projects / deliverable / linux.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Bluetooth: Remove start discovery handling from hci_event.c
[deliverable/linux.git] / net / bluetooth / mgmt.c
CommitLineData
0381101f
JH		 1/*
2 BlueZ - Bluetooth protocol stack for Linux
ea585ab5 3
0381101f 4 Copyright (C) 2010 Nokia Corporation
ea585ab5 5 Copyright (C) 2011-2012 Intel Corporation
0381101f
JH		 6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
10
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
23*/
24
25/* Bluetooth HCI Management interface */
26
3a9a231d 27#include <linux/module.h>
0381101f
JH		 28#include <asm/unaligned.h>
29
30#include <net/bluetooth/bluetooth.h>
31#include <net/bluetooth/hci_core.h>
32#include <net/bluetooth/mgmt.h>
5fe57d9e 33#include <net/bluetooth/smp.h>
0381101f 34
d7b7e796 35bool enable_hs;
d7b7e796 36
2da9c55c 37#define MGMT_VERSION 1
3810285c 38#define MGMT_REVISION 3
02d98129 39
e70bb2e8
JH		 40static const u16 mgmt_commands[] = {
41 MGMT_OP_READ_INDEX_LIST,
42 MGMT_OP_READ_INFO,
43 MGMT_OP_SET_POWERED,
44 MGMT_OP_SET_DISCOVERABLE,
45 MGMT_OP_SET_CONNECTABLE,
46 MGMT_OP_SET_FAST_CONNECTABLE,
47 MGMT_OP_SET_PAIRABLE,
48 MGMT_OP_SET_LINK_SECURITY,
49 MGMT_OP_SET_SSP,
50 MGMT_OP_SET_HS,
51 MGMT_OP_SET_LE,
52 MGMT_OP_SET_DEV_CLASS,
53 MGMT_OP_SET_LOCAL_NAME,
54 MGMT_OP_ADD_UUID,
55 MGMT_OP_REMOVE_UUID,
56 MGMT_OP_LOAD_LINK_KEYS,
57 MGMT_OP_LOAD_LONG_TERM_KEYS,
58 MGMT_OP_DISCONNECT,
59 MGMT_OP_GET_CONNECTIONS,
60 MGMT_OP_PIN_CODE_REPLY,
61 MGMT_OP_PIN_CODE_NEG_REPLY,
62 MGMT_OP_SET_IO_CAPABILITY,
63 MGMT_OP_PAIR_DEVICE,
64 MGMT_OP_CANCEL_PAIR_DEVICE,
65 MGMT_OP_UNPAIR_DEVICE,
66 MGMT_OP_USER_CONFIRM_REPLY,
67 MGMT_OP_USER_CONFIRM_NEG_REPLY,
68 MGMT_OP_USER_PASSKEY_REPLY,
69 MGMT_OP_USER_PASSKEY_NEG_REPLY,
70 MGMT_OP_READ_LOCAL_OOB_DATA,
71 MGMT_OP_ADD_REMOTE_OOB_DATA,
72 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
73 MGMT_OP_START_DISCOVERY,
74 MGMT_OP_STOP_DISCOVERY,
75 MGMT_OP_CONFIRM_NAME,
76 MGMT_OP_BLOCK_DEVICE,
77 MGMT_OP_UNBLOCK_DEVICE,
cdbaccca 78 MGMT_OP_SET_DEVICE_ID,
e70bb2e8
JH		 79};
80
81static const u16 mgmt_events[] = {
82 MGMT_EV_CONTROLLER_ERROR,
83 MGMT_EV_INDEX_ADDED,
84 MGMT_EV_INDEX_REMOVED,
85 MGMT_EV_NEW_SETTINGS,
86 MGMT_EV_CLASS_OF_DEV_CHANGED,
87 MGMT_EV_LOCAL_NAME_CHANGED,
88 MGMT_EV_NEW_LINK_KEY,
89 MGMT_EV_NEW_LONG_TERM_KEY,
90 MGMT_EV_DEVICE_CONNECTED,
91 MGMT_EV_DEVICE_DISCONNECTED,
92 MGMT_EV_CONNECT_FAILED,
93 MGMT_EV_PIN_CODE_REQUEST,
94 MGMT_EV_USER_CONFIRM_REQUEST,
95 MGMT_EV_USER_PASSKEY_REQUEST,
96 MGMT_EV_AUTH_FAILED,
97 MGMT_EV_DEVICE_FOUND,
98 MGMT_EV_DISCOVERING,
99 MGMT_EV_DEVICE_BLOCKED,
100 MGMT_EV_DEVICE_UNBLOCKED,
101 MGMT_EV_DEVICE_UNPAIRED,
92a25256 102 MGMT_EV_PASSKEY_NOTIFY,
e70bb2e8
JH		 103};
104
3fd24153
AG		 105/*
106 * These LE scan and inquiry parameters were chosen according to LE General
107 * Discovery Procedure specification.
108 */
3fd24153
AG		 109#define LE_SCAN_WIN 0x12
110#define LE_SCAN_INT 0x12
b6c7515a
AG		 111#define LE_SCAN_TIMEOUT_LE_ONLY msecs_to_jiffies(10240)
112#define LE_SCAN_TIMEOUT_BREDR_LE msecs_to_jiffies(5120)
3fd24153 113
e8777525 114#define INQUIRY_LEN_BREDR 0x08 /* TGAP(100) */
5e0452c0 115#define INQUIRY_LEN_BREDR_LE 0x04 /* TGAP(100)/2 */
2519a1fc 116
17b02e62 117#define CACHE_TIMEOUT msecs_to_jiffies(2 * 1000)
7d78525d 118
4b34ee78
JH		 119#define hdev_is_powered(hdev) (test_bit(HCI_UP, &hdev->flags) && \
120 !test_bit(HCI_AUTO_OFF, &hdev->dev_flags))
121
eec8d2bc
JH		 122struct pending_cmd {
123 struct list_head list;
fc2f4b13 124 u16 opcode;
eec8d2bc 125 int index;
c68fb7ff 126 void *param;
eec8d2bc 127 struct sock *sk;
e9a416b5 128 void *user_data;
eec8d2bc
JH		 129};
130
ca69b795
JH		 131/* HCI to MGMT error code conversion table */
132static u8 mgmt_status_table[] = {
133 MGMT_STATUS_SUCCESS,
134 MGMT_STATUS_UNKNOWN_COMMAND, /* Unknown Command */
135 MGMT_STATUS_NOT_CONNECTED, /* No Connection */
136 MGMT_STATUS_FAILED, /* Hardware Failure */
137 MGMT_STATUS_CONNECT_FAILED, /* Page Timeout */
138 MGMT_STATUS_AUTH_FAILED, /* Authentication Failed */
139 MGMT_STATUS_NOT_PAIRED, /* PIN or Key Missing */
140 MGMT_STATUS_NO_RESOURCES, /* Memory Full */
141 MGMT_STATUS_TIMEOUT, /* Connection Timeout */
142 MGMT_STATUS_NO_RESOURCES, /* Max Number of Connections */
143 MGMT_STATUS_NO_RESOURCES, /* Max Number of SCO Connections */
144 MGMT_STATUS_ALREADY_CONNECTED, /* ACL Connection Exists */
145 MGMT_STATUS_BUSY, /* Command Disallowed */
146 MGMT_STATUS_NO_RESOURCES, /* Rejected Limited Resources */
147 MGMT_STATUS_REJECTED, /* Rejected Security */
148 MGMT_STATUS_REJECTED, /* Rejected Personal */
149 MGMT_STATUS_TIMEOUT, /* Host Timeout */
150 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Feature */
151 MGMT_STATUS_INVALID_PARAMS, /* Invalid Parameters */
152 MGMT_STATUS_DISCONNECTED, /* OE User Ended Connection */
153 MGMT_STATUS_NO_RESOURCES, /* OE Low Resources */
154 MGMT_STATUS_DISCONNECTED, /* OE Power Off */
155 MGMT_STATUS_DISCONNECTED, /* Connection Terminated */
156 MGMT_STATUS_BUSY, /* Repeated Attempts */
157 MGMT_STATUS_REJECTED, /* Pairing Not Allowed */
158 MGMT_STATUS_FAILED, /* Unknown LMP PDU */
159 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Remote Feature */
160 MGMT_STATUS_REJECTED, /* SCO Offset Rejected */
161 MGMT_STATUS_REJECTED, /* SCO Interval Rejected */
162 MGMT_STATUS_REJECTED, /* Air Mode Rejected */
163 MGMT_STATUS_INVALID_PARAMS, /* Invalid LMP Parameters */
164 MGMT_STATUS_FAILED, /* Unspecified Error */
165 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported LMP Parameter Value */
166 MGMT_STATUS_FAILED, /* Role Change Not Allowed */
167 MGMT_STATUS_TIMEOUT, /* LMP Response Timeout */
168 MGMT_STATUS_FAILED, /* LMP Error Transaction Collision */
169 MGMT_STATUS_FAILED, /* LMP PDU Not Allowed */
170 MGMT_STATUS_REJECTED, /* Encryption Mode Not Accepted */
171 MGMT_STATUS_FAILED, /* Unit Link Key Used */
172 MGMT_STATUS_NOT_SUPPORTED, /* QoS Not Supported */
173 MGMT_STATUS_TIMEOUT, /* Instant Passed */
174 MGMT_STATUS_NOT_SUPPORTED, /* Pairing Not Supported */
175 MGMT_STATUS_FAILED, /* Transaction Collision */
176 MGMT_STATUS_INVALID_PARAMS, /* Unacceptable Parameter */
177 MGMT_STATUS_REJECTED, /* QoS Rejected */
178 MGMT_STATUS_NOT_SUPPORTED, /* Classification Not Supported */
179 MGMT_STATUS_REJECTED, /* Insufficient Security */
180 MGMT_STATUS_INVALID_PARAMS, /* Parameter Out Of Range */
181 MGMT_STATUS_BUSY, /* Role Switch Pending */
182 MGMT_STATUS_FAILED, /* Slot Violation */
183 MGMT_STATUS_FAILED, /* Role Switch Failed */
184 MGMT_STATUS_INVALID_PARAMS, /* EIR Too Large */
185 MGMT_STATUS_NOT_SUPPORTED, /* Simple Pairing Not Supported */
186 MGMT_STATUS_BUSY, /* Host Busy Pairing */
187 MGMT_STATUS_REJECTED, /* Rejected, No Suitable Channel */
188 MGMT_STATUS_BUSY, /* Controller Busy */
189 MGMT_STATUS_INVALID_PARAMS, /* Unsuitable Connection Interval */
190 MGMT_STATUS_TIMEOUT, /* Directed Advertising Timeout */
191 MGMT_STATUS_AUTH_FAILED, /* Terminated Due to MIC Failure */
192 MGMT_STATUS_CONNECT_FAILED, /* Connection Establishment Failed */
193 MGMT_STATUS_CONNECT_FAILED, /* MAC Connection Failed */
194};
195
bb4b2a9a
AE		 196bool mgmt_valid_hdev(struct hci_dev *hdev)
197{
198 return hdev->dev_type == HCI_BREDR;
199}
200
ca69b795
JH		 201static u8 mgmt_status(u8 hci_status)
202{
203 if (hci_status < ARRAY_SIZE(mgmt_status_table))
204 return mgmt_status_table[hci_status];
205
206 return MGMT_STATUS_FAILED;
207}
208
4e51eae9 209static int cmd_status(struct sock *sk, u16 index, u16 cmd, u8 status)
f7b64e69
JH		 210{
211 struct sk_buff *skb;
212 struct mgmt_hdr *hdr;
213 struct mgmt_ev_cmd_status *ev;
56b7d137 214 int err;
f7b64e69 215
34eb525c 216 BT_DBG("sock %p, index %u, cmd %u, status %u", sk, index, cmd, status);
f7b64e69 217
790eff44 218 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev), GFP_KERNEL);
f7b64e69
JH		 219 if (!skb)
220 return -ENOMEM;
221
222 hdr = (void *) skb_put(skb, sizeof(*hdr));
223
612dfce9 224 hdr->opcode = __constant_cpu_to_le16(MGMT_EV_CMD_STATUS);
4e51eae9 225 hdr->index = cpu_to_le16(index);
f7b64e69
JH		 226 hdr->len = cpu_to_le16(sizeof(*ev));
227
228 ev = (void *) skb_put(skb, sizeof(*ev));
229 ev->status = status;
eb55ef07 230 ev->opcode = cpu_to_le16(cmd);
f7b64e69 231
56b7d137
GP		 232 err = sock_queue_rcv_skb(sk, skb);
233 if (err < 0)
f7b64e69
JH		 234 kfree_skb(skb);
235
56b7d137 236 return err;
f7b64e69
JH		 237}
238
aee9b218 239static int cmd_complete(struct sock *sk, u16 index, u16 cmd, u8 status,
04124681 240 void *rp, size_t rp_len)
02d98129
JH		 241{
242 struct sk_buff *skb;
243 struct mgmt_hdr *hdr;
244 struct mgmt_ev_cmd_complete *ev;
56b7d137 245 int err;
02d98129
JH		 246
247 BT_DBG("sock %p", sk);
248
790eff44 249 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev) + rp_len, GFP_KERNEL);
02d98129
JH		 250 if (!skb)
251 return -ENOMEM;
252
253 hdr = (void *) skb_put(skb, sizeof(*hdr));
02d98129 254
612dfce9 255 hdr->opcode = __constant_cpu_to_le16(MGMT_EV_CMD_COMPLETE);
4e51eae9 256 hdr->index = cpu_to_le16(index);
a38528f1 257 hdr->len = cpu_to_le16(sizeof(*ev) + rp_len);
02d98129 258
a38528f1 259 ev = (void *) skb_put(skb, sizeof(*ev) + rp_len);
eb55ef07 260 ev->opcode = cpu_to_le16(cmd);
aee9b218 261 ev->status = status;
8020c16a
SJ		 262
263 if (rp)
264 memcpy(ev->data, rp, rp_len);
02d98129 265
56b7d137
GP		 266 err = sock_queue_rcv_skb(sk, skb);
267 if (err < 0)
02d98129
JH		 268 kfree_skb(skb);
269
e5f0e151 270 return err;
02d98129
JH		 271}
272
04124681
GP		 273static int read_version(struct sock *sk, struct hci_dev *hdev, void *data,
274 u16 data_len)
a38528f1
JH		 275{
276 struct mgmt_rp_read_version rp;
277
278 BT_DBG("sock %p", sk);
279
280 rp.version = MGMT_VERSION;
eb55ef07 281 rp.revision = __constant_cpu_to_le16(MGMT_REVISION);
a38528f1 282
aee9b218 283 return cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_VERSION, 0, &rp,
04124681 284 sizeof(rp));
a38528f1
JH		 285}
286
04124681
GP		 287static int read_commands(struct sock *sk, struct hci_dev *hdev, void *data,
288 u16 data_len)
e70bb2e8
JH		 289{
290 struct mgmt_rp_read_commands *rp;
eb55ef07
MH		 291 const u16 num_commands = ARRAY_SIZE(mgmt_commands);
292 const u16 num_events = ARRAY_SIZE(mgmt_events);
2e3c35ea 293 __le16 *opcode;
e70bb2e8
JH		 294 size_t rp_size;
295 int i, err;
296
297 BT_DBG("sock %p", sk);
298
299 rp_size = sizeof(*rp) + ((num_commands + num_events) * sizeof(u16));
300
301 rp = kmalloc(rp_size, GFP_KERNEL);
302 if (!rp)
303 return -ENOMEM;
304
eb55ef07
MH		 305 rp->num_commands = __constant_cpu_to_le16(num_commands);
306 rp->num_events = __constant_cpu_to_le16(num_events);
e70bb2e8
JH		 307
308 for (i = 0, opcode = rp->opcodes; i < num_commands; i++, opcode++)
309 put_unaligned_le16(mgmt_commands[i], opcode);
310
311 for (i = 0; i < num_events; i++, opcode++)
312 put_unaligned_le16(mgmt_events[i], opcode);
313
aee9b218 314 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_COMMANDS, 0, rp,
04124681 315 rp_size);
e70bb2e8
JH		 316 kfree(rp);
317
318 return err;
319}
320
04124681
GP		 321static int read_index_list(struct sock *sk, struct hci_dev *hdev, void *data,
322 u16 data_len)
faba42eb 323{
faba42eb 324 struct mgmt_rp_read_index_list *rp;
8035ded4 325 struct hci_dev *d;
a38528f1 326 size_t rp_len;
faba42eb 327 u16 count;
476e44cb 328 int err;
faba42eb
JH		 329
330 BT_DBG("sock %p", sk);
331
332 read_lock(&hci_dev_list_lock);
333
334 count = 0;
bb4b2a9a
AE		 335 list_for_each_entry(d, &hci_dev_list, list) {
336 if (!mgmt_valid_hdev(d))
337 continue;
338
faba42eb
JH		 339 count++;
340 }
341
a38528f1
JH		 342 rp_len = sizeof(*rp) + (2 * count);
343 rp = kmalloc(rp_len, GFP_ATOMIC);
344 if (!rp) {
b2c60d42 345 read_unlock(&hci_dev_list_lock);
faba42eb 346 return -ENOMEM;
b2c60d42 347 }
faba42eb 348
476e44cb 349 count = 0;
8035ded4 350 list_for_each_entry(d, &hci_dev_list, list) {
a8b2d5c2 351 if (test_bit(HCI_SETUP, &d->dev_flags))
ab81cbf9
JH		 352 continue;
353
bb4b2a9a
AE		 354 if (!mgmt_valid_hdev(d))
355 continue;
356
476e44cb 357 rp->index[count++] = cpu_to_le16(d->id);
faba42eb
JH		 358 BT_DBG("Added hci%u", d->id);
359 }
360
476e44cb
JH		 361 rp->num_controllers = cpu_to_le16(count);
362 rp_len = sizeof(*rp) + (2 * count);
363
faba42eb
JH		 364 read_unlock(&hci_dev_list_lock);
365
aee9b218 366 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_INDEX_LIST, 0, rp,
04124681 367 rp_len);
faba42eb 368
a38528f1
JH		 369 kfree(rp);
370
371 return err;
faba42eb
JH		 372}
373
69ab39ea
JH		 374static u32 get_supported_settings(struct hci_dev *hdev)
375{
376 u32 settings = 0;
377
378 settings |= MGMT_SETTING_POWERED;
69ab39ea
JH		 379 settings |= MGMT_SETTING_PAIRABLE;
380
9a1a1996 381 if (lmp_ssp_capable(hdev))
69ab39ea
JH		 382 settings |= MGMT_SETTING_SSP;
383
ed3fa31f 384 if (lmp_bredr_capable(hdev)) {
33c525c0 385 settings |= MGMT_SETTING_CONNECTABLE;
1a47aee8
JH		 386 if (hdev->hci_ver >= BLUETOOTH_VER_1_2)
387 settings |= MGMT_SETTING_FAST_CONNECTABLE;
33c525c0 388 settings |= MGMT_SETTING_DISCOVERABLE;
69ab39ea
JH		 389 settings |= MGMT_SETTING_BREDR;
390 settings |= MGMT_SETTING_LINK_SECURITY;
391 }
392
d7b7e796
MH		 393 if (enable_hs)
394 settings |= MGMT_SETTING_HS;
395
c383ddc4 396 if (lmp_le_capable(hdev))
9d42820f 397 settings |= MGMT_SETTING_LE;
69ab39ea
JH		 398
399 return settings;
400}
401
402static u32 get_current_settings(struct hci_dev *hdev)
403{
404 u32 settings = 0;
405
f1f0eb02 406 if (hdev_is_powered(hdev))
f0d4b78a
MH		 407 settings |= MGMT_SETTING_POWERED;
408
5e5282bb 409 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
69ab39ea
JH		 410 settings |= MGMT_SETTING_CONNECTABLE;
411
1a4d3c4b
JH		 412 if (test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags))
413 settings |= MGMT_SETTING_FAST_CONNECTABLE;
414
5e5282bb 415 if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
69ab39ea
JH		 416 settings |= MGMT_SETTING_DISCOVERABLE;
417
a8b2d5c2 418 if (test_bit(HCI_PAIRABLE, &hdev->dev_flags))
69ab39ea
JH		 419 settings |= MGMT_SETTING_PAIRABLE;
420
ed3fa31f 421 if (lmp_bredr_capable(hdev))
69ab39ea
JH		 422 settings |= MGMT_SETTING_BREDR;
423
06199cf8 424 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
69ab39ea
JH		 425 settings |= MGMT_SETTING_LE;
426
47990ea0 427 if (test_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
69ab39ea
JH		 428 settings |= MGMT_SETTING_LINK_SECURITY;
429
84bde9d6 430 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
69ab39ea
JH		 431 settings |= MGMT_SETTING_SSP;
432
6d80dfd0
JH		 433 if (test_bit(HCI_HS_ENABLED, &hdev->dev_flags))
434 settings |= MGMT_SETTING_HS;
435
69ab39ea
JH		 436 return settings;
437}
438
ef580372
JH		 439#define PNP_INFO_SVCLASS_ID 0x1200
440
213202ed
JH		 441static u8 *create_uuid16_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
442{
443 u8 *ptr = data, *uuids_start = NULL;
444 struct bt_uuid *uuid;
445
446 if (len < 4)
447 return ptr;
448
449 list_for_each_entry(uuid, &hdev->uuids, list) {
450 u16 uuid16;
451
452 if (uuid->size != 16)
453 continue;
454
455 uuid16 = get_unaligned_le16(&uuid->uuid[12]);
456 if (uuid16 < 0x1100)
457 continue;
458
459 if (uuid16 == PNP_INFO_SVCLASS_ID)
460 continue;
461
462 if (!uuids_start) {
463 uuids_start = ptr;
464 uuids_start[0] = 1;
465 uuids_start[1] = EIR_UUID16_ALL;
466 ptr += 2;
467 }
468
469 /* Stop if not enough space to put next UUID */
470 if ((ptr - data) + sizeof(u16) > len) {
471 uuids_start[1] = EIR_UUID16_SOME;
472 break;
473 }
474
475 *ptr++ = (uuid16 & 0x00ff);
476 *ptr++ = (uuid16 & 0xff00) >> 8;
477 uuids_start[0] += sizeof(uuid16);
478 }
479
480 return ptr;
481}
482
cdf1963f
JH		 483static u8 *create_uuid32_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
484{
485 u8 *ptr = data, *uuids_start = NULL;
486 struct bt_uuid *uuid;
487
488 if (len < 6)
489 return ptr;
490
491 list_for_each_entry(uuid, &hdev->uuids, list) {
492 if (uuid->size != 32)
493 continue;
494
495 if (!uuids_start) {
496 uuids_start = ptr;
497 uuids_start[0] = 1;
498 uuids_start[1] = EIR_UUID32_ALL;
499 ptr += 2;
500 }
501
502 /* Stop if not enough space to put next UUID */
503 if ((ptr - data) + sizeof(u32) > len) {
504 uuids_start[1] = EIR_UUID32_SOME;
505 break;
506 }
507
508 memcpy(ptr, &uuid->uuid[12], sizeof(u32));
509 ptr += sizeof(u32);
510 uuids_start[0] += sizeof(u32);
511 }
512
513 return ptr;
514}
515
c00d575b
JH		 516static u8 *create_uuid128_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
517{
518 u8 *ptr = data, *uuids_start = NULL;
519 struct bt_uuid *uuid;
520
521 if (len < 18)
522 return ptr;
523
524 list_for_each_entry(uuid, &hdev->uuids, list) {
525 if (uuid->size != 128)
526 continue;
527
528 if (!uuids_start) {
529 uuids_start = ptr;
530 uuids_start[0] = 1;
531 uuids_start[1] = EIR_UUID128_ALL;
532 ptr += 2;
533 }
534
535 /* Stop if not enough space to put next UUID */
536 if ((ptr - data) + 16 > len) {
537 uuids_start[1] = EIR_UUID128_SOME;
538 break;
539 }
540
541 memcpy(ptr, uuid->uuid, 16);
542 ptr += 16;
543 uuids_start[0] += 16;
544 }
545
546 return ptr;
547}
548
ef580372
JH		 549static void create_eir(struct hci_dev *hdev, u8 *data)
550{
551 u8 *ptr = data;
ef580372
JH		 552 size_t name_len;
553
554 name_len = strlen(hdev->dev_name);
555
556 if (name_len > 0) {
557 /* EIR Data type */
558 if (name_len > 48) {
559 name_len = 48;
560 ptr[1] = EIR_NAME_SHORT;
561 } else
562 ptr[1] = EIR_NAME_COMPLETE;
563
564 /* EIR Data length */
565 ptr[0] = name_len + 1;
566
567 memcpy(ptr + 2, hdev->dev_name, name_len);
568
ef580372
JH		 569 ptr += (name_len + 2);
570 }
571
bbaf444a 572 if (hdev->inq_tx_power != HCI_TX_POWER_INVALID) {
91c4e9b1
MH		 573 ptr[0] = 2;
574 ptr[1] = EIR_TX_POWER;
575 ptr[2] = (u8) hdev->inq_tx_power;
576
91c4e9b1
MH		 577 ptr += 3;
578 }
579
2b9be137
MH		 580 if (hdev->devid_source > 0) {
581 ptr[0] = 9;
582 ptr[1] = EIR_DEVICE_ID;
583
584 put_unaligned_le16(hdev->devid_source, ptr + 2);
585 put_unaligned_le16(hdev->devid_vendor, ptr + 4);
586 put_unaligned_le16(hdev->devid_product, ptr + 6);
587 put_unaligned_le16(hdev->devid_version, ptr + 8);
588
2b9be137
MH		 589 ptr += 10;
590 }
591
213202ed 592 ptr = create_uuid16_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
cdf1963f 593 ptr = create_uuid32_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
c00d575b 594 ptr = create_uuid128_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
ef580372
JH		 595}
596
890ea898 597static void update_eir(struct hci_request *req)
ef580372 598{
890ea898 599 struct hci_dev *hdev = req->hdev;
ef580372
JH		 600 struct hci_cp_write_eir cp;
601
504c8dcd 602 if (!hdev_is_powered(hdev))
890ea898 603 return;
7770c4aa 604
976eb20e 605 if (!lmp_ext_inq_capable(hdev))
890ea898 606 return;
ef580372 607
84bde9d6 608 if (!test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
890ea898 609 return;
ef580372 610
a8b2d5c2 611 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
890ea898 612 return;
ef580372
JH		 613
614 memset(&cp, 0, sizeof(cp));
615
616 create_eir(hdev, cp.data);
617
618 if (memcmp(cp.data, hdev->eir, sizeof(cp.data)) == 0)
890ea898 619 return;
ef580372
JH		 620
621 memcpy(hdev->eir, cp.data, sizeof(cp.data));
622
890ea898 623 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
ef580372
JH		 624}
625
626static u8 get_service_classes(struct hci_dev *hdev)
627{
628 struct bt_uuid *uuid;
629 u8 val = 0;
630
631 list_for_each_entry(uuid, &hdev->uuids, list)
632 val |= uuid->svc_hint;
633
634 return val;
635}
636
890ea898 637static void update_class(struct hci_request *req)
ef580372 638{
890ea898 639 struct hci_dev *hdev = req->hdev;
ef580372
JH		 640 u8 cod[3];
641
642 BT_DBG("%s", hdev->name);
643
504c8dcd 644 if (!hdev_is_powered(hdev))
890ea898 645 return;
7770c4aa 646
a8b2d5c2 647 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
890ea898 648 return;
ef580372
JH		 649
650 cod[0] = hdev->minor_class;
651 cod[1] = hdev->major_class;
652 cod[2] = get_service_classes(hdev);
653
654 if (memcmp(cod, hdev->dev_class, 3) == 0)
890ea898 655 return;
ef580372 656
890ea898 657 hci_req_add(req, HCI_OP_WRITE_CLASS_OF_DEV, sizeof(cod), cod);
ef580372
JH		 658}
659
7d78525d
JH		 660static void service_cache_off(struct work_struct *work)
661{
662 struct hci_dev *hdev = container_of(work, struct hci_dev,
04124681 663 service_cache.work);
890ea898 664 struct hci_request req;
7d78525d 665
a8b2d5c2 666 if (!test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
7d78525d
JH		 667 return;
668
890ea898
JH		 669 hci_req_init(&req, hdev);
670
7d78525d
JH		 671 hci_dev_lock(hdev);
672
890ea898
JH		 673 update_eir(&req);
674 update_class(&req);
7d78525d
JH		 675
676 hci_dev_unlock(hdev);
890ea898
JH		 677
678 hci_req_run(&req, NULL);
7d78525d
JH		 679}
680
6a919082 681static void mgmt_init_hdev(struct sock *sk, struct hci_dev *hdev)
7d78525d 682{
4f87da80 683 if (test_and_set_bit(HCI_MGMT, &hdev->dev_flags))
6a919082
JH		 684 return;
685
4f87da80 686 INIT_DELAYED_WORK(&hdev->service_cache, service_cache_off);
7d78525d 687
4f87da80
JH		 688 /* Non-mgmt controlled devices get this bit set
689 * implicitly so that pairing works for them, however
690 * for mgmt we require user-space to explicitly enable
691 * it
692 */
693 clear_bit(HCI_PAIRABLE, &hdev->dev_flags);
7d78525d
JH		 694}
695
0f4e68cf 696static int read_controller_info(struct sock *sk, struct hci_dev *hdev,
04124681 697 void *data, u16 data_len)
0381101f 698{
a38528f1 699 struct mgmt_rp_read_info rp;
f7b64e69 700
bdb6d971 701 BT_DBG("sock %p %s", sk, hdev->name);
f7b64e69 702
09fd0de5 703 hci_dev_lock(hdev);
f7b64e69 704
dc4fe30b
JH		 705 memset(&rp, 0, sizeof(rp));
706
69ab39ea 707 bacpy(&rp.bdaddr, &hdev->bdaddr);
f7b64e69 708
69ab39ea 709 rp.version = hdev->hci_ver;
eb55ef07 710 rp.manufacturer = cpu_to_le16(hdev->manufacturer);
69ab39ea
JH		 711
712 rp.supported_settings = cpu_to_le32(get_supported_settings(hdev));
713 rp.current_settings = cpu_to_le32(get_current_settings(hdev));
f7b64e69 714
a38528f1 715 memcpy(rp.dev_class, hdev->dev_class, 3);
f7b64e69 716
dc4fe30b 717 memcpy(rp.name, hdev->dev_name, sizeof(hdev->dev_name));
27fcc362 718 memcpy(rp.short_name, hdev->short_name, sizeof(hdev->short_name));
dc4fe30b 719
09fd0de5 720 hci_dev_unlock(hdev);
0381101f 721
bdb6d971 722 return cmd_complete(sk, hdev->id, MGMT_OP_READ_INFO, 0, &rp,
04124681 723 sizeof(rp));
0381101f
JH		 724}
725
eec8d2bc
JH		 726static void mgmt_pending_free(struct pending_cmd *cmd)
727{
728 sock_put(cmd->sk);
c68fb7ff 729 kfree(cmd->param);
eec8d2bc
JH		 730 kfree(cmd);
731}
732
366a0336 733static struct pending_cmd *mgmt_pending_add(struct sock *sk, u16 opcode,
04124681
GP		 734 struct hci_dev *hdev, void *data,
735 u16 len)
eec8d2bc
JH		 736{
737 struct pending_cmd *cmd;
738
12b94565 739 cmd = kmalloc(sizeof(*cmd), GFP_KERNEL);
eec8d2bc 740 if (!cmd)
366a0336 741 return NULL;
eec8d2bc
JH		 742
743 cmd->opcode = opcode;
2e58ef3e 744 cmd->index = hdev->id;
eec8d2bc 745
12b94565 746 cmd->param = kmalloc(len, GFP_KERNEL);
c68fb7ff 747 if (!cmd->param) {
eec8d2bc 748 kfree(cmd);
366a0336 749 return NULL;
eec8d2bc
JH		 750 }
751
8fce6357
SJ		 752 if (data)
753 memcpy(cmd->param, data, len);
eec8d2bc
JH		 754
755 cmd->sk = sk;
756 sock_hold(sk);
757
2e58ef3e 758 list_add(&cmd->list, &hdev->mgmt_pending);
eec8d2bc 759
366a0336 760 return cmd;
eec8d2bc
JH		 761}
762
744cf19e 763static void mgmt_pending_foreach(u16 opcode, struct hci_dev *hdev,
8fc9ced3
GP		 764 void (*cb)(struct pending_cmd *cmd,
765 void *data),
04124681 766 void *data)
eec8d2bc 767{
a3d09356 768 struct pending_cmd *cmd, *tmp;
eec8d2bc 769
a3d09356 770 list_for_each_entry_safe(cmd, tmp, &hdev->mgmt_pending, list) {
b24752fe 771 if (opcode > 0 && cmd->opcode != opcode)
eec8d2bc
JH		 772 continue;
773
eec8d2bc
JH		 774 cb(cmd, data);
775 }
776}
777
2e58ef3e 778static struct pending_cmd *mgmt_pending_find(u16 opcode, struct hci_dev *hdev)
eec8d2bc 779{
8035ded4 780 struct pending_cmd *cmd;
eec8d2bc 781
2e58ef3e 782 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
2aeabcbe
JH		 783 if (cmd->opcode == opcode)
784 return cmd;
eec8d2bc
JH		 785 }
786
787 return NULL;
788}
789
a664b5bc 790static void mgmt_pending_remove(struct pending_cmd *cmd)
73f22f62 791{
73f22f62
JH		 792 list_del(&cmd->list);
793 mgmt_pending_free(cmd);
794}
795
69ab39ea 796static int send_settings_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
8680570b 797{
69ab39ea 798 __le32 settings = cpu_to_le32(get_current_settings(hdev));
8680570b 799
aee9b218 800 return cmd_complete(sk, hdev->id, opcode, 0, &settings,
04124681 801 sizeof(settings));
8680570b
JH		 802}
803
bdb6d971 804static int set_powered(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 805 u16 len)
eec8d2bc 806{
650f726d 807 struct mgmt_mode *cp = data;
366a0336 808 struct pending_cmd *cmd;
4b34ee78 809 int err;
eec8d2bc 810
bdb6d971 811 BT_DBG("request for %s", hdev->name);
eec8d2bc 812
a7e80f25
JH		 813 if (cp->val != 0x00 && cp->val != 0x01)
814 return cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
815 MGMT_STATUS_INVALID_PARAMS);
816
09fd0de5 817 hci_dev_lock(hdev);
eec8d2bc 818
f0d4b78a
MH		 819 if (test_and_clear_bit(HCI_AUTO_OFF, &hdev->dev_flags)) {
820 cancel_delayed_work(&hdev->power_off);
821
822 if (cp->val) {
a1d70450
JH		 823 mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev,
824 data, len);
825 err = mgmt_powered(hdev, 1);
f0d4b78a
MH		 826 goto failed;
827 }
828 }
829
4b34ee78 830 if (!!cp->val == hdev_is_powered(hdev)) {
69ab39ea 831 err = send_settings_rsp(sk, MGMT_OP_SET_POWERED, hdev);
eec8d2bc
JH		 832 goto failed;
833 }
834
2e58ef3e 835 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev)) {
bdb6d971 836 err = cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
04124681 837 MGMT_STATUS_BUSY);
eec8d2bc
JH		 838 goto failed;
839 }
840
2e58ef3e 841 cmd = mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev, data, len);
366a0336
JH		 842 if (!cmd) {
843 err = -ENOMEM;
eec8d2bc 844 goto failed;
366a0336 845 }
eec8d2bc 846
72a734ec 847 if (cp->val)
19202573 848 queue_work(hdev->req_workqueue, &hdev->power_on);
eec8d2bc 849 else
19202573 850 queue_work(hdev->req_workqueue, &hdev->power_off.work);
eec8d2bc 851
366a0336 852 err = 0;
eec8d2bc
JH		 853
854failed:
09fd0de5 855 hci_dev_unlock(hdev);
366a0336 856 return err;
eec8d2bc
JH		 857}
858
04124681
GP		 859static int mgmt_event(u16 event, struct hci_dev *hdev, void *data, u16 data_len,
860 struct sock *skip_sk)
beadb2bd
JH		 861{
862 struct sk_buff *skb;
863 struct mgmt_hdr *hdr;
864
790eff44 865 skb = alloc_skb(sizeof(*hdr) + data_len, GFP_KERNEL);
beadb2bd
JH		 866 if (!skb)
867 return -ENOMEM;
868
869 hdr = (void *) skb_put(skb, sizeof(*hdr));
870 hdr->opcode = cpu_to_le16(event);
871 if (hdev)
872 hdr->index = cpu_to_le16(hdev->id);
873 else
612dfce9 874 hdr->index = __constant_cpu_to_le16(MGMT_INDEX_NONE);
beadb2bd
JH		 875 hdr->len = cpu_to_le16(data_len);
876
877 if (data)
878 memcpy(skb_put(skb, data_len), data, data_len);
879
97e0bdeb
MH		 880 /* Time stamp */
881 __net_timestamp(skb);
882
beadb2bd
JH		 883 hci_send_to_control(skb, skip_sk);
884 kfree_skb(skb);
885
886 return 0;
887}
888
889static int new_settings(struct hci_dev *hdev, struct sock *skip)
890{
891 __le32 ev;
892
893 ev = cpu_to_le32(get_current_settings(hdev));
894
895 return mgmt_event(MGMT_EV_NEW_SETTINGS, hdev, &ev, sizeof(ev), skip);
896}
897
bdb6d971 898static int set_discoverable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 899 u16 len)
73f22f62 900{
650f726d 901 struct mgmt_cp_set_discoverable *cp = data;
366a0336 902 struct pending_cmd *cmd;
5e5282bb 903 u16 timeout;
73f22f62
JH		 904 u8 scan;
905 int err;
906
bdb6d971 907 BT_DBG("request for %s", hdev->name);
73f22f62 908
33c525c0
JH		 909 if (!lmp_bredr_capable(hdev))
910 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
911 MGMT_STATUS_NOT_SUPPORTED);
912
a7e80f25
JH		 913 if (cp->val != 0x00 && cp->val != 0x01)
914 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
915 MGMT_STATUS_INVALID_PARAMS);
916
1f350c87 917 timeout = __le16_to_cpu(cp->timeout);
24c54a90 918 if (!cp->val && timeout > 0)
bdb6d971 919 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 920 MGMT_STATUS_INVALID_PARAMS);
73f22f62 921
09fd0de5 922 hci_dev_lock(hdev);
73f22f62 923
5e5282bb 924 if (!hdev_is_powered(hdev) && timeout > 0) {
bdb6d971 925 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 926 MGMT_STATUS_NOT_POWERED);
73f22f62
JH		 927 goto failed;
928 }
929
2e58ef3e 930 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
8ce8e2b5 931 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
bdb6d971 932 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 933 MGMT_STATUS_BUSY);
73f22f62
JH		 934 goto failed;
935 }
936
5e5282bb 937 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags)) {
bdb6d971 938 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 939 MGMT_STATUS_REJECTED);
5e5282bb
JH		 940 goto failed;
941 }
942
943 if (!hdev_is_powered(hdev)) {
0224d2fa
JH		 944 bool changed = false;
945
946 if (!!cp->val != test_bit(HCI_DISCOVERABLE, &hdev->dev_flags)) {
947 change_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
948 changed = true;
949 }
950
5e5282bb 951 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
0224d2fa
JH		 952 if (err < 0)
953 goto failed;
954
955 if (changed)
956 err = new_settings(hdev, sk);
957
5e5282bb
JH		 958 goto failed;
959 }
960
961 if (!!cp->val == test_bit(HCI_DISCOVERABLE, &hdev->dev_flags)) {
955638ec
MH		 962 if (hdev->discov_timeout > 0) {
963 cancel_delayed_work(&hdev->discov_off);
964 hdev->discov_timeout = 0;
965 }
966
967 if (cp->val && timeout > 0) {
968 hdev->discov_timeout = timeout;
969 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
970 msecs_to_jiffies(hdev->discov_timeout * 1000));
971 }
972
69ab39ea 973 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
73f22f62
JH		 974 goto failed;
975 }
976
2e58ef3e 977 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DISCOVERABLE, hdev, data, len);
366a0336
JH		 978 if (!cmd) {
979 err = -ENOMEM;
73f22f62 980 goto failed;
366a0336 981 }
73f22f62
JH		 982
983 scan = SCAN_PAGE;
984
72a734ec 985 if (cp->val)
73f22f62 986 scan |= SCAN_INQUIRY;
16ab91ab 987 else
e0f9309f 988 cancel_delayed_work(&hdev->discov_off);
73f22f62
JH		 989
990 err = hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
991 if (err < 0)
a664b5bc 992 mgmt_pending_remove(cmd);
73f22f62 993
16ab91ab 994 if (cp->val)
5e5282bb 995 hdev->discov_timeout = timeout;
16ab91ab 996
73f22f62 997failed:
09fd0de5 998 hci_dev_unlock(hdev);
73f22f62
JH		 999 return err;
1000}
1001
406d7804
JH		 1002static void write_fast_connectable(struct hci_request *req, bool enable)
1003{
bd98b996 1004 struct hci_dev *hdev = req->hdev;
406d7804
JH		 1005 struct hci_cp_write_page_scan_activity acp;
1006 u8 type;
1007
4c01f8b8
JH		 1008 if (hdev->hci_ver < BLUETOOTH_VER_1_2)
1009 return;
1010
406d7804
JH		 1011 if (enable) {
1012 type = PAGE_SCAN_TYPE_INTERLACED;
1013
1014 /* 160 msec page scan interval */
1015 acp.interval = __constant_cpu_to_le16(0x0100);
1016 } else {
1017 type = PAGE_SCAN_TYPE_STANDARD; /* default */
1018
1019 /* default 1.28 sec page scan */
1020 acp.interval = __constant_cpu_to_le16(0x0800);
1021 }
1022
1023 acp.window = __constant_cpu_to_le16(0x0012);
1024
bd98b996
JH		 1025 if (__cpu_to_le16(hdev->page_scan_interval) != acp.interval ||
1026 __cpu_to_le16(hdev->page_scan_window) != acp.window)
1027 hci_req_add(req, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY,
1028 sizeof(acp), &acp);
1029
1030 if (hdev->page_scan_type != type)
1031 hci_req_add(req, HCI_OP_WRITE_PAGE_SCAN_TYPE, 1, &type);
406d7804
JH		 1032}
1033
2b76f453
JH		 1034static void set_connectable_complete(struct hci_dev *hdev, u8 status)
1035{
1036 struct pending_cmd *cmd;
1037
1038 BT_DBG("status 0x%02x", status);
1039
1040 hci_dev_lock(hdev);
1041
1042 cmd = mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
1043 if (!cmd)
1044 goto unlock;
1045
1046 send_settings_rsp(cmd->sk, MGMT_OP_SET_CONNECTABLE, hdev);
1047
1048 mgmt_pending_remove(cmd);
1049
1050unlock:
1051 hci_dev_unlock(hdev);
1052}
1053
bdb6d971 1054static int set_connectable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1055 u16 len)
9fbcbb45 1056{
650f726d 1057 struct mgmt_mode *cp = data;
366a0336 1058 struct pending_cmd *cmd;
2b76f453 1059 struct hci_request req;
9fbcbb45
JH		 1060 u8 scan;
1061 int err;
1062
bdb6d971 1063 BT_DBG("request for %s", hdev->name);
9fbcbb45 1064
33c525c0
JH		 1065 if (!lmp_bredr_capable(hdev))
1066 return cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1067 MGMT_STATUS_NOT_SUPPORTED);
1068
a7e80f25
JH		 1069 if (cp->val != 0x00 && cp->val != 0x01)
1070 return cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1071 MGMT_STATUS_INVALID_PARAMS);
1072
09fd0de5 1073 hci_dev_lock(hdev);
9fbcbb45 1074
4b34ee78 1075 if (!hdev_is_powered(hdev)) {
0224d2fa
JH		 1076 bool changed = false;
1077
1078 if (!!cp->val != test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
1079 changed = true;
1080
6bf0e469 1081 if (cp->val) {
5e5282bb 1082 set_bit(HCI_CONNECTABLE, &hdev->dev_flags);
6bf0e469 1083 } else {
5e5282bb
JH		 1084 clear_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1085 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
1086 }
0224d2fa 1087
5e5282bb 1088 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
0224d2fa
JH		 1089 if (err < 0)
1090 goto failed;
1091
1092 if (changed)
1093 err = new_settings(hdev, sk);
1094
9fbcbb45
JH		 1095 goto failed;
1096 }
1097
2e58ef3e 1098 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
8ce8e2b5 1099 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
bdb6d971 1100 err = cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
04124681 1101 MGMT_STATUS_BUSY);
9fbcbb45
JH		 1102 goto failed;
1103 }
1104
5e5282bb 1105 if (!!cp->val == test_bit(HCI_PSCAN, &hdev->flags)) {
69ab39ea 1106 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
9fbcbb45
JH		 1107 goto failed;
1108 }
1109
2e58ef3e 1110 cmd = mgmt_pending_add(sk, MGMT_OP_SET_CONNECTABLE, hdev, data, len);
366a0336
JH		 1111 if (!cmd) {
1112 err = -ENOMEM;
9fbcbb45 1113 goto failed;
366a0336 1114 }
9fbcbb45 1115
6bf0e469 1116 if (cp->val) {
9fbcbb45 1117 scan = SCAN_PAGE;
6bf0e469 1118 } else {
9fbcbb45
JH		 1119 scan = 0;
1120
df2c6c5e 1121 if (test_bit(HCI_ISCAN, &hdev->flags) &&
8ce8e2b5 1122 hdev->discov_timeout > 0)
df2c6c5e
JH		 1123 cancel_delayed_work(&hdev->discov_off);
1124 }
1125
2b76f453
JH		 1126 hci_req_init(&req, hdev);
1127
1128 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1129
4c01f8b8
JH		 1130 /* If we're going from non-connectable to connectable or
1131 * vice-versa when fast connectable is enabled ensure that fast
1132 * connectable gets disabled. write_fast_connectable won't do
1133 * anything if the page scan parameters are already what they
1134 * should be.
1135 */
1136 if (cp->val || test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags))
e36a3769
JH		 1137 write_fast_connectable(&req, false);
1138
2b76f453 1139 err = hci_req_run(&req, set_connectable_complete);
9fbcbb45 1140 if (err < 0)
a664b5bc 1141 mgmt_pending_remove(cmd);
9fbcbb45
JH		 1142
1143failed:
09fd0de5 1144 hci_dev_unlock(hdev);
9fbcbb45
JH		 1145 return err;
1146}
1147
bdb6d971 1148static int set_pairable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1149 u16 len)
c542a06c 1150{
650f726d 1151 struct mgmt_mode *cp = data;
c542a06c
JH		 1152 int err;
1153
bdb6d971 1154 BT_DBG("request for %s", hdev->name);
c542a06c 1155
a7e80f25
JH		 1156 if (cp->val != 0x00 && cp->val != 0x01)
1157 return cmd_status(sk, hdev->id, MGMT_OP_SET_PAIRABLE,
1158 MGMT_STATUS_INVALID_PARAMS);
1159
09fd0de5 1160 hci_dev_lock(hdev);
c542a06c
JH		 1161
1162 if (cp->val)
a8b2d5c2 1163 set_bit(HCI_PAIRABLE, &hdev->dev_flags);
c542a06c 1164 else
a8b2d5c2 1165 clear_bit(HCI_PAIRABLE, &hdev->dev_flags);
c542a06c 1166
69ab39ea 1167 err = send_settings_rsp(sk, MGMT_OP_SET_PAIRABLE, hdev);
c542a06c
JH		 1168 if (err < 0)
1169 goto failed;
1170
beadb2bd 1171 err = new_settings(hdev, sk);
c542a06c
JH		 1172
1173failed:
09fd0de5 1174 hci_dev_unlock(hdev);
c542a06c
JH		 1175 return err;
1176}
1177
04124681
GP		 1178static int set_link_security(struct sock *sk, struct hci_dev *hdev, void *data,
1179 u16 len)
33ef95ed
JH		 1180{
1181 struct mgmt_mode *cp = data;
1182 struct pending_cmd *cmd;
816a11d5 1183 u8 val;
33ef95ed
JH		 1184 int err;
1185
bdb6d971 1186 BT_DBG("request for %s", hdev->name);
33ef95ed 1187
33c525c0
JH		 1188 if (!lmp_bredr_capable(hdev))
1189 return cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1190 MGMT_STATUS_NOT_SUPPORTED);
1191
a7e80f25
JH		 1192 if (cp->val != 0x00 && cp->val != 0x01)
1193 return cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1194 MGMT_STATUS_INVALID_PARAMS);
1195
33ef95ed
JH		 1196 hci_dev_lock(hdev);
1197
4b34ee78 1198 if (!hdev_is_powered(hdev)) {
47990ea0
JH		 1199 bool changed = false;
1200
1201 if (!!cp->val != test_bit(HCI_LINK_SECURITY,
8ce8e2b5 1202 &hdev->dev_flags)) {
47990ea0
JH		 1203 change_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
1204 changed = true;
1205 }
1206
1207 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1208 if (err < 0)
1209 goto failed;
1210
1211 if (changed)
1212 err = new_settings(hdev, sk);
1213
33ef95ed
JH		 1214 goto failed;
1215 }
1216
1217 if (mgmt_pending_find(MGMT_OP_SET_LINK_SECURITY, hdev)) {
bdb6d971 1218 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
04124681 1219 MGMT_STATUS_BUSY);
33ef95ed
JH		 1220 goto failed;
1221 }
1222
1223 val = !!cp->val;
1224
1225 if (test_bit(HCI_AUTH, &hdev->flags) == val) {
1226 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1227 goto failed;
1228 }
1229
1230 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LINK_SECURITY, hdev, data, len);
1231 if (!cmd) {
1232 err = -ENOMEM;
1233 goto failed;
1234 }
1235
1236 err = hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE, sizeof(val), &val);
1237 if (err < 0) {
1238 mgmt_pending_remove(cmd);
1239 goto failed;
1240 }
1241
1242failed:
1243 hci_dev_unlock(hdev);
33ef95ed
JH		 1244 return err;
1245}
1246
bdb6d971 1247static int set_ssp(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
ed2c4ee3
JH		 1248{
1249 struct mgmt_mode *cp = data;
1250 struct pending_cmd *cmd;
816a11d5 1251 u8 val;
ed2c4ee3
JH		 1252 int err;
1253
bdb6d971 1254 BT_DBG("request for %s", hdev->name);
ed2c4ee3 1255
13ecd8b6
JH		 1256 if (!lmp_ssp_capable(hdev))
1257 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1258 MGMT_STATUS_NOT_SUPPORTED);
ed2c4ee3 1259
a7e80f25
JH		 1260 if (cp->val != 0x00 && cp->val != 0x01)
1261 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1262 MGMT_STATUS_INVALID_PARAMS);
1263
13ecd8b6 1264 hci_dev_lock(hdev);
6c8f12c1 1265
c0ecddc2
JH		 1266 val = !!cp->val;
1267
4b34ee78 1268 if (!hdev_is_powered(hdev)) {
c0ecddc2
JH		 1269 bool changed = false;
1270
1271 if (val != test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) {
1272 change_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
1273 changed = true;
1274 }
1275
1276 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1277 if (err < 0)
1278 goto failed;
1279
1280 if (changed)
1281 err = new_settings(hdev, sk);
1282
ed2c4ee3
JH		 1283 goto failed;
1284 }
1285
1286 if (mgmt_pending_find(MGMT_OP_SET_SSP, hdev)) {
d97dcb66
SJ		 1287 err = cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1288 MGMT_STATUS_BUSY);
ed2c4ee3
JH		 1289 goto failed;
1290 }
1291
ed2c4ee3
JH		 1292 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags) == val) {
1293 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1294 goto failed;
1295 }
1296
1297 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SSP, hdev, data, len);
1298 if (!cmd) {
1299 err = -ENOMEM;
1300 goto failed;
1301 }
1302
1303 err = hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, sizeof(val), &val);
1304 if (err < 0) {
1305 mgmt_pending_remove(cmd);
1306 goto failed;
1307 }
1308
1309failed:
1310 hci_dev_unlock(hdev);
ed2c4ee3
JH		 1311 return err;
1312}
1313
bdb6d971 1314static int set_hs(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
6d80dfd0
JH		 1315{
1316 struct mgmt_mode *cp = data;
6d80dfd0 1317
bdb6d971 1318 BT_DBG("request for %s", hdev->name);
6d80dfd0 1319
bdb6d971
JH		 1320 if (!enable_hs)
1321 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
04124681 1322 MGMT_STATUS_NOT_SUPPORTED);
6d80dfd0 1323
a7e80f25
JH		 1324 if (cp->val != 0x00 && cp->val != 0x01)
1325 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1326 MGMT_STATUS_INVALID_PARAMS);
1327
6d80dfd0
JH		 1328 if (cp->val)
1329 set_bit(HCI_HS_ENABLED, &hdev->dev_flags);
1330 else
1331 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
1332
bdb6d971 1333 return send_settings_rsp(sk, MGMT_OP_SET_HS, hdev);
6d80dfd0
JH		 1334}
1335
bdb6d971 1336static int set_le(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
06199cf8
JH		 1337{
1338 struct mgmt_mode *cp = data;
1339 struct hci_cp_write_le_host_supported hci_cp;
1340 struct pending_cmd *cmd;
06199cf8 1341 int err;
0b60eba1 1342 u8 val, enabled;
06199cf8 1343
bdb6d971 1344 BT_DBG("request for %s", hdev->name);
06199cf8 1345
13ecd8b6
JH		 1346 if (!lmp_le_capable(hdev))
1347 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1348 MGMT_STATUS_NOT_SUPPORTED);
1de028ce 1349
a7e80f25
JH		 1350 if (cp->val != 0x00 && cp->val != 0x01)
1351 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1352 MGMT_STATUS_INVALID_PARAMS);
1353
c73eee91
JH		 1354 /* LE-only devices do not allow toggling LE on/off */
1355 if (!lmp_bredr_capable(hdev))
1356 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1357 MGMT_STATUS_REJECTED);
1358
13ecd8b6 1359 hci_dev_lock(hdev);
06199cf8
JH		 1360
1361 val = !!cp->val;
ffa88e02 1362 enabled = lmp_host_le_capable(hdev);
06199cf8 1363
0b60eba1 1364 if (!hdev_is_powered(hdev) || val == enabled) {
06199cf8
JH		 1365 bool changed = false;
1366
1367 if (val != test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
1368 change_bit(HCI_LE_ENABLED, &hdev->dev_flags);
1369 changed = true;
1370 }
1371
1372 err = send_settings_rsp(sk, MGMT_OP_SET_LE, hdev);
1373 if (err < 0)
1de028ce 1374 goto unlock;
06199cf8
JH		 1375
1376 if (changed)
1377 err = new_settings(hdev, sk);
1378
1de028ce 1379 goto unlock;
06199cf8
JH		 1380 }
1381
1382 if (mgmt_pending_find(MGMT_OP_SET_LE, hdev)) {
bdb6d971 1383 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
04124681 1384 MGMT_STATUS_BUSY);
1de028ce 1385 goto unlock;
06199cf8
JH		 1386 }
1387
1388 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LE, hdev, data, len);
1389 if (!cmd) {
1390 err = -ENOMEM;
1de028ce 1391 goto unlock;
06199cf8
JH		 1392 }
1393
1394 memset(&hci_cp, 0, sizeof(hci_cp));
1395
1396 if (val) {
1397 hci_cp.le = val;
ffa88e02 1398 hci_cp.simul = lmp_le_br_capable(hdev);
06199cf8
JH		 1399 }
1400
04124681
GP		 1401 err = hci_send_cmd(hdev, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(hci_cp),
1402 &hci_cp);
0c01bc48 1403 if (err < 0)
06199cf8 1404 mgmt_pending_remove(cmd);
06199cf8 1405
1de028ce
JH		 1406unlock:
1407 hci_dev_unlock(hdev);
06199cf8
JH		 1408 return err;
1409}
1410
0cab9c80
JH		 1411/* This is a helper function to test for pending mgmt commands that can
1412 * cause CoD or EIR HCI commands. We can only allow one such pending
1413 * mgmt command at a time since otherwise we cannot easily track what
1414 * the current values are, will be, and based on that calculate if a new
1415 * HCI command needs to be sent and if yes with what value.
1416 */
1417static bool pending_eir_or_class(struct hci_dev *hdev)
1418{
1419 struct pending_cmd *cmd;
1420
1421 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
1422 switch (cmd->opcode) {
1423 case MGMT_OP_ADD_UUID:
1424 case MGMT_OP_REMOVE_UUID:
1425 case MGMT_OP_SET_DEV_CLASS:
1426 case MGMT_OP_SET_POWERED:
1427 return true;
1428 }
1429 }
1430
1431 return false;
1432}
1433
83be8eca
JH		 1434static const u8 bluetooth_base_uuid[] = {
1435 0xfb, 0x34, 0x9b, 0x5f, 0x80, 0x00, 0x00, 0x80,
1436 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1437};
1438
1439static u8 get_uuid_size(const u8 *uuid)
1440{
1441 u32 val;
1442
1443 if (memcmp(uuid, bluetooth_base_uuid, 12))
1444 return 128;
1445
1446 val = get_unaligned_le32(&uuid[12]);
1447 if (val > 0xffff)
1448 return 32;
1449
1450 return 16;
1451}
1452
92da6097
JH		 1453static void mgmt_class_complete(struct hci_dev *hdev, u16 mgmt_op, u8 status)
1454{
1455 struct pending_cmd *cmd;
1456
1457 hci_dev_lock(hdev);
1458
1459 cmd = mgmt_pending_find(mgmt_op, hdev);
1460 if (!cmd)
1461 goto unlock;
1462
1463 cmd_complete(cmd->sk, cmd->index, cmd->opcode, mgmt_status(status),
1464 hdev->dev_class, 3);
1465
1466 mgmt_pending_remove(cmd);
1467
1468unlock:
1469 hci_dev_unlock(hdev);
1470}
1471
1472static void add_uuid_complete(struct hci_dev *hdev, u8 status)
1473{
1474 BT_DBG("status 0x%02x", status);
1475
1476 mgmt_class_complete(hdev, MGMT_OP_ADD_UUID, status);
1477}
1478
bdb6d971 1479static int add_uuid(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
2aeb9a1a 1480{
650f726d 1481 struct mgmt_cp_add_uuid *cp = data;
90e70454 1482 struct pending_cmd *cmd;
890ea898 1483 struct hci_request req;
2aeb9a1a 1484 struct bt_uuid *uuid;
2aeb9a1a
JH		 1485 int err;
1486
bdb6d971 1487 BT_DBG("request for %s", hdev->name);
2aeb9a1a 1488
09fd0de5 1489 hci_dev_lock(hdev);
2aeb9a1a 1490
0cab9c80 1491 if (pending_eir_or_class(hdev)) {
bdb6d971 1492 err = cmd_status(sk, hdev->id, MGMT_OP_ADD_UUID,
04124681 1493 MGMT_STATUS_BUSY);
c95f0ba7
JH		 1494 goto failed;
1495 }
1496
92c4c204 1497 uuid = kmalloc(sizeof(*uuid), GFP_KERNEL);
2aeb9a1a
JH		 1498 if (!uuid) {
1499 err = -ENOMEM;
1500 goto failed;
1501 }
1502
1503 memcpy(uuid->uuid, cp->uuid, 16);
1aff6f09 1504 uuid->svc_hint = cp->svc_hint;
83be8eca 1505 uuid->size = get_uuid_size(cp->uuid);
2aeb9a1a 1506
de66aa63 1507 list_add_tail(&uuid->list, &hdev->uuids);
2aeb9a1a 1508
890ea898 1509 hci_req_init(&req, hdev);
1aff6f09 1510
890ea898
JH		 1511 update_class(&req);
1512 update_eir(&req);
1513
92da6097
JH		 1514 err = hci_req_run(&req, add_uuid_complete);
1515 if (err < 0) {
1516 if (err != -ENODATA)
1517 goto failed;
80a1e1db 1518
bdb6d971 1519 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_UUID, 0,
04124681 1520 hdev->dev_class, 3);
90e70454
JH		 1521 goto failed;
1522 }
1523
1524 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_UUID, hdev, data, len);
890ea898 1525 if (!cmd) {
90e70454 1526 err = -ENOMEM;
890ea898
JH		 1527 goto failed;
1528 }
1529
1530 err = 0;
2aeb9a1a
JH		 1531
1532failed:
09fd0de5 1533 hci_dev_unlock(hdev);
2aeb9a1a
JH		 1534 return err;
1535}
1536
24b78d0f
JH		 1537static bool enable_service_cache(struct hci_dev *hdev)
1538{
1539 if (!hdev_is_powered(hdev))
1540 return false;
1541
1542 if (!test_and_set_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
46818ed5
JH		 1543 queue_delayed_work(hdev->workqueue, &hdev->service_cache,
1544 CACHE_TIMEOUT);
24b78d0f
JH		 1545 return true;
1546 }
1547
1548 return false;
1549}
1550
92da6097
JH		 1551static void remove_uuid_complete(struct hci_dev *hdev, u8 status)
1552{
1553 BT_DBG("status 0x%02x", status);
1554
1555 mgmt_class_complete(hdev, MGMT_OP_REMOVE_UUID, status);
1556}
1557
bdb6d971 1558static int remove_uuid(struct sock *sk, struct hci_dev *hdev, void *data,
8ce8e2b5 1559 u16 len)
2aeb9a1a 1560{
650f726d 1561 struct mgmt_cp_remove_uuid *cp = data;
90e70454 1562 struct pending_cmd *cmd;
056341c8 1563 struct bt_uuid *match, *tmp;
2aeb9a1a 1564 u8 bt_uuid_any[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
890ea898 1565 struct hci_request req;
2aeb9a1a
JH		 1566 int err, found;
1567
bdb6d971 1568 BT_DBG("request for %s", hdev->name);
2aeb9a1a 1569
09fd0de5 1570 hci_dev_lock(hdev);
2aeb9a1a 1571
0cab9c80 1572 if (pending_eir_or_class(hdev)) {
bdb6d971 1573 err = cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
04124681 1574 MGMT_STATUS_BUSY);
c95f0ba7
JH		 1575 goto unlock;
1576 }
1577
2aeb9a1a
JH		 1578 if (memcmp(cp->uuid, bt_uuid_any, 16) == 0) {
1579 err = hci_uuids_clear(hdev);
4004b6d9 1580
24b78d0f 1581 if (enable_service_cache(hdev)) {
bdb6d971 1582 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID,
04124681 1583 0, hdev->dev_class, 3);
24b78d0f
JH		 1584 goto unlock;
1585 }
4004b6d9 1586
9246a869 1587 goto update_class;
2aeb9a1a
JH		 1588 }
1589
1590 found = 0;
1591
056341c8 1592 list_for_each_entry_safe(match, tmp, &hdev->uuids, list) {
2aeb9a1a
JH		 1593 if (memcmp(match->uuid, cp->uuid, 16) != 0)
1594 continue;
1595
1596 list_del(&match->list);
482049f7 1597 kfree(match);
2aeb9a1a
JH		 1598 found++;
1599 }
1600
1601 if (found == 0) {
bdb6d971 1602 err = cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
04124681 1603 MGMT_STATUS_INVALID_PARAMS);
2aeb9a1a
JH		 1604 goto unlock;
1605 }
1606
9246a869 1607update_class:
890ea898 1608 hci_req_init(&req, hdev);
1aff6f09 1609
890ea898
JH		 1610 update_class(&req);
1611 update_eir(&req);
1612
92da6097
JH		 1613 err = hci_req_run(&req, remove_uuid_complete);
1614 if (err < 0) {
1615 if (err != -ENODATA)
1616 goto unlock;
80a1e1db 1617
bdb6d971 1618 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID, 0,
04124681 1619 hdev->dev_class, 3);
90e70454
JH		 1620 goto unlock;
1621 }
1622
1623 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_UUID, hdev, data, len);
890ea898 1624 if (!cmd) {
90e70454 1625 err = -ENOMEM;
890ea898
JH		 1626 goto unlock;
1627 }
1628
1629 err = 0;
2aeb9a1a
JH		 1630
1631unlock:
09fd0de5 1632 hci_dev_unlock(hdev);
2aeb9a1a
JH		 1633 return err;
1634}
1635
92da6097
JH		 1636static void set_class_complete(struct hci_dev *hdev, u8 status)
1637{
1638 BT_DBG("status 0x%02x", status);
1639
1640 mgmt_class_complete(hdev, MGMT_OP_SET_DEV_CLASS, status);
1641}
1642
bdb6d971 1643static int set_dev_class(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1644 u16 len)
1aff6f09 1645{
650f726d 1646 struct mgmt_cp_set_dev_class *cp = data;
90e70454 1647 struct pending_cmd *cmd;
890ea898 1648 struct hci_request req;
1aff6f09
JH		 1649 int err;
1650
bdb6d971 1651 BT_DBG("request for %s", hdev->name);
1aff6f09 1652
13ecd8b6
JH		 1653 if (!lmp_bredr_capable(hdev))
1654 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
1655 MGMT_STATUS_NOT_SUPPORTED);
1aff6f09 1656
0cab9c80 1657 hci_dev_lock(hdev);
ee98f473 1658
0cab9c80
JH		 1659 if (pending_eir_or_class(hdev)) {
1660 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
1661 MGMT_STATUS_BUSY);
1662 goto unlock;
1663 }
c95f0ba7 1664
0cab9c80
JH		 1665 if ((cp->minor & 0x03) != 0 || (cp->major & 0xe0) != 0) {
1666 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
1667 MGMT_STATUS_INVALID_PARAMS);
1668 goto unlock;
1669 }
575b3a02 1670
932f5ff5
JH		 1671 hdev->major_class = cp->major;
1672 hdev->minor_class = cp->minor;
1673
b5235a65 1674 if (!hdev_is_powered(hdev)) {
bdb6d971 1675 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
04124681 1676 hdev->dev_class, 3);
b5235a65
JH		 1677 goto unlock;
1678 }
1679
890ea898
JH		 1680 hci_req_init(&req, hdev);
1681
a8b2d5c2 1682 if (test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
7d78525d
JH		 1683 hci_dev_unlock(hdev);
1684 cancel_delayed_work_sync(&hdev->service_cache);
1685 hci_dev_lock(hdev);
890ea898 1686 update_eir(&req);
7d78525d 1687 }
14c0b608 1688
890ea898
JH		 1689 update_class(&req);
1690
92da6097
JH		 1691 err = hci_req_run(&req, set_class_complete);
1692 if (err < 0) {
1693 if (err != -ENODATA)
1694 goto unlock;
1aff6f09 1695
bdb6d971 1696 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
04124681 1697 hdev->dev_class, 3);
90e70454
JH		 1698 goto unlock;
1699 }
1700
1701 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DEV_CLASS, hdev, data, len);
890ea898 1702 if (!cmd) {
90e70454 1703 err = -ENOMEM;
890ea898
JH		 1704 goto unlock;
1705 }
1706
1707 err = 0;
1aff6f09 1708
b5235a65 1709unlock:
09fd0de5 1710 hci_dev_unlock(hdev);
1aff6f09
JH		 1711 return err;
1712}
1713
bdb6d971 1714static int load_link_keys(struct sock *sk, struct hci_dev *hdev, void *data,
8ce8e2b5 1715 u16 len)
55ed8ca1 1716{
650f726d 1717 struct mgmt_cp_load_link_keys *cp = data;
4e51eae9 1718 u16 key_count, expected_len;
a492cd52 1719 int i;
55ed8ca1 1720
1f350c87 1721 key_count = __le16_to_cpu(cp->key_count);
55ed8ca1 1722
86742e1e
JH		 1723 expected_len = sizeof(*cp) + key_count *
1724 sizeof(struct mgmt_link_key_info);
a492cd52 1725 if (expected_len != len) {
86742e1e 1726 BT_ERR("load_link_keys: expected %u bytes, got %u bytes",
8ce8e2b5 1727 len, expected_len);
bdb6d971 1728 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
04124681 1729 MGMT_STATUS_INVALID_PARAMS);
55ed8ca1
JH		 1730 }
1731
4ae14301
JH		 1732 if (cp->debug_keys != 0x00 && cp->debug_keys != 0x01)
1733 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
1734 MGMT_STATUS_INVALID_PARAMS);
1735
bdb6d971 1736 BT_DBG("%s debug_keys %u key_count %u", hdev->name, cp->debug_keys,
8ce8e2b5 1737 key_count);
55ed8ca1 1738
4ee71b20
JH		 1739 for (i = 0; i < key_count; i++) {
1740 struct mgmt_link_key_info *key = &cp->keys[i];
1741
1742 if (key->addr.type != BDADDR_BREDR)
1743 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
1744 MGMT_STATUS_INVALID_PARAMS);
1745 }
1746
09fd0de5 1747 hci_dev_lock(hdev);
55ed8ca1
JH		 1748
1749 hci_link_keys_clear(hdev);
1750
a8b2d5c2 1751 set_bit(HCI_LINK_KEYS, &hdev->dev_flags);
55ed8ca1
JH		 1752
1753 if (cp->debug_keys)
a8b2d5c2 1754 set_bit(HCI_DEBUG_KEYS, &hdev->dev_flags);
55ed8ca1 1755 else
a8b2d5c2 1756 clear_bit(HCI_DEBUG_KEYS, &hdev->dev_flags);
55ed8ca1 1757
a492cd52 1758 for (i = 0; i < key_count; i++) {
86742e1e 1759 struct mgmt_link_key_info *key = &cp->keys[i];
55ed8ca1 1760
d753fdc4 1761 hci_add_link_key(hdev, NULL, 0, &key->addr.bdaddr, key->val,
04124681 1762 key->type, key->pin_len);
55ed8ca1
JH		 1763 }
1764
bdb6d971 1765 cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS, 0, NULL, 0);
0e5f875a 1766
09fd0de5 1767 hci_dev_unlock(hdev);
55ed8ca1 1768
a492cd52 1769 return 0;
55ed8ca1
JH		 1770}
1771
b1078ad0 1772static int device_unpaired(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 1773 u8 addr_type, struct sock *skip_sk)
b1078ad0
JH		 1774{
1775 struct mgmt_ev_device_unpaired ev;
1776
1777 bacpy(&ev.addr.bdaddr, bdaddr);
1778 ev.addr.type = addr_type;
1779
1780 return mgmt_event(MGMT_EV_DEVICE_UNPAIRED, hdev, &ev, sizeof(ev),
04124681 1781 skip_sk);
b1078ad0
JH		 1782}
1783
bdb6d971 1784static int unpair_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1785 u16 len)
55ed8ca1 1786{
124f6e35
JH		 1787 struct mgmt_cp_unpair_device *cp = data;
1788 struct mgmt_rp_unpair_device rp;
a8a1d19e
JH		 1789 struct hci_cp_disconnect dc;
1790 struct pending_cmd *cmd;
55ed8ca1 1791 struct hci_conn *conn;
55ed8ca1
JH		 1792 int err;
1793
a8a1d19e 1794 memset(&rp, 0, sizeof(rp));
124f6e35
JH		 1795 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
1796 rp.addr.type = cp->addr.type;
a8a1d19e 1797
4ee71b20
JH		 1798 if (!bdaddr_type_is_valid(cp->addr.type))
1799 return cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
1800 MGMT_STATUS_INVALID_PARAMS,
1801 &rp, sizeof(rp));
1802
118da70b
JH		 1803 if (cp->disconnect != 0x00 && cp->disconnect != 0x01)
1804 return cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
1805 MGMT_STATUS_INVALID_PARAMS,
1806 &rp, sizeof(rp));
1807
4ee71b20
JH		 1808 hci_dev_lock(hdev);
1809
86a8cfc6 1810 if (!hdev_is_powered(hdev)) {
bdb6d971 1811 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
04124681 1812 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
86a8cfc6
JH		 1813 goto unlock;
1814 }
1815
591f47f3 1816 if (cp->addr.type == BDADDR_BREDR)
124f6e35
JH		 1817 err = hci_remove_link_key(hdev, &cp->addr.bdaddr);
1818 else
1819 err = hci_remove_ltk(hdev, &cp->addr.bdaddr);
b0dbfb46 1820
55ed8ca1 1821 if (err < 0) {
bdb6d971 1822 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
04124681 1823 MGMT_STATUS_NOT_PAIRED, &rp, sizeof(rp));
55ed8ca1
JH		 1824 goto unlock;
1825 }
1826
86a8cfc6 1827 if (cp->disconnect) {
591f47f3 1828 if (cp->addr.type == BDADDR_BREDR)
86a8cfc6 1829 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
8ce8e2b5 1830 &cp->addr.bdaddr);
86a8cfc6
JH		 1831 else
1832 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK,
8ce8e2b5 1833 &cp->addr.bdaddr);
86a8cfc6
JH		 1834 } else {
1835 conn = NULL;
1836 }
124f6e35 1837
a8a1d19e 1838 if (!conn) {
bdb6d971 1839 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE, 0,
04124681 1840 &rp, sizeof(rp));
b1078ad0 1841 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, sk);
a8a1d19e
JH		 1842 goto unlock;
1843 }
55ed8ca1 1844
124f6e35 1845 cmd = mgmt_pending_add(sk, MGMT_OP_UNPAIR_DEVICE, hdev, cp,
04124681 1846 sizeof(*cp));
a8a1d19e
JH		 1847 if (!cmd) {
1848 err = -ENOMEM;
1849 goto unlock;
55ed8ca1
JH		 1850 }
1851
eb55ef07 1852 dc.handle = cpu_to_le16(conn->handle);
a8a1d19e
JH		 1853 dc.reason = 0x13; /* Remote User Terminated Connection */
1854 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
1855 if (err < 0)
1856 mgmt_pending_remove(cmd);
1857
55ed8ca1 1858unlock:
09fd0de5 1859 hci_dev_unlock(hdev);
55ed8ca1
JH		 1860 return err;
1861}
1862
bdb6d971 1863static int disconnect(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1864 u16 len)
8962ee74 1865{
650f726d 1866 struct mgmt_cp_disconnect *cp = data;
06a63b19 1867 struct mgmt_rp_disconnect rp;
8962ee74 1868 struct hci_cp_disconnect dc;
366a0336 1869 struct pending_cmd *cmd;
8962ee74 1870 struct hci_conn *conn;
8962ee74
JH		 1871 int err;
1872
1873 BT_DBG("");
1874
06a63b19
JH		 1875 memset(&rp, 0, sizeof(rp));
1876 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
1877 rp.addr.type = cp->addr.type;
1878
4ee71b20 1879 if (!bdaddr_type_is_valid(cp->addr.type))
06a63b19
JH		 1880 return cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
1881 MGMT_STATUS_INVALID_PARAMS,
1882 &rp, sizeof(rp));
4ee71b20 1883
09fd0de5 1884 hci_dev_lock(hdev);
8962ee74
JH		 1885
1886 if (!test_bit(HCI_UP, &hdev->flags)) {
06a63b19
JH		 1887 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
1888 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
8962ee74
JH		 1889 goto failed;
1890 }
1891
2e58ef3e 1892 if (mgmt_pending_find(MGMT_OP_DISCONNECT, hdev)) {
06a63b19
JH		 1893 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
1894 MGMT_STATUS_BUSY, &rp, sizeof(rp));
8962ee74
JH		 1895 goto failed;
1896 }
1897
591f47f3 1898 if (cp->addr.type == BDADDR_BREDR)
8fc9ced3
GP		 1899 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
1900 &cp->addr.bdaddr);
88c3df13
JH		 1901 else
1902 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
365227e5 1903
f960727e 1904 if (!conn || conn->state == BT_OPEN || conn->state == BT_CLOSED) {
06a63b19
JH		 1905 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
1906 MGMT_STATUS_NOT_CONNECTED, &rp, sizeof(rp));
8962ee74
JH		 1907 goto failed;
1908 }
1909
2e58ef3e 1910 cmd = mgmt_pending_add(sk, MGMT_OP_DISCONNECT, hdev, data, len);
366a0336
JH		 1911 if (!cmd) {
1912 err = -ENOMEM;
8962ee74 1913 goto failed;
366a0336 1914 }
8962ee74 1915
eb55ef07 1916 dc.handle = cpu_to_le16(conn->handle);
3701f944 1917 dc.reason = HCI_ERROR_REMOTE_USER_TERM;
8962ee74
JH		 1918
1919 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
1920 if (err < 0)
a664b5bc 1921 mgmt_pending_remove(cmd);
8962ee74
JH		 1922
1923failed:
09fd0de5 1924 hci_dev_unlock(hdev);
8962ee74
JH		 1925 return err;
1926}
1927
57c1477c 1928static u8 link_to_bdaddr(u8 link_type, u8 addr_type)
4c659c39
JH		 1929{
1930 switch (link_type) {
1931 case LE_LINK:
48264f06
JH		 1932 switch (addr_type) {
1933 case ADDR_LE_DEV_PUBLIC:
591f47f3 1934 return BDADDR_LE_PUBLIC;
0ed09148 1935
48264f06 1936 default:
0ed09148 1937 /* Fallback to LE Random address type */
591f47f3 1938 return BDADDR_LE_RANDOM;
48264f06 1939 }
0ed09148 1940
4c659c39 1941 default:
0ed09148 1942 /* Fallback to BR/EDR type */
591f47f3 1943 return BDADDR_BREDR;
4c659c39
JH		 1944 }
1945}
1946
04124681
GP		 1947static int get_connections(struct sock *sk, struct hci_dev *hdev, void *data,
1948 u16 data_len)
2784eb41 1949{
2784eb41 1950 struct mgmt_rp_get_connections *rp;
8035ded4 1951 struct hci_conn *c;
a38528f1 1952 size_t rp_len;
60fc5fb6
JH		 1953 int err;
1954 u16 i;
2784eb41
JH		 1955
1956 BT_DBG("");
1957
09fd0de5 1958 hci_dev_lock(hdev);
2784eb41 1959
5f97c1df 1960 if (!hdev_is_powered(hdev)) {
bdb6d971 1961 err = cmd_status(sk, hdev->id, MGMT_OP_GET_CONNECTIONS,
04124681 1962 MGMT_STATUS_NOT_POWERED);
5f97c1df
JH		 1963 goto unlock;
1964 }
1965
60fc5fb6 1966 i = 0;
b644ba33
JH		 1967 list_for_each_entry(c, &hdev->conn_hash.list, list) {
1968 if (test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
60fc5fb6 1969 i++;
2784eb41
JH		 1970 }
1971
60fc5fb6 1972 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
92c4c204 1973 rp = kmalloc(rp_len, GFP_KERNEL);
a38528f1 1974 if (!rp) {
2784eb41
JH		 1975 err = -ENOMEM;
1976 goto unlock;
1977 }
1978
2784eb41 1979 i = 0;
4c659c39 1980 list_for_each_entry(c, &hdev->conn_hash.list, list) {
b644ba33
JH		 1981 if (!test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
1982 continue;
4c659c39 1983 bacpy(&rp->addr[i].bdaddr, &c->dst);
57c1477c 1984 rp->addr[i].type = link_to_bdaddr(c->type, c->dst_type);
0ed09148 1985 if (c->type == SCO_LINK || c->type == ESCO_LINK)
4c659c39
JH		 1986 continue;
1987 i++;
1988 }
1989
eb55ef07 1990 rp->conn_count = cpu_to_le16(i);
60fc5fb6 1991
4c659c39
JH		 1992 /* Recalculate length in case of filtered SCO connections, etc */
1993 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
2784eb41 1994
bdb6d971 1995 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CONNECTIONS, 0, rp,
04124681 1996 rp_len);
2784eb41 1997
a38528f1 1998 kfree(rp);
5f97c1df
JH		 1999
2000unlock:
09fd0de5 2001 hci_dev_unlock(hdev);
2784eb41
JH		 2002 return err;
2003}
2004
bdb6d971 2005static int send_pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 2006 struct mgmt_cp_pin_code_neg_reply *cp)
96d97a67
WR		 2007{
2008 struct pending_cmd *cmd;
2009 int err;
2010
2e58ef3e 2011 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_NEG_REPLY, hdev, cp,
04124681 2012 sizeof(*cp));
96d97a67
WR		 2013 if (!cmd)
2014 return -ENOMEM;
2015
d8457698 2016 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
04124681 2017 sizeof(cp->addr.bdaddr), &cp->addr.bdaddr);
96d97a67
WR		 2018 if (err < 0)
2019 mgmt_pending_remove(cmd);
2020
2021 return err;
2022}
2023
bdb6d971 2024static int pin_code_reply(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2025 u16 len)
980e1a53 2026{
96d97a67 2027 struct hci_conn *conn;
650f726d 2028 struct mgmt_cp_pin_code_reply *cp = data;
980e1a53 2029 struct hci_cp_pin_code_reply reply;
366a0336 2030 struct pending_cmd *cmd;
980e1a53
JH		 2031 int err;
2032
2033 BT_DBG("");
2034
09fd0de5 2035 hci_dev_lock(hdev);
980e1a53 2036
4b34ee78 2037 if (!hdev_is_powered(hdev)) {
bdb6d971 2038 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
04124681 2039 MGMT_STATUS_NOT_POWERED);
980e1a53
JH		 2040 goto failed;
2041 }
2042
d8457698 2043 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->addr.bdaddr);
96d97a67 2044 if (!conn) {
bdb6d971 2045 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
04124681 2046 MGMT_STATUS_NOT_CONNECTED);
96d97a67
WR		 2047 goto failed;
2048 }
2049
2050 if (conn->pending_sec_level == BT_SECURITY_HIGH && cp->pin_len != 16) {
d8457698
JH		 2051 struct mgmt_cp_pin_code_neg_reply ncp;
2052
2053 memcpy(&ncp.addr, &cp->addr, sizeof(ncp.addr));
96d97a67
WR		 2054
2055 BT_ERR("PIN code is not 16 bytes long");
2056
bdb6d971 2057 err = send_pin_code_neg_reply(sk, hdev, &ncp);
96d97a67 2058 if (err >= 0)
bdb6d971 2059 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
04124681 2060 MGMT_STATUS_INVALID_PARAMS);
96d97a67
WR		 2061
2062 goto failed;
2063 }
2064
00abfe44 2065 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_REPLY, hdev, data, len);
366a0336
JH		 2066 if (!cmd) {
2067 err = -ENOMEM;
980e1a53 2068 goto failed;
366a0336 2069 }
980e1a53 2070
d8457698 2071 bacpy(&reply.bdaddr, &cp->addr.bdaddr);
980e1a53 2072 reply.pin_len = cp->pin_len;
24718ca5 2073 memcpy(reply.pin_code, cp->pin_code, sizeof(reply.pin_code));
980e1a53
JH		 2074
2075 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_REPLY, sizeof(reply), &reply);
2076 if (err < 0)
a664b5bc 2077 mgmt_pending_remove(cmd);
980e1a53
JH		 2078
2079failed:
09fd0de5 2080 hci_dev_unlock(hdev);
980e1a53
JH		 2081 return err;
2082}
2083
04124681
GP		 2084static int set_io_capability(struct sock *sk, struct hci_dev *hdev, void *data,
2085 u16 len)
17fa4b9d 2086{
650f726d 2087 struct mgmt_cp_set_io_capability *cp = data;
17fa4b9d
JH		 2088
2089 BT_DBG("");
2090
09fd0de5 2091 hci_dev_lock(hdev);
17fa4b9d
JH		 2092
2093 hdev->io_capability = cp->io_capability;
2094
2095 BT_DBG("%s IO capability set to 0x%02x", hdev->name,
8ce8e2b5 2096 hdev->io_capability);
17fa4b9d 2097
09fd0de5 2098 hci_dev_unlock(hdev);
17fa4b9d 2099
04124681
GP		 2100 return cmd_complete(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY, 0, NULL,
2101 0);
17fa4b9d
JH		 2102}
2103
6039aa73 2104static struct pending_cmd *find_pairing(struct hci_conn *conn)
e9a416b5
JH		 2105{
2106 struct hci_dev *hdev = conn->hdev;
8035ded4 2107 struct pending_cmd *cmd;
e9a416b5 2108
2e58ef3e 2109 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
e9a416b5
JH		 2110 if (cmd->opcode != MGMT_OP_PAIR_DEVICE)
2111 continue;
2112
e9a416b5
JH		 2113 if (cmd->user_data != conn)
2114 continue;
2115
2116 return cmd;
2117 }
2118
2119 return NULL;
2120}
2121
2122static void pairing_complete(struct pending_cmd *cmd, u8 status)
2123{
2124 struct mgmt_rp_pair_device rp;
2125 struct hci_conn *conn = cmd->user_data;
2126
ba4e564f 2127 bacpy(&rp.addr.bdaddr, &conn->dst);
57c1477c 2128 rp.addr.type = link_to_bdaddr(conn->type, conn->dst_type);
e9a416b5 2129
aee9b218 2130 cmd_complete(cmd->sk, cmd->index, MGMT_OP_PAIR_DEVICE, status,
04124681 2131 &rp, sizeof(rp));
e9a416b5
JH		 2132
2133 /* So we don't get further callbacks for this connection */
2134 conn->connect_cfm_cb = NULL;
2135 conn->security_cfm_cb = NULL;
2136 conn->disconn_cfm_cb = NULL;
2137
76a68ba0 2138 hci_conn_drop(conn);
e9a416b5 2139
a664b5bc 2140 mgmt_pending_remove(cmd);
e9a416b5
JH		 2141}
2142
2143static void pairing_complete_cb(struct hci_conn *conn, u8 status)
2144{
2145 struct pending_cmd *cmd;
2146
2147 BT_DBG("status %u", status);
2148
2149 cmd = find_pairing(conn);
56e5cb86 2150 if (!cmd)
e9a416b5 2151 BT_DBG("Unable to find a pending command");
56e5cb86 2152 else
e211326c 2153 pairing_complete(cmd, mgmt_status(status));
e9a416b5
JH		 2154}
2155
4c47d739
VA		 2156static void le_connect_complete_cb(struct hci_conn *conn, u8 status)
2157{
2158 struct pending_cmd *cmd;
2159
2160 BT_DBG("status %u", status);
2161
2162 if (!status)
2163 return;
2164
2165 cmd = find_pairing(conn);
2166 if (!cmd)
2167 BT_DBG("Unable to find a pending command");
2168 else
2169 pairing_complete(cmd, mgmt_status(status));
2170}
2171
bdb6d971 2172static int pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2173 u16 len)
e9a416b5 2174{
650f726d 2175 struct mgmt_cp_pair_device *cp = data;
1425acb7 2176 struct mgmt_rp_pair_device rp;
e9a416b5
JH		 2177 struct pending_cmd *cmd;
2178 u8 sec_level, auth_type;
2179 struct hci_conn *conn;
e9a416b5
JH		 2180 int err;
2181
2182 BT_DBG("");
2183
f950a30e
SJ		 2184 memset(&rp, 0, sizeof(rp));
2185 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2186 rp.addr.type = cp->addr.type;
2187
4ee71b20
JH		 2188 if (!bdaddr_type_is_valid(cp->addr.type))
2189 return cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2190 MGMT_STATUS_INVALID_PARAMS,
2191 &rp, sizeof(rp));
2192
09fd0de5 2193 hci_dev_lock(hdev);
e9a416b5 2194
5f97c1df 2195 if (!hdev_is_powered(hdev)) {
f950a30e
SJ		 2196 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2197 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
5f97c1df
JH		 2198 goto unlock;
2199 }
2200
c908df36
VCG		 2201 sec_level = BT_SECURITY_MEDIUM;
2202 if (cp->io_cap == 0x03)
e9a416b5 2203 auth_type = HCI_AT_DEDICATED_BONDING;
c908df36 2204 else
e9a416b5 2205 auth_type = HCI_AT_DEDICATED_BONDING_MITM;
e9a416b5 2206
591f47f3 2207 if (cp->addr.type == BDADDR_BREDR)
b12f62cf
AG		 2208 conn = hci_connect(hdev, ACL_LINK, &cp->addr.bdaddr,
2209 cp->addr.type, sec_level, auth_type);
7a512d01 2210 else
b12f62cf
AG		 2211 conn = hci_connect(hdev, LE_LINK, &cp->addr.bdaddr,
2212 cp->addr.type, sec_level, auth_type);
7a512d01 2213
30e76272 2214 if (IS_ERR(conn)) {
489dc48e
AK		 2215 int status;
2216
2217 if (PTR_ERR(conn) == -EBUSY)
2218 status = MGMT_STATUS_BUSY;
2219 else
2220 status = MGMT_STATUS_CONNECT_FAILED;
2221
bdb6d971 2222 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
489dc48e 2223 status, &rp,
04124681 2224 sizeof(rp));
e9a416b5
JH		 2225 goto unlock;
2226 }
2227
2228 if (conn->connect_cfm_cb) {
76a68ba0 2229 hci_conn_drop(conn);
bdb6d971 2230 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
04124681 2231 MGMT_STATUS_BUSY, &rp, sizeof(rp));
e9a416b5
JH		 2232 goto unlock;
2233 }
2234
2e58ef3e 2235 cmd = mgmt_pending_add(sk, MGMT_OP_PAIR_DEVICE, hdev, data, len);
e9a416b5
JH		 2236 if (!cmd) {
2237 err = -ENOMEM;
76a68ba0 2238 hci_conn_drop(conn);
e9a416b5
JH		 2239 goto unlock;
2240 }
2241
7a512d01 2242 /* For LE, just connecting isn't a proof that the pairing finished */
591f47f3 2243 if (cp->addr.type == BDADDR_BREDR)
7a512d01 2244 conn->connect_cfm_cb = pairing_complete_cb;
4c47d739
VA		 2245 else
2246 conn->connect_cfm_cb = le_connect_complete_cb;
7a512d01 2247
e9a416b5
JH		 2248 conn->security_cfm_cb = pairing_complete_cb;
2249 conn->disconn_cfm_cb = pairing_complete_cb;
2250 conn->io_capability = cp->io_cap;
2251 cmd->user_data = conn;
2252
2253 if (conn->state == BT_CONNECTED &&
8ce8e2b5 2254 hci_conn_security(conn, sec_level, auth_type))
e9a416b5
JH		 2255 pairing_complete(cmd, 0);
2256
2257 err = 0;
2258
2259unlock:
09fd0de5 2260 hci_dev_unlock(hdev);
e9a416b5
JH		 2261 return err;
2262}
2263
04124681
GP		 2264static int cancel_pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
2265 u16 len)
28424707 2266{
0f4e68cf 2267 struct mgmt_addr_info *addr = data;
28424707
JH		 2268 struct pending_cmd *cmd;
2269 struct hci_conn *conn;
2270 int err;
2271
2272 BT_DBG("");
2273
28424707
JH		 2274 hci_dev_lock(hdev);
2275
5f97c1df 2276 if (!hdev_is_powered(hdev)) {
bdb6d971 2277 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
04124681 2278 MGMT_STATUS_NOT_POWERED);
5f97c1df
JH		 2279 goto unlock;
2280 }
2281
28424707
JH		 2282 cmd = mgmt_pending_find(MGMT_OP_PAIR_DEVICE, hdev);
2283 if (!cmd) {
bdb6d971 2284 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
04124681 2285 MGMT_STATUS_INVALID_PARAMS);
28424707
JH		 2286 goto unlock;
2287 }
2288
2289 conn = cmd->user_data;
2290
2291 if (bacmp(&addr->bdaddr, &conn->dst) != 0) {
bdb6d971 2292 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
04124681 2293 MGMT_STATUS_INVALID_PARAMS);
28424707
JH		 2294 goto unlock;
2295 }
2296
2297 pairing_complete(cmd, MGMT_STATUS_CANCELLED);
2298
bdb6d971 2299 err = cmd_complete(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE, 0,
04124681 2300 addr, sizeof(*addr));
28424707
JH		 2301unlock:
2302 hci_dev_unlock(hdev);
28424707
JH		 2303 return err;
2304}
2305
bdb6d971 2306static int user_pairing_resp(struct sock *sk, struct hci_dev *hdev,
1707c60e 2307 struct mgmt_addr_info *addr, u16 mgmt_op,
04124681 2308 u16 hci_op, __le32 passkey)
a5c29683 2309{
a5c29683 2310 struct pending_cmd *cmd;
0df4c185 2311 struct hci_conn *conn;
a5c29683
JH		 2312 int err;
2313
09fd0de5 2314 hci_dev_lock(hdev);
08ba5382 2315
4b34ee78 2316 if (!hdev_is_powered(hdev)) {
feb94d3d
JH		 2317 err = cmd_complete(sk, hdev->id, mgmt_op,
2318 MGMT_STATUS_NOT_POWERED, addr,
2319 sizeof(*addr));
0df4c185 2320 goto done;
a5c29683
JH		 2321 }
2322
1707c60e
JH		 2323 if (addr->type == BDADDR_BREDR)
2324 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &addr->bdaddr);
272d90df 2325 else
1707c60e 2326 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &addr->bdaddr);
272d90df
JH		 2327
2328 if (!conn) {
feb94d3d
JH		 2329 err = cmd_complete(sk, hdev->id, mgmt_op,
2330 MGMT_STATUS_NOT_CONNECTED, addr,
2331 sizeof(*addr));
272d90df
JH		 2332 goto done;
2333 }
47c15e2b 2334
1707c60e 2335 if (addr->type == BDADDR_LE_PUBLIC || addr->type == BDADDR_LE_RANDOM) {
47c15e2b 2336 /* Continue with pairing via SMP */
5fe57d9e
BG		 2337 err = smp_user_confirm_reply(conn, mgmt_op, passkey);
2338
2339 if (!err)
feb94d3d
JH		 2340 err = cmd_complete(sk, hdev->id, mgmt_op,
2341 MGMT_STATUS_SUCCESS, addr,
2342 sizeof(*addr));
5fe57d9e 2343 else
feb94d3d
JH		 2344 err = cmd_complete(sk, hdev->id, mgmt_op,
2345 MGMT_STATUS_FAILED, addr,
2346 sizeof(*addr));
47c15e2b 2347
47c15e2b
BG		 2348 goto done;
2349 }
2350
1707c60e 2351 cmd = mgmt_pending_add(sk, mgmt_op, hdev, addr, sizeof(*addr));
a5c29683
JH		 2352 if (!cmd) {
2353 err = -ENOMEM;
0df4c185 2354 goto done;
a5c29683
JH		 2355 }
2356
0df4c185 2357 /* Continue with pairing via HCI */
604086b7
BG		 2358 if (hci_op == HCI_OP_USER_PASSKEY_REPLY) {
2359 struct hci_cp_user_passkey_reply cp;
2360
1707c60e 2361 bacpy(&cp.bdaddr, &addr->bdaddr);
604086b7
BG		 2362 cp.passkey = passkey;
2363 err = hci_send_cmd(hdev, hci_op, sizeof(cp), &cp);
2364 } else
1707c60e
JH		 2365 err = hci_send_cmd(hdev, hci_op, sizeof(addr->bdaddr),
2366 &addr->bdaddr);
604086b7 2367
a664b5bc
JH		 2368 if (err < 0)
2369 mgmt_pending_remove(cmd);
a5c29683 2370
0df4c185 2371done:
09fd0de5 2372 hci_dev_unlock(hdev);
a5c29683
JH		 2373 return err;
2374}
2375
afeb019d
JK		 2376static int pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
2377 void *data, u16 len)
2378{
2379 struct mgmt_cp_pin_code_neg_reply *cp = data;
2380
2381 BT_DBG("");
2382
1707c60e 2383 return user_pairing_resp(sk, hdev, &cp->addr,
afeb019d
JK		 2384 MGMT_OP_PIN_CODE_NEG_REPLY,
2385 HCI_OP_PIN_CODE_NEG_REPLY, 0);
2386}
2387
04124681
GP		 2388static int user_confirm_reply(struct sock *sk, struct hci_dev *hdev, void *data,
2389 u16 len)
0df4c185 2390{
650f726d 2391 struct mgmt_cp_user_confirm_reply *cp = data;
0df4c185
BG		 2392
2393 BT_DBG("");
2394
2395 if (len != sizeof(*cp))
bdb6d971 2396 return cmd_status(sk, hdev->id, MGMT_OP_USER_CONFIRM_REPLY,
04124681 2397 MGMT_STATUS_INVALID_PARAMS);
0df4c185 2398
1707c60e 2399 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 2400 MGMT_OP_USER_CONFIRM_REPLY,
2401 HCI_OP_USER_CONFIRM_REPLY, 0);
0df4c185
BG		 2402}
2403
bdb6d971 2404static int user_confirm_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 2405 void *data, u16 len)
0df4c185 2406{
c9c2659f 2407 struct mgmt_cp_user_confirm_neg_reply *cp = data;
0df4c185
BG		 2408
2409 BT_DBG("");
2410
1707c60e 2411 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 2412 MGMT_OP_USER_CONFIRM_NEG_REPLY,
2413 HCI_OP_USER_CONFIRM_NEG_REPLY, 0);
0df4c185
BG		 2414}
2415
04124681
GP		 2416static int user_passkey_reply(struct sock *sk, struct hci_dev *hdev, void *data,
2417 u16 len)
604086b7 2418{
650f726d 2419 struct mgmt_cp_user_passkey_reply *cp = data;
604086b7
BG		 2420
2421 BT_DBG("");
2422
1707c60e 2423 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 2424 MGMT_OP_USER_PASSKEY_REPLY,
2425 HCI_OP_USER_PASSKEY_REPLY, cp->passkey);
604086b7
BG		 2426}
2427
bdb6d971 2428static int user_passkey_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 2429 void *data, u16 len)
604086b7 2430{
650f726d 2431 struct mgmt_cp_user_passkey_neg_reply *cp = data;
604086b7
BG		 2432
2433 BT_DBG("");
2434
1707c60e 2435 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 2436 MGMT_OP_USER_PASSKEY_NEG_REPLY,
2437 HCI_OP_USER_PASSKEY_NEG_REPLY, 0);
604086b7
BG		 2438}
2439
13928971 2440static void update_name(struct hci_request *req)
2b4bf397 2441{
13928971 2442 struct hci_dev *hdev = req->hdev;
2b4bf397
JH		 2443 struct hci_cp_write_local_name cp;
2444
13928971 2445 memcpy(cp.name, hdev->dev_name, sizeof(cp.name));
2b4bf397 2446
890ea898 2447 hci_req_add(req, HCI_OP_WRITE_LOCAL_NAME, sizeof(cp), &cp);
2b4bf397
JH		 2448}
2449
13928971
JH		 2450static void set_name_complete(struct hci_dev *hdev, u8 status)
2451{
2452 struct mgmt_cp_set_local_name *cp;
2453 struct pending_cmd *cmd;
2454
2455 BT_DBG("status 0x%02x", status);
2456
2457 hci_dev_lock(hdev);
2458
2459 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
2460 if (!cmd)
2461 goto unlock;
2462
2463 cp = cmd->param;
2464
2465 if (status)
2466 cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME,
2467 mgmt_status(status));
2468 else
2469 cmd_complete(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
2470 cp, sizeof(*cp));
2471
2472 mgmt_pending_remove(cmd);
2473
2474unlock:
2475 hci_dev_unlock(hdev);
2476}
2477
bdb6d971 2478static int set_local_name(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2479 u16 len)
b312b161 2480{
2b4bf397 2481 struct mgmt_cp_set_local_name *cp = data;
b312b161 2482 struct pending_cmd *cmd;
890ea898 2483 struct hci_request req;
b312b161
JH		 2484 int err;
2485
2486 BT_DBG("");
2487
09fd0de5 2488 hci_dev_lock(hdev);
b312b161 2489
b3f2ca94
JH		 2490 /* If the old values are the same as the new ones just return a
2491 * direct command complete event.
2492 */
2493 if (!memcmp(hdev->dev_name, cp->name, sizeof(hdev->dev_name)) &&
2494 !memcmp(hdev->short_name, cp->short_name,
2495 sizeof(hdev->short_name))) {
2496 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
2497 data, len);
2498 goto failed;
2499 }
2500
2b4bf397 2501 memcpy(hdev->short_name, cp->short_name, sizeof(hdev->short_name));
28cc7bde 2502
b5235a65 2503 if (!hdev_is_powered(hdev)) {
2b4bf397 2504 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
28cc7bde
JH		 2505
2506 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
04124681 2507 data, len);
28cc7bde
JH		 2508 if (err < 0)
2509 goto failed;
2510
2511 err = mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, data, len,
04124681 2512 sk);
28cc7bde 2513
b5235a65
JH		 2514 goto failed;
2515 }
2516
28cc7bde 2517 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LOCAL_NAME, hdev, data, len);
b312b161
JH		 2518 if (!cmd) {
2519 err = -ENOMEM;
2520 goto failed;
2521 }
2522
13928971
JH		 2523 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
2524
890ea898 2525 hci_req_init(&req, hdev);
3f985050
JH		 2526
2527 if (lmp_bredr_capable(hdev)) {
2528 update_name(&req);
2529 update_eir(&req);
2530 }
2531
2532 if (lmp_le_capable(hdev))
2533 hci_update_ad(&req);
2534
13928971 2535 err = hci_req_run(&req, set_name_complete);
b312b161
JH		 2536 if (err < 0)
2537 mgmt_pending_remove(cmd);
2538
2539failed:
09fd0de5 2540 hci_dev_unlock(hdev);
b312b161
JH		 2541 return err;
2542}
2543
0f4e68cf 2544static int read_local_oob_data(struct sock *sk, struct hci_dev *hdev,
04124681 2545 void *data, u16 data_len)
c35938b2 2546{
c35938b2
SJ		 2547 struct pending_cmd *cmd;
2548 int err;
2549
bdb6d971 2550 BT_DBG("%s", hdev->name);
c35938b2 2551
09fd0de5 2552 hci_dev_lock(hdev);
c35938b2 2553
4b34ee78 2554 if (!hdev_is_powered(hdev)) {
bdb6d971 2555 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
04124681 2556 MGMT_STATUS_NOT_POWERED);
c35938b2
SJ		 2557 goto unlock;
2558 }
2559
9a1a1996 2560 if (!lmp_ssp_capable(hdev)) {
bdb6d971 2561 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
04124681 2562 MGMT_STATUS_NOT_SUPPORTED);
c35938b2
SJ		 2563 goto unlock;
2564 }
2565
2e58ef3e 2566 if (mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev)) {
bdb6d971 2567 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
04124681 2568 MGMT_STATUS_BUSY);
c35938b2
SJ		 2569 goto unlock;
2570 }
2571
2e58ef3e 2572 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_DATA, hdev, NULL, 0);
c35938b2
SJ		 2573 if (!cmd) {
2574 err = -ENOMEM;
2575 goto unlock;
2576 }
2577
2578 err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL);
2579 if (err < 0)
2580 mgmt_pending_remove(cmd);
2581
2582unlock:
09fd0de5 2583 hci_dev_unlock(hdev);
c35938b2
SJ		 2584 return err;
2585}
2586
bdb6d971 2587static int add_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
04124681 2588 void *data, u16 len)
2763eda6 2589{
650f726d 2590 struct mgmt_cp_add_remote_oob_data *cp = data;
bf1e3541 2591 u8 status;
2763eda6
SJ		 2592 int err;
2593
bdb6d971 2594 BT_DBG("%s ", hdev->name);
2763eda6 2595
09fd0de5 2596 hci_dev_lock(hdev);
2763eda6 2597
664ce4cc 2598 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr, cp->hash,
04124681 2599 cp->randomizer);
2763eda6 2600 if (err < 0)
bf1e3541 2601 status = MGMT_STATUS_FAILED;
2763eda6 2602 else
a6785be2 2603 status = MGMT_STATUS_SUCCESS;
bf1e3541 2604
bdb6d971 2605 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA, status,
04124681 2606 &cp->addr, sizeof(cp->addr));
2763eda6 2607
09fd0de5 2608 hci_dev_unlock(hdev);
2763eda6
SJ		 2609 return err;
2610}
2611
bdb6d971 2612static int remove_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
8ce8e2b5 2613 void *data, u16 len)
2763eda6 2614{
650f726d 2615 struct mgmt_cp_remove_remote_oob_data *cp = data;
bf1e3541 2616 u8 status;
2763eda6
SJ		 2617 int err;
2618
bdb6d971 2619 BT_DBG("%s", hdev->name);
2763eda6 2620
09fd0de5 2621 hci_dev_lock(hdev);
2763eda6 2622
664ce4cc 2623 err = hci_remove_remote_oob_data(hdev, &cp->addr.bdaddr);
2763eda6 2624 if (err < 0)
bf1e3541 2625 status = MGMT_STATUS_INVALID_PARAMS;
2763eda6 2626 else
a6785be2 2627 status = MGMT_STATUS_SUCCESS;
bf1e3541 2628
bdb6d971 2629 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
04124681 2630 status, &cp->addr, sizeof(cp->addr));
2763eda6 2631
09fd0de5 2632 hci_dev_unlock(hdev);
2763eda6
SJ		 2633 return err;
2634}
2635
5e0452c0
AG		 2636int mgmt_interleaved_discovery(struct hci_dev *hdev)
2637{
2638 int err;
2639
2640 BT_DBG("%s", hdev->name);
2641
2642 hci_dev_lock(hdev);
2643
2644 err = hci_do_inquiry(hdev, INQUIRY_LEN_BREDR_LE);
2645 if (err < 0)
2646 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
2647
2648 hci_dev_unlock(hdev);
2649
2650 return err;
2651}
2652
7c307720
AG		 2653static void start_discovery_complete(struct hci_dev *hdev, u8 status)
2654{
2655 BT_DBG("status %d", status);
2656
2657 if (status) {
2658 hci_dev_lock(hdev);
2659 mgmt_start_discovery_failed(hdev, status);
2660 hci_dev_unlock(hdev);
2661 return;
2662 }
2663
2664 hci_dev_lock(hdev);
2665 hci_discovery_set_state(hdev, DISCOVERY_FINDING);
2666 hci_dev_unlock(hdev);
2667
2668 switch (hdev->discovery.type) {
2669 case DISCOV_TYPE_LE:
2670 queue_delayed_work(hdev->workqueue, &hdev->le_scan_disable,
2671 LE_SCAN_TIMEOUT_LE_ONLY);
2672 break;
2673
2674 case DISCOV_TYPE_INTERLEAVED:
2675 queue_delayed_work(hdev->workqueue, &hdev->le_scan_disable,
2676 LE_SCAN_TIMEOUT_BREDR_LE);
2677 break;
2678
2679 case DISCOV_TYPE_BREDR:
2680 break;
2681
2682 default:
2683 BT_ERR("Invalid discovery type %d", hdev->discovery.type);
2684 }
2685}
2686
bdb6d971 2687static int start_discovery(struct sock *sk, struct hci_dev *hdev,
04124681 2688 void *data, u16 len)
14a53664 2689{
650f726d 2690 struct mgmt_cp_start_discovery *cp = data;
14a53664 2691 struct pending_cmd *cmd;
7c307720
AG		 2692 struct hci_cp_le_set_scan_param param_cp;
2693 struct hci_cp_le_set_scan_enable enable_cp;
2694 struct hci_cp_inquiry inq_cp;
2695 struct hci_request req;
2696 /* General inquiry access code (GIAC) */
2697 u8 lap[3] = { 0x33, 0x8b, 0x9e };
14a53664
JH		 2698 int err;
2699
bdb6d971 2700 BT_DBG("%s", hdev->name);
14a53664 2701
09fd0de5 2702 hci_dev_lock(hdev);
14a53664 2703
4b34ee78 2704 if (!hdev_is_powered(hdev)) {
bdb6d971 2705 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
04124681 2706 MGMT_STATUS_NOT_POWERED);
bd2d1334
JH		 2707 goto failed;
2708 }
2709
642be6c7
AG		 2710 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags)) {
2711 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2712 MGMT_STATUS_BUSY);
2713 goto failed;
2714 }
2715
ff9ef578 2716 if (hdev->discovery.state != DISCOVERY_STOPPED) {
bdb6d971 2717 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
04124681 2718 MGMT_STATUS_BUSY);
ff9ef578
JH		 2719 goto failed;
2720 }
2721
2e58ef3e 2722 cmd = mgmt_pending_add(sk, MGMT_OP_START_DISCOVERY, hdev, NULL, 0);
14a53664
JH		 2723 if (!cmd) {
2724 err = -ENOMEM;
2725 goto failed;
2726 }
2727
4aab14e5
AG		 2728 hdev->discovery.type = cp->type;
2729
7c307720
AG		 2730 hci_req_init(&req, hdev);
2731
4aab14e5 2732 switch (hdev->discovery.type) {
f39799f5 2733 case DISCOV_TYPE_BREDR:
04106755
JH		 2734 if (!lmp_bredr_capable(hdev)) {
2735 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2736 MGMT_STATUS_NOT_SUPPORTED);
2737 mgmt_pending_remove(cmd);
2738 goto failed;
2739 }
2740
7c307720
AG		 2741 if (test_bit(HCI_INQUIRY, &hdev->flags)) {
2742 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2743 MGMT_STATUS_BUSY);
2744 mgmt_pending_remove(cmd);
2745 goto failed;
2746 }
2747
2748 hci_inquiry_cache_flush(hdev);
2749
2750 memset(&inq_cp, 0, sizeof(inq_cp));
2751 memcpy(&inq_cp.lap, lap, sizeof(inq_cp.lap));
2752 inq_cp.length = INQUIRY_LEN_BREDR;
2753 hci_req_add(&req, HCI_OP_INQUIRY, sizeof(inq_cp), &inq_cp);
f39799f5
AG		 2754 break;
2755
2756 case DISCOV_TYPE_LE:
7c307720 2757 case DISCOV_TYPE_INTERLEAVED:
757aee0f 2758 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
04106755
JH		 2759 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2760 MGMT_STATUS_NOT_SUPPORTED);
2761 mgmt_pending_remove(cmd);
2762 goto failed;
2763 }
2764
7c307720
AG		 2765 if (hdev->discovery.type == DISCOV_TYPE_INTERLEAVED &&
2766 !lmp_bredr_capable(hdev)) {
04106755
JH		 2767 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2768 MGMT_STATUS_NOT_SUPPORTED);
2769 mgmt_pending_remove(cmd);
2770 goto failed;
2771 }
2772
7c307720
AG		 2773 if (test_bit(HCI_LE_PERIPHERAL, &hdev->dev_flags)) {
2774 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2775 MGMT_STATUS_REJECTED);
2776 mgmt_pending_remove(cmd);
2777 goto failed;
2778 }
2779
2780 if (test_bit(HCI_LE_SCAN, &hdev->dev_flags)) {
2781 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2782 MGMT_STATUS_BUSY);
2783 mgmt_pending_remove(cmd);
2784 goto failed;
2785 }
2786
2787 memset(&param_cp, 0, sizeof(param_cp));
2788 param_cp.type = LE_SCAN_ACTIVE;
2789 param_cp.interval = cpu_to_le16(LE_SCAN_INT);
2790 param_cp.window = cpu_to_le16(LE_SCAN_WIN);
2791 hci_req_add(&req, HCI_OP_LE_SET_SCAN_PARAM, sizeof(param_cp),
2792 &param_cp);
2793
2794 memset(&enable_cp, 0, sizeof(enable_cp));
2795 enable_cp.enable = LE_SCAN_ENABLE;
2796 enable_cp.filter_dup = LE_SCAN_FILTER_DUP_ENABLE;
2797 hci_req_add(&req, HCI_OP_LE_SET_SCAN_ENABLE, sizeof(enable_cp),
2798 &enable_cp);
5e0452c0
AG		 2799 break;
2800
f39799f5 2801 default:
04106755
JH		 2802 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2803 MGMT_STATUS_INVALID_PARAMS);
2804 mgmt_pending_remove(cmd);
2805 goto failed;
f39799f5 2806 }
3fd24153 2807
7c307720 2808 err = hci_req_run(&req, start_discovery_complete);
14a53664
JH		 2809 if (err < 0)
2810 mgmt_pending_remove(cmd);
ff9ef578
JH		 2811 else
2812 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
14a53664
JH		 2813
2814failed:
09fd0de5 2815 hci_dev_unlock(hdev);
14a53664
JH		 2816 return err;
2817}
2818
bdb6d971 2819static int stop_discovery(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2820 u16 len)
14a53664 2821{
d930650b 2822 struct mgmt_cp_stop_discovery *mgmt_cp = data;
14a53664 2823 struct pending_cmd *cmd;
30dc78e1
JH		 2824 struct hci_cp_remote_name_req_cancel cp;
2825 struct inquiry_entry *e;
14a53664
JH		 2826 int err;
2827
bdb6d971 2828 BT_DBG("%s", hdev->name);
14a53664 2829
09fd0de5 2830 hci_dev_lock(hdev);
14a53664 2831
30dc78e1 2832 if (!hci_discovery_active(hdev)) {
bdb6d971 2833 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
04124681
GP		 2834 MGMT_STATUS_REJECTED, &mgmt_cp->type,
2835 sizeof(mgmt_cp->type));
d930650b
JH		 2836 goto unlock;
2837 }
2838
2839 if (hdev->discovery.type != mgmt_cp->type) {
bdb6d971 2840 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
04124681
GP		 2841 MGMT_STATUS_INVALID_PARAMS, &mgmt_cp->type,
2842 sizeof(mgmt_cp->type));
30dc78e1 2843 goto unlock;
ff9ef578
JH		 2844 }
2845
2e58ef3e 2846 cmd = mgmt_pending_add(sk, MGMT_OP_STOP_DISCOVERY, hdev, NULL, 0);
14a53664
JH		 2847 if (!cmd) {
2848 err = -ENOMEM;
30dc78e1
JH		 2849 goto unlock;
2850 }
2851
e0d9727e
AG		 2852 switch (hdev->discovery.state) {
2853 case DISCOVERY_FINDING:
c9ecc48e
AG		 2854 if (test_bit(HCI_INQUIRY, &hdev->flags))
2855 err = hci_cancel_inquiry(hdev);
2856 else
2857 err = hci_cancel_le_scan(hdev);
2858
e0d9727e
AG		 2859 break;
2860
2861 case DISCOVERY_RESOLVING:
2862 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY,
8ce8e2b5 2863 NAME_PENDING);
e0d9727e 2864 if (!e) {
30dc78e1 2865 mgmt_pending_remove(cmd);
e0d9727e
AG		 2866 err = cmd_complete(sk, hdev->id,
2867 MGMT_OP_STOP_DISCOVERY, 0,
2868 &mgmt_cp->type,
2869 sizeof(mgmt_cp->type));
2870 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
2871 goto unlock;
2872 }
30dc78e1 2873
e0d9727e
AG		 2874 bacpy(&cp.bdaddr, &e->data.bdaddr);
2875 err = hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ_CANCEL,
2876 sizeof(cp), &cp);
2877
2878 break;
2879
2880 default:
2881 BT_DBG("unknown discovery state %u", hdev->discovery.state);
2882 err = -EFAULT;
14a53664
JH		 2883 }
2884
14a53664
JH		 2885 if (err < 0)
2886 mgmt_pending_remove(cmd);
ff9ef578
JH		 2887 else
2888 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
14a53664 2889
30dc78e1 2890unlock:
09fd0de5 2891 hci_dev_unlock(hdev);
14a53664
JH		 2892 return err;
2893}
2894
bdb6d971 2895static int confirm_name(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2896 u16 len)
561aafbc 2897{
650f726d 2898 struct mgmt_cp_confirm_name *cp = data;
561aafbc 2899 struct inquiry_entry *e;
561aafbc
JH		 2900 int err;
2901
bdb6d971 2902 BT_DBG("%s", hdev->name);
561aafbc 2903
561aafbc
JH		 2904 hci_dev_lock(hdev);
2905
30dc78e1 2906 if (!hci_discovery_active(hdev)) {
bdb6d971 2907 err = cmd_status(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
04124681 2908 MGMT_STATUS_FAILED);
30dc78e1
JH		 2909 goto failed;
2910 }
2911
a198e7b1 2912 e = hci_inquiry_cache_lookup_unknown(hdev, &cp->addr.bdaddr);
561aafbc 2913 if (!e) {
bdb6d971 2914 err = cmd_status(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
04124681 2915 MGMT_STATUS_INVALID_PARAMS);
561aafbc
JH		 2916 goto failed;
2917 }
2918
2919 if (cp->name_known) {
2920 e->name_state = NAME_KNOWN;
2921 list_del(&e->list);
2922 } else {
2923 e->name_state = NAME_NEEDED;
a3d4e20a 2924 hci_inquiry_cache_update_resolve(hdev, e);
561aafbc
JH		 2925 }
2926
e384662b
JH		 2927 err = cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME, 0, &cp->addr,
2928 sizeof(cp->addr));
561aafbc
JH		 2929
2930failed:
2931 hci_dev_unlock(hdev);
561aafbc
JH		 2932 return err;
2933}
2934
bdb6d971 2935static int block_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2936 u16 len)
7fbec224 2937{
650f726d 2938 struct mgmt_cp_block_device *cp = data;
f0eeea8b 2939 u8 status;
7fbec224
AJ		 2940 int err;
2941
bdb6d971 2942 BT_DBG("%s", hdev->name);
7fbec224 2943
4ee71b20 2944 if (!bdaddr_type_is_valid(cp->addr.type))
5d0846d4
JH		 2945 return cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE,
2946 MGMT_STATUS_INVALID_PARAMS,
2947 &cp->addr, sizeof(cp->addr));
4ee71b20 2948
09fd0de5 2949 hci_dev_lock(hdev);
5e762444 2950
88c1fe4b 2951 err = hci_blacklist_add(hdev, &cp->addr.bdaddr, cp->addr.type);
7fbec224 2952 if (err < 0)
f0eeea8b 2953 status = MGMT_STATUS_FAILED;
7fbec224 2954 else
a6785be2 2955 status = MGMT_STATUS_SUCCESS;
f0eeea8b 2956
bdb6d971 2957 err = cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE, status,
04124681 2958 &cp->addr, sizeof(cp->addr));
5e762444 2959
09fd0de5 2960 hci_dev_unlock(hdev);
7fbec224
AJ		 2961
2962 return err;
2963}
2964
bdb6d971 2965static int unblock_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2966 u16 len)
7fbec224 2967{
650f726d 2968 struct mgmt_cp_unblock_device *cp = data;
f0eeea8b 2969 u8 status;
7fbec224
AJ		 2970 int err;
2971
bdb6d971 2972 BT_DBG("%s", hdev->name);
7fbec224 2973
4ee71b20 2974 if (!bdaddr_type_is_valid(cp->addr.type))
5d0846d4
JH		 2975 return cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE,
2976 MGMT_STATUS_INVALID_PARAMS,
2977 &cp->addr, sizeof(cp->addr));
4ee71b20 2978
09fd0de5 2979 hci_dev_lock(hdev);
5e762444 2980
88c1fe4b 2981 err = hci_blacklist_del(hdev, &cp->addr.bdaddr, cp->addr.type);
7fbec224 2982 if (err < 0)
f0eeea8b 2983 status = MGMT_STATUS_INVALID_PARAMS;
7fbec224 2984 else
a6785be2 2985 status = MGMT_STATUS_SUCCESS;
f0eeea8b 2986
bdb6d971 2987 err = cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE, status,
04124681 2988 &cp->addr, sizeof(cp->addr));
5e762444 2989
09fd0de5 2990 hci_dev_unlock(hdev);
7fbec224
AJ		 2991
2992 return err;
2993}
2994
cdbaccca
MH		 2995static int set_device_id(struct sock *sk, struct hci_dev *hdev, void *data,
2996 u16 len)
2997{
2998 struct mgmt_cp_set_device_id *cp = data;
890ea898 2999 struct hci_request req;
cdbaccca 3000 int err;
c72d4b8a 3001 __u16 source;
cdbaccca
MH		 3002
3003 BT_DBG("%s", hdev->name);
3004
c72d4b8a
SJ		 3005 source = __le16_to_cpu(cp->source);
3006
3007 if (source > 0x0002)
3008 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEVICE_ID,
3009 MGMT_STATUS_INVALID_PARAMS);
3010
cdbaccca
MH		 3011 hci_dev_lock(hdev);
3012
c72d4b8a 3013 hdev->devid_source = source;
cdbaccca
MH		 3014 hdev->devid_vendor = __le16_to_cpu(cp->vendor);
3015 hdev->devid_product = __le16_to_cpu(cp->product);
3016 hdev->devid_version = __le16_to_cpu(cp->version);
3017
3018 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEVICE_ID, 0, NULL, 0);
3019
890ea898
JH		 3020 hci_req_init(&req, hdev);
3021 update_eir(&req);
3022 hci_req_run(&req, NULL);
cdbaccca
MH		 3023
3024 hci_dev_unlock(hdev);
3025
3026 return err;
3027}
3028
33e38b3e
JH		 3029static void fast_connectable_complete(struct hci_dev *hdev, u8 status)
3030{
3031 struct pending_cmd *cmd;
3032
3033 BT_DBG("status 0x%02x", status);
3034
3035 hci_dev_lock(hdev);
3036
3037 cmd = mgmt_pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev);
3038 if (!cmd)
3039 goto unlock;
3040
3041 if (status) {
3042 cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
3043 mgmt_status(status));
3044 } else {
1a4d3c4b
JH		 3045 struct mgmt_mode *cp = cmd->param;
3046
3047 if (cp->val)
3048 set_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
3049 else
3050 clear_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
3051
33e38b3e
JH		 3052 send_settings_rsp(cmd->sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev);
3053 new_settings(hdev, cmd->sk);
3054 }
3055
3056 mgmt_pending_remove(cmd);
3057
3058unlock:
3059 hci_dev_unlock(hdev);
3060}
3061
bdb6d971 3062static int set_fast_connectable(struct sock *sk, struct hci_dev *hdev,
04124681 3063 void *data, u16 len)
f6422ec6 3064{
650f726d 3065 struct mgmt_mode *cp = data;
33e38b3e
JH		 3066 struct pending_cmd *cmd;
3067 struct hci_request req;
f6422ec6
AJ		 3068 int err;
3069
bdb6d971 3070 BT_DBG("%s", hdev->name);
f6422ec6 3071
1a47aee8 3072 if (!lmp_bredr_capable(hdev) || hdev->hci_ver < BLUETOOTH_VER_1_2)
33c525c0
JH		 3073 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
3074 MGMT_STATUS_NOT_SUPPORTED);
3075
a7e80f25
JH		 3076 if (cp->val != 0x00 && cp->val != 0x01)
3077 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
3078 MGMT_STATUS_INVALID_PARAMS);
3079
5400c044 3080 if (!hdev_is_powered(hdev))
bdb6d971 3081 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
04124681 3082 MGMT_STATUS_NOT_POWERED);
5400c044
JH		 3083
3084 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
bdb6d971 3085 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
04124681 3086 MGMT_STATUS_REJECTED);
f6422ec6
AJ		 3087
3088 hci_dev_lock(hdev);
3089
05cbf29f
JH		 3090 if (mgmt_pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev)) {
3091 err = cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
3092 MGMT_STATUS_BUSY);
3093 goto unlock;
3094 }
3095
1a4d3c4b
JH		 3096 if (!!cp->val == test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags)) {
3097 err = send_settings_rsp(sk, MGMT_OP_SET_FAST_CONNECTABLE,
3098 hdev);
3099 goto unlock;
3100 }
3101
33e38b3e
JH		 3102 cmd = mgmt_pending_add(sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev,
3103 data, len);
3104 if (!cmd) {
3105 err = -ENOMEM;
3106 goto unlock;
f6422ec6
AJ		 3107 }
3108
33e38b3e
JH		 3109 hci_req_init(&req, hdev);
3110
406d7804 3111 write_fast_connectable(&req, cp->val);
33e38b3e
JH		 3112
3113 err = hci_req_run(&req, fast_connectable_complete);
f6422ec6 3114 if (err < 0) {
bdb6d971 3115 err = cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
04124681 3116 MGMT_STATUS_FAILED);
33e38b3e 3117 mgmt_pending_remove(cmd);
f6422ec6
AJ		 3118 }
3119
33e38b3e 3120unlock:
f6422ec6 3121 hci_dev_unlock(hdev);
33e38b3e 3122
f6422ec6
AJ		 3123 return err;
3124}
3125
3f706b72
JH		 3126static bool ltk_is_valid(struct mgmt_ltk_info *key)
3127{
44b20d33
JH		 3128 if (key->authenticated != 0x00 && key->authenticated != 0x01)
3129 return false;
3f706b72
JH		 3130 if (key->master != 0x00 && key->master != 0x01)
3131 return false;
4ee71b20
JH		 3132 if (!bdaddr_type_is_le(key->addr.type))
3133 return false;
3f706b72
JH		 3134 return true;
3135}
3136
bdb6d971 3137static int load_long_term_keys(struct sock *sk, struct hci_dev *hdev,
04124681 3138 void *cp_data, u16 len)
346af67b 3139{
346af67b
VCG		 3140 struct mgmt_cp_load_long_term_keys *cp = cp_data;
3141 u16 key_count, expected_len;
715a5bf2 3142 int i, err;
346af67b 3143
1f350c87 3144 key_count = __le16_to_cpu(cp->key_count);
346af67b
VCG		 3145
3146 expected_len = sizeof(*cp) + key_count *
3147 sizeof(struct mgmt_ltk_info);
3148 if (expected_len != len) {
3149 BT_ERR("load_keys: expected %u bytes, got %u bytes",
8ce8e2b5 3150 len, expected_len);
bdb6d971 3151 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
e57e619f 3152 MGMT_STATUS_INVALID_PARAMS);
346af67b
VCG		 3153 }
3154
bdb6d971 3155 BT_DBG("%s key_count %u", hdev->name, key_count);
346af67b 3156
54ad6d8a
JH		 3157 for (i = 0; i < key_count; i++) {
3158 struct mgmt_ltk_info *key = &cp->keys[i];
3159
3f706b72 3160 if (!ltk_is_valid(key))
54ad6d8a
JH		 3161 return cmd_status(sk, hdev->id,
3162 MGMT_OP_LOAD_LONG_TERM_KEYS,
3163 MGMT_STATUS_INVALID_PARAMS);
3164 }
3165
346af67b
VCG		 3166 hci_dev_lock(hdev);
3167
3168 hci_smp_ltks_clear(hdev);
3169
3170 for (i = 0; i < key_count; i++) {
3171 struct mgmt_ltk_info *key = &cp->keys[i];
3172 u8 type;
3173
3174 if (key->master)
3175 type = HCI_SMP_LTK;
3176 else
3177 type = HCI_SMP_LTK_SLAVE;
3178
4596fde5 3179 hci_add_ltk(hdev, &key->addr.bdaddr,
378b5b7e 3180 bdaddr_to_le(key->addr.type),
04124681
GP		 3181 type, 0, key->authenticated, key->val,
3182 key->enc_size, key->ediv, key->rand);
346af67b
VCG		 3183 }
3184
715a5bf2
JH		 3185 err = cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS, 0,
3186 NULL, 0);
3187
346af67b 3188 hci_dev_unlock(hdev);
346af67b 3189
715a5bf2 3190 return err;
346af67b
VCG		 3191}
3192
2e3c35ea 3193static const struct mgmt_handler {
04124681
GP		 3194 int (*func) (struct sock *sk, struct hci_dev *hdev, void *data,
3195 u16 data_len);
be22b54e
JH		 3196 bool var_len;
3197 size_t data_len;
0f4e68cf
JH		 3198} mgmt_handlers[] = {
3199 { NULL }, /* 0x0000 (no command) */
be22b54e
JH		 3200 { read_version, false, MGMT_READ_VERSION_SIZE },
3201 { read_commands, false, MGMT_READ_COMMANDS_SIZE },
3202 { read_index_list, false, MGMT_READ_INDEX_LIST_SIZE },
3203 { read_controller_info, false, MGMT_READ_INFO_SIZE },
3204 { set_powered, false, MGMT_SETTING_SIZE },
3205 { set_discoverable, false, MGMT_SET_DISCOVERABLE_SIZE },
3206 { set_connectable, false, MGMT_SETTING_SIZE },
3207 { set_fast_connectable, false, MGMT_SETTING_SIZE },
3208 { set_pairable, false, MGMT_SETTING_SIZE },
3209 { set_link_security, false, MGMT_SETTING_SIZE },
3210 { set_ssp, false, MGMT_SETTING_SIZE },
3211 { set_hs, false, MGMT_SETTING_SIZE },
3212 { set_le, false, MGMT_SETTING_SIZE },
3213 { set_dev_class, false, MGMT_SET_DEV_CLASS_SIZE },
3214 { set_local_name, false, MGMT_SET_LOCAL_NAME_SIZE },
3215 { add_uuid, false, MGMT_ADD_UUID_SIZE },
3216 { remove_uuid, false, MGMT_REMOVE_UUID_SIZE },
3217 { load_link_keys, true, MGMT_LOAD_LINK_KEYS_SIZE },
3218 { load_long_term_keys, true, MGMT_LOAD_LONG_TERM_KEYS_SIZE },
3219 { disconnect, false, MGMT_DISCONNECT_SIZE },
3220 { get_connections, false, MGMT_GET_CONNECTIONS_SIZE },
3221 { pin_code_reply, false, MGMT_PIN_CODE_REPLY_SIZE },
3222 { pin_code_neg_reply, false, MGMT_PIN_CODE_NEG_REPLY_SIZE },
3223 { set_io_capability, false, MGMT_SET_IO_CAPABILITY_SIZE },
3224 { pair_device, false, MGMT_PAIR_DEVICE_SIZE },
3225 { cancel_pair_device, false, MGMT_CANCEL_PAIR_DEVICE_SIZE },
3226 { unpair_device, false, MGMT_UNPAIR_DEVICE_SIZE },
3227 { user_confirm_reply, false, MGMT_USER_CONFIRM_REPLY_SIZE },
3228 { user_confirm_neg_reply, false, MGMT_USER_CONFIRM_NEG_REPLY_SIZE },
3229 { user_passkey_reply, false, MGMT_USER_PASSKEY_REPLY_SIZE },
3230 { user_passkey_neg_reply, false, MGMT_USER_PASSKEY_NEG_REPLY_SIZE },
3231 { read_local_oob_data, false, MGMT_READ_LOCAL_OOB_DATA_SIZE },
3232 { add_remote_oob_data, false, MGMT_ADD_REMOTE_OOB_DATA_SIZE },
3233 { remove_remote_oob_data, false, MGMT_REMOVE_REMOTE_OOB_DATA_SIZE },
3234 { start_discovery, false, MGMT_START_DISCOVERY_SIZE },
3235 { stop_discovery, false, MGMT_STOP_DISCOVERY_SIZE },
3236 { confirm_name, false, MGMT_CONFIRM_NAME_SIZE },
3237 { block_device, false, MGMT_BLOCK_DEVICE_SIZE },
3238 { unblock_device, false, MGMT_UNBLOCK_DEVICE_SIZE },
cdbaccca 3239 { set_device_id, false, MGMT_SET_DEVICE_ID_SIZE },
0f4e68cf
JH		 3240};
3241
3242
0381101f
JH		 3243int mgmt_control(struct sock *sk, struct msghdr *msg, size_t msglen)
3244{
650f726d
VCG		 3245 void *buf;
3246 u8 *cp;
0381101f 3247 struct mgmt_hdr *hdr;
4e51eae9 3248 u16 opcode, index, len;
bdb6d971 3249 struct hci_dev *hdev = NULL;
2e3c35ea 3250 const struct mgmt_handler *handler;
0381101f
JH		 3251 int err;
3252
3253 BT_DBG("got %zu bytes", msglen);
3254
3255 if (msglen < sizeof(*hdr))
3256 return -EINVAL;
3257
e63a15ec 3258 buf = kmalloc(msglen, GFP_KERNEL);
0381101f
JH		 3259 if (!buf)
3260 return -ENOMEM;
3261
3262 if (memcpy_fromiovec(buf, msg->msg_iov, msglen)) {
3263 err = -EFAULT;
3264 goto done;
3265 }
3266
650f726d 3267 hdr = buf;
1f350c87
MH		 3268 opcode = __le16_to_cpu(hdr->opcode);
3269 index = __le16_to_cpu(hdr->index);
3270 len = __le16_to_cpu(hdr->len);
0381101f
JH		 3271
3272 if (len != msglen - sizeof(*hdr)) {
3273 err = -EINVAL;
3274 goto done;
3275 }
3276
0f4e68cf 3277 if (index != MGMT_INDEX_NONE) {
bdb6d971
JH		 3278 hdev = hci_dev_get(index);
3279 if (!hdev) {
3280 err = cmd_status(sk, index, opcode,
04124681 3281 MGMT_STATUS_INVALID_INDEX);
bdb6d971
JH		 3282 goto done;
3283 }
3284 }
3285
0f4e68cf 3286 if (opcode >= ARRAY_SIZE(mgmt_handlers) ||
8ce8e2b5 3287 mgmt_handlers[opcode].func == NULL) {
0381101f 3288 BT_DBG("Unknown op %u", opcode);
ca69b795 3289 err = cmd_status(sk, index, opcode,
04124681 3290 MGMT_STATUS_UNKNOWN_COMMAND);
0f4e68cf
JH		 3291 goto done;
3292 }
3293
3294 if ((hdev && opcode < MGMT_OP_READ_INFO) ||
8ce8e2b5 3295 (!hdev && opcode >= MGMT_OP_READ_INFO)) {
0f4e68cf 3296 err = cmd_status(sk, index, opcode,
04124681 3297 MGMT_STATUS_INVALID_INDEX);
0f4e68cf 3298 goto done;
0381101f
JH		 3299 }
3300
be22b54e
JH		 3301 handler = &mgmt_handlers[opcode];
3302
3303 if ((handler->var_len && len < handler->data_len) ||
8ce8e2b5 3304 (!handler->var_len && len != handler->data_len)) {
be22b54e 3305 err = cmd_status(sk, index, opcode,
04124681 3306 MGMT_STATUS_INVALID_PARAMS);
be22b54e
JH		 3307 goto done;
3308 }
3309
0f4e68cf
JH		 3310 if (hdev)
3311 mgmt_init_hdev(sk, hdev);
3312
3313 cp = buf + sizeof(*hdr);
3314
be22b54e 3315 err = handler->func(sk, hdev, cp, len);
e41d8b4e
JH		 3316 if (err < 0)
3317 goto done;
3318
0381101f
JH		 3319 err = msglen;
3320
3321done:
bdb6d971
JH		 3322 if (hdev)
3323 hci_dev_put(hdev);
3324
0381101f
JH		 3325 kfree(buf);
3326 return err;
3327}
c71e97bf 3328
b24752fe
JH		 3329static void cmd_status_rsp(struct pending_cmd *cmd, void *data)
3330{
3331 u8 *status = data;
3332
3333 cmd_status(cmd->sk, cmd->index, cmd->opcode, *status);
3334 mgmt_pending_remove(cmd);
3335}
3336
744cf19e 3337int mgmt_index_added(struct hci_dev *hdev)
c71e97bf 3338{
bb4b2a9a
AE		 3339 if (!mgmt_valid_hdev(hdev))
3340 return -ENOTSUPP;
3341
744cf19e 3342 return mgmt_event(MGMT_EV_INDEX_ADDED, hdev, NULL, 0, NULL);
c71e97bf
JH		 3343}
3344
744cf19e 3345int mgmt_index_removed(struct hci_dev *hdev)
c71e97bf 3346{
5f159032 3347 u8 status = MGMT_STATUS_INVALID_INDEX;
b24752fe 3348
bb4b2a9a
AE		 3349 if (!mgmt_valid_hdev(hdev))
3350 return -ENOTSUPP;
3351
744cf19e 3352 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status);
b24752fe 3353
744cf19e 3354 return mgmt_event(MGMT_EV_INDEX_REMOVED, hdev, NULL, 0, NULL);
eec8d2bc
JH		 3355}
3356
73f22f62 3357struct cmd_lookup {
eec8d2bc 3358 struct sock *sk;
69ab39ea 3359 struct hci_dev *hdev;
90e70454 3360 u8 mgmt_status;
eec8d2bc
JH		 3361};
3362
69ab39ea 3363static void settings_rsp(struct pending_cmd *cmd, void *data)
eec8d2bc 3364{
73f22f62 3365 struct cmd_lookup *match = data;
eec8d2bc 3366
69ab39ea 3367 send_settings_rsp(cmd->sk, cmd->opcode, match->hdev);
eec8d2bc
JH		 3368
3369 list_del(&cmd->list);
3370
3371 if (match->sk == NULL) {
3372 match->sk = cmd->sk;
3373 sock_hold(match->sk);
3374 }
3375
3376 mgmt_pending_free(cmd);
c71e97bf 3377}
5add6af8 3378
890ea898 3379static void set_bredr_scan(struct hci_request *req)
7f0ae647 3380{
890ea898 3381 struct hci_dev *hdev = req->hdev;
7f0ae647
JH		 3382 u8 scan = 0;
3383
4c01f8b8
JH		 3384 /* Ensure that fast connectable is disabled. This function will
3385 * not do anything if the page scan parameters are already what
3386 * they should be.
3387 */
3388 write_fast_connectable(req, false);
3389
7f0ae647
JH		 3390 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
3391 scan |= SCAN_PAGE;
3392 if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
3393 scan |= SCAN_INQUIRY;
3394
890ea898
JH		 3395 if (scan)
3396 hci_req_add(req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
7f0ae647
JH		 3397}
3398
229ab39c
JH		 3399static void powered_complete(struct hci_dev *hdev, u8 status)
3400{
3401 struct cmd_lookup match = { NULL, hdev };
3402
3403 BT_DBG("status 0x%02x", status);
3404
3405 hci_dev_lock(hdev);
3406
3407 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
3408
3409 new_settings(hdev, match.sk);
3410
3411 hci_dev_unlock(hdev);
3412
3413 if (match.sk)
3414 sock_put(match.sk);
3415}
3416
70da6243 3417static int powered_update_hci(struct hci_dev *hdev)
5add6af8 3418{
890ea898 3419 struct hci_request req;
70da6243 3420 u8 link_sec;
5add6af8 3421
890ea898
JH		 3422 hci_req_init(&req, hdev);
3423
70da6243
JH		 3424 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags) &&
3425 !lmp_host_ssp_capable(hdev)) {
3426 u8 ssp = 1;
5e5282bb 3427
890ea898 3428 hci_req_add(&req, HCI_OP_WRITE_SSP_MODE, 1, &ssp);
70da6243 3429 }
5add6af8 3430
c73eee91
JH		 3431 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags) &&
3432 lmp_bredr_capable(hdev)) {
70da6243 3433 struct hci_cp_write_le_host_supported cp;
f0ff92fb 3434
70da6243
JH		 3435 cp.le = 1;
3436 cp.simul = lmp_le_br_capable(hdev);
3d1cbdd6 3437
70da6243
JH		 3438 /* Check first if we already have the right
3439 * host state (host features set)
3440 */
3441 if (cp.le != lmp_host_le_capable(hdev) ||
3442 cp.simul != lmp_host_le_br_capable(hdev))
890ea898
JH		 3443 hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED,
3444 sizeof(cp), &cp);
70da6243 3445 }
3d1cbdd6 3446
70da6243
JH		 3447 link_sec = test_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
3448 if (link_sec != test_bit(HCI_AUTH, &hdev->flags))
890ea898
JH		 3449 hci_req_add(&req, HCI_OP_WRITE_AUTH_ENABLE,
3450 sizeof(link_sec), &link_sec);
562fcc24 3451
70da6243 3452 if (lmp_bredr_capable(hdev)) {
890ea898
JH		 3453 set_bredr_scan(&req);
3454 update_class(&req);
13928971 3455 update_name(&req);
890ea898 3456 update_eir(&req);
70da6243 3457 }
562fcc24 3458
229ab39c 3459 return hci_req_run(&req, powered_complete);
70da6243 3460}
562fcc24 3461
70da6243
JH		 3462int mgmt_powered(struct hci_dev *hdev, u8 powered)
3463{
3464 struct cmd_lookup match = { NULL, hdev };
229ab39c
JH		 3465 u8 status_not_powered = MGMT_STATUS_NOT_POWERED;
3466 u8 zero_cod[] = { 0, 0, 0 };
70da6243 3467 int err;
f0ff92fb 3468
70da6243
JH		 3469 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
3470 return 0;
3471
70da6243 3472 if (powered) {
229ab39c
JH		 3473 if (powered_update_hci(hdev) == 0)
3474 return 0;
fe038884 3475
229ab39c
JH		 3476 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp,
3477 &match);
3478 goto new_settings;
b24752fe
JH		 3479 }
3480
229ab39c
JH		 3481 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
3482 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status_not_powered);
3483
3484 if (memcmp(hdev->dev_class, zero_cod, sizeof(zero_cod)) != 0)
3485 mgmt_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev,
3486 zero_cod, sizeof(zero_cod), NULL);
3487
3488new_settings:
beadb2bd 3489 err = new_settings(hdev, match.sk);
eec8d2bc
JH		 3490
3491 if (match.sk)
3492 sock_put(match.sk);
3493
7bb895d6 3494 return err;
5add6af8 3495}
73f22f62 3496
96570ffc
JH		 3497int mgmt_set_powered_failed(struct hci_dev *hdev, int err)
3498{
3499 struct pending_cmd *cmd;
3500 u8 status;
3501
3502 cmd = mgmt_pending_find(MGMT_OP_SET_POWERED, hdev);
3503 if (!cmd)
3504 return -ENOENT;
3505
3506 if (err == -ERFKILL)
3507 status = MGMT_STATUS_RFKILLED;
3508 else
3509 status = MGMT_STATUS_FAILED;
3510
3511 err = cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_POWERED, status);
3512
3513 mgmt_pending_remove(cmd);
3514
3515 return err;
3516}
3517
744cf19e 3518int mgmt_discoverable(struct hci_dev *hdev, u8 discoverable)
73f22f62 3519{
76a7f3a4 3520 struct cmd_lookup match = { NULL, hdev };
5e5282bb
JH		 3521 bool changed = false;
3522 int err = 0;
73f22f62 3523
5e5282bb
JH		 3524 if (discoverable) {
3525 if (!test_and_set_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
3526 changed = true;
3527 } else {
3528 if (test_and_clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
3529 changed = true;
3530 }
73f22f62 3531
ed9b5f2f 3532 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, hdev, settings_rsp,
04124681 3533 &match);
ed9b5f2f 3534
beadb2bd
JH		 3535 if (changed)
3536 err = new_settings(hdev, match.sk);
5e5282bb 3537
73f22f62
JH		 3538 if (match.sk)
3539 sock_put(match.sk);
3540
7bb895d6 3541 return err;
73f22f62 3542}
9fbcbb45 3543
744cf19e 3544int mgmt_connectable(struct hci_dev *hdev, u8 connectable)
9fbcbb45 3545{
2b76f453 3546 struct pending_cmd *cmd;
5e5282bb
JH		 3547 bool changed = false;
3548 int err = 0;
9fbcbb45 3549
5e5282bb
JH		 3550 if (connectable) {
3551 if (!test_and_set_bit(HCI_CONNECTABLE, &hdev->dev_flags))
3552 changed = true;
3553 } else {
3554 if (test_and_clear_bit(HCI_CONNECTABLE, &hdev->dev_flags))
3555 changed = true;
3556 }
9fbcbb45 3557
2b76f453 3558 cmd = mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
ed9b5f2f 3559
beadb2bd 3560 if (changed)
2b76f453 3561 err = new_settings(hdev, cmd ? cmd->sk : NULL);
9fbcbb45 3562
7bb895d6 3563 return err;
9fbcbb45 3564}
55ed8ca1 3565
744cf19e 3566int mgmt_write_scan_failed(struct hci_dev *hdev, u8 scan, u8 status)
2d7cee58 3567{
ca69b795
JH		 3568 u8 mgmt_err = mgmt_status(status);
3569
2d7cee58 3570 if (scan & SCAN_PAGE)
744cf19e 3571 mgmt_pending_foreach(MGMT_OP_SET_CONNECTABLE, hdev,
04124681 3572 cmd_status_rsp, &mgmt_err);
2d7cee58
JH		 3573
3574 if (scan & SCAN_INQUIRY)
744cf19e 3575 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, hdev,
04124681 3576 cmd_status_rsp, &mgmt_err);
2d7cee58
JH		 3577
3578 return 0;
3579}
3580
53168e5b
CC		 3581int mgmt_new_link_key(struct hci_dev *hdev, struct link_key *key,
3582 bool persistent)
55ed8ca1 3583{
86742e1e 3584 struct mgmt_ev_new_link_key ev;
55ed8ca1 3585
a492cd52 3586 memset(&ev, 0, sizeof(ev));
55ed8ca1 3587
a492cd52 3588 ev.store_hint = persistent;
d753fdc4 3589 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
591f47f3 3590 ev.key.addr.type = BDADDR_BREDR;
a492cd52 3591 ev.key.type = key->type;
9b3b4460 3592 memcpy(ev.key.val, key->val, HCI_LINK_KEY_SIZE);
a492cd52 3593 ev.key.pin_len = key->pin_len;
55ed8ca1 3594
744cf19e 3595 return mgmt_event(MGMT_EV_NEW_LINK_KEY, hdev, &ev, sizeof(ev), NULL);
55ed8ca1 3596}
f7520543 3597
346af67b
VCG		 3598int mgmt_new_ltk(struct hci_dev *hdev, struct smp_ltk *key, u8 persistent)
3599{
3600 struct mgmt_ev_new_long_term_key ev;
3601
3602 memset(&ev, 0, sizeof(ev));
3603
3604 ev.store_hint = persistent;
3605 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
57c1477c 3606 ev.key.addr.type = link_to_bdaddr(LE_LINK, key->bdaddr_type);
346af67b
VCG		 3607 ev.key.authenticated = key->authenticated;
3608 ev.key.enc_size = key->enc_size;
3609 ev.key.ediv = key->ediv;
3610
3611 if (key->type == HCI_SMP_LTK)
3612 ev.key.master = 1;
3613
3614 memcpy(ev.key.rand, key->rand, sizeof(key->rand));
3615 memcpy(ev.key.val, key->val, sizeof(key->val));
3616
04124681
GP		 3617 return mgmt_event(MGMT_EV_NEW_LONG_TERM_KEY, hdev, &ev, sizeof(ev),
3618 NULL);
346af67b
VCG		 3619}
3620
afc747a6 3621int mgmt_device_connected(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
04124681
GP		 3622 u8 addr_type, u32 flags, u8 *name, u8 name_len,
3623 u8 *dev_class)
f7520543 3624{
b644ba33
JH		 3625 char buf[512];
3626 struct mgmt_ev_device_connected *ev = (void *) buf;
3627 u16 eir_len = 0;
f7520543 3628
b644ba33 3629 bacpy(&ev->addr.bdaddr, bdaddr);
57c1477c 3630 ev->addr.type = link_to_bdaddr(link_type, addr_type);
f7520543 3631
c95f0ba7 3632 ev->flags = __cpu_to_le32(flags);
08c79b61 3633
b644ba33
JH		 3634 if (name_len > 0)
3635 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE,
04124681 3636 name, name_len);
b644ba33
JH		 3637
3638 if (dev_class && memcmp(dev_class, "\0\0\0", 3) != 0)
53156385 3639 eir_len = eir_append_data(ev->eir, eir_len,
04124681 3640 EIR_CLASS_OF_DEV, dev_class, 3);
b644ba33 3641
eb55ef07 3642 ev->eir_len = cpu_to_le16(eir_len);
b644ba33
JH		 3643
3644 return mgmt_event(MGMT_EV_DEVICE_CONNECTED, hdev, buf,
04124681 3645 sizeof(*ev) + eir_len, NULL);
f7520543
JH		 3646}
3647
8962ee74
JH		 3648static void disconnect_rsp(struct pending_cmd *cmd, void *data)
3649{
c68fb7ff 3650 struct mgmt_cp_disconnect *cp = cmd->param;
8962ee74 3651 struct sock **sk = data;
a38528f1 3652 struct mgmt_rp_disconnect rp;
8962ee74 3653
88c3df13
JH		 3654 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
3655 rp.addr.type = cp->addr.type;
8962ee74 3656
aee9b218 3657 cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT, 0, &rp,
04124681 3658 sizeof(rp));
8962ee74
JH		 3659
3660 *sk = cmd->sk;
3661 sock_hold(*sk);
3662
a664b5bc 3663 mgmt_pending_remove(cmd);
8962ee74
JH		 3664}
3665
124f6e35 3666static void unpair_device_rsp(struct pending_cmd *cmd, void *data)
a8a1d19e 3667{
b1078ad0 3668 struct hci_dev *hdev = data;
124f6e35
JH		 3669 struct mgmt_cp_unpair_device *cp = cmd->param;
3670 struct mgmt_rp_unpair_device rp;
a8a1d19e
JH		 3671
3672 memset(&rp, 0, sizeof(rp));
124f6e35
JH		 3673 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
3674 rp.addr.type = cp->addr.type;
a8a1d19e 3675
b1078ad0
JH		 3676 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, cmd->sk);
3677
aee9b218 3678 cmd_complete(cmd->sk, cmd->index, cmd->opcode, 0, &rp, sizeof(rp));
a8a1d19e
JH		 3679
3680 mgmt_pending_remove(cmd);
3681}
3682
afc747a6 3683int mgmt_device_disconnected(struct hci_dev *hdev, bdaddr_t *bdaddr,
f0d6a0ea 3684 u8 link_type, u8 addr_type, u8 reason)
f7520543 3685{
f0d6a0ea 3686 struct mgmt_ev_device_disconnected ev;
8962ee74
JH		 3687 struct sock *sk = NULL;
3688 int err;
3689
744cf19e 3690 mgmt_pending_foreach(MGMT_OP_DISCONNECT, hdev, disconnect_rsp, &sk);
f7520543 3691
f0d6a0ea
MA		 3692 bacpy(&ev.addr.bdaddr, bdaddr);
3693 ev.addr.type = link_to_bdaddr(link_type, addr_type);
3694 ev.reason = reason;
f7520543 3695
afc747a6 3696 err = mgmt_event(MGMT_EV_DEVICE_DISCONNECTED, hdev, &ev, sizeof(ev),
04124681 3697 sk);
8962ee74
JH		 3698
3699 if (sk)
d97dcb66 3700 sock_put(sk);
8962ee74 3701
124f6e35 3702 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
04124681 3703 hdev);
a8a1d19e 3704
8962ee74
JH		 3705 return err;
3706}
3707
88c3df13 3708int mgmt_disconnect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 3709 u8 link_type, u8 addr_type, u8 status)
8962ee74 3710{
88c3df13 3711 struct mgmt_rp_disconnect rp;
8962ee74
JH		 3712 struct pending_cmd *cmd;
3713 int err;
3714
36a75f1b
JD		 3715 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
3716 hdev);
3717
2e58ef3e 3718 cmd = mgmt_pending_find(MGMT_OP_DISCONNECT, hdev);
8962ee74
JH		 3719 if (!cmd)
3720 return -ENOENT;
3721
88c3df13 3722 bacpy(&rp.addr.bdaddr, bdaddr);
57c1477c 3723 rp.addr.type = link_to_bdaddr(link_type, addr_type);
37d9ef76 3724
88c3df13 3725 err = cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT,
04124681 3726 mgmt_status(status), &rp, sizeof(rp));
8962ee74 3727
a664b5bc 3728 mgmt_pending_remove(cmd);
8962ee74
JH		 3729
3730 return err;
f7520543 3731}
17d5c04c 3732
48264f06 3733int mgmt_connect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
04124681 3734 u8 addr_type, u8 status)
17d5c04c
JH		 3735{
3736 struct mgmt_ev_connect_failed ev;
3737
4c659c39 3738 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 3739 ev.addr.type = link_to_bdaddr(link_type, addr_type);
ca69b795 3740 ev.status = mgmt_status(status);
17d5c04c 3741
744cf19e 3742 return mgmt_event(MGMT_EV_CONNECT_FAILED, hdev, &ev, sizeof(ev), NULL);
17d5c04c 3743}
980e1a53 3744
744cf19e 3745int mgmt_pin_code_request(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 secure)
980e1a53
JH		 3746{
3747 struct mgmt_ev_pin_code_request ev;
3748
d8457698 3749 bacpy(&ev.addr.bdaddr, bdaddr);
591f47f3 3750 ev.addr.type = BDADDR_BREDR;
a770bb5a 3751 ev.secure = secure;
980e1a53 3752
744cf19e 3753 return mgmt_event(MGMT_EV_PIN_CODE_REQUEST, hdev, &ev, sizeof(ev),
04124681 3754 NULL);
980e1a53
JH		 3755}
3756
744cf19e 3757int mgmt_pin_code_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 3758 u8 status)
980e1a53
JH		 3759{
3760 struct pending_cmd *cmd;
ac56fb13 3761 struct mgmt_rp_pin_code_reply rp;
980e1a53
JH		 3762 int err;
3763
2e58ef3e 3764 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_REPLY, hdev);
980e1a53
JH		 3765 if (!cmd)
3766 return -ENOENT;
3767
d8457698 3768 bacpy(&rp.addr.bdaddr, bdaddr);
591f47f3 3769 rp.addr.type = BDADDR_BREDR;
ac56fb13 3770
aee9b218 3771 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
04124681 3772 mgmt_status(status), &rp, sizeof(rp));
980e1a53 3773
a664b5bc 3774 mgmt_pending_remove(cmd);
980e1a53
JH		 3775
3776 return err;
3777}
3778
744cf19e 3779int mgmt_pin_code_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 3780 u8 status)
980e1a53
JH		 3781{
3782 struct pending_cmd *cmd;
ac56fb13 3783 struct mgmt_rp_pin_code_reply rp;
980e1a53
JH		 3784 int err;
3785
2e58ef3e 3786 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_NEG_REPLY, hdev);
980e1a53
JH		 3787 if (!cmd)
3788 return -ENOENT;
3789
d8457698 3790 bacpy(&rp.addr.bdaddr, bdaddr);
591f47f3 3791 rp.addr.type = BDADDR_BREDR;
ac56fb13 3792
aee9b218 3793 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_NEG_REPLY,
04124681 3794 mgmt_status(status), &rp, sizeof(rp));
980e1a53 3795
a664b5bc 3796 mgmt_pending_remove(cmd);
980e1a53
JH		 3797
3798 return err;
3799}
a5c29683 3800
744cf19e 3801int mgmt_user_confirm_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681
GP		 3802 u8 link_type, u8 addr_type, __le32 value,
3803 u8 confirm_hint)
a5c29683
JH		 3804{
3805 struct mgmt_ev_user_confirm_request ev;
3806
744cf19e 3807 BT_DBG("%s", hdev->name);
a5c29683 3808
272d90df 3809 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 3810 ev.addr.type = link_to_bdaddr(link_type, addr_type);
55bc1a37 3811 ev.confirm_hint = confirm_hint;
78e8098e 3812 ev.value = value;
a5c29683 3813
744cf19e 3814 return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST, hdev, &ev, sizeof(ev),
04124681 3815 NULL);
a5c29683
JH		 3816}
3817
272d90df 3818int mgmt_user_passkey_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
8ce8e2b5 3819 u8 link_type, u8 addr_type)
604086b7
BG		 3820{
3821 struct mgmt_ev_user_passkey_request ev;
3822
3823 BT_DBG("%s", hdev->name);
3824
272d90df 3825 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 3826 ev.addr.type = link_to_bdaddr(link_type, addr_type);
604086b7
BG		 3827
3828 return mgmt_event(MGMT_EV_USER_PASSKEY_REQUEST, hdev, &ev, sizeof(ev),
04124681 3829 NULL);
604086b7
BG		 3830}
3831
0df4c185 3832static int user_pairing_resp_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
8ce8e2b5
GP		 3833 u8 link_type, u8 addr_type, u8 status,
3834 u8 opcode)
a5c29683
JH		 3835{
3836 struct pending_cmd *cmd;
3837 struct mgmt_rp_user_confirm_reply rp;
3838 int err;
3839
2e58ef3e 3840 cmd = mgmt_pending_find(opcode, hdev);
a5c29683
JH		 3841 if (!cmd)
3842 return -ENOENT;
3843
272d90df 3844 bacpy(&rp.addr.bdaddr, bdaddr);
57c1477c 3845 rp.addr.type = link_to_bdaddr(link_type, addr_type);
aee9b218 3846 err = cmd_complete(cmd->sk, hdev->id, opcode, mgmt_status(status),
04124681 3847 &rp, sizeof(rp));
a5c29683 3848
a664b5bc 3849 mgmt_pending_remove(cmd);
a5c29683
JH		 3850
3851 return err;
3852}
3853
744cf19e 3854int mgmt_user_confirm_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 3855 u8 link_type, u8 addr_type, u8 status)
a5c29683 3856{
272d90df 3857 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
04124681 3858 status, MGMT_OP_USER_CONFIRM_REPLY);
a5c29683
JH		 3859}
3860
272d90df 3861int mgmt_user_confirm_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 3862 u8 link_type, u8 addr_type, u8 status)
a5c29683 3863{
272d90df 3864 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
8fc9ced3
GP		 3865 status,
3866 MGMT_OP_USER_CONFIRM_NEG_REPLY);
a5c29683 3867}
2a611692 3868
604086b7 3869int mgmt_user_passkey_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 3870 u8 link_type, u8 addr_type, u8 status)
604086b7 3871{
272d90df 3872 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
04124681 3873 status, MGMT_OP_USER_PASSKEY_REPLY);
604086b7
BG		 3874}
3875
272d90df 3876int mgmt_user_passkey_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 3877 u8 link_type, u8 addr_type, u8 status)
604086b7 3878{
272d90df 3879 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
8fc9ced3
GP		 3880 status,
3881 MGMT_OP_USER_PASSKEY_NEG_REPLY);
604086b7
BG		 3882}
3883
92a25256
JH		 3884int mgmt_user_passkey_notify(struct hci_dev *hdev, bdaddr_t *bdaddr,
3885 u8 link_type, u8 addr_type, u32 passkey,
3886 u8 entered)
3887{
3888 struct mgmt_ev_passkey_notify ev;
3889
3890 BT_DBG("%s", hdev->name);
3891
3892 bacpy(&ev.addr.bdaddr, bdaddr);
3893 ev.addr.type = link_to_bdaddr(link_type, addr_type);
3894 ev.passkey = __cpu_to_le32(passkey);
3895 ev.entered = entered;
3896
3897 return mgmt_event(MGMT_EV_PASSKEY_NOTIFY, hdev, &ev, sizeof(ev), NULL);
3898}
3899
bab73cb6 3900int mgmt_auth_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
04124681 3901 u8 addr_type, u8 status)
2a611692
JH		 3902{
3903 struct mgmt_ev_auth_failed ev;
3904
bab73cb6 3905 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 3906 ev.addr.type = link_to_bdaddr(link_type, addr_type);
ca69b795 3907 ev.status = mgmt_status(status);
2a611692 3908
744cf19e 3909 return mgmt_event(MGMT_EV_AUTH_FAILED, hdev, &ev, sizeof(ev), NULL);
2a611692 3910}
b312b161 3911
33ef95ed
JH		 3912int mgmt_auth_enable_complete(struct hci_dev *hdev, u8 status)
3913{
3914 struct cmd_lookup match = { NULL, hdev };
47990ea0
JH		 3915 bool changed = false;
3916 int err = 0;
33ef95ed
JH		 3917
3918 if (status) {
3919 u8 mgmt_err = mgmt_status(status);
3920 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev,
04124681 3921 cmd_status_rsp, &mgmt_err);
33ef95ed
JH		 3922 return 0;
3923 }
3924
47990ea0
JH		 3925 if (test_bit(HCI_AUTH, &hdev->flags)) {
3926 if (!test_and_set_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
3927 changed = true;
3928 } else {
3929 if (test_and_clear_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
3930 changed = true;
3931 }
3932
33ef95ed 3933 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev, settings_rsp,
04124681 3934 &match);
33ef95ed 3935
47990ea0
JH		 3936 if (changed)
3937 err = new_settings(hdev, match.sk);
33ef95ed
JH		 3938
3939 if (match.sk)
3940 sock_put(match.sk);
3941
3942 return err;
3943}
3944
890ea898 3945static void clear_eir(struct hci_request *req)
cacaf52f 3946{
890ea898 3947 struct hci_dev *hdev = req->hdev;
cacaf52f
JH		 3948 struct hci_cp_write_eir cp;
3949
976eb20e 3950 if (!lmp_ext_inq_capable(hdev))
890ea898 3951 return;
cacaf52f 3952
c80da27e
JH		 3953 memset(hdev->eir, 0, sizeof(hdev->eir));
3954
cacaf52f
JH		 3955 memset(&cp, 0, sizeof(cp));
3956
890ea898 3957 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
cacaf52f
JH		 3958}
3959
c0ecddc2 3960int mgmt_ssp_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
ed2c4ee3
JH		 3961{
3962 struct cmd_lookup match = { NULL, hdev };
890ea898 3963 struct hci_request req;
c0ecddc2
JH		 3964 bool changed = false;
3965 int err = 0;
ed2c4ee3
JH		 3966
3967 if (status) {
3968 u8 mgmt_err = mgmt_status(status);
c0ecddc2
JH		 3969
3970 if (enable && test_and_clear_bit(HCI_SSP_ENABLED,
04124681 3971 &hdev->dev_flags))
c0ecddc2
JH		 3972 err = new_settings(hdev, NULL);
3973
04124681
GP		 3974 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, cmd_status_rsp,
3975 &mgmt_err);
c0ecddc2
JH		 3976
3977 return err;
3978 }
3979
3980 if (enable) {
3981 if (!test_and_set_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
3982 changed = true;
3983 } else {
3984 if (test_and_clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
3985 changed = true;
ed2c4ee3
JH		 3986 }
3987
3988 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, settings_rsp, &match);
3989
c0ecddc2
JH		 3990 if (changed)
3991 err = new_settings(hdev, match.sk);
ed2c4ee3 3992
5fc6ebb1 3993 if (match.sk)
ed2c4ee3
JH		 3994 sock_put(match.sk);
3995
890ea898
JH		 3996 hci_req_init(&req, hdev);
3997
5fc6ebb1 3998 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
890ea898 3999 update_eir(&req);
5fc6ebb1 4000 else
890ea898
JH		 4001 clear_eir(&req);
4002
4003 hci_req_run(&req, NULL);
cacaf52f 4004
ed2c4ee3
JH		 4005 return err;
4006}
4007
92da6097 4008static void sk_lookup(struct pending_cmd *cmd, void *data)
90e70454
JH		 4009{
4010 struct cmd_lookup *match = data;
4011
90e70454
JH		 4012 if (match->sk == NULL) {
4013 match->sk = cmd->sk;
4014 sock_hold(match->sk);
4015 }
90e70454
JH		 4016}
4017
7f9a903c 4018int mgmt_set_class_of_dev_complete(struct hci_dev *hdev, u8 *dev_class,
04124681 4019 u8 status)
7f9a903c 4020{
90e70454
JH		 4021 struct cmd_lookup match = { NULL, hdev, mgmt_status(status) };
4022 int err = 0;
7f9a903c 4023
92da6097
JH		 4024 mgmt_pending_foreach(MGMT_OP_SET_DEV_CLASS, hdev, sk_lookup, &match);
4025 mgmt_pending_foreach(MGMT_OP_ADD_UUID, hdev, sk_lookup, &match);
4026 mgmt_pending_foreach(MGMT_OP_REMOVE_UUID, hdev, sk_lookup, &match);
90e70454
JH		 4027
4028 if (!status)
04124681
GP		 4029 err = mgmt_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev, dev_class,
4030 3, NULL);
90e70454
JH		 4031
4032 if (match.sk)
4033 sock_put(match.sk);
7f9a903c
MH		 4034
4035 return err;
4036}
4037
744cf19e 4038int mgmt_set_local_name_complete(struct hci_dev *hdev, u8 *name, u8 status)
b312b161 4039{
b312b161 4040 struct mgmt_cp_set_local_name ev;
13928971 4041 struct pending_cmd *cmd;
28cc7bde 4042
13928971
JH		 4043 if (status)
4044 return 0;
b312b161
JH		 4045
4046 memset(&ev, 0, sizeof(ev));
4047 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH);
28cc7bde 4048 memcpy(ev.short_name, hdev->short_name, HCI_MAX_SHORT_NAME_LENGTH);
b312b161 4049
2e58ef3e 4050 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
13928971
JH		 4051 if (!cmd) {
4052 memcpy(hdev->dev_name, name, sizeof(hdev->dev_name));
28cc7bde 4053
13928971
JH		 4054 /* If this is a HCI command related to powering on the
4055 * HCI dev don't send any mgmt signals.
4056 */
4057 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev))
4058 return 0;
890ea898 4059 }
b312b161 4060
13928971
JH		 4061 return mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, &ev, sizeof(ev),
4062 cmd ? cmd->sk : NULL);
b312b161 4063}
c35938b2 4064
744cf19e 4065int mgmt_read_local_oob_data_reply_complete(struct hci_dev *hdev, u8 *hash,
04124681 4066 u8 *randomizer, u8 status)
c35938b2
SJ		 4067{
4068 struct pending_cmd *cmd;
4069 int err;
4070
744cf19e 4071 BT_DBG("%s status %u", hdev->name, status);
c35938b2 4072
2e58ef3e 4073 cmd = mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev);
c35938b2
SJ		 4074 if (!cmd)
4075 return -ENOENT;
4076
4077 if (status) {
04124681
GP		 4078 err = cmd_status(cmd->sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
4079 mgmt_status(status));
c35938b2
SJ		 4080 } else {
4081 struct mgmt_rp_read_local_oob_data rp;
4082
4083 memcpy(rp.hash, hash, sizeof(rp.hash));
4084 memcpy(rp.randomizer, randomizer, sizeof(rp.randomizer));
4085
744cf19e 4086 err = cmd_complete(cmd->sk, hdev->id,
04124681
GP		 4087 MGMT_OP_READ_LOCAL_OOB_DATA, 0, &rp,
4088 sizeof(rp));
c35938b2
SJ		 4089 }
4090
4091 mgmt_pending_remove(cmd);
4092
4093 return err;
4094}
e17acd40 4095
06199cf8
JH		 4096int mgmt_le_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
4097{
4098 struct cmd_lookup match = { NULL, hdev };
4099 bool changed = false;
4100 int err = 0;
4101
4102 if (status) {
4103 u8 mgmt_err = mgmt_status(status);
4104
4105 if (enable && test_and_clear_bit(HCI_LE_ENABLED,
04124681 4106 &hdev->dev_flags))
d97dcb66 4107 err = new_settings(hdev, NULL);
06199cf8 4108
d97dcb66
SJ		 4109 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, cmd_status_rsp,
4110 &mgmt_err);
06199cf8
JH		 4111
4112 return err;
4113 }
4114
4115 if (enable) {
4116 if (!test_and_set_bit(HCI_LE_ENABLED, &hdev->dev_flags))
4117 changed = true;
4118 } else {
4119 if (test_and_clear_bit(HCI_LE_ENABLED, &hdev->dev_flags))
4120 changed = true;
4121 }
4122
4123 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, settings_rsp, &match);
4124
4125 if (changed)
4126 err = new_settings(hdev, match.sk);
4127
4128 if (match.sk)
4129 sock_put(match.sk);
4130
4131 return err;
4132}
4133
48264f06 4134int mgmt_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
04124681
GP		 4135 u8 addr_type, u8 *dev_class, s8 rssi, u8 cfm_name, u8
4136 ssp, u8 *eir, u16 eir_len)
e17acd40 4137{
e319d2e7
JH		 4138 char buf[512];
4139 struct mgmt_ev_device_found *ev = (void *) buf;
1dc06093 4140 size_t ev_size;
e17acd40 4141
1dc06093
JH		 4142 /* Leave 5 bytes for a potential CoD field */
4143 if (sizeof(*ev) + eir_len + 5 > sizeof(buf))
7d262f86
AG		 4144 return -EINVAL;
4145
1dc06093
JH		 4146 memset(buf, 0, sizeof(buf));
4147
e319d2e7 4148 bacpy(&ev->addr.bdaddr, bdaddr);
57c1477c 4149 ev->addr.type = link_to_bdaddr(link_type, addr_type);
e319d2e7 4150 ev->rssi = rssi;
9a395a80 4151 if (cfm_name)
612dfce9 4152 ev->flags |= __constant_cpu_to_le32(MGMT_DEV_FOUND_CONFIRM_NAME);
388fc8fa 4153 if (!ssp)
612dfce9 4154 ev->flags |= __constant_cpu_to_le32(MGMT_DEV_FOUND_LEGACY_PAIRING);
e17acd40 4155
1dc06093 4156 if (eir_len > 0)
e319d2e7 4157 memcpy(ev->eir, eir, eir_len);
e17acd40 4158
1dc06093
JH		 4159 if (dev_class && !eir_has_data_type(ev->eir, eir_len, EIR_CLASS_OF_DEV))
4160 eir_len = eir_append_data(ev->eir, eir_len, EIR_CLASS_OF_DEV,
04124681 4161 dev_class, 3);
1dc06093 4162
eb55ef07 4163 ev->eir_len = cpu_to_le16(eir_len);
1dc06093 4164 ev_size = sizeof(*ev) + eir_len;
f8523598 4165
e319d2e7 4166 return mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, ev_size, NULL);
e17acd40 4167}
a88a9652 4168
b644ba33 4169int mgmt_remote_name(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
04124681 4170 u8 addr_type, s8 rssi, u8 *name, u8 name_len)
a88a9652 4171{
b644ba33
JH		 4172 struct mgmt_ev_device_found *ev;
4173 char buf[sizeof(*ev) + HCI_MAX_NAME_LENGTH + 2];
4174 u16 eir_len;
a88a9652 4175
b644ba33 4176 ev = (struct mgmt_ev_device_found *) buf;
a88a9652 4177
b644ba33
JH		 4178 memset(buf, 0, sizeof(buf));
4179
4180 bacpy(&ev->addr.bdaddr, bdaddr);
57c1477c 4181 ev->addr.type = link_to_bdaddr(link_type, addr_type);
b644ba33
JH		 4182 ev->rssi = rssi;
4183
4184 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE, name,
04124681 4185 name_len);
b644ba33 4186
eb55ef07 4187 ev->eir_len = cpu_to_le16(eir_len);
a88a9652 4188
053c7e0c 4189 return mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev,
04124681 4190 sizeof(*ev) + eir_len, NULL);
a88a9652 4191}
314b2381 4192
7a135109 4193int mgmt_start_discovery_failed(struct hci_dev *hdev, u8 status)
164a6e78
JH		 4194{
4195 struct pending_cmd *cmd;
f808e166 4196 u8 type;
164a6e78
JH		 4197 int err;
4198
203159d4
AG		 4199 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
4200
2e58ef3e 4201 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
164a6e78
JH		 4202 if (!cmd)
4203 return -ENOENT;
4204
f808e166
JH		 4205 type = hdev->discovery.type;
4206
4207 err = cmd_complete(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status),
04124681 4208 &type, sizeof(type));
164a6e78
JH		 4209 mgmt_pending_remove(cmd);
4210
4211 return err;
4212}
4213
e6d465cb
AG		 4214int mgmt_stop_discovery_failed(struct hci_dev *hdev, u8 status)
4215{
4216 struct pending_cmd *cmd;
4217 int err;
4218
4219 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
4220 if (!cmd)
4221 return -ENOENT;
4222
d930650b 4223 err = cmd_complete(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status),
04124681 4224 &hdev->discovery.type, sizeof(hdev->discovery.type));
164a6e78
JH		 4225 mgmt_pending_remove(cmd);
4226
4227 return err;
4228}
4229
744cf19e 4230int mgmt_discovering(struct hci_dev *hdev, u8 discovering)
314b2381 4231{
f963e8e9 4232 struct mgmt_ev_discovering ev;
164a6e78
JH		 4233 struct pending_cmd *cmd;
4234
343fb145
AG		 4235 BT_DBG("%s discovering %u", hdev->name, discovering);
4236
164a6e78 4237 if (discovering)
2e58ef3e 4238 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
164a6e78 4239 else
2e58ef3e 4240 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
164a6e78
JH		 4241
4242 if (cmd != NULL) {
f808e166
JH		 4243 u8 type = hdev->discovery.type;
4244
04124681
GP		 4245 cmd_complete(cmd->sk, hdev->id, cmd->opcode, 0, &type,
4246 sizeof(type));
164a6e78
JH		 4247 mgmt_pending_remove(cmd);
4248 }
4249
f963e8e9
JH		 4250 memset(&ev, 0, sizeof(ev));
4251 ev.type = hdev->discovery.type;
4252 ev.discovering = discovering;
4253
4254 return mgmt_event(MGMT_EV_DISCOVERING, hdev, &ev, sizeof(ev), NULL);
314b2381 4255}
5e762444 4256
88c1fe4b 4257int mgmt_device_blocked(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
5e762444
AJ		 4258{
4259 struct pending_cmd *cmd;
4260 struct mgmt_ev_device_blocked ev;
4261
2e58ef3e 4262 cmd = mgmt_pending_find(MGMT_OP_BLOCK_DEVICE, hdev);
5e762444 4263
88c1fe4b
JH		 4264 bacpy(&ev.addr.bdaddr, bdaddr);
4265 ev.addr.type = type;
5e762444 4266
744cf19e 4267 return mgmt_event(MGMT_EV_DEVICE_BLOCKED, hdev, &ev, sizeof(ev),
04124681 4268 cmd ? cmd->sk : NULL);
5e762444
AJ		 4269}
4270
88c1fe4b 4271int mgmt_device_unblocked(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
5e762444
AJ		 4272{
4273 struct pending_cmd *cmd;
4274 struct mgmt_ev_device_unblocked ev;
4275
2e58ef3e 4276 cmd = mgmt_pending_find(MGMT_OP_UNBLOCK_DEVICE, hdev);
5e762444 4277
88c1fe4b
JH		 4278 bacpy(&ev.addr.bdaddr, bdaddr);
4279 ev.addr.type = type;
5e762444 4280
744cf19e 4281 return mgmt_event(MGMT_EV_DEVICE_UNBLOCKED, hdev, &ev, sizeof(ev),
04124681 4282 cmd ? cmd->sk : NULL);
5e762444 4283}
d7b7e796
MH		 4284
4285module_param(enable_hs, bool, 0644);
4286MODULE_PARM_DESC(enable_hs, "Enable High Speed support");
Linux kernel - Deliverables
This page took 0.651059 seconds and 5 git commands to generate.