projects / deliverable / linux.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Bluetooth: Provide high speed configuration option
[deliverable/linux.git] / net / bluetooth / mgmt.c
CommitLineData
0381101f
JH		 1/*
2 BlueZ - Bluetooth protocol stack for Linux
ea585ab5 3
0381101f 4 Copyright (C) 2010 Nokia Corporation
ea585ab5 5 Copyright (C) 2011-2012 Intel Corporation
0381101f
JH		 6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
10
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
23*/
24
25/* Bluetooth HCI Management interface */
26
3a9a231d 27#include <linux/module.h>
0381101f
JH		 28#include <asm/unaligned.h>
29
30#include <net/bluetooth/bluetooth.h>
31#include <net/bluetooth/hci_core.h>
32#include <net/bluetooth/mgmt.h>
5fe57d9e 33#include <net/bluetooth/smp.h>
0381101f 34
2da9c55c 35#define MGMT_VERSION 1
3810285c 36#define MGMT_REVISION 3
02d98129 37
e70bb2e8
JH		 38static const u16 mgmt_commands[] = {
39 MGMT_OP_READ_INDEX_LIST,
40 MGMT_OP_READ_INFO,
41 MGMT_OP_SET_POWERED,
42 MGMT_OP_SET_DISCOVERABLE,
43 MGMT_OP_SET_CONNECTABLE,
44 MGMT_OP_SET_FAST_CONNECTABLE,
45 MGMT_OP_SET_PAIRABLE,
46 MGMT_OP_SET_LINK_SECURITY,
47 MGMT_OP_SET_SSP,
48 MGMT_OP_SET_HS,
49 MGMT_OP_SET_LE,
50 MGMT_OP_SET_DEV_CLASS,
51 MGMT_OP_SET_LOCAL_NAME,
52 MGMT_OP_ADD_UUID,
53 MGMT_OP_REMOVE_UUID,
54 MGMT_OP_LOAD_LINK_KEYS,
55 MGMT_OP_LOAD_LONG_TERM_KEYS,
56 MGMT_OP_DISCONNECT,
57 MGMT_OP_GET_CONNECTIONS,
58 MGMT_OP_PIN_CODE_REPLY,
59 MGMT_OP_PIN_CODE_NEG_REPLY,
60 MGMT_OP_SET_IO_CAPABILITY,
61 MGMT_OP_PAIR_DEVICE,
62 MGMT_OP_CANCEL_PAIR_DEVICE,
63 MGMT_OP_UNPAIR_DEVICE,
64 MGMT_OP_USER_CONFIRM_REPLY,
65 MGMT_OP_USER_CONFIRM_NEG_REPLY,
66 MGMT_OP_USER_PASSKEY_REPLY,
67 MGMT_OP_USER_PASSKEY_NEG_REPLY,
68 MGMT_OP_READ_LOCAL_OOB_DATA,
69 MGMT_OP_ADD_REMOTE_OOB_DATA,
70 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
71 MGMT_OP_START_DISCOVERY,
72 MGMT_OP_STOP_DISCOVERY,
73 MGMT_OP_CONFIRM_NAME,
74 MGMT_OP_BLOCK_DEVICE,
75 MGMT_OP_UNBLOCK_DEVICE,
cdbaccca 76 MGMT_OP_SET_DEVICE_ID,
4375f103 77 MGMT_OP_SET_ADVERTISING,
e70bb2e8
JH		 78};
79
80static const u16 mgmt_events[] = {
81 MGMT_EV_CONTROLLER_ERROR,
82 MGMT_EV_INDEX_ADDED,
83 MGMT_EV_INDEX_REMOVED,
84 MGMT_EV_NEW_SETTINGS,
85 MGMT_EV_CLASS_OF_DEV_CHANGED,
86 MGMT_EV_LOCAL_NAME_CHANGED,
87 MGMT_EV_NEW_LINK_KEY,
88 MGMT_EV_NEW_LONG_TERM_KEY,
89 MGMT_EV_DEVICE_CONNECTED,
90 MGMT_EV_DEVICE_DISCONNECTED,
91 MGMT_EV_CONNECT_FAILED,
92 MGMT_EV_PIN_CODE_REQUEST,
93 MGMT_EV_USER_CONFIRM_REQUEST,
94 MGMT_EV_USER_PASSKEY_REQUEST,
95 MGMT_EV_AUTH_FAILED,
96 MGMT_EV_DEVICE_FOUND,
97 MGMT_EV_DISCOVERING,
98 MGMT_EV_DEVICE_BLOCKED,
99 MGMT_EV_DEVICE_UNBLOCKED,
100 MGMT_EV_DEVICE_UNPAIRED,
92a25256 101 MGMT_EV_PASSKEY_NOTIFY,
e70bb2e8
JH		 102};
103
17b02e62 104#define CACHE_TIMEOUT msecs_to_jiffies(2 * 1000)
7d78525d 105
4b34ee78
JH		 106#define hdev_is_powered(hdev) (test_bit(HCI_UP, &hdev->flags) && \
107 !test_bit(HCI_AUTO_OFF, &hdev->dev_flags))
108
eec8d2bc
JH		 109struct pending_cmd {
110 struct list_head list;
fc2f4b13 111 u16 opcode;
eec8d2bc 112 int index;
c68fb7ff 113 void *param;
eec8d2bc 114 struct sock *sk;
e9a416b5 115 void *user_data;
eec8d2bc
JH		 116};
117
ca69b795
JH		 118/* HCI to MGMT error code conversion table */
119static u8 mgmt_status_table[] = {
120 MGMT_STATUS_SUCCESS,
121 MGMT_STATUS_UNKNOWN_COMMAND, /* Unknown Command */
122 MGMT_STATUS_NOT_CONNECTED, /* No Connection */
123 MGMT_STATUS_FAILED, /* Hardware Failure */
124 MGMT_STATUS_CONNECT_FAILED, /* Page Timeout */
125 MGMT_STATUS_AUTH_FAILED, /* Authentication Failed */
126 MGMT_STATUS_NOT_PAIRED, /* PIN or Key Missing */
127 MGMT_STATUS_NO_RESOURCES, /* Memory Full */
128 MGMT_STATUS_TIMEOUT, /* Connection Timeout */
129 MGMT_STATUS_NO_RESOURCES, /* Max Number of Connections */
130 MGMT_STATUS_NO_RESOURCES, /* Max Number of SCO Connections */
131 MGMT_STATUS_ALREADY_CONNECTED, /* ACL Connection Exists */
132 MGMT_STATUS_BUSY, /* Command Disallowed */
133 MGMT_STATUS_NO_RESOURCES, /* Rejected Limited Resources */
134 MGMT_STATUS_REJECTED, /* Rejected Security */
135 MGMT_STATUS_REJECTED, /* Rejected Personal */
136 MGMT_STATUS_TIMEOUT, /* Host Timeout */
137 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Feature */
138 MGMT_STATUS_INVALID_PARAMS, /* Invalid Parameters */
139 MGMT_STATUS_DISCONNECTED, /* OE User Ended Connection */
140 MGMT_STATUS_NO_RESOURCES, /* OE Low Resources */
141 MGMT_STATUS_DISCONNECTED, /* OE Power Off */
142 MGMT_STATUS_DISCONNECTED, /* Connection Terminated */
143 MGMT_STATUS_BUSY, /* Repeated Attempts */
144 MGMT_STATUS_REJECTED, /* Pairing Not Allowed */
145 MGMT_STATUS_FAILED, /* Unknown LMP PDU */
146 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Remote Feature */
147 MGMT_STATUS_REJECTED, /* SCO Offset Rejected */
148 MGMT_STATUS_REJECTED, /* SCO Interval Rejected */
149 MGMT_STATUS_REJECTED, /* Air Mode Rejected */
150 MGMT_STATUS_INVALID_PARAMS, /* Invalid LMP Parameters */
151 MGMT_STATUS_FAILED, /* Unspecified Error */
152 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported LMP Parameter Value */
153 MGMT_STATUS_FAILED, /* Role Change Not Allowed */
154 MGMT_STATUS_TIMEOUT, /* LMP Response Timeout */
155 MGMT_STATUS_FAILED, /* LMP Error Transaction Collision */
156 MGMT_STATUS_FAILED, /* LMP PDU Not Allowed */
157 MGMT_STATUS_REJECTED, /* Encryption Mode Not Accepted */
158 MGMT_STATUS_FAILED, /* Unit Link Key Used */
159 MGMT_STATUS_NOT_SUPPORTED, /* QoS Not Supported */
160 MGMT_STATUS_TIMEOUT, /* Instant Passed */
161 MGMT_STATUS_NOT_SUPPORTED, /* Pairing Not Supported */
162 MGMT_STATUS_FAILED, /* Transaction Collision */
163 MGMT_STATUS_INVALID_PARAMS, /* Unacceptable Parameter */
164 MGMT_STATUS_REJECTED, /* QoS Rejected */
165 MGMT_STATUS_NOT_SUPPORTED, /* Classification Not Supported */
166 MGMT_STATUS_REJECTED, /* Insufficient Security */
167 MGMT_STATUS_INVALID_PARAMS, /* Parameter Out Of Range */
168 MGMT_STATUS_BUSY, /* Role Switch Pending */
169 MGMT_STATUS_FAILED, /* Slot Violation */
170 MGMT_STATUS_FAILED, /* Role Switch Failed */
171 MGMT_STATUS_INVALID_PARAMS, /* EIR Too Large */
172 MGMT_STATUS_NOT_SUPPORTED, /* Simple Pairing Not Supported */
173 MGMT_STATUS_BUSY, /* Host Busy Pairing */
174 MGMT_STATUS_REJECTED, /* Rejected, No Suitable Channel */
175 MGMT_STATUS_BUSY, /* Controller Busy */
176 MGMT_STATUS_INVALID_PARAMS, /* Unsuitable Connection Interval */
177 MGMT_STATUS_TIMEOUT, /* Directed Advertising Timeout */
178 MGMT_STATUS_AUTH_FAILED, /* Terminated Due to MIC Failure */
179 MGMT_STATUS_CONNECT_FAILED, /* Connection Establishment Failed */
180 MGMT_STATUS_CONNECT_FAILED, /* MAC Connection Failed */
181};
182
bb4b2a9a
AE		 183bool mgmt_valid_hdev(struct hci_dev *hdev)
184{
185 return hdev->dev_type == HCI_BREDR;
186}
187
ca69b795
JH		 188static u8 mgmt_status(u8 hci_status)
189{
190 if (hci_status < ARRAY_SIZE(mgmt_status_table))
191 return mgmt_status_table[hci_status];
192
193 return MGMT_STATUS_FAILED;
194}
195
4e51eae9 196static int cmd_status(struct sock *sk, u16 index, u16 cmd, u8 status)
f7b64e69
JH		 197{
198 struct sk_buff *skb;
199 struct mgmt_hdr *hdr;
200 struct mgmt_ev_cmd_status *ev;
56b7d137 201 int err;
f7b64e69 202
34eb525c 203 BT_DBG("sock %p, index %u, cmd %u, status %u", sk, index, cmd, status);
f7b64e69 204
790eff44 205 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev), GFP_KERNEL);
f7b64e69
JH		 206 if (!skb)
207 return -ENOMEM;
208
209 hdr = (void *) skb_put(skb, sizeof(*hdr));
210
612dfce9 211 hdr->opcode = __constant_cpu_to_le16(MGMT_EV_CMD_STATUS);
4e51eae9 212 hdr->index = cpu_to_le16(index);
f7b64e69
JH		 213 hdr->len = cpu_to_le16(sizeof(*ev));
214
215 ev = (void *) skb_put(skb, sizeof(*ev));
216 ev->status = status;
eb55ef07 217 ev->opcode = cpu_to_le16(cmd);
f7b64e69 218
56b7d137
GP		 219 err = sock_queue_rcv_skb(sk, skb);
220 if (err < 0)
f7b64e69
JH		 221 kfree_skb(skb);
222
56b7d137 223 return err;
f7b64e69
JH		 224}
225
aee9b218 226static int cmd_complete(struct sock *sk, u16 index, u16 cmd, u8 status,
04124681 227 void *rp, size_t rp_len)
02d98129
JH		 228{
229 struct sk_buff *skb;
230 struct mgmt_hdr *hdr;
231 struct mgmt_ev_cmd_complete *ev;
56b7d137 232 int err;
02d98129
JH		 233
234 BT_DBG("sock %p", sk);
235
790eff44 236 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev) + rp_len, GFP_KERNEL);
02d98129
JH		 237 if (!skb)
238 return -ENOMEM;
239
240 hdr = (void *) skb_put(skb, sizeof(*hdr));
02d98129 241
612dfce9 242 hdr->opcode = __constant_cpu_to_le16(MGMT_EV_CMD_COMPLETE);
4e51eae9 243 hdr->index = cpu_to_le16(index);
a38528f1 244 hdr->len = cpu_to_le16(sizeof(*ev) + rp_len);
02d98129 245
a38528f1 246 ev = (void *) skb_put(skb, sizeof(*ev) + rp_len);
eb55ef07 247 ev->opcode = cpu_to_le16(cmd);
aee9b218 248 ev->status = status;
8020c16a
SJ		 249
250 if (rp)
251 memcpy(ev->data, rp, rp_len);
02d98129 252
56b7d137
GP		 253 err = sock_queue_rcv_skb(sk, skb);
254 if (err < 0)
02d98129
JH		 255 kfree_skb(skb);
256
e5f0e151 257 return err;
02d98129
JH		 258}
259
04124681
GP		 260static int read_version(struct sock *sk, struct hci_dev *hdev, void *data,
261 u16 data_len)
a38528f1
JH		 262{
263 struct mgmt_rp_read_version rp;
264
265 BT_DBG("sock %p", sk);
266
267 rp.version = MGMT_VERSION;
eb55ef07 268 rp.revision = __constant_cpu_to_le16(MGMT_REVISION);
a38528f1 269
aee9b218 270 return cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_VERSION, 0, &rp,
04124681 271 sizeof(rp));
a38528f1
JH		 272}
273
04124681
GP		 274static int read_commands(struct sock *sk, struct hci_dev *hdev, void *data,
275 u16 data_len)
e70bb2e8
JH		 276{
277 struct mgmt_rp_read_commands *rp;
eb55ef07
MH		 278 const u16 num_commands = ARRAY_SIZE(mgmt_commands);
279 const u16 num_events = ARRAY_SIZE(mgmt_events);
2e3c35ea 280 __le16 *opcode;
e70bb2e8
JH		 281 size_t rp_size;
282 int i, err;
283
284 BT_DBG("sock %p", sk);
285
286 rp_size = sizeof(*rp) + ((num_commands + num_events) * sizeof(u16));
287
288 rp = kmalloc(rp_size, GFP_KERNEL);
289 if (!rp)
290 return -ENOMEM;
291
eb55ef07
MH		 292 rp->num_commands = __constant_cpu_to_le16(num_commands);
293 rp->num_events = __constant_cpu_to_le16(num_events);
e70bb2e8
JH		 294
295 for (i = 0, opcode = rp->opcodes; i < num_commands; i++, opcode++)
296 put_unaligned_le16(mgmt_commands[i], opcode);
297
298 for (i = 0; i < num_events; i++, opcode++)
299 put_unaligned_le16(mgmt_events[i], opcode);
300
aee9b218 301 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_COMMANDS, 0, rp,
04124681 302 rp_size);
e70bb2e8
JH		 303 kfree(rp);
304
305 return err;
306}
307
04124681
GP		 308static int read_index_list(struct sock *sk, struct hci_dev *hdev, void *data,
309 u16 data_len)
faba42eb 310{
faba42eb 311 struct mgmt_rp_read_index_list *rp;
8035ded4 312 struct hci_dev *d;
a38528f1 313 size_t rp_len;
faba42eb 314 u16 count;
476e44cb 315 int err;
faba42eb
JH		 316
317 BT_DBG("sock %p", sk);
318
319 read_lock(&hci_dev_list_lock);
320
321 count = 0;
bb4b2a9a
AE		 322 list_for_each_entry(d, &hci_dev_list, list) {
323 if (!mgmt_valid_hdev(d))
324 continue;
325
faba42eb
JH		 326 count++;
327 }
328
a38528f1
JH		 329 rp_len = sizeof(*rp) + (2 * count);
330 rp = kmalloc(rp_len, GFP_ATOMIC);
331 if (!rp) {
b2c60d42 332 read_unlock(&hci_dev_list_lock);
faba42eb 333 return -ENOMEM;
b2c60d42 334 }
faba42eb 335
476e44cb 336 count = 0;
8035ded4 337 list_for_each_entry(d, &hci_dev_list, list) {
a8b2d5c2 338 if (test_bit(HCI_SETUP, &d->dev_flags))
ab81cbf9
JH		 339 continue;
340
0736cfa8
MH		 341 if (test_bit(HCI_USER_CHANNEL, &d->dev_flags))
342 continue;
343
bb4b2a9a
AE		 344 if (!mgmt_valid_hdev(d))
345 continue;
346
476e44cb 347 rp->index[count++] = cpu_to_le16(d->id);
faba42eb
JH		 348 BT_DBG("Added hci%u", d->id);
349 }
350
476e44cb
JH		 351 rp->num_controllers = cpu_to_le16(count);
352 rp_len = sizeof(*rp) + (2 * count);
353
faba42eb
JH		 354 read_unlock(&hci_dev_list_lock);
355
aee9b218 356 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_INDEX_LIST, 0, rp,
04124681 357 rp_len);
faba42eb 358
a38528f1
JH		 359 kfree(rp);
360
361 return err;
faba42eb
JH		 362}
363
69ab39ea
JH		 364static u32 get_supported_settings(struct hci_dev *hdev)
365{
366 u32 settings = 0;
367
368 settings |= MGMT_SETTING_POWERED;
69ab39ea
JH		 369 settings |= MGMT_SETTING_PAIRABLE;
370
9a1a1996 371 if (lmp_ssp_capable(hdev))
69ab39ea
JH		 372 settings |= MGMT_SETTING_SSP;
373
ed3fa31f 374 if (lmp_bredr_capable(hdev)) {
33c525c0 375 settings |= MGMT_SETTING_CONNECTABLE;
1a47aee8
JH		 376 if (hdev->hci_ver >= BLUETOOTH_VER_1_2)
377 settings |= MGMT_SETTING_FAST_CONNECTABLE;
33c525c0 378 settings |= MGMT_SETTING_DISCOVERABLE;
69ab39ea
JH		 379 settings |= MGMT_SETTING_BREDR;
380 settings |= MGMT_SETTING_LINK_SECURITY;
d7b7e796 381 settings |= MGMT_SETTING_HS;
848566b3 382 }
d7b7e796 383
eeca6f89 384 if (lmp_le_capable(hdev)) {
9d42820f 385 settings |= MGMT_SETTING_LE;
eeca6f89
JH		 386 settings |= MGMT_SETTING_ADVERTISING;
387 }
69ab39ea
JH		 388
389 return settings;
390}
391
392static u32 get_current_settings(struct hci_dev *hdev)
393{
394 u32 settings = 0;
395
f1f0eb02 396 if (hdev_is_powered(hdev))
f0d4b78a
MH		 397 settings |= MGMT_SETTING_POWERED;
398
5e5282bb 399 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
69ab39ea
JH		 400 settings |= MGMT_SETTING_CONNECTABLE;
401
1a4d3c4b
JH		 402 if (test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags))
403 settings |= MGMT_SETTING_FAST_CONNECTABLE;
404
5e5282bb 405 if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
69ab39ea
JH		 406 settings |= MGMT_SETTING_DISCOVERABLE;
407
a8b2d5c2 408 if (test_bit(HCI_PAIRABLE, &hdev->dev_flags))
69ab39ea
JH		 409 settings |= MGMT_SETTING_PAIRABLE;
410
ed3fa31f 411 if (lmp_bredr_capable(hdev))
69ab39ea
JH		 412 settings |= MGMT_SETTING_BREDR;
413
06199cf8 414 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
69ab39ea
JH		 415 settings |= MGMT_SETTING_LE;
416
47990ea0 417 if (test_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
69ab39ea
JH		 418 settings |= MGMT_SETTING_LINK_SECURITY;
419
84bde9d6 420 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
69ab39ea
JH		 421 settings |= MGMT_SETTING_SSP;
422
6d80dfd0
JH		 423 if (test_bit(HCI_HS_ENABLED, &hdev->dev_flags))
424 settings |= MGMT_SETTING_HS;
425
eeca6f89
JH		 426 if (test_bit(HCI_LE_PERIPHERAL, &hdev->dev_flags))
427 settings |= MGMT_SETTING_ADVERTISING;
428
69ab39ea
JH		 429 return settings;
430}
431
ef580372
JH		 432#define PNP_INFO_SVCLASS_ID 0x1200
433
213202ed
JH		 434static u8 *create_uuid16_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
435{
436 u8 *ptr = data, *uuids_start = NULL;
437 struct bt_uuid *uuid;
438
439 if (len < 4)
440 return ptr;
441
442 list_for_each_entry(uuid, &hdev->uuids, list) {
443 u16 uuid16;
444
445 if (uuid->size != 16)
446 continue;
447
448 uuid16 = get_unaligned_le16(&uuid->uuid[12]);
449 if (uuid16 < 0x1100)
450 continue;
451
452 if (uuid16 == PNP_INFO_SVCLASS_ID)
453 continue;
454
455 if (!uuids_start) {
456 uuids_start = ptr;
457 uuids_start[0] = 1;
458 uuids_start[1] = EIR_UUID16_ALL;
459 ptr += 2;
460 }
461
462 /* Stop if not enough space to put next UUID */
463 if ((ptr - data) + sizeof(u16) > len) {
464 uuids_start[1] = EIR_UUID16_SOME;
465 break;
466 }
467
468 *ptr++ = (uuid16 & 0x00ff);
469 *ptr++ = (uuid16 & 0xff00) >> 8;
470 uuids_start[0] += sizeof(uuid16);
471 }
472
473 return ptr;
474}
475
cdf1963f
JH		 476static u8 *create_uuid32_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
477{
478 u8 *ptr = data, *uuids_start = NULL;
479 struct bt_uuid *uuid;
480
481 if (len < 6)
482 return ptr;
483
484 list_for_each_entry(uuid, &hdev->uuids, list) {
485 if (uuid->size != 32)
486 continue;
487
488 if (!uuids_start) {
489 uuids_start = ptr;
490 uuids_start[0] = 1;
491 uuids_start[1] = EIR_UUID32_ALL;
492 ptr += 2;
493 }
494
495 /* Stop if not enough space to put next UUID */
496 if ((ptr - data) + sizeof(u32) > len) {
497 uuids_start[1] = EIR_UUID32_SOME;
498 break;
499 }
500
501 memcpy(ptr, &uuid->uuid[12], sizeof(u32));
502 ptr += sizeof(u32);
503 uuids_start[0] += sizeof(u32);
504 }
505
506 return ptr;
507}
508
c00d575b
JH		 509static u8 *create_uuid128_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
510{
511 u8 *ptr = data, *uuids_start = NULL;
512 struct bt_uuid *uuid;
513
514 if (len < 18)
515 return ptr;
516
517 list_for_each_entry(uuid, &hdev->uuids, list) {
518 if (uuid->size != 128)
519 continue;
520
521 if (!uuids_start) {
522 uuids_start = ptr;
523 uuids_start[0] = 1;
524 uuids_start[1] = EIR_UUID128_ALL;
525 ptr += 2;
526 }
527
528 /* Stop if not enough space to put next UUID */
529 if ((ptr - data) + 16 > len) {
530 uuids_start[1] = EIR_UUID128_SOME;
531 break;
532 }
533
534 memcpy(ptr, uuid->uuid, 16);
535 ptr += 16;
536 uuids_start[0] += 16;
537 }
538
539 return ptr;
540}
541
ef580372
JH		 542static void create_eir(struct hci_dev *hdev, u8 *data)
543{
544 u8 *ptr = data;
ef580372
JH		 545 size_t name_len;
546
547 name_len = strlen(hdev->dev_name);
548
549 if (name_len > 0) {
550 /* EIR Data type */
551 if (name_len > 48) {
552 name_len = 48;
553 ptr[1] = EIR_NAME_SHORT;
554 } else
555 ptr[1] = EIR_NAME_COMPLETE;
556
557 /* EIR Data length */
558 ptr[0] = name_len + 1;
559
560 memcpy(ptr + 2, hdev->dev_name, name_len);
561
ef580372
JH		 562 ptr += (name_len + 2);
563 }
564
bbaf444a 565 if (hdev->inq_tx_power != HCI_TX_POWER_INVALID) {
91c4e9b1
MH		 566 ptr[0] = 2;
567 ptr[1] = EIR_TX_POWER;
568 ptr[2] = (u8) hdev->inq_tx_power;
569
91c4e9b1
MH		 570 ptr += 3;
571 }
572
2b9be137
MH		 573 if (hdev->devid_source > 0) {
574 ptr[0] = 9;
575 ptr[1] = EIR_DEVICE_ID;
576
577 put_unaligned_le16(hdev->devid_source, ptr + 2);
578 put_unaligned_le16(hdev->devid_vendor, ptr + 4);
579 put_unaligned_le16(hdev->devid_product, ptr + 6);
580 put_unaligned_le16(hdev->devid_version, ptr + 8);
581
2b9be137
MH		 582 ptr += 10;
583 }
584
213202ed 585 ptr = create_uuid16_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
cdf1963f 586 ptr = create_uuid32_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
c00d575b 587 ptr = create_uuid128_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
ef580372
JH		 588}
589
890ea898 590static void update_eir(struct hci_request *req)
ef580372 591{
890ea898 592 struct hci_dev *hdev = req->hdev;
ef580372
JH		 593 struct hci_cp_write_eir cp;
594
504c8dcd 595 if (!hdev_is_powered(hdev))
890ea898 596 return;
7770c4aa 597
976eb20e 598 if (!lmp_ext_inq_capable(hdev))
890ea898 599 return;
ef580372 600
84bde9d6 601 if (!test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
890ea898 602 return;
ef580372 603
a8b2d5c2 604 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
890ea898 605 return;
ef580372
JH		 606
607 memset(&cp, 0, sizeof(cp));
608
609 create_eir(hdev, cp.data);
610
611 if (memcmp(cp.data, hdev->eir, sizeof(cp.data)) == 0)
890ea898 612 return;
ef580372
JH		 613
614 memcpy(hdev->eir, cp.data, sizeof(cp.data));
615
890ea898 616 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
ef580372
JH		 617}
618
619static u8 get_service_classes(struct hci_dev *hdev)
620{
621 struct bt_uuid *uuid;
622 u8 val = 0;
623
624 list_for_each_entry(uuid, &hdev->uuids, list)
625 val |= uuid->svc_hint;
626
627 return val;
628}
629
890ea898 630static void update_class(struct hci_request *req)
ef580372 631{
890ea898 632 struct hci_dev *hdev = req->hdev;
ef580372
JH		 633 u8 cod[3];
634
635 BT_DBG("%s", hdev->name);
636
504c8dcd 637 if (!hdev_is_powered(hdev))
890ea898 638 return;
7770c4aa 639
a8b2d5c2 640 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
890ea898 641 return;
ef580372
JH		 642
643 cod[0] = hdev->minor_class;
644 cod[1] = hdev->major_class;
645 cod[2] = get_service_classes(hdev);
646
647 if (memcmp(cod, hdev->dev_class, 3) == 0)
890ea898 648 return;
ef580372 649
890ea898 650 hci_req_add(req, HCI_OP_WRITE_CLASS_OF_DEV, sizeof(cod), cod);
ef580372
JH		 651}
652
7d78525d
JH		 653static void service_cache_off(struct work_struct *work)
654{
655 struct hci_dev *hdev = container_of(work, struct hci_dev,
04124681 656 service_cache.work);
890ea898 657 struct hci_request req;
7d78525d 658
a8b2d5c2 659 if (!test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
7d78525d
JH		 660 return;
661
890ea898
JH		 662 hci_req_init(&req, hdev);
663
7d78525d
JH		 664 hci_dev_lock(hdev);
665
890ea898
JH		 666 update_eir(&req);
667 update_class(&req);
7d78525d
JH		 668
669 hci_dev_unlock(hdev);
890ea898
JH		 670
671 hci_req_run(&req, NULL);
7d78525d
JH		 672}
673
6a919082 674static void mgmt_init_hdev(struct sock *sk, struct hci_dev *hdev)
7d78525d 675{
4f87da80 676 if (test_and_set_bit(HCI_MGMT, &hdev->dev_flags))
6a919082
JH		 677 return;
678
4f87da80 679 INIT_DELAYED_WORK(&hdev->service_cache, service_cache_off);
7d78525d 680
4f87da80
JH		 681 /* Non-mgmt controlled devices get this bit set
682 * implicitly so that pairing works for them, however
683 * for mgmt we require user-space to explicitly enable
684 * it
685 */
686 clear_bit(HCI_PAIRABLE, &hdev->dev_flags);
7d78525d
JH		 687}
688
0f4e68cf 689static int read_controller_info(struct sock *sk, struct hci_dev *hdev,
04124681 690 void *data, u16 data_len)
0381101f 691{
a38528f1 692 struct mgmt_rp_read_info rp;
f7b64e69 693
bdb6d971 694 BT_DBG("sock %p %s", sk, hdev->name);
f7b64e69 695
09fd0de5 696 hci_dev_lock(hdev);
f7b64e69 697
dc4fe30b
JH		 698 memset(&rp, 0, sizeof(rp));
699
69ab39ea 700 bacpy(&rp.bdaddr, &hdev->bdaddr);
f7b64e69 701
69ab39ea 702 rp.version = hdev->hci_ver;
eb55ef07 703 rp.manufacturer = cpu_to_le16(hdev->manufacturer);
69ab39ea
JH		 704
705 rp.supported_settings = cpu_to_le32(get_supported_settings(hdev));
706 rp.current_settings = cpu_to_le32(get_current_settings(hdev));
f7b64e69 707
a38528f1 708 memcpy(rp.dev_class, hdev->dev_class, 3);
f7b64e69 709
dc4fe30b 710 memcpy(rp.name, hdev->dev_name, sizeof(hdev->dev_name));
27fcc362 711 memcpy(rp.short_name, hdev->short_name, sizeof(hdev->short_name));
dc4fe30b 712
09fd0de5 713 hci_dev_unlock(hdev);
0381101f 714
bdb6d971 715 return cmd_complete(sk, hdev->id, MGMT_OP_READ_INFO, 0, &rp,
04124681 716 sizeof(rp));
0381101f
JH		 717}
718
eec8d2bc
JH		 719static void mgmt_pending_free(struct pending_cmd *cmd)
720{
721 sock_put(cmd->sk);
c68fb7ff 722 kfree(cmd->param);
eec8d2bc
JH		 723 kfree(cmd);
724}
725
366a0336 726static struct pending_cmd *mgmt_pending_add(struct sock *sk, u16 opcode,
04124681
GP		 727 struct hci_dev *hdev, void *data,
728 u16 len)
eec8d2bc
JH		 729{
730 struct pending_cmd *cmd;
731
12b94565 732 cmd = kmalloc(sizeof(*cmd), GFP_KERNEL);
eec8d2bc 733 if (!cmd)
366a0336 734 return NULL;
eec8d2bc
JH		 735
736 cmd->opcode = opcode;
2e58ef3e 737 cmd->index = hdev->id;
eec8d2bc 738
12b94565 739 cmd->param = kmalloc(len, GFP_KERNEL);
c68fb7ff 740 if (!cmd->param) {
eec8d2bc 741 kfree(cmd);
366a0336 742 return NULL;
eec8d2bc
JH		 743 }
744
8fce6357
SJ		 745 if (data)
746 memcpy(cmd->param, data, len);
eec8d2bc
JH		 747
748 cmd->sk = sk;
749 sock_hold(sk);
750
2e58ef3e 751 list_add(&cmd->list, &hdev->mgmt_pending);
eec8d2bc 752
366a0336 753 return cmd;
eec8d2bc
JH		 754}
755
744cf19e 756static void mgmt_pending_foreach(u16 opcode, struct hci_dev *hdev,
8fc9ced3
GP		 757 void (*cb)(struct pending_cmd *cmd,
758 void *data),
04124681 759 void *data)
eec8d2bc 760{
a3d09356 761 struct pending_cmd *cmd, *tmp;
eec8d2bc 762
a3d09356 763 list_for_each_entry_safe(cmd, tmp, &hdev->mgmt_pending, list) {
b24752fe 764 if (opcode > 0 && cmd->opcode != opcode)
eec8d2bc
JH		 765 continue;
766
eec8d2bc
JH		 767 cb(cmd, data);
768 }
769}
770
2e58ef3e 771static struct pending_cmd *mgmt_pending_find(u16 opcode, struct hci_dev *hdev)
eec8d2bc 772{
8035ded4 773 struct pending_cmd *cmd;
eec8d2bc 774
2e58ef3e 775 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
2aeabcbe
JH		 776 if (cmd->opcode == opcode)
777 return cmd;
eec8d2bc
JH		 778 }
779
780 return NULL;
781}
782
a664b5bc 783static void mgmt_pending_remove(struct pending_cmd *cmd)
73f22f62 784{
73f22f62
JH		 785 list_del(&cmd->list);
786 mgmt_pending_free(cmd);
787}
788
69ab39ea 789static int send_settings_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
8680570b 790{
69ab39ea 791 __le32 settings = cpu_to_le32(get_current_settings(hdev));
8680570b 792
aee9b218 793 return cmd_complete(sk, hdev->id, opcode, 0, &settings,
04124681 794 sizeof(settings));
8680570b
JH		 795}
796
bdb6d971 797static int set_powered(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 798 u16 len)
eec8d2bc 799{
650f726d 800 struct mgmt_mode *cp = data;
366a0336 801 struct pending_cmd *cmd;
4b34ee78 802 int err;
eec8d2bc 803
bdb6d971 804 BT_DBG("request for %s", hdev->name);
eec8d2bc 805
a7e80f25
JH		 806 if (cp->val != 0x00 && cp->val != 0x01)
807 return cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
808 MGMT_STATUS_INVALID_PARAMS);
809
09fd0de5 810 hci_dev_lock(hdev);
eec8d2bc 811
87b95ba6
JH		 812 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev)) {
813 err = cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
814 MGMT_STATUS_BUSY);
815 goto failed;
816 }
817
f0d4b78a
MH		 818 if (test_and_clear_bit(HCI_AUTO_OFF, &hdev->dev_flags)) {
819 cancel_delayed_work(&hdev->power_off);
820
821 if (cp->val) {
a1d70450
JH		 822 mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev,
823 data, len);
824 err = mgmt_powered(hdev, 1);
f0d4b78a
MH		 825 goto failed;
826 }
827 }
828
4b34ee78 829 if (!!cp->val == hdev_is_powered(hdev)) {
69ab39ea 830 err = send_settings_rsp(sk, MGMT_OP_SET_POWERED, hdev);
eec8d2bc
JH		 831 goto failed;
832 }
833
2e58ef3e 834 cmd = mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev, data, len);
366a0336
JH		 835 if (!cmd) {
836 err = -ENOMEM;
eec8d2bc 837 goto failed;
366a0336 838 }
eec8d2bc 839
72a734ec 840 if (cp->val)
19202573 841 queue_work(hdev->req_workqueue, &hdev->power_on);
eec8d2bc 842 else
19202573 843 queue_work(hdev->req_workqueue, &hdev->power_off.work);
eec8d2bc 844
366a0336 845 err = 0;
eec8d2bc
JH		 846
847failed:
09fd0de5 848 hci_dev_unlock(hdev);
366a0336 849 return err;
eec8d2bc
JH		 850}
851
04124681
GP		 852static int mgmt_event(u16 event, struct hci_dev *hdev, void *data, u16 data_len,
853 struct sock *skip_sk)
beadb2bd
JH		 854{
855 struct sk_buff *skb;
856 struct mgmt_hdr *hdr;
857
790eff44 858 skb = alloc_skb(sizeof(*hdr) + data_len, GFP_KERNEL);
beadb2bd
JH		 859 if (!skb)
860 return -ENOMEM;
861
862 hdr = (void *) skb_put(skb, sizeof(*hdr));
863 hdr->opcode = cpu_to_le16(event);
864 if (hdev)
865 hdr->index = cpu_to_le16(hdev->id);
866 else
612dfce9 867 hdr->index = __constant_cpu_to_le16(MGMT_INDEX_NONE);
beadb2bd
JH		 868 hdr->len = cpu_to_le16(data_len);
869
870 if (data)
871 memcpy(skb_put(skb, data_len), data, data_len);
872
97e0bdeb
MH		 873 /* Time stamp */
874 __net_timestamp(skb);
875
beadb2bd
JH		 876 hci_send_to_control(skb, skip_sk);
877 kfree_skb(skb);
878
879 return 0;
880}
881
882static int new_settings(struct hci_dev *hdev, struct sock *skip)
883{
884 __le32 ev;
885
886 ev = cpu_to_le32(get_current_settings(hdev));
887
888 return mgmt_event(MGMT_EV_NEW_SETTINGS, hdev, &ev, sizeof(ev), skip);
889}
890
bd99abdd
JH		 891struct cmd_lookup {
892 struct sock *sk;
893 struct hci_dev *hdev;
894 u8 mgmt_status;
895};
896
897static void settings_rsp(struct pending_cmd *cmd, void *data)
898{
899 struct cmd_lookup *match = data;
900
901 send_settings_rsp(cmd->sk, cmd->opcode, match->hdev);
902
903 list_del(&cmd->list);
904
905 if (match->sk == NULL) {
906 match->sk = cmd->sk;
907 sock_hold(match->sk);
908 }
909
910 mgmt_pending_free(cmd);
911}
912
913static void cmd_status_rsp(struct pending_cmd *cmd, void *data)
914{
915 u8 *status = data;
916
917 cmd_status(cmd->sk, cmd->index, cmd->opcode, *status);
918 mgmt_pending_remove(cmd);
919}
920
bdb6d971 921static int set_discoverable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 922 u16 len)
73f22f62 923{
650f726d 924 struct mgmt_cp_set_discoverable *cp = data;
366a0336 925 struct pending_cmd *cmd;
5e5282bb 926 u16 timeout;
73f22f62
JH		 927 u8 scan;
928 int err;
929
bdb6d971 930 BT_DBG("request for %s", hdev->name);
73f22f62 931
33c525c0
JH		 932 if (!lmp_bredr_capable(hdev))
933 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
934 MGMT_STATUS_NOT_SUPPORTED);
935
a7e80f25
JH		 936 if (cp->val != 0x00 && cp->val != 0x01)
937 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
938 MGMT_STATUS_INVALID_PARAMS);
939
1f350c87 940 timeout = __le16_to_cpu(cp->timeout);
24c54a90 941 if (!cp->val && timeout > 0)
bdb6d971 942 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 943 MGMT_STATUS_INVALID_PARAMS);
73f22f62 944
09fd0de5 945 hci_dev_lock(hdev);
73f22f62 946
5e5282bb 947 if (!hdev_is_powered(hdev) && timeout > 0) {
bdb6d971 948 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 949 MGMT_STATUS_NOT_POWERED);
73f22f62
JH		 950 goto failed;
951 }
952
2e58ef3e 953 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
8ce8e2b5 954 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
bdb6d971 955 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 956 MGMT_STATUS_BUSY);
73f22f62
JH		 957 goto failed;
958 }
959
5e5282bb 960 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags)) {
bdb6d971 961 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 962 MGMT_STATUS_REJECTED);
5e5282bb
JH		 963 goto failed;
964 }
965
966 if (!hdev_is_powered(hdev)) {
0224d2fa
JH		 967 bool changed = false;
968
969 if (!!cp->val != test_bit(HCI_DISCOVERABLE, &hdev->dev_flags)) {
970 change_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
971 changed = true;
972 }
973
5e5282bb 974 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
0224d2fa
JH		 975 if (err < 0)
976 goto failed;
977
978 if (changed)
979 err = new_settings(hdev, sk);
980
5e5282bb
JH		 981 goto failed;
982 }
983
984 if (!!cp->val == test_bit(HCI_DISCOVERABLE, &hdev->dev_flags)) {
955638ec
MH		 985 if (hdev->discov_timeout > 0) {
986 cancel_delayed_work(&hdev->discov_off);
987 hdev->discov_timeout = 0;
988 }
989
990 if (cp->val && timeout > 0) {
991 hdev->discov_timeout = timeout;
992 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
993 msecs_to_jiffies(hdev->discov_timeout * 1000));
994 }
995
69ab39ea 996 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
73f22f62
JH		 997 goto failed;
998 }
999
2e58ef3e 1000 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DISCOVERABLE, hdev, data, len);
366a0336
JH		 1001 if (!cmd) {
1002 err = -ENOMEM;
73f22f62 1003 goto failed;
366a0336 1004 }
73f22f62
JH		 1005
1006 scan = SCAN_PAGE;
1007
72a734ec 1008 if (cp->val)
73f22f62 1009 scan |= SCAN_INQUIRY;
16ab91ab 1010 else
e0f9309f 1011 cancel_delayed_work(&hdev->discov_off);
73f22f62
JH		 1012
1013 err = hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1014 if (err < 0)
a664b5bc 1015 mgmt_pending_remove(cmd);
73f22f62 1016
16ab91ab 1017 if (cp->val)
5e5282bb 1018 hdev->discov_timeout = timeout;
16ab91ab 1019
73f22f62 1020failed:
09fd0de5 1021 hci_dev_unlock(hdev);
73f22f62
JH		 1022 return err;
1023}
1024
406d7804
JH		 1025static void write_fast_connectable(struct hci_request *req, bool enable)
1026{
bd98b996 1027 struct hci_dev *hdev = req->hdev;
406d7804
JH		 1028 struct hci_cp_write_page_scan_activity acp;
1029 u8 type;
1030
4c01f8b8
JH		 1031 if (hdev->hci_ver < BLUETOOTH_VER_1_2)
1032 return;
1033
406d7804
JH		 1034 if (enable) {
1035 type = PAGE_SCAN_TYPE_INTERLACED;
1036
1037 /* 160 msec page scan interval */
1038 acp.interval = __constant_cpu_to_le16(0x0100);
1039 } else {
1040 type = PAGE_SCAN_TYPE_STANDARD; /* default */
1041
1042 /* default 1.28 sec page scan */
1043 acp.interval = __constant_cpu_to_le16(0x0800);
1044 }
1045
1046 acp.window = __constant_cpu_to_le16(0x0012);
1047
bd98b996
JH		 1048 if (__cpu_to_le16(hdev->page_scan_interval) != acp.interval ||
1049 __cpu_to_le16(hdev->page_scan_window) != acp.window)
1050 hci_req_add(req, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY,
1051 sizeof(acp), &acp);
1052
1053 if (hdev->page_scan_type != type)
1054 hci_req_add(req, HCI_OP_WRITE_PAGE_SCAN_TYPE, 1, &type);
406d7804
JH		 1055}
1056
2b76f453
JH		 1057static void set_connectable_complete(struct hci_dev *hdev, u8 status)
1058{
1059 struct pending_cmd *cmd;
1060
1061 BT_DBG("status 0x%02x", status);
1062
1063 hci_dev_lock(hdev);
1064
1065 cmd = mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
1066 if (!cmd)
1067 goto unlock;
1068
1069 send_settings_rsp(cmd->sk, MGMT_OP_SET_CONNECTABLE, hdev);
1070
1071 mgmt_pending_remove(cmd);
1072
1073unlock:
1074 hci_dev_unlock(hdev);
1075}
1076
bdb6d971 1077static int set_connectable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1078 u16 len)
9fbcbb45 1079{
650f726d 1080 struct mgmt_mode *cp = data;
366a0336 1081 struct pending_cmd *cmd;
2b76f453 1082 struct hci_request req;
9fbcbb45
JH		 1083 u8 scan;
1084 int err;
1085
bdb6d971 1086 BT_DBG("request for %s", hdev->name);
9fbcbb45 1087
33c525c0
JH		 1088 if (!lmp_bredr_capable(hdev))
1089 return cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1090 MGMT_STATUS_NOT_SUPPORTED);
1091
a7e80f25
JH		 1092 if (cp->val != 0x00 && cp->val != 0x01)
1093 return cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1094 MGMT_STATUS_INVALID_PARAMS);
1095
09fd0de5 1096 hci_dev_lock(hdev);
9fbcbb45 1097
4b34ee78 1098 if (!hdev_is_powered(hdev)) {
0224d2fa
JH		 1099 bool changed = false;
1100
1101 if (!!cp->val != test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
1102 changed = true;
1103
6bf0e469 1104 if (cp->val) {
5e5282bb 1105 set_bit(HCI_CONNECTABLE, &hdev->dev_flags);
6bf0e469 1106 } else {
5e5282bb
JH		 1107 clear_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1108 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
1109 }
0224d2fa 1110
5e5282bb 1111 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
0224d2fa
JH		 1112 if (err < 0)
1113 goto failed;
1114
1115 if (changed)
1116 err = new_settings(hdev, sk);
1117
9fbcbb45
JH		 1118 goto failed;
1119 }
1120
2e58ef3e 1121 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
8ce8e2b5 1122 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
bdb6d971 1123 err = cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
04124681 1124 MGMT_STATUS_BUSY);
9fbcbb45
JH		 1125 goto failed;
1126 }
1127
5e5282bb 1128 if (!!cp->val == test_bit(HCI_PSCAN, &hdev->flags)) {
69ab39ea 1129 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
9fbcbb45
JH		 1130 goto failed;
1131 }
1132
2e58ef3e 1133 cmd = mgmt_pending_add(sk, MGMT_OP_SET_CONNECTABLE, hdev, data, len);
366a0336
JH		 1134 if (!cmd) {
1135 err = -ENOMEM;
9fbcbb45 1136 goto failed;
366a0336 1137 }
9fbcbb45 1138
6bf0e469 1139 if (cp->val) {
9fbcbb45 1140 scan = SCAN_PAGE;
6bf0e469 1141 } else {
9fbcbb45
JH		 1142 scan = 0;
1143
df2c6c5e 1144 if (test_bit(HCI_ISCAN, &hdev->flags) &&
8ce8e2b5 1145 hdev->discov_timeout > 0)
df2c6c5e
JH		 1146 cancel_delayed_work(&hdev->discov_off);
1147 }
1148
2b76f453
JH		 1149 hci_req_init(&req, hdev);
1150
1151 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1152
4c01f8b8
JH		 1153 /* If we're going from non-connectable to connectable or
1154 * vice-versa when fast connectable is enabled ensure that fast
1155 * connectable gets disabled. write_fast_connectable won't do
1156 * anything if the page scan parameters are already what they
1157 * should be.
1158 */
1159 if (cp->val || test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags))
e36a3769
JH		 1160 write_fast_connectable(&req, false);
1161
2b76f453 1162 err = hci_req_run(&req, set_connectable_complete);
9fbcbb45 1163 if (err < 0)
a664b5bc 1164 mgmt_pending_remove(cmd);
9fbcbb45
JH		 1165
1166failed:
09fd0de5 1167 hci_dev_unlock(hdev);
9fbcbb45
JH		 1168 return err;
1169}
1170
bdb6d971 1171static int set_pairable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1172 u16 len)
c542a06c 1173{
650f726d 1174 struct mgmt_mode *cp = data;
c542a06c
JH		 1175 int err;
1176
bdb6d971 1177 BT_DBG("request for %s", hdev->name);
c542a06c 1178
a7e80f25
JH		 1179 if (cp->val != 0x00 && cp->val != 0x01)
1180 return cmd_status(sk, hdev->id, MGMT_OP_SET_PAIRABLE,
1181 MGMT_STATUS_INVALID_PARAMS);
1182
09fd0de5 1183 hci_dev_lock(hdev);
c542a06c
JH		 1184
1185 if (cp->val)
a8b2d5c2 1186 set_bit(HCI_PAIRABLE, &hdev->dev_flags);
c542a06c 1187 else
a8b2d5c2 1188 clear_bit(HCI_PAIRABLE, &hdev->dev_flags);
c542a06c 1189
69ab39ea 1190 err = send_settings_rsp(sk, MGMT_OP_SET_PAIRABLE, hdev);
c542a06c
JH		 1191 if (err < 0)
1192 goto failed;
1193
beadb2bd 1194 err = new_settings(hdev, sk);
c542a06c
JH		 1195
1196failed:
09fd0de5 1197 hci_dev_unlock(hdev);
c542a06c
JH		 1198 return err;
1199}
1200
04124681
GP		 1201static int set_link_security(struct sock *sk, struct hci_dev *hdev, void *data,
1202 u16 len)
33ef95ed
JH		 1203{
1204 struct mgmt_mode *cp = data;
1205 struct pending_cmd *cmd;
816a11d5 1206 u8 val;
33ef95ed
JH		 1207 int err;
1208
bdb6d971 1209 BT_DBG("request for %s", hdev->name);
33ef95ed 1210
33c525c0
JH		 1211 if (!lmp_bredr_capable(hdev))
1212 return cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1213 MGMT_STATUS_NOT_SUPPORTED);
1214
a7e80f25
JH		 1215 if (cp->val != 0x00 && cp->val != 0x01)
1216 return cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1217 MGMT_STATUS_INVALID_PARAMS);
1218
33ef95ed
JH		 1219 hci_dev_lock(hdev);
1220
4b34ee78 1221 if (!hdev_is_powered(hdev)) {
47990ea0
JH		 1222 bool changed = false;
1223
1224 if (!!cp->val != test_bit(HCI_LINK_SECURITY,
8ce8e2b5 1225 &hdev->dev_flags)) {
47990ea0
JH		 1226 change_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
1227 changed = true;
1228 }
1229
1230 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1231 if (err < 0)
1232 goto failed;
1233
1234 if (changed)
1235 err = new_settings(hdev, sk);
1236
33ef95ed
JH		 1237 goto failed;
1238 }
1239
1240 if (mgmt_pending_find(MGMT_OP_SET_LINK_SECURITY, hdev)) {
bdb6d971 1241 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
04124681 1242 MGMT_STATUS_BUSY);
33ef95ed
JH		 1243 goto failed;
1244 }
1245
1246 val = !!cp->val;
1247
1248 if (test_bit(HCI_AUTH, &hdev->flags) == val) {
1249 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1250 goto failed;
1251 }
1252
1253 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LINK_SECURITY, hdev, data, len);
1254 if (!cmd) {
1255 err = -ENOMEM;
1256 goto failed;
1257 }
1258
1259 err = hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE, sizeof(val), &val);
1260 if (err < 0) {
1261 mgmt_pending_remove(cmd);
1262 goto failed;
1263 }
1264
1265failed:
1266 hci_dev_unlock(hdev);
33ef95ed
JH		 1267 return err;
1268}
1269
bdb6d971 1270static int set_ssp(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
ed2c4ee3
JH		 1271{
1272 struct mgmt_mode *cp = data;
1273 struct pending_cmd *cmd;
816a11d5 1274 u8 val;
ed2c4ee3
JH		 1275 int err;
1276
bdb6d971 1277 BT_DBG("request for %s", hdev->name);
ed2c4ee3 1278
13ecd8b6
JH		 1279 if (!lmp_ssp_capable(hdev))
1280 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1281 MGMT_STATUS_NOT_SUPPORTED);
ed2c4ee3 1282
a7e80f25
JH		 1283 if (cp->val != 0x00 && cp->val != 0x01)
1284 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1285 MGMT_STATUS_INVALID_PARAMS);
1286
13ecd8b6 1287 hci_dev_lock(hdev);
6c8f12c1 1288
c0ecddc2
JH		 1289 val = !!cp->val;
1290
4b34ee78 1291 if (!hdev_is_powered(hdev)) {
c0ecddc2
JH		 1292 bool changed = false;
1293
1294 if (val != test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) {
1295 change_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
1296 changed = true;
1297 }
1298
1299 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1300 if (err < 0)
1301 goto failed;
1302
1303 if (changed)
1304 err = new_settings(hdev, sk);
1305
ed2c4ee3
JH		 1306 goto failed;
1307 }
1308
1309 if (mgmt_pending_find(MGMT_OP_SET_SSP, hdev)) {
d97dcb66
SJ		 1310 err = cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1311 MGMT_STATUS_BUSY);
ed2c4ee3
JH		 1312 goto failed;
1313 }
1314
ed2c4ee3
JH		 1315 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags) == val) {
1316 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1317 goto failed;
1318 }
1319
1320 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SSP, hdev, data, len);
1321 if (!cmd) {
1322 err = -ENOMEM;
1323 goto failed;
1324 }
1325
1326 err = hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, sizeof(val), &val);
1327 if (err < 0) {
1328 mgmt_pending_remove(cmd);
1329 goto failed;
1330 }
1331
1332failed:
1333 hci_dev_unlock(hdev);
ed2c4ee3
JH		 1334 return err;
1335}
1336
bdb6d971 1337static int set_hs(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
6d80dfd0
JH		 1338{
1339 struct mgmt_mode *cp = data;
6d80dfd0 1340
bdb6d971 1341 BT_DBG("request for %s", hdev->name);
6d80dfd0 1342
848566b3 1343 if (!lmp_bredr_capable(hdev))
bdb6d971 1344 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
04124681 1345 MGMT_STATUS_NOT_SUPPORTED);
6d80dfd0 1346
a7e80f25
JH		 1347 if (cp->val != 0x00 && cp->val != 0x01)
1348 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1349 MGMT_STATUS_INVALID_PARAMS);
1350
6d80dfd0
JH		 1351 if (cp->val)
1352 set_bit(HCI_HS_ENABLED, &hdev->dev_flags);
1353 else
1354 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
1355
bdb6d971 1356 return send_settings_rsp(sk, MGMT_OP_SET_HS, hdev);
6d80dfd0
JH		 1357}
1358
416a4ae5
JH		 1359static void le_enable_complete(struct hci_dev *hdev, u8 status)
1360{
1361 struct cmd_lookup match = { NULL, hdev };
1362
1363 if (status) {
1364 u8 mgmt_err = mgmt_status(status);
1365
1366 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, cmd_status_rsp,
1367 &mgmt_err);
1368 return;
1369 }
1370
1371 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, settings_rsp, &match);
1372
1373 new_settings(hdev, match.sk);
1374
1375 if (match.sk)
1376 sock_put(match.sk);
1377}
1378
bdb6d971 1379static int set_le(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
06199cf8
JH		 1380{
1381 struct mgmt_mode *cp = data;
1382 struct hci_cp_write_le_host_supported hci_cp;
1383 struct pending_cmd *cmd;
416a4ae5 1384 struct hci_request req;
06199cf8 1385 int err;
0b60eba1 1386 u8 val, enabled;
06199cf8 1387
bdb6d971 1388 BT_DBG("request for %s", hdev->name);
06199cf8 1389
13ecd8b6
JH		 1390 if (!lmp_le_capable(hdev))
1391 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1392 MGMT_STATUS_NOT_SUPPORTED);
1de028ce 1393
a7e80f25
JH		 1394 if (cp->val != 0x00 && cp->val != 0x01)
1395 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1396 MGMT_STATUS_INVALID_PARAMS);
1397
c73eee91
JH		 1398 /* LE-only devices do not allow toggling LE on/off */
1399 if (!lmp_bredr_capable(hdev))
1400 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1401 MGMT_STATUS_REJECTED);
1402
13ecd8b6 1403 hci_dev_lock(hdev);
06199cf8
JH		 1404
1405 val = !!cp->val;
ffa88e02 1406 enabled = lmp_host_le_capable(hdev);
06199cf8 1407
0b60eba1 1408 if (!hdev_is_powered(hdev) || val == enabled) {
06199cf8
JH		 1409 bool changed = false;
1410
1411 if (val != test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
1412 change_bit(HCI_LE_ENABLED, &hdev->dev_flags);
1413 changed = true;
1414 }
1415
eeca6f89
JH		 1416 if (!val && test_bit(HCI_LE_PERIPHERAL, &hdev->dev_flags)) {
1417 clear_bit(HCI_LE_PERIPHERAL, &hdev->dev_flags);
1418 changed = true;
1419 }
1420
06199cf8
JH		 1421 err = send_settings_rsp(sk, MGMT_OP_SET_LE, hdev);
1422 if (err < 0)
1de028ce 1423 goto unlock;
06199cf8
JH		 1424
1425 if (changed)
1426 err = new_settings(hdev, sk);
1427
1de028ce 1428 goto unlock;
06199cf8
JH		 1429 }
1430
4375f103
JH		 1431 if (mgmt_pending_find(MGMT_OP_SET_LE, hdev) ||
1432 mgmt_pending_find(MGMT_OP_SET_ADVERTISING, hdev)) {
bdb6d971 1433 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
04124681 1434 MGMT_STATUS_BUSY);
1de028ce 1435 goto unlock;
06199cf8
JH		 1436 }
1437
1438 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LE, hdev, data, len);
1439 if (!cmd) {
1440 err = -ENOMEM;
1de028ce 1441 goto unlock;
06199cf8
JH		 1442 }
1443
1444 memset(&hci_cp, 0, sizeof(hci_cp));
1445
1446 if (val) {
1447 hci_cp.le = val;
ffa88e02 1448 hci_cp.simul = lmp_le_br_capable(hdev);
06199cf8
JH		 1449 }
1450
416a4ae5
JH		 1451 hci_req_init(&req, hdev);
1452
eeca6f89
JH		 1453 if (test_bit(HCI_LE_PERIPHERAL, &hdev->dev_flags) && !val)
1454 hci_req_add(&req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(val), &val);
1455
416a4ae5
JH		 1456 hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(hci_cp),
1457 &hci_cp);
1458
1459 err = hci_req_run(&req, le_enable_complete);
0c01bc48 1460 if (err < 0)
06199cf8 1461 mgmt_pending_remove(cmd);
06199cf8 1462
1de028ce
JH		 1463unlock:
1464 hci_dev_unlock(hdev);
06199cf8
JH		 1465 return err;
1466}
1467
0cab9c80
JH		 1468/* This is a helper function to test for pending mgmt commands that can
1469 * cause CoD or EIR HCI commands. We can only allow one such pending
1470 * mgmt command at a time since otherwise we cannot easily track what
1471 * the current values are, will be, and based on that calculate if a new
1472 * HCI command needs to be sent and if yes with what value.
1473 */
1474static bool pending_eir_or_class(struct hci_dev *hdev)
1475{
1476 struct pending_cmd *cmd;
1477
1478 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
1479 switch (cmd->opcode) {
1480 case MGMT_OP_ADD_UUID:
1481 case MGMT_OP_REMOVE_UUID:
1482 case MGMT_OP_SET_DEV_CLASS:
1483 case MGMT_OP_SET_POWERED:
1484 return true;
1485 }
1486 }
1487
1488 return false;
1489}
1490
83be8eca
JH		 1491static const u8 bluetooth_base_uuid[] = {
1492 0xfb, 0x34, 0x9b, 0x5f, 0x80, 0x00, 0x00, 0x80,
1493 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1494};
1495
1496static u8 get_uuid_size(const u8 *uuid)
1497{
1498 u32 val;
1499
1500 if (memcmp(uuid, bluetooth_base_uuid, 12))
1501 return 128;
1502
1503 val = get_unaligned_le32(&uuid[12]);
1504 if (val > 0xffff)
1505 return 32;
1506
1507 return 16;
1508}
1509
92da6097
JH		 1510static void mgmt_class_complete(struct hci_dev *hdev, u16 mgmt_op, u8 status)
1511{
1512 struct pending_cmd *cmd;
1513
1514 hci_dev_lock(hdev);
1515
1516 cmd = mgmt_pending_find(mgmt_op, hdev);
1517 if (!cmd)
1518 goto unlock;
1519
1520 cmd_complete(cmd->sk, cmd->index, cmd->opcode, mgmt_status(status),
1521 hdev->dev_class, 3);
1522
1523 mgmt_pending_remove(cmd);
1524
1525unlock:
1526 hci_dev_unlock(hdev);
1527}
1528
1529static void add_uuid_complete(struct hci_dev *hdev, u8 status)
1530{
1531 BT_DBG("status 0x%02x", status);
1532
1533 mgmt_class_complete(hdev, MGMT_OP_ADD_UUID, status);
1534}
1535
bdb6d971 1536static int add_uuid(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
2aeb9a1a 1537{
650f726d 1538 struct mgmt_cp_add_uuid *cp = data;
90e70454 1539 struct pending_cmd *cmd;
890ea898 1540 struct hci_request req;
2aeb9a1a 1541 struct bt_uuid *uuid;
2aeb9a1a
JH		 1542 int err;
1543
bdb6d971 1544 BT_DBG("request for %s", hdev->name);
2aeb9a1a 1545
09fd0de5 1546 hci_dev_lock(hdev);
2aeb9a1a 1547
0cab9c80 1548 if (pending_eir_or_class(hdev)) {
bdb6d971 1549 err = cmd_status(sk, hdev->id, MGMT_OP_ADD_UUID,
04124681 1550 MGMT_STATUS_BUSY);
c95f0ba7
JH		 1551 goto failed;
1552 }
1553
92c4c204 1554 uuid = kmalloc(sizeof(*uuid), GFP_KERNEL);
2aeb9a1a
JH		 1555 if (!uuid) {
1556 err = -ENOMEM;
1557 goto failed;
1558 }
1559
1560 memcpy(uuid->uuid, cp->uuid, 16);
1aff6f09 1561 uuid->svc_hint = cp->svc_hint;
83be8eca 1562 uuid->size = get_uuid_size(cp->uuid);
2aeb9a1a 1563
de66aa63 1564 list_add_tail(&uuid->list, &hdev->uuids);
2aeb9a1a 1565
890ea898 1566 hci_req_init(&req, hdev);
1aff6f09 1567
890ea898
JH		 1568 update_class(&req);
1569 update_eir(&req);
1570
92da6097
JH		 1571 err = hci_req_run(&req, add_uuid_complete);
1572 if (err < 0) {
1573 if (err != -ENODATA)
1574 goto failed;
80a1e1db 1575
bdb6d971 1576 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_UUID, 0,
04124681 1577 hdev->dev_class, 3);
90e70454
JH		 1578 goto failed;
1579 }
1580
1581 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_UUID, hdev, data, len);
890ea898 1582 if (!cmd) {
90e70454 1583 err = -ENOMEM;
890ea898
JH		 1584 goto failed;
1585 }
1586
1587 err = 0;
2aeb9a1a
JH		 1588
1589failed:
09fd0de5 1590 hci_dev_unlock(hdev);
2aeb9a1a
JH		 1591 return err;
1592}
1593
24b78d0f
JH		 1594static bool enable_service_cache(struct hci_dev *hdev)
1595{
1596 if (!hdev_is_powered(hdev))
1597 return false;
1598
1599 if (!test_and_set_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
46818ed5
JH		 1600 queue_delayed_work(hdev->workqueue, &hdev->service_cache,
1601 CACHE_TIMEOUT);
24b78d0f
JH		 1602 return true;
1603 }
1604
1605 return false;
1606}
1607
92da6097
JH		 1608static void remove_uuid_complete(struct hci_dev *hdev, u8 status)
1609{
1610 BT_DBG("status 0x%02x", status);
1611
1612 mgmt_class_complete(hdev, MGMT_OP_REMOVE_UUID, status);
1613}
1614
bdb6d971 1615static int remove_uuid(struct sock *sk, struct hci_dev *hdev, void *data,
8ce8e2b5 1616 u16 len)
2aeb9a1a 1617{
650f726d 1618 struct mgmt_cp_remove_uuid *cp = data;
90e70454 1619 struct pending_cmd *cmd;
056341c8 1620 struct bt_uuid *match, *tmp;
2aeb9a1a 1621 u8 bt_uuid_any[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
890ea898 1622 struct hci_request req;
2aeb9a1a
JH		 1623 int err, found;
1624
bdb6d971 1625 BT_DBG("request for %s", hdev->name);
2aeb9a1a 1626
09fd0de5 1627 hci_dev_lock(hdev);
2aeb9a1a 1628
0cab9c80 1629 if (pending_eir_or_class(hdev)) {
bdb6d971 1630 err = cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
04124681 1631 MGMT_STATUS_BUSY);
c95f0ba7
JH		 1632 goto unlock;
1633 }
1634
2aeb9a1a
JH		 1635 if (memcmp(cp->uuid, bt_uuid_any, 16) == 0) {
1636 err = hci_uuids_clear(hdev);
4004b6d9 1637
24b78d0f 1638 if (enable_service_cache(hdev)) {
bdb6d971 1639 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID,
04124681 1640 0, hdev->dev_class, 3);
24b78d0f
JH		 1641 goto unlock;
1642 }
4004b6d9 1643
9246a869 1644 goto update_class;
2aeb9a1a
JH		 1645 }
1646
1647 found = 0;
1648
056341c8 1649 list_for_each_entry_safe(match, tmp, &hdev->uuids, list) {
2aeb9a1a
JH		 1650 if (memcmp(match->uuid, cp->uuid, 16) != 0)
1651 continue;
1652
1653 list_del(&match->list);
482049f7 1654 kfree(match);
2aeb9a1a
JH		 1655 found++;
1656 }
1657
1658 if (found == 0) {
bdb6d971 1659 err = cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
04124681 1660 MGMT_STATUS_INVALID_PARAMS);
2aeb9a1a
JH		 1661 goto unlock;
1662 }
1663
9246a869 1664update_class:
890ea898 1665 hci_req_init(&req, hdev);
1aff6f09 1666
890ea898
JH		 1667 update_class(&req);
1668 update_eir(&req);
1669
92da6097
JH		 1670 err = hci_req_run(&req, remove_uuid_complete);
1671 if (err < 0) {
1672 if (err != -ENODATA)
1673 goto unlock;
80a1e1db 1674
bdb6d971 1675 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID, 0,
04124681 1676 hdev->dev_class, 3);
90e70454
JH		 1677 goto unlock;
1678 }
1679
1680 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_UUID, hdev, data, len);
890ea898 1681 if (!cmd) {
90e70454 1682 err = -ENOMEM;
890ea898
JH		 1683 goto unlock;
1684 }
1685
1686 err = 0;
2aeb9a1a
JH		 1687
1688unlock:
09fd0de5 1689 hci_dev_unlock(hdev);
2aeb9a1a
JH		 1690 return err;
1691}
1692
92da6097
JH		 1693static void set_class_complete(struct hci_dev *hdev, u8 status)
1694{
1695 BT_DBG("status 0x%02x", status);
1696
1697 mgmt_class_complete(hdev, MGMT_OP_SET_DEV_CLASS, status);
1698}
1699
bdb6d971 1700static int set_dev_class(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1701 u16 len)
1aff6f09 1702{
650f726d 1703 struct mgmt_cp_set_dev_class *cp = data;
90e70454 1704 struct pending_cmd *cmd;
890ea898 1705 struct hci_request req;
1aff6f09
JH		 1706 int err;
1707
bdb6d971 1708 BT_DBG("request for %s", hdev->name);
1aff6f09 1709
13ecd8b6
JH		 1710 if (!lmp_bredr_capable(hdev))
1711 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
1712 MGMT_STATUS_NOT_SUPPORTED);
1aff6f09 1713
0cab9c80 1714 hci_dev_lock(hdev);
ee98f473 1715
0cab9c80
JH		 1716 if (pending_eir_or_class(hdev)) {
1717 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
1718 MGMT_STATUS_BUSY);
1719 goto unlock;
1720 }
c95f0ba7 1721
0cab9c80
JH		 1722 if ((cp->minor & 0x03) != 0 || (cp->major & 0xe0) != 0) {
1723 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
1724 MGMT_STATUS_INVALID_PARAMS);
1725 goto unlock;
1726 }
575b3a02 1727
932f5ff5
JH		 1728 hdev->major_class = cp->major;
1729 hdev->minor_class = cp->minor;
1730
b5235a65 1731 if (!hdev_is_powered(hdev)) {
bdb6d971 1732 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
04124681 1733 hdev->dev_class, 3);
b5235a65
JH		 1734 goto unlock;
1735 }
1736
890ea898
JH		 1737 hci_req_init(&req, hdev);
1738
a8b2d5c2 1739 if (test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
7d78525d
JH		 1740 hci_dev_unlock(hdev);
1741 cancel_delayed_work_sync(&hdev->service_cache);
1742 hci_dev_lock(hdev);
890ea898 1743 update_eir(&req);
7d78525d 1744 }
14c0b608 1745
890ea898
JH		 1746 update_class(&req);
1747
92da6097
JH		 1748 err = hci_req_run(&req, set_class_complete);
1749 if (err < 0) {
1750 if (err != -ENODATA)
1751 goto unlock;
1aff6f09 1752
bdb6d971 1753 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
04124681 1754 hdev->dev_class, 3);
90e70454
JH		 1755 goto unlock;
1756 }
1757
1758 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DEV_CLASS, hdev, data, len);
890ea898 1759 if (!cmd) {
90e70454 1760 err = -ENOMEM;
890ea898
JH		 1761 goto unlock;
1762 }
1763
1764 err = 0;
1aff6f09 1765
b5235a65 1766unlock:
09fd0de5 1767 hci_dev_unlock(hdev);
1aff6f09
JH		 1768 return err;
1769}
1770
bdb6d971 1771static int load_link_keys(struct sock *sk, struct hci_dev *hdev, void *data,
8ce8e2b5 1772 u16 len)
55ed8ca1 1773{
650f726d 1774 struct mgmt_cp_load_link_keys *cp = data;
4e51eae9 1775 u16 key_count, expected_len;
a492cd52 1776 int i;
55ed8ca1 1777
1f350c87 1778 key_count = __le16_to_cpu(cp->key_count);
55ed8ca1 1779
86742e1e
JH		 1780 expected_len = sizeof(*cp) + key_count *
1781 sizeof(struct mgmt_link_key_info);
a492cd52 1782 if (expected_len != len) {
86742e1e 1783 BT_ERR("load_link_keys: expected %u bytes, got %u bytes",
8ce8e2b5 1784 len, expected_len);
bdb6d971 1785 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
04124681 1786 MGMT_STATUS_INVALID_PARAMS);
55ed8ca1
JH		 1787 }
1788
4ae14301
JH		 1789 if (cp->debug_keys != 0x00 && cp->debug_keys != 0x01)
1790 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
1791 MGMT_STATUS_INVALID_PARAMS);
1792
bdb6d971 1793 BT_DBG("%s debug_keys %u key_count %u", hdev->name, cp->debug_keys,
8ce8e2b5 1794 key_count);
55ed8ca1 1795
4ee71b20
JH		 1796 for (i = 0; i < key_count; i++) {
1797 struct mgmt_link_key_info *key = &cp->keys[i];
1798
1799 if (key->addr.type != BDADDR_BREDR)
1800 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
1801 MGMT_STATUS_INVALID_PARAMS);
1802 }
1803
09fd0de5 1804 hci_dev_lock(hdev);
55ed8ca1
JH		 1805
1806 hci_link_keys_clear(hdev);
1807
55ed8ca1 1808 if (cp->debug_keys)
a8b2d5c2 1809 set_bit(HCI_DEBUG_KEYS, &hdev->dev_flags);
55ed8ca1 1810 else
a8b2d5c2 1811 clear_bit(HCI_DEBUG_KEYS, &hdev->dev_flags);
55ed8ca1 1812
a492cd52 1813 for (i = 0; i < key_count; i++) {
86742e1e 1814 struct mgmt_link_key_info *key = &cp->keys[i];
55ed8ca1 1815
d753fdc4 1816 hci_add_link_key(hdev, NULL, 0, &key->addr.bdaddr, key->val,
04124681 1817 key->type, key->pin_len);
55ed8ca1
JH		 1818 }
1819
bdb6d971 1820 cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS, 0, NULL, 0);
0e5f875a 1821
09fd0de5 1822 hci_dev_unlock(hdev);
55ed8ca1 1823
a492cd52 1824 return 0;
55ed8ca1
JH		 1825}
1826
b1078ad0 1827static int device_unpaired(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 1828 u8 addr_type, struct sock *skip_sk)
b1078ad0
JH		 1829{
1830 struct mgmt_ev_device_unpaired ev;
1831
1832 bacpy(&ev.addr.bdaddr, bdaddr);
1833 ev.addr.type = addr_type;
1834
1835 return mgmt_event(MGMT_EV_DEVICE_UNPAIRED, hdev, &ev, sizeof(ev),
04124681 1836 skip_sk);
b1078ad0
JH		 1837}
1838
bdb6d971 1839static int unpair_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1840 u16 len)
55ed8ca1 1841{
124f6e35
JH		 1842 struct mgmt_cp_unpair_device *cp = data;
1843 struct mgmt_rp_unpair_device rp;
a8a1d19e
JH		 1844 struct hci_cp_disconnect dc;
1845 struct pending_cmd *cmd;
55ed8ca1 1846 struct hci_conn *conn;
55ed8ca1
JH		 1847 int err;
1848
a8a1d19e 1849 memset(&rp, 0, sizeof(rp));
124f6e35
JH		 1850 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
1851 rp.addr.type = cp->addr.type;
a8a1d19e 1852
4ee71b20
JH		 1853 if (!bdaddr_type_is_valid(cp->addr.type))
1854 return cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
1855 MGMT_STATUS_INVALID_PARAMS,
1856 &rp, sizeof(rp));
1857
118da70b
JH		 1858 if (cp->disconnect != 0x00 && cp->disconnect != 0x01)
1859 return cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
1860 MGMT_STATUS_INVALID_PARAMS,
1861 &rp, sizeof(rp));
1862
4ee71b20
JH		 1863 hci_dev_lock(hdev);
1864
86a8cfc6 1865 if (!hdev_is_powered(hdev)) {
bdb6d971 1866 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
04124681 1867 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
86a8cfc6
JH		 1868 goto unlock;
1869 }
1870
591f47f3 1871 if (cp->addr.type == BDADDR_BREDR)
124f6e35
JH		 1872 err = hci_remove_link_key(hdev, &cp->addr.bdaddr);
1873 else
1874 err = hci_remove_ltk(hdev, &cp->addr.bdaddr);
b0dbfb46 1875
55ed8ca1 1876 if (err < 0) {
bdb6d971 1877 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
04124681 1878 MGMT_STATUS_NOT_PAIRED, &rp, sizeof(rp));
55ed8ca1
JH		 1879 goto unlock;
1880 }
1881
86a8cfc6 1882 if (cp->disconnect) {
591f47f3 1883 if (cp->addr.type == BDADDR_BREDR)
86a8cfc6 1884 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
8ce8e2b5 1885 &cp->addr.bdaddr);
86a8cfc6
JH		 1886 else
1887 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK,
8ce8e2b5 1888 &cp->addr.bdaddr);
86a8cfc6
JH		 1889 } else {
1890 conn = NULL;
1891 }
124f6e35 1892
a8a1d19e 1893 if (!conn) {
bdb6d971 1894 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE, 0,
04124681 1895 &rp, sizeof(rp));
b1078ad0 1896 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, sk);
a8a1d19e
JH		 1897 goto unlock;
1898 }
55ed8ca1 1899
124f6e35 1900 cmd = mgmt_pending_add(sk, MGMT_OP_UNPAIR_DEVICE, hdev, cp,
04124681 1901 sizeof(*cp));
a8a1d19e
JH		 1902 if (!cmd) {
1903 err = -ENOMEM;
1904 goto unlock;
55ed8ca1
JH		 1905 }
1906
eb55ef07 1907 dc.handle = cpu_to_le16(conn->handle);
a8a1d19e
JH		 1908 dc.reason = 0x13; /* Remote User Terminated Connection */
1909 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
1910 if (err < 0)
1911 mgmt_pending_remove(cmd);
1912
55ed8ca1 1913unlock:
09fd0de5 1914 hci_dev_unlock(hdev);
55ed8ca1
JH		 1915 return err;
1916}
1917
bdb6d971 1918static int disconnect(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1919 u16 len)
8962ee74 1920{
650f726d 1921 struct mgmt_cp_disconnect *cp = data;
06a63b19 1922 struct mgmt_rp_disconnect rp;
8962ee74 1923 struct hci_cp_disconnect dc;
366a0336 1924 struct pending_cmd *cmd;
8962ee74 1925 struct hci_conn *conn;
8962ee74
JH		 1926 int err;
1927
1928 BT_DBG("");
1929
06a63b19
JH		 1930 memset(&rp, 0, sizeof(rp));
1931 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
1932 rp.addr.type = cp->addr.type;
1933
4ee71b20 1934 if (!bdaddr_type_is_valid(cp->addr.type))
06a63b19
JH		 1935 return cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
1936 MGMT_STATUS_INVALID_PARAMS,
1937 &rp, sizeof(rp));
4ee71b20 1938
09fd0de5 1939 hci_dev_lock(hdev);
8962ee74
JH		 1940
1941 if (!test_bit(HCI_UP, &hdev->flags)) {
06a63b19
JH		 1942 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
1943 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
8962ee74
JH		 1944 goto failed;
1945 }
1946
2e58ef3e 1947 if (mgmt_pending_find(MGMT_OP_DISCONNECT, hdev)) {
06a63b19
JH		 1948 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
1949 MGMT_STATUS_BUSY, &rp, sizeof(rp));
8962ee74
JH		 1950 goto failed;
1951 }
1952
591f47f3 1953 if (cp->addr.type == BDADDR_BREDR)
8fc9ced3
GP		 1954 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
1955 &cp->addr.bdaddr);
88c3df13
JH		 1956 else
1957 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
365227e5 1958
f960727e 1959 if (!conn || conn->state == BT_OPEN || conn->state == BT_CLOSED) {
06a63b19
JH		 1960 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
1961 MGMT_STATUS_NOT_CONNECTED, &rp, sizeof(rp));
8962ee74
JH		 1962 goto failed;
1963 }
1964
2e58ef3e 1965 cmd = mgmt_pending_add(sk, MGMT_OP_DISCONNECT, hdev, data, len);
366a0336
JH		 1966 if (!cmd) {
1967 err = -ENOMEM;
8962ee74 1968 goto failed;
366a0336 1969 }
8962ee74 1970
eb55ef07 1971 dc.handle = cpu_to_le16(conn->handle);
3701f944 1972 dc.reason = HCI_ERROR_REMOTE_USER_TERM;
8962ee74
JH		 1973
1974 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
1975 if (err < 0)
a664b5bc 1976 mgmt_pending_remove(cmd);
8962ee74
JH		 1977
1978failed:
09fd0de5 1979 hci_dev_unlock(hdev);
8962ee74
JH		 1980 return err;
1981}
1982
57c1477c 1983static u8 link_to_bdaddr(u8 link_type, u8 addr_type)
4c659c39
JH		 1984{
1985 switch (link_type) {
1986 case LE_LINK:
48264f06
JH		 1987 switch (addr_type) {
1988 case ADDR_LE_DEV_PUBLIC:
591f47f3 1989 return BDADDR_LE_PUBLIC;
0ed09148 1990
48264f06 1991 default:
0ed09148 1992 /* Fallback to LE Random address type */
591f47f3 1993 return BDADDR_LE_RANDOM;
48264f06 1994 }
0ed09148 1995
4c659c39 1996 default:
0ed09148 1997 /* Fallback to BR/EDR type */
591f47f3 1998 return BDADDR_BREDR;
4c659c39
JH		 1999 }
2000}
2001
04124681
GP		 2002static int get_connections(struct sock *sk, struct hci_dev *hdev, void *data,
2003 u16 data_len)
2784eb41 2004{
2784eb41 2005 struct mgmt_rp_get_connections *rp;
8035ded4 2006 struct hci_conn *c;
a38528f1 2007 size_t rp_len;
60fc5fb6
JH		 2008 int err;
2009 u16 i;
2784eb41
JH		 2010
2011 BT_DBG("");
2012
09fd0de5 2013 hci_dev_lock(hdev);
2784eb41 2014
5f97c1df 2015 if (!hdev_is_powered(hdev)) {
bdb6d971 2016 err = cmd_status(sk, hdev->id, MGMT_OP_GET_CONNECTIONS,
04124681 2017 MGMT_STATUS_NOT_POWERED);
5f97c1df
JH		 2018 goto unlock;
2019 }
2020
60fc5fb6 2021 i = 0;
b644ba33
JH		 2022 list_for_each_entry(c, &hdev->conn_hash.list, list) {
2023 if (test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
60fc5fb6 2024 i++;
2784eb41
JH		 2025 }
2026
60fc5fb6 2027 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
92c4c204 2028 rp = kmalloc(rp_len, GFP_KERNEL);
a38528f1 2029 if (!rp) {
2784eb41
JH		 2030 err = -ENOMEM;
2031 goto unlock;
2032 }
2033
2784eb41 2034 i = 0;
4c659c39 2035 list_for_each_entry(c, &hdev->conn_hash.list, list) {
b644ba33
JH		 2036 if (!test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
2037 continue;
4c659c39 2038 bacpy(&rp->addr[i].bdaddr, &c->dst);
57c1477c 2039 rp->addr[i].type = link_to_bdaddr(c->type, c->dst_type);
0ed09148 2040 if (c->type == SCO_LINK || c->type == ESCO_LINK)
4c659c39
JH		 2041 continue;
2042 i++;
2043 }
2044
eb55ef07 2045 rp->conn_count = cpu_to_le16(i);
60fc5fb6 2046
4c659c39
JH		 2047 /* Recalculate length in case of filtered SCO connections, etc */
2048 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
2784eb41 2049
bdb6d971 2050 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CONNECTIONS, 0, rp,
04124681 2051 rp_len);
2784eb41 2052
a38528f1 2053 kfree(rp);
5f97c1df
JH		 2054
2055unlock:
09fd0de5 2056 hci_dev_unlock(hdev);
2784eb41
JH		 2057 return err;
2058}
2059
bdb6d971 2060static int send_pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 2061 struct mgmt_cp_pin_code_neg_reply *cp)
96d97a67
WR		 2062{
2063 struct pending_cmd *cmd;
2064 int err;
2065
2e58ef3e 2066 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_NEG_REPLY, hdev, cp,
04124681 2067 sizeof(*cp));
96d97a67
WR		 2068 if (!cmd)
2069 return -ENOMEM;
2070
d8457698 2071 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
04124681 2072 sizeof(cp->addr.bdaddr), &cp->addr.bdaddr);
96d97a67
WR		 2073 if (err < 0)
2074 mgmt_pending_remove(cmd);
2075
2076 return err;
2077}
2078
bdb6d971 2079static int pin_code_reply(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2080 u16 len)
980e1a53 2081{
96d97a67 2082 struct hci_conn *conn;
650f726d 2083 struct mgmt_cp_pin_code_reply *cp = data;
980e1a53 2084 struct hci_cp_pin_code_reply reply;
366a0336 2085 struct pending_cmd *cmd;
980e1a53
JH		 2086 int err;
2087
2088 BT_DBG("");
2089
09fd0de5 2090 hci_dev_lock(hdev);
980e1a53 2091
4b34ee78 2092 if (!hdev_is_powered(hdev)) {
bdb6d971 2093 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
04124681 2094 MGMT_STATUS_NOT_POWERED);
980e1a53
JH		 2095 goto failed;
2096 }
2097
d8457698 2098 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->addr.bdaddr);
96d97a67 2099 if (!conn) {
bdb6d971 2100 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
04124681 2101 MGMT_STATUS_NOT_CONNECTED);
96d97a67
WR		 2102 goto failed;
2103 }
2104
2105 if (conn->pending_sec_level == BT_SECURITY_HIGH && cp->pin_len != 16) {
d8457698
JH		 2106 struct mgmt_cp_pin_code_neg_reply ncp;
2107
2108 memcpy(&ncp.addr, &cp->addr, sizeof(ncp.addr));
96d97a67
WR		 2109
2110 BT_ERR("PIN code is not 16 bytes long");
2111
bdb6d971 2112 err = send_pin_code_neg_reply(sk, hdev, &ncp);
96d97a67 2113 if (err >= 0)
bdb6d971 2114 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
04124681 2115 MGMT_STATUS_INVALID_PARAMS);
96d97a67
WR		 2116
2117 goto failed;
2118 }
2119
00abfe44 2120 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_REPLY, hdev, data, len);
366a0336
JH		 2121 if (!cmd) {
2122 err = -ENOMEM;
980e1a53 2123 goto failed;
366a0336 2124 }
980e1a53 2125
d8457698 2126 bacpy(&reply.bdaddr, &cp->addr.bdaddr);
980e1a53 2127 reply.pin_len = cp->pin_len;
24718ca5 2128 memcpy(reply.pin_code, cp->pin_code, sizeof(reply.pin_code));
980e1a53
JH		 2129
2130 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_REPLY, sizeof(reply), &reply);
2131 if (err < 0)
a664b5bc 2132 mgmt_pending_remove(cmd);
980e1a53
JH		 2133
2134failed:
09fd0de5 2135 hci_dev_unlock(hdev);
980e1a53
JH		 2136 return err;
2137}
2138
04124681
GP		 2139static int set_io_capability(struct sock *sk, struct hci_dev *hdev, void *data,
2140 u16 len)
17fa4b9d 2141{
650f726d 2142 struct mgmt_cp_set_io_capability *cp = data;
17fa4b9d
JH		 2143
2144 BT_DBG("");
2145
09fd0de5 2146 hci_dev_lock(hdev);
17fa4b9d
JH		 2147
2148 hdev->io_capability = cp->io_capability;
2149
2150 BT_DBG("%s IO capability set to 0x%02x", hdev->name,
8ce8e2b5 2151 hdev->io_capability);
17fa4b9d 2152
09fd0de5 2153 hci_dev_unlock(hdev);
17fa4b9d 2154
04124681
GP		 2155 return cmd_complete(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY, 0, NULL,
2156 0);
17fa4b9d
JH		 2157}
2158
6039aa73 2159static struct pending_cmd *find_pairing(struct hci_conn *conn)
e9a416b5
JH		 2160{
2161 struct hci_dev *hdev = conn->hdev;
8035ded4 2162 struct pending_cmd *cmd;
e9a416b5 2163
2e58ef3e 2164 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
e9a416b5
JH		 2165 if (cmd->opcode != MGMT_OP_PAIR_DEVICE)
2166 continue;
2167
e9a416b5
JH		 2168 if (cmd->user_data != conn)
2169 continue;
2170
2171 return cmd;
2172 }
2173
2174 return NULL;
2175}
2176
2177static void pairing_complete(struct pending_cmd *cmd, u8 status)
2178{
2179 struct mgmt_rp_pair_device rp;
2180 struct hci_conn *conn = cmd->user_data;
2181
ba4e564f 2182 bacpy(&rp.addr.bdaddr, &conn->dst);
57c1477c 2183 rp.addr.type = link_to_bdaddr(conn->type, conn->dst_type);
e9a416b5 2184
aee9b218 2185 cmd_complete(cmd->sk, cmd->index, MGMT_OP_PAIR_DEVICE, status,
04124681 2186 &rp, sizeof(rp));
e9a416b5
JH		 2187
2188 /* So we don't get further callbacks for this connection */
2189 conn->connect_cfm_cb = NULL;
2190 conn->security_cfm_cb = NULL;
2191 conn->disconn_cfm_cb = NULL;
2192
76a68ba0 2193 hci_conn_drop(conn);
e9a416b5 2194
a664b5bc 2195 mgmt_pending_remove(cmd);
e9a416b5
JH		 2196}
2197
2198static void pairing_complete_cb(struct hci_conn *conn, u8 status)
2199{
2200 struct pending_cmd *cmd;
2201
2202 BT_DBG("status %u", status);
2203
2204 cmd = find_pairing(conn);
56e5cb86 2205 if (!cmd)
e9a416b5 2206 BT_DBG("Unable to find a pending command");
56e5cb86 2207 else
e211326c 2208 pairing_complete(cmd, mgmt_status(status));
e9a416b5
JH		 2209}
2210
4c47d739
VA		 2211static void le_connect_complete_cb(struct hci_conn *conn, u8 status)
2212{
2213 struct pending_cmd *cmd;
2214
2215 BT_DBG("status %u", status);
2216
2217 if (!status)
2218 return;
2219
2220 cmd = find_pairing(conn);
2221 if (!cmd)
2222 BT_DBG("Unable to find a pending command");
2223 else
2224 pairing_complete(cmd, mgmt_status(status));
2225}
2226
bdb6d971 2227static int pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2228 u16 len)
e9a416b5 2229{
650f726d 2230 struct mgmt_cp_pair_device *cp = data;
1425acb7 2231 struct mgmt_rp_pair_device rp;
e9a416b5
JH		 2232 struct pending_cmd *cmd;
2233 u8 sec_level, auth_type;
2234 struct hci_conn *conn;
e9a416b5
JH		 2235 int err;
2236
2237 BT_DBG("");
2238
f950a30e
SJ		 2239 memset(&rp, 0, sizeof(rp));
2240 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2241 rp.addr.type = cp->addr.type;
2242
4ee71b20
JH		 2243 if (!bdaddr_type_is_valid(cp->addr.type))
2244 return cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2245 MGMT_STATUS_INVALID_PARAMS,
2246 &rp, sizeof(rp));
2247
09fd0de5 2248 hci_dev_lock(hdev);
e9a416b5 2249
5f97c1df 2250 if (!hdev_is_powered(hdev)) {
f950a30e
SJ		 2251 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2252 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
5f97c1df
JH		 2253 goto unlock;
2254 }
2255
c908df36
VCG		 2256 sec_level = BT_SECURITY_MEDIUM;
2257 if (cp->io_cap == 0x03)
e9a416b5 2258 auth_type = HCI_AT_DEDICATED_BONDING;
c908df36 2259 else
e9a416b5 2260 auth_type = HCI_AT_DEDICATED_BONDING_MITM;
e9a416b5 2261
591f47f3 2262 if (cp->addr.type == BDADDR_BREDR)
b12f62cf
AG		 2263 conn = hci_connect(hdev, ACL_LINK, &cp->addr.bdaddr,
2264 cp->addr.type, sec_level, auth_type);
7a512d01 2265 else
b12f62cf
AG		 2266 conn = hci_connect(hdev, LE_LINK, &cp->addr.bdaddr,
2267 cp->addr.type, sec_level, auth_type);
7a512d01 2268
30e76272 2269 if (IS_ERR(conn)) {
489dc48e
AK		 2270 int status;
2271
2272 if (PTR_ERR(conn) == -EBUSY)
2273 status = MGMT_STATUS_BUSY;
2274 else
2275 status = MGMT_STATUS_CONNECT_FAILED;
2276
bdb6d971 2277 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
489dc48e 2278 status, &rp,
04124681 2279 sizeof(rp));
e9a416b5
JH		 2280 goto unlock;
2281 }
2282
2283 if (conn->connect_cfm_cb) {
76a68ba0 2284 hci_conn_drop(conn);
bdb6d971 2285 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
04124681 2286 MGMT_STATUS_BUSY, &rp, sizeof(rp));
e9a416b5
JH		 2287 goto unlock;
2288 }
2289
2e58ef3e 2290 cmd = mgmt_pending_add(sk, MGMT_OP_PAIR_DEVICE, hdev, data, len);
e9a416b5
JH		 2291 if (!cmd) {
2292 err = -ENOMEM;
76a68ba0 2293 hci_conn_drop(conn);
e9a416b5
JH		 2294 goto unlock;
2295 }
2296
7a512d01 2297 /* For LE, just connecting isn't a proof that the pairing finished */
591f47f3 2298 if (cp->addr.type == BDADDR_BREDR)
7a512d01 2299 conn->connect_cfm_cb = pairing_complete_cb;
4c47d739
VA		 2300 else
2301 conn->connect_cfm_cb = le_connect_complete_cb;
7a512d01 2302
e9a416b5
JH		 2303 conn->security_cfm_cb = pairing_complete_cb;
2304 conn->disconn_cfm_cb = pairing_complete_cb;
2305 conn->io_capability = cp->io_cap;
2306 cmd->user_data = conn;
2307
2308 if (conn->state == BT_CONNECTED &&
8ce8e2b5 2309 hci_conn_security(conn, sec_level, auth_type))
e9a416b5
JH		 2310 pairing_complete(cmd, 0);
2311
2312 err = 0;
2313
2314unlock:
09fd0de5 2315 hci_dev_unlock(hdev);
e9a416b5
JH		 2316 return err;
2317}
2318
04124681
GP		 2319static int cancel_pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
2320 u16 len)
28424707 2321{
0f4e68cf 2322 struct mgmt_addr_info *addr = data;
28424707
JH		 2323 struct pending_cmd *cmd;
2324 struct hci_conn *conn;
2325 int err;
2326
2327 BT_DBG("");
2328
28424707
JH		 2329 hci_dev_lock(hdev);
2330
5f97c1df 2331 if (!hdev_is_powered(hdev)) {
bdb6d971 2332 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
04124681 2333 MGMT_STATUS_NOT_POWERED);
5f97c1df
JH		 2334 goto unlock;
2335 }
2336
28424707
JH		 2337 cmd = mgmt_pending_find(MGMT_OP_PAIR_DEVICE, hdev);
2338 if (!cmd) {
bdb6d971 2339 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
04124681 2340 MGMT_STATUS_INVALID_PARAMS);
28424707
JH		 2341 goto unlock;
2342 }
2343
2344 conn = cmd->user_data;
2345
2346 if (bacmp(&addr->bdaddr, &conn->dst) != 0) {
bdb6d971 2347 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
04124681 2348 MGMT_STATUS_INVALID_PARAMS);
28424707
JH		 2349 goto unlock;
2350 }
2351
2352 pairing_complete(cmd, MGMT_STATUS_CANCELLED);
2353
bdb6d971 2354 err = cmd_complete(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE, 0,
04124681 2355 addr, sizeof(*addr));
28424707
JH		 2356unlock:
2357 hci_dev_unlock(hdev);
28424707
JH		 2358 return err;
2359}
2360
bdb6d971 2361static int user_pairing_resp(struct sock *sk, struct hci_dev *hdev,
1707c60e 2362 struct mgmt_addr_info *addr, u16 mgmt_op,
04124681 2363 u16 hci_op, __le32 passkey)
a5c29683 2364{
a5c29683 2365 struct pending_cmd *cmd;
0df4c185 2366 struct hci_conn *conn;
a5c29683
JH		 2367 int err;
2368
09fd0de5 2369 hci_dev_lock(hdev);
08ba5382 2370
4b34ee78 2371 if (!hdev_is_powered(hdev)) {
feb94d3d
JH		 2372 err = cmd_complete(sk, hdev->id, mgmt_op,
2373 MGMT_STATUS_NOT_POWERED, addr,
2374 sizeof(*addr));
0df4c185 2375 goto done;
a5c29683
JH		 2376 }
2377
1707c60e
JH		 2378 if (addr->type == BDADDR_BREDR)
2379 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &addr->bdaddr);
272d90df 2380 else
1707c60e 2381 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &addr->bdaddr);
272d90df
JH		 2382
2383 if (!conn) {
feb94d3d
JH		 2384 err = cmd_complete(sk, hdev->id, mgmt_op,
2385 MGMT_STATUS_NOT_CONNECTED, addr,
2386 sizeof(*addr));
272d90df
JH		 2387 goto done;
2388 }
47c15e2b 2389
1707c60e 2390 if (addr->type == BDADDR_LE_PUBLIC || addr->type == BDADDR_LE_RANDOM) {
47c15e2b 2391 /* Continue with pairing via SMP */
5fe57d9e
BG		 2392 err = smp_user_confirm_reply(conn, mgmt_op, passkey);
2393
2394 if (!err)
feb94d3d
JH		 2395 err = cmd_complete(sk, hdev->id, mgmt_op,
2396 MGMT_STATUS_SUCCESS, addr,
2397 sizeof(*addr));
5fe57d9e 2398 else
feb94d3d
JH		 2399 err = cmd_complete(sk, hdev->id, mgmt_op,
2400 MGMT_STATUS_FAILED, addr,
2401 sizeof(*addr));
47c15e2b 2402
47c15e2b
BG		 2403 goto done;
2404 }
2405
1707c60e 2406 cmd = mgmt_pending_add(sk, mgmt_op, hdev, addr, sizeof(*addr));
a5c29683
JH		 2407 if (!cmd) {
2408 err = -ENOMEM;
0df4c185 2409 goto done;
a5c29683
JH		 2410 }
2411
0df4c185 2412 /* Continue with pairing via HCI */
604086b7
BG		 2413 if (hci_op == HCI_OP_USER_PASSKEY_REPLY) {
2414 struct hci_cp_user_passkey_reply cp;
2415
1707c60e 2416 bacpy(&cp.bdaddr, &addr->bdaddr);
604086b7
BG		 2417 cp.passkey = passkey;
2418 err = hci_send_cmd(hdev, hci_op, sizeof(cp), &cp);
2419 } else
1707c60e
JH		 2420 err = hci_send_cmd(hdev, hci_op, sizeof(addr->bdaddr),
2421 &addr->bdaddr);
604086b7 2422
a664b5bc
JH		 2423 if (err < 0)
2424 mgmt_pending_remove(cmd);
a5c29683 2425
0df4c185 2426done:
09fd0de5 2427 hci_dev_unlock(hdev);
a5c29683
JH		 2428 return err;
2429}
2430
afeb019d
JK		 2431static int pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
2432 void *data, u16 len)
2433{
2434 struct mgmt_cp_pin_code_neg_reply *cp = data;
2435
2436 BT_DBG("");
2437
1707c60e 2438 return user_pairing_resp(sk, hdev, &cp->addr,
afeb019d
JK		 2439 MGMT_OP_PIN_CODE_NEG_REPLY,
2440 HCI_OP_PIN_CODE_NEG_REPLY, 0);
2441}
2442
04124681
GP		 2443static int user_confirm_reply(struct sock *sk, struct hci_dev *hdev, void *data,
2444 u16 len)
0df4c185 2445{
650f726d 2446 struct mgmt_cp_user_confirm_reply *cp = data;
0df4c185
BG		 2447
2448 BT_DBG("");
2449
2450 if (len != sizeof(*cp))
bdb6d971 2451 return cmd_status(sk, hdev->id, MGMT_OP_USER_CONFIRM_REPLY,
04124681 2452 MGMT_STATUS_INVALID_PARAMS);
0df4c185 2453
1707c60e 2454 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 2455 MGMT_OP_USER_CONFIRM_REPLY,
2456 HCI_OP_USER_CONFIRM_REPLY, 0);
0df4c185
BG		 2457}
2458
bdb6d971 2459static int user_confirm_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 2460 void *data, u16 len)
0df4c185 2461{
c9c2659f 2462 struct mgmt_cp_user_confirm_neg_reply *cp = data;
0df4c185
BG		 2463
2464 BT_DBG("");
2465
1707c60e 2466 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 2467 MGMT_OP_USER_CONFIRM_NEG_REPLY,
2468 HCI_OP_USER_CONFIRM_NEG_REPLY, 0);
0df4c185
BG		 2469}
2470
04124681
GP		 2471static int user_passkey_reply(struct sock *sk, struct hci_dev *hdev, void *data,
2472 u16 len)
604086b7 2473{
650f726d 2474 struct mgmt_cp_user_passkey_reply *cp = data;
604086b7
BG		 2475
2476 BT_DBG("");
2477
1707c60e 2478 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 2479 MGMT_OP_USER_PASSKEY_REPLY,
2480 HCI_OP_USER_PASSKEY_REPLY, cp->passkey);
604086b7
BG		 2481}
2482
bdb6d971 2483static int user_passkey_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 2484 void *data, u16 len)
604086b7 2485{
650f726d 2486 struct mgmt_cp_user_passkey_neg_reply *cp = data;
604086b7
BG		 2487
2488 BT_DBG("");
2489
1707c60e 2490 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 2491 MGMT_OP_USER_PASSKEY_NEG_REPLY,
2492 HCI_OP_USER_PASSKEY_NEG_REPLY, 0);
604086b7
BG		 2493}
2494
13928971 2495static void update_name(struct hci_request *req)
2b4bf397 2496{
13928971 2497 struct hci_dev *hdev = req->hdev;
2b4bf397
JH		 2498 struct hci_cp_write_local_name cp;
2499
13928971 2500 memcpy(cp.name, hdev->dev_name, sizeof(cp.name));
2b4bf397 2501
890ea898 2502 hci_req_add(req, HCI_OP_WRITE_LOCAL_NAME, sizeof(cp), &cp);
2b4bf397
JH		 2503}
2504
13928971
JH		 2505static void set_name_complete(struct hci_dev *hdev, u8 status)
2506{
2507 struct mgmt_cp_set_local_name *cp;
2508 struct pending_cmd *cmd;
2509
2510 BT_DBG("status 0x%02x", status);
2511
2512 hci_dev_lock(hdev);
2513
2514 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
2515 if (!cmd)
2516 goto unlock;
2517
2518 cp = cmd->param;
2519
2520 if (status)
2521 cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME,
2522 mgmt_status(status));
2523 else
2524 cmd_complete(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
2525 cp, sizeof(*cp));
2526
2527 mgmt_pending_remove(cmd);
2528
2529unlock:
2530 hci_dev_unlock(hdev);
2531}
2532
bdb6d971 2533static int set_local_name(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2534 u16 len)
b312b161 2535{
2b4bf397 2536 struct mgmt_cp_set_local_name *cp = data;
b312b161 2537 struct pending_cmd *cmd;
890ea898 2538 struct hci_request req;
b312b161
JH		 2539 int err;
2540
2541 BT_DBG("");
2542
09fd0de5 2543 hci_dev_lock(hdev);
b312b161 2544
b3f2ca94
JH		 2545 /* If the old values are the same as the new ones just return a
2546 * direct command complete event.
2547 */
2548 if (!memcmp(hdev->dev_name, cp->name, sizeof(hdev->dev_name)) &&
2549 !memcmp(hdev->short_name, cp->short_name,
2550 sizeof(hdev->short_name))) {
2551 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
2552 data, len);
2553 goto failed;
2554 }
2555
2b4bf397 2556 memcpy(hdev->short_name, cp->short_name, sizeof(hdev->short_name));
28cc7bde 2557
b5235a65 2558 if (!hdev_is_powered(hdev)) {
2b4bf397 2559 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
28cc7bde
JH		 2560
2561 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
04124681 2562 data, len);
28cc7bde
JH		 2563 if (err < 0)
2564 goto failed;
2565
2566 err = mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, data, len,
04124681 2567 sk);
28cc7bde 2568
b5235a65
JH		 2569 goto failed;
2570 }
2571
28cc7bde 2572 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LOCAL_NAME, hdev, data, len);
b312b161
JH		 2573 if (!cmd) {
2574 err = -ENOMEM;
2575 goto failed;
2576 }
2577
13928971
JH		 2578 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
2579
890ea898 2580 hci_req_init(&req, hdev);
3f985050
JH		 2581
2582 if (lmp_bredr_capable(hdev)) {
2583 update_name(&req);
2584 update_eir(&req);
2585 }
2586
2587 if (lmp_le_capable(hdev))
2588 hci_update_ad(&req);
2589
13928971 2590 err = hci_req_run(&req, set_name_complete);
b312b161
JH		 2591 if (err < 0)
2592 mgmt_pending_remove(cmd);
2593
2594failed:
09fd0de5 2595 hci_dev_unlock(hdev);
b312b161
JH		 2596 return err;
2597}
2598
0f4e68cf 2599static int read_local_oob_data(struct sock *sk, struct hci_dev *hdev,
04124681 2600 void *data, u16 data_len)
c35938b2 2601{
c35938b2
SJ		 2602 struct pending_cmd *cmd;
2603 int err;
2604
bdb6d971 2605 BT_DBG("%s", hdev->name);
c35938b2 2606
09fd0de5 2607 hci_dev_lock(hdev);
c35938b2 2608
4b34ee78 2609 if (!hdev_is_powered(hdev)) {
bdb6d971 2610 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
04124681 2611 MGMT_STATUS_NOT_POWERED);
c35938b2
SJ		 2612 goto unlock;
2613 }
2614
9a1a1996 2615 if (!lmp_ssp_capable(hdev)) {
bdb6d971 2616 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
04124681 2617 MGMT_STATUS_NOT_SUPPORTED);
c35938b2
SJ		 2618 goto unlock;
2619 }
2620
2e58ef3e 2621 if (mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev)) {
bdb6d971 2622 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
04124681 2623 MGMT_STATUS_BUSY);
c35938b2
SJ		 2624 goto unlock;
2625 }
2626
2e58ef3e 2627 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_DATA, hdev, NULL, 0);
c35938b2
SJ		 2628 if (!cmd) {
2629 err = -ENOMEM;
2630 goto unlock;
2631 }
2632
2633 err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL);
2634 if (err < 0)
2635 mgmt_pending_remove(cmd);
2636
2637unlock:
09fd0de5 2638 hci_dev_unlock(hdev);
c35938b2
SJ		 2639 return err;
2640}
2641
bdb6d971 2642static int add_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
04124681 2643 void *data, u16 len)
2763eda6 2644{
650f726d 2645 struct mgmt_cp_add_remote_oob_data *cp = data;
bf1e3541 2646 u8 status;
2763eda6
SJ		 2647 int err;
2648
bdb6d971 2649 BT_DBG("%s ", hdev->name);
2763eda6 2650
09fd0de5 2651 hci_dev_lock(hdev);
2763eda6 2652
664ce4cc 2653 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr, cp->hash,
04124681 2654 cp->randomizer);
2763eda6 2655 if (err < 0)
bf1e3541 2656 status = MGMT_STATUS_FAILED;
2763eda6 2657 else
a6785be2 2658 status = MGMT_STATUS_SUCCESS;
bf1e3541 2659
bdb6d971 2660 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA, status,
04124681 2661 &cp->addr, sizeof(cp->addr));
2763eda6 2662
09fd0de5 2663 hci_dev_unlock(hdev);
2763eda6
SJ		 2664 return err;
2665}
2666
bdb6d971 2667static int remove_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
8ce8e2b5 2668 void *data, u16 len)
2763eda6 2669{
650f726d 2670 struct mgmt_cp_remove_remote_oob_data *cp = data;
bf1e3541 2671 u8 status;
2763eda6
SJ		 2672 int err;
2673
bdb6d971 2674 BT_DBG("%s", hdev->name);
2763eda6 2675
09fd0de5 2676 hci_dev_lock(hdev);
2763eda6 2677
664ce4cc 2678 err = hci_remove_remote_oob_data(hdev, &cp->addr.bdaddr);
2763eda6 2679 if (err < 0)
bf1e3541 2680 status = MGMT_STATUS_INVALID_PARAMS;
2763eda6 2681 else
a6785be2 2682 status = MGMT_STATUS_SUCCESS;
bf1e3541 2683
bdb6d971 2684 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
04124681 2685 status, &cp->addr, sizeof(cp->addr));
2763eda6 2686
09fd0de5 2687 hci_dev_unlock(hdev);
2763eda6
SJ		 2688 return err;
2689}
2690
41dc2bd6
AG		 2691static int mgmt_start_discovery_failed(struct hci_dev *hdev, u8 status)
2692{
2693 struct pending_cmd *cmd;
2694 u8 type;
2695 int err;
2696
2697 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
2698
2699 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
2700 if (!cmd)
2701 return -ENOENT;
2702
2703 type = hdev->discovery.type;
2704
2705 err = cmd_complete(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status),
2706 &type, sizeof(type));
2707 mgmt_pending_remove(cmd);
2708
2709 return err;
2710}
2711
7c307720
AG		 2712static void start_discovery_complete(struct hci_dev *hdev, u8 status)
2713{
2714 BT_DBG("status %d", status);
2715
2716 if (status) {
2717 hci_dev_lock(hdev);
2718 mgmt_start_discovery_failed(hdev, status);
2719 hci_dev_unlock(hdev);
2720 return;
2721 }
2722
2723 hci_dev_lock(hdev);
2724 hci_discovery_set_state(hdev, DISCOVERY_FINDING);
2725 hci_dev_unlock(hdev);
2726
2727 switch (hdev->discovery.type) {
2728 case DISCOV_TYPE_LE:
2729 queue_delayed_work(hdev->workqueue, &hdev->le_scan_disable,
0d8cc935 2730 DISCOV_LE_TIMEOUT);
7c307720
AG		 2731 break;
2732
2733 case DISCOV_TYPE_INTERLEAVED:
2734 queue_delayed_work(hdev->workqueue, &hdev->le_scan_disable,
0d8cc935 2735 DISCOV_INTERLEAVED_TIMEOUT);
7c307720
AG		 2736 break;
2737
2738 case DISCOV_TYPE_BREDR:
2739 break;
2740
2741 default:
2742 BT_ERR("Invalid discovery type %d", hdev->discovery.type);
2743 }
2744}
2745
bdb6d971 2746static int start_discovery(struct sock *sk, struct hci_dev *hdev,
04124681 2747 void *data, u16 len)
14a53664 2748{
650f726d 2749 struct mgmt_cp_start_discovery *cp = data;
14a53664 2750 struct pending_cmd *cmd;
7c307720
AG		 2751 struct hci_cp_le_set_scan_param param_cp;
2752 struct hci_cp_le_set_scan_enable enable_cp;
2753 struct hci_cp_inquiry inq_cp;
2754 struct hci_request req;
2755 /* General inquiry access code (GIAC) */
2756 u8 lap[3] = { 0x33, 0x8b, 0x9e };
14a53664
JH		 2757 int err;
2758
bdb6d971 2759 BT_DBG("%s", hdev->name);
14a53664 2760
09fd0de5 2761 hci_dev_lock(hdev);
14a53664 2762
4b34ee78 2763 if (!hdev_is_powered(hdev)) {
bdb6d971 2764 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
04124681 2765 MGMT_STATUS_NOT_POWERED);
bd2d1334
JH		 2766 goto failed;
2767 }
2768
642be6c7
AG		 2769 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags)) {
2770 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2771 MGMT_STATUS_BUSY);
2772 goto failed;
2773 }
2774
ff9ef578 2775 if (hdev->discovery.state != DISCOVERY_STOPPED) {
bdb6d971 2776 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
04124681 2777 MGMT_STATUS_BUSY);
ff9ef578
JH		 2778 goto failed;
2779 }
2780
2e58ef3e 2781 cmd = mgmt_pending_add(sk, MGMT_OP_START_DISCOVERY, hdev, NULL, 0);
14a53664
JH		 2782 if (!cmd) {
2783 err = -ENOMEM;
2784 goto failed;
2785 }
2786
4aab14e5
AG		 2787 hdev->discovery.type = cp->type;
2788
7c307720
AG		 2789 hci_req_init(&req, hdev);
2790
4aab14e5 2791 switch (hdev->discovery.type) {
f39799f5 2792 case DISCOV_TYPE_BREDR:
04106755
JH		 2793 if (!lmp_bredr_capable(hdev)) {
2794 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2795 MGMT_STATUS_NOT_SUPPORTED);
2796 mgmt_pending_remove(cmd);
2797 goto failed;
2798 }
2799
7c307720
AG		 2800 if (test_bit(HCI_INQUIRY, &hdev->flags)) {
2801 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2802 MGMT_STATUS_BUSY);
2803 mgmt_pending_remove(cmd);
2804 goto failed;
2805 }
2806
2807 hci_inquiry_cache_flush(hdev);
2808
2809 memset(&inq_cp, 0, sizeof(inq_cp));
2810 memcpy(&inq_cp.lap, lap, sizeof(inq_cp.lap));
0d8cc935 2811 inq_cp.length = DISCOV_BREDR_INQUIRY_LEN;
7c307720 2812 hci_req_add(&req, HCI_OP_INQUIRY, sizeof(inq_cp), &inq_cp);
f39799f5
AG		 2813 break;
2814
2815 case DISCOV_TYPE_LE:
7c307720 2816 case DISCOV_TYPE_INTERLEAVED:
757aee0f 2817 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
04106755
JH		 2818 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2819 MGMT_STATUS_NOT_SUPPORTED);
2820 mgmt_pending_remove(cmd);
2821 goto failed;
2822 }
2823
7c307720
AG		 2824 if (hdev->discovery.type == DISCOV_TYPE_INTERLEAVED &&
2825 !lmp_bredr_capable(hdev)) {
04106755
JH		 2826 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2827 MGMT_STATUS_NOT_SUPPORTED);
2828 mgmt_pending_remove(cmd);
2829 goto failed;
2830 }
2831
7c307720
AG		 2832 if (test_bit(HCI_LE_PERIPHERAL, &hdev->dev_flags)) {
2833 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2834 MGMT_STATUS_REJECTED);
2835 mgmt_pending_remove(cmd);
2836 goto failed;
2837 }
2838
2839 if (test_bit(HCI_LE_SCAN, &hdev->dev_flags)) {
2840 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2841 MGMT_STATUS_BUSY);
2842 mgmt_pending_remove(cmd);
2843 goto failed;
2844 }
2845
2846 memset(&param_cp, 0, sizeof(param_cp));
2847 param_cp.type = LE_SCAN_ACTIVE;
0d8cc935
AG		 2848 param_cp.interval = cpu_to_le16(DISCOV_LE_SCAN_INT);
2849 param_cp.window = cpu_to_le16(DISCOV_LE_SCAN_WIN);
7c307720
AG		 2850 hci_req_add(&req, HCI_OP_LE_SET_SCAN_PARAM, sizeof(param_cp),
2851 &param_cp);
2852
2853 memset(&enable_cp, 0, sizeof(enable_cp));
2854 enable_cp.enable = LE_SCAN_ENABLE;
2855 enable_cp.filter_dup = LE_SCAN_FILTER_DUP_ENABLE;
2856 hci_req_add(&req, HCI_OP_LE_SET_SCAN_ENABLE, sizeof(enable_cp),
2857 &enable_cp);
5e0452c0
AG		 2858 break;
2859
f39799f5 2860 default:
04106755
JH		 2861 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2862 MGMT_STATUS_INVALID_PARAMS);
2863 mgmt_pending_remove(cmd);
2864 goto failed;
f39799f5 2865 }
3fd24153 2866
7c307720 2867 err = hci_req_run(&req, start_discovery_complete);
14a53664
JH		 2868 if (err < 0)
2869 mgmt_pending_remove(cmd);
ff9ef578
JH		 2870 else
2871 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
14a53664
JH		 2872
2873failed:
09fd0de5 2874 hci_dev_unlock(hdev);
14a53664
JH		 2875 return err;
2876}
2877
1183fdca
AG		 2878static int mgmt_stop_discovery_failed(struct hci_dev *hdev, u8 status)
2879{
2880 struct pending_cmd *cmd;
2881 int err;
2882
2883 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
2884 if (!cmd)
2885 return -ENOENT;
2886
2887 err = cmd_complete(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status),
2888 &hdev->discovery.type, sizeof(hdev->discovery.type));
2889 mgmt_pending_remove(cmd);
2890
2891 return err;
2892}
2893
0e05bba6
AG		 2894static void stop_discovery_complete(struct hci_dev *hdev, u8 status)
2895{
2896 BT_DBG("status %d", status);
2897
2898 hci_dev_lock(hdev);
2899
2900 if (status) {
2901 mgmt_stop_discovery_failed(hdev, status);
2902 goto unlock;
2903 }
2904
2905 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
2906
2907unlock:
2908 hci_dev_unlock(hdev);
2909}
2910
bdb6d971 2911static int stop_discovery(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2912 u16 len)
14a53664 2913{
d930650b 2914 struct mgmt_cp_stop_discovery *mgmt_cp = data;
14a53664 2915 struct pending_cmd *cmd;
30dc78e1
JH		 2916 struct hci_cp_remote_name_req_cancel cp;
2917 struct inquiry_entry *e;
0e05bba6
AG		 2918 struct hci_request req;
2919 struct hci_cp_le_set_scan_enable enable_cp;
14a53664
JH		 2920 int err;
2921
bdb6d971 2922 BT_DBG("%s", hdev->name);
14a53664 2923
09fd0de5 2924 hci_dev_lock(hdev);
14a53664 2925
30dc78e1 2926 if (!hci_discovery_active(hdev)) {
bdb6d971 2927 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
04124681
GP		 2928 MGMT_STATUS_REJECTED, &mgmt_cp->type,
2929 sizeof(mgmt_cp->type));
d930650b
JH		 2930 goto unlock;
2931 }
2932
2933 if (hdev->discovery.type != mgmt_cp->type) {
bdb6d971 2934 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
04124681
GP		 2935 MGMT_STATUS_INVALID_PARAMS, &mgmt_cp->type,
2936 sizeof(mgmt_cp->type));
30dc78e1 2937 goto unlock;
ff9ef578
JH		 2938 }
2939
2e58ef3e 2940 cmd = mgmt_pending_add(sk, MGMT_OP_STOP_DISCOVERY, hdev, NULL, 0);
14a53664
JH		 2941 if (!cmd) {
2942 err = -ENOMEM;
30dc78e1
JH		 2943 goto unlock;
2944 }
2945
0e05bba6
AG		 2946 hci_req_init(&req, hdev);
2947
e0d9727e
AG		 2948 switch (hdev->discovery.state) {
2949 case DISCOVERY_FINDING:
0e05bba6
AG		 2950 if (test_bit(HCI_INQUIRY, &hdev->flags)) {
2951 hci_req_add(&req, HCI_OP_INQUIRY_CANCEL, 0, NULL);
2952 } else {
2953 cancel_delayed_work(&hdev->le_scan_disable);
2954
2955 memset(&enable_cp, 0, sizeof(enable_cp));
2956 enable_cp.enable = LE_SCAN_DISABLE;
2957 hci_req_add(&req, HCI_OP_LE_SET_SCAN_ENABLE,
2958 sizeof(enable_cp), &enable_cp);
2959 }
c9ecc48e 2960
e0d9727e
AG		 2961 break;
2962
2963 case DISCOVERY_RESOLVING:
2964 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY,
8ce8e2b5 2965 NAME_PENDING);
e0d9727e 2966 if (!e) {
30dc78e1 2967 mgmt_pending_remove(cmd);
e0d9727e
AG		 2968 err = cmd_complete(sk, hdev->id,
2969 MGMT_OP_STOP_DISCOVERY, 0,
2970 &mgmt_cp->type,
2971 sizeof(mgmt_cp->type));
2972 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
2973 goto unlock;
2974 }
30dc78e1 2975
e0d9727e 2976 bacpy(&cp.bdaddr, &e->data.bdaddr);
0e05bba6
AG		 2977 hci_req_add(&req, HCI_OP_REMOTE_NAME_REQ_CANCEL, sizeof(cp),
2978 &cp);
e0d9727e
AG		 2979
2980 break;
2981
2982 default:
2983 BT_DBG("unknown discovery state %u", hdev->discovery.state);
0e05bba6
AG		 2984
2985 mgmt_pending_remove(cmd);
2986 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
2987 MGMT_STATUS_FAILED, &mgmt_cp->type,
2988 sizeof(mgmt_cp->type));
2989 goto unlock;
14a53664
JH		 2990 }
2991
0e05bba6 2992 err = hci_req_run(&req, stop_discovery_complete);
14a53664
JH		 2993 if (err < 0)
2994 mgmt_pending_remove(cmd);
ff9ef578
JH		 2995 else
2996 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
14a53664 2997
30dc78e1 2998unlock:
09fd0de5 2999 hci_dev_unlock(hdev);
14a53664
JH		 3000 return err;
3001}
3002
bdb6d971 3003static int confirm_name(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3004 u16 len)
561aafbc 3005{
650f726d 3006 struct mgmt_cp_confirm_name *cp = data;
561aafbc 3007 struct inquiry_entry *e;
561aafbc
JH		 3008 int err;
3009
bdb6d971 3010 BT_DBG("%s", hdev->name);
561aafbc 3011
561aafbc
JH		 3012 hci_dev_lock(hdev);
3013
30dc78e1 3014 if (!hci_discovery_active(hdev)) {
bdb6d971 3015 err = cmd_status(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
04124681 3016 MGMT_STATUS_FAILED);
30dc78e1
JH		 3017 goto failed;
3018 }
3019
a198e7b1 3020 e = hci_inquiry_cache_lookup_unknown(hdev, &cp->addr.bdaddr);
561aafbc 3021 if (!e) {
bdb6d971 3022 err = cmd_status(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
04124681 3023 MGMT_STATUS_INVALID_PARAMS);
561aafbc
JH		 3024 goto failed;
3025 }
3026
3027 if (cp->name_known) {
3028 e->name_state = NAME_KNOWN;
3029 list_del(&e->list);
3030 } else {
3031 e->name_state = NAME_NEEDED;
a3d4e20a 3032 hci_inquiry_cache_update_resolve(hdev, e);
561aafbc
JH		 3033 }
3034
e384662b
JH		 3035 err = cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME, 0, &cp->addr,
3036 sizeof(cp->addr));
561aafbc
JH		 3037
3038failed:
3039 hci_dev_unlock(hdev);
561aafbc
JH		 3040 return err;
3041}
3042
bdb6d971 3043static int block_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3044 u16 len)
7fbec224 3045{
650f726d 3046 struct mgmt_cp_block_device *cp = data;
f0eeea8b 3047 u8 status;
7fbec224
AJ		 3048 int err;
3049
bdb6d971 3050 BT_DBG("%s", hdev->name);
7fbec224 3051
4ee71b20 3052 if (!bdaddr_type_is_valid(cp->addr.type))
5d0846d4
JH		 3053 return cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE,
3054 MGMT_STATUS_INVALID_PARAMS,
3055 &cp->addr, sizeof(cp->addr));
4ee71b20 3056
09fd0de5 3057 hci_dev_lock(hdev);
5e762444 3058
88c1fe4b 3059 err = hci_blacklist_add(hdev, &cp->addr.bdaddr, cp->addr.type);
7fbec224 3060 if (err < 0)
f0eeea8b 3061 status = MGMT_STATUS_FAILED;
7fbec224 3062 else
a6785be2 3063 status = MGMT_STATUS_SUCCESS;
f0eeea8b 3064
bdb6d971 3065 err = cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE, status,
04124681 3066 &cp->addr, sizeof(cp->addr));
5e762444 3067
09fd0de5 3068 hci_dev_unlock(hdev);
7fbec224
AJ		 3069
3070 return err;
3071}
3072
bdb6d971 3073static int unblock_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3074 u16 len)
7fbec224 3075{
650f726d 3076 struct mgmt_cp_unblock_device *cp = data;
f0eeea8b 3077 u8 status;
7fbec224
AJ		 3078 int err;
3079
bdb6d971 3080 BT_DBG("%s", hdev->name);
7fbec224 3081
4ee71b20 3082 if (!bdaddr_type_is_valid(cp->addr.type))
5d0846d4
JH		 3083 return cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE,
3084 MGMT_STATUS_INVALID_PARAMS,
3085 &cp->addr, sizeof(cp->addr));
4ee71b20 3086
09fd0de5 3087 hci_dev_lock(hdev);
5e762444 3088
88c1fe4b 3089 err = hci_blacklist_del(hdev, &cp->addr.bdaddr, cp->addr.type);
7fbec224 3090 if (err < 0)
f0eeea8b 3091 status = MGMT_STATUS_INVALID_PARAMS;
7fbec224 3092 else
a6785be2 3093 status = MGMT_STATUS_SUCCESS;
f0eeea8b 3094
bdb6d971 3095 err = cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE, status,
04124681 3096 &cp->addr, sizeof(cp->addr));
5e762444 3097
09fd0de5 3098 hci_dev_unlock(hdev);
7fbec224
AJ		 3099
3100 return err;
3101}
3102
cdbaccca
MH		 3103static int set_device_id(struct sock *sk, struct hci_dev *hdev, void *data,
3104 u16 len)
3105{
3106 struct mgmt_cp_set_device_id *cp = data;
890ea898 3107 struct hci_request req;
cdbaccca 3108 int err;
c72d4b8a 3109 __u16 source;
cdbaccca
MH		 3110
3111 BT_DBG("%s", hdev->name);
3112
c72d4b8a
SJ		 3113 source = __le16_to_cpu(cp->source);
3114
3115 if (source > 0x0002)
3116 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEVICE_ID,
3117 MGMT_STATUS_INVALID_PARAMS);
3118
cdbaccca
MH		 3119 hci_dev_lock(hdev);
3120
c72d4b8a 3121 hdev->devid_source = source;
cdbaccca
MH		 3122 hdev->devid_vendor = __le16_to_cpu(cp->vendor);
3123 hdev->devid_product = __le16_to_cpu(cp->product);
3124 hdev->devid_version = __le16_to_cpu(cp->version);
3125
3126 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEVICE_ID, 0, NULL, 0);
3127
890ea898
JH		 3128 hci_req_init(&req, hdev);
3129 update_eir(&req);
3130 hci_req_run(&req, NULL);
cdbaccca
MH		 3131
3132 hci_dev_unlock(hdev);
3133
3134 return err;
3135}
3136
4375f103
JH		 3137static void set_advertising_complete(struct hci_dev *hdev, u8 status)
3138{
3139 struct cmd_lookup match = { NULL, hdev };
3140
3141 if (status) {
3142 u8 mgmt_err = mgmt_status(status);
3143
3144 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev,
3145 cmd_status_rsp, &mgmt_err);
3146 return;
3147 }
3148
3149 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev, settings_rsp,
3150 &match);
3151
3152 new_settings(hdev, match.sk);
3153
3154 if (match.sk)
3155 sock_put(match.sk);
3156}
3157
3158static int set_advertising(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
3159{
3160 struct mgmt_mode *cp = data;
3161 struct pending_cmd *cmd;
3162 struct hci_request req;
3163 u8 val, enabled;
3164 int err;
3165
3166 BT_DBG("request for %s", hdev->name);
3167
3168 if (!lmp_le_capable(hdev))
3169 return cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
3170 MGMT_STATUS_NOT_SUPPORTED);
3171
3172 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
3173 return cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
3174 MGMT_STATUS_REJECTED);
3175
3176 if (cp->val != 0x00 && cp->val != 0x01)
3177 return cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
3178 MGMT_STATUS_INVALID_PARAMS);
3179
3180 hci_dev_lock(hdev);
3181
3182 val = !!cp->val;
3183 enabled = test_bit(HCI_LE_PERIPHERAL, &hdev->dev_flags);
3184
3185 if (!hdev_is_powered(hdev) || val == enabled) {
3186 bool changed = false;
3187
3188 if (val != test_bit(HCI_LE_PERIPHERAL, &hdev->dev_flags)) {
3189 change_bit(HCI_LE_PERIPHERAL, &hdev->dev_flags);
3190 changed = true;
3191 }
3192
3193 err = send_settings_rsp(sk, MGMT_OP_SET_ADVERTISING, hdev);
3194 if (err < 0)
3195 goto unlock;
3196
3197 if (changed)
3198 err = new_settings(hdev, sk);
3199
3200 goto unlock;
3201 }
3202
3203 if (mgmt_pending_find(MGMT_OP_SET_ADVERTISING, hdev) ||
3204 mgmt_pending_find(MGMT_OP_SET_LE, hdev)) {
3205 err = cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
3206 MGMT_STATUS_BUSY);
3207 goto unlock;
3208 }
3209
3210 cmd = mgmt_pending_add(sk, MGMT_OP_SET_ADVERTISING, hdev, data, len);
3211 if (!cmd) {
3212 err = -ENOMEM;
3213 goto unlock;
3214 }
3215
3216 hci_req_init(&req, hdev);
3217
3218 hci_req_add(&req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(val), &val);
3219
3220 err = hci_req_run(&req, set_advertising_complete);
3221 if (err < 0)
3222 mgmt_pending_remove(cmd);
3223
3224unlock:
3225 hci_dev_unlock(hdev);
3226 return err;
3227}
3228
33e38b3e
JH		 3229static void fast_connectable_complete(struct hci_dev *hdev, u8 status)
3230{
3231 struct pending_cmd *cmd;
3232
3233 BT_DBG("status 0x%02x", status);
3234
3235 hci_dev_lock(hdev);
3236
3237 cmd = mgmt_pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev);
3238 if (!cmd)
3239 goto unlock;
3240
3241 if (status) {
3242 cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
3243 mgmt_status(status));
3244 } else {
1a4d3c4b
JH		 3245 struct mgmt_mode *cp = cmd->param;
3246
3247 if (cp->val)
3248 set_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
3249 else
3250 clear_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
3251
33e38b3e
JH		 3252 send_settings_rsp(cmd->sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev);
3253 new_settings(hdev, cmd->sk);
3254 }
3255
3256 mgmt_pending_remove(cmd);
3257
3258unlock:
3259 hci_dev_unlock(hdev);
3260}
3261
bdb6d971 3262static int set_fast_connectable(struct sock *sk, struct hci_dev *hdev,
04124681 3263 void *data, u16 len)
f6422ec6 3264{
650f726d 3265 struct mgmt_mode *cp = data;
33e38b3e
JH		 3266 struct pending_cmd *cmd;
3267 struct hci_request req;
f6422ec6
AJ		 3268 int err;
3269
bdb6d971 3270 BT_DBG("%s", hdev->name);
f6422ec6 3271
1a47aee8 3272 if (!lmp_bredr_capable(hdev) || hdev->hci_ver < BLUETOOTH_VER_1_2)
33c525c0
JH		 3273 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
3274 MGMT_STATUS_NOT_SUPPORTED);
3275
a7e80f25
JH		 3276 if (cp->val != 0x00 && cp->val != 0x01)
3277 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
3278 MGMT_STATUS_INVALID_PARAMS);
3279
5400c044 3280 if (!hdev_is_powered(hdev))
bdb6d971 3281 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
04124681 3282 MGMT_STATUS_NOT_POWERED);
5400c044
JH		 3283
3284 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
bdb6d971 3285 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
04124681 3286 MGMT_STATUS_REJECTED);
f6422ec6
AJ		 3287
3288 hci_dev_lock(hdev);
3289
05cbf29f
JH		 3290 if (mgmt_pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev)) {
3291 err = cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
3292 MGMT_STATUS_BUSY);
3293 goto unlock;
3294 }
3295
1a4d3c4b
JH		 3296 if (!!cp->val == test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags)) {
3297 err = send_settings_rsp(sk, MGMT_OP_SET_FAST_CONNECTABLE,
3298 hdev);
3299 goto unlock;
3300 }
3301
33e38b3e
JH		 3302 cmd = mgmt_pending_add(sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev,
3303 data, len);
3304 if (!cmd) {
3305 err = -ENOMEM;
3306 goto unlock;
f6422ec6
AJ		 3307 }
3308
33e38b3e
JH		 3309 hci_req_init(&req, hdev);
3310
406d7804 3311 write_fast_connectable(&req, cp->val);
33e38b3e
JH		 3312
3313 err = hci_req_run(&req, fast_connectable_complete);
f6422ec6 3314 if (err < 0) {
bdb6d971 3315 err = cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
04124681 3316 MGMT_STATUS_FAILED);
33e38b3e 3317 mgmt_pending_remove(cmd);
f6422ec6
AJ		 3318 }
3319
33e38b3e 3320unlock:
f6422ec6 3321 hci_dev_unlock(hdev);
33e38b3e 3322
f6422ec6
AJ		 3323 return err;
3324}
3325
3f706b72
JH		 3326static bool ltk_is_valid(struct mgmt_ltk_info *key)
3327{
44b20d33
JH		 3328 if (key->authenticated != 0x00 && key->authenticated != 0x01)
3329 return false;
3f706b72
JH		 3330 if (key->master != 0x00 && key->master != 0x01)
3331 return false;
4ee71b20
JH		 3332 if (!bdaddr_type_is_le(key->addr.type))
3333 return false;
3f706b72
JH		 3334 return true;
3335}
3336
bdb6d971 3337static int load_long_term_keys(struct sock *sk, struct hci_dev *hdev,
04124681 3338 void *cp_data, u16 len)
346af67b 3339{
346af67b
VCG		 3340 struct mgmt_cp_load_long_term_keys *cp = cp_data;
3341 u16 key_count, expected_len;
715a5bf2 3342 int i, err;
346af67b 3343
1f350c87 3344 key_count = __le16_to_cpu(cp->key_count);
346af67b
VCG		 3345
3346 expected_len = sizeof(*cp) + key_count *
3347 sizeof(struct mgmt_ltk_info);
3348 if (expected_len != len) {
3349 BT_ERR("load_keys: expected %u bytes, got %u bytes",
8ce8e2b5 3350 len, expected_len);
bdb6d971 3351 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
e57e619f 3352 MGMT_STATUS_INVALID_PARAMS);
346af67b
VCG		 3353 }
3354
bdb6d971 3355 BT_DBG("%s key_count %u", hdev->name, key_count);
346af67b 3356
54ad6d8a
JH		 3357 for (i = 0; i < key_count; i++) {
3358 struct mgmt_ltk_info *key = &cp->keys[i];
3359
3f706b72 3360 if (!ltk_is_valid(key))
54ad6d8a
JH		 3361 return cmd_status(sk, hdev->id,
3362 MGMT_OP_LOAD_LONG_TERM_KEYS,
3363 MGMT_STATUS_INVALID_PARAMS);
3364 }
3365
346af67b
VCG		 3366 hci_dev_lock(hdev);
3367
3368 hci_smp_ltks_clear(hdev);
3369
3370 for (i = 0; i < key_count; i++) {
3371 struct mgmt_ltk_info *key = &cp->keys[i];
3372 u8 type;
3373
3374 if (key->master)
3375 type = HCI_SMP_LTK;
3376 else
3377 type = HCI_SMP_LTK_SLAVE;
3378
4596fde5 3379 hci_add_ltk(hdev, &key->addr.bdaddr,
378b5b7e 3380 bdaddr_to_le(key->addr.type),
04124681
GP		 3381 type, 0, key->authenticated, key->val,
3382 key->enc_size, key->ediv, key->rand);
346af67b
VCG		 3383 }
3384
715a5bf2
JH		 3385 err = cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS, 0,
3386 NULL, 0);
3387
346af67b 3388 hci_dev_unlock(hdev);
346af67b 3389
715a5bf2 3390 return err;
346af67b
VCG		 3391}
3392
2e3c35ea 3393static const struct mgmt_handler {
04124681
GP		 3394 int (*func) (struct sock *sk, struct hci_dev *hdev, void *data,
3395 u16 data_len);
be22b54e
JH		 3396 bool var_len;
3397 size_t data_len;
0f4e68cf
JH		 3398} mgmt_handlers[] = {
3399 { NULL }, /* 0x0000 (no command) */
be22b54e
JH		 3400 { read_version, false, MGMT_READ_VERSION_SIZE },
3401 { read_commands, false, MGMT_READ_COMMANDS_SIZE },
3402 { read_index_list, false, MGMT_READ_INDEX_LIST_SIZE },
3403 { read_controller_info, false, MGMT_READ_INFO_SIZE },
3404 { set_powered, false, MGMT_SETTING_SIZE },
3405 { set_discoverable, false, MGMT_SET_DISCOVERABLE_SIZE },
3406 { set_connectable, false, MGMT_SETTING_SIZE },
3407 { set_fast_connectable, false, MGMT_SETTING_SIZE },
3408 { set_pairable, false, MGMT_SETTING_SIZE },
3409 { set_link_security, false, MGMT_SETTING_SIZE },
3410 { set_ssp, false, MGMT_SETTING_SIZE },
3411 { set_hs, false, MGMT_SETTING_SIZE },
3412 { set_le, false, MGMT_SETTING_SIZE },
3413 { set_dev_class, false, MGMT_SET_DEV_CLASS_SIZE },
3414 { set_local_name, false, MGMT_SET_LOCAL_NAME_SIZE },
3415 { add_uuid, false, MGMT_ADD_UUID_SIZE },
3416 { remove_uuid, false, MGMT_REMOVE_UUID_SIZE },
3417 { load_link_keys, true, MGMT_LOAD_LINK_KEYS_SIZE },
3418 { load_long_term_keys, true, MGMT_LOAD_LONG_TERM_KEYS_SIZE },
3419 { disconnect, false, MGMT_DISCONNECT_SIZE },
3420 { get_connections, false, MGMT_GET_CONNECTIONS_SIZE },
3421 { pin_code_reply, false, MGMT_PIN_CODE_REPLY_SIZE },
3422 { pin_code_neg_reply, false, MGMT_PIN_CODE_NEG_REPLY_SIZE },
3423 { set_io_capability, false, MGMT_SET_IO_CAPABILITY_SIZE },
3424 { pair_device, false, MGMT_PAIR_DEVICE_SIZE },
3425 { cancel_pair_device, false, MGMT_CANCEL_PAIR_DEVICE_SIZE },
3426 { unpair_device, false, MGMT_UNPAIR_DEVICE_SIZE },
3427 { user_confirm_reply, false, MGMT_USER_CONFIRM_REPLY_SIZE },
3428 { user_confirm_neg_reply, false, MGMT_USER_CONFIRM_NEG_REPLY_SIZE },
3429 { user_passkey_reply, false, MGMT_USER_PASSKEY_REPLY_SIZE },
3430 { user_passkey_neg_reply, false, MGMT_USER_PASSKEY_NEG_REPLY_SIZE },
3431 { read_local_oob_data, false, MGMT_READ_LOCAL_OOB_DATA_SIZE },
3432 { add_remote_oob_data, false, MGMT_ADD_REMOTE_OOB_DATA_SIZE },
3433 { remove_remote_oob_data, false, MGMT_REMOVE_REMOTE_OOB_DATA_SIZE },
3434 { start_discovery, false, MGMT_START_DISCOVERY_SIZE },
3435 { stop_discovery, false, MGMT_STOP_DISCOVERY_SIZE },
3436 { confirm_name, false, MGMT_CONFIRM_NAME_SIZE },
3437 { block_device, false, MGMT_BLOCK_DEVICE_SIZE },
3438 { unblock_device, false, MGMT_UNBLOCK_DEVICE_SIZE },
cdbaccca 3439 { set_device_id, false, MGMT_SET_DEVICE_ID_SIZE },
4375f103 3440 { set_advertising, false, MGMT_SETTING_SIZE },
0f4e68cf
JH		 3441};
3442
3443
0381101f
JH		 3444int mgmt_control(struct sock *sk, struct msghdr *msg, size_t msglen)
3445{
650f726d
VCG		 3446 void *buf;
3447 u8 *cp;
0381101f 3448 struct mgmt_hdr *hdr;
4e51eae9 3449 u16 opcode, index, len;
bdb6d971 3450 struct hci_dev *hdev = NULL;
2e3c35ea 3451 const struct mgmt_handler *handler;
0381101f
JH		 3452 int err;
3453
3454 BT_DBG("got %zu bytes", msglen);
3455
3456 if (msglen < sizeof(*hdr))
3457 return -EINVAL;
3458
e63a15ec 3459 buf = kmalloc(msglen, GFP_KERNEL);
0381101f
JH		 3460 if (!buf)
3461 return -ENOMEM;
3462
3463 if (memcpy_fromiovec(buf, msg->msg_iov, msglen)) {
3464 err = -EFAULT;
3465 goto done;
3466 }
3467
650f726d 3468 hdr = buf;
1f350c87
MH		 3469 opcode = __le16_to_cpu(hdr->opcode);
3470 index = __le16_to_cpu(hdr->index);
3471 len = __le16_to_cpu(hdr->len);
0381101f
JH		 3472
3473 if (len != msglen - sizeof(*hdr)) {
3474 err = -EINVAL;
3475 goto done;
3476 }
3477
0f4e68cf 3478 if (index != MGMT_INDEX_NONE) {
bdb6d971
JH		 3479 hdev = hci_dev_get(index);
3480 if (!hdev) {
3481 err = cmd_status(sk, index, opcode,
04124681 3482 MGMT_STATUS_INVALID_INDEX);
bdb6d971
JH		 3483 goto done;
3484 }
0736cfa8
MH		 3485
3486 if (test_bit(HCI_USER_CHANNEL, &hdev->dev_flags)) {
3487 err = cmd_status(sk, index, opcode,
3488 MGMT_STATUS_INVALID_INDEX);
3489 goto done;
3490 }
bdb6d971
JH		 3491 }
3492
0f4e68cf 3493 if (opcode >= ARRAY_SIZE(mgmt_handlers) ||
8ce8e2b5 3494 mgmt_handlers[opcode].func == NULL) {
0381101f 3495 BT_DBG("Unknown op %u", opcode);
ca69b795 3496 err = cmd_status(sk, index, opcode,
04124681 3497 MGMT_STATUS_UNKNOWN_COMMAND);
0f4e68cf
JH		 3498 goto done;
3499 }
3500
3501 if ((hdev && opcode < MGMT_OP_READ_INFO) ||
8ce8e2b5 3502 (!hdev && opcode >= MGMT_OP_READ_INFO)) {
0f4e68cf 3503 err = cmd_status(sk, index, opcode,
04124681 3504 MGMT_STATUS_INVALID_INDEX);
0f4e68cf 3505 goto done;
0381101f
JH		 3506 }
3507
be22b54e
JH		 3508 handler = &mgmt_handlers[opcode];
3509
3510 if ((handler->var_len && len < handler->data_len) ||
8ce8e2b5 3511 (!handler->var_len && len != handler->data_len)) {
be22b54e 3512 err = cmd_status(sk, index, opcode,
04124681 3513 MGMT_STATUS_INVALID_PARAMS);
be22b54e
JH		 3514 goto done;
3515 }
3516
0f4e68cf
JH		 3517 if (hdev)
3518 mgmt_init_hdev(sk, hdev);
3519
3520 cp = buf + sizeof(*hdr);
3521
be22b54e 3522 err = handler->func(sk, hdev, cp, len);
e41d8b4e
JH		 3523 if (err < 0)
3524 goto done;
3525
0381101f
JH		 3526 err = msglen;
3527
3528done:
bdb6d971
JH		 3529 if (hdev)
3530 hci_dev_put(hdev);
3531
0381101f
JH		 3532 kfree(buf);
3533 return err;
3534}
c71e97bf 3535
744cf19e 3536int mgmt_index_added(struct hci_dev *hdev)
c71e97bf 3537{
bb4b2a9a
AE		 3538 if (!mgmt_valid_hdev(hdev))
3539 return -ENOTSUPP;
3540
744cf19e 3541 return mgmt_event(MGMT_EV_INDEX_ADDED, hdev, NULL, 0, NULL);
c71e97bf
JH		 3542}
3543
744cf19e 3544int mgmt_index_removed(struct hci_dev *hdev)
c71e97bf 3545{
5f159032 3546 u8 status = MGMT_STATUS_INVALID_INDEX;
b24752fe 3547
bb4b2a9a
AE		 3548 if (!mgmt_valid_hdev(hdev))
3549 return -ENOTSUPP;
3550
744cf19e 3551 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status);
b24752fe 3552
744cf19e 3553 return mgmt_event(MGMT_EV_INDEX_REMOVED, hdev, NULL, 0, NULL);
eec8d2bc
JH		 3554}
3555
890ea898 3556static void set_bredr_scan(struct hci_request *req)
7f0ae647 3557{
890ea898 3558 struct hci_dev *hdev = req->hdev;
7f0ae647
JH		 3559 u8 scan = 0;
3560
4c01f8b8
JH		 3561 /* Ensure that fast connectable is disabled. This function will
3562 * not do anything if the page scan parameters are already what
3563 * they should be.
3564 */
3565 write_fast_connectable(req, false);
3566
7f0ae647
JH		 3567 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
3568 scan |= SCAN_PAGE;
3569 if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
3570 scan |= SCAN_INQUIRY;
3571
890ea898
JH		 3572 if (scan)
3573 hci_req_add(req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
7f0ae647
JH		 3574}
3575
229ab39c
JH		 3576static void powered_complete(struct hci_dev *hdev, u8 status)
3577{
3578 struct cmd_lookup match = { NULL, hdev };
3579
3580 BT_DBG("status 0x%02x", status);
3581
3582 hci_dev_lock(hdev);
3583
3584 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
3585
3586 new_settings(hdev, match.sk);
3587
3588 hci_dev_unlock(hdev);
3589
3590 if (match.sk)
3591 sock_put(match.sk);
3592}
3593
70da6243 3594static int powered_update_hci(struct hci_dev *hdev)
5add6af8 3595{
890ea898 3596 struct hci_request req;
70da6243 3597 u8 link_sec;
5add6af8 3598
890ea898
JH		 3599 hci_req_init(&req, hdev);
3600
70da6243
JH		 3601 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags) &&
3602 !lmp_host_ssp_capable(hdev)) {
3603 u8 ssp = 1;
5e5282bb 3604
890ea898 3605 hci_req_add(&req, HCI_OP_WRITE_SSP_MODE, 1, &ssp);
70da6243 3606 }
5add6af8 3607
c73eee91
JH		 3608 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags) &&
3609 lmp_bredr_capable(hdev)) {
70da6243 3610 struct hci_cp_write_le_host_supported cp;
f0ff92fb 3611
70da6243
JH		 3612 cp.le = 1;
3613 cp.simul = lmp_le_br_capable(hdev);
3d1cbdd6 3614
70da6243
JH		 3615 /* Check first if we already have the right
3616 * host state (host features set)
3617 */
3618 if (cp.le != lmp_host_le_capable(hdev) ||
3619 cp.simul != lmp_host_le_br_capable(hdev))
890ea898
JH		 3620 hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED,
3621 sizeof(cp), &cp);
70da6243 3622 }
3d1cbdd6 3623
eeca6f89
JH		 3624 if (test_bit(HCI_LE_PERIPHERAL, &hdev->dev_flags)) {
3625 u8 adv = 0x01;
3626
3627 hci_req_add(&req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(adv), &adv);
3628 }
3629
70da6243
JH		 3630 link_sec = test_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
3631 if (link_sec != test_bit(HCI_AUTH, &hdev->flags))
890ea898
JH		 3632 hci_req_add(&req, HCI_OP_WRITE_AUTH_ENABLE,
3633 sizeof(link_sec), &link_sec);
562fcc24 3634
70da6243 3635 if (lmp_bredr_capable(hdev)) {
890ea898
JH		 3636 set_bredr_scan(&req);
3637 update_class(&req);
13928971 3638 update_name(&req);
890ea898 3639 update_eir(&req);
70da6243 3640 }
562fcc24 3641
229ab39c 3642 return hci_req_run(&req, powered_complete);
70da6243 3643}
562fcc24 3644
70da6243
JH		 3645int mgmt_powered(struct hci_dev *hdev, u8 powered)
3646{
3647 struct cmd_lookup match = { NULL, hdev };
229ab39c
JH		 3648 u8 status_not_powered = MGMT_STATUS_NOT_POWERED;
3649 u8 zero_cod[] = { 0, 0, 0 };
70da6243 3650 int err;
f0ff92fb 3651
70da6243
JH		 3652 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
3653 return 0;
3654
70da6243 3655 if (powered) {
229ab39c
JH		 3656 if (powered_update_hci(hdev) == 0)
3657 return 0;
fe038884 3658
229ab39c
JH		 3659 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp,
3660 &match);
3661 goto new_settings;
b24752fe
JH		 3662 }
3663
229ab39c
JH		 3664 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
3665 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status_not_powered);
3666
3667 if (memcmp(hdev->dev_class, zero_cod, sizeof(zero_cod)) != 0)
3668 mgmt_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev,
3669 zero_cod, sizeof(zero_cod), NULL);
3670
3671new_settings:
beadb2bd 3672 err = new_settings(hdev, match.sk);
eec8d2bc
JH		 3673
3674 if (match.sk)
3675 sock_put(match.sk);
3676
7bb895d6 3677 return err;
5add6af8 3678}
73f22f62 3679
96570ffc
JH		 3680int mgmt_set_powered_failed(struct hci_dev *hdev, int err)
3681{
3682 struct pending_cmd *cmd;
3683 u8 status;
3684
3685 cmd = mgmt_pending_find(MGMT_OP_SET_POWERED, hdev);
3686 if (!cmd)
3687 return -ENOENT;
3688
3689 if (err == -ERFKILL)
3690 status = MGMT_STATUS_RFKILLED;
3691 else
3692 status = MGMT_STATUS_FAILED;
3693
3694 err = cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_POWERED, status);
3695
3696 mgmt_pending_remove(cmd);
3697
3698 return err;
3699}
3700
744cf19e 3701int mgmt_discoverable(struct hci_dev *hdev, u8 discoverable)
73f22f62 3702{
76a7f3a4 3703 struct cmd_lookup match = { NULL, hdev };
5e5282bb
JH		 3704 bool changed = false;
3705 int err = 0;
73f22f62 3706
5e5282bb
JH		 3707 if (discoverable) {
3708 if (!test_and_set_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
3709 changed = true;
3710 } else {
3711 if (test_and_clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
3712 changed = true;
3713 }
73f22f62 3714
ed9b5f2f 3715 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, hdev, settings_rsp,
04124681 3716 &match);
ed9b5f2f 3717
beadb2bd
JH		 3718 if (changed)
3719 err = new_settings(hdev, match.sk);
5e5282bb 3720
73f22f62
JH		 3721 if (match.sk)
3722 sock_put(match.sk);
3723
7bb895d6 3724 return err;
73f22f62 3725}
9fbcbb45 3726
744cf19e 3727int mgmt_connectable(struct hci_dev *hdev, u8 connectable)
9fbcbb45 3728{
2b76f453 3729 struct pending_cmd *cmd;
5e5282bb
JH		 3730 bool changed = false;
3731 int err = 0;
9fbcbb45 3732
5e5282bb
JH		 3733 if (connectable) {
3734 if (!test_and_set_bit(HCI_CONNECTABLE, &hdev->dev_flags))
3735 changed = true;
3736 } else {
3737 if (test_and_clear_bit(HCI_CONNECTABLE, &hdev->dev_flags))
3738 changed = true;
3739 }
9fbcbb45 3740
2b76f453 3741 cmd = mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
ed9b5f2f 3742
beadb2bd 3743 if (changed)
2b76f453 3744 err = new_settings(hdev, cmd ? cmd->sk : NULL);
9fbcbb45 3745
7bb895d6 3746 return err;
9fbcbb45 3747}
55ed8ca1 3748
744cf19e 3749int mgmt_write_scan_failed(struct hci_dev *hdev, u8 scan, u8 status)
2d7cee58 3750{
ca69b795
JH		 3751 u8 mgmt_err = mgmt_status(status);
3752
2d7cee58 3753 if (scan & SCAN_PAGE)
744cf19e 3754 mgmt_pending_foreach(MGMT_OP_SET_CONNECTABLE, hdev,
04124681 3755 cmd_status_rsp, &mgmt_err);
2d7cee58
JH		 3756
3757 if (scan & SCAN_INQUIRY)
744cf19e 3758 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, hdev,
04124681 3759 cmd_status_rsp, &mgmt_err);
2d7cee58
JH		 3760
3761 return 0;
3762}
3763
53168e5b
CC		 3764int mgmt_new_link_key(struct hci_dev *hdev, struct link_key *key,
3765 bool persistent)
55ed8ca1 3766{
86742e1e 3767 struct mgmt_ev_new_link_key ev;
55ed8ca1 3768
a492cd52 3769 memset(&ev, 0, sizeof(ev));
55ed8ca1 3770
a492cd52 3771 ev.store_hint = persistent;
d753fdc4 3772 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
591f47f3 3773 ev.key.addr.type = BDADDR_BREDR;
a492cd52 3774 ev.key.type = key->type;
9b3b4460 3775 memcpy(ev.key.val, key->val, HCI_LINK_KEY_SIZE);
a492cd52 3776 ev.key.pin_len = key->pin_len;
55ed8ca1 3777
744cf19e 3778 return mgmt_event(MGMT_EV_NEW_LINK_KEY, hdev, &ev, sizeof(ev), NULL);
55ed8ca1 3779}
f7520543 3780
346af67b
VCG		 3781int mgmt_new_ltk(struct hci_dev *hdev, struct smp_ltk *key, u8 persistent)
3782{
3783 struct mgmt_ev_new_long_term_key ev;
3784
3785 memset(&ev, 0, sizeof(ev));
3786
3787 ev.store_hint = persistent;
3788 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
57c1477c 3789 ev.key.addr.type = link_to_bdaddr(LE_LINK, key->bdaddr_type);
346af67b
VCG		 3790 ev.key.authenticated = key->authenticated;
3791 ev.key.enc_size = key->enc_size;
3792 ev.key.ediv = key->ediv;
3793
3794 if (key->type == HCI_SMP_LTK)
3795 ev.key.master = 1;
3796
3797 memcpy(ev.key.rand, key->rand, sizeof(key->rand));
3798 memcpy(ev.key.val, key->val, sizeof(key->val));
3799
04124681
GP		 3800 return mgmt_event(MGMT_EV_NEW_LONG_TERM_KEY, hdev, &ev, sizeof(ev),
3801 NULL);
346af67b
VCG		 3802}
3803
afc747a6 3804int mgmt_device_connected(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
04124681
GP		 3805 u8 addr_type, u32 flags, u8 *name, u8 name_len,
3806 u8 *dev_class)
f7520543 3807{
b644ba33
JH		 3808 char buf[512];
3809 struct mgmt_ev_device_connected *ev = (void *) buf;
3810 u16 eir_len = 0;
f7520543 3811
b644ba33 3812 bacpy(&ev->addr.bdaddr, bdaddr);
57c1477c 3813 ev->addr.type = link_to_bdaddr(link_type, addr_type);
f7520543 3814
c95f0ba7 3815 ev->flags = __cpu_to_le32(flags);
08c79b61 3816
b644ba33
JH		 3817 if (name_len > 0)
3818 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE,
04124681 3819 name, name_len);
b644ba33
JH		 3820
3821 if (dev_class && memcmp(dev_class, "\0\0\0", 3) != 0)
53156385 3822 eir_len = eir_append_data(ev->eir, eir_len,
04124681 3823 EIR_CLASS_OF_DEV, dev_class, 3);
b644ba33 3824
eb55ef07 3825 ev->eir_len = cpu_to_le16(eir_len);
b644ba33
JH		 3826
3827 return mgmt_event(MGMT_EV_DEVICE_CONNECTED, hdev, buf,
04124681 3828 sizeof(*ev) + eir_len, NULL);
f7520543
JH		 3829}
3830
8962ee74
JH		 3831static void disconnect_rsp(struct pending_cmd *cmd, void *data)
3832{
c68fb7ff 3833 struct mgmt_cp_disconnect *cp = cmd->param;
8962ee74 3834 struct sock **sk = data;
a38528f1 3835 struct mgmt_rp_disconnect rp;
8962ee74 3836
88c3df13
JH		 3837 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
3838 rp.addr.type = cp->addr.type;
8962ee74 3839
aee9b218 3840 cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT, 0, &rp,
04124681 3841 sizeof(rp));
8962ee74
JH		 3842
3843 *sk = cmd->sk;
3844 sock_hold(*sk);
3845
a664b5bc 3846 mgmt_pending_remove(cmd);
8962ee74
JH		 3847}
3848
124f6e35 3849static void unpair_device_rsp(struct pending_cmd *cmd, void *data)
a8a1d19e 3850{
b1078ad0 3851 struct hci_dev *hdev = data;
124f6e35
JH		 3852 struct mgmt_cp_unpair_device *cp = cmd->param;
3853 struct mgmt_rp_unpair_device rp;
a8a1d19e
JH		 3854
3855 memset(&rp, 0, sizeof(rp));
124f6e35
JH		 3856 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
3857 rp.addr.type = cp->addr.type;
a8a1d19e 3858
b1078ad0
JH		 3859 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, cmd->sk);
3860
aee9b218 3861 cmd_complete(cmd->sk, cmd->index, cmd->opcode, 0, &rp, sizeof(rp));
a8a1d19e
JH		 3862
3863 mgmt_pending_remove(cmd);
3864}
3865
afc747a6 3866int mgmt_device_disconnected(struct hci_dev *hdev, bdaddr_t *bdaddr,
f0d6a0ea 3867 u8 link_type, u8 addr_type, u8 reason)
f7520543 3868{
f0d6a0ea 3869 struct mgmt_ev_device_disconnected ev;
8962ee74
JH		 3870 struct sock *sk = NULL;
3871 int err;
3872
744cf19e 3873 mgmt_pending_foreach(MGMT_OP_DISCONNECT, hdev, disconnect_rsp, &sk);
f7520543 3874
f0d6a0ea
MA		 3875 bacpy(&ev.addr.bdaddr, bdaddr);
3876 ev.addr.type = link_to_bdaddr(link_type, addr_type);
3877 ev.reason = reason;
f7520543 3878
afc747a6 3879 err = mgmt_event(MGMT_EV_DEVICE_DISCONNECTED, hdev, &ev, sizeof(ev),
04124681 3880 sk);
8962ee74
JH		 3881
3882 if (sk)
d97dcb66 3883 sock_put(sk);
8962ee74 3884
124f6e35 3885 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
04124681 3886 hdev);
a8a1d19e 3887
8962ee74
JH		 3888 return err;
3889}
3890
88c3df13 3891int mgmt_disconnect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 3892 u8 link_type, u8 addr_type, u8 status)
8962ee74 3893{
88c3df13 3894 struct mgmt_rp_disconnect rp;
8962ee74
JH		 3895 struct pending_cmd *cmd;
3896 int err;
3897
36a75f1b
JD		 3898 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
3899 hdev);
3900
2e58ef3e 3901 cmd = mgmt_pending_find(MGMT_OP_DISCONNECT, hdev);
8962ee74
JH		 3902 if (!cmd)
3903 return -ENOENT;
3904
88c3df13 3905 bacpy(&rp.addr.bdaddr, bdaddr);
57c1477c 3906 rp.addr.type = link_to_bdaddr(link_type, addr_type);
37d9ef76 3907
88c3df13 3908 err = cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT,
04124681 3909 mgmt_status(status), &rp, sizeof(rp));
8962ee74 3910
a664b5bc 3911 mgmt_pending_remove(cmd);
8962ee74
JH		 3912
3913 return err;
f7520543 3914}
17d5c04c 3915
48264f06 3916int mgmt_connect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
04124681 3917 u8 addr_type, u8 status)
17d5c04c
JH		 3918{
3919 struct mgmt_ev_connect_failed ev;
3920
4c659c39 3921 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 3922 ev.addr.type = link_to_bdaddr(link_type, addr_type);
ca69b795 3923 ev.status = mgmt_status(status);
17d5c04c 3924
744cf19e 3925 return mgmt_event(MGMT_EV_CONNECT_FAILED, hdev, &ev, sizeof(ev), NULL);
17d5c04c 3926}
980e1a53 3927
744cf19e 3928int mgmt_pin_code_request(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 secure)
980e1a53
JH		 3929{
3930 struct mgmt_ev_pin_code_request ev;
3931
d8457698 3932 bacpy(&ev.addr.bdaddr, bdaddr);
591f47f3 3933 ev.addr.type = BDADDR_BREDR;
a770bb5a 3934 ev.secure = secure;
980e1a53 3935
744cf19e 3936 return mgmt_event(MGMT_EV_PIN_CODE_REQUEST, hdev, &ev, sizeof(ev),
04124681 3937 NULL);
980e1a53
JH		 3938}
3939
744cf19e 3940int mgmt_pin_code_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 3941 u8 status)
980e1a53
JH		 3942{
3943 struct pending_cmd *cmd;
ac56fb13 3944 struct mgmt_rp_pin_code_reply rp;
980e1a53
JH		 3945 int err;
3946
2e58ef3e 3947 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_REPLY, hdev);
980e1a53
JH		 3948 if (!cmd)
3949 return -ENOENT;
3950
d8457698 3951 bacpy(&rp.addr.bdaddr, bdaddr);
591f47f3 3952 rp.addr.type = BDADDR_BREDR;
ac56fb13 3953
aee9b218 3954 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
04124681 3955 mgmt_status(status), &rp, sizeof(rp));
980e1a53 3956
a664b5bc 3957 mgmt_pending_remove(cmd);
980e1a53
JH		 3958
3959 return err;
3960}
3961
744cf19e 3962int mgmt_pin_code_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 3963 u8 status)
980e1a53
JH		 3964{
3965 struct pending_cmd *cmd;
ac56fb13 3966 struct mgmt_rp_pin_code_reply rp;
980e1a53
JH		 3967 int err;
3968
2e58ef3e 3969 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_NEG_REPLY, hdev);
980e1a53
JH		 3970 if (!cmd)
3971 return -ENOENT;
3972
d8457698 3973 bacpy(&rp.addr.bdaddr, bdaddr);
591f47f3 3974 rp.addr.type = BDADDR_BREDR;
ac56fb13 3975
aee9b218 3976 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_NEG_REPLY,
04124681 3977 mgmt_status(status), &rp, sizeof(rp));
980e1a53 3978
a664b5bc 3979 mgmt_pending_remove(cmd);
980e1a53
JH		 3980
3981 return err;
3982}
a5c29683 3983
744cf19e 3984int mgmt_user_confirm_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681
GP		 3985 u8 link_type, u8 addr_type, __le32 value,
3986 u8 confirm_hint)
a5c29683
JH		 3987{
3988 struct mgmt_ev_user_confirm_request ev;
3989
744cf19e 3990 BT_DBG("%s", hdev->name);
a5c29683 3991
272d90df 3992 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 3993 ev.addr.type = link_to_bdaddr(link_type, addr_type);
55bc1a37 3994 ev.confirm_hint = confirm_hint;
78e8098e 3995 ev.value = value;
a5c29683 3996
744cf19e 3997 return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST, hdev, &ev, sizeof(ev),
04124681 3998 NULL);
a5c29683
JH		 3999}
4000
272d90df 4001int mgmt_user_passkey_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
8ce8e2b5 4002 u8 link_type, u8 addr_type)
604086b7
BG		 4003{
4004 struct mgmt_ev_user_passkey_request ev;
4005
4006 BT_DBG("%s", hdev->name);
4007
272d90df 4008 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 4009 ev.addr.type = link_to_bdaddr(link_type, addr_type);
604086b7
BG		 4010
4011 return mgmt_event(MGMT_EV_USER_PASSKEY_REQUEST, hdev, &ev, sizeof(ev),
04124681 4012 NULL);
604086b7
BG		 4013}
4014
0df4c185 4015static int user_pairing_resp_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
8ce8e2b5
GP		 4016 u8 link_type, u8 addr_type, u8 status,
4017 u8 opcode)
a5c29683
JH		 4018{
4019 struct pending_cmd *cmd;
4020 struct mgmt_rp_user_confirm_reply rp;
4021 int err;
4022
2e58ef3e 4023 cmd = mgmt_pending_find(opcode, hdev);
a5c29683
JH		 4024 if (!cmd)
4025 return -ENOENT;
4026
272d90df 4027 bacpy(&rp.addr.bdaddr, bdaddr);
57c1477c 4028 rp.addr.type = link_to_bdaddr(link_type, addr_type);
aee9b218 4029 err = cmd_complete(cmd->sk, hdev->id, opcode, mgmt_status(status),
04124681 4030 &rp, sizeof(rp));
a5c29683 4031
a664b5bc 4032 mgmt_pending_remove(cmd);
a5c29683
JH		 4033
4034 return err;
4035}
4036
744cf19e 4037int mgmt_user_confirm_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 4038 u8 link_type, u8 addr_type, u8 status)
a5c29683 4039{
272d90df 4040 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
04124681 4041 status, MGMT_OP_USER_CONFIRM_REPLY);
a5c29683
JH		 4042}
4043
272d90df 4044int mgmt_user_confirm_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 4045 u8 link_type, u8 addr_type, u8 status)
a5c29683 4046{
272d90df 4047 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
8fc9ced3
GP		 4048 status,
4049 MGMT_OP_USER_CONFIRM_NEG_REPLY);
a5c29683 4050}
2a611692 4051
604086b7 4052int mgmt_user_passkey_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 4053 u8 link_type, u8 addr_type, u8 status)
604086b7 4054{
272d90df 4055 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
04124681 4056 status, MGMT_OP_USER_PASSKEY_REPLY);
604086b7
BG		 4057}
4058
272d90df 4059int mgmt_user_passkey_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 4060 u8 link_type, u8 addr_type, u8 status)
604086b7 4061{
272d90df 4062 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
8fc9ced3
GP		 4063 status,
4064 MGMT_OP_USER_PASSKEY_NEG_REPLY);
604086b7
BG		 4065}
4066
92a25256
JH		 4067int mgmt_user_passkey_notify(struct hci_dev *hdev, bdaddr_t *bdaddr,
4068 u8 link_type, u8 addr_type, u32 passkey,
4069 u8 entered)
4070{
4071 struct mgmt_ev_passkey_notify ev;
4072
4073 BT_DBG("%s", hdev->name);
4074
4075 bacpy(&ev.addr.bdaddr, bdaddr);
4076 ev.addr.type = link_to_bdaddr(link_type, addr_type);
4077 ev.passkey = __cpu_to_le32(passkey);
4078 ev.entered = entered;
4079
4080 return mgmt_event(MGMT_EV_PASSKEY_NOTIFY, hdev, &ev, sizeof(ev), NULL);
4081}
4082
bab73cb6 4083int mgmt_auth_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
04124681 4084 u8 addr_type, u8 status)
2a611692
JH		 4085{
4086 struct mgmt_ev_auth_failed ev;
4087
bab73cb6 4088 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 4089 ev.addr.type = link_to_bdaddr(link_type, addr_type);
ca69b795 4090 ev.status = mgmt_status(status);
2a611692 4091
744cf19e 4092 return mgmt_event(MGMT_EV_AUTH_FAILED, hdev, &ev, sizeof(ev), NULL);
2a611692 4093}
b312b161 4094
33ef95ed
JH		 4095int mgmt_auth_enable_complete(struct hci_dev *hdev, u8 status)
4096{
4097 struct cmd_lookup match = { NULL, hdev };
47990ea0
JH		 4098 bool changed = false;
4099 int err = 0;
33ef95ed
JH		 4100
4101 if (status) {
4102 u8 mgmt_err = mgmt_status(status);
4103 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev,
04124681 4104 cmd_status_rsp, &mgmt_err);
33ef95ed
JH		 4105 return 0;
4106 }
4107
47990ea0
JH		 4108 if (test_bit(HCI_AUTH, &hdev->flags)) {
4109 if (!test_and_set_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
4110 changed = true;
4111 } else {
4112 if (test_and_clear_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
4113 changed = true;
4114 }
4115
33ef95ed 4116 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev, settings_rsp,
04124681 4117 &match);
33ef95ed 4118
47990ea0
JH		 4119 if (changed)
4120 err = new_settings(hdev, match.sk);
33ef95ed
JH		 4121
4122 if (match.sk)
4123 sock_put(match.sk);
4124
4125 return err;
4126}
4127
890ea898 4128static void clear_eir(struct hci_request *req)
cacaf52f 4129{
890ea898 4130 struct hci_dev *hdev = req->hdev;
cacaf52f
JH		 4131 struct hci_cp_write_eir cp;
4132
976eb20e 4133 if (!lmp_ext_inq_capable(hdev))
890ea898 4134 return;
cacaf52f 4135
c80da27e
JH		 4136 memset(hdev->eir, 0, sizeof(hdev->eir));
4137
cacaf52f
JH		 4138 memset(&cp, 0, sizeof(cp));
4139
890ea898 4140 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
cacaf52f
JH		 4141}
4142
c0ecddc2 4143int mgmt_ssp_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
ed2c4ee3
JH		 4144{
4145 struct cmd_lookup match = { NULL, hdev };
890ea898 4146 struct hci_request req;
c0ecddc2
JH		 4147 bool changed = false;
4148 int err = 0;
ed2c4ee3
JH		 4149
4150 if (status) {
4151 u8 mgmt_err = mgmt_status(status);
c0ecddc2
JH		 4152
4153 if (enable && test_and_clear_bit(HCI_SSP_ENABLED,
04124681 4154 &hdev->dev_flags))
c0ecddc2
JH		 4155 err = new_settings(hdev, NULL);
4156
04124681
GP		 4157 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, cmd_status_rsp,
4158 &mgmt_err);
c0ecddc2
JH		 4159
4160 return err;
4161 }
4162
4163 if (enable) {
4164 if (!test_and_set_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
4165 changed = true;
4166 } else {
4167 if (test_and_clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
4168 changed = true;
ed2c4ee3
JH		 4169 }
4170
4171 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, settings_rsp, &match);
4172
c0ecddc2
JH		 4173 if (changed)
4174 err = new_settings(hdev, match.sk);
ed2c4ee3 4175
5fc6ebb1 4176 if (match.sk)
ed2c4ee3
JH		 4177 sock_put(match.sk);
4178
890ea898
JH		 4179 hci_req_init(&req, hdev);
4180
5fc6ebb1 4181 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
890ea898 4182 update_eir(&req);
5fc6ebb1 4183 else
890ea898
JH		 4184 clear_eir(&req);
4185
4186 hci_req_run(&req, NULL);
cacaf52f 4187
ed2c4ee3
JH		 4188 return err;
4189}
4190
92da6097 4191static void sk_lookup(struct pending_cmd *cmd, void *data)
90e70454
JH		 4192{
4193 struct cmd_lookup *match = data;
4194
90e70454
JH		 4195 if (match->sk == NULL) {
4196 match->sk = cmd->sk;
4197 sock_hold(match->sk);
4198 }
90e70454
JH		 4199}
4200
7f9a903c 4201int mgmt_set_class_of_dev_complete(struct hci_dev *hdev, u8 *dev_class,
04124681 4202 u8 status)
7f9a903c 4203{
90e70454
JH		 4204 struct cmd_lookup match = { NULL, hdev, mgmt_status(status) };
4205 int err = 0;
7f9a903c 4206
92da6097
JH		 4207 mgmt_pending_foreach(MGMT_OP_SET_DEV_CLASS, hdev, sk_lookup, &match);
4208 mgmt_pending_foreach(MGMT_OP_ADD_UUID, hdev, sk_lookup, &match);
4209 mgmt_pending_foreach(MGMT_OP_REMOVE_UUID, hdev, sk_lookup, &match);
90e70454
JH		 4210
4211 if (!status)
04124681
GP		 4212 err = mgmt_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev, dev_class,
4213 3, NULL);
90e70454
JH		 4214
4215 if (match.sk)
4216 sock_put(match.sk);
7f9a903c
MH		 4217
4218 return err;
4219}
4220
744cf19e 4221int mgmt_set_local_name_complete(struct hci_dev *hdev, u8 *name, u8 status)
b312b161 4222{
b312b161 4223 struct mgmt_cp_set_local_name ev;
13928971 4224 struct pending_cmd *cmd;
28cc7bde 4225
13928971
JH		 4226 if (status)
4227 return 0;
b312b161
JH		 4228
4229 memset(&ev, 0, sizeof(ev));
4230 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH);
28cc7bde 4231 memcpy(ev.short_name, hdev->short_name, HCI_MAX_SHORT_NAME_LENGTH);
b312b161 4232
2e58ef3e 4233 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
13928971
JH		 4234 if (!cmd) {
4235 memcpy(hdev->dev_name, name, sizeof(hdev->dev_name));
28cc7bde 4236
13928971
JH		 4237 /* If this is a HCI command related to powering on the
4238 * HCI dev don't send any mgmt signals.
4239 */
4240 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev))
4241 return 0;
890ea898 4242 }
b312b161 4243
13928971
JH		 4244 return mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, &ev, sizeof(ev),
4245 cmd ? cmd->sk : NULL);
b312b161 4246}
c35938b2 4247
744cf19e 4248int mgmt_read_local_oob_data_reply_complete(struct hci_dev *hdev, u8 *hash,
04124681 4249 u8 *randomizer, u8 status)
c35938b2
SJ		 4250{
4251 struct pending_cmd *cmd;
4252 int err;
4253
744cf19e 4254 BT_DBG("%s status %u", hdev->name, status);
c35938b2 4255
2e58ef3e 4256 cmd = mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev);
c35938b2
SJ		 4257 if (!cmd)
4258 return -ENOENT;
4259
4260 if (status) {
04124681
GP		 4261 err = cmd_status(cmd->sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
4262 mgmt_status(status));
c35938b2
SJ		 4263 } else {
4264 struct mgmt_rp_read_local_oob_data rp;
4265
4266 memcpy(rp.hash, hash, sizeof(rp.hash));
4267 memcpy(rp.randomizer, randomizer, sizeof(rp.randomizer));
4268
744cf19e 4269 err = cmd_complete(cmd->sk, hdev->id,
04124681
GP		 4270 MGMT_OP_READ_LOCAL_OOB_DATA, 0, &rp,
4271 sizeof(rp));
c35938b2
SJ		 4272 }
4273
4274 mgmt_pending_remove(cmd);
4275
4276 return err;
4277}
e17acd40 4278
48264f06 4279int mgmt_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
04124681
GP		 4280 u8 addr_type, u8 *dev_class, s8 rssi, u8 cfm_name, u8
4281 ssp, u8 *eir, u16 eir_len)
e17acd40 4282{
e319d2e7
JH		 4283 char buf[512];
4284 struct mgmt_ev_device_found *ev = (void *) buf;
1dc06093 4285 size_t ev_size;
e17acd40 4286
12602d0c
AG		 4287 if (!hci_discovery_active(hdev))
4288 return -EPERM;
4289
1dc06093
JH		 4290 /* Leave 5 bytes for a potential CoD field */
4291 if (sizeof(*ev) + eir_len + 5 > sizeof(buf))
7d262f86
AG		 4292 return -EINVAL;
4293
1dc06093
JH		 4294 memset(buf, 0, sizeof(buf));
4295
e319d2e7 4296 bacpy(&ev->addr.bdaddr, bdaddr);
57c1477c 4297 ev->addr.type = link_to_bdaddr(link_type, addr_type);
e319d2e7 4298 ev->rssi = rssi;
9a395a80 4299 if (cfm_name)
612dfce9 4300 ev->flags |= __constant_cpu_to_le32(MGMT_DEV_FOUND_CONFIRM_NAME);
388fc8fa 4301 if (!ssp)
612dfce9 4302 ev->flags |= __constant_cpu_to_le32(MGMT_DEV_FOUND_LEGACY_PAIRING);
e17acd40 4303
1dc06093 4304 if (eir_len > 0)
e319d2e7 4305 memcpy(ev->eir, eir, eir_len);
e17acd40 4306
1dc06093
JH		 4307 if (dev_class && !eir_has_data_type(ev->eir, eir_len, EIR_CLASS_OF_DEV))
4308 eir_len = eir_append_data(ev->eir, eir_len, EIR_CLASS_OF_DEV,
04124681 4309 dev_class, 3);
1dc06093 4310
eb55ef07 4311 ev->eir_len = cpu_to_le16(eir_len);
1dc06093 4312 ev_size = sizeof(*ev) + eir_len;
f8523598 4313
e319d2e7 4314 return mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, ev_size, NULL);
e17acd40 4315}
a88a9652 4316
b644ba33 4317int mgmt_remote_name(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
04124681 4318 u8 addr_type, s8 rssi, u8 *name, u8 name_len)
a88a9652 4319{
b644ba33
JH		 4320 struct mgmt_ev_device_found *ev;
4321 char buf[sizeof(*ev) + HCI_MAX_NAME_LENGTH + 2];
4322 u16 eir_len;
a88a9652 4323
b644ba33 4324 ev = (struct mgmt_ev_device_found *) buf;
a88a9652 4325
b644ba33
JH		 4326 memset(buf, 0, sizeof(buf));
4327
4328 bacpy(&ev->addr.bdaddr, bdaddr);
57c1477c 4329 ev->addr.type = link_to_bdaddr(link_type, addr_type);
b644ba33
JH		 4330 ev->rssi = rssi;
4331
4332 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE, name,
04124681 4333 name_len);
b644ba33 4334
eb55ef07 4335 ev->eir_len = cpu_to_le16(eir_len);
a88a9652 4336
053c7e0c 4337 return mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev,
04124681 4338 sizeof(*ev) + eir_len, NULL);
a88a9652 4339}
314b2381 4340
744cf19e 4341int mgmt_discovering(struct hci_dev *hdev, u8 discovering)
314b2381 4342{
f963e8e9 4343 struct mgmt_ev_discovering ev;
164a6e78
JH		 4344 struct pending_cmd *cmd;
4345
343fb145
AG		 4346 BT_DBG("%s discovering %u", hdev->name, discovering);
4347
164a6e78 4348 if (discovering)
2e58ef3e 4349 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
164a6e78 4350 else
2e58ef3e 4351 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
164a6e78
JH		 4352
4353 if (cmd != NULL) {
f808e166
JH		 4354 u8 type = hdev->discovery.type;
4355
04124681
GP		 4356 cmd_complete(cmd->sk, hdev->id, cmd->opcode, 0, &type,
4357 sizeof(type));
164a6e78
JH		 4358 mgmt_pending_remove(cmd);
4359 }
4360
f963e8e9
JH		 4361 memset(&ev, 0, sizeof(ev));
4362 ev.type = hdev->discovery.type;
4363 ev.discovering = discovering;
4364
4365 return mgmt_event(MGMT_EV_DISCOVERING, hdev, &ev, sizeof(ev), NULL);
314b2381 4366}
5e762444 4367
88c1fe4b 4368int mgmt_device_blocked(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
5e762444
AJ		 4369{
4370 struct pending_cmd *cmd;
4371 struct mgmt_ev_device_blocked ev;
4372
2e58ef3e 4373 cmd = mgmt_pending_find(MGMT_OP_BLOCK_DEVICE, hdev);
5e762444 4374
88c1fe4b
JH		 4375 bacpy(&ev.addr.bdaddr, bdaddr);
4376 ev.addr.type = type;
5e762444 4377
744cf19e 4378 return mgmt_event(MGMT_EV_DEVICE_BLOCKED, hdev, &ev, sizeof(ev),
04124681 4379 cmd ? cmd->sk : NULL);
5e762444
AJ		 4380}
4381
88c1fe4b 4382int mgmt_device_unblocked(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
5e762444
AJ		 4383{
4384 struct pending_cmd *cmd;
4385 struct mgmt_ev_device_unblocked ev;
4386
2e58ef3e 4387 cmd = mgmt_pending_find(MGMT_OP_UNBLOCK_DEVICE, hdev);
5e762444 4388
88c1fe4b
JH		 4389 bacpy(&ev.addr.bdaddr, bdaddr);
4390 ev.addr.type = type;
5e762444 4391
744cf19e 4392 return mgmt_event(MGMT_EV_DEVICE_UNBLOCKED, hdev, &ev, sizeof(ev),
04124681 4393 cmd ? cmd->sk : NULL);
5e762444 4394}
Linux kernel - Deliverables
This page took 0.640502 seconds and 5 git commands to generate.