]> git.proxmox.com Git - mirror_ubuntu-zesty-kernel.git/blame - net/bluetooth/mgmt.c
projects / mirror_ubuntu-zesty-kernel.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Bluetooth: Add management command for setting static address
[mirror_ubuntu-zesty-kernel.git] / net / bluetooth / mgmt.c
CommitLineData
0381101f
JH		 1/*
2 BlueZ - Bluetooth protocol stack for Linux
ea585ab5 3
0381101f 4 Copyright (C) 2010 Nokia Corporation
ea585ab5 5 Copyright (C) 2011-2012 Intel Corporation
0381101f
JH		 6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
10
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
23*/
24
25/* Bluetooth HCI Management interface */
26
3a9a231d 27#include <linux/module.h>
0381101f
JH		 28#include <asm/unaligned.h>
29
30#include <net/bluetooth/bluetooth.h>
31#include <net/bluetooth/hci_core.h>
32#include <net/bluetooth/mgmt.h>
5fe57d9e 33#include <net/bluetooth/smp.h>
0381101f 34
2da9c55c 35#define MGMT_VERSION 1
3810285c 36#define MGMT_REVISION 3
02d98129 37
e70bb2e8
JH		 38static const u16 mgmt_commands[] = {
39 MGMT_OP_READ_INDEX_LIST,
40 MGMT_OP_READ_INFO,
41 MGMT_OP_SET_POWERED,
42 MGMT_OP_SET_DISCOVERABLE,
43 MGMT_OP_SET_CONNECTABLE,
44 MGMT_OP_SET_FAST_CONNECTABLE,
45 MGMT_OP_SET_PAIRABLE,
46 MGMT_OP_SET_LINK_SECURITY,
47 MGMT_OP_SET_SSP,
48 MGMT_OP_SET_HS,
49 MGMT_OP_SET_LE,
50 MGMT_OP_SET_DEV_CLASS,
51 MGMT_OP_SET_LOCAL_NAME,
52 MGMT_OP_ADD_UUID,
53 MGMT_OP_REMOVE_UUID,
54 MGMT_OP_LOAD_LINK_KEYS,
55 MGMT_OP_LOAD_LONG_TERM_KEYS,
56 MGMT_OP_DISCONNECT,
57 MGMT_OP_GET_CONNECTIONS,
58 MGMT_OP_PIN_CODE_REPLY,
59 MGMT_OP_PIN_CODE_NEG_REPLY,
60 MGMT_OP_SET_IO_CAPABILITY,
61 MGMT_OP_PAIR_DEVICE,
62 MGMT_OP_CANCEL_PAIR_DEVICE,
63 MGMT_OP_UNPAIR_DEVICE,
64 MGMT_OP_USER_CONFIRM_REPLY,
65 MGMT_OP_USER_CONFIRM_NEG_REPLY,
66 MGMT_OP_USER_PASSKEY_REPLY,
67 MGMT_OP_USER_PASSKEY_NEG_REPLY,
68 MGMT_OP_READ_LOCAL_OOB_DATA,
69 MGMT_OP_ADD_REMOTE_OOB_DATA,
70 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
71 MGMT_OP_START_DISCOVERY,
72 MGMT_OP_STOP_DISCOVERY,
73 MGMT_OP_CONFIRM_NAME,
74 MGMT_OP_BLOCK_DEVICE,
75 MGMT_OP_UNBLOCK_DEVICE,
cdbaccca 76 MGMT_OP_SET_DEVICE_ID,
4375f103 77 MGMT_OP_SET_ADVERTISING,
0663ca2a 78 MGMT_OP_SET_BREDR,
d13eafce 79 MGMT_OP_SET_STATIC_ADDRESS,
e70bb2e8
JH		 80};
81
82static const u16 mgmt_events[] = {
83 MGMT_EV_CONTROLLER_ERROR,
84 MGMT_EV_INDEX_ADDED,
85 MGMT_EV_INDEX_REMOVED,
86 MGMT_EV_NEW_SETTINGS,
87 MGMT_EV_CLASS_OF_DEV_CHANGED,
88 MGMT_EV_LOCAL_NAME_CHANGED,
89 MGMT_EV_NEW_LINK_KEY,
90 MGMT_EV_NEW_LONG_TERM_KEY,
91 MGMT_EV_DEVICE_CONNECTED,
92 MGMT_EV_DEVICE_DISCONNECTED,
93 MGMT_EV_CONNECT_FAILED,
94 MGMT_EV_PIN_CODE_REQUEST,
95 MGMT_EV_USER_CONFIRM_REQUEST,
96 MGMT_EV_USER_PASSKEY_REQUEST,
97 MGMT_EV_AUTH_FAILED,
98 MGMT_EV_DEVICE_FOUND,
99 MGMT_EV_DISCOVERING,
100 MGMT_EV_DEVICE_BLOCKED,
101 MGMT_EV_DEVICE_UNBLOCKED,
102 MGMT_EV_DEVICE_UNPAIRED,
92a25256 103 MGMT_EV_PASSKEY_NOTIFY,
e70bb2e8
JH		 104};
105
17b02e62 106#define CACHE_TIMEOUT msecs_to_jiffies(2 * 1000)
7d78525d 107
4b34ee78
JH		 108#define hdev_is_powered(hdev) (test_bit(HCI_UP, &hdev->flags) && \
109 !test_bit(HCI_AUTO_OFF, &hdev->dev_flags))
110
eec8d2bc
JH		 111struct pending_cmd {
112 struct list_head list;
fc2f4b13 113 u16 opcode;
eec8d2bc 114 int index;
c68fb7ff 115 void *param;
eec8d2bc 116 struct sock *sk;
e9a416b5 117 void *user_data;
eec8d2bc
JH		 118};
119
ca69b795
JH		 120/* HCI to MGMT error code conversion table */
121static u8 mgmt_status_table[] = {
122 MGMT_STATUS_SUCCESS,
123 MGMT_STATUS_UNKNOWN_COMMAND, /* Unknown Command */
124 MGMT_STATUS_NOT_CONNECTED, /* No Connection */
125 MGMT_STATUS_FAILED, /* Hardware Failure */
126 MGMT_STATUS_CONNECT_FAILED, /* Page Timeout */
127 MGMT_STATUS_AUTH_FAILED, /* Authentication Failed */
128 MGMT_STATUS_NOT_PAIRED, /* PIN or Key Missing */
129 MGMT_STATUS_NO_RESOURCES, /* Memory Full */
130 MGMT_STATUS_TIMEOUT, /* Connection Timeout */
131 MGMT_STATUS_NO_RESOURCES, /* Max Number of Connections */
132 MGMT_STATUS_NO_RESOURCES, /* Max Number of SCO Connections */
133 MGMT_STATUS_ALREADY_CONNECTED, /* ACL Connection Exists */
134 MGMT_STATUS_BUSY, /* Command Disallowed */
135 MGMT_STATUS_NO_RESOURCES, /* Rejected Limited Resources */
136 MGMT_STATUS_REJECTED, /* Rejected Security */
137 MGMT_STATUS_REJECTED, /* Rejected Personal */
138 MGMT_STATUS_TIMEOUT, /* Host Timeout */
139 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Feature */
140 MGMT_STATUS_INVALID_PARAMS, /* Invalid Parameters */
141 MGMT_STATUS_DISCONNECTED, /* OE User Ended Connection */
142 MGMT_STATUS_NO_RESOURCES, /* OE Low Resources */
143 MGMT_STATUS_DISCONNECTED, /* OE Power Off */
144 MGMT_STATUS_DISCONNECTED, /* Connection Terminated */
145 MGMT_STATUS_BUSY, /* Repeated Attempts */
146 MGMT_STATUS_REJECTED, /* Pairing Not Allowed */
147 MGMT_STATUS_FAILED, /* Unknown LMP PDU */
148 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Remote Feature */
149 MGMT_STATUS_REJECTED, /* SCO Offset Rejected */
150 MGMT_STATUS_REJECTED, /* SCO Interval Rejected */
151 MGMT_STATUS_REJECTED, /* Air Mode Rejected */
152 MGMT_STATUS_INVALID_PARAMS, /* Invalid LMP Parameters */
153 MGMT_STATUS_FAILED, /* Unspecified Error */
154 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported LMP Parameter Value */
155 MGMT_STATUS_FAILED, /* Role Change Not Allowed */
156 MGMT_STATUS_TIMEOUT, /* LMP Response Timeout */
157 MGMT_STATUS_FAILED, /* LMP Error Transaction Collision */
158 MGMT_STATUS_FAILED, /* LMP PDU Not Allowed */
159 MGMT_STATUS_REJECTED, /* Encryption Mode Not Accepted */
160 MGMT_STATUS_FAILED, /* Unit Link Key Used */
161 MGMT_STATUS_NOT_SUPPORTED, /* QoS Not Supported */
162 MGMT_STATUS_TIMEOUT, /* Instant Passed */
163 MGMT_STATUS_NOT_SUPPORTED, /* Pairing Not Supported */
164 MGMT_STATUS_FAILED, /* Transaction Collision */
165 MGMT_STATUS_INVALID_PARAMS, /* Unacceptable Parameter */
166 MGMT_STATUS_REJECTED, /* QoS Rejected */
167 MGMT_STATUS_NOT_SUPPORTED, /* Classification Not Supported */
168 MGMT_STATUS_REJECTED, /* Insufficient Security */
169 MGMT_STATUS_INVALID_PARAMS, /* Parameter Out Of Range */
170 MGMT_STATUS_BUSY, /* Role Switch Pending */
171 MGMT_STATUS_FAILED, /* Slot Violation */
172 MGMT_STATUS_FAILED, /* Role Switch Failed */
173 MGMT_STATUS_INVALID_PARAMS, /* EIR Too Large */
174 MGMT_STATUS_NOT_SUPPORTED, /* Simple Pairing Not Supported */
175 MGMT_STATUS_BUSY, /* Host Busy Pairing */
176 MGMT_STATUS_REJECTED, /* Rejected, No Suitable Channel */
177 MGMT_STATUS_BUSY, /* Controller Busy */
178 MGMT_STATUS_INVALID_PARAMS, /* Unsuitable Connection Interval */
179 MGMT_STATUS_TIMEOUT, /* Directed Advertising Timeout */
180 MGMT_STATUS_AUTH_FAILED, /* Terminated Due to MIC Failure */
181 MGMT_STATUS_CONNECT_FAILED, /* Connection Establishment Failed */
182 MGMT_STATUS_CONNECT_FAILED, /* MAC Connection Failed */
183};
184
bb4b2a9a
AE		 185bool mgmt_valid_hdev(struct hci_dev *hdev)
186{
187 return hdev->dev_type == HCI_BREDR;
188}
189
ca69b795
JH		 190static u8 mgmt_status(u8 hci_status)
191{
192 if (hci_status < ARRAY_SIZE(mgmt_status_table))
193 return mgmt_status_table[hci_status];
194
195 return MGMT_STATUS_FAILED;
196}
197
4e51eae9 198static int cmd_status(struct sock *sk, u16 index, u16 cmd, u8 status)
f7b64e69
JH		 199{
200 struct sk_buff *skb;
201 struct mgmt_hdr *hdr;
202 struct mgmt_ev_cmd_status *ev;
56b7d137 203 int err;
f7b64e69 204
34eb525c 205 BT_DBG("sock %p, index %u, cmd %u, status %u", sk, index, cmd, status);
f7b64e69 206
790eff44 207 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev), GFP_KERNEL);
f7b64e69
JH		 208 if (!skb)
209 return -ENOMEM;
210
211 hdr = (void *) skb_put(skb, sizeof(*hdr));
212
612dfce9 213 hdr->opcode = __constant_cpu_to_le16(MGMT_EV_CMD_STATUS);
4e51eae9 214 hdr->index = cpu_to_le16(index);
f7b64e69
JH		 215 hdr->len = cpu_to_le16(sizeof(*ev));
216
217 ev = (void *) skb_put(skb, sizeof(*ev));
218 ev->status = status;
eb55ef07 219 ev->opcode = cpu_to_le16(cmd);
f7b64e69 220
56b7d137
GP		 221 err = sock_queue_rcv_skb(sk, skb);
222 if (err < 0)
f7b64e69
JH		 223 kfree_skb(skb);
224
56b7d137 225 return err;
f7b64e69
JH		 226}
227
aee9b218 228static int cmd_complete(struct sock *sk, u16 index, u16 cmd, u8 status,
04124681 229 void *rp, size_t rp_len)
02d98129
JH		 230{
231 struct sk_buff *skb;
232 struct mgmt_hdr *hdr;
233 struct mgmt_ev_cmd_complete *ev;
56b7d137 234 int err;
02d98129
JH		 235
236 BT_DBG("sock %p", sk);
237
790eff44 238 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev) + rp_len, GFP_KERNEL);
02d98129
JH		 239 if (!skb)
240 return -ENOMEM;
241
242 hdr = (void *) skb_put(skb, sizeof(*hdr));
02d98129 243
612dfce9 244 hdr->opcode = __constant_cpu_to_le16(MGMT_EV_CMD_COMPLETE);
4e51eae9 245 hdr->index = cpu_to_le16(index);
a38528f1 246 hdr->len = cpu_to_le16(sizeof(*ev) + rp_len);
02d98129 247
a38528f1 248 ev = (void *) skb_put(skb, sizeof(*ev) + rp_len);
eb55ef07 249 ev->opcode = cpu_to_le16(cmd);
aee9b218 250 ev->status = status;
8020c16a
SJ		 251
252 if (rp)
253 memcpy(ev->data, rp, rp_len);
02d98129 254
56b7d137
GP		 255 err = sock_queue_rcv_skb(sk, skb);
256 if (err < 0)
02d98129
JH		 257 kfree_skb(skb);
258
e5f0e151 259 return err;
02d98129
JH		 260}
261
04124681
GP		 262static int read_version(struct sock *sk, struct hci_dev *hdev, void *data,
263 u16 data_len)
a38528f1
JH		 264{
265 struct mgmt_rp_read_version rp;
266
267 BT_DBG("sock %p", sk);
268
269 rp.version = MGMT_VERSION;
eb55ef07 270 rp.revision = __constant_cpu_to_le16(MGMT_REVISION);
a38528f1 271
aee9b218 272 return cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_VERSION, 0, &rp,
04124681 273 sizeof(rp));
a38528f1
JH		 274}
275
04124681
GP		 276static int read_commands(struct sock *sk, struct hci_dev *hdev, void *data,
277 u16 data_len)
e70bb2e8
JH		 278{
279 struct mgmt_rp_read_commands *rp;
eb55ef07
MH		 280 const u16 num_commands = ARRAY_SIZE(mgmt_commands);
281 const u16 num_events = ARRAY_SIZE(mgmt_events);
2e3c35ea 282 __le16 *opcode;
e70bb2e8
JH		 283 size_t rp_size;
284 int i, err;
285
286 BT_DBG("sock %p", sk);
287
288 rp_size = sizeof(*rp) + ((num_commands + num_events) * sizeof(u16));
289
290 rp = kmalloc(rp_size, GFP_KERNEL);
291 if (!rp)
292 return -ENOMEM;
293
eb55ef07
MH		 294 rp->num_commands = __constant_cpu_to_le16(num_commands);
295 rp->num_events = __constant_cpu_to_le16(num_events);
e70bb2e8
JH		 296
297 for (i = 0, opcode = rp->opcodes; i < num_commands; i++, opcode++)
298 put_unaligned_le16(mgmt_commands[i], opcode);
299
300 for (i = 0; i < num_events; i++, opcode++)
301 put_unaligned_le16(mgmt_events[i], opcode);
302
aee9b218 303 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_COMMANDS, 0, rp,
04124681 304 rp_size);
e70bb2e8
JH		 305 kfree(rp);
306
307 return err;
308}
309
04124681
GP		 310static int read_index_list(struct sock *sk, struct hci_dev *hdev, void *data,
311 u16 data_len)
faba42eb 312{
faba42eb 313 struct mgmt_rp_read_index_list *rp;
8035ded4 314 struct hci_dev *d;
a38528f1 315 size_t rp_len;
faba42eb 316 u16 count;
476e44cb 317 int err;
faba42eb
JH		 318
319 BT_DBG("sock %p", sk);
320
321 read_lock(&hci_dev_list_lock);
322
323 count = 0;
bb4b2a9a
AE		 324 list_for_each_entry(d, &hci_dev_list, list) {
325 if (!mgmt_valid_hdev(d))
326 continue;
327
faba42eb
JH		 328 count++;
329 }
330
a38528f1
JH		 331 rp_len = sizeof(*rp) + (2 * count);
332 rp = kmalloc(rp_len, GFP_ATOMIC);
333 if (!rp) {
b2c60d42 334 read_unlock(&hci_dev_list_lock);
faba42eb 335 return -ENOMEM;
b2c60d42 336 }
faba42eb 337
476e44cb 338 count = 0;
8035ded4 339 list_for_each_entry(d, &hci_dev_list, list) {
a8b2d5c2 340 if (test_bit(HCI_SETUP, &d->dev_flags))
ab81cbf9
JH		 341 continue;
342
0736cfa8
MH		 343 if (test_bit(HCI_USER_CHANNEL, &d->dev_flags))
344 continue;
345
bb4b2a9a
AE		 346 if (!mgmt_valid_hdev(d))
347 continue;
348
476e44cb 349 rp->index[count++] = cpu_to_le16(d->id);
faba42eb
JH		 350 BT_DBG("Added hci%u", d->id);
351 }
352
476e44cb
JH		 353 rp->num_controllers = cpu_to_le16(count);
354 rp_len = sizeof(*rp) + (2 * count);
355
faba42eb
JH		 356 read_unlock(&hci_dev_list_lock);
357
aee9b218 358 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_INDEX_LIST, 0, rp,
04124681 359 rp_len);
faba42eb 360
a38528f1
JH		 361 kfree(rp);
362
363 return err;
faba42eb
JH		 364}
365
69ab39ea
JH		 366static u32 get_supported_settings(struct hci_dev *hdev)
367{
368 u32 settings = 0;
369
370 settings |= MGMT_SETTING_POWERED;
69ab39ea
JH		 371 settings |= MGMT_SETTING_PAIRABLE;
372
9a1a1996 373 if (lmp_ssp_capable(hdev))
69ab39ea
JH		 374 settings |= MGMT_SETTING_SSP;
375
ed3fa31f 376 if (lmp_bredr_capable(hdev)) {
33c525c0 377 settings |= MGMT_SETTING_CONNECTABLE;
1a47aee8
JH		 378 if (hdev->hci_ver >= BLUETOOTH_VER_1_2)
379 settings |= MGMT_SETTING_FAST_CONNECTABLE;
33c525c0 380 settings |= MGMT_SETTING_DISCOVERABLE;
69ab39ea
JH		 381 settings |= MGMT_SETTING_BREDR;
382 settings |= MGMT_SETTING_LINK_SECURITY;
d7b7e796 383 settings |= MGMT_SETTING_HS;
848566b3 384 }
d7b7e796 385
eeca6f89 386 if (lmp_le_capable(hdev)) {
9d42820f 387 settings |= MGMT_SETTING_LE;
eeca6f89
JH		 388 settings |= MGMT_SETTING_ADVERTISING;
389 }
69ab39ea
JH		 390
391 return settings;
392}
393
394static u32 get_current_settings(struct hci_dev *hdev)
395{
396 u32 settings = 0;
397
f1f0eb02 398 if (hdev_is_powered(hdev))
f0d4b78a
MH		 399 settings |= MGMT_SETTING_POWERED;
400
5e5282bb 401 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
69ab39ea
JH		 402 settings |= MGMT_SETTING_CONNECTABLE;
403
1a4d3c4b
JH		 404 if (test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags))
405 settings |= MGMT_SETTING_FAST_CONNECTABLE;
406
5e5282bb 407 if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
69ab39ea
JH		 408 settings |= MGMT_SETTING_DISCOVERABLE;
409
a8b2d5c2 410 if (test_bit(HCI_PAIRABLE, &hdev->dev_flags))
69ab39ea
JH		 411 settings |= MGMT_SETTING_PAIRABLE;
412
56f87901 413 if (test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
69ab39ea
JH		 414 settings |= MGMT_SETTING_BREDR;
415
06199cf8 416 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
69ab39ea
JH		 417 settings |= MGMT_SETTING_LE;
418
47990ea0 419 if (test_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
69ab39ea
JH		 420 settings |= MGMT_SETTING_LINK_SECURITY;
421
84bde9d6 422 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
69ab39ea
JH		 423 settings |= MGMT_SETTING_SSP;
424
6d80dfd0
JH		 425 if (test_bit(HCI_HS_ENABLED, &hdev->dev_flags))
426 settings |= MGMT_SETTING_HS;
427
eeca6f89
JH		 428 if (test_bit(HCI_LE_PERIPHERAL, &hdev->dev_flags))
429 settings |= MGMT_SETTING_ADVERTISING;
430
69ab39ea
JH		 431 return settings;
432}
433
ef580372
JH		 434#define PNP_INFO_SVCLASS_ID 0x1200
435
213202ed
JH		 436static u8 *create_uuid16_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
437{
438 u8 *ptr = data, *uuids_start = NULL;
439 struct bt_uuid *uuid;
440
441 if (len < 4)
442 return ptr;
443
444 list_for_each_entry(uuid, &hdev->uuids, list) {
445 u16 uuid16;
446
447 if (uuid->size != 16)
448 continue;
449
450 uuid16 = get_unaligned_le16(&uuid->uuid[12]);
451 if (uuid16 < 0x1100)
452 continue;
453
454 if (uuid16 == PNP_INFO_SVCLASS_ID)
455 continue;
456
457 if (!uuids_start) {
458 uuids_start = ptr;
459 uuids_start[0] = 1;
460 uuids_start[1] = EIR_UUID16_ALL;
461 ptr += 2;
462 }
463
464 /* Stop if not enough space to put next UUID */
465 if ((ptr - data) + sizeof(u16) > len) {
466 uuids_start[1] = EIR_UUID16_SOME;
467 break;
468 }
469
470 *ptr++ = (uuid16 & 0x00ff);
471 *ptr++ = (uuid16 & 0xff00) >> 8;
472 uuids_start[0] += sizeof(uuid16);
473 }
474
475 return ptr;
476}
477
cdf1963f
JH		 478static u8 *create_uuid32_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
479{
480 u8 *ptr = data, *uuids_start = NULL;
481 struct bt_uuid *uuid;
482
483 if (len < 6)
484 return ptr;
485
486 list_for_each_entry(uuid, &hdev->uuids, list) {
487 if (uuid->size != 32)
488 continue;
489
490 if (!uuids_start) {
491 uuids_start = ptr;
492 uuids_start[0] = 1;
493 uuids_start[1] = EIR_UUID32_ALL;
494 ptr += 2;
495 }
496
497 /* Stop if not enough space to put next UUID */
498 if ((ptr - data) + sizeof(u32) > len) {
499 uuids_start[1] = EIR_UUID32_SOME;
500 break;
501 }
502
503 memcpy(ptr, &uuid->uuid[12], sizeof(u32));
504 ptr += sizeof(u32);
505 uuids_start[0] += sizeof(u32);
506 }
507
508 return ptr;
509}
510
c00d575b
JH		 511static u8 *create_uuid128_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
512{
513 u8 *ptr = data, *uuids_start = NULL;
514 struct bt_uuid *uuid;
515
516 if (len < 18)
517 return ptr;
518
519 list_for_each_entry(uuid, &hdev->uuids, list) {
520 if (uuid->size != 128)
521 continue;
522
523 if (!uuids_start) {
524 uuids_start = ptr;
525 uuids_start[0] = 1;
526 uuids_start[1] = EIR_UUID128_ALL;
527 ptr += 2;
528 }
529
530 /* Stop if not enough space to put next UUID */
531 if ((ptr - data) + 16 > len) {
532 uuids_start[1] = EIR_UUID128_SOME;
533 break;
534 }
535
536 memcpy(ptr, uuid->uuid, 16);
537 ptr += 16;
538 uuids_start[0] += 16;
539 }
540
541 return ptr;
542}
543
ef580372
JH		 544static void create_eir(struct hci_dev *hdev, u8 *data)
545{
546 u8 *ptr = data;
ef580372
JH		 547 size_t name_len;
548
549 name_len = strlen(hdev->dev_name);
550
551 if (name_len > 0) {
552 /* EIR Data type */
553 if (name_len > 48) {
554 name_len = 48;
555 ptr[1] = EIR_NAME_SHORT;
556 } else
557 ptr[1] = EIR_NAME_COMPLETE;
558
559 /* EIR Data length */
560 ptr[0] = name_len + 1;
561
562 memcpy(ptr + 2, hdev->dev_name, name_len);
563
ef580372
JH		 564 ptr += (name_len + 2);
565 }
566
bbaf444a 567 if (hdev->inq_tx_power != HCI_TX_POWER_INVALID) {
91c4e9b1
MH		 568 ptr[0] = 2;
569 ptr[1] = EIR_TX_POWER;
570 ptr[2] = (u8) hdev->inq_tx_power;
571
91c4e9b1
MH		 572 ptr += 3;
573 }
574
2b9be137
MH		 575 if (hdev->devid_source > 0) {
576 ptr[0] = 9;
577 ptr[1] = EIR_DEVICE_ID;
578
579 put_unaligned_le16(hdev->devid_source, ptr + 2);
580 put_unaligned_le16(hdev->devid_vendor, ptr + 4);
581 put_unaligned_le16(hdev->devid_product, ptr + 6);
582 put_unaligned_le16(hdev->devid_version, ptr + 8);
583
2b9be137
MH		 584 ptr += 10;
585 }
586
213202ed 587 ptr = create_uuid16_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
cdf1963f 588 ptr = create_uuid32_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
c00d575b 589 ptr = create_uuid128_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
ef580372
JH		 590}
591
890ea898 592static void update_eir(struct hci_request *req)
ef580372 593{
890ea898 594 struct hci_dev *hdev = req->hdev;
ef580372
JH		 595 struct hci_cp_write_eir cp;
596
504c8dcd 597 if (!hdev_is_powered(hdev))
890ea898 598 return;
7770c4aa 599
976eb20e 600 if (!lmp_ext_inq_capable(hdev))
890ea898 601 return;
ef580372 602
84bde9d6 603 if (!test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
890ea898 604 return;
ef580372 605
a8b2d5c2 606 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
890ea898 607 return;
ef580372
JH		 608
609 memset(&cp, 0, sizeof(cp));
610
611 create_eir(hdev, cp.data);
612
613 if (memcmp(cp.data, hdev->eir, sizeof(cp.data)) == 0)
890ea898 614 return;
ef580372
JH		 615
616 memcpy(hdev->eir, cp.data, sizeof(cp.data));
617
890ea898 618 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
ef580372
JH		 619}
620
621static u8 get_service_classes(struct hci_dev *hdev)
622{
623 struct bt_uuid *uuid;
624 u8 val = 0;
625
626 list_for_each_entry(uuid, &hdev->uuids, list)
627 val |= uuid->svc_hint;
628
629 return val;
630}
631
890ea898 632static void update_class(struct hci_request *req)
ef580372 633{
890ea898 634 struct hci_dev *hdev = req->hdev;
ef580372
JH		 635 u8 cod[3];
636
637 BT_DBG("%s", hdev->name);
638
504c8dcd 639 if (!hdev_is_powered(hdev))
890ea898 640 return;
7770c4aa 641
a8b2d5c2 642 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
890ea898 643 return;
ef580372
JH		 644
645 cod[0] = hdev->minor_class;
646 cod[1] = hdev->major_class;
647 cod[2] = get_service_classes(hdev);
648
649 if (memcmp(cod, hdev->dev_class, 3) == 0)
890ea898 650 return;
ef580372 651
890ea898 652 hci_req_add(req, HCI_OP_WRITE_CLASS_OF_DEV, sizeof(cod), cod);
ef580372
JH		 653}
654
7d78525d
JH		 655static void service_cache_off(struct work_struct *work)
656{
657 struct hci_dev *hdev = container_of(work, struct hci_dev,
04124681 658 service_cache.work);
890ea898 659 struct hci_request req;
7d78525d 660
a8b2d5c2 661 if (!test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
7d78525d
JH		 662 return;
663
890ea898
JH		 664 hci_req_init(&req, hdev);
665
7d78525d
JH		 666 hci_dev_lock(hdev);
667
890ea898
JH		 668 update_eir(&req);
669 update_class(&req);
7d78525d
JH		 670
671 hci_dev_unlock(hdev);
890ea898
JH		 672
673 hci_req_run(&req, NULL);
7d78525d
JH		 674}
675
6a919082 676static void mgmt_init_hdev(struct sock *sk, struct hci_dev *hdev)
7d78525d 677{
4f87da80 678 if (test_and_set_bit(HCI_MGMT, &hdev->dev_flags))
6a919082
JH		 679 return;
680
4f87da80 681 INIT_DELAYED_WORK(&hdev->service_cache, service_cache_off);
7d78525d 682
4f87da80
JH		 683 /* Non-mgmt controlled devices get this bit set
684 * implicitly so that pairing works for them, however
685 * for mgmt we require user-space to explicitly enable
686 * it
687 */
688 clear_bit(HCI_PAIRABLE, &hdev->dev_flags);
7d78525d
JH		 689}
690
0f4e68cf 691static int read_controller_info(struct sock *sk, struct hci_dev *hdev,
04124681 692 void *data, u16 data_len)
0381101f 693{
a38528f1 694 struct mgmt_rp_read_info rp;
f7b64e69 695
bdb6d971 696 BT_DBG("sock %p %s", sk, hdev->name);
f7b64e69 697
09fd0de5 698 hci_dev_lock(hdev);
f7b64e69 699
dc4fe30b
JH		 700 memset(&rp, 0, sizeof(rp));
701
69ab39ea 702 bacpy(&rp.bdaddr, &hdev->bdaddr);
f7b64e69 703
69ab39ea 704 rp.version = hdev->hci_ver;
eb55ef07 705 rp.manufacturer = cpu_to_le16(hdev->manufacturer);
69ab39ea
JH		 706
707 rp.supported_settings = cpu_to_le32(get_supported_settings(hdev));
708 rp.current_settings = cpu_to_le32(get_current_settings(hdev));
f7b64e69 709
a38528f1 710 memcpy(rp.dev_class, hdev->dev_class, 3);
f7b64e69 711
dc4fe30b 712 memcpy(rp.name, hdev->dev_name, sizeof(hdev->dev_name));
27fcc362 713 memcpy(rp.short_name, hdev->short_name, sizeof(hdev->short_name));
dc4fe30b 714
09fd0de5 715 hci_dev_unlock(hdev);
0381101f 716
bdb6d971 717 return cmd_complete(sk, hdev->id, MGMT_OP_READ_INFO, 0, &rp,
04124681 718 sizeof(rp));
0381101f
JH		 719}
720
eec8d2bc
JH		 721static void mgmt_pending_free(struct pending_cmd *cmd)
722{
723 sock_put(cmd->sk);
c68fb7ff 724 kfree(cmd->param);
eec8d2bc
JH		 725 kfree(cmd);
726}
727
366a0336 728static struct pending_cmd *mgmt_pending_add(struct sock *sk, u16 opcode,
04124681
GP		 729 struct hci_dev *hdev, void *data,
730 u16 len)
eec8d2bc
JH		 731{
732 struct pending_cmd *cmd;
733
12b94565 734 cmd = kmalloc(sizeof(*cmd), GFP_KERNEL);
eec8d2bc 735 if (!cmd)
366a0336 736 return NULL;
eec8d2bc
JH		 737
738 cmd->opcode = opcode;
2e58ef3e 739 cmd->index = hdev->id;
eec8d2bc 740
12b94565 741 cmd->param = kmalloc(len, GFP_KERNEL);
c68fb7ff 742 if (!cmd->param) {
eec8d2bc 743 kfree(cmd);
366a0336 744 return NULL;
eec8d2bc
JH		 745 }
746
8fce6357
SJ		 747 if (data)
748 memcpy(cmd->param, data, len);
eec8d2bc
JH		 749
750 cmd->sk = sk;
751 sock_hold(sk);
752
2e58ef3e 753 list_add(&cmd->list, &hdev->mgmt_pending);
eec8d2bc 754
366a0336 755 return cmd;
eec8d2bc
JH		 756}
757
744cf19e 758static void mgmt_pending_foreach(u16 opcode, struct hci_dev *hdev,
8fc9ced3
GP		 759 void (*cb)(struct pending_cmd *cmd,
760 void *data),
04124681 761 void *data)
eec8d2bc 762{
a3d09356 763 struct pending_cmd *cmd, *tmp;
eec8d2bc 764
a3d09356 765 list_for_each_entry_safe(cmd, tmp, &hdev->mgmt_pending, list) {
b24752fe 766 if (opcode > 0 && cmd->opcode != opcode)
eec8d2bc
JH		 767 continue;
768
eec8d2bc
JH		 769 cb(cmd, data);
770 }
771}
772
2e58ef3e 773static struct pending_cmd *mgmt_pending_find(u16 opcode, struct hci_dev *hdev)
eec8d2bc 774{
8035ded4 775 struct pending_cmd *cmd;
eec8d2bc 776
2e58ef3e 777 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
2aeabcbe
JH		 778 if (cmd->opcode == opcode)
779 return cmd;
eec8d2bc
JH		 780 }
781
782 return NULL;
783}
784
a664b5bc 785static void mgmt_pending_remove(struct pending_cmd *cmd)
73f22f62 786{
73f22f62
JH		 787 list_del(&cmd->list);
788 mgmt_pending_free(cmd);
789}
790
69ab39ea 791static int send_settings_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
8680570b 792{
69ab39ea 793 __le32 settings = cpu_to_le32(get_current_settings(hdev));
8680570b 794
aee9b218 795 return cmd_complete(sk, hdev->id, opcode, 0, &settings,
04124681 796 sizeof(settings));
8680570b
JH		 797}
798
bdb6d971 799static int set_powered(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 800 u16 len)
eec8d2bc 801{
650f726d 802 struct mgmt_mode *cp = data;
366a0336 803 struct pending_cmd *cmd;
4b34ee78 804 int err;
eec8d2bc 805
bdb6d971 806 BT_DBG("request for %s", hdev->name);
eec8d2bc 807
a7e80f25
JH		 808 if (cp->val != 0x00 && cp->val != 0x01)
809 return cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
810 MGMT_STATUS_INVALID_PARAMS);
811
09fd0de5 812 hci_dev_lock(hdev);
eec8d2bc 813
87b95ba6
JH		 814 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev)) {
815 err = cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
816 MGMT_STATUS_BUSY);
817 goto failed;
818 }
819
f0d4b78a
MH		 820 if (test_and_clear_bit(HCI_AUTO_OFF, &hdev->dev_flags)) {
821 cancel_delayed_work(&hdev->power_off);
822
823 if (cp->val) {
a1d70450
JH		 824 mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev,
825 data, len);
826 err = mgmt_powered(hdev, 1);
f0d4b78a
MH		 827 goto failed;
828 }
829 }
830
4b34ee78 831 if (!!cp->val == hdev_is_powered(hdev)) {
69ab39ea 832 err = send_settings_rsp(sk, MGMT_OP_SET_POWERED, hdev);
eec8d2bc
JH		 833 goto failed;
834 }
835
2e58ef3e 836 cmd = mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev, data, len);
366a0336
JH		 837 if (!cmd) {
838 err = -ENOMEM;
eec8d2bc 839 goto failed;
366a0336 840 }
eec8d2bc 841
72a734ec 842 if (cp->val)
19202573 843 queue_work(hdev->req_workqueue, &hdev->power_on);
eec8d2bc 844 else
19202573 845 queue_work(hdev->req_workqueue, &hdev->power_off.work);
eec8d2bc 846
366a0336 847 err = 0;
eec8d2bc
JH		 848
849failed:
09fd0de5 850 hci_dev_unlock(hdev);
366a0336 851 return err;
eec8d2bc
JH		 852}
853
04124681
GP		 854static int mgmt_event(u16 event, struct hci_dev *hdev, void *data, u16 data_len,
855 struct sock *skip_sk)
beadb2bd
JH		 856{
857 struct sk_buff *skb;
858 struct mgmt_hdr *hdr;
859
790eff44 860 skb = alloc_skb(sizeof(*hdr) + data_len, GFP_KERNEL);
beadb2bd
JH		 861 if (!skb)
862 return -ENOMEM;
863
864 hdr = (void *) skb_put(skb, sizeof(*hdr));
865 hdr->opcode = cpu_to_le16(event);
866 if (hdev)
867 hdr->index = cpu_to_le16(hdev->id);
868 else
612dfce9 869 hdr->index = __constant_cpu_to_le16(MGMT_INDEX_NONE);
beadb2bd
JH		 870 hdr->len = cpu_to_le16(data_len);
871
872 if (data)
873 memcpy(skb_put(skb, data_len), data, data_len);
874
97e0bdeb
MH		 875 /* Time stamp */
876 __net_timestamp(skb);
877
beadb2bd
JH		 878 hci_send_to_control(skb, skip_sk);
879 kfree_skb(skb);
880
881 return 0;
882}
883
884static int new_settings(struct hci_dev *hdev, struct sock *skip)
885{
886 __le32 ev;
887
888 ev = cpu_to_le32(get_current_settings(hdev));
889
890 return mgmt_event(MGMT_EV_NEW_SETTINGS, hdev, &ev, sizeof(ev), skip);
891}
892
bd99abdd
JH		 893struct cmd_lookup {
894 struct sock *sk;
895 struct hci_dev *hdev;
896 u8 mgmt_status;
897};
898
899static void settings_rsp(struct pending_cmd *cmd, void *data)
900{
901 struct cmd_lookup *match = data;
902
903 send_settings_rsp(cmd->sk, cmd->opcode, match->hdev);
904
905 list_del(&cmd->list);
906
907 if (match->sk == NULL) {
908 match->sk = cmd->sk;
909 sock_hold(match->sk);
910 }
911
912 mgmt_pending_free(cmd);
913}
914
915static void cmd_status_rsp(struct pending_cmd *cmd, void *data)
916{
917 u8 *status = data;
918
919 cmd_status(cmd->sk, cmd->index, cmd->opcode, *status);
920 mgmt_pending_remove(cmd);
921}
922
bdb6d971 923static int set_discoverable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 924 u16 len)
73f22f62 925{
650f726d 926 struct mgmt_cp_set_discoverable *cp = data;
366a0336 927 struct pending_cmd *cmd;
5e5282bb 928 u16 timeout;
73f22f62
JH		 929 u8 scan;
930 int err;
931
bdb6d971 932 BT_DBG("request for %s", hdev->name);
73f22f62 933
56f87901 934 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
33c525c0
JH		 935 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
936 MGMT_STATUS_NOT_SUPPORTED);
937
a7e80f25
JH		 938 if (cp->val != 0x00 && cp->val != 0x01)
939 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
940 MGMT_STATUS_INVALID_PARAMS);
941
1f350c87 942 timeout = __le16_to_cpu(cp->timeout);
24c54a90 943 if (!cp->val && timeout > 0)
bdb6d971 944 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 945 MGMT_STATUS_INVALID_PARAMS);
73f22f62 946
09fd0de5 947 hci_dev_lock(hdev);
73f22f62 948
5e5282bb 949 if (!hdev_is_powered(hdev) && timeout > 0) {
bdb6d971 950 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 951 MGMT_STATUS_NOT_POWERED);
73f22f62
JH		 952 goto failed;
953 }
954
2e58ef3e 955 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
8ce8e2b5 956 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
bdb6d971 957 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 958 MGMT_STATUS_BUSY);
73f22f62
JH		 959 goto failed;
960 }
961
5e5282bb 962 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags)) {
bdb6d971 963 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 964 MGMT_STATUS_REJECTED);
5e5282bb
JH		 965 goto failed;
966 }
967
968 if (!hdev_is_powered(hdev)) {
0224d2fa
JH		 969 bool changed = false;
970
971 if (!!cp->val != test_bit(HCI_DISCOVERABLE, &hdev->dev_flags)) {
972 change_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
973 changed = true;
974 }
975
5e5282bb 976 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
0224d2fa
JH		 977 if (err < 0)
978 goto failed;
979
980 if (changed)
981 err = new_settings(hdev, sk);
982
5e5282bb
JH		 983 goto failed;
984 }
985
986 if (!!cp->val == test_bit(HCI_DISCOVERABLE, &hdev->dev_flags)) {
955638ec
MH		 987 if (hdev->discov_timeout > 0) {
988 cancel_delayed_work(&hdev->discov_off);
989 hdev->discov_timeout = 0;
990 }
991
992 if (cp->val && timeout > 0) {
993 hdev->discov_timeout = timeout;
994 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
995 msecs_to_jiffies(hdev->discov_timeout * 1000));
996 }
997
69ab39ea 998 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
73f22f62
JH		 999 goto failed;
1000 }
1001
2e58ef3e 1002 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DISCOVERABLE, hdev, data, len);
366a0336
JH		 1003 if (!cmd) {
1004 err = -ENOMEM;
73f22f62 1005 goto failed;
366a0336 1006 }
73f22f62
JH		 1007
1008 scan = SCAN_PAGE;
1009
72a734ec 1010 if (cp->val)
73f22f62 1011 scan |= SCAN_INQUIRY;
16ab91ab 1012 else
e0f9309f 1013 cancel_delayed_work(&hdev->discov_off);
73f22f62
JH		 1014
1015 err = hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1016 if (err < 0)
a664b5bc 1017 mgmt_pending_remove(cmd);
73f22f62 1018
16ab91ab 1019 if (cp->val)
5e5282bb 1020 hdev->discov_timeout = timeout;
16ab91ab 1021
73f22f62 1022failed:
09fd0de5 1023 hci_dev_unlock(hdev);
73f22f62
JH		 1024 return err;
1025}
1026
406d7804
JH		 1027static void write_fast_connectable(struct hci_request *req, bool enable)
1028{
bd98b996 1029 struct hci_dev *hdev = req->hdev;
406d7804
JH		 1030 struct hci_cp_write_page_scan_activity acp;
1031 u8 type;
1032
4c01f8b8
JH		 1033 if (hdev->hci_ver < BLUETOOTH_VER_1_2)
1034 return;
1035
406d7804
JH		 1036 if (enable) {
1037 type = PAGE_SCAN_TYPE_INTERLACED;
1038
1039 /* 160 msec page scan interval */
1040 acp.interval = __constant_cpu_to_le16(0x0100);
1041 } else {
1042 type = PAGE_SCAN_TYPE_STANDARD; /* default */
1043
1044 /* default 1.28 sec page scan */
1045 acp.interval = __constant_cpu_to_le16(0x0800);
1046 }
1047
1048 acp.window = __constant_cpu_to_le16(0x0012);
1049
bd98b996
JH		 1050 if (__cpu_to_le16(hdev->page_scan_interval) != acp.interval ||
1051 __cpu_to_le16(hdev->page_scan_window) != acp.window)
1052 hci_req_add(req, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY,
1053 sizeof(acp), &acp);
1054
1055 if (hdev->page_scan_type != type)
1056 hci_req_add(req, HCI_OP_WRITE_PAGE_SCAN_TYPE, 1, &type);
406d7804
JH		 1057}
1058
2b76f453
JH		 1059static void set_connectable_complete(struct hci_dev *hdev, u8 status)
1060{
1061 struct pending_cmd *cmd;
1062
1063 BT_DBG("status 0x%02x", status);
1064
1065 hci_dev_lock(hdev);
1066
1067 cmd = mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
1068 if (!cmd)
1069 goto unlock;
1070
1071 send_settings_rsp(cmd->sk, MGMT_OP_SET_CONNECTABLE, hdev);
1072
1073 mgmt_pending_remove(cmd);
1074
1075unlock:
1076 hci_dev_unlock(hdev);
1077}
1078
bdb6d971 1079static int set_connectable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1080 u16 len)
9fbcbb45 1081{
650f726d 1082 struct mgmt_mode *cp = data;
366a0336 1083 struct pending_cmd *cmd;
2b76f453 1084 struct hci_request req;
9fbcbb45
JH		 1085 u8 scan;
1086 int err;
1087
bdb6d971 1088 BT_DBG("request for %s", hdev->name);
9fbcbb45 1089
56f87901 1090 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
33c525c0
JH		 1091 return cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1092 MGMT_STATUS_NOT_SUPPORTED);
1093
a7e80f25
JH		 1094 if (cp->val != 0x00 && cp->val != 0x01)
1095 return cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1096 MGMT_STATUS_INVALID_PARAMS);
1097
09fd0de5 1098 hci_dev_lock(hdev);
9fbcbb45 1099
4b34ee78 1100 if (!hdev_is_powered(hdev)) {
0224d2fa
JH		 1101 bool changed = false;
1102
1103 if (!!cp->val != test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
1104 changed = true;
1105
6bf0e469 1106 if (cp->val) {
5e5282bb 1107 set_bit(HCI_CONNECTABLE, &hdev->dev_flags);
6bf0e469 1108 } else {
5e5282bb
JH		 1109 clear_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1110 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
1111 }
0224d2fa 1112
5e5282bb 1113 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
0224d2fa
JH		 1114 if (err < 0)
1115 goto failed;
1116
1117 if (changed)
1118 err = new_settings(hdev, sk);
1119
9fbcbb45
JH		 1120 goto failed;
1121 }
1122
2e58ef3e 1123 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
8ce8e2b5 1124 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
bdb6d971 1125 err = cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
04124681 1126 MGMT_STATUS_BUSY);
9fbcbb45
JH		 1127 goto failed;
1128 }
1129
5e5282bb 1130 if (!!cp->val == test_bit(HCI_PSCAN, &hdev->flags)) {
69ab39ea 1131 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
9fbcbb45
JH		 1132 goto failed;
1133 }
1134
2e58ef3e 1135 cmd = mgmt_pending_add(sk, MGMT_OP_SET_CONNECTABLE, hdev, data, len);
366a0336
JH		 1136 if (!cmd) {
1137 err = -ENOMEM;
9fbcbb45 1138 goto failed;
366a0336 1139 }
9fbcbb45 1140
6bf0e469 1141 if (cp->val) {
9fbcbb45 1142 scan = SCAN_PAGE;
6bf0e469 1143 } else {
9fbcbb45
JH		 1144 scan = 0;
1145
df2c6c5e 1146 if (test_bit(HCI_ISCAN, &hdev->flags) &&
8ce8e2b5 1147 hdev->discov_timeout > 0)
df2c6c5e
JH		 1148 cancel_delayed_work(&hdev->discov_off);
1149 }
1150
2b76f453
JH		 1151 hci_req_init(&req, hdev);
1152
1153 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1154
4c01f8b8
JH		 1155 /* If we're going from non-connectable to connectable or
1156 * vice-versa when fast connectable is enabled ensure that fast
1157 * connectable gets disabled. write_fast_connectable won't do
1158 * anything if the page scan parameters are already what they
1159 * should be.
1160 */
1161 if (cp->val || test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags))
e36a3769
JH		 1162 write_fast_connectable(&req, false);
1163
2b76f453 1164 err = hci_req_run(&req, set_connectable_complete);
9fbcbb45 1165 if (err < 0)
a664b5bc 1166 mgmt_pending_remove(cmd);
9fbcbb45
JH		 1167
1168failed:
09fd0de5 1169 hci_dev_unlock(hdev);
9fbcbb45
JH		 1170 return err;
1171}
1172
bdb6d971 1173static int set_pairable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1174 u16 len)
c542a06c 1175{
650f726d 1176 struct mgmt_mode *cp = data;
c542a06c
JH		 1177 int err;
1178
bdb6d971 1179 BT_DBG("request for %s", hdev->name);
c542a06c 1180
a7e80f25
JH		 1181 if (cp->val != 0x00 && cp->val != 0x01)
1182 return cmd_status(sk, hdev->id, MGMT_OP_SET_PAIRABLE,
1183 MGMT_STATUS_INVALID_PARAMS);
1184
09fd0de5 1185 hci_dev_lock(hdev);
c542a06c
JH		 1186
1187 if (cp->val)
a8b2d5c2 1188 set_bit(HCI_PAIRABLE, &hdev->dev_flags);
c542a06c 1189 else
a8b2d5c2 1190 clear_bit(HCI_PAIRABLE, &hdev->dev_flags);
c542a06c 1191
69ab39ea 1192 err = send_settings_rsp(sk, MGMT_OP_SET_PAIRABLE, hdev);
c542a06c
JH		 1193 if (err < 0)
1194 goto failed;
1195
beadb2bd 1196 err = new_settings(hdev, sk);
c542a06c
JH		 1197
1198failed:
09fd0de5 1199 hci_dev_unlock(hdev);
c542a06c
JH		 1200 return err;
1201}
1202
04124681
GP		 1203static int set_link_security(struct sock *sk, struct hci_dev *hdev, void *data,
1204 u16 len)
33ef95ed
JH		 1205{
1206 struct mgmt_mode *cp = data;
1207 struct pending_cmd *cmd;
816a11d5 1208 u8 val;
33ef95ed
JH		 1209 int err;
1210
bdb6d971 1211 BT_DBG("request for %s", hdev->name);
33ef95ed 1212
56f87901 1213 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
33c525c0
JH		 1214 return cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1215 MGMT_STATUS_NOT_SUPPORTED);
1216
a7e80f25
JH		 1217 if (cp->val != 0x00 && cp->val != 0x01)
1218 return cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1219 MGMT_STATUS_INVALID_PARAMS);
1220
33ef95ed
JH		 1221 hci_dev_lock(hdev);
1222
4b34ee78 1223 if (!hdev_is_powered(hdev)) {
47990ea0
JH		 1224 bool changed = false;
1225
1226 if (!!cp->val != test_bit(HCI_LINK_SECURITY,
8ce8e2b5 1227 &hdev->dev_flags)) {
47990ea0
JH		 1228 change_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
1229 changed = true;
1230 }
1231
1232 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1233 if (err < 0)
1234 goto failed;
1235
1236 if (changed)
1237 err = new_settings(hdev, sk);
1238
33ef95ed
JH		 1239 goto failed;
1240 }
1241
1242 if (mgmt_pending_find(MGMT_OP_SET_LINK_SECURITY, hdev)) {
bdb6d971 1243 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
04124681 1244 MGMT_STATUS_BUSY);
33ef95ed
JH		 1245 goto failed;
1246 }
1247
1248 val = !!cp->val;
1249
1250 if (test_bit(HCI_AUTH, &hdev->flags) == val) {
1251 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1252 goto failed;
1253 }
1254
1255 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LINK_SECURITY, hdev, data, len);
1256 if (!cmd) {
1257 err = -ENOMEM;
1258 goto failed;
1259 }
1260
1261 err = hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE, sizeof(val), &val);
1262 if (err < 0) {
1263 mgmt_pending_remove(cmd);
1264 goto failed;
1265 }
1266
1267failed:
1268 hci_dev_unlock(hdev);
33ef95ed
JH		 1269 return err;
1270}
1271
bdb6d971 1272static int set_ssp(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
ed2c4ee3
JH		 1273{
1274 struct mgmt_mode *cp = data;
1275 struct pending_cmd *cmd;
816a11d5 1276 u8 val;
ed2c4ee3
JH		 1277 int err;
1278
bdb6d971 1279 BT_DBG("request for %s", hdev->name);
ed2c4ee3 1280
13ecd8b6
JH		 1281 if (!lmp_ssp_capable(hdev))
1282 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1283 MGMT_STATUS_NOT_SUPPORTED);
ed2c4ee3 1284
a7e80f25
JH		 1285 if (cp->val != 0x00 && cp->val != 0x01)
1286 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1287 MGMT_STATUS_INVALID_PARAMS);
1288
13ecd8b6 1289 hci_dev_lock(hdev);
6c8f12c1 1290
c0ecddc2
JH		 1291 val = !!cp->val;
1292
4b34ee78 1293 if (!hdev_is_powered(hdev)) {
c0ecddc2
JH		 1294 bool changed = false;
1295
1296 if (val != test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) {
1297 change_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
1298 changed = true;
1299 }
1300
1301 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1302 if (err < 0)
1303 goto failed;
1304
1305 if (changed)
1306 err = new_settings(hdev, sk);
1307
ed2c4ee3
JH		 1308 goto failed;
1309 }
1310
1311 if (mgmt_pending_find(MGMT_OP_SET_SSP, hdev)) {
d97dcb66
SJ		 1312 err = cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1313 MGMT_STATUS_BUSY);
ed2c4ee3
JH		 1314 goto failed;
1315 }
1316
ed2c4ee3
JH		 1317 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags) == val) {
1318 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1319 goto failed;
1320 }
1321
1322 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SSP, hdev, data, len);
1323 if (!cmd) {
1324 err = -ENOMEM;
1325 goto failed;
1326 }
1327
1328 err = hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, sizeof(val), &val);
1329 if (err < 0) {
1330 mgmt_pending_remove(cmd);
1331 goto failed;
1332 }
1333
1334failed:
1335 hci_dev_unlock(hdev);
ed2c4ee3
JH		 1336 return err;
1337}
1338
bdb6d971 1339static int set_hs(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
6d80dfd0
JH		 1340{
1341 struct mgmt_mode *cp = data;
ee392693
MH		 1342 bool changed;
1343 int err;
6d80dfd0 1344
bdb6d971 1345 BT_DBG("request for %s", hdev->name);
6d80dfd0 1346
56f87901 1347 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
bdb6d971 1348 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
04124681 1349 MGMT_STATUS_NOT_SUPPORTED);
6d80dfd0 1350
a7e80f25
JH		 1351 if (cp->val != 0x00 && cp->val != 0x01)
1352 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1353 MGMT_STATUS_INVALID_PARAMS);
1354
ee392693
MH		 1355 hci_dev_lock(hdev);
1356
a0cdf960 1357 if (cp->val) {
ee392693 1358 changed = !test_and_set_bit(HCI_HS_ENABLED, &hdev->dev_flags);
a0cdf960
MH		 1359 } else {
1360 if (hdev_is_powered(hdev)) {
1361 err = cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1362 MGMT_STATUS_REJECTED);
1363 goto unlock;
1364 }
1365
ee392693 1366 changed = test_and_clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
a0cdf960 1367 }
ee392693
MH		 1368
1369 err = send_settings_rsp(sk, MGMT_OP_SET_HS, hdev);
1370 if (err < 0)
1371 goto unlock;
1372
1373 if (changed)
1374 err = new_settings(hdev, sk);
6d80dfd0 1375
ee392693
MH		 1376unlock:
1377 hci_dev_unlock(hdev);
1378 return err;
6d80dfd0
JH		 1379}
1380
416a4ae5
JH		 1381static void le_enable_complete(struct hci_dev *hdev, u8 status)
1382{
1383 struct cmd_lookup match = { NULL, hdev };
1384
1385 if (status) {
1386 u8 mgmt_err = mgmt_status(status);
1387
1388 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, cmd_status_rsp,
1389 &mgmt_err);
1390 return;
1391 }
1392
1393 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, settings_rsp, &match);
1394
1395 new_settings(hdev, match.sk);
1396
1397 if (match.sk)
1398 sock_put(match.sk);
1399}
1400
bdb6d971 1401static int set_le(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
06199cf8
JH		 1402{
1403 struct mgmt_mode *cp = data;
1404 struct hci_cp_write_le_host_supported hci_cp;
1405 struct pending_cmd *cmd;
416a4ae5 1406 struct hci_request req;
06199cf8 1407 int err;
0b60eba1 1408 u8 val, enabled;
06199cf8 1409
bdb6d971 1410 BT_DBG("request for %s", hdev->name);
06199cf8 1411
13ecd8b6
JH		 1412 if (!lmp_le_capable(hdev))
1413 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1414 MGMT_STATUS_NOT_SUPPORTED);
1de028ce 1415
a7e80f25
JH		 1416 if (cp->val != 0x00 && cp->val != 0x01)
1417 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1418 MGMT_STATUS_INVALID_PARAMS);
1419
c73eee91 1420 /* LE-only devices do not allow toggling LE on/off */
56f87901 1421 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
c73eee91
JH		 1422 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1423 MGMT_STATUS_REJECTED);
1424
13ecd8b6 1425 hci_dev_lock(hdev);
06199cf8
JH		 1426
1427 val = !!cp->val;
ffa88e02 1428 enabled = lmp_host_le_capable(hdev);
06199cf8 1429
0b60eba1 1430 if (!hdev_is_powered(hdev) || val == enabled) {
06199cf8
JH		 1431 bool changed = false;
1432
1433 if (val != test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
1434 change_bit(HCI_LE_ENABLED, &hdev->dev_flags);
1435 changed = true;
1436 }
1437
eeca6f89
JH		 1438 if (!val && test_bit(HCI_LE_PERIPHERAL, &hdev->dev_flags)) {
1439 clear_bit(HCI_LE_PERIPHERAL, &hdev->dev_flags);
1440 changed = true;
1441 }
1442
06199cf8
JH		 1443 err = send_settings_rsp(sk, MGMT_OP_SET_LE, hdev);
1444 if (err < 0)
1de028ce 1445 goto unlock;
06199cf8
JH		 1446
1447 if (changed)
1448 err = new_settings(hdev, sk);
1449
1de028ce 1450 goto unlock;
06199cf8
JH		 1451 }
1452
4375f103
JH		 1453 if (mgmt_pending_find(MGMT_OP_SET_LE, hdev) ||
1454 mgmt_pending_find(MGMT_OP_SET_ADVERTISING, hdev)) {
bdb6d971 1455 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
04124681 1456 MGMT_STATUS_BUSY);
1de028ce 1457 goto unlock;
06199cf8
JH		 1458 }
1459
1460 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LE, hdev, data, len);
1461 if (!cmd) {
1462 err = -ENOMEM;
1de028ce 1463 goto unlock;
06199cf8
JH		 1464 }
1465
1466 memset(&hci_cp, 0, sizeof(hci_cp));
1467
1468 if (val) {
1469 hci_cp.le = val;
ffa88e02 1470 hci_cp.simul = lmp_le_br_capable(hdev);
06199cf8
JH		 1471 }
1472
416a4ae5
JH		 1473 hci_req_init(&req, hdev);
1474
eeca6f89
JH		 1475 if (test_bit(HCI_LE_PERIPHERAL, &hdev->dev_flags) && !val)
1476 hci_req_add(&req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(val), &val);
1477
416a4ae5
JH		 1478 hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(hci_cp),
1479 &hci_cp);
1480
1481 err = hci_req_run(&req, le_enable_complete);
0c01bc48 1482 if (err < 0)
06199cf8 1483 mgmt_pending_remove(cmd);
06199cf8 1484
1de028ce
JH		 1485unlock:
1486 hci_dev_unlock(hdev);
06199cf8
JH		 1487 return err;
1488}
1489
0cab9c80
JH		 1490/* This is a helper function to test for pending mgmt commands that can
1491 * cause CoD or EIR HCI commands. We can only allow one such pending
1492 * mgmt command at a time since otherwise we cannot easily track what
1493 * the current values are, will be, and based on that calculate if a new
1494 * HCI command needs to be sent and if yes with what value.
1495 */
1496static bool pending_eir_or_class(struct hci_dev *hdev)
1497{
1498 struct pending_cmd *cmd;
1499
1500 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
1501 switch (cmd->opcode) {
1502 case MGMT_OP_ADD_UUID:
1503 case MGMT_OP_REMOVE_UUID:
1504 case MGMT_OP_SET_DEV_CLASS:
1505 case MGMT_OP_SET_POWERED:
1506 return true;
1507 }
1508 }
1509
1510 return false;
1511}
1512
83be8eca
JH		 1513static const u8 bluetooth_base_uuid[] = {
1514 0xfb, 0x34, 0x9b, 0x5f, 0x80, 0x00, 0x00, 0x80,
1515 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1516};
1517
1518static u8 get_uuid_size(const u8 *uuid)
1519{
1520 u32 val;
1521
1522 if (memcmp(uuid, bluetooth_base_uuid, 12))
1523 return 128;
1524
1525 val = get_unaligned_le32(&uuid[12]);
1526 if (val > 0xffff)
1527 return 32;
1528
1529 return 16;
1530}
1531
92da6097
JH		 1532static void mgmt_class_complete(struct hci_dev *hdev, u16 mgmt_op, u8 status)
1533{
1534 struct pending_cmd *cmd;
1535
1536 hci_dev_lock(hdev);
1537
1538 cmd = mgmt_pending_find(mgmt_op, hdev);
1539 if (!cmd)
1540 goto unlock;
1541
1542 cmd_complete(cmd->sk, cmd->index, cmd->opcode, mgmt_status(status),
1543 hdev->dev_class, 3);
1544
1545 mgmt_pending_remove(cmd);
1546
1547unlock:
1548 hci_dev_unlock(hdev);
1549}
1550
1551static void add_uuid_complete(struct hci_dev *hdev, u8 status)
1552{
1553 BT_DBG("status 0x%02x", status);
1554
1555 mgmt_class_complete(hdev, MGMT_OP_ADD_UUID, status);
1556}
1557
bdb6d971 1558static int add_uuid(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
2aeb9a1a 1559{
650f726d 1560 struct mgmt_cp_add_uuid *cp = data;
90e70454 1561 struct pending_cmd *cmd;
890ea898 1562 struct hci_request req;
2aeb9a1a 1563 struct bt_uuid *uuid;
2aeb9a1a
JH		 1564 int err;
1565
bdb6d971 1566 BT_DBG("request for %s", hdev->name);
2aeb9a1a 1567
09fd0de5 1568 hci_dev_lock(hdev);
2aeb9a1a 1569
0cab9c80 1570 if (pending_eir_or_class(hdev)) {
bdb6d971 1571 err = cmd_status(sk, hdev->id, MGMT_OP_ADD_UUID,
04124681 1572 MGMT_STATUS_BUSY);
c95f0ba7
JH		 1573 goto failed;
1574 }
1575
92c4c204 1576 uuid = kmalloc(sizeof(*uuid), GFP_KERNEL);
2aeb9a1a
JH		 1577 if (!uuid) {
1578 err = -ENOMEM;
1579 goto failed;
1580 }
1581
1582 memcpy(uuid->uuid, cp->uuid, 16);
1aff6f09 1583 uuid->svc_hint = cp->svc_hint;
83be8eca 1584 uuid->size = get_uuid_size(cp->uuid);
2aeb9a1a 1585
de66aa63 1586 list_add_tail(&uuid->list, &hdev->uuids);
2aeb9a1a 1587
890ea898 1588 hci_req_init(&req, hdev);
1aff6f09 1589
890ea898
JH		 1590 update_class(&req);
1591 update_eir(&req);
1592
92da6097
JH		 1593 err = hci_req_run(&req, add_uuid_complete);
1594 if (err < 0) {
1595 if (err != -ENODATA)
1596 goto failed;
80a1e1db 1597
bdb6d971 1598 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_UUID, 0,
04124681 1599 hdev->dev_class, 3);
90e70454
JH		 1600 goto failed;
1601 }
1602
1603 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_UUID, hdev, data, len);
890ea898 1604 if (!cmd) {
90e70454 1605 err = -ENOMEM;
890ea898
JH		 1606 goto failed;
1607 }
1608
1609 err = 0;
2aeb9a1a
JH		 1610
1611failed:
09fd0de5 1612 hci_dev_unlock(hdev);
2aeb9a1a
JH		 1613 return err;
1614}
1615
24b78d0f
JH		 1616static bool enable_service_cache(struct hci_dev *hdev)
1617{
1618 if (!hdev_is_powered(hdev))
1619 return false;
1620
1621 if (!test_and_set_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
46818ed5
JH		 1622 queue_delayed_work(hdev->workqueue, &hdev->service_cache,
1623 CACHE_TIMEOUT);
24b78d0f
JH		 1624 return true;
1625 }
1626
1627 return false;
1628}
1629
92da6097
JH		 1630static void remove_uuid_complete(struct hci_dev *hdev, u8 status)
1631{
1632 BT_DBG("status 0x%02x", status);
1633
1634 mgmt_class_complete(hdev, MGMT_OP_REMOVE_UUID, status);
1635}
1636
bdb6d971 1637static int remove_uuid(struct sock *sk, struct hci_dev *hdev, void *data,
8ce8e2b5 1638 u16 len)
2aeb9a1a 1639{
650f726d 1640 struct mgmt_cp_remove_uuid *cp = data;
90e70454 1641 struct pending_cmd *cmd;
056341c8 1642 struct bt_uuid *match, *tmp;
2aeb9a1a 1643 u8 bt_uuid_any[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
890ea898 1644 struct hci_request req;
2aeb9a1a
JH		 1645 int err, found;
1646
bdb6d971 1647 BT_DBG("request for %s", hdev->name);
2aeb9a1a 1648
09fd0de5 1649 hci_dev_lock(hdev);
2aeb9a1a 1650
0cab9c80 1651 if (pending_eir_or_class(hdev)) {
bdb6d971 1652 err = cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
04124681 1653 MGMT_STATUS_BUSY);
c95f0ba7
JH		 1654 goto unlock;
1655 }
1656
2aeb9a1a
JH		 1657 if (memcmp(cp->uuid, bt_uuid_any, 16) == 0) {
1658 err = hci_uuids_clear(hdev);
4004b6d9 1659
24b78d0f 1660 if (enable_service_cache(hdev)) {
bdb6d971 1661 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID,
04124681 1662 0, hdev->dev_class, 3);
24b78d0f
JH		 1663 goto unlock;
1664 }
4004b6d9 1665
9246a869 1666 goto update_class;
2aeb9a1a
JH		 1667 }
1668
1669 found = 0;
1670
056341c8 1671 list_for_each_entry_safe(match, tmp, &hdev->uuids, list) {
2aeb9a1a
JH		 1672 if (memcmp(match->uuid, cp->uuid, 16) != 0)
1673 continue;
1674
1675 list_del(&match->list);
482049f7 1676 kfree(match);
2aeb9a1a
JH		 1677 found++;
1678 }
1679
1680 if (found == 0) {
bdb6d971 1681 err = cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
04124681 1682 MGMT_STATUS_INVALID_PARAMS);
2aeb9a1a
JH		 1683 goto unlock;
1684 }
1685
9246a869 1686update_class:
890ea898 1687 hci_req_init(&req, hdev);
1aff6f09 1688
890ea898
JH		 1689 update_class(&req);
1690 update_eir(&req);
1691
92da6097
JH		 1692 err = hci_req_run(&req, remove_uuid_complete);
1693 if (err < 0) {
1694 if (err != -ENODATA)
1695 goto unlock;
80a1e1db 1696
bdb6d971 1697 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID, 0,
04124681 1698 hdev->dev_class, 3);
90e70454
JH		 1699 goto unlock;
1700 }
1701
1702 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_UUID, hdev, data, len);
890ea898 1703 if (!cmd) {
90e70454 1704 err = -ENOMEM;
890ea898
JH		 1705 goto unlock;
1706 }
1707
1708 err = 0;
2aeb9a1a
JH		 1709
1710unlock:
09fd0de5 1711 hci_dev_unlock(hdev);
2aeb9a1a
JH		 1712 return err;
1713}
1714
92da6097
JH		 1715static void set_class_complete(struct hci_dev *hdev, u8 status)
1716{
1717 BT_DBG("status 0x%02x", status);
1718
1719 mgmt_class_complete(hdev, MGMT_OP_SET_DEV_CLASS, status);
1720}
1721
bdb6d971 1722static int set_dev_class(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1723 u16 len)
1aff6f09 1724{
650f726d 1725 struct mgmt_cp_set_dev_class *cp = data;
90e70454 1726 struct pending_cmd *cmd;
890ea898 1727 struct hci_request req;
1aff6f09
JH		 1728 int err;
1729
bdb6d971 1730 BT_DBG("request for %s", hdev->name);
1aff6f09 1731
56f87901 1732 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
13ecd8b6
JH		 1733 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
1734 MGMT_STATUS_NOT_SUPPORTED);
1aff6f09 1735
0cab9c80 1736 hci_dev_lock(hdev);
ee98f473 1737
0cab9c80
JH		 1738 if (pending_eir_or_class(hdev)) {
1739 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
1740 MGMT_STATUS_BUSY);
1741 goto unlock;
1742 }
c95f0ba7 1743
0cab9c80
JH		 1744 if ((cp->minor & 0x03) != 0 || (cp->major & 0xe0) != 0) {
1745 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
1746 MGMT_STATUS_INVALID_PARAMS);
1747 goto unlock;
1748 }
575b3a02 1749
932f5ff5
JH		 1750 hdev->major_class = cp->major;
1751 hdev->minor_class = cp->minor;
1752
b5235a65 1753 if (!hdev_is_powered(hdev)) {
bdb6d971 1754 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
04124681 1755 hdev->dev_class, 3);
b5235a65
JH		 1756 goto unlock;
1757 }
1758
890ea898
JH		 1759 hci_req_init(&req, hdev);
1760
a8b2d5c2 1761 if (test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
7d78525d
JH		 1762 hci_dev_unlock(hdev);
1763 cancel_delayed_work_sync(&hdev->service_cache);
1764 hci_dev_lock(hdev);
890ea898 1765 update_eir(&req);
7d78525d 1766 }
14c0b608 1767
890ea898
JH		 1768 update_class(&req);
1769
92da6097
JH		 1770 err = hci_req_run(&req, set_class_complete);
1771 if (err < 0) {
1772 if (err != -ENODATA)
1773 goto unlock;
1aff6f09 1774
bdb6d971 1775 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
04124681 1776 hdev->dev_class, 3);
90e70454
JH		 1777 goto unlock;
1778 }
1779
1780 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DEV_CLASS, hdev, data, len);
890ea898 1781 if (!cmd) {
90e70454 1782 err = -ENOMEM;
890ea898
JH		 1783 goto unlock;
1784 }
1785
1786 err = 0;
1aff6f09 1787
b5235a65 1788unlock:
09fd0de5 1789 hci_dev_unlock(hdev);
1aff6f09
JH		 1790 return err;
1791}
1792
bdb6d971 1793static int load_link_keys(struct sock *sk, struct hci_dev *hdev, void *data,
8ce8e2b5 1794 u16 len)
55ed8ca1 1795{
650f726d 1796 struct mgmt_cp_load_link_keys *cp = data;
4e51eae9 1797 u16 key_count, expected_len;
a492cd52 1798 int i;
55ed8ca1 1799
1f350c87 1800 key_count = __le16_to_cpu(cp->key_count);
55ed8ca1 1801
86742e1e
JH		 1802 expected_len = sizeof(*cp) + key_count *
1803 sizeof(struct mgmt_link_key_info);
a492cd52 1804 if (expected_len != len) {
86742e1e 1805 BT_ERR("load_link_keys: expected %u bytes, got %u bytes",
8ce8e2b5 1806 len, expected_len);
bdb6d971 1807 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
04124681 1808 MGMT_STATUS_INVALID_PARAMS);
55ed8ca1
JH		 1809 }
1810
4ae14301
JH		 1811 if (cp->debug_keys != 0x00 && cp->debug_keys != 0x01)
1812 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
1813 MGMT_STATUS_INVALID_PARAMS);
1814
bdb6d971 1815 BT_DBG("%s debug_keys %u key_count %u", hdev->name, cp->debug_keys,
8ce8e2b5 1816 key_count);
55ed8ca1 1817
4ee71b20
JH		 1818 for (i = 0; i < key_count; i++) {
1819 struct mgmt_link_key_info *key = &cp->keys[i];
1820
1821 if (key->addr.type != BDADDR_BREDR)
1822 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
1823 MGMT_STATUS_INVALID_PARAMS);
1824 }
1825
09fd0de5 1826 hci_dev_lock(hdev);
55ed8ca1
JH		 1827
1828 hci_link_keys_clear(hdev);
1829
55ed8ca1 1830 if (cp->debug_keys)
a8b2d5c2 1831 set_bit(HCI_DEBUG_KEYS, &hdev->dev_flags);
55ed8ca1 1832 else
a8b2d5c2 1833 clear_bit(HCI_DEBUG_KEYS, &hdev->dev_flags);
55ed8ca1 1834
a492cd52 1835 for (i = 0; i < key_count; i++) {
86742e1e 1836 struct mgmt_link_key_info *key = &cp->keys[i];
55ed8ca1 1837
d753fdc4 1838 hci_add_link_key(hdev, NULL, 0, &key->addr.bdaddr, key->val,
04124681 1839 key->type, key->pin_len);
55ed8ca1
JH		 1840 }
1841
bdb6d971 1842 cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS, 0, NULL, 0);
0e5f875a 1843
09fd0de5 1844 hci_dev_unlock(hdev);
55ed8ca1 1845
a492cd52 1846 return 0;
55ed8ca1
JH		 1847}
1848
b1078ad0 1849static int device_unpaired(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 1850 u8 addr_type, struct sock *skip_sk)
b1078ad0
JH		 1851{
1852 struct mgmt_ev_device_unpaired ev;
1853
1854 bacpy(&ev.addr.bdaddr, bdaddr);
1855 ev.addr.type = addr_type;
1856
1857 return mgmt_event(MGMT_EV_DEVICE_UNPAIRED, hdev, &ev, sizeof(ev),
04124681 1858 skip_sk);
b1078ad0
JH		 1859}
1860
bdb6d971 1861static int unpair_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1862 u16 len)
55ed8ca1 1863{
124f6e35
JH		 1864 struct mgmt_cp_unpair_device *cp = data;
1865 struct mgmt_rp_unpair_device rp;
a8a1d19e
JH		 1866 struct hci_cp_disconnect dc;
1867 struct pending_cmd *cmd;
55ed8ca1 1868 struct hci_conn *conn;
55ed8ca1
JH		 1869 int err;
1870
a8a1d19e 1871 memset(&rp, 0, sizeof(rp));
124f6e35
JH		 1872 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
1873 rp.addr.type = cp->addr.type;
a8a1d19e 1874
4ee71b20
JH		 1875 if (!bdaddr_type_is_valid(cp->addr.type))
1876 return cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
1877 MGMT_STATUS_INVALID_PARAMS,
1878 &rp, sizeof(rp));
1879
118da70b
JH		 1880 if (cp->disconnect != 0x00 && cp->disconnect != 0x01)
1881 return cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
1882 MGMT_STATUS_INVALID_PARAMS,
1883 &rp, sizeof(rp));
1884
4ee71b20
JH		 1885 hci_dev_lock(hdev);
1886
86a8cfc6 1887 if (!hdev_is_powered(hdev)) {
bdb6d971 1888 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
04124681 1889 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
86a8cfc6
JH		 1890 goto unlock;
1891 }
1892
591f47f3 1893 if (cp->addr.type == BDADDR_BREDR)
124f6e35
JH		 1894 err = hci_remove_link_key(hdev, &cp->addr.bdaddr);
1895 else
1896 err = hci_remove_ltk(hdev, &cp->addr.bdaddr);
b0dbfb46 1897
55ed8ca1 1898 if (err < 0) {
bdb6d971 1899 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
04124681 1900 MGMT_STATUS_NOT_PAIRED, &rp, sizeof(rp));
55ed8ca1
JH		 1901 goto unlock;
1902 }
1903
86a8cfc6 1904 if (cp->disconnect) {
591f47f3 1905 if (cp->addr.type == BDADDR_BREDR)
86a8cfc6 1906 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
8ce8e2b5 1907 &cp->addr.bdaddr);
86a8cfc6
JH		 1908 else
1909 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK,
8ce8e2b5 1910 &cp->addr.bdaddr);
86a8cfc6
JH		 1911 } else {
1912 conn = NULL;
1913 }
124f6e35 1914
a8a1d19e 1915 if (!conn) {
bdb6d971 1916 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE, 0,
04124681 1917 &rp, sizeof(rp));
b1078ad0 1918 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, sk);
a8a1d19e
JH		 1919 goto unlock;
1920 }
55ed8ca1 1921
124f6e35 1922 cmd = mgmt_pending_add(sk, MGMT_OP_UNPAIR_DEVICE, hdev, cp,
04124681 1923 sizeof(*cp));
a8a1d19e
JH		 1924 if (!cmd) {
1925 err = -ENOMEM;
1926 goto unlock;
55ed8ca1
JH		 1927 }
1928
eb55ef07 1929 dc.handle = cpu_to_le16(conn->handle);
a8a1d19e
JH		 1930 dc.reason = 0x13; /* Remote User Terminated Connection */
1931 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
1932 if (err < 0)
1933 mgmt_pending_remove(cmd);
1934
55ed8ca1 1935unlock:
09fd0de5 1936 hci_dev_unlock(hdev);
55ed8ca1
JH		 1937 return err;
1938}
1939
bdb6d971 1940static int disconnect(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1941 u16 len)
8962ee74 1942{
650f726d 1943 struct mgmt_cp_disconnect *cp = data;
06a63b19 1944 struct mgmt_rp_disconnect rp;
8962ee74 1945 struct hci_cp_disconnect dc;
366a0336 1946 struct pending_cmd *cmd;
8962ee74 1947 struct hci_conn *conn;
8962ee74
JH		 1948 int err;
1949
1950 BT_DBG("");
1951
06a63b19
JH		 1952 memset(&rp, 0, sizeof(rp));
1953 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
1954 rp.addr.type = cp->addr.type;
1955
4ee71b20 1956 if (!bdaddr_type_is_valid(cp->addr.type))
06a63b19
JH		 1957 return cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
1958 MGMT_STATUS_INVALID_PARAMS,
1959 &rp, sizeof(rp));
4ee71b20 1960
09fd0de5 1961 hci_dev_lock(hdev);
8962ee74
JH		 1962
1963 if (!test_bit(HCI_UP, &hdev->flags)) {
06a63b19
JH		 1964 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
1965 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
8962ee74
JH		 1966 goto failed;
1967 }
1968
2e58ef3e 1969 if (mgmt_pending_find(MGMT_OP_DISCONNECT, hdev)) {
06a63b19
JH		 1970 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
1971 MGMT_STATUS_BUSY, &rp, sizeof(rp));
8962ee74
JH		 1972 goto failed;
1973 }
1974
591f47f3 1975 if (cp->addr.type == BDADDR_BREDR)
8fc9ced3
GP		 1976 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
1977 &cp->addr.bdaddr);
88c3df13
JH		 1978 else
1979 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
365227e5 1980
f960727e 1981 if (!conn || conn->state == BT_OPEN || conn->state == BT_CLOSED) {
06a63b19
JH		 1982 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
1983 MGMT_STATUS_NOT_CONNECTED, &rp, sizeof(rp));
8962ee74
JH		 1984 goto failed;
1985 }
1986
2e58ef3e 1987 cmd = mgmt_pending_add(sk, MGMT_OP_DISCONNECT, hdev, data, len);
366a0336
JH		 1988 if (!cmd) {
1989 err = -ENOMEM;
8962ee74 1990 goto failed;
366a0336 1991 }
8962ee74 1992
eb55ef07 1993 dc.handle = cpu_to_le16(conn->handle);
3701f944 1994 dc.reason = HCI_ERROR_REMOTE_USER_TERM;
8962ee74
JH		 1995
1996 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
1997 if (err < 0)
a664b5bc 1998 mgmt_pending_remove(cmd);
8962ee74
JH		 1999
2000failed:
09fd0de5 2001 hci_dev_unlock(hdev);
8962ee74
JH		 2002 return err;
2003}
2004
57c1477c 2005static u8 link_to_bdaddr(u8 link_type, u8 addr_type)
4c659c39
JH		 2006{
2007 switch (link_type) {
2008 case LE_LINK:
48264f06
JH		 2009 switch (addr_type) {
2010 case ADDR_LE_DEV_PUBLIC:
591f47f3 2011 return BDADDR_LE_PUBLIC;
0ed09148 2012
48264f06 2013 default:
0ed09148 2014 /* Fallback to LE Random address type */
591f47f3 2015 return BDADDR_LE_RANDOM;
48264f06 2016 }
0ed09148 2017
4c659c39 2018 default:
0ed09148 2019 /* Fallback to BR/EDR type */
591f47f3 2020 return BDADDR_BREDR;
4c659c39
JH		 2021 }
2022}
2023
04124681
GP		 2024static int get_connections(struct sock *sk, struct hci_dev *hdev, void *data,
2025 u16 data_len)
2784eb41 2026{
2784eb41 2027 struct mgmt_rp_get_connections *rp;
8035ded4 2028 struct hci_conn *c;
a38528f1 2029 size_t rp_len;
60fc5fb6
JH		 2030 int err;
2031 u16 i;
2784eb41
JH		 2032
2033 BT_DBG("");
2034
09fd0de5 2035 hci_dev_lock(hdev);
2784eb41 2036
5f97c1df 2037 if (!hdev_is_powered(hdev)) {
bdb6d971 2038 err = cmd_status(sk, hdev->id, MGMT_OP_GET_CONNECTIONS,
04124681 2039 MGMT_STATUS_NOT_POWERED);
5f97c1df
JH		 2040 goto unlock;
2041 }
2042
60fc5fb6 2043 i = 0;
b644ba33
JH		 2044 list_for_each_entry(c, &hdev->conn_hash.list, list) {
2045 if (test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
60fc5fb6 2046 i++;
2784eb41
JH		 2047 }
2048
60fc5fb6 2049 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
92c4c204 2050 rp = kmalloc(rp_len, GFP_KERNEL);
a38528f1 2051 if (!rp) {
2784eb41
JH		 2052 err = -ENOMEM;
2053 goto unlock;
2054 }
2055
2784eb41 2056 i = 0;
4c659c39 2057 list_for_each_entry(c, &hdev->conn_hash.list, list) {
b644ba33
JH		 2058 if (!test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
2059 continue;
4c659c39 2060 bacpy(&rp->addr[i].bdaddr, &c->dst);
57c1477c 2061 rp->addr[i].type = link_to_bdaddr(c->type, c->dst_type);
0ed09148 2062 if (c->type == SCO_LINK || c->type == ESCO_LINK)
4c659c39
JH		 2063 continue;
2064 i++;
2065 }
2066
eb55ef07 2067 rp->conn_count = cpu_to_le16(i);
60fc5fb6 2068
4c659c39
JH		 2069 /* Recalculate length in case of filtered SCO connections, etc */
2070 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
2784eb41 2071
bdb6d971 2072 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CONNECTIONS, 0, rp,
04124681 2073 rp_len);
2784eb41 2074
a38528f1 2075 kfree(rp);
5f97c1df
JH		 2076
2077unlock:
09fd0de5 2078 hci_dev_unlock(hdev);
2784eb41
JH		 2079 return err;
2080}
2081
bdb6d971 2082static int send_pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 2083 struct mgmt_cp_pin_code_neg_reply *cp)
96d97a67
WR		 2084{
2085 struct pending_cmd *cmd;
2086 int err;
2087
2e58ef3e 2088 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_NEG_REPLY, hdev, cp,
04124681 2089 sizeof(*cp));
96d97a67
WR		 2090 if (!cmd)
2091 return -ENOMEM;
2092
d8457698 2093 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
04124681 2094 sizeof(cp->addr.bdaddr), &cp->addr.bdaddr);
96d97a67
WR		 2095 if (err < 0)
2096 mgmt_pending_remove(cmd);
2097
2098 return err;
2099}
2100
bdb6d971 2101static int pin_code_reply(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2102 u16 len)
980e1a53 2103{
96d97a67 2104 struct hci_conn *conn;
650f726d 2105 struct mgmt_cp_pin_code_reply *cp = data;
980e1a53 2106 struct hci_cp_pin_code_reply reply;
366a0336 2107 struct pending_cmd *cmd;
980e1a53
JH		 2108 int err;
2109
2110 BT_DBG("");
2111
09fd0de5 2112 hci_dev_lock(hdev);
980e1a53 2113
4b34ee78 2114 if (!hdev_is_powered(hdev)) {
bdb6d971 2115 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
04124681 2116 MGMT_STATUS_NOT_POWERED);
980e1a53
JH		 2117 goto failed;
2118 }
2119
d8457698 2120 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->addr.bdaddr);
96d97a67 2121 if (!conn) {
bdb6d971 2122 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
04124681 2123 MGMT_STATUS_NOT_CONNECTED);
96d97a67
WR		 2124 goto failed;
2125 }
2126
2127 if (conn->pending_sec_level == BT_SECURITY_HIGH && cp->pin_len != 16) {
d8457698
JH		 2128 struct mgmt_cp_pin_code_neg_reply ncp;
2129
2130 memcpy(&ncp.addr, &cp->addr, sizeof(ncp.addr));
96d97a67
WR		 2131
2132 BT_ERR("PIN code is not 16 bytes long");
2133
bdb6d971 2134 err = send_pin_code_neg_reply(sk, hdev, &ncp);
96d97a67 2135 if (err >= 0)
bdb6d971 2136 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
04124681 2137 MGMT_STATUS_INVALID_PARAMS);
96d97a67
WR		 2138
2139 goto failed;
2140 }
2141
00abfe44 2142 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_REPLY, hdev, data, len);
366a0336
JH		 2143 if (!cmd) {
2144 err = -ENOMEM;
980e1a53 2145 goto failed;
366a0336 2146 }
980e1a53 2147
d8457698 2148 bacpy(&reply.bdaddr, &cp->addr.bdaddr);
980e1a53 2149 reply.pin_len = cp->pin_len;
24718ca5 2150 memcpy(reply.pin_code, cp->pin_code, sizeof(reply.pin_code));
980e1a53
JH		 2151
2152 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_REPLY, sizeof(reply), &reply);
2153 if (err < 0)
a664b5bc 2154 mgmt_pending_remove(cmd);
980e1a53
JH		 2155
2156failed:
09fd0de5 2157 hci_dev_unlock(hdev);
980e1a53
JH		 2158 return err;
2159}
2160
04124681
GP		 2161static int set_io_capability(struct sock *sk, struct hci_dev *hdev, void *data,
2162 u16 len)
17fa4b9d 2163{
650f726d 2164 struct mgmt_cp_set_io_capability *cp = data;
17fa4b9d
JH		 2165
2166 BT_DBG("");
2167
09fd0de5 2168 hci_dev_lock(hdev);
17fa4b9d
JH		 2169
2170 hdev->io_capability = cp->io_capability;
2171
2172 BT_DBG("%s IO capability set to 0x%02x", hdev->name,
8ce8e2b5 2173 hdev->io_capability);
17fa4b9d 2174
09fd0de5 2175 hci_dev_unlock(hdev);
17fa4b9d 2176
04124681
GP		 2177 return cmd_complete(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY, 0, NULL,
2178 0);
17fa4b9d
JH		 2179}
2180
6039aa73 2181static struct pending_cmd *find_pairing(struct hci_conn *conn)
e9a416b5
JH		 2182{
2183 struct hci_dev *hdev = conn->hdev;
8035ded4 2184 struct pending_cmd *cmd;
e9a416b5 2185
2e58ef3e 2186 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
e9a416b5
JH		 2187 if (cmd->opcode != MGMT_OP_PAIR_DEVICE)
2188 continue;
2189
e9a416b5
JH		 2190 if (cmd->user_data != conn)
2191 continue;
2192
2193 return cmd;
2194 }
2195
2196 return NULL;
2197}
2198
2199static void pairing_complete(struct pending_cmd *cmd, u8 status)
2200{
2201 struct mgmt_rp_pair_device rp;
2202 struct hci_conn *conn = cmd->user_data;
2203
ba4e564f 2204 bacpy(&rp.addr.bdaddr, &conn->dst);
57c1477c 2205 rp.addr.type = link_to_bdaddr(conn->type, conn->dst_type);
e9a416b5 2206
aee9b218 2207 cmd_complete(cmd->sk, cmd->index, MGMT_OP_PAIR_DEVICE, status,
04124681 2208 &rp, sizeof(rp));
e9a416b5
JH		 2209
2210 /* So we don't get further callbacks for this connection */
2211 conn->connect_cfm_cb = NULL;
2212 conn->security_cfm_cb = NULL;
2213 conn->disconn_cfm_cb = NULL;
2214
76a68ba0 2215 hci_conn_drop(conn);
e9a416b5 2216
a664b5bc 2217 mgmt_pending_remove(cmd);
e9a416b5
JH		 2218}
2219
2220static void pairing_complete_cb(struct hci_conn *conn, u8 status)
2221{
2222 struct pending_cmd *cmd;
2223
2224 BT_DBG("status %u", status);
2225
2226 cmd = find_pairing(conn);
56e5cb86 2227 if (!cmd)
e9a416b5 2228 BT_DBG("Unable to find a pending command");
56e5cb86 2229 else
e211326c 2230 pairing_complete(cmd, mgmt_status(status));
e9a416b5
JH		 2231}
2232
4c47d739
VA		 2233static void le_connect_complete_cb(struct hci_conn *conn, u8 status)
2234{
2235 struct pending_cmd *cmd;
2236
2237 BT_DBG("status %u", status);
2238
2239 if (!status)
2240 return;
2241
2242 cmd = find_pairing(conn);
2243 if (!cmd)
2244 BT_DBG("Unable to find a pending command");
2245 else
2246 pairing_complete(cmd, mgmt_status(status));
2247}
2248
bdb6d971 2249static int pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2250 u16 len)
e9a416b5 2251{
650f726d 2252 struct mgmt_cp_pair_device *cp = data;
1425acb7 2253 struct mgmt_rp_pair_device rp;
e9a416b5
JH		 2254 struct pending_cmd *cmd;
2255 u8 sec_level, auth_type;
2256 struct hci_conn *conn;
e9a416b5
JH		 2257 int err;
2258
2259 BT_DBG("");
2260
f950a30e
SJ		 2261 memset(&rp, 0, sizeof(rp));
2262 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2263 rp.addr.type = cp->addr.type;
2264
4ee71b20
JH		 2265 if (!bdaddr_type_is_valid(cp->addr.type))
2266 return cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2267 MGMT_STATUS_INVALID_PARAMS,
2268 &rp, sizeof(rp));
2269
09fd0de5 2270 hci_dev_lock(hdev);
e9a416b5 2271
5f97c1df 2272 if (!hdev_is_powered(hdev)) {
f950a30e
SJ		 2273 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2274 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
5f97c1df
JH		 2275 goto unlock;
2276 }
2277
c908df36
VCG		 2278 sec_level = BT_SECURITY_MEDIUM;
2279 if (cp->io_cap == 0x03)
e9a416b5 2280 auth_type = HCI_AT_DEDICATED_BONDING;
c908df36 2281 else
e9a416b5 2282 auth_type = HCI_AT_DEDICATED_BONDING_MITM;
e9a416b5 2283
591f47f3 2284 if (cp->addr.type == BDADDR_BREDR)
b12f62cf
AG		 2285 conn = hci_connect(hdev, ACL_LINK, &cp->addr.bdaddr,
2286 cp->addr.type, sec_level, auth_type);
7a512d01 2287 else
b12f62cf
AG		 2288 conn = hci_connect(hdev, LE_LINK, &cp->addr.bdaddr,
2289 cp->addr.type, sec_level, auth_type);
7a512d01 2290
30e76272 2291 if (IS_ERR(conn)) {
489dc48e
AK		 2292 int status;
2293
2294 if (PTR_ERR(conn) == -EBUSY)
2295 status = MGMT_STATUS_BUSY;
2296 else
2297 status = MGMT_STATUS_CONNECT_FAILED;
2298
bdb6d971 2299 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
489dc48e 2300 status, &rp,
04124681 2301 sizeof(rp));
e9a416b5
JH		 2302 goto unlock;
2303 }
2304
2305 if (conn->connect_cfm_cb) {
76a68ba0 2306 hci_conn_drop(conn);
bdb6d971 2307 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
04124681 2308 MGMT_STATUS_BUSY, &rp, sizeof(rp));
e9a416b5
JH		 2309 goto unlock;
2310 }
2311
2e58ef3e 2312 cmd = mgmt_pending_add(sk, MGMT_OP_PAIR_DEVICE, hdev, data, len);
e9a416b5
JH		 2313 if (!cmd) {
2314 err = -ENOMEM;
76a68ba0 2315 hci_conn_drop(conn);
e9a416b5
JH		 2316 goto unlock;
2317 }
2318
7a512d01 2319 /* For LE, just connecting isn't a proof that the pairing finished */
591f47f3 2320 if (cp->addr.type == BDADDR_BREDR)
7a512d01 2321 conn->connect_cfm_cb = pairing_complete_cb;
4c47d739
VA		 2322 else
2323 conn->connect_cfm_cb = le_connect_complete_cb;
7a512d01 2324
e9a416b5
JH		 2325 conn->security_cfm_cb = pairing_complete_cb;
2326 conn->disconn_cfm_cb = pairing_complete_cb;
2327 conn->io_capability = cp->io_cap;
2328 cmd->user_data = conn;
2329
2330 if (conn->state == BT_CONNECTED &&
8ce8e2b5 2331 hci_conn_security(conn, sec_level, auth_type))
e9a416b5
JH		 2332 pairing_complete(cmd, 0);
2333
2334 err = 0;
2335
2336unlock:
09fd0de5 2337 hci_dev_unlock(hdev);
e9a416b5
JH		 2338 return err;
2339}
2340
04124681
GP		 2341static int cancel_pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
2342 u16 len)
28424707 2343{
0f4e68cf 2344 struct mgmt_addr_info *addr = data;
28424707
JH		 2345 struct pending_cmd *cmd;
2346 struct hci_conn *conn;
2347 int err;
2348
2349 BT_DBG("");
2350
28424707
JH		 2351 hci_dev_lock(hdev);
2352
5f97c1df 2353 if (!hdev_is_powered(hdev)) {
bdb6d971 2354 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
04124681 2355 MGMT_STATUS_NOT_POWERED);
5f97c1df
JH		 2356 goto unlock;
2357 }
2358
28424707
JH		 2359 cmd = mgmt_pending_find(MGMT_OP_PAIR_DEVICE, hdev);
2360 if (!cmd) {
bdb6d971 2361 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
04124681 2362 MGMT_STATUS_INVALID_PARAMS);
28424707
JH		 2363 goto unlock;
2364 }
2365
2366 conn = cmd->user_data;
2367
2368 if (bacmp(&addr->bdaddr, &conn->dst) != 0) {
bdb6d971 2369 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
04124681 2370 MGMT_STATUS_INVALID_PARAMS);
28424707
JH		 2371 goto unlock;
2372 }
2373
2374 pairing_complete(cmd, MGMT_STATUS_CANCELLED);
2375
bdb6d971 2376 err = cmd_complete(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE, 0,
04124681 2377 addr, sizeof(*addr));
28424707
JH		 2378unlock:
2379 hci_dev_unlock(hdev);
28424707
JH		 2380 return err;
2381}
2382
bdb6d971 2383static int user_pairing_resp(struct sock *sk, struct hci_dev *hdev,
1707c60e 2384 struct mgmt_addr_info *addr, u16 mgmt_op,
04124681 2385 u16 hci_op, __le32 passkey)
a5c29683 2386{
a5c29683 2387 struct pending_cmd *cmd;
0df4c185 2388 struct hci_conn *conn;
a5c29683
JH		 2389 int err;
2390
09fd0de5 2391 hci_dev_lock(hdev);
08ba5382 2392
4b34ee78 2393 if (!hdev_is_powered(hdev)) {
feb94d3d
JH		 2394 err = cmd_complete(sk, hdev->id, mgmt_op,
2395 MGMT_STATUS_NOT_POWERED, addr,
2396 sizeof(*addr));
0df4c185 2397 goto done;
a5c29683
JH		 2398 }
2399
1707c60e
JH		 2400 if (addr->type == BDADDR_BREDR)
2401 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &addr->bdaddr);
272d90df 2402 else
1707c60e 2403 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &addr->bdaddr);
272d90df
JH		 2404
2405 if (!conn) {
feb94d3d
JH		 2406 err = cmd_complete(sk, hdev->id, mgmt_op,
2407 MGMT_STATUS_NOT_CONNECTED, addr,
2408 sizeof(*addr));
272d90df
JH		 2409 goto done;
2410 }
47c15e2b 2411
1707c60e 2412 if (addr->type == BDADDR_LE_PUBLIC || addr->type == BDADDR_LE_RANDOM) {
47c15e2b 2413 /* Continue with pairing via SMP */
5fe57d9e
BG		 2414 err = smp_user_confirm_reply(conn, mgmt_op, passkey);
2415
2416 if (!err)
feb94d3d
JH		 2417 err = cmd_complete(sk, hdev->id, mgmt_op,
2418 MGMT_STATUS_SUCCESS, addr,
2419 sizeof(*addr));
5fe57d9e 2420 else
feb94d3d
JH		 2421 err = cmd_complete(sk, hdev->id, mgmt_op,
2422 MGMT_STATUS_FAILED, addr,
2423 sizeof(*addr));
47c15e2b 2424
47c15e2b
BG		 2425 goto done;
2426 }
2427
1707c60e 2428 cmd = mgmt_pending_add(sk, mgmt_op, hdev, addr, sizeof(*addr));
a5c29683
JH		 2429 if (!cmd) {
2430 err = -ENOMEM;
0df4c185 2431 goto done;
a5c29683
JH		 2432 }
2433
0df4c185 2434 /* Continue with pairing via HCI */
604086b7
BG		 2435 if (hci_op == HCI_OP_USER_PASSKEY_REPLY) {
2436 struct hci_cp_user_passkey_reply cp;
2437
1707c60e 2438 bacpy(&cp.bdaddr, &addr->bdaddr);
604086b7
BG		 2439 cp.passkey = passkey;
2440 err = hci_send_cmd(hdev, hci_op, sizeof(cp), &cp);
2441 } else
1707c60e
JH		 2442 err = hci_send_cmd(hdev, hci_op, sizeof(addr->bdaddr),
2443 &addr->bdaddr);
604086b7 2444
a664b5bc
JH		 2445 if (err < 0)
2446 mgmt_pending_remove(cmd);
a5c29683 2447
0df4c185 2448done:
09fd0de5 2449 hci_dev_unlock(hdev);
a5c29683
JH		 2450 return err;
2451}
2452
afeb019d
JK		 2453static int pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
2454 void *data, u16 len)
2455{
2456 struct mgmt_cp_pin_code_neg_reply *cp = data;
2457
2458 BT_DBG("");
2459
1707c60e 2460 return user_pairing_resp(sk, hdev, &cp->addr,
afeb019d
JK		 2461 MGMT_OP_PIN_CODE_NEG_REPLY,
2462 HCI_OP_PIN_CODE_NEG_REPLY, 0);
2463}
2464
04124681
GP		 2465static int user_confirm_reply(struct sock *sk, struct hci_dev *hdev, void *data,
2466 u16 len)
0df4c185 2467{
650f726d 2468 struct mgmt_cp_user_confirm_reply *cp = data;
0df4c185
BG		 2469
2470 BT_DBG("");
2471
2472 if (len != sizeof(*cp))
bdb6d971 2473 return cmd_status(sk, hdev->id, MGMT_OP_USER_CONFIRM_REPLY,
04124681 2474 MGMT_STATUS_INVALID_PARAMS);
0df4c185 2475
1707c60e 2476 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 2477 MGMT_OP_USER_CONFIRM_REPLY,
2478 HCI_OP_USER_CONFIRM_REPLY, 0);
0df4c185
BG		 2479}
2480
bdb6d971 2481static int user_confirm_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 2482 void *data, u16 len)
0df4c185 2483{
c9c2659f 2484 struct mgmt_cp_user_confirm_neg_reply *cp = data;
0df4c185
BG		 2485
2486 BT_DBG("");
2487
1707c60e 2488 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 2489 MGMT_OP_USER_CONFIRM_NEG_REPLY,
2490 HCI_OP_USER_CONFIRM_NEG_REPLY, 0);
0df4c185
BG		 2491}
2492
04124681
GP		 2493static int user_passkey_reply(struct sock *sk, struct hci_dev *hdev, void *data,
2494 u16 len)
604086b7 2495{
650f726d 2496 struct mgmt_cp_user_passkey_reply *cp = data;
604086b7
BG		 2497
2498 BT_DBG("");
2499
1707c60e 2500 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 2501 MGMT_OP_USER_PASSKEY_REPLY,
2502 HCI_OP_USER_PASSKEY_REPLY, cp->passkey);
604086b7
BG		 2503}
2504
bdb6d971 2505static int user_passkey_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 2506 void *data, u16 len)
604086b7 2507{
650f726d 2508 struct mgmt_cp_user_passkey_neg_reply *cp = data;
604086b7
BG		 2509
2510 BT_DBG("");
2511
1707c60e 2512 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 2513 MGMT_OP_USER_PASSKEY_NEG_REPLY,
2514 HCI_OP_USER_PASSKEY_NEG_REPLY, 0);
604086b7
BG		 2515}
2516
13928971 2517static void update_name(struct hci_request *req)
2b4bf397 2518{
13928971 2519 struct hci_dev *hdev = req->hdev;
2b4bf397
JH		 2520 struct hci_cp_write_local_name cp;
2521
13928971 2522 memcpy(cp.name, hdev->dev_name, sizeof(cp.name));
2b4bf397 2523
890ea898 2524 hci_req_add(req, HCI_OP_WRITE_LOCAL_NAME, sizeof(cp), &cp);
2b4bf397
JH		 2525}
2526
13928971
JH		 2527static void set_name_complete(struct hci_dev *hdev, u8 status)
2528{
2529 struct mgmt_cp_set_local_name *cp;
2530 struct pending_cmd *cmd;
2531
2532 BT_DBG("status 0x%02x", status);
2533
2534 hci_dev_lock(hdev);
2535
2536 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
2537 if (!cmd)
2538 goto unlock;
2539
2540 cp = cmd->param;
2541
2542 if (status)
2543 cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME,
2544 mgmt_status(status));
2545 else
2546 cmd_complete(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
2547 cp, sizeof(*cp));
2548
2549 mgmt_pending_remove(cmd);
2550
2551unlock:
2552 hci_dev_unlock(hdev);
2553}
2554
bdb6d971 2555static int set_local_name(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2556 u16 len)
b312b161 2557{
2b4bf397 2558 struct mgmt_cp_set_local_name *cp = data;
b312b161 2559 struct pending_cmd *cmd;
890ea898 2560 struct hci_request req;
b312b161
JH		 2561 int err;
2562
2563 BT_DBG("");
2564
09fd0de5 2565 hci_dev_lock(hdev);
b312b161 2566
b3f2ca94
JH		 2567 /* If the old values are the same as the new ones just return a
2568 * direct command complete event.
2569 */
2570 if (!memcmp(hdev->dev_name, cp->name, sizeof(hdev->dev_name)) &&
2571 !memcmp(hdev->short_name, cp->short_name,
2572 sizeof(hdev->short_name))) {
2573 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
2574 data, len);
2575 goto failed;
2576 }
2577
2b4bf397 2578 memcpy(hdev->short_name, cp->short_name, sizeof(hdev->short_name));
28cc7bde 2579
b5235a65 2580 if (!hdev_is_powered(hdev)) {
2b4bf397 2581 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
28cc7bde
JH		 2582
2583 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
04124681 2584 data, len);
28cc7bde
JH		 2585 if (err < 0)
2586 goto failed;
2587
2588 err = mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, data, len,
04124681 2589 sk);
28cc7bde 2590
b5235a65
JH		 2591 goto failed;
2592 }
2593
28cc7bde 2594 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LOCAL_NAME, hdev, data, len);
b312b161
JH		 2595 if (!cmd) {
2596 err = -ENOMEM;
2597 goto failed;
2598 }
2599
13928971
JH		 2600 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
2601
890ea898 2602 hci_req_init(&req, hdev);
3f985050
JH		 2603
2604 if (lmp_bredr_capable(hdev)) {
2605 update_name(&req);
2606 update_eir(&req);
2607 }
2608
2609 if (lmp_le_capable(hdev))
2610 hci_update_ad(&req);
2611
13928971 2612 err = hci_req_run(&req, set_name_complete);
b312b161
JH		 2613 if (err < 0)
2614 mgmt_pending_remove(cmd);
2615
2616failed:
09fd0de5 2617 hci_dev_unlock(hdev);
b312b161
JH		 2618 return err;
2619}
2620
0f4e68cf 2621static int read_local_oob_data(struct sock *sk, struct hci_dev *hdev,
04124681 2622 void *data, u16 data_len)
c35938b2 2623{
c35938b2
SJ		 2624 struct pending_cmd *cmd;
2625 int err;
2626
bdb6d971 2627 BT_DBG("%s", hdev->name);
c35938b2 2628
09fd0de5 2629 hci_dev_lock(hdev);
c35938b2 2630
4b34ee78 2631 if (!hdev_is_powered(hdev)) {
bdb6d971 2632 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
04124681 2633 MGMT_STATUS_NOT_POWERED);
c35938b2
SJ		 2634 goto unlock;
2635 }
2636
9a1a1996 2637 if (!lmp_ssp_capable(hdev)) {
bdb6d971 2638 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
04124681 2639 MGMT_STATUS_NOT_SUPPORTED);
c35938b2
SJ		 2640 goto unlock;
2641 }
2642
2e58ef3e 2643 if (mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev)) {
bdb6d971 2644 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
04124681 2645 MGMT_STATUS_BUSY);
c35938b2
SJ		 2646 goto unlock;
2647 }
2648
2e58ef3e 2649 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_DATA, hdev, NULL, 0);
c35938b2
SJ		 2650 if (!cmd) {
2651 err = -ENOMEM;
2652 goto unlock;
2653 }
2654
2655 err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL);
2656 if (err < 0)
2657 mgmt_pending_remove(cmd);
2658
2659unlock:
09fd0de5 2660 hci_dev_unlock(hdev);
c35938b2
SJ		 2661 return err;
2662}
2663
bdb6d971 2664static int add_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
04124681 2665 void *data, u16 len)
2763eda6 2666{
650f726d 2667 struct mgmt_cp_add_remote_oob_data *cp = data;
bf1e3541 2668 u8 status;
2763eda6
SJ		 2669 int err;
2670
bdb6d971 2671 BT_DBG("%s ", hdev->name);
2763eda6 2672
09fd0de5 2673 hci_dev_lock(hdev);
2763eda6 2674
664ce4cc 2675 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr, cp->hash,
04124681 2676 cp->randomizer);
2763eda6 2677 if (err < 0)
bf1e3541 2678 status = MGMT_STATUS_FAILED;
2763eda6 2679 else
a6785be2 2680 status = MGMT_STATUS_SUCCESS;
bf1e3541 2681
bdb6d971 2682 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA, status,
04124681 2683 &cp->addr, sizeof(cp->addr));
2763eda6 2684
09fd0de5 2685 hci_dev_unlock(hdev);
2763eda6
SJ		 2686 return err;
2687}
2688
bdb6d971 2689static int remove_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
8ce8e2b5 2690 void *data, u16 len)
2763eda6 2691{
650f726d 2692 struct mgmt_cp_remove_remote_oob_data *cp = data;
bf1e3541 2693 u8 status;
2763eda6
SJ		 2694 int err;
2695
bdb6d971 2696 BT_DBG("%s", hdev->name);
2763eda6 2697
09fd0de5 2698 hci_dev_lock(hdev);
2763eda6 2699
664ce4cc 2700 err = hci_remove_remote_oob_data(hdev, &cp->addr.bdaddr);
2763eda6 2701 if (err < 0)
bf1e3541 2702 status = MGMT_STATUS_INVALID_PARAMS;
2763eda6 2703 else
a6785be2 2704 status = MGMT_STATUS_SUCCESS;
bf1e3541 2705
bdb6d971 2706 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
04124681 2707 status, &cp->addr, sizeof(cp->addr));
2763eda6 2708
09fd0de5 2709 hci_dev_unlock(hdev);
2763eda6
SJ		 2710 return err;
2711}
2712
41dc2bd6
AG		 2713static int mgmt_start_discovery_failed(struct hci_dev *hdev, u8 status)
2714{
2715 struct pending_cmd *cmd;
2716 u8 type;
2717 int err;
2718
2719 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
2720
2721 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
2722 if (!cmd)
2723 return -ENOENT;
2724
2725 type = hdev->discovery.type;
2726
2727 err = cmd_complete(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status),
2728 &type, sizeof(type));
2729 mgmt_pending_remove(cmd);
2730
2731 return err;
2732}
2733
7c307720
AG		 2734static void start_discovery_complete(struct hci_dev *hdev, u8 status)
2735{
2736 BT_DBG("status %d", status);
2737
2738 if (status) {
2739 hci_dev_lock(hdev);
2740 mgmt_start_discovery_failed(hdev, status);
2741 hci_dev_unlock(hdev);
2742 return;
2743 }
2744
2745 hci_dev_lock(hdev);
2746 hci_discovery_set_state(hdev, DISCOVERY_FINDING);
2747 hci_dev_unlock(hdev);
2748
2749 switch (hdev->discovery.type) {
2750 case DISCOV_TYPE_LE:
2751 queue_delayed_work(hdev->workqueue, &hdev->le_scan_disable,
0d8cc935 2752 DISCOV_LE_TIMEOUT);
7c307720
AG		 2753 break;
2754
2755 case DISCOV_TYPE_INTERLEAVED:
2756 queue_delayed_work(hdev->workqueue, &hdev->le_scan_disable,
0d8cc935 2757 DISCOV_INTERLEAVED_TIMEOUT);
7c307720
AG		 2758 break;
2759
2760 case DISCOV_TYPE_BREDR:
2761 break;
2762
2763 default:
2764 BT_ERR("Invalid discovery type %d", hdev->discovery.type);
2765 }
2766}
2767
bdb6d971 2768static int start_discovery(struct sock *sk, struct hci_dev *hdev,
04124681 2769 void *data, u16 len)
14a53664 2770{
650f726d 2771 struct mgmt_cp_start_discovery *cp = data;
14a53664 2772 struct pending_cmd *cmd;
7c307720
AG		 2773 struct hci_cp_le_set_scan_param param_cp;
2774 struct hci_cp_le_set_scan_enable enable_cp;
2775 struct hci_cp_inquiry inq_cp;
2776 struct hci_request req;
2777 /* General inquiry access code (GIAC) */
2778 u8 lap[3] = { 0x33, 0x8b, 0x9e };
14a53664
JH		 2779 int err;
2780
bdb6d971 2781 BT_DBG("%s", hdev->name);
14a53664 2782
09fd0de5 2783 hci_dev_lock(hdev);
14a53664 2784
4b34ee78 2785 if (!hdev_is_powered(hdev)) {
bdb6d971 2786 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
04124681 2787 MGMT_STATUS_NOT_POWERED);
bd2d1334
JH		 2788 goto failed;
2789 }
2790
642be6c7
AG		 2791 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags)) {
2792 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2793 MGMT_STATUS_BUSY);
2794 goto failed;
2795 }
2796
ff9ef578 2797 if (hdev->discovery.state != DISCOVERY_STOPPED) {
bdb6d971 2798 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
04124681 2799 MGMT_STATUS_BUSY);
ff9ef578
JH		 2800 goto failed;
2801 }
2802
2e58ef3e 2803 cmd = mgmt_pending_add(sk, MGMT_OP_START_DISCOVERY, hdev, NULL, 0);
14a53664
JH		 2804 if (!cmd) {
2805 err = -ENOMEM;
2806 goto failed;
2807 }
2808
4aab14e5
AG		 2809 hdev->discovery.type = cp->type;
2810
7c307720
AG		 2811 hci_req_init(&req, hdev);
2812
4aab14e5 2813 switch (hdev->discovery.type) {
f39799f5 2814 case DISCOV_TYPE_BREDR:
56f87901 2815 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
04106755
JH		 2816 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2817 MGMT_STATUS_NOT_SUPPORTED);
2818 mgmt_pending_remove(cmd);
2819 goto failed;
2820 }
2821
7c307720
AG		 2822 if (test_bit(HCI_INQUIRY, &hdev->flags)) {
2823 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2824 MGMT_STATUS_BUSY);
2825 mgmt_pending_remove(cmd);
2826 goto failed;
2827 }
2828
2829 hci_inquiry_cache_flush(hdev);
2830
2831 memset(&inq_cp, 0, sizeof(inq_cp));
2832 memcpy(&inq_cp.lap, lap, sizeof(inq_cp.lap));
0d8cc935 2833 inq_cp.length = DISCOV_BREDR_INQUIRY_LEN;
7c307720 2834 hci_req_add(&req, HCI_OP_INQUIRY, sizeof(inq_cp), &inq_cp);
f39799f5
AG		 2835 break;
2836
2837 case DISCOV_TYPE_LE:
7c307720 2838 case DISCOV_TYPE_INTERLEAVED:
757aee0f 2839 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
04106755
JH		 2840 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2841 MGMT_STATUS_NOT_SUPPORTED);
2842 mgmt_pending_remove(cmd);
2843 goto failed;
2844 }
2845
7c307720 2846 if (hdev->discovery.type == DISCOV_TYPE_INTERLEAVED &&
56f87901 2847 !test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
04106755
JH		 2848 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2849 MGMT_STATUS_NOT_SUPPORTED);
2850 mgmt_pending_remove(cmd);
2851 goto failed;
2852 }
2853
7c307720
AG		 2854 if (test_bit(HCI_LE_PERIPHERAL, &hdev->dev_flags)) {
2855 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2856 MGMT_STATUS_REJECTED);
2857 mgmt_pending_remove(cmd);
2858 goto failed;
2859 }
2860
2861 if (test_bit(HCI_LE_SCAN, &hdev->dev_flags)) {
2862 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2863 MGMT_STATUS_BUSY);
2864 mgmt_pending_remove(cmd);
2865 goto failed;
2866 }
2867
2868 memset(&param_cp, 0, sizeof(param_cp));
2869 param_cp.type = LE_SCAN_ACTIVE;
0d8cc935
AG		 2870 param_cp.interval = cpu_to_le16(DISCOV_LE_SCAN_INT);
2871 param_cp.window = cpu_to_le16(DISCOV_LE_SCAN_WIN);
7c307720
AG		 2872 hci_req_add(&req, HCI_OP_LE_SET_SCAN_PARAM, sizeof(param_cp),
2873 &param_cp);
2874
2875 memset(&enable_cp, 0, sizeof(enable_cp));
2876 enable_cp.enable = LE_SCAN_ENABLE;
2877 enable_cp.filter_dup = LE_SCAN_FILTER_DUP_ENABLE;
2878 hci_req_add(&req, HCI_OP_LE_SET_SCAN_ENABLE, sizeof(enable_cp),
2879 &enable_cp);
5e0452c0
AG		 2880 break;
2881
f39799f5 2882 default:
04106755
JH		 2883 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2884 MGMT_STATUS_INVALID_PARAMS);
2885 mgmt_pending_remove(cmd);
2886 goto failed;
f39799f5 2887 }
3fd24153 2888
7c307720 2889 err = hci_req_run(&req, start_discovery_complete);
14a53664
JH		 2890 if (err < 0)
2891 mgmt_pending_remove(cmd);
ff9ef578
JH		 2892 else
2893 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
14a53664
JH		 2894
2895failed:
09fd0de5 2896 hci_dev_unlock(hdev);
14a53664
JH		 2897 return err;
2898}
2899
1183fdca
AG		 2900static int mgmt_stop_discovery_failed(struct hci_dev *hdev, u8 status)
2901{
2902 struct pending_cmd *cmd;
2903 int err;
2904
2905 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
2906 if (!cmd)
2907 return -ENOENT;
2908
2909 err = cmd_complete(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status),
2910 &hdev->discovery.type, sizeof(hdev->discovery.type));
2911 mgmt_pending_remove(cmd);
2912
2913 return err;
2914}
2915
0e05bba6
AG		 2916static void stop_discovery_complete(struct hci_dev *hdev, u8 status)
2917{
2918 BT_DBG("status %d", status);
2919
2920 hci_dev_lock(hdev);
2921
2922 if (status) {
2923 mgmt_stop_discovery_failed(hdev, status);
2924 goto unlock;
2925 }
2926
2927 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
2928
2929unlock:
2930 hci_dev_unlock(hdev);
2931}
2932
bdb6d971 2933static int stop_discovery(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2934 u16 len)
14a53664 2935{
d930650b 2936 struct mgmt_cp_stop_discovery *mgmt_cp = data;
14a53664 2937 struct pending_cmd *cmd;
30dc78e1
JH		 2938 struct hci_cp_remote_name_req_cancel cp;
2939 struct inquiry_entry *e;
0e05bba6
AG		 2940 struct hci_request req;
2941 struct hci_cp_le_set_scan_enable enable_cp;
14a53664
JH		 2942 int err;
2943
bdb6d971 2944 BT_DBG("%s", hdev->name);
14a53664 2945
09fd0de5 2946 hci_dev_lock(hdev);
14a53664 2947
30dc78e1 2948 if (!hci_discovery_active(hdev)) {
bdb6d971 2949 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
04124681
GP		 2950 MGMT_STATUS_REJECTED, &mgmt_cp->type,
2951 sizeof(mgmt_cp->type));
d930650b
JH		 2952 goto unlock;
2953 }
2954
2955 if (hdev->discovery.type != mgmt_cp->type) {
bdb6d971 2956 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
04124681
GP		 2957 MGMT_STATUS_INVALID_PARAMS, &mgmt_cp->type,
2958 sizeof(mgmt_cp->type));
30dc78e1 2959 goto unlock;
ff9ef578
JH		 2960 }
2961
2e58ef3e 2962 cmd = mgmt_pending_add(sk, MGMT_OP_STOP_DISCOVERY, hdev, NULL, 0);
14a53664
JH		 2963 if (!cmd) {
2964 err = -ENOMEM;
30dc78e1
JH		 2965 goto unlock;
2966 }
2967
0e05bba6
AG		 2968 hci_req_init(&req, hdev);
2969
e0d9727e
AG		 2970 switch (hdev->discovery.state) {
2971 case DISCOVERY_FINDING:
0e05bba6
AG		 2972 if (test_bit(HCI_INQUIRY, &hdev->flags)) {
2973 hci_req_add(&req, HCI_OP_INQUIRY_CANCEL, 0, NULL);
2974 } else {
2975 cancel_delayed_work(&hdev->le_scan_disable);
2976
2977 memset(&enable_cp, 0, sizeof(enable_cp));
2978 enable_cp.enable = LE_SCAN_DISABLE;
2979 hci_req_add(&req, HCI_OP_LE_SET_SCAN_ENABLE,
2980 sizeof(enable_cp), &enable_cp);
2981 }
c9ecc48e 2982
e0d9727e
AG		 2983 break;
2984
2985 case DISCOVERY_RESOLVING:
2986 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY,
8ce8e2b5 2987 NAME_PENDING);
e0d9727e 2988 if (!e) {
30dc78e1 2989 mgmt_pending_remove(cmd);
e0d9727e
AG		 2990 err = cmd_complete(sk, hdev->id,
2991 MGMT_OP_STOP_DISCOVERY, 0,
2992 &mgmt_cp->type,
2993 sizeof(mgmt_cp->type));
2994 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
2995 goto unlock;
2996 }
30dc78e1 2997
e0d9727e 2998 bacpy(&cp.bdaddr, &e->data.bdaddr);
0e05bba6
AG		 2999 hci_req_add(&req, HCI_OP_REMOTE_NAME_REQ_CANCEL, sizeof(cp),
3000 &cp);
e0d9727e
AG		 3001
3002 break;
3003
3004 default:
3005 BT_DBG("unknown discovery state %u", hdev->discovery.state);
0e05bba6
AG		 3006
3007 mgmt_pending_remove(cmd);
3008 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
3009 MGMT_STATUS_FAILED, &mgmt_cp->type,
3010 sizeof(mgmt_cp->type));
3011 goto unlock;
14a53664
JH		 3012 }
3013
0e05bba6 3014 err = hci_req_run(&req, stop_discovery_complete);
14a53664
JH		 3015 if (err < 0)
3016 mgmt_pending_remove(cmd);
ff9ef578
JH		 3017 else
3018 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
14a53664 3019
30dc78e1 3020unlock:
09fd0de5 3021 hci_dev_unlock(hdev);
14a53664
JH		 3022 return err;
3023}
3024
bdb6d971 3025static int confirm_name(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3026 u16 len)
561aafbc 3027{
650f726d 3028 struct mgmt_cp_confirm_name *cp = data;
561aafbc 3029 struct inquiry_entry *e;
561aafbc
JH		 3030 int err;
3031
bdb6d971 3032 BT_DBG("%s", hdev->name);
561aafbc 3033
561aafbc
JH		 3034 hci_dev_lock(hdev);
3035
30dc78e1 3036 if (!hci_discovery_active(hdev)) {
bdb6d971 3037 err = cmd_status(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
04124681 3038 MGMT_STATUS_FAILED);
30dc78e1
JH		 3039 goto failed;
3040 }
3041
a198e7b1 3042 e = hci_inquiry_cache_lookup_unknown(hdev, &cp->addr.bdaddr);
561aafbc 3043 if (!e) {
bdb6d971 3044 err = cmd_status(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
04124681 3045 MGMT_STATUS_INVALID_PARAMS);
561aafbc
JH		 3046 goto failed;
3047 }
3048
3049 if (cp->name_known) {
3050 e->name_state = NAME_KNOWN;
3051 list_del(&e->list);
3052 } else {
3053 e->name_state = NAME_NEEDED;
a3d4e20a 3054 hci_inquiry_cache_update_resolve(hdev, e);
561aafbc
JH		 3055 }
3056
e384662b
JH		 3057 err = cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME, 0, &cp->addr,
3058 sizeof(cp->addr));
561aafbc
JH		 3059
3060failed:
3061 hci_dev_unlock(hdev);
561aafbc
JH		 3062 return err;
3063}
3064
bdb6d971 3065static int block_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3066 u16 len)
7fbec224 3067{
650f726d 3068 struct mgmt_cp_block_device *cp = data;
f0eeea8b 3069 u8 status;
7fbec224
AJ		 3070 int err;
3071
bdb6d971 3072 BT_DBG("%s", hdev->name);
7fbec224 3073
4ee71b20 3074 if (!bdaddr_type_is_valid(cp->addr.type))
5d0846d4
JH		 3075 return cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE,
3076 MGMT_STATUS_INVALID_PARAMS,
3077 &cp->addr, sizeof(cp->addr));
4ee71b20 3078
09fd0de5 3079 hci_dev_lock(hdev);
5e762444 3080
88c1fe4b 3081 err = hci_blacklist_add(hdev, &cp->addr.bdaddr, cp->addr.type);
7fbec224 3082 if (err < 0)
f0eeea8b 3083 status = MGMT_STATUS_FAILED;
7fbec224 3084 else
a6785be2 3085 status = MGMT_STATUS_SUCCESS;
f0eeea8b 3086
bdb6d971 3087 err = cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE, status,
04124681 3088 &cp->addr, sizeof(cp->addr));
5e762444 3089
09fd0de5 3090 hci_dev_unlock(hdev);
7fbec224
AJ		 3091
3092 return err;
3093}
3094
bdb6d971 3095static int unblock_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3096 u16 len)
7fbec224 3097{
650f726d 3098 struct mgmt_cp_unblock_device *cp = data;
f0eeea8b 3099 u8 status;
7fbec224
AJ		 3100 int err;
3101
bdb6d971 3102 BT_DBG("%s", hdev->name);
7fbec224 3103
4ee71b20 3104 if (!bdaddr_type_is_valid(cp->addr.type))
5d0846d4
JH		 3105 return cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE,
3106 MGMT_STATUS_INVALID_PARAMS,
3107 &cp->addr, sizeof(cp->addr));
4ee71b20 3108
09fd0de5 3109 hci_dev_lock(hdev);
5e762444 3110
88c1fe4b 3111 err = hci_blacklist_del(hdev, &cp->addr.bdaddr, cp->addr.type);
7fbec224 3112 if (err < 0)
f0eeea8b 3113 status = MGMT_STATUS_INVALID_PARAMS;
7fbec224 3114 else
a6785be2 3115 status = MGMT_STATUS_SUCCESS;
f0eeea8b 3116
bdb6d971 3117 err = cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE, status,
04124681 3118 &cp->addr, sizeof(cp->addr));
5e762444 3119
09fd0de5 3120 hci_dev_unlock(hdev);
7fbec224
AJ		 3121
3122 return err;
3123}
3124
cdbaccca
MH		 3125static int set_device_id(struct sock *sk, struct hci_dev *hdev, void *data,
3126 u16 len)
3127{
3128 struct mgmt_cp_set_device_id *cp = data;
890ea898 3129 struct hci_request req;
cdbaccca 3130 int err;
c72d4b8a 3131 __u16 source;
cdbaccca
MH		 3132
3133 BT_DBG("%s", hdev->name);
3134
c72d4b8a
SJ		 3135 source = __le16_to_cpu(cp->source);
3136
3137 if (source > 0x0002)
3138 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEVICE_ID,
3139 MGMT_STATUS_INVALID_PARAMS);
3140
cdbaccca
MH		 3141 hci_dev_lock(hdev);
3142
c72d4b8a 3143 hdev->devid_source = source;
cdbaccca
MH		 3144 hdev->devid_vendor = __le16_to_cpu(cp->vendor);
3145 hdev->devid_product = __le16_to_cpu(cp->product);
3146 hdev->devid_version = __le16_to_cpu(cp->version);
3147
3148 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEVICE_ID, 0, NULL, 0);
3149
890ea898
JH		 3150 hci_req_init(&req, hdev);
3151 update_eir(&req);
3152 hci_req_run(&req, NULL);
cdbaccca
MH		 3153
3154 hci_dev_unlock(hdev);
3155
3156 return err;
3157}
3158
4375f103
JH		 3159static void set_advertising_complete(struct hci_dev *hdev, u8 status)
3160{
3161 struct cmd_lookup match = { NULL, hdev };
3162
3163 if (status) {
3164 u8 mgmt_err = mgmt_status(status);
3165
3166 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev,
3167 cmd_status_rsp, &mgmt_err);
3168 return;
3169 }
3170
3171 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev, settings_rsp,
3172 &match);
3173
3174 new_settings(hdev, match.sk);
3175
3176 if (match.sk)
3177 sock_put(match.sk);
3178}
3179
3180static int set_advertising(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
3181{
3182 struct mgmt_mode *cp = data;
3183 struct pending_cmd *cmd;
3184 struct hci_request req;
3185 u8 val, enabled;
3186 int err;
3187
3188 BT_DBG("request for %s", hdev->name);
3189
3190 if (!lmp_le_capable(hdev))
3191 return cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
3192 MGMT_STATUS_NOT_SUPPORTED);
3193
3194 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
3195 return cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
3196 MGMT_STATUS_REJECTED);
3197
3198 if (cp->val != 0x00 && cp->val != 0x01)
3199 return cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
3200 MGMT_STATUS_INVALID_PARAMS);
3201
3202 hci_dev_lock(hdev);
3203
3204 val = !!cp->val;
3205 enabled = test_bit(HCI_LE_PERIPHERAL, &hdev->dev_flags);
3206
3207 if (!hdev_is_powered(hdev) || val == enabled) {
3208 bool changed = false;
3209
3210 if (val != test_bit(HCI_LE_PERIPHERAL, &hdev->dev_flags)) {
3211 change_bit(HCI_LE_PERIPHERAL, &hdev->dev_flags);
3212 changed = true;
3213 }
3214
3215 err = send_settings_rsp(sk, MGMT_OP_SET_ADVERTISING, hdev);
3216 if (err < 0)
3217 goto unlock;
3218
3219 if (changed)
3220 err = new_settings(hdev, sk);
3221
3222 goto unlock;
3223 }
3224
3225 if (mgmt_pending_find(MGMT_OP_SET_ADVERTISING, hdev) ||
3226 mgmt_pending_find(MGMT_OP_SET_LE, hdev)) {
3227 err = cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
3228 MGMT_STATUS_BUSY);
3229 goto unlock;
3230 }
3231
3232 cmd = mgmt_pending_add(sk, MGMT_OP_SET_ADVERTISING, hdev, data, len);
3233 if (!cmd) {
3234 err = -ENOMEM;
3235 goto unlock;
3236 }
3237
3238 hci_req_init(&req, hdev);
3239
3240 hci_req_add(&req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(val), &val);
3241
3242 err = hci_req_run(&req, set_advertising_complete);
3243 if (err < 0)
3244 mgmt_pending_remove(cmd);
3245
3246unlock:
3247 hci_dev_unlock(hdev);
3248 return err;
3249}
3250
d13eafce
MH		 3251static int set_static_address(struct sock *sk, struct hci_dev *hdev,
3252 void *data, u16 len)
3253{
3254 struct mgmt_cp_set_static_address *cp = data;
3255 int err;
3256
3257 BT_DBG("%s", hdev->name);
3258
3259 if (!lmp_le_capable(hdev))
3260 return cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
3261 MGMT_STATUS_NOT_SUPPORTED);
3262
3263 if (hdev_is_powered(hdev))
3264 return cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
3265 MGMT_STATUS_REJECTED);
3266
3267 if (bacmp(&cp->bdaddr, BDADDR_ANY)) {
3268 if (!bacmp(&cp->bdaddr, BDADDR_NONE))
3269 return cmd_status(sk, hdev->id,
3270 MGMT_OP_SET_STATIC_ADDRESS,
3271 MGMT_STATUS_INVALID_PARAMS);
3272
3273 /* Two most significant bits shall be set */
3274 if ((cp->bdaddr.b[5] & 0xc0) != 0xc0)
3275 return cmd_status(sk, hdev->id,
3276 MGMT_OP_SET_STATIC_ADDRESS,
3277 MGMT_STATUS_INVALID_PARAMS);
3278 }
3279
3280 hci_dev_lock(hdev);
3281
3282 bacpy(&hdev->static_addr, &cp->bdaddr);
3283
3284 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS, 0, NULL, 0);
3285
3286 hci_dev_unlock(hdev);
3287
3288 return err;
3289}
3290
33e38b3e
JH		 3291static void fast_connectable_complete(struct hci_dev *hdev, u8 status)
3292{
3293 struct pending_cmd *cmd;
3294
3295 BT_DBG("status 0x%02x", status);
3296
3297 hci_dev_lock(hdev);
3298
3299 cmd = mgmt_pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev);
3300 if (!cmd)
3301 goto unlock;
3302
3303 if (status) {
3304 cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
3305 mgmt_status(status));
3306 } else {
1a4d3c4b
JH		 3307 struct mgmt_mode *cp = cmd->param;
3308
3309 if (cp->val)
3310 set_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
3311 else
3312 clear_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
3313
33e38b3e
JH		 3314 send_settings_rsp(cmd->sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev);
3315 new_settings(hdev, cmd->sk);
3316 }
3317
3318 mgmt_pending_remove(cmd);
3319
3320unlock:
3321 hci_dev_unlock(hdev);
3322}
3323
bdb6d971 3324static int set_fast_connectable(struct sock *sk, struct hci_dev *hdev,
04124681 3325 void *data, u16 len)
f6422ec6 3326{
650f726d 3327 struct mgmt_mode *cp = data;
33e38b3e
JH		 3328 struct pending_cmd *cmd;
3329 struct hci_request req;
f6422ec6
AJ		 3330 int err;
3331
bdb6d971 3332 BT_DBG("%s", hdev->name);
f6422ec6 3333
56f87901
JH		 3334 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags) ||
3335 hdev->hci_ver < BLUETOOTH_VER_1_2)
33c525c0
JH		 3336 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
3337 MGMT_STATUS_NOT_SUPPORTED);
3338
a7e80f25
JH		 3339 if (cp->val != 0x00 && cp->val != 0x01)
3340 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
3341 MGMT_STATUS_INVALID_PARAMS);
3342
5400c044 3343 if (!hdev_is_powered(hdev))
bdb6d971 3344 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
04124681 3345 MGMT_STATUS_NOT_POWERED);
5400c044
JH		 3346
3347 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
bdb6d971 3348 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
04124681 3349 MGMT_STATUS_REJECTED);
f6422ec6
AJ		 3350
3351 hci_dev_lock(hdev);
3352
05cbf29f
JH		 3353 if (mgmt_pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev)) {
3354 err = cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
3355 MGMT_STATUS_BUSY);
3356 goto unlock;
3357 }
3358
1a4d3c4b
JH		 3359 if (!!cp->val == test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags)) {
3360 err = send_settings_rsp(sk, MGMT_OP_SET_FAST_CONNECTABLE,
3361 hdev);
3362 goto unlock;
3363 }
3364
33e38b3e
JH		 3365 cmd = mgmt_pending_add(sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev,
3366 data, len);
3367 if (!cmd) {
3368 err = -ENOMEM;
3369 goto unlock;
f6422ec6
AJ		 3370 }
3371
33e38b3e
JH		 3372 hci_req_init(&req, hdev);
3373
406d7804 3374 write_fast_connectable(&req, cp->val);
33e38b3e
JH		 3375
3376 err = hci_req_run(&req, fast_connectable_complete);
f6422ec6 3377 if (err < 0) {
bdb6d971 3378 err = cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
04124681 3379 MGMT_STATUS_FAILED);
33e38b3e 3380 mgmt_pending_remove(cmd);
f6422ec6
AJ		 3381 }
3382
33e38b3e 3383unlock:
f6422ec6 3384 hci_dev_unlock(hdev);
33e38b3e 3385
f6422ec6
AJ		 3386 return err;
3387}
3388
0663ca2a
JH		 3389static void set_bredr_complete(struct hci_dev *hdev, u8 status)
3390{
3391 struct pending_cmd *cmd;
3392
3393 BT_DBG("status 0x%02x", status);
3394
3395 hci_dev_lock(hdev);
3396
3397 cmd = mgmt_pending_find(MGMT_OP_SET_BREDR, hdev);
3398 if (!cmd)
3399 goto unlock;
3400
3401 if (status) {
3402 u8 mgmt_err = mgmt_status(status);
3403
3404 /* We need to restore the flag if related HCI commands
3405 * failed.
3406 */
3407 clear_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
3408
3409 cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
3410 } else {
3411 send_settings_rsp(cmd->sk, MGMT_OP_SET_BREDR, hdev);
3412 new_settings(hdev, cmd->sk);
3413 }
3414
3415 mgmt_pending_remove(cmd);
3416
3417unlock:
3418 hci_dev_unlock(hdev);
3419}
3420
3421static int set_bredr(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
3422{
3423 struct mgmt_mode *cp = data;
3424 struct pending_cmd *cmd;
3425 struct hci_request req;
3426 int err;
3427
3428 BT_DBG("request for %s", hdev->name);
3429
3430 if (!lmp_bredr_capable(hdev) || !lmp_le_capable(hdev))
3431 return cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
3432 MGMT_STATUS_NOT_SUPPORTED);
3433
3434 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
3435 return cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
3436 MGMT_STATUS_REJECTED);
3437
3438 if (cp->val != 0x00 && cp->val != 0x01)
3439 return cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
3440 MGMT_STATUS_INVALID_PARAMS);
3441
3442 hci_dev_lock(hdev);
3443
3444 if (cp->val == test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
3445 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
3446 goto unlock;
3447 }
3448
3449 if (!hdev_is_powered(hdev)) {
3450 if (!cp->val) {
3451 clear_bit(HCI_CONNECTABLE, &hdev->dev_flags);
3452 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
3453 clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
3454 clear_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
3455 clear_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
3456 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
3457 }
3458
3459 change_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
3460
3461 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
3462 if (err < 0)
3463 goto unlock;
3464
3465 err = new_settings(hdev, sk);
3466 goto unlock;
3467 }
3468
3469 /* Reject disabling when powered on */
3470 if (!cp->val) {
3471 err = cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
3472 MGMT_STATUS_REJECTED);
3473 goto unlock;
3474 }
3475
3476 if (mgmt_pending_find(MGMT_OP_SET_BREDR, hdev)) {
3477 err = cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
3478 MGMT_STATUS_BUSY);
3479 goto unlock;
3480 }
3481
3482 cmd = mgmt_pending_add(sk, MGMT_OP_SET_BREDR, hdev, data, len);
3483 if (!cmd) {
3484 err = -ENOMEM;
3485 goto unlock;
3486 }
3487
3488 /* We need to flip the bit already here so that hci_update_ad
3489 * generates the correct flags.
3490 */
3491 set_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
3492
3493 hci_req_init(&req, hdev);
3494 hci_update_ad(&req);
3495 err = hci_req_run(&req, set_bredr_complete);
3496 if (err < 0)
3497 mgmt_pending_remove(cmd);
3498
3499unlock:
3500 hci_dev_unlock(hdev);
3501 return err;
3502}
3503
3f706b72
JH		 3504static bool ltk_is_valid(struct mgmt_ltk_info *key)
3505{
44b20d33
JH		 3506 if (key->authenticated != 0x00 && key->authenticated != 0x01)
3507 return false;
3f706b72
JH		 3508 if (key->master != 0x00 && key->master != 0x01)
3509 return false;
4ee71b20
JH		 3510 if (!bdaddr_type_is_le(key->addr.type))
3511 return false;
3f706b72
JH		 3512 return true;
3513}
3514
bdb6d971 3515static int load_long_term_keys(struct sock *sk, struct hci_dev *hdev,
04124681 3516 void *cp_data, u16 len)
346af67b 3517{
346af67b
VCG		 3518 struct mgmt_cp_load_long_term_keys *cp = cp_data;
3519 u16 key_count, expected_len;
715a5bf2 3520 int i, err;
346af67b 3521
1f350c87 3522 key_count = __le16_to_cpu(cp->key_count);
346af67b
VCG		 3523
3524 expected_len = sizeof(*cp) + key_count *
3525 sizeof(struct mgmt_ltk_info);
3526 if (expected_len != len) {
3527 BT_ERR("load_keys: expected %u bytes, got %u bytes",
8ce8e2b5 3528 len, expected_len);
bdb6d971 3529 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
e57e619f 3530 MGMT_STATUS_INVALID_PARAMS);
346af67b
VCG		 3531 }
3532
bdb6d971 3533 BT_DBG("%s key_count %u", hdev->name, key_count);
346af67b 3534
54ad6d8a
JH		 3535 for (i = 0; i < key_count; i++) {
3536 struct mgmt_ltk_info *key = &cp->keys[i];
3537
3f706b72 3538 if (!ltk_is_valid(key))
54ad6d8a
JH		 3539 return cmd_status(sk, hdev->id,
3540 MGMT_OP_LOAD_LONG_TERM_KEYS,
3541 MGMT_STATUS_INVALID_PARAMS);
3542 }
3543
346af67b
VCG		 3544 hci_dev_lock(hdev);
3545
3546 hci_smp_ltks_clear(hdev);
3547
3548 for (i = 0; i < key_count; i++) {
3549 struct mgmt_ltk_info *key = &cp->keys[i];
3550 u8 type;
3551
3552 if (key->master)
3553 type = HCI_SMP_LTK;
3554 else
3555 type = HCI_SMP_LTK_SLAVE;
3556
4596fde5 3557 hci_add_ltk(hdev, &key->addr.bdaddr,
378b5b7e 3558 bdaddr_to_le(key->addr.type),
04124681
GP		 3559 type, 0, key->authenticated, key->val,
3560 key->enc_size, key->ediv, key->rand);
346af67b
VCG		 3561 }
3562
715a5bf2
JH		 3563 err = cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS, 0,
3564 NULL, 0);
3565
346af67b 3566 hci_dev_unlock(hdev);
346af67b 3567
715a5bf2 3568 return err;
346af67b
VCG		 3569}
3570
2e3c35ea 3571static const struct mgmt_handler {
04124681
GP		 3572 int (*func) (struct sock *sk, struct hci_dev *hdev, void *data,
3573 u16 data_len);
be22b54e
JH		 3574 bool var_len;
3575 size_t data_len;
0f4e68cf
JH		 3576} mgmt_handlers[] = {
3577 { NULL }, /* 0x0000 (no command) */
be22b54e
JH		 3578 { read_version, false, MGMT_READ_VERSION_SIZE },
3579 { read_commands, false, MGMT_READ_COMMANDS_SIZE },
3580 { read_index_list, false, MGMT_READ_INDEX_LIST_SIZE },
3581 { read_controller_info, false, MGMT_READ_INFO_SIZE },
3582 { set_powered, false, MGMT_SETTING_SIZE },
3583 { set_discoverable, false, MGMT_SET_DISCOVERABLE_SIZE },
3584 { set_connectable, false, MGMT_SETTING_SIZE },
3585 { set_fast_connectable, false, MGMT_SETTING_SIZE },
3586 { set_pairable, false, MGMT_SETTING_SIZE },
3587 { set_link_security, false, MGMT_SETTING_SIZE },
3588 { set_ssp, false, MGMT_SETTING_SIZE },
3589 { set_hs, false, MGMT_SETTING_SIZE },
3590 { set_le, false, MGMT_SETTING_SIZE },
3591 { set_dev_class, false, MGMT_SET_DEV_CLASS_SIZE },
3592 { set_local_name, false, MGMT_SET_LOCAL_NAME_SIZE },
3593 { add_uuid, false, MGMT_ADD_UUID_SIZE },
3594 { remove_uuid, false, MGMT_REMOVE_UUID_SIZE },
3595 { load_link_keys, true, MGMT_LOAD_LINK_KEYS_SIZE },
3596 { load_long_term_keys, true, MGMT_LOAD_LONG_TERM_KEYS_SIZE },
3597 { disconnect, false, MGMT_DISCONNECT_SIZE },
3598 { get_connections, false, MGMT_GET_CONNECTIONS_SIZE },
3599 { pin_code_reply, false, MGMT_PIN_CODE_REPLY_SIZE },
3600 { pin_code_neg_reply, false, MGMT_PIN_CODE_NEG_REPLY_SIZE },
3601 { set_io_capability, false, MGMT_SET_IO_CAPABILITY_SIZE },
3602 { pair_device, false, MGMT_PAIR_DEVICE_SIZE },
3603 { cancel_pair_device, false, MGMT_CANCEL_PAIR_DEVICE_SIZE },
3604 { unpair_device, false, MGMT_UNPAIR_DEVICE_SIZE },
3605 { user_confirm_reply, false, MGMT_USER_CONFIRM_REPLY_SIZE },
3606 { user_confirm_neg_reply, false, MGMT_USER_CONFIRM_NEG_REPLY_SIZE },
3607 { user_passkey_reply, false, MGMT_USER_PASSKEY_REPLY_SIZE },
3608 { user_passkey_neg_reply, false, MGMT_USER_PASSKEY_NEG_REPLY_SIZE },
3609 { read_local_oob_data, false, MGMT_READ_LOCAL_OOB_DATA_SIZE },
3610 { add_remote_oob_data, false, MGMT_ADD_REMOTE_OOB_DATA_SIZE },
3611 { remove_remote_oob_data, false, MGMT_REMOVE_REMOTE_OOB_DATA_SIZE },
3612 { start_discovery, false, MGMT_START_DISCOVERY_SIZE },
3613 { stop_discovery, false, MGMT_STOP_DISCOVERY_SIZE },
3614 { confirm_name, false, MGMT_CONFIRM_NAME_SIZE },
3615 { block_device, false, MGMT_BLOCK_DEVICE_SIZE },
3616 { unblock_device, false, MGMT_UNBLOCK_DEVICE_SIZE },
cdbaccca 3617 { set_device_id, false, MGMT_SET_DEVICE_ID_SIZE },
4375f103 3618 { set_advertising, false, MGMT_SETTING_SIZE },
0663ca2a 3619 { set_bredr, false, MGMT_SETTING_SIZE },
d13eafce 3620 { set_static_address, false, MGMT_SET_STATIC_ADDRESS_SIZE },
0f4e68cf
JH		 3621};
3622
3623
0381101f
JH		 3624int mgmt_control(struct sock *sk, struct msghdr *msg, size_t msglen)
3625{
650f726d
VCG		 3626 void *buf;
3627 u8 *cp;
0381101f 3628 struct mgmt_hdr *hdr;
4e51eae9 3629 u16 opcode, index, len;
bdb6d971 3630 struct hci_dev *hdev = NULL;
2e3c35ea 3631 const struct mgmt_handler *handler;
0381101f
JH		 3632 int err;
3633
3634 BT_DBG("got %zu bytes", msglen);
3635
3636 if (msglen < sizeof(*hdr))
3637 return -EINVAL;
3638
e63a15ec 3639 buf = kmalloc(msglen, GFP_KERNEL);
0381101f
JH		 3640 if (!buf)
3641 return -ENOMEM;
3642
3643 if (memcpy_fromiovec(buf, msg->msg_iov, msglen)) {
3644 err = -EFAULT;
3645 goto done;
3646 }
3647
650f726d 3648 hdr = buf;
1f350c87
MH		 3649 opcode = __le16_to_cpu(hdr->opcode);
3650 index = __le16_to_cpu(hdr->index);
3651 len = __le16_to_cpu(hdr->len);
0381101f
JH		 3652
3653 if (len != msglen - sizeof(*hdr)) {
3654 err = -EINVAL;
3655 goto done;
3656 }
3657
0f4e68cf 3658 if (index != MGMT_INDEX_NONE) {
bdb6d971
JH		 3659 hdev = hci_dev_get(index);
3660 if (!hdev) {
3661 err = cmd_status(sk, index, opcode,
04124681 3662 MGMT_STATUS_INVALID_INDEX);
bdb6d971
JH		 3663 goto done;
3664 }
0736cfa8
MH		 3665
3666 if (test_bit(HCI_USER_CHANNEL, &hdev->dev_flags)) {
3667 err = cmd_status(sk, index, opcode,
3668 MGMT_STATUS_INVALID_INDEX);
3669 goto done;
3670 }
bdb6d971
JH		 3671 }
3672
0f4e68cf 3673 if (opcode >= ARRAY_SIZE(mgmt_handlers) ||
8ce8e2b5 3674 mgmt_handlers[opcode].func == NULL) {
0381101f 3675 BT_DBG("Unknown op %u", opcode);
ca69b795 3676 err = cmd_status(sk, index, opcode,
04124681 3677 MGMT_STATUS_UNKNOWN_COMMAND);
0f4e68cf
JH		 3678 goto done;
3679 }
3680
3681 if ((hdev && opcode < MGMT_OP_READ_INFO) ||
8ce8e2b5 3682 (!hdev && opcode >= MGMT_OP_READ_INFO)) {
0f4e68cf 3683 err = cmd_status(sk, index, opcode,
04124681 3684 MGMT_STATUS_INVALID_INDEX);
0f4e68cf 3685 goto done;
0381101f
JH		 3686 }
3687
be22b54e
JH		 3688 handler = &mgmt_handlers[opcode];
3689
3690 if ((handler->var_len && len < handler->data_len) ||
8ce8e2b5 3691 (!handler->var_len && len != handler->data_len)) {
be22b54e 3692 err = cmd_status(sk, index, opcode,
04124681 3693 MGMT_STATUS_INVALID_PARAMS);
be22b54e
JH		 3694 goto done;
3695 }
3696
0f4e68cf
JH		 3697 if (hdev)
3698 mgmt_init_hdev(sk, hdev);
3699
3700 cp = buf + sizeof(*hdr);
3701
be22b54e 3702 err = handler->func(sk, hdev, cp, len);
e41d8b4e
JH		 3703 if (err < 0)
3704 goto done;
3705
0381101f
JH		 3706 err = msglen;
3707
3708done:
bdb6d971
JH		 3709 if (hdev)
3710 hci_dev_put(hdev);
3711
0381101f
JH		 3712 kfree(buf);
3713 return err;
3714}
c71e97bf 3715
744cf19e 3716int mgmt_index_added(struct hci_dev *hdev)
c71e97bf 3717{
bb4b2a9a
AE		 3718 if (!mgmt_valid_hdev(hdev))
3719 return -ENOTSUPP;
3720
744cf19e 3721 return mgmt_event(MGMT_EV_INDEX_ADDED, hdev, NULL, 0, NULL);
c71e97bf
JH		 3722}
3723
744cf19e 3724int mgmt_index_removed(struct hci_dev *hdev)
c71e97bf 3725{
5f159032 3726 u8 status = MGMT_STATUS_INVALID_INDEX;
b24752fe 3727
bb4b2a9a
AE		 3728 if (!mgmt_valid_hdev(hdev))
3729 return -ENOTSUPP;
3730
744cf19e 3731 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status);
b24752fe 3732
744cf19e 3733 return mgmt_event(MGMT_EV_INDEX_REMOVED, hdev, NULL, 0, NULL);
eec8d2bc
JH		 3734}
3735
890ea898 3736static void set_bredr_scan(struct hci_request *req)
7f0ae647 3737{
890ea898 3738 struct hci_dev *hdev = req->hdev;
7f0ae647
JH		 3739 u8 scan = 0;
3740
4c01f8b8
JH		 3741 /* Ensure that fast connectable is disabled. This function will
3742 * not do anything if the page scan parameters are already what
3743 * they should be.
3744 */
3745 write_fast_connectable(req, false);
3746
7f0ae647
JH		 3747 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
3748 scan |= SCAN_PAGE;
3749 if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
3750 scan |= SCAN_INQUIRY;
3751
890ea898
JH		 3752 if (scan)
3753 hci_req_add(req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
7f0ae647
JH		 3754}
3755
229ab39c
JH		 3756static void powered_complete(struct hci_dev *hdev, u8 status)
3757{
3758 struct cmd_lookup match = { NULL, hdev };
3759
3760 BT_DBG("status 0x%02x", status);
3761
3762 hci_dev_lock(hdev);
3763
3764 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
3765
3766 new_settings(hdev, match.sk);
3767
3768 hci_dev_unlock(hdev);
3769
3770 if (match.sk)
3771 sock_put(match.sk);
3772}
3773
70da6243 3774static int powered_update_hci(struct hci_dev *hdev)
5add6af8 3775{
890ea898 3776 struct hci_request req;
70da6243 3777 u8 link_sec;
5add6af8 3778
890ea898
JH		 3779 hci_req_init(&req, hdev);
3780
70da6243
JH		 3781 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags) &&
3782 !lmp_host_ssp_capable(hdev)) {
3783 u8 ssp = 1;
5e5282bb 3784
890ea898 3785 hci_req_add(&req, HCI_OP_WRITE_SSP_MODE, 1, &ssp);
70da6243 3786 }
5add6af8 3787
c73eee91
JH		 3788 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags) &&
3789 lmp_bredr_capable(hdev)) {
70da6243 3790 struct hci_cp_write_le_host_supported cp;
f0ff92fb 3791
70da6243
JH		 3792 cp.le = 1;
3793 cp.simul = lmp_le_br_capable(hdev);
3d1cbdd6 3794
70da6243
JH		 3795 /* Check first if we already have the right
3796 * host state (host features set)
3797 */
3798 if (cp.le != lmp_host_le_capable(hdev) ||
3799 cp.simul != lmp_host_le_br_capable(hdev))
890ea898
JH		 3800 hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED,
3801 sizeof(cp), &cp);
0663ca2a
JH		 3802
3803 /* In case BR/EDR was toggled during the AUTO_OFF phase */
3804 hci_update_ad(&req);
70da6243 3805 }
3d1cbdd6 3806
d13eafce
MH		 3807 if (lmp_le_capable(hdev)) {
3808 /* Set random address to static address if configured */
3809 if (bacmp(&hdev->static_addr, BDADDR_ANY))
3810 hci_req_add(&req, HCI_OP_LE_SET_RANDOM_ADDR, 6,
3811 &hdev->static_addr);
3812 }
3813
eeca6f89
JH		 3814 if (test_bit(HCI_LE_PERIPHERAL, &hdev->dev_flags)) {
3815 u8 adv = 0x01;
3816
3817 hci_req_add(&req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(adv), &adv);
3818 }
3819
70da6243
JH		 3820 link_sec = test_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
3821 if (link_sec != test_bit(HCI_AUTH, &hdev->flags))
890ea898
JH		 3822 hci_req_add(&req, HCI_OP_WRITE_AUTH_ENABLE,
3823 sizeof(link_sec), &link_sec);
562fcc24 3824
70da6243 3825 if (lmp_bredr_capable(hdev)) {
56f87901
JH		 3826 if (test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
3827 set_bredr_scan(&req);
890ea898 3828 update_class(&req);
13928971 3829 update_name(&req);
890ea898 3830 update_eir(&req);
70da6243 3831 }
562fcc24 3832
229ab39c 3833 return hci_req_run(&req, powered_complete);
70da6243 3834}
562fcc24 3835
70da6243
JH		 3836int mgmt_powered(struct hci_dev *hdev, u8 powered)
3837{
3838 struct cmd_lookup match = { NULL, hdev };
229ab39c
JH		 3839 u8 status_not_powered = MGMT_STATUS_NOT_POWERED;
3840 u8 zero_cod[] = { 0, 0, 0 };
70da6243 3841 int err;
f0ff92fb 3842
70da6243
JH		 3843 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
3844 return 0;
3845
70da6243 3846 if (powered) {
229ab39c
JH		 3847 if (powered_update_hci(hdev) == 0)
3848 return 0;
fe038884 3849
229ab39c
JH		 3850 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp,
3851 &match);
3852 goto new_settings;
b24752fe
JH		 3853 }
3854
229ab39c
JH		 3855 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
3856 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status_not_powered);
3857
3858 if (memcmp(hdev->dev_class, zero_cod, sizeof(zero_cod)) != 0)
3859 mgmt_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev,
3860 zero_cod, sizeof(zero_cod), NULL);
3861
3862new_settings:
beadb2bd 3863 err = new_settings(hdev, match.sk);
eec8d2bc
JH		 3864
3865 if (match.sk)
3866 sock_put(match.sk);
3867
7bb895d6 3868 return err;
5add6af8 3869}
73f22f62 3870
96570ffc
JH		 3871int mgmt_set_powered_failed(struct hci_dev *hdev, int err)
3872{
3873 struct pending_cmd *cmd;
3874 u8 status;
3875
3876 cmd = mgmt_pending_find(MGMT_OP_SET_POWERED, hdev);
3877 if (!cmd)
3878 return -ENOENT;
3879
3880 if (err == -ERFKILL)
3881 status = MGMT_STATUS_RFKILLED;
3882 else
3883 status = MGMT_STATUS_FAILED;
3884
3885 err = cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_POWERED, status);
3886
3887 mgmt_pending_remove(cmd);
3888
3889 return err;
3890}
3891
744cf19e 3892int mgmt_discoverable(struct hci_dev *hdev, u8 discoverable)
73f22f62 3893{
76a7f3a4 3894 struct cmd_lookup match = { NULL, hdev };
5e5282bb
JH		 3895 bool changed = false;
3896 int err = 0;
73f22f62 3897
5e5282bb
JH		 3898 if (discoverable) {
3899 if (!test_and_set_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
3900 changed = true;
3901 } else {
3902 if (test_and_clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
3903 changed = true;
3904 }
73f22f62 3905
ed9b5f2f 3906 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, hdev, settings_rsp,
04124681 3907 &match);
ed9b5f2f 3908
beadb2bd
JH		 3909 if (changed)
3910 err = new_settings(hdev, match.sk);
5e5282bb 3911
73f22f62
JH		 3912 if (match.sk)
3913 sock_put(match.sk);
3914
7bb895d6 3915 return err;
73f22f62 3916}
9fbcbb45 3917
744cf19e 3918int mgmt_connectable(struct hci_dev *hdev, u8 connectable)
9fbcbb45 3919{
2b76f453 3920 struct pending_cmd *cmd;
5e5282bb
JH		 3921 bool changed = false;
3922 int err = 0;
9fbcbb45 3923
5e5282bb
JH		 3924 if (connectable) {
3925 if (!test_and_set_bit(HCI_CONNECTABLE, &hdev->dev_flags))
3926 changed = true;
3927 } else {
3928 if (test_and_clear_bit(HCI_CONNECTABLE, &hdev->dev_flags))
3929 changed = true;
3930 }
9fbcbb45 3931
2b76f453 3932 cmd = mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
ed9b5f2f 3933
beadb2bd 3934 if (changed)
2b76f453 3935 err = new_settings(hdev, cmd ? cmd->sk : NULL);
9fbcbb45 3936
7bb895d6 3937 return err;
9fbcbb45 3938}
55ed8ca1 3939
744cf19e 3940int mgmt_write_scan_failed(struct hci_dev *hdev, u8 scan, u8 status)
2d7cee58 3941{
ca69b795
JH		 3942 u8 mgmt_err = mgmt_status(status);
3943
2d7cee58 3944 if (scan & SCAN_PAGE)
744cf19e 3945 mgmt_pending_foreach(MGMT_OP_SET_CONNECTABLE, hdev,
04124681 3946 cmd_status_rsp, &mgmt_err);
2d7cee58
JH		 3947
3948 if (scan & SCAN_INQUIRY)
744cf19e 3949 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, hdev,
04124681 3950 cmd_status_rsp, &mgmt_err);
2d7cee58
JH		 3951
3952 return 0;
3953}
3954
53168e5b
CC		 3955int mgmt_new_link_key(struct hci_dev *hdev, struct link_key *key,
3956 bool persistent)
55ed8ca1 3957{
86742e1e 3958 struct mgmt_ev_new_link_key ev;
55ed8ca1 3959
a492cd52 3960 memset(&ev, 0, sizeof(ev));
55ed8ca1 3961
a492cd52 3962 ev.store_hint = persistent;
d753fdc4 3963 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
591f47f3 3964 ev.key.addr.type = BDADDR_BREDR;
a492cd52 3965 ev.key.type = key->type;
9b3b4460 3966 memcpy(ev.key.val, key->val, HCI_LINK_KEY_SIZE);
a492cd52 3967 ev.key.pin_len = key->pin_len;
55ed8ca1 3968
744cf19e 3969 return mgmt_event(MGMT_EV_NEW_LINK_KEY, hdev, &ev, sizeof(ev), NULL);
55ed8ca1 3970}
f7520543 3971
346af67b
VCG		 3972int mgmt_new_ltk(struct hci_dev *hdev, struct smp_ltk *key, u8 persistent)
3973{
3974 struct mgmt_ev_new_long_term_key ev;
3975
3976 memset(&ev, 0, sizeof(ev));
3977
3978 ev.store_hint = persistent;
3979 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
57c1477c 3980 ev.key.addr.type = link_to_bdaddr(LE_LINK, key->bdaddr_type);
346af67b
VCG		 3981 ev.key.authenticated = key->authenticated;
3982 ev.key.enc_size = key->enc_size;
3983 ev.key.ediv = key->ediv;
3984
3985 if (key->type == HCI_SMP_LTK)
3986 ev.key.master = 1;
3987
3988 memcpy(ev.key.rand, key->rand, sizeof(key->rand));
3989 memcpy(ev.key.val, key->val, sizeof(key->val));
3990
04124681
GP		 3991 return mgmt_event(MGMT_EV_NEW_LONG_TERM_KEY, hdev, &ev, sizeof(ev),
3992 NULL);
346af67b
VCG		 3993}
3994
afc747a6 3995int mgmt_device_connected(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
04124681
GP		 3996 u8 addr_type, u32 flags, u8 *name, u8 name_len,
3997 u8 *dev_class)
f7520543 3998{
b644ba33
JH		 3999 char buf[512];
4000 struct mgmt_ev_device_connected *ev = (void *) buf;
4001 u16 eir_len = 0;
f7520543 4002
b644ba33 4003 bacpy(&ev->addr.bdaddr, bdaddr);
57c1477c 4004 ev->addr.type = link_to_bdaddr(link_type, addr_type);
f7520543 4005
c95f0ba7 4006 ev->flags = __cpu_to_le32(flags);
08c79b61 4007
b644ba33
JH		 4008 if (name_len > 0)
4009 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE,
04124681 4010 name, name_len);
b644ba33
JH		 4011
4012 if (dev_class && memcmp(dev_class, "\0\0\0", 3) != 0)
53156385 4013 eir_len = eir_append_data(ev->eir, eir_len,
04124681 4014 EIR_CLASS_OF_DEV, dev_class, 3);
b644ba33 4015
eb55ef07 4016 ev->eir_len = cpu_to_le16(eir_len);
b644ba33
JH		 4017
4018 return mgmt_event(MGMT_EV_DEVICE_CONNECTED, hdev, buf,
04124681 4019 sizeof(*ev) + eir_len, NULL);
f7520543
JH		 4020}
4021
8962ee74
JH		 4022static void disconnect_rsp(struct pending_cmd *cmd, void *data)
4023{
c68fb7ff 4024 struct mgmt_cp_disconnect *cp = cmd->param;
8962ee74 4025 struct sock **sk = data;
a38528f1 4026 struct mgmt_rp_disconnect rp;
8962ee74 4027
88c3df13
JH		 4028 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
4029 rp.addr.type = cp->addr.type;
8962ee74 4030
aee9b218 4031 cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT, 0, &rp,
04124681 4032 sizeof(rp));
8962ee74
JH		 4033
4034 *sk = cmd->sk;
4035 sock_hold(*sk);
4036
a664b5bc 4037 mgmt_pending_remove(cmd);
8962ee74
JH		 4038}
4039
124f6e35 4040static void unpair_device_rsp(struct pending_cmd *cmd, void *data)
a8a1d19e 4041{
b1078ad0 4042 struct hci_dev *hdev = data;
124f6e35
JH		 4043 struct mgmt_cp_unpair_device *cp = cmd->param;
4044 struct mgmt_rp_unpair_device rp;
a8a1d19e
JH		 4045
4046 memset(&rp, 0, sizeof(rp));
124f6e35
JH		 4047 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
4048 rp.addr.type = cp->addr.type;
a8a1d19e 4049
b1078ad0
JH		 4050 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, cmd->sk);
4051
aee9b218 4052 cmd_complete(cmd->sk, cmd->index, cmd->opcode, 0, &rp, sizeof(rp));
a8a1d19e
JH		 4053
4054 mgmt_pending_remove(cmd);
4055}
4056
afc747a6 4057int mgmt_device_disconnected(struct hci_dev *hdev, bdaddr_t *bdaddr,
f0d6a0ea 4058 u8 link_type, u8 addr_type, u8 reason)
f7520543 4059{
f0d6a0ea 4060 struct mgmt_ev_device_disconnected ev;
8962ee74
JH		 4061 struct sock *sk = NULL;
4062 int err;
4063
744cf19e 4064 mgmt_pending_foreach(MGMT_OP_DISCONNECT, hdev, disconnect_rsp, &sk);
f7520543 4065
f0d6a0ea
MA		 4066 bacpy(&ev.addr.bdaddr, bdaddr);
4067 ev.addr.type = link_to_bdaddr(link_type, addr_type);
4068 ev.reason = reason;
f7520543 4069
afc747a6 4070 err = mgmt_event(MGMT_EV_DEVICE_DISCONNECTED, hdev, &ev, sizeof(ev),
04124681 4071 sk);
8962ee74
JH		 4072
4073 if (sk)
d97dcb66 4074 sock_put(sk);
8962ee74 4075
124f6e35 4076 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
04124681 4077 hdev);
a8a1d19e 4078
8962ee74
JH		 4079 return err;
4080}
4081
88c3df13 4082int mgmt_disconnect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 4083 u8 link_type, u8 addr_type, u8 status)
8962ee74 4084{
88c3df13 4085 struct mgmt_rp_disconnect rp;
8962ee74
JH		 4086 struct pending_cmd *cmd;
4087 int err;
4088
36a75f1b
JD		 4089 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
4090 hdev);
4091
2e58ef3e 4092 cmd = mgmt_pending_find(MGMT_OP_DISCONNECT, hdev);
8962ee74
JH		 4093 if (!cmd)
4094 return -ENOENT;
4095
88c3df13 4096 bacpy(&rp.addr.bdaddr, bdaddr);
57c1477c 4097 rp.addr.type = link_to_bdaddr(link_type, addr_type);
37d9ef76 4098
88c3df13 4099 err = cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT,
04124681 4100 mgmt_status(status), &rp, sizeof(rp));
8962ee74 4101
a664b5bc 4102 mgmt_pending_remove(cmd);
8962ee74
JH		 4103
4104 return err;
f7520543 4105}
17d5c04c 4106
48264f06 4107int mgmt_connect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
04124681 4108 u8 addr_type, u8 status)
17d5c04c
JH		 4109{
4110 struct mgmt_ev_connect_failed ev;
4111
4c659c39 4112 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 4113 ev.addr.type = link_to_bdaddr(link_type, addr_type);
ca69b795 4114 ev.status = mgmt_status(status);
17d5c04c 4115
744cf19e 4116 return mgmt_event(MGMT_EV_CONNECT_FAILED, hdev, &ev, sizeof(ev), NULL);
17d5c04c 4117}
980e1a53 4118
744cf19e 4119int mgmt_pin_code_request(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 secure)
980e1a53
JH		 4120{
4121 struct mgmt_ev_pin_code_request ev;
4122
d8457698 4123 bacpy(&ev.addr.bdaddr, bdaddr);
591f47f3 4124 ev.addr.type = BDADDR_BREDR;
a770bb5a 4125 ev.secure = secure;
980e1a53 4126
744cf19e 4127 return mgmt_event(MGMT_EV_PIN_CODE_REQUEST, hdev, &ev, sizeof(ev),
04124681 4128 NULL);
980e1a53
JH		 4129}
4130
744cf19e 4131int mgmt_pin_code_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 4132 u8 status)
980e1a53
JH		 4133{
4134 struct pending_cmd *cmd;
ac56fb13 4135 struct mgmt_rp_pin_code_reply rp;
980e1a53
JH		 4136 int err;
4137
2e58ef3e 4138 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_REPLY, hdev);
980e1a53
JH		 4139 if (!cmd)
4140 return -ENOENT;
4141
d8457698 4142 bacpy(&rp.addr.bdaddr, bdaddr);
591f47f3 4143 rp.addr.type = BDADDR_BREDR;
ac56fb13 4144
aee9b218 4145 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
04124681 4146 mgmt_status(status), &rp, sizeof(rp));
980e1a53 4147
a664b5bc 4148 mgmt_pending_remove(cmd);
980e1a53
JH		 4149
4150 return err;
4151}
4152
744cf19e 4153int mgmt_pin_code_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 4154 u8 status)
980e1a53
JH		 4155{
4156 struct pending_cmd *cmd;
ac56fb13 4157 struct mgmt_rp_pin_code_reply rp;
980e1a53
JH		 4158 int err;
4159
2e58ef3e 4160 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_NEG_REPLY, hdev);
980e1a53
JH		 4161 if (!cmd)
4162 return -ENOENT;
4163
d8457698 4164 bacpy(&rp.addr.bdaddr, bdaddr);
591f47f3 4165 rp.addr.type = BDADDR_BREDR;
ac56fb13 4166
aee9b218 4167 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_NEG_REPLY,
04124681 4168 mgmt_status(status), &rp, sizeof(rp));
980e1a53 4169
a664b5bc 4170 mgmt_pending_remove(cmd);
980e1a53
JH		 4171
4172 return err;
4173}
a5c29683 4174
744cf19e 4175int mgmt_user_confirm_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681
GP		 4176 u8 link_type, u8 addr_type, __le32 value,
4177 u8 confirm_hint)
a5c29683
JH		 4178{
4179 struct mgmt_ev_user_confirm_request ev;
4180
744cf19e 4181 BT_DBG("%s", hdev->name);
a5c29683 4182
272d90df 4183 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 4184 ev.addr.type = link_to_bdaddr(link_type, addr_type);
55bc1a37 4185 ev.confirm_hint = confirm_hint;
78e8098e 4186 ev.value = value;
a5c29683 4187
744cf19e 4188 return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST, hdev, &ev, sizeof(ev),
04124681 4189 NULL);
a5c29683
JH		 4190}
4191
272d90df 4192int mgmt_user_passkey_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
8ce8e2b5 4193 u8 link_type, u8 addr_type)
604086b7
BG		 4194{
4195 struct mgmt_ev_user_passkey_request ev;
4196
4197 BT_DBG("%s", hdev->name);
4198
272d90df 4199 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 4200 ev.addr.type = link_to_bdaddr(link_type, addr_type);
604086b7
BG		 4201
4202 return mgmt_event(MGMT_EV_USER_PASSKEY_REQUEST, hdev, &ev, sizeof(ev),
04124681 4203 NULL);
604086b7
BG		 4204}
4205
0df4c185 4206static int user_pairing_resp_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
8ce8e2b5
GP		 4207 u8 link_type, u8 addr_type, u8 status,
4208 u8 opcode)
a5c29683
JH		 4209{
4210 struct pending_cmd *cmd;
4211 struct mgmt_rp_user_confirm_reply rp;
4212 int err;
4213
2e58ef3e 4214 cmd = mgmt_pending_find(opcode, hdev);
a5c29683
JH		 4215 if (!cmd)
4216 return -ENOENT;
4217
272d90df 4218 bacpy(&rp.addr.bdaddr, bdaddr);
57c1477c 4219 rp.addr.type = link_to_bdaddr(link_type, addr_type);
aee9b218 4220 err = cmd_complete(cmd->sk, hdev->id, opcode, mgmt_status(status),
04124681 4221 &rp, sizeof(rp));
a5c29683 4222
a664b5bc 4223 mgmt_pending_remove(cmd);
a5c29683
JH		 4224
4225 return err;
4226}
4227
744cf19e 4228int mgmt_user_confirm_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 4229 u8 link_type, u8 addr_type, u8 status)
a5c29683 4230{
272d90df 4231 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
04124681 4232 status, MGMT_OP_USER_CONFIRM_REPLY);
a5c29683
JH		 4233}
4234
272d90df 4235int mgmt_user_confirm_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 4236 u8 link_type, u8 addr_type, u8 status)
a5c29683 4237{
272d90df 4238 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
8fc9ced3
GP		 4239 status,
4240 MGMT_OP_USER_CONFIRM_NEG_REPLY);
a5c29683 4241}
2a611692 4242
604086b7 4243int mgmt_user_passkey_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 4244 u8 link_type, u8 addr_type, u8 status)
604086b7 4245{
272d90df 4246 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
04124681 4247 status, MGMT_OP_USER_PASSKEY_REPLY);
604086b7
BG		 4248}
4249
272d90df 4250int mgmt_user_passkey_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 4251 u8 link_type, u8 addr_type, u8 status)
604086b7 4252{
272d90df 4253 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
8fc9ced3
GP		 4254 status,
4255 MGMT_OP_USER_PASSKEY_NEG_REPLY);
604086b7
BG		 4256}
4257
92a25256
JH		 4258int mgmt_user_passkey_notify(struct hci_dev *hdev, bdaddr_t *bdaddr,
4259 u8 link_type, u8 addr_type, u32 passkey,
4260 u8 entered)
4261{
4262 struct mgmt_ev_passkey_notify ev;
4263
4264 BT_DBG("%s", hdev->name);
4265
4266 bacpy(&ev.addr.bdaddr, bdaddr);
4267 ev.addr.type = link_to_bdaddr(link_type, addr_type);
4268 ev.passkey = __cpu_to_le32(passkey);
4269 ev.entered = entered;
4270
4271 return mgmt_event(MGMT_EV_PASSKEY_NOTIFY, hdev, &ev, sizeof(ev), NULL);
4272}
4273
bab73cb6 4274int mgmt_auth_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
04124681 4275 u8 addr_type, u8 status)
2a611692
JH		 4276{
4277 struct mgmt_ev_auth_failed ev;
4278
bab73cb6 4279 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 4280 ev.addr.type = link_to_bdaddr(link_type, addr_type);
ca69b795 4281 ev.status = mgmt_status(status);
2a611692 4282
744cf19e 4283 return mgmt_event(MGMT_EV_AUTH_FAILED, hdev, &ev, sizeof(ev), NULL);
2a611692 4284}
b312b161 4285
33ef95ed
JH		 4286int mgmt_auth_enable_complete(struct hci_dev *hdev, u8 status)
4287{
4288 struct cmd_lookup match = { NULL, hdev };
47990ea0
JH		 4289 bool changed = false;
4290 int err = 0;
33ef95ed
JH		 4291
4292 if (status) {
4293 u8 mgmt_err = mgmt_status(status);
4294 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev,
04124681 4295 cmd_status_rsp, &mgmt_err);
33ef95ed
JH		 4296 return 0;
4297 }
4298
47990ea0
JH		 4299 if (test_bit(HCI_AUTH, &hdev->flags)) {
4300 if (!test_and_set_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
4301 changed = true;
4302 } else {
4303 if (test_and_clear_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
4304 changed = true;
4305 }
4306
33ef95ed 4307 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev, settings_rsp,
04124681 4308 &match);
33ef95ed 4309
47990ea0
JH		 4310 if (changed)
4311 err = new_settings(hdev, match.sk);
33ef95ed
JH		 4312
4313 if (match.sk)
4314 sock_put(match.sk);
4315
4316 return err;
4317}
4318
890ea898 4319static void clear_eir(struct hci_request *req)
cacaf52f 4320{
890ea898 4321 struct hci_dev *hdev = req->hdev;
cacaf52f
JH		 4322 struct hci_cp_write_eir cp;
4323
976eb20e 4324 if (!lmp_ext_inq_capable(hdev))
890ea898 4325 return;
cacaf52f 4326
c80da27e
JH		 4327 memset(hdev->eir, 0, sizeof(hdev->eir));
4328
cacaf52f
JH		 4329 memset(&cp, 0, sizeof(cp));
4330
890ea898 4331 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
cacaf52f
JH		 4332}
4333
c0ecddc2 4334int mgmt_ssp_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
ed2c4ee3
JH		 4335{
4336 struct cmd_lookup match = { NULL, hdev };
890ea898 4337 struct hci_request req;
c0ecddc2
JH		 4338 bool changed = false;
4339 int err = 0;
ed2c4ee3
JH		 4340
4341 if (status) {
4342 u8 mgmt_err = mgmt_status(status);
c0ecddc2
JH		 4343
4344 if (enable && test_and_clear_bit(HCI_SSP_ENABLED,
04124681 4345 &hdev->dev_flags))
c0ecddc2
JH		 4346 err = new_settings(hdev, NULL);
4347
04124681
GP		 4348 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, cmd_status_rsp,
4349 &mgmt_err);
c0ecddc2
JH		 4350
4351 return err;
4352 }
4353
4354 if (enable) {
4355 if (!test_and_set_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
4356 changed = true;
4357 } else {
4358 if (test_and_clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
4359 changed = true;
ed2c4ee3
JH		 4360 }
4361
4362 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, settings_rsp, &match);
4363
c0ecddc2
JH		 4364 if (changed)
4365 err = new_settings(hdev, match.sk);
ed2c4ee3 4366
5fc6ebb1 4367 if (match.sk)
ed2c4ee3
JH		 4368 sock_put(match.sk);
4369
890ea898
JH		 4370 hci_req_init(&req, hdev);
4371
5fc6ebb1 4372 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
890ea898 4373 update_eir(&req);
5fc6ebb1 4374 else
890ea898
JH		 4375 clear_eir(&req);
4376
4377 hci_req_run(&req, NULL);
cacaf52f 4378
ed2c4ee3
JH		 4379 return err;
4380}
4381
92da6097 4382static void sk_lookup(struct pending_cmd *cmd, void *data)
90e70454
JH		 4383{
4384 struct cmd_lookup *match = data;
4385
90e70454
JH		 4386 if (match->sk == NULL) {
4387 match->sk = cmd->sk;
4388 sock_hold(match->sk);
4389 }
90e70454
JH		 4390}
4391
7f9a903c 4392int mgmt_set_class_of_dev_complete(struct hci_dev *hdev, u8 *dev_class,
04124681 4393 u8 status)
7f9a903c 4394{
90e70454
JH		 4395 struct cmd_lookup match = { NULL, hdev, mgmt_status(status) };
4396 int err = 0;
7f9a903c 4397
92da6097
JH		 4398 mgmt_pending_foreach(MGMT_OP_SET_DEV_CLASS, hdev, sk_lookup, &match);
4399 mgmt_pending_foreach(MGMT_OP_ADD_UUID, hdev, sk_lookup, &match);
4400 mgmt_pending_foreach(MGMT_OP_REMOVE_UUID, hdev, sk_lookup, &match);
90e70454
JH		 4401
4402 if (!status)
04124681
GP		 4403 err = mgmt_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev, dev_class,
4404 3, NULL);
90e70454
JH		 4405
4406 if (match.sk)
4407 sock_put(match.sk);
7f9a903c
MH		 4408
4409 return err;
4410}
4411
744cf19e 4412int mgmt_set_local_name_complete(struct hci_dev *hdev, u8 *name, u8 status)
b312b161 4413{
b312b161 4414 struct mgmt_cp_set_local_name ev;
13928971 4415 struct pending_cmd *cmd;
28cc7bde 4416
13928971
JH		 4417 if (status)
4418 return 0;
b312b161
JH		 4419
4420 memset(&ev, 0, sizeof(ev));
4421 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH);
28cc7bde 4422 memcpy(ev.short_name, hdev->short_name, HCI_MAX_SHORT_NAME_LENGTH);
b312b161 4423
2e58ef3e 4424 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
13928971
JH		 4425 if (!cmd) {
4426 memcpy(hdev->dev_name, name, sizeof(hdev->dev_name));
28cc7bde 4427
13928971
JH		 4428 /* If this is a HCI command related to powering on the
4429 * HCI dev don't send any mgmt signals.
4430 */
4431 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev))
4432 return 0;
890ea898 4433 }
b312b161 4434
13928971
JH		 4435 return mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, &ev, sizeof(ev),
4436 cmd ? cmd->sk : NULL);
b312b161 4437}
c35938b2 4438
744cf19e 4439int mgmt_read_local_oob_data_reply_complete(struct hci_dev *hdev, u8 *hash,
04124681 4440 u8 *randomizer, u8 status)
c35938b2
SJ		 4441{
4442 struct pending_cmd *cmd;
4443 int err;
4444
744cf19e 4445 BT_DBG("%s status %u", hdev->name, status);
c35938b2 4446
2e58ef3e 4447 cmd = mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev);
c35938b2
SJ		 4448 if (!cmd)
4449 return -ENOENT;
4450
4451 if (status) {
04124681
GP		 4452 err = cmd_status(cmd->sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
4453 mgmt_status(status));
c35938b2
SJ		 4454 } else {
4455 struct mgmt_rp_read_local_oob_data rp;
4456
4457 memcpy(rp.hash, hash, sizeof(rp.hash));
4458 memcpy(rp.randomizer, randomizer, sizeof(rp.randomizer));
4459
744cf19e 4460 err = cmd_complete(cmd->sk, hdev->id,
04124681
GP		 4461 MGMT_OP_READ_LOCAL_OOB_DATA, 0, &rp,
4462 sizeof(rp));
c35938b2
SJ		 4463 }
4464
4465 mgmt_pending_remove(cmd);
4466
4467 return err;
4468}
e17acd40 4469
48264f06 4470int mgmt_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
04124681
GP		 4471 u8 addr_type, u8 *dev_class, s8 rssi, u8 cfm_name, u8
4472 ssp, u8 *eir, u16 eir_len)
e17acd40 4473{
e319d2e7
JH		 4474 char buf[512];
4475 struct mgmt_ev_device_found *ev = (void *) buf;
1dc06093 4476 size_t ev_size;
e17acd40 4477
12602d0c
AG		 4478 if (!hci_discovery_active(hdev))
4479 return -EPERM;
4480
1dc06093
JH		 4481 /* Leave 5 bytes for a potential CoD field */
4482 if (sizeof(*ev) + eir_len + 5 > sizeof(buf))
7d262f86
AG		 4483 return -EINVAL;
4484
1dc06093
JH		 4485 memset(buf, 0, sizeof(buf));
4486
e319d2e7 4487 bacpy(&ev->addr.bdaddr, bdaddr);
57c1477c 4488 ev->addr.type = link_to_bdaddr(link_type, addr_type);
e319d2e7 4489 ev->rssi = rssi;
9a395a80 4490 if (cfm_name)
612dfce9 4491 ev->flags |= __constant_cpu_to_le32(MGMT_DEV_FOUND_CONFIRM_NAME);
388fc8fa 4492 if (!ssp)
612dfce9 4493 ev->flags |= __constant_cpu_to_le32(MGMT_DEV_FOUND_LEGACY_PAIRING);
e17acd40 4494
1dc06093 4495 if (eir_len > 0)
e319d2e7 4496 memcpy(ev->eir, eir, eir_len);
e17acd40 4497
1dc06093
JH		 4498 if (dev_class && !eir_has_data_type(ev->eir, eir_len, EIR_CLASS_OF_DEV))
4499 eir_len = eir_append_data(ev->eir, eir_len, EIR_CLASS_OF_DEV,
04124681 4500 dev_class, 3);
1dc06093 4501
eb55ef07 4502 ev->eir_len = cpu_to_le16(eir_len);
1dc06093 4503 ev_size = sizeof(*ev) + eir_len;
f8523598 4504
e319d2e7 4505 return mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, ev_size, NULL);
e17acd40 4506}
a88a9652 4507
b644ba33 4508int mgmt_remote_name(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
04124681 4509 u8 addr_type, s8 rssi, u8 *name, u8 name_len)
a88a9652 4510{
b644ba33
JH		 4511 struct mgmt_ev_device_found *ev;
4512 char buf[sizeof(*ev) + HCI_MAX_NAME_LENGTH + 2];
4513 u16 eir_len;
a88a9652 4514
b644ba33 4515 ev = (struct mgmt_ev_device_found *) buf;
a88a9652 4516
b644ba33
JH		 4517 memset(buf, 0, sizeof(buf));
4518
4519 bacpy(&ev->addr.bdaddr, bdaddr);
57c1477c 4520 ev->addr.type = link_to_bdaddr(link_type, addr_type);
b644ba33
JH		 4521 ev->rssi = rssi;
4522
4523 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE, name,
04124681 4524 name_len);
b644ba33 4525
eb55ef07 4526 ev->eir_len = cpu_to_le16(eir_len);
a88a9652 4527
053c7e0c 4528 return mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev,
04124681 4529 sizeof(*ev) + eir_len, NULL);
a88a9652 4530}
314b2381 4531
744cf19e 4532int mgmt_discovering(struct hci_dev *hdev, u8 discovering)
314b2381 4533{
f963e8e9 4534 struct mgmt_ev_discovering ev;
164a6e78
JH		 4535 struct pending_cmd *cmd;
4536
343fb145
AG		 4537 BT_DBG("%s discovering %u", hdev->name, discovering);
4538
164a6e78 4539 if (discovering)
2e58ef3e 4540 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
164a6e78 4541 else
2e58ef3e 4542 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
164a6e78
JH		 4543
4544 if (cmd != NULL) {
f808e166
JH		 4545 u8 type = hdev->discovery.type;
4546
04124681
GP		 4547 cmd_complete(cmd->sk, hdev->id, cmd->opcode, 0, &type,
4548 sizeof(type));
164a6e78
JH		 4549 mgmt_pending_remove(cmd);
4550 }
4551
f963e8e9
JH		 4552 memset(&ev, 0, sizeof(ev));
4553 ev.type = hdev->discovery.type;
4554 ev.discovering = discovering;
4555
4556 return mgmt_event(MGMT_EV_DISCOVERING, hdev, &ev, sizeof(ev), NULL);
314b2381 4557}
5e762444 4558
88c1fe4b 4559int mgmt_device_blocked(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
5e762444
AJ		 4560{
4561 struct pending_cmd *cmd;
4562 struct mgmt_ev_device_blocked ev;
4563
2e58ef3e 4564 cmd = mgmt_pending_find(MGMT_OP_BLOCK_DEVICE, hdev);
5e762444 4565
88c1fe4b
JH		 4566 bacpy(&ev.addr.bdaddr, bdaddr);
4567 ev.addr.type = type;
5e762444 4568
744cf19e 4569 return mgmt_event(MGMT_EV_DEVICE_BLOCKED, hdev, &ev, sizeof(ev),
04124681 4570 cmd ? cmd->sk : NULL);
5e762444
AJ		 4571}
4572
88c1fe4b 4573int mgmt_device_unblocked(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
5e762444
AJ		 4574{
4575 struct pending_cmd *cmd;
4576 struct mgmt_ev_device_unblocked ev;
4577
2e58ef3e 4578 cmd = mgmt_pending_find(MGMT_OP_UNBLOCK_DEVICE, hdev);
5e762444 4579
88c1fe4b
JH		 4580 bacpy(&ev.addr.bdaddr, bdaddr);
4581 ev.addr.type = type;
5e762444 4582
744cf19e 4583 return mgmt_event(MGMT_EV_DEVICE_UNBLOCKED, hdev, &ev, sizeof(ev),
04124681 4584 cmd ? cmd->sk : NULL);
5e762444 4585}
ubuntu-zesty-kernel mirror