]> git.proxmox.com Git - mirror_ubuntu-zesty-kernel.git/blame - net/bluetooth/mgmt.c
projects / mirror_ubuntu-zesty-kernel.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Bluetooth: Move mgmt response convenience functions to a better location
[mirror_ubuntu-zesty-kernel.git] / net / bluetooth / mgmt.c
CommitLineData
0381101f
JH		 1/*
2 BlueZ - Bluetooth protocol stack for Linux
ea585ab5 3
0381101f 4 Copyright (C) 2010 Nokia Corporation
ea585ab5 5 Copyright (C) 2011-2012 Intel Corporation
0381101f
JH		 6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
10
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
23*/
24
25/* Bluetooth HCI Management interface */
26
3a9a231d 27#include <linux/module.h>
0381101f
JH		 28#include <asm/unaligned.h>
29
30#include <net/bluetooth/bluetooth.h>
31#include <net/bluetooth/hci_core.h>
32#include <net/bluetooth/mgmt.h>
5fe57d9e 33#include <net/bluetooth/smp.h>
0381101f 34
d7b7e796 35bool enable_hs;
d7b7e796 36
2da9c55c 37#define MGMT_VERSION 1
3810285c 38#define MGMT_REVISION 3
02d98129 39
e70bb2e8
JH		 40static const u16 mgmt_commands[] = {
41 MGMT_OP_READ_INDEX_LIST,
42 MGMT_OP_READ_INFO,
43 MGMT_OP_SET_POWERED,
44 MGMT_OP_SET_DISCOVERABLE,
45 MGMT_OP_SET_CONNECTABLE,
46 MGMT_OP_SET_FAST_CONNECTABLE,
47 MGMT_OP_SET_PAIRABLE,
48 MGMT_OP_SET_LINK_SECURITY,
49 MGMT_OP_SET_SSP,
50 MGMT_OP_SET_HS,
51 MGMT_OP_SET_LE,
52 MGMT_OP_SET_DEV_CLASS,
53 MGMT_OP_SET_LOCAL_NAME,
54 MGMT_OP_ADD_UUID,
55 MGMT_OP_REMOVE_UUID,
56 MGMT_OP_LOAD_LINK_KEYS,
57 MGMT_OP_LOAD_LONG_TERM_KEYS,
58 MGMT_OP_DISCONNECT,
59 MGMT_OP_GET_CONNECTIONS,
60 MGMT_OP_PIN_CODE_REPLY,
61 MGMT_OP_PIN_CODE_NEG_REPLY,
62 MGMT_OP_SET_IO_CAPABILITY,
63 MGMT_OP_PAIR_DEVICE,
64 MGMT_OP_CANCEL_PAIR_DEVICE,
65 MGMT_OP_UNPAIR_DEVICE,
66 MGMT_OP_USER_CONFIRM_REPLY,
67 MGMT_OP_USER_CONFIRM_NEG_REPLY,
68 MGMT_OP_USER_PASSKEY_REPLY,
69 MGMT_OP_USER_PASSKEY_NEG_REPLY,
70 MGMT_OP_READ_LOCAL_OOB_DATA,
71 MGMT_OP_ADD_REMOTE_OOB_DATA,
72 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
73 MGMT_OP_START_DISCOVERY,
74 MGMT_OP_STOP_DISCOVERY,
75 MGMT_OP_CONFIRM_NAME,
76 MGMT_OP_BLOCK_DEVICE,
77 MGMT_OP_UNBLOCK_DEVICE,
cdbaccca 78 MGMT_OP_SET_DEVICE_ID,
e70bb2e8
JH		 79};
80
81static const u16 mgmt_events[] = {
82 MGMT_EV_CONTROLLER_ERROR,
83 MGMT_EV_INDEX_ADDED,
84 MGMT_EV_INDEX_REMOVED,
85 MGMT_EV_NEW_SETTINGS,
86 MGMT_EV_CLASS_OF_DEV_CHANGED,
87 MGMT_EV_LOCAL_NAME_CHANGED,
88 MGMT_EV_NEW_LINK_KEY,
89 MGMT_EV_NEW_LONG_TERM_KEY,
90 MGMT_EV_DEVICE_CONNECTED,
91 MGMT_EV_DEVICE_DISCONNECTED,
92 MGMT_EV_CONNECT_FAILED,
93 MGMT_EV_PIN_CODE_REQUEST,
94 MGMT_EV_USER_CONFIRM_REQUEST,
95 MGMT_EV_USER_PASSKEY_REQUEST,
96 MGMT_EV_AUTH_FAILED,
97 MGMT_EV_DEVICE_FOUND,
98 MGMT_EV_DISCOVERING,
99 MGMT_EV_DEVICE_BLOCKED,
100 MGMT_EV_DEVICE_UNBLOCKED,
101 MGMT_EV_DEVICE_UNPAIRED,
92a25256 102 MGMT_EV_PASSKEY_NOTIFY,
e70bb2e8
JH		 103};
104
17b02e62 105#define CACHE_TIMEOUT msecs_to_jiffies(2 * 1000)
7d78525d 106
4b34ee78
JH		 107#define hdev_is_powered(hdev) (test_bit(HCI_UP, &hdev->flags) && \
108 !test_bit(HCI_AUTO_OFF, &hdev->dev_flags))
109
eec8d2bc
JH		 110struct pending_cmd {
111 struct list_head list;
fc2f4b13 112 u16 opcode;
eec8d2bc 113 int index;
c68fb7ff 114 void *param;
eec8d2bc 115 struct sock *sk;
e9a416b5 116 void *user_data;
eec8d2bc
JH		 117};
118
ca69b795
JH		 119/* HCI to MGMT error code conversion table */
120static u8 mgmt_status_table[] = {
121 MGMT_STATUS_SUCCESS,
122 MGMT_STATUS_UNKNOWN_COMMAND, /* Unknown Command */
123 MGMT_STATUS_NOT_CONNECTED, /* No Connection */
124 MGMT_STATUS_FAILED, /* Hardware Failure */
125 MGMT_STATUS_CONNECT_FAILED, /* Page Timeout */
126 MGMT_STATUS_AUTH_FAILED, /* Authentication Failed */
127 MGMT_STATUS_NOT_PAIRED, /* PIN or Key Missing */
128 MGMT_STATUS_NO_RESOURCES, /* Memory Full */
129 MGMT_STATUS_TIMEOUT, /* Connection Timeout */
130 MGMT_STATUS_NO_RESOURCES, /* Max Number of Connections */
131 MGMT_STATUS_NO_RESOURCES, /* Max Number of SCO Connections */
132 MGMT_STATUS_ALREADY_CONNECTED, /* ACL Connection Exists */
133 MGMT_STATUS_BUSY, /* Command Disallowed */
134 MGMT_STATUS_NO_RESOURCES, /* Rejected Limited Resources */
135 MGMT_STATUS_REJECTED, /* Rejected Security */
136 MGMT_STATUS_REJECTED, /* Rejected Personal */
137 MGMT_STATUS_TIMEOUT, /* Host Timeout */
138 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Feature */
139 MGMT_STATUS_INVALID_PARAMS, /* Invalid Parameters */
140 MGMT_STATUS_DISCONNECTED, /* OE User Ended Connection */
141 MGMT_STATUS_NO_RESOURCES, /* OE Low Resources */
142 MGMT_STATUS_DISCONNECTED, /* OE Power Off */
143 MGMT_STATUS_DISCONNECTED, /* Connection Terminated */
144 MGMT_STATUS_BUSY, /* Repeated Attempts */
145 MGMT_STATUS_REJECTED, /* Pairing Not Allowed */
146 MGMT_STATUS_FAILED, /* Unknown LMP PDU */
147 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Remote Feature */
148 MGMT_STATUS_REJECTED, /* SCO Offset Rejected */
149 MGMT_STATUS_REJECTED, /* SCO Interval Rejected */
150 MGMT_STATUS_REJECTED, /* Air Mode Rejected */
151 MGMT_STATUS_INVALID_PARAMS, /* Invalid LMP Parameters */
152 MGMT_STATUS_FAILED, /* Unspecified Error */
153 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported LMP Parameter Value */
154 MGMT_STATUS_FAILED, /* Role Change Not Allowed */
155 MGMT_STATUS_TIMEOUT, /* LMP Response Timeout */
156 MGMT_STATUS_FAILED, /* LMP Error Transaction Collision */
157 MGMT_STATUS_FAILED, /* LMP PDU Not Allowed */
158 MGMT_STATUS_REJECTED, /* Encryption Mode Not Accepted */
159 MGMT_STATUS_FAILED, /* Unit Link Key Used */
160 MGMT_STATUS_NOT_SUPPORTED, /* QoS Not Supported */
161 MGMT_STATUS_TIMEOUT, /* Instant Passed */
162 MGMT_STATUS_NOT_SUPPORTED, /* Pairing Not Supported */
163 MGMT_STATUS_FAILED, /* Transaction Collision */
164 MGMT_STATUS_INVALID_PARAMS, /* Unacceptable Parameter */
165 MGMT_STATUS_REJECTED, /* QoS Rejected */
166 MGMT_STATUS_NOT_SUPPORTED, /* Classification Not Supported */
167 MGMT_STATUS_REJECTED, /* Insufficient Security */
168 MGMT_STATUS_INVALID_PARAMS, /* Parameter Out Of Range */
169 MGMT_STATUS_BUSY, /* Role Switch Pending */
170 MGMT_STATUS_FAILED, /* Slot Violation */
171 MGMT_STATUS_FAILED, /* Role Switch Failed */
172 MGMT_STATUS_INVALID_PARAMS, /* EIR Too Large */
173 MGMT_STATUS_NOT_SUPPORTED, /* Simple Pairing Not Supported */
174 MGMT_STATUS_BUSY, /* Host Busy Pairing */
175 MGMT_STATUS_REJECTED, /* Rejected, No Suitable Channel */
176 MGMT_STATUS_BUSY, /* Controller Busy */
177 MGMT_STATUS_INVALID_PARAMS, /* Unsuitable Connection Interval */
178 MGMT_STATUS_TIMEOUT, /* Directed Advertising Timeout */
179 MGMT_STATUS_AUTH_FAILED, /* Terminated Due to MIC Failure */
180 MGMT_STATUS_CONNECT_FAILED, /* Connection Establishment Failed */
181 MGMT_STATUS_CONNECT_FAILED, /* MAC Connection Failed */
182};
183
bb4b2a9a
AE		 184bool mgmt_valid_hdev(struct hci_dev *hdev)
185{
186 return hdev->dev_type == HCI_BREDR;
187}
188
ca69b795
JH		 189static u8 mgmt_status(u8 hci_status)
190{
191 if (hci_status < ARRAY_SIZE(mgmt_status_table))
192 return mgmt_status_table[hci_status];
193
194 return MGMT_STATUS_FAILED;
195}
196
4e51eae9 197static int cmd_status(struct sock *sk, u16 index, u16 cmd, u8 status)
f7b64e69
JH		 198{
199 struct sk_buff *skb;
200 struct mgmt_hdr *hdr;
201 struct mgmt_ev_cmd_status *ev;
56b7d137 202 int err;
f7b64e69 203
34eb525c 204 BT_DBG("sock %p, index %u, cmd %u, status %u", sk, index, cmd, status);
f7b64e69 205
790eff44 206 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev), GFP_KERNEL);
f7b64e69
JH		 207 if (!skb)
208 return -ENOMEM;
209
210 hdr = (void *) skb_put(skb, sizeof(*hdr));
211
612dfce9 212 hdr->opcode = __constant_cpu_to_le16(MGMT_EV_CMD_STATUS);
4e51eae9 213 hdr->index = cpu_to_le16(index);
f7b64e69
JH		 214 hdr->len = cpu_to_le16(sizeof(*ev));
215
216 ev = (void *) skb_put(skb, sizeof(*ev));
217 ev->status = status;
eb55ef07 218 ev->opcode = cpu_to_le16(cmd);
f7b64e69 219
56b7d137
GP		 220 err = sock_queue_rcv_skb(sk, skb);
221 if (err < 0)
f7b64e69
JH		 222 kfree_skb(skb);
223
56b7d137 224 return err;
f7b64e69
JH		 225}
226
aee9b218 227static int cmd_complete(struct sock *sk, u16 index, u16 cmd, u8 status,
04124681 228 void *rp, size_t rp_len)
02d98129
JH		 229{
230 struct sk_buff *skb;
231 struct mgmt_hdr *hdr;
232 struct mgmt_ev_cmd_complete *ev;
56b7d137 233 int err;
02d98129
JH		 234
235 BT_DBG("sock %p", sk);
236
790eff44 237 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev) + rp_len, GFP_KERNEL);
02d98129
JH		 238 if (!skb)
239 return -ENOMEM;
240
241 hdr = (void *) skb_put(skb, sizeof(*hdr));
02d98129 242
612dfce9 243 hdr->opcode = __constant_cpu_to_le16(MGMT_EV_CMD_COMPLETE);
4e51eae9 244 hdr->index = cpu_to_le16(index);
a38528f1 245 hdr->len = cpu_to_le16(sizeof(*ev) + rp_len);
02d98129 246
a38528f1 247 ev = (void *) skb_put(skb, sizeof(*ev) + rp_len);
eb55ef07 248 ev->opcode = cpu_to_le16(cmd);
aee9b218 249 ev->status = status;
8020c16a
SJ		 250
251 if (rp)
252 memcpy(ev->data, rp, rp_len);
02d98129 253
56b7d137
GP		 254 err = sock_queue_rcv_skb(sk, skb);
255 if (err < 0)
02d98129
JH		 256 kfree_skb(skb);
257
e5f0e151 258 return err;
02d98129
JH		 259}
260
04124681
GP		 261static int read_version(struct sock *sk, struct hci_dev *hdev, void *data,
262 u16 data_len)
a38528f1
JH		 263{
264 struct mgmt_rp_read_version rp;
265
266 BT_DBG("sock %p", sk);
267
268 rp.version = MGMT_VERSION;
eb55ef07 269 rp.revision = __constant_cpu_to_le16(MGMT_REVISION);
a38528f1 270
aee9b218 271 return cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_VERSION, 0, &rp,
04124681 272 sizeof(rp));
a38528f1
JH		 273}
274
04124681
GP		 275static int read_commands(struct sock *sk, struct hci_dev *hdev, void *data,
276 u16 data_len)
e70bb2e8
JH		 277{
278 struct mgmt_rp_read_commands *rp;
eb55ef07
MH		 279 const u16 num_commands = ARRAY_SIZE(mgmt_commands);
280 const u16 num_events = ARRAY_SIZE(mgmt_events);
2e3c35ea 281 __le16 *opcode;
e70bb2e8
JH		 282 size_t rp_size;
283 int i, err;
284
285 BT_DBG("sock %p", sk);
286
287 rp_size = sizeof(*rp) + ((num_commands + num_events) * sizeof(u16));
288
289 rp = kmalloc(rp_size, GFP_KERNEL);
290 if (!rp)
291 return -ENOMEM;
292
eb55ef07
MH		 293 rp->num_commands = __constant_cpu_to_le16(num_commands);
294 rp->num_events = __constant_cpu_to_le16(num_events);
e70bb2e8
JH		 295
296 for (i = 0, opcode = rp->opcodes; i < num_commands; i++, opcode++)
297 put_unaligned_le16(mgmt_commands[i], opcode);
298
299 for (i = 0; i < num_events; i++, opcode++)
300 put_unaligned_le16(mgmt_events[i], opcode);
301
aee9b218 302 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_COMMANDS, 0, rp,
04124681 303 rp_size);
e70bb2e8
JH		 304 kfree(rp);
305
306 return err;
307}
308
04124681
GP		 309static int read_index_list(struct sock *sk, struct hci_dev *hdev, void *data,
310 u16 data_len)
faba42eb 311{
faba42eb 312 struct mgmt_rp_read_index_list *rp;
8035ded4 313 struct hci_dev *d;
a38528f1 314 size_t rp_len;
faba42eb 315 u16 count;
476e44cb 316 int err;
faba42eb
JH		 317
318 BT_DBG("sock %p", sk);
319
320 read_lock(&hci_dev_list_lock);
321
322 count = 0;
bb4b2a9a
AE		 323 list_for_each_entry(d, &hci_dev_list, list) {
324 if (!mgmt_valid_hdev(d))
325 continue;
326
faba42eb
JH		 327 count++;
328 }
329
a38528f1
JH		 330 rp_len = sizeof(*rp) + (2 * count);
331 rp = kmalloc(rp_len, GFP_ATOMIC);
332 if (!rp) {
b2c60d42 333 read_unlock(&hci_dev_list_lock);
faba42eb 334 return -ENOMEM;
b2c60d42 335 }
faba42eb 336
476e44cb 337 count = 0;
8035ded4 338 list_for_each_entry(d, &hci_dev_list, list) {
a8b2d5c2 339 if (test_bit(HCI_SETUP, &d->dev_flags))
ab81cbf9
JH		 340 continue;
341
0736cfa8
MH		 342 if (test_bit(HCI_USER_CHANNEL, &d->dev_flags))
343 continue;
344
bb4b2a9a
AE		 345 if (!mgmt_valid_hdev(d))
346 continue;
347
476e44cb 348 rp->index[count++] = cpu_to_le16(d->id);
faba42eb
JH		 349 BT_DBG("Added hci%u", d->id);
350 }
351
476e44cb
JH		 352 rp->num_controllers = cpu_to_le16(count);
353 rp_len = sizeof(*rp) + (2 * count);
354
faba42eb
JH		 355 read_unlock(&hci_dev_list_lock);
356
aee9b218 357 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_INDEX_LIST, 0, rp,
04124681 358 rp_len);
faba42eb 359
a38528f1
JH		 360 kfree(rp);
361
362 return err;
faba42eb
JH		 363}
364
69ab39ea
JH		 365static u32 get_supported_settings(struct hci_dev *hdev)
366{
367 u32 settings = 0;
368
369 settings |= MGMT_SETTING_POWERED;
69ab39ea
JH		 370 settings |= MGMT_SETTING_PAIRABLE;
371
9a1a1996 372 if (lmp_ssp_capable(hdev))
69ab39ea
JH		 373 settings |= MGMT_SETTING_SSP;
374
ed3fa31f 375 if (lmp_bredr_capable(hdev)) {
33c525c0 376 settings |= MGMT_SETTING_CONNECTABLE;
1a47aee8
JH		 377 if (hdev->hci_ver >= BLUETOOTH_VER_1_2)
378 settings |= MGMT_SETTING_FAST_CONNECTABLE;
33c525c0 379 settings |= MGMT_SETTING_DISCOVERABLE;
69ab39ea
JH		 380 settings |= MGMT_SETTING_BREDR;
381 settings |= MGMT_SETTING_LINK_SECURITY;
382 }
383
d7b7e796
MH		 384 if (enable_hs)
385 settings |= MGMT_SETTING_HS;
386
c383ddc4 387 if (lmp_le_capable(hdev))
9d42820f 388 settings |= MGMT_SETTING_LE;
69ab39ea
JH		 389
390 return settings;
391}
392
393static u32 get_current_settings(struct hci_dev *hdev)
394{
395 u32 settings = 0;
396
f1f0eb02 397 if (hdev_is_powered(hdev))
f0d4b78a
MH		 398 settings |= MGMT_SETTING_POWERED;
399
5e5282bb 400 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
69ab39ea
JH		 401 settings |= MGMT_SETTING_CONNECTABLE;
402
1a4d3c4b
JH		 403 if (test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags))
404 settings |= MGMT_SETTING_FAST_CONNECTABLE;
405
5e5282bb 406 if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
69ab39ea
JH		 407 settings |= MGMT_SETTING_DISCOVERABLE;
408
a8b2d5c2 409 if (test_bit(HCI_PAIRABLE, &hdev->dev_flags))
69ab39ea
JH		 410 settings |= MGMT_SETTING_PAIRABLE;
411
ed3fa31f 412 if (lmp_bredr_capable(hdev))
69ab39ea
JH		 413 settings |= MGMT_SETTING_BREDR;
414
06199cf8 415 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
69ab39ea
JH		 416 settings |= MGMT_SETTING_LE;
417
47990ea0 418 if (test_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
69ab39ea
JH		 419 settings |= MGMT_SETTING_LINK_SECURITY;
420
84bde9d6 421 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
69ab39ea
JH		 422 settings |= MGMT_SETTING_SSP;
423
6d80dfd0
JH		 424 if (test_bit(HCI_HS_ENABLED, &hdev->dev_flags))
425 settings |= MGMT_SETTING_HS;
426
69ab39ea
JH		 427 return settings;
428}
429
ef580372
JH		 430#define PNP_INFO_SVCLASS_ID 0x1200
431
213202ed
JH		 432static u8 *create_uuid16_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
433{
434 u8 *ptr = data, *uuids_start = NULL;
435 struct bt_uuid *uuid;
436
437 if (len < 4)
438 return ptr;
439
440 list_for_each_entry(uuid, &hdev->uuids, list) {
441 u16 uuid16;
442
443 if (uuid->size != 16)
444 continue;
445
446 uuid16 = get_unaligned_le16(&uuid->uuid[12]);
447 if (uuid16 < 0x1100)
448 continue;
449
450 if (uuid16 == PNP_INFO_SVCLASS_ID)
451 continue;
452
453 if (!uuids_start) {
454 uuids_start = ptr;
455 uuids_start[0] = 1;
456 uuids_start[1] = EIR_UUID16_ALL;
457 ptr += 2;
458 }
459
460 /* Stop if not enough space to put next UUID */
461 if ((ptr - data) + sizeof(u16) > len) {
462 uuids_start[1] = EIR_UUID16_SOME;
463 break;
464 }
465
466 *ptr++ = (uuid16 & 0x00ff);
467 *ptr++ = (uuid16 & 0xff00) >> 8;
468 uuids_start[0] += sizeof(uuid16);
469 }
470
471 return ptr;
472}
473
cdf1963f
JH		 474static u8 *create_uuid32_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
475{
476 u8 *ptr = data, *uuids_start = NULL;
477 struct bt_uuid *uuid;
478
479 if (len < 6)
480 return ptr;
481
482 list_for_each_entry(uuid, &hdev->uuids, list) {
483 if (uuid->size != 32)
484 continue;
485
486 if (!uuids_start) {
487 uuids_start = ptr;
488 uuids_start[0] = 1;
489 uuids_start[1] = EIR_UUID32_ALL;
490 ptr += 2;
491 }
492
493 /* Stop if not enough space to put next UUID */
494 if ((ptr - data) + sizeof(u32) > len) {
495 uuids_start[1] = EIR_UUID32_SOME;
496 break;
497 }
498
499 memcpy(ptr, &uuid->uuid[12], sizeof(u32));
500 ptr += sizeof(u32);
501 uuids_start[0] += sizeof(u32);
502 }
503
504 return ptr;
505}
506
c00d575b
JH		 507static u8 *create_uuid128_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
508{
509 u8 *ptr = data, *uuids_start = NULL;
510 struct bt_uuid *uuid;
511
512 if (len < 18)
513 return ptr;
514
515 list_for_each_entry(uuid, &hdev->uuids, list) {
516 if (uuid->size != 128)
517 continue;
518
519 if (!uuids_start) {
520 uuids_start = ptr;
521 uuids_start[0] = 1;
522 uuids_start[1] = EIR_UUID128_ALL;
523 ptr += 2;
524 }
525
526 /* Stop if not enough space to put next UUID */
527 if ((ptr - data) + 16 > len) {
528 uuids_start[1] = EIR_UUID128_SOME;
529 break;
530 }
531
532 memcpy(ptr, uuid->uuid, 16);
533 ptr += 16;
534 uuids_start[0] += 16;
535 }
536
537 return ptr;
538}
539
ef580372
JH		 540static void create_eir(struct hci_dev *hdev, u8 *data)
541{
542 u8 *ptr = data;
ef580372
JH		 543 size_t name_len;
544
545 name_len = strlen(hdev->dev_name);
546
547 if (name_len > 0) {
548 /* EIR Data type */
549 if (name_len > 48) {
550 name_len = 48;
551 ptr[1] = EIR_NAME_SHORT;
552 } else
553 ptr[1] = EIR_NAME_COMPLETE;
554
555 /* EIR Data length */
556 ptr[0] = name_len + 1;
557
558 memcpy(ptr + 2, hdev->dev_name, name_len);
559
ef580372
JH		 560 ptr += (name_len + 2);
561 }
562
bbaf444a 563 if (hdev->inq_tx_power != HCI_TX_POWER_INVALID) {
91c4e9b1
MH		 564 ptr[0] = 2;
565 ptr[1] = EIR_TX_POWER;
566 ptr[2] = (u8) hdev->inq_tx_power;
567
91c4e9b1
MH		 568 ptr += 3;
569 }
570
2b9be137
MH		 571 if (hdev->devid_source > 0) {
572 ptr[0] = 9;
573 ptr[1] = EIR_DEVICE_ID;
574
575 put_unaligned_le16(hdev->devid_source, ptr + 2);
576 put_unaligned_le16(hdev->devid_vendor, ptr + 4);
577 put_unaligned_le16(hdev->devid_product, ptr + 6);
578 put_unaligned_le16(hdev->devid_version, ptr + 8);
579
2b9be137
MH		 580 ptr += 10;
581 }
582
213202ed 583 ptr = create_uuid16_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
cdf1963f 584 ptr = create_uuid32_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
c00d575b 585 ptr = create_uuid128_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
ef580372
JH		 586}
587
890ea898 588static void update_eir(struct hci_request *req)
ef580372 589{
890ea898 590 struct hci_dev *hdev = req->hdev;
ef580372
JH		 591 struct hci_cp_write_eir cp;
592
504c8dcd 593 if (!hdev_is_powered(hdev))
890ea898 594 return;
7770c4aa 595
976eb20e 596 if (!lmp_ext_inq_capable(hdev))
890ea898 597 return;
ef580372 598
84bde9d6 599 if (!test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
890ea898 600 return;
ef580372 601
a8b2d5c2 602 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
890ea898 603 return;
ef580372
JH		 604
605 memset(&cp, 0, sizeof(cp));
606
607 create_eir(hdev, cp.data);
608
609 if (memcmp(cp.data, hdev->eir, sizeof(cp.data)) == 0)
890ea898 610 return;
ef580372
JH		 611
612 memcpy(hdev->eir, cp.data, sizeof(cp.data));
613
890ea898 614 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
ef580372
JH		 615}
616
617static u8 get_service_classes(struct hci_dev *hdev)
618{
619 struct bt_uuid *uuid;
620 u8 val = 0;
621
622 list_for_each_entry(uuid, &hdev->uuids, list)
623 val |= uuid->svc_hint;
624
625 return val;
626}
627
890ea898 628static void update_class(struct hci_request *req)
ef580372 629{
890ea898 630 struct hci_dev *hdev = req->hdev;
ef580372
JH		 631 u8 cod[3];
632
633 BT_DBG("%s", hdev->name);
634
504c8dcd 635 if (!hdev_is_powered(hdev))
890ea898 636 return;
7770c4aa 637
a8b2d5c2 638 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
890ea898 639 return;
ef580372
JH		 640
641 cod[0] = hdev->minor_class;
642 cod[1] = hdev->major_class;
643 cod[2] = get_service_classes(hdev);
644
645 if (memcmp(cod, hdev->dev_class, 3) == 0)
890ea898 646 return;
ef580372 647
890ea898 648 hci_req_add(req, HCI_OP_WRITE_CLASS_OF_DEV, sizeof(cod), cod);
ef580372
JH		 649}
650
7d78525d
JH		 651static void service_cache_off(struct work_struct *work)
652{
653 struct hci_dev *hdev = container_of(work, struct hci_dev,
04124681 654 service_cache.work);
890ea898 655 struct hci_request req;
7d78525d 656
a8b2d5c2 657 if (!test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
7d78525d
JH		 658 return;
659
890ea898
JH		 660 hci_req_init(&req, hdev);
661
7d78525d
JH		 662 hci_dev_lock(hdev);
663
890ea898
JH		 664 update_eir(&req);
665 update_class(&req);
7d78525d
JH		 666
667 hci_dev_unlock(hdev);
890ea898
JH		 668
669 hci_req_run(&req, NULL);
7d78525d
JH		 670}
671
6a919082 672static void mgmt_init_hdev(struct sock *sk, struct hci_dev *hdev)
7d78525d 673{
4f87da80 674 if (test_and_set_bit(HCI_MGMT, &hdev->dev_flags))
6a919082
JH		 675 return;
676
4f87da80 677 INIT_DELAYED_WORK(&hdev->service_cache, service_cache_off);
7d78525d 678
4f87da80
JH		 679 /* Non-mgmt controlled devices get this bit set
680 * implicitly so that pairing works for them, however
681 * for mgmt we require user-space to explicitly enable
682 * it
683 */
684 clear_bit(HCI_PAIRABLE, &hdev->dev_flags);
7d78525d
JH		 685}
686
0f4e68cf 687static int read_controller_info(struct sock *sk, struct hci_dev *hdev,
04124681 688 void *data, u16 data_len)
0381101f 689{
a38528f1 690 struct mgmt_rp_read_info rp;
f7b64e69 691
bdb6d971 692 BT_DBG("sock %p %s", sk, hdev->name);
f7b64e69 693
09fd0de5 694 hci_dev_lock(hdev);
f7b64e69 695
dc4fe30b
JH		 696 memset(&rp, 0, sizeof(rp));
697
69ab39ea 698 bacpy(&rp.bdaddr, &hdev->bdaddr);
f7b64e69 699
69ab39ea 700 rp.version = hdev->hci_ver;
eb55ef07 701 rp.manufacturer = cpu_to_le16(hdev->manufacturer);
69ab39ea
JH		 702
703 rp.supported_settings = cpu_to_le32(get_supported_settings(hdev));
704 rp.current_settings = cpu_to_le32(get_current_settings(hdev));
f7b64e69 705
a38528f1 706 memcpy(rp.dev_class, hdev->dev_class, 3);
f7b64e69 707
dc4fe30b 708 memcpy(rp.name, hdev->dev_name, sizeof(hdev->dev_name));
27fcc362 709 memcpy(rp.short_name, hdev->short_name, sizeof(hdev->short_name));
dc4fe30b 710
09fd0de5 711 hci_dev_unlock(hdev);
0381101f 712
bdb6d971 713 return cmd_complete(sk, hdev->id, MGMT_OP_READ_INFO, 0, &rp,
04124681 714 sizeof(rp));
0381101f
JH		 715}
716
eec8d2bc
JH		 717static void mgmt_pending_free(struct pending_cmd *cmd)
718{
719 sock_put(cmd->sk);
c68fb7ff 720 kfree(cmd->param);
eec8d2bc
JH		 721 kfree(cmd);
722}
723
366a0336 724static struct pending_cmd *mgmt_pending_add(struct sock *sk, u16 opcode,
04124681
GP		 725 struct hci_dev *hdev, void *data,
726 u16 len)
eec8d2bc
JH		 727{
728 struct pending_cmd *cmd;
729
12b94565 730 cmd = kmalloc(sizeof(*cmd), GFP_KERNEL);
eec8d2bc 731 if (!cmd)
366a0336 732 return NULL;
eec8d2bc
JH		 733
734 cmd->opcode = opcode;
2e58ef3e 735 cmd->index = hdev->id;
eec8d2bc 736
12b94565 737 cmd->param = kmalloc(len, GFP_KERNEL);
c68fb7ff 738 if (!cmd->param) {
eec8d2bc 739 kfree(cmd);
366a0336 740 return NULL;
eec8d2bc
JH		 741 }
742
8fce6357
SJ		 743 if (data)
744 memcpy(cmd->param, data, len);
eec8d2bc
JH		 745
746 cmd->sk = sk;
747 sock_hold(sk);
748
2e58ef3e 749 list_add(&cmd->list, &hdev->mgmt_pending);
eec8d2bc 750
366a0336 751 return cmd;
eec8d2bc
JH		 752}
753
744cf19e 754static void mgmt_pending_foreach(u16 opcode, struct hci_dev *hdev,
8fc9ced3
GP		 755 void (*cb)(struct pending_cmd *cmd,
756 void *data),
04124681 757 void *data)
eec8d2bc 758{
a3d09356 759 struct pending_cmd *cmd, *tmp;
eec8d2bc 760
a3d09356 761 list_for_each_entry_safe(cmd, tmp, &hdev->mgmt_pending, list) {
b24752fe 762 if (opcode > 0 && cmd->opcode != opcode)
eec8d2bc
JH		 763 continue;
764
eec8d2bc
JH		 765 cb(cmd, data);
766 }
767}
768
2e58ef3e 769static struct pending_cmd *mgmt_pending_find(u16 opcode, struct hci_dev *hdev)
eec8d2bc 770{
8035ded4 771 struct pending_cmd *cmd;
eec8d2bc 772
2e58ef3e 773 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
2aeabcbe
JH		 774 if (cmd->opcode == opcode)
775 return cmd;
eec8d2bc
JH		 776 }
777
778 return NULL;
779}
780
a664b5bc 781static void mgmt_pending_remove(struct pending_cmd *cmd)
73f22f62 782{
73f22f62
JH		 783 list_del(&cmd->list);
784 mgmt_pending_free(cmd);
785}
786
69ab39ea 787static int send_settings_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
8680570b 788{
69ab39ea 789 __le32 settings = cpu_to_le32(get_current_settings(hdev));
8680570b 790
aee9b218 791 return cmd_complete(sk, hdev->id, opcode, 0, &settings,
04124681 792 sizeof(settings));
8680570b
JH		 793}
794
bdb6d971 795static int set_powered(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 796 u16 len)
eec8d2bc 797{
650f726d 798 struct mgmt_mode *cp = data;
366a0336 799 struct pending_cmd *cmd;
4b34ee78 800 int err;
eec8d2bc 801
bdb6d971 802 BT_DBG("request for %s", hdev->name);
eec8d2bc 803
a7e80f25
JH		 804 if (cp->val != 0x00 && cp->val != 0x01)
805 return cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
806 MGMT_STATUS_INVALID_PARAMS);
807
09fd0de5 808 hci_dev_lock(hdev);
eec8d2bc 809
87b95ba6
JH		 810 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev)) {
811 err = cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
812 MGMT_STATUS_BUSY);
813 goto failed;
814 }
815
f0d4b78a
MH		 816 if (test_and_clear_bit(HCI_AUTO_OFF, &hdev->dev_flags)) {
817 cancel_delayed_work(&hdev->power_off);
818
819 if (cp->val) {
a1d70450
JH		 820 mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev,
821 data, len);
822 err = mgmt_powered(hdev, 1);
f0d4b78a
MH		 823 goto failed;
824 }
825 }
826
4b34ee78 827 if (!!cp->val == hdev_is_powered(hdev)) {
69ab39ea 828 err = send_settings_rsp(sk, MGMT_OP_SET_POWERED, hdev);
eec8d2bc
JH		 829 goto failed;
830 }
831
2e58ef3e 832 cmd = mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev, data, len);
366a0336
JH		 833 if (!cmd) {
834 err = -ENOMEM;
eec8d2bc 835 goto failed;
366a0336 836 }
eec8d2bc 837
72a734ec 838 if (cp->val)
19202573 839 queue_work(hdev->req_workqueue, &hdev->power_on);
eec8d2bc 840 else
19202573 841 queue_work(hdev->req_workqueue, &hdev->power_off.work);
eec8d2bc 842
366a0336 843 err = 0;
eec8d2bc
JH		 844
845failed:
09fd0de5 846 hci_dev_unlock(hdev);
366a0336 847 return err;
eec8d2bc
JH		 848}
849
04124681
GP		 850static int mgmt_event(u16 event, struct hci_dev *hdev, void *data, u16 data_len,
851 struct sock *skip_sk)
beadb2bd
JH		 852{
853 struct sk_buff *skb;
854 struct mgmt_hdr *hdr;
855
790eff44 856 skb = alloc_skb(sizeof(*hdr) + data_len, GFP_KERNEL);
beadb2bd
JH		 857 if (!skb)
858 return -ENOMEM;
859
860 hdr = (void *) skb_put(skb, sizeof(*hdr));
861 hdr->opcode = cpu_to_le16(event);
862 if (hdev)
863 hdr->index = cpu_to_le16(hdev->id);
864 else
612dfce9 865 hdr->index = __constant_cpu_to_le16(MGMT_INDEX_NONE);
beadb2bd
JH		 866 hdr->len = cpu_to_le16(data_len);
867
868 if (data)
869 memcpy(skb_put(skb, data_len), data, data_len);
870
97e0bdeb
MH		 871 /* Time stamp */
872 __net_timestamp(skb);
873
beadb2bd
JH		 874 hci_send_to_control(skb, skip_sk);
875 kfree_skb(skb);
876
877 return 0;
878}
879
880static int new_settings(struct hci_dev *hdev, struct sock *skip)
881{
882 __le32 ev;
883
884 ev = cpu_to_le32(get_current_settings(hdev));
885
886 return mgmt_event(MGMT_EV_NEW_SETTINGS, hdev, &ev, sizeof(ev), skip);
887}
888
bd99abdd
JH		 889struct cmd_lookup {
890 struct sock *sk;
891 struct hci_dev *hdev;
892 u8 mgmt_status;
893};
894
895static void settings_rsp(struct pending_cmd *cmd, void *data)
896{
897 struct cmd_lookup *match = data;
898
899 send_settings_rsp(cmd->sk, cmd->opcode, match->hdev);
900
901 list_del(&cmd->list);
902
903 if (match->sk == NULL) {
904 match->sk = cmd->sk;
905 sock_hold(match->sk);
906 }
907
908 mgmt_pending_free(cmd);
909}
910
911static void cmd_status_rsp(struct pending_cmd *cmd, void *data)
912{
913 u8 *status = data;
914
915 cmd_status(cmd->sk, cmd->index, cmd->opcode, *status);
916 mgmt_pending_remove(cmd);
917}
918
bdb6d971 919static int set_discoverable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 920 u16 len)
73f22f62 921{
650f726d 922 struct mgmt_cp_set_discoverable *cp = data;
366a0336 923 struct pending_cmd *cmd;
5e5282bb 924 u16 timeout;
73f22f62
JH		 925 u8 scan;
926 int err;
927
bdb6d971 928 BT_DBG("request for %s", hdev->name);
73f22f62 929
33c525c0
JH		 930 if (!lmp_bredr_capable(hdev))
931 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
932 MGMT_STATUS_NOT_SUPPORTED);
933
a7e80f25
JH		 934 if (cp->val != 0x00 && cp->val != 0x01)
935 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
936 MGMT_STATUS_INVALID_PARAMS);
937
1f350c87 938 timeout = __le16_to_cpu(cp->timeout);
24c54a90 939 if (!cp->val && timeout > 0)
bdb6d971 940 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 941 MGMT_STATUS_INVALID_PARAMS);
73f22f62 942
09fd0de5 943 hci_dev_lock(hdev);
73f22f62 944
5e5282bb 945 if (!hdev_is_powered(hdev) && timeout > 0) {
bdb6d971 946 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 947 MGMT_STATUS_NOT_POWERED);
73f22f62
JH		 948 goto failed;
949 }
950
2e58ef3e 951 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
8ce8e2b5 952 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
bdb6d971 953 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 954 MGMT_STATUS_BUSY);
73f22f62
JH		 955 goto failed;
956 }
957
5e5282bb 958 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags)) {
bdb6d971 959 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 960 MGMT_STATUS_REJECTED);
5e5282bb
JH		 961 goto failed;
962 }
963
964 if (!hdev_is_powered(hdev)) {
0224d2fa
JH		 965 bool changed = false;
966
967 if (!!cp->val != test_bit(HCI_DISCOVERABLE, &hdev->dev_flags)) {
968 change_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
969 changed = true;
970 }
971
5e5282bb 972 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
0224d2fa
JH		 973 if (err < 0)
974 goto failed;
975
976 if (changed)
977 err = new_settings(hdev, sk);
978
5e5282bb
JH		 979 goto failed;
980 }
981
982 if (!!cp->val == test_bit(HCI_DISCOVERABLE, &hdev->dev_flags)) {
955638ec
MH		 983 if (hdev->discov_timeout > 0) {
984 cancel_delayed_work(&hdev->discov_off);
985 hdev->discov_timeout = 0;
986 }
987
988 if (cp->val && timeout > 0) {
989 hdev->discov_timeout = timeout;
990 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
991 msecs_to_jiffies(hdev->discov_timeout * 1000));
992 }
993
69ab39ea 994 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
73f22f62
JH		 995 goto failed;
996 }
997
2e58ef3e 998 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DISCOVERABLE, hdev, data, len);
366a0336
JH		 999 if (!cmd) {
1000 err = -ENOMEM;
73f22f62 1001 goto failed;
366a0336 1002 }
73f22f62
JH		 1003
1004 scan = SCAN_PAGE;
1005
72a734ec 1006 if (cp->val)
73f22f62 1007 scan |= SCAN_INQUIRY;
16ab91ab 1008 else
e0f9309f 1009 cancel_delayed_work(&hdev->discov_off);
73f22f62
JH		 1010
1011 err = hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1012 if (err < 0)
a664b5bc 1013 mgmt_pending_remove(cmd);
73f22f62 1014
16ab91ab 1015 if (cp->val)
5e5282bb 1016 hdev->discov_timeout = timeout;
16ab91ab 1017
73f22f62 1018failed:
09fd0de5 1019 hci_dev_unlock(hdev);
73f22f62
JH		 1020 return err;
1021}
1022
406d7804
JH		 1023static void write_fast_connectable(struct hci_request *req, bool enable)
1024{
bd98b996 1025 struct hci_dev *hdev = req->hdev;
406d7804
JH		 1026 struct hci_cp_write_page_scan_activity acp;
1027 u8 type;
1028
4c01f8b8
JH		 1029 if (hdev->hci_ver < BLUETOOTH_VER_1_2)
1030 return;
1031
406d7804
JH		 1032 if (enable) {
1033 type = PAGE_SCAN_TYPE_INTERLACED;
1034
1035 /* 160 msec page scan interval */
1036 acp.interval = __constant_cpu_to_le16(0x0100);
1037 } else {
1038 type = PAGE_SCAN_TYPE_STANDARD; /* default */
1039
1040 /* default 1.28 sec page scan */
1041 acp.interval = __constant_cpu_to_le16(0x0800);
1042 }
1043
1044 acp.window = __constant_cpu_to_le16(0x0012);
1045
bd98b996
JH		 1046 if (__cpu_to_le16(hdev->page_scan_interval) != acp.interval ||
1047 __cpu_to_le16(hdev->page_scan_window) != acp.window)
1048 hci_req_add(req, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY,
1049 sizeof(acp), &acp);
1050
1051 if (hdev->page_scan_type != type)
1052 hci_req_add(req, HCI_OP_WRITE_PAGE_SCAN_TYPE, 1, &type);
406d7804
JH		 1053}
1054
2b76f453
JH		 1055static void set_connectable_complete(struct hci_dev *hdev, u8 status)
1056{
1057 struct pending_cmd *cmd;
1058
1059 BT_DBG("status 0x%02x", status);
1060
1061 hci_dev_lock(hdev);
1062
1063 cmd = mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
1064 if (!cmd)
1065 goto unlock;
1066
1067 send_settings_rsp(cmd->sk, MGMT_OP_SET_CONNECTABLE, hdev);
1068
1069 mgmt_pending_remove(cmd);
1070
1071unlock:
1072 hci_dev_unlock(hdev);
1073}
1074
bdb6d971 1075static int set_connectable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1076 u16 len)
9fbcbb45 1077{
650f726d 1078 struct mgmt_mode *cp = data;
366a0336 1079 struct pending_cmd *cmd;
2b76f453 1080 struct hci_request req;
9fbcbb45
JH		 1081 u8 scan;
1082 int err;
1083
bdb6d971 1084 BT_DBG("request for %s", hdev->name);
9fbcbb45 1085
33c525c0
JH		 1086 if (!lmp_bredr_capable(hdev))
1087 return cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1088 MGMT_STATUS_NOT_SUPPORTED);
1089
a7e80f25
JH		 1090 if (cp->val != 0x00 && cp->val != 0x01)
1091 return cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1092 MGMT_STATUS_INVALID_PARAMS);
1093
09fd0de5 1094 hci_dev_lock(hdev);
9fbcbb45 1095
4b34ee78 1096 if (!hdev_is_powered(hdev)) {
0224d2fa
JH		 1097 bool changed = false;
1098
1099 if (!!cp->val != test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
1100 changed = true;
1101
6bf0e469 1102 if (cp->val) {
5e5282bb 1103 set_bit(HCI_CONNECTABLE, &hdev->dev_flags);
6bf0e469 1104 } else {
5e5282bb
JH		 1105 clear_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1106 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
1107 }
0224d2fa 1108
5e5282bb 1109 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
0224d2fa
JH		 1110 if (err < 0)
1111 goto failed;
1112
1113 if (changed)
1114 err = new_settings(hdev, sk);
1115
9fbcbb45
JH		 1116 goto failed;
1117 }
1118
2e58ef3e 1119 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
8ce8e2b5 1120 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
bdb6d971 1121 err = cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
04124681 1122 MGMT_STATUS_BUSY);
9fbcbb45
JH		 1123 goto failed;
1124 }
1125
5e5282bb 1126 if (!!cp->val == test_bit(HCI_PSCAN, &hdev->flags)) {
69ab39ea 1127 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
9fbcbb45
JH		 1128 goto failed;
1129 }
1130
2e58ef3e 1131 cmd = mgmt_pending_add(sk, MGMT_OP_SET_CONNECTABLE, hdev, data, len);
366a0336
JH		 1132 if (!cmd) {
1133 err = -ENOMEM;
9fbcbb45 1134 goto failed;
366a0336 1135 }
9fbcbb45 1136
6bf0e469 1137 if (cp->val) {
9fbcbb45 1138 scan = SCAN_PAGE;
6bf0e469 1139 } else {
9fbcbb45
JH		 1140 scan = 0;
1141
df2c6c5e 1142 if (test_bit(HCI_ISCAN, &hdev->flags) &&
8ce8e2b5 1143 hdev->discov_timeout > 0)
df2c6c5e
JH		 1144 cancel_delayed_work(&hdev->discov_off);
1145 }
1146
2b76f453
JH		 1147 hci_req_init(&req, hdev);
1148
1149 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1150
4c01f8b8
JH		 1151 /* If we're going from non-connectable to connectable or
1152 * vice-versa when fast connectable is enabled ensure that fast
1153 * connectable gets disabled. write_fast_connectable won't do
1154 * anything if the page scan parameters are already what they
1155 * should be.
1156 */
1157 if (cp->val || test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags))
e36a3769
JH		 1158 write_fast_connectable(&req, false);
1159
2b76f453 1160 err = hci_req_run(&req, set_connectable_complete);
9fbcbb45 1161 if (err < 0)
a664b5bc 1162 mgmt_pending_remove(cmd);
9fbcbb45
JH		 1163
1164failed:
09fd0de5 1165 hci_dev_unlock(hdev);
9fbcbb45
JH		 1166 return err;
1167}
1168
bdb6d971 1169static int set_pairable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1170 u16 len)
c542a06c 1171{
650f726d 1172 struct mgmt_mode *cp = data;
c542a06c
JH		 1173 int err;
1174
bdb6d971 1175 BT_DBG("request for %s", hdev->name);
c542a06c 1176
a7e80f25
JH		 1177 if (cp->val != 0x00 && cp->val != 0x01)
1178 return cmd_status(sk, hdev->id, MGMT_OP_SET_PAIRABLE,
1179 MGMT_STATUS_INVALID_PARAMS);
1180
09fd0de5 1181 hci_dev_lock(hdev);
c542a06c
JH		 1182
1183 if (cp->val)
a8b2d5c2 1184 set_bit(HCI_PAIRABLE, &hdev->dev_flags);
c542a06c 1185 else
a8b2d5c2 1186 clear_bit(HCI_PAIRABLE, &hdev->dev_flags);
c542a06c 1187
69ab39ea 1188 err = send_settings_rsp(sk, MGMT_OP_SET_PAIRABLE, hdev);
c542a06c
JH		 1189 if (err < 0)
1190 goto failed;
1191
beadb2bd 1192 err = new_settings(hdev, sk);
c542a06c
JH		 1193
1194failed:
09fd0de5 1195 hci_dev_unlock(hdev);
c542a06c
JH		 1196 return err;
1197}
1198
04124681
GP		 1199static int set_link_security(struct sock *sk, struct hci_dev *hdev, void *data,
1200 u16 len)
33ef95ed
JH		 1201{
1202 struct mgmt_mode *cp = data;
1203 struct pending_cmd *cmd;
816a11d5 1204 u8 val;
33ef95ed
JH		 1205 int err;
1206
bdb6d971 1207 BT_DBG("request for %s", hdev->name);
33ef95ed 1208
33c525c0
JH		 1209 if (!lmp_bredr_capable(hdev))
1210 return cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1211 MGMT_STATUS_NOT_SUPPORTED);
1212
a7e80f25
JH		 1213 if (cp->val != 0x00 && cp->val != 0x01)
1214 return cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1215 MGMT_STATUS_INVALID_PARAMS);
1216
33ef95ed
JH		 1217 hci_dev_lock(hdev);
1218
4b34ee78 1219 if (!hdev_is_powered(hdev)) {
47990ea0
JH		 1220 bool changed = false;
1221
1222 if (!!cp->val != test_bit(HCI_LINK_SECURITY,
8ce8e2b5 1223 &hdev->dev_flags)) {
47990ea0
JH		 1224 change_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
1225 changed = true;
1226 }
1227
1228 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1229 if (err < 0)
1230 goto failed;
1231
1232 if (changed)
1233 err = new_settings(hdev, sk);
1234
33ef95ed
JH		 1235 goto failed;
1236 }
1237
1238 if (mgmt_pending_find(MGMT_OP_SET_LINK_SECURITY, hdev)) {
bdb6d971 1239 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
04124681 1240 MGMT_STATUS_BUSY);
33ef95ed
JH		 1241 goto failed;
1242 }
1243
1244 val = !!cp->val;
1245
1246 if (test_bit(HCI_AUTH, &hdev->flags) == val) {
1247 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1248 goto failed;
1249 }
1250
1251 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LINK_SECURITY, hdev, data, len);
1252 if (!cmd) {
1253 err = -ENOMEM;
1254 goto failed;
1255 }
1256
1257 err = hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE, sizeof(val), &val);
1258 if (err < 0) {
1259 mgmt_pending_remove(cmd);
1260 goto failed;
1261 }
1262
1263failed:
1264 hci_dev_unlock(hdev);
33ef95ed
JH		 1265 return err;
1266}
1267
bdb6d971 1268static int set_ssp(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
ed2c4ee3
JH		 1269{
1270 struct mgmt_mode *cp = data;
1271 struct pending_cmd *cmd;
816a11d5 1272 u8 val;
ed2c4ee3
JH		 1273 int err;
1274
bdb6d971 1275 BT_DBG("request for %s", hdev->name);
ed2c4ee3 1276
13ecd8b6
JH		 1277 if (!lmp_ssp_capable(hdev))
1278 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1279 MGMT_STATUS_NOT_SUPPORTED);
ed2c4ee3 1280
a7e80f25
JH		 1281 if (cp->val != 0x00 && cp->val != 0x01)
1282 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1283 MGMT_STATUS_INVALID_PARAMS);
1284
13ecd8b6 1285 hci_dev_lock(hdev);
6c8f12c1 1286
c0ecddc2
JH		 1287 val = !!cp->val;
1288
4b34ee78 1289 if (!hdev_is_powered(hdev)) {
c0ecddc2
JH		 1290 bool changed = false;
1291
1292 if (val != test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) {
1293 change_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
1294 changed = true;
1295 }
1296
1297 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1298 if (err < 0)
1299 goto failed;
1300
1301 if (changed)
1302 err = new_settings(hdev, sk);
1303
ed2c4ee3
JH		 1304 goto failed;
1305 }
1306
1307 if (mgmt_pending_find(MGMT_OP_SET_SSP, hdev)) {
d97dcb66
SJ		 1308 err = cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1309 MGMT_STATUS_BUSY);
ed2c4ee3
JH		 1310 goto failed;
1311 }
1312
ed2c4ee3
JH		 1313 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags) == val) {
1314 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1315 goto failed;
1316 }
1317
1318 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SSP, hdev, data, len);
1319 if (!cmd) {
1320 err = -ENOMEM;
1321 goto failed;
1322 }
1323
1324 err = hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, sizeof(val), &val);
1325 if (err < 0) {
1326 mgmt_pending_remove(cmd);
1327 goto failed;
1328 }
1329
1330failed:
1331 hci_dev_unlock(hdev);
ed2c4ee3
JH		 1332 return err;
1333}
1334
bdb6d971 1335static int set_hs(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
6d80dfd0
JH		 1336{
1337 struct mgmt_mode *cp = data;
6d80dfd0 1338
bdb6d971 1339 BT_DBG("request for %s", hdev->name);
6d80dfd0 1340
bdb6d971
JH		 1341 if (!enable_hs)
1342 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
04124681 1343 MGMT_STATUS_NOT_SUPPORTED);
6d80dfd0 1344
a7e80f25
JH		 1345 if (cp->val != 0x00 && cp->val != 0x01)
1346 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1347 MGMT_STATUS_INVALID_PARAMS);
1348
6d80dfd0
JH		 1349 if (cp->val)
1350 set_bit(HCI_HS_ENABLED, &hdev->dev_flags);
1351 else
1352 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
1353
bdb6d971 1354 return send_settings_rsp(sk, MGMT_OP_SET_HS, hdev);
6d80dfd0
JH		 1355}
1356
bdb6d971 1357static int set_le(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
06199cf8
JH		 1358{
1359 struct mgmt_mode *cp = data;
1360 struct hci_cp_write_le_host_supported hci_cp;
1361 struct pending_cmd *cmd;
06199cf8 1362 int err;
0b60eba1 1363 u8 val, enabled;
06199cf8 1364
bdb6d971 1365 BT_DBG("request for %s", hdev->name);
06199cf8 1366
13ecd8b6
JH		 1367 if (!lmp_le_capable(hdev))
1368 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1369 MGMT_STATUS_NOT_SUPPORTED);
1de028ce 1370
a7e80f25
JH		 1371 if (cp->val != 0x00 && cp->val != 0x01)
1372 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1373 MGMT_STATUS_INVALID_PARAMS);
1374
c73eee91
JH		 1375 /* LE-only devices do not allow toggling LE on/off */
1376 if (!lmp_bredr_capable(hdev))
1377 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1378 MGMT_STATUS_REJECTED);
1379
13ecd8b6 1380 hci_dev_lock(hdev);
06199cf8
JH		 1381
1382 val = !!cp->val;
ffa88e02 1383 enabled = lmp_host_le_capable(hdev);
06199cf8 1384
0b60eba1 1385 if (!hdev_is_powered(hdev) || val == enabled) {
06199cf8
JH		 1386 bool changed = false;
1387
1388 if (val != test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
1389 change_bit(HCI_LE_ENABLED, &hdev->dev_flags);
1390 changed = true;
1391 }
1392
1393 err = send_settings_rsp(sk, MGMT_OP_SET_LE, hdev);
1394 if (err < 0)
1de028ce 1395 goto unlock;
06199cf8
JH		 1396
1397 if (changed)
1398 err = new_settings(hdev, sk);
1399
1de028ce 1400 goto unlock;
06199cf8
JH		 1401 }
1402
1403 if (mgmt_pending_find(MGMT_OP_SET_LE, hdev)) {
bdb6d971 1404 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
04124681 1405 MGMT_STATUS_BUSY);
1de028ce 1406 goto unlock;
06199cf8
JH		 1407 }
1408
1409 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LE, hdev, data, len);
1410 if (!cmd) {
1411 err = -ENOMEM;
1de028ce 1412 goto unlock;
06199cf8
JH		 1413 }
1414
1415 memset(&hci_cp, 0, sizeof(hci_cp));
1416
1417 if (val) {
1418 hci_cp.le = val;
ffa88e02 1419 hci_cp.simul = lmp_le_br_capable(hdev);
06199cf8
JH		 1420 }
1421
04124681
GP		 1422 err = hci_send_cmd(hdev, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(hci_cp),
1423 &hci_cp);
0c01bc48 1424 if (err < 0)
06199cf8 1425 mgmt_pending_remove(cmd);
06199cf8 1426
1de028ce
JH		 1427unlock:
1428 hci_dev_unlock(hdev);
06199cf8
JH		 1429 return err;
1430}
1431
0cab9c80
JH		 1432/* This is a helper function to test for pending mgmt commands that can
1433 * cause CoD or EIR HCI commands. We can only allow one such pending
1434 * mgmt command at a time since otherwise we cannot easily track what
1435 * the current values are, will be, and based on that calculate if a new
1436 * HCI command needs to be sent and if yes with what value.
1437 */
1438static bool pending_eir_or_class(struct hci_dev *hdev)
1439{
1440 struct pending_cmd *cmd;
1441
1442 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
1443 switch (cmd->opcode) {
1444 case MGMT_OP_ADD_UUID:
1445 case MGMT_OP_REMOVE_UUID:
1446 case MGMT_OP_SET_DEV_CLASS:
1447 case MGMT_OP_SET_POWERED:
1448 return true;
1449 }
1450 }
1451
1452 return false;
1453}
1454
83be8eca
JH		 1455static const u8 bluetooth_base_uuid[] = {
1456 0xfb, 0x34, 0x9b, 0x5f, 0x80, 0x00, 0x00, 0x80,
1457 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1458};
1459
1460static u8 get_uuid_size(const u8 *uuid)
1461{
1462 u32 val;
1463
1464 if (memcmp(uuid, bluetooth_base_uuid, 12))
1465 return 128;
1466
1467 val = get_unaligned_le32(&uuid[12]);
1468 if (val > 0xffff)
1469 return 32;
1470
1471 return 16;
1472}
1473
92da6097
JH		 1474static void mgmt_class_complete(struct hci_dev *hdev, u16 mgmt_op, u8 status)
1475{
1476 struct pending_cmd *cmd;
1477
1478 hci_dev_lock(hdev);
1479
1480 cmd = mgmt_pending_find(mgmt_op, hdev);
1481 if (!cmd)
1482 goto unlock;
1483
1484 cmd_complete(cmd->sk, cmd->index, cmd->opcode, mgmt_status(status),
1485 hdev->dev_class, 3);
1486
1487 mgmt_pending_remove(cmd);
1488
1489unlock:
1490 hci_dev_unlock(hdev);
1491}
1492
1493static void add_uuid_complete(struct hci_dev *hdev, u8 status)
1494{
1495 BT_DBG("status 0x%02x", status);
1496
1497 mgmt_class_complete(hdev, MGMT_OP_ADD_UUID, status);
1498}
1499
bdb6d971 1500static int add_uuid(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
2aeb9a1a 1501{
650f726d 1502 struct mgmt_cp_add_uuid *cp = data;
90e70454 1503 struct pending_cmd *cmd;
890ea898 1504 struct hci_request req;
2aeb9a1a 1505 struct bt_uuid *uuid;
2aeb9a1a
JH		 1506 int err;
1507
bdb6d971 1508 BT_DBG("request for %s", hdev->name);
2aeb9a1a 1509
09fd0de5 1510 hci_dev_lock(hdev);
2aeb9a1a 1511
0cab9c80 1512 if (pending_eir_or_class(hdev)) {
bdb6d971 1513 err = cmd_status(sk, hdev->id, MGMT_OP_ADD_UUID,
04124681 1514 MGMT_STATUS_BUSY);
c95f0ba7
JH		 1515 goto failed;
1516 }
1517
92c4c204 1518 uuid = kmalloc(sizeof(*uuid), GFP_KERNEL);
2aeb9a1a
JH		 1519 if (!uuid) {
1520 err = -ENOMEM;
1521 goto failed;
1522 }
1523
1524 memcpy(uuid->uuid, cp->uuid, 16);
1aff6f09 1525 uuid->svc_hint = cp->svc_hint;
83be8eca 1526 uuid->size = get_uuid_size(cp->uuid);
2aeb9a1a 1527
de66aa63 1528 list_add_tail(&uuid->list, &hdev->uuids);
2aeb9a1a 1529
890ea898 1530 hci_req_init(&req, hdev);
1aff6f09 1531
890ea898
JH		 1532 update_class(&req);
1533 update_eir(&req);
1534
92da6097
JH		 1535 err = hci_req_run(&req, add_uuid_complete);
1536 if (err < 0) {
1537 if (err != -ENODATA)
1538 goto failed;
80a1e1db 1539
bdb6d971 1540 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_UUID, 0,
04124681 1541 hdev->dev_class, 3);
90e70454
JH		 1542 goto failed;
1543 }
1544
1545 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_UUID, hdev, data, len);
890ea898 1546 if (!cmd) {
90e70454 1547 err = -ENOMEM;
890ea898
JH		 1548 goto failed;
1549 }
1550
1551 err = 0;
2aeb9a1a
JH		 1552
1553failed:
09fd0de5 1554 hci_dev_unlock(hdev);
2aeb9a1a
JH		 1555 return err;
1556}
1557
24b78d0f
JH		 1558static bool enable_service_cache(struct hci_dev *hdev)
1559{
1560 if (!hdev_is_powered(hdev))
1561 return false;
1562
1563 if (!test_and_set_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
46818ed5
JH		 1564 queue_delayed_work(hdev->workqueue, &hdev->service_cache,
1565 CACHE_TIMEOUT);
24b78d0f
JH		 1566 return true;
1567 }
1568
1569 return false;
1570}
1571
92da6097
JH		 1572static void remove_uuid_complete(struct hci_dev *hdev, u8 status)
1573{
1574 BT_DBG("status 0x%02x", status);
1575
1576 mgmt_class_complete(hdev, MGMT_OP_REMOVE_UUID, status);
1577}
1578
bdb6d971 1579static int remove_uuid(struct sock *sk, struct hci_dev *hdev, void *data,
8ce8e2b5 1580 u16 len)
2aeb9a1a 1581{
650f726d 1582 struct mgmt_cp_remove_uuid *cp = data;
90e70454 1583 struct pending_cmd *cmd;
056341c8 1584 struct bt_uuid *match, *tmp;
2aeb9a1a 1585 u8 bt_uuid_any[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
890ea898 1586 struct hci_request req;
2aeb9a1a
JH		 1587 int err, found;
1588
bdb6d971 1589 BT_DBG("request for %s", hdev->name);
2aeb9a1a 1590
09fd0de5 1591 hci_dev_lock(hdev);
2aeb9a1a 1592
0cab9c80 1593 if (pending_eir_or_class(hdev)) {
bdb6d971 1594 err = cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
04124681 1595 MGMT_STATUS_BUSY);
c95f0ba7
JH		 1596 goto unlock;
1597 }
1598
2aeb9a1a
JH		 1599 if (memcmp(cp->uuid, bt_uuid_any, 16) == 0) {
1600 err = hci_uuids_clear(hdev);
4004b6d9 1601
24b78d0f 1602 if (enable_service_cache(hdev)) {
bdb6d971 1603 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID,
04124681 1604 0, hdev->dev_class, 3);
24b78d0f
JH		 1605 goto unlock;
1606 }
4004b6d9 1607
9246a869 1608 goto update_class;
2aeb9a1a
JH		 1609 }
1610
1611 found = 0;
1612
056341c8 1613 list_for_each_entry_safe(match, tmp, &hdev->uuids, list) {
2aeb9a1a
JH		 1614 if (memcmp(match->uuid, cp->uuid, 16) != 0)
1615 continue;
1616
1617 list_del(&match->list);
482049f7 1618 kfree(match);
2aeb9a1a
JH		 1619 found++;
1620 }
1621
1622 if (found == 0) {
bdb6d971 1623 err = cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
04124681 1624 MGMT_STATUS_INVALID_PARAMS);
2aeb9a1a
JH		 1625 goto unlock;
1626 }
1627
9246a869 1628update_class:
890ea898 1629 hci_req_init(&req, hdev);
1aff6f09 1630
890ea898
JH		 1631 update_class(&req);
1632 update_eir(&req);
1633
92da6097
JH		 1634 err = hci_req_run(&req, remove_uuid_complete);
1635 if (err < 0) {
1636 if (err != -ENODATA)
1637 goto unlock;
80a1e1db 1638
bdb6d971 1639 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID, 0,
04124681 1640 hdev->dev_class, 3);
90e70454
JH		 1641 goto unlock;
1642 }
1643
1644 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_UUID, hdev, data, len);
890ea898 1645 if (!cmd) {
90e70454 1646 err = -ENOMEM;
890ea898
JH		 1647 goto unlock;
1648 }
1649
1650 err = 0;
2aeb9a1a
JH		 1651
1652unlock:
09fd0de5 1653 hci_dev_unlock(hdev);
2aeb9a1a
JH		 1654 return err;
1655}
1656
92da6097
JH		 1657static void set_class_complete(struct hci_dev *hdev, u8 status)
1658{
1659 BT_DBG("status 0x%02x", status);
1660
1661 mgmt_class_complete(hdev, MGMT_OP_SET_DEV_CLASS, status);
1662}
1663
bdb6d971 1664static int set_dev_class(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1665 u16 len)
1aff6f09 1666{
650f726d 1667 struct mgmt_cp_set_dev_class *cp = data;
90e70454 1668 struct pending_cmd *cmd;
890ea898 1669 struct hci_request req;
1aff6f09
JH		 1670 int err;
1671
bdb6d971 1672 BT_DBG("request for %s", hdev->name);
1aff6f09 1673
13ecd8b6
JH		 1674 if (!lmp_bredr_capable(hdev))
1675 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
1676 MGMT_STATUS_NOT_SUPPORTED);
1aff6f09 1677
0cab9c80 1678 hci_dev_lock(hdev);
ee98f473 1679
0cab9c80
JH		 1680 if (pending_eir_or_class(hdev)) {
1681 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
1682 MGMT_STATUS_BUSY);
1683 goto unlock;
1684 }
c95f0ba7 1685
0cab9c80
JH		 1686 if ((cp->minor & 0x03) != 0 || (cp->major & 0xe0) != 0) {
1687 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
1688 MGMT_STATUS_INVALID_PARAMS);
1689 goto unlock;
1690 }
575b3a02 1691
932f5ff5
JH		 1692 hdev->major_class = cp->major;
1693 hdev->minor_class = cp->minor;
1694
b5235a65 1695 if (!hdev_is_powered(hdev)) {
bdb6d971 1696 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
04124681 1697 hdev->dev_class, 3);
b5235a65
JH		 1698 goto unlock;
1699 }
1700
890ea898
JH		 1701 hci_req_init(&req, hdev);
1702
a8b2d5c2 1703 if (test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
7d78525d
JH		 1704 hci_dev_unlock(hdev);
1705 cancel_delayed_work_sync(&hdev->service_cache);
1706 hci_dev_lock(hdev);
890ea898 1707 update_eir(&req);
7d78525d 1708 }
14c0b608 1709
890ea898
JH		 1710 update_class(&req);
1711
92da6097
JH		 1712 err = hci_req_run(&req, set_class_complete);
1713 if (err < 0) {
1714 if (err != -ENODATA)
1715 goto unlock;
1aff6f09 1716
bdb6d971 1717 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
04124681 1718 hdev->dev_class, 3);
90e70454
JH		 1719 goto unlock;
1720 }
1721
1722 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DEV_CLASS, hdev, data, len);
890ea898 1723 if (!cmd) {
90e70454 1724 err = -ENOMEM;
890ea898
JH		 1725 goto unlock;
1726 }
1727
1728 err = 0;
1aff6f09 1729
b5235a65 1730unlock:
09fd0de5 1731 hci_dev_unlock(hdev);
1aff6f09
JH		 1732 return err;
1733}
1734
bdb6d971 1735static int load_link_keys(struct sock *sk, struct hci_dev *hdev, void *data,
8ce8e2b5 1736 u16 len)
55ed8ca1 1737{
650f726d 1738 struct mgmt_cp_load_link_keys *cp = data;
4e51eae9 1739 u16 key_count, expected_len;
a492cd52 1740 int i;
55ed8ca1 1741
1f350c87 1742 key_count = __le16_to_cpu(cp->key_count);
55ed8ca1 1743
86742e1e
JH		 1744 expected_len = sizeof(*cp) + key_count *
1745 sizeof(struct mgmt_link_key_info);
a492cd52 1746 if (expected_len != len) {
86742e1e 1747 BT_ERR("load_link_keys: expected %u bytes, got %u bytes",
8ce8e2b5 1748 len, expected_len);
bdb6d971 1749 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
04124681 1750 MGMT_STATUS_INVALID_PARAMS);
55ed8ca1
JH		 1751 }
1752
4ae14301
JH		 1753 if (cp->debug_keys != 0x00 && cp->debug_keys != 0x01)
1754 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
1755 MGMT_STATUS_INVALID_PARAMS);
1756
bdb6d971 1757 BT_DBG("%s debug_keys %u key_count %u", hdev->name, cp->debug_keys,
8ce8e2b5 1758 key_count);
55ed8ca1 1759
4ee71b20
JH		 1760 for (i = 0; i < key_count; i++) {
1761 struct mgmt_link_key_info *key = &cp->keys[i];
1762
1763 if (key->addr.type != BDADDR_BREDR)
1764 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
1765 MGMT_STATUS_INVALID_PARAMS);
1766 }
1767
09fd0de5 1768 hci_dev_lock(hdev);
55ed8ca1
JH		 1769
1770 hci_link_keys_clear(hdev);
1771
55ed8ca1 1772 if (cp->debug_keys)
a8b2d5c2 1773 set_bit(HCI_DEBUG_KEYS, &hdev->dev_flags);
55ed8ca1 1774 else
a8b2d5c2 1775 clear_bit(HCI_DEBUG_KEYS, &hdev->dev_flags);
55ed8ca1 1776
a492cd52 1777 for (i = 0; i < key_count; i++) {
86742e1e 1778 struct mgmt_link_key_info *key = &cp->keys[i];
55ed8ca1 1779
d753fdc4 1780 hci_add_link_key(hdev, NULL, 0, &key->addr.bdaddr, key->val,
04124681 1781 key->type, key->pin_len);
55ed8ca1
JH		 1782 }
1783
bdb6d971 1784 cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS, 0, NULL, 0);
0e5f875a 1785
09fd0de5 1786 hci_dev_unlock(hdev);
55ed8ca1 1787
a492cd52 1788 return 0;
55ed8ca1
JH		 1789}
1790
b1078ad0 1791static int device_unpaired(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 1792 u8 addr_type, struct sock *skip_sk)
b1078ad0
JH		 1793{
1794 struct mgmt_ev_device_unpaired ev;
1795
1796 bacpy(&ev.addr.bdaddr, bdaddr);
1797 ev.addr.type = addr_type;
1798
1799 return mgmt_event(MGMT_EV_DEVICE_UNPAIRED, hdev, &ev, sizeof(ev),
04124681 1800 skip_sk);
b1078ad0
JH		 1801}
1802
bdb6d971 1803static int unpair_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1804 u16 len)
55ed8ca1 1805{
124f6e35
JH		 1806 struct mgmt_cp_unpair_device *cp = data;
1807 struct mgmt_rp_unpair_device rp;
a8a1d19e
JH		 1808 struct hci_cp_disconnect dc;
1809 struct pending_cmd *cmd;
55ed8ca1 1810 struct hci_conn *conn;
55ed8ca1
JH		 1811 int err;
1812
a8a1d19e 1813 memset(&rp, 0, sizeof(rp));
124f6e35
JH		 1814 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
1815 rp.addr.type = cp->addr.type;
a8a1d19e 1816
4ee71b20
JH		 1817 if (!bdaddr_type_is_valid(cp->addr.type))
1818 return cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
1819 MGMT_STATUS_INVALID_PARAMS,
1820 &rp, sizeof(rp));
1821
118da70b
JH		 1822 if (cp->disconnect != 0x00 && cp->disconnect != 0x01)
1823 return cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
1824 MGMT_STATUS_INVALID_PARAMS,
1825 &rp, sizeof(rp));
1826
4ee71b20
JH		 1827 hci_dev_lock(hdev);
1828
86a8cfc6 1829 if (!hdev_is_powered(hdev)) {
bdb6d971 1830 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
04124681 1831 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
86a8cfc6
JH		 1832 goto unlock;
1833 }
1834
591f47f3 1835 if (cp->addr.type == BDADDR_BREDR)
124f6e35
JH		 1836 err = hci_remove_link_key(hdev, &cp->addr.bdaddr);
1837 else
1838 err = hci_remove_ltk(hdev, &cp->addr.bdaddr);
b0dbfb46 1839
55ed8ca1 1840 if (err < 0) {
bdb6d971 1841 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
04124681 1842 MGMT_STATUS_NOT_PAIRED, &rp, sizeof(rp));
55ed8ca1
JH		 1843 goto unlock;
1844 }
1845
86a8cfc6 1846 if (cp->disconnect) {
591f47f3 1847 if (cp->addr.type == BDADDR_BREDR)
86a8cfc6 1848 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
8ce8e2b5 1849 &cp->addr.bdaddr);
86a8cfc6
JH		 1850 else
1851 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK,
8ce8e2b5 1852 &cp->addr.bdaddr);
86a8cfc6
JH		 1853 } else {
1854 conn = NULL;
1855 }
124f6e35 1856
a8a1d19e 1857 if (!conn) {
bdb6d971 1858 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE, 0,
04124681 1859 &rp, sizeof(rp));
b1078ad0 1860 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, sk);
a8a1d19e
JH		 1861 goto unlock;
1862 }
55ed8ca1 1863
124f6e35 1864 cmd = mgmt_pending_add(sk, MGMT_OP_UNPAIR_DEVICE, hdev, cp,
04124681 1865 sizeof(*cp));
a8a1d19e
JH		 1866 if (!cmd) {
1867 err = -ENOMEM;
1868 goto unlock;
55ed8ca1
JH		 1869 }
1870
eb55ef07 1871 dc.handle = cpu_to_le16(conn->handle);
a8a1d19e
JH		 1872 dc.reason = 0x13; /* Remote User Terminated Connection */
1873 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
1874 if (err < 0)
1875 mgmt_pending_remove(cmd);
1876
55ed8ca1 1877unlock:
09fd0de5 1878 hci_dev_unlock(hdev);
55ed8ca1
JH		 1879 return err;
1880}
1881
bdb6d971 1882static int disconnect(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1883 u16 len)
8962ee74 1884{
650f726d 1885 struct mgmt_cp_disconnect *cp = data;
06a63b19 1886 struct mgmt_rp_disconnect rp;
8962ee74 1887 struct hci_cp_disconnect dc;
366a0336 1888 struct pending_cmd *cmd;
8962ee74 1889 struct hci_conn *conn;
8962ee74
JH		 1890 int err;
1891
1892 BT_DBG("");
1893
06a63b19
JH		 1894 memset(&rp, 0, sizeof(rp));
1895 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
1896 rp.addr.type = cp->addr.type;
1897
4ee71b20 1898 if (!bdaddr_type_is_valid(cp->addr.type))
06a63b19
JH		 1899 return cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
1900 MGMT_STATUS_INVALID_PARAMS,
1901 &rp, sizeof(rp));
4ee71b20 1902
09fd0de5 1903 hci_dev_lock(hdev);
8962ee74
JH		 1904
1905 if (!test_bit(HCI_UP, &hdev->flags)) {
06a63b19
JH		 1906 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
1907 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
8962ee74
JH		 1908 goto failed;
1909 }
1910
2e58ef3e 1911 if (mgmt_pending_find(MGMT_OP_DISCONNECT, hdev)) {
06a63b19
JH		 1912 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
1913 MGMT_STATUS_BUSY, &rp, sizeof(rp));
8962ee74
JH		 1914 goto failed;
1915 }
1916
591f47f3 1917 if (cp->addr.type == BDADDR_BREDR)
8fc9ced3
GP		 1918 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
1919 &cp->addr.bdaddr);
88c3df13
JH		 1920 else
1921 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
365227e5 1922
f960727e 1923 if (!conn || conn->state == BT_OPEN || conn->state == BT_CLOSED) {
06a63b19
JH		 1924 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
1925 MGMT_STATUS_NOT_CONNECTED, &rp, sizeof(rp));
8962ee74
JH		 1926 goto failed;
1927 }
1928
2e58ef3e 1929 cmd = mgmt_pending_add(sk, MGMT_OP_DISCONNECT, hdev, data, len);
366a0336
JH		 1930 if (!cmd) {
1931 err = -ENOMEM;
8962ee74 1932 goto failed;
366a0336 1933 }
8962ee74 1934
eb55ef07 1935 dc.handle = cpu_to_le16(conn->handle);
3701f944 1936 dc.reason = HCI_ERROR_REMOTE_USER_TERM;
8962ee74
JH		 1937
1938 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
1939 if (err < 0)
a664b5bc 1940 mgmt_pending_remove(cmd);
8962ee74
JH		 1941
1942failed:
09fd0de5 1943 hci_dev_unlock(hdev);
8962ee74
JH		 1944 return err;
1945}
1946
57c1477c 1947static u8 link_to_bdaddr(u8 link_type, u8 addr_type)
4c659c39
JH		 1948{
1949 switch (link_type) {
1950 case LE_LINK:
48264f06
JH		 1951 switch (addr_type) {
1952 case ADDR_LE_DEV_PUBLIC:
591f47f3 1953 return BDADDR_LE_PUBLIC;
0ed09148 1954
48264f06 1955 default:
0ed09148 1956 /* Fallback to LE Random address type */
591f47f3 1957 return BDADDR_LE_RANDOM;
48264f06 1958 }
0ed09148 1959
4c659c39 1960 default:
0ed09148 1961 /* Fallback to BR/EDR type */
591f47f3 1962 return BDADDR_BREDR;
4c659c39
JH		 1963 }
1964}
1965
04124681
GP		 1966static int get_connections(struct sock *sk, struct hci_dev *hdev, void *data,
1967 u16 data_len)
2784eb41 1968{
2784eb41 1969 struct mgmt_rp_get_connections *rp;
8035ded4 1970 struct hci_conn *c;
a38528f1 1971 size_t rp_len;
60fc5fb6
JH		 1972 int err;
1973 u16 i;
2784eb41
JH		 1974
1975 BT_DBG("");
1976
09fd0de5 1977 hci_dev_lock(hdev);
2784eb41 1978
5f97c1df 1979 if (!hdev_is_powered(hdev)) {
bdb6d971 1980 err = cmd_status(sk, hdev->id, MGMT_OP_GET_CONNECTIONS,
04124681 1981 MGMT_STATUS_NOT_POWERED);
5f97c1df
JH		 1982 goto unlock;
1983 }
1984
60fc5fb6 1985 i = 0;
b644ba33
JH		 1986 list_for_each_entry(c, &hdev->conn_hash.list, list) {
1987 if (test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
60fc5fb6 1988 i++;
2784eb41
JH		 1989 }
1990
60fc5fb6 1991 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
92c4c204 1992 rp = kmalloc(rp_len, GFP_KERNEL);
a38528f1 1993 if (!rp) {
2784eb41
JH		 1994 err = -ENOMEM;
1995 goto unlock;
1996 }
1997
2784eb41 1998 i = 0;
4c659c39 1999 list_for_each_entry(c, &hdev->conn_hash.list, list) {
b644ba33
JH		 2000 if (!test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
2001 continue;
4c659c39 2002 bacpy(&rp->addr[i].bdaddr, &c->dst);
57c1477c 2003 rp->addr[i].type = link_to_bdaddr(c->type, c->dst_type);
0ed09148 2004 if (c->type == SCO_LINK || c->type == ESCO_LINK)
4c659c39
JH		 2005 continue;
2006 i++;
2007 }
2008
eb55ef07 2009 rp->conn_count = cpu_to_le16(i);
60fc5fb6 2010
4c659c39
JH		 2011 /* Recalculate length in case of filtered SCO connections, etc */
2012 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
2784eb41 2013
bdb6d971 2014 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CONNECTIONS, 0, rp,
04124681 2015 rp_len);
2784eb41 2016
a38528f1 2017 kfree(rp);
5f97c1df
JH		 2018
2019unlock:
09fd0de5 2020 hci_dev_unlock(hdev);
2784eb41
JH		 2021 return err;
2022}
2023
bdb6d971 2024static int send_pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 2025 struct mgmt_cp_pin_code_neg_reply *cp)
96d97a67
WR		 2026{
2027 struct pending_cmd *cmd;
2028 int err;
2029
2e58ef3e 2030 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_NEG_REPLY, hdev, cp,
04124681 2031 sizeof(*cp));
96d97a67
WR		 2032 if (!cmd)
2033 return -ENOMEM;
2034
d8457698 2035 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
04124681 2036 sizeof(cp->addr.bdaddr), &cp->addr.bdaddr);
96d97a67
WR		 2037 if (err < 0)
2038 mgmt_pending_remove(cmd);
2039
2040 return err;
2041}
2042
bdb6d971 2043static int pin_code_reply(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2044 u16 len)
980e1a53 2045{
96d97a67 2046 struct hci_conn *conn;
650f726d 2047 struct mgmt_cp_pin_code_reply *cp = data;
980e1a53 2048 struct hci_cp_pin_code_reply reply;
366a0336 2049 struct pending_cmd *cmd;
980e1a53
JH		 2050 int err;
2051
2052 BT_DBG("");
2053
09fd0de5 2054 hci_dev_lock(hdev);
980e1a53 2055
4b34ee78 2056 if (!hdev_is_powered(hdev)) {
bdb6d971 2057 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
04124681 2058 MGMT_STATUS_NOT_POWERED);
980e1a53
JH		 2059 goto failed;
2060 }
2061
d8457698 2062 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->addr.bdaddr);
96d97a67 2063 if (!conn) {
bdb6d971 2064 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
04124681 2065 MGMT_STATUS_NOT_CONNECTED);
96d97a67
WR		 2066 goto failed;
2067 }
2068
2069 if (conn->pending_sec_level == BT_SECURITY_HIGH && cp->pin_len != 16) {
d8457698
JH		 2070 struct mgmt_cp_pin_code_neg_reply ncp;
2071
2072 memcpy(&ncp.addr, &cp->addr, sizeof(ncp.addr));
96d97a67
WR		 2073
2074 BT_ERR("PIN code is not 16 bytes long");
2075
bdb6d971 2076 err = send_pin_code_neg_reply(sk, hdev, &ncp);
96d97a67 2077 if (err >= 0)
bdb6d971 2078 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
04124681 2079 MGMT_STATUS_INVALID_PARAMS);
96d97a67
WR		 2080
2081 goto failed;
2082 }
2083
00abfe44 2084 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_REPLY, hdev, data, len);
366a0336
JH		 2085 if (!cmd) {
2086 err = -ENOMEM;
980e1a53 2087 goto failed;
366a0336 2088 }
980e1a53 2089
d8457698 2090 bacpy(&reply.bdaddr, &cp->addr.bdaddr);
980e1a53 2091 reply.pin_len = cp->pin_len;
24718ca5 2092 memcpy(reply.pin_code, cp->pin_code, sizeof(reply.pin_code));
980e1a53
JH		 2093
2094 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_REPLY, sizeof(reply), &reply);
2095 if (err < 0)
a664b5bc 2096 mgmt_pending_remove(cmd);
980e1a53
JH		 2097
2098failed:
09fd0de5 2099 hci_dev_unlock(hdev);
980e1a53
JH		 2100 return err;
2101}
2102
04124681
GP		 2103static int set_io_capability(struct sock *sk, struct hci_dev *hdev, void *data,
2104 u16 len)
17fa4b9d 2105{
650f726d 2106 struct mgmt_cp_set_io_capability *cp = data;
17fa4b9d
JH		 2107
2108 BT_DBG("");
2109
09fd0de5 2110 hci_dev_lock(hdev);
17fa4b9d
JH		 2111
2112 hdev->io_capability = cp->io_capability;
2113
2114 BT_DBG("%s IO capability set to 0x%02x", hdev->name,
8ce8e2b5 2115 hdev->io_capability);
17fa4b9d 2116
09fd0de5 2117 hci_dev_unlock(hdev);
17fa4b9d 2118
04124681
GP		 2119 return cmd_complete(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY, 0, NULL,
2120 0);
17fa4b9d
JH		 2121}
2122
6039aa73 2123static struct pending_cmd *find_pairing(struct hci_conn *conn)
e9a416b5
JH		 2124{
2125 struct hci_dev *hdev = conn->hdev;
8035ded4 2126 struct pending_cmd *cmd;
e9a416b5 2127
2e58ef3e 2128 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
e9a416b5
JH		 2129 if (cmd->opcode != MGMT_OP_PAIR_DEVICE)
2130 continue;
2131
e9a416b5
JH		 2132 if (cmd->user_data != conn)
2133 continue;
2134
2135 return cmd;
2136 }
2137
2138 return NULL;
2139}
2140
2141static void pairing_complete(struct pending_cmd *cmd, u8 status)
2142{
2143 struct mgmt_rp_pair_device rp;
2144 struct hci_conn *conn = cmd->user_data;
2145
ba4e564f 2146 bacpy(&rp.addr.bdaddr, &conn->dst);
57c1477c 2147 rp.addr.type = link_to_bdaddr(conn->type, conn->dst_type);
e9a416b5 2148
aee9b218 2149 cmd_complete(cmd->sk, cmd->index, MGMT_OP_PAIR_DEVICE, status,
04124681 2150 &rp, sizeof(rp));
e9a416b5
JH		 2151
2152 /* So we don't get further callbacks for this connection */
2153 conn->connect_cfm_cb = NULL;
2154 conn->security_cfm_cb = NULL;
2155 conn->disconn_cfm_cb = NULL;
2156
76a68ba0 2157 hci_conn_drop(conn);
e9a416b5 2158
a664b5bc 2159 mgmt_pending_remove(cmd);
e9a416b5
JH		 2160}
2161
2162static void pairing_complete_cb(struct hci_conn *conn, u8 status)
2163{
2164 struct pending_cmd *cmd;
2165
2166 BT_DBG("status %u", status);
2167
2168 cmd = find_pairing(conn);
56e5cb86 2169 if (!cmd)
e9a416b5 2170 BT_DBG("Unable to find a pending command");
56e5cb86 2171 else
e211326c 2172 pairing_complete(cmd, mgmt_status(status));
e9a416b5
JH		 2173}
2174
4c47d739
VA		 2175static void le_connect_complete_cb(struct hci_conn *conn, u8 status)
2176{
2177 struct pending_cmd *cmd;
2178
2179 BT_DBG("status %u", status);
2180
2181 if (!status)
2182 return;
2183
2184 cmd = find_pairing(conn);
2185 if (!cmd)
2186 BT_DBG("Unable to find a pending command");
2187 else
2188 pairing_complete(cmd, mgmt_status(status));
2189}
2190
bdb6d971 2191static int pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2192 u16 len)
e9a416b5 2193{
650f726d 2194 struct mgmt_cp_pair_device *cp = data;
1425acb7 2195 struct mgmt_rp_pair_device rp;
e9a416b5
JH		 2196 struct pending_cmd *cmd;
2197 u8 sec_level, auth_type;
2198 struct hci_conn *conn;
e9a416b5
JH		 2199 int err;
2200
2201 BT_DBG("");
2202
f950a30e
SJ		 2203 memset(&rp, 0, sizeof(rp));
2204 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2205 rp.addr.type = cp->addr.type;
2206
4ee71b20
JH		 2207 if (!bdaddr_type_is_valid(cp->addr.type))
2208 return cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2209 MGMT_STATUS_INVALID_PARAMS,
2210 &rp, sizeof(rp));
2211
09fd0de5 2212 hci_dev_lock(hdev);
e9a416b5 2213
5f97c1df 2214 if (!hdev_is_powered(hdev)) {
f950a30e
SJ		 2215 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2216 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
5f97c1df
JH		 2217 goto unlock;
2218 }
2219
c908df36
VCG		 2220 sec_level = BT_SECURITY_MEDIUM;
2221 if (cp->io_cap == 0x03)
e9a416b5 2222 auth_type = HCI_AT_DEDICATED_BONDING;
c908df36 2223 else
e9a416b5 2224 auth_type = HCI_AT_DEDICATED_BONDING_MITM;
e9a416b5 2225
591f47f3 2226 if (cp->addr.type == BDADDR_BREDR)
b12f62cf
AG		 2227 conn = hci_connect(hdev, ACL_LINK, &cp->addr.bdaddr,
2228 cp->addr.type, sec_level, auth_type);
7a512d01 2229 else
b12f62cf
AG		 2230 conn = hci_connect(hdev, LE_LINK, &cp->addr.bdaddr,
2231 cp->addr.type, sec_level, auth_type);
7a512d01 2232
30e76272 2233 if (IS_ERR(conn)) {
489dc48e
AK		 2234 int status;
2235
2236 if (PTR_ERR(conn) == -EBUSY)
2237 status = MGMT_STATUS_BUSY;
2238 else
2239 status = MGMT_STATUS_CONNECT_FAILED;
2240
bdb6d971 2241 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
489dc48e 2242 status, &rp,
04124681 2243 sizeof(rp));
e9a416b5
JH		 2244 goto unlock;
2245 }
2246
2247 if (conn->connect_cfm_cb) {
76a68ba0 2248 hci_conn_drop(conn);
bdb6d971 2249 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
04124681 2250 MGMT_STATUS_BUSY, &rp, sizeof(rp));
e9a416b5
JH		 2251 goto unlock;
2252 }
2253
2e58ef3e 2254 cmd = mgmt_pending_add(sk, MGMT_OP_PAIR_DEVICE, hdev, data, len);
e9a416b5
JH		 2255 if (!cmd) {
2256 err = -ENOMEM;
76a68ba0 2257 hci_conn_drop(conn);
e9a416b5
JH		 2258 goto unlock;
2259 }
2260
7a512d01 2261 /* For LE, just connecting isn't a proof that the pairing finished */
591f47f3 2262 if (cp->addr.type == BDADDR_BREDR)
7a512d01 2263 conn->connect_cfm_cb = pairing_complete_cb;
4c47d739
VA		 2264 else
2265 conn->connect_cfm_cb = le_connect_complete_cb;
7a512d01 2266
e9a416b5
JH		 2267 conn->security_cfm_cb = pairing_complete_cb;
2268 conn->disconn_cfm_cb = pairing_complete_cb;
2269 conn->io_capability = cp->io_cap;
2270 cmd->user_data = conn;
2271
2272 if (conn->state == BT_CONNECTED &&
8ce8e2b5 2273 hci_conn_security(conn, sec_level, auth_type))
e9a416b5
JH		 2274 pairing_complete(cmd, 0);
2275
2276 err = 0;
2277
2278unlock:
09fd0de5 2279 hci_dev_unlock(hdev);
e9a416b5
JH		 2280 return err;
2281}
2282
04124681
GP		 2283static int cancel_pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
2284 u16 len)
28424707 2285{
0f4e68cf 2286 struct mgmt_addr_info *addr = data;
28424707
JH		 2287 struct pending_cmd *cmd;
2288 struct hci_conn *conn;
2289 int err;
2290
2291 BT_DBG("");
2292
28424707
JH		 2293 hci_dev_lock(hdev);
2294
5f97c1df 2295 if (!hdev_is_powered(hdev)) {
bdb6d971 2296 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
04124681 2297 MGMT_STATUS_NOT_POWERED);
5f97c1df
JH		 2298 goto unlock;
2299 }
2300
28424707
JH		 2301 cmd = mgmt_pending_find(MGMT_OP_PAIR_DEVICE, hdev);
2302 if (!cmd) {
bdb6d971 2303 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
04124681 2304 MGMT_STATUS_INVALID_PARAMS);
28424707
JH		 2305 goto unlock;
2306 }
2307
2308 conn = cmd->user_data;
2309
2310 if (bacmp(&addr->bdaddr, &conn->dst) != 0) {
bdb6d971 2311 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
04124681 2312 MGMT_STATUS_INVALID_PARAMS);
28424707
JH		 2313 goto unlock;
2314 }
2315
2316 pairing_complete(cmd, MGMT_STATUS_CANCELLED);
2317
bdb6d971 2318 err = cmd_complete(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE, 0,
04124681 2319 addr, sizeof(*addr));
28424707
JH		 2320unlock:
2321 hci_dev_unlock(hdev);
28424707
JH		 2322 return err;
2323}
2324
bdb6d971 2325static int user_pairing_resp(struct sock *sk, struct hci_dev *hdev,
1707c60e 2326 struct mgmt_addr_info *addr, u16 mgmt_op,
04124681 2327 u16 hci_op, __le32 passkey)
a5c29683 2328{
a5c29683 2329 struct pending_cmd *cmd;
0df4c185 2330 struct hci_conn *conn;
a5c29683
JH		 2331 int err;
2332
09fd0de5 2333 hci_dev_lock(hdev);
08ba5382 2334
4b34ee78 2335 if (!hdev_is_powered(hdev)) {
feb94d3d
JH		 2336 err = cmd_complete(sk, hdev->id, mgmt_op,
2337 MGMT_STATUS_NOT_POWERED, addr,
2338 sizeof(*addr));
0df4c185 2339 goto done;
a5c29683
JH		 2340 }
2341
1707c60e
JH		 2342 if (addr->type == BDADDR_BREDR)
2343 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &addr->bdaddr);
272d90df 2344 else
1707c60e 2345 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &addr->bdaddr);
272d90df
JH		 2346
2347 if (!conn) {
feb94d3d
JH		 2348 err = cmd_complete(sk, hdev->id, mgmt_op,
2349 MGMT_STATUS_NOT_CONNECTED, addr,
2350 sizeof(*addr));
272d90df
JH		 2351 goto done;
2352 }
47c15e2b 2353
1707c60e 2354 if (addr->type == BDADDR_LE_PUBLIC || addr->type == BDADDR_LE_RANDOM) {
47c15e2b 2355 /* Continue with pairing via SMP */
5fe57d9e
BG		 2356 err = smp_user_confirm_reply(conn, mgmt_op, passkey);
2357
2358 if (!err)
feb94d3d
JH		 2359 err = cmd_complete(sk, hdev->id, mgmt_op,
2360 MGMT_STATUS_SUCCESS, addr,
2361 sizeof(*addr));
5fe57d9e 2362 else
feb94d3d
JH		 2363 err = cmd_complete(sk, hdev->id, mgmt_op,
2364 MGMT_STATUS_FAILED, addr,
2365 sizeof(*addr));
47c15e2b 2366
47c15e2b
BG		 2367 goto done;
2368 }
2369
1707c60e 2370 cmd = mgmt_pending_add(sk, mgmt_op, hdev, addr, sizeof(*addr));
a5c29683
JH		 2371 if (!cmd) {
2372 err = -ENOMEM;
0df4c185 2373 goto done;
a5c29683
JH		 2374 }
2375
0df4c185 2376 /* Continue with pairing via HCI */
604086b7
BG		 2377 if (hci_op == HCI_OP_USER_PASSKEY_REPLY) {
2378 struct hci_cp_user_passkey_reply cp;
2379
1707c60e 2380 bacpy(&cp.bdaddr, &addr->bdaddr);
604086b7
BG		 2381 cp.passkey = passkey;
2382 err = hci_send_cmd(hdev, hci_op, sizeof(cp), &cp);
2383 } else
1707c60e
JH		 2384 err = hci_send_cmd(hdev, hci_op, sizeof(addr->bdaddr),
2385 &addr->bdaddr);
604086b7 2386
a664b5bc
JH		 2387 if (err < 0)
2388 mgmt_pending_remove(cmd);
a5c29683 2389
0df4c185 2390done:
09fd0de5 2391 hci_dev_unlock(hdev);
a5c29683
JH		 2392 return err;
2393}
2394
afeb019d
JK		 2395static int pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
2396 void *data, u16 len)
2397{
2398 struct mgmt_cp_pin_code_neg_reply *cp = data;
2399
2400 BT_DBG("");
2401
1707c60e 2402 return user_pairing_resp(sk, hdev, &cp->addr,
afeb019d
JK		 2403 MGMT_OP_PIN_CODE_NEG_REPLY,
2404 HCI_OP_PIN_CODE_NEG_REPLY, 0);
2405}
2406
04124681
GP		 2407static int user_confirm_reply(struct sock *sk, struct hci_dev *hdev, void *data,
2408 u16 len)
0df4c185 2409{
650f726d 2410 struct mgmt_cp_user_confirm_reply *cp = data;
0df4c185
BG		 2411
2412 BT_DBG("");
2413
2414 if (len != sizeof(*cp))
bdb6d971 2415 return cmd_status(sk, hdev->id, MGMT_OP_USER_CONFIRM_REPLY,
04124681 2416 MGMT_STATUS_INVALID_PARAMS);
0df4c185 2417
1707c60e 2418 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 2419 MGMT_OP_USER_CONFIRM_REPLY,
2420 HCI_OP_USER_CONFIRM_REPLY, 0);
0df4c185
BG		 2421}
2422
bdb6d971 2423static int user_confirm_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 2424 void *data, u16 len)
0df4c185 2425{
c9c2659f 2426 struct mgmt_cp_user_confirm_neg_reply *cp = data;
0df4c185
BG		 2427
2428 BT_DBG("");
2429
1707c60e 2430 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 2431 MGMT_OP_USER_CONFIRM_NEG_REPLY,
2432 HCI_OP_USER_CONFIRM_NEG_REPLY, 0);
0df4c185
BG		 2433}
2434
04124681
GP		 2435static int user_passkey_reply(struct sock *sk, struct hci_dev *hdev, void *data,
2436 u16 len)
604086b7 2437{
650f726d 2438 struct mgmt_cp_user_passkey_reply *cp = data;
604086b7
BG		 2439
2440 BT_DBG("");
2441
1707c60e 2442 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 2443 MGMT_OP_USER_PASSKEY_REPLY,
2444 HCI_OP_USER_PASSKEY_REPLY, cp->passkey);
604086b7
BG		 2445}
2446
bdb6d971 2447static int user_passkey_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 2448 void *data, u16 len)
604086b7 2449{
650f726d 2450 struct mgmt_cp_user_passkey_neg_reply *cp = data;
604086b7
BG		 2451
2452 BT_DBG("");
2453
1707c60e 2454 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 2455 MGMT_OP_USER_PASSKEY_NEG_REPLY,
2456 HCI_OP_USER_PASSKEY_NEG_REPLY, 0);
604086b7
BG		 2457}
2458
13928971 2459static void update_name(struct hci_request *req)
2b4bf397 2460{
13928971 2461 struct hci_dev *hdev = req->hdev;
2b4bf397
JH		 2462 struct hci_cp_write_local_name cp;
2463
13928971 2464 memcpy(cp.name, hdev->dev_name, sizeof(cp.name));
2b4bf397 2465
890ea898 2466 hci_req_add(req, HCI_OP_WRITE_LOCAL_NAME, sizeof(cp), &cp);
2b4bf397
JH		 2467}
2468
13928971
JH		 2469static void set_name_complete(struct hci_dev *hdev, u8 status)
2470{
2471 struct mgmt_cp_set_local_name *cp;
2472 struct pending_cmd *cmd;
2473
2474 BT_DBG("status 0x%02x", status);
2475
2476 hci_dev_lock(hdev);
2477
2478 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
2479 if (!cmd)
2480 goto unlock;
2481
2482 cp = cmd->param;
2483
2484 if (status)
2485 cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME,
2486 mgmt_status(status));
2487 else
2488 cmd_complete(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
2489 cp, sizeof(*cp));
2490
2491 mgmt_pending_remove(cmd);
2492
2493unlock:
2494 hci_dev_unlock(hdev);
2495}
2496
bdb6d971 2497static int set_local_name(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2498 u16 len)
b312b161 2499{
2b4bf397 2500 struct mgmt_cp_set_local_name *cp = data;
b312b161 2501 struct pending_cmd *cmd;
890ea898 2502 struct hci_request req;
b312b161
JH		 2503 int err;
2504
2505 BT_DBG("");
2506
09fd0de5 2507 hci_dev_lock(hdev);
b312b161 2508
b3f2ca94
JH		 2509 /* If the old values are the same as the new ones just return a
2510 * direct command complete event.
2511 */
2512 if (!memcmp(hdev->dev_name, cp->name, sizeof(hdev->dev_name)) &&
2513 !memcmp(hdev->short_name, cp->short_name,
2514 sizeof(hdev->short_name))) {
2515 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
2516 data, len);
2517 goto failed;
2518 }
2519
2b4bf397 2520 memcpy(hdev->short_name, cp->short_name, sizeof(hdev->short_name));
28cc7bde 2521
b5235a65 2522 if (!hdev_is_powered(hdev)) {
2b4bf397 2523 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
28cc7bde
JH		 2524
2525 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
04124681 2526 data, len);
28cc7bde
JH		 2527 if (err < 0)
2528 goto failed;
2529
2530 err = mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, data, len,
04124681 2531 sk);
28cc7bde 2532
b5235a65
JH		 2533 goto failed;
2534 }
2535
28cc7bde 2536 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LOCAL_NAME, hdev, data, len);
b312b161
JH		 2537 if (!cmd) {
2538 err = -ENOMEM;
2539 goto failed;
2540 }
2541
13928971
JH		 2542 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
2543
890ea898 2544 hci_req_init(&req, hdev);
3f985050
JH		 2545
2546 if (lmp_bredr_capable(hdev)) {
2547 update_name(&req);
2548 update_eir(&req);
2549 }
2550
2551 if (lmp_le_capable(hdev))
2552 hci_update_ad(&req);
2553
13928971 2554 err = hci_req_run(&req, set_name_complete);
b312b161
JH		 2555 if (err < 0)
2556 mgmt_pending_remove(cmd);
2557
2558failed:
09fd0de5 2559 hci_dev_unlock(hdev);
b312b161
JH		 2560 return err;
2561}
2562
0f4e68cf 2563static int read_local_oob_data(struct sock *sk, struct hci_dev *hdev,
04124681 2564 void *data, u16 data_len)
c35938b2 2565{
c35938b2
SJ		 2566 struct pending_cmd *cmd;
2567 int err;
2568
bdb6d971 2569 BT_DBG("%s", hdev->name);
c35938b2 2570
09fd0de5 2571 hci_dev_lock(hdev);
c35938b2 2572
4b34ee78 2573 if (!hdev_is_powered(hdev)) {
bdb6d971 2574 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
04124681 2575 MGMT_STATUS_NOT_POWERED);
c35938b2
SJ		 2576 goto unlock;
2577 }
2578
9a1a1996 2579 if (!lmp_ssp_capable(hdev)) {
bdb6d971 2580 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
04124681 2581 MGMT_STATUS_NOT_SUPPORTED);
c35938b2
SJ		 2582 goto unlock;
2583 }
2584
2e58ef3e 2585 if (mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev)) {
bdb6d971 2586 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
04124681 2587 MGMT_STATUS_BUSY);
c35938b2
SJ		 2588 goto unlock;
2589 }
2590
2e58ef3e 2591 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_DATA, hdev, NULL, 0);
c35938b2
SJ		 2592 if (!cmd) {
2593 err = -ENOMEM;
2594 goto unlock;
2595 }
2596
2597 err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL);
2598 if (err < 0)
2599 mgmt_pending_remove(cmd);
2600
2601unlock:
09fd0de5 2602 hci_dev_unlock(hdev);
c35938b2
SJ		 2603 return err;
2604}
2605
bdb6d971 2606static int add_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
04124681 2607 void *data, u16 len)
2763eda6 2608{
650f726d 2609 struct mgmt_cp_add_remote_oob_data *cp = data;
bf1e3541 2610 u8 status;
2763eda6
SJ		 2611 int err;
2612
bdb6d971 2613 BT_DBG("%s ", hdev->name);
2763eda6 2614
09fd0de5 2615 hci_dev_lock(hdev);
2763eda6 2616
664ce4cc 2617 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr, cp->hash,
04124681 2618 cp->randomizer);
2763eda6 2619 if (err < 0)
bf1e3541 2620 status = MGMT_STATUS_FAILED;
2763eda6 2621 else
a6785be2 2622 status = MGMT_STATUS_SUCCESS;
bf1e3541 2623
bdb6d971 2624 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA, status,
04124681 2625 &cp->addr, sizeof(cp->addr));
2763eda6 2626
09fd0de5 2627 hci_dev_unlock(hdev);
2763eda6
SJ		 2628 return err;
2629}
2630
bdb6d971 2631static int remove_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
8ce8e2b5 2632 void *data, u16 len)
2763eda6 2633{
650f726d 2634 struct mgmt_cp_remove_remote_oob_data *cp = data;
bf1e3541 2635 u8 status;
2763eda6
SJ		 2636 int err;
2637
bdb6d971 2638 BT_DBG("%s", hdev->name);
2763eda6 2639
09fd0de5 2640 hci_dev_lock(hdev);
2763eda6 2641
664ce4cc 2642 err = hci_remove_remote_oob_data(hdev, &cp->addr.bdaddr);
2763eda6 2643 if (err < 0)
bf1e3541 2644 status = MGMT_STATUS_INVALID_PARAMS;
2763eda6 2645 else
a6785be2 2646 status = MGMT_STATUS_SUCCESS;
bf1e3541 2647
bdb6d971 2648 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
04124681 2649 status, &cp->addr, sizeof(cp->addr));
2763eda6 2650
09fd0de5 2651 hci_dev_unlock(hdev);
2763eda6
SJ		 2652 return err;
2653}
2654
41dc2bd6
AG		 2655static int mgmt_start_discovery_failed(struct hci_dev *hdev, u8 status)
2656{
2657 struct pending_cmd *cmd;
2658 u8 type;
2659 int err;
2660
2661 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
2662
2663 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
2664 if (!cmd)
2665 return -ENOENT;
2666
2667 type = hdev->discovery.type;
2668
2669 err = cmd_complete(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status),
2670 &type, sizeof(type));
2671 mgmt_pending_remove(cmd);
2672
2673 return err;
2674}
2675
7c307720
AG		 2676static void start_discovery_complete(struct hci_dev *hdev, u8 status)
2677{
2678 BT_DBG("status %d", status);
2679
2680 if (status) {
2681 hci_dev_lock(hdev);
2682 mgmt_start_discovery_failed(hdev, status);
2683 hci_dev_unlock(hdev);
2684 return;
2685 }
2686
2687 hci_dev_lock(hdev);
2688 hci_discovery_set_state(hdev, DISCOVERY_FINDING);
2689 hci_dev_unlock(hdev);
2690
2691 switch (hdev->discovery.type) {
2692 case DISCOV_TYPE_LE:
2693 queue_delayed_work(hdev->workqueue, &hdev->le_scan_disable,
0d8cc935 2694 DISCOV_LE_TIMEOUT);
7c307720
AG		 2695 break;
2696
2697 case DISCOV_TYPE_INTERLEAVED:
2698 queue_delayed_work(hdev->workqueue, &hdev->le_scan_disable,
0d8cc935 2699 DISCOV_INTERLEAVED_TIMEOUT);
7c307720
AG		 2700 break;
2701
2702 case DISCOV_TYPE_BREDR:
2703 break;
2704
2705 default:
2706 BT_ERR("Invalid discovery type %d", hdev->discovery.type);
2707 }
2708}
2709
bdb6d971 2710static int start_discovery(struct sock *sk, struct hci_dev *hdev,
04124681 2711 void *data, u16 len)
14a53664 2712{
650f726d 2713 struct mgmt_cp_start_discovery *cp = data;
14a53664 2714 struct pending_cmd *cmd;
7c307720
AG		 2715 struct hci_cp_le_set_scan_param param_cp;
2716 struct hci_cp_le_set_scan_enable enable_cp;
2717 struct hci_cp_inquiry inq_cp;
2718 struct hci_request req;
2719 /* General inquiry access code (GIAC) */
2720 u8 lap[3] = { 0x33, 0x8b, 0x9e };
14a53664
JH		 2721 int err;
2722
bdb6d971 2723 BT_DBG("%s", hdev->name);
14a53664 2724
09fd0de5 2725 hci_dev_lock(hdev);
14a53664 2726
4b34ee78 2727 if (!hdev_is_powered(hdev)) {
bdb6d971 2728 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
04124681 2729 MGMT_STATUS_NOT_POWERED);
bd2d1334
JH		 2730 goto failed;
2731 }
2732
642be6c7
AG		 2733 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags)) {
2734 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2735 MGMT_STATUS_BUSY);
2736 goto failed;
2737 }
2738
ff9ef578 2739 if (hdev->discovery.state != DISCOVERY_STOPPED) {
bdb6d971 2740 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
04124681 2741 MGMT_STATUS_BUSY);
ff9ef578
JH		 2742 goto failed;
2743 }
2744
2e58ef3e 2745 cmd = mgmt_pending_add(sk, MGMT_OP_START_DISCOVERY, hdev, NULL, 0);
14a53664
JH		 2746 if (!cmd) {
2747 err = -ENOMEM;
2748 goto failed;
2749 }
2750
4aab14e5
AG		 2751 hdev->discovery.type = cp->type;
2752
7c307720
AG		 2753 hci_req_init(&req, hdev);
2754
4aab14e5 2755 switch (hdev->discovery.type) {
f39799f5 2756 case DISCOV_TYPE_BREDR:
04106755
JH		 2757 if (!lmp_bredr_capable(hdev)) {
2758 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2759 MGMT_STATUS_NOT_SUPPORTED);
2760 mgmt_pending_remove(cmd);
2761 goto failed;
2762 }
2763
7c307720
AG		 2764 if (test_bit(HCI_INQUIRY, &hdev->flags)) {
2765 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2766 MGMT_STATUS_BUSY);
2767 mgmt_pending_remove(cmd);
2768 goto failed;
2769 }
2770
2771 hci_inquiry_cache_flush(hdev);
2772
2773 memset(&inq_cp, 0, sizeof(inq_cp));
2774 memcpy(&inq_cp.lap, lap, sizeof(inq_cp.lap));
0d8cc935 2775 inq_cp.length = DISCOV_BREDR_INQUIRY_LEN;
7c307720 2776 hci_req_add(&req, HCI_OP_INQUIRY, sizeof(inq_cp), &inq_cp);
f39799f5
AG		 2777 break;
2778
2779 case DISCOV_TYPE_LE:
7c307720 2780 case DISCOV_TYPE_INTERLEAVED:
757aee0f 2781 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
04106755
JH		 2782 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2783 MGMT_STATUS_NOT_SUPPORTED);
2784 mgmt_pending_remove(cmd);
2785 goto failed;
2786 }
2787
7c307720
AG		 2788 if (hdev->discovery.type == DISCOV_TYPE_INTERLEAVED &&
2789 !lmp_bredr_capable(hdev)) {
04106755
JH		 2790 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2791 MGMT_STATUS_NOT_SUPPORTED);
2792 mgmt_pending_remove(cmd);
2793 goto failed;
2794 }
2795
7c307720
AG		 2796 if (test_bit(HCI_LE_PERIPHERAL, &hdev->dev_flags)) {
2797 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2798 MGMT_STATUS_REJECTED);
2799 mgmt_pending_remove(cmd);
2800 goto failed;
2801 }
2802
2803 if (test_bit(HCI_LE_SCAN, &hdev->dev_flags)) {
2804 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2805 MGMT_STATUS_BUSY);
2806 mgmt_pending_remove(cmd);
2807 goto failed;
2808 }
2809
2810 memset(&param_cp, 0, sizeof(param_cp));
2811 param_cp.type = LE_SCAN_ACTIVE;
0d8cc935
AG		 2812 param_cp.interval = cpu_to_le16(DISCOV_LE_SCAN_INT);
2813 param_cp.window = cpu_to_le16(DISCOV_LE_SCAN_WIN);
7c307720
AG		 2814 hci_req_add(&req, HCI_OP_LE_SET_SCAN_PARAM, sizeof(param_cp),
2815 &param_cp);
2816
2817 memset(&enable_cp, 0, sizeof(enable_cp));
2818 enable_cp.enable = LE_SCAN_ENABLE;
2819 enable_cp.filter_dup = LE_SCAN_FILTER_DUP_ENABLE;
2820 hci_req_add(&req, HCI_OP_LE_SET_SCAN_ENABLE, sizeof(enable_cp),
2821 &enable_cp);
5e0452c0
AG		 2822 break;
2823
f39799f5 2824 default:
04106755
JH		 2825 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2826 MGMT_STATUS_INVALID_PARAMS);
2827 mgmt_pending_remove(cmd);
2828 goto failed;
f39799f5 2829 }
3fd24153 2830
7c307720 2831 err = hci_req_run(&req, start_discovery_complete);
14a53664
JH		 2832 if (err < 0)
2833 mgmt_pending_remove(cmd);
ff9ef578
JH		 2834 else
2835 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
14a53664
JH		 2836
2837failed:
09fd0de5 2838 hci_dev_unlock(hdev);
14a53664
JH		 2839 return err;
2840}
2841
1183fdca
AG		 2842static int mgmt_stop_discovery_failed(struct hci_dev *hdev, u8 status)
2843{
2844 struct pending_cmd *cmd;
2845 int err;
2846
2847 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
2848 if (!cmd)
2849 return -ENOENT;
2850
2851 err = cmd_complete(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status),
2852 &hdev->discovery.type, sizeof(hdev->discovery.type));
2853 mgmt_pending_remove(cmd);
2854
2855 return err;
2856}
2857
0e05bba6
AG		 2858static void stop_discovery_complete(struct hci_dev *hdev, u8 status)
2859{
2860 BT_DBG("status %d", status);
2861
2862 hci_dev_lock(hdev);
2863
2864 if (status) {
2865 mgmt_stop_discovery_failed(hdev, status);
2866 goto unlock;
2867 }
2868
2869 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
2870
2871unlock:
2872 hci_dev_unlock(hdev);
2873}
2874
bdb6d971 2875static int stop_discovery(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2876 u16 len)
14a53664 2877{
d930650b 2878 struct mgmt_cp_stop_discovery *mgmt_cp = data;
14a53664 2879 struct pending_cmd *cmd;
30dc78e1
JH		 2880 struct hci_cp_remote_name_req_cancel cp;
2881 struct inquiry_entry *e;
0e05bba6
AG		 2882 struct hci_request req;
2883 struct hci_cp_le_set_scan_enable enable_cp;
14a53664
JH		 2884 int err;
2885
bdb6d971 2886 BT_DBG("%s", hdev->name);
14a53664 2887
09fd0de5 2888 hci_dev_lock(hdev);
14a53664 2889
30dc78e1 2890 if (!hci_discovery_active(hdev)) {
bdb6d971 2891 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
04124681
GP		 2892 MGMT_STATUS_REJECTED, &mgmt_cp->type,
2893 sizeof(mgmt_cp->type));
d930650b
JH		 2894 goto unlock;
2895 }
2896
2897 if (hdev->discovery.type != mgmt_cp->type) {
bdb6d971 2898 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
04124681
GP		 2899 MGMT_STATUS_INVALID_PARAMS, &mgmt_cp->type,
2900 sizeof(mgmt_cp->type));
30dc78e1 2901 goto unlock;
ff9ef578
JH		 2902 }
2903
2e58ef3e 2904 cmd = mgmt_pending_add(sk, MGMT_OP_STOP_DISCOVERY, hdev, NULL, 0);
14a53664
JH		 2905 if (!cmd) {
2906 err = -ENOMEM;
30dc78e1
JH		 2907 goto unlock;
2908 }
2909
0e05bba6
AG		 2910 hci_req_init(&req, hdev);
2911
e0d9727e
AG		 2912 switch (hdev->discovery.state) {
2913 case DISCOVERY_FINDING:
0e05bba6
AG		 2914 if (test_bit(HCI_INQUIRY, &hdev->flags)) {
2915 hci_req_add(&req, HCI_OP_INQUIRY_CANCEL, 0, NULL);
2916 } else {
2917 cancel_delayed_work(&hdev->le_scan_disable);
2918
2919 memset(&enable_cp, 0, sizeof(enable_cp));
2920 enable_cp.enable = LE_SCAN_DISABLE;
2921 hci_req_add(&req, HCI_OP_LE_SET_SCAN_ENABLE,
2922 sizeof(enable_cp), &enable_cp);
2923 }
c9ecc48e 2924
e0d9727e
AG		 2925 break;
2926
2927 case DISCOVERY_RESOLVING:
2928 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY,
8ce8e2b5 2929 NAME_PENDING);
e0d9727e 2930 if (!e) {
30dc78e1 2931 mgmt_pending_remove(cmd);
e0d9727e
AG		 2932 err = cmd_complete(sk, hdev->id,
2933 MGMT_OP_STOP_DISCOVERY, 0,
2934 &mgmt_cp->type,
2935 sizeof(mgmt_cp->type));
2936 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
2937 goto unlock;
2938 }
30dc78e1 2939
e0d9727e 2940 bacpy(&cp.bdaddr, &e->data.bdaddr);
0e05bba6
AG		 2941 hci_req_add(&req, HCI_OP_REMOTE_NAME_REQ_CANCEL, sizeof(cp),
2942 &cp);
e0d9727e
AG		 2943
2944 break;
2945
2946 default:
2947 BT_DBG("unknown discovery state %u", hdev->discovery.state);
0e05bba6
AG		 2948
2949 mgmt_pending_remove(cmd);
2950 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
2951 MGMT_STATUS_FAILED, &mgmt_cp->type,
2952 sizeof(mgmt_cp->type));
2953 goto unlock;
14a53664
JH		 2954 }
2955
0e05bba6 2956 err = hci_req_run(&req, stop_discovery_complete);
14a53664
JH		 2957 if (err < 0)
2958 mgmt_pending_remove(cmd);
ff9ef578
JH		 2959 else
2960 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
14a53664 2961
30dc78e1 2962unlock:
09fd0de5 2963 hci_dev_unlock(hdev);
14a53664
JH		 2964 return err;
2965}
2966
bdb6d971 2967static int confirm_name(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2968 u16 len)
561aafbc 2969{
650f726d 2970 struct mgmt_cp_confirm_name *cp = data;
561aafbc 2971 struct inquiry_entry *e;
561aafbc
JH		 2972 int err;
2973
bdb6d971 2974 BT_DBG("%s", hdev->name);
561aafbc 2975
561aafbc
JH		 2976 hci_dev_lock(hdev);
2977
30dc78e1 2978 if (!hci_discovery_active(hdev)) {
bdb6d971 2979 err = cmd_status(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
04124681 2980 MGMT_STATUS_FAILED);
30dc78e1
JH		 2981 goto failed;
2982 }
2983
a198e7b1 2984 e = hci_inquiry_cache_lookup_unknown(hdev, &cp->addr.bdaddr);
561aafbc 2985 if (!e) {
bdb6d971 2986 err = cmd_status(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
04124681 2987 MGMT_STATUS_INVALID_PARAMS);
561aafbc
JH		 2988 goto failed;
2989 }
2990
2991 if (cp->name_known) {
2992 e->name_state = NAME_KNOWN;
2993 list_del(&e->list);
2994 } else {
2995 e->name_state = NAME_NEEDED;
a3d4e20a 2996 hci_inquiry_cache_update_resolve(hdev, e);
561aafbc
JH		 2997 }
2998
e384662b
JH		 2999 err = cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME, 0, &cp->addr,
3000 sizeof(cp->addr));
561aafbc
JH		 3001
3002failed:
3003 hci_dev_unlock(hdev);
561aafbc
JH		 3004 return err;
3005}
3006
bdb6d971 3007static int block_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3008 u16 len)
7fbec224 3009{
650f726d 3010 struct mgmt_cp_block_device *cp = data;
f0eeea8b 3011 u8 status;
7fbec224
AJ		 3012 int err;
3013
bdb6d971 3014 BT_DBG("%s", hdev->name);
7fbec224 3015
4ee71b20 3016 if (!bdaddr_type_is_valid(cp->addr.type))
5d0846d4
JH		 3017 return cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE,
3018 MGMT_STATUS_INVALID_PARAMS,
3019 &cp->addr, sizeof(cp->addr));
4ee71b20 3020
09fd0de5 3021 hci_dev_lock(hdev);
5e762444 3022
88c1fe4b 3023 err = hci_blacklist_add(hdev, &cp->addr.bdaddr, cp->addr.type);
7fbec224 3024 if (err < 0)
f0eeea8b 3025 status = MGMT_STATUS_FAILED;
7fbec224 3026 else
a6785be2 3027 status = MGMT_STATUS_SUCCESS;
f0eeea8b 3028
bdb6d971 3029 err = cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE, status,
04124681 3030 &cp->addr, sizeof(cp->addr));
5e762444 3031
09fd0de5 3032 hci_dev_unlock(hdev);
7fbec224
AJ		 3033
3034 return err;
3035}
3036
bdb6d971 3037static int unblock_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3038 u16 len)
7fbec224 3039{
650f726d 3040 struct mgmt_cp_unblock_device *cp = data;
f0eeea8b 3041 u8 status;
7fbec224
AJ		 3042 int err;
3043
bdb6d971 3044 BT_DBG("%s", hdev->name);
7fbec224 3045
4ee71b20 3046 if (!bdaddr_type_is_valid(cp->addr.type))
5d0846d4
JH		 3047 return cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE,
3048 MGMT_STATUS_INVALID_PARAMS,
3049 &cp->addr, sizeof(cp->addr));
4ee71b20 3050
09fd0de5 3051 hci_dev_lock(hdev);
5e762444 3052
88c1fe4b 3053 err = hci_blacklist_del(hdev, &cp->addr.bdaddr, cp->addr.type);
7fbec224 3054 if (err < 0)
f0eeea8b 3055 status = MGMT_STATUS_INVALID_PARAMS;
7fbec224 3056 else
a6785be2 3057 status = MGMT_STATUS_SUCCESS;
f0eeea8b 3058
bdb6d971 3059 err = cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE, status,
04124681 3060 &cp->addr, sizeof(cp->addr));
5e762444 3061
09fd0de5 3062 hci_dev_unlock(hdev);
7fbec224
AJ		 3063
3064 return err;
3065}
3066
cdbaccca
MH		 3067static int set_device_id(struct sock *sk, struct hci_dev *hdev, void *data,
3068 u16 len)
3069{
3070 struct mgmt_cp_set_device_id *cp = data;
890ea898 3071 struct hci_request req;
cdbaccca 3072 int err;
c72d4b8a 3073 __u16 source;
cdbaccca
MH		 3074
3075 BT_DBG("%s", hdev->name);
3076
c72d4b8a
SJ		 3077 source = __le16_to_cpu(cp->source);
3078
3079 if (source > 0x0002)
3080 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEVICE_ID,
3081 MGMT_STATUS_INVALID_PARAMS);
3082
cdbaccca
MH		 3083 hci_dev_lock(hdev);
3084
c72d4b8a 3085 hdev->devid_source = source;
cdbaccca
MH		 3086 hdev->devid_vendor = __le16_to_cpu(cp->vendor);
3087 hdev->devid_product = __le16_to_cpu(cp->product);
3088 hdev->devid_version = __le16_to_cpu(cp->version);
3089
3090 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEVICE_ID, 0, NULL, 0);
3091
890ea898
JH		 3092 hci_req_init(&req, hdev);
3093 update_eir(&req);
3094 hci_req_run(&req, NULL);
cdbaccca
MH		 3095
3096 hci_dev_unlock(hdev);
3097
3098 return err;
3099}
3100
33e38b3e
JH		 3101static void fast_connectable_complete(struct hci_dev *hdev, u8 status)
3102{
3103 struct pending_cmd *cmd;
3104
3105 BT_DBG("status 0x%02x", status);
3106
3107 hci_dev_lock(hdev);
3108
3109 cmd = mgmt_pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev);
3110 if (!cmd)
3111 goto unlock;
3112
3113 if (status) {
3114 cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
3115 mgmt_status(status));
3116 } else {
1a4d3c4b
JH		 3117 struct mgmt_mode *cp = cmd->param;
3118
3119 if (cp->val)
3120 set_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
3121 else
3122 clear_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
3123
33e38b3e
JH		 3124 send_settings_rsp(cmd->sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev);
3125 new_settings(hdev, cmd->sk);
3126 }
3127
3128 mgmt_pending_remove(cmd);
3129
3130unlock:
3131 hci_dev_unlock(hdev);
3132}
3133
bdb6d971 3134static int set_fast_connectable(struct sock *sk, struct hci_dev *hdev,
04124681 3135 void *data, u16 len)
f6422ec6 3136{
650f726d 3137 struct mgmt_mode *cp = data;
33e38b3e
JH		 3138 struct pending_cmd *cmd;
3139 struct hci_request req;
f6422ec6
AJ		 3140 int err;
3141
bdb6d971 3142 BT_DBG("%s", hdev->name);
f6422ec6 3143
1a47aee8 3144 if (!lmp_bredr_capable(hdev) || hdev->hci_ver < BLUETOOTH_VER_1_2)
33c525c0
JH		 3145 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
3146 MGMT_STATUS_NOT_SUPPORTED);
3147
a7e80f25
JH		 3148 if (cp->val != 0x00 && cp->val != 0x01)
3149 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
3150 MGMT_STATUS_INVALID_PARAMS);
3151
5400c044 3152 if (!hdev_is_powered(hdev))
bdb6d971 3153 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
04124681 3154 MGMT_STATUS_NOT_POWERED);
5400c044
JH		 3155
3156 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
bdb6d971 3157 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
04124681 3158 MGMT_STATUS_REJECTED);
f6422ec6
AJ		 3159
3160 hci_dev_lock(hdev);
3161
05cbf29f
JH		 3162 if (mgmt_pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev)) {
3163 err = cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
3164 MGMT_STATUS_BUSY);
3165 goto unlock;
3166 }
3167
1a4d3c4b
JH		 3168 if (!!cp->val == test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags)) {
3169 err = send_settings_rsp(sk, MGMT_OP_SET_FAST_CONNECTABLE,
3170 hdev);
3171 goto unlock;
3172 }
3173
33e38b3e
JH		 3174 cmd = mgmt_pending_add(sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev,
3175 data, len);
3176 if (!cmd) {
3177 err = -ENOMEM;
3178 goto unlock;
f6422ec6
AJ		 3179 }
3180
33e38b3e
JH		 3181 hci_req_init(&req, hdev);
3182
406d7804 3183 write_fast_connectable(&req, cp->val);
33e38b3e
JH		 3184
3185 err = hci_req_run(&req, fast_connectable_complete);
f6422ec6 3186 if (err < 0) {
bdb6d971 3187 err = cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
04124681 3188 MGMT_STATUS_FAILED);
33e38b3e 3189 mgmt_pending_remove(cmd);
f6422ec6
AJ		 3190 }
3191
33e38b3e 3192unlock:
f6422ec6 3193 hci_dev_unlock(hdev);
33e38b3e 3194
f6422ec6
AJ		 3195 return err;
3196}
3197
3f706b72
JH		 3198static bool ltk_is_valid(struct mgmt_ltk_info *key)
3199{
44b20d33
JH		 3200 if (key->authenticated != 0x00 && key->authenticated != 0x01)
3201 return false;
3f706b72
JH		 3202 if (key->master != 0x00 && key->master != 0x01)
3203 return false;
4ee71b20
JH		 3204 if (!bdaddr_type_is_le(key->addr.type))
3205 return false;
3f706b72
JH		 3206 return true;
3207}
3208
bdb6d971 3209static int load_long_term_keys(struct sock *sk, struct hci_dev *hdev,
04124681 3210 void *cp_data, u16 len)
346af67b 3211{
346af67b
VCG		 3212 struct mgmt_cp_load_long_term_keys *cp = cp_data;
3213 u16 key_count, expected_len;
715a5bf2 3214 int i, err;
346af67b 3215
1f350c87 3216 key_count = __le16_to_cpu(cp->key_count);
346af67b
VCG		 3217
3218 expected_len = sizeof(*cp) + key_count *
3219 sizeof(struct mgmt_ltk_info);
3220 if (expected_len != len) {
3221 BT_ERR("load_keys: expected %u bytes, got %u bytes",
8ce8e2b5 3222 len, expected_len);
bdb6d971 3223 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
e57e619f 3224 MGMT_STATUS_INVALID_PARAMS);
346af67b
VCG		 3225 }
3226
bdb6d971 3227 BT_DBG("%s key_count %u", hdev->name, key_count);
346af67b 3228
54ad6d8a
JH		 3229 for (i = 0; i < key_count; i++) {
3230 struct mgmt_ltk_info *key = &cp->keys[i];
3231
3f706b72 3232 if (!ltk_is_valid(key))
54ad6d8a
JH		 3233 return cmd_status(sk, hdev->id,
3234 MGMT_OP_LOAD_LONG_TERM_KEYS,
3235 MGMT_STATUS_INVALID_PARAMS);
3236 }
3237
346af67b
VCG		 3238 hci_dev_lock(hdev);
3239
3240 hci_smp_ltks_clear(hdev);
3241
3242 for (i = 0; i < key_count; i++) {
3243 struct mgmt_ltk_info *key = &cp->keys[i];
3244 u8 type;
3245
3246 if (key->master)
3247 type = HCI_SMP_LTK;
3248 else
3249 type = HCI_SMP_LTK_SLAVE;
3250
4596fde5 3251 hci_add_ltk(hdev, &key->addr.bdaddr,
378b5b7e 3252 bdaddr_to_le(key->addr.type),
04124681
GP		 3253 type, 0, key->authenticated, key->val,
3254 key->enc_size, key->ediv, key->rand);
346af67b
VCG		 3255 }
3256
715a5bf2
JH		 3257 err = cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS, 0,
3258 NULL, 0);
3259
346af67b 3260 hci_dev_unlock(hdev);
346af67b 3261
715a5bf2 3262 return err;
346af67b
VCG		 3263}
3264
2e3c35ea 3265static const struct mgmt_handler {
04124681
GP		 3266 int (*func) (struct sock *sk, struct hci_dev *hdev, void *data,
3267 u16 data_len);
be22b54e
JH		 3268 bool var_len;
3269 size_t data_len;
0f4e68cf
JH		 3270} mgmt_handlers[] = {
3271 { NULL }, /* 0x0000 (no command) */
be22b54e
JH		 3272 { read_version, false, MGMT_READ_VERSION_SIZE },
3273 { read_commands, false, MGMT_READ_COMMANDS_SIZE },
3274 { read_index_list, false, MGMT_READ_INDEX_LIST_SIZE },
3275 { read_controller_info, false, MGMT_READ_INFO_SIZE },
3276 { set_powered, false, MGMT_SETTING_SIZE },
3277 { set_discoverable, false, MGMT_SET_DISCOVERABLE_SIZE },
3278 { set_connectable, false, MGMT_SETTING_SIZE },
3279 { set_fast_connectable, false, MGMT_SETTING_SIZE },
3280 { set_pairable, false, MGMT_SETTING_SIZE },
3281 { set_link_security, false, MGMT_SETTING_SIZE },
3282 { set_ssp, false, MGMT_SETTING_SIZE },
3283 { set_hs, false, MGMT_SETTING_SIZE },
3284 { set_le, false, MGMT_SETTING_SIZE },
3285 { set_dev_class, false, MGMT_SET_DEV_CLASS_SIZE },
3286 { set_local_name, false, MGMT_SET_LOCAL_NAME_SIZE },
3287 { add_uuid, false, MGMT_ADD_UUID_SIZE },
3288 { remove_uuid, false, MGMT_REMOVE_UUID_SIZE },
3289 { load_link_keys, true, MGMT_LOAD_LINK_KEYS_SIZE },
3290 { load_long_term_keys, true, MGMT_LOAD_LONG_TERM_KEYS_SIZE },
3291 { disconnect, false, MGMT_DISCONNECT_SIZE },
3292 { get_connections, false, MGMT_GET_CONNECTIONS_SIZE },
3293 { pin_code_reply, false, MGMT_PIN_CODE_REPLY_SIZE },
3294 { pin_code_neg_reply, false, MGMT_PIN_CODE_NEG_REPLY_SIZE },
3295 { set_io_capability, false, MGMT_SET_IO_CAPABILITY_SIZE },
3296 { pair_device, false, MGMT_PAIR_DEVICE_SIZE },
3297 { cancel_pair_device, false, MGMT_CANCEL_PAIR_DEVICE_SIZE },
3298 { unpair_device, false, MGMT_UNPAIR_DEVICE_SIZE },
3299 { user_confirm_reply, false, MGMT_USER_CONFIRM_REPLY_SIZE },
3300 { user_confirm_neg_reply, false, MGMT_USER_CONFIRM_NEG_REPLY_SIZE },
3301 { user_passkey_reply, false, MGMT_USER_PASSKEY_REPLY_SIZE },
3302 { user_passkey_neg_reply, false, MGMT_USER_PASSKEY_NEG_REPLY_SIZE },
3303 { read_local_oob_data, false, MGMT_READ_LOCAL_OOB_DATA_SIZE },
3304 { add_remote_oob_data, false, MGMT_ADD_REMOTE_OOB_DATA_SIZE },
3305 { remove_remote_oob_data, false, MGMT_REMOVE_REMOTE_OOB_DATA_SIZE },
3306 { start_discovery, false, MGMT_START_DISCOVERY_SIZE },
3307 { stop_discovery, false, MGMT_STOP_DISCOVERY_SIZE },
3308 { confirm_name, false, MGMT_CONFIRM_NAME_SIZE },
3309 { block_device, false, MGMT_BLOCK_DEVICE_SIZE },
3310 { unblock_device, false, MGMT_UNBLOCK_DEVICE_SIZE },
cdbaccca 3311 { set_device_id, false, MGMT_SET_DEVICE_ID_SIZE },
0f4e68cf
JH		 3312};
3313
3314
0381101f
JH		 3315int mgmt_control(struct sock *sk, struct msghdr *msg, size_t msglen)
3316{
650f726d
VCG		 3317 void *buf;
3318 u8 *cp;
0381101f 3319 struct mgmt_hdr *hdr;
4e51eae9 3320 u16 opcode, index, len;
bdb6d971 3321 struct hci_dev *hdev = NULL;
2e3c35ea 3322 const struct mgmt_handler *handler;
0381101f
JH		 3323 int err;
3324
3325 BT_DBG("got %zu bytes", msglen);
3326
3327 if (msglen < sizeof(*hdr))
3328 return -EINVAL;
3329
e63a15ec 3330 buf = kmalloc(msglen, GFP_KERNEL);
0381101f
JH		 3331 if (!buf)
3332 return -ENOMEM;
3333
3334 if (memcpy_fromiovec(buf, msg->msg_iov, msglen)) {
3335 err = -EFAULT;
3336 goto done;
3337 }
3338
650f726d 3339 hdr = buf;
1f350c87
MH		 3340 opcode = __le16_to_cpu(hdr->opcode);
3341 index = __le16_to_cpu(hdr->index);
3342 len = __le16_to_cpu(hdr->len);
0381101f
JH		 3343
3344 if (len != msglen - sizeof(*hdr)) {
3345 err = -EINVAL;
3346 goto done;
3347 }
3348
0f4e68cf 3349 if (index != MGMT_INDEX_NONE) {
bdb6d971
JH		 3350 hdev = hci_dev_get(index);
3351 if (!hdev) {
3352 err = cmd_status(sk, index, opcode,
04124681 3353 MGMT_STATUS_INVALID_INDEX);
bdb6d971
JH		 3354 goto done;
3355 }
0736cfa8
MH		 3356
3357 if (test_bit(HCI_USER_CHANNEL, &hdev->dev_flags)) {
3358 err = cmd_status(sk, index, opcode,
3359 MGMT_STATUS_INVALID_INDEX);
3360 goto done;
3361 }
bdb6d971
JH		 3362 }
3363
0f4e68cf 3364 if (opcode >= ARRAY_SIZE(mgmt_handlers) ||
8ce8e2b5 3365 mgmt_handlers[opcode].func == NULL) {
0381101f 3366 BT_DBG("Unknown op %u", opcode);
ca69b795 3367 err = cmd_status(sk, index, opcode,
04124681 3368 MGMT_STATUS_UNKNOWN_COMMAND);
0f4e68cf
JH		 3369 goto done;
3370 }
3371
3372 if ((hdev && opcode < MGMT_OP_READ_INFO) ||
8ce8e2b5 3373 (!hdev && opcode >= MGMT_OP_READ_INFO)) {
0f4e68cf 3374 err = cmd_status(sk, index, opcode,
04124681 3375 MGMT_STATUS_INVALID_INDEX);
0f4e68cf 3376 goto done;
0381101f
JH		 3377 }
3378
be22b54e
JH		 3379 handler = &mgmt_handlers[opcode];
3380
3381 if ((handler->var_len && len < handler->data_len) ||
8ce8e2b5 3382 (!handler->var_len && len != handler->data_len)) {
be22b54e 3383 err = cmd_status(sk, index, opcode,
04124681 3384 MGMT_STATUS_INVALID_PARAMS);
be22b54e
JH		 3385 goto done;
3386 }
3387
0f4e68cf
JH		 3388 if (hdev)
3389 mgmt_init_hdev(sk, hdev);
3390
3391 cp = buf + sizeof(*hdr);
3392
be22b54e 3393 err = handler->func(sk, hdev, cp, len);
e41d8b4e
JH		 3394 if (err < 0)
3395 goto done;
3396
0381101f
JH		 3397 err = msglen;
3398
3399done:
bdb6d971
JH		 3400 if (hdev)
3401 hci_dev_put(hdev);
3402
0381101f
JH		 3403 kfree(buf);
3404 return err;
3405}
c71e97bf 3406
744cf19e 3407int mgmt_index_added(struct hci_dev *hdev)
c71e97bf 3408{
bb4b2a9a
AE		 3409 if (!mgmt_valid_hdev(hdev))
3410 return -ENOTSUPP;
3411
744cf19e 3412 return mgmt_event(MGMT_EV_INDEX_ADDED, hdev, NULL, 0, NULL);
c71e97bf
JH		 3413}
3414
744cf19e 3415int mgmt_index_removed(struct hci_dev *hdev)
c71e97bf 3416{
5f159032 3417 u8 status = MGMT_STATUS_INVALID_INDEX;
b24752fe 3418
bb4b2a9a
AE		 3419 if (!mgmt_valid_hdev(hdev))
3420 return -ENOTSUPP;
3421
744cf19e 3422 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status);
b24752fe 3423
744cf19e 3424 return mgmt_event(MGMT_EV_INDEX_REMOVED, hdev, NULL, 0, NULL);
eec8d2bc
JH		 3425}
3426
890ea898 3427static void set_bredr_scan(struct hci_request *req)
7f0ae647 3428{
890ea898 3429 struct hci_dev *hdev = req->hdev;
7f0ae647
JH		 3430 u8 scan = 0;
3431
4c01f8b8
JH		 3432 /* Ensure that fast connectable is disabled. This function will
3433 * not do anything if the page scan parameters are already what
3434 * they should be.
3435 */
3436 write_fast_connectable(req, false);
3437
7f0ae647
JH		 3438 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
3439 scan |= SCAN_PAGE;
3440 if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
3441 scan |= SCAN_INQUIRY;
3442
890ea898
JH		 3443 if (scan)
3444 hci_req_add(req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
7f0ae647
JH		 3445}
3446
229ab39c
JH		 3447static void powered_complete(struct hci_dev *hdev, u8 status)
3448{
3449 struct cmd_lookup match = { NULL, hdev };
3450
3451 BT_DBG("status 0x%02x", status);
3452
3453 hci_dev_lock(hdev);
3454
3455 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
3456
3457 new_settings(hdev, match.sk);
3458
3459 hci_dev_unlock(hdev);
3460
3461 if (match.sk)
3462 sock_put(match.sk);
3463}
3464
70da6243 3465static int powered_update_hci(struct hci_dev *hdev)
5add6af8 3466{
890ea898 3467 struct hci_request req;
70da6243 3468 u8 link_sec;
5add6af8 3469
890ea898
JH		 3470 hci_req_init(&req, hdev);
3471
70da6243
JH		 3472 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags) &&
3473 !lmp_host_ssp_capable(hdev)) {
3474 u8 ssp = 1;
5e5282bb 3475
890ea898 3476 hci_req_add(&req, HCI_OP_WRITE_SSP_MODE, 1, &ssp);
70da6243 3477 }
5add6af8 3478
c73eee91
JH		 3479 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags) &&
3480 lmp_bredr_capable(hdev)) {
70da6243 3481 struct hci_cp_write_le_host_supported cp;
f0ff92fb 3482
70da6243
JH		 3483 cp.le = 1;
3484 cp.simul = lmp_le_br_capable(hdev);
3d1cbdd6 3485
70da6243
JH		 3486 /* Check first if we already have the right
3487 * host state (host features set)
3488 */
3489 if (cp.le != lmp_host_le_capable(hdev) ||
3490 cp.simul != lmp_host_le_br_capable(hdev))
890ea898
JH		 3491 hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED,
3492 sizeof(cp), &cp);
70da6243 3493 }
3d1cbdd6 3494
70da6243
JH		 3495 link_sec = test_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
3496 if (link_sec != test_bit(HCI_AUTH, &hdev->flags))
890ea898
JH		 3497 hci_req_add(&req, HCI_OP_WRITE_AUTH_ENABLE,
3498 sizeof(link_sec), &link_sec);
562fcc24 3499
70da6243 3500 if (lmp_bredr_capable(hdev)) {
890ea898
JH		 3501 set_bredr_scan(&req);
3502 update_class(&req);
13928971 3503 update_name(&req);
890ea898 3504 update_eir(&req);
70da6243 3505 }
562fcc24 3506
229ab39c 3507 return hci_req_run(&req, powered_complete);
70da6243 3508}
562fcc24 3509
70da6243
JH		 3510int mgmt_powered(struct hci_dev *hdev, u8 powered)
3511{
3512 struct cmd_lookup match = { NULL, hdev };
229ab39c
JH		 3513 u8 status_not_powered = MGMT_STATUS_NOT_POWERED;
3514 u8 zero_cod[] = { 0, 0, 0 };
70da6243 3515 int err;
f0ff92fb 3516
70da6243
JH		 3517 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
3518 return 0;
3519
70da6243 3520 if (powered) {
229ab39c
JH		 3521 if (powered_update_hci(hdev) == 0)
3522 return 0;
fe038884 3523
229ab39c
JH		 3524 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp,
3525 &match);
3526 goto new_settings;
b24752fe
JH		 3527 }
3528
229ab39c
JH		 3529 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
3530 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status_not_powered);
3531
3532 if (memcmp(hdev->dev_class, zero_cod, sizeof(zero_cod)) != 0)
3533 mgmt_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev,
3534 zero_cod, sizeof(zero_cod), NULL);
3535
3536new_settings:
beadb2bd 3537 err = new_settings(hdev, match.sk);
eec8d2bc
JH		 3538
3539 if (match.sk)
3540 sock_put(match.sk);
3541
7bb895d6 3542 return err;
5add6af8 3543}
73f22f62 3544
96570ffc
JH		 3545int mgmt_set_powered_failed(struct hci_dev *hdev, int err)
3546{
3547 struct pending_cmd *cmd;
3548 u8 status;
3549
3550 cmd = mgmt_pending_find(MGMT_OP_SET_POWERED, hdev);
3551 if (!cmd)
3552 return -ENOENT;
3553
3554 if (err == -ERFKILL)
3555 status = MGMT_STATUS_RFKILLED;
3556 else
3557 status = MGMT_STATUS_FAILED;
3558
3559 err = cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_POWERED, status);
3560
3561 mgmt_pending_remove(cmd);
3562
3563 return err;
3564}
3565
744cf19e 3566int mgmt_discoverable(struct hci_dev *hdev, u8 discoverable)
73f22f62 3567{
76a7f3a4 3568 struct cmd_lookup match = { NULL, hdev };
5e5282bb
JH		 3569 bool changed = false;
3570 int err = 0;
73f22f62 3571
5e5282bb
JH		 3572 if (discoverable) {
3573 if (!test_and_set_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
3574 changed = true;
3575 } else {
3576 if (test_and_clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
3577 changed = true;
3578 }
73f22f62 3579
ed9b5f2f 3580 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, hdev, settings_rsp,
04124681 3581 &match);
ed9b5f2f 3582
beadb2bd
JH		 3583 if (changed)
3584 err = new_settings(hdev, match.sk);
5e5282bb 3585
73f22f62
JH		 3586 if (match.sk)
3587 sock_put(match.sk);
3588
7bb895d6 3589 return err;
73f22f62 3590}
9fbcbb45 3591
744cf19e 3592int mgmt_connectable(struct hci_dev *hdev, u8 connectable)
9fbcbb45 3593{
2b76f453 3594 struct pending_cmd *cmd;
5e5282bb
JH		 3595 bool changed = false;
3596 int err = 0;
9fbcbb45 3597
5e5282bb
JH		 3598 if (connectable) {
3599 if (!test_and_set_bit(HCI_CONNECTABLE, &hdev->dev_flags))
3600 changed = true;
3601 } else {
3602 if (test_and_clear_bit(HCI_CONNECTABLE, &hdev->dev_flags))
3603 changed = true;
3604 }
9fbcbb45 3605
2b76f453 3606 cmd = mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
ed9b5f2f 3607
beadb2bd 3608 if (changed)
2b76f453 3609 err = new_settings(hdev, cmd ? cmd->sk : NULL);
9fbcbb45 3610
7bb895d6 3611 return err;
9fbcbb45 3612}
55ed8ca1 3613
744cf19e 3614int mgmt_write_scan_failed(struct hci_dev *hdev, u8 scan, u8 status)
2d7cee58 3615{
ca69b795
JH		 3616 u8 mgmt_err = mgmt_status(status);
3617
2d7cee58 3618 if (scan & SCAN_PAGE)
744cf19e 3619 mgmt_pending_foreach(MGMT_OP_SET_CONNECTABLE, hdev,
04124681 3620 cmd_status_rsp, &mgmt_err);
2d7cee58
JH		 3621
3622 if (scan & SCAN_INQUIRY)
744cf19e 3623 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, hdev,
04124681 3624 cmd_status_rsp, &mgmt_err);
2d7cee58
JH		 3625
3626 return 0;
3627}
3628
53168e5b
CC		 3629int mgmt_new_link_key(struct hci_dev *hdev, struct link_key *key,
3630 bool persistent)
55ed8ca1 3631{
86742e1e 3632 struct mgmt_ev_new_link_key ev;
55ed8ca1 3633
a492cd52 3634 memset(&ev, 0, sizeof(ev));
55ed8ca1 3635
a492cd52 3636 ev.store_hint = persistent;
d753fdc4 3637 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
591f47f3 3638 ev.key.addr.type = BDADDR_BREDR;
a492cd52 3639 ev.key.type = key->type;
9b3b4460 3640 memcpy(ev.key.val, key->val, HCI_LINK_KEY_SIZE);
a492cd52 3641 ev.key.pin_len = key->pin_len;
55ed8ca1 3642
744cf19e 3643 return mgmt_event(MGMT_EV_NEW_LINK_KEY, hdev, &ev, sizeof(ev), NULL);
55ed8ca1 3644}
f7520543 3645
346af67b
VCG		 3646int mgmt_new_ltk(struct hci_dev *hdev, struct smp_ltk *key, u8 persistent)
3647{
3648 struct mgmt_ev_new_long_term_key ev;
3649
3650 memset(&ev, 0, sizeof(ev));
3651
3652 ev.store_hint = persistent;
3653 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
57c1477c 3654 ev.key.addr.type = link_to_bdaddr(LE_LINK, key->bdaddr_type);
346af67b
VCG		 3655 ev.key.authenticated = key->authenticated;
3656 ev.key.enc_size = key->enc_size;
3657 ev.key.ediv = key->ediv;
3658
3659 if (key->type == HCI_SMP_LTK)
3660 ev.key.master = 1;
3661
3662 memcpy(ev.key.rand, key->rand, sizeof(key->rand));
3663 memcpy(ev.key.val, key->val, sizeof(key->val));
3664
04124681
GP		 3665 return mgmt_event(MGMT_EV_NEW_LONG_TERM_KEY, hdev, &ev, sizeof(ev),
3666 NULL);
346af67b
VCG		 3667}
3668
afc747a6 3669int mgmt_device_connected(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
04124681
GP		 3670 u8 addr_type, u32 flags, u8 *name, u8 name_len,
3671 u8 *dev_class)
f7520543 3672{
b644ba33
JH		 3673 char buf[512];
3674 struct mgmt_ev_device_connected *ev = (void *) buf;
3675 u16 eir_len = 0;
f7520543 3676
b644ba33 3677 bacpy(&ev->addr.bdaddr, bdaddr);
57c1477c 3678 ev->addr.type = link_to_bdaddr(link_type, addr_type);
f7520543 3679
c95f0ba7 3680 ev->flags = __cpu_to_le32(flags);
08c79b61 3681
b644ba33
JH		 3682 if (name_len > 0)
3683 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE,
04124681 3684 name, name_len);
b644ba33
JH		 3685
3686 if (dev_class && memcmp(dev_class, "\0\0\0", 3) != 0)
53156385 3687 eir_len = eir_append_data(ev->eir, eir_len,
04124681 3688 EIR_CLASS_OF_DEV, dev_class, 3);
b644ba33 3689
eb55ef07 3690 ev->eir_len = cpu_to_le16(eir_len);
b644ba33
JH		 3691
3692 return mgmt_event(MGMT_EV_DEVICE_CONNECTED, hdev, buf,
04124681 3693 sizeof(*ev) + eir_len, NULL);
f7520543
JH		 3694}
3695
8962ee74
JH		 3696static void disconnect_rsp(struct pending_cmd *cmd, void *data)
3697{
c68fb7ff 3698 struct mgmt_cp_disconnect *cp = cmd->param;
8962ee74 3699 struct sock **sk = data;
a38528f1 3700 struct mgmt_rp_disconnect rp;
8962ee74 3701
88c3df13
JH		 3702 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
3703 rp.addr.type = cp->addr.type;
8962ee74 3704
aee9b218 3705 cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT, 0, &rp,
04124681 3706 sizeof(rp));
8962ee74
JH		 3707
3708 *sk = cmd->sk;
3709 sock_hold(*sk);
3710
a664b5bc 3711 mgmt_pending_remove(cmd);
8962ee74
JH		 3712}
3713
124f6e35 3714static void unpair_device_rsp(struct pending_cmd *cmd, void *data)
a8a1d19e 3715{
b1078ad0 3716 struct hci_dev *hdev = data;
124f6e35
JH		 3717 struct mgmt_cp_unpair_device *cp = cmd->param;
3718 struct mgmt_rp_unpair_device rp;
a8a1d19e
JH		 3719
3720 memset(&rp, 0, sizeof(rp));
124f6e35
JH		 3721 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
3722 rp.addr.type = cp->addr.type;
a8a1d19e 3723
b1078ad0
JH		 3724 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, cmd->sk);
3725
aee9b218 3726 cmd_complete(cmd->sk, cmd->index, cmd->opcode, 0, &rp, sizeof(rp));
a8a1d19e
JH		 3727
3728 mgmt_pending_remove(cmd);
3729}
3730
afc747a6 3731int mgmt_device_disconnected(struct hci_dev *hdev, bdaddr_t *bdaddr,
f0d6a0ea 3732 u8 link_type, u8 addr_type, u8 reason)
f7520543 3733{
f0d6a0ea 3734 struct mgmt_ev_device_disconnected ev;
8962ee74
JH		 3735 struct sock *sk = NULL;
3736 int err;
3737
744cf19e 3738 mgmt_pending_foreach(MGMT_OP_DISCONNECT, hdev, disconnect_rsp, &sk);
f7520543 3739
f0d6a0ea
MA		 3740 bacpy(&ev.addr.bdaddr, bdaddr);
3741 ev.addr.type = link_to_bdaddr(link_type, addr_type);
3742 ev.reason = reason;
f7520543 3743
afc747a6 3744 err = mgmt_event(MGMT_EV_DEVICE_DISCONNECTED, hdev, &ev, sizeof(ev),
04124681 3745 sk);
8962ee74
JH		 3746
3747 if (sk)
d97dcb66 3748 sock_put(sk);
8962ee74 3749
124f6e35 3750 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
04124681 3751 hdev);
a8a1d19e 3752
8962ee74
JH		 3753 return err;
3754}
3755
88c3df13 3756int mgmt_disconnect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 3757 u8 link_type, u8 addr_type, u8 status)
8962ee74 3758{
88c3df13 3759 struct mgmt_rp_disconnect rp;
8962ee74
JH		 3760 struct pending_cmd *cmd;
3761 int err;
3762
36a75f1b
JD		 3763 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
3764 hdev);
3765
2e58ef3e 3766 cmd = mgmt_pending_find(MGMT_OP_DISCONNECT, hdev);
8962ee74
JH		 3767 if (!cmd)
3768 return -ENOENT;
3769
88c3df13 3770 bacpy(&rp.addr.bdaddr, bdaddr);
57c1477c 3771 rp.addr.type = link_to_bdaddr(link_type, addr_type);
37d9ef76 3772
88c3df13 3773 err = cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT,
04124681 3774 mgmt_status(status), &rp, sizeof(rp));
8962ee74 3775
a664b5bc 3776 mgmt_pending_remove(cmd);
8962ee74
JH		 3777
3778 return err;
f7520543 3779}
17d5c04c 3780
48264f06 3781int mgmt_connect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
04124681 3782 u8 addr_type, u8 status)
17d5c04c
JH		 3783{
3784 struct mgmt_ev_connect_failed ev;
3785
4c659c39 3786 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 3787 ev.addr.type = link_to_bdaddr(link_type, addr_type);
ca69b795 3788 ev.status = mgmt_status(status);
17d5c04c 3789
744cf19e 3790 return mgmt_event(MGMT_EV_CONNECT_FAILED, hdev, &ev, sizeof(ev), NULL);
17d5c04c 3791}
980e1a53 3792
744cf19e 3793int mgmt_pin_code_request(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 secure)
980e1a53
JH		 3794{
3795 struct mgmt_ev_pin_code_request ev;
3796
d8457698 3797 bacpy(&ev.addr.bdaddr, bdaddr);
591f47f3 3798 ev.addr.type = BDADDR_BREDR;
a770bb5a 3799 ev.secure = secure;
980e1a53 3800
744cf19e 3801 return mgmt_event(MGMT_EV_PIN_CODE_REQUEST, hdev, &ev, sizeof(ev),
04124681 3802 NULL);
980e1a53
JH		 3803}
3804
744cf19e 3805int mgmt_pin_code_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 3806 u8 status)
980e1a53
JH		 3807{
3808 struct pending_cmd *cmd;
ac56fb13 3809 struct mgmt_rp_pin_code_reply rp;
980e1a53
JH		 3810 int err;
3811
2e58ef3e 3812 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_REPLY, hdev);
980e1a53
JH		 3813 if (!cmd)
3814 return -ENOENT;
3815
d8457698 3816 bacpy(&rp.addr.bdaddr, bdaddr);
591f47f3 3817 rp.addr.type = BDADDR_BREDR;
ac56fb13 3818
aee9b218 3819 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
04124681 3820 mgmt_status(status), &rp, sizeof(rp));
980e1a53 3821
a664b5bc 3822 mgmt_pending_remove(cmd);
980e1a53
JH		 3823
3824 return err;
3825}
3826
744cf19e 3827int mgmt_pin_code_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 3828 u8 status)
980e1a53
JH		 3829{
3830 struct pending_cmd *cmd;
ac56fb13 3831 struct mgmt_rp_pin_code_reply rp;
980e1a53
JH		 3832 int err;
3833
2e58ef3e 3834 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_NEG_REPLY, hdev);
980e1a53
JH		 3835 if (!cmd)
3836 return -ENOENT;
3837
d8457698 3838 bacpy(&rp.addr.bdaddr, bdaddr);
591f47f3 3839 rp.addr.type = BDADDR_BREDR;
ac56fb13 3840
aee9b218 3841 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_NEG_REPLY,
04124681 3842 mgmt_status(status), &rp, sizeof(rp));
980e1a53 3843
a664b5bc 3844 mgmt_pending_remove(cmd);
980e1a53
JH		 3845
3846 return err;
3847}
a5c29683 3848
744cf19e 3849int mgmt_user_confirm_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681
GP		 3850 u8 link_type, u8 addr_type, __le32 value,
3851 u8 confirm_hint)
a5c29683
JH		 3852{
3853 struct mgmt_ev_user_confirm_request ev;
3854
744cf19e 3855 BT_DBG("%s", hdev->name);
a5c29683 3856
272d90df 3857 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 3858 ev.addr.type = link_to_bdaddr(link_type, addr_type);
55bc1a37 3859 ev.confirm_hint = confirm_hint;
78e8098e 3860 ev.value = value;
a5c29683 3861
744cf19e 3862 return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST, hdev, &ev, sizeof(ev),
04124681 3863 NULL);
a5c29683
JH		 3864}
3865
272d90df 3866int mgmt_user_passkey_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
8ce8e2b5 3867 u8 link_type, u8 addr_type)
604086b7
BG		 3868{
3869 struct mgmt_ev_user_passkey_request ev;
3870
3871 BT_DBG("%s", hdev->name);
3872
272d90df 3873 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 3874 ev.addr.type = link_to_bdaddr(link_type, addr_type);
604086b7
BG		 3875
3876 return mgmt_event(MGMT_EV_USER_PASSKEY_REQUEST, hdev, &ev, sizeof(ev),
04124681 3877 NULL);
604086b7
BG		 3878}
3879
0df4c185 3880static int user_pairing_resp_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
8ce8e2b5
GP		 3881 u8 link_type, u8 addr_type, u8 status,
3882 u8 opcode)
a5c29683
JH		 3883{
3884 struct pending_cmd *cmd;
3885 struct mgmt_rp_user_confirm_reply rp;
3886 int err;
3887
2e58ef3e 3888 cmd = mgmt_pending_find(opcode, hdev);
a5c29683
JH		 3889 if (!cmd)
3890 return -ENOENT;
3891
272d90df 3892 bacpy(&rp.addr.bdaddr, bdaddr);
57c1477c 3893 rp.addr.type = link_to_bdaddr(link_type, addr_type);
aee9b218 3894 err = cmd_complete(cmd->sk, hdev->id, opcode, mgmt_status(status),
04124681 3895 &rp, sizeof(rp));
a5c29683 3896
a664b5bc 3897 mgmt_pending_remove(cmd);
a5c29683
JH		 3898
3899 return err;
3900}
3901
744cf19e 3902int mgmt_user_confirm_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 3903 u8 link_type, u8 addr_type, u8 status)
a5c29683 3904{
272d90df 3905 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
04124681 3906 status, MGMT_OP_USER_CONFIRM_REPLY);
a5c29683
JH		 3907}
3908
272d90df 3909int mgmt_user_confirm_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 3910 u8 link_type, u8 addr_type, u8 status)
a5c29683 3911{
272d90df 3912 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
8fc9ced3
GP		 3913 status,
3914 MGMT_OP_USER_CONFIRM_NEG_REPLY);
a5c29683 3915}
2a611692 3916
604086b7 3917int mgmt_user_passkey_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 3918 u8 link_type, u8 addr_type, u8 status)
604086b7 3919{
272d90df 3920 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
04124681 3921 status, MGMT_OP_USER_PASSKEY_REPLY);
604086b7
BG		 3922}
3923
272d90df 3924int mgmt_user_passkey_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 3925 u8 link_type, u8 addr_type, u8 status)
604086b7 3926{
272d90df 3927 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
8fc9ced3
GP		 3928 status,
3929 MGMT_OP_USER_PASSKEY_NEG_REPLY);
604086b7
BG		 3930}
3931
92a25256
JH		 3932int mgmt_user_passkey_notify(struct hci_dev *hdev, bdaddr_t *bdaddr,
3933 u8 link_type, u8 addr_type, u32 passkey,
3934 u8 entered)
3935{
3936 struct mgmt_ev_passkey_notify ev;
3937
3938 BT_DBG("%s", hdev->name);
3939
3940 bacpy(&ev.addr.bdaddr, bdaddr);
3941 ev.addr.type = link_to_bdaddr(link_type, addr_type);
3942 ev.passkey = __cpu_to_le32(passkey);
3943 ev.entered = entered;
3944
3945 return mgmt_event(MGMT_EV_PASSKEY_NOTIFY, hdev, &ev, sizeof(ev), NULL);
3946}
3947
bab73cb6 3948int mgmt_auth_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
04124681 3949 u8 addr_type, u8 status)
2a611692
JH		 3950{
3951 struct mgmt_ev_auth_failed ev;
3952
bab73cb6 3953 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 3954 ev.addr.type = link_to_bdaddr(link_type, addr_type);
ca69b795 3955 ev.status = mgmt_status(status);
2a611692 3956
744cf19e 3957 return mgmt_event(MGMT_EV_AUTH_FAILED, hdev, &ev, sizeof(ev), NULL);
2a611692 3958}
b312b161 3959
33ef95ed
JH		 3960int mgmt_auth_enable_complete(struct hci_dev *hdev, u8 status)
3961{
3962 struct cmd_lookup match = { NULL, hdev };
47990ea0
JH		 3963 bool changed = false;
3964 int err = 0;
33ef95ed
JH		 3965
3966 if (status) {
3967 u8 mgmt_err = mgmt_status(status);
3968 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev,
04124681 3969 cmd_status_rsp, &mgmt_err);
33ef95ed
JH		 3970 return 0;
3971 }
3972
47990ea0
JH		 3973 if (test_bit(HCI_AUTH, &hdev->flags)) {
3974 if (!test_and_set_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
3975 changed = true;
3976 } else {
3977 if (test_and_clear_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
3978 changed = true;
3979 }
3980
33ef95ed 3981 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev, settings_rsp,
04124681 3982 &match);
33ef95ed 3983
47990ea0
JH		 3984 if (changed)
3985 err = new_settings(hdev, match.sk);
33ef95ed
JH		 3986
3987 if (match.sk)
3988 sock_put(match.sk);
3989
3990 return err;
3991}
3992
890ea898 3993static void clear_eir(struct hci_request *req)
cacaf52f 3994{
890ea898 3995 struct hci_dev *hdev = req->hdev;
cacaf52f
JH		 3996 struct hci_cp_write_eir cp;
3997
976eb20e 3998 if (!lmp_ext_inq_capable(hdev))
890ea898 3999 return;
cacaf52f 4000
c80da27e
JH		 4001 memset(hdev->eir, 0, sizeof(hdev->eir));
4002
cacaf52f
JH		 4003 memset(&cp, 0, sizeof(cp));
4004
890ea898 4005 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
cacaf52f
JH		 4006}
4007
c0ecddc2 4008int mgmt_ssp_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
ed2c4ee3
JH		 4009{
4010 struct cmd_lookup match = { NULL, hdev };
890ea898 4011 struct hci_request req;
c0ecddc2
JH		 4012 bool changed = false;
4013 int err = 0;
ed2c4ee3
JH		 4014
4015 if (status) {
4016 u8 mgmt_err = mgmt_status(status);
c0ecddc2
JH		 4017
4018 if (enable && test_and_clear_bit(HCI_SSP_ENABLED,
04124681 4019 &hdev->dev_flags))
c0ecddc2
JH		 4020 err = new_settings(hdev, NULL);
4021
04124681
GP		 4022 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, cmd_status_rsp,
4023 &mgmt_err);
c0ecddc2
JH		 4024
4025 return err;
4026 }
4027
4028 if (enable) {
4029 if (!test_and_set_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
4030 changed = true;
4031 } else {
4032 if (test_and_clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
4033 changed = true;
ed2c4ee3
JH		 4034 }
4035
4036 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, settings_rsp, &match);
4037
c0ecddc2
JH		 4038 if (changed)
4039 err = new_settings(hdev, match.sk);
ed2c4ee3 4040
5fc6ebb1 4041 if (match.sk)
ed2c4ee3
JH		 4042 sock_put(match.sk);
4043
890ea898
JH		 4044 hci_req_init(&req, hdev);
4045
5fc6ebb1 4046 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
890ea898 4047 update_eir(&req);
5fc6ebb1 4048 else
890ea898
JH		 4049 clear_eir(&req);
4050
4051 hci_req_run(&req, NULL);
cacaf52f 4052
ed2c4ee3
JH		 4053 return err;
4054}
4055
92da6097 4056static void sk_lookup(struct pending_cmd *cmd, void *data)
90e70454
JH		 4057{
4058 struct cmd_lookup *match = data;
4059
90e70454
JH		 4060 if (match->sk == NULL) {
4061 match->sk = cmd->sk;
4062 sock_hold(match->sk);
4063 }
90e70454
JH		 4064}
4065
7f9a903c 4066int mgmt_set_class_of_dev_complete(struct hci_dev *hdev, u8 *dev_class,
04124681 4067 u8 status)
7f9a903c 4068{
90e70454
JH		 4069 struct cmd_lookup match = { NULL, hdev, mgmt_status(status) };
4070 int err = 0;
7f9a903c 4071
92da6097
JH		 4072 mgmt_pending_foreach(MGMT_OP_SET_DEV_CLASS, hdev, sk_lookup, &match);
4073 mgmt_pending_foreach(MGMT_OP_ADD_UUID, hdev, sk_lookup, &match);
4074 mgmt_pending_foreach(MGMT_OP_REMOVE_UUID, hdev, sk_lookup, &match);
90e70454
JH		 4075
4076 if (!status)
04124681
GP		 4077 err = mgmt_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev, dev_class,
4078 3, NULL);
90e70454
JH		 4079
4080 if (match.sk)
4081 sock_put(match.sk);
7f9a903c
MH		 4082
4083 return err;
4084}
4085
744cf19e 4086int mgmt_set_local_name_complete(struct hci_dev *hdev, u8 *name, u8 status)
b312b161 4087{
b312b161 4088 struct mgmt_cp_set_local_name ev;
13928971 4089 struct pending_cmd *cmd;
28cc7bde 4090
13928971
JH		 4091 if (status)
4092 return 0;
b312b161
JH		 4093
4094 memset(&ev, 0, sizeof(ev));
4095 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH);
28cc7bde 4096 memcpy(ev.short_name, hdev->short_name, HCI_MAX_SHORT_NAME_LENGTH);
b312b161 4097
2e58ef3e 4098 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
13928971
JH		 4099 if (!cmd) {
4100 memcpy(hdev->dev_name, name, sizeof(hdev->dev_name));
28cc7bde 4101
13928971
JH		 4102 /* If this is a HCI command related to powering on the
4103 * HCI dev don't send any mgmt signals.
4104 */
4105 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev))
4106 return 0;
890ea898 4107 }
b312b161 4108
13928971
JH		 4109 return mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, &ev, sizeof(ev),
4110 cmd ? cmd->sk : NULL);
b312b161 4111}
c35938b2 4112
744cf19e 4113int mgmt_read_local_oob_data_reply_complete(struct hci_dev *hdev, u8 *hash,
04124681 4114 u8 *randomizer, u8 status)
c35938b2
SJ		 4115{
4116 struct pending_cmd *cmd;
4117 int err;
4118
744cf19e 4119 BT_DBG("%s status %u", hdev->name, status);
c35938b2 4120
2e58ef3e 4121 cmd = mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev);
c35938b2
SJ		 4122 if (!cmd)
4123 return -ENOENT;
4124
4125 if (status) {
04124681
GP		 4126 err = cmd_status(cmd->sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
4127 mgmt_status(status));
c35938b2
SJ		 4128 } else {
4129 struct mgmt_rp_read_local_oob_data rp;
4130
4131 memcpy(rp.hash, hash, sizeof(rp.hash));
4132 memcpy(rp.randomizer, randomizer, sizeof(rp.randomizer));
4133
744cf19e 4134 err = cmd_complete(cmd->sk, hdev->id,
04124681
GP		 4135 MGMT_OP_READ_LOCAL_OOB_DATA, 0, &rp,
4136 sizeof(rp));
c35938b2
SJ		 4137 }
4138
4139 mgmt_pending_remove(cmd);
4140
4141 return err;
4142}
e17acd40 4143
06199cf8
JH		 4144int mgmt_le_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
4145{
4146 struct cmd_lookup match = { NULL, hdev };
4147 bool changed = false;
4148 int err = 0;
4149
4150 if (status) {
4151 u8 mgmt_err = mgmt_status(status);
4152
4153 if (enable && test_and_clear_bit(HCI_LE_ENABLED,
04124681 4154 &hdev->dev_flags))
d97dcb66 4155 err = new_settings(hdev, NULL);
06199cf8 4156
d97dcb66
SJ		 4157 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, cmd_status_rsp,
4158 &mgmt_err);
06199cf8
JH		 4159
4160 return err;
4161 }
4162
4163 if (enable) {
4164 if (!test_and_set_bit(HCI_LE_ENABLED, &hdev->dev_flags))
4165 changed = true;
4166 } else {
4167 if (test_and_clear_bit(HCI_LE_ENABLED, &hdev->dev_flags))
4168 changed = true;
4169 }
4170
4171 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, settings_rsp, &match);
4172
4173 if (changed)
4174 err = new_settings(hdev, match.sk);
4175
4176 if (match.sk)
4177 sock_put(match.sk);
4178
4179 return err;
4180}
4181
48264f06 4182int mgmt_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
04124681
GP		 4183 u8 addr_type, u8 *dev_class, s8 rssi, u8 cfm_name, u8
4184 ssp, u8 *eir, u16 eir_len)
e17acd40 4185{
e319d2e7
JH		 4186 char buf[512];
4187 struct mgmt_ev_device_found *ev = (void *) buf;
1dc06093 4188 size_t ev_size;
e17acd40 4189
12602d0c
AG		 4190 if (!hci_discovery_active(hdev))
4191 return -EPERM;
4192
1dc06093
JH		 4193 /* Leave 5 bytes for a potential CoD field */
4194 if (sizeof(*ev) + eir_len + 5 > sizeof(buf))
7d262f86
AG		 4195 return -EINVAL;
4196
1dc06093
JH		 4197 memset(buf, 0, sizeof(buf));
4198
e319d2e7 4199 bacpy(&ev->addr.bdaddr, bdaddr);
57c1477c 4200 ev->addr.type = link_to_bdaddr(link_type, addr_type);
e319d2e7 4201 ev->rssi = rssi;
9a395a80 4202 if (cfm_name)
612dfce9 4203 ev->flags |= __constant_cpu_to_le32(MGMT_DEV_FOUND_CONFIRM_NAME);
388fc8fa 4204 if (!ssp)
612dfce9 4205 ev->flags |= __constant_cpu_to_le32(MGMT_DEV_FOUND_LEGACY_PAIRING);
e17acd40 4206
1dc06093 4207 if (eir_len > 0)
e319d2e7 4208 memcpy(ev->eir, eir, eir_len);
e17acd40 4209
1dc06093
JH		 4210 if (dev_class && !eir_has_data_type(ev->eir, eir_len, EIR_CLASS_OF_DEV))
4211 eir_len = eir_append_data(ev->eir, eir_len, EIR_CLASS_OF_DEV,
04124681 4212 dev_class, 3);
1dc06093 4213
eb55ef07 4214 ev->eir_len = cpu_to_le16(eir_len);
1dc06093 4215 ev_size = sizeof(*ev) + eir_len;
f8523598 4216
e319d2e7 4217 return mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, ev_size, NULL);
e17acd40 4218}
a88a9652 4219
b644ba33 4220int mgmt_remote_name(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
04124681 4221 u8 addr_type, s8 rssi, u8 *name, u8 name_len)
a88a9652 4222{
b644ba33
JH		 4223 struct mgmt_ev_device_found *ev;
4224 char buf[sizeof(*ev) + HCI_MAX_NAME_LENGTH + 2];
4225 u16 eir_len;
a88a9652 4226
b644ba33 4227 ev = (struct mgmt_ev_device_found *) buf;
a88a9652 4228
b644ba33
JH		 4229 memset(buf, 0, sizeof(buf));
4230
4231 bacpy(&ev->addr.bdaddr, bdaddr);
57c1477c 4232 ev->addr.type = link_to_bdaddr(link_type, addr_type);
b644ba33
JH		 4233 ev->rssi = rssi;
4234
4235 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE, name,
04124681 4236 name_len);
b644ba33 4237
eb55ef07 4238 ev->eir_len = cpu_to_le16(eir_len);
a88a9652 4239
053c7e0c 4240 return mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev,
04124681 4241 sizeof(*ev) + eir_len, NULL);
a88a9652 4242}
314b2381 4243
744cf19e 4244int mgmt_discovering(struct hci_dev *hdev, u8 discovering)
314b2381 4245{
f963e8e9 4246 struct mgmt_ev_discovering ev;
164a6e78
JH		 4247 struct pending_cmd *cmd;
4248
343fb145
AG		 4249 BT_DBG("%s discovering %u", hdev->name, discovering);
4250
164a6e78 4251 if (discovering)
2e58ef3e 4252 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
164a6e78 4253 else
2e58ef3e 4254 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
164a6e78
JH		 4255
4256 if (cmd != NULL) {
f808e166
JH		 4257 u8 type = hdev->discovery.type;
4258
04124681
GP		 4259 cmd_complete(cmd->sk, hdev->id, cmd->opcode, 0, &type,
4260 sizeof(type));
164a6e78
JH		 4261 mgmt_pending_remove(cmd);
4262 }
4263
f963e8e9
JH		 4264 memset(&ev, 0, sizeof(ev));
4265 ev.type = hdev->discovery.type;
4266 ev.discovering = discovering;
4267
4268 return mgmt_event(MGMT_EV_DISCOVERING, hdev, &ev, sizeof(ev), NULL);
314b2381 4269}
5e762444 4270
88c1fe4b 4271int mgmt_device_blocked(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
5e762444
AJ		 4272{
4273 struct pending_cmd *cmd;
4274 struct mgmt_ev_device_blocked ev;
4275
2e58ef3e 4276 cmd = mgmt_pending_find(MGMT_OP_BLOCK_DEVICE, hdev);
5e762444 4277
88c1fe4b
JH		 4278 bacpy(&ev.addr.bdaddr, bdaddr);
4279 ev.addr.type = type;
5e762444 4280
744cf19e 4281 return mgmt_event(MGMT_EV_DEVICE_BLOCKED, hdev, &ev, sizeof(ev),
04124681 4282 cmd ? cmd->sk : NULL);
5e762444
AJ		 4283}
4284
88c1fe4b 4285int mgmt_device_unblocked(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
5e762444
AJ		 4286{
4287 struct pending_cmd *cmd;
4288 struct mgmt_ev_device_unblocked ev;
4289
2e58ef3e 4290 cmd = mgmt_pending_find(MGMT_OP_UNBLOCK_DEVICE, hdev);
5e762444 4291
88c1fe4b
JH		 4292 bacpy(&ev.addr.bdaddr, bdaddr);
4293 ev.addr.type = type;
5e762444 4294
744cf19e 4295 return mgmt_event(MGMT_EV_DEVICE_UNBLOCKED, hdev, &ev, sizeof(ev),
04124681 4296 cmd ? cmd->sk : NULL);
5e762444 4297}
d7b7e796
MH		 4298
4299module_param(enable_hs, bool, 0644);
4300MODULE_PARM_DESC(enable_hs, "Enable High Speed support");
ubuntu-zesty-kernel mirror