projects / deliverable / linux.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Bluetooth: Set LE advertising parameters before enabling it
[deliverable/linux.git] / net / bluetooth / mgmt.c
CommitLineData
0381101f
JH		 1/*
2 BlueZ - Bluetooth protocol stack for Linux
ea585ab5 3
0381101f 4 Copyright (C) 2010 Nokia Corporation
ea585ab5 5 Copyright (C) 2011-2012 Intel Corporation
0381101f
JH		 6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
10
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
23*/
24
25/* Bluetooth HCI Management interface */
26
3a9a231d 27#include <linux/module.h>
0381101f
JH		 28#include <asm/unaligned.h>
29
30#include <net/bluetooth/bluetooth.h>
31#include <net/bluetooth/hci_core.h>
32#include <net/bluetooth/mgmt.h>
5fe57d9e 33#include <net/bluetooth/smp.h>
0381101f 34
2da9c55c 35#define MGMT_VERSION 1
9ab8cf37 36#define MGMT_REVISION 4
02d98129 37
e70bb2e8
JH		 38static const u16 mgmt_commands[] = {
39 MGMT_OP_READ_INDEX_LIST,
40 MGMT_OP_READ_INFO,
41 MGMT_OP_SET_POWERED,
42 MGMT_OP_SET_DISCOVERABLE,
43 MGMT_OP_SET_CONNECTABLE,
44 MGMT_OP_SET_FAST_CONNECTABLE,
45 MGMT_OP_SET_PAIRABLE,
46 MGMT_OP_SET_LINK_SECURITY,
47 MGMT_OP_SET_SSP,
48 MGMT_OP_SET_HS,
49 MGMT_OP_SET_LE,
50 MGMT_OP_SET_DEV_CLASS,
51 MGMT_OP_SET_LOCAL_NAME,
52 MGMT_OP_ADD_UUID,
53 MGMT_OP_REMOVE_UUID,
54 MGMT_OP_LOAD_LINK_KEYS,
55 MGMT_OP_LOAD_LONG_TERM_KEYS,
56 MGMT_OP_DISCONNECT,
57 MGMT_OP_GET_CONNECTIONS,
58 MGMT_OP_PIN_CODE_REPLY,
59 MGMT_OP_PIN_CODE_NEG_REPLY,
60 MGMT_OP_SET_IO_CAPABILITY,
61 MGMT_OP_PAIR_DEVICE,
62 MGMT_OP_CANCEL_PAIR_DEVICE,
63 MGMT_OP_UNPAIR_DEVICE,
64 MGMT_OP_USER_CONFIRM_REPLY,
65 MGMT_OP_USER_CONFIRM_NEG_REPLY,
66 MGMT_OP_USER_PASSKEY_REPLY,
67 MGMT_OP_USER_PASSKEY_NEG_REPLY,
68 MGMT_OP_READ_LOCAL_OOB_DATA,
69 MGMT_OP_ADD_REMOTE_OOB_DATA,
70 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
71 MGMT_OP_START_DISCOVERY,
72 MGMT_OP_STOP_DISCOVERY,
73 MGMT_OP_CONFIRM_NAME,
74 MGMT_OP_BLOCK_DEVICE,
75 MGMT_OP_UNBLOCK_DEVICE,
cdbaccca 76 MGMT_OP_SET_DEVICE_ID,
4375f103 77 MGMT_OP_SET_ADVERTISING,
0663ca2a 78 MGMT_OP_SET_BREDR,
d13eafce 79 MGMT_OP_SET_STATIC_ADDRESS,
e70bb2e8
JH		 80};
81
82static const u16 mgmt_events[] = {
83 MGMT_EV_CONTROLLER_ERROR,
84 MGMT_EV_INDEX_ADDED,
85 MGMT_EV_INDEX_REMOVED,
86 MGMT_EV_NEW_SETTINGS,
87 MGMT_EV_CLASS_OF_DEV_CHANGED,
88 MGMT_EV_LOCAL_NAME_CHANGED,
89 MGMT_EV_NEW_LINK_KEY,
90 MGMT_EV_NEW_LONG_TERM_KEY,
91 MGMT_EV_DEVICE_CONNECTED,
92 MGMT_EV_DEVICE_DISCONNECTED,
93 MGMT_EV_CONNECT_FAILED,
94 MGMT_EV_PIN_CODE_REQUEST,
95 MGMT_EV_USER_CONFIRM_REQUEST,
96 MGMT_EV_USER_PASSKEY_REQUEST,
97 MGMT_EV_AUTH_FAILED,
98 MGMT_EV_DEVICE_FOUND,
99 MGMT_EV_DISCOVERING,
100 MGMT_EV_DEVICE_BLOCKED,
101 MGMT_EV_DEVICE_UNBLOCKED,
102 MGMT_EV_DEVICE_UNPAIRED,
92a25256 103 MGMT_EV_PASSKEY_NOTIFY,
e70bb2e8
JH		 104};
105
17b02e62 106#define CACHE_TIMEOUT msecs_to_jiffies(2 * 1000)
7d78525d 107
4b34ee78
JH		 108#define hdev_is_powered(hdev) (test_bit(HCI_UP, &hdev->flags) && \
109 !test_bit(HCI_AUTO_OFF, &hdev->dev_flags))
110
eec8d2bc
JH		 111struct pending_cmd {
112 struct list_head list;
fc2f4b13 113 u16 opcode;
eec8d2bc 114 int index;
c68fb7ff 115 void *param;
eec8d2bc 116 struct sock *sk;
e9a416b5 117 void *user_data;
eec8d2bc
JH		 118};
119
ca69b795
JH		 120/* HCI to MGMT error code conversion table */
121static u8 mgmt_status_table[] = {
122 MGMT_STATUS_SUCCESS,
123 MGMT_STATUS_UNKNOWN_COMMAND, /* Unknown Command */
124 MGMT_STATUS_NOT_CONNECTED, /* No Connection */
125 MGMT_STATUS_FAILED, /* Hardware Failure */
126 MGMT_STATUS_CONNECT_FAILED, /* Page Timeout */
127 MGMT_STATUS_AUTH_FAILED, /* Authentication Failed */
128 MGMT_STATUS_NOT_PAIRED, /* PIN or Key Missing */
129 MGMT_STATUS_NO_RESOURCES, /* Memory Full */
130 MGMT_STATUS_TIMEOUT, /* Connection Timeout */
131 MGMT_STATUS_NO_RESOURCES, /* Max Number of Connections */
132 MGMT_STATUS_NO_RESOURCES, /* Max Number of SCO Connections */
133 MGMT_STATUS_ALREADY_CONNECTED, /* ACL Connection Exists */
134 MGMT_STATUS_BUSY, /* Command Disallowed */
135 MGMT_STATUS_NO_RESOURCES, /* Rejected Limited Resources */
136 MGMT_STATUS_REJECTED, /* Rejected Security */
137 MGMT_STATUS_REJECTED, /* Rejected Personal */
138 MGMT_STATUS_TIMEOUT, /* Host Timeout */
139 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Feature */
140 MGMT_STATUS_INVALID_PARAMS, /* Invalid Parameters */
141 MGMT_STATUS_DISCONNECTED, /* OE User Ended Connection */
142 MGMT_STATUS_NO_RESOURCES, /* OE Low Resources */
143 MGMT_STATUS_DISCONNECTED, /* OE Power Off */
144 MGMT_STATUS_DISCONNECTED, /* Connection Terminated */
145 MGMT_STATUS_BUSY, /* Repeated Attempts */
146 MGMT_STATUS_REJECTED, /* Pairing Not Allowed */
147 MGMT_STATUS_FAILED, /* Unknown LMP PDU */
148 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Remote Feature */
149 MGMT_STATUS_REJECTED, /* SCO Offset Rejected */
150 MGMT_STATUS_REJECTED, /* SCO Interval Rejected */
151 MGMT_STATUS_REJECTED, /* Air Mode Rejected */
152 MGMT_STATUS_INVALID_PARAMS, /* Invalid LMP Parameters */
153 MGMT_STATUS_FAILED, /* Unspecified Error */
154 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported LMP Parameter Value */
155 MGMT_STATUS_FAILED, /* Role Change Not Allowed */
156 MGMT_STATUS_TIMEOUT, /* LMP Response Timeout */
157 MGMT_STATUS_FAILED, /* LMP Error Transaction Collision */
158 MGMT_STATUS_FAILED, /* LMP PDU Not Allowed */
159 MGMT_STATUS_REJECTED, /* Encryption Mode Not Accepted */
160 MGMT_STATUS_FAILED, /* Unit Link Key Used */
161 MGMT_STATUS_NOT_SUPPORTED, /* QoS Not Supported */
162 MGMT_STATUS_TIMEOUT, /* Instant Passed */
163 MGMT_STATUS_NOT_SUPPORTED, /* Pairing Not Supported */
164 MGMT_STATUS_FAILED, /* Transaction Collision */
165 MGMT_STATUS_INVALID_PARAMS, /* Unacceptable Parameter */
166 MGMT_STATUS_REJECTED, /* QoS Rejected */
167 MGMT_STATUS_NOT_SUPPORTED, /* Classification Not Supported */
168 MGMT_STATUS_REJECTED, /* Insufficient Security */
169 MGMT_STATUS_INVALID_PARAMS, /* Parameter Out Of Range */
170 MGMT_STATUS_BUSY, /* Role Switch Pending */
171 MGMT_STATUS_FAILED, /* Slot Violation */
172 MGMT_STATUS_FAILED, /* Role Switch Failed */
173 MGMT_STATUS_INVALID_PARAMS, /* EIR Too Large */
174 MGMT_STATUS_NOT_SUPPORTED, /* Simple Pairing Not Supported */
175 MGMT_STATUS_BUSY, /* Host Busy Pairing */
176 MGMT_STATUS_REJECTED, /* Rejected, No Suitable Channel */
177 MGMT_STATUS_BUSY, /* Controller Busy */
178 MGMT_STATUS_INVALID_PARAMS, /* Unsuitable Connection Interval */
179 MGMT_STATUS_TIMEOUT, /* Directed Advertising Timeout */
180 MGMT_STATUS_AUTH_FAILED, /* Terminated Due to MIC Failure */
181 MGMT_STATUS_CONNECT_FAILED, /* Connection Establishment Failed */
182 MGMT_STATUS_CONNECT_FAILED, /* MAC Connection Failed */
183};
184
bb4b2a9a
AE		 185bool mgmt_valid_hdev(struct hci_dev *hdev)
186{
187 return hdev->dev_type == HCI_BREDR;
188}
189
ca69b795
JH		 190static u8 mgmt_status(u8 hci_status)
191{
192 if (hci_status < ARRAY_SIZE(mgmt_status_table))
193 return mgmt_status_table[hci_status];
194
195 return MGMT_STATUS_FAILED;
196}
197
4e51eae9 198static int cmd_status(struct sock *sk, u16 index, u16 cmd, u8 status)
f7b64e69
JH		 199{
200 struct sk_buff *skb;
201 struct mgmt_hdr *hdr;
202 struct mgmt_ev_cmd_status *ev;
56b7d137 203 int err;
f7b64e69 204
34eb525c 205 BT_DBG("sock %p, index %u, cmd %u, status %u", sk, index, cmd, status);
f7b64e69 206
790eff44 207 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev), GFP_KERNEL);
f7b64e69
JH		 208 if (!skb)
209 return -ENOMEM;
210
211 hdr = (void *) skb_put(skb, sizeof(*hdr));
212
612dfce9 213 hdr->opcode = __constant_cpu_to_le16(MGMT_EV_CMD_STATUS);
4e51eae9 214 hdr->index = cpu_to_le16(index);
f7b64e69
JH		 215 hdr->len = cpu_to_le16(sizeof(*ev));
216
217 ev = (void *) skb_put(skb, sizeof(*ev));
218 ev->status = status;
eb55ef07 219 ev->opcode = cpu_to_le16(cmd);
f7b64e69 220
56b7d137
GP		 221 err = sock_queue_rcv_skb(sk, skb);
222 if (err < 0)
f7b64e69
JH		 223 kfree_skb(skb);
224
56b7d137 225 return err;
f7b64e69
JH		 226}
227
aee9b218 228static int cmd_complete(struct sock *sk, u16 index, u16 cmd, u8 status,
04124681 229 void *rp, size_t rp_len)
02d98129
JH		 230{
231 struct sk_buff *skb;
232 struct mgmt_hdr *hdr;
233 struct mgmt_ev_cmd_complete *ev;
56b7d137 234 int err;
02d98129
JH		 235
236 BT_DBG("sock %p", sk);
237
790eff44 238 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev) + rp_len, GFP_KERNEL);
02d98129
JH		 239 if (!skb)
240 return -ENOMEM;
241
242 hdr = (void *) skb_put(skb, sizeof(*hdr));
02d98129 243
612dfce9 244 hdr->opcode = __constant_cpu_to_le16(MGMT_EV_CMD_COMPLETE);
4e51eae9 245 hdr->index = cpu_to_le16(index);
a38528f1 246 hdr->len = cpu_to_le16(sizeof(*ev) + rp_len);
02d98129 247
a38528f1 248 ev = (void *) skb_put(skb, sizeof(*ev) + rp_len);
eb55ef07 249 ev->opcode = cpu_to_le16(cmd);
aee9b218 250 ev->status = status;
8020c16a
SJ		 251
252 if (rp)
253 memcpy(ev->data, rp, rp_len);
02d98129 254
56b7d137
GP		 255 err = sock_queue_rcv_skb(sk, skb);
256 if (err < 0)
02d98129
JH		 257 kfree_skb(skb);
258
e5f0e151 259 return err;
02d98129
JH		 260}
261
04124681
GP		 262static int read_version(struct sock *sk, struct hci_dev *hdev, void *data,
263 u16 data_len)
a38528f1
JH		 264{
265 struct mgmt_rp_read_version rp;
266
267 BT_DBG("sock %p", sk);
268
269 rp.version = MGMT_VERSION;
eb55ef07 270 rp.revision = __constant_cpu_to_le16(MGMT_REVISION);
a38528f1 271
aee9b218 272 return cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_VERSION, 0, &rp,
04124681 273 sizeof(rp));
a38528f1
JH		 274}
275
04124681
GP		 276static int read_commands(struct sock *sk, struct hci_dev *hdev, void *data,
277 u16 data_len)
e70bb2e8
JH		 278{
279 struct mgmt_rp_read_commands *rp;
eb55ef07
MH		 280 const u16 num_commands = ARRAY_SIZE(mgmt_commands);
281 const u16 num_events = ARRAY_SIZE(mgmt_events);
2e3c35ea 282 __le16 *opcode;
e70bb2e8
JH		 283 size_t rp_size;
284 int i, err;
285
286 BT_DBG("sock %p", sk);
287
288 rp_size = sizeof(*rp) + ((num_commands + num_events) * sizeof(u16));
289
290 rp = kmalloc(rp_size, GFP_KERNEL);
291 if (!rp)
292 return -ENOMEM;
293
eb55ef07
MH		 294 rp->num_commands = __constant_cpu_to_le16(num_commands);
295 rp->num_events = __constant_cpu_to_le16(num_events);
e70bb2e8
JH		 296
297 for (i = 0, opcode = rp->opcodes; i < num_commands; i++, opcode++)
298 put_unaligned_le16(mgmt_commands[i], opcode);
299
300 for (i = 0; i < num_events; i++, opcode++)
301 put_unaligned_le16(mgmt_events[i], opcode);
302
aee9b218 303 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_COMMANDS, 0, rp,
04124681 304 rp_size);
e70bb2e8
JH		 305 kfree(rp);
306
307 return err;
308}
309
04124681
GP		 310static int read_index_list(struct sock *sk, struct hci_dev *hdev, void *data,
311 u16 data_len)
faba42eb 312{
faba42eb 313 struct mgmt_rp_read_index_list *rp;
8035ded4 314 struct hci_dev *d;
a38528f1 315 size_t rp_len;
faba42eb 316 u16 count;
476e44cb 317 int err;
faba42eb
JH		 318
319 BT_DBG("sock %p", sk);
320
321 read_lock(&hci_dev_list_lock);
322
323 count = 0;
bb4b2a9a
AE		 324 list_for_each_entry(d, &hci_dev_list, list) {
325 if (!mgmt_valid_hdev(d))
326 continue;
327
faba42eb
JH		 328 count++;
329 }
330
a38528f1
JH		 331 rp_len = sizeof(*rp) + (2 * count);
332 rp = kmalloc(rp_len, GFP_ATOMIC);
333 if (!rp) {
b2c60d42 334 read_unlock(&hci_dev_list_lock);
faba42eb 335 return -ENOMEM;
b2c60d42 336 }
faba42eb 337
476e44cb 338 count = 0;
8035ded4 339 list_for_each_entry(d, &hci_dev_list, list) {
a8b2d5c2 340 if (test_bit(HCI_SETUP, &d->dev_flags))
ab81cbf9
JH		 341 continue;
342
0736cfa8
MH		 343 if (test_bit(HCI_USER_CHANNEL, &d->dev_flags))
344 continue;
345
bb4b2a9a
AE		 346 if (!mgmt_valid_hdev(d))
347 continue;
348
476e44cb 349 rp->index[count++] = cpu_to_le16(d->id);
faba42eb
JH		 350 BT_DBG("Added hci%u", d->id);
351 }
352
476e44cb
JH		 353 rp->num_controllers = cpu_to_le16(count);
354 rp_len = sizeof(*rp) + (2 * count);
355
faba42eb
JH		 356 read_unlock(&hci_dev_list_lock);
357
aee9b218 358 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_INDEX_LIST, 0, rp,
04124681 359 rp_len);
faba42eb 360
a38528f1
JH		 361 kfree(rp);
362
363 return err;
faba42eb
JH		 364}
365
69ab39ea
JH		 366static u32 get_supported_settings(struct hci_dev *hdev)
367{
368 u32 settings = 0;
369
370 settings |= MGMT_SETTING_POWERED;
69ab39ea
JH		 371 settings |= MGMT_SETTING_PAIRABLE;
372
9a1a1996 373 if (lmp_ssp_capable(hdev))
69ab39ea
JH		 374 settings |= MGMT_SETTING_SSP;
375
ed3fa31f 376 if (lmp_bredr_capable(hdev)) {
33c525c0 377 settings |= MGMT_SETTING_CONNECTABLE;
1a47aee8
JH		 378 if (hdev->hci_ver >= BLUETOOTH_VER_1_2)
379 settings |= MGMT_SETTING_FAST_CONNECTABLE;
33c525c0 380 settings |= MGMT_SETTING_DISCOVERABLE;
69ab39ea
JH		 381 settings |= MGMT_SETTING_BREDR;
382 settings |= MGMT_SETTING_LINK_SECURITY;
d7b7e796 383 settings |= MGMT_SETTING_HS;
848566b3 384 }
d7b7e796 385
eeca6f89 386 if (lmp_le_capable(hdev)) {
9d42820f 387 settings |= MGMT_SETTING_LE;
eeca6f89
JH		 388 settings |= MGMT_SETTING_ADVERTISING;
389 }
69ab39ea
JH		 390
391 return settings;
392}
393
394static u32 get_current_settings(struct hci_dev *hdev)
395{
396 u32 settings = 0;
397
f1f0eb02 398 if (hdev_is_powered(hdev))
f0d4b78a
MH		 399 settings |= MGMT_SETTING_POWERED;
400
5e5282bb 401 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
69ab39ea
JH		 402 settings |= MGMT_SETTING_CONNECTABLE;
403
1a4d3c4b
JH		 404 if (test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags))
405 settings |= MGMT_SETTING_FAST_CONNECTABLE;
406
5e5282bb 407 if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
69ab39ea
JH		 408 settings |= MGMT_SETTING_DISCOVERABLE;
409
a8b2d5c2 410 if (test_bit(HCI_PAIRABLE, &hdev->dev_flags))
69ab39ea
JH		 411 settings |= MGMT_SETTING_PAIRABLE;
412
56f87901 413 if (test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
69ab39ea
JH		 414 settings |= MGMT_SETTING_BREDR;
415
06199cf8 416 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
69ab39ea
JH		 417 settings |= MGMT_SETTING_LE;
418
47990ea0 419 if (test_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
69ab39ea
JH		 420 settings |= MGMT_SETTING_LINK_SECURITY;
421
84bde9d6 422 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
69ab39ea
JH		 423 settings |= MGMT_SETTING_SSP;
424
6d80dfd0
JH		 425 if (test_bit(HCI_HS_ENABLED, &hdev->dev_flags))
426 settings |= MGMT_SETTING_HS;
427
f3d3444a 428 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags))
eeca6f89
JH		 429 settings |= MGMT_SETTING_ADVERTISING;
430
69ab39ea
JH		 431 return settings;
432}
433
ef580372
JH		 434#define PNP_INFO_SVCLASS_ID 0x1200
435
213202ed
JH		 436static u8 *create_uuid16_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
437{
438 u8 *ptr = data, *uuids_start = NULL;
439 struct bt_uuid *uuid;
440
441 if (len < 4)
442 return ptr;
443
444 list_for_each_entry(uuid, &hdev->uuids, list) {
445 u16 uuid16;
446
447 if (uuid->size != 16)
448 continue;
449
450 uuid16 = get_unaligned_le16(&uuid->uuid[12]);
451 if (uuid16 < 0x1100)
452 continue;
453
454 if (uuid16 == PNP_INFO_SVCLASS_ID)
455 continue;
456
457 if (!uuids_start) {
458 uuids_start = ptr;
459 uuids_start[0] = 1;
460 uuids_start[1] = EIR_UUID16_ALL;
461 ptr += 2;
462 }
463
464 /* Stop if not enough space to put next UUID */
465 if ((ptr - data) + sizeof(u16) > len) {
466 uuids_start[1] = EIR_UUID16_SOME;
467 break;
468 }
469
470 *ptr++ = (uuid16 & 0x00ff);
471 *ptr++ = (uuid16 & 0xff00) >> 8;
472 uuids_start[0] += sizeof(uuid16);
473 }
474
475 return ptr;
476}
477
cdf1963f
JH		 478static u8 *create_uuid32_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
479{
480 u8 *ptr = data, *uuids_start = NULL;
481 struct bt_uuid *uuid;
482
483 if (len < 6)
484 return ptr;
485
486 list_for_each_entry(uuid, &hdev->uuids, list) {
487 if (uuid->size != 32)
488 continue;
489
490 if (!uuids_start) {
491 uuids_start = ptr;
492 uuids_start[0] = 1;
493 uuids_start[1] = EIR_UUID32_ALL;
494 ptr += 2;
495 }
496
497 /* Stop if not enough space to put next UUID */
498 if ((ptr - data) + sizeof(u32) > len) {
499 uuids_start[1] = EIR_UUID32_SOME;
500 break;
501 }
502
503 memcpy(ptr, &uuid->uuid[12], sizeof(u32));
504 ptr += sizeof(u32);
505 uuids_start[0] += sizeof(u32);
506 }
507
508 return ptr;
509}
510
c00d575b
JH		 511static u8 *create_uuid128_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
512{
513 u8 *ptr = data, *uuids_start = NULL;
514 struct bt_uuid *uuid;
515
516 if (len < 18)
517 return ptr;
518
519 list_for_each_entry(uuid, &hdev->uuids, list) {
520 if (uuid->size != 128)
521 continue;
522
523 if (!uuids_start) {
524 uuids_start = ptr;
525 uuids_start[0] = 1;
526 uuids_start[1] = EIR_UUID128_ALL;
527 ptr += 2;
528 }
529
530 /* Stop if not enough space to put next UUID */
531 if ((ptr - data) + 16 > len) {
532 uuids_start[1] = EIR_UUID128_SOME;
533 break;
534 }
535
536 memcpy(ptr, uuid->uuid, 16);
537 ptr += 16;
538 uuids_start[0] += 16;
539 }
540
541 return ptr;
542}
543
ef580372
JH		 544static void create_eir(struct hci_dev *hdev, u8 *data)
545{
546 u8 *ptr = data;
ef580372
JH		 547 size_t name_len;
548
549 name_len = strlen(hdev->dev_name);
550
551 if (name_len > 0) {
552 /* EIR Data type */
553 if (name_len > 48) {
554 name_len = 48;
555 ptr[1] = EIR_NAME_SHORT;
556 } else
557 ptr[1] = EIR_NAME_COMPLETE;
558
559 /* EIR Data length */
560 ptr[0] = name_len + 1;
561
562 memcpy(ptr + 2, hdev->dev_name, name_len);
563
ef580372
JH		 564 ptr += (name_len + 2);
565 }
566
bbaf444a 567 if (hdev->inq_tx_power != HCI_TX_POWER_INVALID) {
91c4e9b1
MH		 568 ptr[0] = 2;
569 ptr[1] = EIR_TX_POWER;
570 ptr[2] = (u8) hdev->inq_tx_power;
571
91c4e9b1
MH		 572 ptr += 3;
573 }
574
2b9be137
MH		 575 if (hdev->devid_source > 0) {
576 ptr[0] = 9;
577 ptr[1] = EIR_DEVICE_ID;
578
579 put_unaligned_le16(hdev->devid_source, ptr + 2);
580 put_unaligned_le16(hdev->devid_vendor, ptr + 4);
581 put_unaligned_le16(hdev->devid_product, ptr + 6);
582 put_unaligned_le16(hdev->devid_version, ptr + 8);
583
2b9be137
MH		 584 ptr += 10;
585 }
586
213202ed 587 ptr = create_uuid16_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
cdf1963f 588 ptr = create_uuid32_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
c00d575b 589 ptr = create_uuid128_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
ef580372
JH		 590}
591
890ea898 592static void update_eir(struct hci_request *req)
ef580372 593{
890ea898 594 struct hci_dev *hdev = req->hdev;
ef580372
JH		 595 struct hci_cp_write_eir cp;
596
504c8dcd 597 if (!hdev_is_powered(hdev))
890ea898 598 return;
7770c4aa 599
976eb20e 600 if (!lmp_ext_inq_capable(hdev))
890ea898 601 return;
ef580372 602
84bde9d6 603 if (!test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
890ea898 604 return;
ef580372 605
a8b2d5c2 606 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
890ea898 607 return;
ef580372
JH		 608
609 memset(&cp, 0, sizeof(cp));
610
611 create_eir(hdev, cp.data);
612
613 if (memcmp(cp.data, hdev->eir, sizeof(cp.data)) == 0)
890ea898 614 return;
ef580372
JH		 615
616 memcpy(hdev->eir, cp.data, sizeof(cp.data));
617
890ea898 618 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
ef580372
JH		 619}
620
621static u8 get_service_classes(struct hci_dev *hdev)
622{
623 struct bt_uuid *uuid;
624 u8 val = 0;
625
626 list_for_each_entry(uuid, &hdev->uuids, list)
627 val |= uuid->svc_hint;
628
629 return val;
630}
631
890ea898 632static void update_class(struct hci_request *req)
ef580372 633{
890ea898 634 struct hci_dev *hdev = req->hdev;
ef580372
JH		 635 u8 cod[3];
636
637 BT_DBG("%s", hdev->name);
638
504c8dcd 639 if (!hdev_is_powered(hdev))
890ea898 640 return;
7770c4aa 641
a8b2d5c2 642 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
890ea898 643 return;
ef580372
JH		 644
645 cod[0] = hdev->minor_class;
646 cod[1] = hdev->major_class;
647 cod[2] = get_service_classes(hdev);
648
649 if (memcmp(cod, hdev->dev_class, 3) == 0)
890ea898 650 return;
ef580372 651
890ea898 652 hci_req_add(req, HCI_OP_WRITE_CLASS_OF_DEV, sizeof(cod), cod);
ef580372
JH		 653}
654
7d78525d
JH		 655static void service_cache_off(struct work_struct *work)
656{
657 struct hci_dev *hdev = container_of(work, struct hci_dev,
04124681 658 service_cache.work);
890ea898 659 struct hci_request req;
7d78525d 660
a8b2d5c2 661 if (!test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
7d78525d
JH		 662 return;
663
890ea898
JH		 664 hci_req_init(&req, hdev);
665
7d78525d
JH		 666 hci_dev_lock(hdev);
667
890ea898
JH		 668 update_eir(&req);
669 update_class(&req);
7d78525d
JH		 670
671 hci_dev_unlock(hdev);
890ea898
JH		 672
673 hci_req_run(&req, NULL);
7d78525d
JH		 674}
675
6a919082 676static void mgmt_init_hdev(struct sock *sk, struct hci_dev *hdev)
7d78525d 677{
4f87da80 678 if (test_and_set_bit(HCI_MGMT, &hdev->dev_flags))
6a919082
JH		 679 return;
680
4f87da80 681 INIT_DELAYED_WORK(&hdev->service_cache, service_cache_off);
7d78525d 682
4f87da80
JH		 683 /* Non-mgmt controlled devices get this bit set
684 * implicitly so that pairing works for them, however
685 * for mgmt we require user-space to explicitly enable
686 * it
687 */
688 clear_bit(HCI_PAIRABLE, &hdev->dev_flags);
7d78525d
JH		 689}
690
0f4e68cf 691static int read_controller_info(struct sock *sk, struct hci_dev *hdev,
04124681 692 void *data, u16 data_len)
0381101f 693{
a38528f1 694 struct mgmt_rp_read_info rp;
f7b64e69 695
bdb6d971 696 BT_DBG("sock %p %s", sk, hdev->name);
f7b64e69 697
09fd0de5 698 hci_dev_lock(hdev);
f7b64e69 699
dc4fe30b
JH		 700 memset(&rp, 0, sizeof(rp));
701
69ab39ea 702 bacpy(&rp.bdaddr, &hdev->bdaddr);
f7b64e69 703
69ab39ea 704 rp.version = hdev->hci_ver;
eb55ef07 705 rp.manufacturer = cpu_to_le16(hdev->manufacturer);
69ab39ea
JH		 706
707 rp.supported_settings = cpu_to_le32(get_supported_settings(hdev));
708 rp.current_settings = cpu_to_le32(get_current_settings(hdev));
f7b64e69 709
a38528f1 710 memcpy(rp.dev_class, hdev->dev_class, 3);
f7b64e69 711
dc4fe30b 712 memcpy(rp.name, hdev->dev_name, sizeof(hdev->dev_name));
27fcc362 713 memcpy(rp.short_name, hdev->short_name, sizeof(hdev->short_name));
dc4fe30b 714
09fd0de5 715 hci_dev_unlock(hdev);
0381101f 716
bdb6d971 717 return cmd_complete(sk, hdev->id, MGMT_OP_READ_INFO, 0, &rp,
04124681 718 sizeof(rp));
0381101f
JH		 719}
720
eec8d2bc
JH		 721static void mgmt_pending_free(struct pending_cmd *cmd)
722{
723 sock_put(cmd->sk);
c68fb7ff 724 kfree(cmd->param);
eec8d2bc
JH		 725 kfree(cmd);
726}
727
366a0336 728static struct pending_cmd *mgmt_pending_add(struct sock *sk, u16 opcode,
04124681
GP		 729 struct hci_dev *hdev, void *data,
730 u16 len)
eec8d2bc
JH		 731{
732 struct pending_cmd *cmd;
733
12b94565 734 cmd = kmalloc(sizeof(*cmd), GFP_KERNEL);
eec8d2bc 735 if (!cmd)
366a0336 736 return NULL;
eec8d2bc
JH		 737
738 cmd->opcode = opcode;
2e58ef3e 739 cmd->index = hdev->id;
eec8d2bc 740
12b94565 741 cmd->param = kmalloc(len, GFP_KERNEL);
c68fb7ff 742 if (!cmd->param) {
eec8d2bc 743 kfree(cmd);
366a0336 744 return NULL;
eec8d2bc
JH		 745 }
746
8fce6357
SJ		 747 if (data)
748 memcpy(cmd->param, data, len);
eec8d2bc
JH		 749
750 cmd->sk = sk;
751 sock_hold(sk);
752
2e58ef3e 753 list_add(&cmd->list, &hdev->mgmt_pending);
eec8d2bc 754
366a0336 755 return cmd;
eec8d2bc
JH		 756}
757
744cf19e 758static void mgmt_pending_foreach(u16 opcode, struct hci_dev *hdev,
8fc9ced3
GP		 759 void (*cb)(struct pending_cmd *cmd,
760 void *data),
04124681 761 void *data)
eec8d2bc 762{
a3d09356 763 struct pending_cmd *cmd, *tmp;
eec8d2bc 764
a3d09356 765 list_for_each_entry_safe(cmd, tmp, &hdev->mgmt_pending, list) {
b24752fe 766 if (opcode > 0 && cmd->opcode != opcode)
eec8d2bc
JH		 767 continue;
768
eec8d2bc
JH		 769 cb(cmd, data);
770 }
771}
772
2e58ef3e 773static struct pending_cmd *mgmt_pending_find(u16 opcode, struct hci_dev *hdev)
eec8d2bc 774{
8035ded4 775 struct pending_cmd *cmd;
eec8d2bc 776
2e58ef3e 777 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
2aeabcbe
JH		 778 if (cmd->opcode == opcode)
779 return cmd;
eec8d2bc
JH		 780 }
781
782 return NULL;
783}
784
a664b5bc 785static void mgmt_pending_remove(struct pending_cmd *cmd)
73f22f62 786{
73f22f62
JH		 787 list_del(&cmd->list);
788 mgmt_pending_free(cmd);
789}
790
69ab39ea 791static int send_settings_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
8680570b 792{
69ab39ea 793 __le32 settings = cpu_to_le32(get_current_settings(hdev));
8680570b 794
aee9b218 795 return cmd_complete(sk, hdev->id, opcode, 0, &settings,
04124681 796 sizeof(settings));
8680570b
JH		 797}
798
bdb6d971 799static int set_powered(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 800 u16 len)
eec8d2bc 801{
650f726d 802 struct mgmt_mode *cp = data;
366a0336 803 struct pending_cmd *cmd;
4b34ee78 804 int err;
eec8d2bc 805
bdb6d971 806 BT_DBG("request for %s", hdev->name);
eec8d2bc 807
a7e80f25
JH		 808 if (cp->val != 0x00 && cp->val != 0x01)
809 return cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
810 MGMT_STATUS_INVALID_PARAMS);
811
09fd0de5 812 hci_dev_lock(hdev);
eec8d2bc 813
87b95ba6
JH		 814 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev)) {
815 err = cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
816 MGMT_STATUS_BUSY);
817 goto failed;
818 }
819
f0d4b78a
MH		 820 if (test_and_clear_bit(HCI_AUTO_OFF, &hdev->dev_flags)) {
821 cancel_delayed_work(&hdev->power_off);
822
823 if (cp->val) {
a1d70450
JH		 824 mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev,
825 data, len);
826 err = mgmt_powered(hdev, 1);
f0d4b78a
MH		 827 goto failed;
828 }
829 }
830
4b34ee78 831 if (!!cp->val == hdev_is_powered(hdev)) {
69ab39ea 832 err = send_settings_rsp(sk, MGMT_OP_SET_POWERED, hdev);
eec8d2bc
JH		 833 goto failed;
834 }
835
2e58ef3e 836 cmd = mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev, data, len);
366a0336
JH		 837 if (!cmd) {
838 err = -ENOMEM;
eec8d2bc 839 goto failed;
366a0336 840 }
eec8d2bc 841
72a734ec 842 if (cp->val)
19202573 843 queue_work(hdev->req_workqueue, &hdev->power_on);
eec8d2bc 844 else
19202573 845 queue_work(hdev->req_workqueue, &hdev->power_off.work);
eec8d2bc 846
366a0336 847 err = 0;
eec8d2bc
JH		 848
849failed:
09fd0de5 850 hci_dev_unlock(hdev);
366a0336 851 return err;
eec8d2bc
JH		 852}
853
04124681
GP		 854static int mgmt_event(u16 event, struct hci_dev *hdev, void *data, u16 data_len,
855 struct sock *skip_sk)
beadb2bd
JH		 856{
857 struct sk_buff *skb;
858 struct mgmt_hdr *hdr;
859
790eff44 860 skb = alloc_skb(sizeof(*hdr) + data_len, GFP_KERNEL);
beadb2bd
JH		 861 if (!skb)
862 return -ENOMEM;
863
864 hdr = (void *) skb_put(skb, sizeof(*hdr));
865 hdr->opcode = cpu_to_le16(event);
866 if (hdev)
867 hdr->index = cpu_to_le16(hdev->id);
868 else
612dfce9 869 hdr->index = __constant_cpu_to_le16(MGMT_INDEX_NONE);
beadb2bd
JH		 870 hdr->len = cpu_to_le16(data_len);
871
872 if (data)
873 memcpy(skb_put(skb, data_len), data, data_len);
874
97e0bdeb
MH		 875 /* Time stamp */
876 __net_timestamp(skb);
877
beadb2bd
JH		 878 hci_send_to_control(skb, skip_sk);
879 kfree_skb(skb);
880
881 return 0;
882}
883
884static int new_settings(struct hci_dev *hdev, struct sock *skip)
885{
886 __le32 ev;
887
888 ev = cpu_to_le32(get_current_settings(hdev));
889
890 return mgmt_event(MGMT_EV_NEW_SETTINGS, hdev, &ev, sizeof(ev), skip);
891}
892
d2f5a196
JH		 893int mgmt_new_settings(struct hci_dev *hdev)
894{
895 return new_settings(hdev, NULL);
896}
897
bd99abdd
JH		 898struct cmd_lookup {
899 struct sock *sk;
900 struct hci_dev *hdev;
901 u8 mgmt_status;
902};
903
904static void settings_rsp(struct pending_cmd *cmd, void *data)
905{
906 struct cmd_lookup *match = data;
907
908 send_settings_rsp(cmd->sk, cmd->opcode, match->hdev);
909
910 list_del(&cmd->list);
911
912 if (match->sk == NULL) {
913 match->sk = cmd->sk;
914 sock_hold(match->sk);
915 }
916
917 mgmt_pending_free(cmd);
918}
919
920static void cmd_status_rsp(struct pending_cmd *cmd, void *data)
921{
922 u8 *status = data;
923
924 cmd_status(cmd->sk, cmd->index, cmd->opcode, *status);
925 mgmt_pending_remove(cmd);
926}
927
e6fe7986
JH		 928static u8 mgmt_bredr_support(struct hci_dev *hdev)
929{
930 if (!lmp_bredr_capable(hdev))
931 return MGMT_STATUS_NOT_SUPPORTED;
932 else if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
933 return MGMT_STATUS_REJECTED;
934 else
935 return MGMT_STATUS_SUCCESS;
936}
937
938static u8 mgmt_le_support(struct hci_dev *hdev)
939{
940 if (!lmp_le_capable(hdev))
941 return MGMT_STATUS_NOT_SUPPORTED;
942 else if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
943 return MGMT_STATUS_REJECTED;
944 else
945 return MGMT_STATUS_SUCCESS;
946}
947
bdb6d971 948static int set_discoverable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 949 u16 len)
73f22f62 950{
650f726d 951 struct mgmt_cp_set_discoverable *cp = data;
366a0336 952 struct pending_cmd *cmd;
5e5282bb 953 u16 timeout;
e6fe7986 954 u8 scan, status;
73f22f62
JH		 955 int err;
956
bdb6d971 957 BT_DBG("request for %s", hdev->name);
73f22f62 958
e6fe7986
JH		 959 status = mgmt_bredr_support(hdev);
960 if (status)
33c525c0 961 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
e6fe7986 962 status);
33c525c0 963
a7e80f25
JH		 964 if (cp->val != 0x00 && cp->val != 0x01)
965 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
966 MGMT_STATUS_INVALID_PARAMS);
967
1f350c87 968 timeout = __le16_to_cpu(cp->timeout);
24c54a90 969 if (!cp->val && timeout > 0)
bdb6d971 970 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 971 MGMT_STATUS_INVALID_PARAMS);
73f22f62 972
09fd0de5 973 hci_dev_lock(hdev);
73f22f62 974
5e5282bb 975 if (!hdev_is_powered(hdev) && timeout > 0) {
bdb6d971 976 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 977 MGMT_STATUS_NOT_POWERED);
73f22f62
JH		 978 goto failed;
979 }
980
2e58ef3e 981 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
8ce8e2b5 982 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
bdb6d971 983 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 984 MGMT_STATUS_BUSY);
73f22f62
JH		 985 goto failed;
986 }
987
5e5282bb 988 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags)) {
bdb6d971 989 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 990 MGMT_STATUS_REJECTED);
5e5282bb
JH		 991 goto failed;
992 }
993
994 if (!hdev_is_powered(hdev)) {
0224d2fa
JH		 995 bool changed = false;
996
997 if (!!cp->val != test_bit(HCI_DISCOVERABLE, &hdev->dev_flags)) {
998 change_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
999 changed = true;
1000 }
1001
5e5282bb 1002 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
0224d2fa
JH		 1003 if (err < 0)
1004 goto failed;
1005
1006 if (changed)
1007 err = new_settings(hdev, sk);
1008
5e5282bb
JH		 1009 goto failed;
1010 }
1011
1012 if (!!cp->val == test_bit(HCI_DISCOVERABLE, &hdev->dev_flags)) {
955638ec
MH		 1013 if (hdev->discov_timeout > 0) {
1014 cancel_delayed_work(&hdev->discov_off);
1015 hdev->discov_timeout = 0;
1016 }
1017
1018 if (cp->val && timeout > 0) {
1019 hdev->discov_timeout = timeout;
1020 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
1021 msecs_to_jiffies(hdev->discov_timeout * 1000));
1022 }
1023
69ab39ea 1024 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
73f22f62
JH		 1025 goto failed;
1026 }
1027
2e58ef3e 1028 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DISCOVERABLE, hdev, data, len);
366a0336
JH		 1029 if (!cmd) {
1030 err = -ENOMEM;
73f22f62 1031 goto failed;
366a0336 1032 }
73f22f62
JH		 1033
1034 scan = SCAN_PAGE;
1035
72a734ec 1036 if (cp->val)
73f22f62 1037 scan |= SCAN_INQUIRY;
16ab91ab 1038 else
e0f9309f 1039 cancel_delayed_work(&hdev->discov_off);
73f22f62
JH		 1040
1041 err = hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1042 if (err < 0)
a664b5bc 1043 mgmt_pending_remove(cmd);
73f22f62 1044
16ab91ab 1045 if (cp->val)
5e5282bb 1046 hdev->discov_timeout = timeout;
16ab91ab 1047
73f22f62 1048failed:
09fd0de5 1049 hci_dev_unlock(hdev);
73f22f62
JH		 1050 return err;
1051}
1052
406d7804
JH		 1053static void write_fast_connectable(struct hci_request *req, bool enable)
1054{
bd98b996 1055 struct hci_dev *hdev = req->hdev;
406d7804
JH		 1056 struct hci_cp_write_page_scan_activity acp;
1057 u8 type;
1058
4c01f8b8
JH		 1059 if (hdev->hci_ver < BLUETOOTH_VER_1_2)
1060 return;
1061
406d7804
JH		 1062 if (enable) {
1063 type = PAGE_SCAN_TYPE_INTERLACED;
1064
1065 /* 160 msec page scan interval */
1066 acp.interval = __constant_cpu_to_le16(0x0100);
1067 } else {
1068 type = PAGE_SCAN_TYPE_STANDARD; /* default */
1069
1070 /* default 1.28 sec page scan */
1071 acp.interval = __constant_cpu_to_le16(0x0800);
1072 }
1073
1074 acp.window = __constant_cpu_to_le16(0x0012);
1075
bd98b996
JH		 1076 if (__cpu_to_le16(hdev->page_scan_interval) != acp.interval ||
1077 __cpu_to_le16(hdev->page_scan_window) != acp.window)
1078 hci_req_add(req, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY,
1079 sizeof(acp), &acp);
1080
1081 if (hdev->page_scan_type != type)
1082 hci_req_add(req, HCI_OP_WRITE_PAGE_SCAN_TYPE, 1, &type);
406d7804
JH		 1083}
1084
2b76f453
JH		 1085static void set_connectable_complete(struct hci_dev *hdev, u8 status)
1086{
1087 struct pending_cmd *cmd;
1088
1089 BT_DBG("status 0x%02x", status);
1090
1091 hci_dev_lock(hdev);
1092
1093 cmd = mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
1094 if (!cmd)
1095 goto unlock;
1096
1097 send_settings_rsp(cmd->sk, MGMT_OP_SET_CONNECTABLE, hdev);
1098
1099 mgmt_pending_remove(cmd);
1100
1101unlock:
1102 hci_dev_unlock(hdev);
1103}
1104
bdb6d971 1105static int set_connectable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1106 u16 len)
9fbcbb45 1107{
650f726d 1108 struct mgmt_mode *cp = data;
366a0336 1109 struct pending_cmd *cmd;
2b76f453 1110 struct hci_request req;
e6fe7986 1111 u8 scan, status;
9fbcbb45
JH		 1112 int err;
1113
bdb6d971 1114 BT_DBG("request for %s", hdev->name);
9fbcbb45 1115
e6fe7986
JH		 1116 status = mgmt_bredr_support(hdev);
1117 if (status)
33c525c0 1118 return cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
e6fe7986 1119 status);
33c525c0 1120
a7e80f25
JH		 1121 if (cp->val != 0x00 && cp->val != 0x01)
1122 return cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1123 MGMT_STATUS_INVALID_PARAMS);
1124
09fd0de5 1125 hci_dev_lock(hdev);
9fbcbb45 1126
4b34ee78 1127 if (!hdev_is_powered(hdev)) {
0224d2fa
JH		 1128 bool changed = false;
1129
1130 if (!!cp->val != test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
1131 changed = true;
1132
6bf0e469 1133 if (cp->val) {
5e5282bb 1134 set_bit(HCI_CONNECTABLE, &hdev->dev_flags);
6bf0e469 1135 } else {
5e5282bb
JH		 1136 clear_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1137 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
1138 }
0224d2fa 1139
5e5282bb 1140 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
0224d2fa
JH		 1141 if (err < 0)
1142 goto failed;
1143
1144 if (changed)
1145 err = new_settings(hdev, sk);
1146
9fbcbb45
JH		 1147 goto failed;
1148 }
1149
2e58ef3e 1150 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
8ce8e2b5 1151 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
bdb6d971 1152 err = cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
04124681 1153 MGMT_STATUS_BUSY);
9fbcbb45
JH		 1154 goto failed;
1155 }
1156
5e5282bb 1157 if (!!cp->val == test_bit(HCI_PSCAN, &hdev->flags)) {
69ab39ea 1158 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
9fbcbb45
JH		 1159 goto failed;
1160 }
1161
2e58ef3e 1162 cmd = mgmt_pending_add(sk, MGMT_OP_SET_CONNECTABLE, hdev, data, len);
366a0336
JH		 1163 if (!cmd) {
1164 err = -ENOMEM;
9fbcbb45 1165 goto failed;
366a0336 1166 }
9fbcbb45 1167
6bf0e469 1168 if (cp->val) {
9fbcbb45 1169 scan = SCAN_PAGE;
6bf0e469 1170 } else {
9fbcbb45
JH		 1171 scan = 0;
1172
df2c6c5e 1173 if (test_bit(HCI_ISCAN, &hdev->flags) &&
8ce8e2b5 1174 hdev->discov_timeout > 0)
df2c6c5e
JH		 1175 cancel_delayed_work(&hdev->discov_off);
1176 }
1177
2b76f453
JH		 1178 hci_req_init(&req, hdev);
1179
1180 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1181
4c01f8b8
JH		 1182 /* If we're going from non-connectable to connectable or
1183 * vice-versa when fast connectable is enabled ensure that fast
1184 * connectable gets disabled. write_fast_connectable won't do
1185 * anything if the page scan parameters are already what they
1186 * should be.
1187 */
1188 if (cp->val || test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags))
e36a3769
JH		 1189 write_fast_connectable(&req, false);
1190
2b76f453 1191 err = hci_req_run(&req, set_connectable_complete);
9fbcbb45 1192 if (err < 0)
a664b5bc 1193 mgmt_pending_remove(cmd);
9fbcbb45
JH		 1194
1195failed:
09fd0de5 1196 hci_dev_unlock(hdev);
9fbcbb45
JH		 1197 return err;
1198}
1199
bdb6d971 1200static int set_pairable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1201 u16 len)
c542a06c 1202{
650f726d 1203 struct mgmt_mode *cp = data;
c542a06c
JH		 1204 int err;
1205
bdb6d971 1206 BT_DBG("request for %s", hdev->name);
c542a06c 1207
a7e80f25
JH		 1208 if (cp->val != 0x00 && cp->val != 0x01)
1209 return cmd_status(sk, hdev->id, MGMT_OP_SET_PAIRABLE,
1210 MGMT_STATUS_INVALID_PARAMS);
1211
09fd0de5 1212 hci_dev_lock(hdev);
c542a06c
JH		 1213
1214 if (cp->val)
a8b2d5c2 1215 set_bit(HCI_PAIRABLE, &hdev->dev_flags);
c542a06c 1216 else
a8b2d5c2 1217 clear_bit(HCI_PAIRABLE, &hdev->dev_flags);
c542a06c 1218
69ab39ea 1219 err = send_settings_rsp(sk, MGMT_OP_SET_PAIRABLE, hdev);
c542a06c
JH		 1220 if (err < 0)
1221 goto failed;
1222
beadb2bd 1223 err = new_settings(hdev, sk);
c542a06c
JH		 1224
1225failed:
09fd0de5 1226 hci_dev_unlock(hdev);
c542a06c
JH		 1227 return err;
1228}
1229
04124681
GP		 1230static int set_link_security(struct sock *sk, struct hci_dev *hdev, void *data,
1231 u16 len)
33ef95ed
JH		 1232{
1233 struct mgmt_mode *cp = data;
1234 struct pending_cmd *cmd;
e6fe7986 1235 u8 val, status;
33ef95ed
JH		 1236 int err;
1237
bdb6d971 1238 BT_DBG("request for %s", hdev->name);
33ef95ed 1239
e6fe7986
JH		 1240 status = mgmt_bredr_support(hdev);
1241 if (status)
33c525c0 1242 return cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
e6fe7986 1243 status);
33c525c0 1244
a7e80f25
JH		 1245 if (cp->val != 0x00 && cp->val != 0x01)
1246 return cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1247 MGMT_STATUS_INVALID_PARAMS);
1248
33ef95ed
JH		 1249 hci_dev_lock(hdev);
1250
4b34ee78 1251 if (!hdev_is_powered(hdev)) {
47990ea0
JH		 1252 bool changed = false;
1253
1254 if (!!cp->val != test_bit(HCI_LINK_SECURITY,
8ce8e2b5 1255 &hdev->dev_flags)) {
47990ea0
JH		 1256 change_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
1257 changed = true;
1258 }
1259
1260 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1261 if (err < 0)
1262 goto failed;
1263
1264 if (changed)
1265 err = new_settings(hdev, sk);
1266
33ef95ed
JH		 1267 goto failed;
1268 }
1269
1270 if (mgmt_pending_find(MGMT_OP_SET_LINK_SECURITY, hdev)) {
bdb6d971 1271 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
04124681 1272 MGMT_STATUS_BUSY);
33ef95ed
JH		 1273 goto failed;
1274 }
1275
1276 val = !!cp->val;
1277
1278 if (test_bit(HCI_AUTH, &hdev->flags) == val) {
1279 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1280 goto failed;
1281 }
1282
1283 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LINK_SECURITY, hdev, data, len);
1284 if (!cmd) {
1285 err = -ENOMEM;
1286 goto failed;
1287 }
1288
1289 err = hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE, sizeof(val), &val);
1290 if (err < 0) {
1291 mgmt_pending_remove(cmd);
1292 goto failed;
1293 }
1294
1295failed:
1296 hci_dev_unlock(hdev);
33ef95ed
JH		 1297 return err;
1298}
1299
bdb6d971 1300static int set_ssp(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
ed2c4ee3
JH		 1301{
1302 struct mgmt_mode *cp = data;
1303 struct pending_cmd *cmd;
cdba5281 1304 u8 val, status;
ed2c4ee3
JH		 1305 int err;
1306
bdb6d971 1307 BT_DBG("request for %s", hdev->name);
ed2c4ee3 1308
cdba5281
MH		 1309 status = mgmt_bredr_support(hdev);
1310 if (status)
1311 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP, status);
1312
13ecd8b6
JH		 1313 if (!lmp_ssp_capable(hdev))
1314 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1315 MGMT_STATUS_NOT_SUPPORTED);
ed2c4ee3 1316
a7e80f25
JH		 1317 if (cp->val != 0x00 && cp->val != 0x01)
1318 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1319 MGMT_STATUS_INVALID_PARAMS);
1320
13ecd8b6 1321 hci_dev_lock(hdev);
6c8f12c1 1322
c0ecddc2
JH		 1323 val = !!cp->val;
1324
4b34ee78 1325 if (!hdev_is_powered(hdev)) {
c0ecddc2
JH		 1326 bool changed = false;
1327
1328 if (val != test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) {
1329 change_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
1330 changed = true;
1331 }
1332
1333 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1334 if (err < 0)
1335 goto failed;
1336
1337 if (changed)
1338 err = new_settings(hdev, sk);
1339
ed2c4ee3
JH		 1340 goto failed;
1341 }
1342
1343 if (mgmt_pending_find(MGMT_OP_SET_SSP, hdev)) {
d97dcb66
SJ		 1344 err = cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1345 MGMT_STATUS_BUSY);
ed2c4ee3
JH		 1346 goto failed;
1347 }
1348
ed2c4ee3
JH		 1349 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags) == val) {
1350 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1351 goto failed;
1352 }
1353
1354 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SSP, hdev, data, len);
1355 if (!cmd) {
1356 err = -ENOMEM;
1357 goto failed;
1358 }
1359
1360 err = hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, sizeof(val), &val);
1361 if (err < 0) {
1362 mgmt_pending_remove(cmd);
1363 goto failed;
1364 }
1365
1366failed:
1367 hci_dev_unlock(hdev);
ed2c4ee3
JH		 1368 return err;
1369}
1370
bdb6d971 1371static int set_hs(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
6d80dfd0
JH		 1372{
1373 struct mgmt_mode *cp = data;
ee392693 1374 bool changed;
e6fe7986 1375 u8 status;
ee392693 1376 int err;
6d80dfd0 1377
bdb6d971 1378 BT_DBG("request for %s", hdev->name);
6d80dfd0 1379
e6fe7986
JH		 1380 status = mgmt_bredr_support(hdev);
1381 if (status)
1382 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS, status);
6d80dfd0 1383
a7e80f25
JH		 1384 if (cp->val != 0x00 && cp->val != 0x01)
1385 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1386 MGMT_STATUS_INVALID_PARAMS);
1387
ee392693
MH		 1388 hci_dev_lock(hdev);
1389
a0cdf960 1390 if (cp->val) {
ee392693 1391 changed = !test_and_set_bit(HCI_HS_ENABLED, &hdev->dev_flags);
a0cdf960
MH		 1392 } else {
1393 if (hdev_is_powered(hdev)) {
1394 err = cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1395 MGMT_STATUS_REJECTED);
1396 goto unlock;
1397 }
1398
ee392693 1399 changed = test_and_clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
a0cdf960 1400 }
ee392693
MH		 1401
1402 err = send_settings_rsp(sk, MGMT_OP_SET_HS, hdev);
1403 if (err < 0)
1404 goto unlock;
1405
1406 if (changed)
1407 err = new_settings(hdev, sk);
6d80dfd0 1408
ee392693
MH		 1409unlock:
1410 hci_dev_unlock(hdev);
1411 return err;
6d80dfd0
JH		 1412}
1413
bba3aa55
MH		 1414static void enable_advertising(struct hci_request *req)
1415{
b4faf300
MH		 1416 struct hci_dev *hdev = req->hdev;
1417 struct hci_cp_le_set_adv_param cp;
1418 u8 enable = 0x01;
1419
1420 memset(&cp, 0, sizeof(cp));
1421 cp.min_interval = __constant_cpu_to_le16(0x0800);
1422 cp.max_interval = __constant_cpu_to_le16(0x0800);
1423 cp.type = LE_ADV_IND;
1424 if (bacmp(&hdev->bdaddr, BDADDR_ANY))
1425 cp.own_address_type = ADDR_LE_DEV_PUBLIC;
1426 else
1427 cp.own_address_type = ADDR_LE_DEV_RANDOM;
1428 cp.channel_map = 0x07;
1429
1430 hci_req_add(req, HCI_OP_LE_SET_ADV_PARAM, sizeof(cp), &cp);
bba3aa55 1431
b4faf300 1432 hci_req_add(req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable), &enable);
bba3aa55
MH		 1433}
1434
1435static void disable_advertising(struct hci_request *req)
1436{
b4faf300 1437 u8 enable = 0x00;
bba3aa55 1438
b4faf300 1439 hci_req_add(req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable), &enable);
bba3aa55
MH		 1440}
1441
416a4ae5
JH		 1442static void le_enable_complete(struct hci_dev *hdev, u8 status)
1443{
1444 struct cmd_lookup match = { NULL, hdev };
1445
1446 if (status) {
1447 u8 mgmt_err = mgmt_status(status);
1448
1449 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, cmd_status_rsp,
1450 &mgmt_err);
1451 return;
1452 }
1453
1454 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, settings_rsp, &match);
1455
1456 new_settings(hdev, match.sk);
1457
1458 if (match.sk)
1459 sock_put(match.sk);
1460}
1461
bdb6d971 1462static int set_le(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
06199cf8
JH		 1463{
1464 struct mgmt_mode *cp = data;
1465 struct hci_cp_write_le_host_supported hci_cp;
1466 struct pending_cmd *cmd;
416a4ae5 1467 struct hci_request req;
06199cf8 1468 int err;
0b60eba1 1469 u8 val, enabled;
06199cf8 1470
bdb6d971 1471 BT_DBG("request for %s", hdev->name);
06199cf8 1472
13ecd8b6
JH		 1473 if (!lmp_le_capable(hdev))
1474 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1475 MGMT_STATUS_NOT_SUPPORTED);
1de028ce 1476
a7e80f25
JH		 1477 if (cp->val != 0x00 && cp->val != 0x01)
1478 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1479 MGMT_STATUS_INVALID_PARAMS);
1480
c73eee91 1481 /* LE-only devices do not allow toggling LE on/off */
56f87901 1482 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
c73eee91
JH		 1483 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1484 MGMT_STATUS_REJECTED);
1485
13ecd8b6 1486 hci_dev_lock(hdev);
06199cf8
JH		 1487
1488 val = !!cp->val;
ffa88e02 1489 enabled = lmp_host_le_capable(hdev);
06199cf8 1490
0b60eba1 1491 if (!hdev_is_powered(hdev) || val == enabled) {
06199cf8
JH		 1492 bool changed = false;
1493
1494 if (val != test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
1495 change_bit(HCI_LE_ENABLED, &hdev->dev_flags);
1496 changed = true;
1497 }
1498
f3d3444a
JH		 1499 if (!val && test_bit(HCI_ADVERTISING, &hdev->dev_flags)) {
1500 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
eeca6f89
JH		 1501 changed = true;
1502 }
1503
06199cf8
JH		 1504 err = send_settings_rsp(sk, MGMT_OP_SET_LE, hdev);
1505 if (err < 0)
1de028ce 1506 goto unlock;
06199cf8
JH		 1507
1508 if (changed)
1509 err = new_settings(hdev, sk);
1510
1de028ce 1511 goto unlock;
06199cf8
JH		 1512 }
1513
4375f103
JH		 1514 if (mgmt_pending_find(MGMT_OP_SET_LE, hdev) ||
1515 mgmt_pending_find(MGMT_OP_SET_ADVERTISING, hdev)) {
bdb6d971 1516 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
04124681 1517 MGMT_STATUS_BUSY);
1de028ce 1518 goto unlock;
06199cf8
JH		 1519 }
1520
1521 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LE, hdev, data, len);
1522 if (!cmd) {
1523 err = -ENOMEM;
1de028ce 1524 goto unlock;
06199cf8
JH		 1525 }
1526
1527 memset(&hci_cp, 0, sizeof(hci_cp));
1528
1529 if (val) {
1530 hci_cp.le = val;
ffa88e02 1531 hci_cp.simul = lmp_le_br_capable(hdev);
06199cf8
JH		 1532 }
1533
416a4ae5
JH		 1534 hci_req_init(&req, hdev);
1535
bba3aa55
MH		 1536 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags) && !val)
1537 disable_advertising(&req);
eeca6f89 1538
416a4ae5
JH		 1539 hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(hci_cp),
1540 &hci_cp);
1541
1542 err = hci_req_run(&req, le_enable_complete);
0c01bc48 1543 if (err < 0)
06199cf8 1544 mgmt_pending_remove(cmd);
06199cf8 1545
1de028ce
JH		 1546unlock:
1547 hci_dev_unlock(hdev);
06199cf8
JH		 1548 return err;
1549}
1550
0cab9c80
JH		 1551/* This is a helper function to test for pending mgmt commands that can
1552 * cause CoD or EIR HCI commands. We can only allow one such pending
1553 * mgmt command at a time since otherwise we cannot easily track what
1554 * the current values are, will be, and based on that calculate if a new
1555 * HCI command needs to be sent and if yes with what value.
1556 */
1557static bool pending_eir_or_class(struct hci_dev *hdev)
1558{
1559 struct pending_cmd *cmd;
1560
1561 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
1562 switch (cmd->opcode) {
1563 case MGMT_OP_ADD_UUID:
1564 case MGMT_OP_REMOVE_UUID:
1565 case MGMT_OP_SET_DEV_CLASS:
1566 case MGMT_OP_SET_POWERED:
1567 return true;
1568 }
1569 }
1570
1571 return false;
1572}
1573
83be8eca
JH		 1574static const u8 bluetooth_base_uuid[] = {
1575 0xfb, 0x34, 0x9b, 0x5f, 0x80, 0x00, 0x00, 0x80,
1576 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1577};
1578
1579static u8 get_uuid_size(const u8 *uuid)
1580{
1581 u32 val;
1582
1583 if (memcmp(uuid, bluetooth_base_uuid, 12))
1584 return 128;
1585
1586 val = get_unaligned_le32(&uuid[12]);
1587 if (val > 0xffff)
1588 return 32;
1589
1590 return 16;
1591}
1592
92da6097
JH		 1593static void mgmt_class_complete(struct hci_dev *hdev, u16 mgmt_op, u8 status)
1594{
1595 struct pending_cmd *cmd;
1596
1597 hci_dev_lock(hdev);
1598
1599 cmd = mgmt_pending_find(mgmt_op, hdev);
1600 if (!cmd)
1601 goto unlock;
1602
1603 cmd_complete(cmd->sk, cmd->index, cmd->opcode, mgmt_status(status),
1604 hdev->dev_class, 3);
1605
1606 mgmt_pending_remove(cmd);
1607
1608unlock:
1609 hci_dev_unlock(hdev);
1610}
1611
1612static void add_uuid_complete(struct hci_dev *hdev, u8 status)
1613{
1614 BT_DBG("status 0x%02x", status);
1615
1616 mgmt_class_complete(hdev, MGMT_OP_ADD_UUID, status);
1617}
1618
bdb6d971 1619static int add_uuid(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
2aeb9a1a 1620{
650f726d 1621 struct mgmt_cp_add_uuid *cp = data;
90e70454 1622 struct pending_cmd *cmd;
890ea898 1623 struct hci_request req;
2aeb9a1a 1624 struct bt_uuid *uuid;
2aeb9a1a
JH		 1625 int err;
1626
bdb6d971 1627 BT_DBG("request for %s", hdev->name);
2aeb9a1a 1628
09fd0de5 1629 hci_dev_lock(hdev);
2aeb9a1a 1630
0cab9c80 1631 if (pending_eir_or_class(hdev)) {
bdb6d971 1632 err = cmd_status(sk, hdev->id, MGMT_OP_ADD_UUID,
04124681 1633 MGMT_STATUS_BUSY);
c95f0ba7
JH		 1634 goto failed;
1635 }
1636
92c4c204 1637 uuid = kmalloc(sizeof(*uuid), GFP_KERNEL);
2aeb9a1a
JH		 1638 if (!uuid) {
1639 err = -ENOMEM;
1640 goto failed;
1641 }
1642
1643 memcpy(uuid->uuid, cp->uuid, 16);
1aff6f09 1644 uuid->svc_hint = cp->svc_hint;
83be8eca 1645 uuid->size = get_uuid_size(cp->uuid);
2aeb9a1a 1646
de66aa63 1647 list_add_tail(&uuid->list, &hdev->uuids);
2aeb9a1a 1648
890ea898 1649 hci_req_init(&req, hdev);
1aff6f09 1650
890ea898
JH		 1651 update_class(&req);
1652 update_eir(&req);
1653
92da6097
JH		 1654 err = hci_req_run(&req, add_uuid_complete);
1655 if (err < 0) {
1656 if (err != -ENODATA)
1657 goto failed;
80a1e1db 1658
bdb6d971 1659 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_UUID, 0,
04124681 1660 hdev->dev_class, 3);
90e70454
JH		 1661 goto failed;
1662 }
1663
1664 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_UUID, hdev, data, len);
890ea898 1665 if (!cmd) {
90e70454 1666 err = -ENOMEM;
890ea898
JH		 1667 goto failed;
1668 }
1669
1670 err = 0;
2aeb9a1a
JH		 1671
1672failed:
09fd0de5 1673 hci_dev_unlock(hdev);
2aeb9a1a
JH		 1674 return err;
1675}
1676
24b78d0f
JH		 1677static bool enable_service_cache(struct hci_dev *hdev)
1678{
1679 if (!hdev_is_powered(hdev))
1680 return false;
1681
1682 if (!test_and_set_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
46818ed5
JH		 1683 queue_delayed_work(hdev->workqueue, &hdev->service_cache,
1684 CACHE_TIMEOUT);
24b78d0f
JH		 1685 return true;
1686 }
1687
1688 return false;
1689}
1690
92da6097
JH		 1691static void remove_uuid_complete(struct hci_dev *hdev, u8 status)
1692{
1693 BT_DBG("status 0x%02x", status);
1694
1695 mgmt_class_complete(hdev, MGMT_OP_REMOVE_UUID, status);
1696}
1697
bdb6d971 1698static int remove_uuid(struct sock *sk, struct hci_dev *hdev, void *data,
8ce8e2b5 1699 u16 len)
2aeb9a1a 1700{
650f726d 1701 struct mgmt_cp_remove_uuid *cp = data;
90e70454 1702 struct pending_cmd *cmd;
056341c8 1703 struct bt_uuid *match, *tmp;
2aeb9a1a 1704 u8 bt_uuid_any[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
890ea898 1705 struct hci_request req;
2aeb9a1a
JH		 1706 int err, found;
1707
bdb6d971 1708 BT_DBG("request for %s", hdev->name);
2aeb9a1a 1709
09fd0de5 1710 hci_dev_lock(hdev);
2aeb9a1a 1711
0cab9c80 1712 if (pending_eir_or_class(hdev)) {
bdb6d971 1713 err = cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
04124681 1714 MGMT_STATUS_BUSY);
c95f0ba7
JH		 1715 goto unlock;
1716 }
1717
2aeb9a1a
JH		 1718 if (memcmp(cp->uuid, bt_uuid_any, 16) == 0) {
1719 err = hci_uuids_clear(hdev);
4004b6d9 1720
24b78d0f 1721 if (enable_service_cache(hdev)) {
bdb6d971 1722 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID,
04124681 1723 0, hdev->dev_class, 3);
24b78d0f
JH		 1724 goto unlock;
1725 }
4004b6d9 1726
9246a869 1727 goto update_class;
2aeb9a1a
JH		 1728 }
1729
1730 found = 0;
1731
056341c8 1732 list_for_each_entry_safe(match, tmp, &hdev->uuids, list) {
2aeb9a1a
JH		 1733 if (memcmp(match->uuid, cp->uuid, 16) != 0)
1734 continue;
1735
1736 list_del(&match->list);
482049f7 1737 kfree(match);
2aeb9a1a
JH		 1738 found++;
1739 }
1740
1741 if (found == 0) {
bdb6d971 1742 err = cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
04124681 1743 MGMT_STATUS_INVALID_PARAMS);
2aeb9a1a
JH		 1744 goto unlock;
1745 }
1746
9246a869 1747update_class:
890ea898 1748 hci_req_init(&req, hdev);
1aff6f09 1749
890ea898
JH		 1750 update_class(&req);
1751 update_eir(&req);
1752
92da6097
JH		 1753 err = hci_req_run(&req, remove_uuid_complete);
1754 if (err < 0) {
1755 if (err != -ENODATA)
1756 goto unlock;
80a1e1db 1757
bdb6d971 1758 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID, 0,
04124681 1759 hdev->dev_class, 3);
90e70454
JH		 1760 goto unlock;
1761 }
1762
1763 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_UUID, hdev, data, len);
890ea898 1764 if (!cmd) {
90e70454 1765 err = -ENOMEM;
890ea898
JH		 1766 goto unlock;
1767 }
1768
1769 err = 0;
2aeb9a1a
JH		 1770
1771unlock:
09fd0de5 1772 hci_dev_unlock(hdev);
2aeb9a1a
JH		 1773 return err;
1774}
1775
92da6097
JH		 1776static void set_class_complete(struct hci_dev *hdev, u8 status)
1777{
1778 BT_DBG("status 0x%02x", status);
1779
1780 mgmt_class_complete(hdev, MGMT_OP_SET_DEV_CLASS, status);
1781}
1782
bdb6d971 1783static int set_dev_class(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1784 u16 len)
1aff6f09 1785{
650f726d 1786 struct mgmt_cp_set_dev_class *cp = data;
90e70454 1787 struct pending_cmd *cmd;
890ea898 1788 struct hci_request req;
1aff6f09
JH		 1789 int err;
1790
bdb6d971 1791 BT_DBG("request for %s", hdev->name);
1aff6f09 1792
6203fc98 1793 if (!lmp_bredr_capable(hdev))
13ecd8b6
JH		 1794 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
1795 MGMT_STATUS_NOT_SUPPORTED);
1aff6f09 1796
0cab9c80 1797 hci_dev_lock(hdev);
ee98f473 1798
0cab9c80
JH		 1799 if (pending_eir_or_class(hdev)) {
1800 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
1801 MGMT_STATUS_BUSY);
1802 goto unlock;
1803 }
c95f0ba7 1804
0cab9c80
JH		 1805 if ((cp->minor & 0x03) != 0 || (cp->major & 0xe0) != 0) {
1806 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
1807 MGMT_STATUS_INVALID_PARAMS);
1808 goto unlock;
1809 }
575b3a02 1810
932f5ff5
JH		 1811 hdev->major_class = cp->major;
1812 hdev->minor_class = cp->minor;
1813
b5235a65 1814 if (!hdev_is_powered(hdev)) {
bdb6d971 1815 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
04124681 1816 hdev->dev_class, 3);
b5235a65
JH		 1817 goto unlock;
1818 }
1819
890ea898
JH		 1820 hci_req_init(&req, hdev);
1821
a8b2d5c2 1822 if (test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
7d78525d
JH		 1823 hci_dev_unlock(hdev);
1824 cancel_delayed_work_sync(&hdev->service_cache);
1825 hci_dev_lock(hdev);
890ea898 1826 update_eir(&req);
7d78525d 1827 }
14c0b608 1828
890ea898
JH		 1829 update_class(&req);
1830
92da6097
JH		 1831 err = hci_req_run(&req, set_class_complete);
1832 if (err < 0) {
1833 if (err != -ENODATA)
1834 goto unlock;
1aff6f09 1835
bdb6d971 1836 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
04124681 1837 hdev->dev_class, 3);
90e70454
JH		 1838 goto unlock;
1839 }
1840
1841 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DEV_CLASS, hdev, data, len);
890ea898 1842 if (!cmd) {
90e70454 1843 err = -ENOMEM;
890ea898
JH		 1844 goto unlock;
1845 }
1846
1847 err = 0;
1aff6f09 1848
b5235a65 1849unlock:
09fd0de5 1850 hci_dev_unlock(hdev);
1aff6f09
JH		 1851 return err;
1852}
1853
bdb6d971 1854static int load_link_keys(struct sock *sk, struct hci_dev *hdev, void *data,
8ce8e2b5 1855 u16 len)
55ed8ca1 1856{
650f726d 1857 struct mgmt_cp_load_link_keys *cp = data;
4e51eae9 1858 u16 key_count, expected_len;
a492cd52 1859 int i;
55ed8ca1 1860
9060d5cf
MH		 1861 BT_DBG("request for %s", hdev->name);
1862
1863 if (!lmp_bredr_capable(hdev))
1864 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
1865 MGMT_STATUS_NOT_SUPPORTED);
1866
1f350c87 1867 key_count = __le16_to_cpu(cp->key_count);
55ed8ca1 1868
86742e1e
JH		 1869 expected_len = sizeof(*cp) + key_count *
1870 sizeof(struct mgmt_link_key_info);
a492cd52 1871 if (expected_len != len) {
86742e1e 1872 BT_ERR("load_link_keys: expected %u bytes, got %u bytes",
8ce8e2b5 1873 len, expected_len);
bdb6d971 1874 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
04124681 1875 MGMT_STATUS_INVALID_PARAMS);
55ed8ca1
JH		 1876 }
1877
4ae14301
JH		 1878 if (cp->debug_keys != 0x00 && cp->debug_keys != 0x01)
1879 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
1880 MGMT_STATUS_INVALID_PARAMS);
1881
bdb6d971 1882 BT_DBG("%s debug_keys %u key_count %u", hdev->name, cp->debug_keys,
8ce8e2b5 1883 key_count);
55ed8ca1 1884
4ee71b20
JH		 1885 for (i = 0; i < key_count; i++) {
1886 struct mgmt_link_key_info *key = &cp->keys[i];
1887
1888 if (key->addr.type != BDADDR_BREDR)
1889 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
1890 MGMT_STATUS_INVALID_PARAMS);
1891 }
1892
09fd0de5 1893 hci_dev_lock(hdev);
55ed8ca1
JH		 1894
1895 hci_link_keys_clear(hdev);
1896
55ed8ca1 1897 if (cp->debug_keys)
a8b2d5c2 1898 set_bit(HCI_DEBUG_KEYS, &hdev->dev_flags);
55ed8ca1 1899 else
a8b2d5c2 1900 clear_bit(HCI_DEBUG_KEYS, &hdev->dev_flags);
55ed8ca1 1901
a492cd52 1902 for (i = 0; i < key_count; i++) {
86742e1e 1903 struct mgmt_link_key_info *key = &cp->keys[i];
55ed8ca1 1904
d753fdc4 1905 hci_add_link_key(hdev, NULL, 0, &key->addr.bdaddr, key->val,
04124681 1906 key->type, key->pin_len);
55ed8ca1
JH		 1907 }
1908
bdb6d971 1909 cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS, 0, NULL, 0);
0e5f875a 1910
09fd0de5 1911 hci_dev_unlock(hdev);
55ed8ca1 1912
a492cd52 1913 return 0;
55ed8ca1
JH		 1914}
1915
b1078ad0 1916static int device_unpaired(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 1917 u8 addr_type, struct sock *skip_sk)
b1078ad0
JH		 1918{
1919 struct mgmt_ev_device_unpaired ev;
1920
1921 bacpy(&ev.addr.bdaddr, bdaddr);
1922 ev.addr.type = addr_type;
1923
1924 return mgmt_event(MGMT_EV_DEVICE_UNPAIRED, hdev, &ev, sizeof(ev),
04124681 1925 skip_sk);
b1078ad0
JH		 1926}
1927
bdb6d971 1928static int unpair_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1929 u16 len)
55ed8ca1 1930{
124f6e35
JH		 1931 struct mgmt_cp_unpair_device *cp = data;
1932 struct mgmt_rp_unpair_device rp;
a8a1d19e
JH		 1933 struct hci_cp_disconnect dc;
1934 struct pending_cmd *cmd;
55ed8ca1 1935 struct hci_conn *conn;
55ed8ca1
JH		 1936 int err;
1937
a8a1d19e 1938 memset(&rp, 0, sizeof(rp));
124f6e35
JH		 1939 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
1940 rp.addr.type = cp->addr.type;
a8a1d19e 1941
4ee71b20
JH		 1942 if (!bdaddr_type_is_valid(cp->addr.type))
1943 return cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
1944 MGMT_STATUS_INVALID_PARAMS,
1945 &rp, sizeof(rp));
1946
118da70b
JH		 1947 if (cp->disconnect != 0x00 && cp->disconnect != 0x01)
1948 return cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
1949 MGMT_STATUS_INVALID_PARAMS,
1950 &rp, sizeof(rp));
1951
4ee71b20
JH		 1952 hci_dev_lock(hdev);
1953
86a8cfc6 1954 if (!hdev_is_powered(hdev)) {
bdb6d971 1955 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
04124681 1956 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
86a8cfc6
JH		 1957 goto unlock;
1958 }
1959
591f47f3 1960 if (cp->addr.type == BDADDR_BREDR)
124f6e35
JH		 1961 err = hci_remove_link_key(hdev, &cp->addr.bdaddr);
1962 else
1963 err = hci_remove_ltk(hdev, &cp->addr.bdaddr);
b0dbfb46 1964
55ed8ca1 1965 if (err < 0) {
bdb6d971 1966 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
04124681 1967 MGMT_STATUS_NOT_PAIRED, &rp, sizeof(rp));
55ed8ca1
JH		 1968 goto unlock;
1969 }
1970
86a8cfc6 1971 if (cp->disconnect) {
591f47f3 1972 if (cp->addr.type == BDADDR_BREDR)
86a8cfc6 1973 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
8ce8e2b5 1974 &cp->addr.bdaddr);
86a8cfc6
JH		 1975 else
1976 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK,
8ce8e2b5 1977 &cp->addr.bdaddr);
86a8cfc6
JH		 1978 } else {
1979 conn = NULL;
1980 }
124f6e35 1981
a8a1d19e 1982 if (!conn) {
bdb6d971 1983 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE, 0,
04124681 1984 &rp, sizeof(rp));
b1078ad0 1985 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, sk);
a8a1d19e
JH		 1986 goto unlock;
1987 }
55ed8ca1 1988
124f6e35 1989 cmd = mgmt_pending_add(sk, MGMT_OP_UNPAIR_DEVICE, hdev, cp,
04124681 1990 sizeof(*cp));
a8a1d19e
JH		 1991 if (!cmd) {
1992 err = -ENOMEM;
1993 goto unlock;
55ed8ca1
JH		 1994 }
1995
eb55ef07 1996 dc.handle = cpu_to_le16(conn->handle);
a8a1d19e
JH		 1997 dc.reason = 0x13; /* Remote User Terminated Connection */
1998 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
1999 if (err < 0)
2000 mgmt_pending_remove(cmd);
2001
55ed8ca1 2002unlock:
09fd0de5 2003 hci_dev_unlock(hdev);
55ed8ca1
JH		 2004 return err;
2005}
2006
bdb6d971 2007static int disconnect(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2008 u16 len)
8962ee74 2009{
650f726d 2010 struct mgmt_cp_disconnect *cp = data;
06a63b19 2011 struct mgmt_rp_disconnect rp;
8962ee74 2012 struct hci_cp_disconnect dc;
366a0336 2013 struct pending_cmd *cmd;
8962ee74 2014 struct hci_conn *conn;
8962ee74
JH		 2015 int err;
2016
2017 BT_DBG("");
2018
06a63b19
JH		 2019 memset(&rp, 0, sizeof(rp));
2020 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2021 rp.addr.type = cp->addr.type;
2022
4ee71b20 2023 if (!bdaddr_type_is_valid(cp->addr.type))
06a63b19
JH		 2024 return cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2025 MGMT_STATUS_INVALID_PARAMS,
2026 &rp, sizeof(rp));
4ee71b20 2027
09fd0de5 2028 hci_dev_lock(hdev);
8962ee74
JH		 2029
2030 if (!test_bit(HCI_UP, &hdev->flags)) {
06a63b19
JH		 2031 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2032 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
8962ee74
JH		 2033 goto failed;
2034 }
2035
2e58ef3e 2036 if (mgmt_pending_find(MGMT_OP_DISCONNECT, hdev)) {
06a63b19
JH		 2037 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2038 MGMT_STATUS_BUSY, &rp, sizeof(rp));
8962ee74
JH		 2039 goto failed;
2040 }
2041
591f47f3 2042 if (cp->addr.type == BDADDR_BREDR)
8fc9ced3
GP		 2043 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
2044 &cp->addr.bdaddr);
88c3df13
JH		 2045 else
2046 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
365227e5 2047
f960727e 2048 if (!conn || conn->state == BT_OPEN || conn->state == BT_CLOSED) {
06a63b19
JH		 2049 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2050 MGMT_STATUS_NOT_CONNECTED, &rp, sizeof(rp));
8962ee74
JH		 2051 goto failed;
2052 }
2053
2e58ef3e 2054 cmd = mgmt_pending_add(sk, MGMT_OP_DISCONNECT, hdev, data, len);
366a0336
JH		 2055 if (!cmd) {
2056 err = -ENOMEM;
8962ee74 2057 goto failed;
366a0336 2058 }
8962ee74 2059
eb55ef07 2060 dc.handle = cpu_to_le16(conn->handle);
3701f944 2061 dc.reason = HCI_ERROR_REMOTE_USER_TERM;
8962ee74
JH		 2062
2063 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
2064 if (err < 0)
a664b5bc 2065 mgmt_pending_remove(cmd);
8962ee74
JH		 2066
2067failed:
09fd0de5 2068 hci_dev_unlock(hdev);
8962ee74
JH		 2069 return err;
2070}
2071
57c1477c 2072static u8 link_to_bdaddr(u8 link_type, u8 addr_type)
4c659c39
JH		 2073{
2074 switch (link_type) {
2075 case LE_LINK:
48264f06
JH		 2076 switch (addr_type) {
2077 case ADDR_LE_DEV_PUBLIC:
591f47f3 2078 return BDADDR_LE_PUBLIC;
0ed09148 2079
48264f06 2080 default:
0ed09148 2081 /* Fallback to LE Random address type */
591f47f3 2082 return BDADDR_LE_RANDOM;
48264f06 2083 }
0ed09148 2084
4c659c39 2085 default:
0ed09148 2086 /* Fallback to BR/EDR type */
591f47f3 2087 return BDADDR_BREDR;
4c659c39
JH		 2088 }
2089}
2090
04124681
GP		 2091static int get_connections(struct sock *sk, struct hci_dev *hdev, void *data,
2092 u16 data_len)
2784eb41 2093{
2784eb41 2094 struct mgmt_rp_get_connections *rp;
8035ded4 2095 struct hci_conn *c;
a38528f1 2096 size_t rp_len;
60fc5fb6
JH		 2097 int err;
2098 u16 i;
2784eb41
JH		 2099
2100 BT_DBG("");
2101
09fd0de5 2102 hci_dev_lock(hdev);
2784eb41 2103
5f97c1df 2104 if (!hdev_is_powered(hdev)) {
bdb6d971 2105 err = cmd_status(sk, hdev->id, MGMT_OP_GET_CONNECTIONS,
04124681 2106 MGMT_STATUS_NOT_POWERED);
5f97c1df
JH		 2107 goto unlock;
2108 }
2109
60fc5fb6 2110 i = 0;
b644ba33
JH		 2111 list_for_each_entry(c, &hdev->conn_hash.list, list) {
2112 if (test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
60fc5fb6 2113 i++;
2784eb41
JH		 2114 }
2115
60fc5fb6 2116 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
92c4c204 2117 rp = kmalloc(rp_len, GFP_KERNEL);
a38528f1 2118 if (!rp) {
2784eb41
JH		 2119 err = -ENOMEM;
2120 goto unlock;
2121 }
2122
2784eb41 2123 i = 0;
4c659c39 2124 list_for_each_entry(c, &hdev->conn_hash.list, list) {
b644ba33
JH		 2125 if (!test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
2126 continue;
4c659c39 2127 bacpy(&rp->addr[i].bdaddr, &c->dst);
57c1477c 2128 rp->addr[i].type = link_to_bdaddr(c->type, c->dst_type);
0ed09148 2129 if (c->type == SCO_LINK || c->type == ESCO_LINK)
4c659c39
JH		 2130 continue;
2131 i++;
2132 }
2133
eb55ef07 2134 rp->conn_count = cpu_to_le16(i);
60fc5fb6 2135
4c659c39
JH		 2136 /* Recalculate length in case of filtered SCO connections, etc */
2137 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
2784eb41 2138
bdb6d971 2139 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CONNECTIONS, 0, rp,
04124681 2140 rp_len);
2784eb41 2141
a38528f1 2142 kfree(rp);
5f97c1df
JH		 2143
2144unlock:
09fd0de5 2145 hci_dev_unlock(hdev);
2784eb41
JH		 2146 return err;
2147}
2148
bdb6d971 2149static int send_pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 2150 struct mgmt_cp_pin_code_neg_reply *cp)
96d97a67
WR		 2151{
2152 struct pending_cmd *cmd;
2153 int err;
2154
2e58ef3e 2155 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_NEG_REPLY, hdev, cp,
04124681 2156 sizeof(*cp));
96d97a67
WR		 2157 if (!cmd)
2158 return -ENOMEM;
2159
d8457698 2160 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
04124681 2161 sizeof(cp->addr.bdaddr), &cp->addr.bdaddr);
96d97a67
WR		 2162 if (err < 0)
2163 mgmt_pending_remove(cmd);
2164
2165 return err;
2166}
2167
bdb6d971 2168static int pin_code_reply(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2169 u16 len)
980e1a53 2170{
96d97a67 2171 struct hci_conn *conn;
650f726d 2172 struct mgmt_cp_pin_code_reply *cp = data;
980e1a53 2173 struct hci_cp_pin_code_reply reply;
366a0336 2174 struct pending_cmd *cmd;
980e1a53
JH		 2175 int err;
2176
2177 BT_DBG("");
2178
09fd0de5 2179 hci_dev_lock(hdev);
980e1a53 2180
4b34ee78 2181 if (!hdev_is_powered(hdev)) {
bdb6d971 2182 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
04124681 2183 MGMT_STATUS_NOT_POWERED);
980e1a53
JH		 2184 goto failed;
2185 }
2186
d8457698 2187 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->addr.bdaddr);
96d97a67 2188 if (!conn) {
bdb6d971 2189 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
04124681 2190 MGMT_STATUS_NOT_CONNECTED);
96d97a67
WR		 2191 goto failed;
2192 }
2193
2194 if (conn->pending_sec_level == BT_SECURITY_HIGH && cp->pin_len != 16) {
d8457698
JH		 2195 struct mgmt_cp_pin_code_neg_reply ncp;
2196
2197 memcpy(&ncp.addr, &cp->addr, sizeof(ncp.addr));
96d97a67
WR		 2198
2199 BT_ERR("PIN code is not 16 bytes long");
2200
bdb6d971 2201 err = send_pin_code_neg_reply(sk, hdev, &ncp);
96d97a67 2202 if (err >= 0)
bdb6d971 2203 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
04124681 2204 MGMT_STATUS_INVALID_PARAMS);
96d97a67
WR		 2205
2206 goto failed;
2207 }
2208
00abfe44 2209 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_REPLY, hdev, data, len);
366a0336
JH		 2210 if (!cmd) {
2211 err = -ENOMEM;
980e1a53 2212 goto failed;
366a0336 2213 }
980e1a53 2214
d8457698 2215 bacpy(&reply.bdaddr, &cp->addr.bdaddr);
980e1a53 2216 reply.pin_len = cp->pin_len;
24718ca5 2217 memcpy(reply.pin_code, cp->pin_code, sizeof(reply.pin_code));
980e1a53
JH		 2218
2219 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_REPLY, sizeof(reply), &reply);
2220 if (err < 0)
a664b5bc 2221 mgmt_pending_remove(cmd);
980e1a53
JH		 2222
2223failed:
09fd0de5 2224 hci_dev_unlock(hdev);
980e1a53
JH		 2225 return err;
2226}
2227
04124681
GP		 2228static int set_io_capability(struct sock *sk, struct hci_dev *hdev, void *data,
2229 u16 len)
17fa4b9d 2230{
650f726d 2231 struct mgmt_cp_set_io_capability *cp = data;
17fa4b9d
JH		 2232
2233 BT_DBG("");
2234
09fd0de5 2235 hci_dev_lock(hdev);
17fa4b9d
JH		 2236
2237 hdev->io_capability = cp->io_capability;
2238
2239 BT_DBG("%s IO capability set to 0x%02x", hdev->name,
8ce8e2b5 2240 hdev->io_capability);
17fa4b9d 2241
09fd0de5 2242 hci_dev_unlock(hdev);
17fa4b9d 2243
04124681
GP		 2244 return cmd_complete(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY, 0, NULL,
2245 0);
17fa4b9d
JH		 2246}
2247
6039aa73 2248static struct pending_cmd *find_pairing(struct hci_conn *conn)
e9a416b5
JH		 2249{
2250 struct hci_dev *hdev = conn->hdev;
8035ded4 2251 struct pending_cmd *cmd;
e9a416b5 2252
2e58ef3e 2253 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
e9a416b5
JH		 2254 if (cmd->opcode != MGMT_OP_PAIR_DEVICE)
2255 continue;
2256
e9a416b5
JH		 2257 if (cmd->user_data != conn)
2258 continue;
2259
2260 return cmd;
2261 }
2262
2263 return NULL;
2264}
2265
2266static void pairing_complete(struct pending_cmd *cmd, u8 status)
2267{
2268 struct mgmt_rp_pair_device rp;
2269 struct hci_conn *conn = cmd->user_data;
2270
ba4e564f 2271 bacpy(&rp.addr.bdaddr, &conn->dst);
57c1477c 2272 rp.addr.type = link_to_bdaddr(conn->type, conn->dst_type);
e9a416b5 2273
aee9b218 2274 cmd_complete(cmd->sk, cmd->index, MGMT_OP_PAIR_DEVICE, status,
04124681 2275 &rp, sizeof(rp));
e9a416b5
JH		 2276
2277 /* So we don't get further callbacks for this connection */
2278 conn->connect_cfm_cb = NULL;
2279 conn->security_cfm_cb = NULL;
2280 conn->disconn_cfm_cb = NULL;
2281
76a68ba0 2282 hci_conn_drop(conn);
e9a416b5 2283
a664b5bc 2284 mgmt_pending_remove(cmd);
e9a416b5
JH		 2285}
2286
2287static void pairing_complete_cb(struct hci_conn *conn, u8 status)
2288{
2289 struct pending_cmd *cmd;
2290
2291 BT_DBG("status %u", status);
2292
2293 cmd = find_pairing(conn);
56e5cb86 2294 if (!cmd)
e9a416b5 2295 BT_DBG("Unable to find a pending command");
56e5cb86 2296 else
e211326c 2297 pairing_complete(cmd, mgmt_status(status));
e9a416b5
JH		 2298}
2299
4c47d739
VA		 2300static void le_connect_complete_cb(struct hci_conn *conn, u8 status)
2301{
2302 struct pending_cmd *cmd;
2303
2304 BT_DBG("status %u", status);
2305
2306 if (!status)
2307 return;
2308
2309 cmd = find_pairing(conn);
2310 if (!cmd)
2311 BT_DBG("Unable to find a pending command");
2312 else
2313 pairing_complete(cmd, mgmt_status(status));
2314}
2315
bdb6d971 2316static int pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2317 u16 len)
e9a416b5 2318{
650f726d 2319 struct mgmt_cp_pair_device *cp = data;
1425acb7 2320 struct mgmt_rp_pair_device rp;
e9a416b5
JH		 2321 struct pending_cmd *cmd;
2322 u8 sec_level, auth_type;
2323 struct hci_conn *conn;
e9a416b5
JH		 2324 int err;
2325
2326 BT_DBG("");
2327
f950a30e
SJ		 2328 memset(&rp, 0, sizeof(rp));
2329 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2330 rp.addr.type = cp->addr.type;
2331
4ee71b20
JH		 2332 if (!bdaddr_type_is_valid(cp->addr.type))
2333 return cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2334 MGMT_STATUS_INVALID_PARAMS,
2335 &rp, sizeof(rp));
2336
09fd0de5 2337 hci_dev_lock(hdev);
e9a416b5 2338
5f97c1df 2339 if (!hdev_is_powered(hdev)) {
f950a30e
SJ		 2340 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2341 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
5f97c1df
JH		 2342 goto unlock;
2343 }
2344
c908df36
VCG		 2345 sec_level = BT_SECURITY_MEDIUM;
2346 if (cp->io_cap == 0x03)
e9a416b5 2347 auth_type = HCI_AT_DEDICATED_BONDING;
c908df36 2348 else
e9a416b5 2349 auth_type = HCI_AT_DEDICATED_BONDING_MITM;
e9a416b5 2350
591f47f3 2351 if (cp->addr.type == BDADDR_BREDR)
b12f62cf
AG		 2352 conn = hci_connect(hdev, ACL_LINK, &cp->addr.bdaddr,
2353 cp->addr.type, sec_level, auth_type);
7a512d01 2354 else
b12f62cf
AG		 2355 conn = hci_connect(hdev, LE_LINK, &cp->addr.bdaddr,
2356 cp->addr.type, sec_level, auth_type);
7a512d01 2357
30e76272 2358 if (IS_ERR(conn)) {
489dc48e
AK		 2359 int status;
2360
2361 if (PTR_ERR(conn) == -EBUSY)
2362 status = MGMT_STATUS_BUSY;
2363 else
2364 status = MGMT_STATUS_CONNECT_FAILED;
2365
bdb6d971 2366 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
489dc48e 2367 status, &rp,
04124681 2368 sizeof(rp));
e9a416b5
JH		 2369 goto unlock;
2370 }
2371
2372 if (conn->connect_cfm_cb) {
76a68ba0 2373 hci_conn_drop(conn);
bdb6d971 2374 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
04124681 2375 MGMT_STATUS_BUSY, &rp, sizeof(rp));
e9a416b5
JH		 2376 goto unlock;
2377 }
2378
2e58ef3e 2379 cmd = mgmt_pending_add(sk, MGMT_OP_PAIR_DEVICE, hdev, data, len);
e9a416b5
JH		 2380 if (!cmd) {
2381 err = -ENOMEM;
76a68ba0 2382 hci_conn_drop(conn);
e9a416b5
JH		 2383 goto unlock;
2384 }
2385
7a512d01 2386 /* For LE, just connecting isn't a proof that the pairing finished */
591f47f3 2387 if (cp->addr.type == BDADDR_BREDR)
7a512d01 2388 conn->connect_cfm_cb = pairing_complete_cb;
4c47d739
VA		 2389 else
2390 conn->connect_cfm_cb = le_connect_complete_cb;
7a512d01 2391
e9a416b5
JH		 2392 conn->security_cfm_cb = pairing_complete_cb;
2393 conn->disconn_cfm_cb = pairing_complete_cb;
2394 conn->io_capability = cp->io_cap;
2395 cmd->user_data = conn;
2396
2397 if (conn->state == BT_CONNECTED &&
8ce8e2b5 2398 hci_conn_security(conn, sec_level, auth_type))
e9a416b5
JH		 2399 pairing_complete(cmd, 0);
2400
2401 err = 0;
2402
2403unlock:
09fd0de5 2404 hci_dev_unlock(hdev);
e9a416b5
JH		 2405 return err;
2406}
2407
04124681
GP		 2408static int cancel_pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
2409 u16 len)
28424707 2410{
0f4e68cf 2411 struct mgmt_addr_info *addr = data;
28424707
JH		 2412 struct pending_cmd *cmd;
2413 struct hci_conn *conn;
2414 int err;
2415
2416 BT_DBG("");
2417
28424707
JH		 2418 hci_dev_lock(hdev);
2419
5f97c1df 2420 if (!hdev_is_powered(hdev)) {
bdb6d971 2421 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
04124681 2422 MGMT_STATUS_NOT_POWERED);
5f97c1df
JH		 2423 goto unlock;
2424 }
2425
28424707
JH		 2426 cmd = mgmt_pending_find(MGMT_OP_PAIR_DEVICE, hdev);
2427 if (!cmd) {
bdb6d971 2428 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
04124681 2429 MGMT_STATUS_INVALID_PARAMS);
28424707
JH		 2430 goto unlock;
2431 }
2432
2433 conn = cmd->user_data;
2434
2435 if (bacmp(&addr->bdaddr, &conn->dst) != 0) {
bdb6d971 2436 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
04124681 2437 MGMT_STATUS_INVALID_PARAMS);
28424707
JH		 2438 goto unlock;
2439 }
2440
2441 pairing_complete(cmd, MGMT_STATUS_CANCELLED);
2442
bdb6d971 2443 err = cmd_complete(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE, 0,
04124681 2444 addr, sizeof(*addr));
28424707
JH		 2445unlock:
2446 hci_dev_unlock(hdev);
28424707
JH		 2447 return err;
2448}
2449
bdb6d971 2450static int user_pairing_resp(struct sock *sk, struct hci_dev *hdev,
1707c60e 2451 struct mgmt_addr_info *addr, u16 mgmt_op,
04124681 2452 u16 hci_op, __le32 passkey)
a5c29683 2453{
a5c29683 2454 struct pending_cmd *cmd;
0df4c185 2455 struct hci_conn *conn;
a5c29683
JH		 2456 int err;
2457
09fd0de5 2458 hci_dev_lock(hdev);
08ba5382 2459
4b34ee78 2460 if (!hdev_is_powered(hdev)) {
feb94d3d
JH		 2461 err = cmd_complete(sk, hdev->id, mgmt_op,
2462 MGMT_STATUS_NOT_POWERED, addr,
2463 sizeof(*addr));
0df4c185 2464 goto done;
a5c29683
JH		 2465 }
2466
1707c60e
JH		 2467 if (addr->type == BDADDR_BREDR)
2468 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &addr->bdaddr);
272d90df 2469 else
1707c60e 2470 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &addr->bdaddr);
272d90df
JH		 2471
2472 if (!conn) {
feb94d3d
JH		 2473 err = cmd_complete(sk, hdev->id, mgmt_op,
2474 MGMT_STATUS_NOT_CONNECTED, addr,
2475 sizeof(*addr));
272d90df
JH		 2476 goto done;
2477 }
47c15e2b 2478
1707c60e 2479 if (addr->type == BDADDR_LE_PUBLIC || addr->type == BDADDR_LE_RANDOM) {
47c15e2b 2480 /* Continue with pairing via SMP */
5fe57d9e
BG		 2481 err = smp_user_confirm_reply(conn, mgmt_op, passkey);
2482
2483 if (!err)
feb94d3d
JH		 2484 err = cmd_complete(sk, hdev->id, mgmt_op,
2485 MGMT_STATUS_SUCCESS, addr,
2486 sizeof(*addr));
5fe57d9e 2487 else
feb94d3d
JH		 2488 err = cmd_complete(sk, hdev->id, mgmt_op,
2489 MGMT_STATUS_FAILED, addr,
2490 sizeof(*addr));
47c15e2b 2491
47c15e2b
BG		 2492 goto done;
2493 }
2494
1707c60e 2495 cmd = mgmt_pending_add(sk, mgmt_op, hdev, addr, sizeof(*addr));
a5c29683
JH		 2496 if (!cmd) {
2497 err = -ENOMEM;
0df4c185 2498 goto done;
a5c29683
JH		 2499 }
2500
0df4c185 2501 /* Continue with pairing via HCI */
604086b7
BG		 2502 if (hci_op == HCI_OP_USER_PASSKEY_REPLY) {
2503 struct hci_cp_user_passkey_reply cp;
2504
1707c60e 2505 bacpy(&cp.bdaddr, &addr->bdaddr);
604086b7
BG		 2506 cp.passkey = passkey;
2507 err = hci_send_cmd(hdev, hci_op, sizeof(cp), &cp);
2508 } else
1707c60e
JH		 2509 err = hci_send_cmd(hdev, hci_op, sizeof(addr->bdaddr),
2510 &addr->bdaddr);
604086b7 2511
a664b5bc
JH		 2512 if (err < 0)
2513 mgmt_pending_remove(cmd);
a5c29683 2514
0df4c185 2515done:
09fd0de5 2516 hci_dev_unlock(hdev);
a5c29683
JH		 2517 return err;
2518}
2519
afeb019d
JK		 2520static int pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
2521 void *data, u16 len)
2522{
2523 struct mgmt_cp_pin_code_neg_reply *cp = data;
2524
2525 BT_DBG("");
2526
1707c60e 2527 return user_pairing_resp(sk, hdev, &cp->addr,
afeb019d
JK		 2528 MGMT_OP_PIN_CODE_NEG_REPLY,
2529 HCI_OP_PIN_CODE_NEG_REPLY, 0);
2530}
2531
04124681
GP		 2532static int user_confirm_reply(struct sock *sk, struct hci_dev *hdev, void *data,
2533 u16 len)
0df4c185 2534{
650f726d 2535 struct mgmt_cp_user_confirm_reply *cp = data;
0df4c185
BG		 2536
2537 BT_DBG("");
2538
2539 if (len != sizeof(*cp))
bdb6d971 2540 return cmd_status(sk, hdev->id, MGMT_OP_USER_CONFIRM_REPLY,
04124681 2541 MGMT_STATUS_INVALID_PARAMS);
0df4c185 2542
1707c60e 2543 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 2544 MGMT_OP_USER_CONFIRM_REPLY,
2545 HCI_OP_USER_CONFIRM_REPLY, 0);
0df4c185
BG		 2546}
2547
bdb6d971 2548static int user_confirm_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 2549 void *data, u16 len)
0df4c185 2550{
c9c2659f 2551 struct mgmt_cp_user_confirm_neg_reply *cp = data;
0df4c185
BG		 2552
2553 BT_DBG("");
2554
1707c60e 2555 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 2556 MGMT_OP_USER_CONFIRM_NEG_REPLY,
2557 HCI_OP_USER_CONFIRM_NEG_REPLY, 0);
0df4c185
BG		 2558}
2559
04124681
GP		 2560static int user_passkey_reply(struct sock *sk, struct hci_dev *hdev, void *data,
2561 u16 len)
604086b7 2562{
650f726d 2563 struct mgmt_cp_user_passkey_reply *cp = data;
604086b7
BG		 2564
2565 BT_DBG("");
2566
1707c60e 2567 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 2568 MGMT_OP_USER_PASSKEY_REPLY,
2569 HCI_OP_USER_PASSKEY_REPLY, cp->passkey);
604086b7
BG		 2570}
2571
bdb6d971 2572static int user_passkey_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 2573 void *data, u16 len)
604086b7 2574{
650f726d 2575 struct mgmt_cp_user_passkey_neg_reply *cp = data;
604086b7
BG		 2576
2577 BT_DBG("");
2578
1707c60e 2579 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 2580 MGMT_OP_USER_PASSKEY_NEG_REPLY,
2581 HCI_OP_USER_PASSKEY_NEG_REPLY, 0);
604086b7
BG		 2582}
2583
13928971 2584static void update_name(struct hci_request *req)
2b4bf397 2585{
13928971 2586 struct hci_dev *hdev = req->hdev;
2b4bf397
JH		 2587 struct hci_cp_write_local_name cp;
2588
13928971 2589 memcpy(cp.name, hdev->dev_name, sizeof(cp.name));
2b4bf397 2590
890ea898 2591 hci_req_add(req, HCI_OP_WRITE_LOCAL_NAME, sizeof(cp), &cp);
2b4bf397
JH		 2592}
2593
13928971
JH		 2594static void set_name_complete(struct hci_dev *hdev, u8 status)
2595{
2596 struct mgmt_cp_set_local_name *cp;
2597 struct pending_cmd *cmd;
2598
2599 BT_DBG("status 0x%02x", status);
2600
2601 hci_dev_lock(hdev);
2602
2603 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
2604 if (!cmd)
2605 goto unlock;
2606
2607 cp = cmd->param;
2608
2609 if (status)
2610 cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME,
2611 mgmt_status(status));
2612 else
2613 cmd_complete(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
2614 cp, sizeof(*cp));
2615
2616 mgmt_pending_remove(cmd);
2617
2618unlock:
2619 hci_dev_unlock(hdev);
2620}
2621
bdb6d971 2622static int set_local_name(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2623 u16 len)
b312b161 2624{
2b4bf397 2625 struct mgmt_cp_set_local_name *cp = data;
b312b161 2626 struct pending_cmd *cmd;
890ea898 2627 struct hci_request req;
b312b161
JH		 2628 int err;
2629
2630 BT_DBG("");
2631
09fd0de5 2632 hci_dev_lock(hdev);
b312b161 2633
b3f2ca94
JH		 2634 /* If the old values are the same as the new ones just return a
2635 * direct command complete event.
2636 */
2637 if (!memcmp(hdev->dev_name, cp->name, sizeof(hdev->dev_name)) &&
2638 !memcmp(hdev->short_name, cp->short_name,
2639 sizeof(hdev->short_name))) {
2640 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
2641 data, len);
2642 goto failed;
2643 }
2644
2b4bf397 2645 memcpy(hdev->short_name, cp->short_name, sizeof(hdev->short_name));
28cc7bde 2646
b5235a65 2647 if (!hdev_is_powered(hdev)) {
2b4bf397 2648 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
28cc7bde
JH		 2649
2650 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
04124681 2651 data, len);
28cc7bde
JH		 2652 if (err < 0)
2653 goto failed;
2654
2655 err = mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, data, len,
04124681 2656 sk);
28cc7bde 2657
b5235a65
JH		 2658 goto failed;
2659 }
2660
28cc7bde 2661 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LOCAL_NAME, hdev, data, len);
b312b161
JH		 2662 if (!cmd) {
2663 err = -ENOMEM;
2664 goto failed;
2665 }
2666
13928971
JH		 2667 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
2668
890ea898 2669 hci_req_init(&req, hdev);
3f985050
JH		 2670
2671 if (lmp_bredr_capable(hdev)) {
2672 update_name(&req);
2673 update_eir(&req);
2674 }
2675
2676 if (lmp_le_capable(hdev))
2677 hci_update_ad(&req);
2678
13928971 2679 err = hci_req_run(&req, set_name_complete);
b312b161
JH		 2680 if (err < 0)
2681 mgmt_pending_remove(cmd);
2682
2683failed:
09fd0de5 2684 hci_dev_unlock(hdev);
b312b161
JH		 2685 return err;
2686}
2687
0f4e68cf 2688static int read_local_oob_data(struct sock *sk, struct hci_dev *hdev,
04124681 2689 void *data, u16 data_len)
c35938b2 2690{
c35938b2
SJ		 2691 struct pending_cmd *cmd;
2692 int err;
2693
bdb6d971 2694 BT_DBG("%s", hdev->name);
c35938b2 2695
09fd0de5 2696 hci_dev_lock(hdev);
c35938b2 2697
4b34ee78 2698 if (!hdev_is_powered(hdev)) {
bdb6d971 2699 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
04124681 2700 MGMT_STATUS_NOT_POWERED);
c35938b2
SJ		 2701 goto unlock;
2702 }
2703
9a1a1996 2704 if (!lmp_ssp_capable(hdev)) {
bdb6d971 2705 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
04124681 2706 MGMT_STATUS_NOT_SUPPORTED);
c35938b2
SJ		 2707 goto unlock;
2708 }
2709
2e58ef3e 2710 if (mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev)) {
bdb6d971 2711 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
04124681 2712 MGMT_STATUS_BUSY);
c35938b2
SJ		 2713 goto unlock;
2714 }
2715
2e58ef3e 2716 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_DATA, hdev, NULL, 0);
c35938b2
SJ		 2717 if (!cmd) {
2718 err = -ENOMEM;
2719 goto unlock;
2720 }
2721
2722 err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL);
2723 if (err < 0)
2724 mgmt_pending_remove(cmd);
2725
2726unlock:
09fd0de5 2727 hci_dev_unlock(hdev);
c35938b2
SJ		 2728 return err;
2729}
2730
bdb6d971 2731static int add_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
04124681 2732 void *data, u16 len)
2763eda6 2733{
650f726d 2734 struct mgmt_cp_add_remote_oob_data *cp = data;
bf1e3541 2735 u8 status;
2763eda6
SJ		 2736 int err;
2737
bdb6d971 2738 BT_DBG("%s ", hdev->name);
2763eda6 2739
09fd0de5 2740 hci_dev_lock(hdev);
2763eda6 2741
664ce4cc 2742 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr, cp->hash,
04124681 2743 cp->randomizer);
2763eda6 2744 if (err < 0)
bf1e3541 2745 status = MGMT_STATUS_FAILED;
2763eda6 2746 else
a6785be2 2747 status = MGMT_STATUS_SUCCESS;
bf1e3541 2748
bdb6d971 2749 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA, status,
04124681 2750 &cp->addr, sizeof(cp->addr));
2763eda6 2751
09fd0de5 2752 hci_dev_unlock(hdev);
2763eda6
SJ		 2753 return err;
2754}
2755
bdb6d971 2756static int remove_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
8ce8e2b5 2757 void *data, u16 len)
2763eda6 2758{
650f726d 2759 struct mgmt_cp_remove_remote_oob_data *cp = data;
bf1e3541 2760 u8 status;
2763eda6
SJ		 2761 int err;
2762
bdb6d971 2763 BT_DBG("%s", hdev->name);
2763eda6 2764
09fd0de5 2765 hci_dev_lock(hdev);
2763eda6 2766
664ce4cc 2767 err = hci_remove_remote_oob_data(hdev, &cp->addr.bdaddr);
2763eda6 2768 if (err < 0)
bf1e3541 2769 status = MGMT_STATUS_INVALID_PARAMS;
2763eda6 2770 else
a6785be2 2771 status = MGMT_STATUS_SUCCESS;
bf1e3541 2772
bdb6d971 2773 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
04124681 2774 status, &cp->addr, sizeof(cp->addr));
2763eda6 2775
09fd0de5 2776 hci_dev_unlock(hdev);
2763eda6
SJ		 2777 return err;
2778}
2779
41dc2bd6
AG		 2780static int mgmt_start_discovery_failed(struct hci_dev *hdev, u8 status)
2781{
2782 struct pending_cmd *cmd;
2783 u8 type;
2784 int err;
2785
2786 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
2787
2788 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
2789 if (!cmd)
2790 return -ENOENT;
2791
2792 type = hdev->discovery.type;
2793
2794 err = cmd_complete(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status),
2795 &type, sizeof(type));
2796 mgmt_pending_remove(cmd);
2797
2798 return err;
2799}
2800
7c307720
AG		 2801static void start_discovery_complete(struct hci_dev *hdev, u8 status)
2802{
2803 BT_DBG("status %d", status);
2804
2805 if (status) {
2806 hci_dev_lock(hdev);
2807 mgmt_start_discovery_failed(hdev, status);
2808 hci_dev_unlock(hdev);
2809 return;
2810 }
2811
2812 hci_dev_lock(hdev);
2813 hci_discovery_set_state(hdev, DISCOVERY_FINDING);
2814 hci_dev_unlock(hdev);
2815
2816 switch (hdev->discovery.type) {
2817 case DISCOV_TYPE_LE:
2818 queue_delayed_work(hdev->workqueue, &hdev->le_scan_disable,
0d8cc935 2819 DISCOV_LE_TIMEOUT);
7c307720
AG		 2820 break;
2821
2822 case DISCOV_TYPE_INTERLEAVED:
2823 queue_delayed_work(hdev->workqueue, &hdev->le_scan_disable,
0d8cc935 2824 DISCOV_INTERLEAVED_TIMEOUT);
7c307720
AG		 2825 break;
2826
2827 case DISCOV_TYPE_BREDR:
2828 break;
2829
2830 default:
2831 BT_ERR("Invalid discovery type %d", hdev->discovery.type);
2832 }
2833}
2834
bdb6d971 2835static int start_discovery(struct sock *sk, struct hci_dev *hdev,
04124681 2836 void *data, u16 len)
14a53664 2837{
650f726d 2838 struct mgmt_cp_start_discovery *cp = data;
14a53664 2839 struct pending_cmd *cmd;
7c307720
AG		 2840 struct hci_cp_le_set_scan_param param_cp;
2841 struct hci_cp_le_set_scan_enable enable_cp;
2842 struct hci_cp_inquiry inq_cp;
2843 struct hci_request req;
2844 /* General inquiry access code (GIAC) */
2845 u8 lap[3] = { 0x33, 0x8b, 0x9e };
e6fe7986 2846 u8 status;
14a53664
JH		 2847 int err;
2848
bdb6d971 2849 BT_DBG("%s", hdev->name);
14a53664 2850
09fd0de5 2851 hci_dev_lock(hdev);
14a53664 2852
4b34ee78 2853 if (!hdev_is_powered(hdev)) {
bdb6d971 2854 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
04124681 2855 MGMT_STATUS_NOT_POWERED);
bd2d1334
JH		 2856 goto failed;
2857 }
2858
642be6c7
AG		 2859 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags)) {
2860 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2861 MGMT_STATUS_BUSY);
2862 goto failed;
2863 }
2864
ff9ef578 2865 if (hdev->discovery.state != DISCOVERY_STOPPED) {
bdb6d971 2866 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
04124681 2867 MGMT_STATUS_BUSY);
ff9ef578
JH		 2868 goto failed;
2869 }
2870
2e58ef3e 2871 cmd = mgmt_pending_add(sk, MGMT_OP_START_DISCOVERY, hdev, NULL, 0);
14a53664
JH		 2872 if (!cmd) {
2873 err = -ENOMEM;
2874 goto failed;
2875 }
2876
4aab14e5
AG		 2877 hdev->discovery.type = cp->type;
2878
7c307720
AG		 2879 hci_req_init(&req, hdev);
2880
4aab14e5 2881 switch (hdev->discovery.type) {
f39799f5 2882 case DISCOV_TYPE_BREDR:
e6fe7986
JH		 2883 status = mgmt_bredr_support(hdev);
2884 if (status) {
04106755 2885 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
e6fe7986 2886 status);
04106755
JH		 2887 mgmt_pending_remove(cmd);
2888 goto failed;
2889 }
2890
7c307720
AG		 2891 if (test_bit(HCI_INQUIRY, &hdev->flags)) {
2892 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2893 MGMT_STATUS_BUSY);
2894 mgmt_pending_remove(cmd);
2895 goto failed;
2896 }
2897
2898 hci_inquiry_cache_flush(hdev);
2899
2900 memset(&inq_cp, 0, sizeof(inq_cp));
2901 memcpy(&inq_cp.lap, lap, sizeof(inq_cp.lap));
0d8cc935 2902 inq_cp.length = DISCOV_BREDR_INQUIRY_LEN;
7c307720 2903 hci_req_add(&req, HCI_OP_INQUIRY, sizeof(inq_cp), &inq_cp);
f39799f5
AG		 2904 break;
2905
2906 case DISCOV_TYPE_LE:
7c307720 2907 case DISCOV_TYPE_INTERLEAVED:
e6fe7986
JH		 2908 status = mgmt_le_support(hdev);
2909 if (status) {
04106755 2910 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
e6fe7986 2911 status);
04106755
JH		 2912 mgmt_pending_remove(cmd);
2913 goto failed;
2914 }
2915
7c307720 2916 if (hdev->discovery.type == DISCOV_TYPE_INTERLEAVED &&
56f87901 2917 !test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
04106755
JH		 2918 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2919 MGMT_STATUS_NOT_SUPPORTED);
2920 mgmt_pending_remove(cmd);
2921 goto failed;
2922 }
2923
f3d3444a 2924 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags)) {
7c307720
AG		 2925 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2926 MGMT_STATUS_REJECTED);
2927 mgmt_pending_remove(cmd);
2928 goto failed;
2929 }
2930
2931 if (test_bit(HCI_LE_SCAN, &hdev->dev_flags)) {
2932 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2933 MGMT_STATUS_BUSY);
2934 mgmt_pending_remove(cmd);
2935 goto failed;
2936 }
2937
2938 memset(&param_cp, 0, sizeof(param_cp));
2939 param_cp.type = LE_SCAN_ACTIVE;
0d8cc935
AG		 2940 param_cp.interval = cpu_to_le16(DISCOV_LE_SCAN_INT);
2941 param_cp.window = cpu_to_le16(DISCOV_LE_SCAN_WIN);
c25dfc61
MH		 2942 if (bacmp(&hdev->bdaddr, BDADDR_ANY))
2943 param_cp.own_address_type = ADDR_LE_DEV_PUBLIC;
2944 else
2945 param_cp.own_address_type = ADDR_LE_DEV_RANDOM;
7c307720
AG		 2946 hci_req_add(&req, HCI_OP_LE_SET_SCAN_PARAM, sizeof(param_cp),
2947 &param_cp);
2948
2949 memset(&enable_cp, 0, sizeof(enable_cp));
2950 enable_cp.enable = LE_SCAN_ENABLE;
2951 enable_cp.filter_dup = LE_SCAN_FILTER_DUP_ENABLE;
2952 hci_req_add(&req, HCI_OP_LE_SET_SCAN_ENABLE, sizeof(enable_cp),
2953 &enable_cp);
5e0452c0
AG		 2954 break;
2955
f39799f5 2956 default:
04106755
JH		 2957 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2958 MGMT_STATUS_INVALID_PARAMS);
2959 mgmt_pending_remove(cmd);
2960 goto failed;
f39799f5 2961 }
3fd24153 2962
7c307720 2963 err = hci_req_run(&req, start_discovery_complete);
14a53664
JH		 2964 if (err < 0)
2965 mgmt_pending_remove(cmd);
ff9ef578
JH		 2966 else
2967 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
14a53664
JH		 2968
2969failed:
09fd0de5 2970 hci_dev_unlock(hdev);
14a53664
JH		 2971 return err;
2972}
2973
1183fdca
AG		 2974static int mgmt_stop_discovery_failed(struct hci_dev *hdev, u8 status)
2975{
2976 struct pending_cmd *cmd;
2977 int err;
2978
2979 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
2980 if (!cmd)
2981 return -ENOENT;
2982
2983 err = cmd_complete(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status),
2984 &hdev->discovery.type, sizeof(hdev->discovery.type));
2985 mgmt_pending_remove(cmd);
2986
2987 return err;
2988}
2989
0e05bba6
AG		 2990static void stop_discovery_complete(struct hci_dev *hdev, u8 status)
2991{
2992 BT_DBG("status %d", status);
2993
2994 hci_dev_lock(hdev);
2995
2996 if (status) {
2997 mgmt_stop_discovery_failed(hdev, status);
2998 goto unlock;
2999 }
3000
3001 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
3002
3003unlock:
3004 hci_dev_unlock(hdev);
3005}
3006
bdb6d971 3007static int stop_discovery(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3008 u16 len)
14a53664 3009{
d930650b 3010 struct mgmt_cp_stop_discovery *mgmt_cp = data;
14a53664 3011 struct pending_cmd *cmd;
30dc78e1
JH		 3012 struct hci_cp_remote_name_req_cancel cp;
3013 struct inquiry_entry *e;
0e05bba6
AG		 3014 struct hci_request req;
3015 struct hci_cp_le_set_scan_enable enable_cp;
14a53664
JH		 3016 int err;
3017
bdb6d971 3018 BT_DBG("%s", hdev->name);
14a53664 3019
09fd0de5 3020 hci_dev_lock(hdev);
14a53664 3021
30dc78e1 3022 if (!hci_discovery_active(hdev)) {
bdb6d971 3023 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
04124681
GP		 3024 MGMT_STATUS_REJECTED, &mgmt_cp->type,
3025 sizeof(mgmt_cp->type));
d930650b
JH		 3026 goto unlock;
3027 }
3028
3029 if (hdev->discovery.type != mgmt_cp->type) {
bdb6d971 3030 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
04124681
GP		 3031 MGMT_STATUS_INVALID_PARAMS, &mgmt_cp->type,
3032 sizeof(mgmt_cp->type));
30dc78e1 3033 goto unlock;
ff9ef578
JH		 3034 }
3035
2e58ef3e 3036 cmd = mgmt_pending_add(sk, MGMT_OP_STOP_DISCOVERY, hdev, NULL, 0);
14a53664
JH		 3037 if (!cmd) {
3038 err = -ENOMEM;
30dc78e1
JH		 3039 goto unlock;
3040 }
3041
0e05bba6
AG		 3042 hci_req_init(&req, hdev);
3043
e0d9727e
AG		 3044 switch (hdev->discovery.state) {
3045 case DISCOVERY_FINDING:
0e05bba6
AG		 3046 if (test_bit(HCI_INQUIRY, &hdev->flags)) {
3047 hci_req_add(&req, HCI_OP_INQUIRY_CANCEL, 0, NULL);
3048 } else {
3049 cancel_delayed_work(&hdev->le_scan_disable);
3050
3051 memset(&enable_cp, 0, sizeof(enable_cp));
3052 enable_cp.enable = LE_SCAN_DISABLE;
3053 hci_req_add(&req, HCI_OP_LE_SET_SCAN_ENABLE,
3054 sizeof(enable_cp), &enable_cp);
3055 }
c9ecc48e 3056
e0d9727e
AG		 3057 break;
3058
3059 case DISCOVERY_RESOLVING:
3060 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY,
8ce8e2b5 3061 NAME_PENDING);
e0d9727e 3062 if (!e) {
30dc78e1 3063 mgmt_pending_remove(cmd);
e0d9727e
AG		 3064 err = cmd_complete(sk, hdev->id,
3065 MGMT_OP_STOP_DISCOVERY, 0,
3066 &mgmt_cp->type,
3067 sizeof(mgmt_cp->type));
3068 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
3069 goto unlock;
3070 }
30dc78e1 3071
e0d9727e 3072 bacpy(&cp.bdaddr, &e->data.bdaddr);
0e05bba6
AG		 3073 hci_req_add(&req, HCI_OP_REMOTE_NAME_REQ_CANCEL, sizeof(cp),
3074 &cp);
e0d9727e
AG		 3075
3076 break;
3077
3078 default:
3079 BT_DBG("unknown discovery state %u", hdev->discovery.state);
0e05bba6
AG		 3080
3081 mgmt_pending_remove(cmd);
3082 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
3083 MGMT_STATUS_FAILED, &mgmt_cp->type,
3084 sizeof(mgmt_cp->type));
3085 goto unlock;
14a53664
JH		 3086 }
3087
0e05bba6 3088 err = hci_req_run(&req, stop_discovery_complete);
14a53664
JH		 3089 if (err < 0)
3090 mgmt_pending_remove(cmd);
ff9ef578
JH		 3091 else
3092 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
14a53664 3093
30dc78e1 3094unlock:
09fd0de5 3095 hci_dev_unlock(hdev);
14a53664
JH		 3096 return err;
3097}
3098
bdb6d971 3099static int confirm_name(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3100 u16 len)
561aafbc 3101{
650f726d 3102 struct mgmt_cp_confirm_name *cp = data;
561aafbc 3103 struct inquiry_entry *e;
561aafbc
JH		 3104 int err;
3105
bdb6d971 3106 BT_DBG("%s", hdev->name);
561aafbc 3107
561aafbc
JH		 3108 hci_dev_lock(hdev);
3109
30dc78e1 3110 if (!hci_discovery_active(hdev)) {
bdb6d971 3111 err = cmd_status(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
04124681 3112 MGMT_STATUS_FAILED);
30dc78e1
JH		 3113 goto failed;
3114 }
3115
a198e7b1 3116 e = hci_inquiry_cache_lookup_unknown(hdev, &cp->addr.bdaddr);
561aafbc 3117 if (!e) {
bdb6d971 3118 err = cmd_status(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
04124681 3119 MGMT_STATUS_INVALID_PARAMS);
561aafbc
JH		 3120 goto failed;
3121 }
3122
3123 if (cp->name_known) {
3124 e->name_state = NAME_KNOWN;
3125 list_del(&e->list);
3126 } else {
3127 e->name_state = NAME_NEEDED;
a3d4e20a 3128 hci_inquiry_cache_update_resolve(hdev, e);
561aafbc
JH		 3129 }
3130
e384662b
JH		 3131 err = cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME, 0, &cp->addr,
3132 sizeof(cp->addr));
561aafbc
JH		 3133
3134failed:
3135 hci_dev_unlock(hdev);
561aafbc
JH		 3136 return err;
3137}
3138
bdb6d971 3139static int block_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3140 u16 len)
7fbec224 3141{
650f726d 3142 struct mgmt_cp_block_device *cp = data;
f0eeea8b 3143 u8 status;
7fbec224
AJ		 3144 int err;
3145
bdb6d971 3146 BT_DBG("%s", hdev->name);
7fbec224 3147
4ee71b20 3148 if (!bdaddr_type_is_valid(cp->addr.type))
5d0846d4
JH		 3149 return cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE,
3150 MGMT_STATUS_INVALID_PARAMS,
3151 &cp->addr, sizeof(cp->addr));
4ee71b20 3152
09fd0de5 3153 hci_dev_lock(hdev);
5e762444 3154
88c1fe4b 3155 err = hci_blacklist_add(hdev, &cp->addr.bdaddr, cp->addr.type);
7fbec224 3156 if (err < 0)
f0eeea8b 3157 status = MGMT_STATUS_FAILED;
7fbec224 3158 else
a6785be2 3159 status = MGMT_STATUS_SUCCESS;
f0eeea8b 3160
bdb6d971 3161 err = cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE, status,
04124681 3162 &cp->addr, sizeof(cp->addr));
5e762444 3163
09fd0de5 3164 hci_dev_unlock(hdev);
7fbec224
AJ		 3165
3166 return err;
3167}
3168
bdb6d971 3169static int unblock_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3170 u16 len)
7fbec224 3171{
650f726d 3172 struct mgmt_cp_unblock_device *cp = data;
f0eeea8b 3173 u8 status;
7fbec224
AJ		 3174 int err;
3175
bdb6d971 3176 BT_DBG("%s", hdev->name);
7fbec224 3177
4ee71b20 3178 if (!bdaddr_type_is_valid(cp->addr.type))
5d0846d4
JH		 3179 return cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE,
3180 MGMT_STATUS_INVALID_PARAMS,
3181 &cp->addr, sizeof(cp->addr));
4ee71b20 3182
09fd0de5 3183 hci_dev_lock(hdev);
5e762444 3184
88c1fe4b 3185 err = hci_blacklist_del(hdev, &cp->addr.bdaddr, cp->addr.type);
7fbec224 3186 if (err < 0)
f0eeea8b 3187 status = MGMT_STATUS_INVALID_PARAMS;
7fbec224 3188 else
a6785be2 3189 status = MGMT_STATUS_SUCCESS;
f0eeea8b 3190
bdb6d971 3191 err = cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE, status,
04124681 3192 &cp->addr, sizeof(cp->addr));
5e762444 3193
09fd0de5 3194 hci_dev_unlock(hdev);
7fbec224
AJ		 3195
3196 return err;
3197}
3198
cdbaccca
MH		 3199static int set_device_id(struct sock *sk, struct hci_dev *hdev, void *data,
3200 u16 len)
3201{
3202 struct mgmt_cp_set_device_id *cp = data;
890ea898 3203 struct hci_request req;
cdbaccca 3204 int err;
c72d4b8a 3205 __u16 source;
cdbaccca
MH		 3206
3207 BT_DBG("%s", hdev->name);
3208
c72d4b8a
SJ		 3209 source = __le16_to_cpu(cp->source);
3210
3211 if (source > 0x0002)
3212 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEVICE_ID,
3213 MGMT_STATUS_INVALID_PARAMS);
3214
cdbaccca
MH		 3215 hci_dev_lock(hdev);
3216
c72d4b8a 3217 hdev->devid_source = source;
cdbaccca
MH		 3218 hdev->devid_vendor = __le16_to_cpu(cp->vendor);
3219 hdev->devid_product = __le16_to_cpu(cp->product);
3220 hdev->devid_version = __le16_to_cpu(cp->version);
3221
3222 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEVICE_ID, 0, NULL, 0);
3223
890ea898
JH		 3224 hci_req_init(&req, hdev);
3225 update_eir(&req);
3226 hci_req_run(&req, NULL);
cdbaccca
MH		 3227
3228 hci_dev_unlock(hdev);
3229
3230 return err;
3231}
3232
4375f103
JH		 3233static void set_advertising_complete(struct hci_dev *hdev, u8 status)
3234{
3235 struct cmd_lookup match = { NULL, hdev };
3236
3237 if (status) {
3238 u8 mgmt_err = mgmt_status(status);
3239
3240 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev,
3241 cmd_status_rsp, &mgmt_err);
3242 return;
3243 }
3244
3245 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev, settings_rsp,
3246 &match);
3247
3248 new_settings(hdev, match.sk);
3249
3250 if (match.sk)
3251 sock_put(match.sk);
3252}
3253
3254static int set_advertising(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
3255{
3256 struct mgmt_mode *cp = data;
3257 struct pending_cmd *cmd;
3258 struct hci_request req;
e6fe7986 3259 u8 val, enabled, status;
4375f103
JH		 3260 int err;
3261
3262 BT_DBG("request for %s", hdev->name);
3263
e6fe7986
JH		 3264 status = mgmt_le_support(hdev);
3265 if (status)
4375f103 3266 return cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
e6fe7986 3267 status);
4375f103
JH		 3268
3269 if (cp->val != 0x00 && cp->val != 0x01)
3270 return cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
3271 MGMT_STATUS_INVALID_PARAMS);
3272
3273 hci_dev_lock(hdev);
3274
3275 val = !!cp->val;
f3d3444a 3276 enabled = test_bit(HCI_ADVERTISING, &hdev->dev_flags);
4375f103
JH		 3277
3278 if (!hdev_is_powered(hdev) || val == enabled) {
3279 bool changed = false;
3280
f3d3444a
JH		 3281 if (val != test_bit(HCI_ADVERTISING, &hdev->dev_flags)) {
3282 change_bit(HCI_ADVERTISING, &hdev->dev_flags);
4375f103
JH		 3283 changed = true;
3284 }
3285
3286 err = send_settings_rsp(sk, MGMT_OP_SET_ADVERTISING, hdev);
3287 if (err < 0)
3288 goto unlock;
3289
3290 if (changed)
3291 err = new_settings(hdev, sk);
3292
3293 goto unlock;
3294 }
3295
3296 if (mgmt_pending_find(MGMT_OP_SET_ADVERTISING, hdev) ||
3297 mgmt_pending_find(MGMT_OP_SET_LE, hdev)) {
3298 err = cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
3299 MGMT_STATUS_BUSY);
3300 goto unlock;
3301 }
3302
3303 cmd = mgmt_pending_add(sk, MGMT_OP_SET_ADVERTISING, hdev, data, len);
3304 if (!cmd) {
3305 err = -ENOMEM;
3306 goto unlock;
3307 }
3308
3309 hci_req_init(&req, hdev);
3310
bba3aa55
MH		 3311 if (val)
3312 enable_advertising(&req);
3313 else
3314 disable_advertising(&req);
4375f103
JH		 3315
3316 err = hci_req_run(&req, set_advertising_complete);
3317 if (err < 0)
3318 mgmt_pending_remove(cmd);
3319
3320unlock:
3321 hci_dev_unlock(hdev);
3322 return err;
3323}
3324
d13eafce
MH		 3325static int set_static_address(struct sock *sk, struct hci_dev *hdev,
3326 void *data, u16 len)
3327{
3328 struct mgmt_cp_set_static_address *cp = data;
3329 int err;
3330
3331 BT_DBG("%s", hdev->name);
3332
62af4443 3333 if (!lmp_le_capable(hdev))
d13eafce 3334 return cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
62af4443 3335 MGMT_STATUS_NOT_SUPPORTED);
d13eafce
MH		 3336
3337 if (hdev_is_powered(hdev))
3338 return cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
3339 MGMT_STATUS_REJECTED);
3340
3341 if (bacmp(&cp->bdaddr, BDADDR_ANY)) {
3342 if (!bacmp(&cp->bdaddr, BDADDR_NONE))
3343 return cmd_status(sk, hdev->id,
3344 MGMT_OP_SET_STATIC_ADDRESS,
3345 MGMT_STATUS_INVALID_PARAMS);
3346
3347 /* Two most significant bits shall be set */
3348 if ((cp->bdaddr.b[5] & 0xc0) != 0xc0)
3349 return cmd_status(sk, hdev->id,
3350 MGMT_OP_SET_STATIC_ADDRESS,
3351 MGMT_STATUS_INVALID_PARAMS);
3352 }
3353
3354 hci_dev_lock(hdev);
3355
3356 bacpy(&hdev->static_addr, &cp->bdaddr);
3357
3358 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS, 0, NULL, 0);
3359
3360 hci_dev_unlock(hdev);
3361
3362 return err;
3363}
3364
33e38b3e
JH		 3365static void fast_connectable_complete(struct hci_dev *hdev, u8 status)
3366{
3367 struct pending_cmd *cmd;
3368
3369 BT_DBG("status 0x%02x", status);
3370
3371 hci_dev_lock(hdev);
3372
3373 cmd = mgmt_pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev);
3374 if (!cmd)
3375 goto unlock;
3376
3377 if (status) {
3378 cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
3379 mgmt_status(status));
3380 } else {
1a4d3c4b
JH		 3381 struct mgmt_mode *cp = cmd->param;
3382
3383 if (cp->val)
3384 set_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
3385 else
3386 clear_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
3387
33e38b3e
JH		 3388 send_settings_rsp(cmd->sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev);
3389 new_settings(hdev, cmd->sk);
3390 }
3391
3392 mgmt_pending_remove(cmd);
3393
3394unlock:
3395 hci_dev_unlock(hdev);
3396}
3397
bdb6d971 3398static int set_fast_connectable(struct sock *sk, struct hci_dev *hdev,
04124681 3399 void *data, u16 len)
f6422ec6 3400{
650f726d 3401 struct mgmt_mode *cp = data;
33e38b3e
JH		 3402 struct pending_cmd *cmd;
3403 struct hci_request req;
f6422ec6
AJ		 3404 int err;
3405
bdb6d971 3406 BT_DBG("%s", hdev->name);
f6422ec6 3407
56f87901
JH		 3408 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags) ||
3409 hdev->hci_ver < BLUETOOTH_VER_1_2)
33c525c0
JH		 3410 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
3411 MGMT_STATUS_NOT_SUPPORTED);
3412
a7e80f25
JH		 3413 if (cp->val != 0x00 && cp->val != 0x01)
3414 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
3415 MGMT_STATUS_INVALID_PARAMS);
3416
5400c044 3417 if (!hdev_is_powered(hdev))
bdb6d971 3418 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
04124681 3419 MGMT_STATUS_NOT_POWERED);
5400c044
JH		 3420
3421 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
bdb6d971 3422 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
04124681 3423 MGMT_STATUS_REJECTED);
f6422ec6
AJ		 3424
3425 hci_dev_lock(hdev);
3426
05cbf29f
JH		 3427 if (mgmt_pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev)) {
3428 err = cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
3429 MGMT_STATUS_BUSY);
3430 goto unlock;
3431 }
3432
1a4d3c4b
JH		 3433 if (!!cp->val == test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags)) {
3434 err = send_settings_rsp(sk, MGMT_OP_SET_FAST_CONNECTABLE,
3435 hdev);
3436 goto unlock;
3437 }
3438
33e38b3e
JH		 3439 cmd = mgmt_pending_add(sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev,
3440 data, len);
3441 if (!cmd) {
3442 err = -ENOMEM;
3443 goto unlock;
f6422ec6
AJ		 3444 }
3445
33e38b3e
JH		 3446 hci_req_init(&req, hdev);
3447
406d7804 3448 write_fast_connectable(&req, cp->val);
33e38b3e
JH		 3449
3450 err = hci_req_run(&req, fast_connectable_complete);
f6422ec6 3451 if (err < 0) {
bdb6d971 3452 err = cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
04124681 3453 MGMT_STATUS_FAILED);
33e38b3e 3454 mgmt_pending_remove(cmd);
f6422ec6
AJ		 3455 }
3456
33e38b3e 3457unlock:
f6422ec6 3458 hci_dev_unlock(hdev);
33e38b3e 3459
f6422ec6
AJ		 3460 return err;
3461}
3462
0663ca2a
JH		 3463static void set_bredr_complete(struct hci_dev *hdev, u8 status)
3464{
3465 struct pending_cmd *cmd;
3466
3467 BT_DBG("status 0x%02x", status);
3468
3469 hci_dev_lock(hdev);
3470
3471 cmd = mgmt_pending_find(MGMT_OP_SET_BREDR, hdev);
3472 if (!cmd)
3473 goto unlock;
3474
3475 if (status) {
3476 u8 mgmt_err = mgmt_status(status);
3477
3478 /* We need to restore the flag if related HCI commands
3479 * failed.
3480 */
3481 clear_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
3482
3483 cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
3484 } else {
3485 send_settings_rsp(cmd->sk, MGMT_OP_SET_BREDR, hdev);
3486 new_settings(hdev, cmd->sk);
3487 }
3488
3489 mgmt_pending_remove(cmd);
3490
3491unlock:
3492 hci_dev_unlock(hdev);
3493}
3494
3495static int set_bredr(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
3496{
3497 struct mgmt_mode *cp = data;
3498 struct pending_cmd *cmd;
3499 struct hci_request req;
3500 int err;
3501
3502 BT_DBG("request for %s", hdev->name);
3503
3504 if (!lmp_bredr_capable(hdev) || !lmp_le_capable(hdev))
3505 return cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
3506 MGMT_STATUS_NOT_SUPPORTED);
3507
3508 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
3509 return cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
3510 MGMT_STATUS_REJECTED);
3511
3512 if (cp->val != 0x00 && cp->val != 0x01)
3513 return cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
3514 MGMT_STATUS_INVALID_PARAMS);
3515
3516 hci_dev_lock(hdev);
3517
3518 if (cp->val == test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
3519 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
3520 goto unlock;
3521 }
3522
3523 if (!hdev_is_powered(hdev)) {
3524 if (!cp->val) {
3525 clear_bit(HCI_CONNECTABLE, &hdev->dev_flags);
3526 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
3527 clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
3528 clear_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
3529 clear_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
3530 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
3531 }
3532
3533 change_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
3534
3535 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
3536 if (err < 0)
3537 goto unlock;
3538
3539 err = new_settings(hdev, sk);
3540 goto unlock;
3541 }
3542
3543 /* Reject disabling when powered on */
3544 if (!cp->val) {
3545 err = cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
3546 MGMT_STATUS_REJECTED);
3547 goto unlock;
3548 }
3549
3550 if (mgmt_pending_find(MGMT_OP_SET_BREDR, hdev)) {
3551 err = cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
3552 MGMT_STATUS_BUSY);
3553 goto unlock;
3554 }
3555
3556 cmd = mgmt_pending_add(sk, MGMT_OP_SET_BREDR, hdev, data, len);
3557 if (!cmd) {
3558 err = -ENOMEM;
3559 goto unlock;
3560 }
3561
3562 /* We need to flip the bit already here so that hci_update_ad
3563 * generates the correct flags.
3564 */
3565 set_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
3566
3567 hci_req_init(&req, hdev);
3568 hci_update_ad(&req);
3569 err = hci_req_run(&req, set_bredr_complete);
3570 if (err < 0)
3571 mgmt_pending_remove(cmd);
3572
3573unlock:
3574 hci_dev_unlock(hdev);
3575 return err;
3576}
3577
3f706b72
JH		 3578static bool ltk_is_valid(struct mgmt_ltk_info *key)
3579{
44b20d33
JH		 3580 if (key->authenticated != 0x00 && key->authenticated != 0x01)
3581 return false;
3f706b72
JH		 3582 if (key->master != 0x00 && key->master != 0x01)
3583 return false;
4ee71b20
JH		 3584 if (!bdaddr_type_is_le(key->addr.type))
3585 return false;
3f706b72
JH		 3586 return true;
3587}
3588
bdb6d971 3589static int load_long_term_keys(struct sock *sk, struct hci_dev *hdev,
04124681 3590 void *cp_data, u16 len)
346af67b 3591{
346af67b
VCG		 3592 struct mgmt_cp_load_long_term_keys *cp = cp_data;
3593 u16 key_count, expected_len;
715a5bf2 3594 int i, err;
346af67b 3595
cf99ba13
MH		 3596 BT_DBG("request for %s", hdev->name);
3597
3598 if (!lmp_le_capable(hdev))
3599 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
3600 MGMT_STATUS_NOT_SUPPORTED);
3601
1f350c87 3602 key_count = __le16_to_cpu(cp->key_count);
346af67b
VCG		 3603
3604 expected_len = sizeof(*cp) + key_count *
3605 sizeof(struct mgmt_ltk_info);
3606 if (expected_len != len) {
3607 BT_ERR("load_keys: expected %u bytes, got %u bytes",
8ce8e2b5 3608 len, expected_len);
bdb6d971 3609 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
e57e619f 3610 MGMT_STATUS_INVALID_PARAMS);
346af67b
VCG		 3611 }
3612
bdb6d971 3613 BT_DBG("%s key_count %u", hdev->name, key_count);
346af67b 3614
54ad6d8a
JH		 3615 for (i = 0; i < key_count; i++) {
3616 struct mgmt_ltk_info *key = &cp->keys[i];
3617
3f706b72 3618 if (!ltk_is_valid(key))
54ad6d8a
JH		 3619 return cmd_status(sk, hdev->id,
3620 MGMT_OP_LOAD_LONG_TERM_KEYS,
3621 MGMT_STATUS_INVALID_PARAMS);
3622 }
3623
346af67b
VCG		 3624 hci_dev_lock(hdev);
3625
3626 hci_smp_ltks_clear(hdev);
3627
3628 for (i = 0; i < key_count; i++) {
3629 struct mgmt_ltk_info *key = &cp->keys[i];
3630 u8 type;
3631
3632 if (key->master)
3633 type = HCI_SMP_LTK;
3634 else
3635 type = HCI_SMP_LTK_SLAVE;
3636
4596fde5 3637 hci_add_ltk(hdev, &key->addr.bdaddr,
378b5b7e 3638 bdaddr_to_le(key->addr.type),
04124681
GP		 3639 type, 0, key->authenticated, key->val,
3640 key->enc_size, key->ediv, key->rand);
346af67b
VCG		 3641 }
3642
715a5bf2
JH		 3643 err = cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS, 0,
3644 NULL, 0);
3645
346af67b 3646 hci_dev_unlock(hdev);
346af67b 3647
715a5bf2 3648 return err;
346af67b
VCG		 3649}
3650
2e3c35ea 3651static const struct mgmt_handler {
04124681
GP		 3652 int (*func) (struct sock *sk, struct hci_dev *hdev, void *data,
3653 u16 data_len);
be22b54e
JH		 3654 bool var_len;
3655 size_t data_len;
0f4e68cf
JH		 3656} mgmt_handlers[] = {
3657 { NULL }, /* 0x0000 (no command) */
be22b54e
JH		 3658 { read_version, false, MGMT_READ_VERSION_SIZE },
3659 { read_commands, false, MGMT_READ_COMMANDS_SIZE },
3660 { read_index_list, false, MGMT_READ_INDEX_LIST_SIZE },
3661 { read_controller_info, false, MGMT_READ_INFO_SIZE },
3662 { set_powered, false, MGMT_SETTING_SIZE },
3663 { set_discoverable, false, MGMT_SET_DISCOVERABLE_SIZE },
3664 { set_connectable, false, MGMT_SETTING_SIZE },
3665 { set_fast_connectable, false, MGMT_SETTING_SIZE },
3666 { set_pairable, false, MGMT_SETTING_SIZE },
3667 { set_link_security, false, MGMT_SETTING_SIZE },
3668 { set_ssp, false, MGMT_SETTING_SIZE },
3669 { set_hs, false, MGMT_SETTING_SIZE },
3670 { set_le, false, MGMT_SETTING_SIZE },
3671 { set_dev_class, false, MGMT_SET_DEV_CLASS_SIZE },
3672 { set_local_name, false, MGMT_SET_LOCAL_NAME_SIZE },
3673 { add_uuid, false, MGMT_ADD_UUID_SIZE },
3674 { remove_uuid, false, MGMT_REMOVE_UUID_SIZE },
3675 { load_link_keys, true, MGMT_LOAD_LINK_KEYS_SIZE },
3676 { load_long_term_keys, true, MGMT_LOAD_LONG_TERM_KEYS_SIZE },
3677 { disconnect, false, MGMT_DISCONNECT_SIZE },
3678 { get_connections, false, MGMT_GET_CONNECTIONS_SIZE },
3679 { pin_code_reply, false, MGMT_PIN_CODE_REPLY_SIZE },
3680 { pin_code_neg_reply, false, MGMT_PIN_CODE_NEG_REPLY_SIZE },
3681 { set_io_capability, false, MGMT_SET_IO_CAPABILITY_SIZE },
3682 { pair_device, false, MGMT_PAIR_DEVICE_SIZE },
3683 { cancel_pair_device, false, MGMT_CANCEL_PAIR_DEVICE_SIZE },
3684 { unpair_device, false, MGMT_UNPAIR_DEVICE_SIZE },
3685 { user_confirm_reply, false, MGMT_USER_CONFIRM_REPLY_SIZE },
3686 { user_confirm_neg_reply, false, MGMT_USER_CONFIRM_NEG_REPLY_SIZE },
3687 { user_passkey_reply, false, MGMT_USER_PASSKEY_REPLY_SIZE },
3688 { user_passkey_neg_reply, false, MGMT_USER_PASSKEY_NEG_REPLY_SIZE },
3689 { read_local_oob_data, false, MGMT_READ_LOCAL_OOB_DATA_SIZE },
3690 { add_remote_oob_data, false, MGMT_ADD_REMOTE_OOB_DATA_SIZE },
3691 { remove_remote_oob_data, false, MGMT_REMOVE_REMOTE_OOB_DATA_SIZE },
3692 { start_discovery, false, MGMT_START_DISCOVERY_SIZE },
3693 { stop_discovery, false, MGMT_STOP_DISCOVERY_SIZE },
3694 { confirm_name, false, MGMT_CONFIRM_NAME_SIZE },
3695 { block_device, false, MGMT_BLOCK_DEVICE_SIZE },
3696 { unblock_device, false, MGMT_UNBLOCK_DEVICE_SIZE },
cdbaccca 3697 { set_device_id, false, MGMT_SET_DEVICE_ID_SIZE },
4375f103 3698 { set_advertising, false, MGMT_SETTING_SIZE },
0663ca2a 3699 { set_bredr, false, MGMT_SETTING_SIZE },
d13eafce 3700 { set_static_address, false, MGMT_SET_STATIC_ADDRESS_SIZE },
0f4e68cf
JH		 3701};
3702
3703
0381101f
JH		 3704int mgmt_control(struct sock *sk, struct msghdr *msg, size_t msglen)
3705{
650f726d
VCG		 3706 void *buf;
3707 u8 *cp;
0381101f 3708 struct mgmt_hdr *hdr;
4e51eae9 3709 u16 opcode, index, len;
bdb6d971 3710 struct hci_dev *hdev = NULL;
2e3c35ea 3711 const struct mgmt_handler *handler;
0381101f
JH		 3712 int err;
3713
3714 BT_DBG("got %zu bytes", msglen);
3715
3716 if (msglen < sizeof(*hdr))
3717 return -EINVAL;
3718
e63a15ec 3719 buf = kmalloc(msglen, GFP_KERNEL);
0381101f
JH		 3720 if (!buf)
3721 return -ENOMEM;
3722
3723 if (memcpy_fromiovec(buf, msg->msg_iov, msglen)) {
3724 err = -EFAULT;
3725 goto done;
3726 }
3727
650f726d 3728 hdr = buf;
1f350c87
MH		 3729 opcode = __le16_to_cpu(hdr->opcode);
3730 index = __le16_to_cpu(hdr->index);
3731 len = __le16_to_cpu(hdr->len);
0381101f
JH		 3732
3733 if (len != msglen - sizeof(*hdr)) {
3734 err = -EINVAL;
3735 goto done;
3736 }
3737
0f4e68cf 3738 if (index != MGMT_INDEX_NONE) {
bdb6d971
JH		 3739 hdev = hci_dev_get(index);
3740 if (!hdev) {
3741 err = cmd_status(sk, index, opcode,
04124681 3742 MGMT_STATUS_INVALID_INDEX);
bdb6d971
JH		 3743 goto done;
3744 }
0736cfa8
MH		 3745
3746 if (test_bit(HCI_USER_CHANNEL, &hdev->dev_flags)) {
3747 err = cmd_status(sk, index, opcode,
3748 MGMT_STATUS_INVALID_INDEX);
3749 goto done;
3750 }
bdb6d971
JH		 3751 }
3752
0f4e68cf 3753 if (opcode >= ARRAY_SIZE(mgmt_handlers) ||
8ce8e2b5 3754 mgmt_handlers[opcode].func == NULL) {
0381101f 3755 BT_DBG("Unknown op %u", opcode);
ca69b795 3756 err = cmd_status(sk, index, opcode,
04124681 3757 MGMT_STATUS_UNKNOWN_COMMAND);
0f4e68cf
JH		 3758 goto done;
3759 }
3760
3761 if ((hdev && opcode < MGMT_OP_READ_INFO) ||
8ce8e2b5 3762 (!hdev && opcode >= MGMT_OP_READ_INFO)) {
0f4e68cf 3763 err = cmd_status(sk, index, opcode,
04124681 3764 MGMT_STATUS_INVALID_INDEX);
0f4e68cf 3765 goto done;
0381101f
JH		 3766 }
3767
be22b54e
JH		 3768 handler = &mgmt_handlers[opcode];
3769
3770 if ((handler->var_len && len < handler->data_len) ||
8ce8e2b5 3771 (!handler->var_len && len != handler->data_len)) {
be22b54e 3772 err = cmd_status(sk, index, opcode,
04124681 3773 MGMT_STATUS_INVALID_PARAMS);
be22b54e
JH		 3774 goto done;
3775 }
3776
0f4e68cf
JH		 3777 if (hdev)
3778 mgmt_init_hdev(sk, hdev);
3779
3780 cp = buf + sizeof(*hdr);
3781
be22b54e 3782 err = handler->func(sk, hdev, cp, len);
e41d8b4e
JH		 3783 if (err < 0)
3784 goto done;
3785
0381101f
JH		 3786 err = msglen;
3787
3788done:
bdb6d971
JH		 3789 if (hdev)
3790 hci_dev_put(hdev);
3791
0381101f
JH		 3792 kfree(buf);
3793 return err;
3794}
c71e97bf 3795
744cf19e 3796int mgmt_index_added(struct hci_dev *hdev)
c71e97bf 3797{
bb4b2a9a
AE		 3798 if (!mgmt_valid_hdev(hdev))
3799 return -ENOTSUPP;
3800
744cf19e 3801 return mgmt_event(MGMT_EV_INDEX_ADDED, hdev, NULL, 0, NULL);
c71e97bf
JH		 3802}
3803
744cf19e 3804int mgmt_index_removed(struct hci_dev *hdev)
c71e97bf 3805{
5f159032 3806 u8 status = MGMT_STATUS_INVALID_INDEX;
b24752fe 3807
bb4b2a9a
AE		 3808 if (!mgmt_valid_hdev(hdev))
3809 return -ENOTSUPP;
3810
744cf19e 3811 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status);
b24752fe 3812
744cf19e 3813 return mgmt_event(MGMT_EV_INDEX_REMOVED, hdev, NULL, 0, NULL);
eec8d2bc
JH		 3814}
3815
890ea898 3816static void set_bredr_scan(struct hci_request *req)
7f0ae647 3817{
890ea898 3818 struct hci_dev *hdev = req->hdev;
7f0ae647
JH		 3819 u8 scan = 0;
3820
4c01f8b8
JH		 3821 /* Ensure that fast connectable is disabled. This function will
3822 * not do anything if the page scan parameters are already what
3823 * they should be.
3824 */
3825 write_fast_connectable(req, false);
3826
7f0ae647
JH		 3827 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
3828 scan |= SCAN_PAGE;
3829 if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
3830 scan |= SCAN_INQUIRY;
3831
890ea898
JH		 3832 if (scan)
3833 hci_req_add(req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
7f0ae647
JH		 3834}
3835
229ab39c
JH		 3836static void powered_complete(struct hci_dev *hdev, u8 status)
3837{
3838 struct cmd_lookup match = { NULL, hdev };
3839
3840 BT_DBG("status 0x%02x", status);
3841
3842 hci_dev_lock(hdev);
3843
3844 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
3845
3846 new_settings(hdev, match.sk);
3847
3848 hci_dev_unlock(hdev);
3849
3850 if (match.sk)
3851 sock_put(match.sk);
3852}
3853
70da6243 3854static int powered_update_hci(struct hci_dev *hdev)
5add6af8 3855{
890ea898 3856 struct hci_request req;
70da6243 3857 u8 link_sec;
5add6af8 3858
890ea898
JH		 3859 hci_req_init(&req, hdev);
3860
70da6243
JH		 3861 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags) &&
3862 !lmp_host_ssp_capable(hdev)) {
3863 u8 ssp = 1;
5e5282bb 3864
890ea898 3865 hci_req_add(&req, HCI_OP_WRITE_SSP_MODE, 1, &ssp);
70da6243 3866 }
5add6af8 3867
c73eee91
JH		 3868 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags) &&
3869 lmp_bredr_capable(hdev)) {
70da6243 3870 struct hci_cp_write_le_host_supported cp;
f0ff92fb 3871
70da6243
JH		 3872 cp.le = 1;
3873 cp.simul = lmp_le_br_capable(hdev);
3d1cbdd6 3874
70da6243
JH		 3875 /* Check first if we already have the right
3876 * host state (host features set)
3877 */
3878 if (cp.le != lmp_host_le_capable(hdev) ||
3879 cp.simul != lmp_host_le_br_capable(hdev))
890ea898
JH		 3880 hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED,
3881 sizeof(cp), &cp);
0663ca2a
JH		 3882
3883 /* In case BR/EDR was toggled during the AUTO_OFF phase */
3884 hci_update_ad(&req);
70da6243 3885 }
3d1cbdd6 3886
d13eafce
MH		 3887 if (lmp_le_capable(hdev)) {
3888 /* Set random address to static address if configured */
3889 if (bacmp(&hdev->static_addr, BDADDR_ANY))
3890 hci_req_add(&req, HCI_OP_LE_SET_RANDOM_ADDR, 6,
3891 &hdev->static_addr);
eeca6f89 3892
bba3aa55
MH		 3893 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags))
3894 enable_advertising(&req);
eeca6f89
JH		 3895 }
3896
70da6243
JH		 3897 link_sec = test_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
3898 if (link_sec != test_bit(HCI_AUTH, &hdev->flags))
890ea898
JH		 3899 hci_req_add(&req, HCI_OP_WRITE_AUTH_ENABLE,
3900 sizeof(link_sec), &link_sec);
562fcc24 3901
70da6243 3902 if (lmp_bredr_capable(hdev)) {
56f87901
JH		 3903 if (test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
3904 set_bredr_scan(&req);
890ea898 3905 update_class(&req);
13928971 3906 update_name(&req);
890ea898 3907 update_eir(&req);
70da6243 3908 }
562fcc24 3909
229ab39c 3910 return hci_req_run(&req, powered_complete);
70da6243 3911}
562fcc24 3912
70da6243
JH		 3913int mgmt_powered(struct hci_dev *hdev, u8 powered)
3914{
3915 struct cmd_lookup match = { NULL, hdev };
229ab39c
JH		 3916 u8 status_not_powered = MGMT_STATUS_NOT_POWERED;
3917 u8 zero_cod[] = { 0, 0, 0 };
70da6243 3918 int err;
f0ff92fb 3919
70da6243
JH		 3920 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
3921 return 0;
3922
70da6243 3923 if (powered) {
229ab39c
JH		 3924 if (powered_update_hci(hdev) == 0)
3925 return 0;
fe038884 3926
229ab39c
JH		 3927 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp,
3928 &match);
3929 goto new_settings;
b24752fe
JH		 3930 }
3931
229ab39c
JH		 3932 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
3933 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status_not_powered);
3934
3935 if (memcmp(hdev->dev_class, zero_cod, sizeof(zero_cod)) != 0)
3936 mgmt_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev,
3937 zero_cod, sizeof(zero_cod), NULL);
3938
3939new_settings:
beadb2bd 3940 err = new_settings(hdev, match.sk);
eec8d2bc
JH		 3941
3942 if (match.sk)
3943 sock_put(match.sk);
3944
7bb895d6 3945 return err;
5add6af8 3946}
73f22f62 3947
96570ffc
JH		 3948int mgmt_set_powered_failed(struct hci_dev *hdev, int err)
3949{
3950 struct pending_cmd *cmd;
3951 u8 status;
3952
3953 cmd = mgmt_pending_find(MGMT_OP_SET_POWERED, hdev);
3954 if (!cmd)
3955 return -ENOENT;
3956
3957 if (err == -ERFKILL)
3958 status = MGMT_STATUS_RFKILLED;
3959 else
3960 status = MGMT_STATUS_FAILED;
3961
3962 err = cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_POWERED, status);
3963
3964 mgmt_pending_remove(cmd);
3965
3966 return err;
3967}
3968
744cf19e 3969int mgmt_discoverable(struct hci_dev *hdev, u8 discoverable)
73f22f62 3970{
76a7f3a4 3971 struct cmd_lookup match = { NULL, hdev };
5e5282bb
JH		 3972 bool changed = false;
3973 int err = 0;
73f22f62 3974
5e5282bb
JH		 3975 if (discoverable) {
3976 if (!test_and_set_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
3977 changed = true;
3978 } else {
3979 if (test_and_clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
3980 changed = true;
3981 }
73f22f62 3982
ed9b5f2f 3983 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, hdev, settings_rsp,
04124681 3984 &match);
ed9b5f2f 3985
beadb2bd
JH		 3986 if (changed)
3987 err = new_settings(hdev, match.sk);
5e5282bb 3988
73f22f62
JH		 3989 if (match.sk)
3990 sock_put(match.sk);
3991
7bb895d6 3992 return err;
73f22f62 3993}
9fbcbb45 3994
744cf19e 3995int mgmt_connectable(struct hci_dev *hdev, u8 connectable)
9fbcbb45 3996{
2b76f453 3997 struct pending_cmd *cmd;
5e5282bb
JH		 3998 bool changed = false;
3999 int err = 0;
9fbcbb45 4000
5e5282bb
JH		 4001 if (connectable) {
4002 if (!test_and_set_bit(HCI_CONNECTABLE, &hdev->dev_flags))
4003 changed = true;
4004 } else {
4005 if (test_and_clear_bit(HCI_CONNECTABLE, &hdev->dev_flags))
4006 changed = true;
4007 }
9fbcbb45 4008
2b76f453 4009 cmd = mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
ed9b5f2f 4010
beadb2bd 4011 if (changed)
2b76f453 4012 err = new_settings(hdev, cmd ? cmd->sk : NULL);
9fbcbb45 4013
7bb895d6 4014 return err;
9fbcbb45 4015}
55ed8ca1 4016
744cf19e 4017int mgmt_write_scan_failed(struct hci_dev *hdev, u8 scan, u8 status)
2d7cee58 4018{
ca69b795
JH		 4019 u8 mgmt_err = mgmt_status(status);
4020
2d7cee58 4021 if (scan & SCAN_PAGE)
744cf19e 4022 mgmt_pending_foreach(MGMT_OP_SET_CONNECTABLE, hdev,
04124681 4023 cmd_status_rsp, &mgmt_err);
2d7cee58
JH		 4024
4025 if (scan & SCAN_INQUIRY)
744cf19e 4026 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, hdev,
04124681 4027 cmd_status_rsp, &mgmt_err);
2d7cee58
JH		 4028
4029 return 0;
4030}
4031
53168e5b
CC		 4032int mgmt_new_link_key(struct hci_dev *hdev, struct link_key *key,
4033 bool persistent)
55ed8ca1 4034{
86742e1e 4035 struct mgmt_ev_new_link_key ev;
55ed8ca1 4036
a492cd52 4037 memset(&ev, 0, sizeof(ev));
55ed8ca1 4038
a492cd52 4039 ev.store_hint = persistent;
d753fdc4 4040 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
591f47f3 4041 ev.key.addr.type = BDADDR_BREDR;
a492cd52 4042 ev.key.type = key->type;
9b3b4460 4043 memcpy(ev.key.val, key->val, HCI_LINK_KEY_SIZE);
a492cd52 4044 ev.key.pin_len = key->pin_len;
55ed8ca1 4045
744cf19e 4046 return mgmt_event(MGMT_EV_NEW_LINK_KEY, hdev, &ev, sizeof(ev), NULL);
55ed8ca1 4047}
f7520543 4048
346af67b
VCG		 4049int mgmt_new_ltk(struct hci_dev *hdev, struct smp_ltk *key, u8 persistent)
4050{
4051 struct mgmt_ev_new_long_term_key ev;
4052
4053 memset(&ev, 0, sizeof(ev));
4054
4055 ev.store_hint = persistent;
4056 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
57c1477c 4057 ev.key.addr.type = link_to_bdaddr(LE_LINK, key->bdaddr_type);
346af67b
VCG		 4058 ev.key.authenticated = key->authenticated;
4059 ev.key.enc_size = key->enc_size;
4060 ev.key.ediv = key->ediv;
4061
4062 if (key->type == HCI_SMP_LTK)
4063 ev.key.master = 1;
4064
4065 memcpy(ev.key.rand, key->rand, sizeof(key->rand));
4066 memcpy(ev.key.val, key->val, sizeof(key->val));
4067
04124681
GP		 4068 return mgmt_event(MGMT_EV_NEW_LONG_TERM_KEY, hdev, &ev, sizeof(ev),
4069 NULL);
346af67b
VCG		 4070}
4071
afc747a6 4072int mgmt_device_connected(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
04124681
GP		 4073 u8 addr_type, u32 flags, u8 *name, u8 name_len,
4074 u8 *dev_class)
f7520543 4075{
b644ba33
JH		 4076 char buf[512];
4077 struct mgmt_ev_device_connected *ev = (void *) buf;
4078 u16 eir_len = 0;
f7520543 4079
b644ba33 4080 bacpy(&ev->addr.bdaddr, bdaddr);
57c1477c 4081 ev->addr.type = link_to_bdaddr(link_type, addr_type);
f7520543 4082
c95f0ba7 4083 ev->flags = __cpu_to_le32(flags);
08c79b61 4084
b644ba33
JH		 4085 if (name_len > 0)
4086 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE,
04124681 4087 name, name_len);
b644ba33
JH		 4088
4089 if (dev_class && memcmp(dev_class, "\0\0\0", 3) != 0)
53156385 4090 eir_len = eir_append_data(ev->eir, eir_len,
04124681 4091 EIR_CLASS_OF_DEV, dev_class, 3);
b644ba33 4092
eb55ef07 4093 ev->eir_len = cpu_to_le16(eir_len);
b644ba33
JH		 4094
4095 return mgmt_event(MGMT_EV_DEVICE_CONNECTED, hdev, buf,
04124681 4096 sizeof(*ev) + eir_len, NULL);
f7520543
JH		 4097}
4098
8962ee74
JH		 4099static void disconnect_rsp(struct pending_cmd *cmd, void *data)
4100{
c68fb7ff 4101 struct mgmt_cp_disconnect *cp = cmd->param;
8962ee74 4102 struct sock **sk = data;
a38528f1 4103 struct mgmt_rp_disconnect rp;
8962ee74 4104
88c3df13
JH		 4105 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
4106 rp.addr.type = cp->addr.type;
8962ee74 4107
aee9b218 4108 cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT, 0, &rp,
04124681 4109 sizeof(rp));
8962ee74
JH		 4110
4111 *sk = cmd->sk;
4112 sock_hold(*sk);
4113
a664b5bc 4114 mgmt_pending_remove(cmd);
8962ee74
JH		 4115}
4116
124f6e35 4117static void unpair_device_rsp(struct pending_cmd *cmd, void *data)
a8a1d19e 4118{
b1078ad0 4119 struct hci_dev *hdev = data;
124f6e35
JH		 4120 struct mgmt_cp_unpair_device *cp = cmd->param;
4121 struct mgmt_rp_unpair_device rp;
a8a1d19e
JH		 4122
4123 memset(&rp, 0, sizeof(rp));
124f6e35
JH		 4124 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
4125 rp.addr.type = cp->addr.type;
a8a1d19e 4126
b1078ad0
JH		 4127 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, cmd->sk);
4128
aee9b218 4129 cmd_complete(cmd->sk, cmd->index, cmd->opcode, 0, &rp, sizeof(rp));
a8a1d19e
JH		 4130
4131 mgmt_pending_remove(cmd);
4132}
4133
afc747a6 4134int mgmt_device_disconnected(struct hci_dev *hdev, bdaddr_t *bdaddr,
f0d6a0ea 4135 u8 link_type, u8 addr_type, u8 reason)
f7520543 4136{
f0d6a0ea 4137 struct mgmt_ev_device_disconnected ev;
8962ee74
JH		 4138 struct sock *sk = NULL;
4139 int err;
4140
744cf19e 4141 mgmt_pending_foreach(MGMT_OP_DISCONNECT, hdev, disconnect_rsp, &sk);
f7520543 4142
f0d6a0ea
MA		 4143 bacpy(&ev.addr.bdaddr, bdaddr);
4144 ev.addr.type = link_to_bdaddr(link_type, addr_type);
4145 ev.reason = reason;
f7520543 4146
afc747a6 4147 err = mgmt_event(MGMT_EV_DEVICE_DISCONNECTED, hdev, &ev, sizeof(ev),
04124681 4148 sk);
8962ee74
JH		 4149
4150 if (sk)
d97dcb66 4151 sock_put(sk);
8962ee74 4152
124f6e35 4153 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
04124681 4154 hdev);
a8a1d19e 4155
8962ee74
JH		 4156 return err;
4157}
4158
88c3df13 4159int mgmt_disconnect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 4160 u8 link_type, u8 addr_type, u8 status)
8962ee74 4161{
88c3df13 4162 struct mgmt_rp_disconnect rp;
8962ee74
JH		 4163 struct pending_cmd *cmd;
4164 int err;
4165
36a75f1b
JD		 4166 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
4167 hdev);
4168
2e58ef3e 4169 cmd = mgmt_pending_find(MGMT_OP_DISCONNECT, hdev);
8962ee74
JH		 4170 if (!cmd)
4171 return -ENOENT;
4172
88c3df13 4173 bacpy(&rp.addr.bdaddr, bdaddr);
57c1477c 4174 rp.addr.type = link_to_bdaddr(link_type, addr_type);
37d9ef76 4175
88c3df13 4176 err = cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT,
04124681 4177 mgmt_status(status), &rp, sizeof(rp));
8962ee74 4178
a664b5bc 4179 mgmt_pending_remove(cmd);
8962ee74
JH		 4180
4181 return err;
f7520543 4182}
17d5c04c 4183
48264f06 4184int mgmt_connect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
04124681 4185 u8 addr_type, u8 status)
17d5c04c
JH		 4186{
4187 struct mgmt_ev_connect_failed ev;
4188
4c659c39 4189 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 4190 ev.addr.type = link_to_bdaddr(link_type, addr_type);
ca69b795 4191 ev.status = mgmt_status(status);
17d5c04c 4192
744cf19e 4193 return mgmt_event(MGMT_EV_CONNECT_FAILED, hdev, &ev, sizeof(ev), NULL);
17d5c04c 4194}
980e1a53 4195
744cf19e 4196int mgmt_pin_code_request(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 secure)
980e1a53
JH		 4197{
4198 struct mgmt_ev_pin_code_request ev;
4199
d8457698 4200 bacpy(&ev.addr.bdaddr, bdaddr);
591f47f3 4201 ev.addr.type = BDADDR_BREDR;
a770bb5a 4202 ev.secure = secure;
980e1a53 4203
744cf19e 4204 return mgmt_event(MGMT_EV_PIN_CODE_REQUEST, hdev, &ev, sizeof(ev),
04124681 4205 NULL);
980e1a53
JH		 4206}
4207
744cf19e 4208int mgmt_pin_code_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 4209 u8 status)
980e1a53
JH		 4210{
4211 struct pending_cmd *cmd;
ac56fb13 4212 struct mgmt_rp_pin_code_reply rp;
980e1a53
JH		 4213 int err;
4214
2e58ef3e 4215 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_REPLY, hdev);
980e1a53
JH		 4216 if (!cmd)
4217 return -ENOENT;
4218
d8457698 4219 bacpy(&rp.addr.bdaddr, bdaddr);
591f47f3 4220 rp.addr.type = BDADDR_BREDR;
ac56fb13 4221
aee9b218 4222 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
04124681 4223 mgmt_status(status), &rp, sizeof(rp));
980e1a53 4224
a664b5bc 4225 mgmt_pending_remove(cmd);
980e1a53
JH		 4226
4227 return err;
4228}
4229
744cf19e 4230int mgmt_pin_code_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 4231 u8 status)
980e1a53
JH		 4232{
4233 struct pending_cmd *cmd;
ac56fb13 4234 struct mgmt_rp_pin_code_reply rp;
980e1a53
JH		 4235 int err;
4236
2e58ef3e 4237 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_NEG_REPLY, hdev);
980e1a53
JH		 4238 if (!cmd)
4239 return -ENOENT;
4240
d8457698 4241 bacpy(&rp.addr.bdaddr, bdaddr);
591f47f3 4242 rp.addr.type = BDADDR_BREDR;
ac56fb13 4243
aee9b218 4244 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_NEG_REPLY,
04124681 4245 mgmt_status(status), &rp, sizeof(rp));
980e1a53 4246
a664b5bc 4247 mgmt_pending_remove(cmd);
980e1a53
JH		 4248
4249 return err;
4250}
a5c29683 4251
744cf19e 4252int mgmt_user_confirm_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681
GP		 4253 u8 link_type, u8 addr_type, __le32 value,
4254 u8 confirm_hint)
a5c29683
JH		 4255{
4256 struct mgmt_ev_user_confirm_request ev;
4257
744cf19e 4258 BT_DBG("%s", hdev->name);
a5c29683 4259
272d90df 4260 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 4261 ev.addr.type = link_to_bdaddr(link_type, addr_type);
55bc1a37 4262 ev.confirm_hint = confirm_hint;
78e8098e 4263 ev.value = value;
a5c29683 4264
744cf19e 4265 return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST, hdev, &ev, sizeof(ev),
04124681 4266 NULL);
a5c29683
JH		 4267}
4268
272d90df 4269int mgmt_user_passkey_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
8ce8e2b5 4270 u8 link_type, u8 addr_type)
604086b7
BG		 4271{
4272 struct mgmt_ev_user_passkey_request ev;
4273
4274 BT_DBG("%s", hdev->name);
4275
272d90df 4276 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 4277 ev.addr.type = link_to_bdaddr(link_type, addr_type);
604086b7
BG		 4278
4279 return mgmt_event(MGMT_EV_USER_PASSKEY_REQUEST, hdev, &ev, sizeof(ev),
04124681 4280 NULL);
604086b7
BG		 4281}
4282
0df4c185 4283static int user_pairing_resp_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
8ce8e2b5
GP		 4284 u8 link_type, u8 addr_type, u8 status,
4285 u8 opcode)
a5c29683
JH		 4286{
4287 struct pending_cmd *cmd;
4288 struct mgmt_rp_user_confirm_reply rp;
4289 int err;
4290
2e58ef3e 4291 cmd = mgmt_pending_find(opcode, hdev);
a5c29683
JH		 4292 if (!cmd)
4293 return -ENOENT;
4294
272d90df 4295 bacpy(&rp.addr.bdaddr, bdaddr);
57c1477c 4296 rp.addr.type = link_to_bdaddr(link_type, addr_type);
aee9b218 4297 err = cmd_complete(cmd->sk, hdev->id, opcode, mgmt_status(status),
04124681 4298 &rp, sizeof(rp));
a5c29683 4299
a664b5bc 4300 mgmt_pending_remove(cmd);
a5c29683
JH		 4301
4302 return err;
4303}
4304
744cf19e 4305int mgmt_user_confirm_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 4306 u8 link_type, u8 addr_type, u8 status)
a5c29683 4307{
272d90df 4308 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
04124681 4309 status, MGMT_OP_USER_CONFIRM_REPLY);
a5c29683
JH		 4310}
4311
272d90df 4312int mgmt_user_confirm_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 4313 u8 link_type, u8 addr_type, u8 status)
a5c29683 4314{
272d90df 4315 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
8fc9ced3
GP		 4316 status,
4317 MGMT_OP_USER_CONFIRM_NEG_REPLY);
a5c29683 4318}
2a611692 4319
604086b7 4320int mgmt_user_passkey_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 4321 u8 link_type, u8 addr_type, u8 status)
604086b7 4322{
272d90df 4323 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
04124681 4324 status, MGMT_OP_USER_PASSKEY_REPLY);
604086b7
BG		 4325}
4326
272d90df 4327int mgmt_user_passkey_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 4328 u8 link_type, u8 addr_type, u8 status)
604086b7 4329{
272d90df 4330 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
8fc9ced3
GP		 4331 status,
4332 MGMT_OP_USER_PASSKEY_NEG_REPLY);
604086b7
BG		 4333}
4334
92a25256
JH		 4335int mgmt_user_passkey_notify(struct hci_dev *hdev, bdaddr_t *bdaddr,
4336 u8 link_type, u8 addr_type, u32 passkey,
4337 u8 entered)
4338{
4339 struct mgmt_ev_passkey_notify ev;
4340
4341 BT_DBG("%s", hdev->name);
4342
4343 bacpy(&ev.addr.bdaddr, bdaddr);
4344 ev.addr.type = link_to_bdaddr(link_type, addr_type);
4345 ev.passkey = __cpu_to_le32(passkey);
4346 ev.entered = entered;
4347
4348 return mgmt_event(MGMT_EV_PASSKEY_NOTIFY, hdev, &ev, sizeof(ev), NULL);
4349}
4350
bab73cb6 4351int mgmt_auth_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
04124681 4352 u8 addr_type, u8 status)
2a611692
JH		 4353{
4354 struct mgmt_ev_auth_failed ev;
4355
bab73cb6 4356 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 4357 ev.addr.type = link_to_bdaddr(link_type, addr_type);
ca69b795 4358 ev.status = mgmt_status(status);
2a611692 4359
744cf19e 4360 return mgmt_event(MGMT_EV_AUTH_FAILED, hdev, &ev, sizeof(ev), NULL);
2a611692 4361}
b312b161 4362
33ef95ed
JH		 4363int mgmt_auth_enable_complete(struct hci_dev *hdev, u8 status)
4364{
4365 struct cmd_lookup match = { NULL, hdev };
47990ea0
JH		 4366 bool changed = false;
4367 int err = 0;
33ef95ed
JH		 4368
4369 if (status) {
4370 u8 mgmt_err = mgmt_status(status);
4371 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev,
04124681 4372 cmd_status_rsp, &mgmt_err);
33ef95ed
JH		 4373 return 0;
4374 }
4375
47990ea0
JH		 4376 if (test_bit(HCI_AUTH, &hdev->flags)) {
4377 if (!test_and_set_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
4378 changed = true;
4379 } else {
4380 if (test_and_clear_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
4381 changed = true;
4382 }
4383
33ef95ed 4384 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev, settings_rsp,
04124681 4385 &match);
33ef95ed 4386
47990ea0
JH		 4387 if (changed)
4388 err = new_settings(hdev, match.sk);
33ef95ed
JH		 4389
4390 if (match.sk)
4391 sock_put(match.sk);
4392
4393 return err;
4394}
4395
890ea898 4396static void clear_eir(struct hci_request *req)
cacaf52f 4397{
890ea898 4398 struct hci_dev *hdev = req->hdev;
cacaf52f
JH		 4399 struct hci_cp_write_eir cp;
4400
976eb20e 4401 if (!lmp_ext_inq_capable(hdev))
890ea898 4402 return;
cacaf52f 4403
c80da27e
JH		 4404 memset(hdev->eir, 0, sizeof(hdev->eir));
4405
cacaf52f
JH		 4406 memset(&cp, 0, sizeof(cp));
4407
890ea898 4408 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
cacaf52f
JH		 4409}
4410
c0ecddc2 4411int mgmt_ssp_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
ed2c4ee3
JH		 4412{
4413 struct cmd_lookup match = { NULL, hdev };
890ea898 4414 struct hci_request req;
c0ecddc2
JH		 4415 bool changed = false;
4416 int err = 0;
ed2c4ee3
JH		 4417
4418 if (status) {
4419 u8 mgmt_err = mgmt_status(status);
c0ecddc2
JH		 4420
4421 if (enable && test_and_clear_bit(HCI_SSP_ENABLED,
04124681 4422 &hdev->dev_flags))
c0ecddc2
JH		 4423 err = new_settings(hdev, NULL);
4424
04124681
GP		 4425 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, cmd_status_rsp,
4426 &mgmt_err);
c0ecddc2
JH		 4427
4428 return err;
4429 }
4430
4431 if (enable) {
4432 if (!test_and_set_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
4433 changed = true;
4434 } else {
4435 if (test_and_clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
4436 changed = true;
ed2c4ee3
JH		 4437 }
4438
4439 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, settings_rsp, &match);
4440
c0ecddc2
JH		 4441 if (changed)
4442 err = new_settings(hdev, match.sk);
ed2c4ee3 4443
5fc6ebb1 4444 if (match.sk)
ed2c4ee3
JH		 4445 sock_put(match.sk);
4446
890ea898
JH		 4447 hci_req_init(&req, hdev);
4448
5fc6ebb1 4449 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
890ea898 4450 update_eir(&req);
5fc6ebb1 4451 else
890ea898
JH		 4452 clear_eir(&req);
4453
4454 hci_req_run(&req, NULL);
cacaf52f 4455
ed2c4ee3
JH		 4456 return err;
4457}
4458
92da6097 4459static void sk_lookup(struct pending_cmd *cmd, void *data)
90e70454
JH		 4460{
4461 struct cmd_lookup *match = data;
4462
90e70454
JH		 4463 if (match->sk == NULL) {
4464 match->sk = cmd->sk;
4465 sock_hold(match->sk);
4466 }
90e70454
JH		 4467}
4468
7f9a903c 4469int mgmt_set_class_of_dev_complete(struct hci_dev *hdev, u8 *dev_class,
04124681 4470 u8 status)
7f9a903c 4471{
90e70454
JH		 4472 struct cmd_lookup match = { NULL, hdev, mgmt_status(status) };
4473 int err = 0;
7f9a903c 4474
92da6097
JH		 4475 mgmt_pending_foreach(MGMT_OP_SET_DEV_CLASS, hdev, sk_lookup, &match);
4476 mgmt_pending_foreach(MGMT_OP_ADD_UUID, hdev, sk_lookup, &match);
4477 mgmt_pending_foreach(MGMT_OP_REMOVE_UUID, hdev, sk_lookup, &match);
90e70454
JH		 4478
4479 if (!status)
04124681
GP		 4480 err = mgmt_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev, dev_class,
4481 3, NULL);
90e70454
JH		 4482
4483 if (match.sk)
4484 sock_put(match.sk);
7f9a903c
MH		 4485
4486 return err;
4487}
4488
744cf19e 4489int mgmt_set_local_name_complete(struct hci_dev *hdev, u8 *name, u8 status)
b312b161 4490{
b312b161 4491 struct mgmt_cp_set_local_name ev;
13928971 4492 struct pending_cmd *cmd;
28cc7bde 4493
13928971
JH		 4494 if (status)
4495 return 0;
b312b161
JH		 4496
4497 memset(&ev, 0, sizeof(ev));
4498 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH);
28cc7bde 4499 memcpy(ev.short_name, hdev->short_name, HCI_MAX_SHORT_NAME_LENGTH);
b312b161 4500
2e58ef3e 4501 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
13928971
JH		 4502 if (!cmd) {
4503 memcpy(hdev->dev_name, name, sizeof(hdev->dev_name));
28cc7bde 4504
13928971
JH		 4505 /* If this is a HCI command related to powering on the
4506 * HCI dev don't send any mgmt signals.
4507 */
4508 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev))
4509 return 0;
890ea898 4510 }
b312b161 4511
13928971
JH		 4512 return mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, &ev, sizeof(ev),
4513 cmd ? cmd->sk : NULL);
b312b161 4514}
c35938b2 4515
744cf19e 4516int mgmt_read_local_oob_data_reply_complete(struct hci_dev *hdev, u8 *hash,
04124681 4517 u8 *randomizer, u8 status)
c35938b2
SJ		 4518{
4519 struct pending_cmd *cmd;
4520 int err;
4521
744cf19e 4522 BT_DBG("%s status %u", hdev->name, status);
c35938b2 4523
2e58ef3e 4524 cmd = mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev);
c35938b2
SJ		 4525 if (!cmd)
4526 return -ENOENT;
4527
4528 if (status) {
04124681
GP		 4529 err = cmd_status(cmd->sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
4530 mgmt_status(status));
c35938b2
SJ		 4531 } else {
4532 struct mgmt_rp_read_local_oob_data rp;
4533
4534 memcpy(rp.hash, hash, sizeof(rp.hash));
4535 memcpy(rp.randomizer, randomizer, sizeof(rp.randomizer));
4536
744cf19e 4537 err = cmd_complete(cmd->sk, hdev->id,
04124681
GP		 4538 MGMT_OP_READ_LOCAL_OOB_DATA, 0, &rp,
4539 sizeof(rp));
c35938b2
SJ		 4540 }
4541
4542 mgmt_pending_remove(cmd);
4543
4544 return err;
4545}
e17acd40 4546
48264f06 4547int mgmt_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
04124681
GP		 4548 u8 addr_type, u8 *dev_class, s8 rssi, u8 cfm_name, u8
4549 ssp, u8 *eir, u16 eir_len)
e17acd40 4550{
e319d2e7
JH		 4551 char buf[512];
4552 struct mgmt_ev_device_found *ev = (void *) buf;
1dc06093 4553 size_t ev_size;
e17acd40 4554
12602d0c
AG		 4555 if (!hci_discovery_active(hdev))
4556 return -EPERM;
4557
1dc06093
JH		 4558 /* Leave 5 bytes for a potential CoD field */
4559 if (sizeof(*ev) + eir_len + 5 > sizeof(buf))
7d262f86
AG		 4560 return -EINVAL;
4561
1dc06093
JH		 4562 memset(buf, 0, sizeof(buf));
4563
e319d2e7 4564 bacpy(&ev->addr.bdaddr, bdaddr);
57c1477c 4565 ev->addr.type = link_to_bdaddr(link_type, addr_type);
e319d2e7 4566 ev->rssi = rssi;
9a395a80 4567 if (cfm_name)
612dfce9 4568 ev->flags |= __constant_cpu_to_le32(MGMT_DEV_FOUND_CONFIRM_NAME);
388fc8fa 4569 if (!ssp)
612dfce9 4570 ev->flags |= __constant_cpu_to_le32(MGMT_DEV_FOUND_LEGACY_PAIRING);
e17acd40 4571
1dc06093 4572 if (eir_len > 0)
e319d2e7 4573 memcpy(ev->eir, eir, eir_len);
e17acd40 4574
1dc06093
JH		 4575 if (dev_class && !eir_has_data_type(ev->eir, eir_len, EIR_CLASS_OF_DEV))
4576 eir_len = eir_append_data(ev->eir, eir_len, EIR_CLASS_OF_DEV,
04124681 4577 dev_class, 3);
1dc06093 4578
eb55ef07 4579 ev->eir_len = cpu_to_le16(eir_len);
1dc06093 4580 ev_size = sizeof(*ev) + eir_len;
f8523598 4581
e319d2e7 4582 return mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, ev_size, NULL);
e17acd40 4583}
a88a9652 4584
b644ba33 4585int mgmt_remote_name(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
04124681 4586 u8 addr_type, s8 rssi, u8 *name, u8 name_len)
a88a9652 4587{
b644ba33
JH		 4588 struct mgmt_ev_device_found *ev;
4589 char buf[sizeof(*ev) + HCI_MAX_NAME_LENGTH + 2];
4590 u16 eir_len;
a88a9652 4591
b644ba33 4592 ev = (struct mgmt_ev_device_found *) buf;
a88a9652 4593
b644ba33
JH		 4594 memset(buf, 0, sizeof(buf));
4595
4596 bacpy(&ev->addr.bdaddr, bdaddr);
57c1477c 4597 ev->addr.type = link_to_bdaddr(link_type, addr_type);
b644ba33
JH		 4598 ev->rssi = rssi;
4599
4600 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE, name,
04124681 4601 name_len);
b644ba33 4602
eb55ef07 4603 ev->eir_len = cpu_to_le16(eir_len);
a88a9652 4604
053c7e0c 4605 return mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev,
04124681 4606 sizeof(*ev) + eir_len, NULL);
a88a9652 4607}
314b2381 4608
744cf19e 4609int mgmt_discovering(struct hci_dev *hdev, u8 discovering)
314b2381 4610{
f963e8e9 4611 struct mgmt_ev_discovering ev;
164a6e78
JH		 4612 struct pending_cmd *cmd;
4613
343fb145
AG		 4614 BT_DBG("%s discovering %u", hdev->name, discovering);
4615
164a6e78 4616 if (discovering)
2e58ef3e 4617 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
164a6e78 4618 else
2e58ef3e 4619 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
164a6e78
JH		 4620
4621 if (cmd != NULL) {
f808e166
JH		 4622 u8 type = hdev->discovery.type;
4623
04124681
GP		 4624 cmd_complete(cmd->sk, hdev->id, cmd->opcode, 0, &type,
4625 sizeof(type));
164a6e78
JH		 4626 mgmt_pending_remove(cmd);
4627 }
4628
f963e8e9
JH		 4629 memset(&ev, 0, sizeof(ev));
4630 ev.type = hdev->discovery.type;
4631 ev.discovering = discovering;
4632
4633 return mgmt_event(MGMT_EV_DISCOVERING, hdev, &ev, sizeof(ev), NULL);
314b2381 4634}
5e762444 4635
88c1fe4b 4636int mgmt_device_blocked(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
5e762444
AJ		 4637{
4638 struct pending_cmd *cmd;
4639 struct mgmt_ev_device_blocked ev;
4640
2e58ef3e 4641 cmd = mgmt_pending_find(MGMT_OP_BLOCK_DEVICE, hdev);
5e762444 4642
88c1fe4b
JH		 4643 bacpy(&ev.addr.bdaddr, bdaddr);
4644 ev.addr.type = type;
5e762444 4645
744cf19e 4646 return mgmt_event(MGMT_EV_DEVICE_BLOCKED, hdev, &ev, sizeof(ev),
04124681 4647 cmd ? cmd->sk : NULL);
5e762444
AJ		 4648}
4649
88c1fe4b 4650int mgmt_device_unblocked(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
5e762444
AJ		 4651{
4652 struct pending_cmd *cmd;
4653 struct mgmt_ev_device_unblocked ev;
4654
2e58ef3e 4655 cmd = mgmt_pending_find(MGMT_OP_UNBLOCK_DEVICE, hdev);
5e762444 4656
88c1fe4b
JH		 4657 bacpy(&ev.addr.bdaddr, bdaddr);
4658 ev.addr.type = type;
5e762444 4659
744cf19e 4660 return mgmt_event(MGMT_EV_DEVICE_UNBLOCKED, hdev, &ev, sizeof(ev),
04124681 4661 cmd ? cmd->sk : NULL);
5e762444 4662}
Linux kernel - Deliverables
This page took 5.03318 seconds and 5 git commands to generate.