projects / deliverable / linux.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Bluetooth: btmrvl: separate write-to-clear function from interrupt handler
[deliverable/linux.git] / net / bluetooth / mgmt.c
CommitLineData
0381101f
JH		 1/*
2 BlueZ - Bluetooth protocol stack for Linux
ea585ab5 3
0381101f 4 Copyright (C) 2010 Nokia Corporation
ea585ab5 5 Copyright (C) 2011-2012 Intel Corporation
0381101f
JH		 6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
10
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
23*/
24
25/* Bluetooth HCI Management interface */
26
3a9a231d 27#include <linux/module.h>
0381101f
JH		 28#include <asm/unaligned.h>
29
30#include <net/bluetooth/bluetooth.h>
31#include <net/bluetooth/hci_core.h>
32#include <net/bluetooth/mgmt.h>
ac4b7236
MH		 33
34#include "smp.h"
0381101f 35
2da9c55c 36#define MGMT_VERSION 1
40456644 37#define MGMT_REVISION 5
02d98129 38
e70bb2e8
JH		 39static const u16 mgmt_commands[] = {
40 MGMT_OP_READ_INDEX_LIST,
41 MGMT_OP_READ_INFO,
42 MGMT_OP_SET_POWERED,
43 MGMT_OP_SET_DISCOVERABLE,
44 MGMT_OP_SET_CONNECTABLE,
45 MGMT_OP_SET_FAST_CONNECTABLE,
46 MGMT_OP_SET_PAIRABLE,
47 MGMT_OP_SET_LINK_SECURITY,
48 MGMT_OP_SET_SSP,
49 MGMT_OP_SET_HS,
50 MGMT_OP_SET_LE,
51 MGMT_OP_SET_DEV_CLASS,
52 MGMT_OP_SET_LOCAL_NAME,
53 MGMT_OP_ADD_UUID,
54 MGMT_OP_REMOVE_UUID,
55 MGMT_OP_LOAD_LINK_KEYS,
56 MGMT_OP_LOAD_LONG_TERM_KEYS,
57 MGMT_OP_DISCONNECT,
58 MGMT_OP_GET_CONNECTIONS,
59 MGMT_OP_PIN_CODE_REPLY,
60 MGMT_OP_PIN_CODE_NEG_REPLY,
61 MGMT_OP_SET_IO_CAPABILITY,
62 MGMT_OP_PAIR_DEVICE,
63 MGMT_OP_CANCEL_PAIR_DEVICE,
64 MGMT_OP_UNPAIR_DEVICE,
65 MGMT_OP_USER_CONFIRM_REPLY,
66 MGMT_OP_USER_CONFIRM_NEG_REPLY,
67 MGMT_OP_USER_PASSKEY_REPLY,
68 MGMT_OP_USER_PASSKEY_NEG_REPLY,
69 MGMT_OP_READ_LOCAL_OOB_DATA,
70 MGMT_OP_ADD_REMOTE_OOB_DATA,
71 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
72 MGMT_OP_START_DISCOVERY,
73 MGMT_OP_STOP_DISCOVERY,
74 MGMT_OP_CONFIRM_NAME,
75 MGMT_OP_BLOCK_DEVICE,
76 MGMT_OP_UNBLOCK_DEVICE,
cdbaccca 77 MGMT_OP_SET_DEVICE_ID,
4375f103 78 MGMT_OP_SET_ADVERTISING,
0663ca2a 79 MGMT_OP_SET_BREDR,
d13eafce 80 MGMT_OP_SET_STATIC_ADDRESS,
7f72134e 81 MGMT_OP_SET_SCAN_PARAMS,
e98d2ce2 82 MGMT_OP_SET_SECURE_CONN,
4e39ac81 83 MGMT_OP_SET_DEBUG_KEYS,
62b04cd1 84 MGMT_OP_SET_PRIVACY,
41edf160 85 MGMT_OP_LOAD_IRKS,
e70bb2e8
JH		 86};
87
88static const u16 mgmt_events[] = {
89 MGMT_EV_CONTROLLER_ERROR,
90 MGMT_EV_INDEX_ADDED,
91 MGMT_EV_INDEX_REMOVED,
92 MGMT_EV_NEW_SETTINGS,
93 MGMT_EV_CLASS_OF_DEV_CHANGED,
94 MGMT_EV_LOCAL_NAME_CHANGED,
95 MGMT_EV_NEW_LINK_KEY,
96 MGMT_EV_NEW_LONG_TERM_KEY,
97 MGMT_EV_DEVICE_CONNECTED,
98 MGMT_EV_DEVICE_DISCONNECTED,
99 MGMT_EV_CONNECT_FAILED,
100 MGMT_EV_PIN_CODE_REQUEST,
101 MGMT_EV_USER_CONFIRM_REQUEST,
102 MGMT_EV_USER_PASSKEY_REQUEST,
103 MGMT_EV_AUTH_FAILED,
104 MGMT_EV_DEVICE_FOUND,
105 MGMT_EV_DISCOVERING,
106 MGMT_EV_DEVICE_BLOCKED,
107 MGMT_EV_DEVICE_UNBLOCKED,
108 MGMT_EV_DEVICE_UNPAIRED,
92a25256 109 MGMT_EV_PASSKEY_NOTIFY,
1b60ef21 110 MGMT_EV_NEW_IRK,
7ee4ea36 111 MGMT_EV_NEW_CSRK,
e70bb2e8
JH		 112};
113
17b02e62 114#define CACHE_TIMEOUT msecs_to_jiffies(2 * 1000)
7d78525d 115
4b34ee78
JH		 116#define hdev_is_powered(hdev) (test_bit(HCI_UP, &hdev->flags) && \
117 !test_bit(HCI_AUTO_OFF, &hdev->dev_flags))
118
eec8d2bc
JH		 119struct pending_cmd {
120 struct list_head list;
fc2f4b13 121 u16 opcode;
eec8d2bc 122 int index;
c68fb7ff 123 void *param;
eec8d2bc 124 struct sock *sk;
e9a416b5 125 void *user_data;
eec8d2bc
JH		 126};
127
ca69b795
JH		 128/* HCI to MGMT error code conversion table */
129static u8 mgmt_status_table[] = {
130 MGMT_STATUS_SUCCESS,
131 MGMT_STATUS_UNKNOWN_COMMAND, /* Unknown Command */
132 MGMT_STATUS_NOT_CONNECTED, /* No Connection */
133 MGMT_STATUS_FAILED, /* Hardware Failure */
134 MGMT_STATUS_CONNECT_FAILED, /* Page Timeout */
135 MGMT_STATUS_AUTH_FAILED, /* Authentication Failed */
eadd663a 136 MGMT_STATUS_AUTH_FAILED, /* PIN or Key Missing */
ca69b795
JH		 137 MGMT_STATUS_NO_RESOURCES, /* Memory Full */
138 MGMT_STATUS_TIMEOUT, /* Connection Timeout */
139 MGMT_STATUS_NO_RESOURCES, /* Max Number of Connections */
140 MGMT_STATUS_NO_RESOURCES, /* Max Number of SCO Connections */
141 MGMT_STATUS_ALREADY_CONNECTED, /* ACL Connection Exists */
142 MGMT_STATUS_BUSY, /* Command Disallowed */
143 MGMT_STATUS_NO_RESOURCES, /* Rejected Limited Resources */
144 MGMT_STATUS_REJECTED, /* Rejected Security */
145 MGMT_STATUS_REJECTED, /* Rejected Personal */
146 MGMT_STATUS_TIMEOUT, /* Host Timeout */
147 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Feature */
148 MGMT_STATUS_INVALID_PARAMS, /* Invalid Parameters */
149 MGMT_STATUS_DISCONNECTED, /* OE User Ended Connection */
150 MGMT_STATUS_NO_RESOURCES, /* OE Low Resources */
151 MGMT_STATUS_DISCONNECTED, /* OE Power Off */
152 MGMT_STATUS_DISCONNECTED, /* Connection Terminated */
153 MGMT_STATUS_BUSY, /* Repeated Attempts */
154 MGMT_STATUS_REJECTED, /* Pairing Not Allowed */
155 MGMT_STATUS_FAILED, /* Unknown LMP PDU */
156 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Remote Feature */
157 MGMT_STATUS_REJECTED, /* SCO Offset Rejected */
158 MGMT_STATUS_REJECTED, /* SCO Interval Rejected */
159 MGMT_STATUS_REJECTED, /* Air Mode Rejected */
160 MGMT_STATUS_INVALID_PARAMS, /* Invalid LMP Parameters */
161 MGMT_STATUS_FAILED, /* Unspecified Error */
162 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported LMP Parameter Value */
163 MGMT_STATUS_FAILED, /* Role Change Not Allowed */
164 MGMT_STATUS_TIMEOUT, /* LMP Response Timeout */
165 MGMT_STATUS_FAILED, /* LMP Error Transaction Collision */
166 MGMT_STATUS_FAILED, /* LMP PDU Not Allowed */
167 MGMT_STATUS_REJECTED, /* Encryption Mode Not Accepted */
168 MGMT_STATUS_FAILED, /* Unit Link Key Used */
169 MGMT_STATUS_NOT_SUPPORTED, /* QoS Not Supported */
170 MGMT_STATUS_TIMEOUT, /* Instant Passed */
171 MGMT_STATUS_NOT_SUPPORTED, /* Pairing Not Supported */
172 MGMT_STATUS_FAILED, /* Transaction Collision */
173 MGMT_STATUS_INVALID_PARAMS, /* Unacceptable Parameter */
174 MGMT_STATUS_REJECTED, /* QoS Rejected */
175 MGMT_STATUS_NOT_SUPPORTED, /* Classification Not Supported */
176 MGMT_STATUS_REJECTED, /* Insufficient Security */
177 MGMT_STATUS_INVALID_PARAMS, /* Parameter Out Of Range */
178 MGMT_STATUS_BUSY, /* Role Switch Pending */
179 MGMT_STATUS_FAILED, /* Slot Violation */
180 MGMT_STATUS_FAILED, /* Role Switch Failed */
181 MGMT_STATUS_INVALID_PARAMS, /* EIR Too Large */
182 MGMT_STATUS_NOT_SUPPORTED, /* Simple Pairing Not Supported */
183 MGMT_STATUS_BUSY, /* Host Busy Pairing */
184 MGMT_STATUS_REJECTED, /* Rejected, No Suitable Channel */
185 MGMT_STATUS_BUSY, /* Controller Busy */
186 MGMT_STATUS_INVALID_PARAMS, /* Unsuitable Connection Interval */
187 MGMT_STATUS_TIMEOUT, /* Directed Advertising Timeout */
188 MGMT_STATUS_AUTH_FAILED, /* Terminated Due to MIC Failure */
189 MGMT_STATUS_CONNECT_FAILED, /* Connection Establishment Failed */
190 MGMT_STATUS_CONNECT_FAILED, /* MAC Connection Failed */
191};
192
193static u8 mgmt_status(u8 hci_status)
194{
195 if (hci_status < ARRAY_SIZE(mgmt_status_table))
196 return mgmt_status_table[hci_status];
197
198 return MGMT_STATUS_FAILED;
199}
200
4e51eae9 201static int cmd_status(struct sock *sk, u16 index, u16 cmd, u8 status)
f7b64e69
JH		 202{
203 struct sk_buff *skb;
204 struct mgmt_hdr *hdr;
205 struct mgmt_ev_cmd_status *ev;
56b7d137 206 int err;
f7b64e69 207
34eb525c 208 BT_DBG("sock %p, index %u, cmd %u, status %u", sk, index, cmd, status);
f7b64e69 209
790eff44 210 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev), GFP_KERNEL);
f7b64e69
JH		 211 if (!skb)
212 return -ENOMEM;
213
214 hdr = (void *) skb_put(skb, sizeof(*hdr));
215
dcf4adbf 216 hdr->opcode = cpu_to_le16(MGMT_EV_CMD_STATUS);
4e51eae9 217 hdr->index = cpu_to_le16(index);
f7b64e69
JH		 218 hdr->len = cpu_to_le16(sizeof(*ev));
219
220 ev = (void *) skb_put(skb, sizeof(*ev));
221 ev->status = status;
eb55ef07 222 ev->opcode = cpu_to_le16(cmd);
f7b64e69 223
56b7d137
GP		 224 err = sock_queue_rcv_skb(sk, skb);
225 if (err < 0)
f7b64e69
JH		 226 kfree_skb(skb);
227
56b7d137 228 return err;
f7b64e69
JH		 229}
230
aee9b218 231static int cmd_complete(struct sock *sk, u16 index, u16 cmd, u8 status,
04124681 232 void *rp, size_t rp_len)
02d98129
JH		 233{
234 struct sk_buff *skb;
235 struct mgmt_hdr *hdr;
236 struct mgmt_ev_cmd_complete *ev;
56b7d137 237 int err;
02d98129
JH		 238
239 BT_DBG("sock %p", sk);
240
790eff44 241 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev) + rp_len, GFP_KERNEL);
02d98129
JH		 242 if (!skb)
243 return -ENOMEM;
244
245 hdr = (void *) skb_put(skb, sizeof(*hdr));
02d98129 246
dcf4adbf 247 hdr->opcode = cpu_to_le16(MGMT_EV_CMD_COMPLETE);
4e51eae9 248 hdr->index = cpu_to_le16(index);
a38528f1 249 hdr->len = cpu_to_le16(sizeof(*ev) + rp_len);
02d98129 250
a38528f1 251 ev = (void *) skb_put(skb, sizeof(*ev) + rp_len);
eb55ef07 252 ev->opcode = cpu_to_le16(cmd);
aee9b218 253 ev->status = status;
8020c16a
SJ		 254
255 if (rp)
256 memcpy(ev->data, rp, rp_len);
02d98129 257
56b7d137
GP		 258 err = sock_queue_rcv_skb(sk, skb);
259 if (err < 0)
02d98129
JH		 260 kfree_skb(skb);
261
e5f0e151 262 return err;
02d98129
JH		 263}
264
04124681
GP		 265static int read_version(struct sock *sk, struct hci_dev *hdev, void *data,
266 u16 data_len)
a38528f1
JH		 267{
268 struct mgmt_rp_read_version rp;
269
270 BT_DBG("sock %p", sk);
271
272 rp.version = MGMT_VERSION;
dcf4adbf 273 rp.revision = cpu_to_le16(MGMT_REVISION);
a38528f1 274
aee9b218 275 return cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_VERSION, 0, &rp,
04124681 276 sizeof(rp));
a38528f1
JH		 277}
278
04124681
GP		 279static int read_commands(struct sock *sk, struct hci_dev *hdev, void *data,
280 u16 data_len)
e70bb2e8
JH		 281{
282 struct mgmt_rp_read_commands *rp;
eb55ef07
MH		 283 const u16 num_commands = ARRAY_SIZE(mgmt_commands);
284 const u16 num_events = ARRAY_SIZE(mgmt_events);
2e3c35ea 285 __le16 *opcode;
e70bb2e8
JH		 286 size_t rp_size;
287 int i, err;
288
289 BT_DBG("sock %p", sk);
290
291 rp_size = sizeof(*rp) + ((num_commands + num_events) * sizeof(u16));
292
293 rp = kmalloc(rp_size, GFP_KERNEL);
294 if (!rp)
295 return -ENOMEM;
296
dcf4adbf
JP		 297 rp->num_commands = cpu_to_le16(num_commands);
298 rp->num_events = cpu_to_le16(num_events);
e70bb2e8
JH		 299
300 for (i = 0, opcode = rp->opcodes; i < num_commands; i++, opcode++)
301 put_unaligned_le16(mgmt_commands[i], opcode);
302
303 for (i = 0; i < num_events; i++, opcode++)
304 put_unaligned_le16(mgmt_events[i], opcode);
305
aee9b218 306 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_COMMANDS, 0, rp,
04124681 307 rp_size);
e70bb2e8
JH		 308 kfree(rp);
309
310 return err;
311}
312
04124681
GP		 313static int read_index_list(struct sock *sk, struct hci_dev *hdev, void *data,
314 u16 data_len)
faba42eb 315{
faba42eb 316 struct mgmt_rp_read_index_list *rp;
8035ded4 317 struct hci_dev *d;
a38528f1 318 size_t rp_len;
faba42eb 319 u16 count;
476e44cb 320 int err;
faba42eb
JH		 321
322 BT_DBG("sock %p", sk);
323
324 read_lock(&hci_dev_list_lock);
325
326 count = 0;
bb4b2a9a 327 list_for_each_entry(d, &hci_dev_list, list) {
1514b892
MH		 328 if (d->dev_type == HCI_BREDR)
329 count++;
faba42eb
JH		 330 }
331
a38528f1
JH		 332 rp_len = sizeof(*rp) + (2 * count);
333 rp = kmalloc(rp_len, GFP_ATOMIC);
334 if (!rp) {
b2c60d42 335 read_unlock(&hci_dev_list_lock);
faba42eb 336 return -ENOMEM;
b2c60d42 337 }
faba42eb 338
476e44cb 339 count = 0;
8035ded4 340 list_for_each_entry(d, &hci_dev_list, list) {
a8b2d5c2 341 if (test_bit(HCI_SETUP, &d->dev_flags))
ab81cbf9
JH		 342 continue;
343
0736cfa8
MH		 344 if (test_bit(HCI_USER_CHANNEL, &d->dev_flags))
345 continue;
346
1514b892
MH		 347 if (d->dev_type == HCI_BREDR) {
348 rp->index[count++] = cpu_to_le16(d->id);
349 BT_DBG("Added hci%u", d->id);
350 }
faba42eb
JH		 351 }
352
476e44cb
JH		 353 rp->num_controllers = cpu_to_le16(count);
354 rp_len = sizeof(*rp) + (2 * count);
355
faba42eb
JH		 356 read_unlock(&hci_dev_list_lock);
357
aee9b218 358 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_INDEX_LIST, 0, rp,
04124681 359 rp_len);
faba42eb 360
a38528f1
JH		 361 kfree(rp);
362
363 return err;
faba42eb
JH		 364}
365
69ab39ea
JH		 366static u32 get_supported_settings(struct hci_dev *hdev)
367{
368 u32 settings = 0;
369
370 settings |= MGMT_SETTING_POWERED;
69ab39ea 371 settings |= MGMT_SETTING_PAIRABLE;
b1de97d8 372 settings |= MGMT_SETTING_DEBUG_KEYS;
69ab39ea 373
ed3fa31f 374 if (lmp_bredr_capable(hdev)) {
33c525c0 375 settings |= MGMT_SETTING_CONNECTABLE;
1a47aee8
JH		 376 if (hdev->hci_ver >= BLUETOOTH_VER_1_2)
377 settings |= MGMT_SETTING_FAST_CONNECTABLE;
33c525c0 378 settings |= MGMT_SETTING_DISCOVERABLE;
69ab39ea
JH		 379 settings |= MGMT_SETTING_BREDR;
380 settings |= MGMT_SETTING_LINK_SECURITY;
a82974c9
MH		 381
382 if (lmp_ssp_capable(hdev)) {
383 settings |= MGMT_SETTING_SSP;
384 settings |= MGMT_SETTING_HS;
385 }
e98d2ce2 386
5afeac14
MH		 387 if (lmp_sc_capable(hdev) ||
388 test_bit(HCI_FORCE_SC, &hdev->dev_flags))
e98d2ce2 389 settings |= MGMT_SETTING_SECURE_CONN;
848566b3 390 }
d7b7e796 391
eeca6f89 392 if (lmp_le_capable(hdev)) {
9d42820f 393 settings |= MGMT_SETTING_LE;
eeca6f89 394 settings |= MGMT_SETTING_ADVERTISING;
0f4bd942 395 settings |= MGMT_SETTING_PRIVACY;
eeca6f89 396 }
69ab39ea
JH		 397
398 return settings;
399}
400
401static u32 get_current_settings(struct hci_dev *hdev)
402{
403 u32 settings = 0;
404
f1f0eb02 405 if (hdev_is_powered(hdev))
f0d4b78a
MH		 406 settings |= MGMT_SETTING_POWERED;
407
5e5282bb 408 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
69ab39ea
JH		 409 settings |= MGMT_SETTING_CONNECTABLE;
410
1a4d3c4b
JH		 411 if (test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags))
412 settings |= MGMT_SETTING_FAST_CONNECTABLE;
413
5e5282bb 414 if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
69ab39ea
JH		 415 settings |= MGMT_SETTING_DISCOVERABLE;
416
a8b2d5c2 417 if (test_bit(HCI_PAIRABLE, &hdev->dev_flags))
69ab39ea
JH		 418 settings |= MGMT_SETTING_PAIRABLE;
419
56f87901 420 if (test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
69ab39ea
JH		 421 settings |= MGMT_SETTING_BREDR;
422
06199cf8 423 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
69ab39ea
JH		 424 settings |= MGMT_SETTING_LE;
425
47990ea0 426 if (test_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
69ab39ea
JH		 427 settings |= MGMT_SETTING_LINK_SECURITY;
428
84bde9d6 429 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
69ab39ea
JH		 430 settings |= MGMT_SETTING_SSP;
431
6d80dfd0
JH		 432 if (test_bit(HCI_HS_ENABLED, &hdev->dev_flags))
433 settings |= MGMT_SETTING_HS;
434
f3d3444a 435 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags))
eeca6f89
JH		 436 settings |= MGMT_SETTING_ADVERTISING;
437
e98d2ce2
MH		 438 if (test_bit(HCI_SC_ENABLED, &hdev->dev_flags))
439 settings |= MGMT_SETTING_SECURE_CONN;
440
b1de97d8
MH		 441 if (test_bit(HCI_DEBUG_KEYS, &hdev->dev_flags))
442 settings |= MGMT_SETTING_DEBUG_KEYS;
443
0f4bd942
JH		 444 if (test_bit(HCI_PRIVACY, &hdev->dev_flags))
445 settings |= MGMT_SETTING_PRIVACY;
446
69ab39ea
JH		 447 return settings;
448}
449
ef580372
JH		 450#define PNP_INFO_SVCLASS_ID 0x1200
451
213202ed
JH		 452static u8 *create_uuid16_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
453{
454 u8 *ptr = data, *uuids_start = NULL;
455 struct bt_uuid *uuid;
456
457 if (len < 4)
458 return ptr;
459
460 list_for_each_entry(uuid, &hdev->uuids, list) {
461 u16 uuid16;
462
463 if (uuid->size != 16)
464 continue;
465
466 uuid16 = get_unaligned_le16(&uuid->uuid[12]);
467 if (uuid16 < 0x1100)
468 continue;
469
470 if (uuid16 == PNP_INFO_SVCLASS_ID)
471 continue;
472
473 if (!uuids_start) {
474 uuids_start = ptr;
475 uuids_start[0] = 1;
476 uuids_start[1] = EIR_UUID16_ALL;
477 ptr += 2;
478 }
479
480 /* Stop if not enough space to put next UUID */
481 if ((ptr - data) + sizeof(u16) > len) {
482 uuids_start[1] = EIR_UUID16_SOME;
483 break;
484 }
485
486 *ptr++ = (uuid16 & 0x00ff);
487 *ptr++ = (uuid16 & 0xff00) >> 8;
488 uuids_start[0] += sizeof(uuid16);
489 }
490
491 return ptr;
492}
493
cdf1963f
JH		 494static u8 *create_uuid32_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
495{
496 u8 *ptr = data, *uuids_start = NULL;
497 struct bt_uuid *uuid;
498
499 if (len < 6)
500 return ptr;
501
502 list_for_each_entry(uuid, &hdev->uuids, list) {
503 if (uuid->size != 32)
504 continue;
505
506 if (!uuids_start) {
507 uuids_start = ptr;
508 uuids_start[0] = 1;
509 uuids_start[1] = EIR_UUID32_ALL;
510 ptr += 2;
511 }
512
513 /* Stop if not enough space to put next UUID */
514 if ((ptr - data) + sizeof(u32) > len) {
515 uuids_start[1] = EIR_UUID32_SOME;
516 break;
517 }
518
519 memcpy(ptr, &uuid->uuid[12], sizeof(u32));
520 ptr += sizeof(u32);
521 uuids_start[0] += sizeof(u32);
522 }
523
524 return ptr;
525}
526
c00d575b
JH		 527static u8 *create_uuid128_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
528{
529 u8 *ptr = data, *uuids_start = NULL;
530 struct bt_uuid *uuid;
531
532 if (len < 18)
533 return ptr;
534
535 list_for_each_entry(uuid, &hdev->uuids, list) {
536 if (uuid->size != 128)
537 continue;
538
539 if (!uuids_start) {
540 uuids_start = ptr;
541 uuids_start[0] = 1;
542 uuids_start[1] = EIR_UUID128_ALL;
543 ptr += 2;
544 }
545
546 /* Stop if not enough space to put next UUID */
547 if ((ptr - data) + 16 > len) {
548 uuids_start[1] = EIR_UUID128_SOME;
549 break;
550 }
551
552 memcpy(ptr, uuid->uuid, 16);
553 ptr += 16;
554 uuids_start[0] += 16;
555 }
556
557 return ptr;
558}
559
eb2a8d20
JH		 560static struct pending_cmd *mgmt_pending_find(u16 opcode, struct hci_dev *hdev)
561{
562 struct pending_cmd *cmd;
563
564 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
565 if (cmd->opcode == opcode)
566 return cmd;
567 }
568
569 return NULL;
570}
571
f14d8f64
MH		 572static u8 create_scan_rsp_data(struct hci_dev *hdev, u8 *ptr)
573{
7a5f4990
MH		 574 u8 ad_len = 0;
575 size_t name_len;
576
577 name_len = strlen(hdev->dev_name);
578 if (name_len > 0) {
579 size_t max_len = HCI_MAX_AD_LENGTH - ad_len - 2;
580
581 if (name_len > max_len) {
582 name_len = max_len;
583 ptr[1] = EIR_NAME_SHORT;
584 } else
585 ptr[1] = EIR_NAME_COMPLETE;
586
587 ptr[0] = name_len + 1;
588
589 memcpy(ptr + 2, hdev->dev_name, name_len);
590
591 ad_len += (name_len + 2);
592 ptr += (name_len + 2);
593 }
594
595 return ad_len;
f14d8f64
MH		 596}
597
598static void update_scan_rsp_data(struct hci_request *req)
599{
600 struct hci_dev *hdev = req->hdev;
601 struct hci_cp_le_set_scan_rsp_data cp;
602 u8 len;
603
7751ef1b 604 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
f14d8f64
MH		 605 return;
606
607 memset(&cp, 0, sizeof(cp));
608
609 len = create_scan_rsp_data(hdev, cp.data);
610
eb438b5f
JH		 611 if (hdev->scan_rsp_data_len == len &&
612 memcmp(cp.data, hdev->scan_rsp_data, len) == 0)
f14d8f64
MH		 613 return;
614
eb438b5f
JH		 615 memcpy(hdev->scan_rsp_data, cp.data, sizeof(cp.data));
616 hdev->scan_rsp_data_len = len;
f14d8f64
MH		 617
618 cp.length = len;
619
620 hci_req_add(req, HCI_OP_LE_SET_SCAN_RSP_DATA, sizeof(cp), &cp);
621}
622
9a43e25f
JH		 623static u8 get_adv_discov_flags(struct hci_dev *hdev)
624{
625 struct pending_cmd *cmd;
626
627 /* If there's a pending mgmt command the flags will not yet have
628 * their final values, so check for this first.
629 */
630 cmd = mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev);
631 if (cmd) {
632 struct mgmt_mode *cp = cmd->param;
633 if (cp->val == 0x01)
634 return LE_AD_GENERAL;
635 else if (cp->val == 0x02)
636 return LE_AD_LIMITED;
637 } else {
638 if (test_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags))
639 return LE_AD_LIMITED;
640 else if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
641 return LE_AD_GENERAL;
642 }
643
644 return 0;
645}
646
46cad2ed 647static u8 create_adv_data(struct hci_dev *hdev, u8 *ptr)
441ad2d0
MH		 648{
649 u8 ad_len = 0, flags = 0;
441ad2d0 650
9a43e25f 651 flags |= get_adv_discov_flags(hdev);
441ad2d0 652
e834004b 653 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
441ad2d0 654 flags |= LE_AD_NO_BREDR;
441ad2d0
MH		 655
656 if (flags) {
657 BT_DBG("adv flags 0x%02x", flags);
658
659 ptr[0] = 2;
660 ptr[1] = EIR_FLAGS;
661 ptr[2] = flags;
662
663 ad_len += 3;
664 ptr += 3;
665 }
666
667 if (hdev->adv_tx_power != HCI_TX_POWER_INVALID) {
668 ptr[0] = 2;
669 ptr[1] = EIR_TX_POWER;
670 ptr[2] = (u8) hdev->adv_tx_power;
671
672 ad_len += 3;
673 ptr += 3;
674 }
675
441ad2d0
MH		 676 return ad_len;
677}
678
5947f4bc 679static void update_adv_data(struct hci_request *req)
441ad2d0
MH		 680{
681 struct hci_dev *hdev = req->hdev;
682 struct hci_cp_le_set_adv_data cp;
683 u8 len;
684
10994ce6 685 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
441ad2d0
MH		 686 return;
687
688 memset(&cp, 0, sizeof(cp));
689
46cad2ed 690 len = create_adv_data(hdev, cp.data);
441ad2d0
MH		 691
692 if (hdev->adv_data_len == len &&
693 memcmp(cp.data, hdev->adv_data, len) == 0)
694 return;
695
696 memcpy(hdev->adv_data, cp.data, sizeof(cp.data));
697 hdev->adv_data_len = len;
698
699 cp.length = len;
700
701 hci_req_add(req, HCI_OP_LE_SET_ADV_DATA, sizeof(cp), &cp);
702}
703
ef580372
JH		 704static void create_eir(struct hci_dev *hdev, u8 *data)
705{
706 u8 *ptr = data;
ef580372
JH		 707 size_t name_len;
708
709 name_len = strlen(hdev->dev_name);
710
711 if (name_len > 0) {
712 /* EIR Data type */
713 if (name_len > 48) {
714 name_len = 48;
715 ptr[1] = EIR_NAME_SHORT;
716 } else
717 ptr[1] = EIR_NAME_COMPLETE;
718
719 /* EIR Data length */
720 ptr[0] = name_len + 1;
721
722 memcpy(ptr + 2, hdev->dev_name, name_len);
723
ef580372
JH		 724 ptr += (name_len + 2);
725 }
726
bbaf444a 727 if (hdev->inq_tx_power != HCI_TX_POWER_INVALID) {
91c4e9b1
MH		 728 ptr[0] = 2;
729 ptr[1] = EIR_TX_POWER;
730 ptr[2] = (u8) hdev->inq_tx_power;
731
91c4e9b1
MH		 732 ptr += 3;
733 }
734
2b9be137
MH		 735 if (hdev->devid_source > 0) {
736 ptr[0] = 9;
737 ptr[1] = EIR_DEVICE_ID;
738
739 put_unaligned_le16(hdev->devid_source, ptr + 2);
740 put_unaligned_le16(hdev->devid_vendor, ptr + 4);
741 put_unaligned_le16(hdev->devid_product, ptr + 6);
742 put_unaligned_le16(hdev->devid_version, ptr + 8);
743
2b9be137
MH		 744 ptr += 10;
745 }
746
213202ed 747 ptr = create_uuid16_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
cdf1963f 748 ptr = create_uuid32_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
c00d575b 749 ptr = create_uuid128_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
ef580372
JH		 750}
751
890ea898 752static void update_eir(struct hci_request *req)
ef580372 753{
890ea898 754 struct hci_dev *hdev = req->hdev;
ef580372
JH		 755 struct hci_cp_write_eir cp;
756
504c8dcd 757 if (!hdev_is_powered(hdev))
890ea898 758 return;
7770c4aa 759
976eb20e 760 if (!lmp_ext_inq_capable(hdev))
890ea898 761 return;
ef580372 762
84bde9d6 763 if (!test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
890ea898 764 return;
ef580372 765
a8b2d5c2 766 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
890ea898 767 return;
ef580372
JH		 768
769 memset(&cp, 0, sizeof(cp));
770
771 create_eir(hdev, cp.data);
772
773 if (memcmp(cp.data, hdev->eir, sizeof(cp.data)) == 0)
890ea898 774 return;
ef580372
JH		 775
776 memcpy(hdev->eir, cp.data, sizeof(cp.data));
777
890ea898 778 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
ef580372
JH		 779}
780
781static u8 get_service_classes(struct hci_dev *hdev)
782{
783 struct bt_uuid *uuid;
784 u8 val = 0;
785
786 list_for_each_entry(uuid, &hdev->uuids, list)
787 val |= uuid->svc_hint;
788
789 return val;
790}
791
890ea898 792static void update_class(struct hci_request *req)
ef580372 793{
890ea898 794 struct hci_dev *hdev = req->hdev;
ef580372
JH		 795 u8 cod[3];
796
797 BT_DBG("%s", hdev->name);
798
504c8dcd 799 if (!hdev_is_powered(hdev))
890ea898 800 return;
7770c4aa 801
f87ea1da
JH		 802 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
803 return;
804
a8b2d5c2 805 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
890ea898 806 return;
ef580372
JH		 807
808 cod[0] = hdev->minor_class;
809 cod[1] = hdev->major_class;
810 cod[2] = get_service_classes(hdev);
811
6acd7db4
MH		 812 if (test_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags))
813 cod[1] |= 0x20;
814
ef580372 815 if (memcmp(cod, hdev->dev_class, 3) == 0)
890ea898 816 return;
ef580372 817
890ea898 818 hci_req_add(req, HCI_OP_WRITE_CLASS_OF_DEV, sizeof(cod), cod);
ef580372
JH		 819}
820
a4858cb9 821static bool get_connectable(struct hci_dev *hdev)
199a2fb1
JH		 822{
823 struct pending_cmd *cmd;
199a2fb1
JH		 824
825 /* If there's a pending mgmt command the flag will not yet have
826 * it's final value, so check for this first.
827 */
828 cmd = mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
829 if (cmd) {
830 struct mgmt_mode *cp = cmd->param;
a4858cb9 831 return cp->val;
199a2fb1
JH		 832 }
833
a4858cb9 834 return test_bit(HCI_CONNECTABLE, &hdev->dev_flags);
199a2fb1
JH		 835}
836
837static void enable_advertising(struct hci_request *req)
838{
839 struct hci_dev *hdev = req->hdev;
840 struct hci_cp_le_set_adv_param cp;
8f2a0601 841 u8 own_addr_type, enable = 0x01;
a4858cb9 842 bool connectable;
199a2fb1 843
8d97250e
JH		 844 /* Clear the HCI_ADVERTISING bit temporarily so that the
845 * hci_update_random_address knows that it's safe to go ahead
846 * and write a new random address. The flag will be set back on
847 * as soon as the SET_ADV_ENABLE HCI command completes.
848 */
849 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
850
a4858cb9 851 connectable = get_connectable(hdev);
8f2a0601 852
a4858cb9
JH		 853 /* Set require_privacy to true only when non-connectable
854 * advertising is used. In that case it is fine to use a
855 * non-resolvable private address.
856 */
857 if (hci_update_random_address(req, !connectable, &own_addr_type) < 0)
8f2a0601
JH		 858 return;
859
41c90c18 860 memset(&cp, 0, sizeof(cp));
dcf4adbf
JP		 861 cp.min_interval = cpu_to_le16(0x0800);
862 cp.max_interval = cpu_to_le16(0x0800);
a4858cb9 863 cp.type = connectable ? LE_ADV_IND : LE_ADV_NONCONN_IND;
8f2a0601 864 cp.own_address_type = own_addr_type;
199a2fb1
JH		 865 cp.channel_map = hdev->le_adv_channel_map;
866
867 hci_req_add(req, HCI_OP_LE_SET_ADV_PARAM, sizeof(cp), &cp);
868
869 hci_req_add(req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable), &enable);
870}
871
872static void disable_advertising(struct hci_request *req)
873{
874 u8 enable = 0x00;
875
876 hci_req_add(req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable), &enable);
877}
878
7d78525d
JH		 879static void service_cache_off(struct work_struct *work)
880{
881 struct hci_dev *hdev = container_of(work, struct hci_dev,
04124681 882 service_cache.work);
890ea898 883 struct hci_request req;
7d78525d 884
a8b2d5c2 885 if (!test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
7d78525d
JH		 886 return;
887
890ea898
JH		 888 hci_req_init(&req, hdev);
889
7d78525d
JH		 890 hci_dev_lock(hdev);
891
890ea898
JH		 892 update_eir(&req);
893 update_class(&req);
7d78525d
JH		 894
895 hci_dev_unlock(hdev);
890ea898
JH		 896
897 hci_req_run(&req, NULL);
7d78525d
JH		 898}
899
d6bfd59c
JH		 900static void rpa_expired(struct work_struct *work)
901{
902 struct hci_dev *hdev = container_of(work, struct hci_dev,
903 rpa_expired.work);
904 struct hci_request req;
905
906 BT_DBG("");
907
908 set_bit(HCI_RPA_EXPIRED, &hdev->dev_flags);
909
910 if (!test_bit(HCI_ADVERTISING, &hdev->dev_flags) ||
911 hci_conn_num(hdev, LE_LINK) > 0)
912 return;
913
914 /* The generation of a new RPA and programming it into the
915 * controller happens in the enable_advertising() function.
916 */
917
918 hci_req_init(&req, hdev);
919
920 disable_advertising(&req);
921 enable_advertising(&req);
922
923 hci_req_run(&req, NULL);
924}
925
6a919082 926static void mgmt_init_hdev(struct sock *sk, struct hci_dev *hdev)
7d78525d 927{
4f87da80 928 if (test_and_set_bit(HCI_MGMT, &hdev->dev_flags))
6a919082
JH		 929 return;
930
4f87da80 931 INIT_DELAYED_WORK(&hdev->service_cache, service_cache_off);
d6bfd59c 932 INIT_DELAYED_WORK(&hdev->rpa_expired, rpa_expired);
7d78525d 933
4f87da80
JH		 934 /* Non-mgmt controlled devices get this bit set
935 * implicitly so that pairing works for them, however
936 * for mgmt we require user-space to explicitly enable
937 * it
938 */
939 clear_bit(HCI_PAIRABLE, &hdev->dev_flags);
7d78525d
JH		 940}
941
0f4e68cf 942static int read_controller_info(struct sock *sk, struct hci_dev *hdev,
04124681 943 void *data, u16 data_len)
0381101f 944{
a38528f1 945 struct mgmt_rp_read_info rp;
f7b64e69 946
bdb6d971 947 BT_DBG("sock %p %s", sk, hdev->name);
f7b64e69 948
09fd0de5 949 hci_dev_lock(hdev);
f7b64e69 950
dc4fe30b
JH		 951 memset(&rp, 0, sizeof(rp));
952
69ab39ea 953 bacpy(&rp.bdaddr, &hdev->bdaddr);
f7b64e69 954
69ab39ea 955 rp.version = hdev->hci_ver;
eb55ef07 956 rp.manufacturer = cpu_to_le16(hdev->manufacturer);
69ab39ea
JH		 957
958 rp.supported_settings = cpu_to_le32(get_supported_settings(hdev));
959 rp.current_settings = cpu_to_le32(get_current_settings(hdev));
f7b64e69 960
a38528f1 961 memcpy(rp.dev_class, hdev->dev_class, 3);
f7b64e69 962
dc4fe30b 963 memcpy(rp.name, hdev->dev_name, sizeof(hdev->dev_name));
27fcc362 964 memcpy(rp.short_name, hdev->short_name, sizeof(hdev->short_name));
dc4fe30b 965
09fd0de5 966 hci_dev_unlock(hdev);
0381101f 967
bdb6d971 968 return cmd_complete(sk, hdev->id, MGMT_OP_READ_INFO, 0, &rp,
04124681 969 sizeof(rp));
0381101f
JH		 970}
971
eec8d2bc
JH		 972static void mgmt_pending_free(struct pending_cmd *cmd)
973{
974 sock_put(cmd->sk);
c68fb7ff 975 kfree(cmd->param);
eec8d2bc
JH		 976 kfree(cmd);
977}
978
366a0336 979static struct pending_cmd *mgmt_pending_add(struct sock *sk, u16 opcode,
04124681
GP		 980 struct hci_dev *hdev, void *data,
981 u16 len)
eec8d2bc
JH		 982{
983 struct pending_cmd *cmd;
984
12b94565 985 cmd = kmalloc(sizeof(*cmd), GFP_KERNEL);
eec8d2bc 986 if (!cmd)
366a0336 987 return NULL;
eec8d2bc
JH		 988
989 cmd->opcode = opcode;
2e58ef3e 990 cmd->index = hdev->id;
eec8d2bc 991
12b94565 992 cmd->param = kmalloc(len, GFP_KERNEL);
c68fb7ff 993 if (!cmd->param) {
eec8d2bc 994 kfree(cmd);
366a0336 995 return NULL;
eec8d2bc
JH		 996 }
997
8fce6357
SJ		 998 if (data)
999 memcpy(cmd->param, data, len);
eec8d2bc
JH		 1000
1001 cmd->sk = sk;
1002 sock_hold(sk);
1003
2e58ef3e 1004 list_add(&cmd->list, &hdev->mgmt_pending);
eec8d2bc 1005
366a0336 1006 return cmd;
eec8d2bc
JH		 1007}
1008
744cf19e 1009static void mgmt_pending_foreach(u16 opcode, struct hci_dev *hdev,
8fc9ced3
GP		 1010 void (*cb)(struct pending_cmd *cmd,
1011 void *data),
04124681 1012 void *data)
eec8d2bc 1013{
a3d09356 1014 struct pending_cmd *cmd, *tmp;
eec8d2bc 1015
a3d09356 1016 list_for_each_entry_safe(cmd, tmp, &hdev->mgmt_pending, list) {
b24752fe 1017 if (opcode > 0 && cmd->opcode != opcode)
eec8d2bc
JH		 1018 continue;
1019
eec8d2bc
JH		 1020 cb(cmd, data);
1021 }
1022}
1023
a664b5bc 1024static void mgmt_pending_remove(struct pending_cmd *cmd)
73f22f62 1025{
73f22f62
JH		 1026 list_del(&cmd->list);
1027 mgmt_pending_free(cmd);
1028}
1029
69ab39ea 1030static int send_settings_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
8680570b 1031{
69ab39ea 1032 __le32 settings = cpu_to_le32(get_current_settings(hdev));
8680570b 1033
aee9b218 1034 return cmd_complete(sk, hdev->id, opcode, 0, &settings,
04124681 1035 sizeof(settings));
8680570b
JH		 1036}
1037
8b064a3a
JH		 1038static void clean_up_hci_complete(struct hci_dev *hdev, u8 status)
1039{
1040 BT_DBG("%s status 0x%02x", hdev->name, status);
1041
a3172b7e
JH		 1042 if (hci_conn_count(hdev) == 0) {
1043 cancel_delayed_work(&hdev->power_off);
8b064a3a 1044 queue_work(hdev->req_workqueue, &hdev->power_off.work);
a3172b7e 1045 }
8b064a3a
JH		 1046}
1047
1048static int clean_up_hci_state(struct hci_dev *hdev)
1049{
1050 struct hci_request req;
1051 struct hci_conn *conn;
1052
1053 hci_req_init(&req, hdev);
1054
1055 if (test_bit(HCI_ISCAN, &hdev->flags) ||
1056 test_bit(HCI_PSCAN, &hdev->flags)) {
1057 u8 scan = 0x00;
1058 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1059 }
1060
1061 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags))
1062 disable_advertising(&req);
1063
1064 if (test_bit(HCI_LE_SCAN, &hdev->dev_flags)) {
b1efcc28 1065 hci_req_add_le_scan_disable(&req);
8b064a3a
JH		 1066 }
1067
1068 list_for_each_entry(conn, &hdev->conn_hash.list, list) {
1069 struct hci_cp_disconnect dc;
c9910d0f
JH		 1070 struct hci_cp_reject_conn_req rej;
1071
1072 switch (conn->state) {
1073 case BT_CONNECTED:
1074 case BT_CONFIG:
1075 dc.handle = cpu_to_le16(conn->handle);
1076 dc.reason = 0x15; /* Terminated due to Power Off */
1077 hci_req_add(&req, HCI_OP_DISCONNECT, sizeof(dc), &dc);
1078 break;
1079 case BT_CONNECT:
1080 if (conn->type == LE_LINK)
1081 hci_req_add(&req, HCI_OP_LE_CREATE_CONN_CANCEL,
1082 0, NULL);
1083 else if (conn->type == ACL_LINK)
1084 hci_req_add(&req, HCI_OP_CREATE_CONN_CANCEL,
1085 6, &conn->dst);
1086 break;
1087 case BT_CONNECT2:
1088 bacpy(&rej.bdaddr, &conn->dst);
1089 rej.reason = 0x15; /* Terminated due to Power Off */
1090 if (conn->type == ACL_LINK)
1091 hci_req_add(&req, HCI_OP_REJECT_CONN_REQ,
1092 sizeof(rej), &rej);
1093 else if (conn->type == SCO_LINK)
1094 hci_req_add(&req, HCI_OP_REJECT_SYNC_CONN_REQ,
1095 sizeof(rej), &rej);
1096 break;
1097 }
8b064a3a
JH		 1098 }
1099
1100 return hci_req_run(&req, clean_up_hci_complete);
1101}
1102
bdb6d971 1103static int set_powered(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1104 u16 len)
eec8d2bc 1105{
650f726d 1106 struct mgmt_mode *cp = data;
366a0336 1107 struct pending_cmd *cmd;
4b34ee78 1108 int err;
eec8d2bc 1109
bdb6d971 1110 BT_DBG("request for %s", hdev->name);
eec8d2bc 1111
a7e80f25
JH		 1112 if (cp->val != 0x00 && cp->val != 0x01)
1113 return cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
1114 MGMT_STATUS_INVALID_PARAMS);
1115
09fd0de5 1116 hci_dev_lock(hdev);
eec8d2bc 1117
87b95ba6
JH		 1118 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev)) {
1119 err = cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
1120 MGMT_STATUS_BUSY);
1121 goto failed;
1122 }
1123
f0d4b78a
MH		 1124 if (test_and_clear_bit(HCI_AUTO_OFF, &hdev->dev_flags)) {
1125 cancel_delayed_work(&hdev->power_off);
1126
1127 if (cp->val) {
a1d70450
JH		 1128 mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev,
1129 data, len);
1130 err = mgmt_powered(hdev, 1);
f0d4b78a
MH		 1131 goto failed;
1132 }
1133 }
1134
4b34ee78 1135 if (!!cp->val == hdev_is_powered(hdev)) {
69ab39ea 1136 err = send_settings_rsp(sk, MGMT_OP_SET_POWERED, hdev);
eec8d2bc
JH		 1137 goto failed;
1138 }
1139
2e58ef3e 1140 cmd = mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev, data, len);
366a0336
JH		 1141 if (!cmd) {
1142 err = -ENOMEM;
eec8d2bc 1143 goto failed;
366a0336 1144 }
eec8d2bc 1145
8b064a3a 1146 if (cp->val) {
19202573 1147 queue_work(hdev->req_workqueue, &hdev->power_on);
8b064a3a
JH		 1148 err = 0;
1149 } else {
1150 /* Disconnect connections, stop scans, etc */
1151 err = clean_up_hci_state(hdev);
a3172b7e
JH		 1152 if (!err)
1153 queue_delayed_work(hdev->req_workqueue, &hdev->power_off,
1154 HCI_POWER_OFF_TIMEOUT);
eec8d2bc 1155
8b064a3a
JH		 1156 /* ENODATA means there were no HCI commands queued */
1157 if (err == -ENODATA) {
a3172b7e 1158 cancel_delayed_work(&hdev->power_off);
8b064a3a
JH		 1159 queue_work(hdev->req_workqueue, &hdev->power_off.work);
1160 err = 0;
1161 }
1162 }
eec8d2bc
JH		 1163
1164failed:
09fd0de5 1165 hci_dev_unlock(hdev);
366a0336 1166 return err;
eec8d2bc
JH		 1167}
1168
04124681
GP		 1169static int mgmt_event(u16 event, struct hci_dev *hdev, void *data, u16 data_len,
1170 struct sock *skip_sk)
beadb2bd
JH		 1171{
1172 struct sk_buff *skb;
1173 struct mgmt_hdr *hdr;
1174
790eff44 1175 skb = alloc_skb(sizeof(*hdr) + data_len, GFP_KERNEL);
beadb2bd
JH		 1176 if (!skb)
1177 return -ENOMEM;
1178
1179 hdr = (void *) skb_put(skb, sizeof(*hdr));
1180 hdr->opcode = cpu_to_le16(event);
1181 if (hdev)
1182 hdr->index = cpu_to_le16(hdev->id);
1183 else
dcf4adbf 1184 hdr->index = cpu_to_le16(MGMT_INDEX_NONE);
beadb2bd
JH		 1185 hdr->len = cpu_to_le16(data_len);
1186
1187 if (data)
1188 memcpy(skb_put(skb, data_len), data, data_len);
1189
97e0bdeb
MH		 1190 /* Time stamp */
1191 __net_timestamp(skb);
1192
beadb2bd
JH		 1193 hci_send_to_control(skb, skip_sk);
1194 kfree_skb(skb);
1195
1196 return 0;
1197}
1198
1199static int new_settings(struct hci_dev *hdev, struct sock *skip)
1200{
1201 __le32 ev;
1202
1203 ev = cpu_to_le32(get_current_settings(hdev));
1204
1205 return mgmt_event(MGMT_EV_NEW_SETTINGS, hdev, &ev, sizeof(ev), skip);
1206}
1207
bd99abdd
JH		 1208struct cmd_lookup {
1209 struct sock *sk;
1210 struct hci_dev *hdev;
1211 u8 mgmt_status;
1212};
1213
1214static void settings_rsp(struct pending_cmd *cmd, void *data)
1215{
1216 struct cmd_lookup *match = data;
1217
1218 send_settings_rsp(cmd->sk, cmd->opcode, match->hdev);
1219
1220 list_del(&cmd->list);
1221
1222 if (match->sk == NULL) {
1223 match->sk = cmd->sk;
1224 sock_hold(match->sk);
1225 }
1226
1227 mgmt_pending_free(cmd);
1228}
1229
1230static void cmd_status_rsp(struct pending_cmd *cmd, void *data)
1231{
1232 u8 *status = data;
1233
1234 cmd_status(cmd->sk, cmd->index, cmd->opcode, *status);
1235 mgmt_pending_remove(cmd);
1236}
1237
e6fe7986
JH		 1238static u8 mgmt_bredr_support(struct hci_dev *hdev)
1239{
1240 if (!lmp_bredr_capable(hdev))
1241 return MGMT_STATUS_NOT_SUPPORTED;
1242 else if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
1243 return MGMT_STATUS_REJECTED;
1244 else
1245 return MGMT_STATUS_SUCCESS;
1246}
1247
1248static u8 mgmt_le_support(struct hci_dev *hdev)
1249{
1250 if (!lmp_le_capable(hdev))
1251 return MGMT_STATUS_NOT_SUPPORTED;
1252 else if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
1253 return MGMT_STATUS_REJECTED;
1254 else
1255 return MGMT_STATUS_SUCCESS;
1256}
1257
bfaf8c9f
JH		 1258static void set_discoverable_complete(struct hci_dev *hdev, u8 status)
1259{
1260 struct pending_cmd *cmd;
1261 struct mgmt_mode *cp;
970ba524 1262 struct hci_request req;
bfaf8c9f
JH		 1263 bool changed;
1264
1265 BT_DBG("status 0x%02x", status);
1266
1267 hci_dev_lock(hdev);
1268
1269 cmd = mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev);
1270 if (!cmd)
1271 goto unlock;
1272
1273 if (status) {
1274 u8 mgmt_err = mgmt_status(status);
1275 cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
310a3d48 1276 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
bfaf8c9f
JH		 1277 goto remove_cmd;
1278 }
1279
1280 cp = cmd->param;
d4462a07 1281 if (cp->val) {
bfaf8c9f
JH		 1282 changed = !test_and_set_bit(HCI_DISCOVERABLE,
1283 &hdev->dev_flags);
d4462a07
MH		 1284
1285 if (hdev->discov_timeout > 0) {
1286 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
1287 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
1288 to);
1289 }
1290 } else {
bfaf8c9f
JH		 1291 changed = test_and_clear_bit(HCI_DISCOVERABLE,
1292 &hdev->dev_flags);
d4462a07 1293 }
bfaf8c9f
JH		 1294
1295 send_settings_rsp(cmd->sk, MGMT_OP_SET_DISCOVERABLE, hdev);
1296
1297 if (changed)
1298 new_settings(hdev, cmd->sk);
1299
970ba524
MH		 1300 /* When the discoverable mode gets changed, make sure
1301 * that class of device has the limited discoverable
1302 * bit correctly set.
1303 */
1304 hci_req_init(&req, hdev);
1305 update_class(&req);
1306 hci_req_run(&req, NULL);
1307
bfaf8c9f
JH		 1308remove_cmd:
1309 mgmt_pending_remove(cmd);
1310
1311unlock:
1312 hci_dev_unlock(hdev);
1313}
1314
bdb6d971 1315static int set_discoverable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1316 u16 len)
73f22f62 1317{
650f726d 1318 struct mgmt_cp_set_discoverable *cp = data;
366a0336 1319 struct pending_cmd *cmd;
bfaf8c9f 1320 struct hci_request req;
5e5282bb 1321 u16 timeout;
9a43e25f 1322 u8 scan;
73f22f62
JH		 1323 int err;
1324
bdb6d971 1325 BT_DBG("request for %s", hdev->name);
73f22f62 1326
9a43e25f
JH		 1327 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags) &&
1328 !test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
33c525c0 1329 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
9a43e25f 1330 MGMT_STATUS_REJECTED);
33c525c0 1331
310a3d48 1332 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
a7e80f25
JH		 1333 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1334 MGMT_STATUS_INVALID_PARAMS);
1335
1f350c87 1336 timeout = __le16_to_cpu(cp->timeout);
310a3d48
MH		 1337
1338 /* Disabling discoverable requires that no timeout is set,
1339 * and enabling limited discoverable requires a timeout.
1340 */
1341 if ((cp->val == 0x00 && timeout > 0) ||
1342 (cp->val == 0x02 && timeout == 0))
bdb6d971 1343 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 1344 MGMT_STATUS_INVALID_PARAMS);
73f22f62 1345
09fd0de5 1346 hci_dev_lock(hdev);
73f22f62 1347
5e5282bb 1348 if (!hdev_is_powered(hdev) && timeout > 0) {
bdb6d971 1349 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 1350 MGMT_STATUS_NOT_POWERED);
73f22f62
JH		 1351 goto failed;
1352 }
1353
2e58ef3e 1354 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
8ce8e2b5 1355 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
bdb6d971 1356 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 1357 MGMT_STATUS_BUSY);
73f22f62
JH		 1358 goto failed;
1359 }
1360
5e5282bb 1361 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags)) {
bdb6d971 1362 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 1363 MGMT_STATUS_REJECTED);
5e5282bb
JH		 1364 goto failed;
1365 }
1366
1367 if (!hdev_is_powered(hdev)) {
0224d2fa
JH		 1368 bool changed = false;
1369
310a3d48
MH		 1370 /* Setting limited discoverable when powered off is
1371 * not a valid operation since it requires a timeout
1372 * and so no need to check HCI_LIMITED_DISCOVERABLE.
1373 */
0224d2fa
JH		 1374 if (!!cp->val != test_bit(HCI_DISCOVERABLE, &hdev->dev_flags)) {
1375 change_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
1376 changed = true;
1377 }
1378
5e5282bb 1379 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
0224d2fa
JH		 1380 if (err < 0)
1381 goto failed;
1382
1383 if (changed)
1384 err = new_settings(hdev, sk);
1385
5e5282bb
JH		 1386 goto failed;
1387 }
1388
310a3d48
MH		 1389 /* If the current mode is the same, then just update the timeout
1390 * value with the new value. And if only the timeout gets updated,
1391 * then no need for any HCI transactions.
1392 */
1393 if (!!cp->val == test_bit(HCI_DISCOVERABLE, &hdev->dev_flags) &&
1394 (cp->val == 0x02) == test_bit(HCI_LIMITED_DISCOVERABLE,
1395 &hdev->dev_flags)) {
36261547
MH		 1396 cancel_delayed_work(&hdev->discov_off);
1397 hdev->discov_timeout = timeout;
955638ec 1398
36261547
MH		 1399 if (cp->val && hdev->discov_timeout > 0) {
1400 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
955638ec 1401 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
36261547 1402 to);
955638ec
MH		 1403 }
1404
69ab39ea 1405 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
73f22f62
JH		 1406 goto failed;
1407 }
1408
2e58ef3e 1409 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DISCOVERABLE, hdev, data, len);
366a0336
JH		 1410 if (!cmd) {
1411 err = -ENOMEM;
73f22f62 1412 goto failed;
366a0336 1413 }
73f22f62 1414
310a3d48
MH		 1415 /* Cancel any potential discoverable timeout that might be
1416 * still active and store new timeout value. The arming of
1417 * the timeout happens in the complete handler.
1418 */
1419 cancel_delayed_work(&hdev->discov_off);
1420 hdev->discov_timeout = timeout;
1421
b456f87c
JH		 1422 /* Limited discoverable mode */
1423 if (cp->val == 0x02)
1424 set_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
1425 else
1426 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
1427
bfaf8c9f
JH		 1428 hci_req_init(&req, hdev);
1429
9a43e25f
JH		 1430 /* The procedure for LE-only controllers is much simpler - just
1431 * update the advertising data.
1432 */
1433 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
1434 goto update_ad;
1435
73f22f62
JH		 1436 scan = SCAN_PAGE;
1437
310a3d48
MH		 1438 if (cp->val) {
1439 struct hci_cp_write_current_iac_lap hci_cp;
1440
1441 if (cp->val == 0x02) {
1442 /* Limited discoverable mode */
33337dcb 1443 hci_cp.num_iac = min_t(u8, hdev->num_iac, 2);
310a3d48
MH		 1444 hci_cp.iac_lap[0] = 0x00; /* LIAC */
1445 hci_cp.iac_lap[1] = 0x8b;
1446 hci_cp.iac_lap[2] = 0x9e;
1447 hci_cp.iac_lap[3] = 0x33; /* GIAC */
1448 hci_cp.iac_lap[4] = 0x8b;
1449 hci_cp.iac_lap[5] = 0x9e;
1450 } else {
1451 /* General discoverable mode */
310a3d48
MH		 1452 hci_cp.num_iac = 1;
1453 hci_cp.iac_lap[0] = 0x33; /* GIAC */
1454 hci_cp.iac_lap[1] = 0x8b;
1455 hci_cp.iac_lap[2] = 0x9e;
1456 }
1457
1458 hci_req_add(&req, HCI_OP_WRITE_CURRENT_IAC_LAP,
1459 (hci_cp.num_iac * 3) + 1, &hci_cp);
1460
73f22f62 1461 scan |= SCAN_INQUIRY;
310a3d48
MH		 1462 } else {
1463 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
1464 }
73f22f62 1465
310a3d48 1466 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, sizeof(scan), &scan);
bfaf8c9f 1467
9a43e25f
JH		 1468update_ad:
1469 update_adv_data(&req);
1470
bfaf8c9f 1471 err = hci_req_run(&req, set_discoverable_complete);
73f22f62 1472 if (err < 0)
a664b5bc 1473 mgmt_pending_remove(cmd);
73f22f62
JH		 1474
1475failed:
09fd0de5 1476 hci_dev_unlock(hdev);
73f22f62
JH		 1477 return err;
1478}
1479
406d7804
JH		 1480static void write_fast_connectable(struct hci_request *req, bool enable)
1481{
bd98b996 1482 struct hci_dev *hdev = req->hdev;
406d7804
JH		 1483 struct hci_cp_write_page_scan_activity acp;
1484 u8 type;
1485
547003b1
JH		 1486 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
1487 return;
1488
4c01f8b8
JH		 1489 if (hdev->hci_ver < BLUETOOTH_VER_1_2)
1490 return;
1491
406d7804
JH		 1492 if (enable) {
1493 type = PAGE_SCAN_TYPE_INTERLACED;
1494
1495 /* 160 msec page scan interval */
dcf4adbf 1496 acp.interval = cpu_to_le16(0x0100);
406d7804
JH		 1497 } else {
1498 type = PAGE_SCAN_TYPE_STANDARD; /* default */
1499
1500 /* default 1.28 sec page scan */
dcf4adbf 1501 acp.interval = cpu_to_le16(0x0800);
406d7804
JH		 1502 }
1503
dcf4adbf 1504 acp.window = cpu_to_le16(0x0012);
406d7804 1505
bd98b996
JH		 1506 if (__cpu_to_le16(hdev->page_scan_interval) != acp.interval ||
1507 __cpu_to_le16(hdev->page_scan_window) != acp.window)
1508 hci_req_add(req, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY,
1509 sizeof(acp), &acp);
1510
1511 if (hdev->page_scan_type != type)
1512 hci_req_add(req, HCI_OP_WRITE_PAGE_SCAN_TYPE, 1, &type);
406d7804
JH		 1513}
1514
2b76f453
JH		 1515static void set_connectable_complete(struct hci_dev *hdev, u8 status)
1516{
1517 struct pending_cmd *cmd;
d7b856f9
JH		 1518 struct mgmt_mode *cp;
1519 bool changed;
2b76f453
JH		 1520
1521 BT_DBG("status 0x%02x", status);
1522
1523 hci_dev_lock(hdev);
1524
1525 cmd = mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
1526 if (!cmd)
1527 goto unlock;
1528
37438c1f
JH		 1529 if (status) {
1530 u8 mgmt_err = mgmt_status(status);
1531 cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
1532 goto remove_cmd;
1533 }
1534
d7b856f9
JH		 1535 cp = cmd->param;
1536 if (cp->val)
1537 changed = !test_and_set_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1538 else
1539 changed = test_and_clear_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1540
2b76f453
JH		 1541 send_settings_rsp(cmd->sk, MGMT_OP_SET_CONNECTABLE, hdev);
1542
d7b856f9
JH		 1543 if (changed)
1544 new_settings(hdev, cmd->sk);
1545
37438c1f 1546remove_cmd:
2b76f453
JH		 1547 mgmt_pending_remove(cmd);
1548
1549unlock:
1550 hci_dev_unlock(hdev);
1551}
1552
e8ba3a1f
JH		 1553static int set_connectable_update_settings(struct hci_dev *hdev,
1554 struct sock *sk, u8 val)
1555{
1556 bool changed = false;
1557 int err;
1558
1559 if (!!val != test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
1560 changed = true;
1561
1562 if (val) {
1563 set_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1564 } else {
1565 clear_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1566 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
1567 }
1568
1569 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
1570 if (err < 0)
1571 return err;
1572
1573 if (changed)
1574 return new_settings(hdev, sk);
1575
1576 return 0;
1577}
1578
bdb6d971 1579static int set_connectable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1580 u16 len)
9fbcbb45 1581{
650f726d 1582 struct mgmt_mode *cp = data;
366a0336 1583 struct pending_cmd *cmd;
2b76f453 1584 struct hci_request req;
1987fdc7 1585 u8 scan;
9fbcbb45
JH		 1586 int err;
1587
bdb6d971 1588 BT_DBG("request for %s", hdev->name);
9fbcbb45 1589
1987fdc7
JH		 1590 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags) &&
1591 !test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
33c525c0 1592 return cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1987fdc7 1593 MGMT_STATUS_REJECTED);
33c525c0 1594
a7e80f25
JH		 1595 if (cp->val != 0x00 && cp->val != 0x01)
1596 return cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1597 MGMT_STATUS_INVALID_PARAMS);
1598
09fd0de5 1599 hci_dev_lock(hdev);
9fbcbb45 1600
4b34ee78 1601 if (!hdev_is_powered(hdev)) {
e8ba3a1f 1602 err = set_connectable_update_settings(hdev, sk, cp->val);
9fbcbb45
JH		 1603 goto failed;
1604 }
1605
2e58ef3e 1606 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
8ce8e2b5 1607 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
bdb6d971 1608 err = cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
04124681 1609 MGMT_STATUS_BUSY);
9fbcbb45
JH		 1610 goto failed;
1611 }
1612
2e58ef3e 1613 cmd = mgmt_pending_add(sk, MGMT_OP_SET_CONNECTABLE, hdev, data, len);
366a0336
JH		 1614 if (!cmd) {
1615 err = -ENOMEM;
9fbcbb45 1616 goto failed;
366a0336 1617 }
9fbcbb45 1618
9b74246f 1619 hci_req_init(&req, hdev);
9fbcbb45 1620
9a43e25f
JH		 1621 /* If BR/EDR is not enabled and we disable advertising as a
1622 * by-product of disabling connectable, we need to update the
1623 * advertising flags.
1624 */
1625 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
1626 if (!cp->val) {
1627 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
1628 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
1629 }
1630 update_adv_data(&req);
1631 } else if (cp->val != test_bit(HCI_PSCAN, &hdev->flags)) {
9b74246f
JH		 1632 if (cp->val) {
1633 scan = SCAN_PAGE;
1634 } else {
1635 scan = 0;
1636
1637 if (test_bit(HCI_ISCAN, &hdev->flags) &&
8d6083fe 1638 hdev->discov_timeout > 0)
9b74246f
JH		 1639 cancel_delayed_work(&hdev->discov_off);
1640 }
2b76f453 1641
9b74246f
JH		 1642 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1643 }
2b76f453 1644
4c01f8b8
JH		 1645 /* If we're going from non-connectable to connectable or
1646 * vice-versa when fast connectable is enabled ensure that fast
1647 * connectable gets disabled. write_fast_connectable won't do
1648 * anything if the page scan parameters are already what they
1649 * should be.
1650 */
1651 if (cp->val || test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags))
e36a3769
JH		 1652 write_fast_connectable(&req, false);
1653
1987fdc7
JH		 1654 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags) &&
1655 hci_conn_num(hdev, LE_LINK) == 0) {
1656 disable_advertising(&req);
1657 enable_advertising(&req);
1658 }
1659
2b76f453 1660 err = hci_req_run(&req, set_connectable_complete);
9b74246f 1661 if (err < 0) {
a664b5bc 1662 mgmt_pending_remove(cmd);
9b74246f 1663 if (err == -ENODATA)
a81070ba
JH		 1664 err = set_connectable_update_settings(hdev, sk,
1665 cp->val);
9b74246f
JH		 1666 goto failed;
1667 }
9fbcbb45
JH		 1668
1669failed:
09fd0de5 1670 hci_dev_unlock(hdev);
9fbcbb45
JH		 1671 return err;
1672}
1673
bdb6d971 1674static int set_pairable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1675 u16 len)
c542a06c 1676{
650f726d 1677 struct mgmt_mode *cp = data;
55594356 1678 bool changed;
c542a06c
JH		 1679 int err;
1680
bdb6d971 1681 BT_DBG("request for %s", hdev->name);
c542a06c 1682
a7e80f25
JH		 1683 if (cp->val != 0x00 && cp->val != 0x01)
1684 return cmd_status(sk, hdev->id, MGMT_OP_SET_PAIRABLE,
1685 MGMT_STATUS_INVALID_PARAMS);
1686
09fd0de5 1687 hci_dev_lock(hdev);
c542a06c
JH		 1688
1689 if (cp->val)
55594356 1690 changed = !test_and_set_bit(HCI_PAIRABLE, &hdev->dev_flags);
c542a06c 1691 else
55594356 1692 changed = test_and_clear_bit(HCI_PAIRABLE, &hdev->dev_flags);
c542a06c 1693
69ab39ea 1694 err = send_settings_rsp(sk, MGMT_OP_SET_PAIRABLE, hdev);
c542a06c 1695 if (err < 0)
55594356 1696 goto unlock;
c542a06c 1697
55594356
MH		 1698 if (changed)
1699 err = new_settings(hdev, sk);
c542a06c 1700
55594356 1701unlock:
09fd0de5 1702 hci_dev_unlock(hdev);
c542a06c
JH		 1703 return err;
1704}
1705
04124681
GP		 1706static int set_link_security(struct sock *sk, struct hci_dev *hdev, void *data,
1707 u16 len)
33ef95ed
JH		 1708{
1709 struct mgmt_mode *cp = data;
1710 struct pending_cmd *cmd;
e6fe7986 1711 u8 val, status;
33ef95ed
JH		 1712 int err;
1713
bdb6d971 1714 BT_DBG("request for %s", hdev->name);
33ef95ed 1715
e6fe7986
JH		 1716 status = mgmt_bredr_support(hdev);
1717 if (status)
33c525c0 1718 return cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
e6fe7986 1719 status);
33c525c0 1720
a7e80f25
JH		 1721 if (cp->val != 0x00 && cp->val != 0x01)
1722 return cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1723 MGMT_STATUS_INVALID_PARAMS);
1724
33ef95ed
JH		 1725 hci_dev_lock(hdev);
1726
4b34ee78 1727 if (!hdev_is_powered(hdev)) {
47990ea0
JH		 1728 bool changed = false;
1729
1730 if (!!cp->val != test_bit(HCI_LINK_SECURITY,
8ce8e2b5 1731 &hdev->dev_flags)) {
47990ea0
JH		 1732 change_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
1733 changed = true;
1734 }
1735
1736 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1737 if (err < 0)
1738 goto failed;
1739
1740 if (changed)
1741 err = new_settings(hdev, sk);
1742
33ef95ed
JH		 1743 goto failed;
1744 }
1745
1746 if (mgmt_pending_find(MGMT_OP_SET_LINK_SECURITY, hdev)) {
bdb6d971 1747 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
04124681 1748 MGMT_STATUS_BUSY);
33ef95ed
JH		 1749 goto failed;
1750 }
1751
1752 val = !!cp->val;
1753
1754 if (test_bit(HCI_AUTH, &hdev->flags) == val) {
1755 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1756 goto failed;
1757 }
1758
1759 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LINK_SECURITY, hdev, data, len);
1760 if (!cmd) {
1761 err = -ENOMEM;
1762 goto failed;
1763 }
1764
1765 err = hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE, sizeof(val), &val);
1766 if (err < 0) {
1767 mgmt_pending_remove(cmd);
1768 goto failed;
1769 }
1770
1771failed:
1772 hci_dev_unlock(hdev);
33ef95ed
JH		 1773 return err;
1774}
1775
bdb6d971 1776static int set_ssp(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
ed2c4ee3
JH		 1777{
1778 struct mgmt_mode *cp = data;
1779 struct pending_cmd *cmd;
72ef0c1a 1780 u8 status;
ed2c4ee3
JH		 1781 int err;
1782
bdb6d971 1783 BT_DBG("request for %s", hdev->name);
ed2c4ee3 1784
cdba5281
MH		 1785 status = mgmt_bredr_support(hdev);
1786 if (status)
1787 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP, status);
1788
13ecd8b6
JH		 1789 if (!lmp_ssp_capable(hdev))
1790 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1791 MGMT_STATUS_NOT_SUPPORTED);
ed2c4ee3 1792
a7e80f25
JH		 1793 if (cp->val != 0x00 && cp->val != 0x01)
1794 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1795 MGMT_STATUS_INVALID_PARAMS);
1796
13ecd8b6 1797 hci_dev_lock(hdev);
6c8f12c1 1798
4b34ee78 1799 if (!hdev_is_powered(hdev)) {
9ecb3e24 1800 bool changed;
c0ecddc2 1801
9ecb3e24
MH		 1802 if (cp->val) {
1803 changed = !test_and_set_bit(HCI_SSP_ENABLED,
1804 &hdev->dev_flags);
1805 } else {
1806 changed = test_and_clear_bit(HCI_SSP_ENABLED,
1807 &hdev->dev_flags);
1808 if (!changed)
1809 changed = test_and_clear_bit(HCI_HS_ENABLED,
1810 &hdev->dev_flags);
1811 else
1812 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
c0ecddc2
JH		 1813 }
1814
1815 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1816 if (err < 0)
1817 goto failed;
1818
1819 if (changed)
1820 err = new_settings(hdev, sk);
1821
ed2c4ee3
JH		 1822 goto failed;
1823 }
1824
9ecb3e24
MH		 1825 if (mgmt_pending_find(MGMT_OP_SET_SSP, hdev) ||
1826 mgmt_pending_find(MGMT_OP_SET_HS, hdev)) {
d97dcb66
SJ		 1827 err = cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1828 MGMT_STATUS_BUSY);
ed2c4ee3
JH		 1829 goto failed;
1830 }
1831
72ef0c1a 1832 if (!!cp->val == test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) {
ed2c4ee3
JH		 1833 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1834 goto failed;
1835 }
1836
1837 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SSP, hdev, data, len);
1838 if (!cmd) {
1839 err = -ENOMEM;
1840 goto failed;
1841 }
1842
72ef0c1a 1843 err = hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, 1, &cp->val);
ed2c4ee3
JH		 1844 if (err < 0) {
1845 mgmt_pending_remove(cmd);
1846 goto failed;
1847 }
1848
1849failed:
1850 hci_dev_unlock(hdev);
ed2c4ee3
JH		 1851 return err;
1852}
1853
bdb6d971 1854static int set_hs(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
6d80dfd0
JH		 1855{
1856 struct mgmt_mode *cp = data;
ee392693 1857 bool changed;
e6fe7986 1858 u8 status;
ee392693 1859 int err;
6d80dfd0 1860
bdb6d971 1861 BT_DBG("request for %s", hdev->name);
6d80dfd0 1862
e6fe7986
JH		 1863 status = mgmt_bredr_support(hdev);
1864 if (status)
1865 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS, status);
6d80dfd0 1866
9ecb3e24
MH		 1867 if (!lmp_ssp_capable(hdev))
1868 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1869 MGMT_STATUS_NOT_SUPPORTED);
1870
1871 if (!test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
1872 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1873 MGMT_STATUS_REJECTED);
1874
a7e80f25
JH		 1875 if (cp->val != 0x00 && cp->val != 0x01)
1876 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1877 MGMT_STATUS_INVALID_PARAMS);
1878
ee392693
MH		 1879 hci_dev_lock(hdev);
1880
a0cdf960 1881 if (cp->val) {
ee392693 1882 changed = !test_and_set_bit(HCI_HS_ENABLED, &hdev->dev_flags);
a0cdf960
MH		 1883 } else {
1884 if (hdev_is_powered(hdev)) {
1885 err = cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1886 MGMT_STATUS_REJECTED);
1887 goto unlock;
1888 }
1889
ee392693 1890 changed = test_and_clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
a0cdf960 1891 }
ee392693
MH		 1892
1893 err = send_settings_rsp(sk, MGMT_OP_SET_HS, hdev);
1894 if (err < 0)
1895 goto unlock;
1896
1897 if (changed)
1898 err = new_settings(hdev, sk);
6d80dfd0 1899
ee392693
MH		 1900unlock:
1901 hci_dev_unlock(hdev);
1902 return err;
6d80dfd0
JH		 1903}
1904
416a4ae5
JH		 1905static void le_enable_complete(struct hci_dev *hdev, u8 status)
1906{
1907 struct cmd_lookup match = { NULL, hdev };
1908
1909 if (status) {
1910 u8 mgmt_err = mgmt_status(status);
1911
1912 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, cmd_status_rsp,
1913 &mgmt_err);
1914 return;
1915 }
1916
1917 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, settings_rsp, &match);
1918
1919 new_settings(hdev, match.sk);
1920
1921 if (match.sk)
1922 sock_put(match.sk);
441ad2d0
MH		 1923
1924 /* Make sure the controller has a good default for
1925 * advertising data. Restrict the update to when LE
1926 * has actually been enabled. During power on, the
1927 * update in powered_update_hci will take care of it.
1928 */
1929 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
1930 struct hci_request req;
1931
1932 hci_dev_lock(hdev);
1933
1934 hci_req_init(&req, hdev);
5947f4bc 1935 update_adv_data(&req);
f14d8f64 1936 update_scan_rsp_data(&req);
441ad2d0
MH		 1937 hci_req_run(&req, NULL);
1938
1939 hci_dev_unlock(hdev);
1940 }
416a4ae5
JH		 1941}
1942
bdb6d971 1943static int set_le(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
06199cf8
JH		 1944{
1945 struct mgmt_mode *cp = data;
1946 struct hci_cp_write_le_host_supported hci_cp;
1947 struct pending_cmd *cmd;
416a4ae5 1948 struct hci_request req;
06199cf8 1949 int err;
0b60eba1 1950 u8 val, enabled;
06199cf8 1951
bdb6d971 1952 BT_DBG("request for %s", hdev->name);
06199cf8 1953
13ecd8b6
JH		 1954 if (!lmp_le_capable(hdev))
1955 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1956 MGMT_STATUS_NOT_SUPPORTED);
1de028ce 1957
a7e80f25
JH		 1958 if (cp->val != 0x00 && cp->val != 0x01)
1959 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1960 MGMT_STATUS_INVALID_PARAMS);
1961
c73eee91 1962 /* LE-only devices do not allow toggling LE on/off */
56f87901 1963 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
c73eee91
JH		 1964 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1965 MGMT_STATUS_REJECTED);
1966
13ecd8b6 1967 hci_dev_lock(hdev);
06199cf8
JH		 1968
1969 val = !!cp->val;
ffa88e02 1970 enabled = lmp_host_le_capable(hdev);
06199cf8 1971
0b60eba1 1972 if (!hdev_is_powered(hdev) || val == enabled) {
06199cf8
JH		 1973 bool changed = false;
1974
1975 if (val != test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
1976 change_bit(HCI_LE_ENABLED, &hdev->dev_flags);
1977 changed = true;
1978 }
1979
f3d3444a
JH		 1980 if (!val && test_bit(HCI_ADVERTISING, &hdev->dev_flags)) {
1981 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
eeca6f89
JH		 1982 changed = true;
1983 }
1984
06199cf8
JH		 1985 err = send_settings_rsp(sk, MGMT_OP_SET_LE, hdev);
1986 if (err < 0)
1de028ce 1987 goto unlock;
06199cf8
JH		 1988
1989 if (changed)
1990 err = new_settings(hdev, sk);
1991
1de028ce 1992 goto unlock;
06199cf8
JH		 1993 }
1994
4375f103
JH		 1995 if (mgmt_pending_find(MGMT_OP_SET_LE, hdev) ||
1996 mgmt_pending_find(MGMT_OP_SET_ADVERTISING, hdev)) {
bdb6d971 1997 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
04124681 1998 MGMT_STATUS_BUSY);
1de028ce 1999 goto unlock;
06199cf8
JH		 2000 }
2001
2002 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LE, hdev, data, len);
2003 if (!cmd) {
2004 err = -ENOMEM;
1de028ce 2005 goto unlock;
06199cf8
JH		 2006 }
2007
441ad2d0
MH		 2008 hci_req_init(&req, hdev);
2009
06199cf8
JH		 2010 memset(&hci_cp, 0, sizeof(hci_cp));
2011
2012 if (val) {
2013 hci_cp.le = val;
ffa88e02 2014 hci_cp.simul = lmp_le_br_capable(hdev);
441ad2d0
MH		 2015 } else {
2016 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags))
2017 disable_advertising(&req);
06199cf8
JH		 2018 }
2019
416a4ae5
JH		 2020 hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(hci_cp),
2021 &hci_cp);
2022
2023 err = hci_req_run(&req, le_enable_complete);
0c01bc48 2024 if (err < 0)
06199cf8 2025 mgmt_pending_remove(cmd);
06199cf8 2026
1de028ce
JH		 2027unlock:
2028 hci_dev_unlock(hdev);
06199cf8
JH		 2029 return err;
2030}
2031
0cab9c80
JH		 2032/* This is a helper function to test for pending mgmt commands that can
2033 * cause CoD or EIR HCI commands. We can only allow one such pending
2034 * mgmt command at a time since otherwise we cannot easily track what
2035 * the current values are, will be, and based on that calculate if a new
2036 * HCI command needs to be sent and if yes with what value.
2037 */
2038static bool pending_eir_or_class(struct hci_dev *hdev)
2039{
2040 struct pending_cmd *cmd;
2041
2042 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
2043 switch (cmd->opcode) {
2044 case MGMT_OP_ADD_UUID:
2045 case MGMT_OP_REMOVE_UUID:
2046 case MGMT_OP_SET_DEV_CLASS:
2047 case MGMT_OP_SET_POWERED:
2048 return true;
2049 }
2050 }
2051
2052 return false;
2053}
2054
83be8eca
JH		 2055static const u8 bluetooth_base_uuid[] = {
2056 0xfb, 0x34, 0x9b, 0x5f, 0x80, 0x00, 0x00, 0x80,
2057 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2058};
2059
2060static u8 get_uuid_size(const u8 *uuid)
2061{
2062 u32 val;
2063
2064 if (memcmp(uuid, bluetooth_base_uuid, 12))
2065 return 128;
2066
2067 val = get_unaligned_le32(&uuid[12]);
2068 if (val > 0xffff)
2069 return 32;
2070
2071 return 16;
2072}
2073
92da6097
JH		 2074static void mgmt_class_complete(struct hci_dev *hdev, u16 mgmt_op, u8 status)
2075{
2076 struct pending_cmd *cmd;
2077
2078 hci_dev_lock(hdev);
2079
2080 cmd = mgmt_pending_find(mgmt_op, hdev);
2081 if (!cmd)
2082 goto unlock;
2083
2084 cmd_complete(cmd->sk, cmd->index, cmd->opcode, mgmt_status(status),
2085 hdev->dev_class, 3);
2086
2087 mgmt_pending_remove(cmd);
2088
2089unlock:
2090 hci_dev_unlock(hdev);
2091}
2092
2093static void add_uuid_complete(struct hci_dev *hdev, u8 status)
2094{
2095 BT_DBG("status 0x%02x", status);
2096
2097 mgmt_class_complete(hdev, MGMT_OP_ADD_UUID, status);
2098}
2099
bdb6d971 2100static int add_uuid(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
2aeb9a1a 2101{
650f726d 2102 struct mgmt_cp_add_uuid *cp = data;
90e70454 2103 struct pending_cmd *cmd;
890ea898 2104 struct hci_request req;
2aeb9a1a 2105 struct bt_uuid *uuid;
2aeb9a1a
JH		 2106 int err;
2107
bdb6d971 2108 BT_DBG("request for %s", hdev->name);
2aeb9a1a 2109
09fd0de5 2110 hci_dev_lock(hdev);
2aeb9a1a 2111
0cab9c80 2112 if (pending_eir_or_class(hdev)) {
bdb6d971 2113 err = cmd_status(sk, hdev->id, MGMT_OP_ADD_UUID,
04124681 2114 MGMT_STATUS_BUSY);
c95f0ba7
JH		 2115 goto failed;
2116 }
2117
92c4c204 2118 uuid = kmalloc(sizeof(*uuid), GFP_KERNEL);
2aeb9a1a
JH		 2119 if (!uuid) {
2120 err = -ENOMEM;
2121 goto failed;
2122 }
2123
2124 memcpy(uuid->uuid, cp->uuid, 16);
1aff6f09 2125 uuid->svc_hint = cp->svc_hint;
83be8eca 2126 uuid->size = get_uuid_size(cp->uuid);
2aeb9a1a 2127
de66aa63 2128 list_add_tail(&uuid->list, &hdev->uuids);
2aeb9a1a 2129
890ea898 2130 hci_req_init(&req, hdev);
1aff6f09 2131
890ea898
JH		 2132 update_class(&req);
2133 update_eir(&req);
2134
92da6097
JH		 2135 err = hci_req_run(&req, add_uuid_complete);
2136 if (err < 0) {
2137 if (err != -ENODATA)
2138 goto failed;
80a1e1db 2139
bdb6d971 2140 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_UUID, 0,
04124681 2141 hdev->dev_class, 3);
90e70454
JH		 2142 goto failed;
2143 }
2144
2145 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_UUID, hdev, data, len);
890ea898 2146 if (!cmd) {
90e70454 2147 err = -ENOMEM;
890ea898
JH		 2148 goto failed;
2149 }
2150
2151 err = 0;
2aeb9a1a
JH		 2152
2153failed:
09fd0de5 2154 hci_dev_unlock(hdev);
2aeb9a1a
JH		 2155 return err;
2156}
2157
24b78d0f
JH		 2158static bool enable_service_cache(struct hci_dev *hdev)
2159{
2160 if (!hdev_is_powered(hdev))
2161 return false;
2162
2163 if (!test_and_set_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
46818ed5
JH		 2164 queue_delayed_work(hdev->workqueue, &hdev->service_cache,
2165 CACHE_TIMEOUT);
24b78d0f
JH		 2166 return true;
2167 }
2168
2169 return false;
2170}
2171
92da6097
JH		 2172static void remove_uuid_complete(struct hci_dev *hdev, u8 status)
2173{
2174 BT_DBG("status 0x%02x", status);
2175
2176 mgmt_class_complete(hdev, MGMT_OP_REMOVE_UUID, status);
2177}
2178
bdb6d971 2179static int remove_uuid(struct sock *sk, struct hci_dev *hdev, void *data,
8ce8e2b5 2180 u16 len)
2aeb9a1a 2181{
650f726d 2182 struct mgmt_cp_remove_uuid *cp = data;
90e70454 2183 struct pending_cmd *cmd;
056341c8 2184 struct bt_uuid *match, *tmp;
2aeb9a1a 2185 u8 bt_uuid_any[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
890ea898 2186 struct hci_request req;
2aeb9a1a
JH		 2187 int err, found;
2188
bdb6d971 2189 BT_DBG("request for %s", hdev->name);
2aeb9a1a 2190
09fd0de5 2191 hci_dev_lock(hdev);
2aeb9a1a 2192
0cab9c80 2193 if (pending_eir_or_class(hdev)) {
bdb6d971 2194 err = cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
04124681 2195 MGMT_STATUS_BUSY);
c95f0ba7
JH		 2196 goto unlock;
2197 }
2198
2aeb9a1a 2199 if (memcmp(cp->uuid, bt_uuid_any, 16) == 0) {
35f7498a 2200 hci_uuids_clear(hdev);
4004b6d9 2201
24b78d0f 2202 if (enable_service_cache(hdev)) {
bdb6d971 2203 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID,
04124681 2204 0, hdev->dev_class, 3);
24b78d0f
JH		 2205 goto unlock;
2206 }
4004b6d9 2207
9246a869 2208 goto update_class;
2aeb9a1a
JH		 2209 }
2210
2211 found = 0;
2212
056341c8 2213 list_for_each_entry_safe(match, tmp, &hdev->uuids, list) {
2aeb9a1a
JH		 2214 if (memcmp(match->uuid, cp->uuid, 16) != 0)
2215 continue;
2216
2217 list_del(&match->list);
482049f7 2218 kfree(match);
2aeb9a1a
JH		 2219 found++;
2220 }
2221
2222 if (found == 0) {
bdb6d971 2223 err = cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
04124681 2224 MGMT_STATUS_INVALID_PARAMS);
2aeb9a1a
JH		 2225 goto unlock;
2226 }
2227
9246a869 2228update_class:
890ea898 2229 hci_req_init(&req, hdev);
1aff6f09 2230
890ea898
JH		 2231 update_class(&req);
2232 update_eir(&req);
2233
92da6097
JH		 2234 err = hci_req_run(&req, remove_uuid_complete);
2235 if (err < 0) {
2236 if (err != -ENODATA)
2237 goto unlock;
80a1e1db 2238
bdb6d971 2239 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID, 0,
04124681 2240 hdev->dev_class, 3);
90e70454
JH		 2241 goto unlock;
2242 }
2243
2244 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_UUID, hdev, data, len);
890ea898 2245 if (!cmd) {
90e70454 2246 err = -ENOMEM;
890ea898
JH		 2247 goto unlock;
2248 }
2249
2250 err = 0;
2aeb9a1a
JH		 2251
2252unlock:
09fd0de5 2253 hci_dev_unlock(hdev);
2aeb9a1a
JH		 2254 return err;
2255}
2256
92da6097
JH		 2257static void set_class_complete(struct hci_dev *hdev, u8 status)
2258{
2259 BT_DBG("status 0x%02x", status);
2260
2261 mgmt_class_complete(hdev, MGMT_OP_SET_DEV_CLASS, status);
2262}
2263
bdb6d971 2264static int set_dev_class(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2265 u16 len)
1aff6f09 2266{
650f726d 2267 struct mgmt_cp_set_dev_class *cp = data;
90e70454 2268 struct pending_cmd *cmd;
890ea898 2269 struct hci_request req;
1aff6f09
JH		 2270 int err;
2271
bdb6d971 2272 BT_DBG("request for %s", hdev->name);
1aff6f09 2273
6203fc98 2274 if (!lmp_bredr_capable(hdev))
13ecd8b6
JH		 2275 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2276 MGMT_STATUS_NOT_SUPPORTED);
1aff6f09 2277
0cab9c80 2278 hci_dev_lock(hdev);
ee98f473 2279
0cab9c80
JH		 2280 if (pending_eir_or_class(hdev)) {
2281 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2282 MGMT_STATUS_BUSY);
2283 goto unlock;
2284 }
c95f0ba7 2285
0cab9c80
JH		 2286 if ((cp->minor & 0x03) != 0 || (cp->major & 0xe0) != 0) {
2287 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2288 MGMT_STATUS_INVALID_PARAMS);
2289 goto unlock;
2290 }
575b3a02 2291
932f5ff5
JH		 2292 hdev->major_class = cp->major;
2293 hdev->minor_class = cp->minor;
2294
b5235a65 2295 if (!hdev_is_powered(hdev)) {
bdb6d971 2296 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
04124681 2297 hdev->dev_class, 3);
b5235a65
JH		 2298 goto unlock;
2299 }
2300
890ea898
JH		 2301 hci_req_init(&req, hdev);
2302
a8b2d5c2 2303 if (test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
7d78525d
JH		 2304 hci_dev_unlock(hdev);
2305 cancel_delayed_work_sync(&hdev->service_cache);
2306 hci_dev_lock(hdev);
890ea898 2307 update_eir(&req);
7d78525d 2308 }
14c0b608 2309
890ea898
JH		 2310 update_class(&req);
2311
92da6097
JH		 2312 err = hci_req_run(&req, set_class_complete);
2313 if (err < 0) {
2314 if (err != -ENODATA)
2315 goto unlock;
1aff6f09 2316
bdb6d971 2317 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
04124681 2318 hdev->dev_class, 3);
90e70454
JH		 2319 goto unlock;
2320 }
2321
2322 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DEV_CLASS, hdev, data, len);
890ea898 2323 if (!cmd) {
90e70454 2324 err = -ENOMEM;
890ea898
JH		 2325 goto unlock;
2326 }
2327
2328 err = 0;
1aff6f09 2329
b5235a65 2330unlock:
09fd0de5 2331 hci_dev_unlock(hdev);
1aff6f09
JH		 2332 return err;
2333}
2334
bdb6d971 2335static int load_link_keys(struct sock *sk, struct hci_dev *hdev, void *data,
8ce8e2b5 2336 u16 len)
55ed8ca1 2337{
650f726d 2338 struct mgmt_cp_load_link_keys *cp = data;
4e51eae9 2339 u16 key_count, expected_len;
b1de97d8 2340 bool changed;
a492cd52 2341 int i;
55ed8ca1 2342
9060d5cf
MH		 2343 BT_DBG("request for %s", hdev->name);
2344
2345 if (!lmp_bredr_capable(hdev))
2346 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2347 MGMT_STATUS_NOT_SUPPORTED);
2348
1f350c87 2349 key_count = __le16_to_cpu(cp->key_count);
55ed8ca1 2350
86742e1e
JH		 2351 expected_len = sizeof(*cp) + key_count *
2352 sizeof(struct mgmt_link_key_info);
a492cd52 2353 if (expected_len != len) {
86742e1e 2354 BT_ERR("load_link_keys: expected %u bytes, got %u bytes",
2606ecbc 2355 expected_len, len);
bdb6d971 2356 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
04124681 2357 MGMT_STATUS_INVALID_PARAMS);
55ed8ca1
JH		 2358 }
2359
4ae14301
JH		 2360 if (cp->debug_keys != 0x00 && cp->debug_keys != 0x01)
2361 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2362 MGMT_STATUS_INVALID_PARAMS);
2363
bdb6d971 2364 BT_DBG("%s debug_keys %u key_count %u", hdev->name, cp->debug_keys,
8ce8e2b5 2365 key_count);
55ed8ca1 2366
4ee71b20
JH		 2367 for (i = 0; i < key_count; i++) {
2368 struct mgmt_link_key_info *key = &cp->keys[i];
2369
8e991132 2370 if (key->addr.type != BDADDR_BREDR || key->type > 0x08)
4ee71b20
JH		 2371 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2372 MGMT_STATUS_INVALID_PARAMS);
2373 }
2374
09fd0de5 2375 hci_dev_lock(hdev);
55ed8ca1
JH		 2376
2377 hci_link_keys_clear(hdev);
2378
55ed8ca1 2379 if (cp->debug_keys)
b1de97d8 2380 changed = !test_and_set_bit(HCI_DEBUG_KEYS, &hdev->dev_flags);
55ed8ca1 2381 else
b1de97d8
MH		 2382 changed = test_and_clear_bit(HCI_DEBUG_KEYS, &hdev->dev_flags);
2383
2384 if (changed)
2385 new_settings(hdev, NULL);
55ed8ca1 2386
a492cd52 2387 for (i = 0; i < key_count; i++) {
86742e1e 2388 struct mgmt_link_key_info *key = &cp->keys[i];
55ed8ca1 2389
d753fdc4 2390 hci_add_link_key(hdev, NULL, 0, &key->addr.bdaddr, key->val,
04124681 2391 key->type, key->pin_len);
55ed8ca1
JH		 2392 }
2393
bdb6d971 2394 cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS, 0, NULL, 0);
0e5f875a 2395
09fd0de5 2396 hci_dev_unlock(hdev);
55ed8ca1 2397
a492cd52 2398 return 0;
55ed8ca1
JH		 2399}
2400
b1078ad0 2401static int device_unpaired(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 2402 u8 addr_type, struct sock *skip_sk)
b1078ad0
JH		 2403{
2404 struct mgmt_ev_device_unpaired ev;
2405
2406 bacpy(&ev.addr.bdaddr, bdaddr);
2407 ev.addr.type = addr_type;
2408
2409 return mgmt_event(MGMT_EV_DEVICE_UNPAIRED, hdev, &ev, sizeof(ev),
04124681 2410 skip_sk);
b1078ad0
JH		 2411}
2412
bdb6d971 2413static int unpair_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2414 u16 len)
55ed8ca1 2415{
124f6e35
JH		 2416 struct mgmt_cp_unpair_device *cp = data;
2417 struct mgmt_rp_unpair_device rp;
a8a1d19e
JH		 2418 struct hci_cp_disconnect dc;
2419 struct pending_cmd *cmd;
55ed8ca1 2420 struct hci_conn *conn;
55ed8ca1
JH		 2421 int err;
2422
a8a1d19e 2423 memset(&rp, 0, sizeof(rp));
124f6e35
JH		 2424 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2425 rp.addr.type = cp->addr.type;
a8a1d19e 2426
4ee71b20
JH		 2427 if (!bdaddr_type_is_valid(cp->addr.type))
2428 return cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2429 MGMT_STATUS_INVALID_PARAMS,
2430 &rp, sizeof(rp));
2431
118da70b
JH		 2432 if (cp->disconnect != 0x00 && cp->disconnect != 0x01)
2433 return cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2434 MGMT_STATUS_INVALID_PARAMS,
2435 &rp, sizeof(rp));
2436
4ee71b20
JH		 2437 hci_dev_lock(hdev);
2438
86a8cfc6 2439 if (!hdev_is_powered(hdev)) {
bdb6d971 2440 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
04124681 2441 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
86a8cfc6
JH		 2442 goto unlock;
2443 }
2444
e0b2b27e 2445 if (cp->addr.type == BDADDR_BREDR) {
124f6e35 2446 err = hci_remove_link_key(hdev, &cp->addr.bdaddr);
e0b2b27e
JH		 2447 } else {
2448 u8 addr_type;
2449
2450 if (cp->addr.type == BDADDR_LE_PUBLIC)
2451 addr_type = ADDR_LE_DEV_PUBLIC;
2452 else
2453 addr_type = ADDR_LE_DEV_RANDOM;
2454
a7ec7338
JH		 2455 hci_remove_irk(hdev, &cp->addr.bdaddr, addr_type);
2456
a9b0a04c
AG		 2457 hci_conn_params_del(hdev, &cp->addr.bdaddr, addr_type);
2458
e0b2b27e
JH		 2459 err = hci_remove_ltk(hdev, &cp->addr.bdaddr, addr_type);
2460 }
b0dbfb46 2461
55ed8ca1 2462 if (err < 0) {
bdb6d971 2463 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
04124681 2464 MGMT_STATUS_NOT_PAIRED, &rp, sizeof(rp));
55ed8ca1
JH		 2465 goto unlock;
2466 }
2467
86a8cfc6 2468 if (cp->disconnect) {
591f47f3 2469 if (cp->addr.type == BDADDR_BREDR)
86a8cfc6 2470 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
8ce8e2b5 2471 &cp->addr.bdaddr);
86a8cfc6
JH		 2472 else
2473 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK,
8ce8e2b5 2474 &cp->addr.bdaddr);
86a8cfc6
JH		 2475 } else {
2476 conn = NULL;
2477 }
124f6e35 2478
a8a1d19e 2479 if (!conn) {
bdb6d971 2480 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE, 0,
04124681 2481 &rp, sizeof(rp));
b1078ad0 2482 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, sk);
a8a1d19e
JH		 2483 goto unlock;
2484 }
55ed8ca1 2485
124f6e35 2486 cmd = mgmt_pending_add(sk, MGMT_OP_UNPAIR_DEVICE, hdev, cp,
04124681 2487 sizeof(*cp));
a8a1d19e
JH		 2488 if (!cmd) {
2489 err = -ENOMEM;
2490 goto unlock;
55ed8ca1
JH		 2491 }
2492
eb55ef07 2493 dc.handle = cpu_to_le16(conn->handle);
a8a1d19e
JH		 2494 dc.reason = 0x13; /* Remote User Terminated Connection */
2495 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
2496 if (err < 0)
2497 mgmt_pending_remove(cmd);
2498
55ed8ca1 2499unlock:
09fd0de5 2500 hci_dev_unlock(hdev);
55ed8ca1
JH		 2501 return err;
2502}
2503
bdb6d971 2504static int disconnect(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2505 u16 len)
8962ee74 2506{
650f726d 2507 struct mgmt_cp_disconnect *cp = data;
06a63b19 2508 struct mgmt_rp_disconnect rp;
8962ee74 2509 struct hci_cp_disconnect dc;
366a0336 2510 struct pending_cmd *cmd;
8962ee74 2511 struct hci_conn *conn;
8962ee74
JH		 2512 int err;
2513
2514 BT_DBG("");
2515
06a63b19
JH		 2516 memset(&rp, 0, sizeof(rp));
2517 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2518 rp.addr.type = cp->addr.type;
2519
4ee71b20 2520 if (!bdaddr_type_is_valid(cp->addr.type))
06a63b19
JH		 2521 return cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2522 MGMT_STATUS_INVALID_PARAMS,
2523 &rp, sizeof(rp));
4ee71b20 2524
09fd0de5 2525 hci_dev_lock(hdev);
8962ee74
JH		 2526
2527 if (!test_bit(HCI_UP, &hdev->flags)) {
06a63b19
JH		 2528 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2529 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
8962ee74
JH		 2530 goto failed;
2531 }
2532
2e58ef3e 2533 if (mgmt_pending_find(MGMT_OP_DISCONNECT, hdev)) {
06a63b19
JH		 2534 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2535 MGMT_STATUS_BUSY, &rp, sizeof(rp));
8962ee74
JH		 2536 goto failed;
2537 }
2538
591f47f3 2539 if (cp->addr.type == BDADDR_BREDR)
8fc9ced3
GP		 2540 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
2541 &cp->addr.bdaddr);
88c3df13
JH		 2542 else
2543 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
365227e5 2544
f960727e 2545 if (!conn || conn->state == BT_OPEN || conn->state == BT_CLOSED) {
06a63b19
JH		 2546 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2547 MGMT_STATUS_NOT_CONNECTED, &rp, sizeof(rp));
8962ee74
JH		 2548 goto failed;
2549 }
2550
2e58ef3e 2551 cmd = mgmt_pending_add(sk, MGMT_OP_DISCONNECT, hdev, data, len);
366a0336
JH		 2552 if (!cmd) {
2553 err = -ENOMEM;
8962ee74 2554 goto failed;
366a0336 2555 }
8962ee74 2556
eb55ef07 2557 dc.handle = cpu_to_le16(conn->handle);
3701f944 2558 dc.reason = HCI_ERROR_REMOTE_USER_TERM;
8962ee74
JH		 2559
2560 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
2561 if (err < 0)
a664b5bc 2562 mgmt_pending_remove(cmd);
8962ee74
JH		 2563
2564failed:
09fd0de5 2565 hci_dev_unlock(hdev);
8962ee74
JH		 2566 return err;
2567}
2568
57c1477c 2569static u8 link_to_bdaddr(u8 link_type, u8 addr_type)
4c659c39
JH		 2570{
2571 switch (link_type) {
2572 case LE_LINK:
48264f06
JH		 2573 switch (addr_type) {
2574 case ADDR_LE_DEV_PUBLIC:
591f47f3 2575 return BDADDR_LE_PUBLIC;
0ed09148 2576
48264f06 2577 default:
0ed09148 2578 /* Fallback to LE Random address type */
591f47f3 2579 return BDADDR_LE_RANDOM;
48264f06 2580 }
0ed09148 2581
4c659c39 2582 default:
0ed09148 2583 /* Fallback to BR/EDR type */
591f47f3 2584 return BDADDR_BREDR;
4c659c39
JH		 2585 }
2586}
2587
04124681
GP		 2588static int get_connections(struct sock *sk, struct hci_dev *hdev, void *data,
2589 u16 data_len)
2784eb41 2590{
2784eb41 2591 struct mgmt_rp_get_connections *rp;
8035ded4 2592 struct hci_conn *c;
a38528f1 2593 size_t rp_len;
60fc5fb6
JH		 2594 int err;
2595 u16 i;
2784eb41
JH		 2596
2597 BT_DBG("");
2598
09fd0de5 2599 hci_dev_lock(hdev);
2784eb41 2600
5f97c1df 2601 if (!hdev_is_powered(hdev)) {
bdb6d971 2602 err = cmd_status(sk, hdev->id, MGMT_OP_GET_CONNECTIONS,
04124681 2603 MGMT_STATUS_NOT_POWERED);
5f97c1df
JH		 2604 goto unlock;
2605 }
2606
60fc5fb6 2607 i = 0;
b644ba33
JH		 2608 list_for_each_entry(c, &hdev->conn_hash.list, list) {
2609 if (test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
60fc5fb6 2610 i++;
2784eb41
JH		 2611 }
2612
60fc5fb6 2613 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
92c4c204 2614 rp = kmalloc(rp_len, GFP_KERNEL);
a38528f1 2615 if (!rp) {
2784eb41
JH		 2616 err = -ENOMEM;
2617 goto unlock;
2618 }
2619
2784eb41 2620 i = 0;
4c659c39 2621 list_for_each_entry(c, &hdev->conn_hash.list, list) {
b644ba33
JH		 2622 if (!test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
2623 continue;
4c659c39 2624 bacpy(&rp->addr[i].bdaddr, &c->dst);
57c1477c 2625 rp->addr[i].type = link_to_bdaddr(c->type, c->dst_type);
0ed09148 2626 if (c->type == SCO_LINK || c->type == ESCO_LINK)
4c659c39
JH		 2627 continue;
2628 i++;
2629 }
2630
eb55ef07 2631 rp->conn_count = cpu_to_le16(i);
60fc5fb6 2632
4c659c39
JH		 2633 /* Recalculate length in case of filtered SCO connections, etc */
2634 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
2784eb41 2635
bdb6d971 2636 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CONNECTIONS, 0, rp,
04124681 2637 rp_len);
2784eb41 2638
a38528f1 2639 kfree(rp);
5f97c1df
JH		 2640
2641unlock:
09fd0de5 2642 hci_dev_unlock(hdev);
2784eb41
JH		 2643 return err;
2644}
2645
bdb6d971 2646static int send_pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 2647 struct mgmt_cp_pin_code_neg_reply *cp)
96d97a67
WR		 2648{
2649 struct pending_cmd *cmd;
2650 int err;
2651
2e58ef3e 2652 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_NEG_REPLY, hdev, cp,
04124681 2653 sizeof(*cp));
96d97a67
WR		 2654 if (!cmd)
2655 return -ENOMEM;
2656
d8457698 2657 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
04124681 2658 sizeof(cp->addr.bdaddr), &cp->addr.bdaddr);
96d97a67
WR		 2659 if (err < 0)
2660 mgmt_pending_remove(cmd);
2661
2662 return err;
2663}
2664
bdb6d971 2665static int pin_code_reply(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2666 u16 len)
980e1a53 2667{
96d97a67 2668 struct hci_conn *conn;
650f726d 2669 struct mgmt_cp_pin_code_reply *cp = data;
980e1a53 2670 struct hci_cp_pin_code_reply reply;
366a0336 2671 struct pending_cmd *cmd;
980e1a53
JH		 2672 int err;
2673
2674 BT_DBG("");
2675
09fd0de5 2676 hci_dev_lock(hdev);
980e1a53 2677
4b34ee78 2678 if (!hdev_is_powered(hdev)) {
bdb6d971 2679 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
04124681 2680 MGMT_STATUS_NOT_POWERED);
980e1a53
JH		 2681 goto failed;
2682 }
2683
d8457698 2684 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->addr.bdaddr);
96d97a67 2685 if (!conn) {
bdb6d971 2686 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
04124681 2687 MGMT_STATUS_NOT_CONNECTED);
96d97a67
WR		 2688 goto failed;
2689 }
2690
2691 if (conn->pending_sec_level == BT_SECURITY_HIGH && cp->pin_len != 16) {
d8457698
JH		 2692 struct mgmt_cp_pin_code_neg_reply ncp;
2693
2694 memcpy(&ncp.addr, &cp->addr, sizeof(ncp.addr));
96d97a67
WR		 2695
2696 BT_ERR("PIN code is not 16 bytes long");
2697
bdb6d971 2698 err = send_pin_code_neg_reply(sk, hdev, &ncp);
96d97a67 2699 if (err >= 0)
bdb6d971 2700 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
04124681 2701 MGMT_STATUS_INVALID_PARAMS);
96d97a67
WR		 2702
2703 goto failed;
2704 }
2705
00abfe44 2706 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_REPLY, hdev, data, len);
366a0336
JH		 2707 if (!cmd) {
2708 err = -ENOMEM;
980e1a53 2709 goto failed;
366a0336 2710 }
980e1a53 2711
d8457698 2712 bacpy(&reply.bdaddr, &cp->addr.bdaddr);
980e1a53 2713 reply.pin_len = cp->pin_len;
24718ca5 2714 memcpy(reply.pin_code, cp->pin_code, sizeof(reply.pin_code));
980e1a53
JH		 2715
2716 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_REPLY, sizeof(reply), &reply);
2717 if (err < 0)
a664b5bc 2718 mgmt_pending_remove(cmd);
980e1a53
JH		 2719
2720failed:
09fd0de5 2721 hci_dev_unlock(hdev);
980e1a53
JH		 2722 return err;
2723}
2724
04124681
GP		 2725static int set_io_capability(struct sock *sk, struct hci_dev *hdev, void *data,
2726 u16 len)
17fa4b9d 2727{
650f726d 2728 struct mgmt_cp_set_io_capability *cp = data;
17fa4b9d
JH		 2729
2730 BT_DBG("");
2731
09fd0de5 2732 hci_dev_lock(hdev);
17fa4b9d
JH		 2733
2734 hdev->io_capability = cp->io_capability;
2735
2736 BT_DBG("%s IO capability set to 0x%02x", hdev->name,
8ce8e2b5 2737 hdev->io_capability);
17fa4b9d 2738
09fd0de5 2739 hci_dev_unlock(hdev);
17fa4b9d 2740
04124681
GP		 2741 return cmd_complete(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY, 0, NULL,
2742 0);
17fa4b9d
JH		 2743}
2744
6039aa73 2745static struct pending_cmd *find_pairing(struct hci_conn *conn)
e9a416b5
JH		 2746{
2747 struct hci_dev *hdev = conn->hdev;
8035ded4 2748 struct pending_cmd *cmd;
e9a416b5 2749
2e58ef3e 2750 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
e9a416b5
JH		 2751 if (cmd->opcode != MGMT_OP_PAIR_DEVICE)
2752 continue;
2753
e9a416b5
JH		 2754 if (cmd->user_data != conn)
2755 continue;
2756
2757 return cmd;
2758 }
2759
2760 return NULL;
2761}
2762
2763static void pairing_complete(struct pending_cmd *cmd, u8 status)
2764{
2765 struct mgmt_rp_pair_device rp;
2766 struct hci_conn *conn = cmd->user_data;
2767
61b1a7fb
JH		 2768 bacpy(&rp.addr.bdaddr, &conn->dst);
2769 rp.addr.type = link_to_bdaddr(conn->type, conn->dst_type);
e9a416b5 2770
aee9b218 2771 cmd_complete(cmd->sk, cmd->index, MGMT_OP_PAIR_DEVICE, status,
04124681 2772 &rp, sizeof(rp));
e9a416b5
JH		 2773
2774 /* So we don't get further callbacks for this connection */
2775 conn->connect_cfm_cb = NULL;
2776 conn->security_cfm_cb = NULL;
2777 conn->disconn_cfm_cb = NULL;
2778
76a68ba0 2779 hci_conn_drop(conn);
e9a416b5 2780
a664b5bc 2781 mgmt_pending_remove(cmd);
e9a416b5
JH		 2782}
2783
f4a407be
JH		 2784void mgmt_smp_complete(struct hci_conn *conn, bool complete)
2785{
2786 u8 status = complete ? MGMT_STATUS_SUCCESS : MGMT_STATUS_FAILED;
2787 struct pending_cmd *cmd;
2788
2789 cmd = find_pairing(conn);
2790 if (cmd)
2791 pairing_complete(cmd, status);
2792}
2793
e9a416b5
JH		 2794static void pairing_complete_cb(struct hci_conn *conn, u8 status)
2795{
2796 struct pending_cmd *cmd;
2797
2798 BT_DBG("status %u", status);
2799
2800 cmd = find_pairing(conn);
56e5cb86 2801 if (!cmd)
e9a416b5 2802 BT_DBG("Unable to find a pending command");
56e5cb86 2803 else
e211326c 2804 pairing_complete(cmd, mgmt_status(status));
e9a416b5
JH		 2805}
2806
f4a407be 2807static void le_pairing_complete_cb(struct hci_conn *conn, u8 status)
4c47d739
VA		 2808{
2809 struct pending_cmd *cmd;
2810
2811 BT_DBG("status %u", status);
2812
2813 if (!status)
2814 return;
2815
2816 cmd = find_pairing(conn);
2817 if (!cmd)
2818 BT_DBG("Unable to find a pending command");
2819 else
2820 pairing_complete(cmd, mgmt_status(status));
2821}
2822
bdb6d971 2823static int pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2824 u16 len)
e9a416b5 2825{
650f726d 2826 struct mgmt_cp_pair_device *cp = data;
1425acb7 2827 struct mgmt_rp_pair_device rp;
e9a416b5
JH		 2828 struct pending_cmd *cmd;
2829 u8 sec_level, auth_type;
2830 struct hci_conn *conn;
e9a416b5
JH		 2831 int err;
2832
2833 BT_DBG("");
2834
f950a30e
SJ		 2835 memset(&rp, 0, sizeof(rp));
2836 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2837 rp.addr.type = cp->addr.type;
2838
4ee71b20
JH		 2839 if (!bdaddr_type_is_valid(cp->addr.type))
2840 return cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2841 MGMT_STATUS_INVALID_PARAMS,
2842 &rp, sizeof(rp));
2843
09fd0de5 2844 hci_dev_lock(hdev);
e9a416b5 2845
5f97c1df 2846 if (!hdev_is_powered(hdev)) {
f950a30e
SJ		 2847 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2848 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
5f97c1df
JH		 2849 goto unlock;
2850 }
2851
c908df36
VCG		 2852 sec_level = BT_SECURITY_MEDIUM;
2853 if (cp->io_cap == 0x03)
e9a416b5 2854 auth_type = HCI_AT_DEDICATED_BONDING;
c908df36 2855 else
e9a416b5 2856 auth_type = HCI_AT_DEDICATED_BONDING_MITM;
e9a416b5 2857
6f77d8c7 2858 if (cp->addr.type == BDADDR_BREDR) {
04a6c589
AG		 2859 conn = hci_connect_acl(hdev, &cp->addr.bdaddr, sec_level,
2860 auth_type);
6f77d8c7
AG		 2861 } else {
2862 u8 addr_type;
2863
2864 /* Convert from L2CAP channel address type to HCI address type
2865 */
2866 if (cp->addr.type == BDADDR_LE_PUBLIC)
2867 addr_type = ADDR_LE_DEV_PUBLIC;
2868 else
2869 addr_type = ADDR_LE_DEV_RANDOM;
2870
2871 conn = hci_connect_le(hdev, &cp->addr.bdaddr, addr_type,
04a6c589 2872 sec_level, auth_type);
6f77d8c7 2873 }
7a512d01 2874
30e76272 2875 if (IS_ERR(conn)) {
489dc48e
AK		 2876 int status;
2877
2878 if (PTR_ERR(conn) == -EBUSY)
2879 status = MGMT_STATUS_BUSY;
2880 else
2881 status = MGMT_STATUS_CONNECT_FAILED;
2882
bdb6d971 2883 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
489dc48e 2884 status, &rp,
04124681 2885 sizeof(rp));
e9a416b5
JH		 2886 goto unlock;
2887 }
2888
2889 if (conn->connect_cfm_cb) {
76a68ba0 2890 hci_conn_drop(conn);
bdb6d971 2891 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
04124681 2892 MGMT_STATUS_BUSY, &rp, sizeof(rp));
e9a416b5
JH		 2893 goto unlock;
2894 }
2895
2e58ef3e 2896 cmd = mgmt_pending_add(sk, MGMT_OP_PAIR_DEVICE, hdev, data, len);
e9a416b5
JH		 2897 if (!cmd) {
2898 err = -ENOMEM;
76a68ba0 2899 hci_conn_drop(conn);
e9a416b5
JH		 2900 goto unlock;
2901 }
2902
7a512d01 2903 /* For LE, just connecting isn't a proof that the pairing finished */
f4a407be 2904 if (cp->addr.type == BDADDR_BREDR) {
7a512d01 2905 conn->connect_cfm_cb = pairing_complete_cb;
f4a407be
JH		 2906 conn->security_cfm_cb = pairing_complete_cb;
2907 conn->disconn_cfm_cb = pairing_complete_cb;
2908 } else {
2909 conn->connect_cfm_cb = le_pairing_complete_cb;
2910 conn->security_cfm_cb = le_pairing_complete_cb;
2911 conn->disconn_cfm_cb = le_pairing_complete_cb;
2912 }
7a512d01 2913
e9a416b5
JH		 2914 conn->io_capability = cp->io_cap;
2915 cmd->user_data = conn;
2916
2917 if (conn->state == BT_CONNECTED &&
8ce8e2b5 2918 hci_conn_security(conn, sec_level, auth_type))
e9a416b5
JH		 2919 pairing_complete(cmd, 0);
2920
2921 err = 0;
2922
2923unlock:
09fd0de5 2924 hci_dev_unlock(hdev);
e9a416b5
JH		 2925 return err;
2926}
2927
04124681
GP		 2928static int cancel_pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
2929 u16 len)
28424707 2930{
0f4e68cf 2931 struct mgmt_addr_info *addr = data;
28424707
JH		 2932 struct pending_cmd *cmd;
2933 struct hci_conn *conn;
2934 int err;
2935
2936 BT_DBG("");
2937
28424707
JH		 2938 hci_dev_lock(hdev);
2939
5f97c1df 2940 if (!hdev_is_powered(hdev)) {
bdb6d971 2941 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
04124681 2942 MGMT_STATUS_NOT_POWERED);
5f97c1df
JH		 2943 goto unlock;
2944 }
2945
28424707
JH		 2946 cmd = mgmt_pending_find(MGMT_OP_PAIR_DEVICE, hdev);
2947 if (!cmd) {
bdb6d971 2948 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
04124681 2949 MGMT_STATUS_INVALID_PARAMS);
28424707
JH		 2950 goto unlock;
2951 }
2952
2953 conn = cmd->user_data;
2954
2955 if (bacmp(&addr->bdaddr, &conn->dst) != 0) {
bdb6d971 2956 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
04124681 2957 MGMT_STATUS_INVALID_PARAMS);
28424707
JH		 2958 goto unlock;
2959 }
2960
2961 pairing_complete(cmd, MGMT_STATUS_CANCELLED);
2962
bdb6d971 2963 err = cmd_complete(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE, 0,
04124681 2964 addr, sizeof(*addr));
28424707
JH		 2965unlock:
2966 hci_dev_unlock(hdev);
28424707
JH		 2967 return err;
2968}
2969
bdb6d971 2970static int user_pairing_resp(struct sock *sk, struct hci_dev *hdev,
1707c60e 2971 struct mgmt_addr_info *addr, u16 mgmt_op,
04124681 2972 u16 hci_op, __le32 passkey)
a5c29683 2973{
a5c29683 2974 struct pending_cmd *cmd;
0df4c185 2975 struct hci_conn *conn;
a5c29683
JH		 2976 int err;
2977
09fd0de5 2978 hci_dev_lock(hdev);
08ba5382 2979
4b34ee78 2980 if (!hdev_is_powered(hdev)) {
feb94d3d
JH		 2981 err = cmd_complete(sk, hdev->id, mgmt_op,
2982 MGMT_STATUS_NOT_POWERED, addr,
2983 sizeof(*addr));
0df4c185 2984 goto done;
a5c29683
JH		 2985 }
2986
1707c60e
JH		 2987 if (addr->type == BDADDR_BREDR)
2988 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &addr->bdaddr);
272d90df 2989 else
1707c60e 2990 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &addr->bdaddr);
272d90df
JH		 2991
2992 if (!conn) {
feb94d3d
JH		 2993 err = cmd_complete(sk, hdev->id, mgmt_op,
2994 MGMT_STATUS_NOT_CONNECTED, addr,
2995 sizeof(*addr));
272d90df
JH		 2996 goto done;
2997 }
47c15e2b 2998
1707c60e 2999 if (addr->type == BDADDR_LE_PUBLIC || addr->type == BDADDR_LE_RANDOM) {
47c15e2b 3000 /* Continue with pairing via SMP */
5fe57d9e
BG		 3001 err = smp_user_confirm_reply(conn, mgmt_op, passkey);
3002
3003 if (!err)
feb94d3d
JH		 3004 err = cmd_complete(sk, hdev->id, mgmt_op,
3005 MGMT_STATUS_SUCCESS, addr,
3006 sizeof(*addr));
5fe57d9e 3007 else
feb94d3d
JH		 3008 err = cmd_complete(sk, hdev->id, mgmt_op,
3009 MGMT_STATUS_FAILED, addr,
3010 sizeof(*addr));
47c15e2b 3011
47c15e2b
BG		 3012 goto done;
3013 }
3014
1707c60e 3015 cmd = mgmt_pending_add(sk, mgmt_op, hdev, addr, sizeof(*addr));
a5c29683
JH		 3016 if (!cmd) {
3017 err = -ENOMEM;
0df4c185 3018 goto done;
a5c29683
JH		 3019 }
3020
0df4c185 3021 /* Continue with pairing via HCI */
604086b7
BG		 3022 if (hci_op == HCI_OP_USER_PASSKEY_REPLY) {
3023 struct hci_cp_user_passkey_reply cp;
3024
1707c60e 3025 bacpy(&cp.bdaddr, &addr->bdaddr);
604086b7
BG		 3026 cp.passkey = passkey;
3027 err = hci_send_cmd(hdev, hci_op, sizeof(cp), &cp);
3028 } else
1707c60e
JH		 3029 err = hci_send_cmd(hdev, hci_op, sizeof(addr->bdaddr),
3030 &addr->bdaddr);
604086b7 3031
a664b5bc
JH		 3032 if (err < 0)
3033 mgmt_pending_remove(cmd);
a5c29683 3034
0df4c185 3035done:
09fd0de5 3036 hci_dev_unlock(hdev);
a5c29683
JH		 3037 return err;
3038}
3039
afeb019d
JK		 3040static int pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
3041 void *data, u16 len)
3042{
3043 struct mgmt_cp_pin_code_neg_reply *cp = data;
3044
3045 BT_DBG("");
3046
1707c60e 3047 return user_pairing_resp(sk, hdev, &cp->addr,
afeb019d
JK		 3048 MGMT_OP_PIN_CODE_NEG_REPLY,
3049 HCI_OP_PIN_CODE_NEG_REPLY, 0);
3050}
3051
04124681
GP		 3052static int user_confirm_reply(struct sock *sk, struct hci_dev *hdev, void *data,
3053 u16 len)
0df4c185 3054{
650f726d 3055 struct mgmt_cp_user_confirm_reply *cp = data;
0df4c185
BG		 3056
3057 BT_DBG("");
3058
3059 if (len != sizeof(*cp))
bdb6d971 3060 return cmd_status(sk, hdev->id, MGMT_OP_USER_CONFIRM_REPLY,
04124681 3061 MGMT_STATUS_INVALID_PARAMS);
0df4c185 3062
1707c60e 3063 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 3064 MGMT_OP_USER_CONFIRM_REPLY,
3065 HCI_OP_USER_CONFIRM_REPLY, 0);
0df4c185
BG		 3066}
3067
bdb6d971 3068static int user_confirm_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 3069 void *data, u16 len)
0df4c185 3070{
c9c2659f 3071 struct mgmt_cp_user_confirm_neg_reply *cp = data;
0df4c185
BG		 3072
3073 BT_DBG("");
3074
1707c60e 3075 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 3076 MGMT_OP_USER_CONFIRM_NEG_REPLY,
3077 HCI_OP_USER_CONFIRM_NEG_REPLY, 0);
0df4c185
BG		 3078}
3079
04124681
GP		 3080static int user_passkey_reply(struct sock *sk, struct hci_dev *hdev, void *data,
3081 u16 len)
604086b7 3082{
650f726d 3083 struct mgmt_cp_user_passkey_reply *cp = data;
604086b7
BG		 3084
3085 BT_DBG("");
3086
1707c60e 3087 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 3088 MGMT_OP_USER_PASSKEY_REPLY,
3089 HCI_OP_USER_PASSKEY_REPLY, cp->passkey);
604086b7
BG		 3090}
3091
bdb6d971 3092static int user_passkey_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 3093 void *data, u16 len)
604086b7 3094{
650f726d 3095 struct mgmt_cp_user_passkey_neg_reply *cp = data;
604086b7
BG		 3096
3097 BT_DBG("");
3098
1707c60e 3099 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 3100 MGMT_OP_USER_PASSKEY_NEG_REPLY,
3101 HCI_OP_USER_PASSKEY_NEG_REPLY, 0);
604086b7
BG		 3102}
3103
13928971 3104static void update_name(struct hci_request *req)
2b4bf397 3105{
13928971 3106 struct hci_dev *hdev = req->hdev;
2b4bf397
JH		 3107 struct hci_cp_write_local_name cp;
3108
13928971 3109 memcpy(cp.name, hdev->dev_name, sizeof(cp.name));
2b4bf397 3110
890ea898 3111 hci_req_add(req, HCI_OP_WRITE_LOCAL_NAME, sizeof(cp), &cp);
2b4bf397
JH		 3112}
3113
13928971
JH		 3114static void set_name_complete(struct hci_dev *hdev, u8 status)
3115{
3116 struct mgmt_cp_set_local_name *cp;
3117 struct pending_cmd *cmd;
3118
3119 BT_DBG("status 0x%02x", status);
3120
3121 hci_dev_lock(hdev);
3122
3123 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
3124 if (!cmd)
3125 goto unlock;
3126
3127 cp = cmd->param;
3128
3129 if (status)
3130 cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME,
3131 mgmt_status(status));
3132 else
3133 cmd_complete(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3134 cp, sizeof(*cp));
3135
3136 mgmt_pending_remove(cmd);
3137
3138unlock:
3139 hci_dev_unlock(hdev);
3140}
3141
bdb6d971 3142static int set_local_name(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3143 u16 len)
b312b161 3144{
2b4bf397 3145 struct mgmt_cp_set_local_name *cp = data;
b312b161 3146 struct pending_cmd *cmd;
890ea898 3147 struct hci_request req;
b312b161
JH		 3148 int err;
3149
3150 BT_DBG("");
3151
09fd0de5 3152 hci_dev_lock(hdev);
b312b161 3153
b3f2ca94
JH		 3154 /* If the old values are the same as the new ones just return a
3155 * direct command complete event.
3156 */
3157 if (!memcmp(hdev->dev_name, cp->name, sizeof(hdev->dev_name)) &&
3158 !memcmp(hdev->short_name, cp->short_name,
3159 sizeof(hdev->short_name))) {
3160 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3161 data, len);
3162 goto failed;
3163 }
3164
2b4bf397 3165 memcpy(hdev->short_name, cp->short_name, sizeof(hdev->short_name));
28cc7bde 3166
b5235a65 3167 if (!hdev_is_powered(hdev)) {
2b4bf397 3168 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
28cc7bde
JH		 3169
3170 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
04124681 3171 data, len);
28cc7bde
JH		 3172 if (err < 0)
3173 goto failed;
3174
3175 err = mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, data, len,
04124681 3176 sk);
28cc7bde 3177
b5235a65
JH		 3178 goto failed;
3179 }
3180
28cc7bde 3181 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LOCAL_NAME, hdev, data, len);
b312b161
JH		 3182 if (!cmd) {
3183 err = -ENOMEM;
3184 goto failed;
3185 }
3186
13928971
JH		 3187 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
3188
890ea898 3189 hci_req_init(&req, hdev);
3f985050
JH		 3190
3191 if (lmp_bredr_capable(hdev)) {
3192 update_name(&req);
3193 update_eir(&req);
3194 }
3195
7a5f4990
MH		 3196 /* The name is stored in the scan response data and so
3197 * no need to udpate the advertising data here.
3198 */
3f985050 3199 if (lmp_le_capable(hdev))
7a5f4990 3200 update_scan_rsp_data(&req);
3f985050 3201
13928971 3202 err = hci_req_run(&req, set_name_complete);
b312b161
JH		 3203 if (err < 0)
3204 mgmt_pending_remove(cmd);
3205
3206failed:
09fd0de5 3207 hci_dev_unlock(hdev);
b312b161
JH		 3208 return err;
3209}
3210
0f4e68cf 3211static int read_local_oob_data(struct sock *sk, struct hci_dev *hdev,
04124681 3212 void *data, u16 data_len)
c35938b2 3213{
c35938b2
SJ		 3214 struct pending_cmd *cmd;
3215 int err;
3216
bdb6d971 3217 BT_DBG("%s", hdev->name);
c35938b2 3218
09fd0de5 3219 hci_dev_lock(hdev);
c35938b2 3220
4b34ee78 3221 if (!hdev_is_powered(hdev)) {
bdb6d971 3222 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
04124681 3223 MGMT_STATUS_NOT_POWERED);
c35938b2
SJ		 3224 goto unlock;
3225 }
3226
9a1a1996 3227 if (!lmp_ssp_capable(hdev)) {
bdb6d971 3228 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
04124681 3229 MGMT_STATUS_NOT_SUPPORTED);
c35938b2
SJ		 3230 goto unlock;
3231 }
3232
2e58ef3e 3233 if (mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev)) {
bdb6d971 3234 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
04124681 3235 MGMT_STATUS_BUSY);
c35938b2
SJ		 3236 goto unlock;
3237 }
3238
2e58ef3e 3239 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_DATA, hdev, NULL, 0);
c35938b2
SJ		 3240 if (!cmd) {
3241 err = -ENOMEM;
3242 goto unlock;
3243 }
3244
4d2d2796
MH		 3245 if (test_bit(HCI_SC_ENABLED, &hdev->dev_flags))
3246 err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_EXT_DATA,
3247 0, NULL);
3248 else
3249 err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL);
3250
c35938b2
SJ		 3251 if (err < 0)
3252 mgmt_pending_remove(cmd);
3253
3254unlock:
09fd0de5 3255 hci_dev_unlock(hdev);
c35938b2
SJ		 3256 return err;
3257}
3258
bdb6d971 3259static int add_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
04124681 3260 void *data, u16 len)
2763eda6 3261{
2763eda6
SJ		 3262 int err;
3263
bdb6d971 3264 BT_DBG("%s ", hdev->name);
2763eda6 3265
09fd0de5 3266 hci_dev_lock(hdev);
2763eda6 3267
ec109113
MH		 3268 if (len == MGMT_ADD_REMOTE_OOB_DATA_SIZE) {
3269 struct mgmt_cp_add_remote_oob_data *cp = data;
3270 u8 status;
bf1e3541 3271
ec109113
MH		 3272 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr,
3273 cp->hash, cp->randomizer);
3274 if (err < 0)
3275 status = MGMT_STATUS_FAILED;
3276 else
3277 status = MGMT_STATUS_SUCCESS;
3278
3279 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA,
3280 status, &cp->addr, sizeof(cp->addr));
3281 } else if (len == MGMT_ADD_REMOTE_OOB_EXT_DATA_SIZE) {
3282 struct mgmt_cp_add_remote_oob_ext_data *cp = data;
3283 u8 status;
3284
3285 err = hci_add_remote_oob_ext_data(hdev, &cp->addr.bdaddr,
3286 cp->hash192,
3287 cp->randomizer192,
3288 cp->hash256,
3289 cp->randomizer256);
3290 if (err < 0)
3291 status = MGMT_STATUS_FAILED;
3292 else
3293 status = MGMT_STATUS_SUCCESS;
3294
3295 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA,
3296 status, &cp->addr, sizeof(cp->addr));
3297 } else {
3298 BT_ERR("add_remote_oob_data: invalid length of %u bytes", len);
3299 err = cmd_status(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA,
3300 MGMT_STATUS_INVALID_PARAMS);
3301 }
2763eda6 3302
09fd0de5 3303 hci_dev_unlock(hdev);
2763eda6
SJ		 3304 return err;
3305}
3306
bdb6d971 3307static int remove_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
8ce8e2b5 3308 void *data, u16 len)
2763eda6 3309{
650f726d 3310 struct mgmt_cp_remove_remote_oob_data *cp = data;
bf1e3541 3311 u8 status;
2763eda6
SJ		 3312 int err;
3313
bdb6d971 3314 BT_DBG("%s", hdev->name);
2763eda6 3315
09fd0de5 3316 hci_dev_lock(hdev);
2763eda6 3317
664ce4cc 3318 err = hci_remove_remote_oob_data(hdev, &cp->addr.bdaddr);
2763eda6 3319 if (err < 0)
bf1e3541 3320 status = MGMT_STATUS_INVALID_PARAMS;
2763eda6 3321 else
a6785be2 3322 status = MGMT_STATUS_SUCCESS;
bf1e3541 3323
bdb6d971 3324 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
04124681 3325 status, &cp->addr, sizeof(cp->addr));
2763eda6 3326
09fd0de5 3327 hci_dev_unlock(hdev);
2763eda6
SJ		 3328 return err;
3329}
3330
41dc2bd6
AG		 3331static int mgmt_start_discovery_failed(struct hci_dev *hdev, u8 status)
3332{
3333 struct pending_cmd *cmd;
3334 u8 type;
3335 int err;
3336
3337 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
3338
3339 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
3340 if (!cmd)
3341 return -ENOENT;
3342
3343 type = hdev->discovery.type;
3344
3345 err = cmd_complete(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status),
3346 &type, sizeof(type));
3347 mgmt_pending_remove(cmd);
3348
3349 return err;
3350}
3351
7c307720
AG		 3352static void start_discovery_complete(struct hci_dev *hdev, u8 status)
3353{
3354 BT_DBG("status %d", status);
3355
3356 if (status) {
3357 hci_dev_lock(hdev);
3358 mgmt_start_discovery_failed(hdev, status);
3359 hci_dev_unlock(hdev);
3360 return;
3361 }
3362
3363 hci_dev_lock(hdev);
3364 hci_discovery_set_state(hdev, DISCOVERY_FINDING);
3365 hci_dev_unlock(hdev);
3366
3367 switch (hdev->discovery.type) {
3368 case DISCOV_TYPE_LE:
3369 queue_delayed_work(hdev->workqueue, &hdev->le_scan_disable,
0d8cc935 3370 DISCOV_LE_TIMEOUT);
7c307720
AG		 3371 break;
3372
3373 case DISCOV_TYPE_INTERLEAVED:
3374 queue_delayed_work(hdev->workqueue, &hdev->le_scan_disable,
0d8cc935 3375 DISCOV_INTERLEAVED_TIMEOUT);
7c307720
AG		 3376 break;
3377
3378 case DISCOV_TYPE_BREDR:
3379 break;
3380
3381 default:
3382 BT_ERR("Invalid discovery type %d", hdev->discovery.type);
3383 }
3384}
3385
bdb6d971 3386static int start_discovery(struct sock *sk, struct hci_dev *hdev,
04124681 3387 void *data, u16 len)
14a53664 3388{
650f726d 3389 struct mgmt_cp_start_discovery *cp = data;
14a53664 3390 struct pending_cmd *cmd;
7c307720
AG		 3391 struct hci_cp_le_set_scan_param param_cp;
3392 struct hci_cp_le_set_scan_enable enable_cp;
3393 struct hci_cp_inquiry inq_cp;
3394 struct hci_request req;
3395 /* General inquiry access code (GIAC) */
3396 u8 lap[3] = { 0x33, 0x8b, 0x9e };
d9483943 3397 u8 status, own_addr_type;
14a53664
JH		 3398 int err;
3399
bdb6d971 3400 BT_DBG("%s", hdev->name);
14a53664 3401
09fd0de5 3402 hci_dev_lock(hdev);
14a53664 3403
4b34ee78 3404 if (!hdev_is_powered(hdev)) {
bdb6d971 3405 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
04124681 3406 MGMT_STATUS_NOT_POWERED);
bd2d1334
JH		 3407 goto failed;
3408 }
3409
642be6c7
AG		 3410 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags)) {
3411 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3412 MGMT_STATUS_BUSY);
3413 goto failed;
3414 }
3415
ff9ef578 3416 if (hdev->discovery.state != DISCOVERY_STOPPED) {
bdb6d971 3417 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
04124681 3418 MGMT_STATUS_BUSY);
ff9ef578
JH		 3419 goto failed;
3420 }
3421
2e58ef3e 3422 cmd = mgmt_pending_add(sk, MGMT_OP_START_DISCOVERY, hdev, NULL, 0);
14a53664
JH		 3423 if (!cmd) {
3424 err = -ENOMEM;
3425 goto failed;
3426 }
3427
4aab14e5
AG		 3428 hdev->discovery.type = cp->type;
3429
7c307720
AG		 3430 hci_req_init(&req, hdev);
3431
4aab14e5 3432 switch (hdev->discovery.type) {
f39799f5 3433 case DISCOV_TYPE_BREDR:
e6fe7986
JH		 3434 status = mgmt_bredr_support(hdev);
3435 if (status) {
04106755 3436 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
e6fe7986 3437 status);
04106755
JH		 3438 mgmt_pending_remove(cmd);
3439 goto failed;
3440 }
3441
7c307720
AG		 3442 if (test_bit(HCI_INQUIRY, &hdev->flags)) {
3443 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3444 MGMT_STATUS_BUSY);
3445 mgmt_pending_remove(cmd);
3446 goto failed;
3447 }
3448
3449 hci_inquiry_cache_flush(hdev);
3450
3451 memset(&inq_cp, 0, sizeof(inq_cp));
3452 memcpy(&inq_cp.lap, lap, sizeof(inq_cp.lap));
0d8cc935 3453 inq_cp.length = DISCOV_BREDR_INQUIRY_LEN;
7c307720 3454 hci_req_add(&req, HCI_OP_INQUIRY, sizeof(inq_cp), &inq_cp);
f39799f5
AG		 3455 break;
3456
3457 case DISCOV_TYPE_LE:
7c307720 3458 case DISCOV_TYPE_INTERLEAVED:
e6fe7986
JH		 3459 status = mgmt_le_support(hdev);
3460 if (status) {
04106755 3461 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
e6fe7986 3462 status);
04106755
JH		 3463 mgmt_pending_remove(cmd);
3464 goto failed;
3465 }
3466
7c307720 3467 if (hdev->discovery.type == DISCOV_TYPE_INTERLEAVED &&
56f87901 3468 !test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
04106755
JH		 3469 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3470 MGMT_STATUS_NOT_SUPPORTED);
3471 mgmt_pending_remove(cmd);
3472 goto failed;
3473 }
3474
f3d3444a 3475 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags)) {
7c307720
AG		 3476 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3477 MGMT_STATUS_REJECTED);
3478 mgmt_pending_remove(cmd);
3479 goto failed;
3480 }
3481
c54c3860
AG		 3482 /* If controller is scanning, it means the background scanning
3483 * is running. Thus, we should temporarily stop it in order to
3484 * set the discovery scanning parameters.
3485 */
3486 if (test_bit(HCI_LE_SCAN, &hdev->dev_flags))
3487 hci_req_add_le_scan_disable(&req);
7c307720
AG		 3488
3489 memset(&param_cp, 0, sizeof(param_cp));
d9483943 3490
94b1fc92
MH		 3491 /* All active scans will be done with either a resolvable
3492 * private address (when privacy feature has been enabled)
3493 * or unresolvable private address.
3494 */
3495 err = hci_update_random_address(&req, true, &own_addr_type);
d9483943
JH		 3496 if (err < 0) {
3497 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3498 MGMT_STATUS_FAILED);
3499 mgmt_pending_remove(cmd);
3500 goto failed;
3501 }
3502
7c307720 3503 param_cp.type = LE_SCAN_ACTIVE;
0d8cc935
AG		 3504 param_cp.interval = cpu_to_le16(DISCOV_LE_SCAN_INT);
3505 param_cp.window = cpu_to_le16(DISCOV_LE_SCAN_WIN);
d9483943 3506 param_cp.own_address_type = own_addr_type;
7c307720
AG		 3507 hci_req_add(&req, HCI_OP_LE_SET_SCAN_PARAM, sizeof(param_cp),
3508 &param_cp);
3509
3510 memset(&enable_cp, 0, sizeof(enable_cp));
3511 enable_cp.enable = LE_SCAN_ENABLE;
3512 enable_cp.filter_dup = LE_SCAN_FILTER_DUP_ENABLE;
3513 hci_req_add(&req, HCI_OP_LE_SET_SCAN_ENABLE, sizeof(enable_cp),
3514 &enable_cp);
5e0452c0
AG		 3515 break;
3516
f39799f5 3517 default:
04106755
JH		 3518 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3519 MGMT_STATUS_INVALID_PARAMS);
3520 mgmt_pending_remove(cmd);
3521 goto failed;
f39799f5 3522 }
3fd24153 3523
7c307720 3524 err = hci_req_run(&req, start_discovery_complete);
14a53664
JH		 3525 if (err < 0)
3526 mgmt_pending_remove(cmd);
ff9ef578
JH		 3527 else
3528 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
14a53664
JH		 3529
3530failed:
09fd0de5 3531 hci_dev_unlock(hdev);
14a53664
JH		 3532 return err;
3533}
3534
1183fdca
AG		 3535static int mgmt_stop_discovery_failed(struct hci_dev *hdev, u8 status)
3536{
3537 struct pending_cmd *cmd;
3538 int err;
3539
3540 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
3541 if (!cmd)
3542 return -ENOENT;
3543
3544 err = cmd_complete(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status),
3545 &hdev->discovery.type, sizeof(hdev->discovery.type));
3546 mgmt_pending_remove(cmd);
3547
3548 return err;
3549}
3550
0e05bba6
AG		 3551static void stop_discovery_complete(struct hci_dev *hdev, u8 status)
3552{
3553 BT_DBG("status %d", status);
3554
3555 hci_dev_lock(hdev);
3556
3557 if (status) {
3558 mgmt_stop_discovery_failed(hdev, status);
3559 goto unlock;
3560 }
3561
3562 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
3563
3564unlock:
3565 hci_dev_unlock(hdev);
3566}
3567
bdb6d971 3568static int stop_discovery(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3569 u16 len)
14a53664 3570{
d930650b 3571 struct mgmt_cp_stop_discovery *mgmt_cp = data;
14a53664 3572 struct pending_cmd *cmd;
30dc78e1
JH		 3573 struct hci_cp_remote_name_req_cancel cp;
3574 struct inquiry_entry *e;
0e05bba6 3575 struct hci_request req;
14a53664
JH		 3576 int err;
3577
bdb6d971 3578 BT_DBG("%s", hdev->name);
14a53664 3579
09fd0de5 3580 hci_dev_lock(hdev);
14a53664 3581
30dc78e1 3582 if (!hci_discovery_active(hdev)) {
bdb6d971 3583 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
04124681
GP		 3584 MGMT_STATUS_REJECTED, &mgmt_cp->type,
3585 sizeof(mgmt_cp->type));
d930650b
JH		 3586 goto unlock;
3587 }
3588
3589 if (hdev->discovery.type != mgmt_cp->type) {
bdb6d971 3590 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
04124681
GP		 3591 MGMT_STATUS_INVALID_PARAMS, &mgmt_cp->type,
3592 sizeof(mgmt_cp->type));
30dc78e1 3593 goto unlock;
ff9ef578
JH		 3594 }
3595
2e58ef3e 3596 cmd = mgmt_pending_add(sk, MGMT_OP_STOP_DISCOVERY, hdev, NULL, 0);
14a53664
JH		 3597 if (!cmd) {
3598 err = -ENOMEM;
30dc78e1
JH		 3599 goto unlock;
3600 }
3601
0e05bba6
AG		 3602 hci_req_init(&req, hdev);
3603
e0d9727e
AG		 3604 switch (hdev->discovery.state) {
3605 case DISCOVERY_FINDING:
0e05bba6
AG		 3606 if (test_bit(HCI_INQUIRY, &hdev->flags)) {
3607 hci_req_add(&req, HCI_OP_INQUIRY_CANCEL, 0, NULL);
3608 } else {
3609 cancel_delayed_work(&hdev->le_scan_disable);
3610
b1efcc28 3611 hci_req_add_le_scan_disable(&req);
0e05bba6 3612 }
c9ecc48e 3613
e0d9727e
AG		 3614 break;
3615
3616 case DISCOVERY_RESOLVING:
3617 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY,
8ce8e2b5 3618 NAME_PENDING);
e0d9727e 3619 if (!e) {
30dc78e1 3620 mgmt_pending_remove(cmd);
e0d9727e
AG		 3621 err = cmd_complete(sk, hdev->id,
3622 MGMT_OP_STOP_DISCOVERY, 0,
3623 &mgmt_cp->type,
3624 sizeof(mgmt_cp->type));
3625 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
3626 goto unlock;
3627 }
30dc78e1 3628
e0d9727e 3629 bacpy(&cp.bdaddr, &e->data.bdaddr);
0e05bba6
AG		 3630 hci_req_add(&req, HCI_OP_REMOTE_NAME_REQ_CANCEL, sizeof(cp),
3631 &cp);
e0d9727e
AG		 3632
3633 break;
3634
3635 default:
3636 BT_DBG("unknown discovery state %u", hdev->discovery.state);
0e05bba6
AG		 3637
3638 mgmt_pending_remove(cmd);
3639 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
3640 MGMT_STATUS_FAILED, &mgmt_cp->type,
3641 sizeof(mgmt_cp->type));
3642 goto unlock;
14a53664
JH		 3643 }
3644
0e05bba6 3645 err = hci_req_run(&req, stop_discovery_complete);
14a53664
JH		 3646 if (err < 0)
3647 mgmt_pending_remove(cmd);
ff9ef578
JH		 3648 else
3649 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
14a53664 3650
30dc78e1 3651unlock:
09fd0de5 3652 hci_dev_unlock(hdev);
14a53664
JH		 3653 return err;
3654}
3655
bdb6d971 3656static int confirm_name(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3657 u16 len)
561aafbc 3658{
650f726d 3659 struct mgmt_cp_confirm_name *cp = data;
561aafbc 3660 struct inquiry_entry *e;
561aafbc
JH		 3661 int err;
3662
bdb6d971 3663 BT_DBG("%s", hdev->name);
561aafbc 3664
561aafbc
JH		 3665 hci_dev_lock(hdev);
3666
30dc78e1 3667 if (!hci_discovery_active(hdev)) {
d3a2541d
LR		 3668 err = cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
3669 MGMT_STATUS_FAILED, &cp->addr,
3670 sizeof(cp->addr));
30dc78e1
JH		 3671 goto failed;
3672 }
3673
a198e7b1 3674 e = hci_inquiry_cache_lookup_unknown(hdev, &cp->addr.bdaddr);
561aafbc 3675 if (!e) {
d3a2541d
LR		 3676 err = cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
3677 MGMT_STATUS_INVALID_PARAMS, &cp->addr,
3678 sizeof(cp->addr));
561aafbc
JH		 3679 goto failed;
3680 }
3681
3682 if (cp->name_known) {
3683 e->name_state = NAME_KNOWN;
3684 list_del(&e->list);
3685 } else {
3686 e->name_state = NAME_NEEDED;
a3d4e20a 3687 hci_inquiry_cache_update_resolve(hdev, e);
561aafbc
JH		 3688 }
3689
e384662b
JH		 3690 err = cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME, 0, &cp->addr,
3691 sizeof(cp->addr));
561aafbc
JH		 3692
3693failed:
3694 hci_dev_unlock(hdev);
561aafbc
JH		 3695 return err;
3696}
3697
bdb6d971 3698static int block_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3699 u16 len)
7fbec224 3700{
650f726d 3701 struct mgmt_cp_block_device *cp = data;
f0eeea8b 3702 u8 status;
7fbec224
AJ		 3703 int err;
3704
bdb6d971 3705 BT_DBG("%s", hdev->name);
7fbec224 3706
4ee71b20 3707 if (!bdaddr_type_is_valid(cp->addr.type))
5d0846d4
JH		 3708 return cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE,
3709 MGMT_STATUS_INVALID_PARAMS,
3710 &cp->addr, sizeof(cp->addr));
4ee71b20 3711
09fd0de5 3712 hci_dev_lock(hdev);
5e762444 3713
88c1fe4b 3714 err = hci_blacklist_add(hdev, &cp->addr.bdaddr, cp->addr.type);
7fbec224 3715 if (err < 0)
f0eeea8b 3716 status = MGMT_STATUS_FAILED;
7fbec224 3717 else
a6785be2 3718 status = MGMT_STATUS_SUCCESS;
f0eeea8b 3719
bdb6d971 3720 err = cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE, status,
04124681 3721 &cp->addr, sizeof(cp->addr));
5e762444 3722
09fd0de5 3723 hci_dev_unlock(hdev);
7fbec224
AJ		 3724
3725 return err;
3726}
3727
bdb6d971 3728static int unblock_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3729 u16 len)
7fbec224 3730{
650f726d 3731 struct mgmt_cp_unblock_device *cp = data;
f0eeea8b 3732 u8 status;
7fbec224
AJ		 3733 int err;
3734
bdb6d971 3735 BT_DBG("%s", hdev->name);
7fbec224 3736
4ee71b20 3737 if (!bdaddr_type_is_valid(cp->addr.type))
5d0846d4
JH		 3738 return cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE,
3739 MGMT_STATUS_INVALID_PARAMS,
3740 &cp->addr, sizeof(cp->addr));
4ee71b20 3741
09fd0de5 3742 hci_dev_lock(hdev);
5e762444 3743
88c1fe4b 3744 err = hci_blacklist_del(hdev, &cp->addr.bdaddr, cp->addr.type);
7fbec224 3745 if (err < 0)
f0eeea8b 3746 status = MGMT_STATUS_INVALID_PARAMS;
7fbec224 3747 else
a6785be2 3748 status = MGMT_STATUS_SUCCESS;
f0eeea8b 3749
bdb6d971 3750 err = cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE, status,
04124681 3751 &cp->addr, sizeof(cp->addr));
5e762444 3752
09fd0de5 3753 hci_dev_unlock(hdev);
7fbec224
AJ		 3754
3755 return err;
3756}
3757
cdbaccca
MH		 3758static int set_device_id(struct sock *sk, struct hci_dev *hdev, void *data,
3759 u16 len)
3760{
3761 struct mgmt_cp_set_device_id *cp = data;
890ea898 3762 struct hci_request req;
cdbaccca 3763 int err;
c72d4b8a 3764 __u16 source;
cdbaccca
MH		 3765
3766 BT_DBG("%s", hdev->name);
3767
c72d4b8a
SJ		 3768 source = __le16_to_cpu(cp->source);
3769
3770 if (source > 0x0002)
3771 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEVICE_ID,
3772 MGMT_STATUS_INVALID_PARAMS);
3773
cdbaccca
MH		 3774 hci_dev_lock(hdev);
3775
c72d4b8a 3776 hdev->devid_source = source;
cdbaccca
MH		 3777 hdev->devid_vendor = __le16_to_cpu(cp->vendor);
3778 hdev->devid_product = __le16_to_cpu(cp->product);
3779 hdev->devid_version = __le16_to_cpu(cp->version);
3780
3781 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEVICE_ID, 0, NULL, 0);
3782
890ea898
JH		 3783 hci_req_init(&req, hdev);
3784 update_eir(&req);
3785 hci_req_run(&req, NULL);
cdbaccca
MH		 3786
3787 hci_dev_unlock(hdev);
3788
3789 return err;
3790}
3791
4375f103
JH		 3792static void set_advertising_complete(struct hci_dev *hdev, u8 status)
3793{
3794 struct cmd_lookup match = { NULL, hdev };
3795
3796 if (status) {
3797 u8 mgmt_err = mgmt_status(status);
3798
3799 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev,
3800 cmd_status_rsp, &mgmt_err);
3801 return;
3802 }
3803
3804 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev, settings_rsp,
3805 &match);
3806
3807 new_settings(hdev, match.sk);
3808
3809 if (match.sk)
3810 sock_put(match.sk);
3811}
3812
21b5187f
MH		 3813static int set_advertising(struct sock *sk, struct hci_dev *hdev, void *data,
3814 u16 len)
4375f103
JH		 3815{
3816 struct mgmt_mode *cp = data;
3817 struct pending_cmd *cmd;
3818 struct hci_request req;
e6fe7986 3819 u8 val, enabled, status;
4375f103
JH		 3820 int err;
3821
3822 BT_DBG("request for %s", hdev->name);
3823
e6fe7986
JH		 3824 status = mgmt_le_support(hdev);
3825 if (status)
4375f103 3826 return cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
e6fe7986 3827 status);
4375f103
JH		 3828
3829 if (cp->val != 0x00 && cp->val != 0x01)
3830 return cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
3831 MGMT_STATUS_INVALID_PARAMS);
3832
3833 hci_dev_lock(hdev);
3834
3835 val = !!cp->val;
f3d3444a 3836 enabled = test_bit(HCI_ADVERTISING, &hdev->dev_flags);
4375f103 3837
f74ca9b8
JH		 3838 /* The following conditions are ones which mean that we should
3839 * not do any HCI communication but directly send a mgmt
3840 * response to user space (after toggling the flag if
3841 * necessary).
3842 */
3843 if (!hdev_is_powered(hdev) || val == enabled ||
b145edcd 3844 hci_conn_num(hdev, LE_LINK) > 0) {
4375f103
JH		 3845 bool changed = false;
3846
f3d3444a
JH		 3847 if (val != test_bit(HCI_ADVERTISING, &hdev->dev_flags)) {
3848 change_bit(HCI_ADVERTISING, &hdev->dev_flags);
4375f103
JH		 3849 changed = true;
3850 }
3851
3852 err = send_settings_rsp(sk, MGMT_OP_SET_ADVERTISING, hdev);
3853 if (err < 0)
3854 goto unlock;
3855
3856 if (changed)
3857 err = new_settings(hdev, sk);
3858
3859 goto unlock;
3860 }
3861
3862 if (mgmt_pending_find(MGMT_OP_SET_ADVERTISING, hdev) ||
3863 mgmt_pending_find(MGMT_OP_SET_LE, hdev)) {
3864 err = cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
3865 MGMT_STATUS_BUSY);
3866 goto unlock;
3867 }
3868
3869 cmd = mgmt_pending_add(sk, MGMT_OP_SET_ADVERTISING, hdev, data, len);
3870 if (!cmd) {
3871 err = -ENOMEM;
3872 goto unlock;
3873 }
3874
3875 hci_req_init(&req, hdev);
3876
bba3aa55
MH		 3877 if (val)
3878 enable_advertising(&req);
3879 else
3880 disable_advertising(&req);
4375f103
JH		 3881
3882 err = hci_req_run(&req, set_advertising_complete);
3883 if (err < 0)
3884 mgmt_pending_remove(cmd);
3885
3886unlock:
3887 hci_dev_unlock(hdev);
3888 return err;
3889}
3890
d13eafce
MH		 3891static int set_static_address(struct sock *sk, struct hci_dev *hdev,
3892 void *data, u16 len)
3893{
3894 struct mgmt_cp_set_static_address *cp = data;
3895 int err;
3896
3897 BT_DBG("%s", hdev->name);
3898
62af4443 3899 if (!lmp_le_capable(hdev))
d13eafce 3900 return cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
62af4443 3901 MGMT_STATUS_NOT_SUPPORTED);
d13eafce
MH		 3902
3903 if (hdev_is_powered(hdev))
3904 return cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
3905 MGMT_STATUS_REJECTED);
3906
3907 if (bacmp(&cp->bdaddr, BDADDR_ANY)) {
3908 if (!bacmp(&cp->bdaddr, BDADDR_NONE))
3909 return cmd_status(sk, hdev->id,
3910 MGMT_OP_SET_STATIC_ADDRESS,
3911 MGMT_STATUS_INVALID_PARAMS);
3912
3913 /* Two most significant bits shall be set */
3914 if ((cp->bdaddr.b[5] & 0xc0) != 0xc0)
3915 return cmd_status(sk, hdev->id,
3916 MGMT_OP_SET_STATIC_ADDRESS,
3917 MGMT_STATUS_INVALID_PARAMS);
3918 }
3919
3920 hci_dev_lock(hdev);
3921
3922 bacpy(&hdev->static_addr, &cp->bdaddr);
3923
3924 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS, 0, NULL, 0);
3925
3926 hci_dev_unlock(hdev);
3927
3928 return err;
3929}
3930
14b49b9a
MH		 3931static int set_scan_params(struct sock *sk, struct hci_dev *hdev,
3932 void *data, u16 len)
3933{
3934 struct mgmt_cp_set_scan_params *cp = data;
3935 __u16 interval, window;
3936 int err;
3937
3938 BT_DBG("%s", hdev->name);
3939
3940 if (!lmp_le_capable(hdev))
3941 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
3942 MGMT_STATUS_NOT_SUPPORTED);
3943
3944 interval = __le16_to_cpu(cp->interval);
3945
3946 if (interval < 0x0004 || interval > 0x4000)
3947 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
3948 MGMT_STATUS_INVALID_PARAMS);
3949
3950 window = __le16_to_cpu(cp->window);
3951
3952 if (window < 0x0004 || window > 0x4000)
3953 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
3954 MGMT_STATUS_INVALID_PARAMS);
3955
899e1075
MH		 3956 if (window > interval)
3957 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
3958 MGMT_STATUS_INVALID_PARAMS);
3959
14b49b9a
MH		 3960 hci_dev_lock(hdev);
3961
3962 hdev->le_scan_interval = interval;
3963 hdev->le_scan_window = window;
3964
3965 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS, 0, NULL, 0);
3966
dd2ef8e2
AG		 3967 /* If background scan is running, restart it so new parameters are
3968 * loaded.
3969 */
3970 if (test_bit(HCI_LE_SCAN, &hdev->dev_flags) &&
3971 hdev->discovery.state == DISCOVERY_STOPPED) {
3972 struct hci_request req;
3973
3974 hci_req_init(&req, hdev);
3975
3976 hci_req_add_le_scan_disable(&req);
3977 hci_req_add_le_passive_scan(&req);
3978
3979 hci_req_run(&req, NULL);
3980 }
3981
14b49b9a
MH		 3982 hci_dev_unlock(hdev);
3983
3984 return err;
3985}
3986
33e38b3e
JH		 3987static void fast_connectable_complete(struct hci_dev *hdev, u8 status)
3988{
3989 struct pending_cmd *cmd;
3990
3991 BT_DBG("status 0x%02x", status);
3992
3993 hci_dev_lock(hdev);
3994
3995 cmd = mgmt_pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev);
3996 if (!cmd)
3997 goto unlock;
3998
3999 if (status) {
4000 cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4001 mgmt_status(status));
4002 } else {
1a4d3c4b
JH		 4003 struct mgmt_mode *cp = cmd->param;
4004
4005 if (cp->val)
4006 set_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
4007 else
4008 clear_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
4009
33e38b3e
JH		 4010 send_settings_rsp(cmd->sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev);
4011 new_settings(hdev, cmd->sk);
4012 }
4013
4014 mgmt_pending_remove(cmd);
4015
4016unlock:
4017 hci_dev_unlock(hdev);
4018}
4019
bdb6d971 4020static int set_fast_connectable(struct sock *sk, struct hci_dev *hdev,
04124681 4021 void *data, u16 len)
f6422ec6 4022{
650f726d 4023 struct mgmt_mode *cp = data;
33e38b3e
JH		 4024 struct pending_cmd *cmd;
4025 struct hci_request req;
f6422ec6
AJ		 4026 int err;
4027
bdb6d971 4028 BT_DBG("%s", hdev->name);
f6422ec6 4029
56f87901
JH		 4030 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags) ||
4031 hdev->hci_ver < BLUETOOTH_VER_1_2)
33c525c0
JH		 4032 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4033 MGMT_STATUS_NOT_SUPPORTED);
4034
a7e80f25
JH		 4035 if (cp->val != 0x00 && cp->val != 0x01)
4036 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4037 MGMT_STATUS_INVALID_PARAMS);
4038
5400c044 4039 if (!hdev_is_powered(hdev))
bdb6d971 4040 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
04124681 4041 MGMT_STATUS_NOT_POWERED);
5400c044
JH		 4042
4043 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
bdb6d971 4044 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
04124681 4045 MGMT_STATUS_REJECTED);
f6422ec6
AJ		 4046
4047 hci_dev_lock(hdev);
4048
05cbf29f
JH		 4049 if (mgmt_pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev)) {
4050 err = cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4051 MGMT_STATUS_BUSY);
4052 goto unlock;
4053 }
4054
1a4d3c4b
JH		 4055 if (!!cp->val == test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags)) {
4056 err = send_settings_rsp(sk, MGMT_OP_SET_FAST_CONNECTABLE,
4057 hdev);
4058 goto unlock;
4059 }
4060
33e38b3e
JH		 4061 cmd = mgmt_pending_add(sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev,
4062 data, len);
4063 if (!cmd) {
4064 err = -ENOMEM;
4065 goto unlock;
f6422ec6
AJ		 4066 }
4067
33e38b3e
JH		 4068 hci_req_init(&req, hdev);
4069
406d7804 4070 write_fast_connectable(&req, cp->val);
33e38b3e
JH		 4071
4072 err = hci_req_run(&req, fast_connectable_complete);
f6422ec6 4073 if (err < 0) {
bdb6d971 4074 err = cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
04124681 4075 MGMT_STATUS_FAILED);
33e38b3e 4076 mgmt_pending_remove(cmd);
f6422ec6
AJ		 4077 }
4078
33e38b3e 4079unlock:
f6422ec6 4080 hci_dev_unlock(hdev);
33e38b3e 4081
f6422ec6
AJ		 4082 return err;
4083}
4084
67e5a7a3
JH		 4085static void set_bredr_scan(struct hci_request *req)
4086{
4087 struct hci_dev *hdev = req->hdev;
4088 u8 scan = 0;
4089
4090 /* Ensure that fast connectable is disabled. This function will
4091 * not do anything if the page scan parameters are already what
4092 * they should be.
4093 */
4094 write_fast_connectable(req, false);
4095
4096 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
4097 scan |= SCAN_PAGE;
4098 if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
4099 scan |= SCAN_INQUIRY;
4100
4101 if (scan)
4102 hci_req_add(req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
4103}
4104
0663ca2a
JH		 4105static void set_bredr_complete(struct hci_dev *hdev, u8 status)
4106{
4107 struct pending_cmd *cmd;
4108
4109 BT_DBG("status 0x%02x", status);
4110
4111 hci_dev_lock(hdev);
4112
4113 cmd = mgmt_pending_find(MGMT_OP_SET_BREDR, hdev);
4114 if (!cmd)
4115 goto unlock;
4116
4117 if (status) {
4118 u8 mgmt_err = mgmt_status(status);
4119
4120 /* We need to restore the flag if related HCI commands
4121 * failed.
4122 */
4123 clear_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
4124
4125 cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
4126 } else {
4127 send_settings_rsp(cmd->sk, MGMT_OP_SET_BREDR, hdev);
4128 new_settings(hdev, cmd->sk);
4129 }
4130
4131 mgmt_pending_remove(cmd);
4132
4133unlock:
4134 hci_dev_unlock(hdev);
4135}
4136
4137static int set_bredr(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
4138{
4139 struct mgmt_mode *cp = data;
4140 struct pending_cmd *cmd;
4141 struct hci_request req;
4142 int err;
4143
4144 BT_DBG("request for %s", hdev->name);
4145
4146 if (!lmp_bredr_capable(hdev) || !lmp_le_capable(hdev))
4147 return cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4148 MGMT_STATUS_NOT_SUPPORTED);
4149
4150 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
4151 return cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4152 MGMT_STATUS_REJECTED);
4153
4154 if (cp->val != 0x00 && cp->val != 0x01)
4155 return cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4156 MGMT_STATUS_INVALID_PARAMS);
4157
4158 hci_dev_lock(hdev);
4159
4160 if (cp->val == test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
4161 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
4162 goto unlock;
4163 }
4164
4165 if (!hdev_is_powered(hdev)) {
4166 if (!cp->val) {
0663ca2a
JH		 4167 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
4168 clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
4169 clear_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
4170 clear_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
4171 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
4172 }
4173
4174 change_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
4175
4176 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
4177 if (err < 0)
4178 goto unlock;
4179
4180 err = new_settings(hdev, sk);
4181 goto unlock;
4182 }
4183
4184 /* Reject disabling when powered on */
4185 if (!cp->val) {
4186 err = cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4187 MGMT_STATUS_REJECTED);
4188 goto unlock;
4189 }
4190
4191 if (mgmt_pending_find(MGMT_OP_SET_BREDR, hdev)) {
4192 err = cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4193 MGMT_STATUS_BUSY);
4194 goto unlock;
4195 }
4196
4197 cmd = mgmt_pending_add(sk, MGMT_OP_SET_BREDR, hdev, data, len);
4198 if (!cmd) {
4199 err = -ENOMEM;
4200 goto unlock;
4201 }
4202
5947f4bc 4203 /* We need to flip the bit already here so that update_adv_data
0663ca2a
JH		 4204 * generates the correct flags.
4205 */
4206 set_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
4207
4208 hci_req_init(&req, hdev);
aa8af46e
JH		 4209
4210 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
4211 set_bredr_scan(&req);
4212
f14d8f64
MH		 4213 /* Since only the advertising data flags will change, there
4214 * is no need to update the scan response data.
4215 */
5947f4bc 4216 update_adv_data(&req);
aa8af46e 4217
0663ca2a
JH		 4218 err = hci_req_run(&req, set_bredr_complete);
4219 if (err < 0)
4220 mgmt_pending_remove(cmd);
4221
4222unlock:
4223 hci_dev_unlock(hdev);
4224 return err;
4225}
4226
eac83dc6
MH		 4227static int set_secure_conn(struct sock *sk, struct hci_dev *hdev,
4228 void *data, u16 len)
4229{
4230 struct mgmt_mode *cp = data;
4231 struct pending_cmd *cmd;
0ab04a9c 4232 u8 val, status;
eac83dc6
MH		 4233 int err;
4234
4235 BT_DBG("request for %s", hdev->name);
4236
4237 status = mgmt_bredr_support(hdev);
4238 if (status)
4239 return cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4240 status);
4241
5afeac14
MH		 4242 if (!lmp_sc_capable(hdev) &&
4243 !test_bit(HCI_FORCE_SC, &hdev->dev_flags))
eac83dc6
MH		 4244 return cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4245 MGMT_STATUS_NOT_SUPPORTED);
4246
0ab04a9c 4247 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
eac83dc6
MH		 4248 return cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4249 MGMT_STATUS_INVALID_PARAMS);
4250
4251 hci_dev_lock(hdev);
4252
4253 if (!hdev_is_powered(hdev)) {
4254 bool changed;
4255
0ab04a9c 4256 if (cp->val) {
eac83dc6
MH		 4257 changed = !test_and_set_bit(HCI_SC_ENABLED,
4258 &hdev->dev_flags);
0ab04a9c
MH		 4259 if (cp->val == 0x02)
4260 set_bit(HCI_SC_ONLY, &hdev->dev_flags);
4261 else
4262 clear_bit(HCI_SC_ONLY, &hdev->dev_flags);
4263 } else {
eac83dc6
MH		 4264 changed = test_and_clear_bit(HCI_SC_ENABLED,
4265 &hdev->dev_flags);
0ab04a9c
MH		 4266 clear_bit(HCI_SC_ONLY, &hdev->dev_flags);
4267 }
eac83dc6
MH		 4268
4269 err = send_settings_rsp(sk, MGMT_OP_SET_SECURE_CONN, hdev);
4270 if (err < 0)
4271 goto failed;
4272
4273 if (changed)
4274 err = new_settings(hdev, sk);
4275
4276 goto failed;
4277 }
4278
4279 if (mgmt_pending_find(MGMT_OP_SET_SECURE_CONN, hdev)) {
4280 err = cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4281 MGMT_STATUS_BUSY);
4282 goto failed;
4283 }
4284
0ab04a9c
MH		 4285 val = !!cp->val;
4286
4287 if (val == test_bit(HCI_SC_ENABLED, &hdev->dev_flags) &&
4288 (cp->val == 0x02) == test_bit(HCI_SC_ONLY, &hdev->dev_flags)) {
eac83dc6
MH		 4289 err = send_settings_rsp(sk, MGMT_OP_SET_SECURE_CONN, hdev);
4290 goto failed;
4291 }
4292
4293 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SECURE_CONN, hdev, data, len);
4294 if (!cmd) {
4295 err = -ENOMEM;
4296 goto failed;
4297 }
4298
0ab04a9c 4299 err = hci_send_cmd(hdev, HCI_OP_WRITE_SC_SUPPORT, 1, &val);
eac83dc6
MH		 4300 if (err < 0) {
4301 mgmt_pending_remove(cmd);
4302 goto failed;
4303 }
4304
0ab04a9c
MH		 4305 if (cp->val == 0x02)
4306 set_bit(HCI_SC_ONLY, &hdev->dev_flags);
4307 else
4308 clear_bit(HCI_SC_ONLY, &hdev->dev_flags);
4309
eac83dc6
MH		 4310failed:
4311 hci_dev_unlock(hdev);
4312 return err;
4313}
4314
4e39ac81
MH		 4315static int set_debug_keys(struct sock *sk, struct hci_dev *hdev,
4316 void *data, u16 len)
4317{
4318 struct mgmt_mode *cp = data;
4319 bool changed;
4320 int err;
4321
4322 BT_DBG("request for %s", hdev->name);
4323
4324 if (cp->val != 0x00 && cp->val != 0x01)
4325 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEBUG_KEYS,
4326 MGMT_STATUS_INVALID_PARAMS);
4327
4328 hci_dev_lock(hdev);
4329
4330 if (cp->val)
4331 changed = !test_and_set_bit(HCI_DEBUG_KEYS, &hdev->dev_flags);
4332 else
4333 changed = test_and_clear_bit(HCI_DEBUG_KEYS, &hdev->dev_flags);
4334
4335 err = send_settings_rsp(sk, MGMT_OP_SET_DEBUG_KEYS, hdev);
4336 if (err < 0)
4337 goto unlock;
4338
4339 if (changed)
4340 err = new_settings(hdev, sk);
4341
4342unlock:
4343 hci_dev_unlock(hdev);
4344 return err;
4345}
4346
62b04cd1
JH		 4347static int set_privacy(struct sock *sk, struct hci_dev *hdev, void *cp_data,
4348 u16 len)
4349{
4350 struct mgmt_cp_set_privacy *cp = cp_data;
4351 bool changed;
4352 int err;
4353
4354 BT_DBG("request for %s", hdev->name);
4355
4356 if (!lmp_le_capable(hdev))
4357 return cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
4358 MGMT_STATUS_NOT_SUPPORTED);
4359
4360 if (cp->privacy != 0x00 && cp->privacy != 0x01)
4361 return cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
4362 MGMT_STATUS_INVALID_PARAMS);
4363
4364 if (hdev_is_powered(hdev))
4365 return cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
4366 MGMT_STATUS_REJECTED);
4367
4368 hci_dev_lock(hdev);
4369
c21c0ea0
JH		 4370 /* If user space supports this command it is also expected to
4371 * handle IRKs. Therefore, set the HCI_RPA_RESOLVING flag.
4372 */
4373 set_bit(HCI_RPA_RESOLVING, &hdev->dev_flags);
4374
62b04cd1
JH		 4375 if (cp->privacy) {
4376 changed = !test_and_set_bit(HCI_PRIVACY, &hdev->dev_flags);
4377 memcpy(hdev->irk, cp->irk, sizeof(hdev->irk));
4378 set_bit(HCI_RPA_EXPIRED, &hdev->dev_flags);
4379 } else {
4380 changed = test_and_clear_bit(HCI_PRIVACY, &hdev->dev_flags);
4381 memset(hdev->irk, 0, sizeof(hdev->irk));
4382 clear_bit(HCI_RPA_EXPIRED, &hdev->dev_flags);
4383 }
4384
4385 err = send_settings_rsp(sk, MGMT_OP_SET_PRIVACY, hdev);
4386 if (err < 0)
4387 goto unlock;
4388
4389 if (changed)
4390 err = new_settings(hdev, sk);
4391
4392unlock:
4393 hci_dev_unlock(hdev);
4394 return err;
4395}
4396
41edf160
JH		 4397static bool irk_is_valid(struct mgmt_irk_info *irk)
4398{
4399 switch (irk->addr.type) {
4400 case BDADDR_LE_PUBLIC:
4401 return true;
4402
4403 case BDADDR_LE_RANDOM:
4404 /* Two most significant bits shall be set */
4405 if ((irk->addr.bdaddr.b[5] & 0xc0) != 0xc0)
4406 return false;
4407 return true;
4408 }
4409
4410 return false;
4411}
4412
4413static int load_irks(struct sock *sk, struct hci_dev *hdev, void *cp_data,
4414 u16 len)
4415{
4416 struct mgmt_cp_load_irks *cp = cp_data;
4417 u16 irk_count, expected_len;
4418 int i, err;
4419
4420 BT_DBG("request for %s", hdev->name);
4421
4422 if (!lmp_le_capable(hdev))
4423 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
4424 MGMT_STATUS_NOT_SUPPORTED);
4425
4426 irk_count = __le16_to_cpu(cp->irk_count);
4427
4428 expected_len = sizeof(*cp) + irk_count * sizeof(struct mgmt_irk_info);
4429 if (expected_len != len) {
4430 BT_ERR("load_irks: expected %u bytes, got %u bytes",
2606ecbc 4431 expected_len, len);
41edf160
JH		 4432 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
4433 MGMT_STATUS_INVALID_PARAMS);
4434 }
4435
4436 BT_DBG("%s irk_count %u", hdev->name, irk_count);
4437
4438 for (i = 0; i < irk_count; i++) {
4439 struct mgmt_irk_info *key = &cp->irks[i];
4440
4441 if (!irk_is_valid(key))
4442 return cmd_status(sk, hdev->id,
4443 MGMT_OP_LOAD_IRKS,
4444 MGMT_STATUS_INVALID_PARAMS);
4445 }
4446
4447 hci_dev_lock(hdev);
4448
4449 hci_smp_irks_clear(hdev);
4450
4451 for (i = 0; i < irk_count; i++) {
4452 struct mgmt_irk_info *irk = &cp->irks[i];
4453 u8 addr_type;
4454
4455 if (irk->addr.type == BDADDR_LE_PUBLIC)
4456 addr_type = ADDR_LE_DEV_PUBLIC;
4457 else
4458 addr_type = ADDR_LE_DEV_RANDOM;
4459
4460 hci_add_irk(hdev, &irk->addr.bdaddr, addr_type, irk->val,
4461 BDADDR_ANY);
4462 }
4463
4464 set_bit(HCI_RPA_RESOLVING, &hdev->dev_flags);
4465
4466 err = cmd_complete(sk, hdev->id, MGMT_OP_LOAD_IRKS, 0, NULL, 0);
4467
4468 hci_dev_unlock(hdev);
4469
4470 return err;
4471}
4472
3f706b72
JH		 4473static bool ltk_is_valid(struct mgmt_ltk_info *key)
4474{
4475 if (key->master != 0x00 && key->master != 0x01)
4476 return false;
490cb0b3
MH		 4477
4478 switch (key->addr.type) {
4479 case BDADDR_LE_PUBLIC:
4480 return true;
4481
4482 case BDADDR_LE_RANDOM:
4483 /* Two most significant bits shall be set */
4484 if ((key->addr.bdaddr.b[5] & 0xc0) != 0xc0)
4485 return false;
4486 return true;
4487 }
4488
4489 return false;
3f706b72
JH		 4490}
4491
bdb6d971 4492static int load_long_term_keys(struct sock *sk, struct hci_dev *hdev,
04124681 4493 void *cp_data, u16 len)
346af67b 4494{
346af67b
VCG		 4495 struct mgmt_cp_load_long_term_keys *cp = cp_data;
4496 u16 key_count, expected_len;
715a5bf2 4497 int i, err;
346af67b 4498
cf99ba13
MH		 4499 BT_DBG("request for %s", hdev->name);
4500
4501 if (!lmp_le_capable(hdev))
4502 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
4503 MGMT_STATUS_NOT_SUPPORTED);
4504
1f350c87 4505 key_count = __le16_to_cpu(cp->key_count);
346af67b
VCG		 4506
4507 expected_len = sizeof(*cp) + key_count *
4508 sizeof(struct mgmt_ltk_info);
4509 if (expected_len != len) {
4510 BT_ERR("load_keys: expected %u bytes, got %u bytes",
2606ecbc 4511 expected_len, len);
bdb6d971 4512 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
e57e619f 4513 MGMT_STATUS_INVALID_PARAMS);
346af67b
VCG		 4514 }
4515
bdb6d971 4516 BT_DBG("%s key_count %u", hdev->name, key_count);
346af67b 4517
54ad6d8a
JH		 4518 for (i = 0; i < key_count; i++) {
4519 struct mgmt_ltk_info *key = &cp->keys[i];
4520
3f706b72 4521 if (!ltk_is_valid(key))
54ad6d8a
JH		 4522 return cmd_status(sk, hdev->id,
4523 MGMT_OP_LOAD_LONG_TERM_KEYS,
4524 MGMT_STATUS_INVALID_PARAMS);
4525 }
4526
346af67b
VCG		 4527 hci_dev_lock(hdev);
4528
4529 hci_smp_ltks_clear(hdev);
4530
4531 for (i = 0; i < key_count; i++) {
4532 struct mgmt_ltk_info *key = &cp->keys[i];
79d95a19
MH		 4533 u8 type, addr_type;
4534
4535 if (key->addr.type == BDADDR_LE_PUBLIC)
4536 addr_type = ADDR_LE_DEV_PUBLIC;
4537 else
4538 addr_type = ADDR_LE_DEV_RANDOM;
346af67b
VCG		 4539
4540 if (key->master)
4541 type = HCI_SMP_LTK;
4542 else
4543 type = HCI_SMP_LTK_SLAVE;
4544
35d70271
JH		 4545 hci_add_ltk(hdev, &key->addr.bdaddr, addr_type, type,
4546 key->type, key->val, key->enc_size, key->ediv,
4547 key->rand);
346af67b
VCG		 4548 }
4549
715a5bf2
JH		 4550 err = cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS, 0,
4551 NULL, 0);
4552
346af67b 4553 hci_dev_unlock(hdev);
346af67b 4554
715a5bf2 4555 return err;
346af67b
VCG		 4556}
4557
2e3c35ea 4558static const struct mgmt_handler {
04124681
GP		 4559 int (*func) (struct sock *sk, struct hci_dev *hdev, void *data,
4560 u16 data_len);
be22b54e
JH		 4561 bool var_len;
4562 size_t data_len;
0f4e68cf
JH		 4563} mgmt_handlers[] = {
4564 { NULL }, /* 0x0000 (no command) */
be22b54e
JH		 4565 { read_version, false, MGMT_READ_VERSION_SIZE },
4566 { read_commands, false, MGMT_READ_COMMANDS_SIZE },
4567 { read_index_list, false, MGMT_READ_INDEX_LIST_SIZE },
4568 { read_controller_info, false, MGMT_READ_INFO_SIZE },
4569 { set_powered, false, MGMT_SETTING_SIZE },
4570 { set_discoverable, false, MGMT_SET_DISCOVERABLE_SIZE },
4571 { set_connectable, false, MGMT_SETTING_SIZE },
4572 { set_fast_connectable, false, MGMT_SETTING_SIZE },
4573 { set_pairable, false, MGMT_SETTING_SIZE },
4574 { set_link_security, false, MGMT_SETTING_SIZE },
4575 { set_ssp, false, MGMT_SETTING_SIZE },
4576 { set_hs, false, MGMT_SETTING_SIZE },
4577 { set_le, false, MGMT_SETTING_SIZE },
4578 { set_dev_class, false, MGMT_SET_DEV_CLASS_SIZE },
4579 { set_local_name, false, MGMT_SET_LOCAL_NAME_SIZE },
4580 { add_uuid, false, MGMT_ADD_UUID_SIZE },
4581 { remove_uuid, false, MGMT_REMOVE_UUID_SIZE },
4582 { load_link_keys, true, MGMT_LOAD_LINK_KEYS_SIZE },
4583 { load_long_term_keys, true, MGMT_LOAD_LONG_TERM_KEYS_SIZE },
4584 { disconnect, false, MGMT_DISCONNECT_SIZE },
4585 { get_connections, false, MGMT_GET_CONNECTIONS_SIZE },
4586 { pin_code_reply, false, MGMT_PIN_CODE_REPLY_SIZE },
4587 { pin_code_neg_reply, false, MGMT_PIN_CODE_NEG_REPLY_SIZE },
4588 { set_io_capability, false, MGMT_SET_IO_CAPABILITY_SIZE },
4589 { pair_device, false, MGMT_PAIR_DEVICE_SIZE },
4590 { cancel_pair_device, false, MGMT_CANCEL_PAIR_DEVICE_SIZE },
4591 { unpair_device, false, MGMT_UNPAIR_DEVICE_SIZE },
4592 { user_confirm_reply, false, MGMT_USER_CONFIRM_REPLY_SIZE },
4593 { user_confirm_neg_reply, false, MGMT_USER_CONFIRM_NEG_REPLY_SIZE },
4594 { user_passkey_reply, false, MGMT_USER_PASSKEY_REPLY_SIZE },
4595 { user_passkey_neg_reply, false, MGMT_USER_PASSKEY_NEG_REPLY_SIZE },
4596 { read_local_oob_data, false, MGMT_READ_LOCAL_OOB_DATA_SIZE },
ec109113 4597 { add_remote_oob_data, true, MGMT_ADD_REMOTE_OOB_DATA_SIZE },
be22b54e
JH		 4598 { remove_remote_oob_data, false, MGMT_REMOVE_REMOTE_OOB_DATA_SIZE },
4599 { start_discovery, false, MGMT_START_DISCOVERY_SIZE },
4600 { stop_discovery, false, MGMT_STOP_DISCOVERY_SIZE },
4601 { confirm_name, false, MGMT_CONFIRM_NAME_SIZE },
4602 { block_device, false, MGMT_BLOCK_DEVICE_SIZE },
4603 { unblock_device, false, MGMT_UNBLOCK_DEVICE_SIZE },
cdbaccca 4604 { set_device_id, false, MGMT_SET_DEVICE_ID_SIZE },
4375f103 4605 { set_advertising, false, MGMT_SETTING_SIZE },
0663ca2a 4606 { set_bredr, false, MGMT_SETTING_SIZE },
d13eafce 4607 { set_static_address, false, MGMT_SET_STATIC_ADDRESS_SIZE },
14b49b9a 4608 { set_scan_params, false, MGMT_SET_SCAN_PARAMS_SIZE },
eac83dc6 4609 { set_secure_conn, false, MGMT_SETTING_SIZE },
4e39ac81 4610 { set_debug_keys, false, MGMT_SETTING_SIZE },
62b04cd1 4611 { set_privacy, false, MGMT_SET_PRIVACY_SIZE },
41edf160 4612 { load_irks, true, MGMT_LOAD_IRKS_SIZE },
0f4e68cf
JH		 4613};
4614
4615
0381101f
JH		 4616int mgmt_control(struct sock *sk, struct msghdr *msg, size_t msglen)
4617{
650f726d
VCG		 4618 void *buf;
4619 u8 *cp;
0381101f 4620 struct mgmt_hdr *hdr;
4e51eae9 4621 u16 opcode, index, len;
bdb6d971 4622 struct hci_dev *hdev = NULL;
2e3c35ea 4623 const struct mgmt_handler *handler;
0381101f
JH		 4624 int err;
4625
4626 BT_DBG("got %zu bytes", msglen);
4627
4628 if (msglen < sizeof(*hdr))
4629 return -EINVAL;
4630
e63a15ec 4631 buf = kmalloc(msglen, GFP_KERNEL);
0381101f
JH		 4632 if (!buf)
4633 return -ENOMEM;
4634
4635 if (memcpy_fromiovec(buf, msg->msg_iov, msglen)) {
4636 err = -EFAULT;
4637 goto done;
4638 }
4639
650f726d 4640 hdr = buf;
1f350c87
MH		 4641 opcode = __le16_to_cpu(hdr->opcode);
4642 index = __le16_to_cpu(hdr->index);
4643 len = __le16_to_cpu(hdr->len);
0381101f
JH		 4644
4645 if (len != msglen - sizeof(*hdr)) {
4646 err = -EINVAL;
4647 goto done;
4648 }
4649
0f4e68cf 4650 if (index != MGMT_INDEX_NONE) {
bdb6d971
JH		 4651 hdev = hci_dev_get(index);
4652 if (!hdev) {
4653 err = cmd_status(sk, index, opcode,
04124681 4654 MGMT_STATUS_INVALID_INDEX);
bdb6d971
JH		 4655 goto done;
4656 }
0736cfa8 4657
cebf4cfd
JH		 4658 if (test_bit(HCI_SETUP, &hdev->dev_flags) ||
4659 test_bit(HCI_USER_CHANNEL, &hdev->dev_flags)) {
0736cfa8
MH		 4660 err = cmd_status(sk, index, opcode,
4661 MGMT_STATUS_INVALID_INDEX);
4662 goto done;
4663 }
bdb6d971
JH		 4664 }
4665
0f4e68cf 4666 if (opcode >= ARRAY_SIZE(mgmt_handlers) ||
8ce8e2b5 4667 mgmt_handlers[opcode].func == NULL) {
0381101f 4668 BT_DBG("Unknown op %u", opcode);
ca69b795 4669 err = cmd_status(sk, index, opcode,
04124681 4670 MGMT_STATUS_UNKNOWN_COMMAND);
0f4e68cf
JH		 4671 goto done;
4672 }
4673
4674 if ((hdev && opcode < MGMT_OP_READ_INFO) ||
8ce8e2b5 4675 (!hdev && opcode >= MGMT_OP_READ_INFO)) {
0f4e68cf 4676 err = cmd_status(sk, index, opcode,
04124681 4677 MGMT_STATUS_INVALID_INDEX);
0f4e68cf 4678 goto done;
0381101f
JH		 4679 }
4680
be22b54e
JH		 4681 handler = &mgmt_handlers[opcode];
4682
4683 if ((handler->var_len && len < handler->data_len) ||
8ce8e2b5 4684 (!handler->var_len && len != handler->data_len)) {
be22b54e 4685 err = cmd_status(sk, index, opcode,
04124681 4686 MGMT_STATUS_INVALID_PARAMS);
be22b54e
JH		 4687 goto done;
4688 }
4689
0f4e68cf
JH		 4690 if (hdev)
4691 mgmt_init_hdev(sk, hdev);
4692
4693 cp = buf + sizeof(*hdr);
4694
be22b54e 4695 err = handler->func(sk, hdev, cp, len);
e41d8b4e
JH		 4696 if (err < 0)
4697 goto done;
4698
0381101f
JH		 4699 err = msglen;
4700
4701done:
bdb6d971
JH		 4702 if (hdev)
4703 hci_dev_put(hdev);
4704
0381101f
JH		 4705 kfree(buf);
4706 return err;
4707}
c71e97bf 4708
bf6b56db 4709void mgmt_index_added(struct hci_dev *hdev)
c71e97bf 4710{
1514b892 4711 if (hdev->dev_type != HCI_BREDR)
bf6b56db 4712 return;
bb4b2a9a 4713
bf6b56db 4714 mgmt_event(MGMT_EV_INDEX_ADDED, hdev, NULL, 0, NULL);
c71e97bf
JH		 4715}
4716
bf6b56db 4717void mgmt_index_removed(struct hci_dev *hdev)
c71e97bf 4718{
5f159032 4719 u8 status = MGMT_STATUS_INVALID_INDEX;
b24752fe 4720
1514b892 4721 if (hdev->dev_type != HCI_BREDR)
bf6b56db 4722 return;
bb4b2a9a 4723
744cf19e 4724 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status);
b24752fe 4725
bf6b56db 4726 mgmt_event(MGMT_EV_INDEX_REMOVED, hdev, NULL, 0, NULL);
eec8d2bc
JH		 4727}
4728
6046dc3e
AG		 4729/* This function requires the caller holds hdev->lock */
4730static void restart_le_auto_conns(struct hci_dev *hdev)
4731{
4732 struct hci_conn_params *p;
4733
4734 list_for_each_entry(p, &hdev->le_conn_params, list) {
4735 if (p->auto_connect == HCI_AUTO_CONN_ALWAYS)
4736 hci_pend_le_conn_add(hdev, &p->addr, p->addr_type);
4737 }
4738}
4739
229ab39c
JH		 4740static void powered_complete(struct hci_dev *hdev, u8 status)
4741{
4742 struct cmd_lookup match = { NULL, hdev };
4743
4744 BT_DBG("status 0x%02x", status);
4745
4746 hci_dev_lock(hdev);
4747
6046dc3e
AG		 4748 restart_le_auto_conns(hdev);
4749
229ab39c
JH		 4750 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
4751
4752 new_settings(hdev, match.sk);
4753
4754 hci_dev_unlock(hdev);
4755
4756 if (match.sk)
4757 sock_put(match.sk);
4758}
4759
70da6243 4760static int powered_update_hci(struct hci_dev *hdev)
5add6af8 4761{
890ea898 4762 struct hci_request req;
70da6243 4763 u8 link_sec;
5add6af8 4764
890ea898
JH		 4765 hci_req_init(&req, hdev);
4766
70da6243
JH		 4767 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags) &&
4768 !lmp_host_ssp_capable(hdev)) {
4769 u8 ssp = 1;
5e5282bb 4770
890ea898 4771 hci_req_add(&req, HCI_OP_WRITE_SSP_MODE, 1, &ssp);
70da6243 4772 }
5add6af8 4773
c73eee91
JH		 4774 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags) &&
4775 lmp_bredr_capable(hdev)) {
70da6243 4776 struct hci_cp_write_le_host_supported cp;
f0ff92fb 4777
70da6243
JH		 4778 cp.le = 1;
4779 cp.simul = lmp_le_br_capable(hdev);
3d1cbdd6 4780
70da6243
JH		 4781 /* Check first if we already have the right
4782 * host state (host features set)
4783 */
4784 if (cp.le != lmp_host_le_capable(hdev) ||
4785 cp.simul != lmp_host_le_br_capable(hdev))
890ea898
JH		 4786 hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED,
4787 sizeof(cp), &cp);
70da6243 4788 }
3d1cbdd6 4789
d13eafce 4790 if (lmp_le_capable(hdev)) {
441ad2d0
MH		 4791 /* Make sure the controller has a good default for
4792 * advertising data. This also applies to the case
4793 * where BR/EDR was toggled during the AUTO_OFF phase.
4794 */
f14d8f64 4795 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
5947f4bc 4796 update_adv_data(&req);
f14d8f64
MH		 4797 update_scan_rsp_data(&req);
4798 }
441ad2d0 4799
bba3aa55
MH		 4800 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags))
4801 enable_advertising(&req);
eeca6f89
JH		 4802 }
4803
70da6243
JH		 4804 link_sec = test_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
4805 if (link_sec != test_bit(HCI_AUTH, &hdev->flags))
890ea898
JH		 4806 hci_req_add(&req, HCI_OP_WRITE_AUTH_ENABLE,
4807 sizeof(link_sec), &link_sec);
562fcc24 4808
70da6243 4809 if (lmp_bredr_capable(hdev)) {
56f87901
JH		 4810 if (test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
4811 set_bredr_scan(&req);
890ea898 4812 update_class(&req);
13928971 4813 update_name(&req);
890ea898 4814 update_eir(&req);
70da6243 4815 }
562fcc24 4816
229ab39c 4817 return hci_req_run(&req, powered_complete);
70da6243 4818}
562fcc24 4819
70da6243
JH		 4820int mgmt_powered(struct hci_dev *hdev, u8 powered)
4821{
4822 struct cmd_lookup match = { NULL, hdev };
229ab39c
JH		 4823 u8 status_not_powered = MGMT_STATUS_NOT_POWERED;
4824 u8 zero_cod[] = { 0, 0, 0 };
70da6243 4825 int err;
f0ff92fb 4826
70da6243
JH		 4827 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
4828 return 0;
4829
70da6243 4830 if (powered) {
229ab39c
JH		 4831 if (powered_update_hci(hdev) == 0)
4832 return 0;
fe038884 4833
229ab39c
JH		 4834 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp,
4835 &match);
4836 goto new_settings;
b24752fe
JH		 4837 }
4838
229ab39c
JH		 4839 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
4840 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status_not_powered);
4841
4842 if (memcmp(hdev->dev_class, zero_cod, sizeof(zero_cod)) != 0)
4843 mgmt_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev,
4844 zero_cod, sizeof(zero_cod), NULL);
4845
4846new_settings:
beadb2bd 4847 err = new_settings(hdev, match.sk);
eec8d2bc
JH		 4848
4849 if (match.sk)
4850 sock_put(match.sk);
4851
7bb895d6 4852 return err;
5add6af8 4853}
73f22f62 4854
3eec705e 4855void mgmt_set_powered_failed(struct hci_dev *hdev, int err)
96570ffc
JH		 4856{
4857 struct pending_cmd *cmd;
4858 u8 status;
4859
4860 cmd = mgmt_pending_find(MGMT_OP_SET_POWERED, hdev);
4861 if (!cmd)
3eec705e 4862 return;
96570ffc
JH		 4863
4864 if (err == -ERFKILL)
4865 status = MGMT_STATUS_RFKILLED;
4866 else
4867 status = MGMT_STATUS_FAILED;
4868
3eec705e 4869 cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_POWERED, status);
96570ffc
JH		 4870
4871 mgmt_pending_remove(cmd);
96570ffc
JH		 4872}
4873
d1967ff8
MH		 4874void mgmt_discoverable_timeout(struct hci_dev *hdev)
4875{
4876 struct hci_request req;
d1967ff8
MH		 4877
4878 hci_dev_lock(hdev);
4879
4880 /* When discoverable timeout triggers, then just make sure
4881 * the limited discoverable flag is cleared. Even in the case
4882 * of a timeout triggered from general discoverable, it is
4883 * safe to unconditionally clear the flag.
4884 */
4885 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
9a43e25f 4886 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
d1967ff8
MH		 4887
4888 hci_req_init(&req, hdev);
4b580614
JH		 4889 if (test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
4890 u8 scan = SCAN_PAGE;
4891 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE,
4892 sizeof(scan), &scan);
4893 }
d1967ff8 4894 update_class(&req);
9a43e25f 4895 update_adv_data(&req);
d1967ff8
MH		 4896 hci_req_run(&req, NULL);
4897
4898 hdev->discov_timeout = 0;
4899
9a43e25f
JH		 4900 new_settings(hdev, NULL);
4901
d1967ff8
MH		 4902 hci_dev_unlock(hdev);
4903}
4904
86a75645 4905void mgmt_discoverable(struct hci_dev *hdev, u8 discoverable)
73f22f62 4906{
86a75645 4907 bool changed;
73f22f62 4908
bfaf8c9f
JH		 4909 /* Nothing needed here if there's a pending command since that
4910 * commands request completion callback takes care of everything
4911 * necessary.
4912 */
4913 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev))
86a75645 4914 return;
bfaf8c9f 4915
bd107999
JH		 4916 /* Powering off may clear the scan mode - don't let that interfere */
4917 if (!discoverable && mgmt_pending_find(MGMT_OP_SET_POWERED, hdev))
4918 return;
4919
9a43e25f 4920 if (discoverable) {
86a75645 4921 changed = !test_and_set_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
9a43e25f
JH		 4922 } else {
4923 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
86a75645 4924 changed = test_and_clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
9a43e25f
JH		 4925 }
4926
4927 if (changed) {
4928 struct hci_request req;
4929
4930 /* In case this change in discoverable was triggered by
4931 * a disabling of connectable there could be a need to
4932 * update the advertising flags.
4933 */
4934 hci_req_init(&req, hdev);
4935 update_adv_data(&req);
4936 hci_req_run(&req, NULL);
73f22f62 4937
86a75645 4938 new_settings(hdev, NULL);
9a43e25f 4939 }
73f22f62 4940}
9fbcbb45 4941
a330916c 4942void mgmt_connectable(struct hci_dev *hdev, u8 connectable)
9fbcbb45 4943{
a330916c 4944 bool changed;
9fbcbb45 4945
d7b856f9
JH		 4946 /* Nothing needed here if there's a pending command since that
4947 * commands request completion callback takes care of everything
4948 * necessary.
4949 */
4950 if (mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev))
a330916c 4951 return;
d7b856f9 4952
ce3f24cf
JH		 4953 /* Powering off may clear the scan mode - don't let that interfere */
4954 if (!connectable && mgmt_pending_find(MGMT_OP_SET_POWERED, hdev))
4955 return;
4956
a330916c
MH		 4957 if (connectable)
4958 changed = !test_and_set_bit(HCI_CONNECTABLE, &hdev->dev_flags);
4959 else
4960 changed = test_and_clear_bit(HCI_CONNECTABLE, &hdev->dev_flags);
9fbcbb45 4961
beadb2bd 4962 if (changed)
a330916c 4963 new_settings(hdev, NULL);
9fbcbb45 4964}
55ed8ca1 4965
778b235a
JH		 4966void mgmt_advertising(struct hci_dev *hdev, u8 advertising)
4967{
7c4cfab8
JH		 4968 /* Powering off may stop advertising - don't let that interfere */
4969 if (!advertising && mgmt_pending_find(MGMT_OP_SET_POWERED, hdev))
4970 return;
4971
778b235a
JH		 4972 if (advertising)
4973 set_bit(HCI_ADVERTISING, &hdev->dev_flags);
4974 else
4975 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
4976}
4977
4796e8af 4978void mgmt_write_scan_failed(struct hci_dev *hdev, u8 scan, u8 status)
2d7cee58 4979{
ca69b795
JH		 4980 u8 mgmt_err = mgmt_status(status);
4981
2d7cee58 4982 if (scan & SCAN_PAGE)
744cf19e 4983 mgmt_pending_foreach(MGMT_OP_SET_CONNECTABLE, hdev,
04124681 4984 cmd_status_rsp, &mgmt_err);
2d7cee58
JH		 4985
4986 if (scan & SCAN_INQUIRY)
744cf19e 4987 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, hdev,
04124681 4988 cmd_status_rsp, &mgmt_err);
2d7cee58
JH		 4989}
4990
dc4a5ee2
MH		 4991void mgmt_new_link_key(struct hci_dev *hdev, struct link_key *key,
4992 bool persistent)
55ed8ca1 4993{
86742e1e 4994 struct mgmt_ev_new_link_key ev;
55ed8ca1 4995
a492cd52 4996 memset(&ev, 0, sizeof(ev));
55ed8ca1 4997
a492cd52 4998 ev.store_hint = persistent;
d753fdc4 4999 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
591f47f3 5000 ev.key.addr.type = BDADDR_BREDR;
a492cd52 5001 ev.key.type = key->type;
9b3b4460 5002 memcpy(ev.key.val, key->val, HCI_LINK_KEY_SIZE);
a492cd52 5003 ev.key.pin_len = key->pin_len;
55ed8ca1 5004
dc4a5ee2 5005 mgmt_event(MGMT_EV_NEW_LINK_KEY, hdev, &ev, sizeof(ev), NULL);
55ed8ca1 5006}
f7520543 5007
53ac6ab6 5008void mgmt_new_ltk(struct hci_dev *hdev, struct smp_ltk *key, bool persistent)
346af67b
VCG		 5009{
5010 struct mgmt_ev_new_long_term_key ev;
5011
5012 memset(&ev, 0, sizeof(ev));
5013
5192d301
MH		 5014 /* Devices using resolvable or non-resolvable random addresses
5015 * without providing an indentity resolving key don't require
5016 * to store long term keys. Their addresses will change the
5017 * next time around.
5018 *
5019 * Only when a remote device provides an identity address
5020 * make sure the long term key is stored. If the remote
5021 * identity is known, the long term keys are internally
5022 * mapped to the identity address. So allow static random
5023 * and public addresses here.
5024 */
ba74b666
JH		 5025 if (key->bdaddr_type == ADDR_LE_DEV_RANDOM &&
5026 (key->bdaddr.b[5] & 0xc0) != 0xc0)
5027 ev.store_hint = 0x00;
5028 else
53ac6ab6 5029 ev.store_hint = persistent;
ba74b666 5030
346af67b 5031 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
57c1477c 5032 ev.key.addr.type = link_to_bdaddr(LE_LINK, key->bdaddr_type);
d40f3eef 5033 ev.key.type = key->authenticated;
346af67b
VCG		 5034 ev.key.enc_size = key->enc_size;
5035 ev.key.ediv = key->ediv;
fe39c7b2 5036 ev.key.rand = key->rand;
346af67b
VCG		 5037
5038 if (key->type == HCI_SMP_LTK)
5039 ev.key.master = 1;
5040
346af67b
VCG		 5041 memcpy(ev.key.val, key->val, sizeof(key->val));
5042
083368f7 5043 mgmt_event(MGMT_EV_NEW_LONG_TERM_KEY, hdev, &ev, sizeof(ev), NULL);
346af67b
VCG		 5044}
5045
95fbac8a
JH		 5046void mgmt_new_irk(struct hci_dev *hdev, struct smp_irk *irk)
5047{
5048 struct mgmt_ev_new_irk ev;
5049
5050 memset(&ev, 0, sizeof(ev));
5051
bab6d1e5
MH		 5052 /* For identity resolving keys from devices that are already
5053 * using a public address or static random address, do not
5054 * ask for storing this key. The identity resolving key really
5055 * is only mandatory for devices using resovlable random
5056 * addresses.
5057 *
5058 * Storing all identity resolving keys has the downside that
5059 * they will be also loaded on next boot of they system. More
5060 * identity resolving keys, means more time during scanning is
5061 * needed to actually resolve these addresses.
5062 */
5063 if (bacmp(&irk->rpa, BDADDR_ANY))
5064 ev.store_hint = 0x01;
5065 else
5066 ev.store_hint = 0x00;
5067
95fbac8a
JH		 5068 bacpy(&ev.rpa, &irk->rpa);
5069 bacpy(&ev.irk.addr.bdaddr, &irk->bdaddr);
5070 ev.irk.addr.type = link_to_bdaddr(LE_LINK, irk->addr_type);
5071 memcpy(ev.irk.val, irk->val, sizeof(irk->val));
5072
5073 mgmt_event(MGMT_EV_NEW_IRK, hdev, &ev, sizeof(ev), NULL);
5074}
5075
53ac6ab6
MH		 5076void mgmt_new_csrk(struct hci_dev *hdev, struct smp_csrk *csrk,
5077 bool persistent)
7ee4ea36
MH		 5078{
5079 struct mgmt_ev_new_csrk ev;
5080
5081 memset(&ev, 0, sizeof(ev));
5082
5083 /* Devices using resolvable or non-resolvable random addresses
5084 * without providing an indentity resolving key don't require
5085 * to store signature resolving keys. Their addresses will change
5086 * the next time around.
5087 *
5088 * Only when a remote device provides an identity address
5089 * make sure the signature resolving key is stored. So allow
5090 * static random and public addresses here.
5091 */
5092 if (csrk->bdaddr_type == ADDR_LE_DEV_RANDOM &&
5093 (csrk->bdaddr.b[5] & 0xc0) != 0xc0)
5094 ev.store_hint = 0x00;
5095 else
53ac6ab6 5096 ev.store_hint = persistent;
7ee4ea36
MH		 5097
5098 bacpy(&ev.key.addr.bdaddr, &csrk->bdaddr);
5099 ev.key.addr.type = link_to_bdaddr(LE_LINK, csrk->bdaddr_type);
5100 ev.key.master = csrk->master;
5101 memcpy(ev.key.val, csrk->val, sizeof(csrk->val));
5102
5103 mgmt_event(MGMT_EV_NEW_CSRK, hdev, &ev, sizeof(ev), NULL);
5104}
5105
94933991
MH		 5106static inline u16 eir_append_data(u8 *eir, u16 eir_len, u8 type, u8 *data,
5107 u8 data_len)
5108{
5109 eir[eir_len++] = sizeof(type) + data_len;
5110 eir[eir_len++] = type;
5111 memcpy(&eir[eir_len], data, data_len);
5112 eir_len += data_len;
5113
5114 return eir_len;
5115}
5116
ecd90ae7
MH		 5117void mgmt_device_connected(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
5118 u8 addr_type, u32 flags, u8 *name, u8 name_len,
5119 u8 *dev_class)
f7520543 5120{
b644ba33
JH		 5121 char buf[512];
5122 struct mgmt_ev_device_connected *ev = (void *) buf;
5123 u16 eir_len = 0;
f7520543 5124
b644ba33 5125 bacpy(&ev->addr.bdaddr, bdaddr);
57c1477c 5126 ev->addr.type = link_to_bdaddr(link_type, addr_type);
f7520543 5127
c95f0ba7 5128 ev->flags = __cpu_to_le32(flags);
08c79b61 5129
b644ba33
JH		 5130 if (name_len > 0)
5131 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE,
04124681 5132 name, name_len);
b644ba33
JH		 5133
5134 if (dev_class && memcmp(dev_class, "\0\0\0", 3) != 0)
53156385 5135 eir_len = eir_append_data(ev->eir, eir_len,
04124681 5136 EIR_CLASS_OF_DEV, dev_class, 3);
b644ba33 5137
eb55ef07 5138 ev->eir_len = cpu_to_le16(eir_len);
b644ba33 5139
ecd90ae7
MH		 5140 mgmt_event(MGMT_EV_DEVICE_CONNECTED, hdev, buf,
5141 sizeof(*ev) + eir_len, NULL);
f7520543
JH		 5142}
5143
8962ee74
JH		 5144static void disconnect_rsp(struct pending_cmd *cmd, void *data)
5145{
c68fb7ff 5146 struct mgmt_cp_disconnect *cp = cmd->param;
8962ee74 5147 struct sock **sk = data;
a38528f1 5148 struct mgmt_rp_disconnect rp;
8962ee74 5149
88c3df13
JH		 5150 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
5151 rp.addr.type = cp->addr.type;
8962ee74 5152
aee9b218 5153 cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT, 0, &rp,
04124681 5154 sizeof(rp));
8962ee74
JH		 5155
5156 *sk = cmd->sk;
5157 sock_hold(*sk);
5158
a664b5bc 5159 mgmt_pending_remove(cmd);
8962ee74
JH		 5160}
5161
124f6e35 5162static void unpair_device_rsp(struct pending_cmd *cmd, void *data)
a8a1d19e 5163{
b1078ad0 5164 struct hci_dev *hdev = data;
124f6e35
JH		 5165 struct mgmt_cp_unpair_device *cp = cmd->param;
5166 struct mgmt_rp_unpair_device rp;
a8a1d19e
JH		 5167
5168 memset(&rp, 0, sizeof(rp));
124f6e35
JH		 5169 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
5170 rp.addr.type = cp->addr.type;
a8a1d19e 5171
b1078ad0
JH		 5172 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, cmd->sk);
5173
aee9b218 5174 cmd_complete(cmd->sk, cmd->index, cmd->opcode, 0, &rp, sizeof(rp));
a8a1d19e
JH		 5175
5176 mgmt_pending_remove(cmd);
5177}
5178
9b80ec5e 5179void mgmt_device_disconnected(struct hci_dev *hdev, bdaddr_t *bdaddr,
12d4a3b2
JH		 5180 u8 link_type, u8 addr_type, u8 reason,
5181 bool mgmt_connected)
f7520543 5182{
f0d6a0ea 5183 struct mgmt_ev_device_disconnected ev;
8b064a3a 5184 struct pending_cmd *power_off;
8962ee74 5185 struct sock *sk = NULL;
8962ee74 5186
8b064a3a
JH		 5187 power_off = mgmt_pending_find(MGMT_OP_SET_POWERED, hdev);
5188 if (power_off) {
5189 struct mgmt_mode *cp = power_off->param;
5190
5191 /* The connection is still in hci_conn_hash so test for 1
5192 * instead of 0 to know if this is the last one.
5193 */
a3172b7e
JH		 5194 if (!cp->val && hci_conn_count(hdev) == 1) {
5195 cancel_delayed_work(&hdev->power_off);
8b064a3a 5196 queue_work(hdev->req_workqueue, &hdev->power_off.work);
a3172b7e 5197 }
8b064a3a
JH		 5198 }
5199
12d4a3b2
JH		 5200 if (!mgmt_connected)
5201 return;
5202
57eb776f
AG		 5203 if (link_type != ACL_LINK && link_type != LE_LINK)
5204 return;
5205
744cf19e 5206 mgmt_pending_foreach(MGMT_OP_DISCONNECT, hdev, disconnect_rsp, &sk);
f7520543 5207
f0d6a0ea
MA		 5208 bacpy(&ev.addr.bdaddr, bdaddr);
5209 ev.addr.type = link_to_bdaddr(link_type, addr_type);
5210 ev.reason = reason;
f7520543 5211
9b80ec5e 5212 mgmt_event(MGMT_EV_DEVICE_DISCONNECTED, hdev, &ev, sizeof(ev), sk);
8962ee74
JH		 5213
5214 if (sk)
d97dcb66 5215 sock_put(sk);
8962ee74 5216
124f6e35 5217 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
04124681 5218 hdev);
8962ee74
JH		 5219}
5220
7892924c
MH		 5221void mgmt_disconnect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr,
5222 u8 link_type, u8 addr_type, u8 status)
8962ee74 5223{
3655bba8
AG		 5224 u8 bdaddr_type = link_to_bdaddr(link_type, addr_type);
5225 struct mgmt_cp_disconnect *cp;
88c3df13 5226 struct mgmt_rp_disconnect rp;
8962ee74 5227 struct pending_cmd *cmd;
8962ee74 5228
36a75f1b
JD		 5229 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
5230 hdev);
5231
2e58ef3e 5232 cmd = mgmt_pending_find(MGMT_OP_DISCONNECT, hdev);
8962ee74 5233 if (!cmd)
7892924c 5234 return;
8962ee74 5235
3655bba8
AG		 5236 cp = cmd->param;
5237
5238 if (bacmp(bdaddr, &cp->addr.bdaddr))
5239 return;
5240
5241 if (cp->addr.type != bdaddr_type)
5242 return;
5243
88c3df13 5244 bacpy(&rp.addr.bdaddr, bdaddr);
3655bba8 5245 rp.addr.type = bdaddr_type;
37d9ef76 5246
7892924c
MH		 5247 cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT,
5248 mgmt_status(status), &rp, sizeof(rp));
8962ee74 5249
a664b5bc 5250 mgmt_pending_remove(cmd);
f7520543 5251}
17d5c04c 5252
445608d0
MH		 5253void mgmt_connect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
5254 u8 addr_type, u8 status)
17d5c04c
JH		 5255{
5256 struct mgmt_ev_connect_failed ev;
c9910d0f
JH		 5257 struct pending_cmd *power_off;
5258
5259 power_off = mgmt_pending_find(MGMT_OP_SET_POWERED, hdev);
5260 if (power_off) {
5261 struct mgmt_mode *cp = power_off->param;
5262
5263 /* The connection is still in hci_conn_hash so test for 1
5264 * instead of 0 to know if this is the last one.
5265 */
a3172b7e
JH		 5266 if (!cp->val && hci_conn_count(hdev) == 1) {
5267 cancel_delayed_work(&hdev->power_off);
c9910d0f 5268 queue_work(hdev->req_workqueue, &hdev->power_off.work);
a3172b7e 5269 }
c9910d0f 5270 }
17d5c04c 5271
4c659c39 5272 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 5273 ev.addr.type = link_to_bdaddr(link_type, addr_type);
ca69b795 5274 ev.status = mgmt_status(status);
17d5c04c 5275
445608d0 5276 mgmt_event(MGMT_EV_CONNECT_FAILED, hdev, &ev, sizeof(ev), NULL);
17d5c04c 5277}
980e1a53 5278
ce0e4a0d 5279void mgmt_pin_code_request(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 secure)
980e1a53
JH		 5280{
5281 struct mgmt_ev_pin_code_request ev;
5282
d8457698 5283 bacpy(&ev.addr.bdaddr, bdaddr);
591f47f3 5284 ev.addr.type = BDADDR_BREDR;
a770bb5a 5285 ev.secure = secure;
980e1a53 5286
ce0e4a0d 5287 mgmt_event(MGMT_EV_PIN_CODE_REQUEST, hdev, &ev, sizeof(ev), NULL);
980e1a53
JH		 5288}
5289
e669cf80
MH		 5290void mgmt_pin_code_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
5291 u8 status)
980e1a53
JH		 5292{
5293 struct pending_cmd *cmd;
ac56fb13 5294 struct mgmt_rp_pin_code_reply rp;
980e1a53 5295
2e58ef3e 5296 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_REPLY, hdev);
980e1a53 5297 if (!cmd)
e669cf80 5298 return;
980e1a53 5299
d8457698 5300 bacpy(&rp.addr.bdaddr, bdaddr);
591f47f3 5301 rp.addr.type = BDADDR_BREDR;
ac56fb13 5302
e669cf80
MH		 5303 cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
5304 mgmt_status(status), &rp, sizeof(rp));
980e1a53 5305
a664b5bc 5306 mgmt_pending_remove(cmd);
980e1a53
JH		 5307}
5308
3eb38528
MH		 5309void mgmt_pin_code_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
5310 u8 status)
980e1a53
JH		 5311{
5312 struct pending_cmd *cmd;
ac56fb13 5313 struct mgmt_rp_pin_code_reply rp;
980e1a53 5314
2e58ef3e 5315 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_NEG_REPLY, hdev);
980e1a53 5316 if (!cmd)
3eb38528 5317 return;
980e1a53 5318
d8457698 5319 bacpy(&rp.addr.bdaddr, bdaddr);
591f47f3 5320 rp.addr.type = BDADDR_BREDR;
ac56fb13 5321
3eb38528
MH		 5322 cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_NEG_REPLY,
5323 mgmt_status(status), &rp, sizeof(rp));
980e1a53 5324
a664b5bc 5325 mgmt_pending_remove(cmd);
980e1a53 5326}
a5c29683 5327
744cf19e 5328int mgmt_user_confirm_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
39adbffe 5329 u8 link_type, u8 addr_type, u32 value,
04124681 5330 u8 confirm_hint)
a5c29683
JH		 5331{
5332 struct mgmt_ev_user_confirm_request ev;
5333
744cf19e 5334 BT_DBG("%s", hdev->name);
a5c29683 5335
272d90df 5336 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 5337 ev.addr.type = link_to_bdaddr(link_type, addr_type);
55bc1a37 5338 ev.confirm_hint = confirm_hint;
39adbffe 5339 ev.value = cpu_to_le32(value);
a5c29683 5340
744cf19e 5341 return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST, hdev, &ev, sizeof(ev),
04124681 5342 NULL);
a5c29683
JH		 5343}
5344
272d90df 5345int mgmt_user_passkey_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
8ce8e2b5 5346 u8 link_type, u8 addr_type)
604086b7
BG		 5347{
5348 struct mgmt_ev_user_passkey_request ev;
5349
5350 BT_DBG("%s", hdev->name);
5351
272d90df 5352 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 5353 ev.addr.type = link_to_bdaddr(link_type, addr_type);
604086b7
BG		 5354
5355 return mgmt_event(MGMT_EV_USER_PASSKEY_REQUEST, hdev, &ev, sizeof(ev),
04124681 5356 NULL);
604086b7
BG		 5357}
5358
0df4c185 5359static int user_pairing_resp_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
8ce8e2b5
GP		 5360 u8 link_type, u8 addr_type, u8 status,
5361 u8 opcode)
a5c29683
JH		 5362{
5363 struct pending_cmd *cmd;
5364 struct mgmt_rp_user_confirm_reply rp;
5365 int err;
5366
2e58ef3e 5367 cmd = mgmt_pending_find(opcode, hdev);
a5c29683
JH		 5368 if (!cmd)
5369 return -ENOENT;
5370
272d90df 5371 bacpy(&rp.addr.bdaddr, bdaddr);
57c1477c 5372 rp.addr.type = link_to_bdaddr(link_type, addr_type);
aee9b218 5373 err = cmd_complete(cmd->sk, hdev->id, opcode, mgmt_status(status),
04124681 5374 &rp, sizeof(rp));
a5c29683 5375
a664b5bc 5376 mgmt_pending_remove(cmd);
a5c29683
JH		 5377
5378 return err;
5379}
5380
744cf19e 5381int mgmt_user_confirm_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 5382 u8 link_type, u8 addr_type, u8 status)
a5c29683 5383{
272d90df 5384 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
04124681 5385 status, MGMT_OP_USER_CONFIRM_REPLY);
a5c29683
JH		 5386}
5387
272d90df 5388int mgmt_user_confirm_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 5389 u8 link_type, u8 addr_type, u8 status)
a5c29683 5390{
272d90df 5391 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
8fc9ced3
GP		 5392 status,
5393 MGMT_OP_USER_CONFIRM_NEG_REPLY);
a5c29683 5394}
2a611692 5395
604086b7 5396int mgmt_user_passkey_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 5397 u8 link_type, u8 addr_type, u8 status)
604086b7 5398{
272d90df 5399 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
04124681 5400 status, MGMT_OP_USER_PASSKEY_REPLY);
604086b7
BG		 5401}
5402
272d90df 5403int mgmt_user_passkey_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 5404 u8 link_type, u8 addr_type, u8 status)
604086b7 5405{
272d90df 5406 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
8fc9ced3
GP		 5407 status,
5408 MGMT_OP_USER_PASSKEY_NEG_REPLY);
604086b7
BG		 5409}
5410
92a25256
JH		 5411int mgmt_user_passkey_notify(struct hci_dev *hdev, bdaddr_t *bdaddr,
5412 u8 link_type, u8 addr_type, u32 passkey,
5413 u8 entered)
5414{
5415 struct mgmt_ev_passkey_notify ev;
5416
5417 BT_DBG("%s", hdev->name);
5418
5419 bacpy(&ev.addr.bdaddr, bdaddr);
5420 ev.addr.type = link_to_bdaddr(link_type, addr_type);
5421 ev.passkey = __cpu_to_le32(passkey);
5422 ev.entered = entered;
5423
5424 return mgmt_event(MGMT_EV_PASSKEY_NOTIFY, hdev, &ev, sizeof(ev), NULL);
5425}
5426
e546099c
MH		 5427void mgmt_auth_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
5428 u8 addr_type, u8 status)
2a611692
JH		 5429{
5430 struct mgmt_ev_auth_failed ev;
5431
bab73cb6 5432 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 5433 ev.addr.type = link_to_bdaddr(link_type, addr_type);
ca69b795 5434 ev.status = mgmt_status(status);
2a611692 5435
e546099c 5436 mgmt_event(MGMT_EV_AUTH_FAILED, hdev, &ev, sizeof(ev), NULL);
2a611692 5437}
b312b161 5438
464996ae 5439void mgmt_auth_enable_complete(struct hci_dev *hdev, u8 status)
33ef95ed
JH		 5440{
5441 struct cmd_lookup match = { NULL, hdev };
464996ae 5442 bool changed;
33ef95ed
JH		 5443
5444 if (status) {
5445 u8 mgmt_err = mgmt_status(status);
5446 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev,
04124681 5447 cmd_status_rsp, &mgmt_err);
464996ae 5448 return;
33ef95ed
JH		 5449 }
5450
464996ae
MH		 5451 if (test_bit(HCI_AUTH, &hdev->flags))
5452 changed = !test_and_set_bit(HCI_LINK_SECURITY,
5453 &hdev->dev_flags);
5454 else
5455 changed = test_and_clear_bit(HCI_LINK_SECURITY,
5456 &hdev->dev_flags);
47990ea0 5457
33ef95ed 5458 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev, settings_rsp,
04124681 5459 &match);
33ef95ed 5460
47990ea0 5461 if (changed)
464996ae 5462 new_settings(hdev, match.sk);
33ef95ed
JH		 5463
5464 if (match.sk)
5465 sock_put(match.sk);
33ef95ed
JH		 5466}
5467
890ea898 5468static void clear_eir(struct hci_request *req)
cacaf52f 5469{
890ea898 5470 struct hci_dev *hdev = req->hdev;
cacaf52f
JH		 5471 struct hci_cp_write_eir cp;
5472
976eb20e 5473 if (!lmp_ext_inq_capable(hdev))
890ea898 5474 return;
cacaf52f 5475
c80da27e
JH		 5476 memset(hdev->eir, 0, sizeof(hdev->eir));
5477
cacaf52f
JH		 5478 memset(&cp, 0, sizeof(cp));
5479
890ea898 5480 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
cacaf52f
JH		 5481}
5482
3e248560 5483void mgmt_ssp_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
ed2c4ee3
JH		 5484{
5485 struct cmd_lookup match = { NULL, hdev };
890ea898 5486 struct hci_request req;
c0ecddc2 5487 bool changed = false;
ed2c4ee3
JH		 5488
5489 if (status) {
5490 u8 mgmt_err = mgmt_status(status);
c0ecddc2
JH		 5491
5492 if (enable && test_and_clear_bit(HCI_SSP_ENABLED,
9ecb3e24
MH		 5493 &hdev->dev_flags)) {
5494 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
3e248560 5495 new_settings(hdev, NULL);
9ecb3e24 5496 }
c0ecddc2 5497
04124681
GP		 5498 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, cmd_status_rsp,
5499 &mgmt_err);
3e248560 5500 return;
c0ecddc2
JH		 5501 }
5502
5503 if (enable) {
9ecb3e24 5504 changed = !test_and_set_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
c0ecddc2 5505 } else {
9ecb3e24
MH		 5506 changed = test_and_clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
5507 if (!changed)
5508 changed = test_and_clear_bit(HCI_HS_ENABLED,
5509 &hdev->dev_flags);
5510 else
5511 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
ed2c4ee3
JH		 5512 }
5513
5514 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, settings_rsp, &match);
5515
c0ecddc2 5516 if (changed)
3e248560 5517 new_settings(hdev, match.sk);
ed2c4ee3 5518
5fc6ebb1 5519 if (match.sk)
ed2c4ee3
JH		 5520 sock_put(match.sk);
5521
890ea898
JH		 5522 hci_req_init(&req, hdev);
5523
5fc6ebb1 5524 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
890ea898 5525 update_eir(&req);
5fc6ebb1 5526 else
890ea898
JH		 5527 clear_eir(&req);
5528
5529 hci_req_run(&req, NULL);
ed2c4ee3
JH		 5530}
5531
eac83dc6
MH		 5532void mgmt_sc_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
5533{
5534 struct cmd_lookup match = { NULL, hdev };
5535 bool changed = false;
5536
5537 if (status) {
5538 u8 mgmt_err = mgmt_status(status);
5539
0ab04a9c
MH		 5540 if (enable) {
5541 if (test_and_clear_bit(HCI_SC_ENABLED,
5542 &hdev->dev_flags))
5543 new_settings(hdev, NULL);
5544 clear_bit(HCI_SC_ONLY, &hdev->dev_flags);
5545 }
eac83dc6
MH		 5546
5547 mgmt_pending_foreach(MGMT_OP_SET_SECURE_CONN, hdev,
5548 cmd_status_rsp, &mgmt_err);
5549 return;
5550 }
5551
0ab04a9c 5552 if (enable) {
eac83dc6 5553 changed = !test_and_set_bit(HCI_SC_ENABLED, &hdev->dev_flags);
0ab04a9c 5554 } else {
eac83dc6 5555 changed = test_and_clear_bit(HCI_SC_ENABLED, &hdev->dev_flags);
0ab04a9c
MH		 5556 clear_bit(HCI_SC_ONLY, &hdev->dev_flags);
5557 }
eac83dc6
MH		 5558
5559 mgmt_pending_foreach(MGMT_OP_SET_SECURE_CONN, hdev,
5560 settings_rsp, &match);
5561
5562 if (changed)
5563 new_settings(hdev, match.sk);
5564
5565 if (match.sk)
5566 sock_put(match.sk);
5567}
5568
92da6097 5569static void sk_lookup(struct pending_cmd *cmd, void *data)
90e70454
JH		 5570{
5571 struct cmd_lookup *match = data;
5572
90e70454
JH		 5573 if (match->sk == NULL) {
5574 match->sk = cmd->sk;
5575 sock_hold(match->sk);
5576 }
90e70454
JH		 5577}
5578
4e1b0245
MH		 5579void mgmt_set_class_of_dev_complete(struct hci_dev *hdev, u8 *dev_class,
5580 u8 status)
7f9a903c 5581{
90e70454 5582 struct cmd_lookup match = { NULL, hdev, mgmt_status(status) };
7f9a903c 5583
92da6097
JH		 5584 mgmt_pending_foreach(MGMT_OP_SET_DEV_CLASS, hdev, sk_lookup, &match);
5585 mgmt_pending_foreach(MGMT_OP_ADD_UUID, hdev, sk_lookup, &match);
5586 mgmt_pending_foreach(MGMT_OP_REMOVE_UUID, hdev, sk_lookup, &match);
90e70454
JH		 5587
5588 if (!status)
4e1b0245
MH		 5589 mgmt_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev, dev_class, 3,
5590 NULL);
90e70454
JH		 5591
5592 if (match.sk)
5593 sock_put(match.sk);
7f9a903c
MH		 5594}
5595
7667da34 5596void mgmt_set_local_name_complete(struct hci_dev *hdev, u8 *name, u8 status)
b312b161 5597{
b312b161 5598 struct mgmt_cp_set_local_name ev;
13928971 5599 struct pending_cmd *cmd;
28cc7bde 5600
13928971 5601 if (status)
7667da34 5602 return;
b312b161
JH		 5603
5604 memset(&ev, 0, sizeof(ev));
5605 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH);
28cc7bde 5606 memcpy(ev.short_name, hdev->short_name, HCI_MAX_SHORT_NAME_LENGTH);
b312b161 5607
2e58ef3e 5608 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
13928971
JH		 5609 if (!cmd) {
5610 memcpy(hdev->dev_name, name, sizeof(hdev->dev_name));
28cc7bde 5611
13928971
JH		 5612 /* If this is a HCI command related to powering on the
5613 * HCI dev don't send any mgmt signals.
5614 */
5615 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev))
7667da34 5616 return;
890ea898 5617 }
b312b161 5618
7667da34
MH		 5619 mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, &ev, sizeof(ev),
5620 cmd ? cmd->sk : NULL);
b312b161 5621}
c35938b2 5622
4d2d2796
MH		 5623void mgmt_read_local_oob_data_complete(struct hci_dev *hdev, u8 *hash192,
5624 u8 *randomizer192, u8 *hash256,
5625 u8 *randomizer256, u8 status)
c35938b2
SJ		 5626{
5627 struct pending_cmd *cmd;
c35938b2 5628
744cf19e 5629 BT_DBG("%s status %u", hdev->name, status);
c35938b2 5630
2e58ef3e 5631 cmd = mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev);
c35938b2 5632 if (!cmd)
3edaf092 5633 return;
c35938b2
SJ		 5634
5635 if (status) {
3edaf092
MH		 5636 cmd_status(cmd->sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
5637 mgmt_status(status));
c35938b2 5638 } else {
4d2d2796
MH		 5639 if (test_bit(HCI_SC_ENABLED, &hdev->dev_flags) &&
5640 hash256 && randomizer256) {
5641 struct mgmt_rp_read_local_oob_ext_data rp;
5642
5643 memcpy(rp.hash192, hash192, sizeof(rp.hash192));
5644 memcpy(rp.randomizer192, randomizer192,
5645 sizeof(rp.randomizer192));
c35938b2 5646
4d2d2796
MH		 5647 memcpy(rp.hash256, hash256, sizeof(rp.hash256));
5648 memcpy(rp.randomizer256, randomizer256,
5649 sizeof(rp.randomizer256));
c35938b2 5650
4d2d2796
MH		 5651 cmd_complete(cmd->sk, hdev->id,
5652 MGMT_OP_READ_LOCAL_OOB_DATA, 0,
5653 &rp, sizeof(rp));
5654 } else {
5655 struct mgmt_rp_read_local_oob_data rp;
5656
5657 memcpy(rp.hash, hash192, sizeof(rp.hash));
5658 memcpy(rp.randomizer, randomizer192,
5659 sizeof(rp.randomizer));
5660
5661 cmd_complete(cmd->sk, hdev->id,
5662 MGMT_OP_READ_LOCAL_OOB_DATA, 0,
5663 &rp, sizeof(rp));
5664 }
c35938b2
SJ		 5665 }
5666
5667 mgmt_pending_remove(cmd);
c35938b2 5668}
e17acd40 5669
901801b9 5670void mgmt_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
73cf71d9
JH		 5671 u8 addr_type, u8 *dev_class, s8 rssi, u8 cfm_name,
5672 u8 ssp, u8 *eir, u16 eir_len, u8 *scan_rsp,
5d2e9fad 5673 u8 scan_rsp_len)
e17acd40 5674{
e319d2e7
JH		 5675 char buf[512];
5676 struct mgmt_ev_device_found *ev = (void *) buf;
5cedbb8d 5677 struct smp_irk *irk;
1dc06093 5678 size_t ev_size;
e17acd40 5679
12602d0c 5680 if (!hci_discovery_active(hdev))
901801b9 5681 return;
12602d0c 5682
5d2e9fad
JH		 5683 /* Make sure that the buffer is big enough. The 5 extra bytes
5684 * are for the potential CoD field.
5685 */
5686 if (sizeof(*ev) + eir_len + scan_rsp_len + 5 > sizeof(buf))
901801b9 5687 return;
7d262f86 5688
1dc06093
JH		 5689 memset(buf, 0, sizeof(buf));
5690
5cedbb8d
JH		 5691 irk = hci_get_irk(hdev, bdaddr, addr_type);
5692 if (irk) {
5693 bacpy(&ev->addr.bdaddr, &irk->bdaddr);
5694 ev->addr.type = link_to_bdaddr(link_type, irk->addr_type);
5695 } else {
5696 bacpy(&ev->addr.bdaddr, bdaddr);
5697 ev->addr.type = link_to_bdaddr(link_type, addr_type);
5698 }
5699
e319d2e7 5700 ev->rssi = rssi;
9a395a80 5701 if (cfm_name)
dcf4adbf 5702 ev->flags |= cpu_to_le32(MGMT_DEV_FOUND_CONFIRM_NAME);
388fc8fa 5703 if (!ssp)
dcf4adbf 5704 ev->flags |= cpu_to_le32(MGMT_DEV_FOUND_LEGACY_PAIRING);
e17acd40 5705
1dc06093 5706 if (eir_len > 0)
e319d2e7 5707 memcpy(ev->eir, eir, eir_len);
e17acd40 5708
1dc06093
JH		 5709 if (dev_class && !eir_has_data_type(ev->eir, eir_len, EIR_CLASS_OF_DEV))
5710 eir_len = eir_append_data(ev->eir, eir_len, EIR_CLASS_OF_DEV,
04124681 5711 dev_class, 3);
1dc06093 5712
5d2e9fad
JH		 5713 if (scan_rsp_len > 0)
5714 memcpy(ev->eir + eir_len, scan_rsp, scan_rsp_len);
5715
5716 ev->eir_len = cpu_to_le16(eir_len + scan_rsp_len);
5717 ev_size = sizeof(*ev) + eir_len + scan_rsp_len;
f8523598 5718
901801b9 5719 mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, ev_size, NULL);
e17acd40 5720}
a88a9652 5721
9cf12aee
MH		 5722void mgmt_remote_name(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
5723 u8 addr_type, s8 rssi, u8 *name, u8 name_len)
a88a9652 5724{
b644ba33
JH		 5725 struct mgmt_ev_device_found *ev;
5726 char buf[sizeof(*ev) + HCI_MAX_NAME_LENGTH + 2];
5727 u16 eir_len;
a88a9652 5728
b644ba33 5729 ev = (struct mgmt_ev_device_found *) buf;
a88a9652 5730
b644ba33
JH		 5731 memset(buf, 0, sizeof(buf));
5732
5733 bacpy(&ev->addr.bdaddr, bdaddr);
57c1477c 5734 ev->addr.type = link_to_bdaddr(link_type, addr_type);
b644ba33
JH		 5735 ev->rssi = rssi;
5736
5737 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE, name,
04124681 5738 name_len);
b644ba33 5739
eb55ef07 5740 ev->eir_len = cpu_to_le16(eir_len);
a88a9652 5741
9cf12aee 5742 mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, sizeof(*ev) + eir_len, NULL);
a88a9652 5743}
314b2381 5744
2f1e063b 5745void mgmt_discovering(struct hci_dev *hdev, u8 discovering)
314b2381 5746{
f963e8e9 5747 struct mgmt_ev_discovering ev;
164a6e78
JH		 5748 struct pending_cmd *cmd;
5749
343fb145
AG		 5750 BT_DBG("%s discovering %u", hdev->name, discovering);
5751
164a6e78 5752 if (discovering)
2e58ef3e 5753 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
164a6e78 5754 else
2e58ef3e 5755 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
164a6e78
JH		 5756
5757 if (cmd != NULL) {
f808e166
JH		 5758 u8 type = hdev->discovery.type;
5759
04124681
GP		 5760 cmd_complete(cmd->sk, hdev->id, cmd->opcode, 0, &type,
5761 sizeof(type));
164a6e78
JH		 5762 mgmt_pending_remove(cmd);
5763 }
5764
f963e8e9
JH		 5765 memset(&ev, 0, sizeof(ev));
5766 ev.type = hdev->discovery.type;
5767 ev.discovering = discovering;
5768
2f1e063b 5769 mgmt_event(MGMT_EV_DISCOVERING, hdev, &ev, sizeof(ev), NULL);
314b2381 5770}
5e762444 5771
88c1fe4b 5772int mgmt_device_blocked(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
5e762444
AJ		 5773{
5774 struct pending_cmd *cmd;
5775 struct mgmt_ev_device_blocked ev;
5776
2e58ef3e 5777 cmd = mgmt_pending_find(MGMT_OP_BLOCK_DEVICE, hdev);
5e762444 5778
88c1fe4b
JH		 5779 bacpy(&ev.addr.bdaddr, bdaddr);
5780 ev.addr.type = type;
5e762444 5781
744cf19e 5782 return mgmt_event(MGMT_EV_DEVICE_BLOCKED, hdev, &ev, sizeof(ev),
04124681 5783 cmd ? cmd->sk : NULL);
5e762444
AJ		 5784}
5785
88c1fe4b 5786int mgmt_device_unblocked(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
5e762444
AJ		 5787{
5788 struct pending_cmd *cmd;
5789 struct mgmt_ev_device_unblocked ev;
5790
2e58ef3e 5791 cmd = mgmt_pending_find(MGMT_OP_UNBLOCK_DEVICE, hdev);
5e762444 5792
88c1fe4b
JH		 5793 bacpy(&ev.addr.bdaddr, bdaddr);
5794 ev.addr.type = type;
5e762444 5795
744cf19e 5796 return mgmt_event(MGMT_EV_DEVICE_UNBLOCKED, hdev, &ev, sizeof(ev),
04124681 5797 cmd ? cmd->sk : NULL);
5e762444 5798}
5976e608
MH		 5799
5800static void adv_enable_complete(struct hci_dev *hdev, u8 status)
5801{
5802 BT_DBG("%s status %u", hdev->name, status);
5803
5804 /* Clear the advertising mgmt setting if we failed to re-enable it */
5805 if (status) {
5806 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
a6d811ed 5807 new_settings(hdev, NULL);
5976e608
MH		 5808 }
5809}
5810
5811void mgmt_reenable_advertising(struct hci_dev *hdev)
5812{
5813 struct hci_request req;
5814
b145edcd 5815 if (hci_conn_num(hdev, LE_LINK) > 0)
5976e608
MH		 5816 return;
5817
5818 if (!test_bit(HCI_ADVERTISING, &hdev->dev_flags))
5819 return;
5820
5821 hci_req_init(&req, hdev);
5822 enable_advertising(&req);
5823
5824 /* If this fails we have no option but to let user space know
5825 * that we've disabled advertising.
5826 */
5827 if (hci_req_run(&req, adv_enable_complete) < 0) {
5828 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
a6d811ed 5829 new_settings(hdev, NULL);
5976e608
MH		 5830 }
5831}
Linux kernel - Deliverables
This page took 0.70473 seconds and 5 git commands to generate.