projects / deliverable / linux.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Bluetooth: Remove l2cap_conn->src and l2cap_conn->dst pointers
[deliverable/linux.git] / net / bluetooth / mgmt.c
CommitLineData
0381101f
JH		 1/*
2 BlueZ - Bluetooth protocol stack for Linux
ea585ab5 3
0381101f 4 Copyright (C) 2010 Nokia Corporation
ea585ab5 5 Copyright (C) 2011-2012 Intel Corporation
0381101f
JH		 6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
10
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
23*/
24
25/* Bluetooth HCI Management interface */
26
3a9a231d 27#include <linux/module.h>
0381101f
JH		 28#include <asm/unaligned.h>
29
30#include <net/bluetooth/bluetooth.h>
31#include <net/bluetooth/hci_core.h>
32#include <net/bluetooth/mgmt.h>
ac4b7236
MH		 33
34#include "smp.h"
0381101f 35
2da9c55c 36#define MGMT_VERSION 1
9ab8cf37 37#define MGMT_REVISION 4
02d98129 38
e70bb2e8
JH		 39static const u16 mgmt_commands[] = {
40 MGMT_OP_READ_INDEX_LIST,
41 MGMT_OP_READ_INFO,
42 MGMT_OP_SET_POWERED,
43 MGMT_OP_SET_DISCOVERABLE,
44 MGMT_OP_SET_CONNECTABLE,
45 MGMT_OP_SET_FAST_CONNECTABLE,
46 MGMT_OP_SET_PAIRABLE,
47 MGMT_OP_SET_LINK_SECURITY,
48 MGMT_OP_SET_SSP,
49 MGMT_OP_SET_HS,
50 MGMT_OP_SET_LE,
51 MGMT_OP_SET_DEV_CLASS,
52 MGMT_OP_SET_LOCAL_NAME,
53 MGMT_OP_ADD_UUID,
54 MGMT_OP_REMOVE_UUID,
55 MGMT_OP_LOAD_LINK_KEYS,
56 MGMT_OP_LOAD_LONG_TERM_KEYS,
57 MGMT_OP_DISCONNECT,
58 MGMT_OP_GET_CONNECTIONS,
59 MGMT_OP_PIN_CODE_REPLY,
60 MGMT_OP_PIN_CODE_NEG_REPLY,
61 MGMT_OP_SET_IO_CAPABILITY,
62 MGMT_OP_PAIR_DEVICE,
63 MGMT_OP_CANCEL_PAIR_DEVICE,
64 MGMT_OP_UNPAIR_DEVICE,
65 MGMT_OP_USER_CONFIRM_REPLY,
66 MGMT_OP_USER_CONFIRM_NEG_REPLY,
67 MGMT_OP_USER_PASSKEY_REPLY,
68 MGMT_OP_USER_PASSKEY_NEG_REPLY,
69 MGMT_OP_READ_LOCAL_OOB_DATA,
70 MGMT_OP_ADD_REMOTE_OOB_DATA,
71 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
72 MGMT_OP_START_DISCOVERY,
73 MGMT_OP_STOP_DISCOVERY,
74 MGMT_OP_CONFIRM_NAME,
75 MGMT_OP_BLOCK_DEVICE,
76 MGMT_OP_UNBLOCK_DEVICE,
cdbaccca 77 MGMT_OP_SET_DEVICE_ID,
4375f103 78 MGMT_OP_SET_ADVERTISING,
0663ca2a 79 MGMT_OP_SET_BREDR,
d13eafce 80 MGMT_OP_SET_STATIC_ADDRESS,
7f72134e 81 MGMT_OP_SET_SCAN_PARAMS,
e70bb2e8
JH		 82};
83
84static const u16 mgmt_events[] = {
85 MGMT_EV_CONTROLLER_ERROR,
86 MGMT_EV_INDEX_ADDED,
87 MGMT_EV_INDEX_REMOVED,
88 MGMT_EV_NEW_SETTINGS,
89 MGMT_EV_CLASS_OF_DEV_CHANGED,
90 MGMT_EV_LOCAL_NAME_CHANGED,
91 MGMT_EV_NEW_LINK_KEY,
92 MGMT_EV_NEW_LONG_TERM_KEY,
93 MGMT_EV_DEVICE_CONNECTED,
94 MGMT_EV_DEVICE_DISCONNECTED,
95 MGMT_EV_CONNECT_FAILED,
96 MGMT_EV_PIN_CODE_REQUEST,
97 MGMT_EV_USER_CONFIRM_REQUEST,
98 MGMT_EV_USER_PASSKEY_REQUEST,
99 MGMT_EV_AUTH_FAILED,
100 MGMT_EV_DEVICE_FOUND,
101 MGMT_EV_DISCOVERING,
102 MGMT_EV_DEVICE_BLOCKED,
103 MGMT_EV_DEVICE_UNBLOCKED,
104 MGMT_EV_DEVICE_UNPAIRED,
92a25256 105 MGMT_EV_PASSKEY_NOTIFY,
e70bb2e8
JH		 106};
107
17b02e62 108#define CACHE_TIMEOUT msecs_to_jiffies(2 * 1000)
7d78525d 109
4b34ee78
JH		 110#define hdev_is_powered(hdev) (test_bit(HCI_UP, &hdev->flags) && \
111 !test_bit(HCI_AUTO_OFF, &hdev->dev_flags))
112
eec8d2bc
JH		 113struct pending_cmd {
114 struct list_head list;
fc2f4b13 115 u16 opcode;
eec8d2bc 116 int index;
c68fb7ff 117 void *param;
eec8d2bc 118 struct sock *sk;
e9a416b5 119 void *user_data;
eec8d2bc
JH		 120};
121
ca69b795
JH		 122/* HCI to MGMT error code conversion table */
123static u8 mgmt_status_table[] = {
124 MGMT_STATUS_SUCCESS,
125 MGMT_STATUS_UNKNOWN_COMMAND, /* Unknown Command */
126 MGMT_STATUS_NOT_CONNECTED, /* No Connection */
127 MGMT_STATUS_FAILED, /* Hardware Failure */
128 MGMT_STATUS_CONNECT_FAILED, /* Page Timeout */
129 MGMT_STATUS_AUTH_FAILED, /* Authentication Failed */
130 MGMT_STATUS_NOT_PAIRED, /* PIN or Key Missing */
131 MGMT_STATUS_NO_RESOURCES, /* Memory Full */
132 MGMT_STATUS_TIMEOUT, /* Connection Timeout */
133 MGMT_STATUS_NO_RESOURCES, /* Max Number of Connections */
134 MGMT_STATUS_NO_RESOURCES, /* Max Number of SCO Connections */
135 MGMT_STATUS_ALREADY_CONNECTED, /* ACL Connection Exists */
136 MGMT_STATUS_BUSY, /* Command Disallowed */
137 MGMT_STATUS_NO_RESOURCES, /* Rejected Limited Resources */
138 MGMT_STATUS_REJECTED, /* Rejected Security */
139 MGMT_STATUS_REJECTED, /* Rejected Personal */
140 MGMT_STATUS_TIMEOUT, /* Host Timeout */
141 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Feature */
142 MGMT_STATUS_INVALID_PARAMS, /* Invalid Parameters */
143 MGMT_STATUS_DISCONNECTED, /* OE User Ended Connection */
144 MGMT_STATUS_NO_RESOURCES, /* OE Low Resources */
145 MGMT_STATUS_DISCONNECTED, /* OE Power Off */
146 MGMT_STATUS_DISCONNECTED, /* Connection Terminated */
147 MGMT_STATUS_BUSY, /* Repeated Attempts */
148 MGMT_STATUS_REJECTED, /* Pairing Not Allowed */
149 MGMT_STATUS_FAILED, /* Unknown LMP PDU */
150 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Remote Feature */
151 MGMT_STATUS_REJECTED, /* SCO Offset Rejected */
152 MGMT_STATUS_REJECTED, /* SCO Interval Rejected */
153 MGMT_STATUS_REJECTED, /* Air Mode Rejected */
154 MGMT_STATUS_INVALID_PARAMS, /* Invalid LMP Parameters */
155 MGMT_STATUS_FAILED, /* Unspecified Error */
156 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported LMP Parameter Value */
157 MGMT_STATUS_FAILED, /* Role Change Not Allowed */
158 MGMT_STATUS_TIMEOUT, /* LMP Response Timeout */
159 MGMT_STATUS_FAILED, /* LMP Error Transaction Collision */
160 MGMT_STATUS_FAILED, /* LMP PDU Not Allowed */
161 MGMT_STATUS_REJECTED, /* Encryption Mode Not Accepted */
162 MGMT_STATUS_FAILED, /* Unit Link Key Used */
163 MGMT_STATUS_NOT_SUPPORTED, /* QoS Not Supported */
164 MGMT_STATUS_TIMEOUT, /* Instant Passed */
165 MGMT_STATUS_NOT_SUPPORTED, /* Pairing Not Supported */
166 MGMT_STATUS_FAILED, /* Transaction Collision */
167 MGMT_STATUS_INVALID_PARAMS, /* Unacceptable Parameter */
168 MGMT_STATUS_REJECTED, /* QoS Rejected */
169 MGMT_STATUS_NOT_SUPPORTED, /* Classification Not Supported */
170 MGMT_STATUS_REJECTED, /* Insufficient Security */
171 MGMT_STATUS_INVALID_PARAMS, /* Parameter Out Of Range */
172 MGMT_STATUS_BUSY, /* Role Switch Pending */
173 MGMT_STATUS_FAILED, /* Slot Violation */
174 MGMT_STATUS_FAILED, /* Role Switch Failed */
175 MGMT_STATUS_INVALID_PARAMS, /* EIR Too Large */
176 MGMT_STATUS_NOT_SUPPORTED, /* Simple Pairing Not Supported */
177 MGMT_STATUS_BUSY, /* Host Busy Pairing */
178 MGMT_STATUS_REJECTED, /* Rejected, No Suitable Channel */
179 MGMT_STATUS_BUSY, /* Controller Busy */
180 MGMT_STATUS_INVALID_PARAMS, /* Unsuitable Connection Interval */
181 MGMT_STATUS_TIMEOUT, /* Directed Advertising Timeout */
182 MGMT_STATUS_AUTH_FAILED, /* Terminated Due to MIC Failure */
183 MGMT_STATUS_CONNECT_FAILED, /* Connection Establishment Failed */
184 MGMT_STATUS_CONNECT_FAILED, /* MAC Connection Failed */
185};
186
187static u8 mgmt_status(u8 hci_status)
188{
189 if (hci_status < ARRAY_SIZE(mgmt_status_table))
190 return mgmt_status_table[hci_status];
191
192 return MGMT_STATUS_FAILED;
193}
194
4e51eae9 195static int cmd_status(struct sock *sk, u16 index, u16 cmd, u8 status)
f7b64e69
JH		 196{
197 struct sk_buff *skb;
198 struct mgmt_hdr *hdr;
199 struct mgmt_ev_cmd_status *ev;
56b7d137 200 int err;
f7b64e69 201
34eb525c 202 BT_DBG("sock %p, index %u, cmd %u, status %u", sk, index, cmd, status);
f7b64e69 203
790eff44 204 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev), GFP_KERNEL);
f7b64e69
JH		 205 if (!skb)
206 return -ENOMEM;
207
208 hdr = (void *) skb_put(skb, sizeof(*hdr));
209
612dfce9 210 hdr->opcode = __constant_cpu_to_le16(MGMT_EV_CMD_STATUS);
4e51eae9 211 hdr->index = cpu_to_le16(index);
f7b64e69
JH		 212 hdr->len = cpu_to_le16(sizeof(*ev));
213
214 ev = (void *) skb_put(skb, sizeof(*ev));
215 ev->status = status;
eb55ef07 216 ev->opcode = cpu_to_le16(cmd);
f7b64e69 217
56b7d137
GP		 218 err = sock_queue_rcv_skb(sk, skb);
219 if (err < 0)
f7b64e69
JH		 220 kfree_skb(skb);
221
56b7d137 222 return err;
f7b64e69
JH		 223}
224
aee9b218 225static int cmd_complete(struct sock *sk, u16 index, u16 cmd, u8 status,
04124681 226 void *rp, size_t rp_len)
02d98129
JH		 227{
228 struct sk_buff *skb;
229 struct mgmt_hdr *hdr;
230 struct mgmt_ev_cmd_complete *ev;
56b7d137 231 int err;
02d98129
JH		 232
233 BT_DBG("sock %p", sk);
234
790eff44 235 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev) + rp_len, GFP_KERNEL);
02d98129
JH		 236 if (!skb)
237 return -ENOMEM;
238
239 hdr = (void *) skb_put(skb, sizeof(*hdr));
02d98129 240
612dfce9 241 hdr->opcode = __constant_cpu_to_le16(MGMT_EV_CMD_COMPLETE);
4e51eae9 242 hdr->index = cpu_to_le16(index);
a38528f1 243 hdr->len = cpu_to_le16(sizeof(*ev) + rp_len);
02d98129 244
a38528f1 245 ev = (void *) skb_put(skb, sizeof(*ev) + rp_len);
eb55ef07 246 ev->opcode = cpu_to_le16(cmd);
aee9b218 247 ev->status = status;
8020c16a
SJ		 248
249 if (rp)
250 memcpy(ev->data, rp, rp_len);
02d98129 251
56b7d137
GP		 252 err = sock_queue_rcv_skb(sk, skb);
253 if (err < 0)
02d98129
JH		 254 kfree_skb(skb);
255
e5f0e151 256 return err;
02d98129
JH		 257}
258
04124681
GP		 259static int read_version(struct sock *sk, struct hci_dev *hdev, void *data,
260 u16 data_len)
a38528f1
JH		 261{
262 struct mgmt_rp_read_version rp;
263
264 BT_DBG("sock %p", sk);
265
266 rp.version = MGMT_VERSION;
eb55ef07 267 rp.revision = __constant_cpu_to_le16(MGMT_REVISION);
a38528f1 268
aee9b218 269 return cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_VERSION, 0, &rp,
04124681 270 sizeof(rp));
a38528f1
JH		 271}
272
04124681
GP		 273static int read_commands(struct sock *sk, struct hci_dev *hdev, void *data,
274 u16 data_len)
e70bb2e8
JH		 275{
276 struct mgmt_rp_read_commands *rp;
eb55ef07
MH		 277 const u16 num_commands = ARRAY_SIZE(mgmt_commands);
278 const u16 num_events = ARRAY_SIZE(mgmt_events);
2e3c35ea 279 __le16 *opcode;
e70bb2e8
JH		 280 size_t rp_size;
281 int i, err;
282
283 BT_DBG("sock %p", sk);
284
285 rp_size = sizeof(*rp) + ((num_commands + num_events) * sizeof(u16));
286
287 rp = kmalloc(rp_size, GFP_KERNEL);
288 if (!rp)
289 return -ENOMEM;
290
eb55ef07
MH		 291 rp->num_commands = __constant_cpu_to_le16(num_commands);
292 rp->num_events = __constant_cpu_to_le16(num_events);
e70bb2e8
JH		 293
294 for (i = 0, opcode = rp->opcodes; i < num_commands; i++, opcode++)
295 put_unaligned_le16(mgmt_commands[i], opcode);
296
297 for (i = 0; i < num_events; i++, opcode++)
298 put_unaligned_le16(mgmt_events[i], opcode);
299
aee9b218 300 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_COMMANDS, 0, rp,
04124681 301 rp_size);
e70bb2e8
JH		 302 kfree(rp);
303
304 return err;
305}
306
04124681
GP		 307static int read_index_list(struct sock *sk, struct hci_dev *hdev, void *data,
308 u16 data_len)
faba42eb 309{
faba42eb 310 struct mgmt_rp_read_index_list *rp;
8035ded4 311 struct hci_dev *d;
a38528f1 312 size_t rp_len;
faba42eb 313 u16 count;
476e44cb 314 int err;
faba42eb
JH		 315
316 BT_DBG("sock %p", sk);
317
318 read_lock(&hci_dev_list_lock);
319
320 count = 0;
bb4b2a9a 321 list_for_each_entry(d, &hci_dev_list, list) {
1514b892
MH		 322 if (d->dev_type == HCI_BREDR)
323 count++;
faba42eb
JH		 324 }
325
a38528f1
JH		 326 rp_len = sizeof(*rp) + (2 * count);
327 rp = kmalloc(rp_len, GFP_ATOMIC);
328 if (!rp) {
b2c60d42 329 read_unlock(&hci_dev_list_lock);
faba42eb 330 return -ENOMEM;
b2c60d42 331 }
faba42eb 332
476e44cb 333 count = 0;
8035ded4 334 list_for_each_entry(d, &hci_dev_list, list) {
a8b2d5c2 335 if (test_bit(HCI_SETUP, &d->dev_flags))
ab81cbf9
JH		 336 continue;
337
0736cfa8
MH		 338 if (test_bit(HCI_USER_CHANNEL, &d->dev_flags))
339 continue;
340
1514b892
MH		 341 if (d->dev_type == HCI_BREDR) {
342 rp->index[count++] = cpu_to_le16(d->id);
343 BT_DBG("Added hci%u", d->id);
344 }
faba42eb
JH		 345 }
346
476e44cb
JH		 347 rp->num_controllers = cpu_to_le16(count);
348 rp_len = sizeof(*rp) + (2 * count);
349
faba42eb
JH		 350 read_unlock(&hci_dev_list_lock);
351
aee9b218 352 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_INDEX_LIST, 0, rp,
04124681 353 rp_len);
faba42eb 354
a38528f1
JH		 355 kfree(rp);
356
357 return err;
faba42eb
JH		 358}
359
69ab39ea
JH		 360static u32 get_supported_settings(struct hci_dev *hdev)
361{
362 u32 settings = 0;
363
364 settings |= MGMT_SETTING_POWERED;
69ab39ea
JH		 365 settings |= MGMT_SETTING_PAIRABLE;
366
ed3fa31f 367 if (lmp_bredr_capable(hdev)) {
33c525c0 368 settings |= MGMT_SETTING_CONNECTABLE;
1a47aee8
JH		 369 if (hdev->hci_ver >= BLUETOOTH_VER_1_2)
370 settings |= MGMT_SETTING_FAST_CONNECTABLE;
33c525c0 371 settings |= MGMT_SETTING_DISCOVERABLE;
69ab39ea
JH		 372 settings |= MGMT_SETTING_BREDR;
373 settings |= MGMT_SETTING_LINK_SECURITY;
a82974c9
MH		 374
375 if (lmp_ssp_capable(hdev)) {
376 settings |= MGMT_SETTING_SSP;
377 settings |= MGMT_SETTING_HS;
378 }
848566b3 379 }
d7b7e796 380
eeca6f89 381 if (lmp_le_capable(hdev)) {
9d42820f 382 settings |= MGMT_SETTING_LE;
eeca6f89
JH		 383 settings |= MGMT_SETTING_ADVERTISING;
384 }
69ab39ea
JH		 385
386 return settings;
387}
388
389static u32 get_current_settings(struct hci_dev *hdev)
390{
391 u32 settings = 0;
392
f1f0eb02 393 if (hdev_is_powered(hdev))
f0d4b78a
MH		 394 settings |= MGMT_SETTING_POWERED;
395
5e5282bb 396 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
69ab39ea
JH		 397 settings |= MGMT_SETTING_CONNECTABLE;
398
1a4d3c4b
JH		 399 if (test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags))
400 settings |= MGMT_SETTING_FAST_CONNECTABLE;
401
5e5282bb 402 if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
69ab39ea
JH		 403 settings |= MGMT_SETTING_DISCOVERABLE;
404
a8b2d5c2 405 if (test_bit(HCI_PAIRABLE, &hdev->dev_flags))
69ab39ea
JH		 406 settings |= MGMT_SETTING_PAIRABLE;
407
56f87901 408 if (test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
69ab39ea
JH		 409 settings |= MGMT_SETTING_BREDR;
410
06199cf8 411 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
69ab39ea
JH		 412 settings |= MGMT_SETTING_LE;
413
47990ea0 414 if (test_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
69ab39ea
JH		 415 settings |= MGMT_SETTING_LINK_SECURITY;
416
84bde9d6 417 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
69ab39ea
JH		 418 settings |= MGMT_SETTING_SSP;
419
6d80dfd0
JH		 420 if (test_bit(HCI_HS_ENABLED, &hdev->dev_flags))
421 settings |= MGMT_SETTING_HS;
422
f3d3444a 423 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags))
eeca6f89
JH		 424 settings |= MGMT_SETTING_ADVERTISING;
425
69ab39ea
JH		 426 return settings;
427}
428
ef580372
JH		 429#define PNP_INFO_SVCLASS_ID 0x1200
430
213202ed
JH		 431static u8 *create_uuid16_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
432{
433 u8 *ptr = data, *uuids_start = NULL;
434 struct bt_uuid *uuid;
435
436 if (len < 4)
437 return ptr;
438
439 list_for_each_entry(uuid, &hdev->uuids, list) {
440 u16 uuid16;
441
442 if (uuid->size != 16)
443 continue;
444
445 uuid16 = get_unaligned_le16(&uuid->uuid[12]);
446 if (uuid16 < 0x1100)
447 continue;
448
449 if (uuid16 == PNP_INFO_SVCLASS_ID)
450 continue;
451
452 if (!uuids_start) {
453 uuids_start = ptr;
454 uuids_start[0] = 1;
455 uuids_start[1] = EIR_UUID16_ALL;
456 ptr += 2;
457 }
458
459 /* Stop if not enough space to put next UUID */
460 if ((ptr - data) + sizeof(u16) > len) {
461 uuids_start[1] = EIR_UUID16_SOME;
462 break;
463 }
464
465 *ptr++ = (uuid16 & 0x00ff);
466 *ptr++ = (uuid16 & 0xff00) >> 8;
467 uuids_start[0] += sizeof(uuid16);
468 }
469
470 return ptr;
471}
472
cdf1963f
JH		 473static u8 *create_uuid32_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
474{
475 u8 *ptr = data, *uuids_start = NULL;
476 struct bt_uuid *uuid;
477
478 if (len < 6)
479 return ptr;
480
481 list_for_each_entry(uuid, &hdev->uuids, list) {
482 if (uuid->size != 32)
483 continue;
484
485 if (!uuids_start) {
486 uuids_start = ptr;
487 uuids_start[0] = 1;
488 uuids_start[1] = EIR_UUID32_ALL;
489 ptr += 2;
490 }
491
492 /* Stop if not enough space to put next UUID */
493 if ((ptr - data) + sizeof(u32) > len) {
494 uuids_start[1] = EIR_UUID32_SOME;
495 break;
496 }
497
498 memcpy(ptr, &uuid->uuid[12], sizeof(u32));
499 ptr += sizeof(u32);
500 uuids_start[0] += sizeof(u32);
501 }
502
503 return ptr;
504}
505
c00d575b
JH		 506static u8 *create_uuid128_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
507{
508 u8 *ptr = data, *uuids_start = NULL;
509 struct bt_uuid *uuid;
510
511 if (len < 18)
512 return ptr;
513
514 list_for_each_entry(uuid, &hdev->uuids, list) {
515 if (uuid->size != 128)
516 continue;
517
518 if (!uuids_start) {
519 uuids_start = ptr;
520 uuids_start[0] = 1;
521 uuids_start[1] = EIR_UUID128_ALL;
522 ptr += 2;
523 }
524
525 /* Stop if not enough space to put next UUID */
526 if ((ptr - data) + 16 > len) {
527 uuids_start[1] = EIR_UUID128_SOME;
528 break;
529 }
530
531 memcpy(ptr, uuid->uuid, 16);
532 ptr += 16;
533 uuids_start[0] += 16;
534 }
535
536 return ptr;
537}
538
ef580372
JH		 539static void create_eir(struct hci_dev *hdev, u8 *data)
540{
541 u8 *ptr = data;
ef580372
JH		 542 size_t name_len;
543
544 name_len = strlen(hdev->dev_name);
545
546 if (name_len > 0) {
547 /* EIR Data type */
548 if (name_len > 48) {
549 name_len = 48;
550 ptr[1] = EIR_NAME_SHORT;
551 } else
552 ptr[1] = EIR_NAME_COMPLETE;
553
554 /* EIR Data length */
555 ptr[0] = name_len + 1;
556
557 memcpy(ptr + 2, hdev->dev_name, name_len);
558
ef580372
JH		 559 ptr += (name_len + 2);
560 }
561
bbaf444a 562 if (hdev->inq_tx_power != HCI_TX_POWER_INVALID) {
91c4e9b1
MH		 563 ptr[0] = 2;
564 ptr[1] = EIR_TX_POWER;
565 ptr[2] = (u8) hdev->inq_tx_power;
566
91c4e9b1
MH		 567 ptr += 3;
568 }
569
2b9be137
MH		 570 if (hdev->devid_source > 0) {
571 ptr[0] = 9;
572 ptr[1] = EIR_DEVICE_ID;
573
574 put_unaligned_le16(hdev->devid_source, ptr + 2);
575 put_unaligned_le16(hdev->devid_vendor, ptr + 4);
576 put_unaligned_le16(hdev->devid_product, ptr + 6);
577 put_unaligned_le16(hdev->devid_version, ptr + 8);
578
2b9be137
MH		 579 ptr += 10;
580 }
581
213202ed 582 ptr = create_uuid16_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
cdf1963f 583 ptr = create_uuid32_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
c00d575b 584 ptr = create_uuid128_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
ef580372
JH		 585}
586
890ea898 587static void update_eir(struct hci_request *req)
ef580372 588{
890ea898 589 struct hci_dev *hdev = req->hdev;
ef580372
JH		 590 struct hci_cp_write_eir cp;
591
504c8dcd 592 if (!hdev_is_powered(hdev))
890ea898 593 return;
7770c4aa 594
976eb20e 595 if (!lmp_ext_inq_capable(hdev))
890ea898 596 return;
ef580372 597
84bde9d6 598 if (!test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
890ea898 599 return;
ef580372 600
a8b2d5c2 601 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
890ea898 602 return;
ef580372
JH		 603
604 memset(&cp, 0, sizeof(cp));
605
606 create_eir(hdev, cp.data);
607
608 if (memcmp(cp.data, hdev->eir, sizeof(cp.data)) == 0)
890ea898 609 return;
ef580372
JH		 610
611 memcpy(hdev->eir, cp.data, sizeof(cp.data));
612
890ea898 613 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
ef580372
JH		 614}
615
616static u8 get_service_classes(struct hci_dev *hdev)
617{
618 struct bt_uuid *uuid;
619 u8 val = 0;
620
621 list_for_each_entry(uuid, &hdev->uuids, list)
622 val |= uuid->svc_hint;
623
624 return val;
625}
626
890ea898 627static void update_class(struct hci_request *req)
ef580372 628{
890ea898 629 struct hci_dev *hdev = req->hdev;
ef580372
JH		 630 u8 cod[3];
631
632 BT_DBG("%s", hdev->name);
633
504c8dcd 634 if (!hdev_is_powered(hdev))
890ea898 635 return;
7770c4aa 636
a8b2d5c2 637 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
890ea898 638 return;
ef580372
JH		 639
640 cod[0] = hdev->minor_class;
641 cod[1] = hdev->major_class;
642 cod[2] = get_service_classes(hdev);
643
644 if (memcmp(cod, hdev->dev_class, 3) == 0)
890ea898 645 return;
ef580372 646
890ea898 647 hci_req_add(req, HCI_OP_WRITE_CLASS_OF_DEV, sizeof(cod), cod);
ef580372
JH		 648}
649
7d78525d
JH		 650static void service_cache_off(struct work_struct *work)
651{
652 struct hci_dev *hdev = container_of(work, struct hci_dev,
04124681 653 service_cache.work);
890ea898 654 struct hci_request req;
7d78525d 655
a8b2d5c2 656 if (!test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
7d78525d
JH		 657 return;
658
890ea898
JH		 659 hci_req_init(&req, hdev);
660
7d78525d
JH		 661 hci_dev_lock(hdev);
662
890ea898
JH		 663 update_eir(&req);
664 update_class(&req);
7d78525d
JH		 665
666 hci_dev_unlock(hdev);
890ea898
JH		 667
668 hci_req_run(&req, NULL);
7d78525d
JH		 669}
670
6a919082 671static void mgmt_init_hdev(struct sock *sk, struct hci_dev *hdev)
7d78525d 672{
4f87da80 673 if (test_and_set_bit(HCI_MGMT, &hdev->dev_flags))
6a919082
JH		 674 return;
675
4f87da80 676 INIT_DELAYED_WORK(&hdev->service_cache, service_cache_off);
7d78525d 677
4f87da80
JH		 678 /* Non-mgmt controlled devices get this bit set
679 * implicitly so that pairing works for them, however
680 * for mgmt we require user-space to explicitly enable
681 * it
682 */
683 clear_bit(HCI_PAIRABLE, &hdev->dev_flags);
7d78525d
JH		 684}
685
0f4e68cf 686static int read_controller_info(struct sock *sk, struct hci_dev *hdev,
04124681 687 void *data, u16 data_len)
0381101f 688{
a38528f1 689 struct mgmt_rp_read_info rp;
f7b64e69 690
bdb6d971 691 BT_DBG("sock %p %s", sk, hdev->name);
f7b64e69 692
09fd0de5 693 hci_dev_lock(hdev);
f7b64e69 694
dc4fe30b
JH		 695 memset(&rp, 0, sizeof(rp));
696
69ab39ea 697 bacpy(&rp.bdaddr, &hdev->bdaddr);
f7b64e69 698
69ab39ea 699 rp.version = hdev->hci_ver;
eb55ef07 700 rp.manufacturer = cpu_to_le16(hdev->manufacturer);
69ab39ea
JH		 701
702 rp.supported_settings = cpu_to_le32(get_supported_settings(hdev));
703 rp.current_settings = cpu_to_le32(get_current_settings(hdev));
f7b64e69 704
a38528f1 705 memcpy(rp.dev_class, hdev->dev_class, 3);
f7b64e69 706
dc4fe30b 707 memcpy(rp.name, hdev->dev_name, sizeof(hdev->dev_name));
27fcc362 708 memcpy(rp.short_name, hdev->short_name, sizeof(hdev->short_name));
dc4fe30b 709
09fd0de5 710 hci_dev_unlock(hdev);
0381101f 711
bdb6d971 712 return cmd_complete(sk, hdev->id, MGMT_OP_READ_INFO, 0, &rp,
04124681 713 sizeof(rp));
0381101f
JH		 714}
715
eec8d2bc
JH		 716static void mgmt_pending_free(struct pending_cmd *cmd)
717{
718 sock_put(cmd->sk);
c68fb7ff 719 kfree(cmd->param);
eec8d2bc
JH		 720 kfree(cmd);
721}
722
366a0336 723static struct pending_cmd *mgmt_pending_add(struct sock *sk, u16 opcode,
04124681
GP		 724 struct hci_dev *hdev, void *data,
725 u16 len)
eec8d2bc
JH		 726{
727 struct pending_cmd *cmd;
728
12b94565 729 cmd = kmalloc(sizeof(*cmd), GFP_KERNEL);
eec8d2bc 730 if (!cmd)
366a0336 731 return NULL;
eec8d2bc
JH		 732
733 cmd->opcode = opcode;
2e58ef3e 734 cmd->index = hdev->id;
eec8d2bc 735
12b94565 736 cmd->param = kmalloc(len, GFP_KERNEL);
c68fb7ff 737 if (!cmd->param) {
eec8d2bc 738 kfree(cmd);
366a0336 739 return NULL;
eec8d2bc
JH		 740 }
741
8fce6357
SJ		 742 if (data)
743 memcpy(cmd->param, data, len);
eec8d2bc
JH		 744
745 cmd->sk = sk;
746 sock_hold(sk);
747
2e58ef3e 748 list_add(&cmd->list, &hdev->mgmt_pending);
eec8d2bc 749
366a0336 750 return cmd;
eec8d2bc
JH		 751}
752
744cf19e 753static void mgmt_pending_foreach(u16 opcode, struct hci_dev *hdev,
8fc9ced3
GP		 754 void (*cb)(struct pending_cmd *cmd,
755 void *data),
04124681 756 void *data)
eec8d2bc 757{
a3d09356 758 struct pending_cmd *cmd, *tmp;
eec8d2bc 759
a3d09356 760 list_for_each_entry_safe(cmd, tmp, &hdev->mgmt_pending, list) {
b24752fe 761 if (opcode > 0 && cmd->opcode != opcode)
eec8d2bc
JH		 762 continue;
763
eec8d2bc
JH		 764 cb(cmd, data);
765 }
766}
767
2e58ef3e 768static struct pending_cmd *mgmt_pending_find(u16 opcode, struct hci_dev *hdev)
eec8d2bc 769{
8035ded4 770 struct pending_cmd *cmd;
eec8d2bc 771
2e58ef3e 772 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
2aeabcbe
JH		 773 if (cmd->opcode == opcode)
774 return cmd;
eec8d2bc
JH		 775 }
776
777 return NULL;
778}
779
a664b5bc 780static void mgmt_pending_remove(struct pending_cmd *cmd)
73f22f62 781{
73f22f62
JH		 782 list_del(&cmd->list);
783 mgmt_pending_free(cmd);
784}
785
69ab39ea 786static int send_settings_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
8680570b 787{
69ab39ea 788 __le32 settings = cpu_to_le32(get_current_settings(hdev));
8680570b 789
aee9b218 790 return cmd_complete(sk, hdev->id, opcode, 0, &settings,
04124681 791 sizeof(settings));
8680570b
JH		 792}
793
bdb6d971 794static int set_powered(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 795 u16 len)
eec8d2bc 796{
650f726d 797 struct mgmt_mode *cp = data;
366a0336 798 struct pending_cmd *cmd;
4b34ee78 799 int err;
eec8d2bc 800
bdb6d971 801 BT_DBG("request for %s", hdev->name);
eec8d2bc 802
a7e80f25
JH		 803 if (cp->val != 0x00 && cp->val != 0x01)
804 return cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
805 MGMT_STATUS_INVALID_PARAMS);
806
09fd0de5 807 hci_dev_lock(hdev);
eec8d2bc 808
87b95ba6
JH		 809 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev)) {
810 err = cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
811 MGMT_STATUS_BUSY);
812 goto failed;
813 }
814
f0d4b78a
MH		 815 if (test_and_clear_bit(HCI_AUTO_OFF, &hdev->dev_flags)) {
816 cancel_delayed_work(&hdev->power_off);
817
818 if (cp->val) {
a1d70450
JH		 819 mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev,
820 data, len);
821 err = mgmt_powered(hdev, 1);
f0d4b78a
MH		 822 goto failed;
823 }
824 }
825
4b34ee78 826 if (!!cp->val == hdev_is_powered(hdev)) {
69ab39ea 827 err = send_settings_rsp(sk, MGMT_OP_SET_POWERED, hdev);
eec8d2bc
JH		 828 goto failed;
829 }
830
2e58ef3e 831 cmd = mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev, data, len);
366a0336
JH		 832 if (!cmd) {
833 err = -ENOMEM;
eec8d2bc 834 goto failed;
366a0336 835 }
eec8d2bc 836
72a734ec 837 if (cp->val)
19202573 838 queue_work(hdev->req_workqueue, &hdev->power_on);
eec8d2bc 839 else
19202573 840 queue_work(hdev->req_workqueue, &hdev->power_off.work);
eec8d2bc 841
366a0336 842 err = 0;
eec8d2bc
JH		 843
844failed:
09fd0de5 845 hci_dev_unlock(hdev);
366a0336 846 return err;
eec8d2bc
JH		 847}
848
04124681
GP		 849static int mgmt_event(u16 event, struct hci_dev *hdev, void *data, u16 data_len,
850 struct sock *skip_sk)
beadb2bd
JH		 851{
852 struct sk_buff *skb;
853 struct mgmt_hdr *hdr;
854
790eff44 855 skb = alloc_skb(sizeof(*hdr) + data_len, GFP_KERNEL);
beadb2bd
JH		 856 if (!skb)
857 return -ENOMEM;
858
859 hdr = (void *) skb_put(skb, sizeof(*hdr));
860 hdr->opcode = cpu_to_le16(event);
861 if (hdev)
862 hdr->index = cpu_to_le16(hdev->id);
863 else
612dfce9 864 hdr->index = __constant_cpu_to_le16(MGMT_INDEX_NONE);
beadb2bd
JH		 865 hdr->len = cpu_to_le16(data_len);
866
867 if (data)
868 memcpy(skb_put(skb, data_len), data, data_len);
869
97e0bdeb
MH		 870 /* Time stamp */
871 __net_timestamp(skb);
872
beadb2bd
JH		 873 hci_send_to_control(skb, skip_sk);
874 kfree_skb(skb);
875
876 return 0;
877}
878
879static int new_settings(struct hci_dev *hdev, struct sock *skip)
880{
881 __le32 ev;
882
883 ev = cpu_to_le32(get_current_settings(hdev));
884
885 return mgmt_event(MGMT_EV_NEW_SETTINGS, hdev, &ev, sizeof(ev), skip);
886}
887
bd99abdd
JH		 888struct cmd_lookup {
889 struct sock *sk;
890 struct hci_dev *hdev;
891 u8 mgmt_status;
892};
893
894static void settings_rsp(struct pending_cmd *cmd, void *data)
895{
896 struct cmd_lookup *match = data;
897
898 send_settings_rsp(cmd->sk, cmd->opcode, match->hdev);
899
900 list_del(&cmd->list);
901
902 if (match->sk == NULL) {
903 match->sk = cmd->sk;
904 sock_hold(match->sk);
905 }
906
907 mgmt_pending_free(cmd);
908}
909
910static void cmd_status_rsp(struct pending_cmd *cmd, void *data)
911{
912 u8 *status = data;
913
914 cmd_status(cmd->sk, cmd->index, cmd->opcode, *status);
915 mgmt_pending_remove(cmd);
916}
917
e6fe7986
JH		 918static u8 mgmt_bredr_support(struct hci_dev *hdev)
919{
920 if (!lmp_bredr_capable(hdev))
921 return MGMT_STATUS_NOT_SUPPORTED;
922 else if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
923 return MGMT_STATUS_REJECTED;
924 else
925 return MGMT_STATUS_SUCCESS;
926}
927
928static u8 mgmt_le_support(struct hci_dev *hdev)
929{
930 if (!lmp_le_capable(hdev))
931 return MGMT_STATUS_NOT_SUPPORTED;
932 else if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
933 return MGMT_STATUS_REJECTED;
934 else
935 return MGMT_STATUS_SUCCESS;
936}
937
bdb6d971 938static int set_discoverable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 939 u16 len)
73f22f62 940{
650f726d 941 struct mgmt_cp_set_discoverable *cp = data;
366a0336 942 struct pending_cmd *cmd;
5e5282bb 943 u16 timeout;
e6fe7986 944 u8 scan, status;
73f22f62
JH		 945 int err;
946
bdb6d971 947 BT_DBG("request for %s", hdev->name);
73f22f62 948
e6fe7986
JH		 949 status = mgmt_bredr_support(hdev);
950 if (status)
33c525c0 951 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
e6fe7986 952 status);
33c525c0 953
a7e80f25
JH		 954 if (cp->val != 0x00 && cp->val != 0x01)
955 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
956 MGMT_STATUS_INVALID_PARAMS);
957
1f350c87 958 timeout = __le16_to_cpu(cp->timeout);
24c54a90 959 if (!cp->val && timeout > 0)
bdb6d971 960 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 961 MGMT_STATUS_INVALID_PARAMS);
73f22f62 962
09fd0de5 963 hci_dev_lock(hdev);
73f22f62 964
5e5282bb 965 if (!hdev_is_powered(hdev) && timeout > 0) {
bdb6d971 966 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 967 MGMT_STATUS_NOT_POWERED);
73f22f62
JH		 968 goto failed;
969 }
970
2e58ef3e 971 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
8ce8e2b5 972 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
bdb6d971 973 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 974 MGMT_STATUS_BUSY);
73f22f62
JH		 975 goto failed;
976 }
977
5e5282bb 978 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags)) {
bdb6d971 979 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 980 MGMT_STATUS_REJECTED);
5e5282bb
JH		 981 goto failed;
982 }
983
984 if (!hdev_is_powered(hdev)) {
0224d2fa
JH		 985 bool changed = false;
986
987 if (!!cp->val != test_bit(HCI_DISCOVERABLE, &hdev->dev_flags)) {
988 change_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
989 changed = true;
990 }
991
5e5282bb 992 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
0224d2fa
JH		 993 if (err < 0)
994 goto failed;
995
996 if (changed)
997 err = new_settings(hdev, sk);
998
5e5282bb
JH		 999 goto failed;
1000 }
1001
1002 if (!!cp->val == test_bit(HCI_DISCOVERABLE, &hdev->dev_flags)) {
955638ec
MH		 1003 if (hdev->discov_timeout > 0) {
1004 cancel_delayed_work(&hdev->discov_off);
1005 hdev->discov_timeout = 0;
1006 }
1007
1008 if (cp->val && timeout > 0) {
1009 hdev->discov_timeout = timeout;
1010 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
1011 msecs_to_jiffies(hdev->discov_timeout * 1000));
1012 }
1013
69ab39ea 1014 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
73f22f62
JH		 1015 goto failed;
1016 }
1017
2e58ef3e 1018 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DISCOVERABLE, hdev, data, len);
366a0336
JH		 1019 if (!cmd) {
1020 err = -ENOMEM;
73f22f62 1021 goto failed;
366a0336 1022 }
73f22f62
JH		 1023
1024 scan = SCAN_PAGE;
1025
72a734ec 1026 if (cp->val)
73f22f62 1027 scan |= SCAN_INQUIRY;
16ab91ab 1028 else
e0f9309f 1029 cancel_delayed_work(&hdev->discov_off);
73f22f62
JH		 1030
1031 err = hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1032 if (err < 0)
a664b5bc 1033 mgmt_pending_remove(cmd);
73f22f62 1034
16ab91ab 1035 if (cp->val)
5e5282bb 1036 hdev->discov_timeout = timeout;
16ab91ab 1037
73f22f62 1038failed:
09fd0de5 1039 hci_dev_unlock(hdev);
73f22f62
JH		 1040 return err;
1041}
1042
406d7804
JH		 1043static void write_fast_connectable(struct hci_request *req, bool enable)
1044{
bd98b996 1045 struct hci_dev *hdev = req->hdev;
406d7804
JH		 1046 struct hci_cp_write_page_scan_activity acp;
1047 u8 type;
1048
4c01f8b8
JH		 1049 if (hdev->hci_ver < BLUETOOTH_VER_1_2)
1050 return;
1051
406d7804
JH		 1052 if (enable) {
1053 type = PAGE_SCAN_TYPE_INTERLACED;
1054
1055 /* 160 msec page scan interval */
1056 acp.interval = __constant_cpu_to_le16(0x0100);
1057 } else {
1058 type = PAGE_SCAN_TYPE_STANDARD; /* default */
1059
1060 /* default 1.28 sec page scan */
1061 acp.interval = __constant_cpu_to_le16(0x0800);
1062 }
1063
1064 acp.window = __constant_cpu_to_le16(0x0012);
1065
bd98b996
JH		 1066 if (__cpu_to_le16(hdev->page_scan_interval) != acp.interval ||
1067 __cpu_to_le16(hdev->page_scan_window) != acp.window)
1068 hci_req_add(req, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY,
1069 sizeof(acp), &acp);
1070
1071 if (hdev->page_scan_type != type)
1072 hci_req_add(req, HCI_OP_WRITE_PAGE_SCAN_TYPE, 1, &type);
406d7804
JH		 1073}
1074
2b76f453
JH		 1075static void set_connectable_complete(struct hci_dev *hdev, u8 status)
1076{
1077 struct pending_cmd *cmd;
1078
1079 BT_DBG("status 0x%02x", status);
1080
1081 hci_dev_lock(hdev);
1082
1083 cmd = mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
1084 if (!cmd)
1085 goto unlock;
1086
1087 send_settings_rsp(cmd->sk, MGMT_OP_SET_CONNECTABLE, hdev);
1088
1089 mgmt_pending_remove(cmd);
1090
1091unlock:
1092 hci_dev_unlock(hdev);
1093}
1094
bdb6d971 1095static int set_connectable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1096 u16 len)
9fbcbb45 1097{
650f726d 1098 struct mgmt_mode *cp = data;
366a0336 1099 struct pending_cmd *cmd;
2b76f453 1100 struct hci_request req;
e6fe7986 1101 u8 scan, status;
9fbcbb45
JH		 1102 int err;
1103
bdb6d971 1104 BT_DBG("request for %s", hdev->name);
9fbcbb45 1105
e6fe7986
JH		 1106 status = mgmt_bredr_support(hdev);
1107 if (status)
33c525c0 1108 return cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
e6fe7986 1109 status);
33c525c0 1110
a7e80f25
JH		 1111 if (cp->val != 0x00 && cp->val != 0x01)
1112 return cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1113 MGMT_STATUS_INVALID_PARAMS);
1114
09fd0de5 1115 hci_dev_lock(hdev);
9fbcbb45 1116
4b34ee78 1117 if (!hdev_is_powered(hdev)) {
0224d2fa
JH		 1118 bool changed = false;
1119
1120 if (!!cp->val != test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
1121 changed = true;
1122
6bf0e469 1123 if (cp->val) {
5e5282bb 1124 set_bit(HCI_CONNECTABLE, &hdev->dev_flags);
6bf0e469 1125 } else {
5e5282bb
JH		 1126 clear_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1127 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
1128 }
0224d2fa 1129
5e5282bb 1130 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
0224d2fa
JH		 1131 if (err < 0)
1132 goto failed;
1133
1134 if (changed)
1135 err = new_settings(hdev, sk);
1136
9fbcbb45
JH		 1137 goto failed;
1138 }
1139
2e58ef3e 1140 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
8ce8e2b5 1141 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
bdb6d971 1142 err = cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
04124681 1143 MGMT_STATUS_BUSY);
9fbcbb45
JH		 1144 goto failed;
1145 }
1146
5e5282bb 1147 if (!!cp->val == test_bit(HCI_PSCAN, &hdev->flags)) {
69ab39ea 1148 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
9fbcbb45
JH		 1149 goto failed;
1150 }
1151
2e58ef3e 1152 cmd = mgmt_pending_add(sk, MGMT_OP_SET_CONNECTABLE, hdev, data, len);
366a0336
JH		 1153 if (!cmd) {
1154 err = -ENOMEM;
9fbcbb45 1155 goto failed;
366a0336 1156 }
9fbcbb45 1157
6bf0e469 1158 if (cp->val) {
9fbcbb45 1159 scan = SCAN_PAGE;
6bf0e469 1160 } else {
9fbcbb45
JH		 1161 scan = 0;
1162
df2c6c5e 1163 if (test_bit(HCI_ISCAN, &hdev->flags) &&
8ce8e2b5 1164 hdev->discov_timeout > 0)
df2c6c5e
JH		 1165 cancel_delayed_work(&hdev->discov_off);
1166 }
1167
2b76f453
JH		 1168 hci_req_init(&req, hdev);
1169
1170 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1171
4c01f8b8
JH		 1172 /* If we're going from non-connectable to connectable or
1173 * vice-versa when fast connectable is enabled ensure that fast
1174 * connectable gets disabled. write_fast_connectable won't do
1175 * anything if the page scan parameters are already what they
1176 * should be.
1177 */
1178 if (cp->val || test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags))
e36a3769
JH		 1179 write_fast_connectable(&req, false);
1180
2b76f453 1181 err = hci_req_run(&req, set_connectable_complete);
9fbcbb45 1182 if (err < 0)
a664b5bc 1183 mgmt_pending_remove(cmd);
9fbcbb45
JH		 1184
1185failed:
09fd0de5 1186 hci_dev_unlock(hdev);
9fbcbb45
JH		 1187 return err;
1188}
1189
bdb6d971 1190static int set_pairable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1191 u16 len)
c542a06c 1192{
650f726d 1193 struct mgmt_mode *cp = data;
55594356 1194 bool changed;
c542a06c
JH		 1195 int err;
1196
bdb6d971 1197 BT_DBG("request for %s", hdev->name);
c542a06c 1198
a7e80f25
JH		 1199 if (cp->val != 0x00 && cp->val != 0x01)
1200 return cmd_status(sk, hdev->id, MGMT_OP_SET_PAIRABLE,
1201 MGMT_STATUS_INVALID_PARAMS);
1202
09fd0de5 1203 hci_dev_lock(hdev);
c542a06c
JH		 1204
1205 if (cp->val)
55594356 1206 changed = !test_and_set_bit(HCI_PAIRABLE, &hdev->dev_flags);
c542a06c 1207 else
55594356 1208 changed = test_and_clear_bit(HCI_PAIRABLE, &hdev->dev_flags);
c542a06c 1209
69ab39ea 1210 err = send_settings_rsp(sk, MGMT_OP_SET_PAIRABLE, hdev);
c542a06c 1211 if (err < 0)
55594356 1212 goto unlock;
c542a06c 1213
55594356
MH		 1214 if (changed)
1215 err = new_settings(hdev, sk);
c542a06c 1216
55594356 1217unlock:
09fd0de5 1218 hci_dev_unlock(hdev);
c542a06c
JH		 1219 return err;
1220}
1221
04124681
GP		 1222static int set_link_security(struct sock *sk, struct hci_dev *hdev, void *data,
1223 u16 len)
33ef95ed
JH		 1224{
1225 struct mgmt_mode *cp = data;
1226 struct pending_cmd *cmd;
e6fe7986 1227 u8 val, status;
33ef95ed
JH		 1228 int err;
1229
bdb6d971 1230 BT_DBG("request for %s", hdev->name);
33ef95ed 1231
e6fe7986
JH		 1232 status = mgmt_bredr_support(hdev);
1233 if (status)
33c525c0 1234 return cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
e6fe7986 1235 status);
33c525c0 1236
a7e80f25
JH		 1237 if (cp->val != 0x00 && cp->val != 0x01)
1238 return cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1239 MGMT_STATUS_INVALID_PARAMS);
1240
33ef95ed
JH		 1241 hci_dev_lock(hdev);
1242
4b34ee78 1243 if (!hdev_is_powered(hdev)) {
47990ea0
JH		 1244 bool changed = false;
1245
1246 if (!!cp->val != test_bit(HCI_LINK_SECURITY,
8ce8e2b5 1247 &hdev->dev_flags)) {
47990ea0
JH		 1248 change_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
1249 changed = true;
1250 }
1251
1252 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1253 if (err < 0)
1254 goto failed;
1255
1256 if (changed)
1257 err = new_settings(hdev, sk);
1258
33ef95ed
JH		 1259 goto failed;
1260 }
1261
1262 if (mgmt_pending_find(MGMT_OP_SET_LINK_SECURITY, hdev)) {
bdb6d971 1263 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
04124681 1264 MGMT_STATUS_BUSY);
33ef95ed
JH		 1265 goto failed;
1266 }
1267
1268 val = !!cp->val;
1269
1270 if (test_bit(HCI_AUTH, &hdev->flags) == val) {
1271 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1272 goto failed;
1273 }
1274
1275 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LINK_SECURITY, hdev, data, len);
1276 if (!cmd) {
1277 err = -ENOMEM;
1278 goto failed;
1279 }
1280
1281 err = hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE, sizeof(val), &val);
1282 if (err < 0) {
1283 mgmt_pending_remove(cmd);
1284 goto failed;
1285 }
1286
1287failed:
1288 hci_dev_unlock(hdev);
33ef95ed
JH		 1289 return err;
1290}
1291
bdb6d971 1292static int set_ssp(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
ed2c4ee3
JH		 1293{
1294 struct mgmt_mode *cp = data;
1295 struct pending_cmd *cmd;
72ef0c1a 1296 u8 status;
ed2c4ee3
JH		 1297 int err;
1298
bdb6d971 1299 BT_DBG("request for %s", hdev->name);
ed2c4ee3 1300
cdba5281
MH		 1301 status = mgmt_bredr_support(hdev);
1302 if (status)
1303 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP, status);
1304
13ecd8b6
JH		 1305 if (!lmp_ssp_capable(hdev))
1306 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1307 MGMT_STATUS_NOT_SUPPORTED);
ed2c4ee3 1308
a7e80f25
JH		 1309 if (cp->val != 0x00 && cp->val != 0x01)
1310 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1311 MGMT_STATUS_INVALID_PARAMS);
1312
13ecd8b6 1313 hci_dev_lock(hdev);
6c8f12c1 1314
4b34ee78 1315 if (!hdev_is_powered(hdev)) {
9ecb3e24 1316 bool changed;
c0ecddc2 1317
9ecb3e24
MH		 1318 if (cp->val) {
1319 changed = !test_and_set_bit(HCI_SSP_ENABLED,
1320 &hdev->dev_flags);
1321 } else {
1322 changed = test_and_clear_bit(HCI_SSP_ENABLED,
1323 &hdev->dev_flags);
1324 if (!changed)
1325 changed = test_and_clear_bit(HCI_HS_ENABLED,
1326 &hdev->dev_flags);
1327 else
1328 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
c0ecddc2
JH		 1329 }
1330
1331 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1332 if (err < 0)
1333 goto failed;
1334
1335 if (changed)
1336 err = new_settings(hdev, sk);
1337
ed2c4ee3
JH		 1338 goto failed;
1339 }
1340
9ecb3e24
MH		 1341 if (mgmt_pending_find(MGMT_OP_SET_SSP, hdev) ||
1342 mgmt_pending_find(MGMT_OP_SET_HS, hdev)) {
d97dcb66
SJ		 1343 err = cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1344 MGMT_STATUS_BUSY);
ed2c4ee3
JH		 1345 goto failed;
1346 }
1347
72ef0c1a 1348 if (!!cp->val == test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) {
ed2c4ee3
JH		 1349 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1350 goto failed;
1351 }
1352
1353 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SSP, hdev, data, len);
1354 if (!cmd) {
1355 err = -ENOMEM;
1356 goto failed;
1357 }
1358
72ef0c1a 1359 err = hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, 1, &cp->val);
ed2c4ee3
JH		 1360 if (err < 0) {
1361 mgmt_pending_remove(cmd);
1362 goto failed;
1363 }
1364
1365failed:
1366 hci_dev_unlock(hdev);
ed2c4ee3
JH		 1367 return err;
1368}
1369
bdb6d971 1370static int set_hs(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
6d80dfd0
JH		 1371{
1372 struct mgmt_mode *cp = data;
ee392693 1373 bool changed;
e6fe7986 1374 u8 status;
ee392693 1375 int err;
6d80dfd0 1376
bdb6d971 1377 BT_DBG("request for %s", hdev->name);
6d80dfd0 1378
e6fe7986
JH		 1379 status = mgmt_bredr_support(hdev);
1380 if (status)
1381 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS, status);
6d80dfd0 1382
9ecb3e24
MH		 1383 if (!lmp_ssp_capable(hdev))
1384 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1385 MGMT_STATUS_NOT_SUPPORTED);
1386
1387 if (!test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
1388 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1389 MGMT_STATUS_REJECTED);
1390
a7e80f25
JH		 1391 if (cp->val != 0x00 && cp->val != 0x01)
1392 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1393 MGMT_STATUS_INVALID_PARAMS);
1394
ee392693
MH		 1395 hci_dev_lock(hdev);
1396
a0cdf960 1397 if (cp->val) {
ee392693 1398 changed = !test_and_set_bit(HCI_HS_ENABLED, &hdev->dev_flags);
a0cdf960
MH		 1399 } else {
1400 if (hdev_is_powered(hdev)) {
1401 err = cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1402 MGMT_STATUS_REJECTED);
1403 goto unlock;
1404 }
1405
ee392693 1406 changed = test_and_clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
a0cdf960 1407 }
ee392693
MH		 1408
1409 err = send_settings_rsp(sk, MGMT_OP_SET_HS, hdev);
1410 if (err < 0)
1411 goto unlock;
1412
1413 if (changed)
1414 err = new_settings(hdev, sk);
6d80dfd0 1415
ee392693
MH		 1416unlock:
1417 hci_dev_unlock(hdev);
1418 return err;
6d80dfd0
JH		 1419}
1420
bba3aa55
MH		 1421static void enable_advertising(struct hci_request *req)
1422{
b4faf300
MH		 1423 struct hci_dev *hdev = req->hdev;
1424 struct hci_cp_le_set_adv_param cp;
1425 u8 enable = 0x01;
1426
1427 memset(&cp, 0, sizeof(cp));
1428 cp.min_interval = __constant_cpu_to_le16(0x0800);
1429 cp.max_interval = __constant_cpu_to_le16(0x0800);
1430 cp.type = LE_ADV_IND;
1431 if (bacmp(&hdev->bdaddr, BDADDR_ANY))
1432 cp.own_address_type = ADDR_LE_DEV_PUBLIC;
1433 else
1434 cp.own_address_type = ADDR_LE_DEV_RANDOM;
1435 cp.channel_map = 0x07;
1436
1437 hci_req_add(req, HCI_OP_LE_SET_ADV_PARAM, sizeof(cp), &cp);
bba3aa55 1438
b4faf300 1439 hci_req_add(req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable), &enable);
bba3aa55
MH		 1440}
1441
1442static void disable_advertising(struct hci_request *req)
1443{
b4faf300 1444 u8 enable = 0x00;
bba3aa55 1445
b4faf300 1446 hci_req_add(req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable), &enable);
bba3aa55
MH		 1447}
1448
416a4ae5
JH		 1449static void le_enable_complete(struct hci_dev *hdev, u8 status)
1450{
1451 struct cmd_lookup match = { NULL, hdev };
1452
1453 if (status) {
1454 u8 mgmt_err = mgmt_status(status);
1455
1456 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, cmd_status_rsp,
1457 &mgmt_err);
1458 return;
1459 }
1460
1461 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, settings_rsp, &match);
1462
1463 new_settings(hdev, match.sk);
1464
1465 if (match.sk)
1466 sock_put(match.sk);
1467}
1468
bdb6d971 1469static int set_le(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
06199cf8
JH		 1470{
1471 struct mgmt_mode *cp = data;
1472 struct hci_cp_write_le_host_supported hci_cp;
1473 struct pending_cmd *cmd;
416a4ae5 1474 struct hci_request req;
06199cf8 1475 int err;
0b60eba1 1476 u8 val, enabled;
06199cf8 1477
bdb6d971 1478 BT_DBG("request for %s", hdev->name);
06199cf8 1479
13ecd8b6
JH		 1480 if (!lmp_le_capable(hdev))
1481 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1482 MGMT_STATUS_NOT_SUPPORTED);
1de028ce 1483
a7e80f25
JH		 1484 if (cp->val != 0x00 && cp->val != 0x01)
1485 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1486 MGMT_STATUS_INVALID_PARAMS);
1487
c73eee91 1488 /* LE-only devices do not allow toggling LE on/off */
56f87901 1489 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
c73eee91
JH		 1490 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1491 MGMT_STATUS_REJECTED);
1492
13ecd8b6 1493 hci_dev_lock(hdev);
06199cf8
JH		 1494
1495 val = !!cp->val;
ffa88e02 1496 enabled = lmp_host_le_capable(hdev);
06199cf8 1497
0b60eba1 1498 if (!hdev_is_powered(hdev) || val == enabled) {
06199cf8
JH		 1499 bool changed = false;
1500
1501 if (val != test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
1502 change_bit(HCI_LE_ENABLED, &hdev->dev_flags);
1503 changed = true;
1504 }
1505
f3d3444a
JH		 1506 if (!val && test_bit(HCI_ADVERTISING, &hdev->dev_flags)) {
1507 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
eeca6f89
JH		 1508 changed = true;
1509 }
1510
06199cf8
JH		 1511 err = send_settings_rsp(sk, MGMT_OP_SET_LE, hdev);
1512 if (err < 0)
1de028ce 1513 goto unlock;
06199cf8
JH		 1514
1515 if (changed)
1516 err = new_settings(hdev, sk);
1517
1de028ce 1518 goto unlock;
06199cf8
JH		 1519 }
1520
4375f103
JH		 1521 if (mgmt_pending_find(MGMT_OP_SET_LE, hdev) ||
1522 mgmt_pending_find(MGMT_OP_SET_ADVERTISING, hdev)) {
bdb6d971 1523 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
04124681 1524 MGMT_STATUS_BUSY);
1de028ce 1525 goto unlock;
06199cf8
JH		 1526 }
1527
1528 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LE, hdev, data, len);
1529 if (!cmd) {
1530 err = -ENOMEM;
1de028ce 1531 goto unlock;
06199cf8
JH		 1532 }
1533
1534 memset(&hci_cp, 0, sizeof(hci_cp));
1535
1536 if (val) {
1537 hci_cp.le = val;
ffa88e02 1538 hci_cp.simul = lmp_le_br_capable(hdev);
06199cf8
JH		 1539 }
1540
416a4ae5
JH		 1541 hci_req_init(&req, hdev);
1542
bba3aa55
MH		 1543 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags) && !val)
1544 disable_advertising(&req);
eeca6f89 1545
416a4ae5
JH		 1546 hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(hci_cp),
1547 &hci_cp);
1548
1549 err = hci_req_run(&req, le_enable_complete);
0c01bc48 1550 if (err < 0)
06199cf8 1551 mgmt_pending_remove(cmd);
06199cf8 1552
1de028ce
JH		 1553unlock:
1554 hci_dev_unlock(hdev);
06199cf8
JH		 1555 return err;
1556}
1557
0cab9c80
JH		 1558/* This is a helper function to test for pending mgmt commands that can
1559 * cause CoD or EIR HCI commands. We can only allow one such pending
1560 * mgmt command at a time since otherwise we cannot easily track what
1561 * the current values are, will be, and based on that calculate if a new
1562 * HCI command needs to be sent and if yes with what value.
1563 */
1564static bool pending_eir_or_class(struct hci_dev *hdev)
1565{
1566 struct pending_cmd *cmd;
1567
1568 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
1569 switch (cmd->opcode) {
1570 case MGMT_OP_ADD_UUID:
1571 case MGMT_OP_REMOVE_UUID:
1572 case MGMT_OP_SET_DEV_CLASS:
1573 case MGMT_OP_SET_POWERED:
1574 return true;
1575 }
1576 }
1577
1578 return false;
1579}
1580
83be8eca
JH		 1581static const u8 bluetooth_base_uuid[] = {
1582 0xfb, 0x34, 0x9b, 0x5f, 0x80, 0x00, 0x00, 0x80,
1583 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1584};
1585
1586static u8 get_uuid_size(const u8 *uuid)
1587{
1588 u32 val;
1589
1590 if (memcmp(uuid, bluetooth_base_uuid, 12))
1591 return 128;
1592
1593 val = get_unaligned_le32(&uuid[12]);
1594 if (val > 0xffff)
1595 return 32;
1596
1597 return 16;
1598}
1599
92da6097
JH		 1600static void mgmt_class_complete(struct hci_dev *hdev, u16 mgmt_op, u8 status)
1601{
1602 struct pending_cmd *cmd;
1603
1604 hci_dev_lock(hdev);
1605
1606 cmd = mgmt_pending_find(mgmt_op, hdev);
1607 if (!cmd)
1608 goto unlock;
1609
1610 cmd_complete(cmd->sk, cmd->index, cmd->opcode, mgmt_status(status),
1611 hdev->dev_class, 3);
1612
1613 mgmt_pending_remove(cmd);
1614
1615unlock:
1616 hci_dev_unlock(hdev);
1617}
1618
1619static void add_uuid_complete(struct hci_dev *hdev, u8 status)
1620{
1621 BT_DBG("status 0x%02x", status);
1622
1623 mgmt_class_complete(hdev, MGMT_OP_ADD_UUID, status);
1624}
1625
bdb6d971 1626static int add_uuid(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
2aeb9a1a 1627{
650f726d 1628 struct mgmt_cp_add_uuid *cp = data;
90e70454 1629 struct pending_cmd *cmd;
890ea898 1630 struct hci_request req;
2aeb9a1a 1631 struct bt_uuid *uuid;
2aeb9a1a
JH		 1632 int err;
1633
bdb6d971 1634 BT_DBG("request for %s", hdev->name);
2aeb9a1a 1635
09fd0de5 1636 hci_dev_lock(hdev);
2aeb9a1a 1637
0cab9c80 1638 if (pending_eir_or_class(hdev)) {
bdb6d971 1639 err = cmd_status(sk, hdev->id, MGMT_OP_ADD_UUID,
04124681 1640 MGMT_STATUS_BUSY);
c95f0ba7
JH		 1641 goto failed;
1642 }
1643
92c4c204 1644 uuid = kmalloc(sizeof(*uuid), GFP_KERNEL);
2aeb9a1a
JH		 1645 if (!uuid) {
1646 err = -ENOMEM;
1647 goto failed;
1648 }
1649
1650 memcpy(uuid->uuid, cp->uuid, 16);
1aff6f09 1651 uuid->svc_hint = cp->svc_hint;
83be8eca 1652 uuid->size = get_uuid_size(cp->uuid);
2aeb9a1a 1653
de66aa63 1654 list_add_tail(&uuid->list, &hdev->uuids);
2aeb9a1a 1655
890ea898 1656 hci_req_init(&req, hdev);
1aff6f09 1657
890ea898
JH		 1658 update_class(&req);
1659 update_eir(&req);
1660
92da6097
JH		 1661 err = hci_req_run(&req, add_uuid_complete);
1662 if (err < 0) {
1663 if (err != -ENODATA)
1664 goto failed;
80a1e1db 1665
bdb6d971 1666 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_UUID, 0,
04124681 1667 hdev->dev_class, 3);
90e70454
JH		 1668 goto failed;
1669 }
1670
1671 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_UUID, hdev, data, len);
890ea898 1672 if (!cmd) {
90e70454 1673 err = -ENOMEM;
890ea898
JH		 1674 goto failed;
1675 }
1676
1677 err = 0;
2aeb9a1a
JH		 1678
1679failed:
09fd0de5 1680 hci_dev_unlock(hdev);
2aeb9a1a
JH		 1681 return err;
1682}
1683
24b78d0f
JH		 1684static bool enable_service_cache(struct hci_dev *hdev)
1685{
1686 if (!hdev_is_powered(hdev))
1687 return false;
1688
1689 if (!test_and_set_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
46818ed5
JH		 1690 queue_delayed_work(hdev->workqueue, &hdev->service_cache,
1691 CACHE_TIMEOUT);
24b78d0f
JH		 1692 return true;
1693 }
1694
1695 return false;
1696}
1697
92da6097
JH		 1698static void remove_uuid_complete(struct hci_dev *hdev, u8 status)
1699{
1700 BT_DBG("status 0x%02x", status);
1701
1702 mgmt_class_complete(hdev, MGMT_OP_REMOVE_UUID, status);
1703}
1704
bdb6d971 1705static int remove_uuid(struct sock *sk, struct hci_dev *hdev, void *data,
8ce8e2b5 1706 u16 len)
2aeb9a1a 1707{
650f726d 1708 struct mgmt_cp_remove_uuid *cp = data;
90e70454 1709 struct pending_cmd *cmd;
056341c8 1710 struct bt_uuid *match, *tmp;
2aeb9a1a 1711 u8 bt_uuid_any[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
890ea898 1712 struct hci_request req;
2aeb9a1a
JH		 1713 int err, found;
1714
bdb6d971 1715 BT_DBG("request for %s", hdev->name);
2aeb9a1a 1716
09fd0de5 1717 hci_dev_lock(hdev);
2aeb9a1a 1718
0cab9c80 1719 if (pending_eir_or_class(hdev)) {
bdb6d971 1720 err = cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
04124681 1721 MGMT_STATUS_BUSY);
c95f0ba7
JH		 1722 goto unlock;
1723 }
1724
2aeb9a1a
JH		 1725 if (memcmp(cp->uuid, bt_uuid_any, 16) == 0) {
1726 err = hci_uuids_clear(hdev);
4004b6d9 1727
24b78d0f 1728 if (enable_service_cache(hdev)) {
bdb6d971 1729 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID,
04124681 1730 0, hdev->dev_class, 3);
24b78d0f
JH		 1731 goto unlock;
1732 }
4004b6d9 1733
9246a869 1734 goto update_class;
2aeb9a1a
JH		 1735 }
1736
1737 found = 0;
1738
056341c8 1739 list_for_each_entry_safe(match, tmp, &hdev->uuids, list) {
2aeb9a1a
JH		 1740 if (memcmp(match->uuid, cp->uuid, 16) != 0)
1741 continue;
1742
1743 list_del(&match->list);
482049f7 1744 kfree(match);
2aeb9a1a
JH		 1745 found++;
1746 }
1747
1748 if (found == 0) {
bdb6d971 1749 err = cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
04124681 1750 MGMT_STATUS_INVALID_PARAMS);
2aeb9a1a
JH		 1751 goto unlock;
1752 }
1753
9246a869 1754update_class:
890ea898 1755 hci_req_init(&req, hdev);
1aff6f09 1756
890ea898
JH		 1757 update_class(&req);
1758 update_eir(&req);
1759
92da6097
JH		 1760 err = hci_req_run(&req, remove_uuid_complete);
1761 if (err < 0) {
1762 if (err != -ENODATA)
1763 goto unlock;
80a1e1db 1764
bdb6d971 1765 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID, 0,
04124681 1766 hdev->dev_class, 3);
90e70454
JH		 1767 goto unlock;
1768 }
1769
1770 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_UUID, hdev, data, len);
890ea898 1771 if (!cmd) {
90e70454 1772 err = -ENOMEM;
890ea898
JH		 1773 goto unlock;
1774 }
1775
1776 err = 0;
2aeb9a1a
JH		 1777
1778unlock:
09fd0de5 1779 hci_dev_unlock(hdev);
2aeb9a1a
JH		 1780 return err;
1781}
1782
92da6097
JH		 1783static void set_class_complete(struct hci_dev *hdev, u8 status)
1784{
1785 BT_DBG("status 0x%02x", status);
1786
1787 mgmt_class_complete(hdev, MGMT_OP_SET_DEV_CLASS, status);
1788}
1789
bdb6d971 1790static int set_dev_class(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1791 u16 len)
1aff6f09 1792{
650f726d 1793 struct mgmt_cp_set_dev_class *cp = data;
90e70454 1794 struct pending_cmd *cmd;
890ea898 1795 struct hci_request req;
1aff6f09
JH		 1796 int err;
1797
bdb6d971 1798 BT_DBG("request for %s", hdev->name);
1aff6f09 1799
6203fc98 1800 if (!lmp_bredr_capable(hdev))
13ecd8b6
JH		 1801 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
1802 MGMT_STATUS_NOT_SUPPORTED);
1aff6f09 1803
0cab9c80 1804 hci_dev_lock(hdev);
ee98f473 1805
0cab9c80
JH		 1806 if (pending_eir_or_class(hdev)) {
1807 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
1808 MGMT_STATUS_BUSY);
1809 goto unlock;
1810 }
c95f0ba7 1811
0cab9c80
JH		 1812 if ((cp->minor & 0x03) != 0 || (cp->major & 0xe0) != 0) {
1813 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
1814 MGMT_STATUS_INVALID_PARAMS);
1815 goto unlock;
1816 }
575b3a02 1817
932f5ff5
JH		 1818 hdev->major_class = cp->major;
1819 hdev->minor_class = cp->minor;
1820
b5235a65 1821 if (!hdev_is_powered(hdev)) {
bdb6d971 1822 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
04124681 1823 hdev->dev_class, 3);
b5235a65
JH		 1824 goto unlock;
1825 }
1826
890ea898
JH		 1827 hci_req_init(&req, hdev);
1828
a8b2d5c2 1829 if (test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
7d78525d
JH		 1830 hci_dev_unlock(hdev);
1831 cancel_delayed_work_sync(&hdev->service_cache);
1832 hci_dev_lock(hdev);
890ea898 1833 update_eir(&req);
7d78525d 1834 }
14c0b608 1835
890ea898
JH		 1836 update_class(&req);
1837
92da6097
JH		 1838 err = hci_req_run(&req, set_class_complete);
1839 if (err < 0) {
1840 if (err != -ENODATA)
1841 goto unlock;
1aff6f09 1842
bdb6d971 1843 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
04124681 1844 hdev->dev_class, 3);
90e70454
JH		 1845 goto unlock;
1846 }
1847
1848 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DEV_CLASS, hdev, data, len);
890ea898 1849 if (!cmd) {
90e70454 1850 err = -ENOMEM;
890ea898
JH		 1851 goto unlock;
1852 }
1853
1854 err = 0;
1aff6f09 1855
b5235a65 1856unlock:
09fd0de5 1857 hci_dev_unlock(hdev);
1aff6f09
JH		 1858 return err;
1859}
1860
bdb6d971 1861static int load_link_keys(struct sock *sk, struct hci_dev *hdev, void *data,
8ce8e2b5 1862 u16 len)
55ed8ca1 1863{
650f726d 1864 struct mgmt_cp_load_link_keys *cp = data;
4e51eae9 1865 u16 key_count, expected_len;
a492cd52 1866 int i;
55ed8ca1 1867
9060d5cf
MH		 1868 BT_DBG("request for %s", hdev->name);
1869
1870 if (!lmp_bredr_capable(hdev))
1871 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
1872 MGMT_STATUS_NOT_SUPPORTED);
1873
1f350c87 1874 key_count = __le16_to_cpu(cp->key_count);
55ed8ca1 1875
86742e1e
JH		 1876 expected_len = sizeof(*cp) + key_count *
1877 sizeof(struct mgmt_link_key_info);
a492cd52 1878 if (expected_len != len) {
86742e1e 1879 BT_ERR("load_link_keys: expected %u bytes, got %u bytes",
8ce8e2b5 1880 len, expected_len);
bdb6d971 1881 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
04124681 1882 MGMT_STATUS_INVALID_PARAMS);
55ed8ca1
JH		 1883 }
1884
4ae14301
JH		 1885 if (cp->debug_keys != 0x00 && cp->debug_keys != 0x01)
1886 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
1887 MGMT_STATUS_INVALID_PARAMS);
1888
bdb6d971 1889 BT_DBG("%s debug_keys %u key_count %u", hdev->name, cp->debug_keys,
8ce8e2b5 1890 key_count);
55ed8ca1 1891
4ee71b20
JH		 1892 for (i = 0; i < key_count; i++) {
1893 struct mgmt_link_key_info *key = &cp->keys[i];
1894
1895 if (key->addr.type != BDADDR_BREDR)
1896 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
1897 MGMT_STATUS_INVALID_PARAMS);
1898 }
1899
09fd0de5 1900 hci_dev_lock(hdev);
55ed8ca1
JH		 1901
1902 hci_link_keys_clear(hdev);
1903
55ed8ca1 1904 if (cp->debug_keys)
a8b2d5c2 1905 set_bit(HCI_DEBUG_KEYS, &hdev->dev_flags);
55ed8ca1 1906 else
a8b2d5c2 1907 clear_bit(HCI_DEBUG_KEYS, &hdev->dev_flags);
55ed8ca1 1908
a492cd52 1909 for (i = 0; i < key_count; i++) {
86742e1e 1910 struct mgmt_link_key_info *key = &cp->keys[i];
55ed8ca1 1911
d753fdc4 1912 hci_add_link_key(hdev, NULL, 0, &key->addr.bdaddr, key->val,
04124681 1913 key->type, key->pin_len);
55ed8ca1
JH		 1914 }
1915
bdb6d971 1916 cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS, 0, NULL, 0);
0e5f875a 1917
09fd0de5 1918 hci_dev_unlock(hdev);
55ed8ca1 1919
a492cd52 1920 return 0;
55ed8ca1
JH		 1921}
1922
b1078ad0 1923static int device_unpaired(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 1924 u8 addr_type, struct sock *skip_sk)
b1078ad0
JH		 1925{
1926 struct mgmt_ev_device_unpaired ev;
1927
1928 bacpy(&ev.addr.bdaddr, bdaddr);
1929 ev.addr.type = addr_type;
1930
1931 return mgmt_event(MGMT_EV_DEVICE_UNPAIRED, hdev, &ev, sizeof(ev),
04124681 1932 skip_sk);
b1078ad0
JH		 1933}
1934
bdb6d971 1935static int unpair_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1936 u16 len)
55ed8ca1 1937{
124f6e35
JH		 1938 struct mgmt_cp_unpair_device *cp = data;
1939 struct mgmt_rp_unpair_device rp;
a8a1d19e
JH		 1940 struct hci_cp_disconnect dc;
1941 struct pending_cmd *cmd;
55ed8ca1 1942 struct hci_conn *conn;
55ed8ca1
JH		 1943 int err;
1944
a8a1d19e 1945 memset(&rp, 0, sizeof(rp));
124f6e35
JH		 1946 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
1947 rp.addr.type = cp->addr.type;
a8a1d19e 1948
4ee71b20
JH		 1949 if (!bdaddr_type_is_valid(cp->addr.type))
1950 return cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
1951 MGMT_STATUS_INVALID_PARAMS,
1952 &rp, sizeof(rp));
1953
118da70b
JH		 1954 if (cp->disconnect != 0x00 && cp->disconnect != 0x01)
1955 return cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
1956 MGMT_STATUS_INVALID_PARAMS,
1957 &rp, sizeof(rp));
1958
4ee71b20
JH		 1959 hci_dev_lock(hdev);
1960
86a8cfc6 1961 if (!hdev_is_powered(hdev)) {
bdb6d971 1962 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
04124681 1963 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
86a8cfc6
JH		 1964 goto unlock;
1965 }
1966
591f47f3 1967 if (cp->addr.type == BDADDR_BREDR)
124f6e35
JH		 1968 err = hci_remove_link_key(hdev, &cp->addr.bdaddr);
1969 else
1970 err = hci_remove_ltk(hdev, &cp->addr.bdaddr);
b0dbfb46 1971
55ed8ca1 1972 if (err < 0) {
bdb6d971 1973 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
04124681 1974 MGMT_STATUS_NOT_PAIRED, &rp, sizeof(rp));
55ed8ca1
JH		 1975 goto unlock;
1976 }
1977
86a8cfc6 1978 if (cp->disconnect) {
591f47f3 1979 if (cp->addr.type == BDADDR_BREDR)
86a8cfc6 1980 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
8ce8e2b5 1981 &cp->addr.bdaddr);
86a8cfc6
JH		 1982 else
1983 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK,
8ce8e2b5 1984 &cp->addr.bdaddr);
86a8cfc6
JH		 1985 } else {
1986 conn = NULL;
1987 }
124f6e35 1988
a8a1d19e 1989 if (!conn) {
bdb6d971 1990 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE, 0,
04124681 1991 &rp, sizeof(rp));
b1078ad0 1992 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, sk);
a8a1d19e
JH		 1993 goto unlock;
1994 }
55ed8ca1 1995
124f6e35 1996 cmd = mgmt_pending_add(sk, MGMT_OP_UNPAIR_DEVICE, hdev, cp,
04124681 1997 sizeof(*cp));
a8a1d19e
JH		 1998 if (!cmd) {
1999 err = -ENOMEM;
2000 goto unlock;
55ed8ca1
JH		 2001 }
2002
eb55ef07 2003 dc.handle = cpu_to_le16(conn->handle);
a8a1d19e
JH		 2004 dc.reason = 0x13; /* Remote User Terminated Connection */
2005 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
2006 if (err < 0)
2007 mgmt_pending_remove(cmd);
2008
55ed8ca1 2009unlock:
09fd0de5 2010 hci_dev_unlock(hdev);
55ed8ca1
JH		 2011 return err;
2012}
2013
bdb6d971 2014static int disconnect(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2015 u16 len)
8962ee74 2016{
650f726d 2017 struct mgmt_cp_disconnect *cp = data;
06a63b19 2018 struct mgmt_rp_disconnect rp;
8962ee74 2019 struct hci_cp_disconnect dc;
366a0336 2020 struct pending_cmd *cmd;
8962ee74 2021 struct hci_conn *conn;
8962ee74
JH		 2022 int err;
2023
2024 BT_DBG("");
2025
06a63b19
JH		 2026 memset(&rp, 0, sizeof(rp));
2027 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2028 rp.addr.type = cp->addr.type;
2029
4ee71b20 2030 if (!bdaddr_type_is_valid(cp->addr.type))
06a63b19
JH		 2031 return cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2032 MGMT_STATUS_INVALID_PARAMS,
2033 &rp, sizeof(rp));
4ee71b20 2034
09fd0de5 2035 hci_dev_lock(hdev);
8962ee74
JH		 2036
2037 if (!test_bit(HCI_UP, &hdev->flags)) {
06a63b19
JH		 2038 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2039 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
8962ee74
JH		 2040 goto failed;
2041 }
2042
2e58ef3e 2043 if (mgmt_pending_find(MGMT_OP_DISCONNECT, hdev)) {
06a63b19
JH		 2044 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2045 MGMT_STATUS_BUSY, &rp, sizeof(rp));
8962ee74
JH		 2046 goto failed;
2047 }
2048
591f47f3 2049 if (cp->addr.type == BDADDR_BREDR)
8fc9ced3
GP		 2050 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
2051 &cp->addr.bdaddr);
88c3df13
JH		 2052 else
2053 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
365227e5 2054
f960727e 2055 if (!conn || conn->state == BT_OPEN || conn->state == BT_CLOSED) {
06a63b19
JH		 2056 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2057 MGMT_STATUS_NOT_CONNECTED, &rp, sizeof(rp));
8962ee74
JH		 2058 goto failed;
2059 }
2060
2e58ef3e 2061 cmd = mgmt_pending_add(sk, MGMT_OP_DISCONNECT, hdev, data, len);
366a0336
JH		 2062 if (!cmd) {
2063 err = -ENOMEM;
8962ee74 2064 goto failed;
366a0336 2065 }
8962ee74 2066
eb55ef07 2067 dc.handle = cpu_to_le16(conn->handle);
3701f944 2068 dc.reason = HCI_ERROR_REMOTE_USER_TERM;
8962ee74
JH		 2069
2070 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
2071 if (err < 0)
a664b5bc 2072 mgmt_pending_remove(cmd);
8962ee74
JH		 2073
2074failed:
09fd0de5 2075 hci_dev_unlock(hdev);
8962ee74
JH		 2076 return err;
2077}
2078
57c1477c 2079static u8 link_to_bdaddr(u8 link_type, u8 addr_type)
4c659c39
JH		 2080{
2081 switch (link_type) {
2082 case LE_LINK:
48264f06
JH		 2083 switch (addr_type) {
2084 case ADDR_LE_DEV_PUBLIC:
591f47f3 2085 return BDADDR_LE_PUBLIC;
0ed09148 2086
48264f06 2087 default:
0ed09148 2088 /* Fallback to LE Random address type */
591f47f3 2089 return BDADDR_LE_RANDOM;
48264f06 2090 }
0ed09148 2091
4c659c39 2092 default:
0ed09148 2093 /* Fallback to BR/EDR type */
591f47f3 2094 return BDADDR_BREDR;
4c659c39
JH		 2095 }
2096}
2097
04124681
GP		 2098static int get_connections(struct sock *sk, struct hci_dev *hdev, void *data,
2099 u16 data_len)
2784eb41 2100{
2784eb41 2101 struct mgmt_rp_get_connections *rp;
8035ded4 2102 struct hci_conn *c;
a38528f1 2103 size_t rp_len;
60fc5fb6
JH		 2104 int err;
2105 u16 i;
2784eb41
JH		 2106
2107 BT_DBG("");
2108
09fd0de5 2109 hci_dev_lock(hdev);
2784eb41 2110
5f97c1df 2111 if (!hdev_is_powered(hdev)) {
bdb6d971 2112 err = cmd_status(sk, hdev->id, MGMT_OP_GET_CONNECTIONS,
04124681 2113 MGMT_STATUS_NOT_POWERED);
5f97c1df
JH		 2114 goto unlock;
2115 }
2116
60fc5fb6 2117 i = 0;
b644ba33
JH		 2118 list_for_each_entry(c, &hdev->conn_hash.list, list) {
2119 if (test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
60fc5fb6 2120 i++;
2784eb41
JH		 2121 }
2122
60fc5fb6 2123 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
92c4c204 2124 rp = kmalloc(rp_len, GFP_KERNEL);
a38528f1 2125 if (!rp) {
2784eb41
JH		 2126 err = -ENOMEM;
2127 goto unlock;
2128 }
2129
2784eb41 2130 i = 0;
4c659c39 2131 list_for_each_entry(c, &hdev->conn_hash.list, list) {
b644ba33
JH		 2132 if (!test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
2133 continue;
4c659c39 2134 bacpy(&rp->addr[i].bdaddr, &c->dst);
57c1477c 2135 rp->addr[i].type = link_to_bdaddr(c->type, c->dst_type);
0ed09148 2136 if (c->type == SCO_LINK || c->type == ESCO_LINK)
4c659c39
JH		 2137 continue;
2138 i++;
2139 }
2140
eb55ef07 2141 rp->conn_count = cpu_to_le16(i);
60fc5fb6 2142
4c659c39
JH		 2143 /* Recalculate length in case of filtered SCO connections, etc */
2144 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
2784eb41 2145
bdb6d971 2146 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CONNECTIONS, 0, rp,
04124681 2147 rp_len);
2784eb41 2148
a38528f1 2149 kfree(rp);
5f97c1df
JH		 2150
2151unlock:
09fd0de5 2152 hci_dev_unlock(hdev);
2784eb41
JH		 2153 return err;
2154}
2155
bdb6d971 2156static int send_pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 2157 struct mgmt_cp_pin_code_neg_reply *cp)
96d97a67
WR		 2158{
2159 struct pending_cmd *cmd;
2160 int err;
2161
2e58ef3e 2162 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_NEG_REPLY, hdev, cp,
04124681 2163 sizeof(*cp));
96d97a67
WR		 2164 if (!cmd)
2165 return -ENOMEM;
2166
d8457698 2167 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
04124681 2168 sizeof(cp->addr.bdaddr), &cp->addr.bdaddr);
96d97a67
WR		 2169 if (err < 0)
2170 mgmt_pending_remove(cmd);
2171
2172 return err;
2173}
2174
bdb6d971 2175static int pin_code_reply(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2176 u16 len)
980e1a53 2177{
96d97a67 2178 struct hci_conn *conn;
650f726d 2179 struct mgmt_cp_pin_code_reply *cp = data;
980e1a53 2180 struct hci_cp_pin_code_reply reply;
366a0336 2181 struct pending_cmd *cmd;
980e1a53
JH		 2182 int err;
2183
2184 BT_DBG("");
2185
09fd0de5 2186 hci_dev_lock(hdev);
980e1a53 2187
4b34ee78 2188 if (!hdev_is_powered(hdev)) {
bdb6d971 2189 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
04124681 2190 MGMT_STATUS_NOT_POWERED);
980e1a53
JH		 2191 goto failed;
2192 }
2193
d8457698 2194 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->addr.bdaddr);
96d97a67 2195 if (!conn) {
bdb6d971 2196 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
04124681 2197 MGMT_STATUS_NOT_CONNECTED);
96d97a67
WR		 2198 goto failed;
2199 }
2200
2201 if (conn->pending_sec_level == BT_SECURITY_HIGH && cp->pin_len != 16) {
d8457698
JH		 2202 struct mgmt_cp_pin_code_neg_reply ncp;
2203
2204 memcpy(&ncp.addr, &cp->addr, sizeof(ncp.addr));
96d97a67
WR		 2205
2206 BT_ERR("PIN code is not 16 bytes long");
2207
bdb6d971 2208 err = send_pin_code_neg_reply(sk, hdev, &ncp);
96d97a67 2209 if (err >= 0)
bdb6d971 2210 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
04124681 2211 MGMT_STATUS_INVALID_PARAMS);
96d97a67
WR		 2212
2213 goto failed;
2214 }
2215
00abfe44 2216 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_REPLY, hdev, data, len);
366a0336
JH		 2217 if (!cmd) {
2218 err = -ENOMEM;
980e1a53 2219 goto failed;
366a0336 2220 }
980e1a53 2221
d8457698 2222 bacpy(&reply.bdaddr, &cp->addr.bdaddr);
980e1a53 2223 reply.pin_len = cp->pin_len;
24718ca5 2224 memcpy(reply.pin_code, cp->pin_code, sizeof(reply.pin_code));
980e1a53
JH		 2225
2226 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_REPLY, sizeof(reply), &reply);
2227 if (err < 0)
a664b5bc 2228 mgmt_pending_remove(cmd);
980e1a53
JH		 2229
2230failed:
09fd0de5 2231 hci_dev_unlock(hdev);
980e1a53
JH		 2232 return err;
2233}
2234
04124681
GP		 2235static int set_io_capability(struct sock *sk, struct hci_dev *hdev, void *data,
2236 u16 len)
17fa4b9d 2237{
650f726d 2238 struct mgmt_cp_set_io_capability *cp = data;
17fa4b9d
JH		 2239
2240 BT_DBG("");
2241
09fd0de5 2242 hci_dev_lock(hdev);
17fa4b9d
JH		 2243
2244 hdev->io_capability = cp->io_capability;
2245
2246 BT_DBG("%s IO capability set to 0x%02x", hdev->name,
8ce8e2b5 2247 hdev->io_capability);
17fa4b9d 2248
09fd0de5 2249 hci_dev_unlock(hdev);
17fa4b9d 2250
04124681
GP		 2251 return cmd_complete(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY, 0, NULL,
2252 0);
17fa4b9d
JH		 2253}
2254
6039aa73 2255static struct pending_cmd *find_pairing(struct hci_conn *conn)
e9a416b5
JH		 2256{
2257 struct hci_dev *hdev = conn->hdev;
8035ded4 2258 struct pending_cmd *cmd;
e9a416b5 2259
2e58ef3e 2260 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
e9a416b5
JH		 2261 if (cmd->opcode != MGMT_OP_PAIR_DEVICE)
2262 continue;
2263
e9a416b5
JH		 2264 if (cmd->user_data != conn)
2265 continue;
2266
2267 return cmd;
2268 }
2269
2270 return NULL;
2271}
2272
2273static void pairing_complete(struct pending_cmd *cmd, u8 status)
2274{
2275 struct mgmt_rp_pair_device rp;
2276 struct hci_conn *conn = cmd->user_data;
2277
ba4e564f 2278 bacpy(&rp.addr.bdaddr, &conn->dst);
57c1477c 2279 rp.addr.type = link_to_bdaddr(conn->type, conn->dst_type);
e9a416b5 2280
aee9b218 2281 cmd_complete(cmd->sk, cmd->index, MGMT_OP_PAIR_DEVICE, status,
04124681 2282 &rp, sizeof(rp));
e9a416b5
JH		 2283
2284 /* So we don't get further callbacks for this connection */
2285 conn->connect_cfm_cb = NULL;
2286 conn->security_cfm_cb = NULL;
2287 conn->disconn_cfm_cb = NULL;
2288
76a68ba0 2289 hci_conn_drop(conn);
e9a416b5 2290
a664b5bc 2291 mgmt_pending_remove(cmd);
e9a416b5
JH		 2292}
2293
2294static void pairing_complete_cb(struct hci_conn *conn, u8 status)
2295{
2296 struct pending_cmd *cmd;
2297
2298 BT_DBG("status %u", status);
2299
2300 cmd = find_pairing(conn);
56e5cb86 2301 if (!cmd)
e9a416b5 2302 BT_DBG("Unable to find a pending command");
56e5cb86 2303 else
e211326c 2304 pairing_complete(cmd, mgmt_status(status));
e9a416b5
JH		 2305}
2306
4c47d739
VA		 2307static void le_connect_complete_cb(struct hci_conn *conn, u8 status)
2308{
2309 struct pending_cmd *cmd;
2310
2311 BT_DBG("status %u", status);
2312
2313 if (!status)
2314 return;
2315
2316 cmd = find_pairing(conn);
2317 if (!cmd)
2318 BT_DBG("Unable to find a pending command");
2319 else
2320 pairing_complete(cmd, mgmt_status(status));
2321}
2322
bdb6d971 2323static int pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2324 u16 len)
e9a416b5 2325{
650f726d 2326 struct mgmt_cp_pair_device *cp = data;
1425acb7 2327 struct mgmt_rp_pair_device rp;
e9a416b5
JH		 2328 struct pending_cmd *cmd;
2329 u8 sec_level, auth_type;
2330 struct hci_conn *conn;
e9a416b5
JH		 2331 int err;
2332
2333 BT_DBG("");
2334
f950a30e
SJ		 2335 memset(&rp, 0, sizeof(rp));
2336 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2337 rp.addr.type = cp->addr.type;
2338
4ee71b20
JH		 2339 if (!bdaddr_type_is_valid(cp->addr.type))
2340 return cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2341 MGMT_STATUS_INVALID_PARAMS,
2342 &rp, sizeof(rp));
2343
09fd0de5 2344 hci_dev_lock(hdev);
e9a416b5 2345
5f97c1df 2346 if (!hdev_is_powered(hdev)) {
f950a30e
SJ		 2347 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2348 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
5f97c1df
JH		 2349 goto unlock;
2350 }
2351
c908df36
VCG		 2352 sec_level = BT_SECURITY_MEDIUM;
2353 if (cp->io_cap == 0x03)
e9a416b5 2354 auth_type = HCI_AT_DEDICATED_BONDING;
c908df36 2355 else
e9a416b5 2356 auth_type = HCI_AT_DEDICATED_BONDING_MITM;
e9a416b5 2357
591f47f3 2358 if (cp->addr.type == BDADDR_BREDR)
b12f62cf
AG		 2359 conn = hci_connect(hdev, ACL_LINK, &cp->addr.bdaddr,
2360 cp->addr.type, sec_level, auth_type);
7a512d01 2361 else
b12f62cf
AG		 2362 conn = hci_connect(hdev, LE_LINK, &cp->addr.bdaddr,
2363 cp->addr.type, sec_level, auth_type);
7a512d01 2364
30e76272 2365 if (IS_ERR(conn)) {
489dc48e
AK		 2366 int status;
2367
2368 if (PTR_ERR(conn) == -EBUSY)
2369 status = MGMT_STATUS_BUSY;
2370 else
2371 status = MGMT_STATUS_CONNECT_FAILED;
2372
bdb6d971 2373 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
489dc48e 2374 status, &rp,
04124681 2375 sizeof(rp));
e9a416b5
JH		 2376 goto unlock;
2377 }
2378
2379 if (conn->connect_cfm_cb) {
76a68ba0 2380 hci_conn_drop(conn);
bdb6d971 2381 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
04124681 2382 MGMT_STATUS_BUSY, &rp, sizeof(rp));
e9a416b5
JH		 2383 goto unlock;
2384 }
2385
2e58ef3e 2386 cmd = mgmt_pending_add(sk, MGMT_OP_PAIR_DEVICE, hdev, data, len);
e9a416b5
JH		 2387 if (!cmd) {
2388 err = -ENOMEM;
76a68ba0 2389 hci_conn_drop(conn);
e9a416b5
JH		 2390 goto unlock;
2391 }
2392
7a512d01 2393 /* For LE, just connecting isn't a proof that the pairing finished */
591f47f3 2394 if (cp->addr.type == BDADDR_BREDR)
7a512d01 2395 conn->connect_cfm_cb = pairing_complete_cb;
4c47d739
VA		 2396 else
2397 conn->connect_cfm_cb = le_connect_complete_cb;
7a512d01 2398
e9a416b5
JH		 2399 conn->security_cfm_cb = pairing_complete_cb;
2400 conn->disconn_cfm_cb = pairing_complete_cb;
2401 conn->io_capability = cp->io_cap;
2402 cmd->user_data = conn;
2403
2404 if (conn->state == BT_CONNECTED &&
8ce8e2b5 2405 hci_conn_security(conn, sec_level, auth_type))
e9a416b5
JH		 2406 pairing_complete(cmd, 0);
2407
2408 err = 0;
2409
2410unlock:
09fd0de5 2411 hci_dev_unlock(hdev);
e9a416b5
JH		 2412 return err;
2413}
2414
04124681
GP		 2415static int cancel_pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
2416 u16 len)
28424707 2417{
0f4e68cf 2418 struct mgmt_addr_info *addr = data;
28424707
JH		 2419 struct pending_cmd *cmd;
2420 struct hci_conn *conn;
2421 int err;
2422
2423 BT_DBG("");
2424
28424707
JH		 2425 hci_dev_lock(hdev);
2426
5f97c1df 2427 if (!hdev_is_powered(hdev)) {
bdb6d971 2428 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
04124681 2429 MGMT_STATUS_NOT_POWERED);
5f97c1df
JH		 2430 goto unlock;
2431 }
2432
28424707
JH		 2433 cmd = mgmt_pending_find(MGMT_OP_PAIR_DEVICE, hdev);
2434 if (!cmd) {
bdb6d971 2435 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
04124681 2436 MGMT_STATUS_INVALID_PARAMS);
28424707
JH		 2437 goto unlock;
2438 }
2439
2440 conn = cmd->user_data;
2441
2442 if (bacmp(&addr->bdaddr, &conn->dst) != 0) {
bdb6d971 2443 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
04124681 2444 MGMT_STATUS_INVALID_PARAMS);
28424707
JH		 2445 goto unlock;
2446 }
2447
2448 pairing_complete(cmd, MGMT_STATUS_CANCELLED);
2449
bdb6d971 2450 err = cmd_complete(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE, 0,
04124681 2451 addr, sizeof(*addr));
28424707
JH		 2452unlock:
2453 hci_dev_unlock(hdev);
28424707
JH		 2454 return err;
2455}
2456
bdb6d971 2457static int user_pairing_resp(struct sock *sk, struct hci_dev *hdev,
1707c60e 2458 struct mgmt_addr_info *addr, u16 mgmt_op,
04124681 2459 u16 hci_op, __le32 passkey)
a5c29683 2460{
a5c29683 2461 struct pending_cmd *cmd;
0df4c185 2462 struct hci_conn *conn;
a5c29683
JH		 2463 int err;
2464
09fd0de5 2465 hci_dev_lock(hdev);
08ba5382 2466
4b34ee78 2467 if (!hdev_is_powered(hdev)) {
feb94d3d
JH		 2468 err = cmd_complete(sk, hdev->id, mgmt_op,
2469 MGMT_STATUS_NOT_POWERED, addr,
2470 sizeof(*addr));
0df4c185 2471 goto done;
a5c29683
JH		 2472 }
2473
1707c60e
JH		 2474 if (addr->type == BDADDR_BREDR)
2475 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &addr->bdaddr);
272d90df 2476 else
1707c60e 2477 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &addr->bdaddr);
272d90df
JH		 2478
2479 if (!conn) {
feb94d3d
JH		 2480 err = cmd_complete(sk, hdev->id, mgmt_op,
2481 MGMT_STATUS_NOT_CONNECTED, addr,
2482 sizeof(*addr));
272d90df
JH		 2483 goto done;
2484 }
47c15e2b 2485
1707c60e 2486 if (addr->type == BDADDR_LE_PUBLIC || addr->type == BDADDR_LE_RANDOM) {
47c15e2b 2487 /* Continue with pairing via SMP */
5fe57d9e
BG		 2488 err = smp_user_confirm_reply(conn, mgmt_op, passkey);
2489
2490 if (!err)
feb94d3d
JH		 2491 err = cmd_complete(sk, hdev->id, mgmt_op,
2492 MGMT_STATUS_SUCCESS, addr,
2493 sizeof(*addr));
5fe57d9e 2494 else
feb94d3d
JH		 2495 err = cmd_complete(sk, hdev->id, mgmt_op,
2496 MGMT_STATUS_FAILED, addr,
2497 sizeof(*addr));
47c15e2b 2498
47c15e2b
BG		 2499 goto done;
2500 }
2501
1707c60e 2502 cmd = mgmt_pending_add(sk, mgmt_op, hdev, addr, sizeof(*addr));
a5c29683
JH		 2503 if (!cmd) {
2504 err = -ENOMEM;
0df4c185 2505 goto done;
a5c29683
JH		 2506 }
2507
0df4c185 2508 /* Continue with pairing via HCI */
604086b7
BG		 2509 if (hci_op == HCI_OP_USER_PASSKEY_REPLY) {
2510 struct hci_cp_user_passkey_reply cp;
2511
1707c60e 2512 bacpy(&cp.bdaddr, &addr->bdaddr);
604086b7
BG		 2513 cp.passkey = passkey;
2514 err = hci_send_cmd(hdev, hci_op, sizeof(cp), &cp);
2515 } else
1707c60e
JH		 2516 err = hci_send_cmd(hdev, hci_op, sizeof(addr->bdaddr),
2517 &addr->bdaddr);
604086b7 2518
a664b5bc
JH		 2519 if (err < 0)
2520 mgmt_pending_remove(cmd);
a5c29683 2521
0df4c185 2522done:
09fd0de5 2523 hci_dev_unlock(hdev);
a5c29683
JH		 2524 return err;
2525}
2526
afeb019d
JK		 2527static int pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
2528 void *data, u16 len)
2529{
2530 struct mgmt_cp_pin_code_neg_reply *cp = data;
2531
2532 BT_DBG("");
2533
1707c60e 2534 return user_pairing_resp(sk, hdev, &cp->addr,
afeb019d
JK		 2535 MGMT_OP_PIN_CODE_NEG_REPLY,
2536 HCI_OP_PIN_CODE_NEG_REPLY, 0);
2537}
2538
04124681
GP		 2539static int user_confirm_reply(struct sock *sk, struct hci_dev *hdev, void *data,
2540 u16 len)
0df4c185 2541{
650f726d 2542 struct mgmt_cp_user_confirm_reply *cp = data;
0df4c185
BG		 2543
2544 BT_DBG("");
2545
2546 if (len != sizeof(*cp))
bdb6d971 2547 return cmd_status(sk, hdev->id, MGMT_OP_USER_CONFIRM_REPLY,
04124681 2548 MGMT_STATUS_INVALID_PARAMS);
0df4c185 2549
1707c60e 2550 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 2551 MGMT_OP_USER_CONFIRM_REPLY,
2552 HCI_OP_USER_CONFIRM_REPLY, 0);
0df4c185
BG		 2553}
2554
bdb6d971 2555static int user_confirm_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 2556 void *data, u16 len)
0df4c185 2557{
c9c2659f 2558 struct mgmt_cp_user_confirm_neg_reply *cp = data;
0df4c185
BG		 2559
2560 BT_DBG("");
2561
1707c60e 2562 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 2563 MGMT_OP_USER_CONFIRM_NEG_REPLY,
2564 HCI_OP_USER_CONFIRM_NEG_REPLY, 0);
0df4c185
BG		 2565}
2566
04124681
GP		 2567static int user_passkey_reply(struct sock *sk, struct hci_dev *hdev, void *data,
2568 u16 len)
604086b7 2569{
650f726d 2570 struct mgmt_cp_user_passkey_reply *cp = data;
604086b7
BG		 2571
2572 BT_DBG("");
2573
1707c60e 2574 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 2575 MGMT_OP_USER_PASSKEY_REPLY,
2576 HCI_OP_USER_PASSKEY_REPLY, cp->passkey);
604086b7
BG		 2577}
2578
bdb6d971 2579static int user_passkey_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 2580 void *data, u16 len)
604086b7 2581{
650f726d 2582 struct mgmt_cp_user_passkey_neg_reply *cp = data;
604086b7
BG		 2583
2584 BT_DBG("");
2585
1707c60e 2586 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 2587 MGMT_OP_USER_PASSKEY_NEG_REPLY,
2588 HCI_OP_USER_PASSKEY_NEG_REPLY, 0);
604086b7
BG		 2589}
2590
13928971 2591static void update_name(struct hci_request *req)
2b4bf397 2592{
13928971 2593 struct hci_dev *hdev = req->hdev;
2b4bf397
JH		 2594 struct hci_cp_write_local_name cp;
2595
13928971 2596 memcpy(cp.name, hdev->dev_name, sizeof(cp.name));
2b4bf397 2597
890ea898 2598 hci_req_add(req, HCI_OP_WRITE_LOCAL_NAME, sizeof(cp), &cp);
2b4bf397
JH		 2599}
2600
13928971
JH		 2601static void set_name_complete(struct hci_dev *hdev, u8 status)
2602{
2603 struct mgmt_cp_set_local_name *cp;
2604 struct pending_cmd *cmd;
2605
2606 BT_DBG("status 0x%02x", status);
2607
2608 hci_dev_lock(hdev);
2609
2610 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
2611 if (!cmd)
2612 goto unlock;
2613
2614 cp = cmd->param;
2615
2616 if (status)
2617 cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME,
2618 mgmt_status(status));
2619 else
2620 cmd_complete(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
2621 cp, sizeof(*cp));
2622
2623 mgmt_pending_remove(cmd);
2624
2625unlock:
2626 hci_dev_unlock(hdev);
2627}
2628
bdb6d971 2629static int set_local_name(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2630 u16 len)
b312b161 2631{
2b4bf397 2632 struct mgmt_cp_set_local_name *cp = data;
b312b161 2633 struct pending_cmd *cmd;
890ea898 2634 struct hci_request req;
b312b161
JH		 2635 int err;
2636
2637 BT_DBG("");
2638
09fd0de5 2639 hci_dev_lock(hdev);
b312b161 2640
b3f2ca94
JH		 2641 /* If the old values are the same as the new ones just return a
2642 * direct command complete event.
2643 */
2644 if (!memcmp(hdev->dev_name, cp->name, sizeof(hdev->dev_name)) &&
2645 !memcmp(hdev->short_name, cp->short_name,
2646 sizeof(hdev->short_name))) {
2647 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
2648 data, len);
2649 goto failed;
2650 }
2651
2b4bf397 2652 memcpy(hdev->short_name, cp->short_name, sizeof(hdev->short_name));
28cc7bde 2653
b5235a65 2654 if (!hdev_is_powered(hdev)) {
2b4bf397 2655 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
28cc7bde
JH		 2656
2657 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
04124681 2658 data, len);
28cc7bde
JH		 2659 if (err < 0)
2660 goto failed;
2661
2662 err = mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, data, len,
04124681 2663 sk);
28cc7bde 2664
b5235a65
JH		 2665 goto failed;
2666 }
2667
28cc7bde 2668 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LOCAL_NAME, hdev, data, len);
b312b161
JH		 2669 if (!cmd) {
2670 err = -ENOMEM;
2671 goto failed;
2672 }
2673
13928971
JH		 2674 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
2675
890ea898 2676 hci_req_init(&req, hdev);
3f985050
JH		 2677
2678 if (lmp_bredr_capable(hdev)) {
2679 update_name(&req);
2680 update_eir(&req);
2681 }
2682
2683 if (lmp_le_capable(hdev))
2684 hci_update_ad(&req);
2685
13928971 2686 err = hci_req_run(&req, set_name_complete);
b312b161
JH		 2687 if (err < 0)
2688 mgmt_pending_remove(cmd);
2689
2690failed:
09fd0de5 2691 hci_dev_unlock(hdev);
b312b161
JH		 2692 return err;
2693}
2694
0f4e68cf 2695static int read_local_oob_data(struct sock *sk, struct hci_dev *hdev,
04124681 2696 void *data, u16 data_len)
c35938b2 2697{
c35938b2
SJ		 2698 struct pending_cmd *cmd;
2699 int err;
2700
bdb6d971 2701 BT_DBG("%s", hdev->name);
c35938b2 2702
09fd0de5 2703 hci_dev_lock(hdev);
c35938b2 2704
4b34ee78 2705 if (!hdev_is_powered(hdev)) {
bdb6d971 2706 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
04124681 2707 MGMT_STATUS_NOT_POWERED);
c35938b2
SJ		 2708 goto unlock;
2709 }
2710
9a1a1996 2711 if (!lmp_ssp_capable(hdev)) {
bdb6d971 2712 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
04124681 2713 MGMT_STATUS_NOT_SUPPORTED);
c35938b2
SJ		 2714 goto unlock;
2715 }
2716
2e58ef3e 2717 if (mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev)) {
bdb6d971 2718 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
04124681 2719 MGMT_STATUS_BUSY);
c35938b2
SJ		 2720 goto unlock;
2721 }
2722
2e58ef3e 2723 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_DATA, hdev, NULL, 0);
c35938b2
SJ		 2724 if (!cmd) {
2725 err = -ENOMEM;
2726 goto unlock;
2727 }
2728
2729 err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL);
2730 if (err < 0)
2731 mgmt_pending_remove(cmd);
2732
2733unlock:
09fd0de5 2734 hci_dev_unlock(hdev);
c35938b2
SJ		 2735 return err;
2736}
2737
bdb6d971 2738static int add_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
04124681 2739 void *data, u16 len)
2763eda6 2740{
650f726d 2741 struct mgmt_cp_add_remote_oob_data *cp = data;
bf1e3541 2742 u8 status;
2763eda6
SJ		 2743 int err;
2744
bdb6d971 2745 BT_DBG("%s ", hdev->name);
2763eda6 2746
09fd0de5 2747 hci_dev_lock(hdev);
2763eda6 2748
664ce4cc 2749 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr, cp->hash,
04124681 2750 cp->randomizer);
2763eda6 2751 if (err < 0)
bf1e3541 2752 status = MGMT_STATUS_FAILED;
2763eda6 2753 else
a6785be2 2754 status = MGMT_STATUS_SUCCESS;
bf1e3541 2755
bdb6d971 2756 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA, status,
04124681 2757 &cp->addr, sizeof(cp->addr));
2763eda6 2758
09fd0de5 2759 hci_dev_unlock(hdev);
2763eda6
SJ		 2760 return err;
2761}
2762
bdb6d971 2763static int remove_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
8ce8e2b5 2764 void *data, u16 len)
2763eda6 2765{
650f726d 2766 struct mgmt_cp_remove_remote_oob_data *cp = data;
bf1e3541 2767 u8 status;
2763eda6
SJ		 2768 int err;
2769
bdb6d971 2770 BT_DBG("%s", hdev->name);
2763eda6 2771
09fd0de5 2772 hci_dev_lock(hdev);
2763eda6 2773
664ce4cc 2774 err = hci_remove_remote_oob_data(hdev, &cp->addr.bdaddr);
2763eda6 2775 if (err < 0)
bf1e3541 2776 status = MGMT_STATUS_INVALID_PARAMS;
2763eda6 2777 else
a6785be2 2778 status = MGMT_STATUS_SUCCESS;
bf1e3541 2779
bdb6d971 2780 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
04124681 2781 status, &cp->addr, sizeof(cp->addr));
2763eda6 2782
09fd0de5 2783 hci_dev_unlock(hdev);
2763eda6
SJ		 2784 return err;
2785}
2786
41dc2bd6
AG		 2787static int mgmt_start_discovery_failed(struct hci_dev *hdev, u8 status)
2788{
2789 struct pending_cmd *cmd;
2790 u8 type;
2791 int err;
2792
2793 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
2794
2795 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
2796 if (!cmd)
2797 return -ENOENT;
2798
2799 type = hdev->discovery.type;
2800
2801 err = cmd_complete(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status),
2802 &type, sizeof(type));
2803 mgmt_pending_remove(cmd);
2804
2805 return err;
2806}
2807
7c307720
AG		 2808static void start_discovery_complete(struct hci_dev *hdev, u8 status)
2809{
2810 BT_DBG("status %d", status);
2811
2812 if (status) {
2813 hci_dev_lock(hdev);
2814 mgmt_start_discovery_failed(hdev, status);
2815 hci_dev_unlock(hdev);
2816 return;
2817 }
2818
2819 hci_dev_lock(hdev);
2820 hci_discovery_set_state(hdev, DISCOVERY_FINDING);
2821 hci_dev_unlock(hdev);
2822
2823 switch (hdev->discovery.type) {
2824 case DISCOV_TYPE_LE:
2825 queue_delayed_work(hdev->workqueue, &hdev->le_scan_disable,
0d8cc935 2826 DISCOV_LE_TIMEOUT);
7c307720
AG		 2827 break;
2828
2829 case DISCOV_TYPE_INTERLEAVED:
2830 queue_delayed_work(hdev->workqueue, &hdev->le_scan_disable,
0d8cc935 2831 DISCOV_INTERLEAVED_TIMEOUT);
7c307720
AG		 2832 break;
2833
2834 case DISCOV_TYPE_BREDR:
2835 break;
2836
2837 default:
2838 BT_ERR("Invalid discovery type %d", hdev->discovery.type);
2839 }
2840}
2841
bdb6d971 2842static int start_discovery(struct sock *sk, struct hci_dev *hdev,
04124681 2843 void *data, u16 len)
14a53664 2844{
650f726d 2845 struct mgmt_cp_start_discovery *cp = data;
14a53664 2846 struct pending_cmd *cmd;
7c307720
AG		 2847 struct hci_cp_le_set_scan_param param_cp;
2848 struct hci_cp_le_set_scan_enable enable_cp;
2849 struct hci_cp_inquiry inq_cp;
2850 struct hci_request req;
2851 /* General inquiry access code (GIAC) */
2852 u8 lap[3] = { 0x33, 0x8b, 0x9e };
e6fe7986 2853 u8 status;
14a53664
JH		 2854 int err;
2855
bdb6d971 2856 BT_DBG("%s", hdev->name);
14a53664 2857
09fd0de5 2858 hci_dev_lock(hdev);
14a53664 2859
4b34ee78 2860 if (!hdev_is_powered(hdev)) {
bdb6d971 2861 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
04124681 2862 MGMT_STATUS_NOT_POWERED);
bd2d1334
JH		 2863 goto failed;
2864 }
2865
642be6c7
AG		 2866 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags)) {
2867 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2868 MGMT_STATUS_BUSY);
2869 goto failed;
2870 }
2871
ff9ef578 2872 if (hdev->discovery.state != DISCOVERY_STOPPED) {
bdb6d971 2873 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
04124681 2874 MGMT_STATUS_BUSY);
ff9ef578
JH		 2875 goto failed;
2876 }
2877
2e58ef3e 2878 cmd = mgmt_pending_add(sk, MGMT_OP_START_DISCOVERY, hdev, NULL, 0);
14a53664
JH		 2879 if (!cmd) {
2880 err = -ENOMEM;
2881 goto failed;
2882 }
2883
4aab14e5
AG		 2884 hdev->discovery.type = cp->type;
2885
7c307720
AG		 2886 hci_req_init(&req, hdev);
2887
4aab14e5 2888 switch (hdev->discovery.type) {
f39799f5 2889 case DISCOV_TYPE_BREDR:
e6fe7986
JH		 2890 status = mgmt_bredr_support(hdev);
2891 if (status) {
04106755 2892 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
e6fe7986 2893 status);
04106755
JH		 2894 mgmt_pending_remove(cmd);
2895 goto failed;
2896 }
2897
7c307720
AG		 2898 if (test_bit(HCI_INQUIRY, &hdev->flags)) {
2899 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2900 MGMT_STATUS_BUSY);
2901 mgmt_pending_remove(cmd);
2902 goto failed;
2903 }
2904
2905 hci_inquiry_cache_flush(hdev);
2906
2907 memset(&inq_cp, 0, sizeof(inq_cp));
2908 memcpy(&inq_cp.lap, lap, sizeof(inq_cp.lap));
0d8cc935 2909 inq_cp.length = DISCOV_BREDR_INQUIRY_LEN;
7c307720 2910 hci_req_add(&req, HCI_OP_INQUIRY, sizeof(inq_cp), &inq_cp);
f39799f5
AG		 2911 break;
2912
2913 case DISCOV_TYPE_LE:
7c307720 2914 case DISCOV_TYPE_INTERLEAVED:
e6fe7986
JH		 2915 status = mgmt_le_support(hdev);
2916 if (status) {
04106755 2917 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
e6fe7986 2918 status);
04106755
JH		 2919 mgmt_pending_remove(cmd);
2920 goto failed;
2921 }
2922
7c307720 2923 if (hdev->discovery.type == DISCOV_TYPE_INTERLEAVED &&
56f87901 2924 !test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
04106755
JH		 2925 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2926 MGMT_STATUS_NOT_SUPPORTED);
2927 mgmt_pending_remove(cmd);
2928 goto failed;
2929 }
2930
f3d3444a 2931 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags)) {
7c307720
AG		 2932 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2933 MGMT_STATUS_REJECTED);
2934 mgmt_pending_remove(cmd);
2935 goto failed;
2936 }
2937
2938 if (test_bit(HCI_LE_SCAN, &hdev->dev_flags)) {
2939 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2940 MGMT_STATUS_BUSY);
2941 mgmt_pending_remove(cmd);
2942 goto failed;
2943 }
2944
2945 memset(&param_cp, 0, sizeof(param_cp));
2946 param_cp.type = LE_SCAN_ACTIVE;
0d8cc935
AG		 2947 param_cp.interval = cpu_to_le16(DISCOV_LE_SCAN_INT);
2948 param_cp.window = cpu_to_le16(DISCOV_LE_SCAN_WIN);
c25dfc61
MH		 2949 if (bacmp(&hdev->bdaddr, BDADDR_ANY))
2950 param_cp.own_address_type = ADDR_LE_DEV_PUBLIC;
2951 else
2952 param_cp.own_address_type = ADDR_LE_DEV_RANDOM;
7c307720
AG		 2953 hci_req_add(&req, HCI_OP_LE_SET_SCAN_PARAM, sizeof(param_cp),
2954 &param_cp);
2955
2956 memset(&enable_cp, 0, sizeof(enable_cp));
2957 enable_cp.enable = LE_SCAN_ENABLE;
2958 enable_cp.filter_dup = LE_SCAN_FILTER_DUP_ENABLE;
2959 hci_req_add(&req, HCI_OP_LE_SET_SCAN_ENABLE, sizeof(enable_cp),
2960 &enable_cp);
5e0452c0
AG		 2961 break;
2962
f39799f5 2963 default:
04106755
JH		 2964 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2965 MGMT_STATUS_INVALID_PARAMS);
2966 mgmt_pending_remove(cmd);
2967 goto failed;
f39799f5 2968 }
3fd24153 2969
7c307720 2970 err = hci_req_run(&req, start_discovery_complete);
14a53664
JH		 2971 if (err < 0)
2972 mgmt_pending_remove(cmd);
ff9ef578
JH		 2973 else
2974 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
14a53664
JH		 2975
2976failed:
09fd0de5 2977 hci_dev_unlock(hdev);
14a53664
JH		 2978 return err;
2979}
2980
1183fdca
AG		 2981static int mgmt_stop_discovery_failed(struct hci_dev *hdev, u8 status)
2982{
2983 struct pending_cmd *cmd;
2984 int err;
2985
2986 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
2987 if (!cmd)
2988 return -ENOENT;
2989
2990 err = cmd_complete(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status),
2991 &hdev->discovery.type, sizeof(hdev->discovery.type));
2992 mgmt_pending_remove(cmd);
2993
2994 return err;
2995}
2996
0e05bba6
AG		 2997static void stop_discovery_complete(struct hci_dev *hdev, u8 status)
2998{
2999 BT_DBG("status %d", status);
3000
3001 hci_dev_lock(hdev);
3002
3003 if (status) {
3004 mgmt_stop_discovery_failed(hdev, status);
3005 goto unlock;
3006 }
3007
3008 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
3009
3010unlock:
3011 hci_dev_unlock(hdev);
3012}
3013
bdb6d971 3014static int stop_discovery(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3015 u16 len)
14a53664 3016{
d930650b 3017 struct mgmt_cp_stop_discovery *mgmt_cp = data;
14a53664 3018 struct pending_cmd *cmd;
30dc78e1
JH		 3019 struct hci_cp_remote_name_req_cancel cp;
3020 struct inquiry_entry *e;
0e05bba6
AG		 3021 struct hci_request req;
3022 struct hci_cp_le_set_scan_enable enable_cp;
14a53664
JH		 3023 int err;
3024
bdb6d971 3025 BT_DBG("%s", hdev->name);
14a53664 3026
09fd0de5 3027 hci_dev_lock(hdev);
14a53664 3028
30dc78e1 3029 if (!hci_discovery_active(hdev)) {
bdb6d971 3030 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
04124681
GP		 3031 MGMT_STATUS_REJECTED, &mgmt_cp->type,
3032 sizeof(mgmt_cp->type));
d930650b
JH		 3033 goto unlock;
3034 }
3035
3036 if (hdev->discovery.type != mgmt_cp->type) {
bdb6d971 3037 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
04124681
GP		 3038 MGMT_STATUS_INVALID_PARAMS, &mgmt_cp->type,
3039 sizeof(mgmt_cp->type));
30dc78e1 3040 goto unlock;
ff9ef578
JH		 3041 }
3042
2e58ef3e 3043 cmd = mgmt_pending_add(sk, MGMT_OP_STOP_DISCOVERY, hdev, NULL, 0);
14a53664
JH		 3044 if (!cmd) {
3045 err = -ENOMEM;
30dc78e1
JH		 3046 goto unlock;
3047 }
3048
0e05bba6
AG		 3049 hci_req_init(&req, hdev);
3050
e0d9727e
AG		 3051 switch (hdev->discovery.state) {
3052 case DISCOVERY_FINDING:
0e05bba6
AG		 3053 if (test_bit(HCI_INQUIRY, &hdev->flags)) {
3054 hci_req_add(&req, HCI_OP_INQUIRY_CANCEL, 0, NULL);
3055 } else {
3056 cancel_delayed_work(&hdev->le_scan_disable);
3057
3058 memset(&enable_cp, 0, sizeof(enable_cp));
3059 enable_cp.enable = LE_SCAN_DISABLE;
3060 hci_req_add(&req, HCI_OP_LE_SET_SCAN_ENABLE,
3061 sizeof(enable_cp), &enable_cp);
3062 }
c9ecc48e 3063
e0d9727e
AG		 3064 break;
3065
3066 case DISCOVERY_RESOLVING:
3067 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY,
8ce8e2b5 3068 NAME_PENDING);
e0d9727e 3069 if (!e) {
30dc78e1 3070 mgmt_pending_remove(cmd);
e0d9727e
AG		 3071 err = cmd_complete(sk, hdev->id,
3072 MGMT_OP_STOP_DISCOVERY, 0,
3073 &mgmt_cp->type,
3074 sizeof(mgmt_cp->type));
3075 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
3076 goto unlock;
3077 }
30dc78e1 3078
e0d9727e 3079 bacpy(&cp.bdaddr, &e->data.bdaddr);
0e05bba6
AG		 3080 hci_req_add(&req, HCI_OP_REMOTE_NAME_REQ_CANCEL, sizeof(cp),
3081 &cp);
e0d9727e
AG		 3082
3083 break;
3084
3085 default:
3086 BT_DBG("unknown discovery state %u", hdev->discovery.state);
0e05bba6
AG		 3087
3088 mgmt_pending_remove(cmd);
3089 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
3090 MGMT_STATUS_FAILED, &mgmt_cp->type,
3091 sizeof(mgmt_cp->type));
3092 goto unlock;
14a53664
JH		 3093 }
3094
0e05bba6 3095 err = hci_req_run(&req, stop_discovery_complete);
14a53664
JH		 3096 if (err < 0)
3097 mgmt_pending_remove(cmd);
ff9ef578
JH		 3098 else
3099 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
14a53664 3100
30dc78e1 3101unlock:
09fd0de5 3102 hci_dev_unlock(hdev);
14a53664
JH		 3103 return err;
3104}
3105
bdb6d971 3106static int confirm_name(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3107 u16 len)
561aafbc 3108{
650f726d 3109 struct mgmt_cp_confirm_name *cp = data;
561aafbc 3110 struct inquiry_entry *e;
561aafbc
JH		 3111 int err;
3112
bdb6d971 3113 BT_DBG("%s", hdev->name);
561aafbc 3114
561aafbc
JH		 3115 hci_dev_lock(hdev);
3116
30dc78e1 3117 if (!hci_discovery_active(hdev)) {
bdb6d971 3118 err = cmd_status(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
04124681 3119 MGMT_STATUS_FAILED);
30dc78e1
JH		 3120 goto failed;
3121 }
3122
a198e7b1 3123 e = hci_inquiry_cache_lookup_unknown(hdev, &cp->addr.bdaddr);
561aafbc 3124 if (!e) {
bdb6d971 3125 err = cmd_status(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
04124681 3126 MGMT_STATUS_INVALID_PARAMS);
561aafbc
JH		 3127 goto failed;
3128 }
3129
3130 if (cp->name_known) {
3131 e->name_state = NAME_KNOWN;
3132 list_del(&e->list);
3133 } else {
3134 e->name_state = NAME_NEEDED;
a3d4e20a 3135 hci_inquiry_cache_update_resolve(hdev, e);
561aafbc
JH		 3136 }
3137
e384662b
JH		 3138 err = cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME, 0, &cp->addr,
3139 sizeof(cp->addr));
561aafbc
JH		 3140
3141failed:
3142 hci_dev_unlock(hdev);
561aafbc
JH		 3143 return err;
3144}
3145
bdb6d971 3146static int block_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3147 u16 len)
7fbec224 3148{
650f726d 3149 struct mgmt_cp_block_device *cp = data;
f0eeea8b 3150 u8 status;
7fbec224
AJ		 3151 int err;
3152
bdb6d971 3153 BT_DBG("%s", hdev->name);
7fbec224 3154
4ee71b20 3155 if (!bdaddr_type_is_valid(cp->addr.type))
5d0846d4
JH		 3156 return cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE,
3157 MGMT_STATUS_INVALID_PARAMS,
3158 &cp->addr, sizeof(cp->addr));
4ee71b20 3159
09fd0de5 3160 hci_dev_lock(hdev);
5e762444 3161
88c1fe4b 3162 err = hci_blacklist_add(hdev, &cp->addr.bdaddr, cp->addr.type);
7fbec224 3163 if (err < 0)
f0eeea8b 3164 status = MGMT_STATUS_FAILED;
7fbec224 3165 else
a6785be2 3166 status = MGMT_STATUS_SUCCESS;
f0eeea8b 3167
bdb6d971 3168 err = cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE, status,
04124681 3169 &cp->addr, sizeof(cp->addr));
5e762444 3170
09fd0de5 3171 hci_dev_unlock(hdev);
7fbec224
AJ		 3172
3173 return err;
3174}
3175
bdb6d971 3176static int unblock_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3177 u16 len)
7fbec224 3178{
650f726d 3179 struct mgmt_cp_unblock_device *cp = data;
f0eeea8b 3180 u8 status;
7fbec224
AJ		 3181 int err;
3182
bdb6d971 3183 BT_DBG("%s", hdev->name);
7fbec224 3184
4ee71b20 3185 if (!bdaddr_type_is_valid(cp->addr.type))
5d0846d4
JH		 3186 return cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE,
3187 MGMT_STATUS_INVALID_PARAMS,
3188 &cp->addr, sizeof(cp->addr));
4ee71b20 3189
09fd0de5 3190 hci_dev_lock(hdev);
5e762444 3191
88c1fe4b 3192 err = hci_blacklist_del(hdev, &cp->addr.bdaddr, cp->addr.type);
7fbec224 3193 if (err < 0)
f0eeea8b 3194 status = MGMT_STATUS_INVALID_PARAMS;
7fbec224 3195 else
a6785be2 3196 status = MGMT_STATUS_SUCCESS;
f0eeea8b 3197
bdb6d971 3198 err = cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE, status,
04124681 3199 &cp->addr, sizeof(cp->addr));
5e762444 3200
09fd0de5 3201 hci_dev_unlock(hdev);
7fbec224
AJ		 3202
3203 return err;
3204}
3205
cdbaccca
MH		 3206static int set_device_id(struct sock *sk, struct hci_dev *hdev, void *data,
3207 u16 len)
3208{
3209 struct mgmt_cp_set_device_id *cp = data;
890ea898 3210 struct hci_request req;
cdbaccca 3211 int err;
c72d4b8a 3212 __u16 source;
cdbaccca
MH		 3213
3214 BT_DBG("%s", hdev->name);
3215
c72d4b8a
SJ		 3216 source = __le16_to_cpu(cp->source);
3217
3218 if (source > 0x0002)
3219 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEVICE_ID,
3220 MGMT_STATUS_INVALID_PARAMS);
3221
cdbaccca
MH		 3222 hci_dev_lock(hdev);
3223
c72d4b8a 3224 hdev->devid_source = source;
cdbaccca
MH		 3225 hdev->devid_vendor = __le16_to_cpu(cp->vendor);
3226 hdev->devid_product = __le16_to_cpu(cp->product);
3227 hdev->devid_version = __le16_to_cpu(cp->version);
3228
3229 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEVICE_ID, 0, NULL, 0);
3230
890ea898
JH		 3231 hci_req_init(&req, hdev);
3232 update_eir(&req);
3233 hci_req_run(&req, NULL);
cdbaccca
MH		 3234
3235 hci_dev_unlock(hdev);
3236
3237 return err;
3238}
3239
4375f103
JH		 3240static void set_advertising_complete(struct hci_dev *hdev, u8 status)
3241{
3242 struct cmd_lookup match = { NULL, hdev };
3243
3244 if (status) {
3245 u8 mgmt_err = mgmt_status(status);
3246
3247 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev,
3248 cmd_status_rsp, &mgmt_err);
3249 return;
3250 }
3251
3252 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev, settings_rsp,
3253 &match);
3254
3255 new_settings(hdev, match.sk);
3256
3257 if (match.sk)
3258 sock_put(match.sk);
3259}
3260
21b5187f
MH		 3261static int set_advertising(struct sock *sk, struct hci_dev *hdev, void *data,
3262 u16 len)
4375f103
JH		 3263{
3264 struct mgmt_mode *cp = data;
3265 struct pending_cmd *cmd;
3266 struct hci_request req;
e6fe7986 3267 u8 val, enabled, status;
4375f103
JH		 3268 int err;
3269
3270 BT_DBG("request for %s", hdev->name);
3271
e6fe7986
JH		 3272 status = mgmt_le_support(hdev);
3273 if (status)
4375f103 3274 return cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
e6fe7986 3275 status);
4375f103
JH		 3276
3277 if (cp->val != 0x00 && cp->val != 0x01)
3278 return cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
3279 MGMT_STATUS_INVALID_PARAMS);
3280
3281 hci_dev_lock(hdev);
3282
3283 val = !!cp->val;
f3d3444a 3284 enabled = test_bit(HCI_ADVERTISING, &hdev->dev_flags);
4375f103 3285
f74ca9b8
JH		 3286 /* The following conditions are ones which mean that we should
3287 * not do any HCI communication but directly send a mgmt
3288 * response to user space (after toggling the flag if
3289 * necessary).
3290 */
3291 if (!hdev_is_powered(hdev) || val == enabled ||
b145edcd 3292 hci_conn_num(hdev, LE_LINK) > 0) {
4375f103
JH		 3293 bool changed = false;
3294
f3d3444a
JH		 3295 if (val != test_bit(HCI_ADVERTISING, &hdev->dev_flags)) {
3296 change_bit(HCI_ADVERTISING, &hdev->dev_flags);
4375f103
JH		 3297 changed = true;
3298 }
3299
3300 err = send_settings_rsp(sk, MGMT_OP_SET_ADVERTISING, hdev);
3301 if (err < 0)
3302 goto unlock;
3303
3304 if (changed)
3305 err = new_settings(hdev, sk);
3306
3307 goto unlock;
3308 }
3309
3310 if (mgmt_pending_find(MGMT_OP_SET_ADVERTISING, hdev) ||
3311 mgmt_pending_find(MGMT_OP_SET_LE, hdev)) {
3312 err = cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
3313 MGMT_STATUS_BUSY);
3314 goto unlock;
3315 }
3316
3317 cmd = mgmt_pending_add(sk, MGMT_OP_SET_ADVERTISING, hdev, data, len);
3318 if (!cmd) {
3319 err = -ENOMEM;
3320 goto unlock;
3321 }
3322
3323 hci_req_init(&req, hdev);
3324
bba3aa55
MH		 3325 if (val)
3326 enable_advertising(&req);
3327 else
3328 disable_advertising(&req);
4375f103
JH		 3329
3330 err = hci_req_run(&req, set_advertising_complete);
3331 if (err < 0)
3332 mgmt_pending_remove(cmd);
3333
3334unlock:
3335 hci_dev_unlock(hdev);
3336 return err;
3337}
3338
d13eafce
MH		 3339static int set_static_address(struct sock *sk, struct hci_dev *hdev,
3340 void *data, u16 len)
3341{
3342 struct mgmt_cp_set_static_address *cp = data;
3343 int err;
3344
3345 BT_DBG("%s", hdev->name);
3346
62af4443 3347 if (!lmp_le_capable(hdev))
d13eafce 3348 return cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
62af4443 3349 MGMT_STATUS_NOT_SUPPORTED);
d13eafce
MH		 3350
3351 if (hdev_is_powered(hdev))
3352 return cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
3353 MGMT_STATUS_REJECTED);
3354
3355 if (bacmp(&cp->bdaddr, BDADDR_ANY)) {
3356 if (!bacmp(&cp->bdaddr, BDADDR_NONE))
3357 return cmd_status(sk, hdev->id,
3358 MGMT_OP_SET_STATIC_ADDRESS,
3359 MGMT_STATUS_INVALID_PARAMS);
3360
3361 /* Two most significant bits shall be set */
3362 if ((cp->bdaddr.b[5] & 0xc0) != 0xc0)
3363 return cmd_status(sk, hdev->id,
3364 MGMT_OP_SET_STATIC_ADDRESS,
3365 MGMT_STATUS_INVALID_PARAMS);
3366 }
3367
3368 hci_dev_lock(hdev);
3369
3370 bacpy(&hdev->static_addr, &cp->bdaddr);
3371
3372 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS, 0, NULL, 0);
3373
3374 hci_dev_unlock(hdev);
3375
3376 return err;
3377}
3378
14b49b9a
MH		 3379static int set_scan_params(struct sock *sk, struct hci_dev *hdev,
3380 void *data, u16 len)
3381{
3382 struct mgmt_cp_set_scan_params *cp = data;
3383 __u16 interval, window;
3384 int err;
3385
3386 BT_DBG("%s", hdev->name);
3387
3388 if (!lmp_le_capable(hdev))
3389 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
3390 MGMT_STATUS_NOT_SUPPORTED);
3391
3392 interval = __le16_to_cpu(cp->interval);
3393
3394 if (interval < 0x0004 || interval > 0x4000)
3395 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
3396 MGMT_STATUS_INVALID_PARAMS);
3397
3398 window = __le16_to_cpu(cp->window);
3399
3400 if (window < 0x0004 || window > 0x4000)
3401 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
3402 MGMT_STATUS_INVALID_PARAMS);
3403
3404 hci_dev_lock(hdev);
3405
3406 hdev->le_scan_interval = interval;
3407 hdev->le_scan_window = window;
3408
3409 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS, 0, NULL, 0);
3410
3411 hci_dev_unlock(hdev);
3412
3413 return err;
3414}
3415
33e38b3e
JH		 3416static void fast_connectable_complete(struct hci_dev *hdev, u8 status)
3417{
3418 struct pending_cmd *cmd;
3419
3420 BT_DBG("status 0x%02x", status);
3421
3422 hci_dev_lock(hdev);
3423
3424 cmd = mgmt_pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev);
3425 if (!cmd)
3426 goto unlock;
3427
3428 if (status) {
3429 cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
3430 mgmt_status(status));
3431 } else {
1a4d3c4b
JH		 3432 struct mgmt_mode *cp = cmd->param;
3433
3434 if (cp->val)
3435 set_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
3436 else
3437 clear_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
3438
33e38b3e
JH		 3439 send_settings_rsp(cmd->sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev);
3440 new_settings(hdev, cmd->sk);
3441 }
3442
3443 mgmt_pending_remove(cmd);
3444
3445unlock:
3446 hci_dev_unlock(hdev);
3447}
3448
bdb6d971 3449static int set_fast_connectable(struct sock *sk, struct hci_dev *hdev,
04124681 3450 void *data, u16 len)
f6422ec6 3451{
650f726d 3452 struct mgmt_mode *cp = data;
33e38b3e
JH		 3453 struct pending_cmd *cmd;
3454 struct hci_request req;
f6422ec6
AJ		 3455 int err;
3456
bdb6d971 3457 BT_DBG("%s", hdev->name);
f6422ec6 3458
56f87901
JH		 3459 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags) ||
3460 hdev->hci_ver < BLUETOOTH_VER_1_2)
33c525c0
JH		 3461 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
3462 MGMT_STATUS_NOT_SUPPORTED);
3463
a7e80f25
JH		 3464 if (cp->val != 0x00 && cp->val != 0x01)
3465 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
3466 MGMT_STATUS_INVALID_PARAMS);
3467
5400c044 3468 if (!hdev_is_powered(hdev))
bdb6d971 3469 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
04124681 3470 MGMT_STATUS_NOT_POWERED);
5400c044
JH		 3471
3472 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
bdb6d971 3473 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
04124681 3474 MGMT_STATUS_REJECTED);
f6422ec6
AJ		 3475
3476 hci_dev_lock(hdev);
3477
05cbf29f
JH		 3478 if (mgmt_pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev)) {
3479 err = cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
3480 MGMT_STATUS_BUSY);
3481 goto unlock;
3482 }
3483
1a4d3c4b
JH		 3484 if (!!cp->val == test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags)) {
3485 err = send_settings_rsp(sk, MGMT_OP_SET_FAST_CONNECTABLE,
3486 hdev);
3487 goto unlock;
3488 }
3489
33e38b3e
JH		 3490 cmd = mgmt_pending_add(sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev,
3491 data, len);
3492 if (!cmd) {
3493 err = -ENOMEM;
3494 goto unlock;
f6422ec6
AJ		 3495 }
3496
33e38b3e
JH		 3497 hci_req_init(&req, hdev);
3498
406d7804 3499 write_fast_connectable(&req, cp->val);
33e38b3e
JH		 3500
3501 err = hci_req_run(&req, fast_connectable_complete);
f6422ec6 3502 if (err < 0) {
bdb6d971 3503 err = cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
04124681 3504 MGMT_STATUS_FAILED);
33e38b3e 3505 mgmt_pending_remove(cmd);
f6422ec6
AJ		 3506 }
3507
33e38b3e 3508unlock:
f6422ec6 3509 hci_dev_unlock(hdev);
33e38b3e 3510
f6422ec6
AJ		 3511 return err;
3512}
3513
0663ca2a
JH		 3514static void set_bredr_complete(struct hci_dev *hdev, u8 status)
3515{
3516 struct pending_cmd *cmd;
3517
3518 BT_DBG("status 0x%02x", status);
3519
3520 hci_dev_lock(hdev);
3521
3522 cmd = mgmt_pending_find(MGMT_OP_SET_BREDR, hdev);
3523 if (!cmd)
3524 goto unlock;
3525
3526 if (status) {
3527 u8 mgmt_err = mgmt_status(status);
3528
3529 /* We need to restore the flag if related HCI commands
3530 * failed.
3531 */
3532 clear_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
3533
3534 cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
3535 } else {
3536 send_settings_rsp(cmd->sk, MGMT_OP_SET_BREDR, hdev);
3537 new_settings(hdev, cmd->sk);
3538 }
3539
3540 mgmt_pending_remove(cmd);
3541
3542unlock:
3543 hci_dev_unlock(hdev);
3544}
3545
3546static int set_bredr(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
3547{
3548 struct mgmt_mode *cp = data;
3549 struct pending_cmd *cmd;
3550 struct hci_request req;
3551 int err;
3552
3553 BT_DBG("request for %s", hdev->name);
3554
3555 if (!lmp_bredr_capable(hdev) || !lmp_le_capable(hdev))
3556 return cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
3557 MGMT_STATUS_NOT_SUPPORTED);
3558
3559 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
3560 return cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
3561 MGMT_STATUS_REJECTED);
3562
3563 if (cp->val != 0x00 && cp->val != 0x01)
3564 return cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
3565 MGMT_STATUS_INVALID_PARAMS);
3566
3567 hci_dev_lock(hdev);
3568
3569 if (cp->val == test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
3570 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
3571 goto unlock;
3572 }
3573
3574 if (!hdev_is_powered(hdev)) {
3575 if (!cp->val) {
3576 clear_bit(HCI_CONNECTABLE, &hdev->dev_flags);
3577 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
3578 clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
3579 clear_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
3580 clear_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
3581 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
3582 }
3583
3584 change_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
3585
3586 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
3587 if (err < 0)
3588 goto unlock;
3589
3590 err = new_settings(hdev, sk);
3591 goto unlock;
3592 }
3593
3594 /* Reject disabling when powered on */
3595 if (!cp->val) {
3596 err = cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
3597 MGMT_STATUS_REJECTED);
3598 goto unlock;
3599 }
3600
3601 if (mgmt_pending_find(MGMT_OP_SET_BREDR, hdev)) {
3602 err = cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
3603 MGMT_STATUS_BUSY);
3604 goto unlock;
3605 }
3606
3607 cmd = mgmt_pending_add(sk, MGMT_OP_SET_BREDR, hdev, data, len);
3608 if (!cmd) {
3609 err = -ENOMEM;
3610 goto unlock;
3611 }
3612
3613 /* We need to flip the bit already here so that hci_update_ad
3614 * generates the correct flags.
3615 */
3616 set_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
3617
3618 hci_req_init(&req, hdev);
3619 hci_update_ad(&req);
3620 err = hci_req_run(&req, set_bredr_complete);
3621 if (err < 0)
3622 mgmt_pending_remove(cmd);
3623
3624unlock:
3625 hci_dev_unlock(hdev);
3626 return err;
3627}
3628
3f706b72
JH		 3629static bool ltk_is_valid(struct mgmt_ltk_info *key)
3630{
44b20d33
JH		 3631 if (key->authenticated != 0x00 && key->authenticated != 0x01)
3632 return false;
3f706b72
JH		 3633 if (key->master != 0x00 && key->master != 0x01)
3634 return false;
4ee71b20
JH		 3635 if (!bdaddr_type_is_le(key->addr.type))
3636 return false;
3f706b72
JH		 3637 return true;
3638}
3639
bdb6d971 3640static int load_long_term_keys(struct sock *sk, struct hci_dev *hdev,
04124681 3641 void *cp_data, u16 len)
346af67b 3642{
346af67b
VCG		 3643 struct mgmt_cp_load_long_term_keys *cp = cp_data;
3644 u16 key_count, expected_len;
715a5bf2 3645 int i, err;
346af67b 3646
cf99ba13
MH		 3647 BT_DBG("request for %s", hdev->name);
3648
3649 if (!lmp_le_capable(hdev))
3650 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
3651 MGMT_STATUS_NOT_SUPPORTED);
3652
1f350c87 3653 key_count = __le16_to_cpu(cp->key_count);
346af67b
VCG		 3654
3655 expected_len = sizeof(*cp) + key_count *
3656 sizeof(struct mgmt_ltk_info);
3657 if (expected_len != len) {
3658 BT_ERR("load_keys: expected %u bytes, got %u bytes",
8ce8e2b5 3659 len, expected_len);
bdb6d971 3660 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
e57e619f 3661 MGMT_STATUS_INVALID_PARAMS);
346af67b
VCG		 3662 }
3663
bdb6d971 3664 BT_DBG("%s key_count %u", hdev->name, key_count);
346af67b 3665
54ad6d8a
JH		 3666 for (i = 0; i < key_count; i++) {
3667 struct mgmt_ltk_info *key = &cp->keys[i];
3668
3f706b72 3669 if (!ltk_is_valid(key))
54ad6d8a
JH		 3670 return cmd_status(sk, hdev->id,
3671 MGMT_OP_LOAD_LONG_TERM_KEYS,
3672 MGMT_STATUS_INVALID_PARAMS);
3673 }
3674
346af67b
VCG		 3675 hci_dev_lock(hdev);
3676
3677 hci_smp_ltks_clear(hdev);
3678
3679 for (i = 0; i < key_count; i++) {
3680 struct mgmt_ltk_info *key = &cp->keys[i];
3681 u8 type;
3682
3683 if (key->master)
3684 type = HCI_SMP_LTK;
3685 else
3686 type = HCI_SMP_LTK_SLAVE;
3687
4596fde5 3688 hci_add_ltk(hdev, &key->addr.bdaddr,
378b5b7e 3689 bdaddr_to_le(key->addr.type),
04124681
GP		 3690 type, 0, key->authenticated, key->val,
3691 key->enc_size, key->ediv, key->rand);
346af67b
VCG		 3692 }
3693
715a5bf2
JH		 3694 err = cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS, 0,
3695 NULL, 0);
3696
346af67b 3697 hci_dev_unlock(hdev);
346af67b 3698
715a5bf2 3699 return err;
346af67b
VCG		 3700}
3701
2e3c35ea 3702static const struct mgmt_handler {
04124681
GP		 3703 int (*func) (struct sock *sk, struct hci_dev *hdev, void *data,
3704 u16 data_len);
be22b54e
JH		 3705 bool var_len;
3706 size_t data_len;
0f4e68cf
JH		 3707} mgmt_handlers[] = {
3708 { NULL }, /* 0x0000 (no command) */
be22b54e
JH		 3709 { read_version, false, MGMT_READ_VERSION_SIZE },
3710 { read_commands, false, MGMT_READ_COMMANDS_SIZE },
3711 { read_index_list, false, MGMT_READ_INDEX_LIST_SIZE },
3712 { read_controller_info, false, MGMT_READ_INFO_SIZE },
3713 { set_powered, false, MGMT_SETTING_SIZE },
3714 { set_discoverable, false, MGMT_SET_DISCOVERABLE_SIZE },
3715 { set_connectable, false, MGMT_SETTING_SIZE },
3716 { set_fast_connectable, false, MGMT_SETTING_SIZE },
3717 { set_pairable, false, MGMT_SETTING_SIZE },
3718 { set_link_security, false, MGMT_SETTING_SIZE },
3719 { set_ssp, false, MGMT_SETTING_SIZE },
3720 { set_hs, false, MGMT_SETTING_SIZE },
3721 { set_le, false, MGMT_SETTING_SIZE },
3722 { set_dev_class, false, MGMT_SET_DEV_CLASS_SIZE },
3723 { set_local_name, false, MGMT_SET_LOCAL_NAME_SIZE },
3724 { add_uuid, false, MGMT_ADD_UUID_SIZE },
3725 { remove_uuid, false, MGMT_REMOVE_UUID_SIZE },
3726 { load_link_keys, true, MGMT_LOAD_LINK_KEYS_SIZE },
3727 { load_long_term_keys, true, MGMT_LOAD_LONG_TERM_KEYS_SIZE },
3728 { disconnect, false, MGMT_DISCONNECT_SIZE },
3729 { get_connections, false, MGMT_GET_CONNECTIONS_SIZE },
3730 { pin_code_reply, false, MGMT_PIN_CODE_REPLY_SIZE },
3731 { pin_code_neg_reply, false, MGMT_PIN_CODE_NEG_REPLY_SIZE },
3732 { set_io_capability, false, MGMT_SET_IO_CAPABILITY_SIZE },
3733 { pair_device, false, MGMT_PAIR_DEVICE_SIZE },
3734 { cancel_pair_device, false, MGMT_CANCEL_PAIR_DEVICE_SIZE },
3735 { unpair_device, false, MGMT_UNPAIR_DEVICE_SIZE },
3736 { user_confirm_reply, false, MGMT_USER_CONFIRM_REPLY_SIZE },
3737 { user_confirm_neg_reply, false, MGMT_USER_CONFIRM_NEG_REPLY_SIZE },
3738 { user_passkey_reply, false, MGMT_USER_PASSKEY_REPLY_SIZE },
3739 { user_passkey_neg_reply, false, MGMT_USER_PASSKEY_NEG_REPLY_SIZE },
3740 { read_local_oob_data, false, MGMT_READ_LOCAL_OOB_DATA_SIZE },
3741 { add_remote_oob_data, false, MGMT_ADD_REMOTE_OOB_DATA_SIZE },
3742 { remove_remote_oob_data, false, MGMT_REMOVE_REMOTE_OOB_DATA_SIZE },
3743 { start_discovery, false, MGMT_START_DISCOVERY_SIZE },
3744 { stop_discovery, false, MGMT_STOP_DISCOVERY_SIZE },
3745 { confirm_name, false, MGMT_CONFIRM_NAME_SIZE },
3746 { block_device, false, MGMT_BLOCK_DEVICE_SIZE },
3747 { unblock_device, false, MGMT_UNBLOCK_DEVICE_SIZE },
cdbaccca 3748 { set_device_id, false, MGMT_SET_DEVICE_ID_SIZE },
4375f103 3749 { set_advertising, false, MGMT_SETTING_SIZE },
0663ca2a 3750 { set_bredr, false, MGMT_SETTING_SIZE },
d13eafce 3751 { set_static_address, false, MGMT_SET_STATIC_ADDRESS_SIZE },
14b49b9a 3752 { set_scan_params, false, MGMT_SET_SCAN_PARAMS_SIZE },
0f4e68cf
JH		 3753};
3754
3755
0381101f
JH		 3756int mgmt_control(struct sock *sk, struct msghdr *msg, size_t msglen)
3757{
650f726d
VCG		 3758 void *buf;
3759 u8 *cp;
0381101f 3760 struct mgmt_hdr *hdr;
4e51eae9 3761 u16 opcode, index, len;
bdb6d971 3762 struct hci_dev *hdev = NULL;
2e3c35ea 3763 const struct mgmt_handler *handler;
0381101f
JH		 3764 int err;
3765
3766 BT_DBG("got %zu bytes", msglen);
3767
3768 if (msglen < sizeof(*hdr))
3769 return -EINVAL;
3770
e63a15ec 3771 buf = kmalloc(msglen, GFP_KERNEL);
0381101f
JH		 3772 if (!buf)
3773 return -ENOMEM;
3774
3775 if (memcpy_fromiovec(buf, msg->msg_iov, msglen)) {
3776 err = -EFAULT;
3777 goto done;
3778 }
3779
650f726d 3780 hdr = buf;
1f350c87
MH		 3781 opcode = __le16_to_cpu(hdr->opcode);
3782 index = __le16_to_cpu(hdr->index);
3783 len = __le16_to_cpu(hdr->len);
0381101f
JH		 3784
3785 if (len != msglen - sizeof(*hdr)) {
3786 err = -EINVAL;
3787 goto done;
3788 }
3789
0f4e68cf 3790 if (index != MGMT_INDEX_NONE) {
bdb6d971
JH		 3791 hdev = hci_dev_get(index);
3792 if (!hdev) {
3793 err = cmd_status(sk, index, opcode,
04124681 3794 MGMT_STATUS_INVALID_INDEX);
bdb6d971
JH		 3795 goto done;
3796 }
0736cfa8 3797
cebf4cfd
JH		 3798 if (test_bit(HCI_SETUP, &hdev->dev_flags) ||
3799 test_bit(HCI_USER_CHANNEL, &hdev->dev_flags)) {
0736cfa8
MH		 3800 err = cmd_status(sk, index, opcode,
3801 MGMT_STATUS_INVALID_INDEX);
3802 goto done;
3803 }
bdb6d971
JH		 3804 }
3805
0f4e68cf 3806 if (opcode >= ARRAY_SIZE(mgmt_handlers) ||
8ce8e2b5 3807 mgmt_handlers[opcode].func == NULL) {
0381101f 3808 BT_DBG("Unknown op %u", opcode);
ca69b795 3809 err = cmd_status(sk, index, opcode,
04124681 3810 MGMT_STATUS_UNKNOWN_COMMAND);
0f4e68cf
JH		 3811 goto done;
3812 }
3813
3814 if ((hdev && opcode < MGMT_OP_READ_INFO) ||
8ce8e2b5 3815 (!hdev && opcode >= MGMT_OP_READ_INFO)) {
0f4e68cf 3816 err = cmd_status(sk, index, opcode,
04124681 3817 MGMT_STATUS_INVALID_INDEX);
0f4e68cf 3818 goto done;
0381101f
JH		 3819 }
3820
be22b54e
JH		 3821 handler = &mgmt_handlers[opcode];
3822
3823 if ((handler->var_len && len < handler->data_len) ||
8ce8e2b5 3824 (!handler->var_len && len != handler->data_len)) {
be22b54e 3825 err = cmd_status(sk, index, opcode,
04124681 3826 MGMT_STATUS_INVALID_PARAMS);
be22b54e
JH		 3827 goto done;
3828 }
3829
0f4e68cf
JH		 3830 if (hdev)
3831 mgmt_init_hdev(sk, hdev);
3832
3833 cp = buf + sizeof(*hdr);
3834
be22b54e 3835 err = handler->func(sk, hdev, cp, len);
e41d8b4e
JH		 3836 if (err < 0)
3837 goto done;
3838
0381101f
JH		 3839 err = msglen;
3840
3841done:
bdb6d971
JH		 3842 if (hdev)
3843 hci_dev_put(hdev);
3844
0381101f
JH		 3845 kfree(buf);
3846 return err;
3847}
c71e97bf 3848
bf6b56db 3849void mgmt_index_added(struct hci_dev *hdev)
c71e97bf 3850{
1514b892 3851 if (hdev->dev_type != HCI_BREDR)
bf6b56db 3852 return;
bb4b2a9a 3853
bf6b56db 3854 mgmt_event(MGMT_EV_INDEX_ADDED, hdev, NULL, 0, NULL);
c71e97bf
JH		 3855}
3856
bf6b56db 3857void mgmt_index_removed(struct hci_dev *hdev)
c71e97bf 3858{
5f159032 3859 u8 status = MGMT_STATUS_INVALID_INDEX;
b24752fe 3860
1514b892 3861 if (hdev->dev_type != HCI_BREDR)
bf6b56db 3862 return;
bb4b2a9a 3863
744cf19e 3864 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status);
b24752fe 3865
bf6b56db 3866 mgmt_event(MGMT_EV_INDEX_REMOVED, hdev, NULL, 0, NULL);
eec8d2bc
JH		 3867}
3868
890ea898 3869static void set_bredr_scan(struct hci_request *req)
7f0ae647 3870{
890ea898 3871 struct hci_dev *hdev = req->hdev;
7f0ae647
JH		 3872 u8 scan = 0;
3873
4c01f8b8
JH		 3874 /* Ensure that fast connectable is disabled. This function will
3875 * not do anything if the page scan parameters are already what
3876 * they should be.
3877 */
3878 write_fast_connectable(req, false);
3879
7f0ae647
JH		 3880 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
3881 scan |= SCAN_PAGE;
3882 if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
3883 scan |= SCAN_INQUIRY;
3884
890ea898
JH		 3885 if (scan)
3886 hci_req_add(req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
7f0ae647
JH		 3887}
3888
229ab39c
JH		 3889static void powered_complete(struct hci_dev *hdev, u8 status)
3890{
3891 struct cmd_lookup match = { NULL, hdev };
3892
3893 BT_DBG("status 0x%02x", status);
3894
3895 hci_dev_lock(hdev);
3896
3897 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
3898
3899 new_settings(hdev, match.sk);
3900
3901 hci_dev_unlock(hdev);
3902
3903 if (match.sk)
3904 sock_put(match.sk);
3905}
3906
70da6243 3907static int powered_update_hci(struct hci_dev *hdev)
5add6af8 3908{
890ea898 3909 struct hci_request req;
70da6243 3910 u8 link_sec;
5add6af8 3911
890ea898
JH		 3912 hci_req_init(&req, hdev);
3913
70da6243
JH		 3914 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags) &&
3915 !lmp_host_ssp_capable(hdev)) {
3916 u8 ssp = 1;
5e5282bb 3917
890ea898 3918 hci_req_add(&req, HCI_OP_WRITE_SSP_MODE, 1, &ssp);
70da6243 3919 }
5add6af8 3920
c73eee91
JH		 3921 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags) &&
3922 lmp_bredr_capable(hdev)) {
70da6243 3923 struct hci_cp_write_le_host_supported cp;
f0ff92fb 3924
70da6243
JH		 3925 cp.le = 1;
3926 cp.simul = lmp_le_br_capable(hdev);
3d1cbdd6 3927
70da6243
JH		 3928 /* Check first if we already have the right
3929 * host state (host features set)
3930 */
3931 if (cp.le != lmp_host_le_capable(hdev) ||
3932 cp.simul != lmp_host_le_br_capable(hdev))
890ea898
JH		 3933 hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED,
3934 sizeof(cp), &cp);
0663ca2a
JH		 3935
3936 /* In case BR/EDR was toggled during the AUTO_OFF phase */
3937 hci_update_ad(&req);
70da6243 3938 }
3d1cbdd6 3939
d13eafce
MH		 3940 if (lmp_le_capable(hdev)) {
3941 /* Set random address to static address if configured */
3942 if (bacmp(&hdev->static_addr, BDADDR_ANY))
3943 hci_req_add(&req, HCI_OP_LE_SET_RANDOM_ADDR, 6,
3944 &hdev->static_addr);
eeca6f89 3945
bba3aa55
MH		 3946 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags))
3947 enable_advertising(&req);
eeca6f89
JH		 3948 }
3949
70da6243
JH		 3950 link_sec = test_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
3951 if (link_sec != test_bit(HCI_AUTH, &hdev->flags))
890ea898
JH		 3952 hci_req_add(&req, HCI_OP_WRITE_AUTH_ENABLE,
3953 sizeof(link_sec), &link_sec);
562fcc24 3954
70da6243 3955 if (lmp_bredr_capable(hdev)) {
56f87901
JH		 3956 if (test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
3957 set_bredr_scan(&req);
890ea898 3958 update_class(&req);
13928971 3959 update_name(&req);
890ea898 3960 update_eir(&req);
70da6243 3961 }
562fcc24 3962
229ab39c 3963 return hci_req_run(&req, powered_complete);
70da6243 3964}
562fcc24 3965
70da6243
JH		 3966int mgmt_powered(struct hci_dev *hdev, u8 powered)
3967{
3968 struct cmd_lookup match = { NULL, hdev };
229ab39c
JH		 3969 u8 status_not_powered = MGMT_STATUS_NOT_POWERED;
3970 u8 zero_cod[] = { 0, 0, 0 };
70da6243 3971 int err;
f0ff92fb 3972
70da6243
JH		 3973 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
3974 return 0;
3975
70da6243 3976 if (powered) {
229ab39c
JH		 3977 if (powered_update_hci(hdev) == 0)
3978 return 0;
fe038884 3979
229ab39c
JH		 3980 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp,
3981 &match);
3982 goto new_settings;
b24752fe
JH		 3983 }
3984
229ab39c
JH		 3985 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
3986 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status_not_powered);
3987
3988 if (memcmp(hdev->dev_class, zero_cod, sizeof(zero_cod)) != 0)
3989 mgmt_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev,
3990 zero_cod, sizeof(zero_cod), NULL);
3991
3992new_settings:
beadb2bd 3993 err = new_settings(hdev, match.sk);
eec8d2bc
JH		 3994
3995 if (match.sk)
3996 sock_put(match.sk);
3997
7bb895d6 3998 return err;
5add6af8 3999}
73f22f62 4000
3eec705e 4001void mgmt_set_powered_failed(struct hci_dev *hdev, int err)
96570ffc
JH		 4002{
4003 struct pending_cmd *cmd;
4004 u8 status;
4005
4006 cmd = mgmt_pending_find(MGMT_OP_SET_POWERED, hdev);
4007 if (!cmd)
3eec705e 4008 return;
96570ffc
JH		 4009
4010 if (err == -ERFKILL)
4011 status = MGMT_STATUS_RFKILLED;
4012 else
4013 status = MGMT_STATUS_FAILED;
4014
3eec705e 4015 cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_POWERED, status);
96570ffc
JH		 4016
4017 mgmt_pending_remove(cmd);
96570ffc
JH		 4018}
4019
744cf19e 4020int mgmt_discoverable(struct hci_dev *hdev, u8 discoverable)
73f22f62 4021{
76a7f3a4 4022 struct cmd_lookup match = { NULL, hdev };
5e5282bb
JH		 4023 bool changed = false;
4024 int err = 0;
73f22f62 4025
5e5282bb
JH		 4026 if (discoverable) {
4027 if (!test_and_set_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
4028 changed = true;
4029 } else {
4030 if (test_and_clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
4031 changed = true;
4032 }
73f22f62 4033
ed9b5f2f 4034 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, hdev, settings_rsp,
04124681 4035 &match);
ed9b5f2f 4036
beadb2bd
JH		 4037 if (changed)
4038 err = new_settings(hdev, match.sk);
5e5282bb 4039
73f22f62
JH		 4040 if (match.sk)
4041 sock_put(match.sk);
4042
7bb895d6 4043 return err;
73f22f62 4044}
9fbcbb45 4045
744cf19e 4046int mgmt_connectable(struct hci_dev *hdev, u8 connectable)
9fbcbb45 4047{
2b76f453 4048 struct pending_cmd *cmd;
5e5282bb
JH		 4049 bool changed = false;
4050 int err = 0;
9fbcbb45 4051
5e5282bb
JH		 4052 if (connectable) {
4053 if (!test_and_set_bit(HCI_CONNECTABLE, &hdev->dev_flags))
4054 changed = true;
4055 } else {
4056 if (test_and_clear_bit(HCI_CONNECTABLE, &hdev->dev_flags))
4057 changed = true;
4058 }
9fbcbb45 4059
2b76f453 4060 cmd = mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
ed9b5f2f 4061
beadb2bd 4062 if (changed)
2b76f453 4063 err = new_settings(hdev, cmd ? cmd->sk : NULL);
9fbcbb45 4064
7bb895d6 4065 return err;
9fbcbb45 4066}
55ed8ca1 4067
744cf19e 4068int mgmt_write_scan_failed(struct hci_dev *hdev, u8 scan, u8 status)
2d7cee58 4069{
ca69b795
JH		 4070 u8 mgmt_err = mgmt_status(status);
4071
2d7cee58 4072 if (scan & SCAN_PAGE)
744cf19e 4073 mgmt_pending_foreach(MGMT_OP_SET_CONNECTABLE, hdev,
04124681 4074 cmd_status_rsp, &mgmt_err);
2d7cee58
JH		 4075
4076 if (scan & SCAN_INQUIRY)
744cf19e 4077 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, hdev,
04124681 4078 cmd_status_rsp, &mgmt_err);
2d7cee58
JH		 4079
4080 return 0;
4081}
4082
53168e5b
CC		 4083int mgmt_new_link_key(struct hci_dev *hdev, struct link_key *key,
4084 bool persistent)
55ed8ca1 4085{
86742e1e 4086 struct mgmt_ev_new_link_key ev;
55ed8ca1 4087
a492cd52 4088 memset(&ev, 0, sizeof(ev));
55ed8ca1 4089
a492cd52 4090 ev.store_hint = persistent;
d753fdc4 4091 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
591f47f3 4092 ev.key.addr.type = BDADDR_BREDR;
a492cd52 4093 ev.key.type = key->type;
9b3b4460 4094 memcpy(ev.key.val, key->val, HCI_LINK_KEY_SIZE);
a492cd52 4095 ev.key.pin_len = key->pin_len;
55ed8ca1 4096
744cf19e 4097 return mgmt_event(MGMT_EV_NEW_LINK_KEY, hdev, &ev, sizeof(ev), NULL);
55ed8ca1 4098}
f7520543 4099
346af67b
VCG		 4100int mgmt_new_ltk(struct hci_dev *hdev, struct smp_ltk *key, u8 persistent)
4101{
4102 struct mgmt_ev_new_long_term_key ev;
4103
4104 memset(&ev, 0, sizeof(ev));
4105
4106 ev.store_hint = persistent;
4107 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
57c1477c 4108 ev.key.addr.type = link_to_bdaddr(LE_LINK, key->bdaddr_type);
346af67b
VCG		 4109 ev.key.authenticated = key->authenticated;
4110 ev.key.enc_size = key->enc_size;
4111 ev.key.ediv = key->ediv;
4112
4113 if (key->type == HCI_SMP_LTK)
4114 ev.key.master = 1;
4115
4116 memcpy(ev.key.rand, key->rand, sizeof(key->rand));
4117 memcpy(ev.key.val, key->val, sizeof(key->val));
4118
04124681
GP		 4119 return mgmt_event(MGMT_EV_NEW_LONG_TERM_KEY, hdev, &ev, sizeof(ev),
4120 NULL);
346af67b
VCG		 4121}
4122
ecd90ae7
MH		 4123void mgmt_device_connected(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
4124 u8 addr_type, u32 flags, u8 *name, u8 name_len,
4125 u8 *dev_class)
f7520543 4126{
b644ba33
JH		 4127 char buf[512];
4128 struct mgmt_ev_device_connected *ev = (void *) buf;
4129 u16 eir_len = 0;
f7520543 4130
b644ba33 4131 bacpy(&ev->addr.bdaddr, bdaddr);
57c1477c 4132 ev->addr.type = link_to_bdaddr(link_type, addr_type);
f7520543 4133
c95f0ba7 4134 ev->flags = __cpu_to_le32(flags);
08c79b61 4135
b644ba33
JH		 4136 if (name_len > 0)
4137 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE,
04124681 4138 name, name_len);
b644ba33
JH		 4139
4140 if (dev_class && memcmp(dev_class, "\0\0\0", 3) != 0)
53156385 4141 eir_len = eir_append_data(ev->eir, eir_len,
04124681 4142 EIR_CLASS_OF_DEV, dev_class, 3);
b644ba33 4143
eb55ef07 4144 ev->eir_len = cpu_to_le16(eir_len);
b644ba33 4145
ecd90ae7
MH		 4146 mgmt_event(MGMT_EV_DEVICE_CONNECTED, hdev, buf,
4147 sizeof(*ev) + eir_len, NULL);
f7520543
JH		 4148}
4149
8962ee74
JH		 4150static void disconnect_rsp(struct pending_cmd *cmd, void *data)
4151{
c68fb7ff 4152 struct mgmt_cp_disconnect *cp = cmd->param;
8962ee74 4153 struct sock **sk = data;
a38528f1 4154 struct mgmt_rp_disconnect rp;
8962ee74 4155
88c3df13
JH		 4156 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
4157 rp.addr.type = cp->addr.type;
8962ee74 4158
aee9b218 4159 cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT, 0, &rp,
04124681 4160 sizeof(rp));
8962ee74
JH		 4161
4162 *sk = cmd->sk;
4163 sock_hold(*sk);
4164
a664b5bc 4165 mgmt_pending_remove(cmd);
8962ee74
JH		 4166}
4167
124f6e35 4168static void unpair_device_rsp(struct pending_cmd *cmd, void *data)
a8a1d19e 4169{
b1078ad0 4170 struct hci_dev *hdev = data;
124f6e35
JH		 4171 struct mgmt_cp_unpair_device *cp = cmd->param;
4172 struct mgmt_rp_unpair_device rp;
a8a1d19e
JH		 4173
4174 memset(&rp, 0, sizeof(rp));
124f6e35
JH		 4175 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
4176 rp.addr.type = cp->addr.type;
a8a1d19e 4177
b1078ad0
JH		 4178 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, cmd->sk);
4179
aee9b218 4180 cmd_complete(cmd->sk, cmd->index, cmd->opcode, 0, &rp, sizeof(rp));
a8a1d19e
JH		 4181
4182 mgmt_pending_remove(cmd);
4183}
4184
9b80ec5e
MH		 4185void mgmt_device_disconnected(struct hci_dev *hdev, bdaddr_t *bdaddr,
4186 u8 link_type, u8 addr_type, u8 reason)
f7520543 4187{
f0d6a0ea 4188 struct mgmt_ev_device_disconnected ev;
8962ee74 4189 struct sock *sk = NULL;
8962ee74 4190
744cf19e 4191 mgmt_pending_foreach(MGMT_OP_DISCONNECT, hdev, disconnect_rsp, &sk);
f7520543 4192
f0d6a0ea
MA		 4193 bacpy(&ev.addr.bdaddr, bdaddr);
4194 ev.addr.type = link_to_bdaddr(link_type, addr_type);
4195 ev.reason = reason;
f7520543 4196
9b80ec5e 4197 mgmt_event(MGMT_EV_DEVICE_DISCONNECTED, hdev, &ev, sizeof(ev), sk);
8962ee74
JH		 4198
4199 if (sk)
d97dcb66 4200 sock_put(sk);
8962ee74 4201
124f6e35 4202 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
04124681 4203 hdev);
8962ee74
JH		 4204}
4205
7892924c
MH		 4206void mgmt_disconnect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr,
4207 u8 link_type, u8 addr_type, u8 status)
8962ee74 4208{
88c3df13 4209 struct mgmt_rp_disconnect rp;
8962ee74 4210 struct pending_cmd *cmd;
8962ee74 4211
36a75f1b
JD		 4212 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
4213 hdev);
4214
2e58ef3e 4215 cmd = mgmt_pending_find(MGMT_OP_DISCONNECT, hdev);
8962ee74 4216 if (!cmd)
7892924c 4217 return;
8962ee74 4218
88c3df13 4219 bacpy(&rp.addr.bdaddr, bdaddr);
57c1477c 4220 rp.addr.type = link_to_bdaddr(link_type, addr_type);
37d9ef76 4221
7892924c
MH		 4222 cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT,
4223 mgmt_status(status), &rp, sizeof(rp));
8962ee74 4224
a664b5bc 4225 mgmt_pending_remove(cmd);
f7520543 4226}
17d5c04c 4227
445608d0
MH		 4228void mgmt_connect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
4229 u8 addr_type, u8 status)
17d5c04c
JH		 4230{
4231 struct mgmt_ev_connect_failed ev;
4232
4c659c39 4233 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 4234 ev.addr.type = link_to_bdaddr(link_type, addr_type);
ca69b795 4235 ev.status = mgmt_status(status);
17d5c04c 4236
445608d0 4237 mgmt_event(MGMT_EV_CONNECT_FAILED, hdev, &ev, sizeof(ev), NULL);
17d5c04c 4238}
980e1a53 4239
744cf19e 4240int mgmt_pin_code_request(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 secure)
980e1a53
JH		 4241{
4242 struct mgmt_ev_pin_code_request ev;
4243
d8457698 4244 bacpy(&ev.addr.bdaddr, bdaddr);
591f47f3 4245 ev.addr.type = BDADDR_BREDR;
a770bb5a 4246 ev.secure = secure;
980e1a53 4247
744cf19e 4248 return mgmt_event(MGMT_EV_PIN_CODE_REQUEST, hdev, &ev, sizeof(ev),
04124681 4249 NULL);
980e1a53
JH		 4250}
4251
744cf19e 4252int mgmt_pin_code_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 4253 u8 status)
980e1a53
JH		 4254{
4255 struct pending_cmd *cmd;
ac56fb13 4256 struct mgmt_rp_pin_code_reply rp;
980e1a53
JH		 4257 int err;
4258
2e58ef3e 4259 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_REPLY, hdev);
980e1a53
JH		 4260 if (!cmd)
4261 return -ENOENT;
4262
d8457698 4263 bacpy(&rp.addr.bdaddr, bdaddr);
591f47f3 4264 rp.addr.type = BDADDR_BREDR;
ac56fb13 4265
aee9b218 4266 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
04124681 4267 mgmt_status(status), &rp, sizeof(rp));
980e1a53 4268
a664b5bc 4269 mgmt_pending_remove(cmd);
980e1a53
JH		 4270
4271 return err;
4272}
4273
744cf19e 4274int mgmt_pin_code_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 4275 u8 status)
980e1a53
JH		 4276{
4277 struct pending_cmd *cmd;
ac56fb13 4278 struct mgmt_rp_pin_code_reply rp;
980e1a53
JH		 4279 int err;
4280
2e58ef3e 4281 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_NEG_REPLY, hdev);
980e1a53
JH		 4282 if (!cmd)
4283 return -ENOENT;
4284
d8457698 4285 bacpy(&rp.addr.bdaddr, bdaddr);
591f47f3 4286 rp.addr.type = BDADDR_BREDR;
ac56fb13 4287
aee9b218 4288 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_NEG_REPLY,
04124681 4289 mgmt_status(status), &rp, sizeof(rp));
980e1a53 4290
a664b5bc 4291 mgmt_pending_remove(cmd);
980e1a53
JH		 4292
4293 return err;
4294}
a5c29683 4295
744cf19e 4296int mgmt_user_confirm_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681
GP		 4297 u8 link_type, u8 addr_type, __le32 value,
4298 u8 confirm_hint)
a5c29683
JH		 4299{
4300 struct mgmt_ev_user_confirm_request ev;
4301
744cf19e 4302 BT_DBG("%s", hdev->name);
a5c29683 4303
272d90df 4304 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 4305 ev.addr.type = link_to_bdaddr(link_type, addr_type);
55bc1a37 4306 ev.confirm_hint = confirm_hint;
78e8098e 4307 ev.value = value;
a5c29683 4308
744cf19e 4309 return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST, hdev, &ev, sizeof(ev),
04124681 4310 NULL);
a5c29683
JH		 4311}
4312
272d90df 4313int mgmt_user_passkey_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
8ce8e2b5 4314 u8 link_type, u8 addr_type)
604086b7
BG		 4315{
4316 struct mgmt_ev_user_passkey_request ev;
4317
4318 BT_DBG("%s", hdev->name);
4319
272d90df 4320 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 4321 ev.addr.type = link_to_bdaddr(link_type, addr_type);
604086b7
BG		 4322
4323 return mgmt_event(MGMT_EV_USER_PASSKEY_REQUEST, hdev, &ev, sizeof(ev),
04124681 4324 NULL);
604086b7
BG		 4325}
4326
0df4c185 4327static int user_pairing_resp_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
8ce8e2b5
GP		 4328 u8 link_type, u8 addr_type, u8 status,
4329 u8 opcode)
a5c29683
JH		 4330{
4331 struct pending_cmd *cmd;
4332 struct mgmt_rp_user_confirm_reply rp;
4333 int err;
4334
2e58ef3e 4335 cmd = mgmt_pending_find(opcode, hdev);
a5c29683
JH		 4336 if (!cmd)
4337 return -ENOENT;
4338
272d90df 4339 bacpy(&rp.addr.bdaddr, bdaddr);
57c1477c 4340 rp.addr.type = link_to_bdaddr(link_type, addr_type);
aee9b218 4341 err = cmd_complete(cmd->sk, hdev->id, opcode, mgmt_status(status),
04124681 4342 &rp, sizeof(rp));
a5c29683 4343
a664b5bc 4344 mgmt_pending_remove(cmd);
a5c29683
JH		 4345
4346 return err;
4347}
4348
744cf19e 4349int mgmt_user_confirm_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 4350 u8 link_type, u8 addr_type, u8 status)
a5c29683 4351{
272d90df 4352 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
04124681 4353 status, MGMT_OP_USER_CONFIRM_REPLY);
a5c29683
JH		 4354}
4355
272d90df 4356int mgmt_user_confirm_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 4357 u8 link_type, u8 addr_type, u8 status)
a5c29683 4358{
272d90df 4359 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
8fc9ced3
GP		 4360 status,
4361 MGMT_OP_USER_CONFIRM_NEG_REPLY);
a5c29683 4362}
2a611692 4363
604086b7 4364int mgmt_user_passkey_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 4365 u8 link_type, u8 addr_type, u8 status)
604086b7 4366{
272d90df 4367 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
04124681 4368 status, MGMT_OP_USER_PASSKEY_REPLY);
604086b7
BG		 4369}
4370
272d90df 4371int mgmt_user_passkey_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 4372 u8 link_type, u8 addr_type, u8 status)
604086b7 4373{
272d90df 4374 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
8fc9ced3
GP		 4375 status,
4376 MGMT_OP_USER_PASSKEY_NEG_REPLY);
604086b7
BG		 4377}
4378
92a25256
JH		 4379int mgmt_user_passkey_notify(struct hci_dev *hdev, bdaddr_t *bdaddr,
4380 u8 link_type, u8 addr_type, u32 passkey,
4381 u8 entered)
4382{
4383 struct mgmt_ev_passkey_notify ev;
4384
4385 BT_DBG("%s", hdev->name);
4386
4387 bacpy(&ev.addr.bdaddr, bdaddr);
4388 ev.addr.type = link_to_bdaddr(link_type, addr_type);
4389 ev.passkey = __cpu_to_le32(passkey);
4390 ev.entered = entered;
4391
4392 return mgmt_event(MGMT_EV_PASSKEY_NOTIFY, hdev, &ev, sizeof(ev), NULL);
4393}
4394
bab73cb6 4395int mgmt_auth_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
04124681 4396 u8 addr_type, u8 status)
2a611692
JH		 4397{
4398 struct mgmt_ev_auth_failed ev;
4399
bab73cb6 4400 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 4401 ev.addr.type = link_to_bdaddr(link_type, addr_type);
ca69b795 4402 ev.status = mgmt_status(status);
2a611692 4403
744cf19e 4404 return mgmt_event(MGMT_EV_AUTH_FAILED, hdev, &ev, sizeof(ev), NULL);
2a611692 4405}
b312b161 4406
33ef95ed
JH		 4407int mgmt_auth_enable_complete(struct hci_dev *hdev, u8 status)
4408{
4409 struct cmd_lookup match = { NULL, hdev };
47990ea0
JH		 4410 bool changed = false;
4411 int err = 0;
33ef95ed
JH		 4412
4413 if (status) {
4414 u8 mgmt_err = mgmt_status(status);
4415 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev,
04124681 4416 cmd_status_rsp, &mgmt_err);
33ef95ed
JH		 4417 return 0;
4418 }
4419
47990ea0
JH		 4420 if (test_bit(HCI_AUTH, &hdev->flags)) {
4421 if (!test_and_set_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
4422 changed = true;
4423 } else {
4424 if (test_and_clear_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
4425 changed = true;
4426 }
4427
33ef95ed 4428 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev, settings_rsp,
04124681 4429 &match);
33ef95ed 4430
47990ea0
JH		 4431 if (changed)
4432 err = new_settings(hdev, match.sk);
33ef95ed
JH		 4433
4434 if (match.sk)
4435 sock_put(match.sk);
4436
4437 return err;
4438}
4439
890ea898 4440static void clear_eir(struct hci_request *req)
cacaf52f 4441{
890ea898 4442 struct hci_dev *hdev = req->hdev;
cacaf52f
JH		 4443 struct hci_cp_write_eir cp;
4444
976eb20e 4445 if (!lmp_ext_inq_capable(hdev))
890ea898 4446 return;
cacaf52f 4447
c80da27e
JH		 4448 memset(hdev->eir, 0, sizeof(hdev->eir));
4449
cacaf52f
JH		 4450 memset(&cp, 0, sizeof(cp));
4451
890ea898 4452 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
cacaf52f
JH		 4453}
4454
c0ecddc2 4455int mgmt_ssp_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
ed2c4ee3
JH		 4456{
4457 struct cmd_lookup match = { NULL, hdev };
890ea898 4458 struct hci_request req;
c0ecddc2
JH		 4459 bool changed = false;
4460 int err = 0;
ed2c4ee3
JH		 4461
4462 if (status) {
4463 u8 mgmt_err = mgmt_status(status);
c0ecddc2
JH		 4464
4465 if (enable && test_and_clear_bit(HCI_SSP_ENABLED,
9ecb3e24
MH		 4466 &hdev->dev_flags)) {
4467 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
c0ecddc2 4468 err = new_settings(hdev, NULL);
9ecb3e24 4469 }
c0ecddc2 4470
04124681
GP		 4471 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, cmd_status_rsp,
4472 &mgmt_err);
c0ecddc2
JH		 4473
4474 return err;
4475 }
4476
4477 if (enable) {
9ecb3e24 4478 changed = !test_and_set_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
c0ecddc2 4479 } else {
9ecb3e24
MH		 4480 changed = test_and_clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
4481 if (!changed)
4482 changed = test_and_clear_bit(HCI_HS_ENABLED,
4483 &hdev->dev_flags);
4484 else
4485 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
ed2c4ee3
JH		 4486 }
4487
4488 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, settings_rsp, &match);
4489
c0ecddc2
JH		 4490 if (changed)
4491 err = new_settings(hdev, match.sk);
ed2c4ee3 4492
5fc6ebb1 4493 if (match.sk)
ed2c4ee3
JH		 4494 sock_put(match.sk);
4495
890ea898
JH		 4496 hci_req_init(&req, hdev);
4497
5fc6ebb1 4498 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
890ea898 4499 update_eir(&req);
5fc6ebb1 4500 else
890ea898
JH		 4501 clear_eir(&req);
4502
4503 hci_req_run(&req, NULL);
cacaf52f 4504
ed2c4ee3
JH		 4505 return err;
4506}
4507
92da6097 4508static void sk_lookup(struct pending_cmd *cmd, void *data)
90e70454
JH		 4509{
4510 struct cmd_lookup *match = data;
4511
90e70454
JH		 4512 if (match->sk == NULL) {
4513 match->sk = cmd->sk;
4514 sock_hold(match->sk);
4515 }
90e70454
JH		 4516}
4517
7f9a903c 4518int mgmt_set_class_of_dev_complete(struct hci_dev *hdev, u8 *dev_class,
04124681 4519 u8 status)
7f9a903c 4520{
90e70454
JH		 4521 struct cmd_lookup match = { NULL, hdev, mgmt_status(status) };
4522 int err = 0;
7f9a903c 4523
92da6097
JH		 4524 mgmt_pending_foreach(MGMT_OP_SET_DEV_CLASS, hdev, sk_lookup, &match);
4525 mgmt_pending_foreach(MGMT_OP_ADD_UUID, hdev, sk_lookup, &match);
4526 mgmt_pending_foreach(MGMT_OP_REMOVE_UUID, hdev, sk_lookup, &match);
90e70454
JH		 4527
4528 if (!status)
04124681
GP		 4529 err = mgmt_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev, dev_class,
4530 3, NULL);
90e70454
JH		 4531
4532 if (match.sk)
4533 sock_put(match.sk);
7f9a903c
MH		 4534
4535 return err;
4536}
4537
744cf19e 4538int mgmt_set_local_name_complete(struct hci_dev *hdev, u8 *name, u8 status)
b312b161 4539{
b312b161 4540 struct mgmt_cp_set_local_name ev;
13928971 4541 struct pending_cmd *cmd;
28cc7bde 4542
13928971
JH		 4543 if (status)
4544 return 0;
b312b161
JH		 4545
4546 memset(&ev, 0, sizeof(ev));
4547 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH);
28cc7bde 4548 memcpy(ev.short_name, hdev->short_name, HCI_MAX_SHORT_NAME_LENGTH);
b312b161 4549
2e58ef3e 4550 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
13928971
JH		 4551 if (!cmd) {
4552 memcpy(hdev->dev_name, name, sizeof(hdev->dev_name));
28cc7bde 4553
13928971
JH		 4554 /* If this is a HCI command related to powering on the
4555 * HCI dev don't send any mgmt signals.
4556 */
4557 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev))
4558 return 0;
890ea898 4559 }
b312b161 4560
13928971
JH		 4561 return mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, &ev, sizeof(ev),
4562 cmd ? cmd->sk : NULL);
b312b161 4563}
c35938b2 4564
744cf19e 4565int mgmt_read_local_oob_data_reply_complete(struct hci_dev *hdev, u8 *hash,
04124681 4566 u8 *randomizer, u8 status)
c35938b2
SJ		 4567{
4568 struct pending_cmd *cmd;
4569 int err;
4570
744cf19e 4571 BT_DBG("%s status %u", hdev->name, status);
c35938b2 4572
2e58ef3e 4573 cmd = mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev);
c35938b2
SJ		 4574 if (!cmd)
4575 return -ENOENT;
4576
4577 if (status) {
04124681
GP		 4578 err = cmd_status(cmd->sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
4579 mgmt_status(status));
c35938b2
SJ		 4580 } else {
4581 struct mgmt_rp_read_local_oob_data rp;
4582
4583 memcpy(rp.hash, hash, sizeof(rp.hash));
4584 memcpy(rp.randomizer, randomizer, sizeof(rp.randomizer));
4585
744cf19e 4586 err = cmd_complete(cmd->sk, hdev->id,
04124681
GP		 4587 MGMT_OP_READ_LOCAL_OOB_DATA, 0, &rp,
4588 sizeof(rp));
c35938b2
SJ		 4589 }
4590
4591 mgmt_pending_remove(cmd);
4592
4593 return err;
4594}
e17acd40 4595
901801b9
MH		 4596void mgmt_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
4597 u8 addr_type, u8 *dev_class, s8 rssi, u8 cfm_name, u8
4598 ssp, u8 *eir, u16 eir_len)
e17acd40 4599{
e319d2e7
JH		 4600 char buf[512];
4601 struct mgmt_ev_device_found *ev = (void *) buf;
1dc06093 4602 size_t ev_size;
e17acd40 4603
12602d0c 4604 if (!hci_discovery_active(hdev))
901801b9 4605 return;
12602d0c 4606
1dc06093
JH		 4607 /* Leave 5 bytes for a potential CoD field */
4608 if (sizeof(*ev) + eir_len + 5 > sizeof(buf))
901801b9 4609 return;
7d262f86 4610
1dc06093
JH		 4611 memset(buf, 0, sizeof(buf));
4612
e319d2e7 4613 bacpy(&ev->addr.bdaddr, bdaddr);
57c1477c 4614 ev->addr.type = link_to_bdaddr(link_type, addr_type);
e319d2e7 4615 ev->rssi = rssi;
9a395a80 4616 if (cfm_name)
612dfce9 4617 ev->flags |= __constant_cpu_to_le32(MGMT_DEV_FOUND_CONFIRM_NAME);
388fc8fa 4618 if (!ssp)
612dfce9 4619 ev->flags |= __constant_cpu_to_le32(MGMT_DEV_FOUND_LEGACY_PAIRING);
e17acd40 4620
1dc06093 4621 if (eir_len > 0)
e319d2e7 4622 memcpy(ev->eir, eir, eir_len);
e17acd40 4623
1dc06093
JH		 4624 if (dev_class && !eir_has_data_type(ev->eir, eir_len, EIR_CLASS_OF_DEV))
4625 eir_len = eir_append_data(ev->eir, eir_len, EIR_CLASS_OF_DEV,
04124681 4626 dev_class, 3);
1dc06093 4627
eb55ef07 4628 ev->eir_len = cpu_to_le16(eir_len);
1dc06093 4629 ev_size = sizeof(*ev) + eir_len;
f8523598 4630
901801b9 4631 mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, ev_size, NULL);
e17acd40 4632}
a88a9652 4633
9cf12aee
MH		 4634void mgmt_remote_name(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
4635 u8 addr_type, s8 rssi, u8 *name, u8 name_len)
a88a9652 4636{
b644ba33
JH		 4637 struct mgmt_ev_device_found *ev;
4638 char buf[sizeof(*ev) + HCI_MAX_NAME_LENGTH + 2];
4639 u16 eir_len;
a88a9652 4640
b644ba33 4641 ev = (struct mgmt_ev_device_found *) buf;
a88a9652 4642
b644ba33
JH		 4643 memset(buf, 0, sizeof(buf));
4644
4645 bacpy(&ev->addr.bdaddr, bdaddr);
57c1477c 4646 ev->addr.type = link_to_bdaddr(link_type, addr_type);
b644ba33
JH		 4647 ev->rssi = rssi;
4648
4649 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE, name,
04124681 4650 name_len);
b644ba33 4651
eb55ef07 4652 ev->eir_len = cpu_to_le16(eir_len);
a88a9652 4653
9cf12aee 4654 mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, sizeof(*ev) + eir_len, NULL);
a88a9652 4655}
314b2381 4656
2f1e063b 4657void mgmt_discovering(struct hci_dev *hdev, u8 discovering)
314b2381 4658{
f963e8e9 4659 struct mgmt_ev_discovering ev;
164a6e78
JH		 4660 struct pending_cmd *cmd;
4661
343fb145
AG		 4662 BT_DBG("%s discovering %u", hdev->name, discovering);
4663
164a6e78 4664 if (discovering)
2e58ef3e 4665 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
164a6e78 4666 else
2e58ef3e 4667 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
164a6e78
JH		 4668
4669 if (cmd != NULL) {
f808e166
JH		 4670 u8 type = hdev->discovery.type;
4671
04124681
GP		 4672 cmd_complete(cmd->sk, hdev->id, cmd->opcode, 0, &type,
4673 sizeof(type));
164a6e78
JH		 4674 mgmt_pending_remove(cmd);
4675 }
4676
f963e8e9
JH		 4677 memset(&ev, 0, sizeof(ev));
4678 ev.type = hdev->discovery.type;
4679 ev.discovering = discovering;
4680
2f1e063b 4681 mgmt_event(MGMT_EV_DISCOVERING, hdev, &ev, sizeof(ev), NULL);
314b2381 4682}
5e762444 4683
88c1fe4b 4684int mgmt_device_blocked(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
5e762444
AJ		 4685{
4686 struct pending_cmd *cmd;
4687 struct mgmt_ev_device_blocked ev;
4688
2e58ef3e 4689 cmd = mgmt_pending_find(MGMT_OP_BLOCK_DEVICE, hdev);
5e762444 4690
88c1fe4b
JH		 4691 bacpy(&ev.addr.bdaddr, bdaddr);
4692 ev.addr.type = type;
5e762444 4693
744cf19e 4694 return mgmt_event(MGMT_EV_DEVICE_BLOCKED, hdev, &ev, sizeof(ev),
04124681 4695 cmd ? cmd->sk : NULL);
5e762444
AJ		 4696}
4697
88c1fe4b 4698int mgmt_device_unblocked(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
5e762444
AJ		 4699{
4700 struct pending_cmd *cmd;
4701 struct mgmt_ev_device_unblocked ev;
4702
2e58ef3e 4703 cmd = mgmt_pending_find(MGMT_OP_UNBLOCK_DEVICE, hdev);
5e762444 4704
88c1fe4b
JH		 4705 bacpy(&ev.addr.bdaddr, bdaddr);
4706 ev.addr.type = type;
5e762444 4707
744cf19e 4708 return mgmt_event(MGMT_EV_DEVICE_UNBLOCKED, hdev, &ev, sizeof(ev),
04124681 4709 cmd ? cmd->sk : NULL);
5e762444 4710}
5976e608
MH		 4711
4712static void adv_enable_complete(struct hci_dev *hdev, u8 status)
4713{
4714 BT_DBG("%s status %u", hdev->name, status);
4715
4716 /* Clear the advertising mgmt setting if we failed to re-enable it */
4717 if (status) {
4718 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
a6d811ed 4719 new_settings(hdev, NULL);
5976e608
MH		 4720 }
4721}
4722
4723void mgmt_reenable_advertising(struct hci_dev *hdev)
4724{
4725 struct hci_request req;
4726
b145edcd 4727 if (hci_conn_num(hdev, LE_LINK) > 0)
5976e608
MH		 4728 return;
4729
4730 if (!test_bit(HCI_ADVERTISING, &hdev->dev_flags))
4731 return;
4732
4733 hci_req_init(&req, hdev);
4734 enable_advertising(&req);
4735
4736 /* If this fails we have no option but to let user space know
4737 * that we've disabled advertising.
4738 */
4739 if (hci_req_run(&req, adv_enable_complete) < 0) {
4740 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
a6d811ed 4741 new_settings(hdev, NULL);
5976e608
MH		 4742 }
4743}
Linux kernel - Deliverables
This page took 0.601921 seconds and 5 git commands to generate.