projects / deliverable / linux.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Bluetooth: Move HCI_LIMITED_DISCOVERABLE changes to a general place
[deliverable/linux.git] / net / bluetooth / mgmt.c
CommitLineData
0381101f
JH		 1/*
2 BlueZ - Bluetooth protocol stack for Linux
ea585ab5 3
0381101f 4 Copyright (C) 2010 Nokia Corporation
ea585ab5 5 Copyright (C) 2011-2012 Intel Corporation
0381101f
JH		 6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
10
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
23*/
24
25/* Bluetooth HCI Management interface */
26
3a9a231d 27#include <linux/module.h>
0381101f
JH		 28#include <asm/unaligned.h>
29
30#include <net/bluetooth/bluetooth.h>
31#include <net/bluetooth/hci_core.h>
32#include <net/bluetooth/mgmt.h>
ac4b7236
MH		 33
34#include "smp.h"
0381101f 35
2da9c55c 36#define MGMT_VERSION 1
9ab8cf37 37#define MGMT_REVISION 4
02d98129 38
e70bb2e8
JH		 39static const u16 mgmt_commands[] = {
40 MGMT_OP_READ_INDEX_LIST,
41 MGMT_OP_READ_INFO,
42 MGMT_OP_SET_POWERED,
43 MGMT_OP_SET_DISCOVERABLE,
44 MGMT_OP_SET_CONNECTABLE,
45 MGMT_OP_SET_FAST_CONNECTABLE,
46 MGMT_OP_SET_PAIRABLE,
47 MGMT_OP_SET_LINK_SECURITY,
48 MGMT_OP_SET_SSP,
49 MGMT_OP_SET_HS,
50 MGMT_OP_SET_LE,
51 MGMT_OP_SET_DEV_CLASS,
52 MGMT_OP_SET_LOCAL_NAME,
53 MGMT_OP_ADD_UUID,
54 MGMT_OP_REMOVE_UUID,
55 MGMT_OP_LOAD_LINK_KEYS,
56 MGMT_OP_LOAD_LONG_TERM_KEYS,
57 MGMT_OP_DISCONNECT,
58 MGMT_OP_GET_CONNECTIONS,
59 MGMT_OP_PIN_CODE_REPLY,
60 MGMT_OP_PIN_CODE_NEG_REPLY,
61 MGMT_OP_SET_IO_CAPABILITY,
62 MGMT_OP_PAIR_DEVICE,
63 MGMT_OP_CANCEL_PAIR_DEVICE,
64 MGMT_OP_UNPAIR_DEVICE,
65 MGMT_OP_USER_CONFIRM_REPLY,
66 MGMT_OP_USER_CONFIRM_NEG_REPLY,
67 MGMT_OP_USER_PASSKEY_REPLY,
68 MGMT_OP_USER_PASSKEY_NEG_REPLY,
69 MGMT_OP_READ_LOCAL_OOB_DATA,
70 MGMT_OP_ADD_REMOTE_OOB_DATA,
71 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
72 MGMT_OP_START_DISCOVERY,
73 MGMT_OP_STOP_DISCOVERY,
74 MGMT_OP_CONFIRM_NAME,
75 MGMT_OP_BLOCK_DEVICE,
76 MGMT_OP_UNBLOCK_DEVICE,
cdbaccca 77 MGMT_OP_SET_DEVICE_ID,
4375f103 78 MGMT_OP_SET_ADVERTISING,
0663ca2a 79 MGMT_OP_SET_BREDR,
d13eafce 80 MGMT_OP_SET_STATIC_ADDRESS,
7f72134e 81 MGMT_OP_SET_SCAN_PARAMS,
e70bb2e8
JH		 82};
83
84static const u16 mgmt_events[] = {
85 MGMT_EV_CONTROLLER_ERROR,
86 MGMT_EV_INDEX_ADDED,
87 MGMT_EV_INDEX_REMOVED,
88 MGMT_EV_NEW_SETTINGS,
89 MGMT_EV_CLASS_OF_DEV_CHANGED,
90 MGMT_EV_LOCAL_NAME_CHANGED,
91 MGMT_EV_NEW_LINK_KEY,
92 MGMT_EV_NEW_LONG_TERM_KEY,
93 MGMT_EV_DEVICE_CONNECTED,
94 MGMT_EV_DEVICE_DISCONNECTED,
95 MGMT_EV_CONNECT_FAILED,
96 MGMT_EV_PIN_CODE_REQUEST,
97 MGMT_EV_USER_CONFIRM_REQUEST,
98 MGMT_EV_USER_PASSKEY_REQUEST,
99 MGMT_EV_AUTH_FAILED,
100 MGMT_EV_DEVICE_FOUND,
101 MGMT_EV_DISCOVERING,
102 MGMT_EV_DEVICE_BLOCKED,
103 MGMT_EV_DEVICE_UNBLOCKED,
104 MGMT_EV_DEVICE_UNPAIRED,
92a25256 105 MGMT_EV_PASSKEY_NOTIFY,
e70bb2e8
JH		 106};
107
17b02e62 108#define CACHE_TIMEOUT msecs_to_jiffies(2 * 1000)
7d78525d 109
4b34ee78
JH		 110#define hdev_is_powered(hdev) (test_bit(HCI_UP, &hdev->flags) && \
111 !test_bit(HCI_AUTO_OFF, &hdev->dev_flags))
112
eec8d2bc
JH		 113struct pending_cmd {
114 struct list_head list;
fc2f4b13 115 u16 opcode;
eec8d2bc 116 int index;
c68fb7ff 117 void *param;
eec8d2bc 118 struct sock *sk;
e9a416b5 119 void *user_data;
eec8d2bc
JH		 120};
121
ca69b795
JH		 122/* HCI to MGMT error code conversion table */
123static u8 mgmt_status_table[] = {
124 MGMT_STATUS_SUCCESS,
125 MGMT_STATUS_UNKNOWN_COMMAND, /* Unknown Command */
126 MGMT_STATUS_NOT_CONNECTED, /* No Connection */
127 MGMT_STATUS_FAILED, /* Hardware Failure */
128 MGMT_STATUS_CONNECT_FAILED, /* Page Timeout */
129 MGMT_STATUS_AUTH_FAILED, /* Authentication Failed */
130 MGMT_STATUS_NOT_PAIRED, /* PIN or Key Missing */
131 MGMT_STATUS_NO_RESOURCES, /* Memory Full */
132 MGMT_STATUS_TIMEOUT, /* Connection Timeout */
133 MGMT_STATUS_NO_RESOURCES, /* Max Number of Connections */
134 MGMT_STATUS_NO_RESOURCES, /* Max Number of SCO Connections */
135 MGMT_STATUS_ALREADY_CONNECTED, /* ACL Connection Exists */
136 MGMT_STATUS_BUSY, /* Command Disallowed */
137 MGMT_STATUS_NO_RESOURCES, /* Rejected Limited Resources */
138 MGMT_STATUS_REJECTED, /* Rejected Security */
139 MGMT_STATUS_REJECTED, /* Rejected Personal */
140 MGMT_STATUS_TIMEOUT, /* Host Timeout */
141 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Feature */
142 MGMT_STATUS_INVALID_PARAMS, /* Invalid Parameters */
143 MGMT_STATUS_DISCONNECTED, /* OE User Ended Connection */
144 MGMT_STATUS_NO_RESOURCES, /* OE Low Resources */
145 MGMT_STATUS_DISCONNECTED, /* OE Power Off */
146 MGMT_STATUS_DISCONNECTED, /* Connection Terminated */
147 MGMT_STATUS_BUSY, /* Repeated Attempts */
148 MGMT_STATUS_REJECTED, /* Pairing Not Allowed */
149 MGMT_STATUS_FAILED, /* Unknown LMP PDU */
150 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Remote Feature */
151 MGMT_STATUS_REJECTED, /* SCO Offset Rejected */
152 MGMT_STATUS_REJECTED, /* SCO Interval Rejected */
153 MGMT_STATUS_REJECTED, /* Air Mode Rejected */
154 MGMT_STATUS_INVALID_PARAMS, /* Invalid LMP Parameters */
155 MGMT_STATUS_FAILED, /* Unspecified Error */
156 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported LMP Parameter Value */
157 MGMT_STATUS_FAILED, /* Role Change Not Allowed */
158 MGMT_STATUS_TIMEOUT, /* LMP Response Timeout */
159 MGMT_STATUS_FAILED, /* LMP Error Transaction Collision */
160 MGMT_STATUS_FAILED, /* LMP PDU Not Allowed */
161 MGMT_STATUS_REJECTED, /* Encryption Mode Not Accepted */
162 MGMT_STATUS_FAILED, /* Unit Link Key Used */
163 MGMT_STATUS_NOT_SUPPORTED, /* QoS Not Supported */
164 MGMT_STATUS_TIMEOUT, /* Instant Passed */
165 MGMT_STATUS_NOT_SUPPORTED, /* Pairing Not Supported */
166 MGMT_STATUS_FAILED, /* Transaction Collision */
167 MGMT_STATUS_INVALID_PARAMS, /* Unacceptable Parameter */
168 MGMT_STATUS_REJECTED, /* QoS Rejected */
169 MGMT_STATUS_NOT_SUPPORTED, /* Classification Not Supported */
170 MGMT_STATUS_REJECTED, /* Insufficient Security */
171 MGMT_STATUS_INVALID_PARAMS, /* Parameter Out Of Range */
172 MGMT_STATUS_BUSY, /* Role Switch Pending */
173 MGMT_STATUS_FAILED, /* Slot Violation */
174 MGMT_STATUS_FAILED, /* Role Switch Failed */
175 MGMT_STATUS_INVALID_PARAMS, /* EIR Too Large */
176 MGMT_STATUS_NOT_SUPPORTED, /* Simple Pairing Not Supported */
177 MGMT_STATUS_BUSY, /* Host Busy Pairing */
178 MGMT_STATUS_REJECTED, /* Rejected, No Suitable Channel */
179 MGMT_STATUS_BUSY, /* Controller Busy */
180 MGMT_STATUS_INVALID_PARAMS, /* Unsuitable Connection Interval */
181 MGMT_STATUS_TIMEOUT, /* Directed Advertising Timeout */
182 MGMT_STATUS_AUTH_FAILED, /* Terminated Due to MIC Failure */
183 MGMT_STATUS_CONNECT_FAILED, /* Connection Establishment Failed */
184 MGMT_STATUS_CONNECT_FAILED, /* MAC Connection Failed */
185};
186
187static u8 mgmt_status(u8 hci_status)
188{
189 if (hci_status < ARRAY_SIZE(mgmt_status_table))
190 return mgmt_status_table[hci_status];
191
192 return MGMT_STATUS_FAILED;
193}
194
4e51eae9 195static int cmd_status(struct sock *sk, u16 index, u16 cmd, u8 status)
f7b64e69
JH		 196{
197 struct sk_buff *skb;
198 struct mgmt_hdr *hdr;
199 struct mgmt_ev_cmd_status *ev;
56b7d137 200 int err;
f7b64e69 201
34eb525c 202 BT_DBG("sock %p, index %u, cmd %u, status %u", sk, index, cmd, status);
f7b64e69 203
790eff44 204 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev), GFP_KERNEL);
f7b64e69
JH		 205 if (!skb)
206 return -ENOMEM;
207
208 hdr = (void *) skb_put(skb, sizeof(*hdr));
209
612dfce9 210 hdr->opcode = __constant_cpu_to_le16(MGMT_EV_CMD_STATUS);
4e51eae9 211 hdr->index = cpu_to_le16(index);
f7b64e69
JH		 212 hdr->len = cpu_to_le16(sizeof(*ev));
213
214 ev = (void *) skb_put(skb, sizeof(*ev));
215 ev->status = status;
eb55ef07 216 ev->opcode = cpu_to_le16(cmd);
f7b64e69 217
56b7d137
GP		 218 err = sock_queue_rcv_skb(sk, skb);
219 if (err < 0)
f7b64e69
JH		 220 kfree_skb(skb);
221
56b7d137 222 return err;
f7b64e69
JH		 223}
224
aee9b218 225static int cmd_complete(struct sock *sk, u16 index, u16 cmd, u8 status,
04124681 226 void *rp, size_t rp_len)
02d98129
JH		 227{
228 struct sk_buff *skb;
229 struct mgmt_hdr *hdr;
230 struct mgmt_ev_cmd_complete *ev;
56b7d137 231 int err;
02d98129
JH		 232
233 BT_DBG("sock %p", sk);
234
790eff44 235 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev) + rp_len, GFP_KERNEL);
02d98129
JH		 236 if (!skb)
237 return -ENOMEM;
238
239 hdr = (void *) skb_put(skb, sizeof(*hdr));
02d98129 240
612dfce9 241 hdr->opcode = __constant_cpu_to_le16(MGMT_EV_CMD_COMPLETE);
4e51eae9 242 hdr->index = cpu_to_le16(index);
a38528f1 243 hdr->len = cpu_to_le16(sizeof(*ev) + rp_len);
02d98129 244
a38528f1 245 ev = (void *) skb_put(skb, sizeof(*ev) + rp_len);
eb55ef07 246 ev->opcode = cpu_to_le16(cmd);
aee9b218 247 ev->status = status;
8020c16a
SJ		 248
249 if (rp)
250 memcpy(ev->data, rp, rp_len);
02d98129 251
56b7d137
GP		 252 err = sock_queue_rcv_skb(sk, skb);
253 if (err < 0)
02d98129
JH		 254 kfree_skb(skb);
255
e5f0e151 256 return err;
02d98129
JH		 257}
258
04124681
GP		 259static int read_version(struct sock *sk, struct hci_dev *hdev, void *data,
260 u16 data_len)
a38528f1
JH		 261{
262 struct mgmt_rp_read_version rp;
263
264 BT_DBG("sock %p", sk);
265
266 rp.version = MGMT_VERSION;
eb55ef07 267 rp.revision = __constant_cpu_to_le16(MGMT_REVISION);
a38528f1 268
aee9b218 269 return cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_VERSION, 0, &rp,
04124681 270 sizeof(rp));
a38528f1
JH		 271}
272
04124681
GP		 273static int read_commands(struct sock *sk, struct hci_dev *hdev, void *data,
274 u16 data_len)
e70bb2e8
JH		 275{
276 struct mgmt_rp_read_commands *rp;
eb55ef07
MH		 277 const u16 num_commands = ARRAY_SIZE(mgmt_commands);
278 const u16 num_events = ARRAY_SIZE(mgmt_events);
2e3c35ea 279 __le16 *opcode;
e70bb2e8
JH		 280 size_t rp_size;
281 int i, err;
282
283 BT_DBG("sock %p", sk);
284
285 rp_size = sizeof(*rp) + ((num_commands + num_events) * sizeof(u16));
286
287 rp = kmalloc(rp_size, GFP_KERNEL);
288 if (!rp)
289 return -ENOMEM;
290
eb55ef07
MH		 291 rp->num_commands = __constant_cpu_to_le16(num_commands);
292 rp->num_events = __constant_cpu_to_le16(num_events);
e70bb2e8
JH		 293
294 for (i = 0, opcode = rp->opcodes; i < num_commands; i++, opcode++)
295 put_unaligned_le16(mgmt_commands[i], opcode);
296
297 for (i = 0; i < num_events; i++, opcode++)
298 put_unaligned_le16(mgmt_events[i], opcode);
299
aee9b218 300 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_COMMANDS, 0, rp,
04124681 301 rp_size);
e70bb2e8
JH		 302 kfree(rp);
303
304 return err;
305}
306
04124681
GP		 307static int read_index_list(struct sock *sk, struct hci_dev *hdev, void *data,
308 u16 data_len)
faba42eb 309{
faba42eb 310 struct mgmt_rp_read_index_list *rp;
8035ded4 311 struct hci_dev *d;
a38528f1 312 size_t rp_len;
faba42eb 313 u16 count;
476e44cb 314 int err;
faba42eb
JH		 315
316 BT_DBG("sock %p", sk);
317
318 read_lock(&hci_dev_list_lock);
319
320 count = 0;
bb4b2a9a 321 list_for_each_entry(d, &hci_dev_list, list) {
1514b892
MH		 322 if (d->dev_type == HCI_BREDR)
323 count++;
faba42eb
JH		 324 }
325
a38528f1
JH		 326 rp_len = sizeof(*rp) + (2 * count);
327 rp = kmalloc(rp_len, GFP_ATOMIC);
328 if (!rp) {
b2c60d42 329 read_unlock(&hci_dev_list_lock);
faba42eb 330 return -ENOMEM;
b2c60d42 331 }
faba42eb 332
476e44cb 333 count = 0;
8035ded4 334 list_for_each_entry(d, &hci_dev_list, list) {
a8b2d5c2 335 if (test_bit(HCI_SETUP, &d->dev_flags))
ab81cbf9
JH		 336 continue;
337
0736cfa8
MH		 338 if (test_bit(HCI_USER_CHANNEL, &d->dev_flags))
339 continue;
340
1514b892
MH		 341 if (d->dev_type == HCI_BREDR) {
342 rp->index[count++] = cpu_to_le16(d->id);
343 BT_DBG("Added hci%u", d->id);
344 }
faba42eb
JH		 345 }
346
476e44cb
JH		 347 rp->num_controllers = cpu_to_le16(count);
348 rp_len = sizeof(*rp) + (2 * count);
349
faba42eb
JH		 350 read_unlock(&hci_dev_list_lock);
351
aee9b218 352 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_INDEX_LIST, 0, rp,
04124681 353 rp_len);
faba42eb 354
a38528f1
JH		 355 kfree(rp);
356
357 return err;
faba42eb
JH		 358}
359
69ab39ea
JH		 360static u32 get_supported_settings(struct hci_dev *hdev)
361{
362 u32 settings = 0;
363
364 settings |= MGMT_SETTING_POWERED;
69ab39ea
JH		 365 settings |= MGMT_SETTING_PAIRABLE;
366
ed3fa31f 367 if (lmp_bredr_capable(hdev)) {
33c525c0 368 settings |= MGMT_SETTING_CONNECTABLE;
1a47aee8
JH		 369 if (hdev->hci_ver >= BLUETOOTH_VER_1_2)
370 settings |= MGMT_SETTING_FAST_CONNECTABLE;
33c525c0 371 settings |= MGMT_SETTING_DISCOVERABLE;
69ab39ea
JH		 372 settings |= MGMT_SETTING_BREDR;
373 settings |= MGMT_SETTING_LINK_SECURITY;
a82974c9
MH		 374
375 if (lmp_ssp_capable(hdev)) {
376 settings |= MGMT_SETTING_SSP;
377 settings |= MGMT_SETTING_HS;
378 }
848566b3 379 }
d7b7e796 380
eeca6f89 381 if (lmp_le_capable(hdev)) {
9d42820f 382 settings |= MGMT_SETTING_LE;
eeca6f89
JH		 383 settings |= MGMT_SETTING_ADVERTISING;
384 }
69ab39ea
JH		 385
386 return settings;
387}
388
389static u32 get_current_settings(struct hci_dev *hdev)
390{
391 u32 settings = 0;
392
f1f0eb02 393 if (hdev_is_powered(hdev))
f0d4b78a
MH		 394 settings |= MGMT_SETTING_POWERED;
395
5e5282bb 396 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
69ab39ea
JH		 397 settings |= MGMT_SETTING_CONNECTABLE;
398
1a4d3c4b
JH		 399 if (test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags))
400 settings |= MGMT_SETTING_FAST_CONNECTABLE;
401
5e5282bb 402 if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
69ab39ea
JH		 403 settings |= MGMT_SETTING_DISCOVERABLE;
404
a8b2d5c2 405 if (test_bit(HCI_PAIRABLE, &hdev->dev_flags))
69ab39ea
JH		 406 settings |= MGMT_SETTING_PAIRABLE;
407
56f87901 408 if (test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
69ab39ea
JH		 409 settings |= MGMT_SETTING_BREDR;
410
06199cf8 411 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
69ab39ea
JH		 412 settings |= MGMT_SETTING_LE;
413
47990ea0 414 if (test_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
69ab39ea
JH		 415 settings |= MGMT_SETTING_LINK_SECURITY;
416
84bde9d6 417 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
69ab39ea
JH		 418 settings |= MGMT_SETTING_SSP;
419
6d80dfd0
JH		 420 if (test_bit(HCI_HS_ENABLED, &hdev->dev_flags))
421 settings |= MGMT_SETTING_HS;
422
f3d3444a 423 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags))
eeca6f89
JH		 424 settings |= MGMT_SETTING_ADVERTISING;
425
69ab39ea
JH		 426 return settings;
427}
428
ef580372
JH		 429#define PNP_INFO_SVCLASS_ID 0x1200
430
213202ed
JH		 431static u8 *create_uuid16_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
432{
433 u8 *ptr = data, *uuids_start = NULL;
434 struct bt_uuid *uuid;
435
436 if (len < 4)
437 return ptr;
438
439 list_for_each_entry(uuid, &hdev->uuids, list) {
440 u16 uuid16;
441
442 if (uuid->size != 16)
443 continue;
444
445 uuid16 = get_unaligned_le16(&uuid->uuid[12]);
446 if (uuid16 < 0x1100)
447 continue;
448
449 if (uuid16 == PNP_INFO_SVCLASS_ID)
450 continue;
451
452 if (!uuids_start) {
453 uuids_start = ptr;
454 uuids_start[0] = 1;
455 uuids_start[1] = EIR_UUID16_ALL;
456 ptr += 2;
457 }
458
459 /* Stop if not enough space to put next UUID */
460 if ((ptr - data) + sizeof(u16) > len) {
461 uuids_start[1] = EIR_UUID16_SOME;
462 break;
463 }
464
465 *ptr++ = (uuid16 & 0x00ff);
466 *ptr++ = (uuid16 & 0xff00) >> 8;
467 uuids_start[0] += sizeof(uuid16);
468 }
469
470 return ptr;
471}
472
cdf1963f
JH		 473static u8 *create_uuid32_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
474{
475 u8 *ptr = data, *uuids_start = NULL;
476 struct bt_uuid *uuid;
477
478 if (len < 6)
479 return ptr;
480
481 list_for_each_entry(uuid, &hdev->uuids, list) {
482 if (uuid->size != 32)
483 continue;
484
485 if (!uuids_start) {
486 uuids_start = ptr;
487 uuids_start[0] = 1;
488 uuids_start[1] = EIR_UUID32_ALL;
489 ptr += 2;
490 }
491
492 /* Stop if not enough space to put next UUID */
493 if ((ptr - data) + sizeof(u32) > len) {
494 uuids_start[1] = EIR_UUID32_SOME;
495 break;
496 }
497
498 memcpy(ptr, &uuid->uuid[12], sizeof(u32));
499 ptr += sizeof(u32);
500 uuids_start[0] += sizeof(u32);
501 }
502
503 return ptr;
504}
505
c00d575b
JH		 506static u8 *create_uuid128_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
507{
508 u8 *ptr = data, *uuids_start = NULL;
509 struct bt_uuid *uuid;
510
511 if (len < 18)
512 return ptr;
513
514 list_for_each_entry(uuid, &hdev->uuids, list) {
515 if (uuid->size != 128)
516 continue;
517
518 if (!uuids_start) {
519 uuids_start = ptr;
520 uuids_start[0] = 1;
521 uuids_start[1] = EIR_UUID128_ALL;
522 ptr += 2;
523 }
524
525 /* Stop if not enough space to put next UUID */
526 if ((ptr - data) + 16 > len) {
527 uuids_start[1] = EIR_UUID128_SOME;
528 break;
529 }
530
531 memcpy(ptr, uuid->uuid, 16);
532 ptr += 16;
533 uuids_start[0] += 16;
534 }
535
536 return ptr;
537}
538
eb2a8d20
JH		 539static struct pending_cmd *mgmt_pending_find(u16 opcode, struct hci_dev *hdev)
540{
541 struct pending_cmd *cmd;
542
543 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
544 if (cmd->opcode == opcode)
545 return cmd;
546 }
547
548 return NULL;
549}
550
f14d8f64
MH		 551static u8 create_scan_rsp_data(struct hci_dev *hdev, u8 *ptr)
552{
7a5f4990
MH		 553 u8 ad_len = 0;
554 size_t name_len;
555
556 name_len = strlen(hdev->dev_name);
557 if (name_len > 0) {
558 size_t max_len = HCI_MAX_AD_LENGTH - ad_len - 2;
559
560 if (name_len > max_len) {
561 name_len = max_len;
562 ptr[1] = EIR_NAME_SHORT;
563 } else
564 ptr[1] = EIR_NAME_COMPLETE;
565
566 ptr[0] = name_len + 1;
567
568 memcpy(ptr + 2, hdev->dev_name, name_len);
569
570 ad_len += (name_len + 2);
571 ptr += (name_len + 2);
572 }
573
574 return ad_len;
f14d8f64
MH		 575}
576
577static void update_scan_rsp_data(struct hci_request *req)
578{
579 struct hci_dev *hdev = req->hdev;
580 struct hci_cp_le_set_scan_rsp_data cp;
581 u8 len;
582
7751ef1b 583 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
f14d8f64
MH		 584 return;
585
586 memset(&cp, 0, sizeof(cp));
587
588 len = create_scan_rsp_data(hdev, cp.data);
589
eb438b5f
JH		 590 if (hdev->scan_rsp_data_len == len &&
591 memcmp(cp.data, hdev->scan_rsp_data, len) == 0)
f14d8f64
MH		 592 return;
593
eb438b5f
JH		 594 memcpy(hdev->scan_rsp_data, cp.data, sizeof(cp.data));
595 hdev->scan_rsp_data_len = len;
f14d8f64
MH		 596
597 cp.length = len;
598
599 hci_req_add(req, HCI_OP_LE_SET_SCAN_RSP_DATA, sizeof(cp), &cp);
600}
601
46cad2ed 602static u8 create_adv_data(struct hci_dev *hdev, u8 *ptr)
441ad2d0
MH		 603{
604 u8 ad_len = 0, flags = 0;
441ad2d0
MH		 605
606 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags))
607 flags |= LE_AD_GENERAL;
608
609 if (test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
610 if (lmp_le_br_capable(hdev))
611 flags |= LE_AD_SIM_LE_BREDR_CTRL;
612 if (lmp_host_le_br_capable(hdev))
613 flags |= LE_AD_SIM_LE_BREDR_HOST;
614 } else {
615 flags |= LE_AD_NO_BREDR;
616 }
617
618 if (flags) {
619 BT_DBG("adv flags 0x%02x", flags);
620
621 ptr[0] = 2;
622 ptr[1] = EIR_FLAGS;
623 ptr[2] = flags;
624
625 ad_len += 3;
626 ptr += 3;
627 }
628
629 if (hdev->adv_tx_power != HCI_TX_POWER_INVALID) {
630 ptr[0] = 2;
631 ptr[1] = EIR_TX_POWER;
632 ptr[2] = (u8) hdev->adv_tx_power;
633
634 ad_len += 3;
635 ptr += 3;
636 }
637
441ad2d0
MH		 638 return ad_len;
639}
640
5947f4bc 641static void update_adv_data(struct hci_request *req)
441ad2d0
MH		 642{
643 struct hci_dev *hdev = req->hdev;
644 struct hci_cp_le_set_adv_data cp;
645 u8 len;
646
10994ce6 647 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
441ad2d0
MH		 648 return;
649
650 memset(&cp, 0, sizeof(cp));
651
46cad2ed 652 len = create_adv_data(hdev, cp.data);
441ad2d0
MH		 653
654 if (hdev->adv_data_len == len &&
655 memcmp(cp.data, hdev->adv_data, len) == 0)
656 return;
657
658 memcpy(hdev->adv_data, cp.data, sizeof(cp.data));
659 hdev->adv_data_len = len;
660
661 cp.length = len;
662
663 hci_req_add(req, HCI_OP_LE_SET_ADV_DATA, sizeof(cp), &cp);
664}
665
ef580372
JH		 666static void create_eir(struct hci_dev *hdev, u8 *data)
667{
668 u8 *ptr = data;
ef580372
JH		 669 size_t name_len;
670
671 name_len = strlen(hdev->dev_name);
672
673 if (name_len > 0) {
674 /* EIR Data type */
675 if (name_len > 48) {
676 name_len = 48;
677 ptr[1] = EIR_NAME_SHORT;
678 } else
679 ptr[1] = EIR_NAME_COMPLETE;
680
681 /* EIR Data length */
682 ptr[0] = name_len + 1;
683
684 memcpy(ptr + 2, hdev->dev_name, name_len);
685
ef580372
JH		 686 ptr += (name_len + 2);
687 }
688
bbaf444a 689 if (hdev->inq_tx_power != HCI_TX_POWER_INVALID) {
91c4e9b1
MH		 690 ptr[0] = 2;
691 ptr[1] = EIR_TX_POWER;
692 ptr[2] = (u8) hdev->inq_tx_power;
693
91c4e9b1
MH		 694 ptr += 3;
695 }
696
2b9be137
MH		 697 if (hdev->devid_source > 0) {
698 ptr[0] = 9;
699 ptr[1] = EIR_DEVICE_ID;
700
701 put_unaligned_le16(hdev->devid_source, ptr + 2);
702 put_unaligned_le16(hdev->devid_vendor, ptr + 4);
703 put_unaligned_le16(hdev->devid_product, ptr + 6);
704 put_unaligned_le16(hdev->devid_version, ptr + 8);
705
2b9be137
MH		 706 ptr += 10;
707 }
708
213202ed 709 ptr = create_uuid16_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
cdf1963f 710 ptr = create_uuid32_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
c00d575b 711 ptr = create_uuid128_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
ef580372
JH		 712}
713
890ea898 714static void update_eir(struct hci_request *req)
ef580372 715{
890ea898 716 struct hci_dev *hdev = req->hdev;
ef580372
JH		 717 struct hci_cp_write_eir cp;
718
504c8dcd 719 if (!hdev_is_powered(hdev))
890ea898 720 return;
7770c4aa 721
976eb20e 722 if (!lmp_ext_inq_capable(hdev))
890ea898 723 return;
ef580372 724
84bde9d6 725 if (!test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
890ea898 726 return;
ef580372 727
a8b2d5c2 728 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
890ea898 729 return;
ef580372
JH		 730
731 memset(&cp, 0, sizeof(cp));
732
733 create_eir(hdev, cp.data);
734
735 if (memcmp(cp.data, hdev->eir, sizeof(cp.data)) == 0)
890ea898 736 return;
ef580372
JH		 737
738 memcpy(hdev->eir, cp.data, sizeof(cp.data));
739
890ea898 740 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
ef580372
JH		 741}
742
743static u8 get_service_classes(struct hci_dev *hdev)
744{
745 struct bt_uuid *uuid;
746 u8 val = 0;
747
748 list_for_each_entry(uuid, &hdev->uuids, list)
749 val |= uuid->svc_hint;
750
751 return val;
752}
753
890ea898 754static void update_class(struct hci_request *req)
ef580372 755{
890ea898 756 struct hci_dev *hdev = req->hdev;
ef580372
JH		 757 u8 cod[3];
758
759 BT_DBG("%s", hdev->name);
760
504c8dcd 761 if (!hdev_is_powered(hdev))
890ea898 762 return;
7770c4aa 763
f87ea1da
JH		 764 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
765 return;
766
a8b2d5c2 767 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
890ea898 768 return;
ef580372
JH		 769
770 cod[0] = hdev->minor_class;
771 cod[1] = hdev->major_class;
772 cod[2] = get_service_classes(hdev);
773
6acd7db4
MH		 774 if (test_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags))
775 cod[1] |= 0x20;
776
ef580372 777 if (memcmp(cod, hdev->dev_class, 3) == 0)
890ea898 778 return;
ef580372 779
890ea898 780 hci_req_add(req, HCI_OP_WRITE_CLASS_OF_DEV, sizeof(cod), cod);
ef580372
JH		 781}
782
7d78525d
JH		 783static void service_cache_off(struct work_struct *work)
784{
785 struct hci_dev *hdev = container_of(work, struct hci_dev,
04124681 786 service_cache.work);
890ea898 787 struct hci_request req;
7d78525d 788
a8b2d5c2 789 if (!test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
7d78525d
JH		 790 return;
791
890ea898
JH		 792 hci_req_init(&req, hdev);
793
7d78525d
JH		 794 hci_dev_lock(hdev);
795
890ea898
JH		 796 update_eir(&req);
797 update_class(&req);
7d78525d
JH		 798
799 hci_dev_unlock(hdev);
890ea898
JH		 800
801 hci_req_run(&req, NULL);
7d78525d
JH		 802}
803
6a919082 804static void mgmt_init_hdev(struct sock *sk, struct hci_dev *hdev)
7d78525d 805{
4f87da80 806 if (test_and_set_bit(HCI_MGMT, &hdev->dev_flags))
6a919082
JH		 807 return;
808
4f87da80 809 INIT_DELAYED_WORK(&hdev->service_cache, service_cache_off);
7d78525d 810
4f87da80
JH		 811 /* Non-mgmt controlled devices get this bit set
812 * implicitly so that pairing works for them, however
813 * for mgmt we require user-space to explicitly enable
814 * it
815 */
816 clear_bit(HCI_PAIRABLE, &hdev->dev_flags);
7d78525d
JH		 817}
818
0f4e68cf 819static int read_controller_info(struct sock *sk, struct hci_dev *hdev,
04124681 820 void *data, u16 data_len)
0381101f 821{
a38528f1 822 struct mgmt_rp_read_info rp;
f7b64e69 823
bdb6d971 824 BT_DBG("sock %p %s", sk, hdev->name);
f7b64e69 825
09fd0de5 826 hci_dev_lock(hdev);
f7b64e69 827
dc4fe30b
JH		 828 memset(&rp, 0, sizeof(rp));
829
69ab39ea 830 bacpy(&rp.bdaddr, &hdev->bdaddr);
f7b64e69 831
69ab39ea 832 rp.version = hdev->hci_ver;
eb55ef07 833 rp.manufacturer = cpu_to_le16(hdev->manufacturer);
69ab39ea
JH		 834
835 rp.supported_settings = cpu_to_le32(get_supported_settings(hdev));
836 rp.current_settings = cpu_to_le32(get_current_settings(hdev));
f7b64e69 837
a38528f1 838 memcpy(rp.dev_class, hdev->dev_class, 3);
f7b64e69 839
dc4fe30b 840 memcpy(rp.name, hdev->dev_name, sizeof(hdev->dev_name));
27fcc362 841 memcpy(rp.short_name, hdev->short_name, sizeof(hdev->short_name));
dc4fe30b 842
09fd0de5 843 hci_dev_unlock(hdev);
0381101f 844
bdb6d971 845 return cmd_complete(sk, hdev->id, MGMT_OP_READ_INFO, 0, &rp,
04124681 846 sizeof(rp));
0381101f
JH		 847}
848
eec8d2bc
JH		 849static void mgmt_pending_free(struct pending_cmd *cmd)
850{
851 sock_put(cmd->sk);
c68fb7ff 852 kfree(cmd->param);
eec8d2bc
JH		 853 kfree(cmd);
854}
855
366a0336 856static struct pending_cmd *mgmt_pending_add(struct sock *sk, u16 opcode,
04124681
GP		 857 struct hci_dev *hdev, void *data,
858 u16 len)
eec8d2bc
JH		 859{
860 struct pending_cmd *cmd;
861
12b94565 862 cmd = kmalloc(sizeof(*cmd), GFP_KERNEL);
eec8d2bc 863 if (!cmd)
366a0336 864 return NULL;
eec8d2bc
JH		 865
866 cmd->opcode = opcode;
2e58ef3e 867 cmd->index = hdev->id;
eec8d2bc 868
12b94565 869 cmd->param = kmalloc(len, GFP_KERNEL);
c68fb7ff 870 if (!cmd->param) {
eec8d2bc 871 kfree(cmd);
366a0336 872 return NULL;
eec8d2bc
JH		 873 }
874
8fce6357
SJ		 875 if (data)
876 memcpy(cmd->param, data, len);
eec8d2bc
JH		 877
878 cmd->sk = sk;
879 sock_hold(sk);
880
2e58ef3e 881 list_add(&cmd->list, &hdev->mgmt_pending);
eec8d2bc 882
366a0336 883 return cmd;
eec8d2bc
JH		 884}
885
744cf19e 886static void mgmt_pending_foreach(u16 opcode, struct hci_dev *hdev,
8fc9ced3
GP		 887 void (*cb)(struct pending_cmd *cmd,
888 void *data),
04124681 889 void *data)
eec8d2bc 890{
a3d09356 891 struct pending_cmd *cmd, *tmp;
eec8d2bc 892
a3d09356 893 list_for_each_entry_safe(cmd, tmp, &hdev->mgmt_pending, list) {
b24752fe 894 if (opcode > 0 && cmd->opcode != opcode)
eec8d2bc
JH		 895 continue;
896
eec8d2bc
JH		 897 cb(cmd, data);
898 }
899}
900
a664b5bc 901static void mgmt_pending_remove(struct pending_cmd *cmd)
73f22f62 902{
73f22f62
JH		 903 list_del(&cmd->list);
904 mgmt_pending_free(cmd);
905}
906
69ab39ea 907static int send_settings_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
8680570b 908{
69ab39ea 909 __le32 settings = cpu_to_le32(get_current_settings(hdev));
8680570b 910
aee9b218 911 return cmd_complete(sk, hdev->id, opcode, 0, &settings,
04124681 912 sizeof(settings));
8680570b
JH		 913}
914
bdb6d971 915static int set_powered(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 916 u16 len)
eec8d2bc 917{
650f726d 918 struct mgmt_mode *cp = data;
366a0336 919 struct pending_cmd *cmd;
4b34ee78 920 int err;
eec8d2bc 921
bdb6d971 922 BT_DBG("request for %s", hdev->name);
eec8d2bc 923
a7e80f25
JH		 924 if (cp->val != 0x00 && cp->val != 0x01)
925 return cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
926 MGMT_STATUS_INVALID_PARAMS);
927
09fd0de5 928 hci_dev_lock(hdev);
eec8d2bc 929
87b95ba6
JH		 930 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev)) {
931 err = cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
932 MGMT_STATUS_BUSY);
933 goto failed;
934 }
935
f0d4b78a
MH		 936 if (test_and_clear_bit(HCI_AUTO_OFF, &hdev->dev_flags)) {
937 cancel_delayed_work(&hdev->power_off);
938
939 if (cp->val) {
a1d70450
JH		 940 mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev,
941 data, len);
942 err = mgmt_powered(hdev, 1);
f0d4b78a
MH		 943 goto failed;
944 }
945 }
946
4b34ee78 947 if (!!cp->val == hdev_is_powered(hdev)) {
69ab39ea 948 err = send_settings_rsp(sk, MGMT_OP_SET_POWERED, hdev);
eec8d2bc
JH		 949 goto failed;
950 }
951
2e58ef3e 952 cmd = mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev, data, len);
366a0336
JH		 953 if (!cmd) {
954 err = -ENOMEM;
eec8d2bc 955 goto failed;
366a0336 956 }
eec8d2bc 957
72a734ec 958 if (cp->val)
19202573 959 queue_work(hdev->req_workqueue, &hdev->power_on);
eec8d2bc 960 else
19202573 961 queue_work(hdev->req_workqueue, &hdev->power_off.work);
eec8d2bc 962
366a0336 963 err = 0;
eec8d2bc
JH		 964
965failed:
09fd0de5 966 hci_dev_unlock(hdev);
366a0336 967 return err;
eec8d2bc
JH		 968}
969
04124681
GP		 970static int mgmt_event(u16 event, struct hci_dev *hdev, void *data, u16 data_len,
971 struct sock *skip_sk)
beadb2bd
JH		 972{
973 struct sk_buff *skb;
974 struct mgmt_hdr *hdr;
975
790eff44 976 skb = alloc_skb(sizeof(*hdr) + data_len, GFP_KERNEL);
beadb2bd
JH		 977 if (!skb)
978 return -ENOMEM;
979
980 hdr = (void *) skb_put(skb, sizeof(*hdr));
981 hdr->opcode = cpu_to_le16(event);
982 if (hdev)
983 hdr->index = cpu_to_le16(hdev->id);
984 else
612dfce9 985 hdr->index = __constant_cpu_to_le16(MGMT_INDEX_NONE);
beadb2bd
JH		 986 hdr->len = cpu_to_le16(data_len);
987
988 if (data)
989 memcpy(skb_put(skb, data_len), data, data_len);
990
97e0bdeb
MH		 991 /* Time stamp */
992 __net_timestamp(skb);
993
beadb2bd
JH		 994 hci_send_to_control(skb, skip_sk);
995 kfree_skb(skb);
996
997 return 0;
998}
999
1000static int new_settings(struct hci_dev *hdev, struct sock *skip)
1001{
1002 __le32 ev;
1003
1004 ev = cpu_to_le32(get_current_settings(hdev));
1005
1006 return mgmt_event(MGMT_EV_NEW_SETTINGS, hdev, &ev, sizeof(ev), skip);
1007}
1008
bd99abdd
JH		 1009struct cmd_lookup {
1010 struct sock *sk;
1011 struct hci_dev *hdev;
1012 u8 mgmt_status;
1013};
1014
1015static void settings_rsp(struct pending_cmd *cmd, void *data)
1016{
1017 struct cmd_lookup *match = data;
1018
1019 send_settings_rsp(cmd->sk, cmd->opcode, match->hdev);
1020
1021 list_del(&cmd->list);
1022
1023 if (match->sk == NULL) {
1024 match->sk = cmd->sk;
1025 sock_hold(match->sk);
1026 }
1027
1028 mgmt_pending_free(cmd);
1029}
1030
1031static void cmd_status_rsp(struct pending_cmd *cmd, void *data)
1032{
1033 u8 *status = data;
1034
1035 cmd_status(cmd->sk, cmd->index, cmd->opcode, *status);
1036 mgmt_pending_remove(cmd);
1037}
1038
e6fe7986
JH		 1039static u8 mgmt_bredr_support(struct hci_dev *hdev)
1040{
1041 if (!lmp_bredr_capable(hdev))
1042 return MGMT_STATUS_NOT_SUPPORTED;
1043 else if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
1044 return MGMT_STATUS_REJECTED;
1045 else
1046 return MGMT_STATUS_SUCCESS;
1047}
1048
1049static u8 mgmt_le_support(struct hci_dev *hdev)
1050{
1051 if (!lmp_le_capable(hdev))
1052 return MGMT_STATUS_NOT_SUPPORTED;
1053 else if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
1054 return MGMT_STATUS_REJECTED;
1055 else
1056 return MGMT_STATUS_SUCCESS;
1057}
1058
bfaf8c9f
JH		 1059static void set_discoverable_complete(struct hci_dev *hdev, u8 status)
1060{
1061 struct pending_cmd *cmd;
1062 struct mgmt_mode *cp;
970ba524 1063 struct hci_request req;
bfaf8c9f
JH		 1064 bool changed;
1065
1066 BT_DBG("status 0x%02x", status);
1067
1068 hci_dev_lock(hdev);
1069
1070 cmd = mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev);
1071 if (!cmd)
1072 goto unlock;
1073
1074 if (status) {
1075 u8 mgmt_err = mgmt_status(status);
1076 cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
310a3d48 1077 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
bfaf8c9f
JH		 1078 goto remove_cmd;
1079 }
1080
1081 cp = cmd->param;
d4462a07 1082 if (cp->val) {
bfaf8c9f
JH		 1083 changed = !test_and_set_bit(HCI_DISCOVERABLE,
1084 &hdev->dev_flags);
d4462a07
MH		 1085
1086 if (hdev->discov_timeout > 0) {
1087 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
1088 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
1089 to);
1090 }
1091 } else {
bfaf8c9f
JH		 1092 changed = test_and_clear_bit(HCI_DISCOVERABLE,
1093 &hdev->dev_flags);
d4462a07 1094 }
bfaf8c9f
JH		 1095
1096 send_settings_rsp(cmd->sk, MGMT_OP_SET_DISCOVERABLE, hdev);
1097
1098 if (changed)
1099 new_settings(hdev, cmd->sk);
1100
970ba524
MH		 1101 /* When the discoverable mode gets changed, make sure
1102 * that class of device has the limited discoverable
1103 * bit correctly set.
1104 */
1105 hci_req_init(&req, hdev);
1106 update_class(&req);
1107 hci_req_run(&req, NULL);
1108
bfaf8c9f
JH		 1109remove_cmd:
1110 mgmt_pending_remove(cmd);
1111
1112unlock:
1113 hci_dev_unlock(hdev);
1114}
1115
bdb6d971 1116static int set_discoverable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1117 u16 len)
73f22f62 1118{
650f726d 1119 struct mgmt_cp_set_discoverable *cp = data;
366a0336 1120 struct pending_cmd *cmd;
bfaf8c9f 1121 struct hci_request req;
5e5282bb 1122 u16 timeout;
e6fe7986 1123 u8 scan, status;
73f22f62
JH		 1124 int err;
1125
bdb6d971 1126 BT_DBG("request for %s", hdev->name);
73f22f62 1127
e6fe7986
JH		 1128 status = mgmt_bredr_support(hdev);
1129 if (status)
33c525c0 1130 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
e6fe7986 1131 status);
33c525c0 1132
310a3d48 1133 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
a7e80f25
JH		 1134 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1135 MGMT_STATUS_INVALID_PARAMS);
1136
1f350c87 1137 timeout = __le16_to_cpu(cp->timeout);
310a3d48
MH		 1138
1139 /* Disabling discoverable requires that no timeout is set,
1140 * and enabling limited discoverable requires a timeout.
1141 */
1142 if ((cp->val == 0x00 && timeout > 0) ||
1143 (cp->val == 0x02 && timeout == 0))
bdb6d971 1144 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 1145 MGMT_STATUS_INVALID_PARAMS);
73f22f62 1146
09fd0de5 1147 hci_dev_lock(hdev);
73f22f62 1148
5e5282bb 1149 if (!hdev_is_powered(hdev) && timeout > 0) {
bdb6d971 1150 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 1151 MGMT_STATUS_NOT_POWERED);
73f22f62
JH		 1152 goto failed;
1153 }
1154
2e58ef3e 1155 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
8ce8e2b5 1156 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
bdb6d971 1157 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 1158 MGMT_STATUS_BUSY);
73f22f62
JH		 1159 goto failed;
1160 }
1161
5e5282bb 1162 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags)) {
bdb6d971 1163 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 1164 MGMT_STATUS_REJECTED);
5e5282bb
JH		 1165 goto failed;
1166 }
1167
1168 if (!hdev_is_powered(hdev)) {
0224d2fa
JH		 1169 bool changed = false;
1170
310a3d48
MH		 1171 /* Setting limited discoverable when powered off is
1172 * not a valid operation since it requires a timeout
1173 * and so no need to check HCI_LIMITED_DISCOVERABLE.
1174 */
0224d2fa
JH		 1175 if (!!cp->val != test_bit(HCI_DISCOVERABLE, &hdev->dev_flags)) {
1176 change_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
1177 changed = true;
1178 }
1179
5e5282bb 1180 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
0224d2fa
JH		 1181 if (err < 0)
1182 goto failed;
1183
1184 if (changed)
1185 err = new_settings(hdev, sk);
1186
5e5282bb
JH		 1187 goto failed;
1188 }
1189
310a3d48
MH		 1190 /* If the current mode is the same, then just update the timeout
1191 * value with the new value. And if only the timeout gets updated,
1192 * then no need for any HCI transactions.
1193 */
1194 if (!!cp->val == test_bit(HCI_DISCOVERABLE, &hdev->dev_flags) &&
1195 (cp->val == 0x02) == test_bit(HCI_LIMITED_DISCOVERABLE,
1196 &hdev->dev_flags)) {
36261547
MH		 1197 cancel_delayed_work(&hdev->discov_off);
1198 hdev->discov_timeout = timeout;
955638ec 1199
36261547
MH		 1200 if (cp->val && hdev->discov_timeout > 0) {
1201 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
955638ec 1202 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
36261547 1203 to);
955638ec
MH		 1204 }
1205
69ab39ea 1206 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
73f22f62
JH		 1207 goto failed;
1208 }
1209
2e58ef3e 1210 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DISCOVERABLE, hdev, data, len);
366a0336
JH		 1211 if (!cmd) {
1212 err = -ENOMEM;
73f22f62 1213 goto failed;
366a0336 1214 }
73f22f62 1215
310a3d48
MH		 1216 /* Cancel any potential discoverable timeout that might be
1217 * still active and store new timeout value. The arming of
1218 * the timeout happens in the complete handler.
1219 */
1220 cancel_delayed_work(&hdev->discov_off);
1221 hdev->discov_timeout = timeout;
1222
b456f87c
JH		 1223 /* Limited discoverable mode */
1224 if (cp->val == 0x02)
1225 set_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
1226 else
1227 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
1228
bfaf8c9f
JH		 1229 hci_req_init(&req, hdev);
1230
73f22f62
JH		 1231 scan = SCAN_PAGE;
1232
310a3d48
MH		 1233 if (cp->val) {
1234 struct hci_cp_write_current_iac_lap hci_cp;
1235
1236 if (cp->val == 0x02) {
1237 /* Limited discoverable mode */
310a3d48
MH		 1238 hci_cp.num_iac = 2;
1239 hci_cp.iac_lap[0] = 0x00; /* LIAC */
1240 hci_cp.iac_lap[1] = 0x8b;
1241 hci_cp.iac_lap[2] = 0x9e;
1242 hci_cp.iac_lap[3] = 0x33; /* GIAC */
1243 hci_cp.iac_lap[4] = 0x8b;
1244 hci_cp.iac_lap[5] = 0x9e;
1245 } else {
1246 /* General discoverable mode */
310a3d48
MH		 1247 hci_cp.num_iac = 1;
1248 hci_cp.iac_lap[0] = 0x33; /* GIAC */
1249 hci_cp.iac_lap[1] = 0x8b;
1250 hci_cp.iac_lap[2] = 0x9e;
1251 }
1252
1253 hci_req_add(&req, HCI_OP_WRITE_CURRENT_IAC_LAP,
1254 (hci_cp.num_iac * 3) + 1, &hci_cp);
1255
73f22f62 1256 scan |= SCAN_INQUIRY;
310a3d48
MH		 1257 } else {
1258 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
1259 }
73f22f62 1260
310a3d48 1261 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, sizeof(scan), &scan);
bfaf8c9f
JH		 1262
1263 err = hci_req_run(&req, set_discoverable_complete);
73f22f62 1264 if (err < 0)
a664b5bc 1265 mgmt_pending_remove(cmd);
73f22f62
JH		 1266
1267failed:
09fd0de5 1268 hci_dev_unlock(hdev);
73f22f62
JH		 1269 return err;
1270}
1271
406d7804
JH		 1272static void write_fast_connectable(struct hci_request *req, bool enable)
1273{
bd98b996 1274 struct hci_dev *hdev = req->hdev;
406d7804
JH		 1275 struct hci_cp_write_page_scan_activity acp;
1276 u8 type;
1277
4c01f8b8
JH		 1278 if (hdev->hci_ver < BLUETOOTH_VER_1_2)
1279 return;
1280
406d7804
JH		 1281 if (enable) {
1282 type = PAGE_SCAN_TYPE_INTERLACED;
1283
1284 /* 160 msec page scan interval */
1285 acp.interval = __constant_cpu_to_le16(0x0100);
1286 } else {
1287 type = PAGE_SCAN_TYPE_STANDARD; /* default */
1288
1289 /* default 1.28 sec page scan */
1290 acp.interval = __constant_cpu_to_le16(0x0800);
1291 }
1292
1293 acp.window = __constant_cpu_to_le16(0x0012);
1294
bd98b996
JH		 1295 if (__cpu_to_le16(hdev->page_scan_interval) != acp.interval ||
1296 __cpu_to_le16(hdev->page_scan_window) != acp.window)
1297 hci_req_add(req, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY,
1298 sizeof(acp), &acp);
1299
1300 if (hdev->page_scan_type != type)
1301 hci_req_add(req, HCI_OP_WRITE_PAGE_SCAN_TYPE, 1, &type);
406d7804
JH		 1302}
1303
1987fdc7
JH		 1304static u8 get_adv_type(struct hci_dev *hdev)
1305{
1306 struct pending_cmd *cmd;
1307 bool connectable;
1308
1309 /* If there's a pending mgmt command the flag will not yet have
1310 * it's final value, so check for this first.
1311 */
1312 cmd = mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
1313 if (cmd) {
1314 struct mgmt_mode *cp = cmd->param;
1315 connectable = !!cp->val;
1316 } else {
1317 connectable = test_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1318 }
1319
1320 return connectable ? LE_ADV_IND : LE_ADV_NONCONN_IND;
1321}
1322
95c66e75
JH		 1323static void enable_advertising(struct hci_request *req)
1324{
1325 struct hci_dev *hdev = req->hdev;
1326 struct hci_cp_le_set_adv_param cp;
1327 u8 enable = 0x01;
1328
1329 memset(&cp, 0, sizeof(cp));
1330 cp.min_interval = __constant_cpu_to_le16(0x0800);
1331 cp.max_interval = __constant_cpu_to_le16(0x0800);
1987fdc7 1332 cp.type = get_adv_type(hdev);
79830f66 1333 cp.own_address_type = hdev->own_addr_type;
95c66e75
JH		 1334 cp.channel_map = 0x07;
1335
1336 hci_req_add(req, HCI_OP_LE_SET_ADV_PARAM, sizeof(cp), &cp);
1337
1338 hci_req_add(req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable), &enable);
1339}
1340
1341static void disable_advertising(struct hci_request *req)
1342{
1343 u8 enable = 0x00;
1344
1345 hci_req_add(req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable), &enable);
1346}
1347
2b76f453
JH		 1348static void set_connectable_complete(struct hci_dev *hdev, u8 status)
1349{
1350 struct pending_cmd *cmd;
d7b856f9
JH		 1351 struct mgmt_mode *cp;
1352 bool changed;
2b76f453
JH		 1353
1354 BT_DBG("status 0x%02x", status);
1355
1356 hci_dev_lock(hdev);
1357
1358 cmd = mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
1359 if (!cmd)
1360 goto unlock;
1361
37438c1f
JH		 1362 if (status) {
1363 u8 mgmt_err = mgmt_status(status);
1364 cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
1365 goto remove_cmd;
1366 }
1367
d7b856f9
JH		 1368 cp = cmd->param;
1369 if (cp->val)
1370 changed = !test_and_set_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1371 else
1372 changed = test_and_clear_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1373
2b76f453
JH		 1374 send_settings_rsp(cmd->sk, MGMT_OP_SET_CONNECTABLE, hdev);
1375
d7b856f9
JH		 1376 if (changed)
1377 new_settings(hdev, cmd->sk);
1378
37438c1f 1379remove_cmd:
2b76f453
JH		 1380 mgmt_pending_remove(cmd);
1381
1382unlock:
1383 hci_dev_unlock(hdev);
1384}
1385
e8ba3a1f
JH		 1386static int set_connectable_update_settings(struct hci_dev *hdev,
1387 struct sock *sk, u8 val)
1388{
1389 bool changed = false;
1390 int err;
1391
1392 if (!!val != test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
1393 changed = true;
1394
1395 if (val) {
1396 set_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1397 } else {
1398 clear_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1399 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
1400 }
1401
1402 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
1403 if (err < 0)
1404 return err;
1405
1406 if (changed)
1407 return new_settings(hdev, sk);
1408
1409 return 0;
1410}
1411
bdb6d971 1412static int set_connectable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1413 u16 len)
9fbcbb45 1414{
650f726d 1415 struct mgmt_mode *cp = data;
366a0336 1416 struct pending_cmd *cmd;
2b76f453 1417 struct hci_request req;
1987fdc7 1418 u8 scan;
9fbcbb45
JH		 1419 int err;
1420
bdb6d971 1421 BT_DBG("request for %s", hdev->name);
9fbcbb45 1422
1987fdc7
JH		 1423 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags) &&
1424 !test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
33c525c0 1425 return cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1987fdc7 1426 MGMT_STATUS_REJECTED);
33c525c0 1427
a7e80f25
JH		 1428 if (cp->val != 0x00 && cp->val != 0x01)
1429 return cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1430 MGMT_STATUS_INVALID_PARAMS);
1431
09fd0de5 1432 hci_dev_lock(hdev);
9fbcbb45 1433
4b34ee78 1434 if (!hdev_is_powered(hdev)) {
e8ba3a1f 1435 err = set_connectable_update_settings(hdev, sk, cp->val);
9fbcbb45
JH		 1436 goto failed;
1437 }
1438
2e58ef3e 1439 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
8ce8e2b5 1440 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
bdb6d971 1441 err = cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
04124681 1442 MGMT_STATUS_BUSY);
9fbcbb45
JH		 1443 goto failed;
1444 }
1445
2e58ef3e 1446 cmd = mgmt_pending_add(sk, MGMT_OP_SET_CONNECTABLE, hdev, data, len);
366a0336
JH		 1447 if (!cmd) {
1448 err = -ENOMEM;
9fbcbb45 1449 goto failed;
366a0336 1450 }
9fbcbb45 1451
9b74246f 1452 hci_req_init(&req, hdev);
9fbcbb45 1453
9b74246f
JH		 1454 if (test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags) &&
1455 cp->val != test_bit(HCI_PSCAN, &hdev->flags)) {
9b74246f
JH		 1456 if (cp->val) {
1457 scan = SCAN_PAGE;
1458 } else {
1459 scan = 0;
1460
1461 if (test_bit(HCI_ISCAN, &hdev->flags) &&
8d6083fe 1462 hdev->discov_timeout > 0)
9b74246f
JH		 1463 cancel_delayed_work(&hdev->discov_off);
1464 }
2b76f453 1465
9b74246f
JH		 1466 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1467 }
2b76f453 1468
4c01f8b8
JH		 1469 /* If we're going from non-connectable to connectable or
1470 * vice-versa when fast connectable is enabled ensure that fast
1471 * connectable gets disabled. write_fast_connectable won't do
1472 * anything if the page scan parameters are already what they
1473 * should be.
1474 */
1475 if (cp->val || test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags))
e36a3769
JH		 1476 write_fast_connectable(&req, false);
1477
1987fdc7
JH		 1478 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags) &&
1479 hci_conn_num(hdev, LE_LINK) == 0) {
1480 disable_advertising(&req);
1481 enable_advertising(&req);
1482 }
1483
2b76f453 1484 err = hci_req_run(&req, set_connectable_complete);
9b74246f 1485 if (err < 0) {
a664b5bc 1486 mgmt_pending_remove(cmd);
9b74246f 1487 if (err == -ENODATA)
a81070ba
JH		 1488 err = set_connectable_update_settings(hdev, sk,
1489 cp->val);
9b74246f
JH		 1490 goto failed;
1491 }
9fbcbb45
JH		 1492
1493failed:
09fd0de5 1494 hci_dev_unlock(hdev);
9fbcbb45
JH		 1495 return err;
1496}
1497
bdb6d971 1498static int set_pairable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1499 u16 len)
c542a06c 1500{
650f726d 1501 struct mgmt_mode *cp = data;
55594356 1502 bool changed;
c542a06c
JH		 1503 int err;
1504
bdb6d971 1505 BT_DBG("request for %s", hdev->name);
c542a06c 1506
a7e80f25
JH		 1507 if (cp->val != 0x00 && cp->val != 0x01)
1508 return cmd_status(sk, hdev->id, MGMT_OP_SET_PAIRABLE,
1509 MGMT_STATUS_INVALID_PARAMS);
1510
09fd0de5 1511 hci_dev_lock(hdev);
c542a06c
JH		 1512
1513 if (cp->val)
55594356 1514 changed = !test_and_set_bit(HCI_PAIRABLE, &hdev->dev_flags);
c542a06c 1515 else
55594356 1516 changed = test_and_clear_bit(HCI_PAIRABLE, &hdev->dev_flags);
c542a06c 1517
69ab39ea 1518 err = send_settings_rsp(sk, MGMT_OP_SET_PAIRABLE, hdev);
c542a06c 1519 if (err < 0)
55594356 1520 goto unlock;
c542a06c 1521
55594356
MH		 1522 if (changed)
1523 err = new_settings(hdev, sk);
c542a06c 1524
55594356 1525unlock:
09fd0de5 1526 hci_dev_unlock(hdev);
c542a06c
JH		 1527 return err;
1528}
1529
04124681
GP		 1530static int set_link_security(struct sock *sk, struct hci_dev *hdev, void *data,
1531 u16 len)
33ef95ed
JH		 1532{
1533 struct mgmt_mode *cp = data;
1534 struct pending_cmd *cmd;
e6fe7986 1535 u8 val, status;
33ef95ed
JH		 1536 int err;
1537
bdb6d971 1538 BT_DBG("request for %s", hdev->name);
33ef95ed 1539
e6fe7986
JH		 1540 status = mgmt_bredr_support(hdev);
1541 if (status)
33c525c0 1542 return cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
e6fe7986 1543 status);
33c525c0 1544
a7e80f25
JH		 1545 if (cp->val != 0x00 && cp->val != 0x01)
1546 return cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1547 MGMT_STATUS_INVALID_PARAMS);
1548
33ef95ed
JH		 1549 hci_dev_lock(hdev);
1550
4b34ee78 1551 if (!hdev_is_powered(hdev)) {
47990ea0
JH		 1552 bool changed = false;
1553
1554 if (!!cp->val != test_bit(HCI_LINK_SECURITY,
8ce8e2b5 1555 &hdev->dev_flags)) {
47990ea0
JH		 1556 change_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
1557 changed = true;
1558 }
1559
1560 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1561 if (err < 0)
1562 goto failed;
1563
1564 if (changed)
1565 err = new_settings(hdev, sk);
1566
33ef95ed
JH		 1567 goto failed;
1568 }
1569
1570 if (mgmt_pending_find(MGMT_OP_SET_LINK_SECURITY, hdev)) {
bdb6d971 1571 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
04124681 1572 MGMT_STATUS_BUSY);
33ef95ed
JH		 1573 goto failed;
1574 }
1575
1576 val = !!cp->val;
1577
1578 if (test_bit(HCI_AUTH, &hdev->flags) == val) {
1579 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1580 goto failed;
1581 }
1582
1583 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LINK_SECURITY, hdev, data, len);
1584 if (!cmd) {
1585 err = -ENOMEM;
1586 goto failed;
1587 }
1588
1589 err = hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE, sizeof(val), &val);
1590 if (err < 0) {
1591 mgmt_pending_remove(cmd);
1592 goto failed;
1593 }
1594
1595failed:
1596 hci_dev_unlock(hdev);
33ef95ed
JH		 1597 return err;
1598}
1599
bdb6d971 1600static int set_ssp(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
ed2c4ee3
JH		 1601{
1602 struct mgmt_mode *cp = data;
1603 struct pending_cmd *cmd;
72ef0c1a 1604 u8 status;
ed2c4ee3
JH		 1605 int err;
1606
bdb6d971 1607 BT_DBG("request for %s", hdev->name);
ed2c4ee3 1608
cdba5281
MH		 1609 status = mgmt_bredr_support(hdev);
1610 if (status)
1611 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP, status);
1612
13ecd8b6
JH		 1613 if (!lmp_ssp_capable(hdev))
1614 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1615 MGMT_STATUS_NOT_SUPPORTED);
ed2c4ee3 1616
a7e80f25
JH		 1617 if (cp->val != 0x00 && cp->val != 0x01)
1618 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1619 MGMT_STATUS_INVALID_PARAMS);
1620
13ecd8b6 1621 hci_dev_lock(hdev);
6c8f12c1 1622
4b34ee78 1623 if (!hdev_is_powered(hdev)) {
9ecb3e24 1624 bool changed;
c0ecddc2 1625
9ecb3e24
MH		 1626 if (cp->val) {
1627 changed = !test_and_set_bit(HCI_SSP_ENABLED,
1628 &hdev->dev_flags);
1629 } else {
1630 changed = test_and_clear_bit(HCI_SSP_ENABLED,
1631 &hdev->dev_flags);
1632 if (!changed)
1633 changed = test_and_clear_bit(HCI_HS_ENABLED,
1634 &hdev->dev_flags);
1635 else
1636 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
c0ecddc2
JH		 1637 }
1638
1639 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1640 if (err < 0)
1641 goto failed;
1642
1643 if (changed)
1644 err = new_settings(hdev, sk);
1645
ed2c4ee3
JH		 1646 goto failed;
1647 }
1648
9ecb3e24
MH		 1649 if (mgmt_pending_find(MGMT_OP_SET_SSP, hdev) ||
1650 mgmt_pending_find(MGMT_OP_SET_HS, hdev)) {
d97dcb66
SJ		 1651 err = cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1652 MGMT_STATUS_BUSY);
ed2c4ee3
JH		 1653 goto failed;
1654 }
1655
72ef0c1a 1656 if (!!cp->val == test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) {
ed2c4ee3
JH		 1657 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1658 goto failed;
1659 }
1660
1661 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SSP, hdev, data, len);
1662 if (!cmd) {
1663 err = -ENOMEM;
1664 goto failed;
1665 }
1666
72ef0c1a 1667 err = hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, 1, &cp->val);
ed2c4ee3
JH		 1668 if (err < 0) {
1669 mgmt_pending_remove(cmd);
1670 goto failed;
1671 }
1672
1673failed:
1674 hci_dev_unlock(hdev);
ed2c4ee3
JH		 1675 return err;
1676}
1677
bdb6d971 1678static int set_hs(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
6d80dfd0
JH		 1679{
1680 struct mgmt_mode *cp = data;
ee392693 1681 bool changed;
e6fe7986 1682 u8 status;
ee392693 1683 int err;
6d80dfd0 1684
bdb6d971 1685 BT_DBG("request for %s", hdev->name);
6d80dfd0 1686
e6fe7986
JH		 1687 status = mgmt_bredr_support(hdev);
1688 if (status)
1689 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS, status);
6d80dfd0 1690
9ecb3e24
MH		 1691 if (!lmp_ssp_capable(hdev))
1692 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1693 MGMT_STATUS_NOT_SUPPORTED);
1694
1695 if (!test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
1696 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1697 MGMT_STATUS_REJECTED);
1698
a7e80f25
JH		 1699 if (cp->val != 0x00 && cp->val != 0x01)
1700 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1701 MGMT_STATUS_INVALID_PARAMS);
1702
ee392693
MH		 1703 hci_dev_lock(hdev);
1704
a0cdf960 1705 if (cp->val) {
ee392693 1706 changed = !test_and_set_bit(HCI_HS_ENABLED, &hdev->dev_flags);
a0cdf960
MH		 1707 } else {
1708 if (hdev_is_powered(hdev)) {
1709 err = cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1710 MGMT_STATUS_REJECTED);
1711 goto unlock;
1712 }
1713
ee392693 1714 changed = test_and_clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
a0cdf960 1715 }
ee392693
MH		 1716
1717 err = send_settings_rsp(sk, MGMT_OP_SET_HS, hdev);
1718 if (err < 0)
1719 goto unlock;
1720
1721 if (changed)
1722 err = new_settings(hdev, sk);
6d80dfd0 1723
ee392693
MH		 1724unlock:
1725 hci_dev_unlock(hdev);
1726 return err;
6d80dfd0
JH		 1727}
1728
416a4ae5
JH		 1729static void le_enable_complete(struct hci_dev *hdev, u8 status)
1730{
1731 struct cmd_lookup match = { NULL, hdev };
1732
1733 if (status) {
1734 u8 mgmt_err = mgmt_status(status);
1735
1736 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, cmd_status_rsp,
1737 &mgmt_err);
1738 return;
1739 }
1740
1741 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, settings_rsp, &match);
1742
1743 new_settings(hdev, match.sk);
1744
1745 if (match.sk)
1746 sock_put(match.sk);
441ad2d0
MH		 1747
1748 /* Make sure the controller has a good default for
1749 * advertising data. Restrict the update to when LE
1750 * has actually been enabled. During power on, the
1751 * update in powered_update_hci will take care of it.
1752 */
1753 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
1754 struct hci_request req;
1755
1756 hci_dev_lock(hdev);
1757
1758 hci_req_init(&req, hdev);
5947f4bc 1759 update_adv_data(&req);
f14d8f64 1760 update_scan_rsp_data(&req);
441ad2d0
MH		 1761 hci_req_run(&req, NULL);
1762
1763 hci_dev_unlock(hdev);
1764 }
416a4ae5
JH		 1765}
1766
bdb6d971 1767static int set_le(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
06199cf8
JH		 1768{
1769 struct mgmt_mode *cp = data;
1770 struct hci_cp_write_le_host_supported hci_cp;
1771 struct pending_cmd *cmd;
416a4ae5 1772 struct hci_request req;
06199cf8 1773 int err;
0b60eba1 1774 u8 val, enabled;
06199cf8 1775
bdb6d971 1776 BT_DBG("request for %s", hdev->name);
06199cf8 1777
13ecd8b6
JH		 1778 if (!lmp_le_capable(hdev))
1779 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1780 MGMT_STATUS_NOT_SUPPORTED);
1de028ce 1781
a7e80f25
JH		 1782 if (cp->val != 0x00 && cp->val != 0x01)
1783 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1784 MGMT_STATUS_INVALID_PARAMS);
1785
c73eee91 1786 /* LE-only devices do not allow toggling LE on/off */
56f87901 1787 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
c73eee91
JH		 1788 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1789 MGMT_STATUS_REJECTED);
1790
13ecd8b6 1791 hci_dev_lock(hdev);
06199cf8
JH		 1792
1793 val = !!cp->val;
ffa88e02 1794 enabled = lmp_host_le_capable(hdev);
06199cf8 1795
0b60eba1 1796 if (!hdev_is_powered(hdev) || val == enabled) {
06199cf8
JH		 1797 bool changed = false;
1798
1799 if (val != test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
1800 change_bit(HCI_LE_ENABLED, &hdev->dev_flags);
1801 changed = true;
1802 }
1803
f3d3444a
JH		 1804 if (!val && test_bit(HCI_ADVERTISING, &hdev->dev_flags)) {
1805 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
eeca6f89
JH		 1806 changed = true;
1807 }
1808
06199cf8
JH		 1809 err = send_settings_rsp(sk, MGMT_OP_SET_LE, hdev);
1810 if (err < 0)
1de028ce 1811 goto unlock;
06199cf8
JH		 1812
1813 if (changed)
1814 err = new_settings(hdev, sk);
1815
1de028ce 1816 goto unlock;
06199cf8
JH		 1817 }
1818
4375f103
JH		 1819 if (mgmt_pending_find(MGMT_OP_SET_LE, hdev) ||
1820 mgmt_pending_find(MGMT_OP_SET_ADVERTISING, hdev)) {
bdb6d971 1821 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
04124681 1822 MGMT_STATUS_BUSY);
1de028ce 1823 goto unlock;
06199cf8
JH		 1824 }
1825
1826 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LE, hdev, data, len);
1827 if (!cmd) {
1828 err = -ENOMEM;
1de028ce 1829 goto unlock;
06199cf8
JH		 1830 }
1831
441ad2d0
MH		 1832 hci_req_init(&req, hdev);
1833
06199cf8
JH		 1834 memset(&hci_cp, 0, sizeof(hci_cp));
1835
1836 if (val) {
1837 hci_cp.le = val;
ffa88e02 1838 hci_cp.simul = lmp_le_br_capable(hdev);
441ad2d0
MH		 1839 } else {
1840 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags))
1841 disable_advertising(&req);
06199cf8
JH		 1842 }
1843
416a4ae5
JH		 1844 hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(hci_cp),
1845 &hci_cp);
1846
1847 err = hci_req_run(&req, le_enable_complete);
0c01bc48 1848 if (err < 0)
06199cf8 1849 mgmt_pending_remove(cmd);
06199cf8 1850
1de028ce
JH		 1851unlock:
1852 hci_dev_unlock(hdev);
06199cf8
JH		 1853 return err;
1854}
1855
0cab9c80
JH		 1856/* This is a helper function to test for pending mgmt commands that can
1857 * cause CoD or EIR HCI commands. We can only allow one such pending
1858 * mgmt command at a time since otherwise we cannot easily track what
1859 * the current values are, will be, and based on that calculate if a new
1860 * HCI command needs to be sent and if yes with what value.
1861 */
1862static bool pending_eir_or_class(struct hci_dev *hdev)
1863{
1864 struct pending_cmd *cmd;
1865
1866 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
1867 switch (cmd->opcode) {
1868 case MGMT_OP_ADD_UUID:
1869 case MGMT_OP_REMOVE_UUID:
1870 case MGMT_OP_SET_DEV_CLASS:
1871 case MGMT_OP_SET_POWERED:
1872 return true;
1873 }
1874 }
1875
1876 return false;
1877}
1878
83be8eca
JH		 1879static const u8 bluetooth_base_uuid[] = {
1880 0xfb, 0x34, 0x9b, 0x5f, 0x80, 0x00, 0x00, 0x80,
1881 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1882};
1883
1884static u8 get_uuid_size(const u8 *uuid)
1885{
1886 u32 val;
1887
1888 if (memcmp(uuid, bluetooth_base_uuid, 12))
1889 return 128;
1890
1891 val = get_unaligned_le32(&uuid[12]);
1892 if (val > 0xffff)
1893 return 32;
1894
1895 return 16;
1896}
1897
92da6097
JH		 1898static void mgmt_class_complete(struct hci_dev *hdev, u16 mgmt_op, u8 status)
1899{
1900 struct pending_cmd *cmd;
1901
1902 hci_dev_lock(hdev);
1903
1904 cmd = mgmt_pending_find(mgmt_op, hdev);
1905 if (!cmd)
1906 goto unlock;
1907
1908 cmd_complete(cmd->sk, cmd->index, cmd->opcode, mgmt_status(status),
1909 hdev->dev_class, 3);
1910
1911 mgmt_pending_remove(cmd);
1912
1913unlock:
1914 hci_dev_unlock(hdev);
1915}
1916
1917static void add_uuid_complete(struct hci_dev *hdev, u8 status)
1918{
1919 BT_DBG("status 0x%02x", status);
1920
1921 mgmt_class_complete(hdev, MGMT_OP_ADD_UUID, status);
1922}
1923
bdb6d971 1924static int add_uuid(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
2aeb9a1a 1925{
650f726d 1926 struct mgmt_cp_add_uuid *cp = data;
90e70454 1927 struct pending_cmd *cmd;
890ea898 1928 struct hci_request req;
2aeb9a1a 1929 struct bt_uuid *uuid;
2aeb9a1a
JH		 1930 int err;
1931
bdb6d971 1932 BT_DBG("request for %s", hdev->name);
2aeb9a1a 1933
09fd0de5 1934 hci_dev_lock(hdev);
2aeb9a1a 1935
0cab9c80 1936 if (pending_eir_or_class(hdev)) {
bdb6d971 1937 err = cmd_status(sk, hdev->id, MGMT_OP_ADD_UUID,
04124681 1938 MGMT_STATUS_BUSY);
c95f0ba7
JH		 1939 goto failed;
1940 }
1941
92c4c204 1942 uuid = kmalloc(sizeof(*uuid), GFP_KERNEL);
2aeb9a1a
JH		 1943 if (!uuid) {
1944 err = -ENOMEM;
1945 goto failed;
1946 }
1947
1948 memcpy(uuid->uuid, cp->uuid, 16);
1aff6f09 1949 uuid->svc_hint = cp->svc_hint;
83be8eca 1950 uuid->size = get_uuid_size(cp->uuid);
2aeb9a1a 1951
de66aa63 1952 list_add_tail(&uuid->list, &hdev->uuids);
2aeb9a1a 1953
890ea898 1954 hci_req_init(&req, hdev);
1aff6f09 1955
890ea898
JH		 1956 update_class(&req);
1957 update_eir(&req);
1958
92da6097
JH		 1959 err = hci_req_run(&req, add_uuid_complete);
1960 if (err < 0) {
1961 if (err != -ENODATA)
1962 goto failed;
80a1e1db 1963
bdb6d971 1964 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_UUID, 0,
04124681 1965 hdev->dev_class, 3);
90e70454
JH		 1966 goto failed;
1967 }
1968
1969 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_UUID, hdev, data, len);
890ea898 1970 if (!cmd) {
90e70454 1971 err = -ENOMEM;
890ea898
JH		 1972 goto failed;
1973 }
1974
1975 err = 0;
2aeb9a1a
JH		 1976
1977failed:
09fd0de5 1978 hci_dev_unlock(hdev);
2aeb9a1a
JH		 1979 return err;
1980}
1981
24b78d0f
JH		 1982static bool enable_service_cache(struct hci_dev *hdev)
1983{
1984 if (!hdev_is_powered(hdev))
1985 return false;
1986
1987 if (!test_and_set_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
46818ed5
JH		 1988 queue_delayed_work(hdev->workqueue, &hdev->service_cache,
1989 CACHE_TIMEOUT);
24b78d0f
JH		 1990 return true;
1991 }
1992
1993 return false;
1994}
1995
92da6097
JH		 1996static void remove_uuid_complete(struct hci_dev *hdev, u8 status)
1997{
1998 BT_DBG("status 0x%02x", status);
1999
2000 mgmt_class_complete(hdev, MGMT_OP_REMOVE_UUID, status);
2001}
2002
bdb6d971 2003static int remove_uuid(struct sock *sk, struct hci_dev *hdev, void *data,
8ce8e2b5 2004 u16 len)
2aeb9a1a 2005{
650f726d 2006 struct mgmt_cp_remove_uuid *cp = data;
90e70454 2007 struct pending_cmd *cmd;
056341c8 2008 struct bt_uuid *match, *tmp;
2aeb9a1a 2009 u8 bt_uuid_any[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
890ea898 2010 struct hci_request req;
2aeb9a1a
JH		 2011 int err, found;
2012
bdb6d971 2013 BT_DBG("request for %s", hdev->name);
2aeb9a1a 2014
09fd0de5 2015 hci_dev_lock(hdev);
2aeb9a1a 2016
0cab9c80 2017 if (pending_eir_or_class(hdev)) {
bdb6d971 2018 err = cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
04124681 2019 MGMT_STATUS_BUSY);
c95f0ba7
JH		 2020 goto unlock;
2021 }
2022
2aeb9a1a
JH		 2023 if (memcmp(cp->uuid, bt_uuid_any, 16) == 0) {
2024 err = hci_uuids_clear(hdev);
4004b6d9 2025
24b78d0f 2026 if (enable_service_cache(hdev)) {
bdb6d971 2027 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID,
04124681 2028 0, hdev->dev_class, 3);
24b78d0f
JH		 2029 goto unlock;
2030 }
4004b6d9 2031
9246a869 2032 goto update_class;
2aeb9a1a
JH		 2033 }
2034
2035 found = 0;
2036
056341c8 2037 list_for_each_entry_safe(match, tmp, &hdev->uuids, list) {
2aeb9a1a
JH		 2038 if (memcmp(match->uuid, cp->uuid, 16) != 0)
2039 continue;
2040
2041 list_del(&match->list);
482049f7 2042 kfree(match);
2aeb9a1a
JH		 2043 found++;
2044 }
2045
2046 if (found == 0) {
bdb6d971 2047 err = cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
04124681 2048 MGMT_STATUS_INVALID_PARAMS);
2aeb9a1a
JH		 2049 goto unlock;
2050 }
2051
9246a869 2052update_class:
890ea898 2053 hci_req_init(&req, hdev);
1aff6f09 2054
890ea898
JH		 2055 update_class(&req);
2056 update_eir(&req);
2057
92da6097
JH		 2058 err = hci_req_run(&req, remove_uuid_complete);
2059 if (err < 0) {
2060 if (err != -ENODATA)
2061 goto unlock;
80a1e1db 2062
bdb6d971 2063 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID, 0,
04124681 2064 hdev->dev_class, 3);
90e70454
JH		 2065 goto unlock;
2066 }
2067
2068 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_UUID, hdev, data, len);
890ea898 2069 if (!cmd) {
90e70454 2070 err = -ENOMEM;
890ea898
JH		 2071 goto unlock;
2072 }
2073
2074 err = 0;
2aeb9a1a
JH		 2075
2076unlock:
09fd0de5 2077 hci_dev_unlock(hdev);
2aeb9a1a
JH		 2078 return err;
2079}
2080
92da6097
JH		 2081static void set_class_complete(struct hci_dev *hdev, u8 status)
2082{
2083 BT_DBG("status 0x%02x", status);
2084
2085 mgmt_class_complete(hdev, MGMT_OP_SET_DEV_CLASS, status);
2086}
2087
bdb6d971 2088static int set_dev_class(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2089 u16 len)
1aff6f09 2090{
650f726d 2091 struct mgmt_cp_set_dev_class *cp = data;
90e70454 2092 struct pending_cmd *cmd;
890ea898 2093 struct hci_request req;
1aff6f09
JH		 2094 int err;
2095
bdb6d971 2096 BT_DBG("request for %s", hdev->name);
1aff6f09 2097
6203fc98 2098 if (!lmp_bredr_capable(hdev))
13ecd8b6
JH		 2099 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2100 MGMT_STATUS_NOT_SUPPORTED);
1aff6f09 2101
0cab9c80 2102 hci_dev_lock(hdev);
ee98f473 2103
0cab9c80
JH		 2104 if (pending_eir_or_class(hdev)) {
2105 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2106 MGMT_STATUS_BUSY);
2107 goto unlock;
2108 }
c95f0ba7 2109
0cab9c80
JH		 2110 if ((cp->minor & 0x03) != 0 || (cp->major & 0xe0) != 0) {
2111 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2112 MGMT_STATUS_INVALID_PARAMS);
2113 goto unlock;
2114 }
575b3a02 2115
932f5ff5
JH		 2116 hdev->major_class = cp->major;
2117 hdev->minor_class = cp->minor;
2118
b5235a65 2119 if (!hdev_is_powered(hdev)) {
bdb6d971 2120 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
04124681 2121 hdev->dev_class, 3);
b5235a65
JH		 2122 goto unlock;
2123 }
2124
890ea898
JH		 2125 hci_req_init(&req, hdev);
2126
a8b2d5c2 2127 if (test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
7d78525d
JH		 2128 hci_dev_unlock(hdev);
2129 cancel_delayed_work_sync(&hdev->service_cache);
2130 hci_dev_lock(hdev);
890ea898 2131 update_eir(&req);
7d78525d 2132 }
14c0b608 2133
890ea898
JH		 2134 update_class(&req);
2135
92da6097
JH		 2136 err = hci_req_run(&req, set_class_complete);
2137 if (err < 0) {
2138 if (err != -ENODATA)
2139 goto unlock;
1aff6f09 2140
bdb6d971 2141 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
04124681 2142 hdev->dev_class, 3);
90e70454
JH		 2143 goto unlock;
2144 }
2145
2146 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DEV_CLASS, hdev, data, len);
890ea898 2147 if (!cmd) {
90e70454 2148 err = -ENOMEM;
890ea898
JH		 2149 goto unlock;
2150 }
2151
2152 err = 0;
1aff6f09 2153
b5235a65 2154unlock:
09fd0de5 2155 hci_dev_unlock(hdev);
1aff6f09
JH		 2156 return err;
2157}
2158
bdb6d971 2159static int load_link_keys(struct sock *sk, struct hci_dev *hdev, void *data,
8ce8e2b5 2160 u16 len)
55ed8ca1 2161{
650f726d 2162 struct mgmt_cp_load_link_keys *cp = data;
4e51eae9 2163 u16 key_count, expected_len;
a492cd52 2164 int i;
55ed8ca1 2165
9060d5cf
MH		 2166 BT_DBG("request for %s", hdev->name);
2167
2168 if (!lmp_bredr_capable(hdev))
2169 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2170 MGMT_STATUS_NOT_SUPPORTED);
2171
1f350c87 2172 key_count = __le16_to_cpu(cp->key_count);
55ed8ca1 2173
86742e1e
JH		 2174 expected_len = sizeof(*cp) + key_count *
2175 sizeof(struct mgmt_link_key_info);
a492cd52 2176 if (expected_len != len) {
86742e1e 2177 BT_ERR("load_link_keys: expected %u bytes, got %u bytes",
8ce8e2b5 2178 len, expected_len);
bdb6d971 2179 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
04124681 2180 MGMT_STATUS_INVALID_PARAMS);
55ed8ca1
JH		 2181 }
2182
4ae14301
JH		 2183 if (cp->debug_keys != 0x00 && cp->debug_keys != 0x01)
2184 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2185 MGMT_STATUS_INVALID_PARAMS);
2186
bdb6d971 2187 BT_DBG("%s debug_keys %u key_count %u", hdev->name, cp->debug_keys,
8ce8e2b5 2188 key_count);
55ed8ca1 2189
4ee71b20
JH		 2190 for (i = 0; i < key_count; i++) {
2191 struct mgmt_link_key_info *key = &cp->keys[i];
2192
2193 if (key->addr.type != BDADDR_BREDR)
2194 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2195 MGMT_STATUS_INVALID_PARAMS);
2196 }
2197
09fd0de5 2198 hci_dev_lock(hdev);
55ed8ca1
JH		 2199
2200 hci_link_keys_clear(hdev);
2201
55ed8ca1 2202 if (cp->debug_keys)
a8b2d5c2 2203 set_bit(HCI_DEBUG_KEYS, &hdev->dev_flags);
55ed8ca1 2204 else
a8b2d5c2 2205 clear_bit(HCI_DEBUG_KEYS, &hdev->dev_flags);
55ed8ca1 2206
a492cd52 2207 for (i = 0; i < key_count; i++) {
86742e1e 2208 struct mgmt_link_key_info *key = &cp->keys[i];
55ed8ca1 2209
d753fdc4 2210 hci_add_link_key(hdev, NULL, 0, &key->addr.bdaddr, key->val,
04124681 2211 key->type, key->pin_len);
55ed8ca1
JH		 2212 }
2213
bdb6d971 2214 cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS, 0, NULL, 0);
0e5f875a 2215
09fd0de5 2216 hci_dev_unlock(hdev);
55ed8ca1 2217
a492cd52 2218 return 0;
55ed8ca1
JH		 2219}
2220
b1078ad0 2221static int device_unpaired(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 2222 u8 addr_type, struct sock *skip_sk)
b1078ad0
JH		 2223{
2224 struct mgmt_ev_device_unpaired ev;
2225
2226 bacpy(&ev.addr.bdaddr, bdaddr);
2227 ev.addr.type = addr_type;
2228
2229 return mgmt_event(MGMT_EV_DEVICE_UNPAIRED, hdev, &ev, sizeof(ev),
04124681 2230 skip_sk);
b1078ad0
JH		 2231}
2232
bdb6d971 2233static int unpair_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2234 u16 len)
55ed8ca1 2235{
124f6e35
JH		 2236 struct mgmt_cp_unpair_device *cp = data;
2237 struct mgmt_rp_unpair_device rp;
a8a1d19e
JH		 2238 struct hci_cp_disconnect dc;
2239 struct pending_cmd *cmd;
55ed8ca1 2240 struct hci_conn *conn;
55ed8ca1
JH		 2241 int err;
2242
a8a1d19e 2243 memset(&rp, 0, sizeof(rp));
124f6e35
JH		 2244 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2245 rp.addr.type = cp->addr.type;
a8a1d19e 2246
4ee71b20
JH		 2247 if (!bdaddr_type_is_valid(cp->addr.type))
2248 return cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2249 MGMT_STATUS_INVALID_PARAMS,
2250 &rp, sizeof(rp));
2251
118da70b
JH		 2252 if (cp->disconnect != 0x00 && cp->disconnect != 0x01)
2253 return cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2254 MGMT_STATUS_INVALID_PARAMS,
2255 &rp, sizeof(rp));
2256
4ee71b20
JH		 2257 hci_dev_lock(hdev);
2258
86a8cfc6 2259 if (!hdev_is_powered(hdev)) {
bdb6d971 2260 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
04124681 2261 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
86a8cfc6
JH		 2262 goto unlock;
2263 }
2264
591f47f3 2265 if (cp->addr.type == BDADDR_BREDR)
124f6e35
JH		 2266 err = hci_remove_link_key(hdev, &cp->addr.bdaddr);
2267 else
2268 err = hci_remove_ltk(hdev, &cp->addr.bdaddr);
b0dbfb46 2269
55ed8ca1 2270 if (err < 0) {
bdb6d971 2271 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
04124681 2272 MGMT_STATUS_NOT_PAIRED, &rp, sizeof(rp));
55ed8ca1
JH		 2273 goto unlock;
2274 }
2275
86a8cfc6 2276 if (cp->disconnect) {
591f47f3 2277 if (cp->addr.type == BDADDR_BREDR)
86a8cfc6 2278 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
8ce8e2b5 2279 &cp->addr.bdaddr);
86a8cfc6
JH		 2280 else
2281 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK,
8ce8e2b5 2282 &cp->addr.bdaddr);
86a8cfc6
JH		 2283 } else {
2284 conn = NULL;
2285 }
124f6e35 2286
a8a1d19e 2287 if (!conn) {
bdb6d971 2288 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE, 0,
04124681 2289 &rp, sizeof(rp));
b1078ad0 2290 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, sk);
a8a1d19e
JH		 2291 goto unlock;
2292 }
55ed8ca1 2293
124f6e35 2294 cmd = mgmt_pending_add(sk, MGMT_OP_UNPAIR_DEVICE, hdev, cp,
04124681 2295 sizeof(*cp));
a8a1d19e
JH		 2296 if (!cmd) {
2297 err = -ENOMEM;
2298 goto unlock;
55ed8ca1
JH		 2299 }
2300
eb55ef07 2301 dc.handle = cpu_to_le16(conn->handle);
a8a1d19e
JH		 2302 dc.reason = 0x13; /* Remote User Terminated Connection */
2303 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
2304 if (err < 0)
2305 mgmt_pending_remove(cmd);
2306
55ed8ca1 2307unlock:
09fd0de5 2308 hci_dev_unlock(hdev);
55ed8ca1
JH		 2309 return err;
2310}
2311
bdb6d971 2312static int disconnect(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2313 u16 len)
8962ee74 2314{
650f726d 2315 struct mgmt_cp_disconnect *cp = data;
06a63b19 2316 struct mgmt_rp_disconnect rp;
8962ee74 2317 struct hci_cp_disconnect dc;
366a0336 2318 struct pending_cmd *cmd;
8962ee74 2319 struct hci_conn *conn;
8962ee74
JH		 2320 int err;
2321
2322 BT_DBG("");
2323
06a63b19
JH		 2324 memset(&rp, 0, sizeof(rp));
2325 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2326 rp.addr.type = cp->addr.type;
2327
4ee71b20 2328 if (!bdaddr_type_is_valid(cp->addr.type))
06a63b19
JH		 2329 return cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2330 MGMT_STATUS_INVALID_PARAMS,
2331 &rp, sizeof(rp));
4ee71b20 2332
09fd0de5 2333 hci_dev_lock(hdev);
8962ee74
JH		 2334
2335 if (!test_bit(HCI_UP, &hdev->flags)) {
06a63b19
JH		 2336 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2337 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
8962ee74
JH		 2338 goto failed;
2339 }
2340
2e58ef3e 2341 if (mgmt_pending_find(MGMT_OP_DISCONNECT, hdev)) {
06a63b19
JH		 2342 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2343 MGMT_STATUS_BUSY, &rp, sizeof(rp));
8962ee74
JH		 2344 goto failed;
2345 }
2346
591f47f3 2347 if (cp->addr.type == BDADDR_BREDR)
8fc9ced3
GP		 2348 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
2349 &cp->addr.bdaddr);
88c3df13
JH		 2350 else
2351 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
365227e5 2352
f960727e 2353 if (!conn || conn->state == BT_OPEN || conn->state == BT_CLOSED) {
06a63b19
JH		 2354 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2355 MGMT_STATUS_NOT_CONNECTED, &rp, sizeof(rp));
8962ee74
JH		 2356 goto failed;
2357 }
2358
2e58ef3e 2359 cmd = mgmt_pending_add(sk, MGMT_OP_DISCONNECT, hdev, data, len);
366a0336
JH		 2360 if (!cmd) {
2361 err = -ENOMEM;
8962ee74 2362 goto failed;
366a0336 2363 }
8962ee74 2364
eb55ef07 2365 dc.handle = cpu_to_le16(conn->handle);
3701f944 2366 dc.reason = HCI_ERROR_REMOTE_USER_TERM;
8962ee74
JH		 2367
2368 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
2369 if (err < 0)
a664b5bc 2370 mgmt_pending_remove(cmd);
8962ee74
JH		 2371
2372failed:
09fd0de5 2373 hci_dev_unlock(hdev);
8962ee74
JH		 2374 return err;
2375}
2376
57c1477c 2377static u8 link_to_bdaddr(u8 link_type, u8 addr_type)
4c659c39
JH		 2378{
2379 switch (link_type) {
2380 case LE_LINK:
48264f06
JH		 2381 switch (addr_type) {
2382 case ADDR_LE_DEV_PUBLIC:
591f47f3 2383 return BDADDR_LE_PUBLIC;
0ed09148 2384
48264f06 2385 default:
0ed09148 2386 /* Fallback to LE Random address type */
591f47f3 2387 return BDADDR_LE_RANDOM;
48264f06 2388 }
0ed09148 2389
4c659c39 2390 default:
0ed09148 2391 /* Fallback to BR/EDR type */
591f47f3 2392 return BDADDR_BREDR;
4c659c39
JH		 2393 }
2394}
2395
04124681
GP		 2396static int get_connections(struct sock *sk, struct hci_dev *hdev, void *data,
2397 u16 data_len)
2784eb41 2398{
2784eb41 2399 struct mgmt_rp_get_connections *rp;
8035ded4 2400 struct hci_conn *c;
a38528f1 2401 size_t rp_len;
60fc5fb6
JH		 2402 int err;
2403 u16 i;
2784eb41
JH		 2404
2405 BT_DBG("");
2406
09fd0de5 2407 hci_dev_lock(hdev);
2784eb41 2408
5f97c1df 2409 if (!hdev_is_powered(hdev)) {
bdb6d971 2410 err = cmd_status(sk, hdev->id, MGMT_OP_GET_CONNECTIONS,
04124681 2411 MGMT_STATUS_NOT_POWERED);
5f97c1df
JH		 2412 goto unlock;
2413 }
2414
60fc5fb6 2415 i = 0;
b644ba33
JH		 2416 list_for_each_entry(c, &hdev->conn_hash.list, list) {
2417 if (test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
60fc5fb6 2418 i++;
2784eb41
JH		 2419 }
2420
60fc5fb6 2421 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
92c4c204 2422 rp = kmalloc(rp_len, GFP_KERNEL);
a38528f1 2423 if (!rp) {
2784eb41
JH		 2424 err = -ENOMEM;
2425 goto unlock;
2426 }
2427
2784eb41 2428 i = 0;
4c659c39 2429 list_for_each_entry(c, &hdev->conn_hash.list, list) {
b644ba33
JH		 2430 if (!test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
2431 continue;
4c659c39 2432 bacpy(&rp->addr[i].bdaddr, &c->dst);
57c1477c 2433 rp->addr[i].type = link_to_bdaddr(c->type, c->dst_type);
0ed09148 2434 if (c->type == SCO_LINK || c->type == ESCO_LINK)
4c659c39
JH		 2435 continue;
2436 i++;
2437 }
2438
eb55ef07 2439 rp->conn_count = cpu_to_le16(i);
60fc5fb6 2440
4c659c39
JH		 2441 /* Recalculate length in case of filtered SCO connections, etc */
2442 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
2784eb41 2443
bdb6d971 2444 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CONNECTIONS, 0, rp,
04124681 2445 rp_len);
2784eb41 2446
a38528f1 2447 kfree(rp);
5f97c1df
JH		 2448
2449unlock:
09fd0de5 2450 hci_dev_unlock(hdev);
2784eb41
JH		 2451 return err;
2452}
2453
bdb6d971 2454static int send_pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 2455 struct mgmt_cp_pin_code_neg_reply *cp)
96d97a67
WR		 2456{
2457 struct pending_cmd *cmd;
2458 int err;
2459
2e58ef3e 2460 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_NEG_REPLY, hdev, cp,
04124681 2461 sizeof(*cp));
96d97a67
WR		 2462 if (!cmd)
2463 return -ENOMEM;
2464
d8457698 2465 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
04124681 2466 sizeof(cp->addr.bdaddr), &cp->addr.bdaddr);
96d97a67
WR		 2467 if (err < 0)
2468 mgmt_pending_remove(cmd);
2469
2470 return err;
2471}
2472
bdb6d971 2473static int pin_code_reply(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2474 u16 len)
980e1a53 2475{
96d97a67 2476 struct hci_conn *conn;
650f726d 2477 struct mgmt_cp_pin_code_reply *cp = data;
980e1a53 2478 struct hci_cp_pin_code_reply reply;
366a0336 2479 struct pending_cmd *cmd;
980e1a53
JH		 2480 int err;
2481
2482 BT_DBG("");
2483
09fd0de5 2484 hci_dev_lock(hdev);
980e1a53 2485
4b34ee78 2486 if (!hdev_is_powered(hdev)) {
bdb6d971 2487 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
04124681 2488 MGMT_STATUS_NOT_POWERED);
980e1a53
JH		 2489 goto failed;
2490 }
2491
d8457698 2492 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->addr.bdaddr);
96d97a67 2493 if (!conn) {
bdb6d971 2494 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
04124681 2495 MGMT_STATUS_NOT_CONNECTED);
96d97a67
WR		 2496 goto failed;
2497 }
2498
2499 if (conn->pending_sec_level == BT_SECURITY_HIGH && cp->pin_len != 16) {
d8457698
JH		 2500 struct mgmt_cp_pin_code_neg_reply ncp;
2501
2502 memcpy(&ncp.addr, &cp->addr, sizeof(ncp.addr));
96d97a67
WR		 2503
2504 BT_ERR("PIN code is not 16 bytes long");
2505
bdb6d971 2506 err = send_pin_code_neg_reply(sk, hdev, &ncp);
96d97a67 2507 if (err >= 0)
bdb6d971 2508 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
04124681 2509 MGMT_STATUS_INVALID_PARAMS);
96d97a67
WR		 2510
2511 goto failed;
2512 }
2513
00abfe44 2514 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_REPLY, hdev, data, len);
366a0336
JH		 2515 if (!cmd) {
2516 err = -ENOMEM;
980e1a53 2517 goto failed;
366a0336 2518 }
980e1a53 2519
d8457698 2520 bacpy(&reply.bdaddr, &cp->addr.bdaddr);
980e1a53 2521 reply.pin_len = cp->pin_len;
24718ca5 2522 memcpy(reply.pin_code, cp->pin_code, sizeof(reply.pin_code));
980e1a53
JH		 2523
2524 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_REPLY, sizeof(reply), &reply);
2525 if (err < 0)
a664b5bc 2526 mgmt_pending_remove(cmd);
980e1a53
JH		 2527
2528failed:
09fd0de5 2529 hci_dev_unlock(hdev);
980e1a53
JH		 2530 return err;
2531}
2532
04124681
GP		 2533static int set_io_capability(struct sock *sk, struct hci_dev *hdev, void *data,
2534 u16 len)
17fa4b9d 2535{
650f726d 2536 struct mgmt_cp_set_io_capability *cp = data;
17fa4b9d
JH		 2537
2538 BT_DBG("");
2539
09fd0de5 2540 hci_dev_lock(hdev);
17fa4b9d
JH		 2541
2542 hdev->io_capability = cp->io_capability;
2543
2544 BT_DBG("%s IO capability set to 0x%02x", hdev->name,
8ce8e2b5 2545 hdev->io_capability);
17fa4b9d 2546
09fd0de5 2547 hci_dev_unlock(hdev);
17fa4b9d 2548
04124681
GP		 2549 return cmd_complete(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY, 0, NULL,
2550 0);
17fa4b9d
JH		 2551}
2552
6039aa73 2553static struct pending_cmd *find_pairing(struct hci_conn *conn)
e9a416b5
JH		 2554{
2555 struct hci_dev *hdev = conn->hdev;
8035ded4 2556 struct pending_cmd *cmd;
e9a416b5 2557
2e58ef3e 2558 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
e9a416b5
JH		 2559 if (cmd->opcode != MGMT_OP_PAIR_DEVICE)
2560 continue;
2561
e9a416b5
JH		 2562 if (cmd->user_data != conn)
2563 continue;
2564
2565 return cmd;
2566 }
2567
2568 return NULL;
2569}
2570
2571static void pairing_complete(struct pending_cmd *cmd, u8 status)
2572{
2573 struct mgmt_rp_pair_device rp;
2574 struct hci_conn *conn = cmd->user_data;
2575
ba4e564f 2576 bacpy(&rp.addr.bdaddr, &conn->dst);
57c1477c 2577 rp.addr.type = link_to_bdaddr(conn->type, conn->dst_type);
e9a416b5 2578
aee9b218 2579 cmd_complete(cmd->sk, cmd->index, MGMT_OP_PAIR_DEVICE, status,
04124681 2580 &rp, sizeof(rp));
e9a416b5
JH		 2581
2582 /* So we don't get further callbacks for this connection */
2583 conn->connect_cfm_cb = NULL;
2584 conn->security_cfm_cb = NULL;
2585 conn->disconn_cfm_cb = NULL;
2586
76a68ba0 2587 hci_conn_drop(conn);
e9a416b5 2588
a664b5bc 2589 mgmt_pending_remove(cmd);
e9a416b5
JH		 2590}
2591
2592static void pairing_complete_cb(struct hci_conn *conn, u8 status)
2593{
2594 struct pending_cmd *cmd;
2595
2596 BT_DBG("status %u", status);
2597
2598 cmd = find_pairing(conn);
56e5cb86 2599 if (!cmd)
e9a416b5 2600 BT_DBG("Unable to find a pending command");
56e5cb86 2601 else
e211326c 2602 pairing_complete(cmd, mgmt_status(status));
e9a416b5
JH		 2603}
2604
4c47d739
VA		 2605static void le_connect_complete_cb(struct hci_conn *conn, u8 status)
2606{
2607 struct pending_cmd *cmd;
2608
2609 BT_DBG("status %u", status);
2610
2611 if (!status)
2612 return;
2613
2614 cmd = find_pairing(conn);
2615 if (!cmd)
2616 BT_DBG("Unable to find a pending command");
2617 else
2618 pairing_complete(cmd, mgmt_status(status));
2619}
2620
bdb6d971 2621static int pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2622 u16 len)
e9a416b5 2623{
650f726d 2624 struct mgmt_cp_pair_device *cp = data;
1425acb7 2625 struct mgmt_rp_pair_device rp;
e9a416b5
JH		 2626 struct pending_cmd *cmd;
2627 u8 sec_level, auth_type;
2628 struct hci_conn *conn;
e9a416b5
JH		 2629 int err;
2630
2631 BT_DBG("");
2632
f950a30e
SJ		 2633 memset(&rp, 0, sizeof(rp));
2634 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2635 rp.addr.type = cp->addr.type;
2636
4ee71b20
JH		 2637 if (!bdaddr_type_is_valid(cp->addr.type))
2638 return cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2639 MGMT_STATUS_INVALID_PARAMS,
2640 &rp, sizeof(rp));
2641
09fd0de5 2642 hci_dev_lock(hdev);
e9a416b5 2643
5f97c1df 2644 if (!hdev_is_powered(hdev)) {
f950a30e
SJ		 2645 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2646 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
5f97c1df
JH		 2647 goto unlock;
2648 }
2649
c908df36
VCG		 2650 sec_level = BT_SECURITY_MEDIUM;
2651 if (cp->io_cap == 0x03)
e9a416b5 2652 auth_type = HCI_AT_DEDICATED_BONDING;
c908df36 2653 else
e9a416b5 2654 auth_type = HCI_AT_DEDICATED_BONDING_MITM;
e9a416b5 2655
591f47f3 2656 if (cp->addr.type == BDADDR_BREDR)
b12f62cf
AG		 2657 conn = hci_connect(hdev, ACL_LINK, &cp->addr.bdaddr,
2658 cp->addr.type, sec_level, auth_type);
7a512d01 2659 else
b12f62cf
AG		 2660 conn = hci_connect(hdev, LE_LINK, &cp->addr.bdaddr,
2661 cp->addr.type, sec_level, auth_type);
7a512d01 2662
30e76272 2663 if (IS_ERR(conn)) {
489dc48e
AK		 2664 int status;
2665
2666 if (PTR_ERR(conn) == -EBUSY)
2667 status = MGMT_STATUS_BUSY;
2668 else
2669 status = MGMT_STATUS_CONNECT_FAILED;
2670
bdb6d971 2671 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
489dc48e 2672 status, &rp,
04124681 2673 sizeof(rp));
e9a416b5
JH		 2674 goto unlock;
2675 }
2676
2677 if (conn->connect_cfm_cb) {
76a68ba0 2678 hci_conn_drop(conn);
bdb6d971 2679 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
04124681 2680 MGMT_STATUS_BUSY, &rp, sizeof(rp));
e9a416b5
JH		 2681 goto unlock;
2682 }
2683
2e58ef3e 2684 cmd = mgmt_pending_add(sk, MGMT_OP_PAIR_DEVICE, hdev, data, len);
e9a416b5
JH		 2685 if (!cmd) {
2686 err = -ENOMEM;
76a68ba0 2687 hci_conn_drop(conn);
e9a416b5
JH		 2688 goto unlock;
2689 }
2690
7a512d01 2691 /* For LE, just connecting isn't a proof that the pairing finished */
591f47f3 2692 if (cp->addr.type == BDADDR_BREDR)
7a512d01 2693 conn->connect_cfm_cb = pairing_complete_cb;
4c47d739
VA		 2694 else
2695 conn->connect_cfm_cb = le_connect_complete_cb;
7a512d01 2696
e9a416b5
JH		 2697 conn->security_cfm_cb = pairing_complete_cb;
2698 conn->disconn_cfm_cb = pairing_complete_cb;
2699 conn->io_capability = cp->io_cap;
2700 cmd->user_data = conn;
2701
2702 if (conn->state == BT_CONNECTED &&
8ce8e2b5 2703 hci_conn_security(conn, sec_level, auth_type))
e9a416b5
JH		 2704 pairing_complete(cmd, 0);
2705
2706 err = 0;
2707
2708unlock:
09fd0de5 2709 hci_dev_unlock(hdev);
e9a416b5
JH		 2710 return err;
2711}
2712
04124681
GP		 2713static int cancel_pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
2714 u16 len)
28424707 2715{
0f4e68cf 2716 struct mgmt_addr_info *addr = data;
28424707
JH		 2717 struct pending_cmd *cmd;
2718 struct hci_conn *conn;
2719 int err;
2720
2721 BT_DBG("");
2722
28424707
JH		 2723 hci_dev_lock(hdev);
2724
5f97c1df 2725 if (!hdev_is_powered(hdev)) {
bdb6d971 2726 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
04124681 2727 MGMT_STATUS_NOT_POWERED);
5f97c1df
JH		 2728 goto unlock;
2729 }
2730
28424707
JH		 2731 cmd = mgmt_pending_find(MGMT_OP_PAIR_DEVICE, hdev);
2732 if (!cmd) {
bdb6d971 2733 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
04124681 2734 MGMT_STATUS_INVALID_PARAMS);
28424707
JH		 2735 goto unlock;
2736 }
2737
2738 conn = cmd->user_data;
2739
2740 if (bacmp(&addr->bdaddr, &conn->dst) != 0) {
bdb6d971 2741 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
04124681 2742 MGMT_STATUS_INVALID_PARAMS);
28424707
JH		 2743 goto unlock;
2744 }
2745
2746 pairing_complete(cmd, MGMT_STATUS_CANCELLED);
2747
bdb6d971 2748 err = cmd_complete(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE, 0,
04124681 2749 addr, sizeof(*addr));
28424707
JH		 2750unlock:
2751 hci_dev_unlock(hdev);
28424707
JH		 2752 return err;
2753}
2754
bdb6d971 2755static int user_pairing_resp(struct sock *sk, struct hci_dev *hdev,
1707c60e 2756 struct mgmt_addr_info *addr, u16 mgmt_op,
04124681 2757 u16 hci_op, __le32 passkey)
a5c29683 2758{
a5c29683 2759 struct pending_cmd *cmd;
0df4c185 2760 struct hci_conn *conn;
a5c29683
JH		 2761 int err;
2762
09fd0de5 2763 hci_dev_lock(hdev);
08ba5382 2764
4b34ee78 2765 if (!hdev_is_powered(hdev)) {
feb94d3d
JH		 2766 err = cmd_complete(sk, hdev->id, mgmt_op,
2767 MGMT_STATUS_NOT_POWERED, addr,
2768 sizeof(*addr));
0df4c185 2769 goto done;
a5c29683
JH		 2770 }
2771
1707c60e
JH		 2772 if (addr->type == BDADDR_BREDR)
2773 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &addr->bdaddr);
272d90df 2774 else
1707c60e 2775 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &addr->bdaddr);
272d90df
JH		 2776
2777 if (!conn) {
feb94d3d
JH		 2778 err = cmd_complete(sk, hdev->id, mgmt_op,
2779 MGMT_STATUS_NOT_CONNECTED, addr,
2780 sizeof(*addr));
272d90df
JH		 2781 goto done;
2782 }
47c15e2b 2783
1707c60e 2784 if (addr->type == BDADDR_LE_PUBLIC || addr->type == BDADDR_LE_RANDOM) {
47c15e2b 2785 /* Continue with pairing via SMP */
5fe57d9e
BG		 2786 err = smp_user_confirm_reply(conn, mgmt_op, passkey);
2787
2788 if (!err)
feb94d3d
JH		 2789 err = cmd_complete(sk, hdev->id, mgmt_op,
2790 MGMT_STATUS_SUCCESS, addr,
2791 sizeof(*addr));
5fe57d9e 2792 else
feb94d3d
JH		 2793 err = cmd_complete(sk, hdev->id, mgmt_op,
2794 MGMT_STATUS_FAILED, addr,
2795 sizeof(*addr));
47c15e2b 2796
47c15e2b
BG		 2797 goto done;
2798 }
2799
1707c60e 2800 cmd = mgmt_pending_add(sk, mgmt_op, hdev, addr, sizeof(*addr));
a5c29683
JH		 2801 if (!cmd) {
2802 err = -ENOMEM;
0df4c185 2803 goto done;
a5c29683
JH		 2804 }
2805
0df4c185 2806 /* Continue with pairing via HCI */
604086b7
BG		 2807 if (hci_op == HCI_OP_USER_PASSKEY_REPLY) {
2808 struct hci_cp_user_passkey_reply cp;
2809
1707c60e 2810 bacpy(&cp.bdaddr, &addr->bdaddr);
604086b7
BG		 2811 cp.passkey = passkey;
2812 err = hci_send_cmd(hdev, hci_op, sizeof(cp), &cp);
2813 } else
1707c60e
JH		 2814 err = hci_send_cmd(hdev, hci_op, sizeof(addr->bdaddr),
2815 &addr->bdaddr);
604086b7 2816
a664b5bc
JH		 2817 if (err < 0)
2818 mgmt_pending_remove(cmd);
a5c29683 2819
0df4c185 2820done:
09fd0de5 2821 hci_dev_unlock(hdev);
a5c29683
JH		 2822 return err;
2823}
2824
afeb019d
JK		 2825static int pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
2826 void *data, u16 len)
2827{
2828 struct mgmt_cp_pin_code_neg_reply *cp = data;
2829
2830 BT_DBG("");
2831
1707c60e 2832 return user_pairing_resp(sk, hdev, &cp->addr,
afeb019d
JK		 2833 MGMT_OP_PIN_CODE_NEG_REPLY,
2834 HCI_OP_PIN_CODE_NEG_REPLY, 0);
2835}
2836
04124681
GP		 2837static int user_confirm_reply(struct sock *sk, struct hci_dev *hdev, void *data,
2838 u16 len)
0df4c185 2839{
650f726d 2840 struct mgmt_cp_user_confirm_reply *cp = data;
0df4c185
BG		 2841
2842 BT_DBG("");
2843
2844 if (len != sizeof(*cp))
bdb6d971 2845 return cmd_status(sk, hdev->id, MGMT_OP_USER_CONFIRM_REPLY,
04124681 2846 MGMT_STATUS_INVALID_PARAMS);
0df4c185 2847
1707c60e 2848 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 2849 MGMT_OP_USER_CONFIRM_REPLY,
2850 HCI_OP_USER_CONFIRM_REPLY, 0);
0df4c185
BG		 2851}
2852
bdb6d971 2853static int user_confirm_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 2854 void *data, u16 len)
0df4c185 2855{
c9c2659f 2856 struct mgmt_cp_user_confirm_neg_reply *cp = data;
0df4c185
BG		 2857
2858 BT_DBG("");
2859
1707c60e 2860 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 2861 MGMT_OP_USER_CONFIRM_NEG_REPLY,
2862 HCI_OP_USER_CONFIRM_NEG_REPLY, 0);
0df4c185
BG		 2863}
2864
04124681
GP		 2865static int user_passkey_reply(struct sock *sk, struct hci_dev *hdev, void *data,
2866 u16 len)
604086b7 2867{
650f726d 2868 struct mgmt_cp_user_passkey_reply *cp = data;
604086b7
BG		 2869
2870 BT_DBG("");
2871
1707c60e 2872 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 2873 MGMT_OP_USER_PASSKEY_REPLY,
2874 HCI_OP_USER_PASSKEY_REPLY, cp->passkey);
604086b7
BG		 2875}
2876
bdb6d971 2877static int user_passkey_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 2878 void *data, u16 len)
604086b7 2879{
650f726d 2880 struct mgmt_cp_user_passkey_neg_reply *cp = data;
604086b7
BG		 2881
2882 BT_DBG("");
2883
1707c60e 2884 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 2885 MGMT_OP_USER_PASSKEY_NEG_REPLY,
2886 HCI_OP_USER_PASSKEY_NEG_REPLY, 0);
604086b7
BG		 2887}
2888
13928971 2889static void update_name(struct hci_request *req)
2b4bf397 2890{
13928971 2891 struct hci_dev *hdev = req->hdev;
2b4bf397
JH		 2892 struct hci_cp_write_local_name cp;
2893
13928971 2894 memcpy(cp.name, hdev->dev_name, sizeof(cp.name));
2b4bf397 2895
890ea898 2896 hci_req_add(req, HCI_OP_WRITE_LOCAL_NAME, sizeof(cp), &cp);
2b4bf397
JH		 2897}
2898
13928971
JH		 2899static void set_name_complete(struct hci_dev *hdev, u8 status)
2900{
2901 struct mgmt_cp_set_local_name *cp;
2902 struct pending_cmd *cmd;
2903
2904 BT_DBG("status 0x%02x", status);
2905
2906 hci_dev_lock(hdev);
2907
2908 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
2909 if (!cmd)
2910 goto unlock;
2911
2912 cp = cmd->param;
2913
2914 if (status)
2915 cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME,
2916 mgmt_status(status));
2917 else
2918 cmd_complete(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
2919 cp, sizeof(*cp));
2920
2921 mgmt_pending_remove(cmd);
2922
2923unlock:
2924 hci_dev_unlock(hdev);
2925}
2926
bdb6d971 2927static int set_local_name(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2928 u16 len)
b312b161 2929{
2b4bf397 2930 struct mgmt_cp_set_local_name *cp = data;
b312b161 2931 struct pending_cmd *cmd;
890ea898 2932 struct hci_request req;
b312b161
JH		 2933 int err;
2934
2935 BT_DBG("");
2936
09fd0de5 2937 hci_dev_lock(hdev);
b312b161 2938
b3f2ca94
JH		 2939 /* If the old values are the same as the new ones just return a
2940 * direct command complete event.
2941 */
2942 if (!memcmp(hdev->dev_name, cp->name, sizeof(hdev->dev_name)) &&
2943 !memcmp(hdev->short_name, cp->short_name,
2944 sizeof(hdev->short_name))) {
2945 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
2946 data, len);
2947 goto failed;
2948 }
2949
2b4bf397 2950 memcpy(hdev->short_name, cp->short_name, sizeof(hdev->short_name));
28cc7bde 2951
b5235a65 2952 if (!hdev_is_powered(hdev)) {
2b4bf397 2953 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
28cc7bde
JH		 2954
2955 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
04124681 2956 data, len);
28cc7bde
JH		 2957 if (err < 0)
2958 goto failed;
2959
2960 err = mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, data, len,
04124681 2961 sk);
28cc7bde 2962
b5235a65
JH		 2963 goto failed;
2964 }
2965
28cc7bde 2966 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LOCAL_NAME, hdev, data, len);
b312b161
JH		 2967 if (!cmd) {
2968 err = -ENOMEM;
2969 goto failed;
2970 }
2971
13928971
JH		 2972 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
2973
890ea898 2974 hci_req_init(&req, hdev);
3f985050
JH		 2975
2976 if (lmp_bredr_capable(hdev)) {
2977 update_name(&req);
2978 update_eir(&req);
2979 }
2980
7a5f4990
MH		 2981 /* The name is stored in the scan response data and so
2982 * no need to udpate the advertising data here.
2983 */
3f985050 2984 if (lmp_le_capable(hdev))
7a5f4990 2985 update_scan_rsp_data(&req);
3f985050 2986
13928971 2987 err = hci_req_run(&req, set_name_complete);
b312b161
JH		 2988 if (err < 0)
2989 mgmt_pending_remove(cmd);
2990
2991failed:
09fd0de5 2992 hci_dev_unlock(hdev);
b312b161
JH		 2993 return err;
2994}
2995
0f4e68cf 2996static int read_local_oob_data(struct sock *sk, struct hci_dev *hdev,
04124681 2997 void *data, u16 data_len)
c35938b2 2998{
c35938b2
SJ		 2999 struct pending_cmd *cmd;
3000 int err;
3001
bdb6d971 3002 BT_DBG("%s", hdev->name);
c35938b2 3003
09fd0de5 3004 hci_dev_lock(hdev);
c35938b2 3005
4b34ee78 3006 if (!hdev_is_powered(hdev)) {
bdb6d971 3007 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
04124681 3008 MGMT_STATUS_NOT_POWERED);
c35938b2
SJ		 3009 goto unlock;
3010 }
3011
9a1a1996 3012 if (!lmp_ssp_capable(hdev)) {
bdb6d971 3013 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
04124681 3014 MGMT_STATUS_NOT_SUPPORTED);
c35938b2
SJ		 3015 goto unlock;
3016 }
3017
2e58ef3e 3018 if (mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev)) {
bdb6d971 3019 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
04124681 3020 MGMT_STATUS_BUSY);
c35938b2
SJ		 3021 goto unlock;
3022 }
3023
2e58ef3e 3024 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_DATA, hdev, NULL, 0);
c35938b2
SJ		 3025 if (!cmd) {
3026 err = -ENOMEM;
3027 goto unlock;
3028 }
3029
3030 err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL);
3031 if (err < 0)
3032 mgmt_pending_remove(cmd);
3033
3034unlock:
09fd0de5 3035 hci_dev_unlock(hdev);
c35938b2
SJ		 3036 return err;
3037}
3038
bdb6d971 3039static int add_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
04124681 3040 void *data, u16 len)
2763eda6 3041{
650f726d 3042 struct mgmt_cp_add_remote_oob_data *cp = data;
bf1e3541 3043 u8 status;
2763eda6
SJ		 3044 int err;
3045
bdb6d971 3046 BT_DBG("%s ", hdev->name);
2763eda6 3047
09fd0de5 3048 hci_dev_lock(hdev);
2763eda6 3049
664ce4cc 3050 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr, cp->hash,
04124681 3051 cp->randomizer);
2763eda6 3052 if (err < 0)
bf1e3541 3053 status = MGMT_STATUS_FAILED;
2763eda6 3054 else
a6785be2 3055 status = MGMT_STATUS_SUCCESS;
bf1e3541 3056
bdb6d971 3057 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA, status,
04124681 3058 &cp->addr, sizeof(cp->addr));
2763eda6 3059
09fd0de5 3060 hci_dev_unlock(hdev);
2763eda6
SJ		 3061 return err;
3062}
3063
bdb6d971 3064static int remove_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
8ce8e2b5 3065 void *data, u16 len)
2763eda6 3066{
650f726d 3067 struct mgmt_cp_remove_remote_oob_data *cp = data;
bf1e3541 3068 u8 status;
2763eda6
SJ		 3069 int err;
3070
bdb6d971 3071 BT_DBG("%s", hdev->name);
2763eda6 3072
09fd0de5 3073 hci_dev_lock(hdev);
2763eda6 3074
664ce4cc 3075 err = hci_remove_remote_oob_data(hdev, &cp->addr.bdaddr);
2763eda6 3076 if (err < 0)
bf1e3541 3077 status = MGMT_STATUS_INVALID_PARAMS;
2763eda6 3078 else
a6785be2 3079 status = MGMT_STATUS_SUCCESS;
bf1e3541 3080
bdb6d971 3081 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
04124681 3082 status, &cp->addr, sizeof(cp->addr));
2763eda6 3083
09fd0de5 3084 hci_dev_unlock(hdev);
2763eda6
SJ		 3085 return err;
3086}
3087
41dc2bd6
AG		 3088static int mgmt_start_discovery_failed(struct hci_dev *hdev, u8 status)
3089{
3090 struct pending_cmd *cmd;
3091 u8 type;
3092 int err;
3093
3094 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
3095
3096 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
3097 if (!cmd)
3098 return -ENOENT;
3099
3100 type = hdev->discovery.type;
3101
3102 err = cmd_complete(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status),
3103 &type, sizeof(type));
3104 mgmt_pending_remove(cmd);
3105
3106 return err;
3107}
3108
7c307720
AG		 3109static void start_discovery_complete(struct hci_dev *hdev, u8 status)
3110{
3111 BT_DBG("status %d", status);
3112
3113 if (status) {
3114 hci_dev_lock(hdev);
3115 mgmt_start_discovery_failed(hdev, status);
3116 hci_dev_unlock(hdev);
3117 return;
3118 }
3119
3120 hci_dev_lock(hdev);
3121 hci_discovery_set_state(hdev, DISCOVERY_FINDING);
3122 hci_dev_unlock(hdev);
3123
3124 switch (hdev->discovery.type) {
3125 case DISCOV_TYPE_LE:
3126 queue_delayed_work(hdev->workqueue, &hdev->le_scan_disable,
0d8cc935 3127 DISCOV_LE_TIMEOUT);
7c307720
AG		 3128 break;
3129
3130 case DISCOV_TYPE_INTERLEAVED:
3131 queue_delayed_work(hdev->workqueue, &hdev->le_scan_disable,
0d8cc935 3132 DISCOV_INTERLEAVED_TIMEOUT);
7c307720
AG		 3133 break;
3134
3135 case DISCOV_TYPE_BREDR:
3136 break;
3137
3138 default:
3139 BT_ERR("Invalid discovery type %d", hdev->discovery.type);
3140 }
3141}
3142
bdb6d971 3143static int start_discovery(struct sock *sk, struct hci_dev *hdev,
04124681 3144 void *data, u16 len)
14a53664 3145{
650f726d 3146 struct mgmt_cp_start_discovery *cp = data;
14a53664 3147 struct pending_cmd *cmd;
7c307720
AG		 3148 struct hci_cp_le_set_scan_param param_cp;
3149 struct hci_cp_le_set_scan_enable enable_cp;
3150 struct hci_cp_inquiry inq_cp;
3151 struct hci_request req;
3152 /* General inquiry access code (GIAC) */
3153 u8 lap[3] = { 0x33, 0x8b, 0x9e };
e6fe7986 3154 u8 status;
14a53664
JH		 3155 int err;
3156
bdb6d971 3157 BT_DBG("%s", hdev->name);
14a53664 3158
09fd0de5 3159 hci_dev_lock(hdev);
14a53664 3160
4b34ee78 3161 if (!hdev_is_powered(hdev)) {
bdb6d971 3162 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
04124681 3163 MGMT_STATUS_NOT_POWERED);
bd2d1334
JH		 3164 goto failed;
3165 }
3166
642be6c7
AG		 3167 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags)) {
3168 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3169 MGMT_STATUS_BUSY);
3170 goto failed;
3171 }
3172
ff9ef578 3173 if (hdev->discovery.state != DISCOVERY_STOPPED) {
bdb6d971 3174 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
04124681 3175 MGMT_STATUS_BUSY);
ff9ef578
JH		 3176 goto failed;
3177 }
3178
2e58ef3e 3179 cmd = mgmt_pending_add(sk, MGMT_OP_START_DISCOVERY, hdev, NULL, 0);
14a53664
JH		 3180 if (!cmd) {
3181 err = -ENOMEM;
3182 goto failed;
3183 }
3184
4aab14e5
AG		 3185 hdev->discovery.type = cp->type;
3186
7c307720
AG		 3187 hci_req_init(&req, hdev);
3188
4aab14e5 3189 switch (hdev->discovery.type) {
f39799f5 3190 case DISCOV_TYPE_BREDR:
e6fe7986
JH		 3191 status = mgmt_bredr_support(hdev);
3192 if (status) {
04106755 3193 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
e6fe7986 3194 status);
04106755
JH		 3195 mgmt_pending_remove(cmd);
3196 goto failed;
3197 }
3198
7c307720
AG		 3199 if (test_bit(HCI_INQUIRY, &hdev->flags)) {
3200 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3201 MGMT_STATUS_BUSY);
3202 mgmt_pending_remove(cmd);
3203 goto failed;
3204 }
3205
3206 hci_inquiry_cache_flush(hdev);
3207
3208 memset(&inq_cp, 0, sizeof(inq_cp));
3209 memcpy(&inq_cp.lap, lap, sizeof(inq_cp.lap));
0d8cc935 3210 inq_cp.length = DISCOV_BREDR_INQUIRY_LEN;
7c307720 3211 hci_req_add(&req, HCI_OP_INQUIRY, sizeof(inq_cp), &inq_cp);
f39799f5
AG		 3212 break;
3213
3214 case DISCOV_TYPE_LE:
7c307720 3215 case DISCOV_TYPE_INTERLEAVED:
e6fe7986
JH		 3216 status = mgmt_le_support(hdev);
3217 if (status) {
04106755 3218 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
e6fe7986 3219 status);
04106755
JH		 3220 mgmt_pending_remove(cmd);
3221 goto failed;
3222 }
3223
7c307720 3224 if (hdev->discovery.type == DISCOV_TYPE_INTERLEAVED &&
56f87901 3225 !test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
04106755
JH		 3226 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3227 MGMT_STATUS_NOT_SUPPORTED);
3228 mgmt_pending_remove(cmd);
3229 goto failed;
3230 }
3231
f3d3444a 3232 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags)) {
7c307720
AG		 3233 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3234 MGMT_STATUS_REJECTED);
3235 mgmt_pending_remove(cmd);
3236 goto failed;
3237 }
3238
3239 if (test_bit(HCI_LE_SCAN, &hdev->dev_flags)) {
3240 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3241 MGMT_STATUS_BUSY);
3242 mgmt_pending_remove(cmd);
3243 goto failed;
3244 }
3245
3246 memset(&param_cp, 0, sizeof(param_cp));
3247 param_cp.type = LE_SCAN_ACTIVE;
0d8cc935
AG		 3248 param_cp.interval = cpu_to_le16(DISCOV_LE_SCAN_INT);
3249 param_cp.window = cpu_to_le16(DISCOV_LE_SCAN_WIN);
79830f66 3250 param_cp.own_address_type = hdev->own_addr_type;
7c307720
AG		 3251 hci_req_add(&req, HCI_OP_LE_SET_SCAN_PARAM, sizeof(param_cp),
3252 &param_cp);
3253
3254 memset(&enable_cp, 0, sizeof(enable_cp));
3255 enable_cp.enable = LE_SCAN_ENABLE;
3256 enable_cp.filter_dup = LE_SCAN_FILTER_DUP_ENABLE;
3257 hci_req_add(&req, HCI_OP_LE_SET_SCAN_ENABLE, sizeof(enable_cp),
3258 &enable_cp);
5e0452c0
AG		 3259 break;
3260
f39799f5 3261 default:
04106755
JH		 3262 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3263 MGMT_STATUS_INVALID_PARAMS);
3264 mgmt_pending_remove(cmd);
3265 goto failed;
f39799f5 3266 }
3fd24153 3267
7c307720 3268 err = hci_req_run(&req, start_discovery_complete);
14a53664
JH		 3269 if (err < 0)
3270 mgmt_pending_remove(cmd);
ff9ef578
JH		 3271 else
3272 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
14a53664
JH		 3273
3274failed:
09fd0de5 3275 hci_dev_unlock(hdev);
14a53664
JH		 3276 return err;
3277}
3278
1183fdca
AG		 3279static int mgmt_stop_discovery_failed(struct hci_dev *hdev, u8 status)
3280{
3281 struct pending_cmd *cmd;
3282 int err;
3283
3284 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
3285 if (!cmd)
3286 return -ENOENT;
3287
3288 err = cmd_complete(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status),
3289 &hdev->discovery.type, sizeof(hdev->discovery.type));
3290 mgmt_pending_remove(cmd);
3291
3292 return err;
3293}
3294
0e05bba6
AG		 3295static void stop_discovery_complete(struct hci_dev *hdev, u8 status)
3296{
3297 BT_DBG("status %d", status);
3298
3299 hci_dev_lock(hdev);
3300
3301 if (status) {
3302 mgmt_stop_discovery_failed(hdev, status);
3303 goto unlock;
3304 }
3305
3306 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
3307
3308unlock:
3309 hci_dev_unlock(hdev);
3310}
3311
bdb6d971 3312static int stop_discovery(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3313 u16 len)
14a53664 3314{
d930650b 3315 struct mgmt_cp_stop_discovery *mgmt_cp = data;
14a53664 3316 struct pending_cmd *cmd;
30dc78e1
JH		 3317 struct hci_cp_remote_name_req_cancel cp;
3318 struct inquiry_entry *e;
0e05bba6
AG		 3319 struct hci_request req;
3320 struct hci_cp_le_set_scan_enable enable_cp;
14a53664
JH		 3321 int err;
3322
bdb6d971 3323 BT_DBG("%s", hdev->name);
14a53664 3324
09fd0de5 3325 hci_dev_lock(hdev);
14a53664 3326
30dc78e1 3327 if (!hci_discovery_active(hdev)) {
bdb6d971 3328 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
04124681
GP		 3329 MGMT_STATUS_REJECTED, &mgmt_cp->type,
3330 sizeof(mgmt_cp->type));
d930650b
JH		 3331 goto unlock;
3332 }
3333
3334 if (hdev->discovery.type != mgmt_cp->type) {
bdb6d971 3335 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
04124681
GP		 3336 MGMT_STATUS_INVALID_PARAMS, &mgmt_cp->type,
3337 sizeof(mgmt_cp->type));
30dc78e1 3338 goto unlock;
ff9ef578
JH		 3339 }
3340
2e58ef3e 3341 cmd = mgmt_pending_add(sk, MGMT_OP_STOP_DISCOVERY, hdev, NULL, 0);
14a53664
JH		 3342 if (!cmd) {
3343 err = -ENOMEM;
30dc78e1
JH		 3344 goto unlock;
3345 }
3346
0e05bba6
AG		 3347 hci_req_init(&req, hdev);
3348
e0d9727e
AG		 3349 switch (hdev->discovery.state) {
3350 case DISCOVERY_FINDING:
0e05bba6
AG		 3351 if (test_bit(HCI_INQUIRY, &hdev->flags)) {
3352 hci_req_add(&req, HCI_OP_INQUIRY_CANCEL, 0, NULL);
3353 } else {
3354 cancel_delayed_work(&hdev->le_scan_disable);
3355
3356 memset(&enable_cp, 0, sizeof(enable_cp));
3357 enable_cp.enable = LE_SCAN_DISABLE;
3358 hci_req_add(&req, HCI_OP_LE_SET_SCAN_ENABLE,
3359 sizeof(enable_cp), &enable_cp);
3360 }
c9ecc48e 3361
e0d9727e
AG		 3362 break;
3363
3364 case DISCOVERY_RESOLVING:
3365 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY,
8ce8e2b5 3366 NAME_PENDING);
e0d9727e 3367 if (!e) {
30dc78e1 3368 mgmt_pending_remove(cmd);
e0d9727e
AG		 3369 err = cmd_complete(sk, hdev->id,
3370 MGMT_OP_STOP_DISCOVERY, 0,
3371 &mgmt_cp->type,
3372 sizeof(mgmt_cp->type));
3373 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
3374 goto unlock;
3375 }
30dc78e1 3376
e0d9727e 3377 bacpy(&cp.bdaddr, &e->data.bdaddr);
0e05bba6
AG		 3378 hci_req_add(&req, HCI_OP_REMOTE_NAME_REQ_CANCEL, sizeof(cp),
3379 &cp);
e0d9727e
AG		 3380
3381 break;
3382
3383 default:
3384 BT_DBG("unknown discovery state %u", hdev->discovery.state);
0e05bba6
AG		 3385
3386 mgmt_pending_remove(cmd);
3387 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
3388 MGMT_STATUS_FAILED, &mgmt_cp->type,
3389 sizeof(mgmt_cp->type));
3390 goto unlock;
14a53664
JH		 3391 }
3392
0e05bba6 3393 err = hci_req_run(&req, stop_discovery_complete);
14a53664
JH		 3394 if (err < 0)
3395 mgmt_pending_remove(cmd);
ff9ef578
JH		 3396 else
3397 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
14a53664 3398
30dc78e1 3399unlock:
09fd0de5 3400 hci_dev_unlock(hdev);
14a53664
JH		 3401 return err;
3402}
3403
bdb6d971 3404static int confirm_name(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3405 u16 len)
561aafbc 3406{
650f726d 3407 struct mgmt_cp_confirm_name *cp = data;
561aafbc 3408 struct inquiry_entry *e;
561aafbc
JH		 3409 int err;
3410
bdb6d971 3411 BT_DBG("%s", hdev->name);
561aafbc 3412
561aafbc
JH		 3413 hci_dev_lock(hdev);
3414
30dc78e1 3415 if (!hci_discovery_active(hdev)) {
bdb6d971 3416 err = cmd_status(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
04124681 3417 MGMT_STATUS_FAILED);
30dc78e1
JH		 3418 goto failed;
3419 }
3420
a198e7b1 3421 e = hci_inquiry_cache_lookup_unknown(hdev, &cp->addr.bdaddr);
561aafbc 3422 if (!e) {
bdb6d971 3423 err = cmd_status(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
04124681 3424 MGMT_STATUS_INVALID_PARAMS);
561aafbc
JH		 3425 goto failed;
3426 }
3427
3428 if (cp->name_known) {
3429 e->name_state = NAME_KNOWN;
3430 list_del(&e->list);
3431 } else {
3432 e->name_state = NAME_NEEDED;
a3d4e20a 3433 hci_inquiry_cache_update_resolve(hdev, e);
561aafbc
JH		 3434 }
3435
e384662b
JH		 3436 err = cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME, 0, &cp->addr,
3437 sizeof(cp->addr));
561aafbc
JH		 3438
3439failed:
3440 hci_dev_unlock(hdev);
561aafbc
JH		 3441 return err;
3442}
3443
bdb6d971 3444static int block_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3445 u16 len)
7fbec224 3446{
650f726d 3447 struct mgmt_cp_block_device *cp = data;
f0eeea8b 3448 u8 status;
7fbec224
AJ		 3449 int err;
3450
bdb6d971 3451 BT_DBG("%s", hdev->name);
7fbec224 3452
4ee71b20 3453 if (!bdaddr_type_is_valid(cp->addr.type))
5d0846d4
JH		 3454 return cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE,
3455 MGMT_STATUS_INVALID_PARAMS,
3456 &cp->addr, sizeof(cp->addr));
4ee71b20 3457
09fd0de5 3458 hci_dev_lock(hdev);
5e762444 3459
88c1fe4b 3460 err = hci_blacklist_add(hdev, &cp->addr.bdaddr, cp->addr.type);
7fbec224 3461 if (err < 0)
f0eeea8b 3462 status = MGMT_STATUS_FAILED;
7fbec224 3463 else
a6785be2 3464 status = MGMT_STATUS_SUCCESS;
f0eeea8b 3465
bdb6d971 3466 err = cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE, status,
04124681 3467 &cp->addr, sizeof(cp->addr));
5e762444 3468
09fd0de5 3469 hci_dev_unlock(hdev);
7fbec224
AJ		 3470
3471 return err;
3472}
3473
bdb6d971 3474static int unblock_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3475 u16 len)
7fbec224 3476{
650f726d 3477 struct mgmt_cp_unblock_device *cp = data;
f0eeea8b 3478 u8 status;
7fbec224
AJ		 3479 int err;
3480
bdb6d971 3481 BT_DBG("%s", hdev->name);
7fbec224 3482
4ee71b20 3483 if (!bdaddr_type_is_valid(cp->addr.type))
5d0846d4
JH		 3484 return cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE,
3485 MGMT_STATUS_INVALID_PARAMS,
3486 &cp->addr, sizeof(cp->addr));
4ee71b20 3487
09fd0de5 3488 hci_dev_lock(hdev);
5e762444 3489
88c1fe4b 3490 err = hci_blacklist_del(hdev, &cp->addr.bdaddr, cp->addr.type);
7fbec224 3491 if (err < 0)
f0eeea8b 3492 status = MGMT_STATUS_INVALID_PARAMS;
7fbec224 3493 else
a6785be2 3494 status = MGMT_STATUS_SUCCESS;
f0eeea8b 3495
bdb6d971 3496 err = cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE, status,
04124681 3497 &cp->addr, sizeof(cp->addr));
5e762444 3498
09fd0de5 3499 hci_dev_unlock(hdev);
7fbec224
AJ		 3500
3501 return err;
3502}
3503
cdbaccca
MH		 3504static int set_device_id(struct sock *sk, struct hci_dev *hdev, void *data,
3505 u16 len)
3506{
3507 struct mgmt_cp_set_device_id *cp = data;
890ea898 3508 struct hci_request req;
cdbaccca 3509 int err;
c72d4b8a 3510 __u16 source;
cdbaccca
MH		 3511
3512 BT_DBG("%s", hdev->name);
3513
c72d4b8a
SJ		 3514 source = __le16_to_cpu(cp->source);
3515
3516 if (source > 0x0002)
3517 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEVICE_ID,
3518 MGMT_STATUS_INVALID_PARAMS);
3519
cdbaccca
MH		 3520 hci_dev_lock(hdev);
3521
c72d4b8a 3522 hdev->devid_source = source;
cdbaccca
MH		 3523 hdev->devid_vendor = __le16_to_cpu(cp->vendor);
3524 hdev->devid_product = __le16_to_cpu(cp->product);
3525 hdev->devid_version = __le16_to_cpu(cp->version);
3526
3527 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEVICE_ID, 0, NULL, 0);
3528
890ea898
JH		 3529 hci_req_init(&req, hdev);
3530 update_eir(&req);
3531 hci_req_run(&req, NULL);
cdbaccca
MH		 3532
3533 hci_dev_unlock(hdev);
3534
3535 return err;
3536}
3537
4375f103
JH		 3538static void set_advertising_complete(struct hci_dev *hdev, u8 status)
3539{
3540 struct cmd_lookup match = { NULL, hdev };
3541
3542 if (status) {
3543 u8 mgmt_err = mgmt_status(status);
3544
3545 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev,
3546 cmd_status_rsp, &mgmt_err);
3547 return;
3548 }
3549
3550 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev, settings_rsp,
3551 &match);
3552
3553 new_settings(hdev, match.sk);
3554
3555 if (match.sk)
3556 sock_put(match.sk);
3557}
3558
21b5187f
MH		 3559static int set_advertising(struct sock *sk, struct hci_dev *hdev, void *data,
3560 u16 len)
4375f103
JH		 3561{
3562 struct mgmt_mode *cp = data;
3563 struct pending_cmd *cmd;
3564 struct hci_request req;
e6fe7986 3565 u8 val, enabled, status;
4375f103
JH		 3566 int err;
3567
3568 BT_DBG("request for %s", hdev->name);
3569
e6fe7986
JH		 3570 status = mgmt_le_support(hdev);
3571 if (status)
4375f103 3572 return cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
e6fe7986 3573 status);
4375f103
JH		 3574
3575 if (cp->val != 0x00 && cp->val != 0x01)
3576 return cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
3577 MGMT_STATUS_INVALID_PARAMS);
3578
3579 hci_dev_lock(hdev);
3580
3581 val = !!cp->val;
f3d3444a 3582 enabled = test_bit(HCI_ADVERTISING, &hdev->dev_flags);
4375f103 3583
f74ca9b8
JH		 3584 /* The following conditions are ones which mean that we should
3585 * not do any HCI communication but directly send a mgmt
3586 * response to user space (after toggling the flag if
3587 * necessary).
3588 */
3589 if (!hdev_is_powered(hdev) || val == enabled ||
b145edcd 3590 hci_conn_num(hdev, LE_LINK) > 0) {
4375f103
JH		 3591 bool changed = false;
3592
f3d3444a
JH		 3593 if (val != test_bit(HCI_ADVERTISING, &hdev->dev_flags)) {
3594 change_bit(HCI_ADVERTISING, &hdev->dev_flags);
4375f103
JH		 3595 changed = true;
3596 }
3597
3598 err = send_settings_rsp(sk, MGMT_OP_SET_ADVERTISING, hdev);
3599 if (err < 0)
3600 goto unlock;
3601
3602 if (changed)
3603 err = new_settings(hdev, sk);
3604
3605 goto unlock;
3606 }
3607
3608 if (mgmt_pending_find(MGMT_OP_SET_ADVERTISING, hdev) ||
3609 mgmt_pending_find(MGMT_OP_SET_LE, hdev)) {
3610 err = cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
3611 MGMT_STATUS_BUSY);
3612 goto unlock;
3613 }
3614
3615 cmd = mgmt_pending_add(sk, MGMT_OP_SET_ADVERTISING, hdev, data, len);
3616 if (!cmd) {
3617 err = -ENOMEM;
3618 goto unlock;
3619 }
3620
3621 hci_req_init(&req, hdev);
3622
bba3aa55
MH		 3623 if (val)
3624 enable_advertising(&req);
3625 else
3626 disable_advertising(&req);
4375f103
JH		 3627
3628 err = hci_req_run(&req, set_advertising_complete);
3629 if (err < 0)
3630 mgmt_pending_remove(cmd);
3631
3632unlock:
3633 hci_dev_unlock(hdev);
3634 return err;
3635}
3636
d13eafce
MH		 3637static int set_static_address(struct sock *sk, struct hci_dev *hdev,
3638 void *data, u16 len)
3639{
3640 struct mgmt_cp_set_static_address *cp = data;
3641 int err;
3642
3643 BT_DBG("%s", hdev->name);
3644
62af4443 3645 if (!lmp_le_capable(hdev))
d13eafce 3646 return cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
62af4443 3647 MGMT_STATUS_NOT_SUPPORTED);
d13eafce
MH		 3648
3649 if (hdev_is_powered(hdev))
3650 return cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
3651 MGMT_STATUS_REJECTED);
3652
3653 if (bacmp(&cp->bdaddr, BDADDR_ANY)) {
3654 if (!bacmp(&cp->bdaddr, BDADDR_NONE))
3655 return cmd_status(sk, hdev->id,
3656 MGMT_OP_SET_STATIC_ADDRESS,
3657 MGMT_STATUS_INVALID_PARAMS);
3658
3659 /* Two most significant bits shall be set */
3660 if ((cp->bdaddr.b[5] & 0xc0) != 0xc0)
3661 return cmd_status(sk, hdev->id,
3662 MGMT_OP_SET_STATIC_ADDRESS,
3663 MGMT_STATUS_INVALID_PARAMS);
3664 }
3665
3666 hci_dev_lock(hdev);
3667
3668 bacpy(&hdev->static_addr, &cp->bdaddr);
3669
3670 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS, 0, NULL, 0);
3671
3672 hci_dev_unlock(hdev);
3673
3674 return err;
3675}
3676
14b49b9a
MH		 3677static int set_scan_params(struct sock *sk, struct hci_dev *hdev,
3678 void *data, u16 len)
3679{
3680 struct mgmt_cp_set_scan_params *cp = data;
3681 __u16 interval, window;
3682 int err;
3683
3684 BT_DBG("%s", hdev->name);
3685
3686 if (!lmp_le_capable(hdev))
3687 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
3688 MGMT_STATUS_NOT_SUPPORTED);
3689
3690 interval = __le16_to_cpu(cp->interval);
3691
3692 if (interval < 0x0004 || interval > 0x4000)
3693 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
3694 MGMT_STATUS_INVALID_PARAMS);
3695
3696 window = __le16_to_cpu(cp->window);
3697
3698 if (window < 0x0004 || window > 0x4000)
3699 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
3700 MGMT_STATUS_INVALID_PARAMS);
3701
899e1075
MH		 3702 if (window > interval)
3703 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
3704 MGMT_STATUS_INVALID_PARAMS);
3705
14b49b9a
MH		 3706 hci_dev_lock(hdev);
3707
3708 hdev->le_scan_interval = interval;
3709 hdev->le_scan_window = window;
3710
3711 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS, 0, NULL, 0);
3712
3713 hci_dev_unlock(hdev);
3714
3715 return err;
3716}
3717
33e38b3e
JH		 3718static void fast_connectable_complete(struct hci_dev *hdev, u8 status)
3719{
3720 struct pending_cmd *cmd;
3721
3722 BT_DBG("status 0x%02x", status);
3723
3724 hci_dev_lock(hdev);
3725
3726 cmd = mgmt_pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev);
3727 if (!cmd)
3728 goto unlock;
3729
3730 if (status) {
3731 cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
3732 mgmt_status(status));
3733 } else {
1a4d3c4b
JH		 3734 struct mgmt_mode *cp = cmd->param;
3735
3736 if (cp->val)
3737 set_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
3738 else
3739 clear_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
3740
33e38b3e
JH		 3741 send_settings_rsp(cmd->sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev);
3742 new_settings(hdev, cmd->sk);
3743 }
3744
3745 mgmt_pending_remove(cmd);
3746
3747unlock:
3748 hci_dev_unlock(hdev);
3749}
3750
bdb6d971 3751static int set_fast_connectable(struct sock *sk, struct hci_dev *hdev,
04124681 3752 void *data, u16 len)
f6422ec6 3753{
650f726d 3754 struct mgmt_mode *cp = data;
33e38b3e
JH		 3755 struct pending_cmd *cmd;
3756 struct hci_request req;
f6422ec6
AJ		 3757 int err;
3758
bdb6d971 3759 BT_DBG("%s", hdev->name);
f6422ec6 3760
56f87901
JH		 3761 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags) ||
3762 hdev->hci_ver < BLUETOOTH_VER_1_2)
33c525c0
JH		 3763 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
3764 MGMT_STATUS_NOT_SUPPORTED);
3765
a7e80f25
JH		 3766 if (cp->val != 0x00 && cp->val != 0x01)
3767 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
3768 MGMT_STATUS_INVALID_PARAMS);
3769
5400c044 3770 if (!hdev_is_powered(hdev))
bdb6d971 3771 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
04124681 3772 MGMT_STATUS_NOT_POWERED);
5400c044
JH		 3773
3774 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
bdb6d971 3775 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
04124681 3776 MGMT_STATUS_REJECTED);
f6422ec6
AJ		 3777
3778 hci_dev_lock(hdev);
3779
05cbf29f
JH		 3780 if (mgmt_pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev)) {
3781 err = cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
3782 MGMT_STATUS_BUSY);
3783 goto unlock;
3784 }
3785
1a4d3c4b
JH		 3786 if (!!cp->val == test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags)) {
3787 err = send_settings_rsp(sk, MGMT_OP_SET_FAST_CONNECTABLE,
3788 hdev);
3789 goto unlock;
3790 }
3791
33e38b3e
JH		 3792 cmd = mgmt_pending_add(sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev,
3793 data, len);
3794 if (!cmd) {
3795 err = -ENOMEM;
3796 goto unlock;
f6422ec6
AJ		 3797 }
3798
33e38b3e
JH		 3799 hci_req_init(&req, hdev);
3800
406d7804 3801 write_fast_connectable(&req, cp->val);
33e38b3e
JH		 3802
3803 err = hci_req_run(&req, fast_connectable_complete);
f6422ec6 3804 if (err < 0) {
bdb6d971 3805 err = cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
04124681 3806 MGMT_STATUS_FAILED);
33e38b3e 3807 mgmt_pending_remove(cmd);
f6422ec6
AJ		 3808 }
3809
33e38b3e 3810unlock:
f6422ec6 3811 hci_dev_unlock(hdev);
33e38b3e 3812
f6422ec6
AJ		 3813 return err;
3814}
3815
67e5a7a3
JH		 3816static void set_bredr_scan(struct hci_request *req)
3817{
3818 struct hci_dev *hdev = req->hdev;
3819 u8 scan = 0;
3820
3821 /* Ensure that fast connectable is disabled. This function will
3822 * not do anything if the page scan parameters are already what
3823 * they should be.
3824 */
3825 write_fast_connectable(req, false);
3826
3827 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
3828 scan |= SCAN_PAGE;
3829 if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
3830 scan |= SCAN_INQUIRY;
3831
3832 if (scan)
3833 hci_req_add(req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
3834}
3835
0663ca2a
JH		 3836static void set_bredr_complete(struct hci_dev *hdev, u8 status)
3837{
3838 struct pending_cmd *cmd;
3839
3840 BT_DBG("status 0x%02x", status);
3841
3842 hci_dev_lock(hdev);
3843
3844 cmd = mgmt_pending_find(MGMT_OP_SET_BREDR, hdev);
3845 if (!cmd)
3846 goto unlock;
3847
3848 if (status) {
3849 u8 mgmt_err = mgmt_status(status);
3850
3851 /* We need to restore the flag if related HCI commands
3852 * failed.
3853 */
3854 clear_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
3855
3856 cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
3857 } else {
3858 send_settings_rsp(cmd->sk, MGMT_OP_SET_BREDR, hdev);
3859 new_settings(hdev, cmd->sk);
3860 }
3861
3862 mgmt_pending_remove(cmd);
3863
3864unlock:
3865 hci_dev_unlock(hdev);
3866}
3867
3868static int set_bredr(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
3869{
3870 struct mgmt_mode *cp = data;
3871 struct pending_cmd *cmd;
3872 struct hci_request req;
3873 int err;
3874
3875 BT_DBG("request for %s", hdev->name);
3876
3877 if (!lmp_bredr_capable(hdev) || !lmp_le_capable(hdev))
3878 return cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
3879 MGMT_STATUS_NOT_SUPPORTED);
3880
3881 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
3882 return cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
3883 MGMT_STATUS_REJECTED);
3884
3885 if (cp->val != 0x00 && cp->val != 0x01)
3886 return cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
3887 MGMT_STATUS_INVALID_PARAMS);
3888
3889 hci_dev_lock(hdev);
3890
3891 if (cp->val == test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
3892 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
3893 goto unlock;
3894 }
3895
3896 if (!hdev_is_powered(hdev)) {
3897 if (!cp->val) {
0663ca2a
JH		 3898 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
3899 clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
3900 clear_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
3901 clear_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
3902 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
3903 }
3904
3905 change_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
3906
3907 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
3908 if (err < 0)
3909 goto unlock;
3910
3911 err = new_settings(hdev, sk);
3912 goto unlock;
3913 }
3914
3915 /* Reject disabling when powered on */
3916 if (!cp->val) {
3917 err = cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
3918 MGMT_STATUS_REJECTED);
3919 goto unlock;
3920 }
3921
3922 if (mgmt_pending_find(MGMT_OP_SET_BREDR, hdev)) {
3923 err = cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
3924 MGMT_STATUS_BUSY);
3925 goto unlock;
3926 }
3927
3928 cmd = mgmt_pending_add(sk, MGMT_OP_SET_BREDR, hdev, data, len);
3929 if (!cmd) {
3930 err = -ENOMEM;
3931 goto unlock;
3932 }
3933
5947f4bc 3934 /* We need to flip the bit already here so that update_adv_data
0663ca2a
JH		 3935 * generates the correct flags.
3936 */
3937 set_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
3938
3939 hci_req_init(&req, hdev);
aa8af46e
JH		 3940
3941 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
3942 set_bredr_scan(&req);
3943
f14d8f64
MH		 3944 /* Since only the advertising data flags will change, there
3945 * is no need to update the scan response data.
3946 */
5947f4bc 3947 update_adv_data(&req);
aa8af46e 3948
0663ca2a
JH		 3949 err = hci_req_run(&req, set_bredr_complete);
3950 if (err < 0)
3951 mgmt_pending_remove(cmd);
3952
3953unlock:
3954 hci_dev_unlock(hdev);
3955 return err;
3956}
3957
3f706b72
JH		 3958static bool ltk_is_valid(struct mgmt_ltk_info *key)
3959{
44b20d33
JH		 3960 if (key->authenticated != 0x00 && key->authenticated != 0x01)
3961 return false;
3f706b72
JH		 3962 if (key->master != 0x00 && key->master != 0x01)
3963 return false;
4ee71b20
JH		 3964 if (!bdaddr_type_is_le(key->addr.type))
3965 return false;
3f706b72
JH		 3966 return true;
3967}
3968
bdb6d971 3969static int load_long_term_keys(struct sock *sk, struct hci_dev *hdev,
04124681 3970 void *cp_data, u16 len)
346af67b 3971{
346af67b
VCG		 3972 struct mgmt_cp_load_long_term_keys *cp = cp_data;
3973 u16 key_count, expected_len;
715a5bf2 3974 int i, err;
346af67b 3975
cf99ba13
MH		 3976 BT_DBG("request for %s", hdev->name);
3977
3978 if (!lmp_le_capable(hdev))
3979 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
3980 MGMT_STATUS_NOT_SUPPORTED);
3981
1f350c87 3982 key_count = __le16_to_cpu(cp->key_count);
346af67b
VCG		 3983
3984 expected_len = sizeof(*cp) + key_count *
3985 sizeof(struct mgmt_ltk_info);
3986 if (expected_len != len) {
3987 BT_ERR("load_keys: expected %u bytes, got %u bytes",
8ce8e2b5 3988 len, expected_len);
bdb6d971 3989 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
e57e619f 3990 MGMT_STATUS_INVALID_PARAMS);
346af67b
VCG		 3991 }
3992
bdb6d971 3993 BT_DBG("%s key_count %u", hdev->name, key_count);
346af67b 3994
54ad6d8a
JH		 3995 for (i = 0; i < key_count; i++) {
3996 struct mgmt_ltk_info *key = &cp->keys[i];
3997
3f706b72 3998 if (!ltk_is_valid(key))
54ad6d8a
JH		 3999 return cmd_status(sk, hdev->id,
4000 MGMT_OP_LOAD_LONG_TERM_KEYS,
4001 MGMT_STATUS_INVALID_PARAMS);
4002 }
4003
346af67b
VCG		 4004 hci_dev_lock(hdev);
4005
4006 hci_smp_ltks_clear(hdev);
4007
4008 for (i = 0; i < key_count; i++) {
4009 struct mgmt_ltk_info *key = &cp->keys[i];
79d95a19
MH		 4010 u8 type, addr_type;
4011
4012 if (key->addr.type == BDADDR_LE_PUBLIC)
4013 addr_type = ADDR_LE_DEV_PUBLIC;
4014 else
4015 addr_type = ADDR_LE_DEV_RANDOM;
346af67b
VCG		 4016
4017 if (key->master)
4018 type = HCI_SMP_LTK;
4019 else
4020 type = HCI_SMP_LTK_SLAVE;
4021
79d95a19 4022 hci_add_ltk(hdev, &key->addr.bdaddr, addr_type,
04124681
GP		 4023 type, 0, key->authenticated, key->val,
4024 key->enc_size, key->ediv, key->rand);
346af67b
VCG		 4025 }
4026
715a5bf2
JH		 4027 err = cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS, 0,
4028 NULL, 0);
4029
346af67b 4030 hci_dev_unlock(hdev);
346af67b 4031
715a5bf2 4032 return err;
346af67b
VCG		 4033}
4034
2e3c35ea 4035static const struct mgmt_handler {
04124681
GP		 4036 int (*func) (struct sock *sk, struct hci_dev *hdev, void *data,
4037 u16 data_len);
be22b54e
JH		 4038 bool var_len;
4039 size_t data_len;
0f4e68cf
JH		 4040} mgmt_handlers[] = {
4041 { NULL }, /* 0x0000 (no command) */
be22b54e
JH		 4042 { read_version, false, MGMT_READ_VERSION_SIZE },
4043 { read_commands, false, MGMT_READ_COMMANDS_SIZE },
4044 { read_index_list, false, MGMT_READ_INDEX_LIST_SIZE },
4045 { read_controller_info, false, MGMT_READ_INFO_SIZE },
4046 { set_powered, false, MGMT_SETTING_SIZE },
4047 { set_discoverable, false, MGMT_SET_DISCOVERABLE_SIZE },
4048 { set_connectable, false, MGMT_SETTING_SIZE },
4049 { set_fast_connectable, false, MGMT_SETTING_SIZE },
4050 { set_pairable, false, MGMT_SETTING_SIZE },
4051 { set_link_security, false, MGMT_SETTING_SIZE },
4052 { set_ssp, false, MGMT_SETTING_SIZE },
4053 { set_hs, false, MGMT_SETTING_SIZE },
4054 { set_le, false, MGMT_SETTING_SIZE },
4055 { set_dev_class, false, MGMT_SET_DEV_CLASS_SIZE },
4056 { set_local_name, false, MGMT_SET_LOCAL_NAME_SIZE },
4057 { add_uuid, false, MGMT_ADD_UUID_SIZE },
4058 { remove_uuid, false, MGMT_REMOVE_UUID_SIZE },
4059 { load_link_keys, true, MGMT_LOAD_LINK_KEYS_SIZE },
4060 { load_long_term_keys, true, MGMT_LOAD_LONG_TERM_KEYS_SIZE },
4061 { disconnect, false, MGMT_DISCONNECT_SIZE },
4062 { get_connections, false, MGMT_GET_CONNECTIONS_SIZE },
4063 { pin_code_reply, false, MGMT_PIN_CODE_REPLY_SIZE },
4064 { pin_code_neg_reply, false, MGMT_PIN_CODE_NEG_REPLY_SIZE },
4065 { set_io_capability, false, MGMT_SET_IO_CAPABILITY_SIZE },
4066 { pair_device, false, MGMT_PAIR_DEVICE_SIZE },
4067 { cancel_pair_device, false, MGMT_CANCEL_PAIR_DEVICE_SIZE },
4068 { unpair_device, false, MGMT_UNPAIR_DEVICE_SIZE },
4069 { user_confirm_reply, false, MGMT_USER_CONFIRM_REPLY_SIZE },
4070 { user_confirm_neg_reply, false, MGMT_USER_CONFIRM_NEG_REPLY_SIZE },
4071 { user_passkey_reply, false, MGMT_USER_PASSKEY_REPLY_SIZE },
4072 { user_passkey_neg_reply, false, MGMT_USER_PASSKEY_NEG_REPLY_SIZE },
4073 { read_local_oob_data, false, MGMT_READ_LOCAL_OOB_DATA_SIZE },
4074 { add_remote_oob_data, false, MGMT_ADD_REMOTE_OOB_DATA_SIZE },
4075 { remove_remote_oob_data, false, MGMT_REMOVE_REMOTE_OOB_DATA_SIZE },
4076 { start_discovery, false, MGMT_START_DISCOVERY_SIZE },
4077 { stop_discovery, false, MGMT_STOP_DISCOVERY_SIZE },
4078 { confirm_name, false, MGMT_CONFIRM_NAME_SIZE },
4079 { block_device, false, MGMT_BLOCK_DEVICE_SIZE },
4080 { unblock_device, false, MGMT_UNBLOCK_DEVICE_SIZE },
cdbaccca 4081 { set_device_id, false, MGMT_SET_DEVICE_ID_SIZE },
4375f103 4082 { set_advertising, false, MGMT_SETTING_SIZE },
0663ca2a 4083 { set_bredr, false, MGMT_SETTING_SIZE },
d13eafce 4084 { set_static_address, false, MGMT_SET_STATIC_ADDRESS_SIZE },
14b49b9a 4085 { set_scan_params, false, MGMT_SET_SCAN_PARAMS_SIZE },
0f4e68cf
JH		 4086};
4087
4088
0381101f
JH		 4089int mgmt_control(struct sock *sk, struct msghdr *msg, size_t msglen)
4090{
650f726d
VCG		 4091 void *buf;
4092 u8 *cp;
0381101f 4093 struct mgmt_hdr *hdr;
4e51eae9 4094 u16 opcode, index, len;
bdb6d971 4095 struct hci_dev *hdev = NULL;
2e3c35ea 4096 const struct mgmt_handler *handler;
0381101f
JH		 4097 int err;
4098
4099 BT_DBG("got %zu bytes", msglen);
4100
4101 if (msglen < sizeof(*hdr))
4102 return -EINVAL;
4103
e63a15ec 4104 buf = kmalloc(msglen, GFP_KERNEL);
0381101f
JH		 4105 if (!buf)
4106 return -ENOMEM;
4107
4108 if (memcpy_fromiovec(buf, msg->msg_iov, msglen)) {
4109 err = -EFAULT;
4110 goto done;
4111 }
4112
650f726d 4113 hdr = buf;
1f350c87
MH		 4114 opcode = __le16_to_cpu(hdr->opcode);
4115 index = __le16_to_cpu(hdr->index);
4116 len = __le16_to_cpu(hdr->len);
0381101f
JH		 4117
4118 if (len != msglen - sizeof(*hdr)) {
4119 err = -EINVAL;
4120 goto done;
4121 }
4122
0f4e68cf 4123 if (index != MGMT_INDEX_NONE) {
bdb6d971
JH		 4124 hdev = hci_dev_get(index);
4125 if (!hdev) {
4126 err = cmd_status(sk, index, opcode,
04124681 4127 MGMT_STATUS_INVALID_INDEX);
bdb6d971
JH		 4128 goto done;
4129 }
0736cfa8 4130
cebf4cfd
JH		 4131 if (test_bit(HCI_SETUP, &hdev->dev_flags) ||
4132 test_bit(HCI_USER_CHANNEL, &hdev->dev_flags)) {
0736cfa8
MH		 4133 err = cmd_status(sk, index, opcode,
4134 MGMT_STATUS_INVALID_INDEX);
4135 goto done;
4136 }
bdb6d971
JH		 4137 }
4138
0f4e68cf 4139 if (opcode >= ARRAY_SIZE(mgmt_handlers) ||
8ce8e2b5 4140 mgmt_handlers[opcode].func == NULL) {
0381101f 4141 BT_DBG("Unknown op %u", opcode);
ca69b795 4142 err = cmd_status(sk, index, opcode,
04124681 4143 MGMT_STATUS_UNKNOWN_COMMAND);
0f4e68cf
JH		 4144 goto done;
4145 }
4146
4147 if ((hdev && opcode < MGMT_OP_READ_INFO) ||
8ce8e2b5 4148 (!hdev && opcode >= MGMT_OP_READ_INFO)) {
0f4e68cf 4149 err = cmd_status(sk, index, opcode,
04124681 4150 MGMT_STATUS_INVALID_INDEX);
0f4e68cf 4151 goto done;
0381101f
JH		 4152 }
4153
be22b54e
JH		 4154 handler = &mgmt_handlers[opcode];
4155
4156 if ((handler->var_len && len < handler->data_len) ||
8ce8e2b5 4157 (!handler->var_len && len != handler->data_len)) {
be22b54e 4158 err = cmd_status(sk, index, opcode,
04124681 4159 MGMT_STATUS_INVALID_PARAMS);
be22b54e
JH		 4160 goto done;
4161 }
4162
0f4e68cf
JH		 4163 if (hdev)
4164 mgmt_init_hdev(sk, hdev);
4165
4166 cp = buf + sizeof(*hdr);
4167
be22b54e 4168 err = handler->func(sk, hdev, cp, len);
e41d8b4e
JH		 4169 if (err < 0)
4170 goto done;
4171
0381101f
JH		 4172 err = msglen;
4173
4174done:
bdb6d971
JH		 4175 if (hdev)
4176 hci_dev_put(hdev);
4177
0381101f
JH		 4178 kfree(buf);
4179 return err;
4180}
c71e97bf 4181
bf6b56db 4182void mgmt_index_added(struct hci_dev *hdev)
c71e97bf 4183{
1514b892 4184 if (hdev->dev_type != HCI_BREDR)
bf6b56db 4185 return;
bb4b2a9a 4186
bf6b56db 4187 mgmt_event(MGMT_EV_INDEX_ADDED, hdev, NULL, 0, NULL);
c71e97bf
JH		 4188}
4189
bf6b56db 4190void mgmt_index_removed(struct hci_dev *hdev)
c71e97bf 4191{
5f159032 4192 u8 status = MGMT_STATUS_INVALID_INDEX;
b24752fe 4193
1514b892 4194 if (hdev->dev_type != HCI_BREDR)
bf6b56db 4195 return;
bb4b2a9a 4196
744cf19e 4197 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status);
b24752fe 4198
bf6b56db 4199 mgmt_event(MGMT_EV_INDEX_REMOVED, hdev, NULL, 0, NULL);
eec8d2bc
JH		 4200}
4201
229ab39c
JH		 4202static void powered_complete(struct hci_dev *hdev, u8 status)
4203{
4204 struct cmd_lookup match = { NULL, hdev };
4205
4206 BT_DBG("status 0x%02x", status);
4207
4208 hci_dev_lock(hdev);
4209
4210 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
4211
4212 new_settings(hdev, match.sk);
4213
4214 hci_dev_unlock(hdev);
4215
4216 if (match.sk)
4217 sock_put(match.sk);
4218}
4219
70da6243 4220static int powered_update_hci(struct hci_dev *hdev)
5add6af8 4221{
890ea898 4222 struct hci_request req;
70da6243 4223 u8 link_sec;
5add6af8 4224
890ea898
JH		 4225 hci_req_init(&req, hdev);
4226
70da6243
JH		 4227 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags) &&
4228 !lmp_host_ssp_capable(hdev)) {
4229 u8 ssp = 1;
5e5282bb 4230
890ea898 4231 hci_req_add(&req, HCI_OP_WRITE_SSP_MODE, 1, &ssp);
70da6243 4232 }
5add6af8 4233
c73eee91
JH		 4234 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags) &&
4235 lmp_bredr_capable(hdev)) {
70da6243 4236 struct hci_cp_write_le_host_supported cp;
f0ff92fb 4237
70da6243
JH		 4238 cp.le = 1;
4239 cp.simul = lmp_le_br_capable(hdev);
3d1cbdd6 4240
70da6243
JH		 4241 /* Check first if we already have the right
4242 * host state (host features set)
4243 */
4244 if (cp.le != lmp_host_le_capable(hdev) ||
4245 cp.simul != lmp_host_le_br_capable(hdev))
890ea898
JH		 4246 hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED,
4247 sizeof(cp), &cp);
70da6243 4248 }
3d1cbdd6 4249
d13eafce
MH		 4250 if (lmp_le_capable(hdev)) {
4251 /* Set random address to static address if configured */
4252 if (bacmp(&hdev->static_addr, BDADDR_ANY))
4253 hci_req_add(&req, HCI_OP_LE_SET_RANDOM_ADDR, 6,
4254 &hdev->static_addr);
eeca6f89 4255
441ad2d0
MH		 4256 /* Make sure the controller has a good default for
4257 * advertising data. This also applies to the case
4258 * where BR/EDR was toggled during the AUTO_OFF phase.
4259 */
f14d8f64 4260 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
5947f4bc 4261 update_adv_data(&req);
f14d8f64
MH		 4262 update_scan_rsp_data(&req);
4263 }
441ad2d0 4264
bba3aa55
MH		 4265 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags))
4266 enable_advertising(&req);
eeca6f89
JH		 4267 }
4268
70da6243
JH		 4269 link_sec = test_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
4270 if (link_sec != test_bit(HCI_AUTH, &hdev->flags))
890ea898
JH		 4271 hci_req_add(&req, HCI_OP_WRITE_AUTH_ENABLE,
4272 sizeof(link_sec), &link_sec);
562fcc24 4273
70da6243 4274 if (lmp_bredr_capable(hdev)) {
56f87901
JH		 4275 if (test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
4276 set_bredr_scan(&req);
890ea898 4277 update_class(&req);
13928971 4278 update_name(&req);
890ea898 4279 update_eir(&req);
70da6243 4280 }
562fcc24 4281
229ab39c 4282 return hci_req_run(&req, powered_complete);
70da6243 4283}
562fcc24 4284
70da6243
JH		 4285int mgmt_powered(struct hci_dev *hdev, u8 powered)
4286{
4287 struct cmd_lookup match = { NULL, hdev };
229ab39c
JH		 4288 u8 status_not_powered = MGMT_STATUS_NOT_POWERED;
4289 u8 zero_cod[] = { 0, 0, 0 };
70da6243 4290 int err;
f0ff92fb 4291
70da6243
JH		 4292 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
4293 return 0;
4294
70da6243 4295 if (powered) {
229ab39c
JH		 4296 if (powered_update_hci(hdev) == 0)
4297 return 0;
fe038884 4298
229ab39c
JH		 4299 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp,
4300 &match);
4301 goto new_settings;
b24752fe
JH		 4302 }
4303
229ab39c
JH		 4304 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
4305 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status_not_powered);
4306
4307 if (memcmp(hdev->dev_class, zero_cod, sizeof(zero_cod)) != 0)
4308 mgmt_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev,
4309 zero_cod, sizeof(zero_cod), NULL);
4310
4311new_settings:
beadb2bd 4312 err = new_settings(hdev, match.sk);
eec8d2bc
JH		 4313
4314 if (match.sk)
4315 sock_put(match.sk);
4316
7bb895d6 4317 return err;
5add6af8 4318}
73f22f62 4319
3eec705e 4320void mgmt_set_powered_failed(struct hci_dev *hdev, int err)
96570ffc
JH		 4321{
4322 struct pending_cmd *cmd;
4323 u8 status;
4324
4325 cmd = mgmt_pending_find(MGMT_OP_SET_POWERED, hdev);
4326 if (!cmd)
3eec705e 4327 return;
96570ffc
JH		 4328
4329 if (err == -ERFKILL)
4330 status = MGMT_STATUS_RFKILLED;
4331 else
4332 status = MGMT_STATUS_FAILED;
4333
3eec705e 4334 cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_POWERED, status);
96570ffc
JH		 4335
4336 mgmt_pending_remove(cmd);
96570ffc
JH		 4337}
4338
d1967ff8
MH		 4339void mgmt_discoverable_timeout(struct hci_dev *hdev)
4340{
4341 struct hci_request req;
d1967ff8
MH		 4342
4343 hci_dev_lock(hdev);
4344
4345 /* When discoverable timeout triggers, then just make sure
4346 * the limited discoverable flag is cleared. Even in the case
4347 * of a timeout triggered from general discoverable, it is
4348 * safe to unconditionally clear the flag.
4349 */
4350 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
4351
4352 hci_req_init(&req, hdev);
4b580614
JH		 4353 if (test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
4354 u8 scan = SCAN_PAGE;
4355 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE,
4356 sizeof(scan), &scan);
4357 }
d1967ff8
MH		 4358 update_class(&req);
4359 hci_req_run(&req, NULL);
4360
4361 hdev->discov_timeout = 0;
4362
4363 hci_dev_unlock(hdev);
4364}
4365
86a75645 4366void mgmt_discoverable(struct hci_dev *hdev, u8 discoverable)
73f22f62 4367{
86a75645 4368 bool changed;
73f22f62 4369
bfaf8c9f
JH		 4370 /* Nothing needed here if there's a pending command since that
4371 * commands request completion callback takes care of everything
4372 * necessary.
4373 */
4374 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev))
86a75645 4375 return;
bfaf8c9f 4376
86a75645
MH		 4377 if (discoverable)
4378 changed = !test_and_set_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
4379 else
4380 changed = test_and_clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
73f22f62 4381
beadb2bd 4382 if (changed)
86a75645 4383 new_settings(hdev, NULL);
73f22f62 4384}
9fbcbb45 4385
a330916c 4386void mgmt_connectable(struct hci_dev *hdev, u8 connectable)
9fbcbb45 4387{
a330916c 4388 bool changed;
9fbcbb45 4389
d7b856f9
JH		 4390 /* Nothing needed here if there's a pending command since that
4391 * commands request completion callback takes care of everything
4392 * necessary.
4393 */
4394 if (mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev))
a330916c 4395 return;
d7b856f9 4396
a330916c
MH		 4397 if (connectable)
4398 changed = !test_and_set_bit(HCI_CONNECTABLE, &hdev->dev_flags);
4399 else
4400 changed = test_and_clear_bit(HCI_CONNECTABLE, &hdev->dev_flags);
9fbcbb45 4401
beadb2bd 4402 if (changed)
a330916c 4403 new_settings(hdev, NULL);
9fbcbb45 4404}
55ed8ca1 4405
4796e8af 4406void mgmt_write_scan_failed(struct hci_dev *hdev, u8 scan, u8 status)
2d7cee58 4407{
ca69b795
JH		 4408 u8 mgmt_err = mgmt_status(status);
4409
2d7cee58 4410 if (scan & SCAN_PAGE)
744cf19e 4411 mgmt_pending_foreach(MGMT_OP_SET_CONNECTABLE, hdev,
04124681 4412 cmd_status_rsp, &mgmt_err);
2d7cee58
JH		 4413
4414 if (scan & SCAN_INQUIRY)
744cf19e 4415 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, hdev,
04124681 4416 cmd_status_rsp, &mgmt_err);
2d7cee58
JH		 4417}
4418
dc4a5ee2
MH		 4419void mgmt_new_link_key(struct hci_dev *hdev, struct link_key *key,
4420 bool persistent)
55ed8ca1 4421{
86742e1e 4422 struct mgmt_ev_new_link_key ev;
55ed8ca1 4423
a492cd52 4424 memset(&ev, 0, sizeof(ev));
55ed8ca1 4425
a492cd52 4426 ev.store_hint = persistent;
d753fdc4 4427 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
591f47f3 4428 ev.key.addr.type = BDADDR_BREDR;
a492cd52 4429 ev.key.type = key->type;
9b3b4460 4430 memcpy(ev.key.val, key->val, HCI_LINK_KEY_SIZE);
a492cd52 4431 ev.key.pin_len = key->pin_len;
55ed8ca1 4432
dc4a5ee2 4433 mgmt_event(MGMT_EV_NEW_LINK_KEY, hdev, &ev, sizeof(ev), NULL);
55ed8ca1 4434}
f7520543 4435
083368f7 4436void mgmt_new_ltk(struct hci_dev *hdev, struct smp_ltk *key, u8 persistent)
346af67b
VCG		 4437{
4438 struct mgmt_ev_new_long_term_key ev;
4439
4440 memset(&ev, 0, sizeof(ev));
4441
4442 ev.store_hint = persistent;
4443 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
57c1477c 4444 ev.key.addr.type = link_to_bdaddr(LE_LINK, key->bdaddr_type);
346af67b
VCG		 4445 ev.key.authenticated = key->authenticated;
4446 ev.key.enc_size = key->enc_size;
4447 ev.key.ediv = key->ediv;
4448
4449 if (key->type == HCI_SMP_LTK)
4450 ev.key.master = 1;
4451
4452 memcpy(ev.key.rand, key->rand, sizeof(key->rand));
4453 memcpy(ev.key.val, key->val, sizeof(key->val));
4454
083368f7 4455 mgmt_event(MGMT_EV_NEW_LONG_TERM_KEY, hdev, &ev, sizeof(ev), NULL);
346af67b
VCG		 4456}
4457
94933991
MH		 4458static inline u16 eir_append_data(u8 *eir, u16 eir_len, u8 type, u8 *data,
4459 u8 data_len)
4460{
4461 eir[eir_len++] = sizeof(type) + data_len;
4462 eir[eir_len++] = type;
4463 memcpy(&eir[eir_len], data, data_len);
4464 eir_len += data_len;
4465
4466 return eir_len;
4467}
4468
ecd90ae7
MH		 4469void mgmt_device_connected(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
4470 u8 addr_type, u32 flags, u8 *name, u8 name_len,
4471 u8 *dev_class)
f7520543 4472{
b644ba33
JH		 4473 char buf[512];
4474 struct mgmt_ev_device_connected *ev = (void *) buf;
4475 u16 eir_len = 0;
f7520543 4476
b644ba33 4477 bacpy(&ev->addr.bdaddr, bdaddr);
57c1477c 4478 ev->addr.type = link_to_bdaddr(link_type, addr_type);
f7520543 4479
c95f0ba7 4480 ev->flags = __cpu_to_le32(flags);
08c79b61 4481
b644ba33
JH		 4482 if (name_len > 0)
4483 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE,
04124681 4484 name, name_len);
b644ba33
JH		 4485
4486 if (dev_class && memcmp(dev_class, "\0\0\0", 3) != 0)
53156385 4487 eir_len = eir_append_data(ev->eir, eir_len,
04124681 4488 EIR_CLASS_OF_DEV, dev_class, 3);
b644ba33 4489
eb55ef07 4490 ev->eir_len = cpu_to_le16(eir_len);
b644ba33 4491
ecd90ae7
MH		 4492 mgmt_event(MGMT_EV_DEVICE_CONNECTED, hdev, buf,
4493 sizeof(*ev) + eir_len, NULL);
f7520543
JH		 4494}
4495
8962ee74
JH		 4496static void disconnect_rsp(struct pending_cmd *cmd, void *data)
4497{
c68fb7ff 4498 struct mgmt_cp_disconnect *cp = cmd->param;
8962ee74 4499 struct sock **sk = data;
a38528f1 4500 struct mgmt_rp_disconnect rp;
8962ee74 4501
88c3df13
JH		 4502 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
4503 rp.addr.type = cp->addr.type;
8962ee74 4504
aee9b218 4505 cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT, 0, &rp,
04124681 4506 sizeof(rp));
8962ee74
JH		 4507
4508 *sk = cmd->sk;
4509 sock_hold(*sk);
4510
a664b5bc 4511 mgmt_pending_remove(cmd);
8962ee74
JH		 4512}
4513
124f6e35 4514static void unpair_device_rsp(struct pending_cmd *cmd, void *data)
a8a1d19e 4515{
b1078ad0 4516 struct hci_dev *hdev = data;
124f6e35
JH		 4517 struct mgmt_cp_unpair_device *cp = cmd->param;
4518 struct mgmt_rp_unpair_device rp;
a8a1d19e
JH		 4519
4520 memset(&rp, 0, sizeof(rp));
124f6e35
JH		 4521 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
4522 rp.addr.type = cp->addr.type;
a8a1d19e 4523
b1078ad0
JH		 4524 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, cmd->sk);
4525
aee9b218 4526 cmd_complete(cmd->sk, cmd->index, cmd->opcode, 0, &rp, sizeof(rp));
a8a1d19e
JH		 4527
4528 mgmt_pending_remove(cmd);
4529}
4530
9b80ec5e
MH		 4531void mgmt_device_disconnected(struct hci_dev *hdev, bdaddr_t *bdaddr,
4532 u8 link_type, u8 addr_type, u8 reason)
f7520543 4533{
f0d6a0ea 4534 struct mgmt_ev_device_disconnected ev;
8962ee74 4535 struct sock *sk = NULL;
8962ee74 4536
744cf19e 4537 mgmt_pending_foreach(MGMT_OP_DISCONNECT, hdev, disconnect_rsp, &sk);
f7520543 4538
f0d6a0ea
MA		 4539 bacpy(&ev.addr.bdaddr, bdaddr);
4540 ev.addr.type = link_to_bdaddr(link_type, addr_type);
4541 ev.reason = reason;
f7520543 4542
9b80ec5e 4543 mgmt_event(MGMT_EV_DEVICE_DISCONNECTED, hdev, &ev, sizeof(ev), sk);
8962ee74
JH		 4544
4545 if (sk)
d97dcb66 4546 sock_put(sk);
8962ee74 4547
124f6e35 4548 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
04124681 4549 hdev);
8962ee74
JH		 4550}
4551
7892924c
MH		 4552void mgmt_disconnect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr,
4553 u8 link_type, u8 addr_type, u8 status)
8962ee74 4554{
88c3df13 4555 struct mgmt_rp_disconnect rp;
8962ee74 4556 struct pending_cmd *cmd;
8962ee74 4557
36a75f1b
JD		 4558 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
4559 hdev);
4560
2e58ef3e 4561 cmd = mgmt_pending_find(MGMT_OP_DISCONNECT, hdev);
8962ee74 4562 if (!cmd)
7892924c 4563 return;
8962ee74 4564
88c3df13 4565 bacpy(&rp.addr.bdaddr, bdaddr);
57c1477c 4566 rp.addr.type = link_to_bdaddr(link_type, addr_type);
37d9ef76 4567
7892924c
MH		 4568 cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT,
4569 mgmt_status(status), &rp, sizeof(rp));
8962ee74 4570
a664b5bc 4571 mgmt_pending_remove(cmd);
f7520543 4572}
17d5c04c 4573
445608d0
MH		 4574void mgmt_connect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
4575 u8 addr_type, u8 status)
17d5c04c
JH		 4576{
4577 struct mgmt_ev_connect_failed ev;
4578
4c659c39 4579 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 4580 ev.addr.type = link_to_bdaddr(link_type, addr_type);
ca69b795 4581 ev.status = mgmt_status(status);
17d5c04c 4582
445608d0 4583 mgmt_event(MGMT_EV_CONNECT_FAILED, hdev, &ev, sizeof(ev), NULL);
17d5c04c 4584}
980e1a53 4585
ce0e4a0d 4586void mgmt_pin_code_request(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 secure)
980e1a53
JH		 4587{
4588 struct mgmt_ev_pin_code_request ev;
4589
d8457698 4590 bacpy(&ev.addr.bdaddr, bdaddr);
591f47f3 4591 ev.addr.type = BDADDR_BREDR;
a770bb5a 4592 ev.secure = secure;
980e1a53 4593
ce0e4a0d 4594 mgmt_event(MGMT_EV_PIN_CODE_REQUEST, hdev, &ev, sizeof(ev), NULL);
980e1a53
JH		 4595}
4596
e669cf80
MH		 4597void mgmt_pin_code_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
4598 u8 status)
980e1a53
JH		 4599{
4600 struct pending_cmd *cmd;
ac56fb13 4601 struct mgmt_rp_pin_code_reply rp;
980e1a53 4602
2e58ef3e 4603 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_REPLY, hdev);
980e1a53 4604 if (!cmd)
e669cf80 4605 return;
980e1a53 4606
d8457698 4607 bacpy(&rp.addr.bdaddr, bdaddr);
591f47f3 4608 rp.addr.type = BDADDR_BREDR;
ac56fb13 4609
e669cf80
MH		 4610 cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
4611 mgmt_status(status), &rp, sizeof(rp));
980e1a53 4612
a664b5bc 4613 mgmt_pending_remove(cmd);
980e1a53
JH		 4614}
4615
3eb38528
MH		 4616void mgmt_pin_code_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
4617 u8 status)
980e1a53
JH		 4618{
4619 struct pending_cmd *cmd;
ac56fb13 4620 struct mgmt_rp_pin_code_reply rp;
980e1a53 4621
2e58ef3e 4622 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_NEG_REPLY, hdev);
980e1a53 4623 if (!cmd)
3eb38528 4624 return;
980e1a53 4625
d8457698 4626 bacpy(&rp.addr.bdaddr, bdaddr);
591f47f3 4627 rp.addr.type = BDADDR_BREDR;
ac56fb13 4628
3eb38528
MH		 4629 cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_NEG_REPLY,
4630 mgmt_status(status), &rp, sizeof(rp));
980e1a53 4631
a664b5bc 4632 mgmt_pending_remove(cmd);
980e1a53 4633}
a5c29683 4634
744cf19e 4635int mgmt_user_confirm_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681
GP		 4636 u8 link_type, u8 addr_type, __le32 value,
4637 u8 confirm_hint)
a5c29683
JH		 4638{
4639 struct mgmt_ev_user_confirm_request ev;
4640
744cf19e 4641 BT_DBG("%s", hdev->name);
a5c29683 4642
272d90df 4643 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 4644 ev.addr.type = link_to_bdaddr(link_type, addr_type);
55bc1a37 4645 ev.confirm_hint = confirm_hint;
78e8098e 4646 ev.value = value;
a5c29683 4647
744cf19e 4648 return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST, hdev, &ev, sizeof(ev),
04124681 4649 NULL);
a5c29683
JH		 4650}
4651
272d90df 4652int mgmt_user_passkey_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
8ce8e2b5 4653 u8 link_type, u8 addr_type)
604086b7
BG		 4654{
4655 struct mgmt_ev_user_passkey_request ev;
4656
4657 BT_DBG("%s", hdev->name);
4658
272d90df 4659 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 4660 ev.addr.type = link_to_bdaddr(link_type, addr_type);
604086b7
BG		 4661
4662 return mgmt_event(MGMT_EV_USER_PASSKEY_REQUEST, hdev, &ev, sizeof(ev),
04124681 4663 NULL);
604086b7
BG		 4664}
4665
0df4c185 4666static int user_pairing_resp_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
8ce8e2b5
GP		 4667 u8 link_type, u8 addr_type, u8 status,
4668 u8 opcode)
a5c29683
JH		 4669{
4670 struct pending_cmd *cmd;
4671 struct mgmt_rp_user_confirm_reply rp;
4672 int err;
4673
2e58ef3e 4674 cmd = mgmt_pending_find(opcode, hdev);
a5c29683
JH		 4675 if (!cmd)
4676 return -ENOENT;
4677
272d90df 4678 bacpy(&rp.addr.bdaddr, bdaddr);
57c1477c 4679 rp.addr.type = link_to_bdaddr(link_type, addr_type);
aee9b218 4680 err = cmd_complete(cmd->sk, hdev->id, opcode, mgmt_status(status),
04124681 4681 &rp, sizeof(rp));
a5c29683 4682
a664b5bc 4683 mgmt_pending_remove(cmd);
a5c29683
JH		 4684
4685 return err;
4686}
4687
744cf19e 4688int mgmt_user_confirm_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 4689 u8 link_type, u8 addr_type, u8 status)
a5c29683 4690{
272d90df 4691 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
04124681 4692 status, MGMT_OP_USER_CONFIRM_REPLY);
a5c29683
JH		 4693}
4694
272d90df 4695int mgmt_user_confirm_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 4696 u8 link_type, u8 addr_type, u8 status)
a5c29683 4697{
272d90df 4698 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
8fc9ced3
GP		 4699 status,
4700 MGMT_OP_USER_CONFIRM_NEG_REPLY);
a5c29683 4701}
2a611692 4702
604086b7 4703int mgmt_user_passkey_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 4704 u8 link_type, u8 addr_type, u8 status)
604086b7 4705{
272d90df 4706 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
04124681 4707 status, MGMT_OP_USER_PASSKEY_REPLY);
604086b7
BG		 4708}
4709
272d90df 4710int mgmt_user_passkey_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 4711 u8 link_type, u8 addr_type, u8 status)
604086b7 4712{
272d90df 4713 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
8fc9ced3
GP		 4714 status,
4715 MGMT_OP_USER_PASSKEY_NEG_REPLY);
604086b7
BG		 4716}
4717
92a25256
JH		 4718int mgmt_user_passkey_notify(struct hci_dev *hdev, bdaddr_t *bdaddr,
4719 u8 link_type, u8 addr_type, u32 passkey,
4720 u8 entered)
4721{
4722 struct mgmt_ev_passkey_notify ev;
4723
4724 BT_DBG("%s", hdev->name);
4725
4726 bacpy(&ev.addr.bdaddr, bdaddr);
4727 ev.addr.type = link_to_bdaddr(link_type, addr_type);
4728 ev.passkey = __cpu_to_le32(passkey);
4729 ev.entered = entered;
4730
4731 return mgmt_event(MGMT_EV_PASSKEY_NOTIFY, hdev, &ev, sizeof(ev), NULL);
4732}
4733
e546099c
MH		 4734void mgmt_auth_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
4735 u8 addr_type, u8 status)
2a611692
JH		 4736{
4737 struct mgmt_ev_auth_failed ev;
4738
bab73cb6 4739 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 4740 ev.addr.type = link_to_bdaddr(link_type, addr_type);
ca69b795 4741 ev.status = mgmt_status(status);
2a611692 4742
e546099c 4743 mgmt_event(MGMT_EV_AUTH_FAILED, hdev, &ev, sizeof(ev), NULL);
2a611692 4744}
b312b161 4745
464996ae 4746void mgmt_auth_enable_complete(struct hci_dev *hdev, u8 status)
33ef95ed
JH		 4747{
4748 struct cmd_lookup match = { NULL, hdev };
464996ae 4749 bool changed;
33ef95ed
JH		 4750
4751 if (status) {
4752 u8 mgmt_err = mgmt_status(status);
4753 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev,
04124681 4754 cmd_status_rsp, &mgmt_err);
464996ae 4755 return;
33ef95ed
JH		 4756 }
4757
464996ae
MH		 4758 if (test_bit(HCI_AUTH, &hdev->flags))
4759 changed = !test_and_set_bit(HCI_LINK_SECURITY,
4760 &hdev->dev_flags);
4761 else
4762 changed = test_and_clear_bit(HCI_LINK_SECURITY,
4763 &hdev->dev_flags);
47990ea0 4764
33ef95ed 4765 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev, settings_rsp,
04124681 4766 &match);
33ef95ed 4767
47990ea0 4768 if (changed)
464996ae 4769 new_settings(hdev, match.sk);
33ef95ed
JH		 4770
4771 if (match.sk)
4772 sock_put(match.sk);
33ef95ed
JH		 4773}
4774
890ea898 4775static void clear_eir(struct hci_request *req)
cacaf52f 4776{
890ea898 4777 struct hci_dev *hdev = req->hdev;
cacaf52f
JH		 4778 struct hci_cp_write_eir cp;
4779
976eb20e 4780 if (!lmp_ext_inq_capable(hdev))
890ea898 4781 return;
cacaf52f 4782
c80da27e
JH		 4783 memset(hdev->eir, 0, sizeof(hdev->eir));
4784
cacaf52f
JH		 4785 memset(&cp, 0, sizeof(cp));
4786
890ea898 4787 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
cacaf52f
JH		 4788}
4789
3e248560 4790void mgmt_ssp_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
ed2c4ee3
JH		 4791{
4792 struct cmd_lookup match = { NULL, hdev };
890ea898 4793 struct hci_request req;
c0ecddc2 4794 bool changed = false;
ed2c4ee3
JH		 4795
4796 if (status) {
4797 u8 mgmt_err = mgmt_status(status);
c0ecddc2
JH		 4798
4799 if (enable && test_and_clear_bit(HCI_SSP_ENABLED,
9ecb3e24
MH		 4800 &hdev->dev_flags)) {
4801 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
3e248560 4802 new_settings(hdev, NULL);
9ecb3e24 4803 }
c0ecddc2 4804
04124681
GP		 4805 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, cmd_status_rsp,
4806 &mgmt_err);
3e248560 4807 return;
c0ecddc2
JH		 4808 }
4809
4810 if (enable) {
9ecb3e24 4811 changed = !test_and_set_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
c0ecddc2 4812 } else {
9ecb3e24
MH		 4813 changed = test_and_clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
4814 if (!changed)
4815 changed = test_and_clear_bit(HCI_HS_ENABLED,
4816 &hdev->dev_flags);
4817 else
4818 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
ed2c4ee3
JH		 4819 }
4820
4821 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, settings_rsp, &match);
4822
c0ecddc2 4823 if (changed)
3e248560 4824 new_settings(hdev, match.sk);
ed2c4ee3 4825
5fc6ebb1 4826 if (match.sk)
ed2c4ee3
JH		 4827 sock_put(match.sk);
4828
890ea898
JH		 4829 hci_req_init(&req, hdev);
4830
5fc6ebb1 4831 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
890ea898 4832 update_eir(&req);
5fc6ebb1 4833 else
890ea898
JH		 4834 clear_eir(&req);
4835
4836 hci_req_run(&req, NULL);
ed2c4ee3
JH		 4837}
4838
92da6097 4839static void sk_lookup(struct pending_cmd *cmd, void *data)
90e70454
JH		 4840{
4841 struct cmd_lookup *match = data;
4842
90e70454
JH		 4843 if (match->sk == NULL) {
4844 match->sk = cmd->sk;
4845 sock_hold(match->sk);
4846 }
90e70454
JH		 4847}
4848
4e1b0245
MH		 4849void mgmt_set_class_of_dev_complete(struct hci_dev *hdev, u8 *dev_class,
4850 u8 status)
7f9a903c 4851{
90e70454 4852 struct cmd_lookup match = { NULL, hdev, mgmt_status(status) };
7f9a903c 4853
92da6097
JH		 4854 mgmt_pending_foreach(MGMT_OP_SET_DEV_CLASS, hdev, sk_lookup, &match);
4855 mgmt_pending_foreach(MGMT_OP_ADD_UUID, hdev, sk_lookup, &match);
4856 mgmt_pending_foreach(MGMT_OP_REMOVE_UUID, hdev, sk_lookup, &match);
90e70454
JH		 4857
4858 if (!status)
4e1b0245
MH		 4859 mgmt_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev, dev_class, 3,
4860 NULL);
90e70454
JH		 4861
4862 if (match.sk)
4863 sock_put(match.sk);
7f9a903c
MH		 4864}
4865
7667da34 4866void mgmt_set_local_name_complete(struct hci_dev *hdev, u8 *name, u8 status)
b312b161 4867{
b312b161 4868 struct mgmt_cp_set_local_name ev;
13928971 4869 struct pending_cmd *cmd;
28cc7bde 4870
13928971 4871 if (status)
7667da34 4872 return;
b312b161
JH		 4873
4874 memset(&ev, 0, sizeof(ev));
4875 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH);
28cc7bde 4876 memcpy(ev.short_name, hdev->short_name, HCI_MAX_SHORT_NAME_LENGTH);
b312b161 4877
2e58ef3e 4878 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
13928971
JH		 4879 if (!cmd) {
4880 memcpy(hdev->dev_name, name, sizeof(hdev->dev_name));
28cc7bde 4881
13928971
JH		 4882 /* If this is a HCI command related to powering on the
4883 * HCI dev don't send any mgmt signals.
4884 */
4885 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev))
7667da34 4886 return;
890ea898 4887 }
b312b161 4888
7667da34
MH		 4889 mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, &ev, sizeof(ev),
4890 cmd ? cmd->sk : NULL);
b312b161 4891}
c35938b2 4892
3edaf092
MH		 4893void mgmt_read_local_oob_data_reply_complete(struct hci_dev *hdev, u8 *hash,
4894 u8 *randomizer, u8 status)
c35938b2
SJ		 4895{
4896 struct pending_cmd *cmd;
c35938b2 4897
744cf19e 4898 BT_DBG("%s status %u", hdev->name, status);
c35938b2 4899
2e58ef3e 4900 cmd = mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev);
c35938b2 4901 if (!cmd)
3edaf092 4902 return;
c35938b2
SJ		 4903
4904 if (status) {
3edaf092
MH		 4905 cmd_status(cmd->sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
4906 mgmt_status(status));
c35938b2
SJ		 4907 } else {
4908 struct mgmt_rp_read_local_oob_data rp;
4909
4910 memcpy(rp.hash, hash, sizeof(rp.hash));
4911 memcpy(rp.randomizer, randomizer, sizeof(rp.randomizer));
4912
3edaf092
MH		 4913 cmd_complete(cmd->sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
4914 0, &rp, sizeof(rp));
c35938b2
SJ		 4915 }
4916
4917 mgmt_pending_remove(cmd);
c35938b2 4918}
e17acd40 4919
901801b9
MH		 4920void mgmt_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
4921 u8 addr_type, u8 *dev_class, s8 rssi, u8 cfm_name, u8
4922 ssp, u8 *eir, u16 eir_len)
e17acd40 4923{
e319d2e7
JH		 4924 char buf[512];
4925 struct mgmt_ev_device_found *ev = (void *) buf;
1dc06093 4926 size_t ev_size;
e17acd40 4927
12602d0c 4928 if (!hci_discovery_active(hdev))
901801b9 4929 return;
12602d0c 4930
1dc06093
JH		 4931 /* Leave 5 bytes for a potential CoD field */
4932 if (sizeof(*ev) + eir_len + 5 > sizeof(buf))
901801b9 4933 return;
7d262f86 4934
1dc06093
JH		 4935 memset(buf, 0, sizeof(buf));
4936
e319d2e7 4937 bacpy(&ev->addr.bdaddr, bdaddr);
57c1477c 4938 ev->addr.type = link_to_bdaddr(link_type, addr_type);
e319d2e7 4939 ev->rssi = rssi;
9a395a80 4940 if (cfm_name)
612dfce9 4941 ev->flags |= __constant_cpu_to_le32(MGMT_DEV_FOUND_CONFIRM_NAME);
388fc8fa 4942 if (!ssp)
612dfce9 4943 ev->flags |= __constant_cpu_to_le32(MGMT_DEV_FOUND_LEGACY_PAIRING);
e17acd40 4944
1dc06093 4945 if (eir_len > 0)
e319d2e7 4946 memcpy(ev->eir, eir, eir_len);
e17acd40 4947
1dc06093
JH		 4948 if (dev_class && !eir_has_data_type(ev->eir, eir_len, EIR_CLASS_OF_DEV))
4949 eir_len = eir_append_data(ev->eir, eir_len, EIR_CLASS_OF_DEV,
04124681 4950 dev_class, 3);
1dc06093 4951
eb55ef07 4952 ev->eir_len = cpu_to_le16(eir_len);
1dc06093 4953 ev_size = sizeof(*ev) + eir_len;
f8523598 4954
901801b9 4955 mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, ev_size, NULL);
e17acd40 4956}
a88a9652 4957
9cf12aee
MH		 4958void mgmt_remote_name(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
4959 u8 addr_type, s8 rssi, u8 *name, u8 name_len)
a88a9652 4960{
b644ba33
JH		 4961 struct mgmt_ev_device_found *ev;
4962 char buf[sizeof(*ev) + HCI_MAX_NAME_LENGTH + 2];
4963 u16 eir_len;
a88a9652 4964
b644ba33 4965 ev = (struct mgmt_ev_device_found *) buf;
a88a9652 4966
b644ba33
JH		 4967 memset(buf, 0, sizeof(buf));
4968
4969 bacpy(&ev->addr.bdaddr, bdaddr);
57c1477c 4970 ev->addr.type = link_to_bdaddr(link_type, addr_type);
b644ba33
JH		 4971 ev->rssi = rssi;
4972
4973 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE, name,
04124681 4974 name_len);
b644ba33 4975
eb55ef07 4976 ev->eir_len = cpu_to_le16(eir_len);
a88a9652 4977
9cf12aee 4978 mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, sizeof(*ev) + eir_len, NULL);
a88a9652 4979}
314b2381 4980
2f1e063b 4981void mgmt_discovering(struct hci_dev *hdev, u8 discovering)
314b2381 4982{
f963e8e9 4983 struct mgmt_ev_discovering ev;
164a6e78
JH		 4984 struct pending_cmd *cmd;
4985
343fb145
AG		 4986 BT_DBG("%s discovering %u", hdev->name, discovering);
4987
164a6e78 4988 if (discovering)
2e58ef3e 4989 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
164a6e78 4990 else
2e58ef3e 4991 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
164a6e78
JH		 4992
4993 if (cmd != NULL) {
f808e166
JH		 4994 u8 type = hdev->discovery.type;
4995
04124681
GP		 4996 cmd_complete(cmd->sk, hdev->id, cmd->opcode, 0, &type,
4997 sizeof(type));
164a6e78
JH		 4998 mgmt_pending_remove(cmd);
4999 }
5000
f963e8e9
JH		 5001 memset(&ev, 0, sizeof(ev));
5002 ev.type = hdev->discovery.type;
5003 ev.discovering = discovering;
5004
2f1e063b 5005 mgmt_event(MGMT_EV_DISCOVERING, hdev, &ev, sizeof(ev), NULL);
314b2381 5006}
5e762444 5007
88c1fe4b 5008int mgmt_device_blocked(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
5e762444
AJ		 5009{
5010 struct pending_cmd *cmd;
5011 struct mgmt_ev_device_blocked ev;
5012
2e58ef3e 5013 cmd = mgmt_pending_find(MGMT_OP_BLOCK_DEVICE, hdev);
5e762444 5014
88c1fe4b
JH		 5015 bacpy(&ev.addr.bdaddr, bdaddr);
5016 ev.addr.type = type;
5e762444 5017
744cf19e 5018 return mgmt_event(MGMT_EV_DEVICE_BLOCKED, hdev, &ev, sizeof(ev),
04124681 5019 cmd ? cmd->sk : NULL);
5e762444
AJ		 5020}
5021
88c1fe4b 5022int mgmt_device_unblocked(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
5e762444
AJ		 5023{
5024 struct pending_cmd *cmd;
5025 struct mgmt_ev_device_unblocked ev;
5026
2e58ef3e 5027 cmd = mgmt_pending_find(MGMT_OP_UNBLOCK_DEVICE, hdev);
5e762444 5028
88c1fe4b
JH		 5029 bacpy(&ev.addr.bdaddr, bdaddr);
5030 ev.addr.type = type;
5e762444 5031
744cf19e 5032 return mgmt_event(MGMT_EV_DEVICE_UNBLOCKED, hdev, &ev, sizeof(ev),
04124681 5033 cmd ? cmd->sk : NULL);
5e762444 5034}
5976e608
MH		 5035
5036static void adv_enable_complete(struct hci_dev *hdev, u8 status)
5037{
5038 BT_DBG("%s status %u", hdev->name, status);
5039
5040 /* Clear the advertising mgmt setting if we failed to re-enable it */
5041 if (status) {
5042 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
a6d811ed 5043 new_settings(hdev, NULL);
5976e608
MH		 5044 }
5045}
5046
5047void mgmt_reenable_advertising(struct hci_dev *hdev)
5048{
5049 struct hci_request req;
5050
b145edcd 5051 if (hci_conn_num(hdev, LE_LINK) > 0)
5976e608
MH		 5052 return;
5053
5054 if (!test_bit(HCI_ADVERTISING, &hdev->dev_flags))
5055 return;
5056
5057 hci_req_init(&req, hdev);
5058 enable_advertising(&req);
5059
5060 /* If this fails we have no option but to let user space know
5061 * that we've disabled advertising.
5062 */
5063 if (hci_req_run(&req, adv_enable_complete) < 0) {
5064 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
a6d811ed 5065 new_settings(hdev, NULL);
5976e608
MH		 5066 }
5067}
Linux kernel - Deliverables
This page took 0.78477 seconds and 5 git commands to generate.