projects / deliverable / linux.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Bluetooth: Fix setting local name to the existing value
[deliverable/linux.git] / net / bluetooth / mgmt.c
CommitLineData
0381101f
JH		 1/*
2 BlueZ - Bluetooth protocol stack for Linux
ea585ab5 3
0381101f 4 Copyright (C) 2010 Nokia Corporation
ea585ab5 5 Copyright (C) 2011-2012 Intel Corporation
0381101f
JH		 6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
10
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
23*/
24
25/* Bluetooth HCI Management interface */
26
3a9a231d 27#include <linux/module.h>
0381101f
JH		 28#include <asm/unaligned.h>
29
30#include <net/bluetooth/bluetooth.h>
31#include <net/bluetooth/hci_core.h>
32#include <net/bluetooth/mgmt.h>
5fe57d9e 33#include <net/bluetooth/smp.h>
0381101f 34
d7b7e796 35bool enable_hs;
d7b7e796 36
2da9c55c 37#define MGMT_VERSION 1
3810285c 38#define MGMT_REVISION 3
02d98129 39
e70bb2e8
JH		 40static const u16 mgmt_commands[] = {
41 MGMT_OP_READ_INDEX_LIST,
42 MGMT_OP_READ_INFO,
43 MGMT_OP_SET_POWERED,
44 MGMT_OP_SET_DISCOVERABLE,
45 MGMT_OP_SET_CONNECTABLE,
46 MGMT_OP_SET_FAST_CONNECTABLE,
47 MGMT_OP_SET_PAIRABLE,
48 MGMT_OP_SET_LINK_SECURITY,
49 MGMT_OP_SET_SSP,
50 MGMT_OP_SET_HS,
51 MGMT_OP_SET_LE,
52 MGMT_OP_SET_DEV_CLASS,
53 MGMT_OP_SET_LOCAL_NAME,
54 MGMT_OP_ADD_UUID,
55 MGMT_OP_REMOVE_UUID,
56 MGMT_OP_LOAD_LINK_KEYS,
57 MGMT_OP_LOAD_LONG_TERM_KEYS,
58 MGMT_OP_DISCONNECT,
59 MGMT_OP_GET_CONNECTIONS,
60 MGMT_OP_PIN_CODE_REPLY,
61 MGMT_OP_PIN_CODE_NEG_REPLY,
62 MGMT_OP_SET_IO_CAPABILITY,
63 MGMT_OP_PAIR_DEVICE,
64 MGMT_OP_CANCEL_PAIR_DEVICE,
65 MGMT_OP_UNPAIR_DEVICE,
66 MGMT_OP_USER_CONFIRM_REPLY,
67 MGMT_OP_USER_CONFIRM_NEG_REPLY,
68 MGMT_OP_USER_PASSKEY_REPLY,
69 MGMT_OP_USER_PASSKEY_NEG_REPLY,
70 MGMT_OP_READ_LOCAL_OOB_DATA,
71 MGMT_OP_ADD_REMOTE_OOB_DATA,
72 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
73 MGMT_OP_START_DISCOVERY,
74 MGMT_OP_STOP_DISCOVERY,
75 MGMT_OP_CONFIRM_NAME,
76 MGMT_OP_BLOCK_DEVICE,
77 MGMT_OP_UNBLOCK_DEVICE,
cdbaccca 78 MGMT_OP_SET_DEVICE_ID,
e70bb2e8
JH		 79};
80
81static const u16 mgmt_events[] = {
82 MGMT_EV_CONTROLLER_ERROR,
83 MGMT_EV_INDEX_ADDED,
84 MGMT_EV_INDEX_REMOVED,
85 MGMT_EV_NEW_SETTINGS,
86 MGMT_EV_CLASS_OF_DEV_CHANGED,
87 MGMT_EV_LOCAL_NAME_CHANGED,
88 MGMT_EV_NEW_LINK_KEY,
89 MGMT_EV_NEW_LONG_TERM_KEY,
90 MGMT_EV_DEVICE_CONNECTED,
91 MGMT_EV_DEVICE_DISCONNECTED,
92 MGMT_EV_CONNECT_FAILED,
93 MGMT_EV_PIN_CODE_REQUEST,
94 MGMT_EV_USER_CONFIRM_REQUEST,
95 MGMT_EV_USER_PASSKEY_REQUEST,
96 MGMT_EV_AUTH_FAILED,
97 MGMT_EV_DEVICE_FOUND,
98 MGMT_EV_DISCOVERING,
99 MGMT_EV_DEVICE_BLOCKED,
100 MGMT_EV_DEVICE_UNBLOCKED,
101 MGMT_EV_DEVICE_UNPAIRED,
92a25256 102 MGMT_EV_PASSKEY_NOTIFY,
e70bb2e8
JH		 103};
104
3fd24153
AG		 105/*
106 * These LE scan and inquiry parameters were chosen according to LE General
107 * Discovery Procedure specification.
108 */
109#define LE_SCAN_TYPE 0x01
110#define LE_SCAN_WIN 0x12
111#define LE_SCAN_INT 0x12
112#define LE_SCAN_TIMEOUT_LE_ONLY 10240 /* TGAP(gen_disc_scan_min) */
5e0452c0 113#define LE_SCAN_TIMEOUT_BREDR_LE 5120 /* TGAP(100)/2 */
3fd24153 114
e8777525 115#define INQUIRY_LEN_BREDR 0x08 /* TGAP(100) */
5e0452c0 116#define INQUIRY_LEN_BREDR_LE 0x04 /* TGAP(100)/2 */
2519a1fc 117
17b02e62 118#define CACHE_TIMEOUT msecs_to_jiffies(2 * 1000)
7d78525d 119
4b34ee78
JH		 120#define hdev_is_powered(hdev) (test_bit(HCI_UP, &hdev->flags) && \
121 !test_bit(HCI_AUTO_OFF, &hdev->dev_flags))
122
eec8d2bc
JH		 123struct pending_cmd {
124 struct list_head list;
fc2f4b13 125 u16 opcode;
eec8d2bc 126 int index;
c68fb7ff 127 void *param;
eec8d2bc 128 struct sock *sk;
e9a416b5 129 void *user_data;
eec8d2bc
JH		 130};
131
ca69b795
JH		 132/* HCI to MGMT error code conversion table */
133static u8 mgmt_status_table[] = {
134 MGMT_STATUS_SUCCESS,
135 MGMT_STATUS_UNKNOWN_COMMAND, /* Unknown Command */
136 MGMT_STATUS_NOT_CONNECTED, /* No Connection */
137 MGMT_STATUS_FAILED, /* Hardware Failure */
138 MGMT_STATUS_CONNECT_FAILED, /* Page Timeout */
139 MGMT_STATUS_AUTH_FAILED, /* Authentication Failed */
140 MGMT_STATUS_NOT_PAIRED, /* PIN or Key Missing */
141 MGMT_STATUS_NO_RESOURCES, /* Memory Full */
142 MGMT_STATUS_TIMEOUT, /* Connection Timeout */
143 MGMT_STATUS_NO_RESOURCES, /* Max Number of Connections */
144 MGMT_STATUS_NO_RESOURCES, /* Max Number of SCO Connections */
145 MGMT_STATUS_ALREADY_CONNECTED, /* ACL Connection Exists */
146 MGMT_STATUS_BUSY, /* Command Disallowed */
147 MGMT_STATUS_NO_RESOURCES, /* Rejected Limited Resources */
148 MGMT_STATUS_REJECTED, /* Rejected Security */
149 MGMT_STATUS_REJECTED, /* Rejected Personal */
150 MGMT_STATUS_TIMEOUT, /* Host Timeout */
151 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Feature */
152 MGMT_STATUS_INVALID_PARAMS, /* Invalid Parameters */
153 MGMT_STATUS_DISCONNECTED, /* OE User Ended Connection */
154 MGMT_STATUS_NO_RESOURCES, /* OE Low Resources */
155 MGMT_STATUS_DISCONNECTED, /* OE Power Off */
156 MGMT_STATUS_DISCONNECTED, /* Connection Terminated */
157 MGMT_STATUS_BUSY, /* Repeated Attempts */
158 MGMT_STATUS_REJECTED, /* Pairing Not Allowed */
159 MGMT_STATUS_FAILED, /* Unknown LMP PDU */
160 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Remote Feature */
161 MGMT_STATUS_REJECTED, /* SCO Offset Rejected */
162 MGMT_STATUS_REJECTED, /* SCO Interval Rejected */
163 MGMT_STATUS_REJECTED, /* Air Mode Rejected */
164 MGMT_STATUS_INVALID_PARAMS, /* Invalid LMP Parameters */
165 MGMT_STATUS_FAILED, /* Unspecified Error */
166 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported LMP Parameter Value */
167 MGMT_STATUS_FAILED, /* Role Change Not Allowed */
168 MGMT_STATUS_TIMEOUT, /* LMP Response Timeout */
169 MGMT_STATUS_FAILED, /* LMP Error Transaction Collision */
170 MGMT_STATUS_FAILED, /* LMP PDU Not Allowed */
171 MGMT_STATUS_REJECTED, /* Encryption Mode Not Accepted */
172 MGMT_STATUS_FAILED, /* Unit Link Key Used */
173 MGMT_STATUS_NOT_SUPPORTED, /* QoS Not Supported */
174 MGMT_STATUS_TIMEOUT, /* Instant Passed */
175 MGMT_STATUS_NOT_SUPPORTED, /* Pairing Not Supported */
176 MGMT_STATUS_FAILED, /* Transaction Collision */
177 MGMT_STATUS_INVALID_PARAMS, /* Unacceptable Parameter */
178 MGMT_STATUS_REJECTED, /* QoS Rejected */
179 MGMT_STATUS_NOT_SUPPORTED, /* Classification Not Supported */
180 MGMT_STATUS_REJECTED, /* Insufficient Security */
181 MGMT_STATUS_INVALID_PARAMS, /* Parameter Out Of Range */
182 MGMT_STATUS_BUSY, /* Role Switch Pending */
183 MGMT_STATUS_FAILED, /* Slot Violation */
184 MGMT_STATUS_FAILED, /* Role Switch Failed */
185 MGMT_STATUS_INVALID_PARAMS, /* EIR Too Large */
186 MGMT_STATUS_NOT_SUPPORTED, /* Simple Pairing Not Supported */
187 MGMT_STATUS_BUSY, /* Host Busy Pairing */
188 MGMT_STATUS_REJECTED, /* Rejected, No Suitable Channel */
189 MGMT_STATUS_BUSY, /* Controller Busy */
190 MGMT_STATUS_INVALID_PARAMS, /* Unsuitable Connection Interval */
191 MGMT_STATUS_TIMEOUT, /* Directed Advertising Timeout */
192 MGMT_STATUS_AUTH_FAILED, /* Terminated Due to MIC Failure */
193 MGMT_STATUS_CONNECT_FAILED, /* Connection Establishment Failed */
194 MGMT_STATUS_CONNECT_FAILED, /* MAC Connection Failed */
195};
196
bb4b2a9a
AE		 197bool mgmt_valid_hdev(struct hci_dev *hdev)
198{
199 return hdev->dev_type == HCI_BREDR;
200}
201
ca69b795
JH		 202static u8 mgmt_status(u8 hci_status)
203{
204 if (hci_status < ARRAY_SIZE(mgmt_status_table))
205 return mgmt_status_table[hci_status];
206
207 return MGMT_STATUS_FAILED;
208}
209
4e51eae9 210static int cmd_status(struct sock *sk, u16 index, u16 cmd, u8 status)
f7b64e69
JH		 211{
212 struct sk_buff *skb;
213 struct mgmt_hdr *hdr;
214 struct mgmt_ev_cmd_status *ev;
56b7d137 215 int err;
f7b64e69 216
34eb525c 217 BT_DBG("sock %p, index %u, cmd %u, status %u", sk, index, cmd, status);
f7b64e69 218
790eff44 219 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev), GFP_KERNEL);
f7b64e69
JH		 220 if (!skb)
221 return -ENOMEM;
222
223 hdr = (void *) skb_put(skb, sizeof(*hdr));
224
612dfce9 225 hdr->opcode = __constant_cpu_to_le16(MGMT_EV_CMD_STATUS);
4e51eae9 226 hdr->index = cpu_to_le16(index);
f7b64e69
JH		 227 hdr->len = cpu_to_le16(sizeof(*ev));
228
229 ev = (void *) skb_put(skb, sizeof(*ev));
230 ev->status = status;
eb55ef07 231 ev->opcode = cpu_to_le16(cmd);
f7b64e69 232
56b7d137
GP		 233 err = sock_queue_rcv_skb(sk, skb);
234 if (err < 0)
f7b64e69
JH		 235 kfree_skb(skb);
236
56b7d137 237 return err;
f7b64e69
JH		 238}
239
aee9b218 240static int cmd_complete(struct sock *sk, u16 index, u16 cmd, u8 status,
04124681 241 void *rp, size_t rp_len)
02d98129
JH		 242{
243 struct sk_buff *skb;
244 struct mgmt_hdr *hdr;
245 struct mgmt_ev_cmd_complete *ev;
56b7d137 246 int err;
02d98129
JH		 247
248 BT_DBG("sock %p", sk);
249
790eff44 250 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev) + rp_len, GFP_KERNEL);
02d98129
JH		 251 if (!skb)
252 return -ENOMEM;
253
254 hdr = (void *) skb_put(skb, sizeof(*hdr));
02d98129 255
612dfce9 256 hdr->opcode = __constant_cpu_to_le16(MGMT_EV_CMD_COMPLETE);
4e51eae9 257 hdr->index = cpu_to_le16(index);
a38528f1 258 hdr->len = cpu_to_le16(sizeof(*ev) + rp_len);
02d98129 259
a38528f1 260 ev = (void *) skb_put(skb, sizeof(*ev) + rp_len);
eb55ef07 261 ev->opcode = cpu_to_le16(cmd);
aee9b218 262 ev->status = status;
8020c16a
SJ		 263
264 if (rp)
265 memcpy(ev->data, rp, rp_len);
02d98129 266
56b7d137
GP		 267 err = sock_queue_rcv_skb(sk, skb);
268 if (err < 0)
02d98129
JH		 269 kfree_skb(skb);
270
e5f0e151 271 return err;
02d98129
JH		 272}
273
04124681
GP		 274static int read_version(struct sock *sk, struct hci_dev *hdev, void *data,
275 u16 data_len)
a38528f1
JH		 276{
277 struct mgmt_rp_read_version rp;
278
279 BT_DBG("sock %p", sk);
280
281 rp.version = MGMT_VERSION;
eb55ef07 282 rp.revision = __constant_cpu_to_le16(MGMT_REVISION);
a38528f1 283
aee9b218 284 return cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_VERSION, 0, &rp,
04124681 285 sizeof(rp));
a38528f1
JH		 286}
287
04124681
GP		 288static int read_commands(struct sock *sk, struct hci_dev *hdev, void *data,
289 u16 data_len)
e70bb2e8
JH		 290{
291 struct mgmt_rp_read_commands *rp;
eb55ef07
MH		 292 const u16 num_commands = ARRAY_SIZE(mgmt_commands);
293 const u16 num_events = ARRAY_SIZE(mgmt_events);
2e3c35ea 294 __le16 *opcode;
e70bb2e8
JH		 295 size_t rp_size;
296 int i, err;
297
298 BT_DBG("sock %p", sk);
299
300 rp_size = sizeof(*rp) + ((num_commands + num_events) * sizeof(u16));
301
302 rp = kmalloc(rp_size, GFP_KERNEL);
303 if (!rp)
304 return -ENOMEM;
305
eb55ef07
MH		 306 rp->num_commands = __constant_cpu_to_le16(num_commands);
307 rp->num_events = __constant_cpu_to_le16(num_events);
e70bb2e8
JH		 308
309 for (i = 0, opcode = rp->opcodes; i < num_commands; i++, opcode++)
310 put_unaligned_le16(mgmt_commands[i], opcode);
311
312 for (i = 0; i < num_events; i++, opcode++)
313 put_unaligned_le16(mgmt_events[i], opcode);
314
aee9b218 315 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_COMMANDS, 0, rp,
04124681 316 rp_size);
e70bb2e8
JH		 317 kfree(rp);
318
319 return err;
320}
321
04124681
GP		 322static int read_index_list(struct sock *sk, struct hci_dev *hdev, void *data,
323 u16 data_len)
faba42eb 324{
faba42eb 325 struct mgmt_rp_read_index_list *rp;
8035ded4 326 struct hci_dev *d;
a38528f1 327 size_t rp_len;
faba42eb 328 u16 count;
476e44cb 329 int err;
faba42eb
JH		 330
331 BT_DBG("sock %p", sk);
332
333 read_lock(&hci_dev_list_lock);
334
335 count = 0;
bb4b2a9a
AE		 336 list_for_each_entry(d, &hci_dev_list, list) {
337 if (!mgmt_valid_hdev(d))
338 continue;
339
faba42eb
JH		 340 count++;
341 }
342
a38528f1
JH		 343 rp_len = sizeof(*rp) + (2 * count);
344 rp = kmalloc(rp_len, GFP_ATOMIC);
345 if (!rp) {
b2c60d42 346 read_unlock(&hci_dev_list_lock);
faba42eb 347 return -ENOMEM;
b2c60d42 348 }
faba42eb 349
476e44cb 350 count = 0;
8035ded4 351 list_for_each_entry(d, &hci_dev_list, list) {
a8b2d5c2 352 if (test_bit(HCI_SETUP, &d->dev_flags))
ab81cbf9
JH		 353 continue;
354
bb4b2a9a
AE		 355 if (!mgmt_valid_hdev(d))
356 continue;
357
476e44cb 358 rp->index[count++] = cpu_to_le16(d->id);
faba42eb
JH		 359 BT_DBG("Added hci%u", d->id);
360 }
361
476e44cb
JH		 362 rp->num_controllers = cpu_to_le16(count);
363 rp_len = sizeof(*rp) + (2 * count);
364
faba42eb
JH		 365 read_unlock(&hci_dev_list_lock);
366
aee9b218 367 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_INDEX_LIST, 0, rp,
04124681 368 rp_len);
faba42eb 369
a38528f1
JH		 370 kfree(rp);
371
372 return err;
faba42eb
JH		 373}
374
69ab39ea
JH		 375static u32 get_supported_settings(struct hci_dev *hdev)
376{
377 u32 settings = 0;
378
379 settings |= MGMT_SETTING_POWERED;
69ab39ea
JH		 380 settings |= MGMT_SETTING_PAIRABLE;
381
9a1a1996 382 if (lmp_ssp_capable(hdev))
69ab39ea
JH		 383 settings |= MGMT_SETTING_SSP;
384
ed3fa31f 385 if (lmp_bredr_capable(hdev)) {
33c525c0
JH		 386 settings |= MGMT_SETTING_CONNECTABLE;
387 settings |= MGMT_SETTING_FAST_CONNECTABLE;
388 settings |= MGMT_SETTING_DISCOVERABLE;
69ab39ea
JH		 389 settings |= MGMT_SETTING_BREDR;
390 settings |= MGMT_SETTING_LINK_SECURITY;
391 }
392
d7b7e796
MH		 393 if (enable_hs)
394 settings |= MGMT_SETTING_HS;
395
c383ddc4 396 if (lmp_le_capable(hdev))
9d42820f 397 settings |= MGMT_SETTING_LE;
69ab39ea
JH		 398
399 return settings;
400}
401
402static u32 get_current_settings(struct hci_dev *hdev)
403{
404 u32 settings = 0;
405
f1f0eb02 406 if (hdev_is_powered(hdev))
f0d4b78a
MH		 407 settings |= MGMT_SETTING_POWERED;
408
5e5282bb 409 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
69ab39ea
JH		 410 settings |= MGMT_SETTING_CONNECTABLE;
411
5e5282bb 412 if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
69ab39ea
JH		 413 settings |= MGMT_SETTING_DISCOVERABLE;
414
a8b2d5c2 415 if (test_bit(HCI_PAIRABLE, &hdev->dev_flags))
69ab39ea
JH		 416 settings |= MGMT_SETTING_PAIRABLE;
417
ed3fa31f 418 if (lmp_bredr_capable(hdev))
69ab39ea
JH		 419 settings |= MGMT_SETTING_BREDR;
420
06199cf8 421 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
69ab39ea
JH		 422 settings |= MGMT_SETTING_LE;
423
47990ea0 424 if (test_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
69ab39ea
JH		 425 settings |= MGMT_SETTING_LINK_SECURITY;
426
84bde9d6 427 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
69ab39ea
JH		 428 settings |= MGMT_SETTING_SSP;
429
6d80dfd0
JH		 430 if (test_bit(HCI_HS_ENABLED, &hdev->dev_flags))
431 settings |= MGMT_SETTING_HS;
432
69ab39ea
JH		 433 return settings;
434}
435
ef580372
JH		 436#define PNP_INFO_SVCLASS_ID 0x1200
437
213202ed
JH		 438static u8 *create_uuid16_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
439{
440 u8 *ptr = data, *uuids_start = NULL;
441 struct bt_uuid *uuid;
442
443 if (len < 4)
444 return ptr;
445
446 list_for_each_entry(uuid, &hdev->uuids, list) {
447 u16 uuid16;
448
449 if (uuid->size != 16)
450 continue;
451
452 uuid16 = get_unaligned_le16(&uuid->uuid[12]);
453 if (uuid16 < 0x1100)
454 continue;
455
456 if (uuid16 == PNP_INFO_SVCLASS_ID)
457 continue;
458
459 if (!uuids_start) {
460 uuids_start = ptr;
461 uuids_start[0] = 1;
462 uuids_start[1] = EIR_UUID16_ALL;
463 ptr += 2;
464 }
465
466 /* Stop if not enough space to put next UUID */
467 if ((ptr - data) + sizeof(u16) > len) {
468 uuids_start[1] = EIR_UUID16_SOME;
469 break;
470 }
471
472 *ptr++ = (uuid16 & 0x00ff);
473 *ptr++ = (uuid16 & 0xff00) >> 8;
474 uuids_start[0] += sizeof(uuid16);
475 }
476
477 return ptr;
478}
479
cdf1963f
JH		 480static u8 *create_uuid32_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
481{
482 u8 *ptr = data, *uuids_start = NULL;
483 struct bt_uuid *uuid;
484
485 if (len < 6)
486 return ptr;
487
488 list_for_each_entry(uuid, &hdev->uuids, list) {
489 if (uuid->size != 32)
490 continue;
491
492 if (!uuids_start) {
493 uuids_start = ptr;
494 uuids_start[0] = 1;
495 uuids_start[1] = EIR_UUID32_ALL;
496 ptr += 2;
497 }
498
499 /* Stop if not enough space to put next UUID */
500 if ((ptr - data) + sizeof(u32) > len) {
501 uuids_start[1] = EIR_UUID32_SOME;
502 break;
503 }
504
505 memcpy(ptr, &uuid->uuid[12], sizeof(u32));
506 ptr += sizeof(u32);
507 uuids_start[0] += sizeof(u32);
508 }
509
510 return ptr;
511}
512
c00d575b
JH		 513static u8 *create_uuid128_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
514{
515 u8 *ptr = data, *uuids_start = NULL;
516 struct bt_uuid *uuid;
517
518 if (len < 18)
519 return ptr;
520
521 list_for_each_entry(uuid, &hdev->uuids, list) {
522 if (uuid->size != 128)
523 continue;
524
525 if (!uuids_start) {
526 uuids_start = ptr;
527 uuids_start[0] = 1;
528 uuids_start[1] = EIR_UUID128_ALL;
529 ptr += 2;
530 }
531
532 /* Stop if not enough space to put next UUID */
533 if ((ptr - data) + 16 > len) {
534 uuids_start[1] = EIR_UUID128_SOME;
535 break;
536 }
537
538 memcpy(ptr, uuid->uuid, 16);
539 ptr += 16;
540 uuids_start[0] += 16;
541 }
542
543 return ptr;
544}
545
ef580372
JH		 546static void create_eir(struct hci_dev *hdev, u8 *data)
547{
548 u8 *ptr = data;
ef580372
JH		 549 size_t name_len;
550
551 name_len = strlen(hdev->dev_name);
552
553 if (name_len > 0) {
554 /* EIR Data type */
555 if (name_len > 48) {
556 name_len = 48;
557 ptr[1] = EIR_NAME_SHORT;
558 } else
559 ptr[1] = EIR_NAME_COMPLETE;
560
561 /* EIR Data length */
562 ptr[0] = name_len + 1;
563
564 memcpy(ptr + 2, hdev->dev_name, name_len);
565
ef580372
JH		 566 ptr += (name_len + 2);
567 }
568
bbaf444a 569 if (hdev->inq_tx_power != HCI_TX_POWER_INVALID) {
91c4e9b1
MH		 570 ptr[0] = 2;
571 ptr[1] = EIR_TX_POWER;
572 ptr[2] = (u8) hdev->inq_tx_power;
573
91c4e9b1
MH		 574 ptr += 3;
575 }
576
2b9be137
MH		 577 if (hdev->devid_source > 0) {
578 ptr[0] = 9;
579 ptr[1] = EIR_DEVICE_ID;
580
581 put_unaligned_le16(hdev->devid_source, ptr + 2);
582 put_unaligned_le16(hdev->devid_vendor, ptr + 4);
583 put_unaligned_le16(hdev->devid_product, ptr + 6);
584 put_unaligned_le16(hdev->devid_version, ptr + 8);
585
2b9be137
MH		 586 ptr += 10;
587 }
588
213202ed 589 ptr = create_uuid16_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
cdf1963f 590 ptr = create_uuid32_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
c00d575b 591 ptr = create_uuid128_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
ef580372
JH		 592}
593
890ea898 594static void update_eir(struct hci_request *req)
ef580372 595{
890ea898 596 struct hci_dev *hdev = req->hdev;
ef580372
JH		 597 struct hci_cp_write_eir cp;
598
504c8dcd 599 if (!hdev_is_powered(hdev))
890ea898 600 return;
7770c4aa 601
976eb20e 602 if (!lmp_ext_inq_capable(hdev))
890ea898 603 return;
ef580372 604
84bde9d6 605 if (!test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
890ea898 606 return;
ef580372 607
a8b2d5c2 608 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
890ea898 609 return;
ef580372
JH		 610
611 memset(&cp, 0, sizeof(cp));
612
613 create_eir(hdev, cp.data);
614
615 if (memcmp(cp.data, hdev->eir, sizeof(cp.data)) == 0)
890ea898 616 return;
ef580372
JH		 617
618 memcpy(hdev->eir, cp.data, sizeof(cp.data));
619
890ea898 620 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
ef580372
JH		 621}
622
623static u8 get_service_classes(struct hci_dev *hdev)
624{
625 struct bt_uuid *uuid;
626 u8 val = 0;
627
628 list_for_each_entry(uuid, &hdev->uuids, list)
629 val |= uuid->svc_hint;
630
631 return val;
632}
633
890ea898 634static void update_class(struct hci_request *req)
ef580372 635{
890ea898 636 struct hci_dev *hdev = req->hdev;
ef580372
JH		 637 u8 cod[3];
638
639 BT_DBG("%s", hdev->name);
640
504c8dcd 641 if (!hdev_is_powered(hdev))
890ea898 642 return;
7770c4aa 643
a8b2d5c2 644 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
890ea898 645 return;
ef580372
JH		 646
647 cod[0] = hdev->minor_class;
648 cod[1] = hdev->major_class;
649 cod[2] = get_service_classes(hdev);
650
651 if (memcmp(cod, hdev->dev_class, 3) == 0)
890ea898 652 return;
ef580372 653
890ea898 654 hci_req_add(req, HCI_OP_WRITE_CLASS_OF_DEV, sizeof(cod), cod);
ef580372
JH		 655}
656
7d78525d
JH		 657static void service_cache_off(struct work_struct *work)
658{
659 struct hci_dev *hdev = container_of(work, struct hci_dev,
04124681 660 service_cache.work);
890ea898 661 struct hci_request req;
7d78525d 662
a8b2d5c2 663 if (!test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
7d78525d
JH		 664 return;
665
890ea898
JH		 666 hci_req_init(&req, hdev);
667
7d78525d
JH		 668 hci_dev_lock(hdev);
669
890ea898
JH		 670 update_eir(&req);
671 update_class(&req);
7d78525d
JH		 672
673 hci_dev_unlock(hdev);
890ea898
JH		 674
675 hci_req_run(&req, NULL);
7d78525d
JH		 676}
677
6a919082 678static void mgmt_init_hdev(struct sock *sk, struct hci_dev *hdev)
7d78525d 679{
4f87da80 680 if (test_and_set_bit(HCI_MGMT, &hdev->dev_flags))
6a919082
JH		 681 return;
682
4f87da80 683 INIT_DELAYED_WORK(&hdev->service_cache, service_cache_off);
7d78525d 684
4f87da80
JH		 685 /* Non-mgmt controlled devices get this bit set
686 * implicitly so that pairing works for them, however
687 * for mgmt we require user-space to explicitly enable
688 * it
689 */
690 clear_bit(HCI_PAIRABLE, &hdev->dev_flags);
7d78525d
JH		 691}
692
0f4e68cf 693static int read_controller_info(struct sock *sk, struct hci_dev *hdev,
04124681 694 void *data, u16 data_len)
0381101f 695{
a38528f1 696 struct mgmt_rp_read_info rp;
f7b64e69 697
bdb6d971 698 BT_DBG("sock %p %s", sk, hdev->name);
f7b64e69 699
09fd0de5 700 hci_dev_lock(hdev);
f7b64e69 701
dc4fe30b
JH		 702 memset(&rp, 0, sizeof(rp));
703
69ab39ea 704 bacpy(&rp.bdaddr, &hdev->bdaddr);
f7b64e69 705
69ab39ea 706 rp.version = hdev->hci_ver;
eb55ef07 707 rp.manufacturer = cpu_to_le16(hdev->manufacturer);
69ab39ea
JH		 708
709 rp.supported_settings = cpu_to_le32(get_supported_settings(hdev));
710 rp.current_settings = cpu_to_le32(get_current_settings(hdev));
f7b64e69 711
a38528f1 712 memcpy(rp.dev_class, hdev->dev_class, 3);
f7b64e69 713
dc4fe30b 714 memcpy(rp.name, hdev->dev_name, sizeof(hdev->dev_name));
27fcc362 715 memcpy(rp.short_name, hdev->short_name, sizeof(hdev->short_name));
dc4fe30b 716
09fd0de5 717 hci_dev_unlock(hdev);
0381101f 718
bdb6d971 719 return cmd_complete(sk, hdev->id, MGMT_OP_READ_INFO, 0, &rp,
04124681 720 sizeof(rp));
0381101f
JH		 721}
722
eec8d2bc
JH		 723static void mgmt_pending_free(struct pending_cmd *cmd)
724{
725 sock_put(cmd->sk);
c68fb7ff 726 kfree(cmd->param);
eec8d2bc
JH		 727 kfree(cmd);
728}
729
366a0336 730static struct pending_cmd *mgmt_pending_add(struct sock *sk, u16 opcode,
04124681
GP		 731 struct hci_dev *hdev, void *data,
732 u16 len)
eec8d2bc
JH		 733{
734 struct pending_cmd *cmd;
735
12b94565 736 cmd = kmalloc(sizeof(*cmd), GFP_KERNEL);
eec8d2bc 737 if (!cmd)
366a0336 738 return NULL;
eec8d2bc
JH		 739
740 cmd->opcode = opcode;
2e58ef3e 741 cmd->index = hdev->id;
eec8d2bc 742
12b94565 743 cmd->param = kmalloc(len, GFP_KERNEL);
c68fb7ff 744 if (!cmd->param) {
eec8d2bc 745 kfree(cmd);
366a0336 746 return NULL;
eec8d2bc
JH		 747 }
748
8fce6357
SJ		 749 if (data)
750 memcpy(cmd->param, data, len);
eec8d2bc
JH		 751
752 cmd->sk = sk;
753 sock_hold(sk);
754
2e58ef3e 755 list_add(&cmd->list, &hdev->mgmt_pending);
eec8d2bc 756
366a0336 757 return cmd;
eec8d2bc
JH		 758}
759
744cf19e 760static void mgmt_pending_foreach(u16 opcode, struct hci_dev *hdev,
8fc9ced3
GP		 761 void (*cb)(struct pending_cmd *cmd,
762 void *data),
04124681 763 void *data)
eec8d2bc 764{
a3d09356 765 struct pending_cmd *cmd, *tmp;
eec8d2bc 766
a3d09356 767 list_for_each_entry_safe(cmd, tmp, &hdev->mgmt_pending, list) {
b24752fe 768 if (opcode > 0 && cmd->opcode != opcode)
eec8d2bc
JH		 769 continue;
770
eec8d2bc
JH		 771 cb(cmd, data);
772 }
773}
774
2e58ef3e 775static struct pending_cmd *mgmt_pending_find(u16 opcode, struct hci_dev *hdev)
eec8d2bc 776{
8035ded4 777 struct pending_cmd *cmd;
eec8d2bc 778
2e58ef3e 779 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
2aeabcbe
JH		 780 if (cmd->opcode == opcode)
781 return cmd;
eec8d2bc
JH		 782 }
783
784 return NULL;
785}
786
a664b5bc 787static void mgmt_pending_remove(struct pending_cmd *cmd)
73f22f62 788{
73f22f62
JH		 789 list_del(&cmd->list);
790 mgmt_pending_free(cmd);
791}
792
69ab39ea 793static int send_settings_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
8680570b 794{
69ab39ea 795 __le32 settings = cpu_to_le32(get_current_settings(hdev));
8680570b 796
aee9b218 797 return cmd_complete(sk, hdev->id, opcode, 0, &settings,
04124681 798 sizeof(settings));
8680570b
JH		 799}
800
bdb6d971 801static int set_powered(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 802 u16 len)
eec8d2bc 803{
650f726d 804 struct mgmt_mode *cp = data;
366a0336 805 struct pending_cmd *cmd;
4b34ee78 806 int err;
eec8d2bc 807
bdb6d971 808 BT_DBG("request for %s", hdev->name);
eec8d2bc 809
a7e80f25
JH		 810 if (cp->val != 0x00 && cp->val != 0x01)
811 return cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
812 MGMT_STATUS_INVALID_PARAMS);
813
09fd0de5 814 hci_dev_lock(hdev);
eec8d2bc 815
f0d4b78a
MH		 816 if (test_and_clear_bit(HCI_AUTO_OFF, &hdev->dev_flags)) {
817 cancel_delayed_work(&hdev->power_off);
818
819 if (cp->val) {
a1d70450
JH		 820 mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev,
821 data, len);
822 err = mgmt_powered(hdev, 1);
f0d4b78a
MH		 823 goto failed;
824 }
825 }
826
4b34ee78 827 if (!!cp->val == hdev_is_powered(hdev)) {
69ab39ea 828 err = send_settings_rsp(sk, MGMT_OP_SET_POWERED, hdev);
eec8d2bc
JH		 829 goto failed;
830 }
831
2e58ef3e 832 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev)) {
bdb6d971 833 err = cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
04124681 834 MGMT_STATUS_BUSY);
eec8d2bc
JH		 835 goto failed;
836 }
837
2e58ef3e 838 cmd = mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev, data, len);
366a0336
JH		 839 if (!cmd) {
840 err = -ENOMEM;
eec8d2bc 841 goto failed;
366a0336 842 }
eec8d2bc 843
72a734ec 844 if (cp->val)
19202573 845 queue_work(hdev->req_workqueue, &hdev->power_on);
eec8d2bc 846 else
19202573 847 queue_work(hdev->req_workqueue, &hdev->power_off.work);
eec8d2bc 848
366a0336 849 err = 0;
eec8d2bc
JH		 850
851failed:
09fd0de5 852 hci_dev_unlock(hdev);
366a0336 853 return err;
eec8d2bc
JH		 854}
855
04124681
GP		 856static int mgmt_event(u16 event, struct hci_dev *hdev, void *data, u16 data_len,
857 struct sock *skip_sk)
beadb2bd
JH		 858{
859 struct sk_buff *skb;
860 struct mgmt_hdr *hdr;
861
790eff44 862 skb = alloc_skb(sizeof(*hdr) + data_len, GFP_KERNEL);
beadb2bd
JH		 863 if (!skb)
864 return -ENOMEM;
865
866 hdr = (void *) skb_put(skb, sizeof(*hdr));
867 hdr->opcode = cpu_to_le16(event);
868 if (hdev)
869 hdr->index = cpu_to_le16(hdev->id);
870 else
612dfce9 871 hdr->index = __constant_cpu_to_le16(MGMT_INDEX_NONE);
beadb2bd
JH		 872 hdr->len = cpu_to_le16(data_len);
873
874 if (data)
875 memcpy(skb_put(skb, data_len), data, data_len);
876
97e0bdeb
MH		 877 /* Time stamp */
878 __net_timestamp(skb);
879
beadb2bd
JH		 880 hci_send_to_control(skb, skip_sk);
881 kfree_skb(skb);
882
883 return 0;
884}
885
886static int new_settings(struct hci_dev *hdev, struct sock *skip)
887{
888 __le32 ev;
889
890 ev = cpu_to_le32(get_current_settings(hdev));
891
892 return mgmt_event(MGMT_EV_NEW_SETTINGS, hdev, &ev, sizeof(ev), skip);
893}
894
bdb6d971 895static int set_discoverable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 896 u16 len)
73f22f62 897{
650f726d 898 struct mgmt_cp_set_discoverable *cp = data;
366a0336 899 struct pending_cmd *cmd;
5e5282bb 900 u16 timeout;
73f22f62
JH		 901 u8 scan;
902 int err;
903
bdb6d971 904 BT_DBG("request for %s", hdev->name);
73f22f62 905
33c525c0
JH		 906 if (!lmp_bredr_capable(hdev))
907 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
908 MGMT_STATUS_NOT_SUPPORTED);
909
a7e80f25
JH		 910 if (cp->val != 0x00 && cp->val != 0x01)
911 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
912 MGMT_STATUS_INVALID_PARAMS);
913
1f350c87 914 timeout = __le16_to_cpu(cp->timeout);
24c54a90 915 if (!cp->val && timeout > 0)
bdb6d971 916 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 917 MGMT_STATUS_INVALID_PARAMS);
73f22f62 918
09fd0de5 919 hci_dev_lock(hdev);
73f22f62 920
5e5282bb 921 if (!hdev_is_powered(hdev) && timeout > 0) {
bdb6d971 922 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 923 MGMT_STATUS_NOT_POWERED);
73f22f62
JH		 924 goto failed;
925 }
926
2e58ef3e 927 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
8ce8e2b5 928 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
bdb6d971 929 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 930 MGMT_STATUS_BUSY);
73f22f62
JH		 931 goto failed;
932 }
933
5e5282bb 934 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags)) {
bdb6d971 935 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 936 MGMT_STATUS_REJECTED);
5e5282bb
JH		 937 goto failed;
938 }
939
940 if (!hdev_is_powered(hdev)) {
0224d2fa
JH		 941 bool changed = false;
942
943 if (!!cp->val != test_bit(HCI_DISCOVERABLE, &hdev->dev_flags)) {
944 change_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
945 changed = true;
946 }
947
5e5282bb 948 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
0224d2fa
JH		 949 if (err < 0)
950 goto failed;
951
952 if (changed)
953 err = new_settings(hdev, sk);
954
5e5282bb
JH		 955 goto failed;
956 }
957
958 if (!!cp->val == test_bit(HCI_DISCOVERABLE, &hdev->dev_flags)) {
955638ec
MH		 959 if (hdev->discov_timeout > 0) {
960 cancel_delayed_work(&hdev->discov_off);
961 hdev->discov_timeout = 0;
962 }
963
964 if (cp->val && timeout > 0) {
965 hdev->discov_timeout = timeout;
966 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
967 msecs_to_jiffies(hdev->discov_timeout * 1000));
968 }
969
69ab39ea 970 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
73f22f62
JH		 971 goto failed;
972 }
973
2e58ef3e 974 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DISCOVERABLE, hdev, data, len);
366a0336
JH		 975 if (!cmd) {
976 err = -ENOMEM;
73f22f62 977 goto failed;
366a0336 978 }
73f22f62
JH		 979
980 scan = SCAN_PAGE;
981
72a734ec 982 if (cp->val)
73f22f62 983 scan |= SCAN_INQUIRY;
16ab91ab 984 else
e0f9309f 985 cancel_delayed_work(&hdev->discov_off);
73f22f62
JH		 986
987 err = hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
988 if (err < 0)
a664b5bc 989 mgmt_pending_remove(cmd);
73f22f62 990
16ab91ab 991 if (cp->val)
5e5282bb 992 hdev->discov_timeout = timeout;
16ab91ab 993
73f22f62 994failed:
09fd0de5 995 hci_dev_unlock(hdev);
73f22f62
JH		 996 return err;
997}
998
bdb6d971 999static int set_connectable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1000 u16 len)
9fbcbb45 1001{
650f726d 1002 struct mgmt_mode *cp = data;
366a0336 1003 struct pending_cmd *cmd;
9fbcbb45
JH		 1004 u8 scan;
1005 int err;
1006
bdb6d971 1007 BT_DBG("request for %s", hdev->name);
9fbcbb45 1008
33c525c0
JH		 1009 if (!lmp_bredr_capable(hdev))
1010 return cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1011 MGMT_STATUS_NOT_SUPPORTED);
1012
a7e80f25
JH		 1013 if (cp->val != 0x00 && cp->val != 0x01)
1014 return cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1015 MGMT_STATUS_INVALID_PARAMS);
1016
09fd0de5 1017 hci_dev_lock(hdev);
9fbcbb45 1018
4b34ee78 1019 if (!hdev_is_powered(hdev)) {
0224d2fa
JH		 1020 bool changed = false;
1021
1022 if (!!cp->val != test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
1023 changed = true;
1024
6bf0e469 1025 if (cp->val) {
5e5282bb 1026 set_bit(HCI_CONNECTABLE, &hdev->dev_flags);
6bf0e469 1027 } else {
5e5282bb
JH		 1028 clear_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1029 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
1030 }
0224d2fa 1031
5e5282bb 1032 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
0224d2fa
JH		 1033 if (err < 0)
1034 goto failed;
1035
1036 if (changed)
1037 err = new_settings(hdev, sk);
1038
9fbcbb45
JH		 1039 goto failed;
1040 }
1041
2e58ef3e 1042 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
8ce8e2b5 1043 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
bdb6d971 1044 err = cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
04124681 1045 MGMT_STATUS_BUSY);
9fbcbb45
JH		 1046 goto failed;
1047 }
1048
5e5282bb 1049 if (!!cp->val == test_bit(HCI_PSCAN, &hdev->flags)) {
69ab39ea 1050 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
9fbcbb45
JH		 1051 goto failed;
1052 }
1053
2e58ef3e 1054 cmd = mgmt_pending_add(sk, MGMT_OP_SET_CONNECTABLE, hdev, data, len);
366a0336
JH		 1055 if (!cmd) {
1056 err = -ENOMEM;
9fbcbb45 1057 goto failed;
366a0336 1058 }
9fbcbb45 1059
6bf0e469 1060 if (cp->val) {
9fbcbb45 1061 scan = SCAN_PAGE;
6bf0e469 1062 } else {
9fbcbb45
JH		 1063 scan = 0;
1064
df2c6c5e 1065 if (test_bit(HCI_ISCAN, &hdev->flags) &&
8ce8e2b5 1066 hdev->discov_timeout > 0)
df2c6c5e
JH		 1067 cancel_delayed_work(&hdev->discov_off);
1068 }
1069
9fbcbb45
JH		 1070 err = hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1071 if (err < 0)
a664b5bc 1072 mgmt_pending_remove(cmd);
9fbcbb45
JH		 1073
1074failed:
09fd0de5 1075 hci_dev_unlock(hdev);
9fbcbb45
JH		 1076 return err;
1077}
1078
bdb6d971 1079static int set_pairable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1080 u16 len)
c542a06c 1081{
650f726d 1082 struct mgmt_mode *cp = data;
c542a06c
JH		 1083 int err;
1084
bdb6d971 1085 BT_DBG("request for %s", hdev->name);
c542a06c 1086
a7e80f25
JH		 1087 if (cp->val != 0x00 && cp->val != 0x01)
1088 return cmd_status(sk, hdev->id, MGMT_OP_SET_PAIRABLE,
1089 MGMT_STATUS_INVALID_PARAMS);
1090
09fd0de5 1091 hci_dev_lock(hdev);
c542a06c
JH		 1092
1093 if (cp->val)
a8b2d5c2 1094 set_bit(HCI_PAIRABLE, &hdev->dev_flags);
c542a06c 1095 else
a8b2d5c2 1096 clear_bit(HCI_PAIRABLE, &hdev->dev_flags);
c542a06c 1097
69ab39ea 1098 err = send_settings_rsp(sk, MGMT_OP_SET_PAIRABLE, hdev);
c542a06c
JH		 1099 if (err < 0)
1100 goto failed;
1101
beadb2bd 1102 err = new_settings(hdev, sk);
c542a06c
JH		 1103
1104failed:
09fd0de5 1105 hci_dev_unlock(hdev);
c542a06c
JH		 1106 return err;
1107}
1108
04124681
GP		 1109static int set_link_security(struct sock *sk, struct hci_dev *hdev, void *data,
1110 u16 len)
33ef95ed
JH		 1111{
1112 struct mgmt_mode *cp = data;
1113 struct pending_cmd *cmd;
816a11d5 1114 u8 val;
33ef95ed
JH		 1115 int err;
1116
bdb6d971 1117 BT_DBG("request for %s", hdev->name);
33ef95ed 1118
33c525c0
JH		 1119 if (!lmp_bredr_capable(hdev))
1120 return cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1121 MGMT_STATUS_NOT_SUPPORTED);
1122
a7e80f25
JH		 1123 if (cp->val != 0x00 && cp->val != 0x01)
1124 return cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1125 MGMT_STATUS_INVALID_PARAMS);
1126
33ef95ed
JH		 1127 hci_dev_lock(hdev);
1128
4b34ee78 1129 if (!hdev_is_powered(hdev)) {
47990ea0
JH		 1130 bool changed = false;
1131
1132 if (!!cp->val != test_bit(HCI_LINK_SECURITY,
8ce8e2b5 1133 &hdev->dev_flags)) {
47990ea0
JH		 1134 change_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
1135 changed = true;
1136 }
1137
1138 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1139 if (err < 0)
1140 goto failed;
1141
1142 if (changed)
1143 err = new_settings(hdev, sk);
1144
33ef95ed
JH		 1145 goto failed;
1146 }
1147
1148 if (mgmt_pending_find(MGMT_OP_SET_LINK_SECURITY, hdev)) {
bdb6d971 1149 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
04124681 1150 MGMT_STATUS_BUSY);
33ef95ed
JH		 1151 goto failed;
1152 }
1153
1154 val = !!cp->val;
1155
1156 if (test_bit(HCI_AUTH, &hdev->flags) == val) {
1157 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1158 goto failed;
1159 }
1160
1161 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LINK_SECURITY, hdev, data, len);
1162 if (!cmd) {
1163 err = -ENOMEM;
1164 goto failed;
1165 }
1166
1167 err = hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE, sizeof(val), &val);
1168 if (err < 0) {
1169 mgmt_pending_remove(cmd);
1170 goto failed;
1171 }
1172
1173failed:
1174 hci_dev_unlock(hdev);
33ef95ed
JH		 1175 return err;
1176}
1177
bdb6d971 1178static int set_ssp(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
ed2c4ee3
JH		 1179{
1180 struct mgmt_mode *cp = data;
1181 struct pending_cmd *cmd;
816a11d5 1182 u8 val;
ed2c4ee3
JH		 1183 int err;
1184
bdb6d971 1185 BT_DBG("request for %s", hdev->name);
ed2c4ee3 1186
13ecd8b6
JH		 1187 if (!lmp_ssp_capable(hdev))
1188 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1189 MGMT_STATUS_NOT_SUPPORTED);
ed2c4ee3 1190
a7e80f25
JH		 1191 if (cp->val != 0x00 && cp->val != 0x01)
1192 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1193 MGMT_STATUS_INVALID_PARAMS);
1194
13ecd8b6 1195 hci_dev_lock(hdev);
6c8f12c1 1196
c0ecddc2
JH		 1197 val = !!cp->val;
1198
4b34ee78 1199 if (!hdev_is_powered(hdev)) {
c0ecddc2
JH		 1200 bool changed = false;
1201
1202 if (val != test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) {
1203 change_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
1204 changed = true;
1205 }
1206
1207 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1208 if (err < 0)
1209 goto failed;
1210
1211 if (changed)
1212 err = new_settings(hdev, sk);
1213
ed2c4ee3
JH		 1214 goto failed;
1215 }
1216
1217 if (mgmt_pending_find(MGMT_OP_SET_SSP, hdev)) {
d97dcb66
SJ		 1218 err = cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1219 MGMT_STATUS_BUSY);
ed2c4ee3
JH		 1220 goto failed;
1221 }
1222
ed2c4ee3
JH		 1223 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags) == val) {
1224 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1225 goto failed;
1226 }
1227
1228 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SSP, hdev, data, len);
1229 if (!cmd) {
1230 err = -ENOMEM;
1231 goto failed;
1232 }
1233
1234 err = hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, sizeof(val), &val);
1235 if (err < 0) {
1236 mgmt_pending_remove(cmd);
1237 goto failed;
1238 }
1239
1240failed:
1241 hci_dev_unlock(hdev);
ed2c4ee3
JH		 1242 return err;
1243}
1244
bdb6d971 1245static int set_hs(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
6d80dfd0
JH		 1246{
1247 struct mgmt_mode *cp = data;
6d80dfd0 1248
bdb6d971 1249 BT_DBG("request for %s", hdev->name);
6d80dfd0 1250
bdb6d971
JH		 1251 if (!enable_hs)
1252 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
04124681 1253 MGMT_STATUS_NOT_SUPPORTED);
6d80dfd0 1254
a7e80f25
JH		 1255 if (cp->val != 0x00 && cp->val != 0x01)
1256 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1257 MGMT_STATUS_INVALID_PARAMS);
1258
6d80dfd0
JH		 1259 if (cp->val)
1260 set_bit(HCI_HS_ENABLED, &hdev->dev_flags);
1261 else
1262 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
1263
bdb6d971 1264 return send_settings_rsp(sk, MGMT_OP_SET_HS, hdev);
6d80dfd0
JH		 1265}
1266
bdb6d971 1267static int set_le(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
06199cf8
JH		 1268{
1269 struct mgmt_mode *cp = data;
1270 struct hci_cp_write_le_host_supported hci_cp;
1271 struct pending_cmd *cmd;
06199cf8 1272 int err;
0b60eba1 1273 u8 val, enabled;
06199cf8 1274
bdb6d971 1275 BT_DBG("request for %s", hdev->name);
06199cf8 1276
13ecd8b6
JH		 1277 if (!lmp_le_capable(hdev))
1278 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1279 MGMT_STATUS_NOT_SUPPORTED);
1de028ce 1280
a7e80f25
JH		 1281 if (cp->val != 0x00 && cp->val != 0x01)
1282 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1283 MGMT_STATUS_INVALID_PARAMS);
1284
13ecd8b6 1285 hci_dev_lock(hdev);
06199cf8
JH		 1286
1287 val = !!cp->val;
ffa88e02 1288 enabled = lmp_host_le_capable(hdev);
06199cf8 1289
0b60eba1 1290 if (!hdev_is_powered(hdev) || val == enabled) {
06199cf8
JH		 1291 bool changed = false;
1292
1293 if (val != test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
1294 change_bit(HCI_LE_ENABLED, &hdev->dev_flags);
1295 changed = true;
1296 }
1297
1298 err = send_settings_rsp(sk, MGMT_OP_SET_LE, hdev);
1299 if (err < 0)
1de028ce 1300 goto unlock;
06199cf8
JH		 1301
1302 if (changed)
1303 err = new_settings(hdev, sk);
1304
1de028ce 1305 goto unlock;
06199cf8
JH		 1306 }
1307
1308 if (mgmt_pending_find(MGMT_OP_SET_LE, hdev)) {
bdb6d971 1309 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
04124681 1310 MGMT_STATUS_BUSY);
1de028ce 1311 goto unlock;
06199cf8
JH		 1312 }
1313
1314 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LE, hdev, data, len);
1315 if (!cmd) {
1316 err = -ENOMEM;
1de028ce 1317 goto unlock;
06199cf8
JH		 1318 }
1319
1320 memset(&hci_cp, 0, sizeof(hci_cp));
1321
1322 if (val) {
1323 hci_cp.le = val;
ffa88e02 1324 hci_cp.simul = lmp_le_br_capable(hdev);
06199cf8
JH		 1325 }
1326
04124681
GP		 1327 err = hci_send_cmd(hdev, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(hci_cp),
1328 &hci_cp);
0c01bc48 1329 if (err < 0)
06199cf8 1330 mgmt_pending_remove(cmd);
06199cf8 1331
1de028ce
JH		 1332unlock:
1333 hci_dev_unlock(hdev);
06199cf8
JH		 1334 return err;
1335}
1336
0cab9c80
JH		 1337/* This is a helper function to test for pending mgmt commands that can
1338 * cause CoD or EIR HCI commands. We can only allow one such pending
1339 * mgmt command at a time since otherwise we cannot easily track what
1340 * the current values are, will be, and based on that calculate if a new
1341 * HCI command needs to be sent and if yes with what value.
1342 */
1343static bool pending_eir_or_class(struct hci_dev *hdev)
1344{
1345 struct pending_cmd *cmd;
1346
1347 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
1348 switch (cmd->opcode) {
1349 case MGMT_OP_ADD_UUID:
1350 case MGMT_OP_REMOVE_UUID:
1351 case MGMT_OP_SET_DEV_CLASS:
1352 case MGMT_OP_SET_POWERED:
1353 return true;
1354 }
1355 }
1356
1357 return false;
1358}
1359
83be8eca
JH		 1360static const u8 bluetooth_base_uuid[] = {
1361 0xfb, 0x34, 0x9b, 0x5f, 0x80, 0x00, 0x00, 0x80,
1362 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1363};
1364
1365static u8 get_uuid_size(const u8 *uuid)
1366{
1367 u32 val;
1368
1369 if (memcmp(uuid, bluetooth_base_uuid, 12))
1370 return 128;
1371
1372 val = get_unaligned_le32(&uuid[12]);
1373 if (val > 0xffff)
1374 return 32;
1375
1376 return 16;
1377}
1378
92da6097
JH		 1379static void mgmt_class_complete(struct hci_dev *hdev, u16 mgmt_op, u8 status)
1380{
1381 struct pending_cmd *cmd;
1382
1383 hci_dev_lock(hdev);
1384
1385 cmd = mgmt_pending_find(mgmt_op, hdev);
1386 if (!cmd)
1387 goto unlock;
1388
1389 cmd_complete(cmd->sk, cmd->index, cmd->opcode, mgmt_status(status),
1390 hdev->dev_class, 3);
1391
1392 mgmt_pending_remove(cmd);
1393
1394unlock:
1395 hci_dev_unlock(hdev);
1396}
1397
1398static void add_uuid_complete(struct hci_dev *hdev, u8 status)
1399{
1400 BT_DBG("status 0x%02x", status);
1401
1402 mgmt_class_complete(hdev, MGMT_OP_ADD_UUID, status);
1403}
1404
bdb6d971 1405static int add_uuid(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
2aeb9a1a 1406{
650f726d 1407 struct mgmt_cp_add_uuid *cp = data;
90e70454 1408 struct pending_cmd *cmd;
890ea898 1409 struct hci_request req;
2aeb9a1a 1410 struct bt_uuid *uuid;
2aeb9a1a
JH		 1411 int err;
1412
bdb6d971 1413 BT_DBG("request for %s", hdev->name);
2aeb9a1a 1414
09fd0de5 1415 hci_dev_lock(hdev);
2aeb9a1a 1416
0cab9c80 1417 if (pending_eir_or_class(hdev)) {
bdb6d971 1418 err = cmd_status(sk, hdev->id, MGMT_OP_ADD_UUID,
04124681 1419 MGMT_STATUS_BUSY);
c95f0ba7
JH		 1420 goto failed;
1421 }
1422
92c4c204 1423 uuid = kmalloc(sizeof(*uuid), GFP_KERNEL);
2aeb9a1a
JH		 1424 if (!uuid) {
1425 err = -ENOMEM;
1426 goto failed;
1427 }
1428
1429 memcpy(uuid->uuid, cp->uuid, 16);
1aff6f09 1430 uuid->svc_hint = cp->svc_hint;
83be8eca 1431 uuid->size = get_uuid_size(cp->uuid);
2aeb9a1a 1432
de66aa63 1433 list_add_tail(&uuid->list, &hdev->uuids);
2aeb9a1a 1434
890ea898 1435 hci_req_init(&req, hdev);
1aff6f09 1436
890ea898
JH		 1437 update_class(&req);
1438 update_eir(&req);
1439
92da6097
JH		 1440 err = hci_req_run(&req, add_uuid_complete);
1441 if (err < 0) {
1442 if (err != -ENODATA)
1443 goto failed;
80a1e1db 1444
bdb6d971 1445 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_UUID, 0,
04124681 1446 hdev->dev_class, 3);
90e70454
JH		 1447 goto failed;
1448 }
1449
1450 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_UUID, hdev, data, len);
890ea898 1451 if (!cmd) {
90e70454 1452 err = -ENOMEM;
890ea898
JH		 1453 goto failed;
1454 }
1455
1456 err = 0;
2aeb9a1a
JH		 1457
1458failed:
09fd0de5 1459 hci_dev_unlock(hdev);
2aeb9a1a
JH		 1460 return err;
1461}
1462
24b78d0f
JH		 1463static bool enable_service_cache(struct hci_dev *hdev)
1464{
1465 if (!hdev_is_powered(hdev))
1466 return false;
1467
1468 if (!test_and_set_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
46818ed5
JH		 1469 queue_delayed_work(hdev->workqueue, &hdev->service_cache,
1470 CACHE_TIMEOUT);
24b78d0f
JH		 1471 return true;
1472 }
1473
1474 return false;
1475}
1476
92da6097
JH		 1477static void remove_uuid_complete(struct hci_dev *hdev, u8 status)
1478{
1479 BT_DBG("status 0x%02x", status);
1480
1481 mgmt_class_complete(hdev, MGMT_OP_REMOVE_UUID, status);
1482}
1483
bdb6d971 1484static int remove_uuid(struct sock *sk, struct hci_dev *hdev, void *data,
8ce8e2b5 1485 u16 len)
2aeb9a1a 1486{
650f726d 1487 struct mgmt_cp_remove_uuid *cp = data;
90e70454 1488 struct pending_cmd *cmd;
056341c8 1489 struct bt_uuid *match, *tmp;
2aeb9a1a 1490 u8 bt_uuid_any[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
890ea898 1491 struct hci_request req;
2aeb9a1a
JH		 1492 int err, found;
1493
bdb6d971 1494 BT_DBG("request for %s", hdev->name);
2aeb9a1a 1495
09fd0de5 1496 hci_dev_lock(hdev);
2aeb9a1a 1497
0cab9c80 1498 if (pending_eir_or_class(hdev)) {
bdb6d971 1499 err = cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
04124681 1500 MGMT_STATUS_BUSY);
c95f0ba7
JH		 1501 goto unlock;
1502 }
1503
2aeb9a1a
JH		 1504 if (memcmp(cp->uuid, bt_uuid_any, 16) == 0) {
1505 err = hci_uuids_clear(hdev);
4004b6d9 1506
24b78d0f 1507 if (enable_service_cache(hdev)) {
bdb6d971 1508 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID,
04124681 1509 0, hdev->dev_class, 3);
24b78d0f
JH		 1510 goto unlock;
1511 }
4004b6d9 1512
9246a869 1513 goto update_class;
2aeb9a1a
JH		 1514 }
1515
1516 found = 0;
1517
056341c8 1518 list_for_each_entry_safe(match, tmp, &hdev->uuids, list) {
2aeb9a1a
JH		 1519 if (memcmp(match->uuid, cp->uuid, 16) != 0)
1520 continue;
1521
1522 list_del(&match->list);
482049f7 1523 kfree(match);
2aeb9a1a
JH		 1524 found++;
1525 }
1526
1527 if (found == 0) {
bdb6d971 1528 err = cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
04124681 1529 MGMT_STATUS_INVALID_PARAMS);
2aeb9a1a
JH		 1530 goto unlock;
1531 }
1532
9246a869 1533update_class:
890ea898 1534 hci_req_init(&req, hdev);
1aff6f09 1535
890ea898
JH		 1536 update_class(&req);
1537 update_eir(&req);
1538
92da6097
JH		 1539 err = hci_req_run(&req, remove_uuid_complete);
1540 if (err < 0) {
1541 if (err != -ENODATA)
1542 goto unlock;
80a1e1db 1543
bdb6d971 1544 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID, 0,
04124681 1545 hdev->dev_class, 3);
90e70454
JH		 1546 goto unlock;
1547 }
1548
1549 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_UUID, hdev, data, len);
890ea898 1550 if (!cmd) {
90e70454 1551 err = -ENOMEM;
890ea898
JH		 1552 goto unlock;
1553 }
1554
1555 err = 0;
2aeb9a1a
JH		 1556
1557unlock:
09fd0de5 1558 hci_dev_unlock(hdev);
2aeb9a1a
JH		 1559 return err;
1560}
1561
92da6097
JH		 1562static void set_class_complete(struct hci_dev *hdev, u8 status)
1563{
1564 BT_DBG("status 0x%02x", status);
1565
1566 mgmt_class_complete(hdev, MGMT_OP_SET_DEV_CLASS, status);
1567}
1568
bdb6d971 1569static int set_dev_class(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1570 u16 len)
1aff6f09 1571{
650f726d 1572 struct mgmt_cp_set_dev_class *cp = data;
90e70454 1573 struct pending_cmd *cmd;
890ea898 1574 struct hci_request req;
1aff6f09
JH		 1575 int err;
1576
bdb6d971 1577 BT_DBG("request for %s", hdev->name);
1aff6f09 1578
13ecd8b6
JH		 1579 if (!lmp_bredr_capable(hdev))
1580 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
1581 MGMT_STATUS_NOT_SUPPORTED);
1aff6f09 1582
0cab9c80 1583 hci_dev_lock(hdev);
ee98f473 1584
0cab9c80
JH		 1585 if (pending_eir_or_class(hdev)) {
1586 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
1587 MGMT_STATUS_BUSY);
1588 goto unlock;
1589 }
c95f0ba7 1590
0cab9c80
JH		 1591 if ((cp->minor & 0x03) != 0 || (cp->major & 0xe0) != 0) {
1592 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
1593 MGMT_STATUS_INVALID_PARAMS);
1594 goto unlock;
1595 }
575b3a02 1596
932f5ff5
JH		 1597 hdev->major_class = cp->major;
1598 hdev->minor_class = cp->minor;
1599
b5235a65 1600 if (!hdev_is_powered(hdev)) {
bdb6d971 1601 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
04124681 1602 hdev->dev_class, 3);
b5235a65
JH		 1603 goto unlock;
1604 }
1605
890ea898
JH		 1606 hci_req_init(&req, hdev);
1607
a8b2d5c2 1608 if (test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
7d78525d
JH		 1609 hci_dev_unlock(hdev);
1610 cancel_delayed_work_sync(&hdev->service_cache);
1611 hci_dev_lock(hdev);
890ea898 1612 update_eir(&req);
7d78525d 1613 }
14c0b608 1614
890ea898
JH		 1615 update_class(&req);
1616
92da6097
JH		 1617 err = hci_req_run(&req, set_class_complete);
1618 if (err < 0) {
1619 if (err != -ENODATA)
1620 goto unlock;
1aff6f09 1621
bdb6d971 1622 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
04124681 1623 hdev->dev_class, 3);
90e70454
JH		 1624 goto unlock;
1625 }
1626
1627 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DEV_CLASS, hdev, data, len);
890ea898 1628 if (!cmd) {
90e70454 1629 err = -ENOMEM;
890ea898
JH		 1630 goto unlock;
1631 }
1632
1633 err = 0;
1aff6f09 1634
b5235a65 1635unlock:
09fd0de5 1636 hci_dev_unlock(hdev);
1aff6f09
JH		 1637 return err;
1638}
1639
bdb6d971 1640static int load_link_keys(struct sock *sk, struct hci_dev *hdev, void *data,
8ce8e2b5 1641 u16 len)
55ed8ca1 1642{
650f726d 1643 struct mgmt_cp_load_link_keys *cp = data;
4e51eae9 1644 u16 key_count, expected_len;
a492cd52 1645 int i;
55ed8ca1 1646
1f350c87 1647 key_count = __le16_to_cpu(cp->key_count);
55ed8ca1 1648
86742e1e
JH		 1649 expected_len = sizeof(*cp) + key_count *
1650 sizeof(struct mgmt_link_key_info);
a492cd52 1651 if (expected_len != len) {
86742e1e 1652 BT_ERR("load_link_keys: expected %u bytes, got %u bytes",
8ce8e2b5 1653 len, expected_len);
bdb6d971 1654 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
04124681 1655 MGMT_STATUS_INVALID_PARAMS);
55ed8ca1
JH		 1656 }
1657
4ae14301
JH		 1658 if (cp->debug_keys != 0x00 && cp->debug_keys != 0x01)
1659 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
1660 MGMT_STATUS_INVALID_PARAMS);
1661
bdb6d971 1662 BT_DBG("%s debug_keys %u key_count %u", hdev->name, cp->debug_keys,
8ce8e2b5 1663 key_count);
55ed8ca1 1664
4ee71b20
JH		 1665 for (i = 0; i < key_count; i++) {
1666 struct mgmt_link_key_info *key = &cp->keys[i];
1667
1668 if (key->addr.type != BDADDR_BREDR)
1669 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
1670 MGMT_STATUS_INVALID_PARAMS);
1671 }
1672
09fd0de5 1673 hci_dev_lock(hdev);
55ed8ca1
JH		 1674
1675 hci_link_keys_clear(hdev);
1676
a8b2d5c2 1677 set_bit(HCI_LINK_KEYS, &hdev->dev_flags);
55ed8ca1
JH		 1678
1679 if (cp->debug_keys)
a8b2d5c2 1680 set_bit(HCI_DEBUG_KEYS, &hdev->dev_flags);
55ed8ca1 1681 else
a8b2d5c2 1682 clear_bit(HCI_DEBUG_KEYS, &hdev->dev_flags);
55ed8ca1 1683
a492cd52 1684 for (i = 0; i < key_count; i++) {
86742e1e 1685 struct mgmt_link_key_info *key = &cp->keys[i];
55ed8ca1 1686
d753fdc4 1687 hci_add_link_key(hdev, NULL, 0, &key->addr.bdaddr, key->val,
04124681 1688 key->type, key->pin_len);
55ed8ca1
JH		 1689 }
1690
bdb6d971 1691 cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS, 0, NULL, 0);
0e5f875a 1692
09fd0de5 1693 hci_dev_unlock(hdev);
55ed8ca1 1694
a492cd52 1695 return 0;
55ed8ca1
JH		 1696}
1697
b1078ad0 1698static int device_unpaired(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 1699 u8 addr_type, struct sock *skip_sk)
b1078ad0
JH		 1700{
1701 struct mgmt_ev_device_unpaired ev;
1702
1703 bacpy(&ev.addr.bdaddr, bdaddr);
1704 ev.addr.type = addr_type;
1705
1706 return mgmt_event(MGMT_EV_DEVICE_UNPAIRED, hdev, &ev, sizeof(ev),
04124681 1707 skip_sk);
b1078ad0
JH		 1708}
1709
bdb6d971 1710static int unpair_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1711 u16 len)
55ed8ca1 1712{
124f6e35
JH		 1713 struct mgmt_cp_unpair_device *cp = data;
1714 struct mgmt_rp_unpair_device rp;
a8a1d19e
JH		 1715 struct hci_cp_disconnect dc;
1716 struct pending_cmd *cmd;
55ed8ca1 1717 struct hci_conn *conn;
55ed8ca1
JH		 1718 int err;
1719
a8a1d19e 1720 memset(&rp, 0, sizeof(rp));
124f6e35
JH		 1721 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
1722 rp.addr.type = cp->addr.type;
a8a1d19e 1723
4ee71b20
JH		 1724 if (!bdaddr_type_is_valid(cp->addr.type))
1725 return cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
1726 MGMT_STATUS_INVALID_PARAMS,
1727 &rp, sizeof(rp));
1728
118da70b
JH		 1729 if (cp->disconnect != 0x00 && cp->disconnect != 0x01)
1730 return cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
1731 MGMT_STATUS_INVALID_PARAMS,
1732 &rp, sizeof(rp));
1733
4ee71b20
JH		 1734 hci_dev_lock(hdev);
1735
86a8cfc6 1736 if (!hdev_is_powered(hdev)) {
bdb6d971 1737 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
04124681 1738 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
86a8cfc6
JH		 1739 goto unlock;
1740 }
1741
591f47f3 1742 if (cp->addr.type == BDADDR_BREDR)
124f6e35
JH		 1743 err = hci_remove_link_key(hdev, &cp->addr.bdaddr);
1744 else
1745 err = hci_remove_ltk(hdev, &cp->addr.bdaddr);
b0dbfb46 1746
55ed8ca1 1747 if (err < 0) {
bdb6d971 1748 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
04124681 1749 MGMT_STATUS_NOT_PAIRED, &rp, sizeof(rp));
55ed8ca1
JH		 1750 goto unlock;
1751 }
1752
86a8cfc6 1753 if (cp->disconnect) {
591f47f3 1754 if (cp->addr.type == BDADDR_BREDR)
86a8cfc6 1755 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
8ce8e2b5 1756 &cp->addr.bdaddr);
86a8cfc6
JH		 1757 else
1758 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK,
8ce8e2b5 1759 &cp->addr.bdaddr);
86a8cfc6
JH		 1760 } else {
1761 conn = NULL;
1762 }
124f6e35 1763
a8a1d19e 1764 if (!conn) {
bdb6d971 1765 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE, 0,
04124681 1766 &rp, sizeof(rp));
b1078ad0 1767 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, sk);
a8a1d19e
JH		 1768 goto unlock;
1769 }
55ed8ca1 1770
124f6e35 1771 cmd = mgmt_pending_add(sk, MGMT_OP_UNPAIR_DEVICE, hdev, cp,
04124681 1772 sizeof(*cp));
a8a1d19e
JH		 1773 if (!cmd) {
1774 err = -ENOMEM;
1775 goto unlock;
55ed8ca1
JH		 1776 }
1777
eb55ef07 1778 dc.handle = cpu_to_le16(conn->handle);
a8a1d19e
JH		 1779 dc.reason = 0x13; /* Remote User Terminated Connection */
1780 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
1781 if (err < 0)
1782 mgmt_pending_remove(cmd);
1783
55ed8ca1 1784unlock:
09fd0de5 1785 hci_dev_unlock(hdev);
55ed8ca1
JH		 1786 return err;
1787}
1788
bdb6d971 1789static int disconnect(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1790 u16 len)
8962ee74 1791{
650f726d 1792 struct mgmt_cp_disconnect *cp = data;
06a63b19 1793 struct mgmt_rp_disconnect rp;
8962ee74 1794 struct hci_cp_disconnect dc;
366a0336 1795 struct pending_cmd *cmd;
8962ee74 1796 struct hci_conn *conn;
8962ee74
JH		 1797 int err;
1798
1799 BT_DBG("");
1800
06a63b19
JH		 1801 memset(&rp, 0, sizeof(rp));
1802 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
1803 rp.addr.type = cp->addr.type;
1804
4ee71b20 1805 if (!bdaddr_type_is_valid(cp->addr.type))
06a63b19
JH		 1806 return cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
1807 MGMT_STATUS_INVALID_PARAMS,
1808 &rp, sizeof(rp));
4ee71b20 1809
09fd0de5 1810 hci_dev_lock(hdev);
8962ee74
JH		 1811
1812 if (!test_bit(HCI_UP, &hdev->flags)) {
06a63b19
JH		 1813 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
1814 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
8962ee74
JH		 1815 goto failed;
1816 }
1817
2e58ef3e 1818 if (mgmt_pending_find(MGMT_OP_DISCONNECT, hdev)) {
06a63b19
JH		 1819 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
1820 MGMT_STATUS_BUSY, &rp, sizeof(rp));
8962ee74
JH		 1821 goto failed;
1822 }
1823
591f47f3 1824 if (cp->addr.type == BDADDR_BREDR)
8fc9ced3
GP		 1825 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
1826 &cp->addr.bdaddr);
88c3df13
JH		 1827 else
1828 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
365227e5 1829
f960727e 1830 if (!conn || conn->state == BT_OPEN || conn->state == BT_CLOSED) {
06a63b19
JH		 1831 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
1832 MGMT_STATUS_NOT_CONNECTED, &rp, sizeof(rp));
8962ee74
JH		 1833 goto failed;
1834 }
1835
2e58ef3e 1836 cmd = mgmt_pending_add(sk, MGMT_OP_DISCONNECT, hdev, data, len);
366a0336
JH		 1837 if (!cmd) {
1838 err = -ENOMEM;
8962ee74 1839 goto failed;
366a0336 1840 }
8962ee74 1841
eb55ef07 1842 dc.handle = cpu_to_le16(conn->handle);
3701f944 1843 dc.reason = HCI_ERROR_REMOTE_USER_TERM;
8962ee74
JH		 1844
1845 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
1846 if (err < 0)
a664b5bc 1847 mgmt_pending_remove(cmd);
8962ee74
JH		 1848
1849failed:
09fd0de5 1850 hci_dev_unlock(hdev);
8962ee74
JH		 1851 return err;
1852}
1853
57c1477c 1854static u8 link_to_bdaddr(u8 link_type, u8 addr_type)
4c659c39
JH		 1855{
1856 switch (link_type) {
1857 case LE_LINK:
48264f06
JH		 1858 switch (addr_type) {
1859 case ADDR_LE_DEV_PUBLIC:
591f47f3 1860 return BDADDR_LE_PUBLIC;
0ed09148 1861
48264f06 1862 default:
0ed09148 1863 /* Fallback to LE Random address type */
591f47f3 1864 return BDADDR_LE_RANDOM;
48264f06 1865 }
0ed09148 1866
4c659c39 1867 default:
0ed09148 1868 /* Fallback to BR/EDR type */
591f47f3 1869 return BDADDR_BREDR;
4c659c39
JH		 1870 }
1871}
1872
04124681
GP		 1873static int get_connections(struct sock *sk, struct hci_dev *hdev, void *data,
1874 u16 data_len)
2784eb41 1875{
2784eb41 1876 struct mgmt_rp_get_connections *rp;
8035ded4 1877 struct hci_conn *c;
a38528f1 1878 size_t rp_len;
60fc5fb6
JH		 1879 int err;
1880 u16 i;
2784eb41
JH		 1881
1882 BT_DBG("");
1883
09fd0de5 1884 hci_dev_lock(hdev);
2784eb41 1885
5f97c1df 1886 if (!hdev_is_powered(hdev)) {
bdb6d971 1887 err = cmd_status(sk, hdev->id, MGMT_OP_GET_CONNECTIONS,
04124681 1888 MGMT_STATUS_NOT_POWERED);
5f97c1df
JH		 1889 goto unlock;
1890 }
1891
60fc5fb6 1892 i = 0;
b644ba33
JH		 1893 list_for_each_entry(c, &hdev->conn_hash.list, list) {
1894 if (test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
60fc5fb6 1895 i++;
2784eb41
JH		 1896 }
1897
60fc5fb6 1898 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
92c4c204 1899 rp = kmalloc(rp_len, GFP_KERNEL);
a38528f1 1900 if (!rp) {
2784eb41
JH		 1901 err = -ENOMEM;
1902 goto unlock;
1903 }
1904
2784eb41 1905 i = 0;
4c659c39 1906 list_for_each_entry(c, &hdev->conn_hash.list, list) {
b644ba33
JH		 1907 if (!test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
1908 continue;
4c659c39 1909 bacpy(&rp->addr[i].bdaddr, &c->dst);
57c1477c 1910 rp->addr[i].type = link_to_bdaddr(c->type, c->dst_type);
0ed09148 1911 if (c->type == SCO_LINK || c->type == ESCO_LINK)
4c659c39
JH		 1912 continue;
1913 i++;
1914 }
1915
eb55ef07 1916 rp->conn_count = cpu_to_le16(i);
60fc5fb6 1917
4c659c39
JH		 1918 /* Recalculate length in case of filtered SCO connections, etc */
1919 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
2784eb41 1920
bdb6d971 1921 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CONNECTIONS, 0, rp,
04124681 1922 rp_len);
2784eb41 1923
a38528f1 1924 kfree(rp);
5f97c1df
JH		 1925
1926unlock:
09fd0de5 1927 hci_dev_unlock(hdev);
2784eb41
JH		 1928 return err;
1929}
1930
bdb6d971 1931static int send_pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 1932 struct mgmt_cp_pin_code_neg_reply *cp)
96d97a67
WR		 1933{
1934 struct pending_cmd *cmd;
1935 int err;
1936
2e58ef3e 1937 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_NEG_REPLY, hdev, cp,
04124681 1938 sizeof(*cp));
96d97a67
WR		 1939 if (!cmd)
1940 return -ENOMEM;
1941
d8457698 1942 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
04124681 1943 sizeof(cp->addr.bdaddr), &cp->addr.bdaddr);
96d97a67
WR		 1944 if (err < 0)
1945 mgmt_pending_remove(cmd);
1946
1947 return err;
1948}
1949
bdb6d971 1950static int pin_code_reply(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1951 u16 len)
980e1a53 1952{
96d97a67 1953 struct hci_conn *conn;
650f726d 1954 struct mgmt_cp_pin_code_reply *cp = data;
980e1a53 1955 struct hci_cp_pin_code_reply reply;
366a0336 1956 struct pending_cmd *cmd;
980e1a53
JH		 1957 int err;
1958
1959 BT_DBG("");
1960
09fd0de5 1961 hci_dev_lock(hdev);
980e1a53 1962
4b34ee78 1963 if (!hdev_is_powered(hdev)) {
bdb6d971 1964 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
04124681 1965 MGMT_STATUS_NOT_POWERED);
980e1a53
JH		 1966 goto failed;
1967 }
1968
d8457698 1969 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->addr.bdaddr);
96d97a67 1970 if (!conn) {
bdb6d971 1971 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
04124681 1972 MGMT_STATUS_NOT_CONNECTED);
96d97a67
WR		 1973 goto failed;
1974 }
1975
1976 if (conn->pending_sec_level == BT_SECURITY_HIGH && cp->pin_len != 16) {
d8457698
JH		 1977 struct mgmt_cp_pin_code_neg_reply ncp;
1978
1979 memcpy(&ncp.addr, &cp->addr, sizeof(ncp.addr));
96d97a67
WR		 1980
1981 BT_ERR("PIN code is not 16 bytes long");
1982
bdb6d971 1983 err = send_pin_code_neg_reply(sk, hdev, &ncp);
96d97a67 1984 if (err >= 0)
bdb6d971 1985 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
04124681 1986 MGMT_STATUS_INVALID_PARAMS);
96d97a67
WR		 1987
1988 goto failed;
1989 }
1990
00abfe44 1991 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_REPLY, hdev, data, len);
366a0336
JH		 1992 if (!cmd) {
1993 err = -ENOMEM;
980e1a53 1994 goto failed;
366a0336 1995 }
980e1a53 1996
d8457698 1997 bacpy(&reply.bdaddr, &cp->addr.bdaddr);
980e1a53 1998 reply.pin_len = cp->pin_len;
24718ca5 1999 memcpy(reply.pin_code, cp->pin_code, sizeof(reply.pin_code));
980e1a53
JH		 2000
2001 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_REPLY, sizeof(reply), &reply);
2002 if (err < 0)
a664b5bc 2003 mgmt_pending_remove(cmd);
980e1a53
JH		 2004
2005failed:
09fd0de5 2006 hci_dev_unlock(hdev);
980e1a53
JH		 2007 return err;
2008}
2009
04124681
GP		 2010static int set_io_capability(struct sock *sk, struct hci_dev *hdev, void *data,
2011 u16 len)
17fa4b9d 2012{
650f726d 2013 struct mgmt_cp_set_io_capability *cp = data;
17fa4b9d
JH		 2014
2015 BT_DBG("");
2016
09fd0de5 2017 hci_dev_lock(hdev);
17fa4b9d
JH		 2018
2019 hdev->io_capability = cp->io_capability;
2020
2021 BT_DBG("%s IO capability set to 0x%02x", hdev->name,
8ce8e2b5 2022 hdev->io_capability);
17fa4b9d 2023
09fd0de5 2024 hci_dev_unlock(hdev);
17fa4b9d 2025
04124681
GP		 2026 return cmd_complete(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY, 0, NULL,
2027 0);
17fa4b9d
JH		 2028}
2029
6039aa73 2030static struct pending_cmd *find_pairing(struct hci_conn *conn)
e9a416b5
JH		 2031{
2032 struct hci_dev *hdev = conn->hdev;
8035ded4 2033 struct pending_cmd *cmd;
e9a416b5 2034
2e58ef3e 2035 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
e9a416b5
JH		 2036 if (cmd->opcode != MGMT_OP_PAIR_DEVICE)
2037 continue;
2038
e9a416b5
JH		 2039 if (cmd->user_data != conn)
2040 continue;
2041
2042 return cmd;
2043 }
2044
2045 return NULL;
2046}
2047
2048static void pairing_complete(struct pending_cmd *cmd, u8 status)
2049{
2050 struct mgmt_rp_pair_device rp;
2051 struct hci_conn *conn = cmd->user_data;
2052
ba4e564f 2053 bacpy(&rp.addr.bdaddr, &conn->dst);
57c1477c 2054 rp.addr.type = link_to_bdaddr(conn->type, conn->dst_type);
e9a416b5 2055
aee9b218 2056 cmd_complete(cmd->sk, cmd->index, MGMT_OP_PAIR_DEVICE, status,
04124681 2057 &rp, sizeof(rp));
e9a416b5
JH		 2058
2059 /* So we don't get further callbacks for this connection */
2060 conn->connect_cfm_cb = NULL;
2061 conn->security_cfm_cb = NULL;
2062 conn->disconn_cfm_cb = NULL;
2063
2064 hci_conn_put(conn);
2065
a664b5bc 2066 mgmt_pending_remove(cmd);
e9a416b5
JH		 2067}
2068
2069static void pairing_complete_cb(struct hci_conn *conn, u8 status)
2070{
2071 struct pending_cmd *cmd;
2072
2073 BT_DBG("status %u", status);
2074
2075 cmd = find_pairing(conn);
56e5cb86 2076 if (!cmd)
e9a416b5 2077 BT_DBG("Unable to find a pending command");
56e5cb86 2078 else
e211326c 2079 pairing_complete(cmd, mgmt_status(status));
e9a416b5
JH		 2080}
2081
4c47d739
VA		 2082static void le_connect_complete_cb(struct hci_conn *conn, u8 status)
2083{
2084 struct pending_cmd *cmd;
2085
2086 BT_DBG("status %u", status);
2087
2088 if (!status)
2089 return;
2090
2091 cmd = find_pairing(conn);
2092 if (!cmd)
2093 BT_DBG("Unable to find a pending command");
2094 else
2095 pairing_complete(cmd, mgmt_status(status));
2096}
2097
bdb6d971 2098static int pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2099 u16 len)
e9a416b5 2100{
650f726d 2101 struct mgmt_cp_pair_device *cp = data;
1425acb7 2102 struct mgmt_rp_pair_device rp;
e9a416b5
JH		 2103 struct pending_cmd *cmd;
2104 u8 sec_level, auth_type;
2105 struct hci_conn *conn;
e9a416b5
JH		 2106 int err;
2107
2108 BT_DBG("");
2109
f950a30e
SJ		 2110 memset(&rp, 0, sizeof(rp));
2111 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2112 rp.addr.type = cp->addr.type;
2113
4ee71b20
JH		 2114 if (!bdaddr_type_is_valid(cp->addr.type))
2115 return cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2116 MGMT_STATUS_INVALID_PARAMS,
2117 &rp, sizeof(rp));
2118
09fd0de5 2119 hci_dev_lock(hdev);
e9a416b5 2120
5f97c1df 2121 if (!hdev_is_powered(hdev)) {
f950a30e
SJ		 2122 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2123 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
5f97c1df
JH		 2124 goto unlock;
2125 }
2126
c908df36
VCG		 2127 sec_level = BT_SECURITY_MEDIUM;
2128 if (cp->io_cap == 0x03)
e9a416b5 2129 auth_type = HCI_AT_DEDICATED_BONDING;
c908df36 2130 else
e9a416b5 2131 auth_type = HCI_AT_DEDICATED_BONDING_MITM;
e9a416b5 2132
591f47f3 2133 if (cp->addr.type == BDADDR_BREDR)
b12f62cf
AG		 2134 conn = hci_connect(hdev, ACL_LINK, &cp->addr.bdaddr,
2135 cp->addr.type, sec_level, auth_type);
7a512d01 2136 else
b12f62cf
AG		 2137 conn = hci_connect(hdev, LE_LINK, &cp->addr.bdaddr,
2138 cp->addr.type, sec_level, auth_type);
7a512d01 2139
30e76272 2140 if (IS_ERR(conn)) {
489dc48e
AK		 2141 int status;
2142
2143 if (PTR_ERR(conn) == -EBUSY)
2144 status = MGMT_STATUS_BUSY;
2145 else
2146 status = MGMT_STATUS_CONNECT_FAILED;
2147
bdb6d971 2148 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
489dc48e 2149 status, &rp,
04124681 2150 sizeof(rp));
e9a416b5
JH		 2151 goto unlock;
2152 }
2153
2154 if (conn->connect_cfm_cb) {
2155 hci_conn_put(conn);
bdb6d971 2156 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
04124681 2157 MGMT_STATUS_BUSY, &rp, sizeof(rp));
e9a416b5
JH		 2158 goto unlock;
2159 }
2160
2e58ef3e 2161 cmd = mgmt_pending_add(sk, MGMT_OP_PAIR_DEVICE, hdev, data, len);
e9a416b5
JH		 2162 if (!cmd) {
2163 err = -ENOMEM;
2164 hci_conn_put(conn);
2165 goto unlock;
2166 }
2167
7a512d01 2168 /* For LE, just connecting isn't a proof that the pairing finished */
591f47f3 2169 if (cp->addr.type == BDADDR_BREDR)
7a512d01 2170 conn->connect_cfm_cb = pairing_complete_cb;
4c47d739
VA		 2171 else
2172 conn->connect_cfm_cb = le_connect_complete_cb;
7a512d01 2173
e9a416b5
JH		 2174 conn->security_cfm_cb = pairing_complete_cb;
2175 conn->disconn_cfm_cb = pairing_complete_cb;
2176 conn->io_capability = cp->io_cap;
2177 cmd->user_data = conn;
2178
2179 if (conn->state == BT_CONNECTED &&
8ce8e2b5 2180 hci_conn_security(conn, sec_level, auth_type))
e9a416b5
JH		 2181 pairing_complete(cmd, 0);
2182
2183 err = 0;
2184
2185unlock:
09fd0de5 2186 hci_dev_unlock(hdev);
e9a416b5
JH		 2187 return err;
2188}
2189
04124681
GP		 2190static int cancel_pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
2191 u16 len)
28424707 2192{
0f4e68cf 2193 struct mgmt_addr_info *addr = data;
28424707
JH		 2194 struct pending_cmd *cmd;
2195 struct hci_conn *conn;
2196 int err;
2197
2198 BT_DBG("");
2199
28424707
JH		 2200 hci_dev_lock(hdev);
2201
5f97c1df 2202 if (!hdev_is_powered(hdev)) {
bdb6d971 2203 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
04124681 2204 MGMT_STATUS_NOT_POWERED);
5f97c1df
JH		 2205 goto unlock;
2206 }
2207
28424707
JH		 2208 cmd = mgmt_pending_find(MGMT_OP_PAIR_DEVICE, hdev);
2209 if (!cmd) {
bdb6d971 2210 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
04124681 2211 MGMT_STATUS_INVALID_PARAMS);
28424707
JH		 2212 goto unlock;
2213 }
2214
2215 conn = cmd->user_data;
2216
2217 if (bacmp(&addr->bdaddr, &conn->dst) != 0) {
bdb6d971 2218 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
04124681 2219 MGMT_STATUS_INVALID_PARAMS);
28424707
JH		 2220 goto unlock;
2221 }
2222
2223 pairing_complete(cmd, MGMT_STATUS_CANCELLED);
2224
bdb6d971 2225 err = cmd_complete(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE, 0,
04124681 2226 addr, sizeof(*addr));
28424707
JH		 2227unlock:
2228 hci_dev_unlock(hdev);
28424707
JH		 2229 return err;
2230}
2231
bdb6d971 2232static int user_pairing_resp(struct sock *sk, struct hci_dev *hdev,
04124681
GP		 2233 bdaddr_t *bdaddr, u8 type, u16 mgmt_op,
2234 u16 hci_op, __le32 passkey)
a5c29683 2235{
a5c29683 2236 struct pending_cmd *cmd;
0df4c185 2237 struct hci_conn *conn;
a5c29683
JH		 2238 int err;
2239
09fd0de5 2240 hci_dev_lock(hdev);
08ba5382 2241
4b34ee78 2242 if (!hdev_is_powered(hdev)) {
bdb6d971 2243 err = cmd_status(sk, hdev->id, mgmt_op,
04124681 2244 MGMT_STATUS_NOT_POWERED);
0df4c185 2245 goto done;
a5c29683
JH		 2246 }
2247
591f47f3 2248 if (type == BDADDR_BREDR)
272d90df
JH		 2249 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, bdaddr);
2250 else
47c15e2b 2251 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, bdaddr);
272d90df
JH		 2252
2253 if (!conn) {
bdb6d971 2254 err = cmd_status(sk, hdev->id, mgmt_op,
04124681 2255 MGMT_STATUS_NOT_CONNECTED);
272d90df
JH		 2256 goto done;
2257 }
47c15e2b 2258
591f47f3 2259 if (type == BDADDR_LE_PUBLIC || type == BDADDR_LE_RANDOM) {
47c15e2b 2260 /* Continue with pairing via SMP */
5fe57d9e
BG		 2261 err = smp_user_confirm_reply(conn, mgmt_op, passkey);
2262
2263 if (!err)
bdb6d971 2264 err = cmd_status(sk, hdev->id, mgmt_op,
04124681 2265 MGMT_STATUS_SUCCESS);
5fe57d9e 2266 else
bdb6d971 2267 err = cmd_status(sk, hdev->id, mgmt_op,
04124681 2268 MGMT_STATUS_FAILED);
47c15e2b 2269
47c15e2b
BG		 2270 goto done;
2271 }
2272
0df4c185 2273 cmd = mgmt_pending_add(sk, mgmt_op, hdev, bdaddr, sizeof(*bdaddr));
a5c29683
JH		 2274 if (!cmd) {
2275 err = -ENOMEM;
0df4c185 2276 goto done;
a5c29683
JH		 2277 }
2278
0df4c185 2279 /* Continue with pairing via HCI */
604086b7
BG		 2280 if (hci_op == HCI_OP_USER_PASSKEY_REPLY) {
2281 struct hci_cp_user_passkey_reply cp;
2282
2283 bacpy(&cp.bdaddr, bdaddr);
2284 cp.passkey = passkey;
2285 err = hci_send_cmd(hdev, hci_op, sizeof(cp), &cp);
2286 } else
2287 err = hci_send_cmd(hdev, hci_op, sizeof(*bdaddr), bdaddr);
2288
a664b5bc
JH		 2289 if (err < 0)
2290 mgmt_pending_remove(cmd);
a5c29683 2291
0df4c185 2292done:
09fd0de5 2293 hci_dev_unlock(hdev);
a5c29683
JH		 2294 return err;
2295}
2296
afeb019d
JK		 2297static int pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
2298 void *data, u16 len)
2299{
2300 struct mgmt_cp_pin_code_neg_reply *cp = data;
2301
2302 BT_DBG("");
2303
2304 return user_pairing_resp(sk, hdev, &cp->addr.bdaddr, cp->addr.type,
2305 MGMT_OP_PIN_CODE_NEG_REPLY,
2306 HCI_OP_PIN_CODE_NEG_REPLY, 0);
2307}
2308
04124681
GP		 2309static int user_confirm_reply(struct sock *sk, struct hci_dev *hdev, void *data,
2310 u16 len)
0df4c185 2311{
650f726d 2312 struct mgmt_cp_user_confirm_reply *cp = data;
0df4c185
BG		 2313
2314 BT_DBG("");
2315
2316 if (len != sizeof(*cp))
bdb6d971 2317 return cmd_status(sk, hdev->id, MGMT_OP_USER_CONFIRM_REPLY,
04124681 2318 MGMT_STATUS_INVALID_PARAMS);
0df4c185 2319
bdb6d971 2320 return user_pairing_resp(sk, hdev, &cp->addr.bdaddr, cp->addr.type,
04124681
GP		 2321 MGMT_OP_USER_CONFIRM_REPLY,
2322 HCI_OP_USER_CONFIRM_REPLY, 0);
0df4c185
BG		 2323}
2324
bdb6d971 2325static int user_confirm_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 2326 void *data, u16 len)
0df4c185 2327{
c9c2659f 2328 struct mgmt_cp_user_confirm_neg_reply *cp = data;
0df4c185
BG		 2329
2330 BT_DBG("");
2331
bdb6d971 2332 return user_pairing_resp(sk, hdev, &cp->addr.bdaddr, cp->addr.type,
04124681
GP		 2333 MGMT_OP_USER_CONFIRM_NEG_REPLY,
2334 HCI_OP_USER_CONFIRM_NEG_REPLY, 0);
0df4c185
BG		 2335}
2336
04124681
GP		 2337static int user_passkey_reply(struct sock *sk, struct hci_dev *hdev, void *data,
2338 u16 len)
604086b7 2339{
650f726d 2340 struct mgmt_cp_user_passkey_reply *cp = data;
604086b7
BG		 2341
2342 BT_DBG("");
2343
bdb6d971 2344 return user_pairing_resp(sk, hdev, &cp->addr.bdaddr, cp->addr.type,
04124681
GP		 2345 MGMT_OP_USER_PASSKEY_REPLY,
2346 HCI_OP_USER_PASSKEY_REPLY, cp->passkey);
604086b7
BG		 2347}
2348
bdb6d971 2349static int user_passkey_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 2350 void *data, u16 len)
604086b7 2351{
650f726d 2352 struct mgmt_cp_user_passkey_neg_reply *cp = data;
604086b7
BG		 2353
2354 BT_DBG("");
2355
bdb6d971 2356 return user_pairing_resp(sk, hdev, &cp->addr.bdaddr, cp->addr.type,
04124681
GP		 2357 MGMT_OP_USER_PASSKEY_NEG_REPLY,
2358 HCI_OP_USER_PASSKEY_NEG_REPLY, 0);
604086b7
BG		 2359}
2360
13928971 2361static void update_name(struct hci_request *req)
2b4bf397 2362{
13928971 2363 struct hci_dev *hdev = req->hdev;
2b4bf397
JH		 2364 struct hci_cp_write_local_name cp;
2365
13928971 2366 memcpy(cp.name, hdev->dev_name, sizeof(cp.name));
2b4bf397 2367
890ea898 2368 hci_req_add(req, HCI_OP_WRITE_LOCAL_NAME, sizeof(cp), &cp);
2b4bf397
JH		 2369}
2370
13928971
JH		 2371static void set_name_complete(struct hci_dev *hdev, u8 status)
2372{
2373 struct mgmt_cp_set_local_name *cp;
2374 struct pending_cmd *cmd;
2375
2376 BT_DBG("status 0x%02x", status);
2377
2378 hci_dev_lock(hdev);
2379
2380 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
2381 if (!cmd)
2382 goto unlock;
2383
2384 cp = cmd->param;
2385
2386 if (status)
2387 cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME,
2388 mgmt_status(status));
2389 else
2390 cmd_complete(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
2391 cp, sizeof(*cp));
2392
2393 mgmt_pending_remove(cmd);
2394
2395unlock:
2396 hci_dev_unlock(hdev);
2397}
2398
bdb6d971 2399static int set_local_name(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2400 u16 len)
b312b161 2401{
2b4bf397 2402 struct mgmt_cp_set_local_name *cp = data;
b312b161 2403 struct pending_cmd *cmd;
890ea898 2404 struct hci_request req;
b312b161
JH		 2405 int err;
2406
2407 BT_DBG("");
2408
09fd0de5 2409 hci_dev_lock(hdev);
b312b161 2410
b3f2ca94
JH		 2411 /* If the old values are the same as the new ones just return a
2412 * direct command complete event.
2413 */
2414 if (!memcmp(hdev->dev_name, cp->name, sizeof(hdev->dev_name)) &&
2415 !memcmp(hdev->short_name, cp->short_name,
2416 sizeof(hdev->short_name))) {
2417 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
2418 data, len);
2419 goto failed;
2420 }
2421
2b4bf397 2422 memcpy(hdev->short_name, cp->short_name, sizeof(hdev->short_name));
28cc7bde 2423
b5235a65 2424 if (!hdev_is_powered(hdev)) {
2b4bf397 2425 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
28cc7bde
JH		 2426
2427 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
04124681 2428 data, len);
28cc7bde
JH		 2429 if (err < 0)
2430 goto failed;
2431
2432 err = mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, data, len,
04124681 2433 sk);
28cc7bde 2434
b5235a65
JH		 2435 goto failed;
2436 }
2437
28cc7bde 2438 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LOCAL_NAME, hdev, data, len);
b312b161
JH		 2439 if (!cmd) {
2440 err = -ENOMEM;
2441 goto failed;
2442 }
2443
13928971
JH		 2444 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
2445
890ea898 2446 hci_req_init(&req, hdev);
3f985050
JH		 2447
2448 if (lmp_bredr_capable(hdev)) {
2449 update_name(&req);
2450 update_eir(&req);
2451 }
2452
2453 if (lmp_le_capable(hdev))
2454 hci_update_ad(&req);
2455
13928971 2456 err = hci_req_run(&req, set_name_complete);
b312b161
JH		 2457 if (err < 0)
2458 mgmt_pending_remove(cmd);
2459
2460failed:
09fd0de5 2461 hci_dev_unlock(hdev);
b312b161
JH		 2462 return err;
2463}
2464
0f4e68cf 2465static int read_local_oob_data(struct sock *sk, struct hci_dev *hdev,
04124681 2466 void *data, u16 data_len)
c35938b2 2467{
c35938b2
SJ		 2468 struct pending_cmd *cmd;
2469 int err;
2470
bdb6d971 2471 BT_DBG("%s", hdev->name);
c35938b2 2472
09fd0de5 2473 hci_dev_lock(hdev);
c35938b2 2474
4b34ee78 2475 if (!hdev_is_powered(hdev)) {
bdb6d971 2476 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
04124681 2477 MGMT_STATUS_NOT_POWERED);
c35938b2
SJ		 2478 goto unlock;
2479 }
2480
9a1a1996 2481 if (!lmp_ssp_capable(hdev)) {
bdb6d971 2482 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
04124681 2483 MGMT_STATUS_NOT_SUPPORTED);
c35938b2
SJ		 2484 goto unlock;
2485 }
2486
2e58ef3e 2487 if (mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev)) {
bdb6d971 2488 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
04124681 2489 MGMT_STATUS_BUSY);
c35938b2
SJ		 2490 goto unlock;
2491 }
2492
2e58ef3e 2493 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_DATA, hdev, NULL, 0);
c35938b2
SJ		 2494 if (!cmd) {
2495 err = -ENOMEM;
2496 goto unlock;
2497 }
2498
2499 err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL);
2500 if (err < 0)
2501 mgmt_pending_remove(cmd);
2502
2503unlock:
09fd0de5 2504 hci_dev_unlock(hdev);
c35938b2
SJ		 2505 return err;
2506}
2507
bdb6d971 2508static int add_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
04124681 2509 void *data, u16 len)
2763eda6 2510{
650f726d 2511 struct mgmt_cp_add_remote_oob_data *cp = data;
bf1e3541 2512 u8 status;
2763eda6
SJ		 2513 int err;
2514
bdb6d971 2515 BT_DBG("%s ", hdev->name);
2763eda6 2516
09fd0de5 2517 hci_dev_lock(hdev);
2763eda6 2518
664ce4cc 2519 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr, cp->hash,
04124681 2520 cp->randomizer);
2763eda6 2521 if (err < 0)
bf1e3541 2522 status = MGMT_STATUS_FAILED;
2763eda6 2523 else
a6785be2 2524 status = MGMT_STATUS_SUCCESS;
bf1e3541 2525
bdb6d971 2526 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA, status,
04124681 2527 &cp->addr, sizeof(cp->addr));
2763eda6 2528
09fd0de5 2529 hci_dev_unlock(hdev);
2763eda6
SJ		 2530 return err;
2531}
2532
bdb6d971 2533static int remove_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
8ce8e2b5 2534 void *data, u16 len)
2763eda6 2535{
650f726d 2536 struct mgmt_cp_remove_remote_oob_data *cp = data;
bf1e3541 2537 u8 status;
2763eda6
SJ		 2538 int err;
2539
bdb6d971 2540 BT_DBG("%s", hdev->name);
2763eda6 2541
09fd0de5 2542 hci_dev_lock(hdev);
2763eda6 2543
664ce4cc 2544 err = hci_remove_remote_oob_data(hdev, &cp->addr.bdaddr);
2763eda6 2545 if (err < 0)
bf1e3541 2546 status = MGMT_STATUS_INVALID_PARAMS;
2763eda6 2547 else
a6785be2 2548 status = MGMT_STATUS_SUCCESS;
bf1e3541 2549
bdb6d971 2550 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
04124681 2551 status, &cp->addr, sizeof(cp->addr));
2763eda6 2552
09fd0de5 2553 hci_dev_unlock(hdev);
2763eda6
SJ		 2554 return err;
2555}
2556
5e0452c0
AG		 2557int mgmt_interleaved_discovery(struct hci_dev *hdev)
2558{
2559 int err;
2560
2561 BT_DBG("%s", hdev->name);
2562
2563 hci_dev_lock(hdev);
2564
2565 err = hci_do_inquiry(hdev, INQUIRY_LEN_BREDR_LE);
2566 if (err < 0)
2567 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
2568
2569 hci_dev_unlock(hdev);
2570
2571 return err;
2572}
2573
bdb6d971 2574static int start_discovery(struct sock *sk, struct hci_dev *hdev,
04124681 2575 void *data, u16 len)
14a53664 2576{
650f726d 2577 struct mgmt_cp_start_discovery *cp = data;
14a53664 2578 struct pending_cmd *cmd;
14a53664
JH		 2579 int err;
2580
bdb6d971 2581 BT_DBG("%s", hdev->name);
14a53664 2582
09fd0de5 2583 hci_dev_lock(hdev);
14a53664 2584
4b34ee78 2585 if (!hdev_is_powered(hdev)) {
bdb6d971 2586 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
04124681 2587 MGMT_STATUS_NOT_POWERED);
bd2d1334
JH		 2588 goto failed;
2589 }
2590
642be6c7
AG		 2591 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags)) {
2592 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2593 MGMT_STATUS_BUSY);
2594 goto failed;
2595 }
2596
ff9ef578 2597 if (hdev->discovery.state != DISCOVERY_STOPPED) {
bdb6d971 2598 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
04124681 2599 MGMT_STATUS_BUSY);
ff9ef578
JH		 2600 goto failed;
2601 }
2602
2e58ef3e 2603 cmd = mgmt_pending_add(sk, MGMT_OP_START_DISCOVERY, hdev, NULL, 0);
14a53664
JH		 2604 if (!cmd) {
2605 err = -ENOMEM;
2606 goto failed;
2607 }
2608
4aab14e5
AG		 2609 hdev->discovery.type = cp->type;
2610
2611 switch (hdev->discovery.type) {
f39799f5 2612 case DISCOV_TYPE_BREDR:
04106755
JH		 2613 if (!lmp_bredr_capable(hdev)) {
2614 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2615 MGMT_STATUS_NOT_SUPPORTED);
2616 mgmt_pending_remove(cmd);
2617 goto failed;
2618 }
2619
2620 err = hci_do_inquiry(hdev, INQUIRY_LEN_BREDR);
f39799f5
AG		 2621 break;
2622
2623 case DISCOV_TYPE_LE:
04106755
JH		 2624 if (!lmp_host_le_capable(hdev)) {
2625 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2626 MGMT_STATUS_NOT_SUPPORTED);
2627 mgmt_pending_remove(cmd);
2628 goto failed;
2629 }
2630
2631 err = hci_le_scan(hdev, LE_SCAN_TYPE, LE_SCAN_INT,
2632 LE_SCAN_WIN, LE_SCAN_TIMEOUT_LE_ONLY);
f39799f5
AG		 2633 break;
2634
5e0452c0 2635 case DISCOV_TYPE_INTERLEAVED:
04106755
JH		 2636 if (!lmp_host_le_capable(hdev) || !lmp_bredr_capable(hdev)) {
2637 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2638 MGMT_STATUS_NOT_SUPPORTED);
2639 mgmt_pending_remove(cmd);
2640 goto failed;
2641 }
2642
2643 err = hci_le_scan(hdev, LE_SCAN_TYPE, LE_SCAN_INT, LE_SCAN_WIN,
2644 LE_SCAN_TIMEOUT_BREDR_LE);
5e0452c0
AG		 2645 break;
2646
f39799f5 2647 default:
04106755
JH		 2648 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2649 MGMT_STATUS_INVALID_PARAMS);
2650 mgmt_pending_remove(cmd);
2651 goto failed;
f39799f5 2652 }
3fd24153 2653
14a53664
JH		 2654 if (err < 0)
2655 mgmt_pending_remove(cmd);
ff9ef578
JH		 2656 else
2657 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
14a53664
JH		 2658
2659failed:
09fd0de5 2660 hci_dev_unlock(hdev);
14a53664
JH		 2661 return err;
2662}
2663
bdb6d971 2664static int stop_discovery(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2665 u16 len)
14a53664 2666{
d930650b 2667 struct mgmt_cp_stop_discovery *mgmt_cp = data;
14a53664 2668 struct pending_cmd *cmd;
30dc78e1
JH		 2669 struct hci_cp_remote_name_req_cancel cp;
2670 struct inquiry_entry *e;
14a53664
JH		 2671 int err;
2672
bdb6d971 2673 BT_DBG("%s", hdev->name);
14a53664 2674
09fd0de5 2675 hci_dev_lock(hdev);
14a53664 2676
30dc78e1 2677 if (!hci_discovery_active(hdev)) {
bdb6d971 2678 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
04124681
GP		 2679 MGMT_STATUS_REJECTED, &mgmt_cp->type,
2680 sizeof(mgmt_cp->type));
d930650b
JH		 2681 goto unlock;
2682 }
2683
2684 if (hdev->discovery.type != mgmt_cp->type) {
bdb6d971 2685 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
04124681
GP		 2686 MGMT_STATUS_INVALID_PARAMS, &mgmt_cp->type,
2687 sizeof(mgmt_cp->type));
30dc78e1 2688 goto unlock;
ff9ef578
JH		 2689 }
2690
2e58ef3e 2691 cmd = mgmt_pending_add(sk, MGMT_OP_STOP_DISCOVERY, hdev, NULL, 0);
14a53664
JH		 2692 if (!cmd) {
2693 err = -ENOMEM;
30dc78e1
JH		 2694 goto unlock;
2695 }
2696
e0d9727e
AG		 2697 switch (hdev->discovery.state) {
2698 case DISCOVERY_FINDING:
c9ecc48e
AG		 2699 if (test_bit(HCI_INQUIRY, &hdev->flags))
2700 err = hci_cancel_inquiry(hdev);
2701 else
2702 err = hci_cancel_le_scan(hdev);
2703
e0d9727e
AG		 2704 break;
2705
2706 case DISCOVERY_RESOLVING:
2707 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY,
8ce8e2b5 2708 NAME_PENDING);
e0d9727e 2709 if (!e) {
30dc78e1 2710 mgmt_pending_remove(cmd);
e0d9727e
AG		 2711 err = cmd_complete(sk, hdev->id,
2712 MGMT_OP_STOP_DISCOVERY, 0,
2713 &mgmt_cp->type,
2714 sizeof(mgmt_cp->type));
2715 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
2716 goto unlock;
2717 }
30dc78e1 2718
e0d9727e
AG		 2719 bacpy(&cp.bdaddr, &e->data.bdaddr);
2720 err = hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ_CANCEL,
2721 sizeof(cp), &cp);
2722
2723 break;
2724
2725 default:
2726 BT_DBG("unknown discovery state %u", hdev->discovery.state);
2727 err = -EFAULT;
14a53664
JH		 2728 }
2729
14a53664
JH		 2730 if (err < 0)
2731 mgmt_pending_remove(cmd);
ff9ef578
JH		 2732 else
2733 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
14a53664 2734
30dc78e1 2735unlock:
09fd0de5 2736 hci_dev_unlock(hdev);
14a53664
JH		 2737 return err;
2738}
2739
bdb6d971 2740static int confirm_name(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2741 u16 len)
561aafbc 2742{
650f726d 2743 struct mgmt_cp_confirm_name *cp = data;
561aafbc 2744 struct inquiry_entry *e;
561aafbc
JH		 2745 int err;
2746
bdb6d971 2747 BT_DBG("%s", hdev->name);
561aafbc 2748
561aafbc
JH		 2749 hci_dev_lock(hdev);
2750
30dc78e1 2751 if (!hci_discovery_active(hdev)) {
bdb6d971 2752 err = cmd_status(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
04124681 2753 MGMT_STATUS_FAILED);
30dc78e1
JH		 2754 goto failed;
2755 }
2756
a198e7b1 2757 e = hci_inquiry_cache_lookup_unknown(hdev, &cp->addr.bdaddr);
561aafbc 2758 if (!e) {
bdb6d971 2759 err = cmd_status(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
04124681 2760 MGMT_STATUS_INVALID_PARAMS);
561aafbc
JH		 2761 goto failed;
2762 }
2763
2764 if (cp->name_known) {
2765 e->name_state = NAME_KNOWN;
2766 list_del(&e->list);
2767 } else {
2768 e->name_state = NAME_NEEDED;
a3d4e20a 2769 hci_inquiry_cache_update_resolve(hdev, e);
561aafbc
JH		 2770 }
2771
e384662b
JH		 2772 err = cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME, 0, &cp->addr,
2773 sizeof(cp->addr));
561aafbc
JH		 2774
2775failed:
2776 hci_dev_unlock(hdev);
561aafbc
JH		 2777 return err;
2778}
2779
bdb6d971 2780static int block_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2781 u16 len)
7fbec224 2782{
650f726d 2783 struct mgmt_cp_block_device *cp = data;
f0eeea8b 2784 u8 status;
7fbec224
AJ		 2785 int err;
2786
bdb6d971 2787 BT_DBG("%s", hdev->name);
7fbec224 2788
4ee71b20 2789 if (!bdaddr_type_is_valid(cp->addr.type))
5d0846d4
JH		 2790 return cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE,
2791 MGMT_STATUS_INVALID_PARAMS,
2792 &cp->addr, sizeof(cp->addr));
4ee71b20 2793
09fd0de5 2794 hci_dev_lock(hdev);
5e762444 2795
88c1fe4b 2796 err = hci_blacklist_add(hdev, &cp->addr.bdaddr, cp->addr.type);
7fbec224 2797 if (err < 0)
f0eeea8b 2798 status = MGMT_STATUS_FAILED;
7fbec224 2799 else
a6785be2 2800 status = MGMT_STATUS_SUCCESS;
f0eeea8b 2801
bdb6d971 2802 err = cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE, status,
04124681 2803 &cp->addr, sizeof(cp->addr));
5e762444 2804
09fd0de5 2805 hci_dev_unlock(hdev);
7fbec224
AJ		 2806
2807 return err;
2808}
2809
bdb6d971 2810static int unblock_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2811 u16 len)
7fbec224 2812{
650f726d 2813 struct mgmt_cp_unblock_device *cp = data;
f0eeea8b 2814 u8 status;
7fbec224
AJ		 2815 int err;
2816
bdb6d971 2817 BT_DBG("%s", hdev->name);
7fbec224 2818
4ee71b20 2819 if (!bdaddr_type_is_valid(cp->addr.type))
5d0846d4
JH		 2820 return cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE,
2821 MGMT_STATUS_INVALID_PARAMS,
2822 &cp->addr, sizeof(cp->addr));
4ee71b20 2823
09fd0de5 2824 hci_dev_lock(hdev);
5e762444 2825
88c1fe4b 2826 err = hci_blacklist_del(hdev, &cp->addr.bdaddr, cp->addr.type);
7fbec224 2827 if (err < 0)
f0eeea8b 2828 status = MGMT_STATUS_INVALID_PARAMS;
7fbec224 2829 else
a6785be2 2830 status = MGMT_STATUS_SUCCESS;
f0eeea8b 2831
bdb6d971 2832 err = cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE, status,
04124681 2833 &cp->addr, sizeof(cp->addr));
5e762444 2834
09fd0de5 2835 hci_dev_unlock(hdev);
7fbec224
AJ		 2836
2837 return err;
2838}
2839
cdbaccca
MH		 2840static int set_device_id(struct sock *sk, struct hci_dev *hdev, void *data,
2841 u16 len)
2842{
2843 struct mgmt_cp_set_device_id *cp = data;
890ea898 2844 struct hci_request req;
cdbaccca 2845 int err;
c72d4b8a 2846 __u16 source;
cdbaccca
MH		 2847
2848 BT_DBG("%s", hdev->name);
2849
c72d4b8a
SJ		 2850 source = __le16_to_cpu(cp->source);
2851
2852 if (source > 0x0002)
2853 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEVICE_ID,
2854 MGMT_STATUS_INVALID_PARAMS);
2855
cdbaccca
MH		 2856 hci_dev_lock(hdev);
2857
c72d4b8a 2858 hdev->devid_source = source;
cdbaccca
MH		 2859 hdev->devid_vendor = __le16_to_cpu(cp->vendor);
2860 hdev->devid_product = __le16_to_cpu(cp->product);
2861 hdev->devid_version = __le16_to_cpu(cp->version);
2862
2863 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEVICE_ID, 0, NULL, 0);
2864
890ea898
JH		 2865 hci_req_init(&req, hdev);
2866 update_eir(&req);
2867 hci_req_run(&req, NULL);
cdbaccca
MH		 2868
2869 hci_dev_unlock(hdev);
2870
2871 return err;
2872}
2873
bdb6d971 2874static int set_fast_connectable(struct sock *sk, struct hci_dev *hdev,
04124681 2875 void *data, u16 len)
f6422ec6 2876{
650f726d 2877 struct mgmt_mode *cp = data;
f6422ec6
AJ		 2878 struct hci_cp_write_page_scan_activity acp;
2879 u8 type;
2880 int err;
2881
bdb6d971 2882 BT_DBG("%s", hdev->name);
f6422ec6 2883
33c525c0
JH		 2884 if (!lmp_bredr_capable(hdev))
2885 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
2886 MGMT_STATUS_NOT_SUPPORTED);
2887
a7e80f25
JH		 2888 if (cp->val != 0x00 && cp->val != 0x01)
2889 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
2890 MGMT_STATUS_INVALID_PARAMS);
2891
5400c044 2892 if (!hdev_is_powered(hdev))
bdb6d971 2893 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
04124681 2894 MGMT_STATUS_NOT_POWERED);
5400c044
JH		 2895
2896 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
bdb6d971 2897 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
04124681 2898 MGMT_STATUS_REJECTED);
f6422ec6
AJ		 2899
2900 hci_dev_lock(hdev);
2901
f7c6869c 2902 if (cp->val) {
f6422ec6 2903 type = PAGE_SCAN_TYPE_INTERLACED;
76ec9de8 2904
83ce9a06
JH		 2905 /* 160 msec page scan interval */
2906 acp.interval = __constant_cpu_to_le16(0x0100);
f6422ec6
AJ		 2907 } else {
2908 type = PAGE_SCAN_TYPE_STANDARD; /* default */
76ec9de8
AE		 2909
2910 /* default 1.28 sec page scan */
2911 acp.interval = __constant_cpu_to_le16(0x0800);
f6422ec6
AJ		 2912 }
2913
76ec9de8
AE		 2914 /* default 11.25 msec page scan window */
2915 acp.window = __constant_cpu_to_le16(0x0012);
f6422ec6 2916
04124681
GP		 2917 err = hci_send_cmd(hdev, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY, sizeof(acp),
2918 &acp);
f6422ec6 2919 if (err < 0) {
bdb6d971 2920 err = cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
04124681 2921 MGMT_STATUS_FAILED);
f6422ec6
AJ		 2922 goto done;
2923 }
2924
2925 err = hci_send_cmd(hdev, HCI_OP_WRITE_PAGE_SCAN_TYPE, 1, &type);
2926 if (err < 0) {
bdb6d971 2927 err = cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
04124681 2928 MGMT_STATUS_FAILED);
f6422ec6
AJ		 2929 goto done;
2930 }
2931
bdb6d971 2932 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE, 0,
04124681 2933 NULL, 0);
f6422ec6
AJ		 2934done:
2935 hci_dev_unlock(hdev);
f6422ec6
AJ		 2936 return err;
2937}
2938
3f706b72
JH		 2939static bool ltk_is_valid(struct mgmt_ltk_info *key)
2940{
44b20d33
JH		 2941 if (key->authenticated != 0x00 && key->authenticated != 0x01)
2942 return false;
3f706b72
JH		 2943 if (key->master != 0x00 && key->master != 0x01)
2944 return false;
4ee71b20
JH		 2945 if (!bdaddr_type_is_le(key->addr.type))
2946 return false;
3f706b72
JH		 2947 return true;
2948}
2949
bdb6d971 2950static int load_long_term_keys(struct sock *sk, struct hci_dev *hdev,
04124681 2951 void *cp_data, u16 len)
346af67b 2952{
346af67b
VCG		 2953 struct mgmt_cp_load_long_term_keys *cp = cp_data;
2954 u16 key_count, expected_len;
715a5bf2 2955 int i, err;
346af67b 2956
1f350c87 2957 key_count = __le16_to_cpu(cp->key_count);
346af67b
VCG		 2958
2959 expected_len = sizeof(*cp) + key_count *
2960 sizeof(struct mgmt_ltk_info);
2961 if (expected_len != len) {
2962 BT_ERR("load_keys: expected %u bytes, got %u bytes",
8ce8e2b5 2963 len, expected_len);
bdb6d971 2964 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
e57e619f 2965 MGMT_STATUS_INVALID_PARAMS);
346af67b
VCG		 2966 }
2967
bdb6d971 2968 BT_DBG("%s key_count %u", hdev->name, key_count);
346af67b 2969
54ad6d8a
JH		 2970 for (i = 0; i < key_count; i++) {
2971 struct mgmt_ltk_info *key = &cp->keys[i];
2972
3f706b72 2973 if (!ltk_is_valid(key))
54ad6d8a
JH		 2974 return cmd_status(sk, hdev->id,
2975 MGMT_OP_LOAD_LONG_TERM_KEYS,
2976 MGMT_STATUS_INVALID_PARAMS);
2977 }
2978
346af67b
VCG		 2979 hci_dev_lock(hdev);
2980
2981 hci_smp_ltks_clear(hdev);
2982
2983 for (i = 0; i < key_count; i++) {
2984 struct mgmt_ltk_info *key = &cp->keys[i];
2985 u8 type;
2986
2987 if (key->master)
2988 type = HCI_SMP_LTK;
2989 else
2990 type = HCI_SMP_LTK_SLAVE;
2991
4596fde5 2992 hci_add_ltk(hdev, &key->addr.bdaddr,
378b5b7e 2993 bdaddr_to_le(key->addr.type),
04124681
GP		 2994 type, 0, key->authenticated, key->val,
2995 key->enc_size, key->ediv, key->rand);
346af67b
VCG		 2996 }
2997
715a5bf2
JH		 2998 err = cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS, 0,
2999 NULL, 0);
3000
346af67b 3001 hci_dev_unlock(hdev);
346af67b 3002
715a5bf2 3003 return err;
346af67b
VCG		 3004}
3005
2e3c35ea 3006static const struct mgmt_handler {
04124681
GP		 3007 int (*func) (struct sock *sk, struct hci_dev *hdev, void *data,
3008 u16 data_len);
be22b54e
JH		 3009 bool var_len;
3010 size_t data_len;
0f4e68cf
JH		 3011} mgmt_handlers[] = {
3012 { NULL }, /* 0x0000 (no command) */
be22b54e
JH		 3013 { read_version, false, MGMT_READ_VERSION_SIZE },
3014 { read_commands, false, MGMT_READ_COMMANDS_SIZE },
3015 { read_index_list, false, MGMT_READ_INDEX_LIST_SIZE },
3016 { read_controller_info, false, MGMT_READ_INFO_SIZE },
3017 { set_powered, false, MGMT_SETTING_SIZE },
3018 { set_discoverable, false, MGMT_SET_DISCOVERABLE_SIZE },
3019 { set_connectable, false, MGMT_SETTING_SIZE },
3020 { set_fast_connectable, false, MGMT_SETTING_SIZE },
3021 { set_pairable, false, MGMT_SETTING_SIZE },
3022 { set_link_security, false, MGMT_SETTING_SIZE },
3023 { set_ssp, false, MGMT_SETTING_SIZE },
3024 { set_hs, false, MGMT_SETTING_SIZE },
3025 { set_le, false, MGMT_SETTING_SIZE },
3026 { set_dev_class, false, MGMT_SET_DEV_CLASS_SIZE },
3027 { set_local_name, false, MGMT_SET_LOCAL_NAME_SIZE },
3028 { add_uuid, false, MGMT_ADD_UUID_SIZE },
3029 { remove_uuid, false, MGMT_REMOVE_UUID_SIZE },
3030 { load_link_keys, true, MGMT_LOAD_LINK_KEYS_SIZE },
3031 { load_long_term_keys, true, MGMT_LOAD_LONG_TERM_KEYS_SIZE },
3032 { disconnect, false, MGMT_DISCONNECT_SIZE },
3033 { get_connections, false, MGMT_GET_CONNECTIONS_SIZE },
3034 { pin_code_reply, false, MGMT_PIN_CODE_REPLY_SIZE },
3035 { pin_code_neg_reply, false, MGMT_PIN_CODE_NEG_REPLY_SIZE },
3036 { set_io_capability, false, MGMT_SET_IO_CAPABILITY_SIZE },
3037 { pair_device, false, MGMT_PAIR_DEVICE_SIZE },
3038 { cancel_pair_device, false, MGMT_CANCEL_PAIR_DEVICE_SIZE },
3039 { unpair_device, false, MGMT_UNPAIR_DEVICE_SIZE },
3040 { user_confirm_reply, false, MGMT_USER_CONFIRM_REPLY_SIZE },
3041 { user_confirm_neg_reply, false, MGMT_USER_CONFIRM_NEG_REPLY_SIZE },
3042 { user_passkey_reply, false, MGMT_USER_PASSKEY_REPLY_SIZE },
3043 { user_passkey_neg_reply, false, MGMT_USER_PASSKEY_NEG_REPLY_SIZE },
3044 { read_local_oob_data, false, MGMT_READ_LOCAL_OOB_DATA_SIZE },
3045 { add_remote_oob_data, false, MGMT_ADD_REMOTE_OOB_DATA_SIZE },
3046 { remove_remote_oob_data, false, MGMT_REMOVE_REMOTE_OOB_DATA_SIZE },
3047 { start_discovery, false, MGMT_START_DISCOVERY_SIZE },
3048 { stop_discovery, false, MGMT_STOP_DISCOVERY_SIZE },
3049 { confirm_name, false, MGMT_CONFIRM_NAME_SIZE },
3050 { block_device, false, MGMT_BLOCK_DEVICE_SIZE },
3051 { unblock_device, false, MGMT_UNBLOCK_DEVICE_SIZE },
cdbaccca 3052 { set_device_id, false, MGMT_SET_DEVICE_ID_SIZE },
0f4e68cf
JH		 3053};
3054
3055
0381101f
JH		 3056int mgmt_control(struct sock *sk, struct msghdr *msg, size_t msglen)
3057{
650f726d
VCG		 3058 void *buf;
3059 u8 *cp;
0381101f 3060 struct mgmt_hdr *hdr;
4e51eae9 3061 u16 opcode, index, len;
bdb6d971 3062 struct hci_dev *hdev = NULL;
2e3c35ea 3063 const struct mgmt_handler *handler;
0381101f
JH		 3064 int err;
3065
3066 BT_DBG("got %zu bytes", msglen);
3067
3068 if (msglen < sizeof(*hdr))
3069 return -EINVAL;
3070
e63a15ec 3071 buf = kmalloc(msglen, GFP_KERNEL);
0381101f
JH		 3072 if (!buf)
3073 return -ENOMEM;
3074
3075 if (memcpy_fromiovec(buf, msg->msg_iov, msglen)) {
3076 err = -EFAULT;
3077 goto done;
3078 }
3079
650f726d 3080 hdr = buf;
1f350c87
MH		 3081 opcode = __le16_to_cpu(hdr->opcode);
3082 index = __le16_to_cpu(hdr->index);
3083 len = __le16_to_cpu(hdr->len);
0381101f
JH		 3084
3085 if (len != msglen - sizeof(*hdr)) {
3086 err = -EINVAL;
3087 goto done;
3088 }
3089
0f4e68cf 3090 if (index != MGMT_INDEX_NONE) {
bdb6d971
JH		 3091 hdev = hci_dev_get(index);
3092 if (!hdev) {
3093 err = cmd_status(sk, index, opcode,
04124681 3094 MGMT_STATUS_INVALID_INDEX);
bdb6d971
JH		 3095 goto done;
3096 }
3097 }
3098
0f4e68cf 3099 if (opcode >= ARRAY_SIZE(mgmt_handlers) ||
8ce8e2b5 3100 mgmt_handlers[opcode].func == NULL) {
0381101f 3101 BT_DBG("Unknown op %u", opcode);
ca69b795 3102 err = cmd_status(sk, index, opcode,
04124681 3103 MGMT_STATUS_UNKNOWN_COMMAND);
0f4e68cf
JH		 3104 goto done;
3105 }
3106
3107 if ((hdev && opcode < MGMT_OP_READ_INFO) ||
8ce8e2b5 3108 (!hdev && opcode >= MGMT_OP_READ_INFO)) {
0f4e68cf 3109 err = cmd_status(sk, index, opcode,
04124681 3110 MGMT_STATUS_INVALID_INDEX);
0f4e68cf 3111 goto done;
0381101f
JH		 3112 }
3113
be22b54e
JH		 3114 handler = &mgmt_handlers[opcode];
3115
3116 if ((handler->var_len && len < handler->data_len) ||
8ce8e2b5 3117 (!handler->var_len && len != handler->data_len)) {
be22b54e 3118 err = cmd_status(sk, index, opcode,
04124681 3119 MGMT_STATUS_INVALID_PARAMS);
be22b54e
JH		 3120 goto done;
3121 }
3122
0f4e68cf
JH		 3123 if (hdev)
3124 mgmt_init_hdev(sk, hdev);
3125
3126 cp = buf + sizeof(*hdr);
3127
be22b54e 3128 err = handler->func(sk, hdev, cp, len);
e41d8b4e
JH		 3129 if (err < 0)
3130 goto done;
3131
0381101f
JH		 3132 err = msglen;
3133
3134done:
bdb6d971
JH		 3135 if (hdev)
3136 hci_dev_put(hdev);
3137
0381101f
JH		 3138 kfree(buf);
3139 return err;
3140}
c71e97bf 3141
b24752fe
JH		 3142static void cmd_status_rsp(struct pending_cmd *cmd, void *data)
3143{
3144 u8 *status = data;
3145
3146 cmd_status(cmd->sk, cmd->index, cmd->opcode, *status);
3147 mgmt_pending_remove(cmd);
3148}
3149
744cf19e 3150int mgmt_index_added(struct hci_dev *hdev)
c71e97bf 3151{
bb4b2a9a
AE		 3152 if (!mgmt_valid_hdev(hdev))
3153 return -ENOTSUPP;
3154
744cf19e 3155 return mgmt_event(MGMT_EV_INDEX_ADDED, hdev, NULL, 0, NULL);
c71e97bf
JH		 3156}
3157
744cf19e 3158int mgmt_index_removed(struct hci_dev *hdev)
c71e97bf 3159{
5f159032 3160 u8 status = MGMT_STATUS_INVALID_INDEX;
b24752fe 3161
bb4b2a9a
AE		 3162 if (!mgmt_valid_hdev(hdev))
3163 return -ENOTSUPP;
3164
744cf19e 3165 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status);
b24752fe 3166
744cf19e 3167 return mgmt_event(MGMT_EV_INDEX_REMOVED, hdev, NULL, 0, NULL);
eec8d2bc
JH		 3168}
3169
73f22f62 3170struct cmd_lookup {
eec8d2bc 3171 struct sock *sk;
69ab39ea 3172 struct hci_dev *hdev;
90e70454 3173 u8 mgmt_status;
eec8d2bc
JH		 3174};
3175
69ab39ea 3176static void settings_rsp(struct pending_cmd *cmd, void *data)
eec8d2bc 3177{
73f22f62 3178 struct cmd_lookup *match = data;
eec8d2bc 3179
69ab39ea 3180 send_settings_rsp(cmd->sk, cmd->opcode, match->hdev);
eec8d2bc
JH		 3181
3182 list_del(&cmd->list);
3183
3184 if (match->sk == NULL) {
3185 match->sk = cmd->sk;
3186 sock_hold(match->sk);
3187 }
3188
3189 mgmt_pending_free(cmd);
c71e97bf 3190}
5add6af8 3191
890ea898 3192static void set_bredr_scan(struct hci_request *req)
7f0ae647 3193{
890ea898 3194 struct hci_dev *hdev = req->hdev;
7f0ae647
JH		 3195 u8 scan = 0;
3196
3197 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
3198 scan |= SCAN_PAGE;
3199 if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
3200 scan |= SCAN_INQUIRY;
3201
890ea898
JH		 3202 if (scan)
3203 hci_req_add(req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
7f0ae647
JH		 3204}
3205
229ab39c
JH		 3206static void powered_complete(struct hci_dev *hdev, u8 status)
3207{
3208 struct cmd_lookup match = { NULL, hdev };
3209
3210 BT_DBG("status 0x%02x", status);
3211
3212 hci_dev_lock(hdev);
3213
3214 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
3215
3216 new_settings(hdev, match.sk);
3217
3218 hci_dev_unlock(hdev);
3219
3220 if (match.sk)
3221 sock_put(match.sk);
3222}
3223
70da6243 3224static int powered_update_hci(struct hci_dev *hdev)
5add6af8 3225{
890ea898 3226 struct hci_request req;
70da6243 3227 u8 link_sec;
5add6af8 3228
890ea898
JH		 3229 hci_req_init(&req, hdev);
3230
70da6243
JH		 3231 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags) &&
3232 !lmp_host_ssp_capable(hdev)) {
3233 u8 ssp = 1;
5e5282bb 3234
890ea898 3235 hci_req_add(&req, HCI_OP_WRITE_SSP_MODE, 1, &ssp);
70da6243 3236 }
5add6af8 3237
70da6243
JH		 3238 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
3239 struct hci_cp_write_le_host_supported cp;
f0ff92fb 3240
70da6243
JH		 3241 cp.le = 1;
3242 cp.simul = lmp_le_br_capable(hdev);
3d1cbdd6 3243
70da6243
JH		 3244 /* Check first if we already have the right
3245 * host state (host features set)
3246 */
3247 if (cp.le != lmp_host_le_capable(hdev) ||
3248 cp.simul != lmp_host_le_br_capable(hdev))
890ea898
JH		 3249 hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED,
3250 sizeof(cp), &cp);
70da6243 3251 }
3d1cbdd6 3252
70da6243
JH		 3253 link_sec = test_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
3254 if (link_sec != test_bit(HCI_AUTH, &hdev->flags))
890ea898
JH		 3255 hci_req_add(&req, HCI_OP_WRITE_AUTH_ENABLE,
3256 sizeof(link_sec), &link_sec);
562fcc24 3257
70da6243 3258 if (lmp_bredr_capable(hdev)) {
890ea898
JH		 3259 set_bredr_scan(&req);
3260 update_class(&req);
13928971 3261 update_name(&req);
890ea898 3262 update_eir(&req);
70da6243 3263 }
562fcc24 3264
229ab39c 3265 return hci_req_run(&req, powered_complete);
70da6243 3266}
562fcc24 3267
70da6243
JH		 3268int mgmt_powered(struct hci_dev *hdev, u8 powered)
3269{
3270 struct cmd_lookup match = { NULL, hdev };
229ab39c
JH		 3271 u8 status_not_powered = MGMT_STATUS_NOT_POWERED;
3272 u8 zero_cod[] = { 0, 0, 0 };
70da6243 3273 int err;
f0ff92fb 3274
70da6243
JH		 3275 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
3276 return 0;
3277
70da6243 3278 if (powered) {
229ab39c
JH		 3279 if (powered_update_hci(hdev) == 0)
3280 return 0;
fe038884 3281
229ab39c
JH		 3282 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp,
3283 &match);
3284 goto new_settings;
b24752fe
JH		 3285 }
3286
229ab39c
JH		 3287 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
3288 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status_not_powered);
3289
3290 if (memcmp(hdev->dev_class, zero_cod, sizeof(zero_cod)) != 0)
3291 mgmt_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev,
3292 zero_cod, sizeof(zero_cod), NULL);
3293
3294new_settings:
beadb2bd 3295 err = new_settings(hdev, match.sk);
eec8d2bc
JH		 3296
3297 if (match.sk)
3298 sock_put(match.sk);
3299
7bb895d6 3300 return err;
5add6af8 3301}
73f22f62 3302
744cf19e 3303int mgmt_discoverable(struct hci_dev *hdev, u8 discoverable)
73f22f62 3304{
76a7f3a4 3305 struct cmd_lookup match = { NULL, hdev };
5e5282bb
JH		 3306 bool changed = false;
3307 int err = 0;
73f22f62 3308
5e5282bb
JH		 3309 if (discoverable) {
3310 if (!test_and_set_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
3311 changed = true;
3312 } else {
3313 if (test_and_clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
3314 changed = true;
3315 }
73f22f62 3316
ed9b5f2f 3317 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, hdev, settings_rsp,
04124681 3318 &match);
ed9b5f2f 3319
beadb2bd
JH		 3320 if (changed)
3321 err = new_settings(hdev, match.sk);
5e5282bb 3322
73f22f62
JH		 3323 if (match.sk)
3324 sock_put(match.sk);
3325
7bb895d6 3326 return err;
73f22f62 3327}
9fbcbb45 3328
744cf19e 3329int mgmt_connectable(struct hci_dev *hdev, u8 connectable)
9fbcbb45 3330{
76a7f3a4 3331 struct cmd_lookup match = { NULL, hdev };
5e5282bb
JH		 3332 bool changed = false;
3333 int err = 0;
9fbcbb45 3334
5e5282bb
JH		 3335 if (connectable) {
3336 if (!test_and_set_bit(HCI_CONNECTABLE, &hdev->dev_flags))
3337 changed = true;
3338 } else {
3339 if (test_and_clear_bit(HCI_CONNECTABLE, &hdev->dev_flags))
3340 changed = true;
3341 }
9fbcbb45 3342
ed9b5f2f 3343 mgmt_pending_foreach(MGMT_OP_SET_CONNECTABLE, hdev, settings_rsp,
04124681 3344 &match);
ed9b5f2f 3345
beadb2bd
JH		 3346 if (changed)
3347 err = new_settings(hdev, match.sk);
9fbcbb45
JH		 3348
3349 if (match.sk)
3350 sock_put(match.sk);
3351
7bb895d6 3352 return err;
9fbcbb45 3353}
55ed8ca1 3354
744cf19e 3355int mgmt_write_scan_failed(struct hci_dev *hdev, u8 scan, u8 status)
2d7cee58 3356{
ca69b795
JH		 3357 u8 mgmt_err = mgmt_status(status);
3358
2d7cee58 3359 if (scan & SCAN_PAGE)
744cf19e 3360 mgmt_pending_foreach(MGMT_OP_SET_CONNECTABLE, hdev,
04124681 3361 cmd_status_rsp, &mgmt_err);
2d7cee58
JH		 3362
3363 if (scan & SCAN_INQUIRY)
744cf19e 3364 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, hdev,
04124681 3365 cmd_status_rsp, &mgmt_err);
2d7cee58
JH		 3366
3367 return 0;
3368}
3369
53168e5b
CC		 3370int mgmt_new_link_key(struct hci_dev *hdev, struct link_key *key,
3371 bool persistent)
55ed8ca1 3372{
86742e1e 3373 struct mgmt_ev_new_link_key ev;
55ed8ca1 3374
a492cd52 3375 memset(&ev, 0, sizeof(ev));
55ed8ca1 3376
a492cd52 3377 ev.store_hint = persistent;
d753fdc4 3378 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
591f47f3 3379 ev.key.addr.type = BDADDR_BREDR;
a492cd52 3380 ev.key.type = key->type;
9b3b4460 3381 memcpy(ev.key.val, key->val, HCI_LINK_KEY_SIZE);
a492cd52 3382 ev.key.pin_len = key->pin_len;
55ed8ca1 3383
744cf19e 3384 return mgmt_event(MGMT_EV_NEW_LINK_KEY, hdev, &ev, sizeof(ev), NULL);
55ed8ca1 3385}
f7520543 3386
346af67b
VCG		 3387int mgmt_new_ltk(struct hci_dev *hdev, struct smp_ltk *key, u8 persistent)
3388{
3389 struct mgmt_ev_new_long_term_key ev;
3390
3391 memset(&ev, 0, sizeof(ev));
3392
3393 ev.store_hint = persistent;
3394 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
57c1477c 3395 ev.key.addr.type = link_to_bdaddr(LE_LINK, key->bdaddr_type);
346af67b
VCG		 3396 ev.key.authenticated = key->authenticated;
3397 ev.key.enc_size = key->enc_size;
3398 ev.key.ediv = key->ediv;
3399
3400 if (key->type == HCI_SMP_LTK)
3401 ev.key.master = 1;
3402
3403 memcpy(ev.key.rand, key->rand, sizeof(key->rand));
3404 memcpy(ev.key.val, key->val, sizeof(key->val));
3405
04124681
GP		 3406 return mgmt_event(MGMT_EV_NEW_LONG_TERM_KEY, hdev, &ev, sizeof(ev),
3407 NULL);
346af67b
VCG		 3408}
3409
afc747a6 3410int mgmt_device_connected(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
04124681
GP		 3411 u8 addr_type, u32 flags, u8 *name, u8 name_len,
3412 u8 *dev_class)
f7520543 3413{
b644ba33
JH		 3414 char buf[512];
3415 struct mgmt_ev_device_connected *ev = (void *) buf;
3416 u16 eir_len = 0;
f7520543 3417
b644ba33 3418 bacpy(&ev->addr.bdaddr, bdaddr);
57c1477c 3419 ev->addr.type = link_to_bdaddr(link_type, addr_type);
f7520543 3420
c95f0ba7 3421 ev->flags = __cpu_to_le32(flags);
08c79b61 3422
b644ba33
JH		 3423 if (name_len > 0)
3424 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE,
04124681 3425 name, name_len);
b644ba33
JH		 3426
3427 if (dev_class && memcmp(dev_class, "\0\0\0", 3) != 0)
53156385 3428 eir_len = eir_append_data(ev->eir, eir_len,
04124681 3429 EIR_CLASS_OF_DEV, dev_class, 3);
b644ba33 3430
eb55ef07 3431 ev->eir_len = cpu_to_le16(eir_len);
b644ba33
JH		 3432
3433 return mgmt_event(MGMT_EV_DEVICE_CONNECTED, hdev, buf,
04124681 3434 sizeof(*ev) + eir_len, NULL);
f7520543
JH		 3435}
3436
8962ee74
JH		 3437static void disconnect_rsp(struct pending_cmd *cmd, void *data)
3438{
c68fb7ff 3439 struct mgmt_cp_disconnect *cp = cmd->param;
8962ee74 3440 struct sock **sk = data;
a38528f1 3441 struct mgmt_rp_disconnect rp;
8962ee74 3442
88c3df13
JH		 3443 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
3444 rp.addr.type = cp->addr.type;
8962ee74 3445
aee9b218 3446 cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT, 0, &rp,
04124681 3447 sizeof(rp));
8962ee74
JH		 3448
3449 *sk = cmd->sk;
3450 sock_hold(*sk);
3451
a664b5bc 3452 mgmt_pending_remove(cmd);
8962ee74
JH		 3453}
3454
124f6e35 3455static void unpair_device_rsp(struct pending_cmd *cmd, void *data)
a8a1d19e 3456{
b1078ad0 3457 struct hci_dev *hdev = data;
124f6e35
JH		 3458 struct mgmt_cp_unpair_device *cp = cmd->param;
3459 struct mgmt_rp_unpair_device rp;
a8a1d19e
JH		 3460
3461 memset(&rp, 0, sizeof(rp));
124f6e35
JH		 3462 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
3463 rp.addr.type = cp->addr.type;
a8a1d19e 3464
b1078ad0
JH		 3465 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, cmd->sk);
3466
aee9b218 3467 cmd_complete(cmd->sk, cmd->index, cmd->opcode, 0, &rp, sizeof(rp));
a8a1d19e
JH		 3468
3469 mgmt_pending_remove(cmd);
3470}
3471
afc747a6 3472int mgmt_device_disconnected(struct hci_dev *hdev, bdaddr_t *bdaddr,
f0d6a0ea 3473 u8 link_type, u8 addr_type, u8 reason)
f7520543 3474{
f0d6a0ea 3475 struct mgmt_ev_device_disconnected ev;
8962ee74
JH		 3476 struct sock *sk = NULL;
3477 int err;
3478
744cf19e 3479 mgmt_pending_foreach(MGMT_OP_DISCONNECT, hdev, disconnect_rsp, &sk);
f7520543 3480
f0d6a0ea
MA		 3481 bacpy(&ev.addr.bdaddr, bdaddr);
3482 ev.addr.type = link_to_bdaddr(link_type, addr_type);
3483 ev.reason = reason;
f7520543 3484
afc747a6 3485 err = mgmt_event(MGMT_EV_DEVICE_DISCONNECTED, hdev, &ev, sizeof(ev),
04124681 3486 sk);
8962ee74
JH		 3487
3488 if (sk)
d97dcb66 3489 sock_put(sk);
8962ee74 3490
124f6e35 3491 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
04124681 3492 hdev);
a8a1d19e 3493
8962ee74
JH		 3494 return err;
3495}
3496
88c3df13 3497int mgmt_disconnect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 3498 u8 link_type, u8 addr_type, u8 status)
8962ee74 3499{
88c3df13 3500 struct mgmt_rp_disconnect rp;
8962ee74
JH		 3501 struct pending_cmd *cmd;
3502 int err;
3503
36a75f1b
JD		 3504 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
3505 hdev);
3506
2e58ef3e 3507 cmd = mgmt_pending_find(MGMT_OP_DISCONNECT, hdev);
8962ee74
JH		 3508 if (!cmd)
3509 return -ENOENT;
3510
88c3df13 3511 bacpy(&rp.addr.bdaddr, bdaddr);
57c1477c 3512 rp.addr.type = link_to_bdaddr(link_type, addr_type);
37d9ef76 3513
88c3df13 3514 err = cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT,
04124681 3515 mgmt_status(status), &rp, sizeof(rp));
8962ee74 3516
a664b5bc 3517 mgmt_pending_remove(cmd);
8962ee74
JH		 3518
3519 return err;
f7520543 3520}
17d5c04c 3521
48264f06 3522int mgmt_connect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
04124681 3523 u8 addr_type, u8 status)
17d5c04c
JH		 3524{
3525 struct mgmt_ev_connect_failed ev;
3526
4c659c39 3527 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 3528 ev.addr.type = link_to_bdaddr(link_type, addr_type);
ca69b795 3529 ev.status = mgmt_status(status);
17d5c04c 3530
744cf19e 3531 return mgmt_event(MGMT_EV_CONNECT_FAILED, hdev, &ev, sizeof(ev), NULL);
17d5c04c 3532}
980e1a53 3533
744cf19e 3534int mgmt_pin_code_request(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 secure)
980e1a53
JH		 3535{
3536 struct mgmt_ev_pin_code_request ev;
3537
d8457698 3538 bacpy(&ev.addr.bdaddr, bdaddr);
591f47f3 3539 ev.addr.type = BDADDR_BREDR;
a770bb5a 3540 ev.secure = secure;
980e1a53 3541
744cf19e 3542 return mgmt_event(MGMT_EV_PIN_CODE_REQUEST, hdev, &ev, sizeof(ev),
04124681 3543 NULL);
980e1a53
JH		 3544}
3545
744cf19e 3546int mgmt_pin_code_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 3547 u8 status)
980e1a53
JH		 3548{
3549 struct pending_cmd *cmd;
ac56fb13 3550 struct mgmt_rp_pin_code_reply rp;
980e1a53
JH		 3551 int err;
3552
2e58ef3e 3553 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_REPLY, hdev);
980e1a53
JH		 3554 if (!cmd)
3555 return -ENOENT;
3556
d8457698 3557 bacpy(&rp.addr.bdaddr, bdaddr);
591f47f3 3558 rp.addr.type = BDADDR_BREDR;
ac56fb13 3559
aee9b218 3560 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
04124681 3561 mgmt_status(status), &rp, sizeof(rp));
980e1a53 3562
a664b5bc 3563 mgmt_pending_remove(cmd);
980e1a53
JH		 3564
3565 return err;
3566}
3567
744cf19e 3568int mgmt_pin_code_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 3569 u8 status)
980e1a53
JH		 3570{
3571 struct pending_cmd *cmd;
ac56fb13 3572 struct mgmt_rp_pin_code_reply rp;
980e1a53
JH		 3573 int err;
3574
2e58ef3e 3575 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_NEG_REPLY, hdev);
980e1a53
JH		 3576 if (!cmd)
3577 return -ENOENT;
3578
d8457698 3579 bacpy(&rp.addr.bdaddr, bdaddr);
591f47f3 3580 rp.addr.type = BDADDR_BREDR;
ac56fb13 3581
aee9b218 3582 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_NEG_REPLY,
04124681 3583 mgmt_status(status), &rp, sizeof(rp));
980e1a53 3584
a664b5bc 3585 mgmt_pending_remove(cmd);
980e1a53
JH		 3586
3587 return err;
3588}
a5c29683 3589
744cf19e 3590int mgmt_user_confirm_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681
GP		 3591 u8 link_type, u8 addr_type, __le32 value,
3592 u8 confirm_hint)
a5c29683
JH		 3593{
3594 struct mgmt_ev_user_confirm_request ev;
3595
744cf19e 3596 BT_DBG("%s", hdev->name);
a5c29683 3597
272d90df 3598 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 3599 ev.addr.type = link_to_bdaddr(link_type, addr_type);
55bc1a37 3600 ev.confirm_hint = confirm_hint;
78e8098e 3601 ev.value = value;
a5c29683 3602
744cf19e 3603 return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST, hdev, &ev, sizeof(ev),
04124681 3604 NULL);
a5c29683
JH		 3605}
3606
272d90df 3607int mgmt_user_passkey_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
8ce8e2b5 3608 u8 link_type, u8 addr_type)
604086b7
BG		 3609{
3610 struct mgmt_ev_user_passkey_request ev;
3611
3612 BT_DBG("%s", hdev->name);
3613
272d90df 3614 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 3615 ev.addr.type = link_to_bdaddr(link_type, addr_type);
604086b7
BG		 3616
3617 return mgmt_event(MGMT_EV_USER_PASSKEY_REQUEST, hdev, &ev, sizeof(ev),
04124681 3618 NULL);
604086b7
BG		 3619}
3620
0df4c185 3621static int user_pairing_resp_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
8ce8e2b5
GP		 3622 u8 link_type, u8 addr_type, u8 status,
3623 u8 opcode)
a5c29683
JH		 3624{
3625 struct pending_cmd *cmd;
3626 struct mgmt_rp_user_confirm_reply rp;
3627 int err;
3628
2e58ef3e 3629 cmd = mgmt_pending_find(opcode, hdev);
a5c29683
JH		 3630 if (!cmd)
3631 return -ENOENT;
3632
272d90df 3633 bacpy(&rp.addr.bdaddr, bdaddr);
57c1477c 3634 rp.addr.type = link_to_bdaddr(link_type, addr_type);
aee9b218 3635 err = cmd_complete(cmd->sk, hdev->id, opcode, mgmt_status(status),
04124681 3636 &rp, sizeof(rp));
a5c29683 3637
a664b5bc 3638 mgmt_pending_remove(cmd);
a5c29683
JH		 3639
3640 return err;
3641}
3642
744cf19e 3643int mgmt_user_confirm_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 3644 u8 link_type, u8 addr_type, u8 status)
a5c29683 3645{
272d90df 3646 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
04124681 3647 status, MGMT_OP_USER_CONFIRM_REPLY);
a5c29683
JH		 3648}
3649
272d90df 3650int mgmt_user_confirm_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 3651 u8 link_type, u8 addr_type, u8 status)
a5c29683 3652{
272d90df 3653 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
8fc9ced3
GP		 3654 status,
3655 MGMT_OP_USER_CONFIRM_NEG_REPLY);
a5c29683 3656}
2a611692 3657
604086b7 3658int mgmt_user_passkey_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 3659 u8 link_type, u8 addr_type, u8 status)
604086b7 3660{
272d90df 3661 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
04124681 3662 status, MGMT_OP_USER_PASSKEY_REPLY);
604086b7
BG		 3663}
3664
272d90df 3665int mgmt_user_passkey_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 3666 u8 link_type, u8 addr_type, u8 status)
604086b7 3667{
272d90df 3668 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
8fc9ced3
GP		 3669 status,
3670 MGMT_OP_USER_PASSKEY_NEG_REPLY);
604086b7
BG		 3671}
3672
92a25256
JH		 3673int mgmt_user_passkey_notify(struct hci_dev *hdev, bdaddr_t *bdaddr,
3674 u8 link_type, u8 addr_type, u32 passkey,
3675 u8 entered)
3676{
3677 struct mgmt_ev_passkey_notify ev;
3678
3679 BT_DBG("%s", hdev->name);
3680
3681 bacpy(&ev.addr.bdaddr, bdaddr);
3682 ev.addr.type = link_to_bdaddr(link_type, addr_type);
3683 ev.passkey = __cpu_to_le32(passkey);
3684 ev.entered = entered;
3685
3686 return mgmt_event(MGMT_EV_PASSKEY_NOTIFY, hdev, &ev, sizeof(ev), NULL);
3687}
3688
bab73cb6 3689int mgmt_auth_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
04124681 3690 u8 addr_type, u8 status)
2a611692
JH		 3691{
3692 struct mgmt_ev_auth_failed ev;
3693
bab73cb6 3694 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 3695 ev.addr.type = link_to_bdaddr(link_type, addr_type);
ca69b795 3696 ev.status = mgmt_status(status);
2a611692 3697
744cf19e 3698 return mgmt_event(MGMT_EV_AUTH_FAILED, hdev, &ev, sizeof(ev), NULL);
2a611692 3699}
b312b161 3700
33ef95ed
JH		 3701int mgmt_auth_enable_complete(struct hci_dev *hdev, u8 status)
3702{
3703 struct cmd_lookup match = { NULL, hdev };
47990ea0
JH		 3704 bool changed = false;
3705 int err = 0;
33ef95ed
JH		 3706
3707 if (status) {
3708 u8 mgmt_err = mgmt_status(status);
3709 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev,
04124681 3710 cmd_status_rsp, &mgmt_err);
33ef95ed
JH		 3711 return 0;
3712 }
3713
47990ea0
JH		 3714 if (test_bit(HCI_AUTH, &hdev->flags)) {
3715 if (!test_and_set_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
3716 changed = true;
3717 } else {
3718 if (test_and_clear_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
3719 changed = true;
3720 }
3721
33ef95ed 3722 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev, settings_rsp,
04124681 3723 &match);
33ef95ed 3724
47990ea0
JH		 3725 if (changed)
3726 err = new_settings(hdev, match.sk);
33ef95ed
JH		 3727
3728 if (match.sk)
3729 sock_put(match.sk);
3730
3731 return err;
3732}
3733
890ea898 3734static void clear_eir(struct hci_request *req)
cacaf52f 3735{
890ea898 3736 struct hci_dev *hdev = req->hdev;
cacaf52f
JH		 3737 struct hci_cp_write_eir cp;
3738
976eb20e 3739 if (!lmp_ext_inq_capable(hdev))
890ea898 3740 return;
cacaf52f 3741
c80da27e
JH		 3742 memset(hdev->eir, 0, sizeof(hdev->eir));
3743
cacaf52f
JH		 3744 memset(&cp, 0, sizeof(cp));
3745
890ea898 3746 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
cacaf52f
JH		 3747}
3748
c0ecddc2 3749int mgmt_ssp_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
ed2c4ee3
JH		 3750{
3751 struct cmd_lookup match = { NULL, hdev };
890ea898 3752 struct hci_request req;
c0ecddc2
JH		 3753 bool changed = false;
3754 int err = 0;
ed2c4ee3
JH		 3755
3756 if (status) {
3757 u8 mgmt_err = mgmt_status(status);
c0ecddc2
JH		 3758
3759 if (enable && test_and_clear_bit(HCI_SSP_ENABLED,
04124681 3760 &hdev->dev_flags))
c0ecddc2
JH		 3761 err = new_settings(hdev, NULL);
3762
04124681
GP		 3763 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, cmd_status_rsp,
3764 &mgmt_err);
c0ecddc2
JH		 3765
3766 return err;
3767 }
3768
3769 if (enable) {
3770 if (!test_and_set_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
3771 changed = true;
3772 } else {
3773 if (test_and_clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
3774 changed = true;
ed2c4ee3
JH		 3775 }
3776
3777 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, settings_rsp, &match);
3778
c0ecddc2
JH		 3779 if (changed)
3780 err = new_settings(hdev, match.sk);
ed2c4ee3 3781
5fc6ebb1 3782 if (match.sk)
ed2c4ee3
JH		 3783 sock_put(match.sk);
3784
890ea898
JH		 3785 hci_req_init(&req, hdev);
3786
5fc6ebb1 3787 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
890ea898 3788 update_eir(&req);
5fc6ebb1 3789 else
890ea898
JH		 3790 clear_eir(&req);
3791
3792 hci_req_run(&req, NULL);
cacaf52f 3793
ed2c4ee3
JH		 3794 return err;
3795}
3796
92da6097 3797static void sk_lookup(struct pending_cmd *cmd, void *data)
90e70454
JH		 3798{
3799 struct cmd_lookup *match = data;
3800
90e70454
JH		 3801 if (match->sk == NULL) {
3802 match->sk = cmd->sk;
3803 sock_hold(match->sk);
3804 }
90e70454
JH		 3805}
3806
7f9a903c 3807int mgmt_set_class_of_dev_complete(struct hci_dev *hdev, u8 *dev_class,
04124681 3808 u8 status)
7f9a903c 3809{
90e70454
JH		 3810 struct cmd_lookup match = { NULL, hdev, mgmt_status(status) };
3811 int err = 0;
7f9a903c 3812
92da6097
JH		 3813 mgmt_pending_foreach(MGMT_OP_SET_DEV_CLASS, hdev, sk_lookup, &match);
3814 mgmt_pending_foreach(MGMT_OP_ADD_UUID, hdev, sk_lookup, &match);
3815 mgmt_pending_foreach(MGMT_OP_REMOVE_UUID, hdev, sk_lookup, &match);
90e70454
JH		 3816
3817 if (!status)
04124681
GP		 3818 err = mgmt_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev, dev_class,
3819 3, NULL);
90e70454
JH		 3820
3821 if (match.sk)
3822 sock_put(match.sk);
7f9a903c
MH		 3823
3824 return err;
3825}
3826
744cf19e 3827int mgmt_set_local_name_complete(struct hci_dev *hdev, u8 *name, u8 status)
b312b161 3828{
b312b161 3829 struct mgmt_cp_set_local_name ev;
13928971 3830 struct pending_cmd *cmd;
28cc7bde 3831
13928971
JH		 3832 if (status)
3833 return 0;
b312b161
JH		 3834
3835 memset(&ev, 0, sizeof(ev));
3836 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH);
28cc7bde 3837 memcpy(ev.short_name, hdev->short_name, HCI_MAX_SHORT_NAME_LENGTH);
b312b161 3838
2e58ef3e 3839 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
13928971
JH		 3840 if (!cmd) {
3841 memcpy(hdev->dev_name, name, sizeof(hdev->dev_name));
28cc7bde 3842
13928971
JH		 3843 /* If this is a HCI command related to powering on the
3844 * HCI dev don't send any mgmt signals.
3845 */
3846 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev))
3847 return 0;
890ea898 3848 }
b312b161 3849
13928971
JH		 3850 return mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, &ev, sizeof(ev),
3851 cmd ? cmd->sk : NULL);
b312b161 3852}
c35938b2 3853
744cf19e 3854int mgmt_read_local_oob_data_reply_complete(struct hci_dev *hdev, u8 *hash,
04124681 3855 u8 *randomizer, u8 status)
c35938b2
SJ		 3856{
3857 struct pending_cmd *cmd;
3858 int err;
3859
744cf19e 3860 BT_DBG("%s status %u", hdev->name, status);
c35938b2 3861
2e58ef3e 3862 cmd = mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev);
c35938b2
SJ		 3863 if (!cmd)
3864 return -ENOENT;
3865
3866 if (status) {
04124681
GP		 3867 err = cmd_status(cmd->sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3868 mgmt_status(status));
c35938b2
SJ		 3869 } else {
3870 struct mgmt_rp_read_local_oob_data rp;
3871
3872 memcpy(rp.hash, hash, sizeof(rp.hash));
3873 memcpy(rp.randomizer, randomizer, sizeof(rp.randomizer));
3874
744cf19e 3875 err = cmd_complete(cmd->sk, hdev->id,
04124681
GP		 3876 MGMT_OP_READ_LOCAL_OOB_DATA, 0, &rp,
3877 sizeof(rp));
c35938b2
SJ		 3878 }
3879
3880 mgmt_pending_remove(cmd);
3881
3882 return err;
3883}
e17acd40 3884
06199cf8
JH		 3885int mgmt_le_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
3886{
3887 struct cmd_lookup match = { NULL, hdev };
3888 bool changed = false;
3889 int err = 0;
3890
3891 if (status) {
3892 u8 mgmt_err = mgmt_status(status);
3893
3894 if (enable && test_and_clear_bit(HCI_LE_ENABLED,
04124681 3895 &hdev->dev_flags))
d97dcb66 3896 err = new_settings(hdev, NULL);
06199cf8 3897
d97dcb66
SJ		 3898 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, cmd_status_rsp,
3899 &mgmt_err);
06199cf8
JH		 3900
3901 return err;
3902 }
3903
3904 if (enable) {
3905 if (!test_and_set_bit(HCI_LE_ENABLED, &hdev->dev_flags))
3906 changed = true;
3907 } else {
3908 if (test_and_clear_bit(HCI_LE_ENABLED, &hdev->dev_flags))
3909 changed = true;
3910 }
3911
3912 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, settings_rsp, &match);
3913
3914 if (changed)
3915 err = new_settings(hdev, match.sk);
3916
3917 if (match.sk)
3918 sock_put(match.sk);
3919
3920 return err;
3921}
3922
48264f06 3923int mgmt_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
04124681
GP		 3924 u8 addr_type, u8 *dev_class, s8 rssi, u8 cfm_name, u8
3925 ssp, u8 *eir, u16 eir_len)
e17acd40 3926{
e319d2e7
JH		 3927 char buf[512];
3928 struct mgmt_ev_device_found *ev = (void *) buf;
1dc06093 3929 size_t ev_size;
e17acd40 3930
1dc06093
JH		 3931 /* Leave 5 bytes for a potential CoD field */
3932 if (sizeof(*ev) + eir_len + 5 > sizeof(buf))
7d262f86
AG		 3933 return -EINVAL;
3934
1dc06093
JH		 3935 memset(buf, 0, sizeof(buf));
3936
e319d2e7 3937 bacpy(&ev->addr.bdaddr, bdaddr);
57c1477c 3938 ev->addr.type = link_to_bdaddr(link_type, addr_type);
e319d2e7 3939 ev->rssi = rssi;
9a395a80 3940 if (cfm_name)
612dfce9 3941 ev->flags |= __constant_cpu_to_le32(MGMT_DEV_FOUND_CONFIRM_NAME);
388fc8fa 3942 if (!ssp)
612dfce9 3943 ev->flags |= __constant_cpu_to_le32(MGMT_DEV_FOUND_LEGACY_PAIRING);
e17acd40 3944
1dc06093 3945 if (eir_len > 0)
e319d2e7 3946 memcpy(ev->eir, eir, eir_len);
e17acd40 3947
1dc06093
JH		 3948 if (dev_class && !eir_has_data_type(ev->eir, eir_len, EIR_CLASS_OF_DEV))
3949 eir_len = eir_append_data(ev->eir, eir_len, EIR_CLASS_OF_DEV,
04124681 3950 dev_class, 3);
1dc06093 3951
eb55ef07 3952 ev->eir_len = cpu_to_le16(eir_len);
1dc06093 3953 ev_size = sizeof(*ev) + eir_len;
f8523598 3954
e319d2e7 3955 return mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, ev_size, NULL);
e17acd40 3956}
a88a9652 3957
b644ba33 3958int mgmt_remote_name(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
04124681 3959 u8 addr_type, s8 rssi, u8 *name, u8 name_len)
a88a9652 3960{
b644ba33
JH		 3961 struct mgmt_ev_device_found *ev;
3962 char buf[sizeof(*ev) + HCI_MAX_NAME_LENGTH + 2];
3963 u16 eir_len;
a88a9652 3964
b644ba33 3965 ev = (struct mgmt_ev_device_found *) buf;
a88a9652 3966
b644ba33
JH		 3967 memset(buf, 0, sizeof(buf));
3968
3969 bacpy(&ev->addr.bdaddr, bdaddr);
57c1477c 3970 ev->addr.type = link_to_bdaddr(link_type, addr_type);
b644ba33
JH		 3971 ev->rssi = rssi;
3972
3973 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE, name,
04124681 3974 name_len);
b644ba33 3975
eb55ef07 3976 ev->eir_len = cpu_to_le16(eir_len);
a88a9652 3977
053c7e0c 3978 return mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev,
04124681 3979 sizeof(*ev) + eir_len, NULL);
a88a9652 3980}
314b2381 3981
7a135109 3982int mgmt_start_discovery_failed(struct hci_dev *hdev, u8 status)
164a6e78
JH		 3983{
3984 struct pending_cmd *cmd;
f808e166 3985 u8 type;
164a6e78
JH		 3986 int err;
3987
203159d4
AG		 3988 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
3989
2e58ef3e 3990 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
164a6e78
JH		 3991 if (!cmd)
3992 return -ENOENT;
3993
f808e166
JH		 3994 type = hdev->discovery.type;
3995
3996 err = cmd_complete(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status),
04124681 3997 &type, sizeof(type));
164a6e78
JH		 3998 mgmt_pending_remove(cmd);
3999
4000 return err;
4001}
4002
e6d465cb
AG		 4003int mgmt_stop_discovery_failed(struct hci_dev *hdev, u8 status)
4004{
4005 struct pending_cmd *cmd;
4006 int err;
4007
4008 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
4009 if (!cmd)
4010 return -ENOENT;
4011
d930650b 4012 err = cmd_complete(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status),
04124681 4013 &hdev->discovery.type, sizeof(hdev->discovery.type));
164a6e78
JH		 4014 mgmt_pending_remove(cmd);
4015
4016 return err;
4017}
4018
744cf19e 4019int mgmt_discovering(struct hci_dev *hdev, u8 discovering)
314b2381 4020{
f963e8e9 4021 struct mgmt_ev_discovering ev;
164a6e78
JH		 4022 struct pending_cmd *cmd;
4023
343fb145
AG		 4024 BT_DBG("%s discovering %u", hdev->name, discovering);
4025
164a6e78 4026 if (discovering)
2e58ef3e 4027 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
164a6e78 4028 else
2e58ef3e 4029 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
164a6e78
JH		 4030
4031 if (cmd != NULL) {
f808e166
JH		 4032 u8 type = hdev->discovery.type;
4033
04124681
GP		 4034 cmd_complete(cmd->sk, hdev->id, cmd->opcode, 0, &type,
4035 sizeof(type));
164a6e78
JH		 4036 mgmt_pending_remove(cmd);
4037 }
4038
f963e8e9
JH		 4039 memset(&ev, 0, sizeof(ev));
4040 ev.type = hdev->discovery.type;
4041 ev.discovering = discovering;
4042
4043 return mgmt_event(MGMT_EV_DISCOVERING, hdev, &ev, sizeof(ev), NULL);
314b2381 4044}
5e762444 4045
88c1fe4b 4046int mgmt_device_blocked(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
5e762444
AJ		 4047{
4048 struct pending_cmd *cmd;
4049 struct mgmt_ev_device_blocked ev;
4050
2e58ef3e 4051 cmd = mgmt_pending_find(MGMT_OP_BLOCK_DEVICE, hdev);
5e762444 4052
88c1fe4b
JH		 4053 bacpy(&ev.addr.bdaddr, bdaddr);
4054 ev.addr.type = type;
5e762444 4055
744cf19e 4056 return mgmt_event(MGMT_EV_DEVICE_BLOCKED, hdev, &ev, sizeof(ev),
04124681 4057 cmd ? cmd->sk : NULL);
5e762444
AJ		 4058}
4059
88c1fe4b 4060int mgmt_device_unblocked(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
5e762444
AJ		 4061{
4062 struct pending_cmd *cmd;
4063 struct mgmt_ev_device_unblocked ev;
4064
2e58ef3e 4065 cmd = mgmt_pending_find(MGMT_OP_UNBLOCK_DEVICE, hdev);
5e762444 4066
88c1fe4b
JH		 4067 bacpy(&ev.addr.bdaddr, bdaddr);
4068 ev.addr.type = type;
5e762444 4069
744cf19e 4070 return mgmt_event(MGMT_EV_DEVICE_UNBLOCKED, hdev, &ev, sizeof(ev),
04124681 4071 cmd ? cmd->sk : NULL);
5e762444 4072}
d7b7e796
MH		 4073
4074module_param(enable_hs, bool, 0644);
4075MODULE_PARM_DESC(enable_hs, "Enable High Speed support");
Linux kernel - Deliverables
This page took 0.802514 seconds and 5 git commands to generate.