projects / GitHub / mt8127 / android_kernel_alcatel_ttab.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/bluetooth...
[GitHub/mt8127/android_kernel_alcatel_ttab.git] / net / bluetooth / mgmt.c
CommitLineData
0381101f
JH		 1/*
2 BlueZ - Bluetooth protocol stack for Linux
ea585ab5 3
0381101f 4 Copyright (C) 2010 Nokia Corporation
ea585ab5 5 Copyright (C) 2011-2012 Intel Corporation
0381101f
JH		 6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
10
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
23*/
24
25/* Bluetooth HCI Management interface */
26
3a9a231d 27#include <linux/module.h>
0381101f
JH		 28#include <asm/unaligned.h>
29
30#include <net/bluetooth/bluetooth.h>
31#include <net/bluetooth/hci_core.h>
32#include <net/bluetooth/mgmt.h>
5fe57d9e 33#include <net/bluetooth/smp.h>
0381101f 34
d7b7e796 35bool enable_hs;
d7b7e796 36
2da9c55c 37#define MGMT_VERSION 1
3810285c 38#define MGMT_REVISION 3
02d98129 39
e70bb2e8
JH		 40static const u16 mgmt_commands[] = {
41 MGMT_OP_READ_INDEX_LIST,
42 MGMT_OP_READ_INFO,
43 MGMT_OP_SET_POWERED,
44 MGMT_OP_SET_DISCOVERABLE,
45 MGMT_OP_SET_CONNECTABLE,
46 MGMT_OP_SET_FAST_CONNECTABLE,
47 MGMT_OP_SET_PAIRABLE,
48 MGMT_OP_SET_LINK_SECURITY,
49 MGMT_OP_SET_SSP,
50 MGMT_OP_SET_HS,
51 MGMT_OP_SET_LE,
52 MGMT_OP_SET_DEV_CLASS,
53 MGMT_OP_SET_LOCAL_NAME,
54 MGMT_OP_ADD_UUID,
55 MGMT_OP_REMOVE_UUID,
56 MGMT_OP_LOAD_LINK_KEYS,
57 MGMT_OP_LOAD_LONG_TERM_KEYS,
58 MGMT_OP_DISCONNECT,
59 MGMT_OP_GET_CONNECTIONS,
60 MGMT_OP_PIN_CODE_REPLY,
61 MGMT_OP_PIN_CODE_NEG_REPLY,
62 MGMT_OP_SET_IO_CAPABILITY,
63 MGMT_OP_PAIR_DEVICE,
64 MGMT_OP_CANCEL_PAIR_DEVICE,
65 MGMT_OP_UNPAIR_DEVICE,
66 MGMT_OP_USER_CONFIRM_REPLY,
67 MGMT_OP_USER_CONFIRM_NEG_REPLY,
68 MGMT_OP_USER_PASSKEY_REPLY,
69 MGMT_OP_USER_PASSKEY_NEG_REPLY,
70 MGMT_OP_READ_LOCAL_OOB_DATA,
71 MGMT_OP_ADD_REMOTE_OOB_DATA,
72 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
73 MGMT_OP_START_DISCOVERY,
74 MGMT_OP_STOP_DISCOVERY,
75 MGMT_OP_CONFIRM_NAME,
76 MGMT_OP_BLOCK_DEVICE,
77 MGMT_OP_UNBLOCK_DEVICE,
cdbaccca 78 MGMT_OP_SET_DEVICE_ID,
e70bb2e8
JH		 79};
80
81static const u16 mgmt_events[] = {
82 MGMT_EV_CONTROLLER_ERROR,
83 MGMT_EV_INDEX_ADDED,
84 MGMT_EV_INDEX_REMOVED,
85 MGMT_EV_NEW_SETTINGS,
86 MGMT_EV_CLASS_OF_DEV_CHANGED,
87 MGMT_EV_LOCAL_NAME_CHANGED,
88 MGMT_EV_NEW_LINK_KEY,
89 MGMT_EV_NEW_LONG_TERM_KEY,
90 MGMT_EV_DEVICE_CONNECTED,
91 MGMT_EV_DEVICE_DISCONNECTED,
92 MGMT_EV_CONNECT_FAILED,
93 MGMT_EV_PIN_CODE_REQUEST,
94 MGMT_EV_USER_CONFIRM_REQUEST,
95 MGMT_EV_USER_PASSKEY_REQUEST,
96 MGMT_EV_AUTH_FAILED,
97 MGMT_EV_DEVICE_FOUND,
98 MGMT_EV_DISCOVERING,
99 MGMT_EV_DEVICE_BLOCKED,
100 MGMT_EV_DEVICE_UNBLOCKED,
101 MGMT_EV_DEVICE_UNPAIRED,
92a25256 102 MGMT_EV_PASSKEY_NOTIFY,
e70bb2e8
JH		 103};
104
3fd24153
AG		 105/*
106 * These LE scan and inquiry parameters were chosen according to LE General
107 * Discovery Procedure specification.
108 */
109#define LE_SCAN_TYPE 0x01
110#define LE_SCAN_WIN 0x12
111#define LE_SCAN_INT 0x12
112#define LE_SCAN_TIMEOUT_LE_ONLY 10240 /* TGAP(gen_disc_scan_min) */
5e0452c0 113#define LE_SCAN_TIMEOUT_BREDR_LE 5120 /* TGAP(100)/2 */
3fd24153 114
e8777525 115#define INQUIRY_LEN_BREDR 0x08 /* TGAP(100) */
5e0452c0 116#define INQUIRY_LEN_BREDR_LE 0x04 /* TGAP(100)/2 */
2519a1fc 117
17b02e62 118#define CACHE_TIMEOUT msecs_to_jiffies(2 * 1000)
7d78525d 119
4b34ee78
JH		 120#define hdev_is_powered(hdev) (test_bit(HCI_UP, &hdev->flags) && \
121 !test_bit(HCI_AUTO_OFF, &hdev->dev_flags))
122
eec8d2bc
JH		 123struct pending_cmd {
124 struct list_head list;
fc2f4b13 125 u16 opcode;
eec8d2bc 126 int index;
c68fb7ff 127 void *param;
eec8d2bc 128 struct sock *sk;
e9a416b5 129 void *user_data;
eec8d2bc
JH		 130};
131
ca69b795
JH		 132/* HCI to MGMT error code conversion table */
133static u8 mgmt_status_table[] = {
134 MGMT_STATUS_SUCCESS,
135 MGMT_STATUS_UNKNOWN_COMMAND, /* Unknown Command */
136 MGMT_STATUS_NOT_CONNECTED, /* No Connection */
137 MGMT_STATUS_FAILED, /* Hardware Failure */
138 MGMT_STATUS_CONNECT_FAILED, /* Page Timeout */
139 MGMT_STATUS_AUTH_FAILED, /* Authentication Failed */
140 MGMT_STATUS_NOT_PAIRED, /* PIN or Key Missing */
141 MGMT_STATUS_NO_RESOURCES, /* Memory Full */
142 MGMT_STATUS_TIMEOUT, /* Connection Timeout */
143 MGMT_STATUS_NO_RESOURCES, /* Max Number of Connections */
144 MGMT_STATUS_NO_RESOURCES, /* Max Number of SCO Connections */
145 MGMT_STATUS_ALREADY_CONNECTED, /* ACL Connection Exists */
146 MGMT_STATUS_BUSY, /* Command Disallowed */
147 MGMT_STATUS_NO_RESOURCES, /* Rejected Limited Resources */
148 MGMT_STATUS_REJECTED, /* Rejected Security */
149 MGMT_STATUS_REJECTED, /* Rejected Personal */
150 MGMT_STATUS_TIMEOUT, /* Host Timeout */
151 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Feature */
152 MGMT_STATUS_INVALID_PARAMS, /* Invalid Parameters */
153 MGMT_STATUS_DISCONNECTED, /* OE User Ended Connection */
154 MGMT_STATUS_NO_RESOURCES, /* OE Low Resources */
155 MGMT_STATUS_DISCONNECTED, /* OE Power Off */
156 MGMT_STATUS_DISCONNECTED, /* Connection Terminated */
157 MGMT_STATUS_BUSY, /* Repeated Attempts */
158 MGMT_STATUS_REJECTED, /* Pairing Not Allowed */
159 MGMT_STATUS_FAILED, /* Unknown LMP PDU */
160 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Remote Feature */
161 MGMT_STATUS_REJECTED, /* SCO Offset Rejected */
162 MGMT_STATUS_REJECTED, /* SCO Interval Rejected */
163 MGMT_STATUS_REJECTED, /* Air Mode Rejected */
164 MGMT_STATUS_INVALID_PARAMS, /* Invalid LMP Parameters */
165 MGMT_STATUS_FAILED, /* Unspecified Error */
166 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported LMP Parameter Value */
167 MGMT_STATUS_FAILED, /* Role Change Not Allowed */
168 MGMT_STATUS_TIMEOUT, /* LMP Response Timeout */
169 MGMT_STATUS_FAILED, /* LMP Error Transaction Collision */
170 MGMT_STATUS_FAILED, /* LMP PDU Not Allowed */
171 MGMT_STATUS_REJECTED, /* Encryption Mode Not Accepted */
172 MGMT_STATUS_FAILED, /* Unit Link Key Used */
173 MGMT_STATUS_NOT_SUPPORTED, /* QoS Not Supported */
174 MGMT_STATUS_TIMEOUT, /* Instant Passed */
175 MGMT_STATUS_NOT_SUPPORTED, /* Pairing Not Supported */
176 MGMT_STATUS_FAILED, /* Transaction Collision */
177 MGMT_STATUS_INVALID_PARAMS, /* Unacceptable Parameter */
178 MGMT_STATUS_REJECTED, /* QoS Rejected */
179 MGMT_STATUS_NOT_SUPPORTED, /* Classification Not Supported */
180 MGMT_STATUS_REJECTED, /* Insufficient Security */
181 MGMT_STATUS_INVALID_PARAMS, /* Parameter Out Of Range */
182 MGMT_STATUS_BUSY, /* Role Switch Pending */
183 MGMT_STATUS_FAILED, /* Slot Violation */
184 MGMT_STATUS_FAILED, /* Role Switch Failed */
185 MGMT_STATUS_INVALID_PARAMS, /* EIR Too Large */
186 MGMT_STATUS_NOT_SUPPORTED, /* Simple Pairing Not Supported */
187 MGMT_STATUS_BUSY, /* Host Busy Pairing */
188 MGMT_STATUS_REJECTED, /* Rejected, No Suitable Channel */
189 MGMT_STATUS_BUSY, /* Controller Busy */
190 MGMT_STATUS_INVALID_PARAMS, /* Unsuitable Connection Interval */
191 MGMT_STATUS_TIMEOUT, /* Directed Advertising Timeout */
192 MGMT_STATUS_AUTH_FAILED, /* Terminated Due to MIC Failure */
193 MGMT_STATUS_CONNECT_FAILED, /* Connection Establishment Failed */
194 MGMT_STATUS_CONNECT_FAILED, /* MAC Connection Failed */
195};
196
bb4b2a9a
AE		 197bool mgmt_valid_hdev(struct hci_dev *hdev)
198{
199 return hdev->dev_type == HCI_BREDR;
200}
201
ca69b795
JH		 202static u8 mgmt_status(u8 hci_status)
203{
204 if (hci_status < ARRAY_SIZE(mgmt_status_table))
205 return mgmt_status_table[hci_status];
206
207 return MGMT_STATUS_FAILED;
208}
209
4e51eae9 210static int cmd_status(struct sock *sk, u16 index, u16 cmd, u8 status)
f7b64e69
JH		 211{
212 struct sk_buff *skb;
213 struct mgmt_hdr *hdr;
214 struct mgmt_ev_cmd_status *ev;
56b7d137 215 int err;
f7b64e69 216
34eb525c 217 BT_DBG("sock %p, index %u, cmd %u, status %u", sk, index, cmd, status);
f7b64e69 218
790eff44 219 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev), GFP_KERNEL);
f7b64e69
JH		 220 if (!skb)
221 return -ENOMEM;
222
223 hdr = (void *) skb_put(skb, sizeof(*hdr));
224
612dfce9 225 hdr->opcode = __constant_cpu_to_le16(MGMT_EV_CMD_STATUS);
4e51eae9 226 hdr->index = cpu_to_le16(index);
f7b64e69
JH		 227 hdr->len = cpu_to_le16(sizeof(*ev));
228
229 ev = (void *) skb_put(skb, sizeof(*ev));
230 ev->status = status;
eb55ef07 231 ev->opcode = cpu_to_le16(cmd);
f7b64e69 232
56b7d137
GP		 233 err = sock_queue_rcv_skb(sk, skb);
234 if (err < 0)
f7b64e69
JH		 235 kfree_skb(skb);
236
56b7d137 237 return err;
f7b64e69
JH		 238}
239
aee9b218 240static int cmd_complete(struct sock *sk, u16 index, u16 cmd, u8 status,
04124681 241 void *rp, size_t rp_len)
02d98129
JH		 242{
243 struct sk_buff *skb;
244 struct mgmt_hdr *hdr;
245 struct mgmt_ev_cmd_complete *ev;
56b7d137 246 int err;
02d98129
JH		 247
248 BT_DBG("sock %p", sk);
249
790eff44 250 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev) + rp_len, GFP_KERNEL);
02d98129
JH		 251 if (!skb)
252 return -ENOMEM;
253
254 hdr = (void *) skb_put(skb, sizeof(*hdr));
02d98129 255
612dfce9 256 hdr->opcode = __constant_cpu_to_le16(MGMT_EV_CMD_COMPLETE);
4e51eae9 257 hdr->index = cpu_to_le16(index);
a38528f1 258 hdr->len = cpu_to_le16(sizeof(*ev) + rp_len);
02d98129 259
a38528f1 260 ev = (void *) skb_put(skb, sizeof(*ev) + rp_len);
eb55ef07 261 ev->opcode = cpu_to_le16(cmd);
aee9b218 262 ev->status = status;
8020c16a
SJ		 263
264 if (rp)
265 memcpy(ev->data, rp, rp_len);
02d98129 266
56b7d137
GP		 267 err = sock_queue_rcv_skb(sk, skb);
268 if (err < 0)
02d98129
JH		 269 kfree_skb(skb);
270
e5f0e151 271 return err;
02d98129
JH		 272}
273
04124681
GP		 274static int read_version(struct sock *sk, struct hci_dev *hdev, void *data,
275 u16 data_len)
a38528f1
JH		 276{
277 struct mgmt_rp_read_version rp;
278
279 BT_DBG("sock %p", sk);
280
281 rp.version = MGMT_VERSION;
eb55ef07 282 rp.revision = __constant_cpu_to_le16(MGMT_REVISION);
a38528f1 283
aee9b218 284 return cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_VERSION, 0, &rp,
04124681 285 sizeof(rp));
a38528f1
JH		 286}
287
04124681
GP		 288static int read_commands(struct sock *sk, struct hci_dev *hdev, void *data,
289 u16 data_len)
e70bb2e8
JH		 290{
291 struct mgmt_rp_read_commands *rp;
eb55ef07
MH		 292 const u16 num_commands = ARRAY_SIZE(mgmt_commands);
293 const u16 num_events = ARRAY_SIZE(mgmt_events);
2e3c35ea 294 __le16 *opcode;
e70bb2e8
JH		 295 size_t rp_size;
296 int i, err;
297
298 BT_DBG("sock %p", sk);
299
300 rp_size = sizeof(*rp) + ((num_commands + num_events) * sizeof(u16));
301
302 rp = kmalloc(rp_size, GFP_KERNEL);
303 if (!rp)
304 return -ENOMEM;
305
eb55ef07
MH		 306 rp->num_commands = __constant_cpu_to_le16(num_commands);
307 rp->num_events = __constant_cpu_to_le16(num_events);
e70bb2e8
JH		 308
309 for (i = 0, opcode = rp->opcodes; i < num_commands; i++, opcode++)
310 put_unaligned_le16(mgmt_commands[i], opcode);
311
312 for (i = 0; i < num_events; i++, opcode++)
313 put_unaligned_le16(mgmt_events[i], opcode);
314
aee9b218 315 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_COMMANDS, 0, rp,
04124681 316 rp_size);
e70bb2e8
JH		 317 kfree(rp);
318
319 return err;
320}
321
04124681
GP		 322static int read_index_list(struct sock *sk, struct hci_dev *hdev, void *data,
323 u16 data_len)
faba42eb 324{
faba42eb 325 struct mgmt_rp_read_index_list *rp;
8035ded4 326 struct hci_dev *d;
a38528f1 327 size_t rp_len;
faba42eb 328 u16 count;
476e44cb 329 int err;
faba42eb
JH		 330
331 BT_DBG("sock %p", sk);
332
333 read_lock(&hci_dev_list_lock);
334
335 count = 0;
bb4b2a9a
AE		 336 list_for_each_entry(d, &hci_dev_list, list) {
337 if (!mgmt_valid_hdev(d))
338 continue;
339
faba42eb
JH		 340 count++;
341 }
342
a38528f1
JH		 343 rp_len = sizeof(*rp) + (2 * count);
344 rp = kmalloc(rp_len, GFP_ATOMIC);
345 if (!rp) {
b2c60d42 346 read_unlock(&hci_dev_list_lock);
faba42eb 347 return -ENOMEM;
b2c60d42 348 }
faba42eb 349
476e44cb 350 count = 0;
8035ded4 351 list_for_each_entry(d, &hci_dev_list, list) {
a8b2d5c2 352 if (test_bit(HCI_SETUP, &d->dev_flags))
ab81cbf9
JH		 353 continue;
354
bb4b2a9a
AE		 355 if (!mgmt_valid_hdev(d))
356 continue;
357
476e44cb 358 rp->index[count++] = cpu_to_le16(d->id);
faba42eb
JH		 359 BT_DBG("Added hci%u", d->id);
360 }
361
476e44cb
JH		 362 rp->num_controllers = cpu_to_le16(count);
363 rp_len = sizeof(*rp) + (2 * count);
364
faba42eb
JH		 365 read_unlock(&hci_dev_list_lock);
366
aee9b218 367 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_INDEX_LIST, 0, rp,
04124681 368 rp_len);
faba42eb 369
a38528f1
JH		 370 kfree(rp);
371
372 return err;
faba42eb
JH		 373}
374
69ab39ea
JH		 375static u32 get_supported_settings(struct hci_dev *hdev)
376{
377 u32 settings = 0;
378
379 settings |= MGMT_SETTING_POWERED;
69ab39ea
JH		 380 settings |= MGMT_SETTING_PAIRABLE;
381
9a1a1996 382 if (lmp_ssp_capable(hdev))
69ab39ea
JH		 383 settings |= MGMT_SETTING_SSP;
384
ed3fa31f 385 if (lmp_bredr_capable(hdev)) {
33c525c0
JH		 386 settings |= MGMT_SETTING_CONNECTABLE;
387 settings |= MGMT_SETTING_FAST_CONNECTABLE;
388 settings |= MGMT_SETTING_DISCOVERABLE;
69ab39ea
JH		 389 settings |= MGMT_SETTING_BREDR;
390 settings |= MGMT_SETTING_LINK_SECURITY;
391 }
392
d7b7e796
MH		 393 if (enable_hs)
394 settings |= MGMT_SETTING_HS;
395
c383ddc4 396 if (lmp_le_capable(hdev))
9d42820f 397 settings |= MGMT_SETTING_LE;
69ab39ea
JH		 398
399 return settings;
400}
401
402static u32 get_current_settings(struct hci_dev *hdev)
403{
404 u32 settings = 0;
405
f1f0eb02 406 if (hdev_is_powered(hdev))
f0d4b78a
MH		 407 settings |= MGMT_SETTING_POWERED;
408
5e5282bb 409 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
69ab39ea
JH		 410 settings |= MGMT_SETTING_CONNECTABLE;
411
5e5282bb 412 if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
69ab39ea
JH		 413 settings |= MGMT_SETTING_DISCOVERABLE;
414
a8b2d5c2 415 if (test_bit(HCI_PAIRABLE, &hdev->dev_flags))
69ab39ea
JH		 416 settings |= MGMT_SETTING_PAIRABLE;
417
ed3fa31f 418 if (lmp_bredr_capable(hdev))
69ab39ea
JH		 419 settings |= MGMT_SETTING_BREDR;
420
06199cf8 421 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
69ab39ea
JH		 422 settings |= MGMT_SETTING_LE;
423
47990ea0 424 if (test_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
69ab39ea
JH		 425 settings |= MGMT_SETTING_LINK_SECURITY;
426
84bde9d6 427 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
69ab39ea
JH		 428 settings |= MGMT_SETTING_SSP;
429
6d80dfd0
JH		 430 if (test_bit(HCI_HS_ENABLED, &hdev->dev_flags))
431 settings |= MGMT_SETTING_HS;
432
69ab39ea
JH		 433 return settings;
434}
435
ef580372
JH		 436#define PNP_INFO_SVCLASS_ID 0x1200
437
213202ed
JH		 438static u8 *create_uuid16_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
439{
440 u8 *ptr = data, *uuids_start = NULL;
441 struct bt_uuid *uuid;
442
443 if (len < 4)
444 return ptr;
445
446 list_for_each_entry(uuid, &hdev->uuids, list) {
447 u16 uuid16;
448
449 if (uuid->size != 16)
450 continue;
451
452 uuid16 = get_unaligned_le16(&uuid->uuid[12]);
453 if (uuid16 < 0x1100)
454 continue;
455
456 if (uuid16 == PNP_INFO_SVCLASS_ID)
457 continue;
458
459 if (!uuids_start) {
460 uuids_start = ptr;
461 uuids_start[0] = 1;
462 uuids_start[1] = EIR_UUID16_ALL;
463 ptr += 2;
464 }
465
466 /* Stop if not enough space to put next UUID */
467 if ((ptr - data) + sizeof(u16) > len) {
468 uuids_start[1] = EIR_UUID16_SOME;
469 break;
470 }
471
472 *ptr++ = (uuid16 & 0x00ff);
473 *ptr++ = (uuid16 & 0xff00) >> 8;
474 uuids_start[0] += sizeof(uuid16);
475 }
476
477 return ptr;
478}
479
cdf1963f
JH		 480static u8 *create_uuid32_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
481{
482 u8 *ptr = data, *uuids_start = NULL;
483 struct bt_uuid *uuid;
484
485 if (len < 6)
486 return ptr;
487
488 list_for_each_entry(uuid, &hdev->uuids, list) {
489 if (uuid->size != 32)
490 continue;
491
492 if (!uuids_start) {
493 uuids_start = ptr;
494 uuids_start[0] = 1;
495 uuids_start[1] = EIR_UUID32_ALL;
496 ptr += 2;
497 }
498
499 /* Stop if not enough space to put next UUID */
500 if ((ptr - data) + sizeof(u32) > len) {
501 uuids_start[1] = EIR_UUID32_SOME;
502 break;
503 }
504
505 memcpy(ptr, &uuid->uuid[12], sizeof(u32));
506 ptr += sizeof(u32);
507 uuids_start[0] += sizeof(u32);
508 }
509
510 return ptr;
511}
512
c00d575b
JH		 513static u8 *create_uuid128_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
514{
515 u8 *ptr = data, *uuids_start = NULL;
516 struct bt_uuid *uuid;
517
518 if (len < 18)
519 return ptr;
520
521 list_for_each_entry(uuid, &hdev->uuids, list) {
522 if (uuid->size != 128)
523 continue;
524
525 if (!uuids_start) {
526 uuids_start = ptr;
527 uuids_start[0] = 1;
528 uuids_start[1] = EIR_UUID128_ALL;
529 ptr += 2;
530 }
531
532 /* Stop if not enough space to put next UUID */
533 if ((ptr - data) + 16 > len) {
534 uuids_start[1] = EIR_UUID128_SOME;
535 break;
536 }
537
538 memcpy(ptr, uuid->uuid, 16);
539 ptr += 16;
540 uuids_start[0] += 16;
541 }
542
543 return ptr;
544}
545
ef580372
JH		 546static void create_eir(struct hci_dev *hdev, u8 *data)
547{
548 u8 *ptr = data;
ef580372
JH		 549 size_t name_len;
550
551 name_len = strlen(hdev->dev_name);
552
553 if (name_len > 0) {
554 /* EIR Data type */
555 if (name_len > 48) {
556 name_len = 48;
557 ptr[1] = EIR_NAME_SHORT;
558 } else
559 ptr[1] = EIR_NAME_COMPLETE;
560
561 /* EIR Data length */
562 ptr[0] = name_len + 1;
563
564 memcpy(ptr + 2, hdev->dev_name, name_len);
565
ef580372
JH		 566 ptr += (name_len + 2);
567 }
568
bbaf444a 569 if (hdev->inq_tx_power != HCI_TX_POWER_INVALID) {
91c4e9b1
MH		 570 ptr[0] = 2;
571 ptr[1] = EIR_TX_POWER;
572 ptr[2] = (u8) hdev->inq_tx_power;
573
91c4e9b1
MH		 574 ptr += 3;
575 }
576
2b9be137
MH		 577 if (hdev->devid_source > 0) {
578 ptr[0] = 9;
579 ptr[1] = EIR_DEVICE_ID;
580
581 put_unaligned_le16(hdev->devid_source, ptr + 2);
582 put_unaligned_le16(hdev->devid_vendor, ptr + 4);
583 put_unaligned_le16(hdev->devid_product, ptr + 6);
584 put_unaligned_le16(hdev->devid_version, ptr + 8);
585
2b9be137
MH		 586 ptr += 10;
587 }
588
213202ed 589 ptr = create_uuid16_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
cdf1963f 590 ptr = create_uuid32_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
c00d575b 591 ptr = create_uuid128_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
ef580372
JH		 592}
593
594static int update_eir(struct hci_dev *hdev)
595{
596 struct hci_cp_write_eir cp;
597
504c8dcd 598 if (!hdev_is_powered(hdev))
7770c4aa
JH		 599 return 0;
600
976eb20e 601 if (!lmp_ext_inq_capable(hdev))
ef580372
JH		 602 return 0;
603
84bde9d6 604 if (!test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
ef580372
JH		 605 return 0;
606
a8b2d5c2 607 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
ef580372
JH		 608 return 0;
609
610 memset(&cp, 0, sizeof(cp));
611
612 create_eir(hdev, cp.data);
613
614 if (memcmp(cp.data, hdev->eir, sizeof(cp.data)) == 0)
615 return 0;
616
617 memcpy(hdev->eir, cp.data, sizeof(cp.data));
618
619 return hci_send_cmd(hdev, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
620}
621
622static u8 get_service_classes(struct hci_dev *hdev)
623{
624 struct bt_uuid *uuid;
625 u8 val = 0;
626
627 list_for_each_entry(uuid, &hdev->uuids, list)
628 val |= uuid->svc_hint;
629
630 return val;
631}
632
633static int update_class(struct hci_dev *hdev)
634{
635 u8 cod[3];
c95f0ba7 636 int err;
ef580372
JH		 637
638 BT_DBG("%s", hdev->name);
639
504c8dcd 640 if (!hdev_is_powered(hdev))
7770c4aa
JH		 641 return 0;
642
a8b2d5c2 643 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
ef580372
JH		 644 return 0;
645
646 cod[0] = hdev->minor_class;
647 cod[1] = hdev->major_class;
648 cod[2] = get_service_classes(hdev);
649
650 if (memcmp(cod, hdev->dev_class, 3) == 0)
651 return 0;
652
c95f0ba7
JH		 653 err = hci_send_cmd(hdev, HCI_OP_WRITE_CLASS_OF_DEV, sizeof(cod), cod);
654 if (err == 0)
655 set_bit(HCI_PENDING_CLASS, &hdev->dev_flags);
656
657 return err;
ef580372
JH		 658}
659
7d78525d
JH		 660static void service_cache_off(struct work_struct *work)
661{
662 struct hci_dev *hdev = container_of(work, struct hci_dev,
04124681 663 service_cache.work);
7d78525d 664
a8b2d5c2 665 if (!test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
7d78525d
JH		 666 return;
667
668 hci_dev_lock(hdev);
669
670 update_eir(hdev);
671 update_class(hdev);
672
673 hci_dev_unlock(hdev);
674}
675
6a919082 676static void mgmt_init_hdev(struct sock *sk, struct hci_dev *hdev)
7d78525d 677{
4f87da80 678 if (test_and_set_bit(HCI_MGMT, &hdev->dev_flags))
6a919082
JH		 679 return;
680
4f87da80 681 INIT_DELAYED_WORK(&hdev->service_cache, service_cache_off);
7d78525d 682
4f87da80
JH		 683 /* Non-mgmt controlled devices get this bit set
684 * implicitly so that pairing works for them, however
685 * for mgmt we require user-space to explicitly enable
686 * it
687 */
688 clear_bit(HCI_PAIRABLE, &hdev->dev_flags);
7d78525d
JH		 689}
690
0f4e68cf 691static int read_controller_info(struct sock *sk, struct hci_dev *hdev,
04124681 692 void *data, u16 data_len)
0381101f 693{
a38528f1 694 struct mgmt_rp_read_info rp;
f7b64e69 695
bdb6d971 696 BT_DBG("sock %p %s", sk, hdev->name);
f7b64e69 697
09fd0de5 698 hci_dev_lock(hdev);
f7b64e69 699
dc4fe30b
JH		 700 memset(&rp, 0, sizeof(rp));
701
69ab39ea 702 bacpy(&rp.bdaddr, &hdev->bdaddr);
f7b64e69 703
69ab39ea 704 rp.version = hdev->hci_ver;
eb55ef07 705 rp.manufacturer = cpu_to_le16(hdev->manufacturer);
69ab39ea
JH		 706
707 rp.supported_settings = cpu_to_le32(get_supported_settings(hdev));
708 rp.current_settings = cpu_to_le32(get_current_settings(hdev));
f7b64e69 709
a38528f1 710 memcpy(rp.dev_class, hdev->dev_class, 3);
f7b64e69 711
dc4fe30b 712 memcpy(rp.name, hdev->dev_name, sizeof(hdev->dev_name));
27fcc362 713 memcpy(rp.short_name, hdev->short_name, sizeof(hdev->short_name));
dc4fe30b 714
09fd0de5 715 hci_dev_unlock(hdev);
0381101f 716
bdb6d971 717 return cmd_complete(sk, hdev->id, MGMT_OP_READ_INFO, 0, &rp,
04124681 718 sizeof(rp));
0381101f
JH		 719}
720
eec8d2bc
JH		 721static void mgmt_pending_free(struct pending_cmd *cmd)
722{
723 sock_put(cmd->sk);
c68fb7ff 724 kfree(cmd->param);
eec8d2bc
JH		 725 kfree(cmd);
726}
727
366a0336 728static struct pending_cmd *mgmt_pending_add(struct sock *sk, u16 opcode,
04124681
GP		 729 struct hci_dev *hdev, void *data,
730 u16 len)
eec8d2bc
JH		 731{
732 struct pending_cmd *cmd;
733
12b94565 734 cmd = kmalloc(sizeof(*cmd), GFP_KERNEL);
eec8d2bc 735 if (!cmd)
366a0336 736 return NULL;
eec8d2bc
JH		 737
738 cmd->opcode = opcode;
2e58ef3e 739 cmd->index = hdev->id;
eec8d2bc 740
12b94565 741 cmd->param = kmalloc(len, GFP_KERNEL);
c68fb7ff 742 if (!cmd->param) {
eec8d2bc 743 kfree(cmd);
366a0336 744 return NULL;
eec8d2bc
JH		 745 }
746
8fce6357
SJ		 747 if (data)
748 memcpy(cmd->param, data, len);
eec8d2bc
JH		 749
750 cmd->sk = sk;
751 sock_hold(sk);
752
2e58ef3e 753 list_add(&cmd->list, &hdev->mgmt_pending);
eec8d2bc 754
366a0336 755 return cmd;
eec8d2bc
JH		 756}
757
744cf19e 758static void mgmt_pending_foreach(u16 opcode, struct hci_dev *hdev,
8fc9ced3
GP		 759 void (*cb)(struct pending_cmd *cmd,
760 void *data),
04124681 761 void *data)
eec8d2bc 762{
a3d09356 763 struct pending_cmd *cmd, *tmp;
eec8d2bc 764
a3d09356 765 list_for_each_entry_safe(cmd, tmp, &hdev->mgmt_pending, list) {
b24752fe 766 if (opcode > 0 && cmd->opcode != opcode)
eec8d2bc
JH		 767 continue;
768
eec8d2bc
JH		 769 cb(cmd, data);
770 }
771}
772
2e58ef3e 773static struct pending_cmd *mgmt_pending_find(u16 opcode, struct hci_dev *hdev)
eec8d2bc 774{
8035ded4 775 struct pending_cmd *cmd;
eec8d2bc 776
2e58ef3e 777 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
2aeabcbe
JH		 778 if (cmd->opcode == opcode)
779 return cmd;
eec8d2bc
JH		 780 }
781
782 return NULL;
783}
784
a664b5bc 785static void mgmt_pending_remove(struct pending_cmd *cmd)
73f22f62 786{
73f22f62
JH		 787 list_del(&cmd->list);
788 mgmt_pending_free(cmd);
789}
790
69ab39ea 791static int send_settings_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
8680570b 792{
69ab39ea 793 __le32 settings = cpu_to_le32(get_current_settings(hdev));
8680570b 794
aee9b218 795 return cmd_complete(sk, hdev->id, opcode, 0, &settings,
04124681 796 sizeof(settings));
8680570b
JH		 797}
798
bdb6d971 799static int set_powered(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 800 u16 len)
eec8d2bc 801{
650f726d 802 struct mgmt_mode *cp = data;
366a0336 803 struct pending_cmd *cmd;
4b34ee78 804 int err;
eec8d2bc 805
bdb6d971 806 BT_DBG("request for %s", hdev->name);
eec8d2bc 807
a7e80f25
JH		 808 if (cp->val != 0x00 && cp->val != 0x01)
809 return cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
810 MGMT_STATUS_INVALID_PARAMS);
811
09fd0de5 812 hci_dev_lock(hdev);
eec8d2bc 813
f0d4b78a
MH		 814 if (test_and_clear_bit(HCI_AUTO_OFF, &hdev->dev_flags)) {
815 cancel_delayed_work(&hdev->power_off);
816
817 if (cp->val) {
a1d70450
JH		 818 mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev,
819 data, len);
820 err = mgmt_powered(hdev, 1);
f0d4b78a
MH		 821 goto failed;
822 }
823 }
824
4b34ee78 825 if (!!cp->val == hdev_is_powered(hdev)) {
69ab39ea 826 err = send_settings_rsp(sk, MGMT_OP_SET_POWERED, hdev);
eec8d2bc
JH		 827 goto failed;
828 }
829
2e58ef3e 830 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev)) {
bdb6d971 831 err = cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
04124681 832 MGMT_STATUS_BUSY);
eec8d2bc
JH		 833 goto failed;
834 }
835
2e58ef3e 836 cmd = mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev, data, len);
366a0336
JH		 837 if (!cmd) {
838 err = -ENOMEM;
eec8d2bc 839 goto failed;
366a0336 840 }
eec8d2bc 841
72a734ec 842 if (cp->val)
19202573 843 queue_work(hdev->req_workqueue, &hdev->power_on);
eec8d2bc 844 else
19202573 845 queue_work(hdev->req_workqueue, &hdev->power_off.work);
eec8d2bc 846
366a0336 847 err = 0;
eec8d2bc
JH		 848
849failed:
09fd0de5 850 hci_dev_unlock(hdev);
366a0336 851 return err;
eec8d2bc
JH		 852}
853
04124681
GP		 854static int mgmt_event(u16 event, struct hci_dev *hdev, void *data, u16 data_len,
855 struct sock *skip_sk)
beadb2bd
JH		 856{
857 struct sk_buff *skb;
858 struct mgmt_hdr *hdr;
859
790eff44 860 skb = alloc_skb(sizeof(*hdr) + data_len, GFP_KERNEL);
beadb2bd
JH		 861 if (!skb)
862 return -ENOMEM;
863
864 hdr = (void *) skb_put(skb, sizeof(*hdr));
865 hdr->opcode = cpu_to_le16(event);
866 if (hdev)
867 hdr->index = cpu_to_le16(hdev->id);
868 else
612dfce9 869 hdr->index = __constant_cpu_to_le16(MGMT_INDEX_NONE);
beadb2bd
JH		 870 hdr->len = cpu_to_le16(data_len);
871
872 if (data)
873 memcpy(skb_put(skb, data_len), data, data_len);
874
97e0bdeb
MH		 875 /* Time stamp */
876 __net_timestamp(skb);
877
beadb2bd
JH		 878 hci_send_to_control(skb, skip_sk);
879 kfree_skb(skb);
880
881 return 0;
882}
883
884static int new_settings(struct hci_dev *hdev, struct sock *skip)
885{
886 __le32 ev;
887
888 ev = cpu_to_le32(get_current_settings(hdev));
889
890 return mgmt_event(MGMT_EV_NEW_SETTINGS, hdev, &ev, sizeof(ev), skip);
891}
892
bdb6d971 893static int set_discoverable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 894 u16 len)
73f22f62 895{
650f726d 896 struct mgmt_cp_set_discoverable *cp = data;
366a0336 897 struct pending_cmd *cmd;
5e5282bb 898 u16 timeout;
73f22f62
JH		 899 u8 scan;
900 int err;
901
bdb6d971 902 BT_DBG("request for %s", hdev->name);
73f22f62 903
33c525c0
JH		 904 if (!lmp_bredr_capable(hdev))
905 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
906 MGMT_STATUS_NOT_SUPPORTED);
907
a7e80f25
JH		 908 if (cp->val != 0x00 && cp->val != 0x01)
909 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
910 MGMT_STATUS_INVALID_PARAMS);
911
1f350c87 912 timeout = __le16_to_cpu(cp->timeout);
24c54a90 913 if (!cp->val && timeout > 0)
bdb6d971 914 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 915 MGMT_STATUS_INVALID_PARAMS);
73f22f62 916
09fd0de5 917 hci_dev_lock(hdev);
73f22f62 918
5e5282bb 919 if (!hdev_is_powered(hdev) && timeout > 0) {
bdb6d971 920 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 921 MGMT_STATUS_NOT_POWERED);
73f22f62
JH		 922 goto failed;
923 }
924
2e58ef3e 925 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
8ce8e2b5 926 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
bdb6d971 927 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 928 MGMT_STATUS_BUSY);
73f22f62
JH		 929 goto failed;
930 }
931
5e5282bb 932 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags)) {
bdb6d971 933 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 934 MGMT_STATUS_REJECTED);
5e5282bb
JH		 935 goto failed;
936 }
937
938 if (!hdev_is_powered(hdev)) {
0224d2fa
JH		 939 bool changed = false;
940
941 if (!!cp->val != test_bit(HCI_DISCOVERABLE, &hdev->dev_flags)) {
942 change_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
943 changed = true;
944 }
945
5e5282bb 946 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
0224d2fa
JH		 947 if (err < 0)
948 goto failed;
949
950 if (changed)
951 err = new_settings(hdev, sk);
952
5e5282bb
JH		 953 goto failed;
954 }
955
956 if (!!cp->val == test_bit(HCI_DISCOVERABLE, &hdev->dev_flags)) {
955638ec
MH		 957 if (hdev->discov_timeout > 0) {
958 cancel_delayed_work(&hdev->discov_off);
959 hdev->discov_timeout = 0;
960 }
961
962 if (cp->val && timeout > 0) {
963 hdev->discov_timeout = timeout;
964 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
965 msecs_to_jiffies(hdev->discov_timeout * 1000));
966 }
967
69ab39ea 968 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
73f22f62
JH		 969 goto failed;
970 }
971
2e58ef3e 972 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DISCOVERABLE, hdev, data, len);
366a0336
JH		 973 if (!cmd) {
974 err = -ENOMEM;
73f22f62 975 goto failed;
366a0336 976 }
73f22f62
JH		 977
978 scan = SCAN_PAGE;
979
72a734ec 980 if (cp->val)
73f22f62 981 scan |= SCAN_INQUIRY;
16ab91ab 982 else
e0f9309f 983 cancel_delayed_work(&hdev->discov_off);
73f22f62
JH		 984
985 err = hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
986 if (err < 0)
a664b5bc 987 mgmt_pending_remove(cmd);
73f22f62 988
16ab91ab 989 if (cp->val)
5e5282bb 990 hdev->discov_timeout = timeout;
16ab91ab 991
73f22f62 992failed:
09fd0de5 993 hci_dev_unlock(hdev);
73f22f62
JH		 994 return err;
995}
996
bdb6d971 997static int set_connectable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 998 u16 len)
9fbcbb45 999{
650f726d 1000 struct mgmt_mode *cp = data;
366a0336 1001 struct pending_cmd *cmd;
9fbcbb45
JH		 1002 u8 scan;
1003 int err;
1004
bdb6d971 1005 BT_DBG("request for %s", hdev->name);
9fbcbb45 1006
33c525c0
JH		 1007 if (!lmp_bredr_capable(hdev))
1008 return cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1009 MGMT_STATUS_NOT_SUPPORTED);
1010
a7e80f25
JH		 1011 if (cp->val != 0x00 && cp->val != 0x01)
1012 return cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1013 MGMT_STATUS_INVALID_PARAMS);
1014
09fd0de5 1015 hci_dev_lock(hdev);
9fbcbb45 1016
4b34ee78 1017 if (!hdev_is_powered(hdev)) {
0224d2fa
JH		 1018 bool changed = false;
1019
1020 if (!!cp->val != test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
1021 changed = true;
1022
6bf0e469 1023 if (cp->val) {
5e5282bb 1024 set_bit(HCI_CONNECTABLE, &hdev->dev_flags);
6bf0e469 1025 } else {
5e5282bb
JH		 1026 clear_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1027 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
1028 }
0224d2fa 1029
5e5282bb 1030 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
0224d2fa
JH		 1031 if (err < 0)
1032 goto failed;
1033
1034 if (changed)
1035 err = new_settings(hdev, sk);
1036
9fbcbb45
JH		 1037 goto failed;
1038 }
1039
2e58ef3e 1040 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
8ce8e2b5 1041 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
bdb6d971 1042 err = cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
04124681 1043 MGMT_STATUS_BUSY);
9fbcbb45
JH		 1044 goto failed;
1045 }
1046
5e5282bb 1047 if (!!cp->val == test_bit(HCI_PSCAN, &hdev->flags)) {
69ab39ea 1048 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
9fbcbb45
JH		 1049 goto failed;
1050 }
1051
2e58ef3e 1052 cmd = mgmt_pending_add(sk, MGMT_OP_SET_CONNECTABLE, hdev, data, len);
366a0336
JH		 1053 if (!cmd) {
1054 err = -ENOMEM;
9fbcbb45 1055 goto failed;
366a0336 1056 }
9fbcbb45 1057
6bf0e469 1058 if (cp->val) {
9fbcbb45 1059 scan = SCAN_PAGE;
6bf0e469 1060 } else {
9fbcbb45
JH		 1061 scan = 0;
1062
df2c6c5e 1063 if (test_bit(HCI_ISCAN, &hdev->flags) &&
8ce8e2b5 1064 hdev->discov_timeout > 0)
df2c6c5e
JH		 1065 cancel_delayed_work(&hdev->discov_off);
1066 }
1067
9fbcbb45
JH		 1068 err = hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1069 if (err < 0)
a664b5bc 1070 mgmt_pending_remove(cmd);
9fbcbb45
JH		 1071
1072failed:
09fd0de5 1073 hci_dev_unlock(hdev);
9fbcbb45
JH		 1074 return err;
1075}
1076
bdb6d971 1077static int set_pairable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1078 u16 len)
c542a06c 1079{
650f726d 1080 struct mgmt_mode *cp = data;
c542a06c
JH		 1081 int err;
1082
bdb6d971 1083 BT_DBG("request for %s", hdev->name);
c542a06c 1084
a7e80f25
JH		 1085 if (cp->val != 0x00 && cp->val != 0x01)
1086 return cmd_status(sk, hdev->id, MGMT_OP_SET_PAIRABLE,
1087 MGMT_STATUS_INVALID_PARAMS);
1088
09fd0de5 1089 hci_dev_lock(hdev);
c542a06c
JH		 1090
1091 if (cp->val)
a8b2d5c2 1092 set_bit(HCI_PAIRABLE, &hdev->dev_flags);
c542a06c 1093 else
a8b2d5c2 1094 clear_bit(HCI_PAIRABLE, &hdev->dev_flags);
c542a06c 1095
69ab39ea 1096 err = send_settings_rsp(sk, MGMT_OP_SET_PAIRABLE, hdev);
c542a06c
JH		 1097 if (err < 0)
1098 goto failed;
1099
beadb2bd 1100 err = new_settings(hdev, sk);
c542a06c
JH		 1101
1102failed:
09fd0de5 1103 hci_dev_unlock(hdev);
c542a06c
JH		 1104 return err;
1105}
1106
04124681
GP		 1107static int set_link_security(struct sock *sk, struct hci_dev *hdev, void *data,
1108 u16 len)
33ef95ed
JH		 1109{
1110 struct mgmt_mode *cp = data;
1111 struct pending_cmd *cmd;
816a11d5 1112 u8 val;
33ef95ed
JH		 1113 int err;
1114
bdb6d971 1115 BT_DBG("request for %s", hdev->name);
33ef95ed 1116
33c525c0
JH		 1117 if (!lmp_bredr_capable(hdev))
1118 return cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1119 MGMT_STATUS_NOT_SUPPORTED);
1120
a7e80f25
JH		 1121 if (cp->val != 0x00 && cp->val != 0x01)
1122 return cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1123 MGMT_STATUS_INVALID_PARAMS);
1124
33ef95ed
JH		 1125 hci_dev_lock(hdev);
1126
4b34ee78 1127 if (!hdev_is_powered(hdev)) {
47990ea0
JH		 1128 bool changed = false;
1129
1130 if (!!cp->val != test_bit(HCI_LINK_SECURITY,
8ce8e2b5 1131 &hdev->dev_flags)) {
47990ea0
JH		 1132 change_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
1133 changed = true;
1134 }
1135
1136 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1137 if (err < 0)
1138 goto failed;
1139
1140 if (changed)
1141 err = new_settings(hdev, sk);
1142
33ef95ed
JH		 1143 goto failed;
1144 }
1145
1146 if (mgmt_pending_find(MGMT_OP_SET_LINK_SECURITY, hdev)) {
bdb6d971 1147 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
04124681 1148 MGMT_STATUS_BUSY);
33ef95ed
JH		 1149 goto failed;
1150 }
1151
1152 val = !!cp->val;
1153
1154 if (test_bit(HCI_AUTH, &hdev->flags) == val) {
1155 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1156 goto failed;
1157 }
1158
1159 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LINK_SECURITY, hdev, data, len);
1160 if (!cmd) {
1161 err = -ENOMEM;
1162 goto failed;
1163 }
1164
1165 err = hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE, sizeof(val), &val);
1166 if (err < 0) {
1167 mgmt_pending_remove(cmd);
1168 goto failed;
1169 }
1170
1171failed:
1172 hci_dev_unlock(hdev);
33ef95ed
JH		 1173 return err;
1174}
1175
bdb6d971 1176static int set_ssp(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
ed2c4ee3
JH		 1177{
1178 struct mgmt_mode *cp = data;
1179 struct pending_cmd *cmd;
816a11d5 1180 u8 val;
ed2c4ee3
JH		 1181 int err;
1182
bdb6d971 1183 BT_DBG("request for %s", hdev->name);
ed2c4ee3 1184
13ecd8b6
JH		 1185 if (!lmp_ssp_capable(hdev))
1186 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1187 MGMT_STATUS_NOT_SUPPORTED);
ed2c4ee3 1188
a7e80f25
JH		 1189 if (cp->val != 0x00 && cp->val != 0x01)
1190 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1191 MGMT_STATUS_INVALID_PARAMS);
1192
13ecd8b6 1193 hci_dev_lock(hdev);
6c8f12c1 1194
c0ecddc2
JH		 1195 val = !!cp->val;
1196
4b34ee78 1197 if (!hdev_is_powered(hdev)) {
c0ecddc2
JH		 1198 bool changed = false;
1199
1200 if (val != test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) {
1201 change_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
1202 changed = true;
1203 }
1204
1205 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1206 if (err < 0)
1207 goto failed;
1208
1209 if (changed)
1210 err = new_settings(hdev, sk);
1211
ed2c4ee3
JH		 1212 goto failed;
1213 }
1214
1215 if (mgmt_pending_find(MGMT_OP_SET_SSP, hdev)) {
d97dcb66
SJ		 1216 err = cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1217 MGMT_STATUS_BUSY);
ed2c4ee3
JH		 1218 goto failed;
1219 }
1220
ed2c4ee3
JH		 1221 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags) == val) {
1222 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1223 goto failed;
1224 }
1225
1226 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SSP, hdev, data, len);
1227 if (!cmd) {
1228 err = -ENOMEM;
1229 goto failed;
1230 }
1231
1232 err = hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, sizeof(val), &val);
1233 if (err < 0) {
1234 mgmt_pending_remove(cmd);
1235 goto failed;
1236 }
1237
1238failed:
1239 hci_dev_unlock(hdev);
ed2c4ee3
JH		 1240 return err;
1241}
1242
bdb6d971 1243static int set_hs(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
6d80dfd0
JH		 1244{
1245 struct mgmt_mode *cp = data;
6d80dfd0 1246
bdb6d971 1247 BT_DBG("request for %s", hdev->name);
6d80dfd0 1248
bdb6d971
JH		 1249 if (!enable_hs)
1250 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
04124681 1251 MGMT_STATUS_NOT_SUPPORTED);
6d80dfd0 1252
a7e80f25
JH		 1253 if (cp->val != 0x00 && cp->val != 0x01)
1254 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1255 MGMT_STATUS_INVALID_PARAMS);
1256
6d80dfd0
JH		 1257 if (cp->val)
1258 set_bit(HCI_HS_ENABLED, &hdev->dev_flags);
1259 else
1260 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
1261
bdb6d971 1262 return send_settings_rsp(sk, MGMT_OP_SET_HS, hdev);
6d80dfd0
JH		 1263}
1264
bdb6d971 1265static int set_le(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
06199cf8
JH		 1266{
1267 struct mgmt_mode *cp = data;
1268 struct hci_cp_write_le_host_supported hci_cp;
1269 struct pending_cmd *cmd;
06199cf8 1270 int err;
0b60eba1 1271 u8 val, enabled;
06199cf8 1272
bdb6d971 1273 BT_DBG("request for %s", hdev->name);
06199cf8 1274
13ecd8b6
JH		 1275 if (!lmp_le_capable(hdev))
1276 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1277 MGMT_STATUS_NOT_SUPPORTED);
1de028ce 1278
a7e80f25
JH		 1279 if (cp->val != 0x00 && cp->val != 0x01)
1280 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1281 MGMT_STATUS_INVALID_PARAMS);
1282
13ecd8b6 1283 hci_dev_lock(hdev);
06199cf8
JH		 1284
1285 val = !!cp->val;
ffa88e02 1286 enabled = lmp_host_le_capable(hdev);
06199cf8 1287
0b60eba1 1288 if (!hdev_is_powered(hdev) || val == enabled) {
06199cf8
JH		 1289 bool changed = false;
1290
1291 if (val != test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
1292 change_bit(HCI_LE_ENABLED, &hdev->dev_flags);
1293 changed = true;
1294 }
1295
1296 err = send_settings_rsp(sk, MGMT_OP_SET_LE, hdev);
1297 if (err < 0)
1de028ce 1298 goto unlock;
06199cf8
JH		 1299
1300 if (changed)
1301 err = new_settings(hdev, sk);
1302
1de028ce 1303 goto unlock;
06199cf8
JH		 1304 }
1305
1306 if (mgmt_pending_find(MGMT_OP_SET_LE, hdev)) {
bdb6d971 1307 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
04124681 1308 MGMT_STATUS_BUSY);
1de028ce 1309 goto unlock;
06199cf8
JH		 1310 }
1311
1312 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LE, hdev, data, len);
1313 if (!cmd) {
1314 err = -ENOMEM;
1de028ce 1315 goto unlock;
06199cf8
JH		 1316 }
1317
1318 memset(&hci_cp, 0, sizeof(hci_cp));
1319
1320 if (val) {
1321 hci_cp.le = val;
ffa88e02 1322 hci_cp.simul = lmp_le_br_capable(hdev);
06199cf8
JH		 1323 }
1324
04124681
GP		 1325 err = hci_send_cmd(hdev, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(hci_cp),
1326 &hci_cp);
0c01bc48 1327 if (err < 0)
06199cf8 1328 mgmt_pending_remove(cmd);
06199cf8 1329
1de028ce
JH		 1330unlock:
1331 hci_dev_unlock(hdev);
06199cf8
JH		 1332 return err;
1333}
1334
83be8eca
JH		 1335static const u8 bluetooth_base_uuid[] = {
1336 0xfb, 0x34, 0x9b, 0x5f, 0x80, 0x00, 0x00, 0x80,
1337 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1338};
1339
1340static u8 get_uuid_size(const u8 *uuid)
1341{
1342 u32 val;
1343
1344 if (memcmp(uuid, bluetooth_base_uuid, 12))
1345 return 128;
1346
1347 val = get_unaligned_le32(&uuid[12]);
1348 if (val > 0xffff)
1349 return 32;
1350
1351 return 16;
1352}
1353
bdb6d971 1354static int add_uuid(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
2aeb9a1a 1355{
650f726d 1356 struct mgmt_cp_add_uuid *cp = data;
90e70454 1357 struct pending_cmd *cmd;
2aeb9a1a 1358 struct bt_uuid *uuid;
2aeb9a1a
JH		 1359 int err;
1360
bdb6d971 1361 BT_DBG("request for %s", hdev->name);
2aeb9a1a 1362
09fd0de5 1363 hci_dev_lock(hdev);
2aeb9a1a 1364
c95f0ba7 1365 if (test_bit(HCI_PENDING_CLASS, &hdev->dev_flags)) {
bdb6d971 1366 err = cmd_status(sk, hdev->id, MGMT_OP_ADD_UUID,
04124681 1367 MGMT_STATUS_BUSY);
c95f0ba7
JH		 1368 goto failed;
1369 }
1370
92c4c204 1371 uuid = kmalloc(sizeof(*uuid), GFP_KERNEL);
2aeb9a1a
JH		 1372 if (!uuid) {
1373 err = -ENOMEM;
1374 goto failed;
1375 }
1376
1377 memcpy(uuid->uuid, cp->uuid, 16);
1aff6f09 1378 uuid->svc_hint = cp->svc_hint;
83be8eca 1379 uuid->size = get_uuid_size(cp->uuid);
2aeb9a1a 1380
de66aa63 1381 list_add_tail(&uuid->list, &hdev->uuids);
2aeb9a1a 1382
1aff6f09
JH		 1383 err = update_class(hdev);
1384 if (err < 0)
1385 goto failed;
1386
80a1e1db
JH		 1387 err = update_eir(hdev);
1388 if (err < 0)
1389 goto failed;
1390
90e70454 1391 if (!test_bit(HCI_PENDING_CLASS, &hdev->dev_flags)) {
bdb6d971 1392 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_UUID, 0,
04124681 1393 hdev->dev_class, 3);
90e70454
JH		 1394 goto failed;
1395 }
1396
1397 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_UUID, hdev, data, len);
0c01bc48 1398 if (!cmd)
90e70454 1399 err = -ENOMEM;
2aeb9a1a
JH		 1400
1401failed:
09fd0de5 1402 hci_dev_unlock(hdev);
2aeb9a1a
JH		 1403 return err;
1404}
1405
24b78d0f
JH		 1406static bool enable_service_cache(struct hci_dev *hdev)
1407{
1408 if (!hdev_is_powered(hdev))
1409 return false;
1410
1411 if (!test_and_set_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
46818ed5
JH		 1412 queue_delayed_work(hdev->workqueue, &hdev->service_cache,
1413 CACHE_TIMEOUT);
24b78d0f
JH		 1414 return true;
1415 }
1416
1417 return false;
1418}
1419
bdb6d971 1420static int remove_uuid(struct sock *sk, struct hci_dev *hdev, void *data,
8ce8e2b5 1421 u16 len)
2aeb9a1a 1422{
650f726d 1423 struct mgmt_cp_remove_uuid *cp = data;
90e70454 1424 struct pending_cmd *cmd;
056341c8 1425 struct bt_uuid *match, *tmp;
2aeb9a1a 1426 u8 bt_uuid_any[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
2aeb9a1a
JH		 1427 int err, found;
1428
bdb6d971 1429 BT_DBG("request for %s", hdev->name);
2aeb9a1a 1430
09fd0de5 1431 hci_dev_lock(hdev);
2aeb9a1a 1432
c95f0ba7 1433 if (test_bit(HCI_PENDING_CLASS, &hdev->dev_flags)) {
bdb6d971 1434 err = cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
04124681 1435 MGMT_STATUS_BUSY);
c95f0ba7
JH		 1436 goto unlock;
1437 }
1438
2aeb9a1a
JH		 1439 if (memcmp(cp->uuid, bt_uuid_any, 16) == 0) {
1440 err = hci_uuids_clear(hdev);
4004b6d9 1441
24b78d0f 1442 if (enable_service_cache(hdev)) {
bdb6d971 1443 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID,
04124681 1444 0, hdev->dev_class, 3);
24b78d0f
JH		 1445 goto unlock;
1446 }
4004b6d9 1447
9246a869 1448 goto update_class;
2aeb9a1a
JH		 1449 }
1450
1451 found = 0;
1452
056341c8 1453 list_for_each_entry_safe(match, tmp, &hdev->uuids, list) {
2aeb9a1a
JH		 1454 if (memcmp(match->uuid, cp->uuid, 16) != 0)
1455 continue;
1456
1457 list_del(&match->list);
482049f7 1458 kfree(match);
2aeb9a1a
JH		 1459 found++;
1460 }
1461
1462 if (found == 0) {
bdb6d971 1463 err = cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
04124681 1464 MGMT_STATUS_INVALID_PARAMS);
2aeb9a1a
JH		 1465 goto unlock;
1466 }
1467
9246a869 1468update_class:
1aff6f09
JH		 1469 err = update_class(hdev);
1470 if (err < 0)
1471 goto unlock;
1472
80a1e1db
JH		 1473 err = update_eir(hdev);
1474 if (err < 0)
1475 goto unlock;
1476
90e70454 1477 if (!test_bit(HCI_PENDING_CLASS, &hdev->dev_flags)) {
bdb6d971 1478 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID, 0,
04124681 1479 hdev->dev_class, 3);
90e70454
JH		 1480 goto unlock;
1481 }
1482
1483 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_UUID, hdev, data, len);
0c01bc48 1484 if (!cmd)
90e70454 1485 err = -ENOMEM;
2aeb9a1a
JH		 1486
1487unlock:
09fd0de5 1488 hci_dev_unlock(hdev);
2aeb9a1a
JH		 1489 return err;
1490}
1491
bdb6d971 1492static int set_dev_class(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1493 u16 len)
1aff6f09 1494{
650f726d 1495 struct mgmt_cp_set_dev_class *cp = data;
90e70454 1496 struct pending_cmd *cmd;
1aff6f09
JH		 1497 int err;
1498
bdb6d971 1499 BT_DBG("request for %s", hdev->name);
1aff6f09 1500
13ecd8b6
JH		 1501 if (!lmp_bredr_capable(hdev))
1502 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
1503 MGMT_STATUS_NOT_SUPPORTED);
1aff6f09 1504
13ecd8b6
JH		 1505 if (test_bit(HCI_PENDING_CLASS, &hdev->dev_flags))
1506 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
1507 MGMT_STATUS_BUSY);
ee98f473 1508
13ecd8b6
JH		 1509 if ((cp->minor & 0x03) != 0 || (cp->major & 0xe0) != 0)
1510 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
1511 MGMT_STATUS_INVALID_PARAMS);
c95f0ba7 1512
13ecd8b6 1513 hci_dev_lock(hdev);
575b3a02 1514
932f5ff5
JH		 1515 hdev->major_class = cp->major;
1516 hdev->minor_class = cp->minor;
1517
b5235a65 1518 if (!hdev_is_powered(hdev)) {
bdb6d971 1519 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
04124681 1520 hdev->dev_class, 3);
b5235a65
JH		 1521 goto unlock;
1522 }
1523
a8b2d5c2 1524 if (test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
7d78525d
JH		 1525 hci_dev_unlock(hdev);
1526 cancel_delayed_work_sync(&hdev->service_cache);
1527 hci_dev_lock(hdev);
14c0b608 1528 update_eir(hdev);
7d78525d 1529 }
14c0b608 1530
1aff6f09 1531 err = update_class(hdev);
90e70454
JH		 1532 if (err < 0)
1533 goto unlock;
1aff6f09 1534
90e70454 1535 if (!test_bit(HCI_PENDING_CLASS, &hdev->dev_flags)) {
bdb6d971 1536 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
04124681 1537 hdev->dev_class, 3);
90e70454
JH		 1538 goto unlock;
1539 }
1540
1541 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DEV_CLASS, hdev, data, len);
0c01bc48 1542 if (!cmd)
90e70454 1543 err = -ENOMEM;
1aff6f09 1544
b5235a65 1545unlock:
09fd0de5 1546 hci_dev_unlock(hdev);
1aff6f09
JH		 1547 return err;
1548}
1549
bdb6d971 1550static int load_link_keys(struct sock *sk, struct hci_dev *hdev, void *data,
8ce8e2b5 1551 u16 len)
55ed8ca1 1552{
650f726d 1553 struct mgmt_cp_load_link_keys *cp = data;
4e51eae9 1554 u16 key_count, expected_len;
a492cd52 1555 int i;
55ed8ca1 1556
1f350c87 1557 key_count = __le16_to_cpu(cp->key_count);
55ed8ca1 1558
86742e1e
JH		 1559 expected_len = sizeof(*cp) + key_count *
1560 sizeof(struct mgmt_link_key_info);
a492cd52 1561 if (expected_len != len) {
86742e1e 1562 BT_ERR("load_link_keys: expected %u bytes, got %u bytes",
8ce8e2b5 1563 len, expected_len);
bdb6d971 1564 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
04124681 1565 MGMT_STATUS_INVALID_PARAMS);
55ed8ca1
JH		 1566 }
1567
4ae14301
JH		 1568 if (cp->debug_keys != 0x00 && cp->debug_keys != 0x01)
1569 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
1570 MGMT_STATUS_INVALID_PARAMS);
1571
bdb6d971 1572 BT_DBG("%s debug_keys %u key_count %u", hdev->name, cp->debug_keys,
8ce8e2b5 1573 key_count);
55ed8ca1 1574
4ee71b20
JH		 1575 for (i = 0; i < key_count; i++) {
1576 struct mgmt_link_key_info *key = &cp->keys[i];
1577
1578 if (key->addr.type != BDADDR_BREDR)
1579 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
1580 MGMT_STATUS_INVALID_PARAMS);
1581 }
1582
09fd0de5 1583 hci_dev_lock(hdev);
55ed8ca1
JH		 1584
1585 hci_link_keys_clear(hdev);
1586
a8b2d5c2 1587 set_bit(HCI_LINK_KEYS, &hdev->dev_flags);
55ed8ca1
JH		 1588
1589 if (cp->debug_keys)
a8b2d5c2 1590 set_bit(HCI_DEBUG_KEYS, &hdev->dev_flags);
55ed8ca1 1591 else
a8b2d5c2 1592 clear_bit(HCI_DEBUG_KEYS, &hdev->dev_flags);
55ed8ca1 1593
a492cd52 1594 for (i = 0; i < key_count; i++) {
86742e1e 1595 struct mgmt_link_key_info *key = &cp->keys[i];
55ed8ca1 1596
d753fdc4 1597 hci_add_link_key(hdev, NULL, 0, &key->addr.bdaddr, key->val,
04124681 1598 key->type, key->pin_len);
55ed8ca1
JH		 1599 }
1600
bdb6d971 1601 cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS, 0, NULL, 0);
0e5f875a 1602
09fd0de5 1603 hci_dev_unlock(hdev);
55ed8ca1 1604
a492cd52 1605 return 0;
55ed8ca1
JH		 1606}
1607
b1078ad0 1608static int device_unpaired(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 1609 u8 addr_type, struct sock *skip_sk)
b1078ad0
JH		 1610{
1611 struct mgmt_ev_device_unpaired ev;
1612
1613 bacpy(&ev.addr.bdaddr, bdaddr);
1614 ev.addr.type = addr_type;
1615
1616 return mgmt_event(MGMT_EV_DEVICE_UNPAIRED, hdev, &ev, sizeof(ev),
04124681 1617 skip_sk);
b1078ad0
JH		 1618}
1619
bdb6d971 1620static int unpair_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1621 u16 len)
55ed8ca1 1622{
124f6e35
JH		 1623 struct mgmt_cp_unpair_device *cp = data;
1624 struct mgmt_rp_unpair_device rp;
a8a1d19e
JH		 1625 struct hci_cp_disconnect dc;
1626 struct pending_cmd *cmd;
55ed8ca1 1627 struct hci_conn *conn;
55ed8ca1
JH		 1628 int err;
1629
a8a1d19e 1630 memset(&rp, 0, sizeof(rp));
124f6e35
JH		 1631 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
1632 rp.addr.type = cp->addr.type;
a8a1d19e 1633
4ee71b20
JH		 1634 if (!bdaddr_type_is_valid(cp->addr.type))
1635 return cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
1636 MGMT_STATUS_INVALID_PARAMS,
1637 &rp, sizeof(rp));
1638
118da70b
JH		 1639 if (cp->disconnect != 0x00 && cp->disconnect != 0x01)
1640 return cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
1641 MGMT_STATUS_INVALID_PARAMS,
1642 &rp, sizeof(rp));
1643
4ee71b20
JH		 1644 hci_dev_lock(hdev);
1645
86a8cfc6 1646 if (!hdev_is_powered(hdev)) {
bdb6d971 1647 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
04124681 1648 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
86a8cfc6
JH		 1649 goto unlock;
1650 }
1651
591f47f3 1652 if (cp->addr.type == BDADDR_BREDR)
124f6e35
JH		 1653 err = hci_remove_link_key(hdev, &cp->addr.bdaddr);
1654 else
1655 err = hci_remove_ltk(hdev, &cp->addr.bdaddr);
b0dbfb46 1656
55ed8ca1 1657 if (err < 0) {
bdb6d971 1658 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
04124681 1659 MGMT_STATUS_NOT_PAIRED, &rp, sizeof(rp));
55ed8ca1
JH		 1660 goto unlock;
1661 }
1662
86a8cfc6 1663 if (cp->disconnect) {
591f47f3 1664 if (cp->addr.type == BDADDR_BREDR)
86a8cfc6 1665 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
8ce8e2b5 1666 &cp->addr.bdaddr);
86a8cfc6
JH		 1667 else
1668 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK,
8ce8e2b5 1669 &cp->addr.bdaddr);
86a8cfc6
JH		 1670 } else {
1671 conn = NULL;
1672 }
124f6e35 1673
a8a1d19e 1674 if (!conn) {
bdb6d971 1675 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE, 0,
04124681 1676 &rp, sizeof(rp));
b1078ad0 1677 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, sk);
a8a1d19e
JH		 1678 goto unlock;
1679 }
55ed8ca1 1680
124f6e35 1681 cmd = mgmt_pending_add(sk, MGMT_OP_UNPAIR_DEVICE, hdev, cp,
04124681 1682 sizeof(*cp));
a8a1d19e
JH		 1683 if (!cmd) {
1684 err = -ENOMEM;
1685 goto unlock;
55ed8ca1
JH		 1686 }
1687
eb55ef07 1688 dc.handle = cpu_to_le16(conn->handle);
a8a1d19e
JH		 1689 dc.reason = 0x13; /* Remote User Terminated Connection */
1690 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
1691 if (err < 0)
1692 mgmt_pending_remove(cmd);
1693
55ed8ca1 1694unlock:
09fd0de5 1695 hci_dev_unlock(hdev);
55ed8ca1
JH		 1696 return err;
1697}
1698
bdb6d971 1699static int disconnect(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1700 u16 len)
8962ee74 1701{
650f726d 1702 struct mgmt_cp_disconnect *cp = data;
06a63b19 1703 struct mgmt_rp_disconnect rp;
8962ee74 1704 struct hci_cp_disconnect dc;
366a0336 1705 struct pending_cmd *cmd;
8962ee74 1706 struct hci_conn *conn;
8962ee74
JH		 1707 int err;
1708
1709 BT_DBG("");
1710
06a63b19
JH		 1711 memset(&rp, 0, sizeof(rp));
1712 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
1713 rp.addr.type = cp->addr.type;
1714
4ee71b20 1715 if (!bdaddr_type_is_valid(cp->addr.type))
06a63b19
JH		 1716 return cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
1717 MGMT_STATUS_INVALID_PARAMS,
1718 &rp, sizeof(rp));
4ee71b20 1719
09fd0de5 1720 hci_dev_lock(hdev);
8962ee74
JH		 1721
1722 if (!test_bit(HCI_UP, &hdev->flags)) {
06a63b19
JH		 1723 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
1724 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
8962ee74
JH		 1725 goto failed;
1726 }
1727
2e58ef3e 1728 if (mgmt_pending_find(MGMT_OP_DISCONNECT, hdev)) {
06a63b19
JH		 1729 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
1730 MGMT_STATUS_BUSY, &rp, sizeof(rp));
8962ee74
JH		 1731 goto failed;
1732 }
1733
591f47f3 1734 if (cp->addr.type == BDADDR_BREDR)
8fc9ced3
GP		 1735 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
1736 &cp->addr.bdaddr);
88c3df13
JH		 1737 else
1738 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
365227e5 1739
f960727e 1740 if (!conn || conn->state == BT_OPEN || conn->state == BT_CLOSED) {
06a63b19
JH		 1741 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
1742 MGMT_STATUS_NOT_CONNECTED, &rp, sizeof(rp));
8962ee74
JH		 1743 goto failed;
1744 }
1745
2e58ef3e 1746 cmd = mgmt_pending_add(sk, MGMT_OP_DISCONNECT, hdev, data, len);
366a0336
JH		 1747 if (!cmd) {
1748 err = -ENOMEM;
8962ee74 1749 goto failed;
366a0336 1750 }
8962ee74 1751
eb55ef07 1752 dc.handle = cpu_to_le16(conn->handle);
3701f944 1753 dc.reason = HCI_ERROR_REMOTE_USER_TERM;
8962ee74
JH		 1754
1755 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
1756 if (err < 0)
a664b5bc 1757 mgmt_pending_remove(cmd);
8962ee74
JH		 1758
1759failed:
09fd0de5 1760 hci_dev_unlock(hdev);
8962ee74
JH		 1761 return err;
1762}
1763
57c1477c 1764static u8 link_to_bdaddr(u8 link_type, u8 addr_type)
4c659c39
JH		 1765{
1766 switch (link_type) {
1767 case LE_LINK:
48264f06
JH		 1768 switch (addr_type) {
1769 case ADDR_LE_DEV_PUBLIC:
591f47f3 1770 return BDADDR_LE_PUBLIC;
0ed09148 1771
48264f06 1772 default:
0ed09148 1773 /* Fallback to LE Random address type */
591f47f3 1774 return BDADDR_LE_RANDOM;
48264f06 1775 }
0ed09148 1776
4c659c39 1777 default:
0ed09148 1778 /* Fallback to BR/EDR type */
591f47f3 1779 return BDADDR_BREDR;
4c659c39
JH		 1780 }
1781}
1782
04124681
GP		 1783static int get_connections(struct sock *sk, struct hci_dev *hdev, void *data,
1784 u16 data_len)
2784eb41 1785{
2784eb41 1786 struct mgmt_rp_get_connections *rp;
8035ded4 1787 struct hci_conn *c;
a38528f1 1788 size_t rp_len;
60fc5fb6
JH		 1789 int err;
1790 u16 i;
2784eb41
JH		 1791
1792 BT_DBG("");
1793
09fd0de5 1794 hci_dev_lock(hdev);
2784eb41 1795
5f97c1df 1796 if (!hdev_is_powered(hdev)) {
bdb6d971 1797 err = cmd_status(sk, hdev->id, MGMT_OP_GET_CONNECTIONS,
04124681 1798 MGMT_STATUS_NOT_POWERED);
5f97c1df
JH		 1799 goto unlock;
1800 }
1801
60fc5fb6 1802 i = 0;
b644ba33
JH		 1803 list_for_each_entry(c, &hdev->conn_hash.list, list) {
1804 if (test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
60fc5fb6 1805 i++;
2784eb41
JH		 1806 }
1807
60fc5fb6 1808 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
92c4c204 1809 rp = kmalloc(rp_len, GFP_KERNEL);
a38528f1 1810 if (!rp) {
2784eb41
JH		 1811 err = -ENOMEM;
1812 goto unlock;
1813 }
1814
2784eb41 1815 i = 0;
4c659c39 1816 list_for_each_entry(c, &hdev->conn_hash.list, list) {
b644ba33
JH		 1817 if (!test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
1818 continue;
4c659c39 1819 bacpy(&rp->addr[i].bdaddr, &c->dst);
57c1477c 1820 rp->addr[i].type = link_to_bdaddr(c->type, c->dst_type);
0ed09148 1821 if (c->type == SCO_LINK || c->type == ESCO_LINK)
4c659c39
JH		 1822 continue;
1823 i++;
1824 }
1825
eb55ef07 1826 rp->conn_count = cpu_to_le16(i);
60fc5fb6 1827
4c659c39
JH		 1828 /* Recalculate length in case of filtered SCO connections, etc */
1829 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
2784eb41 1830
bdb6d971 1831 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CONNECTIONS, 0, rp,
04124681 1832 rp_len);
2784eb41 1833
a38528f1 1834 kfree(rp);
5f97c1df
JH		 1835
1836unlock:
09fd0de5 1837 hci_dev_unlock(hdev);
2784eb41
JH		 1838 return err;
1839}
1840
bdb6d971 1841static int send_pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 1842 struct mgmt_cp_pin_code_neg_reply *cp)
96d97a67
WR		 1843{
1844 struct pending_cmd *cmd;
1845 int err;
1846
2e58ef3e 1847 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_NEG_REPLY, hdev, cp,
04124681 1848 sizeof(*cp));
96d97a67
WR		 1849 if (!cmd)
1850 return -ENOMEM;
1851
d8457698 1852 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
04124681 1853 sizeof(cp->addr.bdaddr), &cp->addr.bdaddr);
96d97a67
WR		 1854 if (err < 0)
1855 mgmt_pending_remove(cmd);
1856
1857 return err;
1858}
1859
bdb6d971 1860static int pin_code_reply(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1861 u16 len)
980e1a53 1862{
96d97a67 1863 struct hci_conn *conn;
650f726d 1864 struct mgmt_cp_pin_code_reply *cp = data;
980e1a53 1865 struct hci_cp_pin_code_reply reply;
366a0336 1866 struct pending_cmd *cmd;
980e1a53
JH		 1867 int err;
1868
1869 BT_DBG("");
1870
09fd0de5 1871 hci_dev_lock(hdev);
980e1a53 1872
4b34ee78 1873 if (!hdev_is_powered(hdev)) {
bdb6d971 1874 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
04124681 1875 MGMT_STATUS_NOT_POWERED);
980e1a53
JH		 1876 goto failed;
1877 }
1878
d8457698 1879 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->addr.bdaddr);
96d97a67 1880 if (!conn) {
bdb6d971 1881 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
04124681 1882 MGMT_STATUS_NOT_CONNECTED);
96d97a67
WR		 1883 goto failed;
1884 }
1885
1886 if (conn->pending_sec_level == BT_SECURITY_HIGH && cp->pin_len != 16) {
d8457698
JH		 1887 struct mgmt_cp_pin_code_neg_reply ncp;
1888
1889 memcpy(&ncp.addr, &cp->addr, sizeof(ncp.addr));
96d97a67
WR		 1890
1891 BT_ERR("PIN code is not 16 bytes long");
1892
bdb6d971 1893 err = send_pin_code_neg_reply(sk, hdev, &ncp);
96d97a67 1894 if (err >= 0)
bdb6d971 1895 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
04124681 1896 MGMT_STATUS_INVALID_PARAMS);
96d97a67
WR		 1897
1898 goto failed;
1899 }
1900
00abfe44 1901 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_REPLY, hdev, data, len);
366a0336
JH		 1902 if (!cmd) {
1903 err = -ENOMEM;
980e1a53 1904 goto failed;
366a0336 1905 }
980e1a53 1906
d8457698 1907 bacpy(&reply.bdaddr, &cp->addr.bdaddr);
980e1a53 1908 reply.pin_len = cp->pin_len;
24718ca5 1909 memcpy(reply.pin_code, cp->pin_code, sizeof(reply.pin_code));
980e1a53
JH		 1910
1911 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_REPLY, sizeof(reply), &reply);
1912 if (err < 0)
a664b5bc 1913 mgmt_pending_remove(cmd);
980e1a53
JH		 1914
1915failed:
09fd0de5 1916 hci_dev_unlock(hdev);
980e1a53
JH		 1917 return err;
1918}
1919
04124681
GP		 1920static int set_io_capability(struct sock *sk, struct hci_dev *hdev, void *data,
1921 u16 len)
17fa4b9d 1922{
650f726d 1923 struct mgmt_cp_set_io_capability *cp = data;
17fa4b9d
JH		 1924
1925 BT_DBG("");
1926
09fd0de5 1927 hci_dev_lock(hdev);
17fa4b9d
JH		 1928
1929 hdev->io_capability = cp->io_capability;
1930
1931 BT_DBG("%s IO capability set to 0x%02x", hdev->name,
8ce8e2b5 1932 hdev->io_capability);
17fa4b9d 1933
09fd0de5 1934 hci_dev_unlock(hdev);
17fa4b9d 1935
04124681
GP		 1936 return cmd_complete(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY, 0, NULL,
1937 0);
17fa4b9d
JH		 1938}
1939
6039aa73 1940static struct pending_cmd *find_pairing(struct hci_conn *conn)
e9a416b5
JH		 1941{
1942 struct hci_dev *hdev = conn->hdev;
8035ded4 1943 struct pending_cmd *cmd;
e9a416b5 1944
2e58ef3e 1945 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
e9a416b5
JH		 1946 if (cmd->opcode != MGMT_OP_PAIR_DEVICE)
1947 continue;
1948
e9a416b5
JH		 1949 if (cmd->user_data != conn)
1950 continue;
1951
1952 return cmd;
1953 }
1954
1955 return NULL;
1956}
1957
1958static void pairing_complete(struct pending_cmd *cmd, u8 status)
1959{
1960 struct mgmt_rp_pair_device rp;
1961 struct hci_conn *conn = cmd->user_data;
1962
ba4e564f 1963 bacpy(&rp.addr.bdaddr, &conn->dst);
57c1477c 1964 rp.addr.type = link_to_bdaddr(conn->type, conn->dst_type);
e9a416b5 1965
aee9b218 1966 cmd_complete(cmd->sk, cmd->index, MGMT_OP_PAIR_DEVICE, status,
04124681 1967 &rp, sizeof(rp));
e9a416b5
JH		 1968
1969 /* So we don't get further callbacks for this connection */
1970 conn->connect_cfm_cb = NULL;
1971 conn->security_cfm_cb = NULL;
1972 conn->disconn_cfm_cb = NULL;
1973
1974 hci_conn_put(conn);
1975
a664b5bc 1976 mgmt_pending_remove(cmd);
e9a416b5
JH		 1977}
1978
1979static void pairing_complete_cb(struct hci_conn *conn, u8 status)
1980{
1981 struct pending_cmd *cmd;
1982
1983 BT_DBG("status %u", status);
1984
1985 cmd = find_pairing(conn);
56e5cb86 1986 if (!cmd)
e9a416b5 1987 BT_DBG("Unable to find a pending command");
56e5cb86 1988 else
e211326c 1989 pairing_complete(cmd, mgmt_status(status));
e9a416b5
JH		 1990}
1991
4c47d739
VA		 1992static void le_connect_complete_cb(struct hci_conn *conn, u8 status)
1993{
1994 struct pending_cmd *cmd;
1995
1996 BT_DBG("status %u", status);
1997
1998 if (!status)
1999 return;
2000
2001 cmd = find_pairing(conn);
2002 if (!cmd)
2003 BT_DBG("Unable to find a pending command");
2004 else
2005 pairing_complete(cmd, mgmt_status(status));
2006}
2007
bdb6d971 2008static int pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2009 u16 len)
e9a416b5 2010{
650f726d 2011 struct mgmt_cp_pair_device *cp = data;
1425acb7 2012 struct mgmt_rp_pair_device rp;
e9a416b5
JH		 2013 struct pending_cmd *cmd;
2014 u8 sec_level, auth_type;
2015 struct hci_conn *conn;
e9a416b5
JH		 2016 int err;
2017
2018 BT_DBG("");
2019
f950a30e
SJ		 2020 memset(&rp, 0, sizeof(rp));
2021 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2022 rp.addr.type = cp->addr.type;
2023
4ee71b20
JH		 2024 if (!bdaddr_type_is_valid(cp->addr.type))
2025 return cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2026 MGMT_STATUS_INVALID_PARAMS,
2027 &rp, sizeof(rp));
2028
09fd0de5 2029 hci_dev_lock(hdev);
e9a416b5 2030
5f97c1df 2031 if (!hdev_is_powered(hdev)) {
f950a30e
SJ		 2032 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2033 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
5f97c1df
JH		 2034 goto unlock;
2035 }
2036
c908df36
VCG		 2037 sec_level = BT_SECURITY_MEDIUM;
2038 if (cp->io_cap == 0x03)
e9a416b5 2039 auth_type = HCI_AT_DEDICATED_BONDING;
c908df36 2040 else
e9a416b5 2041 auth_type = HCI_AT_DEDICATED_BONDING_MITM;
e9a416b5 2042
591f47f3 2043 if (cp->addr.type == BDADDR_BREDR)
b12f62cf
AG		 2044 conn = hci_connect(hdev, ACL_LINK, &cp->addr.bdaddr,
2045 cp->addr.type, sec_level, auth_type);
7a512d01 2046 else
b12f62cf
AG		 2047 conn = hci_connect(hdev, LE_LINK, &cp->addr.bdaddr,
2048 cp->addr.type, sec_level, auth_type);
7a512d01 2049
30e76272 2050 if (IS_ERR(conn)) {
489dc48e
AK		 2051 int status;
2052
2053 if (PTR_ERR(conn) == -EBUSY)
2054 status = MGMT_STATUS_BUSY;
2055 else
2056 status = MGMT_STATUS_CONNECT_FAILED;
2057
bdb6d971 2058 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
489dc48e 2059 status, &rp,
04124681 2060 sizeof(rp));
e9a416b5
JH		 2061 goto unlock;
2062 }
2063
2064 if (conn->connect_cfm_cb) {
2065 hci_conn_put(conn);
bdb6d971 2066 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
04124681 2067 MGMT_STATUS_BUSY, &rp, sizeof(rp));
e9a416b5
JH		 2068 goto unlock;
2069 }
2070
2e58ef3e 2071 cmd = mgmt_pending_add(sk, MGMT_OP_PAIR_DEVICE, hdev, data, len);
e9a416b5
JH		 2072 if (!cmd) {
2073 err = -ENOMEM;
2074 hci_conn_put(conn);
2075 goto unlock;
2076 }
2077
7a512d01 2078 /* For LE, just connecting isn't a proof that the pairing finished */
591f47f3 2079 if (cp->addr.type == BDADDR_BREDR)
7a512d01 2080 conn->connect_cfm_cb = pairing_complete_cb;
4c47d739
VA		 2081 else
2082 conn->connect_cfm_cb = le_connect_complete_cb;
7a512d01 2083
e9a416b5
JH		 2084 conn->security_cfm_cb = pairing_complete_cb;
2085 conn->disconn_cfm_cb = pairing_complete_cb;
2086 conn->io_capability = cp->io_cap;
2087 cmd->user_data = conn;
2088
2089 if (conn->state == BT_CONNECTED &&
8ce8e2b5 2090 hci_conn_security(conn, sec_level, auth_type))
e9a416b5
JH		 2091 pairing_complete(cmd, 0);
2092
2093 err = 0;
2094
2095unlock:
09fd0de5 2096 hci_dev_unlock(hdev);
e9a416b5
JH		 2097 return err;
2098}
2099
04124681
GP		 2100static int cancel_pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
2101 u16 len)
28424707 2102{
0f4e68cf 2103 struct mgmt_addr_info *addr = data;
28424707
JH		 2104 struct pending_cmd *cmd;
2105 struct hci_conn *conn;
2106 int err;
2107
2108 BT_DBG("");
2109
28424707
JH		 2110 hci_dev_lock(hdev);
2111
5f97c1df 2112 if (!hdev_is_powered(hdev)) {
bdb6d971 2113 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
04124681 2114 MGMT_STATUS_NOT_POWERED);
5f97c1df
JH		 2115 goto unlock;
2116 }
2117
28424707
JH		 2118 cmd = mgmt_pending_find(MGMT_OP_PAIR_DEVICE, hdev);
2119 if (!cmd) {
bdb6d971 2120 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
04124681 2121 MGMT_STATUS_INVALID_PARAMS);
28424707
JH		 2122 goto unlock;
2123 }
2124
2125 conn = cmd->user_data;
2126
2127 if (bacmp(&addr->bdaddr, &conn->dst) != 0) {
bdb6d971 2128 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
04124681 2129 MGMT_STATUS_INVALID_PARAMS);
28424707
JH		 2130 goto unlock;
2131 }
2132
2133 pairing_complete(cmd, MGMT_STATUS_CANCELLED);
2134
bdb6d971 2135 err = cmd_complete(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE, 0,
04124681 2136 addr, sizeof(*addr));
28424707
JH		 2137unlock:
2138 hci_dev_unlock(hdev);
28424707
JH		 2139 return err;
2140}
2141
bdb6d971 2142static int user_pairing_resp(struct sock *sk, struct hci_dev *hdev,
04124681
GP		 2143 bdaddr_t *bdaddr, u8 type, u16 mgmt_op,
2144 u16 hci_op, __le32 passkey)
a5c29683 2145{
a5c29683 2146 struct pending_cmd *cmd;
0df4c185 2147 struct hci_conn *conn;
a5c29683
JH		 2148 int err;
2149
09fd0de5 2150 hci_dev_lock(hdev);
08ba5382 2151
4b34ee78 2152 if (!hdev_is_powered(hdev)) {
bdb6d971 2153 err = cmd_status(sk, hdev->id, mgmt_op,
04124681 2154 MGMT_STATUS_NOT_POWERED);
0df4c185 2155 goto done;
a5c29683
JH		 2156 }
2157
591f47f3 2158 if (type == BDADDR_BREDR)
272d90df
JH		 2159 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, bdaddr);
2160 else
47c15e2b 2161 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, bdaddr);
272d90df
JH		 2162
2163 if (!conn) {
bdb6d971 2164 err = cmd_status(sk, hdev->id, mgmt_op,
04124681 2165 MGMT_STATUS_NOT_CONNECTED);
272d90df
JH		 2166 goto done;
2167 }
47c15e2b 2168
591f47f3 2169 if (type == BDADDR_LE_PUBLIC || type == BDADDR_LE_RANDOM) {
47c15e2b 2170 /* Continue with pairing via SMP */
5fe57d9e
BG		 2171 err = smp_user_confirm_reply(conn, mgmt_op, passkey);
2172
2173 if (!err)
bdb6d971 2174 err = cmd_status(sk, hdev->id, mgmt_op,
04124681 2175 MGMT_STATUS_SUCCESS);
5fe57d9e 2176 else
bdb6d971 2177 err = cmd_status(sk, hdev->id, mgmt_op,
04124681 2178 MGMT_STATUS_FAILED);
47c15e2b 2179
47c15e2b
BG		 2180 goto done;
2181 }
2182
0df4c185 2183 cmd = mgmt_pending_add(sk, mgmt_op, hdev, bdaddr, sizeof(*bdaddr));
a5c29683
JH		 2184 if (!cmd) {
2185 err = -ENOMEM;
0df4c185 2186 goto done;
a5c29683
JH		 2187 }
2188
0df4c185 2189 /* Continue with pairing via HCI */
604086b7
BG		 2190 if (hci_op == HCI_OP_USER_PASSKEY_REPLY) {
2191 struct hci_cp_user_passkey_reply cp;
2192
2193 bacpy(&cp.bdaddr, bdaddr);
2194 cp.passkey = passkey;
2195 err = hci_send_cmd(hdev, hci_op, sizeof(cp), &cp);
2196 } else
2197 err = hci_send_cmd(hdev, hci_op, sizeof(*bdaddr), bdaddr);
2198
a664b5bc
JH		 2199 if (err < 0)
2200 mgmt_pending_remove(cmd);
a5c29683 2201
0df4c185 2202done:
09fd0de5 2203 hci_dev_unlock(hdev);
a5c29683
JH		 2204 return err;
2205}
2206
afeb019d
JK		 2207static int pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
2208 void *data, u16 len)
2209{
2210 struct mgmt_cp_pin_code_neg_reply *cp = data;
2211
2212 BT_DBG("");
2213
2214 return user_pairing_resp(sk, hdev, &cp->addr.bdaddr, cp->addr.type,
2215 MGMT_OP_PIN_CODE_NEG_REPLY,
2216 HCI_OP_PIN_CODE_NEG_REPLY, 0);
2217}
2218
04124681
GP		 2219static int user_confirm_reply(struct sock *sk, struct hci_dev *hdev, void *data,
2220 u16 len)
0df4c185 2221{
650f726d 2222 struct mgmt_cp_user_confirm_reply *cp = data;
0df4c185
BG		 2223
2224 BT_DBG("");
2225
2226 if (len != sizeof(*cp))
bdb6d971 2227 return cmd_status(sk, hdev->id, MGMT_OP_USER_CONFIRM_REPLY,
04124681 2228 MGMT_STATUS_INVALID_PARAMS);
0df4c185 2229
bdb6d971 2230 return user_pairing_resp(sk, hdev, &cp->addr.bdaddr, cp->addr.type,
04124681
GP		 2231 MGMT_OP_USER_CONFIRM_REPLY,
2232 HCI_OP_USER_CONFIRM_REPLY, 0);
0df4c185
BG		 2233}
2234
bdb6d971 2235static int user_confirm_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 2236 void *data, u16 len)
0df4c185 2237{
c9c2659f 2238 struct mgmt_cp_user_confirm_neg_reply *cp = data;
0df4c185
BG		 2239
2240 BT_DBG("");
2241
bdb6d971 2242 return user_pairing_resp(sk, hdev, &cp->addr.bdaddr, cp->addr.type,
04124681
GP		 2243 MGMT_OP_USER_CONFIRM_NEG_REPLY,
2244 HCI_OP_USER_CONFIRM_NEG_REPLY, 0);
0df4c185
BG		 2245}
2246
04124681
GP		 2247static int user_passkey_reply(struct sock *sk, struct hci_dev *hdev, void *data,
2248 u16 len)
604086b7 2249{
650f726d 2250 struct mgmt_cp_user_passkey_reply *cp = data;
604086b7
BG		 2251
2252 BT_DBG("");
2253
bdb6d971 2254 return user_pairing_resp(sk, hdev, &cp->addr.bdaddr, cp->addr.type,
04124681
GP		 2255 MGMT_OP_USER_PASSKEY_REPLY,
2256 HCI_OP_USER_PASSKEY_REPLY, cp->passkey);
604086b7
BG		 2257}
2258
bdb6d971 2259static int user_passkey_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 2260 void *data, u16 len)
604086b7 2261{
650f726d 2262 struct mgmt_cp_user_passkey_neg_reply *cp = data;
604086b7
BG		 2263
2264 BT_DBG("");
2265
bdb6d971 2266 return user_pairing_resp(sk, hdev, &cp->addr.bdaddr, cp->addr.type,
04124681
GP		 2267 MGMT_OP_USER_PASSKEY_NEG_REPLY,
2268 HCI_OP_USER_PASSKEY_NEG_REPLY, 0);
604086b7
BG		 2269}
2270
2b4bf397
JH		 2271static int update_name(struct hci_dev *hdev, const char *name)
2272{
2273 struct hci_cp_write_local_name cp;
2274
2275 memcpy(cp.name, name, sizeof(cp.name));
2276
2277 return hci_send_cmd(hdev, HCI_OP_WRITE_LOCAL_NAME, sizeof(cp), &cp);
2278}
2279
bdb6d971 2280static int set_local_name(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2281 u16 len)
b312b161 2282{
2b4bf397 2283 struct mgmt_cp_set_local_name *cp = data;
b312b161
JH		 2284 struct pending_cmd *cmd;
2285 int err;
2286
2287 BT_DBG("");
2288
09fd0de5 2289 hci_dev_lock(hdev);
b312b161 2290
2b4bf397 2291 memcpy(hdev->short_name, cp->short_name, sizeof(hdev->short_name));
28cc7bde 2292
b5235a65 2293 if (!hdev_is_powered(hdev)) {
2b4bf397 2294 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
28cc7bde
JH		 2295
2296 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
04124681 2297 data, len);
28cc7bde
JH		 2298 if (err < 0)
2299 goto failed;
2300
2301 err = mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, data, len,
04124681 2302 sk);
28cc7bde 2303
b5235a65
JH		 2304 goto failed;
2305 }
2306
28cc7bde 2307 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LOCAL_NAME, hdev, data, len);
b312b161
JH		 2308 if (!cmd) {
2309 err = -ENOMEM;
2310 goto failed;
2311 }
2312
2b4bf397 2313 err = update_name(hdev, cp->name);
b312b161
JH		 2314 if (err < 0)
2315 mgmt_pending_remove(cmd);
2316
2317failed:
09fd0de5 2318 hci_dev_unlock(hdev);
b312b161
JH		 2319 return err;
2320}
2321
0f4e68cf 2322static int read_local_oob_data(struct sock *sk, struct hci_dev *hdev,
04124681 2323 void *data, u16 data_len)
c35938b2 2324{
c35938b2
SJ		 2325 struct pending_cmd *cmd;
2326 int err;
2327
bdb6d971 2328 BT_DBG("%s", hdev->name);
c35938b2 2329
09fd0de5 2330 hci_dev_lock(hdev);
c35938b2 2331
4b34ee78 2332 if (!hdev_is_powered(hdev)) {
bdb6d971 2333 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
04124681 2334 MGMT_STATUS_NOT_POWERED);
c35938b2
SJ		 2335 goto unlock;
2336 }
2337
9a1a1996 2338 if (!lmp_ssp_capable(hdev)) {
bdb6d971 2339 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
04124681 2340 MGMT_STATUS_NOT_SUPPORTED);
c35938b2
SJ		 2341 goto unlock;
2342 }
2343
2e58ef3e 2344 if (mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev)) {
bdb6d971 2345 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
04124681 2346 MGMT_STATUS_BUSY);
c35938b2
SJ		 2347 goto unlock;
2348 }
2349
2e58ef3e 2350 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_DATA, hdev, NULL, 0);
c35938b2
SJ		 2351 if (!cmd) {
2352 err = -ENOMEM;
2353 goto unlock;
2354 }
2355
2356 err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL);
2357 if (err < 0)
2358 mgmt_pending_remove(cmd);
2359
2360unlock:
09fd0de5 2361 hci_dev_unlock(hdev);
c35938b2
SJ		 2362 return err;
2363}
2364
bdb6d971 2365static int add_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
04124681 2366 void *data, u16 len)
2763eda6 2367{
650f726d 2368 struct mgmt_cp_add_remote_oob_data *cp = data;
bf1e3541 2369 u8 status;
2763eda6
SJ		 2370 int err;
2371
bdb6d971 2372 BT_DBG("%s ", hdev->name);
2763eda6 2373
09fd0de5 2374 hci_dev_lock(hdev);
2763eda6 2375
664ce4cc 2376 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr, cp->hash,
04124681 2377 cp->randomizer);
2763eda6 2378 if (err < 0)
bf1e3541 2379 status = MGMT_STATUS_FAILED;
2763eda6 2380 else
a6785be2 2381 status = MGMT_STATUS_SUCCESS;
bf1e3541 2382
bdb6d971 2383 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA, status,
04124681 2384 &cp->addr, sizeof(cp->addr));
2763eda6 2385
09fd0de5 2386 hci_dev_unlock(hdev);
2763eda6
SJ		 2387 return err;
2388}
2389
bdb6d971 2390static int remove_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
8ce8e2b5 2391 void *data, u16 len)
2763eda6 2392{
650f726d 2393 struct mgmt_cp_remove_remote_oob_data *cp = data;
bf1e3541 2394 u8 status;
2763eda6
SJ		 2395 int err;
2396
bdb6d971 2397 BT_DBG("%s", hdev->name);
2763eda6 2398
09fd0de5 2399 hci_dev_lock(hdev);
2763eda6 2400
664ce4cc 2401 err = hci_remove_remote_oob_data(hdev, &cp->addr.bdaddr);
2763eda6 2402 if (err < 0)
bf1e3541 2403 status = MGMT_STATUS_INVALID_PARAMS;
2763eda6 2404 else
a6785be2 2405 status = MGMT_STATUS_SUCCESS;
bf1e3541 2406
bdb6d971 2407 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
04124681 2408 status, &cp->addr, sizeof(cp->addr));
2763eda6 2409
09fd0de5 2410 hci_dev_unlock(hdev);
2763eda6
SJ		 2411 return err;
2412}
2413
5e0452c0
AG		 2414int mgmt_interleaved_discovery(struct hci_dev *hdev)
2415{
2416 int err;
2417
2418 BT_DBG("%s", hdev->name);
2419
2420 hci_dev_lock(hdev);
2421
2422 err = hci_do_inquiry(hdev, INQUIRY_LEN_BREDR_LE);
2423 if (err < 0)
2424 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
2425
2426 hci_dev_unlock(hdev);
2427
2428 return err;
2429}
2430
bdb6d971 2431static int start_discovery(struct sock *sk, struct hci_dev *hdev,
04124681 2432 void *data, u16 len)
14a53664 2433{
650f726d 2434 struct mgmt_cp_start_discovery *cp = data;
14a53664 2435 struct pending_cmd *cmd;
14a53664
JH		 2436 int err;
2437
bdb6d971 2438 BT_DBG("%s", hdev->name);
14a53664 2439
09fd0de5 2440 hci_dev_lock(hdev);
14a53664 2441
4b34ee78 2442 if (!hdev_is_powered(hdev)) {
bdb6d971 2443 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
04124681 2444 MGMT_STATUS_NOT_POWERED);
bd2d1334
JH		 2445 goto failed;
2446 }
2447
642be6c7
AG		 2448 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags)) {
2449 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2450 MGMT_STATUS_BUSY);
2451 goto failed;
2452 }
2453
ff9ef578 2454 if (hdev->discovery.state != DISCOVERY_STOPPED) {
bdb6d971 2455 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
04124681 2456 MGMT_STATUS_BUSY);
ff9ef578
JH		 2457 goto failed;
2458 }
2459
2e58ef3e 2460 cmd = mgmt_pending_add(sk, MGMT_OP_START_DISCOVERY, hdev, NULL, 0);
14a53664
JH		 2461 if (!cmd) {
2462 err = -ENOMEM;
2463 goto failed;
2464 }
2465
4aab14e5
AG		 2466 hdev->discovery.type = cp->type;
2467
2468 switch (hdev->discovery.type) {
f39799f5 2469 case DISCOV_TYPE_BREDR:
04106755
JH		 2470 if (!lmp_bredr_capable(hdev)) {
2471 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2472 MGMT_STATUS_NOT_SUPPORTED);
2473 mgmt_pending_remove(cmd);
2474 goto failed;
2475 }
2476
2477 err = hci_do_inquiry(hdev, INQUIRY_LEN_BREDR);
f39799f5
AG		 2478 break;
2479
2480 case DISCOV_TYPE_LE:
04106755
JH		 2481 if (!lmp_host_le_capable(hdev)) {
2482 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2483 MGMT_STATUS_NOT_SUPPORTED);
2484 mgmt_pending_remove(cmd);
2485 goto failed;
2486 }
2487
2488 err = hci_le_scan(hdev, LE_SCAN_TYPE, LE_SCAN_INT,
2489 LE_SCAN_WIN, LE_SCAN_TIMEOUT_LE_ONLY);
f39799f5
AG		 2490 break;
2491
5e0452c0 2492 case DISCOV_TYPE_INTERLEAVED:
04106755
JH		 2493 if (!lmp_host_le_capable(hdev) || !lmp_bredr_capable(hdev)) {
2494 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2495 MGMT_STATUS_NOT_SUPPORTED);
2496 mgmt_pending_remove(cmd);
2497 goto failed;
2498 }
2499
2500 err = hci_le_scan(hdev, LE_SCAN_TYPE, LE_SCAN_INT, LE_SCAN_WIN,
2501 LE_SCAN_TIMEOUT_BREDR_LE);
5e0452c0
AG		 2502 break;
2503
f39799f5 2504 default:
04106755
JH		 2505 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2506 MGMT_STATUS_INVALID_PARAMS);
2507 mgmt_pending_remove(cmd);
2508 goto failed;
f39799f5 2509 }
3fd24153 2510
14a53664
JH		 2511 if (err < 0)
2512 mgmt_pending_remove(cmd);
ff9ef578
JH		 2513 else
2514 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
14a53664
JH		 2515
2516failed:
09fd0de5 2517 hci_dev_unlock(hdev);
14a53664
JH		 2518 return err;
2519}
2520
bdb6d971 2521static int stop_discovery(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2522 u16 len)
14a53664 2523{
d930650b 2524 struct mgmt_cp_stop_discovery *mgmt_cp = data;
14a53664 2525 struct pending_cmd *cmd;
30dc78e1
JH		 2526 struct hci_cp_remote_name_req_cancel cp;
2527 struct inquiry_entry *e;
14a53664
JH		 2528 int err;
2529
bdb6d971 2530 BT_DBG("%s", hdev->name);
14a53664 2531
09fd0de5 2532 hci_dev_lock(hdev);
14a53664 2533
30dc78e1 2534 if (!hci_discovery_active(hdev)) {
bdb6d971 2535 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
04124681
GP		 2536 MGMT_STATUS_REJECTED, &mgmt_cp->type,
2537 sizeof(mgmt_cp->type));
d930650b
JH		 2538 goto unlock;
2539 }
2540
2541 if (hdev->discovery.type != mgmt_cp->type) {
bdb6d971 2542 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
04124681
GP		 2543 MGMT_STATUS_INVALID_PARAMS, &mgmt_cp->type,
2544 sizeof(mgmt_cp->type));
30dc78e1 2545 goto unlock;
ff9ef578
JH		 2546 }
2547
2e58ef3e 2548 cmd = mgmt_pending_add(sk, MGMT_OP_STOP_DISCOVERY, hdev, NULL, 0);
14a53664
JH		 2549 if (!cmd) {
2550 err = -ENOMEM;
30dc78e1
JH		 2551 goto unlock;
2552 }
2553
e0d9727e
AG		 2554 switch (hdev->discovery.state) {
2555 case DISCOVERY_FINDING:
c9ecc48e
AG		 2556 if (test_bit(HCI_INQUIRY, &hdev->flags))
2557 err = hci_cancel_inquiry(hdev);
2558 else
2559 err = hci_cancel_le_scan(hdev);
2560
e0d9727e
AG		 2561 break;
2562
2563 case DISCOVERY_RESOLVING:
2564 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY,
8ce8e2b5 2565 NAME_PENDING);
e0d9727e 2566 if (!e) {
30dc78e1 2567 mgmt_pending_remove(cmd);
e0d9727e
AG		 2568 err = cmd_complete(sk, hdev->id,
2569 MGMT_OP_STOP_DISCOVERY, 0,
2570 &mgmt_cp->type,
2571 sizeof(mgmt_cp->type));
2572 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
2573 goto unlock;
2574 }
30dc78e1 2575
e0d9727e
AG		 2576 bacpy(&cp.bdaddr, &e->data.bdaddr);
2577 err = hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ_CANCEL,
2578 sizeof(cp), &cp);
2579
2580 break;
2581
2582 default:
2583 BT_DBG("unknown discovery state %u", hdev->discovery.state);
2584 err = -EFAULT;
14a53664
JH		 2585 }
2586
14a53664
JH		 2587 if (err < 0)
2588 mgmt_pending_remove(cmd);
ff9ef578
JH		 2589 else
2590 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
14a53664 2591
30dc78e1 2592unlock:
09fd0de5 2593 hci_dev_unlock(hdev);
14a53664
JH		 2594 return err;
2595}
2596
bdb6d971 2597static int confirm_name(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2598 u16 len)
561aafbc 2599{
650f726d 2600 struct mgmt_cp_confirm_name *cp = data;
561aafbc 2601 struct inquiry_entry *e;
561aafbc
JH		 2602 int err;
2603
bdb6d971 2604 BT_DBG("%s", hdev->name);
561aafbc 2605
561aafbc
JH		 2606 hci_dev_lock(hdev);
2607
30dc78e1 2608 if (!hci_discovery_active(hdev)) {
bdb6d971 2609 err = cmd_status(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
04124681 2610 MGMT_STATUS_FAILED);
30dc78e1
JH		 2611 goto failed;
2612 }
2613
a198e7b1 2614 e = hci_inquiry_cache_lookup_unknown(hdev, &cp->addr.bdaddr);
561aafbc 2615 if (!e) {
bdb6d971 2616 err = cmd_status(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
04124681 2617 MGMT_STATUS_INVALID_PARAMS);
561aafbc
JH		 2618 goto failed;
2619 }
2620
2621 if (cp->name_known) {
2622 e->name_state = NAME_KNOWN;
2623 list_del(&e->list);
2624 } else {
2625 e->name_state = NAME_NEEDED;
a3d4e20a 2626 hci_inquiry_cache_update_resolve(hdev, e);
561aafbc
JH		 2627 }
2628
e384662b
JH		 2629 err = cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME, 0, &cp->addr,
2630 sizeof(cp->addr));
561aafbc
JH		 2631
2632failed:
2633 hci_dev_unlock(hdev);
561aafbc
JH		 2634 return err;
2635}
2636
bdb6d971 2637static int block_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2638 u16 len)
7fbec224 2639{
650f726d 2640 struct mgmt_cp_block_device *cp = data;
f0eeea8b 2641 u8 status;
7fbec224
AJ		 2642 int err;
2643
bdb6d971 2644 BT_DBG("%s", hdev->name);
7fbec224 2645
4ee71b20 2646 if (!bdaddr_type_is_valid(cp->addr.type))
5d0846d4
JH		 2647 return cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE,
2648 MGMT_STATUS_INVALID_PARAMS,
2649 &cp->addr, sizeof(cp->addr));
4ee71b20 2650
09fd0de5 2651 hci_dev_lock(hdev);
5e762444 2652
88c1fe4b 2653 err = hci_blacklist_add(hdev, &cp->addr.bdaddr, cp->addr.type);
7fbec224 2654 if (err < 0)
f0eeea8b 2655 status = MGMT_STATUS_FAILED;
7fbec224 2656 else
a6785be2 2657 status = MGMT_STATUS_SUCCESS;
f0eeea8b 2658
bdb6d971 2659 err = cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE, status,
04124681 2660 &cp->addr, sizeof(cp->addr));
5e762444 2661
09fd0de5 2662 hci_dev_unlock(hdev);
7fbec224
AJ		 2663
2664 return err;
2665}
2666
bdb6d971 2667static int unblock_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2668 u16 len)
7fbec224 2669{
650f726d 2670 struct mgmt_cp_unblock_device *cp = data;
f0eeea8b 2671 u8 status;
7fbec224
AJ		 2672 int err;
2673
bdb6d971 2674 BT_DBG("%s", hdev->name);
7fbec224 2675
4ee71b20 2676 if (!bdaddr_type_is_valid(cp->addr.type))
5d0846d4
JH		 2677 return cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE,
2678 MGMT_STATUS_INVALID_PARAMS,
2679 &cp->addr, sizeof(cp->addr));
4ee71b20 2680
09fd0de5 2681 hci_dev_lock(hdev);
5e762444 2682
88c1fe4b 2683 err = hci_blacklist_del(hdev, &cp->addr.bdaddr, cp->addr.type);
7fbec224 2684 if (err < 0)
f0eeea8b 2685 status = MGMT_STATUS_INVALID_PARAMS;
7fbec224 2686 else
a6785be2 2687 status = MGMT_STATUS_SUCCESS;
f0eeea8b 2688
bdb6d971 2689 err = cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE, status,
04124681 2690 &cp->addr, sizeof(cp->addr));
5e762444 2691
09fd0de5 2692 hci_dev_unlock(hdev);
7fbec224
AJ		 2693
2694 return err;
2695}
2696
cdbaccca
MH		 2697static int set_device_id(struct sock *sk, struct hci_dev *hdev, void *data,
2698 u16 len)
2699{
2700 struct mgmt_cp_set_device_id *cp = data;
2701 int err;
c72d4b8a 2702 __u16 source;
cdbaccca
MH		 2703
2704 BT_DBG("%s", hdev->name);
2705
c72d4b8a
SJ		 2706 source = __le16_to_cpu(cp->source);
2707
2708 if (source > 0x0002)
2709 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEVICE_ID,
2710 MGMT_STATUS_INVALID_PARAMS);
2711
cdbaccca
MH		 2712 hci_dev_lock(hdev);
2713
c72d4b8a 2714 hdev->devid_source = source;
cdbaccca
MH		 2715 hdev->devid_vendor = __le16_to_cpu(cp->vendor);
2716 hdev->devid_product = __le16_to_cpu(cp->product);
2717 hdev->devid_version = __le16_to_cpu(cp->version);
2718
2719 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEVICE_ID, 0, NULL, 0);
2720
2721 update_eir(hdev);
2722
2723 hci_dev_unlock(hdev);
2724
2725 return err;
2726}
2727
bdb6d971 2728static int set_fast_connectable(struct sock *sk, struct hci_dev *hdev,
04124681 2729 void *data, u16 len)
f6422ec6 2730{
650f726d 2731 struct mgmt_mode *cp = data;
f6422ec6
AJ		 2732 struct hci_cp_write_page_scan_activity acp;
2733 u8 type;
2734 int err;
2735
bdb6d971 2736 BT_DBG("%s", hdev->name);
f6422ec6 2737
33c525c0
JH		 2738 if (!lmp_bredr_capable(hdev))
2739 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
2740 MGMT_STATUS_NOT_SUPPORTED);
2741
a7e80f25
JH		 2742 if (cp->val != 0x00 && cp->val != 0x01)
2743 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
2744 MGMT_STATUS_INVALID_PARAMS);
2745
5400c044 2746 if (!hdev_is_powered(hdev))
bdb6d971 2747 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
04124681 2748 MGMT_STATUS_NOT_POWERED);
5400c044
JH		 2749
2750 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
bdb6d971 2751 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
04124681 2752 MGMT_STATUS_REJECTED);
f6422ec6
AJ		 2753
2754 hci_dev_lock(hdev);
2755
f7c6869c 2756 if (cp->val) {
f6422ec6 2757 type = PAGE_SCAN_TYPE_INTERLACED;
76ec9de8 2758
83ce9a06
JH		 2759 /* 160 msec page scan interval */
2760 acp.interval = __constant_cpu_to_le16(0x0100);
f6422ec6
AJ		 2761 } else {
2762 type = PAGE_SCAN_TYPE_STANDARD; /* default */
76ec9de8
AE		 2763
2764 /* default 1.28 sec page scan */
2765 acp.interval = __constant_cpu_to_le16(0x0800);
f6422ec6
AJ		 2766 }
2767
76ec9de8
AE		 2768 /* default 11.25 msec page scan window */
2769 acp.window = __constant_cpu_to_le16(0x0012);
f6422ec6 2770
04124681
GP		 2771 err = hci_send_cmd(hdev, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY, sizeof(acp),
2772 &acp);
f6422ec6 2773 if (err < 0) {
bdb6d971 2774 err = cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
04124681 2775 MGMT_STATUS_FAILED);
f6422ec6
AJ		 2776 goto done;
2777 }
2778
2779 err = hci_send_cmd(hdev, HCI_OP_WRITE_PAGE_SCAN_TYPE, 1, &type);
2780 if (err < 0) {
bdb6d971 2781 err = cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
04124681 2782 MGMT_STATUS_FAILED);
f6422ec6
AJ		 2783 goto done;
2784 }
2785
bdb6d971 2786 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE, 0,
04124681 2787 NULL, 0);
f6422ec6
AJ		 2788done:
2789 hci_dev_unlock(hdev);
f6422ec6
AJ		 2790 return err;
2791}
2792
3f706b72
JH		 2793static bool ltk_is_valid(struct mgmt_ltk_info *key)
2794{
44b20d33
JH		 2795 if (key->authenticated != 0x00 && key->authenticated != 0x01)
2796 return false;
3f706b72
JH		 2797 if (key->master != 0x00 && key->master != 0x01)
2798 return false;
4ee71b20
JH		 2799 if (!bdaddr_type_is_le(key->addr.type))
2800 return false;
3f706b72
JH		 2801 return true;
2802}
2803
bdb6d971 2804static int load_long_term_keys(struct sock *sk, struct hci_dev *hdev,
04124681 2805 void *cp_data, u16 len)
346af67b 2806{
346af67b
VCG		 2807 struct mgmt_cp_load_long_term_keys *cp = cp_data;
2808 u16 key_count, expected_len;
715a5bf2 2809 int i, err;
346af67b 2810
1f350c87 2811 key_count = __le16_to_cpu(cp->key_count);
346af67b
VCG		 2812
2813 expected_len = sizeof(*cp) + key_count *
2814 sizeof(struct mgmt_ltk_info);
2815 if (expected_len != len) {
2816 BT_ERR("load_keys: expected %u bytes, got %u bytes",
8ce8e2b5 2817 len, expected_len);
bdb6d971 2818 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
e57e619f 2819 MGMT_STATUS_INVALID_PARAMS);
346af67b
VCG		 2820 }
2821
bdb6d971 2822 BT_DBG("%s key_count %u", hdev->name, key_count);
346af67b 2823
54ad6d8a
JH		 2824 for (i = 0; i < key_count; i++) {
2825 struct mgmt_ltk_info *key = &cp->keys[i];
2826
3f706b72 2827 if (!ltk_is_valid(key))
54ad6d8a
JH		 2828 return cmd_status(sk, hdev->id,
2829 MGMT_OP_LOAD_LONG_TERM_KEYS,
2830 MGMT_STATUS_INVALID_PARAMS);
2831 }
2832
346af67b
VCG		 2833 hci_dev_lock(hdev);
2834
2835 hci_smp_ltks_clear(hdev);
2836
2837 for (i = 0; i < key_count; i++) {
2838 struct mgmt_ltk_info *key = &cp->keys[i];
2839 u8 type;
2840
2841 if (key->master)
2842 type = HCI_SMP_LTK;
2843 else
2844 type = HCI_SMP_LTK_SLAVE;
2845
4596fde5 2846 hci_add_ltk(hdev, &key->addr.bdaddr,
378b5b7e 2847 bdaddr_to_le(key->addr.type),
04124681
GP		 2848 type, 0, key->authenticated, key->val,
2849 key->enc_size, key->ediv, key->rand);
346af67b
VCG		 2850 }
2851
715a5bf2
JH		 2852 err = cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS, 0,
2853 NULL, 0);
2854
346af67b 2855 hci_dev_unlock(hdev);
346af67b 2856
715a5bf2 2857 return err;
346af67b
VCG		 2858}
2859
2e3c35ea 2860static const struct mgmt_handler {
04124681
GP		 2861 int (*func) (struct sock *sk, struct hci_dev *hdev, void *data,
2862 u16 data_len);
be22b54e
JH		 2863 bool var_len;
2864 size_t data_len;
0f4e68cf
JH		 2865} mgmt_handlers[] = {
2866 { NULL }, /* 0x0000 (no command) */
be22b54e
JH		 2867 { read_version, false, MGMT_READ_VERSION_SIZE },
2868 { read_commands, false, MGMT_READ_COMMANDS_SIZE },
2869 { read_index_list, false, MGMT_READ_INDEX_LIST_SIZE },
2870 { read_controller_info, false, MGMT_READ_INFO_SIZE },
2871 { set_powered, false, MGMT_SETTING_SIZE },
2872 { set_discoverable, false, MGMT_SET_DISCOVERABLE_SIZE },
2873 { set_connectable, false, MGMT_SETTING_SIZE },
2874 { set_fast_connectable, false, MGMT_SETTING_SIZE },
2875 { set_pairable, false, MGMT_SETTING_SIZE },
2876 { set_link_security, false, MGMT_SETTING_SIZE },
2877 { set_ssp, false, MGMT_SETTING_SIZE },
2878 { set_hs, false, MGMT_SETTING_SIZE },
2879 { set_le, false, MGMT_SETTING_SIZE },
2880 { set_dev_class, false, MGMT_SET_DEV_CLASS_SIZE },
2881 { set_local_name, false, MGMT_SET_LOCAL_NAME_SIZE },
2882 { add_uuid, false, MGMT_ADD_UUID_SIZE },
2883 { remove_uuid, false, MGMT_REMOVE_UUID_SIZE },
2884 { load_link_keys, true, MGMT_LOAD_LINK_KEYS_SIZE },
2885 { load_long_term_keys, true, MGMT_LOAD_LONG_TERM_KEYS_SIZE },
2886 { disconnect, false, MGMT_DISCONNECT_SIZE },
2887 { get_connections, false, MGMT_GET_CONNECTIONS_SIZE },
2888 { pin_code_reply, false, MGMT_PIN_CODE_REPLY_SIZE },
2889 { pin_code_neg_reply, false, MGMT_PIN_CODE_NEG_REPLY_SIZE },
2890 { set_io_capability, false, MGMT_SET_IO_CAPABILITY_SIZE },
2891 { pair_device, false, MGMT_PAIR_DEVICE_SIZE },
2892 { cancel_pair_device, false, MGMT_CANCEL_PAIR_DEVICE_SIZE },
2893 { unpair_device, false, MGMT_UNPAIR_DEVICE_SIZE },
2894 { user_confirm_reply, false, MGMT_USER_CONFIRM_REPLY_SIZE },
2895 { user_confirm_neg_reply, false, MGMT_USER_CONFIRM_NEG_REPLY_SIZE },
2896 { user_passkey_reply, false, MGMT_USER_PASSKEY_REPLY_SIZE },
2897 { user_passkey_neg_reply, false, MGMT_USER_PASSKEY_NEG_REPLY_SIZE },
2898 { read_local_oob_data, false, MGMT_READ_LOCAL_OOB_DATA_SIZE },
2899 { add_remote_oob_data, false, MGMT_ADD_REMOTE_OOB_DATA_SIZE },
2900 { remove_remote_oob_data, false, MGMT_REMOVE_REMOTE_OOB_DATA_SIZE },
2901 { start_discovery, false, MGMT_START_DISCOVERY_SIZE },
2902 { stop_discovery, false, MGMT_STOP_DISCOVERY_SIZE },
2903 { confirm_name, false, MGMT_CONFIRM_NAME_SIZE },
2904 { block_device, false, MGMT_BLOCK_DEVICE_SIZE },
2905 { unblock_device, false, MGMT_UNBLOCK_DEVICE_SIZE },
cdbaccca 2906 { set_device_id, false, MGMT_SET_DEVICE_ID_SIZE },
0f4e68cf
JH		 2907};
2908
2909
0381101f
JH		 2910int mgmt_control(struct sock *sk, struct msghdr *msg, size_t msglen)
2911{
650f726d
VCG		 2912 void *buf;
2913 u8 *cp;
0381101f 2914 struct mgmt_hdr *hdr;
4e51eae9 2915 u16 opcode, index, len;
bdb6d971 2916 struct hci_dev *hdev = NULL;
2e3c35ea 2917 const struct mgmt_handler *handler;
0381101f
JH		 2918 int err;
2919
2920 BT_DBG("got %zu bytes", msglen);
2921
2922 if (msglen < sizeof(*hdr))
2923 return -EINVAL;
2924
e63a15ec 2925 buf = kmalloc(msglen, GFP_KERNEL);
0381101f
JH		 2926 if (!buf)
2927 return -ENOMEM;
2928
2929 if (memcpy_fromiovec(buf, msg->msg_iov, msglen)) {
2930 err = -EFAULT;
2931 goto done;
2932 }
2933
650f726d 2934 hdr = buf;
1f350c87
MH		 2935 opcode = __le16_to_cpu(hdr->opcode);
2936 index = __le16_to_cpu(hdr->index);
2937 len = __le16_to_cpu(hdr->len);
0381101f
JH		 2938
2939 if (len != msglen - sizeof(*hdr)) {
2940 err = -EINVAL;
2941 goto done;
2942 }
2943
0f4e68cf 2944 if (index != MGMT_INDEX_NONE) {
bdb6d971
JH		 2945 hdev = hci_dev_get(index);
2946 if (!hdev) {
2947 err = cmd_status(sk, index, opcode,
04124681 2948 MGMT_STATUS_INVALID_INDEX);
bdb6d971
JH		 2949 goto done;
2950 }
2951 }
2952
0f4e68cf 2953 if (opcode >= ARRAY_SIZE(mgmt_handlers) ||
8ce8e2b5 2954 mgmt_handlers[opcode].func == NULL) {
0381101f 2955 BT_DBG("Unknown op %u", opcode);
ca69b795 2956 err = cmd_status(sk, index, opcode,
04124681 2957 MGMT_STATUS_UNKNOWN_COMMAND);
0f4e68cf
JH		 2958 goto done;
2959 }
2960
2961 if ((hdev && opcode < MGMT_OP_READ_INFO) ||
8ce8e2b5 2962 (!hdev && opcode >= MGMT_OP_READ_INFO)) {
0f4e68cf 2963 err = cmd_status(sk, index, opcode,
04124681 2964 MGMT_STATUS_INVALID_INDEX);
0f4e68cf 2965 goto done;
0381101f
JH		 2966 }
2967
be22b54e
JH		 2968 handler = &mgmt_handlers[opcode];
2969
2970 if ((handler->var_len && len < handler->data_len) ||
8ce8e2b5 2971 (!handler->var_len && len != handler->data_len)) {
be22b54e 2972 err = cmd_status(sk, index, opcode,
04124681 2973 MGMT_STATUS_INVALID_PARAMS);
be22b54e
JH		 2974 goto done;
2975 }
2976
0f4e68cf
JH		 2977 if (hdev)
2978 mgmt_init_hdev(sk, hdev);
2979
2980 cp = buf + sizeof(*hdr);
2981
be22b54e 2982 err = handler->func(sk, hdev, cp, len);
e41d8b4e
JH		 2983 if (err < 0)
2984 goto done;
2985
0381101f
JH		 2986 err = msglen;
2987
2988done:
bdb6d971
JH		 2989 if (hdev)
2990 hci_dev_put(hdev);
2991
0381101f
JH		 2992 kfree(buf);
2993 return err;
2994}
c71e97bf 2995
b24752fe
JH		 2996static void cmd_status_rsp(struct pending_cmd *cmd, void *data)
2997{
2998 u8 *status = data;
2999
3000 cmd_status(cmd->sk, cmd->index, cmd->opcode, *status);
3001 mgmt_pending_remove(cmd);
3002}
3003
744cf19e 3004int mgmt_index_added(struct hci_dev *hdev)
c71e97bf 3005{
bb4b2a9a
AE		 3006 if (!mgmt_valid_hdev(hdev))
3007 return -ENOTSUPP;
3008
744cf19e 3009 return mgmt_event(MGMT_EV_INDEX_ADDED, hdev, NULL, 0, NULL);
c71e97bf
JH		 3010}
3011
744cf19e 3012int mgmt_index_removed(struct hci_dev *hdev)
c71e97bf 3013{
5f159032 3014 u8 status = MGMT_STATUS_INVALID_INDEX;
b24752fe 3015
bb4b2a9a
AE		 3016 if (!mgmt_valid_hdev(hdev))
3017 return -ENOTSUPP;
3018
744cf19e 3019 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status);
b24752fe 3020
744cf19e 3021 return mgmt_event(MGMT_EV_INDEX_REMOVED, hdev, NULL, 0, NULL);
eec8d2bc
JH		 3022}
3023
73f22f62 3024struct cmd_lookup {
eec8d2bc 3025 struct sock *sk;
69ab39ea 3026 struct hci_dev *hdev;
90e70454 3027 u8 mgmt_status;
eec8d2bc
JH		 3028};
3029
69ab39ea 3030static void settings_rsp(struct pending_cmd *cmd, void *data)
eec8d2bc 3031{
73f22f62 3032 struct cmd_lookup *match = data;
eec8d2bc 3033
69ab39ea 3034 send_settings_rsp(cmd->sk, cmd->opcode, match->hdev);
eec8d2bc
JH		 3035
3036 list_del(&cmd->list);
3037
3038 if (match->sk == NULL) {
3039 match->sk = cmd->sk;
3040 sock_hold(match->sk);
3041 }
3042
3043 mgmt_pending_free(cmd);
c71e97bf 3044}
5add6af8 3045
7f0ae647
JH		 3046static int set_bredr_scan(struct hci_dev *hdev)
3047{
3048 u8 scan = 0;
3049
3050 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
3051 scan |= SCAN_PAGE;
3052 if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
3053 scan |= SCAN_INQUIRY;
3054
3055 if (!scan)
3056 return 0;
3057
3058 return hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
3059}
3060
744cf19e 3061int mgmt_powered(struct hci_dev *hdev, u8 powered)
5add6af8 3062{
76a7f3a4 3063 struct cmd_lookup match = { NULL, hdev };
7bb895d6 3064 int err;
5add6af8 3065
5e5282bb
JH		 3066 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
3067 return 0;
3068
69ab39ea 3069 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
5add6af8 3070
5e5282bb 3071 if (powered) {
f0ff92fb
JH		 3072 u8 link_sec;
3073
6b4b73ee
JH		 3074 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags) &&
3075 !lmp_host_ssp_capable(hdev)) {
3d1cbdd6
AK		 3076 u8 ssp = 1;
3077
3078 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, 1, &ssp);
3079 }
3080
562fcc24
AK		 3081 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
3082 struct hci_cp_write_le_host_supported cp;
3083
3084 cp.le = 1;
ffa88e02 3085 cp.simul = lmp_le_br_capable(hdev);
562fcc24 3086
430a61b8
JH		 3087 /* Check first if we already have the right
3088 * host state (host features set)
3089 */
ffa88e02
GP		 3090 if (cp.le != lmp_host_le_capable(hdev) ||
3091 cp.simul != lmp_host_le_br_capable(hdev))
430a61b8
JH		 3092 hci_send_cmd(hdev,
3093 HCI_OP_WRITE_LE_HOST_SUPPORTED,
3094 sizeof(cp), &cp);
562fcc24
AK		 3095 }
3096
f0ff92fb
JH		 3097 link_sec = test_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
3098 if (link_sec != test_bit(HCI_AUTH, &hdev->flags))
3099 hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE,
3100 sizeof(link_sec), &link_sec);
3101
7f0ae647
JH		 3102 if (lmp_bredr_capable(hdev)) {
3103 set_bredr_scan(hdev);
3104 update_class(hdev);
3105 update_name(hdev, hdev->dev_name);
3106 update_eir(hdev);
3107 }
5e5282bb 3108 } else {
d4f68526 3109 u8 status = MGMT_STATUS_NOT_POWERED;
fe038884
JH		 3110 u8 zero_cod[] = { 0, 0, 0 };
3111
744cf19e 3112 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status);
fe038884
JH		 3113
3114 if (memcmp(hdev->dev_class, zero_cod, sizeof(zero_cod)) != 0)
3115 mgmt_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev,
3116 zero_cod, sizeof(zero_cod), NULL);
b24752fe
JH		 3117 }
3118
beadb2bd 3119 err = new_settings(hdev, match.sk);
eec8d2bc
JH		 3120
3121 if (match.sk)
3122 sock_put(match.sk);
3123
7bb895d6 3124 return err;
5add6af8 3125}
73f22f62 3126
744cf19e 3127int mgmt_discoverable(struct hci_dev *hdev, u8 discoverable)
73f22f62 3128{
76a7f3a4 3129 struct cmd_lookup match = { NULL, hdev };
5e5282bb
JH		 3130 bool changed = false;
3131 int err = 0;
73f22f62 3132
5e5282bb
JH		 3133 if (discoverable) {
3134 if (!test_and_set_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
3135 changed = true;
3136 } else {
3137 if (test_and_clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
3138 changed = true;
3139 }
73f22f62 3140
ed9b5f2f 3141 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, hdev, settings_rsp,
04124681 3142 &match);
ed9b5f2f 3143
beadb2bd
JH		 3144 if (changed)
3145 err = new_settings(hdev, match.sk);
5e5282bb 3146
73f22f62
JH		 3147 if (match.sk)
3148 sock_put(match.sk);
3149
7bb895d6 3150 return err;
73f22f62 3151}
9fbcbb45 3152
744cf19e 3153int mgmt_connectable(struct hci_dev *hdev, u8 connectable)
9fbcbb45 3154{
76a7f3a4 3155 struct cmd_lookup match = { NULL, hdev };
5e5282bb
JH		 3156 bool changed = false;
3157 int err = 0;
9fbcbb45 3158
5e5282bb
JH		 3159 if (connectable) {
3160 if (!test_and_set_bit(HCI_CONNECTABLE, &hdev->dev_flags))
3161 changed = true;
3162 } else {
3163 if (test_and_clear_bit(HCI_CONNECTABLE, &hdev->dev_flags))
3164 changed = true;
3165 }
9fbcbb45 3166
ed9b5f2f 3167 mgmt_pending_foreach(MGMT_OP_SET_CONNECTABLE, hdev, settings_rsp,
04124681 3168 &match);
ed9b5f2f 3169
beadb2bd
JH		 3170 if (changed)
3171 err = new_settings(hdev, match.sk);
9fbcbb45
JH		 3172
3173 if (match.sk)
3174 sock_put(match.sk);
3175
7bb895d6 3176 return err;
9fbcbb45 3177}
55ed8ca1 3178
744cf19e 3179int mgmt_write_scan_failed(struct hci_dev *hdev, u8 scan, u8 status)
2d7cee58 3180{
ca69b795
JH		 3181 u8 mgmt_err = mgmt_status(status);
3182
2d7cee58 3183 if (scan & SCAN_PAGE)
744cf19e 3184 mgmt_pending_foreach(MGMT_OP_SET_CONNECTABLE, hdev,
04124681 3185 cmd_status_rsp, &mgmt_err);
2d7cee58
JH		 3186
3187 if (scan & SCAN_INQUIRY)
744cf19e 3188 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, hdev,
04124681 3189 cmd_status_rsp, &mgmt_err);
2d7cee58
JH		 3190
3191 return 0;
3192}
3193
53168e5b
CC		 3194int mgmt_new_link_key(struct hci_dev *hdev, struct link_key *key,
3195 bool persistent)
55ed8ca1 3196{
86742e1e 3197 struct mgmt_ev_new_link_key ev;
55ed8ca1 3198
a492cd52 3199 memset(&ev, 0, sizeof(ev));
55ed8ca1 3200
a492cd52 3201 ev.store_hint = persistent;
d753fdc4 3202 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
591f47f3 3203 ev.key.addr.type = BDADDR_BREDR;
a492cd52 3204 ev.key.type = key->type;
9b3b4460 3205 memcpy(ev.key.val, key->val, HCI_LINK_KEY_SIZE);
a492cd52 3206 ev.key.pin_len = key->pin_len;
55ed8ca1 3207
744cf19e 3208 return mgmt_event(MGMT_EV_NEW_LINK_KEY, hdev, &ev, sizeof(ev), NULL);
55ed8ca1 3209}
f7520543 3210
346af67b
VCG		 3211int mgmt_new_ltk(struct hci_dev *hdev, struct smp_ltk *key, u8 persistent)
3212{
3213 struct mgmt_ev_new_long_term_key ev;
3214
3215 memset(&ev, 0, sizeof(ev));
3216
3217 ev.store_hint = persistent;
3218 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
57c1477c 3219 ev.key.addr.type = link_to_bdaddr(LE_LINK, key->bdaddr_type);
346af67b
VCG		 3220 ev.key.authenticated = key->authenticated;
3221 ev.key.enc_size = key->enc_size;
3222 ev.key.ediv = key->ediv;
3223
3224 if (key->type == HCI_SMP_LTK)
3225 ev.key.master = 1;
3226
3227 memcpy(ev.key.rand, key->rand, sizeof(key->rand));
3228 memcpy(ev.key.val, key->val, sizeof(key->val));
3229
04124681
GP		 3230 return mgmt_event(MGMT_EV_NEW_LONG_TERM_KEY, hdev, &ev, sizeof(ev),
3231 NULL);
346af67b
VCG		 3232}
3233
afc747a6 3234int mgmt_device_connected(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
04124681
GP		 3235 u8 addr_type, u32 flags, u8 *name, u8 name_len,
3236 u8 *dev_class)
f7520543 3237{
b644ba33
JH		 3238 char buf[512];
3239 struct mgmt_ev_device_connected *ev = (void *) buf;
3240 u16 eir_len = 0;
f7520543 3241
b644ba33 3242 bacpy(&ev->addr.bdaddr, bdaddr);
57c1477c 3243 ev->addr.type = link_to_bdaddr(link_type, addr_type);
f7520543 3244
c95f0ba7 3245 ev->flags = __cpu_to_le32(flags);
08c79b61 3246
b644ba33
JH		 3247 if (name_len > 0)
3248 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE,
04124681 3249 name, name_len);
b644ba33
JH		 3250
3251 if (dev_class && memcmp(dev_class, "\0\0\0", 3) != 0)
53156385 3252 eir_len = eir_append_data(ev->eir, eir_len,
04124681 3253 EIR_CLASS_OF_DEV, dev_class, 3);
b644ba33 3254
eb55ef07 3255 ev->eir_len = cpu_to_le16(eir_len);
b644ba33
JH		 3256
3257 return mgmt_event(MGMT_EV_DEVICE_CONNECTED, hdev, buf,
04124681 3258 sizeof(*ev) + eir_len, NULL);
f7520543
JH		 3259}
3260
8962ee74
JH		 3261static void disconnect_rsp(struct pending_cmd *cmd, void *data)
3262{
c68fb7ff 3263 struct mgmt_cp_disconnect *cp = cmd->param;
8962ee74 3264 struct sock **sk = data;
a38528f1 3265 struct mgmt_rp_disconnect rp;
8962ee74 3266
88c3df13
JH		 3267 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
3268 rp.addr.type = cp->addr.type;
8962ee74 3269
aee9b218 3270 cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT, 0, &rp,
04124681 3271 sizeof(rp));
8962ee74
JH		 3272
3273 *sk = cmd->sk;
3274 sock_hold(*sk);
3275
a664b5bc 3276 mgmt_pending_remove(cmd);
8962ee74
JH		 3277}
3278
124f6e35 3279static void unpair_device_rsp(struct pending_cmd *cmd, void *data)
a8a1d19e 3280{
b1078ad0 3281 struct hci_dev *hdev = data;
124f6e35
JH		 3282 struct mgmt_cp_unpair_device *cp = cmd->param;
3283 struct mgmt_rp_unpair_device rp;
a8a1d19e
JH		 3284
3285 memset(&rp, 0, sizeof(rp));
124f6e35
JH		 3286 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
3287 rp.addr.type = cp->addr.type;
a8a1d19e 3288
b1078ad0
JH		 3289 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, cmd->sk);
3290
aee9b218 3291 cmd_complete(cmd->sk, cmd->index, cmd->opcode, 0, &rp, sizeof(rp));
a8a1d19e
JH		 3292
3293 mgmt_pending_remove(cmd);
3294}
3295
afc747a6 3296int mgmt_device_disconnected(struct hci_dev *hdev, bdaddr_t *bdaddr,
f0d6a0ea 3297 u8 link_type, u8 addr_type, u8 reason)
f7520543 3298{
f0d6a0ea 3299 struct mgmt_ev_device_disconnected ev;
8962ee74
JH		 3300 struct sock *sk = NULL;
3301 int err;
3302
744cf19e 3303 mgmt_pending_foreach(MGMT_OP_DISCONNECT, hdev, disconnect_rsp, &sk);
f7520543 3304
f0d6a0ea
MA		 3305 bacpy(&ev.addr.bdaddr, bdaddr);
3306 ev.addr.type = link_to_bdaddr(link_type, addr_type);
3307 ev.reason = reason;
f7520543 3308
afc747a6 3309 err = mgmt_event(MGMT_EV_DEVICE_DISCONNECTED, hdev, &ev, sizeof(ev),
04124681 3310 sk);
8962ee74
JH		 3311
3312 if (sk)
d97dcb66 3313 sock_put(sk);
8962ee74 3314
124f6e35 3315 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
04124681 3316 hdev);
a8a1d19e 3317
8962ee74
JH		 3318 return err;
3319}
3320
88c3df13 3321int mgmt_disconnect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 3322 u8 link_type, u8 addr_type, u8 status)
8962ee74 3323{
88c3df13 3324 struct mgmt_rp_disconnect rp;
8962ee74
JH		 3325 struct pending_cmd *cmd;
3326 int err;
3327
36a75f1b
JD		 3328 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
3329 hdev);
3330
2e58ef3e 3331 cmd = mgmt_pending_find(MGMT_OP_DISCONNECT, hdev);
8962ee74
JH		 3332 if (!cmd)
3333 return -ENOENT;
3334
88c3df13 3335 bacpy(&rp.addr.bdaddr, bdaddr);
57c1477c 3336 rp.addr.type = link_to_bdaddr(link_type, addr_type);
37d9ef76 3337
88c3df13 3338 err = cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT,
04124681 3339 mgmt_status(status), &rp, sizeof(rp));
8962ee74 3340
a664b5bc 3341 mgmt_pending_remove(cmd);
8962ee74
JH		 3342
3343 return err;
f7520543 3344}
17d5c04c 3345
48264f06 3346int mgmt_connect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
04124681 3347 u8 addr_type, u8 status)
17d5c04c
JH		 3348{
3349 struct mgmt_ev_connect_failed ev;
3350
4c659c39 3351 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 3352 ev.addr.type = link_to_bdaddr(link_type, addr_type);
ca69b795 3353 ev.status = mgmt_status(status);
17d5c04c 3354
744cf19e 3355 return mgmt_event(MGMT_EV_CONNECT_FAILED, hdev, &ev, sizeof(ev), NULL);
17d5c04c 3356}
980e1a53 3357
744cf19e 3358int mgmt_pin_code_request(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 secure)
980e1a53
JH		 3359{
3360 struct mgmt_ev_pin_code_request ev;
3361
d8457698 3362 bacpy(&ev.addr.bdaddr, bdaddr);
591f47f3 3363 ev.addr.type = BDADDR_BREDR;
a770bb5a 3364 ev.secure = secure;
980e1a53 3365
744cf19e 3366 return mgmt_event(MGMT_EV_PIN_CODE_REQUEST, hdev, &ev, sizeof(ev),
04124681 3367 NULL);
980e1a53
JH		 3368}
3369
744cf19e 3370int mgmt_pin_code_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 3371 u8 status)
980e1a53
JH		 3372{
3373 struct pending_cmd *cmd;
ac56fb13 3374 struct mgmt_rp_pin_code_reply rp;
980e1a53
JH		 3375 int err;
3376
2e58ef3e 3377 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_REPLY, hdev);
980e1a53
JH		 3378 if (!cmd)
3379 return -ENOENT;
3380
d8457698 3381 bacpy(&rp.addr.bdaddr, bdaddr);
591f47f3 3382 rp.addr.type = BDADDR_BREDR;
ac56fb13 3383
aee9b218 3384 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
04124681 3385 mgmt_status(status), &rp, sizeof(rp));
980e1a53 3386
a664b5bc 3387 mgmt_pending_remove(cmd);
980e1a53
JH		 3388
3389 return err;
3390}
3391
744cf19e 3392int mgmt_pin_code_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 3393 u8 status)
980e1a53
JH		 3394{
3395 struct pending_cmd *cmd;
ac56fb13 3396 struct mgmt_rp_pin_code_reply rp;
980e1a53
JH		 3397 int err;
3398
2e58ef3e 3399 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_NEG_REPLY, hdev);
980e1a53
JH		 3400 if (!cmd)
3401 return -ENOENT;
3402
d8457698 3403 bacpy(&rp.addr.bdaddr, bdaddr);
591f47f3 3404 rp.addr.type = BDADDR_BREDR;
ac56fb13 3405
aee9b218 3406 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_NEG_REPLY,
04124681 3407 mgmt_status(status), &rp, sizeof(rp));
980e1a53 3408
a664b5bc 3409 mgmt_pending_remove(cmd);
980e1a53
JH		 3410
3411 return err;
3412}
a5c29683 3413
744cf19e 3414int mgmt_user_confirm_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681
GP		 3415 u8 link_type, u8 addr_type, __le32 value,
3416 u8 confirm_hint)
a5c29683
JH		 3417{
3418 struct mgmt_ev_user_confirm_request ev;
3419
744cf19e 3420 BT_DBG("%s", hdev->name);
a5c29683 3421
272d90df 3422 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 3423 ev.addr.type = link_to_bdaddr(link_type, addr_type);
55bc1a37 3424 ev.confirm_hint = confirm_hint;
78e8098e 3425 ev.value = value;
a5c29683 3426
744cf19e 3427 return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST, hdev, &ev, sizeof(ev),
04124681 3428 NULL);
a5c29683
JH		 3429}
3430
272d90df 3431int mgmt_user_passkey_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
8ce8e2b5 3432 u8 link_type, u8 addr_type)
604086b7
BG		 3433{
3434 struct mgmt_ev_user_passkey_request ev;
3435
3436 BT_DBG("%s", hdev->name);
3437
272d90df 3438 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 3439 ev.addr.type = link_to_bdaddr(link_type, addr_type);
604086b7
BG		 3440
3441 return mgmt_event(MGMT_EV_USER_PASSKEY_REQUEST, hdev, &ev, sizeof(ev),
04124681 3442 NULL);
604086b7
BG		 3443}
3444
0df4c185 3445static int user_pairing_resp_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
8ce8e2b5
GP		 3446 u8 link_type, u8 addr_type, u8 status,
3447 u8 opcode)
a5c29683
JH		 3448{
3449 struct pending_cmd *cmd;
3450 struct mgmt_rp_user_confirm_reply rp;
3451 int err;
3452
2e58ef3e 3453 cmd = mgmt_pending_find(opcode, hdev);
a5c29683
JH		 3454 if (!cmd)
3455 return -ENOENT;
3456
272d90df 3457 bacpy(&rp.addr.bdaddr, bdaddr);
57c1477c 3458 rp.addr.type = link_to_bdaddr(link_type, addr_type);
aee9b218 3459 err = cmd_complete(cmd->sk, hdev->id, opcode, mgmt_status(status),
04124681 3460 &rp, sizeof(rp));
a5c29683 3461
a664b5bc 3462 mgmt_pending_remove(cmd);
a5c29683
JH		 3463
3464 return err;
3465}
3466
744cf19e 3467int mgmt_user_confirm_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 3468 u8 link_type, u8 addr_type, u8 status)
a5c29683 3469{
272d90df 3470 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
04124681 3471 status, MGMT_OP_USER_CONFIRM_REPLY);
a5c29683
JH		 3472}
3473
272d90df 3474int mgmt_user_confirm_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 3475 u8 link_type, u8 addr_type, u8 status)
a5c29683 3476{
272d90df 3477 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
8fc9ced3
GP		 3478 status,
3479 MGMT_OP_USER_CONFIRM_NEG_REPLY);
a5c29683 3480}
2a611692 3481
604086b7 3482int mgmt_user_passkey_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 3483 u8 link_type, u8 addr_type, u8 status)
604086b7 3484{
272d90df 3485 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
04124681 3486 status, MGMT_OP_USER_PASSKEY_REPLY);
604086b7
BG		 3487}
3488
272d90df 3489int mgmt_user_passkey_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 3490 u8 link_type, u8 addr_type, u8 status)
604086b7 3491{
272d90df 3492 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
8fc9ced3
GP		 3493 status,
3494 MGMT_OP_USER_PASSKEY_NEG_REPLY);
604086b7
BG		 3495}
3496
92a25256
JH		 3497int mgmt_user_passkey_notify(struct hci_dev *hdev, bdaddr_t *bdaddr,
3498 u8 link_type, u8 addr_type, u32 passkey,
3499 u8 entered)
3500{
3501 struct mgmt_ev_passkey_notify ev;
3502
3503 BT_DBG("%s", hdev->name);
3504
3505 bacpy(&ev.addr.bdaddr, bdaddr);
3506 ev.addr.type = link_to_bdaddr(link_type, addr_type);
3507 ev.passkey = __cpu_to_le32(passkey);
3508 ev.entered = entered;
3509
3510 return mgmt_event(MGMT_EV_PASSKEY_NOTIFY, hdev, &ev, sizeof(ev), NULL);
3511}
3512
bab73cb6 3513int mgmt_auth_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
04124681 3514 u8 addr_type, u8 status)
2a611692
JH		 3515{
3516 struct mgmt_ev_auth_failed ev;
3517
bab73cb6 3518 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 3519 ev.addr.type = link_to_bdaddr(link_type, addr_type);
ca69b795 3520 ev.status = mgmt_status(status);
2a611692 3521
744cf19e 3522 return mgmt_event(MGMT_EV_AUTH_FAILED, hdev, &ev, sizeof(ev), NULL);
2a611692 3523}
b312b161 3524
33ef95ed
JH		 3525int mgmt_auth_enable_complete(struct hci_dev *hdev, u8 status)
3526{
3527 struct cmd_lookup match = { NULL, hdev };
47990ea0
JH		 3528 bool changed = false;
3529 int err = 0;
33ef95ed
JH		 3530
3531 if (status) {
3532 u8 mgmt_err = mgmt_status(status);
3533 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev,
04124681 3534 cmd_status_rsp, &mgmt_err);
33ef95ed
JH		 3535 return 0;
3536 }
3537
47990ea0
JH		 3538 if (test_bit(HCI_AUTH, &hdev->flags)) {
3539 if (!test_and_set_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
3540 changed = true;
3541 } else {
3542 if (test_and_clear_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
3543 changed = true;
3544 }
3545
33ef95ed 3546 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev, settings_rsp,
04124681 3547 &match);
33ef95ed 3548
47990ea0
JH		 3549 if (changed)
3550 err = new_settings(hdev, match.sk);
33ef95ed
JH		 3551
3552 if (match.sk)
3553 sock_put(match.sk);
3554
3555 return err;
3556}
3557
cacaf52f
JH		 3558static int clear_eir(struct hci_dev *hdev)
3559{
3560 struct hci_cp_write_eir cp;
3561
976eb20e 3562 if (!lmp_ext_inq_capable(hdev))
cacaf52f
JH		 3563 return 0;
3564
c80da27e
JH		 3565 memset(hdev->eir, 0, sizeof(hdev->eir));
3566
cacaf52f
JH		 3567 memset(&cp, 0, sizeof(cp));
3568
3569 return hci_send_cmd(hdev, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
3570}
3571
c0ecddc2 3572int mgmt_ssp_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
ed2c4ee3
JH		 3573{
3574 struct cmd_lookup match = { NULL, hdev };
c0ecddc2
JH		 3575 bool changed = false;
3576 int err = 0;
ed2c4ee3
JH		 3577
3578 if (status) {
3579 u8 mgmt_err = mgmt_status(status);
c0ecddc2
JH		 3580
3581 if (enable && test_and_clear_bit(HCI_SSP_ENABLED,
04124681 3582 &hdev->dev_flags))
c0ecddc2
JH		 3583 err = new_settings(hdev, NULL);
3584
04124681
GP		 3585 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, cmd_status_rsp,
3586 &mgmt_err);
c0ecddc2
JH		 3587
3588 return err;
3589 }
3590
3591 if (enable) {
3592 if (!test_and_set_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
3593 changed = true;
3594 } else {
3595 if (test_and_clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
3596 changed = true;
ed2c4ee3
JH		 3597 }
3598
3599 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, settings_rsp, &match);
3600
c0ecddc2
JH		 3601 if (changed)
3602 err = new_settings(hdev, match.sk);
ed2c4ee3 3603
5fc6ebb1 3604 if (match.sk)
ed2c4ee3
JH		 3605 sock_put(match.sk);
3606
5fc6ebb1
JH		 3607 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
3608 update_eir(hdev);
3609 else
3610 clear_eir(hdev);
cacaf52f 3611
ed2c4ee3
JH		 3612 return err;
3613}
3614
90e70454
JH		 3615static void class_rsp(struct pending_cmd *cmd, void *data)
3616{
3617 struct cmd_lookup *match = data;
3618
3619 cmd_complete(cmd->sk, cmd->index, cmd->opcode, match->mgmt_status,
04124681 3620 match->hdev->dev_class, 3);
90e70454
JH		 3621
3622 list_del(&cmd->list);
3623
3624 if (match->sk == NULL) {
3625 match->sk = cmd->sk;
3626 sock_hold(match->sk);
3627 }
3628
3629 mgmt_pending_free(cmd);
3630}
3631
7f9a903c 3632int mgmt_set_class_of_dev_complete(struct hci_dev *hdev, u8 *dev_class,
04124681 3633 u8 status)
7f9a903c 3634{
90e70454
JH		 3635 struct cmd_lookup match = { NULL, hdev, mgmt_status(status) };
3636 int err = 0;
7f9a903c 3637
c95f0ba7
JH		 3638 clear_bit(HCI_PENDING_CLASS, &hdev->dev_flags);
3639
90e70454
JH		 3640 mgmt_pending_foreach(MGMT_OP_SET_DEV_CLASS, hdev, class_rsp, &match);
3641 mgmt_pending_foreach(MGMT_OP_ADD_UUID, hdev, class_rsp, &match);
3642 mgmt_pending_foreach(MGMT_OP_REMOVE_UUID, hdev, class_rsp, &match);
3643
3644 if (!status)
04124681
GP		 3645 err = mgmt_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev, dev_class,
3646 3, NULL);
90e70454
JH		 3647
3648 if (match.sk)
3649 sock_put(match.sk);
7f9a903c
MH		 3650
3651 return err;
3652}
3653
744cf19e 3654int mgmt_set_local_name_complete(struct hci_dev *hdev, u8 *name, u8 status)
b312b161
JH		 3655{
3656 struct pending_cmd *cmd;
3657 struct mgmt_cp_set_local_name ev;
28cc7bde
JH		 3658 bool changed = false;
3659 int err = 0;
3660
3661 if (memcmp(name, hdev->dev_name, sizeof(hdev->dev_name)) != 0) {
3662 memcpy(hdev->dev_name, name, sizeof(hdev->dev_name));
3663 changed = true;
3664 }
b312b161
JH		 3665
3666 memset(&ev, 0, sizeof(ev));
3667 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH);
28cc7bde 3668 memcpy(ev.short_name, hdev->short_name, HCI_MAX_SHORT_NAME_LENGTH);
b312b161 3669
2e58ef3e 3670 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
b312b161
JH		 3671 if (!cmd)
3672 goto send_event;
3673
7bdaae4a
JH		 3674 /* Always assume that either the short or the complete name has
3675 * changed if there was a pending mgmt command */
3676 changed = true;
3677
b312b161 3678 if (status) {
744cf19e 3679 err = cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME,
04124681 3680 mgmt_status(status));
b312b161
JH		 3681 goto failed;
3682 }
3683
aee9b218 3684 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0, &ev,
04124681 3685 sizeof(ev));
b312b161
JH		 3686 if (err < 0)
3687 goto failed;
3688
3689send_event:
28cc7bde
JH		 3690 if (changed)
3691 err = mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, &ev,
04124681 3692 sizeof(ev), cmd ? cmd->sk : NULL);
28cc7bde 3693
1225a6bd
JH		 3694 /* EIR is taken care of separately when powering on the
3695 * adapter so only update them here if this is a name change
3696 * unrelated to power on.
3697 */
3698 if (!test_bit(HCI_INIT, &hdev->flags))
3699 update_eir(hdev);
b312b161
JH		 3700
3701failed:
3702 if (cmd)
3703 mgmt_pending_remove(cmd);
3704 return err;
3705}
c35938b2 3706
744cf19e 3707int mgmt_read_local_oob_data_reply_complete(struct hci_dev *hdev, u8 *hash,
04124681 3708 u8 *randomizer, u8 status)
c35938b2
SJ		 3709{
3710 struct pending_cmd *cmd;
3711 int err;
3712
744cf19e 3713 BT_DBG("%s status %u", hdev->name, status);
c35938b2 3714
2e58ef3e 3715 cmd = mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev);
c35938b2
SJ		 3716 if (!cmd)
3717 return -ENOENT;
3718
3719 if (status) {
04124681
GP		 3720 err = cmd_status(cmd->sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3721 mgmt_status(status));
c35938b2
SJ		 3722 } else {
3723 struct mgmt_rp_read_local_oob_data rp;
3724
3725 memcpy(rp.hash, hash, sizeof(rp.hash));
3726 memcpy(rp.randomizer, randomizer, sizeof(rp.randomizer));
3727
744cf19e 3728 err = cmd_complete(cmd->sk, hdev->id,
04124681
GP		 3729 MGMT_OP_READ_LOCAL_OOB_DATA, 0, &rp,
3730 sizeof(rp));
c35938b2
SJ		 3731 }
3732
3733 mgmt_pending_remove(cmd);
3734
3735 return err;
3736}
e17acd40 3737
06199cf8
JH		 3738int mgmt_le_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
3739{
3740 struct cmd_lookup match = { NULL, hdev };
3741 bool changed = false;
3742 int err = 0;
3743
3744 if (status) {
3745 u8 mgmt_err = mgmt_status(status);
3746
3747 if (enable && test_and_clear_bit(HCI_LE_ENABLED,
04124681 3748 &hdev->dev_flags))
d97dcb66 3749 err = new_settings(hdev, NULL);
06199cf8 3750
d97dcb66
SJ		 3751 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, cmd_status_rsp,
3752 &mgmt_err);
06199cf8
JH		 3753
3754 return err;
3755 }
3756
3757 if (enable) {
3758 if (!test_and_set_bit(HCI_LE_ENABLED, &hdev->dev_flags))
3759 changed = true;
3760 } else {
3761 if (test_and_clear_bit(HCI_LE_ENABLED, &hdev->dev_flags))
3762 changed = true;
3763 }
3764
3765 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, settings_rsp, &match);
3766
3767 if (changed)
3768 err = new_settings(hdev, match.sk);
3769
3770 if (match.sk)
3771 sock_put(match.sk);
3772
3773 return err;
3774}
3775
48264f06 3776int mgmt_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
04124681
GP		 3777 u8 addr_type, u8 *dev_class, s8 rssi, u8 cfm_name, u8
3778 ssp, u8 *eir, u16 eir_len)
e17acd40 3779{
e319d2e7
JH		 3780 char buf[512];
3781 struct mgmt_ev_device_found *ev = (void *) buf;
1dc06093 3782 size_t ev_size;
e17acd40 3783
1dc06093
JH		 3784 /* Leave 5 bytes for a potential CoD field */
3785 if (sizeof(*ev) + eir_len + 5 > sizeof(buf))
7d262f86
AG		 3786 return -EINVAL;
3787
1dc06093
JH		 3788 memset(buf, 0, sizeof(buf));
3789
e319d2e7 3790 bacpy(&ev->addr.bdaddr, bdaddr);
57c1477c 3791 ev->addr.type = link_to_bdaddr(link_type, addr_type);
e319d2e7 3792 ev->rssi = rssi;
9a395a80 3793 if (cfm_name)
612dfce9 3794 ev->flags |= __constant_cpu_to_le32(MGMT_DEV_FOUND_CONFIRM_NAME);
388fc8fa 3795 if (!ssp)
612dfce9 3796 ev->flags |= __constant_cpu_to_le32(MGMT_DEV_FOUND_LEGACY_PAIRING);
e17acd40 3797
1dc06093 3798 if (eir_len > 0)
e319d2e7 3799 memcpy(ev->eir, eir, eir_len);
e17acd40 3800
1dc06093
JH		 3801 if (dev_class && !eir_has_data_type(ev->eir, eir_len, EIR_CLASS_OF_DEV))
3802 eir_len = eir_append_data(ev->eir, eir_len, EIR_CLASS_OF_DEV,
04124681 3803 dev_class, 3);
1dc06093 3804
eb55ef07 3805 ev->eir_len = cpu_to_le16(eir_len);
1dc06093 3806 ev_size = sizeof(*ev) + eir_len;
f8523598 3807
e319d2e7 3808 return mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, ev_size, NULL);
e17acd40 3809}
a88a9652 3810
b644ba33 3811int mgmt_remote_name(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
04124681 3812 u8 addr_type, s8 rssi, u8 *name, u8 name_len)
a88a9652 3813{
b644ba33
JH		 3814 struct mgmt_ev_device_found *ev;
3815 char buf[sizeof(*ev) + HCI_MAX_NAME_LENGTH + 2];
3816 u16 eir_len;
a88a9652 3817
b644ba33 3818 ev = (struct mgmt_ev_device_found *) buf;
a88a9652 3819
b644ba33
JH		 3820 memset(buf, 0, sizeof(buf));
3821
3822 bacpy(&ev->addr.bdaddr, bdaddr);
57c1477c 3823 ev->addr.type = link_to_bdaddr(link_type, addr_type);
b644ba33
JH		 3824 ev->rssi = rssi;
3825
3826 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE, name,
04124681 3827 name_len);
b644ba33 3828
eb55ef07 3829 ev->eir_len = cpu_to_le16(eir_len);
a88a9652 3830
053c7e0c 3831 return mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev,
04124681 3832 sizeof(*ev) + eir_len, NULL);
a88a9652 3833}
314b2381 3834
7a135109 3835int mgmt_start_discovery_failed(struct hci_dev *hdev, u8 status)
164a6e78
JH		 3836{
3837 struct pending_cmd *cmd;
f808e166 3838 u8 type;
164a6e78
JH		 3839 int err;
3840
203159d4
AG		 3841 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
3842
2e58ef3e 3843 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
164a6e78
JH		 3844 if (!cmd)
3845 return -ENOENT;
3846
f808e166
JH		 3847 type = hdev->discovery.type;
3848
3849 err = cmd_complete(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status),
04124681 3850 &type, sizeof(type));
164a6e78
JH		 3851 mgmt_pending_remove(cmd);
3852
3853 return err;
3854}
3855
e6d465cb
AG		 3856int mgmt_stop_discovery_failed(struct hci_dev *hdev, u8 status)
3857{
3858 struct pending_cmd *cmd;
3859 int err;
3860
3861 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
3862 if (!cmd)
3863 return -ENOENT;
3864
d930650b 3865 err = cmd_complete(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status),
04124681 3866 &hdev->discovery.type, sizeof(hdev->discovery.type));
164a6e78
JH		 3867 mgmt_pending_remove(cmd);
3868
3869 return err;
3870}
3871
744cf19e 3872int mgmt_discovering(struct hci_dev *hdev, u8 discovering)
314b2381 3873{
f963e8e9 3874 struct mgmt_ev_discovering ev;
164a6e78
JH		 3875 struct pending_cmd *cmd;
3876
343fb145
AG		 3877 BT_DBG("%s discovering %u", hdev->name, discovering);
3878
164a6e78 3879 if (discovering)
2e58ef3e 3880 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
164a6e78 3881 else
2e58ef3e 3882 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
164a6e78
JH		 3883
3884 if (cmd != NULL) {
f808e166
JH		 3885 u8 type = hdev->discovery.type;
3886
04124681
GP		 3887 cmd_complete(cmd->sk, hdev->id, cmd->opcode, 0, &type,
3888 sizeof(type));
164a6e78
JH		 3889 mgmt_pending_remove(cmd);
3890 }
3891
f963e8e9
JH		 3892 memset(&ev, 0, sizeof(ev));
3893 ev.type = hdev->discovery.type;
3894 ev.discovering = discovering;
3895
3896 return mgmt_event(MGMT_EV_DISCOVERING, hdev, &ev, sizeof(ev), NULL);
314b2381 3897}
5e762444 3898
88c1fe4b 3899int mgmt_device_blocked(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
5e762444
AJ		 3900{
3901 struct pending_cmd *cmd;
3902 struct mgmt_ev_device_blocked ev;
3903
2e58ef3e 3904 cmd = mgmt_pending_find(MGMT_OP_BLOCK_DEVICE, hdev);
5e762444 3905
88c1fe4b
JH		 3906 bacpy(&ev.addr.bdaddr, bdaddr);
3907 ev.addr.type = type;
5e762444 3908
744cf19e 3909 return mgmt_event(MGMT_EV_DEVICE_BLOCKED, hdev, &ev, sizeof(ev),
04124681 3910 cmd ? cmd->sk : NULL);
5e762444
AJ		 3911}
3912
88c1fe4b 3913int mgmt_device_unblocked(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
5e762444
AJ		 3914{
3915 struct pending_cmd *cmd;
3916 struct mgmt_ev_device_unblocked ev;
3917
2e58ef3e 3918 cmd = mgmt_pending_find(MGMT_OP_UNBLOCK_DEVICE, hdev);
5e762444 3919
88c1fe4b
JH		 3920 bacpy(&ev.addr.bdaddr, bdaddr);
3921 ev.addr.type = type;
5e762444 3922
744cf19e 3923 return mgmt_event(MGMT_EV_DEVICE_UNBLOCKED, hdev, &ev, sizeof(ev),
04124681 3924 cmd ? cmd->sk : NULL);
5e762444 3925}
d7b7e796
MH		 3926
3927module_param(enable_hs, bool, 0644);
3928MODULE_PARM_DESC(enable_hs, "Enable High Speed support");
kernel source for telekom puls (alcatel/mediatek)