projects / deliverable / linux.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Bluetooth: Handle AD updating through an async request
[deliverable/linux.git] / net / bluetooth / mgmt.c
CommitLineData
0381101f
JH		 1/*
2 BlueZ - Bluetooth protocol stack for Linux
ea585ab5 3
0381101f 4 Copyright (C) 2010 Nokia Corporation
ea585ab5 5 Copyright (C) 2011-2012 Intel Corporation
0381101f
JH		 6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
10
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
23*/
24
25/* Bluetooth HCI Management interface */
26
3a9a231d 27#include <linux/module.h>
0381101f
JH		 28#include <asm/unaligned.h>
29
30#include <net/bluetooth/bluetooth.h>
31#include <net/bluetooth/hci_core.h>
32#include <net/bluetooth/mgmt.h>
5fe57d9e 33#include <net/bluetooth/smp.h>
0381101f 34
d7b7e796 35bool enable_hs;
d7b7e796 36
2da9c55c 37#define MGMT_VERSION 1
3810285c 38#define MGMT_REVISION 3
02d98129 39
e70bb2e8
JH		 40static const u16 mgmt_commands[] = {
41 MGMT_OP_READ_INDEX_LIST,
42 MGMT_OP_READ_INFO,
43 MGMT_OP_SET_POWERED,
44 MGMT_OP_SET_DISCOVERABLE,
45 MGMT_OP_SET_CONNECTABLE,
46 MGMT_OP_SET_FAST_CONNECTABLE,
47 MGMT_OP_SET_PAIRABLE,
48 MGMT_OP_SET_LINK_SECURITY,
49 MGMT_OP_SET_SSP,
50 MGMT_OP_SET_HS,
51 MGMT_OP_SET_LE,
52 MGMT_OP_SET_DEV_CLASS,
53 MGMT_OP_SET_LOCAL_NAME,
54 MGMT_OP_ADD_UUID,
55 MGMT_OP_REMOVE_UUID,
56 MGMT_OP_LOAD_LINK_KEYS,
57 MGMT_OP_LOAD_LONG_TERM_KEYS,
58 MGMT_OP_DISCONNECT,
59 MGMT_OP_GET_CONNECTIONS,
60 MGMT_OP_PIN_CODE_REPLY,
61 MGMT_OP_PIN_CODE_NEG_REPLY,
62 MGMT_OP_SET_IO_CAPABILITY,
63 MGMT_OP_PAIR_DEVICE,
64 MGMT_OP_CANCEL_PAIR_DEVICE,
65 MGMT_OP_UNPAIR_DEVICE,
66 MGMT_OP_USER_CONFIRM_REPLY,
67 MGMT_OP_USER_CONFIRM_NEG_REPLY,
68 MGMT_OP_USER_PASSKEY_REPLY,
69 MGMT_OP_USER_PASSKEY_NEG_REPLY,
70 MGMT_OP_READ_LOCAL_OOB_DATA,
71 MGMT_OP_ADD_REMOTE_OOB_DATA,
72 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
73 MGMT_OP_START_DISCOVERY,
74 MGMT_OP_STOP_DISCOVERY,
75 MGMT_OP_CONFIRM_NAME,
76 MGMT_OP_BLOCK_DEVICE,
77 MGMT_OP_UNBLOCK_DEVICE,
cdbaccca 78 MGMT_OP_SET_DEVICE_ID,
e70bb2e8
JH		 79};
80
81static const u16 mgmt_events[] = {
82 MGMT_EV_CONTROLLER_ERROR,
83 MGMT_EV_INDEX_ADDED,
84 MGMT_EV_INDEX_REMOVED,
85 MGMT_EV_NEW_SETTINGS,
86 MGMT_EV_CLASS_OF_DEV_CHANGED,
87 MGMT_EV_LOCAL_NAME_CHANGED,
88 MGMT_EV_NEW_LINK_KEY,
89 MGMT_EV_NEW_LONG_TERM_KEY,
90 MGMT_EV_DEVICE_CONNECTED,
91 MGMT_EV_DEVICE_DISCONNECTED,
92 MGMT_EV_CONNECT_FAILED,
93 MGMT_EV_PIN_CODE_REQUEST,
94 MGMT_EV_USER_CONFIRM_REQUEST,
95 MGMT_EV_USER_PASSKEY_REQUEST,
96 MGMT_EV_AUTH_FAILED,
97 MGMT_EV_DEVICE_FOUND,
98 MGMT_EV_DISCOVERING,
99 MGMT_EV_DEVICE_BLOCKED,
100 MGMT_EV_DEVICE_UNBLOCKED,
101 MGMT_EV_DEVICE_UNPAIRED,
92a25256 102 MGMT_EV_PASSKEY_NOTIFY,
e70bb2e8
JH		 103};
104
3fd24153
AG		 105/*
106 * These LE scan and inquiry parameters were chosen according to LE General
107 * Discovery Procedure specification.
108 */
109#define LE_SCAN_TYPE 0x01
110#define LE_SCAN_WIN 0x12
111#define LE_SCAN_INT 0x12
112#define LE_SCAN_TIMEOUT_LE_ONLY 10240 /* TGAP(gen_disc_scan_min) */
5e0452c0 113#define LE_SCAN_TIMEOUT_BREDR_LE 5120 /* TGAP(100)/2 */
3fd24153 114
e8777525 115#define INQUIRY_LEN_BREDR 0x08 /* TGAP(100) */
5e0452c0 116#define INQUIRY_LEN_BREDR_LE 0x04 /* TGAP(100)/2 */
2519a1fc 117
17b02e62 118#define CACHE_TIMEOUT msecs_to_jiffies(2 * 1000)
7d78525d 119
4b34ee78
JH		 120#define hdev_is_powered(hdev) (test_bit(HCI_UP, &hdev->flags) && \
121 !test_bit(HCI_AUTO_OFF, &hdev->dev_flags))
122
eec8d2bc
JH		 123struct pending_cmd {
124 struct list_head list;
fc2f4b13 125 u16 opcode;
eec8d2bc 126 int index;
c68fb7ff 127 void *param;
eec8d2bc 128 struct sock *sk;
e9a416b5 129 void *user_data;
eec8d2bc
JH		 130};
131
ca69b795
JH		 132/* HCI to MGMT error code conversion table */
133static u8 mgmt_status_table[] = {
134 MGMT_STATUS_SUCCESS,
135 MGMT_STATUS_UNKNOWN_COMMAND, /* Unknown Command */
136 MGMT_STATUS_NOT_CONNECTED, /* No Connection */
137 MGMT_STATUS_FAILED, /* Hardware Failure */
138 MGMT_STATUS_CONNECT_FAILED, /* Page Timeout */
139 MGMT_STATUS_AUTH_FAILED, /* Authentication Failed */
140 MGMT_STATUS_NOT_PAIRED, /* PIN or Key Missing */
141 MGMT_STATUS_NO_RESOURCES, /* Memory Full */
142 MGMT_STATUS_TIMEOUT, /* Connection Timeout */
143 MGMT_STATUS_NO_RESOURCES, /* Max Number of Connections */
144 MGMT_STATUS_NO_RESOURCES, /* Max Number of SCO Connections */
145 MGMT_STATUS_ALREADY_CONNECTED, /* ACL Connection Exists */
146 MGMT_STATUS_BUSY, /* Command Disallowed */
147 MGMT_STATUS_NO_RESOURCES, /* Rejected Limited Resources */
148 MGMT_STATUS_REJECTED, /* Rejected Security */
149 MGMT_STATUS_REJECTED, /* Rejected Personal */
150 MGMT_STATUS_TIMEOUT, /* Host Timeout */
151 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Feature */
152 MGMT_STATUS_INVALID_PARAMS, /* Invalid Parameters */
153 MGMT_STATUS_DISCONNECTED, /* OE User Ended Connection */
154 MGMT_STATUS_NO_RESOURCES, /* OE Low Resources */
155 MGMT_STATUS_DISCONNECTED, /* OE Power Off */
156 MGMT_STATUS_DISCONNECTED, /* Connection Terminated */
157 MGMT_STATUS_BUSY, /* Repeated Attempts */
158 MGMT_STATUS_REJECTED, /* Pairing Not Allowed */
159 MGMT_STATUS_FAILED, /* Unknown LMP PDU */
160 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Remote Feature */
161 MGMT_STATUS_REJECTED, /* SCO Offset Rejected */
162 MGMT_STATUS_REJECTED, /* SCO Interval Rejected */
163 MGMT_STATUS_REJECTED, /* Air Mode Rejected */
164 MGMT_STATUS_INVALID_PARAMS, /* Invalid LMP Parameters */
165 MGMT_STATUS_FAILED, /* Unspecified Error */
166 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported LMP Parameter Value */
167 MGMT_STATUS_FAILED, /* Role Change Not Allowed */
168 MGMT_STATUS_TIMEOUT, /* LMP Response Timeout */
169 MGMT_STATUS_FAILED, /* LMP Error Transaction Collision */
170 MGMT_STATUS_FAILED, /* LMP PDU Not Allowed */
171 MGMT_STATUS_REJECTED, /* Encryption Mode Not Accepted */
172 MGMT_STATUS_FAILED, /* Unit Link Key Used */
173 MGMT_STATUS_NOT_SUPPORTED, /* QoS Not Supported */
174 MGMT_STATUS_TIMEOUT, /* Instant Passed */
175 MGMT_STATUS_NOT_SUPPORTED, /* Pairing Not Supported */
176 MGMT_STATUS_FAILED, /* Transaction Collision */
177 MGMT_STATUS_INVALID_PARAMS, /* Unacceptable Parameter */
178 MGMT_STATUS_REJECTED, /* QoS Rejected */
179 MGMT_STATUS_NOT_SUPPORTED, /* Classification Not Supported */
180 MGMT_STATUS_REJECTED, /* Insufficient Security */
181 MGMT_STATUS_INVALID_PARAMS, /* Parameter Out Of Range */
182 MGMT_STATUS_BUSY, /* Role Switch Pending */
183 MGMT_STATUS_FAILED, /* Slot Violation */
184 MGMT_STATUS_FAILED, /* Role Switch Failed */
185 MGMT_STATUS_INVALID_PARAMS, /* EIR Too Large */
186 MGMT_STATUS_NOT_SUPPORTED, /* Simple Pairing Not Supported */
187 MGMT_STATUS_BUSY, /* Host Busy Pairing */
188 MGMT_STATUS_REJECTED, /* Rejected, No Suitable Channel */
189 MGMT_STATUS_BUSY, /* Controller Busy */
190 MGMT_STATUS_INVALID_PARAMS, /* Unsuitable Connection Interval */
191 MGMT_STATUS_TIMEOUT, /* Directed Advertising Timeout */
192 MGMT_STATUS_AUTH_FAILED, /* Terminated Due to MIC Failure */
193 MGMT_STATUS_CONNECT_FAILED, /* Connection Establishment Failed */
194 MGMT_STATUS_CONNECT_FAILED, /* MAC Connection Failed */
195};
196
bb4b2a9a
AE		 197bool mgmt_valid_hdev(struct hci_dev *hdev)
198{
199 return hdev->dev_type == HCI_BREDR;
200}
201
ca69b795
JH		 202static u8 mgmt_status(u8 hci_status)
203{
204 if (hci_status < ARRAY_SIZE(mgmt_status_table))
205 return mgmt_status_table[hci_status];
206
207 return MGMT_STATUS_FAILED;
208}
209
4e51eae9 210static int cmd_status(struct sock *sk, u16 index, u16 cmd, u8 status)
f7b64e69
JH		 211{
212 struct sk_buff *skb;
213 struct mgmt_hdr *hdr;
214 struct mgmt_ev_cmd_status *ev;
56b7d137 215 int err;
f7b64e69 216
34eb525c 217 BT_DBG("sock %p, index %u, cmd %u, status %u", sk, index, cmd, status);
f7b64e69 218
790eff44 219 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev), GFP_KERNEL);
f7b64e69
JH		 220 if (!skb)
221 return -ENOMEM;
222
223 hdr = (void *) skb_put(skb, sizeof(*hdr));
224
612dfce9 225 hdr->opcode = __constant_cpu_to_le16(MGMT_EV_CMD_STATUS);
4e51eae9 226 hdr->index = cpu_to_le16(index);
f7b64e69
JH		 227 hdr->len = cpu_to_le16(sizeof(*ev));
228
229 ev = (void *) skb_put(skb, sizeof(*ev));
230 ev->status = status;
eb55ef07 231 ev->opcode = cpu_to_le16(cmd);
f7b64e69 232
56b7d137
GP		 233 err = sock_queue_rcv_skb(sk, skb);
234 if (err < 0)
f7b64e69
JH		 235 kfree_skb(skb);
236
56b7d137 237 return err;
f7b64e69
JH		 238}
239
aee9b218 240static int cmd_complete(struct sock *sk, u16 index, u16 cmd, u8 status,
04124681 241 void *rp, size_t rp_len)
02d98129
JH		 242{
243 struct sk_buff *skb;
244 struct mgmt_hdr *hdr;
245 struct mgmt_ev_cmd_complete *ev;
56b7d137 246 int err;
02d98129
JH		 247
248 BT_DBG("sock %p", sk);
249
790eff44 250 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev) + rp_len, GFP_KERNEL);
02d98129
JH		 251 if (!skb)
252 return -ENOMEM;
253
254 hdr = (void *) skb_put(skb, sizeof(*hdr));
02d98129 255
612dfce9 256 hdr->opcode = __constant_cpu_to_le16(MGMT_EV_CMD_COMPLETE);
4e51eae9 257 hdr->index = cpu_to_le16(index);
a38528f1 258 hdr->len = cpu_to_le16(sizeof(*ev) + rp_len);
02d98129 259
a38528f1 260 ev = (void *) skb_put(skb, sizeof(*ev) + rp_len);
eb55ef07 261 ev->opcode = cpu_to_le16(cmd);
aee9b218 262 ev->status = status;
8020c16a
SJ		 263
264 if (rp)
265 memcpy(ev->data, rp, rp_len);
02d98129 266
56b7d137
GP		 267 err = sock_queue_rcv_skb(sk, skb);
268 if (err < 0)
02d98129
JH		 269 kfree_skb(skb);
270
e5f0e151 271 return err;
02d98129
JH		 272}
273
04124681
GP		 274static int read_version(struct sock *sk, struct hci_dev *hdev, void *data,
275 u16 data_len)
a38528f1
JH		 276{
277 struct mgmt_rp_read_version rp;
278
279 BT_DBG("sock %p", sk);
280
281 rp.version = MGMT_VERSION;
eb55ef07 282 rp.revision = __constant_cpu_to_le16(MGMT_REVISION);
a38528f1 283
aee9b218 284 return cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_VERSION, 0, &rp,
04124681 285 sizeof(rp));
a38528f1
JH		 286}
287
04124681
GP		 288static int read_commands(struct sock *sk, struct hci_dev *hdev, void *data,
289 u16 data_len)
e70bb2e8
JH		 290{
291 struct mgmt_rp_read_commands *rp;
eb55ef07
MH		 292 const u16 num_commands = ARRAY_SIZE(mgmt_commands);
293 const u16 num_events = ARRAY_SIZE(mgmt_events);
2e3c35ea 294 __le16 *opcode;
e70bb2e8
JH		 295 size_t rp_size;
296 int i, err;
297
298 BT_DBG("sock %p", sk);
299
300 rp_size = sizeof(*rp) + ((num_commands + num_events) * sizeof(u16));
301
302 rp = kmalloc(rp_size, GFP_KERNEL);
303 if (!rp)
304 return -ENOMEM;
305
eb55ef07
MH		 306 rp->num_commands = __constant_cpu_to_le16(num_commands);
307 rp->num_events = __constant_cpu_to_le16(num_events);
e70bb2e8
JH		 308
309 for (i = 0, opcode = rp->opcodes; i < num_commands; i++, opcode++)
310 put_unaligned_le16(mgmt_commands[i], opcode);
311
312 for (i = 0; i < num_events; i++, opcode++)
313 put_unaligned_le16(mgmt_events[i], opcode);
314
aee9b218 315 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_COMMANDS, 0, rp,
04124681 316 rp_size);
e70bb2e8
JH		 317 kfree(rp);
318
319 return err;
320}
321
04124681
GP		 322static int read_index_list(struct sock *sk, struct hci_dev *hdev, void *data,
323 u16 data_len)
faba42eb 324{
faba42eb 325 struct mgmt_rp_read_index_list *rp;
8035ded4 326 struct hci_dev *d;
a38528f1 327 size_t rp_len;
faba42eb 328 u16 count;
476e44cb 329 int err;
faba42eb
JH		 330
331 BT_DBG("sock %p", sk);
332
333 read_lock(&hci_dev_list_lock);
334
335 count = 0;
bb4b2a9a
AE		 336 list_for_each_entry(d, &hci_dev_list, list) {
337 if (!mgmt_valid_hdev(d))
338 continue;
339
faba42eb
JH		 340 count++;
341 }
342
a38528f1
JH		 343 rp_len = sizeof(*rp) + (2 * count);
344 rp = kmalloc(rp_len, GFP_ATOMIC);
345 if (!rp) {
b2c60d42 346 read_unlock(&hci_dev_list_lock);
faba42eb 347 return -ENOMEM;
b2c60d42 348 }
faba42eb 349
476e44cb 350 count = 0;
8035ded4 351 list_for_each_entry(d, &hci_dev_list, list) {
a8b2d5c2 352 if (test_bit(HCI_SETUP, &d->dev_flags))
ab81cbf9
JH		 353 continue;
354
bb4b2a9a
AE		 355 if (!mgmt_valid_hdev(d))
356 continue;
357
476e44cb 358 rp->index[count++] = cpu_to_le16(d->id);
faba42eb
JH		 359 BT_DBG("Added hci%u", d->id);
360 }
361
476e44cb
JH		 362 rp->num_controllers = cpu_to_le16(count);
363 rp_len = sizeof(*rp) + (2 * count);
364
faba42eb
JH		 365 read_unlock(&hci_dev_list_lock);
366
aee9b218 367 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_INDEX_LIST, 0, rp,
04124681 368 rp_len);
faba42eb 369
a38528f1
JH		 370 kfree(rp);
371
372 return err;
faba42eb
JH		 373}
374
69ab39ea
JH		 375static u32 get_supported_settings(struct hci_dev *hdev)
376{
377 u32 settings = 0;
378
379 settings |= MGMT_SETTING_POWERED;
69ab39ea
JH		 380 settings |= MGMT_SETTING_PAIRABLE;
381
9a1a1996 382 if (lmp_ssp_capable(hdev))
69ab39ea
JH		 383 settings |= MGMT_SETTING_SSP;
384
ed3fa31f 385 if (lmp_bredr_capable(hdev)) {
33c525c0
JH		 386 settings |= MGMT_SETTING_CONNECTABLE;
387 settings |= MGMT_SETTING_FAST_CONNECTABLE;
388 settings |= MGMT_SETTING_DISCOVERABLE;
69ab39ea
JH		 389 settings |= MGMT_SETTING_BREDR;
390 settings |= MGMT_SETTING_LINK_SECURITY;
391 }
392
d7b7e796
MH		 393 if (enable_hs)
394 settings |= MGMT_SETTING_HS;
395
c383ddc4 396 if (lmp_le_capable(hdev))
9d42820f 397 settings |= MGMT_SETTING_LE;
69ab39ea
JH		 398
399 return settings;
400}
401
402static u32 get_current_settings(struct hci_dev *hdev)
403{
404 u32 settings = 0;
405
f1f0eb02 406 if (hdev_is_powered(hdev))
f0d4b78a
MH		 407 settings |= MGMT_SETTING_POWERED;
408
5e5282bb 409 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
69ab39ea
JH		 410 settings |= MGMT_SETTING_CONNECTABLE;
411
5e5282bb 412 if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
69ab39ea
JH		 413 settings |= MGMT_SETTING_DISCOVERABLE;
414
a8b2d5c2 415 if (test_bit(HCI_PAIRABLE, &hdev->dev_flags))
69ab39ea
JH		 416 settings |= MGMT_SETTING_PAIRABLE;
417
ed3fa31f 418 if (lmp_bredr_capable(hdev))
69ab39ea
JH		 419 settings |= MGMT_SETTING_BREDR;
420
06199cf8 421 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
69ab39ea
JH		 422 settings |= MGMT_SETTING_LE;
423
47990ea0 424 if (test_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
69ab39ea
JH		 425 settings |= MGMT_SETTING_LINK_SECURITY;
426
84bde9d6 427 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
69ab39ea
JH		 428 settings |= MGMT_SETTING_SSP;
429
6d80dfd0
JH		 430 if (test_bit(HCI_HS_ENABLED, &hdev->dev_flags))
431 settings |= MGMT_SETTING_HS;
432
69ab39ea
JH		 433 return settings;
434}
435
ef580372
JH		 436#define PNP_INFO_SVCLASS_ID 0x1200
437
213202ed
JH		 438static u8 *create_uuid16_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
439{
440 u8 *ptr = data, *uuids_start = NULL;
441 struct bt_uuid *uuid;
442
443 if (len < 4)
444 return ptr;
445
446 list_for_each_entry(uuid, &hdev->uuids, list) {
447 u16 uuid16;
448
449 if (uuid->size != 16)
450 continue;
451
452 uuid16 = get_unaligned_le16(&uuid->uuid[12]);
453 if (uuid16 < 0x1100)
454 continue;
455
456 if (uuid16 == PNP_INFO_SVCLASS_ID)
457 continue;
458
459 if (!uuids_start) {
460 uuids_start = ptr;
461 uuids_start[0] = 1;
462 uuids_start[1] = EIR_UUID16_ALL;
463 ptr += 2;
464 }
465
466 /* Stop if not enough space to put next UUID */
467 if ((ptr - data) + sizeof(u16) > len) {
468 uuids_start[1] = EIR_UUID16_SOME;
469 break;
470 }
471
472 *ptr++ = (uuid16 & 0x00ff);
473 *ptr++ = (uuid16 & 0xff00) >> 8;
474 uuids_start[0] += sizeof(uuid16);
475 }
476
477 return ptr;
478}
479
cdf1963f
JH		 480static u8 *create_uuid32_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
481{
482 u8 *ptr = data, *uuids_start = NULL;
483 struct bt_uuid *uuid;
484
485 if (len < 6)
486 return ptr;
487
488 list_for_each_entry(uuid, &hdev->uuids, list) {
489 if (uuid->size != 32)
490 continue;
491
492 if (!uuids_start) {
493 uuids_start = ptr;
494 uuids_start[0] = 1;
495 uuids_start[1] = EIR_UUID32_ALL;
496 ptr += 2;
497 }
498
499 /* Stop if not enough space to put next UUID */
500 if ((ptr - data) + sizeof(u32) > len) {
501 uuids_start[1] = EIR_UUID32_SOME;
502 break;
503 }
504
505 memcpy(ptr, &uuid->uuid[12], sizeof(u32));
506 ptr += sizeof(u32);
507 uuids_start[0] += sizeof(u32);
508 }
509
510 return ptr;
511}
512
c00d575b
JH		 513static u8 *create_uuid128_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
514{
515 u8 *ptr = data, *uuids_start = NULL;
516 struct bt_uuid *uuid;
517
518 if (len < 18)
519 return ptr;
520
521 list_for_each_entry(uuid, &hdev->uuids, list) {
522 if (uuid->size != 128)
523 continue;
524
525 if (!uuids_start) {
526 uuids_start = ptr;
527 uuids_start[0] = 1;
528 uuids_start[1] = EIR_UUID128_ALL;
529 ptr += 2;
530 }
531
532 /* Stop if not enough space to put next UUID */
533 if ((ptr - data) + 16 > len) {
534 uuids_start[1] = EIR_UUID128_SOME;
535 break;
536 }
537
538 memcpy(ptr, uuid->uuid, 16);
539 ptr += 16;
540 uuids_start[0] += 16;
541 }
542
543 return ptr;
544}
545
ef580372
JH		 546static void create_eir(struct hci_dev *hdev, u8 *data)
547{
548 u8 *ptr = data;
ef580372
JH		 549 size_t name_len;
550
551 name_len = strlen(hdev->dev_name);
552
553 if (name_len > 0) {
554 /* EIR Data type */
555 if (name_len > 48) {
556 name_len = 48;
557 ptr[1] = EIR_NAME_SHORT;
558 } else
559 ptr[1] = EIR_NAME_COMPLETE;
560
561 /* EIR Data length */
562 ptr[0] = name_len + 1;
563
564 memcpy(ptr + 2, hdev->dev_name, name_len);
565
ef580372
JH		 566 ptr += (name_len + 2);
567 }
568
bbaf444a 569 if (hdev->inq_tx_power != HCI_TX_POWER_INVALID) {
91c4e9b1
MH		 570 ptr[0] = 2;
571 ptr[1] = EIR_TX_POWER;
572 ptr[2] = (u8) hdev->inq_tx_power;
573
91c4e9b1
MH		 574 ptr += 3;
575 }
576
2b9be137
MH		 577 if (hdev->devid_source > 0) {
578 ptr[0] = 9;
579 ptr[1] = EIR_DEVICE_ID;
580
581 put_unaligned_le16(hdev->devid_source, ptr + 2);
582 put_unaligned_le16(hdev->devid_vendor, ptr + 4);
583 put_unaligned_le16(hdev->devid_product, ptr + 6);
584 put_unaligned_le16(hdev->devid_version, ptr + 8);
585
2b9be137
MH		 586 ptr += 10;
587 }
588
213202ed 589 ptr = create_uuid16_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
cdf1963f 590 ptr = create_uuid32_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
c00d575b 591 ptr = create_uuid128_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
ef580372
JH		 592}
593
890ea898 594static void update_eir(struct hci_request *req)
ef580372 595{
890ea898 596 struct hci_dev *hdev = req->hdev;
ef580372
JH		 597 struct hci_cp_write_eir cp;
598
504c8dcd 599 if (!hdev_is_powered(hdev))
890ea898 600 return;
7770c4aa 601
976eb20e 602 if (!lmp_ext_inq_capable(hdev))
890ea898 603 return;
ef580372 604
84bde9d6 605 if (!test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
890ea898 606 return;
ef580372 607
a8b2d5c2 608 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
890ea898 609 return;
ef580372
JH		 610
611 memset(&cp, 0, sizeof(cp));
612
613 create_eir(hdev, cp.data);
614
615 if (memcmp(cp.data, hdev->eir, sizeof(cp.data)) == 0)
890ea898 616 return;
ef580372
JH		 617
618 memcpy(hdev->eir, cp.data, sizeof(cp.data));
619
890ea898 620 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
ef580372
JH		 621}
622
623static u8 get_service_classes(struct hci_dev *hdev)
624{
625 struct bt_uuid *uuid;
626 u8 val = 0;
627
628 list_for_each_entry(uuid, &hdev->uuids, list)
629 val |= uuid->svc_hint;
630
631 return val;
632}
633
890ea898 634static void update_class(struct hci_request *req)
ef580372 635{
890ea898 636 struct hci_dev *hdev = req->hdev;
ef580372
JH		 637 u8 cod[3];
638
639 BT_DBG("%s", hdev->name);
640
504c8dcd 641 if (!hdev_is_powered(hdev))
890ea898 642 return;
7770c4aa 643
a8b2d5c2 644 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
890ea898 645 return;
ef580372
JH		 646
647 cod[0] = hdev->minor_class;
648 cod[1] = hdev->major_class;
649 cod[2] = get_service_classes(hdev);
650
651 if (memcmp(cod, hdev->dev_class, 3) == 0)
890ea898 652 return;
ef580372 653
890ea898 654 hci_req_add(req, HCI_OP_WRITE_CLASS_OF_DEV, sizeof(cod), cod);
ef580372
JH		 655}
656
7d78525d
JH		 657static void service_cache_off(struct work_struct *work)
658{
659 struct hci_dev *hdev = container_of(work, struct hci_dev,
04124681 660 service_cache.work);
890ea898 661 struct hci_request req;
7d78525d 662
a8b2d5c2 663 if (!test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
7d78525d
JH		 664 return;
665
890ea898
JH		 666 hci_req_init(&req, hdev);
667
7d78525d
JH		 668 hci_dev_lock(hdev);
669
890ea898
JH		 670 update_eir(&req);
671 update_class(&req);
7d78525d
JH		 672
673 hci_dev_unlock(hdev);
890ea898
JH		 674
675 hci_req_run(&req, NULL);
7d78525d
JH		 676}
677
6a919082 678static void mgmt_init_hdev(struct sock *sk, struct hci_dev *hdev)
7d78525d 679{
4f87da80 680 if (test_and_set_bit(HCI_MGMT, &hdev->dev_flags))
6a919082
JH		 681 return;
682
4f87da80 683 INIT_DELAYED_WORK(&hdev->service_cache, service_cache_off);
7d78525d 684
4f87da80
JH		 685 /* Non-mgmt controlled devices get this bit set
686 * implicitly so that pairing works for them, however
687 * for mgmt we require user-space to explicitly enable
688 * it
689 */
690 clear_bit(HCI_PAIRABLE, &hdev->dev_flags);
7d78525d
JH		 691}
692
0f4e68cf 693static int read_controller_info(struct sock *sk, struct hci_dev *hdev,
04124681 694 void *data, u16 data_len)
0381101f 695{
a38528f1 696 struct mgmt_rp_read_info rp;
f7b64e69 697
bdb6d971 698 BT_DBG("sock %p %s", sk, hdev->name);
f7b64e69 699
09fd0de5 700 hci_dev_lock(hdev);
f7b64e69 701
dc4fe30b
JH		 702 memset(&rp, 0, sizeof(rp));
703
69ab39ea 704 bacpy(&rp.bdaddr, &hdev->bdaddr);
f7b64e69 705
69ab39ea 706 rp.version = hdev->hci_ver;
eb55ef07 707 rp.manufacturer = cpu_to_le16(hdev->manufacturer);
69ab39ea
JH		 708
709 rp.supported_settings = cpu_to_le32(get_supported_settings(hdev));
710 rp.current_settings = cpu_to_le32(get_current_settings(hdev));
f7b64e69 711
a38528f1 712 memcpy(rp.dev_class, hdev->dev_class, 3);
f7b64e69 713
dc4fe30b 714 memcpy(rp.name, hdev->dev_name, sizeof(hdev->dev_name));
27fcc362 715 memcpy(rp.short_name, hdev->short_name, sizeof(hdev->short_name));
dc4fe30b 716
09fd0de5 717 hci_dev_unlock(hdev);
0381101f 718
bdb6d971 719 return cmd_complete(sk, hdev->id, MGMT_OP_READ_INFO, 0, &rp,
04124681 720 sizeof(rp));
0381101f
JH		 721}
722
eec8d2bc
JH		 723static void mgmt_pending_free(struct pending_cmd *cmd)
724{
725 sock_put(cmd->sk);
c68fb7ff 726 kfree(cmd->param);
eec8d2bc
JH		 727 kfree(cmd);
728}
729
366a0336 730static struct pending_cmd *mgmt_pending_add(struct sock *sk, u16 opcode,
04124681
GP		 731 struct hci_dev *hdev, void *data,
732 u16 len)
eec8d2bc
JH		 733{
734 struct pending_cmd *cmd;
735
12b94565 736 cmd = kmalloc(sizeof(*cmd), GFP_KERNEL);
eec8d2bc 737 if (!cmd)
366a0336 738 return NULL;
eec8d2bc
JH		 739
740 cmd->opcode = opcode;
2e58ef3e 741 cmd->index = hdev->id;
eec8d2bc 742
12b94565 743 cmd->param = kmalloc(len, GFP_KERNEL);
c68fb7ff 744 if (!cmd->param) {
eec8d2bc 745 kfree(cmd);
366a0336 746 return NULL;
eec8d2bc
JH		 747 }
748
8fce6357
SJ		 749 if (data)
750 memcpy(cmd->param, data, len);
eec8d2bc
JH		 751
752 cmd->sk = sk;
753 sock_hold(sk);
754
2e58ef3e 755 list_add(&cmd->list, &hdev->mgmt_pending);
eec8d2bc 756
366a0336 757 return cmd;
eec8d2bc
JH		 758}
759
744cf19e 760static void mgmt_pending_foreach(u16 opcode, struct hci_dev *hdev,
8fc9ced3
GP		 761 void (*cb)(struct pending_cmd *cmd,
762 void *data),
04124681 763 void *data)
eec8d2bc 764{
a3d09356 765 struct pending_cmd *cmd, *tmp;
eec8d2bc 766
a3d09356 767 list_for_each_entry_safe(cmd, tmp, &hdev->mgmt_pending, list) {
b24752fe 768 if (opcode > 0 && cmd->opcode != opcode)
eec8d2bc
JH		 769 continue;
770
eec8d2bc
JH		 771 cb(cmd, data);
772 }
773}
774
2e58ef3e 775static struct pending_cmd *mgmt_pending_find(u16 opcode, struct hci_dev *hdev)
eec8d2bc 776{
8035ded4 777 struct pending_cmd *cmd;
eec8d2bc 778
2e58ef3e 779 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
2aeabcbe
JH		 780 if (cmd->opcode == opcode)
781 return cmd;
eec8d2bc
JH		 782 }
783
784 return NULL;
785}
786
a664b5bc 787static void mgmt_pending_remove(struct pending_cmd *cmd)
73f22f62 788{
73f22f62
JH		 789 list_del(&cmd->list);
790 mgmt_pending_free(cmd);
791}
792
69ab39ea 793static int send_settings_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
8680570b 794{
69ab39ea 795 __le32 settings = cpu_to_le32(get_current_settings(hdev));
8680570b 796
aee9b218 797 return cmd_complete(sk, hdev->id, opcode, 0, &settings,
04124681 798 sizeof(settings));
8680570b
JH		 799}
800
bdb6d971 801static int set_powered(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 802 u16 len)
eec8d2bc 803{
650f726d 804 struct mgmt_mode *cp = data;
366a0336 805 struct pending_cmd *cmd;
4b34ee78 806 int err;
eec8d2bc 807
bdb6d971 808 BT_DBG("request for %s", hdev->name);
eec8d2bc 809
a7e80f25
JH		 810 if (cp->val != 0x00 && cp->val != 0x01)
811 return cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
812 MGMT_STATUS_INVALID_PARAMS);
813
09fd0de5 814 hci_dev_lock(hdev);
eec8d2bc 815
f0d4b78a
MH		 816 if (test_and_clear_bit(HCI_AUTO_OFF, &hdev->dev_flags)) {
817 cancel_delayed_work(&hdev->power_off);
818
819 if (cp->val) {
a1d70450
JH		 820 mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev,
821 data, len);
822 err = mgmt_powered(hdev, 1);
f0d4b78a
MH		 823 goto failed;
824 }
825 }
826
4b34ee78 827 if (!!cp->val == hdev_is_powered(hdev)) {
69ab39ea 828 err = send_settings_rsp(sk, MGMT_OP_SET_POWERED, hdev);
eec8d2bc
JH		 829 goto failed;
830 }
831
2e58ef3e 832 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev)) {
bdb6d971 833 err = cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
04124681 834 MGMT_STATUS_BUSY);
eec8d2bc
JH		 835 goto failed;
836 }
837
2e58ef3e 838 cmd = mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev, data, len);
366a0336
JH		 839 if (!cmd) {
840 err = -ENOMEM;
eec8d2bc 841 goto failed;
366a0336 842 }
eec8d2bc 843
72a734ec 844 if (cp->val)
19202573 845 queue_work(hdev->req_workqueue, &hdev->power_on);
eec8d2bc 846 else
19202573 847 queue_work(hdev->req_workqueue, &hdev->power_off.work);
eec8d2bc 848
366a0336 849 err = 0;
eec8d2bc
JH		 850
851failed:
09fd0de5 852 hci_dev_unlock(hdev);
366a0336 853 return err;
eec8d2bc
JH		 854}
855
04124681
GP		 856static int mgmt_event(u16 event, struct hci_dev *hdev, void *data, u16 data_len,
857 struct sock *skip_sk)
beadb2bd
JH		 858{
859 struct sk_buff *skb;
860 struct mgmt_hdr *hdr;
861
790eff44 862 skb = alloc_skb(sizeof(*hdr) + data_len, GFP_KERNEL);
beadb2bd
JH		 863 if (!skb)
864 return -ENOMEM;
865
866 hdr = (void *) skb_put(skb, sizeof(*hdr));
867 hdr->opcode = cpu_to_le16(event);
868 if (hdev)
869 hdr->index = cpu_to_le16(hdev->id);
870 else
612dfce9 871 hdr->index = __constant_cpu_to_le16(MGMT_INDEX_NONE);
beadb2bd
JH		 872 hdr->len = cpu_to_le16(data_len);
873
874 if (data)
875 memcpy(skb_put(skb, data_len), data, data_len);
876
97e0bdeb
MH		 877 /* Time stamp */
878 __net_timestamp(skb);
879
beadb2bd
JH		 880 hci_send_to_control(skb, skip_sk);
881 kfree_skb(skb);
882
883 return 0;
884}
885
886static int new_settings(struct hci_dev *hdev, struct sock *skip)
887{
888 __le32 ev;
889
890 ev = cpu_to_le32(get_current_settings(hdev));
891
892 return mgmt_event(MGMT_EV_NEW_SETTINGS, hdev, &ev, sizeof(ev), skip);
893}
894
bdb6d971 895static int set_discoverable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 896 u16 len)
73f22f62 897{
650f726d 898 struct mgmt_cp_set_discoverable *cp = data;
366a0336 899 struct pending_cmd *cmd;
5e5282bb 900 u16 timeout;
73f22f62
JH		 901 u8 scan;
902 int err;
903
bdb6d971 904 BT_DBG("request for %s", hdev->name);
73f22f62 905
33c525c0
JH		 906 if (!lmp_bredr_capable(hdev))
907 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
908 MGMT_STATUS_NOT_SUPPORTED);
909
a7e80f25
JH		 910 if (cp->val != 0x00 && cp->val != 0x01)
911 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
912 MGMT_STATUS_INVALID_PARAMS);
913
1f350c87 914 timeout = __le16_to_cpu(cp->timeout);
24c54a90 915 if (!cp->val && timeout > 0)
bdb6d971 916 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 917 MGMT_STATUS_INVALID_PARAMS);
73f22f62 918
09fd0de5 919 hci_dev_lock(hdev);
73f22f62 920
5e5282bb 921 if (!hdev_is_powered(hdev) && timeout > 0) {
bdb6d971 922 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 923 MGMT_STATUS_NOT_POWERED);
73f22f62
JH		 924 goto failed;
925 }
926
2e58ef3e 927 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
8ce8e2b5 928 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
bdb6d971 929 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 930 MGMT_STATUS_BUSY);
73f22f62
JH		 931 goto failed;
932 }
933
5e5282bb 934 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags)) {
bdb6d971 935 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 936 MGMT_STATUS_REJECTED);
5e5282bb
JH		 937 goto failed;
938 }
939
940 if (!hdev_is_powered(hdev)) {
0224d2fa
JH		 941 bool changed = false;
942
943 if (!!cp->val != test_bit(HCI_DISCOVERABLE, &hdev->dev_flags)) {
944 change_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
945 changed = true;
946 }
947
5e5282bb 948 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
0224d2fa
JH		 949 if (err < 0)
950 goto failed;
951
952 if (changed)
953 err = new_settings(hdev, sk);
954
5e5282bb
JH		 955 goto failed;
956 }
957
958 if (!!cp->val == test_bit(HCI_DISCOVERABLE, &hdev->dev_flags)) {
955638ec
MH		 959 if (hdev->discov_timeout > 0) {
960 cancel_delayed_work(&hdev->discov_off);
961 hdev->discov_timeout = 0;
962 }
963
964 if (cp->val && timeout > 0) {
965 hdev->discov_timeout = timeout;
966 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
967 msecs_to_jiffies(hdev->discov_timeout * 1000));
968 }
969
69ab39ea 970 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
73f22f62
JH		 971 goto failed;
972 }
973
2e58ef3e 974 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DISCOVERABLE, hdev, data, len);
366a0336
JH		 975 if (!cmd) {
976 err = -ENOMEM;
73f22f62 977 goto failed;
366a0336 978 }
73f22f62
JH		 979
980 scan = SCAN_PAGE;
981
72a734ec 982 if (cp->val)
73f22f62 983 scan |= SCAN_INQUIRY;
16ab91ab 984 else
e0f9309f 985 cancel_delayed_work(&hdev->discov_off);
73f22f62
JH		 986
987 err = hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
988 if (err < 0)
a664b5bc 989 mgmt_pending_remove(cmd);
73f22f62 990
16ab91ab 991 if (cp->val)
5e5282bb 992 hdev->discov_timeout = timeout;
16ab91ab 993
73f22f62 994failed:
09fd0de5 995 hci_dev_unlock(hdev);
73f22f62
JH		 996 return err;
997}
998
bdb6d971 999static int set_connectable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1000 u16 len)
9fbcbb45 1001{
650f726d 1002 struct mgmt_mode *cp = data;
366a0336 1003 struct pending_cmd *cmd;
9fbcbb45
JH		 1004 u8 scan;
1005 int err;
1006
bdb6d971 1007 BT_DBG("request for %s", hdev->name);
9fbcbb45 1008
33c525c0
JH		 1009 if (!lmp_bredr_capable(hdev))
1010 return cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1011 MGMT_STATUS_NOT_SUPPORTED);
1012
a7e80f25
JH		 1013 if (cp->val != 0x00 && cp->val != 0x01)
1014 return cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1015 MGMT_STATUS_INVALID_PARAMS);
1016
09fd0de5 1017 hci_dev_lock(hdev);
9fbcbb45 1018
4b34ee78 1019 if (!hdev_is_powered(hdev)) {
0224d2fa
JH		 1020 bool changed = false;
1021
1022 if (!!cp->val != test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
1023 changed = true;
1024
6bf0e469 1025 if (cp->val) {
5e5282bb 1026 set_bit(HCI_CONNECTABLE, &hdev->dev_flags);
6bf0e469 1027 } else {
5e5282bb
JH		 1028 clear_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1029 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
1030 }
0224d2fa 1031
5e5282bb 1032 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
0224d2fa
JH		 1033 if (err < 0)
1034 goto failed;
1035
1036 if (changed)
1037 err = new_settings(hdev, sk);
1038
9fbcbb45
JH		 1039 goto failed;
1040 }
1041
2e58ef3e 1042 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
8ce8e2b5 1043 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
bdb6d971 1044 err = cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
04124681 1045 MGMT_STATUS_BUSY);
9fbcbb45
JH		 1046 goto failed;
1047 }
1048
5e5282bb 1049 if (!!cp->val == test_bit(HCI_PSCAN, &hdev->flags)) {
69ab39ea 1050 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
9fbcbb45
JH		 1051 goto failed;
1052 }
1053
2e58ef3e 1054 cmd = mgmt_pending_add(sk, MGMT_OP_SET_CONNECTABLE, hdev, data, len);
366a0336
JH		 1055 if (!cmd) {
1056 err = -ENOMEM;
9fbcbb45 1057 goto failed;
366a0336 1058 }
9fbcbb45 1059
6bf0e469 1060 if (cp->val) {
9fbcbb45 1061 scan = SCAN_PAGE;
6bf0e469 1062 } else {
9fbcbb45
JH		 1063 scan = 0;
1064
df2c6c5e 1065 if (test_bit(HCI_ISCAN, &hdev->flags) &&
8ce8e2b5 1066 hdev->discov_timeout > 0)
df2c6c5e
JH		 1067 cancel_delayed_work(&hdev->discov_off);
1068 }
1069
9fbcbb45
JH		 1070 err = hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1071 if (err < 0)
a664b5bc 1072 mgmt_pending_remove(cmd);
9fbcbb45
JH		 1073
1074failed:
09fd0de5 1075 hci_dev_unlock(hdev);
9fbcbb45
JH		 1076 return err;
1077}
1078
bdb6d971 1079static int set_pairable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1080 u16 len)
c542a06c 1081{
650f726d 1082 struct mgmt_mode *cp = data;
c542a06c
JH		 1083 int err;
1084
bdb6d971 1085 BT_DBG("request for %s", hdev->name);
c542a06c 1086
a7e80f25
JH		 1087 if (cp->val != 0x00 && cp->val != 0x01)
1088 return cmd_status(sk, hdev->id, MGMT_OP_SET_PAIRABLE,
1089 MGMT_STATUS_INVALID_PARAMS);
1090
09fd0de5 1091 hci_dev_lock(hdev);
c542a06c
JH		 1092
1093 if (cp->val)
a8b2d5c2 1094 set_bit(HCI_PAIRABLE, &hdev->dev_flags);
c542a06c 1095 else
a8b2d5c2 1096 clear_bit(HCI_PAIRABLE, &hdev->dev_flags);
c542a06c 1097
69ab39ea 1098 err = send_settings_rsp(sk, MGMT_OP_SET_PAIRABLE, hdev);
c542a06c
JH		 1099 if (err < 0)
1100 goto failed;
1101
beadb2bd 1102 err = new_settings(hdev, sk);
c542a06c
JH		 1103
1104failed:
09fd0de5 1105 hci_dev_unlock(hdev);
c542a06c
JH		 1106 return err;
1107}
1108
04124681
GP		 1109static int set_link_security(struct sock *sk, struct hci_dev *hdev, void *data,
1110 u16 len)
33ef95ed
JH		 1111{
1112 struct mgmt_mode *cp = data;
1113 struct pending_cmd *cmd;
816a11d5 1114 u8 val;
33ef95ed
JH		 1115 int err;
1116
bdb6d971 1117 BT_DBG("request for %s", hdev->name);
33ef95ed 1118
33c525c0
JH		 1119 if (!lmp_bredr_capable(hdev))
1120 return cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1121 MGMT_STATUS_NOT_SUPPORTED);
1122
a7e80f25
JH		 1123 if (cp->val != 0x00 && cp->val != 0x01)
1124 return cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1125 MGMT_STATUS_INVALID_PARAMS);
1126
33ef95ed
JH		 1127 hci_dev_lock(hdev);
1128
4b34ee78 1129 if (!hdev_is_powered(hdev)) {
47990ea0
JH		 1130 bool changed = false;
1131
1132 if (!!cp->val != test_bit(HCI_LINK_SECURITY,
8ce8e2b5 1133 &hdev->dev_flags)) {
47990ea0
JH		 1134 change_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
1135 changed = true;
1136 }
1137
1138 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1139 if (err < 0)
1140 goto failed;
1141
1142 if (changed)
1143 err = new_settings(hdev, sk);
1144
33ef95ed
JH		 1145 goto failed;
1146 }
1147
1148 if (mgmt_pending_find(MGMT_OP_SET_LINK_SECURITY, hdev)) {
bdb6d971 1149 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
04124681 1150 MGMT_STATUS_BUSY);
33ef95ed
JH		 1151 goto failed;
1152 }
1153
1154 val = !!cp->val;
1155
1156 if (test_bit(HCI_AUTH, &hdev->flags) == val) {
1157 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1158 goto failed;
1159 }
1160
1161 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LINK_SECURITY, hdev, data, len);
1162 if (!cmd) {
1163 err = -ENOMEM;
1164 goto failed;
1165 }
1166
1167 err = hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE, sizeof(val), &val);
1168 if (err < 0) {
1169 mgmt_pending_remove(cmd);
1170 goto failed;
1171 }
1172
1173failed:
1174 hci_dev_unlock(hdev);
33ef95ed
JH		 1175 return err;
1176}
1177
bdb6d971 1178static int set_ssp(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
ed2c4ee3
JH		 1179{
1180 struct mgmt_mode *cp = data;
1181 struct pending_cmd *cmd;
816a11d5 1182 u8 val;
ed2c4ee3
JH		 1183 int err;
1184
bdb6d971 1185 BT_DBG("request for %s", hdev->name);
ed2c4ee3 1186
13ecd8b6
JH		 1187 if (!lmp_ssp_capable(hdev))
1188 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1189 MGMT_STATUS_NOT_SUPPORTED);
ed2c4ee3 1190
a7e80f25
JH		 1191 if (cp->val != 0x00 && cp->val != 0x01)
1192 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1193 MGMT_STATUS_INVALID_PARAMS);
1194
13ecd8b6 1195 hci_dev_lock(hdev);
6c8f12c1 1196
c0ecddc2
JH		 1197 val = !!cp->val;
1198
4b34ee78 1199 if (!hdev_is_powered(hdev)) {
c0ecddc2
JH		 1200 bool changed = false;
1201
1202 if (val != test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) {
1203 change_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
1204 changed = true;
1205 }
1206
1207 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1208 if (err < 0)
1209 goto failed;
1210
1211 if (changed)
1212 err = new_settings(hdev, sk);
1213
ed2c4ee3
JH		 1214 goto failed;
1215 }
1216
1217 if (mgmt_pending_find(MGMT_OP_SET_SSP, hdev)) {
d97dcb66
SJ		 1218 err = cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1219 MGMT_STATUS_BUSY);
ed2c4ee3
JH		 1220 goto failed;
1221 }
1222
ed2c4ee3
JH		 1223 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags) == val) {
1224 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1225 goto failed;
1226 }
1227
1228 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SSP, hdev, data, len);
1229 if (!cmd) {
1230 err = -ENOMEM;
1231 goto failed;
1232 }
1233
1234 err = hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, sizeof(val), &val);
1235 if (err < 0) {
1236 mgmt_pending_remove(cmd);
1237 goto failed;
1238 }
1239
1240failed:
1241 hci_dev_unlock(hdev);
ed2c4ee3
JH		 1242 return err;
1243}
1244
bdb6d971 1245static int set_hs(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
6d80dfd0
JH		 1246{
1247 struct mgmt_mode *cp = data;
6d80dfd0 1248
bdb6d971 1249 BT_DBG("request for %s", hdev->name);
6d80dfd0 1250
bdb6d971
JH		 1251 if (!enable_hs)
1252 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
04124681 1253 MGMT_STATUS_NOT_SUPPORTED);
6d80dfd0 1254
a7e80f25
JH		 1255 if (cp->val != 0x00 && cp->val != 0x01)
1256 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1257 MGMT_STATUS_INVALID_PARAMS);
1258
6d80dfd0
JH		 1259 if (cp->val)
1260 set_bit(HCI_HS_ENABLED, &hdev->dev_flags);
1261 else
1262 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
1263
bdb6d971 1264 return send_settings_rsp(sk, MGMT_OP_SET_HS, hdev);
6d80dfd0
JH		 1265}
1266
bdb6d971 1267static int set_le(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
06199cf8
JH		 1268{
1269 struct mgmt_mode *cp = data;
1270 struct hci_cp_write_le_host_supported hci_cp;
1271 struct pending_cmd *cmd;
06199cf8 1272 int err;
0b60eba1 1273 u8 val, enabled;
06199cf8 1274
bdb6d971 1275 BT_DBG("request for %s", hdev->name);
06199cf8 1276
13ecd8b6
JH		 1277 if (!lmp_le_capable(hdev))
1278 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1279 MGMT_STATUS_NOT_SUPPORTED);
1de028ce 1280
a7e80f25
JH		 1281 if (cp->val != 0x00 && cp->val != 0x01)
1282 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1283 MGMT_STATUS_INVALID_PARAMS);
1284
13ecd8b6 1285 hci_dev_lock(hdev);
06199cf8
JH		 1286
1287 val = !!cp->val;
ffa88e02 1288 enabled = lmp_host_le_capable(hdev);
06199cf8 1289
0b60eba1 1290 if (!hdev_is_powered(hdev) || val == enabled) {
06199cf8
JH		 1291 bool changed = false;
1292
1293 if (val != test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
1294 change_bit(HCI_LE_ENABLED, &hdev->dev_flags);
1295 changed = true;
1296 }
1297
1298 err = send_settings_rsp(sk, MGMT_OP_SET_LE, hdev);
1299 if (err < 0)
1de028ce 1300 goto unlock;
06199cf8
JH		 1301
1302 if (changed)
1303 err = new_settings(hdev, sk);
1304
1de028ce 1305 goto unlock;
06199cf8
JH		 1306 }
1307
1308 if (mgmt_pending_find(MGMT_OP_SET_LE, hdev)) {
bdb6d971 1309 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
04124681 1310 MGMT_STATUS_BUSY);
1de028ce 1311 goto unlock;
06199cf8
JH		 1312 }
1313
1314 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LE, hdev, data, len);
1315 if (!cmd) {
1316 err = -ENOMEM;
1de028ce 1317 goto unlock;
06199cf8
JH		 1318 }
1319
1320 memset(&hci_cp, 0, sizeof(hci_cp));
1321
1322 if (val) {
1323 hci_cp.le = val;
ffa88e02 1324 hci_cp.simul = lmp_le_br_capable(hdev);
06199cf8
JH		 1325 }
1326
04124681
GP		 1327 err = hci_send_cmd(hdev, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(hci_cp),
1328 &hci_cp);
0c01bc48 1329 if (err < 0)
06199cf8 1330 mgmt_pending_remove(cmd);
06199cf8 1331
1de028ce
JH		 1332unlock:
1333 hci_dev_unlock(hdev);
06199cf8
JH		 1334 return err;
1335}
1336
0cab9c80
JH		 1337/* This is a helper function to test for pending mgmt commands that can
1338 * cause CoD or EIR HCI commands. We can only allow one such pending
1339 * mgmt command at a time since otherwise we cannot easily track what
1340 * the current values are, will be, and based on that calculate if a new
1341 * HCI command needs to be sent and if yes with what value.
1342 */
1343static bool pending_eir_or_class(struct hci_dev *hdev)
1344{
1345 struct pending_cmd *cmd;
1346
1347 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
1348 switch (cmd->opcode) {
1349 case MGMT_OP_ADD_UUID:
1350 case MGMT_OP_REMOVE_UUID:
1351 case MGMT_OP_SET_DEV_CLASS:
1352 case MGMT_OP_SET_POWERED:
1353 return true;
1354 }
1355 }
1356
1357 return false;
1358}
1359
83be8eca
JH		 1360static const u8 bluetooth_base_uuid[] = {
1361 0xfb, 0x34, 0x9b, 0x5f, 0x80, 0x00, 0x00, 0x80,
1362 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1363};
1364
1365static u8 get_uuid_size(const u8 *uuid)
1366{
1367 u32 val;
1368
1369 if (memcmp(uuid, bluetooth_base_uuid, 12))
1370 return 128;
1371
1372 val = get_unaligned_le32(&uuid[12]);
1373 if (val > 0xffff)
1374 return 32;
1375
1376 return 16;
1377}
1378
92da6097
JH		 1379static void mgmt_class_complete(struct hci_dev *hdev, u16 mgmt_op, u8 status)
1380{
1381 struct pending_cmd *cmd;
1382
1383 hci_dev_lock(hdev);
1384
1385 cmd = mgmt_pending_find(mgmt_op, hdev);
1386 if (!cmd)
1387 goto unlock;
1388
1389 cmd_complete(cmd->sk, cmd->index, cmd->opcode, mgmt_status(status),
1390 hdev->dev_class, 3);
1391
1392 mgmt_pending_remove(cmd);
1393
1394unlock:
1395 hci_dev_unlock(hdev);
1396}
1397
1398static void add_uuid_complete(struct hci_dev *hdev, u8 status)
1399{
1400 BT_DBG("status 0x%02x", status);
1401
1402 mgmt_class_complete(hdev, MGMT_OP_ADD_UUID, status);
1403}
1404
bdb6d971 1405static int add_uuid(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
2aeb9a1a 1406{
650f726d 1407 struct mgmt_cp_add_uuid *cp = data;
90e70454 1408 struct pending_cmd *cmd;
890ea898 1409 struct hci_request req;
2aeb9a1a 1410 struct bt_uuid *uuid;
2aeb9a1a
JH		 1411 int err;
1412
bdb6d971 1413 BT_DBG("request for %s", hdev->name);
2aeb9a1a 1414
09fd0de5 1415 hci_dev_lock(hdev);
2aeb9a1a 1416
0cab9c80 1417 if (pending_eir_or_class(hdev)) {
bdb6d971 1418 err = cmd_status(sk, hdev->id, MGMT_OP_ADD_UUID,
04124681 1419 MGMT_STATUS_BUSY);
c95f0ba7
JH		 1420 goto failed;
1421 }
1422
92c4c204 1423 uuid = kmalloc(sizeof(*uuid), GFP_KERNEL);
2aeb9a1a
JH		 1424 if (!uuid) {
1425 err = -ENOMEM;
1426 goto failed;
1427 }
1428
1429 memcpy(uuid->uuid, cp->uuid, 16);
1aff6f09 1430 uuid->svc_hint = cp->svc_hint;
83be8eca 1431 uuid->size = get_uuid_size(cp->uuid);
2aeb9a1a 1432
de66aa63 1433 list_add_tail(&uuid->list, &hdev->uuids);
2aeb9a1a 1434
890ea898 1435 hci_req_init(&req, hdev);
1aff6f09 1436
890ea898
JH		 1437 update_class(&req);
1438 update_eir(&req);
1439
92da6097
JH		 1440 err = hci_req_run(&req, add_uuid_complete);
1441 if (err < 0) {
1442 if (err != -ENODATA)
1443 goto failed;
80a1e1db 1444
bdb6d971 1445 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_UUID, 0,
04124681 1446 hdev->dev_class, 3);
90e70454
JH		 1447 goto failed;
1448 }
1449
1450 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_UUID, hdev, data, len);
890ea898 1451 if (!cmd) {
90e70454 1452 err = -ENOMEM;
890ea898
JH		 1453 goto failed;
1454 }
1455
1456 err = 0;
2aeb9a1a
JH		 1457
1458failed:
09fd0de5 1459 hci_dev_unlock(hdev);
2aeb9a1a
JH		 1460 return err;
1461}
1462
24b78d0f
JH		 1463static bool enable_service_cache(struct hci_dev *hdev)
1464{
1465 if (!hdev_is_powered(hdev))
1466 return false;
1467
1468 if (!test_and_set_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
46818ed5
JH		 1469 queue_delayed_work(hdev->workqueue, &hdev->service_cache,
1470 CACHE_TIMEOUT);
24b78d0f
JH		 1471 return true;
1472 }
1473
1474 return false;
1475}
1476
92da6097
JH		 1477static void remove_uuid_complete(struct hci_dev *hdev, u8 status)
1478{
1479 BT_DBG("status 0x%02x", status);
1480
1481 mgmt_class_complete(hdev, MGMT_OP_REMOVE_UUID, status);
1482}
1483
bdb6d971 1484static int remove_uuid(struct sock *sk, struct hci_dev *hdev, void *data,
8ce8e2b5 1485 u16 len)
2aeb9a1a 1486{
650f726d 1487 struct mgmt_cp_remove_uuid *cp = data;
90e70454 1488 struct pending_cmd *cmd;
056341c8 1489 struct bt_uuid *match, *tmp;
2aeb9a1a 1490 u8 bt_uuid_any[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
890ea898 1491 struct hci_request req;
2aeb9a1a
JH		 1492 int err, found;
1493
bdb6d971 1494 BT_DBG("request for %s", hdev->name);
2aeb9a1a 1495
09fd0de5 1496 hci_dev_lock(hdev);
2aeb9a1a 1497
0cab9c80 1498 if (pending_eir_or_class(hdev)) {
bdb6d971 1499 err = cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
04124681 1500 MGMT_STATUS_BUSY);
c95f0ba7
JH		 1501 goto unlock;
1502 }
1503
2aeb9a1a
JH		 1504 if (memcmp(cp->uuid, bt_uuid_any, 16) == 0) {
1505 err = hci_uuids_clear(hdev);
4004b6d9 1506
24b78d0f 1507 if (enable_service_cache(hdev)) {
bdb6d971 1508 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID,
04124681 1509 0, hdev->dev_class, 3);
24b78d0f
JH		 1510 goto unlock;
1511 }
4004b6d9 1512
9246a869 1513 goto update_class;
2aeb9a1a
JH		 1514 }
1515
1516 found = 0;
1517
056341c8 1518 list_for_each_entry_safe(match, tmp, &hdev->uuids, list) {
2aeb9a1a
JH		 1519 if (memcmp(match->uuid, cp->uuid, 16) != 0)
1520 continue;
1521
1522 list_del(&match->list);
482049f7 1523 kfree(match);
2aeb9a1a
JH		 1524 found++;
1525 }
1526
1527 if (found == 0) {
bdb6d971 1528 err = cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
04124681 1529 MGMT_STATUS_INVALID_PARAMS);
2aeb9a1a
JH		 1530 goto unlock;
1531 }
1532
9246a869 1533update_class:
890ea898 1534 hci_req_init(&req, hdev);
1aff6f09 1535
890ea898
JH		 1536 update_class(&req);
1537 update_eir(&req);
1538
92da6097
JH		 1539 err = hci_req_run(&req, remove_uuid_complete);
1540 if (err < 0) {
1541 if (err != -ENODATA)
1542 goto unlock;
80a1e1db 1543
bdb6d971 1544 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID, 0,
04124681 1545 hdev->dev_class, 3);
90e70454
JH		 1546 goto unlock;
1547 }
1548
1549 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_UUID, hdev, data, len);
890ea898 1550 if (!cmd) {
90e70454 1551 err = -ENOMEM;
890ea898
JH		 1552 goto unlock;
1553 }
1554
1555 err = 0;
2aeb9a1a
JH		 1556
1557unlock:
09fd0de5 1558 hci_dev_unlock(hdev);
2aeb9a1a
JH		 1559 return err;
1560}
1561
92da6097
JH		 1562static void set_class_complete(struct hci_dev *hdev, u8 status)
1563{
1564 BT_DBG("status 0x%02x", status);
1565
1566 mgmt_class_complete(hdev, MGMT_OP_SET_DEV_CLASS, status);
1567}
1568
bdb6d971 1569static int set_dev_class(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1570 u16 len)
1aff6f09 1571{
650f726d 1572 struct mgmt_cp_set_dev_class *cp = data;
90e70454 1573 struct pending_cmd *cmd;
890ea898 1574 struct hci_request req;
1aff6f09
JH		 1575 int err;
1576
bdb6d971 1577 BT_DBG("request for %s", hdev->name);
1aff6f09 1578
13ecd8b6
JH		 1579 if (!lmp_bredr_capable(hdev))
1580 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
1581 MGMT_STATUS_NOT_SUPPORTED);
1aff6f09 1582
0cab9c80 1583 hci_dev_lock(hdev);
ee98f473 1584
0cab9c80
JH		 1585 if (pending_eir_or_class(hdev)) {
1586 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
1587 MGMT_STATUS_BUSY);
1588 goto unlock;
1589 }
c95f0ba7 1590
0cab9c80
JH		 1591 if ((cp->minor & 0x03) != 0 || (cp->major & 0xe0) != 0) {
1592 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
1593 MGMT_STATUS_INVALID_PARAMS);
1594 goto unlock;
1595 }
575b3a02 1596
932f5ff5
JH		 1597 hdev->major_class = cp->major;
1598 hdev->minor_class = cp->minor;
1599
b5235a65 1600 if (!hdev_is_powered(hdev)) {
bdb6d971 1601 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
04124681 1602 hdev->dev_class, 3);
b5235a65
JH		 1603 goto unlock;
1604 }
1605
890ea898
JH		 1606 hci_req_init(&req, hdev);
1607
a8b2d5c2 1608 if (test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
7d78525d
JH		 1609 hci_dev_unlock(hdev);
1610 cancel_delayed_work_sync(&hdev->service_cache);
1611 hci_dev_lock(hdev);
890ea898 1612 update_eir(&req);
7d78525d 1613 }
14c0b608 1614
890ea898
JH		 1615 update_class(&req);
1616
92da6097
JH		 1617 err = hci_req_run(&req, set_class_complete);
1618 if (err < 0) {
1619 if (err != -ENODATA)
1620 goto unlock;
1aff6f09 1621
bdb6d971 1622 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
04124681 1623 hdev->dev_class, 3);
90e70454
JH		 1624 goto unlock;
1625 }
1626
1627 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DEV_CLASS, hdev, data, len);
890ea898 1628 if (!cmd) {
90e70454 1629 err = -ENOMEM;
890ea898
JH		 1630 goto unlock;
1631 }
1632
1633 err = 0;
1aff6f09 1634
b5235a65 1635unlock:
09fd0de5 1636 hci_dev_unlock(hdev);
1aff6f09
JH		 1637 return err;
1638}
1639
bdb6d971 1640static int load_link_keys(struct sock *sk, struct hci_dev *hdev, void *data,
8ce8e2b5 1641 u16 len)
55ed8ca1 1642{
650f726d 1643 struct mgmt_cp_load_link_keys *cp = data;
4e51eae9 1644 u16 key_count, expected_len;
a492cd52 1645 int i;
55ed8ca1 1646
1f350c87 1647 key_count = __le16_to_cpu(cp->key_count);
55ed8ca1 1648
86742e1e
JH		 1649 expected_len = sizeof(*cp) + key_count *
1650 sizeof(struct mgmt_link_key_info);
a492cd52 1651 if (expected_len != len) {
86742e1e 1652 BT_ERR("load_link_keys: expected %u bytes, got %u bytes",
8ce8e2b5 1653 len, expected_len);
bdb6d971 1654 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
04124681 1655 MGMT_STATUS_INVALID_PARAMS);
55ed8ca1
JH		 1656 }
1657
4ae14301
JH		 1658 if (cp->debug_keys != 0x00 && cp->debug_keys != 0x01)
1659 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
1660 MGMT_STATUS_INVALID_PARAMS);
1661
bdb6d971 1662 BT_DBG("%s debug_keys %u key_count %u", hdev->name, cp->debug_keys,
8ce8e2b5 1663 key_count);
55ed8ca1 1664
4ee71b20
JH		 1665 for (i = 0; i < key_count; i++) {
1666 struct mgmt_link_key_info *key = &cp->keys[i];
1667
1668 if (key->addr.type != BDADDR_BREDR)
1669 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
1670 MGMT_STATUS_INVALID_PARAMS);
1671 }
1672
09fd0de5 1673 hci_dev_lock(hdev);
55ed8ca1
JH		 1674
1675 hci_link_keys_clear(hdev);
1676
a8b2d5c2 1677 set_bit(HCI_LINK_KEYS, &hdev->dev_flags);
55ed8ca1
JH		 1678
1679 if (cp->debug_keys)
a8b2d5c2 1680 set_bit(HCI_DEBUG_KEYS, &hdev->dev_flags);
55ed8ca1 1681 else
a8b2d5c2 1682 clear_bit(HCI_DEBUG_KEYS, &hdev->dev_flags);
55ed8ca1 1683
a492cd52 1684 for (i = 0; i < key_count; i++) {
86742e1e 1685 struct mgmt_link_key_info *key = &cp->keys[i];
55ed8ca1 1686
d753fdc4 1687 hci_add_link_key(hdev, NULL, 0, &key->addr.bdaddr, key->val,
04124681 1688 key->type, key->pin_len);
55ed8ca1
JH		 1689 }
1690
bdb6d971 1691 cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS, 0, NULL, 0);
0e5f875a 1692
09fd0de5 1693 hci_dev_unlock(hdev);
55ed8ca1 1694
a492cd52 1695 return 0;
55ed8ca1
JH		 1696}
1697
b1078ad0 1698static int device_unpaired(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 1699 u8 addr_type, struct sock *skip_sk)
b1078ad0
JH		 1700{
1701 struct mgmt_ev_device_unpaired ev;
1702
1703 bacpy(&ev.addr.bdaddr, bdaddr);
1704 ev.addr.type = addr_type;
1705
1706 return mgmt_event(MGMT_EV_DEVICE_UNPAIRED, hdev, &ev, sizeof(ev),
04124681 1707 skip_sk);
b1078ad0
JH		 1708}
1709
bdb6d971 1710static int unpair_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1711 u16 len)
55ed8ca1 1712{
124f6e35
JH		 1713 struct mgmt_cp_unpair_device *cp = data;
1714 struct mgmt_rp_unpair_device rp;
a8a1d19e
JH		 1715 struct hci_cp_disconnect dc;
1716 struct pending_cmd *cmd;
55ed8ca1 1717 struct hci_conn *conn;
55ed8ca1
JH		 1718 int err;
1719
a8a1d19e 1720 memset(&rp, 0, sizeof(rp));
124f6e35
JH		 1721 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
1722 rp.addr.type = cp->addr.type;
a8a1d19e 1723
4ee71b20
JH		 1724 if (!bdaddr_type_is_valid(cp->addr.type))
1725 return cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
1726 MGMT_STATUS_INVALID_PARAMS,
1727 &rp, sizeof(rp));
1728
118da70b
JH		 1729 if (cp->disconnect != 0x00 && cp->disconnect != 0x01)
1730 return cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
1731 MGMT_STATUS_INVALID_PARAMS,
1732 &rp, sizeof(rp));
1733
4ee71b20
JH		 1734 hci_dev_lock(hdev);
1735
86a8cfc6 1736 if (!hdev_is_powered(hdev)) {
bdb6d971 1737 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
04124681 1738 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
86a8cfc6
JH		 1739 goto unlock;
1740 }
1741
591f47f3 1742 if (cp->addr.type == BDADDR_BREDR)
124f6e35
JH		 1743 err = hci_remove_link_key(hdev, &cp->addr.bdaddr);
1744 else
1745 err = hci_remove_ltk(hdev, &cp->addr.bdaddr);
b0dbfb46 1746
55ed8ca1 1747 if (err < 0) {
bdb6d971 1748 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
04124681 1749 MGMT_STATUS_NOT_PAIRED, &rp, sizeof(rp));
55ed8ca1
JH		 1750 goto unlock;
1751 }
1752
86a8cfc6 1753 if (cp->disconnect) {
591f47f3 1754 if (cp->addr.type == BDADDR_BREDR)
86a8cfc6 1755 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
8ce8e2b5 1756 &cp->addr.bdaddr);
86a8cfc6
JH		 1757 else
1758 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK,
8ce8e2b5 1759 &cp->addr.bdaddr);
86a8cfc6
JH		 1760 } else {
1761 conn = NULL;
1762 }
124f6e35 1763
a8a1d19e 1764 if (!conn) {
bdb6d971 1765 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE, 0,
04124681 1766 &rp, sizeof(rp));
b1078ad0 1767 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, sk);
a8a1d19e
JH		 1768 goto unlock;
1769 }
55ed8ca1 1770
124f6e35 1771 cmd = mgmt_pending_add(sk, MGMT_OP_UNPAIR_DEVICE, hdev, cp,
04124681 1772 sizeof(*cp));
a8a1d19e
JH		 1773 if (!cmd) {
1774 err = -ENOMEM;
1775 goto unlock;
55ed8ca1
JH		 1776 }
1777
eb55ef07 1778 dc.handle = cpu_to_le16(conn->handle);
a8a1d19e
JH		 1779 dc.reason = 0x13; /* Remote User Terminated Connection */
1780 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
1781 if (err < 0)
1782 mgmt_pending_remove(cmd);
1783
55ed8ca1 1784unlock:
09fd0de5 1785 hci_dev_unlock(hdev);
55ed8ca1
JH		 1786 return err;
1787}
1788
bdb6d971 1789static int disconnect(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1790 u16 len)
8962ee74 1791{
650f726d 1792 struct mgmt_cp_disconnect *cp = data;
06a63b19 1793 struct mgmt_rp_disconnect rp;
8962ee74 1794 struct hci_cp_disconnect dc;
366a0336 1795 struct pending_cmd *cmd;
8962ee74 1796 struct hci_conn *conn;
8962ee74
JH		 1797 int err;
1798
1799 BT_DBG("");
1800
06a63b19
JH		 1801 memset(&rp, 0, sizeof(rp));
1802 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
1803 rp.addr.type = cp->addr.type;
1804
4ee71b20 1805 if (!bdaddr_type_is_valid(cp->addr.type))
06a63b19
JH		 1806 return cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
1807 MGMT_STATUS_INVALID_PARAMS,
1808 &rp, sizeof(rp));
4ee71b20 1809
09fd0de5 1810 hci_dev_lock(hdev);
8962ee74
JH		 1811
1812 if (!test_bit(HCI_UP, &hdev->flags)) {
06a63b19
JH		 1813 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
1814 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
8962ee74
JH		 1815 goto failed;
1816 }
1817
2e58ef3e 1818 if (mgmt_pending_find(MGMT_OP_DISCONNECT, hdev)) {
06a63b19
JH		 1819 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
1820 MGMT_STATUS_BUSY, &rp, sizeof(rp));
8962ee74
JH		 1821 goto failed;
1822 }
1823
591f47f3 1824 if (cp->addr.type == BDADDR_BREDR)
8fc9ced3
GP		 1825 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
1826 &cp->addr.bdaddr);
88c3df13
JH		 1827 else
1828 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
365227e5 1829
f960727e 1830 if (!conn || conn->state == BT_OPEN || conn->state == BT_CLOSED) {
06a63b19
JH		 1831 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
1832 MGMT_STATUS_NOT_CONNECTED, &rp, sizeof(rp));
8962ee74
JH		 1833 goto failed;
1834 }
1835
2e58ef3e 1836 cmd = mgmt_pending_add(sk, MGMT_OP_DISCONNECT, hdev, data, len);
366a0336
JH		 1837 if (!cmd) {
1838 err = -ENOMEM;
8962ee74 1839 goto failed;
366a0336 1840 }
8962ee74 1841
eb55ef07 1842 dc.handle = cpu_to_le16(conn->handle);
3701f944 1843 dc.reason = HCI_ERROR_REMOTE_USER_TERM;
8962ee74
JH		 1844
1845 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
1846 if (err < 0)
a664b5bc 1847 mgmt_pending_remove(cmd);
8962ee74
JH		 1848
1849failed:
09fd0de5 1850 hci_dev_unlock(hdev);
8962ee74
JH		 1851 return err;
1852}
1853
57c1477c 1854static u8 link_to_bdaddr(u8 link_type, u8 addr_type)
4c659c39
JH		 1855{
1856 switch (link_type) {
1857 case LE_LINK:
48264f06
JH		 1858 switch (addr_type) {
1859 case ADDR_LE_DEV_PUBLIC:
591f47f3 1860 return BDADDR_LE_PUBLIC;
0ed09148 1861
48264f06 1862 default:
0ed09148 1863 /* Fallback to LE Random address type */
591f47f3 1864 return BDADDR_LE_RANDOM;
48264f06 1865 }
0ed09148 1866
4c659c39 1867 default:
0ed09148 1868 /* Fallback to BR/EDR type */
591f47f3 1869 return BDADDR_BREDR;
4c659c39
JH		 1870 }
1871}
1872
04124681
GP		 1873static int get_connections(struct sock *sk, struct hci_dev *hdev, void *data,
1874 u16 data_len)
2784eb41 1875{
2784eb41 1876 struct mgmt_rp_get_connections *rp;
8035ded4 1877 struct hci_conn *c;
a38528f1 1878 size_t rp_len;
60fc5fb6
JH		 1879 int err;
1880 u16 i;
2784eb41
JH		 1881
1882 BT_DBG("");
1883
09fd0de5 1884 hci_dev_lock(hdev);
2784eb41 1885
5f97c1df 1886 if (!hdev_is_powered(hdev)) {
bdb6d971 1887 err = cmd_status(sk, hdev->id, MGMT_OP_GET_CONNECTIONS,
04124681 1888 MGMT_STATUS_NOT_POWERED);
5f97c1df
JH		 1889 goto unlock;
1890 }
1891
60fc5fb6 1892 i = 0;
b644ba33
JH		 1893 list_for_each_entry(c, &hdev->conn_hash.list, list) {
1894 if (test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
60fc5fb6 1895 i++;
2784eb41
JH		 1896 }
1897
60fc5fb6 1898 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
92c4c204 1899 rp = kmalloc(rp_len, GFP_KERNEL);
a38528f1 1900 if (!rp) {
2784eb41
JH		 1901 err = -ENOMEM;
1902 goto unlock;
1903 }
1904
2784eb41 1905 i = 0;
4c659c39 1906 list_for_each_entry(c, &hdev->conn_hash.list, list) {
b644ba33
JH		 1907 if (!test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
1908 continue;
4c659c39 1909 bacpy(&rp->addr[i].bdaddr, &c->dst);
57c1477c 1910 rp->addr[i].type = link_to_bdaddr(c->type, c->dst_type);
0ed09148 1911 if (c->type == SCO_LINK || c->type == ESCO_LINK)
4c659c39
JH		 1912 continue;
1913 i++;
1914 }
1915
eb55ef07 1916 rp->conn_count = cpu_to_le16(i);
60fc5fb6 1917
4c659c39
JH		 1918 /* Recalculate length in case of filtered SCO connections, etc */
1919 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
2784eb41 1920
bdb6d971 1921 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CONNECTIONS, 0, rp,
04124681 1922 rp_len);
2784eb41 1923
a38528f1 1924 kfree(rp);
5f97c1df
JH		 1925
1926unlock:
09fd0de5 1927 hci_dev_unlock(hdev);
2784eb41
JH		 1928 return err;
1929}
1930
bdb6d971 1931static int send_pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 1932 struct mgmt_cp_pin_code_neg_reply *cp)
96d97a67
WR		 1933{
1934 struct pending_cmd *cmd;
1935 int err;
1936
2e58ef3e 1937 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_NEG_REPLY, hdev, cp,
04124681 1938 sizeof(*cp));
96d97a67
WR		 1939 if (!cmd)
1940 return -ENOMEM;
1941
d8457698 1942 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
04124681 1943 sizeof(cp->addr.bdaddr), &cp->addr.bdaddr);
96d97a67
WR		 1944 if (err < 0)
1945 mgmt_pending_remove(cmd);
1946
1947 return err;
1948}
1949
bdb6d971 1950static int pin_code_reply(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1951 u16 len)
980e1a53 1952{
96d97a67 1953 struct hci_conn *conn;
650f726d 1954 struct mgmt_cp_pin_code_reply *cp = data;
980e1a53 1955 struct hci_cp_pin_code_reply reply;
366a0336 1956 struct pending_cmd *cmd;
980e1a53
JH		 1957 int err;
1958
1959 BT_DBG("");
1960
09fd0de5 1961 hci_dev_lock(hdev);
980e1a53 1962
4b34ee78 1963 if (!hdev_is_powered(hdev)) {
bdb6d971 1964 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
04124681 1965 MGMT_STATUS_NOT_POWERED);
980e1a53
JH		 1966 goto failed;
1967 }
1968
d8457698 1969 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->addr.bdaddr);
96d97a67 1970 if (!conn) {
bdb6d971 1971 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
04124681 1972 MGMT_STATUS_NOT_CONNECTED);
96d97a67
WR		 1973 goto failed;
1974 }
1975
1976 if (conn->pending_sec_level == BT_SECURITY_HIGH && cp->pin_len != 16) {
d8457698
JH		 1977 struct mgmt_cp_pin_code_neg_reply ncp;
1978
1979 memcpy(&ncp.addr, &cp->addr, sizeof(ncp.addr));
96d97a67
WR		 1980
1981 BT_ERR("PIN code is not 16 bytes long");
1982
bdb6d971 1983 err = send_pin_code_neg_reply(sk, hdev, &ncp);
96d97a67 1984 if (err >= 0)
bdb6d971 1985 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
04124681 1986 MGMT_STATUS_INVALID_PARAMS);
96d97a67
WR		 1987
1988 goto failed;
1989 }
1990
00abfe44 1991 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_REPLY, hdev, data, len);
366a0336
JH		 1992 if (!cmd) {
1993 err = -ENOMEM;
980e1a53 1994 goto failed;
366a0336 1995 }
980e1a53 1996
d8457698 1997 bacpy(&reply.bdaddr, &cp->addr.bdaddr);
980e1a53 1998 reply.pin_len = cp->pin_len;
24718ca5 1999 memcpy(reply.pin_code, cp->pin_code, sizeof(reply.pin_code));
980e1a53
JH		 2000
2001 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_REPLY, sizeof(reply), &reply);
2002 if (err < 0)
a664b5bc 2003 mgmt_pending_remove(cmd);
980e1a53
JH		 2004
2005failed:
09fd0de5 2006 hci_dev_unlock(hdev);
980e1a53
JH		 2007 return err;
2008}
2009
04124681
GP		 2010static int set_io_capability(struct sock *sk, struct hci_dev *hdev, void *data,
2011 u16 len)
17fa4b9d 2012{
650f726d 2013 struct mgmt_cp_set_io_capability *cp = data;
17fa4b9d
JH		 2014
2015 BT_DBG("");
2016
09fd0de5 2017 hci_dev_lock(hdev);
17fa4b9d
JH		 2018
2019 hdev->io_capability = cp->io_capability;
2020
2021 BT_DBG("%s IO capability set to 0x%02x", hdev->name,
8ce8e2b5 2022 hdev->io_capability);
17fa4b9d 2023
09fd0de5 2024 hci_dev_unlock(hdev);
17fa4b9d 2025
04124681
GP		 2026 return cmd_complete(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY, 0, NULL,
2027 0);
17fa4b9d
JH		 2028}
2029
6039aa73 2030static struct pending_cmd *find_pairing(struct hci_conn *conn)
e9a416b5
JH		 2031{
2032 struct hci_dev *hdev = conn->hdev;
8035ded4 2033 struct pending_cmd *cmd;
e9a416b5 2034
2e58ef3e 2035 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
e9a416b5
JH		 2036 if (cmd->opcode != MGMT_OP_PAIR_DEVICE)
2037 continue;
2038
e9a416b5
JH		 2039 if (cmd->user_data != conn)
2040 continue;
2041
2042 return cmd;
2043 }
2044
2045 return NULL;
2046}
2047
2048static void pairing_complete(struct pending_cmd *cmd, u8 status)
2049{
2050 struct mgmt_rp_pair_device rp;
2051 struct hci_conn *conn = cmd->user_data;
2052
ba4e564f 2053 bacpy(&rp.addr.bdaddr, &conn->dst);
57c1477c 2054 rp.addr.type = link_to_bdaddr(conn->type, conn->dst_type);
e9a416b5 2055
aee9b218 2056 cmd_complete(cmd->sk, cmd->index, MGMT_OP_PAIR_DEVICE, status,
04124681 2057 &rp, sizeof(rp));
e9a416b5
JH		 2058
2059 /* So we don't get further callbacks for this connection */
2060 conn->connect_cfm_cb = NULL;
2061 conn->security_cfm_cb = NULL;
2062 conn->disconn_cfm_cb = NULL;
2063
2064 hci_conn_put(conn);
2065
a664b5bc 2066 mgmt_pending_remove(cmd);
e9a416b5
JH		 2067}
2068
2069static void pairing_complete_cb(struct hci_conn *conn, u8 status)
2070{
2071 struct pending_cmd *cmd;
2072
2073 BT_DBG("status %u", status);
2074
2075 cmd = find_pairing(conn);
56e5cb86 2076 if (!cmd)
e9a416b5 2077 BT_DBG("Unable to find a pending command");
56e5cb86 2078 else
e211326c 2079 pairing_complete(cmd, mgmt_status(status));
e9a416b5
JH		 2080}
2081
4c47d739
VA		 2082static void le_connect_complete_cb(struct hci_conn *conn, u8 status)
2083{
2084 struct pending_cmd *cmd;
2085
2086 BT_DBG("status %u", status);
2087
2088 if (!status)
2089 return;
2090
2091 cmd = find_pairing(conn);
2092 if (!cmd)
2093 BT_DBG("Unable to find a pending command");
2094 else
2095 pairing_complete(cmd, mgmt_status(status));
2096}
2097
bdb6d971 2098static int pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2099 u16 len)
e9a416b5 2100{
650f726d 2101 struct mgmt_cp_pair_device *cp = data;
1425acb7 2102 struct mgmt_rp_pair_device rp;
e9a416b5
JH		 2103 struct pending_cmd *cmd;
2104 u8 sec_level, auth_type;
2105 struct hci_conn *conn;
e9a416b5
JH		 2106 int err;
2107
2108 BT_DBG("");
2109
f950a30e
SJ		 2110 memset(&rp, 0, sizeof(rp));
2111 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2112 rp.addr.type = cp->addr.type;
2113
4ee71b20
JH		 2114 if (!bdaddr_type_is_valid(cp->addr.type))
2115 return cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2116 MGMT_STATUS_INVALID_PARAMS,
2117 &rp, sizeof(rp));
2118
09fd0de5 2119 hci_dev_lock(hdev);
e9a416b5 2120
5f97c1df 2121 if (!hdev_is_powered(hdev)) {
f950a30e
SJ		 2122 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2123 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
5f97c1df
JH		 2124 goto unlock;
2125 }
2126
c908df36
VCG		 2127 sec_level = BT_SECURITY_MEDIUM;
2128 if (cp->io_cap == 0x03)
e9a416b5 2129 auth_type = HCI_AT_DEDICATED_BONDING;
c908df36 2130 else
e9a416b5 2131 auth_type = HCI_AT_DEDICATED_BONDING_MITM;
e9a416b5 2132
591f47f3 2133 if (cp->addr.type == BDADDR_BREDR)
b12f62cf
AG		 2134 conn = hci_connect(hdev, ACL_LINK, &cp->addr.bdaddr,
2135 cp->addr.type, sec_level, auth_type);
7a512d01 2136 else
b12f62cf
AG		 2137 conn = hci_connect(hdev, LE_LINK, &cp->addr.bdaddr,
2138 cp->addr.type, sec_level, auth_type);
7a512d01 2139
30e76272 2140 if (IS_ERR(conn)) {
489dc48e
AK		 2141 int status;
2142
2143 if (PTR_ERR(conn) == -EBUSY)
2144 status = MGMT_STATUS_BUSY;
2145 else
2146 status = MGMT_STATUS_CONNECT_FAILED;
2147
bdb6d971 2148 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
489dc48e 2149 status, &rp,
04124681 2150 sizeof(rp));
e9a416b5
JH		 2151 goto unlock;
2152 }
2153
2154 if (conn->connect_cfm_cb) {
2155 hci_conn_put(conn);
bdb6d971 2156 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
04124681 2157 MGMT_STATUS_BUSY, &rp, sizeof(rp));
e9a416b5
JH		 2158 goto unlock;
2159 }
2160
2e58ef3e 2161 cmd = mgmt_pending_add(sk, MGMT_OP_PAIR_DEVICE, hdev, data, len);
e9a416b5
JH		 2162 if (!cmd) {
2163 err = -ENOMEM;
2164 hci_conn_put(conn);
2165 goto unlock;
2166 }
2167
7a512d01 2168 /* For LE, just connecting isn't a proof that the pairing finished */
591f47f3 2169 if (cp->addr.type == BDADDR_BREDR)
7a512d01 2170 conn->connect_cfm_cb = pairing_complete_cb;
4c47d739
VA		 2171 else
2172 conn->connect_cfm_cb = le_connect_complete_cb;
7a512d01 2173
e9a416b5
JH		 2174 conn->security_cfm_cb = pairing_complete_cb;
2175 conn->disconn_cfm_cb = pairing_complete_cb;
2176 conn->io_capability = cp->io_cap;
2177 cmd->user_data = conn;
2178
2179 if (conn->state == BT_CONNECTED &&
8ce8e2b5 2180 hci_conn_security(conn, sec_level, auth_type))
e9a416b5
JH		 2181 pairing_complete(cmd, 0);
2182
2183 err = 0;
2184
2185unlock:
09fd0de5 2186 hci_dev_unlock(hdev);
e9a416b5
JH		 2187 return err;
2188}
2189
04124681
GP		 2190static int cancel_pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
2191 u16 len)
28424707 2192{
0f4e68cf 2193 struct mgmt_addr_info *addr = data;
28424707
JH		 2194 struct pending_cmd *cmd;
2195 struct hci_conn *conn;
2196 int err;
2197
2198 BT_DBG("");
2199
28424707
JH		 2200 hci_dev_lock(hdev);
2201
5f97c1df 2202 if (!hdev_is_powered(hdev)) {
bdb6d971 2203 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
04124681 2204 MGMT_STATUS_NOT_POWERED);
5f97c1df
JH		 2205 goto unlock;
2206 }
2207
28424707
JH		 2208 cmd = mgmt_pending_find(MGMT_OP_PAIR_DEVICE, hdev);
2209 if (!cmd) {
bdb6d971 2210 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
04124681 2211 MGMT_STATUS_INVALID_PARAMS);
28424707
JH		 2212 goto unlock;
2213 }
2214
2215 conn = cmd->user_data;
2216
2217 if (bacmp(&addr->bdaddr, &conn->dst) != 0) {
bdb6d971 2218 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
04124681 2219 MGMT_STATUS_INVALID_PARAMS);
28424707
JH		 2220 goto unlock;
2221 }
2222
2223 pairing_complete(cmd, MGMT_STATUS_CANCELLED);
2224
bdb6d971 2225 err = cmd_complete(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE, 0,
04124681 2226 addr, sizeof(*addr));
28424707
JH		 2227unlock:
2228 hci_dev_unlock(hdev);
28424707
JH		 2229 return err;
2230}
2231
bdb6d971 2232static int user_pairing_resp(struct sock *sk, struct hci_dev *hdev,
04124681
GP		 2233 bdaddr_t *bdaddr, u8 type, u16 mgmt_op,
2234 u16 hci_op, __le32 passkey)
a5c29683 2235{
a5c29683 2236 struct pending_cmd *cmd;
0df4c185 2237 struct hci_conn *conn;
a5c29683
JH		 2238 int err;
2239
09fd0de5 2240 hci_dev_lock(hdev);
08ba5382 2241
4b34ee78 2242 if (!hdev_is_powered(hdev)) {
bdb6d971 2243 err = cmd_status(sk, hdev->id, mgmt_op,
04124681 2244 MGMT_STATUS_NOT_POWERED);
0df4c185 2245 goto done;
a5c29683
JH		 2246 }
2247
591f47f3 2248 if (type == BDADDR_BREDR)
272d90df
JH		 2249 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, bdaddr);
2250 else
47c15e2b 2251 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, bdaddr);
272d90df
JH		 2252
2253 if (!conn) {
bdb6d971 2254 err = cmd_status(sk, hdev->id, mgmt_op,
04124681 2255 MGMT_STATUS_NOT_CONNECTED);
272d90df
JH		 2256 goto done;
2257 }
47c15e2b 2258
591f47f3 2259 if (type == BDADDR_LE_PUBLIC || type == BDADDR_LE_RANDOM) {
47c15e2b 2260 /* Continue with pairing via SMP */
5fe57d9e
BG		 2261 err = smp_user_confirm_reply(conn, mgmt_op, passkey);
2262
2263 if (!err)
bdb6d971 2264 err = cmd_status(sk, hdev->id, mgmt_op,
04124681 2265 MGMT_STATUS_SUCCESS);
5fe57d9e 2266 else
bdb6d971 2267 err = cmd_status(sk, hdev->id, mgmt_op,
04124681 2268 MGMT_STATUS_FAILED);
47c15e2b 2269
47c15e2b
BG		 2270 goto done;
2271 }
2272
0df4c185 2273 cmd = mgmt_pending_add(sk, mgmt_op, hdev, bdaddr, sizeof(*bdaddr));
a5c29683
JH		 2274 if (!cmd) {
2275 err = -ENOMEM;
0df4c185 2276 goto done;
a5c29683
JH		 2277 }
2278
0df4c185 2279 /* Continue with pairing via HCI */
604086b7
BG		 2280 if (hci_op == HCI_OP_USER_PASSKEY_REPLY) {
2281 struct hci_cp_user_passkey_reply cp;
2282
2283 bacpy(&cp.bdaddr, bdaddr);
2284 cp.passkey = passkey;
2285 err = hci_send_cmd(hdev, hci_op, sizeof(cp), &cp);
2286 } else
2287 err = hci_send_cmd(hdev, hci_op, sizeof(*bdaddr), bdaddr);
2288
a664b5bc
JH		 2289 if (err < 0)
2290 mgmt_pending_remove(cmd);
a5c29683 2291
0df4c185 2292done:
09fd0de5 2293 hci_dev_unlock(hdev);
a5c29683
JH		 2294 return err;
2295}
2296
afeb019d
JK		 2297static int pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
2298 void *data, u16 len)
2299{
2300 struct mgmt_cp_pin_code_neg_reply *cp = data;
2301
2302 BT_DBG("");
2303
2304 return user_pairing_resp(sk, hdev, &cp->addr.bdaddr, cp->addr.type,
2305 MGMT_OP_PIN_CODE_NEG_REPLY,
2306 HCI_OP_PIN_CODE_NEG_REPLY, 0);
2307}
2308
04124681
GP		 2309static int user_confirm_reply(struct sock *sk, struct hci_dev *hdev, void *data,
2310 u16 len)
0df4c185 2311{
650f726d 2312 struct mgmt_cp_user_confirm_reply *cp = data;
0df4c185
BG		 2313
2314 BT_DBG("");
2315
2316 if (len != sizeof(*cp))
bdb6d971 2317 return cmd_status(sk, hdev->id, MGMT_OP_USER_CONFIRM_REPLY,
04124681 2318 MGMT_STATUS_INVALID_PARAMS);
0df4c185 2319
bdb6d971 2320 return user_pairing_resp(sk, hdev, &cp->addr.bdaddr, cp->addr.type,
04124681
GP		 2321 MGMT_OP_USER_CONFIRM_REPLY,
2322 HCI_OP_USER_CONFIRM_REPLY, 0);
0df4c185
BG		 2323}
2324
bdb6d971 2325static int user_confirm_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 2326 void *data, u16 len)
0df4c185 2327{
c9c2659f 2328 struct mgmt_cp_user_confirm_neg_reply *cp = data;
0df4c185
BG		 2329
2330 BT_DBG("");
2331
bdb6d971 2332 return user_pairing_resp(sk, hdev, &cp->addr.bdaddr, cp->addr.type,
04124681
GP		 2333 MGMT_OP_USER_CONFIRM_NEG_REPLY,
2334 HCI_OP_USER_CONFIRM_NEG_REPLY, 0);
0df4c185
BG		 2335}
2336
04124681
GP		 2337static int user_passkey_reply(struct sock *sk, struct hci_dev *hdev, void *data,
2338 u16 len)
604086b7 2339{
650f726d 2340 struct mgmt_cp_user_passkey_reply *cp = data;
604086b7
BG		 2341
2342 BT_DBG("");
2343
bdb6d971 2344 return user_pairing_resp(sk, hdev, &cp->addr.bdaddr, cp->addr.type,
04124681
GP		 2345 MGMT_OP_USER_PASSKEY_REPLY,
2346 HCI_OP_USER_PASSKEY_REPLY, cp->passkey);
604086b7
BG		 2347}
2348
bdb6d971 2349static int user_passkey_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 2350 void *data, u16 len)
604086b7 2351{
650f726d 2352 struct mgmt_cp_user_passkey_neg_reply *cp = data;
604086b7
BG		 2353
2354 BT_DBG("");
2355
bdb6d971 2356 return user_pairing_resp(sk, hdev, &cp->addr.bdaddr, cp->addr.type,
04124681
GP		 2357 MGMT_OP_USER_PASSKEY_NEG_REPLY,
2358 HCI_OP_USER_PASSKEY_NEG_REPLY, 0);
604086b7
BG		 2359}
2360
13928971 2361static void update_name(struct hci_request *req)
2b4bf397 2362{
13928971 2363 struct hci_dev *hdev = req->hdev;
2b4bf397
JH		 2364 struct hci_cp_write_local_name cp;
2365
13928971 2366 memcpy(cp.name, hdev->dev_name, sizeof(cp.name));
2b4bf397 2367
890ea898 2368 hci_req_add(req, HCI_OP_WRITE_LOCAL_NAME, sizeof(cp), &cp);
2b4bf397
JH		 2369}
2370
13928971
JH		 2371static void set_name_complete(struct hci_dev *hdev, u8 status)
2372{
2373 struct mgmt_cp_set_local_name *cp;
2374 struct pending_cmd *cmd;
2375
2376 BT_DBG("status 0x%02x", status);
2377
2378 hci_dev_lock(hdev);
2379
2380 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
2381 if (!cmd)
2382 goto unlock;
2383
2384 cp = cmd->param;
2385
2386 if (status)
2387 cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME,
2388 mgmt_status(status));
2389 else
2390 cmd_complete(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
2391 cp, sizeof(*cp));
2392
2393 mgmt_pending_remove(cmd);
2394
2395unlock:
2396 hci_dev_unlock(hdev);
2397}
2398
bdb6d971 2399static int set_local_name(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2400 u16 len)
b312b161 2401{
2b4bf397 2402 struct mgmt_cp_set_local_name *cp = data;
b312b161 2403 struct pending_cmd *cmd;
890ea898 2404 struct hci_request req;
b312b161
JH		 2405 int err;
2406
2407 BT_DBG("");
2408
09fd0de5 2409 hci_dev_lock(hdev);
b312b161 2410
2b4bf397 2411 memcpy(hdev->short_name, cp->short_name, sizeof(hdev->short_name));
28cc7bde 2412
b5235a65 2413 if (!hdev_is_powered(hdev)) {
2b4bf397 2414 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
28cc7bde
JH		 2415
2416 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
04124681 2417 data, len);
28cc7bde
JH		 2418 if (err < 0)
2419 goto failed;
2420
2421 err = mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, data, len,
04124681 2422 sk);
28cc7bde 2423
b5235a65
JH		 2424 goto failed;
2425 }
2426
28cc7bde 2427 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LOCAL_NAME, hdev, data, len);
b312b161
JH		 2428 if (!cmd) {
2429 err = -ENOMEM;
2430 goto failed;
2431 }
2432
13928971
JH		 2433 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
2434
890ea898 2435 hci_req_init(&req, hdev);
13928971
JH		 2436 update_name(&req);
2437 update_eir(&req);
2438 err = hci_req_run(&req, set_name_complete);
b312b161
JH		 2439 if (err < 0)
2440 mgmt_pending_remove(cmd);
2441
2442failed:
09fd0de5 2443 hci_dev_unlock(hdev);
b312b161
JH		 2444 return err;
2445}
2446
0f4e68cf 2447static int read_local_oob_data(struct sock *sk, struct hci_dev *hdev,
04124681 2448 void *data, u16 data_len)
c35938b2 2449{
c35938b2
SJ		 2450 struct pending_cmd *cmd;
2451 int err;
2452
bdb6d971 2453 BT_DBG("%s", hdev->name);
c35938b2 2454
09fd0de5 2455 hci_dev_lock(hdev);
c35938b2 2456
4b34ee78 2457 if (!hdev_is_powered(hdev)) {
bdb6d971 2458 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
04124681 2459 MGMT_STATUS_NOT_POWERED);
c35938b2
SJ		 2460 goto unlock;
2461 }
2462
9a1a1996 2463 if (!lmp_ssp_capable(hdev)) {
bdb6d971 2464 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
04124681 2465 MGMT_STATUS_NOT_SUPPORTED);
c35938b2
SJ		 2466 goto unlock;
2467 }
2468
2e58ef3e 2469 if (mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev)) {
bdb6d971 2470 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
04124681 2471 MGMT_STATUS_BUSY);
c35938b2
SJ		 2472 goto unlock;
2473 }
2474
2e58ef3e 2475 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_DATA, hdev, NULL, 0);
c35938b2
SJ		 2476 if (!cmd) {
2477 err = -ENOMEM;
2478 goto unlock;
2479 }
2480
2481 err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL);
2482 if (err < 0)
2483 mgmt_pending_remove(cmd);
2484
2485unlock:
09fd0de5 2486 hci_dev_unlock(hdev);
c35938b2
SJ		 2487 return err;
2488}
2489
bdb6d971 2490static int add_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
04124681 2491 void *data, u16 len)
2763eda6 2492{
650f726d 2493 struct mgmt_cp_add_remote_oob_data *cp = data;
bf1e3541 2494 u8 status;
2763eda6
SJ		 2495 int err;
2496
bdb6d971 2497 BT_DBG("%s ", hdev->name);
2763eda6 2498
09fd0de5 2499 hci_dev_lock(hdev);
2763eda6 2500
664ce4cc 2501 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr, cp->hash,
04124681 2502 cp->randomizer);
2763eda6 2503 if (err < 0)
bf1e3541 2504 status = MGMT_STATUS_FAILED;
2763eda6 2505 else
a6785be2 2506 status = MGMT_STATUS_SUCCESS;
bf1e3541 2507
bdb6d971 2508 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA, status,
04124681 2509 &cp->addr, sizeof(cp->addr));
2763eda6 2510
09fd0de5 2511 hci_dev_unlock(hdev);
2763eda6
SJ		 2512 return err;
2513}
2514
bdb6d971 2515static int remove_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
8ce8e2b5 2516 void *data, u16 len)
2763eda6 2517{
650f726d 2518 struct mgmt_cp_remove_remote_oob_data *cp = data;
bf1e3541 2519 u8 status;
2763eda6
SJ		 2520 int err;
2521
bdb6d971 2522 BT_DBG("%s", hdev->name);
2763eda6 2523
09fd0de5 2524 hci_dev_lock(hdev);
2763eda6 2525
664ce4cc 2526 err = hci_remove_remote_oob_data(hdev, &cp->addr.bdaddr);
2763eda6 2527 if (err < 0)
bf1e3541 2528 status = MGMT_STATUS_INVALID_PARAMS;
2763eda6 2529 else
a6785be2 2530 status = MGMT_STATUS_SUCCESS;
bf1e3541 2531
bdb6d971 2532 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
04124681 2533 status, &cp->addr, sizeof(cp->addr));
2763eda6 2534
09fd0de5 2535 hci_dev_unlock(hdev);
2763eda6
SJ		 2536 return err;
2537}
2538
5e0452c0
AG		 2539int mgmt_interleaved_discovery(struct hci_dev *hdev)
2540{
2541 int err;
2542
2543 BT_DBG("%s", hdev->name);
2544
2545 hci_dev_lock(hdev);
2546
2547 err = hci_do_inquiry(hdev, INQUIRY_LEN_BREDR_LE);
2548 if (err < 0)
2549 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
2550
2551 hci_dev_unlock(hdev);
2552
2553 return err;
2554}
2555
bdb6d971 2556static int start_discovery(struct sock *sk, struct hci_dev *hdev,
04124681 2557 void *data, u16 len)
14a53664 2558{
650f726d 2559 struct mgmt_cp_start_discovery *cp = data;
14a53664 2560 struct pending_cmd *cmd;
14a53664
JH		 2561 int err;
2562
bdb6d971 2563 BT_DBG("%s", hdev->name);
14a53664 2564
09fd0de5 2565 hci_dev_lock(hdev);
14a53664 2566
4b34ee78 2567 if (!hdev_is_powered(hdev)) {
bdb6d971 2568 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
04124681 2569 MGMT_STATUS_NOT_POWERED);
bd2d1334
JH		 2570 goto failed;
2571 }
2572
642be6c7
AG		 2573 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags)) {
2574 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2575 MGMT_STATUS_BUSY);
2576 goto failed;
2577 }
2578
ff9ef578 2579 if (hdev->discovery.state != DISCOVERY_STOPPED) {
bdb6d971 2580 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
04124681 2581 MGMT_STATUS_BUSY);
ff9ef578
JH		 2582 goto failed;
2583 }
2584
2e58ef3e 2585 cmd = mgmt_pending_add(sk, MGMT_OP_START_DISCOVERY, hdev, NULL, 0);
14a53664
JH		 2586 if (!cmd) {
2587 err = -ENOMEM;
2588 goto failed;
2589 }
2590
4aab14e5
AG		 2591 hdev->discovery.type = cp->type;
2592
2593 switch (hdev->discovery.type) {
f39799f5 2594 case DISCOV_TYPE_BREDR:
04106755
JH		 2595 if (!lmp_bredr_capable(hdev)) {
2596 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2597 MGMT_STATUS_NOT_SUPPORTED);
2598 mgmt_pending_remove(cmd);
2599 goto failed;
2600 }
2601
2602 err = hci_do_inquiry(hdev, INQUIRY_LEN_BREDR);
f39799f5
AG		 2603 break;
2604
2605 case DISCOV_TYPE_LE:
04106755
JH		 2606 if (!lmp_host_le_capable(hdev)) {
2607 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2608 MGMT_STATUS_NOT_SUPPORTED);
2609 mgmt_pending_remove(cmd);
2610 goto failed;
2611 }
2612
2613 err = hci_le_scan(hdev, LE_SCAN_TYPE, LE_SCAN_INT,
2614 LE_SCAN_WIN, LE_SCAN_TIMEOUT_LE_ONLY);
f39799f5
AG		 2615 break;
2616
5e0452c0 2617 case DISCOV_TYPE_INTERLEAVED:
04106755
JH		 2618 if (!lmp_host_le_capable(hdev) || !lmp_bredr_capable(hdev)) {
2619 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2620 MGMT_STATUS_NOT_SUPPORTED);
2621 mgmt_pending_remove(cmd);
2622 goto failed;
2623 }
2624
2625 err = hci_le_scan(hdev, LE_SCAN_TYPE, LE_SCAN_INT, LE_SCAN_WIN,
2626 LE_SCAN_TIMEOUT_BREDR_LE);
5e0452c0
AG		 2627 break;
2628
f39799f5 2629 default:
04106755
JH		 2630 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2631 MGMT_STATUS_INVALID_PARAMS);
2632 mgmt_pending_remove(cmd);
2633 goto failed;
f39799f5 2634 }
3fd24153 2635
14a53664
JH		 2636 if (err < 0)
2637 mgmt_pending_remove(cmd);
ff9ef578
JH		 2638 else
2639 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
14a53664
JH		 2640
2641failed:
09fd0de5 2642 hci_dev_unlock(hdev);
14a53664
JH		 2643 return err;
2644}
2645
bdb6d971 2646static int stop_discovery(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2647 u16 len)
14a53664 2648{
d930650b 2649 struct mgmt_cp_stop_discovery *mgmt_cp = data;
14a53664 2650 struct pending_cmd *cmd;
30dc78e1
JH		 2651 struct hci_cp_remote_name_req_cancel cp;
2652 struct inquiry_entry *e;
14a53664
JH		 2653 int err;
2654
bdb6d971 2655 BT_DBG("%s", hdev->name);
14a53664 2656
09fd0de5 2657 hci_dev_lock(hdev);
14a53664 2658
30dc78e1 2659 if (!hci_discovery_active(hdev)) {
bdb6d971 2660 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
04124681
GP		 2661 MGMT_STATUS_REJECTED, &mgmt_cp->type,
2662 sizeof(mgmt_cp->type));
d930650b
JH		 2663 goto unlock;
2664 }
2665
2666 if (hdev->discovery.type != mgmt_cp->type) {
bdb6d971 2667 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
04124681
GP		 2668 MGMT_STATUS_INVALID_PARAMS, &mgmt_cp->type,
2669 sizeof(mgmt_cp->type));
30dc78e1 2670 goto unlock;
ff9ef578
JH		 2671 }
2672
2e58ef3e 2673 cmd = mgmt_pending_add(sk, MGMT_OP_STOP_DISCOVERY, hdev, NULL, 0);
14a53664
JH		 2674 if (!cmd) {
2675 err = -ENOMEM;
30dc78e1
JH		 2676 goto unlock;
2677 }
2678
e0d9727e
AG		 2679 switch (hdev->discovery.state) {
2680 case DISCOVERY_FINDING:
c9ecc48e
AG		 2681 if (test_bit(HCI_INQUIRY, &hdev->flags))
2682 err = hci_cancel_inquiry(hdev);
2683 else
2684 err = hci_cancel_le_scan(hdev);
2685
e0d9727e
AG		 2686 break;
2687
2688 case DISCOVERY_RESOLVING:
2689 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY,
8ce8e2b5 2690 NAME_PENDING);
e0d9727e 2691 if (!e) {
30dc78e1 2692 mgmt_pending_remove(cmd);
e0d9727e
AG		 2693 err = cmd_complete(sk, hdev->id,
2694 MGMT_OP_STOP_DISCOVERY, 0,
2695 &mgmt_cp->type,
2696 sizeof(mgmt_cp->type));
2697 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
2698 goto unlock;
2699 }
30dc78e1 2700
e0d9727e
AG		 2701 bacpy(&cp.bdaddr, &e->data.bdaddr);
2702 err = hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ_CANCEL,
2703 sizeof(cp), &cp);
2704
2705 break;
2706
2707 default:
2708 BT_DBG("unknown discovery state %u", hdev->discovery.state);
2709 err = -EFAULT;
14a53664
JH		 2710 }
2711
14a53664
JH		 2712 if (err < 0)
2713 mgmt_pending_remove(cmd);
ff9ef578
JH		 2714 else
2715 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
14a53664 2716
30dc78e1 2717unlock:
09fd0de5 2718 hci_dev_unlock(hdev);
14a53664
JH		 2719 return err;
2720}
2721
bdb6d971 2722static int confirm_name(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2723 u16 len)
561aafbc 2724{
650f726d 2725 struct mgmt_cp_confirm_name *cp = data;
561aafbc 2726 struct inquiry_entry *e;
561aafbc
JH		 2727 int err;
2728
bdb6d971 2729 BT_DBG("%s", hdev->name);
561aafbc 2730
561aafbc
JH		 2731 hci_dev_lock(hdev);
2732
30dc78e1 2733 if (!hci_discovery_active(hdev)) {
bdb6d971 2734 err = cmd_status(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
04124681 2735 MGMT_STATUS_FAILED);
30dc78e1
JH		 2736 goto failed;
2737 }
2738
a198e7b1 2739 e = hci_inquiry_cache_lookup_unknown(hdev, &cp->addr.bdaddr);
561aafbc 2740 if (!e) {
bdb6d971 2741 err = cmd_status(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
04124681 2742 MGMT_STATUS_INVALID_PARAMS);
561aafbc
JH		 2743 goto failed;
2744 }
2745
2746 if (cp->name_known) {
2747 e->name_state = NAME_KNOWN;
2748 list_del(&e->list);
2749 } else {
2750 e->name_state = NAME_NEEDED;
a3d4e20a 2751 hci_inquiry_cache_update_resolve(hdev, e);
561aafbc
JH		 2752 }
2753
e384662b
JH		 2754 err = cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME, 0, &cp->addr,
2755 sizeof(cp->addr));
561aafbc
JH		 2756
2757failed:
2758 hci_dev_unlock(hdev);
561aafbc
JH		 2759 return err;
2760}
2761
bdb6d971 2762static int block_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2763 u16 len)
7fbec224 2764{
650f726d 2765 struct mgmt_cp_block_device *cp = data;
f0eeea8b 2766 u8 status;
7fbec224
AJ		 2767 int err;
2768
bdb6d971 2769 BT_DBG("%s", hdev->name);
7fbec224 2770
4ee71b20 2771 if (!bdaddr_type_is_valid(cp->addr.type))
5d0846d4
JH		 2772 return cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE,
2773 MGMT_STATUS_INVALID_PARAMS,
2774 &cp->addr, sizeof(cp->addr));
4ee71b20 2775
09fd0de5 2776 hci_dev_lock(hdev);
5e762444 2777
88c1fe4b 2778 err = hci_blacklist_add(hdev, &cp->addr.bdaddr, cp->addr.type);
7fbec224 2779 if (err < 0)
f0eeea8b 2780 status = MGMT_STATUS_FAILED;
7fbec224 2781 else
a6785be2 2782 status = MGMT_STATUS_SUCCESS;
f0eeea8b 2783
bdb6d971 2784 err = cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE, status,
04124681 2785 &cp->addr, sizeof(cp->addr));
5e762444 2786
09fd0de5 2787 hci_dev_unlock(hdev);
7fbec224
AJ		 2788
2789 return err;
2790}
2791
bdb6d971 2792static int unblock_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2793 u16 len)
7fbec224 2794{
650f726d 2795 struct mgmt_cp_unblock_device *cp = data;
f0eeea8b 2796 u8 status;
7fbec224
AJ		 2797 int err;
2798
bdb6d971 2799 BT_DBG("%s", hdev->name);
7fbec224 2800
4ee71b20 2801 if (!bdaddr_type_is_valid(cp->addr.type))
5d0846d4
JH		 2802 return cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE,
2803 MGMT_STATUS_INVALID_PARAMS,
2804 &cp->addr, sizeof(cp->addr));
4ee71b20 2805
09fd0de5 2806 hci_dev_lock(hdev);
5e762444 2807
88c1fe4b 2808 err = hci_blacklist_del(hdev, &cp->addr.bdaddr, cp->addr.type);
7fbec224 2809 if (err < 0)
f0eeea8b 2810 status = MGMT_STATUS_INVALID_PARAMS;
7fbec224 2811 else
a6785be2 2812 status = MGMT_STATUS_SUCCESS;
f0eeea8b 2813
bdb6d971 2814 err = cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE, status,
04124681 2815 &cp->addr, sizeof(cp->addr));
5e762444 2816
09fd0de5 2817 hci_dev_unlock(hdev);
7fbec224
AJ		 2818
2819 return err;
2820}
2821
cdbaccca
MH		 2822static int set_device_id(struct sock *sk, struct hci_dev *hdev, void *data,
2823 u16 len)
2824{
2825 struct mgmt_cp_set_device_id *cp = data;
890ea898 2826 struct hci_request req;
cdbaccca 2827 int err;
c72d4b8a 2828 __u16 source;
cdbaccca
MH		 2829
2830 BT_DBG("%s", hdev->name);
2831
c72d4b8a
SJ		 2832 source = __le16_to_cpu(cp->source);
2833
2834 if (source > 0x0002)
2835 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEVICE_ID,
2836 MGMT_STATUS_INVALID_PARAMS);
2837
cdbaccca
MH		 2838 hci_dev_lock(hdev);
2839
c72d4b8a 2840 hdev->devid_source = source;
cdbaccca
MH		 2841 hdev->devid_vendor = __le16_to_cpu(cp->vendor);
2842 hdev->devid_product = __le16_to_cpu(cp->product);
2843 hdev->devid_version = __le16_to_cpu(cp->version);
2844
2845 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEVICE_ID, 0, NULL, 0);
2846
890ea898
JH		 2847 hci_req_init(&req, hdev);
2848 update_eir(&req);
2849 hci_req_run(&req, NULL);
cdbaccca
MH		 2850
2851 hci_dev_unlock(hdev);
2852
2853 return err;
2854}
2855
bdb6d971 2856static int set_fast_connectable(struct sock *sk, struct hci_dev *hdev,
04124681 2857 void *data, u16 len)
f6422ec6 2858{
650f726d 2859 struct mgmt_mode *cp = data;
f6422ec6
AJ		 2860 struct hci_cp_write_page_scan_activity acp;
2861 u8 type;
2862 int err;
2863
bdb6d971 2864 BT_DBG("%s", hdev->name);
f6422ec6 2865
33c525c0
JH		 2866 if (!lmp_bredr_capable(hdev))
2867 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
2868 MGMT_STATUS_NOT_SUPPORTED);
2869
a7e80f25
JH		 2870 if (cp->val != 0x00 && cp->val != 0x01)
2871 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
2872 MGMT_STATUS_INVALID_PARAMS);
2873
5400c044 2874 if (!hdev_is_powered(hdev))
bdb6d971 2875 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
04124681 2876 MGMT_STATUS_NOT_POWERED);
5400c044
JH		 2877
2878 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
bdb6d971 2879 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
04124681 2880 MGMT_STATUS_REJECTED);
f6422ec6
AJ		 2881
2882 hci_dev_lock(hdev);
2883
f7c6869c 2884 if (cp->val) {
f6422ec6 2885 type = PAGE_SCAN_TYPE_INTERLACED;
76ec9de8 2886
83ce9a06
JH		 2887 /* 160 msec page scan interval */
2888 acp.interval = __constant_cpu_to_le16(0x0100);
f6422ec6
AJ		 2889 } else {
2890 type = PAGE_SCAN_TYPE_STANDARD; /* default */
76ec9de8
AE		 2891
2892 /* default 1.28 sec page scan */
2893 acp.interval = __constant_cpu_to_le16(0x0800);
f6422ec6
AJ		 2894 }
2895
76ec9de8
AE		 2896 /* default 11.25 msec page scan window */
2897 acp.window = __constant_cpu_to_le16(0x0012);
f6422ec6 2898
04124681
GP		 2899 err = hci_send_cmd(hdev, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY, sizeof(acp),
2900 &acp);
f6422ec6 2901 if (err < 0) {
bdb6d971 2902 err = cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
04124681 2903 MGMT_STATUS_FAILED);
f6422ec6
AJ		 2904 goto done;
2905 }
2906
2907 err = hci_send_cmd(hdev, HCI_OP_WRITE_PAGE_SCAN_TYPE, 1, &type);
2908 if (err < 0) {
bdb6d971 2909 err = cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
04124681 2910 MGMT_STATUS_FAILED);
f6422ec6
AJ		 2911 goto done;
2912 }
2913
bdb6d971 2914 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE, 0,
04124681 2915 NULL, 0);
f6422ec6
AJ		 2916done:
2917 hci_dev_unlock(hdev);
f6422ec6
AJ		 2918 return err;
2919}
2920
3f706b72
JH		 2921static bool ltk_is_valid(struct mgmt_ltk_info *key)
2922{
44b20d33
JH		 2923 if (key->authenticated != 0x00 && key->authenticated != 0x01)
2924 return false;
3f706b72
JH		 2925 if (key->master != 0x00 && key->master != 0x01)
2926 return false;
4ee71b20
JH		 2927 if (!bdaddr_type_is_le(key->addr.type))
2928 return false;
3f706b72
JH		 2929 return true;
2930}
2931
bdb6d971 2932static int load_long_term_keys(struct sock *sk, struct hci_dev *hdev,
04124681 2933 void *cp_data, u16 len)
346af67b 2934{
346af67b
VCG		 2935 struct mgmt_cp_load_long_term_keys *cp = cp_data;
2936 u16 key_count, expected_len;
715a5bf2 2937 int i, err;
346af67b 2938
1f350c87 2939 key_count = __le16_to_cpu(cp->key_count);
346af67b
VCG		 2940
2941 expected_len = sizeof(*cp) + key_count *
2942 sizeof(struct mgmt_ltk_info);
2943 if (expected_len != len) {
2944 BT_ERR("load_keys: expected %u bytes, got %u bytes",
8ce8e2b5 2945 len, expected_len);
bdb6d971 2946 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
e57e619f 2947 MGMT_STATUS_INVALID_PARAMS);
346af67b
VCG		 2948 }
2949
bdb6d971 2950 BT_DBG("%s key_count %u", hdev->name, key_count);
346af67b 2951
54ad6d8a
JH		 2952 for (i = 0; i < key_count; i++) {
2953 struct mgmt_ltk_info *key = &cp->keys[i];
2954
3f706b72 2955 if (!ltk_is_valid(key))
54ad6d8a
JH		 2956 return cmd_status(sk, hdev->id,
2957 MGMT_OP_LOAD_LONG_TERM_KEYS,
2958 MGMT_STATUS_INVALID_PARAMS);
2959 }
2960
346af67b
VCG		 2961 hci_dev_lock(hdev);
2962
2963 hci_smp_ltks_clear(hdev);
2964
2965 for (i = 0; i < key_count; i++) {
2966 struct mgmt_ltk_info *key = &cp->keys[i];
2967 u8 type;
2968
2969 if (key->master)
2970 type = HCI_SMP_LTK;
2971 else
2972 type = HCI_SMP_LTK_SLAVE;
2973
4596fde5 2974 hci_add_ltk(hdev, &key->addr.bdaddr,
378b5b7e 2975 bdaddr_to_le(key->addr.type),
04124681
GP		 2976 type, 0, key->authenticated, key->val,
2977 key->enc_size, key->ediv, key->rand);
346af67b
VCG		 2978 }
2979
715a5bf2
JH		 2980 err = cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS, 0,
2981 NULL, 0);
2982
346af67b 2983 hci_dev_unlock(hdev);
346af67b 2984
715a5bf2 2985 return err;
346af67b
VCG		 2986}
2987
2e3c35ea 2988static const struct mgmt_handler {
04124681
GP		 2989 int (*func) (struct sock *sk, struct hci_dev *hdev, void *data,
2990 u16 data_len);
be22b54e
JH		 2991 bool var_len;
2992 size_t data_len;
0f4e68cf
JH		 2993} mgmt_handlers[] = {
2994 { NULL }, /* 0x0000 (no command) */
be22b54e
JH		 2995 { read_version, false, MGMT_READ_VERSION_SIZE },
2996 { read_commands, false, MGMT_READ_COMMANDS_SIZE },
2997 { read_index_list, false, MGMT_READ_INDEX_LIST_SIZE },
2998 { read_controller_info, false, MGMT_READ_INFO_SIZE },
2999 { set_powered, false, MGMT_SETTING_SIZE },
3000 { set_discoverable, false, MGMT_SET_DISCOVERABLE_SIZE },
3001 { set_connectable, false, MGMT_SETTING_SIZE },
3002 { set_fast_connectable, false, MGMT_SETTING_SIZE },
3003 { set_pairable, false, MGMT_SETTING_SIZE },
3004 { set_link_security, false, MGMT_SETTING_SIZE },
3005 { set_ssp, false, MGMT_SETTING_SIZE },
3006 { set_hs, false, MGMT_SETTING_SIZE },
3007 { set_le, false, MGMT_SETTING_SIZE },
3008 { set_dev_class, false, MGMT_SET_DEV_CLASS_SIZE },
3009 { set_local_name, false, MGMT_SET_LOCAL_NAME_SIZE },
3010 { add_uuid, false, MGMT_ADD_UUID_SIZE },
3011 { remove_uuid, false, MGMT_REMOVE_UUID_SIZE },
3012 { load_link_keys, true, MGMT_LOAD_LINK_KEYS_SIZE },
3013 { load_long_term_keys, true, MGMT_LOAD_LONG_TERM_KEYS_SIZE },
3014 { disconnect, false, MGMT_DISCONNECT_SIZE },
3015 { get_connections, false, MGMT_GET_CONNECTIONS_SIZE },
3016 { pin_code_reply, false, MGMT_PIN_CODE_REPLY_SIZE },
3017 { pin_code_neg_reply, false, MGMT_PIN_CODE_NEG_REPLY_SIZE },
3018 { set_io_capability, false, MGMT_SET_IO_CAPABILITY_SIZE },
3019 { pair_device, false, MGMT_PAIR_DEVICE_SIZE },
3020 { cancel_pair_device, false, MGMT_CANCEL_PAIR_DEVICE_SIZE },
3021 { unpair_device, false, MGMT_UNPAIR_DEVICE_SIZE },
3022 { user_confirm_reply, false, MGMT_USER_CONFIRM_REPLY_SIZE },
3023 { user_confirm_neg_reply, false, MGMT_USER_CONFIRM_NEG_REPLY_SIZE },
3024 { user_passkey_reply, false, MGMT_USER_PASSKEY_REPLY_SIZE },
3025 { user_passkey_neg_reply, false, MGMT_USER_PASSKEY_NEG_REPLY_SIZE },
3026 { read_local_oob_data, false, MGMT_READ_LOCAL_OOB_DATA_SIZE },
3027 { add_remote_oob_data, false, MGMT_ADD_REMOTE_OOB_DATA_SIZE },
3028 { remove_remote_oob_data, false, MGMT_REMOVE_REMOTE_OOB_DATA_SIZE },
3029 { start_discovery, false, MGMT_START_DISCOVERY_SIZE },
3030 { stop_discovery, false, MGMT_STOP_DISCOVERY_SIZE },
3031 { confirm_name, false, MGMT_CONFIRM_NAME_SIZE },
3032 { block_device, false, MGMT_BLOCK_DEVICE_SIZE },
3033 { unblock_device, false, MGMT_UNBLOCK_DEVICE_SIZE },
cdbaccca 3034 { set_device_id, false, MGMT_SET_DEVICE_ID_SIZE },
0f4e68cf
JH		 3035};
3036
3037
0381101f
JH		 3038int mgmt_control(struct sock *sk, struct msghdr *msg, size_t msglen)
3039{
650f726d
VCG		 3040 void *buf;
3041 u8 *cp;
0381101f 3042 struct mgmt_hdr *hdr;
4e51eae9 3043 u16 opcode, index, len;
bdb6d971 3044 struct hci_dev *hdev = NULL;
2e3c35ea 3045 const struct mgmt_handler *handler;
0381101f
JH		 3046 int err;
3047
3048 BT_DBG("got %zu bytes", msglen);
3049
3050 if (msglen < sizeof(*hdr))
3051 return -EINVAL;
3052
e63a15ec 3053 buf = kmalloc(msglen, GFP_KERNEL);
0381101f
JH		 3054 if (!buf)
3055 return -ENOMEM;
3056
3057 if (memcpy_fromiovec(buf, msg->msg_iov, msglen)) {
3058 err = -EFAULT;
3059 goto done;
3060 }
3061
650f726d 3062 hdr = buf;
1f350c87
MH		 3063 opcode = __le16_to_cpu(hdr->opcode);
3064 index = __le16_to_cpu(hdr->index);
3065 len = __le16_to_cpu(hdr->len);
0381101f
JH		 3066
3067 if (len != msglen - sizeof(*hdr)) {
3068 err = -EINVAL;
3069 goto done;
3070 }
3071
0f4e68cf 3072 if (index != MGMT_INDEX_NONE) {
bdb6d971
JH		 3073 hdev = hci_dev_get(index);
3074 if (!hdev) {
3075 err = cmd_status(sk, index, opcode,
04124681 3076 MGMT_STATUS_INVALID_INDEX);
bdb6d971
JH		 3077 goto done;
3078 }
3079 }
3080
0f4e68cf 3081 if (opcode >= ARRAY_SIZE(mgmt_handlers) ||
8ce8e2b5 3082 mgmt_handlers[opcode].func == NULL) {
0381101f 3083 BT_DBG("Unknown op %u", opcode);
ca69b795 3084 err = cmd_status(sk, index, opcode,
04124681 3085 MGMT_STATUS_UNKNOWN_COMMAND);
0f4e68cf
JH		 3086 goto done;
3087 }
3088
3089 if ((hdev && opcode < MGMT_OP_READ_INFO) ||
8ce8e2b5 3090 (!hdev && opcode >= MGMT_OP_READ_INFO)) {
0f4e68cf 3091 err = cmd_status(sk, index, opcode,
04124681 3092 MGMT_STATUS_INVALID_INDEX);
0f4e68cf 3093 goto done;
0381101f
JH		 3094 }
3095
be22b54e
JH		 3096 handler = &mgmt_handlers[opcode];
3097
3098 if ((handler->var_len && len < handler->data_len) ||
8ce8e2b5 3099 (!handler->var_len && len != handler->data_len)) {
be22b54e 3100 err = cmd_status(sk, index, opcode,
04124681 3101 MGMT_STATUS_INVALID_PARAMS);
be22b54e
JH		 3102 goto done;
3103 }
3104
0f4e68cf
JH		 3105 if (hdev)
3106 mgmt_init_hdev(sk, hdev);
3107
3108 cp = buf + sizeof(*hdr);
3109
be22b54e 3110 err = handler->func(sk, hdev, cp, len);
e41d8b4e
JH		 3111 if (err < 0)
3112 goto done;
3113
0381101f
JH		 3114 err = msglen;
3115
3116done:
bdb6d971
JH		 3117 if (hdev)
3118 hci_dev_put(hdev);
3119
0381101f
JH		 3120 kfree(buf);
3121 return err;
3122}
c71e97bf 3123
b24752fe
JH		 3124static void cmd_status_rsp(struct pending_cmd *cmd, void *data)
3125{
3126 u8 *status = data;
3127
3128 cmd_status(cmd->sk, cmd->index, cmd->opcode, *status);
3129 mgmt_pending_remove(cmd);
3130}
3131
744cf19e 3132int mgmt_index_added(struct hci_dev *hdev)
c71e97bf 3133{
bb4b2a9a
AE		 3134 if (!mgmt_valid_hdev(hdev))
3135 return -ENOTSUPP;
3136
744cf19e 3137 return mgmt_event(MGMT_EV_INDEX_ADDED, hdev, NULL, 0, NULL);
c71e97bf
JH		 3138}
3139
744cf19e 3140int mgmt_index_removed(struct hci_dev *hdev)
c71e97bf 3141{
5f159032 3142 u8 status = MGMT_STATUS_INVALID_INDEX;
b24752fe 3143
bb4b2a9a
AE		 3144 if (!mgmt_valid_hdev(hdev))
3145 return -ENOTSUPP;
3146
744cf19e 3147 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status);
b24752fe 3148
744cf19e 3149 return mgmt_event(MGMT_EV_INDEX_REMOVED, hdev, NULL, 0, NULL);
eec8d2bc
JH		 3150}
3151
73f22f62 3152struct cmd_lookup {
eec8d2bc 3153 struct sock *sk;
69ab39ea 3154 struct hci_dev *hdev;
90e70454 3155 u8 mgmt_status;
eec8d2bc
JH		 3156};
3157
69ab39ea 3158static void settings_rsp(struct pending_cmd *cmd, void *data)
eec8d2bc 3159{
73f22f62 3160 struct cmd_lookup *match = data;
eec8d2bc 3161
69ab39ea 3162 send_settings_rsp(cmd->sk, cmd->opcode, match->hdev);
eec8d2bc
JH		 3163
3164 list_del(&cmd->list);
3165
3166 if (match->sk == NULL) {
3167 match->sk = cmd->sk;
3168 sock_hold(match->sk);
3169 }
3170
3171 mgmt_pending_free(cmd);
c71e97bf 3172}
5add6af8 3173
890ea898 3174static void set_bredr_scan(struct hci_request *req)
7f0ae647 3175{
890ea898 3176 struct hci_dev *hdev = req->hdev;
7f0ae647
JH		 3177 u8 scan = 0;
3178
3179 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
3180 scan |= SCAN_PAGE;
3181 if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
3182 scan |= SCAN_INQUIRY;
3183
890ea898
JH		 3184 if (scan)
3185 hci_req_add(req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
7f0ae647
JH		 3186}
3187
229ab39c
JH		 3188static void powered_complete(struct hci_dev *hdev, u8 status)
3189{
3190 struct cmd_lookup match = { NULL, hdev };
3191
3192 BT_DBG("status 0x%02x", status);
3193
3194 hci_dev_lock(hdev);
3195
3196 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
3197
3198 new_settings(hdev, match.sk);
3199
3200 hci_dev_unlock(hdev);
3201
3202 if (match.sk)
3203 sock_put(match.sk);
3204}
3205
70da6243 3206static int powered_update_hci(struct hci_dev *hdev)
5add6af8 3207{
890ea898 3208 struct hci_request req;
70da6243 3209 u8 link_sec;
5add6af8 3210
890ea898
JH		 3211 hci_req_init(&req, hdev);
3212
70da6243
JH		 3213 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags) &&
3214 !lmp_host_ssp_capable(hdev)) {
3215 u8 ssp = 1;
5e5282bb 3216
890ea898 3217 hci_req_add(&req, HCI_OP_WRITE_SSP_MODE, 1, &ssp);
70da6243 3218 }
5add6af8 3219
70da6243
JH		 3220 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
3221 struct hci_cp_write_le_host_supported cp;
f0ff92fb 3222
70da6243
JH		 3223 cp.le = 1;
3224 cp.simul = lmp_le_br_capable(hdev);
3d1cbdd6 3225
70da6243
JH		 3226 /* Check first if we already have the right
3227 * host state (host features set)
3228 */
3229 if (cp.le != lmp_host_le_capable(hdev) ||
3230 cp.simul != lmp_host_le_br_capable(hdev))
890ea898
JH		 3231 hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED,
3232 sizeof(cp), &cp);
70da6243 3233 }
3d1cbdd6 3234
70da6243
JH		 3235 link_sec = test_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
3236 if (link_sec != test_bit(HCI_AUTH, &hdev->flags))
890ea898
JH		 3237 hci_req_add(&req, HCI_OP_WRITE_AUTH_ENABLE,
3238 sizeof(link_sec), &link_sec);
562fcc24 3239
70da6243 3240 if (lmp_bredr_capable(hdev)) {
890ea898
JH		 3241 set_bredr_scan(&req);
3242 update_class(&req);
13928971 3243 update_name(&req);
890ea898 3244 update_eir(&req);
70da6243 3245 }
562fcc24 3246
229ab39c 3247 return hci_req_run(&req, powered_complete);
70da6243 3248}
562fcc24 3249
70da6243
JH		 3250int mgmt_powered(struct hci_dev *hdev, u8 powered)
3251{
3252 struct cmd_lookup match = { NULL, hdev };
229ab39c
JH		 3253 u8 status_not_powered = MGMT_STATUS_NOT_POWERED;
3254 u8 zero_cod[] = { 0, 0, 0 };
70da6243 3255 int err;
f0ff92fb 3256
70da6243
JH		 3257 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
3258 return 0;
3259
70da6243 3260 if (powered) {
229ab39c
JH		 3261 if (powered_update_hci(hdev) == 0)
3262 return 0;
fe038884 3263
229ab39c
JH		 3264 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp,
3265 &match);
3266 goto new_settings;
b24752fe
JH		 3267 }
3268
229ab39c
JH		 3269 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
3270 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status_not_powered);
3271
3272 if (memcmp(hdev->dev_class, zero_cod, sizeof(zero_cod)) != 0)
3273 mgmt_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev,
3274 zero_cod, sizeof(zero_cod), NULL);
3275
3276new_settings:
beadb2bd 3277 err = new_settings(hdev, match.sk);
eec8d2bc
JH		 3278
3279 if (match.sk)
3280 sock_put(match.sk);
3281
7bb895d6 3282 return err;
5add6af8 3283}
73f22f62 3284
744cf19e 3285int mgmt_discoverable(struct hci_dev *hdev, u8 discoverable)
73f22f62 3286{
76a7f3a4 3287 struct cmd_lookup match = { NULL, hdev };
5e5282bb
JH		 3288 bool changed = false;
3289 int err = 0;
73f22f62 3290
5e5282bb
JH		 3291 if (discoverable) {
3292 if (!test_and_set_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
3293 changed = true;
3294 } else {
3295 if (test_and_clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
3296 changed = true;
3297 }
73f22f62 3298
ed9b5f2f 3299 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, hdev, settings_rsp,
04124681 3300 &match);
ed9b5f2f 3301
beadb2bd
JH		 3302 if (changed)
3303 err = new_settings(hdev, match.sk);
5e5282bb 3304
73f22f62
JH		 3305 if (match.sk)
3306 sock_put(match.sk);
3307
7bb895d6 3308 return err;
73f22f62 3309}
9fbcbb45 3310
744cf19e 3311int mgmt_connectable(struct hci_dev *hdev, u8 connectable)
9fbcbb45 3312{
76a7f3a4 3313 struct cmd_lookup match = { NULL, hdev };
5e5282bb
JH		 3314 bool changed = false;
3315 int err = 0;
9fbcbb45 3316
5e5282bb
JH		 3317 if (connectable) {
3318 if (!test_and_set_bit(HCI_CONNECTABLE, &hdev->dev_flags))
3319 changed = true;
3320 } else {
3321 if (test_and_clear_bit(HCI_CONNECTABLE, &hdev->dev_flags))
3322 changed = true;
3323 }
9fbcbb45 3324
ed9b5f2f 3325 mgmt_pending_foreach(MGMT_OP_SET_CONNECTABLE, hdev, settings_rsp,
04124681 3326 &match);
ed9b5f2f 3327
beadb2bd
JH		 3328 if (changed)
3329 err = new_settings(hdev, match.sk);
9fbcbb45
JH		 3330
3331 if (match.sk)
3332 sock_put(match.sk);
3333
7bb895d6 3334 return err;
9fbcbb45 3335}
55ed8ca1 3336
744cf19e 3337int mgmt_write_scan_failed(struct hci_dev *hdev, u8 scan, u8 status)
2d7cee58 3338{
ca69b795
JH		 3339 u8 mgmt_err = mgmt_status(status);
3340
2d7cee58 3341 if (scan & SCAN_PAGE)
744cf19e 3342 mgmt_pending_foreach(MGMT_OP_SET_CONNECTABLE, hdev,
04124681 3343 cmd_status_rsp, &mgmt_err);
2d7cee58
JH		 3344
3345 if (scan & SCAN_INQUIRY)
744cf19e 3346 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, hdev,
04124681 3347 cmd_status_rsp, &mgmt_err);
2d7cee58
JH		 3348
3349 return 0;
3350}
3351
53168e5b
CC		 3352int mgmt_new_link_key(struct hci_dev *hdev, struct link_key *key,
3353 bool persistent)
55ed8ca1 3354{
86742e1e 3355 struct mgmt_ev_new_link_key ev;
55ed8ca1 3356
a492cd52 3357 memset(&ev, 0, sizeof(ev));
55ed8ca1 3358
a492cd52 3359 ev.store_hint = persistent;
d753fdc4 3360 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
591f47f3 3361 ev.key.addr.type = BDADDR_BREDR;
a492cd52 3362 ev.key.type = key->type;
9b3b4460 3363 memcpy(ev.key.val, key->val, HCI_LINK_KEY_SIZE);
a492cd52 3364 ev.key.pin_len = key->pin_len;
55ed8ca1 3365
744cf19e 3366 return mgmt_event(MGMT_EV_NEW_LINK_KEY, hdev, &ev, sizeof(ev), NULL);
55ed8ca1 3367}
f7520543 3368
346af67b
VCG		 3369int mgmt_new_ltk(struct hci_dev *hdev, struct smp_ltk *key, u8 persistent)
3370{
3371 struct mgmt_ev_new_long_term_key ev;
3372
3373 memset(&ev, 0, sizeof(ev));
3374
3375 ev.store_hint = persistent;
3376 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
57c1477c 3377 ev.key.addr.type = link_to_bdaddr(LE_LINK, key->bdaddr_type);
346af67b
VCG		 3378 ev.key.authenticated = key->authenticated;
3379 ev.key.enc_size = key->enc_size;
3380 ev.key.ediv = key->ediv;
3381
3382 if (key->type == HCI_SMP_LTK)
3383 ev.key.master = 1;
3384
3385 memcpy(ev.key.rand, key->rand, sizeof(key->rand));
3386 memcpy(ev.key.val, key->val, sizeof(key->val));
3387
04124681
GP		 3388 return mgmt_event(MGMT_EV_NEW_LONG_TERM_KEY, hdev, &ev, sizeof(ev),
3389 NULL);
346af67b
VCG		 3390}
3391
afc747a6 3392int mgmt_device_connected(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
04124681
GP		 3393 u8 addr_type, u32 flags, u8 *name, u8 name_len,
3394 u8 *dev_class)
f7520543 3395{
b644ba33
JH		 3396 char buf[512];
3397 struct mgmt_ev_device_connected *ev = (void *) buf;
3398 u16 eir_len = 0;
f7520543 3399
b644ba33 3400 bacpy(&ev->addr.bdaddr, bdaddr);
57c1477c 3401 ev->addr.type = link_to_bdaddr(link_type, addr_type);
f7520543 3402
c95f0ba7 3403 ev->flags = __cpu_to_le32(flags);
08c79b61 3404
b644ba33
JH		 3405 if (name_len > 0)
3406 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE,
04124681 3407 name, name_len);
b644ba33
JH		 3408
3409 if (dev_class && memcmp(dev_class, "\0\0\0", 3) != 0)
53156385 3410 eir_len = eir_append_data(ev->eir, eir_len,
04124681 3411 EIR_CLASS_OF_DEV, dev_class, 3);
b644ba33 3412
eb55ef07 3413 ev->eir_len = cpu_to_le16(eir_len);
b644ba33
JH		 3414
3415 return mgmt_event(MGMT_EV_DEVICE_CONNECTED, hdev, buf,
04124681 3416 sizeof(*ev) + eir_len, NULL);
f7520543
JH		 3417}
3418
8962ee74
JH		 3419static void disconnect_rsp(struct pending_cmd *cmd, void *data)
3420{
c68fb7ff 3421 struct mgmt_cp_disconnect *cp = cmd->param;
8962ee74 3422 struct sock **sk = data;
a38528f1 3423 struct mgmt_rp_disconnect rp;
8962ee74 3424
88c3df13
JH		 3425 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
3426 rp.addr.type = cp->addr.type;
8962ee74 3427
aee9b218 3428 cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT, 0, &rp,
04124681 3429 sizeof(rp));
8962ee74
JH		 3430
3431 *sk = cmd->sk;
3432 sock_hold(*sk);
3433
a664b5bc 3434 mgmt_pending_remove(cmd);
8962ee74
JH		 3435}
3436
124f6e35 3437static void unpair_device_rsp(struct pending_cmd *cmd, void *data)
a8a1d19e 3438{
b1078ad0 3439 struct hci_dev *hdev = data;
124f6e35
JH		 3440 struct mgmt_cp_unpair_device *cp = cmd->param;
3441 struct mgmt_rp_unpair_device rp;
a8a1d19e
JH		 3442
3443 memset(&rp, 0, sizeof(rp));
124f6e35
JH		 3444 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
3445 rp.addr.type = cp->addr.type;
a8a1d19e 3446
b1078ad0
JH		 3447 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, cmd->sk);
3448
aee9b218 3449 cmd_complete(cmd->sk, cmd->index, cmd->opcode, 0, &rp, sizeof(rp));
a8a1d19e
JH		 3450
3451 mgmt_pending_remove(cmd);
3452}
3453
afc747a6 3454int mgmt_device_disconnected(struct hci_dev *hdev, bdaddr_t *bdaddr,
f0d6a0ea 3455 u8 link_type, u8 addr_type, u8 reason)
f7520543 3456{
f0d6a0ea 3457 struct mgmt_ev_device_disconnected ev;
8962ee74
JH		 3458 struct sock *sk = NULL;
3459 int err;
3460
744cf19e 3461 mgmt_pending_foreach(MGMT_OP_DISCONNECT, hdev, disconnect_rsp, &sk);
f7520543 3462
f0d6a0ea
MA		 3463 bacpy(&ev.addr.bdaddr, bdaddr);
3464 ev.addr.type = link_to_bdaddr(link_type, addr_type);
3465 ev.reason = reason;
f7520543 3466
afc747a6 3467 err = mgmt_event(MGMT_EV_DEVICE_DISCONNECTED, hdev, &ev, sizeof(ev),
04124681 3468 sk);
8962ee74
JH		 3469
3470 if (sk)
d97dcb66 3471 sock_put(sk);
8962ee74 3472
124f6e35 3473 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
04124681 3474 hdev);
a8a1d19e 3475
8962ee74
JH		 3476 return err;
3477}
3478
88c3df13 3479int mgmt_disconnect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 3480 u8 link_type, u8 addr_type, u8 status)
8962ee74 3481{
88c3df13 3482 struct mgmt_rp_disconnect rp;
8962ee74
JH		 3483 struct pending_cmd *cmd;
3484 int err;
3485
36a75f1b
JD		 3486 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
3487 hdev);
3488
2e58ef3e 3489 cmd = mgmt_pending_find(MGMT_OP_DISCONNECT, hdev);
8962ee74
JH		 3490 if (!cmd)
3491 return -ENOENT;
3492
88c3df13 3493 bacpy(&rp.addr.bdaddr, bdaddr);
57c1477c 3494 rp.addr.type = link_to_bdaddr(link_type, addr_type);
37d9ef76 3495
88c3df13 3496 err = cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT,
04124681 3497 mgmt_status(status), &rp, sizeof(rp));
8962ee74 3498
a664b5bc 3499 mgmt_pending_remove(cmd);
8962ee74
JH		 3500
3501 return err;
f7520543 3502}
17d5c04c 3503
48264f06 3504int mgmt_connect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
04124681 3505 u8 addr_type, u8 status)
17d5c04c
JH		 3506{
3507 struct mgmt_ev_connect_failed ev;
3508
4c659c39 3509 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 3510 ev.addr.type = link_to_bdaddr(link_type, addr_type);
ca69b795 3511 ev.status = mgmt_status(status);
17d5c04c 3512
744cf19e 3513 return mgmt_event(MGMT_EV_CONNECT_FAILED, hdev, &ev, sizeof(ev), NULL);
17d5c04c 3514}
980e1a53 3515
744cf19e 3516int mgmt_pin_code_request(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 secure)
980e1a53
JH		 3517{
3518 struct mgmt_ev_pin_code_request ev;
3519
d8457698 3520 bacpy(&ev.addr.bdaddr, bdaddr);
591f47f3 3521 ev.addr.type = BDADDR_BREDR;
a770bb5a 3522 ev.secure = secure;
980e1a53 3523
744cf19e 3524 return mgmt_event(MGMT_EV_PIN_CODE_REQUEST, hdev, &ev, sizeof(ev),
04124681 3525 NULL);
980e1a53
JH		 3526}
3527
744cf19e 3528int mgmt_pin_code_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 3529 u8 status)
980e1a53
JH		 3530{
3531 struct pending_cmd *cmd;
ac56fb13 3532 struct mgmt_rp_pin_code_reply rp;
980e1a53
JH		 3533 int err;
3534
2e58ef3e 3535 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_REPLY, hdev);
980e1a53
JH		 3536 if (!cmd)
3537 return -ENOENT;
3538
d8457698 3539 bacpy(&rp.addr.bdaddr, bdaddr);
591f47f3 3540 rp.addr.type = BDADDR_BREDR;
ac56fb13 3541
aee9b218 3542 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
04124681 3543 mgmt_status(status), &rp, sizeof(rp));
980e1a53 3544
a664b5bc 3545 mgmt_pending_remove(cmd);
980e1a53
JH		 3546
3547 return err;
3548}
3549
744cf19e 3550int mgmt_pin_code_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 3551 u8 status)
980e1a53
JH		 3552{
3553 struct pending_cmd *cmd;
ac56fb13 3554 struct mgmt_rp_pin_code_reply rp;
980e1a53
JH		 3555 int err;
3556
2e58ef3e 3557 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_NEG_REPLY, hdev);
980e1a53
JH		 3558 if (!cmd)
3559 return -ENOENT;
3560
d8457698 3561 bacpy(&rp.addr.bdaddr, bdaddr);
591f47f3 3562 rp.addr.type = BDADDR_BREDR;
ac56fb13 3563
aee9b218 3564 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_NEG_REPLY,
04124681 3565 mgmt_status(status), &rp, sizeof(rp));
980e1a53 3566
a664b5bc 3567 mgmt_pending_remove(cmd);
980e1a53
JH		 3568
3569 return err;
3570}
a5c29683 3571
744cf19e 3572int mgmt_user_confirm_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681
GP		 3573 u8 link_type, u8 addr_type, __le32 value,
3574 u8 confirm_hint)
a5c29683
JH		 3575{
3576 struct mgmt_ev_user_confirm_request ev;
3577
744cf19e 3578 BT_DBG("%s", hdev->name);
a5c29683 3579
272d90df 3580 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 3581 ev.addr.type = link_to_bdaddr(link_type, addr_type);
55bc1a37 3582 ev.confirm_hint = confirm_hint;
78e8098e 3583 ev.value = value;
a5c29683 3584
744cf19e 3585 return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST, hdev, &ev, sizeof(ev),
04124681 3586 NULL);
a5c29683
JH		 3587}
3588
272d90df 3589int mgmt_user_passkey_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
8ce8e2b5 3590 u8 link_type, u8 addr_type)
604086b7
BG		 3591{
3592 struct mgmt_ev_user_passkey_request ev;
3593
3594 BT_DBG("%s", hdev->name);
3595
272d90df 3596 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 3597 ev.addr.type = link_to_bdaddr(link_type, addr_type);
604086b7
BG		 3598
3599 return mgmt_event(MGMT_EV_USER_PASSKEY_REQUEST, hdev, &ev, sizeof(ev),
04124681 3600 NULL);
604086b7
BG		 3601}
3602
0df4c185 3603static int user_pairing_resp_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
8ce8e2b5
GP		 3604 u8 link_type, u8 addr_type, u8 status,
3605 u8 opcode)
a5c29683
JH		 3606{
3607 struct pending_cmd *cmd;
3608 struct mgmt_rp_user_confirm_reply rp;
3609 int err;
3610
2e58ef3e 3611 cmd = mgmt_pending_find(opcode, hdev);
a5c29683
JH		 3612 if (!cmd)
3613 return -ENOENT;
3614
272d90df 3615 bacpy(&rp.addr.bdaddr, bdaddr);
57c1477c 3616 rp.addr.type = link_to_bdaddr(link_type, addr_type);
aee9b218 3617 err = cmd_complete(cmd->sk, hdev->id, opcode, mgmt_status(status),
04124681 3618 &rp, sizeof(rp));
a5c29683 3619
a664b5bc 3620 mgmt_pending_remove(cmd);
a5c29683
JH		 3621
3622 return err;
3623}
3624
744cf19e 3625int mgmt_user_confirm_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 3626 u8 link_type, u8 addr_type, u8 status)
a5c29683 3627{
272d90df 3628 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
04124681 3629 status, MGMT_OP_USER_CONFIRM_REPLY);
a5c29683
JH		 3630}
3631
272d90df 3632int mgmt_user_confirm_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 3633 u8 link_type, u8 addr_type, u8 status)
a5c29683 3634{
272d90df 3635 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
8fc9ced3
GP		 3636 status,
3637 MGMT_OP_USER_CONFIRM_NEG_REPLY);
a5c29683 3638}
2a611692 3639
604086b7 3640int mgmt_user_passkey_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 3641 u8 link_type, u8 addr_type, u8 status)
604086b7 3642{
272d90df 3643 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
04124681 3644 status, MGMT_OP_USER_PASSKEY_REPLY);
604086b7
BG		 3645}
3646
272d90df 3647int mgmt_user_passkey_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 3648 u8 link_type, u8 addr_type, u8 status)
604086b7 3649{
272d90df 3650 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
8fc9ced3
GP		 3651 status,
3652 MGMT_OP_USER_PASSKEY_NEG_REPLY);
604086b7
BG		 3653}
3654
92a25256
JH		 3655int mgmt_user_passkey_notify(struct hci_dev *hdev, bdaddr_t *bdaddr,
3656 u8 link_type, u8 addr_type, u32 passkey,
3657 u8 entered)
3658{
3659 struct mgmt_ev_passkey_notify ev;
3660
3661 BT_DBG("%s", hdev->name);
3662
3663 bacpy(&ev.addr.bdaddr, bdaddr);
3664 ev.addr.type = link_to_bdaddr(link_type, addr_type);
3665 ev.passkey = __cpu_to_le32(passkey);
3666 ev.entered = entered;
3667
3668 return mgmt_event(MGMT_EV_PASSKEY_NOTIFY, hdev, &ev, sizeof(ev), NULL);
3669}
3670
bab73cb6 3671int mgmt_auth_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
04124681 3672 u8 addr_type, u8 status)
2a611692
JH		 3673{
3674 struct mgmt_ev_auth_failed ev;
3675
bab73cb6 3676 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 3677 ev.addr.type = link_to_bdaddr(link_type, addr_type);
ca69b795 3678 ev.status = mgmt_status(status);
2a611692 3679
744cf19e 3680 return mgmt_event(MGMT_EV_AUTH_FAILED, hdev, &ev, sizeof(ev), NULL);
2a611692 3681}
b312b161 3682
33ef95ed
JH		 3683int mgmt_auth_enable_complete(struct hci_dev *hdev, u8 status)
3684{
3685 struct cmd_lookup match = { NULL, hdev };
47990ea0
JH		 3686 bool changed = false;
3687 int err = 0;
33ef95ed
JH		 3688
3689 if (status) {
3690 u8 mgmt_err = mgmt_status(status);
3691 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev,
04124681 3692 cmd_status_rsp, &mgmt_err);
33ef95ed
JH		 3693 return 0;
3694 }
3695
47990ea0
JH		 3696 if (test_bit(HCI_AUTH, &hdev->flags)) {
3697 if (!test_and_set_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
3698 changed = true;
3699 } else {
3700 if (test_and_clear_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
3701 changed = true;
3702 }
3703
33ef95ed 3704 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev, settings_rsp,
04124681 3705 &match);
33ef95ed 3706
47990ea0
JH		 3707 if (changed)
3708 err = new_settings(hdev, match.sk);
33ef95ed
JH		 3709
3710 if (match.sk)
3711 sock_put(match.sk);
3712
3713 return err;
3714}
3715
890ea898 3716static void clear_eir(struct hci_request *req)
cacaf52f 3717{
890ea898 3718 struct hci_dev *hdev = req->hdev;
cacaf52f
JH		 3719 struct hci_cp_write_eir cp;
3720
976eb20e 3721 if (!lmp_ext_inq_capable(hdev))
890ea898 3722 return;
cacaf52f 3723
c80da27e
JH		 3724 memset(hdev->eir, 0, sizeof(hdev->eir));
3725
cacaf52f
JH		 3726 memset(&cp, 0, sizeof(cp));
3727
890ea898 3728 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
cacaf52f
JH		 3729}
3730
c0ecddc2 3731int mgmt_ssp_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
ed2c4ee3
JH		 3732{
3733 struct cmd_lookup match = { NULL, hdev };
890ea898 3734 struct hci_request req;
c0ecddc2
JH		 3735 bool changed = false;
3736 int err = 0;
ed2c4ee3
JH		 3737
3738 if (status) {
3739 u8 mgmt_err = mgmt_status(status);
c0ecddc2
JH		 3740
3741 if (enable && test_and_clear_bit(HCI_SSP_ENABLED,
04124681 3742 &hdev->dev_flags))
c0ecddc2
JH		 3743 err = new_settings(hdev, NULL);
3744
04124681
GP		 3745 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, cmd_status_rsp,
3746 &mgmt_err);
c0ecddc2
JH		 3747
3748 return err;
3749 }
3750
3751 if (enable) {
3752 if (!test_and_set_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
3753 changed = true;
3754 } else {
3755 if (test_and_clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
3756 changed = true;
ed2c4ee3
JH		 3757 }
3758
3759 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, settings_rsp, &match);
3760
c0ecddc2
JH		 3761 if (changed)
3762 err = new_settings(hdev, match.sk);
ed2c4ee3 3763
5fc6ebb1 3764 if (match.sk)
ed2c4ee3
JH		 3765 sock_put(match.sk);
3766
890ea898
JH		 3767 hci_req_init(&req, hdev);
3768
5fc6ebb1 3769 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
890ea898 3770 update_eir(&req);
5fc6ebb1 3771 else
890ea898
JH		 3772 clear_eir(&req);
3773
3774 hci_req_run(&req, NULL);
cacaf52f 3775
ed2c4ee3
JH		 3776 return err;
3777}
3778
92da6097 3779static void sk_lookup(struct pending_cmd *cmd, void *data)
90e70454
JH		 3780{
3781 struct cmd_lookup *match = data;
3782
90e70454
JH		 3783 if (match->sk == NULL) {
3784 match->sk = cmd->sk;
3785 sock_hold(match->sk);
3786 }
90e70454
JH		 3787}
3788
7f9a903c 3789int mgmt_set_class_of_dev_complete(struct hci_dev *hdev, u8 *dev_class,
04124681 3790 u8 status)
7f9a903c 3791{
90e70454
JH		 3792 struct cmd_lookup match = { NULL, hdev, mgmt_status(status) };
3793 int err = 0;
7f9a903c 3794
92da6097
JH		 3795 mgmt_pending_foreach(MGMT_OP_SET_DEV_CLASS, hdev, sk_lookup, &match);
3796 mgmt_pending_foreach(MGMT_OP_ADD_UUID, hdev, sk_lookup, &match);
3797 mgmt_pending_foreach(MGMT_OP_REMOVE_UUID, hdev, sk_lookup, &match);
90e70454
JH		 3798
3799 if (!status)
04124681
GP		 3800 err = mgmt_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev, dev_class,
3801 3, NULL);
90e70454
JH		 3802
3803 if (match.sk)
3804 sock_put(match.sk);
7f9a903c
MH		 3805
3806 return err;
3807}
3808
744cf19e 3809int mgmt_set_local_name_complete(struct hci_dev *hdev, u8 *name, u8 status)
b312b161 3810{
b312b161 3811 struct mgmt_cp_set_local_name ev;
13928971 3812 struct pending_cmd *cmd;
28cc7bde 3813
13928971
JH		 3814 if (status)
3815 return 0;
b312b161
JH		 3816
3817 memset(&ev, 0, sizeof(ev));
3818 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH);
28cc7bde 3819 memcpy(ev.short_name, hdev->short_name, HCI_MAX_SHORT_NAME_LENGTH);
b312b161 3820
2e58ef3e 3821 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
13928971
JH		 3822 if (!cmd) {
3823 memcpy(hdev->dev_name, name, sizeof(hdev->dev_name));
28cc7bde 3824
13928971
JH		 3825 /* If this is a HCI command related to powering on the
3826 * HCI dev don't send any mgmt signals.
3827 */
3828 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev))
3829 return 0;
890ea898 3830 }
b312b161 3831
13928971
JH		 3832 return mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, &ev, sizeof(ev),
3833 cmd ? cmd->sk : NULL);
b312b161 3834}
c35938b2 3835
744cf19e 3836int mgmt_read_local_oob_data_reply_complete(struct hci_dev *hdev, u8 *hash,
04124681 3837 u8 *randomizer, u8 status)
c35938b2
SJ		 3838{
3839 struct pending_cmd *cmd;
3840 int err;
3841
744cf19e 3842 BT_DBG("%s status %u", hdev->name, status);
c35938b2 3843
2e58ef3e 3844 cmd = mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev);
c35938b2
SJ		 3845 if (!cmd)
3846 return -ENOENT;
3847
3848 if (status) {
04124681
GP		 3849 err = cmd_status(cmd->sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3850 mgmt_status(status));
c35938b2
SJ		 3851 } else {
3852 struct mgmt_rp_read_local_oob_data rp;
3853
3854 memcpy(rp.hash, hash, sizeof(rp.hash));
3855 memcpy(rp.randomizer, randomizer, sizeof(rp.randomizer));
3856
744cf19e 3857 err = cmd_complete(cmd->sk, hdev->id,
04124681
GP		 3858 MGMT_OP_READ_LOCAL_OOB_DATA, 0, &rp,
3859 sizeof(rp));
c35938b2
SJ		 3860 }
3861
3862 mgmt_pending_remove(cmd);
3863
3864 return err;
3865}
e17acd40 3866
06199cf8
JH		 3867int mgmt_le_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
3868{
3869 struct cmd_lookup match = { NULL, hdev };
3870 bool changed = false;
3871 int err = 0;
3872
3873 if (status) {
3874 u8 mgmt_err = mgmt_status(status);
3875
3876 if (enable && test_and_clear_bit(HCI_LE_ENABLED,
04124681 3877 &hdev->dev_flags))
d97dcb66 3878 err = new_settings(hdev, NULL);
06199cf8 3879
d97dcb66
SJ		 3880 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, cmd_status_rsp,
3881 &mgmt_err);
06199cf8
JH		 3882
3883 return err;
3884 }
3885
3886 if (enable) {
3887 if (!test_and_set_bit(HCI_LE_ENABLED, &hdev->dev_flags))
3888 changed = true;
3889 } else {
3890 if (test_and_clear_bit(HCI_LE_ENABLED, &hdev->dev_flags))
3891 changed = true;
3892 }
3893
3894 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, settings_rsp, &match);
3895
3896 if (changed)
3897 err = new_settings(hdev, match.sk);
3898
3899 if (match.sk)
3900 sock_put(match.sk);
3901
3902 return err;
3903}
3904
48264f06 3905int mgmt_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
04124681
GP		 3906 u8 addr_type, u8 *dev_class, s8 rssi, u8 cfm_name, u8
3907 ssp, u8 *eir, u16 eir_len)
e17acd40 3908{
e319d2e7
JH		 3909 char buf[512];
3910 struct mgmt_ev_device_found *ev = (void *) buf;
1dc06093 3911 size_t ev_size;
e17acd40 3912
1dc06093
JH		 3913 /* Leave 5 bytes for a potential CoD field */
3914 if (sizeof(*ev) + eir_len + 5 > sizeof(buf))
7d262f86
AG		 3915 return -EINVAL;
3916
1dc06093
JH		 3917 memset(buf, 0, sizeof(buf));
3918
e319d2e7 3919 bacpy(&ev->addr.bdaddr, bdaddr);
57c1477c 3920 ev->addr.type = link_to_bdaddr(link_type, addr_type);
e319d2e7 3921 ev->rssi = rssi;
9a395a80 3922 if (cfm_name)
612dfce9 3923 ev->flags |= __constant_cpu_to_le32(MGMT_DEV_FOUND_CONFIRM_NAME);
388fc8fa 3924 if (!ssp)
612dfce9 3925 ev->flags |= __constant_cpu_to_le32(MGMT_DEV_FOUND_LEGACY_PAIRING);
e17acd40 3926
1dc06093 3927 if (eir_len > 0)
e319d2e7 3928 memcpy(ev->eir, eir, eir_len);
e17acd40 3929
1dc06093
JH		 3930 if (dev_class && !eir_has_data_type(ev->eir, eir_len, EIR_CLASS_OF_DEV))
3931 eir_len = eir_append_data(ev->eir, eir_len, EIR_CLASS_OF_DEV,
04124681 3932 dev_class, 3);
1dc06093 3933
eb55ef07 3934 ev->eir_len = cpu_to_le16(eir_len);
1dc06093 3935 ev_size = sizeof(*ev) + eir_len;
f8523598 3936
e319d2e7 3937 return mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, ev_size, NULL);
e17acd40 3938}
a88a9652 3939
b644ba33 3940int mgmt_remote_name(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
04124681 3941 u8 addr_type, s8 rssi, u8 *name, u8 name_len)
a88a9652 3942{
b644ba33
JH		 3943 struct mgmt_ev_device_found *ev;
3944 char buf[sizeof(*ev) + HCI_MAX_NAME_LENGTH + 2];
3945 u16 eir_len;
a88a9652 3946
b644ba33 3947 ev = (struct mgmt_ev_device_found *) buf;
a88a9652 3948
b644ba33
JH		 3949 memset(buf, 0, sizeof(buf));
3950
3951 bacpy(&ev->addr.bdaddr, bdaddr);
57c1477c 3952 ev->addr.type = link_to_bdaddr(link_type, addr_type);
b644ba33
JH		 3953 ev->rssi = rssi;
3954
3955 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE, name,
04124681 3956 name_len);
b644ba33 3957
eb55ef07 3958 ev->eir_len = cpu_to_le16(eir_len);
a88a9652 3959
053c7e0c 3960 return mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev,
04124681 3961 sizeof(*ev) + eir_len, NULL);
a88a9652 3962}
314b2381 3963
7a135109 3964int mgmt_start_discovery_failed(struct hci_dev *hdev, u8 status)
164a6e78
JH		 3965{
3966 struct pending_cmd *cmd;
f808e166 3967 u8 type;
164a6e78
JH		 3968 int err;
3969
203159d4
AG		 3970 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
3971
2e58ef3e 3972 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
164a6e78
JH		 3973 if (!cmd)
3974 return -ENOENT;
3975
f808e166
JH		 3976 type = hdev->discovery.type;
3977
3978 err = cmd_complete(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status),
04124681 3979 &type, sizeof(type));
164a6e78
JH		 3980 mgmt_pending_remove(cmd);
3981
3982 return err;
3983}
3984
e6d465cb
AG		 3985int mgmt_stop_discovery_failed(struct hci_dev *hdev, u8 status)
3986{
3987 struct pending_cmd *cmd;
3988 int err;
3989
3990 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
3991 if (!cmd)
3992 return -ENOENT;
3993
d930650b 3994 err = cmd_complete(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status),
04124681 3995 &hdev->discovery.type, sizeof(hdev->discovery.type));
164a6e78
JH		 3996 mgmt_pending_remove(cmd);
3997
3998 return err;
3999}
4000
744cf19e 4001int mgmt_discovering(struct hci_dev *hdev, u8 discovering)
314b2381 4002{
f963e8e9 4003 struct mgmt_ev_discovering ev;
164a6e78
JH		 4004 struct pending_cmd *cmd;
4005
343fb145
AG		 4006 BT_DBG("%s discovering %u", hdev->name, discovering);
4007
164a6e78 4008 if (discovering)
2e58ef3e 4009 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
164a6e78 4010 else
2e58ef3e 4011 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
164a6e78
JH		 4012
4013 if (cmd != NULL) {
f808e166
JH		 4014 u8 type = hdev->discovery.type;
4015
04124681
GP		 4016 cmd_complete(cmd->sk, hdev->id, cmd->opcode, 0, &type,
4017 sizeof(type));
164a6e78
JH		 4018 mgmt_pending_remove(cmd);
4019 }
4020
f963e8e9
JH		 4021 memset(&ev, 0, sizeof(ev));
4022 ev.type = hdev->discovery.type;
4023 ev.discovering = discovering;
4024
4025 return mgmt_event(MGMT_EV_DISCOVERING, hdev, &ev, sizeof(ev), NULL);
314b2381 4026}
5e762444 4027
88c1fe4b 4028int mgmt_device_blocked(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
5e762444
AJ		 4029{
4030 struct pending_cmd *cmd;
4031 struct mgmt_ev_device_blocked ev;
4032
2e58ef3e 4033 cmd = mgmt_pending_find(MGMT_OP_BLOCK_DEVICE, hdev);
5e762444 4034
88c1fe4b
JH		 4035 bacpy(&ev.addr.bdaddr, bdaddr);
4036 ev.addr.type = type;
5e762444 4037
744cf19e 4038 return mgmt_event(MGMT_EV_DEVICE_BLOCKED, hdev, &ev, sizeof(ev),
04124681 4039 cmd ? cmd->sk : NULL);
5e762444
AJ		 4040}
4041
88c1fe4b 4042int mgmt_device_unblocked(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
5e762444
AJ		 4043{
4044 struct pending_cmd *cmd;
4045 struct mgmt_ev_device_unblocked ev;
4046
2e58ef3e 4047 cmd = mgmt_pending_find(MGMT_OP_UNBLOCK_DEVICE, hdev);
5e762444 4048
88c1fe4b
JH		 4049 bacpy(&ev.addr.bdaddr, bdaddr);
4050 ev.addr.type = type;
5e762444 4051
744cf19e 4052 return mgmt_event(MGMT_EV_DEVICE_UNBLOCKED, hdev, &ev, sizeof(ev),
04124681 4053 cmd ? cmd->sk : NULL);
5e762444 4054}
d7b7e796
MH		 4055
4056module_param(enable_hs, bool, 0644);
4057MODULE_PARM_DESC(enable_hs, "Enable High Speed support");
Linux kernel - Deliverables
This page took 1.115417 seconds and 5 git commands to generate.