projects / deliverable / linux.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Bluetooth: Clean up socket locking in l2cap_sock_recvmsg
[deliverable/linux.git] / net / bluetooth / mgmt.c
CommitLineData
0381101f
JH		 1/*
2 BlueZ - Bluetooth protocol stack for Linux
ea585ab5 3
0381101f 4 Copyright (C) 2010 Nokia Corporation
ea585ab5 5 Copyright (C) 2011-2012 Intel Corporation
0381101f
JH		 6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
10
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
23*/
24
25/* Bluetooth HCI Management interface */
26
3a9a231d 27#include <linux/module.h>
0381101f
JH		 28#include <asm/unaligned.h>
29
30#include <net/bluetooth/bluetooth.h>
31#include <net/bluetooth/hci_core.h>
32#include <net/bluetooth/mgmt.h>
5fe57d9e 33#include <net/bluetooth/smp.h>
0381101f 34
d7b7e796 35bool enable_hs;
d7b7e796 36
2da9c55c 37#define MGMT_VERSION 1
3810285c 38#define MGMT_REVISION 3
02d98129 39
e70bb2e8
JH		 40static const u16 mgmt_commands[] = {
41 MGMT_OP_READ_INDEX_LIST,
42 MGMT_OP_READ_INFO,
43 MGMT_OP_SET_POWERED,
44 MGMT_OP_SET_DISCOVERABLE,
45 MGMT_OP_SET_CONNECTABLE,
46 MGMT_OP_SET_FAST_CONNECTABLE,
47 MGMT_OP_SET_PAIRABLE,
48 MGMT_OP_SET_LINK_SECURITY,
49 MGMT_OP_SET_SSP,
50 MGMT_OP_SET_HS,
51 MGMT_OP_SET_LE,
52 MGMT_OP_SET_DEV_CLASS,
53 MGMT_OP_SET_LOCAL_NAME,
54 MGMT_OP_ADD_UUID,
55 MGMT_OP_REMOVE_UUID,
56 MGMT_OP_LOAD_LINK_KEYS,
57 MGMT_OP_LOAD_LONG_TERM_KEYS,
58 MGMT_OP_DISCONNECT,
59 MGMT_OP_GET_CONNECTIONS,
60 MGMT_OP_PIN_CODE_REPLY,
61 MGMT_OP_PIN_CODE_NEG_REPLY,
62 MGMT_OP_SET_IO_CAPABILITY,
63 MGMT_OP_PAIR_DEVICE,
64 MGMT_OP_CANCEL_PAIR_DEVICE,
65 MGMT_OP_UNPAIR_DEVICE,
66 MGMT_OP_USER_CONFIRM_REPLY,
67 MGMT_OP_USER_CONFIRM_NEG_REPLY,
68 MGMT_OP_USER_PASSKEY_REPLY,
69 MGMT_OP_USER_PASSKEY_NEG_REPLY,
70 MGMT_OP_READ_LOCAL_OOB_DATA,
71 MGMT_OP_ADD_REMOTE_OOB_DATA,
72 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
73 MGMT_OP_START_DISCOVERY,
74 MGMT_OP_STOP_DISCOVERY,
75 MGMT_OP_CONFIRM_NAME,
76 MGMT_OP_BLOCK_DEVICE,
77 MGMT_OP_UNBLOCK_DEVICE,
cdbaccca 78 MGMT_OP_SET_DEVICE_ID,
e70bb2e8
JH		 79};
80
81static const u16 mgmt_events[] = {
82 MGMT_EV_CONTROLLER_ERROR,
83 MGMT_EV_INDEX_ADDED,
84 MGMT_EV_INDEX_REMOVED,
85 MGMT_EV_NEW_SETTINGS,
86 MGMT_EV_CLASS_OF_DEV_CHANGED,
87 MGMT_EV_LOCAL_NAME_CHANGED,
88 MGMT_EV_NEW_LINK_KEY,
89 MGMT_EV_NEW_LONG_TERM_KEY,
90 MGMT_EV_DEVICE_CONNECTED,
91 MGMT_EV_DEVICE_DISCONNECTED,
92 MGMT_EV_CONNECT_FAILED,
93 MGMT_EV_PIN_CODE_REQUEST,
94 MGMT_EV_USER_CONFIRM_REQUEST,
95 MGMT_EV_USER_PASSKEY_REQUEST,
96 MGMT_EV_AUTH_FAILED,
97 MGMT_EV_DEVICE_FOUND,
98 MGMT_EV_DISCOVERING,
99 MGMT_EV_DEVICE_BLOCKED,
100 MGMT_EV_DEVICE_UNBLOCKED,
101 MGMT_EV_DEVICE_UNPAIRED,
92a25256 102 MGMT_EV_PASSKEY_NOTIFY,
e70bb2e8
JH		 103};
104
17b02e62 105#define CACHE_TIMEOUT msecs_to_jiffies(2 * 1000)
7d78525d 106
4b34ee78
JH		 107#define hdev_is_powered(hdev) (test_bit(HCI_UP, &hdev->flags) && \
108 !test_bit(HCI_AUTO_OFF, &hdev->dev_flags))
109
eec8d2bc
JH		 110struct pending_cmd {
111 struct list_head list;
fc2f4b13 112 u16 opcode;
eec8d2bc 113 int index;
c68fb7ff 114 void *param;
eec8d2bc 115 struct sock *sk;
e9a416b5 116 void *user_data;
eec8d2bc
JH		 117};
118
ca69b795
JH		 119/* HCI to MGMT error code conversion table */
120static u8 mgmt_status_table[] = {
121 MGMT_STATUS_SUCCESS,
122 MGMT_STATUS_UNKNOWN_COMMAND, /* Unknown Command */
123 MGMT_STATUS_NOT_CONNECTED, /* No Connection */
124 MGMT_STATUS_FAILED, /* Hardware Failure */
125 MGMT_STATUS_CONNECT_FAILED, /* Page Timeout */
126 MGMT_STATUS_AUTH_FAILED, /* Authentication Failed */
127 MGMT_STATUS_NOT_PAIRED, /* PIN or Key Missing */
128 MGMT_STATUS_NO_RESOURCES, /* Memory Full */
129 MGMT_STATUS_TIMEOUT, /* Connection Timeout */
130 MGMT_STATUS_NO_RESOURCES, /* Max Number of Connections */
131 MGMT_STATUS_NO_RESOURCES, /* Max Number of SCO Connections */
132 MGMT_STATUS_ALREADY_CONNECTED, /* ACL Connection Exists */
133 MGMT_STATUS_BUSY, /* Command Disallowed */
134 MGMT_STATUS_NO_RESOURCES, /* Rejected Limited Resources */
135 MGMT_STATUS_REJECTED, /* Rejected Security */
136 MGMT_STATUS_REJECTED, /* Rejected Personal */
137 MGMT_STATUS_TIMEOUT, /* Host Timeout */
138 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Feature */
139 MGMT_STATUS_INVALID_PARAMS, /* Invalid Parameters */
140 MGMT_STATUS_DISCONNECTED, /* OE User Ended Connection */
141 MGMT_STATUS_NO_RESOURCES, /* OE Low Resources */
142 MGMT_STATUS_DISCONNECTED, /* OE Power Off */
143 MGMT_STATUS_DISCONNECTED, /* Connection Terminated */
144 MGMT_STATUS_BUSY, /* Repeated Attempts */
145 MGMT_STATUS_REJECTED, /* Pairing Not Allowed */
146 MGMT_STATUS_FAILED, /* Unknown LMP PDU */
147 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Remote Feature */
148 MGMT_STATUS_REJECTED, /* SCO Offset Rejected */
149 MGMT_STATUS_REJECTED, /* SCO Interval Rejected */
150 MGMT_STATUS_REJECTED, /* Air Mode Rejected */
151 MGMT_STATUS_INVALID_PARAMS, /* Invalid LMP Parameters */
152 MGMT_STATUS_FAILED, /* Unspecified Error */
153 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported LMP Parameter Value */
154 MGMT_STATUS_FAILED, /* Role Change Not Allowed */
155 MGMT_STATUS_TIMEOUT, /* LMP Response Timeout */
156 MGMT_STATUS_FAILED, /* LMP Error Transaction Collision */
157 MGMT_STATUS_FAILED, /* LMP PDU Not Allowed */
158 MGMT_STATUS_REJECTED, /* Encryption Mode Not Accepted */
159 MGMT_STATUS_FAILED, /* Unit Link Key Used */
160 MGMT_STATUS_NOT_SUPPORTED, /* QoS Not Supported */
161 MGMT_STATUS_TIMEOUT, /* Instant Passed */
162 MGMT_STATUS_NOT_SUPPORTED, /* Pairing Not Supported */
163 MGMT_STATUS_FAILED, /* Transaction Collision */
164 MGMT_STATUS_INVALID_PARAMS, /* Unacceptable Parameter */
165 MGMT_STATUS_REJECTED, /* QoS Rejected */
166 MGMT_STATUS_NOT_SUPPORTED, /* Classification Not Supported */
167 MGMT_STATUS_REJECTED, /* Insufficient Security */
168 MGMT_STATUS_INVALID_PARAMS, /* Parameter Out Of Range */
169 MGMT_STATUS_BUSY, /* Role Switch Pending */
170 MGMT_STATUS_FAILED, /* Slot Violation */
171 MGMT_STATUS_FAILED, /* Role Switch Failed */
172 MGMT_STATUS_INVALID_PARAMS, /* EIR Too Large */
173 MGMT_STATUS_NOT_SUPPORTED, /* Simple Pairing Not Supported */
174 MGMT_STATUS_BUSY, /* Host Busy Pairing */
175 MGMT_STATUS_REJECTED, /* Rejected, No Suitable Channel */
176 MGMT_STATUS_BUSY, /* Controller Busy */
177 MGMT_STATUS_INVALID_PARAMS, /* Unsuitable Connection Interval */
178 MGMT_STATUS_TIMEOUT, /* Directed Advertising Timeout */
179 MGMT_STATUS_AUTH_FAILED, /* Terminated Due to MIC Failure */
180 MGMT_STATUS_CONNECT_FAILED, /* Connection Establishment Failed */
181 MGMT_STATUS_CONNECT_FAILED, /* MAC Connection Failed */
182};
183
bb4b2a9a
AE		 184bool mgmt_valid_hdev(struct hci_dev *hdev)
185{
186 return hdev->dev_type == HCI_BREDR;
187}
188
ca69b795
JH		 189static u8 mgmt_status(u8 hci_status)
190{
191 if (hci_status < ARRAY_SIZE(mgmt_status_table))
192 return mgmt_status_table[hci_status];
193
194 return MGMT_STATUS_FAILED;
195}
196
4e51eae9 197static int cmd_status(struct sock *sk, u16 index, u16 cmd, u8 status)
f7b64e69
JH		 198{
199 struct sk_buff *skb;
200 struct mgmt_hdr *hdr;
201 struct mgmt_ev_cmd_status *ev;
56b7d137 202 int err;
f7b64e69 203
34eb525c 204 BT_DBG("sock %p, index %u, cmd %u, status %u", sk, index, cmd, status);
f7b64e69 205
790eff44 206 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev), GFP_KERNEL);
f7b64e69
JH		 207 if (!skb)
208 return -ENOMEM;
209
210 hdr = (void *) skb_put(skb, sizeof(*hdr));
211
612dfce9 212 hdr->opcode = __constant_cpu_to_le16(MGMT_EV_CMD_STATUS);
4e51eae9 213 hdr->index = cpu_to_le16(index);
f7b64e69
JH		 214 hdr->len = cpu_to_le16(sizeof(*ev));
215
216 ev = (void *) skb_put(skb, sizeof(*ev));
217 ev->status = status;
eb55ef07 218 ev->opcode = cpu_to_le16(cmd);
f7b64e69 219
56b7d137
GP		 220 err = sock_queue_rcv_skb(sk, skb);
221 if (err < 0)
f7b64e69
JH		 222 kfree_skb(skb);
223
56b7d137 224 return err;
f7b64e69
JH		 225}
226
aee9b218 227static int cmd_complete(struct sock *sk, u16 index, u16 cmd, u8 status,
04124681 228 void *rp, size_t rp_len)
02d98129
JH		 229{
230 struct sk_buff *skb;
231 struct mgmt_hdr *hdr;
232 struct mgmt_ev_cmd_complete *ev;
56b7d137 233 int err;
02d98129
JH		 234
235 BT_DBG("sock %p", sk);
236
790eff44 237 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev) + rp_len, GFP_KERNEL);
02d98129
JH		 238 if (!skb)
239 return -ENOMEM;
240
241 hdr = (void *) skb_put(skb, sizeof(*hdr));
02d98129 242
612dfce9 243 hdr->opcode = __constant_cpu_to_le16(MGMT_EV_CMD_COMPLETE);
4e51eae9 244 hdr->index = cpu_to_le16(index);
a38528f1 245 hdr->len = cpu_to_le16(sizeof(*ev) + rp_len);
02d98129 246
a38528f1 247 ev = (void *) skb_put(skb, sizeof(*ev) + rp_len);
eb55ef07 248 ev->opcode = cpu_to_le16(cmd);
aee9b218 249 ev->status = status;
8020c16a
SJ		 250
251 if (rp)
252 memcpy(ev->data, rp, rp_len);
02d98129 253
56b7d137
GP		 254 err = sock_queue_rcv_skb(sk, skb);
255 if (err < 0)
02d98129
JH		 256 kfree_skb(skb);
257
e5f0e151 258 return err;
02d98129
JH		 259}
260
04124681
GP		 261static int read_version(struct sock *sk, struct hci_dev *hdev, void *data,
262 u16 data_len)
a38528f1
JH		 263{
264 struct mgmt_rp_read_version rp;
265
266 BT_DBG("sock %p", sk);
267
268 rp.version = MGMT_VERSION;
eb55ef07 269 rp.revision = __constant_cpu_to_le16(MGMT_REVISION);
a38528f1 270
aee9b218 271 return cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_VERSION, 0, &rp,
04124681 272 sizeof(rp));
a38528f1
JH		 273}
274
04124681
GP		 275static int read_commands(struct sock *sk, struct hci_dev *hdev, void *data,
276 u16 data_len)
e70bb2e8
JH		 277{
278 struct mgmt_rp_read_commands *rp;
eb55ef07
MH		 279 const u16 num_commands = ARRAY_SIZE(mgmt_commands);
280 const u16 num_events = ARRAY_SIZE(mgmt_events);
2e3c35ea 281 __le16 *opcode;
e70bb2e8
JH		 282 size_t rp_size;
283 int i, err;
284
285 BT_DBG("sock %p", sk);
286
287 rp_size = sizeof(*rp) + ((num_commands + num_events) * sizeof(u16));
288
289 rp = kmalloc(rp_size, GFP_KERNEL);
290 if (!rp)
291 return -ENOMEM;
292
eb55ef07
MH		 293 rp->num_commands = __constant_cpu_to_le16(num_commands);
294 rp->num_events = __constant_cpu_to_le16(num_events);
e70bb2e8
JH		 295
296 for (i = 0, opcode = rp->opcodes; i < num_commands; i++, opcode++)
297 put_unaligned_le16(mgmt_commands[i], opcode);
298
299 for (i = 0; i < num_events; i++, opcode++)
300 put_unaligned_le16(mgmt_events[i], opcode);
301
aee9b218 302 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_COMMANDS, 0, rp,
04124681 303 rp_size);
e70bb2e8
JH		 304 kfree(rp);
305
306 return err;
307}
308
04124681
GP		 309static int read_index_list(struct sock *sk, struct hci_dev *hdev, void *data,
310 u16 data_len)
faba42eb 311{
faba42eb 312 struct mgmt_rp_read_index_list *rp;
8035ded4 313 struct hci_dev *d;
a38528f1 314 size_t rp_len;
faba42eb 315 u16 count;
476e44cb 316 int err;
faba42eb
JH		 317
318 BT_DBG("sock %p", sk);
319
320 read_lock(&hci_dev_list_lock);
321
322 count = 0;
bb4b2a9a
AE		 323 list_for_each_entry(d, &hci_dev_list, list) {
324 if (!mgmt_valid_hdev(d))
325 continue;
326
faba42eb
JH		 327 count++;
328 }
329
a38528f1
JH		 330 rp_len = sizeof(*rp) + (2 * count);
331 rp = kmalloc(rp_len, GFP_ATOMIC);
332 if (!rp) {
b2c60d42 333 read_unlock(&hci_dev_list_lock);
faba42eb 334 return -ENOMEM;
b2c60d42 335 }
faba42eb 336
476e44cb 337 count = 0;
8035ded4 338 list_for_each_entry(d, &hci_dev_list, list) {
a8b2d5c2 339 if (test_bit(HCI_SETUP, &d->dev_flags))
ab81cbf9
JH		 340 continue;
341
0736cfa8
MH		 342 if (test_bit(HCI_USER_CHANNEL, &d->dev_flags))
343 continue;
344
bb4b2a9a
AE		 345 if (!mgmt_valid_hdev(d))
346 continue;
347
476e44cb 348 rp->index[count++] = cpu_to_le16(d->id);
faba42eb
JH		 349 BT_DBG("Added hci%u", d->id);
350 }
351
476e44cb
JH		 352 rp->num_controllers = cpu_to_le16(count);
353 rp_len = sizeof(*rp) + (2 * count);
354
faba42eb
JH		 355 read_unlock(&hci_dev_list_lock);
356
aee9b218 357 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_INDEX_LIST, 0, rp,
04124681 358 rp_len);
faba42eb 359
a38528f1
JH		 360 kfree(rp);
361
362 return err;
faba42eb
JH		 363}
364
69ab39ea
JH		 365static u32 get_supported_settings(struct hci_dev *hdev)
366{
367 u32 settings = 0;
368
369 settings |= MGMT_SETTING_POWERED;
69ab39ea
JH		 370 settings |= MGMT_SETTING_PAIRABLE;
371
9a1a1996 372 if (lmp_ssp_capable(hdev))
69ab39ea
JH		 373 settings |= MGMT_SETTING_SSP;
374
ed3fa31f 375 if (lmp_bredr_capable(hdev)) {
33c525c0 376 settings |= MGMT_SETTING_CONNECTABLE;
1a47aee8
JH		 377 if (hdev->hci_ver >= BLUETOOTH_VER_1_2)
378 settings |= MGMT_SETTING_FAST_CONNECTABLE;
33c525c0 379 settings |= MGMT_SETTING_DISCOVERABLE;
69ab39ea
JH		 380 settings |= MGMT_SETTING_BREDR;
381 settings |= MGMT_SETTING_LINK_SECURITY;
382 }
383
d7b7e796
MH		 384 if (enable_hs)
385 settings |= MGMT_SETTING_HS;
386
c383ddc4 387 if (lmp_le_capable(hdev))
9d42820f 388 settings |= MGMT_SETTING_LE;
69ab39ea
JH		 389
390 return settings;
391}
392
393static u32 get_current_settings(struct hci_dev *hdev)
394{
395 u32 settings = 0;
396
f1f0eb02 397 if (hdev_is_powered(hdev))
f0d4b78a
MH		 398 settings |= MGMT_SETTING_POWERED;
399
5e5282bb 400 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
69ab39ea
JH		 401 settings |= MGMT_SETTING_CONNECTABLE;
402
1a4d3c4b
JH		 403 if (test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags))
404 settings |= MGMT_SETTING_FAST_CONNECTABLE;
405
5e5282bb 406 if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
69ab39ea
JH		 407 settings |= MGMT_SETTING_DISCOVERABLE;
408
a8b2d5c2 409 if (test_bit(HCI_PAIRABLE, &hdev->dev_flags))
69ab39ea
JH		 410 settings |= MGMT_SETTING_PAIRABLE;
411
ed3fa31f 412 if (lmp_bredr_capable(hdev))
69ab39ea
JH		 413 settings |= MGMT_SETTING_BREDR;
414
06199cf8 415 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
69ab39ea
JH		 416 settings |= MGMT_SETTING_LE;
417
47990ea0 418 if (test_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
69ab39ea
JH		 419 settings |= MGMT_SETTING_LINK_SECURITY;
420
84bde9d6 421 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
69ab39ea
JH		 422 settings |= MGMT_SETTING_SSP;
423
6d80dfd0
JH		 424 if (test_bit(HCI_HS_ENABLED, &hdev->dev_flags))
425 settings |= MGMT_SETTING_HS;
426
69ab39ea
JH		 427 return settings;
428}
429
ef580372
JH		 430#define PNP_INFO_SVCLASS_ID 0x1200
431
213202ed
JH		 432static u8 *create_uuid16_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
433{
434 u8 *ptr = data, *uuids_start = NULL;
435 struct bt_uuid *uuid;
436
437 if (len < 4)
438 return ptr;
439
440 list_for_each_entry(uuid, &hdev->uuids, list) {
441 u16 uuid16;
442
443 if (uuid->size != 16)
444 continue;
445
446 uuid16 = get_unaligned_le16(&uuid->uuid[12]);
447 if (uuid16 < 0x1100)
448 continue;
449
450 if (uuid16 == PNP_INFO_SVCLASS_ID)
451 continue;
452
453 if (!uuids_start) {
454 uuids_start = ptr;
455 uuids_start[0] = 1;
456 uuids_start[1] = EIR_UUID16_ALL;
457 ptr += 2;
458 }
459
460 /* Stop if not enough space to put next UUID */
461 if ((ptr - data) + sizeof(u16) > len) {
462 uuids_start[1] = EIR_UUID16_SOME;
463 break;
464 }
465
466 *ptr++ = (uuid16 & 0x00ff);
467 *ptr++ = (uuid16 & 0xff00) >> 8;
468 uuids_start[0] += sizeof(uuid16);
469 }
470
471 return ptr;
472}
473
cdf1963f
JH		 474static u8 *create_uuid32_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
475{
476 u8 *ptr = data, *uuids_start = NULL;
477 struct bt_uuid *uuid;
478
479 if (len < 6)
480 return ptr;
481
482 list_for_each_entry(uuid, &hdev->uuids, list) {
483 if (uuid->size != 32)
484 continue;
485
486 if (!uuids_start) {
487 uuids_start = ptr;
488 uuids_start[0] = 1;
489 uuids_start[1] = EIR_UUID32_ALL;
490 ptr += 2;
491 }
492
493 /* Stop if not enough space to put next UUID */
494 if ((ptr - data) + sizeof(u32) > len) {
495 uuids_start[1] = EIR_UUID32_SOME;
496 break;
497 }
498
499 memcpy(ptr, &uuid->uuid[12], sizeof(u32));
500 ptr += sizeof(u32);
501 uuids_start[0] += sizeof(u32);
502 }
503
504 return ptr;
505}
506
c00d575b
JH		 507static u8 *create_uuid128_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
508{
509 u8 *ptr = data, *uuids_start = NULL;
510 struct bt_uuid *uuid;
511
512 if (len < 18)
513 return ptr;
514
515 list_for_each_entry(uuid, &hdev->uuids, list) {
516 if (uuid->size != 128)
517 continue;
518
519 if (!uuids_start) {
520 uuids_start = ptr;
521 uuids_start[0] = 1;
522 uuids_start[1] = EIR_UUID128_ALL;
523 ptr += 2;
524 }
525
526 /* Stop if not enough space to put next UUID */
527 if ((ptr - data) + 16 > len) {
528 uuids_start[1] = EIR_UUID128_SOME;
529 break;
530 }
531
532 memcpy(ptr, uuid->uuid, 16);
533 ptr += 16;
534 uuids_start[0] += 16;
535 }
536
537 return ptr;
538}
539
ef580372
JH		 540static void create_eir(struct hci_dev *hdev, u8 *data)
541{
542 u8 *ptr = data;
ef580372
JH		 543 size_t name_len;
544
545 name_len = strlen(hdev->dev_name);
546
547 if (name_len > 0) {
548 /* EIR Data type */
549 if (name_len > 48) {
550 name_len = 48;
551 ptr[1] = EIR_NAME_SHORT;
552 } else
553 ptr[1] = EIR_NAME_COMPLETE;
554
555 /* EIR Data length */
556 ptr[0] = name_len + 1;
557
558 memcpy(ptr + 2, hdev->dev_name, name_len);
559
ef580372
JH		 560 ptr += (name_len + 2);
561 }
562
bbaf444a 563 if (hdev->inq_tx_power != HCI_TX_POWER_INVALID) {
91c4e9b1
MH		 564 ptr[0] = 2;
565 ptr[1] = EIR_TX_POWER;
566 ptr[2] = (u8) hdev->inq_tx_power;
567
91c4e9b1
MH		 568 ptr += 3;
569 }
570
2b9be137
MH		 571 if (hdev->devid_source > 0) {
572 ptr[0] = 9;
573 ptr[1] = EIR_DEVICE_ID;
574
575 put_unaligned_le16(hdev->devid_source, ptr + 2);
576 put_unaligned_le16(hdev->devid_vendor, ptr + 4);
577 put_unaligned_le16(hdev->devid_product, ptr + 6);
578 put_unaligned_le16(hdev->devid_version, ptr + 8);
579
2b9be137
MH		 580 ptr += 10;
581 }
582
213202ed 583 ptr = create_uuid16_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
cdf1963f 584 ptr = create_uuid32_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
c00d575b 585 ptr = create_uuid128_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
ef580372
JH		 586}
587
890ea898 588static void update_eir(struct hci_request *req)
ef580372 589{
890ea898 590 struct hci_dev *hdev = req->hdev;
ef580372
JH		 591 struct hci_cp_write_eir cp;
592
504c8dcd 593 if (!hdev_is_powered(hdev))
890ea898 594 return;
7770c4aa 595
976eb20e 596 if (!lmp_ext_inq_capable(hdev))
890ea898 597 return;
ef580372 598
84bde9d6 599 if (!test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
890ea898 600 return;
ef580372 601
a8b2d5c2 602 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
890ea898 603 return;
ef580372
JH		 604
605 memset(&cp, 0, sizeof(cp));
606
607 create_eir(hdev, cp.data);
608
609 if (memcmp(cp.data, hdev->eir, sizeof(cp.data)) == 0)
890ea898 610 return;
ef580372
JH		 611
612 memcpy(hdev->eir, cp.data, sizeof(cp.data));
613
890ea898 614 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
ef580372
JH		 615}
616
617static u8 get_service_classes(struct hci_dev *hdev)
618{
619 struct bt_uuid *uuid;
620 u8 val = 0;
621
622 list_for_each_entry(uuid, &hdev->uuids, list)
623 val |= uuid->svc_hint;
624
625 return val;
626}
627
890ea898 628static void update_class(struct hci_request *req)
ef580372 629{
890ea898 630 struct hci_dev *hdev = req->hdev;
ef580372
JH		 631 u8 cod[3];
632
633 BT_DBG("%s", hdev->name);
634
504c8dcd 635 if (!hdev_is_powered(hdev))
890ea898 636 return;
7770c4aa 637
a8b2d5c2 638 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
890ea898 639 return;
ef580372
JH		 640
641 cod[0] = hdev->minor_class;
642 cod[1] = hdev->major_class;
643 cod[2] = get_service_classes(hdev);
644
645 if (memcmp(cod, hdev->dev_class, 3) == 0)
890ea898 646 return;
ef580372 647
890ea898 648 hci_req_add(req, HCI_OP_WRITE_CLASS_OF_DEV, sizeof(cod), cod);
ef580372
JH		 649}
650
7d78525d
JH		 651static void service_cache_off(struct work_struct *work)
652{
653 struct hci_dev *hdev = container_of(work, struct hci_dev,
04124681 654 service_cache.work);
890ea898 655 struct hci_request req;
7d78525d 656
a8b2d5c2 657 if (!test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
7d78525d
JH		 658 return;
659
890ea898
JH		 660 hci_req_init(&req, hdev);
661
7d78525d
JH		 662 hci_dev_lock(hdev);
663
890ea898
JH		 664 update_eir(&req);
665 update_class(&req);
7d78525d
JH		 666
667 hci_dev_unlock(hdev);
890ea898
JH		 668
669 hci_req_run(&req, NULL);
7d78525d
JH		 670}
671
6a919082 672static void mgmt_init_hdev(struct sock *sk, struct hci_dev *hdev)
7d78525d 673{
4f87da80 674 if (test_and_set_bit(HCI_MGMT, &hdev->dev_flags))
6a919082
JH		 675 return;
676
4f87da80 677 INIT_DELAYED_WORK(&hdev->service_cache, service_cache_off);
7d78525d 678
4f87da80
JH		 679 /* Non-mgmt controlled devices get this bit set
680 * implicitly so that pairing works for them, however
681 * for mgmt we require user-space to explicitly enable
682 * it
683 */
684 clear_bit(HCI_PAIRABLE, &hdev->dev_flags);
7d78525d
JH		 685}
686
0f4e68cf 687static int read_controller_info(struct sock *sk, struct hci_dev *hdev,
04124681 688 void *data, u16 data_len)
0381101f 689{
a38528f1 690 struct mgmt_rp_read_info rp;
f7b64e69 691
bdb6d971 692 BT_DBG("sock %p %s", sk, hdev->name);
f7b64e69 693
09fd0de5 694 hci_dev_lock(hdev);
f7b64e69 695
dc4fe30b
JH		 696 memset(&rp, 0, sizeof(rp));
697
69ab39ea 698 bacpy(&rp.bdaddr, &hdev->bdaddr);
f7b64e69 699
69ab39ea 700 rp.version = hdev->hci_ver;
eb55ef07 701 rp.manufacturer = cpu_to_le16(hdev->manufacturer);
69ab39ea
JH		 702
703 rp.supported_settings = cpu_to_le32(get_supported_settings(hdev));
704 rp.current_settings = cpu_to_le32(get_current_settings(hdev));
f7b64e69 705
a38528f1 706 memcpy(rp.dev_class, hdev->dev_class, 3);
f7b64e69 707
dc4fe30b 708 memcpy(rp.name, hdev->dev_name, sizeof(hdev->dev_name));
27fcc362 709 memcpy(rp.short_name, hdev->short_name, sizeof(hdev->short_name));
dc4fe30b 710
09fd0de5 711 hci_dev_unlock(hdev);
0381101f 712
bdb6d971 713 return cmd_complete(sk, hdev->id, MGMT_OP_READ_INFO, 0, &rp,
04124681 714 sizeof(rp));
0381101f
JH		 715}
716
eec8d2bc
JH		 717static void mgmt_pending_free(struct pending_cmd *cmd)
718{
719 sock_put(cmd->sk);
c68fb7ff 720 kfree(cmd->param);
eec8d2bc
JH		 721 kfree(cmd);
722}
723
366a0336 724static struct pending_cmd *mgmt_pending_add(struct sock *sk, u16 opcode,
04124681
GP		 725 struct hci_dev *hdev, void *data,
726 u16 len)
eec8d2bc
JH		 727{
728 struct pending_cmd *cmd;
729
12b94565 730 cmd = kmalloc(sizeof(*cmd), GFP_KERNEL);
eec8d2bc 731 if (!cmd)
366a0336 732 return NULL;
eec8d2bc
JH		 733
734 cmd->opcode = opcode;
2e58ef3e 735 cmd->index = hdev->id;
eec8d2bc 736
12b94565 737 cmd->param = kmalloc(len, GFP_KERNEL);
c68fb7ff 738 if (!cmd->param) {
eec8d2bc 739 kfree(cmd);
366a0336 740 return NULL;
eec8d2bc
JH		 741 }
742
8fce6357
SJ		 743 if (data)
744 memcpy(cmd->param, data, len);
eec8d2bc
JH		 745
746 cmd->sk = sk;
747 sock_hold(sk);
748
2e58ef3e 749 list_add(&cmd->list, &hdev->mgmt_pending);
eec8d2bc 750
366a0336 751 return cmd;
eec8d2bc
JH		 752}
753
744cf19e 754static void mgmt_pending_foreach(u16 opcode, struct hci_dev *hdev,
8fc9ced3
GP		 755 void (*cb)(struct pending_cmd *cmd,
756 void *data),
04124681 757 void *data)
eec8d2bc 758{
a3d09356 759 struct pending_cmd *cmd, *tmp;
eec8d2bc 760
a3d09356 761 list_for_each_entry_safe(cmd, tmp, &hdev->mgmt_pending, list) {
b24752fe 762 if (opcode > 0 && cmd->opcode != opcode)
eec8d2bc
JH		 763 continue;
764
eec8d2bc
JH		 765 cb(cmd, data);
766 }
767}
768
2e58ef3e 769static struct pending_cmd *mgmt_pending_find(u16 opcode, struct hci_dev *hdev)
eec8d2bc 770{
8035ded4 771 struct pending_cmd *cmd;
eec8d2bc 772
2e58ef3e 773 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
2aeabcbe
JH		 774 if (cmd->opcode == opcode)
775 return cmd;
eec8d2bc
JH		 776 }
777
778 return NULL;
779}
780
a664b5bc 781static void mgmt_pending_remove(struct pending_cmd *cmd)
73f22f62 782{
73f22f62
JH		 783 list_del(&cmd->list);
784 mgmt_pending_free(cmd);
785}
786
69ab39ea 787static int send_settings_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
8680570b 788{
69ab39ea 789 __le32 settings = cpu_to_le32(get_current_settings(hdev));
8680570b 790
aee9b218 791 return cmd_complete(sk, hdev->id, opcode, 0, &settings,
04124681 792 sizeof(settings));
8680570b
JH		 793}
794
bdb6d971 795static int set_powered(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 796 u16 len)
eec8d2bc 797{
650f726d 798 struct mgmt_mode *cp = data;
366a0336 799 struct pending_cmd *cmd;
4b34ee78 800 int err;
eec8d2bc 801
bdb6d971 802 BT_DBG("request for %s", hdev->name);
eec8d2bc 803
a7e80f25
JH		 804 if (cp->val != 0x00 && cp->val != 0x01)
805 return cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
806 MGMT_STATUS_INVALID_PARAMS);
807
09fd0de5 808 hci_dev_lock(hdev);
eec8d2bc 809
f0d4b78a
MH		 810 if (test_and_clear_bit(HCI_AUTO_OFF, &hdev->dev_flags)) {
811 cancel_delayed_work(&hdev->power_off);
812
813 if (cp->val) {
a1d70450
JH		 814 mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev,
815 data, len);
816 err = mgmt_powered(hdev, 1);
f0d4b78a
MH		 817 goto failed;
818 }
819 }
820
4b34ee78 821 if (!!cp->val == hdev_is_powered(hdev)) {
69ab39ea 822 err = send_settings_rsp(sk, MGMT_OP_SET_POWERED, hdev);
eec8d2bc
JH		 823 goto failed;
824 }
825
2e58ef3e 826 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev)) {
bdb6d971 827 err = cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
04124681 828 MGMT_STATUS_BUSY);
eec8d2bc
JH		 829 goto failed;
830 }
831
2e58ef3e 832 cmd = mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev, data, len);
366a0336
JH		 833 if (!cmd) {
834 err = -ENOMEM;
eec8d2bc 835 goto failed;
366a0336 836 }
eec8d2bc 837
72a734ec 838 if (cp->val)
19202573 839 queue_work(hdev->req_workqueue, &hdev->power_on);
eec8d2bc 840 else
19202573 841 queue_work(hdev->req_workqueue, &hdev->power_off.work);
eec8d2bc 842
366a0336 843 err = 0;
eec8d2bc
JH		 844
845failed:
09fd0de5 846 hci_dev_unlock(hdev);
366a0336 847 return err;
eec8d2bc
JH		 848}
849
04124681
GP		 850static int mgmt_event(u16 event, struct hci_dev *hdev, void *data, u16 data_len,
851 struct sock *skip_sk)
beadb2bd
JH		 852{
853 struct sk_buff *skb;
854 struct mgmt_hdr *hdr;
855
790eff44 856 skb = alloc_skb(sizeof(*hdr) + data_len, GFP_KERNEL);
beadb2bd
JH		 857 if (!skb)
858 return -ENOMEM;
859
860 hdr = (void *) skb_put(skb, sizeof(*hdr));
861 hdr->opcode = cpu_to_le16(event);
862 if (hdev)
863 hdr->index = cpu_to_le16(hdev->id);
864 else
612dfce9 865 hdr->index = __constant_cpu_to_le16(MGMT_INDEX_NONE);
beadb2bd
JH		 866 hdr->len = cpu_to_le16(data_len);
867
868 if (data)
869 memcpy(skb_put(skb, data_len), data, data_len);
870
97e0bdeb
MH		 871 /* Time stamp */
872 __net_timestamp(skb);
873
beadb2bd
JH		 874 hci_send_to_control(skb, skip_sk);
875 kfree_skb(skb);
876
877 return 0;
878}
879
880static int new_settings(struct hci_dev *hdev, struct sock *skip)
881{
882 __le32 ev;
883
884 ev = cpu_to_le32(get_current_settings(hdev));
885
886 return mgmt_event(MGMT_EV_NEW_SETTINGS, hdev, &ev, sizeof(ev), skip);
887}
888
bdb6d971 889static int set_discoverable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 890 u16 len)
73f22f62 891{
650f726d 892 struct mgmt_cp_set_discoverable *cp = data;
366a0336 893 struct pending_cmd *cmd;
5e5282bb 894 u16 timeout;
73f22f62
JH		 895 u8 scan;
896 int err;
897
bdb6d971 898 BT_DBG("request for %s", hdev->name);
73f22f62 899
33c525c0
JH		 900 if (!lmp_bredr_capable(hdev))
901 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
902 MGMT_STATUS_NOT_SUPPORTED);
903
a7e80f25
JH		 904 if (cp->val != 0x00 && cp->val != 0x01)
905 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
906 MGMT_STATUS_INVALID_PARAMS);
907
1f350c87 908 timeout = __le16_to_cpu(cp->timeout);
24c54a90 909 if (!cp->val && timeout > 0)
bdb6d971 910 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 911 MGMT_STATUS_INVALID_PARAMS);
73f22f62 912
09fd0de5 913 hci_dev_lock(hdev);
73f22f62 914
5e5282bb 915 if (!hdev_is_powered(hdev) && timeout > 0) {
bdb6d971 916 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 917 MGMT_STATUS_NOT_POWERED);
73f22f62
JH		 918 goto failed;
919 }
920
2e58ef3e 921 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
8ce8e2b5 922 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
bdb6d971 923 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 924 MGMT_STATUS_BUSY);
73f22f62
JH		 925 goto failed;
926 }
927
5e5282bb 928 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags)) {
bdb6d971 929 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 930 MGMT_STATUS_REJECTED);
5e5282bb
JH		 931 goto failed;
932 }
933
934 if (!hdev_is_powered(hdev)) {
0224d2fa
JH		 935 bool changed = false;
936
937 if (!!cp->val != test_bit(HCI_DISCOVERABLE, &hdev->dev_flags)) {
938 change_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
939 changed = true;
940 }
941
5e5282bb 942 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
0224d2fa
JH		 943 if (err < 0)
944 goto failed;
945
946 if (changed)
947 err = new_settings(hdev, sk);
948
5e5282bb
JH		 949 goto failed;
950 }
951
952 if (!!cp->val == test_bit(HCI_DISCOVERABLE, &hdev->dev_flags)) {
955638ec
MH		 953 if (hdev->discov_timeout > 0) {
954 cancel_delayed_work(&hdev->discov_off);
955 hdev->discov_timeout = 0;
956 }
957
958 if (cp->val && timeout > 0) {
959 hdev->discov_timeout = timeout;
960 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
961 msecs_to_jiffies(hdev->discov_timeout * 1000));
962 }
963
69ab39ea 964 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
73f22f62
JH		 965 goto failed;
966 }
967
2e58ef3e 968 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DISCOVERABLE, hdev, data, len);
366a0336
JH		 969 if (!cmd) {
970 err = -ENOMEM;
73f22f62 971 goto failed;
366a0336 972 }
73f22f62
JH		 973
974 scan = SCAN_PAGE;
975
72a734ec 976 if (cp->val)
73f22f62 977 scan |= SCAN_INQUIRY;
16ab91ab 978 else
e0f9309f 979 cancel_delayed_work(&hdev->discov_off);
73f22f62
JH		 980
981 err = hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
982 if (err < 0)
a664b5bc 983 mgmt_pending_remove(cmd);
73f22f62 984
16ab91ab 985 if (cp->val)
5e5282bb 986 hdev->discov_timeout = timeout;
16ab91ab 987
73f22f62 988failed:
09fd0de5 989 hci_dev_unlock(hdev);
73f22f62
JH		 990 return err;
991}
992
406d7804
JH		 993static void write_fast_connectable(struct hci_request *req, bool enable)
994{
bd98b996 995 struct hci_dev *hdev = req->hdev;
406d7804
JH		 996 struct hci_cp_write_page_scan_activity acp;
997 u8 type;
998
4c01f8b8
JH		 999 if (hdev->hci_ver < BLUETOOTH_VER_1_2)
1000 return;
1001
406d7804
JH		 1002 if (enable) {
1003 type = PAGE_SCAN_TYPE_INTERLACED;
1004
1005 /* 160 msec page scan interval */
1006 acp.interval = __constant_cpu_to_le16(0x0100);
1007 } else {
1008 type = PAGE_SCAN_TYPE_STANDARD; /* default */
1009
1010 /* default 1.28 sec page scan */
1011 acp.interval = __constant_cpu_to_le16(0x0800);
1012 }
1013
1014 acp.window = __constant_cpu_to_le16(0x0012);
1015
bd98b996
JH		 1016 if (__cpu_to_le16(hdev->page_scan_interval) != acp.interval ||
1017 __cpu_to_le16(hdev->page_scan_window) != acp.window)
1018 hci_req_add(req, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY,
1019 sizeof(acp), &acp);
1020
1021 if (hdev->page_scan_type != type)
1022 hci_req_add(req, HCI_OP_WRITE_PAGE_SCAN_TYPE, 1, &type);
406d7804
JH		 1023}
1024
2b76f453
JH		 1025static void set_connectable_complete(struct hci_dev *hdev, u8 status)
1026{
1027 struct pending_cmd *cmd;
1028
1029 BT_DBG("status 0x%02x", status);
1030
1031 hci_dev_lock(hdev);
1032
1033 cmd = mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
1034 if (!cmd)
1035 goto unlock;
1036
1037 send_settings_rsp(cmd->sk, MGMT_OP_SET_CONNECTABLE, hdev);
1038
1039 mgmt_pending_remove(cmd);
1040
1041unlock:
1042 hci_dev_unlock(hdev);
1043}
1044
bdb6d971 1045static int set_connectable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1046 u16 len)
9fbcbb45 1047{
650f726d 1048 struct mgmt_mode *cp = data;
366a0336 1049 struct pending_cmd *cmd;
2b76f453 1050 struct hci_request req;
9fbcbb45
JH		 1051 u8 scan;
1052 int err;
1053
bdb6d971 1054 BT_DBG("request for %s", hdev->name);
9fbcbb45 1055
33c525c0
JH		 1056 if (!lmp_bredr_capable(hdev))
1057 return cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1058 MGMT_STATUS_NOT_SUPPORTED);
1059
a7e80f25
JH		 1060 if (cp->val != 0x00 && cp->val != 0x01)
1061 return cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1062 MGMT_STATUS_INVALID_PARAMS);
1063
09fd0de5 1064 hci_dev_lock(hdev);
9fbcbb45 1065
4b34ee78 1066 if (!hdev_is_powered(hdev)) {
0224d2fa
JH		 1067 bool changed = false;
1068
1069 if (!!cp->val != test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
1070 changed = true;
1071
6bf0e469 1072 if (cp->val) {
5e5282bb 1073 set_bit(HCI_CONNECTABLE, &hdev->dev_flags);
6bf0e469 1074 } else {
5e5282bb
JH		 1075 clear_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1076 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
1077 }
0224d2fa 1078
5e5282bb 1079 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
0224d2fa
JH		 1080 if (err < 0)
1081 goto failed;
1082
1083 if (changed)
1084 err = new_settings(hdev, sk);
1085
9fbcbb45
JH		 1086 goto failed;
1087 }
1088
2e58ef3e 1089 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
8ce8e2b5 1090 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
bdb6d971 1091 err = cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
04124681 1092 MGMT_STATUS_BUSY);
9fbcbb45
JH		 1093 goto failed;
1094 }
1095
5e5282bb 1096 if (!!cp->val == test_bit(HCI_PSCAN, &hdev->flags)) {
69ab39ea 1097 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
9fbcbb45
JH		 1098 goto failed;
1099 }
1100
2e58ef3e 1101 cmd = mgmt_pending_add(sk, MGMT_OP_SET_CONNECTABLE, hdev, data, len);
366a0336
JH		 1102 if (!cmd) {
1103 err = -ENOMEM;
9fbcbb45 1104 goto failed;
366a0336 1105 }
9fbcbb45 1106
6bf0e469 1107 if (cp->val) {
9fbcbb45 1108 scan = SCAN_PAGE;
6bf0e469 1109 } else {
9fbcbb45
JH		 1110 scan = 0;
1111
df2c6c5e 1112 if (test_bit(HCI_ISCAN, &hdev->flags) &&
8ce8e2b5 1113 hdev->discov_timeout > 0)
df2c6c5e
JH		 1114 cancel_delayed_work(&hdev->discov_off);
1115 }
1116
2b76f453
JH		 1117 hci_req_init(&req, hdev);
1118
1119 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1120
4c01f8b8
JH		 1121 /* If we're going from non-connectable to connectable or
1122 * vice-versa when fast connectable is enabled ensure that fast
1123 * connectable gets disabled. write_fast_connectable won't do
1124 * anything if the page scan parameters are already what they
1125 * should be.
1126 */
1127 if (cp->val || test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags))
e36a3769
JH		 1128 write_fast_connectable(&req, false);
1129
2b76f453 1130 err = hci_req_run(&req, set_connectable_complete);
9fbcbb45 1131 if (err < 0)
a664b5bc 1132 mgmt_pending_remove(cmd);
9fbcbb45
JH		 1133
1134failed:
09fd0de5 1135 hci_dev_unlock(hdev);
9fbcbb45
JH		 1136 return err;
1137}
1138
bdb6d971 1139static int set_pairable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1140 u16 len)
c542a06c 1141{
650f726d 1142 struct mgmt_mode *cp = data;
c542a06c
JH		 1143 int err;
1144
bdb6d971 1145 BT_DBG("request for %s", hdev->name);
c542a06c 1146
a7e80f25
JH		 1147 if (cp->val != 0x00 && cp->val != 0x01)
1148 return cmd_status(sk, hdev->id, MGMT_OP_SET_PAIRABLE,
1149 MGMT_STATUS_INVALID_PARAMS);
1150
09fd0de5 1151 hci_dev_lock(hdev);
c542a06c
JH		 1152
1153 if (cp->val)
a8b2d5c2 1154 set_bit(HCI_PAIRABLE, &hdev->dev_flags);
c542a06c 1155 else
a8b2d5c2 1156 clear_bit(HCI_PAIRABLE, &hdev->dev_flags);
c542a06c 1157
69ab39ea 1158 err = send_settings_rsp(sk, MGMT_OP_SET_PAIRABLE, hdev);
c542a06c
JH		 1159 if (err < 0)
1160 goto failed;
1161
beadb2bd 1162 err = new_settings(hdev, sk);
c542a06c
JH		 1163
1164failed:
09fd0de5 1165 hci_dev_unlock(hdev);
c542a06c
JH		 1166 return err;
1167}
1168
04124681
GP		 1169static int set_link_security(struct sock *sk, struct hci_dev *hdev, void *data,
1170 u16 len)
33ef95ed
JH		 1171{
1172 struct mgmt_mode *cp = data;
1173 struct pending_cmd *cmd;
816a11d5 1174 u8 val;
33ef95ed
JH		 1175 int err;
1176
bdb6d971 1177 BT_DBG("request for %s", hdev->name);
33ef95ed 1178
33c525c0
JH		 1179 if (!lmp_bredr_capable(hdev))
1180 return cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1181 MGMT_STATUS_NOT_SUPPORTED);
1182
a7e80f25
JH		 1183 if (cp->val != 0x00 && cp->val != 0x01)
1184 return cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1185 MGMT_STATUS_INVALID_PARAMS);
1186
33ef95ed
JH		 1187 hci_dev_lock(hdev);
1188
4b34ee78 1189 if (!hdev_is_powered(hdev)) {
47990ea0
JH		 1190 bool changed = false;
1191
1192 if (!!cp->val != test_bit(HCI_LINK_SECURITY,
8ce8e2b5 1193 &hdev->dev_flags)) {
47990ea0
JH		 1194 change_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
1195 changed = true;
1196 }
1197
1198 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1199 if (err < 0)
1200 goto failed;
1201
1202 if (changed)
1203 err = new_settings(hdev, sk);
1204
33ef95ed
JH		 1205 goto failed;
1206 }
1207
1208 if (mgmt_pending_find(MGMT_OP_SET_LINK_SECURITY, hdev)) {
bdb6d971 1209 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
04124681 1210 MGMT_STATUS_BUSY);
33ef95ed
JH		 1211 goto failed;
1212 }
1213
1214 val = !!cp->val;
1215
1216 if (test_bit(HCI_AUTH, &hdev->flags) == val) {
1217 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1218 goto failed;
1219 }
1220
1221 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LINK_SECURITY, hdev, data, len);
1222 if (!cmd) {
1223 err = -ENOMEM;
1224 goto failed;
1225 }
1226
1227 err = hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE, sizeof(val), &val);
1228 if (err < 0) {
1229 mgmt_pending_remove(cmd);
1230 goto failed;
1231 }
1232
1233failed:
1234 hci_dev_unlock(hdev);
33ef95ed
JH		 1235 return err;
1236}
1237
bdb6d971 1238static int set_ssp(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
ed2c4ee3
JH		 1239{
1240 struct mgmt_mode *cp = data;
1241 struct pending_cmd *cmd;
816a11d5 1242 u8 val;
ed2c4ee3
JH		 1243 int err;
1244
bdb6d971 1245 BT_DBG("request for %s", hdev->name);
ed2c4ee3 1246
13ecd8b6
JH		 1247 if (!lmp_ssp_capable(hdev))
1248 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1249 MGMT_STATUS_NOT_SUPPORTED);
ed2c4ee3 1250
a7e80f25
JH		 1251 if (cp->val != 0x00 && cp->val != 0x01)
1252 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1253 MGMT_STATUS_INVALID_PARAMS);
1254
13ecd8b6 1255 hci_dev_lock(hdev);
6c8f12c1 1256
c0ecddc2
JH		 1257 val = !!cp->val;
1258
4b34ee78 1259 if (!hdev_is_powered(hdev)) {
c0ecddc2
JH		 1260 bool changed = false;
1261
1262 if (val != test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) {
1263 change_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
1264 changed = true;
1265 }
1266
1267 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1268 if (err < 0)
1269 goto failed;
1270
1271 if (changed)
1272 err = new_settings(hdev, sk);
1273
ed2c4ee3
JH		 1274 goto failed;
1275 }
1276
1277 if (mgmt_pending_find(MGMT_OP_SET_SSP, hdev)) {
d97dcb66
SJ		 1278 err = cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1279 MGMT_STATUS_BUSY);
ed2c4ee3
JH		 1280 goto failed;
1281 }
1282
ed2c4ee3
JH		 1283 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags) == val) {
1284 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1285 goto failed;
1286 }
1287
1288 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SSP, hdev, data, len);
1289 if (!cmd) {
1290 err = -ENOMEM;
1291 goto failed;
1292 }
1293
1294 err = hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, sizeof(val), &val);
1295 if (err < 0) {
1296 mgmt_pending_remove(cmd);
1297 goto failed;
1298 }
1299
1300failed:
1301 hci_dev_unlock(hdev);
ed2c4ee3
JH		 1302 return err;
1303}
1304
bdb6d971 1305static int set_hs(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
6d80dfd0
JH		 1306{
1307 struct mgmt_mode *cp = data;
6d80dfd0 1308
bdb6d971 1309 BT_DBG("request for %s", hdev->name);
6d80dfd0 1310
bdb6d971
JH		 1311 if (!enable_hs)
1312 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
04124681 1313 MGMT_STATUS_NOT_SUPPORTED);
6d80dfd0 1314
a7e80f25
JH		 1315 if (cp->val != 0x00 && cp->val != 0x01)
1316 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1317 MGMT_STATUS_INVALID_PARAMS);
1318
6d80dfd0
JH		 1319 if (cp->val)
1320 set_bit(HCI_HS_ENABLED, &hdev->dev_flags);
1321 else
1322 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
1323
bdb6d971 1324 return send_settings_rsp(sk, MGMT_OP_SET_HS, hdev);
6d80dfd0
JH		 1325}
1326
bdb6d971 1327static int set_le(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
06199cf8
JH		 1328{
1329 struct mgmt_mode *cp = data;
1330 struct hci_cp_write_le_host_supported hci_cp;
1331 struct pending_cmd *cmd;
06199cf8 1332 int err;
0b60eba1 1333 u8 val, enabled;
06199cf8 1334
bdb6d971 1335 BT_DBG("request for %s", hdev->name);
06199cf8 1336
13ecd8b6
JH		 1337 if (!lmp_le_capable(hdev))
1338 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1339 MGMT_STATUS_NOT_SUPPORTED);
1de028ce 1340
a7e80f25
JH		 1341 if (cp->val != 0x00 && cp->val != 0x01)
1342 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1343 MGMT_STATUS_INVALID_PARAMS);
1344
c73eee91
JH		 1345 /* LE-only devices do not allow toggling LE on/off */
1346 if (!lmp_bredr_capable(hdev))
1347 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1348 MGMT_STATUS_REJECTED);
1349
13ecd8b6 1350 hci_dev_lock(hdev);
06199cf8
JH		 1351
1352 val = !!cp->val;
ffa88e02 1353 enabled = lmp_host_le_capable(hdev);
06199cf8 1354
0b60eba1 1355 if (!hdev_is_powered(hdev) || val == enabled) {
06199cf8
JH		 1356 bool changed = false;
1357
1358 if (val != test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
1359 change_bit(HCI_LE_ENABLED, &hdev->dev_flags);
1360 changed = true;
1361 }
1362
1363 err = send_settings_rsp(sk, MGMT_OP_SET_LE, hdev);
1364 if (err < 0)
1de028ce 1365 goto unlock;
06199cf8
JH		 1366
1367 if (changed)
1368 err = new_settings(hdev, sk);
1369
1de028ce 1370 goto unlock;
06199cf8
JH		 1371 }
1372
1373 if (mgmt_pending_find(MGMT_OP_SET_LE, hdev)) {
bdb6d971 1374 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
04124681 1375 MGMT_STATUS_BUSY);
1de028ce 1376 goto unlock;
06199cf8
JH		 1377 }
1378
1379 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LE, hdev, data, len);
1380 if (!cmd) {
1381 err = -ENOMEM;
1de028ce 1382 goto unlock;
06199cf8
JH		 1383 }
1384
1385 memset(&hci_cp, 0, sizeof(hci_cp));
1386
1387 if (val) {
1388 hci_cp.le = val;
ffa88e02 1389 hci_cp.simul = lmp_le_br_capable(hdev);
06199cf8
JH		 1390 }
1391
04124681
GP		 1392 err = hci_send_cmd(hdev, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(hci_cp),
1393 &hci_cp);
0c01bc48 1394 if (err < 0)
06199cf8 1395 mgmt_pending_remove(cmd);
06199cf8 1396
1de028ce
JH		 1397unlock:
1398 hci_dev_unlock(hdev);
06199cf8
JH		 1399 return err;
1400}
1401
0cab9c80
JH		 1402/* This is a helper function to test for pending mgmt commands that can
1403 * cause CoD or EIR HCI commands. We can only allow one such pending
1404 * mgmt command at a time since otherwise we cannot easily track what
1405 * the current values are, will be, and based on that calculate if a new
1406 * HCI command needs to be sent and if yes with what value.
1407 */
1408static bool pending_eir_or_class(struct hci_dev *hdev)
1409{
1410 struct pending_cmd *cmd;
1411
1412 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
1413 switch (cmd->opcode) {
1414 case MGMT_OP_ADD_UUID:
1415 case MGMT_OP_REMOVE_UUID:
1416 case MGMT_OP_SET_DEV_CLASS:
1417 case MGMT_OP_SET_POWERED:
1418 return true;
1419 }
1420 }
1421
1422 return false;
1423}
1424
83be8eca
JH		 1425static const u8 bluetooth_base_uuid[] = {
1426 0xfb, 0x34, 0x9b, 0x5f, 0x80, 0x00, 0x00, 0x80,
1427 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1428};
1429
1430static u8 get_uuid_size(const u8 *uuid)
1431{
1432 u32 val;
1433
1434 if (memcmp(uuid, bluetooth_base_uuid, 12))
1435 return 128;
1436
1437 val = get_unaligned_le32(&uuid[12]);
1438 if (val > 0xffff)
1439 return 32;
1440
1441 return 16;
1442}
1443
92da6097
JH		 1444static void mgmt_class_complete(struct hci_dev *hdev, u16 mgmt_op, u8 status)
1445{
1446 struct pending_cmd *cmd;
1447
1448 hci_dev_lock(hdev);
1449
1450 cmd = mgmt_pending_find(mgmt_op, hdev);
1451 if (!cmd)
1452 goto unlock;
1453
1454 cmd_complete(cmd->sk, cmd->index, cmd->opcode, mgmt_status(status),
1455 hdev->dev_class, 3);
1456
1457 mgmt_pending_remove(cmd);
1458
1459unlock:
1460 hci_dev_unlock(hdev);
1461}
1462
1463static void add_uuid_complete(struct hci_dev *hdev, u8 status)
1464{
1465 BT_DBG("status 0x%02x", status);
1466
1467 mgmt_class_complete(hdev, MGMT_OP_ADD_UUID, status);
1468}
1469
bdb6d971 1470static int add_uuid(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
2aeb9a1a 1471{
650f726d 1472 struct mgmt_cp_add_uuid *cp = data;
90e70454 1473 struct pending_cmd *cmd;
890ea898 1474 struct hci_request req;
2aeb9a1a 1475 struct bt_uuid *uuid;
2aeb9a1a
JH		 1476 int err;
1477
bdb6d971 1478 BT_DBG("request for %s", hdev->name);
2aeb9a1a 1479
09fd0de5 1480 hci_dev_lock(hdev);
2aeb9a1a 1481
0cab9c80 1482 if (pending_eir_or_class(hdev)) {
bdb6d971 1483 err = cmd_status(sk, hdev->id, MGMT_OP_ADD_UUID,
04124681 1484 MGMT_STATUS_BUSY);
c95f0ba7
JH		 1485 goto failed;
1486 }
1487
92c4c204 1488 uuid = kmalloc(sizeof(*uuid), GFP_KERNEL);
2aeb9a1a
JH		 1489 if (!uuid) {
1490 err = -ENOMEM;
1491 goto failed;
1492 }
1493
1494 memcpy(uuid->uuid, cp->uuid, 16);
1aff6f09 1495 uuid->svc_hint = cp->svc_hint;
83be8eca 1496 uuid->size = get_uuid_size(cp->uuid);
2aeb9a1a 1497
de66aa63 1498 list_add_tail(&uuid->list, &hdev->uuids);
2aeb9a1a 1499
890ea898 1500 hci_req_init(&req, hdev);
1aff6f09 1501
890ea898
JH		 1502 update_class(&req);
1503 update_eir(&req);
1504
92da6097
JH		 1505 err = hci_req_run(&req, add_uuid_complete);
1506 if (err < 0) {
1507 if (err != -ENODATA)
1508 goto failed;
80a1e1db 1509
bdb6d971 1510 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_UUID, 0,
04124681 1511 hdev->dev_class, 3);
90e70454
JH		 1512 goto failed;
1513 }
1514
1515 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_UUID, hdev, data, len);
890ea898 1516 if (!cmd) {
90e70454 1517 err = -ENOMEM;
890ea898
JH		 1518 goto failed;
1519 }
1520
1521 err = 0;
2aeb9a1a
JH		 1522
1523failed:
09fd0de5 1524 hci_dev_unlock(hdev);
2aeb9a1a
JH		 1525 return err;
1526}
1527
24b78d0f
JH		 1528static bool enable_service_cache(struct hci_dev *hdev)
1529{
1530 if (!hdev_is_powered(hdev))
1531 return false;
1532
1533 if (!test_and_set_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
46818ed5
JH		 1534 queue_delayed_work(hdev->workqueue, &hdev->service_cache,
1535 CACHE_TIMEOUT);
24b78d0f
JH		 1536 return true;
1537 }
1538
1539 return false;
1540}
1541
92da6097
JH		 1542static void remove_uuid_complete(struct hci_dev *hdev, u8 status)
1543{
1544 BT_DBG("status 0x%02x", status);
1545
1546 mgmt_class_complete(hdev, MGMT_OP_REMOVE_UUID, status);
1547}
1548
bdb6d971 1549static int remove_uuid(struct sock *sk, struct hci_dev *hdev, void *data,
8ce8e2b5 1550 u16 len)
2aeb9a1a 1551{
650f726d 1552 struct mgmt_cp_remove_uuid *cp = data;
90e70454 1553 struct pending_cmd *cmd;
056341c8 1554 struct bt_uuid *match, *tmp;
2aeb9a1a 1555 u8 bt_uuid_any[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
890ea898 1556 struct hci_request req;
2aeb9a1a
JH		 1557 int err, found;
1558
bdb6d971 1559 BT_DBG("request for %s", hdev->name);
2aeb9a1a 1560
09fd0de5 1561 hci_dev_lock(hdev);
2aeb9a1a 1562
0cab9c80 1563 if (pending_eir_or_class(hdev)) {
bdb6d971 1564 err = cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
04124681 1565 MGMT_STATUS_BUSY);
c95f0ba7
JH		 1566 goto unlock;
1567 }
1568
2aeb9a1a
JH		 1569 if (memcmp(cp->uuid, bt_uuid_any, 16) == 0) {
1570 err = hci_uuids_clear(hdev);
4004b6d9 1571
24b78d0f 1572 if (enable_service_cache(hdev)) {
bdb6d971 1573 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID,
04124681 1574 0, hdev->dev_class, 3);
24b78d0f
JH		 1575 goto unlock;
1576 }
4004b6d9 1577
9246a869 1578 goto update_class;
2aeb9a1a
JH		 1579 }
1580
1581 found = 0;
1582
056341c8 1583 list_for_each_entry_safe(match, tmp, &hdev->uuids, list) {
2aeb9a1a
JH		 1584 if (memcmp(match->uuid, cp->uuid, 16) != 0)
1585 continue;
1586
1587 list_del(&match->list);
482049f7 1588 kfree(match);
2aeb9a1a
JH		 1589 found++;
1590 }
1591
1592 if (found == 0) {
bdb6d971 1593 err = cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
04124681 1594 MGMT_STATUS_INVALID_PARAMS);
2aeb9a1a
JH		 1595 goto unlock;
1596 }
1597
9246a869 1598update_class:
890ea898 1599 hci_req_init(&req, hdev);
1aff6f09 1600
890ea898
JH		 1601 update_class(&req);
1602 update_eir(&req);
1603
92da6097
JH		 1604 err = hci_req_run(&req, remove_uuid_complete);
1605 if (err < 0) {
1606 if (err != -ENODATA)
1607 goto unlock;
80a1e1db 1608
bdb6d971 1609 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID, 0,
04124681 1610 hdev->dev_class, 3);
90e70454
JH		 1611 goto unlock;
1612 }
1613
1614 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_UUID, hdev, data, len);
890ea898 1615 if (!cmd) {
90e70454 1616 err = -ENOMEM;
890ea898
JH		 1617 goto unlock;
1618 }
1619
1620 err = 0;
2aeb9a1a
JH		 1621
1622unlock:
09fd0de5 1623 hci_dev_unlock(hdev);
2aeb9a1a
JH		 1624 return err;
1625}
1626
92da6097
JH		 1627static void set_class_complete(struct hci_dev *hdev, u8 status)
1628{
1629 BT_DBG("status 0x%02x", status);
1630
1631 mgmt_class_complete(hdev, MGMT_OP_SET_DEV_CLASS, status);
1632}
1633
bdb6d971 1634static int set_dev_class(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1635 u16 len)
1aff6f09 1636{
650f726d 1637 struct mgmt_cp_set_dev_class *cp = data;
90e70454 1638 struct pending_cmd *cmd;
890ea898 1639 struct hci_request req;
1aff6f09
JH		 1640 int err;
1641
bdb6d971 1642 BT_DBG("request for %s", hdev->name);
1aff6f09 1643
13ecd8b6
JH		 1644 if (!lmp_bredr_capable(hdev))
1645 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
1646 MGMT_STATUS_NOT_SUPPORTED);
1aff6f09 1647
0cab9c80 1648 hci_dev_lock(hdev);
ee98f473 1649
0cab9c80
JH		 1650 if (pending_eir_or_class(hdev)) {
1651 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
1652 MGMT_STATUS_BUSY);
1653 goto unlock;
1654 }
c95f0ba7 1655
0cab9c80
JH		 1656 if ((cp->minor & 0x03) != 0 || (cp->major & 0xe0) != 0) {
1657 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
1658 MGMT_STATUS_INVALID_PARAMS);
1659 goto unlock;
1660 }
575b3a02 1661
932f5ff5
JH		 1662 hdev->major_class = cp->major;
1663 hdev->minor_class = cp->minor;
1664
b5235a65 1665 if (!hdev_is_powered(hdev)) {
bdb6d971 1666 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
04124681 1667 hdev->dev_class, 3);
b5235a65
JH		 1668 goto unlock;
1669 }
1670
890ea898
JH		 1671 hci_req_init(&req, hdev);
1672
a8b2d5c2 1673 if (test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
7d78525d
JH		 1674 hci_dev_unlock(hdev);
1675 cancel_delayed_work_sync(&hdev->service_cache);
1676 hci_dev_lock(hdev);
890ea898 1677 update_eir(&req);
7d78525d 1678 }
14c0b608 1679
890ea898
JH		 1680 update_class(&req);
1681
92da6097
JH		 1682 err = hci_req_run(&req, set_class_complete);
1683 if (err < 0) {
1684 if (err != -ENODATA)
1685 goto unlock;
1aff6f09 1686
bdb6d971 1687 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
04124681 1688 hdev->dev_class, 3);
90e70454
JH		 1689 goto unlock;
1690 }
1691
1692 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DEV_CLASS, hdev, data, len);
890ea898 1693 if (!cmd) {
90e70454 1694 err = -ENOMEM;
890ea898
JH		 1695 goto unlock;
1696 }
1697
1698 err = 0;
1aff6f09 1699
b5235a65 1700unlock:
09fd0de5 1701 hci_dev_unlock(hdev);
1aff6f09
JH		 1702 return err;
1703}
1704
bdb6d971 1705static int load_link_keys(struct sock *sk, struct hci_dev *hdev, void *data,
8ce8e2b5 1706 u16 len)
55ed8ca1 1707{
650f726d 1708 struct mgmt_cp_load_link_keys *cp = data;
4e51eae9 1709 u16 key_count, expected_len;
a492cd52 1710 int i;
55ed8ca1 1711
1f350c87 1712 key_count = __le16_to_cpu(cp->key_count);
55ed8ca1 1713
86742e1e
JH		 1714 expected_len = sizeof(*cp) + key_count *
1715 sizeof(struct mgmt_link_key_info);
a492cd52 1716 if (expected_len != len) {
86742e1e 1717 BT_ERR("load_link_keys: expected %u bytes, got %u bytes",
8ce8e2b5 1718 len, expected_len);
bdb6d971 1719 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
04124681 1720 MGMT_STATUS_INVALID_PARAMS);
55ed8ca1
JH		 1721 }
1722
4ae14301
JH		 1723 if (cp->debug_keys != 0x00 && cp->debug_keys != 0x01)
1724 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
1725 MGMT_STATUS_INVALID_PARAMS);
1726
bdb6d971 1727 BT_DBG("%s debug_keys %u key_count %u", hdev->name, cp->debug_keys,
8ce8e2b5 1728 key_count);
55ed8ca1 1729
4ee71b20
JH		 1730 for (i = 0; i < key_count; i++) {
1731 struct mgmt_link_key_info *key = &cp->keys[i];
1732
1733 if (key->addr.type != BDADDR_BREDR)
1734 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
1735 MGMT_STATUS_INVALID_PARAMS);
1736 }
1737
09fd0de5 1738 hci_dev_lock(hdev);
55ed8ca1
JH		 1739
1740 hci_link_keys_clear(hdev);
1741
55ed8ca1 1742 if (cp->debug_keys)
a8b2d5c2 1743 set_bit(HCI_DEBUG_KEYS, &hdev->dev_flags);
55ed8ca1 1744 else
a8b2d5c2 1745 clear_bit(HCI_DEBUG_KEYS, &hdev->dev_flags);
55ed8ca1 1746
a492cd52 1747 for (i = 0; i < key_count; i++) {
86742e1e 1748 struct mgmt_link_key_info *key = &cp->keys[i];
55ed8ca1 1749
d753fdc4 1750 hci_add_link_key(hdev, NULL, 0, &key->addr.bdaddr, key->val,
04124681 1751 key->type, key->pin_len);
55ed8ca1
JH		 1752 }
1753
bdb6d971 1754 cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS, 0, NULL, 0);
0e5f875a 1755
09fd0de5 1756 hci_dev_unlock(hdev);
55ed8ca1 1757
a492cd52 1758 return 0;
55ed8ca1
JH		 1759}
1760
b1078ad0 1761static int device_unpaired(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 1762 u8 addr_type, struct sock *skip_sk)
b1078ad0
JH		 1763{
1764 struct mgmt_ev_device_unpaired ev;
1765
1766 bacpy(&ev.addr.bdaddr, bdaddr);
1767 ev.addr.type = addr_type;
1768
1769 return mgmt_event(MGMT_EV_DEVICE_UNPAIRED, hdev, &ev, sizeof(ev),
04124681 1770 skip_sk);
b1078ad0
JH		 1771}
1772
bdb6d971 1773static int unpair_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1774 u16 len)
55ed8ca1 1775{
124f6e35
JH		 1776 struct mgmt_cp_unpair_device *cp = data;
1777 struct mgmt_rp_unpair_device rp;
a8a1d19e
JH		 1778 struct hci_cp_disconnect dc;
1779 struct pending_cmd *cmd;
55ed8ca1 1780 struct hci_conn *conn;
55ed8ca1
JH		 1781 int err;
1782
a8a1d19e 1783 memset(&rp, 0, sizeof(rp));
124f6e35
JH		 1784 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
1785 rp.addr.type = cp->addr.type;
a8a1d19e 1786
4ee71b20
JH		 1787 if (!bdaddr_type_is_valid(cp->addr.type))
1788 return cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
1789 MGMT_STATUS_INVALID_PARAMS,
1790 &rp, sizeof(rp));
1791
118da70b
JH		 1792 if (cp->disconnect != 0x00 && cp->disconnect != 0x01)
1793 return cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
1794 MGMT_STATUS_INVALID_PARAMS,
1795 &rp, sizeof(rp));
1796
4ee71b20
JH		 1797 hci_dev_lock(hdev);
1798
86a8cfc6 1799 if (!hdev_is_powered(hdev)) {
bdb6d971 1800 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
04124681 1801 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
86a8cfc6
JH		 1802 goto unlock;
1803 }
1804
591f47f3 1805 if (cp->addr.type == BDADDR_BREDR)
124f6e35
JH		 1806 err = hci_remove_link_key(hdev, &cp->addr.bdaddr);
1807 else
1808 err = hci_remove_ltk(hdev, &cp->addr.bdaddr);
b0dbfb46 1809
55ed8ca1 1810 if (err < 0) {
bdb6d971 1811 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
04124681 1812 MGMT_STATUS_NOT_PAIRED, &rp, sizeof(rp));
55ed8ca1
JH		 1813 goto unlock;
1814 }
1815
86a8cfc6 1816 if (cp->disconnect) {
591f47f3 1817 if (cp->addr.type == BDADDR_BREDR)
86a8cfc6 1818 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
8ce8e2b5 1819 &cp->addr.bdaddr);
86a8cfc6
JH		 1820 else
1821 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK,
8ce8e2b5 1822 &cp->addr.bdaddr);
86a8cfc6
JH		 1823 } else {
1824 conn = NULL;
1825 }
124f6e35 1826
a8a1d19e 1827 if (!conn) {
bdb6d971 1828 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE, 0,
04124681 1829 &rp, sizeof(rp));
b1078ad0 1830 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, sk);
a8a1d19e
JH		 1831 goto unlock;
1832 }
55ed8ca1 1833
124f6e35 1834 cmd = mgmt_pending_add(sk, MGMT_OP_UNPAIR_DEVICE, hdev, cp,
04124681 1835 sizeof(*cp));
a8a1d19e
JH		 1836 if (!cmd) {
1837 err = -ENOMEM;
1838 goto unlock;
55ed8ca1
JH		 1839 }
1840
eb55ef07 1841 dc.handle = cpu_to_le16(conn->handle);
a8a1d19e
JH		 1842 dc.reason = 0x13; /* Remote User Terminated Connection */
1843 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
1844 if (err < 0)
1845 mgmt_pending_remove(cmd);
1846
55ed8ca1 1847unlock:
09fd0de5 1848 hci_dev_unlock(hdev);
55ed8ca1
JH		 1849 return err;
1850}
1851
bdb6d971 1852static int disconnect(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1853 u16 len)
8962ee74 1854{
650f726d 1855 struct mgmt_cp_disconnect *cp = data;
06a63b19 1856 struct mgmt_rp_disconnect rp;
8962ee74 1857 struct hci_cp_disconnect dc;
366a0336 1858 struct pending_cmd *cmd;
8962ee74 1859 struct hci_conn *conn;
8962ee74
JH		 1860 int err;
1861
1862 BT_DBG("");
1863
06a63b19
JH		 1864 memset(&rp, 0, sizeof(rp));
1865 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
1866 rp.addr.type = cp->addr.type;
1867
4ee71b20 1868 if (!bdaddr_type_is_valid(cp->addr.type))
06a63b19
JH		 1869 return cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
1870 MGMT_STATUS_INVALID_PARAMS,
1871 &rp, sizeof(rp));
4ee71b20 1872
09fd0de5 1873 hci_dev_lock(hdev);
8962ee74
JH		 1874
1875 if (!test_bit(HCI_UP, &hdev->flags)) {
06a63b19
JH		 1876 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
1877 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
8962ee74
JH		 1878 goto failed;
1879 }
1880
2e58ef3e 1881 if (mgmt_pending_find(MGMT_OP_DISCONNECT, hdev)) {
06a63b19
JH		 1882 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
1883 MGMT_STATUS_BUSY, &rp, sizeof(rp));
8962ee74
JH		 1884 goto failed;
1885 }
1886
591f47f3 1887 if (cp->addr.type == BDADDR_BREDR)
8fc9ced3
GP		 1888 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
1889 &cp->addr.bdaddr);
88c3df13
JH		 1890 else
1891 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
365227e5 1892
f960727e 1893 if (!conn || conn->state == BT_OPEN || conn->state == BT_CLOSED) {
06a63b19
JH		 1894 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
1895 MGMT_STATUS_NOT_CONNECTED, &rp, sizeof(rp));
8962ee74
JH		 1896 goto failed;
1897 }
1898
2e58ef3e 1899 cmd = mgmt_pending_add(sk, MGMT_OP_DISCONNECT, hdev, data, len);
366a0336
JH		 1900 if (!cmd) {
1901 err = -ENOMEM;
8962ee74 1902 goto failed;
366a0336 1903 }
8962ee74 1904
eb55ef07 1905 dc.handle = cpu_to_le16(conn->handle);
3701f944 1906 dc.reason = HCI_ERROR_REMOTE_USER_TERM;
8962ee74
JH		 1907
1908 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
1909 if (err < 0)
a664b5bc 1910 mgmt_pending_remove(cmd);
8962ee74
JH		 1911
1912failed:
09fd0de5 1913 hci_dev_unlock(hdev);
8962ee74
JH		 1914 return err;
1915}
1916
57c1477c 1917static u8 link_to_bdaddr(u8 link_type, u8 addr_type)
4c659c39
JH		 1918{
1919 switch (link_type) {
1920 case LE_LINK:
48264f06
JH		 1921 switch (addr_type) {
1922 case ADDR_LE_DEV_PUBLIC:
591f47f3 1923 return BDADDR_LE_PUBLIC;
0ed09148 1924
48264f06 1925 default:
0ed09148 1926 /* Fallback to LE Random address type */
591f47f3 1927 return BDADDR_LE_RANDOM;
48264f06 1928 }
0ed09148 1929
4c659c39 1930 default:
0ed09148 1931 /* Fallback to BR/EDR type */
591f47f3 1932 return BDADDR_BREDR;
4c659c39
JH		 1933 }
1934}
1935
04124681
GP		 1936static int get_connections(struct sock *sk, struct hci_dev *hdev, void *data,
1937 u16 data_len)
2784eb41 1938{
2784eb41 1939 struct mgmt_rp_get_connections *rp;
8035ded4 1940 struct hci_conn *c;
a38528f1 1941 size_t rp_len;
60fc5fb6
JH		 1942 int err;
1943 u16 i;
2784eb41
JH		 1944
1945 BT_DBG("");
1946
09fd0de5 1947 hci_dev_lock(hdev);
2784eb41 1948
5f97c1df 1949 if (!hdev_is_powered(hdev)) {
bdb6d971 1950 err = cmd_status(sk, hdev->id, MGMT_OP_GET_CONNECTIONS,
04124681 1951 MGMT_STATUS_NOT_POWERED);
5f97c1df
JH		 1952 goto unlock;
1953 }
1954
60fc5fb6 1955 i = 0;
b644ba33
JH		 1956 list_for_each_entry(c, &hdev->conn_hash.list, list) {
1957 if (test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
60fc5fb6 1958 i++;
2784eb41
JH		 1959 }
1960
60fc5fb6 1961 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
92c4c204 1962 rp = kmalloc(rp_len, GFP_KERNEL);
a38528f1 1963 if (!rp) {
2784eb41
JH		 1964 err = -ENOMEM;
1965 goto unlock;
1966 }
1967
2784eb41 1968 i = 0;
4c659c39 1969 list_for_each_entry(c, &hdev->conn_hash.list, list) {
b644ba33
JH		 1970 if (!test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
1971 continue;
4c659c39 1972 bacpy(&rp->addr[i].bdaddr, &c->dst);
57c1477c 1973 rp->addr[i].type = link_to_bdaddr(c->type, c->dst_type);
0ed09148 1974 if (c->type == SCO_LINK || c->type == ESCO_LINK)
4c659c39
JH		 1975 continue;
1976 i++;
1977 }
1978
eb55ef07 1979 rp->conn_count = cpu_to_le16(i);
60fc5fb6 1980
4c659c39
JH		 1981 /* Recalculate length in case of filtered SCO connections, etc */
1982 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
2784eb41 1983
bdb6d971 1984 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CONNECTIONS, 0, rp,
04124681 1985 rp_len);
2784eb41 1986
a38528f1 1987 kfree(rp);
5f97c1df
JH		 1988
1989unlock:
09fd0de5 1990 hci_dev_unlock(hdev);
2784eb41
JH		 1991 return err;
1992}
1993
bdb6d971 1994static int send_pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 1995 struct mgmt_cp_pin_code_neg_reply *cp)
96d97a67
WR		 1996{
1997 struct pending_cmd *cmd;
1998 int err;
1999
2e58ef3e 2000 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_NEG_REPLY, hdev, cp,
04124681 2001 sizeof(*cp));
96d97a67
WR		 2002 if (!cmd)
2003 return -ENOMEM;
2004
d8457698 2005 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
04124681 2006 sizeof(cp->addr.bdaddr), &cp->addr.bdaddr);
96d97a67
WR		 2007 if (err < 0)
2008 mgmt_pending_remove(cmd);
2009
2010 return err;
2011}
2012
bdb6d971 2013static int pin_code_reply(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2014 u16 len)
980e1a53 2015{
96d97a67 2016 struct hci_conn *conn;
650f726d 2017 struct mgmt_cp_pin_code_reply *cp = data;
980e1a53 2018 struct hci_cp_pin_code_reply reply;
366a0336 2019 struct pending_cmd *cmd;
980e1a53
JH		 2020 int err;
2021
2022 BT_DBG("");
2023
09fd0de5 2024 hci_dev_lock(hdev);
980e1a53 2025
4b34ee78 2026 if (!hdev_is_powered(hdev)) {
bdb6d971 2027 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
04124681 2028 MGMT_STATUS_NOT_POWERED);
980e1a53
JH		 2029 goto failed;
2030 }
2031
d8457698 2032 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->addr.bdaddr);
96d97a67 2033 if (!conn) {
bdb6d971 2034 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
04124681 2035 MGMT_STATUS_NOT_CONNECTED);
96d97a67
WR		 2036 goto failed;
2037 }
2038
2039 if (conn->pending_sec_level == BT_SECURITY_HIGH && cp->pin_len != 16) {
d8457698
JH		 2040 struct mgmt_cp_pin_code_neg_reply ncp;
2041
2042 memcpy(&ncp.addr, &cp->addr, sizeof(ncp.addr));
96d97a67
WR		 2043
2044 BT_ERR("PIN code is not 16 bytes long");
2045
bdb6d971 2046 err = send_pin_code_neg_reply(sk, hdev, &ncp);
96d97a67 2047 if (err >= 0)
bdb6d971 2048 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
04124681 2049 MGMT_STATUS_INVALID_PARAMS);
96d97a67
WR		 2050
2051 goto failed;
2052 }
2053
00abfe44 2054 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_REPLY, hdev, data, len);
366a0336
JH		 2055 if (!cmd) {
2056 err = -ENOMEM;
980e1a53 2057 goto failed;
366a0336 2058 }
980e1a53 2059
d8457698 2060 bacpy(&reply.bdaddr, &cp->addr.bdaddr);
980e1a53 2061 reply.pin_len = cp->pin_len;
24718ca5 2062 memcpy(reply.pin_code, cp->pin_code, sizeof(reply.pin_code));
980e1a53
JH		 2063
2064 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_REPLY, sizeof(reply), &reply);
2065 if (err < 0)
a664b5bc 2066 mgmt_pending_remove(cmd);
980e1a53
JH		 2067
2068failed:
09fd0de5 2069 hci_dev_unlock(hdev);
980e1a53
JH		 2070 return err;
2071}
2072
04124681
GP		 2073static int set_io_capability(struct sock *sk, struct hci_dev *hdev, void *data,
2074 u16 len)
17fa4b9d 2075{
650f726d 2076 struct mgmt_cp_set_io_capability *cp = data;
17fa4b9d
JH		 2077
2078 BT_DBG("");
2079
09fd0de5 2080 hci_dev_lock(hdev);
17fa4b9d
JH		 2081
2082 hdev->io_capability = cp->io_capability;
2083
2084 BT_DBG("%s IO capability set to 0x%02x", hdev->name,
8ce8e2b5 2085 hdev->io_capability);
17fa4b9d 2086
09fd0de5 2087 hci_dev_unlock(hdev);
17fa4b9d 2088
04124681
GP		 2089 return cmd_complete(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY, 0, NULL,
2090 0);
17fa4b9d
JH		 2091}
2092
6039aa73 2093static struct pending_cmd *find_pairing(struct hci_conn *conn)
e9a416b5
JH		 2094{
2095 struct hci_dev *hdev = conn->hdev;
8035ded4 2096 struct pending_cmd *cmd;
e9a416b5 2097
2e58ef3e 2098 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
e9a416b5
JH		 2099 if (cmd->opcode != MGMT_OP_PAIR_DEVICE)
2100 continue;
2101
e9a416b5
JH		 2102 if (cmd->user_data != conn)
2103 continue;
2104
2105 return cmd;
2106 }
2107
2108 return NULL;
2109}
2110
2111static void pairing_complete(struct pending_cmd *cmd, u8 status)
2112{
2113 struct mgmt_rp_pair_device rp;
2114 struct hci_conn *conn = cmd->user_data;
2115
ba4e564f 2116 bacpy(&rp.addr.bdaddr, &conn->dst);
57c1477c 2117 rp.addr.type = link_to_bdaddr(conn->type, conn->dst_type);
e9a416b5 2118
aee9b218 2119 cmd_complete(cmd->sk, cmd->index, MGMT_OP_PAIR_DEVICE, status,
04124681 2120 &rp, sizeof(rp));
e9a416b5
JH		 2121
2122 /* So we don't get further callbacks for this connection */
2123 conn->connect_cfm_cb = NULL;
2124 conn->security_cfm_cb = NULL;
2125 conn->disconn_cfm_cb = NULL;
2126
76a68ba0 2127 hci_conn_drop(conn);
e9a416b5 2128
a664b5bc 2129 mgmt_pending_remove(cmd);
e9a416b5
JH		 2130}
2131
2132static void pairing_complete_cb(struct hci_conn *conn, u8 status)
2133{
2134 struct pending_cmd *cmd;
2135
2136 BT_DBG("status %u", status);
2137
2138 cmd = find_pairing(conn);
56e5cb86 2139 if (!cmd)
e9a416b5 2140 BT_DBG("Unable to find a pending command");
56e5cb86 2141 else
e211326c 2142 pairing_complete(cmd, mgmt_status(status));
e9a416b5
JH		 2143}
2144
4c47d739
VA		 2145static void le_connect_complete_cb(struct hci_conn *conn, u8 status)
2146{
2147 struct pending_cmd *cmd;
2148
2149 BT_DBG("status %u", status);
2150
2151 if (!status)
2152 return;
2153
2154 cmd = find_pairing(conn);
2155 if (!cmd)
2156 BT_DBG("Unable to find a pending command");
2157 else
2158 pairing_complete(cmd, mgmt_status(status));
2159}
2160
bdb6d971 2161static int pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2162 u16 len)
e9a416b5 2163{
650f726d 2164 struct mgmt_cp_pair_device *cp = data;
1425acb7 2165 struct mgmt_rp_pair_device rp;
e9a416b5
JH		 2166 struct pending_cmd *cmd;
2167 u8 sec_level, auth_type;
2168 struct hci_conn *conn;
e9a416b5
JH		 2169 int err;
2170
2171 BT_DBG("");
2172
f950a30e
SJ		 2173 memset(&rp, 0, sizeof(rp));
2174 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2175 rp.addr.type = cp->addr.type;
2176
4ee71b20
JH		 2177 if (!bdaddr_type_is_valid(cp->addr.type))
2178 return cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2179 MGMT_STATUS_INVALID_PARAMS,
2180 &rp, sizeof(rp));
2181
09fd0de5 2182 hci_dev_lock(hdev);
e9a416b5 2183
5f97c1df 2184 if (!hdev_is_powered(hdev)) {
f950a30e
SJ		 2185 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2186 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
5f97c1df
JH		 2187 goto unlock;
2188 }
2189
c908df36
VCG		 2190 sec_level = BT_SECURITY_MEDIUM;
2191 if (cp->io_cap == 0x03)
e9a416b5 2192 auth_type = HCI_AT_DEDICATED_BONDING;
c908df36 2193 else
e9a416b5 2194 auth_type = HCI_AT_DEDICATED_BONDING_MITM;
e9a416b5 2195
591f47f3 2196 if (cp->addr.type == BDADDR_BREDR)
b12f62cf
AG		 2197 conn = hci_connect(hdev, ACL_LINK, &cp->addr.bdaddr,
2198 cp->addr.type, sec_level, auth_type);
7a512d01 2199 else
b12f62cf
AG		 2200 conn = hci_connect(hdev, LE_LINK, &cp->addr.bdaddr,
2201 cp->addr.type, sec_level, auth_type);
7a512d01 2202
30e76272 2203 if (IS_ERR(conn)) {
489dc48e
AK		 2204 int status;
2205
2206 if (PTR_ERR(conn) == -EBUSY)
2207 status = MGMT_STATUS_BUSY;
2208 else
2209 status = MGMT_STATUS_CONNECT_FAILED;
2210
bdb6d971 2211 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
489dc48e 2212 status, &rp,
04124681 2213 sizeof(rp));
e9a416b5
JH		 2214 goto unlock;
2215 }
2216
2217 if (conn->connect_cfm_cb) {
76a68ba0 2218 hci_conn_drop(conn);
bdb6d971 2219 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
04124681 2220 MGMT_STATUS_BUSY, &rp, sizeof(rp));
e9a416b5
JH		 2221 goto unlock;
2222 }
2223
2e58ef3e 2224 cmd = mgmt_pending_add(sk, MGMT_OP_PAIR_DEVICE, hdev, data, len);
e9a416b5
JH		 2225 if (!cmd) {
2226 err = -ENOMEM;
76a68ba0 2227 hci_conn_drop(conn);
e9a416b5
JH		 2228 goto unlock;
2229 }
2230
7a512d01 2231 /* For LE, just connecting isn't a proof that the pairing finished */
591f47f3 2232 if (cp->addr.type == BDADDR_BREDR)
7a512d01 2233 conn->connect_cfm_cb = pairing_complete_cb;
4c47d739
VA		 2234 else
2235 conn->connect_cfm_cb = le_connect_complete_cb;
7a512d01 2236
e9a416b5
JH		 2237 conn->security_cfm_cb = pairing_complete_cb;
2238 conn->disconn_cfm_cb = pairing_complete_cb;
2239 conn->io_capability = cp->io_cap;
2240 cmd->user_data = conn;
2241
2242 if (conn->state == BT_CONNECTED &&
8ce8e2b5 2243 hci_conn_security(conn, sec_level, auth_type))
e9a416b5
JH		 2244 pairing_complete(cmd, 0);
2245
2246 err = 0;
2247
2248unlock:
09fd0de5 2249 hci_dev_unlock(hdev);
e9a416b5
JH		 2250 return err;
2251}
2252
04124681
GP		 2253static int cancel_pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
2254 u16 len)
28424707 2255{
0f4e68cf 2256 struct mgmt_addr_info *addr = data;
28424707
JH		 2257 struct pending_cmd *cmd;
2258 struct hci_conn *conn;
2259 int err;
2260
2261 BT_DBG("");
2262
28424707
JH		 2263 hci_dev_lock(hdev);
2264
5f97c1df 2265 if (!hdev_is_powered(hdev)) {
bdb6d971 2266 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
04124681 2267 MGMT_STATUS_NOT_POWERED);
5f97c1df
JH		 2268 goto unlock;
2269 }
2270
28424707
JH		 2271 cmd = mgmt_pending_find(MGMT_OP_PAIR_DEVICE, hdev);
2272 if (!cmd) {
bdb6d971 2273 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
04124681 2274 MGMT_STATUS_INVALID_PARAMS);
28424707
JH		 2275 goto unlock;
2276 }
2277
2278 conn = cmd->user_data;
2279
2280 if (bacmp(&addr->bdaddr, &conn->dst) != 0) {
bdb6d971 2281 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
04124681 2282 MGMT_STATUS_INVALID_PARAMS);
28424707
JH		 2283 goto unlock;
2284 }
2285
2286 pairing_complete(cmd, MGMT_STATUS_CANCELLED);
2287
bdb6d971 2288 err = cmd_complete(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE, 0,
04124681 2289 addr, sizeof(*addr));
28424707
JH		 2290unlock:
2291 hci_dev_unlock(hdev);
28424707
JH		 2292 return err;
2293}
2294
bdb6d971 2295static int user_pairing_resp(struct sock *sk, struct hci_dev *hdev,
1707c60e 2296 struct mgmt_addr_info *addr, u16 mgmt_op,
04124681 2297 u16 hci_op, __le32 passkey)
a5c29683 2298{
a5c29683 2299 struct pending_cmd *cmd;
0df4c185 2300 struct hci_conn *conn;
a5c29683
JH		 2301 int err;
2302
09fd0de5 2303 hci_dev_lock(hdev);
08ba5382 2304
4b34ee78 2305 if (!hdev_is_powered(hdev)) {
feb94d3d
JH		 2306 err = cmd_complete(sk, hdev->id, mgmt_op,
2307 MGMT_STATUS_NOT_POWERED, addr,
2308 sizeof(*addr));
0df4c185 2309 goto done;
a5c29683
JH		 2310 }
2311
1707c60e
JH		 2312 if (addr->type == BDADDR_BREDR)
2313 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &addr->bdaddr);
272d90df 2314 else
1707c60e 2315 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &addr->bdaddr);
272d90df
JH		 2316
2317 if (!conn) {
feb94d3d
JH		 2318 err = cmd_complete(sk, hdev->id, mgmt_op,
2319 MGMT_STATUS_NOT_CONNECTED, addr,
2320 sizeof(*addr));
272d90df
JH		 2321 goto done;
2322 }
47c15e2b 2323
1707c60e 2324 if (addr->type == BDADDR_LE_PUBLIC || addr->type == BDADDR_LE_RANDOM) {
47c15e2b 2325 /* Continue with pairing via SMP */
5fe57d9e
BG		 2326 err = smp_user_confirm_reply(conn, mgmt_op, passkey);
2327
2328 if (!err)
feb94d3d
JH		 2329 err = cmd_complete(sk, hdev->id, mgmt_op,
2330 MGMT_STATUS_SUCCESS, addr,
2331 sizeof(*addr));
5fe57d9e 2332 else
feb94d3d
JH		 2333 err = cmd_complete(sk, hdev->id, mgmt_op,
2334 MGMT_STATUS_FAILED, addr,
2335 sizeof(*addr));
47c15e2b 2336
47c15e2b
BG		 2337 goto done;
2338 }
2339
1707c60e 2340 cmd = mgmt_pending_add(sk, mgmt_op, hdev, addr, sizeof(*addr));
a5c29683
JH		 2341 if (!cmd) {
2342 err = -ENOMEM;
0df4c185 2343 goto done;
a5c29683
JH		 2344 }
2345
0df4c185 2346 /* Continue with pairing via HCI */
604086b7
BG		 2347 if (hci_op == HCI_OP_USER_PASSKEY_REPLY) {
2348 struct hci_cp_user_passkey_reply cp;
2349
1707c60e 2350 bacpy(&cp.bdaddr, &addr->bdaddr);
604086b7
BG		 2351 cp.passkey = passkey;
2352 err = hci_send_cmd(hdev, hci_op, sizeof(cp), &cp);
2353 } else
1707c60e
JH		 2354 err = hci_send_cmd(hdev, hci_op, sizeof(addr->bdaddr),
2355 &addr->bdaddr);
604086b7 2356
a664b5bc
JH		 2357 if (err < 0)
2358 mgmt_pending_remove(cmd);
a5c29683 2359
0df4c185 2360done:
09fd0de5 2361 hci_dev_unlock(hdev);
a5c29683
JH		 2362 return err;
2363}
2364
afeb019d
JK		 2365static int pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
2366 void *data, u16 len)
2367{
2368 struct mgmt_cp_pin_code_neg_reply *cp = data;
2369
2370 BT_DBG("");
2371
1707c60e 2372 return user_pairing_resp(sk, hdev, &cp->addr,
afeb019d
JK		 2373 MGMT_OP_PIN_CODE_NEG_REPLY,
2374 HCI_OP_PIN_CODE_NEG_REPLY, 0);
2375}
2376
04124681
GP		 2377static int user_confirm_reply(struct sock *sk, struct hci_dev *hdev, void *data,
2378 u16 len)
0df4c185 2379{
650f726d 2380 struct mgmt_cp_user_confirm_reply *cp = data;
0df4c185
BG		 2381
2382 BT_DBG("");
2383
2384 if (len != sizeof(*cp))
bdb6d971 2385 return cmd_status(sk, hdev->id, MGMT_OP_USER_CONFIRM_REPLY,
04124681 2386 MGMT_STATUS_INVALID_PARAMS);
0df4c185 2387
1707c60e 2388 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 2389 MGMT_OP_USER_CONFIRM_REPLY,
2390 HCI_OP_USER_CONFIRM_REPLY, 0);
0df4c185
BG		 2391}
2392
bdb6d971 2393static int user_confirm_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 2394 void *data, u16 len)
0df4c185 2395{
c9c2659f 2396 struct mgmt_cp_user_confirm_neg_reply *cp = data;
0df4c185
BG		 2397
2398 BT_DBG("");
2399
1707c60e 2400 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 2401 MGMT_OP_USER_CONFIRM_NEG_REPLY,
2402 HCI_OP_USER_CONFIRM_NEG_REPLY, 0);
0df4c185
BG		 2403}
2404
04124681
GP		 2405static int user_passkey_reply(struct sock *sk, struct hci_dev *hdev, void *data,
2406 u16 len)
604086b7 2407{
650f726d 2408 struct mgmt_cp_user_passkey_reply *cp = data;
604086b7
BG		 2409
2410 BT_DBG("");
2411
1707c60e 2412 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 2413 MGMT_OP_USER_PASSKEY_REPLY,
2414 HCI_OP_USER_PASSKEY_REPLY, cp->passkey);
604086b7
BG		 2415}
2416
bdb6d971 2417static int user_passkey_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 2418 void *data, u16 len)
604086b7 2419{
650f726d 2420 struct mgmt_cp_user_passkey_neg_reply *cp = data;
604086b7
BG		 2421
2422 BT_DBG("");
2423
1707c60e 2424 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 2425 MGMT_OP_USER_PASSKEY_NEG_REPLY,
2426 HCI_OP_USER_PASSKEY_NEG_REPLY, 0);
604086b7
BG		 2427}
2428
13928971 2429static void update_name(struct hci_request *req)
2b4bf397 2430{
13928971 2431 struct hci_dev *hdev = req->hdev;
2b4bf397
JH		 2432 struct hci_cp_write_local_name cp;
2433
13928971 2434 memcpy(cp.name, hdev->dev_name, sizeof(cp.name));
2b4bf397 2435
890ea898 2436 hci_req_add(req, HCI_OP_WRITE_LOCAL_NAME, sizeof(cp), &cp);
2b4bf397
JH		 2437}
2438
13928971
JH		 2439static void set_name_complete(struct hci_dev *hdev, u8 status)
2440{
2441 struct mgmt_cp_set_local_name *cp;
2442 struct pending_cmd *cmd;
2443
2444 BT_DBG("status 0x%02x", status);
2445
2446 hci_dev_lock(hdev);
2447
2448 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
2449 if (!cmd)
2450 goto unlock;
2451
2452 cp = cmd->param;
2453
2454 if (status)
2455 cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME,
2456 mgmt_status(status));
2457 else
2458 cmd_complete(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
2459 cp, sizeof(*cp));
2460
2461 mgmt_pending_remove(cmd);
2462
2463unlock:
2464 hci_dev_unlock(hdev);
2465}
2466
bdb6d971 2467static int set_local_name(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2468 u16 len)
b312b161 2469{
2b4bf397 2470 struct mgmt_cp_set_local_name *cp = data;
b312b161 2471 struct pending_cmd *cmd;
890ea898 2472 struct hci_request req;
b312b161
JH		 2473 int err;
2474
2475 BT_DBG("");
2476
09fd0de5 2477 hci_dev_lock(hdev);
b312b161 2478
b3f2ca94
JH		 2479 /* If the old values are the same as the new ones just return a
2480 * direct command complete event.
2481 */
2482 if (!memcmp(hdev->dev_name, cp->name, sizeof(hdev->dev_name)) &&
2483 !memcmp(hdev->short_name, cp->short_name,
2484 sizeof(hdev->short_name))) {
2485 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
2486 data, len);
2487 goto failed;
2488 }
2489
2b4bf397 2490 memcpy(hdev->short_name, cp->short_name, sizeof(hdev->short_name));
28cc7bde 2491
b5235a65 2492 if (!hdev_is_powered(hdev)) {
2b4bf397 2493 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
28cc7bde
JH		 2494
2495 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
04124681 2496 data, len);
28cc7bde
JH		 2497 if (err < 0)
2498 goto failed;
2499
2500 err = mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, data, len,
04124681 2501 sk);
28cc7bde 2502
b5235a65
JH		 2503 goto failed;
2504 }
2505
28cc7bde 2506 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LOCAL_NAME, hdev, data, len);
b312b161
JH		 2507 if (!cmd) {
2508 err = -ENOMEM;
2509 goto failed;
2510 }
2511
13928971
JH		 2512 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
2513
890ea898 2514 hci_req_init(&req, hdev);
3f985050
JH		 2515
2516 if (lmp_bredr_capable(hdev)) {
2517 update_name(&req);
2518 update_eir(&req);
2519 }
2520
2521 if (lmp_le_capable(hdev))
2522 hci_update_ad(&req);
2523
13928971 2524 err = hci_req_run(&req, set_name_complete);
b312b161
JH		 2525 if (err < 0)
2526 mgmt_pending_remove(cmd);
2527
2528failed:
09fd0de5 2529 hci_dev_unlock(hdev);
b312b161
JH		 2530 return err;
2531}
2532
0f4e68cf 2533static int read_local_oob_data(struct sock *sk, struct hci_dev *hdev,
04124681 2534 void *data, u16 data_len)
c35938b2 2535{
c35938b2
SJ		 2536 struct pending_cmd *cmd;
2537 int err;
2538
bdb6d971 2539 BT_DBG("%s", hdev->name);
c35938b2 2540
09fd0de5 2541 hci_dev_lock(hdev);
c35938b2 2542
4b34ee78 2543 if (!hdev_is_powered(hdev)) {
bdb6d971 2544 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
04124681 2545 MGMT_STATUS_NOT_POWERED);
c35938b2
SJ		 2546 goto unlock;
2547 }
2548
9a1a1996 2549 if (!lmp_ssp_capable(hdev)) {
bdb6d971 2550 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
04124681 2551 MGMT_STATUS_NOT_SUPPORTED);
c35938b2
SJ		 2552 goto unlock;
2553 }
2554
2e58ef3e 2555 if (mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev)) {
bdb6d971 2556 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
04124681 2557 MGMT_STATUS_BUSY);
c35938b2
SJ		 2558 goto unlock;
2559 }
2560
2e58ef3e 2561 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_DATA, hdev, NULL, 0);
c35938b2
SJ		 2562 if (!cmd) {
2563 err = -ENOMEM;
2564 goto unlock;
2565 }
2566
2567 err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL);
2568 if (err < 0)
2569 mgmt_pending_remove(cmd);
2570
2571unlock:
09fd0de5 2572 hci_dev_unlock(hdev);
c35938b2
SJ		 2573 return err;
2574}
2575
bdb6d971 2576static int add_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
04124681 2577 void *data, u16 len)
2763eda6 2578{
650f726d 2579 struct mgmt_cp_add_remote_oob_data *cp = data;
bf1e3541 2580 u8 status;
2763eda6
SJ		 2581 int err;
2582
bdb6d971 2583 BT_DBG("%s ", hdev->name);
2763eda6 2584
09fd0de5 2585 hci_dev_lock(hdev);
2763eda6 2586
664ce4cc 2587 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr, cp->hash,
04124681 2588 cp->randomizer);
2763eda6 2589 if (err < 0)
bf1e3541 2590 status = MGMT_STATUS_FAILED;
2763eda6 2591 else
a6785be2 2592 status = MGMT_STATUS_SUCCESS;
bf1e3541 2593
bdb6d971 2594 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA, status,
04124681 2595 &cp->addr, sizeof(cp->addr));
2763eda6 2596
09fd0de5 2597 hci_dev_unlock(hdev);
2763eda6
SJ		 2598 return err;
2599}
2600
bdb6d971 2601static int remove_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
8ce8e2b5 2602 void *data, u16 len)
2763eda6 2603{
650f726d 2604 struct mgmt_cp_remove_remote_oob_data *cp = data;
bf1e3541 2605 u8 status;
2763eda6
SJ		 2606 int err;
2607
bdb6d971 2608 BT_DBG("%s", hdev->name);
2763eda6 2609
09fd0de5 2610 hci_dev_lock(hdev);
2763eda6 2611
664ce4cc 2612 err = hci_remove_remote_oob_data(hdev, &cp->addr.bdaddr);
2763eda6 2613 if (err < 0)
bf1e3541 2614 status = MGMT_STATUS_INVALID_PARAMS;
2763eda6 2615 else
a6785be2 2616 status = MGMT_STATUS_SUCCESS;
bf1e3541 2617
bdb6d971 2618 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
04124681 2619 status, &cp->addr, sizeof(cp->addr));
2763eda6 2620
09fd0de5 2621 hci_dev_unlock(hdev);
2763eda6
SJ		 2622 return err;
2623}
2624
41dc2bd6
AG		 2625static int mgmt_start_discovery_failed(struct hci_dev *hdev, u8 status)
2626{
2627 struct pending_cmd *cmd;
2628 u8 type;
2629 int err;
2630
2631 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
2632
2633 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
2634 if (!cmd)
2635 return -ENOENT;
2636
2637 type = hdev->discovery.type;
2638
2639 err = cmd_complete(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status),
2640 &type, sizeof(type));
2641 mgmt_pending_remove(cmd);
2642
2643 return err;
2644}
2645
7c307720
AG		 2646static void start_discovery_complete(struct hci_dev *hdev, u8 status)
2647{
2648 BT_DBG("status %d", status);
2649
2650 if (status) {
2651 hci_dev_lock(hdev);
2652 mgmt_start_discovery_failed(hdev, status);
2653 hci_dev_unlock(hdev);
2654 return;
2655 }
2656
2657 hci_dev_lock(hdev);
2658 hci_discovery_set_state(hdev, DISCOVERY_FINDING);
2659 hci_dev_unlock(hdev);
2660
2661 switch (hdev->discovery.type) {
2662 case DISCOV_TYPE_LE:
2663 queue_delayed_work(hdev->workqueue, &hdev->le_scan_disable,
0d8cc935 2664 DISCOV_LE_TIMEOUT);
7c307720
AG		 2665 break;
2666
2667 case DISCOV_TYPE_INTERLEAVED:
2668 queue_delayed_work(hdev->workqueue, &hdev->le_scan_disable,
0d8cc935 2669 DISCOV_INTERLEAVED_TIMEOUT);
7c307720
AG		 2670 break;
2671
2672 case DISCOV_TYPE_BREDR:
2673 break;
2674
2675 default:
2676 BT_ERR("Invalid discovery type %d", hdev->discovery.type);
2677 }
2678}
2679
bdb6d971 2680static int start_discovery(struct sock *sk, struct hci_dev *hdev,
04124681 2681 void *data, u16 len)
14a53664 2682{
650f726d 2683 struct mgmt_cp_start_discovery *cp = data;
14a53664 2684 struct pending_cmd *cmd;
7c307720
AG		 2685 struct hci_cp_le_set_scan_param param_cp;
2686 struct hci_cp_le_set_scan_enable enable_cp;
2687 struct hci_cp_inquiry inq_cp;
2688 struct hci_request req;
2689 /* General inquiry access code (GIAC) */
2690 u8 lap[3] = { 0x33, 0x8b, 0x9e };
14a53664
JH		 2691 int err;
2692
bdb6d971 2693 BT_DBG("%s", hdev->name);
14a53664 2694
09fd0de5 2695 hci_dev_lock(hdev);
14a53664 2696
4b34ee78 2697 if (!hdev_is_powered(hdev)) {
bdb6d971 2698 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
04124681 2699 MGMT_STATUS_NOT_POWERED);
bd2d1334
JH		 2700 goto failed;
2701 }
2702
642be6c7
AG		 2703 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags)) {
2704 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2705 MGMT_STATUS_BUSY);
2706 goto failed;
2707 }
2708
ff9ef578 2709 if (hdev->discovery.state != DISCOVERY_STOPPED) {
bdb6d971 2710 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
04124681 2711 MGMT_STATUS_BUSY);
ff9ef578
JH		 2712 goto failed;
2713 }
2714
2e58ef3e 2715 cmd = mgmt_pending_add(sk, MGMT_OP_START_DISCOVERY, hdev, NULL, 0);
14a53664
JH		 2716 if (!cmd) {
2717 err = -ENOMEM;
2718 goto failed;
2719 }
2720
4aab14e5
AG		 2721 hdev->discovery.type = cp->type;
2722
7c307720
AG		 2723 hci_req_init(&req, hdev);
2724
4aab14e5 2725 switch (hdev->discovery.type) {
f39799f5 2726 case DISCOV_TYPE_BREDR:
04106755
JH		 2727 if (!lmp_bredr_capable(hdev)) {
2728 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2729 MGMT_STATUS_NOT_SUPPORTED);
2730 mgmt_pending_remove(cmd);
2731 goto failed;
2732 }
2733
7c307720
AG		 2734 if (test_bit(HCI_INQUIRY, &hdev->flags)) {
2735 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2736 MGMT_STATUS_BUSY);
2737 mgmt_pending_remove(cmd);
2738 goto failed;
2739 }
2740
2741 hci_inquiry_cache_flush(hdev);
2742
2743 memset(&inq_cp, 0, sizeof(inq_cp));
2744 memcpy(&inq_cp.lap, lap, sizeof(inq_cp.lap));
0d8cc935 2745 inq_cp.length = DISCOV_BREDR_INQUIRY_LEN;
7c307720 2746 hci_req_add(&req, HCI_OP_INQUIRY, sizeof(inq_cp), &inq_cp);
f39799f5
AG		 2747 break;
2748
2749 case DISCOV_TYPE_LE:
7c307720 2750 case DISCOV_TYPE_INTERLEAVED:
757aee0f 2751 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
04106755
JH		 2752 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2753 MGMT_STATUS_NOT_SUPPORTED);
2754 mgmt_pending_remove(cmd);
2755 goto failed;
2756 }
2757
7c307720
AG		 2758 if (hdev->discovery.type == DISCOV_TYPE_INTERLEAVED &&
2759 !lmp_bredr_capable(hdev)) {
04106755
JH		 2760 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2761 MGMT_STATUS_NOT_SUPPORTED);
2762 mgmt_pending_remove(cmd);
2763 goto failed;
2764 }
2765
7c307720
AG		 2766 if (test_bit(HCI_LE_PERIPHERAL, &hdev->dev_flags)) {
2767 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2768 MGMT_STATUS_REJECTED);
2769 mgmt_pending_remove(cmd);
2770 goto failed;
2771 }
2772
2773 if (test_bit(HCI_LE_SCAN, &hdev->dev_flags)) {
2774 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2775 MGMT_STATUS_BUSY);
2776 mgmt_pending_remove(cmd);
2777 goto failed;
2778 }
2779
2780 memset(&param_cp, 0, sizeof(param_cp));
2781 param_cp.type = LE_SCAN_ACTIVE;
0d8cc935
AG		 2782 param_cp.interval = cpu_to_le16(DISCOV_LE_SCAN_INT);
2783 param_cp.window = cpu_to_le16(DISCOV_LE_SCAN_WIN);
7c307720
AG		 2784 hci_req_add(&req, HCI_OP_LE_SET_SCAN_PARAM, sizeof(param_cp),
2785 &param_cp);
2786
2787 memset(&enable_cp, 0, sizeof(enable_cp));
2788 enable_cp.enable = LE_SCAN_ENABLE;
2789 enable_cp.filter_dup = LE_SCAN_FILTER_DUP_ENABLE;
2790 hci_req_add(&req, HCI_OP_LE_SET_SCAN_ENABLE, sizeof(enable_cp),
2791 &enable_cp);
5e0452c0
AG		 2792 break;
2793
f39799f5 2794 default:
04106755
JH		 2795 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2796 MGMT_STATUS_INVALID_PARAMS);
2797 mgmt_pending_remove(cmd);
2798 goto failed;
f39799f5 2799 }
3fd24153 2800
7c307720 2801 err = hci_req_run(&req, start_discovery_complete);
14a53664
JH		 2802 if (err < 0)
2803 mgmt_pending_remove(cmd);
ff9ef578
JH		 2804 else
2805 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
14a53664
JH		 2806
2807failed:
09fd0de5 2808 hci_dev_unlock(hdev);
14a53664
JH		 2809 return err;
2810}
2811
1183fdca
AG		 2812static int mgmt_stop_discovery_failed(struct hci_dev *hdev, u8 status)
2813{
2814 struct pending_cmd *cmd;
2815 int err;
2816
2817 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
2818 if (!cmd)
2819 return -ENOENT;
2820
2821 err = cmd_complete(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status),
2822 &hdev->discovery.type, sizeof(hdev->discovery.type));
2823 mgmt_pending_remove(cmd);
2824
2825 return err;
2826}
2827
0e05bba6
AG		 2828static void stop_discovery_complete(struct hci_dev *hdev, u8 status)
2829{
2830 BT_DBG("status %d", status);
2831
2832 hci_dev_lock(hdev);
2833
2834 if (status) {
2835 mgmt_stop_discovery_failed(hdev, status);
2836 goto unlock;
2837 }
2838
2839 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
2840
2841unlock:
2842 hci_dev_unlock(hdev);
2843}
2844
bdb6d971 2845static int stop_discovery(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2846 u16 len)
14a53664 2847{
d930650b 2848 struct mgmt_cp_stop_discovery *mgmt_cp = data;
14a53664 2849 struct pending_cmd *cmd;
30dc78e1
JH		 2850 struct hci_cp_remote_name_req_cancel cp;
2851 struct inquiry_entry *e;
0e05bba6
AG		 2852 struct hci_request req;
2853 struct hci_cp_le_set_scan_enable enable_cp;
14a53664
JH		 2854 int err;
2855
bdb6d971 2856 BT_DBG("%s", hdev->name);
14a53664 2857
09fd0de5 2858 hci_dev_lock(hdev);
14a53664 2859
30dc78e1 2860 if (!hci_discovery_active(hdev)) {
bdb6d971 2861 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
04124681
GP		 2862 MGMT_STATUS_REJECTED, &mgmt_cp->type,
2863 sizeof(mgmt_cp->type));
d930650b
JH		 2864 goto unlock;
2865 }
2866
2867 if (hdev->discovery.type != mgmt_cp->type) {
bdb6d971 2868 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
04124681
GP		 2869 MGMT_STATUS_INVALID_PARAMS, &mgmt_cp->type,
2870 sizeof(mgmt_cp->type));
30dc78e1 2871 goto unlock;
ff9ef578
JH		 2872 }
2873
2e58ef3e 2874 cmd = mgmt_pending_add(sk, MGMT_OP_STOP_DISCOVERY, hdev, NULL, 0);
14a53664
JH		 2875 if (!cmd) {
2876 err = -ENOMEM;
30dc78e1
JH		 2877 goto unlock;
2878 }
2879
0e05bba6
AG		 2880 hci_req_init(&req, hdev);
2881
e0d9727e
AG		 2882 switch (hdev->discovery.state) {
2883 case DISCOVERY_FINDING:
0e05bba6
AG		 2884 if (test_bit(HCI_INQUIRY, &hdev->flags)) {
2885 hci_req_add(&req, HCI_OP_INQUIRY_CANCEL, 0, NULL);
2886 } else {
2887 cancel_delayed_work(&hdev->le_scan_disable);
2888
2889 memset(&enable_cp, 0, sizeof(enable_cp));
2890 enable_cp.enable = LE_SCAN_DISABLE;
2891 hci_req_add(&req, HCI_OP_LE_SET_SCAN_ENABLE,
2892 sizeof(enable_cp), &enable_cp);
2893 }
c9ecc48e 2894
e0d9727e
AG		 2895 break;
2896
2897 case DISCOVERY_RESOLVING:
2898 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY,
8ce8e2b5 2899 NAME_PENDING);
e0d9727e 2900 if (!e) {
30dc78e1 2901 mgmt_pending_remove(cmd);
e0d9727e
AG		 2902 err = cmd_complete(sk, hdev->id,
2903 MGMT_OP_STOP_DISCOVERY, 0,
2904 &mgmt_cp->type,
2905 sizeof(mgmt_cp->type));
2906 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
2907 goto unlock;
2908 }
30dc78e1 2909
e0d9727e 2910 bacpy(&cp.bdaddr, &e->data.bdaddr);
0e05bba6
AG		 2911 hci_req_add(&req, HCI_OP_REMOTE_NAME_REQ_CANCEL, sizeof(cp),
2912 &cp);
e0d9727e
AG		 2913
2914 break;
2915
2916 default:
2917 BT_DBG("unknown discovery state %u", hdev->discovery.state);
0e05bba6
AG		 2918
2919 mgmt_pending_remove(cmd);
2920 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
2921 MGMT_STATUS_FAILED, &mgmt_cp->type,
2922 sizeof(mgmt_cp->type));
2923 goto unlock;
14a53664
JH		 2924 }
2925
0e05bba6 2926 err = hci_req_run(&req, stop_discovery_complete);
14a53664
JH		 2927 if (err < 0)
2928 mgmt_pending_remove(cmd);
ff9ef578
JH		 2929 else
2930 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
14a53664 2931
30dc78e1 2932unlock:
09fd0de5 2933 hci_dev_unlock(hdev);
14a53664
JH		 2934 return err;
2935}
2936
bdb6d971 2937static int confirm_name(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2938 u16 len)
561aafbc 2939{
650f726d 2940 struct mgmt_cp_confirm_name *cp = data;
561aafbc 2941 struct inquiry_entry *e;
561aafbc
JH		 2942 int err;
2943
bdb6d971 2944 BT_DBG("%s", hdev->name);
561aafbc 2945
561aafbc
JH		 2946 hci_dev_lock(hdev);
2947
30dc78e1 2948 if (!hci_discovery_active(hdev)) {
bdb6d971 2949 err = cmd_status(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
04124681 2950 MGMT_STATUS_FAILED);
30dc78e1
JH		 2951 goto failed;
2952 }
2953
a198e7b1 2954 e = hci_inquiry_cache_lookup_unknown(hdev, &cp->addr.bdaddr);
561aafbc 2955 if (!e) {
bdb6d971 2956 err = cmd_status(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
04124681 2957 MGMT_STATUS_INVALID_PARAMS);
561aafbc
JH		 2958 goto failed;
2959 }
2960
2961 if (cp->name_known) {
2962 e->name_state = NAME_KNOWN;
2963 list_del(&e->list);
2964 } else {
2965 e->name_state = NAME_NEEDED;
a3d4e20a 2966 hci_inquiry_cache_update_resolve(hdev, e);
561aafbc
JH		 2967 }
2968
e384662b
JH		 2969 err = cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME, 0, &cp->addr,
2970 sizeof(cp->addr));
561aafbc
JH		 2971
2972failed:
2973 hci_dev_unlock(hdev);
561aafbc
JH		 2974 return err;
2975}
2976
bdb6d971 2977static int block_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2978 u16 len)
7fbec224 2979{
650f726d 2980 struct mgmt_cp_block_device *cp = data;
f0eeea8b 2981 u8 status;
7fbec224
AJ		 2982 int err;
2983
bdb6d971 2984 BT_DBG("%s", hdev->name);
7fbec224 2985
4ee71b20 2986 if (!bdaddr_type_is_valid(cp->addr.type))
5d0846d4
JH		 2987 return cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE,
2988 MGMT_STATUS_INVALID_PARAMS,
2989 &cp->addr, sizeof(cp->addr));
4ee71b20 2990
09fd0de5 2991 hci_dev_lock(hdev);
5e762444 2992
88c1fe4b 2993 err = hci_blacklist_add(hdev, &cp->addr.bdaddr, cp->addr.type);
7fbec224 2994 if (err < 0)
f0eeea8b 2995 status = MGMT_STATUS_FAILED;
7fbec224 2996 else
a6785be2 2997 status = MGMT_STATUS_SUCCESS;
f0eeea8b 2998
bdb6d971 2999 err = cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE, status,
04124681 3000 &cp->addr, sizeof(cp->addr));
5e762444 3001
09fd0de5 3002 hci_dev_unlock(hdev);
7fbec224
AJ		 3003
3004 return err;
3005}
3006
bdb6d971 3007static int unblock_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3008 u16 len)
7fbec224 3009{
650f726d 3010 struct mgmt_cp_unblock_device *cp = data;
f0eeea8b 3011 u8 status;
7fbec224
AJ		 3012 int err;
3013
bdb6d971 3014 BT_DBG("%s", hdev->name);
7fbec224 3015
4ee71b20 3016 if (!bdaddr_type_is_valid(cp->addr.type))
5d0846d4
JH		 3017 return cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE,
3018 MGMT_STATUS_INVALID_PARAMS,
3019 &cp->addr, sizeof(cp->addr));
4ee71b20 3020
09fd0de5 3021 hci_dev_lock(hdev);
5e762444 3022
88c1fe4b 3023 err = hci_blacklist_del(hdev, &cp->addr.bdaddr, cp->addr.type);
7fbec224 3024 if (err < 0)
f0eeea8b 3025 status = MGMT_STATUS_INVALID_PARAMS;
7fbec224 3026 else
a6785be2 3027 status = MGMT_STATUS_SUCCESS;
f0eeea8b 3028
bdb6d971 3029 err = cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE, status,
04124681 3030 &cp->addr, sizeof(cp->addr));
5e762444 3031
09fd0de5 3032 hci_dev_unlock(hdev);
7fbec224
AJ		 3033
3034 return err;
3035}
3036
cdbaccca
MH		 3037static int set_device_id(struct sock *sk, struct hci_dev *hdev, void *data,
3038 u16 len)
3039{
3040 struct mgmt_cp_set_device_id *cp = data;
890ea898 3041 struct hci_request req;
cdbaccca 3042 int err;
c72d4b8a 3043 __u16 source;
cdbaccca
MH		 3044
3045 BT_DBG("%s", hdev->name);
3046
c72d4b8a
SJ		 3047 source = __le16_to_cpu(cp->source);
3048
3049 if (source > 0x0002)
3050 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEVICE_ID,
3051 MGMT_STATUS_INVALID_PARAMS);
3052
cdbaccca
MH		 3053 hci_dev_lock(hdev);
3054
c72d4b8a 3055 hdev->devid_source = source;
cdbaccca
MH		 3056 hdev->devid_vendor = __le16_to_cpu(cp->vendor);
3057 hdev->devid_product = __le16_to_cpu(cp->product);
3058 hdev->devid_version = __le16_to_cpu(cp->version);
3059
3060 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEVICE_ID, 0, NULL, 0);
3061
890ea898
JH		 3062 hci_req_init(&req, hdev);
3063 update_eir(&req);
3064 hci_req_run(&req, NULL);
cdbaccca
MH		 3065
3066 hci_dev_unlock(hdev);
3067
3068 return err;
3069}
3070
33e38b3e
JH		 3071static void fast_connectable_complete(struct hci_dev *hdev, u8 status)
3072{
3073 struct pending_cmd *cmd;
3074
3075 BT_DBG("status 0x%02x", status);
3076
3077 hci_dev_lock(hdev);
3078
3079 cmd = mgmt_pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev);
3080 if (!cmd)
3081 goto unlock;
3082
3083 if (status) {
3084 cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
3085 mgmt_status(status));
3086 } else {
1a4d3c4b
JH		 3087 struct mgmt_mode *cp = cmd->param;
3088
3089 if (cp->val)
3090 set_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
3091 else
3092 clear_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
3093
33e38b3e
JH		 3094 send_settings_rsp(cmd->sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev);
3095 new_settings(hdev, cmd->sk);
3096 }
3097
3098 mgmt_pending_remove(cmd);
3099
3100unlock:
3101 hci_dev_unlock(hdev);
3102}
3103
bdb6d971 3104static int set_fast_connectable(struct sock *sk, struct hci_dev *hdev,
04124681 3105 void *data, u16 len)
f6422ec6 3106{
650f726d 3107 struct mgmt_mode *cp = data;
33e38b3e
JH		 3108 struct pending_cmd *cmd;
3109 struct hci_request req;
f6422ec6
AJ		 3110 int err;
3111
bdb6d971 3112 BT_DBG("%s", hdev->name);
f6422ec6 3113
1a47aee8 3114 if (!lmp_bredr_capable(hdev) || hdev->hci_ver < BLUETOOTH_VER_1_2)
33c525c0
JH		 3115 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
3116 MGMT_STATUS_NOT_SUPPORTED);
3117
a7e80f25
JH		 3118 if (cp->val != 0x00 && cp->val != 0x01)
3119 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
3120 MGMT_STATUS_INVALID_PARAMS);
3121
5400c044 3122 if (!hdev_is_powered(hdev))
bdb6d971 3123 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
04124681 3124 MGMT_STATUS_NOT_POWERED);
5400c044
JH		 3125
3126 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
bdb6d971 3127 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
04124681 3128 MGMT_STATUS_REJECTED);
f6422ec6
AJ		 3129
3130 hci_dev_lock(hdev);
3131
05cbf29f
JH		 3132 if (mgmt_pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev)) {
3133 err = cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
3134 MGMT_STATUS_BUSY);
3135 goto unlock;
3136 }
3137
1a4d3c4b
JH		 3138 if (!!cp->val == test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags)) {
3139 err = send_settings_rsp(sk, MGMT_OP_SET_FAST_CONNECTABLE,
3140 hdev);
3141 goto unlock;
3142 }
3143
33e38b3e
JH		 3144 cmd = mgmt_pending_add(sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev,
3145 data, len);
3146 if (!cmd) {
3147 err = -ENOMEM;
3148 goto unlock;
f6422ec6
AJ		 3149 }
3150
33e38b3e
JH		 3151 hci_req_init(&req, hdev);
3152
406d7804 3153 write_fast_connectable(&req, cp->val);
33e38b3e
JH		 3154
3155 err = hci_req_run(&req, fast_connectable_complete);
f6422ec6 3156 if (err < 0) {
bdb6d971 3157 err = cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
04124681 3158 MGMT_STATUS_FAILED);
33e38b3e 3159 mgmt_pending_remove(cmd);
f6422ec6
AJ		 3160 }
3161
33e38b3e 3162unlock:
f6422ec6 3163 hci_dev_unlock(hdev);
33e38b3e 3164
f6422ec6
AJ		 3165 return err;
3166}
3167
3f706b72
JH		 3168static bool ltk_is_valid(struct mgmt_ltk_info *key)
3169{
44b20d33
JH		 3170 if (key->authenticated != 0x00 && key->authenticated != 0x01)
3171 return false;
3f706b72
JH		 3172 if (key->master != 0x00 && key->master != 0x01)
3173 return false;
4ee71b20
JH		 3174 if (!bdaddr_type_is_le(key->addr.type))
3175 return false;
3f706b72
JH		 3176 return true;
3177}
3178
bdb6d971 3179static int load_long_term_keys(struct sock *sk, struct hci_dev *hdev,
04124681 3180 void *cp_data, u16 len)
346af67b 3181{
346af67b
VCG		 3182 struct mgmt_cp_load_long_term_keys *cp = cp_data;
3183 u16 key_count, expected_len;
715a5bf2 3184 int i, err;
346af67b 3185
1f350c87 3186 key_count = __le16_to_cpu(cp->key_count);
346af67b
VCG		 3187
3188 expected_len = sizeof(*cp) + key_count *
3189 sizeof(struct mgmt_ltk_info);
3190 if (expected_len != len) {
3191 BT_ERR("load_keys: expected %u bytes, got %u bytes",
8ce8e2b5 3192 len, expected_len);
bdb6d971 3193 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
e57e619f 3194 MGMT_STATUS_INVALID_PARAMS);
346af67b
VCG		 3195 }
3196
bdb6d971 3197 BT_DBG("%s key_count %u", hdev->name, key_count);
346af67b 3198
54ad6d8a
JH		 3199 for (i = 0; i < key_count; i++) {
3200 struct mgmt_ltk_info *key = &cp->keys[i];
3201
3f706b72 3202 if (!ltk_is_valid(key))
54ad6d8a
JH		 3203 return cmd_status(sk, hdev->id,
3204 MGMT_OP_LOAD_LONG_TERM_KEYS,
3205 MGMT_STATUS_INVALID_PARAMS);
3206 }
3207
346af67b
VCG		 3208 hci_dev_lock(hdev);
3209
3210 hci_smp_ltks_clear(hdev);
3211
3212 for (i = 0; i < key_count; i++) {
3213 struct mgmt_ltk_info *key = &cp->keys[i];
3214 u8 type;
3215
3216 if (key->master)
3217 type = HCI_SMP_LTK;
3218 else
3219 type = HCI_SMP_LTK_SLAVE;
3220
4596fde5 3221 hci_add_ltk(hdev, &key->addr.bdaddr,
378b5b7e 3222 bdaddr_to_le(key->addr.type),
04124681
GP		 3223 type, 0, key->authenticated, key->val,
3224 key->enc_size, key->ediv, key->rand);
346af67b
VCG		 3225 }
3226
715a5bf2
JH		 3227 err = cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS, 0,
3228 NULL, 0);
3229
346af67b 3230 hci_dev_unlock(hdev);
346af67b 3231
715a5bf2 3232 return err;
346af67b
VCG		 3233}
3234
2e3c35ea 3235static const struct mgmt_handler {
04124681
GP		 3236 int (*func) (struct sock *sk, struct hci_dev *hdev, void *data,
3237 u16 data_len);
be22b54e
JH		 3238 bool var_len;
3239 size_t data_len;
0f4e68cf
JH		 3240} mgmt_handlers[] = {
3241 { NULL }, /* 0x0000 (no command) */
be22b54e
JH		 3242 { read_version, false, MGMT_READ_VERSION_SIZE },
3243 { read_commands, false, MGMT_READ_COMMANDS_SIZE },
3244 { read_index_list, false, MGMT_READ_INDEX_LIST_SIZE },
3245 { read_controller_info, false, MGMT_READ_INFO_SIZE },
3246 { set_powered, false, MGMT_SETTING_SIZE },
3247 { set_discoverable, false, MGMT_SET_DISCOVERABLE_SIZE },
3248 { set_connectable, false, MGMT_SETTING_SIZE },
3249 { set_fast_connectable, false, MGMT_SETTING_SIZE },
3250 { set_pairable, false, MGMT_SETTING_SIZE },
3251 { set_link_security, false, MGMT_SETTING_SIZE },
3252 { set_ssp, false, MGMT_SETTING_SIZE },
3253 { set_hs, false, MGMT_SETTING_SIZE },
3254 { set_le, false, MGMT_SETTING_SIZE },
3255 { set_dev_class, false, MGMT_SET_DEV_CLASS_SIZE },
3256 { set_local_name, false, MGMT_SET_LOCAL_NAME_SIZE },
3257 { add_uuid, false, MGMT_ADD_UUID_SIZE },
3258 { remove_uuid, false, MGMT_REMOVE_UUID_SIZE },
3259 { load_link_keys, true, MGMT_LOAD_LINK_KEYS_SIZE },
3260 { load_long_term_keys, true, MGMT_LOAD_LONG_TERM_KEYS_SIZE },
3261 { disconnect, false, MGMT_DISCONNECT_SIZE },
3262 { get_connections, false, MGMT_GET_CONNECTIONS_SIZE },
3263 { pin_code_reply, false, MGMT_PIN_CODE_REPLY_SIZE },
3264 { pin_code_neg_reply, false, MGMT_PIN_CODE_NEG_REPLY_SIZE },
3265 { set_io_capability, false, MGMT_SET_IO_CAPABILITY_SIZE },
3266 { pair_device, false, MGMT_PAIR_DEVICE_SIZE },
3267 { cancel_pair_device, false, MGMT_CANCEL_PAIR_DEVICE_SIZE },
3268 { unpair_device, false, MGMT_UNPAIR_DEVICE_SIZE },
3269 { user_confirm_reply, false, MGMT_USER_CONFIRM_REPLY_SIZE },
3270 { user_confirm_neg_reply, false, MGMT_USER_CONFIRM_NEG_REPLY_SIZE },
3271 { user_passkey_reply, false, MGMT_USER_PASSKEY_REPLY_SIZE },
3272 { user_passkey_neg_reply, false, MGMT_USER_PASSKEY_NEG_REPLY_SIZE },
3273 { read_local_oob_data, false, MGMT_READ_LOCAL_OOB_DATA_SIZE },
3274 { add_remote_oob_data, false, MGMT_ADD_REMOTE_OOB_DATA_SIZE },
3275 { remove_remote_oob_data, false, MGMT_REMOVE_REMOTE_OOB_DATA_SIZE },
3276 { start_discovery, false, MGMT_START_DISCOVERY_SIZE },
3277 { stop_discovery, false, MGMT_STOP_DISCOVERY_SIZE },
3278 { confirm_name, false, MGMT_CONFIRM_NAME_SIZE },
3279 { block_device, false, MGMT_BLOCK_DEVICE_SIZE },
3280 { unblock_device, false, MGMT_UNBLOCK_DEVICE_SIZE },
cdbaccca 3281 { set_device_id, false, MGMT_SET_DEVICE_ID_SIZE },
0f4e68cf
JH		 3282};
3283
3284
0381101f
JH		 3285int mgmt_control(struct sock *sk, struct msghdr *msg, size_t msglen)
3286{
650f726d
VCG		 3287 void *buf;
3288 u8 *cp;
0381101f 3289 struct mgmt_hdr *hdr;
4e51eae9 3290 u16 opcode, index, len;
bdb6d971 3291 struct hci_dev *hdev = NULL;
2e3c35ea 3292 const struct mgmt_handler *handler;
0381101f
JH		 3293 int err;
3294
3295 BT_DBG("got %zu bytes", msglen);
3296
3297 if (msglen < sizeof(*hdr))
3298 return -EINVAL;
3299
e63a15ec 3300 buf = kmalloc(msglen, GFP_KERNEL);
0381101f
JH		 3301 if (!buf)
3302 return -ENOMEM;
3303
3304 if (memcpy_fromiovec(buf, msg->msg_iov, msglen)) {
3305 err = -EFAULT;
3306 goto done;
3307 }
3308
650f726d 3309 hdr = buf;
1f350c87
MH		 3310 opcode = __le16_to_cpu(hdr->opcode);
3311 index = __le16_to_cpu(hdr->index);
3312 len = __le16_to_cpu(hdr->len);
0381101f
JH		 3313
3314 if (len != msglen - sizeof(*hdr)) {
3315 err = -EINVAL;
3316 goto done;
3317 }
3318
0f4e68cf 3319 if (index != MGMT_INDEX_NONE) {
bdb6d971
JH		 3320 hdev = hci_dev_get(index);
3321 if (!hdev) {
3322 err = cmd_status(sk, index, opcode,
04124681 3323 MGMT_STATUS_INVALID_INDEX);
bdb6d971
JH		 3324 goto done;
3325 }
0736cfa8
MH		 3326
3327 if (test_bit(HCI_USER_CHANNEL, &hdev->dev_flags)) {
3328 err = cmd_status(sk, index, opcode,
3329 MGMT_STATUS_INVALID_INDEX);
3330 goto done;
3331 }
bdb6d971
JH		 3332 }
3333
0f4e68cf 3334 if (opcode >= ARRAY_SIZE(mgmt_handlers) ||
8ce8e2b5 3335 mgmt_handlers[opcode].func == NULL) {
0381101f 3336 BT_DBG("Unknown op %u", opcode);
ca69b795 3337 err = cmd_status(sk, index, opcode,
04124681 3338 MGMT_STATUS_UNKNOWN_COMMAND);
0f4e68cf
JH		 3339 goto done;
3340 }
3341
3342 if ((hdev && opcode < MGMT_OP_READ_INFO) ||
8ce8e2b5 3343 (!hdev && opcode >= MGMT_OP_READ_INFO)) {
0f4e68cf 3344 err = cmd_status(sk, index, opcode,
04124681 3345 MGMT_STATUS_INVALID_INDEX);
0f4e68cf 3346 goto done;
0381101f
JH		 3347 }
3348
be22b54e
JH		 3349 handler = &mgmt_handlers[opcode];
3350
3351 if ((handler->var_len && len < handler->data_len) ||
8ce8e2b5 3352 (!handler->var_len && len != handler->data_len)) {
be22b54e 3353 err = cmd_status(sk, index, opcode,
04124681 3354 MGMT_STATUS_INVALID_PARAMS);
be22b54e
JH		 3355 goto done;
3356 }
3357
0f4e68cf
JH		 3358 if (hdev)
3359 mgmt_init_hdev(sk, hdev);
3360
3361 cp = buf + sizeof(*hdr);
3362
be22b54e 3363 err = handler->func(sk, hdev, cp, len);
e41d8b4e
JH		 3364 if (err < 0)
3365 goto done;
3366
0381101f
JH		 3367 err = msglen;
3368
3369done:
bdb6d971
JH		 3370 if (hdev)
3371 hci_dev_put(hdev);
3372
0381101f
JH		 3373 kfree(buf);
3374 return err;
3375}
c71e97bf 3376
b24752fe
JH		 3377static void cmd_status_rsp(struct pending_cmd *cmd, void *data)
3378{
3379 u8 *status = data;
3380
3381 cmd_status(cmd->sk, cmd->index, cmd->opcode, *status);
3382 mgmt_pending_remove(cmd);
3383}
3384
744cf19e 3385int mgmt_index_added(struct hci_dev *hdev)
c71e97bf 3386{
bb4b2a9a
AE		 3387 if (!mgmt_valid_hdev(hdev))
3388 return -ENOTSUPP;
3389
744cf19e 3390 return mgmt_event(MGMT_EV_INDEX_ADDED, hdev, NULL, 0, NULL);
c71e97bf
JH		 3391}
3392
744cf19e 3393int mgmt_index_removed(struct hci_dev *hdev)
c71e97bf 3394{
5f159032 3395 u8 status = MGMT_STATUS_INVALID_INDEX;
b24752fe 3396
bb4b2a9a
AE		 3397 if (!mgmt_valid_hdev(hdev))
3398 return -ENOTSUPP;
3399
744cf19e 3400 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status);
b24752fe 3401
744cf19e 3402 return mgmt_event(MGMT_EV_INDEX_REMOVED, hdev, NULL, 0, NULL);
eec8d2bc
JH		 3403}
3404
73f22f62 3405struct cmd_lookup {
eec8d2bc 3406 struct sock *sk;
69ab39ea 3407 struct hci_dev *hdev;
90e70454 3408 u8 mgmt_status;
eec8d2bc
JH		 3409};
3410
69ab39ea 3411static void settings_rsp(struct pending_cmd *cmd, void *data)
eec8d2bc 3412{
73f22f62 3413 struct cmd_lookup *match = data;
eec8d2bc 3414
69ab39ea 3415 send_settings_rsp(cmd->sk, cmd->opcode, match->hdev);
eec8d2bc
JH		 3416
3417 list_del(&cmd->list);
3418
3419 if (match->sk == NULL) {
3420 match->sk = cmd->sk;
3421 sock_hold(match->sk);
3422 }
3423
3424 mgmt_pending_free(cmd);
c71e97bf 3425}
5add6af8 3426
890ea898 3427static void set_bredr_scan(struct hci_request *req)
7f0ae647 3428{
890ea898 3429 struct hci_dev *hdev = req->hdev;
7f0ae647
JH		 3430 u8 scan = 0;
3431
4c01f8b8
JH		 3432 /* Ensure that fast connectable is disabled. This function will
3433 * not do anything if the page scan parameters are already what
3434 * they should be.
3435 */
3436 write_fast_connectable(req, false);
3437
7f0ae647
JH		 3438 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
3439 scan |= SCAN_PAGE;
3440 if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
3441 scan |= SCAN_INQUIRY;
3442
890ea898
JH		 3443 if (scan)
3444 hci_req_add(req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
7f0ae647
JH		 3445}
3446
229ab39c
JH		 3447static void powered_complete(struct hci_dev *hdev, u8 status)
3448{
3449 struct cmd_lookup match = { NULL, hdev };
3450
3451 BT_DBG("status 0x%02x", status);
3452
3453 hci_dev_lock(hdev);
3454
3455 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
3456
3457 new_settings(hdev, match.sk);
3458
3459 hci_dev_unlock(hdev);
3460
3461 if (match.sk)
3462 sock_put(match.sk);
3463}
3464
70da6243 3465static int powered_update_hci(struct hci_dev *hdev)
5add6af8 3466{
890ea898 3467 struct hci_request req;
70da6243 3468 u8 link_sec;
5add6af8 3469
890ea898
JH		 3470 hci_req_init(&req, hdev);
3471
70da6243
JH		 3472 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags) &&
3473 !lmp_host_ssp_capable(hdev)) {
3474 u8 ssp = 1;
5e5282bb 3475
890ea898 3476 hci_req_add(&req, HCI_OP_WRITE_SSP_MODE, 1, &ssp);
70da6243 3477 }
5add6af8 3478
c73eee91
JH		 3479 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags) &&
3480 lmp_bredr_capable(hdev)) {
70da6243 3481 struct hci_cp_write_le_host_supported cp;
f0ff92fb 3482
70da6243
JH		 3483 cp.le = 1;
3484 cp.simul = lmp_le_br_capable(hdev);
3d1cbdd6 3485
70da6243
JH		 3486 /* Check first if we already have the right
3487 * host state (host features set)
3488 */
3489 if (cp.le != lmp_host_le_capable(hdev) ||
3490 cp.simul != lmp_host_le_br_capable(hdev))
890ea898
JH		 3491 hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED,
3492 sizeof(cp), &cp);
70da6243 3493 }
3d1cbdd6 3494
70da6243
JH		 3495 link_sec = test_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
3496 if (link_sec != test_bit(HCI_AUTH, &hdev->flags))
890ea898
JH		 3497 hci_req_add(&req, HCI_OP_WRITE_AUTH_ENABLE,
3498 sizeof(link_sec), &link_sec);
562fcc24 3499
70da6243 3500 if (lmp_bredr_capable(hdev)) {
890ea898
JH		 3501 set_bredr_scan(&req);
3502 update_class(&req);
13928971 3503 update_name(&req);
890ea898 3504 update_eir(&req);
70da6243 3505 }
562fcc24 3506
229ab39c 3507 return hci_req_run(&req, powered_complete);
70da6243 3508}
562fcc24 3509
70da6243
JH		 3510int mgmt_powered(struct hci_dev *hdev, u8 powered)
3511{
3512 struct cmd_lookup match = { NULL, hdev };
229ab39c
JH		 3513 u8 status_not_powered = MGMT_STATUS_NOT_POWERED;
3514 u8 zero_cod[] = { 0, 0, 0 };
70da6243 3515 int err;
f0ff92fb 3516
70da6243
JH		 3517 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
3518 return 0;
3519
70da6243 3520 if (powered) {
229ab39c
JH		 3521 if (powered_update_hci(hdev) == 0)
3522 return 0;
fe038884 3523
229ab39c
JH		 3524 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp,
3525 &match);
3526 goto new_settings;
b24752fe
JH		 3527 }
3528
229ab39c
JH		 3529 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
3530 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status_not_powered);
3531
3532 if (memcmp(hdev->dev_class, zero_cod, sizeof(zero_cod)) != 0)
3533 mgmt_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev,
3534 zero_cod, sizeof(zero_cod), NULL);
3535
3536new_settings:
beadb2bd 3537 err = new_settings(hdev, match.sk);
eec8d2bc
JH		 3538
3539 if (match.sk)
3540 sock_put(match.sk);
3541
7bb895d6 3542 return err;
5add6af8 3543}
73f22f62 3544
96570ffc
JH		 3545int mgmt_set_powered_failed(struct hci_dev *hdev, int err)
3546{
3547 struct pending_cmd *cmd;
3548 u8 status;
3549
3550 cmd = mgmt_pending_find(MGMT_OP_SET_POWERED, hdev);
3551 if (!cmd)
3552 return -ENOENT;
3553
3554 if (err == -ERFKILL)
3555 status = MGMT_STATUS_RFKILLED;
3556 else
3557 status = MGMT_STATUS_FAILED;
3558
3559 err = cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_POWERED, status);
3560
3561 mgmt_pending_remove(cmd);
3562
3563 return err;
3564}
3565
744cf19e 3566int mgmt_discoverable(struct hci_dev *hdev, u8 discoverable)
73f22f62 3567{
76a7f3a4 3568 struct cmd_lookup match = { NULL, hdev };
5e5282bb
JH		 3569 bool changed = false;
3570 int err = 0;
73f22f62 3571
5e5282bb
JH		 3572 if (discoverable) {
3573 if (!test_and_set_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
3574 changed = true;
3575 } else {
3576 if (test_and_clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
3577 changed = true;
3578 }
73f22f62 3579
ed9b5f2f 3580 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, hdev, settings_rsp,
04124681 3581 &match);
ed9b5f2f 3582
beadb2bd
JH		 3583 if (changed)
3584 err = new_settings(hdev, match.sk);
5e5282bb 3585
73f22f62
JH		 3586 if (match.sk)
3587 sock_put(match.sk);
3588
7bb895d6 3589 return err;
73f22f62 3590}
9fbcbb45 3591
744cf19e 3592int mgmt_connectable(struct hci_dev *hdev, u8 connectable)
9fbcbb45 3593{
2b76f453 3594 struct pending_cmd *cmd;
5e5282bb
JH		 3595 bool changed = false;
3596 int err = 0;
9fbcbb45 3597
5e5282bb
JH		 3598 if (connectable) {
3599 if (!test_and_set_bit(HCI_CONNECTABLE, &hdev->dev_flags))
3600 changed = true;
3601 } else {
3602 if (test_and_clear_bit(HCI_CONNECTABLE, &hdev->dev_flags))
3603 changed = true;
3604 }
9fbcbb45 3605
2b76f453 3606 cmd = mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
ed9b5f2f 3607
beadb2bd 3608 if (changed)
2b76f453 3609 err = new_settings(hdev, cmd ? cmd->sk : NULL);
9fbcbb45 3610
7bb895d6 3611 return err;
9fbcbb45 3612}
55ed8ca1 3613
744cf19e 3614int mgmt_write_scan_failed(struct hci_dev *hdev, u8 scan, u8 status)
2d7cee58 3615{
ca69b795
JH		 3616 u8 mgmt_err = mgmt_status(status);
3617
2d7cee58 3618 if (scan & SCAN_PAGE)
744cf19e 3619 mgmt_pending_foreach(MGMT_OP_SET_CONNECTABLE, hdev,
04124681 3620 cmd_status_rsp, &mgmt_err);
2d7cee58
JH		 3621
3622 if (scan & SCAN_INQUIRY)
744cf19e 3623 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, hdev,
04124681 3624 cmd_status_rsp, &mgmt_err);
2d7cee58
JH		 3625
3626 return 0;
3627}
3628
53168e5b
CC		 3629int mgmt_new_link_key(struct hci_dev *hdev, struct link_key *key,
3630 bool persistent)
55ed8ca1 3631{
86742e1e 3632 struct mgmt_ev_new_link_key ev;
55ed8ca1 3633
a492cd52 3634 memset(&ev, 0, sizeof(ev));
55ed8ca1 3635
a492cd52 3636 ev.store_hint = persistent;
d753fdc4 3637 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
591f47f3 3638 ev.key.addr.type = BDADDR_BREDR;
a492cd52 3639 ev.key.type = key->type;
9b3b4460 3640 memcpy(ev.key.val, key->val, HCI_LINK_KEY_SIZE);
a492cd52 3641 ev.key.pin_len = key->pin_len;
55ed8ca1 3642
744cf19e 3643 return mgmt_event(MGMT_EV_NEW_LINK_KEY, hdev, &ev, sizeof(ev), NULL);
55ed8ca1 3644}
f7520543 3645
346af67b
VCG		 3646int mgmt_new_ltk(struct hci_dev *hdev, struct smp_ltk *key, u8 persistent)
3647{
3648 struct mgmt_ev_new_long_term_key ev;
3649
3650 memset(&ev, 0, sizeof(ev));
3651
3652 ev.store_hint = persistent;
3653 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
57c1477c 3654 ev.key.addr.type = link_to_bdaddr(LE_LINK, key->bdaddr_type);
346af67b
VCG		 3655 ev.key.authenticated = key->authenticated;
3656 ev.key.enc_size = key->enc_size;
3657 ev.key.ediv = key->ediv;
3658
3659 if (key->type == HCI_SMP_LTK)
3660 ev.key.master = 1;
3661
3662 memcpy(ev.key.rand, key->rand, sizeof(key->rand));
3663 memcpy(ev.key.val, key->val, sizeof(key->val));
3664
04124681
GP		 3665 return mgmt_event(MGMT_EV_NEW_LONG_TERM_KEY, hdev, &ev, sizeof(ev),
3666 NULL);
346af67b
VCG		 3667}
3668
afc747a6 3669int mgmt_device_connected(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
04124681
GP		 3670 u8 addr_type, u32 flags, u8 *name, u8 name_len,
3671 u8 *dev_class)
f7520543 3672{
b644ba33
JH		 3673 char buf[512];
3674 struct mgmt_ev_device_connected *ev = (void *) buf;
3675 u16 eir_len = 0;
f7520543 3676
b644ba33 3677 bacpy(&ev->addr.bdaddr, bdaddr);
57c1477c 3678 ev->addr.type = link_to_bdaddr(link_type, addr_type);
f7520543 3679
c95f0ba7 3680 ev->flags = __cpu_to_le32(flags);
08c79b61 3681
b644ba33
JH		 3682 if (name_len > 0)
3683 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE,
04124681 3684 name, name_len);
b644ba33
JH		 3685
3686 if (dev_class && memcmp(dev_class, "\0\0\0", 3) != 0)
53156385 3687 eir_len = eir_append_data(ev->eir, eir_len,
04124681 3688 EIR_CLASS_OF_DEV, dev_class, 3);
b644ba33 3689
eb55ef07 3690 ev->eir_len = cpu_to_le16(eir_len);
b644ba33
JH		 3691
3692 return mgmt_event(MGMT_EV_DEVICE_CONNECTED, hdev, buf,
04124681 3693 sizeof(*ev) + eir_len, NULL);
f7520543
JH		 3694}
3695
8962ee74
JH		 3696static void disconnect_rsp(struct pending_cmd *cmd, void *data)
3697{
c68fb7ff 3698 struct mgmt_cp_disconnect *cp = cmd->param;
8962ee74 3699 struct sock **sk = data;
a38528f1 3700 struct mgmt_rp_disconnect rp;
8962ee74 3701
88c3df13
JH		 3702 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
3703 rp.addr.type = cp->addr.type;
8962ee74 3704
aee9b218 3705 cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT, 0, &rp,
04124681 3706 sizeof(rp));
8962ee74
JH		 3707
3708 *sk = cmd->sk;
3709 sock_hold(*sk);
3710
a664b5bc 3711 mgmt_pending_remove(cmd);
8962ee74
JH		 3712}
3713
124f6e35 3714static void unpair_device_rsp(struct pending_cmd *cmd, void *data)
a8a1d19e 3715{
b1078ad0 3716 struct hci_dev *hdev = data;
124f6e35
JH		 3717 struct mgmt_cp_unpair_device *cp = cmd->param;
3718 struct mgmt_rp_unpair_device rp;
a8a1d19e
JH		 3719
3720 memset(&rp, 0, sizeof(rp));
124f6e35
JH		 3721 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
3722 rp.addr.type = cp->addr.type;
a8a1d19e 3723
b1078ad0
JH		 3724 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, cmd->sk);
3725
aee9b218 3726 cmd_complete(cmd->sk, cmd->index, cmd->opcode, 0, &rp, sizeof(rp));
a8a1d19e
JH		 3727
3728 mgmt_pending_remove(cmd);
3729}
3730
afc747a6 3731int mgmt_device_disconnected(struct hci_dev *hdev, bdaddr_t *bdaddr,
f0d6a0ea 3732 u8 link_type, u8 addr_type, u8 reason)
f7520543 3733{
f0d6a0ea 3734 struct mgmt_ev_device_disconnected ev;
8962ee74
JH		 3735 struct sock *sk = NULL;
3736 int err;
3737
744cf19e 3738 mgmt_pending_foreach(MGMT_OP_DISCONNECT, hdev, disconnect_rsp, &sk);
f7520543 3739
f0d6a0ea
MA		 3740 bacpy(&ev.addr.bdaddr, bdaddr);
3741 ev.addr.type = link_to_bdaddr(link_type, addr_type);
3742 ev.reason = reason;
f7520543 3743
afc747a6 3744 err = mgmt_event(MGMT_EV_DEVICE_DISCONNECTED, hdev, &ev, sizeof(ev),
04124681 3745 sk);
8962ee74
JH		 3746
3747 if (sk)
d97dcb66 3748 sock_put(sk);
8962ee74 3749
124f6e35 3750 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
04124681 3751 hdev);
a8a1d19e 3752
8962ee74
JH		 3753 return err;
3754}
3755
88c3df13 3756int mgmt_disconnect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 3757 u8 link_type, u8 addr_type, u8 status)
8962ee74 3758{
88c3df13 3759 struct mgmt_rp_disconnect rp;
8962ee74
JH		 3760 struct pending_cmd *cmd;
3761 int err;
3762
36a75f1b
JD		 3763 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
3764 hdev);
3765
2e58ef3e 3766 cmd = mgmt_pending_find(MGMT_OP_DISCONNECT, hdev);
8962ee74
JH		 3767 if (!cmd)
3768 return -ENOENT;
3769
88c3df13 3770 bacpy(&rp.addr.bdaddr, bdaddr);
57c1477c 3771 rp.addr.type = link_to_bdaddr(link_type, addr_type);
37d9ef76 3772
88c3df13 3773 err = cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT,
04124681 3774 mgmt_status(status), &rp, sizeof(rp));
8962ee74 3775
a664b5bc 3776 mgmt_pending_remove(cmd);
8962ee74
JH		 3777
3778 return err;
f7520543 3779}
17d5c04c 3780
48264f06 3781int mgmt_connect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
04124681 3782 u8 addr_type, u8 status)
17d5c04c
JH		 3783{
3784 struct mgmt_ev_connect_failed ev;
3785
4c659c39 3786 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 3787 ev.addr.type = link_to_bdaddr(link_type, addr_type);
ca69b795 3788 ev.status = mgmt_status(status);
17d5c04c 3789
744cf19e 3790 return mgmt_event(MGMT_EV_CONNECT_FAILED, hdev, &ev, sizeof(ev), NULL);
17d5c04c 3791}
980e1a53 3792
744cf19e 3793int mgmt_pin_code_request(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 secure)
980e1a53
JH		 3794{
3795 struct mgmt_ev_pin_code_request ev;
3796
d8457698 3797 bacpy(&ev.addr.bdaddr, bdaddr);
591f47f3 3798 ev.addr.type = BDADDR_BREDR;
a770bb5a 3799 ev.secure = secure;
980e1a53 3800
744cf19e 3801 return mgmt_event(MGMT_EV_PIN_CODE_REQUEST, hdev, &ev, sizeof(ev),
04124681 3802 NULL);
980e1a53
JH		 3803}
3804
744cf19e 3805int mgmt_pin_code_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 3806 u8 status)
980e1a53
JH		 3807{
3808 struct pending_cmd *cmd;
ac56fb13 3809 struct mgmt_rp_pin_code_reply rp;
980e1a53
JH		 3810 int err;
3811
2e58ef3e 3812 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_REPLY, hdev);
980e1a53
JH		 3813 if (!cmd)
3814 return -ENOENT;
3815
d8457698 3816 bacpy(&rp.addr.bdaddr, bdaddr);
591f47f3 3817 rp.addr.type = BDADDR_BREDR;
ac56fb13 3818
aee9b218 3819 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
04124681 3820 mgmt_status(status), &rp, sizeof(rp));
980e1a53 3821
a664b5bc 3822 mgmt_pending_remove(cmd);
980e1a53
JH		 3823
3824 return err;
3825}
3826
744cf19e 3827int mgmt_pin_code_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 3828 u8 status)
980e1a53
JH		 3829{
3830 struct pending_cmd *cmd;
ac56fb13 3831 struct mgmt_rp_pin_code_reply rp;
980e1a53
JH		 3832 int err;
3833
2e58ef3e 3834 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_NEG_REPLY, hdev);
980e1a53
JH		 3835 if (!cmd)
3836 return -ENOENT;
3837
d8457698 3838 bacpy(&rp.addr.bdaddr, bdaddr);
591f47f3 3839 rp.addr.type = BDADDR_BREDR;
ac56fb13 3840
aee9b218 3841 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_NEG_REPLY,
04124681 3842 mgmt_status(status), &rp, sizeof(rp));
980e1a53 3843
a664b5bc 3844 mgmt_pending_remove(cmd);
980e1a53
JH		 3845
3846 return err;
3847}
a5c29683 3848
744cf19e 3849int mgmt_user_confirm_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681
GP		 3850 u8 link_type, u8 addr_type, __le32 value,
3851 u8 confirm_hint)
a5c29683
JH		 3852{
3853 struct mgmt_ev_user_confirm_request ev;
3854
744cf19e 3855 BT_DBG("%s", hdev->name);
a5c29683 3856
272d90df 3857 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 3858 ev.addr.type = link_to_bdaddr(link_type, addr_type);
55bc1a37 3859 ev.confirm_hint = confirm_hint;
78e8098e 3860 ev.value = value;
a5c29683 3861
744cf19e 3862 return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST, hdev, &ev, sizeof(ev),
04124681 3863 NULL);
a5c29683
JH		 3864}
3865
272d90df 3866int mgmt_user_passkey_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
8ce8e2b5 3867 u8 link_type, u8 addr_type)
604086b7
BG		 3868{
3869 struct mgmt_ev_user_passkey_request ev;
3870
3871 BT_DBG("%s", hdev->name);
3872
272d90df 3873 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 3874 ev.addr.type = link_to_bdaddr(link_type, addr_type);
604086b7
BG		 3875
3876 return mgmt_event(MGMT_EV_USER_PASSKEY_REQUEST, hdev, &ev, sizeof(ev),
04124681 3877 NULL);
604086b7
BG		 3878}
3879
0df4c185 3880static int user_pairing_resp_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
8ce8e2b5
GP		 3881 u8 link_type, u8 addr_type, u8 status,
3882 u8 opcode)
a5c29683
JH		 3883{
3884 struct pending_cmd *cmd;
3885 struct mgmt_rp_user_confirm_reply rp;
3886 int err;
3887
2e58ef3e 3888 cmd = mgmt_pending_find(opcode, hdev);
a5c29683
JH		 3889 if (!cmd)
3890 return -ENOENT;
3891
272d90df 3892 bacpy(&rp.addr.bdaddr, bdaddr);
57c1477c 3893 rp.addr.type = link_to_bdaddr(link_type, addr_type);
aee9b218 3894 err = cmd_complete(cmd->sk, hdev->id, opcode, mgmt_status(status),
04124681 3895 &rp, sizeof(rp));
a5c29683 3896
a664b5bc 3897 mgmt_pending_remove(cmd);
a5c29683
JH		 3898
3899 return err;
3900}
3901
744cf19e 3902int mgmt_user_confirm_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 3903 u8 link_type, u8 addr_type, u8 status)
a5c29683 3904{
272d90df 3905 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
04124681 3906 status, MGMT_OP_USER_CONFIRM_REPLY);
a5c29683
JH		 3907}
3908
272d90df 3909int mgmt_user_confirm_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 3910 u8 link_type, u8 addr_type, u8 status)
a5c29683 3911{
272d90df 3912 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
8fc9ced3
GP		 3913 status,
3914 MGMT_OP_USER_CONFIRM_NEG_REPLY);
a5c29683 3915}
2a611692 3916
604086b7 3917int mgmt_user_passkey_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 3918 u8 link_type, u8 addr_type, u8 status)
604086b7 3919{
272d90df 3920 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
04124681 3921 status, MGMT_OP_USER_PASSKEY_REPLY);
604086b7
BG		 3922}
3923
272d90df 3924int mgmt_user_passkey_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 3925 u8 link_type, u8 addr_type, u8 status)
604086b7 3926{
272d90df 3927 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
8fc9ced3
GP		 3928 status,
3929 MGMT_OP_USER_PASSKEY_NEG_REPLY);
604086b7
BG		 3930}
3931
92a25256
JH		 3932int mgmt_user_passkey_notify(struct hci_dev *hdev, bdaddr_t *bdaddr,
3933 u8 link_type, u8 addr_type, u32 passkey,
3934 u8 entered)
3935{
3936 struct mgmt_ev_passkey_notify ev;
3937
3938 BT_DBG("%s", hdev->name);
3939
3940 bacpy(&ev.addr.bdaddr, bdaddr);
3941 ev.addr.type = link_to_bdaddr(link_type, addr_type);
3942 ev.passkey = __cpu_to_le32(passkey);
3943 ev.entered = entered;
3944
3945 return mgmt_event(MGMT_EV_PASSKEY_NOTIFY, hdev, &ev, sizeof(ev), NULL);
3946}
3947
bab73cb6 3948int mgmt_auth_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
04124681 3949 u8 addr_type, u8 status)
2a611692
JH		 3950{
3951 struct mgmt_ev_auth_failed ev;
3952
bab73cb6 3953 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 3954 ev.addr.type = link_to_bdaddr(link_type, addr_type);
ca69b795 3955 ev.status = mgmt_status(status);
2a611692 3956
744cf19e 3957 return mgmt_event(MGMT_EV_AUTH_FAILED, hdev, &ev, sizeof(ev), NULL);
2a611692 3958}
b312b161 3959
33ef95ed
JH		 3960int mgmt_auth_enable_complete(struct hci_dev *hdev, u8 status)
3961{
3962 struct cmd_lookup match = { NULL, hdev };
47990ea0
JH		 3963 bool changed = false;
3964 int err = 0;
33ef95ed
JH		 3965
3966 if (status) {
3967 u8 mgmt_err = mgmt_status(status);
3968 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev,
04124681 3969 cmd_status_rsp, &mgmt_err);
33ef95ed
JH		 3970 return 0;
3971 }
3972
47990ea0
JH		 3973 if (test_bit(HCI_AUTH, &hdev->flags)) {
3974 if (!test_and_set_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
3975 changed = true;
3976 } else {
3977 if (test_and_clear_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
3978 changed = true;
3979 }
3980
33ef95ed 3981 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev, settings_rsp,
04124681 3982 &match);
33ef95ed 3983
47990ea0
JH		 3984 if (changed)
3985 err = new_settings(hdev, match.sk);
33ef95ed
JH		 3986
3987 if (match.sk)
3988 sock_put(match.sk);
3989
3990 return err;
3991}
3992
890ea898 3993static void clear_eir(struct hci_request *req)
cacaf52f 3994{
890ea898 3995 struct hci_dev *hdev = req->hdev;
cacaf52f
JH		 3996 struct hci_cp_write_eir cp;
3997
976eb20e 3998 if (!lmp_ext_inq_capable(hdev))
890ea898 3999 return;
cacaf52f 4000
c80da27e
JH		 4001 memset(hdev->eir, 0, sizeof(hdev->eir));
4002
cacaf52f
JH		 4003 memset(&cp, 0, sizeof(cp));
4004
890ea898 4005 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
cacaf52f
JH		 4006}
4007
c0ecddc2 4008int mgmt_ssp_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
ed2c4ee3
JH		 4009{
4010 struct cmd_lookup match = { NULL, hdev };
890ea898 4011 struct hci_request req;
c0ecddc2
JH		 4012 bool changed = false;
4013 int err = 0;
ed2c4ee3
JH		 4014
4015 if (status) {
4016 u8 mgmt_err = mgmt_status(status);
c0ecddc2
JH		 4017
4018 if (enable && test_and_clear_bit(HCI_SSP_ENABLED,
04124681 4019 &hdev->dev_flags))
c0ecddc2
JH		 4020 err = new_settings(hdev, NULL);
4021
04124681
GP		 4022 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, cmd_status_rsp,
4023 &mgmt_err);
c0ecddc2
JH		 4024
4025 return err;
4026 }
4027
4028 if (enable) {
4029 if (!test_and_set_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
4030 changed = true;
4031 } else {
4032 if (test_and_clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
4033 changed = true;
ed2c4ee3
JH		 4034 }
4035
4036 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, settings_rsp, &match);
4037
c0ecddc2
JH		 4038 if (changed)
4039 err = new_settings(hdev, match.sk);
ed2c4ee3 4040
5fc6ebb1 4041 if (match.sk)
ed2c4ee3
JH		 4042 sock_put(match.sk);
4043
890ea898
JH		 4044 hci_req_init(&req, hdev);
4045
5fc6ebb1 4046 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
890ea898 4047 update_eir(&req);
5fc6ebb1 4048 else
890ea898
JH		 4049 clear_eir(&req);
4050
4051 hci_req_run(&req, NULL);
cacaf52f 4052
ed2c4ee3
JH		 4053 return err;
4054}
4055
92da6097 4056static void sk_lookup(struct pending_cmd *cmd, void *data)
90e70454
JH		 4057{
4058 struct cmd_lookup *match = data;
4059
90e70454
JH		 4060 if (match->sk == NULL) {
4061 match->sk = cmd->sk;
4062 sock_hold(match->sk);
4063 }
90e70454
JH		 4064}
4065
7f9a903c 4066int mgmt_set_class_of_dev_complete(struct hci_dev *hdev, u8 *dev_class,
04124681 4067 u8 status)
7f9a903c 4068{
90e70454
JH		 4069 struct cmd_lookup match = { NULL, hdev, mgmt_status(status) };
4070 int err = 0;
7f9a903c 4071
92da6097
JH		 4072 mgmt_pending_foreach(MGMT_OP_SET_DEV_CLASS, hdev, sk_lookup, &match);
4073 mgmt_pending_foreach(MGMT_OP_ADD_UUID, hdev, sk_lookup, &match);
4074 mgmt_pending_foreach(MGMT_OP_REMOVE_UUID, hdev, sk_lookup, &match);
90e70454
JH		 4075
4076 if (!status)
04124681
GP		 4077 err = mgmt_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev, dev_class,
4078 3, NULL);
90e70454
JH		 4079
4080 if (match.sk)
4081 sock_put(match.sk);
7f9a903c
MH		 4082
4083 return err;
4084}
4085
744cf19e 4086int mgmt_set_local_name_complete(struct hci_dev *hdev, u8 *name, u8 status)
b312b161 4087{
b312b161 4088 struct mgmt_cp_set_local_name ev;
13928971 4089 struct pending_cmd *cmd;
28cc7bde 4090
13928971
JH		 4091 if (status)
4092 return 0;
b312b161
JH		 4093
4094 memset(&ev, 0, sizeof(ev));
4095 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH);
28cc7bde 4096 memcpy(ev.short_name, hdev->short_name, HCI_MAX_SHORT_NAME_LENGTH);
b312b161 4097
2e58ef3e 4098 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
13928971
JH		 4099 if (!cmd) {
4100 memcpy(hdev->dev_name, name, sizeof(hdev->dev_name));
28cc7bde 4101
13928971
JH		 4102 /* If this is a HCI command related to powering on the
4103 * HCI dev don't send any mgmt signals.
4104 */
4105 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev))
4106 return 0;
890ea898 4107 }
b312b161 4108
13928971
JH		 4109 return mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, &ev, sizeof(ev),
4110 cmd ? cmd->sk : NULL);
b312b161 4111}
c35938b2 4112
744cf19e 4113int mgmt_read_local_oob_data_reply_complete(struct hci_dev *hdev, u8 *hash,
04124681 4114 u8 *randomizer, u8 status)
c35938b2
SJ		 4115{
4116 struct pending_cmd *cmd;
4117 int err;
4118
744cf19e 4119 BT_DBG("%s status %u", hdev->name, status);
c35938b2 4120
2e58ef3e 4121 cmd = mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev);
c35938b2
SJ		 4122 if (!cmd)
4123 return -ENOENT;
4124
4125 if (status) {
04124681
GP		 4126 err = cmd_status(cmd->sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
4127 mgmt_status(status));
c35938b2
SJ		 4128 } else {
4129 struct mgmt_rp_read_local_oob_data rp;
4130
4131 memcpy(rp.hash, hash, sizeof(rp.hash));
4132 memcpy(rp.randomizer, randomizer, sizeof(rp.randomizer));
4133
744cf19e 4134 err = cmd_complete(cmd->sk, hdev->id,
04124681
GP		 4135 MGMT_OP_READ_LOCAL_OOB_DATA, 0, &rp,
4136 sizeof(rp));
c35938b2
SJ		 4137 }
4138
4139 mgmt_pending_remove(cmd);
4140
4141 return err;
4142}
e17acd40 4143
06199cf8
JH		 4144int mgmt_le_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
4145{
4146 struct cmd_lookup match = { NULL, hdev };
4147 bool changed = false;
4148 int err = 0;
4149
4150 if (status) {
4151 u8 mgmt_err = mgmt_status(status);
4152
4153 if (enable && test_and_clear_bit(HCI_LE_ENABLED,
04124681 4154 &hdev->dev_flags))
d97dcb66 4155 err = new_settings(hdev, NULL);
06199cf8 4156
d97dcb66
SJ		 4157 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, cmd_status_rsp,
4158 &mgmt_err);
06199cf8
JH		 4159
4160 return err;
4161 }
4162
4163 if (enable) {
4164 if (!test_and_set_bit(HCI_LE_ENABLED, &hdev->dev_flags))
4165 changed = true;
4166 } else {
4167 if (test_and_clear_bit(HCI_LE_ENABLED, &hdev->dev_flags))
4168 changed = true;
4169 }
4170
4171 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, settings_rsp, &match);
4172
4173 if (changed)
4174 err = new_settings(hdev, match.sk);
4175
4176 if (match.sk)
4177 sock_put(match.sk);
4178
4179 return err;
4180}
4181
48264f06 4182int mgmt_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
04124681
GP		 4183 u8 addr_type, u8 *dev_class, s8 rssi, u8 cfm_name, u8
4184 ssp, u8 *eir, u16 eir_len)
e17acd40 4185{
e319d2e7
JH		 4186 char buf[512];
4187 struct mgmt_ev_device_found *ev = (void *) buf;
1dc06093 4188 size_t ev_size;
e17acd40 4189
12602d0c
AG		 4190 if (!hci_discovery_active(hdev))
4191 return -EPERM;
4192
1dc06093
JH		 4193 /* Leave 5 bytes for a potential CoD field */
4194 if (sizeof(*ev) + eir_len + 5 > sizeof(buf))
7d262f86
AG		 4195 return -EINVAL;
4196
1dc06093
JH		 4197 memset(buf, 0, sizeof(buf));
4198
e319d2e7 4199 bacpy(&ev->addr.bdaddr, bdaddr);
57c1477c 4200 ev->addr.type = link_to_bdaddr(link_type, addr_type);
e319d2e7 4201 ev->rssi = rssi;
9a395a80 4202 if (cfm_name)
612dfce9 4203 ev->flags |= __constant_cpu_to_le32(MGMT_DEV_FOUND_CONFIRM_NAME);
388fc8fa 4204 if (!ssp)
612dfce9 4205 ev->flags |= __constant_cpu_to_le32(MGMT_DEV_FOUND_LEGACY_PAIRING);
e17acd40 4206
1dc06093 4207 if (eir_len > 0)
e319d2e7 4208 memcpy(ev->eir, eir, eir_len);
e17acd40 4209
1dc06093
JH		 4210 if (dev_class && !eir_has_data_type(ev->eir, eir_len, EIR_CLASS_OF_DEV))
4211 eir_len = eir_append_data(ev->eir, eir_len, EIR_CLASS_OF_DEV,
04124681 4212 dev_class, 3);
1dc06093 4213
eb55ef07 4214 ev->eir_len = cpu_to_le16(eir_len);
1dc06093 4215 ev_size = sizeof(*ev) + eir_len;
f8523598 4216
e319d2e7 4217 return mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, ev_size, NULL);
e17acd40 4218}
a88a9652 4219
b644ba33 4220int mgmt_remote_name(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
04124681 4221 u8 addr_type, s8 rssi, u8 *name, u8 name_len)
a88a9652 4222{
b644ba33
JH		 4223 struct mgmt_ev_device_found *ev;
4224 char buf[sizeof(*ev) + HCI_MAX_NAME_LENGTH + 2];
4225 u16 eir_len;
a88a9652 4226
b644ba33 4227 ev = (struct mgmt_ev_device_found *) buf;
a88a9652 4228
b644ba33
JH		 4229 memset(buf, 0, sizeof(buf));
4230
4231 bacpy(&ev->addr.bdaddr, bdaddr);
57c1477c 4232 ev->addr.type = link_to_bdaddr(link_type, addr_type);
b644ba33
JH		 4233 ev->rssi = rssi;
4234
4235 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE, name,
04124681 4236 name_len);
b644ba33 4237
eb55ef07 4238 ev->eir_len = cpu_to_le16(eir_len);
a88a9652 4239
053c7e0c 4240 return mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev,
04124681 4241 sizeof(*ev) + eir_len, NULL);
a88a9652 4242}
314b2381 4243
744cf19e 4244int mgmt_discovering(struct hci_dev *hdev, u8 discovering)
314b2381 4245{
f963e8e9 4246 struct mgmt_ev_discovering ev;
164a6e78
JH		 4247 struct pending_cmd *cmd;
4248
343fb145
AG		 4249 BT_DBG("%s discovering %u", hdev->name, discovering);
4250
164a6e78 4251 if (discovering)
2e58ef3e 4252 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
164a6e78 4253 else
2e58ef3e 4254 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
164a6e78
JH		 4255
4256 if (cmd != NULL) {
f808e166
JH		 4257 u8 type = hdev->discovery.type;
4258
04124681
GP		 4259 cmd_complete(cmd->sk, hdev->id, cmd->opcode, 0, &type,
4260 sizeof(type));
164a6e78
JH		 4261 mgmt_pending_remove(cmd);
4262 }
4263
f963e8e9
JH		 4264 memset(&ev, 0, sizeof(ev));
4265 ev.type = hdev->discovery.type;
4266 ev.discovering = discovering;
4267
4268 return mgmt_event(MGMT_EV_DISCOVERING, hdev, &ev, sizeof(ev), NULL);
314b2381 4269}
5e762444 4270
88c1fe4b 4271int mgmt_device_blocked(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
5e762444
AJ		 4272{
4273 struct pending_cmd *cmd;
4274 struct mgmt_ev_device_blocked ev;
4275
2e58ef3e 4276 cmd = mgmt_pending_find(MGMT_OP_BLOCK_DEVICE, hdev);
5e762444 4277
88c1fe4b
JH		 4278 bacpy(&ev.addr.bdaddr, bdaddr);
4279 ev.addr.type = type;
5e762444 4280
744cf19e 4281 return mgmt_event(MGMT_EV_DEVICE_BLOCKED, hdev, &ev, sizeof(ev),
04124681 4282 cmd ? cmd->sk : NULL);
5e762444
AJ		 4283}
4284
88c1fe4b 4285int mgmt_device_unblocked(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
5e762444
AJ		 4286{
4287 struct pending_cmd *cmd;
4288 struct mgmt_ev_device_unblocked ev;
4289
2e58ef3e 4290 cmd = mgmt_pending_find(MGMT_OP_UNBLOCK_DEVICE, hdev);
5e762444 4291
88c1fe4b
JH		 4292 bacpy(&ev.addr.bdaddr, bdaddr);
4293 ev.addr.type = type;
5e762444 4294
744cf19e 4295 return mgmt_event(MGMT_EV_DEVICE_UNBLOCKED, hdev, &ev, sizeof(ev),
04124681 4296 cmd ? cmd->sk : NULL);
5e762444 4297}
d7b7e796
MH		 4298
4299module_param(enable_hs, bool, 0644);
4300MODULE_PARM_DESC(enable_hs, "Enable High Speed support");
Linux kernel - Deliverables
This page took 0.512428 seconds and 5 git commands to generate.