projects / GitHub / mt8127 / android_kernel_alcatel_ttab.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Bluetooth: remove unneeded declaration of sco_conn_del()
[GitHub/mt8127/android_kernel_alcatel_ttab.git] / net / bluetooth / mgmt.c
CommitLineData
0381101f
JH		 1/*
2 BlueZ - Bluetooth protocol stack for Linux
ea585ab5 3
0381101f 4 Copyright (C) 2010 Nokia Corporation
ea585ab5 5 Copyright (C) 2011-2012 Intel Corporation
0381101f
JH		 6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
10
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
23*/
24
25/* Bluetooth HCI Management interface */
26
ca69b795 27#include <linux/kernel.h>
72359753 28#include <linux/uaccess.h>
3a9a231d 29#include <linux/module.h>
0381101f
JH		 30#include <asm/unaligned.h>
31
32#include <net/bluetooth/bluetooth.h>
33#include <net/bluetooth/hci_core.h>
34#include <net/bluetooth/mgmt.h>
5fe57d9e 35#include <net/bluetooth/smp.h>
0381101f 36
d7b7e796
MH		 37bool enable_hs;
38bool enable_le;
39
2da9c55c 40#define MGMT_VERSION 1
053262dc 41#define MGMT_REVISION 1
02d98129 42
e70bb2e8
JH		 43static const u16 mgmt_commands[] = {
44 MGMT_OP_READ_INDEX_LIST,
45 MGMT_OP_READ_INFO,
46 MGMT_OP_SET_POWERED,
47 MGMT_OP_SET_DISCOVERABLE,
48 MGMT_OP_SET_CONNECTABLE,
49 MGMT_OP_SET_FAST_CONNECTABLE,
50 MGMT_OP_SET_PAIRABLE,
51 MGMT_OP_SET_LINK_SECURITY,
52 MGMT_OP_SET_SSP,
53 MGMT_OP_SET_HS,
54 MGMT_OP_SET_LE,
55 MGMT_OP_SET_DEV_CLASS,
56 MGMT_OP_SET_LOCAL_NAME,
57 MGMT_OP_ADD_UUID,
58 MGMT_OP_REMOVE_UUID,
59 MGMT_OP_LOAD_LINK_KEYS,
60 MGMT_OP_LOAD_LONG_TERM_KEYS,
61 MGMT_OP_DISCONNECT,
62 MGMT_OP_GET_CONNECTIONS,
63 MGMT_OP_PIN_CODE_REPLY,
64 MGMT_OP_PIN_CODE_NEG_REPLY,
65 MGMT_OP_SET_IO_CAPABILITY,
66 MGMT_OP_PAIR_DEVICE,
67 MGMT_OP_CANCEL_PAIR_DEVICE,
68 MGMT_OP_UNPAIR_DEVICE,
69 MGMT_OP_USER_CONFIRM_REPLY,
70 MGMT_OP_USER_CONFIRM_NEG_REPLY,
71 MGMT_OP_USER_PASSKEY_REPLY,
72 MGMT_OP_USER_PASSKEY_NEG_REPLY,
73 MGMT_OP_READ_LOCAL_OOB_DATA,
74 MGMT_OP_ADD_REMOTE_OOB_DATA,
75 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
76 MGMT_OP_START_DISCOVERY,
77 MGMT_OP_STOP_DISCOVERY,
78 MGMT_OP_CONFIRM_NAME,
79 MGMT_OP_BLOCK_DEVICE,
80 MGMT_OP_UNBLOCK_DEVICE,
cdbaccca 81 MGMT_OP_SET_DEVICE_ID,
e70bb2e8
JH		 82};
83
84static const u16 mgmt_events[] = {
85 MGMT_EV_CONTROLLER_ERROR,
86 MGMT_EV_INDEX_ADDED,
87 MGMT_EV_INDEX_REMOVED,
88 MGMT_EV_NEW_SETTINGS,
89 MGMT_EV_CLASS_OF_DEV_CHANGED,
90 MGMT_EV_LOCAL_NAME_CHANGED,
91 MGMT_EV_NEW_LINK_KEY,
92 MGMT_EV_NEW_LONG_TERM_KEY,
93 MGMT_EV_DEVICE_CONNECTED,
94 MGMT_EV_DEVICE_DISCONNECTED,
95 MGMT_EV_CONNECT_FAILED,
96 MGMT_EV_PIN_CODE_REQUEST,
97 MGMT_EV_USER_CONFIRM_REQUEST,
98 MGMT_EV_USER_PASSKEY_REQUEST,
99 MGMT_EV_AUTH_FAILED,
100 MGMT_EV_DEVICE_FOUND,
101 MGMT_EV_DISCOVERING,
102 MGMT_EV_DEVICE_BLOCKED,
103 MGMT_EV_DEVICE_UNBLOCKED,
104 MGMT_EV_DEVICE_UNPAIRED,
105};
106
3fd24153
AG		 107/*
108 * These LE scan and inquiry parameters were chosen according to LE General
109 * Discovery Procedure specification.
110 */
111#define LE_SCAN_TYPE 0x01
112#define LE_SCAN_WIN 0x12
113#define LE_SCAN_INT 0x12
114#define LE_SCAN_TIMEOUT_LE_ONLY 10240 /* TGAP(gen_disc_scan_min) */
5e0452c0 115#define LE_SCAN_TIMEOUT_BREDR_LE 5120 /* TGAP(100)/2 */
3fd24153 116
e8777525 117#define INQUIRY_LEN_BREDR 0x08 /* TGAP(100) */
5e0452c0 118#define INQUIRY_LEN_BREDR_LE 0x04 /* TGAP(100)/2 */
2519a1fc 119
17b02e62 120#define CACHE_TIMEOUT msecs_to_jiffies(2 * 1000)
7d78525d 121
4b34ee78
JH		 122#define hdev_is_powered(hdev) (test_bit(HCI_UP, &hdev->flags) && \
123 !test_bit(HCI_AUTO_OFF, &hdev->dev_flags))
124
eec8d2bc
JH		 125struct pending_cmd {
126 struct list_head list;
fc2f4b13 127 u16 opcode;
eec8d2bc 128 int index;
c68fb7ff 129 void *param;
eec8d2bc 130 struct sock *sk;
e9a416b5 131 void *user_data;
eec8d2bc
JH		 132};
133
ca69b795
JH		 134/* HCI to MGMT error code conversion table */
135static u8 mgmt_status_table[] = {
136 MGMT_STATUS_SUCCESS,
137 MGMT_STATUS_UNKNOWN_COMMAND, /* Unknown Command */
138 MGMT_STATUS_NOT_CONNECTED, /* No Connection */
139 MGMT_STATUS_FAILED, /* Hardware Failure */
140 MGMT_STATUS_CONNECT_FAILED, /* Page Timeout */
141 MGMT_STATUS_AUTH_FAILED, /* Authentication Failed */
142 MGMT_STATUS_NOT_PAIRED, /* PIN or Key Missing */
143 MGMT_STATUS_NO_RESOURCES, /* Memory Full */
144 MGMT_STATUS_TIMEOUT, /* Connection Timeout */
145 MGMT_STATUS_NO_RESOURCES, /* Max Number of Connections */
146 MGMT_STATUS_NO_RESOURCES, /* Max Number of SCO Connections */
147 MGMT_STATUS_ALREADY_CONNECTED, /* ACL Connection Exists */
148 MGMT_STATUS_BUSY, /* Command Disallowed */
149 MGMT_STATUS_NO_RESOURCES, /* Rejected Limited Resources */
150 MGMT_STATUS_REJECTED, /* Rejected Security */
151 MGMT_STATUS_REJECTED, /* Rejected Personal */
152 MGMT_STATUS_TIMEOUT, /* Host Timeout */
153 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Feature */
154 MGMT_STATUS_INVALID_PARAMS, /* Invalid Parameters */
155 MGMT_STATUS_DISCONNECTED, /* OE User Ended Connection */
156 MGMT_STATUS_NO_RESOURCES, /* OE Low Resources */
157 MGMT_STATUS_DISCONNECTED, /* OE Power Off */
158 MGMT_STATUS_DISCONNECTED, /* Connection Terminated */
159 MGMT_STATUS_BUSY, /* Repeated Attempts */
160 MGMT_STATUS_REJECTED, /* Pairing Not Allowed */
161 MGMT_STATUS_FAILED, /* Unknown LMP PDU */
162 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Remote Feature */
163 MGMT_STATUS_REJECTED, /* SCO Offset Rejected */
164 MGMT_STATUS_REJECTED, /* SCO Interval Rejected */
165 MGMT_STATUS_REJECTED, /* Air Mode Rejected */
166 MGMT_STATUS_INVALID_PARAMS, /* Invalid LMP Parameters */
167 MGMT_STATUS_FAILED, /* Unspecified Error */
168 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported LMP Parameter Value */
169 MGMT_STATUS_FAILED, /* Role Change Not Allowed */
170 MGMT_STATUS_TIMEOUT, /* LMP Response Timeout */
171 MGMT_STATUS_FAILED, /* LMP Error Transaction Collision */
172 MGMT_STATUS_FAILED, /* LMP PDU Not Allowed */
173 MGMT_STATUS_REJECTED, /* Encryption Mode Not Accepted */
174 MGMT_STATUS_FAILED, /* Unit Link Key Used */
175 MGMT_STATUS_NOT_SUPPORTED, /* QoS Not Supported */
176 MGMT_STATUS_TIMEOUT, /* Instant Passed */
177 MGMT_STATUS_NOT_SUPPORTED, /* Pairing Not Supported */
178 MGMT_STATUS_FAILED, /* Transaction Collision */
179 MGMT_STATUS_INVALID_PARAMS, /* Unacceptable Parameter */
180 MGMT_STATUS_REJECTED, /* QoS Rejected */
181 MGMT_STATUS_NOT_SUPPORTED, /* Classification Not Supported */
182 MGMT_STATUS_REJECTED, /* Insufficient Security */
183 MGMT_STATUS_INVALID_PARAMS, /* Parameter Out Of Range */
184 MGMT_STATUS_BUSY, /* Role Switch Pending */
185 MGMT_STATUS_FAILED, /* Slot Violation */
186 MGMT_STATUS_FAILED, /* Role Switch Failed */
187 MGMT_STATUS_INVALID_PARAMS, /* EIR Too Large */
188 MGMT_STATUS_NOT_SUPPORTED, /* Simple Pairing Not Supported */
189 MGMT_STATUS_BUSY, /* Host Busy Pairing */
190 MGMT_STATUS_REJECTED, /* Rejected, No Suitable Channel */
191 MGMT_STATUS_BUSY, /* Controller Busy */
192 MGMT_STATUS_INVALID_PARAMS, /* Unsuitable Connection Interval */
193 MGMT_STATUS_TIMEOUT, /* Directed Advertising Timeout */
194 MGMT_STATUS_AUTH_FAILED, /* Terminated Due to MIC Failure */
195 MGMT_STATUS_CONNECT_FAILED, /* Connection Establishment Failed */
196 MGMT_STATUS_CONNECT_FAILED, /* MAC Connection Failed */
197};
198
199static u8 mgmt_status(u8 hci_status)
200{
201 if (hci_status < ARRAY_SIZE(mgmt_status_table))
202 return mgmt_status_table[hci_status];
203
204 return MGMT_STATUS_FAILED;
205}
206
4e51eae9 207static int cmd_status(struct sock *sk, u16 index, u16 cmd, u8 status)
f7b64e69
JH		 208{
209 struct sk_buff *skb;
210 struct mgmt_hdr *hdr;
211 struct mgmt_ev_cmd_status *ev;
56b7d137 212 int err;
f7b64e69 213
34eb525c 214 BT_DBG("sock %p, index %u, cmd %u, status %u", sk, index, cmd, status);
f7b64e69
JH		 215
216 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev), GFP_ATOMIC);
217 if (!skb)
218 return -ENOMEM;
219
220 hdr = (void *) skb_put(skb, sizeof(*hdr));
221
222 hdr->opcode = cpu_to_le16(MGMT_EV_CMD_STATUS);
4e51eae9 223 hdr->index = cpu_to_le16(index);
f7b64e69
JH		 224 hdr->len = cpu_to_le16(sizeof(*ev));
225
226 ev = (void *) skb_put(skb, sizeof(*ev));
227 ev->status = status;
eb55ef07 228 ev->opcode = cpu_to_le16(cmd);
f7b64e69 229
56b7d137
GP		 230 err = sock_queue_rcv_skb(sk, skb);
231 if (err < 0)
f7b64e69
JH		 232 kfree_skb(skb);
233
56b7d137 234 return err;
f7b64e69
JH		 235}
236
aee9b218 237static int cmd_complete(struct sock *sk, u16 index, u16 cmd, u8 status,
04124681 238 void *rp, size_t rp_len)
02d98129
JH		 239{
240 struct sk_buff *skb;
241 struct mgmt_hdr *hdr;
242 struct mgmt_ev_cmd_complete *ev;
56b7d137 243 int err;
02d98129
JH		 244
245 BT_DBG("sock %p", sk);
246
a38528f1 247 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev) + rp_len, GFP_ATOMIC);
02d98129
JH		 248 if (!skb)
249 return -ENOMEM;
250
251 hdr = (void *) skb_put(skb, sizeof(*hdr));
02d98129 252
a38528f1 253 hdr->opcode = cpu_to_le16(MGMT_EV_CMD_COMPLETE);
4e51eae9 254 hdr->index = cpu_to_le16(index);
a38528f1 255 hdr->len = cpu_to_le16(sizeof(*ev) + rp_len);
02d98129 256
a38528f1 257 ev = (void *) skb_put(skb, sizeof(*ev) + rp_len);
eb55ef07 258 ev->opcode = cpu_to_le16(cmd);
aee9b218 259 ev->status = status;
8020c16a
SJ		 260
261 if (rp)
262 memcpy(ev->data, rp, rp_len);
02d98129 263
56b7d137
GP		 264 err = sock_queue_rcv_skb(sk, skb);
265 if (err < 0)
02d98129
JH		 266 kfree_skb(skb);
267
e5f0e151 268 return err;
02d98129
JH		 269}
270
04124681
GP		 271static int read_version(struct sock *sk, struct hci_dev *hdev, void *data,
272 u16 data_len)
a38528f1
JH		 273{
274 struct mgmt_rp_read_version rp;
275
276 BT_DBG("sock %p", sk);
277
278 rp.version = MGMT_VERSION;
eb55ef07 279 rp.revision = __constant_cpu_to_le16(MGMT_REVISION);
a38528f1 280
aee9b218 281 return cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_VERSION, 0, &rp,
04124681 282 sizeof(rp));
a38528f1
JH		 283}
284
04124681
GP		 285static int read_commands(struct sock *sk, struct hci_dev *hdev, void *data,
286 u16 data_len)
e70bb2e8
JH		 287{
288 struct mgmt_rp_read_commands *rp;
eb55ef07
MH		 289 const u16 num_commands = ARRAY_SIZE(mgmt_commands);
290 const u16 num_events = ARRAY_SIZE(mgmt_events);
2e3c35ea 291 __le16 *opcode;
e70bb2e8
JH		 292 size_t rp_size;
293 int i, err;
294
295 BT_DBG("sock %p", sk);
296
297 rp_size = sizeof(*rp) + ((num_commands + num_events) * sizeof(u16));
298
299 rp = kmalloc(rp_size, GFP_KERNEL);
300 if (!rp)
301 return -ENOMEM;
302
eb55ef07
MH		 303 rp->num_commands = __constant_cpu_to_le16(num_commands);
304 rp->num_events = __constant_cpu_to_le16(num_events);
e70bb2e8
JH		 305
306 for (i = 0, opcode = rp->opcodes; i < num_commands; i++, opcode++)
307 put_unaligned_le16(mgmt_commands[i], opcode);
308
309 for (i = 0; i < num_events; i++, opcode++)
310 put_unaligned_le16(mgmt_events[i], opcode);
311
aee9b218 312 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_COMMANDS, 0, rp,
04124681 313 rp_size);
e70bb2e8
JH		 314 kfree(rp);
315
316 return err;
317}
318
04124681
GP		 319static int read_index_list(struct sock *sk, struct hci_dev *hdev, void *data,
320 u16 data_len)
faba42eb 321{
faba42eb
JH		 322 struct mgmt_rp_read_index_list *rp;
323 struct list_head *p;
8035ded4 324 struct hci_dev *d;
a38528f1 325 size_t rp_len;
faba42eb 326 u16 count;
a38528f1 327 int i, err;
faba42eb
JH		 328
329 BT_DBG("sock %p", sk);
330
331 read_lock(&hci_dev_list_lock);
332
333 count = 0;
334 list_for_each(p, &hci_dev_list) {
335 count++;
336 }
337
a38528f1
JH		 338 rp_len = sizeof(*rp) + (2 * count);
339 rp = kmalloc(rp_len, GFP_ATOMIC);
340 if (!rp) {
b2c60d42 341 read_unlock(&hci_dev_list_lock);
faba42eb 342 return -ENOMEM;
b2c60d42 343 }
faba42eb 344
eb55ef07 345 rp->num_controllers = cpu_to_le16(count);
faba42eb
JH		 346
347 i = 0;
8035ded4 348 list_for_each_entry(d, &hci_dev_list, list) {
a8b2d5c2 349 if (test_bit(HCI_SETUP, &d->dev_flags))
ab81cbf9
JH		 350 continue;
351
eb55ef07 352 rp->index[i++] = cpu_to_le16(d->id);
faba42eb
JH		 353 BT_DBG("Added hci%u", d->id);
354 }
355
356 read_unlock(&hci_dev_list_lock);
357
aee9b218 358 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_INDEX_LIST, 0, rp,
04124681 359 rp_len);
faba42eb 360
a38528f1
JH		 361 kfree(rp);
362
363 return err;
faba42eb
JH		 364}
365
69ab39ea
JH		 366static u32 get_supported_settings(struct hci_dev *hdev)
367{
368 u32 settings = 0;
369
370 settings |= MGMT_SETTING_POWERED;
371 settings |= MGMT_SETTING_CONNECTABLE;
372 settings |= MGMT_SETTING_FAST_CONNECTABLE;
373 settings |= MGMT_SETTING_DISCOVERABLE;
374 settings |= MGMT_SETTING_PAIRABLE;
375
376 if (hdev->features[6] & LMP_SIMPLE_PAIR)
377 settings |= MGMT_SETTING_SSP;
378
379 if (!(hdev->features[4] & LMP_NO_BREDR)) {
380 settings |= MGMT_SETTING_BREDR;
381 settings |= MGMT_SETTING_LINK_SECURITY;
382 }
383
d7b7e796
MH		 384 if (enable_hs)
385 settings |= MGMT_SETTING_HS;
386
387 if (enable_le) {
388 if (hdev->features[4] & LMP_LE)
389 settings |= MGMT_SETTING_LE;
390 }
69ab39ea
JH		 391
392 return settings;
393}
394
395static u32 get_current_settings(struct hci_dev *hdev)
396{
397 u32 settings = 0;
398
f1f0eb02 399 if (hdev_is_powered(hdev))
f0d4b78a
MH		 400 settings |= MGMT_SETTING_POWERED;
401
5e5282bb 402 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
69ab39ea
JH		 403 settings |= MGMT_SETTING_CONNECTABLE;
404
5e5282bb 405 if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
69ab39ea
JH		 406 settings |= MGMT_SETTING_DISCOVERABLE;
407
a8b2d5c2 408 if (test_bit(HCI_PAIRABLE, &hdev->dev_flags))
69ab39ea
JH		 409 settings |= MGMT_SETTING_PAIRABLE;
410
411 if (!(hdev->features[4] & LMP_NO_BREDR))
412 settings |= MGMT_SETTING_BREDR;
413
06199cf8 414 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
69ab39ea
JH		 415 settings |= MGMT_SETTING_LE;
416
47990ea0 417 if (test_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
69ab39ea
JH		 418 settings |= MGMT_SETTING_LINK_SECURITY;
419
84bde9d6 420 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
69ab39ea
JH		 421 settings |= MGMT_SETTING_SSP;
422
6d80dfd0
JH		 423 if (test_bit(HCI_HS_ENABLED, &hdev->dev_flags))
424 settings |= MGMT_SETTING_HS;
425
69ab39ea
JH		 426 return settings;
427}
428
ef580372
JH		 429#define PNP_INFO_SVCLASS_ID 0x1200
430
431static u8 bluetooth_base_uuid[] = {
432 0xFB, 0x34, 0x9B, 0x5F, 0x80, 0x00, 0x00, 0x80,
433 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
434};
435
436static u16 get_uuid16(u8 *uuid128)
437{
438 u32 val;
439 int i;
440
441 for (i = 0; i < 12; i++) {
442 if (bluetooth_base_uuid[i] != uuid128[i])
443 return 0;
444 }
445
3e9fb6d8 446 val = get_unaligned_le32(&uuid128[12]);
ef580372
JH		 447 if (val > 0xffff)
448 return 0;
449
450 return (u16) val;
451}
452
453static void create_eir(struct hci_dev *hdev, u8 *data)
454{
455 u8 *ptr = data;
456 u16 eir_len = 0;
457 u16 uuid16_list[HCI_MAX_EIR_LENGTH / sizeof(u16)];
458 int i, truncated = 0;
459 struct bt_uuid *uuid;
460 size_t name_len;
461
462 name_len = strlen(hdev->dev_name);
463
464 if (name_len > 0) {
465 /* EIR Data type */
466 if (name_len > 48) {
467 name_len = 48;
468 ptr[1] = EIR_NAME_SHORT;
469 } else
470 ptr[1] = EIR_NAME_COMPLETE;
471
472 /* EIR Data length */
473 ptr[0] = name_len + 1;
474
475 memcpy(ptr + 2, hdev->dev_name, name_len);
476
477 eir_len += (name_len + 2);
478 ptr += (name_len + 2);
479 }
480
91c4e9b1
MH		 481 if (hdev->inq_tx_power) {
482 ptr[0] = 2;
483 ptr[1] = EIR_TX_POWER;
484 ptr[2] = (u8) hdev->inq_tx_power;
485
486 eir_len += 3;
487 ptr += 3;
488 }
489
2b9be137
MH		 490 if (hdev->devid_source > 0) {
491 ptr[0] = 9;
492 ptr[1] = EIR_DEVICE_ID;
493
494 put_unaligned_le16(hdev->devid_source, ptr + 2);
495 put_unaligned_le16(hdev->devid_vendor, ptr + 4);
496 put_unaligned_le16(hdev->devid_product, ptr + 6);
497 put_unaligned_le16(hdev->devid_version, ptr + 8);
498
499 eir_len += 10;
500 ptr += 10;
501 }
502
ef580372
JH		 503 memset(uuid16_list, 0, sizeof(uuid16_list));
504
505 /* Group all UUID16 types */
506 list_for_each_entry(uuid, &hdev->uuids, list) {
507 u16 uuid16;
508
509 uuid16 = get_uuid16(uuid->uuid);
510 if (uuid16 == 0)
511 return;
512
513 if (uuid16 < 0x1100)
514 continue;
515
516 if (uuid16 == PNP_INFO_SVCLASS_ID)
517 continue;
518
519 /* Stop if not enough space to put next UUID */
520 if (eir_len + 2 + sizeof(u16) > HCI_MAX_EIR_LENGTH) {
521 truncated = 1;
522 break;
523 }
524
525 /* Check for duplicates */
526 for (i = 0; uuid16_list[i] != 0; i++)
527 if (uuid16_list[i] == uuid16)
528 break;
529
530 if (uuid16_list[i] == 0) {
531 uuid16_list[i] = uuid16;
532 eir_len += sizeof(u16);
533 }
534 }
535
536 if (uuid16_list[0] != 0) {
537 u8 *length = ptr;
538
539 /* EIR Data type */
540 ptr[1] = truncated ? EIR_UUID16_SOME : EIR_UUID16_ALL;
541
542 ptr += 2;
543 eir_len += 2;
544
545 for (i = 0; uuid16_list[i] != 0; i++) {
546 *ptr++ = (uuid16_list[i] & 0x00ff);
547 *ptr++ = (uuid16_list[i] & 0xff00) >> 8;
548 }
549
550 /* EIR Data length */
551 *length = (i * sizeof(u16)) + 1;
552 }
553}
554
555static int update_eir(struct hci_dev *hdev)
556{
557 struct hci_cp_write_eir cp;
558
504c8dcd 559 if (!hdev_is_powered(hdev))
7770c4aa
JH		 560 return 0;
561
ef580372
JH		 562 if (!(hdev->features[6] & LMP_EXT_INQ))
563 return 0;
564
84bde9d6 565 if (!test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
ef580372
JH		 566 return 0;
567
a8b2d5c2 568 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
ef580372
JH		 569 return 0;
570
571 memset(&cp, 0, sizeof(cp));
572
573 create_eir(hdev, cp.data);
574
575 if (memcmp(cp.data, hdev->eir, sizeof(cp.data)) == 0)
576 return 0;
577
578 memcpy(hdev->eir, cp.data, sizeof(cp.data));
579
580 return hci_send_cmd(hdev, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
581}
582
583static u8 get_service_classes(struct hci_dev *hdev)
584{
585 struct bt_uuid *uuid;
586 u8 val = 0;
587
588 list_for_each_entry(uuid, &hdev->uuids, list)
589 val |= uuid->svc_hint;
590
591 return val;
592}
593
594static int update_class(struct hci_dev *hdev)
595{
596 u8 cod[3];
c95f0ba7 597 int err;
ef580372
JH		 598
599 BT_DBG("%s", hdev->name);
600
504c8dcd 601 if (!hdev_is_powered(hdev))
7770c4aa
JH		 602 return 0;
603
a8b2d5c2 604 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
ef580372
JH		 605 return 0;
606
607 cod[0] = hdev->minor_class;
608 cod[1] = hdev->major_class;
609 cod[2] = get_service_classes(hdev);
610
611 if (memcmp(cod, hdev->dev_class, 3) == 0)
612 return 0;
613
c95f0ba7
JH		 614 err = hci_send_cmd(hdev, HCI_OP_WRITE_CLASS_OF_DEV, sizeof(cod), cod);
615 if (err == 0)
616 set_bit(HCI_PENDING_CLASS, &hdev->dev_flags);
617
618 return err;
ef580372
JH		 619}
620
7d78525d
JH		 621static void service_cache_off(struct work_struct *work)
622{
623 struct hci_dev *hdev = container_of(work, struct hci_dev,
04124681 624 service_cache.work);
7d78525d 625
a8b2d5c2 626 if (!test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
7d78525d
JH		 627 return;
628
629 hci_dev_lock(hdev);
630
631 update_eir(hdev);
632 update_class(hdev);
633
634 hci_dev_unlock(hdev);
635}
636
6a919082 637static void mgmt_init_hdev(struct sock *sk, struct hci_dev *hdev)
7d78525d 638{
4f87da80 639 if (test_and_set_bit(HCI_MGMT, &hdev->dev_flags))
6a919082
JH		 640 return;
641
4f87da80 642 INIT_DELAYED_WORK(&hdev->service_cache, service_cache_off);
7d78525d 643
4f87da80
JH		 644 /* Non-mgmt controlled devices get this bit set
645 * implicitly so that pairing works for them, however
646 * for mgmt we require user-space to explicitly enable
647 * it
648 */
649 clear_bit(HCI_PAIRABLE, &hdev->dev_flags);
7d78525d
JH		 650}
651
0f4e68cf 652static int read_controller_info(struct sock *sk, struct hci_dev *hdev,
04124681 653 void *data, u16 data_len)
0381101f 654{
a38528f1 655 struct mgmt_rp_read_info rp;
f7b64e69 656
bdb6d971 657 BT_DBG("sock %p %s", sk, hdev->name);
f7b64e69 658
09fd0de5 659 hci_dev_lock(hdev);
f7b64e69 660
dc4fe30b
JH		 661 memset(&rp, 0, sizeof(rp));
662
69ab39ea 663 bacpy(&rp.bdaddr, &hdev->bdaddr);
f7b64e69 664
69ab39ea 665 rp.version = hdev->hci_ver;
eb55ef07 666 rp.manufacturer = cpu_to_le16(hdev->manufacturer);
69ab39ea
JH		 667
668 rp.supported_settings = cpu_to_le32(get_supported_settings(hdev));
669 rp.current_settings = cpu_to_le32(get_current_settings(hdev));
f7b64e69 670
a38528f1 671 memcpy(rp.dev_class, hdev->dev_class, 3);
f7b64e69 672
dc4fe30b 673 memcpy(rp.name, hdev->dev_name, sizeof(hdev->dev_name));
27fcc362 674 memcpy(rp.short_name, hdev->short_name, sizeof(hdev->short_name));
dc4fe30b 675
09fd0de5 676 hci_dev_unlock(hdev);
0381101f 677
bdb6d971 678 return cmd_complete(sk, hdev->id, MGMT_OP_READ_INFO, 0, &rp,
04124681 679 sizeof(rp));
0381101f
JH		 680}
681
eec8d2bc
JH		 682static void mgmt_pending_free(struct pending_cmd *cmd)
683{
684 sock_put(cmd->sk);
c68fb7ff 685 kfree(cmd->param);
eec8d2bc
JH		 686 kfree(cmd);
687}
688
366a0336 689static struct pending_cmd *mgmt_pending_add(struct sock *sk, u16 opcode,
04124681
GP		 690 struct hci_dev *hdev, void *data,
691 u16 len)
eec8d2bc
JH		 692{
693 struct pending_cmd *cmd;
694
695 cmd = kmalloc(sizeof(*cmd), GFP_ATOMIC);
696 if (!cmd)
366a0336 697 return NULL;
eec8d2bc
JH		 698
699 cmd->opcode = opcode;
2e58ef3e 700 cmd->index = hdev->id;
eec8d2bc 701
c68fb7ff
SJ		 702 cmd->param = kmalloc(len, GFP_ATOMIC);
703 if (!cmd->param) {
eec8d2bc 704 kfree(cmd);
366a0336 705 return NULL;
eec8d2bc
JH		 706 }
707
8fce6357
SJ		 708 if (data)
709 memcpy(cmd->param, data, len);
eec8d2bc
JH		 710
711 cmd->sk = sk;
712 sock_hold(sk);
713
2e58ef3e 714 list_add(&cmd->list, &hdev->mgmt_pending);
eec8d2bc 715
366a0336 716 return cmd;
eec8d2bc
JH		 717}
718
744cf19e 719static void mgmt_pending_foreach(u16 opcode, struct hci_dev *hdev,
04124681
GP		 720 void (*cb)(struct pending_cmd *cmd, void *data),
721 void *data)
eec8d2bc
JH		 722{
723 struct list_head *p, *n;
724
2e58ef3e 725 list_for_each_safe(p, n, &hdev->mgmt_pending) {
eec8d2bc
JH		 726 struct pending_cmd *cmd;
727
728 cmd = list_entry(p, struct pending_cmd, list);
729
b24752fe 730 if (opcode > 0 && cmd->opcode != opcode)
eec8d2bc
JH		 731 continue;
732
eec8d2bc
JH		 733 cb(cmd, data);
734 }
735}
736
2e58ef3e 737static struct pending_cmd *mgmt_pending_find(u16 opcode, struct hci_dev *hdev)
eec8d2bc 738{
8035ded4 739 struct pending_cmd *cmd;
eec8d2bc 740
2e58ef3e 741 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
2aeabcbe
JH		 742 if (cmd->opcode == opcode)
743 return cmd;
eec8d2bc
JH		 744 }
745
746 return NULL;
747}
748
a664b5bc 749static void mgmt_pending_remove(struct pending_cmd *cmd)
73f22f62 750{
73f22f62
JH		 751 list_del(&cmd->list);
752 mgmt_pending_free(cmd);
753}
754
69ab39ea 755static int send_settings_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
8680570b 756{
69ab39ea 757 __le32 settings = cpu_to_le32(get_current_settings(hdev));
8680570b 758
aee9b218 759 return cmd_complete(sk, hdev->id, opcode, 0, &settings,
04124681 760 sizeof(settings));
8680570b
JH		 761}
762
bdb6d971 763static int set_powered(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 764 u16 len)
eec8d2bc 765{
650f726d 766 struct mgmt_mode *cp = data;
366a0336 767 struct pending_cmd *cmd;
4b34ee78 768 int err;
eec8d2bc 769
bdb6d971 770 BT_DBG("request for %s", hdev->name);
eec8d2bc 771
09fd0de5 772 hci_dev_lock(hdev);
eec8d2bc 773
f0d4b78a
MH		 774 if (test_and_clear_bit(HCI_AUTO_OFF, &hdev->dev_flags)) {
775 cancel_delayed_work(&hdev->power_off);
776
777 if (cp->val) {
778 err = send_settings_rsp(sk, MGMT_OP_SET_POWERED, hdev);
779 mgmt_powered(hdev, 1);
780 goto failed;
781 }
782 }
783
4b34ee78 784 if (!!cp->val == hdev_is_powered(hdev)) {
69ab39ea 785 err = send_settings_rsp(sk, MGMT_OP_SET_POWERED, hdev);
eec8d2bc
JH		 786 goto failed;
787 }
788
2e58ef3e 789 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev)) {
bdb6d971 790 err = cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
04124681 791 MGMT_STATUS_BUSY);
eec8d2bc
JH		 792 goto failed;
793 }
794
2e58ef3e 795 cmd = mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev, data, len);
366a0336
JH		 796 if (!cmd) {
797 err = -ENOMEM;
eec8d2bc 798 goto failed;
366a0336 799 }
eec8d2bc 800
72a734ec 801 if (cp->val)
7f971041 802 schedule_work(&hdev->power_on);
eec8d2bc 803 else
80b7ab33 804 schedule_work(&hdev->power_off.work);
eec8d2bc 805
366a0336 806 err = 0;
eec8d2bc
JH		 807
808failed:
09fd0de5 809 hci_dev_unlock(hdev);
366a0336 810 return err;
eec8d2bc
JH		 811}
812
04124681
GP		 813static int mgmt_event(u16 event, struct hci_dev *hdev, void *data, u16 data_len,
814 struct sock *skip_sk)
beadb2bd
JH		 815{
816 struct sk_buff *skb;
817 struct mgmt_hdr *hdr;
818
819 skb = alloc_skb(sizeof(*hdr) + data_len, GFP_ATOMIC);
820 if (!skb)
821 return -ENOMEM;
822
823 hdr = (void *) skb_put(skb, sizeof(*hdr));
824 hdr->opcode = cpu_to_le16(event);
825 if (hdev)
826 hdr->index = cpu_to_le16(hdev->id);
827 else
828 hdr->index = cpu_to_le16(MGMT_INDEX_NONE);
829 hdr->len = cpu_to_le16(data_len);
830
831 if (data)
832 memcpy(skb_put(skb, data_len), data, data_len);
833
97e0bdeb
MH		 834 /* Time stamp */
835 __net_timestamp(skb);
836
beadb2bd
JH		 837 hci_send_to_control(skb, skip_sk);
838 kfree_skb(skb);
839
840 return 0;
841}
842
843static int new_settings(struct hci_dev *hdev, struct sock *skip)
844{
845 __le32 ev;
846
847 ev = cpu_to_le32(get_current_settings(hdev));
848
849 return mgmt_event(MGMT_EV_NEW_SETTINGS, hdev, &ev, sizeof(ev), skip);
850}
851
bdb6d971 852static int set_discoverable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 853 u16 len)
73f22f62 854{
650f726d 855 struct mgmt_cp_set_discoverable *cp = data;
366a0336 856 struct pending_cmd *cmd;
5e5282bb 857 u16 timeout;
73f22f62
JH		 858 u8 scan;
859 int err;
860
bdb6d971 861 BT_DBG("request for %s", hdev->name);
73f22f62 862
1f350c87 863 timeout = __le16_to_cpu(cp->timeout);
24c54a90 864 if (!cp->val && timeout > 0)
bdb6d971 865 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 866 MGMT_STATUS_INVALID_PARAMS);
73f22f62 867
09fd0de5 868 hci_dev_lock(hdev);
73f22f62 869
5e5282bb 870 if (!hdev_is_powered(hdev) && timeout > 0) {
bdb6d971 871 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 872 MGMT_STATUS_NOT_POWERED);
73f22f62
JH		 873 goto failed;
874 }
875
2e58ef3e
JH		 876 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
877 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
bdb6d971 878 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 879 MGMT_STATUS_BUSY);
73f22f62
JH		 880 goto failed;
881 }
882
5e5282bb 883 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags)) {
bdb6d971 884 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 885 MGMT_STATUS_REJECTED);
5e5282bb
JH		 886 goto failed;
887 }
888
889 if (!hdev_is_powered(hdev)) {
0224d2fa
JH		 890 bool changed = false;
891
892 if (!!cp->val != test_bit(HCI_DISCOVERABLE, &hdev->dev_flags)) {
893 change_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
894 changed = true;
895 }
896
5e5282bb 897 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
0224d2fa
JH		 898 if (err < 0)
899 goto failed;
900
901 if (changed)
902 err = new_settings(hdev, sk);
903
5e5282bb
JH		 904 goto failed;
905 }
906
907 if (!!cp->val == test_bit(HCI_DISCOVERABLE, &hdev->dev_flags)) {
955638ec
MH		 908 if (hdev->discov_timeout > 0) {
909 cancel_delayed_work(&hdev->discov_off);
910 hdev->discov_timeout = 0;
911 }
912
913 if (cp->val && timeout > 0) {
914 hdev->discov_timeout = timeout;
915 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
916 msecs_to_jiffies(hdev->discov_timeout * 1000));
917 }
918
69ab39ea 919 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
73f22f62
JH		 920 goto failed;
921 }
922
2e58ef3e 923 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DISCOVERABLE, hdev, data, len);
366a0336
JH		 924 if (!cmd) {
925 err = -ENOMEM;
73f22f62 926 goto failed;
366a0336 927 }
73f22f62
JH		 928
929 scan = SCAN_PAGE;
930
72a734ec 931 if (cp->val)
73f22f62 932 scan |= SCAN_INQUIRY;
16ab91ab 933 else
e0f9309f 934 cancel_delayed_work(&hdev->discov_off);
73f22f62
JH		 935
936 err = hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
937 if (err < 0)
a664b5bc 938 mgmt_pending_remove(cmd);
73f22f62 939
16ab91ab 940 if (cp->val)
5e5282bb 941 hdev->discov_timeout = timeout;
16ab91ab 942
73f22f62 943failed:
09fd0de5 944 hci_dev_unlock(hdev);
73f22f62
JH		 945 return err;
946}
947
bdb6d971 948static int set_connectable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 949 u16 len)
9fbcbb45 950{
650f726d 951 struct mgmt_mode *cp = data;
366a0336 952 struct pending_cmd *cmd;
9fbcbb45
JH		 953 u8 scan;
954 int err;
955
bdb6d971 956 BT_DBG("request for %s", hdev->name);
9fbcbb45 957
09fd0de5 958 hci_dev_lock(hdev);
9fbcbb45 959
4b34ee78 960 if (!hdev_is_powered(hdev)) {
0224d2fa
JH		 961 bool changed = false;
962
963 if (!!cp->val != test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
964 changed = true;
965
6bf0e469 966 if (cp->val) {
5e5282bb 967 set_bit(HCI_CONNECTABLE, &hdev->dev_flags);
6bf0e469 968 } else {
5e5282bb
JH		 969 clear_bit(HCI_CONNECTABLE, &hdev->dev_flags);
970 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
971 }
0224d2fa 972
5e5282bb 973 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
0224d2fa
JH		 974 if (err < 0)
975 goto failed;
976
977 if (changed)
978 err = new_settings(hdev, sk);
979
9fbcbb45
JH		 980 goto failed;
981 }
982
2e58ef3e
JH		 983 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
984 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
bdb6d971 985 err = cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
04124681 986 MGMT_STATUS_BUSY);
9fbcbb45
JH		 987 goto failed;
988 }
989
5e5282bb 990 if (!!cp->val == test_bit(HCI_PSCAN, &hdev->flags)) {
69ab39ea 991 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
9fbcbb45
JH		 992 goto failed;
993 }
994
2e58ef3e 995 cmd = mgmt_pending_add(sk, MGMT_OP_SET_CONNECTABLE, hdev, data, len);
366a0336
JH		 996 if (!cmd) {
997 err = -ENOMEM;
9fbcbb45 998 goto failed;
366a0336 999 }
9fbcbb45 1000
6bf0e469 1001 if (cp->val) {
9fbcbb45 1002 scan = SCAN_PAGE;
6bf0e469 1003 } else {
9fbcbb45
JH		 1004 scan = 0;
1005
df2c6c5e
JH		 1006 if (test_bit(HCI_ISCAN, &hdev->flags) &&
1007 hdev->discov_timeout > 0)
1008 cancel_delayed_work(&hdev->discov_off);
1009 }
1010
9fbcbb45
JH		 1011 err = hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1012 if (err < 0)
a664b5bc 1013 mgmt_pending_remove(cmd);
9fbcbb45
JH		 1014
1015failed:
09fd0de5 1016 hci_dev_unlock(hdev);
9fbcbb45
JH		 1017 return err;
1018}
1019
bdb6d971 1020static int set_pairable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1021 u16 len)
c542a06c 1022{
650f726d 1023 struct mgmt_mode *cp = data;
c542a06c
JH		 1024 int err;
1025
bdb6d971 1026 BT_DBG("request for %s", hdev->name);
c542a06c 1027
09fd0de5 1028 hci_dev_lock(hdev);
c542a06c
JH		 1029
1030 if (cp->val)
a8b2d5c2 1031 set_bit(HCI_PAIRABLE, &hdev->dev_flags);
c542a06c 1032 else
a8b2d5c2 1033 clear_bit(HCI_PAIRABLE, &hdev->dev_flags);
c542a06c 1034
69ab39ea 1035 err = send_settings_rsp(sk, MGMT_OP_SET_PAIRABLE, hdev);
c542a06c
JH		 1036 if (err < 0)
1037 goto failed;
1038
beadb2bd 1039 err = new_settings(hdev, sk);
c542a06c
JH		 1040
1041failed:
09fd0de5 1042 hci_dev_unlock(hdev);
c542a06c
JH		 1043 return err;
1044}
1045
04124681
GP		 1046static int set_link_security(struct sock *sk, struct hci_dev *hdev, void *data,
1047 u16 len)
33ef95ed
JH		 1048{
1049 struct mgmt_mode *cp = data;
1050 struct pending_cmd *cmd;
816a11d5 1051 u8 val;
33ef95ed
JH		 1052 int err;
1053
bdb6d971 1054 BT_DBG("request for %s", hdev->name);
33ef95ed 1055
33ef95ed
JH		 1056 hci_dev_lock(hdev);
1057
4b34ee78 1058 if (!hdev_is_powered(hdev)) {
47990ea0
JH		 1059 bool changed = false;
1060
1061 if (!!cp->val != test_bit(HCI_LINK_SECURITY,
1062 &hdev->dev_flags)) {
1063 change_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
1064 changed = true;
1065 }
1066
1067 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1068 if (err < 0)
1069 goto failed;
1070
1071 if (changed)
1072 err = new_settings(hdev, sk);
1073
33ef95ed
JH		 1074 goto failed;
1075 }
1076
1077 if (mgmt_pending_find(MGMT_OP_SET_LINK_SECURITY, hdev)) {
bdb6d971 1078 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
04124681 1079 MGMT_STATUS_BUSY);
33ef95ed
JH		 1080 goto failed;
1081 }
1082
1083 val = !!cp->val;
1084
1085 if (test_bit(HCI_AUTH, &hdev->flags) == val) {
1086 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1087 goto failed;
1088 }
1089
1090 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LINK_SECURITY, hdev, data, len);
1091 if (!cmd) {
1092 err = -ENOMEM;
1093 goto failed;
1094 }
1095
1096 err = hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE, sizeof(val), &val);
1097 if (err < 0) {
1098 mgmt_pending_remove(cmd);
1099 goto failed;
1100 }
1101
1102failed:
1103 hci_dev_unlock(hdev);
33ef95ed
JH		 1104 return err;
1105}
1106
bdb6d971 1107static int set_ssp(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
ed2c4ee3
JH		 1108{
1109 struct mgmt_mode *cp = data;
1110 struct pending_cmd *cmd;
816a11d5 1111 u8 val;
ed2c4ee3
JH		 1112 int err;
1113
bdb6d971 1114 BT_DBG("request for %s", hdev->name);
ed2c4ee3 1115
ed2c4ee3
JH		 1116 hci_dev_lock(hdev);
1117
6c8f12c1 1118 if (!(hdev->features[6] & LMP_SIMPLE_PAIR)) {
bdb6d971 1119 err = cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
04124681 1120 MGMT_STATUS_NOT_SUPPORTED);
6c8f12c1
JH		 1121 goto failed;
1122 }
1123
c0ecddc2
JH		 1124 val = !!cp->val;
1125
4b34ee78 1126 if (!hdev_is_powered(hdev)) {
c0ecddc2
JH		 1127 bool changed = false;
1128
1129 if (val != test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) {
1130 change_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
1131 changed = true;
1132 }
1133
1134 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1135 if (err < 0)
1136 goto failed;
1137
1138 if (changed)
1139 err = new_settings(hdev, sk);
1140
ed2c4ee3
JH		 1141 goto failed;
1142 }
1143
1144 if (mgmt_pending_find(MGMT_OP_SET_SSP, hdev)) {
d97dcb66
SJ		 1145 err = cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1146 MGMT_STATUS_BUSY);
ed2c4ee3
JH		 1147 goto failed;
1148 }
1149
ed2c4ee3
JH		 1150 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags) == val) {
1151 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1152 goto failed;
1153 }
1154
1155 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SSP, hdev, data, len);
1156 if (!cmd) {
1157 err = -ENOMEM;
1158 goto failed;
1159 }
1160
1161 err = hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, sizeof(val), &val);
1162 if (err < 0) {
1163 mgmt_pending_remove(cmd);
1164 goto failed;
1165 }
1166
1167failed:
1168 hci_dev_unlock(hdev);
ed2c4ee3
JH		 1169 return err;
1170}
1171
bdb6d971 1172static int set_hs(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
6d80dfd0
JH		 1173{
1174 struct mgmt_mode *cp = data;
6d80dfd0 1175
bdb6d971 1176 BT_DBG("request for %s", hdev->name);
6d80dfd0 1177
bdb6d971
JH		 1178 if (!enable_hs)
1179 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
04124681 1180 MGMT_STATUS_NOT_SUPPORTED);
6d80dfd0
JH		 1181
1182 if (cp->val)
1183 set_bit(HCI_HS_ENABLED, &hdev->dev_flags);
1184 else
1185 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
1186
bdb6d971 1187 return send_settings_rsp(sk, MGMT_OP_SET_HS, hdev);
6d80dfd0
JH		 1188}
1189
bdb6d971 1190static int set_le(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
06199cf8
JH		 1191{
1192 struct mgmt_mode *cp = data;
1193 struct hci_cp_write_le_host_supported hci_cp;
1194 struct pending_cmd *cmd;
06199cf8 1195 int err;
0b60eba1 1196 u8 val, enabled;
06199cf8 1197
bdb6d971 1198 BT_DBG("request for %s", hdev->name);
06199cf8 1199
1de028ce
JH		 1200 hci_dev_lock(hdev);
1201
06199cf8 1202 if (!enable_le || !(hdev->features[4] & LMP_LE)) {
bdb6d971 1203 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
04124681 1204 MGMT_STATUS_NOT_SUPPORTED);
1de028ce 1205 goto unlock;
06199cf8
JH		 1206 }
1207
1208 val = !!cp->val;
0b60eba1 1209 enabled = !!(hdev->host_features[0] & LMP_HOST_LE);
06199cf8 1210
0b60eba1 1211 if (!hdev_is_powered(hdev) || val == enabled) {
06199cf8
JH		 1212 bool changed = false;
1213
1214 if (val != test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
1215 change_bit(HCI_LE_ENABLED, &hdev->dev_flags);
1216 changed = true;
1217 }
1218
1219 err = send_settings_rsp(sk, MGMT_OP_SET_LE, hdev);
1220 if (err < 0)
1de028ce 1221 goto unlock;
06199cf8
JH		 1222
1223 if (changed)
1224 err = new_settings(hdev, sk);
1225
1de028ce 1226 goto unlock;
06199cf8
JH		 1227 }
1228
1229 if (mgmt_pending_find(MGMT_OP_SET_LE, hdev)) {
bdb6d971 1230 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
04124681 1231 MGMT_STATUS_BUSY);
1de028ce 1232 goto unlock;
06199cf8
JH		 1233 }
1234
1235 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LE, hdev, data, len);
1236 if (!cmd) {
1237 err = -ENOMEM;
1de028ce 1238 goto unlock;
06199cf8
JH		 1239 }
1240
1241 memset(&hci_cp, 0, sizeof(hci_cp));
1242
1243 if (val) {
1244 hci_cp.le = val;
1245 hci_cp.simul = !!(hdev->features[6] & LMP_SIMUL_LE_BR);
1246 }
1247
04124681
GP		 1248 err = hci_send_cmd(hdev, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(hci_cp),
1249 &hci_cp);
06199cf8
JH		 1250 if (err < 0) {
1251 mgmt_pending_remove(cmd);
1de028ce 1252 goto unlock;
06199cf8
JH		 1253 }
1254
1de028ce
JH		 1255unlock:
1256 hci_dev_unlock(hdev);
06199cf8
JH		 1257 return err;
1258}
1259
bdb6d971 1260static int add_uuid(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
2aeb9a1a 1261{
650f726d 1262 struct mgmt_cp_add_uuid *cp = data;
90e70454 1263 struct pending_cmd *cmd;
2aeb9a1a 1264 struct bt_uuid *uuid;
2aeb9a1a
JH		 1265 int err;
1266
bdb6d971 1267 BT_DBG("request for %s", hdev->name);
2aeb9a1a 1268
09fd0de5 1269 hci_dev_lock(hdev);
2aeb9a1a 1270
c95f0ba7 1271 if (test_bit(HCI_PENDING_CLASS, &hdev->dev_flags)) {
bdb6d971 1272 err = cmd_status(sk, hdev->id, MGMT_OP_ADD_UUID,
04124681 1273 MGMT_STATUS_BUSY);
c95f0ba7
JH		 1274 goto failed;
1275 }
1276
2aeb9a1a
JH		 1277 uuid = kmalloc(sizeof(*uuid), GFP_ATOMIC);
1278 if (!uuid) {
1279 err = -ENOMEM;
1280 goto failed;
1281 }
1282
1283 memcpy(uuid->uuid, cp->uuid, 16);
1aff6f09 1284 uuid->svc_hint = cp->svc_hint;
2aeb9a1a
JH		 1285
1286 list_add(&uuid->list, &hdev->uuids);
1287
1aff6f09
JH		 1288 err = update_class(hdev);
1289 if (err < 0)
1290 goto failed;
1291
80a1e1db
JH		 1292 err = update_eir(hdev);
1293 if (err < 0)
1294 goto failed;
1295
90e70454 1296 if (!test_bit(HCI_PENDING_CLASS, &hdev->dev_flags)) {
bdb6d971 1297 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_UUID, 0,
04124681 1298 hdev->dev_class, 3);
90e70454
JH		 1299 goto failed;
1300 }
1301
1302 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_UUID, hdev, data, len);
1303 if (!cmd) {
1304 err = -ENOMEM;
1305 goto failed;
1306 }
2aeb9a1a
JH		 1307
1308failed:
09fd0de5 1309 hci_dev_unlock(hdev);
2aeb9a1a
JH		 1310 return err;
1311}
1312
24b78d0f
JH		 1313static bool enable_service_cache(struct hci_dev *hdev)
1314{
1315 if (!hdev_is_powered(hdev))
1316 return false;
1317
1318 if (!test_and_set_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
17b02e62 1319 schedule_delayed_work(&hdev->service_cache, CACHE_TIMEOUT);
24b78d0f
JH		 1320 return true;
1321 }
1322
1323 return false;
1324}
1325
bdb6d971
JH		 1326static int remove_uuid(struct sock *sk, struct hci_dev *hdev, void *data,
1327 u16 len)
2aeb9a1a 1328{
650f726d 1329 struct mgmt_cp_remove_uuid *cp = data;
90e70454 1330 struct pending_cmd *cmd;
2aeb9a1a 1331 struct list_head *p, *n;
2aeb9a1a 1332 u8 bt_uuid_any[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
2aeb9a1a
JH		 1333 int err, found;
1334
bdb6d971 1335 BT_DBG("request for %s", hdev->name);
2aeb9a1a 1336
09fd0de5 1337 hci_dev_lock(hdev);
2aeb9a1a 1338
c95f0ba7 1339 if (test_bit(HCI_PENDING_CLASS, &hdev->dev_flags)) {
bdb6d971 1340 err = cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
04124681 1341 MGMT_STATUS_BUSY);
c95f0ba7
JH		 1342 goto unlock;
1343 }
1344
2aeb9a1a
JH		 1345 if (memcmp(cp->uuid, bt_uuid_any, 16) == 0) {
1346 err = hci_uuids_clear(hdev);
4004b6d9 1347
24b78d0f 1348 if (enable_service_cache(hdev)) {
bdb6d971 1349 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID,
04124681 1350 0, hdev->dev_class, 3);
24b78d0f
JH		 1351 goto unlock;
1352 }
4004b6d9 1353
9246a869 1354 goto update_class;
2aeb9a1a
JH		 1355 }
1356
1357 found = 0;
1358
1359 list_for_each_safe(p, n, &hdev->uuids) {
1360 struct bt_uuid *match = list_entry(p, struct bt_uuid, list);
1361
1362 if (memcmp(match->uuid, cp->uuid, 16) != 0)
1363 continue;
1364
1365 list_del(&match->list);
1366 found++;
1367 }
1368
1369 if (found == 0) {
bdb6d971 1370 err = cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
04124681 1371 MGMT_STATUS_INVALID_PARAMS);
2aeb9a1a
JH		 1372 goto unlock;
1373 }
1374
9246a869 1375update_class:
1aff6f09
JH		 1376 err = update_class(hdev);
1377 if (err < 0)
1378 goto unlock;
1379
80a1e1db
JH		 1380 err = update_eir(hdev);
1381 if (err < 0)
1382 goto unlock;
1383
90e70454 1384 if (!test_bit(HCI_PENDING_CLASS, &hdev->dev_flags)) {
bdb6d971 1385 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID, 0,
04124681 1386 hdev->dev_class, 3);
90e70454
JH		 1387 goto unlock;
1388 }
1389
1390 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_UUID, hdev, data, len);
1391 if (!cmd) {
1392 err = -ENOMEM;
1393 goto unlock;
1394 }
2aeb9a1a
JH		 1395
1396unlock:
09fd0de5 1397 hci_dev_unlock(hdev);
2aeb9a1a
JH		 1398 return err;
1399}
1400
bdb6d971 1401static int set_dev_class(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1402 u16 len)
1aff6f09 1403{
650f726d 1404 struct mgmt_cp_set_dev_class *cp = data;
90e70454 1405 struct pending_cmd *cmd;
1aff6f09
JH		 1406 int err;
1407
bdb6d971 1408 BT_DBG("request for %s", hdev->name);
1aff6f09 1409
09fd0de5 1410 hci_dev_lock(hdev);
1aff6f09 1411
c95f0ba7 1412 if (test_bit(HCI_PENDING_CLASS, &hdev->dev_flags)) {
bdb6d971 1413 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
04124681 1414 MGMT_STATUS_BUSY);
c95f0ba7
JH		 1415 goto unlock;
1416 }
1417
932f5ff5
JH		 1418 hdev->major_class = cp->major;
1419 hdev->minor_class = cp->minor;
1420
b5235a65 1421 if (!hdev_is_powered(hdev)) {
bdb6d971 1422 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
04124681 1423 hdev->dev_class, 3);
b5235a65
JH		 1424 goto unlock;
1425 }
1426
a8b2d5c2 1427 if (test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
7d78525d
JH		 1428 hci_dev_unlock(hdev);
1429 cancel_delayed_work_sync(&hdev->service_cache);
1430 hci_dev_lock(hdev);
14c0b608 1431 update_eir(hdev);
7d78525d 1432 }
14c0b608 1433
1aff6f09 1434 err = update_class(hdev);
90e70454
JH		 1435 if (err < 0)
1436 goto unlock;
1aff6f09 1437
90e70454 1438 if (!test_bit(HCI_PENDING_CLASS, &hdev->dev_flags)) {
bdb6d971 1439 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
04124681 1440 hdev->dev_class, 3);
90e70454
JH		 1441 goto unlock;
1442 }
1443
1444 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DEV_CLASS, hdev, data, len);
1445 if (!cmd) {
1446 err = -ENOMEM;
1447 goto unlock;
1448 }
1aff6f09 1449
b5235a65 1450unlock:
09fd0de5 1451 hci_dev_unlock(hdev);
1aff6f09
JH		 1452 return err;
1453}
1454
bdb6d971
JH		 1455static int load_link_keys(struct sock *sk, struct hci_dev *hdev, void *data,
1456 u16 len)
55ed8ca1 1457{
650f726d 1458 struct mgmt_cp_load_link_keys *cp = data;
4e51eae9 1459 u16 key_count, expected_len;
a492cd52 1460 int i;
55ed8ca1 1461
1f350c87 1462 key_count = __le16_to_cpu(cp->key_count);
55ed8ca1 1463
86742e1e
JH		 1464 expected_len = sizeof(*cp) + key_count *
1465 sizeof(struct mgmt_link_key_info);
a492cd52 1466 if (expected_len != len) {
86742e1e 1467 BT_ERR("load_link_keys: expected %u bytes, got %u bytes",
a492cd52 1468 len, expected_len);
bdb6d971 1469 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
04124681 1470 MGMT_STATUS_INVALID_PARAMS);
55ed8ca1
JH		 1471 }
1472
bdb6d971 1473 BT_DBG("%s debug_keys %u key_count %u", hdev->name, cp->debug_keys,
55ed8ca1
JH		 1474 key_count);
1475
09fd0de5 1476 hci_dev_lock(hdev);
55ed8ca1
JH		 1477
1478 hci_link_keys_clear(hdev);
1479
a8b2d5c2 1480 set_bit(HCI_LINK_KEYS, &hdev->dev_flags);
55ed8ca1
JH		 1481
1482 if (cp->debug_keys)
a8b2d5c2 1483 set_bit(HCI_DEBUG_KEYS, &hdev->dev_flags);
55ed8ca1 1484 else
a8b2d5c2 1485 clear_bit(HCI_DEBUG_KEYS, &hdev->dev_flags);
55ed8ca1 1486
a492cd52 1487 for (i = 0; i < key_count; i++) {
86742e1e 1488 struct mgmt_link_key_info *key = &cp->keys[i];
55ed8ca1 1489
d753fdc4 1490 hci_add_link_key(hdev, NULL, 0, &key->addr.bdaddr, key->val,
04124681 1491 key->type, key->pin_len);
55ed8ca1
JH		 1492 }
1493
bdb6d971 1494 cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS, 0, NULL, 0);
0e5f875a 1495
09fd0de5 1496 hci_dev_unlock(hdev);
55ed8ca1 1497
a492cd52 1498 return 0;
55ed8ca1
JH		 1499}
1500
b1078ad0 1501static int device_unpaired(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 1502 u8 addr_type, struct sock *skip_sk)
b1078ad0
JH		 1503{
1504 struct mgmt_ev_device_unpaired ev;
1505
1506 bacpy(&ev.addr.bdaddr, bdaddr);
1507 ev.addr.type = addr_type;
1508
1509 return mgmt_event(MGMT_EV_DEVICE_UNPAIRED, hdev, &ev, sizeof(ev),
04124681 1510 skip_sk);
b1078ad0
JH		 1511}
1512
bdb6d971 1513static int unpair_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1514 u16 len)
55ed8ca1 1515{
124f6e35
JH		 1516 struct mgmt_cp_unpair_device *cp = data;
1517 struct mgmt_rp_unpair_device rp;
a8a1d19e
JH		 1518 struct hci_cp_disconnect dc;
1519 struct pending_cmd *cmd;
55ed8ca1 1520 struct hci_conn *conn;
55ed8ca1
JH		 1521 int err;
1522
09fd0de5 1523 hci_dev_lock(hdev);
55ed8ca1 1524
a8a1d19e 1525 memset(&rp, 0, sizeof(rp));
124f6e35
JH		 1526 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
1527 rp.addr.type = cp->addr.type;
a8a1d19e 1528
86a8cfc6 1529 if (!hdev_is_powered(hdev)) {
bdb6d971 1530 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
04124681 1531 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
86a8cfc6
JH		 1532 goto unlock;
1533 }
1534
124f6e35
JH		 1535 if (cp->addr.type == MGMT_ADDR_BREDR)
1536 err = hci_remove_link_key(hdev, &cp->addr.bdaddr);
1537 else
1538 err = hci_remove_ltk(hdev, &cp->addr.bdaddr);
b0dbfb46 1539
55ed8ca1 1540 if (err < 0) {
bdb6d971 1541 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
04124681 1542 MGMT_STATUS_NOT_PAIRED, &rp, sizeof(rp));
55ed8ca1
JH		 1543 goto unlock;
1544 }
1545
86a8cfc6
JH		 1546 if (cp->disconnect) {
1547 if (cp->addr.type == MGMT_ADDR_BREDR)
1548 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
124f6e35 1549 &cp->addr.bdaddr);
86a8cfc6
JH		 1550 else
1551 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK,
124f6e35 1552 &cp->addr.bdaddr);
86a8cfc6
JH		 1553 } else {
1554 conn = NULL;
1555 }
124f6e35 1556
a8a1d19e 1557 if (!conn) {
bdb6d971 1558 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE, 0,
04124681 1559 &rp, sizeof(rp));
b1078ad0 1560 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, sk);
a8a1d19e
JH		 1561 goto unlock;
1562 }
55ed8ca1 1563
124f6e35 1564 cmd = mgmt_pending_add(sk, MGMT_OP_UNPAIR_DEVICE, hdev, cp,
04124681 1565 sizeof(*cp));
a8a1d19e
JH		 1566 if (!cmd) {
1567 err = -ENOMEM;
1568 goto unlock;
55ed8ca1
JH		 1569 }
1570
eb55ef07 1571 dc.handle = cpu_to_le16(conn->handle);
a8a1d19e
JH		 1572 dc.reason = 0x13; /* Remote User Terminated Connection */
1573 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
1574 if (err < 0)
1575 mgmt_pending_remove(cmd);
1576
55ed8ca1 1577unlock:
09fd0de5 1578 hci_dev_unlock(hdev);
55ed8ca1
JH		 1579 return err;
1580}
1581
bdb6d971 1582static int disconnect(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1583 u16 len)
8962ee74 1584{
650f726d 1585 struct mgmt_cp_disconnect *cp = data;
8962ee74 1586 struct hci_cp_disconnect dc;
366a0336 1587 struct pending_cmd *cmd;
8962ee74 1588 struct hci_conn *conn;
8962ee74
JH		 1589 int err;
1590
1591 BT_DBG("");
1592
09fd0de5 1593 hci_dev_lock(hdev);
8962ee74
JH		 1594
1595 if (!test_bit(HCI_UP, &hdev->flags)) {
bdb6d971 1596 err = cmd_status(sk, hdev->id, MGMT_OP_DISCONNECT,
04124681 1597 MGMT_STATUS_NOT_POWERED);
8962ee74
JH		 1598 goto failed;
1599 }
1600
2e58ef3e 1601 if (mgmt_pending_find(MGMT_OP_DISCONNECT, hdev)) {
bdb6d971 1602 err = cmd_status(sk, hdev->id, MGMT_OP_DISCONNECT,
04124681 1603 MGMT_STATUS_BUSY);
8962ee74
JH		 1604 goto failed;
1605 }
1606
88c3df13
JH		 1607 if (cp->addr.type == MGMT_ADDR_BREDR)
1608 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->addr.bdaddr);
1609 else
1610 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
365227e5 1611
8962ee74 1612 if (!conn) {
bdb6d971 1613 err = cmd_status(sk, hdev->id, MGMT_OP_DISCONNECT,
04124681 1614 MGMT_STATUS_NOT_CONNECTED);
8962ee74
JH		 1615 goto failed;
1616 }
1617
2e58ef3e 1618 cmd = mgmt_pending_add(sk, MGMT_OP_DISCONNECT, hdev, data, len);
366a0336
JH		 1619 if (!cmd) {
1620 err = -ENOMEM;
8962ee74 1621 goto failed;
366a0336 1622 }
8962ee74 1623
eb55ef07 1624 dc.handle = cpu_to_le16(conn->handle);
8962ee74
JH		 1625 dc.reason = 0x13; /* Remote User Terminated Connection */
1626
1627 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
1628 if (err < 0)
a664b5bc 1629 mgmt_pending_remove(cmd);
8962ee74
JH		 1630
1631failed:
09fd0de5 1632 hci_dev_unlock(hdev);
8962ee74
JH		 1633 return err;
1634}
1635
48264f06 1636static u8 link_to_mgmt(u8 link_type, u8 addr_type)
4c659c39
JH		 1637{
1638 switch (link_type) {
1639 case LE_LINK:
48264f06
JH		 1640 switch (addr_type) {
1641 case ADDR_LE_DEV_PUBLIC:
1642 return MGMT_ADDR_LE_PUBLIC;
0ed09148 1643
48264f06 1644 default:
0ed09148
AG		 1645 /* Fallback to LE Random address type */
1646 return MGMT_ADDR_LE_RANDOM;
48264f06 1647 }
0ed09148 1648
4c659c39 1649 default:
0ed09148
AG		 1650 /* Fallback to BR/EDR type */
1651 return MGMT_ADDR_BREDR;
4c659c39
JH		 1652 }
1653}
1654
04124681
GP		 1655static int get_connections(struct sock *sk, struct hci_dev *hdev, void *data,
1656 u16 data_len)
2784eb41 1657{
2784eb41 1658 struct mgmt_rp_get_connections *rp;
8035ded4 1659 struct hci_conn *c;
a38528f1 1660 size_t rp_len;
60fc5fb6
JH		 1661 int err;
1662 u16 i;
2784eb41
JH		 1663
1664 BT_DBG("");
1665
09fd0de5 1666 hci_dev_lock(hdev);
2784eb41 1667
5f97c1df 1668 if (!hdev_is_powered(hdev)) {
bdb6d971 1669 err = cmd_status(sk, hdev->id, MGMT_OP_GET_CONNECTIONS,
04124681 1670 MGMT_STATUS_NOT_POWERED);
5f97c1df
JH		 1671 goto unlock;
1672 }
1673
60fc5fb6 1674 i = 0;
b644ba33
JH		 1675 list_for_each_entry(c, &hdev->conn_hash.list, list) {
1676 if (test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
60fc5fb6 1677 i++;
2784eb41
JH		 1678 }
1679
60fc5fb6 1680 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
a38528f1
JH		 1681 rp = kmalloc(rp_len, GFP_ATOMIC);
1682 if (!rp) {
2784eb41
JH		 1683 err = -ENOMEM;
1684 goto unlock;
1685 }
1686
2784eb41 1687 i = 0;
4c659c39 1688 list_for_each_entry(c, &hdev->conn_hash.list, list) {
b644ba33
JH		 1689 if (!test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
1690 continue;
4c659c39 1691 bacpy(&rp->addr[i].bdaddr, &c->dst);
48264f06 1692 rp->addr[i].type = link_to_mgmt(c->type, c->dst_type);
0ed09148 1693 if (c->type == SCO_LINK || c->type == ESCO_LINK)
4c659c39
JH		 1694 continue;
1695 i++;
1696 }
1697
eb55ef07 1698 rp->conn_count = cpu_to_le16(i);
60fc5fb6 1699
4c659c39
JH		 1700 /* Recalculate length in case of filtered SCO connections, etc */
1701 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
2784eb41 1702
bdb6d971 1703 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CONNECTIONS, 0, rp,
04124681 1704 rp_len);
2784eb41 1705
a38528f1 1706 kfree(rp);
5f97c1df
JH		 1707
1708unlock:
09fd0de5 1709 hci_dev_unlock(hdev);
2784eb41
JH		 1710 return err;
1711}
1712
bdb6d971 1713static int send_pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 1714 struct mgmt_cp_pin_code_neg_reply *cp)
96d97a67
WR		 1715{
1716 struct pending_cmd *cmd;
1717 int err;
1718
2e58ef3e 1719 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_NEG_REPLY, hdev, cp,
04124681 1720 sizeof(*cp));
96d97a67
WR		 1721 if (!cmd)
1722 return -ENOMEM;
1723
d8457698 1724 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
04124681 1725 sizeof(cp->addr.bdaddr), &cp->addr.bdaddr);
96d97a67
WR		 1726 if (err < 0)
1727 mgmt_pending_remove(cmd);
1728
1729 return err;
1730}
1731
bdb6d971 1732static int pin_code_reply(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1733 u16 len)
980e1a53 1734{
96d97a67 1735 struct hci_conn *conn;
650f726d 1736 struct mgmt_cp_pin_code_reply *cp = data;
980e1a53 1737 struct hci_cp_pin_code_reply reply;
366a0336 1738 struct pending_cmd *cmd;
980e1a53
JH		 1739 int err;
1740
1741 BT_DBG("");
1742
09fd0de5 1743 hci_dev_lock(hdev);
980e1a53 1744
4b34ee78 1745 if (!hdev_is_powered(hdev)) {
bdb6d971 1746 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
04124681 1747 MGMT_STATUS_NOT_POWERED);
980e1a53
JH		 1748 goto failed;
1749 }
1750
d8457698 1751 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->addr.bdaddr);
96d97a67 1752 if (!conn) {
bdb6d971 1753 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
04124681 1754 MGMT_STATUS_NOT_CONNECTED);
96d97a67
WR		 1755 goto failed;
1756 }
1757
1758 if (conn->pending_sec_level == BT_SECURITY_HIGH && cp->pin_len != 16) {
d8457698
JH		 1759 struct mgmt_cp_pin_code_neg_reply ncp;
1760
1761 memcpy(&ncp.addr, &cp->addr, sizeof(ncp.addr));
96d97a67
WR		 1762
1763 BT_ERR("PIN code is not 16 bytes long");
1764
bdb6d971 1765 err = send_pin_code_neg_reply(sk, hdev, &ncp);
96d97a67 1766 if (err >= 0)
bdb6d971 1767 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
04124681 1768 MGMT_STATUS_INVALID_PARAMS);
96d97a67
WR		 1769
1770 goto failed;
1771 }
1772
00abfe44 1773 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_REPLY, hdev, data, len);
366a0336
JH		 1774 if (!cmd) {
1775 err = -ENOMEM;
980e1a53 1776 goto failed;
366a0336 1777 }
980e1a53 1778
d8457698 1779 bacpy(&reply.bdaddr, &cp->addr.bdaddr);
980e1a53 1780 reply.pin_len = cp->pin_len;
24718ca5 1781 memcpy(reply.pin_code, cp->pin_code, sizeof(reply.pin_code));
980e1a53
JH		 1782
1783 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_REPLY, sizeof(reply), &reply);
1784 if (err < 0)
a664b5bc 1785 mgmt_pending_remove(cmd);
980e1a53
JH		 1786
1787failed:
09fd0de5 1788 hci_dev_unlock(hdev);
980e1a53
JH		 1789 return err;
1790}
1791
bdb6d971 1792static int pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 1793 void *data, u16 len)
980e1a53 1794{
650f726d 1795 struct mgmt_cp_pin_code_neg_reply *cp = data;
980e1a53
JH		 1796 int err;
1797
1798 BT_DBG("");
1799
09fd0de5 1800 hci_dev_lock(hdev);
980e1a53 1801
4b34ee78 1802 if (!hdev_is_powered(hdev)) {
bdb6d971 1803 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_NEG_REPLY,
04124681 1804 MGMT_STATUS_NOT_POWERED);
980e1a53
JH		 1805 goto failed;
1806 }
1807
bdb6d971 1808 err = send_pin_code_neg_reply(sk, hdev, cp);
980e1a53
JH		 1809
1810failed:
09fd0de5 1811 hci_dev_unlock(hdev);
980e1a53
JH		 1812 return err;
1813}
1814
04124681
GP		 1815static int set_io_capability(struct sock *sk, struct hci_dev *hdev, void *data,
1816 u16 len)
17fa4b9d 1817{
650f726d 1818 struct mgmt_cp_set_io_capability *cp = data;
17fa4b9d
JH		 1819
1820 BT_DBG("");
1821
09fd0de5 1822 hci_dev_lock(hdev);
17fa4b9d
JH		 1823
1824 hdev->io_capability = cp->io_capability;
1825
1826 BT_DBG("%s IO capability set to 0x%02x", hdev->name,
b8534e0f 1827 hdev->io_capability);
17fa4b9d 1828
09fd0de5 1829 hci_dev_unlock(hdev);
17fa4b9d 1830
04124681
GP		 1831 return cmd_complete(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY, 0, NULL,
1832 0);
17fa4b9d
JH		 1833}
1834
e9a416b5
JH		 1835static inline struct pending_cmd *find_pairing(struct hci_conn *conn)
1836{
1837 struct hci_dev *hdev = conn->hdev;
8035ded4 1838 struct pending_cmd *cmd;
e9a416b5 1839
2e58ef3e 1840 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
e9a416b5
JH		 1841 if (cmd->opcode != MGMT_OP_PAIR_DEVICE)
1842 continue;
1843
e9a416b5
JH		 1844 if (cmd->user_data != conn)
1845 continue;
1846
1847 return cmd;
1848 }
1849
1850 return NULL;
1851}
1852
1853static void pairing_complete(struct pending_cmd *cmd, u8 status)
1854{
1855 struct mgmt_rp_pair_device rp;
1856 struct hci_conn *conn = cmd->user_data;
1857
ba4e564f
JH		 1858 bacpy(&rp.addr.bdaddr, &conn->dst);
1859 rp.addr.type = link_to_mgmt(conn->type, conn->dst_type);
e9a416b5 1860
aee9b218 1861 cmd_complete(cmd->sk, cmd->index, MGMT_OP_PAIR_DEVICE, status,
04124681 1862 &rp, sizeof(rp));
e9a416b5
JH		 1863
1864 /* So we don't get further callbacks for this connection */
1865 conn->connect_cfm_cb = NULL;
1866 conn->security_cfm_cb = NULL;
1867 conn->disconn_cfm_cb = NULL;
1868
1869 hci_conn_put(conn);
1870
a664b5bc 1871 mgmt_pending_remove(cmd);
e9a416b5
JH		 1872}
1873
1874static void pairing_complete_cb(struct hci_conn *conn, u8 status)
1875{
1876 struct pending_cmd *cmd;
1877
1878 BT_DBG("status %u", status);
1879
1880 cmd = find_pairing(conn);
56e5cb86 1881 if (!cmd)
e9a416b5 1882 BT_DBG("Unable to find a pending command");
56e5cb86 1883 else
e211326c 1884 pairing_complete(cmd, mgmt_status(status));
e9a416b5
JH		 1885}
1886
bdb6d971 1887static int pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1888 u16 len)
e9a416b5 1889{
650f726d 1890 struct mgmt_cp_pair_device *cp = data;
1425acb7 1891 struct mgmt_rp_pair_device rp;
e9a416b5
JH		 1892 struct pending_cmd *cmd;
1893 u8 sec_level, auth_type;
1894 struct hci_conn *conn;
e9a416b5
JH		 1895 int err;
1896
1897 BT_DBG("");
1898
09fd0de5 1899 hci_dev_lock(hdev);
e9a416b5 1900
5f97c1df 1901 if (!hdev_is_powered(hdev)) {
bdb6d971 1902 err = cmd_status(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
04124681 1903 MGMT_STATUS_NOT_POWERED);
5f97c1df
JH		 1904 goto unlock;
1905 }
1906
c908df36
VCG		 1907 sec_level = BT_SECURITY_MEDIUM;
1908 if (cp->io_cap == 0x03)
e9a416b5 1909 auth_type = HCI_AT_DEDICATED_BONDING;
c908df36 1910 else
e9a416b5 1911 auth_type = HCI_AT_DEDICATED_BONDING_MITM;
e9a416b5 1912
ba4e564f
JH		 1913 if (cp->addr.type == MGMT_ADDR_BREDR)
1914 conn = hci_connect(hdev, ACL_LINK, &cp->addr.bdaddr, sec_level,
04124681 1915 auth_type);
7a512d01 1916 else
ba4e564f 1917 conn = hci_connect(hdev, LE_LINK, &cp->addr.bdaddr, sec_level,
04124681 1918 auth_type);
7a512d01 1919
1425acb7
JH		 1920 memset(&rp, 0, sizeof(rp));
1921 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
1922 rp.addr.type = cp->addr.type;
1923
30e76272 1924 if (IS_ERR(conn)) {
bdb6d971 1925 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
04124681
GP		 1926 MGMT_STATUS_CONNECT_FAILED, &rp,
1927 sizeof(rp));
e9a416b5
JH		 1928 goto unlock;
1929 }
1930
1931 if (conn->connect_cfm_cb) {
1932 hci_conn_put(conn);
bdb6d971 1933 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
04124681 1934 MGMT_STATUS_BUSY, &rp, sizeof(rp));
e9a416b5
JH		 1935 goto unlock;
1936 }
1937
2e58ef3e 1938 cmd = mgmt_pending_add(sk, MGMT_OP_PAIR_DEVICE, hdev, data, len);
e9a416b5
JH		 1939 if (!cmd) {
1940 err = -ENOMEM;
1941 hci_conn_put(conn);
1942 goto unlock;
1943 }
1944
7a512d01 1945 /* For LE, just connecting isn't a proof that the pairing finished */
ba4e564f 1946 if (cp->addr.type == MGMT_ADDR_BREDR)
7a512d01
VCG		 1947 conn->connect_cfm_cb = pairing_complete_cb;
1948
e9a416b5
JH		 1949 conn->security_cfm_cb = pairing_complete_cb;
1950 conn->disconn_cfm_cb = pairing_complete_cb;
1951 conn->io_capability = cp->io_cap;
1952 cmd->user_data = conn;
1953
1954 if (conn->state == BT_CONNECTED &&
1955 hci_conn_security(conn, sec_level, auth_type))
1956 pairing_complete(cmd, 0);
1957
1958 err = 0;
1959
1960unlock:
09fd0de5 1961 hci_dev_unlock(hdev);
e9a416b5
JH		 1962 return err;
1963}
1964
04124681
GP		 1965static int cancel_pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
1966 u16 len)
28424707 1967{
0f4e68cf 1968 struct mgmt_addr_info *addr = data;
28424707
JH		 1969 struct pending_cmd *cmd;
1970 struct hci_conn *conn;
1971 int err;
1972
1973 BT_DBG("");
1974
28424707
JH		 1975 hci_dev_lock(hdev);
1976
5f97c1df 1977 if (!hdev_is_powered(hdev)) {
bdb6d971 1978 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
04124681 1979 MGMT_STATUS_NOT_POWERED);
5f97c1df
JH		 1980 goto unlock;
1981 }
1982
28424707
JH		 1983 cmd = mgmt_pending_find(MGMT_OP_PAIR_DEVICE, hdev);
1984 if (!cmd) {
bdb6d971 1985 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
04124681 1986 MGMT_STATUS_INVALID_PARAMS);
28424707
JH		 1987 goto unlock;
1988 }
1989
1990 conn = cmd->user_data;
1991
1992 if (bacmp(&addr->bdaddr, &conn->dst) != 0) {
bdb6d971 1993 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
04124681 1994 MGMT_STATUS_INVALID_PARAMS);
28424707
JH		 1995 goto unlock;
1996 }
1997
1998 pairing_complete(cmd, MGMT_STATUS_CANCELLED);
1999
bdb6d971 2000 err = cmd_complete(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE, 0,
04124681 2001 addr, sizeof(*addr));
28424707
JH		 2002unlock:
2003 hci_dev_unlock(hdev);
28424707
JH		 2004 return err;
2005}
2006
bdb6d971 2007static int user_pairing_resp(struct sock *sk, struct hci_dev *hdev,
04124681
GP		 2008 bdaddr_t *bdaddr, u8 type, u16 mgmt_op,
2009 u16 hci_op, __le32 passkey)
a5c29683 2010{
a5c29683 2011 struct pending_cmd *cmd;
0df4c185 2012 struct hci_conn *conn;
a5c29683
JH		 2013 int err;
2014
09fd0de5 2015 hci_dev_lock(hdev);
08ba5382 2016
4b34ee78 2017 if (!hdev_is_powered(hdev)) {
bdb6d971 2018 err = cmd_status(sk, hdev->id, mgmt_op,
04124681 2019 MGMT_STATUS_NOT_POWERED);
0df4c185 2020 goto done;
a5c29683
JH		 2021 }
2022
272d90df
JH		 2023 if (type == MGMT_ADDR_BREDR)
2024 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, bdaddr);
2025 else
47c15e2b 2026 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, bdaddr);
272d90df
JH		 2027
2028 if (!conn) {
bdb6d971 2029 err = cmd_status(sk, hdev->id, mgmt_op,
04124681 2030 MGMT_STATUS_NOT_CONNECTED);
272d90df
JH		 2031 goto done;
2032 }
47c15e2b 2033
272d90df 2034 if (type == MGMT_ADDR_LE_PUBLIC || type == MGMT_ADDR_LE_RANDOM) {
47c15e2b 2035 /* Continue with pairing via SMP */
5fe57d9e
BG		 2036 err = smp_user_confirm_reply(conn, mgmt_op, passkey);
2037
2038 if (!err)
bdb6d971 2039 err = cmd_status(sk, hdev->id, mgmt_op,
04124681 2040 MGMT_STATUS_SUCCESS);
5fe57d9e 2041 else
bdb6d971 2042 err = cmd_status(sk, hdev->id, mgmt_op,
04124681 2043 MGMT_STATUS_FAILED);
47c15e2b 2044
47c15e2b
BG		 2045 goto done;
2046 }
2047
0df4c185 2048 cmd = mgmt_pending_add(sk, mgmt_op, hdev, bdaddr, sizeof(*bdaddr));
a5c29683
JH		 2049 if (!cmd) {
2050 err = -ENOMEM;
0df4c185 2051 goto done;
a5c29683
JH		 2052 }
2053
0df4c185 2054 /* Continue with pairing via HCI */
604086b7
BG		 2055 if (hci_op == HCI_OP_USER_PASSKEY_REPLY) {
2056 struct hci_cp_user_passkey_reply cp;
2057
2058 bacpy(&cp.bdaddr, bdaddr);
2059 cp.passkey = passkey;
2060 err = hci_send_cmd(hdev, hci_op, sizeof(cp), &cp);
2061 } else
2062 err = hci_send_cmd(hdev, hci_op, sizeof(*bdaddr), bdaddr);
2063
a664b5bc
JH		 2064 if (err < 0)
2065 mgmt_pending_remove(cmd);
a5c29683 2066
0df4c185 2067done:
09fd0de5 2068 hci_dev_unlock(hdev);
a5c29683
JH		 2069 return err;
2070}
2071
04124681
GP		 2072static int user_confirm_reply(struct sock *sk, struct hci_dev *hdev, void *data,
2073 u16 len)
0df4c185 2074{
650f726d 2075 struct mgmt_cp_user_confirm_reply *cp = data;
0df4c185
BG		 2076
2077 BT_DBG("");
2078
2079 if (len != sizeof(*cp))
bdb6d971 2080 return cmd_status(sk, hdev->id, MGMT_OP_USER_CONFIRM_REPLY,
04124681 2081 MGMT_STATUS_INVALID_PARAMS);
0df4c185 2082
bdb6d971 2083 return user_pairing_resp(sk, hdev, &cp->addr.bdaddr, cp->addr.type,
04124681
GP		 2084 MGMT_OP_USER_CONFIRM_REPLY,
2085 HCI_OP_USER_CONFIRM_REPLY, 0);
0df4c185
BG		 2086}
2087
bdb6d971 2088static int user_confirm_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 2089 void *data, u16 len)
0df4c185 2090{
c9c2659f 2091 struct mgmt_cp_user_confirm_neg_reply *cp = data;
0df4c185
BG		 2092
2093 BT_DBG("");
2094
bdb6d971 2095 return user_pairing_resp(sk, hdev, &cp->addr.bdaddr, cp->addr.type,
04124681
GP		 2096 MGMT_OP_USER_CONFIRM_NEG_REPLY,
2097 HCI_OP_USER_CONFIRM_NEG_REPLY, 0);
0df4c185
BG		 2098}
2099
04124681
GP		 2100static int user_passkey_reply(struct sock *sk, struct hci_dev *hdev, void *data,
2101 u16 len)
604086b7 2102{
650f726d 2103 struct mgmt_cp_user_passkey_reply *cp = data;
604086b7
BG		 2104
2105 BT_DBG("");
2106
bdb6d971 2107 return user_pairing_resp(sk, hdev, &cp->addr.bdaddr, cp->addr.type,
04124681
GP		 2108 MGMT_OP_USER_PASSKEY_REPLY,
2109 HCI_OP_USER_PASSKEY_REPLY, cp->passkey);
604086b7
BG		 2110}
2111
bdb6d971 2112static int user_passkey_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 2113 void *data, u16 len)
604086b7 2114{
650f726d 2115 struct mgmt_cp_user_passkey_neg_reply *cp = data;
604086b7
BG		 2116
2117 BT_DBG("");
2118
bdb6d971 2119 return user_pairing_resp(sk, hdev, &cp->addr.bdaddr, cp->addr.type,
04124681
GP		 2120 MGMT_OP_USER_PASSKEY_NEG_REPLY,
2121 HCI_OP_USER_PASSKEY_NEG_REPLY, 0);
604086b7
BG		 2122}
2123
2b4bf397
JH		 2124static int update_name(struct hci_dev *hdev, const char *name)
2125{
2126 struct hci_cp_write_local_name cp;
2127
2128 memcpy(cp.name, name, sizeof(cp.name));
2129
2130 return hci_send_cmd(hdev, HCI_OP_WRITE_LOCAL_NAME, sizeof(cp), &cp);
2131}
2132
bdb6d971 2133static int set_local_name(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2134 u16 len)
b312b161 2135{
2b4bf397 2136 struct mgmt_cp_set_local_name *cp = data;
b312b161
JH		 2137 struct pending_cmd *cmd;
2138 int err;
2139
2140 BT_DBG("");
2141
09fd0de5 2142 hci_dev_lock(hdev);
b312b161 2143
2b4bf397 2144 memcpy(hdev->short_name, cp->short_name, sizeof(hdev->short_name));
28cc7bde 2145
b5235a65 2146 if (!hdev_is_powered(hdev)) {
2b4bf397 2147 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
28cc7bde
JH		 2148
2149 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
04124681 2150 data, len);
28cc7bde
JH		 2151 if (err < 0)
2152 goto failed;
2153
2154 err = mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, data, len,
04124681 2155 sk);
28cc7bde 2156
b5235a65
JH		 2157 goto failed;
2158 }
2159
28cc7bde 2160 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LOCAL_NAME, hdev, data, len);
b312b161
JH		 2161 if (!cmd) {
2162 err = -ENOMEM;
2163 goto failed;
2164 }
2165
2b4bf397 2166 err = update_name(hdev, cp->name);
b312b161
JH		 2167 if (err < 0)
2168 mgmt_pending_remove(cmd);
2169
2170failed:
09fd0de5 2171 hci_dev_unlock(hdev);
b312b161
JH		 2172 return err;
2173}
2174
0f4e68cf 2175static int read_local_oob_data(struct sock *sk, struct hci_dev *hdev,
04124681 2176 void *data, u16 data_len)
c35938b2 2177{
c35938b2
SJ		 2178 struct pending_cmd *cmd;
2179 int err;
2180
bdb6d971 2181 BT_DBG("%s", hdev->name);
c35938b2 2182
09fd0de5 2183 hci_dev_lock(hdev);
c35938b2 2184
4b34ee78 2185 if (!hdev_is_powered(hdev)) {
bdb6d971 2186 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
04124681 2187 MGMT_STATUS_NOT_POWERED);
c35938b2
SJ		 2188 goto unlock;
2189 }
2190
2191 if (!(hdev->features[6] & LMP_SIMPLE_PAIR)) {
bdb6d971 2192 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
04124681 2193 MGMT_STATUS_NOT_SUPPORTED);
c35938b2
SJ		 2194 goto unlock;
2195 }
2196
2e58ef3e 2197 if (mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev)) {
bdb6d971 2198 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
04124681 2199 MGMT_STATUS_BUSY);
c35938b2
SJ		 2200 goto unlock;
2201 }
2202
2e58ef3e 2203 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_DATA, hdev, NULL, 0);
c35938b2
SJ		 2204 if (!cmd) {
2205 err = -ENOMEM;
2206 goto unlock;
2207 }
2208
2209 err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL);
2210 if (err < 0)
2211 mgmt_pending_remove(cmd);
2212
2213unlock:
09fd0de5 2214 hci_dev_unlock(hdev);
c35938b2
SJ		 2215 return err;
2216}
2217
bdb6d971 2218static int add_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
04124681 2219 void *data, u16 len)
2763eda6 2220{
650f726d 2221 struct mgmt_cp_add_remote_oob_data *cp = data;
bf1e3541 2222 u8 status;
2763eda6
SJ		 2223 int err;
2224
bdb6d971 2225 BT_DBG("%s ", hdev->name);
2763eda6 2226
09fd0de5 2227 hci_dev_lock(hdev);
2763eda6 2228
5f97c1df 2229 if (!hdev_is_powered(hdev)) {
bdb6d971 2230 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA,
04124681
GP		 2231 MGMT_STATUS_NOT_POWERED, &cp->addr,
2232 sizeof(cp->addr));
5f97c1df
JH		 2233 goto unlock;
2234 }
2235
664ce4cc 2236 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr, cp->hash,
04124681 2237 cp->randomizer);
2763eda6 2238 if (err < 0)
bf1e3541 2239 status = MGMT_STATUS_FAILED;
2763eda6 2240 else
bf1e3541
JH		 2241 status = 0;
2242
bdb6d971 2243 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA, status,
04124681 2244 &cp->addr, sizeof(cp->addr));
2763eda6 2245
5f97c1df 2246unlock:
09fd0de5 2247 hci_dev_unlock(hdev);
2763eda6
SJ		 2248 return err;
2249}
2250
bdb6d971 2251static int remove_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
650f726d 2252 void *data, u16 len)
2763eda6 2253{
650f726d 2254 struct mgmt_cp_remove_remote_oob_data *cp = data;
bf1e3541 2255 u8 status;
2763eda6
SJ		 2256 int err;
2257
bdb6d971 2258 BT_DBG("%s", hdev->name);
2763eda6 2259
09fd0de5 2260 hci_dev_lock(hdev);
2763eda6 2261
5f97c1df 2262 if (!hdev_is_powered(hdev)) {
bdb6d971 2263 err = cmd_complete(sk, hdev->id,
04124681
GP		 2264 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
2265 MGMT_STATUS_NOT_POWERED, &cp->addr,
2266 sizeof(cp->addr));
5f97c1df
JH		 2267 goto unlock;
2268 }
2269
664ce4cc 2270 err = hci_remove_remote_oob_data(hdev, &cp->addr.bdaddr);
2763eda6 2271 if (err < 0)
bf1e3541 2272 status = MGMT_STATUS_INVALID_PARAMS;
2763eda6 2273 else
bf1e3541
JH		 2274 status = 0;
2275
bdb6d971 2276 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
04124681 2277 status, &cp->addr, sizeof(cp->addr));
2763eda6 2278
5f97c1df 2279unlock:
09fd0de5 2280 hci_dev_unlock(hdev);
2763eda6
SJ		 2281 return err;
2282}
2283
5e0452c0
AG		 2284int mgmt_interleaved_discovery(struct hci_dev *hdev)
2285{
2286 int err;
2287
2288 BT_DBG("%s", hdev->name);
2289
2290 hci_dev_lock(hdev);
2291
2292 err = hci_do_inquiry(hdev, INQUIRY_LEN_BREDR_LE);
2293 if (err < 0)
2294 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
2295
2296 hci_dev_unlock(hdev);
2297
2298 return err;
2299}
2300
bdb6d971 2301static int start_discovery(struct sock *sk, struct hci_dev *hdev,
04124681 2302 void *data, u16 len)
14a53664 2303{
650f726d 2304 struct mgmt_cp_start_discovery *cp = data;
14a53664 2305 struct pending_cmd *cmd;
14a53664
JH		 2306 int err;
2307
bdb6d971 2308 BT_DBG("%s", hdev->name);
14a53664 2309
09fd0de5 2310 hci_dev_lock(hdev);
14a53664 2311
4b34ee78 2312 if (!hdev_is_powered(hdev)) {
bdb6d971 2313 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
04124681 2314 MGMT_STATUS_NOT_POWERED);
bd2d1334
JH		 2315 goto failed;
2316 }
2317
642be6c7
AG		 2318 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags)) {
2319 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2320 MGMT_STATUS_BUSY);
2321 goto failed;
2322 }
2323
ff9ef578 2324 if (hdev->discovery.state != DISCOVERY_STOPPED) {
bdb6d971 2325 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
04124681 2326 MGMT_STATUS_BUSY);
ff9ef578
JH		 2327 goto failed;
2328 }
2329
2e58ef3e 2330 cmd = mgmt_pending_add(sk, MGMT_OP_START_DISCOVERY, hdev, NULL, 0);
14a53664
JH		 2331 if (!cmd) {
2332 err = -ENOMEM;
2333 goto failed;
2334 }
2335
4aab14e5
AG		 2336 hdev->discovery.type = cp->type;
2337
2338 switch (hdev->discovery.type) {
f39799f5 2339 case DISCOV_TYPE_BREDR:
8b90129c
AG		 2340 if (lmp_bredr_capable(hdev))
2341 err = hci_do_inquiry(hdev, INQUIRY_LEN_BREDR);
2342 else
2343 err = -ENOTSUPP;
f39799f5
AG		 2344 break;
2345
2346 case DISCOV_TYPE_LE:
8b90129c
AG		 2347 if (lmp_host_le_capable(hdev))
2348 err = hci_le_scan(hdev, LE_SCAN_TYPE, LE_SCAN_INT,
04124681 2349 LE_SCAN_WIN, LE_SCAN_TIMEOUT_LE_ONLY);
8b90129c
AG		 2350 else
2351 err = -ENOTSUPP;
f39799f5
AG		 2352 break;
2353
5e0452c0 2354 case DISCOV_TYPE_INTERLEAVED:
426c189a
AG		 2355 if (lmp_host_le_capable(hdev) && lmp_bredr_capable(hdev))
2356 err = hci_le_scan(hdev, LE_SCAN_TYPE, LE_SCAN_INT,
04124681
GP		 2357 LE_SCAN_WIN,
2358 LE_SCAN_TIMEOUT_BREDR_LE);
426c189a
AG		 2359 else
2360 err = -ENOTSUPP;
5e0452c0
AG		 2361 break;
2362
f39799f5 2363 default:
3fd24153 2364 err = -EINVAL;
f39799f5 2365 }
3fd24153 2366
14a53664
JH		 2367 if (err < 0)
2368 mgmt_pending_remove(cmd);
ff9ef578
JH		 2369 else
2370 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
14a53664
JH		 2371
2372failed:
09fd0de5 2373 hci_dev_unlock(hdev);
14a53664
JH		 2374 return err;
2375}
2376
bdb6d971 2377static int stop_discovery(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2378 u16 len)
14a53664 2379{
d930650b 2380 struct mgmt_cp_stop_discovery *mgmt_cp = data;
14a53664 2381 struct pending_cmd *cmd;
30dc78e1
JH		 2382 struct hci_cp_remote_name_req_cancel cp;
2383 struct inquiry_entry *e;
14a53664
JH		 2384 int err;
2385
bdb6d971 2386 BT_DBG("%s", hdev->name);
14a53664 2387
09fd0de5 2388 hci_dev_lock(hdev);
14a53664 2389
30dc78e1 2390 if (!hci_discovery_active(hdev)) {
bdb6d971 2391 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
04124681
GP		 2392 MGMT_STATUS_REJECTED, &mgmt_cp->type,
2393 sizeof(mgmt_cp->type));
d930650b
JH		 2394 goto unlock;
2395 }
2396
2397 if (hdev->discovery.type != mgmt_cp->type) {
bdb6d971 2398 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
04124681
GP		 2399 MGMT_STATUS_INVALID_PARAMS, &mgmt_cp->type,
2400 sizeof(mgmt_cp->type));
30dc78e1 2401 goto unlock;
ff9ef578
JH		 2402 }
2403
2e58ef3e 2404 cmd = mgmt_pending_add(sk, MGMT_OP_STOP_DISCOVERY, hdev, NULL, 0);
14a53664
JH		 2405 if (!cmd) {
2406 err = -ENOMEM;
30dc78e1
JH		 2407 goto unlock;
2408 }
2409
e0d9727e
AG		 2410 switch (hdev->discovery.state) {
2411 case DISCOVERY_FINDING:
c9ecc48e
AG		 2412 if (test_bit(HCI_INQUIRY, &hdev->flags))
2413 err = hci_cancel_inquiry(hdev);
2414 else
2415 err = hci_cancel_le_scan(hdev);
2416
e0d9727e
AG		 2417 break;
2418
2419 case DISCOVERY_RESOLVING:
2420 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY,
2421 NAME_PENDING);
2422 if (!e) {
30dc78e1 2423 mgmt_pending_remove(cmd);
e0d9727e
AG		 2424 err = cmd_complete(sk, hdev->id,
2425 MGMT_OP_STOP_DISCOVERY, 0,
2426 &mgmt_cp->type,
2427 sizeof(mgmt_cp->type));
2428 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
2429 goto unlock;
2430 }
30dc78e1 2431
e0d9727e
AG		 2432 bacpy(&cp.bdaddr, &e->data.bdaddr);
2433 err = hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ_CANCEL,
2434 sizeof(cp), &cp);
2435
2436 break;
2437
2438 default:
2439 BT_DBG("unknown discovery state %u", hdev->discovery.state);
2440 err = -EFAULT;
14a53664
JH		 2441 }
2442
14a53664
JH		 2443 if (err < 0)
2444 mgmt_pending_remove(cmd);
ff9ef578
JH		 2445 else
2446 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
14a53664 2447
30dc78e1 2448unlock:
09fd0de5 2449 hci_dev_unlock(hdev);
14a53664
JH		 2450 return err;
2451}
2452
bdb6d971 2453static int confirm_name(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2454 u16 len)
561aafbc 2455{
650f726d 2456 struct mgmt_cp_confirm_name *cp = data;
561aafbc 2457 struct inquiry_entry *e;
561aafbc
JH		 2458 int err;
2459
bdb6d971 2460 BT_DBG("%s", hdev->name);
561aafbc 2461
561aafbc
JH		 2462 hci_dev_lock(hdev);
2463
30dc78e1 2464 if (!hci_discovery_active(hdev)) {
bdb6d971 2465 err = cmd_status(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
04124681 2466 MGMT_STATUS_FAILED);
30dc78e1
JH		 2467 goto failed;
2468 }
2469
a198e7b1 2470 e = hci_inquiry_cache_lookup_unknown(hdev, &cp->addr.bdaddr);
561aafbc 2471 if (!e) {
bdb6d971 2472 err = cmd_status(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
04124681 2473 MGMT_STATUS_INVALID_PARAMS);
561aafbc
JH		 2474 goto failed;
2475 }
2476
2477 if (cp->name_known) {
2478 e->name_state = NAME_KNOWN;
2479 list_del(&e->list);
2480 } else {
2481 e->name_state = NAME_NEEDED;
a3d4e20a 2482 hci_inquiry_cache_update_resolve(hdev, e);
561aafbc
JH		 2483 }
2484
2485 err = 0;
2486
2487failed:
2488 hci_dev_unlock(hdev);
561aafbc
JH		 2489 return err;
2490}
2491
bdb6d971 2492static int block_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2493 u16 len)
7fbec224 2494{
650f726d 2495 struct mgmt_cp_block_device *cp = data;
f0eeea8b 2496 u8 status;
7fbec224
AJ		 2497 int err;
2498
bdb6d971 2499 BT_DBG("%s", hdev->name);
7fbec224 2500
09fd0de5 2501 hci_dev_lock(hdev);
5e762444 2502
88c1fe4b 2503 err = hci_blacklist_add(hdev, &cp->addr.bdaddr, cp->addr.type);
7fbec224 2504 if (err < 0)
f0eeea8b 2505 status = MGMT_STATUS_FAILED;
7fbec224 2506 else
f0eeea8b
JH		 2507 status = 0;
2508
bdb6d971 2509 err = cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE, status,
04124681 2510 &cp->addr, sizeof(cp->addr));
5e762444 2511
09fd0de5 2512 hci_dev_unlock(hdev);
7fbec224
AJ		 2513
2514 return err;
2515}
2516
bdb6d971 2517static int unblock_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2518 u16 len)
7fbec224 2519{
650f726d 2520 struct mgmt_cp_unblock_device *cp = data;
f0eeea8b 2521 u8 status;
7fbec224
AJ		 2522 int err;
2523
bdb6d971 2524 BT_DBG("%s", hdev->name);
7fbec224 2525
09fd0de5 2526 hci_dev_lock(hdev);
5e762444 2527
88c1fe4b 2528 err = hci_blacklist_del(hdev, &cp->addr.bdaddr, cp->addr.type);
7fbec224 2529 if (err < 0)
f0eeea8b 2530 status = MGMT_STATUS_INVALID_PARAMS;
7fbec224 2531 else
f0eeea8b
JH		 2532 status = 0;
2533
bdb6d971 2534 err = cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE, status,
04124681 2535 &cp->addr, sizeof(cp->addr));
5e762444 2536
09fd0de5 2537 hci_dev_unlock(hdev);
7fbec224
AJ		 2538
2539 return err;
2540}
2541
cdbaccca
MH		 2542static int set_device_id(struct sock *sk, struct hci_dev *hdev, void *data,
2543 u16 len)
2544{
2545 struct mgmt_cp_set_device_id *cp = data;
2546 int err;
c72d4b8a 2547 __u16 source;
cdbaccca
MH		 2548
2549 BT_DBG("%s", hdev->name);
2550
c72d4b8a
SJ		 2551 source = __le16_to_cpu(cp->source);
2552
2553 if (source > 0x0002)
2554 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEVICE_ID,
2555 MGMT_STATUS_INVALID_PARAMS);
2556
cdbaccca
MH		 2557 hci_dev_lock(hdev);
2558
c72d4b8a 2559 hdev->devid_source = source;
cdbaccca
MH		 2560 hdev->devid_vendor = __le16_to_cpu(cp->vendor);
2561 hdev->devid_product = __le16_to_cpu(cp->product);
2562 hdev->devid_version = __le16_to_cpu(cp->version);
2563
2564 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEVICE_ID, 0, NULL, 0);
2565
2566 update_eir(hdev);
2567
2568 hci_dev_unlock(hdev);
2569
2570 return err;
2571}
2572
bdb6d971 2573static int set_fast_connectable(struct sock *sk, struct hci_dev *hdev,
04124681 2574 void *data, u16 len)
f6422ec6 2575{
650f726d 2576 struct mgmt_mode *cp = data;
f6422ec6
AJ		 2577 struct hci_cp_write_page_scan_activity acp;
2578 u8 type;
2579 int err;
2580
bdb6d971 2581 BT_DBG("%s", hdev->name);
f6422ec6 2582
5400c044 2583 if (!hdev_is_powered(hdev))
bdb6d971 2584 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
04124681 2585 MGMT_STATUS_NOT_POWERED);
5400c044
JH		 2586
2587 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
bdb6d971 2588 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
04124681 2589 MGMT_STATUS_REJECTED);
f6422ec6
AJ		 2590
2591 hci_dev_lock(hdev);
2592
f7c6869c 2593 if (cp->val) {
f6422ec6 2594 type = PAGE_SCAN_TYPE_INTERLACED;
76ec9de8
AE		 2595
2596 /* 22.5 msec page scan interval */
2597 acp.interval = __constant_cpu_to_le16(0x0024);
f6422ec6
AJ		 2598 } else {
2599 type = PAGE_SCAN_TYPE_STANDARD; /* default */
76ec9de8
AE		 2600
2601 /* default 1.28 sec page scan */
2602 acp.interval = __constant_cpu_to_le16(0x0800);
f6422ec6
AJ		 2603 }
2604
76ec9de8
AE		 2605 /* default 11.25 msec page scan window */
2606 acp.window = __constant_cpu_to_le16(0x0012);
f6422ec6 2607
04124681
GP		 2608 err = hci_send_cmd(hdev, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY, sizeof(acp),
2609 &acp);
f6422ec6 2610 if (err < 0) {
bdb6d971 2611 err = cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
04124681 2612 MGMT_STATUS_FAILED);
f6422ec6
AJ		 2613 goto done;
2614 }
2615
2616 err = hci_send_cmd(hdev, HCI_OP_WRITE_PAGE_SCAN_TYPE, 1, &type);
2617 if (err < 0) {
bdb6d971 2618 err = cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
04124681 2619 MGMT_STATUS_FAILED);
f6422ec6
AJ		 2620 goto done;
2621 }
2622
bdb6d971 2623 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE, 0,
04124681 2624 NULL, 0);
f6422ec6
AJ		 2625done:
2626 hci_dev_unlock(hdev);
f6422ec6
AJ		 2627 return err;
2628}
2629
bdb6d971 2630static int load_long_term_keys(struct sock *sk, struct hci_dev *hdev,
04124681 2631 void *cp_data, u16 len)
346af67b 2632{
346af67b
VCG		 2633 struct mgmt_cp_load_long_term_keys *cp = cp_data;
2634 u16 key_count, expected_len;
2635 int i;
2636
1f350c87 2637 key_count = __le16_to_cpu(cp->key_count);
346af67b
VCG		 2638
2639 expected_len = sizeof(*cp) + key_count *
2640 sizeof(struct mgmt_ltk_info);
2641 if (expected_len != len) {
2642 BT_ERR("load_keys: expected %u bytes, got %u bytes",
2643 len, expected_len);
bdb6d971 2644 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
04124681 2645 EINVAL);
346af67b
VCG		 2646 }
2647
bdb6d971 2648 BT_DBG("%s key_count %u", hdev->name, key_count);
346af67b
VCG		 2649
2650 hci_dev_lock(hdev);
2651
2652 hci_smp_ltks_clear(hdev);
2653
2654 for (i = 0; i < key_count; i++) {
2655 struct mgmt_ltk_info *key = &cp->keys[i];
2656 u8 type;
2657
2658 if (key->master)
2659 type = HCI_SMP_LTK;
2660 else
2661 type = HCI_SMP_LTK_SLAVE;
2662
2663 hci_add_ltk(hdev, &key->addr.bdaddr, key->addr.type,
04124681
GP		 2664 type, 0, key->authenticated, key->val,
2665 key->enc_size, key->ediv, key->rand);
346af67b
VCG		 2666 }
2667
2668 hci_dev_unlock(hdev);
346af67b
VCG		 2669
2670 return 0;
2671}
2672
2e3c35ea 2673static const struct mgmt_handler {
04124681
GP		 2674 int (*func) (struct sock *sk, struct hci_dev *hdev, void *data,
2675 u16 data_len);
be22b54e
JH		 2676 bool var_len;
2677 size_t data_len;
0f4e68cf
JH		 2678} mgmt_handlers[] = {
2679 { NULL }, /* 0x0000 (no command) */
be22b54e
JH		 2680 { read_version, false, MGMT_READ_VERSION_SIZE },
2681 { read_commands, false, MGMT_READ_COMMANDS_SIZE },
2682 { read_index_list, false, MGMT_READ_INDEX_LIST_SIZE },
2683 { read_controller_info, false, MGMT_READ_INFO_SIZE },
2684 { set_powered, false, MGMT_SETTING_SIZE },
2685 { set_discoverable, false, MGMT_SET_DISCOVERABLE_SIZE },
2686 { set_connectable, false, MGMT_SETTING_SIZE },
2687 { set_fast_connectable, false, MGMT_SETTING_SIZE },
2688 { set_pairable, false, MGMT_SETTING_SIZE },
2689 { set_link_security, false, MGMT_SETTING_SIZE },
2690 { set_ssp, false, MGMT_SETTING_SIZE },
2691 { set_hs, false, MGMT_SETTING_SIZE },
2692 { set_le, false, MGMT_SETTING_SIZE },
2693 { set_dev_class, false, MGMT_SET_DEV_CLASS_SIZE },
2694 { set_local_name, false, MGMT_SET_LOCAL_NAME_SIZE },
2695 { add_uuid, false, MGMT_ADD_UUID_SIZE },
2696 { remove_uuid, false, MGMT_REMOVE_UUID_SIZE },
2697 { load_link_keys, true, MGMT_LOAD_LINK_KEYS_SIZE },
2698 { load_long_term_keys, true, MGMT_LOAD_LONG_TERM_KEYS_SIZE },
2699 { disconnect, false, MGMT_DISCONNECT_SIZE },
2700 { get_connections, false, MGMT_GET_CONNECTIONS_SIZE },
2701 { pin_code_reply, false, MGMT_PIN_CODE_REPLY_SIZE },
2702 { pin_code_neg_reply, false, MGMT_PIN_CODE_NEG_REPLY_SIZE },
2703 { set_io_capability, false, MGMT_SET_IO_CAPABILITY_SIZE },
2704 { pair_device, false, MGMT_PAIR_DEVICE_SIZE },
2705 { cancel_pair_device, false, MGMT_CANCEL_PAIR_DEVICE_SIZE },
2706 { unpair_device, false, MGMT_UNPAIR_DEVICE_SIZE },
2707 { user_confirm_reply, false, MGMT_USER_CONFIRM_REPLY_SIZE },
2708 { user_confirm_neg_reply, false, MGMT_USER_CONFIRM_NEG_REPLY_SIZE },
2709 { user_passkey_reply, false, MGMT_USER_PASSKEY_REPLY_SIZE },
2710 { user_passkey_neg_reply, false, MGMT_USER_PASSKEY_NEG_REPLY_SIZE },
2711 { read_local_oob_data, false, MGMT_READ_LOCAL_OOB_DATA_SIZE },
2712 { add_remote_oob_data, false, MGMT_ADD_REMOTE_OOB_DATA_SIZE },
2713 { remove_remote_oob_data, false, MGMT_REMOVE_REMOTE_OOB_DATA_SIZE },
2714 { start_discovery, false, MGMT_START_DISCOVERY_SIZE },
2715 { stop_discovery, false, MGMT_STOP_DISCOVERY_SIZE },
2716 { confirm_name, false, MGMT_CONFIRM_NAME_SIZE },
2717 { block_device, false, MGMT_BLOCK_DEVICE_SIZE },
2718 { unblock_device, false, MGMT_UNBLOCK_DEVICE_SIZE },
cdbaccca 2719 { set_device_id, false, MGMT_SET_DEVICE_ID_SIZE },
0f4e68cf
JH		 2720};
2721
2722
0381101f
JH		 2723int mgmt_control(struct sock *sk, struct msghdr *msg, size_t msglen)
2724{
650f726d
VCG		 2725 void *buf;
2726 u8 *cp;
0381101f 2727 struct mgmt_hdr *hdr;
4e51eae9 2728 u16 opcode, index, len;
bdb6d971 2729 struct hci_dev *hdev = NULL;
2e3c35ea 2730 const struct mgmt_handler *handler;
0381101f
JH		 2731 int err;
2732
2733 BT_DBG("got %zu bytes", msglen);
2734
2735 if (msglen < sizeof(*hdr))
2736 return -EINVAL;
2737
e63a15ec 2738 buf = kmalloc(msglen, GFP_KERNEL);
0381101f
JH		 2739 if (!buf)
2740 return -ENOMEM;
2741
2742 if (memcpy_fromiovec(buf, msg->msg_iov, msglen)) {
2743 err = -EFAULT;
2744 goto done;
2745 }
2746
650f726d 2747 hdr = buf;
1f350c87
MH		 2748 opcode = __le16_to_cpu(hdr->opcode);
2749 index = __le16_to_cpu(hdr->index);
2750 len = __le16_to_cpu(hdr->len);
0381101f
JH		 2751
2752 if (len != msglen - sizeof(*hdr)) {
2753 err = -EINVAL;
2754 goto done;
2755 }
2756
0f4e68cf 2757 if (index != MGMT_INDEX_NONE) {
bdb6d971
JH		 2758 hdev = hci_dev_get(index);
2759 if (!hdev) {
2760 err = cmd_status(sk, index, opcode,
04124681 2761 MGMT_STATUS_INVALID_INDEX);
bdb6d971
JH		 2762 goto done;
2763 }
2764 }
2765
0f4e68cf
JH		 2766 if (opcode >= ARRAY_SIZE(mgmt_handlers) ||
2767 mgmt_handlers[opcode].func == NULL) {
0381101f 2768 BT_DBG("Unknown op %u", opcode);
ca69b795 2769 err = cmd_status(sk, index, opcode,
04124681 2770 MGMT_STATUS_UNKNOWN_COMMAND);
0f4e68cf
JH		 2771 goto done;
2772 }
2773
2774 if ((hdev && opcode < MGMT_OP_READ_INFO) ||
2775 (!hdev && opcode >= MGMT_OP_READ_INFO)) {
2776 err = cmd_status(sk, index, opcode,
04124681 2777 MGMT_STATUS_INVALID_INDEX);
0f4e68cf 2778 goto done;
0381101f
JH		 2779 }
2780
be22b54e
JH		 2781 handler = &mgmt_handlers[opcode];
2782
2783 if ((handler->var_len && len < handler->data_len) ||
2784 (!handler->var_len && len != handler->data_len)) {
2785 err = cmd_status(sk, index, opcode,
04124681 2786 MGMT_STATUS_INVALID_PARAMS);
be22b54e
JH		 2787 goto done;
2788 }
2789
0f4e68cf
JH		 2790 if (hdev)
2791 mgmt_init_hdev(sk, hdev);
2792
2793 cp = buf + sizeof(*hdr);
2794
be22b54e 2795 err = handler->func(sk, hdev, cp, len);
e41d8b4e
JH		 2796 if (err < 0)
2797 goto done;
2798
0381101f
JH		 2799 err = msglen;
2800
2801done:
bdb6d971
JH		 2802 if (hdev)
2803 hci_dev_put(hdev);
2804
0381101f
JH		 2805 kfree(buf);
2806 return err;
2807}
c71e97bf 2808
b24752fe
JH		 2809static void cmd_status_rsp(struct pending_cmd *cmd, void *data)
2810{
2811 u8 *status = data;
2812
2813 cmd_status(cmd->sk, cmd->index, cmd->opcode, *status);
2814 mgmt_pending_remove(cmd);
2815}
2816
744cf19e 2817int mgmt_index_added(struct hci_dev *hdev)
c71e97bf 2818{
744cf19e 2819 return mgmt_event(MGMT_EV_INDEX_ADDED, hdev, NULL, 0, NULL);
c71e97bf
JH		 2820}
2821
744cf19e 2822int mgmt_index_removed(struct hci_dev *hdev)
c71e97bf 2823{
5f159032 2824 u8 status = MGMT_STATUS_INVALID_INDEX;
b24752fe 2825
744cf19e 2826 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status);
b24752fe 2827
744cf19e 2828 return mgmt_event(MGMT_EV_INDEX_REMOVED, hdev, NULL, 0, NULL);
eec8d2bc
JH		 2829}
2830
73f22f62 2831struct cmd_lookup {
eec8d2bc 2832 struct sock *sk;
69ab39ea 2833 struct hci_dev *hdev;
90e70454 2834 u8 mgmt_status;
eec8d2bc
JH		 2835};
2836
69ab39ea 2837static void settings_rsp(struct pending_cmd *cmd, void *data)
eec8d2bc 2838{
73f22f62 2839 struct cmd_lookup *match = data;
eec8d2bc 2840
69ab39ea 2841 send_settings_rsp(cmd->sk, cmd->opcode, match->hdev);
eec8d2bc
JH		 2842
2843 list_del(&cmd->list);
2844
2845 if (match->sk == NULL) {
2846 match->sk = cmd->sk;
2847 sock_hold(match->sk);
2848 }
2849
2850 mgmt_pending_free(cmd);
c71e97bf 2851}
5add6af8 2852
744cf19e 2853int mgmt_powered(struct hci_dev *hdev, u8 powered)
5add6af8 2854{
76a7f3a4 2855 struct cmd_lookup match = { NULL, hdev };
7bb895d6 2856 int err;
5add6af8 2857
5e5282bb
JH		 2858 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
2859 return 0;
2860
69ab39ea 2861 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
5add6af8 2862
5e5282bb
JH		 2863 if (powered) {
2864 u8 scan = 0;
2865
2866 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
2867 scan |= SCAN_PAGE;
2868 if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
2869 scan |= SCAN_INQUIRY;
2870
2871 if (scan)
2872 hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
504c8dcd
JH		 2873
2874 update_class(hdev);
2b4bf397 2875 update_name(hdev, hdev->dev_name);
504c8dcd 2876 update_eir(hdev);
5e5282bb 2877 } else {
d4f68526 2878 u8 status = MGMT_STATUS_NOT_POWERED;
744cf19e 2879 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status);
b24752fe
JH		 2880 }
2881
beadb2bd 2882 err = new_settings(hdev, match.sk);
eec8d2bc
JH		 2883
2884 if (match.sk)
2885 sock_put(match.sk);
2886
7bb895d6 2887 return err;
5add6af8 2888}
73f22f62 2889
744cf19e 2890int mgmt_discoverable(struct hci_dev *hdev, u8 discoverable)
73f22f62 2891{
76a7f3a4 2892 struct cmd_lookup match = { NULL, hdev };
5e5282bb
JH		 2893 bool changed = false;
2894 int err = 0;
73f22f62 2895
5e5282bb
JH		 2896 if (discoverable) {
2897 if (!test_and_set_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
2898 changed = true;
2899 } else {
2900 if (test_and_clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
2901 changed = true;
2902 }
73f22f62 2903
ed9b5f2f 2904 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, hdev, settings_rsp,
04124681 2905 &match);
ed9b5f2f 2906
beadb2bd
JH		 2907 if (changed)
2908 err = new_settings(hdev, match.sk);
5e5282bb 2909
73f22f62
JH		 2910 if (match.sk)
2911 sock_put(match.sk);
2912
7bb895d6 2913 return err;
73f22f62 2914}
9fbcbb45 2915
744cf19e 2916int mgmt_connectable(struct hci_dev *hdev, u8 connectable)
9fbcbb45 2917{
76a7f3a4 2918 struct cmd_lookup match = { NULL, hdev };
5e5282bb
JH		 2919 bool changed = false;
2920 int err = 0;
9fbcbb45 2921
5e5282bb
JH		 2922 if (connectable) {
2923 if (!test_and_set_bit(HCI_CONNECTABLE, &hdev->dev_flags))
2924 changed = true;
2925 } else {
2926 if (test_and_clear_bit(HCI_CONNECTABLE, &hdev->dev_flags))
2927 changed = true;
2928 }
9fbcbb45 2929
ed9b5f2f 2930 mgmt_pending_foreach(MGMT_OP_SET_CONNECTABLE, hdev, settings_rsp,
04124681 2931 &match);
ed9b5f2f 2932
beadb2bd
JH		 2933 if (changed)
2934 err = new_settings(hdev, match.sk);
9fbcbb45
JH		 2935
2936 if (match.sk)
2937 sock_put(match.sk);
2938
7bb895d6 2939 return err;
9fbcbb45 2940}
55ed8ca1 2941
744cf19e 2942int mgmt_write_scan_failed(struct hci_dev *hdev, u8 scan, u8 status)
2d7cee58 2943{
ca69b795
JH		 2944 u8 mgmt_err = mgmt_status(status);
2945
2d7cee58 2946 if (scan & SCAN_PAGE)
744cf19e 2947 mgmt_pending_foreach(MGMT_OP_SET_CONNECTABLE, hdev,
04124681 2948 cmd_status_rsp, &mgmt_err);
2d7cee58
JH		 2949
2950 if (scan & SCAN_INQUIRY)
744cf19e 2951 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, hdev,
04124681 2952 cmd_status_rsp, &mgmt_err);
2d7cee58
JH		 2953
2954 return 0;
2955}
2956
745c0ce3 2957int mgmt_new_link_key(struct hci_dev *hdev, struct link_key *key, bool persistent)
55ed8ca1 2958{
86742e1e 2959 struct mgmt_ev_new_link_key ev;
55ed8ca1 2960
a492cd52 2961 memset(&ev, 0, sizeof(ev));
55ed8ca1 2962
a492cd52 2963 ev.store_hint = persistent;
d753fdc4
JH		 2964 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
2965 ev.key.addr.type = MGMT_ADDR_BREDR;
a492cd52
VCG		 2966 ev.key.type = key->type;
2967 memcpy(ev.key.val, key->val, 16);
2968 ev.key.pin_len = key->pin_len;
55ed8ca1 2969
744cf19e 2970 return mgmt_event(MGMT_EV_NEW_LINK_KEY, hdev, &ev, sizeof(ev), NULL);
55ed8ca1 2971}
f7520543 2972
346af67b
VCG		 2973int mgmt_new_ltk(struct hci_dev *hdev, struct smp_ltk *key, u8 persistent)
2974{
2975 struct mgmt_ev_new_long_term_key ev;
2976
2977 memset(&ev, 0, sizeof(ev));
2978
2979 ev.store_hint = persistent;
2980 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
eb19aaac 2981 ev.key.addr.type = link_to_mgmt(LE_LINK, key->bdaddr_type);
346af67b
VCG		 2982 ev.key.authenticated = key->authenticated;
2983 ev.key.enc_size = key->enc_size;
2984 ev.key.ediv = key->ediv;
2985
2986 if (key->type == HCI_SMP_LTK)
2987 ev.key.master = 1;
2988
2989 memcpy(ev.key.rand, key->rand, sizeof(key->rand));
2990 memcpy(ev.key.val, key->val, sizeof(key->val));
2991
04124681
GP		 2992 return mgmt_event(MGMT_EV_NEW_LONG_TERM_KEY, hdev, &ev, sizeof(ev),
2993 NULL);
346af67b
VCG		 2994}
2995
afc747a6 2996int mgmt_device_connected(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
04124681
GP		 2997 u8 addr_type, u32 flags, u8 *name, u8 name_len,
2998 u8 *dev_class)
f7520543 2999{
b644ba33
JH		 3000 char buf[512];
3001 struct mgmt_ev_device_connected *ev = (void *) buf;
3002 u16 eir_len = 0;
f7520543 3003
b644ba33
JH		 3004 bacpy(&ev->addr.bdaddr, bdaddr);
3005 ev->addr.type = link_to_mgmt(link_type, addr_type);
f7520543 3006
c95f0ba7 3007 ev->flags = __cpu_to_le32(flags);
08c79b61 3008
b644ba33
JH		 3009 if (name_len > 0)
3010 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE,
04124681 3011 name, name_len);
b644ba33
JH		 3012
3013 if (dev_class && memcmp(dev_class, "\0\0\0", 3) != 0)
53156385 3014 eir_len = eir_append_data(ev->eir, eir_len,
04124681 3015 EIR_CLASS_OF_DEV, dev_class, 3);
b644ba33 3016
eb55ef07 3017 ev->eir_len = cpu_to_le16(eir_len);
b644ba33
JH		 3018
3019 return mgmt_event(MGMT_EV_DEVICE_CONNECTED, hdev, buf,
04124681 3020 sizeof(*ev) + eir_len, NULL);
f7520543
JH		 3021}
3022
8962ee74
JH		 3023static void disconnect_rsp(struct pending_cmd *cmd, void *data)
3024{
c68fb7ff 3025 struct mgmt_cp_disconnect *cp = cmd->param;
8962ee74 3026 struct sock **sk = data;
a38528f1 3027 struct mgmt_rp_disconnect rp;
8962ee74 3028
88c3df13
JH		 3029 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
3030 rp.addr.type = cp->addr.type;
8962ee74 3031
aee9b218 3032 cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT, 0, &rp,
04124681 3033 sizeof(rp));
8962ee74
JH		 3034
3035 *sk = cmd->sk;
3036 sock_hold(*sk);
3037
a664b5bc 3038 mgmt_pending_remove(cmd);
8962ee74
JH		 3039}
3040
124f6e35 3041static void unpair_device_rsp(struct pending_cmd *cmd, void *data)
a8a1d19e 3042{
b1078ad0 3043 struct hci_dev *hdev = data;
124f6e35
JH		 3044 struct mgmt_cp_unpair_device *cp = cmd->param;
3045 struct mgmt_rp_unpair_device rp;
a8a1d19e
JH		 3046
3047 memset(&rp, 0, sizeof(rp));
124f6e35
JH		 3048 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
3049 rp.addr.type = cp->addr.type;
a8a1d19e 3050
b1078ad0
JH		 3051 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, cmd->sk);
3052
aee9b218 3053 cmd_complete(cmd->sk, cmd->index, cmd->opcode, 0, &rp, sizeof(rp));
a8a1d19e
JH		 3054
3055 mgmt_pending_remove(cmd);
3056}
3057
afc747a6 3058int mgmt_device_disconnected(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 3059 u8 link_type, u8 addr_type)
f7520543 3060{
4c659c39 3061 struct mgmt_addr_info ev;
8962ee74
JH		 3062 struct sock *sk = NULL;
3063 int err;
3064
744cf19e 3065 mgmt_pending_foreach(MGMT_OP_DISCONNECT, hdev, disconnect_rsp, &sk);
f7520543 3066
f7520543 3067 bacpy(&ev.bdaddr, bdaddr);
48264f06 3068 ev.type = link_to_mgmt(link_type, addr_type);
f7520543 3069
afc747a6 3070 err = mgmt_event(MGMT_EV_DEVICE_DISCONNECTED, hdev, &ev, sizeof(ev),
04124681 3071 sk);
8962ee74
JH		 3072
3073 if (sk)
d97dcb66 3074 sock_put(sk);
8962ee74 3075
124f6e35 3076 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
04124681 3077 hdev);
a8a1d19e 3078
8962ee74
JH		 3079 return err;
3080}
3081
88c3df13 3082int mgmt_disconnect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 3083 u8 link_type, u8 addr_type, u8 status)
8962ee74 3084{
88c3df13 3085 struct mgmt_rp_disconnect rp;
8962ee74
JH		 3086 struct pending_cmd *cmd;
3087 int err;
3088
2e58ef3e 3089 cmd = mgmt_pending_find(MGMT_OP_DISCONNECT, hdev);
8962ee74
JH		 3090 if (!cmd)
3091 return -ENOENT;
3092
88c3df13
JH		 3093 bacpy(&rp.addr.bdaddr, bdaddr);
3094 rp.addr.type = link_to_mgmt(link_type, addr_type);
37d9ef76 3095
88c3df13 3096 err = cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT,
04124681 3097 mgmt_status(status), &rp, sizeof(rp));
8962ee74 3098
a664b5bc 3099 mgmt_pending_remove(cmd);
8962ee74 3100
b1078ad0
JH		 3101 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
3102 hdev);
8962ee74 3103 return err;
f7520543 3104}
17d5c04c 3105
48264f06 3106int mgmt_connect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
04124681 3107 u8 addr_type, u8 status)
17d5c04c
JH		 3108{
3109 struct mgmt_ev_connect_failed ev;
3110
4c659c39 3111 bacpy(&ev.addr.bdaddr, bdaddr);
48264f06 3112 ev.addr.type = link_to_mgmt(link_type, addr_type);
ca69b795 3113 ev.status = mgmt_status(status);
17d5c04c 3114
744cf19e 3115 return mgmt_event(MGMT_EV_CONNECT_FAILED, hdev, &ev, sizeof(ev), NULL);
17d5c04c 3116}
980e1a53 3117
744cf19e 3118int mgmt_pin_code_request(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 secure)
980e1a53
JH		 3119{
3120 struct mgmt_ev_pin_code_request ev;
3121
d8457698
JH		 3122 bacpy(&ev.addr.bdaddr, bdaddr);
3123 ev.addr.type = MGMT_ADDR_BREDR;
a770bb5a 3124 ev.secure = secure;
980e1a53 3125
744cf19e 3126 return mgmt_event(MGMT_EV_PIN_CODE_REQUEST, hdev, &ev, sizeof(ev),
04124681 3127 NULL);
980e1a53
JH		 3128}
3129
744cf19e 3130int mgmt_pin_code_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 3131 u8 status)
980e1a53
JH		 3132{
3133 struct pending_cmd *cmd;
ac56fb13 3134 struct mgmt_rp_pin_code_reply rp;
980e1a53
JH		 3135 int err;
3136
2e58ef3e 3137 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_REPLY, hdev);
980e1a53
JH		 3138 if (!cmd)
3139 return -ENOENT;
3140
d8457698
JH		 3141 bacpy(&rp.addr.bdaddr, bdaddr);
3142 rp.addr.type = MGMT_ADDR_BREDR;
ac56fb13 3143
aee9b218 3144 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
04124681 3145 mgmt_status(status), &rp, sizeof(rp));
980e1a53 3146
a664b5bc 3147 mgmt_pending_remove(cmd);
980e1a53
JH		 3148
3149 return err;
3150}
3151
744cf19e 3152int mgmt_pin_code_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 3153 u8 status)
980e1a53
JH		 3154{
3155 struct pending_cmd *cmd;
ac56fb13 3156 struct mgmt_rp_pin_code_reply rp;
980e1a53
JH		 3157 int err;
3158
2e58ef3e 3159 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_NEG_REPLY, hdev);
980e1a53
JH		 3160 if (!cmd)
3161 return -ENOENT;
3162
d8457698
JH		 3163 bacpy(&rp.addr.bdaddr, bdaddr);
3164 rp.addr.type = MGMT_ADDR_BREDR;
ac56fb13 3165
aee9b218 3166 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_NEG_REPLY,
04124681 3167 mgmt_status(status), &rp, sizeof(rp));
980e1a53 3168
a664b5bc 3169 mgmt_pending_remove(cmd);
980e1a53
JH		 3170
3171 return err;
3172}
a5c29683 3173
744cf19e 3174int mgmt_user_confirm_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681
GP		 3175 u8 link_type, u8 addr_type, __le32 value,
3176 u8 confirm_hint)
a5c29683
JH		 3177{
3178 struct mgmt_ev_user_confirm_request ev;
3179
744cf19e 3180 BT_DBG("%s", hdev->name);
a5c29683 3181
272d90df
JH		 3182 bacpy(&ev.addr.bdaddr, bdaddr);
3183 ev.addr.type = link_to_mgmt(link_type, addr_type);
55bc1a37 3184 ev.confirm_hint = confirm_hint;
78e8098e 3185 ev.value = value;
a5c29683 3186
744cf19e 3187 return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST, hdev, &ev, sizeof(ev),
04124681 3188 NULL);
a5c29683
JH		 3189}
3190
272d90df
JH		 3191int mgmt_user_passkey_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
3192 u8 link_type, u8 addr_type)
604086b7
BG		 3193{
3194 struct mgmt_ev_user_passkey_request ev;
3195
3196 BT_DBG("%s", hdev->name);
3197
272d90df
JH		 3198 bacpy(&ev.addr.bdaddr, bdaddr);
3199 ev.addr.type = link_to_mgmt(link_type, addr_type);
604086b7
BG		 3200
3201 return mgmt_event(MGMT_EV_USER_PASSKEY_REQUEST, hdev, &ev, sizeof(ev),
04124681 3202 NULL);
604086b7
BG		 3203}
3204
0df4c185 3205static int user_pairing_resp_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
272d90df
JH		 3206 u8 link_type, u8 addr_type, u8 status,
3207 u8 opcode)
a5c29683
JH		 3208{
3209 struct pending_cmd *cmd;
3210 struct mgmt_rp_user_confirm_reply rp;
3211 int err;
3212
2e58ef3e 3213 cmd = mgmt_pending_find(opcode, hdev);
a5c29683
JH		 3214 if (!cmd)
3215 return -ENOENT;
3216
272d90df
JH		 3217 bacpy(&rp.addr.bdaddr, bdaddr);
3218 rp.addr.type = link_to_mgmt(link_type, addr_type);
aee9b218 3219 err = cmd_complete(cmd->sk, hdev->id, opcode, mgmt_status(status),
04124681 3220 &rp, sizeof(rp));
a5c29683 3221
a664b5bc 3222 mgmt_pending_remove(cmd);
a5c29683
JH		 3223
3224 return err;
3225}
3226
744cf19e 3227int mgmt_user_confirm_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 3228 u8 link_type, u8 addr_type, u8 status)
a5c29683 3229{
272d90df 3230 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
04124681 3231 status, MGMT_OP_USER_CONFIRM_REPLY);
a5c29683
JH		 3232}
3233
272d90df 3234int mgmt_user_confirm_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 3235 u8 link_type, u8 addr_type, u8 status)
a5c29683 3236{
272d90df 3237 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
04124681 3238 status, MGMT_OP_USER_CONFIRM_NEG_REPLY);
a5c29683 3239}
2a611692 3240
604086b7 3241int mgmt_user_passkey_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 3242 u8 link_type, u8 addr_type, u8 status)
604086b7 3243{
272d90df 3244 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
04124681 3245 status, MGMT_OP_USER_PASSKEY_REPLY);
604086b7
BG		 3246}
3247
272d90df 3248int mgmt_user_passkey_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 3249 u8 link_type, u8 addr_type, u8 status)
604086b7 3250{
272d90df 3251 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
04124681 3252 status, MGMT_OP_USER_PASSKEY_NEG_REPLY);
604086b7
BG		 3253}
3254
bab73cb6 3255int mgmt_auth_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
04124681 3256 u8 addr_type, u8 status)
2a611692
JH		 3257{
3258 struct mgmt_ev_auth_failed ev;
3259
bab73cb6
JH		 3260 bacpy(&ev.addr.bdaddr, bdaddr);
3261 ev.addr.type = link_to_mgmt(link_type, addr_type);
ca69b795 3262 ev.status = mgmt_status(status);
2a611692 3263
744cf19e 3264 return mgmt_event(MGMT_EV_AUTH_FAILED, hdev, &ev, sizeof(ev), NULL);
2a611692 3265}
b312b161 3266
33ef95ed
JH		 3267int mgmt_auth_enable_complete(struct hci_dev *hdev, u8 status)
3268{
3269 struct cmd_lookup match = { NULL, hdev };
47990ea0
JH		 3270 bool changed = false;
3271 int err = 0;
33ef95ed
JH		 3272
3273 if (status) {
3274 u8 mgmt_err = mgmt_status(status);
3275 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev,
04124681 3276 cmd_status_rsp, &mgmt_err);
33ef95ed
JH		 3277 return 0;
3278 }
3279
47990ea0
JH		 3280 if (test_bit(HCI_AUTH, &hdev->flags)) {
3281 if (!test_and_set_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
3282 changed = true;
3283 } else {
3284 if (test_and_clear_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
3285 changed = true;
3286 }
3287
33ef95ed 3288 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev, settings_rsp,
04124681 3289 &match);
33ef95ed 3290
47990ea0
JH		 3291 if (changed)
3292 err = new_settings(hdev, match.sk);
33ef95ed
JH		 3293
3294 if (match.sk)
3295 sock_put(match.sk);
3296
3297 return err;
3298}
3299
cacaf52f
JH		 3300static int clear_eir(struct hci_dev *hdev)
3301{
3302 struct hci_cp_write_eir cp;
3303
3304 if (!(hdev->features[6] & LMP_EXT_INQ))
3305 return 0;
3306
c80da27e
JH		 3307 memset(hdev->eir, 0, sizeof(hdev->eir));
3308
cacaf52f
JH		 3309 memset(&cp, 0, sizeof(cp));
3310
3311 return hci_send_cmd(hdev, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
3312}
3313
c0ecddc2 3314int mgmt_ssp_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
ed2c4ee3
JH		 3315{
3316 struct cmd_lookup match = { NULL, hdev };
c0ecddc2
JH		 3317 bool changed = false;
3318 int err = 0;
ed2c4ee3
JH		 3319
3320 if (status) {
3321 u8 mgmt_err = mgmt_status(status);
c0ecddc2
JH		 3322
3323 if (enable && test_and_clear_bit(HCI_SSP_ENABLED,
04124681 3324 &hdev->dev_flags))
c0ecddc2
JH		 3325 err = new_settings(hdev, NULL);
3326
04124681
GP		 3327 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, cmd_status_rsp,
3328 &mgmt_err);
c0ecddc2
JH		 3329
3330 return err;
3331 }
3332
3333 if (enable) {
3334 if (!test_and_set_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
3335 changed = true;
3336 } else {
3337 if (test_and_clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
3338 changed = true;
ed2c4ee3
JH		 3339 }
3340
3341 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, settings_rsp, &match);
3342
c0ecddc2
JH		 3343 if (changed)
3344 err = new_settings(hdev, match.sk);
ed2c4ee3 3345
5fc6ebb1 3346 if (match.sk)
ed2c4ee3
JH		 3347 sock_put(match.sk);
3348
5fc6ebb1
JH		 3349 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
3350 update_eir(hdev);
3351 else
3352 clear_eir(hdev);
cacaf52f 3353
ed2c4ee3
JH		 3354 return err;
3355}
3356
90e70454
JH		 3357static void class_rsp(struct pending_cmd *cmd, void *data)
3358{
3359 struct cmd_lookup *match = data;
3360
3361 cmd_complete(cmd->sk, cmd->index, cmd->opcode, match->mgmt_status,
04124681 3362 match->hdev->dev_class, 3);
90e70454
JH		 3363
3364 list_del(&cmd->list);
3365
3366 if (match->sk == NULL) {
3367 match->sk = cmd->sk;
3368 sock_hold(match->sk);
3369 }
3370
3371 mgmt_pending_free(cmd);
3372}
3373
7f9a903c 3374int mgmt_set_class_of_dev_complete(struct hci_dev *hdev, u8 *dev_class,
04124681 3375 u8 status)
7f9a903c 3376{
90e70454
JH		 3377 struct cmd_lookup match = { NULL, hdev, mgmt_status(status) };
3378 int err = 0;
7f9a903c 3379
c95f0ba7
JH		 3380 clear_bit(HCI_PENDING_CLASS, &hdev->dev_flags);
3381
90e70454
JH		 3382 mgmt_pending_foreach(MGMT_OP_SET_DEV_CLASS, hdev, class_rsp, &match);
3383 mgmt_pending_foreach(MGMT_OP_ADD_UUID, hdev, class_rsp, &match);
3384 mgmt_pending_foreach(MGMT_OP_REMOVE_UUID, hdev, class_rsp, &match);
3385
3386 if (!status)
04124681
GP		 3387 err = mgmt_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev, dev_class,
3388 3, NULL);
90e70454
JH		 3389
3390 if (match.sk)
3391 sock_put(match.sk);
7f9a903c
MH		 3392
3393 return err;
3394}
3395
744cf19e 3396int mgmt_set_local_name_complete(struct hci_dev *hdev, u8 *name, u8 status)
b312b161
JH		 3397{
3398 struct pending_cmd *cmd;
3399 struct mgmt_cp_set_local_name ev;
28cc7bde
JH		 3400 bool changed = false;
3401 int err = 0;
3402
3403 if (memcmp(name, hdev->dev_name, sizeof(hdev->dev_name)) != 0) {
3404 memcpy(hdev->dev_name, name, sizeof(hdev->dev_name));
3405 changed = true;
3406 }
b312b161
JH		 3407
3408 memset(&ev, 0, sizeof(ev));
3409 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH);
28cc7bde 3410 memcpy(ev.short_name, hdev->short_name, HCI_MAX_SHORT_NAME_LENGTH);
b312b161 3411
2e58ef3e 3412 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
b312b161
JH		 3413 if (!cmd)
3414 goto send_event;
3415
7bdaae4a
JH		 3416 /* Always assume that either the short or the complete name has
3417 * changed if there was a pending mgmt command */
3418 changed = true;
3419
b312b161 3420 if (status) {
744cf19e 3421 err = cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME,
04124681 3422 mgmt_status(status));
b312b161
JH		 3423 goto failed;
3424 }
3425
aee9b218 3426 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0, &ev,
04124681 3427 sizeof(ev));
b312b161
JH		 3428 if (err < 0)
3429 goto failed;
3430
3431send_event:
28cc7bde
JH		 3432 if (changed)
3433 err = mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, &ev,
04124681 3434 sizeof(ev), cmd ? cmd->sk : NULL);
28cc7bde 3435
f51d5b24 3436 update_eir(hdev);
b312b161
JH		 3437
3438failed:
3439 if (cmd)
3440 mgmt_pending_remove(cmd);
3441 return err;
3442}
c35938b2 3443
744cf19e 3444int mgmt_read_local_oob_data_reply_complete(struct hci_dev *hdev, u8 *hash,
04124681 3445 u8 *randomizer, u8 status)
c35938b2
SJ		 3446{
3447 struct pending_cmd *cmd;
3448 int err;
3449
744cf19e 3450 BT_DBG("%s status %u", hdev->name, status);
c35938b2 3451
2e58ef3e 3452 cmd = mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev);
c35938b2
SJ		 3453 if (!cmd)
3454 return -ENOENT;
3455
3456 if (status) {
04124681
GP		 3457 err = cmd_status(cmd->sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3458 mgmt_status(status));
c35938b2
SJ		 3459 } else {
3460 struct mgmt_rp_read_local_oob_data rp;
3461
3462 memcpy(rp.hash, hash, sizeof(rp.hash));
3463 memcpy(rp.randomizer, randomizer, sizeof(rp.randomizer));
3464
744cf19e 3465 err = cmd_complete(cmd->sk, hdev->id,
04124681
GP		 3466 MGMT_OP_READ_LOCAL_OOB_DATA, 0, &rp,
3467 sizeof(rp));
c35938b2
SJ		 3468 }
3469
3470 mgmt_pending_remove(cmd);
3471
3472 return err;
3473}
e17acd40 3474
06199cf8
JH		 3475int mgmt_le_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
3476{
3477 struct cmd_lookup match = { NULL, hdev };
3478 bool changed = false;
3479 int err = 0;
3480
3481 if (status) {
3482 u8 mgmt_err = mgmt_status(status);
3483
3484 if (enable && test_and_clear_bit(HCI_LE_ENABLED,
04124681 3485 &hdev->dev_flags))
d97dcb66 3486 err = new_settings(hdev, NULL);
06199cf8 3487
d97dcb66
SJ		 3488 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, cmd_status_rsp,
3489 &mgmt_err);
06199cf8
JH		 3490
3491 return err;
3492 }
3493
3494 if (enable) {
3495 if (!test_and_set_bit(HCI_LE_ENABLED, &hdev->dev_flags))
3496 changed = true;
3497 } else {
3498 if (test_and_clear_bit(HCI_LE_ENABLED, &hdev->dev_flags))
3499 changed = true;
3500 }
3501
3502 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, settings_rsp, &match);
3503
3504 if (changed)
3505 err = new_settings(hdev, match.sk);
3506
3507 if (match.sk)
3508 sock_put(match.sk);
3509
3510 return err;
3511}
3512
48264f06 3513int mgmt_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
04124681
GP		 3514 u8 addr_type, u8 *dev_class, s8 rssi, u8 cfm_name, u8
3515 ssp, u8 *eir, u16 eir_len)
e17acd40 3516{
e319d2e7
JH		 3517 char buf[512];
3518 struct mgmt_ev_device_found *ev = (void *) buf;
1dc06093 3519 size_t ev_size;
e17acd40 3520
1dc06093
JH		 3521 /* Leave 5 bytes for a potential CoD field */
3522 if (sizeof(*ev) + eir_len + 5 > sizeof(buf))
7d262f86
AG		 3523 return -EINVAL;
3524
1dc06093
JH		 3525 memset(buf, 0, sizeof(buf));
3526
e319d2e7
JH		 3527 bacpy(&ev->addr.bdaddr, bdaddr);
3528 ev->addr.type = link_to_mgmt(link_type, addr_type);
3529 ev->rssi = rssi;
9a395a80
JH		 3530 if (cfm_name)
3531 ev->flags[0] |= MGMT_DEV_FOUND_CONFIRM_NAME;
388fc8fa
JH		 3532 if (!ssp)
3533 ev->flags[0] |= MGMT_DEV_FOUND_LEGACY_PAIRING;
e17acd40 3534
1dc06093 3535 if (eir_len > 0)
e319d2e7 3536 memcpy(ev->eir, eir, eir_len);
e17acd40 3537
1dc06093
JH		 3538 if (dev_class && !eir_has_data_type(ev->eir, eir_len, EIR_CLASS_OF_DEV))
3539 eir_len = eir_append_data(ev->eir, eir_len, EIR_CLASS_OF_DEV,
04124681 3540 dev_class, 3);
1dc06093 3541
eb55ef07 3542 ev->eir_len = cpu_to_le16(eir_len);
1dc06093
JH		 3543
3544 ev_size = sizeof(*ev) + eir_len;
f8523598 3545
e319d2e7 3546 return mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, ev_size, NULL);
e17acd40 3547}
a88a9652 3548
b644ba33 3549int mgmt_remote_name(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
04124681 3550 u8 addr_type, s8 rssi, u8 *name, u8 name_len)
a88a9652 3551{
b644ba33
JH		 3552 struct mgmt_ev_device_found *ev;
3553 char buf[sizeof(*ev) + HCI_MAX_NAME_LENGTH + 2];
3554 u16 eir_len;
a88a9652 3555
b644ba33 3556 ev = (struct mgmt_ev_device_found *) buf;
a88a9652 3557
b644ba33
JH		 3558 memset(buf, 0, sizeof(buf));
3559
3560 bacpy(&ev->addr.bdaddr, bdaddr);
3561 ev->addr.type = link_to_mgmt(link_type, addr_type);
3562 ev->rssi = rssi;
3563
3564 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE, name,
04124681 3565 name_len);
b644ba33 3566
eb55ef07 3567 ev->eir_len = cpu_to_le16(eir_len);
a88a9652 3568
053c7e0c 3569 return mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev,
04124681 3570 sizeof(*ev) + eir_len, NULL);
a88a9652 3571}
314b2381 3572
7a135109 3573int mgmt_start_discovery_failed(struct hci_dev *hdev, u8 status)
164a6e78
JH		 3574{
3575 struct pending_cmd *cmd;
f808e166 3576 u8 type;
164a6e78
JH		 3577 int err;
3578
203159d4
AG		 3579 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
3580
2e58ef3e 3581 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
164a6e78
JH		 3582 if (!cmd)
3583 return -ENOENT;
3584
f808e166
JH		 3585 type = hdev->discovery.type;
3586
3587 err = cmd_complete(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status),
04124681 3588 &type, sizeof(type));
164a6e78
JH		 3589 mgmt_pending_remove(cmd);
3590
3591 return err;
3592}
3593
e6d465cb
AG		 3594int mgmt_stop_discovery_failed(struct hci_dev *hdev, u8 status)
3595{
3596 struct pending_cmd *cmd;
3597 int err;
3598
3599 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
3600 if (!cmd)
3601 return -ENOENT;
3602
d930650b 3603 err = cmd_complete(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status),
04124681 3604 &hdev->discovery.type, sizeof(hdev->discovery.type));
164a6e78
JH		 3605 mgmt_pending_remove(cmd);
3606
3607 return err;
3608}
3609
744cf19e 3610int mgmt_discovering(struct hci_dev *hdev, u8 discovering)
314b2381 3611{
f963e8e9 3612 struct mgmt_ev_discovering ev;
164a6e78
JH		 3613 struct pending_cmd *cmd;
3614
343fb145
AG		 3615 BT_DBG("%s discovering %u", hdev->name, discovering);
3616
164a6e78 3617 if (discovering)
2e58ef3e 3618 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
164a6e78 3619 else
2e58ef3e 3620 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
164a6e78
JH		 3621
3622 if (cmd != NULL) {
f808e166
JH		 3623 u8 type = hdev->discovery.type;
3624
04124681
GP		 3625 cmd_complete(cmd->sk, hdev->id, cmd->opcode, 0, &type,
3626 sizeof(type));
164a6e78
JH		 3627 mgmt_pending_remove(cmd);
3628 }
3629
f963e8e9
JH		 3630 memset(&ev, 0, sizeof(ev));
3631 ev.type = hdev->discovery.type;
3632 ev.discovering = discovering;
3633
3634 return mgmt_event(MGMT_EV_DISCOVERING, hdev, &ev, sizeof(ev), NULL);
314b2381 3635}
5e762444 3636
88c1fe4b 3637int mgmt_device_blocked(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
5e762444
AJ		 3638{
3639 struct pending_cmd *cmd;
3640 struct mgmt_ev_device_blocked ev;
3641
2e58ef3e 3642 cmd = mgmt_pending_find(MGMT_OP_BLOCK_DEVICE, hdev);
5e762444 3643
88c1fe4b
JH		 3644 bacpy(&ev.addr.bdaddr, bdaddr);
3645 ev.addr.type = type;
5e762444 3646
744cf19e 3647 return mgmt_event(MGMT_EV_DEVICE_BLOCKED, hdev, &ev, sizeof(ev),
04124681 3648 cmd ? cmd->sk : NULL);
5e762444
AJ		 3649}
3650
88c1fe4b 3651int mgmt_device_unblocked(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
5e762444
AJ		 3652{
3653 struct pending_cmd *cmd;
3654 struct mgmt_ev_device_unblocked ev;
3655
2e58ef3e 3656 cmd = mgmt_pending_find(MGMT_OP_UNBLOCK_DEVICE, hdev);
5e762444 3657
88c1fe4b
JH		 3658 bacpy(&ev.addr.bdaddr, bdaddr);
3659 ev.addr.type = type;
5e762444 3660
744cf19e 3661 return mgmt_event(MGMT_EV_DEVICE_UNBLOCKED, hdev, &ev, sizeof(ev),
04124681 3662 cmd ? cmd->sk : NULL);
5e762444 3663}
d7b7e796
MH		 3664
3665module_param(enable_hs, bool, 0644);
3666MODULE_PARM_DESC(enable_hs, "Enable High Speed support");
3667
3668module_param(enable_le, bool, 0644);
3669MODULE_PARM_DESC(enable_le, "Enable Low Energy support");
kernel source for telekom puls (alcatel/mediatek)