]> git.proxmox.com Git - mirror_ubuntu-artful-kernel.git/blame - net/bluetooth/mgmt.c
projects / mirror_ubuntu-artful-kernel.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Bluetooth: Add management command for setting Device ID
[mirror_ubuntu-artful-kernel.git] / net / bluetooth / mgmt.c
CommitLineData
0381101f
JH		 1/*
2 BlueZ - Bluetooth protocol stack for Linux
ea585ab5 3
0381101f 4 Copyright (C) 2010 Nokia Corporation
ea585ab5 5 Copyright (C) 2011-2012 Intel Corporation
0381101f
JH		 6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
10
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
23*/
24
25/* Bluetooth HCI Management interface */
26
ca69b795 27#include <linux/kernel.h>
72359753 28#include <linux/uaccess.h>
3a9a231d 29#include <linux/module.h>
0381101f
JH		 30#include <asm/unaligned.h>
31
32#include <net/bluetooth/bluetooth.h>
33#include <net/bluetooth/hci_core.h>
34#include <net/bluetooth/mgmt.h>
5fe57d9e 35#include <net/bluetooth/smp.h>
0381101f 36
d7b7e796
MH		 37bool enable_hs;
38bool enable_le;
39
2da9c55c
JH		 40#define MGMT_VERSION 1
41#define MGMT_REVISION 0
02d98129 42
e70bb2e8
JH		 43static const u16 mgmt_commands[] = {
44 MGMT_OP_READ_INDEX_LIST,
45 MGMT_OP_READ_INFO,
46 MGMT_OP_SET_POWERED,
47 MGMT_OP_SET_DISCOVERABLE,
48 MGMT_OP_SET_CONNECTABLE,
49 MGMT_OP_SET_FAST_CONNECTABLE,
50 MGMT_OP_SET_PAIRABLE,
51 MGMT_OP_SET_LINK_SECURITY,
52 MGMT_OP_SET_SSP,
53 MGMT_OP_SET_HS,
54 MGMT_OP_SET_LE,
55 MGMT_OP_SET_DEV_CLASS,
56 MGMT_OP_SET_LOCAL_NAME,
57 MGMT_OP_ADD_UUID,
58 MGMT_OP_REMOVE_UUID,
59 MGMT_OP_LOAD_LINK_KEYS,
60 MGMT_OP_LOAD_LONG_TERM_KEYS,
61 MGMT_OP_DISCONNECT,
62 MGMT_OP_GET_CONNECTIONS,
63 MGMT_OP_PIN_CODE_REPLY,
64 MGMT_OP_PIN_CODE_NEG_REPLY,
65 MGMT_OP_SET_IO_CAPABILITY,
66 MGMT_OP_PAIR_DEVICE,
67 MGMT_OP_CANCEL_PAIR_DEVICE,
68 MGMT_OP_UNPAIR_DEVICE,
69 MGMT_OP_USER_CONFIRM_REPLY,
70 MGMT_OP_USER_CONFIRM_NEG_REPLY,
71 MGMT_OP_USER_PASSKEY_REPLY,
72 MGMT_OP_USER_PASSKEY_NEG_REPLY,
73 MGMT_OP_READ_LOCAL_OOB_DATA,
74 MGMT_OP_ADD_REMOTE_OOB_DATA,
75 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
76 MGMT_OP_START_DISCOVERY,
77 MGMT_OP_STOP_DISCOVERY,
78 MGMT_OP_CONFIRM_NAME,
79 MGMT_OP_BLOCK_DEVICE,
80 MGMT_OP_UNBLOCK_DEVICE,
cdbaccca 81 MGMT_OP_SET_DEVICE_ID,
e70bb2e8
JH		 82};
83
84static const u16 mgmt_events[] = {
85 MGMT_EV_CONTROLLER_ERROR,
86 MGMT_EV_INDEX_ADDED,
87 MGMT_EV_INDEX_REMOVED,
88 MGMT_EV_NEW_SETTINGS,
89 MGMT_EV_CLASS_OF_DEV_CHANGED,
90 MGMT_EV_LOCAL_NAME_CHANGED,
91 MGMT_EV_NEW_LINK_KEY,
92 MGMT_EV_NEW_LONG_TERM_KEY,
93 MGMT_EV_DEVICE_CONNECTED,
94 MGMT_EV_DEVICE_DISCONNECTED,
95 MGMT_EV_CONNECT_FAILED,
96 MGMT_EV_PIN_CODE_REQUEST,
97 MGMT_EV_USER_CONFIRM_REQUEST,
98 MGMT_EV_USER_PASSKEY_REQUEST,
99 MGMT_EV_AUTH_FAILED,
100 MGMT_EV_DEVICE_FOUND,
101 MGMT_EV_DISCOVERING,
102 MGMT_EV_DEVICE_BLOCKED,
103 MGMT_EV_DEVICE_UNBLOCKED,
104 MGMT_EV_DEVICE_UNPAIRED,
105};
106
3fd24153
AG		 107/*
108 * These LE scan and inquiry parameters were chosen according to LE General
109 * Discovery Procedure specification.
110 */
111#define LE_SCAN_TYPE 0x01
112#define LE_SCAN_WIN 0x12
113#define LE_SCAN_INT 0x12
114#define LE_SCAN_TIMEOUT_LE_ONLY 10240 /* TGAP(gen_disc_scan_min) */
5e0452c0 115#define LE_SCAN_TIMEOUT_BREDR_LE 5120 /* TGAP(100)/2 */
3fd24153 116
e8777525 117#define INQUIRY_LEN_BREDR 0x08 /* TGAP(100) */
5e0452c0 118#define INQUIRY_LEN_BREDR_LE 0x04 /* TGAP(100)/2 */
2519a1fc 119
17b02e62 120#define CACHE_TIMEOUT msecs_to_jiffies(2 * 1000)
7d78525d 121
4b34ee78
JH		 122#define hdev_is_powered(hdev) (test_bit(HCI_UP, &hdev->flags) && \
123 !test_bit(HCI_AUTO_OFF, &hdev->dev_flags))
124
eec8d2bc
JH		 125struct pending_cmd {
126 struct list_head list;
fc2f4b13 127 u16 opcode;
eec8d2bc 128 int index;
c68fb7ff 129 void *param;
eec8d2bc 130 struct sock *sk;
e9a416b5 131 void *user_data;
eec8d2bc
JH		 132};
133
ca69b795
JH		 134/* HCI to MGMT error code conversion table */
135static u8 mgmt_status_table[] = {
136 MGMT_STATUS_SUCCESS,
137 MGMT_STATUS_UNKNOWN_COMMAND, /* Unknown Command */
138 MGMT_STATUS_NOT_CONNECTED, /* No Connection */
139 MGMT_STATUS_FAILED, /* Hardware Failure */
140 MGMT_STATUS_CONNECT_FAILED, /* Page Timeout */
141 MGMT_STATUS_AUTH_FAILED, /* Authentication Failed */
142 MGMT_STATUS_NOT_PAIRED, /* PIN or Key Missing */
143 MGMT_STATUS_NO_RESOURCES, /* Memory Full */
144 MGMT_STATUS_TIMEOUT, /* Connection Timeout */
145 MGMT_STATUS_NO_RESOURCES, /* Max Number of Connections */
146 MGMT_STATUS_NO_RESOURCES, /* Max Number of SCO Connections */
147 MGMT_STATUS_ALREADY_CONNECTED, /* ACL Connection Exists */
148 MGMT_STATUS_BUSY, /* Command Disallowed */
149 MGMT_STATUS_NO_RESOURCES, /* Rejected Limited Resources */
150 MGMT_STATUS_REJECTED, /* Rejected Security */
151 MGMT_STATUS_REJECTED, /* Rejected Personal */
152 MGMT_STATUS_TIMEOUT, /* Host Timeout */
153 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Feature */
154 MGMT_STATUS_INVALID_PARAMS, /* Invalid Parameters */
155 MGMT_STATUS_DISCONNECTED, /* OE User Ended Connection */
156 MGMT_STATUS_NO_RESOURCES, /* OE Low Resources */
157 MGMT_STATUS_DISCONNECTED, /* OE Power Off */
158 MGMT_STATUS_DISCONNECTED, /* Connection Terminated */
159 MGMT_STATUS_BUSY, /* Repeated Attempts */
160 MGMT_STATUS_REJECTED, /* Pairing Not Allowed */
161 MGMT_STATUS_FAILED, /* Unknown LMP PDU */
162 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Remote Feature */
163 MGMT_STATUS_REJECTED, /* SCO Offset Rejected */
164 MGMT_STATUS_REJECTED, /* SCO Interval Rejected */
165 MGMT_STATUS_REJECTED, /* Air Mode Rejected */
166 MGMT_STATUS_INVALID_PARAMS, /* Invalid LMP Parameters */
167 MGMT_STATUS_FAILED, /* Unspecified Error */
168 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported LMP Parameter Value */
169 MGMT_STATUS_FAILED, /* Role Change Not Allowed */
170 MGMT_STATUS_TIMEOUT, /* LMP Response Timeout */
171 MGMT_STATUS_FAILED, /* LMP Error Transaction Collision */
172 MGMT_STATUS_FAILED, /* LMP PDU Not Allowed */
173 MGMT_STATUS_REJECTED, /* Encryption Mode Not Accepted */
174 MGMT_STATUS_FAILED, /* Unit Link Key Used */
175 MGMT_STATUS_NOT_SUPPORTED, /* QoS Not Supported */
176 MGMT_STATUS_TIMEOUT, /* Instant Passed */
177 MGMT_STATUS_NOT_SUPPORTED, /* Pairing Not Supported */
178 MGMT_STATUS_FAILED, /* Transaction Collision */
179 MGMT_STATUS_INVALID_PARAMS, /* Unacceptable Parameter */
180 MGMT_STATUS_REJECTED, /* QoS Rejected */
181 MGMT_STATUS_NOT_SUPPORTED, /* Classification Not Supported */
182 MGMT_STATUS_REJECTED, /* Insufficient Security */
183 MGMT_STATUS_INVALID_PARAMS, /* Parameter Out Of Range */
184 MGMT_STATUS_BUSY, /* Role Switch Pending */
185 MGMT_STATUS_FAILED, /* Slot Violation */
186 MGMT_STATUS_FAILED, /* Role Switch Failed */
187 MGMT_STATUS_INVALID_PARAMS, /* EIR Too Large */
188 MGMT_STATUS_NOT_SUPPORTED, /* Simple Pairing Not Supported */
189 MGMT_STATUS_BUSY, /* Host Busy Pairing */
190 MGMT_STATUS_REJECTED, /* Rejected, No Suitable Channel */
191 MGMT_STATUS_BUSY, /* Controller Busy */
192 MGMT_STATUS_INVALID_PARAMS, /* Unsuitable Connection Interval */
193 MGMT_STATUS_TIMEOUT, /* Directed Advertising Timeout */
194 MGMT_STATUS_AUTH_FAILED, /* Terminated Due to MIC Failure */
195 MGMT_STATUS_CONNECT_FAILED, /* Connection Establishment Failed */
196 MGMT_STATUS_CONNECT_FAILED, /* MAC Connection Failed */
197};
198
199static u8 mgmt_status(u8 hci_status)
200{
201 if (hci_status < ARRAY_SIZE(mgmt_status_table))
202 return mgmt_status_table[hci_status];
203
204 return MGMT_STATUS_FAILED;
205}
206
4e51eae9 207static int cmd_status(struct sock *sk, u16 index, u16 cmd, u8 status)
f7b64e69
JH		 208{
209 struct sk_buff *skb;
210 struct mgmt_hdr *hdr;
211 struct mgmt_ev_cmd_status *ev;
56b7d137 212 int err;
f7b64e69 213
34eb525c 214 BT_DBG("sock %p, index %u, cmd %u, status %u", sk, index, cmd, status);
f7b64e69
JH		 215
216 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev), GFP_ATOMIC);
217 if (!skb)
218 return -ENOMEM;
219
220 hdr = (void *) skb_put(skb, sizeof(*hdr));
221
222 hdr->opcode = cpu_to_le16(MGMT_EV_CMD_STATUS);
4e51eae9 223 hdr->index = cpu_to_le16(index);
f7b64e69
JH		 224 hdr->len = cpu_to_le16(sizeof(*ev));
225
226 ev = (void *) skb_put(skb, sizeof(*ev));
227 ev->status = status;
228 put_unaligned_le16(cmd, &ev->opcode);
229
56b7d137
GP		 230 err = sock_queue_rcv_skb(sk, skb);
231 if (err < 0)
f7b64e69
JH		 232 kfree_skb(skb);
233
56b7d137 234 return err;
f7b64e69
JH		 235}
236
aee9b218 237static int cmd_complete(struct sock *sk, u16 index, u16 cmd, u8 status,
04124681 238 void *rp, size_t rp_len)
02d98129
JH		 239{
240 struct sk_buff *skb;
241 struct mgmt_hdr *hdr;
242 struct mgmt_ev_cmd_complete *ev;
56b7d137 243 int err;
02d98129
JH		 244
245 BT_DBG("sock %p", sk);
246
a38528f1 247 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev) + rp_len, GFP_ATOMIC);
02d98129
JH		 248 if (!skb)
249 return -ENOMEM;
250
251 hdr = (void *) skb_put(skb, sizeof(*hdr));
02d98129 252
a38528f1 253 hdr->opcode = cpu_to_le16(MGMT_EV_CMD_COMPLETE);
4e51eae9 254 hdr->index = cpu_to_le16(index);
a38528f1 255 hdr->len = cpu_to_le16(sizeof(*ev) + rp_len);
02d98129 256
a38528f1
JH		 257 ev = (void *) skb_put(skb, sizeof(*ev) + rp_len);
258 put_unaligned_le16(cmd, &ev->opcode);
aee9b218 259 ev->status = status;
8020c16a
SJ		 260
261 if (rp)
262 memcpy(ev->data, rp, rp_len);
02d98129 263
56b7d137
GP		 264 err = sock_queue_rcv_skb(sk, skb);
265 if (err < 0)
02d98129
JH		 266 kfree_skb(skb);
267
e5f0e151 268 return err;
02d98129
JH		 269}
270
04124681
GP		 271static int read_version(struct sock *sk, struct hci_dev *hdev, void *data,
272 u16 data_len)
a38528f1
JH		 273{
274 struct mgmt_rp_read_version rp;
275
276 BT_DBG("sock %p", sk);
277
278 rp.version = MGMT_VERSION;
279 put_unaligned_le16(MGMT_REVISION, &rp.revision);
280
aee9b218 281 return cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_VERSION, 0, &rp,
04124681 282 sizeof(rp));
a38528f1
JH		 283}
284
04124681
GP		 285static int read_commands(struct sock *sk, struct hci_dev *hdev, void *data,
286 u16 data_len)
e70bb2e8
JH		 287{
288 struct mgmt_rp_read_commands *rp;
289 u16 num_commands = ARRAY_SIZE(mgmt_commands);
290 u16 num_events = ARRAY_SIZE(mgmt_events);
291 u16 *opcode;
292 size_t rp_size;
293 int i, err;
294
295 BT_DBG("sock %p", sk);
296
297 rp_size = sizeof(*rp) + ((num_commands + num_events) * sizeof(u16));
298
299 rp = kmalloc(rp_size, GFP_KERNEL);
300 if (!rp)
301 return -ENOMEM;
302
303 put_unaligned_le16(num_commands, &rp->num_commands);
304 put_unaligned_le16(num_events, &rp->num_events);
305
306 for (i = 0, opcode = rp->opcodes; i < num_commands; i++, opcode++)
307 put_unaligned_le16(mgmt_commands[i], opcode);
308
309 for (i = 0; i < num_events; i++, opcode++)
310 put_unaligned_le16(mgmt_events[i], opcode);
311
aee9b218 312 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_COMMANDS, 0, rp,
04124681 313 rp_size);
e70bb2e8
JH		 314 kfree(rp);
315
316 return err;
317}
318
04124681
GP		 319static int read_index_list(struct sock *sk, struct hci_dev *hdev, void *data,
320 u16 data_len)
faba42eb 321{
faba42eb
JH		 322 struct mgmt_rp_read_index_list *rp;
323 struct list_head *p;
8035ded4 324 struct hci_dev *d;
a38528f1 325 size_t rp_len;
faba42eb 326 u16 count;
a38528f1 327 int i, err;
faba42eb
JH		 328
329 BT_DBG("sock %p", sk);
330
331 read_lock(&hci_dev_list_lock);
332
333 count = 0;
334 list_for_each(p, &hci_dev_list) {
335 count++;
336 }
337
a38528f1
JH		 338 rp_len = sizeof(*rp) + (2 * count);
339 rp = kmalloc(rp_len, GFP_ATOMIC);
340 if (!rp) {
b2c60d42 341 read_unlock(&hci_dev_list_lock);
faba42eb 342 return -ENOMEM;
b2c60d42 343 }
faba42eb 344
faba42eb
JH		 345 put_unaligned_le16(count, &rp->num_controllers);
346
347 i = 0;
8035ded4 348 list_for_each_entry(d, &hci_dev_list, list) {
a8b2d5c2 349 if (test_bit(HCI_SETUP, &d->dev_flags))
ab81cbf9
JH		 350 continue;
351
faba42eb
JH		 352 put_unaligned_le16(d->id, &rp->index[i++]);
353 BT_DBG("Added hci%u", d->id);
354 }
355
356 read_unlock(&hci_dev_list_lock);
357
aee9b218 358 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_INDEX_LIST, 0, rp,
04124681 359 rp_len);
faba42eb 360
a38528f1
JH		 361 kfree(rp);
362
363 return err;
faba42eb
JH		 364}
365
69ab39ea
JH		 366static u32 get_supported_settings(struct hci_dev *hdev)
367{
368 u32 settings = 0;
369
370 settings |= MGMT_SETTING_POWERED;
371 settings |= MGMT_SETTING_CONNECTABLE;
372 settings |= MGMT_SETTING_FAST_CONNECTABLE;
373 settings |= MGMT_SETTING_DISCOVERABLE;
374 settings |= MGMT_SETTING_PAIRABLE;
375
376 if (hdev->features[6] & LMP_SIMPLE_PAIR)
377 settings |= MGMT_SETTING_SSP;
378
379 if (!(hdev->features[4] & LMP_NO_BREDR)) {
380 settings |= MGMT_SETTING_BREDR;
381 settings |= MGMT_SETTING_LINK_SECURITY;
382 }
383
d7b7e796
MH		 384 if (enable_hs)
385 settings |= MGMT_SETTING_HS;
386
387 if (enable_le) {
388 if (hdev->features[4] & LMP_LE)
389 settings |= MGMT_SETTING_LE;
390 }
69ab39ea
JH		 391
392 return settings;
393}
394
395static u32 get_current_settings(struct hci_dev *hdev)
396{
397 u32 settings = 0;
398
f1f0eb02 399 if (hdev_is_powered(hdev))
f0d4b78a
MH		 400 settings |= MGMT_SETTING_POWERED;
401
5e5282bb 402 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
69ab39ea
JH		 403 settings |= MGMT_SETTING_CONNECTABLE;
404
5e5282bb 405 if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
69ab39ea
JH		 406 settings |= MGMT_SETTING_DISCOVERABLE;
407
a8b2d5c2 408 if (test_bit(HCI_PAIRABLE, &hdev->dev_flags))
69ab39ea
JH		 409 settings |= MGMT_SETTING_PAIRABLE;
410
411 if (!(hdev->features[4] & LMP_NO_BREDR))
412 settings |= MGMT_SETTING_BREDR;
413
06199cf8 414 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
69ab39ea
JH		 415 settings |= MGMT_SETTING_LE;
416
47990ea0 417 if (test_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
69ab39ea
JH		 418 settings |= MGMT_SETTING_LINK_SECURITY;
419
84bde9d6 420 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
69ab39ea
JH		 421 settings |= MGMT_SETTING_SSP;
422
6d80dfd0
JH		 423 if (test_bit(HCI_HS_ENABLED, &hdev->dev_flags))
424 settings |= MGMT_SETTING_HS;
425
69ab39ea
JH		 426 return settings;
427}
428
ef580372
JH		 429#define PNP_INFO_SVCLASS_ID 0x1200
430
431static u8 bluetooth_base_uuid[] = {
432 0xFB, 0x34, 0x9B, 0x5F, 0x80, 0x00, 0x00, 0x80,
433 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
434};
435
436static u16 get_uuid16(u8 *uuid128)
437{
438 u32 val;
439 int i;
440
441 for (i = 0; i < 12; i++) {
442 if (bluetooth_base_uuid[i] != uuid128[i])
443 return 0;
444 }
445
446 memcpy(&val, &uuid128[12], 4);
447
448 val = le32_to_cpu(val);
449 if (val > 0xffff)
450 return 0;
451
452 return (u16) val;
453}
454
455static void create_eir(struct hci_dev *hdev, u8 *data)
456{
457 u8 *ptr = data;
458 u16 eir_len = 0;
459 u16 uuid16_list[HCI_MAX_EIR_LENGTH / sizeof(u16)];
460 int i, truncated = 0;
461 struct bt_uuid *uuid;
462 size_t name_len;
463
464 name_len = strlen(hdev->dev_name);
465
466 if (name_len > 0) {
467 /* EIR Data type */
468 if (name_len > 48) {
469 name_len = 48;
470 ptr[1] = EIR_NAME_SHORT;
471 } else
472 ptr[1] = EIR_NAME_COMPLETE;
473
474 /* EIR Data length */
475 ptr[0] = name_len + 1;
476
477 memcpy(ptr + 2, hdev->dev_name, name_len);
478
479 eir_len += (name_len + 2);
480 ptr += (name_len + 2);
481 }
482
91c4e9b1
MH		 483 if (hdev->inq_tx_power) {
484 ptr[0] = 2;
485 ptr[1] = EIR_TX_POWER;
486 ptr[2] = (u8) hdev->inq_tx_power;
487
488 eir_len += 3;
489 ptr += 3;
490 }
491
2b9be137
MH		 492 if (hdev->devid_source > 0) {
493 ptr[0] = 9;
494 ptr[1] = EIR_DEVICE_ID;
495
496 put_unaligned_le16(hdev->devid_source, ptr + 2);
497 put_unaligned_le16(hdev->devid_vendor, ptr + 4);
498 put_unaligned_le16(hdev->devid_product, ptr + 6);
499 put_unaligned_le16(hdev->devid_version, ptr + 8);
500
501 eir_len += 10;
502 ptr += 10;
503 }
504
ef580372
JH		 505 memset(uuid16_list, 0, sizeof(uuid16_list));
506
507 /* Group all UUID16 types */
508 list_for_each_entry(uuid, &hdev->uuids, list) {
509 u16 uuid16;
510
511 uuid16 = get_uuid16(uuid->uuid);
512 if (uuid16 == 0)
513 return;
514
515 if (uuid16 < 0x1100)
516 continue;
517
518 if (uuid16 == PNP_INFO_SVCLASS_ID)
519 continue;
520
521 /* Stop if not enough space to put next UUID */
522 if (eir_len + 2 + sizeof(u16) > HCI_MAX_EIR_LENGTH) {
523 truncated = 1;
524 break;
525 }
526
527 /* Check for duplicates */
528 for (i = 0; uuid16_list[i] != 0; i++)
529 if (uuid16_list[i] == uuid16)
530 break;
531
532 if (uuid16_list[i] == 0) {
533 uuid16_list[i] = uuid16;
534 eir_len += sizeof(u16);
535 }
536 }
537
538 if (uuid16_list[0] != 0) {
539 u8 *length = ptr;
540
541 /* EIR Data type */
542 ptr[1] = truncated ? EIR_UUID16_SOME : EIR_UUID16_ALL;
543
544 ptr += 2;
545 eir_len += 2;
546
547 for (i = 0; uuid16_list[i] != 0; i++) {
548 *ptr++ = (uuid16_list[i] & 0x00ff);
549 *ptr++ = (uuid16_list[i] & 0xff00) >> 8;
550 }
551
552 /* EIR Data length */
553 *length = (i * sizeof(u16)) + 1;
554 }
555}
556
557static int update_eir(struct hci_dev *hdev)
558{
559 struct hci_cp_write_eir cp;
560
504c8dcd 561 if (!hdev_is_powered(hdev))
7770c4aa
JH		 562 return 0;
563
ef580372
JH		 564 if (!(hdev->features[6] & LMP_EXT_INQ))
565 return 0;
566
84bde9d6 567 if (!test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
ef580372
JH		 568 return 0;
569
a8b2d5c2 570 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
ef580372
JH		 571 return 0;
572
573 memset(&cp, 0, sizeof(cp));
574
575 create_eir(hdev, cp.data);
576
577 if (memcmp(cp.data, hdev->eir, sizeof(cp.data)) == 0)
578 return 0;
579
580 memcpy(hdev->eir, cp.data, sizeof(cp.data));
581
582 return hci_send_cmd(hdev, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
583}
584
585static u8 get_service_classes(struct hci_dev *hdev)
586{
587 struct bt_uuid *uuid;
588 u8 val = 0;
589
590 list_for_each_entry(uuid, &hdev->uuids, list)
591 val |= uuid->svc_hint;
592
593 return val;
594}
595
596static int update_class(struct hci_dev *hdev)
597{
598 u8 cod[3];
c95f0ba7 599 int err;
ef580372
JH		 600
601 BT_DBG("%s", hdev->name);
602
504c8dcd 603 if (!hdev_is_powered(hdev))
7770c4aa
JH		 604 return 0;
605
a8b2d5c2 606 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
ef580372
JH		 607 return 0;
608
609 cod[0] = hdev->minor_class;
610 cod[1] = hdev->major_class;
611 cod[2] = get_service_classes(hdev);
612
613 if (memcmp(cod, hdev->dev_class, 3) == 0)
614 return 0;
615
c95f0ba7
JH		 616 err = hci_send_cmd(hdev, HCI_OP_WRITE_CLASS_OF_DEV, sizeof(cod), cod);
617 if (err == 0)
618 set_bit(HCI_PENDING_CLASS, &hdev->dev_flags);
619
620 return err;
ef580372
JH		 621}
622
7d78525d
JH		 623static void service_cache_off(struct work_struct *work)
624{
625 struct hci_dev *hdev = container_of(work, struct hci_dev,
04124681 626 service_cache.work);
7d78525d 627
a8b2d5c2 628 if (!test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
7d78525d
JH		 629 return;
630
631 hci_dev_lock(hdev);
632
633 update_eir(hdev);
634 update_class(hdev);
635
636 hci_dev_unlock(hdev);
637}
638
6a919082 639static void mgmt_init_hdev(struct sock *sk, struct hci_dev *hdev)
7d78525d 640{
4f87da80 641 if (test_and_set_bit(HCI_MGMT, &hdev->dev_flags))
6a919082
JH		 642 return;
643
4f87da80 644 INIT_DELAYED_WORK(&hdev->service_cache, service_cache_off);
7d78525d 645
4f87da80
JH		 646 /* Non-mgmt controlled devices get this bit set
647 * implicitly so that pairing works for them, however
648 * for mgmt we require user-space to explicitly enable
649 * it
650 */
651 clear_bit(HCI_PAIRABLE, &hdev->dev_flags);
7d78525d
JH		 652}
653
0f4e68cf 654static int read_controller_info(struct sock *sk, struct hci_dev *hdev,
04124681 655 void *data, u16 data_len)
0381101f 656{
a38528f1 657 struct mgmt_rp_read_info rp;
f7b64e69 658
bdb6d971 659 BT_DBG("sock %p %s", sk, hdev->name);
f7b64e69 660
09fd0de5 661 hci_dev_lock(hdev);
f7b64e69 662
dc4fe30b
JH		 663 memset(&rp, 0, sizeof(rp));
664
69ab39ea 665 bacpy(&rp.bdaddr, &hdev->bdaddr);
f7b64e69 666
69ab39ea 667 rp.version = hdev->hci_ver;
f7b64e69 668
69ab39ea
JH		 669 put_unaligned_le16(hdev->manufacturer, &rp.manufacturer);
670
671 rp.supported_settings = cpu_to_le32(get_supported_settings(hdev));
672 rp.current_settings = cpu_to_le32(get_current_settings(hdev));
f7b64e69 673
a38528f1 674 memcpy(rp.dev_class, hdev->dev_class, 3);
f7b64e69 675
dc4fe30b 676 memcpy(rp.name, hdev->dev_name, sizeof(hdev->dev_name));
27fcc362 677 memcpy(rp.short_name, hdev->short_name, sizeof(hdev->short_name));
dc4fe30b 678
09fd0de5 679 hci_dev_unlock(hdev);
0381101f 680
bdb6d971 681 return cmd_complete(sk, hdev->id, MGMT_OP_READ_INFO, 0, &rp,
04124681 682 sizeof(rp));
0381101f
JH		 683}
684
eec8d2bc
JH		 685static void mgmt_pending_free(struct pending_cmd *cmd)
686{
687 sock_put(cmd->sk);
c68fb7ff 688 kfree(cmd->param);
eec8d2bc
JH		 689 kfree(cmd);
690}
691
366a0336 692static struct pending_cmd *mgmt_pending_add(struct sock *sk, u16 opcode,
04124681
GP		 693 struct hci_dev *hdev, void *data,
694 u16 len)
eec8d2bc
JH		 695{
696 struct pending_cmd *cmd;
697
698 cmd = kmalloc(sizeof(*cmd), GFP_ATOMIC);
699 if (!cmd)
366a0336 700 return NULL;
eec8d2bc
JH		 701
702 cmd->opcode = opcode;
2e58ef3e 703 cmd->index = hdev->id;
eec8d2bc 704
c68fb7ff
SJ		 705 cmd->param = kmalloc(len, GFP_ATOMIC);
706 if (!cmd->param) {
eec8d2bc 707 kfree(cmd);
366a0336 708 return NULL;
eec8d2bc
JH		 709 }
710
8fce6357
SJ		 711 if (data)
712 memcpy(cmd->param, data, len);
eec8d2bc
JH		 713
714 cmd->sk = sk;
715 sock_hold(sk);
716
2e58ef3e 717 list_add(&cmd->list, &hdev->mgmt_pending);
eec8d2bc 718
366a0336 719 return cmd;
eec8d2bc
JH		 720}
721
744cf19e 722static void mgmt_pending_foreach(u16 opcode, struct hci_dev *hdev,
04124681
GP		 723 void (*cb)(struct pending_cmd *cmd, void *data),
724 void *data)
eec8d2bc
JH		 725{
726 struct list_head *p, *n;
727
2e58ef3e 728 list_for_each_safe(p, n, &hdev->mgmt_pending) {
eec8d2bc
JH		 729 struct pending_cmd *cmd;
730
731 cmd = list_entry(p, struct pending_cmd, list);
732
b24752fe 733 if (opcode > 0 && cmd->opcode != opcode)
eec8d2bc
JH		 734 continue;
735
eec8d2bc
JH		 736 cb(cmd, data);
737 }
738}
739
2e58ef3e 740static struct pending_cmd *mgmt_pending_find(u16 opcode, struct hci_dev *hdev)
eec8d2bc 741{
8035ded4 742 struct pending_cmd *cmd;
eec8d2bc 743
2e58ef3e 744 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
2aeabcbe
JH		 745 if (cmd->opcode == opcode)
746 return cmd;
eec8d2bc
JH		 747 }
748
749 return NULL;
750}
751
a664b5bc 752static void mgmt_pending_remove(struct pending_cmd *cmd)
73f22f62 753{
73f22f62
JH		 754 list_del(&cmd->list);
755 mgmt_pending_free(cmd);
756}
757
69ab39ea 758static int send_settings_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
8680570b 759{
69ab39ea 760 __le32 settings = cpu_to_le32(get_current_settings(hdev));
8680570b 761
aee9b218 762 return cmd_complete(sk, hdev->id, opcode, 0, &settings,
04124681 763 sizeof(settings));
8680570b
JH		 764}
765
bdb6d971 766static int set_powered(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 767 u16 len)
eec8d2bc 768{
650f726d 769 struct mgmt_mode *cp = data;
366a0336 770 struct pending_cmd *cmd;
4b34ee78 771 int err;
eec8d2bc 772
bdb6d971 773 BT_DBG("request for %s", hdev->name);
eec8d2bc 774
09fd0de5 775 hci_dev_lock(hdev);
eec8d2bc 776
f0d4b78a
MH		 777 if (test_and_clear_bit(HCI_AUTO_OFF, &hdev->dev_flags)) {
778 cancel_delayed_work(&hdev->power_off);
779
780 if (cp->val) {
781 err = send_settings_rsp(sk, MGMT_OP_SET_POWERED, hdev);
782 mgmt_powered(hdev, 1);
783 goto failed;
784 }
785 }
786
4b34ee78 787 if (!!cp->val == hdev_is_powered(hdev)) {
69ab39ea 788 err = send_settings_rsp(sk, MGMT_OP_SET_POWERED, hdev);
eec8d2bc
JH		 789 goto failed;
790 }
791
2e58ef3e 792 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev)) {
bdb6d971 793 err = cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
04124681 794 MGMT_STATUS_BUSY);
eec8d2bc
JH		 795 goto failed;
796 }
797
2e58ef3e 798 cmd = mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev, data, len);
366a0336
JH		 799 if (!cmd) {
800 err = -ENOMEM;
eec8d2bc 801 goto failed;
366a0336 802 }
eec8d2bc 803
72a734ec 804 if (cp->val)
7f971041 805 schedule_work(&hdev->power_on);
eec8d2bc 806 else
80b7ab33 807 schedule_work(&hdev->power_off.work);
eec8d2bc 808
366a0336 809 err = 0;
eec8d2bc
JH		 810
811failed:
09fd0de5 812 hci_dev_unlock(hdev);
366a0336 813 return err;
eec8d2bc
JH		 814}
815
04124681
GP		 816static int mgmt_event(u16 event, struct hci_dev *hdev, void *data, u16 data_len,
817 struct sock *skip_sk)
beadb2bd
JH		 818{
819 struct sk_buff *skb;
820 struct mgmt_hdr *hdr;
821
822 skb = alloc_skb(sizeof(*hdr) + data_len, GFP_ATOMIC);
823 if (!skb)
824 return -ENOMEM;
825
826 hdr = (void *) skb_put(skb, sizeof(*hdr));
827 hdr->opcode = cpu_to_le16(event);
828 if (hdev)
829 hdr->index = cpu_to_le16(hdev->id);
830 else
831 hdr->index = cpu_to_le16(MGMT_INDEX_NONE);
832 hdr->len = cpu_to_le16(data_len);
833
834 if (data)
835 memcpy(skb_put(skb, data_len), data, data_len);
836
97e0bdeb
MH		 837 /* Time stamp */
838 __net_timestamp(skb);
839
beadb2bd
JH		 840 hci_send_to_control(skb, skip_sk);
841 kfree_skb(skb);
842
843 return 0;
844}
845
846static int new_settings(struct hci_dev *hdev, struct sock *skip)
847{
848 __le32 ev;
849
850 ev = cpu_to_le32(get_current_settings(hdev));
851
852 return mgmt_event(MGMT_EV_NEW_SETTINGS, hdev, &ev, sizeof(ev), skip);
853}
854
bdb6d971 855static int set_discoverable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 856 u16 len)
73f22f62 857{
650f726d 858 struct mgmt_cp_set_discoverable *cp = data;
366a0336 859 struct pending_cmd *cmd;
5e5282bb 860 u16 timeout;
73f22f62
JH		 861 u8 scan;
862 int err;
863
bdb6d971 864 BT_DBG("request for %s", hdev->name);
73f22f62 865
24c54a90
MH		 866 timeout = get_unaligned_le16(&cp->timeout);
867 if (!cp->val && timeout > 0)
bdb6d971 868 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 869 MGMT_STATUS_INVALID_PARAMS);
73f22f62 870
09fd0de5 871 hci_dev_lock(hdev);
73f22f62 872
5e5282bb 873 if (!hdev_is_powered(hdev) && timeout > 0) {
bdb6d971 874 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 875 MGMT_STATUS_NOT_POWERED);
73f22f62
JH		 876 goto failed;
877 }
878
2e58ef3e
JH		 879 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
880 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
bdb6d971 881 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 882 MGMT_STATUS_BUSY);
73f22f62
JH		 883 goto failed;
884 }
885
5e5282bb 886 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags)) {
bdb6d971 887 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 888 MGMT_STATUS_REJECTED);
5e5282bb
JH		 889 goto failed;
890 }
891
892 if (!hdev_is_powered(hdev)) {
0224d2fa
JH		 893 bool changed = false;
894
895 if (!!cp->val != test_bit(HCI_DISCOVERABLE, &hdev->dev_flags)) {
896 change_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
897 changed = true;
898 }
899
5e5282bb 900 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
0224d2fa
JH		 901 if (err < 0)
902 goto failed;
903
904 if (changed)
905 err = new_settings(hdev, sk);
906
5e5282bb
JH		 907 goto failed;
908 }
909
910 if (!!cp->val == test_bit(HCI_DISCOVERABLE, &hdev->dev_flags)) {
955638ec
MH		 911 if (hdev->discov_timeout > 0) {
912 cancel_delayed_work(&hdev->discov_off);
913 hdev->discov_timeout = 0;
914 }
915
916 if (cp->val && timeout > 0) {
917 hdev->discov_timeout = timeout;
918 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
919 msecs_to_jiffies(hdev->discov_timeout * 1000));
920 }
921
69ab39ea 922 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
73f22f62
JH		 923 goto failed;
924 }
925
2e58ef3e 926 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DISCOVERABLE, hdev, data, len);
366a0336
JH		 927 if (!cmd) {
928 err = -ENOMEM;
73f22f62 929 goto failed;
366a0336 930 }
73f22f62
JH		 931
932 scan = SCAN_PAGE;
933
72a734ec 934 if (cp->val)
73f22f62 935 scan |= SCAN_INQUIRY;
16ab91ab 936 else
e0f9309f 937 cancel_delayed_work(&hdev->discov_off);
73f22f62
JH		 938
939 err = hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
940 if (err < 0)
a664b5bc 941 mgmt_pending_remove(cmd);
73f22f62 942
16ab91ab 943 if (cp->val)
5e5282bb 944 hdev->discov_timeout = timeout;
16ab91ab 945
73f22f62 946failed:
09fd0de5 947 hci_dev_unlock(hdev);
73f22f62
JH		 948 return err;
949}
950
bdb6d971 951static int set_connectable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 952 u16 len)
9fbcbb45 953{
650f726d 954 struct mgmt_mode *cp = data;
366a0336 955 struct pending_cmd *cmd;
9fbcbb45
JH		 956 u8 scan;
957 int err;
958
bdb6d971 959 BT_DBG("request for %s", hdev->name);
9fbcbb45 960
09fd0de5 961 hci_dev_lock(hdev);
9fbcbb45 962
4b34ee78 963 if (!hdev_is_powered(hdev)) {
0224d2fa
JH		 964 bool changed = false;
965
966 if (!!cp->val != test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
967 changed = true;
968
6bf0e469 969 if (cp->val) {
5e5282bb 970 set_bit(HCI_CONNECTABLE, &hdev->dev_flags);
6bf0e469 971 } else {
5e5282bb
JH		 972 clear_bit(HCI_CONNECTABLE, &hdev->dev_flags);
973 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
974 }
0224d2fa 975
5e5282bb 976 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
0224d2fa
JH		 977 if (err < 0)
978 goto failed;
979
980 if (changed)
981 err = new_settings(hdev, sk);
982
9fbcbb45
JH		 983 goto failed;
984 }
985
2e58ef3e
JH		 986 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
987 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
bdb6d971 988 err = cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
04124681 989 MGMT_STATUS_BUSY);
9fbcbb45
JH		 990 goto failed;
991 }
992
5e5282bb 993 if (!!cp->val == test_bit(HCI_PSCAN, &hdev->flags)) {
69ab39ea 994 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
9fbcbb45
JH		 995 goto failed;
996 }
997
2e58ef3e 998 cmd = mgmt_pending_add(sk, MGMT_OP_SET_CONNECTABLE, hdev, data, len);
366a0336
JH		 999 if (!cmd) {
1000 err = -ENOMEM;
9fbcbb45 1001 goto failed;
366a0336 1002 }
9fbcbb45 1003
6bf0e469 1004 if (cp->val) {
9fbcbb45 1005 scan = SCAN_PAGE;
6bf0e469 1006 } else {
9fbcbb45
JH		 1007 scan = 0;
1008
df2c6c5e
JH		 1009 if (test_bit(HCI_ISCAN, &hdev->flags) &&
1010 hdev->discov_timeout > 0)
1011 cancel_delayed_work(&hdev->discov_off);
1012 }
1013
9fbcbb45
JH		 1014 err = hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1015 if (err < 0)
a664b5bc 1016 mgmt_pending_remove(cmd);
9fbcbb45
JH		 1017
1018failed:
09fd0de5 1019 hci_dev_unlock(hdev);
9fbcbb45
JH		 1020 return err;
1021}
1022
bdb6d971 1023static int set_pairable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1024 u16 len)
c542a06c 1025{
650f726d 1026 struct mgmt_mode *cp = data;
c542a06c
JH		 1027 int err;
1028
bdb6d971 1029 BT_DBG("request for %s", hdev->name);
c542a06c 1030
09fd0de5 1031 hci_dev_lock(hdev);
c542a06c
JH		 1032
1033 if (cp->val)
a8b2d5c2 1034 set_bit(HCI_PAIRABLE, &hdev->dev_flags);
c542a06c 1035 else
a8b2d5c2 1036 clear_bit(HCI_PAIRABLE, &hdev->dev_flags);
c542a06c 1037
69ab39ea 1038 err = send_settings_rsp(sk, MGMT_OP_SET_PAIRABLE, hdev);
c542a06c
JH		 1039 if (err < 0)
1040 goto failed;
1041
beadb2bd 1042 err = new_settings(hdev, sk);
c542a06c
JH		 1043
1044failed:
09fd0de5 1045 hci_dev_unlock(hdev);
c542a06c
JH		 1046 return err;
1047}
1048
04124681
GP		 1049static int set_link_security(struct sock *sk, struct hci_dev *hdev, void *data,
1050 u16 len)
33ef95ed
JH		 1051{
1052 struct mgmt_mode *cp = data;
1053 struct pending_cmd *cmd;
816a11d5 1054 u8 val;
33ef95ed
JH		 1055 int err;
1056
bdb6d971 1057 BT_DBG("request for %s", hdev->name);
33ef95ed 1058
33ef95ed
JH		 1059 hci_dev_lock(hdev);
1060
4b34ee78 1061 if (!hdev_is_powered(hdev)) {
47990ea0
JH		 1062 bool changed = false;
1063
1064 if (!!cp->val != test_bit(HCI_LINK_SECURITY,
1065 &hdev->dev_flags)) {
1066 change_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
1067 changed = true;
1068 }
1069
1070 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1071 if (err < 0)
1072 goto failed;
1073
1074 if (changed)
1075 err = new_settings(hdev, sk);
1076
33ef95ed
JH		 1077 goto failed;
1078 }
1079
1080 if (mgmt_pending_find(MGMT_OP_SET_LINK_SECURITY, hdev)) {
bdb6d971 1081 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
04124681 1082 MGMT_STATUS_BUSY);
33ef95ed
JH		 1083 goto failed;
1084 }
1085
1086 val = !!cp->val;
1087
1088 if (test_bit(HCI_AUTH, &hdev->flags) == val) {
1089 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1090 goto failed;
1091 }
1092
1093 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LINK_SECURITY, hdev, data, len);
1094 if (!cmd) {
1095 err = -ENOMEM;
1096 goto failed;
1097 }
1098
1099 err = hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE, sizeof(val), &val);
1100 if (err < 0) {
1101 mgmt_pending_remove(cmd);
1102 goto failed;
1103 }
1104
1105failed:
1106 hci_dev_unlock(hdev);
33ef95ed
JH		 1107 return err;
1108}
1109
bdb6d971 1110static int set_ssp(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
ed2c4ee3
JH		 1111{
1112 struct mgmt_mode *cp = data;
1113 struct pending_cmd *cmd;
816a11d5 1114 u8 val;
ed2c4ee3
JH		 1115 int err;
1116
bdb6d971 1117 BT_DBG("request for %s", hdev->name);
ed2c4ee3 1118
ed2c4ee3
JH		 1119 hci_dev_lock(hdev);
1120
6c8f12c1 1121 if (!(hdev->features[6] & LMP_SIMPLE_PAIR)) {
bdb6d971 1122 err = cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
04124681 1123 MGMT_STATUS_NOT_SUPPORTED);
6c8f12c1
JH		 1124 goto failed;
1125 }
1126
c0ecddc2
JH		 1127 val = !!cp->val;
1128
4b34ee78 1129 if (!hdev_is_powered(hdev)) {
c0ecddc2
JH		 1130 bool changed = false;
1131
1132 if (val != test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) {
1133 change_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
1134 changed = true;
1135 }
1136
1137 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1138 if (err < 0)
1139 goto failed;
1140
1141 if (changed)
1142 err = new_settings(hdev, sk);
1143
ed2c4ee3
JH		 1144 goto failed;
1145 }
1146
1147 if (mgmt_pending_find(MGMT_OP_SET_SSP, hdev)) {
04124681
GP		 1148 err = cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1149 MGMT_STATUS_BUSY);
ed2c4ee3
JH		 1150 goto failed;
1151 }
1152
ed2c4ee3
JH		 1153 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags) == val) {
1154 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1155 goto failed;
1156 }
1157
1158 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SSP, hdev, data, len);
1159 if (!cmd) {
1160 err = -ENOMEM;
1161 goto failed;
1162 }
1163
1164 err = hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, sizeof(val), &val);
1165 if (err < 0) {
1166 mgmt_pending_remove(cmd);
1167 goto failed;
1168 }
1169
1170failed:
1171 hci_dev_unlock(hdev);
ed2c4ee3
JH		 1172 return err;
1173}
1174
bdb6d971 1175static int set_hs(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
6d80dfd0
JH		 1176{
1177 struct mgmt_mode *cp = data;
6d80dfd0 1178
bdb6d971 1179 BT_DBG("request for %s", hdev->name);
6d80dfd0 1180
bdb6d971
JH		 1181 if (!enable_hs)
1182 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
04124681 1183 MGMT_STATUS_NOT_SUPPORTED);
6d80dfd0
JH		 1184
1185 if (cp->val)
1186 set_bit(HCI_HS_ENABLED, &hdev->dev_flags);
1187 else
1188 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
1189
bdb6d971 1190 return send_settings_rsp(sk, MGMT_OP_SET_HS, hdev);
6d80dfd0
JH		 1191}
1192
bdb6d971 1193static int set_le(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
06199cf8
JH		 1194{
1195 struct mgmt_mode *cp = data;
1196 struct hci_cp_write_le_host_supported hci_cp;
1197 struct pending_cmd *cmd;
06199cf8 1198 int err;
0b60eba1 1199 u8 val, enabled;
06199cf8 1200
bdb6d971 1201 BT_DBG("request for %s", hdev->name);
06199cf8 1202
1de028ce
JH		 1203 hci_dev_lock(hdev);
1204
06199cf8 1205 if (!enable_le || !(hdev->features[4] & LMP_LE)) {
bdb6d971 1206 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
04124681 1207 MGMT_STATUS_NOT_SUPPORTED);
1de028ce 1208 goto unlock;
06199cf8
JH		 1209 }
1210
1211 val = !!cp->val;
0b60eba1 1212 enabled = !!(hdev->host_features[0] & LMP_HOST_LE);
06199cf8 1213
0b60eba1 1214 if (!hdev_is_powered(hdev) || val == enabled) {
06199cf8
JH		 1215 bool changed = false;
1216
1217 if (val != test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
1218 change_bit(HCI_LE_ENABLED, &hdev->dev_flags);
1219 changed = true;
1220 }
1221
1222 err = send_settings_rsp(sk, MGMT_OP_SET_LE, hdev);
1223 if (err < 0)
1de028ce 1224 goto unlock;
06199cf8
JH		 1225
1226 if (changed)
1227 err = new_settings(hdev, sk);
1228
1de028ce 1229 goto unlock;
06199cf8
JH		 1230 }
1231
1232 if (mgmt_pending_find(MGMT_OP_SET_LE, hdev)) {
bdb6d971 1233 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
04124681 1234 MGMT_STATUS_BUSY);
1de028ce 1235 goto unlock;
06199cf8
JH		 1236 }
1237
1238 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LE, hdev, data, len);
1239 if (!cmd) {
1240 err = -ENOMEM;
1de028ce 1241 goto unlock;
06199cf8
JH		 1242 }
1243
1244 memset(&hci_cp, 0, sizeof(hci_cp));
1245
1246 if (val) {
1247 hci_cp.le = val;
1248 hci_cp.simul = !!(hdev->features[6] & LMP_SIMUL_LE_BR);
1249 }
1250
04124681
GP		 1251 err = hci_send_cmd(hdev, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(hci_cp),
1252 &hci_cp);
06199cf8
JH		 1253 if (err < 0) {
1254 mgmt_pending_remove(cmd);
1de028ce 1255 goto unlock;
06199cf8
JH		 1256 }
1257
1de028ce
JH		 1258unlock:
1259 hci_dev_unlock(hdev);
06199cf8
JH		 1260 return err;
1261}
1262
bdb6d971 1263static int add_uuid(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
2aeb9a1a 1264{
650f726d 1265 struct mgmt_cp_add_uuid *cp = data;
90e70454 1266 struct pending_cmd *cmd;
2aeb9a1a 1267 struct bt_uuid *uuid;
2aeb9a1a
JH		 1268 int err;
1269
bdb6d971 1270 BT_DBG("request for %s", hdev->name);
2aeb9a1a 1271
09fd0de5 1272 hci_dev_lock(hdev);
2aeb9a1a 1273
c95f0ba7 1274 if (test_bit(HCI_PENDING_CLASS, &hdev->dev_flags)) {
bdb6d971 1275 err = cmd_status(sk, hdev->id, MGMT_OP_ADD_UUID,
04124681 1276 MGMT_STATUS_BUSY);
c95f0ba7
JH		 1277 goto failed;
1278 }
1279
2aeb9a1a
JH		 1280 uuid = kmalloc(sizeof(*uuid), GFP_ATOMIC);
1281 if (!uuid) {
1282 err = -ENOMEM;
1283 goto failed;
1284 }
1285
1286 memcpy(uuid->uuid, cp->uuid, 16);
1aff6f09 1287 uuid->svc_hint = cp->svc_hint;
2aeb9a1a
JH		 1288
1289 list_add(&uuid->list, &hdev->uuids);
1290
1aff6f09
JH		 1291 err = update_class(hdev);
1292 if (err < 0)
1293 goto failed;
1294
80a1e1db
JH		 1295 err = update_eir(hdev);
1296 if (err < 0)
1297 goto failed;
1298
90e70454 1299 if (!test_bit(HCI_PENDING_CLASS, &hdev->dev_flags)) {
bdb6d971 1300 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_UUID, 0,
04124681 1301 hdev->dev_class, 3);
90e70454
JH		 1302 goto failed;
1303 }
1304
1305 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_UUID, hdev, data, len);
1306 if (!cmd) {
1307 err = -ENOMEM;
1308 goto failed;
1309 }
2aeb9a1a
JH		 1310
1311failed:
09fd0de5 1312 hci_dev_unlock(hdev);
2aeb9a1a
JH		 1313 return err;
1314}
1315
24b78d0f
JH		 1316static bool enable_service_cache(struct hci_dev *hdev)
1317{
1318 if (!hdev_is_powered(hdev))
1319 return false;
1320
1321 if (!test_and_set_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
17b02e62 1322 schedule_delayed_work(&hdev->service_cache, CACHE_TIMEOUT);
24b78d0f
JH		 1323 return true;
1324 }
1325
1326 return false;
1327}
1328
bdb6d971
JH		 1329static int remove_uuid(struct sock *sk, struct hci_dev *hdev, void *data,
1330 u16 len)
2aeb9a1a 1331{
650f726d 1332 struct mgmt_cp_remove_uuid *cp = data;
90e70454 1333 struct pending_cmd *cmd;
2aeb9a1a 1334 struct list_head *p, *n;
2aeb9a1a 1335 u8 bt_uuid_any[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
2aeb9a1a
JH		 1336 int err, found;
1337
bdb6d971 1338 BT_DBG("request for %s", hdev->name);
2aeb9a1a 1339
09fd0de5 1340 hci_dev_lock(hdev);
2aeb9a1a 1341
c95f0ba7 1342 if (test_bit(HCI_PENDING_CLASS, &hdev->dev_flags)) {
bdb6d971 1343 err = cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
04124681 1344 MGMT_STATUS_BUSY);
c95f0ba7
JH		 1345 goto unlock;
1346 }
1347
2aeb9a1a
JH		 1348 if (memcmp(cp->uuid, bt_uuid_any, 16) == 0) {
1349 err = hci_uuids_clear(hdev);
4004b6d9 1350
24b78d0f 1351 if (enable_service_cache(hdev)) {
bdb6d971 1352 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID,
04124681 1353 0, hdev->dev_class, 3);
24b78d0f
JH		 1354 goto unlock;
1355 }
4004b6d9 1356
9246a869 1357 goto update_class;
2aeb9a1a
JH		 1358 }
1359
1360 found = 0;
1361
1362 list_for_each_safe(p, n, &hdev->uuids) {
1363 struct bt_uuid *match = list_entry(p, struct bt_uuid, list);
1364
1365 if (memcmp(match->uuid, cp->uuid, 16) != 0)
1366 continue;
1367
1368 list_del(&match->list);
1369 found++;
1370 }
1371
1372 if (found == 0) {
bdb6d971 1373 err = cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
04124681 1374 MGMT_STATUS_INVALID_PARAMS);
2aeb9a1a
JH		 1375 goto unlock;
1376 }
1377
9246a869 1378update_class:
1aff6f09
JH		 1379 err = update_class(hdev);
1380 if (err < 0)
1381 goto unlock;
1382
80a1e1db
JH		 1383 err = update_eir(hdev);
1384 if (err < 0)
1385 goto unlock;
1386
90e70454 1387 if (!test_bit(HCI_PENDING_CLASS, &hdev->dev_flags)) {
bdb6d971 1388 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID, 0,
04124681 1389 hdev->dev_class, 3);
90e70454
JH		 1390 goto unlock;
1391 }
1392
1393 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_UUID, hdev, data, len);
1394 if (!cmd) {
1395 err = -ENOMEM;
1396 goto unlock;
1397 }
2aeb9a1a
JH		 1398
1399unlock:
09fd0de5 1400 hci_dev_unlock(hdev);
2aeb9a1a
JH		 1401 return err;
1402}
1403
bdb6d971 1404static int set_dev_class(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1405 u16 len)
1aff6f09 1406{
650f726d 1407 struct mgmt_cp_set_dev_class *cp = data;
90e70454 1408 struct pending_cmd *cmd;
1aff6f09
JH		 1409 int err;
1410
bdb6d971 1411 BT_DBG("request for %s", hdev->name);
1aff6f09 1412
09fd0de5 1413 hci_dev_lock(hdev);
1aff6f09 1414
c95f0ba7 1415 if (test_bit(HCI_PENDING_CLASS, &hdev->dev_flags)) {
bdb6d971 1416 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
04124681 1417 MGMT_STATUS_BUSY);
c95f0ba7
JH		 1418 goto unlock;
1419 }
1420
932f5ff5
JH		 1421 hdev->major_class = cp->major;
1422 hdev->minor_class = cp->minor;
1423
b5235a65 1424 if (!hdev_is_powered(hdev)) {
bdb6d971 1425 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
04124681 1426 hdev->dev_class, 3);
b5235a65
JH		 1427 goto unlock;
1428 }
1429
a8b2d5c2 1430 if (test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
7d78525d
JH		 1431 hci_dev_unlock(hdev);
1432 cancel_delayed_work_sync(&hdev->service_cache);
1433 hci_dev_lock(hdev);
14c0b608 1434 update_eir(hdev);
7d78525d 1435 }
14c0b608 1436
1aff6f09 1437 err = update_class(hdev);
90e70454
JH		 1438 if (err < 0)
1439 goto unlock;
1aff6f09 1440
90e70454 1441 if (!test_bit(HCI_PENDING_CLASS, &hdev->dev_flags)) {
bdb6d971 1442 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
04124681 1443 hdev->dev_class, 3);
90e70454
JH		 1444 goto unlock;
1445 }
1446
1447 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DEV_CLASS, hdev, data, len);
1448 if (!cmd) {
1449 err = -ENOMEM;
1450 goto unlock;
1451 }
1aff6f09 1452
b5235a65 1453unlock:
09fd0de5 1454 hci_dev_unlock(hdev);
1aff6f09
JH		 1455 return err;
1456}
1457
bdb6d971
JH		 1458static int load_link_keys(struct sock *sk, struct hci_dev *hdev, void *data,
1459 u16 len)
55ed8ca1 1460{
650f726d 1461 struct mgmt_cp_load_link_keys *cp = data;
4e51eae9 1462 u16 key_count, expected_len;
a492cd52 1463 int i;
55ed8ca1 1464
55ed8ca1
JH		 1465 key_count = get_unaligned_le16(&cp->key_count);
1466
86742e1e
JH		 1467 expected_len = sizeof(*cp) + key_count *
1468 sizeof(struct mgmt_link_key_info);
a492cd52 1469 if (expected_len != len) {
86742e1e 1470 BT_ERR("load_link_keys: expected %u bytes, got %u bytes",
a492cd52 1471 len, expected_len);
bdb6d971 1472 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
04124681 1473 MGMT_STATUS_INVALID_PARAMS);
55ed8ca1
JH		 1474 }
1475
bdb6d971 1476 BT_DBG("%s debug_keys %u key_count %u", hdev->name, cp->debug_keys,
55ed8ca1
JH		 1477 key_count);
1478
09fd0de5 1479 hci_dev_lock(hdev);
55ed8ca1
JH		 1480
1481 hci_link_keys_clear(hdev);
1482
a8b2d5c2 1483 set_bit(HCI_LINK_KEYS, &hdev->dev_flags);
55ed8ca1
JH		 1484
1485 if (cp->debug_keys)
a8b2d5c2 1486 set_bit(HCI_DEBUG_KEYS, &hdev->dev_flags);
55ed8ca1 1487 else
a8b2d5c2 1488 clear_bit(HCI_DEBUG_KEYS, &hdev->dev_flags);
55ed8ca1 1489
a492cd52 1490 for (i = 0; i < key_count; i++) {
86742e1e 1491 struct mgmt_link_key_info *key = &cp->keys[i];
55ed8ca1 1492
d753fdc4 1493 hci_add_link_key(hdev, NULL, 0, &key->addr.bdaddr, key->val,
04124681 1494 key->type, key->pin_len);
55ed8ca1
JH		 1495 }
1496
bdb6d971 1497 cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS, 0, NULL, 0);
0e5f875a 1498
09fd0de5 1499 hci_dev_unlock(hdev);
55ed8ca1 1500
a492cd52 1501 return 0;
55ed8ca1
JH		 1502}
1503
b1078ad0 1504static int device_unpaired(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 1505 u8 addr_type, struct sock *skip_sk)
b1078ad0
JH		 1506{
1507 struct mgmt_ev_device_unpaired ev;
1508
1509 bacpy(&ev.addr.bdaddr, bdaddr);
1510 ev.addr.type = addr_type;
1511
1512 return mgmt_event(MGMT_EV_DEVICE_UNPAIRED, hdev, &ev, sizeof(ev),
04124681 1513 skip_sk);
b1078ad0
JH		 1514}
1515
bdb6d971 1516static int unpair_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1517 u16 len)
55ed8ca1 1518{
124f6e35
JH		 1519 struct mgmt_cp_unpair_device *cp = data;
1520 struct mgmt_rp_unpair_device rp;
a8a1d19e
JH		 1521 struct hci_cp_disconnect dc;
1522 struct pending_cmd *cmd;
55ed8ca1 1523 struct hci_conn *conn;
55ed8ca1
JH		 1524 int err;
1525
09fd0de5 1526 hci_dev_lock(hdev);
55ed8ca1 1527
a8a1d19e 1528 memset(&rp, 0, sizeof(rp));
124f6e35
JH		 1529 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
1530 rp.addr.type = cp->addr.type;
a8a1d19e 1531
86a8cfc6 1532 if (!hdev_is_powered(hdev)) {
bdb6d971 1533 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
04124681 1534 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
86a8cfc6
JH		 1535 goto unlock;
1536 }
1537
124f6e35
JH		 1538 if (cp->addr.type == MGMT_ADDR_BREDR)
1539 err = hci_remove_link_key(hdev, &cp->addr.bdaddr);
1540 else
1541 err = hci_remove_ltk(hdev, &cp->addr.bdaddr);
b0dbfb46 1542
55ed8ca1 1543 if (err < 0) {
bdb6d971 1544 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
04124681 1545 MGMT_STATUS_NOT_PAIRED, &rp, sizeof(rp));
55ed8ca1
JH		 1546 goto unlock;
1547 }
1548
86a8cfc6
JH		 1549 if (cp->disconnect) {
1550 if (cp->addr.type == MGMT_ADDR_BREDR)
1551 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
124f6e35 1552 &cp->addr.bdaddr);
86a8cfc6
JH		 1553 else
1554 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK,
124f6e35 1555 &cp->addr.bdaddr);
86a8cfc6
JH		 1556 } else {
1557 conn = NULL;
1558 }
124f6e35 1559
a8a1d19e 1560 if (!conn) {
bdb6d971 1561 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE, 0,
04124681 1562 &rp, sizeof(rp));
b1078ad0 1563 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, sk);
a8a1d19e
JH		 1564 goto unlock;
1565 }
55ed8ca1 1566
124f6e35 1567 cmd = mgmt_pending_add(sk, MGMT_OP_UNPAIR_DEVICE, hdev, cp,
04124681 1568 sizeof(*cp));
a8a1d19e
JH		 1569 if (!cmd) {
1570 err = -ENOMEM;
1571 goto unlock;
55ed8ca1
JH		 1572 }
1573
a8a1d19e
JH		 1574 put_unaligned_le16(conn->handle, &dc.handle);
1575 dc.reason = 0x13; /* Remote User Terminated Connection */
1576 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
1577 if (err < 0)
1578 mgmt_pending_remove(cmd);
1579
55ed8ca1 1580unlock:
09fd0de5 1581 hci_dev_unlock(hdev);
55ed8ca1
JH		 1582 return err;
1583}
1584
bdb6d971 1585static int disconnect(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1586 u16 len)
8962ee74 1587{
650f726d 1588 struct mgmt_cp_disconnect *cp = data;
8962ee74 1589 struct hci_cp_disconnect dc;
366a0336 1590 struct pending_cmd *cmd;
8962ee74 1591 struct hci_conn *conn;
8962ee74
JH		 1592 int err;
1593
1594 BT_DBG("");
1595
09fd0de5 1596 hci_dev_lock(hdev);
8962ee74
JH		 1597
1598 if (!test_bit(HCI_UP, &hdev->flags)) {
bdb6d971 1599 err = cmd_status(sk, hdev->id, MGMT_OP_DISCONNECT,
04124681 1600 MGMT_STATUS_NOT_POWERED);
8962ee74
JH		 1601 goto failed;
1602 }
1603
2e58ef3e 1604 if (mgmt_pending_find(MGMT_OP_DISCONNECT, hdev)) {
bdb6d971 1605 err = cmd_status(sk, hdev->id, MGMT_OP_DISCONNECT,
04124681 1606 MGMT_STATUS_BUSY);
8962ee74
JH		 1607 goto failed;
1608 }
1609
88c3df13
JH		 1610 if (cp->addr.type == MGMT_ADDR_BREDR)
1611 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->addr.bdaddr);
1612 else
1613 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
365227e5 1614
8962ee74 1615 if (!conn) {
bdb6d971 1616 err = cmd_status(sk, hdev->id, MGMT_OP_DISCONNECT,
04124681 1617 MGMT_STATUS_NOT_CONNECTED);
8962ee74
JH		 1618 goto failed;
1619 }
1620
2e58ef3e 1621 cmd = mgmt_pending_add(sk, MGMT_OP_DISCONNECT, hdev, data, len);
366a0336
JH		 1622 if (!cmd) {
1623 err = -ENOMEM;
8962ee74 1624 goto failed;
366a0336 1625 }
8962ee74
JH		 1626
1627 put_unaligned_le16(conn->handle, &dc.handle);
1628 dc.reason = 0x13; /* Remote User Terminated Connection */
1629
1630 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
1631 if (err < 0)
a664b5bc 1632 mgmt_pending_remove(cmd);
8962ee74
JH		 1633
1634failed:
09fd0de5 1635 hci_dev_unlock(hdev);
8962ee74
JH		 1636 return err;
1637}
1638
48264f06 1639static u8 link_to_mgmt(u8 link_type, u8 addr_type)
4c659c39
JH		 1640{
1641 switch (link_type) {
1642 case LE_LINK:
48264f06
JH		 1643 switch (addr_type) {
1644 case ADDR_LE_DEV_PUBLIC:
1645 return MGMT_ADDR_LE_PUBLIC;
1646 case ADDR_LE_DEV_RANDOM:
1647 return MGMT_ADDR_LE_RANDOM;
1648 default:
1649 return MGMT_ADDR_INVALID;
1650 }
4c659c39
JH		 1651 case ACL_LINK:
1652 return MGMT_ADDR_BREDR;
1653 default:
1654 return MGMT_ADDR_INVALID;
1655 }
1656}
1657
04124681
GP		 1658static int get_connections(struct sock *sk, struct hci_dev *hdev, void *data,
1659 u16 data_len)
2784eb41 1660{
2784eb41 1661 struct mgmt_rp_get_connections *rp;
8035ded4 1662 struct hci_conn *c;
a38528f1 1663 size_t rp_len;
60fc5fb6
JH		 1664 int err;
1665 u16 i;
2784eb41
JH		 1666
1667 BT_DBG("");
1668
09fd0de5 1669 hci_dev_lock(hdev);
2784eb41 1670
5f97c1df 1671 if (!hdev_is_powered(hdev)) {
bdb6d971 1672 err = cmd_status(sk, hdev->id, MGMT_OP_GET_CONNECTIONS,
04124681 1673 MGMT_STATUS_NOT_POWERED);
5f97c1df
JH		 1674 goto unlock;
1675 }
1676
60fc5fb6 1677 i = 0;
b644ba33
JH		 1678 list_for_each_entry(c, &hdev->conn_hash.list, list) {
1679 if (test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
60fc5fb6 1680 i++;
2784eb41
JH		 1681 }
1682
60fc5fb6 1683 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
a38528f1
JH		 1684 rp = kmalloc(rp_len, GFP_ATOMIC);
1685 if (!rp) {
2784eb41
JH		 1686 err = -ENOMEM;
1687 goto unlock;
1688 }
1689
2784eb41 1690 i = 0;
4c659c39 1691 list_for_each_entry(c, &hdev->conn_hash.list, list) {
b644ba33
JH		 1692 if (!test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
1693 continue;
4c659c39 1694 bacpy(&rp->addr[i].bdaddr, &c->dst);
48264f06 1695 rp->addr[i].type = link_to_mgmt(c->type, c->dst_type);
4c659c39
JH		 1696 if (rp->addr[i].type == MGMT_ADDR_INVALID)
1697 continue;
1698 i++;
1699 }
1700
60fc5fb6
JH		 1701 put_unaligned_le16(i, &rp->conn_count);
1702
4c659c39
JH		 1703 /* Recalculate length in case of filtered SCO connections, etc */
1704 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
2784eb41 1705
bdb6d971 1706 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CONNECTIONS, 0, rp,
04124681 1707 rp_len);
2784eb41 1708
a38528f1 1709 kfree(rp);
5f97c1df
JH		 1710
1711unlock:
09fd0de5 1712 hci_dev_unlock(hdev);
2784eb41
JH		 1713 return err;
1714}
1715
bdb6d971 1716static int send_pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 1717 struct mgmt_cp_pin_code_neg_reply *cp)
96d97a67
WR		 1718{
1719 struct pending_cmd *cmd;
1720 int err;
1721
2e58ef3e 1722 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_NEG_REPLY, hdev, cp,
04124681 1723 sizeof(*cp));
96d97a67
WR		 1724 if (!cmd)
1725 return -ENOMEM;
1726
d8457698 1727 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
04124681 1728 sizeof(cp->addr.bdaddr), &cp->addr.bdaddr);
96d97a67
WR		 1729 if (err < 0)
1730 mgmt_pending_remove(cmd);
1731
1732 return err;
1733}
1734
bdb6d971 1735static int pin_code_reply(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1736 u16 len)
980e1a53 1737{
96d97a67 1738 struct hci_conn *conn;
650f726d 1739 struct mgmt_cp_pin_code_reply *cp = data;
980e1a53 1740 struct hci_cp_pin_code_reply reply;
366a0336 1741 struct pending_cmd *cmd;
980e1a53
JH		 1742 int err;
1743
1744 BT_DBG("");
1745
09fd0de5 1746 hci_dev_lock(hdev);
980e1a53 1747
4b34ee78 1748 if (!hdev_is_powered(hdev)) {
bdb6d971 1749 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
04124681 1750 MGMT_STATUS_NOT_POWERED);
980e1a53
JH		 1751 goto failed;
1752 }
1753
d8457698 1754 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->addr.bdaddr);
96d97a67 1755 if (!conn) {
bdb6d971 1756 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
04124681 1757 MGMT_STATUS_NOT_CONNECTED);
96d97a67
WR		 1758 goto failed;
1759 }
1760
1761 if (conn->pending_sec_level == BT_SECURITY_HIGH && cp->pin_len != 16) {
d8457698
JH		 1762 struct mgmt_cp_pin_code_neg_reply ncp;
1763
1764 memcpy(&ncp.addr, &cp->addr, sizeof(ncp.addr));
96d97a67
WR		 1765
1766 BT_ERR("PIN code is not 16 bytes long");
1767
bdb6d971 1768 err = send_pin_code_neg_reply(sk, hdev, &ncp);
96d97a67 1769 if (err >= 0)
bdb6d971 1770 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
04124681 1771 MGMT_STATUS_INVALID_PARAMS);
96d97a67
WR		 1772
1773 goto failed;
1774 }
1775
00abfe44 1776 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_REPLY, hdev, data, len);
366a0336
JH		 1777 if (!cmd) {
1778 err = -ENOMEM;
980e1a53 1779 goto failed;
366a0336 1780 }
980e1a53 1781
d8457698 1782 bacpy(&reply.bdaddr, &cp->addr.bdaddr);
980e1a53 1783 reply.pin_len = cp->pin_len;
24718ca5 1784 memcpy(reply.pin_code, cp->pin_code, sizeof(reply.pin_code));
980e1a53
JH		 1785
1786 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_REPLY, sizeof(reply), &reply);
1787 if (err < 0)
a664b5bc 1788 mgmt_pending_remove(cmd);
980e1a53
JH		 1789
1790failed:
09fd0de5 1791 hci_dev_unlock(hdev);
980e1a53
JH		 1792 return err;
1793}
1794
bdb6d971 1795static int pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 1796 void *data, u16 len)
980e1a53 1797{
650f726d 1798 struct mgmt_cp_pin_code_neg_reply *cp = data;
980e1a53
JH		 1799 int err;
1800
1801 BT_DBG("");
1802
09fd0de5 1803 hci_dev_lock(hdev);
980e1a53 1804
4b34ee78 1805 if (!hdev_is_powered(hdev)) {
bdb6d971 1806 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_NEG_REPLY,
04124681 1807 MGMT_STATUS_NOT_POWERED);
980e1a53
JH		 1808 goto failed;
1809 }
1810
bdb6d971 1811 err = send_pin_code_neg_reply(sk, hdev, cp);
980e1a53
JH		 1812
1813failed:
09fd0de5 1814 hci_dev_unlock(hdev);
980e1a53
JH		 1815 return err;
1816}
1817
04124681
GP		 1818static int set_io_capability(struct sock *sk, struct hci_dev *hdev, void *data,
1819 u16 len)
17fa4b9d 1820{
650f726d 1821 struct mgmt_cp_set_io_capability *cp = data;
17fa4b9d
JH		 1822
1823 BT_DBG("");
1824
09fd0de5 1825 hci_dev_lock(hdev);
17fa4b9d
JH		 1826
1827 hdev->io_capability = cp->io_capability;
1828
1829 BT_DBG("%s IO capability set to 0x%02x", hdev->name,
b8534e0f 1830 hdev->io_capability);
17fa4b9d 1831
09fd0de5 1832 hci_dev_unlock(hdev);
17fa4b9d 1833
04124681
GP		 1834 return cmd_complete(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY, 0, NULL,
1835 0);
17fa4b9d
JH		 1836}
1837
e9a416b5
JH		 1838static inline struct pending_cmd *find_pairing(struct hci_conn *conn)
1839{
1840 struct hci_dev *hdev = conn->hdev;
8035ded4 1841 struct pending_cmd *cmd;
e9a416b5 1842
2e58ef3e 1843 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
e9a416b5
JH		 1844 if (cmd->opcode != MGMT_OP_PAIR_DEVICE)
1845 continue;
1846
e9a416b5
JH		 1847 if (cmd->user_data != conn)
1848 continue;
1849
1850 return cmd;
1851 }
1852
1853 return NULL;
1854}
1855
1856static void pairing_complete(struct pending_cmd *cmd, u8 status)
1857{
1858 struct mgmt_rp_pair_device rp;
1859 struct hci_conn *conn = cmd->user_data;
1860
ba4e564f
JH		 1861 bacpy(&rp.addr.bdaddr, &conn->dst);
1862 rp.addr.type = link_to_mgmt(conn->type, conn->dst_type);
e9a416b5 1863
aee9b218 1864 cmd_complete(cmd->sk, cmd->index, MGMT_OP_PAIR_DEVICE, status,
04124681 1865 &rp, sizeof(rp));
e9a416b5
JH		 1866
1867 /* So we don't get further callbacks for this connection */
1868 conn->connect_cfm_cb = NULL;
1869 conn->security_cfm_cb = NULL;
1870 conn->disconn_cfm_cb = NULL;
1871
1872 hci_conn_put(conn);
1873
a664b5bc 1874 mgmt_pending_remove(cmd);
e9a416b5
JH		 1875}
1876
1877static void pairing_complete_cb(struct hci_conn *conn, u8 status)
1878{
1879 struct pending_cmd *cmd;
1880
1881 BT_DBG("status %u", status);
1882
1883 cmd = find_pairing(conn);
56e5cb86 1884 if (!cmd)
e9a416b5 1885 BT_DBG("Unable to find a pending command");
56e5cb86 1886 else
e211326c 1887 pairing_complete(cmd, mgmt_status(status));
e9a416b5
JH		 1888}
1889
bdb6d971 1890static int pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1891 u16 len)
e9a416b5 1892{
650f726d 1893 struct mgmt_cp_pair_device *cp = data;
1425acb7 1894 struct mgmt_rp_pair_device rp;
e9a416b5
JH		 1895 struct pending_cmd *cmd;
1896 u8 sec_level, auth_type;
1897 struct hci_conn *conn;
e9a416b5
JH		 1898 int err;
1899
1900 BT_DBG("");
1901
09fd0de5 1902 hci_dev_lock(hdev);
e9a416b5 1903
5f97c1df 1904 if (!hdev_is_powered(hdev)) {
bdb6d971 1905 err = cmd_status(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
04124681 1906 MGMT_STATUS_NOT_POWERED);
5f97c1df
JH		 1907 goto unlock;
1908 }
1909
c908df36
VCG		 1910 sec_level = BT_SECURITY_MEDIUM;
1911 if (cp->io_cap == 0x03)
e9a416b5 1912 auth_type = HCI_AT_DEDICATED_BONDING;
c908df36 1913 else
e9a416b5 1914 auth_type = HCI_AT_DEDICATED_BONDING_MITM;
e9a416b5 1915
ba4e564f
JH		 1916 if (cp->addr.type == MGMT_ADDR_BREDR)
1917 conn = hci_connect(hdev, ACL_LINK, &cp->addr.bdaddr, sec_level,
04124681 1918 auth_type);
7a512d01 1919 else
ba4e564f 1920 conn = hci_connect(hdev, LE_LINK, &cp->addr.bdaddr, sec_level,
04124681 1921 auth_type);
7a512d01 1922
1425acb7
JH		 1923 memset(&rp, 0, sizeof(rp));
1924 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
1925 rp.addr.type = cp->addr.type;
1926
30e76272 1927 if (IS_ERR(conn)) {
bdb6d971 1928 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
04124681
GP		 1929 MGMT_STATUS_CONNECT_FAILED, &rp,
1930 sizeof(rp));
e9a416b5
JH		 1931 goto unlock;
1932 }
1933
1934 if (conn->connect_cfm_cb) {
1935 hci_conn_put(conn);
bdb6d971 1936 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
04124681 1937 MGMT_STATUS_BUSY, &rp, sizeof(rp));
e9a416b5
JH		 1938 goto unlock;
1939 }
1940
2e58ef3e 1941 cmd = mgmt_pending_add(sk, MGMT_OP_PAIR_DEVICE, hdev, data, len);
e9a416b5
JH		 1942 if (!cmd) {
1943 err = -ENOMEM;
1944 hci_conn_put(conn);
1945 goto unlock;
1946 }
1947
7a512d01 1948 /* For LE, just connecting isn't a proof that the pairing finished */
ba4e564f 1949 if (cp->addr.type == MGMT_ADDR_BREDR)
7a512d01
VCG		 1950 conn->connect_cfm_cb = pairing_complete_cb;
1951
e9a416b5
JH		 1952 conn->security_cfm_cb = pairing_complete_cb;
1953 conn->disconn_cfm_cb = pairing_complete_cb;
1954 conn->io_capability = cp->io_cap;
1955 cmd->user_data = conn;
1956
1957 if (conn->state == BT_CONNECTED &&
1958 hci_conn_security(conn, sec_level, auth_type))
1959 pairing_complete(cmd, 0);
1960
1961 err = 0;
1962
1963unlock:
09fd0de5 1964 hci_dev_unlock(hdev);
e9a416b5
JH		 1965 return err;
1966}
1967
04124681
GP		 1968static int cancel_pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
1969 u16 len)
28424707 1970{
0f4e68cf 1971 struct mgmt_addr_info *addr = data;
28424707
JH		 1972 struct pending_cmd *cmd;
1973 struct hci_conn *conn;
1974 int err;
1975
1976 BT_DBG("");
1977
28424707
JH		 1978 hci_dev_lock(hdev);
1979
5f97c1df 1980 if (!hdev_is_powered(hdev)) {
bdb6d971 1981 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
04124681 1982 MGMT_STATUS_NOT_POWERED);
5f97c1df
JH		 1983 goto unlock;
1984 }
1985
28424707
JH		 1986 cmd = mgmt_pending_find(MGMT_OP_PAIR_DEVICE, hdev);
1987 if (!cmd) {
bdb6d971 1988 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
04124681 1989 MGMT_STATUS_INVALID_PARAMS);
28424707
JH		 1990 goto unlock;
1991 }
1992
1993 conn = cmd->user_data;
1994
1995 if (bacmp(&addr->bdaddr, &conn->dst) != 0) {
bdb6d971 1996 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
04124681 1997 MGMT_STATUS_INVALID_PARAMS);
28424707
JH		 1998 goto unlock;
1999 }
2000
2001 pairing_complete(cmd, MGMT_STATUS_CANCELLED);
2002
bdb6d971 2003 err = cmd_complete(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE, 0,
04124681 2004 addr, sizeof(*addr));
28424707
JH		 2005unlock:
2006 hci_dev_unlock(hdev);
28424707
JH		 2007 return err;
2008}
2009
bdb6d971 2010static int user_pairing_resp(struct sock *sk, struct hci_dev *hdev,
04124681
GP		 2011 bdaddr_t *bdaddr, u8 type, u16 mgmt_op,
2012 u16 hci_op, __le32 passkey)
a5c29683 2013{
a5c29683 2014 struct pending_cmd *cmd;
0df4c185 2015 struct hci_conn *conn;
a5c29683
JH		 2016 int err;
2017
09fd0de5 2018 hci_dev_lock(hdev);
08ba5382 2019
4b34ee78 2020 if (!hdev_is_powered(hdev)) {
bdb6d971 2021 err = cmd_status(sk, hdev->id, mgmt_op,
04124681 2022 MGMT_STATUS_NOT_POWERED);
0df4c185 2023 goto done;
a5c29683
JH		 2024 }
2025
272d90df
JH		 2026 if (type == MGMT_ADDR_BREDR)
2027 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, bdaddr);
2028 else
47c15e2b 2029 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, bdaddr);
272d90df
JH		 2030
2031 if (!conn) {
bdb6d971 2032 err = cmd_status(sk, hdev->id, mgmt_op,
04124681 2033 MGMT_STATUS_NOT_CONNECTED);
272d90df
JH		 2034 goto done;
2035 }
47c15e2b 2036
272d90df 2037 if (type == MGMT_ADDR_LE_PUBLIC || type == MGMT_ADDR_LE_RANDOM) {
47c15e2b 2038 /* Continue with pairing via SMP */
5fe57d9e
BG		 2039 err = smp_user_confirm_reply(conn, mgmt_op, passkey);
2040
2041 if (!err)
bdb6d971 2042 err = cmd_status(sk, hdev->id, mgmt_op,
04124681 2043 MGMT_STATUS_SUCCESS);
5fe57d9e 2044 else
bdb6d971 2045 err = cmd_status(sk, hdev->id, mgmt_op,
04124681 2046 MGMT_STATUS_FAILED);
47c15e2b 2047
47c15e2b
BG		 2048 goto done;
2049 }
2050
0df4c185 2051 cmd = mgmt_pending_add(sk, mgmt_op, hdev, bdaddr, sizeof(*bdaddr));
a5c29683
JH		 2052 if (!cmd) {
2053 err = -ENOMEM;
0df4c185 2054 goto done;
a5c29683
JH		 2055 }
2056
0df4c185 2057 /* Continue with pairing via HCI */
604086b7
BG		 2058 if (hci_op == HCI_OP_USER_PASSKEY_REPLY) {
2059 struct hci_cp_user_passkey_reply cp;
2060
2061 bacpy(&cp.bdaddr, bdaddr);
2062 cp.passkey = passkey;
2063 err = hci_send_cmd(hdev, hci_op, sizeof(cp), &cp);
2064 } else
2065 err = hci_send_cmd(hdev, hci_op, sizeof(*bdaddr), bdaddr);
2066
a664b5bc
JH		 2067 if (err < 0)
2068 mgmt_pending_remove(cmd);
a5c29683 2069
0df4c185 2070done:
09fd0de5 2071 hci_dev_unlock(hdev);
a5c29683
JH		 2072 return err;
2073}
2074
04124681
GP		 2075static int user_confirm_reply(struct sock *sk, struct hci_dev *hdev, void *data,
2076 u16 len)
0df4c185 2077{
650f726d 2078 struct mgmt_cp_user_confirm_reply *cp = data;
0df4c185
BG		 2079
2080 BT_DBG("");
2081
2082 if (len != sizeof(*cp))
bdb6d971 2083 return cmd_status(sk, hdev->id, MGMT_OP_USER_CONFIRM_REPLY,
04124681 2084 MGMT_STATUS_INVALID_PARAMS);
0df4c185 2085
bdb6d971 2086 return user_pairing_resp(sk, hdev, &cp->addr.bdaddr, cp->addr.type,
04124681
GP		 2087 MGMT_OP_USER_CONFIRM_REPLY,
2088 HCI_OP_USER_CONFIRM_REPLY, 0);
0df4c185
BG		 2089}
2090
bdb6d971 2091static int user_confirm_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 2092 void *data, u16 len)
0df4c185 2093{
c9c2659f 2094 struct mgmt_cp_user_confirm_neg_reply *cp = data;
0df4c185
BG		 2095
2096 BT_DBG("");
2097
bdb6d971 2098 return user_pairing_resp(sk, hdev, &cp->addr.bdaddr, cp->addr.type,
04124681
GP		 2099 MGMT_OP_USER_CONFIRM_NEG_REPLY,
2100 HCI_OP_USER_CONFIRM_NEG_REPLY, 0);
0df4c185
BG		 2101}
2102
04124681
GP		 2103static int user_passkey_reply(struct sock *sk, struct hci_dev *hdev, void *data,
2104 u16 len)
604086b7 2105{
650f726d 2106 struct mgmt_cp_user_passkey_reply *cp = data;
604086b7
BG		 2107
2108 BT_DBG("");
2109
bdb6d971 2110 return user_pairing_resp(sk, hdev, &cp->addr.bdaddr, cp->addr.type,
04124681
GP		 2111 MGMT_OP_USER_PASSKEY_REPLY,
2112 HCI_OP_USER_PASSKEY_REPLY, cp->passkey);
604086b7
BG		 2113}
2114
bdb6d971 2115static int user_passkey_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 2116 void *data, u16 len)
604086b7 2117{
650f726d 2118 struct mgmt_cp_user_passkey_neg_reply *cp = data;
604086b7
BG		 2119
2120 BT_DBG("");
2121
bdb6d971 2122 return user_pairing_resp(sk, hdev, &cp->addr.bdaddr, cp->addr.type,
04124681
GP		 2123 MGMT_OP_USER_PASSKEY_NEG_REPLY,
2124 HCI_OP_USER_PASSKEY_NEG_REPLY, 0);
604086b7
BG		 2125}
2126
2b4bf397
JH		 2127static int update_name(struct hci_dev *hdev, const char *name)
2128{
2129 struct hci_cp_write_local_name cp;
2130
2131 memcpy(cp.name, name, sizeof(cp.name));
2132
2133 return hci_send_cmd(hdev, HCI_OP_WRITE_LOCAL_NAME, sizeof(cp), &cp);
2134}
2135
bdb6d971 2136static int set_local_name(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2137 u16 len)
b312b161 2138{
2b4bf397 2139 struct mgmt_cp_set_local_name *cp = data;
b312b161
JH		 2140 struct pending_cmd *cmd;
2141 int err;
2142
2143 BT_DBG("");
2144
09fd0de5 2145 hci_dev_lock(hdev);
b312b161 2146
2b4bf397 2147 memcpy(hdev->short_name, cp->short_name, sizeof(hdev->short_name));
28cc7bde 2148
b5235a65 2149 if (!hdev_is_powered(hdev)) {
2b4bf397 2150 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
28cc7bde
JH		 2151
2152 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
04124681 2153 data, len);
28cc7bde
JH		 2154 if (err < 0)
2155 goto failed;
2156
2157 err = mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, data, len,
04124681 2158 sk);
28cc7bde 2159
b5235a65
JH		 2160 goto failed;
2161 }
2162
28cc7bde 2163 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LOCAL_NAME, hdev, data, len);
b312b161
JH		 2164 if (!cmd) {
2165 err = -ENOMEM;
2166 goto failed;
2167 }
2168
2b4bf397 2169 err = update_name(hdev, cp->name);
b312b161
JH		 2170 if (err < 0)
2171 mgmt_pending_remove(cmd);
2172
2173failed:
09fd0de5 2174 hci_dev_unlock(hdev);
b312b161
JH		 2175 return err;
2176}
2177
0f4e68cf 2178static int read_local_oob_data(struct sock *sk, struct hci_dev *hdev,
04124681 2179 void *data, u16 data_len)
c35938b2 2180{
c35938b2
SJ		 2181 struct pending_cmd *cmd;
2182 int err;
2183
bdb6d971 2184 BT_DBG("%s", hdev->name);
c35938b2 2185
09fd0de5 2186 hci_dev_lock(hdev);
c35938b2 2187
4b34ee78 2188 if (!hdev_is_powered(hdev)) {
bdb6d971 2189 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
04124681 2190 MGMT_STATUS_NOT_POWERED);
c35938b2
SJ		 2191 goto unlock;
2192 }
2193
2194 if (!(hdev->features[6] & LMP_SIMPLE_PAIR)) {
bdb6d971 2195 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
04124681 2196 MGMT_STATUS_NOT_SUPPORTED);
c35938b2
SJ		 2197 goto unlock;
2198 }
2199
2e58ef3e 2200 if (mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev)) {
bdb6d971 2201 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
04124681 2202 MGMT_STATUS_BUSY);
c35938b2
SJ		 2203 goto unlock;
2204 }
2205
2e58ef3e 2206 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_DATA, hdev, NULL, 0);
c35938b2
SJ		 2207 if (!cmd) {
2208 err = -ENOMEM;
2209 goto unlock;
2210 }
2211
2212 err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL);
2213 if (err < 0)
2214 mgmt_pending_remove(cmd);
2215
2216unlock:
09fd0de5 2217 hci_dev_unlock(hdev);
c35938b2
SJ		 2218 return err;
2219}
2220
bdb6d971 2221static int add_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
04124681 2222 void *data, u16 len)
2763eda6 2223{
650f726d 2224 struct mgmt_cp_add_remote_oob_data *cp = data;
bf1e3541 2225 u8 status;
2763eda6
SJ		 2226 int err;
2227
bdb6d971 2228 BT_DBG("%s ", hdev->name);
2763eda6 2229
09fd0de5 2230 hci_dev_lock(hdev);
2763eda6 2231
5f97c1df 2232 if (!hdev_is_powered(hdev)) {
bdb6d971 2233 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA,
04124681
GP		 2234 MGMT_STATUS_NOT_POWERED, &cp->addr,
2235 sizeof(cp->addr));
5f97c1df
JH		 2236 goto unlock;
2237 }
2238
664ce4cc 2239 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr, cp->hash,
04124681 2240 cp->randomizer);
2763eda6 2241 if (err < 0)
bf1e3541 2242 status = MGMT_STATUS_FAILED;
2763eda6 2243 else
bf1e3541
JH		 2244 status = 0;
2245
bdb6d971 2246 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA, status,
04124681 2247 &cp->addr, sizeof(cp->addr));
2763eda6 2248
5f97c1df 2249unlock:
09fd0de5 2250 hci_dev_unlock(hdev);
2763eda6
SJ		 2251 return err;
2252}
2253
bdb6d971 2254static int remove_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
650f726d 2255 void *data, u16 len)
2763eda6 2256{
650f726d 2257 struct mgmt_cp_remove_remote_oob_data *cp = data;
bf1e3541 2258 u8 status;
2763eda6
SJ		 2259 int err;
2260
bdb6d971 2261 BT_DBG("%s", hdev->name);
2763eda6 2262
09fd0de5 2263 hci_dev_lock(hdev);
2763eda6 2264
5f97c1df 2265 if (!hdev_is_powered(hdev)) {
bdb6d971 2266 err = cmd_complete(sk, hdev->id,
04124681
GP		 2267 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
2268 MGMT_STATUS_NOT_POWERED, &cp->addr,
2269 sizeof(cp->addr));
5f97c1df
JH		 2270 goto unlock;
2271 }
2272
664ce4cc 2273 err = hci_remove_remote_oob_data(hdev, &cp->addr.bdaddr);
2763eda6 2274 if (err < 0)
bf1e3541 2275 status = MGMT_STATUS_INVALID_PARAMS;
2763eda6 2276 else
bf1e3541
JH		 2277 status = 0;
2278
bdb6d971 2279 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
04124681 2280 status, &cp->addr, sizeof(cp->addr));
2763eda6 2281
5f97c1df 2282unlock:
09fd0de5 2283 hci_dev_unlock(hdev);
2763eda6
SJ		 2284 return err;
2285}
2286
5e0452c0
AG		 2287int mgmt_interleaved_discovery(struct hci_dev *hdev)
2288{
2289 int err;
2290
2291 BT_DBG("%s", hdev->name);
2292
2293 hci_dev_lock(hdev);
2294
2295 err = hci_do_inquiry(hdev, INQUIRY_LEN_BREDR_LE);
2296 if (err < 0)
2297 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
2298
2299 hci_dev_unlock(hdev);
2300
2301 return err;
2302}
2303
bdb6d971 2304static int start_discovery(struct sock *sk, struct hci_dev *hdev,
04124681 2305 void *data, u16 len)
14a53664 2306{
650f726d 2307 struct mgmt_cp_start_discovery *cp = data;
14a53664 2308 struct pending_cmd *cmd;
14a53664
JH		 2309 int err;
2310
bdb6d971 2311 BT_DBG("%s", hdev->name);
14a53664 2312
09fd0de5 2313 hci_dev_lock(hdev);
14a53664 2314
4b34ee78 2315 if (!hdev_is_powered(hdev)) {
bdb6d971 2316 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
04124681 2317 MGMT_STATUS_NOT_POWERED);
bd2d1334
JH		 2318 goto failed;
2319 }
2320
ff9ef578 2321 if (hdev->discovery.state != DISCOVERY_STOPPED) {
bdb6d971 2322 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
04124681 2323 MGMT_STATUS_BUSY);
ff9ef578
JH		 2324 goto failed;
2325 }
2326
2e58ef3e 2327 cmd = mgmt_pending_add(sk, MGMT_OP_START_DISCOVERY, hdev, NULL, 0);
14a53664
JH		 2328 if (!cmd) {
2329 err = -ENOMEM;
2330 goto failed;
2331 }
2332
4aab14e5
AG		 2333 hdev->discovery.type = cp->type;
2334
2335 switch (hdev->discovery.type) {
f39799f5 2336 case DISCOV_TYPE_BREDR:
8b90129c
AG		 2337 if (lmp_bredr_capable(hdev))
2338 err = hci_do_inquiry(hdev, INQUIRY_LEN_BREDR);
2339 else
2340 err = -ENOTSUPP;
f39799f5
AG		 2341 break;
2342
2343 case DISCOV_TYPE_LE:
8b90129c
AG		 2344 if (lmp_host_le_capable(hdev))
2345 err = hci_le_scan(hdev, LE_SCAN_TYPE, LE_SCAN_INT,
04124681 2346 LE_SCAN_WIN, LE_SCAN_TIMEOUT_LE_ONLY);
8b90129c
AG		 2347 else
2348 err = -ENOTSUPP;
f39799f5
AG		 2349 break;
2350
5e0452c0 2351 case DISCOV_TYPE_INTERLEAVED:
426c189a
AG		 2352 if (lmp_host_le_capable(hdev) && lmp_bredr_capable(hdev))
2353 err = hci_le_scan(hdev, LE_SCAN_TYPE, LE_SCAN_INT,
04124681
GP		 2354 LE_SCAN_WIN,
2355 LE_SCAN_TIMEOUT_BREDR_LE);
426c189a
AG		 2356 else
2357 err = -ENOTSUPP;
5e0452c0
AG		 2358 break;
2359
f39799f5 2360 default:
3fd24153 2361 err = -EINVAL;
f39799f5 2362 }
3fd24153 2363
14a53664
JH		 2364 if (err < 0)
2365 mgmt_pending_remove(cmd);
ff9ef578
JH		 2366 else
2367 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
14a53664
JH		 2368
2369failed:
09fd0de5 2370 hci_dev_unlock(hdev);
14a53664
JH		 2371 return err;
2372}
2373
bdb6d971 2374static int stop_discovery(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2375 u16 len)
14a53664 2376{
d930650b 2377 struct mgmt_cp_stop_discovery *mgmt_cp = data;
14a53664 2378 struct pending_cmd *cmd;
30dc78e1
JH		 2379 struct hci_cp_remote_name_req_cancel cp;
2380 struct inquiry_entry *e;
14a53664
JH		 2381 int err;
2382
bdb6d971 2383 BT_DBG("%s", hdev->name);
14a53664 2384
09fd0de5 2385 hci_dev_lock(hdev);
14a53664 2386
30dc78e1 2387 if (!hci_discovery_active(hdev)) {
bdb6d971 2388 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
04124681
GP		 2389 MGMT_STATUS_REJECTED, &mgmt_cp->type,
2390 sizeof(mgmt_cp->type));
d930650b
JH		 2391 goto unlock;
2392 }
2393
2394 if (hdev->discovery.type != mgmt_cp->type) {
bdb6d971 2395 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
04124681
GP		 2396 MGMT_STATUS_INVALID_PARAMS, &mgmt_cp->type,
2397 sizeof(mgmt_cp->type));
30dc78e1 2398 goto unlock;
ff9ef578
JH		 2399 }
2400
2e58ef3e 2401 cmd = mgmt_pending_add(sk, MGMT_OP_STOP_DISCOVERY, hdev, NULL, 0);
14a53664
JH		 2402 if (!cmd) {
2403 err = -ENOMEM;
30dc78e1
JH		 2404 goto unlock;
2405 }
2406
343f935b 2407 if (hdev->discovery.state == DISCOVERY_FINDING) {
30dc78e1
JH		 2408 err = hci_cancel_inquiry(hdev);
2409 if (err < 0)
2410 mgmt_pending_remove(cmd);
2411 else
2412 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
2413 goto unlock;
2414 }
2415
2416 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY, NAME_PENDING);
2417 if (!e) {
2418 mgmt_pending_remove(cmd);
bdb6d971 2419 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY, 0,
04124681 2420 &mgmt_cp->type, sizeof(mgmt_cp->type));
30dc78e1
JH		 2421 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
2422 goto unlock;
14a53664
JH		 2423 }
2424
30dc78e1 2425 bacpy(&cp.bdaddr, &e->data.bdaddr);
04124681
GP		 2426 err = hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ_CANCEL, sizeof(cp),
2427 &cp);
14a53664
JH		 2428 if (err < 0)
2429 mgmt_pending_remove(cmd);
ff9ef578
JH		 2430 else
2431 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
14a53664 2432
30dc78e1 2433unlock:
09fd0de5 2434 hci_dev_unlock(hdev);
14a53664
JH		 2435 return err;
2436}
2437
bdb6d971 2438static int confirm_name(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2439 u16 len)
561aafbc 2440{
650f726d 2441 struct mgmt_cp_confirm_name *cp = data;
561aafbc 2442 struct inquiry_entry *e;
561aafbc
JH		 2443 int err;
2444
bdb6d971 2445 BT_DBG("%s", hdev->name);
561aafbc 2446
561aafbc
JH		 2447 hci_dev_lock(hdev);
2448
30dc78e1 2449 if (!hci_discovery_active(hdev)) {
bdb6d971 2450 err = cmd_status(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
04124681 2451 MGMT_STATUS_FAILED);
30dc78e1
JH		 2452 goto failed;
2453 }
2454
a198e7b1 2455 e = hci_inquiry_cache_lookup_unknown(hdev, &cp->addr.bdaddr);
561aafbc 2456 if (!e) {
bdb6d971 2457 err = cmd_status(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
04124681 2458 MGMT_STATUS_INVALID_PARAMS);
561aafbc
JH		 2459 goto failed;
2460 }
2461
2462 if (cp->name_known) {
2463 e->name_state = NAME_KNOWN;
2464 list_del(&e->list);
2465 } else {
2466 e->name_state = NAME_NEEDED;
a3d4e20a 2467 hci_inquiry_cache_update_resolve(hdev, e);
561aafbc
JH		 2468 }
2469
2470 err = 0;
2471
2472failed:
2473 hci_dev_unlock(hdev);
561aafbc
JH		 2474 return err;
2475}
2476
bdb6d971 2477static int block_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2478 u16 len)
7fbec224 2479{
650f726d 2480 struct mgmt_cp_block_device *cp = data;
f0eeea8b 2481 u8 status;
7fbec224
AJ		 2482 int err;
2483
bdb6d971 2484 BT_DBG("%s", hdev->name);
7fbec224 2485
09fd0de5 2486 hci_dev_lock(hdev);
5e762444 2487
88c1fe4b 2488 err = hci_blacklist_add(hdev, &cp->addr.bdaddr, cp->addr.type);
7fbec224 2489 if (err < 0)
f0eeea8b 2490 status = MGMT_STATUS_FAILED;
7fbec224 2491 else
f0eeea8b
JH		 2492 status = 0;
2493
bdb6d971 2494 err = cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE, status,
04124681 2495 &cp->addr, sizeof(cp->addr));
5e762444 2496
09fd0de5 2497 hci_dev_unlock(hdev);
7fbec224
AJ		 2498
2499 return err;
2500}
2501
bdb6d971 2502static int unblock_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2503 u16 len)
7fbec224 2504{
650f726d 2505 struct mgmt_cp_unblock_device *cp = data;
f0eeea8b 2506 u8 status;
7fbec224
AJ		 2507 int err;
2508
bdb6d971 2509 BT_DBG("%s", hdev->name);
7fbec224 2510
09fd0de5 2511 hci_dev_lock(hdev);
5e762444 2512
88c1fe4b 2513 err = hci_blacklist_del(hdev, &cp->addr.bdaddr, cp->addr.type);
7fbec224 2514 if (err < 0)
f0eeea8b 2515 status = MGMT_STATUS_INVALID_PARAMS;
7fbec224 2516 else
f0eeea8b
JH		 2517 status = 0;
2518
bdb6d971 2519 err = cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE, status,
04124681 2520 &cp->addr, sizeof(cp->addr));
5e762444 2521
09fd0de5 2522 hci_dev_unlock(hdev);
7fbec224
AJ		 2523
2524 return err;
2525}
2526
cdbaccca
MH		 2527static int set_device_id(struct sock *sk, struct hci_dev *hdev, void *data,
2528 u16 len)
2529{
2530 struct mgmt_cp_set_device_id *cp = data;
2531 int err;
2532
2533 BT_DBG("%s", hdev->name);
2534
2535 hci_dev_lock(hdev);
2536
2537 hdev->devid_source = __le16_to_cpu(cp->source);
2538 hdev->devid_vendor = __le16_to_cpu(cp->vendor);
2539 hdev->devid_product = __le16_to_cpu(cp->product);
2540 hdev->devid_version = __le16_to_cpu(cp->version);
2541
2542 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEVICE_ID, 0, NULL, 0);
2543
2544 update_eir(hdev);
2545
2546 hci_dev_unlock(hdev);
2547
2548 return err;
2549}
2550
bdb6d971 2551static int set_fast_connectable(struct sock *sk, struct hci_dev *hdev,
04124681 2552 void *data, u16 len)
f6422ec6 2553{
650f726d 2554 struct mgmt_mode *cp = data;
f6422ec6
AJ		 2555 struct hci_cp_write_page_scan_activity acp;
2556 u8 type;
2557 int err;
2558
bdb6d971 2559 BT_DBG("%s", hdev->name);
f6422ec6 2560
5400c044 2561 if (!hdev_is_powered(hdev))
bdb6d971 2562 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
04124681 2563 MGMT_STATUS_NOT_POWERED);
5400c044
JH		 2564
2565 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
bdb6d971 2566 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
04124681 2567 MGMT_STATUS_REJECTED);
f6422ec6
AJ		 2568
2569 hci_dev_lock(hdev);
2570
f7c6869c 2571 if (cp->val) {
f6422ec6 2572 type = PAGE_SCAN_TYPE_INTERLACED;
76ec9de8
AE		 2573
2574 /* 22.5 msec page scan interval */
2575 acp.interval = __constant_cpu_to_le16(0x0024);
f6422ec6
AJ		 2576 } else {
2577 type = PAGE_SCAN_TYPE_STANDARD; /* default */
76ec9de8
AE		 2578
2579 /* default 1.28 sec page scan */
2580 acp.interval = __constant_cpu_to_le16(0x0800);
f6422ec6
AJ		 2581 }
2582
76ec9de8
AE		 2583 /* default 11.25 msec page scan window */
2584 acp.window = __constant_cpu_to_le16(0x0012);
f6422ec6 2585
04124681
GP		 2586 err = hci_send_cmd(hdev, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY, sizeof(acp),
2587 &acp);
f6422ec6 2588 if (err < 0) {
bdb6d971 2589 err = cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
04124681 2590 MGMT_STATUS_FAILED);
f6422ec6
AJ		 2591 goto done;
2592 }
2593
2594 err = hci_send_cmd(hdev, HCI_OP_WRITE_PAGE_SCAN_TYPE, 1, &type);
2595 if (err < 0) {
bdb6d971 2596 err = cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
04124681 2597 MGMT_STATUS_FAILED);
f6422ec6
AJ		 2598 goto done;
2599 }
2600
bdb6d971 2601 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE, 0,
04124681 2602 NULL, 0);
f6422ec6
AJ		 2603done:
2604 hci_dev_unlock(hdev);
f6422ec6
AJ		 2605 return err;
2606}
2607
bdb6d971 2608static int load_long_term_keys(struct sock *sk, struct hci_dev *hdev,
04124681 2609 void *cp_data, u16 len)
346af67b 2610{
346af67b
VCG		 2611 struct mgmt_cp_load_long_term_keys *cp = cp_data;
2612 u16 key_count, expected_len;
2613 int i;
2614
346af67b
VCG		 2615 key_count = get_unaligned_le16(&cp->key_count);
2616
2617 expected_len = sizeof(*cp) + key_count *
2618 sizeof(struct mgmt_ltk_info);
2619 if (expected_len != len) {
2620 BT_ERR("load_keys: expected %u bytes, got %u bytes",
2621 len, expected_len);
bdb6d971 2622 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
04124681 2623 EINVAL);
346af67b
VCG		 2624 }
2625
bdb6d971 2626 BT_DBG("%s key_count %u", hdev->name, key_count);
346af67b
VCG		 2627
2628 hci_dev_lock(hdev);
2629
2630 hci_smp_ltks_clear(hdev);
2631
2632 for (i = 0; i < key_count; i++) {
2633 struct mgmt_ltk_info *key = &cp->keys[i];
2634 u8 type;
2635
2636 if (key->master)
2637 type = HCI_SMP_LTK;
2638 else
2639 type = HCI_SMP_LTK_SLAVE;
2640
2641 hci_add_ltk(hdev, &key->addr.bdaddr, key->addr.type,
04124681
GP		 2642 type, 0, key->authenticated, key->val,
2643 key->enc_size, key->ediv, key->rand);
346af67b
VCG		 2644 }
2645
2646 hci_dev_unlock(hdev);
346af67b
VCG		 2647
2648 return 0;
2649}
2650
0f4e68cf 2651struct mgmt_handler {
04124681
GP		 2652 int (*func) (struct sock *sk, struct hci_dev *hdev, void *data,
2653 u16 data_len);
be22b54e
JH		 2654 bool var_len;
2655 size_t data_len;
0f4e68cf
JH		 2656} mgmt_handlers[] = {
2657 { NULL }, /* 0x0000 (no command) */
be22b54e
JH		 2658 { read_version, false, MGMT_READ_VERSION_SIZE },
2659 { read_commands, false, MGMT_READ_COMMANDS_SIZE },
2660 { read_index_list, false, MGMT_READ_INDEX_LIST_SIZE },
2661 { read_controller_info, false, MGMT_READ_INFO_SIZE },
2662 { set_powered, false, MGMT_SETTING_SIZE },
2663 { set_discoverable, false, MGMT_SET_DISCOVERABLE_SIZE },
2664 { set_connectable, false, MGMT_SETTING_SIZE },
2665 { set_fast_connectable, false, MGMT_SETTING_SIZE },
2666 { set_pairable, false, MGMT_SETTING_SIZE },
2667 { set_link_security, false, MGMT_SETTING_SIZE },
2668 { set_ssp, false, MGMT_SETTING_SIZE },
2669 { set_hs, false, MGMT_SETTING_SIZE },
2670 { set_le, false, MGMT_SETTING_SIZE },
2671 { set_dev_class, false, MGMT_SET_DEV_CLASS_SIZE },
2672 { set_local_name, false, MGMT_SET_LOCAL_NAME_SIZE },
2673 { add_uuid, false, MGMT_ADD_UUID_SIZE },
2674 { remove_uuid, false, MGMT_REMOVE_UUID_SIZE },
2675 { load_link_keys, true, MGMT_LOAD_LINK_KEYS_SIZE },
2676 { load_long_term_keys, true, MGMT_LOAD_LONG_TERM_KEYS_SIZE },
2677 { disconnect, false, MGMT_DISCONNECT_SIZE },
2678 { get_connections, false, MGMT_GET_CONNECTIONS_SIZE },
2679 { pin_code_reply, false, MGMT_PIN_CODE_REPLY_SIZE },
2680 { pin_code_neg_reply, false, MGMT_PIN_CODE_NEG_REPLY_SIZE },
2681 { set_io_capability, false, MGMT_SET_IO_CAPABILITY_SIZE },
2682 { pair_device, false, MGMT_PAIR_DEVICE_SIZE },
2683 { cancel_pair_device, false, MGMT_CANCEL_PAIR_DEVICE_SIZE },
2684 { unpair_device, false, MGMT_UNPAIR_DEVICE_SIZE },
2685 { user_confirm_reply, false, MGMT_USER_CONFIRM_REPLY_SIZE },
2686 { user_confirm_neg_reply, false, MGMT_USER_CONFIRM_NEG_REPLY_SIZE },
2687 { user_passkey_reply, false, MGMT_USER_PASSKEY_REPLY_SIZE },
2688 { user_passkey_neg_reply, false, MGMT_USER_PASSKEY_NEG_REPLY_SIZE },
2689 { read_local_oob_data, false, MGMT_READ_LOCAL_OOB_DATA_SIZE },
2690 { add_remote_oob_data, false, MGMT_ADD_REMOTE_OOB_DATA_SIZE },
2691 { remove_remote_oob_data, false, MGMT_REMOVE_REMOTE_OOB_DATA_SIZE },
2692 { start_discovery, false, MGMT_START_DISCOVERY_SIZE },
2693 { stop_discovery, false, MGMT_STOP_DISCOVERY_SIZE },
2694 { confirm_name, false, MGMT_CONFIRM_NAME_SIZE },
2695 { block_device, false, MGMT_BLOCK_DEVICE_SIZE },
2696 { unblock_device, false, MGMT_UNBLOCK_DEVICE_SIZE },
cdbaccca 2697 { set_device_id, false, MGMT_SET_DEVICE_ID_SIZE },
0f4e68cf
JH		 2698};
2699
2700
0381101f
JH		 2701int mgmt_control(struct sock *sk, struct msghdr *msg, size_t msglen)
2702{
650f726d
VCG		 2703 void *buf;
2704 u8 *cp;
0381101f 2705 struct mgmt_hdr *hdr;
4e51eae9 2706 u16 opcode, index, len;
bdb6d971 2707 struct hci_dev *hdev = NULL;
be22b54e 2708 struct mgmt_handler *handler;
0381101f
JH		 2709 int err;
2710
2711 BT_DBG("got %zu bytes", msglen);
2712
2713 if (msglen < sizeof(*hdr))
2714 return -EINVAL;
2715
e63a15ec 2716 buf = kmalloc(msglen, GFP_KERNEL);
0381101f
JH		 2717 if (!buf)
2718 return -ENOMEM;
2719
2720 if (memcpy_fromiovec(buf, msg->msg_iov, msglen)) {
2721 err = -EFAULT;
2722 goto done;
2723 }
2724
650f726d 2725 hdr = buf;
0381101f 2726 opcode = get_unaligned_le16(&hdr->opcode);
4e51eae9 2727 index = get_unaligned_le16(&hdr->index);
0381101f
JH		 2728 len = get_unaligned_le16(&hdr->len);
2729
2730 if (len != msglen - sizeof(*hdr)) {
2731 err = -EINVAL;
2732 goto done;
2733 }
2734
0f4e68cf 2735 if (index != MGMT_INDEX_NONE) {
bdb6d971
JH		 2736 hdev = hci_dev_get(index);
2737 if (!hdev) {
2738 err = cmd_status(sk, index, opcode,
04124681 2739 MGMT_STATUS_INVALID_INDEX);
bdb6d971
JH		 2740 goto done;
2741 }
2742 }
2743
0f4e68cf
JH		 2744 if (opcode >= ARRAY_SIZE(mgmt_handlers) ||
2745 mgmt_handlers[opcode].func == NULL) {
0381101f 2746 BT_DBG("Unknown op %u", opcode);
ca69b795 2747 err = cmd_status(sk, index, opcode,
04124681 2748 MGMT_STATUS_UNKNOWN_COMMAND);
0f4e68cf
JH		 2749 goto done;
2750 }
2751
2752 if ((hdev && opcode < MGMT_OP_READ_INFO) ||
2753 (!hdev && opcode >= MGMT_OP_READ_INFO)) {
2754 err = cmd_status(sk, index, opcode,
04124681 2755 MGMT_STATUS_INVALID_INDEX);
0f4e68cf 2756 goto done;
0381101f
JH		 2757 }
2758
be22b54e
JH		 2759 handler = &mgmt_handlers[opcode];
2760
2761 if ((handler->var_len && len < handler->data_len) ||
2762 (!handler->var_len && len != handler->data_len)) {
2763 err = cmd_status(sk, index, opcode,
04124681 2764 MGMT_STATUS_INVALID_PARAMS);
be22b54e
JH		 2765 goto done;
2766 }
2767
0f4e68cf
JH		 2768 if (hdev)
2769 mgmt_init_hdev(sk, hdev);
2770
2771 cp = buf + sizeof(*hdr);
2772
be22b54e 2773 err = handler->func(sk, hdev, cp, len);
e41d8b4e
JH		 2774 if (err < 0)
2775 goto done;
2776
0381101f
JH		 2777 err = msglen;
2778
2779done:
bdb6d971
JH		 2780 if (hdev)
2781 hci_dev_put(hdev);
2782
0381101f
JH		 2783 kfree(buf);
2784 return err;
2785}
c71e97bf 2786
b24752fe
JH		 2787static void cmd_status_rsp(struct pending_cmd *cmd, void *data)
2788{
2789 u8 *status = data;
2790
2791 cmd_status(cmd->sk, cmd->index, cmd->opcode, *status);
2792 mgmt_pending_remove(cmd);
2793}
2794
744cf19e 2795int mgmt_index_added(struct hci_dev *hdev)
c71e97bf 2796{
744cf19e 2797 return mgmt_event(MGMT_EV_INDEX_ADDED, hdev, NULL, 0, NULL);
c71e97bf
JH		 2798}
2799
744cf19e 2800int mgmt_index_removed(struct hci_dev *hdev)
c71e97bf 2801{
5f159032 2802 u8 status = MGMT_STATUS_INVALID_INDEX;
b24752fe 2803
744cf19e 2804 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status);
b24752fe 2805
744cf19e 2806 return mgmt_event(MGMT_EV_INDEX_REMOVED, hdev, NULL, 0, NULL);
eec8d2bc
JH		 2807}
2808
73f22f62 2809struct cmd_lookup {
eec8d2bc 2810 struct sock *sk;
69ab39ea 2811 struct hci_dev *hdev;
90e70454 2812 u8 mgmt_status;
eec8d2bc
JH		 2813};
2814
69ab39ea 2815static void settings_rsp(struct pending_cmd *cmd, void *data)
eec8d2bc 2816{
73f22f62 2817 struct cmd_lookup *match = data;
eec8d2bc 2818
69ab39ea 2819 send_settings_rsp(cmd->sk, cmd->opcode, match->hdev);
eec8d2bc
JH		 2820
2821 list_del(&cmd->list);
2822
2823 if (match->sk == NULL) {
2824 match->sk = cmd->sk;
2825 sock_hold(match->sk);
2826 }
2827
2828 mgmt_pending_free(cmd);
c71e97bf 2829}
5add6af8 2830
744cf19e 2831int mgmt_powered(struct hci_dev *hdev, u8 powered)
5add6af8 2832{
76a7f3a4 2833 struct cmd_lookup match = { NULL, hdev };
7bb895d6 2834 int err;
5add6af8 2835
5e5282bb
JH		 2836 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
2837 return 0;
2838
69ab39ea 2839 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
5add6af8 2840
5e5282bb
JH		 2841 if (powered) {
2842 u8 scan = 0;
2843
2844 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
2845 scan |= SCAN_PAGE;
2846 if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
2847 scan |= SCAN_INQUIRY;
2848
2849 if (scan)
2850 hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
504c8dcd
JH		 2851
2852 update_class(hdev);
2b4bf397 2853 update_name(hdev, hdev->dev_name);
504c8dcd 2854 update_eir(hdev);
5e5282bb 2855 } else {
d4f68526 2856 u8 status = MGMT_STATUS_NOT_POWERED;
744cf19e 2857 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status);
b24752fe
JH		 2858 }
2859
beadb2bd 2860 err = new_settings(hdev, match.sk);
eec8d2bc
JH		 2861
2862 if (match.sk)
2863 sock_put(match.sk);
2864
7bb895d6 2865 return err;
5add6af8 2866}
73f22f62 2867
744cf19e 2868int mgmt_discoverable(struct hci_dev *hdev, u8 discoverable)
73f22f62 2869{
76a7f3a4 2870 struct cmd_lookup match = { NULL, hdev };
5e5282bb
JH		 2871 bool changed = false;
2872 int err = 0;
73f22f62 2873
5e5282bb
JH		 2874 if (discoverable) {
2875 if (!test_and_set_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
2876 changed = true;
2877 } else {
2878 if (test_and_clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
2879 changed = true;
2880 }
73f22f62 2881
ed9b5f2f 2882 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, hdev, settings_rsp,
04124681 2883 &match);
ed9b5f2f 2884
beadb2bd
JH		 2885 if (changed)
2886 err = new_settings(hdev, match.sk);
5e5282bb 2887
73f22f62
JH		 2888 if (match.sk)
2889 sock_put(match.sk);
2890
7bb895d6 2891 return err;
73f22f62 2892}
9fbcbb45 2893
744cf19e 2894int mgmt_connectable(struct hci_dev *hdev, u8 connectable)
9fbcbb45 2895{
76a7f3a4 2896 struct cmd_lookup match = { NULL, hdev };
5e5282bb
JH		 2897 bool changed = false;
2898 int err = 0;
9fbcbb45 2899
5e5282bb
JH		 2900 if (connectable) {
2901 if (!test_and_set_bit(HCI_CONNECTABLE, &hdev->dev_flags))
2902 changed = true;
2903 } else {
2904 if (test_and_clear_bit(HCI_CONNECTABLE, &hdev->dev_flags))
2905 changed = true;
2906 }
9fbcbb45 2907
ed9b5f2f 2908 mgmt_pending_foreach(MGMT_OP_SET_CONNECTABLE, hdev, settings_rsp,
04124681 2909 &match);
ed9b5f2f 2910
beadb2bd
JH		 2911 if (changed)
2912 err = new_settings(hdev, match.sk);
9fbcbb45
JH		 2913
2914 if (match.sk)
2915 sock_put(match.sk);
2916
7bb895d6 2917 return err;
9fbcbb45 2918}
55ed8ca1 2919
744cf19e 2920int mgmt_write_scan_failed(struct hci_dev *hdev, u8 scan, u8 status)
2d7cee58 2921{
ca69b795
JH		 2922 u8 mgmt_err = mgmt_status(status);
2923
2d7cee58 2924 if (scan & SCAN_PAGE)
744cf19e 2925 mgmt_pending_foreach(MGMT_OP_SET_CONNECTABLE, hdev,
04124681 2926 cmd_status_rsp, &mgmt_err);
2d7cee58
JH		 2927
2928 if (scan & SCAN_INQUIRY)
744cf19e 2929 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, hdev,
04124681 2930 cmd_status_rsp, &mgmt_err);
2d7cee58
JH		 2931
2932 return 0;
2933}
2934
745c0ce3 2935int mgmt_new_link_key(struct hci_dev *hdev, struct link_key *key, bool persistent)
55ed8ca1 2936{
86742e1e 2937 struct mgmt_ev_new_link_key ev;
55ed8ca1 2938
a492cd52 2939 memset(&ev, 0, sizeof(ev));
55ed8ca1 2940
a492cd52 2941 ev.store_hint = persistent;
d753fdc4
JH		 2942 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
2943 ev.key.addr.type = MGMT_ADDR_BREDR;
a492cd52
VCG		 2944 ev.key.type = key->type;
2945 memcpy(ev.key.val, key->val, 16);
2946 ev.key.pin_len = key->pin_len;
55ed8ca1 2947
744cf19e 2948 return mgmt_event(MGMT_EV_NEW_LINK_KEY, hdev, &ev, sizeof(ev), NULL);
55ed8ca1 2949}
f7520543 2950
346af67b
VCG		 2951int mgmt_new_ltk(struct hci_dev *hdev, struct smp_ltk *key, u8 persistent)
2952{
2953 struct mgmt_ev_new_long_term_key ev;
2954
2955 memset(&ev, 0, sizeof(ev));
2956
2957 ev.store_hint = persistent;
2958 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
2959 ev.key.addr.type = key->bdaddr_type;
2960 ev.key.authenticated = key->authenticated;
2961 ev.key.enc_size = key->enc_size;
2962 ev.key.ediv = key->ediv;
2963
2964 if (key->type == HCI_SMP_LTK)
2965 ev.key.master = 1;
2966
2967 memcpy(ev.key.rand, key->rand, sizeof(key->rand));
2968 memcpy(ev.key.val, key->val, sizeof(key->val));
2969
04124681
GP		 2970 return mgmt_event(MGMT_EV_NEW_LONG_TERM_KEY, hdev, &ev, sizeof(ev),
2971 NULL);
346af67b
VCG		 2972}
2973
afc747a6 2974int mgmt_device_connected(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
04124681
GP		 2975 u8 addr_type, u32 flags, u8 *name, u8 name_len,
2976 u8 *dev_class)
f7520543 2977{
b644ba33
JH		 2978 char buf[512];
2979 struct mgmt_ev_device_connected *ev = (void *) buf;
2980 u16 eir_len = 0;
f7520543 2981
b644ba33
JH		 2982 bacpy(&ev->addr.bdaddr, bdaddr);
2983 ev->addr.type = link_to_mgmt(link_type, addr_type);
f7520543 2984
c95f0ba7 2985 ev->flags = __cpu_to_le32(flags);
08c79b61 2986
b644ba33
JH		 2987 if (name_len > 0)
2988 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE,
04124681 2989 name, name_len);
b644ba33
JH		 2990
2991 if (dev_class && memcmp(dev_class, "\0\0\0", 3) != 0)
53156385 2992 eir_len = eir_append_data(ev->eir, eir_len,
04124681 2993 EIR_CLASS_OF_DEV, dev_class, 3);
b644ba33
JH		 2994
2995 put_unaligned_le16(eir_len, &ev->eir_len);
2996
2997 return mgmt_event(MGMT_EV_DEVICE_CONNECTED, hdev, buf,
04124681 2998 sizeof(*ev) + eir_len, NULL);
f7520543
JH		 2999}
3000
8962ee74
JH		 3001static void disconnect_rsp(struct pending_cmd *cmd, void *data)
3002{
c68fb7ff 3003 struct mgmt_cp_disconnect *cp = cmd->param;
8962ee74 3004 struct sock **sk = data;
a38528f1 3005 struct mgmt_rp_disconnect rp;
8962ee74 3006
88c3df13
JH		 3007 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
3008 rp.addr.type = cp->addr.type;
8962ee74 3009
aee9b218 3010 cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT, 0, &rp,
04124681 3011 sizeof(rp));
8962ee74
JH		 3012
3013 *sk = cmd->sk;
3014 sock_hold(*sk);
3015
a664b5bc 3016 mgmt_pending_remove(cmd);
8962ee74
JH		 3017}
3018
124f6e35 3019static void unpair_device_rsp(struct pending_cmd *cmd, void *data)
a8a1d19e 3020{
b1078ad0 3021 struct hci_dev *hdev = data;
124f6e35
JH		 3022 struct mgmt_cp_unpair_device *cp = cmd->param;
3023 struct mgmt_rp_unpair_device rp;
a8a1d19e
JH		 3024
3025 memset(&rp, 0, sizeof(rp));
124f6e35
JH		 3026 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
3027 rp.addr.type = cp->addr.type;
a8a1d19e 3028
b1078ad0
JH		 3029 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, cmd->sk);
3030
aee9b218 3031 cmd_complete(cmd->sk, cmd->index, cmd->opcode, 0, &rp, sizeof(rp));
a8a1d19e
JH		 3032
3033 mgmt_pending_remove(cmd);
3034}
3035
afc747a6 3036int mgmt_device_disconnected(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 3037 u8 link_type, u8 addr_type)
f7520543 3038{
4c659c39 3039 struct mgmt_addr_info ev;
8962ee74
JH		 3040 struct sock *sk = NULL;
3041 int err;
3042
744cf19e 3043 mgmt_pending_foreach(MGMT_OP_DISCONNECT, hdev, disconnect_rsp, &sk);
f7520543 3044
f7520543 3045 bacpy(&ev.bdaddr, bdaddr);
48264f06 3046 ev.type = link_to_mgmt(link_type, addr_type);
f7520543 3047
afc747a6 3048 err = mgmt_event(MGMT_EV_DEVICE_DISCONNECTED, hdev, &ev, sizeof(ev),
04124681 3049 sk);
8962ee74
JH		 3050
3051 if (sk)
04124681 3052 sock_put(sk);
8962ee74 3053
124f6e35 3054 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
04124681 3055 hdev);
a8a1d19e 3056
8962ee74
JH		 3057 return err;
3058}
3059
88c3df13 3060int mgmt_disconnect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 3061 u8 link_type, u8 addr_type, u8 status)
8962ee74 3062{
88c3df13 3063 struct mgmt_rp_disconnect rp;
8962ee74
JH		 3064 struct pending_cmd *cmd;
3065 int err;
3066
2e58ef3e 3067 cmd = mgmt_pending_find(MGMT_OP_DISCONNECT, hdev);
8962ee74
JH		 3068 if (!cmd)
3069 return -ENOENT;
3070
88c3df13
JH		 3071 bacpy(&rp.addr.bdaddr, bdaddr);
3072 rp.addr.type = link_to_mgmt(link_type, addr_type);
37d9ef76 3073
88c3df13 3074 err = cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT,
04124681 3075 mgmt_status(status), &rp, sizeof(rp));
8962ee74 3076
a664b5bc 3077 mgmt_pending_remove(cmd);
8962ee74 3078
b1078ad0
JH		 3079 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
3080 hdev);
8962ee74 3081 return err;
f7520543 3082}
17d5c04c 3083
48264f06 3084int mgmt_connect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
04124681 3085 u8 addr_type, u8 status)
17d5c04c
JH		 3086{
3087 struct mgmt_ev_connect_failed ev;
3088
4c659c39 3089 bacpy(&ev.addr.bdaddr, bdaddr);
48264f06 3090 ev.addr.type = link_to_mgmt(link_type, addr_type);
ca69b795 3091 ev.status = mgmt_status(status);
17d5c04c 3092
744cf19e 3093 return mgmt_event(MGMT_EV_CONNECT_FAILED, hdev, &ev, sizeof(ev), NULL);
17d5c04c 3094}
980e1a53 3095
744cf19e 3096int mgmt_pin_code_request(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 secure)
980e1a53
JH		 3097{
3098 struct mgmt_ev_pin_code_request ev;
3099
d8457698
JH		 3100 bacpy(&ev.addr.bdaddr, bdaddr);
3101 ev.addr.type = MGMT_ADDR_BREDR;
a770bb5a 3102 ev.secure = secure;
980e1a53 3103
744cf19e 3104 return mgmt_event(MGMT_EV_PIN_CODE_REQUEST, hdev, &ev, sizeof(ev),
04124681 3105 NULL);
980e1a53
JH		 3106}
3107
744cf19e 3108int mgmt_pin_code_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 3109 u8 status)
980e1a53
JH		 3110{
3111 struct pending_cmd *cmd;
ac56fb13 3112 struct mgmt_rp_pin_code_reply rp;
980e1a53
JH		 3113 int err;
3114
2e58ef3e 3115 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_REPLY, hdev);
980e1a53
JH		 3116 if (!cmd)
3117 return -ENOENT;
3118
d8457698
JH		 3119 bacpy(&rp.addr.bdaddr, bdaddr);
3120 rp.addr.type = MGMT_ADDR_BREDR;
ac56fb13 3121
aee9b218 3122 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
04124681 3123 mgmt_status(status), &rp, sizeof(rp));
980e1a53 3124
a664b5bc 3125 mgmt_pending_remove(cmd);
980e1a53
JH		 3126
3127 return err;
3128}
3129
744cf19e 3130int mgmt_pin_code_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 3131 u8 status)
980e1a53
JH		 3132{
3133 struct pending_cmd *cmd;
ac56fb13 3134 struct mgmt_rp_pin_code_reply rp;
980e1a53
JH		 3135 int err;
3136
2e58ef3e 3137 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_NEG_REPLY, hdev);
980e1a53
JH		 3138 if (!cmd)
3139 return -ENOENT;
3140
d8457698
JH		 3141 bacpy(&rp.addr.bdaddr, bdaddr);
3142 rp.addr.type = MGMT_ADDR_BREDR;
ac56fb13 3143
aee9b218 3144 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_NEG_REPLY,
04124681 3145 mgmt_status(status), &rp, sizeof(rp));
980e1a53 3146
a664b5bc 3147 mgmt_pending_remove(cmd);
980e1a53
JH		 3148
3149 return err;
3150}
a5c29683 3151
744cf19e 3152int mgmt_user_confirm_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681
GP		 3153 u8 link_type, u8 addr_type, __le32 value,
3154 u8 confirm_hint)
a5c29683
JH		 3155{
3156 struct mgmt_ev_user_confirm_request ev;
3157
744cf19e 3158 BT_DBG("%s", hdev->name);
a5c29683 3159
272d90df
JH		 3160 bacpy(&ev.addr.bdaddr, bdaddr);
3161 ev.addr.type = link_to_mgmt(link_type, addr_type);
55bc1a37 3162 ev.confirm_hint = confirm_hint;
78e8098e 3163 ev.value = value;
a5c29683 3164
744cf19e 3165 return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST, hdev, &ev, sizeof(ev),
04124681 3166 NULL);
a5c29683
JH		 3167}
3168
272d90df
JH		 3169int mgmt_user_passkey_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
3170 u8 link_type, u8 addr_type)
604086b7
BG		 3171{
3172 struct mgmt_ev_user_passkey_request ev;
3173
3174 BT_DBG("%s", hdev->name);
3175
272d90df
JH		 3176 bacpy(&ev.addr.bdaddr, bdaddr);
3177 ev.addr.type = link_to_mgmt(link_type, addr_type);
604086b7
BG		 3178
3179 return mgmt_event(MGMT_EV_USER_PASSKEY_REQUEST, hdev, &ev, sizeof(ev),
04124681 3180 NULL);
604086b7
BG		 3181}
3182
0df4c185 3183static int user_pairing_resp_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
272d90df
JH		 3184 u8 link_type, u8 addr_type, u8 status,
3185 u8 opcode)
a5c29683
JH		 3186{
3187 struct pending_cmd *cmd;
3188 struct mgmt_rp_user_confirm_reply rp;
3189 int err;
3190
2e58ef3e 3191 cmd = mgmt_pending_find(opcode, hdev);
a5c29683
JH		 3192 if (!cmd)
3193 return -ENOENT;
3194
272d90df
JH		 3195 bacpy(&rp.addr.bdaddr, bdaddr);
3196 rp.addr.type = link_to_mgmt(link_type, addr_type);
aee9b218 3197 err = cmd_complete(cmd->sk, hdev->id, opcode, mgmt_status(status),
04124681 3198 &rp, sizeof(rp));
a5c29683 3199
a664b5bc 3200 mgmt_pending_remove(cmd);
a5c29683
JH		 3201
3202 return err;
3203}
3204
744cf19e 3205int mgmt_user_confirm_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 3206 u8 link_type, u8 addr_type, u8 status)
a5c29683 3207{
272d90df 3208 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
04124681 3209 status, MGMT_OP_USER_CONFIRM_REPLY);
a5c29683
JH		 3210}
3211
272d90df 3212int mgmt_user_confirm_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 3213 u8 link_type, u8 addr_type, u8 status)
a5c29683 3214{
272d90df 3215 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
04124681 3216 status, MGMT_OP_USER_CONFIRM_NEG_REPLY);
a5c29683 3217}
2a611692 3218
604086b7 3219int mgmt_user_passkey_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 3220 u8 link_type, u8 addr_type, u8 status)
604086b7 3221{
272d90df 3222 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
04124681 3223 status, MGMT_OP_USER_PASSKEY_REPLY);
604086b7
BG		 3224}
3225
272d90df 3226int mgmt_user_passkey_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 3227 u8 link_type, u8 addr_type, u8 status)
604086b7 3228{
272d90df 3229 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
04124681 3230 status, MGMT_OP_USER_PASSKEY_NEG_REPLY);
604086b7
BG		 3231}
3232
bab73cb6 3233int mgmt_auth_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
04124681 3234 u8 addr_type, u8 status)
2a611692
JH		 3235{
3236 struct mgmt_ev_auth_failed ev;
3237
bab73cb6
JH		 3238 bacpy(&ev.addr.bdaddr, bdaddr);
3239 ev.addr.type = link_to_mgmt(link_type, addr_type);
ca69b795 3240 ev.status = mgmt_status(status);
2a611692 3241
744cf19e 3242 return mgmt_event(MGMT_EV_AUTH_FAILED, hdev, &ev, sizeof(ev), NULL);
2a611692 3243}
b312b161 3244
33ef95ed
JH		 3245int mgmt_auth_enable_complete(struct hci_dev *hdev, u8 status)
3246{
3247 struct cmd_lookup match = { NULL, hdev };
47990ea0
JH		 3248 bool changed = false;
3249 int err = 0;
33ef95ed
JH		 3250
3251 if (status) {
3252 u8 mgmt_err = mgmt_status(status);
3253 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev,
04124681 3254 cmd_status_rsp, &mgmt_err);
33ef95ed
JH		 3255 return 0;
3256 }
3257
47990ea0
JH		 3258 if (test_bit(HCI_AUTH, &hdev->flags)) {
3259 if (!test_and_set_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
3260 changed = true;
3261 } else {
3262 if (test_and_clear_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
3263 changed = true;
3264 }
3265
33ef95ed 3266 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev, settings_rsp,
04124681 3267 &match);
33ef95ed 3268
47990ea0
JH		 3269 if (changed)
3270 err = new_settings(hdev, match.sk);
33ef95ed
JH		 3271
3272 if (match.sk)
3273 sock_put(match.sk);
3274
3275 return err;
3276}
3277
cacaf52f
JH		 3278static int clear_eir(struct hci_dev *hdev)
3279{
3280 struct hci_cp_write_eir cp;
3281
3282 if (!(hdev->features[6] & LMP_EXT_INQ))
3283 return 0;
3284
c80da27e
JH		 3285 memset(hdev->eir, 0, sizeof(hdev->eir));
3286
cacaf52f
JH		 3287 memset(&cp, 0, sizeof(cp));
3288
3289 return hci_send_cmd(hdev, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
3290}
3291
c0ecddc2 3292int mgmt_ssp_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
ed2c4ee3
JH		 3293{
3294 struct cmd_lookup match = { NULL, hdev };
c0ecddc2
JH		 3295 bool changed = false;
3296 int err = 0;
ed2c4ee3
JH		 3297
3298 if (status) {
3299 u8 mgmt_err = mgmt_status(status);
c0ecddc2
JH		 3300
3301 if (enable && test_and_clear_bit(HCI_SSP_ENABLED,
04124681 3302 &hdev->dev_flags))
c0ecddc2
JH		 3303 err = new_settings(hdev, NULL);
3304
04124681
GP		 3305 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, cmd_status_rsp,
3306 &mgmt_err);
c0ecddc2
JH		 3307
3308 return err;
3309 }
3310
3311 if (enable) {
3312 if (!test_and_set_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
3313 changed = true;
3314 } else {
3315 if (test_and_clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
3316 changed = true;
ed2c4ee3
JH		 3317 }
3318
3319 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, settings_rsp, &match);
3320
c0ecddc2
JH		 3321 if (changed)
3322 err = new_settings(hdev, match.sk);
ed2c4ee3 3323
5fc6ebb1 3324 if (match.sk)
ed2c4ee3
JH		 3325 sock_put(match.sk);
3326
5fc6ebb1
JH		 3327 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
3328 update_eir(hdev);
3329 else
3330 clear_eir(hdev);
cacaf52f 3331
ed2c4ee3
JH		 3332 return err;
3333}
3334
90e70454
JH		 3335static void class_rsp(struct pending_cmd *cmd, void *data)
3336{
3337 struct cmd_lookup *match = data;
3338
3339 cmd_complete(cmd->sk, cmd->index, cmd->opcode, match->mgmt_status,
04124681 3340 match->hdev->dev_class, 3);
90e70454
JH		 3341
3342 list_del(&cmd->list);
3343
3344 if (match->sk == NULL) {
3345 match->sk = cmd->sk;
3346 sock_hold(match->sk);
3347 }
3348
3349 mgmt_pending_free(cmd);
3350}
3351
7f9a903c 3352int mgmt_set_class_of_dev_complete(struct hci_dev *hdev, u8 *dev_class,
04124681 3353 u8 status)
7f9a903c 3354{
90e70454
JH		 3355 struct cmd_lookup match = { NULL, hdev, mgmt_status(status) };
3356 int err = 0;
7f9a903c 3357
c95f0ba7
JH		 3358 clear_bit(HCI_PENDING_CLASS, &hdev->dev_flags);
3359
90e70454
JH		 3360 mgmt_pending_foreach(MGMT_OP_SET_DEV_CLASS, hdev, class_rsp, &match);
3361 mgmt_pending_foreach(MGMT_OP_ADD_UUID, hdev, class_rsp, &match);
3362 mgmt_pending_foreach(MGMT_OP_REMOVE_UUID, hdev, class_rsp, &match);
3363
3364 if (!status)
04124681
GP		 3365 err = mgmt_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev, dev_class,
3366 3, NULL);
90e70454
JH		 3367
3368 if (match.sk)
3369 sock_put(match.sk);
7f9a903c
MH		 3370
3371 return err;
3372}
3373
744cf19e 3374int mgmt_set_local_name_complete(struct hci_dev *hdev, u8 *name, u8 status)
b312b161
JH		 3375{
3376 struct pending_cmd *cmd;
3377 struct mgmt_cp_set_local_name ev;
28cc7bde
JH		 3378 bool changed = false;
3379 int err = 0;
3380
3381 if (memcmp(name, hdev->dev_name, sizeof(hdev->dev_name)) != 0) {
3382 memcpy(hdev->dev_name, name, sizeof(hdev->dev_name));
3383 changed = true;
3384 }
b312b161
JH		 3385
3386 memset(&ev, 0, sizeof(ev));
3387 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH);
28cc7bde 3388 memcpy(ev.short_name, hdev->short_name, HCI_MAX_SHORT_NAME_LENGTH);
b312b161 3389
2e58ef3e 3390 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
b312b161
JH		 3391 if (!cmd)
3392 goto send_event;
3393
7bdaae4a
JH		 3394 /* Always assume that either the short or the complete name has
3395 * changed if there was a pending mgmt command */
3396 changed = true;
3397
b312b161 3398 if (status) {
744cf19e 3399 err = cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME,
04124681 3400 mgmt_status(status));
b312b161
JH		 3401 goto failed;
3402 }
3403
aee9b218 3404 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0, &ev,
04124681 3405 sizeof(ev));
b312b161
JH		 3406 if (err < 0)
3407 goto failed;
3408
3409send_event:
28cc7bde
JH		 3410 if (changed)
3411 err = mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, &ev,
04124681 3412 sizeof(ev), cmd ? cmd->sk : NULL);
28cc7bde 3413
f51d5b24 3414 update_eir(hdev);
b312b161
JH		 3415
3416failed:
3417 if (cmd)
3418 mgmt_pending_remove(cmd);
3419 return err;
3420}
c35938b2 3421
744cf19e 3422int mgmt_read_local_oob_data_reply_complete(struct hci_dev *hdev, u8 *hash,
04124681 3423 u8 *randomizer, u8 status)
c35938b2
SJ		 3424{
3425 struct pending_cmd *cmd;
3426 int err;
3427
744cf19e 3428 BT_DBG("%s status %u", hdev->name, status);
c35938b2 3429
2e58ef3e 3430 cmd = mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev);
c35938b2
SJ		 3431 if (!cmd)
3432 return -ENOENT;
3433
3434 if (status) {
04124681
GP		 3435 err = cmd_status(cmd->sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3436 mgmt_status(status));
c35938b2
SJ		 3437 } else {
3438 struct mgmt_rp_read_local_oob_data rp;
3439
3440 memcpy(rp.hash, hash, sizeof(rp.hash));
3441 memcpy(rp.randomizer, randomizer, sizeof(rp.randomizer));
3442
744cf19e 3443 err = cmd_complete(cmd->sk, hdev->id,
04124681
GP		 3444 MGMT_OP_READ_LOCAL_OOB_DATA, 0, &rp,
3445 sizeof(rp));
c35938b2
SJ		 3446 }
3447
3448 mgmt_pending_remove(cmd);
3449
3450 return err;
3451}
e17acd40 3452
06199cf8
JH		 3453int mgmt_le_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
3454{
3455 struct cmd_lookup match = { NULL, hdev };
3456 bool changed = false;
3457 int err = 0;
3458
3459 if (status) {
3460 u8 mgmt_err = mgmt_status(status);
3461
3462 if (enable && test_and_clear_bit(HCI_LE_ENABLED,
04124681
GP		 3463 &hdev->dev_flags))
3464 err = new_settings(hdev, NULL);
06199cf8
JH		 3465
3466 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev,
04124681 3467 cmd_status_rsp, &mgmt_err);
06199cf8
JH		 3468
3469 return err;
3470 }
3471
3472 if (enable) {
3473 if (!test_and_set_bit(HCI_LE_ENABLED, &hdev->dev_flags))
3474 changed = true;
3475 } else {
3476 if (test_and_clear_bit(HCI_LE_ENABLED, &hdev->dev_flags))
3477 changed = true;
3478 }
3479
3480 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, settings_rsp, &match);
3481
3482 if (changed)
3483 err = new_settings(hdev, match.sk);
3484
3485 if (match.sk)
3486 sock_put(match.sk);
3487
3488 return err;
3489}
3490
48264f06 3491int mgmt_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
04124681
GP		 3492 u8 addr_type, u8 *dev_class, s8 rssi, u8 cfm_name, u8
3493 ssp, u8 *eir, u16 eir_len)
e17acd40 3494{
e319d2e7
JH		 3495 char buf[512];
3496 struct mgmt_ev_device_found *ev = (void *) buf;
1dc06093 3497 size_t ev_size;
e17acd40 3498
1dc06093
JH		 3499 /* Leave 5 bytes for a potential CoD field */
3500 if (sizeof(*ev) + eir_len + 5 > sizeof(buf))
7d262f86
AG		 3501 return -EINVAL;
3502
1dc06093
JH		 3503 memset(buf, 0, sizeof(buf));
3504
e319d2e7
JH		 3505 bacpy(&ev->addr.bdaddr, bdaddr);
3506 ev->addr.type = link_to_mgmt(link_type, addr_type);
3507 ev->rssi = rssi;
9a395a80
JH		 3508 if (cfm_name)
3509 ev->flags[0] |= MGMT_DEV_FOUND_CONFIRM_NAME;
388fc8fa
JH		 3510 if (!ssp)
3511 ev->flags[0] |= MGMT_DEV_FOUND_LEGACY_PAIRING;
e17acd40 3512
1dc06093 3513 if (eir_len > 0)
e319d2e7 3514 memcpy(ev->eir, eir, eir_len);
e17acd40 3515
1dc06093
JH		 3516 if (dev_class && !eir_has_data_type(ev->eir, eir_len, EIR_CLASS_OF_DEV))
3517 eir_len = eir_append_data(ev->eir, eir_len, EIR_CLASS_OF_DEV,
04124681 3518 dev_class, 3);
1dc06093
JH		 3519
3520 put_unaligned_le16(eir_len, &ev->eir_len);
3521
3522 ev_size = sizeof(*ev) + eir_len;
f8523598 3523
e319d2e7 3524 return mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, ev_size, NULL);
e17acd40 3525}
a88a9652 3526
b644ba33 3527int mgmt_remote_name(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
04124681 3528 u8 addr_type, s8 rssi, u8 *name, u8 name_len)
a88a9652 3529{
b644ba33
JH		 3530 struct mgmt_ev_device_found *ev;
3531 char buf[sizeof(*ev) + HCI_MAX_NAME_LENGTH + 2];
3532 u16 eir_len;
a88a9652 3533
b644ba33 3534 ev = (struct mgmt_ev_device_found *) buf;
a88a9652 3535
b644ba33
JH		 3536 memset(buf, 0, sizeof(buf));
3537
3538 bacpy(&ev->addr.bdaddr, bdaddr);
3539 ev->addr.type = link_to_mgmt(link_type, addr_type);
3540 ev->rssi = rssi;
3541
3542 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE, name,
04124681 3543 name_len);
b644ba33
JH		 3544
3545 put_unaligned_le16(eir_len, &ev->eir_len);
a88a9652 3546
053c7e0c 3547 return mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev,
04124681 3548 sizeof(*ev) + eir_len, NULL);
a88a9652 3549}
314b2381 3550
7a135109 3551int mgmt_start_discovery_failed(struct hci_dev *hdev, u8 status)
164a6e78
JH		 3552{
3553 struct pending_cmd *cmd;
f808e166 3554 u8 type;
164a6e78
JH		 3555 int err;
3556
203159d4
AG		 3557 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
3558
2e58ef3e 3559 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
164a6e78
JH		 3560 if (!cmd)
3561 return -ENOENT;
3562
f808e166
JH		 3563 type = hdev->discovery.type;
3564
3565 err = cmd_complete(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status),
04124681 3566 &type, sizeof(type));
164a6e78
JH		 3567 mgmt_pending_remove(cmd);
3568
3569 return err;
3570}
3571
e6d465cb
AG		 3572int mgmt_stop_discovery_failed(struct hci_dev *hdev, u8 status)
3573{
3574 struct pending_cmd *cmd;
3575 int err;
3576
3577 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
3578 if (!cmd)
3579 return -ENOENT;
3580
d930650b 3581 err = cmd_complete(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status),
04124681 3582 &hdev->discovery.type, sizeof(hdev->discovery.type));
164a6e78
JH		 3583 mgmt_pending_remove(cmd);
3584
3585 return err;
3586}
3587
744cf19e 3588int mgmt_discovering(struct hci_dev *hdev, u8 discovering)
314b2381 3589{
f963e8e9 3590 struct mgmt_ev_discovering ev;
164a6e78
JH		 3591 struct pending_cmd *cmd;
3592
343fb145
AG		 3593 BT_DBG("%s discovering %u", hdev->name, discovering);
3594
164a6e78 3595 if (discovering)
2e58ef3e 3596 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
164a6e78 3597 else
2e58ef3e 3598 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
164a6e78
JH		 3599
3600 if (cmd != NULL) {
f808e166
JH		 3601 u8 type = hdev->discovery.type;
3602
04124681
GP		 3603 cmd_complete(cmd->sk, hdev->id, cmd->opcode, 0, &type,
3604 sizeof(type));
164a6e78
JH		 3605 mgmt_pending_remove(cmd);
3606 }
3607
f963e8e9
JH		 3608 memset(&ev, 0, sizeof(ev));
3609 ev.type = hdev->discovery.type;
3610 ev.discovering = discovering;
3611
3612 return mgmt_event(MGMT_EV_DISCOVERING, hdev, &ev, sizeof(ev), NULL);
314b2381 3613}
5e762444 3614
88c1fe4b 3615int mgmt_device_blocked(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
5e762444
AJ		 3616{
3617 struct pending_cmd *cmd;
3618 struct mgmt_ev_device_blocked ev;
3619
2e58ef3e 3620 cmd = mgmt_pending_find(MGMT_OP_BLOCK_DEVICE, hdev);
5e762444 3621
88c1fe4b
JH		 3622 bacpy(&ev.addr.bdaddr, bdaddr);
3623 ev.addr.type = type;
5e762444 3624
744cf19e 3625 return mgmt_event(MGMT_EV_DEVICE_BLOCKED, hdev, &ev, sizeof(ev),
04124681 3626 cmd ? cmd->sk : NULL);
5e762444
AJ		 3627}
3628
88c1fe4b 3629int mgmt_device_unblocked(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
5e762444
AJ		 3630{
3631 struct pending_cmd *cmd;
3632 struct mgmt_ev_device_unblocked ev;
3633
2e58ef3e 3634 cmd = mgmt_pending_find(MGMT_OP_UNBLOCK_DEVICE, hdev);
5e762444 3635
88c1fe4b
JH		 3636 bacpy(&ev.addr.bdaddr, bdaddr);
3637 ev.addr.type = type;
5e762444 3638
744cf19e 3639 return mgmt_event(MGMT_EV_DEVICE_UNBLOCKED, hdev, &ev, sizeof(ev),
04124681 3640 cmd ? cmd->sk : NULL);
5e762444 3641}
d7b7e796
MH		 3642
3643module_param(enable_hs, bool, 0644);
3644MODULE_PARM_DESC(enable_hs, "Enable High Speed support");
3645
3646module_param(enable_le, bool, 0644);
3647MODULE_PARM_DESC(enable_le, "Enable Low Energy support");
Ubuntu Artful kernel mirror