]> git.proxmox.com Git - mirror_ubuntu-artful-kernel.git/blame - net/bluetooth/mgmt.c
projects / mirror_ubuntu-artful-kernel.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Bluetooth: mgmt: Remove unwanted goto statements
[mirror_ubuntu-artful-kernel.git] / net / bluetooth / mgmt.c
CommitLineData
0381101f
JH		 1/*
2 BlueZ - Bluetooth protocol stack for Linux
ea585ab5 3
0381101f 4 Copyright (C) 2010 Nokia Corporation
ea585ab5 5 Copyright (C) 2011-2012 Intel Corporation
0381101f
JH		 6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
10
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
23*/
24
25/* Bluetooth HCI Management interface */
26
ca69b795 27#include <linux/kernel.h>
72359753 28#include <linux/uaccess.h>
3a9a231d 29#include <linux/module.h>
0381101f
JH		 30#include <asm/unaligned.h>
31
32#include <net/bluetooth/bluetooth.h>
33#include <net/bluetooth/hci_core.h>
34#include <net/bluetooth/mgmt.h>
5fe57d9e 35#include <net/bluetooth/smp.h>
0381101f 36
d7b7e796
MH		 37bool enable_hs;
38bool enable_le;
39
2da9c55c 40#define MGMT_VERSION 1
053262dc 41#define MGMT_REVISION 1
02d98129 42
e70bb2e8
JH		 43static const u16 mgmt_commands[] = {
44 MGMT_OP_READ_INDEX_LIST,
45 MGMT_OP_READ_INFO,
46 MGMT_OP_SET_POWERED,
47 MGMT_OP_SET_DISCOVERABLE,
48 MGMT_OP_SET_CONNECTABLE,
49 MGMT_OP_SET_FAST_CONNECTABLE,
50 MGMT_OP_SET_PAIRABLE,
51 MGMT_OP_SET_LINK_SECURITY,
52 MGMT_OP_SET_SSP,
53 MGMT_OP_SET_HS,
54 MGMT_OP_SET_LE,
55 MGMT_OP_SET_DEV_CLASS,
56 MGMT_OP_SET_LOCAL_NAME,
57 MGMT_OP_ADD_UUID,
58 MGMT_OP_REMOVE_UUID,
59 MGMT_OP_LOAD_LINK_KEYS,
60 MGMT_OP_LOAD_LONG_TERM_KEYS,
61 MGMT_OP_DISCONNECT,
62 MGMT_OP_GET_CONNECTIONS,
63 MGMT_OP_PIN_CODE_REPLY,
64 MGMT_OP_PIN_CODE_NEG_REPLY,
65 MGMT_OP_SET_IO_CAPABILITY,
66 MGMT_OP_PAIR_DEVICE,
67 MGMT_OP_CANCEL_PAIR_DEVICE,
68 MGMT_OP_UNPAIR_DEVICE,
69 MGMT_OP_USER_CONFIRM_REPLY,
70 MGMT_OP_USER_CONFIRM_NEG_REPLY,
71 MGMT_OP_USER_PASSKEY_REPLY,
72 MGMT_OP_USER_PASSKEY_NEG_REPLY,
73 MGMT_OP_READ_LOCAL_OOB_DATA,
74 MGMT_OP_ADD_REMOTE_OOB_DATA,
75 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
76 MGMT_OP_START_DISCOVERY,
77 MGMT_OP_STOP_DISCOVERY,
78 MGMT_OP_CONFIRM_NAME,
79 MGMT_OP_BLOCK_DEVICE,
80 MGMT_OP_UNBLOCK_DEVICE,
cdbaccca 81 MGMT_OP_SET_DEVICE_ID,
e70bb2e8
JH		 82};
83
84static const u16 mgmt_events[] = {
85 MGMT_EV_CONTROLLER_ERROR,
86 MGMT_EV_INDEX_ADDED,
87 MGMT_EV_INDEX_REMOVED,
88 MGMT_EV_NEW_SETTINGS,
89 MGMT_EV_CLASS_OF_DEV_CHANGED,
90 MGMT_EV_LOCAL_NAME_CHANGED,
91 MGMT_EV_NEW_LINK_KEY,
92 MGMT_EV_NEW_LONG_TERM_KEY,
93 MGMT_EV_DEVICE_CONNECTED,
94 MGMT_EV_DEVICE_DISCONNECTED,
95 MGMT_EV_CONNECT_FAILED,
96 MGMT_EV_PIN_CODE_REQUEST,
97 MGMT_EV_USER_CONFIRM_REQUEST,
98 MGMT_EV_USER_PASSKEY_REQUEST,
99 MGMT_EV_AUTH_FAILED,
100 MGMT_EV_DEVICE_FOUND,
101 MGMT_EV_DISCOVERING,
102 MGMT_EV_DEVICE_BLOCKED,
103 MGMT_EV_DEVICE_UNBLOCKED,
104 MGMT_EV_DEVICE_UNPAIRED,
105};
106
3fd24153
AG		 107/*
108 * These LE scan and inquiry parameters were chosen according to LE General
109 * Discovery Procedure specification.
110 */
111#define LE_SCAN_TYPE 0x01
112#define LE_SCAN_WIN 0x12
113#define LE_SCAN_INT 0x12
114#define LE_SCAN_TIMEOUT_LE_ONLY 10240 /* TGAP(gen_disc_scan_min) */
5e0452c0 115#define LE_SCAN_TIMEOUT_BREDR_LE 5120 /* TGAP(100)/2 */
3fd24153 116
e8777525 117#define INQUIRY_LEN_BREDR 0x08 /* TGAP(100) */
5e0452c0 118#define INQUIRY_LEN_BREDR_LE 0x04 /* TGAP(100)/2 */
2519a1fc 119
17b02e62 120#define CACHE_TIMEOUT msecs_to_jiffies(2 * 1000)
7d78525d 121
4b34ee78
JH		 122#define hdev_is_powered(hdev) (test_bit(HCI_UP, &hdev->flags) && \
123 !test_bit(HCI_AUTO_OFF, &hdev->dev_flags))
124
eec8d2bc
JH		 125struct pending_cmd {
126 struct list_head list;
fc2f4b13 127 u16 opcode;
eec8d2bc 128 int index;
c68fb7ff 129 void *param;
eec8d2bc 130 struct sock *sk;
e9a416b5 131 void *user_data;
eec8d2bc
JH		 132};
133
ca69b795
JH		 134/* HCI to MGMT error code conversion table */
135static u8 mgmt_status_table[] = {
136 MGMT_STATUS_SUCCESS,
137 MGMT_STATUS_UNKNOWN_COMMAND, /* Unknown Command */
138 MGMT_STATUS_NOT_CONNECTED, /* No Connection */
139 MGMT_STATUS_FAILED, /* Hardware Failure */
140 MGMT_STATUS_CONNECT_FAILED, /* Page Timeout */
141 MGMT_STATUS_AUTH_FAILED, /* Authentication Failed */
142 MGMT_STATUS_NOT_PAIRED, /* PIN or Key Missing */
143 MGMT_STATUS_NO_RESOURCES, /* Memory Full */
144 MGMT_STATUS_TIMEOUT, /* Connection Timeout */
145 MGMT_STATUS_NO_RESOURCES, /* Max Number of Connections */
146 MGMT_STATUS_NO_RESOURCES, /* Max Number of SCO Connections */
147 MGMT_STATUS_ALREADY_CONNECTED, /* ACL Connection Exists */
148 MGMT_STATUS_BUSY, /* Command Disallowed */
149 MGMT_STATUS_NO_RESOURCES, /* Rejected Limited Resources */
150 MGMT_STATUS_REJECTED, /* Rejected Security */
151 MGMT_STATUS_REJECTED, /* Rejected Personal */
152 MGMT_STATUS_TIMEOUT, /* Host Timeout */
153 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Feature */
154 MGMT_STATUS_INVALID_PARAMS, /* Invalid Parameters */
155 MGMT_STATUS_DISCONNECTED, /* OE User Ended Connection */
156 MGMT_STATUS_NO_RESOURCES, /* OE Low Resources */
157 MGMT_STATUS_DISCONNECTED, /* OE Power Off */
158 MGMT_STATUS_DISCONNECTED, /* Connection Terminated */
159 MGMT_STATUS_BUSY, /* Repeated Attempts */
160 MGMT_STATUS_REJECTED, /* Pairing Not Allowed */
161 MGMT_STATUS_FAILED, /* Unknown LMP PDU */
162 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Remote Feature */
163 MGMT_STATUS_REJECTED, /* SCO Offset Rejected */
164 MGMT_STATUS_REJECTED, /* SCO Interval Rejected */
165 MGMT_STATUS_REJECTED, /* Air Mode Rejected */
166 MGMT_STATUS_INVALID_PARAMS, /* Invalid LMP Parameters */
167 MGMT_STATUS_FAILED, /* Unspecified Error */
168 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported LMP Parameter Value */
169 MGMT_STATUS_FAILED, /* Role Change Not Allowed */
170 MGMT_STATUS_TIMEOUT, /* LMP Response Timeout */
171 MGMT_STATUS_FAILED, /* LMP Error Transaction Collision */
172 MGMT_STATUS_FAILED, /* LMP PDU Not Allowed */
173 MGMT_STATUS_REJECTED, /* Encryption Mode Not Accepted */
174 MGMT_STATUS_FAILED, /* Unit Link Key Used */
175 MGMT_STATUS_NOT_SUPPORTED, /* QoS Not Supported */
176 MGMT_STATUS_TIMEOUT, /* Instant Passed */
177 MGMT_STATUS_NOT_SUPPORTED, /* Pairing Not Supported */
178 MGMT_STATUS_FAILED, /* Transaction Collision */
179 MGMT_STATUS_INVALID_PARAMS, /* Unacceptable Parameter */
180 MGMT_STATUS_REJECTED, /* QoS Rejected */
181 MGMT_STATUS_NOT_SUPPORTED, /* Classification Not Supported */
182 MGMT_STATUS_REJECTED, /* Insufficient Security */
183 MGMT_STATUS_INVALID_PARAMS, /* Parameter Out Of Range */
184 MGMT_STATUS_BUSY, /* Role Switch Pending */
185 MGMT_STATUS_FAILED, /* Slot Violation */
186 MGMT_STATUS_FAILED, /* Role Switch Failed */
187 MGMT_STATUS_INVALID_PARAMS, /* EIR Too Large */
188 MGMT_STATUS_NOT_SUPPORTED, /* Simple Pairing Not Supported */
189 MGMT_STATUS_BUSY, /* Host Busy Pairing */
190 MGMT_STATUS_REJECTED, /* Rejected, No Suitable Channel */
191 MGMT_STATUS_BUSY, /* Controller Busy */
192 MGMT_STATUS_INVALID_PARAMS, /* Unsuitable Connection Interval */
193 MGMT_STATUS_TIMEOUT, /* Directed Advertising Timeout */
194 MGMT_STATUS_AUTH_FAILED, /* Terminated Due to MIC Failure */
195 MGMT_STATUS_CONNECT_FAILED, /* Connection Establishment Failed */
196 MGMT_STATUS_CONNECT_FAILED, /* MAC Connection Failed */
197};
198
199static u8 mgmt_status(u8 hci_status)
200{
201 if (hci_status < ARRAY_SIZE(mgmt_status_table))
202 return mgmt_status_table[hci_status];
203
204 return MGMT_STATUS_FAILED;
205}
206
4e51eae9 207static int cmd_status(struct sock *sk, u16 index, u16 cmd, u8 status)
f7b64e69
JH		 208{
209 struct sk_buff *skb;
210 struct mgmt_hdr *hdr;
211 struct mgmt_ev_cmd_status *ev;
56b7d137 212 int err;
f7b64e69 213
34eb525c 214 BT_DBG("sock %p, index %u, cmd %u, status %u", sk, index, cmd, status);
f7b64e69
JH		 215
216 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev), GFP_ATOMIC);
217 if (!skb)
218 return -ENOMEM;
219
220 hdr = (void *) skb_put(skb, sizeof(*hdr));
221
222 hdr->opcode = cpu_to_le16(MGMT_EV_CMD_STATUS);
4e51eae9 223 hdr->index = cpu_to_le16(index);
f7b64e69
JH		 224 hdr->len = cpu_to_le16(sizeof(*ev));
225
226 ev = (void *) skb_put(skb, sizeof(*ev));
227 ev->status = status;
eb55ef07 228 ev->opcode = cpu_to_le16(cmd);
f7b64e69 229
56b7d137
GP		 230 err = sock_queue_rcv_skb(sk, skb);
231 if (err < 0)
f7b64e69
JH		 232 kfree_skb(skb);
233
56b7d137 234 return err;
f7b64e69
JH		 235}
236
aee9b218 237static int cmd_complete(struct sock *sk, u16 index, u16 cmd, u8 status,
04124681 238 void *rp, size_t rp_len)
02d98129
JH		 239{
240 struct sk_buff *skb;
241 struct mgmt_hdr *hdr;
242 struct mgmt_ev_cmd_complete *ev;
56b7d137 243 int err;
02d98129
JH		 244
245 BT_DBG("sock %p", sk);
246
a38528f1 247 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev) + rp_len, GFP_ATOMIC);
02d98129
JH		 248 if (!skb)
249 return -ENOMEM;
250
251 hdr = (void *) skb_put(skb, sizeof(*hdr));
02d98129 252
a38528f1 253 hdr->opcode = cpu_to_le16(MGMT_EV_CMD_COMPLETE);
4e51eae9 254 hdr->index = cpu_to_le16(index);
a38528f1 255 hdr->len = cpu_to_le16(sizeof(*ev) + rp_len);
02d98129 256
a38528f1 257 ev = (void *) skb_put(skb, sizeof(*ev) + rp_len);
eb55ef07 258 ev->opcode = cpu_to_le16(cmd);
aee9b218 259 ev->status = status;
8020c16a
SJ		 260
261 if (rp)
262 memcpy(ev->data, rp, rp_len);
02d98129 263
56b7d137
GP		 264 err = sock_queue_rcv_skb(sk, skb);
265 if (err < 0)
02d98129
JH		 266 kfree_skb(skb);
267
e5f0e151 268 return err;
02d98129
JH		 269}
270
04124681
GP		 271static int read_version(struct sock *sk, struct hci_dev *hdev, void *data,
272 u16 data_len)
a38528f1
JH		 273{
274 struct mgmt_rp_read_version rp;
275
276 BT_DBG("sock %p", sk);
277
278 rp.version = MGMT_VERSION;
eb55ef07 279 rp.revision = __constant_cpu_to_le16(MGMT_REVISION);
a38528f1 280
aee9b218 281 return cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_VERSION, 0, &rp,
04124681 282 sizeof(rp));
a38528f1
JH		 283}
284
04124681
GP		 285static int read_commands(struct sock *sk, struct hci_dev *hdev, void *data,
286 u16 data_len)
e70bb2e8
JH		 287{
288 struct mgmt_rp_read_commands *rp;
eb55ef07
MH		 289 const u16 num_commands = ARRAY_SIZE(mgmt_commands);
290 const u16 num_events = ARRAY_SIZE(mgmt_events);
2e3c35ea 291 __le16 *opcode;
e70bb2e8
JH		 292 size_t rp_size;
293 int i, err;
294
295 BT_DBG("sock %p", sk);
296
297 rp_size = sizeof(*rp) + ((num_commands + num_events) * sizeof(u16));
298
299 rp = kmalloc(rp_size, GFP_KERNEL);
300 if (!rp)
301 return -ENOMEM;
302
eb55ef07
MH		 303 rp->num_commands = __constant_cpu_to_le16(num_commands);
304 rp->num_events = __constant_cpu_to_le16(num_events);
e70bb2e8
JH		 305
306 for (i = 0, opcode = rp->opcodes; i < num_commands; i++, opcode++)
307 put_unaligned_le16(mgmt_commands[i], opcode);
308
309 for (i = 0; i < num_events; i++, opcode++)
310 put_unaligned_le16(mgmt_events[i], opcode);
311
aee9b218 312 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_COMMANDS, 0, rp,
04124681 313 rp_size);
e70bb2e8
JH		 314 kfree(rp);
315
316 return err;
317}
318
04124681
GP		 319static int read_index_list(struct sock *sk, struct hci_dev *hdev, void *data,
320 u16 data_len)
faba42eb 321{
faba42eb
JH		 322 struct mgmt_rp_read_index_list *rp;
323 struct list_head *p;
8035ded4 324 struct hci_dev *d;
a38528f1 325 size_t rp_len;
faba42eb 326 u16 count;
a38528f1 327 int i, err;
faba42eb
JH		 328
329 BT_DBG("sock %p", sk);
330
331 read_lock(&hci_dev_list_lock);
332
333 count = 0;
334 list_for_each(p, &hci_dev_list) {
335 count++;
336 }
337
a38528f1
JH		 338 rp_len = sizeof(*rp) + (2 * count);
339 rp = kmalloc(rp_len, GFP_ATOMIC);
340 if (!rp) {
b2c60d42 341 read_unlock(&hci_dev_list_lock);
faba42eb 342 return -ENOMEM;
b2c60d42 343 }
faba42eb 344
eb55ef07 345 rp->num_controllers = cpu_to_le16(count);
faba42eb
JH		 346
347 i = 0;
8035ded4 348 list_for_each_entry(d, &hci_dev_list, list) {
a8b2d5c2 349 if (test_bit(HCI_SETUP, &d->dev_flags))
ab81cbf9
JH		 350 continue;
351
eb55ef07 352 rp->index[i++] = cpu_to_le16(d->id);
faba42eb
JH		 353 BT_DBG("Added hci%u", d->id);
354 }
355
356 read_unlock(&hci_dev_list_lock);
357
aee9b218 358 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_INDEX_LIST, 0, rp,
04124681 359 rp_len);
faba42eb 360
a38528f1
JH		 361 kfree(rp);
362
363 return err;
faba42eb
JH		 364}
365
69ab39ea
JH		 366static u32 get_supported_settings(struct hci_dev *hdev)
367{
368 u32 settings = 0;
369
370 settings |= MGMT_SETTING_POWERED;
371 settings |= MGMT_SETTING_CONNECTABLE;
372 settings |= MGMT_SETTING_FAST_CONNECTABLE;
373 settings |= MGMT_SETTING_DISCOVERABLE;
374 settings |= MGMT_SETTING_PAIRABLE;
375
376 if (hdev->features[6] & LMP_SIMPLE_PAIR)
377 settings |= MGMT_SETTING_SSP;
378
379 if (!(hdev->features[4] & LMP_NO_BREDR)) {
380 settings |= MGMT_SETTING_BREDR;
381 settings |= MGMT_SETTING_LINK_SECURITY;
382 }
383
d7b7e796
MH		 384 if (enable_hs)
385 settings |= MGMT_SETTING_HS;
386
387 if (enable_le) {
388 if (hdev->features[4] & LMP_LE)
389 settings |= MGMT_SETTING_LE;
390 }
69ab39ea
JH		 391
392 return settings;
393}
394
395static u32 get_current_settings(struct hci_dev *hdev)
396{
397 u32 settings = 0;
398
f1f0eb02 399 if (hdev_is_powered(hdev))
f0d4b78a
MH		 400 settings |= MGMT_SETTING_POWERED;
401
5e5282bb 402 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
69ab39ea
JH		 403 settings |= MGMT_SETTING_CONNECTABLE;
404
5e5282bb 405 if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
69ab39ea
JH		 406 settings |= MGMT_SETTING_DISCOVERABLE;
407
a8b2d5c2 408 if (test_bit(HCI_PAIRABLE, &hdev->dev_flags))
69ab39ea
JH		 409 settings |= MGMT_SETTING_PAIRABLE;
410
411 if (!(hdev->features[4] & LMP_NO_BREDR))
412 settings |= MGMT_SETTING_BREDR;
413
06199cf8 414 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
69ab39ea
JH		 415 settings |= MGMT_SETTING_LE;
416
47990ea0 417 if (test_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
69ab39ea
JH		 418 settings |= MGMT_SETTING_LINK_SECURITY;
419
84bde9d6 420 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
69ab39ea
JH		 421 settings |= MGMT_SETTING_SSP;
422
6d80dfd0
JH		 423 if (test_bit(HCI_HS_ENABLED, &hdev->dev_flags))
424 settings |= MGMT_SETTING_HS;
425
69ab39ea
JH		 426 return settings;
427}
428
ef580372
JH		 429#define PNP_INFO_SVCLASS_ID 0x1200
430
431static u8 bluetooth_base_uuid[] = {
432 0xFB, 0x34, 0x9B, 0x5F, 0x80, 0x00, 0x00, 0x80,
433 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
434};
435
436static u16 get_uuid16(u8 *uuid128)
437{
438 u32 val;
439 int i;
440
441 for (i = 0; i < 12; i++) {
442 if (bluetooth_base_uuid[i] != uuid128[i])
443 return 0;
444 }
445
3e9fb6d8 446 val = get_unaligned_le32(&uuid128[12]);
ef580372
JH		 447 if (val > 0xffff)
448 return 0;
449
450 return (u16) val;
451}
452
453static void create_eir(struct hci_dev *hdev, u8 *data)
454{
455 u8 *ptr = data;
456 u16 eir_len = 0;
457 u16 uuid16_list[HCI_MAX_EIR_LENGTH / sizeof(u16)];
458 int i, truncated = 0;
459 struct bt_uuid *uuid;
460 size_t name_len;
461
462 name_len = strlen(hdev->dev_name);
463
464 if (name_len > 0) {
465 /* EIR Data type */
466 if (name_len > 48) {
467 name_len = 48;
468 ptr[1] = EIR_NAME_SHORT;
469 } else
470 ptr[1] = EIR_NAME_COMPLETE;
471
472 /* EIR Data length */
473 ptr[0] = name_len + 1;
474
475 memcpy(ptr + 2, hdev->dev_name, name_len);
476
477 eir_len += (name_len + 2);
478 ptr += (name_len + 2);
479 }
480
91c4e9b1
MH		 481 if (hdev->inq_tx_power) {
482 ptr[0] = 2;
483 ptr[1] = EIR_TX_POWER;
484 ptr[2] = (u8) hdev->inq_tx_power;
485
486 eir_len += 3;
487 ptr += 3;
488 }
489
2b9be137
MH		 490 if (hdev->devid_source > 0) {
491 ptr[0] = 9;
492 ptr[1] = EIR_DEVICE_ID;
493
494 put_unaligned_le16(hdev->devid_source, ptr + 2);
495 put_unaligned_le16(hdev->devid_vendor, ptr + 4);
496 put_unaligned_le16(hdev->devid_product, ptr + 6);
497 put_unaligned_le16(hdev->devid_version, ptr + 8);
498
499 eir_len += 10;
500 ptr += 10;
501 }
502
ef580372
JH		 503 memset(uuid16_list, 0, sizeof(uuid16_list));
504
505 /* Group all UUID16 types */
506 list_for_each_entry(uuid, &hdev->uuids, list) {
507 u16 uuid16;
508
509 uuid16 = get_uuid16(uuid->uuid);
510 if (uuid16 == 0)
511 return;
512
513 if (uuid16 < 0x1100)
514 continue;
515
516 if (uuid16 == PNP_INFO_SVCLASS_ID)
517 continue;
518
519 /* Stop if not enough space to put next UUID */
520 if (eir_len + 2 + sizeof(u16) > HCI_MAX_EIR_LENGTH) {
521 truncated = 1;
522 break;
523 }
524
525 /* Check for duplicates */
526 for (i = 0; uuid16_list[i] != 0; i++)
527 if (uuid16_list[i] == uuid16)
528 break;
529
530 if (uuid16_list[i] == 0) {
531 uuid16_list[i] = uuid16;
532 eir_len += sizeof(u16);
533 }
534 }
535
536 if (uuid16_list[0] != 0) {
537 u8 *length = ptr;
538
539 /* EIR Data type */
540 ptr[1] = truncated ? EIR_UUID16_SOME : EIR_UUID16_ALL;
541
542 ptr += 2;
543 eir_len += 2;
544
545 for (i = 0; uuid16_list[i] != 0; i++) {
546 *ptr++ = (uuid16_list[i] & 0x00ff);
547 *ptr++ = (uuid16_list[i] & 0xff00) >> 8;
548 }
549
550 /* EIR Data length */
551 *length = (i * sizeof(u16)) + 1;
552 }
553}
554
555static int update_eir(struct hci_dev *hdev)
556{
557 struct hci_cp_write_eir cp;
558
504c8dcd 559 if (!hdev_is_powered(hdev))
7770c4aa
JH		 560 return 0;
561
ef580372
JH		 562 if (!(hdev->features[6] & LMP_EXT_INQ))
563 return 0;
564
84bde9d6 565 if (!test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
ef580372
JH		 566 return 0;
567
a8b2d5c2 568 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
ef580372
JH		 569 return 0;
570
571 memset(&cp, 0, sizeof(cp));
572
573 create_eir(hdev, cp.data);
574
575 if (memcmp(cp.data, hdev->eir, sizeof(cp.data)) == 0)
576 return 0;
577
578 memcpy(hdev->eir, cp.data, sizeof(cp.data));
579
580 return hci_send_cmd(hdev, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
581}
582
583static u8 get_service_classes(struct hci_dev *hdev)
584{
585 struct bt_uuid *uuid;
586 u8 val = 0;
587
588 list_for_each_entry(uuid, &hdev->uuids, list)
589 val |= uuid->svc_hint;
590
591 return val;
592}
593
594static int update_class(struct hci_dev *hdev)
595{
596 u8 cod[3];
c95f0ba7 597 int err;
ef580372
JH		 598
599 BT_DBG("%s", hdev->name);
600
504c8dcd 601 if (!hdev_is_powered(hdev))
7770c4aa
JH		 602 return 0;
603
a8b2d5c2 604 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
ef580372
JH		 605 return 0;
606
607 cod[0] = hdev->minor_class;
608 cod[1] = hdev->major_class;
609 cod[2] = get_service_classes(hdev);
610
611 if (memcmp(cod, hdev->dev_class, 3) == 0)
612 return 0;
613
c95f0ba7
JH		 614 err = hci_send_cmd(hdev, HCI_OP_WRITE_CLASS_OF_DEV, sizeof(cod), cod);
615 if (err == 0)
616 set_bit(HCI_PENDING_CLASS, &hdev->dev_flags);
617
618 return err;
ef580372
JH		 619}
620
7d78525d
JH		 621static void service_cache_off(struct work_struct *work)
622{
623 struct hci_dev *hdev = container_of(work, struct hci_dev,
04124681 624 service_cache.work);
7d78525d 625
a8b2d5c2 626 if (!test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
7d78525d
JH		 627 return;
628
629 hci_dev_lock(hdev);
630
631 update_eir(hdev);
632 update_class(hdev);
633
634 hci_dev_unlock(hdev);
635}
636
6a919082 637static void mgmt_init_hdev(struct sock *sk, struct hci_dev *hdev)
7d78525d 638{
4f87da80 639 if (test_and_set_bit(HCI_MGMT, &hdev->dev_flags))
6a919082
JH		 640 return;
641
4f87da80 642 INIT_DELAYED_WORK(&hdev->service_cache, service_cache_off);
7d78525d 643
4f87da80
JH		 644 /* Non-mgmt controlled devices get this bit set
645 * implicitly so that pairing works for them, however
646 * for mgmt we require user-space to explicitly enable
647 * it
648 */
649 clear_bit(HCI_PAIRABLE, &hdev->dev_flags);
7d78525d
JH		 650}
651
0f4e68cf 652static int read_controller_info(struct sock *sk, struct hci_dev *hdev,
04124681 653 void *data, u16 data_len)
0381101f 654{
a38528f1 655 struct mgmt_rp_read_info rp;
f7b64e69 656
bdb6d971 657 BT_DBG("sock %p %s", sk, hdev->name);
f7b64e69 658
09fd0de5 659 hci_dev_lock(hdev);
f7b64e69 660
dc4fe30b
JH		 661 memset(&rp, 0, sizeof(rp));
662
69ab39ea 663 bacpy(&rp.bdaddr, &hdev->bdaddr);
f7b64e69 664
69ab39ea 665 rp.version = hdev->hci_ver;
eb55ef07 666 rp.manufacturer = cpu_to_le16(hdev->manufacturer);
69ab39ea
JH		 667
668 rp.supported_settings = cpu_to_le32(get_supported_settings(hdev));
669 rp.current_settings = cpu_to_le32(get_current_settings(hdev));
f7b64e69 670
a38528f1 671 memcpy(rp.dev_class, hdev->dev_class, 3);
f7b64e69 672
dc4fe30b 673 memcpy(rp.name, hdev->dev_name, sizeof(hdev->dev_name));
27fcc362 674 memcpy(rp.short_name, hdev->short_name, sizeof(hdev->short_name));
dc4fe30b 675
09fd0de5 676 hci_dev_unlock(hdev);
0381101f 677
bdb6d971 678 return cmd_complete(sk, hdev->id, MGMT_OP_READ_INFO, 0, &rp,
04124681 679 sizeof(rp));
0381101f
JH		 680}
681
eec8d2bc
JH		 682static void mgmt_pending_free(struct pending_cmd *cmd)
683{
684 sock_put(cmd->sk);
c68fb7ff 685 kfree(cmd->param);
eec8d2bc
JH		 686 kfree(cmd);
687}
688
366a0336 689static struct pending_cmd *mgmt_pending_add(struct sock *sk, u16 opcode,
04124681
GP		 690 struct hci_dev *hdev, void *data,
691 u16 len)
eec8d2bc
JH		 692{
693 struct pending_cmd *cmd;
694
695 cmd = kmalloc(sizeof(*cmd), GFP_ATOMIC);
696 if (!cmd)
366a0336 697 return NULL;
eec8d2bc
JH		 698
699 cmd->opcode = opcode;
2e58ef3e 700 cmd->index = hdev->id;
eec8d2bc 701
c68fb7ff
SJ		 702 cmd->param = kmalloc(len, GFP_ATOMIC);
703 if (!cmd->param) {
eec8d2bc 704 kfree(cmd);
366a0336 705 return NULL;
eec8d2bc
JH		 706 }
707
8fce6357
SJ		 708 if (data)
709 memcpy(cmd->param, data, len);
eec8d2bc
JH		 710
711 cmd->sk = sk;
712 sock_hold(sk);
713
2e58ef3e 714 list_add(&cmd->list, &hdev->mgmt_pending);
eec8d2bc 715
366a0336 716 return cmd;
eec8d2bc
JH		 717}
718
744cf19e 719static void mgmt_pending_foreach(u16 opcode, struct hci_dev *hdev,
04124681
GP		 720 void (*cb)(struct pending_cmd *cmd, void *data),
721 void *data)
eec8d2bc
JH		 722{
723 struct list_head *p, *n;
724
2e58ef3e 725 list_for_each_safe(p, n, &hdev->mgmt_pending) {
eec8d2bc
JH		 726 struct pending_cmd *cmd;
727
728 cmd = list_entry(p, struct pending_cmd, list);
729
b24752fe 730 if (opcode > 0 && cmd->opcode != opcode)
eec8d2bc
JH		 731 continue;
732
eec8d2bc
JH		 733 cb(cmd, data);
734 }
735}
736
2e58ef3e 737static struct pending_cmd *mgmt_pending_find(u16 opcode, struct hci_dev *hdev)
eec8d2bc 738{
8035ded4 739 struct pending_cmd *cmd;
eec8d2bc 740
2e58ef3e 741 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
2aeabcbe
JH		 742 if (cmd->opcode == opcode)
743 return cmd;
eec8d2bc
JH		 744 }
745
746 return NULL;
747}
748
a664b5bc 749static void mgmt_pending_remove(struct pending_cmd *cmd)
73f22f62 750{
73f22f62
JH		 751 list_del(&cmd->list);
752 mgmt_pending_free(cmd);
753}
754
69ab39ea 755static int send_settings_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
8680570b 756{
69ab39ea 757 __le32 settings = cpu_to_le32(get_current_settings(hdev));
8680570b 758
aee9b218 759 return cmd_complete(sk, hdev->id, opcode, 0, &settings,
04124681 760 sizeof(settings));
8680570b
JH		 761}
762
bdb6d971 763static int set_powered(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 764 u16 len)
eec8d2bc 765{
650f726d 766 struct mgmt_mode *cp = data;
366a0336 767 struct pending_cmd *cmd;
4b34ee78 768 int err;
eec8d2bc 769
bdb6d971 770 BT_DBG("request for %s", hdev->name);
eec8d2bc 771
09fd0de5 772 hci_dev_lock(hdev);
eec8d2bc 773
f0d4b78a
MH		 774 if (test_and_clear_bit(HCI_AUTO_OFF, &hdev->dev_flags)) {
775 cancel_delayed_work(&hdev->power_off);
776
777 if (cp->val) {
778 err = send_settings_rsp(sk, MGMT_OP_SET_POWERED, hdev);
779 mgmt_powered(hdev, 1);
780 goto failed;
781 }
782 }
783
4b34ee78 784 if (!!cp->val == hdev_is_powered(hdev)) {
69ab39ea 785 err = send_settings_rsp(sk, MGMT_OP_SET_POWERED, hdev);
eec8d2bc
JH		 786 goto failed;
787 }
788
2e58ef3e 789 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev)) {
bdb6d971 790 err = cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
04124681 791 MGMT_STATUS_BUSY);
eec8d2bc
JH		 792 goto failed;
793 }
794
2e58ef3e 795 cmd = mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev, data, len);
366a0336
JH		 796 if (!cmd) {
797 err = -ENOMEM;
eec8d2bc 798 goto failed;
366a0336 799 }
eec8d2bc 800
72a734ec 801 if (cp->val)
7f971041 802 schedule_work(&hdev->power_on);
eec8d2bc 803 else
80b7ab33 804 schedule_work(&hdev->power_off.work);
eec8d2bc 805
366a0336 806 err = 0;
eec8d2bc
JH		 807
808failed:
09fd0de5 809 hci_dev_unlock(hdev);
366a0336 810 return err;
eec8d2bc
JH		 811}
812
04124681
GP		 813static int mgmt_event(u16 event, struct hci_dev *hdev, void *data, u16 data_len,
814 struct sock *skip_sk)
beadb2bd
JH		 815{
816 struct sk_buff *skb;
817 struct mgmt_hdr *hdr;
818
819 skb = alloc_skb(sizeof(*hdr) + data_len, GFP_ATOMIC);
820 if (!skb)
821 return -ENOMEM;
822
823 hdr = (void *) skb_put(skb, sizeof(*hdr));
824 hdr->opcode = cpu_to_le16(event);
825 if (hdev)
826 hdr->index = cpu_to_le16(hdev->id);
827 else
828 hdr->index = cpu_to_le16(MGMT_INDEX_NONE);
829 hdr->len = cpu_to_le16(data_len);
830
831 if (data)
832 memcpy(skb_put(skb, data_len), data, data_len);
833
97e0bdeb
MH		 834 /* Time stamp */
835 __net_timestamp(skb);
836
beadb2bd
JH		 837 hci_send_to_control(skb, skip_sk);
838 kfree_skb(skb);
839
840 return 0;
841}
842
843static int new_settings(struct hci_dev *hdev, struct sock *skip)
844{
845 __le32 ev;
846
847 ev = cpu_to_le32(get_current_settings(hdev));
848
849 return mgmt_event(MGMT_EV_NEW_SETTINGS, hdev, &ev, sizeof(ev), skip);
850}
851
bdb6d971 852static int set_discoverable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 853 u16 len)
73f22f62 854{
650f726d 855 struct mgmt_cp_set_discoverable *cp = data;
366a0336 856 struct pending_cmd *cmd;
5e5282bb 857 u16 timeout;
73f22f62
JH		 858 u8 scan;
859 int err;
860
bdb6d971 861 BT_DBG("request for %s", hdev->name);
73f22f62 862
1f350c87 863 timeout = __le16_to_cpu(cp->timeout);
24c54a90 864 if (!cp->val && timeout > 0)
bdb6d971 865 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 866 MGMT_STATUS_INVALID_PARAMS);
73f22f62 867
09fd0de5 868 hci_dev_lock(hdev);
73f22f62 869
5e5282bb 870 if (!hdev_is_powered(hdev) && timeout > 0) {
bdb6d971 871 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 872 MGMT_STATUS_NOT_POWERED);
73f22f62
JH		 873 goto failed;
874 }
875
2e58ef3e
JH		 876 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
877 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
bdb6d971 878 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 879 MGMT_STATUS_BUSY);
73f22f62
JH		 880 goto failed;
881 }
882
5e5282bb 883 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags)) {
bdb6d971 884 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 885 MGMT_STATUS_REJECTED);
5e5282bb
JH		 886 goto failed;
887 }
888
889 if (!hdev_is_powered(hdev)) {
0224d2fa
JH		 890 bool changed = false;
891
892 if (!!cp->val != test_bit(HCI_DISCOVERABLE, &hdev->dev_flags)) {
893 change_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
894 changed = true;
895 }
896
5e5282bb 897 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
0224d2fa
JH		 898 if (err < 0)
899 goto failed;
900
901 if (changed)
902 err = new_settings(hdev, sk);
903
5e5282bb
JH		 904 goto failed;
905 }
906
907 if (!!cp->val == test_bit(HCI_DISCOVERABLE, &hdev->dev_flags)) {
955638ec
MH		 908 if (hdev->discov_timeout > 0) {
909 cancel_delayed_work(&hdev->discov_off);
910 hdev->discov_timeout = 0;
911 }
912
913 if (cp->val && timeout > 0) {
914 hdev->discov_timeout = timeout;
915 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
916 msecs_to_jiffies(hdev->discov_timeout * 1000));
917 }
918
69ab39ea 919 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
73f22f62
JH		 920 goto failed;
921 }
922
2e58ef3e 923 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DISCOVERABLE, hdev, data, len);
366a0336
JH		 924 if (!cmd) {
925 err = -ENOMEM;
73f22f62 926 goto failed;
366a0336 927 }
73f22f62
JH		 928
929 scan = SCAN_PAGE;
930
72a734ec 931 if (cp->val)
73f22f62 932 scan |= SCAN_INQUIRY;
16ab91ab 933 else
e0f9309f 934 cancel_delayed_work(&hdev->discov_off);
73f22f62
JH		 935
936 err = hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
937 if (err < 0)
a664b5bc 938 mgmt_pending_remove(cmd);
73f22f62 939
16ab91ab 940 if (cp->val)
5e5282bb 941 hdev->discov_timeout = timeout;
16ab91ab 942
73f22f62 943failed:
09fd0de5 944 hci_dev_unlock(hdev);
73f22f62
JH		 945 return err;
946}
947
bdb6d971 948static int set_connectable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 949 u16 len)
9fbcbb45 950{
650f726d 951 struct mgmt_mode *cp = data;
366a0336 952 struct pending_cmd *cmd;
9fbcbb45
JH		 953 u8 scan;
954 int err;
955
bdb6d971 956 BT_DBG("request for %s", hdev->name);
9fbcbb45 957
09fd0de5 958 hci_dev_lock(hdev);
9fbcbb45 959
4b34ee78 960 if (!hdev_is_powered(hdev)) {
0224d2fa
JH		 961 bool changed = false;
962
963 if (!!cp->val != test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
964 changed = true;
965
6bf0e469 966 if (cp->val) {
5e5282bb 967 set_bit(HCI_CONNECTABLE, &hdev->dev_flags);
6bf0e469 968 } else {
5e5282bb
JH		 969 clear_bit(HCI_CONNECTABLE, &hdev->dev_flags);
970 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
971 }
0224d2fa 972
5e5282bb 973 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
0224d2fa
JH		 974 if (err < 0)
975 goto failed;
976
977 if (changed)
978 err = new_settings(hdev, sk);
979
9fbcbb45
JH		 980 goto failed;
981 }
982
2e58ef3e
JH		 983 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
984 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
bdb6d971 985 err = cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
04124681 986 MGMT_STATUS_BUSY);
9fbcbb45
JH		 987 goto failed;
988 }
989
5e5282bb 990 if (!!cp->val == test_bit(HCI_PSCAN, &hdev->flags)) {
69ab39ea 991 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
9fbcbb45
JH		 992 goto failed;
993 }
994
2e58ef3e 995 cmd = mgmt_pending_add(sk, MGMT_OP_SET_CONNECTABLE, hdev, data, len);
366a0336
JH		 996 if (!cmd) {
997 err = -ENOMEM;
9fbcbb45 998 goto failed;
366a0336 999 }
9fbcbb45 1000
6bf0e469 1001 if (cp->val) {
9fbcbb45 1002 scan = SCAN_PAGE;
6bf0e469 1003 } else {
9fbcbb45
JH		 1004 scan = 0;
1005
df2c6c5e
JH		 1006 if (test_bit(HCI_ISCAN, &hdev->flags) &&
1007 hdev->discov_timeout > 0)
1008 cancel_delayed_work(&hdev->discov_off);
1009 }
1010
9fbcbb45
JH		 1011 err = hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1012 if (err < 0)
a664b5bc 1013 mgmt_pending_remove(cmd);
9fbcbb45
JH		 1014
1015failed:
09fd0de5 1016 hci_dev_unlock(hdev);
9fbcbb45
JH		 1017 return err;
1018}
1019
bdb6d971 1020static int set_pairable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1021 u16 len)
c542a06c 1022{
650f726d 1023 struct mgmt_mode *cp = data;
c542a06c
JH		 1024 int err;
1025
bdb6d971 1026 BT_DBG("request for %s", hdev->name);
c542a06c 1027
09fd0de5 1028 hci_dev_lock(hdev);
c542a06c
JH		 1029
1030 if (cp->val)
a8b2d5c2 1031 set_bit(HCI_PAIRABLE, &hdev->dev_flags);
c542a06c 1032 else
a8b2d5c2 1033 clear_bit(HCI_PAIRABLE, &hdev->dev_flags);
c542a06c 1034
69ab39ea 1035 err = send_settings_rsp(sk, MGMT_OP_SET_PAIRABLE, hdev);
c542a06c
JH		 1036 if (err < 0)
1037 goto failed;
1038
beadb2bd 1039 err = new_settings(hdev, sk);
c542a06c
JH		 1040
1041failed:
09fd0de5 1042 hci_dev_unlock(hdev);
c542a06c
JH		 1043 return err;
1044}
1045
04124681
GP		 1046static int set_link_security(struct sock *sk, struct hci_dev *hdev, void *data,
1047 u16 len)
33ef95ed
JH		 1048{
1049 struct mgmt_mode *cp = data;
1050 struct pending_cmd *cmd;
816a11d5 1051 u8 val;
33ef95ed
JH		 1052 int err;
1053
bdb6d971 1054 BT_DBG("request for %s", hdev->name);
33ef95ed 1055
33ef95ed
JH		 1056 hci_dev_lock(hdev);
1057
4b34ee78 1058 if (!hdev_is_powered(hdev)) {
47990ea0
JH		 1059 bool changed = false;
1060
1061 if (!!cp->val != test_bit(HCI_LINK_SECURITY,
1062 &hdev->dev_flags)) {
1063 change_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
1064 changed = true;
1065 }
1066
1067 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1068 if (err < 0)
1069 goto failed;
1070
1071 if (changed)
1072 err = new_settings(hdev, sk);
1073
33ef95ed
JH		 1074 goto failed;
1075 }
1076
1077 if (mgmt_pending_find(MGMT_OP_SET_LINK_SECURITY, hdev)) {
bdb6d971 1078 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
04124681 1079 MGMT_STATUS_BUSY);
33ef95ed
JH		 1080 goto failed;
1081 }
1082
1083 val = !!cp->val;
1084
1085 if (test_bit(HCI_AUTH, &hdev->flags) == val) {
1086 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1087 goto failed;
1088 }
1089
1090 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LINK_SECURITY, hdev, data, len);
1091 if (!cmd) {
1092 err = -ENOMEM;
1093 goto failed;
1094 }
1095
1096 err = hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE, sizeof(val), &val);
1097 if (err < 0) {
1098 mgmt_pending_remove(cmd);
1099 goto failed;
1100 }
1101
1102failed:
1103 hci_dev_unlock(hdev);
33ef95ed
JH		 1104 return err;
1105}
1106
bdb6d971 1107static int set_ssp(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
ed2c4ee3
JH		 1108{
1109 struct mgmt_mode *cp = data;
1110 struct pending_cmd *cmd;
816a11d5 1111 u8 val;
ed2c4ee3
JH		 1112 int err;
1113
bdb6d971 1114 BT_DBG("request for %s", hdev->name);
ed2c4ee3 1115
ed2c4ee3
JH		 1116 hci_dev_lock(hdev);
1117
6c8f12c1 1118 if (!(hdev->features[6] & LMP_SIMPLE_PAIR)) {
bdb6d971 1119 err = cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
04124681 1120 MGMT_STATUS_NOT_SUPPORTED);
6c8f12c1
JH		 1121 goto failed;
1122 }
1123
c0ecddc2
JH		 1124 val = !!cp->val;
1125
4b34ee78 1126 if (!hdev_is_powered(hdev)) {
c0ecddc2
JH		 1127 bool changed = false;
1128
1129 if (val != test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) {
1130 change_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
1131 changed = true;
1132 }
1133
1134 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1135 if (err < 0)
1136 goto failed;
1137
1138 if (changed)
1139 err = new_settings(hdev, sk);
1140
ed2c4ee3
JH		 1141 goto failed;
1142 }
1143
1144 if (mgmt_pending_find(MGMT_OP_SET_SSP, hdev)) {
d97dcb66
SJ		 1145 err = cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1146 MGMT_STATUS_BUSY);
ed2c4ee3
JH		 1147 goto failed;
1148 }
1149
ed2c4ee3
JH		 1150 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags) == val) {
1151 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1152 goto failed;
1153 }
1154
1155 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SSP, hdev, data, len);
1156 if (!cmd) {
1157 err = -ENOMEM;
1158 goto failed;
1159 }
1160
1161 err = hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, sizeof(val), &val);
1162 if (err < 0) {
1163 mgmt_pending_remove(cmd);
1164 goto failed;
1165 }
1166
1167failed:
1168 hci_dev_unlock(hdev);
ed2c4ee3
JH		 1169 return err;
1170}
1171
bdb6d971 1172static int set_hs(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
6d80dfd0
JH		 1173{
1174 struct mgmt_mode *cp = data;
6d80dfd0 1175
bdb6d971 1176 BT_DBG("request for %s", hdev->name);
6d80dfd0 1177
bdb6d971
JH		 1178 if (!enable_hs)
1179 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
04124681 1180 MGMT_STATUS_NOT_SUPPORTED);
6d80dfd0
JH		 1181
1182 if (cp->val)
1183 set_bit(HCI_HS_ENABLED, &hdev->dev_flags);
1184 else
1185 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
1186
bdb6d971 1187 return send_settings_rsp(sk, MGMT_OP_SET_HS, hdev);
6d80dfd0
JH		 1188}
1189
bdb6d971 1190static int set_le(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
06199cf8
JH		 1191{
1192 struct mgmt_mode *cp = data;
1193 struct hci_cp_write_le_host_supported hci_cp;
1194 struct pending_cmd *cmd;
06199cf8 1195 int err;
0b60eba1 1196 u8 val, enabled;
06199cf8 1197
bdb6d971 1198 BT_DBG("request for %s", hdev->name);
06199cf8 1199
1de028ce
JH		 1200 hci_dev_lock(hdev);
1201
06199cf8 1202 if (!enable_le || !(hdev->features[4] & LMP_LE)) {
bdb6d971 1203 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
04124681 1204 MGMT_STATUS_NOT_SUPPORTED);
1de028ce 1205 goto unlock;
06199cf8
JH		 1206 }
1207
1208 val = !!cp->val;
0b60eba1 1209 enabled = !!(hdev->host_features[0] & LMP_HOST_LE);
06199cf8 1210
0b60eba1 1211 if (!hdev_is_powered(hdev) || val == enabled) {
06199cf8
JH		 1212 bool changed = false;
1213
1214 if (val != test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
1215 change_bit(HCI_LE_ENABLED, &hdev->dev_flags);
1216 changed = true;
1217 }
1218
1219 err = send_settings_rsp(sk, MGMT_OP_SET_LE, hdev);
1220 if (err < 0)
1de028ce 1221 goto unlock;
06199cf8
JH		 1222
1223 if (changed)
1224 err = new_settings(hdev, sk);
1225
1de028ce 1226 goto unlock;
06199cf8
JH		 1227 }
1228
1229 if (mgmt_pending_find(MGMT_OP_SET_LE, hdev)) {
bdb6d971 1230 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
04124681 1231 MGMT_STATUS_BUSY);
1de028ce 1232 goto unlock;
06199cf8
JH		 1233 }
1234
1235 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LE, hdev, data, len);
1236 if (!cmd) {
1237 err = -ENOMEM;
1de028ce 1238 goto unlock;
06199cf8
JH		 1239 }
1240
1241 memset(&hci_cp, 0, sizeof(hci_cp));
1242
1243 if (val) {
1244 hci_cp.le = val;
1245 hci_cp.simul = !!(hdev->features[6] & LMP_SIMUL_LE_BR);
1246 }
1247
04124681
GP		 1248 err = hci_send_cmd(hdev, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(hci_cp),
1249 &hci_cp);
0c01bc48 1250 if (err < 0)
06199cf8 1251 mgmt_pending_remove(cmd);
06199cf8 1252
1de028ce
JH		 1253unlock:
1254 hci_dev_unlock(hdev);
06199cf8
JH		 1255 return err;
1256}
1257
bdb6d971 1258static int add_uuid(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
2aeb9a1a 1259{
650f726d 1260 struct mgmt_cp_add_uuid *cp = data;
90e70454 1261 struct pending_cmd *cmd;
2aeb9a1a 1262 struct bt_uuid *uuid;
2aeb9a1a
JH		 1263 int err;
1264
bdb6d971 1265 BT_DBG("request for %s", hdev->name);
2aeb9a1a 1266
09fd0de5 1267 hci_dev_lock(hdev);
2aeb9a1a 1268
c95f0ba7 1269 if (test_bit(HCI_PENDING_CLASS, &hdev->dev_flags)) {
bdb6d971 1270 err = cmd_status(sk, hdev->id, MGMT_OP_ADD_UUID,
04124681 1271 MGMT_STATUS_BUSY);
c95f0ba7
JH		 1272 goto failed;
1273 }
1274
2aeb9a1a
JH		 1275 uuid = kmalloc(sizeof(*uuid), GFP_ATOMIC);
1276 if (!uuid) {
1277 err = -ENOMEM;
1278 goto failed;
1279 }
1280
1281 memcpy(uuid->uuid, cp->uuid, 16);
1aff6f09 1282 uuid->svc_hint = cp->svc_hint;
2aeb9a1a
JH		 1283
1284 list_add(&uuid->list, &hdev->uuids);
1285
1aff6f09
JH		 1286 err = update_class(hdev);
1287 if (err < 0)
1288 goto failed;
1289
80a1e1db
JH		 1290 err = update_eir(hdev);
1291 if (err < 0)
1292 goto failed;
1293
90e70454 1294 if (!test_bit(HCI_PENDING_CLASS, &hdev->dev_flags)) {
bdb6d971 1295 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_UUID, 0,
04124681 1296 hdev->dev_class, 3);
90e70454
JH		 1297 goto failed;
1298 }
1299
1300 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_UUID, hdev, data, len);
0c01bc48 1301 if (!cmd)
90e70454 1302 err = -ENOMEM;
2aeb9a1a
JH		 1303
1304failed:
09fd0de5 1305 hci_dev_unlock(hdev);
2aeb9a1a
JH		 1306 return err;
1307}
1308
24b78d0f
JH		 1309static bool enable_service_cache(struct hci_dev *hdev)
1310{
1311 if (!hdev_is_powered(hdev))
1312 return false;
1313
1314 if (!test_and_set_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
17b02e62 1315 schedule_delayed_work(&hdev->service_cache, CACHE_TIMEOUT);
24b78d0f
JH		 1316 return true;
1317 }
1318
1319 return false;
1320}
1321
bdb6d971
JH		 1322static int remove_uuid(struct sock *sk, struct hci_dev *hdev, void *data,
1323 u16 len)
2aeb9a1a 1324{
650f726d 1325 struct mgmt_cp_remove_uuid *cp = data;
90e70454 1326 struct pending_cmd *cmd;
2aeb9a1a 1327 struct list_head *p, *n;
2aeb9a1a 1328 u8 bt_uuid_any[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
2aeb9a1a
JH		 1329 int err, found;
1330
bdb6d971 1331 BT_DBG("request for %s", hdev->name);
2aeb9a1a 1332
09fd0de5 1333 hci_dev_lock(hdev);
2aeb9a1a 1334
c95f0ba7 1335 if (test_bit(HCI_PENDING_CLASS, &hdev->dev_flags)) {
bdb6d971 1336 err = cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
04124681 1337 MGMT_STATUS_BUSY);
c95f0ba7
JH		 1338 goto unlock;
1339 }
1340
2aeb9a1a
JH		 1341 if (memcmp(cp->uuid, bt_uuid_any, 16) == 0) {
1342 err = hci_uuids_clear(hdev);
4004b6d9 1343
24b78d0f 1344 if (enable_service_cache(hdev)) {
bdb6d971 1345 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID,
04124681 1346 0, hdev->dev_class, 3);
24b78d0f
JH		 1347 goto unlock;
1348 }
4004b6d9 1349
9246a869 1350 goto update_class;
2aeb9a1a
JH		 1351 }
1352
1353 found = 0;
1354
1355 list_for_each_safe(p, n, &hdev->uuids) {
1356 struct bt_uuid *match = list_entry(p, struct bt_uuid, list);
1357
1358 if (memcmp(match->uuid, cp->uuid, 16) != 0)
1359 continue;
1360
1361 list_del(&match->list);
1362 found++;
1363 }
1364
1365 if (found == 0) {
bdb6d971 1366 err = cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
04124681 1367 MGMT_STATUS_INVALID_PARAMS);
2aeb9a1a
JH		 1368 goto unlock;
1369 }
1370
9246a869 1371update_class:
1aff6f09
JH		 1372 err = update_class(hdev);
1373 if (err < 0)
1374 goto unlock;
1375
80a1e1db
JH		 1376 err = update_eir(hdev);
1377 if (err < 0)
1378 goto unlock;
1379
90e70454 1380 if (!test_bit(HCI_PENDING_CLASS, &hdev->dev_flags)) {
bdb6d971 1381 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID, 0,
04124681 1382 hdev->dev_class, 3);
90e70454
JH		 1383 goto unlock;
1384 }
1385
1386 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_UUID, hdev, data, len);
0c01bc48 1387 if (!cmd)
90e70454 1388 err = -ENOMEM;
2aeb9a1a
JH		 1389
1390unlock:
09fd0de5 1391 hci_dev_unlock(hdev);
2aeb9a1a
JH		 1392 return err;
1393}
1394
bdb6d971 1395static int set_dev_class(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1396 u16 len)
1aff6f09 1397{
650f726d 1398 struct mgmt_cp_set_dev_class *cp = data;
90e70454 1399 struct pending_cmd *cmd;
1aff6f09
JH		 1400 int err;
1401
bdb6d971 1402 BT_DBG("request for %s", hdev->name);
1aff6f09 1403
09fd0de5 1404 hci_dev_lock(hdev);
1aff6f09 1405
c95f0ba7 1406 if (test_bit(HCI_PENDING_CLASS, &hdev->dev_flags)) {
bdb6d971 1407 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
04124681 1408 MGMT_STATUS_BUSY);
c95f0ba7
JH		 1409 goto unlock;
1410 }
1411
932f5ff5
JH		 1412 hdev->major_class = cp->major;
1413 hdev->minor_class = cp->minor;
1414
b5235a65 1415 if (!hdev_is_powered(hdev)) {
bdb6d971 1416 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
04124681 1417 hdev->dev_class, 3);
b5235a65
JH		 1418 goto unlock;
1419 }
1420
a8b2d5c2 1421 if (test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
7d78525d
JH		 1422 hci_dev_unlock(hdev);
1423 cancel_delayed_work_sync(&hdev->service_cache);
1424 hci_dev_lock(hdev);
14c0b608 1425 update_eir(hdev);
7d78525d 1426 }
14c0b608 1427
1aff6f09 1428 err = update_class(hdev);
90e70454
JH		 1429 if (err < 0)
1430 goto unlock;
1aff6f09 1431
90e70454 1432 if (!test_bit(HCI_PENDING_CLASS, &hdev->dev_flags)) {
bdb6d971 1433 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
04124681 1434 hdev->dev_class, 3);
90e70454
JH		 1435 goto unlock;
1436 }
1437
1438 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DEV_CLASS, hdev, data, len);
0c01bc48 1439 if (!cmd)
90e70454 1440 err = -ENOMEM;
1aff6f09 1441
b5235a65 1442unlock:
09fd0de5 1443 hci_dev_unlock(hdev);
1aff6f09
JH		 1444 return err;
1445}
1446
bdb6d971
JH		 1447static int load_link_keys(struct sock *sk, struct hci_dev *hdev, void *data,
1448 u16 len)
55ed8ca1 1449{
650f726d 1450 struct mgmt_cp_load_link_keys *cp = data;
4e51eae9 1451 u16 key_count, expected_len;
a492cd52 1452 int i;
55ed8ca1 1453
1f350c87 1454 key_count = __le16_to_cpu(cp->key_count);
55ed8ca1 1455
86742e1e
JH		 1456 expected_len = sizeof(*cp) + key_count *
1457 sizeof(struct mgmt_link_key_info);
a492cd52 1458 if (expected_len != len) {
86742e1e 1459 BT_ERR("load_link_keys: expected %u bytes, got %u bytes",
a492cd52 1460 len, expected_len);
bdb6d971 1461 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
04124681 1462 MGMT_STATUS_INVALID_PARAMS);
55ed8ca1
JH		 1463 }
1464
bdb6d971 1465 BT_DBG("%s debug_keys %u key_count %u", hdev->name, cp->debug_keys,
55ed8ca1
JH		 1466 key_count);
1467
09fd0de5 1468 hci_dev_lock(hdev);
55ed8ca1
JH		 1469
1470 hci_link_keys_clear(hdev);
1471
a8b2d5c2 1472 set_bit(HCI_LINK_KEYS, &hdev->dev_flags);
55ed8ca1
JH		 1473
1474 if (cp->debug_keys)
a8b2d5c2 1475 set_bit(HCI_DEBUG_KEYS, &hdev->dev_flags);
55ed8ca1 1476 else
a8b2d5c2 1477 clear_bit(HCI_DEBUG_KEYS, &hdev->dev_flags);
55ed8ca1 1478
a492cd52 1479 for (i = 0; i < key_count; i++) {
86742e1e 1480 struct mgmt_link_key_info *key = &cp->keys[i];
55ed8ca1 1481
d753fdc4 1482 hci_add_link_key(hdev, NULL, 0, &key->addr.bdaddr, key->val,
04124681 1483 key->type, key->pin_len);
55ed8ca1
JH		 1484 }
1485
bdb6d971 1486 cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS, 0, NULL, 0);
0e5f875a 1487
09fd0de5 1488 hci_dev_unlock(hdev);
55ed8ca1 1489
a492cd52 1490 return 0;
55ed8ca1
JH		 1491}
1492
b1078ad0 1493static int device_unpaired(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 1494 u8 addr_type, struct sock *skip_sk)
b1078ad0
JH		 1495{
1496 struct mgmt_ev_device_unpaired ev;
1497
1498 bacpy(&ev.addr.bdaddr, bdaddr);
1499 ev.addr.type = addr_type;
1500
1501 return mgmt_event(MGMT_EV_DEVICE_UNPAIRED, hdev, &ev, sizeof(ev),
04124681 1502 skip_sk);
b1078ad0
JH		 1503}
1504
bdb6d971 1505static int unpair_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1506 u16 len)
55ed8ca1 1507{
124f6e35
JH		 1508 struct mgmt_cp_unpair_device *cp = data;
1509 struct mgmt_rp_unpair_device rp;
a8a1d19e
JH		 1510 struct hci_cp_disconnect dc;
1511 struct pending_cmd *cmd;
55ed8ca1 1512 struct hci_conn *conn;
55ed8ca1
JH		 1513 int err;
1514
09fd0de5 1515 hci_dev_lock(hdev);
55ed8ca1 1516
a8a1d19e 1517 memset(&rp, 0, sizeof(rp));
124f6e35
JH		 1518 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
1519 rp.addr.type = cp->addr.type;
a8a1d19e 1520
86a8cfc6 1521 if (!hdev_is_powered(hdev)) {
bdb6d971 1522 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
04124681 1523 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
86a8cfc6
JH		 1524 goto unlock;
1525 }
1526
124f6e35
JH		 1527 if (cp->addr.type == MGMT_ADDR_BREDR)
1528 err = hci_remove_link_key(hdev, &cp->addr.bdaddr);
1529 else
1530 err = hci_remove_ltk(hdev, &cp->addr.bdaddr);
b0dbfb46 1531
55ed8ca1 1532 if (err < 0) {
bdb6d971 1533 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
04124681 1534 MGMT_STATUS_NOT_PAIRED, &rp, sizeof(rp));
55ed8ca1
JH		 1535 goto unlock;
1536 }
1537
86a8cfc6
JH		 1538 if (cp->disconnect) {
1539 if (cp->addr.type == MGMT_ADDR_BREDR)
1540 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
124f6e35 1541 &cp->addr.bdaddr);
86a8cfc6
JH		 1542 else
1543 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK,
124f6e35 1544 &cp->addr.bdaddr);
86a8cfc6
JH		 1545 } else {
1546 conn = NULL;
1547 }
124f6e35 1548
a8a1d19e 1549 if (!conn) {
bdb6d971 1550 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE, 0,
04124681 1551 &rp, sizeof(rp));
b1078ad0 1552 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, sk);
a8a1d19e
JH		 1553 goto unlock;
1554 }
55ed8ca1 1555
124f6e35 1556 cmd = mgmt_pending_add(sk, MGMT_OP_UNPAIR_DEVICE, hdev, cp,
04124681 1557 sizeof(*cp));
a8a1d19e
JH		 1558 if (!cmd) {
1559 err = -ENOMEM;
1560 goto unlock;
55ed8ca1
JH		 1561 }
1562
eb55ef07 1563 dc.handle = cpu_to_le16(conn->handle);
a8a1d19e
JH		 1564 dc.reason = 0x13; /* Remote User Terminated Connection */
1565 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
1566 if (err < 0)
1567 mgmt_pending_remove(cmd);
1568
55ed8ca1 1569unlock:
09fd0de5 1570 hci_dev_unlock(hdev);
55ed8ca1
JH		 1571 return err;
1572}
1573
bdb6d971 1574static int disconnect(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1575 u16 len)
8962ee74 1576{
650f726d 1577 struct mgmt_cp_disconnect *cp = data;
8962ee74 1578 struct hci_cp_disconnect dc;
366a0336 1579 struct pending_cmd *cmd;
8962ee74 1580 struct hci_conn *conn;
8962ee74
JH		 1581 int err;
1582
1583 BT_DBG("");
1584
09fd0de5 1585 hci_dev_lock(hdev);
8962ee74
JH		 1586
1587 if (!test_bit(HCI_UP, &hdev->flags)) {
bdb6d971 1588 err = cmd_status(sk, hdev->id, MGMT_OP_DISCONNECT,
04124681 1589 MGMT_STATUS_NOT_POWERED);
8962ee74
JH		 1590 goto failed;
1591 }
1592
2e58ef3e 1593 if (mgmt_pending_find(MGMT_OP_DISCONNECT, hdev)) {
bdb6d971 1594 err = cmd_status(sk, hdev->id, MGMT_OP_DISCONNECT,
04124681 1595 MGMT_STATUS_BUSY);
8962ee74
JH		 1596 goto failed;
1597 }
1598
88c3df13
JH		 1599 if (cp->addr.type == MGMT_ADDR_BREDR)
1600 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->addr.bdaddr);
1601 else
1602 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
365227e5 1603
8962ee74 1604 if (!conn) {
bdb6d971 1605 err = cmd_status(sk, hdev->id, MGMT_OP_DISCONNECT,
04124681 1606 MGMT_STATUS_NOT_CONNECTED);
8962ee74
JH		 1607 goto failed;
1608 }
1609
2e58ef3e 1610 cmd = mgmt_pending_add(sk, MGMT_OP_DISCONNECT, hdev, data, len);
366a0336
JH		 1611 if (!cmd) {
1612 err = -ENOMEM;
8962ee74 1613 goto failed;
366a0336 1614 }
8962ee74 1615
eb55ef07 1616 dc.handle = cpu_to_le16(conn->handle);
8962ee74
JH		 1617 dc.reason = 0x13; /* Remote User Terminated Connection */
1618
1619 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
1620 if (err < 0)
a664b5bc 1621 mgmt_pending_remove(cmd);
8962ee74
JH		 1622
1623failed:
09fd0de5 1624 hci_dev_unlock(hdev);
8962ee74
JH		 1625 return err;
1626}
1627
48264f06 1628static u8 link_to_mgmt(u8 link_type, u8 addr_type)
4c659c39
JH		 1629{
1630 switch (link_type) {
1631 case LE_LINK:
48264f06
JH		 1632 switch (addr_type) {
1633 case ADDR_LE_DEV_PUBLIC:
1634 return MGMT_ADDR_LE_PUBLIC;
0ed09148 1635
48264f06 1636 default:
0ed09148
AG		 1637 /* Fallback to LE Random address type */
1638 return MGMT_ADDR_LE_RANDOM;
48264f06 1639 }
0ed09148 1640
4c659c39 1641 default:
0ed09148
AG		 1642 /* Fallback to BR/EDR type */
1643 return MGMT_ADDR_BREDR;
4c659c39
JH		 1644 }
1645}
1646
04124681
GP		 1647static int get_connections(struct sock *sk, struct hci_dev *hdev, void *data,
1648 u16 data_len)
2784eb41 1649{
2784eb41 1650 struct mgmt_rp_get_connections *rp;
8035ded4 1651 struct hci_conn *c;
a38528f1 1652 size_t rp_len;
60fc5fb6
JH		 1653 int err;
1654 u16 i;
2784eb41
JH		 1655
1656 BT_DBG("");
1657
09fd0de5 1658 hci_dev_lock(hdev);
2784eb41 1659
5f97c1df 1660 if (!hdev_is_powered(hdev)) {
bdb6d971 1661 err = cmd_status(sk, hdev->id, MGMT_OP_GET_CONNECTIONS,
04124681 1662 MGMT_STATUS_NOT_POWERED);
5f97c1df
JH		 1663 goto unlock;
1664 }
1665
60fc5fb6 1666 i = 0;
b644ba33
JH		 1667 list_for_each_entry(c, &hdev->conn_hash.list, list) {
1668 if (test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
60fc5fb6 1669 i++;
2784eb41
JH		 1670 }
1671
60fc5fb6 1672 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
a38528f1
JH		 1673 rp = kmalloc(rp_len, GFP_ATOMIC);
1674 if (!rp) {
2784eb41
JH		 1675 err = -ENOMEM;
1676 goto unlock;
1677 }
1678
2784eb41 1679 i = 0;
4c659c39 1680 list_for_each_entry(c, &hdev->conn_hash.list, list) {
b644ba33
JH		 1681 if (!test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
1682 continue;
4c659c39 1683 bacpy(&rp->addr[i].bdaddr, &c->dst);
48264f06 1684 rp->addr[i].type = link_to_mgmt(c->type, c->dst_type);
0ed09148 1685 if (c->type == SCO_LINK || c->type == ESCO_LINK)
4c659c39
JH		 1686 continue;
1687 i++;
1688 }
1689
eb55ef07 1690 rp->conn_count = cpu_to_le16(i);
60fc5fb6 1691
4c659c39
JH		 1692 /* Recalculate length in case of filtered SCO connections, etc */
1693 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
2784eb41 1694
bdb6d971 1695 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CONNECTIONS, 0, rp,
04124681 1696 rp_len);
2784eb41 1697
a38528f1 1698 kfree(rp);
5f97c1df
JH		 1699
1700unlock:
09fd0de5 1701 hci_dev_unlock(hdev);
2784eb41
JH		 1702 return err;
1703}
1704
bdb6d971 1705static int send_pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 1706 struct mgmt_cp_pin_code_neg_reply *cp)
96d97a67
WR		 1707{
1708 struct pending_cmd *cmd;
1709 int err;
1710
2e58ef3e 1711 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_NEG_REPLY, hdev, cp,
04124681 1712 sizeof(*cp));
96d97a67
WR		 1713 if (!cmd)
1714 return -ENOMEM;
1715
d8457698 1716 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
04124681 1717 sizeof(cp->addr.bdaddr), &cp->addr.bdaddr);
96d97a67
WR		 1718 if (err < 0)
1719 mgmt_pending_remove(cmd);
1720
1721 return err;
1722}
1723
bdb6d971 1724static int pin_code_reply(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1725 u16 len)
980e1a53 1726{
96d97a67 1727 struct hci_conn *conn;
650f726d 1728 struct mgmt_cp_pin_code_reply *cp = data;
980e1a53 1729 struct hci_cp_pin_code_reply reply;
366a0336 1730 struct pending_cmd *cmd;
980e1a53
JH		 1731 int err;
1732
1733 BT_DBG("");
1734
09fd0de5 1735 hci_dev_lock(hdev);
980e1a53 1736
4b34ee78 1737 if (!hdev_is_powered(hdev)) {
bdb6d971 1738 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
04124681 1739 MGMT_STATUS_NOT_POWERED);
980e1a53
JH		 1740 goto failed;
1741 }
1742
d8457698 1743 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->addr.bdaddr);
96d97a67 1744 if (!conn) {
bdb6d971 1745 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
04124681 1746 MGMT_STATUS_NOT_CONNECTED);
96d97a67
WR		 1747 goto failed;
1748 }
1749
1750 if (conn->pending_sec_level == BT_SECURITY_HIGH && cp->pin_len != 16) {
d8457698
JH		 1751 struct mgmt_cp_pin_code_neg_reply ncp;
1752
1753 memcpy(&ncp.addr, &cp->addr, sizeof(ncp.addr));
96d97a67
WR		 1754
1755 BT_ERR("PIN code is not 16 bytes long");
1756
bdb6d971 1757 err = send_pin_code_neg_reply(sk, hdev, &ncp);
96d97a67 1758 if (err >= 0)
bdb6d971 1759 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
04124681 1760 MGMT_STATUS_INVALID_PARAMS);
96d97a67
WR		 1761
1762 goto failed;
1763 }
1764
00abfe44 1765 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_REPLY, hdev, data, len);
366a0336
JH		 1766 if (!cmd) {
1767 err = -ENOMEM;
980e1a53 1768 goto failed;
366a0336 1769 }
980e1a53 1770
d8457698 1771 bacpy(&reply.bdaddr, &cp->addr.bdaddr);
980e1a53 1772 reply.pin_len = cp->pin_len;
24718ca5 1773 memcpy(reply.pin_code, cp->pin_code, sizeof(reply.pin_code));
980e1a53
JH		 1774
1775 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_REPLY, sizeof(reply), &reply);
1776 if (err < 0)
a664b5bc 1777 mgmt_pending_remove(cmd);
980e1a53
JH		 1778
1779failed:
09fd0de5 1780 hci_dev_unlock(hdev);
980e1a53
JH		 1781 return err;
1782}
1783
bdb6d971 1784static int pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 1785 void *data, u16 len)
980e1a53 1786{
650f726d 1787 struct mgmt_cp_pin_code_neg_reply *cp = data;
980e1a53
JH		 1788 int err;
1789
1790 BT_DBG("");
1791
09fd0de5 1792 hci_dev_lock(hdev);
980e1a53 1793
4b34ee78 1794 if (!hdev_is_powered(hdev)) {
bdb6d971 1795 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_NEG_REPLY,
04124681 1796 MGMT_STATUS_NOT_POWERED);
980e1a53
JH		 1797 goto failed;
1798 }
1799
bdb6d971 1800 err = send_pin_code_neg_reply(sk, hdev, cp);
980e1a53
JH		 1801
1802failed:
09fd0de5 1803 hci_dev_unlock(hdev);
980e1a53
JH		 1804 return err;
1805}
1806
04124681
GP		 1807static int set_io_capability(struct sock *sk, struct hci_dev *hdev, void *data,
1808 u16 len)
17fa4b9d 1809{
650f726d 1810 struct mgmt_cp_set_io_capability *cp = data;
17fa4b9d
JH		 1811
1812 BT_DBG("");
1813
09fd0de5 1814 hci_dev_lock(hdev);
17fa4b9d
JH		 1815
1816 hdev->io_capability = cp->io_capability;
1817
1818 BT_DBG("%s IO capability set to 0x%02x", hdev->name,
b8534e0f 1819 hdev->io_capability);
17fa4b9d 1820
09fd0de5 1821 hci_dev_unlock(hdev);
17fa4b9d 1822
04124681
GP		 1823 return cmd_complete(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY, 0, NULL,
1824 0);
17fa4b9d
JH		 1825}
1826
e9a416b5
JH		 1827static inline struct pending_cmd *find_pairing(struct hci_conn *conn)
1828{
1829 struct hci_dev *hdev = conn->hdev;
8035ded4 1830 struct pending_cmd *cmd;
e9a416b5 1831
2e58ef3e 1832 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
e9a416b5
JH		 1833 if (cmd->opcode != MGMT_OP_PAIR_DEVICE)
1834 continue;
1835
e9a416b5
JH		 1836 if (cmd->user_data != conn)
1837 continue;
1838
1839 return cmd;
1840 }
1841
1842 return NULL;
1843}
1844
1845static void pairing_complete(struct pending_cmd *cmd, u8 status)
1846{
1847 struct mgmt_rp_pair_device rp;
1848 struct hci_conn *conn = cmd->user_data;
1849
ba4e564f
JH		 1850 bacpy(&rp.addr.bdaddr, &conn->dst);
1851 rp.addr.type = link_to_mgmt(conn->type, conn->dst_type);
e9a416b5 1852
aee9b218 1853 cmd_complete(cmd->sk, cmd->index, MGMT_OP_PAIR_DEVICE, status,
04124681 1854 &rp, sizeof(rp));
e9a416b5
JH		 1855
1856 /* So we don't get further callbacks for this connection */
1857 conn->connect_cfm_cb = NULL;
1858 conn->security_cfm_cb = NULL;
1859 conn->disconn_cfm_cb = NULL;
1860
1861 hci_conn_put(conn);
1862
a664b5bc 1863 mgmt_pending_remove(cmd);
e9a416b5
JH		 1864}
1865
1866static void pairing_complete_cb(struct hci_conn *conn, u8 status)
1867{
1868 struct pending_cmd *cmd;
1869
1870 BT_DBG("status %u", status);
1871
1872 cmd = find_pairing(conn);
56e5cb86 1873 if (!cmd)
e9a416b5 1874 BT_DBG("Unable to find a pending command");
56e5cb86 1875 else
e211326c 1876 pairing_complete(cmd, mgmt_status(status));
e9a416b5
JH		 1877}
1878
bdb6d971 1879static int pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1880 u16 len)
e9a416b5 1881{
650f726d 1882 struct mgmt_cp_pair_device *cp = data;
1425acb7 1883 struct mgmt_rp_pair_device rp;
e9a416b5
JH		 1884 struct pending_cmd *cmd;
1885 u8 sec_level, auth_type;
1886 struct hci_conn *conn;
e9a416b5
JH		 1887 int err;
1888
1889 BT_DBG("");
1890
09fd0de5 1891 hci_dev_lock(hdev);
e9a416b5 1892
5f97c1df 1893 if (!hdev_is_powered(hdev)) {
bdb6d971 1894 err = cmd_status(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
04124681 1895 MGMT_STATUS_NOT_POWERED);
5f97c1df
JH		 1896 goto unlock;
1897 }
1898
c908df36
VCG		 1899 sec_level = BT_SECURITY_MEDIUM;
1900 if (cp->io_cap == 0x03)
e9a416b5 1901 auth_type = HCI_AT_DEDICATED_BONDING;
c908df36 1902 else
e9a416b5 1903 auth_type = HCI_AT_DEDICATED_BONDING_MITM;
e9a416b5 1904
ba4e564f
JH		 1905 if (cp->addr.type == MGMT_ADDR_BREDR)
1906 conn = hci_connect(hdev, ACL_LINK, &cp->addr.bdaddr, sec_level,
04124681 1907 auth_type);
7a512d01 1908 else
ba4e564f 1909 conn = hci_connect(hdev, LE_LINK, &cp->addr.bdaddr, sec_level,
04124681 1910 auth_type);
7a512d01 1911
1425acb7
JH		 1912 memset(&rp, 0, sizeof(rp));
1913 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
1914 rp.addr.type = cp->addr.type;
1915
30e76272 1916 if (IS_ERR(conn)) {
bdb6d971 1917 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
04124681
GP		 1918 MGMT_STATUS_CONNECT_FAILED, &rp,
1919 sizeof(rp));
e9a416b5
JH		 1920 goto unlock;
1921 }
1922
1923 if (conn->connect_cfm_cb) {
1924 hci_conn_put(conn);
bdb6d971 1925 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
04124681 1926 MGMT_STATUS_BUSY, &rp, sizeof(rp));
e9a416b5
JH		 1927 goto unlock;
1928 }
1929
2e58ef3e 1930 cmd = mgmt_pending_add(sk, MGMT_OP_PAIR_DEVICE, hdev, data, len);
e9a416b5
JH		 1931 if (!cmd) {
1932 err = -ENOMEM;
1933 hci_conn_put(conn);
1934 goto unlock;
1935 }
1936
7a512d01 1937 /* For LE, just connecting isn't a proof that the pairing finished */
ba4e564f 1938 if (cp->addr.type == MGMT_ADDR_BREDR)
7a512d01
VCG		 1939 conn->connect_cfm_cb = pairing_complete_cb;
1940
e9a416b5
JH		 1941 conn->security_cfm_cb = pairing_complete_cb;
1942 conn->disconn_cfm_cb = pairing_complete_cb;
1943 conn->io_capability = cp->io_cap;
1944 cmd->user_data = conn;
1945
1946 if (conn->state == BT_CONNECTED &&
1947 hci_conn_security(conn, sec_level, auth_type))
1948 pairing_complete(cmd, 0);
1949
1950 err = 0;
1951
1952unlock:
09fd0de5 1953 hci_dev_unlock(hdev);
e9a416b5
JH		 1954 return err;
1955}
1956
04124681
GP		 1957static int cancel_pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
1958 u16 len)
28424707 1959{
0f4e68cf 1960 struct mgmt_addr_info *addr = data;
28424707
JH		 1961 struct pending_cmd *cmd;
1962 struct hci_conn *conn;
1963 int err;
1964
1965 BT_DBG("");
1966
28424707
JH		 1967 hci_dev_lock(hdev);
1968
5f97c1df 1969 if (!hdev_is_powered(hdev)) {
bdb6d971 1970 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
04124681 1971 MGMT_STATUS_NOT_POWERED);
5f97c1df
JH		 1972 goto unlock;
1973 }
1974
28424707
JH		 1975 cmd = mgmt_pending_find(MGMT_OP_PAIR_DEVICE, hdev);
1976 if (!cmd) {
bdb6d971 1977 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
04124681 1978 MGMT_STATUS_INVALID_PARAMS);
28424707
JH		 1979 goto unlock;
1980 }
1981
1982 conn = cmd->user_data;
1983
1984 if (bacmp(&addr->bdaddr, &conn->dst) != 0) {
bdb6d971 1985 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
04124681 1986 MGMT_STATUS_INVALID_PARAMS);
28424707
JH		 1987 goto unlock;
1988 }
1989
1990 pairing_complete(cmd, MGMT_STATUS_CANCELLED);
1991
bdb6d971 1992 err = cmd_complete(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE, 0,
04124681 1993 addr, sizeof(*addr));
28424707
JH		 1994unlock:
1995 hci_dev_unlock(hdev);
28424707
JH		 1996 return err;
1997}
1998
bdb6d971 1999static int user_pairing_resp(struct sock *sk, struct hci_dev *hdev,
04124681
GP		 2000 bdaddr_t *bdaddr, u8 type, u16 mgmt_op,
2001 u16 hci_op, __le32 passkey)
a5c29683 2002{
a5c29683 2003 struct pending_cmd *cmd;
0df4c185 2004 struct hci_conn *conn;
a5c29683
JH		 2005 int err;
2006
09fd0de5 2007 hci_dev_lock(hdev);
08ba5382 2008
4b34ee78 2009 if (!hdev_is_powered(hdev)) {
bdb6d971 2010 err = cmd_status(sk, hdev->id, mgmt_op,
04124681 2011 MGMT_STATUS_NOT_POWERED);
0df4c185 2012 goto done;
a5c29683
JH		 2013 }
2014
272d90df
JH		 2015 if (type == MGMT_ADDR_BREDR)
2016 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, bdaddr);
2017 else
47c15e2b 2018 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, bdaddr);
272d90df
JH		 2019
2020 if (!conn) {
bdb6d971 2021 err = cmd_status(sk, hdev->id, mgmt_op,
04124681 2022 MGMT_STATUS_NOT_CONNECTED);
272d90df
JH		 2023 goto done;
2024 }
47c15e2b 2025
272d90df 2026 if (type == MGMT_ADDR_LE_PUBLIC || type == MGMT_ADDR_LE_RANDOM) {
47c15e2b 2027 /* Continue with pairing via SMP */
5fe57d9e
BG		 2028 err = smp_user_confirm_reply(conn, mgmt_op, passkey);
2029
2030 if (!err)
bdb6d971 2031 err = cmd_status(sk, hdev->id, mgmt_op,
04124681 2032 MGMT_STATUS_SUCCESS);
5fe57d9e 2033 else
bdb6d971 2034 err = cmd_status(sk, hdev->id, mgmt_op,
04124681 2035 MGMT_STATUS_FAILED);
47c15e2b 2036
47c15e2b
BG		 2037 goto done;
2038 }
2039
0df4c185 2040 cmd = mgmt_pending_add(sk, mgmt_op, hdev, bdaddr, sizeof(*bdaddr));
a5c29683
JH		 2041 if (!cmd) {
2042 err = -ENOMEM;
0df4c185 2043 goto done;
a5c29683
JH		 2044 }
2045
0df4c185 2046 /* Continue with pairing via HCI */
604086b7
BG		 2047 if (hci_op == HCI_OP_USER_PASSKEY_REPLY) {
2048 struct hci_cp_user_passkey_reply cp;
2049
2050 bacpy(&cp.bdaddr, bdaddr);
2051 cp.passkey = passkey;
2052 err = hci_send_cmd(hdev, hci_op, sizeof(cp), &cp);
2053 } else
2054 err = hci_send_cmd(hdev, hci_op, sizeof(*bdaddr), bdaddr);
2055
a664b5bc
JH		 2056 if (err < 0)
2057 mgmt_pending_remove(cmd);
a5c29683 2058
0df4c185 2059done:
09fd0de5 2060 hci_dev_unlock(hdev);
a5c29683
JH		 2061 return err;
2062}
2063
04124681
GP		 2064static int user_confirm_reply(struct sock *sk, struct hci_dev *hdev, void *data,
2065 u16 len)
0df4c185 2066{
650f726d 2067 struct mgmt_cp_user_confirm_reply *cp = data;
0df4c185
BG		 2068
2069 BT_DBG("");
2070
2071 if (len != sizeof(*cp))
bdb6d971 2072 return cmd_status(sk, hdev->id, MGMT_OP_USER_CONFIRM_REPLY,
04124681 2073 MGMT_STATUS_INVALID_PARAMS);
0df4c185 2074
bdb6d971 2075 return user_pairing_resp(sk, hdev, &cp->addr.bdaddr, cp->addr.type,
04124681
GP		 2076 MGMT_OP_USER_CONFIRM_REPLY,
2077 HCI_OP_USER_CONFIRM_REPLY, 0);
0df4c185
BG		 2078}
2079
bdb6d971 2080static int user_confirm_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 2081 void *data, u16 len)
0df4c185 2082{
c9c2659f 2083 struct mgmt_cp_user_confirm_neg_reply *cp = data;
0df4c185
BG		 2084
2085 BT_DBG("");
2086
bdb6d971 2087 return user_pairing_resp(sk, hdev, &cp->addr.bdaddr, cp->addr.type,
04124681
GP		 2088 MGMT_OP_USER_CONFIRM_NEG_REPLY,
2089 HCI_OP_USER_CONFIRM_NEG_REPLY, 0);
0df4c185
BG		 2090}
2091
04124681
GP		 2092static int user_passkey_reply(struct sock *sk, struct hci_dev *hdev, void *data,
2093 u16 len)
604086b7 2094{
650f726d 2095 struct mgmt_cp_user_passkey_reply *cp = data;
604086b7
BG		 2096
2097 BT_DBG("");
2098
bdb6d971 2099 return user_pairing_resp(sk, hdev, &cp->addr.bdaddr, cp->addr.type,
04124681
GP		 2100 MGMT_OP_USER_PASSKEY_REPLY,
2101 HCI_OP_USER_PASSKEY_REPLY, cp->passkey);
604086b7
BG		 2102}
2103
bdb6d971 2104static int user_passkey_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 2105 void *data, u16 len)
604086b7 2106{
650f726d 2107 struct mgmt_cp_user_passkey_neg_reply *cp = data;
604086b7
BG		 2108
2109 BT_DBG("");
2110
bdb6d971 2111 return user_pairing_resp(sk, hdev, &cp->addr.bdaddr, cp->addr.type,
04124681
GP		 2112 MGMT_OP_USER_PASSKEY_NEG_REPLY,
2113 HCI_OP_USER_PASSKEY_NEG_REPLY, 0);
604086b7
BG		 2114}
2115
2b4bf397
JH		 2116static int update_name(struct hci_dev *hdev, const char *name)
2117{
2118 struct hci_cp_write_local_name cp;
2119
2120 memcpy(cp.name, name, sizeof(cp.name));
2121
2122 return hci_send_cmd(hdev, HCI_OP_WRITE_LOCAL_NAME, sizeof(cp), &cp);
2123}
2124
bdb6d971 2125static int set_local_name(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2126 u16 len)
b312b161 2127{
2b4bf397 2128 struct mgmt_cp_set_local_name *cp = data;
b312b161
JH		 2129 struct pending_cmd *cmd;
2130 int err;
2131
2132 BT_DBG("");
2133
09fd0de5 2134 hci_dev_lock(hdev);
b312b161 2135
2b4bf397 2136 memcpy(hdev->short_name, cp->short_name, sizeof(hdev->short_name));
28cc7bde 2137
b5235a65 2138 if (!hdev_is_powered(hdev)) {
2b4bf397 2139 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
28cc7bde
JH		 2140
2141 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
04124681 2142 data, len);
28cc7bde
JH		 2143 if (err < 0)
2144 goto failed;
2145
2146 err = mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, data, len,
04124681 2147 sk);
28cc7bde 2148
b5235a65
JH		 2149 goto failed;
2150 }
2151
28cc7bde 2152 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LOCAL_NAME, hdev, data, len);
b312b161
JH		 2153 if (!cmd) {
2154 err = -ENOMEM;
2155 goto failed;
2156 }
2157
2b4bf397 2158 err = update_name(hdev, cp->name);
b312b161
JH		 2159 if (err < 0)
2160 mgmt_pending_remove(cmd);
2161
2162failed:
09fd0de5 2163 hci_dev_unlock(hdev);
b312b161
JH		 2164 return err;
2165}
2166
0f4e68cf 2167static int read_local_oob_data(struct sock *sk, struct hci_dev *hdev,
04124681 2168 void *data, u16 data_len)
c35938b2 2169{
c35938b2
SJ		 2170 struct pending_cmd *cmd;
2171 int err;
2172
bdb6d971 2173 BT_DBG("%s", hdev->name);
c35938b2 2174
09fd0de5 2175 hci_dev_lock(hdev);
c35938b2 2176
4b34ee78 2177 if (!hdev_is_powered(hdev)) {
bdb6d971 2178 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
04124681 2179 MGMT_STATUS_NOT_POWERED);
c35938b2
SJ		 2180 goto unlock;
2181 }
2182
2183 if (!(hdev->features[6] & LMP_SIMPLE_PAIR)) {
bdb6d971 2184 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
04124681 2185 MGMT_STATUS_NOT_SUPPORTED);
c35938b2
SJ		 2186 goto unlock;
2187 }
2188
2e58ef3e 2189 if (mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev)) {
bdb6d971 2190 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
04124681 2191 MGMT_STATUS_BUSY);
c35938b2
SJ		 2192 goto unlock;
2193 }
2194
2e58ef3e 2195 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_DATA, hdev, NULL, 0);
c35938b2
SJ		 2196 if (!cmd) {
2197 err = -ENOMEM;
2198 goto unlock;
2199 }
2200
2201 err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL);
2202 if (err < 0)
2203 mgmt_pending_remove(cmd);
2204
2205unlock:
09fd0de5 2206 hci_dev_unlock(hdev);
c35938b2
SJ		 2207 return err;
2208}
2209
bdb6d971 2210static int add_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
04124681 2211 void *data, u16 len)
2763eda6 2212{
650f726d 2213 struct mgmt_cp_add_remote_oob_data *cp = data;
bf1e3541 2214 u8 status;
2763eda6
SJ		 2215 int err;
2216
bdb6d971 2217 BT_DBG("%s ", hdev->name);
2763eda6 2218
09fd0de5 2219 hci_dev_lock(hdev);
2763eda6 2220
5f97c1df 2221 if (!hdev_is_powered(hdev)) {
bdb6d971 2222 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA,
04124681
GP		 2223 MGMT_STATUS_NOT_POWERED, &cp->addr,
2224 sizeof(cp->addr));
5f97c1df
JH		 2225 goto unlock;
2226 }
2227
664ce4cc 2228 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr, cp->hash,
04124681 2229 cp->randomizer);
2763eda6 2230 if (err < 0)
bf1e3541 2231 status = MGMT_STATUS_FAILED;
2763eda6 2232 else
bf1e3541
JH		 2233 status = 0;
2234
bdb6d971 2235 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA, status,
04124681 2236 &cp->addr, sizeof(cp->addr));
2763eda6 2237
5f97c1df 2238unlock:
09fd0de5 2239 hci_dev_unlock(hdev);
2763eda6
SJ		 2240 return err;
2241}
2242
bdb6d971 2243static int remove_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
650f726d 2244 void *data, u16 len)
2763eda6 2245{
650f726d 2246 struct mgmt_cp_remove_remote_oob_data *cp = data;
bf1e3541 2247 u8 status;
2763eda6
SJ		 2248 int err;
2249
bdb6d971 2250 BT_DBG("%s", hdev->name);
2763eda6 2251
09fd0de5 2252 hci_dev_lock(hdev);
2763eda6 2253
5f97c1df 2254 if (!hdev_is_powered(hdev)) {
bdb6d971 2255 err = cmd_complete(sk, hdev->id,
04124681
GP		 2256 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
2257 MGMT_STATUS_NOT_POWERED, &cp->addr,
2258 sizeof(cp->addr));
5f97c1df
JH		 2259 goto unlock;
2260 }
2261
664ce4cc 2262 err = hci_remove_remote_oob_data(hdev, &cp->addr.bdaddr);
2763eda6 2263 if (err < 0)
bf1e3541 2264 status = MGMT_STATUS_INVALID_PARAMS;
2763eda6 2265 else
bf1e3541
JH		 2266 status = 0;
2267
bdb6d971 2268 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
04124681 2269 status, &cp->addr, sizeof(cp->addr));
2763eda6 2270
5f97c1df 2271unlock:
09fd0de5 2272 hci_dev_unlock(hdev);
2763eda6
SJ		 2273 return err;
2274}
2275
5e0452c0
AG		 2276int mgmt_interleaved_discovery(struct hci_dev *hdev)
2277{
2278 int err;
2279
2280 BT_DBG("%s", hdev->name);
2281
2282 hci_dev_lock(hdev);
2283
2284 err = hci_do_inquiry(hdev, INQUIRY_LEN_BREDR_LE);
2285 if (err < 0)
2286 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
2287
2288 hci_dev_unlock(hdev);
2289
2290 return err;
2291}
2292
bdb6d971 2293static int start_discovery(struct sock *sk, struct hci_dev *hdev,
04124681 2294 void *data, u16 len)
14a53664 2295{
650f726d 2296 struct mgmt_cp_start_discovery *cp = data;
14a53664 2297 struct pending_cmd *cmd;
14a53664
JH		 2298 int err;
2299
bdb6d971 2300 BT_DBG("%s", hdev->name);
14a53664 2301
09fd0de5 2302 hci_dev_lock(hdev);
14a53664 2303
4b34ee78 2304 if (!hdev_is_powered(hdev)) {
bdb6d971 2305 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
04124681 2306 MGMT_STATUS_NOT_POWERED);
bd2d1334
JH		 2307 goto failed;
2308 }
2309
642be6c7
AG		 2310 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags)) {
2311 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2312 MGMT_STATUS_BUSY);
2313 goto failed;
2314 }
2315
ff9ef578 2316 if (hdev->discovery.state != DISCOVERY_STOPPED) {
bdb6d971 2317 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
04124681 2318 MGMT_STATUS_BUSY);
ff9ef578
JH		 2319 goto failed;
2320 }
2321
2e58ef3e 2322 cmd = mgmt_pending_add(sk, MGMT_OP_START_DISCOVERY, hdev, NULL, 0);
14a53664
JH		 2323 if (!cmd) {
2324 err = -ENOMEM;
2325 goto failed;
2326 }
2327
4aab14e5
AG		 2328 hdev->discovery.type = cp->type;
2329
2330 switch (hdev->discovery.type) {
f39799f5 2331 case DISCOV_TYPE_BREDR:
8b90129c
AG		 2332 if (lmp_bredr_capable(hdev))
2333 err = hci_do_inquiry(hdev, INQUIRY_LEN_BREDR);
2334 else
2335 err = -ENOTSUPP;
f39799f5
AG		 2336 break;
2337
2338 case DISCOV_TYPE_LE:
8b90129c
AG		 2339 if (lmp_host_le_capable(hdev))
2340 err = hci_le_scan(hdev, LE_SCAN_TYPE, LE_SCAN_INT,
04124681 2341 LE_SCAN_WIN, LE_SCAN_TIMEOUT_LE_ONLY);
8b90129c
AG		 2342 else
2343 err = -ENOTSUPP;
f39799f5
AG		 2344 break;
2345
5e0452c0 2346 case DISCOV_TYPE_INTERLEAVED:
426c189a
AG		 2347 if (lmp_host_le_capable(hdev) && lmp_bredr_capable(hdev))
2348 err = hci_le_scan(hdev, LE_SCAN_TYPE, LE_SCAN_INT,
04124681
GP		 2349 LE_SCAN_WIN,
2350 LE_SCAN_TIMEOUT_BREDR_LE);
426c189a
AG		 2351 else
2352 err = -ENOTSUPP;
5e0452c0
AG		 2353 break;
2354
f39799f5 2355 default:
3fd24153 2356 err = -EINVAL;
f39799f5 2357 }
3fd24153 2358
14a53664
JH		 2359 if (err < 0)
2360 mgmt_pending_remove(cmd);
ff9ef578
JH		 2361 else
2362 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
14a53664
JH		 2363
2364failed:
09fd0de5 2365 hci_dev_unlock(hdev);
14a53664
JH		 2366 return err;
2367}
2368
bdb6d971 2369static int stop_discovery(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2370 u16 len)
14a53664 2371{
d930650b 2372 struct mgmt_cp_stop_discovery *mgmt_cp = data;
14a53664 2373 struct pending_cmd *cmd;
30dc78e1
JH		 2374 struct hci_cp_remote_name_req_cancel cp;
2375 struct inquiry_entry *e;
14a53664
JH		 2376 int err;
2377
bdb6d971 2378 BT_DBG("%s", hdev->name);
14a53664 2379
09fd0de5 2380 hci_dev_lock(hdev);
14a53664 2381
30dc78e1 2382 if (!hci_discovery_active(hdev)) {
bdb6d971 2383 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
04124681
GP		 2384 MGMT_STATUS_REJECTED, &mgmt_cp->type,
2385 sizeof(mgmt_cp->type));
d930650b
JH		 2386 goto unlock;
2387 }
2388
2389 if (hdev->discovery.type != mgmt_cp->type) {
bdb6d971 2390 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
04124681
GP		 2391 MGMT_STATUS_INVALID_PARAMS, &mgmt_cp->type,
2392 sizeof(mgmt_cp->type));
30dc78e1 2393 goto unlock;
ff9ef578
JH		 2394 }
2395
2e58ef3e 2396 cmd = mgmt_pending_add(sk, MGMT_OP_STOP_DISCOVERY, hdev, NULL, 0);
14a53664
JH		 2397 if (!cmd) {
2398 err = -ENOMEM;
30dc78e1
JH		 2399 goto unlock;
2400 }
2401
e0d9727e
AG		 2402 switch (hdev->discovery.state) {
2403 case DISCOVERY_FINDING:
c9ecc48e
AG		 2404 if (test_bit(HCI_INQUIRY, &hdev->flags))
2405 err = hci_cancel_inquiry(hdev);
2406 else
2407 err = hci_cancel_le_scan(hdev);
2408
e0d9727e
AG		 2409 break;
2410
2411 case DISCOVERY_RESOLVING:
2412 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY,
2413 NAME_PENDING);
2414 if (!e) {
30dc78e1 2415 mgmt_pending_remove(cmd);
e0d9727e
AG		 2416 err = cmd_complete(sk, hdev->id,
2417 MGMT_OP_STOP_DISCOVERY, 0,
2418 &mgmt_cp->type,
2419 sizeof(mgmt_cp->type));
2420 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
2421 goto unlock;
2422 }
30dc78e1 2423
e0d9727e
AG		 2424 bacpy(&cp.bdaddr, &e->data.bdaddr);
2425 err = hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ_CANCEL,
2426 sizeof(cp), &cp);
2427
2428 break;
2429
2430 default:
2431 BT_DBG("unknown discovery state %u", hdev->discovery.state);
2432 err = -EFAULT;
14a53664
JH		 2433 }
2434
14a53664
JH		 2435 if (err < 0)
2436 mgmt_pending_remove(cmd);
ff9ef578
JH		 2437 else
2438 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
14a53664 2439
30dc78e1 2440unlock:
09fd0de5 2441 hci_dev_unlock(hdev);
14a53664
JH		 2442 return err;
2443}
2444
bdb6d971 2445static int confirm_name(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2446 u16 len)
561aafbc 2447{
650f726d 2448 struct mgmt_cp_confirm_name *cp = data;
561aafbc 2449 struct inquiry_entry *e;
561aafbc
JH		 2450 int err;
2451
bdb6d971 2452 BT_DBG("%s", hdev->name);
561aafbc 2453
561aafbc
JH		 2454 hci_dev_lock(hdev);
2455
30dc78e1 2456 if (!hci_discovery_active(hdev)) {
bdb6d971 2457 err = cmd_status(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
04124681 2458 MGMT_STATUS_FAILED);
30dc78e1
JH		 2459 goto failed;
2460 }
2461
a198e7b1 2462 e = hci_inquiry_cache_lookup_unknown(hdev, &cp->addr.bdaddr);
561aafbc 2463 if (!e) {
bdb6d971 2464 err = cmd_status(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
04124681 2465 MGMT_STATUS_INVALID_PARAMS);
561aafbc
JH		 2466 goto failed;
2467 }
2468
2469 if (cp->name_known) {
2470 e->name_state = NAME_KNOWN;
2471 list_del(&e->list);
2472 } else {
2473 e->name_state = NAME_NEEDED;
a3d4e20a 2474 hci_inquiry_cache_update_resolve(hdev, e);
561aafbc
JH		 2475 }
2476
2477 err = 0;
2478
2479failed:
2480 hci_dev_unlock(hdev);
561aafbc
JH		 2481 return err;
2482}
2483
bdb6d971 2484static int block_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2485 u16 len)
7fbec224 2486{
650f726d 2487 struct mgmt_cp_block_device *cp = data;
f0eeea8b 2488 u8 status;
7fbec224
AJ		 2489 int err;
2490
bdb6d971 2491 BT_DBG("%s", hdev->name);
7fbec224 2492
09fd0de5 2493 hci_dev_lock(hdev);
5e762444 2494
88c1fe4b 2495 err = hci_blacklist_add(hdev, &cp->addr.bdaddr, cp->addr.type);
7fbec224 2496 if (err < 0)
f0eeea8b 2497 status = MGMT_STATUS_FAILED;
7fbec224 2498 else
f0eeea8b
JH		 2499 status = 0;
2500
bdb6d971 2501 err = cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE, status,
04124681 2502 &cp->addr, sizeof(cp->addr));
5e762444 2503
09fd0de5 2504 hci_dev_unlock(hdev);
7fbec224
AJ		 2505
2506 return err;
2507}
2508
bdb6d971 2509static int unblock_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2510 u16 len)
7fbec224 2511{
650f726d 2512 struct mgmt_cp_unblock_device *cp = data;
f0eeea8b 2513 u8 status;
7fbec224
AJ		 2514 int err;
2515
bdb6d971 2516 BT_DBG("%s", hdev->name);
7fbec224 2517
09fd0de5 2518 hci_dev_lock(hdev);
5e762444 2519
88c1fe4b 2520 err = hci_blacklist_del(hdev, &cp->addr.bdaddr, cp->addr.type);
7fbec224 2521 if (err < 0)
f0eeea8b 2522 status = MGMT_STATUS_INVALID_PARAMS;
7fbec224 2523 else
f0eeea8b
JH		 2524 status = 0;
2525
bdb6d971 2526 err = cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE, status,
04124681 2527 &cp->addr, sizeof(cp->addr));
5e762444 2528
09fd0de5 2529 hci_dev_unlock(hdev);
7fbec224
AJ		 2530
2531 return err;
2532}
2533
cdbaccca
MH		 2534static int set_device_id(struct sock *sk, struct hci_dev *hdev, void *data,
2535 u16 len)
2536{
2537 struct mgmt_cp_set_device_id *cp = data;
2538 int err;
c72d4b8a 2539 __u16 source;
cdbaccca
MH		 2540
2541 BT_DBG("%s", hdev->name);
2542
c72d4b8a
SJ		 2543 source = __le16_to_cpu(cp->source);
2544
2545 if (source > 0x0002)
2546 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEVICE_ID,
2547 MGMT_STATUS_INVALID_PARAMS);
2548
cdbaccca
MH		 2549 hci_dev_lock(hdev);
2550
c72d4b8a 2551 hdev->devid_source = source;
cdbaccca
MH		 2552 hdev->devid_vendor = __le16_to_cpu(cp->vendor);
2553 hdev->devid_product = __le16_to_cpu(cp->product);
2554 hdev->devid_version = __le16_to_cpu(cp->version);
2555
2556 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEVICE_ID, 0, NULL, 0);
2557
2558 update_eir(hdev);
2559
2560 hci_dev_unlock(hdev);
2561
2562 return err;
2563}
2564
bdb6d971 2565static int set_fast_connectable(struct sock *sk, struct hci_dev *hdev,
04124681 2566 void *data, u16 len)
f6422ec6 2567{
650f726d 2568 struct mgmt_mode *cp = data;
f6422ec6
AJ		 2569 struct hci_cp_write_page_scan_activity acp;
2570 u8 type;
2571 int err;
2572
bdb6d971 2573 BT_DBG("%s", hdev->name);
f6422ec6 2574
5400c044 2575 if (!hdev_is_powered(hdev))
bdb6d971 2576 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
04124681 2577 MGMT_STATUS_NOT_POWERED);
5400c044
JH		 2578
2579 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
bdb6d971 2580 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
04124681 2581 MGMT_STATUS_REJECTED);
f6422ec6
AJ		 2582
2583 hci_dev_lock(hdev);
2584
f7c6869c 2585 if (cp->val) {
f6422ec6 2586 type = PAGE_SCAN_TYPE_INTERLACED;
76ec9de8
AE		 2587
2588 /* 22.5 msec page scan interval */
2589 acp.interval = __constant_cpu_to_le16(0x0024);
f6422ec6
AJ		 2590 } else {
2591 type = PAGE_SCAN_TYPE_STANDARD; /* default */
76ec9de8
AE		 2592
2593 /* default 1.28 sec page scan */
2594 acp.interval = __constant_cpu_to_le16(0x0800);
f6422ec6
AJ		 2595 }
2596
76ec9de8
AE		 2597 /* default 11.25 msec page scan window */
2598 acp.window = __constant_cpu_to_le16(0x0012);
f6422ec6 2599
04124681
GP		 2600 err = hci_send_cmd(hdev, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY, sizeof(acp),
2601 &acp);
f6422ec6 2602 if (err < 0) {
bdb6d971 2603 err = cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
04124681 2604 MGMT_STATUS_FAILED);
f6422ec6
AJ		 2605 goto done;
2606 }
2607
2608 err = hci_send_cmd(hdev, HCI_OP_WRITE_PAGE_SCAN_TYPE, 1, &type);
2609 if (err < 0) {
bdb6d971 2610 err = cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
04124681 2611 MGMT_STATUS_FAILED);
f6422ec6
AJ		 2612 goto done;
2613 }
2614
bdb6d971 2615 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE, 0,
04124681 2616 NULL, 0);
f6422ec6
AJ		 2617done:
2618 hci_dev_unlock(hdev);
f6422ec6
AJ		 2619 return err;
2620}
2621
bdb6d971 2622static int load_long_term_keys(struct sock *sk, struct hci_dev *hdev,
04124681 2623 void *cp_data, u16 len)
346af67b 2624{
346af67b
VCG		 2625 struct mgmt_cp_load_long_term_keys *cp = cp_data;
2626 u16 key_count, expected_len;
2627 int i;
2628
1f350c87 2629 key_count = __le16_to_cpu(cp->key_count);
346af67b
VCG		 2630
2631 expected_len = sizeof(*cp) + key_count *
2632 sizeof(struct mgmt_ltk_info);
2633 if (expected_len != len) {
2634 BT_ERR("load_keys: expected %u bytes, got %u bytes",
2635 len, expected_len);
bdb6d971 2636 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
04124681 2637 EINVAL);
346af67b
VCG		 2638 }
2639
bdb6d971 2640 BT_DBG("%s key_count %u", hdev->name, key_count);
346af67b
VCG		 2641
2642 hci_dev_lock(hdev);
2643
2644 hci_smp_ltks_clear(hdev);
2645
2646 for (i = 0; i < key_count; i++) {
2647 struct mgmt_ltk_info *key = &cp->keys[i];
2648 u8 type;
2649
2650 if (key->master)
2651 type = HCI_SMP_LTK;
2652 else
2653 type = HCI_SMP_LTK_SLAVE;
2654
2655 hci_add_ltk(hdev, &key->addr.bdaddr, key->addr.type,
04124681
GP		 2656 type, 0, key->authenticated, key->val,
2657 key->enc_size, key->ediv, key->rand);
346af67b
VCG		 2658 }
2659
2660 hci_dev_unlock(hdev);
346af67b
VCG		 2661
2662 return 0;
2663}
2664
2e3c35ea 2665static const struct mgmt_handler {
04124681
GP		 2666 int (*func) (struct sock *sk, struct hci_dev *hdev, void *data,
2667 u16 data_len);
be22b54e
JH		 2668 bool var_len;
2669 size_t data_len;
0f4e68cf
JH		 2670} mgmt_handlers[] = {
2671 { NULL }, /* 0x0000 (no command) */
be22b54e
JH		 2672 { read_version, false, MGMT_READ_VERSION_SIZE },
2673 { read_commands, false, MGMT_READ_COMMANDS_SIZE },
2674 { read_index_list, false, MGMT_READ_INDEX_LIST_SIZE },
2675 { read_controller_info, false, MGMT_READ_INFO_SIZE },
2676 { set_powered, false, MGMT_SETTING_SIZE },
2677 { set_discoverable, false, MGMT_SET_DISCOVERABLE_SIZE },
2678 { set_connectable, false, MGMT_SETTING_SIZE },
2679 { set_fast_connectable, false, MGMT_SETTING_SIZE },
2680 { set_pairable, false, MGMT_SETTING_SIZE },
2681 { set_link_security, false, MGMT_SETTING_SIZE },
2682 { set_ssp, false, MGMT_SETTING_SIZE },
2683 { set_hs, false, MGMT_SETTING_SIZE },
2684 { set_le, false, MGMT_SETTING_SIZE },
2685 { set_dev_class, false, MGMT_SET_DEV_CLASS_SIZE },
2686 { set_local_name, false, MGMT_SET_LOCAL_NAME_SIZE },
2687 { add_uuid, false, MGMT_ADD_UUID_SIZE },
2688 { remove_uuid, false, MGMT_REMOVE_UUID_SIZE },
2689 { load_link_keys, true, MGMT_LOAD_LINK_KEYS_SIZE },
2690 { load_long_term_keys, true, MGMT_LOAD_LONG_TERM_KEYS_SIZE },
2691 { disconnect, false, MGMT_DISCONNECT_SIZE },
2692 { get_connections, false, MGMT_GET_CONNECTIONS_SIZE },
2693 { pin_code_reply, false, MGMT_PIN_CODE_REPLY_SIZE },
2694 { pin_code_neg_reply, false, MGMT_PIN_CODE_NEG_REPLY_SIZE },
2695 { set_io_capability, false, MGMT_SET_IO_CAPABILITY_SIZE },
2696 { pair_device, false, MGMT_PAIR_DEVICE_SIZE },
2697 { cancel_pair_device, false, MGMT_CANCEL_PAIR_DEVICE_SIZE },
2698 { unpair_device, false, MGMT_UNPAIR_DEVICE_SIZE },
2699 { user_confirm_reply, false, MGMT_USER_CONFIRM_REPLY_SIZE },
2700 { user_confirm_neg_reply, false, MGMT_USER_CONFIRM_NEG_REPLY_SIZE },
2701 { user_passkey_reply, false, MGMT_USER_PASSKEY_REPLY_SIZE },
2702 { user_passkey_neg_reply, false, MGMT_USER_PASSKEY_NEG_REPLY_SIZE },
2703 { read_local_oob_data, false, MGMT_READ_LOCAL_OOB_DATA_SIZE },
2704 { add_remote_oob_data, false, MGMT_ADD_REMOTE_OOB_DATA_SIZE },
2705 { remove_remote_oob_data, false, MGMT_REMOVE_REMOTE_OOB_DATA_SIZE },
2706 { start_discovery, false, MGMT_START_DISCOVERY_SIZE },
2707 { stop_discovery, false, MGMT_STOP_DISCOVERY_SIZE },
2708 { confirm_name, false, MGMT_CONFIRM_NAME_SIZE },
2709 { block_device, false, MGMT_BLOCK_DEVICE_SIZE },
2710 { unblock_device, false, MGMT_UNBLOCK_DEVICE_SIZE },
cdbaccca 2711 { set_device_id, false, MGMT_SET_DEVICE_ID_SIZE },
0f4e68cf
JH		 2712};
2713
2714
0381101f
JH		 2715int mgmt_control(struct sock *sk, struct msghdr *msg, size_t msglen)
2716{
650f726d
VCG		 2717 void *buf;
2718 u8 *cp;
0381101f 2719 struct mgmt_hdr *hdr;
4e51eae9 2720 u16 opcode, index, len;
bdb6d971 2721 struct hci_dev *hdev = NULL;
2e3c35ea 2722 const struct mgmt_handler *handler;
0381101f
JH		 2723 int err;
2724
2725 BT_DBG("got %zu bytes", msglen);
2726
2727 if (msglen < sizeof(*hdr))
2728 return -EINVAL;
2729
e63a15ec 2730 buf = kmalloc(msglen, GFP_KERNEL);
0381101f
JH		 2731 if (!buf)
2732 return -ENOMEM;
2733
2734 if (memcpy_fromiovec(buf, msg->msg_iov, msglen)) {
2735 err = -EFAULT;
2736 goto done;
2737 }
2738
650f726d 2739 hdr = buf;
1f350c87
MH		 2740 opcode = __le16_to_cpu(hdr->opcode);
2741 index = __le16_to_cpu(hdr->index);
2742 len = __le16_to_cpu(hdr->len);
0381101f
JH		 2743
2744 if (len != msglen - sizeof(*hdr)) {
2745 err = -EINVAL;
2746 goto done;
2747 }
2748
0f4e68cf 2749 if (index != MGMT_INDEX_NONE) {
bdb6d971
JH		 2750 hdev = hci_dev_get(index);
2751 if (!hdev) {
2752 err = cmd_status(sk, index, opcode,
04124681 2753 MGMT_STATUS_INVALID_INDEX);
bdb6d971
JH		 2754 goto done;
2755 }
2756 }
2757
0f4e68cf
JH		 2758 if (opcode >= ARRAY_SIZE(mgmt_handlers) ||
2759 mgmt_handlers[opcode].func == NULL) {
0381101f 2760 BT_DBG("Unknown op %u", opcode);
ca69b795 2761 err = cmd_status(sk, index, opcode,
04124681 2762 MGMT_STATUS_UNKNOWN_COMMAND);
0f4e68cf
JH		 2763 goto done;
2764 }
2765
2766 if ((hdev && opcode < MGMT_OP_READ_INFO) ||
2767 (!hdev && opcode >= MGMT_OP_READ_INFO)) {
2768 err = cmd_status(sk, index, opcode,
04124681 2769 MGMT_STATUS_INVALID_INDEX);
0f4e68cf 2770 goto done;
0381101f
JH		 2771 }
2772
be22b54e
JH		 2773 handler = &mgmt_handlers[opcode];
2774
2775 if ((handler->var_len && len < handler->data_len) ||
2776 (!handler->var_len && len != handler->data_len)) {
2777 err = cmd_status(sk, index, opcode,
04124681 2778 MGMT_STATUS_INVALID_PARAMS);
be22b54e
JH		 2779 goto done;
2780 }
2781
0f4e68cf
JH		 2782 if (hdev)
2783 mgmt_init_hdev(sk, hdev);
2784
2785 cp = buf + sizeof(*hdr);
2786
be22b54e 2787 err = handler->func(sk, hdev, cp, len);
e41d8b4e
JH		 2788 if (err < 0)
2789 goto done;
2790
0381101f
JH		 2791 err = msglen;
2792
2793done:
bdb6d971
JH		 2794 if (hdev)
2795 hci_dev_put(hdev);
2796
0381101f
JH		 2797 kfree(buf);
2798 return err;
2799}
c71e97bf 2800
b24752fe
JH		 2801static void cmd_status_rsp(struct pending_cmd *cmd, void *data)
2802{
2803 u8 *status = data;
2804
2805 cmd_status(cmd->sk, cmd->index, cmd->opcode, *status);
2806 mgmt_pending_remove(cmd);
2807}
2808
744cf19e 2809int mgmt_index_added(struct hci_dev *hdev)
c71e97bf 2810{
744cf19e 2811 return mgmt_event(MGMT_EV_INDEX_ADDED, hdev, NULL, 0, NULL);
c71e97bf
JH		 2812}
2813
744cf19e 2814int mgmt_index_removed(struct hci_dev *hdev)
c71e97bf 2815{
5f159032 2816 u8 status = MGMT_STATUS_INVALID_INDEX;
b24752fe 2817
744cf19e 2818 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status);
b24752fe 2819
744cf19e 2820 return mgmt_event(MGMT_EV_INDEX_REMOVED, hdev, NULL, 0, NULL);
eec8d2bc
JH		 2821}
2822
73f22f62 2823struct cmd_lookup {
eec8d2bc 2824 struct sock *sk;
69ab39ea 2825 struct hci_dev *hdev;
90e70454 2826 u8 mgmt_status;
eec8d2bc
JH		 2827};
2828
69ab39ea 2829static void settings_rsp(struct pending_cmd *cmd, void *data)
eec8d2bc 2830{
73f22f62 2831 struct cmd_lookup *match = data;
eec8d2bc 2832
69ab39ea 2833 send_settings_rsp(cmd->sk, cmd->opcode, match->hdev);
eec8d2bc
JH		 2834
2835 list_del(&cmd->list);
2836
2837 if (match->sk == NULL) {
2838 match->sk = cmd->sk;
2839 sock_hold(match->sk);
2840 }
2841
2842 mgmt_pending_free(cmd);
c71e97bf 2843}
5add6af8 2844
744cf19e 2845int mgmt_powered(struct hci_dev *hdev, u8 powered)
5add6af8 2846{
76a7f3a4 2847 struct cmd_lookup match = { NULL, hdev };
7bb895d6 2848 int err;
5add6af8 2849
5e5282bb
JH		 2850 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
2851 return 0;
2852
69ab39ea 2853 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
5add6af8 2854
5e5282bb
JH		 2855 if (powered) {
2856 u8 scan = 0;
2857
2858 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
2859 scan |= SCAN_PAGE;
2860 if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
2861 scan |= SCAN_INQUIRY;
2862
2863 if (scan)
2864 hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
504c8dcd
JH		 2865
2866 update_class(hdev);
2b4bf397 2867 update_name(hdev, hdev->dev_name);
504c8dcd 2868 update_eir(hdev);
5e5282bb 2869 } else {
d4f68526 2870 u8 status = MGMT_STATUS_NOT_POWERED;
744cf19e 2871 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status);
b24752fe
JH		 2872 }
2873
beadb2bd 2874 err = new_settings(hdev, match.sk);
eec8d2bc
JH		 2875
2876 if (match.sk)
2877 sock_put(match.sk);
2878
7bb895d6 2879 return err;
5add6af8 2880}
73f22f62 2881
744cf19e 2882int mgmt_discoverable(struct hci_dev *hdev, u8 discoverable)
73f22f62 2883{
76a7f3a4 2884 struct cmd_lookup match = { NULL, hdev };
5e5282bb
JH		 2885 bool changed = false;
2886 int err = 0;
73f22f62 2887
5e5282bb
JH		 2888 if (discoverable) {
2889 if (!test_and_set_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
2890 changed = true;
2891 } else {
2892 if (test_and_clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
2893 changed = true;
2894 }
73f22f62 2895
ed9b5f2f 2896 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, hdev, settings_rsp,
04124681 2897 &match);
ed9b5f2f 2898
beadb2bd
JH		 2899 if (changed)
2900 err = new_settings(hdev, match.sk);
5e5282bb 2901
73f22f62
JH		 2902 if (match.sk)
2903 sock_put(match.sk);
2904
7bb895d6 2905 return err;
73f22f62 2906}
9fbcbb45 2907
744cf19e 2908int mgmt_connectable(struct hci_dev *hdev, u8 connectable)
9fbcbb45 2909{
76a7f3a4 2910 struct cmd_lookup match = { NULL, hdev };
5e5282bb
JH		 2911 bool changed = false;
2912 int err = 0;
9fbcbb45 2913
5e5282bb
JH		 2914 if (connectable) {
2915 if (!test_and_set_bit(HCI_CONNECTABLE, &hdev->dev_flags))
2916 changed = true;
2917 } else {
2918 if (test_and_clear_bit(HCI_CONNECTABLE, &hdev->dev_flags))
2919 changed = true;
2920 }
9fbcbb45 2921
ed9b5f2f 2922 mgmt_pending_foreach(MGMT_OP_SET_CONNECTABLE, hdev, settings_rsp,
04124681 2923 &match);
ed9b5f2f 2924
beadb2bd
JH		 2925 if (changed)
2926 err = new_settings(hdev, match.sk);
9fbcbb45
JH		 2927
2928 if (match.sk)
2929 sock_put(match.sk);
2930
7bb895d6 2931 return err;
9fbcbb45 2932}
55ed8ca1 2933
744cf19e 2934int mgmt_write_scan_failed(struct hci_dev *hdev, u8 scan, u8 status)
2d7cee58 2935{
ca69b795
JH		 2936 u8 mgmt_err = mgmt_status(status);
2937
2d7cee58 2938 if (scan & SCAN_PAGE)
744cf19e 2939 mgmt_pending_foreach(MGMT_OP_SET_CONNECTABLE, hdev,
04124681 2940 cmd_status_rsp, &mgmt_err);
2d7cee58
JH		 2941
2942 if (scan & SCAN_INQUIRY)
744cf19e 2943 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, hdev,
04124681 2944 cmd_status_rsp, &mgmt_err);
2d7cee58
JH		 2945
2946 return 0;
2947}
2948
745c0ce3 2949int mgmt_new_link_key(struct hci_dev *hdev, struct link_key *key, bool persistent)
55ed8ca1 2950{
86742e1e 2951 struct mgmt_ev_new_link_key ev;
55ed8ca1 2952
a492cd52 2953 memset(&ev, 0, sizeof(ev));
55ed8ca1 2954
a492cd52 2955 ev.store_hint = persistent;
d753fdc4
JH		 2956 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
2957 ev.key.addr.type = MGMT_ADDR_BREDR;
a492cd52
VCG		 2958 ev.key.type = key->type;
2959 memcpy(ev.key.val, key->val, 16);
2960 ev.key.pin_len = key->pin_len;
55ed8ca1 2961
744cf19e 2962 return mgmt_event(MGMT_EV_NEW_LINK_KEY, hdev, &ev, sizeof(ev), NULL);
55ed8ca1 2963}
f7520543 2964
346af67b
VCG		 2965int mgmt_new_ltk(struct hci_dev *hdev, struct smp_ltk *key, u8 persistent)
2966{
2967 struct mgmt_ev_new_long_term_key ev;
2968
2969 memset(&ev, 0, sizeof(ev));
2970
2971 ev.store_hint = persistent;
2972 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
eb19aaac 2973 ev.key.addr.type = link_to_mgmt(LE_LINK, key->bdaddr_type);
346af67b
VCG		 2974 ev.key.authenticated = key->authenticated;
2975 ev.key.enc_size = key->enc_size;
2976 ev.key.ediv = key->ediv;
2977
2978 if (key->type == HCI_SMP_LTK)
2979 ev.key.master = 1;
2980
2981 memcpy(ev.key.rand, key->rand, sizeof(key->rand));
2982 memcpy(ev.key.val, key->val, sizeof(key->val));
2983
04124681
GP		 2984 return mgmt_event(MGMT_EV_NEW_LONG_TERM_KEY, hdev, &ev, sizeof(ev),
2985 NULL);
346af67b
VCG		 2986}
2987
afc747a6 2988int mgmt_device_connected(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
04124681
GP		 2989 u8 addr_type, u32 flags, u8 *name, u8 name_len,
2990 u8 *dev_class)
f7520543 2991{
b644ba33
JH		 2992 char buf[512];
2993 struct mgmt_ev_device_connected *ev = (void *) buf;
2994 u16 eir_len = 0;
f7520543 2995
b644ba33
JH		 2996 bacpy(&ev->addr.bdaddr, bdaddr);
2997 ev->addr.type = link_to_mgmt(link_type, addr_type);
f7520543 2998
c95f0ba7 2999 ev->flags = __cpu_to_le32(flags);
08c79b61 3000
b644ba33
JH		 3001 if (name_len > 0)
3002 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE,
04124681 3003 name, name_len);
b644ba33
JH		 3004
3005 if (dev_class && memcmp(dev_class, "\0\0\0", 3) != 0)
53156385 3006 eir_len = eir_append_data(ev->eir, eir_len,
04124681 3007 EIR_CLASS_OF_DEV, dev_class, 3);
b644ba33 3008
eb55ef07 3009 ev->eir_len = cpu_to_le16(eir_len);
b644ba33
JH		 3010
3011 return mgmt_event(MGMT_EV_DEVICE_CONNECTED, hdev, buf,
04124681 3012 sizeof(*ev) + eir_len, NULL);
f7520543
JH		 3013}
3014
8962ee74
JH		 3015static void disconnect_rsp(struct pending_cmd *cmd, void *data)
3016{
c68fb7ff 3017 struct mgmt_cp_disconnect *cp = cmd->param;
8962ee74 3018 struct sock **sk = data;
a38528f1 3019 struct mgmt_rp_disconnect rp;
8962ee74 3020
88c3df13
JH		 3021 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
3022 rp.addr.type = cp->addr.type;
8962ee74 3023
aee9b218 3024 cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT, 0, &rp,
04124681 3025 sizeof(rp));
8962ee74
JH		 3026
3027 *sk = cmd->sk;
3028 sock_hold(*sk);
3029
a664b5bc 3030 mgmt_pending_remove(cmd);
8962ee74
JH		 3031}
3032
124f6e35 3033static void unpair_device_rsp(struct pending_cmd *cmd, void *data)
a8a1d19e 3034{
b1078ad0 3035 struct hci_dev *hdev = data;
124f6e35
JH		 3036 struct mgmt_cp_unpair_device *cp = cmd->param;
3037 struct mgmt_rp_unpair_device rp;
a8a1d19e
JH		 3038
3039 memset(&rp, 0, sizeof(rp));
124f6e35
JH		 3040 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
3041 rp.addr.type = cp->addr.type;
a8a1d19e 3042
b1078ad0
JH		 3043 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, cmd->sk);
3044
aee9b218 3045 cmd_complete(cmd->sk, cmd->index, cmd->opcode, 0, &rp, sizeof(rp));
a8a1d19e
JH		 3046
3047 mgmt_pending_remove(cmd);
3048}
3049
afc747a6 3050int mgmt_device_disconnected(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 3051 u8 link_type, u8 addr_type)
f7520543 3052{
4c659c39 3053 struct mgmt_addr_info ev;
8962ee74
JH		 3054 struct sock *sk = NULL;
3055 int err;
3056
744cf19e 3057 mgmt_pending_foreach(MGMT_OP_DISCONNECT, hdev, disconnect_rsp, &sk);
f7520543 3058
f7520543 3059 bacpy(&ev.bdaddr, bdaddr);
48264f06 3060 ev.type = link_to_mgmt(link_type, addr_type);
f7520543 3061
afc747a6 3062 err = mgmt_event(MGMT_EV_DEVICE_DISCONNECTED, hdev, &ev, sizeof(ev),
04124681 3063 sk);
8962ee74
JH		 3064
3065 if (sk)
d97dcb66 3066 sock_put(sk);
8962ee74 3067
124f6e35 3068 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
04124681 3069 hdev);
a8a1d19e 3070
8962ee74
JH		 3071 return err;
3072}
3073
88c3df13 3074int mgmt_disconnect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 3075 u8 link_type, u8 addr_type, u8 status)
8962ee74 3076{
88c3df13 3077 struct mgmt_rp_disconnect rp;
8962ee74
JH		 3078 struct pending_cmd *cmd;
3079 int err;
3080
2e58ef3e 3081 cmd = mgmt_pending_find(MGMT_OP_DISCONNECT, hdev);
8962ee74
JH		 3082 if (!cmd)
3083 return -ENOENT;
3084
88c3df13
JH		 3085 bacpy(&rp.addr.bdaddr, bdaddr);
3086 rp.addr.type = link_to_mgmt(link_type, addr_type);
37d9ef76 3087
88c3df13 3088 err = cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT,
04124681 3089 mgmt_status(status), &rp, sizeof(rp));
8962ee74 3090
a664b5bc 3091 mgmt_pending_remove(cmd);
8962ee74 3092
b1078ad0
JH		 3093 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
3094 hdev);
8962ee74 3095 return err;
f7520543 3096}
17d5c04c 3097
48264f06 3098int mgmt_connect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
04124681 3099 u8 addr_type, u8 status)
17d5c04c
JH		 3100{
3101 struct mgmt_ev_connect_failed ev;
3102
4c659c39 3103 bacpy(&ev.addr.bdaddr, bdaddr);
48264f06 3104 ev.addr.type = link_to_mgmt(link_type, addr_type);
ca69b795 3105 ev.status = mgmt_status(status);
17d5c04c 3106
744cf19e 3107 return mgmt_event(MGMT_EV_CONNECT_FAILED, hdev, &ev, sizeof(ev), NULL);
17d5c04c 3108}
980e1a53 3109
744cf19e 3110int mgmt_pin_code_request(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 secure)
980e1a53
JH		 3111{
3112 struct mgmt_ev_pin_code_request ev;
3113
d8457698
JH		 3114 bacpy(&ev.addr.bdaddr, bdaddr);
3115 ev.addr.type = MGMT_ADDR_BREDR;
a770bb5a 3116 ev.secure = secure;
980e1a53 3117
744cf19e 3118 return mgmt_event(MGMT_EV_PIN_CODE_REQUEST, hdev, &ev, sizeof(ev),
04124681 3119 NULL);
980e1a53
JH		 3120}
3121
744cf19e 3122int mgmt_pin_code_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 3123 u8 status)
980e1a53
JH		 3124{
3125 struct pending_cmd *cmd;
ac56fb13 3126 struct mgmt_rp_pin_code_reply rp;
980e1a53
JH		 3127 int err;
3128
2e58ef3e 3129 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_REPLY, hdev);
980e1a53
JH		 3130 if (!cmd)
3131 return -ENOENT;
3132
d8457698
JH		 3133 bacpy(&rp.addr.bdaddr, bdaddr);
3134 rp.addr.type = MGMT_ADDR_BREDR;
ac56fb13 3135
aee9b218 3136 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
04124681 3137 mgmt_status(status), &rp, sizeof(rp));
980e1a53 3138
a664b5bc 3139 mgmt_pending_remove(cmd);
980e1a53
JH		 3140
3141 return err;
3142}
3143
744cf19e 3144int mgmt_pin_code_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 3145 u8 status)
980e1a53
JH		 3146{
3147 struct pending_cmd *cmd;
ac56fb13 3148 struct mgmt_rp_pin_code_reply rp;
980e1a53
JH		 3149 int err;
3150
2e58ef3e 3151 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_NEG_REPLY, hdev);
980e1a53
JH		 3152 if (!cmd)
3153 return -ENOENT;
3154
d8457698
JH		 3155 bacpy(&rp.addr.bdaddr, bdaddr);
3156 rp.addr.type = MGMT_ADDR_BREDR;
ac56fb13 3157
aee9b218 3158 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_NEG_REPLY,
04124681 3159 mgmt_status(status), &rp, sizeof(rp));
980e1a53 3160
a664b5bc 3161 mgmt_pending_remove(cmd);
980e1a53
JH		 3162
3163 return err;
3164}
a5c29683 3165
744cf19e 3166int mgmt_user_confirm_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681
GP		 3167 u8 link_type, u8 addr_type, __le32 value,
3168 u8 confirm_hint)
a5c29683
JH		 3169{
3170 struct mgmt_ev_user_confirm_request ev;
3171
744cf19e 3172 BT_DBG("%s", hdev->name);
a5c29683 3173
272d90df
JH		 3174 bacpy(&ev.addr.bdaddr, bdaddr);
3175 ev.addr.type = link_to_mgmt(link_type, addr_type);
55bc1a37 3176 ev.confirm_hint = confirm_hint;
78e8098e 3177 ev.value = value;
a5c29683 3178
744cf19e 3179 return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST, hdev, &ev, sizeof(ev),
04124681 3180 NULL);
a5c29683
JH		 3181}
3182
272d90df
JH		 3183int mgmt_user_passkey_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
3184 u8 link_type, u8 addr_type)
604086b7
BG		 3185{
3186 struct mgmt_ev_user_passkey_request ev;
3187
3188 BT_DBG("%s", hdev->name);
3189
272d90df
JH		 3190 bacpy(&ev.addr.bdaddr, bdaddr);
3191 ev.addr.type = link_to_mgmt(link_type, addr_type);
604086b7
BG		 3192
3193 return mgmt_event(MGMT_EV_USER_PASSKEY_REQUEST, hdev, &ev, sizeof(ev),
04124681 3194 NULL);
604086b7
BG		 3195}
3196
0df4c185 3197static int user_pairing_resp_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
272d90df
JH		 3198 u8 link_type, u8 addr_type, u8 status,
3199 u8 opcode)
a5c29683
JH		 3200{
3201 struct pending_cmd *cmd;
3202 struct mgmt_rp_user_confirm_reply rp;
3203 int err;
3204
2e58ef3e 3205 cmd = mgmt_pending_find(opcode, hdev);
a5c29683
JH		 3206 if (!cmd)
3207 return -ENOENT;
3208
272d90df
JH		 3209 bacpy(&rp.addr.bdaddr, bdaddr);
3210 rp.addr.type = link_to_mgmt(link_type, addr_type);
aee9b218 3211 err = cmd_complete(cmd->sk, hdev->id, opcode, mgmt_status(status),
04124681 3212 &rp, sizeof(rp));
a5c29683 3213
a664b5bc 3214 mgmt_pending_remove(cmd);
a5c29683
JH		 3215
3216 return err;
3217}
3218
744cf19e 3219int mgmt_user_confirm_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 3220 u8 link_type, u8 addr_type, u8 status)
a5c29683 3221{
272d90df 3222 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
04124681 3223 status, MGMT_OP_USER_CONFIRM_REPLY);
a5c29683
JH		 3224}
3225
272d90df 3226int mgmt_user_confirm_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 3227 u8 link_type, u8 addr_type, u8 status)
a5c29683 3228{
272d90df 3229 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
04124681 3230 status, MGMT_OP_USER_CONFIRM_NEG_REPLY);
a5c29683 3231}
2a611692 3232
604086b7 3233int mgmt_user_passkey_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 3234 u8 link_type, u8 addr_type, u8 status)
604086b7 3235{
272d90df 3236 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
04124681 3237 status, MGMT_OP_USER_PASSKEY_REPLY);
604086b7
BG		 3238}
3239
272d90df 3240int mgmt_user_passkey_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 3241 u8 link_type, u8 addr_type, u8 status)
604086b7 3242{
272d90df 3243 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
04124681 3244 status, MGMT_OP_USER_PASSKEY_NEG_REPLY);
604086b7
BG		 3245}
3246
bab73cb6 3247int mgmt_auth_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
04124681 3248 u8 addr_type, u8 status)
2a611692
JH		 3249{
3250 struct mgmt_ev_auth_failed ev;
3251
bab73cb6
JH		 3252 bacpy(&ev.addr.bdaddr, bdaddr);
3253 ev.addr.type = link_to_mgmt(link_type, addr_type);
ca69b795 3254 ev.status = mgmt_status(status);
2a611692 3255
744cf19e 3256 return mgmt_event(MGMT_EV_AUTH_FAILED, hdev, &ev, sizeof(ev), NULL);
2a611692 3257}
b312b161 3258
33ef95ed
JH		 3259int mgmt_auth_enable_complete(struct hci_dev *hdev, u8 status)
3260{
3261 struct cmd_lookup match = { NULL, hdev };
47990ea0
JH		 3262 bool changed = false;
3263 int err = 0;
33ef95ed
JH		 3264
3265 if (status) {
3266 u8 mgmt_err = mgmt_status(status);
3267 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev,
04124681 3268 cmd_status_rsp, &mgmt_err);
33ef95ed
JH		 3269 return 0;
3270 }
3271
47990ea0
JH		 3272 if (test_bit(HCI_AUTH, &hdev->flags)) {
3273 if (!test_and_set_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
3274 changed = true;
3275 } else {
3276 if (test_and_clear_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
3277 changed = true;
3278 }
3279
33ef95ed 3280 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev, settings_rsp,
04124681 3281 &match);
33ef95ed 3282
47990ea0
JH		 3283 if (changed)
3284 err = new_settings(hdev, match.sk);
33ef95ed
JH		 3285
3286 if (match.sk)
3287 sock_put(match.sk);
3288
3289 return err;
3290}
3291
cacaf52f
JH		 3292static int clear_eir(struct hci_dev *hdev)
3293{
3294 struct hci_cp_write_eir cp;
3295
3296 if (!(hdev->features[6] & LMP_EXT_INQ))
3297 return 0;
3298
c80da27e
JH		 3299 memset(hdev->eir, 0, sizeof(hdev->eir));
3300
cacaf52f
JH		 3301 memset(&cp, 0, sizeof(cp));
3302
3303 return hci_send_cmd(hdev, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
3304}
3305
c0ecddc2 3306int mgmt_ssp_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
ed2c4ee3
JH		 3307{
3308 struct cmd_lookup match = { NULL, hdev };
c0ecddc2
JH		 3309 bool changed = false;
3310 int err = 0;
ed2c4ee3
JH		 3311
3312 if (status) {
3313 u8 mgmt_err = mgmt_status(status);
c0ecddc2
JH		 3314
3315 if (enable && test_and_clear_bit(HCI_SSP_ENABLED,
04124681 3316 &hdev->dev_flags))
c0ecddc2
JH		 3317 err = new_settings(hdev, NULL);
3318
04124681
GP		 3319 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, cmd_status_rsp,
3320 &mgmt_err);
c0ecddc2
JH		 3321
3322 return err;
3323 }
3324
3325 if (enable) {
3326 if (!test_and_set_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
3327 changed = true;
3328 } else {
3329 if (test_and_clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
3330 changed = true;
ed2c4ee3
JH		 3331 }
3332
3333 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, settings_rsp, &match);
3334
c0ecddc2
JH		 3335 if (changed)
3336 err = new_settings(hdev, match.sk);
ed2c4ee3 3337
5fc6ebb1 3338 if (match.sk)
ed2c4ee3
JH		 3339 sock_put(match.sk);
3340
5fc6ebb1
JH		 3341 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
3342 update_eir(hdev);
3343 else
3344 clear_eir(hdev);
cacaf52f 3345
ed2c4ee3
JH		 3346 return err;
3347}
3348
90e70454
JH		 3349static void class_rsp(struct pending_cmd *cmd, void *data)
3350{
3351 struct cmd_lookup *match = data;
3352
3353 cmd_complete(cmd->sk, cmd->index, cmd->opcode, match->mgmt_status,
04124681 3354 match->hdev->dev_class, 3);
90e70454
JH		 3355
3356 list_del(&cmd->list);
3357
3358 if (match->sk == NULL) {
3359 match->sk = cmd->sk;
3360 sock_hold(match->sk);
3361 }
3362
3363 mgmt_pending_free(cmd);
3364}
3365
7f9a903c 3366int mgmt_set_class_of_dev_complete(struct hci_dev *hdev, u8 *dev_class,
04124681 3367 u8 status)
7f9a903c 3368{
90e70454
JH		 3369 struct cmd_lookup match = { NULL, hdev, mgmt_status(status) };
3370 int err = 0;
7f9a903c 3371
c95f0ba7
JH		 3372 clear_bit(HCI_PENDING_CLASS, &hdev->dev_flags);
3373
90e70454
JH		 3374 mgmt_pending_foreach(MGMT_OP_SET_DEV_CLASS, hdev, class_rsp, &match);
3375 mgmt_pending_foreach(MGMT_OP_ADD_UUID, hdev, class_rsp, &match);
3376 mgmt_pending_foreach(MGMT_OP_REMOVE_UUID, hdev, class_rsp, &match);
3377
3378 if (!status)
04124681
GP		 3379 err = mgmt_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev, dev_class,
3380 3, NULL);
90e70454
JH		 3381
3382 if (match.sk)
3383 sock_put(match.sk);
7f9a903c
MH		 3384
3385 return err;
3386}
3387
744cf19e 3388int mgmt_set_local_name_complete(struct hci_dev *hdev, u8 *name, u8 status)
b312b161
JH		 3389{
3390 struct pending_cmd *cmd;
3391 struct mgmt_cp_set_local_name ev;
28cc7bde
JH		 3392 bool changed = false;
3393 int err = 0;
3394
3395 if (memcmp(name, hdev->dev_name, sizeof(hdev->dev_name)) != 0) {
3396 memcpy(hdev->dev_name, name, sizeof(hdev->dev_name));
3397 changed = true;
3398 }
b312b161
JH		 3399
3400 memset(&ev, 0, sizeof(ev));
3401 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH);
28cc7bde 3402 memcpy(ev.short_name, hdev->short_name, HCI_MAX_SHORT_NAME_LENGTH);
b312b161 3403
2e58ef3e 3404 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
b312b161
JH		 3405 if (!cmd)
3406 goto send_event;
3407
7bdaae4a
JH		 3408 /* Always assume that either the short or the complete name has
3409 * changed if there was a pending mgmt command */
3410 changed = true;
3411
b312b161 3412 if (status) {
744cf19e 3413 err = cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME,
04124681 3414 mgmt_status(status));
b312b161
JH		 3415 goto failed;
3416 }
3417
aee9b218 3418 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0, &ev,
04124681 3419 sizeof(ev));
b312b161
JH		 3420 if (err < 0)
3421 goto failed;
3422
3423send_event:
28cc7bde
JH		 3424 if (changed)
3425 err = mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, &ev,
04124681 3426 sizeof(ev), cmd ? cmd->sk : NULL);
28cc7bde 3427
f51d5b24 3428 update_eir(hdev);
b312b161
JH		 3429
3430failed:
3431 if (cmd)
3432 mgmt_pending_remove(cmd);
3433 return err;
3434}
c35938b2 3435
744cf19e 3436int mgmt_read_local_oob_data_reply_complete(struct hci_dev *hdev, u8 *hash,
04124681 3437 u8 *randomizer, u8 status)
c35938b2
SJ		 3438{
3439 struct pending_cmd *cmd;
3440 int err;
3441
744cf19e 3442 BT_DBG("%s status %u", hdev->name, status);
c35938b2 3443
2e58ef3e 3444 cmd = mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev);
c35938b2
SJ		 3445 if (!cmd)
3446 return -ENOENT;
3447
3448 if (status) {
04124681
GP		 3449 err = cmd_status(cmd->sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3450 mgmt_status(status));
c35938b2
SJ		 3451 } else {
3452 struct mgmt_rp_read_local_oob_data rp;
3453
3454 memcpy(rp.hash, hash, sizeof(rp.hash));
3455 memcpy(rp.randomizer, randomizer, sizeof(rp.randomizer));
3456
744cf19e 3457 err = cmd_complete(cmd->sk, hdev->id,
04124681
GP		 3458 MGMT_OP_READ_LOCAL_OOB_DATA, 0, &rp,
3459 sizeof(rp));
c35938b2
SJ		 3460 }
3461
3462 mgmt_pending_remove(cmd);
3463
3464 return err;
3465}
e17acd40 3466
06199cf8
JH		 3467int mgmt_le_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
3468{
3469 struct cmd_lookup match = { NULL, hdev };
3470 bool changed = false;
3471 int err = 0;
3472
3473 if (status) {
3474 u8 mgmt_err = mgmt_status(status);
3475
3476 if (enable && test_and_clear_bit(HCI_LE_ENABLED,
04124681 3477 &hdev->dev_flags))
d97dcb66 3478 err = new_settings(hdev, NULL);
06199cf8 3479
d97dcb66
SJ		 3480 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, cmd_status_rsp,
3481 &mgmt_err);
06199cf8
JH		 3482
3483 return err;
3484 }
3485
3486 if (enable) {
3487 if (!test_and_set_bit(HCI_LE_ENABLED, &hdev->dev_flags))
3488 changed = true;
3489 } else {
3490 if (test_and_clear_bit(HCI_LE_ENABLED, &hdev->dev_flags))
3491 changed = true;
3492 }
3493
3494 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, settings_rsp, &match);
3495
3496 if (changed)
3497 err = new_settings(hdev, match.sk);
3498
3499 if (match.sk)
3500 sock_put(match.sk);
3501
3502 return err;
3503}
3504
48264f06 3505int mgmt_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
04124681
GP		 3506 u8 addr_type, u8 *dev_class, s8 rssi, u8 cfm_name, u8
3507 ssp, u8 *eir, u16 eir_len)
e17acd40 3508{
e319d2e7
JH		 3509 char buf[512];
3510 struct mgmt_ev_device_found *ev = (void *) buf;
1dc06093 3511 size_t ev_size;
e17acd40 3512
1dc06093
JH		 3513 /* Leave 5 bytes for a potential CoD field */
3514 if (sizeof(*ev) + eir_len + 5 > sizeof(buf))
7d262f86
AG		 3515 return -EINVAL;
3516
1dc06093
JH		 3517 memset(buf, 0, sizeof(buf));
3518
e319d2e7
JH		 3519 bacpy(&ev->addr.bdaddr, bdaddr);
3520 ev->addr.type = link_to_mgmt(link_type, addr_type);
3521 ev->rssi = rssi;
9a395a80
JH		 3522 if (cfm_name)
3523 ev->flags[0] |= MGMT_DEV_FOUND_CONFIRM_NAME;
388fc8fa
JH		 3524 if (!ssp)
3525 ev->flags[0] |= MGMT_DEV_FOUND_LEGACY_PAIRING;
e17acd40 3526
1dc06093 3527 if (eir_len > 0)
e319d2e7 3528 memcpy(ev->eir, eir, eir_len);
e17acd40 3529
1dc06093
JH		 3530 if (dev_class && !eir_has_data_type(ev->eir, eir_len, EIR_CLASS_OF_DEV))
3531 eir_len = eir_append_data(ev->eir, eir_len, EIR_CLASS_OF_DEV,
04124681 3532 dev_class, 3);
1dc06093 3533
eb55ef07 3534 ev->eir_len = cpu_to_le16(eir_len);
1dc06093
JH		 3535
3536 ev_size = sizeof(*ev) + eir_len;
f8523598 3537
e319d2e7 3538 return mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, ev_size, NULL);
e17acd40 3539}
a88a9652 3540
b644ba33 3541int mgmt_remote_name(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
04124681 3542 u8 addr_type, s8 rssi, u8 *name, u8 name_len)
a88a9652 3543{
b644ba33
JH		 3544 struct mgmt_ev_device_found *ev;
3545 char buf[sizeof(*ev) + HCI_MAX_NAME_LENGTH + 2];
3546 u16 eir_len;
a88a9652 3547
b644ba33 3548 ev = (struct mgmt_ev_device_found *) buf;
a88a9652 3549
b644ba33
JH		 3550 memset(buf, 0, sizeof(buf));
3551
3552 bacpy(&ev->addr.bdaddr, bdaddr);
3553 ev->addr.type = link_to_mgmt(link_type, addr_type);
3554 ev->rssi = rssi;
3555
3556 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE, name,
04124681 3557 name_len);
b644ba33 3558
eb55ef07 3559 ev->eir_len = cpu_to_le16(eir_len);
a88a9652 3560
053c7e0c 3561 return mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev,
04124681 3562 sizeof(*ev) + eir_len, NULL);
a88a9652 3563}
314b2381 3564
7a135109 3565int mgmt_start_discovery_failed(struct hci_dev *hdev, u8 status)
164a6e78
JH		 3566{
3567 struct pending_cmd *cmd;
f808e166 3568 u8 type;
164a6e78
JH		 3569 int err;
3570
203159d4
AG		 3571 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
3572
2e58ef3e 3573 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
164a6e78
JH		 3574 if (!cmd)
3575 return -ENOENT;
3576
f808e166
JH		 3577 type = hdev->discovery.type;
3578
3579 err = cmd_complete(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status),
04124681 3580 &type, sizeof(type));
164a6e78
JH		 3581 mgmt_pending_remove(cmd);
3582
3583 return err;
3584}
3585
e6d465cb
AG		 3586int mgmt_stop_discovery_failed(struct hci_dev *hdev, u8 status)
3587{
3588 struct pending_cmd *cmd;
3589 int err;
3590
3591 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
3592 if (!cmd)
3593 return -ENOENT;
3594
d930650b 3595 err = cmd_complete(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status),
04124681 3596 &hdev->discovery.type, sizeof(hdev->discovery.type));
164a6e78
JH		 3597 mgmt_pending_remove(cmd);
3598
3599 return err;
3600}
3601
744cf19e 3602int mgmt_discovering(struct hci_dev *hdev, u8 discovering)
314b2381 3603{
f963e8e9 3604 struct mgmt_ev_discovering ev;
164a6e78
JH		 3605 struct pending_cmd *cmd;
3606
343fb145
AG		 3607 BT_DBG("%s discovering %u", hdev->name, discovering);
3608
164a6e78 3609 if (discovering)
2e58ef3e 3610 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
164a6e78 3611 else
2e58ef3e 3612 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
164a6e78
JH		 3613
3614 if (cmd != NULL) {
f808e166
JH		 3615 u8 type = hdev->discovery.type;
3616
04124681
GP		 3617 cmd_complete(cmd->sk, hdev->id, cmd->opcode, 0, &type,
3618 sizeof(type));
164a6e78
JH		 3619 mgmt_pending_remove(cmd);
3620 }
3621
f963e8e9
JH		 3622 memset(&ev, 0, sizeof(ev));
3623 ev.type = hdev->discovery.type;
3624 ev.discovering = discovering;
3625
3626 return mgmt_event(MGMT_EV_DISCOVERING, hdev, &ev, sizeof(ev), NULL);
314b2381 3627}
5e762444 3628
88c1fe4b 3629int mgmt_device_blocked(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
5e762444
AJ		 3630{
3631 struct pending_cmd *cmd;
3632 struct mgmt_ev_device_blocked ev;
3633
2e58ef3e 3634 cmd = mgmt_pending_find(MGMT_OP_BLOCK_DEVICE, hdev);
5e762444 3635
88c1fe4b
JH		 3636 bacpy(&ev.addr.bdaddr, bdaddr);
3637 ev.addr.type = type;
5e762444 3638
744cf19e 3639 return mgmt_event(MGMT_EV_DEVICE_BLOCKED, hdev, &ev, sizeof(ev),
04124681 3640 cmd ? cmd->sk : NULL);
5e762444
AJ		 3641}
3642
88c1fe4b 3643int mgmt_device_unblocked(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
5e762444
AJ		 3644{
3645 struct pending_cmd *cmd;
3646 struct mgmt_ev_device_unblocked ev;
3647
2e58ef3e 3648 cmd = mgmt_pending_find(MGMT_OP_UNBLOCK_DEVICE, hdev);
5e762444 3649
88c1fe4b
JH		 3650 bacpy(&ev.addr.bdaddr, bdaddr);
3651 ev.addr.type = type;
5e762444 3652
744cf19e 3653 return mgmt_event(MGMT_EV_DEVICE_UNBLOCKED, hdev, &ev, sizeof(ev),
04124681 3654 cmd ? cmd->sk : NULL);
5e762444 3655}
d7b7e796
MH		 3656
3657module_param(enable_hs, bool, 0644);
3658MODULE_PARM_DESC(enable_hs, "Enable High Speed support");
3659
3660module_param(enable_le, bool, 0644);
3661MODULE_PARM_DESC(enable_le, "Enable Low Energy support");
Ubuntu Artful kernel mirror