]> git.proxmox.com Git - mirror_ubuntu-zesty-kernel.git/blame - net/bluetooth/mgmt.c
projects / mirror_ubuntu-zesty-kernel.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Bluetooth: Allow setting static address even if LE is disabled
[mirror_ubuntu-zesty-kernel.git] / net / bluetooth / mgmt.c
CommitLineData
0381101f
JH		 1/*
2 BlueZ - Bluetooth protocol stack for Linux
ea585ab5 3
0381101f 4 Copyright (C) 2010 Nokia Corporation
ea585ab5 5 Copyright (C) 2011-2012 Intel Corporation
0381101f
JH		 6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
10
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
23*/
24
25/* Bluetooth HCI Management interface */
26
3a9a231d 27#include <linux/module.h>
0381101f
JH		 28#include <asm/unaligned.h>
29
30#include <net/bluetooth/bluetooth.h>
31#include <net/bluetooth/hci_core.h>
32#include <net/bluetooth/mgmt.h>
5fe57d9e 33#include <net/bluetooth/smp.h>
0381101f 34
2da9c55c 35#define MGMT_VERSION 1
9ab8cf37 36#define MGMT_REVISION 4
02d98129 37
e70bb2e8
JH		 38static const u16 mgmt_commands[] = {
39 MGMT_OP_READ_INDEX_LIST,
40 MGMT_OP_READ_INFO,
41 MGMT_OP_SET_POWERED,
42 MGMT_OP_SET_DISCOVERABLE,
43 MGMT_OP_SET_CONNECTABLE,
44 MGMT_OP_SET_FAST_CONNECTABLE,
45 MGMT_OP_SET_PAIRABLE,
46 MGMT_OP_SET_LINK_SECURITY,
47 MGMT_OP_SET_SSP,
48 MGMT_OP_SET_HS,
49 MGMT_OP_SET_LE,
50 MGMT_OP_SET_DEV_CLASS,
51 MGMT_OP_SET_LOCAL_NAME,
52 MGMT_OP_ADD_UUID,
53 MGMT_OP_REMOVE_UUID,
54 MGMT_OP_LOAD_LINK_KEYS,
55 MGMT_OP_LOAD_LONG_TERM_KEYS,
56 MGMT_OP_DISCONNECT,
57 MGMT_OP_GET_CONNECTIONS,
58 MGMT_OP_PIN_CODE_REPLY,
59 MGMT_OP_PIN_CODE_NEG_REPLY,
60 MGMT_OP_SET_IO_CAPABILITY,
61 MGMT_OP_PAIR_DEVICE,
62 MGMT_OP_CANCEL_PAIR_DEVICE,
63 MGMT_OP_UNPAIR_DEVICE,
64 MGMT_OP_USER_CONFIRM_REPLY,
65 MGMT_OP_USER_CONFIRM_NEG_REPLY,
66 MGMT_OP_USER_PASSKEY_REPLY,
67 MGMT_OP_USER_PASSKEY_NEG_REPLY,
68 MGMT_OP_READ_LOCAL_OOB_DATA,
69 MGMT_OP_ADD_REMOTE_OOB_DATA,
70 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
71 MGMT_OP_START_DISCOVERY,
72 MGMT_OP_STOP_DISCOVERY,
73 MGMT_OP_CONFIRM_NAME,
74 MGMT_OP_BLOCK_DEVICE,
75 MGMT_OP_UNBLOCK_DEVICE,
cdbaccca 76 MGMT_OP_SET_DEVICE_ID,
4375f103 77 MGMT_OP_SET_ADVERTISING,
0663ca2a 78 MGMT_OP_SET_BREDR,
d13eafce 79 MGMT_OP_SET_STATIC_ADDRESS,
e70bb2e8
JH		 80};
81
82static const u16 mgmt_events[] = {
83 MGMT_EV_CONTROLLER_ERROR,
84 MGMT_EV_INDEX_ADDED,
85 MGMT_EV_INDEX_REMOVED,
86 MGMT_EV_NEW_SETTINGS,
87 MGMT_EV_CLASS_OF_DEV_CHANGED,
88 MGMT_EV_LOCAL_NAME_CHANGED,
89 MGMT_EV_NEW_LINK_KEY,
90 MGMT_EV_NEW_LONG_TERM_KEY,
91 MGMT_EV_DEVICE_CONNECTED,
92 MGMT_EV_DEVICE_DISCONNECTED,
93 MGMT_EV_CONNECT_FAILED,
94 MGMT_EV_PIN_CODE_REQUEST,
95 MGMT_EV_USER_CONFIRM_REQUEST,
96 MGMT_EV_USER_PASSKEY_REQUEST,
97 MGMT_EV_AUTH_FAILED,
98 MGMT_EV_DEVICE_FOUND,
99 MGMT_EV_DISCOVERING,
100 MGMT_EV_DEVICE_BLOCKED,
101 MGMT_EV_DEVICE_UNBLOCKED,
102 MGMT_EV_DEVICE_UNPAIRED,
92a25256 103 MGMT_EV_PASSKEY_NOTIFY,
e70bb2e8
JH		 104};
105
17b02e62 106#define CACHE_TIMEOUT msecs_to_jiffies(2 * 1000)
7d78525d 107
4b34ee78
JH		 108#define hdev_is_powered(hdev) (test_bit(HCI_UP, &hdev->flags) && \
109 !test_bit(HCI_AUTO_OFF, &hdev->dev_flags))
110
eec8d2bc
JH		 111struct pending_cmd {
112 struct list_head list;
fc2f4b13 113 u16 opcode;
eec8d2bc 114 int index;
c68fb7ff 115 void *param;
eec8d2bc 116 struct sock *sk;
e9a416b5 117 void *user_data;
eec8d2bc
JH		 118};
119
ca69b795
JH		 120/* HCI to MGMT error code conversion table */
121static u8 mgmt_status_table[] = {
122 MGMT_STATUS_SUCCESS,
123 MGMT_STATUS_UNKNOWN_COMMAND, /* Unknown Command */
124 MGMT_STATUS_NOT_CONNECTED, /* No Connection */
125 MGMT_STATUS_FAILED, /* Hardware Failure */
126 MGMT_STATUS_CONNECT_FAILED, /* Page Timeout */
127 MGMT_STATUS_AUTH_FAILED, /* Authentication Failed */
128 MGMT_STATUS_NOT_PAIRED, /* PIN or Key Missing */
129 MGMT_STATUS_NO_RESOURCES, /* Memory Full */
130 MGMT_STATUS_TIMEOUT, /* Connection Timeout */
131 MGMT_STATUS_NO_RESOURCES, /* Max Number of Connections */
132 MGMT_STATUS_NO_RESOURCES, /* Max Number of SCO Connections */
133 MGMT_STATUS_ALREADY_CONNECTED, /* ACL Connection Exists */
134 MGMT_STATUS_BUSY, /* Command Disallowed */
135 MGMT_STATUS_NO_RESOURCES, /* Rejected Limited Resources */
136 MGMT_STATUS_REJECTED, /* Rejected Security */
137 MGMT_STATUS_REJECTED, /* Rejected Personal */
138 MGMT_STATUS_TIMEOUT, /* Host Timeout */
139 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Feature */
140 MGMT_STATUS_INVALID_PARAMS, /* Invalid Parameters */
141 MGMT_STATUS_DISCONNECTED, /* OE User Ended Connection */
142 MGMT_STATUS_NO_RESOURCES, /* OE Low Resources */
143 MGMT_STATUS_DISCONNECTED, /* OE Power Off */
144 MGMT_STATUS_DISCONNECTED, /* Connection Terminated */
145 MGMT_STATUS_BUSY, /* Repeated Attempts */
146 MGMT_STATUS_REJECTED, /* Pairing Not Allowed */
147 MGMT_STATUS_FAILED, /* Unknown LMP PDU */
148 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Remote Feature */
149 MGMT_STATUS_REJECTED, /* SCO Offset Rejected */
150 MGMT_STATUS_REJECTED, /* SCO Interval Rejected */
151 MGMT_STATUS_REJECTED, /* Air Mode Rejected */
152 MGMT_STATUS_INVALID_PARAMS, /* Invalid LMP Parameters */
153 MGMT_STATUS_FAILED, /* Unspecified Error */
154 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported LMP Parameter Value */
155 MGMT_STATUS_FAILED, /* Role Change Not Allowed */
156 MGMT_STATUS_TIMEOUT, /* LMP Response Timeout */
157 MGMT_STATUS_FAILED, /* LMP Error Transaction Collision */
158 MGMT_STATUS_FAILED, /* LMP PDU Not Allowed */
159 MGMT_STATUS_REJECTED, /* Encryption Mode Not Accepted */
160 MGMT_STATUS_FAILED, /* Unit Link Key Used */
161 MGMT_STATUS_NOT_SUPPORTED, /* QoS Not Supported */
162 MGMT_STATUS_TIMEOUT, /* Instant Passed */
163 MGMT_STATUS_NOT_SUPPORTED, /* Pairing Not Supported */
164 MGMT_STATUS_FAILED, /* Transaction Collision */
165 MGMT_STATUS_INVALID_PARAMS, /* Unacceptable Parameter */
166 MGMT_STATUS_REJECTED, /* QoS Rejected */
167 MGMT_STATUS_NOT_SUPPORTED, /* Classification Not Supported */
168 MGMT_STATUS_REJECTED, /* Insufficient Security */
169 MGMT_STATUS_INVALID_PARAMS, /* Parameter Out Of Range */
170 MGMT_STATUS_BUSY, /* Role Switch Pending */
171 MGMT_STATUS_FAILED, /* Slot Violation */
172 MGMT_STATUS_FAILED, /* Role Switch Failed */
173 MGMT_STATUS_INVALID_PARAMS, /* EIR Too Large */
174 MGMT_STATUS_NOT_SUPPORTED, /* Simple Pairing Not Supported */
175 MGMT_STATUS_BUSY, /* Host Busy Pairing */
176 MGMT_STATUS_REJECTED, /* Rejected, No Suitable Channel */
177 MGMT_STATUS_BUSY, /* Controller Busy */
178 MGMT_STATUS_INVALID_PARAMS, /* Unsuitable Connection Interval */
179 MGMT_STATUS_TIMEOUT, /* Directed Advertising Timeout */
180 MGMT_STATUS_AUTH_FAILED, /* Terminated Due to MIC Failure */
181 MGMT_STATUS_CONNECT_FAILED, /* Connection Establishment Failed */
182 MGMT_STATUS_CONNECT_FAILED, /* MAC Connection Failed */
183};
184
bb4b2a9a
AE		 185bool mgmt_valid_hdev(struct hci_dev *hdev)
186{
187 return hdev->dev_type == HCI_BREDR;
188}
189
ca69b795
JH		 190static u8 mgmt_status(u8 hci_status)
191{
192 if (hci_status < ARRAY_SIZE(mgmt_status_table))
193 return mgmt_status_table[hci_status];
194
195 return MGMT_STATUS_FAILED;
196}
197
4e51eae9 198static int cmd_status(struct sock *sk, u16 index, u16 cmd, u8 status)
f7b64e69
JH		 199{
200 struct sk_buff *skb;
201 struct mgmt_hdr *hdr;
202 struct mgmt_ev_cmd_status *ev;
56b7d137 203 int err;
f7b64e69 204
34eb525c 205 BT_DBG("sock %p, index %u, cmd %u, status %u", sk, index, cmd, status);
f7b64e69 206
790eff44 207 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev), GFP_KERNEL);
f7b64e69
JH		 208 if (!skb)
209 return -ENOMEM;
210
211 hdr = (void *) skb_put(skb, sizeof(*hdr));
212
612dfce9 213 hdr->opcode = __constant_cpu_to_le16(MGMT_EV_CMD_STATUS);
4e51eae9 214 hdr->index = cpu_to_le16(index);
f7b64e69
JH		 215 hdr->len = cpu_to_le16(sizeof(*ev));
216
217 ev = (void *) skb_put(skb, sizeof(*ev));
218 ev->status = status;
eb55ef07 219 ev->opcode = cpu_to_le16(cmd);
f7b64e69 220
56b7d137
GP		 221 err = sock_queue_rcv_skb(sk, skb);
222 if (err < 0)
f7b64e69
JH		 223 kfree_skb(skb);
224
56b7d137 225 return err;
f7b64e69
JH		 226}
227
aee9b218 228static int cmd_complete(struct sock *sk, u16 index, u16 cmd, u8 status,
04124681 229 void *rp, size_t rp_len)
02d98129
JH		 230{
231 struct sk_buff *skb;
232 struct mgmt_hdr *hdr;
233 struct mgmt_ev_cmd_complete *ev;
56b7d137 234 int err;
02d98129
JH		 235
236 BT_DBG("sock %p", sk);
237
790eff44 238 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev) + rp_len, GFP_KERNEL);
02d98129
JH		 239 if (!skb)
240 return -ENOMEM;
241
242 hdr = (void *) skb_put(skb, sizeof(*hdr));
02d98129 243
612dfce9 244 hdr->opcode = __constant_cpu_to_le16(MGMT_EV_CMD_COMPLETE);
4e51eae9 245 hdr->index = cpu_to_le16(index);
a38528f1 246 hdr->len = cpu_to_le16(sizeof(*ev) + rp_len);
02d98129 247
a38528f1 248 ev = (void *) skb_put(skb, sizeof(*ev) + rp_len);
eb55ef07 249 ev->opcode = cpu_to_le16(cmd);
aee9b218 250 ev->status = status;
8020c16a
SJ		 251
252 if (rp)
253 memcpy(ev->data, rp, rp_len);
02d98129 254
56b7d137
GP		 255 err = sock_queue_rcv_skb(sk, skb);
256 if (err < 0)
02d98129
JH		 257 kfree_skb(skb);
258
e5f0e151 259 return err;
02d98129
JH		 260}
261
04124681
GP		 262static int read_version(struct sock *sk, struct hci_dev *hdev, void *data,
263 u16 data_len)
a38528f1
JH		 264{
265 struct mgmt_rp_read_version rp;
266
267 BT_DBG("sock %p", sk);
268
269 rp.version = MGMT_VERSION;
eb55ef07 270 rp.revision = __constant_cpu_to_le16(MGMT_REVISION);
a38528f1 271
aee9b218 272 return cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_VERSION, 0, &rp,
04124681 273 sizeof(rp));
a38528f1
JH		 274}
275
04124681
GP		 276static int read_commands(struct sock *sk, struct hci_dev *hdev, void *data,
277 u16 data_len)
e70bb2e8
JH		 278{
279 struct mgmt_rp_read_commands *rp;
eb55ef07
MH		 280 const u16 num_commands = ARRAY_SIZE(mgmt_commands);
281 const u16 num_events = ARRAY_SIZE(mgmt_events);
2e3c35ea 282 __le16 *opcode;
e70bb2e8
JH		 283 size_t rp_size;
284 int i, err;
285
286 BT_DBG("sock %p", sk);
287
288 rp_size = sizeof(*rp) + ((num_commands + num_events) * sizeof(u16));
289
290 rp = kmalloc(rp_size, GFP_KERNEL);
291 if (!rp)
292 return -ENOMEM;
293
eb55ef07
MH		 294 rp->num_commands = __constant_cpu_to_le16(num_commands);
295 rp->num_events = __constant_cpu_to_le16(num_events);
e70bb2e8
JH		 296
297 for (i = 0, opcode = rp->opcodes; i < num_commands; i++, opcode++)
298 put_unaligned_le16(mgmt_commands[i], opcode);
299
300 for (i = 0; i < num_events; i++, opcode++)
301 put_unaligned_le16(mgmt_events[i], opcode);
302
aee9b218 303 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_COMMANDS, 0, rp,
04124681 304 rp_size);
e70bb2e8
JH		 305 kfree(rp);
306
307 return err;
308}
309
04124681
GP		 310static int read_index_list(struct sock *sk, struct hci_dev *hdev, void *data,
311 u16 data_len)
faba42eb 312{
faba42eb 313 struct mgmt_rp_read_index_list *rp;
8035ded4 314 struct hci_dev *d;
a38528f1 315 size_t rp_len;
faba42eb 316 u16 count;
476e44cb 317 int err;
faba42eb
JH		 318
319 BT_DBG("sock %p", sk);
320
321 read_lock(&hci_dev_list_lock);
322
323 count = 0;
bb4b2a9a
AE		 324 list_for_each_entry(d, &hci_dev_list, list) {
325 if (!mgmt_valid_hdev(d))
326 continue;
327
faba42eb
JH		 328 count++;
329 }
330
a38528f1
JH		 331 rp_len = sizeof(*rp) + (2 * count);
332 rp = kmalloc(rp_len, GFP_ATOMIC);
333 if (!rp) {
b2c60d42 334 read_unlock(&hci_dev_list_lock);
faba42eb 335 return -ENOMEM;
b2c60d42 336 }
faba42eb 337
476e44cb 338 count = 0;
8035ded4 339 list_for_each_entry(d, &hci_dev_list, list) {
a8b2d5c2 340 if (test_bit(HCI_SETUP, &d->dev_flags))
ab81cbf9
JH		 341 continue;
342
0736cfa8
MH		 343 if (test_bit(HCI_USER_CHANNEL, &d->dev_flags))
344 continue;
345
bb4b2a9a
AE		 346 if (!mgmt_valid_hdev(d))
347 continue;
348
476e44cb 349 rp->index[count++] = cpu_to_le16(d->id);
faba42eb
JH		 350 BT_DBG("Added hci%u", d->id);
351 }
352
476e44cb
JH		 353 rp->num_controllers = cpu_to_le16(count);
354 rp_len = sizeof(*rp) + (2 * count);
355
faba42eb
JH		 356 read_unlock(&hci_dev_list_lock);
357
aee9b218 358 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_INDEX_LIST, 0, rp,
04124681 359 rp_len);
faba42eb 360
a38528f1
JH		 361 kfree(rp);
362
363 return err;
faba42eb
JH		 364}
365
69ab39ea
JH		 366static u32 get_supported_settings(struct hci_dev *hdev)
367{
368 u32 settings = 0;
369
370 settings |= MGMT_SETTING_POWERED;
69ab39ea
JH		 371 settings |= MGMT_SETTING_PAIRABLE;
372
9a1a1996 373 if (lmp_ssp_capable(hdev))
69ab39ea
JH		 374 settings |= MGMT_SETTING_SSP;
375
ed3fa31f 376 if (lmp_bredr_capable(hdev)) {
33c525c0 377 settings |= MGMT_SETTING_CONNECTABLE;
1a47aee8
JH		 378 if (hdev->hci_ver >= BLUETOOTH_VER_1_2)
379 settings |= MGMT_SETTING_FAST_CONNECTABLE;
33c525c0 380 settings |= MGMT_SETTING_DISCOVERABLE;
69ab39ea
JH		 381 settings |= MGMT_SETTING_BREDR;
382 settings |= MGMT_SETTING_LINK_SECURITY;
d7b7e796 383 settings |= MGMT_SETTING_HS;
848566b3 384 }
d7b7e796 385
eeca6f89 386 if (lmp_le_capable(hdev)) {
9d42820f 387 settings |= MGMT_SETTING_LE;
eeca6f89
JH		 388 settings |= MGMT_SETTING_ADVERTISING;
389 }
69ab39ea
JH		 390
391 return settings;
392}
393
394static u32 get_current_settings(struct hci_dev *hdev)
395{
396 u32 settings = 0;
397
f1f0eb02 398 if (hdev_is_powered(hdev))
f0d4b78a
MH		 399 settings |= MGMT_SETTING_POWERED;
400
5e5282bb 401 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
69ab39ea
JH		 402 settings |= MGMT_SETTING_CONNECTABLE;
403
1a4d3c4b
JH		 404 if (test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags))
405 settings |= MGMT_SETTING_FAST_CONNECTABLE;
406
5e5282bb 407 if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
69ab39ea
JH		 408 settings |= MGMT_SETTING_DISCOVERABLE;
409
a8b2d5c2 410 if (test_bit(HCI_PAIRABLE, &hdev->dev_flags))
69ab39ea
JH		 411 settings |= MGMT_SETTING_PAIRABLE;
412
56f87901 413 if (test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
69ab39ea
JH		 414 settings |= MGMT_SETTING_BREDR;
415
06199cf8 416 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
69ab39ea
JH		 417 settings |= MGMT_SETTING_LE;
418
47990ea0 419 if (test_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
69ab39ea
JH		 420 settings |= MGMT_SETTING_LINK_SECURITY;
421
84bde9d6 422 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
69ab39ea
JH		 423 settings |= MGMT_SETTING_SSP;
424
6d80dfd0
JH		 425 if (test_bit(HCI_HS_ENABLED, &hdev->dev_flags))
426 settings |= MGMT_SETTING_HS;
427
eeca6f89
JH		 428 if (test_bit(HCI_LE_PERIPHERAL, &hdev->dev_flags))
429 settings |= MGMT_SETTING_ADVERTISING;
430
69ab39ea
JH		 431 return settings;
432}
433
ef580372
JH		 434#define PNP_INFO_SVCLASS_ID 0x1200
435
213202ed
JH		 436static u8 *create_uuid16_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
437{
438 u8 *ptr = data, *uuids_start = NULL;
439 struct bt_uuid *uuid;
440
441 if (len < 4)
442 return ptr;
443
444 list_for_each_entry(uuid, &hdev->uuids, list) {
445 u16 uuid16;
446
447 if (uuid->size != 16)
448 continue;
449
450 uuid16 = get_unaligned_le16(&uuid->uuid[12]);
451 if (uuid16 < 0x1100)
452 continue;
453
454 if (uuid16 == PNP_INFO_SVCLASS_ID)
455 continue;
456
457 if (!uuids_start) {
458 uuids_start = ptr;
459 uuids_start[0] = 1;
460 uuids_start[1] = EIR_UUID16_ALL;
461 ptr += 2;
462 }
463
464 /* Stop if not enough space to put next UUID */
465 if ((ptr - data) + sizeof(u16) > len) {
466 uuids_start[1] = EIR_UUID16_SOME;
467 break;
468 }
469
470 *ptr++ = (uuid16 & 0x00ff);
471 *ptr++ = (uuid16 & 0xff00) >> 8;
472 uuids_start[0] += sizeof(uuid16);
473 }
474
475 return ptr;
476}
477
cdf1963f
JH		 478static u8 *create_uuid32_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
479{
480 u8 *ptr = data, *uuids_start = NULL;
481 struct bt_uuid *uuid;
482
483 if (len < 6)
484 return ptr;
485
486 list_for_each_entry(uuid, &hdev->uuids, list) {
487 if (uuid->size != 32)
488 continue;
489
490 if (!uuids_start) {
491 uuids_start = ptr;
492 uuids_start[0] = 1;
493 uuids_start[1] = EIR_UUID32_ALL;
494 ptr += 2;
495 }
496
497 /* Stop if not enough space to put next UUID */
498 if ((ptr - data) + sizeof(u32) > len) {
499 uuids_start[1] = EIR_UUID32_SOME;
500 break;
501 }
502
503 memcpy(ptr, &uuid->uuid[12], sizeof(u32));
504 ptr += sizeof(u32);
505 uuids_start[0] += sizeof(u32);
506 }
507
508 return ptr;
509}
510
c00d575b
JH		 511static u8 *create_uuid128_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
512{
513 u8 *ptr = data, *uuids_start = NULL;
514 struct bt_uuid *uuid;
515
516 if (len < 18)
517 return ptr;
518
519 list_for_each_entry(uuid, &hdev->uuids, list) {
520 if (uuid->size != 128)
521 continue;
522
523 if (!uuids_start) {
524 uuids_start = ptr;
525 uuids_start[0] = 1;
526 uuids_start[1] = EIR_UUID128_ALL;
527 ptr += 2;
528 }
529
530 /* Stop if not enough space to put next UUID */
531 if ((ptr - data) + 16 > len) {
532 uuids_start[1] = EIR_UUID128_SOME;
533 break;
534 }
535
536 memcpy(ptr, uuid->uuid, 16);
537 ptr += 16;
538 uuids_start[0] += 16;
539 }
540
541 return ptr;
542}
543
ef580372
JH		 544static void create_eir(struct hci_dev *hdev, u8 *data)
545{
546 u8 *ptr = data;
ef580372
JH		 547 size_t name_len;
548
549 name_len = strlen(hdev->dev_name);
550
551 if (name_len > 0) {
552 /* EIR Data type */
553 if (name_len > 48) {
554 name_len = 48;
555 ptr[1] = EIR_NAME_SHORT;
556 } else
557 ptr[1] = EIR_NAME_COMPLETE;
558
559 /* EIR Data length */
560 ptr[0] = name_len + 1;
561
562 memcpy(ptr + 2, hdev->dev_name, name_len);
563
ef580372
JH		 564 ptr += (name_len + 2);
565 }
566
bbaf444a 567 if (hdev->inq_tx_power != HCI_TX_POWER_INVALID) {
91c4e9b1
MH		 568 ptr[0] = 2;
569 ptr[1] = EIR_TX_POWER;
570 ptr[2] = (u8) hdev->inq_tx_power;
571
91c4e9b1
MH		 572 ptr += 3;
573 }
574
2b9be137
MH		 575 if (hdev->devid_source > 0) {
576 ptr[0] = 9;
577 ptr[1] = EIR_DEVICE_ID;
578
579 put_unaligned_le16(hdev->devid_source, ptr + 2);
580 put_unaligned_le16(hdev->devid_vendor, ptr + 4);
581 put_unaligned_le16(hdev->devid_product, ptr + 6);
582 put_unaligned_le16(hdev->devid_version, ptr + 8);
583
2b9be137
MH		 584 ptr += 10;
585 }
586
213202ed 587 ptr = create_uuid16_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
cdf1963f 588 ptr = create_uuid32_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
c00d575b 589 ptr = create_uuid128_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
ef580372
JH		 590}
591
890ea898 592static void update_eir(struct hci_request *req)
ef580372 593{
890ea898 594 struct hci_dev *hdev = req->hdev;
ef580372
JH		 595 struct hci_cp_write_eir cp;
596
504c8dcd 597 if (!hdev_is_powered(hdev))
890ea898 598 return;
7770c4aa 599
976eb20e 600 if (!lmp_ext_inq_capable(hdev))
890ea898 601 return;
ef580372 602
84bde9d6 603 if (!test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
890ea898 604 return;
ef580372 605
a8b2d5c2 606 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
890ea898 607 return;
ef580372
JH		 608
609 memset(&cp, 0, sizeof(cp));
610
611 create_eir(hdev, cp.data);
612
613 if (memcmp(cp.data, hdev->eir, sizeof(cp.data)) == 0)
890ea898 614 return;
ef580372
JH		 615
616 memcpy(hdev->eir, cp.data, sizeof(cp.data));
617
890ea898 618 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
ef580372
JH		 619}
620
621static u8 get_service_classes(struct hci_dev *hdev)
622{
623 struct bt_uuid *uuid;
624 u8 val = 0;
625
626 list_for_each_entry(uuid, &hdev->uuids, list)
627 val |= uuid->svc_hint;
628
629 return val;
630}
631
890ea898 632static void update_class(struct hci_request *req)
ef580372 633{
890ea898 634 struct hci_dev *hdev = req->hdev;
ef580372
JH		 635 u8 cod[3];
636
637 BT_DBG("%s", hdev->name);
638
504c8dcd 639 if (!hdev_is_powered(hdev))
890ea898 640 return;
7770c4aa 641
a8b2d5c2 642 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
890ea898 643 return;
ef580372
JH		 644
645 cod[0] = hdev->minor_class;
646 cod[1] = hdev->major_class;
647 cod[2] = get_service_classes(hdev);
648
649 if (memcmp(cod, hdev->dev_class, 3) == 0)
890ea898 650 return;
ef580372 651
890ea898 652 hci_req_add(req, HCI_OP_WRITE_CLASS_OF_DEV, sizeof(cod), cod);
ef580372
JH		 653}
654
7d78525d
JH		 655static void service_cache_off(struct work_struct *work)
656{
657 struct hci_dev *hdev = container_of(work, struct hci_dev,
04124681 658 service_cache.work);
890ea898 659 struct hci_request req;
7d78525d 660
a8b2d5c2 661 if (!test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
7d78525d
JH		 662 return;
663
890ea898
JH		 664 hci_req_init(&req, hdev);
665
7d78525d
JH		 666 hci_dev_lock(hdev);
667
890ea898
JH		 668 update_eir(&req);
669 update_class(&req);
7d78525d
JH		 670
671 hci_dev_unlock(hdev);
890ea898
JH		 672
673 hci_req_run(&req, NULL);
7d78525d
JH		 674}
675
6a919082 676static void mgmt_init_hdev(struct sock *sk, struct hci_dev *hdev)
7d78525d 677{
4f87da80 678 if (test_and_set_bit(HCI_MGMT, &hdev->dev_flags))
6a919082
JH		 679 return;
680
4f87da80 681 INIT_DELAYED_WORK(&hdev->service_cache, service_cache_off);
7d78525d 682
4f87da80
JH		 683 /* Non-mgmt controlled devices get this bit set
684 * implicitly so that pairing works for them, however
685 * for mgmt we require user-space to explicitly enable
686 * it
687 */
688 clear_bit(HCI_PAIRABLE, &hdev->dev_flags);
7d78525d
JH		 689}
690
0f4e68cf 691static int read_controller_info(struct sock *sk, struct hci_dev *hdev,
04124681 692 void *data, u16 data_len)
0381101f 693{
a38528f1 694 struct mgmt_rp_read_info rp;
f7b64e69 695
bdb6d971 696 BT_DBG("sock %p %s", sk, hdev->name);
f7b64e69 697
09fd0de5 698 hci_dev_lock(hdev);
f7b64e69 699
dc4fe30b
JH		 700 memset(&rp, 0, sizeof(rp));
701
69ab39ea 702 bacpy(&rp.bdaddr, &hdev->bdaddr);
f7b64e69 703
69ab39ea 704 rp.version = hdev->hci_ver;
eb55ef07 705 rp.manufacturer = cpu_to_le16(hdev->manufacturer);
69ab39ea
JH		 706
707 rp.supported_settings = cpu_to_le32(get_supported_settings(hdev));
708 rp.current_settings = cpu_to_le32(get_current_settings(hdev));
f7b64e69 709
a38528f1 710 memcpy(rp.dev_class, hdev->dev_class, 3);
f7b64e69 711
dc4fe30b 712 memcpy(rp.name, hdev->dev_name, sizeof(hdev->dev_name));
27fcc362 713 memcpy(rp.short_name, hdev->short_name, sizeof(hdev->short_name));
dc4fe30b 714
09fd0de5 715 hci_dev_unlock(hdev);
0381101f 716
bdb6d971 717 return cmd_complete(sk, hdev->id, MGMT_OP_READ_INFO, 0, &rp,
04124681 718 sizeof(rp));
0381101f
JH		 719}
720
eec8d2bc
JH		 721static void mgmt_pending_free(struct pending_cmd *cmd)
722{
723 sock_put(cmd->sk);
c68fb7ff 724 kfree(cmd->param);
eec8d2bc
JH		 725 kfree(cmd);
726}
727
366a0336 728static struct pending_cmd *mgmt_pending_add(struct sock *sk, u16 opcode,
04124681
GP		 729 struct hci_dev *hdev, void *data,
730 u16 len)
eec8d2bc
JH		 731{
732 struct pending_cmd *cmd;
733
12b94565 734 cmd = kmalloc(sizeof(*cmd), GFP_KERNEL);
eec8d2bc 735 if (!cmd)
366a0336 736 return NULL;
eec8d2bc
JH		 737
738 cmd->opcode = opcode;
2e58ef3e 739 cmd->index = hdev->id;
eec8d2bc 740
12b94565 741 cmd->param = kmalloc(len, GFP_KERNEL);
c68fb7ff 742 if (!cmd->param) {
eec8d2bc 743 kfree(cmd);
366a0336 744 return NULL;
eec8d2bc
JH		 745 }
746
8fce6357
SJ		 747 if (data)
748 memcpy(cmd->param, data, len);
eec8d2bc
JH		 749
750 cmd->sk = sk;
751 sock_hold(sk);
752
2e58ef3e 753 list_add(&cmd->list, &hdev->mgmt_pending);
eec8d2bc 754
366a0336 755 return cmd;
eec8d2bc
JH		 756}
757
744cf19e 758static void mgmt_pending_foreach(u16 opcode, struct hci_dev *hdev,
8fc9ced3
GP		 759 void (*cb)(struct pending_cmd *cmd,
760 void *data),
04124681 761 void *data)
eec8d2bc 762{
a3d09356 763 struct pending_cmd *cmd, *tmp;
eec8d2bc 764
a3d09356 765 list_for_each_entry_safe(cmd, tmp, &hdev->mgmt_pending, list) {
b24752fe 766 if (opcode > 0 && cmd->opcode != opcode)
eec8d2bc
JH		 767 continue;
768
eec8d2bc
JH		 769 cb(cmd, data);
770 }
771}
772
2e58ef3e 773static struct pending_cmd *mgmt_pending_find(u16 opcode, struct hci_dev *hdev)
eec8d2bc 774{
8035ded4 775 struct pending_cmd *cmd;
eec8d2bc 776
2e58ef3e 777 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
2aeabcbe
JH		 778 if (cmd->opcode == opcode)
779 return cmd;
eec8d2bc
JH		 780 }
781
782 return NULL;
783}
784
a664b5bc 785static void mgmt_pending_remove(struct pending_cmd *cmd)
73f22f62 786{
73f22f62
JH		 787 list_del(&cmd->list);
788 mgmt_pending_free(cmd);
789}
790
69ab39ea 791static int send_settings_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
8680570b 792{
69ab39ea 793 __le32 settings = cpu_to_le32(get_current_settings(hdev));
8680570b 794
aee9b218 795 return cmd_complete(sk, hdev->id, opcode, 0, &settings,
04124681 796 sizeof(settings));
8680570b
JH		 797}
798
bdb6d971 799static int set_powered(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 800 u16 len)
eec8d2bc 801{
650f726d 802 struct mgmt_mode *cp = data;
366a0336 803 struct pending_cmd *cmd;
4b34ee78 804 int err;
eec8d2bc 805
bdb6d971 806 BT_DBG("request for %s", hdev->name);
eec8d2bc 807
a7e80f25
JH		 808 if (cp->val != 0x00 && cp->val != 0x01)
809 return cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
810 MGMT_STATUS_INVALID_PARAMS);
811
09fd0de5 812 hci_dev_lock(hdev);
eec8d2bc 813
87b95ba6
JH		 814 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev)) {
815 err = cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
816 MGMT_STATUS_BUSY);
817 goto failed;
818 }
819
f0d4b78a
MH		 820 if (test_and_clear_bit(HCI_AUTO_OFF, &hdev->dev_flags)) {
821 cancel_delayed_work(&hdev->power_off);
822
823 if (cp->val) {
a1d70450
JH		 824 mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev,
825 data, len);
826 err = mgmt_powered(hdev, 1);
f0d4b78a
MH		 827 goto failed;
828 }
829 }
830
4b34ee78 831 if (!!cp->val == hdev_is_powered(hdev)) {
69ab39ea 832 err = send_settings_rsp(sk, MGMT_OP_SET_POWERED, hdev);
eec8d2bc
JH		 833 goto failed;
834 }
835
2e58ef3e 836 cmd = mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev, data, len);
366a0336
JH		 837 if (!cmd) {
838 err = -ENOMEM;
eec8d2bc 839 goto failed;
366a0336 840 }
eec8d2bc 841
72a734ec 842 if (cp->val)
19202573 843 queue_work(hdev->req_workqueue, &hdev->power_on);
eec8d2bc 844 else
19202573 845 queue_work(hdev->req_workqueue, &hdev->power_off.work);
eec8d2bc 846
366a0336 847 err = 0;
eec8d2bc
JH		 848
849failed:
09fd0de5 850 hci_dev_unlock(hdev);
366a0336 851 return err;
eec8d2bc
JH		 852}
853
04124681
GP		 854static int mgmt_event(u16 event, struct hci_dev *hdev, void *data, u16 data_len,
855 struct sock *skip_sk)
beadb2bd
JH		 856{
857 struct sk_buff *skb;
858 struct mgmt_hdr *hdr;
859
790eff44 860 skb = alloc_skb(sizeof(*hdr) + data_len, GFP_KERNEL);
beadb2bd
JH		 861 if (!skb)
862 return -ENOMEM;
863
864 hdr = (void *) skb_put(skb, sizeof(*hdr));
865 hdr->opcode = cpu_to_le16(event);
866 if (hdev)
867 hdr->index = cpu_to_le16(hdev->id);
868 else
612dfce9 869 hdr->index = __constant_cpu_to_le16(MGMT_INDEX_NONE);
beadb2bd
JH		 870 hdr->len = cpu_to_le16(data_len);
871
872 if (data)
873 memcpy(skb_put(skb, data_len), data, data_len);
874
97e0bdeb
MH		 875 /* Time stamp */
876 __net_timestamp(skb);
877
beadb2bd
JH		 878 hci_send_to_control(skb, skip_sk);
879 kfree_skb(skb);
880
881 return 0;
882}
883
884static int new_settings(struct hci_dev *hdev, struct sock *skip)
885{
886 __le32 ev;
887
888 ev = cpu_to_le32(get_current_settings(hdev));
889
890 return mgmt_event(MGMT_EV_NEW_SETTINGS, hdev, &ev, sizeof(ev), skip);
891}
892
bd99abdd
JH		 893struct cmd_lookup {
894 struct sock *sk;
895 struct hci_dev *hdev;
896 u8 mgmt_status;
897};
898
899static void settings_rsp(struct pending_cmd *cmd, void *data)
900{
901 struct cmd_lookup *match = data;
902
903 send_settings_rsp(cmd->sk, cmd->opcode, match->hdev);
904
905 list_del(&cmd->list);
906
907 if (match->sk == NULL) {
908 match->sk = cmd->sk;
909 sock_hold(match->sk);
910 }
911
912 mgmt_pending_free(cmd);
913}
914
915static void cmd_status_rsp(struct pending_cmd *cmd, void *data)
916{
917 u8 *status = data;
918
919 cmd_status(cmd->sk, cmd->index, cmd->opcode, *status);
920 mgmt_pending_remove(cmd);
921}
922
e6fe7986
JH		 923static u8 mgmt_bredr_support(struct hci_dev *hdev)
924{
925 if (!lmp_bredr_capable(hdev))
926 return MGMT_STATUS_NOT_SUPPORTED;
927 else if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
928 return MGMT_STATUS_REJECTED;
929 else
930 return MGMT_STATUS_SUCCESS;
931}
932
933static u8 mgmt_le_support(struct hci_dev *hdev)
934{
935 if (!lmp_le_capable(hdev))
936 return MGMT_STATUS_NOT_SUPPORTED;
937 else if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
938 return MGMT_STATUS_REJECTED;
939 else
940 return MGMT_STATUS_SUCCESS;
941}
942
bdb6d971 943static int set_discoverable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 944 u16 len)
73f22f62 945{
650f726d 946 struct mgmt_cp_set_discoverable *cp = data;
366a0336 947 struct pending_cmd *cmd;
5e5282bb 948 u16 timeout;
e6fe7986 949 u8 scan, status;
73f22f62
JH		 950 int err;
951
bdb6d971 952 BT_DBG("request for %s", hdev->name);
73f22f62 953
e6fe7986
JH		 954 status = mgmt_bredr_support(hdev);
955 if (status)
33c525c0 956 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
e6fe7986 957 status);
33c525c0 958
a7e80f25
JH		 959 if (cp->val != 0x00 && cp->val != 0x01)
960 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
961 MGMT_STATUS_INVALID_PARAMS);
962
1f350c87 963 timeout = __le16_to_cpu(cp->timeout);
24c54a90 964 if (!cp->val && timeout > 0)
bdb6d971 965 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 966 MGMT_STATUS_INVALID_PARAMS);
73f22f62 967
09fd0de5 968 hci_dev_lock(hdev);
73f22f62 969
5e5282bb 970 if (!hdev_is_powered(hdev) && timeout > 0) {
bdb6d971 971 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 972 MGMT_STATUS_NOT_POWERED);
73f22f62
JH		 973 goto failed;
974 }
975
2e58ef3e 976 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
8ce8e2b5 977 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
bdb6d971 978 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 979 MGMT_STATUS_BUSY);
73f22f62
JH		 980 goto failed;
981 }
982
5e5282bb 983 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags)) {
bdb6d971 984 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 985 MGMT_STATUS_REJECTED);
5e5282bb
JH		 986 goto failed;
987 }
988
989 if (!hdev_is_powered(hdev)) {
0224d2fa
JH		 990 bool changed = false;
991
992 if (!!cp->val != test_bit(HCI_DISCOVERABLE, &hdev->dev_flags)) {
993 change_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
994 changed = true;
995 }
996
5e5282bb 997 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
0224d2fa
JH		 998 if (err < 0)
999 goto failed;
1000
1001 if (changed)
1002 err = new_settings(hdev, sk);
1003
5e5282bb
JH		 1004 goto failed;
1005 }
1006
1007 if (!!cp->val == test_bit(HCI_DISCOVERABLE, &hdev->dev_flags)) {
955638ec
MH		 1008 if (hdev->discov_timeout > 0) {
1009 cancel_delayed_work(&hdev->discov_off);
1010 hdev->discov_timeout = 0;
1011 }
1012
1013 if (cp->val && timeout > 0) {
1014 hdev->discov_timeout = timeout;
1015 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
1016 msecs_to_jiffies(hdev->discov_timeout * 1000));
1017 }
1018
69ab39ea 1019 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
73f22f62
JH		 1020 goto failed;
1021 }
1022
2e58ef3e 1023 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DISCOVERABLE, hdev, data, len);
366a0336
JH		 1024 if (!cmd) {
1025 err = -ENOMEM;
73f22f62 1026 goto failed;
366a0336 1027 }
73f22f62
JH		 1028
1029 scan = SCAN_PAGE;
1030
72a734ec 1031 if (cp->val)
73f22f62 1032 scan |= SCAN_INQUIRY;
16ab91ab 1033 else
e0f9309f 1034 cancel_delayed_work(&hdev->discov_off);
73f22f62
JH		 1035
1036 err = hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1037 if (err < 0)
a664b5bc 1038 mgmt_pending_remove(cmd);
73f22f62 1039
16ab91ab 1040 if (cp->val)
5e5282bb 1041 hdev->discov_timeout = timeout;
16ab91ab 1042
73f22f62 1043failed:
09fd0de5 1044 hci_dev_unlock(hdev);
73f22f62
JH		 1045 return err;
1046}
1047
406d7804
JH		 1048static void write_fast_connectable(struct hci_request *req, bool enable)
1049{
bd98b996 1050 struct hci_dev *hdev = req->hdev;
406d7804
JH		 1051 struct hci_cp_write_page_scan_activity acp;
1052 u8 type;
1053
4c01f8b8
JH		 1054 if (hdev->hci_ver < BLUETOOTH_VER_1_2)
1055 return;
1056
406d7804
JH		 1057 if (enable) {
1058 type = PAGE_SCAN_TYPE_INTERLACED;
1059
1060 /* 160 msec page scan interval */
1061 acp.interval = __constant_cpu_to_le16(0x0100);
1062 } else {
1063 type = PAGE_SCAN_TYPE_STANDARD; /* default */
1064
1065 /* default 1.28 sec page scan */
1066 acp.interval = __constant_cpu_to_le16(0x0800);
1067 }
1068
1069 acp.window = __constant_cpu_to_le16(0x0012);
1070
bd98b996
JH		 1071 if (__cpu_to_le16(hdev->page_scan_interval) != acp.interval ||
1072 __cpu_to_le16(hdev->page_scan_window) != acp.window)
1073 hci_req_add(req, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY,
1074 sizeof(acp), &acp);
1075
1076 if (hdev->page_scan_type != type)
1077 hci_req_add(req, HCI_OP_WRITE_PAGE_SCAN_TYPE, 1, &type);
406d7804
JH		 1078}
1079
2b76f453
JH		 1080static void set_connectable_complete(struct hci_dev *hdev, u8 status)
1081{
1082 struct pending_cmd *cmd;
1083
1084 BT_DBG("status 0x%02x", status);
1085
1086 hci_dev_lock(hdev);
1087
1088 cmd = mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
1089 if (!cmd)
1090 goto unlock;
1091
1092 send_settings_rsp(cmd->sk, MGMT_OP_SET_CONNECTABLE, hdev);
1093
1094 mgmt_pending_remove(cmd);
1095
1096unlock:
1097 hci_dev_unlock(hdev);
1098}
1099
bdb6d971 1100static int set_connectable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1101 u16 len)
9fbcbb45 1102{
650f726d 1103 struct mgmt_mode *cp = data;
366a0336 1104 struct pending_cmd *cmd;
2b76f453 1105 struct hci_request req;
e6fe7986 1106 u8 scan, status;
9fbcbb45
JH		 1107 int err;
1108
bdb6d971 1109 BT_DBG("request for %s", hdev->name);
9fbcbb45 1110
e6fe7986
JH		 1111 status = mgmt_bredr_support(hdev);
1112 if (status)
33c525c0 1113 return cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
e6fe7986 1114 status);
33c525c0 1115
a7e80f25
JH		 1116 if (cp->val != 0x00 && cp->val != 0x01)
1117 return cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1118 MGMT_STATUS_INVALID_PARAMS);
1119
09fd0de5 1120 hci_dev_lock(hdev);
9fbcbb45 1121
4b34ee78 1122 if (!hdev_is_powered(hdev)) {
0224d2fa
JH		 1123 bool changed = false;
1124
1125 if (!!cp->val != test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
1126 changed = true;
1127
6bf0e469 1128 if (cp->val) {
5e5282bb 1129 set_bit(HCI_CONNECTABLE, &hdev->dev_flags);
6bf0e469 1130 } else {
5e5282bb
JH		 1131 clear_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1132 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
1133 }
0224d2fa 1134
5e5282bb 1135 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
0224d2fa
JH		 1136 if (err < 0)
1137 goto failed;
1138
1139 if (changed)
1140 err = new_settings(hdev, sk);
1141
9fbcbb45
JH		 1142 goto failed;
1143 }
1144
2e58ef3e 1145 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
8ce8e2b5 1146 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
bdb6d971 1147 err = cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
04124681 1148 MGMT_STATUS_BUSY);
9fbcbb45
JH		 1149 goto failed;
1150 }
1151
5e5282bb 1152 if (!!cp->val == test_bit(HCI_PSCAN, &hdev->flags)) {
69ab39ea 1153 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
9fbcbb45
JH		 1154 goto failed;
1155 }
1156
2e58ef3e 1157 cmd = mgmt_pending_add(sk, MGMT_OP_SET_CONNECTABLE, hdev, data, len);
366a0336
JH		 1158 if (!cmd) {
1159 err = -ENOMEM;
9fbcbb45 1160 goto failed;
366a0336 1161 }
9fbcbb45 1162
6bf0e469 1163 if (cp->val) {
9fbcbb45 1164 scan = SCAN_PAGE;
6bf0e469 1165 } else {
9fbcbb45
JH		 1166 scan = 0;
1167
df2c6c5e 1168 if (test_bit(HCI_ISCAN, &hdev->flags) &&
8ce8e2b5 1169 hdev->discov_timeout > 0)
df2c6c5e
JH		 1170 cancel_delayed_work(&hdev->discov_off);
1171 }
1172
2b76f453
JH		 1173 hci_req_init(&req, hdev);
1174
1175 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1176
4c01f8b8
JH		 1177 /* If we're going from non-connectable to connectable or
1178 * vice-versa when fast connectable is enabled ensure that fast
1179 * connectable gets disabled. write_fast_connectable won't do
1180 * anything if the page scan parameters are already what they
1181 * should be.
1182 */
1183 if (cp->val || test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags))
e36a3769
JH		 1184 write_fast_connectable(&req, false);
1185
2b76f453 1186 err = hci_req_run(&req, set_connectable_complete);
9fbcbb45 1187 if (err < 0)
a664b5bc 1188 mgmt_pending_remove(cmd);
9fbcbb45
JH		 1189
1190failed:
09fd0de5 1191 hci_dev_unlock(hdev);
9fbcbb45
JH		 1192 return err;
1193}
1194
bdb6d971 1195static int set_pairable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1196 u16 len)
c542a06c 1197{
650f726d 1198 struct mgmt_mode *cp = data;
c542a06c
JH		 1199 int err;
1200
bdb6d971 1201 BT_DBG("request for %s", hdev->name);
c542a06c 1202
a7e80f25
JH		 1203 if (cp->val != 0x00 && cp->val != 0x01)
1204 return cmd_status(sk, hdev->id, MGMT_OP_SET_PAIRABLE,
1205 MGMT_STATUS_INVALID_PARAMS);
1206
09fd0de5 1207 hci_dev_lock(hdev);
c542a06c
JH		 1208
1209 if (cp->val)
a8b2d5c2 1210 set_bit(HCI_PAIRABLE, &hdev->dev_flags);
c542a06c 1211 else
a8b2d5c2 1212 clear_bit(HCI_PAIRABLE, &hdev->dev_flags);
c542a06c 1213
69ab39ea 1214 err = send_settings_rsp(sk, MGMT_OP_SET_PAIRABLE, hdev);
c542a06c
JH		 1215 if (err < 0)
1216 goto failed;
1217
beadb2bd 1218 err = new_settings(hdev, sk);
c542a06c
JH		 1219
1220failed:
09fd0de5 1221 hci_dev_unlock(hdev);
c542a06c
JH		 1222 return err;
1223}
1224
04124681
GP		 1225static int set_link_security(struct sock *sk, struct hci_dev *hdev, void *data,
1226 u16 len)
33ef95ed
JH		 1227{
1228 struct mgmt_mode *cp = data;
1229 struct pending_cmd *cmd;
e6fe7986 1230 u8 val, status;
33ef95ed
JH		 1231 int err;
1232
bdb6d971 1233 BT_DBG("request for %s", hdev->name);
33ef95ed 1234
e6fe7986
JH		 1235 status = mgmt_bredr_support(hdev);
1236 if (status)
33c525c0 1237 return cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
e6fe7986 1238 status);
33c525c0 1239
a7e80f25
JH		 1240 if (cp->val != 0x00 && cp->val != 0x01)
1241 return cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1242 MGMT_STATUS_INVALID_PARAMS);
1243
33ef95ed
JH		 1244 hci_dev_lock(hdev);
1245
4b34ee78 1246 if (!hdev_is_powered(hdev)) {
47990ea0
JH		 1247 bool changed = false;
1248
1249 if (!!cp->val != test_bit(HCI_LINK_SECURITY,
8ce8e2b5 1250 &hdev->dev_flags)) {
47990ea0
JH		 1251 change_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
1252 changed = true;
1253 }
1254
1255 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1256 if (err < 0)
1257 goto failed;
1258
1259 if (changed)
1260 err = new_settings(hdev, sk);
1261
33ef95ed
JH		 1262 goto failed;
1263 }
1264
1265 if (mgmt_pending_find(MGMT_OP_SET_LINK_SECURITY, hdev)) {
bdb6d971 1266 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
04124681 1267 MGMT_STATUS_BUSY);
33ef95ed
JH		 1268 goto failed;
1269 }
1270
1271 val = !!cp->val;
1272
1273 if (test_bit(HCI_AUTH, &hdev->flags) == val) {
1274 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1275 goto failed;
1276 }
1277
1278 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LINK_SECURITY, hdev, data, len);
1279 if (!cmd) {
1280 err = -ENOMEM;
1281 goto failed;
1282 }
1283
1284 err = hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE, sizeof(val), &val);
1285 if (err < 0) {
1286 mgmt_pending_remove(cmd);
1287 goto failed;
1288 }
1289
1290failed:
1291 hci_dev_unlock(hdev);
33ef95ed
JH		 1292 return err;
1293}
1294
bdb6d971 1295static int set_ssp(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
ed2c4ee3
JH		 1296{
1297 struct mgmt_mode *cp = data;
1298 struct pending_cmd *cmd;
cdba5281 1299 u8 val, status;
ed2c4ee3
JH		 1300 int err;
1301
bdb6d971 1302 BT_DBG("request for %s", hdev->name);
ed2c4ee3 1303
cdba5281
MH		 1304 status = mgmt_bredr_support(hdev);
1305 if (status)
1306 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP, status);
1307
13ecd8b6
JH		 1308 if (!lmp_ssp_capable(hdev))
1309 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1310 MGMT_STATUS_NOT_SUPPORTED);
ed2c4ee3 1311
a7e80f25
JH		 1312 if (cp->val != 0x00 && cp->val != 0x01)
1313 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1314 MGMT_STATUS_INVALID_PARAMS);
1315
13ecd8b6 1316 hci_dev_lock(hdev);
6c8f12c1 1317
c0ecddc2
JH		 1318 val = !!cp->val;
1319
4b34ee78 1320 if (!hdev_is_powered(hdev)) {
c0ecddc2
JH		 1321 bool changed = false;
1322
1323 if (val != test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) {
1324 change_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
1325 changed = true;
1326 }
1327
1328 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1329 if (err < 0)
1330 goto failed;
1331
1332 if (changed)
1333 err = new_settings(hdev, sk);
1334
ed2c4ee3
JH		 1335 goto failed;
1336 }
1337
1338 if (mgmt_pending_find(MGMT_OP_SET_SSP, hdev)) {
d97dcb66
SJ		 1339 err = cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1340 MGMT_STATUS_BUSY);
ed2c4ee3
JH		 1341 goto failed;
1342 }
1343
ed2c4ee3
JH		 1344 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags) == val) {
1345 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1346 goto failed;
1347 }
1348
1349 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SSP, hdev, data, len);
1350 if (!cmd) {
1351 err = -ENOMEM;
1352 goto failed;
1353 }
1354
1355 err = hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, sizeof(val), &val);
1356 if (err < 0) {
1357 mgmt_pending_remove(cmd);
1358 goto failed;
1359 }
1360
1361failed:
1362 hci_dev_unlock(hdev);
ed2c4ee3
JH		 1363 return err;
1364}
1365
bdb6d971 1366static int set_hs(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
6d80dfd0
JH		 1367{
1368 struct mgmt_mode *cp = data;
ee392693 1369 bool changed;
e6fe7986 1370 u8 status;
ee392693 1371 int err;
6d80dfd0 1372
bdb6d971 1373 BT_DBG("request for %s", hdev->name);
6d80dfd0 1374
e6fe7986
JH		 1375 status = mgmt_bredr_support(hdev);
1376 if (status)
1377 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS, status);
6d80dfd0 1378
a7e80f25
JH		 1379 if (cp->val != 0x00 && cp->val != 0x01)
1380 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1381 MGMT_STATUS_INVALID_PARAMS);
1382
ee392693
MH		 1383 hci_dev_lock(hdev);
1384
a0cdf960 1385 if (cp->val) {
ee392693 1386 changed = !test_and_set_bit(HCI_HS_ENABLED, &hdev->dev_flags);
a0cdf960
MH		 1387 } else {
1388 if (hdev_is_powered(hdev)) {
1389 err = cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1390 MGMT_STATUS_REJECTED);
1391 goto unlock;
1392 }
1393
ee392693 1394 changed = test_and_clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
a0cdf960 1395 }
ee392693
MH		 1396
1397 err = send_settings_rsp(sk, MGMT_OP_SET_HS, hdev);
1398 if (err < 0)
1399 goto unlock;
1400
1401 if (changed)
1402 err = new_settings(hdev, sk);
6d80dfd0 1403
ee392693
MH		 1404unlock:
1405 hci_dev_unlock(hdev);
1406 return err;
6d80dfd0
JH		 1407}
1408
416a4ae5
JH		 1409static void le_enable_complete(struct hci_dev *hdev, u8 status)
1410{
1411 struct cmd_lookup match = { NULL, hdev };
1412
1413 if (status) {
1414 u8 mgmt_err = mgmt_status(status);
1415
1416 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, cmd_status_rsp,
1417 &mgmt_err);
1418 return;
1419 }
1420
1421 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, settings_rsp, &match);
1422
1423 new_settings(hdev, match.sk);
1424
1425 if (match.sk)
1426 sock_put(match.sk);
1427}
1428
bdb6d971 1429static int set_le(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
06199cf8
JH		 1430{
1431 struct mgmt_mode *cp = data;
1432 struct hci_cp_write_le_host_supported hci_cp;
1433 struct pending_cmd *cmd;
416a4ae5 1434 struct hci_request req;
06199cf8 1435 int err;
0b60eba1 1436 u8 val, enabled;
06199cf8 1437
bdb6d971 1438 BT_DBG("request for %s", hdev->name);
06199cf8 1439
13ecd8b6
JH		 1440 if (!lmp_le_capable(hdev))
1441 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1442 MGMT_STATUS_NOT_SUPPORTED);
1de028ce 1443
a7e80f25
JH		 1444 if (cp->val != 0x00 && cp->val != 0x01)
1445 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1446 MGMT_STATUS_INVALID_PARAMS);
1447
c73eee91 1448 /* LE-only devices do not allow toggling LE on/off */
56f87901 1449 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
c73eee91
JH		 1450 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1451 MGMT_STATUS_REJECTED);
1452
13ecd8b6 1453 hci_dev_lock(hdev);
06199cf8
JH		 1454
1455 val = !!cp->val;
ffa88e02 1456 enabled = lmp_host_le_capable(hdev);
06199cf8 1457
0b60eba1 1458 if (!hdev_is_powered(hdev) || val == enabled) {
06199cf8
JH		 1459 bool changed = false;
1460
1461 if (val != test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
1462 change_bit(HCI_LE_ENABLED, &hdev->dev_flags);
1463 changed = true;
1464 }
1465
eeca6f89
JH		 1466 if (!val && test_bit(HCI_LE_PERIPHERAL, &hdev->dev_flags)) {
1467 clear_bit(HCI_LE_PERIPHERAL, &hdev->dev_flags);
1468 changed = true;
1469 }
1470
06199cf8
JH		 1471 err = send_settings_rsp(sk, MGMT_OP_SET_LE, hdev);
1472 if (err < 0)
1de028ce 1473 goto unlock;
06199cf8
JH		 1474
1475 if (changed)
1476 err = new_settings(hdev, sk);
1477
1de028ce 1478 goto unlock;
06199cf8
JH		 1479 }
1480
4375f103
JH		 1481 if (mgmt_pending_find(MGMT_OP_SET_LE, hdev) ||
1482 mgmt_pending_find(MGMT_OP_SET_ADVERTISING, hdev)) {
bdb6d971 1483 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
04124681 1484 MGMT_STATUS_BUSY);
1de028ce 1485 goto unlock;
06199cf8
JH		 1486 }
1487
1488 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LE, hdev, data, len);
1489 if (!cmd) {
1490 err = -ENOMEM;
1de028ce 1491 goto unlock;
06199cf8
JH		 1492 }
1493
1494 memset(&hci_cp, 0, sizeof(hci_cp));
1495
1496 if (val) {
1497 hci_cp.le = val;
ffa88e02 1498 hci_cp.simul = lmp_le_br_capable(hdev);
06199cf8
JH		 1499 }
1500
416a4ae5
JH		 1501 hci_req_init(&req, hdev);
1502
eeca6f89
JH		 1503 if (test_bit(HCI_LE_PERIPHERAL, &hdev->dev_flags) && !val)
1504 hci_req_add(&req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(val), &val);
1505
416a4ae5
JH		 1506 hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(hci_cp),
1507 &hci_cp);
1508
1509 err = hci_req_run(&req, le_enable_complete);
0c01bc48 1510 if (err < 0)
06199cf8 1511 mgmt_pending_remove(cmd);
06199cf8 1512
1de028ce
JH		 1513unlock:
1514 hci_dev_unlock(hdev);
06199cf8
JH		 1515 return err;
1516}
1517
0cab9c80
JH		 1518/* This is a helper function to test for pending mgmt commands that can
1519 * cause CoD or EIR HCI commands. We can only allow one such pending
1520 * mgmt command at a time since otherwise we cannot easily track what
1521 * the current values are, will be, and based on that calculate if a new
1522 * HCI command needs to be sent and if yes with what value.
1523 */
1524static bool pending_eir_or_class(struct hci_dev *hdev)
1525{
1526 struct pending_cmd *cmd;
1527
1528 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
1529 switch (cmd->opcode) {
1530 case MGMT_OP_ADD_UUID:
1531 case MGMT_OP_REMOVE_UUID:
1532 case MGMT_OP_SET_DEV_CLASS:
1533 case MGMT_OP_SET_POWERED:
1534 return true;
1535 }
1536 }
1537
1538 return false;
1539}
1540
83be8eca
JH		 1541static const u8 bluetooth_base_uuid[] = {
1542 0xfb, 0x34, 0x9b, 0x5f, 0x80, 0x00, 0x00, 0x80,
1543 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1544};
1545
1546static u8 get_uuid_size(const u8 *uuid)
1547{
1548 u32 val;
1549
1550 if (memcmp(uuid, bluetooth_base_uuid, 12))
1551 return 128;
1552
1553 val = get_unaligned_le32(&uuid[12]);
1554 if (val > 0xffff)
1555 return 32;
1556
1557 return 16;
1558}
1559
92da6097
JH		 1560static void mgmt_class_complete(struct hci_dev *hdev, u16 mgmt_op, u8 status)
1561{
1562 struct pending_cmd *cmd;
1563
1564 hci_dev_lock(hdev);
1565
1566 cmd = mgmt_pending_find(mgmt_op, hdev);
1567 if (!cmd)
1568 goto unlock;
1569
1570 cmd_complete(cmd->sk, cmd->index, cmd->opcode, mgmt_status(status),
1571 hdev->dev_class, 3);
1572
1573 mgmt_pending_remove(cmd);
1574
1575unlock:
1576 hci_dev_unlock(hdev);
1577}
1578
1579static void add_uuid_complete(struct hci_dev *hdev, u8 status)
1580{
1581 BT_DBG("status 0x%02x", status);
1582
1583 mgmt_class_complete(hdev, MGMT_OP_ADD_UUID, status);
1584}
1585
bdb6d971 1586static int add_uuid(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
2aeb9a1a 1587{
650f726d 1588 struct mgmt_cp_add_uuid *cp = data;
90e70454 1589 struct pending_cmd *cmd;
890ea898 1590 struct hci_request req;
2aeb9a1a 1591 struct bt_uuid *uuid;
2aeb9a1a
JH		 1592 int err;
1593
bdb6d971 1594 BT_DBG("request for %s", hdev->name);
2aeb9a1a 1595
09fd0de5 1596 hci_dev_lock(hdev);
2aeb9a1a 1597
0cab9c80 1598 if (pending_eir_or_class(hdev)) {
bdb6d971 1599 err = cmd_status(sk, hdev->id, MGMT_OP_ADD_UUID,
04124681 1600 MGMT_STATUS_BUSY);
c95f0ba7
JH		 1601 goto failed;
1602 }
1603
92c4c204 1604 uuid = kmalloc(sizeof(*uuid), GFP_KERNEL);
2aeb9a1a
JH		 1605 if (!uuid) {
1606 err = -ENOMEM;
1607 goto failed;
1608 }
1609
1610 memcpy(uuid->uuid, cp->uuid, 16);
1aff6f09 1611 uuid->svc_hint = cp->svc_hint;
83be8eca 1612 uuid->size = get_uuid_size(cp->uuid);
2aeb9a1a 1613
de66aa63 1614 list_add_tail(&uuid->list, &hdev->uuids);
2aeb9a1a 1615
890ea898 1616 hci_req_init(&req, hdev);
1aff6f09 1617
890ea898
JH		 1618 update_class(&req);
1619 update_eir(&req);
1620
92da6097
JH		 1621 err = hci_req_run(&req, add_uuid_complete);
1622 if (err < 0) {
1623 if (err != -ENODATA)
1624 goto failed;
80a1e1db 1625
bdb6d971 1626 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_UUID, 0,
04124681 1627 hdev->dev_class, 3);
90e70454
JH		 1628 goto failed;
1629 }
1630
1631 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_UUID, hdev, data, len);
890ea898 1632 if (!cmd) {
90e70454 1633 err = -ENOMEM;
890ea898
JH		 1634 goto failed;
1635 }
1636
1637 err = 0;
2aeb9a1a
JH		 1638
1639failed:
09fd0de5 1640 hci_dev_unlock(hdev);
2aeb9a1a
JH		 1641 return err;
1642}
1643
24b78d0f
JH		 1644static bool enable_service_cache(struct hci_dev *hdev)
1645{
1646 if (!hdev_is_powered(hdev))
1647 return false;
1648
1649 if (!test_and_set_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
46818ed5
JH		 1650 queue_delayed_work(hdev->workqueue, &hdev->service_cache,
1651 CACHE_TIMEOUT);
24b78d0f
JH		 1652 return true;
1653 }
1654
1655 return false;
1656}
1657
92da6097
JH		 1658static void remove_uuid_complete(struct hci_dev *hdev, u8 status)
1659{
1660 BT_DBG("status 0x%02x", status);
1661
1662 mgmt_class_complete(hdev, MGMT_OP_REMOVE_UUID, status);
1663}
1664
bdb6d971 1665static int remove_uuid(struct sock *sk, struct hci_dev *hdev, void *data,
8ce8e2b5 1666 u16 len)
2aeb9a1a 1667{
650f726d 1668 struct mgmt_cp_remove_uuid *cp = data;
90e70454 1669 struct pending_cmd *cmd;
056341c8 1670 struct bt_uuid *match, *tmp;
2aeb9a1a 1671 u8 bt_uuid_any[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
890ea898 1672 struct hci_request req;
2aeb9a1a
JH		 1673 int err, found;
1674
bdb6d971 1675 BT_DBG("request for %s", hdev->name);
2aeb9a1a 1676
09fd0de5 1677 hci_dev_lock(hdev);
2aeb9a1a 1678
0cab9c80 1679 if (pending_eir_or_class(hdev)) {
bdb6d971 1680 err = cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
04124681 1681 MGMT_STATUS_BUSY);
c95f0ba7
JH		 1682 goto unlock;
1683 }
1684
2aeb9a1a
JH		 1685 if (memcmp(cp->uuid, bt_uuid_any, 16) == 0) {
1686 err = hci_uuids_clear(hdev);
4004b6d9 1687
24b78d0f 1688 if (enable_service_cache(hdev)) {
bdb6d971 1689 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID,
04124681 1690 0, hdev->dev_class, 3);
24b78d0f
JH		 1691 goto unlock;
1692 }
4004b6d9 1693
9246a869 1694 goto update_class;
2aeb9a1a
JH		 1695 }
1696
1697 found = 0;
1698
056341c8 1699 list_for_each_entry_safe(match, tmp, &hdev->uuids, list) {
2aeb9a1a
JH		 1700 if (memcmp(match->uuid, cp->uuid, 16) != 0)
1701 continue;
1702
1703 list_del(&match->list);
482049f7 1704 kfree(match);
2aeb9a1a
JH		 1705 found++;
1706 }
1707
1708 if (found == 0) {
bdb6d971 1709 err = cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
04124681 1710 MGMT_STATUS_INVALID_PARAMS);
2aeb9a1a
JH		 1711 goto unlock;
1712 }
1713
9246a869 1714update_class:
890ea898 1715 hci_req_init(&req, hdev);
1aff6f09 1716
890ea898
JH		 1717 update_class(&req);
1718 update_eir(&req);
1719
92da6097
JH		 1720 err = hci_req_run(&req, remove_uuid_complete);
1721 if (err < 0) {
1722 if (err != -ENODATA)
1723 goto unlock;
80a1e1db 1724
bdb6d971 1725 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID, 0,
04124681 1726 hdev->dev_class, 3);
90e70454
JH		 1727 goto unlock;
1728 }
1729
1730 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_UUID, hdev, data, len);
890ea898 1731 if (!cmd) {
90e70454 1732 err = -ENOMEM;
890ea898
JH		 1733 goto unlock;
1734 }
1735
1736 err = 0;
2aeb9a1a
JH		 1737
1738unlock:
09fd0de5 1739 hci_dev_unlock(hdev);
2aeb9a1a
JH		 1740 return err;
1741}
1742
92da6097
JH		 1743static void set_class_complete(struct hci_dev *hdev, u8 status)
1744{
1745 BT_DBG("status 0x%02x", status);
1746
1747 mgmt_class_complete(hdev, MGMT_OP_SET_DEV_CLASS, status);
1748}
1749
bdb6d971 1750static int set_dev_class(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1751 u16 len)
1aff6f09 1752{
650f726d 1753 struct mgmt_cp_set_dev_class *cp = data;
90e70454 1754 struct pending_cmd *cmd;
890ea898 1755 struct hci_request req;
1aff6f09
JH		 1756 int err;
1757
bdb6d971 1758 BT_DBG("request for %s", hdev->name);
1aff6f09 1759
56f87901 1760 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
13ecd8b6
JH		 1761 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
1762 MGMT_STATUS_NOT_SUPPORTED);
1aff6f09 1763
0cab9c80 1764 hci_dev_lock(hdev);
ee98f473 1765
0cab9c80
JH		 1766 if (pending_eir_or_class(hdev)) {
1767 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
1768 MGMT_STATUS_BUSY);
1769 goto unlock;
1770 }
c95f0ba7 1771
0cab9c80
JH		 1772 if ((cp->minor & 0x03) != 0 || (cp->major & 0xe0) != 0) {
1773 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
1774 MGMT_STATUS_INVALID_PARAMS);
1775 goto unlock;
1776 }
575b3a02 1777
932f5ff5
JH		 1778 hdev->major_class = cp->major;
1779 hdev->minor_class = cp->minor;
1780
b5235a65 1781 if (!hdev_is_powered(hdev)) {
bdb6d971 1782 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
04124681 1783 hdev->dev_class, 3);
b5235a65
JH		 1784 goto unlock;
1785 }
1786
890ea898
JH		 1787 hci_req_init(&req, hdev);
1788
a8b2d5c2 1789 if (test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
7d78525d
JH		 1790 hci_dev_unlock(hdev);
1791 cancel_delayed_work_sync(&hdev->service_cache);
1792 hci_dev_lock(hdev);
890ea898 1793 update_eir(&req);
7d78525d 1794 }
14c0b608 1795
890ea898
JH		 1796 update_class(&req);
1797
92da6097
JH		 1798 err = hci_req_run(&req, set_class_complete);
1799 if (err < 0) {
1800 if (err != -ENODATA)
1801 goto unlock;
1aff6f09 1802
bdb6d971 1803 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
04124681 1804 hdev->dev_class, 3);
90e70454
JH		 1805 goto unlock;
1806 }
1807
1808 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DEV_CLASS, hdev, data, len);
890ea898 1809 if (!cmd) {
90e70454 1810 err = -ENOMEM;
890ea898
JH		 1811 goto unlock;
1812 }
1813
1814 err = 0;
1aff6f09 1815
b5235a65 1816unlock:
09fd0de5 1817 hci_dev_unlock(hdev);
1aff6f09
JH		 1818 return err;
1819}
1820
bdb6d971 1821static int load_link_keys(struct sock *sk, struct hci_dev *hdev, void *data,
8ce8e2b5 1822 u16 len)
55ed8ca1 1823{
650f726d 1824 struct mgmt_cp_load_link_keys *cp = data;
4e51eae9 1825 u16 key_count, expected_len;
a492cd52 1826 int i;
55ed8ca1 1827
1f350c87 1828 key_count = __le16_to_cpu(cp->key_count);
55ed8ca1 1829
86742e1e
JH		 1830 expected_len = sizeof(*cp) + key_count *
1831 sizeof(struct mgmt_link_key_info);
a492cd52 1832 if (expected_len != len) {
86742e1e 1833 BT_ERR("load_link_keys: expected %u bytes, got %u bytes",
8ce8e2b5 1834 len, expected_len);
bdb6d971 1835 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
04124681 1836 MGMT_STATUS_INVALID_PARAMS);
55ed8ca1
JH		 1837 }
1838
4ae14301
JH		 1839 if (cp->debug_keys != 0x00 && cp->debug_keys != 0x01)
1840 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
1841 MGMT_STATUS_INVALID_PARAMS);
1842
bdb6d971 1843 BT_DBG("%s debug_keys %u key_count %u", hdev->name, cp->debug_keys,
8ce8e2b5 1844 key_count);
55ed8ca1 1845
4ee71b20
JH		 1846 for (i = 0; i < key_count; i++) {
1847 struct mgmt_link_key_info *key = &cp->keys[i];
1848
1849 if (key->addr.type != BDADDR_BREDR)
1850 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
1851 MGMT_STATUS_INVALID_PARAMS);
1852 }
1853
09fd0de5 1854 hci_dev_lock(hdev);
55ed8ca1
JH		 1855
1856 hci_link_keys_clear(hdev);
1857
55ed8ca1 1858 if (cp->debug_keys)
a8b2d5c2 1859 set_bit(HCI_DEBUG_KEYS, &hdev->dev_flags);
55ed8ca1 1860 else
a8b2d5c2 1861 clear_bit(HCI_DEBUG_KEYS, &hdev->dev_flags);
55ed8ca1 1862
a492cd52 1863 for (i = 0; i < key_count; i++) {
86742e1e 1864 struct mgmt_link_key_info *key = &cp->keys[i];
55ed8ca1 1865
d753fdc4 1866 hci_add_link_key(hdev, NULL, 0, &key->addr.bdaddr, key->val,
04124681 1867 key->type, key->pin_len);
55ed8ca1
JH		 1868 }
1869
bdb6d971 1870 cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS, 0, NULL, 0);
0e5f875a 1871
09fd0de5 1872 hci_dev_unlock(hdev);
55ed8ca1 1873
a492cd52 1874 return 0;
55ed8ca1
JH		 1875}
1876
b1078ad0 1877static int device_unpaired(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 1878 u8 addr_type, struct sock *skip_sk)
b1078ad0
JH		 1879{
1880 struct mgmt_ev_device_unpaired ev;
1881
1882 bacpy(&ev.addr.bdaddr, bdaddr);
1883 ev.addr.type = addr_type;
1884
1885 return mgmt_event(MGMT_EV_DEVICE_UNPAIRED, hdev, &ev, sizeof(ev),
04124681 1886 skip_sk);
b1078ad0
JH		 1887}
1888
bdb6d971 1889static int unpair_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1890 u16 len)
55ed8ca1 1891{
124f6e35
JH		 1892 struct mgmt_cp_unpair_device *cp = data;
1893 struct mgmt_rp_unpair_device rp;
a8a1d19e
JH		 1894 struct hci_cp_disconnect dc;
1895 struct pending_cmd *cmd;
55ed8ca1 1896 struct hci_conn *conn;
55ed8ca1
JH		 1897 int err;
1898
a8a1d19e 1899 memset(&rp, 0, sizeof(rp));
124f6e35
JH		 1900 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
1901 rp.addr.type = cp->addr.type;
a8a1d19e 1902
4ee71b20
JH		 1903 if (!bdaddr_type_is_valid(cp->addr.type))
1904 return cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
1905 MGMT_STATUS_INVALID_PARAMS,
1906 &rp, sizeof(rp));
1907
118da70b
JH		 1908 if (cp->disconnect != 0x00 && cp->disconnect != 0x01)
1909 return cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
1910 MGMT_STATUS_INVALID_PARAMS,
1911 &rp, sizeof(rp));
1912
4ee71b20
JH		 1913 hci_dev_lock(hdev);
1914
86a8cfc6 1915 if (!hdev_is_powered(hdev)) {
bdb6d971 1916 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
04124681 1917 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
86a8cfc6
JH		 1918 goto unlock;
1919 }
1920
591f47f3 1921 if (cp->addr.type == BDADDR_BREDR)
124f6e35
JH		 1922 err = hci_remove_link_key(hdev, &cp->addr.bdaddr);
1923 else
1924 err = hci_remove_ltk(hdev, &cp->addr.bdaddr);
b0dbfb46 1925
55ed8ca1 1926 if (err < 0) {
bdb6d971 1927 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
04124681 1928 MGMT_STATUS_NOT_PAIRED, &rp, sizeof(rp));
55ed8ca1
JH		 1929 goto unlock;
1930 }
1931
86a8cfc6 1932 if (cp->disconnect) {
591f47f3 1933 if (cp->addr.type == BDADDR_BREDR)
86a8cfc6 1934 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
8ce8e2b5 1935 &cp->addr.bdaddr);
86a8cfc6
JH		 1936 else
1937 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK,
8ce8e2b5 1938 &cp->addr.bdaddr);
86a8cfc6
JH		 1939 } else {
1940 conn = NULL;
1941 }
124f6e35 1942
a8a1d19e 1943 if (!conn) {
bdb6d971 1944 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE, 0,
04124681 1945 &rp, sizeof(rp));
b1078ad0 1946 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, sk);
a8a1d19e
JH		 1947 goto unlock;
1948 }
55ed8ca1 1949
124f6e35 1950 cmd = mgmt_pending_add(sk, MGMT_OP_UNPAIR_DEVICE, hdev, cp,
04124681 1951 sizeof(*cp));
a8a1d19e
JH		 1952 if (!cmd) {
1953 err = -ENOMEM;
1954 goto unlock;
55ed8ca1
JH		 1955 }
1956
eb55ef07 1957 dc.handle = cpu_to_le16(conn->handle);
a8a1d19e
JH		 1958 dc.reason = 0x13; /* Remote User Terminated Connection */
1959 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
1960 if (err < 0)
1961 mgmt_pending_remove(cmd);
1962
55ed8ca1 1963unlock:
09fd0de5 1964 hci_dev_unlock(hdev);
55ed8ca1
JH		 1965 return err;
1966}
1967
bdb6d971 1968static int disconnect(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1969 u16 len)
8962ee74 1970{
650f726d 1971 struct mgmt_cp_disconnect *cp = data;
06a63b19 1972 struct mgmt_rp_disconnect rp;
8962ee74 1973 struct hci_cp_disconnect dc;
366a0336 1974 struct pending_cmd *cmd;
8962ee74 1975 struct hci_conn *conn;
8962ee74
JH		 1976 int err;
1977
1978 BT_DBG("");
1979
06a63b19
JH		 1980 memset(&rp, 0, sizeof(rp));
1981 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
1982 rp.addr.type = cp->addr.type;
1983
4ee71b20 1984 if (!bdaddr_type_is_valid(cp->addr.type))
06a63b19
JH		 1985 return cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
1986 MGMT_STATUS_INVALID_PARAMS,
1987 &rp, sizeof(rp));
4ee71b20 1988
09fd0de5 1989 hci_dev_lock(hdev);
8962ee74
JH		 1990
1991 if (!test_bit(HCI_UP, &hdev->flags)) {
06a63b19
JH		 1992 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
1993 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
8962ee74
JH		 1994 goto failed;
1995 }
1996
2e58ef3e 1997 if (mgmt_pending_find(MGMT_OP_DISCONNECT, hdev)) {
06a63b19
JH		 1998 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
1999 MGMT_STATUS_BUSY, &rp, sizeof(rp));
8962ee74
JH		 2000 goto failed;
2001 }
2002
591f47f3 2003 if (cp->addr.type == BDADDR_BREDR)
8fc9ced3
GP		 2004 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
2005 &cp->addr.bdaddr);
88c3df13
JH		 2006 else
2007 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
365227e5 2008
f960727e 2009 if (!conn || conn->state == BT_OPEN || conn->state == BT_CLOSED) {
06a63b19
JH		 2010 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2011 MGMT_STATUS_NOT_CONNECTED, &rp, sizeof(rp));
8962ee74
JH		 2012 goto failed;
2013 }
2014
2e58ef3e 2015 cmd = mgmt_pending_add(sk, MGMT_OP_DISCONNECT, hdev, data, len);
366a0336
JH		 2016 if (!cmd) {
2017 err = -ENOMEM;
8962ee74 2018 goto failed;
366a0336 2019 }
8962ee74 2020
eb55ef07 2021 dc.handle = cpu_to_le16(conn->handle);
3701f944 2022 dc.reason = HCI_ERROR_REMOTE_USER_TERM;
8962ee74
JH		 2023
2024 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
2025 if (err < 0)
a664b5bc 2026 mgmt_pending_remove(cmd);
8962ee74
JH		 2027
2028failed:
09fd0de5 2029 hci_dev_unlock(hdev);
8962ee74
JH		 2030 return err;
2031}
2032
57c1477c 2033static u8 link_to_bdaddr(u8 link_type, u8 addr_type)
4c659c39
JH		 2034{
2035 switch (link_type) {
2036 case LE_LINK:
48264f06
JH		 2037 switch (addr_type) {
2038 case ADDR_LE_DEV_PUBLIC:
591f47f3 2039 return BDADDR_LE_PUBLIC;
0ed09148 2040
48264f06 2041 default:
0ed09148 2042 /* Fallback to LE Random address type */
591f47f3 2043 return BDADDR_LE_RANDOM;
48264f06 2044 }
0ed09148 2045
4c659c39 2046 default:
0ed09148 2047 /* Fallback to BR/EDR type */
591f47f3 2048 return BDADDR_BREDR;
4c659c39
JH		 2049 }
2050}
2051
04124681
GP		 2052static int get_connections(struct sock *sk, struct hci_dev *hdev, void *data,
2053 u16 data_len)
2784eb41 2054{
2784eb41 2055 struct mgmt_rp_get_connections *rp;
8035ded4 2056 struct hci_conn *c;
a38528f1 2057 size_t rp_len;
60fc5fb6
JH		 2058 int err;
2059 u16 i;
2784eb41
JH		 2060
2061 BT_DBG("");
2062
09fd0de5 2063 hci_dev_lock(hdev);
2784eb41 2064
5f97c1df 2065 if (!hdev_is_powered(hdev)) {
bdb6d971 2066 err = cmd_status(sk, hdev->id, MGMT_OP_GET_CONNECTIONS,
04124681 2067 MGMT_STATUS_NOT_POWERED);
5f97c1df
JH		 2068 goto unlock;
2069 }
2070
60fc5fb6 2071 i = 0;
b644ba33
JH		 2072 list_for_each_entry(c, &hdev->conn_hash.list, list) {
2073 if (test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
60fc5fb6 2074 i++;
2784eb41
JH		 2075 }
2076
60fc5fb6 2077 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
92c4c204 2078 rp = kmalloc(rp_len, GFP_KERNEL);
a38528f1 2079 if (!rp) {
2784eb41
JH		 2080 err = -ENOMEM;
2081 goto unlock;
2082 }
2083
2784eb41 2084 i = 0;
4c659c39 2085 list_for_each_entry(c, &hdev->conn_hash.list, list) {
b644ba33
JH		 2086 if (!test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
2087 continue;
4c659c39 2088 bacpy(&rp->addr[i].bdaddr, &c->dst);
57c1477c 2089 rp->addr[i].type = link_to_bdaddr(c->type, c->dst_type);
0ed09148 2090 if (c->type == SCO_LINK || c->type == ESCO_LINK)
4c659c39
JH		 2091 continue;
2092 i++;
2093 }
2094
eb55ef07 2095 rp->conn_count = cpu_to_le16(i);
60fc5fb6 2096
4c659c39
JH		 2097 /* Recalculate length in case of filtered SCO connections, etc */
2098 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
2784eb41 2099
bdb6d971 2100 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CONNECTIONS, 0, rp,
04124681 2101 rp_len);
2784eb41 2102
a38528f1 2103 kfree(rp);
5f97c1df
JH		 2104
2105unlock:
09fd0de5 2106 hci_dev_unlock(hdev);
2784eb41
JH		 2107 return err;
2108}
2109
bdb6d971 2110static int send_pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 2111 struct mgmt_cp_pin_code_neg_reply *cp)
96d97a67
WR		 2112{
2113 struct pending_cmd *cmd;
2114 int err;
2115
2e58ef3e 2116 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_NEG_REPLY, hdev, cp,
04124681 2117 sizeof(*cp));
96d97a67
WR		 2118 if (!cmd)
2119 return -ENOMEM;
2120
d8457698 2121 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
04124681 2122 sizeof(cp->addr.bdaddr), &cp->addr.bdaddr);
96d97a67
WR		 2123 if (err < 0)
2124 mgmt_pending_remove(cmd);
2125
2126 return err;
2127}
2128
bdb6d971 2129static int pin_code_reply(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2130 u16 len)
980e1a53 2131{
96d97a67 2132 struct hci_conn *conn;
650f726d 2133 struct mgmt_cp_pin_code_reply *cp = data;
980e1a53 2134 struct hci_cp_pin_code_reply reply;
366a0336 2135 struct pending_cmd *cmd;
980e1a53
JH		 2136 int err;
2137
2138 BT_DBG("");
2139
09fd0de5 2140 hci_dev_lock(hdev);
980e1a53 2141
4b34ee78 2142 if (!hdev_is_powered(hdev)) {
bdb6d971 2143 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
04124681 2144 MGMT_STATUS_NOT_POWERED);
980e1a53
JH		 2145 goto failed;
2146 }
2147
d8457698 2148 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->addr.bdaddr);
96d97a67 2149 if (!conn) {
bdb6d971 2150 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
04124681 2151 MGMT_STATUS_NOT_CONNECTED);
96d97a67
WR		 2152 goto failed;
2153 }
2154
2155 if (conn->pending_sec_level == BT_SECURITY_HIGH && cp->pin_len != 16) {
d8457698
JH		 2156 struct mgmt_cp_pin_code_neg_reply ncp;
2157
2158 memcpy(&ncp.addr, &cp->addr, sizeof(ncp.addr));
96d97a67
WR		 2159
2160 BT_ERR("PIN code is not 16 bytes long");
2161
bdb6d971 2162 err = send_pin_code_neg_reply(sk, hdev, &ncp);
96d97a67 2163 if (err >= 0)
bdb6d971 2164 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
04124681 2165 MGMT_STATUS_INVALID_PARAMS);
96d97a67
WR		 2166
2167 goto failed;
2168 }
2169
00abfe44 2170 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_REPLY, hdev, data, len);
366a0336
JH		 2171 if (!cmd) {
2172 err = -ENOMEM;
980e1a53 2173 goto failed;
366a0336 2174 }
980e1a53 2175
d8457698 2176 bacpy(&reply.bdaddr, &cp->addr.bdaddr);
980e1a53 2177 reply.pin_len = cp->pin_len;
24718ca5 2178 memcpy(reply.pin_code, cp->pin_code, sizeof(reply.pin_code));
980e1a53
JH		 2179
2180 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_REPLY, sizeof(reply), &reply);
2181 if (err < 0)
a664b5bc 2182 mgmt_pending_remove(cmd);
980e1a53
JH		 2183
2184failed:
09fd0de5 2185 hci_dev_unlock(hdev);
980e1a53
JH		 2186 return err;
2187}
2188
04124681
GP		 2189static int set_io_capability(struct sock *sk, struct hci_dev *hdev, void *data,
2190 u16 len)
17fa4b9d 2191{
650f726d 2192 struct mgmt_cp_set_io_capability *cp = data;
17fa4b9d
JH		 2193
2194 BT_DBG("");
2195
09fd0de5 2196 hci_dev_lock(hdev);
17fa4b9d
JH		 2197
2198 hdev->io_capability = cp->io_capability;
2199
2200 BT_DBG("%s IO capability set to 0x%02x", hdev->name,
8ce8e2b5 2201 hdev->io_capability);
17fa4b9d 2202
09fd0de5 2203 hci_dev_unlock(hdev);
17fa4b9d 2204
04124681
GP		 2205 return cmd_complete(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY, 0, NULL,
2206 0);
17fa4b9d
JH		 2207}
2208
6039aa73 2209static struct pending_cmd *find_pairing(struct hci_conn *conn)
e9a416b5
JH		 2210{
2211 struct hci_dev *hdev = conn->hdev;
8035ded4 2212 struct pending_cmd *cmd;
e9a416b5 2213
2e58ef3e 2214 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
e9a416b5
JH		 2215 if (cmd->opcode != MGMT_OP_PAIR_DEVICE)
2216 continue;
2217
e9a416b5
JH		 2218 if (cmd->user_data != conn)
2219 continue;
2220
2221 return cmd;
2222 }
2223
2224 return NULL;
2225}
2226
2227static void pairing_complete(struct pending_cmd *cmd, u8 status)
2228{
2229 struct mgmt_rp_pair_device rp;
2230 struct hci_conn *conn = cmd->user_data;
2231
ba4e564f 2232 bacpy(&rp.addr.bdaddr, &conn->dst);
57c1477c 2233 rp.addr.type = link_to_bdaddr(conn->type, conn->dst_type);
e9a416b5 2234
aee9b218 2235 cmd_complete(cmd->sk, cmd->index, MGMT_OP_PAIR_DEVICE, status,
04124681 2236 &rp, sizeof(rp));
e9a416b5
JH		 2237
2238 /* So we don't get further callbacks for this connection */
2239 conn->connect_cfm_cb = NULL;
2240 conn->security_cfm_cb = NULL;
2241 conn->disconn_cfm_cb = NULL;
2242
76a68ba0 2243 hci_conn_drop(conn);
e9a416b5 2244
a664b5bc 2245 mgmt_pending_remove(cmd);
e9a416b5
JH		 2246}
2247
2248static void pairing_complete_cb(struct hci_conn *conn, u8 status)
2249{
2250 struct pending_cmd *cmd;
2251
2252 BT_DBG("status %u", status);
2253
2254 cmd = find_pairing(conn);
56e5cb86 2255 if (!cmd)
e9a416b5 2256 BT_DBG("Unable to find a pending command");
56e5cb86 2257 else
e211326c 2258 pairing_complete(cmd, mgmt_status(status));
e9a416b5
JH		 2259}
2260
4c47d739
VA		 2261static void le_connect_complete_cb(struct hci_conn *conn, u8 status)
2262{
2263 struct pending_cmd *cmd;
2264
2265 BT_DBG("status %u", status);
2266
2267 if (!status)
2268 return;
2269
2270 cmd = find_pairing(conn);
2271 if (!cmd)
2272 BT_DBG("Unable to find a pending command");
2273 else
2274 pairing_complete(cmd, mgmt_status(status));
2275}
2276
bdb6d971 2277static int pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2278 u16 len)
e9a416b5 2279{
650f726d 2280 struct mgmt_cp_pair_device *cp = data;
1425acb7 2281 struct mgmt_rp_pair_device rp;
e9a416b5
JH		 2282 struct pending_cmd *cmd;
2283 u8 sec_level, auth_type;
2284 struct hci_conn *conn;
e9a416b5
JH		 2285 int err;
2286
2287 BT_DBG("");
2288
f950a30e
SJ		 2289 memset(&rp, 0, sizeof(rp));
2290 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2291 rp.addr.type = cp->addr.type;
2292
4ee71b20
JH		 2293 if (!bdaddr_type_is_valid(cp->addr.type))
2294 return cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2295 MGMT_STATUS_INVALID_PARAMS,
2296 &rp, sizeof(rp));
2297
09fd0de5 2298 hci_dev_lock(hdev);
e9a416b5 2299
5f97c1df 2300 if (!hdev_is_powered(hdev)) {
f950a30e
SJ		 2301 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2302 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
5f97c1df
JH		 2303 goto unlock;
2304 }
2305
c908df36
VCG		 2306 sec_level = BT_SECURITY_MEDIUM;
2307 if (cp->io_cap == 0x03)
e9a416b5 2308 auth_type = HCI_AT_DEDICATED_BONDING;
c908df36 2309 else
e9a416b5 2310 auth_type = HCI_AT_DEDICATED_BONDING_MITM;
e9a416b5 2311
591f47f3 2312 if (cp->addr.type == BDADDR_BREDR)
b12f62cf
AG		 2313 conn = hci_connect(hdev, ACL_LINK, &cp->addr.bdaddr,
2314 cp->addr.type, sec_level, auth_type);
7a512d01 2315 else
b12f62cf
AG		 2316 conn = hci_connect(hdev, LE_LINK, &cp->addr.bdaddr,
2317 cp->addr.type, sec_level, auth_type);
7a512d01 2318
30e76272 2319 if (IS_ERR(conn)) {
489dc48e
AK		 2320 int status;
2321
2322 if (PTR_ERR(conn) == -EBUSY)
2323 status = MGMT_STATUS_BUSY;
2324 else
2325 status = MGMT_STATUS_CONNECT_FAILED;
2326
bdb6d971 2327 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
489dc48e 2328 status, &rp,
04124681 2329 sizeof(rp));
e9a416b5
JH		 2330 goto unlock;
2331 }
2332
2333 if (conn->connect_cfm_cb) {
76a68ba0 2334 hci_conn_drop(conn);
bdb6d971 2335 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
04124681 2336 MGMT_STATUS_BUSY, &rp, sizeof(rp));
e9a416b5
JH		 2337 goto unlock;
2338 }
2339
2e58ef3e 2340 cmd = mgmt_pending_add(sk, MGMT_OP_PAIR_DEVICE, hdev, data, len);
e9a416b5
JH		 2341 if (!cmd) {
2342 err = -ENOMEM;
76a68ba0 2343 hci_conn_drop(conn);
e9a416b5
JH		 2344 goto unlock;
2345 }
2346
7a512d01 2347 /* For LE, just connecting isn't a proof that the pairing finished */
591f47f3 2348 if (cp->addr.type == BDADDR_BREDR)
7a512d01 2349 conn->connect_cfm_cb = pairing_complete_cb;
4c47d739
VA		 2350 else
2351 conn->connect_cfm_cb = le_connect_complete_cb;
7a512d01 2352
e9a416b5
JH		 2353 conn->security_cfm_cb = pairing_complete_cb;
2354 conn->disconn_cfm_cb = pairing_complete_cb;
2355 conn->io_capability = cp->io_cap;
2356 cmd->user_data = conn;
2357
2358 if (conn->state == BT_CONNECTED &&
8ce8e2b5 2359 hci_conn_security(conn, sec_level, auth_type))
e9a416b5
JH		 2360 pairing_complete(cmd, 0);
2361
2362 err = 0;
2363
2364unlock:
09fd0de5 2365 hci_dev_unlock(hdev);
e9a416b5
JH		 2366 return err;
2367}
2368
04124681
GP		 2369static int cancel_pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
2370 u16 len)
28424707 2371{
0f4e68cf 2372 struct mgmt_addr_info *addr = data;
28424707
JH		 2373 struct pending_cmd *cmd;
2374 struct hci_conn *conn;
2375 int err;
2376
2377 BT_DBG("");
2378
28424707
JH		 2379 hci_dev_lock(hdev);
2380
5f97c1df 2381 if (!hdev_is_powered(hdev)) {
bdb6d971 2382 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
04124681 2383 MGMT_STATUS_NOT_POWERED);
5f97c1df
JH		 2384 goto unlock;
2385 }
2386
28424707
JH		 2387 cmd = mgmt_pending_find(MGMT_OP_PAIR_DEVICE, hdev);
2388 if (!cmd) {
bdb6d971 2389 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
04124681 2390 MGMT_STATUS_INVALID_PARAMS);
28424707
JH		 2391 goto unlock;
2392 }
2393
2394 conn = cmd->user_data;
2395
2396 if (bacmp(&addr->bdaddr, &conn->dst) != 0) {
bdb6d971 2397 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
04124681 2398 MGMT_STATUS_INVALID_PARAMS);
28424707
JH		 2399 goto unlock;
2400 }
2401
2402 pairing_complete(cmd, MGMT_STATUS_CANCELLED);
2403
bdb6d971 2404 err = cmd_complete(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE, 0,
04124681 2405 addr, sizeof(*addr));
28424707
JH		 2406unlock:
2407 hci_dev_unlock(hdev);
28424707
JH		 2408 return err;
2409}
2410
bdb6d971 2411static int user_pairing_resp(struct sock *sk, struct hci_dev *hdev,
1707c60e 2412 struct mgmt_addr_info *addr, u16 mgmt_op,
04124681 2413 u16 hci_op, __le32 passkey)
a5c29683 2414{
a5c29683 2415 struct pending_cmd *cmd;
0df4c185 2416 struct hci_conn *conn;
a5c29683
JH		 2417 int err;
2418
09fd0de5 2419 hci_dev_lock(hdev);
08ba5382 2420
4b34ee78 2421 if (!hdev_is_powered(hdev)) {
feb94d3d
JH		 2422 err = cmd_complete(sk, hdev->id, mgmt_op,
2423 MGMT_STATUS_NOT_POWERED, addr,
2424 sizeof(*addr));
0df4c185 2425 goto done;
a5c29683
JH		 2426 }
2427
1707c60e
JH		 2428 if (addr->type == BDADDR_BREDR)
2429 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &addr->bdaddr);
272d90df 2430 else
1707c60e 2431 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &addr->bdaddr);
272d90df
JH		 2432
2433 if (!conn) {
feb94d3d
JH		 2434 err = cmd_complete(sk, hdev->id, mgmt_op,
2435 MGMT_STATUS_NOT_CONNECTED, addr,
2436 sizeof(*addr));
272d90df
JH		 2437 goto done;
2438 }
47c15e2b 2439
1707c60e 2440 if (addr->type == BDADDR_LE_PUBLIC || addr->type == BDADDR_LE_RANDOM) {
47c15e2b 2441 /* Continue with pairing via SMP */
5fe57d9e
BG		 2442 err = smp_user_confirm_reply(conn, mgmt_op, passkey);
2443
2444 if (!err)
feb94d3d
JH		 2445 err = cmd_complete(sk, hdev->id, mgmt_op,
2446 MGMT_STATUS_SUCCESS, addr,
2447 sizeof(*addr));
5fe57d9e 2448 else
feb94d3d
JH		 2449 err = cmd_complete(sk, hdev->id, mgmt_op,
2450 MGMT_STATUS_FAILED, addr,
2451 sizeof(*addr));
47c15e2b 2452
47c15e2b
BG		 2453 goto done;
2454 }
2455
1707c60e 2456 cmd = mgmt_pending_add(sk, mgmt_op, hdev, addr, sizeof(*addr));
a5c29683
JH		 2457 if (!cmd) {
2458 err = -ENOMEM;
0df4c185 2459 goto done;
a5c29683
JH		 2460 }
2461
0df4c185 2462 /* Continue with pairing via HCI */
604086b7
BG		 2463 if (hci_op == HCI_OP_USER_PASSKEY_REPLY) {
2464 struct hci_cp_user_passkey_reply cp;
2465
1707c60e 2466 bacpy(&cp.bdaddr, &addr->bdaddr);
604086b7
BG		 2467 cp.passkey = passkey;
2468 err = hci_send_cmd(hdev, hci_op, sizeof(cp), &cp);
2469 } else
1707c60e
JH		 2470 err = hci_send_cmd(hdev, hci_op, sizeof(addr->bdaddr),
2471 &addr->bdaddr);
604086b7 2472
a664b5bc
JH		 2473 if (err < 0)
2474 mgmt_pending_remove(cmd);
a5c29683 2475
0df4c185 2476done:
09fd0de5 2477 hci_dev_unlock(hdev);
a5c29683
JH		 2478 return err;
2479}
2480
afeb019d
JK		 2481static int pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
2482 void *data, u16 len)
2483{
2484 struct mgmt_cp_pin_code_neg_reply *cp = data;
2485
2486 BT_DBG("");
2487
1707c60e 2488 return user_pairing_resp(sk, hdev, &cp->addr,
afeb019d
JK		 2489 MGMT_OP_PIN_CODE_NEG_REPLY,
2490 HCI_OP_PIN_CODE_NEG_REPLY, 0);
2491}
2492
04124681
GP		 2493static int user_confirm_reply(struct sock *sk, struct hci_dev *hdev, void *data,
2494 u16 len)
0df4c185 2495{
650f726d 2496 struct mgmt_cp_user_confirm_reply *cp = data;
0df4c185
BG		 2497
2498 BT_DBG("");
2499
2500 if (len != sizeof(*cp))
bdb6d971 2501 return cmd_status(sk, hdev->id, MGMT_OP_USER_CONFIRM_REPLY,
04124681 2502 MGMT_STATUS_INVALID_PARAMS);
0df4c185 2503
1707c60e 2504 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 2505 MGMT_OP_USER_CONFIRM_REPLY,
2506 HCI_OP_USER_CONFIRM_REPLY, 0);
0df4c185
BG		 2507}
2508
bdb6d971 2509static int user_confirm_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 2510 void *data, u16 len)
0df4c185 2511{
c9c2659f 2512 struct mgmt_cp_user_confirm_neg_reply *cp = data;
0df4c185
BG		 2513
2514 BT_DBG("");
2515
1707c60e 2516 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 2517 MGMT_OP_USER_CONFIRM_NEG_REPLY,
2518 HCI_OP_USER_CONFIRM_NEG_REPLY, 0);
0df4c185
BG		 2519}
2520
04124681
GP		 2521static int user_passkey_reply(struct sock *sk, struct hci_dev *hdev, void *data,
2522 u16 len)
604086b7 2523{
650f726d 2524 struct mgmt_cp_user_passkey_reply *cp = data;
604086b7
BG		 2525
2526 BT_DBG("");
2527
1707c60e 2528 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 2529 MGMT_OP_USER_PASSKEY_REPLY,
2530 HCI_OP_USER_PASSKEY_REPLY, cp->passkey);
604086b7
BG		 2531}
2532
bdb6d971 2533static int user_passkey_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 2534 void *data, u16 len)
604086b7 2535{
650f726d 2536 struct mgmt_cp_user_passkey_neg_reply *cp = data;
604086b7
BG		 2537
2538 BT_DBG("");
2539
1707c60e 2540 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 2541 MGMT_OP_USER_PASSKEY_NEG_REPLY,
2542 HCI_OP_USER_PASSKEY_NEG_REPLY, 0);
604086b7
BG		 2543}
2544
13928971 2545static void update_name(struct hci_request *req)
2b4bf397 2546{
13928971 2547 struct hci_dev *hdev = req->hdev;
2b4bf397
JH		 2548 struct hci_cp_write_local_name cp;
2549
13928971 2550 memcpy(cp.name, hdev->dev_name, sizeof(cp.name));
2b4bf397 2551
890ea898 2552 hci_req_add(req, HCI_OP_WRITE_LOCAL_NAME, sizeof(cp), &cp);
2b4bf397
JH		 2553}
2554
13928971
JH		 2555static void set_name_complete(struct hci_dev *hdev, u8 status)
2556{
2557 struct mgmt_cp_set_local_name *cp;
2558 struct pending_cmd *cmd;
2559
2560 BT_DBG("status 0x%02x", status);
2561
2562 hci_dev_lock(hdev);
2563
2564 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
2565 if (!cmd)
2566 goto unlock;
2567
2568 cp = cmd->param;
2569
2570 if (status)
2571 cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME,
2572 mgmt_status(status));
2573 else
2574 cmd_complete(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
2575 cp, sizeof(*cp));
2576
2577 mgmt_pending_remove(cmd);
2578
2579unlock:
2580 hci_dev_unlock(hdev);
2581}
2582
bdb6d971 2583static int set_local_name(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2584 u16 len)
b312b161 2585{
2b4bf397 2586 struct mgmt_cp_set_local_name *cp = data;
b312b161 2587 struct pending_cmd *cmd;
890ea898 2588 struct hci_request req;
b312b161
JH		 2589 int err;
2590
2591 BT_DBG("");
2592
09fd0de5 2593 hci_dev_lock(hdev);
b312b161 2594
b3f2ca94
JH		 2595 /* If the old values are the same as the new ones just return a
2596 * direct command complete event.
2597 */
2598 if (!memcmp(hdev->dev_name, cp->name, sizeof(hdev->dev_name)) &&
2599 !memcmp(hdev->short_name, cp->short_name,
2600 sizeof(hdev->short_name))) {
2601 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
2602 data, len);
2603 goto failed;
2604 }
2605
2b4bf397 2606 memcpy(hdev->short_name, cp->short_name, sizeof(hdev->short_name));
28cc7bde 2607
b5235a65 2608 if (!hdev_is_powered(hdev)) {
2b4bf397 2609 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
28cc7bde
JH		 2610
2611 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
04124681 2612 data, len);
28cc7bde
JH		 2613 if (err < 0)
2614 goto failed;
2615
2616 err = mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, data, len,
04124681 2617 sk);
28cc7bde 2618
b5235a65
JH		 2619 goto failed;
2620 }
2621
28cc7bde 2622 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LOCAL_NAME, hdev, data, len);
b312b161
JH		 2623 if (!cmd) {
2624 err = -ENOMEM;
2625 goto failed;
2626 }
2627
13928971
JH		 2628 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
2629
890ea898 2630 hci_req_init(&req, hdev);
3f985050
JH		 2631
2632 if (lmp_bredr_capable(hdev)) {
2633 update_name(&req);
2634 update_eir(&req);
2635 }
2636
2637 if (lmp_le_capable(hdev))
2638 hci_update_ad(&req);
2639
13928971 2640 err = hci_req_run(&req, set_name_complete);
b312b161
JH		 2641 if (err < 0)
2642 mgmt_pending_remove(cmd);
2643
2644failed:
09fd0de5 2645 hci_dev_unlock(hdev);
b312b161
JH		 2646 return err;
2647}
2648
0f4e68cf 2649static int read_local_oob_data(struct sock *sk, struct hci_dev *hdev,
04124681 2650 void *data, u16 data_len)
c35938b2 2651{
c35938b2
SJ		 2652 struct pending_cmd *cmd;
2653 int err;
2654
bdb6d971 2655 BT_DBG("%s", hdev->name);
c35938b2 2656
09fd0de5 2657 hci_dev_lock(hdev);
c35938b2 2658
4b34ee78 2659 if (!hdev_is_powered(hdev)) {
bdb6d971 2660 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
04124681 2661 MGMT_STATUS_NOT_POWERED);
c35938b2
SJ		 2662 goto unlock;
2663 }
2664
9a1a1996 2665 if (!lmp_ssp_capable(hdev)) {
bdb6d971 2666 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
04124681 2667 MGMT_STATUS_NOT_SUPPORTED);
c35938b2
SJ		 2668 goto unlock;
2669 }
2670
2e58ef3e 2671 if (mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev)) {
bdb6d971 2672 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
04124681 2673 MGMT_STATUS_BUSY);
c35938b2
SJ		 2674 goto unlock;
2675 }
2676
2e58ef3e 2677 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_DATA, hdev, NULL, 0);
c35938b2
SJ		 2678 if (!cmd) {
2679 err = -ENOMEM;
2680 goto unlock;
2681 }
2682
2683 err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL);
2684 if (err < 0)
2685 mgmt_pending_remove(cmd);
2686
2687unlock:
09fd0de5 2688 hci_dev_unlock(hdev);
c35938b2
SJ		 2689 return err;
2690}
2691
bdb6d971 2692static int add_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
04124681 2693 void *data, u16 len)
2763eda6 2694{
650f726d 2695 struct mgmt_cp_add_remote_oob_data *cp = data;
bf1e3541 2696 u8 status;
2763eda6
SJ		 2697 int err;
2698
bdb6d971 2699 BT_DBG("%s ", hdev->name);
2763eda6 2700
09fd0de5 2701 hci_dev_lock(hdev);
2763eda6 2702
664ce4cc 2703 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr, cp->hash,
04124681 2704 cp->randomizer);
2763eda6 2705 if (err < 0)
bf1e3541 2706 status = MGMT_STATUS_FAILED;
2763eda6 2707 else
a6785be2 2708 status = MGMT_STATUS_SUCCESS;
bf1e3541 2709
bdb6d971 2710 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA, status,
04124681 2711 &cp->addr, sizeof(cp->addr));
2763eda6 2712
09fd0de5 2713 hci_dev_unlock(hdev);
2763eda6
SJ		 2714 return err;
2715}
2716
bdb6d971 2717static int remove_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
8ce8e2b5 2718 void *data, u16 len)
2763eda6 2719{
650f726d 2720 struct mgmt_cp_remove_remote_oob_data *cp = data;
bf1e3541 2721 u8 status;
2763eda6
SJ		 2722 int err;
2723
bdb6d971 2724 BT_DBG("%s", hdev->name);
2763eda6 2725
09fd0de5 2726 hci_dev_lock(hdev);
2763eda6 2727
664ce4cc 2728 err = hci_remove_remote_oob_data(hdev, &cp->addr.bdaddr);
2763eda6 2729 if (err < 0)
bf1e3541 2730 status = MGMT_STATUS_INVALID_PARAMS;
2763eda6 2731 else
a6785be2 2732 status = MGMT_STATUS_SUCCESS;
bf1e3541 2733
bdb6d971 2734 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
04124681 2735 status, &cp->addr, sizeof(cp->addr));
2763eda6 2736
09fd0de5 2737 hci_dev_unlock(hdev);
2763eda6
SJ		 2738 return err;
2739}
2740
41dc2bd6
AG		 2741static int mgmt_start_discovery_failed(struct hci_dev *hdev, u8 status)
2742{
2743 struct pending_cmd *cmd;
2744 u8 type;
2745 int err;
2746
2747 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
2748
2749 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
2750 if (!cmd)
2751 return -ENOENT;
2752
2753 type = hdev->discovery.type;
2754
2755 err = cmd_complete(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status),
2756 &type, sizeof(type));
2757 mgmt_pending_remove(cmd);
2758
2759 return err;
2760}
2761
7c307720
AG		 2762static void start_discovery_complete(struct hci_dev *hdev, u8 status)
2763{
2764 BT_DBG("status %d", status);
2765
2766 if (status) {
2767 hci_dev_lock(hdev);
2768 mgmt_start_discovery_failed(hdev, status);
2769 hci_dev_unlock(hdev);
2770 return;
2771 }
2772
2773 hci_dev_lock(hdev);
2774 hci_discovery_set_state(hdev, DISCOVERY_FINDING);
2775 hci_dev_unlock(hdev);
2776
2777 switch (hdev->discovery.type) {
2778 case DISCOV_TYPE_LE:
2779 queue_delayed_work(hdev->workqueue, &hdev->le_scan_disable,
0d8cc935 2780 DISCOV_LE_TIMEOUT);
7c307720
AG		 2781 break;
2782
2783 case DISCOV_TYPE_INTERLEAVED:
2784 queue_delayed_work(hdev->workqueue, &hdev->le_scan_disable,
0d8cc935 2785 DISCOV_INTERLEAVED_TIMEOUT);
7c307720
AG		 2786 break;
2787
2788 case DISCOV_TYPE_BREDR:
2789 break;
2790
2791 default:
2792 BT_ERR("Invalid discovery type %d", hdev->discovery.type);
2793 }
2794}
2795
bdb6d971 2796static int start_discovery(struct sock *sk, struct hci_dev *hdev,
04124681 2797 void *data, u16 len)
14a53664 2798{
650f726d 2799 struct mgmt_cp_start_discovery *cp = data;
14a53664 2800 struct pending_cmd *cmd;
7c307720
AG		 2801 struct hci_cp_le_set_scan_param param_cp;
2802 struct hci_cp_le_set_scan_enable enable_cp;
2803 struct hci_cp_inquiry inq_cp;
2804 struct hci_request req;
2805 /* General inquiry access code (GIAC) */
2806 u8 lap[3] = { 0x33, 0x8b, 0x9e };
e6fe7986 2807 u8 status;
14a53664
JH		 2808 int err;
2809
bdb6d971 2810 BT_DBG("%s", hdev->name);
14a53664 2811
09fd0de5 2812 hci_dev_lock(hdev);
14a53664 2813
4b34ee78 2814 if (!hdev_is_powered(hdev)) {
bdb6d971 2815 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
04124681 2816 MGMT_STATUS_NOT_POWERED);
bd2d1334
JH		 2817 goto failed;
2818 }
2819
642be6c7
AG		 2820 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags)) {
2821 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2822 MGMT_STATUS_BUSY);
2823 goto failed;
2824 }
2825
ff9ef578 2826 if (hdev->discovery.state != DISCOVERY_STOPPED) {
bdb6d971 2827 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
04124681 2828 MGMT_STATUS_BUSY);
ff9ef578
JH		 2829 goto failed;
2830 }
2831
2e58ef3e 2832 cmd = mgmt_pending_add(sk, MGMT_OP_START_DISCOVERY, hdev, NULL, 0);
14a53664
JH		 2833 if (!cmd) {
2834 err = -ENOMEM;
2835 goto failed;
2836 }
2837
4aab14e5
AG		 2838 hdev->discovery.type = cp->type;
2839
7c307720
AG		 2840 hci_req_init(&req, hdev);
2841
4aab14e5 2842 switch (hdev->discovery.type) {
f39799f5 2843 case DISCOV_TYPE_BREDR:
e6fe7986
JH		 2844 status = mgmt_bredr_support(hdev);
2845 if (status) {
04106755 2846 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
e6fe7986 2847 status);
04106755
JH		 2848 mgmt_pending_remove(cmd);
2849 goto failed;
2850 }
2851
7c307720
AG		 2852 if (test_bit(HCI_INQUIRY, &hdev->flags)) {
2853 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2854 MGMT_STATUS_BUSY);
2855 mgmt_pending_remove(cmd);
2856 goto failed;
2857 }
2858
2859 hci_inquiry_cache_flush(hdev);
2860
2861 memset(&inq_cp, 0, sizeof(inq_cp));
2862 memcpy(&inq_cp.lap, lap, sizeof(inq_cp.lap));
0d8cc935 2863 inq_cp.length = DISCOV_BREDR_INQUIRY_LEN;
7c307720 2864 hci_req_add(&req, HCI_OP_INQUIRY, sizeof(inq_cp), &inq_cp);
f39799f5
AG		 2865 break;
2866
2867 case DISCOV_TYPE_LE:
7c307720 2868 case DISCOV_TYPE_INTERLEAVED:
e6fe7986
JH		 2869 status = mgmt_le_support(hdev);
2870 if (status) {
04106755 2871 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
e6fe7986 2872 status);
04106755
JH		 2873 mgmt_pending_remove(cmd);
2874 goto failed;
2875 }
2876
7c307720 2877 if (hdev->discovery.type == DISCOV_TYPE_INTERLEAVED &&
56f87901 2878 !test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
04106755
JH		 2879 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2880 MGMT_STATUS_NOT_SUPPORTED);
2881 mgmt_pending_remove(cmd);
2882 goto failed;
2883 }
2884
7c307720
AG		 2885 if (test_bit(HCI_LE_PERIPHERAL, &hdev->dev_flags)) {
2886 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2887 MGMT_STATUS_REJECTED);
2888 mgmt_pending_remove(cmd);
2889 goto failed;
2890 }
2891
2892 if (test_bit(HCI_LE_SCAN, &hdev->dev_flags)) {
2893 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2894 MGMT_STATUS_BUSY);
2895 mgmt_pending_remove(cmd);
2896 goto failed;
2897 }
2898
2899 memset(&param_cp, 0, sizeof(param_cp));
2900 param_cp.type = LE_SCAN_ACTIVE;
0d8cc935
AG		 2901 param_cp.interval = cpu_to_le16(DISCOV_LE_SCAN_INT);
2902 param_cp.window = cpu_to_le16(DISCOV_LE_SCAN_WIN);
7c307720
AG		 2903 hci_req_add(&req, HCI_OP_LE_SET_SCAN_PARAM, sizeof(param_cp),
2904 &param_cp);
2905
2906 memset(&enable_cp, 0, sizeof(enable_cp));
2907 enable_cp.enable = LE_SCAN_ENABLE;
2908 enable_cp.filter_dup = LE_SCAN_FILTER_DUP_ENABLE;
2909 hci_req_add(&req, HCI_OP_LE_SET_SCAN_ENABLE, sizeof(enable_cp),
2910 &enable_cp);
5e0452c0
AG		 2911 break;
2912
f39799f5 2913 default:
04106755
JH		 2914 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2915 MGMT_STATUS_INVALID_PARAMS);
2916 mgmt_pending_remove(cmd);
2917 goto failed;
f39799f5 2918 }
3fd24153 2919
7c307720 2920 err = hci_req_run(&req, start_discovery_complete);
14a53664
JH		 2921 if (err < 0)
2922 mgmt_pending_remove(cmd);
ff9ef578
JH		 2923 else
2924 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
14a53664
JH		 2925
2926failed:
09fd0de5 2927 hci_dev_unlock(hdev);
14a53664
JH		 2928 return err;
2929}
2930
1183fdca
AG		 2931static int mgmt_stop_discovery_failed(struct hci_dev *hdev, u8 status)
2932{
2933 struct pending_cmd *cmd;
2934 int err;
2935
2936 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
2937 if (!cmd)
2938 return -ENOENT;
2939
2940 err = cmd_complete(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status),
2941 &hdev->discovery.type, sizeof(hdev->discovery.type));
2942 mgmt_pending_remove(cmd);
2943
2944 return err;
2945}
2946
0e05bba6
AG		 2947static void stop_discovery_complete(struct hci_dev *hdev, u8 status)
2948{
2949 BT_DBG("status %d", status);
2950
2951 hci_dev_lock(hdev);
2952
2953 if (status) {
2954 mgmt_stop_discovery_failed(hdev, status);
2955 goto unlock;
2956 }
2957
2958 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
2959
2960unlock:
2961 hci_dev_unlock(hdev);
2962}
2963
bdb6d971 2964static int stop_discovery(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2965 u16 len)
14a53664 2966{
d930650b 2967 struct mgmt_cp_stop_discovery *mgmt_cp = data;
14a53664 2968 struct pending_cmd *cmd;
30dc78e1
JH		 2969 struct hci_cp_remote_name_req_cancel cp;
2970 struct inquiry_entry *e;
0e05bba6
AG		 2971 struct hci_request req;
2972 struct hci_cp_le_set_scan_enable enable_cp;
14a53664
JH		 2973 int err;
2974
bdb6d971 2975 BT_DBG("%s", hdev->name);
14a53664 2976
09fd0de5 2977 hci_dev_lock(hdev);
14a53664 2978
30dc78e1 2979 if (!hci_discovery_active(hdev)) {
bdb6d971 2980 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
04124681
GP		 2981 MGMT_STATUS_REJECTED, &mgmt_cp->type,
2982 sizeof(mgmt_cp->type));
d930650b
JH		 2983 goto unlock;
2984 }
2985
2986 if (hdev->discovery.type != mgmt_cp->type) {
bdb6d971 2987 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
04124681
GP		 2988 MGMT_STATUS_INVALID_PARAMS, &mgmt_cp->type,
2989 sizeof(mgmt_cp->type));
30dc78e1 2990 goto unlock;
ff9ef578
JH		 2991 }
2992
2e58ef3e 2993 cmd = mgmt_pending_add(sk, MGMT_OP_STOP_DISCOVERY, hdev, NULL, 0);
14a53664
JH		 2994 if (!cmd) {
2995 err = -ENOMEM;
30dc78e1
JH		 2996 goto unlock;
2997 }
2998
0e05bba6
AG		 2999 hci_req_init(&req, hdev);
3000
e0d9727e
AG		 3001 switch (hdev->discovery.state) {
3002 case DISCOVERY_FINDING:
0e05bba6
AG		 3003 if (test_bit(HCI_INQUIRY, &hdev->flags)) {
3004 hci_req_add(&req, HCI_OP_INQUIRY_CANCEL, 0, NULL);
3005 } else {
3006 cancel_delayed_work(&hdev->le_scan_disable);
3007
3008 memset(&enable_cp, 0, sizeof(enable_cp));
3009 enable_cp.enable = LE_SCAN_DISABLE;
3010 hci_req_add(&req, HCI_OP_LE_SET_SCAN_ENABLE,
3011 sizeof(enable_cp), &enable_cp);
3012 }
c9ecc48e 3013
e0d9727e
AG		 3014 break;
3015
3016 case DISCOVERY_RESOLVING:
3017 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY,
8ce8e2b5 3018 NAME_PENDING);
e0d9727e 3019 if (!e) {
30dc78e1 3020 mgmt_pending_remove(cmd);
e0d9727e
AG		 3021 err = cmd_complete(sk, hdev->id,
3022 MGMT_OP_STOP_DISCOVERY, 0,
3023 &mgmt_cp->type,
3024 sizeof(mgmt_cp->type));
3025 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
3026 goto unlock;
3027 }
30dc78e1 3028
e0d9727e 3029 bacpy(&cp.bdaddr, &e->data.bdaddr);
0e05bba6
AG		 3030 hci_req_add(&req, HCI_OP_REMOTE_NAME_REQ_CANCEL, sizeof(cp),
3031 &cp);
e0d9727e
AG		 3032
3033 break;
3034
3035 default:
3036 BT_DBG("unknown discovery state %u", hdev->discovery.state);
0e05bba6
AG		 3037
3038 mgmt_pending_remove(cmd);
3039 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
3040 MGMT_STATUS_FAILED, &mgmt_cp->type,
3041 sizeof(mgmt_cp->type));
3042 goto unlock;
14a53664
JH		 3043 }
3044
0e05bba6 3045 err = hci_req_run(&req, stop_discovery_complete);
14a53664
JH		 3046 if (err < 0)
3047 mgmt_pending_remove(cmd);
ff9ef578
JH		 3048 else
3049 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
14a53664 3050
30dc78e1 3051unlock:
09fd0de5 3052 hci_dev_unlock(hdev);
14a53664
JH		 3053 return err;
3054}
3055
bdb6d971 3056static int confirm_name(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3057 u16 len)
561aafbc 3058{
650f726d 3059 struct mgmt_cp_confirm_name *cp = data;
561aafbc 3060 struct inquiry_entry *e;
561aafbc
JH		 3061 int err;
3062
bdb6d971 3063 BT_DBG("%s", hdev->name);
561aafbc 3064
561aafbc
JH		 3065 hci_dev_lock(hdev);
3066
30dc78e1 3067 if (!hci_discovery_active(hdev)) {
bdb6d971 3068 err = cmd_status(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
04124681 3069 MGMT_STATUS_FAILED);
30dc78e1
JH		 3070 goto failed;
3071 }
3072
a198e7b1 3073 e = hci_inquiry_cache_lookup_unknown(hdev, &cp->addr.bdaddr);
561aafbc 3074 if (!e) {
bdb6d971 3075 err = cmd_status(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
04124681 3076 MGMT_STATUS_INVALID_PARAMS);
561aafbc
JH		 3077 goto failed;
3078 }
3079
3080 if (cp->name_known) {
3081 e->name_state = NAME_KNOWN;
3082 list_del(&e->list);
3083 } else {
3084 e->name_state = NAME_NEEDED;
a3d4e20a 3085 hci_inquiry_cache_update_resolve(hdev, e);
561aafbc
JH		 3086 }
3087
e384662b
JH		 3088 err = cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME, 0, &cp->addr,
3089 sizeof(cp->addr));
561aafbc
JH		 3090
3091failed:
3092 hci_dev_unlock(hdev);
561aafbc
JH		 3093 return err;
3094}
3095
bdb6d971 3096static int block_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3097 u16 len)
7fbec224 3098{
650f726d 3099 struct mgmt_cp_block_device *cp = data;
f0eeea8b 3100 u8 status;
7fbec224
AJ		 3101 int err;
3102
bdb6d971 3103 BT_DBG("%s", hdev->name);
7fbec224 3104
4ee71b20 3105 if (!bdaddr_type_is_valid(cp->addr.type))
5d0846d4
JH		 3106 return cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE,
3107 MGMT_STATUS_INVALID_PARAMS,
3108 &cp->addr, sizeof(cp->addr));
4ee71b20 3109
09fd0de5 3110 hci_dev_lock(hdev);
5e762444 3111
88c1fe4b 3112 err = hci_blacklist_add(hdev, &cp->addr.bdaddr, cp->addr.type);
7fbec224 3113 if (err < 0)
f0eeea8b 3114 status = MGMT_STATUS_FAILED;
7fbec224 3115 else
a6785be2 3116 status = MGMT_STATUS_SUCCESS;
f0eeea8b 3117
bdb6d971 3118 err = cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE, status,
04124681 3119 &cp->addr, sizeof(cp->addr));
5e762444 3120
09fd0de5 3121 hci_dev_unlock(hdev);
7fbec224
AJ		 3122
3123 return err;
3124}
3125
bdb6d971 3126static int unblock_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3127 u16 len)
7fbec224 3128{
650f726d 3129 struct mgmt_cp_unblock_device *cp = data;
f0eeea8b 3130 u8 status;
7fbec224
AJ		 3131 int err;
3132
bdb6d971 3133 BT_DBG("%s", hdev->name);
7fbec224 3134
4ee71b20 3135 if (!bdaddr_type_is_valid(cp->addr.type))
5d0846d4
JH		 3136 return cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE,
3137 MGMT_STATUS_INVALID_PARAMS,
3138 &cp->addr, sizeof(cp->addr));
4ee71b20 3139
09fd0de5 3140 hci_dev_lock(hdev);
5e762444 3141
88c1fe4b 3142 err = hci_blacklist_del(hdev, &cp->addr.bdaddr, cp->addr.type);
7fbec224 3143 if (err < 0)
f0eeea8b 3144 status = MGMT_STATUS_INVALID_PARAMS;
7fbec224 3145 else
a6785be2 3146 status = MGMT_STATUS_SUCCESS;
f0eeea8b 3147
bdb6d971 3148 err = cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE, status,
04124681 3149 &cp->addr, sizeof(cp->addr));
5e762444 3150
09fd0de5 3151 hci_dev_unlock(hdev);
7fbec224
AJ		 3152
3153 return err;
3154}
3155
cdbaccca
MH		 3156static int set_device_id(struct sock *sk, struct hci_dev *hdev, void *data,
3157 u16 len)
3158{
3159 struct mgmt_cp_set_device_id *cp = data;
890ea898 3160 struct hci_request req;
cdbaccca 3161 int err;
c72d4b8a 3162 __u16 source;
cdbaccca
MH		 3163
3164 BT_DBG("%s", hdev->name);
3165
c72d4b8a
SJ		 3166 source = __le16_to_cpu(cp->source);
3167
3168 if (source > 0x0002)
3169 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEVICE_ID,
3170 MGMT_STATUS_INVALID_PARAMS);
3171
cdbaccca
MH		 3172 hci_dev_lock(hdev);
3173
c72d4b8a 3174 hdev->devid_source = source;
cdbaccca
MH		 3175 hdev->devid_vendor = __le16_to_cpu(cp->vendor);
3176 hdev->devid_product = __le16_to_cpu(cp->product);
3177 hdev->devid_version = __le16_to_cpu(cp->version);
3178
3179 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEVICE_ID, 0, NULL, 0);
3180
890ea898
JH		 3181 hci_req_init(&req, hdev);
3182 update_eir(&req);
3183 hci_req_run(&req, NULL);
cdbaccca
MH		 3184
3185 hci_dev_unlock(hdev);
3186
3187 return err;
3188}
3189
4375f103
JH		 3190static void set_advertising_complete(struct hci_dev *hdev, u8 status)
3191{
3192 struct cmd_lookup match = { NULL, hdev };
3193
3194 if (status) {
3195 u8 mgmt_err = mgmt_status(status);
3196
3197 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev,
3198 cmd_status_rsp, &mgmt_err);
3199 return;
3200 }
3201
3202 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev, settings_rsp,
3203 &match);
3204
3205 new_settings(hdev, match.sk);
3206
3207 if (match.sk)
3208 sock_put(match.sk);
3209}
3210
3211static int set_advertising(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
3212{
3213 struct mgmt_mode *cp = data;
3214 struct pending_cmd *cmd;
3215 struct hci_request req;
e6fe7986 3216 u8 val, enabled, status;
4375f103
JH		 3217 int err;
3218
3219 BT_DBG("request for %s", hdev->name);
3220
e6fe7986
JH		 3221 status = mgmt_le_support(hdev);
3222 if (status)
4375f103 3223 return cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
e6fe7986 3224 status);
4375f103
JH		 3225
3226 if (cp->val != 0x00 && cp->val != 0x01)
3227 return cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
3228 MGMT_STATUS_INVALID_PARAMS);
3229
3230 hci_dev_lock(hdev);
3231
3232 val = !!cp->val;
3233 enabled = test_bit(HCI_LE_PERIPHERAL, &hdev->dev_flags);
3234
3235 if (!hdev_is_powered(hdev) || val == enabled) {
3236 bool changed = false;
3237
3238 if (val != test_bit(HCI_LE_PERIPHERAL, &hdev->dev_flags)) {
3239 change_bit(HCI_LE_PERIPHERAL, &hdev->dev_flags);
3240 changed = true;
3241 }
3242
3243 err = send_settings_rsp(sk, MGMT_OP_SET_ADVERTISING, hdev);
3244 if (err < 0)
3245 goto unlock;
3246
3247 if (changed)
3248 err = new_settings(hdev, sk);
3249
3250 goto unlock;
3251 }
3252
3253 if (mgmt_pending_find(MGMT_OP_SET_ADVERTISING, hdev) ||
3254 mgmt_pending_find(MGMT_OP_SET_LE, hdev)) {
3255 err = cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
3256 MGMT_STATUS_BUSY);
3257 goto unlock;
3258 }
3259
3260 cmd = mgmt_pending_add(sk, MGMT_OP_SET_ADVERTISING, hdev, data, len);
3261 if (!cmd) {
3262 err = -ENOMEM;
3263 goto unlock;
3264 }
3265
3266 hci_req_init(&req, hdev);
3267
3268 hci_req_add(&req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(val), &val);
3269
3270 err = hci_req_run(&req, set_advertising_complete);
3271 if (err < 0)
3272 mgmt_pending_remove(cmd);
3273
3274unlock:
3275 hci_dev_unlock(hdev);
3276 return err;
3277}
3278
d13eafce
MH		 3279static int set_static_address(struct sock *sk, struct hci_dev *hdev,
3280 void *data, u16 len)
3281{
3282 struct mgmt_cp_set_static_address *cp = data;
3283 int err;
3284
3285 BT_DBG("%s", hdev->name);
3286
62af4443 3287 if (!lmp_le_capable(hdev))
d13eafce 3288 return cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
62af4443 3289 MGMT_STATUS_NOT_SUPPORTED);
d13eafce
MH		 3290
3291 if (hdev_is_powered(hdev))
3292 return cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
3293 MGMT_STATUS_REJECTED);
3294
3295 if (bacmp(&cp->bdaddr, BDADDR_ANY)) {
3296 if (!bacmp(&cp->bdaddr, BDADDR_NONE))
3297 return cmd_status(sk, hdev->id,
3298 MGMT_OP_SET_STATIC_ADDRESS,
3299 MGMT_STATUS_INVALID_PARAMS);
3300
3301 /* Two most significant bits shall be set */
3302 if ((cp->bdaddr.b[5] & 0xc0) != 0xc0)
3303 return cmd_status(sk, hdev->id,
3304 MGMT_OP_SET_STATIC_ADDRESS,
3305 MGMT_STATUS_INVALID_PARAMS);
3306 }
3307
3308 hci_dev_lock(hdev);
3309
3310 bacpy(&hdev->static_addr, &cp->bdaddr);
3311
3312 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS, 0, NULL, 0);
3313
3314 hci_dev_unlock(hdev);
3315
3316 return err;
3317}
3318
33e38b3e
JH		 3319static void fast_connectable_complete(struct hci_dev *hdev, u8 status)
3320{
3321 struct pending_cmd *cmd;
3322
3323 BT_DBG("status 0x%02x", status);
3324
3325 hci_dev_lock(hdev);
3326
3327 cmd = mgmt_pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev);
3328 if (!cmd)
3329 goto unlock;
3330
3331 if (status) {
3332 cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
3333 mgmt_status(status));
3334 } else {
1a4d3c4b
JH		 3335 struct mgmt_mode *cp = cmd->param;
3336
3337 if (cp->val)
3338 set_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
3339 else
3340 clear_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
3341
33e38b3e
JH		 3342 send_settings_rsp(cmd->sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev);
3343 new_settings(hdev, cmd->sk);
3344 }
3345
3346 mgmt_pending_remove(cmd);
3347
3348unlock:
3349 hci_dev_unlock(hdev);
3350}
3351
bdb6d971 3352static int set_fast_connectable(struct sock *sk, struct hci_dev *hdev,
04124681 3353 void *data, u16 len)
f6422ec6 3354{
650f726d 3355 struct mgmt_mode *cp = data;
33e38b3e
JH		 3356 struct pending_cmd *cmd;
3357 struct hci_request req;
f6422ec6
AJ		 3358 int err;
3359
bdb6d971 3360 BT_DBG("%s", hdev->name);
f6422ec6 3361
56f87901
JH		 3362 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags) ||
3363 hdev->hci_ver < BLUETOOTH_VER_1_2)
33c525c0
JH		 3364 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
3365 MGMT_STATUS_NOT_SUPPORTED);
3366
a7e80f25
JH		 3367 if (cp->val != 0x00 && cp->val != 0x01)
3368 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
3369 MGMT_STATUS_INVALID_PARAMS);
3370
5400c044 3371 if (!hdev_is_powered(hdev))
bdb6d971 3372 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
04124681 3373 MGMT_STATUS_NOT_POWERED);
5400c044
JH		 3374
3375 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
bdb6d971 3376 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
04124681 3377 MGMT_STATUS_REJECTED);
f6422ec6
AJ		 3378
3379 hci_dev_lock(hdev);
3380
05cbf29f
JH		 3381 if (mgmt_pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev)) {
3382 err = cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
3383 MGMT_STATUS_BUSY);
3384 goto unlock;
3385 }
3386
1a4d3c4b
JH		 3387 if (!!cp->val == test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags)) {
3388 err = send_settings_rsp(sk, MGMT_OP_SET_FAST_CONNECTABLE,
3389 hdev);
3390 goto unlock;
3391 }
3392
33e38b3e
JH		 3393 cmd = mgmt_pending_add(sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev,
3394 data, len);
3395 if (!cmd) {
3396 err = -ENOMEM;
3397 goto unlock;
f6422ec6
AJ		 3398 }
3399
33e38b3e
JH		 3400 hci_req_init(&req, hdev);
3401
406d7804 3402 write_fast_connectable(&req, cp->val);
33e38b3e
JH		 3403
3404 err = hci_req_run(&req, fast_connectable_complete);
f6422ec6 3405 if (err < 0) {
bdb6d971 3406 err = cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
04124681 3407 MGMT_STATUS_FAILED);
33e38b3e 3408 mgmt_pending_remove(cmd);
f6422ec6
AJ		 3409 }
3410
33e38b3e 3411unlock:
f6422ec6 3412 hci_dev_unlock(hdev);
33e38b3e 3413
f6422ec6
AJ		 3414 return err;
3415}
3416
0663ca2a
JH		 3417static void set_bredr_complete(struct hci_dev *hdev, u8 status)
3418{
3419 struct pending_cmd *cmd;
3420
3421 BT_DBG("status 0x%02x", status);
3422
3423 hci_dev_lock(hdev);
3424
3425 cmd = mgmt_pending_find(MGMT_OP_SET_BREDR, hdev);
3426 if (!cmd)
3427 goto unlock;
3428
3429 if (status) {
3430 u8 mgmt_err = mgmt_status(status);
3431
3432 /* We need to restore the flag if related HCI commands
3433 * failed.
3434 */
3435 clear_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
3436
3437 cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
3438 } else {
3439 send_settings_rsp(cmd->sk, MGMT_OP_SET_BREDR, hdev);
3440 new_settings(hdev, cmd->sk);
3441 }
3442
3443 mgmt_pending_remove(cmd);
3444
3445unlock:
3446 hci_dev_unlock(hdev);
3447}
3448
3449static int set_bredr(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
3450{
3451 struct mgmt_mode *cp = data;
3452 struct pending_cmd *cmd;
3453 struct hci_request req;
3454 int err;
3455
3456 BT_DBG("request for %s", hdev->name);
3457
3458 if (!lmp_bredr_capable(hdev) || !lmp_le_capable(hdev))
3459 return cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
3460 MGMT_STATUS_NOT_SUPPORTED);
3461
3462 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
3463 return cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
3464 MGMT_STATUS_REJECTED);
3465
3466 if (cp->val != 0x00 && cp->val != 0x01)
3467 return cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
3468 MGMT_STATUS_INVALID_PARAMS);
3469
3470 hci_dev_lock(hdev);
3471
3472 if (cp->val == test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
3473 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
3474 goto unlock;
3475 }
3476
3477 if (!hdev_is_powered(hdev)) {
3478 if (!cp->val) {
3479 clear_bit(HCI_CONNECTABLE, &hdev->dev_flags);
3480 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
3481 clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
3482 clear_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
3483 clear_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
3484 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
3485 }
3486
3487 change_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
3488
3489 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
3490 if (err < 0)
3491 goto unlock;
3492
3493 err = new_settings(hdev, sk);
3494 goto unlock;
3495 }
3496
3497 /* Reject disabling when powered on */
3498 if (!cp->val) {
3499 err = cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
3500 MGMT_STATUS_REJECTED);
3501 goto unlock;
3502 }
3503
3504 if (mgmt_pending_find(MGMT_OP_SET_BREDR, hdev)) {
3505 err = cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
3506 MGMT_STATUS_BUSY);
3507 goto unlock;
3508 }
3509
3510 cmd = mgmt_pending_add(sk, MGMT_OP_SET_BREDR, hdev, data, len);
3511 if (!cmd) {
3512 err = -ENOMEM;
3513 goto unlock;
3514 }
3515
3516 /* We need to flip the bit already here so that hci_update_ad
3517 * generates the correct flags.
3518 */
3519 set_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
3520
3521 hci_req_init(&req, hdev);
3522 hci_update_ad(&req);
3523 err = hci_req_run(&req, set_bredr_complete);
3524 if (err < 0)
3525 mgmt_pending_remove(cmd);
3526
3527unlock:
3528 hci_dev_unlock(hdev);
3529 return err;
3530}
3531
3f706b72
JH		 3532static bool ltk_is_valid(struct mgmt_ltk_info *key)
3533{
44b20d33
JH		 3534 if (key->authenticated != 0x00 && key->authenticated != 0x01)
3535 return false;
3f706b72
JH		 3536 if (key->master != 0x00 && key->master != 0x01)
3537 return false;
4ee71b20
JH		 3538 if (!bdaddr_type_is_le(key->addr.type))
3539 return false;
3f706b72
JH		 3540 return true;
3541}
3542
bdb6d971 3543static int load_long_term_keys(struct sock *sk, struct hci_dev *hdev,
04124681 3544 void *cp_data, u16 len)
346af67b 3545{
346af67b
VCG		 3546 struct mgmt_cp_load_long_term_keys *cp = cp_data;
3547 u16 key_count, expected_len;
715a5bf2 3548 int i, err;
346af67b 3549
1f350c87 3550 key_count = __le16_to_cpu(cp->key_count);
346af67b
VCG		 3551
3552 expected_len = sizeof(*cp) + key_count *
3553 sizeof(struct mgmt_ltk_info);
3554 if (expected_len != len) {
3555 BT_ERR("load_keys: expected %u bytes, got %u bytes",
8ce8e2b5 3556 len, expected_len);
bdb6d971 3557 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
e57e619f 3558 MGMT_STATUS_INVALID_PARAMS);
346af67b
VCG		 3559 }
3560
bdb6d971 3561 BT_DBG("%s key_count %u", hdev->name, key_count);
346af67b 3562
54ad6d8a
JH		 3563 for (i = 0; i < key_count; i++) {
3564 struct mgmt_ltk_info *key = &cp->keys[i];
3565
3f706b72 3566 if (!ltk_is_valid(key))
54ad6d8a
JH		 3567 return cmd_status(sk, hdev->id,
3568 MGMT_OP_LOAD_LONG_TERM_KEYS,
3569 MGMT_STATUS_INVALID_PARAMS);
3570 }
3571
346af67b
VCG		 3572 hci_dev_lock(hdev);
3573
3574 hci_smp_ltks_clear(hdev);
3575
3576 for (i = 0; i < key_count; i++) {
3577 struct mgmt_ltk_info *key = &cp->keys[i];
3578 u8 type;
3579
3580 if (key->master)
3581 type = HCI_SMP_LTK;
3582 else
3583 type = HCI_SMP_LTK_SLAVE;
3584
4596fde5 3585 hci_add_ltk(hdev, &key->addr.bdaddr,
378b5b7e 3586 bdaddr_to_le(key->addr.type),
04124681
GP		 3587 type, 0, key->authenticated, key->val,
3588 key->enc_size, key->ediv, key->rand);
346af67b
VCG		 3589 }
3590
715a5bf2
JH		 3591 err = cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS, 0,
3592 NULL, 0);
3593
346af67b 3594 hci_dev_unlock(hdev);
346af67b 3595
715a5bf2 3596 return err;
346af67b
VCG		 3597}
3598
2e3c35ea 3599static const struct mgmt_handler {
04124681
GP		 3600 int (*func) (struct sock *sk, struct hci_dev *hdev, void *data,
3601 u16 data_len);
be22b54e
JH		 3602 bool var_len;
3603 size_t data_len;
0f4e68cf
JH		 3604} mgmt_handlers[] = {
3605 { NULL }, /* 0x0000 (no command) */
be22b54e
JH		 3606 { read_version, false, MGMT_READ_VERSION_SIZE },
3607 { read_commands, false, MGMT_READ_COMMANDS_SIZE },
3608 { read_index_list, false, MGMT_READ_INDEX_LIST_SIZE },
3609 { read_controller_info, false, MGMT_READ_INFO_SIZE },
3610 { set_powered, false, MGMT_SETTING_SIZE },
3611 { set_discoverable, false, MGMT_SET_DISCOVERABLE_SIZE },
3612 { set_connectable, false, MGMT_SETTING_SIZE },
3613 { set_fast_connectable, false, MGMT_SETTING_SIZE },
3614 { set_pairable, false, MGMT_SETTING_SIZE },
3615 { set_link_security, false, MGMT_SETTING_SIZE },
3616 { set_ssp, false, MGMT_SETTING_SIZE },
3617 { set_hs, false, MGMT_SETTING_SIZE },
3618 { set_le, false, MGMT_SETTING_SIZE },
3619 { set_dev_class, false, MGMT_SET_DEV_CLASS_SIZE },
3620 { set_local_name, false, MGMT_SET_LOCAL_NAME_SIZE },
3621 { add_uuid, false, MGMT_ADD_UUID_SIZE },
3622 { remove_uuid, false, MGMT_REMOVE_UUID_SIZE },
3623 { load_link_keys, true, MGMT_LOAD_LINK_KEYS_SIZE },
3624 { load_long_term_keys, true, MGMT_LOAD_LONG_TERM_KEYS_SIZE },
3625 { disconnect, false, MGMT_DISCONNECT_SIZE },
3626 { get_connections, false, MGMT_GET_CONNECTIONS_SIZE },
3627 { pin_code_reply, false, MGMT_PIN_CODE_REPLY_SIZE },
3628 { pin_code_neg_reply, false, MGMT_PIN_CODE_NEG_REPLY_SIZE },
3629 { set_io_capability, false, MGMT_SET_IO_CAPABILITY_SIZE },
3630 { pair_device, false, MGMT_PAIR_DEVICE_SIZE },
3631 { cancel_pair_device, false, MGMT_CANCEL_PAIR_DEVICE_SIZE },
3632 { unpair_device, false, MGMT_UNPAIR_DEVICE_SIZE },
3633 { user_confirm_reply, false, MGMT_USER_CONFIRM_REPLY_SIZE },
3634 { user_confirm_neg_reply, false, MGMT_USER_CONFIRM_NEG_REPLY_SIZE },
3635 { user_passkey_reply, false, MGMT_USER_PASSKEY_REPLY_SIZE },
3636 { user_passkey_neg_reply, false, MGMT_USER_PASSKEY_NEG_REPLY_SIZE },
3637 { read_local_oob_data, false, MGMT_READ_LOCAL_OOB_DATA_SIZE },
3638 { add_remote_oob_data, false, MGMT_ADD_REMOTE_OOB_DATA_SIZE },
3639 { remove_remote_oob_data, false, MGMT_REMOVE_REMOTE_OOB_DATA_SIZE },
3640 { start_discovery, false, MGMT_START_DISCOVERY_SIZE },
3641 { stop_discovery, false, MGMT_STOP_DISCOVERY_SIZE },
3642 { confirm_name, false, MGMT_CONFIRM_NAME_SIZE },
3643 { block_device, false, MGMT_BLOCK_DEVICE_SIZE },
3644 { unblock_device, false, MGMT_UNBLOCK_DEVICE_SIZE },
cdbaccca 3645 { set_device_id, false, MGMT_SET_DEVICE_ID_SIZE },
4375f103 3646 { set_advertising, false, MGMT_SETTING_SIZE },
0663ca2a 3647 { set_bredr, false, MGMT_SETTING_SIZE },
d13eafce 3648 { set_static_address, false, MGMT_SET_STATIC_ADDRESS_SIZE },
0f4e68cf
JH		 3649};
3650
3651
0381101f
JH		 3652int mgmt_control(struct sock *sk, struct msghdr *msg, size_t msglen)
3653{
650f726d
VCG		 3654 void *buf;
3655 u8 *cp;
0381101f 3656 struct mgmt_hdr *hdr;
4e51eae9 3657 u16 opcode, index, len;
bdb6d971 3658 struct hci_dev *hdev = NULL;
2e3c35ea 3659 const struct mgmt_handler *handler;
0381101f
JH		 3660 int err;
3661
3662 BT_DBG("got %zu bytes", msglen);
3663
3664 if (msglen < sizeof(*hdr))
3665 return -EINVAL;
3666
e63a15ec 3667 buf = kmalloc(msglen, GFP_KERNEL);
0381101f
JH		 3668 if (!buf)
3669 return -ENOMEM;
3670
3671 if (memcpy_fromiovec(buf, msg->msg_iov, msglen)) {
3672 err = -EFAULT;
3673 goto done;
3674 }
3675
650f726d 3676 hdr = buf;
1f350c87
MH		 3677 opcode = __le16_to_cpu(hdr->opcode);
3678 index = __le16_to_cpu(hdr->index);
3679 len = __le16_to_cpu(hdr->len);
0381101f
JH		 3680
3681 if (len != msglen - sizeof(*hdr)) {
3682 err = -EINVAL;
3683 goto done;
3684 }
3685
0f4e68cf 3686 if (index != MGMT_INDEX_NONE) {
bdb6d971
JH		 3687 hdev = hci_dev_get(index);
3688 if (!hdev) {
3689 err = cmd_status(sk, index, opcode,
04124681 3690 MGMT_STATUS_INVALID_INDEX);
bdb6d971
JH		 3691 goto done;
3692 }
0736cfa8
MH		 3693
3694 if (test_bit(HCI_USER_CHANNEL, &hdev->dev_flags)) {
3695 err = cmd_status(sk, index, opcode,
3696 MGMT_STATUS_INVALID_INDEX);
3697 goto done;
3698 }
bdb6d971
JH		 3699 }
3700
0f4e68cf 3701 if (opcode >= ARRAY_SIZE(mgmt_handlers) ||
8ce8e2b5 3702 mgmt_handlers[opcode].func == NULL) {
0381101f 3703 BT_DBG("Unknown op %u", opcode);
ca69b795 3704 err = cmd_status(sk, index, opcode,
04124681 3705 MGMT_STATUS_UNKNOWN_COMMAND);
0f4e68cf
JH		 3706 goto done;
3707 }
3708
3709 if ((hdev && opcode < MGMT_OP_READ_INFO) ||
8ce8e2b5 3710 (!hdev && opcode >= MGMT_OP_READ_INFO)) {
0f4e68cf 3711 err = cmd_status(sk, index, opcode,
04124681 3712 MGMT_STATUS_INVALID_INDEX);
0f4e68cf 3713 goto done;
0381101f
JH		 3714 }
3715
be22b54e
JH		 3716 handler = &mgmt_handlers[opcode];
3717
3718 if ((handler->var_len && len < handler->data_len) ||
8ce8e2b5 3719 (!handler->var_len && len != handler->data_len)) {
be22b54e 3720 err = cmd_status(sk, index, opcode,
04124681 3721 MGMT_STATUS_INVALID_PARAMS);
be22b54e
JH		 3722 goto done;
3723 }
3724
0f4e68cf
JH		 3725 if (hdev)
3726 mgmt_init_hdev(sk, hdev);
3727
3728 cp = buf + sizeof(*hdr);
3729
be22b54e 3730 err = handler->func(sk, hdev, cp, len);
e41d8b4e
JH		 3731 if (err < 0)
3732 goto done;
3733
0381101f
JH		 3734 err = msglen;
3735
3736done:
bdb6d971
JH		 3737 if (hdev)
3738 hci_dev_put(hdev);
3739
0381101f
JH		 3740 kfree(buf);
3741 return err;
3742}
c71e97bf 3743
744cf19e 3744int mgmt_index_added(struct hci_dev *hdev)
c71e97bf 3745{
bb4b2a9a
AE		 3746 if (!mgmt_valid_hdev(hdev))
3747 return -ENOTSUPP;
3748
744cf19e 3749 return mgmt_event(MGMT_EV_INDEX_ADDED, hdev, NULL, 0, NULL);
c71e97bf
JH		 3750}
3751
744cf19e 3752int mgmt_index_removed(struct hci_dev *hdev)
c71e97bf 3753{
5f159032 3754 u8 status = MGMT_STATUS_INVALID_INDEX;
b24752fe 3755
bb4b2a9a
AE		 3756 if (!mgmt_valid_hdev(hdev))
3757 return -ENOTSUPP;
3758
744cf19e 3759 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status);
b24752fe 3760
744cf19e 3761 return mgmt_event(MGMT_EV_INDEX_REMOVED, hdev, NULL, 0, NULL);
eec8d2bc
JH		 3762}
3763
890ea898 3764static void set_bredr_scan(struct hci_request *req)
7f0ae647 3765{
890ea898 3766 struct hci_dev *hdev = req->hdev;
7f0ae647
JH		 3767 u8 scan = 0;
3768
4c01f8b8
JH		 3769 /* Ensure that fast connectable is disabled. This function will
3770 * not do anything if the page scan parameters are already what
3771 * they should be.
3772 */
3773 write_fast_connectable(req, false);
3774
7f0ae647
JH		 3775 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
3776 scan |= SCAN_PAGE;
3777 if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
3778 scan |= SCAN_INQUIRY;
3779
890ea898
JH		 3780 if (scan)
3781 hci_req_add(req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
7f0ae647
JH		 3782}
3783
229ab39c
JH		 3784static void powered_complete(struct hci_dev *hdev, u8 status)
3785{
3786 struct cmd_lookup match = { NULL, hdev };
3787
3788 BT_DBG("status 0x%02x", status);
3789
3790 hci_dev_lock(hdev);
3791
3792 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
3793
3794 new_settings(hdev, match.sk);
3795
3796 hci_dev_unlock(hdev);
3797
3798 if (match.sk)
3799 sock_put(match.sk);
3800}
3801
70da6243 3802static int powered_update_hci(struct hci_dev *hdev)
5add6af8 3803{
890ea898 3804 struct hci_request req;
70da6243 3805 u8 link_sec;
5add6af8 3806
890ea898
JH		 3807 hci_req_init(&req, hdev);
3808
70da6243
JH		 3809 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags) &&
3810 !lmp_host_ssp_capable(hdev)) {
3811 u8 ssp = 1;
5e5282bb 3812
890ea898 3813 hci_req_add(&req, HCI_OP_WRITE_SSP_MODE, 1, &ssp);
70da6243 3814 }
5add6af8 3815
c73eee91
JH		 3816 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags) &&
3817 lmp_bredr_capable(hdev)) {
70da6243 3818 struct hci_cp_write_le_host_supported cp;
f0ff92fb 3819
70da6243
JH		 3820 cp.le = 1;
3821 cp.simul = lmp_le_br_capable(hdev);
3d1cbdd6 3822
70da6243
JH		 3823 /* Check first if we already have the right
3824 * host state (host features set)
3825 */
3826 if (cp.le != lmp_host_le_capable(hdev) ||
3827 cp.simul != lmp_host_le_br_capable(hdev))
890ea898
JH		 3828 hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED,
3829 sizeof(cp), &cp);
0663ca2a
JH		 3830
3831 /* In case BR/EDR was toggled during the AUTO_OFF phase */
3832 hci_update_ad(&req);
70da6243 3833 }
3d1cbdd6 3834
d13eafce
MH		 3835 if (lmp_le_capable(hdev)) {
3836 /* Set random address to static address if configured */
3837 if (bacmp(&hdev->static_addr, BDADDR_ANY))
3838 hci_req_add(&req, HCI_OP_LE_SET_RANDOM_ADDR, 6,
3839 &hdev->static_addr);
3840 }
3841
eeca6f89
JH		 3842 if (test_bit(HCI_LE_PERIPHERAL, &hdev->dev_flags)) {
3843 u8 adv = 0x01;
3844
3845 hci_req_add(&req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(adv), &adv);
3846 }
3847
70da6243
JH		 3848 link_sec = test_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
3849 if (link_sec != test_bit(HCI_AUTH, &hdev->flags))
890ea898
JH		 3850 hci_req_add(&req, HCI_OP_WRITE_AUTH_ENABLE,
3851 sizeof(link_sec), &link_sec);
562fcc24 3852
70da6243 3853 if (lmp_bredr_capable(hdev)) {
56f87901
JH		 3854 if (test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
3855 set_bredr_scan(&req);
890ea898 3856 update_class(&req);
13928971 3857 update_name(&req);
890ea898 3858 update_eir(&req);
70da6243 3859 }
562fcc24 3860
229ab39c 3861 return hci_req_run(&req, powered_complete);
70da6243 3862}
562fcc24 3863
70da6243
JH		 3864int mgmt_powered(struct hci_dev *hdev, u8 powered)
3865{
3866 struct cmd_lookup match = { NULL, hdev };
229ab39c
JH		 3867 u8 status_not_powered = MGMT_STATUS_NOT_POWERED;
3868 u8 zero_cod[] = { 0, 0, 0 };
70da6243 3869 int err;
f0ff92fb 3870
70da6243
JH		 3871 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
3872 return 0;
3873
70da6243 3874 if (powered) {
229ab39c
JH		 3875 if (powered_update_hci(hdev) == 0)
3876 return 0;
fe038884 3877
229ab39c
JH		 3878 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp,
3879 &match);
3880 goto new_settings;
b24752fe
JH		 3881 }
3882
229ab39c
JH		 3883 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
3884 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status_not_powered);
3885
3886 if (memcmp(hdev->dev_class, zero_cod, sizeof(zero_cod)) != 0)
3887 mgmt_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev,
3888 zero_cod, sizeof(zero_cod), NULL);
3889
3890new_settings:
beadb2bd 3891 err = new_settings(hdev, match.sk);
eec8d2bc
JH		 3892
3893 if (match.sk)
3894 sock_put(match.sk);
3895
7bb895d6 3896 return err;
5add6af8 3897}
73f22f62 3898
96570ffc
JH		 3899int mgmt_set_powered_failed(struct hci_dev *hdev, int err)
3900{
3901 struct pending_cmd *cmd;
3902 u8 status;
3903
3904 cmd = mgmt_pending_find(MGMT_OP_SET_POWERED, hdev);
3905 if (!cmd)
3906 return -ENOENT;
3907
3908 if (err == -ERFKILL)
3909 status = MGMT_STATUS_RFKILLED;
3910 else
3911 status = MGMT_STATUS_FAILED;
3912
3913 err = cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_POWERED, status);
3914
3915 mgmt_pending_remove(cmd);
3916
3917 return err;
3918}
3919
744cf19e 3920int mgmt_discoverable(struct hci_dev *hdev, u8 discoverable)
73f22f62 3921{
76a7f3a4 3922 struct cmd_lookup match = { NULL, hdev };
5e5282bb
JH		 3923 bool changed = false;
3924 int err = 0;
73f22f62 3925
5e5282bb
JH		 3926 if (discoverable) {
3927 if (!test_and_set_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
3928 changed = true;
3929 } else {
3930 if (test_and_clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
3931 changed = true;
3932 }
73f22f62 3933
ed9b5f2f 3934 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, hdev, settings_rsp,
04124681 3935 &match);
ed9b5f2f 3936
beadb2bd
JH		 3937 if (changed)
3938 err = new_settings(hdev, match.sk);
5e5282bb 3939
73f22f62
JH		 3940 if (match.sk)
3941 sock_put(match.sk);
3942
7bb895d6 3943 return err;
73f22f62 3944}
9fbcbb45 3945
744cf19e 3946int mgmt_connectable(struct hci_dev *hdev, u8 connectable)
9fbcbb45 3947{
2b76f453 3948 struct pending_cmd *cmd;
5e5282bb
JH		 3949 bool changed = false;
3950 int err = 0;
9fbcbb45 3951
5e5282bb
JH		 3952 if (connectable) {
3953 if (!test_and_set_bit(HCI_CONNECTABLE, &hdev->dev_flags))
3954 changed = true;
3955 } else {
3956 if (test_and_clear_bit(HCI_CONNECTABLE, &hdev->dev_flags))
3957 changed = true;
3958 }
9fbcbb45 3959
2b76f453 3960 cmd = mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
ed9b5f2f 3961
beadb2bd 3962 if (changed)
2b76f453 3963 err = new_settings(hdev, cmd ? cmd->sk : NULL);
9fbcbb45 3964
7bb895d6 3965 return err;
9fbcbb45 3966}
55ed8ca1 3967
744cf19e 3968int mgmt_write_scan_failed(struct hci_dev *hdev, u8 scan, u8 status)
2d7cee58 3969{
ca69b795
JH		 3970 u8 mgmt_err = mgmt_status(status);
3971
2d7cee58 3972 if (scan & SCAN_PAGE)
744cf19e 3973 mgmt_pending_foreach(MGMT_OP_SET_CONNECTABLE, hdev,
04124681 3974 cmd_status_rsp, &mgmt_err);
2d7cee58
JH		 3975
3976 if (scan & SCAN_INQUIRY)
744cf19e 3977 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, hdev,
04124681 3978 cmd_status_rsp, &mgmt_err);
2d7cee58
JH		 3979
3980 return 0;
3981}
3982
53168e5b
CC		 3983int mgmt_new_link_key(struct hci_dev *hdev, struct link_key *key,
3984 bool persistent)
55ed8ca1 3985{
86742e1e 3986 struct mgmt_ev_new_link_key ev;
55ed8ca1 3987
a492cd52 3988 memset(&ev, 0, sizeof(ev));
55ed8ca1 3989
a492cd52 3990 ev.store_hint = persistent;
d753fdc4 3991 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
591f47f3 3992 ev.key.addr.type = BDADDR_BREDR;
a492cd52 3993 ev.key.type = key->type;
9b3b4460 3994 memcpy(ev.key.val, key->val, HCI_LINK_KEY_SIZE);
a492cd52 3995 ev.key.pin_len = key->pin_len;
55ed8ca1 3996
744cf19e 3997 return mgmt_event(MGMT_EV_NEW_LINK_KEY, hdev, &ev, sizeof(ev), NULL);
55ed8ca1 3998}
f7520543 3999
346af67b
VCG		 4000int mgmt_new_ltk(struct hci_dev *hdev, struct smp_ltk *key, u8 persistent)
4001{
4002 struct mgmt_ev_new_long_term_key ev;
4003
4004 memset(&ev, 0, sizeof(ev));
4005
4006 ev.store_hint = persistent;
4007 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
57c1477c 4008 ev.key.addr.type = link_to_bdaddr(LE_LINK, key->bdaddr_type);
346af67b
VCG		 4009 ev.key.authenticated = key->authenticated;
4010 ev.key.enc_size = key->enc_size;
4011 ev.key.ediv = key->ediv;
4012
4013 if (key->type == HCI_SMP_LTK)
4014 ev.key.master = 1;
4015
4016 memcpy(ev.key.rand, key->rand, sizeof(key->rand));
4017 memcpy(ev.key.val, key->val, sizeof(key->val));
4018
04124681
GP		 4019 return mgmt_event(MGMT_EV_NEW_LONG_TERM_KEY, hdev, &ev, sizeof(ev),
4020 NULL);
346af67b
VCG		 4021}
4022
afc747a6 4023int mgmt_device_connected(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
04124681
GP		 4024 u8 addr_type, u32 flags, u8 *name, u8 name_len,
4025 u8 *dev_class)
f7520543 4026{
b644ba33
JH		 4027 char buf[512];
4028 struct mgmt_ev_device_connected *ev = (void *) buf;
4029 u16 eir_len = 0;
f7520543 4030
b644ba33 4031 bacpy(&ev->addr.bdaddr, bdaddr);
57c1477c 4032 ev->addr.type = link_to_bdaddr(link_type, addr_type);
f7520543 4033
c95f0ba7 4034 ev->flags = __cpu_to_le32(flags);
08c79b61 4035
b644ba33
JH		 4036 if (name_len > 0)
4037 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE,
04124681 4038 name, name_len);
b644ba33
JH		 4039
4040 if (dev_class && memcmp(dev_class, "\0\0\0", 3) != 0)
53156385 4041 eir_len = eir_append_data(ev->eir, eir_len,
04124681 4042 EIR_CLASS_OF_DEV, dev_class, 3);
b644ba33 4043
eb55ef07 4044 ev->eir_len = cpu_to_le16(eir_len);
b644ba33
JH		 4045
4046 return mgmt_event(MGMT_EV_DEVICE_CONNECTED, hdev, buf,
04124681 4047 sizeof(*ev) + eir_len, NULL);
f7520543
JH		 4048}
4049
8962ee74
JH		 4050static void disconnect_rsp(struct pending_cmd *cmd, void *data)
4051{
c68fb7ff 4052 struct mgmt_cp_disconnect *cp = cmd->param;
8962ee74 4053 struct sock **sk = data;
a38528f1 4054 struct mgmt_rp_disconnect rp;
8962ee74 4055
88c3df13
JH		 4056 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
4057 rp.addr.type = cp->addr.type;
8962ee74 4058
aee9b218 4059 cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT, 0, &rp,
04124681 4060 sizeof(rp));
8962ee74
JH		 4061
4062 *sk = cmd->sk;
4063 sock_hold(*sk);
4064
a664b5bc 4065 mgmt_pending_remove(cmd);
8962ee74
JH		 4066}
4067
124f6e35 4068static void unpair_device_rsp(struct pending_cmd *cmd, void *data)
a8a1d19e 4069{
b1078ad0 4070 struct hci_dev *hdev = data;
124f6e35
JH		 4071 struct mgmt_cp_unpair_device *cp = cmd->param;
4072 struct mgmt_rp_unpair_device rp;
a8a1d19e
JH		 4073
4074 memset(&rp, 0, sizeof(rp));
124f6e35
JH		 4075 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
4076 rp.addr.type = cp->addr.type;
a8a1d19e 4077
b1078ad0
JH		 4078 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, cmd->sk);
4079
aee9b218 4080 cmd_complete(cmd->sk, cmd->index, cmd->opcode, 0, &rp, sizeof(rp));
a8a1d19e
JH		 4081
4082 mgmt_pending_remove(cmd);
4083}
4084
afc747a6 4085int mgmt_device_disconnected(struct hci_dev *hdev, bdaddr_t *bdaddr,
f0d6a0ea 4086 u8 link_type, u8 addr_type, u8 reason)
f7520543 4087{
f0d6a0ea 4088 struct mgmt_ev_device_disconnected ev;
8962ee74
JH		 4089 struct sock *sk = NULL;
4090 int err;
4091
744cf19e 4092 mgmt_pending_foreach(MGMT_OP_DISCONNECT, hdev, disconnect_rsp, &sk);
f7520543 4093
f0d6a0ea
MA		 4094 bacpy(&ev.addr.bdaddr, bdaddr);
4095 ev.addr.type = link_to_bdaddr(link_type, addr_type);
4096 ev.reason = reason;
f7520543 4097
afc747a6 4098 err = mgmt_event(MGMT_EV_DEVICE_DISCONNECTED, hdev, &ev, sizeof(ev),
04124681 4099 sk);
8962ee74
JH		 4100
4101 if (sk)
d97dcb66 4102 sock_put(sk);
8962ee74 4103
124f6e35 4104 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
04124681 4105 hdev);
a8a1d19e 4106
8962ee74
JH		 4107 return err;
4108}
4109
88c3df13 4110int mgmt_disconnect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 4111 u8 link_type, u8 addr_type, u8 status)
8962ee74 4112{
88c3df13 4113 struct mgmt_rp_disconnect rp;
8962ee74
JH		 4114 struct pending_cmd *cmd;
4115 int err;
4116
36a75f1b
JD		 4117 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
4118 hdev);
4119
2e58ef3e 4120 cmd = mgmt_pending_find(MGMT_OP_DISCONNECT, hdev);
8962ee74
JH		 4121 if (!cmd)
4122 return -ENOENT;
4123
88c3df13 4124 bacpy(&rp.addr.bdaddr, bdaddr);
57c1477c 4125 rp.addr.type = link_to_bdaddr(link_type, addr_type);
37d9ef76 4126
88c3df13 4127 err = cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT,
04124681 4128 mgmt_status(status), &rp, sizeof(rp));
8962ee74 4129
a664b5bc 4130 mgmt_pending_remove(cmd);
8962ee74
JH		 4131
4132 return err;
f7520543 4133}
17d5c04c 4134
48264f06 4135int mgmt_connect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
04124681 4136 u8 addr_type, u8 status)
17d5c04c
JH		 4137{
4138 struct mgmt_ev_connect_failed ev;
4139
4c659c39 4140 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 4141 ev.addr.type = link_to_bdaddr(link_type, addr_type);
ca69b795 4142 ev.status = mgmt_status(status);
17d5c04c 4143
744cf19e 4144 return mgmt_event(MGMT_EV_CONNECT_FAILED, hdev, &ev, sizeof(ev), NULL);
17d5c04c 4145}
980e1a53 4146
744cf19e 4147int mgmt_pin_code_request(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 secure)
980e1a53
JH		 4148{
4149 struct mgmt_ev_pin_code_request ev;
4150
d8457698 4151 bacpy(&ev.addr.bdaddr, bdaddr);
591f47f3 4152 ev.addr.type = BDADDR_BREDR;
a770bb5a 4153 ev.secure = secure;
980e1a53 4154
744cf19e 4155 return mgmt_event(MGMT_EV_PIN_CODE_REQUEST, hdev, &ev, sizeof(ev),
04124681 4156 NULL);
980e1a53
JH		 4157}
4158
744cf19e 4159int mgmt_pin_code_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 4160 u8 status)
980e1a53
JH		 4161{
4162 struct pending_cmd *cmd;
ac56fb13 4163 struct mgmt_rp_pin_code_reply rp;
980e1a53
JH		 4164 int err;
4165
2e58ef3e 4166 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_REPLY, hdev);
980e1a53
JH		 4167 if (!cmd)
4168 return -ENOENT;
4169
d8457698 4170 bacpy(&rp.addr.bdaddr, bdaddr);
591f47f3 4171 rp.addr.type = BDADDR_BREDR;
ac56fb13 4172
aee9b218 4173 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
04124681 4174 mgmt_status(status), &rp, sizeof(rp));
980e1a53 4175
a664b5bc 4176 mgmt_pending_remove(cmd);
980e1a53
JH		 4177
4178 return err;
4179}
4180
744cf19e 4181int mgmt_pin_code_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 4182 u8 status)
980e1a53
JH		 4183{
4184 struct pending_cmd *cmd;
ac56fb13 4185 struct mgmt_rp_pin_code_reply rp;
980e1a53
JH		 4186 int err;
4187
2e58ef3e 4188 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_NEG_REPLY, hdev);
980e1a53
JH		 4189 if (!cmd)
4190 return -ENOENT;
4191
d8457698 4192 bacpy(&rp.addr.bdaddr, bdaddr);
591f47f3 4193 rp.addr.type = BDADDR_BREDR;
ac56fb13 4194
aee9b218 4195 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_NEG_REPLY,
04124681 4196 mgmt_status(status), &rp, sizeof(rp));
980e1a53 4197
a664b5bc 4198 mgmt_pending_remove(cmd);
980e1a53
JH		 4199
4200 return err;
4201}
a5c29683 4202
744cf19e 4203int mgmt_user_confirm_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681
GP		 4204 u8 link_type, u8 addr_type, __le32 value,
4205 u8 confirm_hint)
a5c29683
JH		 4206{
4207 struct mgmt_ev_user_confirm_request ev;
4208
744cf19e 4209 BT_DBG("%s", hdev->name);
a5c29683 4210
272d90df 4211 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 4212 ev.addr.type = link_to_bdaddr(link_type, addr_type);
55bc1a37 4213 ev.confirm_hint = confirm_hint;
78e8098e 4214 ev.value = value;
a5c29683 4215
744cf19e 4216 return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST, hdev, &ev, sizeof(ev),
04124681 4217 NULL);
a5c29683
JH		 4218}
4219
272d90df 4220int mgmt_user_passkey_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
8ce8e2b5 4221 u8 link_type, u8 addr_type)
604086b7
BG		 4222{
4223 struct mgmt_ev_user_passkey_request ev;
4224
4225 BT_DBG("%s", hdev->name);
4226
272d90df 4227 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 4228 ev.addr.type = link_to_bdaddr(link_type, addr_type);
604086b7
BG		 4229
4230 return mgmt_event(MGMT_EV_USER_PASSKEY_REQUEST, hdev, &ev, sizeof(ev),
04124681 4231 NULL);
604086b7
BG		 4232}
4233
0df4c185 4234static int user_pairing_resp_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
8ce8e2b5
GP		 4235 u8 link_type, u8 addr_type, u8 status,
4236 u8 opcode)
a5c29683
JH		 4237{
4238 struct pending_cmd *cmd;
4239 struct mgmt_rp_user_confirm_reply rp;
4240 int err;
4241
2e58ef3e 4242 cmd = mgmt_pending_find(opcode, hdev);
a5c29683
JH		 4243 if (!cmd)
4244 return -ENOENT;
4245
272d90df 4246 bacpy(&rp.addr.bdaddr, bdaddr);
57c1477c 4247 rp.addr.type = link_to_bdaddr(link_type, addr_type);
aee9b218 4248 err = cmd_complete(cmd->sk, hdev->id, opcode, mgmt_status(status),
04124681 4249 &rp, sizeof(rp));
a5c29683 4250
a664b5bc 4251 mgmt_pending_remove(cmd);
a5c29683
JH		 4252
4253 return err;
4254}
4255
744cf19e 4256int mgmt_user_confirm_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 4257 u8 link_type, u8 addr_type, u8 status)
a5c29683 4258{
272d90df 4259 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
04124681 4260 status, MGMT_OP_USER_CONFIRM_REPLY);
a5c29683
JH		 4261}
4262
272d90df 4263int mgmt_user_confirm_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 4264 u8 link_type, u8 addr_type, u8 status)
a5c29683 4265{
272d90df 4266 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
8fc9ced3
GP		 4267 status,
4268 MGMT_OP_USER_CONFIRM_NEG_REPLY);
a5c29683 4269}
2a611692 4270
604086b7 4271int mgmt_user_passkey_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 4272 u8 link_type, u8 addr_type, u8 status)
604086b7 4273{
272d90df 4274 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
04124681 4275 status, MGMT_OP_USER_PASSKEY_REPLY);
604086b7
BG		 4276}
4277
272d90df 4278int mgmt_user_passkey_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 4279 u8 link_type, u8 addr_type, u8 status)
604086b7 4280{
272d90df 4281 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
8fc9ced3
GP		 4282 status,
4283 MGMT_OP_USER_PASSKEY_NEG_REPLY);
604086b7
BG		 4284}
4285
92a25256
JH		 4286int mgmt_user_passkey_notify(struct hci_dev *hdev, bdaddr_t *bdaddr,
4287 u8 link_type, u8 addr_type, u32 passkey,
4288 u8 entered)
4289{
4290 struct mgmt_ev_passkey_notify ev;
4291
4292 BT_DBG("%s", hdev->name);
4293
4294 bacpy(&ev.addr.bdaddr, bdaddr);
4295 ev.addr.type = link_to_bdaddr(link_type, addr_type);
4296 ev.passkey = __cpu_to_le32(passkey);
4297 ev.entered = entered;
4298
4299 return mgmt_event(MGMT_EV_PASSKEY_NOTIFY, hdev, &ev, sizeof(ev), NULL);
4300}
4301
bab73cb6 4302int mgmt_auth_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
04124681 4303 u8 addr_type, u8 status)
2a611692
JH		 4304{
4305 struct mgmt_ev_auth_failed ev;
4306
bab73cb6 4307 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 4308 ev.addr.type = link_to_bdaddr(link_type, addr_type);
ca69b795 4309 ev.status = mgmt_status(status);
2a611692 4310
744cf19e 4311 return mgmt_event(MGMT_EV_AUTH_FAILED, hdev, &ev, sizeof(ev), NULL);
2a611692 4312}
b312b161 4313
33ef95ed
JH		 4314int mgmt_auth_enable_complete(struct hci_dev *hdev, u8 status)
4315{
4316 struct cmd_lookup match = { NULL, hdev };
47990ea0
JH		 4317 bool changed = false;
4318 int err = 0;
33ef95ed
JH		 4319
4320 if (status) {
4321 u8 mgmt_err = mgmt_status(status);
4322 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev,
04124681 4323 cmd_status_rsp, &mgmt_err);
33ef95ed
JH		 4324 return 0;
4325 }
4326
47990ea0
JH		 4327 if (test_bit(HCI_AUTH, &hdev->flags)) {
4328 if (!test_and_set_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
4329 changed = true;
4330 } else {
4331 if (test_and_clear_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
4332 changed = true;
4333 }
4334
33ef95ed 4335 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev, settings_rsp,
04124681 4336 &match);
33ef95ed 4337
47990ea0
JH		 4338 if (changed)
4339 err = new_settings(hdev, match.sk);
33ef95ed
JH		 4340
4341 if (match.sk)
4342 sock_put(match.sk);
4343
4344 return err;
4345}
4346
890ea898 4347static void clear_eir(struct hci_request *req)
cacaf52f 4348{
890ea898 4349 struct hci_dev *hdev = req->hdev;
cacaf52f
JH		 4350 struct hci_cp_write_eir cp;
4351
976eb20e 4352 if (!lmp_ext_inq_capable(hdev))
890ea898 4353 return;
cacaf52f 4354
c80da27e
JH		 4355 memset(hdev->eir, 0, sizeof(hdev->eir));
4356
cacaf52f
JH		 4357 memset(&cp, 0, sizeof(cp));
4358
890ea898 4359 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
cacaf52f
JH		 4360}
4361
c0ecddc2 4362int mgmt_ssp_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
ed2c4ee3
JH		 4363{
4364 struct cmd_lookup match = { NULL, hdev };
890ea898 4365 struct hci_request req;
c0ecddc2
JH		 4366 bool changed = false;
4367 int err = 0;
ed2c4ee3
JH		 4368
4369 if (status) {
4370 u8 mgmt_err = mgmt_status(status);
c0ecddc2
JH		 4371
4372 if (enable && test_and_clear_bit(HCI_SSP_ENABLED,
04124681 4373 &hdev->dev_flags))
c0ecddc2
JH		 4374 err = new_settings(hdev, NULL);
4375
04124681
GP		 4376 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, cmd_status_rsp,
4377 &mgmt_err);
c0ecddc2
JH		 4378
4379 return err;
4380 }
4381
4382 if (enable) {
4383 if (!test_and_set_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
4384 changed = true;
4385 } else {
4386 if (test_and_clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
4387 changed = true;
ed2c4ee3
JH		 4388 }
4389
4390 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, settings_rsp, &match);
4391
c0ecddc2
JH		 4392 if (changed)
4393 err = new_settings(hdev, match.sk);
ed2c4ee3 4394
5fc6ebb1 4395 if (match.sk)
ed2c4ee3
JH		 4396 sock_put(match.sk);
4397
890ea898
JH		 4398 hci_req_init(&req, hdev);
4399
5fc6ebb1 4400 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
890ea898 4401 update_eir(&req);
5fc6ebb1 4402 else
890ea898
JH		 4403 clear_eir(&req);
4404
4405 hci_req_run(&req, NULL);
cacaf52f 4406
ed2c4ee3
JH		 4407 return err;
4408}
4409
92da6097 4410static void sk_lookup(struct pending_cmd *cmd, void *data)
90e70454
JH		 4411{
4412 struct cmd_lookup *match = data;
4413
90e70454
JH		 4414 if (match->sk == NULL) {
4415 match->sk = cmd->sk;
4416 sock_hold(match->sk);
4417 }
90e70454
JH		 4418}
4419
7f9a903c 4420int mgmt_set_class_of_dev_complete(struct hci_dev *hdev, u8 *dev_class,
04124681 4421 u8 status)
7f9a903c 4422{
90e70454
JH		 4423 struct cmd_lookup match = { NULL, hdev, mgmt_status(status) };
4424 int err = 0;
7f9a903c 4425
92da6097
JH		 4426 mgmt_pending_foreach(MGMT_OP_SET_DEV_CLASS, hdev, sk_lookup, &match);
4427 mgmt_pending_foreach(MGMT_OP_ADD_UUID, hdev, sk_lookup, &match);
4428 mgmt_pending_foreach(MGMT_OP_REMOVE_UUID, hdev, sk_lookup, &match);
90e70454
JH		 4429
4430 if (!status)
04124681
GP		 4431 err = mgmt_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev, dev_class,
4432 3, NULL);
90e70454
JH		 4433
4434 if (match.sk)
4435 sock_put(match.sk);
7f9a903c
MH		 4436
4437 return err;
4438}
4439
744cf19e 4440int mgmt_set_local_name_complete(struct hci_dev *hdev, u8 *name, u8 status)
b312b161 4441{
b312b161 4442 struct mgmt_cp_set_local_name ev;
13928971 4443 struct pending_cmd *cmd;
28cc7bde 4444
13928971
JH		 4445 if (status)
4446 return 0;
b312b161
JH		 4447
4448 memset(&ev, 0, sizeof(ev));
4449 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH);
28cc7bde 4450 memcpy(ev.short_name, hdev->short_name, HCI_MAX_SHORT_NAME_LENGTH);
b312b161 4451
2e58ef3e 4452 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
13928971
JH		 4453 if (!cmd) {
4454 memcpy(hdev->dev_name, name, sizeof(hdev->dev_name));
28cc7bde 4455
13928971
JH		 4456 /* If this is a HCI command related to powering on the
4457 * HCI dev don't send any mgmt signals.
4458 */
4459 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev))
4460 return 0;
890ea898 4461 }
b312b161 4462
13928971
JH		 4463 return mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, &ev, sizeof(ev),
4464 cmd ? cmd->sk : NULL);
b312b161 4465}
c35938b2 4466
744cf19e 4467int mgmt_read_local_oob_data_reply_complete(struct hci_dev *hdev, u8 *hash,
04124681 4468 u8 *randomizer, u8 status)
c35938b2
SJ		 4469{
4470 struct pending_cmd *cmd;
4471 int err;
4472
744cf19e 4473 BT_DBG("%s status %u", hdev->name, status);
c35938b2 4474
2e58ef3e 4475 cmd = mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev);
c35938b2
SJ		 4476 if (!cmd)
4477 return -ENOENT;
4478
4479 if (status) {
04124681
GP		 4480 err = cmd_status(cmd->sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
4481 mgmt_status(status));
c35938b2
SJ		 4482 } else {
4483 struct mgmt_rp_read_local_oob_data rp;
4484
4485 memcpy(rp.hash, hash, sizeof(rp.hash));
4486 memcpy(rp.randomizer, randomizer, sizeof(rp.randomizer));
4487
744cf19e 4488 err = cmd_complete(cmd->sk, hdev->id,
04124681
GP		 4489 MGMT_OP_READ_LOCAL_OOB_DATA, 0, &rp,
4490 sizeof(rp));
c35938b2
SJ		 4491 }
4492
4493 mgmt_pending_remove(cmd);
4494
4495 return err;
4496}
e17acd40 4497
48264f06 4498int mgmt_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
04124681
GP		 4499 u8 addr_type, u8 *dev_class, s8 rssi, u8 cfm_name, u8
4500 ssp, u8 *eir, u16 eir_len)
e17acd40 4501{
e319d2e7
JH		 4502 char buf[512];
4503 struct mgmt_ev_device_found *ev = (void *) buf;
1dc06093 4504 size_t ev_size;
e17acd40 4505
12602d0c
AG		 4506 if (!hci_discovery_active(hdev))
4507 return -EPERM;
4508
1dc06093
JH		 4509 /* Leave 5 bytes for a potential CoD field */
4510 if (sizeof(*ev) + eir_len + 5 > sizeof(buf))
7d262f86
AG		 4511 return -EINVAL;
4512
1dc06093
JH		 4513 memset(buf, 0, sizeof(buf));
4514
e319d2e7 4515 bacpy(&ev->addr.bdaddr, bdaddr);
57c1477c 4516 ev->addr.type = link_to_bdaddr(link_type, addr_type);
e319d2e7 4517 ev->rssi = rssi;
9a395a80 4518 if (cfm_name)
612dfce9 4519 ev->flags |= __constant_cpu_to_le32(MGMT_DEV_FOUND_CONFIRM_NAME);
388fc8fa 4520 if (!ssp)
612dfce9 4521 ev->flags |= __constant_cpu_to_le32(MGMT_DEV_FOUND_LEGACY_PAIRING);
e17acd40 4522
1dc06093 4523 if (eir_len > 0)
e319d2e7 4524 memcpy(ev->eir, eir, eir_len);
e17acd40 4525
1dc06093
JH		 4526 if (dev_class && !eir_has_data_type(ev->eir, eir_len, EIR_CLASS_OF_DEV))
4527 eir_len = eir_append_data(ev->eir, eir_len, EIR_CLASS_OF_DEV,
04124681 4528 dev_class, 3);
1dc06093 4529
eb55ef07 4530 ev->eir_len = cpu_to_le16(eir_len);
1dc06093 4531 ev_size = sizeof(*ev) + eir_len;
f8523598 4532
e319d2e7 4533 return mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, ev_size, NULL);
e17acd40 4534}
a88a9652 4535
b644ba33 4536int mgmt_remote_name(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
04124681 4537 u8 addr_type, s8 rssi, u8 *name, u8 name_len)
a88a9652 4538{
b644ba33
JH		 4539 struct mgmt_ev_device_found *ev;
4540 char buf[sizeof(*ev) + HCI_MAX_NAME_LENGTH + 2];
4541 u16 eir_len;
a88a9652 4542
b644ba33 4543 ev = (struct mgmt_ev_device_found *) buf;
a88a9652 4544
b644ba33
JH		 4545 memset(buf, 0, sizeof(buf));
4546
4547 bacpy(&ev->addr.bdaddr, bdaddr);
57c1477c 4548 ev->addr.type = link_to_bdaddr(link_type, addr_type);
b644ba33
JH		 4549 ev->rssi = rssi;
4550
4551 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE, name,
04124681 4552 name_len);
b644ba33 4553
eb55ef07 4554 ev->eir_len = cpu_to_le16(eir_len);
a88a9652 4555
053c7e0c 4556 return mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev,
04124681 4557 sizeof(*ev) + eir_len, NULL);
a88a9652 4558}
314b2381 4559
744cf19e 4560int mgmt_discovering(struct hci_dev *hdev, u8 discovering)
314b2381 4561{
f963e8e9 4562 struct mgmt_ev_discovering ev;
164a6e78
JH		 4563 struct pending_cmd *cmd;
4564
343fb145
AG		 4565 BT_DBG("%s discovering %u", hdev->name, discovering);
4566
164a6e78 4567 if (discovering)
2e58ef3e 4568 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
164a6e78 4569 else
2e58ef3e 4570 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
164a6e78
JH		 4571
4572 if (cmd != NULL) {
f808e166
JH		 4573 u8 type = hdev->discovery.type;
4574
04124681
GP		 4575 cmd_complete(cmd->sk, hdev->id, cmd->opcode, 0, &type,
4576 sizeof(type));
164a6e78
JH		 4577 mgmt_pending_remove(cmd);
4578 }
4579
f963e8e9
JH		 4580 memset(&ev, 0, sizeof(ev));
4581 ev.type = hdev->discovery.type;
4582 ev.discovering = discovering;
4583
4584 return mgmt_event(MGMT_EV_DISCOVERING, hdev, &ev, sizeof(ev), NULL);
314b2381 4585}
5e762444 4586
88c1fe4b 4587int mgmt_device_blocked(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
5e762444
AJ		 4588{
4589 struct pending_cmd *cmd;
4590 struct mgmt_ev_device_blocked ev;
4591
2e58ef3e 4592 cmd = mgmt_pending_find(MGMT_OP_BLOCK_DEVICE, hdev);
5e762444 4593
88c1fe4b
JH		 4594 bacpy(&ev.addr.bdaddr, bdaddr);
4595 ev.addr.type = type;
5e762444 4596
744cf19e 4597 return mgmt_event(MGMT_EV_DEVICE_BLOCKED, hdev, &ev, sizeof(ev),
04124681 4598 cmd ? cmd->sk : NULL);
5e762444
AJ		 4599}
4600
88c1fe4b 4601int mgmt_device_unblocked(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
5e762444
AJ		 4602{
4603 struct pending_cmd *cmd;
4604 struct mgmt_ev_device_unblocked ev;
4605
2e58ef3e 4606 cmd = mgmt_pending_find(MGMT_OP_UNBLOCK_DEVICE, hdev);
5e762444 4607
88c1fe4b
JH		 4608 bacpy(&ev.addr.bdaddr, bdaddr);
4609 ev.addr.type = type;
5e762444 4610
744cf19e 4611 return mgmt_event(MGMT_EV_DEVICE_UNBLOCKED, hdev, &ev, sizeof(ev),
04124681 4612 cmd ? cmd->sk : NULL);
5e762444 4613}
ubuntu-zesty-kernel mirror