req_run(&req, set_discoverable_complete);
73f22f62 1257 if (err < 0)
a664b5bc 1258 mgmt_pending_remove(cmd);
73f22f62
JH		 1259
1260failed:
09fd0de5 1261 hci_dev_unlock(hdev);
73f22f62
JH		 1262 return err;
1263}
1264
406d7804
JH		 1265static void write_fast_connectable(struct hci_request *req, bool enable)
1266{
bd98b996 1267 struct hci_dev *hdev = req->hdev;
406d7804
JH		 1268 struct hci_cp_write_page_scan_activity acp;
1269 u8 type;
1270
4c01f8b8
JH		 1271 if (hdev->hci_ver < BLUETOOTH_VER_1_2)
1272 return;
1273
406d7804
JH		 1274 if (enable) {
1275 type = PAGE_SCAN_TYPE_INTERLACED;
1276
1277 /* 160 msec page scan interval */
1278 acp.interval = __constant_cpu_to_le16(0x0100);
1279 } else {
1280 type = PAGE_SCAN_TYPE_STANDARD; /* default */
1281
1282 /* default 1.28 sec page scan */
1283 acp.interval = __constant_cpu_to_le16(0x0800);
1284 }
1285
1286 acp.window = __constant_cpu_to_le16(0x0012);
1287
bd98b996
JH		 1288 if (__cpu_to_le16(hdev->page_scan_interval) != acp.interval ||
1289 __cpu_to_le16(hdev->page_scan_window) != acp.window)
1290 hci_req_add(req, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY,
1291 sizeof(acp), &acp);
1292
1293 if (hdev->page_scan_type != type)
1294 hci_req_add(req, HCI_OP_WRITE_PAGE_SCAN_TYPE, 1, &type);
406d7804
JH		 1295}
1296
1987fdc7
JH		 1297static u8 get_adv_type(struct hci_dev *hdev)
1298{
1299 struct pending_cmd *cmd;
1300 bool connectable;
1301
1302 /* If there's a pending mgmt command the flag will not yet have
1303 * it's final value, so check for this first.
1304 */
1305 cmd = mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
1306 if (cmd) {
1307 struct mgmt_mode *cp = cmd->param;
1308 connectable = !!cp->val;
1309 } else {
1310 connectable = test_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1311 }
1312
1313 return connectable ? LE_ADV_IND : LE_ADV_NONCONN_IND;
1314}
1315
95c66e75
JH		 1316static void enable_advertising(struct hci_request *req)
1317{
1318 struct hci_dev *hdev = req->hdev;
1319 struct hci_cp_le_set_adv_param cp;
1320 u8 enable = 0x01;
1321
1322 memset(&cp, 0, sizeof(cp));
1323 cp.min_interval = __constant_cpu_to_le16(0x0800);
1324 cp.max_interval = __constant_cpu_to_le16(0x0800);
1987fdc7 1325 cp.type = get_adv_type(hdev);
95c66e75
JH		 1326 if (bacmp(&hdev->bdaddr, BDADDR_ANY))
1327 cp.own_address_type = ADDR_LE_DEV_PUBLIC;
1328 else
1329 cp.own_address_type = ADDR_LE_DEV_RANDOM;
1330 cp.channel_map = 0x07;
1331
1332 hci_req_add(req, HCI_OP_LE_SET_ADV_PARAM, sizeof(cp), &cp);
1333
1334 hci_req_add(req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable), &enable);
1335}
1336
1337static void disable_advertising(struct hci_request *req)
1338{
1339 u8 enable = 0x00;
1340
1341 hci_req_add(req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable), &enable);
1342}
1343
2b76f453
JH		 1344static void set_connectable_complete(struct hci_dev *hdev, u8 status)
1345{
1346 struct pending_cmd *cmd;
d7b856f9
JH		 1347 struct mgmt_mode *cp;
1348 bool changed;
2b76f453
JH		 1349
1350 BT_DBG("status 0x%02x", status);
1351
1352 hci_dev_lock(hdev);
1353
1354 cmd = mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
1355 if (!cmd)
1356 goto unlock;
1357
37438c1f
JH		 1358 if (status) {
1359 u8 mgmt_err = mgmt_status(status);
1360 cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
1361 goto remove_cmd;
1362 }
1363
d7b856f9
JH		 1364 cp = cmd->param;
1365 if (cp->val)
1366 changed = !test_and_set_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1367 else
1368 changed = test_and_clear_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1369
2b76f453
JH		 1370 send_settings_rsp(cmd->sk, MGMT_OP_SET_CONNECTABLE, hdev);
1371
d7b856f9
JH		 1372 if (changed)
1373 new_settings(hdev, cmd->sk);
1374
37438c1f 1375remove_cmd:
2b76f453
JH		 1376 mgmt_pending_remove(cmd);
1377
1378unlock:
1379 hci_dev_unlock(hdev);
1380}
1381
bdb6d971 1382static int set_connectable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1383 u16 len)
9fbcbb45 1384{
650f726d 1385 struct mgmt_mode *cp = data;
366a0336 1386 struct pending_cmd *cmd;
2b76f453 1387 struct hci_request req;
1987fdc7 1388 u8 scan;
9fbcbb45
JH		 1389 int err;
1390
bdb6d971 1391 BT_DBG("request for %s", hdev->name);
9fbcbb45 1392
1987fdc7
JH		 1393 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags) &&
1394 !test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
33c525c0 1395 return cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1987fdc7 1396 MGMT_STATUS_REJECTED);
33c525c0 1397
a7e80f25
JH		 1398 if (cp->val != 0x00 && cp->val != 0x01)
1399 return cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1400 MGMT_STATUS_INVALID_PARAMS);
1401
09fd0de5 1402 hci_dev_lock(hdev);
9fbcbb45 1403
4b34ee78 1404 if (!hdev_is_powered(hdev)) {
0224d2fa
JH		 1405 bool changed = false;
1406
1407 if (!!cp->val != test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
1408 changed = true;
1409
6bf0e469 1410 if (cp->val) {
5e5282bb 1411 set_bit(HCI_CONNECTABLE, &hdev->dev_flags);
6bf0e469 1412 } else {
5e5282bb
JH		 1413 clear_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1414 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
1415 }
0224d2fa 1416
5e5282bb 1417 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
0224d2fa
JH		 1418 if (err < 0)
1419 goto failed;
1420
1421 if (changed)
1422 err = new_settings(hdev, sk);
1423
9fbcbb45
JH		 1424 goto failed;
1425 }
1426
2e58ef3e 1427 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
8ce8e2b5 1428 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
bdb6d971 1429 err = cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
04124681 1430 MGMT_STATUS_BUSY);
9fbcbb45
JH		 1431 goto failed;
1432 }
1433
2e58ef3e 1434 cmd = mgmt_pending_add(sk, MGMT_OP_SET_CONNECTABLE, hdev, data, len);
366a0336
JH		 1435 if (!cmd) {
1436 err = -ENOMEM;
9fbcbb45 1437 goto failed;
366a0336 1438 }
9fbcbb45 1439
9b74246f 1440 hci_req_init(&req, hdev);
9fbcbb45 1441
9b74246f
JH		 1442 if (test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags) &&
1443 cp->val != test_bit(HCI_PSCAN, &hdev->flags)) {
9b74246f
JH		 1444 if (cp->val) {
1445 scan = SCAN_PAGE;
1446 } else {
1447 scan = 0;
1448
1449 if (test_bit(HCI_ISCAN, &hdev->flags) &&
8d6083fe 1450 hdev->discov_timeout > 0)
9b74246f
JH		 1451 cancel_delayed_work(&hdev->discov_off);
1452 }
2b76f453 1453
9b74246f
JH		 1454 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1455 }
2b76f453 1456
4c01f8b8
JH		 1457 /* If we're going from non-connectable to connectable or
1458 * vice-versa when fast connectable is enabled ensure that fast
1459 * connectable gets disabled. write_fast_connectable won't do
1460 * anything if the page scan parameters are already what they
1461 * should be.
1462 */
1463 if (cp->val || test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags))
e36a3769
JH		 1464 write_fast_connectable(&req, false);
1465
1987fdc7
JH		 1466 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags) &&
1467 hci_conn_num(hdev, LE_LINK) == 0) {
1468 disable_advertising(&req);
1469 enable_advertising(&req);
1470 }
1471
2b76f453 1472 err = hci_req_run(&req, set_connectable_complete);
9b74246f 1473 if (err < 0) {
a664b5bc 1474 mgmt_pending_remove(cmd);
9b74246f
JH		 1475 if (err == -ENODATA)
1476 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE,
1477 hdev);
1478 goto failed;
1479 }
9fbcbb45
JH		 1480
1481failed:
09fd0de5 1482 hci_dev_unlock(hdev);
9fbcbb45
JH		 1483 return err;
1484}
1485
bdb6d971 1486static int set_pairable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1487 u16 len)
c542a06c 1488{
650f726d 1489 struct mgmt_mode *cp = data;
55594356 1490 bool changed;
c542a06c
JH		 1491 int err;
1492
bdb6d971 1493 BT_DBG("request for %s", hdev->name);
c542a06c 1494
a7e80f25
JH		 1495 if (cp->val != 0x00 && cp->val != 0x01)
1496 return cmd_status(sk, hdev->id, MGMT_OP_SET_PAIRABLE,
1497 MGMT_STATUS_INVALID_PARAMS);
1498
09fd0de5 1499 hci_dev_lock(hdev);
c542a06c
JH		 1500
1501 if (cp->val)
55594356 1502 changed = !test_and_set_bit(HCI_PAIRABLE, &hdev->dev_flags);
c542a06c 1503 else
55594356 1504 changed = test_and_clear_bit(HCI_PAIRABLE, &hdev->dev_flags);
c542a06c 1505
69ab39ea 1506 err = send_settings_rsp(sk, MGMT_OP_SET_PAIRABLE, hdev);
c542a06c 1507 if (err < 0)
55594356 1508 goto unlock;
c542a06c 1509
55594356
MH		 1510 if (changed)
1511 err = new_settings(hdev, sk);
c542a06c 1512
55594356 1513unlock:
09fd0de5 1514 hci_dev_unlock(hdev);
c542a06c
JH		 1515 return err;
1516}
1517
04124681
GP		 1518static int set_link_security(struct sock *sk, struct hci_dev *hdev, void *data,
1519 u16 len)
33ef95ed
JH		 1520{
1521 struct mgmt_mode *cp = data;
1522 struct pending_cmd *cmd;
e6fe7986 1523 u8 val, status;
33ef95ed
JH		 1524 int err;
1525
bdb6d971 1526 BT_DBG("request for %s", hdev->name);
33ef95ed 1527
e6fe7986
JH		 1528 status = mgmt_bredr_support(hdev);
1529 if (status)
33c525c0 1530 return cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
e6fe7986 1531 status);
33c525c0 1532
a7e80f25
JH		 1533 if (cp->val != 0x00 && cp->val != 0x01)
1534 return cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1535 MGMT_STATUS_INVALID_PARAMS);
1536
33ef95ed
JH		 1537 hci_dev_lock(hdev);
1538
4b34ee78 1539 if (!hdev_is_powered(hdev)) {
47990ea0
JH		 1540 bool changed = false;
1541
1542 if (!!cp->val != test_bit(HCI_LINK_SECURITY,
8ce8e2b5 1543 &hdev->dev_flags)) {
47990ea0
JH		 1544 change_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
1545 changed = true;
1546 }
1547
1548 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1549 if (err < 0)
1550 goto failed;
1551
1552 if (changed)
1553 err = new_settings(hdev, sk);
1554
33ef95ed
JH		 1555 goto failed;
1556 }
1557
1558 if (mgmt_pending_find(MGMT_OP_SET_LINK_SECURITY, hdev)) {
bdb6d971 1559 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
04124681 1560 MGMT_STATUS_BUSY);
33ef95ed
JH		 1561 goto failed;
1562 }
1563
1564 val = !!cp->val;
1565
1566 if (test_bit(HCI_AUTH, &hdev->flags) == val) {
1567 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1568 goto failed;
1569 }
1570
1571 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LINK_SECURITY, hdev, data, len);
1572 if (!cmd) {
1573 err = -ENOMEM;
1574 goto failed;
1575 }
1576
1577 err = hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE, sizeof(val), &val);
1578 if (err < 0) {
1579 mgmt_pending_remove(cmd);
1580 goto failed;
1581 }
1582
1583failed:
1584 hci_dev_unlock(hdev);
33ef95ed
JH		 1585 return err;
1586}
1587
bdb6d971 1588static int set_ssp(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
ed2c4ee3
JH		 1589{
1590 struct mgmt_mode *cp = data;
1591 struct pending_cmd *cmd;
72ef0c1a 1592 u8 status;
ed2c4ee3
JH		 1593 int err;
1594
bdb6d971 1595 BT_DBG("request for %s", hdev->name);
ed2c4ee3 1596
cdba5281
MH		 1597 status = mgmt_bredr_support(hdev);
1598 if (status)
1599 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP, status);
1600
13ecd8b6
JH		 1601 if (!lmp_ssp_capable(hdev))
1602 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1603 MGMT_STATUS_NOT_SUPPORTED);
ed2c4ee3 1604
a7e80f25
JH		 1605 if (cp->val != 0x00 && cp->val != 0x01)
1606 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1607 MGMT_STATUS_INVALID_PARAMS);
1608
13ecd8b6 1609 hci_dev_lock(hdev);
6c8f12c1 1610
4b34ee78 1611 if (!hdev_is_powered(hdev)) {
9ecb3e24 1612 bool changed;
c0ecddc2 1613
9ecb3e24
MH		 1614 if (cp->val) {
1615 changed = !test_and_set_bit(HCI_SSP_ENABLED,
1616 &hdev->dev_flags);
1617 } else {
1618 changed = test_and_clear_bit(HCI_SSP_ENABLED,
1619 &hdev->dev_flags);
1620 if (!changed)
1621 changed = test_and_clear_bit(HCI_HS_ENABLED,
1622 &hdev->dev_flags);
1623 else
1624 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
c0ecddc2
JH		 1625 }
1626
1627 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1628 if (err < 0)
1629 goto failed;
1630
1631 if (changed)
1632 err = new_settings(hdev, sk);
1633
ed2c4ee3
JH		 1634 goto failed;
1635 }
1636
9ecb3e24
MH		 1637 if (mgmt_pending_find(MGMT_OP_SET_SSP, hdev) ||
1638 mgmt_pending_find(MGMT_OP_SET_HS, hdev)) {
d97dcb66
SJ		 1639 err = cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1640 MGMT_STATUS_BUSY);
ed2c4ee3
JH		 1641 goto failed;
1642 }
1643
72ef0c1a 1644 if (!!cp->val == test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) {
ed2c4ee3
JH		 1645 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1646 goto failed;
1647 }
1648
1649 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SSP, hdev, data, len);
1650 if (!cmd) {
1651 err = -ENOMEM;
1652 goto failed;
1653 }
1654
72ef0c1a 1655 err = hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, 1, &cp->val);
ed2c4ee3
JH		 1656 if (err < 0) {
1657 mgmt_pending_remove(cmd);
1658 goto failed;
1659 }
1660
1661failed:
1662 hci_dev_unlock(hdev);
ed2c4ee3
JH		 1663 return err;
1664}
1665
bdb6d971 1666static int set_hs(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
6d80dfd0
JH		 1667{
1668 struct mgmt_mode *cp = data;
ee392693 1669 bool changed;
e6fe7986 1670 u8 status;
ee392693 1671 int err;
6d80dfd0 1672
bdb6d971 1673 BT_DBG("request for %s", hdev->name);
6d80dfd0 1674
e6fe7986
JH		 1675 status = mgmt_bredr_support(hdev);
1676 if (status)
1677 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS, status);
6d80dfd0 1678
9ecb3e24
MH		 1679 if (!lmp_ssp_capable(hdev))
1680 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1681 MGMT_STATUS_NOT_SUPPORTED);
1682
1683 if (!test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
1684 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1685 MGMT_STATUS_REJECTED);
1686
a7e80f25
JH		 1687 if (cp->val != 0x00 && cp->val != 0x01)
1688 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1689 MGMT_STATUS_INVALID_PARAMS);
1690
ee392693
MH		 1691 hci_dev_lock(hdev);
1692
a0cdf960 1693 if (cp->val) {
ee392693 1694 changed = !test_and_set_bit(HCI_HS_ENABLED, &hdev->dev_flags);
a0cdf960
MH		 1695 } else {
1696 if (hdev_is_powered(hdev)) {
1697 err = cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1698 MGMT_STATUS_REJECTED);
1699 goto unlock;
1700 }
1701
ee392693 1702 changed = test_and_clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
a0cdf960 1703 }
ee392693
MH		 1704
1705 err = send_settings_rsp(sk, MGMT_OP_SET_HS, hdev);
1706 if (err < 0)
1707 goto unlock;
1708
1709 if (changed)
1710 err = new_settings(hdev, sk);
6d80dfd0 1711
ee392693
MH		 1712unlock:
1713 hci_dev_unlock(hdev);
1714 return err;
6d80dfd0
JH		 1715}
1716
416a4ae5
JH		 1717static void le_enable_complete(struct hci_dev *hdev, u8 status)
1718{
1719 struct cmd_lookup match = { NULL, hdev };
1720
1721 if (status) {
1722 u8 mgmt_err = mgmt_status(status);
1723
1724 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, cmd_status_rsp,
1725 &mgmt_err);
1726 return;
1727 }
1728
1729 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, settings_rsp, &match);
1730
1731 new_settings(hdev, match.sk);
1732
1733 if (match.sk)
1734 sock_put(match.sk);
441ad2d0
MH		 1735
1736 /* Make sure the controller has a good default for
1737 * advertising data. Restrict the update to when LE
1738 * has actually been enabled. During power on, the
1739 * update in powered_update_hci will take care of it.
1740 */
1741 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
1742 struct hci_request req;
1743
1744 hci_dev_lock(hdev);
1745
1746 hci_req_init(&req, hdev);
1747 update_ad(&req);
f14d8f64 1748 update_scan_rsp_data(&req);
441ad2d0
MH		 1749 hci_req_run(&req, NULL);
1750
1751 hci_dev_unlock(hdev);
1752 }
416a4ae5
JH		 1753}
1754
bdb6d971 1755static int set_le(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
06199cf8
JH		 1756{
1757 struct mgmt_mode *cp = data;
1758 struct hci_cp_write_le_host_supported hci_cp;
1759 struct pending_cmd *cmd;
416a4ae5 1760 struct hci_request req;
06199cf8 1761 int err;
0b60eba1 1762 u8 val, enabled;
06199cf8 1763
bdb6d971 1764 BT_DBG("request for %s", hdev->name);
06199cf8 1765
13ecd8b6
JH		 1766 if (!lmp_le_capable(hdev))
1767 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1768 MGMT_STATUS_NOT_SUPPORTED);
1de028ce 1769
a7e80f25
JH		 1770 if (cp->val != 0x00 && cp->val != 0x01)
1771 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1772 MGMT_STATUS_INVALID_PARAMS);
1773
c73eee91 1774 /* LE-only devices do not allow toggling LE on/off */
56f87901 1775 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
c73eee91
JH		 1776 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1777 MGMT_STATUS_REJECTED);
1778
13ecd8b6 1779 hci_dev_lock(hdev);
06199cf8
JH		 1780
1781 val = !!cp->val;
ffa88e02 1782 enabled = lmp_host_le_capable(hdev);
06199cf8 1783
0b60eba1 1784 if (!hdev_is_powered(hdev) || val == enabled) {
06199cf8
JH		 1785 bool changed = false;
1786
1787 if (val != test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
1788 change_bit(HCI_LE_ENABLED, &hdev->dev_flags);
1789 changed = true;
1790 }
1791
f3d3444a
JH		 1792 if (!val && test_bit(HCI_ADVERTISING, &hdev->dev_flags)) {
1793 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
eeca6f89
JH		 1794 changed = true;
1795 }
1796
06199cf8
JH		 1797 err = send_settings_rsp(sk, MGMT_OP_SET_LE, hdev);
1798 if (err < 0)
1de028ce 1799 goto unlock;
06199cf8
JH		 1800
1801 if (changed)
1802 err = new_settings(hdev, sk);
1803
1de028ce 1804 goto unlock;
06199cf8
JH		 1805 }
1806
4375f103
JH		 1807 if (mgmt_pending_find(MGMT_OP_SET_LE, hdev) ||
1808 mgmt_pending_find(MGMT_OP_SET_ADVERTISING, hdev)) {
bdb6d971 1809 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
04124681 1810 MGMT_STATUS_BUSY);
1de028ce 1811 goto unlock;
06199cf8
JH		 1812 }
1813
1814 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LE, hdev, data, len);
1815 if (!cmd) {
1816 err = -ENOMEM;
1de028ce 1817 goto unlock;
06199cf8
JH		 1818 }
1819
441ad2d0
MH		 1820 hci_req_init(&req, hdev);
1821
06199cf8
JH		 1822 memset(&hci_cp, 0, sizeof(hci_cp));
1823
1824 if (val) {
1825 hci_cp.le = val;
ffa88e02 1826 hci_cp.simul = lmp_le_br_capable(hdev);
441ad2d0
MH		 1827 } else {
1828 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags))
1829 disable_advertising(&req);
06199cf8
JH		 1830 }
1831
416a4ae5
JH		 1832 hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(hci_cp),
1833 &hci_cp);
1834
1835 err = hci_req_run(&req, le_enable_complete);
0c01bc48 1836 if (err < 0)
06199cf8 1837 mgmt_pending_remove(cmd);
06199cf8 1838
1de028ce
JH		 1839unlock:
1840 hci_dev_unlock(hdev);
06199cf8
JH		 1841 return err;
1842}
1843
0cab9c80
JH		 1844/* This is a helper function to test for pending mgmt commands that can
1845 * cause CoD or EIR HCI commands. We can only allow one such pending
1846 * mgmt command at a time since otherwise we cannot easily track what
1847 * the current values are, will be, and based on that calculate if a new
1848 * HCI command needs to be sent and if yes with what value.
1849 */
1850static bool pending_eir_or_class(struct hci_dev *hdev)
1851{
1852 struct pending_cmd *cmd;
1853
1854 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
1855 switch (cmd->opcode) {
1856 case MGMT_OP_ADD_UUID:
1857 case MGMT_OP_REMOVE_UUID:
1858 case MGMT_OP_SET_DEV_CLASS:
1859 case MGMT_OP_SET_POWERED:
1860 return true;
1861 }
1862 }
1863
1864 return false;
1865}
1866
83be8eca
JH		 1867static const u8 bluetooth_base_uuid[] = {
1868 0xfb, 0x34, 0x9b, 0x5f, 0x80, 0x00, 0x00, 0x80,
1869 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1870};
1871
1872static u8 get_uuid_size(const u8 *uuid)
1873{
1874 u32 val;
1875
1876 if (memcmp(uuid, bluetooth_base_uuid, 12))
1877 return 128;
1878
1879 val = get_unaligned_le32(&uuid[12]);
1880 if (val > 0xffff)
1881 return 32;
1882
1883 return 16;
1884}
1885
92da6097
JH		 1886static void mgmt_class_complete(struct hci_dev *hdev, u16 mgmt_op, u8 status)
1887{
1888 struct pending_cmd *cmd;
1889
1890 hci_dev_lock(hdev);
1891
1892 cmd = mgmt_pending_find(mgmt_op, hdev);
1893 if (!cmd)
1894 goto unlock;
1895
1896 cmd_complete(cmd->sk, cmd->index, cmd->opcode, mgmt_status(status),
1897 hdev->dev_class, 3);
1898
1899 mgmt_pending_remove(cmd);
1900
1901unlock:
1902 hci_dev_unlock(hdev);
1903}
1904
1905static void add_uuid_complete(struct hci_dev *hdev, u8 status)
1906{
1907 BT_DBG("status 0x%02x", status);
1908
1909 mgmt_class_complete(hdev, MGMT_OP_ADD_UUID, status);
1910}
1911
bdb6d971 1912static int add_uuid(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
2aeb9a1a 1913{
650f726d 1914 struct mgmt_cp_add_uuid *cp = data;
90e70454 1915 struct pending_cmd *cmd;
890ea898 1916 struct hci_request req;
2aeb9a1a 1917 struct bt_uuid *uuid;
2aeb9a1a
JH		 1918 int err;
1919
bdb6d971 1920 BT_DBG("request for %s", hdev->name);
2aeb9a1a 1921
09fd0de5 1922 hci_dev_lock(hdev);
2aeb9a1a 1923
0cab9c80 1924 if (pending_eir_or_class(hdev)) {
bdb6d971 1925 err = cmd_status(sk, hdev->id, MGMT_OP_ADD_UUID,
04124681 1926 MGMT_STATUS_BUSY);
c95f0ba7
JH		 1927 goto failed;
1928 }
1929
92c4c204 1930 uuid = kmalloc(sizeof(*uuid), GFP_KERNEL);
2aeb9a1a
JH		 1931 if (!uuid) {
1932 err = -ENOMEM;
1933 goto failed;
1934 }
1935
1936 memcpy(uuid->uuid, cp->uuid, 16);
1aff6f09 1937 uuid->svc_hint = cp->svc_hint;
83be8eca 1938 uuid->size = get_uuid_size(cp->uuid);
2aeb9a1a 1939
de66aa63 1940 list_add_tail(&uuid->list, &hdev->uuids);
2aeb9a1a 1941
890ea898 1942 hci_req_init(&req, hdev);
1aff6f09 1943
890ea898
JH		 1944 update_class(&req);
1945 update_eir(&req);
1946
92da6097
JH		 1947 err = hci_req_run(&req, add_uuid_complete);
1948 if (err < 0) {
1949 if (err != -ENODATA)
1950 goto failed;
80a1e1db 1951
bdb6d971 1952 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_UUID, 0,
04124681 1953 hdev->dev_class, 3);
90e70454
JH		 1954 goto failed;
1955 }
1956
1957 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_UUID, hdev, data, len);
890ea898 1958 if (!cmd) {
90e70454 1959 err = -ENOMEM;
890ea898
JH		 1960 goto failed;
1961 }
1962
1963 err = 0;
2aeb9a1a
JH		 1964
1965failed:
09fd0de5 1966 hci_dev_unlock(hdev);
2aeb9a1a
JH		 1967 return err;
1968}
1969
24b78d0f
JH		 1970static bool enable_service_cache(struct hci_dev *hdev)
1971{
1972 if (!hdev_is_powered(hdev))
1973 return false;
1974
1975 if (!test_and_set_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
46818ed5
JH		 1976 queue_delayed_work(hdev->workqueue, &hdev->service_cache,
1977 CACHE_TIMEOUT);
24b78d0f
JH		 1978 return true;
1979 }
1980
1981 return false;
1982}
1983
92da6097
JH		 1984static void remove_uuid_complete(struct hci_dev *hdev, u8 status)
1985{
1986 BT_DBG("status 0x%02x", status);
1987
1988 mgmt_class_complete(hdev, MGMT_OP_REMOVE_UUID, status);
1989}
1990
bdb6d971 1991static int remove_uuid(struct sock *sk, struct hci_dev *hdev, void *data,
8ce8e2b5 1992 u16 len)
2aeb9a1a 1993{
650f726d 1994 struct mgmt_cp_remove_uuid *cp = data;
90e70454 1995 struct pending_cmd *cmd;
056341c8 1996 struct bt_uuid *match, *tmp;
2aeb9a1a 1997 u8 bt_uuid_any[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
890ea898 1998 struct hci_request req;
2aeb9a1a
JH		 1999 int err, found;
2000
bdb6d971 2001 BT_DBG("request for %s", hdev->name);
2aeb9a1a 2002
09fd0de5 2003 hci_dev_lock(hdev);
2aeb9a1a 2004
0cab9c80 2005 if (pending_eir_or_class(hdev)) {
bdb6d971 2006 err = cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
04124681 2007 MGMT_STATUS_BUSY);
c95f0ba7
JH		 2008 goto unlock;
2009 }
2010
2aeb9a1a
JH		 2011 if (memcmp(cp->uuid, bt_uuid_any, 16) == 0) {
2012 err = hci_uuids_clear(hdev);
4004b6d9 2013
24b78d0f 2014 if (enable_service_cache(hdev)) {
bdb6d971 2015 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID,
04124681 2016 0, hdev->dev_class, 3);
24b78d0f
JH		 2017 goto unlock;
2018 }
4004b6d9 2019
9246a869 2020 goto update_class;
2aeb9a1a
JH		 2021 }
2022
2023 found = 0;
2024
056341c8 2025 list_for_each_entry_safe(match, tmp, &hdev->uuids, list) {
2aeb9a1a
JH		 2026 if (memcmp(match->uuid, cp->uuid, 16) != 0)
2027 continue;
2028
2029 list_del(&match->list);
482049f7 2030 kfree(match);
2aeb9a1a
JH		 2031 found++;
2032 }
2033
2034 if (found == 0) {
bdb6d971 2035 err = cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
04124681 2036 MGMT_STATUS_INVALID_PARAMS);
2aeb9a1a
JH		 2037 goto unlock;
2038 }
2039
9246a869 2040update_class:
890ea898 2041 hci_req_init(&req, hdev);
1aff6f09 2042
890ea898
JH		 2043 update_class(&req);
2044 update_eir(&req);
2045
92da6097
JH		 2046 err = hci_req_run(&req, remove_uuid_complete);
2047 if (err < 0) {
2048 if (err != -ENODATA)
2049 goto unlock;
80a1e1db 2050
bdb6d971 2051 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID, 0,
04124681 2052 hdev->dev_class, 3);
90e70454
JH		 2053 goto unlock;
2054 }
2055
2056 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_UUID, hdev, data, len);
890ea898 2057 if (!cmd) {
90e70454 2058 err = -ENOMEM;
890ea898
JH		 2059 goto unlock;
2060 }
2061
2062 err = 0;
2aeb9a1a
JH		 2063
2064unlock:
09fd0de5 2065 hci_dev_unlock(hdev);
2aeb9a1a
JH		 2066 return err;
2067}
2068
92da6097
JH		 2069static void set_class_complete(struct hci_dev *hdev, u8 status)
2070{
2071 BT_DBG("status 0x%02x", status);
2072
2073 mgmt_class_complete(hdev, MGMT_OP_SET_DEV_CLASS, status);
2074}
2075
bdb6d971 2076static int set_dev_class(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2077 u16 len)
1aff6f09 2078{
650f726d 2079 struct mgmt_cp_set_dev_class *cp = data;
90e70454 2080 struct pending_cmd *cmd;
890ea898 2081 struct hci_request req;
1aff6f09
JH		 2082 int err;
2083
bdb6d971 2084 BT_DBG("request for %s", hdev->name);
1aff6f09 2085
6203fc98 2086 if (!lmp_bredr_capable(hdev))
13ecd8b6
JH		 2087 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2088 MGMT_STATUS_NOT_SUPPORTED);
1aff6f09 2089
0cab9c80 2090 hci_dev_lock(hdev);
ee98f473 2091
0cab9c80
JH		 2092 if (pending_eir_or_class(hdev)) {
2093 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2094 MGMT_STATUS_BUSY);
2095 goto unlock;
2096 }
c95f0ba7 2097
0cab9c80
JH		 2098 if ((cp->minor & 0x03) != 0 || (cp->major & 0xe0) != 0) {
2099 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2100 MGMT_STATUS_INVALID_PARAMS);
2101 goto unlock;
2102 }
575b3a02 2103
932f5ff5
JH		 2104 hdev->major_class = cp->major;
2105 hdev->minor_class = cp->minor;
2106
b5235a65 2107 if (!hdev_is_powered(hdev)) {
bdb6d971 2108 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
04124681 2109 hdev->dev_class, 3);
b5235a65
JH		 2110 goto unlock;
2111 }
2112
890ea898
JH		 2113 hci_req_init(&req, hdev);
2114
a8b2d5c2 2115 if (test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
7d78525d
JH		 2116 hci_dev_unlock(hdev);
2117 cancel_delayed_work_sync(&hdev->service_cache);
2118 hci_dev_lock(hdev);
890ea898 2119 update_eir(&req);
7d78525d 2120 }
14c0b608 2121
890ea898
JH		 2122 update_class(&req);
2123
92da6097
JH		 2124 err = hci_req_run(&req, set_class_complete);
2125 if (err < 0) {
2126 if (err != -ENODATA)
2127 goto unlock;
1aff6f09 2128
bdb6d971 2129 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
04124681 2130 hdev->dev_class, 3);
90e70454
JH		 2131 goto unlock;
2132 }
2133
2134 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DEV_CLASS, hdev, data, len);
890ea898 2135 if (!cmd) {
90e70454 2136 err = -ENOMEM;
890ea898
JH		 2137 goto unlock;
2138 }
2139
2140 err = 0;
1aff6f09 2141
b5235a65 2142unlock:
09fd0de5 2143 hci_dev_unlock(hdev);
1aff6f09
JH		 2144 return err;
2145}
2146
bdb6d971 2147static int load_link_keys(struct sock *sk, struct hci_dev *hdev, void *data,
8ce8e2b5 2148 u16 len)
55ed8ca1 2149{
650f726d 2150 struct mgmt_cp_load_link_keys *cp = data;
4e51eae9 2151 u16 key_count, expected_len;
a492cd52 2152 int i;
55ed8ca1 2153
9060d5cf
MH		 2154 BT_DBG("request for %s", hdev->name);
2155
2156 if (!lmp_bredr_capable(hdev))
2157 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2158 MGMT_STATUS_NOT_SUPPORTED);
2159
1f350c87 2160 key_count = __le16_to_cpu(cp->key_count);
55ed8ca1 2161
86742e1e
JH		 2162 expected_len = sizeof(*cp) + key_count *
2163 sizeof(struct mgmt_link_key_info);
a492cd52 2164 if (expected_len != len) {
86742e1e 2165 BT_ERR("load_link_keys: expected %u bytes, got %u bytes",
8ce8e2b5 2166 len, expected_len);
bdb6d971 2167 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
04124681 2168 MGMT_STATUS_INVALID_PARAMS);
55ed8ca1
JH		 2169 }
2170
4ae14301
JH		 2171 if (cp->debug_keys != 0x00 && cp->debug_keys != 0x01)
2172 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2173 MGMT_STATUS_INVALID_PARAMS);
2174
bdb6d971 2175 BT_DBG("%s debug_keys %u key_count %u", hdev->name, cp->debug_keys,
8ce8e2b5 2176 key_count);
55ed8ca1 2177
4ee71b20
JH		 2178 for (i = 0; i < key_count; i++) {
2179 struct mgmt_link_key_info *key = &cp->keys[i];
2180
2181 if (key->addr.type != BDADDR_BREDR)
2182 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2183 MGMT_STATUS_INVALID_PARAMS);
2184 }
2185
09fd0de5 2186 hci_dev_lock(hdev);
55ed8ca1
JH		 2187
2188 hci_link_keys_clear(hdev);
2189
55ed8ca1 2190 if (cp->debug_keys)
a8b2d5c2 2191 set_bit(HCI_DEBUG_KEYS, &hdev->dev_flags);
55ed8ca1 2192 else
a8b2d5c2 2193 clear_bit(HCI_DEBUG_KEYS, &hdev->dev_flags);
55ed8ca1 2194
a492cd52 2195 for (i = 0; i < key_count; i++) {
86742e1e 2196 struct mgmt_link_key_info *key = &cp->keys[i];
55ed8ca1 2197
d753fdc4 2198 hci_add_link_key(hdev, NULL, 0, &key->addr.bdaddr, key->val,
04124681 2199 key->type, key->pin_len);
55ed8ca1
JH		 2200 }
2201
bdb6d971 2202 cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS, 0, NULL, 0);
0e5f875a 2203
09fd0de5 2204 hci_dev_unlock(hdev);
55ed8ca1 2205
a492cd52 2206 return 0;
55ed8ca1
JH		 2207}
2208
b1078ad0 2209static int device_unpaired(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 2210 u8 addr_type, struct sock *skip_sk)
b1078ad0
JH		 2211{
2212 struct mgmt_ev_device_unpaired ev;
2213
2214 bacpy(&ev.addr.bdaddr, bdaddr);
2215 ev.addr.type = addr_type;
2216
2217 return mgmt_event(MGMT_EV_DEVICE_UNPAIRED, hdev, &ev, sizeof(ev),
04124681 2218 skip_sk);
b1078ad0
JH		 2219}
2220
bdb6d971 2221static int unpair_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2222 u16 len)
55ed8ca1 2223{
124f6e35
JH		 2224 struct mgmt_cp_unpair_device *cp = data;
2225 struct mgmt_rp_unpair_device rp;
a8a1d19e
JH		 2226 struct hci_cp_disconnect dc;
2227 struct pending_cmd *cmd;
55ed8ca1 2228 struct hci_conn *conn;
55ed8ca1
JH		 2229 int err;
2230
a8a1d19e 2231 memset(&rp, 0, sizeof(rp));
124f6e35
JH		 2232 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2233 rp.addr.type = cp->addr.type;
a8a1d19e 2234
4ee71b20
JH		 2235 if (!bdaddr_type_is_valid(cp->addr.type))
2236 return cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2237 MGMT_STATUS_INVALID_PARAMS,
2238 &rp, sizeof(rp));
2239
118da70b
JH		 2240 if (cp->disconnect != 0x00 && cp->disconnect != 0x01)
2241 return cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2242 MGMT_STATUS_INVALID_PARAMS,
2243 &rp, sizeof(rp));
2244
4ee71b20
JH		 2245 hci_dev_lock(hdev);
2246
86a8cfc6 2247 if (!hdev_is_powered(hdev)) {
bdb6d971 2248 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
04124681 2249 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
86a8cfc6
JH		 2250 goto unlock;
2251 }
2252
591f47f3 2253 if (cp->addr.type == BDADDR_BREDR)
124f6e35
JH		 2254 err = hci_remove_link_key(hdev, &cp->addr.bdaddr);
2255 else
2256 err = hci_remove_ltk(hdev, &cp->addr.bdaddr);
b0dbfb46 2257
55ed8ca1 2258 if (err < 0) {
bdb6d971 2259 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
04124681 2260 MGMT_STATUS_NOT_PAIRED, &rp, sizeof(rp));
55ed8ca1
JH		 2261 goto unlock;
2262 }
2263
86a8cfc6 2264 if (cp->disconnect) {
591f47f3 2265 if (cp->addr.type == BDADDR_BREDR)
86a8cfc6 2266 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
8ce8e2b5 2267 &cp->addr.bdaddr);
86a8cfc6
JH		 2268 else
2269 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK,
8ce8e2b5 2270 &cp->addr.bdaddr);
86a8cfc6
JH		 2271 } else {
2272 conn = NULL;
2273 }
124f6e35 2274
a8a1d19e 2275 if (!conn) {
bdb6d971 2276 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE, 0,
04124681 2277 &rp, sizeof(rp));
b1078ad0 2278 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, sk);
a8a1d19e
JH		 2279 goto unlock;
2280 }
55ed8ca1 2281
124f6e35 2282 cmd = mgmt_pending_add(sk, MGMT_OP_UNPAIR_DEVICE, hdev, cp,
04124681 2283 sizeof(*cp));
a8a1d19e
JH		 2284 if (!cmd) {
2285 err = -ENOMEM;
2286 goto unlock;
55ed8ca1
JH		 2287 }
2288
eb55ef07 2289 dc.handle = cpu_to_le16(conn->handle);
a8a1d19e
JH		 2290 dc.reason = 0x13; /* Remote User Terminated Connection */
2291 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
2292 if (err < 0)
2293 mgmt_pending_remove(cmd);
2294
55ed8ca1 2295unlock:
09fd0de5 2296 hci_dev_unlock(hdev);
55ed8ca1
JH		 2297 return err;
2298}
2299
bdb6d971 2300static int disconnect(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2301 u16 len)
8962ee74 2302{
650f726d 2303 struct mgmt_cp_disconnect *cp = data;
06a63b19 2304 struct mgmt_rp_disconnect rp;
8962ee74 2305 struct hci_cp_disconnect dc;
366a0336 2306 struct pending_cmd *cmd;
8962ee74 2307 struct hci_conn *conn;
8962ee74
JH		 2308 int err;
2309
2310 BT_DBG("");
2311
06a63b19
JH		 2312 memset(&rp, 0, sizeof(rp));
2313 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2314 rp.addr.type = cp->addr.type;
2315
4ee71b20 2316 if (!bdaddr_type_is_valid(cp->addr.type))
06a63b19
JH		 2317 return cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2318 MGMT_STATUS_INVALID_PARAMS,
2319 &rp, sizeof(rp));
4ee71b20 2320
09fd0de5 2321 hci_dev_lock(hdev);
8962ee74
JH		 2322
2323 if (!test_bit(HCI_UP, &hdev->flags)) {
06a63b19
JH		 2324 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2325 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
8962ee74
JH		 2326 goto failed;
2327 }
2328
2e58ef3e 2329 if (mgmt_pending_find(MGMT_OP_DISCONNECT, hdev)) {
06a63b19
JH		 2330 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2331 MGMT_STATUS_BUSY, &rp, sizeof(rp));
8962ee74
JH		 2332 goto failed;
2333 }
2334
591f47f3 2335 if (cp->addr.type == BDADDR_BREDR)
8fc9ced3
GP		 2336 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
2337 &cp->addr.bdaddr);
88c3df13
JH		 2338 else
2339 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
365227e5 2340
f960727e 2341 if (!conn || conn->state == BT_OPEN || conn->state == BT_CLOSED) {
06a63b19
JH		 2342 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2343 MGMT_STATUS_NOT_CONNECTED, &rp, sizeof(rp));
8962ee74
JH		 2344 goto failed;
2345 }
2346
2e58ef3e 2347 cmd = mgmt_pending_add(sk, MGMT_OP_DISCONNECT, hdev, data, len);
366a0336
JH		 2348 if (!cmd) {
2349 err = -ENOMEM;
8962ee74 2350 goto failed;
366a0336 2351 }
8962ee74 2352
eb55ef07 2353 dc.handle = cpu_to_le16(conn->handle);
3701f944 2354 dc.reason = HCI_ERROR_REMOTE_USER_TERM;
8962ee74
JH		 2355
2356 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
2357 if (err < 0)
a664b5bc 2358 mgmt_pending_remove(cmd);
8962ee74
JH		 2359
2360failed:
09fd0de5 2361 hci_dev_unlock(hdev);
8962ee74
JH		 2362 return err;
2363}
2364
57c1477c 2365static u8 link_to_bdaddr(u8 link_type, u8 addr_type)
4c659c39
JH		 2366{
2367 switch (link_type) {
2368 case LE_LINK:
48264f06
JH		 2369 switch (addr_type) {
2370 case ADDR_LE_DEV_PUBLIC:
591f47f3 2371 return BDADDR_LE_PUBLIC;
0ed09148 2372
48264f06 2373 default:
0ed09148 2374 /* Fallback to LE Random address type */
591f47f3 2375 return BDADDR_LE_RANDOM;
48264f06 2376 }
0ed09148 2377
4c659c39 2378 default:
0ed09148 2379 /* Fallback to BR/EDR type */
591f47f3 2380 return BDADDR_BREDR;
4c659c39
JH		 2381 }
2382}
2383
04124681
GP		 2384static int get_connections(struct sock *sk, struct hci_dev *hdev, void *data,
2385 u16 data_len)
2784eb41 2386{
2784eb41 2387 struct mgmt_rp_get_connections *rp;
8035ded4 2388 struct hci_conn *c;
a38528f1 2389 size_t rp_len;
60fc5fb6
JH		 2390 int err;
2391 u16 i;
2784eb41
JH		 2392
2393 BT_DBG("");
2394
09fd0de5 2395 hci_dev_lock(hdev);
2784eb41 2396
5f97c1df 2397 if (!hdev_is_powered(hdev)) {
bdb6d971 2398 err = cmd_status(sk, hdev->id, MGMT_OP_GET_CONNECTIONS,
04124681 2399 MGMT_STATUS_NOT_POWERED);
5f97c1df
JH		 2400 goto unlock;
2401 }
2402
60fc5fb6 2403 i = 0;
b644ba33
JH		 2404 list_for_each_entry(c, &hdev->conn_hash.list, list) {
2405 if (test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
60fc5fb6 2406 i++;
2784eb41
JH		 2407 }
2408
60fc5fb6 2409 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
92c4c204 2410 rp = kmalloc(rp_len, GFP_KERNEL);
a38528f1 2411 if (!rp) {
2784eb41
JH		 2412 err = -ENOMEM;
2413 goto unlock;
2414 }
2415
2784eb41 2416 i = 0;
4c659c39 2417 list_for_each_entry(c, &hdev->conn_hash.list, list) {
b644ba33
JH		 2418 if (!test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
2419 continue;
4c659c39 2420 bacpy(&rp->addr[i].bdaddr, &c->dst);
57c1477c 2421 rp->addr[i].type = link_to_bdaddr(c->type, c->dst_type);
0ed09148 2422 if (c->type == SCO_LINK || c->type == ESCO_LINK)
4c659c39
JH		 2423 continue;
2424 i++;
2425 }
2426
eb55ef07 2427 rp->conn_count = cpu_to_le16(i);
60fc5fb6 2428
4c659c39
JH		 2429 /* Recalculate length in case of filtered SCO connections, etc */
2430 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
2784eb41 2431
bdb6d971 2432 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CONNECTIONS, 0, rp,
04124681 2433 rp_len);
2784eb41 2434
a38528f1 2435 kfree(rp);
5f97c1df
JH		 2436
2437unlock:
09fd0de5 2438 hci_dev_unlock(hdev);
2784eb41
JH		 2439 return err;
2440}
2441
bdb6d971 2442static int send_pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 2443 struct mgmt_cp_pin_code_neg_reply *cp)
96d97a67
WR		 2444{
2445 struct pending_cmd *cmd;
2446 int err;
2447
2e58ef3e 2448 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_NEG_REPLY, hdev, cp,
04124681 2449 sizeof(*cp));
96d97a67
WR		 2450 if (!cmd)
2451 return -ENOMEM;
2452
d8457698 2453 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
04124681 2454 sizeof(cp->addr.bdaddr), &cp->addr.bdaddr);
96d97a67
WR		 2455 if (err < 0)
2456 mgmt_pending_remove(cmd);
2457
2458 return err;
2459}
2460
bdb6d971 2461static int pin_code_reply(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2462 u16 len)
980e1a53 2463{
96d97a67 2464 struct hci_conn *conn;
650f726d 2465 struct mgmt_cp_pin_code_reply *cp = data;
980e1a53 2466 struct hci_cp_pin_code_reply reply;
366a0336 2467 struct pending_cmd *cmd;
980e1a53
JH		 2468 int err;
2469
2470 BT_DBG("");
2471
09fd0de5 2472 hci_dev_lock(hdev);
980e1a53 2473
4b34ee78 2474 if (!hdev_is_powered(hdev)) {
bdb6d971 2475 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
04124681 2476 MGMT_STATUS_NOT_POWERED);
980e1a53
JH		 2477 goto failed;
2478 }
2479
d8457698 2480 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->addr.bdaddr);
96d97a67 2481 if (!conn) {
bdb6d971 2482 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
04124681 2483 MGMT_STATUS_NOT_CONNECTED);
96d97a67
WR		 2484 goto failed;
2485 }
2486
2487 if (conn->pending_sec_level == BT_SECURITY_HIGH && cp->pin_len != 16) {
d8457698
JH		 2488 struct mgmt_cp_pin_code_neg_reply ncp;
2489
2490 memcpy(&ncp.addr, &cp->addr, sizeof(ncp.addr));
96d97a67
WR		 2491
2492 BT_ERR("PIN code is not 16 bytes long");
2493
bdb6d971 2494 err = send_pin_code_neg_reply(sk, hdev, &ncp);
96d97a67 2495 if (err >= 0)
bdb6d971 2496 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
04124681 2497 MGMT_STATUS_INVALID_PARAMS);
96d97a67
WR		 2498
2499 goto failed;
2500 }
2501
00abfe44 2502 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_REPLY, hdev, data, len);
366a0336
JH		 2503 if (!cmd) {
2504 err = -ENOMEM;
980e1a53 2505 goto failed;
366a0336 2506 }
980e1a53 2507
d8457698 2508 bacpy(&reply.bdaddr, &cp->addr.bdaddr);
980e1a53 2509 reply.pin_len = cp->pin_len;
24718ca5 2510 memcpy(reply.pin_code, cp->pin_code, sizeof(reply.pin_code));
980e1a53
JH		 2511
2512 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_REPLY, sizeof(reply), &reply);
2513 if (err < 0)
a664b5bc 2514 mgmt_pending_remove(cmd);
980e1a53
JH		 2515
2516failed:
09fd0de5 2517 hci_dev_unlock(hdev);
980e1a53
JH		 2518 return err;
2519}
2520
04124681
GP		 2521static int set_io_capability(struct sock *sk, struct hci_dev *hdev, void *data,
2522 u16 len)
17fa4b9d 2523{
650f726d 2524 struct mgmt_cp_set_io_capability *cp = data;
17fa4b9d
JH		 2525
2526 BT_DBG("");
2527
09fd0de5 2528 hci_dev_lock(hdev);
17fa4b9d
JH		 2529
2530 hdev->io_capability = cp->io_capability;
2531
2532 BT_DBG("%s IO capability set to 0x%02x", hdev->name,
8ce8e2b5 2533 hdev->io_capability);
17fa4b9d 2534
09fd0de5 2535 hci_dev_unlock(hdev);
17fa4b9d 2536
04124681
GP		 2537 return cmd_complete(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY, 0, NULL,
2538 0);
17fa4b9d
JH		 2539}
2540
6039aa73 2541static struct pending_cmd *find_pairing(struct hci_conn *conn)
e9a416b5
JH		 2542{
2543 struct hci_dev *hdev = conn->hdev;
8035ded4 2544 struct pending_cmd *cmd;
e9a416b5 2545
2e58ef3e 2546 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
e9a416b5
JH		 2547 if (cmd->opcode != MGMT_OP_PAIR_DEVICE)
2548 continue;
2549
e9a416b5
JH		 2550 if (cmd->user_data != conn)
2551 continue;
2552
2553 return cmd;
2554 }
2555
2556 return NULL;
2557}
2558
2559static void pairing_complete(struct pending_cmd *cmd, u8 status)
2560{
2561 struct mgmt_rp_pair_device rp;
2562 struct hci_conn *conn = cmd->user_data;
2563
ba4e564f 2564 bacpy(&rp.addr.bdaddr, &conn->dst);
57c1477c 2565 rp.addr.type = link_to_bdaddr(conn->type, conn->dst_type);
e9a416b5 2566
aee9b218 2567 cmd_complete(cmd->sk, cmd->index, MGMT_OP_PAIR_DEVICE, status,
04124681 2568 &rp, sizeof(rp));
e9a416b5
JH		 2569
2570 /* So we don't get further callbacks for this connection */
2571 conn->connect_cfm_cb = NULL;
2572 conn->security_cfm_cb = NULL;
2573 conn->disconn_cfm_cb = NULL;
2574
76a68ba0 2575 hci_conn_drop(conn);
e9a416b5 2576
a664b5bc 2577 mgmt_pending_remove(cmd);
e9a416b5
JH		 2578}
2579
2580static void pairing_complete_cb(struct hci_conn *conn, u8 status)
2581{
2582 struct pending_cmd *cmd;
2583
2584 BT_DBG("status %u", status);
2585
2586 cmd = find_pairing(conn);
56e5cb86 2587 if (!cmd)
e9a416b5 2588 BT_DBG("Unable to find a pending command");
56e5cb86 2589 else
e211326c 2590 pairing_complete(cmd, mgmt_status(status));
e9a416b5
JH		 2591}
2592
4c47d739
VA		 2593static void le_connect_complete_cb(struct hci_conn *conn, u8 status)
2594{
2595 struct pending_cmd *cmd;
2596
2597 BT_DBG("status %u", status);
2598
2599 if (!status)
2600 return;
2601
2602 cmd = find_pairing(conn);
2603 if (!cmd)
2604 BT_DBG("Unable to find a pending command");
2605 else
2606 pairing_complete(cmd, mgmt_status(status));
2607}
2608
bdb6d971 2609static int pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2610 u16 len)
e9a416b5 2611{
650f726d 2612 struct mgmt_cp_pair_device *cp = data;
1425acb7 2613 struct mgmt_rp_pair_device rp;
e9a416b5
JH		 2614 struct pending_cmd *cmd;
2615 u8 sec_level, auth_type;
2616 struct hci_conn *conn;
e9a416b5
JH		 2617 int err;
2618
2619 BT_DBG("");
2620
f950a30e
SJ		 2621 memset(&rp, 0, sizeof(rp));
2622 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2623 rp.addr.type = cp->addr.type;
2624
4ee71b20
JH		 2625 if (!bdaddr_type_is_valid(cp->addr.type))
2626 return cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2627 MGMT_STATUS_INVALID_PARAMS,
2628 &rp, sizeof(rp));
2629
09fd0de5 2630 hci_dev_lock(hdev);
e9a416b5 2631
5f97c1df 2632 if (!hdev_is_powered(hdev)) {
f950a30e
SJ		 2633 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2634 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
5f97c1df
JH		 2635 goto unlock;
2636 }
2637
c908df36
VCG		 2638 sec_level = BT_SECURITY_MEDIUM;
2639 if (cp->io_cap == 0x03)
e9a416b5 2640 auth_type = HCI_AT_DEDICATED_BONDING;
c908df36 2641 else
e9a416b5 2642 auth_type = HCI_AT_DEDICATED_BONDING_MITM;
e9a416b5 2643
591f47f3 2644 if (cp->addr.type == BDADDR_BREDR)
b12f62cf
AG		 2645 conn = hci_connect(hdev, ACL_LINK, &cp->addr.bdaddr,
2646 cp->addr.type, sec_level, auth_type);
7a512d01 2647 else
b12f62cf
AG		 2648 conn = hci_connect(hdev, LE_LINK, &cp->addr.bdaddr,
2649 cp->addr.type, sec_level, auth_type);
7a512d01 2650
30e76272 2651 if (IS_ERR(conn)) {
489dc48e
AK		 2652 int status;
2653
2654 if (PTR_ERR(conn) == -EBUSY)
2655 status = MGMT_STATUS_BUSY;
2656 else
2657 status = MGMT_STATUS_CONNECT_FAILED;
2658
bdb6d971 2659 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
489dc48e 2660 status, &rp,
04124681 2661 sizeof(rp));
e9a416b5
JH		 2662 goto unlock;
2663 }
2664
2665 if (conn->connect_cfm_cb) {
76a68ba0 2666 hci_conn_drop(conn);
bdb6d971 2667 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
04124681 2668 MGMT_STATUS_BUSY, &rp, sizeof(rp));
e9a416b5
JH		 2669 goto unlock;
2670 }
2671
2e58ef3e 2672 cmd = mgmt_pending_add(sk, MGMT_OP_PAIR_DEVICE, hdev, data, len);
e9a416b5
JH		 2673 if (!cmd) {
2674 err = -ENOMEM;
76a68ba0 2675 hci_conn_drop(conn);
e9a416b5
JH		 2676 goto unlock;
2677 }
2678
7a512d01 2679 /* For LE, just connecting isn't a proof that the pairing finished */
591f47f3 2680 if (cp->addr.type == BDADDR_BREDR)
7a512d01 2681 conn->connect_cfm_cb = pairing_complete_cb;
4c47d739
VA		 2682 else
2683 conn->connect_cfm_cb = le_connect_complete_cb;
7a512d01 2684
e9a416b5
JH		 2685 conn->security_cfm_cb = pairing_complete_cb;
2686 conn->disconn_cfm_cb = pairing_complete_cb;
2687 conn->io_capability = cp->io_cap;
2688 cmd->user_data = conn;
2689
2690 if (conn->state == BT_CONNECTED &&
8ce8e2b5 2691 hci_conn_security(conn, sec_level, auth_type))
e9a416b5
JH		 2692 pairing_complete(cmd, 0);
2693
2694 err = 0;
2695
2696unlock:
09fd0de5 2697 hci_dev_unlock(hdev);
e9a416b5
JH		 2698 return err;
2699}
2700
04124681
GP		 2701static int cancel_pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
2702 u16 len)
28424707 2703{
0f4e68cf 2704 struct mgmt_addr_info *addr = data;
28424707
JH		 2705 struct pending_cmd *cmd;
2706 struct hci_conn *conn;
2707 int err;
2708
2709 BT_DBG("");
2710
28424707
JH		 2711 hci_dev_lock(hdev);
2712
5f97c1df 2713 if (!hdev_is_powered(hdev)) {
bdb6d971 2714 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
04124681 2715 MGMT_STATUS_NOT_POWERED);
5f97c1df
JH		 2716 goto unlock;
2717 }
2718
28424707
JH		 2719 cmd = mgmt_pending_find(MGMT_OP_PAIR_DEVICE, hdev);
2720 if (!cmd) {
bdb6d971 2721 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
04124681 2722 MGMT_STATUS_INVALID_PARAMS);
28424707
JH		 2723 goto unlock;
2724 }
2725
2726 conn = cmd->user_data;
2727
2728 if (bacmp(&addr->bdaddr, &conn->dst) != 0) {
bdb6d971 2729 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
04124681 2730 MGMT_STATUS_INVALID_PARAMS);
28424707
JH		 2731 goto unlock;
2732 }
2733
2734 pairing_complete(cmd, MGMT_STATUS_CANCELLED);
2735
bdb6d971 2736 err = cmd_complete(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE, 0,
04124681 2737 addr, sizeof(*addr));
28424707
JH		 2738unlock:
2739 hci_dev_unlock(hdev);
28424707
JH		 2740 return err;
2741}
2742
bdb6d971 2743static int user_pairing_resp(struct sock *sk, struct hci_dev *hdev,
1707c60e 2744 struct mgmt_addr_info *addr, u16 mgmt_op,
04124681 2745 u16 hci_op, __le32 passkey)
a5c29683 2746{
a5c29683 2747 struct pending_cmd *cmd;
0df4c185 2748 struct hci_conn *conn;
a5c29683
JH		 2749 int err;
2750
09fd0de5 2751 hci_dev_lock(hdev);
08ba5382 2752
4b34ee78 2753 if (!hdev_is_powered(hdev)) {
feb94d3d
JH		 2754 err = cmd_complete(sk, hdev->id, mgmt_op,
2755 MGMT_STATUS_NOT_POWERED, addr,
2756 sizeof(*addr));
0df4c185 2757 goto done;
a5c29683
JH		 2758 }
2759
1707c60e
JH		 2760 if (addr->type == BDADDR_BREDR)
2761 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &addr->bdaddr);
272d90df 2762 else
1707c60e 2763 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &addr->bdaddr);
272d90df
JH		 2764
2765 if (!conn) {
feb94d3d
JH		 2766 err = cmd_complete(sk, hdev->id, mgmt_op,
2767 MGMT_STATUS_NOT_CONNECTED, addr,
2768 sizeof(*addr));
272d90df
JH		 2769 goto done;
2770 }
47c15e2b 2771
1707c60e 2772 if (addr->type == BDADDR_LE_PUBLIC || addr->type == BDADDR_LE_RANDOM) {
47c15e2b 2773 /* Continue with pairing via SMP */
5fe57d9e
BG		 2774 err = smp_user_confirm_reply(conn, mgmt_op, passkey);
2775
2776 if (!err)
feb94d3d
JH		 2777 err = cmd_complete(sk, hdev->id, mgmt_op,
2778 MGMT_STATUS_SUCCESS, addr,
2779 sizeof(*addr));
5fe57d9e 2780 else
feb94d3d
JH		 2781 err = cmd_complete(sk, hdev->id, mgmt_op,
2782 MGMT_STATUS_FAILED, addr,
2783 sizeof(*addr));
47c15e2b 2784
47c15e2b
BG		 2785 goto done;
2786 }
2787
1707c60e 2788 cmd = mgmt_pending_add(sk, mgmt_op, hdev, addr, sizeof(*addr));
a5c29683
JH		 2789 if (!cmd) {
2790 err = -ENOMEM;
0df4c185 2791 goto done;
a5c29683
JH		 2792 }
2793
0df4c185 2794 /* Continue with pairing via HCI */
604086b7
BG		 2795 if (hci_op == HCI_OP_USER_PASSKEY_REPLY) {
2796 struct hci_cp_user_passkey_reply cp;
2797
1707c60e 2798 bacpy(&cp.bdaddr, &addr->bdaddr);
604086b7
BG		 2799 cp.passkey = passkey;
2800 err = hci_send_cmd(hdev, hci_op, sizeof(cp), &cp);
2801 } else
1707c60e
JH		 2802 err = hci_send_cmd(hdev, hci_op, sizeof(addr->bdaddr),
2803 &addr->bdaddr);
604086b7 2804
a664b5bc
JH		 2805 if (err < 0)
2806 mgmt_pending_remove(cmd);
a5c29683 2807
0df4c185 2808done:
09fd0de5 2809 hci_dev_unlock(hdev);
a5c29683
JH		 2810 return err;
2811}
2812
afeb019d
JK		 2813static int pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
2814 void *data, u16 len)
2815{
2816 struct mgmt_cp_pin_code_neg_reply *cp = data;
2817
2818 BT_DBG("");
2819
1707c60e 2820 return user_pairing_resp(sk, hdev, &cp->addr,
afeb019d
JK		 2821 MGMT_OP_PIN_CODE_NEG_REPLY,
2822 HCI_OP_PIN_CODE_NEG_REPLY, 0);
2823}
2824
04124681
GP		 2825static int user_confirm_reply(struct sock *sk, struct hci_dev *hdev, void *data,
2826 u16 len)
0df4c185 2827{
650f726d 2828 struct mgmt_cp_user_confirm_reply *cp = data;
0df4c185
BG		 2829
2830 BT_DBG("");
2831
2832 if (len != sizeof(*cp))
bdb6d971 2833 return cmd_status(sk, hdev->id, MGMT_OP_USER_CONFIRM_REPLY,
04124681 2834 MGMT_STATUS_INVALID_PARAMS);
0df4c185 2835
1707c60e 2836 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 2837 MGMT_OP_USER_CONFIRM_REPLY,
2838 HCI_OP_USER_CONFIRM_REPLY, 0);
0df4c185
BG		 2839}
2840
bdb6d971 2841static int user_confirm_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 2842 void *data, u16 len)
0df4c185 2843{
c9c2659f 2844 struct mgmt_cp_user_confirm_neg_reply *cp = data;
0df4c185
BG		 2845
2846 BT_DBG("");
2847
1707c60e 2848 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 2849 MGMT_OP_USER_CONFIRM_NEG_REPLY,
2850 HCI_OP_USER_CONFIRM_NEG_REPLY, 0);
0df4c185
BG		 2851}
2852
04124681
GP		 2853static int user_passkey_reply(struct sock *sk, struct hci_dev *hdev, void *data,
2854 u16 len)
604086b7 2855{
650f726d 2856 struct mgmt_cp_user_passkey_reply *cp = data;
604086b7
BG		 2857
2858 BT_DBG("");
2859
1707c60e 2860 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 2861 MGMT_OP_USER_PASSKEY_REPLY,
2862 HCI_OP_USER_PASSKEY_REPLY, cp->passkey);
604086b7
BG		 2863}
2864
bdb6d971 2865static int user_passkey_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 2866 void *data, u16 len)
604086b7 2867{
650f726d 2868 struct mgmt_cp_user_passkey_neg_reply *cp = data;
604086b7
BG		 2869
2870 BT_DBG("");
2871
1707c60e 2872 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 2873 MGMT_OP_USER_PASSKEY_NEG_REPLY,
2874 HCI_OP_USER_PASSKEY_NEG_REPLY, 0);
604086b7
BG		 2875}
2876
13928971 2877static void update_name(struct hci_request *req)
2b4bf397 2878{
13928971 2879 struct hci_dev *hdev = req->hdev;
2b4bf397
JH		 2880 struct hci_cp_write_local_name cp;
2881
13928971 2882 memcpy(cp.name, hdev->dev_name, sizeof(cp.name));
2b4bf397 2883
890ea898 2884 hci_req_add(req, HCI_OP_WRITE_LOCAL_NAME, sizeof(cp), &cp);
2b4bf397
JH		 2885}
2886
13928971
JH		 2887static void set_name_complete(struct hci_dev *hdev, u8 status)
2888{
2889 struct mgmt_cp_set_local_name *cp;
2890 struct pending_cmd *cmd;
2891
2892 BT_DBG("status 0x%02x", status);
2893
2894 hci_dev_lock(hdev);
2895
2896 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
2897 if (!cmd)
2898 goto unlock;
2899
2900 cp = cmd->param;
2901
2902 if (status)
2903 cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME,
2904 mgmt_status(status));
2905 else
2906 cmd_complete(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
2907 cp, sizeof(*cp));
2908
2909 mgmt_pending_remove(cmd);
2910
2911unlock:
2912 hci_dev_unlock(hdev);
2913}
2914
bdb6d971 2915static int set_local_name(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2916 u16 len)
b312b161 2917{
2b4bf397 2918 struct mgmt_cp_set_local_name *cp = data;
b312b161 2919 struct pending_cmd *cmd;
890ea898 2920 struct hci_request req;
b312b161
JH		 2921 int err;
2922
2923 BT_DBG("");
2924
09fd0de5 2925 hci_dev_lock(hdev);
b312b161 2926
b3f2ca94
JH		 2927 /* If the old values are the same as the new ones just return a
2928 * direct command complete event.
2929 */
2930 if (!memcmp(hdev->dev_name, cp->name, sizeof(hdev->dev_name)) &&
2931 !memcmp(hdev->short_name, cp->short_name,
2932 sizeof(hdev->short_name))) {
2933 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
2934 data, len);
2935 goto failed;
2936 }
2937
2b4bf397 2938 memcpy(hdev->short_name, cp->short_name, sizeof(hdev->short_name));
28cc7bde 2939
b5235a65 2940 if (!hdev_is_powered(hdev)) {
2b4bf397 2941 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
28cc7bde
JH		 2942
2943 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
04124681 2944 data, len);
28cc7bde
JH		 2945 if (err < 0)
2946 goto failed;
2947
2948 err = mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, data, len,
04124681 2949 sk);
28cc7bde 2950
b5235a65
JH		 2951 goto failed;
2952 }
2953
28cc7bde 2954 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LOCAL_NAME, hdev, data, len);
b312b161
JH		 2955 if (!cmd) {
2956 err = -ENOMEM;
2957 goto failed;
2958 }
2959
13928971
JH		 2960 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
2961
890ea898 2962 hci_req_init(&req, hdev);
3f985050
JH		 2963
2964 if (lmp_bredr_capable(hdev)) {
2965 update_name(&req);
2966 update_eir(&req);
2967 }
2968
2969 if (lmp_le_capable(hdev))
441ad2d0 2970 update_ad(&req);
3f985050 2971
13928971 2972 err = hci_req_run(&req, set_name_complete);
b312b161
JH		 2973 if (err < 0)
2974 mgmt_pending_remove(cmd);
2975
2976failed:
09fd0de5 2977 hci_dev_unlock(hdev);
b312b161
JH		 2978 return err;
2979}
2980
0f4e68cf 2981static int read_local_oob_data(struct sock *sk, struct hci_dev *hdev,
04124681 2982 void *data, u16 data_len)
c35938b2 2983{
c35938b2
SJ		 2984 struct pending_cmd *cmd;
2985 int err;
2986
bdb6d971 2987 BT_DBG("%s", hdev->name);
c35938b2 2988
09fd0de5 2989 hci_dev_lock(hdev);
c35938b2 2990
4b34ee78 2991 if (!hdev_is_powered(hdev)) {
bdb6d971 2992 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
04124681 2993 MGMT_STATUS_NOT_POWERED);
c35938b2
SJ		 2994 goto unlock;
2995 }
2996
9a1a1996 2997 if (!lmp_ssp_capable(hdev)) {
bdb6d971 2998 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
04124681 2999 MGMT_STATUS_NOT_SUPPORTED);
c35938b2
SJ		 3000 goto unlock;
3001 }
3002
2e58ef3e 3003 if (mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev)) {
bdb6d971 3004 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
04124681 3005 MGMT_STATUS_BUSY);
c35938b2
SJ		 3006 goto unlock;
3007 }
3008
2e58ef3e 3009 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_DATA, hdev, NULL, 0);
c35938b2
SJ		 3010 if (!cmd) {
3011 err = -ENOMEM;
3012 goto unlock;
3013 }
3014
3015 err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL);
3016 if (err < 0)
3017 mgmt_pending_remove(cmd);
3018
3019unlock:
09fd0de5 3020 hci_dev_unlock(hdev);
c35938b2
SJ		 3021 return err;
3022}
3023
bdb6d971 3024static int add_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
04124681 3025 void *data, u16 len)
2763eda6 3026{
650f726d 3027 struct mgmt_cp_add_remote_oob_data *cp = data;
bf1e3541 3028 u8 status;
2763eda6
SJ		 3029 int err;
3030
bdb6d971 3031 BT_DBG("%s ", hdev->name);
2763eda6 3032
09fd0de5 3033 hci_dev_lock(hdev);
2763eda6 3034
664ce4cc 3035 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr, cp->hash,
04124681 3036 cp->randomizer);
2763eda6 3037 if (err < 0)
bf1e3541 3038 status = MGMT_STATUS_FAILED;
2763eda6 3039 else
a6785be2 3040 status = MGMT_STATUS_SUCCESS;
bf1e3541 3041
bdb6d971 3042 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA, status,
04124681 3043 &cp->addr, sizeof(cp->addr));
2763eda6 3044
09fd0de5 3045 hci_dev_unlock(hdev);
2763eda6
SJ		 3046 return err;
3047}
3048
bdb6d971 3049static int remove_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
8ce8e2b5 3050 void *data, u16 len)
2763eda6 3051{
650f726d 3052 struct mgmt_cp_remove_remote_oob_data *cp = data;
bf1e3541 3053 u8 status;
2763eda6
SJ		 3054 int err;
3055
bdb6d971 3056 BT_DBG("%s", hdev->name);
2763eda6 3057
09fd0de5 3058 hci_dev_lock(hdev);
2763eda6 3059
664ce4cc 3060 err = hci_remove_remote_oob_data(hdev, &cp->addr.bdaddr);
2763eda6 3061 if (err < 0)
bf1e3541 3062 status = MGMT_STATUS_INVALID_PARAMS;
2763eda6 3063 else
a6785be2 3064 status = MGMT_STATUS_SUCCESS;
bf1e3541 3065
bdb6d971 3066 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
04124681 3067 status, &cp->addr, sizeof(cp->addr));
2763eda6 3068
09fd0de5 3069 hci_dev_unlock(hdev);
2763eda6
SJ		 3070 return err;
3071}
3072
41dc2bd6
AG		 3073static int mgmt_start_discovery_failed(struct hci_dev *hdev, u8 status)
3074{
3075 struct pending_cmd *cmd;
3076 u8 type;
3077 int err;
3078
3079 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
3080
3081 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
3082 if (!cmd)
3083 return -ENOENT;
3084
3085 type = hdev->discovery.type;
3086
3087 err = cmd_complete(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status),
3088 &type, sizeof(type));
3089 mgmt_pending_remove(cmd);
3090
3091 return err;
3092}
3093
7c307720
AG		 3094static void start_discovery_complete(struct hci_dev *hdev, u8 status)
3095{
3096 BT_DBG("status %d", status);
3097
3098 if (status) {
3099 hci_dev_lock(hdev);
3100 mgmt_start_discovery_failed(hdev, status);
3101 hci_dev_unlock(hdev);
3102 return;
3103 }
3104
3105 hci_dev_lock(hdev);
3106 hci_discovery_set_state(hdev, DISCOVERY_FINDING);
3107 hci_dev_unlock(hdev);
3108
3109 switch (hdev->discovery.type) {
3110 case DISCOV_TYPE_LE:
3111 queue_delayed_work(hdev->workqueue, &hdev->le_scan_disable,
0d8cc935 3112 DISCOV_LE_TIMEOUT);
7c307720
AG		 3113 break;
3114
3115 case DISCOV_TYPE_INTERLEAVED:
3116 queue_delayed_work(hdev->workqueue, &hdev->le_scan_disable,
0d8cc935 3117 DISCOV_INTERLEAVED_TIMEOUT);
7c307720
AG		 3118 break;
3119
3120 case DISCOV_TYPE_BREDR:
3121 break;
3122
3123 default:
3124 BT_ERR("Invalid discovery type %d", hdev->discovery.type);
3125 }
3126}
3127
bdb6d971 3128static int start_discovery(struct sock *sk, struct hci_dev *hdev,
04124681 3129 void *data, u16 len)
14a53664 3130{
650f726d 3131 struct mgmt_cp_start_discovery *cp = data;
14a53664 3132 struct pending_cmd *cmd;
7c307720
AG		 3133 struct hci_cp_le_set_scan_param param_cp;
3134 struct hci_cp_le_set_scan_enable enable_cp;
3135 struct hci_cp_inquiry inq_cp;
3136 struct hci_request req;
3137 /* General inquiry access code (GIAC) */
3138 u8 lap[3] = { 0x33, 0x8b, 0x9e };
e6fe7986 3139 u8 status;
14a53664
JH		 3140 int err;
3141
bdb6d971 3142 BT_DBG("%s", hdev->name);
14a53664 3143
09fd0de5 3144 hci_dev_lock(hdev);
14a53664 3145
4b34ee78 3146 if (!hdev_is_powered(hdev)) {
bdb6d971 3147 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
04124681 3148 MGMT_STATUS_NOT_POWERED);
bd2d1334
JH		 3149 goto failed;
3150 }
3151
642be6c7
AG		 3152 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags)) {
3153 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3154 MGMT_STATUS_BUSY);
3155 goto failed;
3156 }
3157
ff9ef578 3158 if (hdev->discovery.state != DISCOVERY_STOPPED) {
bdb6d971 3159 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
04124681 3160 MGMT_STATUS_BUSY);
ff9ef578
JH		 3161 goto failed;
3162 }
3163
2e58ef3e 3164 cmd = mgmt_pending_add(sk, MGMT_OP_START_DISCOVERY, hdev, NULL, 0);
14a53664
JH		 3165 if (!cmd) {
3166 err = -ENOMEM;
3167 goto failed;
3168 }
3169
4aab14e5
AG		 3170 hdev->discovery.type = cp->type;
3171
7c307720
AG		 3172 hci_req_init(&req, hdev);
3173
4aab14e5 3174 switch (hdev->discovery.type) {
f39799f5 3175 case DISCOV_TYPE_BREDR:
e6fe7986
JH		 3176 status = mgmt_bredr_support(hdev);
3177 if (status) {
04106755 3178 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
e6fe7986 3179 status);
04106755
JH		 3180 mgmt_pending_remove(cmd);
3181 goto failed;
3182 }
3183
7c307720
AG		 3184 if (test_bit(HCI_INQUIRY, &hdev->flags)) {
3185 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3186 MGMT_STATUS_BUSY);
3187 mgmt_pending_remove(cmd);
3188 goto failed;
3189 }
3190
3191 hci_inquiry_cache_flush(hdev);
3192
3193 memset(&inq_cp, 0, sizeof(inq_cp));
3194 memcpy(&inq_cp.lap, lap, sizeof(inq_cp.lap));
0d8cc935 3195 inq_cp.length = DISCOV_BREDR_INQUIRY_LEN;
7c307720 3196 hci_req_add(&req, HCI_OP_INQUIRY, sizeof(inq_cp), &inq_cp);
f39799f5
AG		 3197 break;
3198
3199 case DISCOV_TYPE_LE:
7c307720 3200 case DISCOV_TYPE_INTERLEAVED:
e6fe7986
JH		 3201 status = mgmt_le_support(hdev);
3202 if (status) {
04106755 3203 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
e6fe7986 3204 status);
04106755
JH		 3205 mgmt_pending_remove(cmd);
3206 goto failed;
3207 }
3208
7c307720 3209 if (hdev->discovery.type == DISCOV_TYPE_INTERLEAVED &&
56f87901 3210 !test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
04106755
JH		 3211 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3212 MGMT_STATUS_NOT_SUPPORTED);
3213 mgmt_pending_remove(cmd);
3214 goto failed;
3215 }
3216
f3d3444a 3217 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags)) {
7c307720
AG		 3218 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3219 MGMT_STATUS_REJECTED);
3220 mgmt_pending_remove(cmd);
3221 goto failed;
3222 }
3223
3224 if (test_bit(HCI_LE_SCAN, &hdev->dev_flags)) {
3225 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3226 MGMT_STATUS_BUSY);
3227 mgmt_pending_remove(cmd);
3228 goto failed;
3229 }
3230
3231 memset(&param_cp, 0, sizeof(param_cp));
3232 param_cp.type = LE_SCAN_ACTIVE;
0d8cc935
AG		 3233 param_cp.interval = cpu_to_le16(DISCOV_LE_SCAN_INT);
3234 param_cp.window = cpu_to_le16(DISCOV_LE_SCAN_WIN);
c25dfc61
MH		 3235 if (bacmp(&hdev->bdaddr, BDADDR_ANY))
3236 param_cp.own_address_type = ADDR_LE_DEV_PUBLIC;
3237 else
3238 param_cp.own_address_type = ADDR_LE_DEV_RANDOM;
7c307720
AG		 3239 hci_req_add(&req, HCI_OP_LE_SET_SCAN_PARAM, sizeof(param_cp),
3240 &param_cp);
3241
3242 memset(&enable_cp, 0, sizeof(enable_cp));
3243 enable_cp.enable = LE_SCAN_ENABLE;
3244 enable_cp.filter_dup = LE_SCAN_FILTER_DUP_ENABLE;
3245 hci_req_add(&req, HCI_OP_LE_SET_SCAN_ENABLE, sizeof(enable_cp),
3246 &enable_cp);
5e0452c0
AG		 3247 break;
3248
f39799f5 3249 default:
04106755
JH		 3250 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3251 MGMT_STATUS_INVALID_PARAMS);
3252 mgmt_pending_remove(cmd);
3253 goto failed;
f39799f5 3254 }
3fd24153 3255
7c307720 3256 err = hci_req_run(&req, start_discovery_complete);
14a53664
JH		 3257 if (err < 0)
3258 mgmt_pending_remove(cmd);
ff9ef578
JH		 3259 else
3260 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
14a53664
JH		 3261
3262failed:
09fd0de5 3263 hci_dev_unlock(hdev);
14a53664
JH		 3264 return err;
3265}
3266
1183fdca
AG		 3267static int mgmt_stop_discovery_failed(struct hci_dev *hdev, u8 status)
3268{
3269 struct pending_cmd *cmd;
3270 int err;
3271
3272 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
3273 if (!cmd)
3274 return -ENOENT;
3275
3276 err = cmd_complete(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status),
3277 &hdev->discovery.type, sizeof(hdev->discovery.type));
3278 mgmt_pending_remove(cmd);
3279
3280 return err;
3281}
3282
0e05bba6
AG		 3283static void stop_discovery_complete(struct hci_dev *hdev, u8 status)
3284{
3285 BT_DBG("status %d", status);
3286
3287 hci_dev_lock(hdev);
3288
3289 if (status) {
3290 mgmt_stop_discovery_failed(hdev, status);
3291 goto unlock;
3292 }
3293
3294 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
3295
3296unlock:
3297 hci_dev_unlock(hdev);
3298}
3299
bdb6d971 3300static int stop_discovery(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3301 u16 len)
14a53664 3302{
d930650b 3303 struct mgmt_cp_stop_discovery *mgmt_cp = data;
14a53664 3304 struct pending_cmd *cmd;
30dc78e1
JH		 3305 struct hci_cp_remote_name_req_cancel cp;
3306 struct inquiry_entry *e;
0e05bba6
AG		 3307 struct hci_request req;
3308 struct hci_cp_le_set_scan_enable enable_cp;
14a53664
JH		 3309 int err;
3310
bdb6d971 3311 BT_DBG("%s", hdev->name);
14a53664 3312
09fd0de5 3313 hci_dev_lock(hdev);
14a53664 3314
30dc78e1 3315 if (!hci_discovery_active(hdev)) {
bdb6d971 3316 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
04124681
GP		 3317 MGMT_STATUS_REJECTED, &mgmt_cp->type,
3318 sizeof(mgmt_cp->type));
d930650b
JH		 3319 goto unlock;
3320 }
3321
3322 if (hdev->discovery.type != mgmt_cp->type) {
bdb6d971 3323 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
04124681
GP		 3324 MGMT_STATUS_INVALID_PARAMS, &mgmt_cp->type,
3325 sizeof(mgmt_cp->type));
30dc78e1 3326 goto unlock;
ff9ef578
JH		 3327 }
3328
2e58ef3e 3329 cmd = mgmt_pending_add(sk, MGMT_OP_STOP_DISCOVERY, hdev, NULL, 0);
14a53664
JH		 3330 if (!cmd) {
3331 err = -ENOMEM;
30dc78e1
JH		 3332 goto unlock;
3333 }
3334
0e05bba6
AG		 3335 hci_req_init(&req, hdev);
3336
e0d9727e
AG		 3337 switch (hdev->discovery.state) {
3338 case DISCOVERY_FINDING:
0e05bba6
AG		 3339 if (test_bit(HCI_INQUIRY, &hdev->flags)) {
3340 hci_req_add(&req, HCI_OP_INQUIRY_CANCEL, 0, NULL);
3341 } else {
3342 cancel_delayed_work(&hdev->le_scan_disable);
3343
3344 memset(&enable_cp, 0, sizeof(enable_cp));
3345 enable_cp.enable = LE_SCAN_DISABLE;
3346 hci_req_add(&req, HCI_OP_LE_SET_SCAN_ENABLE,
3347 sizeof(enable_cp), &enable_cp);
3348 }
c9ecc48e 3349
e0d9727e
AG		 3350 break;
3351
3352 case DISCOVERY_RESOLVING:
3353 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY,
8ce8e2b5 3354 NAME_PENDING);
e0d9727e 3355 if (!e) {
30dc78e1 3356 mgmt_pending_remove(cmd);
e0d9727e
AG		 3357 err = cmd_complete(sk, hdev->id,
3358 MGMT_OP_STOP_DISCOVERY, 0,
3359 &mgmt_cp->type,
3360 sizeof(mgmt_cp->type));
3361 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
3362 goto unlock;
3363 }
30dc78e1 3364
e0d9727e 3365 bacpy(&cp.bdaddr, &e->data.bdaddr);
0e05bba6
AG		 3366 hci_req_add(&req, HCI_OP_REMOTE_NAME_REQ_CANCEL, sizeof(cp),
3367 &cp);
e0d9727e
AG		 3368
3369 break;
3370
3371 default:
3372 BT_DBG("unknown discovery state %u", hdev->discovery.state);
0e05bba6
AG		 3373
3374 mgmt_pending_remove(cmd);
3375 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
3376 MGMT_STATUS_FAILED, &mgmt_cp->type,
3377 sizeof(mgmt_cp->type));
3378 goto unlock;
14a53664
JH		 3379 }
3380
0e05bba6 3381 err = hci_req_run(&req, stop_discovery_complete);
14a53664
JH		 3382 if (err < 0)
3383 mgmt_pending_remove(cmd);
ff9ef578
JH		 3384 else
3385 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
14a53664 3386
30dc78e1 3387unlock:
09fd0de5 3388 hci_dev_unlock(hdev);
14a53664
JH		 3389 return err;
3390}
3391
bdb6d971 3392static int confirm_name(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3393 u16 len)
561aafbc 3394{
650f726d 3395 struct mgmt_cp_confirm_name *cp = data;
561aafbc 3396 struct inquiry_entry *e;
561aafbc
JH		 3397 int err;
3398
bdb6d971 3399 BT_DBG("%s", hdev->name);
561aafbc 3400
561aafbc
JH		 3401 hci_dev_lock(hdev);
3402
30dc78e1 3403 if (!hci_discovery_active(hdev)) {
bdb6d971 3404 err = cmd_status(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
04124681 3405 MGMT_STATUS_FAILED);
30dc78e1
JH		 3406 goto failed;
3407 }
3408
a198e7b1 3409 e = hci_inquiry_cache_lookup_unknown(hdev, &cp->addr.bdaddr);
561aafbc 3410 if (!e) {
bdb6d971 3411 err = cmd_status(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
04124681 3412 MGMT_STATUS_INVALID_PARAMS);
561aafbc
JH		 3413 goto failed;
3414 }
3415
3416 if (cp->name_known) {
3417 e->name_state = NAME_KNOWN;
3418 list_del(&e->list);
3419 } else {
3420 e->name_state = NAME_NEEDED;
a3d4e20a 3421 hci_inquiry_cache_update_resolve(hdev, e);
561aafbc
JH		 3422 }
3423
e384662b
JH		 3424 err = cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME, 0, &cp->addr,
3425 sizeof(cp->addr));
561aafbc
JH		 3426
3427failed:
3428 hci_dev_unlock(hdev);
561aafbc
JH		 3429 return err;
3430}
3431
bdb6d971 3432static int block_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3433 u16 len)
7fbec224 3434{
650f726d 3435 struct mgmt_cp_block_device *cp = data;
f0eeea8b 3436 u8 status;
7fbec224
AJ		 3437 int err;
3438
bdb6d971 3439 BT_DBG("%s", hdev->name);
7fbec224 3440
4ee71b20 3441 if (!bdaddr_type_is_valid(cp->addr.type))
5d0846d4
JH		 3442 return cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE,
3443 MGMT_STATUS_INVALID_PARAMS,
3444 &cp->addr, sizeof(cp->addr));
4ee71b20 3445
09fd0de5 3446 hci_dev_lock(hdev);
5e762444 3447
88c1fe4b 3448 err = hci_blacklist_add(hdev, &cp->addr.bdaddr, cp->addr.type);
7fbec224 3449 if (err < 0)
f0eeea8b 3450 status = MGMT_STATUS_FAILED;
7fbec224 3451 else
a6785be2 3452 status = MGMT_STATUS_SUCCESS;
f0eeea8b 3453
bdb6d971 3454 err = cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE, status,
04124681 3455 &cp->addr, sizeof(cp->addr));
5e762444 3456
09fd0de5 3457 hci_dev_unlock(hdev);
7fbec224
AJ		 3458
3459 return err;
3460}
3461
bdb6d971 3462static int unblock_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3463 u16 len)
7fbec224 3464{
650f726d 3465 struct mgmt_cp_unblock_device *cp = data;
f0eeea8b 3466 u8 status;
7fbec224
AJ		 3467 int err;
3468
bdb6d971 3469 BT_DBG("%s", hdev->name);
7fbec224 3470
4ee71b20 3471 if (!bdaddr_type_is_valid(cp->addr.type))
5d0846d4
JH		 3472 return cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE,
3473 MGMT_STATUS_INVALID_PARAMS,
3474 &cp->addr, sizeof(cp->addr));
4ee71b20 3475
09fd0de5 3476 hci_dev_lock(hdev);
5e762444 3477
88c1fe4b 3478 err = hci_blacklist_del(hdev, &cp->addr.bdaddr, cp->addr.type);
7fbec224 3479 if (err < 0)
f0eeea8b 3480 status = MGMT_STATUS_INVALID_PARAMS;
7fbec224 3481 else
a6785be2 3482 status = MGMT_STATUS_SUCCESS;
f0eeea8b 3483
bdb6d971 3484 err = cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE, status,
04124681 3485 &cp->addr, sizeof(cp->addr));
5e762444 3486
09fd0de5 3487 hci_dev_unlock(hdev);
7fbec224
AJ		 3488
3489 return err;
3490}
3491
cdbaccca
MH		 3492static int set_device_id(struct sock *sk, struct hci_dev *hdev, void *data,
3493 u16 len)
3494{
3495 struct mgmt_cp_set_device_id *cp = data;
890ea898 3496 struct hci_request req;
cdbaccca 3497 int err;
c72d4b8a 3498 __u16 source;
cdbaccca
MH		 3499
3500 BT_DBG("%s", hdev->name);
3501
c72d4b8a
SJ		 3502 source = __le16_to_cpu(cp->source);
3503
3504 if (source > 0x0002)
3505 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEVICE_ID,
3506 MGMT_STATUS_INVALID_PARAMS);
3507
cdbaccca
MH		 3508 hci_dev_lock(hdev);
3509
c72d4b8a 3510 hdev->devid_source = source;
cdbaccca
MH		 3511 hdev->devid_vendor = __le16_to_cpu(cp->vendor);
3512 hdev->devid_product = __le16_to_cpu(cp->product);
3513 hdev->devid_version = __le16_to_cpu(cp->version);
3514
3515 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEVICE_ID, 0, NULL, 0);
3516
890ea898
JH		 3517 hci_req_init(&req, hdev);
3518 update_eir(&req);
3519 hci_req_run(&req, NULL);
cdbaccca
MH		 3520
3521 hci_dev_unlock(hdev);
3522
3523 return err;
3524}
3525
4375f103
JH		 3526static void set_advertising_complete(struct hci_dev *hdev, u8 status)
3527{
3528 struct cmd_lookup match = { NULL, hdev };
3529
3530 if (status) {
3531 u8 mgmt_err = mgmt_status(status);
3532
3533 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev,
3534 cmd_status_rsp, &mgmt_err);
3535 return;
3536 }
3537
3538 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev, settings_rsp,
3539 &match);
3540
3541 new_settings(hdev, match.sk);
3542
3543 if (match.sk)
3544 sock_put(match.sk);
3545}
3546
21b5187f
MH		 3547static int set_advertising(struct sock *sk, struct hci_dev *hdev, void *data,
3548 u16 len)
4375f103
JH		 3549{
3550 struct mgmt_mode *cp = data;
3551 struct pending_cmd *cmd;
3552 struct hci_request req;
e6fe7986 3553 u8 val, enabled, status;
4375f103
JH		 3554 int err;
3555
3556 BT_DBG("request for %s", hdev->name);
3557
e6fe7986
JH		 3558 status = mgmt_le_support(hdev);
3559 if (status)
4375f103 3560 return cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
e6fe7986 3561 status);
4375f103
JH		 3562
3563 if (cp->val != 0x00 && cp->val != 0x01)
3564 return cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
3565 MGMT_STATUS_INVALID_PARAMS);
3566
3567 hci_dev_lock(hdev);
3568
3569 val = !!cp->val;
f3d3444a 3570 enabled = test_bit(HCI_ADVERTISING, &hdev->dev_flags);
4375f103 3571
f74ca9b8
JH		 3572 /* The following conditions are ones which mean that we should
3573 * not do any HCI communication but directly send a mgmt
3574 * response to user space (after toggling the flag if
3575 * necessary).
3576 */
3577 if (!hdev_is_powered(hdev) || val == enabled ||
b145edcd 3578 hci_conn_num(hdev, LE_LINK) > 0) {
4375f103
JH		 3579 bool changed = false;
3580
f3d3444a
JH		 3581 if (val != test_bit(HCI_ADVERTISING, &hdev->dev_flags)) {
3582 change_bit(HCI_ADVERTISING, &hdev->dev_flags);
4375f103
JH		 3583 changed = true;
3584 }
3585
3586 err = send_settings_rsp(sk, MGMT_OP_SET_ADVERTISING, hdev);
3587 if (err < 0)
3588 goto unlock;
3589
3590 if (changed)
3591 err = new_settings(hdev, sk);
3592
3593 goto unlock;
3594 }
3595
3596 if (mgmt_pending_find(MGMT_OP_SET_ADVERTISING, hdev) ||
3597 mgmt_pending_find(MGMT_OP_SET_LE, hdev)) {
3598 err = cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
3599 MGMT_STATUS_BUSY);
3600 goto unlock;
3601 }
3602
3603 cmd = mgmt_pending_add(sk, MGMT_OP_SET_ADVERTISING, hdev, data, len);
3604 if (!cmd) {
3605 err = -ENOMEM;
3606 goto unlock;
3607 }
3608
3609 hci_req_init(&req, hdev);
3610
bba3aa55
MH		 3611 if (val)
3612 enable_advertising(&req);
3613 else
3614 disable_advertising(&req);
4375f103
JH		 3615
3616 err = hci_req_run(&req, set_advertising_complete);
3617 if (err < 0)
3618 mgmt_pending_remove(cmd);
3619
3620unlock:
3621 hci_dev_unlock(hdev);
3622 return err;
3623}
3624
d13eafce
MH		 3625static int set_static_address(struct sock *sk, struct hci_dev *hdev,
3626 void *data, u16 len)
3627{
3628 struct mgmt_cp_set_static_address *cp = data;
3629 int err;
3630
3631 BT_DBG("%s", hdev->name);
3632
62af4443 3633 if (!lmp_le_capable(hdev))
d13eafce 3634 return cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
62af4443 3635 MGMT_STATUS_NOT_SUPPORTED);
d13eafce
MH		 3636
3637 if (hdev_is_powered(hdev))
3638 return cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
3639 MGMT_STATUS_REJECTED);
3640
3641 if (bacmp(&cp->bdaddr, BDADDR_ANY)) {
3642 if (!bacmp(&cp->bdaddr, BDADDR_NONE))
3643 return cmd_status(sk, hdev->id,
3644 MGMT_OP_SET_STATIC_ADDRESS,
3645 MGMT_STATUS_INVALID_PARAMS);
3646
3647 /* Two most significant bits shall be set */
3648 if ((cp->bdaddr.b[5] & 0xc0) != 0xc0)
3649 return cmd_status(sk, hdev->id,
3650 MGMT_OP_SET_STATIC_ADDRESS,
3651 MGMT_STATUS_INVALID_PARAMS);
3652 }
3653
3654 hci_dev_lock(hdev);
3655
3656 bacpy(&hdev->static_addr, &cp->bdaddr);
3657
3658 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS, 0, NULL, 0);
3659
3660 hci_dev_unlock(hdev);
3661
3662 return err;
3663}
3664
14b49b9a
MH		 3665static int set_scan_params(struct sock *sk, struct hci_dev *hdev,
3666 void *data, u16 len)
3667{
3668 struct mgmt_cp_set_scan_params *cp = data;
3669 __u16 interval, window;
3670 int err;
3671
3672 BT_DBG("%s", hdev->name);
3673
3674 if (!lmp_le_capable(hdev))
3675 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
3676 MGMT_STATUS_NOT_SUPPORTED);
3677
3678 interval = __le16_to_cpu(cp->interval);
3679
3680 if (interval < 0x0004 || interval > 0x4000)
3681 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
3682 MGMT_STATUS_INVALID_PARAMS);
3683
3684 window = __le16_to_cpu(cp->window);
3685
3686 if (window < 0x0004 || window > 0x4000)
3687 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
3688 MGMT_STATUS_INVALID_PARAMS);
3689
899e1075
MH		 3690 if (window > interval)
3691 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
3692 MGMT_STATUS_INVALID_PARAMS);
3693
14b49b9a
MH		 3694 hci_dev_lock(hdev);
3695
3696 hdev->le_scan_interval = interval;
3697 hdev->le_scan_window = window;
3698
3699 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS, 0, NULL, 0);
3700
3701 hci_dev_unlock(hdev);
3702
3703 return err;
3704}
3705
33e38b3e
JH		 3706static void fast_connectable_complete(struct hci_dev *hdev, u8 status)
3707{
3708 struct pending_cmd *cmd;
3709
3710 BT_DBG("status 0x%02x", status);
3711
3712 hci_dev_lock(hdev);
3713
3714 cmd = mgmt_pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev);
3715 if (!cmd)
3716 goto unlock;
3717
3718 if (status) {
3719 cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
3720 mgmt_status(status));
3721 } else {
1a4d3c4b
JH		 3722 struct mgmt_mode *cp = cmd->param;
3723
3724 if (cp->val)
3725 set_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
3726 else
3727 clear_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
3728
33e38b3e
JH		 3729 send_settings_rsp(cmd->sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev);
3730 new_settings(hdev, cmd->sk);
3731 }
3732
3733 mgmt_pending_remove(cmd);
3734
3735unlock:
3736 hci_dev_unlock(hdev);
3737}
3738
bdb6d971 3739static int set_fast_connectable(struct sock *sk, struct hci_dev *hdev,
04124681 3740 void *data, u16 len)
f6422ec6 3741{
650f726d 3742 struct mgmt_mode *cp = data;
33e38b3e
JH		 3743 struct pending_cmd *cmd;
3744 struct hci_request req;
f6422ec6
AJ		 3745 int err;
3746
bdb6d971 3747 BT_DBG("%s", hdev->name);
f6422ec6 3748
56f87901
JH		 3749 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags) ||
3750 hdev->hci_ver < BLUETOOTH_VER_1_2)
33c525c0
JH		 3751 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
3752 MGMT_STATUS_NOT_SUPPORTED);
3753
a7e80f25
JH		 3754 if (cp->val != 0x00 && cp->val != 0x01)
3755 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
3756 MGMT_STATUS_INVALID_PARAMS);
3757
5400c044 3758 if (!hdev_is_powered(hdev))
bdb6d971 3759 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
04124681 3760 MGMT_STATUS_NOT_POWERED);
5400c044
JH		 3761
3762 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
bdb6d971 3763 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
04124681 3764 MGMT_STATUS_REJECTED);
f6422ec6
AJ		 3765
3766 hci_dev_lock(hdev);
3767
05cbf29f
JH		 3768 if (mgmt_pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev)) {
3769 err = cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
3770 MGMT_STATUS_BUSY);
3771 goto unlock;
3772 }
3773
1a4d3c4b
JH		 3774 if (!!cp->val == test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags)) {
3775 err = send_settings_rsp(sk, MGMT_OP_SET_FAST_CONNECTABLE,
3776 hdev);
3777 goto unlock;
3778 }
3779
33e38b3e
JH		 3780 cmd = mgmt_pending_add(sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev,
3781 data, len);
3782 if (!cmd) {
3783 err = -ENOMEM;
3784 goto unlock;
f6422ec6
AJ		 3785 }
3786
33e38b3e
JH		 3787 hci_req_init(&req, hdev);
3788
406d7804 3789 write_fast_connectable(&req, cp->val);
33e38b3e
JH		 3790
3791 err = hci_req_run(&req, fast_connectable_complete);
f6422ec6 3792 if (err < 0) {
bdb6d971 3793 err = cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
04124681 3794 MGMT_STATUS_FAILED);
33e38b3e 3795 mgmt_pending_remove(cmd);
f6422ec6
AJ		 3796 }
3797
33e38b3e 3798unlock:
f6422ec6 3799 hci_dev_unlock(hdev);
33e38b3e 3800
f6422ec6
AJ		 3801 return err;
3802}
3803
67e5a7a3
JH		 3804static void set_bredr_scan(struct hci_request *req)
3805{
3806 struct hci_dev *hdev = req->hdev;
3807 u8 scan = 0;
3808
3809 /* Ensure that fast connectable is disabled. This function will
3810 * not do anything if the page scan parameters are already what
3811 * they should be.
3812 */
3813 write_fast_connectable(req, false);
3814
3815 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
3816 scan |= SCAN_PAGE;
3817 if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
3818 scan |= SCAN_INQUIRY;
3819
3820 if (scan)
3821 hci_req_add(req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
3822}
3823
0663ca2a
JH		 3824static void set_bredr_complete(struct hci_dev *hdev, u8 status)
3825{
3826 struct pending_cmd *cmd;
3827
3828 BT_DBG("status 0x%02x", status);
3829
3830 hci_dev_lock(hdev);
3831
3832 cmd = mgmt_pending_find(MGMT_OP_SET_BREDR, hdev);
3833 if (!cmd)
3834 goto unlock;
3835
3836 if (status) {
3837 u8 mgmt_err = mgmt_status(status);
3838
3839 /* We need to restore the flag if related HCI commands
3840 * failed.
3841 */
3842 clear_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
3843
3844 cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
3845 } else {
3846 send_settings_rsp(cmd->sk, MGMT_OP_SET_BREDR, hdev);
3847 new_settings(hdev, cmd->sk);
3848 }
3849
3850 mgmt_pending_remove(cmd);
3851
3852unlock:
3853 hci_dev_unlock(hdev);
3854}
3855
3856static int set_bredr(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
3857{
3858 struct mgmt_mode *cp = data;
3859 struct pending_cmd *cmd;
3860 struct hci_request req;
3861 int err;
3862
3863 BT_DBG("request for %s", hdev->name);
3864
3865 if (!lmp_bredr_capable(hdev) || !lmp_le_capable(hdev))
3866 return cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
3867 MGMT_STATUS_NOT_SUPPORTED);
3868
3869 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
3870 return cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
3871 MGMT_STATUS_REJECTED);
3872
3873 if (cp->val != 0x00 && cp->val != 0x01)
3874 return cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
3875 MGMT_STATUS_INVALID_PARAMS);
3876
3877 hci_dev_lock(hdev);
3878
3879 if (cp->val == test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
3880 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
3881 goto unlock;
3882 }
3883
3884 if (!hdev_is_powered(hdev)) {
3885 if (!cp->val) {
0663ca2a
JH		 3886 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
3887 clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
3888 clear_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
3889 clear_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
3890 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
3891 }
3892
3893 change_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
3894
3895 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
3896 if (err < 0)
3897 goto unlock;
3898
3899 err = new_settings(hdev, sk);
3900 goto unlock;
3901 }
3902
3903 /* Reject disabling when powered on */
3904 if (!cp->val) {
3905 err = cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
3906 MGMT_STATUS_REJECTED);
3907 goto unlock;
3908 }
3909
3910 if (mgmt_pending_find(MGMT_OP_SET_BREDR, hdev)) {
3911 err = cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
3912 MGMT_STATUS_BUSY);
3913 goto unlock;
3914 }
3915
3916 cmd = mgmt_pending_add(sk, MGMT_OP_SET_BREDR, hdev, data, len);
3917 if (!cmd) {
3918 err = -ENOMEM;
3919 goto unlock;
3920 }
3921
441ad2d0 3922 /* We need to flip the bit already here so that update_ad
0663ca2a
JH		 3923 * generates the correct flags.
3924 */
3925 set_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
3926
3927 hci_req_init(&req, hdev);
aa8af46e
JH		 3928
3929 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
3930 set_bredr_scan(&req);
3931
f14d8f64
MH		 3932 /* Since only the advertising data flags will change, there
3933 * is no need to update the scan response data.
3934 */
441ad2d0 3935 update_ad(&req);
aa8af46e 3936
0663ca2a
JH		 3937 err = hci_req_run(&req, set_bredr_complete);
3938 if (err < 0)
3939 mgmt_pending_remove(cmd);
3940
3941unlock:
3942 hci_dev_unlock(hdev);
3943 return err;
3944}
3945
3f706b72
JH		 3946static bool ltk_is_valid(struct mgmt_ltk_info *key)
3947{
44b20d33
JH		 3948 if (key->authenticated != 0x00 && key->authenticated != 0x01)
3949 return false;
3f706b72
JH		 3950 if (key->master != 0x00 && key->master != 0x01)
3951 return false;
4ee71b20
JH		 3952 if (!bdaddr_type_is_le(key->addr.type))
3953 return false;
3f706b72
JH		 3954 return true;
3955}
3956
bdb6d971 3957static int load_long_term_keys(struct sock *sk, struct hci_dev *hdev,
04124681 3958 void *cp_data, u16 len)
346af67b 3959{
346af67b
VCG		 3960 struct mgmt_cp_load_long_term_keys *cp = cp_data;
3961 u16 key_count, expected_len;
715a5bf2 3962 int i, err;
346af67b 3963
cf99ba13
MH		 3964 BT_DBG("request for %s", hdev->name);
3965
3966 if (!lmp_le_capable(hdev))
3967 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
3968 MGMT_STATUS_NOT_SUPPORTED);
3969
1f350c87 3970 key_count = __le16_to_cpu(cp->key_count);
346af67b
VCG		 3971
3972 expected_len = sizeof(*cp) + key_count *
3973 sizeof(struct mgmt_ltk_info);
3974 if (expected_len != len) {
3975 BT_ERR("load_keys: expected %u bytes, got %u bytes",
8ce8e2b5 3976 len, expected_len);
bdb6d971 3977 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
e57e619f 3978 MGMT_STATUS_INVALID_PARAMS);
346af67b
VCG		 3979 }
3980
bdb6d971 3981 BT_DBG("%s key_count %u", hdev->name, key_count);
346af67b 3982
54ad6d8a
JH		 3983 for (i = 0; i < key_count; i++) {
3984 struct mgmt_ltk_info *key = &cp->keys[i];
3985
3f706b72 3986 if (!ltk_is_valid(key))
54ad6d8a
JH		 3987 return cmd_status(sk, hdev->id,
3988 MGMT_OP_LOAD_LONG_TERM_KEYS,
3989 MGMT_STATUS_INVALID_PARAMS);
3990 }
3991
346af67b
VCG		 3992 hci_dev_lock(hdev);
3993
3994 hci_smp_ltks_clear(hdev);
3995
3996 for (i = 0; i < key_count; i++) {
3997 struct mgmt_ltk_info *key = &cp->keys[i];
79d95a19
MH		 3998 u8 type, addr_type;
3999
4000 if (key->addr.type == BDADDR_LE_PUBLIC)
4001 addr_type = ADDR_LE_DEV_PUBLIC;
4002 else
4003 addr_type = ADDR_LE_DEV_RANDOM;
346af67b
VCG		 4004
4005 if (key->master)
4006 type = HCI_SMP_LTK;
4007 else
4008 type = HCI_SMP_LTK_SLAVE;
4009
79d95a19 4010 hci_add_ltk(hdev, &key->addr.bdaddr, addr_type,
04124681
GP		 4011 type, 0, key->authenticated, key->val,
4012 key->enc_size, key->ediv, key->rand);
346af67b
VCG		 4013 }
4014
715a5bf2
JH		 4015 err = cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS, 0,
4016 NULL, 0);
4017
346af67b 4018 hci_dev_unlock(hdev);
346af67b 4019
715a5bf2 4020 return err;
346af67b
VCG		 4021}
4022
2e3c35ea 4023static const struct mgmt_handler {
04124681
GP		 4024 int (*func) (struct sock *sk, struct hci_dev *hdev, void *data,
4025 u16 data_len);
be22b54e
JH		 4026 bool var_len;
4027 size_t data_len;
0f4e68cf
JH		 4028} mgmt_handlers[] = {
4029 { NULL }, /* 0x0000 (no command) */
be22b54e
JH		 4030 { read_version, false, MGMT_READ_VERSION_SIZE },
4031 { read_commands, false, MGMT_READ_COMMANDS_SIZE },
4032 { read_index_list, false, MGMT_READ_INDEX_LIST_SIZE },
4033 { read_controller_info, false, MGMT_READ_INFO_SIZE },
4034 { set_powered, false, MGMT_SETTING_SIZE },
4035 { set_discoverable, false, MGMT_SET_DISCOVERABLE_SIZE },
4036 { set_connectable, false, MGMT_SETTING_SIZE },
4037 { set_fast_connectable, false, MGMT_SETTING_SIZE },
4038 { set_pairable, false, MGMT_SETTING_SIZE },
4039 { set_link_security, false, MGMT_SETTING_SIZE },
4040 { set_ssp, false, MGMT_SETTING_SIZE },
4041 { set_hs, false, MGMT_SETTING_SIZE },
4042 { set_le, false, MGMT_SETTING_SIZE },
4043 { set_dev_class, false, MGMT_SET_DEV_CLASS_SIZE },
4044 { set_local_name, false, MGMT_SET_LOCAL_NAME_SIZE },
4045 { add_uuid, false, MGMT_ADD_UUID_SIZE },
4046 { remove_uuid, false, MGMT_REMOVE_UUID_SIZE },
4047 { load_link_keys, true, MGMT_LOAD_LINK_KEYS_SIZE },
4048 { load_long_term_keys, true, MGMT_LOAD_LONG_TERM_KEYS_SIZE },
4049 { disconnect, false, MGMT_DISCONNECT_SIZE },
4050 { get_connections, false, MGMT_GET_CONNECTIONS_SIZE },
4051 { pin_code_reply, false, MGMT_PIN_CODE_REPLY_SIZE },
4052 { pin_code_neg_reply, false, MGMT_PIN_CODE_NEG_REPLY_SIZE },
4053 { set_io_capability, false, MGMT_SET_IO_CAPABILITY_SIZE },
4054 { pair_device, false, MGMT_PAIR_DEVICE_SIZE },
4055 { cancel_pair_device, false, MGMT_CANCEL_PAIR_DEVICE_SIZE },
4056 { unpair_device, false, MGMT_UNPAIR_DEVICE_SIZE },
4057 { user_confirm_reply, false, MGMT_USER_CONFIRM_REPLY_SIZE },
4058 { user_confirm_neg_reply, false, MGMT_USER_CONFIRM_NEG_REPLY_SIZE },
4059 { user_passkey_reply, false, MGMT_USER_PASSKEY_REPLY_SIZE },
4060 { user_passkey_neg_reply, false, MGMT_USER_PASSKEY_NEG_REPLY_SIZE },
4061 { read_local_oob_data, false, MGMT_READ_LOCAL_OOB_DATA_SIZE },
4062 { add_remote_oob_data, false, MGMT_ADD_REMOTE_OOB_DATA_SIZE },
4063 { remove_remote_oob_data, false, MGMT_REMOVE_REMOTE_OOB_DATA_SIZE },
4064 { start_discovery, false, MGMT_START_DISCOVERY_SIZE },
4065 { stop_discovery, false, MGMT_STOP_DISCOVERY_SIZE },
4066 { confirm_name, false, MGMT_CONFIRM_NAME_SIZE },
4067 { block_device, false, MGMT_BLOCK_DEVICE_SIZE },
4068 { unblock_device, false, MGMT_UNBLOCK_DEVICE_SIZE },
cdbaccca 4069 { set_device_id, false, MGMT_SET_DEVICE_ID_SIZE },
4375f103 4070 { set_advertising, false, MGMT_SETTING_SIZE },
0663ca2a 4071 { set_bredr, false, MGMT_SETTING_SIZE },
d13eafce 4072 { set_static_address, false, MGMT_SET_STATIC_ADDRESS_SIZE },
14b49b9a 4073 { set_scan_params, false, MGMT_SET_SCAN_PARAMS_SIZE },
0f4e68cf
JH		 4074};
4075
4076
0381101f
JH		 4077int mgmt_control(struct sock *sk, struct msghdr *msg, size_t msglen)
4078{
650f726d
VCG		 4079 void *buf;
4080 u8 *cp;
0381101f 4081 struct mgmt_hdr *hdr;
4e51eae9 4082 u16 opcode, index, len;
bdb6d971 4083 struct hci_dev *hdev = NULL;
2e3c35ea 4084 const struct mgmt_handler *handler;
0381101f
JH		 4085 int err;
4086
4087 BT_DBG("got %zu bytes", msglen);
4088
4089 if (msglen < sizeof(*hdr))
4090 return -EINVAL;
4091
e63a15ec 4092 buf = kmalloc(msglen, GFP_KERNEL);
0381101f
JH		 4093 if (!buf)
4094 return -ENOMEM;
4095
4096 if (memcpy_fromiovec(buf, msg->msg_iov, msglen)) {
4097 err = -EFAULT;
4098 goto done;
4099 }
4100
650f726d 4101 hdr = buf;
1f350c87
MH		 4102 opcode = __le16_to_cpu(hdr->opcode);
4103 index = __le16_to_cpu(hdr->index);
4104 len = __le16_to_cpu(hdr->len);
0381101f
JH		 4105
4106 if (len != msglen - sizeof(*hdr)) {
4107 err = -EINVAL;
4108 goto done;
4109 }
4110
0f4e68cf 4111 if (index != MGMT_INDEX_NONE) {
bdb6d971
JH		 4112 hdev = hci_dev_get(index);
4113 if (!hdev) {
4114 err = cmd_status(sk, index, opcode,
04124681 4115 MGMT_STATUS_INVALID_INDEX);
bdb6d971
JH		 4116 goto done;
4117 }
0736cfa8 4118
cebf4cfd
JH		 4119 if (test_bit(HCI_SETUP, &hdev->dev_flags) ||
4120 test_bit(HCI_USER_CHANNEL, &hdev->dev_flags)) {
0736cfa8
MH		 4121 err = cmd_status(sk, index, opcode,
4122 MGMT_STATUS_INVALID_INDEX);
4123 goto done;
4124 }
bdb6d971
JH		 4125 }
4126
0f4e68cf 4127 if (opcode >= ARRAY_SIZE(mgmt_handlers) ||
8ce8e2b5 4128 mgmt_handlers[opcode].func == NULL) {
0381101f 4129 BT_DBG("Unknown op %u", opcode);
ca69b795 4130 err = cmd_status(sk, index, opcode,
04124681 4131 MGMT_STATUS_UNKNOWN_COMMAND);
0f4e68cf
JH		 4132 goto done;
4133 }
4134
4135 if ((hdev && opcode < MGMT_OP_READ_INFO) ||
8ce8e2b5 4136 (!hdev && opcode >= MGMT_OP_READ_INFO)) {
0f4e68cf 4137 err = cmd_status(sk, index, opcode,
04124681 4138 MGMT_STATUS_INVALID_INDEX);
0f4e68cf 4139 goto done;
0381101f
JH		 4140 }
4141
be22b54e
JH		 4142 handler = &mgmt_handlers[opcode];
4143
4144 if ((handler->var_len && len < handler->data_len) ||
8ce8e2b5 4145 (!handler->var_len && len != handler->data_len)) {
be22b54e 4146 err = cmd_status(sk, index, opcode,
04124681 4147 MGMT_STATUS_INVALID_PARAMS);
be22b54e
JH		 4148 goto done;
4149 }
4150
0f4e68cf
JH		 4151 if (hdev)
4152 mgmt_init_hdev(sk, hdev);
4153
4154 cp = buf + sizeof(*hdr);
4155
be22b54e 4156 err = handler->func(sk, hdev, cp, len);
e41d8b4e
JH		 4157 if (err < 0)
4158 goto done;
4159
0381101f
JH		 4160 err = msglen;
4161
4162done:
bdb6d971
JH		 4163 if (hdev)
4164 hci_dev_put(hdev);
4165
0381101f
JH		 4166 kfree(buf);
4167 return err;
4168}
c71e97bf 4169
bf6b56db 4170void mgmt_index_added(struct hci_dev *hdev)
c71e97bf 4171{
1514b892 4172 if (hdev->dev_type != HCI_BREDR)
bf6b56db 4173 return;
bb4b2a9a 4174
bf6b56db 4175 mgmt_event(MGMT_EV_INDEX_ADDED, hdev, NULL, 0, NULL);
c71e97bf
JH		 4176}
4177
bf6b56db 4178void mgmt_index_removed(struct hci_dev *hdev)
c71e97bf 4179{
5f159032 4180 u8 status = MGMT_STATUS_INVALID_INDEX;
b24752fe 4181
1514b892 4182 if (hdev->dev_type != HCI_BREDR)
bf6b56db 4183 return;
bb4b2a9a 4184
744cf19e 4185 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status);
b24752fe 4186
bf6b56db 4187 mgmt_event(MGMT_EV_INDEX_REMOVED, hdev, NULL, 0, NULL);
eec8d2bc
JH		 4188}
4189
229ab39c
JH		 4190static void powered_complete(struct hci_dev *hdev, u8 status)
4191{
4192 struct cmd_lookup match = { NULL, hdev };
4193
4194 BT_DBG("status 0x%02x", status);
4195
4196 hci_dev_lock(hdev);
4197
4198 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
4199
4200 new_settings(hdev, match.sk);
4201
4202 hci_dev_unlock(hdev);
4203
4204 if (match.sk)
4205 sock_put(match.sk);
4206}
4207
70da6243 4208static int powered_update_hci(struct hci_dev *hdev)
5add6af8 4209{
890ea898 4210 struct hci_request req;
70da6243 4211 u8 link_sec;
5add6af8 4212
890ea898
JH		 4213 hci_req_init(&req, hdev);
4214
70da6243
JH		 4215 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags) &&
4216 !lmp_host_ssp_capable(hdev)) {
4217 u8 ssp = 1;
5e5282bb 4218
890ea898 4219 hci_req_add(&req, HCI_OP_WRITE_SSP_MODE, 1, &ssp);
70da6243 4220 }
5add6af8 4221
c73eee91
JH		 4222 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags) &&
4223 lmp_bredr_capable(hdev)) {
70da6243 4224 struct hci_cp_write_le_host_supported cp;
f0ff92fb 4225
70da6243
JH		 4226 cp.le = 1;
4227 cp.simul = lmp_le_br_capable(hdev);
3d1cbdd6 4228
70da6243
JH		 4229 /* Check first if we already have the right
4230 * host state (host features set)
4231 */
4232 if (cp.le != lmp_host_le_capable(hdev) ||
4233 cp.simul != lmp_host_le_br_capable(hdev))
890ea898
JH		 4234 hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED,
4235 sizeof(cp), &cp);
70da6243 4236 }
3d1cbdd6 4237
d13eafce
MH		 4238 if (lmp_le_capable(hdev)) {
4239 /* Set random address to static address if configured */
4240 if (bacmp(&hdev->static_addr, BDADDR_ANY))
4241 hci_req_add(&req, HCI_OP_LE_SET_RANDOM_ADDR, 6,
4242 &hdev->static_addr);
eeca6f89 4243
441ad2d0
MH		 4244 /* Make sure the controller has a good default for
4245 * advertising data. This also applies to the case
4246 * where BR/EDR was toggled during the AUTO_OFF phase.
4247 */
f14d8f64 4248 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
441ad2d0 4249 update_ad(&req);
f14d8f64
MH		 4250 update_scan_rsp_data(&req);
4251 }
441ad2d0 4252
bba3aa55
MH		 4253 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags))
4254 enable_advertising(&req);
eeca6f89
JH		 4255 }
4256
70da6243
JH		 4257 link_sec = test_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
4258 if (link_sec != test_bit(HCI_AUTH, &hdev->flags))
890ea898
JH		 4259 hci_req_add(&req, HCI_OP_WRITE_AUTH_ENABLE,
4260 sizeof(link_sec), &link_sec);
562fcc24 4261
70da6243 4262 if (lmp_bredr_capable(hdev)) {
56f87901
JH		 4263 if (test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
4264 set_bredr_scan(&req);
890ea898 4265 update_class(&req);
13928971 4266 update_name(&req);
890ea898 4267 update_eir(&req);
70da6243 4268 }
562fcc24 4269
229ab39c 4270 return hci_req_run(&req, powered_complete);
70da6243 4271}
562fcc24 4272
70da6243
JH		 4273int mgmt_powered(struct hci_dev *hdev, u8 powered)
4274{
4275 struct cmd_lookup match = { NULL, hdev };
229ab39c
JH		 4276 u8 status_not_powered = MGMT_STATUS_NOT_POWERED;
4277 u8 zero_cod[] = { 0, 0, 0 };
70da6243 4278 int err;
f0ff92fb 4279
70da6243
JH		 4280 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
4281 return 0;
4282
70da6243 4283 if (powered) {
229ab39c
JH		 4284 if (powered_update_hci(hdev) == 0)
4285 return 0;
fe038884 4286
229ab39c
JH		 4287 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp,
4288 &match);
4289 goto new_settings;
b24752fe
JH		 4290 }
4291
229ab39c
JH		 4292 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
4293 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status_not_powered);
4294
4295 if (memcmp(hdev->dev_class, zero_cod, sizeof(zero_cod)) != 0)
4296 mgmt_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev,
4297 zero_cod, sizeof(zero_cod), NULL);
4298
4299new_settings:
beadb2bd 4300 err = new_settings(hdev, match.sk);
eec8d2bc
JH		 4301
4302 if (match.sk)
4303 sock_put(match.sk);
4304
7bb895d6 4305 return err;
5add6af8 4306}
73f22f62 4307
3eec705e 4308void mgmt_set_powered_failed(struct hci_dev *hdev, int err)
96570ffc
JH		 4309{
4310 struct pending_cmd *cmd;
4311 u8 status;
4312
4313 cmd = mgmt_pending_find(MGMT_OP_SET_POWERED, hdev);
4314 if (!cmd)
3eec705e 4315 return;
96570ffc
JH		 4316
4317 if (err == -ERFKILL)
4318 status = MGMT_STATUS_RFKILLED;
4319 else
4320 status = MGMT_STATUS_FAILED;
4321
3eec705e 4322 cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_POWERED, status);
96570ffc
JH		 4323
4324 mgmt_pending_remove(cmd);
96570ffc
JH		 4325}
4326
d1967ff8
MH		 4327void mgmt_discoverable_timeout(struct hci_dev *hdev)
4328{
4329 struct hci_request req;
4330 u8 scan = SCAN_PAGE;
4331
4332 hci_dev_lock(hdev);
4333
4334 /* When discoverable timeout triggers, then just make sure
4335 * the limited discoverable flag is cleared. Even in the case
4336 * of a timeout triggered from general discoverable, it is
4337 * safe to unconditionally clear the flag.
4338 */
4339 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
4340
4341 hci_req_init(&req, hdev);
4342 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, sizeof(scan), &scan);
4343 update_class(&req);
4344 hci_req_run(&req, NULL);
4345
4346 hdev->discov_timeout = 0;
4347
4348 hci_dev_unlock(hdev);
4349}
4350
86a75645 4351void mgmt_discoverable(struct hci_dev *hdev, u8 discoverable)
73f22f62 4352{
86a75645 4353 bool changed;
73f22f62 4354
bfaf8c9f
JH		 4355 /* Nothing needed here if there's a pending command since that
4356 * commands request completion callback takes care of everything
4357 * necessary.
4358 */
4359 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev))
86a75645 4360 return;
bfaf8c9f 4361
86a75645
MH		 4362 if (discoverable)
4363 changed = !test_and_set_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
4364 else
4365 changed = test_and_clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
73f22f62 4366
beadb2bd 4367 if (changed)
86a75645 4368 new_settings(hdev, NULL);
73f22f62 4369}
9fbcbb45 4370
a330916c 4371void mgmt_connectable(struct hci_dev *hdev, u8 connectable)
9fbcbb45 4372{
a330916c 4373 bool changed;
9fbcbb45 4374
d7b856f9
JH		 4375 /* Nothing needed here if there's a pending command since that
4376 * commands request completion callback takes care of everything
4377 * necessary.
4378 */
4379 if (mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev))
a330916c 4380 return;
d7b856f9 4381
a330916c
MH		 4382 if (connectable)
4383 changed = !test_and_set_bit(HCI_CONNECTABLE, &hdev->dev_flags);
4384 else
4385 changed = test_and_clear_bit(HCI_CONNECTABLE, &hdev->dev_flags);
9fbcbb45 4386
beadb2bd 4387 if (changed)
a330916c 4388 new_settings(hdev, NULL);
9fbcbb45 4389}
55ed8ca1 4390
4796e8af 4391void mgmt_write_scan_failed(struct hci_dev *hdev, u8 scan, u8 status)
2d7cee58 4392{
ca69b795
JH		 4393 u8 mgmt_err = mgmt_status(status);
4394
2d7cee58 4395 if (scan & SCAN_PAGE)
744cf19e 4396 mgmt_pending_foreach(MGMT_OP_SET_CONNECTABLE, hdev,
04124681 4397 cmd_status_rsp, &mgmt_err);
2d7cee58
JH		 4398
4399 if (scan & SCAN_INQUIRY)
744cf19e 4400 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, hdev,
04124681 4401 cmd_status_rsp, &mgmt_err);
2d7cee58
JH		 4402}
4403
dc4a5ee2
MH		 4404void mgmt_new_link_key(struct hci_dev *hdev, struct link_key *key,
4405 bool persistent)
55ed8ca1 4406{
86742e1e 4407 struct mgmt_ev_new_link_key ev;
55ed8ca1 4408
a492cd52 4409 memset(&ev, 0, sizeof(ev));
55ed8ca1 4410
a492cd52 4411 ev.store_hint = persistent;
d753fdc4 4412 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
591f47f3 4413 ev.key.addr.type = BDADDR_BREDR;
a492cd52 4414 ev.key.type = key->type;
9b3b4460 4415 memcpy(ev.key.val, key->val, HCI_LINK_KEY_SIZE);
a492cd52 4416 ev.key.pin_len = key->pin_len;
55ed8ca1 4417
dc4a5ee2 4418 mgmt_event(MGMT_EV_NEW_LINK_KEY, hdev, &ev, sizeof(ev), NULL);
55ed8ca1 4419}
f7520543 4420
083368f7 4421void mgmt_new_ltk(struct hci_dev *hdev, struct smp_ltk *key, u8 persistent)
346af67b
VCG		 4422{
4423 struct mgmt_ev_new_long_term_key ev;
4424
4425 memset(&ev, 0, sizeof(ev));
4426
4427 ev.store_hint = persistent;
4428 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
57c1477c 4429 ev.key.addr.type = link_to_bdaddr(LE_LINK, key->bdaddr_type);
346af67b
VCG		 4430 ev.key.authenticated = key->authenticated;
4431 ev.key.enc_size = key->enc_size;
4432 ev.key.ediv = key->ediv;
4433
4434 if (key->type == HCI_SMP_LTK)
4435 ev.key.master = 1;
4436
4437 memcpy(ev.key.rand, key->rand, sizeof(key->rand));
4438 memcpy(ev.key.val, key->val, sizeof(key->val));
4439
083368f7 4440 mgmt_event(MGMT_EV_NEW_LONG_TERM_KEY, hdev, &ev, sizeof(ev), NULL);
346af67b
VCG		 4441}
4442
94933991
MH		 4443static inline u16 eir_append_data(u8 *eir, u16 eir_len, u8 type, u8 *data,
4444 u8 data_len)
4445{
4446 eir[eir_len++] = sizeof(type) + data_len;
4447 eir[eir_len++] = type;
4448 memcpy(&eir[eir_len], data, data_len);
4449 eir_len += data_len;
4450
4451 return eir_len;
4452}
4453
ecd90ae7
MH		 4454void mgmt_device_connected(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
4455 u8 addr_type, u32 flags, u8 *name, u8 name_len,
4456 u8 *dev_class)
f7520543 4457{
b644ba33
JH		 4458 char buf[512];
4459 struct mgmt_ev_device_connected *ev = (void *) buf;
4460 u16 eir_len = 0;
f7520543 4461
b644ba33 4462 bacpy(&ev->addr.bdaddr, bdaddr);
57c1477c 4463 ev->addr.type = link_to_bdaddr(link_type, addr_type);
f7520543 4464
c95f0ba7 4465 ev->flags = __cpu_to_le32(flags);
08c79b61 4466
b644ba33
JH		 4467 if (name_len > 0)
4468 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE,
04124681 4469 name, name_len);
b644ba33
JH		 4470
4471 if (dev_class && memcmp(dev_class, "\0\0\0", 3) != 0)
53156385 4472 eir_len = eir_append_data(ev->eir, eir_len,
04124681 4473 EIR_CLASS_OF_DEV, dev_class, 3);
b644ba33 4474
eb55ef07 4475 ev->eir_len = cpu_to_le16(eir_len);
b644ba33 4476
ecd90ae7
MH		 4477 mgmt_event(MGMT_EV_DEVICE_CONNECTED, hdev, buf,
4478 sizeof(*ev) + eir_len, NULL);
f7520543
JH		 4479}
4480
8962ee74
JH		 4481static void disconnect_rsp(struct pending_cmd *cmd, void *data)
4482{
c68fb7ff 4483 struct mgmt_cp_disconnect *cp = cmd->param;
8962ee74 4484 struct sock **sk = data;
a38528f1 4485 struct mgmt_rp_disconnect rp;
8962ee74 4486
88c3df13
JH		 4487 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
4488 rp.addr.type = cp->addr.type;
8962ee74 4489
aee9b218 4490 cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT, 0, &rp,
04124681 4491 sizeof(rp));
8962ee74
JH		 4492
4493 *sk = cmd->sk;
4494 sock_hold(*sk);
4495
a664b5bc 4496 mgmt_pending_remove(cmd);
8962ee74
JH		 4497}
4498
124f6e35 4499static void unpair_device_rsp(struct pending_cmd *cmd, void *data)
a8a1d19e 4500{
b1078ad0 4501 struct hci_dev *hdev = data;
124f6e35
JH		 4502 struct mgmt_cp_unpair_device *cp = cmd->param;
4503 struct mgmt_rp_unpair_device rp;
a8a1d19e
JH		 4504
4505 memset(&rp, 0, sizeof(rp));
124f6e35
JH		 4506 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
4507 rp.addr.type = cp->addr.type;
a8a1d19e 4508
b1078ad0
JH		 4509 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, cmd->sk);
4510
aee9b218 4511 cmd_complete(cmd->sk, cmd->index, cmd->opcode, 0, &rp, sizeof(rp));
a8a1d19e
JH		 4512
4513 mgmt_pending_remove(cmd);
4514}
4515
9b80ec5e
MH		 4516void mgmt_device_disconnected(struct hci_dev *hdev, bdaddr_t *bdaddr,
4517 u8 link_type, u8 addr_type, u8 reason)
f7520543 4518{
f0d6a0ea 4519 struct mgmt_ev_device_disconnected ev;
8962ee74 4520 struct sock *sk = NULL;
8962ee74 4521
744cf19e 4522 mgmt_pending_foreach(MGMT_OP_DISCONNECT, hdev, disconnect_rsp, &sk);
f7520543 4523
f0d6a0ea
MA		 4524 bacpy(&ev.addr.bdaddr, bdaddr);
4525 ev.addr.type = link_to_bdaddr(link_type, addr_type);
4526 ev.reason = reason;
f7520543 4527
9b80ec5e 4528 mgmt_event(MGMT_EV_DEVICE_DISCONNECTED, hdev, &ev, sizeof(ev), sk);
8962ee74
JH		 4529
4530 if (sk)
d97dcb66 4531 sock_put(sk);
8962ee74 4532
124f6e35 4533 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
04124681 4534 hdev);
8962ee74
JH		 4535}
4536
7892924c
MH		 4537void mgmt_disconnect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr,
4538 u8 link_type, u8 addr_type, u8 status)
8962ee74 4539{
88c3df13 4540 struct mgmt_rp_disconnect rp;
8962ee74 4541 struct pending_cmd *cmd;
8962ee74 4542
36a75f1b
JD		 4543 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
4544 hdev);
4545
2e58ef3e 4546 cmd = mgmt_pending_find(MGMT_OP_DISCONNECT, hdev);
8962ee74 4547 if (!cmd)
7892924c 4548 return;
8962ee74 4549
88c3df13 4550 bacpy(&rp.addr.bdaddr, bdaddr);
57c1477c 4551 rp.addr.type = link_to_bdaddr(link_type, addr_type);
37d9ef76 4552
7892924c
MH		 4553 cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT,
4554 mgmt_status(status), &rp, sizeof(rp));
8962ee74 4555
a664b5bc 4556 mgmt_pending_remove(cmd);
f7520543 4557}
17d5c04c 4558
445608d0
MH		 4559void mgmt_connect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
4560 u8 addr_type, u8 status)
17d5c04c
JH		 4561{
4562 struct mgmt_ev_connect_failed ev;
4563
4c659c39 4564 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 4565 ev.addr.type = link_to_bdaddr(link_type, addr_type);
ca69b795 4566 ev.status = mgmt_status(status);
17d5c04c 4567
445608d0 4568 mgmt_event(MGMT_EV_CONNECT_FAILED, hdev, &ev, sizeof(ev), NULL);
17d5c04c 4569}
980e1a53 4570
ce0e4a0d 4571void mgmt_pin_code_request(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 secure)
980e1a53
JH		 4572{
4573 struct mgmt_ev_pin_code_request ev;
4574
d8457698 4575 bacpy(&ev.addr.bdaddr, bdaddr);
591f47f3 4576 ev.addr.type = BDADDR_BREDR;
a770bb5a 4577 ev.secure = secure;
980e1a53 4578
ce0e4a0d 4579 mgmt_event(MGMT_EV_PIN_CODE_REQUEST, hdev, &ev, sizeof(ev), NULL);
980e1a53
JH		 4580}
4581
e669cf80
MH		 4582void mgmt_pin_code_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
4583 u8 status)
980e1a53
JH		 4584{
4585 struct pending_cmd *cmd;
ac56fb13 4586 struct mgmt_rp_pin_code_reply rp;
980e1a53 4587
2e58ef3e 4588 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_REPLY, hdev);
980e1a53 4589 if (!cmd)
e669cf80 4590 return;
980e1a53 4591
d8457698 4592 bacpy(&rp.addr.bdaddr, bdaddr);
591f47f3 4593 rp.addr.type = BDADDR_BREDR;
ac56fb13 4594
e669cf80
MH		 4595 cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
4596 mgmt_status(status), &rp, sizeof(rp));
980e1a53 4597
a664b5bc 4598 mgmt_pending_remove(cmd);
980e1a53
JH		 4599}
4600
3eb38528
MH		 4601void mgmt_pin_code_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
4602 u8 status)
980e1a53
JH		 4603{
4604 struct pending_cmd *cmd;
ac56fb13 4605 struct mgmt_rp_pin_code_reply rp;
980e1a53 4606
2e58ef3e 4607 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_NEG_REPLY, hdev);
980e1a53 4608 if (!cmd)
3eb38528 4609 return;
980e1a53 4610
d8457698 4611 bacpy(&rp.addr.bdaddr, bdaddr);
591f47f3 4612 rp.addr.type = BDADDR_BREDR;
ac56fb13 4613
3eb38528
MH		 4614 cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_NEG_REPLY,
4615 mgmt_status(status), &rp, sizeof(rp));
980e1a53 4616
a664b5bc 4617 mgmt_pending_remove(cmd);
980e1a53 4618}
a5c29683 4619
744cf19e 4620int mgmt_user_confirm_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681
GP		 4621 u8 link_type, u8 addr_type, __le32 value,
4622 u8 confirm_hint)
a5c29683
JH		 4623{
4624 struct mgmt_ev_user_confirm_request ev;
4625
744cf19e 4626 BT_DBG("%s", hdev->name);
a5c29683 4627
272d90df 4628 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 4629 ev.addr.type = link_to_bdaddr(link_type, addr_type);
55bc1a37 4630 ev.confirm_hint = confirm_hint;
78e8098e 4631 ev.value = value;
a5c29683 4632
744cf19e 4633 return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST, hdev, &ev, sizeof(ev),
04124681 4634 NULL);
a5c29683
JH		 4635}
4636
272d90df 4637int mgmt_user_passkey_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
8ce8e2b5 4638 u8 link_type, u8 addr_type)
604086b7
BG		 4639{
4640 struct mgmt_ev_user_passkey_request ev;
4641
4642 BT_DBG("%s", hdev->name);
4643
272d90df 4644 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 4645 ev.addr.type = link_to_bdaddr(link_type, addr_type);
604086b7
BG		 4646
4647 return mgmt_event(MGMT_EV_USER_PASSKEY_REQUEST, hdev, &ev, sizeof(ev),
04124681 4648 NULL);
604086b7
BG		 4649}
4650
0df4c185 4651static int user_pairing_resp_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
8ce8e2b5
GP		 4652 u8 link_type, u8 addr_type, u8 status,
4653 u8 opcode)
a5c29683
JH		 4654{
4655 struct pending_cmd *cmd;
4656 struct mgmt_rp_user_confirm_reply rp;
4657 int err;
4658
2e58ef3e 4659 cmd = mgmt_pending_find(opcode, hdev);
a5c29683
JH		 4660 if (!cmd)
4661 return -ENOENT;
4662
272d90df 4663 bacpy(&rp.addr.bdaddr, bdaddr);
57c1477c 4664 rp.addr.type = link_to_bdaddr(link_type, addr_type);
aee9b218 4665 err = cmd_complete(cmd->sk, hdev->id, opcode, mgmt_status(status),
04124681 4666 &rp, sizeof(rp));
a5c29683 4667
a664b5bc 4668 mgmt_pending_remove(cmd);
a5c29683
JH		 4669
4670 return err;
4671}
4672
744cf19e 4673int mgmt_user_confirm_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 4674 u8 link_type, u8 addr_type, u8 status)
a5c29683 4675{
272d90df 4676 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
04124681 4677 status, MGMT_OP_USER_CONFIRM_REPLY);
a5c29683
JH		 4678}
4679
272d90df 4680int mgmt_user_confirm_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 4681 u8 link_type, u8 addr_type, u8 status)
a5c29683 4682{
272d90df 4683 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
8fc9ced3
GP		 4684 status,
4685 MGMT_OP_USER_CONFIRM_NEG_REPLY);
a5c29683 4686}
2a611692 4687
604086b7 4688int mgmt_user_passkey_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 4689 u8 link_type, u8 addr_type, u8 status)
604086b7 4690{
272d90df 4691 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
04124681 4692 status, MGMT_OP_USER_PASSKEY_REPLY);
604086b7
BG		 4693}
4694
272d90df 4695int mgmt_user_passkey_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 4696 u8 link_type, u8 addr_type, u8 status)
604086b7 4697{
272d90df 4698 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
8fc9ced3
GP		 4699 status,
4700 MGMT_OP_USER_PASSKEY_NEG_REPLY);
604086b7
BG		 4701}
4702
92a25256
JH		 4703int mgmt_user_passkey_notify(struct hci_dev *hdev, bdaddr_t *bdaddr,
4704 u8 link_type, u8 addr_type, u32 passkey,
4705 u8 entered)
4706{
4707 struct mgmt_ev_passkey_notify ev;
4708
4709 BT_DBG("%s", hdev->name);
4710
4711 bacpy(&ev.addr.bdaddr, bdaddr);
4712 ev.addr.type = link_to_bdaddr(link_type, addr_type);
4713 ev.passkey = __cpu_to_le32(passkey);
4714 ev.entered = entered;
4715
4716 return mgmt_event(MGMT_EV_PASSKEY_NOTIFY, hdev, &ev, sizeof(ev), NULL);
4717}
4718
e546099c
MH		 4719void mgmt_auth_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
4720 u8 addr_type, u8 status)
2a611692
JH		 4721{
4722 struct mgmt_ev_auth_failed ev;
4723
bab73cb6 4724 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 4725 ev.addr.type = link_to_bdaddr(link_type, addr_type);
ca69b795 4726 ev.status = mgmt_status(status);
2a611692 4727
e546099c 4728 mgmt_event(MGMT_EV_AUTH_FAILED, hdev, &ev, sizeof(ev), NULL);
2a611692 4729}
b312b161 4730
464996ae 4731void mgmt_auth_enable_complete(struct hci_dev *hdev, u8 status)
33ef95ed
JH		 4732{
4733 struct cmd_lookup match = { NULL, hdev };
464996ae 4734 bool changed;
33ef95ed
JH		 4735
4736 if (status) {
4737 u8 mgmt_err = mgmt_status(status);
4738 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev,
04124681 4739 cmd_status_rsp, &mgmt_err);
464996ae 4740 return;
33ef95ed
JH		 4741 }
4742
464996ae
MH		 4743 if (test_bit(HCI_AUTH, &hdev->flags))
4744 changed = !test_and_set_bit(HCI_LINK_SECURITY,
4745 &hdev->dev_flags);
4746 else
4747 changed = test_and_clear_bit(HCI_LINK_SECURITY,
4748 &hdev->dev_flags);
47990ea0 4749
33ef95ed 4750 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev, settings_rsp,
04124681 4751 &match);
33ef95ed 4752
47990ea0 4753 if (changed)
464996ae 4754 new_settings(hdev, match.sk);
33ef95ed
JH		 4755
4756 if (match.sk)
4757 sock_put(match.sk);
33ef95ed
JH		 4758}
4759
890ea898 4760static void clear_eir(struct hci_request *req)
cacaf52f 4761{
890ea898 4762 struct hci_dev *hdev = req->hdev;
cacaf52f
JH		 4763 struct hci_cp_write_eir cp;
4764
976eb20e 4765 if (!lmp_ext_inq_capable(hdev))
890ea898 4766 return;
cacaf52f 4767
c80da27e
JH		 4768 memset(hdev->eir, 0, sizeof(hdev->eir));
4769
cacaf52f
JH		 4770 memset(&cp, 0, sizeof(cp));
4771
890ea898 4772 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
cacaf52f
JH		 4773}
4774
3e248560 4775void mgmt_ssp_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
ed2c4ee3
JH		 4776{
4777 struct cmd_lookup match = { NULL, hdev };
890ea898 4778 struct hci_request req;
c0ecddc2 4779 bool changed = false;
ed2c4ee3
JH		 4780
4781 if (status) {
4782 u8 mgmt_err = mgmt_status(status);
c0ecddc2
JH		 4783
4784 if (enable && test_and_clear_bit(HCI_SSP_ENABLED,
9ecb3e24
MH		 4785 &hdev->dev_flags)) {
4786 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
3e248560 4787 new_settings(hdev, NULL);
9ecb3e24 4788 }
c0ecddc2 4789
04124681
GP		 4790 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, cmd_status_rsp,
4791 &mgmt_err);
3e248560 4792 return;
c0ecddc2
JH		 4793 }
4794
4795 if (enable) {
9ecb3e24 4796 changed = !test_and_set_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
c0ecddc2 4797 } else {
9ecb3e24
MH		 4798 changed = test_and_clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
4799 if (!changed)
4800 changed = test_and_clear_bit(HCI_HS_ENABLED,
4801 &hdev->dev_flags);
4802 else
4803 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
ed2c4ee3
JH		 4804 }
4805
4806 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, settings_rsp, &match);
4807
c0ecddc2 4808 if (changed)
3e248560 4809 new_settings(hdev, match.sk);
ed2c4ee3 4810
5fc6ebb1 4811 if (match.sk)
ed2c4ee3
JH		 4812 sock_put(match.sk);
4813
890ea898
JH		 4814 hci_req_init(&req, hdev);
4815
5fc6ebb1 4816 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
890ea898 4817 update_eir(&req);
5fc6ebb1 4818 else
890ea898
JH		 4819 clear_eir(&req);
4820
4821 hci_req_run(&req, NULL);
ed2c4ee3
JH		 4822}
4823
92da6097 4824static void sk_lookup(struct pending_cmd *cmd, void *data)
90e70454
JH		 4825{
4826 struct cmd_lookup *match = data;
4827
90e70454
JH		 4828 if (match->sk == NULL) {
4829 match->sk = cmd->sk;
4830 sock_hold(match->sk);
4831 }
90e70454
JH		 4832}
4833
4e1b0245
MH		 4834void mgmt_set_class_of_dev_complete(struct hci_dev *hdev, u8 *dev_class,
4835 u8 status)
7f9a903c 4836{
90e70454 4837 struct cmd_lookup match = { NULL, hdev, mgmt_status(status) };
7f9a903c 4838
92da6097
JH		 4839 mgmt_pending_foreach(MGMT_OP_SET_DEV_CLASS, hdev, sk_lookup, &match);
4840 mgmt_pending_foreach(MGMT_OP_ADD_UUID, hdev, sk_lookup, &match);
4841 mgmt_pending_foreach(MGMT_OP_REMOVE_UUID, hdev, sk_lookup, &match);
90e70454
JH		 4842
4843 if (!status)
4e1b0245
MH		 4844 mgmt_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev, dev_class, 3,
4845 NULL);
90e70454
JH		 4846
4847 if (match.sk)
4848 sock_put(match.sk);
7f9a903c
MH		 4849}
4850
7667da34 4851void mgmt_set_local_name_complete(struct hci_dev *hdev, u8 *name, u8 status)
b312b161 4852{
b312b161 4853 struct mgmt_cp_set_local_name ev;
13928971 4854 struct pending_cmd *cmd;
28cc7bde 4855
13928971 4856 if (status)
7667da34 4857 return;
b312b161
JH		 4858
4859 memset(&ev, 0, sizeof(ev));
4860 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH);
28cc7bde 4861 memcpy(ev.short_name, hdev->short_name, HCI_MAX_SHORT_NAME_LENGTH);
b312b161 4862
2e58ef3e 4863 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
13928971
JH		 4864 if (!cmd) {
4865 memcpy(hdev->dev_name, name, sizeof(hdev->dev_name));
28cc7bde 4866
13928971
JH		 4867 /* If this is a HCI command related to powering on the
4868 * HCI dev don't send any mgmt signals.
4869 */
4870 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev))
7667da34 4871 return;
890ea898 4872 }
b312b161 4873
7667da34
MH		 4874 mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, &ev, sizeof(ev),
4875 cmd ? cmd->sk : NULL);
b312b161 4876}
c35938b2 4877
3edaf092
MH		 4878void mgmt_read_local_oob_data_reply_complete(struct hci_dev *hdev, u8 *hash,
4879 u8 *randomizer, u8 status)
c35938b2
SJ		 4880{
4881 struct pending_cmd *cmd;
c35938b2 4882
744cf19e 4883 BT_DBG("%s status %u", hdev->name, status);
c35938b2 4884
2e58ef3e 4885 cmd = mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev);
c35938b2 4886 if (!cmd)
3edaf092 4887 return;
c35938b2
SJ		 4888
4889 if (status) {
3edaf092
MH		 4890 cmd_status(cmd->sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
4891 mgmt_status(status));
c35938b2
SJ		 4892 } else {
4893 struct mgmt_rp_read_local_oob_data rp;
4894
4895 memcpy(rp.hash, hash, sizeof(rp.hash));
4896 memcpy(rp.randomizer, randomizer, sizeof(rp.randomizer));
4897
3edaf092
MH		 4898 cmd_complete(cmd->sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
4899 0, &rp, sizeof(rp));
c35938b2
SJ		 4900 }
4901
4902 mgmt_pending_remove(cmd);
c35938b2 4903}
e17acd40 4904
901801b9
MH		 4905void mgmt_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
4906 u8 addr_type, u8 *dev_class, s8 rssi, u8 cfm_name, u8
4907 ssp, u8 *eir, u16 eir_len)
e17acd40 4908{
e319d2e7
JH		 4909 char buf[512];
4910 struct mgmt_ev_device_found *ev = (void *) buf;
1dc06093 4911 size_t ev_size;
e17acd40 4912
12602d0c 4913 if (!hci_discovery_active(hdev))
901801b9 4914 return;
12602d0c 4915
1dc06093
JH		 4916 /* Leave 5 bytes for a potential CoD field */
4917 if (sizeof(*ev) + eir_len + 5 > sizeof(buf))
901801b9 4918 return;
7d262f86 4919
1dc06093
JH		 4920 memset(buf, 0, sizeof(buf));
4921
e319d2e7 4922 bacpy(&ev->addr.bdaddr, bdaddr);
57c1477c 4923 ev->addr.type = link_to_bdaddr(link_type, addr_type);
e319d2e7 4924 ev->rssi = rssi;
9a395a80 4925 if (cfm_name)
612dfce9 4926 ev->flags |= __constant_cpu_to_le32(MGMT_DEV_FOUND_CONFIRM_NAME);
388fc8fa 4927 if (!ssp)
612dfce9 4928 ev->flags |= __constant_cpu_to_le32(MGMT_DEV_FOUND_LEGACY_PAIRING);
e17acd40 4929
1dc06093 4930 if (eir_len > 0)
e319d2e7 4931 memcpy(ev->eir, eir, eir_len);
e17acd40 4932
1dc06093
JH		 4933 if (dev_class && !eir_has_data_type(ev->eir, eir_len, EIR_CLASS_OF_DEV))
4934 eir_len = eir_append_data(ev->eir, eir_len, EIR_CLASS_OF_DEV,
04124681 4935 dev_class, 3);
1dc06093 4936
eb55ef07 4937 ev->eir_len = cpu_to_le16(eir_len);
1dc06093 4938 ev_size = sizeof(*ev) + eir_len;
f8523598 4939
901801b9 4940 mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, ev_size, NULL);
e17acd40 4941}
a88a9652 4942
9cf12aee
MH		 4943void mgmt_remote_name(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
4944 u8 addr_type, s8 rssi, u8 *name, u8 name_len)
a88a9652 4945{
b644ba33
JH		 4946 struct mgmt_ev_device_found *ev;
4947 char buf[sizeof(*ev) + HCI_MAX_NAME_LENGTH + 2];
4948 u16 eir_len;
a88a9652 4949
b644ba33 4950 ev = (struct mgmt_ev_device_found *) buf;
a88a9652 4951
b644ba33
JH		 4952 memset(buf, 0, sizeof(buf));
4953
4954 bacpy(&ev->addr.bdaddr, bdaddr);
57c1477c 4955 ev->addr.type = link_to_bdaddr(link_type, addr_type);
b644ba33
JH		 4956 ev->rssi = rssi;
4957
4958 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE, name,
04124681 4959 name_len);
b644ba33 4960
eb55ef07 4961 ev->eir_len = cpu_to_le16(eir_len);
a88a9652 4962
9cf12aee 4963 mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, sizeof(*ev) + eir_len, NULL);
a88a9652 4964}
314b2381 4965
2f1e063b 4966void mgmt_discovering(struct hci_dev *hdev, u8 discovering)
314b2381 4967{
f963e8e9 4968 struct mgmt_ev_discovering ev;
164a6e78
JH		 4969 struct pending_cmd *cmd;
4970
343fb145
AG		 4971 BT_DBG("%s discovering %u", hdev->name, discovering);
4972
164a6e78 4973 if (discovering)
2e58ef3e 4974 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
164a6e78 4975 else
2e58ef3e 4976 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
164a6e78
JH		 4977
4978 if (cmd != NULL) {
f808e166
JH		 4979 u8 type = hdev->discovery.type;
4980
04124681
GP		 4981 cmd_complete(cmd->sk, hdev->id, cmd->opcode, 0, &type,
4982 sizeof(type));
164a6e78
JH		 4983 mgmt_pending_remove(cmd);
4984 }
4985
f963e8e9
JH		 4986 memset(&ev, 0, sizeof(ev));
4987 ev.type = hdev->discovery.type;
4988 ev.discovering = discovering;
4989
2f1e063b 4990 mgmt_event(MGMT_EV_DISCOVERING, hdev, &ev, sizeof(ev), NULL);
314b2381 4991}
5e762444 4992
88c1fe4b 4993int mgmt_device_blocked(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
5e762444
AJ		 4994{
4995 struct pending_cmd *cmd;
4996 struct mgmt_ev_device_blocked ev;
4997
2e58ef3e 4998 cmd = mgmt_pending_find(MGMT_OP_BLOCK_DEVICE, hdev);
5e762444 4999
88c1fe4b
JH		 5000 bacpy(&ev.addr.bdaddr, bdaddr);
5001 ev.addr.type = type;
5e762444 5002
744cf19e 5003 return mgmt_event(MGMT_EV_DEVICE_BLOCKED, hdev, &ev, sizeof(ev),
04124681 5004 cmd ? cmd->sk : NULL);
5e762444
AJ		 5005}
5006
88c1fe4b 5007int mgmt_device_unblocked(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
5e762444
AJ		 5008{
5009 struct pending_cmd *cmd;
5010 struct mgmt_ev_device_unblocked ev;
5011
2e58ef3e 5012 cmd = mgmt_pending_find(MGMT_OP_UNBLOCK_DEVICE, hdev);
5e762444 5013
88c1fe4b
JH		 5014 bacpy(&ev.addr.bdaddr, bdaddr);
5015 ev.addr.type = type;
5e762444 5016
744cf19e 5017 return mgmt_event(MGMT_EV_DEVICE_UNBLOCKED, hdev, &ev, sizeof(ev),
04124681 5018 cmd ? cmd->sk : NULL);
5e762444 5019}
5976e608
MH		 5020
5021static void adv_enable_complete(struct hci_dev *hdev, u8 status)
5022{
5023 BT_DBG("%s status %u", hdev->name, status);
5024
5025 /* Clear the advertising mgmt setting if we failed to re-enable it */
5026 if (status) {
5027 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
a6d811ed 5028 new_settings(hdev, NULL);
5976e608
MH		 5029 }
5030}
5031
5032void mgmt_reenable_advertising(struct hci_dev *hdev)
5033{
5034 struct hci_request req;
5035
b145edcd 5036 if (hci_conn_num(hdev, LE_LINK) > 0)
5976e608
MH		 5037 return;
5038
5039 if (!test_bit(HCI_ADVERTISING, &hdev->dev_flags))
5040 return;
5041
5042 hci_req_init(&req, hdev);
5043 enable_advertising(&req);
5044
5045 /* If this fails we have no option but to let user space know
5046 * that we've disabled advertising.
5047 */
5048 if (hci_req_run(&req, adv_enable_complete) < 0) {
5049 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
a6d811ed 5050 new_settings(hdev, NULL);
5976e608
MH		 5051 }
5052}
Linux kernel - Deliverables
This page took 0.54307 seconds and 5 git commands to generate.