projects / GitHub / mt8127 / android_kernel_alcatel_ttab.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Bluetooth: mgmt: Fix updating local name when powering on
[GitHub/mt8127/android_kernel_alcatel_ttab.git] / net / bluetooth / mgmt.c
CommitLineData
0381101f
JH		 1/*
2 BlueZ - Bluetooth protocol stack for Linux
ea585ab5 3
0381101f 4 Copyright (C) 2010 Nokia Corporation
ea585ab5 5 Copyright (C) 2011-2012 Intel Corporation
0381101f
JH		 6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
10
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
23*/
24
25/* Bluetooth HCI Management interface */
26
ca69b795 27#include <linux/kernel.h>
72359753 28#include <linux/uaccess.h>
3a9a231d 29#include <linux/module.h>
0381101f
JH		 30#include <asm/unaligned.h>
31
32#include <net/bluetooth/bluetooth.h>
33#include <net/bluetooth/hci_core.h>
34#include <net/bluetooth/mgmt.h>
5fe57d9e 35#include <net/bluetooth/smp.h>
0381101f 36
d7b7e796
MH		 37bool enable_hs;
38bool enable_le;
39
2da9c55c
JH		 40#define MGMT_VERSION 1
41#define MGMT_REVISION 0
02d98129 42
e70bb2e8
JH		 43static const u16 mgmt_commands[] = {
44 MGMT_OP_READ_INDEX_LIST,
45 MGMT_OP_READ_INFO,
46 MGMT_OP_SET_POWERED,
47 MGMT_OP_SET_DISCOVERABLE,
48 MGMT_OP_SET_CONNECTABLE,
49 MGMT_OP_SET_FAST_CONNECTABLE,
50 MGMT_OP_SET_PAIRABLE,
51 MGMT_OP_SET_LINK_SECURITY,
52 MGMT_OP_SET_SSP,
53 MGMT_OP_SET_HS,
54 MGMT_OP_SET_LE,
55 MGMT_OP_SET_DEV_CLASS,
56 MGMT_OP_SET_LOCAL_NAME,
57 MGMT_OP_ADD_UUID,
58 MGMT_OP_REMOVE_UUID,
59 MGMT_OP_LOAD_LINK_KEYS,
60 MGMT_OP_LOAD_LONG_TERM_KEYS,
61 MGMT_OP_DISCONNECT,
62 MGMT_OP_GET_CONNECTIONS,
63 MGMT_OP_PIN_CODE_REPLY,
64 MGMT_OP_PIN_CODE_NEG_REPLY,
65 MGMT_OP_SET_IO_CAPABILITY,
66 MGMT_OP_PAIR_DEVICE,
67 MGMT_OP_CANCEL_PAIR_DEVICE,
68 MGMT_OP_UNPAIR_DEVICE,
69 MGMT_OP_USER_CONFIRM_REPLY,
70 MGMT_OP_USER_CONFIRM_NEG_REPLY,
71 MGMT_OP_USER_PASSKEY_REPLY,
72 MGMT_OP_USER_PASSKEY_NEG_REPLY,
73 MGMT_OP_READ_LOCAL_OOB_DATA,
74 MGMT_OP_ADD_REMOTE_OOB_DATA,
75 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
76 MGMT_OP_START_DISCOVERY,
77 MGMT_OP_STOP_DISCOVERY,
78 MGMT_OP_CONFIRM_NAME,
79 MGMT_OP_BLOCK_DEVICE,
80 MGMT_OP_UNBLOCK_DEVICE,
81};
82
83static const u16 mgmt_events[] = {
84 MGMT_EV_CONTROLLER_ERROR,
85 MGMT_EV_INDEX_ADDED,
86 MGMT_EV_INDEX_REMOVED,
87 MGMT_EV_NEW_SETTINGS,
88 MGMT_EV_CLASS_OF_DEV_CHANGED,
89 MGMT_EV_LOCAL_NAME_CHANGED,
90 MGMT_EV_NEW_LINK_KEY,
91 MGMT_EV_NEW_LONG_TERM_KEY,
92 MGMT_EV_DEVICE_CONNECTED,
93 MGMT_EV_DEVICE_DISCONNECTED,
94 MGMT_EV_CONNECT_FAILED,
95 MGMT_EV_PIN_CODE_REQUEST,
96 MGMT_EV_USER_CONFIRM_REQUEST,
97 MGMT_EV_USER_PASSKEY_REQUEST,
98 MGMT_EV_AUTH_FAILED,
99 MGMT_EV_DEVICE_FOUND,
100 MGMT_EV_DISCOVERING,
101 MGMT_EV_DEVICE_BLOCKED,
102 MGMT_EV_DEVICE_UNBLOCKED,
103 MGMT_EV_DEVICE_UNPAIRED,
104};
105
3fd24153
AG		 106/*
107 * These LE scan and inquiry parameters were chosen according to LE General
108 * Discovery Procedure specification.
109 */
110#define LE_SCAN_TYPE 0x01
111#define LE_SCAN_WIN 0x12
112#define LE_SCAN_INT 0x12
113#define LE_SCAN_TIMEOUT_LE_ONLY 10240 /* TGAP(gen_disc_scan_min) */
5e0452c0 114#define LE_SCAN_TIMEOUT_BREDR_LE 5120 /* TGAP(100)/2 */
3fd24153 115
e8777525 116#define INQUIRY_LEN_BREDR 0x08 /* TGAP(100) */
5e0452c0 117#define INQUIRY_LEN_BREDR_LE 0x04 /* TGAP(100)/2 */
2519a1fc 118
17b02e62 119#define CACHE_TIMEOUT msecs_to_jiffies(2 * 1000)
7d78525d 120
4b34ee78
JH		 121#define hdev_is_powered(hdev) (test_bit(HCI_UP, &hdev->flags) && \
122 !test_bit(HCI_AUTO_OFF, &hdev->dev_flags))
123
eec8d2bc
JH		 124struct pending_cmd {
125 struct list_head list;
fc2f4b13 126 u16 opcode;
eec8d2bc 127 int index;
c68fb7ff 128 void *param;
eec8d2bc 129 struct sock *sk;
e9a416b5 130 void *user_data;
eec8d2bc
JH		 131};
132
ca69b795
JH		 133/* HCI to MGMT error code conversion table */
134static u8 mgmt_status_table[] = {
135 MGMT_STATUS_SUCCESS,
136 MGMT_STATUS_UNKNOWN_COMMAND, /* Unknown Command */
137 MGMT_STATUS_NOT_CONNECTED, /* No Connection */
138 MGMT_STATUS_FAILED, /* Hardware Failure */
139 MGMT_STATUS_CONNECT_FAILED, /* Page Timeout */
140 MGMT_STATUS_AUTH_FAILED, /* Authentication Failed */
141 MGMT_STATUS_NOT_PAIRED, /* PIN or Key Missing */
142 MGMT_STATUS_NO_RESOURCES, /* Memory Full */
143 MGMT_STATUS_TIMEOUT, /* Connection Timeout */
144 MGMT_STATUS_NO_RESOURCES, /* Max Number of Connections */
145 MGMT_STATUS_NO_RESOURCES, /* Max Number of SCO Connections */
146 MGMT_STATUS_ALREADY_CONNECTED, /* ACL Connection Exists */
147 MGMT_STATUS_BUSY, /* Command Disallowed */
148 MGMT_STATUS_NO_RESOURCES, /* Rejected Limited Resources */
149 MGMT_STATUS_REJECTED, /* Rejected Security */
150 MGMT_STATUS_REJECTED, /* Rejected Personal */
151 MGMT_STATUS_TIMEOUT, /* Host Timeout */
152 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Feature */
153 MGMT_STATUS_INVALID_PARAMS, /* Invalid Parameters */
154 MGMT_STATUS_DISCONNECTED, /* OE User Ended Connection */
155 MGMT_STATUS_NO_RESOURCES, /* OE Low Resources */
156 MGMT_STATUS_DISCONNECTED, /* OE Power Off */
157 MGMT_STATUS_DISCONNECTED, /* Connection Terminated */
158 MGMT_STATUS_BUSY, /* Repeated Attempts */
159 MGMT_STATUS_REJECTED, /* Pairing Not Allowed */
160 MGMT_STATUS_FAILED, /* Unknown LMP PDU */
161 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Remote Feature */
162 MGMT_STATUS_REJECTED, /* SCO Offset Rejected */
163 MGMT_STATUS_REJECTED, /* SCO Interval Rejected */
164 MGMT_STATUS_REJECTED, /* Air Mode Rejected */
165 MGMT_STATUS_INVALID_PARAMS, /* Invalid LMP Parameters */
166 MGMT_STATUS_FAILED, /* Unspecified Error */
167 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported LMP Parameter Value */
168 MGMT_STATUS_FAILED, /* Role Change Not Allowed */
169 MGMT_STATUS_TIMEOUT, /* LMP Response Timeout */
170 MGMT_STATUS_FAILED, /* LMP Error Transaction Collision */
171 MGMT_STATUS_FAILED, /* LMP PDU Not Allowed */
172 MGMT_STATUS_REJECTED, /* Encryption Mode Not Accepted */
173 MGMT_STATUS_FAILED, /* Unit Link Key Used */
174 MGMT_STATUS_NOT_SUPPORTED, /* QoS Not Supported */
175 MGMT_STATUS_TIMEOUT, /* Instant Passed */
176 MGMT_STATUS_NOT_SUPPORTED, /* Pairing Not Supported */
177 MGMT_STATUS_FAILED, /* Transaction Collision */
178 MGMT_STATUS_INVALID_PARAMS, /* Unacceptable Parameter */
179 MGMT_STATUS_REJECTED, /* QoS Rejected */
180 MGMT_STATUS_NOT_SUPPORTED, /* Classification Not Supported */
181 MGMT_STATUS_REJECTED, /* Insufficient Security */
182 MGMT_STATUS_INVALID_PARAMS, /* Parameter Out Of Range */
183 MGMT_STATUS_BUSY, /* Role Switch Pending */
184 MGMT_STATUS_FAILED, /* Slot Violation */
185 MGMT_STATUS_FAILED, /* Role Switch Failed */
186 MGMT_STATUS_INVALID_PARAMS, /* EIR Too Large */
187 MGMT_STATUS_NOT_SUPPORTED, /* Simple Pairing Not Supported */
188 MGMT_STATUS_BUSY, /* Host Busy Pairing */
189 MGMT_STATUS_REJECTED, /* Rejected, No Suitable Channel */
190 MGMT_STATUS_BUSY, /* Controller Busy */
191 MGMT_STATUS_INVALID_PARAMS, /* Unsuitable Connection Interval */
192 MGMT_STATUS_TIMEOUT, /* Directed Advertising Timeout */
193 MGMT_STATUS_AUTH_FAILED, /* Terminated Due to MIC Failure */
194 MGMT_STATUS_CONNECT_FAILED, /* Connection Establishment Failed */
195 MGMT_STATUS_CONNECT_FAILED, /* MAC Connection Failed */
196};
197
198static u8 mgmt_status(u8 hci_status)
199{
200 if (hci_status < ARRAY_SIZE(mgmt_status_table))
201 return mgmt_status_table[hci_status];
202
203 return MGMT_STATUS_FAILED;
204}
205
4e51eae9 206static int cmd_status(struct sock *sk, u16 index, u16 cmd, u8 status)
f7b64e69
JH		 207{
208 struct sk_buff *skb;
209 struct mgmt_hdr *hdr;
210 struct mgmt_ev_cmd_status *ev;
56b7d137 211 int err;
f7b64e69 212
34eb525c 213 BT_DBG("sock %p, index %u, cmd %u, status %u", sk, index, cmd, status);
f7b64e69
JH		 214
215 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev), GFP_ATOMIC);
216 if (!skb)
217 return -ENOMEM;
218
219 hdr = (void *) skb_put(skb, sizeof(*hdr));
220
221 hdr->opcode = cpu_to_le16(MGMT_EV_CMD_STATUS);
4e51eae9 222 hdr->index = cpu_to_le16(index);
f7b64e69
JH		 223 hdr->len = cpu_to_le16(sizeof(*ev));
224
225 ev = (void *) skb_put(skb, sizeof(*ev));
226 ev->status = status;
227 put_unaligned_le16(cmd, &ev->opcode);
228
56b7d137
GP		 229 err = sock_queue_rcv_skb(sk, skb);
230 if (err < 0)
f7b64e69
JH		 231 kfree_skb(skb);
232
56b7d137 233 return err;
f7b64e69
JH		 234}
235
aee9b218
JH		 236static int cmd_complete(struct sock *sk, u16 index, u16 cmd, u8 status,
237 void *rp, size_t rp_len)
02d98129
JH		 238{
239 struct sk_buff *skb;
240 struct mgmt_hdr *hdr;
241 struct mgmt_ev_cmd_complete *ev;
56b7d137 242 int err;
02d98129
JH		 243
244 BT_DBG("sock %p", sk);
245
a38528f1 246 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev) + rp_len, GFP_ATOMIC);
02d98129
JH		 247 if (!skb)
248 return -ENOMEM;
249
250 hdr = (void *) skb_put(skb, sizeof(*hdr));
02d98129 251
a38528f1 252 hdr->opcode = cpu_to_le16(MGMT_EV_CMD_COMPLETE);
4e51eae9 253 hdr->index = cpu_to_le16(index);
a38528f1 254 hdr->len = cpu_to_le16(sizeof(*ev) + rp_len);
02d98129 255
a38528f1
JH		 256 ev = (void *) skb_put(skb, sizeof(*ev) + rp_len);
257 put_unaligned_le16(cmd, &ev->opcode);
aee9b218 258 ev->status = status;
8020c16a
SJ		 259
260 if (rp)
261 memcpy(ev->data, rp, rp_len);
02d98129 262
56b7d137
GP		 263 err = sock_queue_rcv_skb(sk, skb);
264 if (err < 0)
02d98129
JH		 265 kfree_skb(skb);
266
e5f0e151 267 return err;
02d98129
JH		 268}
269
0f4e68cf
JH		 270static int read_version(struct sock *sk, struct hci_dev *hdev,
271 void *data, u16 data_len)
a38528f1
JH		 272{
273 struct mgmt_rp_read_version rp;
274
275 BT_DBG("sock %p", sk);
276
277 rp.version = MGMT_VERSION;
278 put_unaligned_le16(MGMT_REVISION, &rp.revision);
279
aee9b218 280 return cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_VERSION, 0, &rp,
4e51eae9 281 sizeof(rp));
a38528f1
JH		 282}
283
0f4e68cf
JH		 284static int read_commands(struct sock *sk, struct hci_dev *hdev,
285 void *data, u16 data_len)
e70bb2e8
JH		 286{
287 struct mgmt_rp_read_commands *rp;
288 u16 num_commands = ARRAY_SIZE(mgmt_commands);
289 u16 num_events = ARRAY_SIZE(mgmt_events);
290 u16 *opcode;
291 size_t rp_size;
292 int i, err;
293
294 BT_DBG("sock %p", sk);
295
296 rp_size = sizeof(*rp) + ((num_commands + num_events) * sizeof(u16));
297
298 rp = kmalloc(rp_size, GFP_KERNEL);
299 if (!rp)
300 return -ENOMEM;
301
302 put_unaligned_le16(num_commands, &rp->num_commands);
303 put_unaligned_le16(num_events, &rp->num_events);
304
305 for (i = 0, opcode = rp->opcodes; i < num_commands; i++, opcode++)
306 put_unaligned_le16(mgmt_commands[i], opcode);
307
308 for (i = 0; i < num_events; i++, opcode++)
309 put_unaligned_le16(mgmt_events[i], opcode);
310
aee9b218 311 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_COMMANDS, 0, rp,
e70bb2e8
JH		 312 rp_size);
313 kfree(rp);
314
315 return err;
316}
317
0f4e68cf
JH		 318static int read_index_list(struct sock *sk, struct hci_dev *hdev,
319 void *data, u16 data_len)
faba42eb 320{
faba42eb
JH		 321 struct mgmt_rp_read_index_list *rp;
322 struct list_head *p;
8035ded4 323 struct hci_dev *d;
a38528f1 324 size_t rp_len;
faba42eb 325 u16 count;
a38528f1 326 int i, err;
faba42eb
JH		 327
328 BT_DBG("sock %p", sk);
329
330 read_lock(&hci_dev_list_lock);
331
332 count = 0;
333 list_for_each(p, &hci_dev_list) {
334 count++;
335 }
336
a38528f1
JH		 337 rp_len = sizeof(*rp) + (2 * count);
338 rp = kmalloc(rp_len, GFP_ATOMIC);
339 if (!rp) {
b2c60d42 340 read_unlock(&hci_dev_list_lock);
faba42eb 341 return -ENOMEM;
b2c60d42 342 }
faba42eb 343
faba42eb
JH		 344 put_unaligned_le16(count, &rp->num_controllers);
345
346 i = 0;
8035ded4 347 list_for_each_entry(d, &hci_dev_list, list) {
a8b2d5c2 348 if (test_bit(HCI_SETUP, &d->dev_flags))
ab81cbf9
JH		 349 continue;
350
faba42eb
JH		 351 put_unaligned_le16(d->id, &rp->index[i++]);
352 BT_DBG("Added hci%u", d->id);
353 }
354
355 read_unlock(&hci_dev_list_lock);
356
aee9b218 357 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_INDEX_LIST, 0, rp,
4e51eae9 358 rp_len);
faba42eb 359
a38528f1
JH		 360 kfree(rp);
361
362 return err;
faba42eb
JH		 363}
364
69ab39ea
JH		 365static u32 get_supported_settings(struct hci_dev *hdev)
366{
367 u32 settings = 0;
368
369 settings |= MGMT_SETTING_POWERED;
370 settings |= MGMT_SETTING_CONNECTABLE;
371 settings |= MGMT_SETTING_FAST_CONNECTABLE;
372 settings |= MGMT_SETTING_DISCOVERABLE;
373 settings |= MGMT_SETTING_PAIRABLE;
374
375 if (hdev->features[6] & LMP_SIMPLE_PAIR)
376 settings |= MGMT_SETTING_SSP;
377
378 if (!(hdev->features[4] & LMP_NO_BREDR)) {
379 settings |= MGMT_SETTING_BREDR;
380 settings |= MGMT_SETTING_LINK_SECURITY;
381 }
382
d7b7e796
MH		 383 if (enable_hs)
384 settings |= MGMT_SETTING_HS;
385
386 if (enable_le) {
387 if (hdev->features[4] & LMP_LE)
388 settings |= MGMT_SETTING_LE;
389 }
69ab39ea
JH		 390
391 return settings;
392}
393
394static u32 get_current_settings(struct hci_dev *hdev)
395{
396 u32 settings = 0;
397
f1f0eb02 398 if (hdev_is_powered(hdev))
f0d4b78a
MH		 399 settings |= MGMT_SETTING_POWERED;
400
5e5282bb 401 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
69ab39ea
JH		 402 settings |= MGMT_SETTING_CONNECTABLE;
403
5e5282bb 404 if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
69ab39ea
JH		 405 settings |= MGMT_SETTING_DISCOVERABLE;
406
a8b2d5c2 407 if (test_bit(HCI_PAIRABLE, &hdev->dev_flags))
69ab39ea
JH		 408 settings |= MGMT_SETTING_PAIRABLE;
409
410 if (!(hdev->features[4] & LMP_NO_BREDR))
411 settings |= MGMT_SETTING_BREDR;
412
06199cf8 413 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
69ab39ea
JH		 414 settings |= MGMT_SETTING_LE;
415
47990ea0 416 if (test_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
69ab39ea
JH		 417 settings |= MGMT_SETTING_LINK_SECURITY;
418
84bde9d6 419 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
69ab39ea
JH		 420 settings |= MGMT_SETTING_SSP;
421
6d80dfd0
JH		 422 if (test_bit(HCI_HS_ENABLED, &hdev->dev_flags))
423 settings |= MGMT_SETTING_HS;
424
69ab39ea
JH		 425 return settings;
426}
427
ef580372
JH		 428#define PNP_INFO_SVCLASS_ID 0x1200
429
430static u8 bluetooth_base_uuid[] = {
431 0xFB, 0x34, 0x9B, 0x5F, 0x80, 0x00, 0x00, 0x80,
432 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
433};
434
435static u16 get_uuid16(u8 *uuid128)
436{
437 u32 val;
438 int i;
439
440 for (i = 0; i < 12; i++) {
441 if (bluetooth_base_uuid[i] != uuid128[i])
442 return 0;
443 }
444
445 memcpy(&val, &uuid128[12], 4);
446
447 val = le32_to_cpu(val);
448 if (val > 0xffff)
449 return 0;
450
451 return (u16) val;
452}
453
454static void create_eir(struct hci_dev *hdev, u8 *data)
455{
456 u8 *ptr = data;
457 u16 eir_len = 0;
458 u16 uuid16_list[HCI_MAX_EIR_LENGTH / sizeof(u16)];
459 int i, truncated = 0;
460 struct bt_uuid *uuid;
461 size_t name_len;
462
463 name_len = strlen(hdev->dev_name);
464
465 if (name_len > 0) {
466 /* EIR Data type */
467 if (name_len > 48) {
468 name_len = 48;
469 ptr[1] = EIR_NAME_SHORT;
470 } else
471 ptr[1] = EIR_NAME_COMPLETE;
472
473 /* EIR Data length */
474 ptr[0] = name_len + 1;
475
476 memcpy(ptr + 2, hdev->dev_name, name_len);
477
478 eir_len += (name_len + 2);
479 ptr += (name_len + 2);
480 }
481
482 memset(uuid16_list, 0, sizeof(uuid16_list));
483
484 /* Group all UUID16 types */
485 list_for_each_entry(uuid, &hdev->uuids, list) {
486 u16 uuid16;
487
488 uuid16 = get_uuid16(uuid->uuid);
489 if (uuid16 == 0)
490 return;
491
492 if (uuid16 < 0x1100)
493 continue;
494
495 if (uuid16 == PNP_INFO_SVCLASS_ID)
496 continue;
497
498 /* Stop if not enough space to put next UUID */
499 if (eir_len + 2 + sizeof(u16) > HCI_MAX_EIR_LENGTH) {
500 truncated = 1;
501 break;
502 }
503
504 /* Check for duplicates */
505 for (i = 0; uuid16_list[i] != 0; i++)
506 if (uuid16_list[i] == uuid16)
507 break;
508
509 if (uuid16_list[i] == 0) {
510 uuid16_list[i] = uuid16;
511 eir_len += sizeof(u16);
512 }
513 }
514
515 if (uuid16_list[0] != 0) {
516 u8 *length = ptr;
517
518 /* EIR Data type */
519 ptr[1] = truncated ? EIR_UUID16_SOME : EIR_UUID16_ALL;
520
521 ptr += 2;
522 eir_len += 2;
523
524 for (i = 0; uuid16_list[i] != 0; i++) {
525 *ptr++ = (uuid16_list[i] & 0x00ff);
526 *ptr++ = (uuid16_list[i] & 0xff00) >> 8;
527 }
528
529 /* EIR Data length */
530 *length = (i * sizeof(u16)) + 1;
531 }
532}
533
534static int update_eir(struct hci_dev *hdev)
535{
536 struct hci_cp_write_eir cp;
537
504c8dcd 538 if (!hdev_is_powered(hdev))
7770c4aa
JH		 539 return 0;
540
ef580372
JH		 541 if (!(hdev->features[6] & LMP_EXT_INQ))
542 return 0;
543
84bde9d6 544 if (!test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
ef580372
JH		 545 return 0;
546
a8b2d5c2 547 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
ef580372
JH		 548 return 0;
549
550 memset(&cp, 0, sizeof(cp));
551
552 create_eir(hdev, cp.data);
553
554 if (memcmp(cp.data, hdev->eir, sizeof(cp.data)) == 0)
555 return 0;
556
557 memcpy(hdev->eir, cp.data, sizeof(cp.data));
558
559 return hci_send_cmd(hdev, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
560}
561
562static u8 get_service_classes(struct hci_dev *hdev)
563{
564 struct bt_uuid *uuid;
565 u8 val = 0;
566
567 list_for_each_entry(uuid, &hdev->uuids, list)
568 val |= uuid->svc_hint;
569
570 return val;
571}
572
573static int update_class(struct hci_dev *hdev)
574{
575 u8 cod[3];
c95f0ba7 576 int err;
ef580372
JH		 577
578 BT_DBG("%s", hdev->name);
579
504c8dcd 580 if (!hdev_is_powered(hdev))
7770c4aa
JH		 581 return 0;
582
a8b2d5c2 583 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
ef580372
JH		 584 return 0;
585
586 cod[0] = hdev->minor_class;
587 cod[1] = hdev->major_class;
588 cod[2] = get_service_classes(hdev);
589
590 if (memcmp(cod, hdev->dev_class, 3) == 0)
591 return 0;
592
c95f0ba7
JH		 593 err = hci_send_cmd(hdev, HCI_OP_WRITE_CLASS_OF_DEV, sizeof(cod), cod);
594 if (err == 0)
595 set_bit(HCI_PENDING_CLASS, &hdev->dev_flags);
596
597 return err;
ef580372
JH		 598}
599
7d78525d
JH		 600static void service_cache_off(struct work_struct *work)
601{
602 struct hci_dev *hdev = container_of(work, struct hci_dev,
603 service_cache.work);
604
a8b2d5c2 605 if (!test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
7d78525d
JH		 606 return;
607
608 hci_dev_lock(hdev);
609
610 update_eir(hdev);
611 update_class(hdev);
612
613 hci_dev_unlock(hdev);
614}
615
6a919082 616static void mgmt_init_hdev(struct sock *sk, struct hci_dev *hdev)
7d78525d 617{
4f87da80 618 if (test_and_set_bit(HCI_MGMT, &hdev->dev_flags))
6a919082
JH		 619 return;
620
4f87da80 621 INIT_DELAYED_WORK(&hdev->service_cache, service_cache_off);
7d78525d 622
4f87da80
JH		 623 /* Non-mgmt controlled devices get this bit set
624 * implicitly so that pairing works for them, however
625 * for mgmt we require user-space to explicitly enable
626 * it
627 */
628 clear_bit(HCI_PAIRABLE, &hdev->dev_flags);
7d78525d
JH		 629}
630
0f4e68cf
JH		 631static int read_controller_info(struct sock *sk, struct hci_dev *hdev,
632 void *data, u16 data_len)
0381101f 633{
a38528f1 634 struct mgmt_rp_read_info rp;
f7b64e69 635
bdb6d971 636 BT_DBG("sock %p %s", sk, hdev->name);
f7b64e69 637
09fd0de5 638 hci_dev_lock(hdev);
f7b64e69 639
dc4fe30b
JH		 640 memset(&rp, 0, sizeof(rp));
641
69ab39ea 642 bacpy(&rp.bdaddr, &hdev->bdaddr);
f7b64e69 643
69ab39ea 644 rp.version = hdev->hci_ver;
f7b64e69 645
69ab39ea
JH		 646 put_unaligned_le16(hdev->manufacturer, &rp.manufacturer);
647
648 rp.supported_settings = cpu_to_le32(get_supported_settings(hdev));
649 rp.current_settings = cpu_to_le32(get_current_settings(hdev));
f7b64e69 650
a38528f1 651 memcpy(rp.dev_class, hdev->dev_class, 3);
f7b64e69 652
dc4fe30b 653 memcpy(rp.name, hdev->dev_name, sizeof(hdev->dev_name));
27fcc362 654 memcpy(rp.short_name, hdev->short_name, sizeof(hdev->short_name));
dc4fe30b 655
09fd0de5 656 hci_dev_unlock(hdev);
0381101f 657
bdb6d971
JH		 658 return cmd_complete(sk, hdev->id, MGMT_OP_READ_INFO, 0, &rp,
659 sizeof(rp));
0381101f
JH		 660}
661
eec8d2bc
JH		 662static void mgmt_pending_free(struct pending_cmd *cmd)
663{
664 sock_put(cmd->sk);
c68fb7ff 665 kfree(cmd->param);
eec8d2bc
JH		 666 kfree(cmd);
667}
668
366a0336 669static struct pending_cmd *mgmt_pending_add(struct sock *sk, u16 opcode,
2e58ef3e
JH		 670 struct hci_dev *hdev,
671 void *data, u16 len)
eec8d2bc
JH		 672{
673 struct pending_cmd *cmd;
674
675 cmd = kmalloc(sizeof(*cmd), GFP_ATOMIC);
676 if (!cmd)
366a0336 677 return NULL;
eec8d2bc
JH		 678
679 cmd->opcode = opcode;
2e58ef3e 680 cmd->index = hdev->id;
eec8d2bc 681
c68fb7ff
SJ		 682 cmd->param = kmalloc(len, GFP_ATOMIC);
683 if (!cmd->param) {
eec8d2bc 684 kfree(cmd);
366a0336 685 return NULL;
eec8d2bc
JH		 686 }
687
8fce6357
SJ		 688 if (data)
689 memcpy(cmd->param, data, len);
eec8d2bc
JH		 690
691 cmd->sk = sk;
692 sock_hold(sk);
693
2e58ef3e 694 list_add(&cmd->list, &hdev->mgmt_pending);
eec8d2bc 695
366a0336 696 return cmd;
eec8d2bc
JH		 697}
698
744cf19e 699static void mgmt_pending_foreach(u16 opcode, struct hci_dev *hdev,
eec8d2bc
JH		 700 void (*cb)(struct pending_cmd *cmd, void *data),
701 void *data)
702{
703 struct list_head *p, *n;
704
2e58ef3e 705 list_for_each_safe(p, n, &hdev->mgmt_pending) {
eec8d2bc
JH		 706 struct pending_cmd *cmd;
707
708 cmd = list_entry(p, struct pending_cmd, list);
709
b24752fe 710 if (opcode > 0 && cmd->opcode != opcode)
eec8d2bc
JH		 711 continue;
712
eec8d2bc
JH		 713 cb(cmd, data);
714 }
715}
716
2e58ef3e 717static struct pending_cmd *mgmt_pending_find(u16 opcode, struct hci_dev *hdev)
eec8d2bc 718{
8035ded4 719 struct pending_cmd *cmd;
eec8d2bc 720
2e58ef3e 721 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
2aeabcbe
JH		 722 if (cmd->opcode == opcode)
723 return cmd;
eec8d2bc
JH		 724 }
725
726 return NULL;
727}
728
a664b5bc 729static void mgmt_pending_remove(struct pending_cmd *cmd)
73f22f62 730{
73f22f62
JH		 731 list_del(&cmd->list);
732 mgmt_pending_free(cmd);
733}
734
69ab39ea 735static int send_settings_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
8680570b 736{
69ab39ea 737 __le32 settings = cpu_to_le32(get_current_settings(hdev));
8680570b 738
aee9b218
JH		 739 return cmd_complete(sk, hdev->id, opcode, 0, &settings,
740 sizeof(settings));
8680570b
JH		 741}
742
bdb6d971
JH		 743static int set_powered(struct sock *sk, struct hci_dev *hdev, void *data,
744 u16 len)
eec8d2bc 745{
650f726d 746 struct mgmt_mode *cp = data;
366a0336 747 struct pending_cmd *cmd;
4b34ee78 748 int err;
eec8d2bc 749
bdb6d971 750 BT_DBG("request for %s", hdev->name);
eec8d2bc 751
09fd0de5 752 hci_dev_lock(hdev);
eec8d2bc 753
f0d4b78a
MH		 754 if (test_and_clear_bit(HCI_AUTO_OFF, &hdev->dev_flags)) {
755 cancel_delayed_work(&hdev->power_off);
756
757 if (cp->val) {
758 err = send_settings_rsp(sk, MGMT_OP_SET_POWERED, hdev);
759 mgmt_powered(hdev, 1);
760 goto failed;
761 }
762 }
763
4b34ee78 764 if (!!cp->val == hdev_is_powered(hdev)) {
69ab39ea 765 err = send_settings_rsp(sk, MGMT_OP_SET_POWERED, hdev);
eec8d2bc
JH		 766 goto failed;
767 }
768
2e58ef3e 769 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev)) {
bdb6d971 770 err = cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
ca69b795 771 MGMT_STATUS_BUSY);
eec8d2bc
JH		 772 goto failed;
773 }
774
2e58ef3e 775 cmd = mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev, data, len);
366a0336
JH		 776 if (!cmd) {
777 err = -ENOMEM;
eec8d2bc 778 goto failed;
366a0336 779 }
eec8d2bc 780
72a734ec 781 if (cp->val)
7f971041 782 schedule_work(&hdev->power_on);
eec8d2bc 783 else
80b7ab33 784 schedule_work(&hdev->power_off.work);
eec8d2bc 785
366a0336 786 err = 0;
eec8d2bc
JH		 787
788failed:
09fd0de5 789 hci_dev_unlock(hdev);
366a0336 790 return err;
eec8d2bc
JH		 791}
792
beadb2bd
JH		 793static int mgmt_event(u16 event, struct hci_dev *hdev, void *data,
794 u16 data_len, struct sock *skip_sk)
795{
796 struct sk_buff *skb;
797 struct mgmt_hdr *hdr;
798
799 skb = alloc_skb(sizeof(*hdr) + data_len, GFP_ATOMIC);
800 if (!skb)
801 return -ENOMEM;
802
803 hdr = (void *) skb_put(skb, sizeof(*hdr));
804 hdr->opcode = cpu_to_le16(event);
805 if (hdev)
806 hdr->index = cpu_to_le16(hdev->id);
807 else
808 hdr->index = cpu_to_le16(MGMT_INDEX_NONE);
809 hdr->len = cpu_to_le16(data_len);
810
811 if (data)
812 memcpy(skb_put(skb, data_len), data, data_len);
813
97e0bdeb
MH		 814 /* Time stamp */
815 __net_timestamp(skb);
816
beadb2bd
JH		 817 hci_send_to_control(skb, skip_sk);
818 kfree_skb(skb);
819
820 return 0;
821}
822
823static int new_settings(struct hci_dev *hdev, struct sock *skip)
824{
825 __le32 ev;
826
827 ev = cpu_to_le32(get_current_settings(hdev));
828
829 return mgmt_event(MGMT_EV_NEW_SETTINGS, hdev, &ev, sizeof(ev), skip);
830}
831
bdb6d971
JH		 832static int set_discoverable(struct sock *sk, struct hci_dev *hdev, void *data,
833 u16 len)
73f22f62 834{
650f726d 835 struct mgmt_cp_set_discoverable *cp = data;
366a0336 836 struct pending_cmd *cmd;
5e5282bb 837 u16 timeout;
73f22f62
JH		 838 u8 scan;
839 int err;
840
bdb6d971 841 BT_DBG("request for %s", hdev->name);
73f22f62 842
24c54a90
MH		 843 timeout = get_unaligned_le16(&cp->timeout);
844 if (!cp->val && timeout > 0)
bdb6d971 845 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
ca69b795 846 MGMT_STATUS_INVALID_PARAMS);
73f22f62 847
09fd0de5 848 hci_dev_lock(hdev);
73f22f62 849
5e5282bb 850 if (!hdev_is_powered(hdev) && timeout > 0) {
bdb6d971 851 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
ca69b795 852 MGMT_STATUS_NOT_POWERED);
73f22f62
JH		 853 goto failed;
854 }
855
2e58ef3e
JH		 856 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
857 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
bdb6d971 858 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
ca69b795 859 MGMT_STATUS_BUSY);
73f22f62
JH		 860 goto failed;
861 }
862
5e5282bb 863 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags)) {
bdb6d971 864 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
5e5282bb
JH		 865 MGMT_STATUS_REJECTED);
866 goto failed;
867 }
868
869 if (!hdev_is_powered(hdev)) {
0224d2fa
JH		 870 bool changed = false;
871
872 if (!!cp->val != test_bit(HCI_DISCOVERABLE, &hdev->dev_flags)) {
873 change_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
874 changed = true;
875 }
876
5e5282bb 877 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
0224d2fa
JH		 878 if (err < 0)
879 goto failed;
880
881 if (changed)
882 err = new_settings(hdev, sk);
883
5e5282bb
JH		 884 goto failed;
885 }
886
887 if (!!cp->val == test_bit(HCI_DISCOVERABLE, &hdev->dev_flags)) {
955638ec
MH		 888 if (hdev->discov_timeout > 0) {
889 cancel_delayed_work(&hdev->discov_off);
890 hdev->discov_timeout = 0;
891 }
892
893 if (cp->val && timeout > 0) {
894 hdev->discov_timeout = timeout;
895 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
896 msecs_to_jiffies(hdev->discov_timeout * 1000));
897 }
898
69ab39ea 899 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
73f22f62
JH		 900 goto failed;
901 }
902
2e58ef3e 903 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DISCOVERABLE, hdev, data, len);
366a0336
JH		 904 if (!cmd) {
905 err = -ENOMEM;
73f22f62 906 goto failed;
366a0336 907 }
73f22f62
JH		 908
909 scan = SCAN_PAGE;
910
72a734ec 911 if (cp->val)
73f22f62 912 scan |= SCAN_INQUIRY;
16ab91ab 913 else
e0f9309f 914 cancel_delayed_work(&hdev->discov_off);
73f22f62
JH		 915
916 err = hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
917 if (err < 0)
a664b5bc 918 mgmt_pending_remove(cmd);
73f22f62 919
16ab91ab 920 if (cp->val)
5e5282bb 921 hdev->discov_timeout = timeout;
16ab91ab 922
73f22f62 923failed:
09fd0de5 924 hci_dev_unlock(hdev);
73f22f62
JH		 925 return err;
926}
927
bdb6d971
JH		 928static int set_connectable(struct sock *sk, struct hci_dev *hdev, void *data,
929 u16 len)
9fbcbb45 930{
650f726d 931 struct mgmt_mode *cp = data;
366a0336 932 struct pending_cmd *cmd;
9fbcbb45
JH		 933 u8 scan;
934 int err;
935
bdb6d971 936 BT_DBG("request for %s", hdev->name);
9fbcbb45 937
09fd0de5 938 hci_dev_lock(hdev);
9fbcbb45 939
4b34ee78 940 if (!hdev_is_powered(hdev)) {
0224d2fa
JH		 941 bool changed = false;
942
943 if (!!cp->val != test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
944 changed = true;
945
6bf0e469 946 if (cp->val) {
5e5282bb 947 set_bit(HCI_CONNECTABLE, &hdev->dev_flags);
6bf0e469 948 } else {
5e5282bb
JH		 949 clear_bit(HCI_CONNECTABLE, &hdev->dev_flags);
950 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
951 }
0224d2fa 952
5e5282bb 953 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
0224d2fa
JH		 954 if (err < 0)
955 goto failed;
956
957 if (changed)
958 err = new_settings(hdev, sk);
959
9fbcbb45
JH		 960 goto failed;
961 }
962
2e58ef3e
JH		 963 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
964 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
bdb6d971 965 err = cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
ca69b795 966 MGMT_STATUS_BUSY);
9fbcbb45
JH		 967 goto failed;
968 }
969
5e5282bb 970 if (!!cp->val == test_bit(HCI_PSCAN, &hdev->flags)) {
69ab39ea 971 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
9fbcbb45
JH		 972 goto failed;
973 }
974
2e58ef3e 975 cmd = mgmt_pending_add(sk, MGMT_OP_SET_CONNECTABLE, hdev, data, len);
366a0336
JH		 976 if (!cmd) {
977 err = -ENOMEM;
9fbcbb45 978 goto failed;
366a0336 979 }
9fbcbb45 980
6bf0e469 981 if (cp->val) {
9fbcbb45 982 scan = SCAN_PAGE;
6bf0e469 983 } else {
9fbcbb45
JH		 984 scan = 0;
985
df2c6c5e
JH		 986 if (test_bit(HCI_ISCAN, &hdev->flags) &&
987 hdev->discov_timeout > 0)
988 cancel_delayed_work(&hdev->discov_off);
989 }
990
9fbcbb45
JH		 991 err = hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
992 if (err < 0)
a664b5bc 993 mgmt_pending_remove(cmd);
9fbcbb45
JH		 994
995failed:
09fd0de5 996 hci_dev_unlock(hdev);
9fbcbb45
JH		 997 return err;
998}
999
bdb6d971
JH		 1000static int set_pairable(struct sock *sk, struct hci_dev *hdev, void *data,
1001 u16 len)
c542a06c 1002{
650f726d 1003 struct mgmt_mode *cp = data;
c542a06c
JH		 1004 int err;
1005
bdb6d971 1006 BT_DBG("request for %s", hdev->name);
c542a06c 1007
09fd0de5 1008 hci_dev_lock(hdev);
c542a06c
JH		 1009
1010 if (cp->val)
a8b2d5c2 1011 set_bit(HCI_PAIRABLE, &hdev->dev_flags);
c542a06c 1012 else
a8b2d5c2 1013 clear_bit(HCI_PAIRABLE, &hdev->dev_flags);
c542a06c 1014
69ab39ea 1015 err = send_settings_rsp(sk, MGMT_OP_SET_PAIRABLE, hdev);
c542a06c
JH		 1016 if (err < 0)
1017 goto failed;
1018
beadb2bd 1019 err = new_settings(hdev, sk);
c542a06c
JH		 1020
1021failed:
09fd0de5 1022 hci_dev_unlock(hdev);
c542a06c
JH		 1023 return err;
1024}
1025
bdb6d971
JH		 1026static int set_link_security(struct sock *sk, struct hci_dev *hdev,
1027 void *data, u16 len)
33ef95ed
JH		 1028{
1029 struct mgmt_mode *cp = data;
1030 struct pending_cmd *cmd;
816a11d5 1031 u8 val;
33ef95ed
JH		 1032 int err;
1033
bdb6d971 1034 BT_DBG("request for %s", hdev->name);
33ef95ed 1035
33ef95ed
JH		 1036 hci_dev_lock(hdev);
1037
4b34ee78 1038 if (!hdev_is_powered(hdev)) {
47990ea0
JH		 1039 bool changed = false;
1040
1041 if (!!cp->val != test_bit(HCI_LINK_SECURITY,
1042 &hdev->dev_flags)) {
1043 change_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
1044 changed = true;
1045 }
1046
1047 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1048 if (err < 0)
1049 goto failed;
1050
1051 if (changed)
1052 err = new_settings(hdev, sk);
1053
33ef95ed
JH		 1054 goto failed;
1055 }
1056
1057 if (mgmt_pending_find(MGMT_OP_SET_LINK_SECURITY, hdev)) {
bdb6d971 1058 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
33ef95ed
JH		 1059 MGMT_STATUS_BUSY);
1060 goto failed;
1061 }
1062
1063 val = !!cp->val;
1064
1065 if (test_bit(HCI_AUTH, &hdev->flags) == val) {
1066 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1067 goto failed;
1068 }
1069
1070 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LINK_SECURITY, hdev, data, len);
1071 if (!cmd) {
1072 err = -ENOMEM;
1073 goto failed;
1074 }
1075
1076 err = hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE, sizeof(val), &val);
1077 if (err < 0) {
1078 mgmt_pending_remove(cmd);
1079 goto failed;
1080 }
1081
1082failed:
1083 hci_dev_unlock(hdev);
33ef95ed
JH		 1084 return err;
1085}
1086
bdb6d971 1087static int set_ssp(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
ed2c4ee3
JH		 1088{
1089 struct mgmt_mode *cp = data;
1090 struct pending_cmd *cmd;
816a11d5 1091 u8 val;
ed2c4ee3
JH		 1092 int err;
1093
bdb6d971 1094 BT_DBG("request for %s", hdev->name);
ed2c4ee3 1095
ed2c4ee3
JH		 1096 hci_dev_lock(hdev);
1097
6c8f12c1 1098 if (!(hdev->features[6] & LMP_SIMPLE_PAIR)) {
bdb6d971 1099 err = cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
6c8f12c1
JH		 1100 MGMT_STATUS_NOT_SUPPORTED);
1101 goto failed;
1102 }
1103
c0ecddc2
JH		 1104 val = !!cp->val;
1105
4b34ee78 1106 if (!hdev_is_powered(hdev)) {
c0ecddc2
JH		 1107 bool changed = false;
1108
1109 if (val != test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) {
1110 change_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
1111 changed = true;
1112 }
1113
1114 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1115 if (err < 0)
1116 goto failed;
1117
1118 if (changed)
1119 err = new_settings(hdev, sk);
1120
ed2c4ee3
JH		 1121 goto failed;
1122 }
1123
1124 if (mgmt_pending_find(MGMT_OP_SET_SSP, hdev)) {
bdb6d971
JH		 1125 err = cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1126 MGMT_STATUS_BUSY);
ed2c4ee3
JH		 1127 goto failed;
1128 }
1129
ed2c4ee3
JH		 1130 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags) == val) {
1131 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1132 goto failed;
1133 }
1134
1135 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SSP, hdev, data, len);
1136 if (!cmd) {
1137 err = -ENOMEM;
1138 goto failed;
1139 }
1140
1141 err = hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, sizeof(val), &val);
1142 if (err < 0) {
1143 mgmt_pending_remove(cmd);
1144 goto failed;
1145 }
1146
1147failed:
1148 hci_dev_unlock(hdev);
ed2c4ee3
JH		 1149 return err;
1150}
1151
bdb6d971 1152static int set_hs(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
6d80dfd0
JH		 1153{
1154 struct mgmt_mode *cp = data;
6d80dfd0 1155
bdb6d971 1156 BT_DBG("request for %s", hdev->name);
6d80dfd0 1157
bdb6d971
JH		 1158 if (!enable_hs)
1159 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1160 MGMT_STATUS_NOT_SUPPORTED);
6d80dfd0
JH		 1161
1162 if (cp->val)
1163 set_bit(HCI_HS_ENABLED, &hdev->dev_flags);
1164 else
1165 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
1166
bdb6d971 1167 return send_settings_rsp(sk, MGMT_OP_SET_HS, hdev);
6d80dfd0
JH		 1168}
1169
bdb6d971 1170static int set_le(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
06199cf8
JH		 1171{
1172 struct mgmt_mode *cp = data;
1173 struct hci_cp_write_le_host_supported hci_cp;
1174 struct pending_cmd *cmd;
06199cf8 1175 int err;
0b60eba1 1176 u8 val, enabled;
06199cf8 1177
bdb6d971 1178 BT_DBG("request for %s", hdev->name);
06199cf8 1179
1de028ce
JH		 1180 hci_dev_lock(hdev);
1181
06199cf8 1182 if (!enable_le || !(hdev->features[4] & LMP_LE)) {
bdb6d971 1183 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
06199cf8 1184 MGMT_STATUS_NOT_SUPPORTED);
1de028ce 1185 goto unlock;
06199cf8
JH		 1186 }
1187
1188 val = !!cp->val;
0b60eba1 1189 enabled = !!(hdev->host_features[0] & LMP_HOST_LE);
06199cf8 1190
0b60eba1 1191 if (!hdev_is_powered(hdev) || val == enabled) {
06199cf8
JH		 1192 bool changed = false;
1193
1194 if (val != test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
1195 change_bit(HCI_LE_ENABLED, &hdev->dev_flags);
1196 changed = true;
1197 }
1198
1199 err = send_settings_rsp(sk, MGMT_OP_SET_LE, hdev);
1200 if (err < 0)
1de028ce 1201 goto unlock;
06199cf8
JH		 1202
1203 if (changed)
1204 err = new_settings(hdev, sk);
1205
1de028ce 1206 goto unlock;
06199cf8
JH		 1207 }
1208
1209 if (mgmt_pending_find(MGMT_OP_SET_LE, hdev)) {
bdb6d971
JH		 1210 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1211 MGMT_STATUS_BUSY);
1de028ce 1212 goto unlock;
06199cf8
JH		 1213 }
1214
1215 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LE, hdev, data, len);
1216 if (!cmd) {
1217 err = -ENOMEM;
1de028ce 1218 goto unlock;
06199cf8
JH		 1219 }
1220
1221 memset(&hci_cp, 0, sizeof(hci_cp));
1222
1223 if (val) {
1224 hci_cp.le = val;
1225 hci_cp.simul = !!(hdev->features[6] & LMP_SIMUL_LE_BR);
1226 }
1227
1228 err = hci_send_cmd(hdev, HCI_OP_WRITE_LE_HOST_SUPPORTED,
1229 sizeof(hci_cp), &hci_cp);
1230 if (err < 0) {
1231 mgmt_pending_remove(cmd);
1de028ce 1232 goto unlock;
06199cf8
JH		 1233 }
1234
1de028ce
JH		 1235unlock:
1236 hci_dev_unlock(hdev);
06199cf8
JH		 1237 return err;
1238}
1239
bdb6d971 1240static int add_uuid(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
2aeb9a1a 1241{
650f726d 1242 struct mgmt_cp_add_uuid *cp = data;
90e70454 1243 struct pending_cmd *cmd;
2aeb9a1a 1244 struct bt_uuid *uuid;
2aeb9a1a
JH		 1245 int err;
1246
bdb6d971 1247 BT_DBG("request for %s", hdev->name);
2aeb9a1a 1248
09fd0de5 1249 hci_dev_lock(hdev);
2aeb9a1a 1250
c95f0ba7 1251 if (test_bit(HCI_PENDING_CLASS, &hdev->dev_flags)) {
bdb6d971 1252 err = cmd_status(sk, hdev->id, MGMT_OP_ADD_UUID,
c95f0ba7
JH		 1253 MGMT_STATUS_BUSY);
1254 goto failed;
1255 }
1256
2aeb9a1a
JH		 1257 uuid = kmalloc(sizeof(*uuid), GFP_ATOMIC);
1258 if (!uuid) {
1259 err = -ENOMEM;
1260 goto failed;
1261 }
1262
1263 memcpy(uuid->uuid, cp->uuid, 16);
1aff6f09 1264 uuid->svc_hint = cp->svc_hint;
2aeb9a1a
JH		 1265
1266 list_add(&uuid->list, &hdev->uuids);
1267
1aff6f09
JH		 1268 err = update_class(hdev);
1269 if (err < 0)
1270 goto failed;
1271
80a1e1db
JH		 1272 err = update_eir(hdev);
1273 if (err < 0)
1274 goto failed;
1275
90e70454 1276 if (!test_bit(HCI_PENDING_CLASS, &hdev->dev_flags)) {
bdb6d971 1277 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_UUID, 0,
90e70454
JH		 1278 hdev->dev_class, 3);
1279 goto failed;
1280 }
1281
1282 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_UUID, hdev, data, len);
1283 if (!cmd) {
1284 err = -ENOMEM;
1285 goto failed;
1286 }
2aeb9a1a
JH		 1287
1288failed:
09fd0de5 1289 hci_dev_unlock(hdev);
2aeb9a1a
JH		 1290 return err;
1291}
1292
24b78d0f
JH		 1293static bool enable_service_cache(struct hci_dev *hdev)
1294{
1295 if (!hdev_is_powered(hdev))
1296 return false;
1297
1298 if (!test_and_set_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
17b02e62 1299 schedule_delayed_work(&hdev->service_cache, CACHE_TIMEOUT);
24b78d0f
JH		 1300 return true;
1301 }
1302
1303 return false;
1304}
1305
bdb6d971
JH		 1306static int remove_uuid(struct sock *sk, struct hci_dev *hdev, void *data,
1307 u16 len)
2aeb9a1a 1308{
650f726d 1309 struct mgmt_cp_remove_uuid *cp = data;
90e70454 1310 struct pending_cmd *cmd;
2aeb9a1a 1311 struct list_head *p, *n;
2aeb9a1a 1312 u8 bt_uuid_any[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
2aeb9a1a
JH		 1313 int err, found;
1314
bdb6d971 1315 BT_DBG("request for %s", hdev->name);
2aeb9a1a 1316
09fd0de5 1317 hci_dev_lock(hdev);
2aeb9a1a 1318
c95f0ba7 1319 if (test_bit(HCI_PENDING_CLASS, &hdev->dev_flags)) {
bdb6d971 1320 err = cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
c95f0ba7
JH		 1321 MGMT_STATUS_BUSY);
1322 goto unlock;
1323 }
1324
2aeb9a1a
JH		 1325 if (memcmp(cp->uuid, bt_uuid_any, 16) == 0) {
1326 err = hci_uuids_clear(hdev);
4004b6d9 1327
24b78d0f 1328 if (enable_service_cache(hdev)) {
bdb6d971
JH		 1329 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID,
1330 0, hdev->dev_class, 3);
24b78d0f
JH		 1331 goto unlock;
1332 }
4004b6d9 1333
9246a869 1334 goto update_class;
2aeb9a1a
JH		 1335 }
1336
1337 found = 0;
1338
1339 list_for_each_safe(p, n, &hdev->uuids) {
1340 struct bt_uuid *match = list_entry(p, struct bt_uuid, list);
1341
1342 if (memcmp(match->uuid, cp->uuid, 16) != 0)
1343 continue;
1344
1345 list_del(&match->list);
1346 found++;
1347 }
1348
1349 if (found == 0) {
bdb6d971 1350 err = cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
ca69b795 1351 MGMT_STATUS_INVALID_PARAMS);
2aeb9a1a
JH		 1352 goto unlock;
1353 }
1354
9246a869 1355update_class:
1aff6f09
JH		 1356 err = update_class(hdev);
1357 if (err < 0)
1358 goto unlock;
1359
80a1e1db
JH		 1360 err = update_eir(hdev);
1361 if (err < 0)
1362 goto unlock;
1363
90e70454 1364 if (!test_bit(HCI_PENDING_CLASS, &hdev->dev_flags)) {
bdb6d971 1365 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID, 0,
9997a533 1366 hdev->dev_class, 3);
90e70454
JH		 1367 goto unlock;
1368 }
1369
1370 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_UUID, hdev, data, len);
1371 if (!cmd) {
1372 err = -ENOMEM;
1373 goto unlock;
1374 }
2aeb9a1a
JH		 1375
1376unlock:
09fd0de5 1377 hci_dev_unlock(hdev);
2aeb9a1a
JH		 1378 return err;
1379}
1380
bdb6d971
JH		 1381static int set_dev_class(struct sock *sk, struct hci_dev *hdev, void *data,
1382 u16 len)
1aff6f09 1383{
650f726d 1384 struct mgmt_cp_set_dev_class *cp = data;
90e70454 1385 struct pending_cmd *cmd;
1aff6f09
JH		 1386 int err;
1387
bdb6d971 1388 BT_DBG("request for %s", hdev->name);
1aff6f09 1389
09fd0de5 1390 hci_dev_lock(hdev);
1aff6f09 1391
c95f0ba7 1392 if (test_bit(HCI_PENDING_CLASS, &hdev->dev_flags)) {
bdb6d971 1393 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
c95f0ba7
JH		 1394 MGMT_STATUS_BUSY);
1395 goto unlock;
1396 }
1397
932f5ff5
JH		 1398 hdev->major_class = cp->major;
1399 hdev->minor_class = cp->minor;
1400
b5235a65 1401 if (!hdev_is_powered(hdev)) {
bdb6d971 1402 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
932f5ff5 1403 hdev->dev_class, 3);
b5235a65
JH		 1404 goto unlock;
1405 }
1406
a8b2d5c2 1407 if (test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
7d78525d
JH		 1408 hci_dev_unlock(hdev);
1409 cancel_delayed_work_sync(&hdev->service_cache);
1410 hci_dev_lock(hdev);
14c0b608 1411 update_eir(hdev);
7d78525d 1412 }
14c0b608 1413
1aff6f09 1414 err = update_class(hdev);
90e70454
JH		 1415 if (err < 0)
1416 goto unlock;
1aff6f09 1417
90e70454 1418 if (!test_bit(HCI_PENDING_CLASS, &hdev->dev_flags)) {
bdb6d971 1419 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
8ec37034 1420 hdev->dev_class, 3);
90e70454
JH		 1421 goto unlock;
1422 }
1423
1424 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DEV_CLASS, hdev, data, len);
1425 if (!cmd) {
1426 err = -ENOMEM;
1427 goto unlock;
1428 }
1aff6f09 1429
b5235a65 1430unlock:
09fd0de5 1431 hci_dev_unlock(hdev);
1aff6f09
JH		 1432 return err;
1433}
1434
bdb6d971
JH		 1435static int load_link_keys(struct sock *sk, struct hci_dev *hdev, void *data,
1436 u16 len)
55ed8ca1 1437{
650f726d 1438 struct mgmt_cp_load_link_keys *cp = data;
4e51eae9 1439 u16 key_count, expected_len;
a492cd52 1440 int i;
55ed8ca1 1441
55ed8ca1
JH		 1442 key_count = get_unaligned_le16(&cp->key_count);
1443
86742e1e
JH		 1444 expected_len = sizeof(*cp) + key_count *
1445 sizeof(struct mgmt_link_key_info);
a492cd52 1446 if (expected_len != len) {
86742e1e 1447 BT_ERR("load_link_keys: expected %u bytes, got %u bytes",
a492cd52 1448 len, expected_len);
bdb6d971 1449 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
ca69b795 1450 MGMT_STATUS_INVALID_PARAMS);
55ed8ca1
JH		 1451 }
1452
bdb6d971 1453 BT_DBG("%s debug_keys %u key_count %u", hdev->name, cp->debug_keys,
55ed8ca1
JH		 1454 key_count);
1455
09fd0de5 1456 hci_dev_lock(hdev);
55ed8ca1
JH		 1457
1458 hci_link_keys_clear(hdev);
1459
a8b2d5c2 1460 set_bit(HCI_LINK_KEYS, &hdev->dev_flags);
55ed8ca1
JH		 1461
1462 if (cp->debug_keys)
a8b2d5c2 1463 set_bit(HCI_DEBUG_KEYS, &hdev->dev_flags);
55ed8ca1 1464 else
a8b2d5c2 1465 clear_bit(HCI_DEBUG_KEYS, &hdev->dev_flags);
55ed8ca1 1466
a492cd52 1467 for (i = 0; i < key_count; i++) {
86742e1e 1468 struct mgmt_link_key_info *key = &cp->keys[i];
55ed8ca1 1469
d753fdc4
JH		 1470 hci_add_link_key(hdev, NULL, 0, &key->addr.bdaddr, key->val,
1471 key->type, key->pin_len);
55ed8ca1
JH		 1472 }
1473
bdb6d971 1474 cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS, 0, NULL, 0);
0e5f875a 1475
09fd0de5 1476 hci_dev_unlock(hdev);
55ed8ca1 1477
a492cd52 1478 return 0;
55ed8ca1
JH		 1479}
1480
b1078ad0
JH		 1481static int device_unpaired(struct hci_dev *hdev, bdaddr_t *bdaddr,
1482 u8 addr_type, struct sock *skip_sk)
1483{
1484 struct mgmt_ev_device_unpaired ev;
1485
1486 bacpy(&ev.addr.bdaddr, bdaddr);
1487 ev.addr.type = addr_type;
1488
1489 return mgmt_event(MGMT_EV_DEVICE_UNPAIRED, hdev, &ev, sizeof(ev),
1490 skip_sk);
1491}
1492
bdb6d971
JH		 1493static int unpair_device(struct sock *sk, struct hci_dev *hdev, void *data,
1494 u16 len)
55ed8ca1 1495{
124f6e35
JH		 1496 struct mgmt_cp_unpair_device *cp = data;
1497 struct mgmt_rp_unpair_device rp;
a8a1d19e
JH		 1498 struct hci_cp_disconnect dc;
1499 struct pending_cmd *cmd;
55ed8ca1 1500 struct hci_conn *conn;
55ed8ca1
JH		 1501 int err;
1502
09fd0de5 1503 hci_dev_lock(hdev);
55ed8ca1 1504
a8a1d19e 1505 memset(&rp, 0, sizeof(rp));
124f6e35
JH		 1506 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
1507 rp.addr.type = cp->addr.type;
a8a1d19e 1508
86a8cfc6 1509 if (!hdev_is_powered(hdev)) {
bdb6d971 1510 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
86a8cfc6
JH		 1511 MGMT_STATUS_NOT_POWERED,
1512 &rp, sizeof(rp));
1513 goto unlock;
1514 }
1515
124f6e35
JH		 1516 if (cp->addr.type == MGMT_ADDR_BREDR)
1517 err = hci_remove_link_key(hdev, &cp->addr.bdaddr);
1518 else
1519 err = hci_remove_ltk(hdev, &cp->addr.bdaddr);
b0dbfb46 1520
55ed8ca1 1521 if (err < 0) {
bdb6d971 1522 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
86a8cfc6
JH		 1523 MGMT_STATUS_NOT_PAIRED,
1524 &rp, sizeof(rp));
55ed8ca1
JH		 1525 goto unlock;
1526 }
1527
86a8cfc6
JH		 1528 if (cp->disconnect) {
1529 if (cp->addr.type == MGMT_ADDR_BREDR)
1530 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
124f6e35 1531 &cp->addr.bdaddr);
86a8cfc6
JH		 1532 else
1533 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK,
124f6e35 1534 &cp->addr.bdaddr);
86a8cfc6
JH		 1535 } else {
1536 conn = NULL;
1537 }
124f6e35 1538
a8a1d19e 1539 if (!conn) {
bdb6d971 1540 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE, 0,
aee9b218 1541 &rp, sizeof(rp));
b1078ad0 1542 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, sk);
a8a1d19e
JH		 1543 goto unlock;
1544 }
55ed8ca1 1545
124f6e35
JH		 1546 cmd = mgmt_pending_add(sk, MGMT_OP_UNPAIR_DEVICE, hdev, cp,
1547 sizeof(*cp));
a8a1d19e
JH		 1548 if (!cmd) {
1549 err = -ENOMEM;
1550 goto unlock;
55ed8ca1
JH		 1551 }
1552
a8a1d19e
JH		 1553 put_unaligned_le16(conn->handle, &dc.handle);
1554 dc.reason = 0x13; /* Remote User Terminated Connection */
1555 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
1556 if (err < 0)
1557 mgmt_pending_remove(cmd);
1558
55ed8ca1 1559unlock:
09fd0de5 1560 hci_dev_unlock(hdev);
55ed8ca1
JH		 1561 return err;
1562}
1563
bdb6d971
JH		 1564static int disconnect(struct sock *sk, struct hci_dev *hdev, void *data,
1565 u16 len)
8962ee74 1566{
650f726d 1567 struct mgmt_cp_disconnect *cp = data;
8962ee74 1568 struct hci_cp_disconnect dc;
366a0336 1569 struct pending_cmd *cmd;
8962ee74 1570 struct hci_conn *conn;
8962ee74
JH		 1571 int err;
1572
1573 BT_DBG("");
1574
09fd0de5 1575 hci_dev_lock(hdev);
8962ee74
JH		 1576
1577 if (!test_bit(HCI_UP, &hdev->flags)) {
bdb6d971 1578 err = cmd_status(sk, hdev->id, MGMT_OP_DISCONNECT,
ca69b795 1579 MGMT_STATUS_NOT_POWERED);
8962ee74
JH		 1580 goto failed;
1581 }
1582
2e58ef3e 1583 if (mgmt_pending_find(MGMT_OP_DISCONNECT, hdev)) {
bdb6d971 1584 err = cmd_status(sk, hdev->id, MGMT_OP_DISCONNECT,
ca69b795 1585 MGMT_STATUS_BUSY);
8962ee74
JH		 1586 goto failed;
1587 }
1588
88c3df13
JH		 1589 if (cp->addr.type == MGMT_ADDR_BREDR)
1590 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->addr.bdaddr);
1591 else
1592 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
365227e5 1593
8962ee74 1594 if (!conn) {
bdb6d971 1595 err = cmd_status(sk, hdev->id, MGMT_OP_DISCONNECT,
ca69b795 1596 MGMT_STATUS_NOT_CONNECTED);
8962ee74
JH		 1597 goto failed;
1598 }
1599
2e58ef3e 1600 cmd = mgmt_pending_add(sk, MGMT_OP_DISCONNECT, hdev, data, len);
366a0336
JH		 1601 if (!cmd) {
1602 err = -ENOMEM;
8962ee74 1603 goto failed;
366a0336 1604 }
8962ee74
JH		 1605
1606 put_unaligned_le16(conn->handle, &dc.handle);
1607 dc.reason = 0x13; /* Remote User Terminated Connection */
1608
1609 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
1610 if (err < 0)
a664b5bc 1611 mgmt_pending_remove(cmd);
8962ee74
JH		 1612
1613failed:
09fd0de5 1614 hci_dev_unlock(hdev);
8962ee74
JH		 1615 return err;
1616}
1617
48264f06 1618static u8 link_to_mgmt(u8 link_type, u8 addr_type)
4c659c39
JH		 1619{
1620 switch (link_type) {
1621 case LE_LINK:
48264f06
JH		 1622 switch (addr_type) {
1623 case ADDR_LE_DEV_PUBLIC:
1624 return MGMT_ADDR_LE_PUBLIC;
1625 case ADDR_LE_DEV_RANDOM:
1626 return MGMT_ADDR_LE_RANDOM;
1627 default:
1628 return MGMT_ADDR_INVALID;
1629 }
4c659c39
JH		 1630 case ACL_LINK:
1631 return MGMT_ADDR_BREDR;
1632 default:
1633 return MGMT_ADDR_INVALID;
1634 }
1635}
1636
0f4e68cf
JH		 1637static int get_connections(struct sock *sk, struct hci_dev *hdev,
1638 void *data, u16 data_len)
2784eb41 1639{
2784eb41 1640 struct mgmt_rp_get_connections *rp;
8035ded4 1641 struct hci_conn *c;
a38528f1 1642 size_t rp_len;
60fc5fb6
JH		 1643 int err;
1644 u16 i;
2784eb41
JH		 1645
1646 BT_DBG("");
1647
09fd0de5 1648 hci_dev_lock(hdev);
2784eb41 1649
5f97c1df 1650 if (!hdev_is_powered(hdev)) {
bdb6d971 1651 err = cmd_status(sk, hdev->id, MGMT_OP_GET_CONNECTIONS,
5f97c1df
JH		 1652 MGMT_STATUS_NOT_POWERED);
1653 goto unlock;
1654 }
1655
60fc5fb6 1656 i = 0;
b644ba33
JH		 1657 list_for_each_entry(c, &hdev->conn_hash.list, list) {
1658 if (test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
60fc5fb6 1659 i++;
2784eb41
JH		 1660 }
1661
60fc5fb6 1662 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
a38528f1
JH		 1663 rp = kmalloc(rp_len, GFP_ATOMIC);
1664 if (!rp) {
2784eb41
JH		 1665 err = -ENOMEM;
1666 goto unlock;
1667 }
1668
2784eb41 1669 i = 0;
4c659c39 1670 list_for_each_entry(c, &hdev->conn_hash.list, list) {
b644ba33
JH		 1671 if (!test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
1672 continue;
4c659c39 1673 bacpy(&rp->addr[i].bdaddr, &c->dst);
48264f06 1674 rp->addr[i].type = link_to_mgmt(c->type, c->dst_type);
4c659c39
JH		 1675 if (rp->addr[i].type == MGMT_ADDR_INVALID)
1676 continue;
1677 i++;
1678 }
1679
60fc5fb6
JH		 1680 put_unaligned_le16(i, &rp->conn_count);
1681
4c659c39
JH		 1682 /* Recalculate length in case of filtered SCO connections, etc */
1683 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
2784eb41 1684
bdb6d971
JH		 1685 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CONNECTIONS, 0, rp,
1686 rp_len);
2784eb41 1687
a38528f1 1688 kfree(rp);
5f97c1df
JH		 1689
1690unlock:
09fd0de5 1691 hci_dev_unlock(hdev);
2784eb41
JH		 1692 return err;
1693}
1694
bdb6d971
JH		 1695static int send_pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
1696 struct mgmt_cp_pin_code_neg_reply *cp)
96d97a67
WR		 1697{
1698 struct pending_cmd *cmd;
1699 int err;
1700
2e58ef3e 1701 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_NEG_REPLY, hdev, cp,
96d97a67
WR		 1702 sizeof(*cp));
1703 if (!cmd)
1704 return -ENOMEM;
1705
d8457698
JH		 1706 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
1707 sizeof(cp->addr.bdaddr), &cp->addr.bdaddr);
96d97a67
WR		 1708 if (err < 0)
1709 mgmt_pending_remove(cmd);
1710
1711 return err;
1712}
1713
bdb6d971
JH		 1714static int pin_code_reply(struct sock *sk, struct hci_dev *hdev, void *data,
1715 u16 len)
980e1a53 1716{
96d97a67 1717 struct hci_conn *conn;
650f726d 1718 struct mgmt_cp_pin_code_reply *cp = data;
980e1a53 1719 struct hci_cp_pin_code_reply reply;
366a0336 1720 struct pending_cmd *cmd;
980e1a53
JH		 1721 int err;
1722
1723 BT_DBG("");
1724
09fd0de5 1725 hci_dev_lock(hdev);
980e1a53 1726
4b34ee78 1727 if (!hdev_is_powered(hdev)) {
bdb6d971 1728 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
ca69b795 1729 MGMT_STATUS_NOT_POWERED);
980e1a53
JH		 1730 goto failed;
1731 }
1732
d8457698 1733 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->addr.bdaddr);
96d97a67 1734 if (!conn) {
bdb6d971 1735 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
ca69b795 1736 MGMT_STATUS_NOT_CONNECTED);
96d97a67
WR		 1737 goto failed;
1738 }
1739
1740 if (conn->pending_sec_level == BT_SECURITY_HIGH && cp->pin_len != 16) {
d8457698
JH		 1741 struct mgmt_cp_pin_code_neg_reply ncp;
1742
1743 memcpy(&ncp.addr, &cp->addr, sizeof(ncp.addr));
96d97a67
WR		 1744
1745 BT_ERR("PIN code is not 16 bytes long");
1746
bdb6d971 1747 err = send_pin_code_neg_reply(sk, hdev, &ncp);
96d97a67 1748 if (err >= 0)
bdb6d971 1749 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
ca69b795 1750 MGMT_STATUS_INVALID_PARAMS);
96d97a67
WR		 1751
1752 goto failed;
1753 }
1754
00abfe44 1755 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_REPLY, hdev, data, len);
366a0336
JH		 1756 if (!cmd) {
1757 err = -ENOMEM;
980e1a53 1758 goto failed;
366a0336 1759 }
980e1a53 1760
d8457698 1761 bacpy(&reply.bdaddr, &cp->addr.bdaddr);
980e1a53 1762 reply.pin_len = cp->pin_len;
24718ca5 1763 memcpy(reply.pin_code, cp->pin_code, sizeof(reply.pin_code));
980e1a53
JH		 1764
1765 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_REPLY, sizeof(reply), &reply);
1766 if (err < 0)
a664b5bc 1767 mgmt_pending_remove(cmd);
980e1a53
JH		 1768
1769failed:
09fd0de5 1770 hci_dev_unlock(hdev);
980e1a53
JH		 1771 return err;
1772}
1773
bdb6d971
JH		 1774static int pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
1775 void *data, u16 len)
980e1a53 1776{
650f726d 1777 struct mgmt_cp_pin_code_neg_reply *cp = data;
980e1a53
JH		 1778 int err;
1779
1780 BT_DBG("");
1781
09fd0de5 1782 hci_dev_lock(hdev);
980e1a53 1783
4b34ee78 1784 if (!hdev_is_powered(hdev)) {
bdb6d971 1785 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_NEG_REPLY,
ca69b795 1786 MGMT_STATUS_NOT_POWERED);
980e1a53
JH		 1787 goto failed;
1788 }
1789
bdb6d971 1790 err = send_pin_code_neg_reply(sk, hdev, cp);
980e1a53
JH		 1791
1792failed:
09fd0de5 1793 hci_dev_unlock(hdev);
980e1a53
JH		 1794 return err;
1795}
1796
bdb6d971
JH		 1797static int set_io_capability(struct sock *sk, struct hci_dev *hdev,
1798 void *data, u16 len)
17fa4b9d 1799{
650f726d 1800 struct mgmt_cp_set_io_capability *cp = data;
17fa4b9d
JH		 1801
1802 BT_DBG("");
1803
09fd0de5 1804 hci_dev_lock(hdev);
17fa4b9d
JH		 1805
1806 hdev->io_capability = cp->io_capability;
1807
1808 BT_DBG("%s IO capability set to 0x%02x", hdev->name,
b8534e0f 1809 hdev->io_capability);
17fa4b9d 1810
09fd0de5 1811 hci_dev_unlock(hdev);
17fa4b9d 1812
bdb6d971
JH		 1813 return cmd_complete(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY, 0,
1814 NULL, 0);
17fa4b9d
JH		 1815}
1816
e9a416b5
JH		 1817static inline struct pending_cmd *find_pairing(struct hci_conn *conn)
1818{
1819 struct hci_dev *hdev = conn->hdev;
8035ded4 1820 struct pending_cmd *cmd;
e9a416b5 1821
2e58ef3e 1822 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
e9a416b5
JH		 1823 if (cmd->opcode != MGMT_OP_PAIR_DEVICE)
1824 continue;
1825
e9a416b5
JH		 1826 if (cmd->user_data != conn)
1827 continue;
1828
1829 return cmd;
1830 }
1831
1832 return NULL;
1833}
1834
1835static void pairing_complete(struct pending_cmd *cmd, u8 status)
1836{
1837 struct mgmt_rp_pair_device rp;
1838 struct hci_conn *conn = cmd->user_data;
1839
ba4e564f
JH		 1840 bacpy(&rp.addr.bdaddr, &conn->dst);
1841 rp.addr.type = link_to_mgmt(conn->type, conn->dst_type);
e9a416b5 1842
aee9b218
JH		 1843 cmd_complete(cmd->sk, cmd->index, MGMT_OP_PAIR_DEVICE, status,
1844 &rp, sizeof(rp));
e9a416b5
JH		 1845
1846 /* So we don't get further callbacks for this connection */
1847 conn->connect_cfm_cb = NULL;
1848 conn->security_cfm_cb = NULL;
1849 conn->disconn_cfm_cb = NULL;
1850
1851 hci_conn_put(conn);
1852
a664b5bc 1853 mgmt_pending_remove(cmd);
e9a416b5
JH		 1854}
1855
1856static void pairing_complete_cb(struct hci_conn *conn, u8 status)
1857{
1858 struct pending_cmd *cmd;
1859
1860 BT_DBG("status %u", status);
1861
1862 cmd = find_pairing(conn);
56e5cb86 1863 if (!cmd)
e9a416b5 1864 BT_DBG("Unable to find a pending command");
56e5cb86 1865 else
e211326c 1866 pairing_complete(cmd, mgmt_status(status));
e9a416b5
JH		 1867}
1868
bdb6d971
JH		 1869static int pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
1870 u16 len)
e9a416b5 1871{
650f726d 1872 struct mgmt_cp_pair_device *cp = data;
1425acb7 1873 struct mgmt_rp_pair_device rp;
e9a416b5
JH		 1874 struct pending_cmd *cmd;
1875 u8 sec_level, auth_type;
1876 struct hci_conn *conn;
e9a416b5
JH		 1877 int err;
1878
1879 BT_DBG("");
1880
09fd0de5 1881 hci_dev_lock(hdev);
e9a416b5 1882
5f97c1df 1883 if (!hdev_is_powered(hdev)) {
bdb6d971 1884 err = cmd_status(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
5f97c1df
JH		 1885 MGMT_STATUS_NOT_POWERED);
1886 goto unlock;
1887 }
1888
c908df36
VCG		 1889 sec_level = BT_SECURITY_MEDIUM;
1890 if (cp->io_cap == 0x03)
e9a416b5 1891 auth_type = HCI_AT_DEDICATED_BONDING;
c908df36 1892 else
e9a416b5 1893 auth_type = HCI_AT_DEDICATED_BONDING_MITM;
e9a416b5 1894
ba4e564f
JH		 1895 if (cp->addr.type == MGMT_ADDR_BREDR)
1896 conn = hci_connect(hdev, ACL_LINK, &cp->addr.bdaddr, sec_level,
7a512d01
VCG		 1897 auth_type);
1898 else
ba4e564f 1899 conn = hci_connect(hdev, LE_LINK, &cp->addr.bdaddr, sec_level,
7a512d01
VCG		 1900 auth_type);
1901
1425acb7
JH		 1902 memset(&rp, 0, sizeof(rp));
1903 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
1904 rp.addr.type = cp->addr.type;
1905
30e76272 1906 if (IS_ERR(conn)) {
bdb6d971 1907 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
e211326c
JH		 1908 MGMT_STATUS_CONNECT_FAILED,
1909 &rp, sizeof(rp));
e9a416b5
JH		 1910 goto unlock;
1911 }
1912
1913 if (conn->connect_cfm_cb) {
1914 hci_conn_put(conn);
bdb6d971 1915 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
e211326c 1916 MGMT_STATUS_BUSY, &rp, sizeof(rp));
e9a416b5
JH		 1917 goto unlock;
1918 }
1919
2e58ef3e 1920 cmd = mgmt_pending_add(sk, MGMT_OP_PAIR_DEVICE, hdev, data, len);
e9a416b5
JH		 1921 if (!cmd) {
1922 err = -ENOMEM;
1923 hci_conn_put(conn);
1924 goto unlock;
1925 }
1926
7a512d01 1927 /* For LE, just connecting isn't a proof that the pairing finished */
ba4e564f 1928 if (cp->addr.type == MGMT_ADDR_BREDR)
7a512d01
VCG		 1929 conn->connect_cfm_cb = pairing_complete_cb;
1930
e9a416b5
JH		 1931 conn->security_cfm_cb = pairing_complete_cb;
1932 conn->disconn_cfm_cb = pairing_complete_cb;
1933 conn->io_capability = cp->io_cap;
1934 cmd->user_data = conn;
1935
1936 if (conn->state == BT_CONNECTED &&
1937 hci_conn_security(conn, sec_level, auth_type))
1938 pairing_complete(cmd, 0);
1939
1940 err = 0;
1941
1942unlock:
09fd0de5 1943 hci_dev_unlock(hdev);
e9a416b5
JH		 1944 return err;
1945}
1946
bdb6d971 1947static int cancel_pair_device(struct sock *sk, struct hci_dev *hdev,
0f4e68cf 1948 void *data, u16 len)
28424707 1949{
0f4e68cf 1950 struct mgmt_addr_info *addr = data;
28424707
JH		 1951 struct pending_cmd *cmd;
1952 struct hci_conn *conn;
1953 int err;
1954
1955 BT_DBG("");
1956
28424707
JH		 1957 hci_dev_lock(hdev);
1958
5f97c1df 1959 if (!hdev_is_powered(hdev)) {
bdb6d971 1960 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
5f97c1df
JH		 1961 MGMT_STATUS_NOT_POWERED);
1962 goto unlock;
1963 }
1964
28424707
JH		 1965 cmd = mgmt_pending_find(MGMT_OP_PAIR_DEVICE, hdev);
1966 if (!cmd) {
bdb6d971 1967 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
28424707
JH		 1968 MGMT_STATUS_INVALID_PARAMS);
1969 goto unlock;
1970 }
1971
1972 conn = cmd->user_data;
1973
1974 if (bacmp(&addr->bdaddr, &conn->dst) != 0) {
bdb6d971 1975 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
28424707
JH		 1976 MGMT_STATUS_INVALID_PARAMS);
1977 goto unlock;
1978 }
1979
1980 pairing_complete(cmd, MGMT_STATUS_CANCELLED);
1981
bdb6d971
JH		 1982 err = cmd_complete(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE, 0,
1983 addr, sizeof(*addr));
28424707
JH		 1984unlock:
1985 hci_dev_unlock(hdev);
28424707
JH		 1986 return err;
1987}
1988
bdb6d971
JH		 1989static int user_pairing_resp(struct sock *sk, struct hci_dev *hdev,
1990 bdaddr_t *bdaddr, u8 type, u16 mgmt_op,
1991 u16 hci_op, __le32 passkey)
a5c29683 1992{
a5c29683 1993 struct pending_cmd *cmd;
0df4c185 1994 struct hci_conn *conn;
a5c29683
JH		 1995 int err;
1996
09fd0de5 1997 hci_dev_lock(hdev);
08ba5382 1998
4b34ee78 1999 if (!hdev_is_powered(hdev)) {
bdb6d971
JH		 2000 err = cmd_status(sk, hdev->id, mgmt_op,
2001 MGMT_STATUS_NOT_POWERED);
0df4c185 2002 goto done;
a5c29683
JH		 2003 }
2004
272d90df
JH		 2005 if (type == MGMT_ADDR_BREDR)
2006 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, bdaddr);
2007 else
47c15e2b 2008 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, bdaddr);
272d90df
JH		 2009
2010 if (!conn) {
bdb6d971 2011 err = cmd_status(sk, hdev->id, mgmt_op,
47c15e2b 2012 MGMT_STATUS_NOT_CONNECTED);
272d90df
JH		 2013 goto done;
2014 }
47c15e2b 2015
272d90df 2016 if (type == MGMT_ADDR_LE_PUBLIC || type == MGMT_ADDR_LE_RANDOM) {
47c15e2b 2017 /* Continue with pairing via SMP */
5fe57d9e
BG		 2018 err = smp_user_confirm_reply(conn, mgmt_op, passkey);
2019
2020 if (!err)
bdb6d971 2021 err = cmd_status(sk, hdev->id, mgmt_op,
5fe57d9e
BG		 2022 MGMT_STATUS_SUCCESS);
2023 else
bdb6d971 2024 err = cmd_status(sk, hdev->id, mgmt_op,
5fe57d9e 2025 MGMT_STATUS_FAILED);
47c15e2b 2026
47c15e2b
BG		 2027 goto done;
2028 }
2029
0df4c185 2030 cmd = mgmt_pending_add(sk, mgmt_op, hdev, bdaddr, sizeof(*bdaddr));
a5c29683
JH		 2031 if (!cmd) {
2032 err = -ENOMEM;
0df4c185 2033 goto done;
a5c29683
JH		 2034 }
2035
0df4c185 2036 /* Continue with pairing via HCI */
604086b7
BG		 2037 if (hci_op == HCI_OP_USER_PASSKEY_REPLY) {
2038 struct hci_cp_user_passkey_reply cp;
2039
2040 bacpy(&cp.bdaddr, bdaddr);
2041 cp.passkey = passkey;
2042 err = hci_send_cmd(hdev, hci_op, sizeof(cp), &cp);
2043 } else
2044 err = hci_send_cmd(hdev, hci_op, sizeof(*bdaddr), bdaddr);
2045
a664b5bc
JH		 2046 if (err < 0)
2047 mgmt_pending_remove(cmd);
a5c29683 2048
0df4c185 2049done:
09fd0de5 2050 hci_dev_unlock(hdev);
a5c29683
JH		 2051 return err;
2052}
2053
bdb6d971
JH		 2054static int user_confirm_reply(struct sock *sk, struct hci_dev *hdev,
2055 void *data, u16 len)
0df4c185 2056{
650f726d 2057 struct mgmt_cp_user_confirm_reply *cp = data;
0df4c185
BG		 2058
2059 BT_DBG("");
2060
2061 if (len != sizeof(*cp))
bdb6d971 2062 return cmd_status(sk, hdev->id, MGMT_OP_USER_CONFIRM_REPLY,
0df4c185
BG		 2063 MGMT_STATUS_INVALID_PARAMS);
2064
bdb6d971 2065 return user_pairing_resp(sk, hdev, &cp->addr.bdaddr, cp->addr.type,
272d90df
JH		 2066 MGMT_OP_USER_CONFIRM_REPLY,
2067 HCI_OP_USER_CONFIRM_REPLY, 0);
0df4c185
BG		 2068}
2069
bdb6d971
JH		 2070static int user_confirm_neg_reply(struct sock *sk, struct hci_dev *hdev,
2071 void *data, u16 len)
0df4c185 2072{
c9c2659f 2073 struct mgmt_cp_user_confirm_neg_reply *cp = data;
0df4c185
BG		 2074
2075 BT_DBG("");
2076
bdb6d971 2077 return user_pairing_resp(sk, hdev, &cp->addr.bdaddr, cp->addr.type,
272d90df
JH		 2078 MGMT_OP_USER_CONFIRM_NEG_REPLY,
2079 HCI_OP_USER_CONFIRM_NEG_REPLY, 0);
0df4c185
BG		 2080}
2081
bdb6d971
JH		 2082static int user_passkey_reply(struct sock *sk, struct hci_dev *hdev,
2083 void *data, u16 len)
604086b7 2084{
650f726d 2085 struct mgmt_cp_user_passkey_reply *cp = data;
604086b7
BG		 2086
2087 BT_DBG("");
2088
bdb6d971 2089 return user_pairing_resp(sk, hdev, &cp->addr.bdaddr, cp->addr.type,
272d90df
JH		 2090 MGMT_OP_USER_PASSKEY_REPLY,
2091 HCI_OP_USER_PASSKEY_REPLY,
2092 cp->passkey);
604086b7
BG		 2093}
2094
bdb6d971
JH		 2095static int user_passkey_neg_reply(struct sock *sk, struct hci_dev *hdev,
2096 void *data, u16 len)
604086b7 2097{
650f726d 2098 struct mgmt_cp_user_passkey_neg_reply *cp = data;
604086b7
BG		 2099
2100 BT_DBG("");
2101
bdb6d971 2102 return user_pairing_resp(sk, hdev, &cp->addr.bdaddr, cp->addr.type,
272d90df
JH		 2103 MGMT_OP_USER_PASSKEY_NEG_REPLY,
2104 HCI_OP_USER_PASSKEY_NEG_REPLY, 0);
604086b7
BG		 2105}
2106
2b4bf397
JH		 2107static int update_name(struct hci_dev *hdev, const char *name)
2108{
2109 struct hci_cp_write_local_name cp;
2110
2111 memcpy(cp.name, name, sizeof(cp.name));
2112
2113 return hci_send_cmd(hdev, HCI_OP_WRITE_LOCAL_NAME, sizeof(cp), &cp);
2114}
2115
bdb6d971 2116static int set_local_name(struct sock *sk, struct hci_dev *hdev, void *data,
b312b161
JH		 2117 u16 len)
2118{
2b4bf397 2119 struct mgmt_cp_set_local_name *cp = data;
b312b161
JH		 2120 struct pending_cmd *cmd;
2121 int err;
2122
2123 BT_DBG("");
2124
09fd0de5 2125 hci_dev_lock(hdev);
b312b161 2126
2b4bf397 2127 memcpy(hdev->short_name, cp->short_name, sizeof(hdev->short_name));
28cc7bde 2128
b5235a65 2129 if (!hdev_is_powered(hdev)) {
2b4bf397 2130 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
28cc7bde
JH		 2131
2132 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
2133 data, len);
2134 if (err < 0)
2135 goto failed;
2136
2137 err = mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, data, len,
2138 sk);
2139
b5235a65
JH		 2140 goto failed;
2141 }
2142
28cc7bde 2143 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LOCAL_NAME, hdev, data, len);
b312b161
JH		 2144 if (!cmd) {
2145 err = -ENOMEM;
2146 goto failed;
2147 }
2148
2b4bf397 2149 err = update_name(hdev, cp->name);
b312b161
JH		 2150 if (err < 0)
2151 mgmt_pending_remove(cmd);
2152
2153failed:
09fd0de5 2154 hci_dev_unlock(hdev);
b312b161
JH		 2155 return err;
2156}
2157
0f4e68cf
JH		 2158static int read_local_oob_data(struct sock *sk, struct hci_dev *hdev,
2159 void *data, u16 data_len)
c35938b2 2160{
c35938b2
SJ		 2161 struct pending_cmd *cmd;
2162 int err;
2163
bdb6d971 2164 BT_DBG("%s", hdev->name);
c35938b2 2165
09fd0de5 2166 hci_dev_lock(hdev);
c35938b2 2167
4b34ee78 2168 if (!hdev_is_powered(hdev)) {
bdb6d971 2169 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
ca69b795 2170 MGMT_STATUS_NOT_POWERED);
c35938b2
SJ		 2171 goto unlock;
2172 }
2173
2174 if (!(hdev->features[6] & LMP_SIMPLE_PAIR)) {
bdb6d971 2175 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
ca69b795 2176 MGMT_STATUS_NOT_SUPPORTED);
c35938b2
SJ		 2177 goto unlock;
2178 }
2179
2e58ef3e 2180 if (mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev)) {
bdb6d971 2181 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
ca69b795 2182 MGMT_STATUS_BUSY);
c35938b2
SJ		 2183 goto unlock;
2184 }
2185
2e58ef3e 2186 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_DATA, hdev, NULL, 0);
c35938b2
SJ		 2187 if (!cmd) {
2188 err = -ENOMEM;
2189 goto unlock;
2190 }
2191
2192 err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL);
2193 if (err < 0)
2194 mgmt_pending_remove(cmd);
2195
2196unlock:
09fd0de5 2197 hci_dev_unlock(hdev);
c35938b2
SJ		 2198 return err;
2199}
2200
bdb6d971
JH		 2201static int add_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
2202 void *data, u16 len)
2763eda6 2203{
650f726d 2204 struct mgmt_cp_add_remote_oob_data *cp = data;
bf1e3541 2205 u8 status;
2763eda6
SJ		 2206 int err;
2207
bdb6d971 2208 BT_DBG("%s ", hdev->name);
2763eda6 2209
09fd0de5 2210 hci_dev_lock(hdev);
2763eda6 2211
5f97c1df 2212 if (!hdev_is_powered(hdev)) {
bdb6d971 2213 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA,
5f97c1df
JH		 2214 MGMT_STATUS_NOT_POWERED,
2215 &cp->addr, sizeof(cp->addr));
2216 goto unlock;
2217 }
2218
664ce4cc 2219 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr, cp->hash,
2763eda6
SJ		 2220 cp->randomizer);
2221 if (err < 0)
bf1e3541 2222 status = MGMT_STATUS_FAILED;
2763eda6 2223 else
bf1e3541
JH		 2224 status = 0;
2225
bdb6d971 2226 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA, status,
bf1e3541 2227 &cp->addr, sizeof(cp->addr));
2763eda6 2228
5f97c1df 2229unlock:
09fd0de5 2230 hci_dev_unlock(hdev);
2763eda6
SJ		 2231 return err;
2232}
2233
bdb6d971 2234static int remove_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
650f726d 2235 void *data, u16 len)
2763eda6 2236{
650f726d 2237 struct mgmt_cp_remove_remote_oob_data *cp = data;
bf1e3541 2238 u8 status;
2763eda6
SJ		 2239 int err;
2240
bdb6d971 2241 BT_DBG("%s", hdev->name);
2763eda6 2242
09fd0de5 2243 hci_dev_lock(hdev);
2763eda6 2244
5f97c1df 2245 if (!hdev_is_powered(hdev)) {
bdb6d971
JH		 2246 err = cmd_complete(sk, hdev->id,
2247 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
2248 MGMT_STATUS_NOT_POWERED,
2249 &cp->addr, sizeof(cp->addr));
5f97c1df
JH		 2250 goto unlock;
2251 }
2252
664ce4cc 2253 err = hci_remove_remote_oob_data(hdev, &cp->addr.bdaddr);
2763eda6 2254 if (err < 0)
bf1e3541 2255 status = MGMT_STATUS_INVALID_PARAMS;
2763eda6 2256 else
bf1e3541
JH		 2257 status = 0;
2258
bdb6d971
JH		 2259 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
2260 status, &cp->addr, sizeof(cp->addr));
2763eda6 2261
5f97c1df 2262unlock:
09fd0de5 2263 hci_dev_unlock(hdev);
2763eda6
SJ		 2264 return err;
2265}
2266
5e0452c0
AG		 2267int mgmt_interleaved_discovery(struct hci_dev *hdev)
2268{
2269 int err;
2270
2271 BT_DBG("%s", hdev->name);
2272
2273 hci_dev_lock(hdev);
2274
2275 err = hci_do_inquiry(hdev, INQUIRY_LEN_BREDR_LE);
2276 if (err < 0)
2277 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
2278
2279 hci_dev_unlock(hdev);
2280
2281 return err;
2282}
2283
bdb6d971 2284static int start_discovery(struct sock *sk, struct hci_dev *hdev,
650f726d 2285 void *data, u16 len)
14a53664 2286{
650f726d 2287 struct mgmt_cp_start_discovery *cp = data;
14a53664 2288 struct pending_cmd *cmd;
14a53664
JH		 2289 int err;
2290
bdb6d971 2291 BT_DBG("%s", hdev->name);
14a53664 2292
09fd0de5 2293 hci_dev_lock(hdev);
14a53664 2294
4b34ee78 2295 if (!hdev_is_powered(hdev)) {
bdb6d971 2296 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
ca69b795 2297 MGMT_STATUS_NOT_POWERED);
bd2d1334
JH		 2298 goto failed;
2299 }
2300
ff9ef578 2301 if (hdev->discovery.state != DISCOVERY_STOPPED) {
bdb6d971
JH		 2302 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2303 MGMT_STATUS_BUSY);
ff9ef578
JH		 2304 goto failed;
2305 }
2306
2e58ef3e 2307 cmd = mgmt_pending_add(sk, MGMT_OP_START_DISCOVERY, hdev, NULL, 0);
14a53664
JH		 2308 if (!cmd) {
2309 err = -ENOMEM;
2310 goto failed;
2311 }
2312
4aab14e5
AG		 2313 hdev->discovery.type = cp->type;
2314
2315 switch (hdev->discovery.type) {
f39799f5 2316 case DISCOV_TYPE_BREDR:
8b90129c
AG		 2317 if (lmp_bredr_capable(hdev))
2318 err = hci_do_inquiry(hdev, INQUIRY_LEN_BREDR);
2319 else
2320 err = -ENOTSUPP;
f39799f5
AG		 2321 break;
2322
2323 case DISCOV_TYPE_LE:
8b90129c
AG		 2324 if (lmp_host_le_capable(hdev))
2325 err = hci_le_scan(hdev, LE_SCAN_TYPE, LE_SCAN_INT,
3fd24153 2326 LE_SCAN_WIN, LE_SCAN_TIMEOUT_LE_ONLY);
8b90129c
AG		 2327 else
2328 err = -ENOTSUPP;
f39799f5
AG		 2329 break;
2330
5e0452c0 2331 case DISCOV_TYPE_INTERLEAVED:
426c189a
AG		 2332 if (lmp_host_le_capable(hdev) && lmp_bredr_capable(hdev))
2333 err = hci_le_scan(hdev, LE_SCAN_TYPE, LE_SCAN_INT,
2334 LE_SCAN_WIN, LE_SCAN_TIMEOUT_BREDR_LE);
2335 else
2336 err = -ENOTSUPP;
5e0452c0
AG		 2337 break;
2338
f39799f5 2339 default:
3fd24153 2340 err = -EINVAL;
f39799f5 2341 }
3fd24153 2342
14a53664
JH		 2343 if (err < 0)
2344 mgmt_pending_remove(cmd);
ff9ef578
JH		 2345 else
2346 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
14a53664
JH		 2347
2348failed:
09fd0de5 2349 hci_dev_unlock(hdev);
14a53664
JH		 2350 return err;
2351}
2352
bdb6d971
JH		 2353static int stop_discovery(struct sock *sk, struct hci_dev *hdev, void *data,
2354 u16 len)
14a53664 2355{
d930650b 2356 struct mgmt_cp_stop_discovery *mgmt_cp = data;
14a53664 2357 struct pending_cmd *cmd;
30dc78e1
JH		 2358 struct hci_cp_remote_name_req_cancel cp;
2359 struct inquiry_entry *e;
14a53664
JH		 2360 int err;
2361
bdb6d971 2362 BT_DBG("%s", hdev->name);
14a53664 2363
09fd0de5 2364 hci_dev_lock(hdev);
14a53664 2365
30dc78e1 2366 if (!hci_discovery_active(hdev)) {
bdb6d971 2367 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
d930650b
JH		 2368 MGMT_STATUS_REJECTED,
2369 &mgmt_cp->type, sizeof(mgmt_cp->type));
2370 goto unlock;
2371 }
2372
2373 if (hdev->discovery.type != mgmt_cp->type) {
bdb6d971 2374 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
d930650b
JH		 2375 MGMT_STATUS_INVALID_PARAMS,
2376 &mgmt_cp->type, sizeof(mgmt_cp->type));
30dc78e1 2377 goto unlock;
ff9ef578
JH		 2378 }
2379
2e58ef3e 2380 cmd = mgmt_pending_add(sk, MGMT_OP_STOP_DISCOVERY, hdev, NULL, 0);
14a53664
JH		 2381 if (!cmd) {
2382 err = -ENOMEM;
30dc78e1
JH		 2383 goto unlock;
2384 }
2385
343f935b 2386 if (hdev->discovery.state == DISCOVERY_FINDING) {
30dc78e1
JH		 2387 err = hci_cancel_inquiry(hdev);
2388 if (err < 0)
2389 mgmt_pending_remove(cmd);
2390 else
2391 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
2392 goto unlock;
2393 }
2394
2395 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY, NAME_PENDING);
2396 if (!e) {
2397 mgmt_pending_remove(cmd);
bdb6d971 2398 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY, 0,
d930650b 2399 &mgmt_cp->type, sizeof(mgmt_cp->type));
30dc78e1
JH		 2400 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
2401 goto unlock;
14a53664
JH		 2402 }
2403
30dc78e1
JH		 2404 bacpy(&cp.bdaddr, &e->data.bdaddr);
2405 err = hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ_CANCEL,
2406 sizeof(cp), &cp);
14a53664
JH		 2407 if (err < 0)
2408 mgmt_pending_remove(cmd);
ff9ef578
JH		 2409 else
2410 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
14a53664 2411
30dc78e1 2412unlock:
09fd0de5 2413 hci_dev_unlock(hdev);
14a53664
JH		 2414 return err;
2415}
2416
bdb6d971
JH		 2417static int confirm_name(struct sock *sk, struct hci_dev *hdev, void *data,
2418 u16 len)
561aafbc 2419{
650f726d 2420 struct mgmt_cp_confirm_name *cp = data;
561aafbc 2421 struct inquiry_entry *e;
561aafbc
JH		 2422 int err;
2423
bdb6d971 2424 BT_DBG("%s", hdev->name);
561aafbc 2425
561aafbc
JH		 2426 hci_dev_lock(hdev);
2427
30dc78e1 2428 if (!hci_discovery_active(hdev)) {
bdb6d971 2429 err = cmd_status(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
30dc78e1
JH		 2430 MGMT_STATUS_FAILED);
2431 goto failed;
2432 }
2433
a198e7b1 2434 e = hci_inquiry_cache_lookup_unknown(hdev, &cp->addr.bdaddr);
561aafbc 2435 if (!e) {
bdb6d971
JH		 2436 err = cmd_status(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
2437 MGMT_STATUS_INVALID_PARAMS);
561aafbc
JH		 2438 goto failed;
2439 }
2440
2441 if (cp->name_known) {
2442 e->name_state = NAME_KNOWN;
2443 list_del(&e->list);
2444 } else {
2445 e->name_state = NAME_NEEDED;
a3d4e20a 2446 hci_inquiry_cache_update_resolve(hdev, e);
561aafbc
JH		 2447 }
2448
2449 err = 0;
2450
2451failed:
2452 hci_dev_unlock(hdev);
561aafbc
JH		 2453 return err;
2454}
2455
bdb6d971
JH		 2456static int block_device(struct sock *sk, struct hci_dev *hdev, void *data,
2457 u16 len)
7fbec224 2458{
650f726d 2459 struct mgmt_cp_block_device *cp = data;
f0eeea8b 2460 u8 status;
7fbec224
AJ		 2461 int err;
2462
bdb6d971 2463 BT_DBG("%s", hdev->name);
7fbec224 2464
09fd0de5 2465 hci_dev_lock(hdev);
5e762444 2466
88c1fe4b 2467 err = hci_blacklist_add(hdev, &cp->addr.bdaddr, cp->addr.type);
7fbec224 2468 if (err < 0)
f0eeea8b 2469 status = MGMT_STATUS_FAILED;
7fbec224 2470 else
f0eeea8b
JH		 2471 status = 0;
2472
bdb6d971 2473 err = cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE, status,
f0eeea8b 2474 &cp->addr, sizeof(cp->addr));
5e762444 2475
09fd0de5 2476 hci_dev_unlock(hdev);
7fbec224
AJ		 2477
2478 return err;
2479}
2480
bdb6d971
JH		 2481static int unblock_device(struct sock *sk, struct hci_dev *hdev, void *data,
2482 u16 len)
7fbec224 2483{
650f726d 2484 struct mgmt_cp_unblock_device *cp = data;
f0eeea8b 2485 u8 status;
7fbec224
AJ		 2486 int err;
2487
bdb6d971 2488 BT_DBG("%s", hdev->name);
7fbec224 2489
09fd0de5 2490 hci_dev_lock(hdev);
5e762444 2491
88c1fe4b 2492 err = hci_blacklist_del(hdev, &cp->addr.bdaddr, cp->addr.type);
7fbec224 2493 if (err < 0)
f0eeea8b 2494 status = MGMT_STATUS_INVALID_PARAMS;
7fbec224 2495 else
f0eeea8b
JH		 2496 status = 0;
2497
bdb6d971 2498 err = cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE, status,
f0eeea8b 2499 &cp->addr, sizeof(cp->addr));
5e762444 2500
09fd0de5 2501 hci_dev_unlock(hdev);
7fbec224
AJ		 2502
2503 return err;
2504}
2505
bdb6d971
JH		 2506static int set_fast_connectable(struct sock *sk, struct hci_dev *hdev,
2507 void *data, u16 len)
f6422ec6 2508{
650f726d 2509 struct mgmt_mode *cp = data;
f6422ec6
AJ		 2510 struct hci_cp_write_page_scan_activity acp;
2511 u8 type;
2512 int err;
2513
bdb6d971 2514 BT_DBG("%s", hdev->name);
f6422ec6 2515
5400c044 2516 if (!hdev_is_powered(hdev))
bdb6d971 2517 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
5400c044
JH		 2518 MGMT_STATUS_NOT_POWERED);
2519
2520 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
bdb6d971
JH		 2521 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
2522 MGMT_STATUS_REJECTED);
f6422ec6
AJ		 2523
2524 hci_dev_lock(hdev);
2525
f7c6869c 2526 if (cp->val) {
f6422ec6
AJ		 2527 type = PAGE_SCAN_TYPE_INTERLACED;
2528 acp.interval = 0x0024; /* 22.5 msec page scan interval */
2529 } else {
2530 type = PAGE_SCAN_TYPE_STANDARD; /* default */
2531 acp.interval = 0x0800; /* default 1.28 sec page scan */
2532 }
2533
2534 acp.window = 0x0012; /* default 11.25 msec page scan window */
2535
2536 err = hci_send_cmd(hdev, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY,
2537 sizeof(acp), &acp);
2538 if (err < 0) {
bdb6d971
JH		 2539 err = cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
2540 MGMT_STATUS_FAILED);
f6422ec6
AJ		 2541 goto done;
2542 }
2543
2544 err = hci_send_cmd(hdev, HCI_OP_WRITE_PAGE_SCAN_TYPE, 1, &type);
2545 if (err < 0) {
bdb6d971
JH		 2546 err = cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
2547 MGMT_STATUS_FAILED);
f6422ec6
AJ		 2548 goto done;
2549 }
2550
bdb6d971 2551 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE, 0,
aee9b218 2552 NULL, 0);
f6422ec6
AJ		 2553done:
2554 hci_dev_unlock(hdev);
f6422ec6
AJ		 2555 return err;
2556}
2557
bdb6d971 2558static int load_long_term_keys(struct sock *sk, struct hci_dev *hdev,
346af67b
VCG		 2559 void *cp_data, u16 len)
2560{
346af67b
VCG		 2561 struct mgmt_cp_load_long_term_keys *cp = cp_data;
2562 u16 key_count, expected_len;
2563 int i;
2564
346af67b
VCG		 2565 key_count = get_unaligned_le16(&cp->key_count);
2566
2567 expected_len = sizeof(*cp) + key_count *
2568 sizeof(struct mgmt_ltk_info);
2569 if (expected_len != len) {
2570 BT_ERR("load_keys: expected %u bytes, got %u bytes",
2571 len, expected_len);
bdb6d971 2572 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
346af67b
VCG		 2573 EINVAL);
2574 }
2575
bdb6d971 2576 BT_DBG("%s key_count %u", hdev->name, key_count);
346af67b
VCG		 2577
2578 hci_dev_lock(hdev);
2579
2580 hci_smp_ltks_clear(hdev);
2581
2582 for (i = 0; i < key_count; i++) {
2583 struct mgmt_ltk_info *key = &cp->keys[i];
2584 u8 type;
2585
2586 if (key->master)
2587 type = HCI_SMP_LTK;
2588 else
2589 type = HCI_SMP_LTK_SLAVE;
2590
2591 hci_add_ltk(hdev, &key->addr.bdaddr, key->addr.type,
2592 type, 0, key->authenticated, key->val,
2593 key->enc_size, key->ediv, key->rand);
2594 }
2595
2596 hci_dev_unlock(hdev);
346af67b
VCG		 2597
2598 return 0;
2599}
2600
0f4e68cf
JH		 2601struct mgmt_handler {
2602 int (*func) (struct sock *sk, struct hci_dev *hdev,
2603 void *data, u16 data_len);
be22b54e
JH		 2604 bool var_len;
2605 size_t data_len;
0f4e68cf
JH		 2606} mgmt_handlers[] = {
2607 { NULL }, /* 0x0000 (no command) */
be22b54e
JH		 2608 { read_version, false, MGMT_READ_VERSION_SIZE },
2609 { read_commands, false, MGMT_READ_COMMANDS_SIZE },
2610 { read_index_list, false, MGMT_READ_INDEX_LIST_SIZE },
2611 { read_controller_info, false, MGMT_READ_INFO_SIZE },
2612 { set_powered, false, MGMT_SETTING_SIZE },
2613 { set_discoverable, false, MGMT_SET_DISCOVERABLE_SIZE },
2614 { set_connectable, false, MGMT_SETTING_SIZE },
2615 { set_fast_connectable, false, MGMT_SETTING_SIZE },
2616 { set_pairable, false, MGMT_SETTING_SIZE },
2617 { set_link_security, false, MGMT_SETTING_SIZE },
2618 { set_ssp, false, MGMT_SETTING_SIZE },
2619 { set_hs, false, MGMT_SETTING_SIZE },
2620 { set_le, false, MGMT_SETTING_SIZE },
2621 { set_dev_class, false, MGMT_SET_DEV_CLASS_SIZE },
2622 { set_local_name, false, MGMT_SET_LOCAL_NAME_SIZE },
2623 { add_uuid, false, MGMT_ADD_UUID_SIZE },
2624 { remove_uuid, false, MGMT_REMOVE_UUID_SIZE },
2625 { load_link_keys, true, MGMT_LOAD_LINK_KEYS_SIZE },
2626 { load_long_term_keys, true, MGMT_LOAD_LONG_TERM_KEYS_SIZE },
2627 { disconnect, false, MGMT_DISCONNECT_SIZE },
2628 { get_connections, false, MGMT_GET_CONNECTIONS_SIZE },
2629 { pin_code_reply, false, MGMT_PIN_CODE_REPLY_SIZE },
2630 { pin_code_neg_reply, false, MGMT_PIN_CODE_NEG_REPLY_SIZE },
2631 { set_io_capability, false, MGMT_SET_IO_CAPABILITY_SIZE },
2632 { pair_device, false, MGMT_PAIR_DEVICE_SIZE },
2633 { cancel_pair_device, false, MGMT_CANCEL_PAIR_DEVICE_SIZE },
2634 { unpair_device, false, MGMT_UNPAIR_DEVICE_SIZE },
2635 { user_confirm_reply, false, MGMT_USER_CONFIRM_REPLY_SIZE },
2636 { user_confirm_neg_reply, false, MGMT_USER_CONFIRM_NEG_REPLY_SIZE },
2637 { user_passkey_reply, false, MGMT_USER_PASSKEY_REPLY_SIZE },
2638 { user_passkey_neg_reply, false, MGMT_USER_PASSKEY_NEG_REPLY_SIZE },
2639 { read_local_oob_data, false, MGMT_READ_LOCAL_OOB_DATA_SIZE },
2640 { add_remote_oob_data, false, MGMT_ADD_REMOTE_OOB_DATA_SIZE },
2641 { remove_remote_oob_data, false, MGMT_REMOVE_REMOTE_OOB_DATA_SIZE },
2642 { start_discovery, false, MGMT_START_DISCOVERY_SIZE },
2643 { stop_discovery, false, MGMT_STOP_DISCOVERY_SIZE },
2644 { confirm_name, false, MGMT_CONFIRM_NAME_SIZE },
2645 { block_device, false, MGMT_BLOCK_DEVICE_SIZE },
2646 { unblock_device, false, MGMT_UNBLOCK_DEVICE_SIZE },
0f4e68cf
JH		 2647};
2648
2649
0381101f
JH		 2650int mgmt_control(struct sock *sk, struct msghdr *msg, size_t msglen)
2651{
650f726d
VCG		 2652 void *buf;
2653 u8 *cp;
0381101f 2654 struct mgmt_hdr *hdr;
4e51eae9 2655 u16 opcode, index, len;
bdb6d971 2656 struct hci_dev *hdev = NULL;
be22b54e 2657 struct mgmt_handler *handler;
0381101f
JH		 2658 int err;
2659
2660 BT_DBG("got %zu bytes", msglen);
2661
2662 if (msglen < sizeof(*hdr))
2663 return -EINVAL;
2664
e63a15ec 2665 buf = kmalloc(msglen, GFP_KERNEL);
0381101f
JH		 2666 if (!buf)
2667 return -ENOMEM;
2668
2669 if (memcpy_fromiovec(buf, msg->msg_iov, msglen)) {
2670 err = -EFAULT;
2671 goto done;
2672 }
2673
650f726d 2674 hdr = buf;
0381101f 2675 opcode = get_unaligned_le16(&hdr->opcode);
4e51eae9 2676 index = get_unaligned_le16(&hdr->index);
0381101f
JH		 2677 len = get_unaligned_le16(&hdr->len);
2678
2679 if (len != msglen - sizeof(*hdr)) {
2680 err = -EINVAL;
2681 goto done;
2682 }
2683
0f4e68cf 2684 if (index != MGMT_INDEX_NONE) {
bdb6d971
JH		 2685 hdev = hci_dev_get(index);
2686 if (!hdev) {
2687 err = cmd_status(sk, index, opcode,
5f159032 2688 MGMT_STATUS_INVALID_INDEX);
bdb6d971
JH		 2689 goto done;
2690 }
2691 }
2692
0f4e68cf
JH		 2693 if (opcode >= ARRAY_SIZE(mgmt_handlers) ||
2694 mgmt_handlers[opcode].func == NULL) {
0381101f 2695 BT_DBG("Unknown op %u", opcode);
ca69b795
JH		 2696 err = cmd_status(sk, index, opcode,
2697 MGMT_STATUS_UNKNOWN_COMMAND);
0f4e68cf
JH		 2698 goto done;
2699 }
2700
2701 if ((hdev && opcode < MGMT_OP_READ_INFO) ||
2702 (!hdev && opcode >= MGMT_OP_READ_INFO)) {
2703 err = cmd_status(sk, index, opcode,
5f159032 2704 MGMT_STATUS_INVALID_INDEX);
0f4e68cf 2705 goto done;
0381101f
JH		 2706 }
2707
be22b54e
JH		 2708 handler = &mgmt_handlers[opcode];
2709
2710 if ((handler->var_len && len < handler->data_len) ||
2711 (!handler->var_len && len != handler->data_len)) {
2712 err = cmd_status(sk, index, opcode,
2713 MGMT_STATUS_INVALID_PARAMS);
2714 goto done;
2715 }
2716
0f4e68cf
JH		 2717 if (hdev)
2718 mgmt_init_hdev(sk, hdev);
2719
2720 cp = buf + sizeof(*hdr);
2721
be22b54e 2722 err = handler->func(sk, hdev, cp, len);
e41d8b4e
JH		 2723 if (err < 0)
2724 goto done;
2725
0381101f
JH		 2726 err = msglen;
2727
2728done:
bdb6d971
JH		 2729 if (hdev)
2730 hci_dev_put(hdev);
2731
0381101f
JH		 2732 kfree(buf);
2733 return err;
2734}
c71e97bf 2735
b24752fe
JH		 2736static void cmd_status_rsp(struct pending_cmd *cmd, void *data)
2737{
2738 u8 *status = data;
2739
2740 cmd_status(cmd->sk, cmd->index, cmd->opcode, *status);
2741 mgmt_pending_remove(cmd);
2742}
2743
744cf19e 2744int mgmt_index_added(struct hci_dev *hdev)
c71e97bf 2745{
744cf19e 2746 return mgmt_event(MGMT_EV_INDEX_ADDED, hdev, NULL, 0, NULL);
c71e97bf
JH		 2747}
2748
744cf19e 2749int mgmt_index_removed(struct hci_dev *hdev)
c71e97bf 2750{
5f159032 2751 u8 status = MGMT_STATUS_INVALID_INDEX;
b24752fe 2752
744cf19e 2753 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status);
b24752fe 2754
744cf19e 2755 return mgmt_event(MGMT_EV_INDEX_REMOVED, hdev, NULL, 0, NULL);
eec8d2bc
JH		 2756}
2757
73f22f62 2758struct cmd_lookup {
eec8d2bc 2759 struct sock *sk;
69ab39ea 2760 struct hci_dev *hdev;
90e70454 2761 u8 mgmt_status;
eec8d2bc
JH		 2762};
2763
69ab39ea 2764static void settings_rsp(struct pending_cmd *cmd, void *data)
eec8d2bc 2765{
73f22f62 2766 struct cmd_lookup *match = data;
eec8d2bc 2767
69ab39ea 2768 send_settings_rsp(cmd->sk, cmd->opcode, match->hdev);
eec8d2bc
JH		 2769
2770 list_del(&cmd->list);
2771
2772 if (match->sk == NULL) {
2773 match->sk = cmd->sk;
2774 sock_hold(match->sk);
2775 }
2776
2777 mgmt_pending_free(cmd);
c71e97bf 2778}
5add6af8 2779
744cf19e 2780int mgmt_powered(struct hci_dev *hdev, u8 powered)
5add6af8 2781{
76a7f3a4 2782 struct cmd_lookup match = { NULL, hdev };
7bb895d6 2783 int err;
5add6af8 2784
5e5282bb
JH		 2785 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
2786 return 0;
2787
69ab39ea 2788 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
5add6af8 2789
5e5282bb
JH		 2790 if (powered) {
2791 u8 scan = 0;
2792
2793 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
2794 scan |= SCAN_PAGE;
2795 if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
2796 scan |= SCAN_INQUIRY;
2797
2798 if (scan)
2799 hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
504c8dcd
JH		 2800
2801 update_class(hdev);
2b4bf397 2802 update_name(hdev, hdev->dev_name);
504c8dcd 2803 update_eir(hdev);
5e5282bb 2804 } else {
d4f68526 2805 u8 status = MGMT_STATUS_NOT_POWERED;
744cf19e 2806 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status);
b24752fe
JH		 2807 }
2808
beadb2bd 2809 err = new_settings(hdev, match.sk);
eec8d2bc
JH		 2810
2811 if (match.sk)
2812 sock_put(match.sk);
2813
7bb895d6 2814 return err;
5add6af8 2815}
73f22f62 2816
744cf19e 2817int mgmt_discoverable(struct hci_dev *hdev, u8 discoverable)
73f22f62 2818{
76a7f3a4 2819 struct cmd_lookup match = { NULL, hdev };
5e5282bb
JH		 2820 bool changed = false;
2821 int err = 0;
73f22f62 2822
5e5282bb
JH		 2823 if (discoverable) {
2824 if (!test_and_set_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
2825 changed = true;
2826 } else {
2827 if (test_and_clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
2828 changed = true;
2829 }
73f22f62 2830
ed9b5f2f
JH		 2831 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, hdev, settings_rsp,
2832 &match);
2833
beadb2bd
JH		 2834 if (changed)
2835 err = new_settings(hdev, match.sk);
5e5282bb 2836
73f22f62
JH		 2837 if (match.sk)
2838 sock_put(match.sk);
2839
7bb895d6 2840 return err;
73f22f62 2841}
9fbcbb45 2842
744cf19e 2843int mgmt_connectable(struct hci_dev *hdev, u8 connectable)
9fbcbb45 2844{
76a7f3a4 2845 struct cmd_lookup match = { NULL, hdev };
5e5282bb
JH		 2846 bool changed = false;
2847 int err = 0;
9fbcbb45 2848
5e5282bb
JH		 2849 if (connectable) {
2850 if (!test_and_set_bit(HCI_CONNECTABLE, &hdev->dev_flags))
2851 changed = true;
2852 } else {
2853 if (test_and_clear_bit(HCI_CONNECTABLE, &hdev->dev_flags))
2854 changed = true;
2855 }
9fbcbb45 2856
ed9b5f2f
JH		 2857 mgmt_pending_foreach(MGMT_OP_SET_CONNECTABLE, hdev, settings_rsp,
2858 &match);
2859
beadb2bd
JH		 2860 if (changed)
2861 err = new_settings(hdev, match.sk);
9fbcbb45
JH		 2862
2863 if (match.sk)
2864 sock_put(match.sk);
2865
7bb895d6 2866 return err;
9fbcbb45 2867}
55ed8ca1 2868
744cf19e 2869int mgmt_write_scan_failed(struct hci_dev *hdev, u8 scan, u8 status)
2d7cee58 2870{
ca69b795
JH		 2871 u8 mgmt_err = mgmt_status(status);
2872
2d7cee58 2873 if (scan & SCAN_PAGE)
744cf19e 2874 mgmt_pending_foreach(MGMT_OP_SET_CONNECTABLE, hdev,
ca69b795 2875 cmd_status_rsp, &mgmt_err);
2d7cee58
JH		 2876
2877 if (scan & SCAN_INQUIRY)
744cf19e 2878 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, hdev,
ca69b795 2879 cmd_status_rsp, &mgmt_err);
2d7cee58
JH		 2880
2881 return 0;
2882}
2883
744cf19e
JH		 2884int mgmt_new_link_key(struct hci_dev *hdev, struct link_key *key,
2885 u8 persistent)
55ed8ca1 2886{
86742e1e 2887 struct mgmt_ev_new_link_key ev;
55ed8ca1 2888
a492cd52 2889 memset(&ev, 0, sizeof(ev));
55ed8ca1 2890
a492cd52 2891 ev.store_hint = persistent;
d753fdc4
JH		 2892 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
2893 ev.key.addr.type = MGMT_ADDR_BREDR;
a492cd52
VCG		 2894 ev.key.type = key->type;
2895 memcpy(ev.key.val, key->val, 16);
2896 ev.key.pin_len = key->pin_len;
55ed8ca1 2897
744cf19e 2898 return mgmt_event(MGMT_EV_NEW_LINK_KEY, hdev, &ev, sizeof(ev), NULL);
55ed8ca1 2899}
f7520543 2900
346af67b
VCG		 2901int mgmt_new_ltk(struct hci_dev *hdev, struct smp_ltk *key, u8 persistent)
2902{
2903 struct mgmt_ev_new_long_term_key ev;
2904
2905 memset(&ev, 0, sizeof(ev));
2906
2907 ev.store_hint = persistent;
2908 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
2909 ev.key.addr.type = key->bdaddr_type;
2910 ev.key.authenticated = key->authenticated;
2911 ev.key.enc_size = key->enc_size;
2912 ev.key.ediv = key->ediv;
2913
2914 if (key->type == HCI_SMP_LTK)
2915 ev.key.master = 1;
2916
2917 memcpy(ev.key.rand, key->rand, sizeof(key->rand));
2918 memcpy(ev.key.val, key->val, sizeof(key->val));
2919
2920 return mgmt_event(MGMT_EV_NEW_LONG_TERM_KEY, hdev,
2921 &ev, sizeof(ev), NULL);
2922}
2923
afc747a6 2924int mgmt_device_connected(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
08c79b61
JH		 2925 u8 addr_type, u32 flags, u8 *name,
2926 u8 name_len, u8 *dev_class)
f7520543 2927{
b644ba33
JH		 2928 char buf[512];
2929 struct mgmt_ev_device_connected *ev = (void *) buf;
2930 u16 eir_len = 0;
f7520543 2931
b644ba33
JH		 2932 bacpy(&ev->addr.bdaddr, bdaddr);
2933 ev->addr.type = link_to_mgmt(link_type, addr_type);
f7520543 2934
c95f0ba7 2935 ev->flags = __cpu_to_le32(flags);
08c79b61 2936
b644ba33
JH		 2937 if (name_len > 0)
2938 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE,
2939 name, name_len);
2940
2941 if (dev_class && memcmp(dev_class, "\0\0\0", 3) != 0)
2942 eir_len = eir_append_data(&ev->eir[eir_len], eir_len,
2943 EIR_CLASS_OF_DEV, dev_class, 3);
2944
2945 put_unaligned_le16(eir_len, &ev->eir_len);
2946
2947 return mgmt_event(MGMT_EV_DEVICE_CONNECTED, hdev, buf,
2948 sizeof(*ev) + eir_len, NULL);
f7520543
JH		 2949}
2950
8962ee74
JH		 2951static void disconnect_rsp(struct pending_cmd *cmd, void *data)
2952{
c68fb7ff 2953 struct mgmt_cp_disconnect *cp = cmd->param;
8962ee74 2954 struct sock **sk = data;
a38528f1 2955 struct mgmt_rp_disconnect rp;
8962ee74 2956
88c3df13
JH		 2957 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2958 rp.addr.type = cp->addr.type;
8962ee74 2959
aee9b218
JH		 2960 cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT, 0, &rp,
2961 sizeof(rp));
8962ee74
JH		 2962
2963 *sk = cmd->sk;
2964 sock_hold(*sk);
2965
a664b5bc 2966 mgmt_pending_remove(cmd);
8962ee74
JH		 2967}
2968
124f6e35 2969static void unpair_device_rsp(struct pending_cmd *cmd, void *data)
a8a1d19e 2970{
b1078ad0 2971 struct hci_dev *hdev = data;
124f6e35
JH		 2972 struct mgmt_cp_unpair_device *cp = cmd->param;
2973 struct mgmt_rp_unpair_device rp;
a8a1d19e
JH		 2974
2975 memset(&rp, 0, sizeof(rp));
124f6e35
JH		 2976 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2977 rp.addr.type = cp->addr.type;
a8a1d19e 2978
b1078ad0
JH		 2979 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, cmd->sk);
2980
aee9b218 2981 cmd_complete(cmd->sk, cmd->index, cmd->opcode, 0, &rp, sizeof(rp));
a8a1d19e
JH		 2982
2983 mgmt_pending_remove(cmd);
2984}
2985
afc747a6
JH		 2986int mgmt_device_disconnected(struct hci_dev *hdev, bdaddr_t *bdaddr,
2987 u8 link_type, u8 addr_type)
f7520543 2988{
4c659c39 2989 struct mgmt_addr_info ev;
8962ee74
JH		 2990 struct sock *sk = NULL;
2991 int err;
2992
744cf19e 2993 mgmt_pending_foreach(MGMT_OP_DISCONNECT, hdev, disconnect_rsp, &sk);
f7520543 2994
f7520543 2995 bacpy(&ev.bdaddr, bdaddr);
48264f06 2996 ev.type = link_to_mgmt(link_type, addr_type);
f7520543 2997
afc747a6
JH		 2998 err = mgmt_event(MGMT_EV_DEVICE_DISCONNECTED, hdev, &ev, sizeof(ev),
2999 sk);
8962ee74
JH		 3000
3001 if (sk)
3002 sock_put(sk);
3003
124f6e35 3004 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
b1078ad0 3005 hdev);
a8a1d19e 3006
8962ee74
JH		 3007 return err;
3008}
3009
88c3df13
JH		 3010int mgmt_disconnect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr,
3011 u8 link_type, u8 addr_type, u8 status)
8962ee74 3012{
88c3df13 3013 struct mgmt_rp_disconnect rp;
8962ee74
JH		 3014 struct pending_cmd *cmd;
3015 int err;
3016
2e58ef3e 3017 cmd = mgmt_pending_find(MGMT_OP_DISCONNECT, hdev);
8962ee74
JH		 3018 if (!cmd)
3019 return -ENOENT;
3020
88c3df13
JH		 3021 bacpy(&rp.addr.bdaddr, bdaddr);
3022 rp.addr.type = link_to_mgmt(link_type, addr_type);
37d9ef76 3023
88c3df13 3024 err = cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT,
aee9b218 3025 mgmt_status(status), &rp, sizeof(rp));
8962ee74 3026
a664b5bc 3027 mgmt_pending_remove(cmd);
8962ee74 3028
b1078ad0
JH		 3029 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
3030 hdev);
8962ee74 3031 return err;
f7520543 3032}
17d5c04c 3033
48264f06
JH		 3034int mgmt_connect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
3035 u8 addr_type, u8 status)
17d5c04c
JH		 3036{
3037 struct mgmt_ev_connect_failed ev;
3038
4c659c39 3039 bacpy(&ev.addr.bdaddr, bdaddr);
48264f06 3040 ev.addr.type = link_to_mgmt(link_type, addr_type);
ca69b795 3041 ev.status = mgmt_status(status);
17d5c04c 3042
744cf19e 3043 return mgmt_event(MGMT_EV_CONNECT_FAILED, hdev, &ev, sizeof(ev), NULL);
17d5c04c 3044}
980e1a53 3045
744cf19e 3046int mgmt_pin_code_request(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 secure)
980e1a53
JH		 3047{
3048 struct mgmt_ev_pin_code_request ev;
3049
d8457698
JH		 3050 bacpy(&ev.addr.bdaddr, bdaddr);
3051 ev.addr.type = MGMT_ADDR_BREDR;
a770bb5a 3052 ev.secure = secure;
980e1a53 3053
744cf19e 3054 return mgmt_event(MGMT_EV_PIN_CODE_REQUEST, hdev, &ev, sizeof(ev),
4e51eae9 3055 NULL);
980e1a53
JH		 3056}
3057
744cf19e
JH		 3058int mgmt_pin_code_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
3059 u8 status)
980e1a53
JH		 3060{
3061 struct pending_cmd *cmd;
ac56fb13 3062 struct mgmt_rp_pin_code_reply rp;
980e1a53
JH		 3063 int err;
3064
2e58ef3e 3065 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_REPLY, hdev);
980e1a53
JH		 3066 if (!cmd)
3067 return -ENOENT;
3068
d8457698
JH		 3069 bacpy(&rp.addr.bdaddr, bdaddr);
3070 rp.addr.type = MGMT_ADDR_BREDR;
ac56fb13 3071
aee9b218
JH		 3072 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
3073 mgmt_status(status), &rp, sizeof(rp));
980e1a53 3074
a664b5bc 3075 mgmt_pending_remove(cmd);
980e1a53
JH		 3076
3077 return err;
3078}
3079
744cf19e
JH		 3080int mgmt_pin_code_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
3081 u8 status)
980e1a53
JH		 3082{
3083 struct pending_cmd *cmd;
ac56fb13 3084 struct mgmt_rp_pin_code_reply rp;
980e1a53
JH		 3085 int err;
3086
2e58ef3e 3087 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_NEG_REPLY, hdev);
980e1a53
JH		 3088 if (!cmd)
3089 return -ENOENT;
3090
d8457698
JH		 3091 bacpy(&rp.addr.bdaddr, bdaddr);
3092 rp.addr.type = MGMT_ADDR_BREDR;
ac56fb13 3093
aee9b218
JH		 3094 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_NEG_REPLY,
3095 mgmt_status(status), &rp, sizeof(rp));
980e1a53 3096
a664b5bc 3097 mgmt_pending_remove(cmd);
980e1a53
JH		 3098
3099 return err;
3100}
a5c29683 3101
744cf19e 3102int mgmt_user_confirm_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
272d90df
JH		 3103 u8 link_type, u8 addr_type, __le32 value,
3104 u8 confirm_hint)
a5c29683
JH		 3105{
3106 struct mgmt_ev_user_confirm_request ev;
3107
744cf19e 3108 BT_DBG("%s", hdev->name);
a5c29683 3109
272d90df
JH		 3110 bacpy(&ev.addr.bdaddr, bdaddr);
3111 ev.addr.type = link_to_mgmt(link_type, addr_type);
55bc1a37 3112 ev.confirm_hint = confirm_hint;
a5c29683
JH		 3113 put_unaligned_le32(value, &ev.value);
3114
744cf19e 3115 return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST, hdev, &ev, sizeof(ev),
4e51eae9 3116 NULL);
a5c29683
JH		 3117}
3118
272d90df
JH		 3119int mgmt_user_passkey_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
3120 u8 link_type, u8 addr_type)
604086b7
BG		 3121{
3122 struct mgmt_ev_user_passkey_request ev;
3123
3124 BT_DBG("%s", hdev->name);
3125
272d90df
JH		 3126 bacpy(&ev.addr.bdaddr, bdaddr);
3127 ev.addr.type = link_to_mgmt(link_type, addr_type);
604086b7
BG		 3128
3129 return mgmt_event(MGMT_EV_USER_PASSKEY_REQUEST, hdev, &ev, sizeof(ev),
3130 NULL);
3131}
3132
0df4c185 3133static int user_pairing_resp_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
272d90df
JH		 3134 u8 link_type, u8 addr_type, u8 status,
3135 u8 opcode)
a5c29683
JH		 3136{
3137 struct pending_cmd *cmd;
3138 struct mgmt_rp_user_confirm_reply rp;
3139 int err;
3140
2e58ef3e 3141 cmd = mgmt_pending_find(opcode, hdev);
a5c29683
JH		 3142 if (!cmd)
3143 return -ENOENT;
3144
272d90df
JH		 3145 bacpy(&rp.addr.bdaddr, bdaddr);
3146 rp.addr.type = link_to_mgmt(link_type, addr_type);
aee9b218
JH		 3147 err = cmd_complete(cmd->sk, hdev->id, opcode, mgmt_status(status),
3148 &rp, sizeof(rp));
a5c29683 3149
a664b5bc 3150 mgmt_pending_remove(cmd);
a5c29683
JH		 3151
3152 return err;
3153}
3154
744cf19e 3155int mgmt_user_confirm_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
272d90df 3156 u8 link_type, u8 addr_type, u8 status)
a5c29683 3157{
272d90df
JH		 3158 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
3159 status, MGMT_OP_USER_CONFIRM_REPLY);
a5c29683
JH		 3160}
3161
272d90df
JH		 3162int mgmt_user_confirm_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
3163 u8 link_type, u8 addr_type, u8 status)
a5c29683 3164{
272d90df
JH		 3165 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
3166 status, MGMT_OP_USER_CONFIRM_NEG_REPLY);
a5c29683 3167}
2a611692 3168
604086b7 3169int mgmt_user_passkey_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
272d90df 3170 u8 link_type, u8 addr_type, u8 status)
604086b7 3171{
272d90df
JH		 3172 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
3173 status, MGMT_OP_USER_PASSKEY_REPLY);
604086b7
BG		 3174}
3175
272d90df
JH		 3176int mgmt_user_passkey_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
3177 u8 link_type, u8 addr_type, u8 status)
604086b7 3178{
272d90df
JH		 3179 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
3180 status, MGMT_OP_USER_PASSKEY_NEG_REPLY);
604086b7
BG		 3181}
3182
bab73cb6
JH		 3183int mgmt_auth_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
3184 u8 addr_type, u8 status)
2a611692
JH		 3185{
3186 struct mgmt_ev_auth_failed ev;
3187
bab73cb6
JH		 3188 bacpy(&ev.addr.bdaddr, bdaddr);
3189 ev.addr.type = link_to_mgmt(link_type, addr_type);
ca69b795 3190 ev.status = mgmt_status(status);
2a611692 3191
744cf19e 3192 return mgmt_event(MGMT_EV_AUTH_FAILED, hdev, &ev, sizeof(ev), NULL);
2a611692 3193}
b312b161 3194
33ef95ed
JH		 3195int mgmt_auth_enable_complete(struct hci_dev *hdev, u8 status)
3196{
3197 struct cmd_lookup match = { NULL, hdev };
47990ea0
JH		 3198 bool changed = false;
3199 int err = 0;
33ef95ed
JH		 3200
3201 if (status) {
3202 u8 mgmt_err = mgmt_status(status);
3203 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev,
3204 cmd_status_rsp, &mgmt_err);
3205 return 0;
3206 }
3207
47990ea0
JH		 3208 if (test_bit(HCI_AUTH, &hdev->flags)) {
3209 if (!test_and_set_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
3210 changed = true;
3211 } else {
3212 if (test_and_clear_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
3213 changed = true;
3214 }
3215
33ef95ed
JH		 3216 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev, settings_rsp,
3217 &match);
3218
47990ea0
JH		 3219 if (changed)
3220 err = new_settings(hdev, match.sk);
33ef95ed
JH		 3221
3222 if (match.sk)
3223 sock_put(match.sk);
3224
3225 return err;
3226}
3227
cacaf52f
JH		 3228static int clear_eir(struct hci_dev *hdev)
3229{
3230 struct hci_cp_write_eir cp;
3231
3232 if (!(hdev->features[6] & LMP_EXT_INQ))
3233 return 0;
3234
c80da27e
JH		 3235 memset(hdev->eir, 0, sizeof(hdev->eir));
3236
cacaf52f
JH		 3237 memset(&cp, 0, sizeof(cp));
3238
3239 return hci_send_cmd(hdev, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
3240}
3241
c0ecddc2 3242int mgmt_ssp_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
ed2c4ee3
JH		 3243{
3244 struct cmd_lookup match = { NULL, hdev };
c0ecddc2
JH		 3245 bool changed = false;
3246 int err = 0;
ed2c4ee3
JH		 3247
3248 if (status) {
3249 u8 mgmt_err = mgmt_status(status);
c0ecddc2
JH		 3250
3251 if (enable && test_and_clear_bit(HCI_SSP_ENABLED,
3252 &hdev->dev_flags))
3253 err = new_settings(hdev, NULL);
3254
ed2c4ee3
JH		 3255 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev,
3256 cmd_status_rsp, &mgmt_err);
c0ecddc2
JH		 3257
3258 return err;
3259 }
3260
3261 if (enable) {
3262 if (!test_and_set_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
3263 changed = true;
3264 } else {
3265 if (test_and_clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
3266 changed = true;
ed2c4ee3
JH		 3267 }
3268
3269 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, settings_rsp, &match);
3270
c0ecddc2
JH		 3271 if (changed)
3272 err = new_settings(hdev, match.sk);
ed2c4ee3 3273
5fc6ebb1 3274 if (match.sk)
ed2c4ee3
JH		 3275 sock_put(match.sk);
3276
5fc6ebb1
JH		 3277 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
3278 update_eir(hdev);
3279 else
3280 clear_eir(hdev);
cacaf52f 3281
ed2c4ee3
JH		 3282 return err;
3283}
3284
90e70454
JH		 3285static void class_rsp(struct pending_cmd *cmd, void *data)
3286{
3287 struct cmd_lookup *match = data;
3288
3289 cmd_complete(cmd->sk, cmd->index, cmd->opcode, match->mgmt_status,
3290 match->hdev->dev_class, 3);
3291
3292 list_del(&cmd->list);
3293
3294 if (match->sk == NULL) {
3295 match->sk = cmd->sk;
3296 sock_hold(match->sk);
3297 }
3298
3299 mgmt_pending_free(cmd);
3300}
3301
7f9a903c
MH		 3302int mgmt_set_class_of_dev_complete(struct hci_dev *hdev, u8 *dev_class,
3303 u8 status)
3304{
90e70454
JH		 3305 struct cmd_lookup match = { NULL, hdev, mgmt_status(status) };
3306 int err = 0;
7f9a903c 3307
c95f0ba7
JH		 3308 clear_bit(HCI_PENDING_CLASS, &hdev->dev_flags);
3309
90e70454
JH		 3310 mgmt_pending_foreach(MGMT_OP_SET_DEV_CLASS, hdev, class_rsp, &match);
3311 mgmt_pending_foreach(MGMT_OP_ADD_UUID, hdev, class_rsp, &match);
3312 mgmt_pending_foreach(MGMT_OP_REMOVE_UUID, hdev, class_rsp, &match);
3313
3314 if (!status)
3315 err = mgmt_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev,
3316 dev_class, 3, NULL);
3317
3318 if (match.sk)
3319 sock_put(match.sk);
7f9a903c
MH		 3320
3321 return err;
3322}
3323
744cf19e 3324int mgmt_set_local_name_complete(struct hci_dev *hdev, u8 *name, u8 status)
b312b161
JH		 3325{
3326 struct pending_cmd *cmd;
3327 struct mgmt_cp_set_local_name ev;
28cc7bde
JH		 3328 bool changed = false;
3329 int err = 0;
3330
3331 if (memcmp(name, hdev->dev_name, sizeof(hdev->dev_name)) != 0) {
3332 memcpy(hdev->dev_name, name, sizeof(hdev->dev_name));
3333 changed = true;
3334 }
b312b161
JH		 3335
3336 memset(&ev, 0, sizeof(ev));
3337 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH);
28cc7bde 3338 memcpy(ev.short_name, hdev->short_name, HCI_MAX_SHORT_NAME_LENGTH);
b312b161 3339
2e58ef3e 3340 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
b312b161
JH		 3341 if (!cmd)
3342 goto send_event;
3343
7bdaae4a
JH		 3344 /* Always assume that either the short or the complete name has
3345 * changed if there was a pending mgmt command */
3346 changed = true;
3347
b312b161 3348 if (status) {
744cf19e 3349 err = cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME,
ca69b795 3350 mgmt_status(status));
b312b161
JH		 3351 goto failed;
3352 }
3353
aee9b218 3354 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0, &ev,
b312b161
JH		 3355 sizeof(ev));
3356 if (err < 0)
3357 goto failed;
3358
3359send_event:
28cc7bde
JH		 3360 if (changed)
3361 err = mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, &ev,
3362 sizeof(ev), cmd ? cmd->sk : NULL);
3363
f51d5b24 3364 update_eir(hdev);
b312b161
JH		 3365
3366failed:
3367 if (cmd)
3368 mgmt_pending_remove(cmd);
3369 return err;
3370}
c35938b2 3371
744cf19e
JH		 3372int mgmt_read_local_oob_data_reply_complete(struct hci_dev *hdev, u8 *hash,
3373 u8 *randomizer, u8 status)
c35938b2
SJ		 3374{
3375 struct pending_cmd *cmd;
3376 int err;
3377
744cf19e 3378 BT_DBG("%s status %u", hdev->name, status);
c35938b2 3379
2e58ef3e 3380 cmd = mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev);
c35938b2
SJ		 3381 if (!cmd)
3382 return -ENOENT;
3383
3384 if (status) {
744cf19e 3385 err = cmd_status(cmd->sk, hdev->id,
ca69b795
JH		 3386 MGMT_OP_READ_LOCAL_OOB_DATA,
3387 mgmt_status(status));
c35938b2
SJ		 3388 } else {
3389 struct mgmt_rp_read_local_oob_data rp;
3390
3391 memcpy(rp.hash, hash, sizeof(rp.hash));
3392 memcpy(rp.randomizer, randomizer, sizeof(rp.randomizer));
3393
744cf19e
JH		 3394 err = cmd_complete(cmd->sk, hdev->id,
3395 MGMT_OP_READ_LOCAL_OOB_DATA,
aee9b218 3396 0, &rp, sizeof(rp));
c35938b2
SJ		 3397 }
3398
3399 mgmt_pending_remove(cmd);
3400
3401 return err;
3402}
e17acd40 3403
06199cf8
JH		 3404int mgmt_le_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
3405{
3406 struct cmd_lookup match = { NULL, hdev };
3407 bool changed = false;
3408 int err = 0;
3409
3410 if (status) {
3411 u8 mgmt_err = mgmt_status(status);
3412
3413 if (enable && test_and_clear_bit(HCI_LE_ENABLED,
3414 &hdev->dev_flags))
3415 err = new_settings(hdev, NULL);
3416
3417 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev,
3418 cmd_status_rsp, &mgmt_err);
3419
3420 return err;
3421 }
3422
3423 if (enable) {
3424 if (!test_and_set_bit(HCI_LE_ENABLED, &hdev->dev_flags))
3425 changed = true;
3426 } else {
3427 if (test_and_clear_bit(HCI_LE_ENABLED, &hdev->dev_flags))
3428 changed = true;
3429 }
3430
3431 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, settings_rsp, &match);
3432
3433 if (changed)
3434 err = new_settings(hdev, match.sk);
3435
3436 if (match.sk)
3437 sock_put(match.sk);
3438
3439 return err;
3440}
3441
48264f06 3442int mgmt_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
561aafbc 3443 u8 addr_type, u8 *dev_class, s8 rssi,
388fc8fa 3444 u8 cfm_name, u8 ssp, u8 *eir, u16 eir_len)
e17acd40 3445{
e319d2e7
JH		 3446 char buf[512];
3447 struct mgmt_ev_device_found *ev = (void *) buf;
1dc06093 3448 size_t ev_size;
e17acd40 3449
1dc06093
JH		 3450 /* Leave 5 bytes for a potential CoD field */
3451 if (sizeof(*ev) + eir_len + 5 > sizeof(buf))
7d262f86
AG		 3452 return -EINVAL;
3453
1dc06093
JH		 3454 memset(buf, 0, sizeof(buf));
3455
e319d2e7
JH		 3456 bacpy(&ev->addr.bdaddr, bdaddr);
3457 ev->addr.type = link_to_mgmt(link_type, addr_type);
3458 ev->rssi = rssi;
9a395a80
JH		 3459 if (cfm_name)
3460 ev->flags[0] |= MGMT_DEV_FOUND_CONFIRM_NAME;
388fc8fa
JH		 3461 if (!ssp)
3462 ev->flags[0] |= MGMT_DEV_FOUND_LEGACY_PAIRING;
e17acd40 3463
1dc06093 3464 if (eir_len > 0)
e319d2e7 3465 memcpy(ev->eir, eir, eir_len);
e17acd40 3466
1dc06093
JH		 3467 if (dev_class && !eir_has_data_type(ev->eir, eir_len, EIR_CLASS_OF_DEV))
3468 eir_len = eir_append_data(ev->eir, eir_len, EIR_CLASS_OF_DEV,
3469 dev_class, 3);
3470
3471 put_unaligned_le16(eir_len, &ev->eir_len);
3472
3473 ev_size = sizeof(*ev) + eir_len;
f8523598 3474
e319d2e7 3475 return mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, ev_size, NULL);
e17acd40 3476}
a88a9652 3477
b644ba33
JH		 3478int mgmt_remote_name(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
3479 u8 addr_type, s8 rssi, u8 *name, u8 name_len)
a88a9652 3480{
b644ba33
JH		 3481 struct mgmt_ev_device_found *ev;
3482 char buf[sizeof(*ev) + HCI_MAX_NAME_LENGTH + 2];
3483 u16 eir_len;
a88a9652 3484
b644ba33 3485 ev = (struct mgmt_ev_device_found *) buf;
a88a9652 3486
b644ba33
JH		 3487 memset(buf, 0, sizeof(buf));
3488
3489 bacpy(&ev->addr.bdaddr, bdaddr);
3490 ev->addr.type = link_to_mgmt(link_type, addr_type);
3491 ev->rssi = rssi;
3492
3493 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE, name,
3494 name_len);
3495
3496 put_unaligned_le16(eir_len, &ev->eir_len);
a88a9652 3497
053c7e0c
JH		 3498 return mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev,
3499 sizeof(*ev) + eir_len, NULL);
a88a9652 3500}
314b2381 3501
7a135109 3502int mgmt_start_discovery_failed(struct hci_dev *hdev, u8 status)
164a6e78
JH		 3503{
3504 struct pending_cmd *cmd;
f808e166 3505 u8 type;
164a6e78
JH		 3506 int err;
3507
203159d4
AG		 3508 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
3509
2e58ef3e 3510 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
164a6e78
JH		 3511 if (!cmd)
3512 return -ENOENT;
3513
f808e166
JH		 3514 type = hdev->discovery.type;
3515
3516 err = cmd_complete(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status),
3517 &type, sizeof(type));
164a6e78
JH		 3518 mgmt_pending_remove(cmd);
3519
3520 return err;
3521}
3522
e6d465cb
AG		 3523int mgmt_stop_discovery_failed(struct hci_dev *hdev, u8 status)
3524{
3525 struct pending_cmd *cmd;
3526 int err;
3527
3528 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
3529 if (!cmd)
3530 return -ENOENT;
3531
d930650b
JH		 3532 err = cmd_complete(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status),
3533 &hdev->discovery.type,
3534 sizeof(hdev->discovery.type));
164a6e78
JH		 3535 mgmt_pending_remove(cmd);
3536
3537 return err;
3538}
3539
744cf19e 3540int mgmt_discovering(struct hci_dev *hdev, u8 discovering)
314b2381 3541{
f963e8e9 3542 struct mgmt_ev_discovering ev;
164a6e78
JH		 3543 struct pending_cmd *cmd;
3544
343fb145
AG		 3545 BT_DBG("%s discovering %u", hdev->name, discovering);
3546
164a6e78 3547 if (discovering)
2e58ef3e 3548 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
164a6e78 3549 else
2e58ef3e 3550 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
164a6e78
JH		 3551
3552 if (cmd != NULL) {
f808e166
JH		 3553 u8 type = hdev->discovery.type;
3554
d930650b 3555 cmd_complete(cmd->sk, hdev->id, cmd->opcode, 0,
f808e166 3556 &type, sizeof(type));
164a6e78
JH		 3557 mgmt_pending_remove(cmd);
3558 }
3559
f963e8e9
JH		 3560 memset(&ev, 0, sizeof(ev));
3561 ev.type = hdev->discovery.type;
3562 ev.discovering = discovering;
3563
3564 return mgmt_event(MGMT_EV_DISCOVERING, hdev, &ev, sizeof(ev), NULL);
314b2381 3565}
5e762444 3566
88c1fe4b 3567int mgmt_device_blocked(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
5e762444
AJ		 3568{
3569 struct pending_cmd *cmd;
3570 struct mgmt_ev_device_blocked ev;
3571
2e58ef3e 3572 cmd = mgmt_pending_find(MGMT_OP_BLOCK_DEVICE, hdev);
5e762444 3573
88c1fe4b
JH		 3574 bacpy(&ev.addr.bdaddr, bdaddr);
3575 ev.addr.type = type;
5e762444 3576
744cf19e
JH		 3577 return mgmt_event(MGMT_EV_DEVICE_BLOCKED, hdev, &ev, sizeof(ev),
3578 cmd ? cmd->sk : NULL);
5e762444
AJ		 3579}
3580
88c1fe4b 3581int mgmt_device_unblocked(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
5e762444
AJ		 3582{
3583 struct pending_cmd *cmd;
3584 struct mgmt_ev_device_unblocked ev;
3585
2e58ef3e 3586 cmd = mgmt_pending_find(MGMT_OP_UNBLOCK_DEVICE, hdev);
5e762444 3587
88c1fe4b
JH		 3588 bacpy(&ev.addr.bdaddr, bdaddr);
3589 ev.addr.type = type;
5e762444 3590
744cf19e
JH		 3591 return mgmt_event(MGMT_EV_DEVICE_UNBLOCKED, hdev, &ev, sizeof(ev),
3592 cmd ? cmd->sk : NULL);
5e762444 3593}
d7b7e796
MH		 3594
3595module_param(enable_hs, bool, 0644);
3596MODULE_PARM_DESC(enable_hs, "Enable High Speed support");
3597
3598module_param(enable_le, bool, 0644);
3599MODULE_PARM_DESC(enable_le, "Enable Low Energy support");
kernel source for telekom puls (alcatel/mediatek)