projects / deliverable / linux.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Bluetooth: ath3k: no need to set same pipe multiple times
[deliverable/linux.git] / net / bluetooth / mgmt.c
CommitLineData
0381101f
JH		 1/*
2 BlueZ - Bluetooth protocol stack for Linux
ea585ab5 3
0381101f 4 Copyright (C) 2010 Nokia Corporation
ea585ab5 5 Copyright (C) 2011-2012 Intel Corporation
0381101f
JH		 6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
10
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
23*/
24
25/* Bluetooth HCI Management interface */
26
3a9a231d 27#include <linux/module.h>
0381101f
JH		 28#include <asm/unaligned.h>
29
30#include <net/bluetooth/bluetooth.h>
31#include <net/bluetooth/hci_core.h>
4bc58f51 32#include <net/bluetooth/l2cap.h>
0381101f 33#include <net/bluetooth/mgmt.h>
ac4b7236
MH		 34
35#include "smp.h"
0381101f 36
2da9c55c 37#define MGMT_VERSION 1
b75cf9cd 38#define MGMT_REVISION 6
02d98129 39
e70bb2e8
JH		 40static const u16 mgmt_commands[] = {
41 MGMT_OP_READ_INDEX_LIST,
42 MGMT_OP_READ_INFO,
43 MGMT_OP_SET_POWERED,
44 MGMT_OP_SET_DISCOVERABLE,
45 MGMT_OP_SET_CONNECTABLE,
46 MGMT_OP_SET_FAST_CONNECTABLE,
47 MGMT_OP_SET_PAIRABLE,
48 MGMT_OP_SET_LINK_SECURITY,
49 MGMT_OP_SET_SSP,
50 MGMT_OP_SET_HS,
51 MGMT_OP_SET_LE,
52 MGMT_OP_SET_DEV_CLASS,
53 MGMT_OP_SET_LOCAL_NAME,
54 MGMT_OP_ADD_UUID,
55 MGMT_OP_REMOVE_UUID,
56 MGMT_OP_LOAD_LINK_KEYS,
57 MGMT_OP_LOAD_LONG_TERM_KEYS,
58 MGMT_OP_DISCONNECT,
59 MGMT_OP_GET_CONNECTIONS,
60 MGMT_OP_PIN_CODE_REPLY,
61 MGMT_OP_PIN_CODE_NEG_REPLY,
62 MGMT_OP_SET_IO_CAPABILITY,
63 MGMT_OP_PAIR_DEVICE,
64 MGMT_OP_CANCEL_PAIR_DEVICE,
65 MGMT_OP_UNPAIR_DEVICE,
66 MGMT_OP_USER_CONFIRM_REPLY,
67 MGMT_OP_USER_CONFIRM_NEG_REPLY,
68 MGMT_OP_USER_PASSKEY_REPLY,
69 MGMT_OP_USER_PASSKEY_NEG_REPLY,
70 MGMT_OP_READ_LOCAL_OOB_DATA,
71 MGMT_OP_ADD_REMOTE_OOB_DATA,
72 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
73 MGMT_OP_START_DISCOVERY,
74 MGMT_OP_STOP_DISCOVERY,
75 MGMT_OP_CONFIRM_NAME,
76 MGMT_OP_BLOCK_DEVICE,
77 MGMT_OP_UNBLOCK_DEVICE,
cdbaccca 78 MGMT_OP_SET_DEVICE_ID,
4375f103 79 MGMT_OP_SET_ADVERTISING,
0663ca2a 80 MGMT_OP_SET_BREDR,
d13eafce 81 MGMT_OP_SET_STATIC_ADDRESS,
7f72134e 82 MGMT_OP_SET_SCAN_PARAMS,
e98d2ce2 83 MGMT_OP_SET_SECURE_CONN,
4e39ac81 84 MGMT_OP_SET_DEBUG_KEYS,
62b04cd1 85 MGMT_OP_SET_PRIVACY,
41edf160 86 MGMT_OP_LOAD_IRKS,
dd983808 87 MGMT_OP_GET_CONN_INFO,
e70bb2e8
JH		 88};
89
90static const u16 mgmt_events[] = {
91 MGMT_EV_CONTROLLER_ERROR,
92 MGMT_EV_INDEX_ADDED,
93 MGMT_EV_INDEX_REMOVED,
94 MGMT_EV_NEW_SETTINGS,
95 MGMT_EV_CLASS_OF_DEV_CHANGED,
96 MGMT_EV_LOCAL_NAME_CHANGED,
97 MGMT_EV_NEW_LINK_KEY,
98 MGMT_EV_NEW_LONG_TERM_KEY,
99 MGMT_EV_DEVICE_CONNECTED,
100 MGMT_EV_DEVICE_DISCONNECTED,
101 MGMT_EV_CONNECT_FAILED,
102 MGMT_EV_PIN_CODE_REQUEST,
103 MGMT_EV_USER_CONFIRM_REQUEST,
104 MGMT_EV_USER_PASSKEY_REQUEST,
105 MGMT_EV_AUTH_FAILED,
106 MGMT_EV_DEVICE_FOUND,
107 MGMT_EV_DISCOVERING,
108 MGMT_EV_DEVICE_BLOCKED,
109 MGMT_EV_DEVICE_UNBLOCKED,
110 MGMT_EV_DEVICE_UNPAIRED,
92a25256 111 MGMT_EV_PASSKEY_NOTIFY,
1b60ef21 112 MGMT_EV_NEW_IRK,
7ee4ea36 113 MGMT_EV_NEW_CSRK,
e70bb2e8
JH		 114};
115
17b02e62 116#define CACHE_TIMEOUT msecs_to_jiffies(2 * 1000)
7d78525d 117
4b34ee78
JH		 118#define hdev_is_powered(hdev) (test_bit(HCI_UP, &hdev->flags) && \
119 !test_bit(HCI_AUTO_OFF, &hdev->dev_flags))
120
eec8d2bc
JH		 121struct pending_cmd {
122 struct list_head list;
fc2f4b13 123 u16 opcode;
eec8d2bc 124 int index;
c68fb7ff 125 void *param;
eec8d2bc 126 struct sock *sk;
e9a416b5 127 void *user_data;
eec8d2bc
JH		 128};
129
ca69b795
JH		 130/* HCI to MGMT error code conversion table */
131static u8 mgmt_status_table[] = {
132 MGMT_STATUS_SUCCESS,
133 MGMT_STATUS_UNKNOWN_COMMAND, /* Unknown Command */
134 MGMT_STATUS_NOT_CONNECTED, /* No Connection */
135 MGMT_STATUS_FAILED, /* Hardware Failure */
136 MGMT_STATUS_CONNECT_FAILED, /* Page Timeout */
137 MGMT_STATUS_AUTH_FAILED, /* Authentication Failed */
eadd663a 138 MGMT_STATUS_AUTH_FAILED, /* PIN or Key Missing */
ca69b795
JH		 139 MGMT_STATUS_NO_RESOURCES, /* Memory Full */
140 MGMT_STATUS_TIMEOUT, /* Connection Timeout */
141 MGMT_STATUS_NO_RESOURCES, /* Max Number of Connections */
142 MGMT_STATUS_NO_RESOURCES, /* Max Number of SCO Connections */
143 MGMT_STATUS_ALREADY_CONNECTED, /* ACL Connection Exists */
144 MGMT_STATUS_BUSY, /* Command Disallowed */
145 MGMT_STATUS_NO_RESOURCES, /* Rejected Limited Resources */
146 MGMT_STATUS_REJECTED, /* Rejected Security */
147 MGMT_STATUS_REJECTED, /* Rejected Personal */
148 MGMT_STATUS_TIMEOUT, /* Host Timeout */
149 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Feature */
150 MGMT_STATUS_INVALID_PARAMS, /* Invalid Parameters */
151 MGMT_STATUS_DISCONNECTED, /* OE User Ended Connection */
152 MGMT_STATUS_NO_RESOURCES, /* OE Low Resources */
153 MGMT_STATUS_DISCONNECTED, /* OE Power Off */
154 MGMT_STATUS_DISCONNECTED, /* Connection Terminated */
155 MGMT_STATUS_BUSY, /* Repeated Attempts */
156 MGMT_STATUS_REJECTED, /* Pairing Not Allowed */
157 MGMT_STATUS_FAILED, /* Unknown LMP PDU */
158 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Remote Feature */
159 MGMT_STATUS_REJECTED, /* SCO Offset Rejected */
160 MGMT_STATUS_REJECTED, /* SCO Interval Rejected */
161 MGMT_STATUS_REJECTED, /* Air Mode Rejected */
162 MGMT_STATUS_INVALID_PARAMS, /* Invalid LMP Parameters */
163 MGMT_STATUS_FAILED, /* Unspecified Error */
164 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported LMP Parameter Value */
165 MGMT_STATUS_FAILED, /* Role Change Not Allowed */
166 MGMT_STATUS_TIMEOUT, /* LMP Response Timeout */
167 MGMT_STATUS_FAILED, /* LMP Error Transaction Collision */
168 MGMT_STATUS_FAILED, /* LMP PDU Not Allowed */
169 MGMT_STATUS_REJECTED, /* Encryption Mode Not Accepted */
170 MGMT_STATUS_FAILED, /* Unit Link Key Used */
171 MGMT_STATUS_NOT_SUPPORTED, /* QoS Not Supported */
172 MGMT_STATUS_TIMEOUT, /* Instant Passed */
173 MGMT_STATUS_NOT_SUPPORTED, /* Pairing Not Supported */
174 MGMT_STATUS_FAILED, /* Transaction Collision */
175 MGMT_STATUS_INVALID_PARAMS, /* Unacceptable Parameter */
176 MGMT_STATUS_REJECTED, /* QoS Rejected */
177 MGMT_STATUS_NOT_SUPPORTED, /* Classification Not Supported */
178 MGMT_STATUS_REJECTED, /* Insufficient Security */
179 MGMT_STATUS_INVALID_PARAMS, /* Parameter Out Of Range */
180 MGMT_STATUS_BUSY, /* Role Switch Pending */
181 MGMT_STATUS_FAILED, /* Slot Violation */
182 MGMT_STATUS_FAILED, /* Role Switch Failed */
183 MGMT_STATUS_INVALID_PARAMS, /* EIR Too Large */
184 MGMT_STATUS_NOT_SUPPORTED, /* Simple Pairing Not Supported */
185 MGMT_STATUS_BUSY, /* Host Busy Pairing */
186 MGMT_STATUS_REJECTED, /* Rejected, No Suitable Channel */
187 MGMT_STATUS_BUSY, /* Controller Busy */
188 MGMT_STATUS_INVALID_PARAMS, /* Unsuitable Connection Interval */
189 MGMT_STATUS_TIMEOUT, /* Directed Advertising Timeout */
190 MGMT_STATUS_AUTH_FAILED, /* Terminated Due to MIC Failure */
191 MGMT_STATUS_CONNECT_FAILED, /* Connection Establishment Failed */
192 MGMT_STATUS_CONNECT_FAILED, /* MAC Connection Failed */
193};
194
195static u8 mgmt_status(u8 hci_status)
196{
197 if (hci_status < ARRAY_SIZE(mgmt_status_table))
198 return mgmt_status_table[hci_status];
199
200 return MGMT_STATUS_FAILED;
201}
202
4e51eae9 203static int cmd_status(struct sock *sk, u16 index, u16 cmd, u8 status)
f7b64e69
JH		 204{
205 struct sk_buff *skb;
206 struct mgmt_hdr *hdr;
207 struct mgmt_ev_cmd_status *ev;
56b7d137 208 int err;
f7b64e69 209
34eb525c 210 BT_DBG("sock %p, index %u, cmd %u, status %u", sk, index, cmd, status);
f7b64e69 211
790eff44 212 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev), GFP_KERNEL);
f7b64e69
JH		 213 if (!skb)
214 return -ENOMEM;
215
216 hdr = (void *) skb_put(skb, sizeof(*hdr));
217
dcf4adbf 218 hdr->opcode = cpu_to_le16(MGMT_EV_CMD_STATUS);
4e51eae9 219 hdr->index = cpu_to_le16(index);
f7b64e69
JH		 220 hdr->len = cpu_to_le16(sizeof(*ev));
221
222 ev = (void *) skb_put(skb, sizeof(*ev));
223 ev->status = status;
eb55ef07 224 ev->opcode = cpu_to_le16(cmd);
f7b64e69 225
56b7d137
GP		 226 err = sock_queue_rcv_skb(sk, skb);
227 if (err < 0)
f7b64e69
JH		 228 kfree_skb(skb);
229
56b7d137 230 return err;
f7b64e69
JH		 231}
232
aee9b218 233static int cmd_complete(struct sock *sk, u16 index, u16 cmd, u8 status,
04124681 234 void *rp, size_t rp_len)
02d98129
JH		 235{
236 struct sk_buff *skb;
237 struct mgmt_hdr *hdr;
238 struct mgmt_ev_cmd_complete *ev;
56b7d137 239 int err;
02d98129
JH		 240
241 BT_DBG("sock %p", sk);
242
790eff44 243 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev) + rp_len, GFP_KERNEL);
02d98129
JH		 244 if (!skb)
245 return -ENOMEM;
246
247 hdr = (void *) skb_put(skb, sizeof(*hdr));
02d98129 248
dcf4adbf 249 hdr->opcode = cpu_to_le16(MGMT_EV_CMD_COMPLETE);
4e51eae9 250 hdr->index = cpu_to_le16(index);
a38528f1 251 hdr->len = cpu_to_le16(sizeof(*ev) + rp_len);
02d98129 252
a38528f1 253 ev = (void *) skb_put(skb, sizeof(*ev) + rp_len);
eb55ef07 254 ev->opcode = cpu_to_le16(cmd);
aee9b218 255 ev->status = status;
8020c16a
SJ		 256
257 if (rp)
258 memcpy(ev->data, rp, rp_len);
02d98129 259
56b7d137
GP		 260 err = sock_queue_rcv_skb(sk, skb);
261 if (err < 0)
02d98129
JH		 262 kfree_skb(skb);
263
e5f0e151 264 return err;
02d98129
JH		 265}
266
04124681
GP		 267static int read_version(struct sock *sk, struct hci_dev *hdev, void *data,
268 u16 data_len)
a38528f1
JH		 269{
270 struct mgmt_rp_read_version rp;
271
272 BT_DBG("sock %p", sk);
273
274 rp.version = MGMT_VERSION;
dcf4adbf 275 rp.revision = cpu_to_le16(MGMT_REVISION);
a38528f1 276
aee9b218 277 return cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_VERSION, 0, &rp,
04124681 278 sizeof(rp));
a38528f1
JH		 279}
280
04124681
GP		 281static int read_commands(struct sock *sk, struct hci_dev *hdev, void *data,
282 u16 data_len)
e70bb2e8
JH		 283{
284 struct mgmt_rp_read_commands *rp;
eb55ef07
MH		 285 const u16 num_commands = ARRAY_SIZE(mgmt_commands);
286 const u16 num_events = ARRAY_SIZE(mgmt_events);
2e3c35ea 287 __le16 *opcode;
e70bb2e8
JH		 288 size_t rp_size;
289 int i, err;
290
291 BT_DBG("sock %p", sk);
292
293 rp_size = sizeof(*rp) + ((num_commands + num_events) * sizeof(u16));
294
295 rp = kmalloc(rp_size, GFP_KERNEL);
296 if (!rp)
297 return -ENOMEM;
298
dcf4adbf
JP		 299 rp->num_commands = cpu_to_le16(num_commands);
300 rp->num_events = cpu_to_le16(num_events);
e70bb2e8
JH		 301
302 for (i = 0, opcode = rp->opcodes; i < num_commands; i++, opcode++)
303 put_unaligned_le16(mgmt_commands[i], opcode);
304
305 for (i = 0; i < num_events; i++, opcode++)
306 put_unaligned_le16(mgmt_events[i], opcode);
307
aee9b218 308 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_COMMANDS, 0, rp,
04124681 309 rp_size);
e70bb2e8
JH		 310 kfree(rp);
311
312 return err;
313}
314
04124681
GP		 315static int read_index_list(struct sock *sk, struct hci_dev *hdev, void *data,
316 u16 data_len)
faba42eb 317{
faba42eb 318 struct mgmt_rp_read_index_list *rp;
8035ded4 319 struct hci_dev *d;
a38528f1 320 size_t rp_len;
faba42eb 321 u16 count;
476e44cb 322 int err;
faba42eb
JH		 323
324 BT_DBG("sock %p", sk);
325
326 read_lock(&hci_dev_list_lock);
327
328 count = 0;
bb4b2a9a 329 list_for_each_entry(d, &hci_dev_list, list) {
1514b892
MH		 330 if (d->dev_type == HCI_BREDR)
331 count++;
faba42eb
JH		 332 }
333
a38528f1
JH		 334 rp_len = sizeof(*rp) + (2 * count);
335 rp = kmalloc(rp_len, GFP_ATOMIC);
336 if (!rp) {
b2c60d42 337 read_unlock(&hci_dev_list_lock);
faba42eb 338 return -ENOMEM;
b2c60d42 339 }
faba42eb 340
476e44cb 341 count = 0;
8035ded4 342 list_for_each_entry(d, &hci_dev_list, list) {
a8b2d5c2 343 if (test_bit(HCI_SETUP, &d->dev_flags))
ab81cbf9
JH		 344 continue;
345
0736cfa8
MH		 346 if (test_bit(HCI_USER_CHANNEL, &d->dev_flags))
347 continue;
348
1514b892
MH		 349 if (d->dev_type == HCI_BREDR) {
350 rp->index[count++] = cpu_to_le16(d->id);
351 BT_DBG("Added hci%u", d->id);
352 }
faba42eb
JH		 353 }
354
476e44cb
JH		 355 rp->num_controllers = cpu_to_le16(count);
356 rp_len = sizeof(*rp) + (2 * count);
357
faba42eb
JH		 358 read_unlock(&hci_dev_list_lock);
359
aee9b218 360 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_INDEX_LIST, 0, rp,
04124681 361 rp_len);
faba42eb 362
a38528f1
JH		 363 kfree(rp);
364
365 return err;
faba42eb
JH		 366}
367
69ab39ea
JH		 368static u32 get_supported_settings(struct hci_dev *hdev)
369{
370 u32 settings = 0;
371
372 settings |= MGMT_SETTING_POWERED;
69ab39ea 373 settings |= MGMT_SETTING_PAIRABLE;
b1de97d8 374 settings |= MGMT_SETTING_DEBUG_KEYS;
69ab39ea 375
ed3fa31f 376 if (lmp_bredr_capable(hdev)) {
33c525c0 377 settings |= MGMT_SETTING_CONNECTABLE;
1a47aee8
JH		 378 if (hdev->hci_ver >= BLUETOOTH_VER_1_2)
379 settings |= MGMT_SETTING_FAST_CONNECTABLE;
33c525c0 380 settings |= MGMT_SETTING_DISCOVERABLE;
69ab39ea
JH		 381 settings |= MGMT_SETTING_BREDR;
382 settings |= MGMT_SETTING_LINK_SECURITY;
a82974c9
MH		 383
384 if (lmp_ssp_capable(hdev)) {
385 settings |= MGMT_SETTING_SSP;
386 settings |= MGMT_SETTING_HS;
387 }
e98d2ce2 388
5afeac14
MH		 389 if (lmp_sc_capable(hdev) ||
390 test_bit(HCI_FORCE_SC, &hdev->dev_flags))
e98d2ce2 391 settings |= MGMT_SETTING_SECURE_CONN;
848566b3 392 }
d7b7e796 393
eeca6f89 394 if (lmp_le_capable(hdev)) {
9d42820f 395 settings |= MGMT_SETTING_LE;
eeca6f89 396 settings |= MGMT_SETTING_ADVERTISING;
0f4bd942 397 settings |= MGMT_SETTING_PRIVACY;
eeca6f89 398 }
69ab39ea
JH		 399
400 return settings;
401}
402
403static u32 get_current_settings(struct hci_dev *hdev)
404{
405 u32 settings = 0;
406
f1f0eb02 407 if (hdev_is_powered(hdev))
f0d4b78a
MH		 408 settings |= MGMT_SETTING_POWERED;
409
5e5282bb 410 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
69ab39ea
JH		 411 settings |= MGMT_SETTING_CONNECTABLE;
412
1a4d3c4b
JH		 413 if (test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags))
414 settings |= MGMT_SETTING_FAST_CONNECTABLE;
415
5e5282bb 416 if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
69ab39ea
JH		 417 settings |= MGMT_SETTING_DISCOVERABLE;
418
a8b2d5c2 419 if (test_bit(HCI_PAIRABLE, &hdev->dev_flags))
69ab39ea
JH		 420 settings |= MGMT_SETTING_PAIRABLE;
421
56f87901 422 if (test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
69ab39ea
JH		 423 settings |= MGMT_SETTING_BREDR;
424
06199cf8 425 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
69ab39ea
JH		 426 settings |= MGMT_SETTING_LE;
427
47990ea0 428 if (test_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
69ab39ea
JH		 429 settings |= MGMT_SETTING_LINK_SECURITY;
430
84bde9d6 431 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
69ab39ea
JH		 432 settings |= MGMT_SETTING_SSP;
433
6d80dfd0
JH		 434 if (test_bit(HCI_HS_ENABLED, &hdev->dev_flags))
435 settings |= MGMT_SETTING_HS;
436
f3d3444a 437 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags))
eeca6f89
JH		 438 settings |= MGMT_SETTING_ADVERTISING;
439
e98d2ce2
MH		 440 if (test_bit(HCI_SC_ENABLED, &hdev->dev_flags))
441 settings |= MGMT_SETTING_SECURE_CONN;
442
b1de97d8
MH		 443 if (test_bit(HCI_DEBUG_KEYS, &hdev->dev_flags))
444 settings |= MGMT_SETTING_DEBUG_KEYS;
445
0f4bd942
JH		 446 if (test_bit(HCI_PRIVACY, &hdev->dev_flags))
447 settings |= MGMT_SETTING_PRIVACY;
448
69ab39ea
JH		 449 return settings;
450}
451
ef580372
JH		 452#define PNP_INFO_SVCLASS_ID 0x1200
453
213202ed
JH		 454static u8 *create_uuid16_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
455{
456 u8 *ptr = data, *uuids_start = NULL;
457 struct bt_uuid *uuid;
458
459 if (len < 4)
460 return ptr;
461
462 list_for_each_entry(uuid, &hdev->uuids, list) {
463 u16 uuid16;
464
465 if (uuid->size != 16)
466 continue;
467
468 uuid16 = get_unaligned_le16(&uuid->uuid[12]);
469 if (uuid16 < 0x1100)
470 continue;
471
472 if (uuid16 == PNP_INFO_SVCLASS_ID)
473 continue;
474
475 if (!uuids_start) {
476 uuids_start = ptr;
477 uuids_start[0] = 1;
478 uuids_start[1] = EIR_UUID16_ALL;
479 ptr += 2;
480 }
481
482 /* Stop if not enough space to put next UUID */
483 if ((ptr - data) + sizeof(u16) > len) {
484 uuids_start[1] = EIR_UUID16_SOME;
485 break;
486 }
487
488 *ptr++ = (uuid16 & 0x00ff);
489 *ptr++ = (uuid16 & 0xff00) >> 8;
490 uuids_start[0] += sizeof(uuid16);
491 }
492
493 return ptr;
494}
495
cdf1963f
JH		 496static u8 *create_uuid32_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
497{
498 u8 *ptr = data, *uuids_start = NULL;
499 struct bt_uuid *uuid;
500
501 if (len < 6)
502 return ptr;
503
504 list_for_each_entry(uuid, &hdev->uuids, list) {
505 if (uuid->size != 32)
506 continue;
507
508 if (!uuids_start) {
509 uuids_start = ptr;
510 uuids_start[0] = 1;
511 uuids_start[1] = EIR_UUID32_ALL;
512 ptr += 2;
513 }
514
515 /* Stop if not enough space to put next UUID */
516 if ((ptr - data) + sizeof(u32) > len) {
517 uuids_start[1] = EIR_UUID32_SOME;
518 break;
519 }
520
521 memcpy(ptr, &uuid->uuid[12], sizeof(u32));
522 ptr += sizeof(u32);
523 uuids_start[0] += sizeof(u32);
524 }
525
526 return ptr;
527}
528
c00d575b
JH		 529static u8 *create_uuid128_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
530{
531 u8 *ptr = data, *uuids_start = NULL;
532 struct bt_uuid *uuid;
533
534 if (len < 18)
535 return ptr;
536
537 list_for_each_entry(uuid, &hdev->uuids, list) {
538 if (uuid->size != 128)
539 continue;
540
541 if (!uuids_start) {
542 uuids_start = ptr;
543 uuids_start[0] = 1;
544 uuids_start[1] = EIR_UUID128_ALL;
545 ptr += 2;
546 }
547
548 /* Stop if not enough space to put next UUID */
549 if ((ptr - data) + 16 > len) {
550 uuids_start[1] = EIR_UUID128_SOME;
551 break;
552 }
553
554 memcpy(ptr, uuid->uuid, 16);
555 ptr += 16;
556 uuids_start[0] += 16;
557 }
558
559 return ptr;
560}
561
eb2a8d20
JH		 562static struct pending_cmd *mgmt_pending_find(u16 opcode, struct hci_dev *hdev)
563{
564 struct pending_cmd *cmd;
565
566 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
567 if (cmd->opcode == opcode)
568 return cmd;
569 }
570
571 return NULL;
572}
573
f14d8f64
MH		 574static u8 create_scan_rsp_data(struct hci_dev *hdev, u8 *ptr)
575{
7a5f4990
MH		 576 u8 ad_len = 0;
577 size_t name_len;
578
579 name_len = strlen(hdev->dev_name);
580 if (name_len > 0) {
581 size_t max_len = HCI_MAX_AD_LENGTH - ad_len - 2;
582
583 if (name_len > max_len) {
584 name_len = max_len;
585 ptr[1] = EIR_NAME_SHORT;
586 } else
587 ptr[1] = EIR_NAME_COMPLETE;
588
589 ptr[0] = name_len + 1;
590
591 memcpy(ptr + 2, hdev->dev_name, name_len);
592
593 ad_len += (name_len + 2);
594 ptr += (name_len + 2);
595 }
596
597 return ad_len;
f14d8f64
MH		 598}
599
600static void update_scan_rsp_data(struct hci_request *req)
601{
602 struct hci_dev *hdev = req->hdev;
603 struct hci_cp_le_set_scan_rsp_data cp;
604 u8 len;
605
7751ef1b 606 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
f14d8f64
MH		 607 return;
608
609 memset(&cp, 0, sizeof(cp));
610
611 len = create_scan_rsp_data(hdev, cp.data);
612
eb438b5f
JH		 613 if (hdev->scan_rsp_data_len == len &&
614 memcmp(cp.data, hdev->scan_rsp_data, len) == 0)
f14d8f64
MH		 615 return;
616
eb438b5f
JH		 617 memcpy(hdev->scan_rsp_data, cp.data, sizeof(cp.data));
618 hdev->scan_rsp_data_len = len;
f14d8f64
MH		 619
620 cp.length = len;
621
622 hci_req_add(req, HCI_OP_LE_SET_SCAN_RSP_DATA, sizeof(cp), &cp);
623}
624
9a43e25f
JH		 625static u8 get_adv_discov_flags(struct hci_dev *hdev)
626{
627 struct pending_cmd *cmd;
628
629 /* If there's a pending mgmt command the flags will not yet have
630 * their final values, so check for this first.
631 */
632 cmd = mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev);
633 if (cmd) {
634 struct mgmt_mode *cp = cmd->param;
635 if (cp->val == 0x01)
636 return LE_AD_GENERAL;
637 else if (cp->val == 0x02)
638 return LE_AD_LIMITED;
639 } else {
640 if (test_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags))
641 return LE_AD_LIMITED;
642 else if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
643 return LE_AD_GENERAL;
644 }
645
646 return 0;
647}
648
46cad2ed 649static u8 create_adv_data(struct hci_dev *hdev, u8 *ptr)
441ad2d0
MH		 650{
651 u8 ad_len = 0, flags = 0;
441ad2d0 652
9a43e25f 653 flags |= get_adv_discov_flags(hdev);
441ad2d0 654
e834004b 655 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
441ad2d0 656 flags |= LE_AD_NO_BREDR;
441ad2d0
MH		 657
658 if (flags) {
659 BT_DBG("adv flags 0x%02x", flags);
660
661 ptr[0] = 2;
662 ptr[1] = EIR_FLAGS;
663 ptr[2] = flags;
664
665 ad_len += 3;
666 ptr += 3;
667 }
668
669 if (hdev->adv_tx_power != HCI_TX_POWER_INVALID) {
670 ptr[0] = 2;
671 ptr[1] = EIR_TX_POWER;
672 ptr[2] = (u8) hdev->adv_tx_power;
673
674 ad_len += 3;
675 ptr += 3;
676 }
677
441ad2d0
MH		 678 return ad_len;
679}
680
5947f4bc 681static void update_adv_data(struct hci_request *req)
441ad2d0
MH		 682{
683 struct hci_dev *hdev = req->hdev;
684 struct hci_cp_le_set_adv_data cp;
685 u8 len;
686
10994ce6 687 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
441ad2d0
MH		 688 return;
689
690 memset(&cp, 0, sizeof(cp));
691
46cad2ed 692 len = create_adv_data(hdev, cp.data);
441ad2d0
MH		 693
694 if (hdev->adv_data_len == len &&
695 memcmp(cp.data, hdev->adv_data, len) == 0)
696 return;
697
698 memcpy(hdev->adv_data, cp.data, sizeof(cp.data));
699 hdev->adv_data_len = len;
700
701 cp.length = len;
702
703 hci_req_add(req, HCI_OP_LE_SET_ADV_DATA, sizeof(cp), &cp);
704}
705
ef580372
JH		 706static void create_eir(struct hci_dev *hdev, u8 *data)
707{
708 u8 *ptr = data;
ef580372
JH		 709 size_t name_len;
710
711 name_len = strlen(hdev->dev_name);
712
713 if (name_len > 0) {
714 /* EIR Data type */
715 if (name_len > 48) {
716 name_len = 48;
717 ptr[1] = EIR_NAME_SHORT;
718 } else
719 ptr[1] = EIR_NAME_COMPLETE;
720
721 /* EIR Data length */
722 ptr[0] = name_len + 1;
723
724 memcpy(ptr + 2, hdev->dev_name, name_len);
725
ef580372
JH		 726 ptr += (name_len + 2);
727 }
728
bbaf444a 729 if (hdev->inq_tx_power != HCI_TX_POWER_INVALID) {
91c4e9b1
MH		 730 ptr[0] = 2;
731 ptr[1] = EIR_TX_POWER;
732 ptr[2] = (u8) hdev->inq_tx_power;
733
91c4e9b1
MH		 734 ptr += 3;
735 }
736
2b9be137
MH		 737 if (hdev->devid_source > 0) {
738 ptr[0] = 9;
739 ptr[1] = EIR_DEVICE_ID;
740
741 put_unaligned_le16(hdev->devid_source, ptr + 2);
742 put_unaligned_le16(hdev->devid_vendor, ptr + 4);
743 put_unaligned_le16(hdev->devid_product, ptr + 6);
744 put_unaligned_le16(hdev->devid_version, ptr + 8);
745
2b9be137
MH		 746 ptr += 10;
747 }
748
213202ed 749 ptr = create_uuid16_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
cdf1963f 750 ptr = create_uuid32_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
c00d575b 751 ptr = create_uuid128_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
ef580372
JH		 752}
753
890ea898 754static void update_eir(struct hci_request *req)
ef580372 755{
890ea898 756 struct hci_dev *hdev = req->hdev;
ef580372
JH		 757 struct hci_cp_write_eir cp;
758
504c8dcd 759 if (!hdev_is_powered(hdev))
890ea898 760 return;
7770c4aa 761
976eb20e 762 if (!lmp_ext_inq_capable(hdev))
890ea898 763 return;
ef580372 764
84bde9d6 765 if (!test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
890ea898 766 return;
ef580372 767
a8b2d5c2 768 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
890ea898 769 return;
ef580372
JH		 770
771 memset(&cp, 0, sizeof(cp));
772
773 create_eir(hdev, cp.data);
774
775 if (memcmp(cp.data, hdev->eir, sizeof(cp.data)) == 0)
890ea898 776 return;
ef580372
JH		 777
778 memcpy(hdev->eir, cp.data, sizeof(cp.data));
779
890ea898 780 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
ef580372
JH		 781}
782
783static u8 get_service_classes(struct hci_dev *hdev)
784{
785 struct bt_uuid *uuid;
786 u8 val = 0;
787
788 list_for_each_entry(uuid, &hdev->uuids, list)
789 val |= uuid->svc_hint;
790
791 return val;
792}
793
890ea898 794static void update_class(struct hci_request *req)
ef580372 795{
890ea898 796 struct hci_dev *hdev = req->hdev;
ef580372
JH		 797 u8 cod[3];
798
799 BT_DBG("%s", hdev->name);
800
504c8dcd 801 if (!hdev_is_powered(hdev))
890ea898 802 return;
7770c4aa 803
f87ea1da
JH		 804 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
805 return;
806
a8b2d5c2 807 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
890ea898 808 return;
ef580372
JH		 809
810 cod[0] = hdev->minor_class;
811 cod[1] = hdev->major_class;
812 cod[2] = get_service_classes(hdev);
813
6acd7db4
MH		 814 if (test_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags))
815 cod[1] |= 0x20;
816
ef580372 817 if (memcmp(cod, hdev->dev_class, 3) == 0)
890ea898 818 return;
ef580372 819
890ea898 820 hci_req_add(req, HCI_OP_WRITE_CLASS_OF_DEV, sizeof(cod), cod);
ef580372
JH		 821}
822
a4858cb9 823static bool get_connectable(struct hci_dev *hdev)
199a2fb1
JH		 824{
825 struct pending_cmd *cmd;
199a2fb1
JH		 826
827 /* If there's a pending mgmt command the flag will not yet have
828 * it's final value, so check for this first.
829 */
830 cmd = mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
831 if (cmd) {
832 struct mgmt_mode *cp = cmd->param;
a4858cb9 833 return cp->val;
199a2fb1
JH		 834 }
835
a4858cb9 836 return test_bit(HCI_CONNECTABLE, &hdev->dev_flags);
199a2fb1
JH		 837}
838
839static void enable_advertising(struct hci_request *req)
840{
841 struct hci_dev *hdev = req->hdev;
842 struct hci_cp_le_set_adv_param cp;
8f2a0601 843 u8 own_addr_type, enable = 0x01;
a4858cb9 844 bool connectable;
199a2fb1 845
8d97250e
JH		 846 /* Clear the HCI_ADVERTISING bit temporarily so that the
847 * hci_update_random_address knows that it's safe to go ahead
848 * and write a new random address. The flag will be set back on
849 * as soon as the SET_ADV_ENABLE HCI command completes.
850 */
851 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
852
a4858cb9 853 connectable = get_connectable(hdev);
8f2a0601 854
a4858cb9
JH		 855 /* Set require_privacy to true only when non-connectable
856 * advertising is used. In that case it is fine to use a
857 * non-resolvable private address.
858 */
859 if (hci_update_random_address(req, !connectable, &own_addr_type) < 0)
8f2a0601
JH		 860 return;
861
41c90c18 862 memset(&cp, 0, sizeof(cp));
dcf4adbf
JP		 863 cp.min_interval = cpu_to_le16(0x0800);
864 cp.max_interval = cpu_to_le16(0x0800);
a4858cb9 865 cp.type = connectable ? LE_ADV_IND : LE_ADV_NONCONN_IND;
8f2a0601 866 cp.own_address_type = own_addr_type;
199a2fb1
JH		 867 cp.channel_map = hdev->le_adv_channel_map;
868
869 hci_req_add(req, HCI_OP_LE_SET_ADV_PARAM, sizeof(cp), &cp);
870
871 hci_req_add(req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable), &enable);
872}
873
874static void disable_advertising(struct hci_request *req)
875{
876 u8 enable = 0x00;
877
878 hci_req_add(req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable), &enable);
879}
880
7d78525d
JH		 881static void service_cache_off(struct work_struct *work)
882{
883 struct hci_dev *hdev = container_of(work, struct hci_dev,
04124681 884 service_cache.work);
890ea898 885 struct hci_request req;
7d78525d 886
a8b2d5c2 887 if (!test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
7d78525d
JH		 888 return;
889
890ea898
JH		 890 hci_req_init(&req, hdev);
891
7d78525d
JH		 892 hci_dev_lock(hdev);
893
890ea898
JH		 894 update_eir(&req);
895 update_class(&req);
7d78525d
JH		 896
897 hci_dev_unlock(hdev);
890ea898
JH		 898
899 hci_req_run(&req, NULL);
7d78525d
JH		 900}
901
d6bfd59c
JH		 902static void rpa_expired(struct work_struct *work)
903{
904 struct hci_dev *hdev = container_of(work, struct hci_dev,
905 rpa_expired.work);
906 struct hci_request req;
907
908 BT_DBG("");
909
910 set_bit(HCI_RPA_EXPIRED, &hdev->dev_flags);
911
912 if (!test_bit(HCI_ADVERTISING, &hdev->dev_flags) ||
913 hci_conn_num(hdev, LE_LINK) > 0)
914 return;
915
916 /* The generation of a new RPA and programming it into the
917 * controller happens in the enable_advertising() function.
918 */
919
920 hci_req_init(&req, hdev);
921
922 disable_advertising(&req);
923 enable_advertising(&req);
924
925 hci_req_run(&req, NULL);
926}
927
6a919082 928static void mgmt_init_hdev(struct sock *sk, struct hci_dev *hdev)
7d78525d 929{
4f87da80 930 if (test_and_set_bit(HCI_MGMT, &hdev->dev_flags))
6a919082
JH		 931 return;
932
4f87da80 933 INIT_DELAYED_WORK(&hdev->service_cache, service_cache_off);
d6bfd59c 934 INIT_DELAYED_WORK(&hdev->rpa_expired, rpa_expired);
7d78525d 935
4f87da80
JH		 936 /* Non-mgmt controlled devices get this bit set
937 * implicitly so that pairing works for them, however
938 * for mgmt we require user-space to explicitly enable
939 * it
940 */
941 clear_bit(HCI_PAIRABLE, &hdev->dev_flags);
7d78525d
JH		 942}
943
0f4e68cf 944static int read_controller_info(struct sock *sk, struct hci_dev *hdev,
04124681 945 void *data, u16 data_len)
0381101f 946{
a38528f1 947 struct mgmt_rp_read_info rp;
f7b64e69 948
bdb6d971 949 BT_DBG("sock %p %s", sk, hdev->name);
f7b64e69 950
09fd0de5 951 hci_dev_lock(hdev);
f7b64e69 952
dc4fe30b
JH		 953 memset(&rp, 0, sizeof(rp));
954
69ab39ea 955 bacpy(&rp.bdaddr, &hdev->bdaddr);
f7b64e69 956
69ab39ea 957 rp.version = hdev->hci_ver;
eb55ef07 958 rp.manufacturer = cpu_to_le16(hdev->manufacturer);
69ab39ea
JH		 959
960 rp.supported_settings = cpu_to_le32(get_supported_settings(hdev));
961 rp.current_settings = cpu_to_le32(get_current_settings(hdev));
f7b64e69 962
a38528f1 963 memcpy(rp.dev_class, hdev->dev_class, 3);
f7b64e69 964
dc4fe30b 965 memcpy(rp.name, hdev->dev_name, sizeof(hdev->dev_name));
27fcc362 966 memcpy(rp.short_name, hdev->short_name, sizeof(hdev->short_name));
dc4fe30b 967
09fd0de5 968 hci_dev_unlock(hdev);
0381101f 969
bdb6d971 970 return cmd_complete(sk, hdev->id, MGMT_OP_READ_INFO, 0, &rp,
04124681 971 sizeof(rp));
0381101f
JH		 972}
973
eec8d2bc
JH		 974static void mgmt_pending_free(struct pending_cmd *cmd)
975{
976 sock_put(cmd->sk);
c68fb7ff 977 kfree(cmd->param);
eec8d2bc
JH		 978 kfree(cmd);
979}
980
366a0336 981static struct pending_cmd *mgmt_pending_add(struct sock *sk, u16 opcode,
04124681
GP		 982 struct hci_dev *hdev, void *data,
983 u16 len)
eec8d2bc
JH		 984{
985 struct pending_cmd *cmd;
986
12b94565 987 cmd = kmalloc(sizeof(*cmd), GFP_KERNEL);
eec8d2bc 988 if (!cmd)
366a0336 989 return NULL;
eec8d2bc
JH		 990
991 cmd->opcode = opcode;
2e58ef3e 992 cmd->index = hdev->id;
eec8d2bc 993
12b94565 994 cmd->param = kmalloc(len, GFP_KERNEL);
c68fb7ff 995 if (!cmd->param) {
eec8d2bc 996 kfree(cmd);
366a0336 997 return NULL;
eec8d2bc
JH		 998 }
999
8fce6357
SJ		 1000 if (data)
1001 memcpy(cmd->param, data, len);
eec8d2bc
JH		 1002
1003 cmd->sk = sk;
1004 sock_hold(sk);
1005
2e58ef3e 1006 list_add(&cmd->list, &hdev->mgmt_pending);
eec8d2bc 1007
366a0336 1008 return cmd;
eec8d2bc
JH		 1009}
1010
744cf19e 1011static void mgmt_pending_foreach(u16 opcode, struct hci_dev *hdev,
8fc9ced3
GP		 1012 void (*cb)(struct pending_cmd *cmd,
1013 void *data),
04124681 1014 void *data)
eec8d2bc 1015{
a3d09356 1016 struct pending_cmd *cmd, *tmp;
eec8d2bc 1017
a3d09356 1018 list_for_each_entry_safe(cmd, tmp, &hdev->mgmt_pending, list) {
b24752fe 1019 if (opcode > 0 && cmd->opcode != opcode)
eec8d2bc
JH		 1020 continue;
1021
eec8d2bc
JH		 1022 cb(cmd, data);
1023 }
1024}
1025
a664b5bc 1026static void mgmt_pending_remove(struct pending_cmd *cmd)
73f22f62 1027{
73f22f62
JH		 1028 list_del(&cmd->list);
1029 mgmt_pending_free(cmd);
1030}
1031
69ab39ea 1032static int send_settings_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
8680570b 1033{
69ab39ea 1034 __le32 settings = cpu_to_le32(get_current_settings(hdev));
8680570b 1035
aee9b218 1036 return cmd_complete(sk, hdev->id, opcode, 0, &settings,
04124681 1037 sizeof(settings));
8680570b
JH		 1038}
1039
8b064a3a
JH		 1040static void clean_up_hci_complete(struct hci_dev *hdev, u8 status)
1041{
1042 BT_DBG("%s status 0x%02x", hdev->name, status);
1043
a3172b7e
JH		 1044 if (hci_conn_count(hdev) == 0) {
1045 cancel_delayed_work(&hdev->power_off);
8b064a3a 1046 queue_work(hdev->req_workqueue, &hdev->power_off.work);
a3172b7e 1047 }
8b064a3a
JH		 1048}
1049
1050static int clean_up_hci_state(struct hci_dev *hdev)
1051{
1052 struct hci_request req;
1053 struct hci_conn *conn;
1054
1055 hci_req_init(&req, hdev);
1056
1057 if (test_bit(HCI_ISCAN, &hdev->flags) ||
1058 test_bit(HCI_PSCAN, &hdev->flags)) {
1059 u8 scan = 0x00;
1060 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1061 }
1062
1063 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags))
1064 disable_advertising(&req);
1065
1066 if (test_bit(HCI_LE_SCAN, &hdev->dev_flags)) {
b1efcc28 1067 hci_req_add_le_scan_disable(&req);
8b064a3a
JH		 1068 }
1069
1070 list_for_each_entry(conn, &hdev->conn_hash.list, list) {
1071 struct hci_cp_disconnect dc;
c9910d0f
JH		 1072 struct hci_cp_reject_conn_req rej;
1073
1074 switch (conn->state) {
1075 case BT_CONNECTED:
1076 case BT_CONFIG:
1077 dc.handle = cpu_to_le16(conn->handle);
1078 dc.reason = 0x15; /* Terminated due to Power Off */
1079 hci_req_add(&req, HCI_OP_DISCONNECT, sizeof(dc), &dc);
1080 break;
1081 case BT_CONNECT:
1082 if (conn->type == LE_LINK)
1083 hci_req_add(&req, HCI_OP_LE_CREATE_CONN_CANCEL,
1084 0, NULL);
1085 else if (conn->type == ACL_LINK)
1086 hci_req_add(&req, HCI_OP_CREATE_CONN_CANCEL,
1087 6, &conn->dst);
1088 break;
1089 case BT_CONNECT2:
1090 bacpy(&rej.bdaddr, &conn->dst);
1091 rej.reason = 0x15; /* Terminated due to Power Off */
1092 if (conn->type == ACL_LINK)
1093 hci_req_add(&req, HCI_OP_REJECT_CONN_REQ,
1094 sizeof(rej), &rej);
1095 else if (conn->type == SCO_LINK)
1096 hci_req_add(&req, HCI_OP_REJECT_SYNC_CONN_REQ,
1097 sizeof(rej), &rej);
1098 break;
1099 }
8b064a3a
JH		 1100 }
1101
1102 return hci_req_run(&req, clean_up_hci_complete);
1103}
1104
bdb6d971 1105static int set_powered(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1106 u16 len)
eec8d2bc 1107{
650f726d 1108 struct mgmt_mode *cp = data;
366a0336 1109 struct pending_cmd *cmd;
4b34ee78 1110 int err;
eec8d2bc 1111
bdb6d971 1112 BT_DBG("request for %s", hdev->name);
eec8d2bc 1113
a7e80f25
JH		 1114 if (cp->val != 0x00 && cp->val != 0x01)
1115 return cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
1116 MGMT_STATUS_INVALID_PARAMS);
1117
09fd0de5 1118 hci_dev_lock(hdev);
eec8d2bc 1119
87b95ba6
JH		 1120 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev)) {
1121 err = cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
1122 MGMT_STATUS_BUSY);
1123 goto failed;
1124 }
1125
f0d4b78a
MH		 1126 if (test_and_clear_bit(HCI_AUTO_OFF, &hdev->dev_flags)) {
1127 cancel_delayed_work(&hdev->power_off);
1128
1129 if (cp->val) {
a1d70450
JH		 1130 mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev,
1131 data, len);
1132 err = mgmt_powered(hdev, 1);
f0d4b78a
MH		 1133 goto failed;
1134 }
1135 }
1136
4b34ee78 1137 if (!!cp->val == hdev_is_powered(hdev)) {
69ab39ea 1138 err = send_settings_rsp(sk, MGMT_OP_SET_POWERED, hdev);
eec8d2bc
JH		 1139 goto failed;
1140 }
1141
2e58ef3e 1142 cmd = mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev, data, len);
366a0336
JH		 1143 if (!cmd) {
1144 err = -ENOMEM;
eec8d2bc 1145 goto failed;
366a0336 1146 }
eec8d2bc 1147
8b064a3a 1148 if (cp->val) {
19202573 1149 queue_work(hdev->req_workqueue, &hdev->power_on);
8b064a3a
JH		 1150 err = 0;
1151 } else {
1152 /* Disconnect connections, stop scans, etc */
1153 err = clean_up_hci_state(hdev);
a3172b7e
JH		 1154 if (!err)
1155 queue_delayed_work(hdev->req_workqueue, &hdev->power_off,
1156 HCI_POWER_OFF_TIMEOUT);
eec8d2bc 1157
8b064a3a
JH		 1158 /* ENODATA means there were no HCI commands queued */
1159 if (err == -ENODATA) {
a3172b7e 1160 cancel_delayed_work(&hdev->power_off);
8b064a3a
JH		 1161 queue_work(hdev->req_workqueue, &hdev->power_off.work);
1162 err = 0;
1163 }
1164 }
eec8d2bc
JH		 1165
1166failed:
09fd0de5 1167 hci_dev_unlock(hdev);
366a0336 1168 return err;
eec8d2bc
JH		 1169}
1170
04124681
GP		 1171static int mgmt_event(u16 event, struct hci_dev *hdev, void *data, u16 data_len,
1172 struct sock *skip_sk)
beadb2bd
JH		 1173{
1174 struct sk_buff *skb;
1175 struct mgmt_hdr *hdr;
1176
790eff44 1177 skb = alloc_skb(sizeof(*hdr) + data_len, GFP_KERNEL);
beadb2bd
JH		 1178 if (!skb)
1179 return -ENOMEM;
1180
1181 hdr = (void *) skb_put(skb, sizeof(*hdr));
1182 hdr->opcode = cpu_to_le16(event);
1183 if (hdev)
1184 hdr->index = cpu_to_le16(hdev->id);
1185 else
dcf4adbf 1186 hdr->index = cpu_to_le16(MGMT_INDEX_NONE);
beadb2bd
JH		 1187 hdr->len = cpu_to_le16(data_len);
1188
1189 if (data)
1190 memcpy(skb_put(skb, data_len), data, data_len);
1191
97e0bdeb
MH		 1192 /* Time stamp */
1193 __net_timestamp(skb);
1194
beadb2bd
JH		 1195 hci_send_to_control(skb, skip_sk);
1196 kfree_skb(skb);
1197
1198 return 0;
1199}
1200
1201static int new_settings(struct hci_dev *hdev, struct sock *skip)
1202{
1203 __le32 ev;
1204
1205 ev = cpu_to_le32(get_current_settings(hdev));
1206
1207 return mgmt_event(MGMT_EV_NEW_SETTINGS, hdev, &ev, sizeof(ev), skip);
1208}
1209
bd99abdd
JH		 1210struct cmd_lookup {
1211 struct sock *sk;
1212 struct hci_dev *hdev;
1213 u8 mgmt_status;
1214};
1215
1216static void settings_rsp(struct pending_cmd *cmd, void *data)
1217{
1218 struct cmd_lookup *match = data;
1219
1220 send_settings_rsp(cmd->sk, cmd->opcode, match->hdev);
1221
1222 list_del(&cmd->list);
1223
1224 if (match->sk == NULL) {
1225 match->sk = cmd->sk;
1226 sock_hold(match->sk);
1227 }
1228
1229 mgmt_pending_free(cmd);
1230}
1231
1232static void cmd_status_rsp(struct pending_cmd *cmd, void *data)
1233{
1234 u8 *status = data;
1235
1236 cmd_status(cmd->sk, cmd->index, cmd->opcode, *status);
1237 mgmt_pending_remove(cmd);
1238}
1239
e6fe7986
JH		 1240static u8 mgmt_bredr_support(struct hci_dev *hdev)
1241{
1242 if (!lmp_bredr_capable(hdev))
1243 return MGMT_STATUS_NOT_SUPPORTED;
1244 else if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
1245 return MGMT_STATUS_REJECTED;
1246 else
1247 return MGMT_STATUS_SUCCESS;
1248}
1249
1250static u8 mgmt_le_support(struct hci_dev *hdev)
1251{
1252 if (!lmp_le_capable(hdev))
1253 return MGMT_STATUS_NOT_SUPPORTED;
1254 else if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
1255 return MGMT_STATUS_REJECTED;
1256 else
1257 return MGMT_STATUS_SUCCESS;
1258}
1259
bfaf8c9f
JH		 1260static void set_discoverable_complete(struct hci_dev *hdev, u8 status)
1261{
1262 struct pending_cmd *cmd;
1263 struct mgmt_mode *cp;
970ba524 1264 struct hci_request req;
bfaf8c9f
JH		 1265 bool changed;
1266
1267 BT_DBG("status 0x%02x", status);
1268
1269 hci_dev_lock(hdev);
1270
1271 cmd = mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev);
1272 if (!cmd)
1273 goto unlock;
1274
1275 if (status) {
1276 u8 mgmt_err = mgmt_status(status);
1277 cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
310a3d48 1278 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
bfaf8c9f
JH		 1279 goto remove_cmd;
1280 }
1281
1282 cp = cmd->param;
d4462a07 1283 if (cp->val) {
bfaf8c9f
JH		 1284 changed = !test_and_set_bit(HCI_DISCOVERABLE,
1285 &hdev->dev_flags);
d4462a07
MH		 1286
1287 if (hdev->discov_timeout > 0) {
1288 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
1289 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
1290 to);
1291 }
1292 } else {
bfaf8c9f
JH		 1293 changed = test_and_clear_bit(HCI_DISCOVERABLE,
1294 &hdev->dev_flags);
d4462a07 1295 }
bfaf8c9f
JH		 1296
1297 send_settings_rsp(cmd->sk, MGMT_OP_SET_DISCOVERABLE, hdev);
1298
1299 if (changed)
1300 new_settings(hdev, cmd->sk);
1301
970ba524
MH		 1302 /* When the discoverable mode gets changed, make sure
1303 * that class of device has the limited discoverable
1304 * bit correctly set.
1305 */
1306 hci_req_init(&req, hdev);
1307 update_class(&req);
1308 hci_req_run(&req, NULL);
1309
bfaf8c9f
JH		 1310remove_cmd:
1311 mgmt_pending_remove(cmd);
1312
1313unlock:
1314 hci_dev_unlock(hdev);
1315}
1316
bdb6d971 1317static int set_discoverable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1318 u16 len)
73f22f62 1319{
650f726d 1320 struct mgmt_cp_set_discoverable *cp = data;
366a0336 1321 struct pending_cmd *cmd;
bfaf8c9f 1322 struct hci_request req;
5e5282bb 1323 u16 timeout;
9a43e25f 1324 u8 scan;
73f22f62
JH		 1325 int err;
1326
bdb6d971 1327 BT_DBG("request for %s", hdev->name);
73f22f62 1328
9a43e25f
JH		 1329 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags) &&
1330 !test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
33c525c0 1331 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
9a43e25f 1332 MGMT_STATUS_REJECTED);
33c525c0 1333
310a3d48 1334 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
a7e80f25
JH		 1335 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1336 MGMT_STATUS_INVALID_PARAMS);
1337
1f350c87 1338 timeout = __le16_to_cpu(cp->timeout);
310a3d48
MH		 1339
1340 /* Disabling discoverable requires that no timeout is set,
1341 * and enabling limited discoverable requires a timeout.
1342 */
1343 if ((cp->val == 0x00 && timeout > 0) ||
1344 (cp->val == 0x02 && timeout == 0))
bdb6d971 1345 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 1346 MGMT_STATUS_INVALID_PARAMS);
73f22f62 1347
09fd0de5 1348 hci_dev_lock(hdev);
73f22f62 1349
5e5282bb 1350 if (!hdev_is_powered(hdev) && timeout > 0) {
bdb6d971 1351 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 1352 MGMT_STATUS_NOT_POWERED);
73f22f62
JH		 1353 goto failed;
1354 }
1355
2e58ef3e 1356 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
8ce8e2b5 1357 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
bdb6d971 1358 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 1359 MGMT_STATUS_BUSY);
73f22f62
JH		 1360 goto failed;
1361 }
1362
5e5282bb 1363 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags)) {
bdb6d971 1364 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 1365 MGMT_STATUS_REJECTED);
5e5282bb
JH		 1366 goto failed;
1367 }
1368
1369 if (!hdev_is_powered(hdev)) {
0224d2fa
JH		 1370 bool changed = false;
1371
310a3d48
MH		 1372 /* Setting limited discoverable when powered off is
1373 * not a valid operation since it requires a timeout
1374 * and so no need to check HCI_LIMITED_DISCOVERABLE.
1375 */
0224d2fa
JH		 1376 if (!!cp->val != test_bit(HCI_DISCOVERABLE, &hdev->dev_flags)) {
1377 change_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
1378 changed = true;
1379 }
1380
5e5282bb 1381 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
0224d2fa
JH		 1382 if (err < 0)
1383 goto failed;
1384
1385 if (changed)
1386 err = new_settings(hdev, sk);
1387
5e5282bb
JH		 1388 goto failed;
1389 }
1390
310a3d48
MH		 1391 /* If the current mode is the same, then just update the timeout
1392 * value with the new value. And if only the timeout gets updated,
1393 * then no need for any HCI transactions.
1394 */
1395 if (!!cp->val == test_bit(HCI_DISCOVERABLE, &hdev->dev_flags) &&
1396 (cp->val == 0x02) == test_bit(HCI_LIMITED_DISCOVERABLE,
1397 &hdev->dev_flags)) {
36261547
MH		 1398 cancel_delayed_work(&hdev->discov_off);
1399 hdev->discov_timeout = timeout;
955638ec 1400
36261547
MH		 1401 if (cp->val && hdev->discov_timeout > 0) {
1402 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
955638ec 1403 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
36261547 1404 to);
955638ec
MH		 1405 }
1406
69ab39ea 1407 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
73f22f62
JH		 1408 goto failed;
1409 }
1410
2e58ef3e 1411 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DISCOVERABLE, hdev, data, len);
366a0336
JH		 1412 if (!cmd) {
1413 err = -ENOMEM;
73f22f62 1414 goto failed;
366a0336 1415 }
73f22f62 1416
310a3d48
MH		 1417 /* Cancel any potential discoverable timeout that might be
1418 * still active and store new timeout value. The arming of
1419 * the timeout happens in the complete handler.
1420 */
1421 cancel_delayed_work(&hdev->discov_off);
1422 hdev->discov_timeout = timeout;
1423
b456f87c
JH		 1424 /* Limited discoverable mode */
1425 if (cp->val == 0x02)
1426 set_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
1427 else
1428 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
1429
bfaf8c9f
JH		 1430 hci_req_init(&req, hdev);
1431
9a43e25f
JH		 1432 /* The procedure for LE-only controllers is much simpler - just
1433 * update the advertising data.
1434 */
1435 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
1436 goto update_ad;
1437
73f22f62
JH		 1438 scan = SCAN_PAGE;
1439
310a3d48
MH		 1440 if (cp->val) {
1441 struct hci_cp_write_current_iac_lap hci_cp;
1442
1443 if (cp->val == 0x02) {
1444 /* Limited discoverable mode */
33337dcb 1445 hci_cp.num_iac = min_t(u8, hdev->num_iac, 2);
310a3d48
MH		 1446 hci_cp.iac_lap[0] = 0x00; /* LIAC */
1447 hci_cp.iac_lap[1] = 0x8b;
1448 hci_cp.iac_lap[2] = 0x9e;
1449 hci_cp.iac_lap[3] = 0x33; /* GIAC */
1450 hci_cp.iac_lap[4] = 0x8b;
1451 hci_cp.iac_lap[5] = 0x9e;
1452 } else {
1453 /* General discoverable mode */
310a3d48
MH		 1454 hci_cp.num_iac = 1;
1455 hci_cp.iac_lap[0] = 0x33; /* GIAC */
1456 hci_cp.iac_lap[1] = 0x8b;
1457 hci_cp.iac_lap[2] = 0x9e;
1458 }
1459
1460 hci_req_add(&req, HCI_OP_WRITE_CURRENT_IAC_LAP,
1461 (hci_cp.num_iac * 3) + 1, &hci_cp);
1462
73f22f62 1463 scan |= SCAN_INQUIRY;
310a3d48
MH		 1464 } else {
1465 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
1466 }
73f22f62 1467
310a3d48 1468 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, sizeof(scan), &scan);
bfaf8c9f 1469
9a43e25f
JH		 1470update_ad:
1471 update_adv_data(&req);
1472
bfaf8c9f 1473 err = hci_req_run(&req, set_discoverable_complete);
73f22f62 1474 if (err < 0)
a664b5bc 1475 mgmt_pending_remove(cmd);
73f22f62
JH		 1476
1477failed:
09fd0de5 1478 hci_dev_unlock(hdev);
73f22f62
JH		 1479 return err;
1480}
1481
406d7804
JH		 1482static void write_fast_connectable(struct hci_request *req, bool enable)
1483{
bd98b996 1484 struct hci_dev *hdev = req->hdev;
406d7804
JH		 1485 struct hci_cp_write_page_scan_activity acp;
1486 u8 type;
1487
547003b1
JH		 1488 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
1489 return;
1490
4c01f8b8
JH		 1491 if (hdev->hci_ver < BLUETOOTH_VER_1_2)
1492 return;
1493
406d7804
JH		 1494 if (enable) {
1495 type = PAGE_SCAN_TYPE_INTERLACED;
1496
1497 /* 160 msec page scan interval */
dcf4adbf 1498 acp.interval = cpu_to_le16(0x0100);
406d7804
JH		 1499 } else {
1500 type = PAGE_SCAN_TYPE_STANDARD; /* default */
1501
1502 /* default 1.28 sec page scan */
dcf4adbf 1503 acp.interval = cpu_to_le16(0x0800);
406d7804
JH		 1504 }
1505
dcf4adbf 1506 acp.window = cpu_to_le16(0x0012);
406d7804 1507
bd98b996
JH		 1508 if (__cpu_to_le16(hdev->page_scan_interval) != acp.interval ||
1509 __cpu_to_le16(hdev->page_scan_window) != acp.window)
1510 hci_req_add(req, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY,
1511 sizeof(acp), &acp);
1512
1513 if (hdev->page_scan_type != type)
1514 hci_req_add(req, HCI_OP_WRITE_PAGE_SCAN_TYPE, 1, &type);
406d7804
JH		 1515}
1516
2b76f453
JH		 1517static void set_connectable_complete(struct hci_dev *hdev, u8 status)
1518{
1519 struct pending_cmd *cmd;
d7b856f9
JH		 1520 struct mgmt_mode *cp;
1521 bool changed;
2b76f453
JH		 1522
1523 BT_DBG("status 0x%02x", status);
1524
1525 hci_dev_lock(hdev);
1526
1527 cmd = mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
1528 if (!cmd)
1529 goto unlock;
1530
37438c1f
JH		 1531 if (status) {
1532 u8 mgmt_err = mgmt_status(status);
1533 cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
1534 goto remove_cmd;
1535 }
1536
d7b856f9
JH		 1537 cp = cmd->param;
1538 if (cp->val)
1539 changed = !test_and_set_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1540 else
1541 changed = test_and_clear_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1542
2b76f453
JH		 1543 send_settings_rsp(cmd->sk, MGMT_OP_SET_CONNECTABLE, hdev);
1544
d7b856f9
JH		 1545 if (changed)
1546 new_settings(hdev, cmd->sk);
1547
37438c1f 1548remove_cmd:
2b76f453
JH		 1549 mgmt_pending_remove(cmd);
1550
1551unlock:
1552 hci_dev_unlock(hdev);
1553}
1554
e8ba3a1f
JH		 1555static int set_connectable_update_settings(struct hci_dev *hdev,
1556 struct sock *sk, u8 val)
1557{
1558 bool changed = false;
1559 int err;
1560
1561 if (!!val != test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
1562 changed = true;
1563
1564 if (val) {
1565 set_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1566 } else {
1567 clear_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1568 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
1569 }
1570
1571 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
1572 if (err < 0)
1573 return err;
1574
1575 if (changed)
1576 return new_settings(hdev, sk);
1577
1578 return 0;
1579}
1580
bdb6d971 1581static int set_connectable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1582 u16 len)
9fbcbb45 1583{
650f726d 1584 struct mgmt_mode *cp = data;
366a0336 1585 struct pending_cmd *cmd;
2b76f453 1586 struct hci_request req;
1987fdc7 1587 u8 scan;
9fbcbb45
JH		 1588 int err;
1589
bdb6d971 1590 BT_DBG("request for %s", hdev->name);
9fbcbb45 1591
1987fdc7
JH		 1592 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags) &&
1593 !test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
33c525c0 1594 return cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1987fdc7 1595 MGMT_STATUS_REJECTED);
33c525c0 1596
a7e80f25
JH		 1597 if (cp->val != 0x00 && cp->val != 0x01)
1598 return cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1599 MGMT_STATUS_INVALID_PARAMS);
1600
09fd0de5 1601 hci_dev_lock(hdev);
9fbcbb45 1602
4b34ee78 1603 if (!hdev_is_powered(hdev)) {
e8ba3a1f 1604 err = set_connectable_update_settings(hdev, sk, cp->val);
9fbcbb45
JH		 1605 goto failed;
1606 }
1607
2e58ef3e 1608 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
8ce8e2b5 1609 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
bdb6d971 1610 err = cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
04124681 1611 MGMT_STATUS_BUSY);
9fbcbb45
JH		 1612 goto failed;
1613 }
1614
2e58ef3e 1615 cmd = mgmt_pending_add(sk, MGMT_OP_SET_CONNECTABLE, hdev, data, len);
366a0336
JH		 1616 if (!cmd) {
1617 err = -ENOMEM;
9fbcbb45 1618 goto failed;
366a0336 1619 }
9fbcbb45 1620
9b74246f 1621 hci_req_init(&req, hdev);
9fbcbb45 1622
9a43e25f
JH		 1623 /* If BR/EDR is not enabled and we disable advertising as a
1624 * by-product of disabling connectable, we need to update the
1625 * advertising flags.
1626 */
1627 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
1628 if (!cp->val) {
1629 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
1630 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
1631 }
1632 update_adv_data(&req);
1633 } else if (cp->val != test_bit(HCI_PSCAN, &hdev->flags)) {
9b74246f
JH		 1634 if (cp->val) {
1635 scan = SCAN_PAGE;
1636 } else {
1637 scan = 0;
1638
1639 if (test_bit(HCI_ISCAN, &hdev->flags) &&
8d6083fe 1640 hdev->discov_timeout > 0)
9b74246f
JH		 1641 cancel_delayed_work(&hdev->discov_off);
1642 }
2b76f453 1643
9b74246f
JH		 1644 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1645 }
2b76f453 1646
4c01f8b8
JH		 1647 /* If we're going from non-connectable to connectable or
1648 * vice-versa when fast connectable is enabled ensure that fast
1649 * connectable gets disabled. write_fast_connectable won't do
1650 * anything if the page scan parameters are already what they
1651 * should be.
1652 */
1653 if (cp->val || test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags))
e36a3769
JH		 1654 write_fast_connectable(&req, false);
1655
1987fdc7
JH		 1656 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags) &&
1657 hci_conn_num(hdev, LE_LINK) == 0) {
1658 disable_advertising(&req);
1659 enable_advertising(&req);
1660 }
1661
2b76f453 1662 err = hci_req_run(&req, set_connectable_complete);
9b74246f 1663 if (err < 0) {
a664b5bc 1664 mgmt_pending_remove(cmd);
9b74246f 1665 if (err == -ENODATA)
a81070ba
JH		 1666 err = set_connectable_update_settings(hdev, sk,
1667 cp->val);
9b74246f
JH		 1668 goto failed;
1669 }
9fbcbb45
JH		 1670
1671failed:
09fd0de5 1672 hci_dev_unlock(hdev);
9fbcbb45
JH		 1673 return err;
1674}
1675
bdb6d971 1676static int set_pairable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1677 u16 len)
c542a06c 1678{
650f726d 1679 struct mgmt_mode *cp = data;
55594356 1680 bool changed;
c542a06c
JH		 1681 int err;
1682
bdb6d971 1683 BT_DBG("request for %s", hdev->name);
c542a06c 1684
a7e80f25
JH		 1685 if (cp->val != 0x00 && cp->val != 0x01)
1686 return cmd_status(sk, hdev->id, MGMT_OP_SET_PAIRABLE,
1687 MGMT_STATUS_INVALID_PARAMS);
1688
09fd0de5 1689 hci_dev_lock(hdev);
c542a06c
JH		 1690
1691 if (cp->val)
55594356 1692 changed = !test_and_set_bit(HCI_PAIRABLE, &hdev->dev_flags);
c542a06c 1693 else
55594356 1694 changed = test_and_clear_bit(HCI_PAIRABLE, &hdev->dev_flags);
c542a06c 1695
69ab39ea 1696 err = send_settings_rsp(sk, MGMT_OP_SET_PAIRABLE, hdev);
c542a06c 1697 if (err < 0)
55594356 1698 goto unlock;
c542a06c 1699
55594356
MH		 1700 if (changed)
1701 err = new_settings(hdev, sk);
c542a06c 1702
55594356 1703unlock:
09fd0de5 1704 hci_dev_unlock(hdev);
c542a06c
JH		 1705 return err;
1706}
1707
04124681
GP		 1708static int set_link_security(struct sock *sk, struct hci_dev *hdev, void *data,
1709 u16 len)
33ef95ed
JH		 1710{
1711 struct mgmt_mode *cp = data;
1712 struct pending_cmd *cmd;
e6fe7986 1713 u8 val, status;
33ef95ed
JH		 1714 int err;
1715
bdb6d971 1716 BT_DBG("request for %s", hdev->name);
33ef95ed 1717
e6fe7986
JH		 1718 status = mgmt_bredr_support(hdev);
1719 if (status)
33c525c0 1720 return cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
e6fe7986 1721 status);
33c525c0 1722
a7e80f25
JH		 1723 if (cp->val != 0x00 && cp->val != 0x01)
1724 return cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1725 MGMT_STATUS_INVALID_PARAMS);
1726
33ef95ed
JH		 1727 hci_dev_lock(hdev);
1728
4b34ee78 1729 if (!hdev_is_powered(hdev)) {
47990ea0
JH		 1730 bool changed = false;
1731
1732 if (!!cp->val != test_bit(HCI_LINK_SECURITY,
8ce8e2b5 1733 &hdev->dev_flags)) {
47990ea0
JH		 1734 change_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
1735 changed = true;
1736 }
1737
1738 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1739 if (err < 0)
1740 goto failed;
1741
1742 if (changed)
1743 err = new_settings(hdev, sk);
1744
33ef95ed
JH		 1745 goto failed;
1746 }
1747
1748 if (mgmt_pending_find(MGMT_OP_SET_LINK_SECURITY, hdev)) {
bdb6d971 1749 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
04124681 1750 MGMT_STATUS_BUSY);
33ef95ed
JH		 1751 goto failed;
1752 }
1753
1754 val = !!cp->val;
1755
1756 if (test_bit(HCI_AUTH, &hdev->flags) == val) {
1757 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1758 goto failed;
1759 }
1760
1761 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LINK_SECURITY, hdev, data, len);
1762 if (!cmd) {
1763 err = -ENOMEM;
1764 goto failed;
1765 }
1766
1767 err = hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE, sizeof(val), &val);
1768 if (err < 0) {
1769 mgmt_pending_remove(cmd);
1770 goto failed;
1771 }
1772
1773failed:
1774 hci_dev_unlock(hdev);
33ef95ed
JH		 1775 return err;
1776}
1777
bdb6d971 1778static int set_ssp(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
ed2c4ee3
JH		 1779{
1780 struct mgmt_mode *cp = data;
1781 struct pending_cmd *cmd;
72ef0c1a 1782 u8 status;
ed2c4ee3
JH		 1783 int err;
1784
bdb6d971 1785 BT_DBG("request for %s", hdev->name);
ed2c4ee3 1786
cdba5281
MH		 1787 status = mgmt_bredr_support(hdev);
1788 if (status)
1789 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP, status);
1790
13ecd8b6
JH		 1791 if (!lmp_ssp_capable(hdev))
1792 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1793 MGMT_STATUS_NOT_SUPPORTED);
ed2c4ee3 1794
a7e80f25
JH		 1795 if (cp->val != 0x00 && cp->val != 0x01)
1796 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1797 MGMT_STATUS_INVALID_PARAMS);
1798
13ecd8b6 1799 hci_dev_lock(hdev);
6c8f12c1 1800
4b34ee78 1801 if (!hdev_is_powered(hdev)) {
9ecb3e24 1802 bool changed;
c0ecddc2 1803
9ecb3e24
MH		 1804 if (cp->val) {
1805 changed = !test_and_set_bit(HCI_SSP_ENABLED,
1806 &hdev->dev_flags);
1807 } else {
1808 changed = test_and_clear_bit(HCI_SSP_ENABLED,
1809 &hdev->dev_flags);
1810 if (!changed)
1811 changed = test_and_clear_bit(HCI_HS_ENABLED,
1812 &hdev->dev_flags);
1813 else
1814 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
c0ecddc2
JH		 1815 }
1816
1817 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1818 if (err < 0)
1819 goto failed;
1820
1821 if (changed)
1822 err = new_settings(hdev, sk);
1823
ed2c4ee3
JH		 1824 goto failed;
1825 }
1826
9ecb3e24
MH		 1827 if (mgmt_pending_find(MGMT_OP_SET_SSP, hdev) ||
1828 mgmt_pending_find(MGMT_OP_SET_HS, hdev)) {
d97dcb66
SJ		 1829 err = cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1830 MGMT_STATUS_BUSY);
ed2c4ee3
JH		 1831 goto failed;
1832 }
1833
72ef0c1a 1834 if (!!cp->val == test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) {
ed2c4ee3
JH		 1835 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1836 goto failed;
1837 }
1838
1839 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SSP, hdev, data, len);
1840 if (!cmd) {
1841 err = -ENOMEM;
1842 goto failed;
1843 }
1844
72ef0c1a 1845 err = hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, 1, &cp->val);
ed2c4ee3
JH		 1846 if (err < 0) {
1847 mgmt_pending_remove(cmd);
1848 goto failed;
1849 }
1850
1851failed:
1852 hci_dev_unlock(hdev);
ed2c4ee3
JH		 1853 return err;
1854}
1855
bdb6d971 1856static int set_hs(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
6d80dfd0
JH		 1857{
1858 struct mgmt_mode *cp = data;
ee392693 1859 bool changed;
e6fe7986 1860 u8 status;
ee392693 1861 int err;
6d80dfd0 1862
bdb6d971 1863 BT_DBG("request for %s", hdev->name);
6d80dfd0 1864
e6fe7986
JH		 1865 status = mgmt_bredr_support(hdev);
1866 if (status)
1867 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS, status);
6d80dfd0 1868
9ecb3e24
MH		 1869 if (!lmp_ssp_capable(hdev))
1870 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1871 MGMT_STATUS_NOT_SUPPORTED);
1872
1873 if (!test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
1874 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1875 MGMT_STATUS_REJECTED);
1876
a7e80f25
JH		 1877 if (cp->val != 0x00 && cp->val != 0x01)
1878 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1879 MGMT_STATUS_INVALID_PARAMS);
1880
ee392693
MH		 1881 hci_dev_lock(hdev);
1882
a0cdf960 1883 if (cp->val) {
ee392693 1884 changed = !test_and_set_bit(HCI_HS_ENABLED, &hdev->dev_flags);
a0cdf960
MH		 1885 } else {
1886 if (hdev_is_powered(hdev)) {
1887 err = cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1888 MGMT_STATUS_REJECTED);
1889 goto unlock;
1890 }
1891
ee392693 1892 changed = test_and_clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
a0cdf960 1893 }
ee392693
MH		 1894
1895 err = send_settings_rsp(sk, MGMT_OP_SET_HS, hdev);
1896 if (err < 0)
1897 goto unlock;
1898
1899 if (changed)
1900 err = new_settings(hdev, sk);
6d80dfd0 1901
ee392693
MH		 1902unlock:
1903 hci_dev_unlock(hdev);
1904 return err;
6d80dfd0
JH		 1905}
1906
416a4ae5
JH		 1907static void le_enable_complete(struct hci_dev *hdev, u8 status)
1908{
1909 struct cmd_lookup match = { NULL, hdev };
1910
1911 if (status) {
1912 u8 mgmt_err = mgmt_status(status);
1913
1914 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, cmd_status_rsp,
1915 &mgmt_err);
1916 return;
1917 }
1918
1919 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, settings_rsp, &match);
1920
1921 new_settings(hdev, match.sk);
1922
1923 if (match.sk)
1924 sock_put(match.sk);
441ad2d0
MH		 1925
1926 /* Make sure the controller has a good default for
1927 * advertising data. Restrict the update to when LE
1928 * has actually been enabled. During power on, the
1929 * update in powered_update_hci will take care of it.
1930 */
1931 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
1932 struct hci_request req;
1933
1934 hci_dev_lock(hdev);
1935
1936 hci_req_init(&req, hdev);
5947f4bc 1937 update_adv_data(&req);
f14d8f64 1938 update_scan_rsp_data(&req);
441ad2d0
MH		 1939 hci_req_run(&req, NULL);
1940
1941 hci_dev_unlock(hdev);
1942 }
416a4ae5
JH		 1943}
1944
bdb6d971 1945static int set_le(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
06199cf8
JH		 1946{
1947 struct mgmt_mode *cp = data;
1948 struct hci_cp_write_le_host_supported hci_cp;
1949 struct pending_cmd *cmd;
416a4ae5 1950 struct hci_request req;
06199cf8 1951 int err;
0b60eba1 1952 u8 val, enabled;
06199cf8 1953
bdb6d971 1954 BT_DBG("request for %s", hdev->name);
06199cf8 1955
13ecd8b6
JH		 1956 if (!lmp_le_capable(hdev))
1957 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1958 MGMT_STATUS_NOT_SUPPORTED);
1de028ce 1959
a7e80f25
JH		 1960 if (cp->val != 0x00 && cp->val != 0x01)
1961 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1962 MGMT_STATUS_INVALID_PARAMS);
1963
c73eee91 1964 /* LE-only devices do not allow toggling LE on/off */
56f87901 1965 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
c73eee91
JH		 1966 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1967 MGMT_STATUS_REJECTED);
1968
13ecd8b6 1969 hci_dev_lock(hdev);
06199cf8
JH		 1970
1971 val = !!cp->val;
ffa88e02 1972 enabled = lmp_host_le_capable(hdev);
06199cf8 1973
0b60eba1 1974 if (!hdev_is_powered(hdev) || val == enabled) {
06199cf8
JH		 1975 bool changed = false;
1976
1977 if (val != test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
1978 change_bit(HCI_LE_ENABLED, &hdev->dev_flags);
1979 changed = true;
1980 }
1981
f3d3444a
JH		 1982 if (!val && test_bit(HCI_ADVERTISING, &hdev->dev_flags)) {
1983 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
eeca6f89
JH		 1984 changed = true;
1985 }
1986
06199cf8
JH		 1987 err = send_settings_rsp(sk, MGMT_OP_SET_LE, hdev);
1988 if (err < 0)
1de028ce 1989 goto unlock;
06199cf8
JH		 1990
1991 if (changed)
1992 err = new_settings(hdev, sk);
1993
1de028ce 1994 goto unlock;
06199cf8
JH		 1995 }
1996
4375f103
JH		 1997 if (mgmt_pending_find(MGMT_OP_SET_LE, hdev) ||
1998 mgmt_pending_find(MGMT_OP_SET_ADVERTISING, hdev)) {
bdb6d971 1999 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
04124681 2000 MGMT_STATUS_BUSY);
1de028ce 2001 goto unlock;
06199cf8
JH		 2002 }
2003
2004 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LE, hdev, data, len);
2005 if (!cmd) {
2006 err = -ENOMEM;
1de028ce 2007 goto unlock;
06199cf8
JH		 2008 }
2009
441ad2d0
MH		 2010 hci_req_init(&req, hdev);
2011
06199cf8
JH		 2012 memset(&hci_cp, 0, sizeof(hci_cp));
2013
2014 if (val) {
2015 hci_cp.le = val;
ffa88e02 2016 hci_cp.simul = lmp_le_br_capable(hdev);
441ad2d0
MH		 2017 } else {
2018 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags))
2019 disable_advertising(&req);
06199cf8
JH		 2020 }
2021
416a4ae5
JH		 2022 hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(hci_cp),
2023 &hci_cp);
2024
2025 err = hci_req_run(&req, le_enable_complete);
0c01bc48 2026 if (err < 0)
06199cf8 2027 mgmt_pending_remove(cmd);
06199cf8 2028
1de028ce
JH		 2029unlock:
2030 hci_dev_unlock(hdev);
06199cf8
JH		 2031 return err;
2032}
2033
0cab9c80
JH		 2034/* This is a helper function to test for pending mgmt commands that can
2035 * cause CoD or EIR HCI commands. We can only allow one such pending
2036 * mgmt command at a time since otherwise we cannot easily track what
2037 * the current values are, will be, and based on that calculate if a new
2038 * HCI command needs to be sent and if yes with what value.
2039 */
2040static bool pending_eir_or_class(struct hci_dev *hdev)
2041{
2042 struct pending_cmd *cmd;
2043
2044 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
2045 switch (cmd->opcode) {
2046 case MGMT_OP_ADD_UUID:
2047 case MGMT_OP_REMOVE_UUID:
2048 case MGMT_OP_SET_DEV_CLASS:
2049 case MGMT_OP_SET_POWERED:
2050 return true;
2051 }
2052 }
2053
2054 return false;
2055}
2056
83be8eca
JH		 2057static const u8 bluetooth_base_uuid[] = {
2058 0xfb, 0x34, 0x9b, 0x5f, 0x80, 0x00, 0x00, 0x80,
2059 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2060};
2061
2062static u8 get_uuid_size(const u8 *uuid)
2063{
2064 u32 val;
2065
2066 if (memcmp(uuid, bluetooth_base_uuid, 12))
2067 return 128;
2068
2069 val = get_unaligned_le32(&uuid[12]);
2070 if (val > 0xffff)
2071 return 32;
2072
2073 return 16;
2074}
2075
92da6097
JH		 2076static void mgmt_class_complete(struct hci_dev *hdev, u16 mgmt_op, u8 status)
2077{
2078 struct pending_cmd *cmd;
2079
2080 hci_dev_lock(hdev);
2081
2082 cmd = mgmt_pending_find(mgmt_op, hdev);
2083 if (!cmd)
2084 goto unlock;
2085
2086 cmd_complete(cmd->sk, cmd->index, cmd->opcode, mgmt_status(status),
2087 hdev->dev_class, 3);
2088
2089 mgmt_pending_remove(cmd);
2090
2091unlock:
2092 hci_dev_unlock(hdev);
2093}
2094
2095static void add_uuid_complete(struct hci_dev *hdev, u8 status)
2096{
2097 BT_DBG("status 0x%02x", status);
2098
2099 mgmt_class_complete(hdev, MGMT_OP_ADD_UUID, status);
2100}
2101
bdb6d971 2102static int add_uuid(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
2aeb9a1a 2103{
650f726d 2104 struct mgmt_cp_add_uuid *cp = data;
90e70454 2105 struct pending_cmd *cmd;
890ea898 2106 struct hci_request req;
2aeb9a1a 2107 struct bt_uuid *uuid;
2aeb9a1a
JH		 2108 int err;
2109
bdb6d971 2110 BT_DBG("request for %s", hdev->name);
2aeb9a1a 2111
09fd0de5 2112 hci_dev_lock(hdev);
2aeb9a1a 2113
0cab9c80 2114 if (pending_eir_or_class(hdev)) {
bdb6d971 2115 err = cmd_status(sk, hdev->id, MGMT_OP_ADD_UUID,
04124681 2116 MGMT_STATUS_BUSY);
c95f0ba7
JH		 2117 goto failed;
2118 }
2119
92c4c204 2120 uuid = kmalloc(sizeof(*uuid), GFP_KERNEL);
2aeb9a1a
JH		 2121 if (!uuid) {
2122 err = -ENOMEM;
2123 goto failed;
2124 }
2125
2126 memcpy(uuid->uuid, cp->uuid, 16);
1aff6f09 2127 uuid->svc_hint = cp->svc_hint;
83be8eca 2128 uuid->size = get_uuid_size(cp->uuid);
2aeb9a1a 2129
de66aa63 2130 list_add_tail(&uuid->list, &hdev->uuids);
2aeb9a1a 2131
890ea898 2132 hci_req_init(&req, hdev);
1aff6f09 2133
890ea898
JH		 2134 update_class(&req);
2135 update_eir(&req);
2136
92da6097
JH		 2137 err = hci_req_run(&req, add_uuid_complete);
2138 if (err < 0) {
2139 if (err != -ENODATA)
2140 goto failed;
80a1e1db 2141
bdb6d971 2142 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_UUID, 0,
04124681 2143 hdev->dev_class, 3);
90e70454
JH		 2144 goto failed;
2145 }
2146
2147 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_UUID, hdev, data, len);
890ea898 2148 if (!cmd) {
90e70454 2149 err = -ENOMEM;
890ea898
JH		 2150 goto failed;
2151 }
2152
2153 err = 0;
2aeb9a1a
JH		 2154
2155failed:
09fd0de5 2156 hci_dev_unlock(hdev);
2aeb9a1a
JH		 2157 return err;
2158}
2159
24b78d0f
JH		 2160static bool enable_service_cache(struct hci_dev *hdev)
2161{
2162 if (!hdev_is_powered(hdev))
2163 return false;
2164
2165 if (!test_and_set_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
46818ed5
JH		 2166 queue_delayed_work(hdev->workqueue, &hdev->service_cache,
2167 CACHE_TIMEOUT);
24b78d0f
JH		 2168 return true;
2169 }
2170
2171 return false;
2172}
2173
92da6097
JH		 2174static void remove_uuid_complete(struct hci_dev *hdev, u8 status)
2175{
2176 BT_DBG("status 0x%02x", status);
2177
2178 mgmt_class_complete(hdev, MGMT_OP_REMOVE_UUID, status);
2179}
2180
bdb6d971 2181static int remove_uuid(struct sock *sk, struct hci_dev *hdev, void *data,
8ce8e2b5 2182 u16 len)
2aeb9a1a 2183{
650f726d 2184 struct mgmt_cp_remove_uuid *cp = data;
90e70454 2185 struct pending_cmd *cmd;
056341c8 2186 struct bt_uuid *match, *tmp;
2aeb9a1a 2187 u8 bt_uuid_any[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
890ea898 2188 struct hci_request req;
2aeb9a1a
JH		 2189 int err, found;
2190
bdb6d971 2191 BT_DBG("request for %s", hdev->name);
2aeb9a1a 2192
09fd0de5 2193 hci_dev_lock(hdev);
2aeb9a1a 2194
0cab9c80 2195 if (pending_eir_or_class(hdev)) {
bdb6d971 2196 err = cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
04124681 2197 MGMT_STATUS_BUSY);
c95f0ba7
JH		 2198 goto unlock;
2199 }
2200
2aeb9a1a 2201 if (memcmp(cp->uuid, bt_uuid_any, 16) == 0) {
35f7498a 2202 hci_uuids_clear(hdev);
4004b6d9 2203
24b78d0f 2204 if (enable_service_cache(hdev)) {
bdb6d971 2205 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID,
04124681 2206 0, hdev->dev_class, 3);
24b78d0f
JH		 2207 goto unlock;
2208 }
4004b6d9 2209
9246a869 2210 goto update_class;
2aeb9a1a
JH		 2211 }
2212
2213 found = 0;
2214
056341c8 2215 list_for_each_entry_safe(match, tmp, &hdev->uuids, list) {
2aeb9a1a
JH		 2216 if (memcmp(match->uuid, cp->uuid, 16) != 0)
2217 continue;
2218
2219 list_del(&match->list);
482049f7 2220 kfree(match);
2aeb9a1a
JH		 2221 found++;
2222 }
2223
2224 if (found == 0) {
bdb6d971 2225 err = cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
04124681 2226 MGMT_STATUS_INVALID_PARAMS);
2aeb9a1a
JH		 2227 goto unlock;
2228 }
2229
9246a869 2230update_class:
890ea898 2231 hci_req_init(&req, hdev);
1aff6f09 2232
890ea898
JH		 2233 update_class(&req);
2234 update_eir(&req);
2235
92da6097
JH		 2236 err = hci_req_run(&req, remove_uuid_complete);
2237 if (err < 0) {
2238 if (err != -ENODATA)
2239 goto unlock;
80a1e1db 2240
bdb6d971 2241 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID, 0,
04124681 2242 hdev->dev_class, 3);
90e70454
JH		 2243 goto unlock;
2244 }
2245
2246 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_UUID, hdev, data, len);
890ea898 2247 if (!cmd) {
90e70454 2248 err = -ENOMEM;
890ea898
JH		 2249 goto unlock;
2250 }
2251
2252 err = 0;
2aeb9a1a
JH		 2253
2254unlock:
09fd0de5 2255 hci_dev_unlock(hdev);
2aeb9a1a
JH		 2256 return err;
2257}
2258
92da6097
JH		 2259static void set_class_complete(struct hci_dev *hdev, u8 status)
2260{
2261 BT_DBG("status 0x%02x", status);
2262
2263 mgmt_class_complete(hdev, MGMT_OP_SET_DEV_CLASS, status);
2264}
2265
bdb6d971 2266static int set_dev_class(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2267 u16 len)
1aff6f09 2268{
650f726d 2269 struct mgmt_cp_set_dev_class *cp = data;
90e70454 2270 struct pending_cmd *cmd;
890ea898 2271 struct hci_request req;
1aff6f09
JH		 2272 int err;
2273
bdb6d971 2274 BT_DBG("request for %s", hdev->name);
1aff6f09 2275
6203fc98 2276 if (!lmp_bredr_capable(hdev))
13ecd8b6
JH		 2277 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2278 MGMT_STATUS_NOT_SUPPORTED);
1aff6f09 2279
0cab9c80 2280 hci_dev_lock(hdev);
ee98f473 2281
0cab9c80
JH		 2282 if (pending_eir_or_class(hdev)) {
2283 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2284 MGMT_STATUS_BUSY);
2285 goto unlock;
2286 }
c95f0ba7 2287
0cab9c80
JH		 2288 if ((cp->minor & 0x03) != 0 || (cp->major & 0xe0) != 0) {
2289 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2290 MGMT_STATUS_INVALID_PARAMS);
2291 goto unlock;
2292 }
575b3a02 2293
932f5ff5
JH		 2294 hdev->major_class = cp->major;
2295 hdev->minor_class = cp->minor;
2296
b5235a65 2297 if (!hdev_is_powered(hdev)) {
bdb6d971 2298 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
04124681 2299 hdev->dev_class, 3);
b5235a65
JH		 2300 goto unlock;
2301 }
2302
890ea898
JH		 2303 hci_req_init(&req, hdev);
2304
a8b2d5c2 2305 if (test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
7d78525d
JH		 2306 hci_dev_unlock(hdev);
2307 cancel_delayed_work_sync(&hdev->service_cache);
2308 hci_dev_lock(hdev);
890ea898 2309 update_eir(&req);
7d78525d 2310 }
14c0b608 2311
890ea898
JH		 2312 update_class(&req);
2313
92da6097
JH		 2314 err = hci_req_run(&req, set_class_complete);
2315 if (err < 0) {
2316 if (err != -ENODATA)
2317 goto unlock;
1aff6f09 2318
bdb6d971 2319 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
04124681 2320 hdev->dev_class, 3);
90e70454
JH		 2321 goto unlock;
2322 }
2323
2324 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DEV_CLASS, hdev, data, len);
890ea898 2325 if (!cmd) {
90e70454 2326 err = -ENOMEM;
890ea898
JH		 2327 goto unlock;
2328 }
2329
2330 err = 0;
1aff6f09 2331
b5235a65 2332unlock:
09fd0de5 2333 hci_dev_unlock(hdev);
1aff6f09
JH		 2334 return err;
2335}
2336
bdb6d971 2337static int load_link_keys(struct sock *sk, struct hci_dev *hdev, void *data,
8ce8e2b5 2338 u16 len)
55ed8ca1 2339{
650f726d 2340 struct mgmt_cp_load_link_keys *cp = data;
4e51eae9 2341 u16 key_count, expected_len;
b1de97d8 2342 bool changed;
a492cd52 2343 int i;
55ed8ca1 2344
9060d5cf
MH		 2345 BT_DBG("request for %s", hdev->name);
2346
2347 if (!lmp_bredr_capable(hdev))
2348 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2349 MGMT_STATUS_NOT_SUPPORTED);
2350
1f350c87 2351 key_count = __le16_to_cpu(cp->key_count);
55ed8ca1 2352
86742e1e
JH		 2353 expected_len = sizeof(*cp) + key_count *
2354 sizeof(struct mgmt_link_key_info);
a492cd52 2355 if (expected_len != len) {
86742e1e 2356 BT_ERR("load_link_keys: expected %u bytes, got %u bytes",
2606ecbc 2357 expected_len, len);
bdb6d971 2358 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
04124681 2359 MGMT_STATUS_INVALID_PARAMS);
55ed8ca1
JH		 2360 }
2361
4ae14301
JH		 2362 if (cp->debug_keys != 0x00 && cp->debug_keys != 0x01)
2363 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2364 MGMT_STATUS_INVALID_PARAMS);
2365
bdb6d971 2366 BT_DBG("%s debug_keys %u key_count %u", hdev->name, cp->debug_keys,
8ce8e2b5 2367 key_count);
55ed8ca1 2368
4ee71b20
JH		 2369 for (i = 0; i < key_count; i++) {
2370 struct mgmt_link_key_info *key = &cp->keys[i];
2371
8e991132 2372 if (key->addr.type != BDADDR_BREDR || key->type > 0x08)
4ee71b20
JH		 2373 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2374 MGMT_STATUS_INVALID_PARAMS);
2375 }
2376
09fd0de5 2377 hci_dev_lock(hdev);
55ed8ca1
JH		 2378
2379 hci_link_keys_clear(hdev);
2380
55ed8ca1 2381 if (cp->debug_keys)
b1de97d8 2382 changed = !test_and_set_bit(HCI_DEBUG_KEYS, &hdev->dev_flags);
55ed8ca1 2383 else
b1de97d8
MH		 2384 changed = test_and_clear_bit(HCI_DEBUG_KEYS, &hdev->dev_flags);
2385
2386 if (changed)
2387 new_settings(hdev, NULL);
55ed8ca1 2388
a492cd52 2389 for (i = 0; i < key_count; i++) {
86742e1e 2390 struct mgmt_link_key_info *key = &cp->keys[i];
55ed8ca1 2391
d753fdc4 2392 hci_add_link_key(hdev, NULL, 0, &key->addr.bdaddr, key->val,
04124681 2393 key->type, key->pin_len);
55ed8ca1
JH		 2394 }
2395
bdb6d971 2396 cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS, 0, NULL, 0);
0e5f875a 2397
09fd0de5 2398 hci_dev_unlock(hdev);
55ed8ca1 2399
a492cd52 2400 return 0;
55ed8ca1
JH		 2401}
2402
b1078ad0 2403static int device_unpaired(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 2404 u8 addr_type, struct sock *skip_sk)
b1078ad0
JH		 2405{
2406 struct mgmt_ev_device_unpaired ev;
2407
2408 bacpy(&ev.addr.bdaddr, bdaddr);
2409 ev.addr.type = addr_type;
2410
2411 return mgmt_event(MGMT_EV_DEVICE_UNPAIRED, hdev, &ev, sizeof(ev),
04124681 2412 skip_sk);
b1078ad0
JH		 2413}
2414
bdb6d971 2415static int unpair_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2416 u16 len)
55ed8ca1 2417{
124f6e35
JH		 2418 struct mgmt_cp_unpair_device *cp = data;
2419 struct mgmt_rp_unpair_device rp;
a8a1d19e
JH		 2420 struct hci_cp_disconnect dc;
2421 struct pending_cmd *cmd;
55ed8ca1 2422 struct hci_conn *conn;
55ed8ca1
JH		 2423 int err;
2424
a8a1d19e 2425 memset(&rp, 0, sizeof(rp));
124f6e35
JH		 2426 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2427 rp.addr.type = cp->addr.type;
a8a1d19e 2428
4ee71b20
JH		 2429 if (!bdaddr_type_is_valid(cp->addr.type))
2430 return cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2431 MGMT_STATUS_INVALID_PARAMS,
2432 &rp, sizeof(rp));
2433
118da70b
JH		 2434 if (cp->disconnect != 0x00 && cp->disconnect != 0x01)
2435 return cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2436 MGMT_STATUS_INVALID_PARAMS,
2437 &rp, sizeof(rp));
2438
4ee71b20
JH		 2439 hci_dev_lock(hdev);
2440
86a8cfc6 2441 if (!hdev_is_powered(hdev)) {
bdb6d971 2442 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
04124681 2443 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
86a8cfc6
JH		 2444 goto unlock;
2445 }
2446
e0b2b27e 2447 if (cp->addr.type == BDADDR_BREDR) {
124f6e35 2448 err = hci_remove_link_key(hdev, &cp->addr.bdaddr);
e0b2b27e
JH		 2449 } else {
2450 u8 addr_type;
2451
2452 if (cp->addr.type == BDADDR_LE_PUBLIC)
2453 addr_type = ADDR_LE_DEV_PUBLIC;
2454 else
2455 addr_type = ADDR_LE_DEV_RANDOM;
2456
a7ec7338
JH		 2457 hci_remove_irk(hdev, &cp->addr.bdaddr, addr_type);
2458
a9b0a04c
AG		 2459 hci_conn_params_del(hdev, &cp->addr.bdaddr, addr_type);
2460
e0b2b27e
JH		 2461 err = hci_remove_ltk(hdev, &cp->addr.bdaddr, addr_type);
2462 }
b0dbfb46 2463
55ed8ca1 2464 if (err < 0) {
bdb6d971 2465 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
04124681 2466 MGMT_STATUS_NOT_PAIRED, &rp, sizeof(rp));
55ed8ca1
JH		 2467 goto unlock;
2468 }
2469
86a8cfc6 2470 if (cp->disconnect) {
591f47f3 2471 if (cp->addr.type == BDADDR_BREDR)
86a8cfc6 2472 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
8ce8e2b5 2473 &cp->addr.bdaddr);
86a8cfc6
JH		 2474 else
2475 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK,
8ce8e2b5 2476 &cp->addr.bdaddr);
86a8cfc6
JH		 2477 } else {
2478 conn = NULL;
2479 }
124f6e35 2480
a8a1d19e 2481 if (!conn) {
bdb6d971 2482 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE, 0,
04124681 2483 &rp, sizeof(rp));
b1078ad0 2484 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, sk);
a8a1d19e
JH		 2485 goto unlock;
2486 }
55ed8ca1 2487
124f6e35 2488 cmd = mgmt_pending_add(sk, MGMT_OP_UNPAIR_DEVICE, hdev, cp,
04124681 2489 sizeof(*cp));
a8a1d19e
JH		 2490 if (!cmd) {
2491 err = -ENOMEM;
2492 goto unlock;
55ed8ca1
JH		 2493 }
2494
eb55ef07 2495 dc.handle = cpu_to_le16(conn->handle);
a8a1d19e
JH		 2496 dc.reason = 0x13; /* Remote User Terminated Connection */
2497 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
2498 if (err < 0)
2499 mgmt_pending_remove(cmd);
2500
55ed8ca1 2501unlock:
09fd0de5 2502 hci_dev_unlock(hdev);
55ed8ca1
JH		 2503 return err;
2504}
2505
bdb6d971 2506static int disconnect(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2507 u16 len)
8962ee74 2508{
650f726d 2509 struct mgmt_cp_disconnect *cp = data;
06a63b19 2510 struct mgmt_rp_disconnect rp;
8962ee74 2511 struct hci_cp_disconnect dc;
366a0336 2512 struct pending_cmd *cmd;
8962ee74 2513 struct hci_conn *conn;
8962ee74
JH		 2514 int err;
2515
2516 BT_DBG("");
2517
06a63b19
JH		 2518 memset(&rp, 0, sizeof(rp));
2519 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2520 rp.addr.type = cp->addr.type;
2521
4ee71b20 2522 if (!bdaddr_type_is_valid(cp->addr.type))
06a63b19
JH		 2523 return cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2524 MGMT_STATUS_INVALID_PARAMS,
2525 &rp, sizeof(rp));
4ee71b20 2526
09fd0de5 2527 hci_dev_lock(hdev);
8962ee74
JH		 2528
2529 if (!test_bit(HCI_UP, &hdev->flags)) {
06a63b19
JH		 2530 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2531 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
8962ee74
JH		 2532 goto failed;
2533 }
2534
2e58ef3e 2535 if (mgmt_pending_find(MGMT_OP_DISCONNECT, hdev)) {
06a63b19
JH		 2536 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2537 MGMT_STATUS_BUSY, &rp, sizeof(rp));
8962ee74
JH		 2538 goto failed;
2539 }
2540
591f47f3 2541 if (cp->addr.type == BDADDR_BREDR)
8fc9ced3
GP		 2542 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
2543 &cp->addr.bdaddr);
88c3df13
JH		 2544 else
2545 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
365227e5 2546
f960727e 2547 if (!conn || conn->state == BT_OPEN || conn->state == BT_CLOSED) {
06a63b19
JH		 2548 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2549 MGMT_STATUS_NOT_CONNECTED, &rp, sizeof(rp));
8962ee74
JH		 2550 goto failed;
2551 }
2552
2e58ef3e 2553 cmd = mgmt_pending_add(sk, MGMT_OP_DISCONNECT, hdev, data, len);
366a0336
JH		 2554 if (!cmd) {
2555 err = -ENOMEM;
8962ee74 2556 goto failed;
366a0336 2557 }
8962ee74 2558
eb55ef07 2559 dc.handle = cpu_to_le16(conn->handle);
3701f944 2560 dc.reason = HCI_ERROR_REMOTE_USER_TERM;
8962ee74
JH		 2561
2562 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
2563 if (err < 0)
a664b5bc 2564 mgmt_pending_remove(cmd);
8962ee74
JH		 2565
2566failed:
09fd0de5 2567 hci_dev_unlock(hdev);
8962ee74
JH		 2568 return err;
2569}
2570
57c1477c 2571static u8 link_to_bdaddr(u8 link_type, u8 addr_type)
4c659c39
JH		 2572{
2573 switch (link_type) {
2574 case LE_LINK:
48264f06
JH		 2575 switch (addr_type) {
2576 case ADDR_LE_DEV_PUBLIC:
591f47f3 2577 return BDADDR_LE_PUBLIC;
0ed09148 2578
48264f06 2579 default:
0ed09148 2580 /* Fallback to LE Random address type */
591f47f3 2581 return BDADDR_LE_RANDOM;
48264f06 2582 }
0ed09148 2583
4c659c39 2584 default:
0ed09148 2585 /* Fallback to BR/EDR type */
591f47f3 2586 return BDADDR_BREDR;
4c659c39
JH		 2587 }
2588}
2589
04124681
GP		 2590static int get_connections(struct sock *sk, struct hci_dev *hdev, void *data,
2591 u16 data_len)
2784eb41 2592{
2784eb41 2593 struct mgmt_rp_get_connections *rp;
8035ded4 2594 struct hci_conn *c;
a38528f1 2595 size_t rp_len;
60fc5fb6
JH		 2596 int err;
2597 u16 i;
2784eb41
JH		 2598
2599 BT_DBG("");
2600
09fd0de5 2601 hci_dev_lock(hdev);
2784eb41 2602
5f97c1df 2603 if (!hdev_is_powered(hdev)) {
bdb6d971 2604 err = cmd_status(sk, hdev->id, MGMT_OP_GET_CONNECTIONS,
04124681 2605 MGMT_STATUS_NOT_POWERED);
5f97c1df
JH		 2606 goto unlock;
2607 }
2608
60fc5fb6 2609 i = 0;
b644ba33
JH		 2610 list_for_each_entry(c, &hdev->conn_hash.list, list) {
2611 if (test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
60fc5fb6 2612 i++;
2784eb41
JH		 2613 }
2614
60fc5fb6 2615 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
92c4c204 2616 rp = kmalloc(rp_len, GFP_KERNEL);
a38528f1 2617 if (!rp) {
2784eb41
JH		 2618 err = -ENOMEM;
2619 goto unlock;
2620 }
2621
2784eb41 2622 i = 0;
4c659c39 2623 list_for_each_entry(c, &hdev->conn_hash.list, list) {
b644ba33
JH		 2624 if (!test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
2625 continue;
4c659c39 2626 bacpy(&rp->addr[i].bdaddr, &c->dst);
57c1477c 2627 rp->addr[i].type = link_to_bdaddr(c->type, c->dst_type);
0ed09148 2628 if (c->type == SCO_LINK || c->type == ESCO_LINK)
4c659c39
JH		 2629 continue;
2630 i++;
2631 }
2632
eb55ef07 2633 rp->conn_count = cpu_to_le16(i);
60fc5fb6 2634
4c659c39
JH		 2635 /* Recalculate length in case of filtered SCO connections, etc */
2636 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
2784eb41 2637
bdb6d971 2638 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CONNECTIONS, 0, rp,
04124681 2639 rp_len);
2784eb41 2640
a38528f1 2641 kfree(rp);
5f97c1df
JH		 2642
2643unlock:
09fd0de5 2644 hci_dev_unlock(hdev);
2784eb41
JH		 2645 return err;
2646}
2647
bdb6d971 2648static int send_pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 2649 struct mgmt_cp_pin_code_neg_reply *cp)
96d97a67
WR		 2650{
2651 struct pending_cmd *cmd;
2652 int err;
2653
2e58ef3e 2654 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_NEG_REPLY, hdev, cp,
04124681 2655 sizeof(*cp));
96d97a67
WR		 2656 if (!cmd)
2657 return -ENOMEM;
2658
d8457698 2659 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
04124681 2660 sizeof(cp->addr.bdaddr), &cp->addr.bdaddr);
96d97a67
WR		 2661 if (err < 0)
2662 mgmt_pending_remove(cmd);
2663
2664 return err;
2665}
2666
bdb6d971 2667static int pin_code_reply(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2668 u16 len)
980e1a53 2669{
96d97a67 2670 struct hci_conn *conn;
650f726d 2671 struct mgmt_cp_pin_code_reply *cp = data;
980e1a53 2672 struct hci_cp_pin_code_reply reply;
366a0336 2673 struct pending_cmd *cmd;
980e1a53
JH		 2674 int err;
2675
2676 BT_DBG("");
2677
09fd0de5 2678 hci_dev_lock(hdev);
980e1a53 2679
4b34ee78 2680 if (!hdev_is_powered(hdev)) {
bdb6d971 2681 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
04124681 2682 MGMT_STATUS_NOT_POWERED);
980e1a53
JH		 2683 goto failed;
2684 }
2685
d8457698 2686 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->addr.bdaddr);
96d97a67 2687 if (!conn) {
bdb6d971 2688 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
04124681 2689 MGMT_STATUS_NOT_CONNECTED);
96d97a67
WR		 2690 goto failed;
2691 }
2692
2693 if (conn->pending_sec_level == BT_SECURITY_HIGH && cp->pin_len != 16) {
d8457698
JH		 2694 struct mgmt_cp_pin_code_neg_reply ncp;
2695
2696 memcpy(&ncp.addr, &cp->addr, sizeof(ncp.addr));
96d97a67
WR		 2697
2698 BT_ERR("PIN code is not 16 bytes long");
2699
bdb6d971 2700 err = send_pin_code_neg_reply(sk, hdev, &ncp);
96d97a67 2701 if (err >= 0)
bdb6d971 2702 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
04124681 2703 MGMT_STATUS_INVALID_PARAMS);
96d97a67
WR		 2704
2705 goto failed;
2706 }
2707
00abfe44 2708 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_REPLY, hdev, data, len);
366a0336
JH		 2709 if (!cmd) {
2710 err = -ENOMEM;
980e1a53 2711 goto failed;
366a0336 2712 }
980e1a53 2713
d8457698 2714 bacpy(&reply.bdaddr, &cp->addr.bdaddr);
980e1a53 2715 reply.pin_len = cp->pin_len;
24718ca5 2716 memcpy(reply.pin_code, cp->pin_code, sizeof(reply.pin_code));
980e1a53
JH		 2717
2718 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_REPLY, sizeof(reply), &reply);
2719 if (err < 0)
a664b5bc 2720 mgmt_pending_remove(cmd);
980e1a53
JH		 2721
2722failed:
09fd0de5 2723 hci_dev_unlock(hdev);
980e1a53
JH		 2724 return err;
2725}
2726
04124681
GP		 2727static int set_io_capability(struct sock *sk, struct hci_dev *hdev, void *data,
2728 u16 len)
17fa4b9d 2729{
650f726d 2730 struct mgmt_cp_set_io_capability *cp = data;
17fa4b9d
JH		 2731
2732 BT_DBG("");
2733
09fd0de5 2734 hci_dev_lock(hdev);
17fa4b9d
JH		 2735
2736 hdev->io_capability = cp->io_capability;
2737
2738 BT_DBG("%s IO capability set to 0x%02x", hdev->name,
8ce8e2b5 2739 hdev->io_capability);
17fa4b9d 2740
09fd0de5 2741 hci_dev_unlock(hdev);
17fa4b9d 2742
04124681
GP		 2743 return cmd_complete(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY, 0, NULL,
2744 0);
17fa4b9d
JH		 2745}
2746
6039aa73 2747static struct pending_cmd *find_pairing(struct hci_conn *conn)
e9a416b5
JH		 2748{
2749 struct hci_dev *hdev = conn->hdev;
8035ded4 2750 struct pending_cmd *cmd;
e9a416b5 2751
2e58ef3e 2752 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
e9a416b5
JH		 2753 if (cmd->opcode != MGMT_OP_PAIR_DEVICE)
2754 continue;
2755
e9a416b5
JH		 2756 if (cmd->user_data != conn)
2757 continue;
2758
2759 return cmd;
2760 }
2761
2762 return NULL;
2763}
2764
2765static void pairing_complete(struct pending_cmd *cmd, u8 status)
2766{
2767 struct mgmt_rp_pair_device rp;
2768 struct hci_conn *conn = cmd->user_data;
2769
61b1a7fb
JH		 2770 bacpy(&rp.addr.bdaddr, &conn->dst);
2771 rp.addr.type = link_to_bdaddr(conn->type, conn->dst_type);
e9a416b5 2772
aee9b218 2773 cmd_complete(cmd->sk, cmd->index, MGMT_OP_PAIR_DEVICE, status,
04124681 2774 &rp, sizeof(rp));
e9a416b5
JH		 2775
2776 /* So we don't get further callbacks for this connection */
2777 conn->connect_cfm_cb = NULL;
2778 conn->security_cfm_cb = NULL;
2779 conn->disconn_cfm_cb = NULL;
2780
76a68ba0 2781 hci_conn_drop(conn);
e9a416b5 2782
a664b5bc 2783 mgmt_pending_remove(cmd);
e9a416b5
JH		 2784}
2785
f4a407be
JH		 2786void mgmt_smp_complete(struct hci_conn *conn, bool complete)
2787{
2788 u8 status = complete ? MGMT_STATUS_SUCCESS : MGMT_STATUS_FAILED;
2789 struct pending_cmd *cmd;
2790
2791 cmd = find_pairing(conn);
2792 if (cmd)
2793 pairing_complete(cmd, status);
2794}
2795
e9a416b5
JH		 2796static void pairing_complete_cb(struct hci_conn *conn, u8 status)
2797{
2798 struct pending_cmd *cmd;
2799
2800 BT_DBG("status %u", status);
2801
2802 cmd = find_pairing(conn);
56e5cb86 2803 if (!cmd)
e9a416b5 2804 BT_DBG("Unable to find a pending command");
56e5cb86 2805 else
e211326c 2806 pairing_complete(cmd, mgmt_status(status));
e9a416b5
JH		 2807}
2808
f4a407be 2809static void le_pairing_complete_cb(struct hci_conn *conn, u8 status)
4c47d739
VA		 2810{
2811 struct pending_cmd *cmd;
2812
2813 BT_DBG("status %u", status);
2814
2815 if (!status)
2816 return;
2817
2818 cmd = find_pairing(conn);
2819 if (!cmd)
2820 BT_DBG("Unable to find a pending command");
2821 else
2822 pairing_complete(cmd, mgmt_status(status));
2823}
2824
bdb6d971 2825static int pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2826 u16 len)
e9a416b5 2827{
650f726d 2828 struct mgmt_cp_pair_device *cp = data;
1425acb7 2829 struct mgmt_rp_pair_device rp;
e9a416b5
JH		 2830 struct pending_cmd *cmd;
2831 u8 sec_level, auth_type;
2832 struct hci_conn *conn;
e9a416b5
JH		 2833 int err;
2834
2835 BT_DBG("");
2836
f950a30e
SJ		 2837 memset(&rp, 0, sizeof(rp));
2838 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2839 rp.addr.type = cp->addr.type;
2840
4ee71b20
JH		 2841 if (!bdaddr_type_is_valid(cp->addr.type))
2842 return cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2843 MGMT_STATUS_INVALID_PARAMS,
2844 &rp, sizeof(rp));
2845
09fd0de5 2846 hci_dev_lock(hdev);
e9a416b5 2847
5f97c1df 2848 if (!hdev_is_powered(hdev)) {
f950a30e
SJ		 2849 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2850 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
5f97c1df
JH		 2851 goto unlock;
2852 }
2853
c908df36 2854 sec_level = BT_SECURITY_MEDIUM;
6fd6b915 2855 auth_type = HCI_AT_DEDICATED_BONDING;
e9a416b5 2856
6f77d8c7 2857 if (cp->addr.type == BDADDR_BREDR) {
04a6c589
AG		 2858 conn = hci_connect_acl(hdev, &cp->addr.bdaddr, sec_level,
2859 auth_type);
6f77d8c7
AG		 2860 } else {
2861 u8 addr_type;
2862
2863 /* Convert from L2CAP channel address type to HCI address type
2864 */
2865 if (cp->addr.type == BDADDR_LE_PUBLIC)
2866 addr_type = ADDR_LE_DEV_PUBLIC;
2867 else
2868 addr_type = ADDR_LE_DEV_RANDOM;
2869
2870 conn = hci_connect_le(hdev, &cp->addr.bdaddr, addr_type,
04a6c589 2871 sec_level, auth_type);
6f77d8c7 2872 }
7a512d01 2873
30e76272 2874 if (IS_ERR(conn)) {
489dc48e
AK		 2875 int status;
2876
2877 if (PTR_ERR(conn) == -EBUSY)
2878 status = MGMT_STATUS_BUSY;
2879 else
2880 status = MGMT_STATUS_CONNECT_FAILED;
2881
bdb6d971 2882 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
489dc48e 2883 status, &rp,
04124681 2884 sizeof(rp));
e9a416b5
JH		 2885 goto unlock;
2886 }
2887
2888 if (conn->connect_cfm_cb) {
76a68ba0 2889 hci_conn_drop(conn);
bdb6d971 2890 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
04124681 2891 MGMT_STATUS_BUSY, &rp, sizeof(rp));
e9a416b5
JH		 2892 goto unlock;
2893 }
2894
2e58ef3e 2895 cmd = mgmt_pending_add(sk, MGMT_OP_PAIR_DEVICE, hdev, data, len);
e9a416b5
JH		 2896 if (!cmd) {
2897 err = -ENOMEM;
76a68ba0 2898 hci_conn_drop(conn);
e9a416b5
JH		 2899 goto unlock;
2900 }
2901
7a512d01 2902 /* For LE, just connecting isn't a proof that the pairing finished */
f4a407be 2903 if (cp->addr.type == BDADDR_BREDR) {
7a512d01 2904 conn->connect_cfm_cb = pairing_complete_cb;
f4a407be
JH		 2905 conn->security_cfm_cb = pairing_complete_cb;
2906 conn->disconn_cfm_cb = pairing_complete_cb;
2907 } else {
2908 conn->connect_cfm_cb = le_pairing_complete_cb;
2909 conn->security_cfm_cb = le_pairing_complete_cb;
2910 conn->disconn_cfm_cb = le_pairing_complete_cb;
2911 }
7a512d01 2912
e9a416b5
JH		 2913 conn->io_capability = cp->io_cap;
2914 cmd->user_data = conn;
2915
2916 if (conn->state == BT_CONNECTED &&
8ce8e2b5 2917 hci_conn_security(conn, sec_level, auth_type))
e9a416b5
JH		 2918 pairing_complete(cmd, 0);
2919
2920 err = 0;
2921
2922unlock:
09fd0de5 2923 hci_dev_unlock(hdev);
e9a416b5
JH		 2924 return err;
2925}
2926
04124681
GP		 2927static int cancel_pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
2928 u16 len)
28424707 2929{
0f4e68cf 2930 struct mgmt_addr_info *addr = data;
28424707
JH		 2931 struct pending_cmd *cmd;
2932 struct hci_conn *conn;
2933 int err;
2934
2935 BT_DBG("");
2936
28424707
JH		 2937 hci_dev_lock(hdev);
2938
5f97c1df 2939 if (!hdev_is_powered(hdev)) {
bdb6d971 2940 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
04124681 2941 MGMT_STATUS_NOT_POWERED);
5f97c1df
JH		 2942 goto unlock;
2943 }
2944
28424707
JH		 2945 cmd = mgmt_pending_find(MGMT_OP_PAIR_DEVICE, hdev);
2946 if (!cmd) {
bdb6d971 2947 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
04124681 2948 MGMT_STATUS_INVALID_PARAMS);
28424707
JH		 2949 goto unlock;
2950 }
2951
2952 conn = cmd->user_data;
2953
2954 if (bacmp(&addr->bdaddr, &conn->dst) != 0) {
bdb6d971 2955 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
04124681 2956 MGMT_STATUS_INVALID_PARAMS);
28424707
JH		 2957 goto unlock;
2958 }
2959
2960 pairing_complete(cmd, MGMT_STATUS_CANCELLED);
2961
bdb6d971 2962 err = cmd_complete(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE, 0,
04124681 2963 addr, sizeof(*addr));
28424707
JH		 2964unlock:
2965 hci_dev_unlock(hdev);
28424707
JH		 2966 return err;
2967}
2968
bdb6d971 2969static int user_pairing_resp(struct sock *sk, struct hci_dev *hdev,
1707c60e 2970 struct mgmt_addr_info *addr, u16 mgmt_op,
04124681 2971 u16 hci_op, __le32 passkey)
a5c29683 2972{
a5c29683 2973 struct pending_cmd *cmd;
0df4c185 2974 struct hci_conn *conn;
a5c29683
JH		 2975 int err;
2976
09fd0de5 2977 hci_dev_lock(hdev);
08ba5382 2978
4b34ee78 2979 if (!hdev_is_powered(hdev)) {
feb94d3d
JH		 2980 err = cmd_complete(sk, hdev->id, mgmt_op,
2981 MGMT_STATUS_NOT_POWERED, addr,
2982 sizeof(*addr));
0df4c185 2983 goto done;
a5c29683
JH		 2984 }
2985
1707c60e
JH		 2986 if (addr->type == BDADDR_BREDR)
2987 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &addr->bdaddr);
272d90df 2988 else
1707c60e 2989 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &addr->bdaddr);
272d90df
JH		 2990
2991 if (!conn) {
feb94d3d
JH		 2992 err = cmd_complete(sk, hdev->id, mgmt_op,
2993 MGMT_STATUS_NOT_CONNECTED, addr,
2994 sizeof(*addr));
272d90df
JH		 2995 goto done;
2996 }
47c15e2b 2997
1707c60e 2998 if (addr->type == BDADDR_LE_PUBLIC || addr->type == BDADDR_LE_RANDOM) {
47c15e2b 2999 /* Continue with pairing via SMP */
5fe57d9e
BG		 3000 err = smp_user_confirm_reply(conn, mgmt_op, passkey);
3001
3002 if (!err)
feb94d3d
JH		 3003 err = cmd_complete(sk, hdev->id, mgmt_op,
3004 MGMT_STATUS_SUCCESS, addr,
3005 sizeof(*addr));
5fe57d9e 3006 else
feb94d3d
JH		 3007 err = cmd_complete(sk, hdev->id, mgmt_op,
3008 MGMT_STATUS_FAILED, addr,
3009 sizeof(*addr));
47c15e2b 3010
47c15e2b
BG		 3011 goto done;
3012 }
3013
1707c60e 3014 cmd = mgmt_pending_add(sk, mgmt_op, hdev, addr, sizeof(*addr));
a5c29683
JH		 3015 if (!cmd) {
3016 err = -ENOMEM;
0df4c185 3017 goto done;
a5c29683
JH		 3018 }
3019
0df4c185 3020 /* Continue with pairing via HCI */
604086b7
BG		 3021 if (hci_op == HCI_OP_USER_PASSKEY_REPLY) {
3022 struct hci_cp_user_passkey_reply cp;
3023
1707c60e 3024 bacpy(&cp.bdaddr, &addr->bdaddr);
604086b7
BG		 3025 cp.passkey = passkey;
3026 err = hci_send_cmd(hdev, hci_op, sizeof(cp), &cp);
3027 } else
1707c60e
JH		 3028 err = hci_send_cmd(hdev, hci_op, sizeof(addr->bdaddr),
3029 &addr->bdaddr);
604086b7 3030
a664b5bc
JH		 3031 if (err < 0)
3032 mgmt_pending_remove(cmd);
a5c29683 3033
0df4c185 3034done:
09fd0de5 3035 hci_dev_unlock(hdev);
a5c29683
JH		 3036 return err;
3037}
3038
afeb019d
JK		 3039static int pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
3040 void *data, u16 len)
3041{
3042 struct mgmt_cp_pin_code_neg_reply *cp = data;
3043
3044 BT_DBG("");
3045
1707c60e 3046 return user_pairing_resp(sk, hdev, &cp->addr,
afeb019d
JK		 3047 MGMT_OP_PIN_CODE_NEG_REPLY,
3048 HCI_OP_PIN_CODE_NEG_REPLY, 0);
3049}
3050
04124681
GP		 3051static int user_confirm_reply(struct sock *sk, struct hci_dev *hdev, void *data,
3052 u16 len)
0df4c185 3053{
650f726d 3054 struct mgmt_cp_user_confirm_reply *cp = data;
0df4c185
BG		 3055
3056 BT_DBG("");
3057
3058 if (len != sizeof(*cp))
bdb6d971 3059 return cmd_status(sk, hdev->id, MGMT_OP_USER_CONFIRM_REPLY,
04124681 3060 MGMT_STATUS_INVALID_PARAMS);
0df4c185 3061
1707c60e 3062 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 3063 MGMT_OP_USER_CONFIRM_REPLY,
3064 HCI_OP_USER_CONFIRM_REPLY, 0);
0df4c185
BG		 3065}
3066
bdb6d971 3067static int user_confirm_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 3068 void *data, u16 len)
0df4c185 3069{
c9c2659f 3070 struct mgmt_cp_user_confirm_neg_reply *cp = data;
0df4c185
BG		 3071
3072 BT_DBG("");
3073
1707c60e 3074 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 3075 MGMT_OP_USER_CONFIRM_NEG_REPLY,
3076 HCI_OP_USER_CONFIRM_NEG_REPLY, 0);
0df4c185
BG		 3077}
3078
04124681
GP		 3079static int user_passkey_reply(struct sock *sk, struct hci_dev *hdev, void *data,
3080 u16 len)
604086b7 3081{
650f726d 3082 struct mgmt_cp_user_passkey_reply *cp = data;
604086b7
BG		 3083
3084 BT_DBG("");
3085
1707c60e 3086 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 3087 MGMT_OP_USER_PASSKEY_REPLY,
3088 HCI_OP_USER_PASSKEY_REPLY, cp->passkey);
604086b7
BG		 3089}
3090
bdb6d971 3091static int user_passkey_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 3092 void *data, u16 len)
604086b7 3093{
650f726d 3094 struct mgmt_cp_user_passkey_neg_reply *cp = data;
604086b7
BG		 3095
3096 BT_DBG("");
3097
1707c60e 3098 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 3099 MGMT_OP_USER_PASSKEY_NEG_REPLY,
3100 HCI_OP_USER_PASSKEY_NEG_REPLY, 0);
604086b7
BG		 3101}
3102
13928971 3103static void update_name(struct hci_request *req)
2b4bf397 3104{
13928971 3105 struct hci_dev *hdev = req->hdev;
2b4bf397
JH		 3106 struct hci_cp_write_local_name cp;
3107
13928971 3108 memcpy(cp.name, hdev->dev_name, sizeof(cp.name));
2b4bf397 3109
890ea898 3110 hci_req_add(req, HCI_OP_WRITE_LOCAL_NAME, sizeof(cp), &cp);
2b4bf397
JH		 3111}
3112
13928971
JH		 3113static void set_name_complete(struct hci_dev *hdev, u8 status)
3114{
3115 struct mgmt_cp_set_local_name *cp;
3116 struct pending_cmd *cmd;
3117
3118 BT_DBG("status 0x%02x", status);
3119
3120 hci_dev_lock(hdev);
3121
3122 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
3123 if (!cmd)
3124 goto unlock;
3125
3126 cp = cmd->param;
3127
3128 if (status)
3129 cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME,
3130 mgmt_status(status));
3131 else
3132 cmd_complete(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3133 cp, sizeof(*cp));
3134
3135 mgmt_pending_remove(cmd);
3136
3137unlock:
3138 hci_dev_unlock(hdev);
3139}
3140
bdb6d971 3141static int set_local_name(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3142 u16 len)
b312b161 3143{
2b4bf397 3144 struct mgmt_cp_set_local_name *cp = data;
b312b161 3145 struct pending_cmd *cmd;
890ea898 3146 struct hci_request req;
b312b161
JH		 3147 int err;
3148
3149 BT_DBG("");
3150
09fd0de5 3151 hci_dev_lock(hdev);
b312b161 3152
b3f2ca94
JH		 3153 /* If the old values are the same as the new ones just return a
3154 * direct command complete event.
3155 */
3156 if (!memcmp(hdev->dev_name, cp->name, sizeof(hdev->dev_name)) &&
3157 !memcmp(hdev->short_name, cp->short_name,
3158 sizeof(hdev->short_name))) {
3159 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3160 data, len);
3161 goto failed;
3162 }
3163
2b4bf397 3164 memcpy(hdev->short_name, cp->short_name, sizeof(hdev->short_name));
28cc7bde 3165
b5235a65 3166 if (!hdev_is_powered(hdev)) {
2b4bf397 3167 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
28cc7bde
JH		 3168
3169 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
04124681 3170 data, len);
28cc7bde
JH		 3171 if (err < 0)
3172 goto failed;
3173
3174 err = mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, data, len,
04124681 3175 sk);
28cc7bde 3176
b5235a65
JH		 3177 goto failed;
3178 }
3179
28cc7bde 3180 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LOCAL_NAME, hdev, data, len);
b312b161
JH		 3181 if (!cmd) {
3182 err = -ENOMEM;
3183 goto failed;
3184 }
3185
13928971
JH		 3186 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
3187
890ea898 3188 hci_req_init(&req, hdev);
3f985050
JH		 3189
3190 if (lmp_bredr_capable(hdev)) {
3191 update_name(&req);
3192 update_eir(&req);
3193 }
3194
7a5f4990
MH		 3195 /* The name is stored in the scan response data and so
3196 * no need to udpate the advertising data here.
3197 */
3f985050 3198 if (lmp_le_capable(hdev))
7a5f4990 3199 update_scan_rsp_data(&req);
3f985050 3200
13928971 3201 err = hci_req_run(&req, set_name_complete);
b312b161
JH		 3202 if (err < 0)
3203 mgmt_pending_remove(cmd);
3204
3205failed:
09fd0de5 3206 hci_dev_unlock(hdev);
b312b161
JH		 3207 return err;
3208}
3209
0f4e68cf 3210static int read_local_oob_data(struct sock *sk, struct hci_dev *hdev,
04124681 3211 void *data, u16 data_len)
c35938b2 3212{
c35938b2
SJ		 3213 struct pending_cmd *cmd;
3214 int err;
3215
bdb6d971 3216 BT_DBG("%s", hdev->name);
c35938b2 3217
09fd0de5 3218 hci_dev_lock(hdev);
c35938b2 3219
4b34ee78 3220 if (!hdev_is_powered(hdev)) {
bdb6d971 3221 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
04124681 3222 MGMT_STATUS_NOT_POWERED);
c35938b2
SJ		 3223 goto unlock;
3224 }
3225
9a1a1996 3226 if (!lmp_ssp_capable(hdev)) {
bdb6d971 3227 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
04124681 3228 MGMT_STATUS_NOT_SUPPORTED);
c35938b2
SJ		 3229 goto unlock;
3230 }
3231
2e58ef3e 3232 if (mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev)) {
bdb6d971 3233 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
04124681 3234 MGMT_STATUS_BUSY);
c35938b2
SJ		 3235 goto unlock;
3236 }
3237
2e58ef3e 3238 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_DATA, hdev, NULL, 0);
c35938b2
SJ		 3239 if (!cmd) {
3240 err = -ENOMEM;
3241 goto unlock;
3242 }
3243
4d2d2796
MH		 3244 if (test_bit(HCI_SC_ENABLED, &hdev->dev_flags))
3245 err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_EXT_DATA,
3246 0, NULL);
3247 else
3248 err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL);
3249
c35938b2
SJ		 3250 if (err < 0)
3251 mgmt_pending_remove(cmd);
3252
3253unlock:
09fd0de5 3254 hci_dev_unlock(hdev);
c35938b2
SJ		 3255 return err;
3256}
3257
bdb6d971 3258static int add_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
04124681 3259 void *data, u16 len)
2763eda6 3260{
2763eda6
SJ		 3261 int err;
3262
bdb6d971 3263 BT_DBG("%s ", hdev->name);
2763eda6 3264
09fd0de5 3265 hci_dev_lock(hdev);
2763eda6 3266
ec109113
MH		 3267 if (len == MGMT_ADD_REMOTE_OOB_DATA_SIZE) {
3268 struct mgmt_cp_add_remote_oob_data *cp = data;
3269 u8 status;
bf1e3541 3270
ec109113
MH		 3271 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr,
3272 cp->hash, cp->randomizer);
3273 if (err < 0)
3274 status = MGMT_STATUS_FAILED;
3275 else
3276 status = MGMT_STATUS_SUCCESS;
3277
3278 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA,
3279 status, &cp->addr, sizeof(cp->addr));
3280 } else if (len == MGMT_ADD_REMOTE_OOB_EXT_DATA_SIZE) {
3281 struct mgmt_cp_add_remote_oob_ext_data *cp = data;
3282 u8 status;
3283
3284 err = hci_add_remote_oob_ext_data(hdev, &cp->addr.bdaddr,
3285 cp->hash192,
3286 cp->randomizer192,
3287 cp->hash256,
3288 cp->randomizer256);
3289 if (err < 0)
3290 status = MGMT_STATUS_FAILED;
3291 else
3292 status = MGMT_STATUS_SUCCESS;
3293
3294 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA,
3295 status, &cp->addr, sizeof(cp->addr));
3296 } else {
3297 BT_ERR("add_remote_oob_data: invalid length of %u bytes", len);
3298 err = cmd_status(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA,
3299 MGMT_STATUS_INVALID_PARAMS);
3300 }
2763eda6 3301
09fd0de5 3302 hci_dev_unlock(hdev);
2763eda6
SJ		 3303 return err;
3304}
3305
bdb6d971 3306static int remove_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
8ce8e2b5 3307 void *data, u16 len)
2763eda6 3308{
650f726d 3309 struct mgmt_cp_remove_remote_oob_data *cp = data;
bf1e3541 3310 u8 status;
2763eda6
SJ		 3311 int err;
3312
bdb6d971 3313 BT_DBG("%s", hdev->name);
2763eda6 3314
09fd0de5 3315 hci_dev_lock(hdev);
2763eda6 3316
664ce4cc 3317 err = hci_remove_remote_oob_data(hdev, &cp->addr.bdaddr);
2763eda6 3318 if (err < 0)
bf1e3541 3319 status = MGMT_STATUS_INVALID_PARAMS;
2763eda6 3320 else
a6785be2 3321 status = MGMT_STATUS_SUCCESS;
bf1e3541 3322
bdb6d971 3323 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
04124681 3324 status, &cp->addr, sizeof(cp->addr));
2763eda6 3325
09fd0de5 3326 hci_dev_unlock(hdev);
2763eda6
SJ		 3327 return err;
3328}
3329
41dc2bd6
AG		 3330static int mgmt_start_discovery_failed(struct hci_dev *hdev, u8 status)
3331{
3332 struct pending_cmd *cmd;
3333 u8 type;
3334 int err;
3335
3336 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
3337
3338 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
3339 if (!cmd)
3340 return -ENOENT;
3341
3342 type = hdev->discovery.type;
3343
3344 err = cmd_complete(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status),
3345 &type, sizeof(type));
3346 mgmt_pending_remove(cmd);
3347
3348 return err;
3349}
3350
7c307720
AG		 3351static void start_discovery_complete(struct hci_dev *hdev, u8 status)
3352{
ae55f598
LR		 3353 unsigned long timeout = 0;
3354
7c307720
AG		 3355 BT_DBG("status %d", status);
3356
3357 if (status) {
3358 hci_dev_lock(hdev);
3359 mgmt_start_discovery_failed(hdev, status);
3360 hci_dev_unlock(hdev);
3361 return;
3362 }
3363
3364 hci_dev_lock(hdev);
3365 hci_discovery_set_state(hdev, DISCOVERY_FINDING);
3366 hci_dev_unlock(hdev);
3367
3368 switch (hdev->discovery.type) {
3369 case DISCOV_TYPE_LE:
3d5a76f0 3370 timeout = msecs_to_jiffies(DISCOV_LE_TIMEOUT);
7c307720
AG		 3371 break;
3372
3373 case DISCOV_TYPE_INTERLEAVED:
b9a7a61e 3374 timeout = msecs_to_jiffies(hdev->discov_interleaved_timeout);
7c307720
AG		 3375 break;
3376
3377 case DISCOV_TYPE_BREDR:
3378 break;
3379
3380 default:
3381 BT_ERR("Invalid discovery type %d", hdev->discovery.type);
3382 }
ae55f598
LR		 3383
3384 if (!timeout)
3385 return;
3386
3387 queue_delayed_work(hdev->workqueue, &hdev->le_scan_disable, timeout);
7c307720
AG		 3388}
3389
bdb6d971 3390static int start_discovery(struct sock *sk, struct hci_dev *hdev,
04124681 3391 void *data, u16 len)
14a53664 3392{
650f726d 3393 struct mgmt_cp_start_discovery *cp = data;
14a53664 3394 struct pending_cmd *cmd;
7c307720
AG		 3395 struct hci_cp_le_set_scan_param param_cp;
3396 struct hci_cp_le_set_scan_enable enable_cp;
3397 struct hci_cp_inquiry inq_cp;
3398 struct hci_request req;
3399 /* General inquiry access code (GIAC) */
3400 u8 lap[3] = { 0x33, 0x8b, 0x9e };
d9483943 3401 u8 status, own_addr_type;
14a53664
JH		 3402 int err;
3403
bdb6d971 3404 BT_DBG("%s", hdev->name);
14a53664 3405
09fd0de5 3406 hci_dev_lock(hdev);
14a53664 3407
4b34ee78 3408 if (!hdev_is_powered(hdev)) {
bdb6d971 3409 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
04124681 3410 MGMT_STATUS_NOT_POWERED);
bd2d1334
JH		 3411 goto failed;
3412 }
3413
642be6c7
AG		 3414 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags)) {
3415 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3416 MGMT_STATUS_BUSY);
3417 goto failed;
3418 }
3419
ff9ef578 3420 if (hdev->discovery.state != DISCOVERY_STOPPED) {
bdb6d971 3421 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
04124681 3422 MGMT_STATUS_BUSY);
ff9ef578
JH		 3423 goto failed;
3424 }
3425
2e58ef3e 3426 cmd = mgmt_pending_add(sk, MGMT_OP_START_DISCOVERY, hdev, NULL, 0);
14a53664
JH		 3427 if (!cmd) {
3428 err = -ENOMEM;
3429 goto failed;
3430 }
3431
4aab14e5
AG		 3432 hdev->discovery.type = cp->type;
3433
7c307720
AG		 3434 hci_req_init(&req, hdev);
3435
4aab14e5 3436 switch (hdev->discovery.type) {
f39799f5 3437 case DISCOV_TYPE_BREDR:
e6fe7986
JH		 3438 status = mgmt_bredr_support(hdev);
3439 if (status) {
04106755 3440 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
e6fe7986 3441 status);
04106755
JH		 3442 mgmt_pending_remove(cmd);
3443 goto failed;
3444 }
3445
7c307720
AG		 3446 if (test_bit(HCI_INQUIRY, &hdev->flags)) {
3447 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3448 MGMT_STATUS_BUSY);
3449 mgmt_pending_remove(cmd);
3450 goto failed;
3451 }
3452
3453 hci_inquiry_cache_flush(hdev);
3454
3455 memset(&inq_cp, 0, sizeof(inq_cp));
3456 memcpy(&inq_cp.lap, lap, sizeof(inq_cp.lap));
0d8cc935 3457 inq_cp.length = DISCOV_BREDR_INQUIRY_LEN;
7c307720 3458 hci_req_add(&req, HCI_OP_INQUIRY, sizeof(inq_cp), &inq_cp);
f39799f5
AG		 3459 break;
3460
3461 case DISCOV_TYPE_LE:
7c307720 3462 case DISCOV_TYPE_INTERLEAVED:
e6fe7986
JH		 3463 status = mgmt_le_support(hdev);
3464 if (status) {
04106755 3465 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
e6fe7986 3466 status);
04106755
JH		 3467 mgmt_pending_remove(cmd);
3468 goto failed;
3469 }
3470
7c307720 3471 if (hdev->discovery.type == DISCOV_TYPE_INTERLEAVED &&
56f87901 3472 !test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
04106755
JH		 3473 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3474 MGMT_STATUS_NOT_SUPPORTED);
3475 mgmt_pending_remove(cmd);
3476 goto failed;
3477 }
3478
f3d3444a 3479 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags)) {
7c307720
AG		 3480 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3481 MGMT_STATUS_REJECTED);
3482 mgmt_pending_remove(cmd);
3483 goto failed;
3484 }
3485
c54c3860
AG		 3486 /* If controller is scanning, it means the background scanning
3487 * is running. Thus, we should temporarily stop it in order to
3488 * set the discovery scanning parameters.
3489 */
3490 if (test_bit(HCI_LE_SCAN, &hdev->dev_flags))
3491 hci_req_add_le_scan_disable(&req);
7c307720
AG		 3492
3493 memset(&param_cp, 0, sizeof(param_cp));
d9483943 3494
94b1fc92
MH		 3495 /* All active scans will be done with either a resolvable
3496 * private address (when privacy feature has been enabled)
3497 * or unresolvable private address.
3498 */
3499 err = hci_update_random_address(&req, true, &own_addr_type);
d9483943
JH		 3500 if (err < 0) {
3501 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3502 MGMT_STATUS_FAILED);
3503 mgmt_pending_remove(cmd);
3504 goto failed;
3505 }
3506
7c307720 3507 param_cp.type = LE_SCAN_ACTIVE;
0d8cc935
AG		 3508 param_cp.interval = cpu_to_le16(DISCOV_LE_SCAN_INT);
3509 param_cp.window = cpu_to_le16(DISCOV_LE_SCAN_WIN);
d9483943 3510 param_cp.own_address_type = own_addr_type;
7c307720
AG		 3511 hci_req_add(&req, HCI_OP_LE_SET_SCAN_PARAM, sizeof(param_cp),
3512 &param_cp);
3513
3514 memset(&enable_cp, 0, sizeof(enable_cp));
3515 enable_cp.enable = LE_SCAN_ENABLE;
3516 enable_cp.filter_dup = LE_SCAN_FILTER_DUP_ENABLE;
3517 hci_req_add(&req, HCI_OP_LE_SET_SCAN_ENABLE, sizeof(enable_cp),
3518 &enable_cp);
5e0452c0
AG		 3519 break;
3520
f39799f5 3521 default:
04106755
JH		 3522 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3523 MGMT_STATUS_INVALID_PARAMS);
3524 mgmt_pending_remove(cmd);
3525 goto failed;
f39799f5 3526 }
3fd24153 3527
7c307720 3528 err = hci_req_run(&req, start_discovery_complete);
14a53664
JH		 3529 if (err < 0)
3530 mgmt_pending_remove(cmd);
ff9ef578
JH		 3531 else
3532 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
14a53664
JH		 3533
3534failed:
09fd0de5 3535 hci_dev_unlock(hdev);
14a53664
JH		 3536 return err;
3537}
3538
1183fdca
AG		 3539static int mgmt_stop_discovery_failed(struct hci_dev *hdev, u8 status)
3540{
3541 struct pending_cmd *cmd;
3542 int err;
3543
3544 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
3545 if (!cmd)
3546 return -ENOENT;
3547
3548 err = cmd_complete(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status),
3549 &hdev->discovery.type, sizeof(hdev->discovery.type));
3550 mgmt_pending_remove(cmd);
3551
3552 return err;
3553}
3554
0e05bba6
AG		 3555static void stop_discovery_complete(struct hci_dev *hdev, u8 status)
3556{
3557 BT_DBG("status %d", status);
3558
3559 hci_dev_lock(hdev);
3560
3561 if (status) {
3562 mgmt_stop_discovery_failed(hdev, status);
3563 goto unlock;
3564 }
3565
3566 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
3567
3568unlock:
3569 hci_dev_unlock(hdev);
3570}
3571
bdb6d971 3572static int stop_discovery(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3573 u16 len)
14a53664 3574{
d930650b 3575 struct mgmt_cp_stop_discovery *mgmt_cp = data;
14a53664 3576 struct pending_cmd *cmd;
30dc78e1
JH		 3577 struct hci_cp_remote_name_req_cancel cp;
3578 struct inquiry_entry *e;
0e05bba6 3579 struct hci_request req;
14a53664
JH		 3580 int err;
3581
bdb6d971 3582 BT_DBG("%s", hdev->name);
14a53664 3583
09fd0de5 3584 hci_dev_lock(hdev);
14a53664 3585
30dc78e1 3586 if (!hci_discovery_active(hdev)) {
bdb6d971 3587 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
04124681
GP		 3588 MGMT_STATUS_REJECTED, &mgmt_cp->type,
3589 sizeof(mgmt_cp->type));
d930650b
JH		 3590 goto unlock;
3591 }
3592
3593 if (hdev->discovery.type != mgmt_cp->type) {
bdb6d971 3594 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
04124681
GP		 3595 MGMT_STATUS_INVALID_PARAMS, &mgmt_cp->type,
3596 sizeof(mgmt_cp->type));
30dc78e1 3597 goto unlock;
ff9ef578
JH		 3598 }
3599
2e58ef3e 3600 cmd = mgmt_pending_add(sk, MGMT_OP_STOP_DISCOVERY, hdev, NULL, 0);
14a53664
JH		 3601 if (!cmd) {
3602 err = -ENOMEM;
30dc78e1
JH		 3603 goto unlock;
3604 }
3605
0e05bba6
AG		 3606 hci_req_init(&req, hdev);
3607
e0d9727e
AG		 3608 switch (hdev->discovery.state) {
3609 case DISCOVERY_FINDING:
0e05bba6
AG		 3610 if (test_bit(HCI_INQUIRY, &hdev->flags)) {
3611 hci_req_add(&req, HCI_OP_INQUIRY_CANCEL, 0, NULL);
3612 } else {
3613 cancel_delayed_work(&hdev->le_scan_disable);
3614
b1efcc28 3615 hci_req_add_le_scan_disable(&req);
0e05bba6 3616 }
c9ecc48e 3617
e0d9727e
AG		 3618 break;
3619
3620 case DISCOVERY_RESOLVING:
3621 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY,
8ce8e2b5 3622 NAME_PENDING);
e0d9727e 3623 if (!e) {
30dc78e1 3624 mgmt_pending_remove(cmd);
e0d9727e
AG		 3625 err = cmd_complete(sk, hdev->id,
3626 MGMT_OP_STOP_DISCOVERY, 0,
3627 &mgmt_cp->type,
3628 sizeof(mgmt_cp->type));
3629 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
3630 goto unlock;
3631 }
30dc78e1 3632
e0d9727e 3633 bacpy(&cp.bdaddr, &e->data.bdaddr);
0e05bba6
AG		 3634 hci_req_add(&req, HCI_OP_REMOTE_NAME_REQ_CANCEL, sizeof(cp),
3635 &cp);
e0d9727e
AG		 3636
3637 break;
3638
3639 default:
3640 BT_DBG("unknown discovery state %u", hdev->discovery.state);
0e05bba6
AG		 3641
3642 mgmt_pending_remove(cmd);
3643 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
3644 MGMT_STATUS_FAILED, &mgmt_cp->type,
3645 sizeof(mgmt_cp->type));
3646 goto unlock;
14a53664
JH		 3647 }
3648
0e05bba6 3649 err = hci_req_run(&req, stop_discovery_complete);
14a53664
JH		 3650 if (err < 0)
3651 mgmt_pending_remove(cmd);
ff9ef578
JH		 3652 else
3653 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
14a53664 3654
30dc78e1 3655unlock:
09fd0de5 3656 hci_dev_unlock(hdev);
14a53664
JH		 3657 return err;
3658}
3659
bdb6d971 3660static int confirm_name(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3661 u16 len)
561aafbc 3662{
650f726d 3663 struct mgmt_cp_confirm_name *cp = data;
561aafbc 3664 struct inquiry_entry *e;
561aafbc
JH		 3665 int err;
3666
bdb6d971 3667 BT_DBG("%s", hdev->name);
561aafbc 3668
561aafbc
JH		 3669 hci_dev_lock(hdev);
3670
30dc78e1 3671 if (!hci_discovery_active(hdev)) {
d3a2541d
LR		 3672 err = cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
3673 MGMT_STATUS_FAILED, &cp->addr,
3674 sizeof(cp->addr));
30dc78e1
JH		 3675 goto failed;
3676 }
3677
a198e7b1 3678 e = hci_inquiry_cache_lookup_unknown(hdev, &cp->addr.bdaddr);
561aafbc 3679 if (!e) {
d3a2541d
LR		 3680 err = cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
3681 MGMT_STATUS_INVALID_PARAMS, &cp->addr,
3682 sizeof(cp->addr));
561aafbc
JH		 3683 goto failed;
3684 }
3685
3686 if (cp->name_known) {
3687 e->name_state = NAME_KNOWN;
3688 list_del(&e->list);
3689 } else {
3690 e->name_state = NAME_NEEDED;
a3d4e20a 3691 hci_inquiry_cache_update_resolve(hdev, e);
561aafbc
JH		 3692 }
3693
e384662b
JH		 3694 err = cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME, 0, &cp->addr,
3695 sizeof(cp->addr));
561aafbc
JH		 3696
3697failed:
3698 hci_dev_unlock(hdev);
561aafbc
JH		 3699 return err;
3700}
3701
bdb6d971 3702static int block_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3703 u16 len)
7fbec224 3704{
650f726d 3705 struct mgmt_cp_block_device *cp = data;
f0eeea8b 3706 u8 status;
7fbec224
AJ		 3707 int err;
3708
bdb6d971 3709 BT_DBG("%s", hdev->name);
7fbec224 3710
4ee71b20 3711 if (!bdaddr_type_is_valid(cp->addr.type))
5d0846d4
JH		 3712 return cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE,
3713 MGMT_STATUS_INVALID_PARAMS,
3714 &cp->addr, sizeof(cp->addr));
4ee71b20 3715
09fd0de5 3716 hci_dev_lock(hdev);
5e762444 3717
88c1fe4b 3718 err = hci_blacklist_add(hdev, &cp->addr.bdaddr, cp->addr.type);
7fbec224 3719 if (err < 0)
f0eeea8b 3720 status = MGMT_STATUS_FAILED;
7fbec224 3721 else
a6785be2 3722 status = MGMT_STATUS_SUCCESS;
f0eeea8b 3723
bdb6d971 3724 err = cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE, status,
04124681 3725 &cp->addr, sizeof(cp->addr));
5e762444 3726
09fd0de5 3727 hci_dev_unlock(hdev);
7fbec224
AJ		 3728
3729 return err;
3730}
3731
bdb6d971 3732static int unblock_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3733 u16 len)
7fbec224 3734{
650f726d 3735 struct mgmt_cp_unblock_device *cp = data;
f0eeea8b 3736 u8 status;
7fbec224
AJ		 3737 int err;
3738
bdb6d971 3739 BT_DBG("%s", hdev->name);
7fbec224 3740
4ee71b20 3741 if (!bdaddr_type_is_valid(cp->addr.type))
5d0846d4
JH		 3742 return cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE,
3743 MGMT_STATUS_INVALID_PARAMS,
3744 &cp->addr, sizeof(cp->addr));
4ee71b20 3745
09fd0de5 3746 hci_dev_lock(hdev);
5e762444 3747
88c1fe4b 3748 err = hci_blacklist_del(hdev, &cp->addr.bdaddr, cp->addr.type);
7fbec224 3749 if (err < 0)
f0eeea8b 3750 status = MGMT_STATUS_INVALID_PARAMS;
7fbec224 3751 else
a6785be2 3752 status = MGMT_STATUS_SUCCESS;
f0eeea8b 3753
bdb6d971 3754 err = cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE, status,
04124681 3755 &cp->addr, sizeof(cp->addr));
5e762444 3756
09fd0de5 3757 hci_dev_unlock(hdev);
7fbec224
AJ		 3758
3759 return err;
3760}
3761
cdbaccca
MH		 3762static int set_device_id(struct sock *sk, struct hci_dev *hdev, void *data,
3763 u16 len)
3764{
3765 struct mgmt_cp_set_device_id *cp = data;
890ea898 3766 struct hci_request req;
cdbaccca 3767 int err;
c72d4b8a 3768 __u16 source;
cdbaccca
MH		 3769
3770 BT_DBG("%s", hdev->name);
3771
c72d4b8a
SJ		 3772 source = __le16_to_cpu(cp->source);
3773
3774 if (source > 0x0002)
3775 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEVICE_ID,
3776 MGMT_STATUS_INVALID_PARAMS);
3777
cdbaccca
MH		 3778 hci_dev_lock(hdev);
3779
c72d4b8a 3780 hdev->devid_source = source;
cdbaccca
MH		 3781 hdev->devid_vendor = __le16_to_cpu(cp->vendor);
3782 hdev->devid_product = __le16_to_cpu(cp->product);
3783 hdev->devid_version = __le16_to_cpu(cp->version);
3784
3785 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEVICE_ID, 0, NULL, 0);
3786
890ea898
JH		 3787 hci_req_init(&req, hdev);
3788 update_eir(&req);
3789 hci_req_run(&req, NULL);
cdbaccca
MH		 3790
3791 hci_dev_unlock(hdev);
3792
3793 return err;
3794}
3795
4375f103
JH		 3796static void set_advertising_complete(struct hci_dev *hdev, u8 status)
3797{
3798 struct cmd_lookup match = { NULL, hdev };
3799
3800 if (status) {
3801 u8 mgmt_err = mgmt_status(status);
3802
3803 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev,
3804 cmd_status_rsp, &mgmt_err);
3805 return;
3806 }
3807
3808 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev, settings_rsp,
3809 &match);
3810
3811 new_settings(hdev, match.sk);
3812
3813 if (match.sk)
3814 sock_put(match.sk);
3815}
3816
21b5187f
MH		 3817static int set_advertising(struct sock *sk, struct hci_dev *hdev, void *data,
3818 u16 len)
4375f103
JH		 3819{
3820 struct mgmt_mode *cp = data;
3821 struct pending_cmd *cmd;
3822 struct hci_request req;
e6fe7986 3823 u8 val, enabled, status;
4375f103
JH		 3824 int err;
3825
3826 BT_DBG("request for %s", hdev->name);
3827
e6fe7986
JH		 3828 status = mgmt_le_support(hdev);
3829 if (status)
4375f103 3830 return cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
e6fe7986 3831 status);
4375f103
JH		 3832
3833 if (cp->val != 0x00 && cp->val != 0x01)
3834 return cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
3835 MGMT_STATUS_INVALID_PARAMS);
3836
3837 hci_dev_lock(hdev);
3838
3839 val = !!cp->val;
f3d3444a 3840 enabled = test_bit(HCI_ADVERTISING, &hdev->dev_flags);
4375f103 3841
f74ca9b8
JH		 3842 /* The following conditions are ones which mean that we should
3843 * not do any HCI communication but directly send a mgmt
3844 * response to user space (after toggling the flag if
3845 * necessary).
3846 */
3847 if (!hdev_is_powered(hdev) || val == enabled ||
b145edcd 3848 hci_conn_num(hdev, LE_LINK) > 0) {
4375f103
JH		 3849 bool changed = false;
3850
f3d3444a
JH		 3851 if (val != test_bit(HCI_ADVERTISING, &hdev->dev_flags)) {
3852 change_bit(HCI_ADVERTISING, &hdev->dev_flags);
4375f103
JH		 3853 changed = true;
3854 }
3855
3856 err = send_settings_rsp(sk, MGMT_OP_SET_ADVERTISING, hdev);
3857 if (err < 0)
3858 goto unlock;
3859
3860 if (changed)
3861 err = new_settings(hdev, sk);
3862
3863 goto unlock;
3864 }
3865
3866 if (mgmt_pending_find(MGMT_OP_SET_ADVERTISING, hdev) ||
3867 mgmt_pending_find(MGMT_OP_SET_LE, hdev)) {
3868 err = cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
3869 MGMT_STATUS_BUSY);
3870 goto unlock;
3871 }
3872
3873 cmd = mgmt_pending_add(sk, MGMT_OP_SET_ADVERTISING, hdev, data, len);
3874 if (!cmd) {
3875 err = -ENOMEM;
3876 goto unlock;
3877 }
3878
3879 hci_req_init(&req, hdev);
3880
bba3aa55
MH		 3881 if (val)
3882 enable_advertising(&req);
3883 else
3884 disable_advertising(&req);
4375f103
JH		 3885
3886 err = hci_req_run(&req, set_advertising_complete);
3887 if (err < 0)
3888 mgmt_pending_remove(cmd);
3889
3890unlock:
3891 hci_dev_unlock(hdev);
3892 return err;
3893}
3894
d13eafce
MH		 3895static int set_static_address(struct sock *sk, struct hci_dev *hdev,
3896 void *data, u16 len)
3897{
3898 struct mgmt_cp_set_static_address *cp = data;
3899 int err;
3900
3901 BT_DBG("%s", hdev->name);
3902
62af4443 3903 if (!lmp_le_capable(hdev))
d13eafce 3904 return cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
62af4443 3905 MGMT_STATUS_NOT_SUPPORTED);
d13eafce
MH		 3906
3907 if (hdev_is_powered(hdev))
3908 return cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
3909 MGMT_STATUS_REJECTED);
3910
3911 if (bacmp(&cp->bdaddr, BDADDR_ANY)) {
3912 if (!bacmp(&cp->bdaddr, BDADDR_NONE))
3913 return cmd_status(sk, hdev->id,
3914 MGMT_OP_SET_STATIC_ADDRESS,
3915 MGMT_STATUS_INVALID_PARAMS);
3916
3917 /* Two most significant bits shall be set */
3918 if ((cp->bdaddr.b[5] & 0xc0) != 0xc0)
3919 return cmd_status(sk, hdev->id,
3920 MGMT_OP_SET_STATIC_ADDRESS,
3921 MGMT_STATUS_INVALID_PARAMS);
3922 }
3923
3924 hci_dev_lock(hdev);
3925
3926 bacpy(&hdev->static_addr, &cp->bdaddr);
3927
3928 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS, 0, NULL, 0);
3929
3930 hci_dev_unlock(hdev);
3931
3932 return err;
3933}
3934
14b49b9a
MH		 3935static int set_scan_params(struct sock *sk, struct hci_dev *hdev,
3936 void *data, u16 len)
3937{
3938 struct mgmt_cp_set_scan_params *cp = data;
3939 __u16 interval, window;
3940 int err;
3941
3942 BT_DBG("%s", hdev->name);
3943
3944 if (!lmp_le_capable(hdev))
3945 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
3946 MGMT_STATUS_NOT_SUPPORTED);
3947
3948 interval = __le16_to_cpu(cp->interval);
3949
3950 if (interval < 0x0004 || interval > 0x4000)
3951 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
3952 MGMT_STATUS_INVALID_PARAMS);
3953
3954 window = __le16_to_cpu(cp->window);
3955
3956 if (window < 0x0004 || window > 0x4000)
3957 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
3958 MGMT_STATUS_INVALID_PARAMS);
3959
899e1075
MH		 3960 if (window > interval)
3961 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
3962 MGMT_STATUS_INVALID_PARAMS);
3963
14b49b9a
MH		 3964 hci_dev_lock(hdev);
3965
3966 hdev->le_scan_interval = interval;
3967 hdev->le_scan_window = window;
3968
3969 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS, 0, NULL, 0);
3970
dd2ef8e2
AG		 3971 /* If background scan is running, restart it so new parameters are
3972 * loaded.
3973 */
3974 if (test_bit(HCI_LE_SCAN, &hdev->dev_flags) &&
3975 hdev->discovery.state == DISCOVERY_STOPPED) {
3976 struct hci_request req;
3977
3978 hci_req_init(&req, hdev);
3979
3980 hci_req_add_le_scan_disable(&req);
3981 hci_req_add_le_passive_scan(&req);
3982
3983 hci_req_run(&req, NULL);
3984 }
3985
14b49b9a
MH		 3986 hci_dev_unlock(hdev);
3987
3988 return err;
3989}
3990
33e38b3e
JH		 3991static void fast_connectable_complete(struct hci_dev *hdev, u8 status)
3992{
3993 struct pending_cmd *cmd;
3994
3995 BT_DBG("status 0x%02x", status);
3996
3997 hci_dev_lock(hdev);
3998
3999 cmd = mgmt_pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev);
4000 if (!cmd)
4001 goto unlock;
4002
4003 if (status) {
4004 cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4005 mgmt_status(status));
4006 } else {
1a4d3c4b
JH		 4007 struct mgmt_mode *cp = cmd->param;
4008
4009 if (cp->val)
4010 set_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
4011 else
4012 clear_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
4013
33e38b3e
JH		 4014 send_settings_rsp(cmd->sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev);
4015 new_settings(hdev, cmd->sk);
4016 }
4017
4018 mgmt_pending_remove(cmd);
4019
4020unlock:
4021 hci_dev_unlock(hdev);
4022}
4023
bdb6d971 4024static int set_fast_connectable(struct sock *sk, struct hci_dev *hdev,
04124681 4025 void *data, u16 len)
f6422ec6 4026{
650f726d 4027 struct mgmt_mode *cp = data;
33e38b3e
JH		 4028 struct pending_cmd *cmd;
4029 struct hci_request req;
f6422ec6
AJ		 4030 int err;
4031
bdb6d971 4032 BT_DBG("%s", hdev->name);
f6422ec6 4033
56f87901
JH		 4034 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags) ||
4035 hdev->hci_ver < BLUETOOTH_VER_1_2)
33c525c0
JH		 4036 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4037 MGMT_STATUS_NOT_SUPPORTED);
4038
a7e80f25
JH		 4039 if (cp->val != 0x00 && cp->val != 0x01)
4040 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4041 MGMT_STATUS_INVALID_PARAMS);
4042
5400c044 4043 if (!hdev_is_powered(hdev))
bdb6d971 4044 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
04124681 4045 MGMT_STATUS_NOT_POWERED);
5400c044
JH		 4046
4047 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
bdb6d971 4048 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
04124681 4049 MGMT_STATUS_REJECTED);
f6422ec6
AJ		 4050
4051 hci_dev_lock(hdev);
4052
05cbf29f
JH		 4053 if (mgmt_pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev)) {
4054 err = cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4055 MGMT_STATUS_BUSY);
4056 goto unlock;
4057 }
4058
1a4d3c4b
JH		 4059 if (!!cp->val == test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags)) {
4060 err = send_settings_rsp(sk, MGMT_OP_SET_FAST_CONNECTABLE,
4061 hdev);
4062 goto unlock;
4063 }
4064
33e38b3e
JH		 4065 cmd = mgmt_pending_add(sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev,
4066 data, len);
4067 if (!cmd) {
4068 err = -ENOMEM;
4069 goto unlock;
f6422ec6
AJ		 4070 }
4071
33e38b3e
JH		 4072 hci_req_init(&req, hdev);
4073
406d7804 4074 write_fast_connectable(&req, cp->val);
33e38b3e
JH		 4075
4076 err = hci_req_run(&req, fast_connectable_complete);
f6422ec6 4077 if (err < 0) {
bdb6d971 4078 err = cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
04124681 4079 MGMT_STATUS_FAILED);
33e38b3e 4080 mgmt_pending_remove(cmd);
f6422ec6
AJ		 4081 }
4082
33e38b3e 4083unlock:
f6422ec6 4084 hci_dev_unlock(hdev);
33e38b3e 4085
f6422ec6
AJ		 4086 return err;
4087}
4088
67e5a7a3
JH		 4089static void set_bredr_scan(struct hci_request *req)
4090{
4091 struct hci_dev *hdev = req->hdev;
4092 u8 scan = 0;
4093
4094 /* Ensure that fast connectable is disabled. This function will
4095 * not do anything if the page scan parameters are already what
4096 * they should be.
4097 */
4098 write_fast_connectable(req, false);
4099
4100 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
4101 scan |= SCAN_PAGE;
4102 if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
4103 scan |= SCAN_INQUIRY;
4104
4105 if (scan)
4106 hci_req_add(req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
4107}
4108
0663ca2a
JH		 4109static void set_bredr_complete(struct hci_dev *hdev, u8 status)
4110{
4111 struct pending_cmd *cmd;
4112
4113 BT_DBG("status 0x%02x", status);
4114
4115 hci_dev_lock(hdev);
4116
4117 cmd = mgmt_pending_find(MGMT_OP_SET_BREDR, hdev);
4118 if (!cmd)
4119 goto unlock;
4120
4121 if (status) {
4122 u8 mgmt_err = mgmt_status(status);
4123
4124 /* We need to restore the flag if related HCI commands
4125 * failed.
4126 */
4127 clear_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
4128
4129 cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
4130 } else {
4131 send_settings_rsp(cmd->sk, MGMT_OP_SET_BREDR, hdev);
4132 new_settings(hdev, cmd->sk);
4133 }
4134
4135 mgmt_pending_remove(cmd);
4136
4137unlock:
4138 hci_dev_unlock(hdev);
4139}
4140
4141static int set_bredr(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
4142{
4143 struct mgmt_mode *cp = data;
4144 struct pending_cmd *cmd;
4145 struct hci_request req;
4146 int err;
4147
4148 BT_DBG("request for %s", hdev->name);
4149
4150 if (!lmp_bredr_capable(hdev) || !lmp_le_capable(hdev))
4151 return cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4152 MGMT_STATUS_NOT_SUPPORTED);
4153
4154 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
4155 return cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4156 MGMT_STATUS_REJECTED);
4157
4158 if (cp->val != 0x00 && cp->val != 0x01)
4159 return cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4160 MGMT_STATUS_INVALID_PARAMS);
4161
4162 hci_dev_lock(hdev);
4163
4164 if (cp->val == test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
4165 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
4166 goto unlock;
4167 }
4168
4169 if (!hdev_is_powered(hdev)) {
4170 if (!cp->val) {
0663ca2a
JH		 4171 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
4172 clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
4173 clear_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
4174 clear_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
4175 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
4176 }
4177
4178 change_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
4179
4180 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
4181 if (err < 0)
4182 goto unlock;
4183
4184 err = new_settings(hdev, sk);
4185 goto unlock;
4186 }
4187
4188 /* Reject disabling when powered on */
4189 if (!cp->val) {
4190 err = cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4191 MGMT_STATUS_REJECTED);
4192 goto unlock;
4193 }
4194
4195 if (mgmt_pending_find(MGMT_OP_SET_BREDR, hdev)) {
4196 err = cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4197 MGMT_STATUS_BUSY);
4198 goto unlock;
4199 }
4200
4201 cmd = mgmt_pending_add(sk, MGMT_OP_SET_BREDR, hdev, data, len);
4202 if (!cmd) {
4203 err = -ENOMEM;
4204 goto unlock;
4205 }
4206
5947f4bc 4207 /* We need to flip the bit already here so that update_adv_data
0663ca2a
JH		 4208 * generates the correct flags.
4209 */
4210 set_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
4211
4212 hci_req_init(&req, hdev);
aa8af46e
JH		 4213
4214 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
4215 set_bredr_scan(&req);
4216
f14d8f64
MH		 4217 /* Since only the advertising data flags will change, there
4218 * is no need to update the scan response data.
4219 */
5947f4bc 4220 update_adv_data(&req);
aa8af46e 4221
0663ca2a
JH		 4222 err = hci_req_run(&req, set_bredr_complete);
4223 if (err < 0)
4224 mgmt_pending_remove(cmd);
4225
4226unlock:
4227 hci_dev_unlock(hdev);
4228 return err;
4229}
4230
eac83dc6
MH		 4231static int set_secure_conn(struct sock *sk, struct hci_dev *hdev,
4232 void *data, u16 len)
4233{
4234 struct mgmt_mode *cp = data;
4235 struct pending_cmd *cmd;
0ab04a9c 4236 u8 val, status;
eac83dc6
MH		 4237 int err;
4238
4239 BT_DBG("request for %s", hdev->name);
4240
4241 status = mgmt_bredr_support(hdev);
4242 if (status)
4243 return cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4244 status);
4245
5afeac14
MH		 4246 if (!lmp_sc_capable(hdev) &&
4247 !test_bit(HCI_FORCE_SC, &hdev->dev_flags))
eac83dc6
MH		 4248 return cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4249 MGMT_STATUS_NOT_SUPPORTED);
4250
0ab04a9c 4251 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
eac83dc6
MH		 4252 return cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4253 MGMT_STATUS_INVALID_PARAMS);
4254
4255 hci_dev_lock(hdev);
4256
4257 if (!hdev_is_powered(hdev)) {
4258 bool changed;
4259
0ab04a9c 4260 if (cp->val) {
eac83dc6
MH		 4261 changed = !test_and_set_bit(HCI_SC_ENABLED,
4262 &hdev->dev_flags);
0ab04a9c
MH		 4263 if (cp->val == 0x02)
4264 set_bit(HCI_SC_ONLY, &hdev->dev_flags);
4265 else
4266 clear_bit(HCI_SC_ONLY, &hdev->dev_flags);
4267 } else {
eac83dc6
MH		 4268 changed = test_and_clear_bit(HCI_SC_ENABLED,
4269 &hdev->dev_flags);
0ab04a9c
MH		 4270 clear_bit(HCI_SC_ONLY, &hdev->dev_flags);
4271 }
eac83dc6
MH		 4272
4273 err = send_settings_rsp(sk, MGMT_OP_SET_SECURE_CONN, hdev);
4274 if (err < 0)
4275 goto failed;
4276
4277 if (changed)
4278 err = new_settings(hdev, sk);
4279
4280 goto failed;
4281 }
4282
4283 if (mgmt_pending_find(MGMT_OP_SET_SECURE_CONN, hdev)) {
4284 err = cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4285 MGMT_STATUS_BUSY);
4286 goto failed;
4287 }
4288
0ab04a9c
MH		 4289 val = !!cp->val;
4290
4291 if (val == test_bit(HCI_SC_ENABLED, &hdev->dev_flags) &&
4292 (cp->val == 0x02) == test_bit(HCI_SC_ONLY, &hdev->dev_flags)) {
eac83dc6
MH		 4293 err = send_settings_rsp(sk, MGMT_OP_SET_SECURE_CONN, hdev);
4294 goto failed;
4295 }
4296
4297 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SECURE_CONN, hdev, data, len);
4298 if (!cmd) {
4299 err = -ENOMEM;
4300 goto failed;
4301 }
4302
0ab04a9c 4303 err = hci_send_cmd(hdev, HCI_OP_WRITE_SC_SUPPORT, 1, &val);
eac83dc6
MH		 4304 if (err < 0) {
4305 mgmt_pending_remove(cmd);
4306 goto failed;
4307 }
4308
0ab04a9c
MH		 4309 if (cp->val == 0x02)
4310 set_bit(HCI_SC_ONLY, &hdev->dev_flags);
4311 else
4312 clear_bit(HCI_SC_ONLY, &hdev->dev_flags);
4313
eac83dc6
MH		 4314failed:
4315 hci_dev_unlock(hdev);
4316 return err;
4317}
4318
4e39ac81
MH		 4319static int set_debug_keys(struct sock *sk, struct hci_dev *hdev,
4320 void *data, u16 len)
4321{
4322 struct mgmt_mode *cp = data;
4323 bool changed;
4324 int err;
4325
4326 BT_DBG("request for %s", hdev->name);
4327
4328 if (cp->val != 0x00 && cp->val != 0x01)
4329 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEBUG_KEYS,
4330 MGMT_STATUS_INVALID_PARAMS);
4331
4332 hci_dev_lock(hdev);
4333
4334 if (cp->val)
4335 changed = !test_and_set_bit(HCI_DEBUG_KEYS, &hdev->dev_flags);
4336 else
4337 changed = test_and_clear_bit(HCI_DEBUG_KEYS, &hdev->dev_flags);
4338
4339 err = send_settings_rsp(sk, MGMT_OP_SET_DEBUG_KEYS, hdev);
4340 if (err < 0)
4341 goto unlock;
4342
4343 if (changed)
4344 err = new_settings(hdev, sk);
4345
4346unlock:
4347 hci_dev_unlock(hdev);
4348 return err;
4349}
4350
62b04cd1
JH		 4351static int set_privacy(struct sock *sk, struct hci_dev *hdev, void *cp_data,
4352 u16 len)
4353{
4354 struct mgmt_cp_set_privacy *cp = cp_data;
4355 bool changed;
4356 int err;
4357
4358 BT_DBG("request for %s", hdev->name);
4359
4360 if (!lmp_le_capable(hdev))
4361 return cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
4362 MGMT_STATUS_NOT_SUPPORTED);
4363
4364 if (cp->privacy != 0x00 && cp->privacy != 0x01)
4365 return cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
4366 MGMT_STATUS_INVALID_PARAMS);
4367
4368 if (hdev_is_powered(hdev))
4369 return cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
4370 MGMT_STATUS_REJECTED);
4371
4372 hci_dev_lock(hdev);
4373
c21c0ea0
JH		 4374 /* If user space supports this command it is also expected to
4375 * handle IRKs. Therefore, set the HCI_RPA_RESOLVING flag.
4376 */
4377 set_bit(HCI_RPA_RESOLVING, &hdev->dev_flags);
4378
62b04cd1
JH		 4379 if (cp->privacy) {
4380 changed = !test_and_set_bit(HCI_PRIVACY, &hdev->dev_flags);
4381 memcpy(hdev->irk, cp->irk, sizeof(hdev->irk));
4382 set_bit(HCI_RPA_EXPIRED, &hdev->dev_flags);
4383 } else {
4384 changed = test_and_clear_bit(HCI_PRIVACY, &hdev->dev_flags);
4385 memset(hdev->irk, 0, sizeof(hdev->irk));
4386 clear_bit(HCI_RPA_EXPIRED, &hdev->dev_flags);
4387 }
4388
4389 err = send_settings_rsp(sk, MGMT_OP_SET_PRIVACY, hdev);
4390 if (err < 0)
4391 goto unlock;
4392
4393 if (changed)
4394 err = new_settings(hdev, sk);
4395
4396unlock:
4397 hci_dev_unlock(hdev);
4398 return err;
4399}
4400
41edf160
JH		 4401static bool irk_is_valid(struct mgmt_irk_info *irk)
4402{
4403 switch (irk->addr.type) {
4404 case BDADDR_LE_PUBLIC:
4405 return true;
4406
4407 case BDADDR_LE_RANDOM:
4408 /* Two most significant bits shall be set */
4409 if ((irk->addr.bdaddr.b[5] & 0xc0) != 0xc0)
4410 return false;
4411 return true;
4412 }
4413
4414 return false;
4415}
4416
4417static int load_irks(struct sock *sk, struct hci_dev *hdev, void *cp_data,
4418 u16 len)
4419{
4420 struct mgmt_cp_load_irks *cp = cp_data;
4421 u16 irk_count, expected_len;
4422 int i, err;
4423
4424 BT_DBG("request for %s", hdev->name);
4425
4426 if (!lmp_le_capable(hdev))
4427 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
4428 MGMT_STATUS_NOT_SUPPORTED);
4429
4430 irk_count = __le16_to_cpu(cp->irk_count);
4431
4432 expected_len = sizeof(*cp) + irk_count * sizeof(struct mgmt_irk_info);
4433 if (expected_len != len) {
4434 BT_ERR("load_irks: expected %u bytes, got %u bytes",
2606ecbc 4435 expected_len, len);
41edf160
JH		 4436 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
4437 MGMT_STATUS_INVALID_PARAMS);
4438 }
4439
4440 BT_DBG("%s irk_count %u", hdev->name, irk_count);
4441
4442 for (i = 0; i < irk_count; i++) {
4443 struct mgmt_irk_info *key = &cp->irks[i];
4444
4445 if (!irk_is_valid(key))
4446 return cmd_status(sk, hdev->id,
4447 MGMT_OP_LOAD_IRKS,
4448 MGMT_STATUS_INVALID_PARAMS);
4449 }
4450
4451 hci_dev_lock(hdev);
4452
4453 hci_smp_irks_clear(hdev);
4454
4455 for (i = 0; i < irk_count; i++) {
4456 struct mgmt_irk_info *irk = &cp->irks[i];
4457 u8 addr_type;
4458
4459 if (irk->addr.type == BDADDR_LE_PUBLIC)
4460 addr_type = ADDR_LE_DEV_PUBLIC;
4461 else
4462 addr_type = ADDR_LE_DEV_RANDOM;
4463
4464 hci_add_irk(hdev, &irk->addr.bdaddr, addr_type, irk->val,
4465 BDADDR_ANY);
4466 }
4467
4468 set_bit(HCI_RPA_RESOLVING, &hdev->dev_flags);
4469
4470 err = cmd_complete(sk, hdev->id, MGMT_OP_LOAD_IRKS, 0, NULL, 0);
4471
4472 hci_dev_unlock(hdev);
4473
4474 return err;
4475}
4476
3f706b72
JH		 4477static bool ltk_is_valid(struct mgmt_ltk_info *key)
4478{
4479 if (key->master != 0x00 && key->master != 0x01)
4480 return false;
490cb0b3
MH		 4481
4482 switch (key->addr.type) {
4483 case BDADDR_LE_PUBLIC:
4484 return true;
4485
4486 case BDADDR_LE_RANDOM:
4487 /* Two most significant bits shall be set */
4488 if ((key->addr.bdaddr.b[5] & 0xc0) != 0xc0)
4489 return false;
4490 return true;
4491 }
4492
4493 return false;
3f706b72
JH		 4494}
4495
bdb6d971 4496static int load_long_term_keys(struct sock *sk, struct hci_dev *hdev,
04124681 4497 void *cp_data, u16 len)
346af67b 4498{
346af67b
VCG		 4499 struct mgmt_cp_load_long_term_keys *cp = cp_data;
4500 u16 key_count, expected_len;
715a5bf2 4501 int i, err;
346af67b 4502
cf99ba13
MH		 4503 BT_DBG("request for %s", hdev->name);
4504
4505 if (!lmp_le_capable(hdev))
4506 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
4507 MGMT_STATUS_NOT_SUPPORTED);
4508
1f350c87 4509 key_count = __le16_to_cpu(cp->key_count);
346af67b
VCG		 4510
4511 expected_len = sizeof(*cp) + key_count *
4512 sizeof(struct mgmt_ltk_info);
4513 if (expected_len != len) {
4514 BT_ERR("load_keys: expected %u bytes, got %u bytes",
2606ecbc 4515 expected_len, len);
bdb6d971 4516 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
e57e619f 4517 MGMT_STATUS_INVALID_PARAMS);
346af67b
VCG		 4518 }
4519
bdb6d971 4520 BT_DBG("%s key_count %u", hdev->name, key_count);
346af67b 4521
54ad6d8a
JH		 4522 for (i = 0; i < key_count; i++) {
4523 struct mgmt_ltk_info *key = &cp->keys[i];
4524
3f706b72 4525 if (!ltk_is_valid(key))
54ad6d8a
JH		 4526 return cmd_status(sk, hdev->id,
4527 MGMT_OP_LOAD_LONG_TERM_KEYS,
4528 MGMT_STATUS_INVALID_PARAMS);
4529 }
4530
346af67b
VCG		 4531 hci_dev_lock(hdev);
4532
4533 hci_smp_ltks_clear(hdev);
4534
4535 for (i = 0; i < key_count; i++) {
4536 struct mgmt_ltk_info *key = &cp->keys[i];
d7b25450 4537 u8 type, addr_type, authenticated;
79d95a19
MH		 4538
4539 if (key->addr.type == BDADDR_LE_PUBLIC)
4540 addr_type = ADDR_LE_DEV_PUBLIC;
4541 else
4542 addr_type = ADDR_LE_DEV_RANDOM;
346af67b
VCG		 4543
4544 if (key->master)
4545 type = HCI_SMP_LTK;
4546 else
4547 type = HCI_SMP_LTK_SLAVE;
4548
d7b25450
JH		 4549 if (key->type == MGMT_LTK_UNAUTHENTICATED)
4550 authenticated = 0x00;
4551 else
4552 authenticated = 0x01;
4553
35d70271 4554 hci_add_ltk(hdev, &key->addr.bdaddr, addr_type, type,
d7b25450 4555 authenticated, key->val, key->enc_size, key->ediv,
35d70271 4556 key->rand);
346af67b
VCG		 4557 }
4558
715a5bf2
JH		 4559 err = cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS, 0,
4560 NULL, 0);
4561
346af67b 4562 hci_dev_unlock(hdev);
346af67b 4563
715a5bf2 4564 return err;
346af67b
VCG		 4565}
4566
dd983808
AK		 4567struct cmd_conn_lookup {
4568 struct hci_conn *conn;
4569 bool valid_tx_power;
4570 u8 mgmt_status;
4571};
4572
4573static void get_conn_info_complete(struct pending_cmd *cmd, void *data)
4574{
4575 struct cmd_conn_lookup *match = data;
4576 struct mgmt_cp_get_conn_info *cp;
4577 struct mgmt_rp_get_conn_info rp;
4578 struct hci_conn *conn = cmd->user_data;
4579
4580 if (conn != match->conn)
4581 return;
4582
4583 cp = (struct mgmt_cp_get_conn_info *) cmd->param;
4584
4585 memset(&rp, 0, sizeof(rp));
4586 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
4587 rp.addr.type = cp->addr.type;
4588
4589 if (!match->mgmt_status) {
4590 rp.rssi = conn->rssi;
4591
eed5daf3 4592 if (match->valid_tx_power) {
dd983808 4593 rp.tx_power = conn->tx_power;
eed5daf3
AK		 4594 rp.max_tx_power = conn->max_tx_power;
4595 } else {
dd983808 4596 rp.tx_power = HCI_TX_POWER_INVALID;
eed5daf3
AK		 4597 rp.max_tx_power = HCI_TX_POWER_INVALID;
4598 }
dd983808
AK		 4599 }
4600
4601 cmd_complete(cmd->sk, cmd->index, MGMT_OP_GET_CONN_INFO,
4602 match->mgmt_status, &rp, sizeof(rp));
4603
4604 hci_conn_drop(conn);
4605
4606 mgmt_pending_remove(cmd);
4607}
4608
4609static void conn_info_refresh_complete(struct hci_dev *hdev, u8 status)
4610{
4611 struct hci_cp_read_rssi *cp;
4612 struct hci_conn *conn;
4613 struct cmd_conn_lookup match;
4614 u16 handle;
4615
4616 BT_DBG("status 0x%02x", status);
4617
4618 hci_dev_lock(hdev);
4619
4620 /* TX power data is valid in case request completed successfully,
eed5daf3
AK		 4621 * otherwise we assume it's not valid. At the moment we assume that
4622 * either both or none of current and max values are valid to keep code
4623 * simple.
dd983808
AK		 4624 */
4625 match.valid_tx_power = !status;
4626
4627 /* Commands sent in request are either Read RSSI or Read Transmit Power
4628 * Level so we check which one was last sent to retrieve connection
4629 * handle. Both commands have handle as first parameter so it's safe to
4630 * cast data on the same command struct.
4631 *
4632 * First command sent is always Read RSSI and we fail only if it fails.
4633 * In other case we simply override error to indicate success as we
4634 * already remembered if TX power value is actually valid.
4635 */
4636 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_RSSI);
4637 if (!cp) {
4638 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_TX_POWER);
4639 status = 0;
4640 }
4641
4642 if (!cp) {
4643 BT_ERR("invalid sent_cmd in response");
4644 goto unlock;
4645 }
4646
4647 handle = __le16_to_cpu(cp->handle);
4648 conn = hci_conn_hash_lookup_handle(hdev, handle);
4649 if (!conn) {
4650 BT_ERR("unknown handle (%d) in response", handle);
4651 goto unlock;
4652 }
4653
4654 match.conn = conn;
4655 match.mgmt_status = mgmt_status(status);
4656
4657 /* Cache refresh is complete, now reply for mgmt request for given
4658 * connection only.
4659 */
4660 mgmt_pending_foreach(MGMT_OP_GET_CONN_INFO, hdev,
4661 get_conn_info_complete, &match);
4662
4663unlock:
4664 hci_dev_unlock(hdev);
4665}
4666
4667static int get_conn_info(struct sock *sk, struct hci_dev *hdev, void *data,
4668 u16 len)
4669{
4670 struct mgmt_cp_get_conn_info *cp = data;
4671 struct mgmt_rp_get_conn_info rp;
4672 struct hci_conn *conn;
4673 unsigned long conn_info_age;
4674 int err = 0;
4675
4676 BT_DBG("%s", hdev->name);
4677
4678 memset(&rp, 0, sizeof(rp));
4679 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
4680 rp.addr.type = cp->addr.type;
4681
4682 if (!bdaddr_type_is_valid(cp->addr.type))
4683 return cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
4684 MGMT_STATUS_INVALID_PARAMS,
4685 &rp, sizeof(rp));
4686
4687 hci_dev_lock(hdev);
4688
4689 if (!hdev_is_powered(hdev)) {
4690 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
4691 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
4692 goto unlock;
4693 }
4694
4695 if (cp->addr.type == BDADDR_BREDR)
4696 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
4697 &cp->addr.bdaddr);
4698 else
4699 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
4700
4701 if (!conn || conn->state != BT_CONNECTED) {
4702 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
4703 MGMT_STATUS_NOT_CONNECTED, &rp, sizeof(rp));
4704 goto unlock;
4705 }
4706
4707 /* To avoid client trying to guess when to poll again for information we
4708 * calculate conn info age as random value between min/max set in hdev.
4709 */
4710 conn_info_age = hdev->conn_info_min_age +
4711 prandom_u32_max(hdev->conn_info_max_age -
4712 hdev->conn_info_min_age);
4713
4714 /* Query controller to refresh cached values if they are too old or were
4715 * never read.
4716 */
f4e2dd53
AK		 4717 if (time_after(jiffies, conn->conn_info_timestamp +
4718 msecs_to_jiffies(conn_info_age)) ||
dd983808
AK		 4719 !conn->conn_info_timestamp) {
4720 struct hci_request req;
4721 struct hci_cp_read_tx_power req_txp_cp;
4722 struct hci_cp_read_rssi req_rssi_cp;
4723 struct pending_cmd *cmd;
4724
4725 hci_req_init(&req, hdev);
4726 req_rssi_cp.handle = cpu_to_le16(conn->handle);
4727 hci_req_add(&req, HCI_OP_READ_RSSI, sizeof(req_rssi_cp),
4728 &req_rssi_cp);
4729
f7faab0c
AK		 4730 /* For LE links TX power does not change thus we don't need to
4731 * query for it once value is known.
4732 */
4733 if (!bdaddr_type_is_le(cp->addr.type) ||
4734 conn->tx_power == HCI_TX_POWER_INVALID) {
4735 req_txp_cp.handle = cpu_to_le16(conn->handle);
4736 req_txp_cp.type = 0x00;
4737 hci_req_add(&req, HCI_OP_READ_TX_POWER,
4738 sizeof(req_txp_cp), &req_txp_cp);
4739 }
dd983808 4740
eed5daf3
AK		 4741 /* Max TX power needs to be read only once per connection */
4742 if (conn->max_tx_power == HCI_TX_POWER_INVALID) {
4743 req_txp_cp.handle = cpu_to_le16(conn->handle);
4744 req_txp_cp.type = 0x01;
4745 hci_req_add(&req, HCI_OP_READ_TX_POWER,
4746 sizeof(req_txp_cp), &req_txp_cp);
4747 }
4748
dd983808
AK		 4749 err = hci_req_run(&req, conn_info_refresh_complete);
4750 if (err < 0)
4751 goto unlock;
4752
4753 cmd = mgmt_pending_add(sk, MGMT_OP_GET_CONN_INFO, hdev,
4754 data, len);
4755 if (!cmd) {
4756 err = -ENOMEM;
4757 goto unlock;
4758 }
4759
4760 hci_conn_hold(conn);
4761 cmd->user_data = conn;
4762
4763 conn->conn_info_timestamp = jiffies;
4764 } else {
4765 /* Cache is valid, just reply with values cached in hci_conn */
4766 rp.rssi = conn->rssi;
4767 rp.tx_power = conn->tx_power;
eed5daf3 4768 rp.max_tx_power = conn->max_tx_power;
dd983808
AK		 4769
4770 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
4771 MGMT_STATUS_SUCCESS, &rp, sizeof(rp));
4772 }
4773
4774unlock:
4775 hci_dev_unlock(hdev);
4776 return err;
4777}
4778
2e3c35ea 4779static const struct mgmt_handler {
04124681
GP		 4780 int (*func) (struct sock *sk, struct hci_dev *hdev, void *data,
4781 u16 data_len);
be22b54e
JH		 4782 bool var_len;
4783 size_t data_len;
0f4e68cf
JH		 4784} mgmt_handlers[] = {
4785 { NULL }, /* 0x0000 (no command) */
be22b54e
JH		 4786 { read_version, false, MGMT_READ_VERSION_SIZE },
4787 { read_commands, false, MGMT_READ_COMMANDS_SIZE },
4788 { read_index_list, false, MGMT_READ_INDEX_LIST_SIZE },
4789 { read_controller_info, false, MGMT_READ_INFO_SIZE },
4790 { set_powered, false, MGMT_SETTING_SIZE },
4791 { set_discoverable, false, MGMT_SET_DISCOVERABLE_SIZE },
4792 { set_connectable, false, MGMT_SETTING_SIZE },
4793 { set_fast_connectable, false, MGMT_SETTING_SIZE },
4794 { set_pairable, false, MGMT_SETTING_SIZE },
4795 { set_link_security, false, MGMT_SETTING_SIZE },
4796 { set_ssp, false, MGMT_SETTING_SIZE },
4797 { set_hs, false, MGMT_SETTING_SIZE },
4798 { set_le, false, MGMT_SETTING_SIZE },
4799 { set_dev_class, false, MGMT_SET_DEV_CLASS_SIZE },
4800 { set_local_name, false, MGMT_SET_LOCAL_NAME_SIZE },
4801 { add_uuid, false, MGMT_ADD_UUID_SIZE },
4802 { remove_uuid, false, MGMT_REMOVE_UUID_SIZE },
4803 { load_link_keys, true, MGMT_LOAD_LINK_KEYS_SIZE },
4804 { load_long_term_keys, true, MGMT_LOAD_LONG_TERM_KEYS_SIZE },
4805 { disconnect, false, MGMT_DISCONNECT_SIZE },
4806 { get_connections, false, MGMT_GET_CONNECTIONS_SIZE },
4807 { pin_code_reply, false, MGMT_PIN_CODE_REPLY_SIZE },
4808 { pin_code_neg_reply, false, MGMT_PIN_CODE_NEG_REPLY_SIZE },
4809 { set_io_capability, false, MGMT_SET_IO_CAPABILITY_SIZE },
4810 { pair_device, false, MGMT_PAIR_DEVICE_SIZE },
4811 { cancel_pair_device, false, MGMT_CANCEL_PAIR_DEVICE_SIZE },
4812 { unpair_device, false, MGMT_UNPAIR_DEVICE_SIZE },
4813 { user_confirm_reply, false, MGMT_USER_CONFIRM_REPLY_SIZE },
4814 { user_confirm_neg_reply, false, MGMT_USER_CONFIRM_NEG_REPLY_SIZE },
4815 { user_passkey_reply, false, MGMT_USER_PASSKEY_REPLY_SIZE },
4816 { user_passkey_neg_reply, false, MGMT_USER_PASSKEY_NEG_REPLY_SIZE },
4817 { read_local_oob_data, false, MGMT_READ_LOCAL_OOB_DATA_SIZE },
ec109113 4818 { add_remote_oob_data, true, MGMT_ADD_REMOTE_OOB_DATA_SIZE },
be22b54e
JH		 4819 { remove_remote_oob_data, false, MGMT_REMOVE_REMOTE_OOB_DATA_SIZE },
4820 { start_discovery, false, MGMT_START_DISCOVERY_SIZE },
4821 { stop_discovery, false, MGMT_STOP_DISCOVERY_SIZE },
4822 { confirm_name, false, MGMT_CONFIRM_NAME_SIZE },
4823 { block_device, false, MGMT_BLOCK_DEVICE_SIZE },
4824 { unblock_device, false, MGMT_UNBLOCK_DEVICE_SIZE },
cdbaccca 4825 { set_device_id, false, MGMT_SET_DEVICE_ID_SIZE },
4375f103 4826 { set_advertising, false, MGMT_SETTING_SIZE },
0663ca2a 4827 { set_bredr, false, MGMT_SETTING_SIZE },
d13eafce 4828 { set_static_address, false, MGMT_SET_STATIC_ADDRESS_SIZE },
14b49b9a 4829 { set_scan_params, false, MGMT_SET_SCAN_PARAMS_SIZE },
eac83dc6 4830 { set_secure_conn, false, MGMT_SETTING_SIZE },
4e39ac81 4831 { set_debug_keys, false, MGMT_SETTING_SIZE },
62b04cd1 4832 { set_privacy, false, MGMT_SET_PRIVACY_SIZE },
41edf160 4833 { load_irks, true, MGMT_LOAD_IRKS_SIZE },
dd983808 4834 { get_conn_info, false, MGMT_GET_CONN_INFO_SIZE },
0f4e68cf
JH		 4835};
4836
4837
0381101f
JH		 4838int mgmt_control(struct sock *sk, struct msghdr *msg, size_t msglen)
4839{
650f726d
VCG		 4840 void *buf;
4841 u8 *cp;
0381101f 4842 struct mgmt_hdr *hdr;
4e51eae9 4843 u16 opcode, index, len;
bdb6d971 4844 struct hci_dev *hdev = NULL;
2e3c35ea 4845 const struct mgmt_handler *handler;
0381101f
JH		 4846 int err;
4847
4848 BT_DBG("got %zu bytes", msglen);
4849
4850 if (msglen < sizeof(*hdr))
4851 return -EINVAL;
4852
e63a15ec 4853 buf = kmalloc(msglen, GFP_KERNEL);
0381101f
JH		 4854 if (!buf)
4855 return -ENOMEM;
4856
4857 if (memcpy_fromiovec(buf, msg->msg_iov, msglen)) {
4858 err = -EFAULT;
4859 goto done;
4860 }
4861
650f726d 4862 hdr = buf;
1f350c87
MH		 4863 opcode = __le16_to_cpu(hdr->opcode);
4864 index = __le16_to_cpu(hdr->index);
4865 len = __le16_to_cpu(hdr->len);
0381101f
JH		 4866
4867 if (len != msglen - sizeof(*hdr)) {
4868 err = -EINVAL;
4869 goto done;
4870 }
4871
0f4e68cf 4872 if (index != MGMT_INDEX_NONE) {
bdb6d971
JH		 4873 hdev = hci_dev_get(index);
4874 if (!hdev) {
4875 err = cmd_status(sk, index, opcode,
04124681 4876 MGMT_STATUS_INVALID_INDEX);
bdb6d971
JH		 4877 goto done;
4878 }
0736cfa8 4879
cebf4cfd
JH		 4880 if (test_bit(HCI_SETUP, &hdev->dev_flags) ||
4881 test_bit(HCI_USER_CHANNEL, &hdev->dev_flags)) {
0736cfa8
MH		 4882 err = cmd_status(sk, index, opcode,
4883 MGMT_STATUS_INVALID_INDEX);
4884 goto done;
4885 }
bdb6d971
JH		 4886 }
4887
0f4e68cf 4888 if (opcode >= ARRAY_SIZE(mgmt_handlers) ||
8ce8e2b5 4889 mgmt_handlers[opcode].func == NULL) {
0381101f 4890 BT_DBG("Unknown op %u", opcode);
ca69b795 4891 err = cmd_status(sk, index, opcode,
04124681 4892 MGMT_STATUS_UNKNOWN_COMMAND);
0f4e68cf
JH		 4893 goto done;
4894 }
4895
4896 if ((hdev && opcode < MGMT_OP_READ_INFO) ||
8ce8e2b5 4897 (!hdev && opcode >= MGMT_OP_READ_INFO)) {
0f4e68cf 4898 err = cmd_status(sk, index, opcode,
04124681 4899 MGMT_STATUS_INVALID_INDEX);
0f4e68cf 4900 goto done;
0381101f
JH		 4901 }
4902
be22b54e
JH		 4903 handler = &mgmt_handlers[opcode];
4904
4905 if ((handler->var_len && len < handler->data_len) ||
8ce8e2b5 4906 (!handler->var_len && len != handler->data_len)) {
be22b54e 4907 err = cmd_status(sk, index, opcode,
04124681 4908 MGMT_STATUS_INVALID_PARAMS);
be22b54e
JH		 4909 goto done;
4910 }
4911
0f4e68cf
JH		 4912 if (hdev)
4913 mgmt_init_hdev(sk, hdev);
4914
4915 cp = buf + sizeof(*hdr);
4916
be22b54e 4917 err = handler->func(sk, hdev, cp, len);
e41d8b4e
JH		 4918 if (err < 0)
4919 goto done;
4920
0381101f
JH		 4921 err = msglen;
4922
4923done:
bdb6d971
JH		 4924 if (hdev)
4925 hci_dev_put(hdev);
4926
0381101f
JH		 4927 kfree(buf);
4928 return err;
4929}
c71e97bf 4930
bf6b56db 4931void mgmt_index_added(struct hci_dev *hdev)
c71e97bf 4932{
1514b892 4933 if (hdev->dev_type != HCI_BREDR)
bf6b56db 4934 return;
bb4b2a9a 4935
bf6b56db 4936 mgmt_event(MGMT_EV_INDEX_ADDED, hdev, NULL, 0, NULL);
c71e97bf
JH		 4937}
4938
bf6b56db 4939void mgmt_index_removed(struct hci_dev *hdev)
c71e97bf 4940{
5f159032 4941 u8 status = MGMT_STATUS_INVALID_INDEX;
b24752fe 4942
1514b892 4943 if (hdev->dev_type != HCI_BREDR)
bf6b56db 4944 return;
bb4b2a9a 4945
744cf19e 4946 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status);
b24752fe 4947
bf6b56db 4948 mgmt_event(MGMT_EV_INDEX_REMOVED, hdev, NULL, 0, NULL);
eec8d2bc
JH		 4949}
4950
6046dc3e
AG		 4951/* This function requires the caller holds hdev->lock */
4952static void restart_le_auto_conns(struct hci_dev *hdev)
4953{
4954 struct hci_conn_params *p;
4955
4956 list_for_each_entry(p, &hdev->le_conn_params, list) {
4957 if (p->auto_connect == HCI_AUTO_CONN_ALWAYS)
4958 hci_pend_le_conn_add(hdev, &p->addr, p->addr_type);
4959 }
4960}
4961
229ab39c
JH		 4962static void powered_complete(struct hci_dev *hdev, u8 status)
4963{
4964 struct cmd_lookup match = { NULL, hdev };
4965
4966 BT_DBG("status 0x%02x", status);
4967
4968 hci_dev_lock(hdev);
4969
6046dc3e
AG		 4970 restart_le_auto_conns(hdev);
4971
229ab39c
JH		 4972 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
4973
4974 new_settings(hdev, match.sk);
4975
4976 hci_dev_unlock(hdev);
4977
4978 if (match.sk)
4979 sock_put(match.sk);
4980}
4981
70da6243 4982static int powered_update_hci(struct hci_dev *hdev)
5add6af8 4983{
890ea898 4984 struct hci_request req;
70da6243 4985 u8 link_sec;
5add6af8 4986
890ea898
JH		 4987 hci_req_init(&req, hdev);
4988
70da6243
JH		 4989 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags) &&
4990 !lmp_host_ssp_capable(hdev)) {
4991 u8 ssp = 1;
5e5282bb 4992
890ea898 4993 hci_req_add(&req, HCI_OP_WRITE_SSP_MODE, 1, &ssp);
70da6243 4994 }
5add6af8 4995
c73eee91
JH		 4996 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags) &&
4997 lmp_bredr_capable(hdev)) {
70da6243 4998 struct hci_cp_write_le_host_supported cp;
f0ff92fb 4999
70da6243
JH		 5000 cp.le = 1;
5001 cp.simul = lmp_le_br_capable(hdev);
3d1cbdd6 5002
70da6243
JH		 5003 /* Check first if we already have the right
5004 * host state (host features set)
5005 */
5006 if (cp.le != lmp_host_le_capable(hdev) ||
5007 cp.simul != lmp_host_le_br_capable(hdev))
890ea898
JH		 5008 hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED,
5009 sizeof(cp), &cp);
70da6243 5010 }
3d1cbdd6 5011
d13eafce 5012 if (lmp_le_capable(hdev)) {
441ad2d0
MH		 5013 /* Make sure the controller has a good default for
5014 * advertising data. This also applies to the case
5015 * where BR/EDR was toggled during the AUTO_OFF phase.
5016 */
f14d8f64 5017 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
5947f4bc 5018 update_adv_data(&req);
f14d8f64
MH		 5019 update_scan_rsp_data(&req);
5020 }
441ad2d0 5021
bba3aa55
MH		 5022 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags))
5023 enable_advertising(&req);
eeca6f89
JH		 5024 }
5025
70da6243
JH		 5026 link_sec = test_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
5027 if (link_sec != test_bit(HCI_AUTH, &hdev->flags))
890ea898
JH		 5028 hci_req_add(&req, HCI_OP_WRITE_AUTH_ENABLE,
5029 sizeof(link_sec), &link_sec);
562fcc24 5030
70da6243 5031 if (lmp_bredr_capable(hdev)) {
56f87901
JH		 5032 if (test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
5033 set_bredr_scan(&req);
890ea898 5034 update_class(&req);
13928971 5035 update_name(&req);
890ea898 5036 update_eir(&req);
70da6243 5037 }
562fcc24 5038
229ab39c 5039 return hci_req_run(&req, powered_complete);
70da6243 5040}
562fcc24 5041
70da6243
JH		 5042int mgmt_powered(struct hci_dev *hdev, u8 powered)
5043{
5044 struct cmd_lookup match = { NULL, hdev };
229ab39c
JH		 5045 u8 status_not_powered = MGMT_STATUS_NOT_POWERED;
5046 u8 zero_cod[] = { 0, 0, 0 };
70da6243 5047 int err;
f0ff92fb 5048
70da6243
JH		 5049 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
5050 return 0;
5051
70da6243 5052 if (powered) {
229ab39c
JH		 5053 if (powered_update_hci(hdev) == 0)
5054 return 0;
fe038884 5055
229ab39c
JH		 5056 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp,
5057 &match);
5058 goto new_settings;
b24752fe
JH		 5059 }
5060
229ab39c
JH		 5061 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
5062 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status_not_powered);
5063
5064 if (memcmp(hdev->dev_class, zero_cod, sizeof(zero_cod)) != 0)
5065 mgmt_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev,
5066 zero_cod, sizeof(zero_cod), NULL);
5067
5068new_settings:
beadb2bd 5069 err = new_settings(hdev, match.sk);
eec8d2bc
JH		 5070
5071 if (match.sk)
5072 sock_put(match.sk);
5073
7bb895d6 5074 return err;
5add6af8 5075}
73f22f62 5076
3eec705e 5077void mgmt_set_powered_failed(struct hci_dev *hdev, int err)
96570ffc
JH		 5078{
5079 struct pending_cmd *cmd;
5080 u8 status;
5081
5082 cmd = mgmt_pending_find(MGMT_OP_SET_POWERED, hdev);
5083 if (!cmd)
3eec705e 5084 return;
96570ffc
JH		 5085
5086 if (err == -ERFKILL)
5087 status = MGMT_STATUS_RFKILLED;
5088 else
5089 status = MGMT_STATUS_FAILED;
5090
3eec705e 5091 cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_POWERED, status);
96570ffc
JH		 5092
5093 mgmt_pending_remove(cmd);
96570ffc
JH		 5094}
5095
d1967ff8
MH		 5096void mgmt_discoverable_timeout(struct hci_dev *hdev)
5097{
5098 struct hci_request req;
d1967ff8
MH		 5099
5100 hci_dev_lock(hdev);
5101
5102 /* When discoverable timeout triggers, then just make sure
5103 * the limited discoverable flag is cleared. Even in the case
5104 * of a timeout triggered from general discoverable, it is
5105 * safe to unconditionally clear the flag.
5106 */
5107 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
9a43e25f 5108 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
d1967ff8
MH		 5109
5110 hci_req_init(&req, hdev);
4b580614
JH		 5111 if (test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
5112 u8 scan = SCAN_PAGE;
5113 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE,
5114 sizeof(scan), &scan);
5115 }
d1967ff8 5116 update_class(&req);
9a43e25f 5117 update_adv_data(&req);
d1967ff8
MH		 5118 hci_req_run(&req, NULL);
5119
5120 hdev->discov_timeout = 0;
5121
9a43e25f
JH		 5122 new_settings(hdev, NULL);
5123
d1967ff8
MH		 5124 hci_dev_unlock(hdev);
5125}
5126
86a75645 5127void mgmt_discoverable(struct hci_dev *hdev, u8 discoverable)
73f22f62 5128{
86a75645 5129 bool changed;
73f22f62 5130
bfaf8c9f
JH		 5131 /* Nothing needed here if there's a pending command since that
5132 * commands request completion callback takes care of everything
5133 * necessary.
5134 */
5135 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev))
86a75645 5136 return;
bfaf8c9f 5137
bd107999
JH		 5138 /* Powering off may clear the scan mode - don't let that interfere */
5139 if (!discoverable && mgmt_pending_find(MGMT_OP_SET_POWERED, hdev))
5140 return;
5141
9a43e25f 5142 if (discoverable) {
86a75645 5143 changed = !test_and_set_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
9a43e25f
JH		 5144 } else {
5145 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
86a75645 5146 changed = test_and_clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
9a43e25f
JH		 5147 }
5148
5149 if (changed) {
5150 struct hci_request req;
5151
5152 /* In case this change in discoverable was triggered by
5153 * a disabling of connectable there could be a need to
5154 * update the advertising flags.
5155 */
5156 hci_req_init(&req, hdev);
5157 update_adv_data(&req);
5158 hci_req_run(&req, NULL);
73f22f62 5159
86a75645 5160 new_settings(hdev, NULL);
9a43e25f 5161 }
73f22f62 5162}
9fbcbb45 5163
a330916c 5164void mgmt_connectable(struct hci_dev *hdev, u8 connectable)
9fbcbb45 5165{
a330916c 5166 bool changed;
9fbcbb45 5167
d7b856f9
JH		 5168 /* Nothing needed here if there's a pending command since that
5169 * commands request completion callback takes care of everything
5170 * necessary.
5171 */
5172 if (mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev))
a330916c 5173 return;
d7b856f9 5174
ce3f24cf
JH		 5175 /* Powering off may clear the scan mode - don't let that interfere */
5176 if (!connectable && mgmt_pending_find(MGMT_OP_SET_POWERED, hdev))
5177 return;
5178
a330916c
MH		 5179 if (connectable)
5180 changed = !test_and_set_bit(HCI_CONNECTABLE, &hdev->dev_flags);
5181 else
5182 changed = test_and_clear_bit(HCI_CONNECTABLE, &hdev->dev_flags);
9fbcbb45 5183
beadb2bd 5184 if (changed)
a330916c 5185 new_settings(hdev, NULL);
9fbcbb45 5186}
55ed8ca1 5187
778b235a
JH		 5188void mgmt_advertising(struct hci_dev *hdev, u8 advertising)
5189{
7c4cfab8
JH		 5190 /* Powering off may stop advertising - don't let that interfere */
5191 if (!advertising && mgmt_pending_find(MGMT_OP_SET_POWERED, hdev))
5192 return;
5193
778b235a
JH		 5194 if (advertising)
5195 set_bit(HCI_ADVERTISING, &hdev->dev_flags);
5196 else
5197 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
5198}
5199
4796e8af 5200void mgmt_write_scan_failed(struct hci_dev *hdev, u8 scan, u8 status)
2d7cee58 5201{
ca69b795
JH		 5202 u8 mgmt_err = mgmt_status(status);
5203
2d7cee58 5204 if (scan & SCAN_PAGE)
744cf19e 5205 mgmt_pending_foreach(MGMT_OP_SET_CONNECTABLE, hdev,
04124681 5206 cmd_status_rsp, &mgmt_err);
2d7cee58
JH		 5207
5208 if (scan & SCAN_INQUIRY)
744cf19e 5209 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, hdev,
04124681 5210 cmd_status_rsp, &mgmt_err);
2d7cee58
JH		 5211}
5212
dc4a5ee2
MH		 5213void mgmt_new_link_key(struct hci_dev *hdev, struct link_key *key,
5214 bool persistent)
55ed8ca1 5215{
86742e1e 5216 struct mgmt_ev_new_link_key ev;
55ed8ca1 5217
a492cd52 5218 memset(&ev, 0, sizeof(ev));
55ed8ca1 5219
a492cd52 5220 ev.store_hint = persistent;
d753fdc4 5221 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
591f47f3 5222 ev.key.addr.type = BDADDR_BREDR;
a492cd52 5223 ev.key.type = key->type;
9b3b4460 5224 memcpy(ev.key.val, key->val, HCI_LINK_KEY_SIZE);
a492cd52 5225 ev.key.pin_len = key->pin_len;
55ed8ca1 5226
dc4a5ee2 5227 mgmt_event(MGMT_EV_NEW_LINK_KEY, hdev, &ev, sizeof(ev), NULL);
55ed8ca1 5228}
f7520543 5229
d7b25450
JH		 5230static u8 mgmt_ltk_type(struct smp_ltk *ltk)
5231{
5232 if (ltk->authenticated)
5233 return MGMT_LTK_AUTHENTICATED;
5234
5235 return MGMT_LTK_UNAUTHENTICATED;
5236}
5237
53ac6ab6 5238void mgmt_new_ltk(struct hci_dev *hdev, struct smp_ltk *key, bool persistent)
346af67b
VCG		 5239{
5240 struct mgmt_ev_new_long_term_key ev;
5241
5242 memset(&ev, 0, sizeof(ev));
5243
5192d301
MH		 5244 /* Devices using resolvable or non-resolvable random addresses
5245 * without providing an indentity resolving key don't require
5246 * to store long term keys. Their addresses will change the
5247 * next time around.
5248 *
5249 * Only when a remote device provides an identity address
5250 * make sure the long term key is stored. If the remote
5251 * identity is known, the long term keys are internally
5252 * mapped to the identity address. So allow static random
5253 * and public addresses here.
5254 */
ba74b666
JH		 5255 if (key->bdaddr_type == ADDR_LE_DEV_RANDOM &&
5256 (key->bdaddr.b[5] & 0xc0) != 0xc0)
5257 ev.store_hint = 0x00;
5258 else
53ac6ab6 5259 ev.store_hint = persistent;
ba74b666 5260
346af67b 5261 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
57c1477c 5262 ev.key.addr.type = link_to_bdaddr(LE_LINK, key->bdaddr_type);
d7b25450 5263 ev.key.type = mgmt_ltk_type(key);
346af67b
VCG		 5264 ev.key.enc_size = key->enc_size;
5265 ev.key.ediv = key->ediv;
fe39c7b2 5266 ev.key.rand = key->rand;
346af67b
VCG		 5267
5268 if (key->type == HCI_SMP_LTK)
5269 ev.key.master = 1;
5270
346af67b
VCG		 5271 memcpy(ev.key.val, key->val, sizeof(key->val));
5272
083368f7 5273 mgmt_event(MGMT_EV_NEW_LONG_TERM_KEY, hdev, &ev, sizeof(ev), NULL);
346af67b
VCG		 5274}
5275
95fbac8a
JH		 5276void mgmt_new_irk(struct hci_dev *hdev, struct smp_irk *irk)
5277{
5278 struct mgmt_ev_new_irk ev;
5279
5280 memset(&ev, 0, sizeof(ev));
5281
bab6d1e5
MH		 5282 /* For identity resolving keys from devices that are already
5283 * using a public address or static random address, do not
5284 * ask for storing this key. The identity resolving key really
5285 * is only mandatory for devices using resovlable random
5286 * addresses.
5287 *
5288 * Storing all identity resolving keys has the downside that
5289 * they will be also loaded on next boot of they system. More
5290 * identity resolving keys, means more time during scanning is
5291 * needed to actually resolve these addresses.
5292 */
5293 if (bacmp(&irk->rpa, BDADDR_ANY))
5294 ev.store_hint = 0x01;
5295 else
5296 ev.store_hint = 0x00;
5297
95fbac8a
JH		 5298 bacpy(&ev.rpa, &irk->rpa);
5299 bacpy(&ev.irk.addr.bdaddr, &irk->bdaddr);
5300 ev.irk.addr.type = link_to_bdaddr(LE_LINK, irk->addr_type);
5301 memcpy(ev.irk.val, irk->val, sizeof(irk->val));
5302
5303 mgmt_event(MGMT_EV_NEW_IRK, hdev, &ev, sizeof(ev), NULL);
5304}
5305
53ac6ab6
MH		 5306void mgmt_new_csrk(struct hci_dev *hdev, struct smp_csrk *csrk,
5307 bool persistent)
7ee4ea36
MH		 5308{
5309 struct mgmt_ev_new_csrk ev;
5310
5311 memset(&ev, 0, sizeof(ev));
5312
5313 /* Devices using resolvable or non-resolvable random addresses
5314 * without providing an indentity resolving key don't require
5315 * to store signature resolving keys. Their addresses will change
5316 * the next time around.
5317 *
5318 * Only when a remote device provides an identity address
5319 * make sure the signature resolving key is stored. So allow
5320 * static random and public addresses here.
5321 */
5322 if (csrk->bdaddr_type == ADDR_LE_DEV_RANDOM &&
5323 (csrk->bdaddr.b[5] & 0xc0) != 0xc0)
5324 ev.store_hint = 0x00;
5325 else
53ac6ab6 5326 ev.store_hint = persistent;
7ee4ea36
MH		 5327
5328 bacpy(&ev.key.addr.bdaddr, &csrk->bdaddr);
5329 ev.key.addr.type = link_to_bdaddr(LE_LINK, csrk->bdaddr_type);
5330 ev.key.master = csrk->master;
5331 memcpy(ev.key.val, csrk->val, sizeof(csrk->val));
5332
5333 mgmt_event(MGMT_EV_NEW_CSRK, hdev, &ev, sizeof(ev), NULL);
5334}
5335
94933991
MH		 5336static inline u16 eir_append_data(u8 *eir, u16 eir_len, u8 type, u8 *data,
5337 u8 data_len)
5338{
5339 eir[eir_len++] = sizeof(type) + data_len;
5340 eir[eir_len++] = type;
5341 memcpy(&eir[eir_len], data, data_len);
5342 eir_len += data_len;
5343
5344 return eir_len;
5345}
5346
ecd90ae7
MH		 5347void mgmt_device_connected(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
5348 u8 addr_type, u32 flags, u8 *name, u8 name_len,
5349 u8 *dev_class)
f7520543 5350{
b644ba33
JH		 5351 char buf[512];
5352 struct mgmt_ev_device_connected *ev = (void *) buf;
5353 u16 eir_len = 0;
f7520543 5354
b644ba33 5355 bacpy(&ev->addr.bdaddr, bdaddr);
57c1477c 5356 ev->addr.type = link_to_bdaddr(link_type, addr_type);
f7520543 5357
c95f0ba7 5358 ev->flags = __cpu_to_le32(flags);
08c79b61 5359
b644ba33
JH		 5360 if (name_len > 0)
5361 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE,
04124681 5362 name, name_len);
b644ba33
JH		 5363
5364 if (dev_class && memcmp(dev_class, "\0\0\0", 3) != 0)
53156385 5365 eir_len = eir_append_data(ev->eir, eir_len,
04124681 5366 EIR_CLASS_OF_DEV, dev_class, 3);
b644ba33 5367
eb55ef07 5368 ev->eir_len = cpu_to_le16(eir_len);
b644ba33 5369
ecd90ae7
MH		 5370 mgmt_event(MGMT_EV_DEVICE_CONNECTED, hdev, buf,
5371 sizeof(*ev) + eir_len, NULL);
f7520543
JH		 5372}
5373
8962ee74
JH		 5374static void disconnect_rsp(struct pending_cmd *cmd, void *data)
5375{
c68fb7ff 5376 struct mgmt_cp_disconnect *cp = cmd->param;
8962ee74 5377 struct sock **sk = data;
a38528f1 5378 struct mgmt_rp_disconnect rp;
8962ee74 5379
88c3df13
JH		 5380 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
5381 rp.addr.type = cp->addr.type;
8962ee74 5382
aee9b218 5383 cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT, 0, &rp,
04124681 5384 sizeof(rp));
8962ee74
JH		 5385
5386 *sk = cmd->sk;
5387 sock_hold(*sk);
5388
a664b5bc 5389 mgmt_pending_remove(cmd);
8962ee74
JH		 5390}
5391
124f6e35 5392static void unpair_device_rsp(struct pending_cmd *cmd, void *data)
a8a1d19e 5393{
b1078ad0 5394 struct hci_dev *hdev = data;
124f6e35
JH		 5395 struct mgmt_cp_unpair_device *cp = cmd->param;
5396 struct mgmt_rp_unpair_device rp;
a8a1d19e
JH		 5397
5398 memset(&rp, 0, sizeof(rp));
124f6e35
JH		 5399 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
5400 rp.addr.type = cp->addr.type;
a8a1d19e 5401
b1078ad0
JH		 5402 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, cmd->sk);
5403
aee9b218 5404 cmd_complete(cmd->sk, cmd->index, cmd->opcode, 0, &rp, sizeof(rp));
a8a1d19e
JH		 5405
5406 mgmt_pending_remove(cmd);
5407}
5408
9b80ec5e 5409void mgmt_device_disconnected(struct hci_dev *hdev, bdaddr_t *bdaddr,
12d4a3b2
JH		 5410 u8 link_type, u8 addr_type, u8 reason,
5411 bool mgmt_connected)
f7520543 5412{
f0d6a0ea 5413 struct mgmt_ev_device_disconnected ev;
8b064a3a 5414 struct pending_cmd *power_off;
8962ee74 5415 struct sock *sk = NULL;
8962ee74 5416
8b064a3a
JH		 5417 power_off = mgmt_pending_find(MGMT_OP_SET_POWERED, hdev);
5418 if (power_off) {
5419 struct mgmt_mode *cp = power_off->param;
5420
5421 /* The connection is still in hci_conn_hash so test for 1
5422 * instead of 0 to know if this is the last one.
5423 */
a3172b7e
JH		 5424 if (!cp->val && hci_conn_count(hdev) == 1) {
5425 cancel_delayed_work(&hdev->power_off);
8b064a3a 5426 queue_work(hdev->req_workqueue, &hdev->power_off.work);
a3172b7e 5427 }
8b064a3a
JH		 5428 }
5429
12d4a3b2
JH		 5430 if (!mgmt_connected)
5431 return;
5432
57eb776f
AG		 5433 if (link_type != ACL_LINK && link_type != LE_LINK)
5434 return;
5435
744cf19e 5436 mgmt_pending_foreach(MGMT_OP_DISCONNECT, hdev, disconnect_rsp, &sk);
f7520543 5437
f0d6a0ea
MA		 5438 bacpy(&ev.addr.bdaddr, bdaddr);
5439 ev.addr.type = link_to_bdaddr(link_type, addr_type);
5440 ev.reason = reason;
f7520543 5441
9b80ec5e 5442 mgmt_event(MGMT_EV_DEVICE_DISCONNECTED, hdev, &ev, sizeof(ev), sk);
8962ee74
JH		 5443
5444 if (sk)
d97dcb66 5445 sock_put(sk);
8962ee74 5446
124f6e35 5447 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
04124681 5448 hdev);
8962ee74
JH		 5449}
5450
7892924c
MH		 5451void mgmt_disconnect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr,
5452 u8 link_type, u8 addr_type, u8 status)
8962ee74 5453{
3655bba8
AG		 5454 u8 bdaddr_type = link_to_bdaddr(link_type, addr_type);
5455 struct mgmt_cp_disconnect *cp;
88c3df13 5456 struct mgmt_rp_disconnect rp;
8962ee74 5457 struct pending_cmd *cmd;
8962ee74 5458
36a75f1b
JD		 5459 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
5460 hdev);
5461
2e58ef3e 5462 cmd = mgmt_pending_find(MGMT_OP_DISCONNECT, hdev);
8962ee74 5463 if (!cmd)
7892924c 5464 return;
8962ee74 5465
3655bba8
AG		 5466 cp = cmd->param;
5467
5468 if (bacmp(bdaddr, &cp->addr.bdaddr))
5469 return;
5470
5471 if (cp->addr.type != bdaddr_type)
5472 return;
5473
88c3df13 5474 bacpy(&rp.addr.bdaddr, bdaddr);
3655bba8 5475 rp.addr.type = bdaddr_type;
37d9ef76 5476
7892924c
MH		 5477 cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT,
5478 mgmt_status(status), &rp, sizeof(rp));
8962ee74 5479
a664b5bc 5480 mgmt_pending_remove(cmd);
f7520543 5481}
17d5c04c 5482
445608d0
MH		 5483void mgmt_connect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
5484 u8 addr_type, u8 status)
17d5c04c
JH		 5485{
5486 struct mgmt_ev_connect_failed ev;
c9910d0f
JH		 5487 struct pending_cmd *power_off;
5488
5489 power_off = mgmt_pending_find(MGMT_OP_SET_POWERED, hdev);
5490 if (power_off) {
5491 struct mgmt_mode *cp = power_off->param;
5492
5493 /* The connection is still in hci_conn_hash so test for 1
5494 * instead of 0 to know if this is the last one.
5495 */
a3172b7e
JH		 5496 if (!cp->val && hci_conn_count(hdev) == 1) {
5497 cancel_delayed_work(&hdev->power_off);
c9910d0f 5498 queue_work(hdev->req_workqueue, &hdev->power_off.work);
a3172b7e 5499 }
c9910d0f 5500 }
17d5c04c 5501
4c659c39 5502 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 5503 ev.addr.type = link_to_bdaddr(link_type, addr_type);
ca69b795 5504 ev.status = mgmt_status(status);
17d5c04c 5505
445608d0 5506 mgmt_event(MGMT_EV_CONNECT_FAILED, hdev, &ev, sizeof(ev), NULL);
17d5c04c 5507}
980e1a53 5508
ce0e4a0d 5509void mgmt_pin_code_request(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 secure)
980e1a53
JH		 5510{
5511 struct mgmt_ev_pin_code_request ev;
5512
d8457698 5513 bacpy(&ev.addr.bdaddr, bdaddr);
591f47f3 5514 ev.addr.type = BDADDR_BREDR;
a770bb5a 5515 ev.secure = secure;
980e1a53 5516
ce0e4a0d 5517 mgmt_event(MGMT_EV_PIN_CODE_REQUEST, hdev, &ev, sizeof(ev), NULL);
980e1a53
JH		 5518}
5519
e669cf80
MH		 5520void mgmt_pin_code_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
5521 u8 status)
980e1a53
JH		 5522{
5523 struct pending_cmd *cmd;
ac56fb13 5524 struct mgmt_rp_pin_code_reply rp;
980e1a53 5525
2e58ef3e 5526 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_REPLY, hdev);
980e1a53 5527 if (!cmd)
e669cf80 5528 return;
980e1a53 5529
d8457698 5530 bacpy(&rp.addr.bdaddr, bdaddr);
591f47f3 5531 rp.addr.type = BDADDR_BREDR;
ac56fb13 5532
e669cf80
MH		 5533 cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
5534 mgmt_status(status), &rp, sizeof(rp));
980e1a53 5535
a664b5bc 5536 mgmt_pending_remove(cmd);
980e1a53
JH		 5537}
5538
3eb38528
MH		 5539void mgmt_pin_code_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
5540 u8 status)
980e1a53
JH		 5541{
5542 struct pending_cmd *cmd;
ac56fb13 5543 struct mgmt_rp_pin_code_reply rp;
980e1a53 5544
2e58ef3e 5545 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_NEG_REPLY, hdev);
980e1a53 5546 if (!cmd)
3eb38528 5547 return;
980e1a53 5548
d8457698 5549 bacpy(&rp.addr.bdaddr, bdaddr);
591f47f3 5550 rp.addr.type = BDADDR_BREDR;
ac56fb13 5551
3eb38528
MH		 5552 cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_NEG_REPLY,
5553 mgmt_status(status), &rp, sizeof(rp));
980e1a53 5554
a664b5bc 5555 mgmt_pending_remove(cmd);
980e1a53 5556}
a5c29683 5557
744cf19e 5558int mgmt_user_confirm_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
39adbffe 5559 u8 link_type, u8 addr_type, u32 value,
04124681 5560 u8 confirm_hint)
a5c29683
JH		 5561{
5562 struct mgmt_ev_user_confirm_request ev;
5563
744cf19e 5564 BT_DBG("%s", hdev->name);
a5c29683 5565
272d90df 5566 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 5567 ev.addr.type = link_to_bdaddr(link_type, addr_type);
55bc1a37 5568 ev.confirm_hint = confirm_hint;
39adbffe 5569 ev.value = cpu_to_le32(value);
a5c29683 5570
744cf19e 5571 return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST, hdev, &ev, sizeof(ev),
04124681 5572 NULL);
a5c29683
JH		 5573}
5574
272d90df 5575int mgmt_user_passkey_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
8ce8e2b5 5576 u8 link_type, u8 addr_type)
604086b7
BG		 5577{
5578 struct mgmt_ev_user_passkey_request ev;
5579
5580 BT_DBG("%s", hdev->name);
5581
272d90df 5582 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 5583 ev.addr.type = link_to_bdaddr(link_type, addr_type);
604086b7
BG		 5584
5585 return mgmt_event(MGMT_EV_USER_PASSKEY_REQUEST, hdev, &ev, sizeof(ev),
04124681 5586 NULL);
604086b7
BG		 5587}
5588
0df4c185 5589static int user_pairing_resp_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
8ce8e2b5
GP		 5590 u8 link_type, u8 addr_type, u8 status,
5591 u8 opcode)
a5c29683
JH		 5592{
5593 struct pending_cmd *cmd;
5594 struct mgmt_rp_user_confirm_reply rp;
5595 int err;
5596
2e58ef3e 5597 cmd = mgmt_pending_find(opcode, hdev);
a5c29683
JH		 5598 if (!cmd)
5599 return -ENOENT;
5600
272d90df 5601 bacpy(&rp.addr.bdaddr, bdaddr);
57c1477c 5602 rp.addr.type = link_to_bdaddr(link_type, addr_type);
aee9b218 5603 err = cmd_complete(cmd->sk, hdev->id, opcode, mgmt_status(status),
04124681 5604 &rp, sizeof(rp));
a5c29683 5605
a664b5bc 5606 mgmt_pending_remove(cmd);
a5c29683
JH		 5607
5608 return err;
5609}
5610
744cf19e 5611int mgmt_user_confirm_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 5612 u8 link_type, u8 addr_type, u8 status)
a5c29683 5613{
272d90df 5614 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
04124681 5615 status, MGMT_OP_USER_CONFIRM_REPLY);
a5c29683
JH		 5616}
5617
272d90df 5618int mgmt_user_confirm_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 5619 u8 link_type, u8 addr_type, u8 status)
a5c29683 5620{
272d90df 5621 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
8fc9ced3
GP		 5622 status,
5623 MGMT_OP_USER_CONFIRM_NEG_REPLY);
a5c29683 5624}
2a611692 5625
604086b7 5626int mgmt_user_passkey_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 5627 u8 link_type, u8 addr_type, u8 status)
604086b7 5628{
272d90df 5629 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
04124681 5630 status, MGMT_OP_USER_PASSKEY_REPLY);
604086b7
BG		 5631}
5632
272d90df 5633int mgmt_user_passkey_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 5634 u8 link_type, u8 addr_type, u8 status)
604086b7 5635{
272d90df 5636 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
8fc9ced3
GP		 5637 status,
5638 MGMT_OP_USER_PASSKEY_NEG_REPLY);
604086b7
BG		 5639}
5640
92a25256
JH		 5641int mgmt_user_passkey_notify(struct hci_dev *hdev, bdaddr_t *bdaddr,
5642 u8 link_type, u8 addr_type, u32 passkey,
5643 u8 entered)
5644{
5645 struct mgmt_ev_passkey_notify ev;
5646
5647 BT_DBG("%s", hdev->name);
5648
5649 bacpy(&ev.addr.bdaddr, bdaddr);
5650 ev.addr.type = link_to_bdaddr(link_type, addr_type);
5651 ev.passkey = __cpu_to_le32(passkey);
5652 ev.entered = entered;
5653
5654 return mgmt_event(MGMT_EV_PASSKEY_NOTIFY, hdev, &ev, sizeof(ev), NULL);
5655}
5656
e546099c
MH		 5657void mgmt_auth_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
5658 u8 addr_type, u8 status)
2a611692
JH		 5659{
5660 struct mgmt_ev_auth_failed ev;
5661
bab73cb6 5662 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 5663 ev.addr.type = link_to_bdaddr(link_type, addr_type);
ca69b795 5664 ev.status = mgmt_status(status);
2a611692 5665
e546099c 5666 mgmt_event(MGMT_EV_AUTH_FAILED, hdev, &ev, sizeof(ev), NULL);
2a611692 5667}
b312b161 5668
464996ae 5669void mgmt_auth_enable_complete(struct hci_dev *hdev, u8 status)
33ef95ed
JH		 5670{
5671 struct cmd_lookup match = { NULL, hdev };
464996ae 5672 bool changed;
33ef95ed
JH		 5673
5674 if (status) {
5675 u8 mgmt_err = mgmt_status(status);
5676 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev,
04124681 5677 cmd_status_rsp, &mgmt_err);
464996ae 5678 return;
33ef95ed
JH		 5679 }
5680
464996ae
MH		 5681 if (test_bit(HCI_AUTH, &hdev->flags))
5682 changed = !test_and_set_bit(HCI_LINK_SECURITY,
5683 &hdev->dev_flags);
5684 else
5685 changed = test_and_clear_bit(HCI_LINK_SECURITY,
5686 &hdev->dev_flags);
47990ea0 5687
33ef95ed 5688 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev, settings_rsp,
04124681 5689 &match);
33ef95ed 5690
47990ea0 5691 if (changed)
464996ae 5692 new_settings(hdev, match.sk);
33ef95ed
JH		 5693
5694 if (match.sk)
5695 sock_put(match.sk);
33ef95ed
JH		 5696}
5697
890ea898 5698static void clear_eir(struct hci_request *req)
cacaf52f 5699{
890ea898 5700 struct hci_dev *hdev = req->hdev;
cacaf52f
JH		 5701 struct hci_cp_write_eir cp;
5702
976eb20e 5703 if (!lmp_ext_inq_capable(hdev))
890ea898 5704 return;
cacaf52f 5705
c80da27e
JH		 5706 memset(hdev->eir, 0, sizeof(hdev->eir));
5707
cacaf52f
JH		 5708 memset(&cp, 0, sizeof(cp));
5709
890ea898 5710 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
cacaf52f
JH		 5711}
5712
3e248560 5713void mgmt_ssp_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
ed2c4ee3
JH		 5714{
5715 struct cmd_lookup match = { NULL, hdev };
890ea898 5716 struct hci_request req;
c0ecddc2 5717 bool changed = false;
ed2c4ee3
JH		 5718
5719 if (status) {
5720 u8 mgmt_err = mgmt_status(status);
c0ecddc2
JH		 5721
5722 if (enable && test_and_clear_bit(HCI_SSP_ENABLED,
9ecb3e24
MH		 5723 &hdev->dev_flags)) {
5724 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
3e248560 5725 new_settings(hdev, NULL);
9ecb3e24 5726 }
c0ecddc2 5727
04124681
GP		 5728 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, cmd_status_rsp,
5729 &mgmt_err);
3e248560 5730 return;
c0ecddc2
JH		 5731 }
5732
5733 if (enable) {
9ecb3e24 5734 changed = !test_and_set_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
c0ecddc2 5735 } else {
9ecb3e24
MH		 5736 changed = test_and_clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
5737 if (!changed)
5738 changed = test_and_clear_bit(HCI_HS_ENABLED,
5739 &hdev->dev_flags);
5740 else
5741 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
ed2c4ee3
JH		 5742 }
5743
5744 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, settings_rsp, &match);
5745
c0ecddc2 5746 if (changed)
3e248560 5747 new_settings(hdev, match.sk);
ed2c4ee3 5748
5fc6ebb1 5749 if (match.sk)
ed2c4ee3
JH		 5750 sock_put(match.sk);
5751
890ea898
JH		 5752 hci_req_init(&req, hdev);
5753
5fc6ebb1 5754 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
890ea898 5755 update_eir(&req);
5fc6ebb1 5756 else
890ea898
JH		 5757 clear_eir(&req);
5758
5759 hci_req_run(&req, NULL);
ed2c4ee3
JH		 5760}
5761
eac83dc6
MH		 5762void mgmt_sc_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
5763{
5764 struct cmd_lookup match = { NULL, hdev };
5765 bool changed = false;
5766
5767 if (status) {
5768 u8 mgmt_err = mgmt_status(status);
5769
0ab04a9c
MH		 5770 if (enable) {
5771 if (test_and_clear_bit(HCI_SC_ENABLED,
5772 &hdev->dev_flags))
5773 new_settings(hdev, NULL);
5774 clear_bit(HCI_SC_ONLY, &hdev->dev_flags);
5775 }
eac83dc6
MH		 5776
5777 mgmt_pending_foreach(MGMT_OP_SET_SECURE_CONN, hdev,
5778 cmd_status_rsp, &mgmt_err);
5779 return;
5780 }
5781
0ab04a9c 5782 if (enable) {
eac83dc6 5783 changed = !test_and_set_bit(HCI_SC_ENABLED, &hdev->dev_flags);
0ab04a9c 5784 } else {
eac83dc6 5785 changed = test_and_clear_bit(HCI_SC_ENABLED, &hdev->dev_flags);
0ab04a9c
MH		 5786 clear_bit(HCI_SC_ONLY, &hdev->dev_flags);
5787 }
eac83dc6
MH		 5788
5789 mgmt_pending_foreach(MGMT_OP_SET_SECURE_CONN, hdev,
5790 settings_rsp, &match);
5791
5792 if (changed)
5793 new_settings(hdev, match.sk);
5794
5795 if (match.sk)
5796 sock_put(match.sk);
5797}
5798
92da6097 5799static void sk_lookup(struct pending_cmd *cmd, void *data)
90e70454
JH		 5800{
5801 struct cmd_lookup *match = data;
5802
90e70454
JH		 5803 if (match->sk == NULL) {
5804 match->sk = cmd->sk;
5805 sock_hold(match->sk);
5806 }
90e70454
JH		 5807}
5808
4e1b0245
MH		 5809void mgmt_set_class_of_dev_complete(struct hci_dev *hdev, u8 *dev_class,
5810 u8 status)
7f9a903c 5811{
90e70454 5812 struct cmd_lookup match = { NULL, hdev, mgmt_status(status) };
7f9a903c 5813
92da6097
JH		 5814 mgmt_pending_foreach(MGMT_OP_SET_DEV_CLASS, hdev, sk_lookup, &match);
5815 mgmt_pending_foreach(MGMT_OP_ADD_UUID, hdev, sk_lookup, &match);
5816 mgmt_pending_foreach(MGMT_OP_REMOVE_UUID, hdev, sk_lookup, &match);
90e70454
JH		 5817
5818 if (!status)
4e1b0245
MH		 5819 mgmt_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev, dev_class, 3,
5820 NULL);
90e70454
JH		 5821
5822 if (match.sk)
5823 sock_put(match.sk);
7f9a903c
MH		 5824}
5825
7667da34 5826void mgmt_set_local_name_complete(struct hci_dev *hdev, u8 *name, u8 status)
b312b161 5827{
b312b161 5828 struct mgmt_cp_set_local_name ev;
13928971 5829 struct pending_cmd *cmd;
28cc7bde 5830
13928971 5831 if (status)
7667da34 5832 return;
b312b161
JH		 5833
5834 memset(&ev, 0, sizeof(ev));
5835 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH);
28cc7bde 5836 memcpy(ev.short_name, hdev->short_name, HCI_MAX_SHORT_NAME_LENGTH);
b312b161 5837
2e58ef3e 5838 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
13928971
JH		 5839 if (!cmd) {
5840 memcpy(hdev->dev_name, name, sizeof(hdev->dev_name));
28cc7bde 5841
13928971
JH		 5842 /* If this is a HCI command related to powering on the
5843 * HCI dev don't send any mgmt signals.
5844 */
5845 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev))
7667da34 5846 return;
890ea898 5847 }
b312b161 5848
7667da34
MH		 5849 mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, &ev, sizeof(ev),
5850 cmd ? cmd->sk : NULL);
b312b161 5851}
c35938b2 5852
4d2d2796
MH		 5853void mgmt_read_local_oob_data_complete(struct hci_dev *hdev, u8 *hash192,
5854 u8 *randomizer192, u8 *hash256,
5855 u8 *randomizer256, u8 status)
c35938b2
SJ		 5856{
5857 struct pending_cmd *cmd;
c35938b2 5858
744cf19e 5859 BT_DBG("%s status %u", hdev->name, status);
c35938b2 5860
2e58ef3e 5861 cmd = mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev);
c35938b2 5862 if (!cmd)
3edaf092 5863 return;
c35938b2
SJ		 5864
5865 if (status) {
3edaf092
MH		 5866 cmd_status(cmd->sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
5867 mgmt_status(status));
c35938b2 5868 } else {
4d2d2796
MH		 5869 if (test_bit(HCI_SC_ENABLED, &hdev->dev_flags) &&
5870 hash256 && randomizer256) {
5871 struct mgmt_rp_read_local_oob_ext_data rp;
5872
5873 memcpy(rp.hash192, hash192, sizeof(rp.hash192));
5874 memcpy(rp.randomizer192, randomizer192,
5875 sizeof(rp.randomizer192));
c35938b2 5876
4d2d2796
MH		 5877 memcpy(rp.hash256, hash256, sizeof(rp.hash256));
5878 memcpy(rp.randomizer256, randomizer256,
5879 sizeof(rp.randomizer256));
c35938b2 5880
4d2d2796
MH		 5881 cmd_complete(cmd->sk, hdev->id,
5882 MGMT_OP_READ_LOCAL_OOB_DATA, 0,
5883 &rp, sizeof(rp));
5884 } else {
5885 struct mgmt_rp_read_local_oob_data rp;
5886
5887 memcpy(rp.hash, hash192, sizeof(rp.hash));
5888 memcpy(rp.randomizer, randomizer192,
5889 sizeof(rp.randomizer));
5890
5891 cmd_complete(cmd->sk, hdev->id,
5892 MGMT_OP_READ_LOCAL_OOB_DATA, 0,
5893 &rp, sizeof(rp));
5894 }
c35938b2
SJ		 5895 }
5896
5897 mgmt_pending_remove(cmd);
c35938b2 5898}
e17acd40 5899
901801b9 5900void mgmt_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
73cf71d9
JH		 5901 u8 addr_type, u8 *dev_class, s8 rssi, u8 cfm_name,
5902 u8 ssp, u8 *eir, u16 eir_len, u8 *scan_rsp,
5d2e9fad 5903 u8 scan_rsp_len)
e17acd40 5904{
e319d2e7
JH		 5905 char buf[512];
5906 struct mgmt_ev_device_found *ev = (void *) buf;
5cedbb8d 5907 struct smp_irk *irk;
1dc06093 5908 size_t ev_size;
e17acd40 5909
12602d0c 5910 if (!hci_discovery_active(hdev))
901801b9 5911 return;
12602d0c 5912
5d2e9fad
JH		 5913 /* Make sure that the buffer is big enough. The 5 extra bytes
5914 * are for the potential CoD field.
5915 */
5916 if (sizeof(*ev) + eir_len + scan_rsp_len + 5 > sizeof(buf))
901801b9 5917 return;
7d262f86 5918
1dc06093
JH		 5919 memset(buf, 0, sizeof(buf));
5920
5cedbb8d
JH		 5921 irk = hci_get_irk(hdev, bdaddr, addr_type);
5922 if (irk) {
5923 bacpy(&ev->addr.bdaddr, &irk->bdaddr);
5924 ev->addr.type = link_to_bdaddr(link_type, irk->addr_type);
5925 } else {
5926 bacpy(&ev->addr.bdaddr, bdaddr);
5927 ev->addr.type = link_to_bdaddr(link_type, addr_type);
5928 }
5929
e319d2e7 5930 ev->rssi = rssi;
9a395a80 5931 if (cfm_name)
dcf4adbf 5932 ev->flags |= cpu_to_le32(MGMT_DEV_FOUND_CONFIRM_NAME);
388fc8fa 5933 if (!ssp)
dcf4adbf 5934 ev->flags |= cpu_to_le32(MGMT_DEV_FOUND_LEGACY_PAIRING);
e17acd40 5935
1dc06093 5936 if (eir_len > 0)
e319d2e7 5937 memcpy(ev->eir, eir, eir_len);
e17acd40 5938
1dc06093
JH		 5939 if (dev_class && !eir_has_data_type(ev->eir, eir_len, EIR_CLASS_OF_DEV))
5940 eir_len = eir_append_data(ev->eir, eir_len, EIR_CLASS_OF_DEV,
04124681 5941 dev_class, 3);
1dc06093 5942
5d2e9fad
JH		 5943 if (scan_rsp_len > 0)
5944 memcpy(ev->eir + eir_len, scan_rsp, scan_rsp_len);
5945
5946 ev->eir_len = cpu_to_le16(eir_len + scan_rsp_len);
5947 ev_size = sizeof(*ev) + eir_len + scan_rsp_len;
f8523598 5948
901801b9 5949 mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, ev_size, NULL);
e17acd40 5950}
a88a9652 5951
9cf12aee
MH		 5952void mgmt_remote_name(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
5953 u8 addr_type, s8 rssi, u8 *name, u8 name_len)
a88a9652 5954{
b644ba33
JH		 5955 struct mgmt_ev_device_found *ev;
5956 char buf[sizeof(*ev) + HCI_MAX_NAME_LENGTH + 2];
5957 u16 eir_len;
a88a9652 5958
b644ba33 5959 ev = (struct mgmt_ev_device_found *) buf;
a88a9652 5960
b644ba33
JH		 5961 memset(buf, 0, sizeof(buf));
5962
5963 bacpy(&ev->addr.bdaddr, bdaddr);
57c1477c 5964 ev->addr.type = link_to_bdaddr(link_type, addr_type);
b644ba33
JH		 5965 ev->rssi = rssi;
5966
5967 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE, name,
04124681 5968 name_len);
b644ba33 5969
eb55ef07 5970 ev->eir_len = cpu_to_le16(eir_len);
a88a9652 5971
9cf12aee 5972 mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, sizeof(*ev) + eir_len, NULL);
a88a9652 5973}
314b2381 5974
2f1e063b 5975void mgmt_discovering(struct hci_dev *hdev, u8 discovering)
314b2381 5976{
f963e8e9 5977 struct mgmt_ev_discovering ev;
164a6e78
JH		 5978 struct pending_cmd *cmd;
5979
343fb145
AG		 5980 BT_DBG("%s discovering %u", hdev->name, discovering);
5981
164a6e78 5982 if (discovering)
2e58ef3e 5983 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
164a6e78 5984 else
2e58ef3e 5985 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
164a6e78
JH		 5986
5987 if (cmd != NULL) {
f808e166
JH		 5988 u8 type = hdev->discovery.type;
5989
04124681
GP		 5990 cmd_complete(cmd->sk, hdev->id, cmd->opcode, 0, &type,
5991 sizeof(type));
164a6e78
JH		 5992 mgmt_pending_remove(cmd);
5993 }
5994
f963e8e9
JH		 5995 memset(&ev, 0, sizeof(ev));
5996 ev.type = hdev->discovery.type;
5997 ev.discovering = discovering;
5998
2f1e063b 5999 mgmt_event(MGMT_EV_DISCOVERING, hdev, &ev, sizeof(ev), NULL);
314b2381 6000}
5e762444 6001
88c1fe4b 6002int mgmt_device_blocked(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
5e762444
AJ		 6003{
6004 struct pending_cmd *cmd;
6005 struct mgmt_ev_device_blocked ev;
6006
2e58ef3e 6007 cmd = mgmt_pending_find(MGMT_OP_BLOCK_DEVICE, hdev);
5e762444 6008
88c1fe4b
JH		 6009 bacpy(&ev.addr.bdaddr, bdaddr);
6010 ev.addr.type = type;
5e762444 6011
744cf19e 6012 return mgmt_event(MGMT_EV_DEVICE_BLOCKED, hdev, &ev, sizeof(ev),
04124681 6013 cmd ? cmd->sk : NULL);
5e762444
AJ		 6014}
6015
88c1fe4b 6016int mgmt_device_unblocked(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
5e762444
AJ		 6017{
6018 struct pending_cmd *cmd;
6019 struct mgmt_ev_device_unblocked ev;
6020
2e58ef3e 6021 cmd = mgmt_pending_find(MGMT_OP_UNBLOCK_DEVICE, hdev);
5e762444 6022
88c1fe4b
JH		 6023 bacpy(&ev.addr.bdaddr, bdaddr);
6024 ev.addr.type = type;
5e762444 6025
744cf19e 6026 return mgmt_event(MGMT_EV_DEVICE_UNBLOCKED, hdev, &ev, sizeof(ev),
04124681 6027 cmd ? cmd->sk : NULL);
5e762444 6028}
5976e608
MH		 6029
6030static void adv_enable_complete(struct hci_dev *hdev, u8 status)
6031{
6032 BT_DBG("%s status %u", hdev->name, status);
6033
6034 /* Clear the advertising mgmt setting if we failed to re-enable it */
6035 if (status) {
6036 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
a6d811ed 6037 new_settings(hdev, NULL);
5976e608
MH		 6038 }
6039}
6040
6041void mgmt_reenable_advertising(struct hci_dev *hdev)
6042{
6043 struct hci_request req;
6044
b145edcd 6045 if (hci_conn_num(hdev, LE_LINK) > 0)
5976e608
MH		 6046 return;
6047
6048 if (!test_bit(HCI_ADVERTISING, &hdev->dev_flags))
6049 return;
6050
6051 hci_req_init(&req, hdev);
6052 enable_advertising(&req);
6053
6054 /* If this fails we have no option but to let user space know
6055 * that we've disabled advertising.
6056 */
6057 if (hci_req_run(&req, adv_enable_complete) < 0) {
6058 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
a6d811ed 6059 new_settings(hdev, NULL);
5976e608
MH		 6060 }
6061}
Linux kernel - Deliverables
This page took 0.759779 seconds and 5 git commands to generate.