]> git.proxmox.com Git - mirror_ubuntu-zesty-kernel.git/blame - net/bluetooth/mgmt.c
projects / mirror_ubuntu-zesty-kernel.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Bluetooth: Remove check for valid LTK authenticated parameter
[mirror_ubuntu-zesty-kernel.git] / net / bluetooth / mgmt.c
CommitLineData
0381101f
JH		 1/*
2 BlueZ - Bluetooth protocol stack for Linux
ea585ab5 3
0381101f 4 Copyright (C) 2010 Nokia Corporation
ea585ab5 5 Copyright (C) 2011-2012 Intel Corporation
0381101f
JH		 6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
10
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
23*/
24
25/* Bluetooth HCI Management interface */
26
3a9a231d 27#include <linux/module.h>
0381101f
JH		 28#include <asm/unaligned.h>
29
30#include <net/bluetooth/bluetooth.h>
31#include <net/bluetooth/hci_core.h>
32#include <net/bluetooth/mgmt.h>
ac4b7236
MH		 33
34#include "smp.h"
0381101f 35
2da9c55c 36#define MGMT_VERSION 1
40456644 37#define MGMT_REVISION 5
02d98129 38
e70bb2e8
JH		 39static const u16 mgmt_commands[] = {
40 MGMT_OP_READ_INDEX_LIST,
41 MGMT_OP_READ_INFO,
42 MGMT_OP_SET_POWERED,
43 MGMT_OP_SET_DISCOVERABLE,
44 MGMT_OP_SET_CONNECTABLE,
45 MGMT_OP_SET_FAST_CONNECTABLE,
46 MGMT_OP_SET_PAIRABLE,
47 MGMT_OP_SET_LINK_SECURITY,
48 MGMT_OP_SET_SSP,
49 MGMT_OP_SET_HS,
50 MGMT_OP_SET_LE,
51 MGMT_OP_SET_DEV_CLASS,
52 MGMT_OP_SET_LOCAL_NAME,
53 MGMT_OP_ADD_UUID,
54 MGMT_OP_REMOVE_UUID,
55 MGMT_OP_LOAD_LINK_KEYS,
56 MGMT_OP_LOAD_LONG_TERM_KEYS,
57 MGMT_OP_DISCONNECT,
58 MGMT_OP_GET_CONNECTIONS,
59 MGMT_OP_PIN_CODE_REPLY,
60 MGMT_OP_PIN_CODE_NEG_REPLY,
61 MGMT_OP_SET_IO_CAPABILITY,
62 MGMT_OP_PAIR_DEVICE,
63 MGMT_OP_CANCEL_PAIR_DEVICE,
64 MGMT_OP_UNPAIR_DEVICE,
65 MGMT_OP_USER_CONFIRM_REPLY,
66 MGMT_OP_USER_CONFIRM_NEG_REPLY,
67 MGMT_OP_USER_PASSKEY_REPLY,
68 MGMT_OP_USER_PASSKEY_NEG_REPLY,
69 MGMT_OP_READ_LOCAL_OOB_DATA,
70 MGMT_OP_ADD_REMOTE_OOB_DATA,
71 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
72 MGMT_OP_START_DISCOVERY,
73 MGMT_OP_STOP_DISCOVERY,
74 MGMT_OP_CONFIRM_NAME,
75 MGMT_OP_BLOCK_DEVICE,
76 MGMT_OP_UNBLOCK_DEVICE,
cdbaccca 77 MGMT_OP_SET_DEVICE_ID,
4375f103 78 MGMT_OP_SET_ADVERTISING,
0663ca2a 79 MGMT_OP_SET_BREDR,
d13eafce 80 MGMT_OP_SET_STATIC_ADDRESS,
7f72134e 81 MGMT_OP_SET_SCAN_PARAMS,
e98d2ce2 82 MGMT_OP_SET_SECURE_CONN,
4e39ac81 83 MGMT_OP_SET_DEBUG_KEYS,
e70bb2e8
JH		 84};
85
86static const u16 mgmt_events[] = {
87 MGMT_EV_CONTROLLER_ERROR,
88 MGMT_EV_INDEX_ADDED,
89 MGMT_EV_INDEX_REMOVED,
90 MGMT_EV_NEW_SETTINGS,
91 MGMT_EV_CLASS_OF_DEV_CHANGED,
92 MGMT_EV_LOCAL_NAME_CHANGED,
93 MGMT_EV_NEW_LINK_KEY,
94 MGMT_EV_NEW_LONG_TERM_KEY,
95 MGMT_EV_DEVICE_CONNECTED,
96 MGMT_EV_DEVICE_DISCONNECTED,
97 MGMT_EV_CONNECT_FAILED,
98 MGMT_EV_PIN_CODE_REQUEST,
99 MGMT_EV_USER_CONFIRM_REQUEST,
100 MGMT_EV_USER_PASSKEY_REQUEST,
101 MGMT_EV_AUTH_FAILED,
102 MGMT_EV_DEVICE_FOUND,
103 MGMT_EV_DISCOVERING,
104 MGMT_EV_DEVICE_BLOCKED,
105 MGMT_EV_DEVICE_UNBLOCKED,
106 MGMT_EV_DEVICE_UNPAIRED,
92a25256 107 MGMT_EV_PASSKEY_NOTIFY,
e70bb2e8
JH		 108};
109
17b02e62 110#define CACHE_TIMEOUT msecs_to_jiffies(2 * 1000)
7d78525d 111
4b34ee78
JH		 112#define hdev_is_powered(hdev) (test_bit(HCI_UP, &hdev->flags) && \
113 !test_bit(HCI_AUTO_OFF, &hdev->dev_flags))
114
eec8d2bc
JH		 115struct pending_cmd {
116 struct list_head list;
fc2f4b13 117 u16 opcode;
eec8d2bc 118 int index;
c68fb7ff 119 void *param;
eec8d2bc 120 struct sock *sk;
e9a416b5 121 void *user_data;
eec8d2bc
JH		 122};
123
ca69b795
JH		 124/* HCI to MGMT error code conversion table */
125static u8 mgmt_status_table[] = {
126 MGMT_STATUS_SUCCESS,
127 MGMT_STATUS_UNKNOWN_COMMAND, /* Unknown Command */
128 MGMT_STATUS_NOT_CONNECTED, /* No Connection */
129 MGMT_STATUS_FAILED, /* Hardware Failure */
130 MGMT_STATUS_CONNECT_FAILED, /* Page Timeout */
131 MGMT_STATUS_AUTH_FAILED, /* Authentication Failed */
eadd663a 132 MGMT_STATUS_AUTH_FAILED, /* PIN or Key Missing */
ca69b795
JH		 133 MGMT_STATUS_NO_RESOURCES, /* Memory Full */
134 MGMT_STATUS_TIMEOUT, /* Connection Timeout */
135 MGMT_STATUS_NO_RESOURCES, /* Max Number of Connections */
136 MGMT_STATUS_NO_RESOURCES, /* Max Number of SCO Connections */
137 MGMT_STATUS_ALREADY_CONNECTED, /* ACL Connection Exists */
138 MGMT_STATUS_BUSY, /* Command Disallowed */
139 MGMT_STATUS_NO_RESOURCES, /* Rejected Limited Resources */
140 MGMT_STATUS_REJECTED, /* Rejected Security */
141 MGMT_STATUS_REJECTED, /* Rejected Personal */
142 MGMT_STATUS_TIMEOUT, /* Host Timeout */
143 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Feature */
144 MGMT_STATUS_INVALID_PARAMS, /* Invalid Parameters */
145 MGMT_STATUS_DISCONNECTED, /* OE User Ended Connection */
146 MGMT_STATUS_NO_RESOURCES, /* OE Low Resources */
147 MGMT_STATUS_DISCONNECTED, /* OE Power Off */
148 MGMT_STATUS_DISCONNECTED, /* Connection Terminated */
149 MGMT_STATUS_BUSY, /* Repeated Attempts */
150 MGMT_STATUS_REJECTED, /* Pairing Not Allowed */
151 MGMT_STATUS_FAILED, /* Unknown LMP PDU */
152 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Remote Feature */
153 MGMT_STATUS_REJECTED, /* SCO Offset Rejected */
154 MGMT_STATUS_REJECTED, /* SCO Interval Rejected */
155 MGMT_STATUS_REJECTED, /* Air Mode Rejected */
156 MGMT_STATUS_INVALID_PARAMS, /* Invalid LMP Parameters */
157 MGMT_STATUS_FAILED, /* Unspecified Error */
158 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported LMP Parameter Value */
159 MGMT_STATUS_FAILED, /* Role Change Not Allowed */
160 MGMT_STATUS_TIMEOUT, /* LMP Response Timeout */
161 MGMT_STATUS_FAILED, /* LMP Error Transaction Collision */
162 MGMT_STATUS_FAILED, /* LMP PDU Not Allowed */
163 MGMT_STATUS_REJECTED, /* Encryption Mode Not Accepted */
164 MGMT_STATUS_FAILED, /* Unit Link Key Used */
165 MGMT_STATUS_NOT_SUPPORTED, /* QoS Not Supported */
166 MGMT_STATUS_TIMEOUT, /* Instant Passed */
167 MGMT_STATUS_NOT_SUPPORTED, /* Pairing Not Supported */
168 MGMT_STATUS_FAILED, /* Transaction Collision */
169 MGMT_STATUS_INVALID_PARAMS, /* Unacceptable Parameter */
170 MGMT_STATUS_REJECTED, /* QoS Rejected */
171 MGMT_STATUS_NOT_SUPPORTED, /* Classification Not Supported */
172 MGMT_STATUS_REJECTED, /* Insufficient Security */
173 MGMT_STATUS_INVALID_PARAMS, /* Parameter Out Of Range */
174 MGMT_STATUS_BUSY, /* Role Switch Pending */
175 MGMT_STATUS_FAILED, /* Slot Violation */
176 MGMT_STATUS_FAILED, /* Role Switch Failed */
177 MGMT_STATUS_INVALID_PARAMS, /* EIR Too Large */
178 MGMT_STATUS_NOT_SUPPORTED, /* Simple Pairing Not Supported */
179 MGMT_STATUS_BUSY, /* Host Busy Pairing */
180 MGMT_STATUS_REJECTED, /* Rejected, No Suitable Channel */
181 MGMT_STATUS_BUSY, /* Controller Busy */
182 MGMT_STATUS_INVALID_PARAMS, /* Unsuitable Connection Interval */
183 MGMT_STATUS_TIMEOUT, /* Directed Advertising Timeout */
184 MGMT_STATUS_AUTH_FAILED, /* Terminated Due to MIC Failure */
185 MGMT_STATUS_CONNECT_FAILED, /* Connection Establishment Failed */
186 MGMT_STATUS_CONNECT_FAILED, /* MAC Connection Failed */
187};
188
189static u8 mgmt_status(u8 hci_status)
190{
191 if (hci_status < ARRAY_SIZE(mgmt_status_table))
192 return mgmt_status_table[hci_status];
193
194 return MGMT_STATUS_FAILED;
195}
196
4e51eae9 197static int cmd_status(struct sock *sk, u16 index, u16 cmd, u8 status)
f7b64e69
JH		 198{
199 struct sk_buff *skb;
200 struct mgmt_hdr *hdr;
201 struct mgmt_ev_cmd_status *ev;
56b7d137 202 int err;
f7b64e69 203
34eb525c 204 BT_DBG("sock %p, index %u, cmd %u, status %u", sk, index, cmd, status);
f7b64e69 205
790eff44 206 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev), GFP_KERNEL);
f7b64e69
JH		 207 if (!skb)
208 return -ENOMEM;
209
210 hdr = (void *) skb_put(skb, sizeof(*hdr));
211
612dfce9 212 hdr->opcode = __constant_cpu_to_le16(MGMT_EV_CMD_STATUS);
4e51eae9 213 hdr->index = cpu_to_le16(index);
f7b64e69
JH		 214 hdr->len = cpu_to_le16(sizeof(*ev));
215
216 ev = (void *) skb_put(skb, sizeof(*ev));
217 ev->status = status;
eb55ef07 218 ev->opcode = cpu_to_le16(cmd);
f7b64e69 219
56b7d137
GP		 220 err = sock_queue_rcv_skb(sk, skb);
221 if (err < 0)
f7b64e69
JH		 222 kfree_skb(skb);
223
56b7d137 224 return err;
f7b64e69
JH		 225}
226
aee9b218 227static int cmd_complete(struct sock *sk, u16 index, u16 cmd, u8 status,
04124681 228 void *rp, size_t rp_len)
02d98129
JH		 229{
230 struct sk_buff *skb;
231 struct mgmt_hdr *hdr;
232 struct mgmt_ev_cmd_complete *ev;
56b7d137 233 int err;
02d98129
JH		 234
235 BT_DBG("sock %p", sk);
236
790eff44 237 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev) + rp_len, GFP_KERNEL);
02d98129
JH		 238 if (!skb)
239 return -ENOMEM;
240
241 hdr = (void *) skb_put(skb, sizeof(*hdr));
02d98129 242
612dfce9 243 hdr->opcode = __constant_cpu_to_le16(MGMT_EV_CMD_COMPLETE);
4e51eae9 244 hdr->index = cpu_to_le16(index);
a38528f1 245 hdr->len = cpu_to_le16(sizeof(*ev) + rp_len);
02d98129 246
a38528f1 247 ev = (void *) skb_put(skb, sizeof(*ev) + rp_len);
eb55ef07 248 ev->opcode = cpu_to_le16(cmd);
aee9b218 249 ev->status = status;
8020c16a
SJ		 250
251 if (rp)
252 memcpy(ev->data, rp, rp_len);
02d98129 253
56b7d137
GP		 254 err = sock_queue_rcv_skb(sk, skb);
255 if (err < 0)
02d98129
JH		 256 kfree_skb(skb);
257
e5f0e151 258 return err;
02d98129
JH		 259}
260
04124681
GP		 261static int read_version(struct sock *sk, struct hci_dev *hdev, void *data,
262 u16 data_len)
a38528f1
JH		 263{
264 struct mgmt_rp_read_version rp;
265
266 BT_DBG("sock %p", sk);
267
268 rp.version = MGMT_VERSION;
eb55ef07 269 rp.revision = __constant_cpu_to_le16(MGMT_REVISION);
a38528f1 270
aee9b218 271 return cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_VERSION, 0, &rp,
04124681 272 sizeof(rp));
a38528f1
JH		 273}
274
04124681
GP		 275static int read_commands(struct sock *sk, struct hci_dev *hdev, void *data,
276 u16 data_len)
e70bb2e8
JH		 277{
278 struct mgmt_rp_read_commands *rp;
eb55ef07
MH		 279 const u16 num_commands = ARRAY_SIZE(mgmt_commands);
280 const u16 num_events = ARRAY_SIZE(mgmt_events);
2e3c35ea 281 __le16 *opcode;
e70bb2e8
JH		 282 size_t rp_size;
283 int i, err;
284
285 BT_DBG("sock %p", sk);
286
287 rp_size = sizeof(*rp) + ((num_commands + num_events) * sizeof(u16));
288
289 rp = kmalloc(rp_size, GFP_KERNEL);
290 if (!rp)
291 return -ENOMEM;
292
eb55ef07
MH		 293 rp->num_commands = __constant_cpu_to_le16(num_commands);
294 rp->num_events = __constant_cpu_to_le16(num_events);
e70bb2e8
JH		 295
296 for (i = 0, opcode = rp->opcodes; i < num_commands; i++, opcode++)
297 put_unaligned_le16(mgmt_commands[i], opcode);
298
299 for (i = 0; i < num_events; i++, opcode++)
300 put_unaligned_le16(mgmt_events[i], opcode);
301
aee9b218 302 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_COMMANDS, 0, rp,
04124681 303 rp_size);
e70bb2e8
JH		 304 kfree(rp);
305
306 return err;
307}
308
04124681
GP		 309static int read_index_list(struct sock *sk, struct hci_dev *hdev, void *data,
310 u16 data_len)
faba42eb 311{
faba42eb 312 struct mgmt_rp_read_index_list *rp;
8035ded4 313 struct hci_dev *d;
a38528f1 314 size_t rp_len;
faba42eb 315 u16 count;
476e44cb 316 int err;
faba42eb
JH		 317
318 BT_DBG("sock %p", sk);
319
320 read_lock(&hci_dev_list_lock);
321
322 count = 0;
bb4b2a9a 323 list_for_each_entry(d, &hci_dev_list, list) {
1514b892
MH		 324 if (d->dev_type == HCI_BREDR)
325 count++;
faba42eb
JH		 326 }
327
a38528f1
JH		 328 rp_len = sizeof(*rp) + (2 * count);
329 rp = kmalloc(rp_len, GFP_ATOMIC);
330 if (!rp) {
b2c60d42 331 read_unlock(&hci_dev_list_lock);
faba42eb 332 return -ENOMEM;
b2c60d42 333 }
faba42eb 334
476e44cb 335 count = 0;
8035ded4 336 list_for_each_entry(d, &hci_dev_list, list) {
a8b2d5c2 337 if (test_bit(HCI_SETUP, &d->dev_flags))
ab81cbf9
JH		 338 continue;
339
0736cfa8
MH		 340 if (test_bit(HCI_USER_CHANNEL, &d->dev_flags))
341 continue;
342
1514b892
MH		 343 if (d->dev_type == HCI_BREDR) {
344 rp->index[count++] = cpu_to_le16(d->id);
345 BT_DBG("Added hci%u", d->id);
346 }
faba42eb
JH		 347 }
348
476e44cb
JH		 349 rp->num_controllers = cpu_to_le16(count);
350 rp_len = sizeof(*rp) + (2 * count);
351
faba42eb
JH		 352 read_unlock(&hci_dev_list_lock);
353
aee9b218 354 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_INDEX_LIST, 0, rp,
04124681 355 rp_len);
faba42eb 356
a38528f1
JH		 357 kfree(rp);
358
359 return err;
faba42eb
JH		 360}
361
69ab39ea
JH		 362static u32 get_supported_settings(struct hci_dev *hdev)
363{
364 u32 settings = 0;
365
366 settings |= MGMT_SETTING_POWERED;
69ab39ea 367 settings |= MGMT_SETTING_PAIRABLE;
b1de97d8 368 settings |= MGMT_SETTING_DEBUG_KEYS;
69ab39ea 369
ed3fa31f 370 if (lmp_bredr_capable(hdev)) {
33c525c0 371 settings |= MGMT_SETTING_CONNECTABLE;
1a47aee8
JH		 372 if (hdev->hci_ver >= BLUETOOTH_VER_1_2)
373 settings |= MGMT_SETTING_FAST_CONNECTABLE;
33c525c0 374 settings |= MGMT_SETTING_DISCOVERABLE;
69ab39ea
JH		 375 settings |= MGMT_SETTING_BREDR;
376 settings |= MGMT_SETTING_LINK_SECURITY;
a82974c9
MH		 377
378 if (lmp_ssp_capable(hdev)) {
379 settings |= MGMT_SETTING_SSP;
380 settings |= MGMT_SETTING_HS;
381 }
e98d2ce2 382
5afeac14
MH		 383 if (lmp_sc_capable(hdev) ||
384 test_bit(HCI_FORCE_SC, &hdev->dev_flags))
e98d2ce2 385 settings |= MGMT_SETTING_SECURE_CONN;
848566b3 386 }
d7b7e796 387
eeca6f89 388 if (lmp_le_capable(hdev)) {
9d42820f 389 settings |= MGMT_SETTING_LE;
eeca6f89
JH		 390 settings |= MGMT_SETTING_ADVERTISING;
391 }
69ab39ea
JH		 392
393 return settings;
394}
395
396static u32 get_current_settings(struct hci_dev *hdev)
397{
398 u32 settings = 0;
399
f1f0eb02 400 if (hdev_is_powered(hdev))
f0d4b78a
MH		 401 settings |= MGMT_SETTING_POWERED;
402
5e5282bb 403 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
69ab39ea
JH		 404 settings |= MGMT_SETTING_CONNECTABLE;
405
1a4d3c4b
JH		 406 if (test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags))
407 settings |= MGMT_SETTING_FAST_CONNECTABLE;
408
5e5282bb 409 if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
69ab39ea
JH		 410 settings |= MGMT_SETTING_DISCOVERABLE;
411
a8b2d5c2 412 if (test_bit(HCI_PAIRABLE, &hdev->dev_flags))
69ab39ea
JH		 413 settings |= MGMT_SETTING_PAIRABLE;
414
56f87901 415 if (test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
69ab39ea
JH		 416 settings |= MGMT_SETTING_BREDR;
417
06199cf8 418 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
69ab39ea
JH		 419 settings |= MGMT_SETTING_LE;
420
47990ea0 421 if (test_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
69ab39ea
JH		 422 settings |= MGMT_SETTING_LINK_SECURITY;
423
84bde9d6 424 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
69ab39ea
JH		 425 settings |= MGMT_SETTING_SSP;
426
6d80dfd0
JH		 427 if (test_bit(HCI_HS_ENABLED, &hdev->dev_flags))
428 settings |= MGMT_SETTING_HS;
429
f3d3444a 430 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags))
eeca6f89
JH		 431 settings |= MGMT_SETTING_ADVERTISING;
432
e98d2ce2
MH		 433 if (test_bit(HCI_SC_ENABLED, &hdev->dev_flags))
434 settings |= MGMT_SETTING_SECURE_CONN;
435
b1de97d8
MH		 436 if (test_bit(HCI_DEBUG_KEYS, &hdev->dev_flags))
437 settings |= MGMT_SETTING_DEBUG_KEYS;
438
69ab39ea
JH		 439 return settings;
440}
441
ef580372
JH		 442#define PNP_INFO_SVCLASS_ID 0x1200
443
213202ed
JH		 444static u8 *create_uuid16_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
445{
446 u8 *ptr = data, *uuids_start = NULL;
447 struct bt_uuid *uuid;
448
449 if (len < 4)
450 return ptr;
451
452 list_for_each_entry(uuid, &hdev->uuids, list) {
453 u16 uuid16;
454
455 if (uuid->size != 16)
456 continue;
457
458 uuid16 = get_unaligned_le16(&uuid->uuid[12]);
459 if (uuid16 < 0x1100)
460 continue;
461
462 if (uuid16 == PNP_INFO_SVCLASS_ID)
463 continue;
464
465 if (!uuids_start) {
466 uuids_start = ptr;
467 uuids_start[0] = 1;
468 uuids_start[1] = EIR_UUID16_ALL;
469 ptr += 2;
470 }
471
472 /* Stop if not enough space to put next UUID */
473 if ((ptr - data) + sizeof(u16) > len) {
474 uuids_start[1] = EIR_UUID16_SOME;
475 break;
476 }
477
478 *ptr++ = (uuid16 & 0x00ff);
479 *ptr++ = (uuid16 & 0xff00) >> 8;
480 uuids_start[0] += sizeof(uuid16);
481 }
482
483 return ptr;
484}
485
cdf1963f
JH		 486static u8 *create_uuid32_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
487{
488 u8 *ptr = data, *uuids_start = NULL;
489 struct bt_uuid *uuid;
490
491 if (len < 6)
492 return ptr;
493
494 list_for_each_entry(uuid, &hdev->uuids, list) {
495 if (uuid->size != 32)
496 continue;
497
498 if (!uuids_start) {
499 uuids_start = ptr;
500 uuids_start[0] = 1;
501 uuids_start[1] = EIR_UUID32_ALL;
502 ptr += 2;
503 }
504
505 /* Stop if not enough space to put next UUID */
506 if ((ptr - data) + sizeof(u32) > len) {
507 uuids_start[1] = EIR_UUID32_SOME;
508 break;
509 }
510
511 memcpy(ptr, &uuid->uuid[12], sizeof(u32));
512 ptr += sizeof(u32);
513 uuids_start[0] += sizeof(u32);
514 }
515
516 return ptr;
517}
518
c00d575b
JH		 519static u8 *create_uuid128_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
520{
521 u8 *ptr = data, *uuids_start = NULL;
522 struct bt_uuid *uuid;
523
524 if (len < 18)
525 return ptr;
526
527 list_for_each_entry(uuid, &hdev->uuids, list) {
528 if (uuid->size != 128)
529 continue;
530
531 if (!uuids_start) {
532 uuids_start = ptr;
533 uuids_start[0] = 1;
534 uuids_start[1] = EIR_UUID128_ALL;
535 ptr += 2;
536 }
537
538 /* Stop if not enough space to put next UUID */
539 if ((ptr - data) + 16 > len) {
540 uuids_start[1] = EIR_UUID128_SOME;
541 break;
542 }
543
544 memcpy(ptr, uuid->uuid, 16);
545 ptr += 16;
546 uuids_start[0] += 16;
547 }
548
549 return ptr;
550}
551
eb2a8d20
JH		 552static struct pending_cmd *mgmt_pending_find(u16 opcode, struct hci_dev *hdev)
553{
554 struct pending_cmd *cmd;
555
556 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
557 if (cmd->opcode == opcode)
558 return cmd;
559 }
560
561 return NULL;
562}
563
f14d8f64
MH		 564static u8 create_scan_rsp_data(struct hci_dev *hdev, u8 *ptr)
565{
7a5f4990
MH		 566 u8 ad_len = 0;
567 size_t name_len;
568
569 name_len = strlen(hdev->dev_name);
570 if (name_len > 0) {
571 size_t max_len = HCI_MAX_AD_LENGTH - ad_len - 2;
572
573 if (name_len > max_len) {
574 name_len = max_len;
575 ptr[1] = EIR_NAME_SHORT;
576 } else
577 ptr[1] = EIR_NAME_COMPLETE;
578
579 ptr[0] = name_len + 1;
580
581 memcpy(ptr + 2, hdev->dev_name, name_len);
582
583 ad_len += (name_len + 2);
584 ptr += (name_len + 2);
585 }
586
587 return ad_len;
f14d8f64
MH		 588}
589
590static void update_scan_rsp_data(struct hci_request *req)
591{
592 struct hci_dev *hdev = req->hdev;
593 struct hci_cp_le_set_scan_rsp_data cp;
594 u8 len;
595
7751ef1b 596 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
f14d8f64
MH		 597 return;
598
599 memset(&cp, 0, sizeof(cp));
600
601 len = create_scan_rsp_data(hdev, cp.data);
602
eb438b5f
JH		 603 if (hdev->scan_rsp_data_len == len &&
604 memcmp(cp.data, hdev->scan_rsp_data, len) == 0)
f14d8f64
MH		 605 return;
606
eb438b5f
JH		 607 memcpy(hdev->scan_rsp_data, cp.data, sizeof(cp.data));
608 hdev->scan_rsp_data_len = len;
f14d8f64
MH		 609
610 cp.length = len;
611
612 hci_req_add(req, HCI_OP_LE_SET_SCAN_RSP_DATA, sizeof(cp), &cp);
613}
614
9a43e25f
JH		 615static u8 get_adv_discov_flags(struct hci_dev *hdev)
616{
617 struct pending_cmd *cmd;
618
619 /* If there's a pending mgmt command the flags will not yet have
620 * their final values, so check for this first.
621 */
622 cmd = mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev);
623 if (cmd) {
624 struct mgmt_mode *cp = cmd->param;
625 if (cp->val == 0x01)
626 return LE_AD_GENERAL;
627 else if (cp->val == 0x02)
628 return LE_AD_LIMITED;
629 } else {
630 if (test_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags))
631 return LE_AD_LIMITED;
632 else if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
633 return LE_AD_GENERAL;
634 }
635
636 return 0;
637}
638
46cad2ed 639static u8 create_adv_data(struct hci_dev *hdev, u8 *ptr)
441ad2d0
MH		 640{
641 u8 ad_len = 0, flags = 0;
441ad2d0 642
9a43e25f 643 flags |= get_adv_discov_flags(hdev);
441ad2d0 644
e834004b 645 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
441ad2d0 646 flags |= LE_AD_NO_BREDR;
441ad2d0
MH		 647
648 if (flags) {
649 BT_DBG("adv flags 0x%02x", flags);
650
651 ptr[0] = 2;
652 ptr[1] = EIR_FLAGS;
653 ptr[2] = flags;
654
655 ad_len += 3;
656 ptr += 3;
657 }
658
659 if (hdev->adv_tx_power != HCI_TX_POWER_INVALID) {
660 ptr[0] = 2;
661 ptr[1] = EIR_TX_POWER;
662 ptr[2] = (u8) hdev->adv_tx_power;
663
664 ad_len += 3;
665 ptr += 3;
666 }
667
441ad2d0
MH		 668 return ad_len;
669}
670
5947f4bc 671static void update_adv_data(struct hci_request *req)
441ad2d0
MH		 672{
673 struct hci_dev *hdev = req->hdev;
674 struct hci_cp_le_set_adv_data cp;
675 u8 len;
676
10994ce6 677 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
441ad2d0
MH		 678 return;
679
680 memset(&cp, 0, sizeof(cp));
681
46cad2ed 682 len = create_adv_data(hdev, cp.data);
441ad2d0
MH		 683
684 if (hdev->adv_data_len == len &&
685 memcmp(cp.data, hdev->adv_data, len) == 0)
686 return;
687
688 memcpy(hdev->adv_data, cp.data, sizeof(cp.data));
689 hdev->adv_data_len = len;
690
691 cp.length = len;
692
693 hci_req_add(req, HCI_OP_LE_SET_ADV_DATA, sizeof(cp), &cp);
694}
695
ef580372
JH		 696static void create_eir(struct hci_dev *hdev, u8 *data)
697{
698 u8 *ptr = data;
ef580372
JH		 699 size_t name_len;
700
701 name_len = strlen(hdev->dev_name);
702
703 if (name_len > 0) {
704 /* EIR Data type */
705 if (name_len > 48) {
706 name_len = 48;
707 ptr[1] = EIR_NAME_SHORT;
708 } else
709 ptr[1] = EIR_NAME_COMPLETE;
710
711 /* EIR Data length */
712 ptr[0] = name_len + 1;
713
714 memcpy(ptr + 2, hdev->dev_name, name_len);
715
ef580372
JH		 716 ptr += (name_len + 2);
717 }
718
bbaf444a 719 if (hdev->inq_tx_power != HCI_TX_POWER_INVALID) {
91c4e9b1
MH		 720 ptr[0] = 2;
721 ptr[1] = EIR_TX_POWER;
722 ptr[2] = (u8) hdev->inq_tx_power;
723
91c4e9b1
MH		 724 ptr += 3;
725 }
726
2b9be137
MH		 727 if (hdev->devid_source > 0) {
728 ptr[0] = 9;
729 ptr[1] = EIR_DEVICE_ID;
730
731 put_unaligned_le16(hdev->devid_source, ptr + 2);
732 put_unaligned_le16(hdev->devid_vendor, ptr + 4);
733 put_unaligned_le16(hdev->devid_product, ptr + 6);
734 put_unaligned_le16(hdev->devid_version, ptr + 8);
735
2b9be137
MH		 736 ptr += 10;
737 }
738
213202ed 739 ptr = create_uuid16_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
cdf1963f 740 ptr = create_uuid32_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
c00d575b 741 ptr = create_uuid128_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
ef580372
JH		 742}
743
890ea898 744static void update_eir(struct hci_request *req)
ef580372 745{
890ea898 746 struct hci_dev *hdev = req->hdev;
ef580372
JH		 747 struct hci_cp_write_eir cp;
748
504c8dcd 749 if (!hdev_is_powered(hdev))
890ea898 750 return;
7770c4aa 751
976eb20e 752 if (!lmp_ext_inq_capable(hdev))
890ea898 753 return;
ef580372 754
84bde9d6 755 if (!test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
890ea898 756 return;
ef580372 757
a8b2d5c2 758 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
890ea898 759 return;
ef580372
JH		 760
761 memset(&cp, 0, sizeof(cp));
762
763 create_eir(hdev, cp.data);
764
765 if (memcmp(cp.data, hdev->eir, sizeof(cp.data)) == 0)
890ea898 766 return;
ef580372
JH		 767
768 memcpy(hdev->eir, cp.data, sizeof(cp.data));
769
890ea898 770 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
ef580372
JH		 771}
772
773static u8 get_service_classes(struct hci_dev *hdev)
774{
775 struct bt_uuid *uuid;
776 u8 val = 0;
777
778 list_for_each_entry(uuid, &hdev->uuids, list)
779 val |= uuid->svc_hint;
780
781 return val;
782}
783
890ea898 784static void update_class(struct hci_request *req)
ef580372 785{
890ea898 786 struct hci_dev *hdev = req->hdev;
ef580372
JH		 787 u8 cod[3];
788
789 BT_DBG("%s", hdev->name);
790
504c8dcd 791 if (!hdev_is_powered(hdev))
890ea898 792 return;
7770c4aa 793
f87ea1da
JH		 794 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
795 return;
796
a8b2d5c2 797 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
890ea898 798 return;
ef580372
JH		 799
800 cod[0] = hdev->minor_class;
801 cod[1] = hdev->major_class;
802 cod[2] = get_service_classes(hdev);
803
6acd7db4
MH		 804 if (test_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags))
805 cod[1] |= 0x20;
806
ef580372 807 if (memcmp(cod, hdev->dev_class, 3) == 0)
890ea898 808 return;
ef580372 809
890ea898 810 hci_req_add(req, HCI_OP_WRITE_CLASS_OF_DEV, sizeof(cod), cod);
ef580372
JH		 811}
812
7d78525d
JH		 813static void service_cache_off(struct work_struct *work)
814{
815 struct hci_dev *hdev = container_of(work, struct hci_dev,
04124681 816 service_cache.work);
890ea898 817 struct hci_request req;
7d78525d 818
a8b2d5c2 819 if (!test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
7d78525d
JH		 820 return;
821
890ea898
JH		 822 hci_req_init(&req, hdev);
823
7d78525d
JH		 824 hci_dev_lock(hdev);
825
890ea898
JH		 826 update_eir(&req);
827 update_class(&req);
7d78525d
JH		 828
829 hci_dev_unlock(hdev);
890ea898
JH		 830
831 hci_req_run(&req, NULL);
7d78525d
JH		 832}
833
6a919082 834static void mgmt_init_hdev(struct sock *sk, struct hci_dev *hdev)
7d78525d 835{
4f87da80 836 if (test_and_set_bit(HCI_MGMT, &hdev->dev_flags))
6a919082
JH		 837 return;
838
4f87da80 839 INIT_DELAYED_WORK(&hdev->service_cache, service_cache_off);
7d78525d 840
4f87da80
JH		 841 /* Non-mgmt controlled devices get this bit set
842 * implicitly so that pairing works for them, however
843 * for mgmt we require user-space to explicitly enable
844 * it
845 */
846 clear_bit(HCI_PAIRABLE, &hdev->dev_flags);
7d78525d
JH		 847}
848
0f4e68cf 849static int read_controller_info(struct sock *sk, struct hci_dev *hdev,
04124681 850 void *data, u16 data_len)
0381101f 851{
a38528f1 852 struct mgmt_rp_read_info rp;
f7b64e69 853
bdb6d971 854 BT_DBG("sock %p %s", sk, hdev->name);
f7b64e69 855
09fd0de5 856 hci_dev_lock(hdev);
f7b64e69 857
dc4fe30b
JH		 858 memset(&rp, 0, sizeof(rp));
859
69ab39ea 860 bacpy(&rp.bdaddr, &hdev->bdaddr);
f7b64e69 861
69ab39ea 862 rp.version = hdev->hci_ver;
eb55ef07 863 rp.manufacturer = cpu_to_le16(hdev->manufacturer);
69ab39ea
JH		 864
865 rp.supported_settings = cpu_to_le32(get_supported_settings(hdev));
866 rp.current_settings = cpu_to_le32(get_current_settings(hdev));
f7b64e69 867
a38528f1 868 memcpy(rp.dev_class, hdev->dev_class, 3);
f7b64e69 869
dc4fe30b 870 memcpy(rp.name, hdev->dev_name, sizeof(hdev->dev_name));
27fcc362 871 memcpy(rp.short_name, hdev->short_name, sizeof(hdev->short_name));
dc4fe30b 872
09fd0de5 873 hci_dev_unlock(hdev);
0381101f 874
bdb6d971 875 return cmd_complete(sk, hdev->id, MGMT_OP_READ_INFO, 0, &rp,
04124681 876 sizeof(rp));
0381101f
JH		 877}
878
eec8d2bc
JH		 879static void mgmt_pending_free(struct pending_cmd *cmd)
880{
881 sock_put(cmd->sk);
c68fb7ff 882 kfree(cmd->param);
eec8d2bc
JH		 883 kfree(cmd);
884}
885
366a0336 886static struct pending_cmd *mgmt_pending_add(struct sock *sk, u16 opcode,
04124681
GP		 887 struct hci_dev *hdev, void *data,
888 u16 len)
eec8d2bc
JH		 889{
890 struct pending_cmd *cmd;
891
12b94565 892 cmd = kmalloc(sizeof(*cmd), GFP_KERNEL);
eec8d2bc 893 if (!cmd)
366a0336 894 return NULL;
eec8d2bc
JH		 895
896 cmd->opcode = opcode;
2e58ef3e 897 cmd->index = hdev->id;
eec8d2bc 898
12b94565 899 cmd->param = kmalloc(len, GFP_KERNEL);
c68fb7ff 900 if (!cmd->param) {
eec8d2bc 901 kfree(cmd);
366a0336 902 return NULL;
eec8d2bc
JH		 903 }
904
8fce6357
SJ		 905 if (data)
906 memcpy(cmd->param, data, len);
eec8d2bc
JH		 907
908 cmd->sk = sk;
909 sock_hold(sk);
910
2e58ef3e 911 list_add(&cmd->list, &hdev->mgmt_pending);
eec8d2bc 912
366a0336 913 return cmd;
eec8d2bc
JH		 914}
915
744cf19e 916static void mgmt_pending_foreach(u16 opcode, struct hci_dev *hdev,
8fc9ced3
GP		 917 void (*cb)(struct pending_cmd *cmd,
918 void *data),
04124681 919 void *data)
eec8d2bc 920{
a3d09356 921 struct pending_cmd *cmd, *tmp;
eec8d2bc 922
a3d09356 923 list_for_each_entry_safe(cmd, tmp, &hdev->mgmt_pending, list) {
b24752fe 924 if (opcode > 0 && cmd->opcode != opcode)
eec8d2bc
JH		 925 continue;
926
eec8d2bc
JH		 927 cb(cmd, data);
928 }
929}
930
a664b5bc 931static void mgmt_pending_remove(struct pending_cmd *cmd)
73f22f62 932{
73f22f62
JH		 933 list_del(&cmd->list);
934 mgmt_pending_free(cmd);
935}
936
69ab39ea 937static int send_settings_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
8680570b 938{
69ab39ea 939 __le32 settings = cpu_to_le32(get_current_settings(hdev));
8680570b 940
aee9b218 941 return cmd_complete(sk, hdev->id, opcode, 0, &settings,
04124681 942 sizeof(settings));
8680570b
JH		 943}
944
bdb6d971 945static int set_powered(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 946 u16 len)
eec8d2bc 947{
650f726d 948 struct mgmt_mode *cp = data;
366a0336 949 struct pending_cmd *cmd;
4b34ee78 950 int err;
eec8d2bc 951
bdb6d971 952 BT_DBG("request for %s", hdev->name);
eec8d2bc 953
a7e80f25
JH		 954 if (cp->val != 0x00 && cp->val != 0x01)
955 return cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
956 MGMT_STATUS_INVALID_PARAMS);
957
09fd0de5 958 hci_dev_lock(hdev);
eec8d2bc 959
87b95ba6
JH		 960 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev)) {
961 err = cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
962 MGMT_STATUS_BUSY);
963 goto failed;
964 }
965
f0d4b78a
MH		 966 if (test_and_clear_bit(HCI_AUTO_OFF, &hdev->dev_flags)) {
967 cancel_delayed_work(&hdev->power_off);
968
969 if (cp->val) {
a1d70450
JH		 970 mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev,
971 data, len);
972 err = mgmt_powered(hdev, 1);
f0d4b78a
MH		 973 goto failed;
974 }
975 }
976
4b34ee78 977 if (!!cp->val == hdev_is_powered(hdev)) {
69ab39ea 978 err = send_settings_rsp(sk, MGMT_OP_SET_POWERED, hdev);
eec8d2bc
JH		 979 goto failed;
980 }
981
2e58ef3e 982 cmd = mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev, data, len);
366a0336
JH		 983 if (!cmd) {
984 err = -ENOMEM;
eec8d2bc 985 goto failed;
366a0336 986 }
eec8d2bc 987
72a734ec 988 if (cp->val)
19202573 989 queue_work(hdev->req_workqueue, &hdev->power_on);
eec8d2bc 990 else
19202573 991 queue_work(hdev->req_workqueue, &hdev->power_off.work);
eec8d2bc 992
366a0336 993 err = 0;
eec8d2bc
JH		 994
995failed:
09fd0de5 996 hci_dev_unlock(hdev);
366a0336 997 return err;
eec8d2bc
JH		 998}
999
04124681
GP		 1000static int mgmt_event(u16 event, struct hci_dev *hdev, void *data, u16 data_len,
1001 struct sock *skip_sk)
beadb2bd
JH		 1002{
1003 struct sk_buff *skb;
1004 struct mgmt_hdr *hdr;
1005
790eff44 1006 skb = alloc_skb(sizeof(*hdr) + data_len, GFP_KERNEL);
beadb2bd
JH		 1007 if (!skb)
1008 return -ENOMEM;
1009
1010 hdr = (void *) skb_put(skb, sizeof(*hdr));
1011 hdr->opcode = cpu_to_le16(event);
1012 if (hdev)
1013 hdr->index = cpu_to_le16(hdev->id);
1014 else
612dfce9 1015 hdr->index = __constant_cpu_to_le16(MGMT_INDEX_NONE);
beadb2bd
JH		 1016 hdr->len = cpu_to_le16(data_len);
1017
1018 if (data)
1019 memcpy(skb_put(skb, data_len), data, data_len);
1020
97e0bdeb
MH		 1021 /* Time stamp */
1022 __net_timestamp(skb);
1023
beadb2bd
JH		 1024 hci_send_to_control(skb, skip_sk);
1025 kfree_skb(skb);
1026
1027 return 0;
1028}
1029
1030static int new_settings(struct hci_dev *hdev, struct sock *skip)
1031{
1032 __le32 ev;
1033
1034 ev = cpu_to_le32(get_current_settings(hdev));
1035
1036 return mgmt_event(MGMT_EV_NEW_SETTINGS, hdev, &ev, sizeof(ev), skip);
1037}
1038
bd99abdd
JH		 1039struct cmd_lookup {
1040 struct sock *sk;
1041 struct hci_dev *hdev;
1042 u8 mgmt_status;
1043};
1044
1045static void settings_rsp(struct pending_cmd *cmd, void *data)
1046{
1047 struct cmd_lookup *match = data;
1048
1049 send_settings_rsp(cmd->sk, cmd->opcode, match->hdev);
1050
1051 list_del(&cmd->list);
1052
1053 if (match->sk == NULL) {
1054 match->sk = cmd->sk;
1055 sock_hold(match->sk);
1056 }
1057
1058 mgmt_pending_free(cmd);
1059}
1060
1061static void cmd_status_rsp(struct pending_cmd *cmd, void *data)
1062{
1063 u8 *status = data;
1064
1065 cmd_status(cmd->sk, cmd->index, cmd->opcode, *status);
1066 mgmt_pending_remove(cmd);
1067}
1068
e6fe7986
JH		 1069static u8 mgmt_bredr_support(struct hci_dev *hdev)
1070{
1071 if (!lmp_bredr_capable(hdev))
1072 return MGMT_STATUS_NOT_SUPPORTED;
1073 else if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
1074 return MGMT_STATUS_REJECTED;
1075 else
1076 return MGMT_STATUS_SUCCESS;
1077}
1078
1079static u8 mgmt_le_support(struct hci_dev *hdev)
1080{
1081 if (!lmp_le_capable(hdev))
1082 return MGMT_STATUS_NOT_SUPPORTED;
1083 else if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
1084 return MGMT_STATUS_REJECTED;
1085 else
1086 return MGMT_STATUS_SUCCESS;
1087}
1088
bfaf8c9f
JH		 1089static void set_discoverable_complete(struct hci_dev *hdev, u8 status)
1090{
1091 struct pending_cmd *cmd;
1092 struct mgmt_mode *cp;
970ba524 1093 struct hci_request req;
bfaf8c9f
JH		 1094 bool changed;
1095
1096 BT_DBG("status 0x%02x", status);
1097
1098 hci_dev_lock(hdev);
1099
1100 cmd = mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev);
1101 if (!cmd)
1102 goto unlock;
1103
1104 if (status) {
1105 u8 mgmt_err = mgmt_status(status);
1106 cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
310a3d48 1107 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
bfaf8c9f
JH		 1108 goto remove_cmd;
1109 }
1110
1111 cp = cmd->param;
d4462a07 1112 if (cp->val) {
bfaf8c9f
JH		 1113 changed = !test_and_set_bit(HCI_DISCOVERABLE,
1114 &hdev->dev_flags);
d4462a07
MH		 1115
1116 if (hdev->discov_timeout > 0) {
1117 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
1118 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
1119 to);
1120 }
1121 } else {
bfaf8c9f
JH		 1122 changed = test_and_clear_bit(HCI_DISCOVERABLE,
1123 &hdev->dev_flags);
d4462a07 1124 }
bfaf8c9f
JH		 1125
1126 send_settings_rsp(cmd->sk, MGMT_OP_SET_DISCOVERABLE, hdev);
1127
1128 if (changed)
1129 new_settings(hdev, cmd->sk);
1130
970ba524
MH		 1131 /* When the discoverable mode gets changed, make sure
1132 * that class of device has the limited discoverable
1133 * bit correctly set.
1134 */
1135 hci_req_init(&req, hdev);
1136 update_class(&req);
1137 hci_req_run(&req, NULL);
1138
bfaf8c9f
JH		 1139remove_cmd:
1140 mgmt_pending_remove(cmd);
1141
1142unlock:
1143 hci_dev_unlock(hdev);
1144}
1145
bdb6d971 1146static int set_discoverable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1147 u16 len)
73f22f62 1148{
650f726d 1149 struct mgmt_cp_set_discoverable *cp = data;
366a0336 1150 struct pending_cmd *cmd;
bfaf8c9f 1151 struct hci_request req;
5e5282bb 1152 u16 timeout;
9a43e25f 1153 u8 scan;
73f22f62
JH		 1154 int err;
1155
bdb6d971 1156 BT_DBG("request for %s", hdev->name);
73f22f62 1157
9a43e25f
JH		 1158 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags) &&
1159 !test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
33c525c0 1160 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
9a43e25f 1161 MGMT_STATUS_REJECTED);
33c525c0 1162
310a3d48 1163 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
a7e80f25
JH		 1164 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1165 MGMT_STATUS_INVALID_PARAMS);
1166
1f350c87 1167 timeout = __le16_to_cpu(cp->timeout);
310a3d48
MH		 1168
1169 /* Disabling discoverable requires that no timeout is set,
1170 * and enabling limited discoverable requires a timeout.
1171 */
1172 if ((cp->val == 0x00 && timeout > 0) ||
1173 (cp->val == 0x02 && timeout == 0))
bdb6d971 1174 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 1175 MGMT_STATUS_INVALID_PARAMS);
73f22f62 1176
09fd0de5 1177 hci_dev_lock(hdev);
73f22f62 1178
5e5282bb 1179 if (!hdev_is_powered(hdev) && timeout > 0) {
bdb6d971 1180 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 1181 MGMT_STATUS_NOT_POWERED);
73f22f62
JH		 1182 goto failed;
1183 }
1184
2e58ef3e 1185 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
8ce8e2b5 1186 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
bdb6d971 1187 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 1188 MGMT_STATUS_BUSY);
73f22f62
JH		 1189 goto failed;
1190 }
1191
5e5282bb 1192 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags)) {
bdb6d971 1193 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 1194 MGMT_STATUS_REJECTED);
5e5282bb
JH		 1195 goto failed;
1196 }
1197
1198 if (!hdev_is_powered(hdev)) {
0224d2fa
JH		 1199 bool changed = false;
1200
310a3d48
MH		 1201 /* Setting limited discoverable when powered off is
1202 * not a valid operation since it requires a timeout
1203 * and so no need to check HCI_LIMITED_DISCOVERABLE.
1204 */
0224d2fa
JH		 1205 if (!!cp->val != test_bit(HCI_DISCOVERABLE, &hdev->dev_flags)) {
1206 change_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
1207 changed = true;
1208 }
1209
5e5282bb 1210 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
0224d2fa
JH		 1211 if (err < 0)
1212 goto failed;
1213
1214 if (changed)
1215 err = new_settings(hdev, sk);
1216
5e5282bb
JH		 1217 goto failed;
1218 }
1219
310a3d48
MH		 1220 /* If the current mode is the same, then just update the timeout
1221 * value with the new value. And if only the timeout gets updated,
1222 * then no need for any HCI transactions.
1223 */
1224 if (!!cp->val == test_bit(HCI_DISCOVERABLE, &hdev->dev_flags) &&
1225 (cp->val == 0x02) == test_bit(HCI_LIMITED_DISCOVERABLE,
1226 &hdev->dev_flags)) {
36261547
MH		 1227 cancel_delayed_work(&hdev->discov_off);
1228 hdev->discov_timeout = timeout;
955638ec 1229
36261547
MH		 1230 if (cp->val && hdev->discov_timeout > 0) {
1231 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
955638ec 1232 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
36261547 1233 to);
955638ec
MH		 1234 }
1235
69ab39ea 1236 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
73f22f62
JH		 1237 goto failed;
1238 }
1239
2e58ef3e 1240 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DISCOVERABLE, hdev, data, len);
366a0336
JH		 1241 if (!cmd) {
1242 err = -ENOMEM;
73f22f62 1243 goto failed;
366a0336 1244 }
73f22f62 1245
310a3d48
MH		 1246 /* Cancel any potential discoverable timeout that might be
1247 * still active and store new timeout value. The arming of
1248 * the timeout happens in the complete handler.
1249 */
1250 cancel_delayed_work(&hdev->discov_off);
1251 hdev->discov_timeout = timeout;
1252
b456f87c
JH		 1253 /* Limited discoverable mode */
1254 if (cp->val == 0x02)
1255 set_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
1256 else
1257 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
1258
bfaf8c9f
JH		 1259 hci_req_init(&req, hdev);
1260
9a43e25f
JH		 1261 /* The procedure for LE-only controllers is much simpler - just
1262 * update the advertising data.
1263 */
1264 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
1265 goto update_ad;
1266
73f22f62
JH		 1267 scan = SCAN_PAGE;
1268
310a3d48
MH		 1269 if (cp->val) {
1270 struct hci_cp_write_current_iac_lap hci_cp;
1271
1272 if (cp->val == 0x02) {
1273 /* Limited discoverable mode */
33337dcb 1274 hci_cp.num_iac = min_t(u8, hdev->num_iac, 2);
310a3d48
MH		 1275 hci_cp.iac_lap[0] = 0x00; /* LIAC */
1276 hci_cp.iac_lap[1] = 0x8b;
1277 hci_cp.iac_lap[2] = 0x9e;
1278 hci_cp.iac_lap[3] = 0x33; /* GIAC */
1279 hci_cp.iac_lap[4] = 0x8b;
1280 hci_cp.iac_lap[5] = 0x9e;
1281 } else {
1282 /* General discoverable mode */
310a3d48
MH		 1283 hci_cp.num_iac = 1;
1284 hci_cp.iac_lap[0] = 0x33; /* GIAC */
1285 hci_cp.iac_lap[1] = 0x8b;
1286 hci_cp.iac_lap[2] = 0x9e;
1287 }
1288
1289 hci_req_add(&req, HCI_OP_WRITE_CURRENT_IAC_LAP,
1290 (hci_cp.num_iac * 3) + 1, &hci_cp);
1291
73f22f62 1292 scan |= SCAN_INQUIRY;
310a3d48
MH		 1293 } else {
1294 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
1295 }
73f22f62 1296
310a3d48 1297 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, sizeof(scan), &scan);
bfaf8c9f 1298
9a43e25f
JH		 1299update_ad:
1300 update_adv_data(&req);
1301
bfaf8c9f 1302 err = hci_req_run(&req, set_discoverable_complete);
73f22f62 1303 if (err < 0)
a664b5bc 1304 mgmt_pending_remove(cmd);
73f22f62
JH		 1305
1306failed:
09fd0de5 1307 hci_dev_unlock(hdev);
73f22f62
JH		 1308 return err;
1309}
1310
406d7804
JH		 1311static void write_fast_connectable(struct hci_request *req, bool enable)
1312{
bd98b996 1313 struct hci_dev *hdev = req->hdev;
406d7804
JH		 1314 struct hci_cp_write_page_scan_activity acp;
1315 u8 type;
1316
547003b1
JH		 1317 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
1318 return;
1319
4c01f8b8
JH		 1320 if (hdev->hci_ver < BLUETOOTH_VER_1_2)
1321 return;
1322
406d7804
JH		 1323 if (enable) {
1324 type = PAGE_SCAN_TYPE_INTERLACED;
1325
1326 /* 160 msec page scan interval */
1327 acp.interval = __constant_cpu_to_le16(0x0100);
1328 } else {
1329 type = PAGE_SCAN_TYPE_STANDARD; /* default */
1330
1331 /* default 1.28 sec page scan */
1332 acp.interval = __constant_cpu_to_le16(0x0800);
1333 }
1334
1335 acp.window = __constant_cpu_to_le16(0x0012);
1336
bd98b996
JH		 1337 if (__cpu_to_le16(hdev->page_scan_interval) != acp.interval ||
1338 __cpu_to_le16(hdev->page_scan_window) != acp.window)
1339 hci_req_add(req, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY,
1340 sizeof(acp), &acp);
1341
1342 if (hdev->page_scan_type != type)
1343 hci_req_add(req, HCI_OP_WRITE_PAGE_SCAN_TYPE, 1, &type);
406d7804
JH		 1344}
1345
1987fdc7
JH		 1346static u8 get_adv_type(struct hci_dev *hdev)
1347{
1348 struct pending_cmd *cmd;
1349 bool connectable;
1350
1351 /* If there's a pending mgmt command the flag will not yet have
1352 * it's final value, so check for this first.
1353 */
1354 cmd = mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
1355 if (cmd) {
1356 struct mgmt_mode *cp = cmd->param;
1357 connectable = !!cp->val;
1358 } else {
1359 connectable = test_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1360 }
1361
1362 return connectable ? LE_ADV_IND : LE_ADV_NONCONN_IND;
1363}
1364
95c66e75
JH		 1365static void enable_advertising(struct hci_request *req)
1366{
1367 struct hci_dev *hdev = req->hdev;
1368 struct hci_cp_le_set_adv_param cp;
1369 u8 enable = 0x01;
1370
1371 memset(&cp, 0, sizeof(cp));
1372 cp.min_interval = __constant_cpu_to_le16(0x0800);
1373 cp.max_interval = __constant_cpu_to_le16(0x0800);
1987fdc7 1374 cp.type = get_adv_type(hdev);
79830f66 1375 cp.own_address_type = hdev->own_addr_type;
95c66e75
JH		 1376 cp.channel_map = 0x07;
1377
1378 hci_req_add(req, HCI_OP_LE_SET_ADV_PARAM, sizeof(cp), &cp);
1379
1380 hci_req_add(req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable), &enable);
1381}
1382
1383static void disable_advertising(struct hci_request *req)
1384{
1385 u8 enable = 0x00;
1386
1387 hci_req_add(req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable), &enable);
1388}
1389
2b76f453
JH		 1390static void set_connectable_complete(struct hci_dev *hdev, u8 status)
1391{
1392 struct pending_cmd *cmd;
d7b856f9
JH		 1393 struct mgmt_mode *cp;
1394 bool changed;
2b76f453
JH		 1395
1396 BT_DBG("status 0x%02x", status);
1397
1398 hci_dev_lock(hdev);
1399
1400 cmd = mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
1401 if (!cmd)
1402 goto unlock;
1403
37438c1f
JH		 1404 if (status) {
1405 u8 mgmt_err = mgmt_status(status);
1406 cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
1407 goto remove_cmd;
1408 }
1409
d7b856f9
JH		 1410 cp = cmd->param;
1411 if (cp->val)
1412 changed = !test_and_set_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1413 else
1414 changed = test_and_clear_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1415
2b76f453
JH		 1416 send_settings_rsp(cmd->sk, MGMT_OP_SET_CONNECTABLE, hdev);
1417
d7b856f9
JH		 1418 if (changed)
1419 new_settings(hdev, cmd->sk);
1420
37438c1f 1421remove_cmd:
2b76f453
JH		 1422 mgmt_pending_remove(cmd);
1423
1424unlock:
1425 hci_dev_unlock(hdev);
1426}
1427
e8ba3a1f
JH		 1428static int set_connectable_update_settings(struct hci_dev *hdev,
1429 struct sock *sk, u8 val)
1430{
1431 bool changed = false;
1432 int err;
1433
1434 if (!!val != test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
1435 changed = true;
1436
1437 if (val) {
1438 set_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1439 } else {
1440 clear_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1441 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
1442 }
1443
1444 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
1445 if (err < 0)
1446 return err;
1447
1448 if (changed)
1449 return new_settings(hdev, sk);
1450
1451 return 0;
1452}
1453
bdb6d971 1454static int set_connectable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1455 u16 len)
9fbcbb45 1456{
650f726d 1457 struct mgmt_mode *cp = data;
366a0336 1458 struct pending_cmd *cmd;
2b76f453 1459 struct hci_request req;
1987fdc7 1460 u8 scan;
9fbcbb45
JH		 1461 int err;
1462
bdb6d971 1463 BT_DBG("request for %s", hdev->name);
9fbcbb45 1464
1987fdc7
JH		 1465 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags) &&
1466 !test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
33c525c0 1467 return cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1987fdc7 1468 MGMT_STATUS_REJECTED);
33c525c0 1469
a7e80f25
JH		 1470 if (cp->val != 0x00 && cp->val != 0x01)
1471 return cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1472 MGMT_STATUS_INVALID_PARAMS);
1473
09fd0de5 1474 hci_dev_lock(hdev);
9fbcbb45 1475
4b34ee78 1476 if (!hdev_is_powered(hdev)) {
e8ba3a1f 1477 err = set_connectable_update_settings(hdev, sk, cp->val);
9fbcbb45
JH		 1478 goto failed;
1479 }
1480
2e58ef3e 1481 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
8ce8e2b5 1482 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
bdb6d971 1483 err = cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
04124681 1484 MGMT_STATUS_BUSY);
9fbcbb45
JH		 1485 goto failed;
1486 }
1487
2e58ef3e 1488 cmd = mgmt_pending_add(sk, MGMT_OP_SET_CONNECTABLE, hdev, data, len);
366a0336
JH		 1489 if (!cmd) {
1490 err = -ENOMEM;
9fbcbb45 1491 goto failed;
366a0336 1492 }
9fbcbb45 1493
9b74246f 1494 hci_req_init(&req, hdev);
9fbcbb45 1495
9a43e25f
JH		 1496 /* If BR/EDR is not enabled and we disable advertising as a
1497 * by-product of disabling connectable, we need to update the
1498 * advertising flags.
1499 */
1500 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
1501 if (!cp->val) {
1502 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
1503 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
1504 }
1505 update_adv_data(&req);
1506 } else if (cp->val != test_bit(HCI_PSCAN, &hdev->flags)) {
9b74246f
JH		 1507 if (cp->val) {
1508 scan = SCAN_PAGE;
1509 } else {
1510 scan = 0;
1511
1512 if (test_bit(HCI_ISCAN, &hdev->flags) &&
8d6083fe 1513 hdev->discov_timeout > 0)
9b74246f
JH		 1514 cancel_delayed_work(&hdev->discov_off);
1515 }
2b76f453 1516
9b74246f
JH		 1517 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1518 }
2b76f453 1519
4c01f8b8
JH		 1520 /* If we're going from non-connectable to connectable or
1521 * vice-versa when fast connectable is enabled ensure that fast
1522 * connectable gets disabled. write_fast_connectable won't do
1523 * anything if the page scan parameters are already what they
1524 * should be.
1525 */
1526 if (cp->val || test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags))
e36a3769
JH		 1527 write_fast_connectable(&req, false);
1528
1987fdc7
JH		 1529 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags) &&
1530 hci_conn_num(hdev, LE_LINK) == 0) {
1531 disable_advertising(&req);
1532 enable_advertising(&req);
1533 }
1534
2b76f453 1535 err = hci_req_run(&req, set_connectable_complete);
9b74246f 1536 if (err < 0) {
a664b5bc 1537 mgmt_pending_remove(cmd);
9b74246f 1538 if (err == -ENODATA)
a81070ba
JH		 1539 err = set_connectable_update_settings(hdev, sk,
1540 cp->val);
9b74246f
JH		 1541 goto failed;
1542 }
9fbcbb45
JH		 1543
1544failed:
09fd0de5 1545 hci_dev_unlock(hdev);
9fbcbb45
JH		 1546 return err;
1547}
1548
bdb6d971 1549static int set_pairable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1550 u16 len)
c542a06c 1551{
650f726d 1552 struct mgmt_mode *cp = data;
55594356 1553 bool changed;
c542a06c
JH		 1554 int err;
1555
bdb6d971 1556 BT_DBG("request for %s", hdev->name);
c542a06c 1557
a7e80f25
JH		 1558 if (cp->val != 0x00 && cp->val != 0x01)
1559 return cmd_status(sk, hdev->id, MGMT_OP_SET_PAIRABLE,
1560 MGMT_STATUS_INVALID_PARAMS);
1561
09fd0de5 1562 hci_dev_lock(hdev);
c542a06c
JH		 1563
1564 if (cp->val)
55594356 1565 changed = !test_and_set_bit(HCI_PAIRABLE, &hdev->dev_flags);
c542a06c 1566 else
55594356 1567 changed = test_and_clear_bit(HCI_PAIRABLE, &hdev->dev_flags);
c542a06c 1568
69ab39ea 1569 err = send_settings_rsp(sk, MGMT_OP_SET_PAIRABLE, hdev);
c542a06c 1570 if (err < 0)
55594356 1571 goto unlock;
c542a06c 1572
55594356
MH		 1573 if (changed)
1574 err = new_settings(hdev, sk);
c542a06c 1575
55594356 1576unlock:
09fd0de5 1577 hci_dev_unlock(hdev);
c542a06c
JH		 1578 return err;
1579}
1580
04124681
GP		 1581static int set_link_security(struct sock *sk, struct hci_dev *hdev, void *data,
1582 u16 len)
33ef95ed
JH		 1583{
1584 struct mgmt_mode *cp = data;
1585 struct pending_cmd *cmd;
e6fe7986 1586 u8 val, status;
33ef95ed
JH		 1587 int err;
1588
bdb6d971 1589 BT_DBG("request for %s", hdev->name);
33ef95ed 1590
e6fe7986
JH		 1591 status = mgmt_bredr_support(hdev);
1592 if (status)
33c525c0 1593 return cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
e6fe7986 1594 status);
33c525c0 1595
a7e80f25
JH		 1596 if (cp->val != 0x00 && cp->val != 0x01)
1597 return cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1598 MGMT_STATUS_INVALID_PARAMS);
1599
33ef95ed
JH		 1600 hci_dev_lock(hdev);
1601
4b34ee78 1602 if (!hdev_is_powered(hdev)) {
47990ea0
JH		 1603 bool changed = false;
1604
1605 if (!!cp->val != test_bit(HCI_LINK_SECURITY,
8ce8e2b5 1606 &hdev->dev_flags)) {
47990ea0
JH		 1607 change_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
1608 changed = true;
1609 }
1610
1611 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1612 if (err < 0)
1613 goto failed;
1614
1615 if (changed)
1616 err = new_settings(hdev, sk);
1617
33ef95ed
JH		 1618 goto failed;
1619 }
1620
1621 if (mgmt_pending_find(MGMT_OP_SET_LINK_SECURITY, hdev)) {
bdb6d971 1622 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
04124681 1623 MGMT_STATUS_BUSY);
33ef95ed
JH		 1624 goto failed;
1625 }
1626
1627 val = !!cp->val;
1628
1629 if (test_bit(HCI_AUTH, &hdev->flags) == val) {
1630 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1631 goto failed;
1632 }
1633
1634 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LINK_SECURITY, hdev, data, len);
1635 if (!cmd) {
1636 err = -ENOMEM;
1637 goto failed;
1638 }
1639
1640 err = hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE, sizeof(val), &val);
1641 if (err < 0) {
1642 mgmt_pending_remove(cmd);
1643 goto failed;
1644 }
1645
1646failed:
1647 hci_dev_unlock(hdev);
33ef95ed
JH		 1648 return err;
1649}
1650
bdb6d971 1651static int set_ssp(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
ed2c4ee3
JH		 1652{
1653 struct mgmt_mode *cp = data;
1654 struct pending_cmd *cmd;
72ef0c1a 1655 u8 status;
ed2c4ee3
JH		 1656 int err;
1657
bdb6d971 1658 BT_DBG("request for %s", hdev->name);
ed2c4ee3 1659
cdba5281
MH		 1660 status = mgmt_bredr_support(hdev);
1661 if (status)
1662 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP, status);
1663
13ecd8b6
JH		 1664 if (!lmp_ssp_capable(hdev))
1665 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1666 MGMT_STATUS_NOT_SUPPORTED);
ed2c4ee3 1667
a7e80f25
JH		 1668 if (cp->val != 0x00 && cp->val != 0x01)
1669 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1670 MGMT_STATUS_INVALID_PARAMS);
1671
13ecd8b6 1672 hci_dev_lock(hdev);
6c8f12c1 1673
4b34ee78 1674 if (!hdev_is_powered(hdev)) {
9ecb3e24 1675 bool changed;
c0ecddc2 1676
9ecb3e24
MH		 1677 if (cp->val) {
1678 changed = !test_and_set_bit(HCI_SSP_ENABLED,
1679 &hdev->dev_flags);
1680 } else {
1681 changed = test_and_clear_bit(HCI_SSP_ENABLED,
1682 &hdev->dev_flags);
1683 if (!changed)
1684 changed = test_and_clear_bit(HCI_HS_ENABLED,
1685 &hdev->dev_flags);
1686 else
1687 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
c0ecddc2
JH		 1688 }
1689
1690 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1691 if (err < 0)
1692 goto failed;
1693
1694 if (changed)
1695 err = new_settings(hdev, sk);
1696
ed2c4ee3
JH		 1697 goto failed;
1698 }
1699
9ecb3e24
MH		 1700 if (mgmt_pending_find(MGMT_OP_SET_SSP, hdev) ||
1701 mgmt_pending_find(MGMT_OP_SET_HS, hdev)) {
d97dcb66
SJ		 1702 err = cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1703 MGMT_STATUS_BUSY);
ed2c4ee3
JH		 1704 goto failed;
1705 }
1706
72ef0c1a 1707 if (!!cp->val == test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) {
ed2c4ee3
JH		 1708 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1709 goto failed;
1710 }
1711
1712 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SSP, hdev, data, len);
1713 if (!cmd) {
1714 err = -ENOMEM;
1715 goto failed;
1716 }
1717
72ef0c1a 1718 err = hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, 1, &cp->val);
ed2c4ee3
JH		 1719 if (err < 0) {
1720 mgmt_pending_remove(cmd);
1721 goto failed;
1722 }
1723
1724failed:
1725 hci_dev_unlock(hdev);
ed2c4ee3
JH		 1726 return err;
1727}
1728
bdb6d971 1729static int set_hs(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
6d80dfd0
JH		 1730{
1731 struct mgmt_mode *cp = data;
ee392693 1732 bool changed;
e6fe7986 1733 u8 status;
ee392693 1734 int err;
6d80dfd0 1735
bdb6d971 1736 BT_DBG("request for %s", hdev->name);
6d80dfd0 1737
e6fe7986
JH		 1738 status = mgmt_bredr_support(hdev);
1739 if (status)
1740 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS, status);
6d80dfd0 1741
9ecb3e24
MH		 1742 if (!lmp_ssp_capable(hdev))
1743 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1744 MGMT_STATUS_NOT_SUPPORTED);
1745
1746 if (!test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
1747 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1748 MGMT_STATUS_REJECTED);
1749
a7e80f25
JH		 1750 if (cp->val != 0x00 && cp->val != 0x01)
1751 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1752 MGMT_STATUS_INVALID_PARAMS);
1753
ee392693
MH		 1754 hci_dev_lock(hdev);
1755
a0cdf960 1756 if (cp->val) {
ee392693 1757 changed = !test_and_set_bit(HCI_HS_ENABLED, &hdev->dev_flags);
a0cdf960
MH		 1758 } else {
1759 if (hdev_is_powered(hdev)) {
1760 err = cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1761 MGMT_STATUS_REJECTED);
1762 goto unlock;
1763 }
1764
ee392693 1765 changed = test_and_clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
a0cdf960 1766 }
ee392693
MH		 1767
1768 err = send_settings_rsp(sk, MGMT_OP_SET_HS, hdev);
1769 if (err < 0)
1770 goto unlock;
1771
1772 if (changed)
1773 err = new_settings(hdev, sk);
6d80dfd0 1774
ee392693
MH		 1775unlock:
1776 hci_dev_unlock(hdev);
1777 return err;
6d80dfd0
JH		 1778}
1779
416a4ae5
JH		 1780static void le_enable_complete(struct hci_dev *hdev, u8 status)
1781{
1782 struct cmd_lookup match = { NULL, hdev };
1783
1784 if (status) {
1785 u8 mgmt_err = mgmt_status(status);
1786
1787 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, cmd_status_rsp,
1788 &mgmt_err);
1789 return;
1790 }
1791
1792 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, settings_rsp, &match);
1793
1794 new_settings(hdev, match.sk);
1795
1796 if (match.sk)
1797 sock_put(match.sk);
441ad2d0
MH		 1798
1799 /* Make sure the controller has a good default for
1800 * advertising data. Restrict the update to when LE
1801 * has actually been enabled. During power on, the
1802 * update in powered_update_hci will take care of it.
1803 */
1804 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
1805 struct hci_request req;
1806
1807 hci_dev_lock(hdev);
1808
1809 hci_req_init(&req, hdev);
5947f4bc 1810 update_adv_data(&req);
f14d8f64 1811 update_scan_rsp_data(&req);
441ad2d0
MH		 1812 hci_req_run(&req, NULL);
1813
1814 hci_dev_unlock(hdev);
1815 }
416a4ae5
JH		 1816}
1817
bdb6d971 1818static int set_le(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
06199cf8
JH		 1819{
1820 struct mgmt_mode *cp = data;
1821 struct hci_cp_write_le_host_supported hci_cp;
1822 struct pending_cmd *cmd;
416a4ae5 1823 struct hci_request req;
06199cf8 1824 int err;
0b60eba1 1825 u8 val, enabled;
06199cf8 1826
bdb6d971 1827 BT_DBG("request for %s", hdev->name);
06199cf8 1828
13ecd8b6
JH		 1829 if (!lmp_le_capable(hdev))
1830 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1831 MGMT_STATUS_NOT_SUPPORTED);
1de028ce 1832
a7e80f25
JH		 1833 if (cp->val != 0x00 && cp->val != 0x01)
1834 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1835 MGMT_STATUS_INVALID_PARAMS);
1836
c73eee91 1837 /* LE-only devices do not allow toggling LE on/off */
56f87901 1838 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
c73eee91
JH		 1839 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1840 MGMT_STATUS_REJECTED);
1841
13ecd8b6 1842 hci_dev_lock(hdev);
06199cf8
JH		 1843
1844 val = !!cp->val;
ffa88e02 1845 enabled = lmp_host_le_capable(hdev);
06199cf8 1846
0b60eba1 1847 if (!hdev_is_powered(hdev) || val == enabled) {
06199cf8
JH		 1848 bool changed = false;
1849
1850 if (val != test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
1851 change_bit(HCI_LE_ENABLED, &hdev->dev_flags);
1852 changed = true;
1853 }
1854
f3d3444a
JH		 1855 if (!val && test_bit(HCI_ADVERTISING, &hdev->dev_flags)) {
1856 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
eeca6f89
JH		 1857 changed = true;
1858 }
1859
06199cf8
JH		 1860 err = send_settings_rsp(sk, MGMT_OP_SET_LE, hdev);
1861 if (err < 0)
1de028ce 1862 goto unlock;
06199cf8
JH		 1863
1864 if (changed)
1865 err = new_settings(hdev, sk);
1866
1de028ce 1867 goto unlock;
06199cf8
JH		 1868 }
1869
4375f103
JH		 1870 if (mgmt_pending_find(MGMT_OP_SET_LE, hdev) ||
1871 mgmt_pending_find(MGMT_OP_SET_ADVERTISING, hdev)) {
bdb6d971 1872 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
04124681 1873 MGMT_STATUS_BUSY);
1de028ce 1874 goto unlock;
06199cf8
JH		 1875 }
1876
1877 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LE, hdev, data, len);
1878 if (!cmd) {
1879 err = -ENOMEM;
1de028ce 1880 goto unlock;
06199cf8
JH		 1881 }
1882
441ad2d0
MH		 1883 hci_req_init(&req, hdev);
1884
06199cf8
JH		 1885 memset(&hci_cp, 0, sizeof(hci_cp));
1886
1887 if (val) {
1888 hci_cp.le = val;
ffa88e02 1889 hci_cp.simul = lmp_le_br_capable(hdev);
441ad2d0
MH		 1890 } else {
1891 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags))
1892 disable_advertising(&req);
06199cf8
JH		 1893 }
1894
416a4ae5
JH		 1895 hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(hci_cp),
1896 &hci_cp);
1897
1898 err = hci_req_run(&req, le_enable_complete);
0c01bc48 1899 if (err < 0)
06199cf8 1900 mgmt_pending_remove(cmd);
06199cf8 1901
1de028ce
JH		 1902unlock:
1903 hci_dev_unlock(hdev);
06199cf8
JH		 1904 return err;
1905}
1906
0cab9c80
JH		 1907/* This is a helper function to test for pending mgmt commands that can
1908 * cause CoD or EIR HCI commands. We can only allow one such pending
1909 * mgmt command at a time since otherwise we cannot easily track what
1910 * the current values are, will be, and based on that calculate if a new
1911 * HCI command needs to be sent and if yes with what value.
1912 */
1913static bool pending_eir_or_class(struct hci_dev *hdev)
1914{
1915 struct pending_cmd *cmd;
1916
1917 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
1918 switch (cmd->opcode) {
1919 case MGMT_OP_ADD_UUID:
1920 case MGMT_OP_REMOVE_UUID:
1921 case MGMT_OP_SET_DEV_CLASS:
1922 case MGMT_OP_SET_POWERED:
1923 return true;
1924 }
1925 }
1926
1927 return false;
1928}
1929
83be8eca
JH		 1930static const u8 bluetooth_base_uuid[] = {
1931 0xfb, 0x34, 0x9b, 0x5f, 0x80, 0x00, 0x00, 0x80,
1932 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1933};
1934
1935static u8 get_uuid_size(const u8 *uuid)
1936{
1937 u32 val;
1938
1939 if (memcmp(uuid, bluetooth_base_uuid, 12))
1940 return 128;
1941
1942 val = get_unaligned_le32(&uuid[12]);
1943 if (val > 0xffff)
1944 return 32;
1945
1946 return 16;
1947}
1948
92da6097
JH		 1949static void mgmt_class_complete(struct hci_dev *hdev, u16 mgmt_op, u8 status)
1950{
1951 struct pending_cmd *cmd;
1952
1953 hci_dev_lock(hdev);
1954
1955 cmd = mgmt_pending_find(mgmt_op, hdev);
1956 if (!cmd)
1957 goto unlock;
1958
1959 cmd_complete(cmd->sk, cmd->index, cmd->opcode, mgmt_status(status),
1960 hdev->dev_class, 3);
1961
1962 mgmt_pending_remove(cmd);
1963
1964unlock:
1965 hci_dev_unlock(hdev);
1966}
1967
1968static void add_uuid_complete(struct hci_dev *hdev, u8 status)
1969{
1970 BT_DBG("status 0x%02x", status);
1971
1972 mgmt_class_complete(hdev, MGMT_OP_ADD_UUID, status);
1973}
1974
bdb6d971 1975static int add_uuid(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
2aeb9a1a 1976{
650f726d 1977 struct mgmt_cp_add_uuid *cp = data;
90e70454 1978 struct pending_cmd *cmd;
890ea898 1979 struct hci_request req;
2aeb9a1a 1980 struct bt_uuid *uuid;
2aeb9a1a
JH		 1981 int err;
1982
bdb6d971 1983 BT_DBG("request for %s", hdev->name);
2aeb9a1a 1984
09fd0de5 1985 hci_dev_lock(hdev);
2aeb9a1a 1986
0cab9c80 1987 if (pending_eir_or_class(hdev)) {
bdb6d971 1988 err = cmd_status(sk, hdev->id, MGMT_OP_ADD_UUID,
04124681 1989 MGMT_STATUS_BUSY);
c95f0ba7
JH		 1990 goto failed;
1991 }
1992
92c4c204 1993 uuid = kmalloc(sizeof(*uuid), GFP_KERNEL);
2aeb9a1a
JH		 1994 if (!uuid) {
1995 err = -ENOMEM;
1996 goto failed;
1997 }
1998
1999 memcpy(uuid->uuid, cp->uuid, 16);
1aff6f09 2000 uuid->svc_hint = cp->svc_hint;
83be8eca 2001 uuid->size = get_uuid_size(cp->uuid);
2aeb9a1a 2002
de66aa63 2003 list_add_tail(&uuid->list, &hdev->uuids);
2aeb9a1a 2004
890ea898 2005 hci_req_init(&req, hdev);
1aff6f09 2006
890ea898
JH		 2007 update_class(&req);
2008 update_eir(&req);
2009
92da6097
JH		 2010 err = hci_req_run(&req, add_uuid_complete);
2011 if (err < 0) {
2012 if (err != -ENODATA)
2013 goto failed;
80a1e1db 2014
bdb6d971 2015 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_UUID, 0,
04124681 2016 hdev->dev_class, 3);
90e70454
JH		 2017 goto failed;
2018 }
2019
2020 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_UUID, hdev, data, len);
890ea898 2021 if (!cmd) {
90e70454 2022 err = -ENOMEM;
890ea898
JH		 2023 goto failed;
2024 }
2025
2026 err = 0;
2aeb9a1a
JH		 2027
2028failed:
09fd0de5 2029 hci_dev_unlock(hdev);
2aeb9a1a
JH		 2030 return err;
2031}
2032
24b78d0f
JH		 2033static bool enable_service_cache(struct hci_dev *hdev)
2034{
2035 if (!hdev_is_powered(hdev))
2036 return false;
2037
2038 if (!test_and_set_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
46818ed5
JH		 2039 queue_delayed_work(hdev->workqueue, &hdev->service_cache,
2040 CACHE_TIMEOUT);
24b78d0f
JH		 2041 return true;
2042 }
2043
2044 return false;
2045}
2046
92da6097
JH		 2047static void remove_uuid_complete(struct hci_dev *hdev, u8 status)
2048{
2049 BT_DBG("status 0x%02x", status);
2050
2051 mgmt_class_complete(hdev, MGMT_OP_REMOVE_UUID, status);
2052}
2053
bdb6d971 2054static int remove_uuid(struct sock *sk, struct hci_dev *hdev, void *data,
8ce8e2b5 2055 u16 len)
2aeb9a1a 2056{
650f726d 2057 struct mgmt_cp_remove_uuid *cp = data;
90e70454 2058 struct pending_cmd *cmd;
056341c8 2059 struct bt_uuid *match, *tmp;
2aeb9a1a 2060 u8 bt_uuid_any[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
890ea898 2061 struct hci_request req;
2aeb9a1a
JH		 2062 int err, found;
2063
bdb6d971 2064 BT_DBG("request for %s", hdev->name);
2aeb9a1a 2065
09fd0de5 2066 hci_dev_lock(hdev);
2aeb9a1a 2067
0cab9c80 2068 if (pending_eir_or_class(hdev)) {
bdb6d971 2069 err = cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
04124681 2070 MGMT_STATUS_BUSY);
c95f0ba7
JH		 2071 goto unlock;
2072 }
2073
2aeb9a1a
JH		 2074 if (memcmp(cp->uuid, bt_uuid_any, 16) == 0) {
2075 err = hci_uuids_clear(hdev);
4004b6d9 2076
24b78d0f 2077 if (enable_service_cache(hdev)) {
bdb6d971 2078 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID,
04124681 2079 0, hdev->dev_class, 3);
24b78d0f
JH		 2080 goto unlock;
2081 }
4004b6d9 2082
9246a869 2083 goto update_class;
2aeb9a1a
JH		 2084 }
2085
2086 found = 0;
2087
056341c8 2088 list_for_each_entry_safe(match, tmp, &hdev->uuids, list) {
2aeb9a1a
JH		 2089 if (memcmp(match->uuid, cp->uuid, 16) != 0)
2090 continue;
2091
2092 list_del(&match->list);
482049f7 2093 kfree(match);
2aeb9a1a
JH		 2094 found++;
2095 }
2096
2097 if (found == 0) {
bdb6d971 2098 err = cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
04124681 2099 MGMT_STATUS_INVALID_PARAMS);
2aeb9a1a
JH		 2100 goto unlock;
2101 }
2102
9246a869 2103update_class:
890ea898 2104 hci_req_init(&req, hdev);
1aff6f09 2105
890ea898
JH		 2106 update_class(&req);
2107 update_eir(&req);
2108
92da6097
JH		 2109 err = hci_req_run(&req, remove_uuid_complete);
2110 if (err < 0) {
2111 if (err != -ENODATA)
2112 goto unlock;
80a1e1db 2113
bdb6d971 2114 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID, 0,
04124681 2115 hdev->dev_class, 3);
90e70454
JH		 2116 goto unlock;
2117 }
2118
2119 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_UUID, hdev, data, len);
890ea898 2120 if (!cmd) {
90e70454 2121 err = -ENOMEM;
890ea898
JH		 2122 goto unlock;
2123 }
2124
2125 err = 0;
2aeb9a1a
JH		 2126
2127unlock:
09fd0de5 2128 hci_dev_unlock(hdev);
2aeb9a1a
JH		 2129 return err;
2130}
2131
92da6097
JH		 2132static void set_class_complete(struct hci_dev *hdev, u8 status)
2133{
2134 BT_DBG("status 0x%02x", status);
2135
2136 mgmt_class_complete(hdev, MGMT_OP_SET_DEV_CLASS, status);
2137}
2138
bdb6d971 2139static int set_dev_class(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2140 u16 len)
1aff6f09 2141{
650f726d 2142 struct mgmt_cp_set_dev_class *cp = data;
90e70454 2143 struct pending_cmd *cmd;
890ea898 2144 struct hci_request req;
1aff6f09
JH		 2145 int err;
2146
bdb6d971 2147 BT_DBG("request for %s", hdev->name);
1aff6f09 2148
6203fc98 2149 if (!lmp_bredr_capable(hdev))
13ecd8b6
JH		 2150 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2151 MGMT_STATUS_NOT_SUPPORTED);
1aff6f09 2152
0cab9c80 2153 hci_dev_lock(hdev);
ee98f473 2154
0cab9c80
JH		 2155 if (pending_eir_or_class(hdev)) {
2156 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2157 MGMT_STATUS_BUSY);
2158 goto unlock;
2159 }
c95f0ba7 2160
0cab9c80
JH		 2161 if ((cp->minor & 0x03) != 0 || (cp->major & 0xe0) != 0) {
2162 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2163 MGMT_STATUS_INVALID_PARAMS);
2164 goto unlock;
2165 }
575b3a02 2166
932f5ff5
JH		 2167 hdev->major_class = cp->major;
2168 hdev->minor_class = cp->minor;
2169
b5235a65 2170 if (!hdev_is_powered(hdev)) {
bdb6d971 2171 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
04124681 2172 hdev->dev_class, 3);
b5235a65
JH		 2173 goto unlock;
2174 }
2175
890ea898
JH		 2176 hci_req_init(&req, hdev);
2177
a8b2d5c2 2178 if (test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
7d78525d
JH		 2179 hci_dev_unlock(hdev);
2180 cancel_delayed_work_sync(&hdev->service_cache);
2181 hci_dev_lock(hdev);
890ea898 2182 update_eir(&req);
7d78525d 2183 }
14c0b608 2184
890ea898
JH		 2185 update_class(&req);
2186
92da6097
JH		 2187 err = hci_req_run(&req, set_class_complete);
2188 if (err < 0) {
2189 if (err != -ENODATA)
2190 goto unlock;
1aff6f09 2191
bdb6d971 2192 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
04124681 2193 hdev->dev_class, 3);
90e70454
JH		 2194 goto unlock;
2195 }
2196
2197 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DEV_CLASS, hdev, data, len);
890ea898 2198 if (!cmd) {
90e70454 2199 err = -ENOMEM;
890ea898
JH		 2200 goto unlock;
2201 }
2202
2203 err = 0;
1aff6f09 2204
b5235a65 2205unlock:
09fd0de5 2206 hci_dev_unlock(hdev);
1aff6f09
JH		 2207 return err;
2208}
2209
bdb6d971 2210static int load_link_keys(struct sock *sk, struct hci_dev *hdev, void *data,
8ce8e2b5 2211 u16 len)
55ed8ca1 2212{
650f726d 2213 struct mgmt_cp_load_link_keys *cp = data;
4e51eae9 2214 u16 key_count, expected_len;
b1de97d8 2215 bool changed;
a492cd52 2216 int i;
55ed8ca1 2217
9060d5cf
MH		 2218 BT_DBG("request for %s", hdev->name);
2219
2220 if (!lmp_bredr_capable(hdev))
2221 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2222 MGMT_STATUS_NOT_SUPPORTED);
2223
1f350c87 2224 key_count = __le16_to_cpu(cp->key_count);
55ed8ca1 2225
86742e1e
JH		 2226 expected_len = sizeof(*cp) + key_count *
2227 sizeof(struct mgmt_link_key_info);
a492cd52 2228 if (expected_len != len) {
86742e1e 2229 BT_ERR("load_link_keys: expected %u bytes, got %u bytes",
8ce8e2b5 2230 len, expected_len);
bdb6d971 2231 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
04124681 2232 MGMT_STATUS_INVALID_PARAMS);
55ed8ca1
JH		 2233 }
2234
4ae14301
JH		 2235 if (cp->debug_keys != 0x00 && cp->debug_keys != 0x01)
2236 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2237 MGMT_STATUS_INVALID_PARAMS);
2238
bdb6d971 2239 BT_DBG("%s debug_keys %u key_count %u", hdev->name, cp->debug_keys,
8ce8e2b5 2240 key_count);
55ed8ca1 2241
4ee71b20
JH		 2242 for (i = 0; i < key_count; i++) {
2243 struct mgmt_link_key_info *key = &cp->keys[i];
2244
8e991132 2245 if (key->addr.type != BDADDR_BREDR || key->type > 0x08)
4ee71b20
JH		 2246 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2247 MGMT_STATUS_INVALID_PARAMS);
2248 }
2249
09fd0de5 2250 hci_dev_lock(hdev);
55ed8ca1
JH		 2251
2252 hci_link_keys_clear(hdev);
2253
55ed8ca1 2254 if (cp->debug_keys)
b1de97d8 2255 changed = !test_and_set_bit(HCI_DEBUG_KEYS, &hdev->dev_flags);
55ed8ca1 2256 else
b1de97d8
MH		 2257 changed = test_and_clear_bit(HCI_DEBUG_KEYS, &hdev->dev_flags);
2258
2259 if (changed)
2260 new_settings(hdev, NULL);
55ed8ca1 2261
a492cd52 2262 for (i = 0; i < key_count; i++) {
86742e1e 2263 struct mgmt_link_key_info *key = &cp->keys[i];
55ed8ca1 2264
d753fdc4 2265 hci_add_link_key(hdev, NULL, 0, &key->addr.bdaddr, key->val,
04124681 2266 key->type, key->pin_len);
55ed8ca1
JH		 2267 }
2268
bdb6d971 2269 cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS, 0, NULL, 0);
0e5f875a 2270
09fd0de5 2271 hci_dev_unlock(hdev);
55ed8ca1 2272
a492cd52 2273 return 0;
55ed8ca1
JH		 2274}
2275
b1078ad0 2276static int device_unpaired(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 2277 u8 addr_type, struct sock *skip_sk)
b1078ad0
JH		 2278{
2279 struct mgmt_ev_device_unpaired ev;
2280
2281 bacpy(&ev.addr.bdaddr, bdaddr);
2282 ev.addr.type = addr_type;
2283
2284 return mgmt_event(MGMT_EV_DEVICE_UNPAIRED, hdev, &ev, sizeof(ev),
04124681 2285 skip_sk);
b1078ad0
JH		 2286}
2287
bdb6d971 2288static int unpair_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2289 u16 len)
55ed8ca1 2290{
124f6e35
JH		 2291 struct mgmt_cp_unpair_device *cp = data;
2292 struct mgmt_rp_unpair_device rp;
a8a1d19e
JH		 2293 struct hci_cp_disconnect dc;
2294 struct pending_cmd *cmd;
55ed8ca1 2295 struct hci_conn *conn;
55ed8ca1
JH		 2296 int err;
2297
a8a1d19e 2298 memset(&rp, 0, sizeof(rp));
124f6e35
JH		 2299 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2300 rp.addr.type = cp->addr.type;
a8a1d19e 2301
4ee71b20
JH		 2302 if (!bdaddr_type_is_valid(cp->addr.type))
2303 return cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2304 MGMT_STATUS_INVALID_PARAMS,
2305 &rp, sizeof(rp));
2306
118da70b
JH		 2307 if (cp->disconnect != 0x00 && cp->disconnect != 0x01)
2308 return cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2309 MGMT_STATUS_INVALID_PARAMS,
2310 &rp, sizeof(rp));
2311
4ee71b20
JH		 2312 hci_dev_lock(hdev);
2313
86a8cfc6 2314 if (!hdev_is_powered(hdev)) {
bdb6d971 2315 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
04124681 2316 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
86a8cfc6
JH		 2317 goto unlock;
2318 }
2319
591f47f3 2320 if (cp->addr.type == BDADDR_BREDR)
124f6e35
JH		 2321 err = hci_remove_link_key(hdev, &cp->addr.bdaddr);
2322 else
2323 err = hci_remove_ltk(hdev, &cp->addr.bdaddr);
b0dbfb46 2324
55ed8ca1 2325 if (err < 0) {
bdb6d971 2326 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
04124681 2327 MGMT_STATUS_NOT_PAIRED, &rp, sizeof(rp));
55ed8ca1
JH		 2328 goto unlock;
2329 }
2330
86a8cfc6 2331 if (cp->disconnect) {
591f47f3 2332 if (cp->addr.type == BDADDR_BREDR)
86a8cfc6 2333 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
8ce8e2b5 2334 &cp->addr.bdaddr);
86a8cfc6
JH		 2335 else
2336 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK,
8ce8e2b5 2337 &cp->addr.bdaddr);
86a8cfc6
JH		 2338 } else {
2339 conn = NULL;
2340 }
124f6e35 2341
a8a1d19e 2342 if (!conn) {
bdb6d971 2343 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE, 0,
04124681 2344 &rp, sizeof(rp));
b1078ad0 2345 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, sk);
a8a1d19e
JH		 2346 goto unlock;
2347 }
55ed8ca1 2348
124f6e35 2349 cmd = mgmt_pending_add(sk, MGMT_OP_UNPAIR_DEVICE, hdev, cp,
04124681 2350 sizeof(*cp));
a8a1d19e
JH		 2351 if (!cmd) {
2352 err = -ENOMEM;
2353 goto unlock;
55ed8ca1
JH		 2354 }
2355
eb55ef07 2356 dc.handle = cpu_to_le16(conn->handle);
a8a1d19e
JH		 2357 dc.reason = 0x13; /* Remote User Terminated Connection */
2358 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
2359 if (err < 0)
2360 mgmt_pending_remove(cmd);
2361
55ed8ca1 2362unlock:
09fd0de5 2363 hci_dev_unlock(hdev);
55ed8ca1
JH		 2364 return err;
2365}
2366
bdb6d971 2367static int disconnect(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2368 u16 len)
8962ee74 2369{
650f726d 2370 struct mgmt_cp_disconnect *cp = data;
06a63b19 2371 struct mgmt_rp_disconnect rp;
8962ee74 2372 struct hci_cp_disconnect dc;
366a0336 2373 struct pending_cmd *cmd;
8962ee74 2374 struct hci_conn *conn;
8962ee74
JH		 2375 int err;
2376
2377 BT_DBG("");
2378
06a63b19
JH		 2379 memset(&rp, 0, sizeof(rp));
2380 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2381 rp.addr.type = cp->addr.type;
2382
4ee71b20 2383 if (!bdaddr_type_is_valid(cp->addr.type))
06a63b19
JH		 2384 return cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2385 MGMT_STATUS_INVALID_PARAMS,
2386 &rp, sizeof(rp));
4ee71b20 2387
09fd0de5 2388 hci_dev_lock(hdev);
8962ee74
JH		 2389
2390 if (!test_bit(HCI_UP, &hdev->flags)) {
06a63b19
JH		 2391 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2392 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
8962ee74
JH		 2393 goto failed;
2394 }
2395
2e58ef3e 2396 if (mgmt_pending_find(MGMT_OP_DISCONNECT, hdev)) {
06a63b19
JH		 2397 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2398 MGMT_STATUS_BUSY, &rp, sizeof(rp));
8962ee74
JH		 2399 goto failed;
2400 }
2401
591f47f3 2402 if (cp->addr.type == BDADDR_BREDR)
8fc9ced3
GP		 2403 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
2404 &cp->addr.bdaddr);
88c3df13
JH		 2405 else
2406 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
365227e5 2407
f960727e 2408 if (!conn || conn->state == BT_OPEN || conn->state == BT_CLOSED) {
06a63b19
JH		 2409 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2410 MGMT_STATUS_NOT_CONNECTED, &rp, sizeof(rp));
8962ee74
JH		 2411 goto failed;
2412 }
2413
2e58ef3e 2414 cmd = mgmt_pending_add(sk, MGMT_OP_DISCONNECT, hdev, data, len);
366a0336
JH		 2415 if (!cmd) {
2416 err = -ENOMEM;
8962ee74 2417 goto failed;
366a0336 2418 }
8962ee74 2419
eb55ef07 2420 dc.handle = cpu_to_le16(conn->handle);
3701f944 2421 dc.reason = HCI_ERROR_REMOTE_USER_TERM;
8962ee74
JH		 2422
2423 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
2424 if (err < 0)
a664b5bc 2425 mgmt_pending_remove(cmd);
8962ee74
JH		 2426
2427failed:
09fd0de5 2428 hci_dev_unlock(hdev);
8962ee74
JH		 2429 return err;
2430}
2431
57c1477c 2432static u8 link_to_bdaddr(u8 link_type, u8 addr_type)
4c659c39
JH		 2433{
2434 switch (link_type) {
2435 case LE_LINK:
48264f06
JH		 2436 switch (addr_type) {
2437 case ADDR_LE_DEV_PUBLIC:
591f47f3 2438 return BDADDR_LE_PUBLIC;
0ed09148 2439
48264f06 2440 default:
0ed09148 2441 /* Fallback to LE Random address type */
591f47f3 2442 return BDADDR_LE_RANDOM;
48264f06 2443 }
0ed09148 2444
4c659c39 2445 default:
0ed09148 2446 /* Fallback to BR/EDR type */
591f47f3 2447 return BDADDR_BREDR;
4c659c39
JH		 2448 }
2449}
2450
04124681
GP		 2451static int get_connections(struct sock *sk, struct hci_dev *hdev, void *data,
2452 u16 data_len)
2784eb41 2453{
2784eb41 2454 struct mgmt_rp_get_connections *rp;
8035ded4 2455 struct hci_conn *c;
a38528f1 2456 size_t rp_len;
60fc5fb6
JH		 2457 int err;
2458 u16 i;
2784eb41
JH		 2459
2460 BT_DBG("");
2461
09fd0de5 2462 hci_dev_lock(hdev);
2784eb41 2463
5f97c1df 2464 if (!hdev_is_powered(hdev)) {
bdb6d971 2465 err = cmd_status(sk, hdev->id, MGMT_OP_GET_CONNECTIONS,
04124681 2466 MGMT_STATUS_NOT_POWERED);
5f97c1df
JH		 2467 goto unlock;
2468 }
2469
60fc5fb6 2470 i = 0;
b644ba33
JH		 2471 list_for_each_entry(c, &hdev->conn_hash.list, list) {
2472 if (test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
60fc5fb6 2473 i++;
2784eb41
JH		 2474 }
2475
60fc5fb6 2476 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
92c4c204 2477 rp = kmalloc(rp_len, GFP_KERNEL);
a38528f1 2478 if (!rp) {
2784eb41
JH		 2479 err = -ENOMEM;
2480 goto unlock;
2481 }
2482
2784eb41 2483 i = 0;
4c659c39 2484 list_for_each_entry(c, &hdev->conn_hash.list, list) {
b644ba33
JH		 2485 if (!test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
2486 continue;
4c659c39 2487 bacpy(&rp->addr[i].bdaddr, &c->dst);
57c1477c 2488 rp->addr[i].type = link_to_bdaddr(c->type, c->dst_type);
0ed09148 2489 if (c->type == SCO_LINK || c->type == ESCO_LINK)
4c659c39
JH		 2490 continue;
2491 i++;
2492 }
2493
eb55ef07 2494 rp->conn_count = cpu_to_le16(i);
60fc5fb6 2495
4c659c39
JH		 2496 /* Recalculate length in case of filtered SCO connections, etc */
2497 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
2784eb41 2498
bdb6d971 2499 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CONNECTIONS, 0, rp,
04124681 2500 rp_len);
2784eb41 2501
a38528f1 2502 kfree(rp);
5f97c1df
JH		 2503
2504unlock:
09fd0de5 2505 hci_dev_unlock(hdev);
2784eb41
JH		 2506 return err;
2507}
2508
bdb6d971 2509static int send_pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 2510 struct mgmt_cp_pin_code_neg_reply *cp)
96d97a67
WR		 2511{
2512 struct pending_cmd *cmd;
2513 int err;
2514
2e58ef3e 2515 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_NEG_REPLY, hdev, cp,
04124681 2516 sizeof(*cp));
96d97a67
WR		 2517 if (!cmd)
2518 return -ENOMEM;
2519
d8457698 2520 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
04124681 2521 sizeof(cp->addr.bdaddr), &cp->addr.bdaddr);
96d97a67
WR		 2522 if (err < 0)
2523 mgmt_pending_remove(cmd);
2524
2525 return err;
2526}
2527
bdb6d971 2528static int pin_code_reply(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2529 u16 len)
980e1a53 2530{
96d97a67 2531 struct hci_conn *conn;
650f726d 2532 struct mgmt_cp_pin_code_reply *cp = data;
980e1a53 2533 struct hci_cp_pin_code_reply reply;
366a0336 2534 struct pending_cmd *cmd;
980e1a53
JH		 2535 int err;
2536
2537 BT_DBG("");
2538
09fd0de5 2539 hci_dev_lock(hdev);
980e1a53 2540
4b34ee78 2541 if (!hdev_is_powered(hdev)) {
bdb6d971 2542 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
04124681 2543 MGMT_STATUS_NOT_POWERED);
980e1a53
JH		 2544 goto failed;
2545 }
2546
d8457698 2547 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->addr.bdaddr);
96d97a67 2548 if (!conn) {
bdb6d971 2549 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
04124681 2550 MGMT_STATUS_NOT_CONNECTED);
96d97a67
WR		 2551 goto failed;
2552 }
2553
2554 if (conn->pending_sec_level == BT_SECURITY_HIGH && cp->pin_len != 16) {
d8457698
JH		 2555 struct mgmt_cp_pin_code_neg_reply ncp;
2556
2557 memcpy(&ncp.addr, &cp->addr, sizeof(ncp.addr));
96d97a67
WR		 2558
2559 BT_ERR("PIN code is not 16 bytes long");
2560
bdb6d971 2561 err = send_pin_code_neg_reply(sk, hdev, &ncp);
96d97a67 2562 if (err >= 0)
bdb6d971 2563 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
04124681 2564 MGMT_STATUS_INVALID_PARAMS);
96d97a67
WR		 2565
2566 goto failed;
2567 }
2568
00abfe44 2569 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_REPLY, hdev, data, len);
366a0336
JH		 2570 if (!cmd) {
2571 err = -ENOMEM;
980e1a53 2572 goto failed;
366a0336 2573 }
980e1a53 2574
d8457698 2575 bacpy(&reply.bdaddr, &cp->addr.bdaddr);
980e1a53 2576 reply.pin_len = cp->pin_len;
24718ca5 2577 memcpy(reply.pin_code, cp->pin_code, sizeof(reply.pin_code));
980e1a53
JH		 2578
2579 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_REPLY, sizeof(reply), &reply);
2580 if (err < 0)
a664b5bc 2581 mgmt_pending_remove(cmd);
980e1a53
JH		 2582
2583failed:
09fd0de5 2584 hci_dev_unlock(hdev);
980e1a53
JH		 2585 return err;
2586}
2587
04124681
GP		 2588static int set_io_capability(struct sock *sk, struct hci_dev *hdev, void *data,
2589 u16 len)
17fa4b9d 2590{
650f726d 2591 struct mgmt_cp_set_io_capability *cp = data;
17fa4b9d
JH		 2592
2593 BT_DBG("");
2594
09fd0de5 2595 hci_dev_lock(hdev);
17fa4b9d
JH		 2596
2597 hdev->io_capability = cp->io_capability;
2598
2599 BT_DBG("%s IO capability set to 0x%02x", hdev->name,
8ce8e2b5 2600 hdev->io_capability);
17fa4b9d 2601
09fd0de5 2602 hci_dev_unlock(hdev);
17fa4b9d 2603
04124681
GP		 2604 return cmd_complete(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY, 0, NULL,
2605 0);
17fa4b9d
JH		 2606}
2607
6039aa73 2608static struct pending_cmd *find_pairing(struct hci_conn *conn)
e9a416b5
JH		 2609{
2610 struct hci_dev *hdev = conn->hdev;
8035ded4 2611 struct pending_cmd *cmd;
e9a416b5 2612
2e58ef3e 2613 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
e9a416b5
JH		 2614 if (cmd->opcode != MGMT_OP_PAIR_DEVICE)
2615 continue;
2616
e9a416b5
JH		 2617 if (cmd->user_data != conn)
2618 continue;
2619
2620 return cmd;
2621 }
2622
2623 return NULL;
2624}
2625
2626static void pairing_complete(struct pending_cmd *cmd, u8 status)
2627{
2628 struct mgmt_rp_pair_device rp;
2629 struct hci_conn *conn = cmd->user_data;
2630
ba4e564f 2631 bacpy(&rp.addr.bdaddr, &conn->dst);
57c1477c 2632 rp.addr.type = link_to_bdaddr(conn->type, conn->dst_type);
e9a416b5 2633
aee9b218 2634 cmd_complete(cmd->sk, cmd->index, MGMT_OP_PAIR_DEVICE, status,
04124681 2635 &rp, sizeof(rp));
e9a416b5
JH		 2636
2637 /* So we don't get further callbacks for this connection */
2638 conn->connect_cfm_cb = NULL;
2639 conn->security_cfm_cb = NULL;
2640 conn->disconn_cfm_cb = NULL;
2641
76a68ba0 2642 hci_conn_drop(conn);
e9a416b5 2643
a664b5bc 2644 mgmt_pending_remove(cmd);
e9a416b5
JH		 2645}
2646
2647static void pairing_complete_cb(struct hci_conn *conn, u8 status)
2648{
2649 struct pending_cmd *cmd;
2650
2651 BT_DBG("status %u", status);
2652
2653 cmd = find_pairing(conn);
56e5cb86 2654 if (!cmd)
e9a416b5 2655 BT_DBG("Unable to find a pending command");
56e5cb86 2656 else
e211326c 2657 pairing_complete(cmd, mgmt_status(status));
e9a416b5
JH		 2658}
2659
4c47d739
VA		 2660static void le_connect_complete_cb(struct hci_conn *conn, u8 status)
2661{
2662 struct pending_cmd *cmd;
2663
2664 BT_DBG("status %u", status);
2665
2666 if (!status)
2667 return;
2668
2669 cmd = find_pairing(conn);
2670 if (!cmd)
2671 BT_DBG("Unable to find a pending command");
2672 else
2673 pairing_complete(cmd, mgmt_status(status));
2674}
2675
bdb6d971 2676static int pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2677 u16 len)
e9a416b5 2678{
650f726d 2679 struct mgmt_cp_pair_device *cp = data;
1425acb7 2680 struct mgmt_rp_pair_device rp;
e9a416b5
JH		 2681 struct pending_cmd *cmd;
2682 u8 sec_level, auth_type;
2683 struct hci_conn *conn;
e9a416b5
JH		 2684 int err;
2685
2686 BT_DBG("");
2687
f950a30e
SJ		 2688 memset(&rp, 0, sizeof(rp));
2689 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2690 rp.addr.type = cp->addr.type;
2691
4ee71b20
JH		 2692 if (!bdaddr_type_is_valid(cp->addr.type))
2693 return cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2694 MGMT_STATUS_INVALID_PARAMS,
2695 &rp, sizeof(rp));
2696
09fd0de5 2697 hci_dev_lock(hdev);
e9a416b5 2698
5f97c1df 2699 if (!hdev_is_powered(hdev)) {
f950a30e
SJ		 2700 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2701 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
5f97c1df
JH		 2702 goto unlock;
2703 }
2704
c908df36
VCG		 2705 sec_level = BT_SECURITY_MEDIUM;
2706 if (cp->io_cap == 0x03)
e9a416b5 2707 auth_type = HCI_AT_DEDICATED_BONDING;
c908df36 2708 else
e9a416b5 2709 auth_type = HCI_AT_DEDICATED_BONDING_MITM;
e9a416b5 2710
591f47f3 2711 if (cp->addr.type == BDADDR_BREDR)
b12f62cf
AG		 2712 conn = hci_connect(hdev, ACL_LINK, &cp->addr.bdaddr,
2713 cp->addr.type, sec_level, auth_type);
7a512d01 2714 else
b12f62cf
AG		 2715 conn = hci_connect(hdev, LE_LINK, &cp->addr.bdaddr,
2716 cp->addr.type, sec_level, auth_type);
7a512d01 2717
30e76272 2718 if (IS_ERR(conn)) {
489dc48e
AK		 2719 int status;
2720
2721 if (PTR_ERR(conn) == -EBUSY)
2722 status = MGMT_STATUS_BUSY;
2723 else
2724 status = MGMT_STATUS_CONNECT_FAILED;
2725
bdb6d971 2726 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
489dc48e 2727 status, &rp,
04124681 2728 sizeof(rp));
e9a416b5
JH		 2729 goto unlock;
2730 }
2731
2732 if (conn->connect_cfm_cb) {
76a68ba0 2733 hci_conn_drop(conn);
bdb6d971 2734 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
04124681 2735 MGMT_STATUS_BUSY, &rp, sizeof(rp));
e9a416b5
JH		 2736 goto unlock;
2737 }
2738
2e58ef3e 2739 cmd = mgmt_pending_add(sk, MGMT_OP_PAIR_DEVICE, hdev, data, len);
e9a416b5
JH		 2740 if (!cmd) {
2741 err = -ENOMEM;
76a68ba0 2742 hci_conn_drop(conn);
e9a416b5
JH		 2743 goto unlock;
2744 }
2745
7a512d01 2746 /* For LE, just connecting isn't a proof that the pairing finished */
591f47f3 2747 if (cp->addr.type == BDADDR_BREDR)
7a512d01 2748 conn->connect_cfm_cb = pairing_complete_cb;
4c47d739
VA		 2749 else
2750 conn->connect_cfm_cb = le_connect_complete_cb;
7a512d01 2751
e9a416b5
JH		 2752 conn->security_cfm_cb = pairing_complete_cb;
2753 conn->disconn_cfm_cb = pairing_complete_cb;
2754 conn->io_capability = cp->io_cap;
2755 cmd->user_data = conn;
2756
2757 if (conn->state == BT_CONNECTED &&
8ce8e2b5 2758 hci_conn_security(conn, sec_level, auth_type))
e9a416b5
JH		 2759 pairing_complete(cmd, 0);
2760
2761 err = 0;
2762
2763unlock:
09fd0de5 2764 hci_dev_unlock(hdev);
e9a416b5
JH		 2765 return err;
2766}
2767
04124681
GP		 2768static int cancel_pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
2769 u16 len)
28424707 2770{
0f4e68cf 2771 struct mgmt_addr_info *addr = data;
28424707
JH		 2772 struct pending_cmd *cmd;
2773 struct hci_conn *conn;
2774 int err;
2775
2776 BT_DBG("");
2777
28424707
JH		 2778 hci_dev_lock(hdev);
2779
5f97c1df 2780 if (!hdev_is_powered(hdev)) {
bdb6d971 2781 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
04124681 2782 MGMT_STATUS_NOT_POWERED);
5f97c1df
JH		 2783 goto unlock;
2784 }
2785
28424707
JH		 2786 cmd = mgmt_pending_find(MGMT_OP_PAIR_DEVICE, hdev);
2787 if (!cmd) {
bdb6d971 2788 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
04124681 2789 MGMT_STATUS_INVALID_PARAMS);
28424707
JH		 2790 goto unlock;
2791 }
2792
2793 conn = cmd->user_data;
2794
2795 if (bacmp(&addr->bdaddr, &conn->dst) != 0) {
bdb6d971 2796 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
04124681 2797 MGMT_STATUS_INVALID_PARAMS);
28424707
JH		 2798 goto unlock;
2799 }
2800
2801 pairing_complete(cmd, MGMT_STATUS_CANCELLED);
2802
bdb6d971 2803 err = cmd_complete(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE, 0,
04124681 2804 addr, sizeof(*addr));
28424707
JH		 2805unlock:
2806 hci_dev_unlock(hdev);
28424707
JH		 2807 return err;
2808}
2809
bdb6d971 2810static int user_pairing_resp(struct sock *sk, struct hci_dev *hdev,
1707c60e 2811 struct mgmt_addr_info *addr, u16 mgmt_op,
04124681 2812 u16 hci_op, __le32 passkey)
a5c29683 2813{
a5c29683 2814 struct pending_cmd *cmd;
0df4c185 2815 struct hci_conn *conn;
a5c29683
JH		 2816 int err;
2817
09fd0de5 2818 hci_dev_lock(hdev);
08ba5382 2819
4b34ee78 2820 if (!hdev_is_powered(hdev)) {
feb94d3d
JH		 2821 err = cmd_complete(sk, hdev->id, mgmt_op,
2822 MGMT_STATUS_NOT_POWERED, addr,
2823 sizeof(*addr));
0df4c185 2824 goto done;
a5c29683
JH		 2825 }
2826
1707c60e
JH		 2827 if (addr->type == BDADDR_BREDR)
2828 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &addr->bdaddr);
272d90df 2829 else
1707c60e 2830 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &addr->bdaddr);
272d90df
JH		 2831
2832 if (!conn) {
feb94d3d
JH		 2833 err = cmd_complete(sk, hdev->id, mgmt_op,
2834 MGMT_STATUS_NOT_CONNECTED, addr,
2835 sizeof(*addr));
272d90df
JH		 2836 goto done;
2837 }
47c15e2b 2838
1707c60e 2839 if (addr->type == BDADDR_LE_PUBLIC || addr->type == BDADDR_LE_RANDOM) {
47c15e2b 2840 /* Continue with pairing via SMP */
5fe57d9e
BG		 2841 err = smp_user_confirm_reply(conn, mgmt_op, passkey);
2842
2843 if (!err)
feb94d3d
JH		 2844 err = cmd_complete(sk, hdev->id, mgmt_op,
2845 MGMT_STATUS_SUCCESS, addr,
2846 sizeof(*addr));
5fe57d9e 2847 else
feb94d3d
JH		 2848 err = cmd_complete(sk, hdev->id, mgmt_op,
2849 MGMT_STATUS_FAILED, addr,
2850 sizeof(*addr));
47c15e2b 2851
47c15e2b
BG		 2852 goto done;
2853 }
2854
1707c60e 2855 cmd = mgmt_pending_add(sk, mgmt_op, hdev, addr, sizeof(*addr));
a5c29683
JH		 2856 if (!cmd) {
2857 err = -ENOMEM;
0df4c185 2858 goto done;
a5c29683
JH		 2859 }
2860
0df4c185 2861 /* Continue with pairing via HCI */
604086b7
BG		 2862 if (hci_op == HCI_OP_USER_PASSKEY_REPLY) {
2863 struct hci_cp_user_passkey_reply cp;
2864
1707c60e 2865 bacpy(&cp.bdaddr, &addr->bdaddr);
604086b7
BG		 2866 cp.passkey = passkey;
2867 err = hci_send_cmd(hdev, hci_op, sizeof(cp), &cp);
2868 } else
1707c60e
JH		 2869 err = hci_send_cmd(hdev, hci_op, sizeof(addr->bdaddr),
2870 &addr->bdaddr);
604086b7 2871
a664b5bc
JH		 2872 if (err < 0)
2873 mgmt_pending_remove(cmd);
a5c29683 2874
0df4c185 2875done:
09fd0de5 2876 hci_dev_unlock(hdev);
a5c29683
JH		 2877 return err;
2878}
2879
afeb019d
JK		 2880static int pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
2881 void *data, u16 len)
2882{
2883 struct mgmt_cp_pin_code_neg_reply *cp = data;
2884
2885 BT_DBG("");
2886
1707c60e 2887 return user_pairing_resp(sk, hdev, &cp->addr,
afeb019d
JK		 2888 MGMT_OP_PIN_CODE_NEG_REPLY,
2889 HCI_OP_PIN_CODE_NEG_REPLY, 0);
2890}
2891
04124681
GP		 2892static int user_confirm_reply(struct sock *sk, struct hci_dev *hdev, void *data,
2893 u16 len)
0df4c185 2894{
650f726d 2895 struct mgmt_cp_user_confirm_reply *cp = data;
0df4c185
BG		 2896
2897 BT_DBG("");
2898
2899 if (len != sizeof(*cp))
bdb6d971 2900 return cmd_status(sk, hdev->id, MGMT_OP_USER_CONFIRM_REPLY,
04124681 2901 MGMT_STATUS_INVALID_PARAMS);
0df4c185 2902
1707c60e 2903 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 2904 MGMT_OP_USER_CONFIRM_REPLY,
2905 HCI_OP_USER_CONFIRM_REPLY, 0);
0df4c185
BG		 2906}
2907
bdb6d971 2908static int user_confirm_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 2909 void *data, u16 len)
0df4c185 2910{
c9c2659f 2911 struct mgmt_cp_user_confirm_neg_reply *cp = data;
0df4c185
BG		 2912
2913 BT_DBG("");
2914
1707c60e 2915 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 2916 MGMT_OP_USER_CONFIRM_NEG_REPLY,
2917 HCI_OP_USER_CONFIRM_NEG_REPLY, 0);
0df4c185
BG		 2918}
2919
04124681
GP		 2920static int user_passkey_reply(struct sock *sk, struct hci_dev *hdev, void *data,
2921 u16 len)
604086b7 2922{
650f726d 2923 struct mgmt_cp_user_passkey_reply *cp = data;
604086b7
BG		 2924
2925 BT_DBG("");
2926
1707c60e 2927 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 2928 MGMT_OP_USER_PASSKEY_REPLY,
2929 HCI_OP_USER_PASSKEY_REPLY, cp->passkey);
604086b7
BG		 2930}
2931
bdb6d971 2932static int user_passkey_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 2933 void *data, u16 len)
604086b7 2934{
650f726d 2935 struct mgmt_cp_user_passkey_neg_reply *cp = data;
604086b7
BG		 2936
2937 BT_DBG("");
2938
1707c60e 2939 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 2940 MGMT_OP_USER_PASSKEY_NEG_REPLY,
2941 HCI_OP_USER_PASSKEY_NEG_REPLY, 0);
604086b7
BG		 2942}
2943
13928971 2944static void update_name(struct hci_request *req)
2b4bf397 2945{
13928971 2946 struct hci_dev *hdev = req->hdev;
2b4bf397
JH		 2947 struct hci_cp_write_local_name cp;
2948
13928971 2949 memcpy(cp.name, hdev->dev_name, sizeof(cp.name));
2b4bf397 2950
890ea898 2951 hci_req_add(req, HCI_OP_WRITE_LOCAL_NAME, sizeof(cp), &cp);
2b4bf397
JH		 2952}
2953
13928971
JH		 2954static void set_name_complete(struct hci_dev *hdev, u8 status)
2955{
2956 struct mgmt_cp_set_local_name *cp;
2957 struct pending_cmd *cmd;
2958
2959 BT_DBG("status 0x%02x", status);
2960
2961 hci_dev_lock(hdev);
2962
2963 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
2964 if (!cmd)
2965 goto unlock;
2966
2967 cp = cmd->param;
2968
2969 if (status)
2970 cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME,
2971 mgmt_status(status));
2972 else
2973 cmd_complete(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
2974 cp, sizeof(*cp));
2975
2976 mgmt_pending_remove(cmd);
2977
2978unlock:
2979 hci_dev_unlock(hdev);
2980}
2981
bdb6d971 2982static int set_local_name(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2983 u16 len)
b312b161 2984{
2b4bf397 2985 struct mgmt_cp_set_local_name *cp = data;
b312b161 2986 struct pending_cmd *cmd;
890ea898 2987 struct hci_request req;
b312b161
JH		 2988 int err;
2989
2990 BT_DBG("");
2991
09fd0de5 2992 hci_dev_lock(hdev);
b312b161 2993
b3f2ca94
JH		 2994 /* If the old values are the same as the new ones just return a
2995 * direct command complete event.
2996 */
2997 if (!memcmp(hdev->dev_name, cp->name, sizeof(hdev->dev_name)) &&
2998 !memcmp(hdev->short_name, cp->short_name,
2999 sizeof(hdev->short_name))) {
3000 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3001 data, len);
3002 goto failed;
3003 }
3004
2b4bf397 3005 memcpy(hdev->short_name, cp->short_name, sizeof(hdev->short_name));
28cc7bde 3006
b5235a65 3007 if (!hdev_is_powered(hdev)) {
2b4bf397 3008 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
28cc7bde
JH		 3009
3010 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
04124681 3011 data, len);
28cc7bde
JH		 3012 if (err < 0)
3013 goto failed;
3014
3015 err = mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, data, len,
04124681 3016 sk);
28cc7bde 3017
b5235a65
JH		 3018 goto failed;
3019 }
3020
28cc7bde 3021 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LOCAL_NAME, hdev, data, len);
b312b161
JH		 3022 if (!cmd) {
3023 err = -ENOMEM;
3024 goto failed;
3025 }
3026
13928971
JH		 3027 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
3028
890ea898 3029 hci_req_init(&req, hdev);
3f985050
JH		 3030
3031 if (lmp_bredr_capable(hdev)) {
3032 update_name(&req);
3033 update_eir(&req);
3034 }
3035
7a5f4990
MH		 3036 /* The name is stored in the scan response data and so
3037 * no need to udpate the advertising data here.
3038 */
3f985050 3039 if (lmp_le_capable(hdev))
7a5f4990 3040 update_scan_rsp_data(&req);
3f985050 3041
13928971 3042 err = hci_req_run(&req, set_name_complete);
b312b161
JH		 3043 if (err < 0)
3044 mgmt_pending_remove(cmd);
3045
3046failed:
09fd0de5 3047 hci_dev_unlock(hdev);
b312b161
JH		 3048 return err;
3049}
3050
0f4e68cf 3051static int read_local_oob_data(struct sock *sk, struct hci_dev *hdev,
04124681 3052 void *data, u16 data_len)
c35938b2 3053{
c35938b2
SJ		 3054 struct pending_cmd *cmd;
3055 int err;
3056
bdb6d971 3057 BT_DBG("%s", hdev->name);
c35938b2 3058
09fd0de5 3059 hci_dev_lock(hdev);
c35938b2 3060
4b34ee78 3061 if (!hdev_is_powered(hdev)) {
bdb6d971 3062 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
04124681 3063 MGMT_STATUS_NOT_POWERED);
c35938b2
SJ		 3064 goto unlock;
3065 }
3066
9a1a1996 3067 if (!lmp_ssp_capable(hdev)) {
bdb6d971 3068 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
04124681 3069 MGMT_STATUS_NOT_SUPPORTED);
c35938b2
SJ		 3070 goto unlock;
3071 }
3072
2e58ef3e 3073 if (mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev)) {
bdb6d971 3074 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
04124681 3075 MGMT_STATUS_BUSY);
c35938b2
SJ		 3076 goto unlock;
3077 }
3078
2e58ef3e 3079 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_DATA, hdev, NULL, 0);
c35938b2
SJ		 3080 if (!cmd) {
3081 err = -ENOMEM;
3082 goto unlock;
3083 }
3084
4d2d2796
MH		 3085 if (test_bit(HCI_SC_ENABLED, &hdev->dev_flags))
3086 err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_EXT_DATA,
3087 0, NULL);
3088 else
3089 err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL);
3090
c35938b2
SJ		 3091 if (err < 0)
3092 mgmt_pending_remove(cmd);
3093
3094unlock:
09fd0de5 3095 hci_dev_unlock(hdev);
c35938b2
SJ		 3096 return err;
3097}
3098
bdb6d971 3099static int add_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
04124681 3100 void *data, u16 len)
2763eda6 3101{
2763eda6
SJ		 3102 int err;
3103
bdb6d971 3104 BT_DBG("%s ", hdev->name);
2763eda6 3105
09fd0de5 3106 hci_dev_lock(hdev);
2763eda6 3107
ec109113
MH		 3108 if (len == MGMT_ADD_REMOTE_OOB_DATA_SIZE) {
3109 struct mgmt_cp_add_remote_oob_data *cp = data;
3110 u8 status;
bf1e3541 3111
ec109113
MH		 3112 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr,
3113 cp->hash, cp->randomizer);
3114 if (err < 0)
3115 status = MGMT_STATUS_FAILED;
3116 else
3117 status = MGMT_STATUS_SUCCESS;
3118
3119 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA,
3120 status, &cp->addr, sizeof(cp->addr));
3121 } else if (len == MGMT_ADD_REMOTE_OOB_EXT_DATA_SIZE) {
3122 struct mgmt_cp_add_remote_oob_ext_data *cp = data;
3123 u8 status;
3124
3125 err = hci_add_remote_oob_ext_data(hdev, &cp->addr.bdaddr,
3126 cp->hash192,
3127 cp->randomizer192,
3128 cp->hash256,
3129 cp->randomizer256);
3130 if (err < 0)
3131 status = MGMT_STATUS_FAILED;
3132 else
3133 status = MGMT_STATUS_SUCCESS;
3134
3135 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA,
3136 status, &cp->addr, sizeof(cp->addr));
3137 } else {
3138 BT_ERR("add_remote_oob_data: invalid length of %u bytes", len);
3139 err = cmd_status(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA,
3140 MGMT_STATUS_INVALID_PARAMS);
3141 }
2763eda6 3142
09fd0de5 3143 hci_dev_unlock(hdev);
2763eda6
SJ		 3144 return err;
3145}
3146
bdb6d971 3147static int remove_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
8ce8e2b5 3148 void *data, u16 len)
2763eda6 3149{
650f726d 3150 struct mgmt_cp_remove_remote_oob_data *cp = data;
bf1e3541 3151 u8 status;
2763eda6
SJ		 3152 int err;
3153
bdb6d971 3154 BT_DBG("%s", hdev->name);
2763eda6 3155
09fd0de5 3156 hci_dev_lock(hdev);
2763eda6 3157
664ce4cc 3158 err = hci_remove_remote_oob_data(hdev, &cp->addr.bdaddr);
2763eda6 3159 if (err < 0)
bf1e3541 3160 status = MGMT_STATUS_INVALID_PARAMS;
2763eda6 3161 else
a6785be2 3162 status = MGMT_STATUS_SUCCESS;
bf1e3541 3163
bdb6d971 3164 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
04124681 3165 status, &cp->addr, sizeof(cp->addr));
2763eda6 3166
09fd0de5 3167 hci_dev_unlock(hdev);
2763eda6
SJ		 3168 return err;
3169}
3170
41dc2bd6
AG		 3171static int mgmt_start_discovery_failed(struct hci_dev *hdev, u8 status)
3172{
3173 struct pending_cmd *cmd;
3174 u8 type;
3175 int err;
3176
3177 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
3178
3179 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
3180 if (!cmd)
3181 return -ENOENT;
3182
3183 type = hdev->discovery.type;
3184
3185 err = cmd_complete(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status),
3186 &type, sizeof(type));
3187 mgmt_pending_remove(cmd);
3188
3189 return err;
3190}
3191
7c307720
AG		 3192static void start_discovery_complete(struct hci_dev *hdev, u8 status)
3193{
3194 BT_DBG("status %d", status);
3195
3196 if (status) {
3197 hci_dev_lock(hdev);
3198 mgmt_start_discovery_failed(hdev, status);
3199 hci_dev_unlock(hdev);
3200 return;
3201 }
3202
3203 hci_dev_lock(hdev);
3204 hci_discovery_set_state(hdev, DISCOVERY_FINDING);
3205 hci_dev_unlock(hdev);
3206
3207 switch (hdev->discovery.type) {
3208 case DISCOV_TYPE_LE:
3209 queue_delayed_work(hdev->workqueue, &hdev->le_scan_disable,
0d8cc935 3210 DISCOV_LE_TIMEOUT);
7c307720
AG		 3211 break;
3212
3213 case DISCOV_TYPE_INTERLEAVED:
3214 queue_delayed_work(hdev->workqueue, &hdev->le_scan_disable,
0d8cc935 3215 DISCOV_INTERLEAVED_TIMEOUT);
7c307720
AG		 3216 break;
3217
3218 case DISCOV_TYPE_BREDR:
3219 break;
3220
3221 default:
3222 BT_ERR("Invalid discovery type %d", hdev->discovery.type);
3223 }
3224}
3225
bdb6d971 3226static int start_discovery(struct sock *sk, struct hci_dev *hdev,
04124681 3227 void *data, u16 len)
14a53664 3228{
650f726d 3229 struct mgmt_cp_start_discovery *cp = data;
14a53664 3230 struct pending_cmd *cmd;
7c307720
AG		 3231 struct hci_cp_le_set_scan_param param_cp;
3232 struct hci_cp_le_set_scan_enable enable_cp;
3233 struct hci_cp_inquiry inq_cp;
3234 struct hci_request req;
3235 /* General inquiry access code (GIAC) */
3236 u8 lap[3] = { 0x33, 0x8b, 0x9e };
e6fe7986 3237 u8 status;
14a53664
JH		 3238 int err;
3239
bdb6d971 3240 BT_DBG("%s", hdev->name);
14a53664 3241
09fd0de5 3242 hci_dev_lock(hdev);
14a53664 3243
4b34ee78 3244 if (!hdev_is_powered(hdev)) {
bdb6d971 3245 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
04124681 3246 MGMT_STATUS_NOT_POWERED);
bd2d1334
JH		 3247 goto failed;
3248 }
3249
642be6c7
AG		 3250 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags)) {
3251 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3252 MGMT_STATUS_BUSY);
3253 goto failed;
3254 }
3255
ff9ef578 3256 if (hdev->discovery.state != DISCOVERY_STOPPED) {
bdb6d971 3257 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
04124681 3258 MGMT_STATUS_BUSY);
ff9ef578
JH		 3259 goto failed;
3260 }
3261
2e58ef3e 3262 cmd = mgmt_pending_add(sk, MGMT_OP_START_DISCOVERY, hdev, NULL, 0);
14a53664
JH		 3263 if (!cmd) {
3264 err = -ENOMEM;
3265 goto failed;
3266 }
3267
4aab14e5
AG		 3268 hdev->discovery.type = cp->type;
3269
7c307720
AG		 3270 hci_req_init(&req, hdev);
3271
4aab14e5 3272 switch (hdev->discovery.type) {
f39799f5 3273 case DISCOV_TYPE_BREDR:
e6fe7986
JH		 3274 status = mgmt_bredr_support(hdev);
3275 if (status) {
04106755 3276 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
e6fe7986 3277 status);
04106755
JH		 3278 mgmt_pending_remove(cmd);
3279 goto failed;
3280 }
3281
7c307720
AG		 3282 if (test_bit(HCI_INQUIRY, &hdev->flags)) {
3283 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3284 MGMT_STATUS_BUSY);
3285 mgmt_pending_remove(cmd);
3286 goto failed;
3287 }
3288
3289 hci_inquiry_cache_flush(hdev);
3290
3291 memset(&inq_cp, 0, sizeof(inq_cp));
3292 memcpy(&inq_cp.lap, lap, sizeof(inq_cp.lap));
0d8cc935 3293 inq_cp.length = DISCOV_BREDR_INQUIRY_LEN;
7c307720 3294 hci_req_add(&req, HCI_OP_INQUIRY, sizeof(inq_cp), &inq_cp);
f39799f5
AG		 3295 break;
3296
3297 case DISCOV_TYPE_LE:
7c307720 3298 case DISCOV_TYPE_INTERLEAVED:
e6fe7986
JH		 3299 status = mgmt_le_support(hdev);
3300 if (status) {
04106755 3301 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
e6fe7986 3302 status);
04106755
JH		 3303 mgmt_pending_remove(cmd);
3304 goto failed;
3305 }
3306
7c307720 3307 if (hdev->discovery.type == DISCOV_TYPE_INTERLEAVED &&
56f87901 3308 !test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
04106755
JH		 3309 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3310 MGMT_STATUS_NOT_SUPPORTED);
3311 mgmt_pending_remove(cmd);
3312 goto failed;
3313 }
3314
f3d3444a 3315 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags)) {
7c307720
AG		 3316 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3317 MGMT_STATUS_REJECTED);
3318 mgmt_pending_remove(cmd);
3319 goto failed;
3320 }
3321
3322 if (test_bit(HCI_LE_SCAN, &hdev->dev_flags)) {
3323 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3324 MGMT_STATUS_BUSY);
3325 mgmt_pending_remove(cmd);
3326 goto failed;
3327 }
3328
3329 memset(&param_cp, 0, sizeof(param_cp));
3330 param_cp.type = LE_SCAN_ACTIVE;
0d8cc935
AG		 3331 param_cp.interval = cpu_to_le16(DISCOV_LE_SCAN_INT);
3332 param_cp.window = cpu_to_le16(DISCOV_LE_SCAN_WIN);
79830f66 3333 param_cp.own_address_type = hdev->own_addr_type;
7c307720
AG		 3334 hci_req_add(&req, HCI_OP_LE_SET_SCAN_PARAM, sizeof(param_cp),
3335 &param_cp);
3336
3337 memset(&enable_cp, 0, sizeof(enable_cp));
3338 enable_cp.enable = LE_SCAN_ENABLE;
3339 enable_cp.filter_dup = LE_SCAN_FILTER_DUP_ENABLE;
3340 hci_req_add(&req, HCI_OP_LE_SET_SCAN_ENABLE, sizeof(enable_cp),
3341 &enable_cp);
5e0452c0
AG		 3342 break;
3343
f39799f5 3344 default:
04106755
JH		 3345 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3346 MGMT_STATUS_INVALID_PARAMS);
3347 mgmt_pending_remove(cmd);
3348 goto failed;
f39799f5 3349 }
3fd24153 3350
7c307720 3351 err = hci_req_run(&req, start_discovery_complete);
14a53664
JH		 3352 if (err < 0)
3353 mgmt_pending_remove(cmd);
ff9ef578
JH		 3354 else
3355 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
14a53664
JH		 3356
3357failed:
09fd0de5 3358 hci_dev_unlock(hdev);
14a53664
JH		 3359 return err;
3360}
3361
1183fdca
AG		 3362static int mgmt_stop_discovery_failed(struct hci_dev *hdev, u8 status)
3363{
3364 struct pending_cmd *cmd;
3365 int err;
3366
3367 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
3368 if (!cmd)
3369 return -ENOENT;
3370
3371 err = cmd_complete(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status),
3372 &hdev->discovery.type, sizeof(hdev->discovery.type));
3373 mgmt_pending_remove(cmd);
3374
3375 return err;
3376}
3377
0e05bba6
AG		 3378static void stop_discovery_complete(struct hci_dev *hdev, u8 status)
3379{
3380 BT_DBG("status %d", status);
3381
3382 hci_dev_lock(hdev);
3383
3384 if (status) {
3385 mgmt_stop_discovery_failed(hdev, status);
3386 goto unlock;
3387 }
3388
3389 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
3390
3391unlock:
3392 hci_dev_unlock(hdev);
3393}
3394
bdb6d971 3395static int stop_discovery(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3396 u16 len)
14a53664 3397{
d930650b 3398 struct mgmt_cp_stop_discovery *mgmt_cp = data;
14a53664 3399 struct pending_cmd *cmd;
30dc78e1
JH		 3400 struct hci_cp_remote_name_req_cancel cp;
3401 struct inquiry_entry *e;
0e05bba6
AG		 3402 struct hci_request req;
3403 struct hci_cp_le_set_scan_enable enable_cp;
14a53664
JH		 3404 int err;
3405
bdb6d971 3406 BT_DBG("%s", hdev->name);
14a53664 3407
09fd0de5 3408 hci_dev_lock(hdev);
14a53664 3409
30dc78e1 3410 if (!hci_discovery_active(hdev)) {
bdb6d971 3411 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
04124681
GP		 3412 MGMT_STATUS_REJECTED, &mgmt_cp->type,
3413 sizeof(mgmt_cp->type));
d930650b
JH		 3414 goto unlock;
3415 }
3416
3417 if (hdev->discovery.type != mgmt_cp->type) {
bdb6d971 3418 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
04124681
GP		 3419 MGMT_STATUS_INVALID_PARAMS, &mgmt_cp->type,
3420 sizeof(mgmt_cp->type));
30dc78e1 3421 goto unlock;
ff9ef578
JH		 3422 }
3423
2e58ef3e 3424 cmd = mgmt_pending_add(sk, MGMT_OP_STOP_DISCOVERY, hdev, NULL, 0);
14a53664
JH		 3425 if (!cmd) {
3426 err = -ENOMEM;
30dc78e1
JH		 3427 goto unlock;
3428 }
3429
0e05bba6
AG		 3430 hci_req_init(&req, hdev);
3431
e0d9727e
AG		 3432 switch (hdev->discovery.state) {
3433 case DISCOVERY_FINDING:
0e05bba6
AG		 3434 if (test_bit(HCI_INQUIRY, &hdev->flags)) {
3435 hci_req_add(&req, HCI_OP_INQUIRY_CANCEL, 0, NULL);
3436 } else {
3437 cancel_delayed_work(&hdev->le_scan_disable);
3438
3439 memset(&enable_cp, 0, sizeof(enable_cp));
3440 enable_cp.enable = LE_SCAN_DISABLE;
3441 hci_req_add(&req, HCI_OP_LE_SET_SCAN_ENABLE,
3442 sizeof(enable_cp), &enable_cp);
3443 }
c9ecc48e 3444
e0d9727e
AG		 3445 break;
3446
3447 case DISCOVERY_RESOLVING:
3448 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY,
8ce8e2b5 3449 NAME_PENDING);
e0d9727e 3450 if (!e) {
30dc78e1 3451 mgmt_pending_remove(cmd);
e0d9727e
AG		 3452 err = cmd_complete(sk, hdev->id,
3453 MGMT_OP_STOP_DISCOVERY, 0,
3454 &mgmt_cp->type,
3455 sizeof(mgmt_cp->type));
3456 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
3457 goto unlock;
3458 }
30dc78e1 3459
e0d9727e 3460 bacpy(&cp.bdaddr, &e->data.bdaddr);
0e05bba6
AG		 3461 hci_req_add(&req, HCI_OP_REMOTE_NAME_REQ_CANCEL, sizeof(cp),
3462 &cp);
e0d9727e
AG		 3463
3464 break;
3465
3466 default:
3467 BT_DBG("unknown discovery state %u", hdev->discovery.state);
0e05bba6
AG		 3468
3469 mgmt_pending_remove(cmd);
3470 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
3471 MGMT_STATUS_FAILED, &mgmt_cp->type,
3472 sizeof(mgmt_cp->type));
3473 goto unlock;
14a53664
JH		 3474 }
3475
0e05bba6 3476 err = hci_req_run(&req, stop_discovery_complete);
14a53664
JH		 3477 if (err < 0)
3478 mgmt_pending_remove(cmd);
ff9ef578
JH		 3479 else
3480 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
14a53664 3481
30dc78e1 3482unlock:
09fd0de5 3483 hci_dev_unlock(hdev);
14a53664
JH		 3484 return err;
3485}
3486
bdb6d971 3487static int confirm_name(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3488 u16 len)
561aafbc 3489{
650f726d 3490 struct mgmt_cp_confirm_name *cp = data;
561aafbc 3491 struct inquiry_entry *e;
561aafbc
JH		 3492 int err;
3493
bdb6d971 3494 BT_DBG("%s", hdev->name);
561aafbc 3495
561aafbc
JH		 3496 hci_dev_lock(hdev);
3497
30dc78e1 3498 if (!hci_discovery_active(hdev)) {
bdb6d971 3499 err = cmd_status(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
04124681 3500 MGMT_STATUS_FAILED);
30dc78e1
JH		 3501 goto failed;
3502 }
3503
a198e7b1 3504 e = hci_inquiry_cache_lookup_unknown(hdev, &cp->addr.bdaddr);
561aafbc 3505 if (!e) {
bdb6d971 3506 err = cmd_status(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
04124681 3507 MGMT_STATUS_INVALID_PARAMS);
561aafbc
JH		 3508 goto failed;
3509 }
3510
3511 if (cp->name_known) {
3512 e->name_state = NAME_KNOWN;
3513 list_del(&e->list);
3514 } else {
3515 e->name_state = NAME_NEEDED;
a3d4e20a 3516 hci_inquiry_cache_update_resolve(hdev, e);
561aafbc
JH		 3517 }
3518
e384662b
JH		 3519 err = cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME, 0, &cp->addr,
3520 sizeof(cp->addr));
561aafbc
JH		 3521
3522failed:
3523 hci_dev_unlock(hdev);
561aafbc
JH		 3524 return err;
3525}
3526
bdb6d971 3527static int block_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3528 u16 len)
7fbec224 3529{
650f726d 3530 struct mgmt_cp_block_device *cp = data;
f0eeea8b 3531 u8 status;
7fbec224
AJ		 3532 int err;
3533
bdb6d971 3534 BT_DBG("%s", hdev->name);
7fbec224 3535
4ee71b20 3536 if (!bdaddr_type_is_valid(cp->addr.type))
5d0846d4
JH		 3537 return cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE,
3538 MGMT_STATUS_INVALID_PARAMS,
3539 &cp->addr, sizeof(cp->addr));
4ee71b20 3540
09fd0de5 3541 hci_dev_lock(hdev);
5e762444 3542
88c1fe4b 3543 err = hci_blacklist_add(hdev, &cp->addr.bdaddr, cp->addr.type);
7fbec224 3544 if (err < 0)
f0eeea8b 3545 status = MGMT_STATUS_FAILED;
7fbec224 3546 else
a6785be2 3547 status = MGMT_STATUS_SUCCESS;
f0eeea8b 3548
bdb6d971 3549 err = cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE, status,
04124681 3550 &cp->addr, sizeof(cp->addr));
5e762444 3551
09fd0de5 3552 hci_dev_unlock(hdev);
7fbec224
AJ		 3553
3554 return err;
3555}
3556
bdb6d971 3557static int unblock_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3558 u16 len)
7fbec224 3559{
650f726d 3560 struct mgmt_cp_unblock_device *cp = data;
f0eeea8b 3561 u8 status;
7fbec224
AJ		 3562 int err;
3563
bdb6d971 3564 BT_DBG("%s", hdev->name);
7fbec224 3565
4ee71b20 3566 if (!bdaddr_type_is_valid(cp->addr.type))
5d0846d4
JH		 3567 return cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE,
3568 MGMT_STATUS_INVALID_PARAMS,
3569 &cp->addr, sizeof(cp->addr));
4ee71b20 3570
09fd0de5 3571 hci_dev_lock(hdev);
5e762444 3572
88c1fe4b 3573 err = hci_blacklist_del(hdev, &cp->addr.bdaddr, cp->addr.type);
7fbec224 3574 if (err < 0)
f0eeea8b 3575 status = MGMT_STATUS_INVALID_PARAMS;
7fbec224 3576 else
a6785be2 3577 status = MGMT_STATUS_SUCCESS;
f0eeea8b 3578
bdb6d971 3579 err = cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE, status,
04124681 3580 &cp->addr, sizeof(cp->addr));
5e762444 3581
09fd0de5 3582 hci_dev_unlock(hdev);
7fbec224
AJ		 3583
3584 return err;
3585}
3586
cdbaccca
MH		 3587static int set_device_id(struct sock *sk, struct hci_dev *hdev, void *data,
3588 u16 len)
3589{
3590 struct mgmt_cp_set_device_id *cp = data;
890ea898 3591 struct hci_request req;
cdbaccca 3592 int err;
c72d4b8a 3593 __u16 source;
cdbaccca
MH		 3594
3595 BT_DBG("%s", hdev->name);
3596
c72d4b8a
SJ		 3597 source = __le16_to_cpu(cp->source);
3598
3599 if (source > 0x0002)
3600 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEVICE_ID,
3601 MGMT_STATUS_INVALID_PARAMS);
3602
cdbaccca
MH		 3603 hci_dev_lock(hdev);
3604
c72d4b8a 3605 hdev->devid_source = source;
cdbaccca
MH		 3606 hdev->devid_vendor = __le16_to_cpu(cp->vendor);
3607 hdev->devid_product = __le16_to_cpu(cp->product);
3608 hdev->devid_version = __le16_to_cpu(cp->version);
3609
3610 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEVICE_ID, 0, NULL, 0);
3611
890ea898
JH		 3612 hci_req_init(&req, hdev);
3613 update_eir(&req);
3614 hci_req_run(&req, NULL);
cdbaccca
MH		 3615
3616 hci_dev_unlock(hdev);
3617
3618 return err;
3619}
3620
4375f103
JH		 3621static void set_advertising_complete(struct hci_dev *hdev, u8 status)
3622{
3623 struct cmd_lookup match = { NULL, hdev };
3624
3625 if (status) {
3626 u8 mgmt_err = mgmt_status(status);
3627
3628 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev,
3629 cmd_status_rsp, &mgmt_err);
3630 return;
3631 }
3632
3633 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev, settings_rsp,
3634 &match);
3635
3636 new_settings(hdev, match.sk);
3637
3638 if (match.sk)
3639 sock_put(match.sk);
3640}
3641
21b5187f
MH		 3642static int set_advertising(struct sock *sk, struct hci_dev *hdev, void *data,
3643 u16 len)
4375f103
JH		 3644{
3645 struct mgmt_mode *cp = data;
3646 struct pending_cmd *cmd;
3647 struct hci_request req;
e6fe7986 3648 u8 val, enabled, status;
4375f103
JH		 3649 int err;
3650
3651 BT_DBG("request for %s", hdev->name);
3652
e6fe7986
JH		 3653 status = mgmt_le_support(hdev);
3654 if (status)
4375f103 3655 return cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
e6fe7986 3656 status);
4375f103
JH		 3657
3658 if (cp->val != 0x00 && cp->val != 0x01)
3659 return cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
3660 MGMT_STATUS_INVALID_PARAMS);
3661
3662 hci_dev_lock(hdev);
3663
3664 val = !!cp->val;
f3d3444a 3665 enabled = test_bit(HCI_ADVERTISING, &hdev->dev_flags);
4375f103 3666
f74ca9b8
JH		 3667 /* The following conditions are ones which mean that we should
3668 * not do any HCI communication but directly send a mgmt
3669 * response to user space (after toggling the flag if
3670 * necessary).
3671 */
3672 if (!hdev_is_powered(hdev) || val == enabled ||
b145edcd 3673 hci_conn_num(hdev, LE_LINK) > 0) {
4375f103
JH		 3674 bool changed = false;
3675
f3d3444a
JH		 3676 if (val != test_bit(HCI_ADVERTISING, &hdev->dev_flags)) {
3677 change_bit(HCI_ADVERTISING, &hdev->dev_flags);
4375f103
JH		 3678 changed = true;
3679 }
3680
3681 err = send_settings_rsp(sk, MGMT_OP_SET_ADVERTISING, hdev);
3682 if (err < 0)
3683 goto unlock;
3684
3685 if (changed)
3686 err = new_settings(hdev, sk);
3687
3688 goto unlock;
3689 }
3690
3691 if (mgmt_pending_find(MGMT_OP_SET_ADVERTISING, hdev) ||
3692 mgmt_pending_find(MGMT_OP_SET_LE, hdev)) {
3693 err = cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
3694 MGMT_STATUS_BUSY);
3695 goto unlock;
3696 }
3697
3698 cmd = mgmt_pending_add(sk, MGMT_OP_SET_ADVERTISING, hdev, data, len);
3699 if (!cmd) {
3700 err = -ENOMEM;
3701 goto unlock;
3702 }
3703
3704 hci_req_init(&req, hdev);
3705
bba3aa55
MH		 3706 if (val)
3707 enable_advertising(&req);
3708 else
3709 disable_advertising(&req);
4375f103
JH		 3710
3711 err = hci_req_run(&req, set_advertising_complete);
3712 if (err < 0)
3713 mgmt_pending_remove(cmd);
3714
3715unlock:
3716 hci_dev_unlock(hdev);
3717 return err;
3718}
3719
d13eafce
MH		 3720static int set_static_address(struct sock *sk, struct hci_dev *hdev,
3721 void *data, u16 len)
3722{
3723 struct mgmt_cp_set_static_address *cp = data;
3724 int err;
3725
3726 BT_DBG("%s", hdev->name);
3727
62af4443 3728 if (!lmp_le_capable(hdev))
d13eafce 3729 return cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
62af4443 3730 MGMT_STATUS_NOT_SUPPORTED);
d13eafce
MH		 3731
3732 if (hdev_is_powered(hdev))
3733 return cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
3734 MGMT_STATUS_REJECTED);
3735
3736 if (bacmp(&cp->bdaddr, BDADDR_ANY)) {
3737 if (!bacmp(&cp->bdaddr, BDADDR_NONE))
3738 return cmd_status(sk, hdev->id,
3739 MGMT_OP_SET_STATIC_ADDRESS,
3740 MGMT_STATUS_INVALID_PARAMS);
3741
3742 /* Two most significant bits shall be set */
3743 if ((cp->bdaddr.b[5] & 0xc0) != 0xc0)
3744 return cmd_status(sk, hdev->id,
3745 MGMT_OP_SET_STATIC_ADDRESS,
3746 MGMT_STATUS_INVALID_PARAMS);
3747 }
3748
3749 hci_dev_lock(hdev);
3750
3751 bacpy(&hdev->static_addr, &cp->bdaddr);
3752
3753 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS, 0, NULL, 0);
3754
3755 hci_dev_unlock(hdev);
3756
3757 return err;
3758}
3759
14b49b9a
MH		 3760static int set_scan_params(struct sock *sk, struct hci_dev *hdev,
3761 void *data, u16 len)
3762{
3763 struct mgmt_cp_set_scan_params *cp = data;
3764 __u16 interval, window;
3765 int err;
3766
3767 BT_DBG("%s", hdev->name);
3768
3769 if (!lmp_le_capable(hdev))
3770 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
3771 MGMT_STATUS_NOT_SUPPORTED);
3772
3773 interval = __le16_to_cpu(cp->interval);
3774
3775 if (interval < 0x0004 || interval > 0x4000)
3776 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
3777 MGMT_STATUS_INVALID_PARAMS);
3778
3779 window = __le16_to_cpu(cp->window);
3780
3781 if (window < 0x0004 || window > 0x4000)
3782 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
3783 MGMT_STATUS_INVALID_PARAMS);
3784
899e1075
MH		 3785 if (window > interval)
3786 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
3787 MGMT_STATUS_INVALID_PARAMS);
3788
14b49b9a
MH		 3789 hci_dev_lock(hdev);
3790
3791 hdev->le_scan_interval = interval;
3792 hdev->le_scan_window = window;
3793
3794 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS, 0, NULL, 0);
3795
3796 hci_dev_unlock(hdev);
3797
3798 return err;
3799}
3800
33e38b3e
JH		 3801static void fast_connectable_complete(struct hci_dev *hdev, u8 status)
3802{
3803 struct pending_cmd *cmd;
3804
3805 BT_DBG("status 0x%02x", status);
3806
3807 hci_dev_lock(hdev);
3808
3809 cmd = mgmt_pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev);
3810 if (!cmd)
3811 goto unlock;
3812
3813 if (status) {
3814 cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
3815 mgmt_status(status));
3816 } else {
1a4d3c4b
JH		 3817 struct mgmt_mode *cp = cmd->param;
3818
3819 if (cp->val)
3820 set_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
3821 else
3822 clear_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
3823
33e38b3e
JH		 3824 send_settings_rsp(cmd->sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev);
3825 new_settings(hdev, cmd->sk);
3826 }
3827
3828 mgmt_pending_remove(cmd);
3829
3830unlock:
3831 hci_dev_unlock(hdev);
3832}
3833
bdb6d971 3834static int set_fast_connectable(struct sock *sk, struct hci_dev *hdev,
04124681 3835 void *data, u16 len)
f6422ec6 3836{
650f726d 3837 struct mgmt_mode *cp = data;
33e38b3e
JH		 3838 struct pending_cmd *cmd;
3839 struct hci_request req;
f6422ec6
AJ		 3840 int err;
3841
bdb6d971 3842 BT_DBG("%s", hdev->name);
f6422ec6 3843
56f87901
JH		 3844 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags) ||
3845 hdev->hci_ver < BLUETOOTH_VER_1_2)
33c525c0
JH		 3846 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
3847 MGMT_STATUS_NOT_SUPPORTED);
3848
a7e80f25
JH		 3849 if (cp->val != 0x00 && cp->val != 0x01)
3850 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
3851 MGMT_STATUS_INVALID_PARAMS);
3852
5400c044 3853 if (!hdev_is_powered(hdev))
bdb6d971 3854 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
04124681 3855 MGMT_STATUS_NOT_POWERED);
5400c044
JH		 3856
3857 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
bdb6d971 3858 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
04124681 3859 MGMT_STATUS_REJECTED);
f6422ec6
AJ		 3860
3861 hci_dev_lock(hdev);
3862
05cbf29f
JH		 3863 if (mgmt_pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev)) {
3864 err = cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
3865 MGMT_STATUS_BUSY);
3866 goto unlock;
3867 }
3868
1a4d3c4b
JH		 3869 if (!!cp->val == test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags)) {
3870 err = send_settings_rsp(sk, MGMT_OP_SET_FAST_CONNECTABLE,
3871 hdev);
3872 goto unlock;
3873 }
3874
33e38b3e
JH		 3875 cmd = mgmt_pending_add(sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev,
3876 data, len);
3877 if (!cmd) {
3878 err = -ENOMEM;
3879 goto unlock;
f6422ec6
AJ		 3880 }
3881
33e38b3e
JH		 3882 hci_req_init(&req, hdev);
3883
406d7804 3884 write_fast_connectable(&req, cp->val);
33e38b3e
JH		 3885
3886 err = hci_req_run(&req, fast_connectable_complete);
f6422ec6 3887 if (err < 0) {
bdb6d971 3888 err = cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
04124681 3889 MGMT_STATUS_FAILED);
33e38b3e 3890 mgmt_pending_remove(cmd);
f6422ec6
AJ		 3891 }
3892
33e38b3e 3893unlock:
f6422ec6 3894 hci_dev_unlock(hdev);
33e38b3e 3895
f6422ec6
AJ		 3896 return err;
3897}
3898
67e5a7a3
JH		 3899static void set_bredr_scan(struct hci_request *req)
3900{
3901 struct hci_dev *hdev = req->hdev;
3902 u8 scan = 0;
3903
3904 /* Ensure that fast connectable is disabled. This function will
3905 * not do anything if the page scan parameters are already what
3906 * they should be.
3907 */
3908 write_fast_connectable(req, false);
3909
3910 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
3911 scan |= SCAN_PAGE;
3912 if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
3913 scan |= SCAN_INQUIRY;
3914
3915 if (scan)
3916 hci_req_add(req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
3917}
3918
0663ca2a
JH		 3919static void set_bredr_complete(struct hci_dev *hdev, u8 status)
3920{
3921 struct pending_cmd *cmd;
3922
3923 BT_DBG("status 0x%02x", status);
3924
3925 hci_dev_lock(hdev);
3926
3927 cmd = mgmt_pending_find(MGMT_OP_SET_BREDR, hdev);
3928 if (!cmd)
3929 goto unlock;
3930
3931 if (status) {
3932 u8 mgmt_err = mgmt_status(status);
3933
3934 /* We need to restore the flag if related HCI commands
3935 * failed.
3936 */
3937 clear_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
3938
3939 cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
3940 } else {
3941 send_settings_rsp(cmd->sk, MGMT_OP_SET_BREDR, hdev);
3942 new_settings(hdev, cmd->sk);
3943 }
3944
3945 mgmt_pending_remove(cmd);
3946
3947unlock:
3948 hci_dev_unlock(hdev);
3949}
3950
3951static int set_bredr(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
3952{
3953 struct mgmt_mode *cp = data;
3954 struct pending_cmd *cmd;
3955 struct hci_request req;
3956 int err;
3957
3958 BT_DBG("request for %s", hdev->name);
3959
3960 if (!lmp_bredr_capable(hdev) || !lmp_le_capable(hdev))
3961 return cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
3962 MGMT_STATUS_NOT_SUPPORTED);
3963
3964 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
3965 return cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
3966 MGMT_STATUS_REJECTED);
3967
3968 if (cp->val != 0x00 && cp->val != 0x01)
3969 return cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
3970 MGMT_STATUS_INVALID_PARAMS);
3971
3972 hci_dev_lock(hdev);
3973
3974 if (cp->val == test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
3975 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
3976 goto unlock;
3977 }
3978
3979 if (!hdev_is_powered(hdev)) {
3980 if (!cp->val) {
0663ca2a
JH		 3981 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
3982 clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
3983 clear_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
3984 clear_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
3985 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
3986 }
3987
3988 change_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
3989
3990 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
3991 if (err < 0)
3992 goto unlock;
3993
3994 err = new_settings(hdev, sk);
3995 goto unlock;
3996 }
3997
3998 /* Reject disabling when powered on */
3999 if (!cp->val) {
4000 err = cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4001 MGMT_STATUS_REJECTED);
4002 goto unlock;
4003 }
4004
4005 if (mgmt_pending_find(MGMT_OP_SET_BREDR, hdev)) {
4006 err = cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4007 MGMT_STATUS_BUSY);
4008 goto unlock;
4009 }
4010
4011 cmd = mgmt_pending_add(sk, MGMT_OP_SET_BREDR, hdev, data, len);
4012 if (!cmd) {
4013 err = -ENOMEM;
4014 goto unlock;
4015 }
4016
5947f4bc 4017 /* We need to flip the bit already here so that update_adv_data
0663ca2a
JH		 4018 * generates the correct flags.
4019 */
4020 set_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
4021
4022 hci_req_init(&req, hdev);
aa8af46e
JH		 4023
4024 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
4025 set_bredr_scan(&req);
4026
f14d8f64
MH		 4027 /* Since only the advertising data flags will change, there
4028 * is no need to update the scan response data.
4029 */
5947f4bc 4030 update_adv_data(&req);
aa8af46e 4031
0663ca2a
JH		 4032 err = hci_req_run(&req, set_bredr_complete);
4033 if (err < 0)
4034 mgmt_pending_remove(cmd);
4035
4036unlock:
4037 hci_dev_unlock(hdev);
4038 return err;
4039}
4040
eac83dc6
MH		 4041static int set_secure_conn(struct sock *sk, struct hci_dev *hdev,
4042 void *data, u16 len)
4043{
4044 struct mgmt_mode *cp = data;
4045 struct pending_cmd *cmd;
4046 u8 status;
4047 int err;
4048
4049 BT_DBG("request for %s", hdev->name);
4050
4051 status = mgmt_bredr_support(hdev);
4052 if (status)
4053 return cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4054 status);
4055
5afeac14
MH		 4056 if (!lmp_sc_capable(hdev) &&
4057 !test_bit(HCI_FORCE_SC, &hdev->dev_flags))
eac83dc6
MH		 4058 return cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4059 MGMT_STATUS_NOT_SUPPORTED);
4060
4061 if (cp->val != 0x00 && cp->val != 0x01)
4062 return cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4063 MGMT_STATUS_INVALID_PARAMS);
4064
4065 hci_dev_lock(hdev);
4066
4067 if (!hdev_is_powered(hdev)) {
4068 bool changed;
4069
4070 if (cp->val)
4071 changed = !test_and_set_bit(HCI_SC_ENABLED,
4072 &hdev->dev_flags);
4073 else
4074 changed = test_and_clear_bit(HCI_SC_ENABLED,
4075 &hdev->dev_flags);
4076
4077 err = send_settings_rsp(sk, MGMT_OP_SET_SECURE_CONN, hdev);
4078 if (err < 0)
4079 goto failed;
4080
4081 if (changed)
4082 err = new_settings(hdev, sk);
4083
4084 goto failed;
4085 }
4086
4087 if (mgmt_pending_find(MGMT_OP_SET_SECURE_CONN, hdev)) {
4088 err = cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4089 MGMT_STATUS_BUSY);
4090 goto failed;
4091 }
4092
4093 if (!!cp->val == test_bit(HCI_SC_ENABLED, &hdev->dev_flags)) {
4094 err = send_settings_rsp(sk, MGMT_OP_SET_SECURE_CONN, hdev);
4095 goto failed;
4096 }
4097
4098 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SECURE_CONN, hdev, data, len);
4099 if (!cmd) {
4100 err = -ENOMEM;
4101 goto failed;
4102 }
4103
4104 err = hci_send_cmd(hdev, HCI_OP_WRITE_SC_SUPPORT, 1, &cp->val);
4105 if (err < 0) {
4106 mgmt_pending_remove(cmd);
4107 goto failed;
4108 }
4109
4110failed:
4111 hci_dev_unlock(hdev);
4112 return err;
4113}
4114
4e39ac81
MH		 4115static int set_debug_keys(struct sock *sk, struct hci_dev *hdev,
4116 void *data, u16 len)
4117{
4118 struct mgmt_mode *cp = data;
4119 bool changed;
4120 int err;
4121
4122 BT_DBG("request for %s", hdev->name);
4123
4124 if (cp->val != 0x00 && cp->val != 0x01)
4125 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEBUG_KEYS,
4126 MGMT_STATUS_INVALID_PARAMS);
4127
4128 hci_dev_lock(hdev);
4129
4130 if (cp->val)
4131 changed = !test_and_set_bit(HCI_DEBUG_KEYS, &hdev->dev_flags);
4132 else
4133 changed = test_and_clear_bit(HCI_DEBUG_KEYS, &hdev->dev_flags);
4134
4135 err = send_settings_rsp(sk, MGMT_OP_SET_DEBUG_KEYS, hdev);
4136 if (err < 0)
4137 goto unlock;
4138
4139 if (changed)
4140 err = new_settings(hdev, sk);
4141
4142unlock:
4143 hci_dev_unlock(hdev);
4144 return err;
4145}
4146
3f706b72
JH		 4147static bool ltk_is_valid(struct mgmt_ltk_info *key)
4148{
4149 if (key->master != 0x00 && key->master != 0x01)
4150 return false;
4ee71b20
JH		 4151 if (!bdaddr_type_is_le(key->addr.type))
4152 return false;
3f706b72
JH		 4153 return true;
4154}
4155
bdb6d971 4156static int load_long_term_keys(struct sock *sk, struct hci_dev *hdev,
04124681 4157 void *cp_data, u16 len)
346af67b 4158{
346af67b
VCG		 4159 struct mgmt_cp_load_long_term_keys *cp = cp_data;
4160 u16 key_count, expected_len;
715a5bf2 4161 int i, err;
346af67b 4162
cf99ba13
MH		 4163 BT_DBG("request for %s", hdev->name);
4164
4165 if (!lmp_le_capable(hdev))
4166 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
4167 MGMT_STATUS_NOT_SUPPORTED);
4168
1f350c87 4169 key_count = __le16_to_cpu(cp->key_count);
346af67b
VCG		 4170
4171 expected_len = sizeof(*cp) + key_count *
4172 sizeof(struct mgmt_ltk_info);
4173 if (expected_len != len) {
4174 BT_ERR("load_keys: expected %u bytes, got %u bytes",
8ce8e2b5 4175 len, expected_len);
bdb6d971 4176 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
e57e619f 4177 MGMT_STATUS_INVALID_PARAMS);
346af67b
VCG		 4178 }
4179
bdb6d971 4180 BT_DBG("%s key_count %u", hdev->name, key_count);
346af67b 4181
54ad6d8a
JH		 4182 for (i = 0; i < key_count; i++) {
4183 struct mgmt_ltk_info *key = &cp->keys[i];
4184
3f706b72 4185 if (!ltk_is_valid(key))
54ad6d8a
JH		 4186 return cmd_status(sk, hdev->id,
4187 MGMT_OP_LOAD_LONG_TERM_KEYS,
4188 MGMT_STATUS_INVALID_PARAMS);
4189 }
4190
346af67b
VCG		 4191 hci_dev_lock(hdev);
4192
4193 hci_smp_ltks_clear(hdev);
4194
4195 for (i = 0; i < key_count; i++) {
4196 struct mgmt_ltk_info *key = &cp->keys[i];
79d95a19
MH		 4197 u8 type, addr_type;
4198
4199 if (key->addr.type == BDADDR_LE_PUBLIC)
4200 addr_type = ADDR_LE_DEV_PUBLIC;
4201 else
4202 addr_type = ADDR_LE_DEV_RANDOM;
346af67b
VCG		 4203
4204 if (key->master)
4205 type = HCI_SMP_LTK;
4206 else
4207 type = HCI_SMP_LTK_SLAVE;
4208
79d95a19 4209 hci_add_ltk(hdev, &key->addr.bdaddr, addr_type,
04124681
GP		 4210 type, 0, key->authenticated, key->val,
4211 key->enc_size, key->ediv, key->rand);
346af67b
VCG		 4212 }
4213
715a5bf2
JH		 4214 err = cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS, 0,
4215 NULL, 0);
4216
346af67b 4217 hci_dev_unlock(hdev);
346af67b 4218
715a5bf2 4219 return err;
346af67b
VCG		 4220}
4221
2e3c35ea 4222static const struct mgmt_handler {
04124681
GP		 4223 int (*func) (struct sock *sk, struct hci_dev *hdev, void *data,
4224 u16 data_len);
be22b54e
JH		 4225 bool var_len;
4226 size_t data_len;
0f4e68cf
JH		 4227} mgmt_handlers[] = {
4228 { NULL }, /* 0x0000 (no command) */
be22b54e
JH		 4229 { read_version, false, MGMT_READ_VERSION_SIZE },
4230 { read_commands, false, MGMT_READ_COMMANDS_SIZE },
4231 { read_index_list, false, MGMT_READ_INDEX_LIST_SIZE },
4232 { read_controller_info, false, MGMT_READ_INFO_SIZE },
4233 { set_powered, false, MGMT_SETTING_SIZE },
4234 { set_discoverable, false, MGMT_SET_DISCOVERABLE_SIZE },
4235 { set_connectable, false, MGMT_SETTING_SIZE },
4236 { set_fast_connectable, false, MGMT_SETTING_SIZE },
4237 { set_pairable, false, MGMT_SETTING_SIZE },
4238 { set_link_security, false, MGMT_SETTING_SIZE },
4239 { set_ssp, false, MGMT_SETTING_SIZE },
4240 { set_hs, false, MGMT_SETTING_SIZE },
4241 { set_le, false, MGMT_SETTING_SIZE },
4242 { set_dev_class, false, MGMT_SET_DEV_CLASS_SIZE },
4243 { set_local_name, false, MGMT_SET_LOCAL_NAME_SIZE },
4244 { add_uuid, false, MGMT_ADD_UUID_SIZE },
4245 { remove_uuid, false, MGMT_REMOVE_UUID_SIZE },
4246 { load_link_keys, true, MGMT_LOAD_LINK_KEYS_SIZE },
4247 { load_long_term_keys, true, MGMT_LOAD_LONG_TERM_KEYS_SIZE },
4248 { disconnect, false, MGMT_DISCONNECT_SIZE },
4249 { get_connections, false, MGMT_GET_CONNECTIONS_SIZE },
4250 { pin_code_reply, false, MGMT_PIN_CODE_REPLY_SIZE },
4251 { pin_code_neg_reply, false, MGMT_PIN_CODE_NEG_REPLY_SIZE },
4252 { set_io_capability, false, MGMT_SET_IO_CAPABILITY_SIZE },
4253 { pair_device, false, MGMT_PAIR_DEVICE_SIZE },
4254 { cancel_pair_device, false, MGMT_CANCEL_PAIR_DEVICE_SIZE },
4255 { unpair_device, false, MGMT_UNPAIR_DEVICE_SIZE },
4256 { user_confirm_reply, false, MGMT_USER_CONFIRM_REPLY_SIZE },
4257 { user_confirm_neg_reply, false, MGMT_USER_CONFIRM_NEG_REPLY_SIZE },
4258 { user_passkey_reply, false, MGMT_USER_PASSKEY_REPLY_SIZE },
4259 { user_passkey_neg_reply, false, MGMT_USER_PASSKEY_NEG_REPLY_SIZE },
4260 { read_local_oob_data, false, MGMT_READ_LOCAL_OOB_DATA_SIZE },
ec109113 4261 { add_remote_oob_data, true, MGMT_ADD_REMOTE_OOB_DATA_SIZE },
be22b54e
JH		 4262 { remove_remote_oob_data, false, MGMT_REMOVE_REMOTE_OOB_DATA_SIZE },
4263 { start_discovery, false, MGMT_START_DISCOVERY_SIZE },
4264 { stop_discovery, false, MGMT_STOP_DISCOVERY_SIZE },
4265 { confirm_name, false, MGMT_CONFIRM_NAME_SIZE },
4266 { block_device, false, MGMT_BLOCK_DEVICE_SIZE },
4267 { unblock_device, false, MGMT_UNBLOCK_DEVICE_SIZE },
cdbaccca 4268 { set_device_id, false, MGMT_SET_DEVICE_ID_SIZE },
4375f103 4269 { set_advertising, false, MGMT_SETTING_SIZE },
0663ca2a 4270 { set_bredr, false, MGMT_SETTING_SIZE },
d13eafce 4271 { set_static_address, false, MGMT_SET_STATIC_ADDRESS_SIZE },
14b49b9a 4272 { set_scan_params, false, MGMT_SET_SCAN_PARAMS_SIZE },
eac83dc6 4273 { set_secure_conn, false, MGMT_SETTING_SIZE },
4e39ac81 4274 { set_debug_keys, false, MGMT_SETTING_SIZE },
0f4e68cf
JH		 4275};
4276
4277
0381101f
JH		 4278int mgmt_control(struct sock *sk, struct msghdr *msg, size_t msglen)
4279{
650f726d
VCG		 4280 void *buf;
4281 u8 *cp;
0381101f 4282 struct mgmt_hdr *hdr;
4e51eae9 4283 u16 opcode, index, len;
bdb6d971 4284 struct hci_dev *hdev = NULL;
2e3c35ea 4285 const struct mgmt_handler *handler;
0381101f
JH		 4286 int err;
4287
4288 BT_DBG("got %zu bytes", msglen);
4289
4290 if (msglen < sizeof(*hdr))
4291 return -EINVAL;
4292
e63a15ec 4293 buf = kmalloc(msglen, GFP_KERNEL);
0381101f
JH		 4294 if (!buf)
4295 return -ENOMEM;
4296
4297 if (memcpy_fromiovec(buf, msg->msg_iov, msglen)) {
4298 err = -EFAULT;
4299 goto done;
4300 }
4301
650f726d 4302 hdr = buf;
1f350c87
MH		 4303 opcode = __le16_to_cpu(hdr->opcode);
4304 index = __le16_to_cpu(hdr->index);
4305 len = __le16_to_cpu(hdr->len);
0381101f
JH		 4306
4307 if (len != msglen - sizeof(*hdr)) {
4308 err = -EINVAL;
4309 goto done;
4310 }
4311
0f4e68cf 4312 if (index != MGMT_INDEX_NONE) {
bdb6d971
JH		 4313 hdev = hci_dev_get(index);
4314 if (!hdev) {
4315 err = cmd_status(sk, index, opcode,
04124681 4316 MGMT_STATUS_INVALID_INDEX);
bdb6d971
JH		 4317 goto done;
4318 }
0736cfa8 4319
cebf4cfd
JH		 4320 if (test_bit(HCI_SETUP, &hdev->dev_flags) ||
4321 test_bit(HCI_USER_CHANNEL, &hdev->dev_flags)) {
0736cfa8
MH		 4322 err = cmd_status(sk, index, opcode,
4323 MGMT_STATUS_INVALID_INDEX);
4324 goto done;
4325 }
bdb6d971
JH		 4326 }
4327
0f4e68cf 4328 if (opcode >= ARRAY_SIZE(mgmt_handlers) ||
8ce8e2b5 4329 mgmt_handlers[opcode].func == NULL) {
0381101f 4330 BT_DBG("Unknown op %u", opcode);
ca69b795 4331 err = cmd_status(sk, index, opcode,
04124681 4332 MGMT_STATUS_UNKNOWN_COMMAND);
0f4e68cf
JH		 4333 goto done;
4334 }
4335
4336 if ((hdev && opcode < MGMT_OP_READ_INFO) ||
8ce8e2b5 4337 (!hdev && opcode >= MGMT_OP_READ_INFO)) {
0f4e68cf 4338 err = cmd_status(sk, index, opcode,
04124681 4339 MGMT_STATUS_INVALID_INDEX);
0f4e68cf 4340 goto done;
0381101f
JH		 4341 }
4342
be22b54e
JH		 4343 handler = &mgmt_handlers[opcode];
4344
4345 if ((handler->var_len && len < handler->data_len) ||
8ce8e2b5 4346 (!handler->var_len && len != handler->data_len)) {
be22b54e 4347 err = cmd_status(sk, index, opcode,
04124681 4348 MGMT_STATUS_INVALID_PARAMS);
be22b54e
JH		 4349 goto done;
4350 }
4351
0f4e68cf
JH		 4352 if (hdev)
4353 mgmt_init_hdev(sk, hdev);
4354
4355 cp = buf + sizeof(*hdr);
4356
be22b54e 4357 err = handler->func(sk, hdev, cp, len);
e41d8b4e
JH		 4358 if (err < 0)
4359 goto done;
4360
0381101f
JH		 4361 err = msglen;
4362
4363done:
bdb6d971
JH		 4364 if (hdev)
4365 hci_dev_put(hdev);
4366
0381101f
JH		 4367 kfree(buf);
4368 return err;
4369}
c71e97bf 4370
bf6b56db 4371void mgmt_index_added(struct hci_dev *hdev)
c71e97bf 4372{
1514b892 4373 if (hdev->dev_type != HCI_BREDR)
bf6b56db 4374 return;
bb4b2a9a 4375
bf6b56db 4376 mgmt_event(MGMT_EV_INDEX_ADDED, hdev, NULL, 0, NULL);
c71e97bf
JH		 4377}
4378
bf6b56db 4379void mgmt_index_removed(struct hci_dev *hdev)
c71e97bf 4380{
5f159032 4381 u8 status = MGMT_STATUS_INVALID_INDEX;
b24752fe 4382
1514b892 4383 if (hdev->dev_type != HCI_BREDR)
bf6b56db 4384 return;
bb4b2a9a 4385
744cf19e 4386 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status);
b24752fe 4387
bf6b56db 4388 mgmt_event(MGMT_EV_INDEX_REMOVED, hdev, NULL, 0, NULL);
eec8d2bc
JH		 4389}
4390
229ab39c
JH		 4391static void powered_complete(struct hci_dev *hdev, u8 status)
4392{
4393 struct cmd_lookup match = { NULL, hdev };
4394
4395 BT_DBG("status 0x%02x", status);
4396
4397 hci_dev_lock(hdev);
4398
4399 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
4400
4401 new_settings(hdev, match.sk);
4402
4403 hci_dev_unlock(hdev);
4404
4405 if (match.sk)
4406 sock_put(match.sk);
4407}
4408
70da6243 4409static int powered_update_hci(struct hci_dev *hdev)
5add6af8 4410{
890ea898 4411 struct hci_request req;
70da6243 4412 u8 link_sec;
5add6af8 4413
890ea898
JH		 4414 hci_req_init(&req, hdev);
4415
70da6243
JH		 4416 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags) &&
4417 !lmp_host_ssp_capable(hdev)) {
4418 u8 ssp = 1;
5e5282bb 4419
890ea898 4420 hci_req_add(&req, HCI_OP_WRITE_SSP_MODE, 1, &ssp);
70da6243 4421 }
5add6af8 4422
c73eee91
JH		 4423 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags) &&
4424 lmp_bredr_capable(hdev)) {
70da6243 4425 struct hci_cp_write_le_host_supported cp;
f0ff92fb 4426
70da6243
JH		 4427 cp.le = 1;
4428 cp.simul = lmp_le_br_capable(hdev);
3d1cbdd6 4429
70da6243
JH		 4430 /* Check first if we already have the right
4431 * host state (host features set)
4432 */
4433 if (cp.le != lmp_host_le_capable(hdev) ||
4434 cp.simul != lmp_host_le_br_capable(hdev))
890ea898
JH		 4435 hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED,
4436 sizeof(cp), &cp);
70da6243 4437 }
3d1cbdd6 4438
d13eafce
MH		 4439 if (lmp_le_capable(hdev)) {
4440 /* Set random address to static address if configured */
4441 if (bacmp(&hdev->static_addr, BDADDR_ANY))
4442 hci_req_add(&req, HCI_OP_LE_SET_RANDOM_ADDR, 6,
4443 &hdev->static_addr);
eeca6f89 4444
441ad2d0
MH		 4445 /* Make sure the controller has a good default for
4446 * advertising data. This also applies to the case
4447 * where BR/EDR was toggled during the AUTO_OFF phase.
4448 */
f14d8f64 4449 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
5947f4bc 4450 update_adv_data(&req);
f14d8f64
MH		 4451 update_scan_rsp_data(&req);
4452 }
441ad2d0 4453
bba3aa55
MH		 4454 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags))
4455 enable_advertising(&req);
eeca6f89
JH		 4456 }
4457
70da6243
JH		 4458 link_sec = test_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
4459 if (link_sec != test_bit(HCI_AUTH, &hdev->flags))
890ea898
JH		 4460 hci_req_add(&req, HCI_OP_WRITE_AUTH_ENABLE,
4461 sizeof(link_sec), &link_sec);
562fcc24 4462
70da6243 4463 if (lmp_bredr_capable(hdev)) {
56f87901
JH		 4464 if (test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
4465 set_bredr_scan(&req);
890ea898 4466 update_class(&req);
13928971 4467 update_name(&req);
890ea898 4468 update_eir(&req);
70da6243 4469 }
562fcc24 4470
229ab39c 4471 return hci_req_run(&req, powered_complete);
70da6243 4472}
562fcc24 4473
70da6243
JH		 4474int mgmt_powered(struct hci_dev *hdev, u8 powered)
4475{
4476 struct cmd_lookup match = { NULL, hdev };
229ab39c
JH		 4477 u8 status_not_powered = MGMT_STATUS_NOT_POWERED;
4478 u8 zero_cod[] = { 0, 0, 0 };
70da6243 4479 int err;
f0ff92fb 4480
70da6243
JH		 4481 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
4482 return 0;
4483
70da6243 4484 if (powered) {
229ab39c
JH		 4485 if (powered_update_hci(hdev) == 0)
4486 return 0;
fe038884 4487
229ab39c
JH		 4488 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp,
4489 &match);
4490 goto new_settings;
b24752fe
JH		 4491 }
4492
229ab39c
JH		 4493 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
4494 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status_not_powered);
4495
4496 if (memcmp(hdev->dev_class, zero_cod, sizeof(zero_cod)) != 0)
4497 mgmt_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev,
4498 zero_cod, sizeof(zero_cod), NULL);
4499
4500new_settings:
beadb2bd 4501 err = new_settings(hdev, match.sk);
eec8d2bc
JH		 4502
4503 if (match.sk)
4504 sock_put(match.sk);
4505
7bb895d6 4506 return err;
5add6af8 4507}
73f22f62 4508
3eec705e 4509void mgmt_set_powered_failed(struct hci_dev *hdev, int err)
96570ffc
JH		 4510{
4511 struct pending_cmd *cmd;
4512 u8 status;
4513
4514 cmd = mgmt_pending_find(MGMT_OP_SET_POWERED, hdev);
4515 if (!cmd)
3eec705e 4516 return;
96570ffc
JH		 4517
4518 if (err == -ERFKILL)
4519 status = MGMT_STATUS_RFKILLED;
4520 else
4521 status = MGMT_STATUS_FAILED;
4522
3eec705e 4523 cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_POWERED, status);
96570ffc
JH		 4524
4525 mgmt_pending_remove(cmd);
96570ffc
JH		 4526}
4527
d1967ff8
MH		 4528void mgmt_discoverable_timeout(struct hci_dev *hdev)
4529{
4530 struct hci_request req;
d1967ff8
MH		 4531
4532 hci_dev_lock(hdev);
4533
4534 /* When discoverable timeout triggers, then just make sure
4535 * the limited discoverable flag is cleared. Even in the case
4536 * of a timeout triggered from general discoverable, it is
4537 * safe to unconditionally clear the flag.
4538 */
4539 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
9a43e25f 4540 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
d1967ff8
MH		 4541
4542 hci_req_init(&req, hdev);
4b580614
JH		 4543 if (test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
4544 u8 scan = SCAN_PAGE;
4545 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE,
4546 sizeof(scan), &scan);
4547 }
d1967ff8 4548 update_class(&req);
9a43e25f 4549 update_adv_data(&req);
d1967ff8
MH		 4550 hci_req_run(&req, NULL);
4551
4552 hdev->discov_timeout = 0;
4553
9a43e25f
JH		 4554 new_settings(hdev, NULL);
4555
d1967ff8
MH		 4556 hci_dev_unlock(hdev);
4557}
4558
86a75645 4559void mgmt_discoverable(struct hci_dev *hdev, u8 discoverable)
73f22f62 4560{
86a75645 4561 bool changed;
73f22f62 4562
bfaf8c9f
JH		 4563 /* Nothing needed here if there's a pending command since that
4564 * commands request completion callback takes care of everything
4565 * necessary.
4566 */
4567 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev))
86a75645 4568 return;
bfaf8c9f 4569
9a43e25f 4570 if (discoverable) {
86a75645 4571 changed = !test_and_set_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
9a43e25f
JH		 4572 } else {
4573 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
86a75645 4574 changed = test_and_clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
9a43e25f
JH		 4575 }
4576
4577 if (changed) {
4578 struct hci_request req;
4579
4580 /* In case this change in discoverable was triggered by
4581 * a disabling of connectable there could be a need to
4582 * update the advertising flags.
4583 */
4584 hci_req_init(&req, hdev);
4585 update_adv_data(&req);
4586 hci_req_run(&req, NULL);
73f22f62 4587
86a75645 4588 new_settings(hdev, NULL);
9a43e25f 4589 }
73f22f62 4590}
9fbcbb45 4591
a330916c 4592void mgmt_connectable(struct hci_dev *hdev, u8 connectable)
9fbcbb45 4593{
a330916c 4594 bool changed;
9fbcbb45 4595
d7b856f9
JH		 4596 /* Nothing needed here if there's a pending command since that
4597 * commands request completion callback takes care of everything
4598 * necessary.
4599 */
4600 if (mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev))
a330916c 4601 return;
d7b856f9 4602
a330916c
MH		 4603 if (connectable)
4604 changed = !test_and_set_bit(HCI_CONNECTABLE, &hdev->dev_flags);
4605 else
4606 changed = test_and_clear_bit(HCI_CONNECTABLE, &hdev->dev_flags);
9fbcbb45 4607
beadb2bd 4608 if (changed)
a330916c 4609 new_settings(hdev, NULL);
9fbcbb45 4610}
55ed8ca1 4611
4796e8af 4612void mgmt_write_scan_failed(struct hci_dev *hdev, u8 scan, u8 status)
2d7cee58 4613{
ca69b795
JH		 4614 u8 mgmt_err = mgmt_status(status);
4615
2d7cee58 4616 if (scan & SCAN_PAGE)
744cf19e 4617 mgmt_pending_foreach(MGMT_OP_SET_CONNECTABLE, hdev,
04124681 4618 cmd_status_rsp, &mgmt_err);
2d7cee58
JH		 4619
4620 if (scan & SCAN_INQUIRY)
744cf19e 4621 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, hdev,
04124681 4622 cmd_status_rsp, &mgmt_err);
2d7cee58
JH		 4623}
4624
dc4a5ee2
MH		 4625void mgmt_new_link_key(struct hci_dev *hdev, struct link_key *key,
4626 bool persistent)
55ed8ca1 4627{
86742e1e 4628 struct mgmt_ev_new_link_key ev;
55ed8ca1 4629
a492cd52 4630 memset(&ev, 0, sizeof(ev));
55ed8ca1 4631
a492cd52 4632 ev.store_hint = persistent;
d753fdc4 4633 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
591f47f3 4634 ev.key.addr.type = BDADDR_BREDR;
a492cd52 4635 ev.key.type = key->type;
9b3b4460 4636 memcpy(ev.key.val, key->val, HCI_LINK_KEY_SIZE);
a492cd52 4637 ev.key.pin_len = key->pin_len;
55ed8ca1 4638
dc4a5ee2 4639 mgmt_event(MGMT_EV_NEW_LINK_KEY, hdev, &ev, sizeof(ev), NULL);
55ed8ca1 4640}
f7520543 4641
083368f7 4642void mgmt_new_ltk(struct hci_dev *hdev, struct smp_ltk *key, u8 persistent)
346af67b
VCG		 4643{
4644 struct mgmt_ev_new_long_term_key ev;
4645
4646 memset(&ev, 0, sizeof(ev));
4647
4648 ev.store_hint = persistent;
4649 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
57c1477c 4650 ev.key.addr.type = link_to_bdaddr(LE_LINK, key->bdaddr_type);
346af67b
VCG		 4651 ev.key.authenticated = key->authenticated;
4652 ev.key.enc_size = key->enc_size;
4653 ev.key.ediv = key->ediv;
4654
4655 if (key->type == HCI_SMP_LTK)
4656 ev.key.master = 1;
4657
4658 memcpy(ev.key.rand, key->rand, sizeof(key->rand));
4659 memcpy(ev.key.val, key->val, sizeof(key->val));
4660
083368f7 4661 mgmt_event(MGMT_EV_NEW_LONG_TERM_KEY, hdev, &ev, sizeof(ev), NULL);
346af67b
VCG		 4662}
4663
94933991
MH		 4664static inline u16 eir_append_data(u8 *eir, u16 eir_len, u8 type, u8 *data,
4665 u8 data_len)
4666{
4667 eir[eir_len++] = sizeof(type) + data_len;
4668 eir[eir_len++] = type;
4669 memcpy(&eir[eir_len], data, data_len);
4670 eir_len += data_len;
4671
4672 return eir_len;
4673}
4674
ecd90ae7
MH		 4675void mgmt_device_connected(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
4676 u8 addr_type, u32 flags, u8 *name, u8 name_len,
4677 u8 *dev_class)
f7520543 4678{
b644ba33
JH		 4679 char buf[512];
4680 struct mgmt_ev_device_connected *ev = (void *) buf;
4681 u16 eir_len = 0;
f7520543 4682
b644ba33 4683 bacpy(&ev->addr.bdaddr, bdaddr);
57c1477c 4684 ev->addr.type = link_to_bdaddr(link_type, addr_type);
f7520543 4685
c95f0ba7 4686 ev->flags = __cpu_to_le32(flags);
08c79b61 4687
b644ba33
JH		 4688 if (name_len > 0)
4689 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE,
04124681 4690 name, name_len);
b644ba33
JH		 4691
4692 if (dev_class && memcmp(dev_class, "\0\0\0", 3) != 0)
53156385 4693 eir_len = eir_append_data(ev->eir, eir_len,
04124681 4694 EIR_CLASS_OF_DEV, dev_class, 3);
b644ba33 4695
eb55ef07 4696 ev->eir_len = cpu_to_le16(eir_len);
b644ba33 4697
ecd90ae7
MH		 4698 mgmt_event(MGMT_EV_DEVICE_CONNECTED, hdev, buf,
4699 sizeof(*ev) + eir_len, NULL);
f7520543
JH		 4700}
4701
8962ee74
JH		 4702static void disconnect_rsp(struct pending_cmd *cmd, void *data)
4703{
c68fb7ff 4704 struct mgmt_cp_disconnect *cp = cmd->param;
8962ee74 4705 struct sock **sk = data;
a38528f1 4706 struct mgmt_rp_disconnect rp;
8962ee74 4707
88c3df13
JH		 4708 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
4709 rp.addr.type = cp->addr.type;
8962ee74 4710
aee9b218 4711 cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT, 0, &rp,
04124681 4712 sizeof(rp));
8962ee74
JH		 4713
4714 *sk = cmd->sk;
4715 sock_hold(*sk);
4716
a664b5bc 4717 mgmt_pending_remove(cmd);
8962ee74
JH		 4718}
4719
124f6e35 4720static void unpair_device_rsp(struct pending_cmd *cmd, void *data)
a8a1d19e 4721{
b1078ad0 4722 struct hci_dev *hdev = data;
124f6e35
JH		 4723 struct mgmt_cp_unpair_device *cp = cmd->param;
4724 struct mgmt_rp_unpair_device rp;
a8a1d19e
JH		 4725
4726 memset(&rp, 0, sizeof(rp));
124f6e35
JH		 4727 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
4728 rp.addr.type = cp->addr.type;
a8a1d19e 4729
b1078ad0
JH		 4730 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, cmd->sk);
4731
aee9b218 4732 cmd_complete(cmd->sk, cmd->index, cmd->opcode, 0, &rp, sizeof(rp));
a8a1d19e
JH		 4733
4734 mgmt_pending_remove(cmd);
4735}
4736
9b80ec5e
MH		 4737void mgmt_device_disconnected(struct hci_dev *hdev, bdaddr_t *bdaddr,
4738 u8 link_type, u8 addr_type, u8 reason)
f7520543 4739{
f0d6a0ea 4740 struct mgmt_ev_device_disconnected ev;
8962ee74 4741 struct sock *sk = NULL;
8962ee74 4742
57eb776f
AG		 4743 if (link_type != ACL_LINK && link_type != LE_LINK)
4744 return;
4745
744cf19e 4746 mgmt_pending_foreach(MGMT_OP_DISCONNECT, hdev, disconnect_rsp, &sk);
f7520543 4747
f0d6a0ea
MA		 4748 bacpy(&ev.addr.bdaddr, bdaddr);
4749 ev.addr.type = link_to_bdaddr(link_type, addr_type);
4750 ev.reason = reason;
f7520543 4751
9b80ec5e 4752 mgmt_event(MGMT_EV_DEVICE_DISCONNECTED, hdev, &ev, sizeof(ev), sk);
8962ee74
JH		 4753
4754 if (sk)
d97dcb66 4755 sock_put(sk);
8962ee74 4756
124f6e35 4757 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
04124681 4758 hdev);
8962ee74
JH		 4759}
4760
7892924c
MH		 4761void mgmt_disconnect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr,
4762 u8 link_type, u8 addr_type, u8 status)
8962ee74 4763{
3655bba8
AG		 4764 u8 bdaddr_type = link_to_bdaddr(link_type, addr_type);
4765 struct mgmt_cp_disconnect *cp;
88c3df13 4766 struct mgmt_rp_disconnect rp;
8962ee74 4767 struct pending_cmd *cmd;
8962ee74 4768
36a75f1b
JD		 4769 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
4770 hdev);
4771
2e58ef3e 4772 cmd = mgmt_pending_find(MGMT_OP_DISCONNECT, hdev);
8962ee74 4773 if (!cmd)
7892924c 4774 return;
8962ee74 4775
3655bba8
AG		 4776 cp = cmd->param;
4777
4778 if (bacmp(bdaddr, &cp->addr.bdaddr))
4779 return;
4780
4781 if (cp->addr.type != bdaddr_type)
4782 return;
4783
88c3df13 4784 bacpy(&rp.addr.bdaddr, bdaddr);
3655bba8 4785 rp.addr.type = bdaddr_type;
37d9ef76 4786
7892924c
MH		 4787 cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT,
4788 mgmt_status(status), &rp, sizeof(rp));
8962ee74 4789
a664b5bc 4790 mgmt_pending_remove(cmd);
f7520543 4791}
17d5c04c 4792
445608d0
MH		 4793void mgmt_connect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
4794 u8 addr_type, u8 status)
17d5c04c
JH		 4795{
4796 struct mgmt_ev_connect_failed ev;
4797
4c659c39 4798 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 4799 ev.addr.type = link_to_bdaddr(link_type, addr_type);
ca69b795 4800 ev.status = mgmt_status(status);
17d5c04c 4801
445608d0 4802 mgmt_event(MGMT_EV_CONNECT_FAILED, hdev, &ev, sizeof(ev), NULL);
17d5c04c 4803}
980e1a53 4804
ce0e4a0d 4805void mgmt_pin_code_request(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 secure)
980e1a53
JH		 4806{
4807 struct mgmt_ev_pin_code_request ev;
4808
d8457698 4809 bacpy(&ev.addr.bdaddr, bdaddr);
591f47f3 4810 ev.addr.type = BDADDR_BREDR;
a770bb5a 4811 ev.secure = secure;
980e1a53 4812
ce0e4a0d 4813 mgmt_event(MGMT_EV_PIN_CODE_REQUEST, hdev, &ev, sizeof(ev), NULL);
980e1a53
JH		 4814}
4815
e669cf80
MH		 4816void mgmt_pin_code_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
4817 u8 status)
980e1a53
JH		 4818{
4819 struct pending_cmd *cmd;
ac56fb13 4820 struct mgmt_rp_pin_code_reply rp;
980e1a53 4821
2e58ef3e 4822 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_REPLY, hdev);
980e1a53 4823 if (!cmd)
e669cf80 4824 return;
980e1a53 4825
d8457698 4826 bacpy(&rp.addr.bdaddr, bdaddr);
591f47f3 4827 rp.addr.type = BDADDR_BREDR;
ac56fb13 4828
e669cf80
MH		 4829 cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
4830 mgmt_status(status), &rp, sizeof(rp));
980e1a53 4831
a664b5bc 4832 mgmt_pending_remove(cmd);
980e1a53
JH		 4833}
4834
3eb38528
MH		 4835void mgmt_pin_code_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
4836 u8 status)
980e1a53
JH		 4837{
4838 struct pending_cmd *cmd;
ac56fb13 4839 struct mgmt_rp_pin_code_reply rp;
980e1a53 4840
2e58ef3e 4841 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_NEG_REPLY, hdev);
980e1a53 4842 if (!cmd)
3eb38528 4843 return;
980e1a53 4844
d8457698 4845 bacpy(&rp.addr.bdaddr, bdaddr);
591f47f3 4846 rp.addr.type = BDADDR_BREDR;
ac56fb13 4847
3eb38528
MH		 4848 cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_NEG_REPLY,
4849 mgmt_status(status), &rp, sizeof(rp));
980e1a53 4850
a664b5bc 4851 mgmt_pending_remove(cmd);
980e1a53 4852}
a5c29683 4853
744cf19e 4854int mgmt_user_confirm_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681
GP		 4855 u8 link_type, u8 addr_type, __le32 value,
4856 u8 confirm_hint)
a5c29683
JH		 4857{
4858 struct mgmt_ev_user_confirm_request ev;
4859
744cf19e 4860 BT_DBG("%s", hdev->name);
a5c29683 4861
272d90df 4862 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 4863 ev.addr.type = link_to_bdaddr(link_type, addr_type);
55bc1a37 4864 ev.confirm_hint = confirm_hint;
78e8098e 4865 ev.value = value;
a5c29683 4866
744cf19e 4867 return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST, hdev, &ev, sizeof(ev),
04124681 4868 NULL);
a5c29683
JH		 4869}
4870
272d90df 4871int mgmt_user_passkey_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
8ce8e2b5 4872 u8 link_type, u8 addr_type)
604086b7
BG		 4873{
4874 struct mgmt_ev_user_passkey_request ev;
4875
4876 BT_DBG("%s", hdev->name);
4877
272d90df 4878 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 4879 ev.addr.type = link_to_bdaddr(link_type, addr_type);
604086b7
BG		 4880
4881 return mgmt_event(MGMT_EV_USER_PASSKEY_REQUEST, hdev, &ev, sizeof(ev),
04124681 4882 NULL);
604086b7
BG		 4883}
4884
0df4c185 4885static int user_pairing_resp_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
8ce8e2b5
GP		 4886 u8 link_type, u8 addr_type, u8 status,
4887 u8 opcode)
a5c29683
JH		 4888{
4889 struct pending_cmd *cmd;
4890 struct mgmt_rp_user_confirm_reply rp;
4891 int err;
4892
2e58ef3e 4893 cmd = mgmt_pending_find(opcode, hdev);
a5c29683
JH		 4894 if (!cmd)
4895 return -ENOENT;
4896
272d90df 4897 bacpy(&rp.addr.bdaddr, bdaddr);
57c1477c 4898 rp.addr.type = link_to_bdaddr(link_type, addr_type);
aee9b218 4899 err = cmd_complete(cmd->sk, hdev->id, opcode, mgmt_status(status),
04124681 4900 &rp, sizeof(rp));
a5c29683 4901
a664b5bc 4902 mgmt_pending_remove(cmd);
a5c29683
JH		 4903
4904 return err;
4905}
4906
744cf19e 4907int mgmt_user_confirm_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 4908 u8 link_type, u8 addr_type, u8 status)
a5c29683 4909{
272d90df 4910 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
04124681 4911 status, MGMT_OP_USER_CONFIRM_REPLY);
a5c29683
JH		 4912}
4913
272d90df 4914int mgmt_user_confirm_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 4915 u8 link_type, u8 addr_type, u8 status)
a5c29683 4916{
272d90df 4917 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
8fc9ced3
GP		 4918 status,
4919 MGMT_OP_USER_CONFIRM_NEG_REPLY);
a5c29683 4920}
2a611692 4921
604086b7 4922int mgmt_user_passkey_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 4923 u8 link_type, u8 addr_type, u8 status)
604086b7 4924{
272d90df 4925 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
04124681 4926 status, MGMT_OP_USER_PASSKEY_REPLY);
604086b7
BG		 4927}
4928
272d90df 4929int mgmt_user_passkey_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 4930 u8 link_type, u8 addr_type, u8 status)
604086b7 4931{
272d90df 4932 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
8fc9ced3
GP		 4933 status,
4934 MGMT_OP_USER_PASSKEY_NEG_REPLY);
604086b7
BG		 4935}
4936
92a25256
JH		 4937int mgmt_user_passkey_notify(struct hci_dev *hdev, bdaddr_t *bdaddr,
4938 u8 link_type, u8 addr_type, u32 passkey,
4939 u8 entered)
4940{
4941 struct mgmt_ev_passkey_notify ev;
4942
4943 BT_DBG("%s", hdev->name);
4944
4945 bacpy(&ev.addr.bdaddr, bdaddr);
4946 ev.addr.type = link_to_bdaddr(link_type, addr_type);
4947 ev.passkey = __cpu_to_le32(passkey);
4948 ev.entered = entered;
4949
4950 return mgmt_event(MGMT_EV_PASSKEY_NOTIFY, hdev, &ev, sizeof(ev), NULL);
4951}
4952
e546099c
MH		 4953void mgmt_auth_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
4954 u8 addr_type, u8 status)
2a611692
JH		 4955{
4956 struct mgmt_ev_auth_failed ev;
4957
bab73cb6 4958 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 4959 ev.addr.type = link_to_bdaddr(link_type, addr_type);
ca69b795 4960 ev.status = mgmt_status(status);
2a611692 4961
e546099c 4962 mgmt_event(MGMT_EV_AUTH_FAILED, hdev, &ev, sizeof(ev), NULL);
2a611692 4963}
b312b161 4964
464996ae 4965void mgmt_auth_enable_complete(struct hci_dev *hdev, u8 status)
33ef95ed
JH		 4966{
4967 struct cmd_lookup match = { NULL, hdev };
464996ae 4968 bool changed;
33ef95ed
JH		 4969
4970 if (status) {
4971 u8 mgmt_err = mgmt_status(status);
4972 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev,
04124681 4973 cmd_status_rsp, &mgmt_err);
464996ae 4974 return;
33ef95ed
JH		 4975 }
4976
464996ae
MH		 4977 if (test_bit(HCI_AUTH, &hdev->flags))
4978 changed = !test_and_set_bit(HCI_LINK_SECURITY,
4979 &hdev->dev_flags);
4980 else
4981 changed = test_and_clear_bit(HCI_LINK_SECURITY,
4982 &hdev->dev_flags);
47990ea0 4983
33ef95ed 4984 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev, settings_rsp,
04124681 4985 &match);
33ef95ed 4986
47990ea0 4987 if (changed)
464996ae 4988 new_settings(hdev, match.sk);
33ef95ed
JH		 4989
4990 if (match.sk)
4991 sock_put(match.sk);
33ef95ed
JH		 4992}
4993
890ea898 4994static void clear_eir(struct hci_request *req)
cacaf52f 4995{
890ea898 4996 struct hci_dev *hdev = req->hdev;
cacaf52f
JH		 4997 struct hci_cp_write_eir cp;
4998
976eb20e 4999 if (!lmp_ext_inq_capable(hdev))
890ea898 5000 return;
cacaf52f 5001
c80da27e
JH		 5002 memset(hdev->eir, 0, sizeof(hdev->eir));
5003
cacaf52f
JH		 5004 memset(&cp, 0, sizeof(cp));
5005
890ea898 5006 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
cacaf52f
JH		 5007}
5008
3e248560 5009void mgmt_ssp_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
ed2c4ee3
JH		 5010{
5011 struct cmd_lookup match = { NULL, hdev };
890ea898 5012 struct hci_request req;
c0ecddc2 5013 bool changed = false;
ed2c4ee3
JH		 5014
5015 if (status) {
5016 u8 mgmt_err = mgmt_status(status);
c0ecddc2
JH		 5017
5018 if (enable && test_and_clear_bit(HCI_SSP_ENABLED,
9ecb3e24
MH		 5019 &hdev->dev_flags)) {
5020 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
3e248560 5021 new_settings(hdev, NULL);
9ecb3e24 5022 }
c0ecddc2 5023
04124681
GP		 5024 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, cmd_status_rsp,
5025 &mgmt_err);
3e248560 5026 return;
c0ecddc2
JH		 5027 }
5028
5029 if (enable) {
9ecb3e24 5030 changed = !test_and_set_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
c0ecddc2 5031 } else {
9ecb3e24
MH		 5032 changed = test_and_clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
5033 if (!changed)
5034 changed = test_and_clear_bit(HCI_HS_ENABLED,
5035 &hdev->dev_flags);
5036 else
5037 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
ed2c4ee3
JH		 5038 }
5039
5040 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, settings_rsp, &match);
5041
c0ecddc2 5042 if (changed)
3e248560 5043 new_settings(hdev, match.sk);
ed2c4ee3 5044
5fc6ebb1 5045 if (match.sk)
ed2c4ee3
JH		 5046 sock_put(match.sk);
5047
890ea898
JH		 5048 hci_req_init(&req, hdev);
5049
5fc6ebb1 5050 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
890ea898 5051 update_eir(&req);
5fc6ebb1 5052 else
890ea898
JH		 5053 clear_eir(&req);
5054
5055 hci_req_run(&req, NULL);
ed2c4ee3
JH		 5056}
5057
eac83dc6
MH		 5058void mgmt_sc_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
5059{
5060 struct cmd_lookup match = { NULL, hdev };
5061 bool changed = false;
5062
5063 if (status) {
5064 u8 mgmt_err = mgmt_status(status);
5065
5066 if (enable && test_and_clear_bit(HCI_SC_ENABLED,
5067 &hdev->dev_flags))
5068 new_settings(hdev, NULL);
5069
5070 mgmt_pending_foreach(MGMT_OP_SET_SECURE_CONN, hdev,
5071 cmd_status_rsp, &mgmt_err);
5072 return;
5073 }
5074
5075 if (enable)
5076 changed = !test_and_set_bit(HCI_SC_ENABLED, &hdev->dev_flags);
5077 else
5078 changed = test_and_clear_bit(HCI_SC_ENABLED, &hdev->dev_flags);
5079
5080 mgmt_pending_foreach(MGMT_OP_SET_SECURE_CONN, hdev,
5081 settings_rsp, &match);
5082
5083 if (changed)
5084 new_settings(hdev, match.sk);
5085
5086 if (match.sk)
5087 sock_put(match.sk);
5088}
5089
92da6097 5090static void sk_lookup(struct pending_cmd *cmd, void *data)
90e70454
JH		 5091{
5092 struct cmd_lookup *match = data;
5093
90e70454
JH		 5094 if (match->sk == NULL) {
5095 match->sk = cmd->sk;
5096 sock_hold(match->sk);
5097 }
90e70454
JH		 5098}
5099
4e1b0245
MH		 5100void mgmt_set_class_of_dev_complete(struct hci_dev *hdev, u8 *dev_class,
5101 u8 status)
7f9a903c 5102{
90e70454 5103 struct cmd_lookup match = { NULL, hdev, mgmt_status(status) };
7f9a903c 5104
92da6097
JH		 5105 mgmt_pending_foreach(MGMT_OP_SET_DEV_CLASS, hdev, sk_lookup, &match);
5106 mgmt_pending_foreach(MGMT_OP_ADD_UUID, hdev, sk_lookup, &match);
5107 mgmt_pending_foreach(MGMT_OP_REMOVE_UUID, hdev, sk_lookup, &match);
90e70454
JH		 5108
5109 if (!status)
4e1b0245
MH		 5110 mgmt_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev, dev_class, 3,
5111 NULL);
90e70454
JH		 5112
5113 if (match.sk)
5114 sock_put(match.sk);
7f9a903c
MH		 5115}
5116
7667da34 5117void mgmt_set_local_name_complete(struct hci_dev *hdev, u8 *name, u8 status)
b312b161 5118{
b312b161 5119 struct mgmt_cp_set_local_name ev;
13928971 5120 struct pending_cmd *cmd;
28cc7bde 5121
13928971 5122 if (status)
7667da34 5123 return;
b312b161
JH		 5124
5125 memset(&ev, 0, sizeof(ev));
5126 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH);
28cc7bde 5127 memcpy(ev.short_name, hdev->short_name, HCI_MAX_SHORT_NAME_LENGTH);
b312b161 5128
2e58ef3e 5129 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
13928971
JH		 5130 if (!cmd) {
5131 memcpy(hdev->dev_name, name, sizeof(hdev->dev_name));
28cc7bde 5132
13928971
JH		 5133 /* If this is a HCI command related to powering on the
5134 * HCI dev don't send any mgmt signals.
5135 */
5136 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev))
7667da34 5137 return;
890ea898 5138 }
b312b161 5139
7667da34
MH		 5140 mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, &ev, sizeof(ev),
5141 cmd ? cmd->sk : NULL);
b312b161 5142}
c35938b2 5143
4d2d2796
MH		 5144void mgmt_read_local_oob_data_complete(struct hci_dev *hdev, u8 *hash192,
5145 u8 *randomizer192, u8 *hash256,
5146 u8 *randomizer256, u8 status)
c35938b2
SJ		 5147{
5148 struct pending_cmd *cmd;
c35938b2 5149
744cf19e 5150 BT_DBG("%s status %u", hdev->name, status);
c35938b2 5151
2e58ef3e 5152 cmd = mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev);
c35938b2 5153 if (!cmd)
3edaf092 5154 return;
c35938b2
SJ		 5155
5156 if (status) {
3edaf092
MH		 5157 cmd_status(cmd->sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
5158 mgmt_status(status));
c35938b2 5159 } else {
4d2d2796
MH		 5160 if (test_bit(HCI_SC_ENABLED, &hdev->dev_flags) &&
5161 hash256 && randomizer256) {
5162 struct mgmt_rp_read_local_oob_ext_data rp;
5163
5164 memcpy(rp.hash192, hash192, sizeof(rp.hash192));
5165 memcpy(rp.randomizer192, randomizer192,
5166 sizeof(rp.randomizer192));
c35938b2 5167
4d2d2796
MH		 5168 memcpy(rp.hash256, hash256, sizeof(rp.hash256));
5169 memcpy(rp.randomizer256, randomizer256,
5170 sizeof(rp.randomizer256));
c35938b2 5171
4d2d2796
MH		 5172 cmd_complete(cmd->sk, hdev->id,
5173 MGMT_OP_READ_LOCAL_OOB_DATA, 0,
5174 &rp, sizeof(rp));
5175 } else {
5176 struct mgmt_rp_read_local_oob_data rp;
5177
5178 memcpy(rp.hash, hash192, sizeof(rp.hash));
5179 memcpy(rp.randomizer, randomizer192,
5180 sizeof(rp.randomizer));
5181
5182 cmd_complete(cmd->sk, hdev->id,
5183 MGMT_OP_READ_LOCAL_OOB_DATA, 0,
5184 &rp, sizeof(rp));
5185 }
c35938b2
SJ		 5186 }
5187
5188 mgmt_pending_remove(cmd);
c35938b2 5189}
e17acd40 5190
901801b9
MH		 5191void mgmt_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
5192 u8 addr_type, u8 *dev_class, s8 rssi, u8 cfm_name, u8
5193 ssp, u8 *eir, u16 eir_len)
e17acd40 5194{
e319d2e7
JH		 5195 char buf[512];
5196 struct mgmt_ev_device_found *ev = (void *) buf;
1dc06093 5197 size_t ev_size;
e17acd40 5198
12602d0c 5199 if (!hci_discovery_active(hdev))
901801b9 5200 return;
12602d0c 5201
1dc06093
JH		 5202 /* Leave 5 bytes for a potential CoD field */
5203 if (sizeof(*ev) + eir_len + 5 > sizeof(buf))
901801b9 5204 return;
7d262f86 5205
1dc06093
JH		 5206 memset(buf, 0, sizeof(buf));
5207
e319d2e7 5208 bacpy(&ev->addr.bdaddr, bdaddr);
57c1477c 5209 ev->addr.type = link_to_bdaddr(link_type, addr_type);
e319d2e7 5210 ev->rssi = rssi;
9a395a80 5211 if (cfm_name)
612dfce9 5212 ev->flags |= __constant_cpu_to_le32(MGMT_DEV_FOUND_CONFIRM_NAME);
388fc8fa 5213 if (!ssp)
612dfce9 5214 ev->flags |= __constant_cpu_to_le32(MGMT_DEV_FOUND_LEGACY_PAIRING);
e17acd40 5215
1dc06093 5216 if (eir_len > 0)
e319d2e7 5217 memcpy(ev->eir, eir, eir_len);
e17acd40 5218
1dc06093
JH		 5219 if (dev_class && !eir_has_data_type(ev->eir, eir_len, EIR_CLASS_OF_DEV))
5220 eir_len = eir_append_data(ev->eir, eir_len, EIR_CLASS_OF_DEV,
04124681 5221 dev_class, 3);
1dc06093 5222
eb55ef07 5223 ev->eir_len = cpu_to_le16(eir_len);
1dc06093 5224 ev_size = sizeof(*ev) + eir_len;
f8523598 5225
901801b9 5226 mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, ev_size, NULL);
e17acd40 5227}
a88a9652 5228
9cf12aee
MH		 5229void mgmt_remote_name(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
5230 u8 addr_type, s8 rssi, u8 *name, u8 name_len)
a88a9652 5231{
b644ba33
JH		 5232 struct mgmt_ev_device_found *ev;
5233 char buf[sizeof(*ev) + HCI_MAX_NAME_LENGTH + 2];
5234 u16 eir_len;
a88a9652 5235
b644ba33 5236 ev = (struct mgmt_ev_device_found *) buf;
a88a9652 5237
b644ba33
JH		 5238 memset(buf, 0, sizeof(buf));
5239
5240 bacpy(&ev->addr.bdaddr, bdaddr);
57c1477c 5241 ev->addr.type = link_to_bdaddr(link_type, addr_type);
b644ba33
JH		 5242 ev->rssi = rssi;
5243
5244 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE, name,
04124681 5245 name_len);
b644ba33 5246
eb55ef07 5247 ev->eir_len = cpu_to_le16(eir_len);
a88a9652 5248
9cf12aee 5249 mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, sizeof(*ev) + eir_len, NULL);
a88a9652 5250}
314b2381 5251
2f1e063b 5252void mgmt_discovering(struct hci_dev *hdev, u8 discovering)
314b2381 5253{
f963e8e9 5254 struct mgmt_ev_discovering ev;
164a6e78
JH		 5255 struct pending_cmd *cmd;
5256
343fb145
AG		 5257 BT_DBG("%s discovering %u", hdev->name, discovering);
5258
164a6e78 5259 if (discovering)
2e58ef3e 5260 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
164a6e78 5261 else
2e58ef3e 5262 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
164a6e78
JH		 5263
5264 if (cmd != NULL) {
f808e166
JH		 5265 u8 type = hdev->discovery.type;
5266
04124681
GP		 5267 cmd_complete(cmd->sk, hdev->id, cmd->opcode, 0, &type,
5268 sizeof(type));
164a6e78
JH		 5269 mgmt_pending_remove(cmd);
5270 }
5271
f963e8e9
JH		 5272 memset(&ev, 0, sizeof(ev));
5273 ev.type = hdev->discovery.type;
5274 ev.discovering = discovering;
5275
2f1e063b 5276 mgmt_event(MGMT_EV_DISCOVERING, hdev, &ev, sizeof(ev), NULL);
314b2381 5277}
5e762444 5278
88c1fe4b 5279int mgmt_device_blocked(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
5e762444
AJ		 5280{
5281 struct pending_cmd *cmd;
5282 struct mgmt_ev_device_blocked ev;
5283
2e58ef3e 5284 cmd = mgmt_pending_find(MGMT_OP_BLOCK_DEVICE, hdev);
5e762444 5285
88c1fe4b
JH		 5286 bacpy(&ev.addr.bdaddr, bdaddr);
5287 ev.addr.type = type;
5e762444 5288
744cf19e 5289 return mgmt_event(MGMT_EV_DEVICE_BLOCKED, hdev, &ev, sizeof(ev),
04124681 5290 cmd ? cmd->sk : NULL);
5e762444
AJ		 5291}
5292
88c1fe4b 5293int mgmt_device_unblocked(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
5e762444
AJ		 5294{
5295 struct pending_cmd *cmd;
5296 struct mgmt_ev_device_unblocked ev;
5297
2e58ef3e 5298 cmd = mgmt_pending_find(MGMT_OP_UNBLOCK_DEVICE, hdev);
5e762444 5299
88c1fe4b
JH		 5300 bacpy(&ev.addr.bdaddr, bdaddr);
5301 ev.addr.type = type;
5e762444 5302
744cf19e 5303 return mgmt_event(MGMT_EV_DEVICE_UNBLOCKED, hdev, &ev, sizeof(ev),
04124681 5304 cmd ? cmd->sk : NULL);
5e762444 5305}
5976e608
MH		 5306
5307static void adv_enable_complete(struct hci_dev *hdev, u8 status)
5308{
5309 BT_DBG("%s status %u", hdev->name, status);
5310
5311 /* Clear the advertising mgmt setting if we failed to re-enable it */
5312 if (status) {
5313 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
a6d811ed 5314 new_settings(hdev, NULL);
5976e608
MH		 5315 }
5316}
5317
5318void mgmt_reenable_advertising(struct hci_dev *hdev)
5319{
5320 struct hci_request req;
5321
b145edcd 5322 if (hci_conn_num(hdev, LE_LINK) > 0)
5976e608
MH		 5323 return;
5324
5325 if (!test_bit(HCI_ADVERTISING, &hdev->dev_flags))
5326 return;
5327
5328 hci_req_init(&req, hdev);
5329 enable_advertising(&req);
5330
5331 /* If this fails we have no option but to let user space know
5332 * that we've disabled advertising.
5333 */
5334 if (hci_req_run(&req, adv_enable_complete) < 0) {
5335 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
a6d811ed 5336 new_settings(hdev, NULL);
5976e608
MH		 5337 }
5338}
ubuntu-zesty-kernel mirror