projects / GitHub / mt8127 / android_kernel_alcatel_ttab.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Bluetooth: mgmt: Fix Set SSP supported check
[GitHub/mt8127/android_kernel_alcatel_ttab.git] / net / bluetooth / mgmt.c
CommitLineData
0381101f
JH		 1/*
2 BlueZ - Bluetooth protocol stack for Linux
ea585ab5 3
0381101f 4 Copyright (C) 2010 Nokia Corporation
ea585ab5 5 Copyright (C) 2011-2012 Intel Corporation
0381101f
JH		 6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
10
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
23*/
24
25/* Bluetooth HCI Management interface */
26
ca69b795 27#include <linux/kernel.h>
72359753 28#include <linux/uaccess.h>
3a9a231d 29#include <linux/module.h>
0381101f
JH		 30#include <asm/unaligned.h>
31
32#include <net/bluetooth/bluetooth.h>
33#include <net/bluetooth/hci_core.h>
34#include <net/bluetooth/mgmt.h>
5fe57d9e 35#include <net/bluetooth/smp.h>
0381101f 36
d7b7e796
MH		 37bool enable_hs;
38bool enable_le;
39
2da9c55c
JH		 40#define MGMT_VERSION 1
41#define MGMT_REVISION 0
02d98129 42
e70bb2e8
JH		 43static const u16 mgmt_commands[] = {
44 MGMT_OP_READ_INDEX_LIST,
45 MGMT_OP_READ_INFO,
46 MGMT_OP_SET_POWERED,
47 MGMT_OP_SET_DISCOVERABLE,
48 MGMT_OP_SET_CONNECTABLE,
49 MGMT_OP_SET_FAST_CONNECTABLE,
50 MGMT_OP_SET_PAIRABLE,
51 MGMT_OP_SET_LINK_SECURITY,
52 MGMT_OP_SET_SSP,
53 MGMT_OP_SET_HS,
54 MGMT_OP_SET_LE,
55 MGMT_OP_SET_DEV_CLASS,
56 MGMT_OP_SET_LOCAL_NAME,
57 MGMT_OP_ADD_UUID,
58 MGMT_OP_REMOVE_UUID,
59 MGMT_OP_LOAD_LINK_KEYS,
60 MGMT_OP_LOAD_LONG_TERM_KEYS,
61 MGMT_OP_DISCONNECT,
62 MGMT_OP_GET_CONNECTIONS,
63 MGMT_OP_PIN_CODE_REPLY,
64 MGMT_OP_PIN_CODE_NEG_REPLY,
65 MGMT_OP_SET_IO_CAPABILITY,
66 MGMT_OP_PAIR_DEVICE,
67 MGMT_OP_CANCEL_PAIR_DEVICE,
68 MGMT_OP_UNPAIR_DEVICE,
69 MGMT_OP_USER_CONFIRM_REPLY,
70 MGMT_OP_USER_CONFIRM_NEG_REPLY,
71 MGMT_OP_USER_PASSKEY_REPLY,
72 MGMT_OP_USER_PASSKEY_NEG_REPLY,
73 MGMT_OP_READ_LOCAL_OOB_DATA,
74 MGMT_OP_ADD_REMOTE_OOB_DATA,
75 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
76 MGMT_OP_START_DISCOVERY,
77 MGMT_OP_STOP_DISCOVERY,
78 MGMT_OP_CONFIRM_NAME,
79 MGMT_OP_BLOCK_DEVICE,
80 MGMT_OP_UNBLOCK_DEVICE,
81};
82
83static const u16 mgmt_events[] = {
84 MGMT_EV_CONTROLLER_ERROR,
85 MGMT_EV_INDEX_ADDED,
86 MGMT_EV_INDEX_REMOVED,
87 MGMT_EV_NEW_SETTINGS,
88 MGMT_EV_CLASS_OF_DEV_CHANGED,
89 MGMT_EV_LOCAL_NAME_CHANGED,
90 MGMT_EV_NEW_LINK_KEY,
91 MGMT_EV_NEW_LONG_TERM_KEY,
92 MGMT_EV_DEVICE_CONNECTED,
93 MGMT_EV_DEVICE_DISCONNECTED,
94 MGMT_EV_CONNECT_FAILED,
95 MGMT_EV_PIN_CODE_REQUEST,
96 MGMT_EV_USER_CONFIRM_REQUEST,
97 MGMT_EV_USER_PASSKEY_REQUEST,
98 MGMT_EV_AUTH_FAILED,
99 MGMT_EV_DEVICE_FOUND,
100 MGMT_EV_DISCOVERING,
101 MGMT_EV_DEVICE_BLOCKED,
102 MGMT_EV_DEVICE_UNBLOCKED,
103 MGMT_EV_DEVICE_UNPAIRED,
104};
105
3fd24153
AG		 106/*
107 * These LE scan and inquiry parameters were chosen according to LE General
108 * Discovery Procedure specification.
109 */
110#define LE_SCAN_TYPE 0x01
111#define LE_SCAN_WIN 0x12
112#define LE_SCAN_INT 0x12
113#define LE_SCAN_TIMEOUT_LE_ONLY 10240 /* TGAP(gen_disc_scan_min) */
5e0452c0 114#define LE_SCAN_TIMEOUT_BREDR_LE 5120 /* TGAP(100)/2 */
3fd24153 115
e8777525 116#define INQUIRY_LEN_BREDR 0x08 /* TGAP(100) */
5e0452c0 117#define INQUIRY_LEN_BREDR_LE 0x04 /* TGAP(100)/2 */
2519a1fc 118
7d78525d
JH		 119#define SERVICE_CACHE_TIMEOUT (5 * 1000)
120
4b34ee78
JH		 121#define hdev_is_powered(hdev) (test_bit(HCI_UP, &hdev->flags) && \
122 !test_bit(HCI_AUTO_OFF, &hdev->dev_flags))
123
eec8d2bc
JH		 124struct pending_cmd {
125 struct list_head list;
fc2f4b13 126 u16 opcode;
eec8d2bc 127 int index;
c68fb7ff 128 void *param;
eec8d2bc 129 struct sock *sk;
e9a416b5 130 void *user_data;
eec8d2bc
JH		 131};
132
ca69b795
JH		 133/* HCI to MGMT error code conversion table */
134static u8 mgmt_status_table[] = {
135 MGMT_STATUS_SUCCESS,
136 MGMT_STATUS_UNKNOWN_COMMAND, /* Unknown Command */
137 MGMT_STATUS_NOT_CONNECTED, /* No Connection */
138 MGMT_STATUS_FAILED, /* Hardware Failure */
139 MGMT_STATUS_CONNECT_FAILED, /* Page Timeout */
140 MGMT_STATUS_AUTH_FAILED, /* Authentication Failed */
141 MGMT_STATUS_NOT_PAIRED, /* PIN or Key Missing */
142 MGMT_STATUS_NO_RESOURCES, /* Memory Full */
143 MGMT_STATUS_TIMEOUT, /* Connection Timeout */
144 MGMT_STATUS_NO_RESOURCES, /* Max Number of Connections */
145 MGMT_STATUS_NO_RESOURCES, /* Max Number of SCO Connections */
146 MGMT_STATUS_ALREADY_CONNECTED, /* ACL Connection Exists */
147 MGMT_STATUS_BUSY, /* Command Disallowed */
148 MGMT_STATUS_NO_RESOURCES, /* Rejected Limited Resources */
149 MGMT_STATUS_REJECTED, /* Rejected Security */
150 MGMT_STATUS_REJECTED, /* Rejected Personal */
151 MGMT_STATUS_TIMEOUT, /* Host Timeout */
152 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Feature */
153 MGMT_STATUS_INVALID_PARAMS, /* Invalid Parameters */
154 MGMT_STATUS_DISCONNECTED, /* OE User Ended Connection */
155 MGMT_STATUS_NO_RESOURCES, /* OE Low Resources */
156 MGMT_STATUS_DISCONNECTED, /* OE Power Off */
157 MGMT_STATUS_DISCONNECTED, /* Connection Terminated */
158 MGMT_STATUS_BUSY, /* Repeated Attempts */
159 MGMT_STATUS_REJECTED, /* Pairing Not Allowed */
160 MGMT_STATUS_FAILED, /* Unknown LMP PDU */
161 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Remote Feature */
162 MGMT_STATUS_REJECTED, /* SCO Offset Rejected */
163 MGMT_STATUS_REJECTED, /* SCO Interval Rejected */
164 MGMT_STATUS_REJECTED, /* Air Mode Rejected */
165 MGMT_STATUS_INVALID_PARAMS, /* Invalid LMP Parameters */
166 MGMT_STATUS_FAILED, /* Unspecified Error */
167 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported LMP Parameter Value */
168 MGMT_STATUS_FAILED, /* Role Change Not Allowed */
169 MGMT_STATUS_TIMEOUT, /* LMP Response Timeout */
170 MGMT_STATUS_FAILED, /* LMP Error Transaction Collision */
171 MGMT_STATUS_FAILED, /* LMP PDU Not Allowed */
172 MGMT_STATUS_REJECTED, /* Encryption Mode Not Accepted */
173 MGMT_STATUS_FAILED, /* Unit Link Key Used */
174 MGMT_STATUS_NOT_SUPPORTED, /* QoS Not Supported */
175 MGMT_STATUS_TIMEOUT, /* Instant Passed */
176 MGMT_STATUS_NOT_SUPPORTED, /* Pairing Not Supported */
177 MGMT_STATUS_FAILED, /* Transaction Collision */
178 MGMT_STATUS_INVALID_PARAMS, /* Unacceptable Parameter */
179 MGMT_STATUS_REJECTED, /* QoS Rejected */
180 MGMT_STATUS_NOT_SUPPORTED, /* Classification Not Supported */
181 MGMT_STATUS_REJECTED, /* Insufficient Security */
182 MGMT_STATUS_INVALID_PARAMS, /* Parameter Out Of Range */
183 MGMT_STATUS_BUSY, /* Role Switch Pending */
184 MGMT_STATUS_FAILED, /* Slot Violation */
185 MGMT_STATUS_FAILED, /* Role Switch Failed */
186 MGMT_STATUS_INVALID_PARAMS, /* EIR Too Large */
187 MGMT_STATUS_NOT_SUPPORTED, /* Simple Pairing Not Supported */
188 MGMT_STATUS_BUSY, /* Host Busy Pairing */
189 MGMT_STATUS_REJECTED, /* Rejected, No Suitable Channel */
190 MGMT_STATUS_BUSY, /* Controller Busy */
191 MGMT_STATUS_INVALID_PARAMS, /* Unsuitable Connection Interval */
192 MGMT_STATUS_TIMEOUT, /* Directed Advertising Timeout */
193 MGMT_STATUS_AUTH_FAILED, /* Terminated Due to MIC Failure */
194 MGMT_STATUS_CONNECT_FAILED, /* Connection Establishment Failed */
195 MGMT_STATUS_CONNECT_FAILED, /* MAC Connection Failed */
196};
197
198static u8 mgmt_status(u8 hci_status)
199{
200 if (hci_status < ARRAY_SIZE(mgmt_status_table))
201 return mgmt_status_table[hci_status];
202
203 return MGMT_STATUS_FAILED;
204}
205
4e51eae9 206static int cmd_status(struct sock *sk, u16 index, u16 cmd, u8 status)
f7b64e69
JH		 207{
208 struct sk_buff *skb;
209 struct mgmt_hdr *hdr;
210 struct mgmt_ev_cmd_status *ev;
56b7d137 211 int err;
f7b64e69 212
34eb525c 213 BT_DBG("sock %p, index %u, cmd %u, status %u", sk, index, cmd, status);
f7b64e69
JH		 214
215 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev), GFP_ATOMIC);
216 if (!skb)
217 return -ENOMEM;
218
219 hdr = (void *) skb_put(skb, sizeof(*hdr));
220
221 hdr->opcode = cpu_to_le16(MGMT_EV_CMD_STATUS);
4e51eae9 222 hdr->index = cpu_to_le16(index);
f7b64e69
JH		 223 hdr->len = cpu_to_le16(sizeof(*ev));
224
225 ev = (void *) skb_put(skb, sizeof(*ev));
226 ev->status = status;
227 put_unaligned_le16(cmd, &ev->opcode);
228
56b7d137
GP		 229 err = sock_queue_rcv_skb(sk, skb);
230 if (err < 0)
f7b64e69
JH		 231 kfree_skb(skb);
232
56b7d137 233 return err;
f7b64e69
JH		 234}
235
aee9b218
JH		 236static int cmd_complete(struct sock *sk, u16 index, u16 cmd, u8 status,
237 void *rp, size_t rp_len)
02d98129
JH		 238{
239 struct sk_buff *skb;
240 struct mgmt_hdr *hdr;
241 struct mgmt_ev_cmd_complete *ev;
56b7d137 242 int err;
02d98129
JH		 243
244 BT_DBG("sock %p", sk);
245
a38528f1 246 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev) + rp_len, GFP_ATOMIC);
02d98129
JH		 247 if (!skb)
248 return -ENOMEM;
249
250 hdr = (void *) skb_put(skb, sizeof(*hdr));
02d98129 251
a38528f1 252 hdr->opcode = cpu_to_le16(MGMT_EV_CMD_COMPLETE);
4e51eae9 253 hdr->index = cpu_to_le16(index);
a38528f1 254 hdr->len = cpu_to_le16(sizeof(*ev) + rp_len);
02d98129 255
a38528f1
JH		 256 ev = (void *) skb_put(skb, sizeof(*ev) + rp_len);
257 put_unaligned_le16(cmd, &ev->opcode);
aee9b218 258 ev->status = status;
8020c16a
SJ		 259
260 if (rp)
261 memcpy(ev->data, rp, rp_len);
02d98129 262
56b7d137
GP		 263 err = sock_queue_rcv_skb(sk, skb);
264 if (err < 0)
02d98129
JH		 265 kfree_skb(skb);
266
e5f0e151 267 return err;
02d98129
JH		 268}
269
a38528f1
JH		 270static int read_version(struct sock *sk)
271{
272 struct mgmt_rp_read_version rp;
273
274 BT_DBG("sock %p", sk);
275
276 rp.version = MGMT_VERSION;
277 put_unaligned_le16(MGMT_REVISION, &rp.revision);
278
aee9b218 279 return cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_VERSION, 0, &rp,
4e51eae9 280 sizeof(rp));
a38528f1
JH		 281}
282
e70bb2e8
JH		 283static int read_commands(struct sock *sk)
284{
285 struct mgmt_rp_read_commands *rp;
286 u16 num_commands = ARRAY_SIZE(mgmt_commands);
287 u16 num_events = ARRAY_SIZE(mgmt_events);
288 u16 *opcode;
289 size_t rp_size;
290 int i, err;
291
292 BT_DBG("sock %p", sk);
293
294 rp_size = sizeof(*rp) + ((num_commands + num_events) * sizeof(u16));
295
296 rp = kmalloc(rp_size, GFP_KERNEL);
297 if (!rp)
298 return -ENOMEM;
299
300 put_unaligned_le16(num_commands, &rp->num_commands);
301 put_unaligned_le16(num_events, &rp->num_events);
302
303 for (i = 0, opcode = rp->opcodes; i < num_commands; i++, opcode++)
304 put_unaligned_le16(mgmt_commands[i], opcode);
305
306 for (i = 0; i < num_events; i++, opcode++)
307 put_unaligned_le16(mgmt_events[i], opcode);
308
aee9b218 309 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_COMMANDS, 0, rp,
e70bb2e8
JH		 310 rp_size);
311 kfree(rp);
312
313 return err;
314}
315
faba42eb
JH		 316static int read_index_list(struct sock *sk)
317{
faba42eb
JH		 318 struct mgmt_rp_read_index_list *rp;
319 struct list_head *p;
8035ded4 320 struct hci_dev *d;
a38528f1 321 size_t rp_len;
faba42eb 322 u16 count;
a38528f1 323 int i, err;
faba42eb
JH		 324
325 BT_DBG("sock %p", sk);
326
327 read_lock(&hci_dev_list_lock);
328
329 count = 0;
330 list_for_each(p, &hci_dev_list) {
331 count++;
332 }
333
a38528f1
JH		 334 rp_len = sizeof(*rp) + (2 * count);
335 rp = kmalloc(rp_len, GFP_ATOMIC);
336 if (!rp) {
b2c60d42 337 read_unlock(&hci_dev_list_lock);
faba42eb 338 return -ENOMEM;
b2c60d42 339 }
faba42eb 340
faba42eb
JH		 341 put_unaligned_le16(count, &rp->num_controllers);
342
343 i = 0;
8035ded4 344 list_for_each_entry(d, &hci_dev_list, list) {
a8b2d5c2 345 if (test_bit(HCI_SETUP, &d->dev_flags))
ab81cbf9
JH		 346 continue;
347
faba42eb
JH		 348 put_unaligned_le16(d->id, &rp->index[i++]);
349 BT_DBG("Added hci%u", d->id);
350 }
351
352 read_unlock(&hci_dev_list_lock);
353
aee9b218 354 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_INDEX_LIST, 0, rp,
4e51eae9 355 rp_len);
faba42eb 356
a38528f1
JH		 357 kfree(rp);
358
359 return err;
faba42eb
JH		 360}
361
69ab39ea
JH		 362static u32 get_supported_settings(struct hci_dev *hdev)
363{
364 u32 settings = 0;
365
366 settings |= MGMT_SETTING_POWERED;
367 settings |= MGMT_SETTING_CONNECTABLE;
368 settings |= MGMT_SETTING_FAST_CONNECTABLE;
369 settings |= MGMT_SETTING_DISCOVERABLE;
370 settings |= MGMT_SETTING_PAIRABLE;
371
372 if (hdev->features[6] & LMP_SIMPLE_PAIR)
373 settings |= MGMT_SETTING_SSP;
374
375 if (!(hdev->features[4] & LMP_NO_BREDR)) {
376 settings |= MGMT_SETTING_BREDR;
377 settings |= MGMT_SETTING_LINK_SECURITY;
378 }
379
d7b7e796
MH		 380 if (enable_hs)
381 settings |= MGMT_SETTING_HS;
382
383 if (enable_le) {
384 if (hdev->features[4] & LMP_LE)
385 settings |= MGMT_SETTING_LE;
386 }
69ab39ea
JH		 387
388 return settings;
389}
390
391static u32 get_current_settings(struct hci_dev *hdev)
392{
393 u32 settings = 0;
394
f1f0eb02 395 if (hdev_is_powered(hdev))
f0d4b78a
MH		 396 settings |= MGMT_SETTING_POWERED;
397
5e5282bb 398 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
69ab39ea
JH		 399 settings |= MGMT_SETTING_CONNECTABLE;
400
5e5282bb 401 if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
69ab39ea
JH		 402 settings |= MGMT_SETTING_DISCOVERABLE;
403
a8b2d5c2 404 if (test_bit(HCI_PAIRABLE, &hdev->dev_flags))
69ab39ea
JH		 405 settings |= MGMT_SETTING_PAIRABLE;
406
407 if (!(hdev->features[4] & LMP_NO_BREDR))
408 settings |= MGMT_SETTING_BREDR;
409
59e29406 410 if (hdev->host_features[0] & LMP_HOST_LE)
69ab39ea
JH		 411 settings |= MGMT_SETTING_LE;
412
47990ea0 413 if (test_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
69ab39ea
JH		 414 settings |= MGMT_SETTING_LINK_SECURITY;
415
84bde9d6 416 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
69ab39ea
JH		 417 settings |= MGMT_SETTING_SSP;
418
6d80dfd0
JH		 419 if (test_bit(HCI_HS_ENABLED, &hdev->dev_flags))
420 settings |= MGMT_SETTING_HS;
421
69ab39ea
JH		 422 return settings;
423}
424
ef580372
JH		 425#define PNP_INFO_SVCLASS_ID 0x1200
426
427static u8 bluetooth_base_uuid[] = {
428 0xFB, 0x34, 0x9B, 0x5F, 0x80, 0x00, 0x00, 0x80,
429 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
430};
431
432static u16 get_uuid16(u8 *uuid128)
433{
434 u32 val;
435 int i;
436
437 for (i = 0; i < 12; i++) {
438 if (bluetooth_base_uuid[i] != uuid128[i])
439 return 0;
440 }
441
442 memcpy(&val, &uuid128[12], 4);
443
444 val = le32_to_cpu(val);
445 if (val > 0xffff)
446 return 0;
447
448 return (u16) val;
449}
450
451static void create_eir(struct hci_dev *hdev, u8 *data)
452{
453 u8 *ptr = data;
454 u16 eir_len = 0;
455 u16 uuid16_list[HCI_MAX_EIR_LENGTH / sizeof(u16)];
456 int i, truncated = 0;
457 struct bt_uuid *uuid;
458 size_t name_len;
459
460 name_len = strlen(hdev->dev_name);
461
462 if (name_len > 0) {
463 /* EIR Data type */
464 if (name_len > 48) {
465 name_len = 48;
466 ptr[1] = EIR_NAME_SHORT;
467 } else
468 ptr[1] = EIR_NAME_COMPLETE;
469
470 /* EIR Data length */
471 ptr[0] = name_len + 1;
472
473 memcpy(ptr + 2, hdev->dev_name, name_len);
474
475 eir_len += (name_len + 2);
476 ptr += (name_len + 2);
477 }
478
479 memset(uuid16_list, 0, sizeof(uuid16_list));
480
481 /* Group all UUID16 types */
482 list_for_each_entry(uuid, &hdev->uuids, list) {
483 u16 uuid16;
484
485 uuid16 = get_uuid16(uuid->uuid);
486 if (uuid16 == 0)
487 return;
488
489 if (uuid16 < 0x1100)
490 continue;
491
492 if (uuid16 == PNP_INFO_SVCLASS_ID)
493 continue;
494
495 /* Stop if not enough space to put next UUID */
496 if (eir_len + 2 + sizeof(u16) > HCI_MAX_EIR_LENGTH) {
497 truncated = 1;
498 break;
499 }
500
501 /* Check for duplicates */
502 for (i = 0; uuid16_list[i] != 0; i++)
503 if (uuid16_list[i] == uuid16)
504 break;
505
506 if (uuid16_list[i] == 0) {
507 uuid16_list[i] = uuid16;
508 eir_len += sizeof(u16);
509 }
510 }
511
512 if (uuid16_list[0] != 0) {
513 u8 *length = ptr;
514
515 /* EIR Data type */
516 ptr[1] = truncated ? EIR_UUID16_SOME : EIR_UUID16_ALL;
517
518 ptr += 2;
519 eir_len += 2;
520
521 for (i = 0; uuid16_list[i] != 0; i++) {
522 *ptr++ = (uuid16_list[i] & 0x00ff);
523 *ptr++ = (uuid16_list[i] & 0xff00) >> 8;
524 }
525
526 /* EIR Data length */
527 *length = (i * sizeof(u16)) + 1;
528 }
529}
530
531static int update_eir(struct hci_dev *hdev)
532{
533 struct hci_cp_write_eir cp;
534
535 if (!(hdev->features[6] & LMP_EXT_INQ))
536 return 0;
537
84bde9d6 538 if (!test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
ef580372
JH		 539 return 0;
540
a8b2d5c2 541 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
ef580372
JH		 542 return 0;
543
544 memset(&cp, 0, sizeof(cp));
545
546 create_eir(hdev, cp.data);
547
548 if (memcmp(cp.data, hdev->eir, sizeof(cp.data)) == 0)
549 return 0;
550
551 memcpy(hdev->eir, cp.data, sizeof(cp.data));
552
553 return hci_send_cmd(hdev, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
554}
555
556static u8 get_service_classes(struct hci_dev *hdev)
557{
558 struct bt_uuid *uuid;
559 u8 val = 0;
560
561 list_for_each_entry(uuid, &hdev->uuids, list)
562 val |= uuid->svc_hint;
563
564 return val;
565}
566
567static int update_class(struct hci_dev *hdev)
568{
569 u8 cod[3];
570
571 BT_DBG("%s", hdev->name);
572
a8b2d5c2 573 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
ef580372
JH		 574 return 0;
575
576 cod[0] = hdev->minor_class;
577 cod[1] = hdev->major_class;
578 cod[2] = get_service_classes(hdev);
579
580 if (memcmp(cod, hdev->dev_class, 3) == 0)
581 return 0;
582
583 return hci_send_cmd(hdev, HCI_OP_WRITE_CLASS_OF_DEV, sizeof(cod), cod);
584}
585
7d78525d
JH		 586static void service_cache_off(struct work_struct *work)
587{
588 struct hci_dev *hdev = container_of(work, struct hci_dev,
589 service_cache.work);
590
a8b2d5c2 591 if (!test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
7d78525d
JH		 592 return;
593
594 hci_dev_lock(hdev);
595
596 update_eir(hdev);
597 update_class(hdev);
598
599 hci_dev_unlock(hdev);
600}
601
602static void mgmt_init_hdev(struct hci_dev *hdev)
603{
0cbf4ed6 604 if (!test_and_set_bit(HCI_MGMT, &hdev->dev_flags)) {
7d78525d
JH		 605 INIT_DELAYED_WORK(&hdev->service_cache, service_cache_off);
606
0cbf4ed6
JH		 607 /* Non-mgmt controlled devices get this bit set
608 * implicitly so that pairing works for them, however
609 * for mgmt we require user-space to explicitly enable
610 * it
611 */
612 clear_bit(HCI_PAIRABLE, &hdev->dev_flags);
613 }
614
a8b2d5c2 615 if (!test_and_set_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
7d78525d
JH		 616 schedule_delayed_work(&hdev->service_cache,
617 msecs_to_jiffies(SERVICE_CACHE_TIMEOUT));
618}
619
4e51eae9 620static int read_controller_info(struct sock *sk, u16 index)
0381101f 621{
a38528f1 622 struct mgmt_rp_read_info rp;
f7b64e69 623 struct hci_dev *hdev;
0381101f 624
4e51eae9 625 BT_DBG("sock %p hci%u", sk, index);
f7b64e69 626
4e51eae9 627 hdev = hci_dev_get(index);
a38528f1 628 if (!hdev)
ca69b795
JH		 629 return cmd_status(sk, index, MGMT_OP_READ_INFO,
630 MGMT_STATUS_INVALID_PARAMS);
f7b64e69 631
09fd0de5 632 hci_dev_lock(hdev);
f7b64e69 633
7d78525d
JH		 634 if (test_and_clear_bit(HCI_PI_MGMT_INIT, &hci_pi(sk)->flags))
635 mgmt_init_hdev(hdev);
ebc99feb 636
dc4fe30b
JH		 637 memset(&rp, 0, sizeof(rp));
638
69ab39ea 639 bacpy(&rp.bdaddr, &hdev->bdaddr);
f7b64e69 640
69ab39ea 641 rp.version = hdev->hci_ver;
f7b64e69 642
69ab39ea
JH		 643 put_unaligned_le16(hdev->manufacturer, &rp.manufacturer);
644
645 rp.supported_settings = cpu_to_le32(get_supported_settings(hdev));
646 rp.current_settings = cpu_to_le32(get_current_settings(hdev));
f7b64e69 647
a38528f1 648 memcpy(rp.dev_class, hdev->dev_class, 3);
f7b64e69 649
dc4fe30b
JH		 650 memcpy(rp.name, hdev->dev_name, sizeof(hdev->dev_name));
651
09fd0de5 652 hci_dev_unlock(hdev);
f7b64e69 653 hci_dev_put(hdev);
0381101f 654
aee9b218 655 return cmd_complete(sk, index, MGMT_OP_READ_INFO, 0, &rp, sizeof(rp));
0381101f
JH		 656}
657
eec8d2bc
JH		 658static void mgmt_pending_free(struct pending_cmd *cmd)
659{
660 sock_put(cmd->sk);
c68fb7ff 661 kfree(cmd->param);
eec8d2bc
JH		 662 kfree(cmd);
663}
664
366a0336 665static struct pending_cmd *mgmt_pending_add(struct sock *sk, u16 opcode,
2e58ef3e
JH		 666 struct hci_dev *hdev,
667 void *data, u16 len)
eec8d2bc
JH		 668{
669 struct pending_cmd *cmd;
670
671 cmd = kmalloc(sizeof(*cmd), GFP_ATOMIC);
672 if (!cmd)
366a0336 673 return NULL;
eec8d2bc
JH		 674
675 cmd->opcode = opcode;
2e58ef3e 676 cmd->index = hdev->id;
eec8d2bc 677
c68fb7ff
SJ		 678 cmd->param = kmalloc(len, GFP_ATOMIC);
679 if (!cmd->param) {
eec8d2bc 680 kfree(cmd);
366a0336 681 return NULL;
eec8d2bc
JH		 682 }
683
8fce6357
SJ		 684 if (data)
685 memcpy(cmd->param, data, len);
eec8d2bc
JH		 686
687 cmd->sk = sk;
688 sock_hold(sk);
689
2e58ef3e 690 list_add(&cmd->list, &hdev->mgmt_pending);
eec8d2bc 691
366a0336 692 return cmd;
eec8d2bc
JH		 693}
694
744cf19e 695static void mgmt_pending_foreach(u16 opcode, struct hci_dev *hdev,
eec8d2bc
JH		 696 void (*cb)(struct pending_cmd *cmd, void *data),
697 void *data)
698{
699 struct list_head *p, *n;
700
2e58ef3e 701 list_for_each_safe(p, n, &hdev->mgmt_pending) {
eec8d2bc
JH		 702 struct pending_cmd *cmd;
703
704 cmd = list_entry(p, struct pending_cmd, list);
705
b24752fe 706 if (opcode > 0 && cmd->opcode != opcode)
eec8d2bc
JH		 707 continue;
708
eec8d2bc
JH		 709 cb(cmd, data);
710 }
711}
712
2e58ef3e 713static struct pending_cmd *mgmt_pending_find(u16 opcode, struct hci_dev *hdev)
eec8d2bc 714{
8035ded4 715 struct pending_cmd *cmd;
eec8d2bc 716
2e58ef3e 717 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
2aeabcbe
JH		 718 if (cmd->opcode == opcode)
719 return cmd;
eec8d2bc
JH		 720 }
721
722 return NULL;
723}
724
a664b5bc 725static void mgmt_pending_remove(struct pending_cmd *cmd)
73f22f62 726{
73f22f62
JH		 727 list_del(&cmd->list);
728 mgmt_pending_free(cmd);
729}
730
69ab39ea 731static int send_settings_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
8680570b 732{
69ab39ea 733 __le32 settings = cpu_to_le32(get_current_settings(hdev));
8680570b 734
aee9b218
JH		 735 return cmd_complete(sk, hdev->id, opcode, 0, &settings,
736 sizeof(settings));
8680570b
JH		 737}
738
650f726d 739static int set_powered(struct sock *sk, u16 index, void *data, u16 len)
eec8d2bc 740{
650f726d 741 struct mgmt_mode *cp = data;
eec8d2bc 742 struct hci_dev *hdev;
366a0336 743 struct pending_cmd *cmd;
4b34ee78 744 int err;
eec8d2bc 745
4e51eae9 746 BT_DBG("request for hci%u", index);
eec8d2bc 747
bdce7baf 748 if (len != sizeof(*cp))
ca69b795
JH		 749 return cmd_status(sk, index, MGMT_OP_SET_POWERED,
750 MGMT_STATUS_INVALID_PARAMS);
bdce7baf 751
4e51eae9 752 hdev = hci_dev_get(index);
eec8d2bc 753 if (!hdev)
ca69b795
JH		 754 return cmd_status(sk, index, MGMT_OP_SET_POWERED,
755 MGMT_STATUS_INVALID_PARAMS);
eec8d2bc 756
09fd0de5 757 hci_dev_lock(hdev);
eec8d2bc 758
f0d4b78a
MH		 759 if (test_and_clear_bit(HCI_AUTO_OFF, &hdev->dev_flags)) {
760 cancel_delayed_work(&hdev->power_off);
761
762 if (cp->val) {
763 err = send_settings_rsp(sk, MGMT_OP_SET_POWERED, hdev);
764 mgmt_powered(hdev, 1);
765 goto failed;
766 }
767 }
768
4b34ee78 769 if (!!cp->val == hdev_is_powered(hdev)) {
69ab39ea 770 err = send_settings_rsp(sk, MGMT_OP_SET_POWERED, hdev);
eec8d2bc
JH		 771 goto failed;
772 }
773
2e58ef3e 774 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev)) {
ca69b795
JH		 775 err = cmd_status(sk, index, MGMT_OP_SET_POWERED,
776 MGMT_STATUS_BUSY);
eec8d2bc
JH		 777 goto failed;
778 }
779
2e58ef3e 780 cmd = mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev, data, len);
366a0336
JH		 781 if (!cmd) {
782 err = -ENOMEM;
eec8d2bc 783 goto failed;
366a0336 784 }
eec8d2bc 785
72a734ec 786 if (cp->val)
7f971041 787 schedule_work(&hdev->power_on);
eec8d2bc 788 else
80b7ab33 789 schedule_work(&hdev->power_off.work);
eec8d2bc 790
366a0336 791 err = 0;
eec8d2bc
JH		 792
793failed:
09fd0de5 794 hci_dev_unlock(hdev);
eec8d2bc 795 hci_dev_put(hdev);
366a0336 796 return err;
eec8d2bc
JH		 797}
798
beadb2bd
JH		 799static int mgmt_event(u16 event, struct hci_dev *hdev, void *data,
800 u16 data_len, struct sock *skip_sk)
801{
802 struct sk_buff *skb;
803 struct mgmt_hdr *hdr;
804
805 skb = alloc_skb(sizeof(*hdr) + data_len, GFP_ATOMIC);
806 if (!skb)
807 return -ENOMEM;
808
809 hdr = (void *) skb_put(skb, sizeof(*hdr));
810 hdr->opcode = cpu_to_le16(event);
811 if (hdev)
812 hdr->index = cpu_to_le16(hdev->id);
813 else
814 hdr->index = cpu_to_le16(MGMT_INDEX_NONE);
815 hdr->len = cpu_to_le16(data_len);
816
817 if (data)
818 memcpy(skb_put(skb, data_len), data, data_len);
819
97e0bdeb
MH		 820 /* Time stamp */
821 __net_timestamp(skb);
822
beadb2bd
JH		 823 hci_send_to_control(skb, skip_sk);
824 kfree_skb(skb);
825
826 return 0;
827}
828
829static int new_settings(struct hci_dev *hdev, struct sock *skip)
830{
831 __le32 ev;
832
833 ev = cpu_to_le32(get_current_settings(hdev));
834
835 return mgmt_event(MGMT_EV_NEW_SETTINGS, hdev, &ev, sizeof(ev), skip);
836}
837
650f726d 838static int set_discoverable(struct sock *sk, u16 index, void *data, u16 len)
73f22f62 839{
650f726d 840 struct mgmt_cp_set_discoverable *cp = data;
73f22f62 841 struct hci_dev *hdev;
366a0336 842 struct pending_cmd *cmd;
5e5282bb 843 u16 timeout;
73f22f62
JH		 844 u8 scan;
845 int err;
846
4e51eae9 847 BT_DBG("request for hci%u", index);
73f22f62 848
bdce7baf 849 if (len != sizeof(*cp))
ca69b795
JH		 850 return cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE,
851 MGMT_STATUS_INVALID_PARAMS);
bdce7baf 852
4e51eae9 853 hdev = hci_dev_get(index);
73f22f62 854 if (!hdev)
ca69b795
JH		 855 return cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE,
856 MGMT_STATUS_INVALID_PARAMS);
73f22f62 857
5e5282bb
JH		 858 timeout = get_unaligned_le16(&cp->timeout);
859
09fd0de5 860 hci_dev_lock(hdev);
73f22f62 861
5e5282bb 862 if (!hdev_is_powered(hdev) && timeout > 0) {
ca69b795
JH		 863 err = cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE,
864 MGMT_STATUS_NOT_POWERED);
73f22f62
JH		 865 goto failed;
866 }
867
2e58ef3e
JH		 868 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
869 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
ca69b795
JH		 870 err = cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE,
871 MGMT_STATUS_BUSY);
73f22f62
JH		 872 goto failed;
873 }
874
5e5282bb
JH		 875 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags)) {
876 err = cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE,
877 MGMT_STATUS_REJECTED);
878 goto failed;
879 }
880
881 if (!hdev_is_powered(hdev)) {
0224d2fa
JH		 882 bool changed = false;
883
884 if (!!cp->val != test_bit(HCI_DISCOVERABLE, &hdev->dev_flags)) {
885 change_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
886 changed = true;
887 }
888
5e5282bb 889 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
0224d2fa
JH		 890 if (err < 0)
891 goto failed;
892
893 if (changed)
894 err = new_settings(hdev, sk);
895
5e5282bb
JH		 896 goto failed;
897 }
898
899 if (!!cp->val == test_bit(HCI_DISCOVERABLE, &hdev->dev_flags)) {
69ab39ea 900 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
73f22f62
JH		 901 goto failed;
902 }
903
2e58ef3e 904 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DISCOVERABLE, hdev, data, len);
366a0336
JH		 905 if (!cmd) {
906 err = -ENOMEM;
73f22f62 907 goto failed;
366a0336 908 }
73f22f62
JH		 909
910 scan = SCAN_PAGE;
911
72a734ec 912 if (cp->val)
73f22f62 913 scan |= SCAN_INQUIRY;
16ab91ab 914 else
e0f9309f 915 cancel_delayed_work(&hdev->discov_off);
73f22f62
JH		 916
917 err = hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
918 if (err < 0)
a664b5bc 919 mgmt_pending_remove(cmd);
73f22f62 920
16ab91ab 921 if (cp->val)
5e5282bb 922 hdev->discov_timeout = timeout;
16ab91ab 923
73f22f62 924failed:
09fd0de5 925 hci_dev_unlock(hdev);
73f22f62
JH		 926 hci_dev_put(hdev);
927
928 return err;
929}
930
650f726d 931static int set_connectable(struct sock *sk, u16 index, void *data, u16 len)
9fbcbb45 932{
650f726d 933 struct mgmt_mode *cp = data;
9fbcbb45 934 struct hci_dev *hdev;
366a0336 935 struct pending_cmd *cmd;
9fbcbb45
JH		 936 u8 scan;
937 int err;
938
4e51eae9 939 BT_DBG("request for hci%u", index);
9fbcbb45 940
bdce7baf 941 if (len != sizeof(*cp))
ca69b795
JH		 942 return cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE,
943 MGMT_STATUS_INVALID_PARAMS);
bdce7baf 944
4e51eae9 945 hdev = hci_dev_get(index);
9fbcbb45 946 if (!hdev)
ca69b795
JH		 947 return cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE,
948 MGMT_STATUS_INVALID_PARAMS);
9fbcbb45 949
09fd0de5 950 hci_dev_lock(hdev);
9fbcbb45 951
4b34ee78 952 if (!hdev_is_powered(hdev)) {
0224d2fa
JH		 953 bool changed = false;
954
955 if (!!cp->val != test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
956 changed = true;
957
6bf0e469 958 if (cp->val) {
5e5282bb 959 set_bit(HCI_CONNECTABLE, &hdev->dev_flags);
6bf0e469 960 } else {
5e5282bb
JH		 961 clear_bit(HCI_CONNECTABLE, &hdev->dev_flags);
962 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
963 }
0224d2fa 964
5e5282bb 965 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
0224d2fa
JH		 966 if (err < 0)
967 goto failed;
968
969 if (changed)
970 err = new_settings(hdev, sk);
971
9fbcbb45
JH		 972 goto failed;
973 }
974
2e58ef3e
JH		 975 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
976 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
ca69b795
JH		 977 err = cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE,
978 MGMT_STATUS_BUSY);
9fbcbb45
JH		 979 goto failed;
980 }
981
5e5282bb 982 if (!!cp->val == test_bit(HCI_PSCAN, &hdev->flags)) {
69ab39ea 983 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
9fbcbb45
JH		 984 goto failed;
985 }
986
2e58ef3e 987 cmd = mgmt_pending_add(sk, MGMT_OP_SET_CONNECTABLE, hdev, data, len);
366a0336
JH		 988 if (!cmd) {
989 err = -ENOMEM;
9fbcbb45 990 goto failed;
366a0336 991 }
9fbcbb45 992
6bf0e469 993 if (cp->val) {
9fbcbb45 994 scan = SCAN_PAGE;
6bf0e469 995 } else {
9fbcbb45
JH		 996 scan = 0;
997
df2c6c5e
JH		 998 if (test_bit(HCI_ISCAN, &hdev->flags) &&
999 hdev->discov_timeout > 0)
1000 cancel_delayed_work(&hdev->discov_off);
1001 }
1002
9fbcbb45
JH		 1003 err = hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1004 if (err < 0)
a664b5bc 1005 mgmt_pending_remove(cmd);
9fbcbb45
JH		 1006
1007failed:
09fd0de5 1008 hci_dev_unlock(hdev);
9fbcbb45
JH		 1009 hci_dev_put(hdev);
1010
1011 return err;
1012}
1013
650f726d 1014static int set_pairable(struct sock *sk, u16 index, void *data, u16 len)
c542a06c 1015{
650f726d 1016 struct mgmt_mode *cp = data;
c542a06c 1017 struct hci_dev *hdev;
c542a06c
JH		 1018 int err;
1019
4e51eae9 1020 BT_DBG("request for hci%u", index);
c542a06c 1021
bdce7baf 1022 if (len != sizeof(*cp))
ca69b795
JH		 1023 return cmd_status(sk, index, MGMT_OP_SET_PAIRABLE,
1024 MGMT_STATUS_INVALID_PARAMS);
bdce7baf 1025
4e51eae9 1026 hdev = hci_dev_get(index);
c542a06c 1027 if (!hdev)
ca69b795
JH		 1028 return cmd_status(sk, index, MGMT_OP_SET_PAIRABLE,
1029 MGMT_STATUS_INVALID_PARAMS);
c542a06c 1030
09fd0de5 1031 hci_dev_lock(hdev);
c542a06c
JH		 1032
1033 if (cp->val)
a8b2d5c2 1034 set_bit(HCI_PAIRABLE, &hdev->dev_flags);
c542a06c 1035 else
a8b2d5c2 1036 clear_bit(HCI_PAIRABLE, &hdev->dev_flags);
c542a06c 1037
69ab39ea 1038 err = send_settings_rsp(sk, MGMT_OP_SET_PAIRABLE, hdev);
c542a06c
JH		 1039 if (err < 0)
1040 goto failed;
1041
beadb2bd 1042 err = new_settings(hdev, sk);
c542a06c
JH		 1043
1044failed:
09fd0de5 1045 hci_dev_unlock(hdev);
c542a06c
JH		 1046 hci_dev_put(hdev);
1047
1048 return err;
1049}
1050
33ef95ed
JH		 1051static int set_link_security(struct sock *sk, u16 index, void *data, u16 len)
1052{
1053 struct mgmt_mode *cp = data;
1054 struct pending_cmd *cmd;
1055 struct hci_dev *hdev;
1056 uint8_t val;
1057 int err;
1058
1059 BT_DBG("request for hci%u", index);
1060
1061 if (len != sizeof(*cp))
1062 return cmd_status(sk, index, MGMT_OP_SET_LINK_SECURITY,
1063 MGMT_STATUS_INVALID_PARAMS);
1064
1065 hdev = hci_dev_get(index);
1066 if (!hdev)
1067 return cmd_status(sk, index, MGMT_OP_SET_LINK_SECURITY,
1068 MGMT_STATUS_INVALID_PARAMS);
1069
1070 hci_dev_lock(hdev);
1071
4b34ee78 1072 if (!hdev_is_powered(hdev)) {
47990ea0
JH		 1073 bool changed = false;
1074
1075 if (!!cp->val != test_bit(HCI_LINK_SECURITY,
1076 &hdev->dev_flags)) {
1077 change_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
1078 changed = true;
1079 }
1080
1081 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1082 if (err < 0)
1083 goto failed;
1084
1085 if (changed)
1086 err = new_settings(hdev, sk);
1087
33ef95ed
JH		 1088 goto failed;
1089 }
1090
1091 if (mgmt_pending_find(MGMT_OP_SET_LINK_SECURITY, hdev)) {
1092 err = cmd_status(sk, index, MGMT_OP_SET_LINK_SECURITY,
1093 MGMT_STATUS_BUSY);
1094 goto failed;
1095 }
1096
1097 val = !!cp->val;
1098
1099 if (test_bit(HCI_AUTH, &hdev->flags) == val) {
1100 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1101 goto failed;
1102 }
1103
1104 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LINK_SECURITY, hdev, data, len);
1105 if (!cmd) {
1106 err = -ENOMEM;
1107 goto failed;
1108 }
1109
1110 err = hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE, sizeof(val), &val);
1111 if (err < 0) {
1112 mgmt_pending_remove(cmd);
1113 goto failed;
1114 }
1115
1116failed:
1117 hci_dev_unlock(hdev);
1118 hci_dev_put(hdev);
1119
1120 return err;
1121}
1122
ed2c4ee3
JH		 1123static int set_ssp(struct sock *sk, u16 index, void *data, u16 len)
1124{
1125 struct mgmt_mode *cp = data;
1126 struct pending_cmd *cmd;
1127 struct hci_dev *hdev;
1128 uint8_t val;
1129 int err;
1130
1131 BT_DBG("request for hci%u", index);
1132
1133 if (len != sizeof(*cp))
1134 return cmd_status(sk, index, MGMT_OP_SET_SSP,
1135 MGMT_STATUS_INVALID_PARAMS);
1136
1137 hdev = hci_dev_get(index);
1138 if (!hdev)
1139 return cmd_status(sk, index, MGMT_OP_SET_SSP,
1140 MGMT_STATUS_INVALID_PARAMS);
1141
1142 hci_dev_lock(hdev);
1143
6c8f12c1
JH		 1144 if (!(hdev->features[6] & LMP_SIMPLE_PAIR)) {
1145 err = cmd_status(sk, index, MGMT_OP_SET_SSP,
1146 MGMT_STATUS_NOT_SUPPORTED);
1147 goto failed;
1148 }
1149
c0ecddc2
JH		 1150 val = !!cp->val;
1151
4b34ee78 1152 if (!hdev_is_powered(hdev)) {
c0ecddc2
JH		 1153 bool changed = false;
1154
1155 if (val != test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) {
1156 change_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
1157 changed = true;
1158 }
1159
1160 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1161 if (err < 0)
1162 goto failed;
1163
1164 if (changed)
1165 err = new_settings(hdev, sk);
1166
ed2c4ee3
JH		 1167 goto failed;
1168 }
1169
1170 if (mgmt_pending_find(MGMT_OP_SET_SSP, hdev)) {
1171 err = cmd_status(sk, index, MGMT_OP_SET_SSP, MGMT_STATUS_BUSY);
1172 goto failed;
1173 }
1174
ed2c4ee3
JH		 1175 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags) == val) {
1176 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1177 goto failed;
1178 }
1179
1180 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SSP, hdev, data, len);
1181 if (!cmd) {
1182 err = -ENOMEM;
1183 goto failed;
1184 }
1185
1186 err = hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, sizeof(val), &val);
1187 if (err < 0) {
1188 mgmt_pending_remove(cmd);
1189 goto failed;
1190 }
1191
1192failed:
1193 hci_dev_unlock(hdev);
1194 hci_dev_put(hdev);
1195
1196 return err;
1197}
1198
6d80dfd0
JH		 1199static int set_hs(struct sock *sk, u16 index, void *data, u16 len)
1200{
1201 struct mgmt_mode *cp = data;
1202 struct hci_dev *hdev;
1203 int err;
1204
1205 BT_DBG("request for hci%u", index);
1206
1207 if (len != sizeof(*cp))
1208 return cmd_status(sk, index, MGMT_OP_SET_HS,
1209 MGMT_STATUS_INVALID_PARAMS);
1210
1211 hdev = hci_dev_get(index);
1212 if (!hdev)
1213 return cmd_status(sk, index, MGMT_OP_SET_HS,
1214 MGMT_STATUS_INVALID_PARAMS);
1215
1216 if (!enable_hs) {
1217 err = cmd_status(sk, index, MGMT_OP_SET_HS,
1218 MGMT_STATUS_NOT_SUPPORTED);
1219 goto failed;
1220 }
1221
1222 if (cp->val)
1223 set_bit(HCI_HS_ENABLED, &hdev->dev_flags);
1224 else
1225 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
1226
1227 err = send_settings_rsp(sk, MGMT_OP_SET_HS, hdev);
1228
1229failed:
1230 hci_dev_put(hdev);
1231 return err;
1232}
1233
650f726d 1234static int add_uuid(struct sock *sk, u16 index, void *data, u16 len)
2aeb9a1a 1235{
650f726d 1236 struct mgmt_cp_add_uuid *cp = data;
2aeb9a1a
JH		 1237 struct hci_dev *hdev;
1238 struct bt_uuid *uuid;
2aeb9a1a
JH		 1239 int err;
1240
4e51eae9 1241 BT_DBG("request for hci%u", index);
2aeb9a1a 1242
bdce7baf 1243 if (len != sizeof(*cp))
ca69b795
JH		 1244 return cmd_status(sk, index, MGMT_OP_ADD_UUID,
1245 MGMT_STATUS_INVALID_PARAMS);
bdce7baf 1246
4e51eae9 1247 hdev = hci_dev_get(index);
2aeb9a1a 1248 if (!hdev)
ca69b795
JH		 1249 return cmd_status(sk, index, MGMT_OP_ADD_UUID,
1250 MGMT_STATUS_INVALID_PARAMS);
2aeb9a1a 1251
09fd0de5 1252 hci_dev_lock(hdev);
2aeb9a1a
JH		 1253
1254 uuid = kmalloc(sizeof(*uuid), GFP_ATOMIC);
1255 if (!uuid) {
1256 err = -ENOMEM;
1257 goto failed;
1258 }
1259
1260 memcpy(uuid->uuid, cp->uuid, 16);
1aff6f09 1261 uuid->svc_hint = cp->svc_hint;
2aeb9a1a
JH		 1262
1263 list_add(&uuid->list, &hdev->uuids);
1264
1aff6f09
JH		 1265 err = update_class(hdev);
1266 if (err < 0)
1267 goto failed;
1268
80a1e1db
JH		 1269 err = update_eir(hdev);
1270 if (err < 0)
1271 goto failed;
1272
aee9b218 1273 err = cmd_complete(sk, index, MGMT_OP_ADD_UUID, 0, NULL, 0);
2aeb9a1a
JH		 1274
1275failed:
09fd0de5 1276 hci_dev_unlock(hdev);
2aeb9a1a
JH		 1277 hci_dev_put(hdev);
1278
1279 return err;
1280}
1281
650f726d 1282static int remove_uuid(struct sock *sk, u16 index, void *data, u16 len)
2aeb9a1a 1283{
650f726d 1284 struct mgmt_cp_remove_uuid *cp = data;
2aeb9a1a 1285 struct list_head *p, *n;
2aeb9a1a
JH		 1286 struct hci_dev *hdev;
1287 u8 bt_uuid_any[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
2aeb9a1a
JH		 1288 int err, found;
1289
4e51eae9 1290 BT_DBG("request for hci%u", index);
2aeb9a1a 1291
bdce7baf 1292 if (len != sizeof(*cp))
ca69b795
JH		 1293 return cmd_status(sk, index, MGMT_OP_REMOVE_UUID,
1294 MGMT_STATUS_INVALID_PARAMS);
bdce7baf 1295
4e51eae9 1296 hdev = hci_dev_get(index);
2aeb9a1a 1297 if (!hdev)
ca69b795
JH		 1298 return cmd_status(sk, index, MGMT_OP_REMOVE_UUID,
1299 MGMT_STATUS_INVALID_PARAMS);
2aeb9a1a 1300
09fd0de5 1301 hci_dev_lock(hdev);
2aeb9a1a
JH		 1302
1303 if (memcmp(cp->uuid, bt_uuid_any, 16) == 0) {
1304 err = hci_uuids_clear(hdev);
1305 goto unlock;
1306 }
1307
1308 found = 0;
1309
1310 list_for_each_safe(p, n, &hdev->uuids) {
1311 struct bt_uuid *match = list_entry(p, struct bt_uuid, list);
1312
1313 if (memcmp(match->uuid, cp->uuid, 16) != 0)
1314 continue;
1315
1316 list_del(&match->list);
1317 found++;
1318 }
1319
1320 if (found == 0) {
ca69b795
JH		 1321 err = cmd_status(sk, index, MGMT_OP_REMOVE_UUID,
1322 MGMT_STATUS_INVALID_PARAMS);
2aeb9a1a
JH		 1323 goto unlock;
1324 }
1325
1aff6f09
JH		 1326 err = update_class(hdev);
1327 if (err < 0)
1328 goto unlock;
1329
80a1e1db
JH		 1330 err = update_eir(hdev);
1331 if (err < 0)
1332 goto unlock;
1333
aee9b218 1334 err = cmd_complete(sk, index, MGMT_OP_REMOVE_UUID, 0, NULL, 0);
2aeb9a1a
JH		 1335
1336unlock:
09fd0de5 1337 hci_dev_unlock(hdev);
2aeb9a1a
JH		 1338 hci_dev_put(hdev);
1339
1340 return err;
1341}
1342
650f726d 1343static int set_dev_class(struct sock *sk, u16 index, void *data, u16 len)
1aff6f09
JH		 1344{
1345 struct hci_dev *hdev;
650f726d 1346 struct mgmt_cp_set_dev_class *cp = data;
1aff6f09
JH		 1347 int err;
1348
4e51eae9 1349 BT_DBG("request for hci%u", index);
1aff6f09 1350
bdce7baf 1351 if (len != sizeof(*cp))
ca69b795
JH		 1352 return cmd_status(sk, index, MGMT_OP_SET_DEV_CLASS,
1353 MGMT_STATUS_INVALID_PARAMS);
bdce7baf 1354
4e51eae9 1355 hdev = hci_dev_get(index);
1aff6f09 1356 if (!hdev)
ca69b795
JH		 1357 return cmd_status(sk, index, MGMT_OP_SET_DEV_CLASS,
1358 MGMT_STATUS_INVALID_PARAMS);
1aff6f09 1359
09fd0de5 1360 hci_dev_lock(hdev);
1aff6f09 1361
b5235a65
JH		 1362 if (!hdev_is_powered(hdev)) {
1363 err = cmd_status(sk, index, MGMT_OP_SET_DEV_CLASS,
1364 MGMT_STATUS_NOT_POWERED);
1365 goto unlock;
1366 }
1367
1aff6f09
JH		 1368 hdev->major_class = cp->major;
1369 hdev->minor_class = cp->minor;
1370
a8b2d5c2 1371 if (test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
7d78525d
JH		 1372 hci_dev_unlock(hdev);
1373 cancel_delayed_work_sync(&hdev->service_cache);
1374 hci_dev_lock(hdev);
14c0b608 1375 update_eir(hdev);
7d78525d 1376 }
14c0b608 1377
1aff6f09
JH		 1378 err = update_class(hdev);
1379
1380 if (err == 0)
aee9b218
JH		 1381 err = cmd_complete(sk, index, MGMT_OP_SET_DEV_CLASS, 0,
1382 NULL, 0);
1aff6f09 1383
b5235a65 1384unlock:
09fd0de5 1385 hci_dev_unlock(hdev);
1aff6f09
JH		 1386 hci_dev_put(hdev);
1387
1388 return err;
1389}
1390
650f726d 1391static int load_link_keys(struct sock *sk, u16 index, void *data, u16 len)
55ed8ca1
JH		 1392{
1393 struct hci_dev *hdev;
650f726d 1394 struct mgmt_cp_load_link_keys *cp = data;
4e51eae9 1395 u16 key_count, expected_len;
a492cd52 1396 int i;
55ed8ca1 1397
bdce7baf 1398 if (len < sizeof(*cp))
ca69b795
JH		 1399 return cmd_status(sk, index, MGMT_OP_LOAD_LINK_KEYS,
1400 MGMT_STATUS_INVALID_PARAMS);
bdce7baf 1401
55ed8ca1
JH		 1402 key_count = get_unaligned_le16(&cp->key_count);
1403
86742e1e
JH		 1404 expected_len = sizeof(*cp) + key_count *
1405 sizeof(struct mgmt_link_key_info);
a492cd52 1406 if (expected_len != len) {
86742e1e 1407 BT_ERR("load_link_keys: expected %u bytes, got %u bytes",
a492cd52 1408 len, expected_len);
ca69b795
JH		 1409 return cmd_status(sk, index, MGMT_OP_LOAD_LINK_KEYS,
1410 MGMT_STATUS_INVALID_PARAMS);
55ed8ca1
JH		 1411 }
1412
4e51eae9 1413 hdev = hci_dev_get(index);
55ed8ca1 1414 if (!hdev)
ca69b795
JH		 1415 return cmd_status(sk, index, MGMT_OP_LOAD_LINK_KEYS,
1416 MGMT_STATUS_INVALID_PARAMS);
55ed8ca1 1417
4e51eae9 1418 BT_DBG("hci%u debug_keys %u key_count %u", index, cp->debug_keys,
55ed8ca1
JH		 1419 key_count);
1420
09fd0de5 1421 hci_dev_lock(hdev);
55ed8ca1
JH		 1422
1423 hci_link_keys_clear(hdev);
1424
a8b2d5c2 1425 set_bit(HCI_LINK_KEYS, &hdev->dev_flags);
55ed8ca1
JH		 1426
1427 if (cp->debug_keys)
a8b2d5c2 1428 set_bit(HCI_DEBUG_KEYS, &hdev->dev_flags);
55ed8ca1 1429 else
a8b2d5c2 1430 clear_bit(HCI_DEBUG_KEYS, &hdev->dev_flags);
55ed8ca1 1431
a492cd52 1432 for (i = 0; i < key_count; i++) {
86742e1e 1433 struct mgmt_link_key_info *key = &cp->keys[i];
55ed8ca1 1434
d753fdc4
JH		 1435 hci_add_link_key(hdev, NULL, 0, &key->addr.bdaddr, key->val,
1436 key->type, key->pin_len);
55ed8ca1
JH		 1437 }
1438
aee9b218 1439 cmd_complete(sk, index, MGMT_OP_LOAD_LINK_KEYS, 0, NULL, 0);
0e5f875a 1440
09fd0de5 1441 hci_dev_unlock(hdev);
55ed8ca1
JH		 1442 hci_dev_put(hdev);
1443
a492cd52 1444 return 0;
55ed8ca1
JH		 1445}
1446
b1078ad0
JH		 1447static int device_unpaired(struct hci_dev *hdev, bdaddr_t *bdaddr,
1448 u8 addr_type, struct sock *skip_sk)
1449{
1450 struct mgmt_ev_device_unpaired ev;
1451
1452 bacpy(&ev.addr.bdaddr, bdaddr);
1453 ev.addr.type = addr_type;
1454
1455 return mgmt_event(MGMT_EV_DEVICE_UNPAIRED, hdev, &ev, sizeof(ev),
1456 skip_sk);
1457}
1458
124f6e35 1459static int unpair_device(struct sock *sk, u16 index, void *data, u16 len)
55ed8ca1
JH		 1460{
1461 struct hci_dev *hdev;
124f6e35
JH		 1462 struct mgmt_cp_unpair_device *cp = data;
1463 struct mgmt_rp_unpair_device rp;
a8a1d19e
JH		 1464 struct hci_cp_disconnect dc;
1465 struct pending_cmd *cmd;
55ed8ca1 1466 struct hci_conn *conn;
aee9b218 1467 u8 status = 0;
55ed8ca1
JH		 1468 int err;
1469
bdce7baf 1470 if (len != sizeof(*cp))
124f6e35 1471 return cmd_status(sk, index, MGMT_OP_UNPAIR_DEVICE,
ca69b795 1472 MGMT_STATUS_INVALID_PARAMS);
bdce7baf 1473
4e51eae9 1474 hdev = hci_dev_get(index);
55ed8ca1 1475 if (!hdev)
124f6e35 1476 return cmd_status(sk, index, MGMT_OP_UNPAIR_DEVICE,
ca69b795 1477 MGMT_STATUS_INVALID_PARAMS);
55ed8ca1 1478
09fd0de5 1479 hci_dev_lock(hdev);
55ed8ca1 1480
a8a1d19e 1481 memset(&rp, 0, sizeof(rp));
124f6e35
JH		 1482 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
1483 rp.addr.type = cp->addr.type;
a8a1d19e 1484
124f6e35
JH		 1485 if (cp->addr.type == MGMT_ADDR_BREDR)
1486 err = hci_remove_link_key(hdev, &cp->addr.bdaddr);
1487 else
1488 err = hci_remove_ltk(hdev, &cp->addr.bdaddr);
b0dbfb46 1489
55ed8ca1 1490 if (err < 0) {
aee9b218 1491 status = MGMT_STATUS_NOT_PAIRED;
55ed8ca1
JH		 1492 goto unlock;
1493 }
1494
a8a1d19e 1495 if (!test_bit(HCI_UP, &hdev->flags) || !cp->disconnect) {
aee9b218
JH		 1496 err = cmd_complete(sk, index, MGMT_OP_UNPAIR_DEVICE, status,
1497 &rp, sizeof(rp));
b1078ad0 1498 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, sk);
55ed8ca1 1499 goto unlock;
a8a1d19e 1500 }
55ed8ca1 1501
124f6e35
JH		 1502 if (cp->addr.type == MGMT_ADDR_BREDR)
1503 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
1504 &cp->addr.bdaddr);
1505 else
1506 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK,
1507 &cp->addr.bdaddr);
1508
a8a1d19e 1509 if (!conn) {
aee9b218
JH		 1510 err = cmd_complete(sk, index, MGMT_OP_UNPAIR_DEVICE, status,
1511 &rp, sizeof(rp));
b1078ad0 1512 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, sk);
a8a1d19e
JH		 1513 goto unlock;
1514 }
55ed8ca1 1515
124f6e35
JH		 1516 cmd = mgmt_pending_add(sk, MGMT_OP_UNPAIR_DEVICE, hdev, cp,
1517 sizeof(*cp));
a8a1d19e
JH		 1518 if (!cmd) {
1519 err = -ENOMEM;
1520 goto unlock;
55ed8ca1
JH		 1521 }
1522
a8a1d19e
JH		 1523 put_unaligned_le16(conn->handle, &dc.handle);
1524 dc.reason = 0x13; /* Remote User Terminated Connection */
1525 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
1526 if (err < 0)
1527 mgmt_pending_remove(cmd);
1528
55ed8ca1 1529unlock:
ca69b795 1530 if (err < 0)
aee9b218
JH		 1531 err = cmd_complete(sk, index, MGMT_OP_UNPAIR_DEVICE, status,
1532 &rp, sizeof(rp));
09fd0de5 1533 hci_dev_unlock(hdev);
55ed8ca1
JH		 1534 hci_dev_put(hdev);
1535
1536 return err;
1537}
1538
650f726d 1539static int disconnect(struct sock *sk, u16 index, void *data, u16 len)
8962ee74
JH		 1540{
1541 struct hci_dev *hdev;
650f726d 1542 struct mgmt_cp_disconnect *cp = data;
8962ee74 1543 struct hci_cp_disconnect dc;
366a0336 1544 struct pending_cmd *cmd;
8962ee74 1545 struct hci_conn *conn;
8962ee74
JH		 1546 int err;
1547
1548 BT_DBG("");
1549
bdce7baf 1550 if (len != sizeof(*cp))
ca69b795
JH		 1551 return cmd_status(sk, index, MGMT_OP_DISCONNECT,
1552 MGMT_STATUS_INVALID_PARAMS);
bdce7baf 1553
4e51eae9 1554 hdev = hci_dev_get(index);
8962ee74 1555 if (!hdev)
ca69b795
JH		 1556 return cmd_status(sk, index, MGMT_OP_DISCONNECT,
1557 MGMT_STATUS_INVALID_PARAMS);
8962ee74 1558
09fd0de5 1559 hci_dev_lock(hdev);
8962ee74
JH		 1560
1561 if (!test_bit(HCI_UP, &hdev->flags)) {
ca69b795
JH		 1562 err = cmd_status(sk, index, MGMT_OP_DISCONNECT,
1563 MGMT_STATUS_NOT_POWERED);
8962ee74
JH		 1564 goto failed;
1565 }
1566
2e58ef3e 1567 if (mgmt_pending_find(MGMT_OP_DISCONNECT, hdev)) {
ca69b795
JH		 1568 err = cmd_status(sk, index, MGMT_OP_DISCONNECT,
1569 MGMT_STATUS_BUSY);
8962ee74
JH		 1570 goto failed;
1571 }
1572
88c3df13
JH		 1573 if (cp->addr.type == MGMT_ADDR_BREDR)
1574 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->addr.bdaddr);
1575 else
1576 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
365227e5 1577
8962ee74 1578 if (!conn) {
ca69b795
JH		 1579 err = cmd_status(sk, index, MGMT_OP_DISCONNECT,
1580 MGMT_STATUS_NOT_CONNECTED);
8962ee74
JH		 1581 goto failed;
1582 }
1583
2e58ef3e 1584 cmd = mgmt_pending_add(sk, MGMT_OP_DISCONNECT, hdev, data, len);
366a0336
JH		 1585 if (!cmd) {
1586 err = -ENOMEM;
8962ee74 1587 goto failed;
366a0336 1588 }
8962ee74
JH		 1589
1590 put_unaligned_le16(conn->handle, &dc.handle);
1591 dc.reason = 0x13; /* Remote User Terminated Connection */
1592
1593 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
1594 if (err < 0)
a664b5bc 1595 mgmt_pending_remove(cmd);
8962ee74
JH		 1596
1597failed:
09fd0de5 1598 hci_dev_unlock(hdev);
8962ee74
JH		 1599 hci_dev_put(hdev);
1600
1601 return err;
1602}
1603
48264f06 1604static u8 link_to_mgmt(u8 link_type, u8 addr_type)
4c659c39
JH		 1605{
1606 switch (link_type) {
1607 case LE_LINK:
48264f06
JH		 1608 switch (addr_type) {
1609 case ADDR_LE_DEV_PUBLIC:
1610 return MGMT_ADDR_LE_PUBLIC;
1611 case ADDR_LE_DEV_RANDOM:
1612 return MGMT_ADDR_LE_RANDOM;
1613 default:
1614 return MGMT_ADDR_INVALID;
1615 }
4c659c39
JH		 1616 case ACL_LINK:
1617 return MGMT_ADDR_BREDR;
1618 default:
1619 return MGMT_ADDR_INVALID;
1620 }
1621}
1622
8ce6284e 1623static int get_connections(struct sock *sk, u16 index)
2784eb41 1624{
2784eb41
JH		 1625 struct mgmt_rp_get_connections *rp;
1626 struct hci_dev *hdev;
8035ded4 1627 struct hci_conn *c;
a38528f1 1628 size_t rp_len;
4e51eae9 1629 u16 count;
2784eb41
JH		 1630 int i, err;
1631
1632 BT_DBG("");
1633
4e51eae9 1634 hdev = hci_dev_get(index);
2784eb41 1635 if (!hdev)
ca69b795
JH		 1636 return cmd_status(sk, index, MGMT_OP_GET_CONNECTIONS,
1637 MGMT_STATUS_INVALID_PARAMS);
2784eb41 1638
09fd0de5 1639 hci_dev_lock(hdev);
2784eb41
JH		 1640
1641 count = 0;
b644ba33
JH		 1642 list_for_each_entry(c, &hdev->conn_hash.list, list) {
1643 if (test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
1644 count++;
2784eb41
JH		 1645 }
1646
4c659c39 1647 rp_len = sizeof(*rp) + (count * sizeof(struct mgmt_addr_info));
a38528f1
JH		 1648 rp = kmalloc(rp_len, GFP_ATOMIC);
1649 if (!rp) {
2784eb41
JH		 1650 err = -ENOMEM;
1651 goto unlock;
1652 }
1653
2784eb41
JH		 1654 put_unaligned_le16(count, &rp->conn_count);
1655
2784eb41 1656 i = 0;
4c659c39 1657 list_for_each_entry(c, &hdev->conn_hash.list, list) {
b644ba33
JH		 1658 if (!test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
1659 continue;
4c659c39 1660 bacpy(&rp->addr[i].bdaddr, &c->dst);
48264f06 1661 rp->addr[i].type = link_to_mgmt(c->type, c->dst_type);
4c659c39
JH		 1662 if (rp->addr[i].type == MGMT_ADDR_INVALID)
1663 continue;
1664 i++;
1665 }
1666
1667 /* Recalculate length in case of filtered SCO connections, etc */
1668 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
2784eb41 1669
aee9b218 1670 err = cmd_complete(sk, index, MGMT_OP_GET_CONNECTIONS, 0, rp, rp_len);
2784eb41
JH		 1671
1672unlock:
a38528f1 1673 kfree(rp);
09fd0de5 1674 hci_dev_unlock(hdev);
2784eb41
JH		 1675 hci_dev_put(hdev);
1676 return err;
1677}
1678
96d97a67
WR		 1679static int send_pin_code_neg_reply(struct sock *sk, u16 index,
1680 struct hci_dev *hdev, struct mgmt_cp_pin_code_neg_reply *cp)
1681{
1682 struct pending_cmd *cmd;
1683 int err;
1684
2e58ef3e 1685 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_NEG_REPLY, hdev, cp,
96d97a67
WR		 1686 sizeof(*cp));
1687 if (!cmd)
1688 return -ENOMEM;
1689
d8457698
JH		 1690 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
1691 sizeof(cp->addr.bdaddr), &cp->addr.bdaddr);
96d97a67
WR		 1692 if (err < 0)
1693 mgmt_pending_remove(cmd);
1694
1695 return err;
1696}
1697
650f726d 1698static int pin_code_reply(struct sock *sk, u16 index, void *data, u16 len)
980e1a53
JH		 1699{
1700 struct hci_dev *hdev;
96d97a67 1701 struct hci_conn *conn;
650f726d 1702 struct mgmt_cp_pin_code_reply *cp = data;
980e1a53 1703 struct hci_cp_pin_code_reply reply;
366a0336 1704 struct pending_cmd *cmd;
980e1a53
JH		 1705 int err;
1706
1707 BT_DBG("");
1708
bdce7baf 1709 if (len != sizeof(*cp))
ca69b795
JH		 1710 return cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY,
1711 MGMT_STATUS_INVALID_PARAMS);
bdce7baf 1712
4e51eae9 1713 hdev = hci_dev_get(index);
980e1a53 1714 if (!hdev)
ca69b795
JH		 1715 return cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY,
1716 MGMT_STATUS_INVALID_PARAMS);
980e1a53 1717
09fd0de5 1718 hci_dev_lock(hdev);
980e1a53 1719
4b34ee78 1720 if (!hdev_is_powered(hdev)) {
ca69b795
JH		 1721 err = cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY,
1722 MGMT_STATUS_NOT_POWERED);
980e1a53
JH		 1723 goto failed;
1724 }
1725
d8457698 1726 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->addr.bdaddr);
96d97a67 1727 if (!conn) {
ca69b795
JH		 1728 err = cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY,
1729 MGMT_STATUS_NOT_CONNECTED);
96d97a67
WR		 1730 goto failed;
1731 }
1732
1733 if (conn->pending_sec_level == BT_SECURITY_HIGH && cp->pin_len != 16) {
d8457698
JH		 1734 struct mgmt_cp_pin_code_neg_reply ncp;
1735
1736 memcpy(&ncp.addr, &cp->addr, sizeof(ncp.addr));
96d97a67
WR		 1737
1738 BT_ERR("PIN code is not 16 bytes long");
1739
1740 err = send_pin_code_neg_reply(sk, index, hdev, &ncp);
1741 if (err >= 0)
1742 err = cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY,
ca69b795 1743 MGMT_STATUS_INVALID_PARAMS);
96d97a67
WR		 1744
1745 goto failed;
1746 }
1747
650f726d
VCG		 1748 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_REPLY, hdev, data,
1749 len);
366a0336
JH		 1750 if (!cmd) {
1751 err = -ENOMEM;
980e1a53 1752 goto failed;
366a0336 1753 }
980e1a53 1754
d8457698 1755 bacpy(&reply.bdaddr, &cp->addr.bdaddr);
980e1a53 1756 reply.pin_len = cp->pin_len;
24718ca5 1757 memcpy(reply.pin_code, cp->pin_code, sizeof(reply.pin_code));
980e1a53
JH		 1758
1759 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_REPLY, sizeof(reply), &reply);
1760 if (err < 0)
a664b5bc 1761 mgmt_pending_remove(cmd);
980e1a53
JH		 1762
1763failed:
09fd0de5 1764 hci_dev_unlock(hdev);
980e1a53
JH		 1765 hci_dev_put(hdev);
1766
1767 return err;
1768}
1769
650f726d 1770static int pin_code_neg_reply(struct sock *sk, u16 index, void *data, u16 len)
980e1a53
JH		 1771{
1772 struct hci_dev *hdev;
650f726d 1773 struct mgmt_cp_pin_code_neg_reply *cp = data;
980e1a53
JH		 1774 int err;
1775
1776 BT_DBG("");
1777
bdce7baf
SJ		 1778 if (len != sizeof(*cp))
1779 return cmd_status(sk, index, MGMT_OP_PIN_CODE_NEG_REPLY,
ca69b795 1780 MGMT_STATUS_INVALID_PARAMS);
bdce7baf 1781
4e51eae9 1782 hdev = hci_dev_get(index);
980e1a53 1783 if (!hdev)
4e51eae9 1784 return cmd_status(sk, index, MGMT_OP_PIN_CODE_NEG_REPLY,
ca69b795 1785 MGMT_STATUS_INVALID_PARAMS);
980e1a53 1786
09fd0de5 1787 hci_dev_lock(hdev);
980e1a53 1788
4b34ee78 1789 if (!hdev_is_powered(hdev)) {
4e51eae9 1790 err = cmd_status(sk, index, MGMT_OP_PIN_CODE_NEG_REPLY,
ca69b795 1791 MGMT_STATUS_NOT_POWERED);
980e1a53
JH		 1792 goto failed;
1793 }
1794
96d97a67 1795 err = send_pin_code_neg_reply(sk, index, hdev, cp);
980e1a53
JH		 1796
1797failed:
09fd0de5 1798 hci_dev_unlock(hdev);
980e1a53
JH		 1799 hci_dev_put(hdev);
1800
1801 return err;
1802}
1803
650f726d 1804static int set_io_capability(struct sock *sk, u16 index, void *data, u16 len)
17fa4b9d
JH		 1805{
1806 struct hci_dev *hdev;
650f726d 1807 struct mgmt_cp_set_io_capability *cp = data;
17fa4b9d
JH		 1808
1809 BT_DBG("");
1810
bdce7baf 1811 if (len != sizeof(*cp))
ca69b795
JH		 1812 return cmd_status(sk, index, MGMT_OP_SET_IO_CAPABILITY,
1813 MGMT_STATUS_INVALID_PARAMS);
bdce7baf 1814
4e51eae9 1815 hdev = hci_dev_get(index);
17fa4b9d 1816 if (!hdev)
ca69b795
JH		 1817 return cmd_status(sk, index, MGMT_OP_SET_IO_CAPABILITY,
1818 MGMT_STATUS_INVALID_PARAMS);
17fa4b9d 1819
09fd0de5 1820 hci_dev_lock(hdev);
17fa4b9d
JH		 1821
1822 hdev->io_capability = cp->io_capability;
1823
1824 BT_DBG("%s IO capability set to 0x%02x", hdev->name,
b8534e0f 1825 hdev->io_capability);
17fa4b9d 1826
09fd0de5 1827 hci_dev_unlock(hdev);
17fa4b9d
JH		 1828 hci_dev_put(hdev);
1829
aee9b218 1830 return cmd_complete(sk, index, MGMT_OP_SET_IO_CAPABILITY, 0, NULL, 0);
17fa4b9d
JH		 1831}
1832
e9a416b5
JH		 1833static inline struct pending_cmd *find_pairing(struct hci_conn *conn)
1834{
1835 struct hci_dev *hdev = conn->hdev;
8035ded4 1836 struct pending_cmd *cmd;
e9a416b5 1837
2e58ef3e 1838 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
e9a416b5
JH		 1839 if (cmd->opcode != MGMT_OP_PAIR_DEVICE)
1840 continue;
1841
e9a416b5
JH		 1842 if (cmd->user_data != conn)
1843 continue;
1844
1845 return cmd;
1846 }
1847
1848 return NULL;
1849}
1850
1851static void pairing_complete(struct pending_cmd *cmd, u8 status)
1852{
1853 struct mgmt_rp_pair_device rp;
1854 struct hci_conn *conn = cmd->user_data;
1855
ba4e564f
JH		 1856 bacpy(&rp.addr.bdaddr, &conn->dst);
1857 rp.addr.type = link_to_mgmt(conn->type, conn->dst_type);
e9a416b5 1858
aee9b218
JH		 1859 cmd_complete(cmd->sk, cmd->index, MGMT_OP_PAIR_DEVICE, status,
1860 &rp, sizeof(rp));
e9a416b5
JH		 1861
1862 /* So we don't get further callbacks for this connection */
1863 conn->connect_cfm_cb = NULL;
1864 conn->security_cfm_cb = NULL;
1865 conn->disconn_cfm_cb = NULL;
1866
1867 hci_conn_put(conn);
1868
a664b5bc 1869 mgmt_pending_remove(cmd);
e9a416b5
JH		 1870}
1871
1872static void pairing_complete_cb(struct hci_conn *conn, u8 status)
1873{
1874 struct pending_cmd *cmd;
1875
1876 BT_DBG("status %u", status);
1877
1878 cmd = find_pairing(conn);
56e5cb86 1879 if (!cmd)
e9a416b5 1880 BT_DBG("Unable to find a pending command");
56e5cb86 1881 else
e211326c 1882 pairing_complete(cmd, mgmt_status(status));
e9a416b5
JH		 1883}
1884
650f726d 1885static int pair_device(struct sock *sk, u16 index, void *data, u16 len)
e9a416b5
JH		 1886{
1887 struct hci_dev *hdev;
650f726d 1888 struct mgmt_cp_pair_device *cp = data;
1425acb7 1889 struct mgmt_rp_pair_device rp;
e9a416b5
JH		 1890 struct pending_cmd *cmd;
1891 u8 sec_level, auth_type;
1892 struct hci_conn *conn;
e9a416b5
JH		 1893 int err;
1894
1895 BT_DBG("");
1896
bdce7baf 1897 if (len != sizeof(*cp))
ca69b795
JH		 1898 return cmd_status(sk, index, MGMT_OP_PAIR_DEVICE,
1899 MGMT_STATUS_INVALID_PARAMS);
bdce7baf 1900
4e51eae9 1901 hdev = hci_dev_get(index);
e9a416b5 1902 if (!hdev)
ca69b795
JH		 1903 return cmd_status(sk, index, MGMT_OP_PAIR_DEVICE,
1904 MGMT_STATUS_INVALID_PARAMS);
e9a416b5 1905
09fd0de5 1906 hci_dev_lock(hdev);
e9a416b5 1907
c908df36
VCG		 1908 sec_level = BT_SECURITY_MEDIUM;
1909 if (cp->io_cap == 0x03)
e9a416b5 1910 auth_type = HCI_AT_DEDICATED_BONDING;
c908df36 1911 else
e9a416b5 1912 auth_type = HCI_AT_DEDICATED_BONDING_MITM;
e9a416b5 1913
ba4e564f
JH		 1914 if (cp->addr.type == MGMT_ADDR_BREDR)
1915 conn = hci_connect(hdev, ACL_LINK, &cp->addr.bdaddr, sec_level,
7a512d01
VCG		 1916 auth_type);
1917 else
ba4e564f 1918 conn = hci_connect(hdev, LE_LINK, &cp->addr.bdaddr, sec_level,
7a512d01
VCG		 1919 auth_type);
1920
1425acb7
JH		 1921 memset(&rp, 0, sizeof(rp));
1922 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
1923 rp.addr.type = cp->addr.type;
1924
30e76272 1925 if (IS_ERR(conn)) {
e211326c
JH		 1926 err = cmd_complete(sk, index, MGMT_OP_PAIR_DEVICE,
1927 MGMT_STATUS_CONNECT_FAILED,
1928 &rp, sizeof(rp));
e9a416b5
JH		 1929 goto unlock;
1930 }
1931
1932 if (conn->connect_cfm_cb) {
1933 hci_conn_put(conn);
e211326c
JH		 1934 err = cmd_complete(sk, index, MGMT_OP_PAIR_DEVICE,
1935 MGMT_STATUS_BUSY, &rp, sizeof(rp));
e9a416b5
JH		 1936 goto unlock;
1937 }
1938
2e58ef3e 1939 cmd = mgmt_pending_add(sk, MGMT_OP_PAIR_DEVICE, hdev, data, len);
e9a416b5
JH		 1940 if (!cmd) {
1941 err = -ENOMEM;
1942 hci_conn_put(conn);
1943 goto unlock;
1944 }
1945
7a512d01 1946 /* For LE, just connecting isn't a proof that the pairing finished */
ba4e564f 1947 if (cp->addr.type == MGMT_ADDR_BREDR)
7a512d01
VCG		 1948 conn->connect_cfm_cb = pairing_complete_cb;
1949
e9a416b5
JH		 1950 conn->security_cfm_cb = pairing_complete_cb;
1951 conn->disconn_cfm_cb = pairing_complete_cb;
1952 conn->io_capability = cp->io_cap;
1953 cmd->user_data = conn;
1954
1955 if (conn->state == BT_CONNECTED &&
1956 hci_conn_security(conn, sec_level, auth_type))
1957 pairing_complete(cmd, 0);
1958
1959 err = 0;
1960
1961unlock:
09fd0de5 1962 hci_dev_unlock(hdev);
e9a416b5
JH		 1963 hci_dev_put(hdev);
1964
1965 return err;
1966}
1967
28424707
JH		 1968static int cancel_pair_device(struct sock *sk, u16 index,
1969 unsigned char *data, u16 len)
1970{
1971 struct mgmt_addr_info *addr = (void *) data;
1972 struct hci_dev *hdev;
1973 struct pending_cmd *cmd;
1974 struct hci_conn *conn;
1975 int err;
1976
1977 BT_DBG("");
1978
1979 if (len != sizeof(*addr))
1980 return cmd_status(sk, index, MGMT_OP_CANCEL_PAIR_DEVICE,
1981 MGMT_STATUS_INVALID_PARAMS);
1982
1983 hdev = hci_dev_get(index);
1984 if (!hdev)
1985 return cmd_status(sk, index, MGMT_OP_CANCEL_PAIR_DEVICE,
1986 MGMT_STATUS_INVALID_PARAMS);
1987
1988 hci_dev_lock(hdev);
1989
1990 cmd = mgmt_pending_find(MGMT_OP_PAIR_DEVICE, hdev);
1991 if (!cmd) {
1992 err = cmd_status(sk, index, MGMT_OP_CANCEL_PAIR_DEVICE,
1993 MGMT_STATUS_INVALID_PARAMS);
1994 goto unlock;
1995 }
1996
1997 conn = cmd->user_data;
1998
1999 if (bacmp(&addr->bdaddr, &conn->dst) != 0) {
2000 err = cmd_status(sk, index, MGMT_OP_CANCEL_PAIR_DEVICE,
2001 MGMT_STATUS_INVALID_PARAMS);
2002 goto unlock;
2003 }
2004
2005 pairing_complete(cmd, MGMT_STATUS_CANCELLED);
2006
aee9b218 2007 err = cmd_complete(sk, index, MGMT_OP_CANCEL_PAIR_DEVICE, 0, addr,
28424707
JH		 2008 sizeof(*addr));
2009unlock:
2010 hci_dev_unlock(hdev);
2011 hci_dev_put(hdev);
2012
2013 return err;
2014}
2015
0df4c185 2016static int user_pairing_resp(struct sock *sk, u16 index, bdaddr_t *bdaddr,
272d90df
JH		 2017 u8 type, u16 mgmt_op, u16 hci_op,
2018 __le32 passkey)
a5c29683 2019{
a5c29683
JH		 2020 struct pending_cmd *cmd;
2021 struct hci_dev *hdev;
0df4c185 2022 struct hci_conn *conn;
a5c29683
JH		 2023 int err;
2024
4e51eae9 2025 hdev = hci_dev_get(index);
a5c29683 2026 if (!hdev)
ca69b795
JH		 2027 return cmd_status(sk, index, mgmt_op,
2028 MGMT_STATUS_INVALID_PARAMS);
a5c29683 2029
09fd0de5 2030 hci_dev_lock(hdev);
08ba5382 2031
4b34ee78 2032 if (!hdev_is_powered(hdev)) {
0df4c185
BG		 2033 err = cmd_status(sk, index, mgmt_op, MGMT_STATUS_NOT_POWERED);
2034 goto done;
a5c29683
JH		 2035 }
2036
272d90df
JH		 2037 if (type == MGMT_ADDR_BREDR)
2038 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, bdaddr);
2039 else
47c15e2b 2040 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, bdaddr);
272d90df
JH		 2041
2042 if (!conn) {
2043 err = cmd_status(sk, index, mgmt_op,
47c15e2b 2044 MGMT_STATUS_NOT_CONNECTED);
272d90df
JH		 2045 goto done;
2046 }
47c15e2b 2047
272d90df 2048 if (type == MGMT_ADDR_LE_PUBLIC || type == MGMT_ADDR_LE_RANDOM) {
47c15e2b 2049 /* Continue with pairing via SMP */
5fe57d9e
BG		 2050 err = smp_user_confirm_reply(conn, mgmt_op, passkey);
2051
2052 if (!err)
2053 err = cmd_status(sk, index, mgmt_op,
2054 MGMT_STATUS_SUCCESS);
2055 else
2056 err = cmd_status(sk, index, mgmt_op,
2057 MGMT_STATUS_FAILED);
47c15e2b 2058
47c15e2b
BG		 2059 goto done;
2060 }
2061
0df4c185 2062 cmd = mgmt_pending_add(sk, mgmt_op, hdev, bdaddr, sizeof(*bdaddr));
a5c29683
JH		 2063 if (!cmd) {
2064 err = -ENOMEM;
0df4c185 2065 goto done;
a5c29683
JH		 2066 }
2067
0df4c185 2068 /* Continue with pairing via HCI */
604086b7
BG		 2069 if (hci_op == HCI_OP_USER_PASSKEY_REPLY) {
2070 struct hci_cp_user_passkey_reply cp;
2071
2072 bacpy(&cp.bdaddr, bdaddr);
2073 cp.passkey = passkey;
2074 err = hci_send_cmd(hdev, hci_op, sizeof(cp), &cp);
2075 } else
2076 err = hci_send_cmd(hdev, hci_op, sizeof(*bdaddr), bdaddr);
2077
a664b5bc
JH		 2078 if (err < 0)
2079 mgmt_pending_remove(cmd);
a5c29683 2080
0df4c185 2081done:
09fd0de5 2082 hci_dev_unlock(hdev);
a5c29683
JH		 2083 hci_dev_put(hdev);
2084
2085 return err;
2086}
2087
0df4c185
BG		 2088static int user_confirm_reply(struct sock *sk, u16 index, void *data, u16 len)
2089{
650f726d 2090 struct mgmt_cp_user_confirm_reply *cp = data;
0df4c185
BG		 2091
2092 BT_DBG("");
2093
2094 if (len != sizeof(*cp))
2095 return cmd_status(sk, index, MGMT_OP_USER_CONFIRM_REPLY,
2096 MGMT_STATUS_INVALID_PARAMS);
2097
272d90df
JH		 2098 return user_pairing_resp(sk, index, &cp->addr.bdaddr, cp->addr.type,
2099 MGMT_OP_USER_CONFIRM_REPLY,
2100 HCI_OP_USER_CONFIRM_REPLY, 0);
0df4c185
BG		 2101}
2102
2103static int user_confirm_neg_reply(struct sock *sk, u16 index, void *data,
2104 u16 len)
2105{
c9c2659f 2106 struct mgmt_cp_user_confirm_neg_reply *cp = data;
0df4c185
BG		 2107
2108 BT_DBG("");
2109
2110 if (len != sizeof(*cp))
2111 return cmd_status(sk, index, MGMT_OP_USER_CONFIRM_NEG_REPLY,
2112 MGMT_STATUS_INVALID_PARAMS);
2113
272d90df
JH		 2114 return user_pairing_resp(sk, index, &cp->addr.bdaddr, cp->addr.type,
2115 MGMT_OP_USER_CONFIRM_NEG_REPLY,
2116 HCI_OP_USER_CONFIRM_NEG_REPLY, 0);
0df4c185
BG		 2117}
2118
604086b7
BG		 2119static int user_passkey_reply(struct sock *sk, u16 index, void *data, u16 len)
2120{
650f726d 2121 struct mgmt_cp_user_passkey_reply *cp = data;
604086b7
BG		 2122
2123 BT_DBG("");
2124
2125 if (len != sizeof(*cp))
2126 return cmd_status(sk, index, MGMT_OP_USER_PASSKEY_REPLY,
2127 EINVAL);
2128
272d90df
JH		 2129 return user_pairing_resp(sk, index, &cp->addr.bdaddr, cp->addr.type,
2130 MGMT_OP_USER_PASSKEY_REPLY,
2131 HCI_OP_USER_PASSKEY_REPLY,
2132 cp->passkey);
604086b7
BG		 2133}
2134
2135static int user_passkey_neg_reply(struct sock *sk, u16 index, void *data,
2136 u16 len)
2137{
650f726d 2138 struct mgmt_cp_user_passkey_neg_reply *cp = data;
604086b7
BG		 2139
2140 BT_DBG("");
2141
2142 if (len != sizeof(*cp))
2143 return cmd_status(sk, index, MGMT_OP_USER_PASSKEY_NEG_REPLY,
2144 EINVAL);
2145
272d90df
JH		 2146 return user_pairing_resp(sk, index, &cp->addr.bdaddr, cp->addr.type,
2147 MGMT_OP_USER_PASSKEY_NEG_REPLY,
2148 HCI_OP_USER_PASSKEY_NEG_REPLY, 0);
604086b7
BG		 2149}
2150
650f726d 2151static int set_local_name(struct sock *sk, u16 index, void *data,
b312b161
JH		 2152 u16 len)
2153{
650f726d 2154 struct mgmt_cp_set_local_name *mgmt_cp = data;
b312b161
JH		 2155 struct hci_cp_write_local_name hci_cp;
2156 struct hci_dev *hdev;
2157 struct pending_cmd *cmd;
2158 int err;
2159
2160 BT_DBG("");
2161
2162 if (len != sizeof(*mgmt_cp))
ca69b795
JH		 2163 return cmd_status(sk, index, MGMT_OP_SET_LOCAL_NAME,
2164 MGMT_STATUS_INVALID_PARAMS);
b312b161
JH		 2165
2166 hdev = hci_dev_get(index);
2167 if (!hdev)
ca69b795
JH		 2168 return cmd_status(sk, index, MGMT_OP_SET_LOCAL_NAME,
2169 MGMT_STATUS_INVALID_PARAMS);
b312b161 2170
09fd0de5 2171 hci_dev_lock(hdev);
b312b161 2172
b5235a65
JH		 2173 if (!hdev_is_powered(hdev)) {
2174 err = cmd_status(sk, index, MGMT_OP_SET_LOCAL_NAME,
2175 MGMT_STATUS_NOT_POWERED);
2176 goto failed;
2177 }
2178
650f726d
VCG		 2179 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LOCAL_NAME, hdev, data,
2180 len);
b312b161
JH		 2181 if (!cmd) {
2182 err = -ENOMEM;
2183 goto failed;
2184 }
2185
2186 memcpy(hci_cp.name, mgmt_cp->name, sizeof(hci_cp.name));
2187 err = hci_send_cmd(hdev, HCI_OP_WRITE_LOCAL_NAME, sizeof(hci_cp),
2188 &hci_cp);
2189 if (err < 0)
2190 mgmt_pending_remove(cmd);
2191
2192failed:
09fd0de5 2193 hci_dev_unlock(hdev);
b312b161
JH		 2194 hci_dev_put(hdev);
2195
2196 return err;
2197}
2198
c35938b2
SJ		 2199static int read_local_oob_data(struct sock *sk, u16 index)
2200{
2201 struct hci_dev *hdev;
2202 struct pending_cmd *cmd;
2203 int err;
2204
2205 BT_DBG("hci%u", index);
2206
2207 hdev = hci_dev_get(index);
2208 if (!hdev)
2209 return cmd_status(sk, index, MGMT_OP_READ_LOCAL_OOB_DATA,
ca69b795 2210 MGMT_STATUS_INVALID_PARAMS);
c35938b2 2211
09fd0de5 2212 hci_dev_lock(hdev);
c35938b2 2213
4b34ee78 2214 if (!hdev_is_powered(hdev)) {
c35938b2 2215 err = cmd_status(sk, index, MGMT_OP_READ_LOCAL_OOB_DATA,
ca69b795 2216 MGMT_STATUS_NOT_POWERED);
c35938b2
SJ		 2217 goto unlock;
2218 }
2219
2220 if (!(hdev->features[6] & LMP_SIMPLE_PAIR)) {
2221 err = cmd_status(sk, index, MGMT_OP_READ_LOCAL_OOB_DATA,
ca69b795 2222 MGMT_STATUS_NOT_SUPPORTED);
c35938b2
SJ		 2223 goto unlock;
2224 }
2225
2e58ef3e 2226 if (mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev)) {
ca69b795
JH		 2227 err = cmd_status(sk, index, MGMT_OP_READ_LOCAL_OOB_DATA,
2228 MGMT_STATUS_BUSY);
c35938b2
SJ		 2229 goto unlock;
2230 }
2231
2e58ef3e 2232 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_DATA, hdev, NULL, 0);
c35938b2
SJ		 2233 if (!cmd) {
2234 err = -ENOMEM;
2235 goto unlock;
2236 }
2237
2238 err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL);
2239 if (err < 0)
2240 mgmt_pending_remove(cmd);
2241
2242unlock:
09fd0de5 2243 hci_dev_unlock(hdev);
c35938b2
SJ		 2244 hci_dev_put(hdev);
2245
2246 return err;
2247}
2248
650f726d
VCG		 2249static int add_remote_oob_data(struct sock *sk, u16 index, void *data,
2250 u16 len)
2763eda6
SJ		 2251{
2252 struct hci_dev *hdev;
650f726d 2253 struct mgmt_cp_add_remote_oob_data *cp = data;
bf1e3541 2254 u8 status;
2763eda6
SJ		 2255 int err;
2256
2257 BT_DBG("hci%u ", index);
2258
2259 if (len != sizeof(*cp))
2260 return cmd_status(sk, index, MGMT_OP_ADD_REMOTE_OOB_DATA,
ca69b795 2261 MGMT_STATUS_INVALID_PARAMS);
2763eda6
SJ		 2262
2263 hdev = hci_dev_get(index);
2264 if (!hdev)
bf1e3541
JH		 2265 return cmd_complete(sk, index, MGMT_OP_ADD_REMOTE_OOB_DATA,
2266 MGMT_STATUS_INVALID_PARAMS,
2267 &cp->addr, sizeof(cp->addr));
2763eda6 2268
09fd0de5 2269 hci_dev_lock(hdev);
2763eda6 2270
664ce4cc 2271 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr, cp->hash,
2763eda6
SJ		 2272 cp->randomizer);
2273 if (err < 0)
bf1e3541 2274 status = MGMT_STATUS_FAILED;
2763eda6 2275 else
bf1e3541
JH		 2276 status = 0;
2277
2278 err = cmd_complete(sk, index, MGMT_OP_ADD_REMOTE_OOB_DATA, status,
2279 &cp->addr, sizeof(cp->addr));
2763eda6 2280
09fd0de5 2281 hci_dev_unlock(hdev);
2763eda6
SJ		 2282 hci_dev_put(hdev);
2283
2284 return err;
2285}
2286
2287static int remove_remote_oob_data(struct sock *sk, u16 index,
650f726d 2288 void *data, u16 len)
2763eda6
SJ		 2289{
2290 struct hci_dev *hdev;
650f726d 2291 struct mgmt_cp_remove_remote_oob_data *cp = data;
bf1e3541 2292 u8 status;
2763eda6
SJ		 2293 int err;
2294
2295 BT_DBG("hci%u ", index);
2296
2297 if (len != sizeof(*cp))
2298 return cmd_status(sk, index, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
ca69b795 2299 MGMT_STATUS_INVALID_PARAMS);
2763eda6
SJ		 2300
2301 hdev = hci_dev_get(index);
2302 if (!hdev)
bf1e3541
JH		 2303 return cmd_complete(sk, index, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
2304 MGMT_STATUS_INVALID_PARAMS,
2305 &cp->addr, sizeof(cp->addr));
2763eda6 2306
09fd0de5 2307 hci_dev_lock(hdev);
2763eda6 2308
664ce4cc 2309 err = hci_remove_remote_oob_data(hdev, &cp->addr.bdaddr);
2763eda6 2310 if (err < 0)
bf1e3541 2311 status = MGMT_STATUS_INVALID_PARAMS;
2763eda6 2312 else
bf1e3541
JH		 2313 status = 0;
2314
2315 err = cmd_complete(sk, index, MGMT_OP_REMOVE_REMOTE_OOB_DATA, status,
2316 &cp->addr, sizeof(cp->addr));
2763eda6 2317
09fd0de5 2318 hci_dev_unlock(hdev);
2763eda6
SJ		 2319 hci_dev_put(hdev);
2320
2321 return err;
2322}
2323
5e0452c0
AG		 2324static int discovery(struct hci_dev *hdev)
2325{
2326 int err;
2327
2328 if (lmp_host_le_capable(hdev)) {
2329 if (lmp_bredr_capable(hdev)) {
2330 err = hci_le_scan(hdev, LE_SCAN_TYPE,
2331 LE_SCAN_INT, LE_SCAN_WIN,
2332 LE_SCAN_TIMEOUT_BREDR_LE);
2333 } else {
2334 hdev->discovery.type = DISCOV_TYPE_LE;
2335 err = hci_le_scan(hdev, LE_SCAN_TYPE,
2336 LE_SCAN_INT, LE_SCAN_WIN,
2337 LE_SCAN_TIMEOUT_LE_ONLY);
2338 }
2339 } else {
2340 hdev->discovery.type = DISCOV_TYPE_BREDR;
2341 err = hci_do_inquiry(hdev, INQUIRY_LEN_BREDR);
2342 }
2343
2344 return err;
2345}
2346
2347int mgmt_interleaved_discovery(struct hci_dev *hdev)
2348{
2349 int err;
2350
2351 BT_DBG("%s", hdev->name);
2352
2353 hci_dev_lock(hdev);
2354
2355 err = hci_do_inquiry(hdev, INQUIRY_LEN_BREDR_LE);
2356 if (err < 0)
2357 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
2358
2359 hci_dev_unlock(hdev);
2360
2361 return err;
2362}
2363
450dfdaf 2364static int start_discovery(struct sock *sk, u16 index,
650f726d 2365 void *data, u16 len)
14a53664 2366{
650f726d 2367 struct mgmt_cp_start_discovery *cp = data;
14a53664
JH		 2368 struct pending_cmd *cmd;
2369 struct hci_dev *hdev;
2370 int err;
2371
2372 BT_DBG("hci%u", index);
2373
450dfdaf
JH		 2374 if (len != sizeof(*cp))
2375 return cmd_status(sk, index, MGMT_OP_START_DISCOVERY,
2376 MGMT_STATUS_INVALID_PARAMS);
2377
14a53664
JH		 2378 hdev = hci_dev_get(index);
2379 if (!hdev)
ca69b795
JH		 2380 return cmd_status(sk, index, MGMT_OP_START_DISCOVERY,
2381 MGMT_STATUS_INVALID_PARAMS);
14a53664 2382
09fd0de5 2383 hci_dev_lock(hdev);
14a53664 2384
4b34ee78 2385 if (!hdev_is_powered(hdev)) {
ca69b795
JH		 2386 err = cmd_status(sk, index, MGMT_OP_START_DISCOVERY,
2387 MGMT_STATUS_NOT_POWERED);
bd2d1334
JH		 2388 goto failed;
2389 }
2390
ff9ef578
JH		 2391 if (hdev->discovery.state != DISCOVERY_STOPPED) {
2392 err = cmd_status(sk, index, MGMT_OP_START_DISCOVERY,
2393 MGMT_STATUS_BUSY);
2394 goto failed;
2395 }
2396
2e58ef3e 2397 cmd = mgmt_pending_add(sk, MGMT_OP_START_DISCOVERY, hdev, NULL, 0);
14a53664
JH		 2398 if (!cmd) {
2399 err = -ENOMEM;
2400 goto failed;
2401 }
2402
4aab14e5
AG		 2403 hdev->discovery.type = cp->type;
2404
2405 switch (hdev->discovery.type) {
f39799f5 2406 case DISCOV_TYPE_BREDR:
3fd24153 2407 err = hci_do_inquiry(hdev, INQUIRY_LEN_BREDR);
f39799f5
AG		 2408 break;
2409
2410 case DISCOV_TYPE_LE:
3fd24153
AG		 2411 err = hci_le_scan(hdev, LE_SCAN_TYPE, LE_SCAN_INT,
2412 LE_SCAN_WIN, LE_SCAN_TIMEOUT_LE_ONLY);
f39799f5
AG		 2413 break;
2414
5e0452c0
AG		 2415 case DISCOV_TYPE_INTERLEAVED:
2416 err = discovery(hdev);
2417 break;
2418
f39799f5 2419 default:
3fd24153 2420 err = -EINVAL;
f39799f5 2421 }
3fd24153 2422
14a53664
JH		 2423 if (err < 0)
2424 mgmt_pending_remove(cmd);
ff9ef578
JH		 2425 else
2426 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
14a53664
JH		 2427
2428failed:
09fd0de5 2429 hci_dev_unlock(hdev);
14a53664
JH		 2430 hci_dev_put(hdev);
2431
2432 return err;
2433}
2434
d930650b 2435static int stop_discovery(struct sock *sk, u16 index, void *data, u16 len)
14a53664 2436{
d930650b 2437 struct mgmt_cp_stop_discovery *mgmt_cp = data;
14a53664
JH		 2438 struct hci_dev *hdev;
2439 struct pending_cmd *cmd;
30dc78e1
JH		 2440 struct hci_cp_remote_name_req_cancel cp;
2441 struct inquiry_entry *e;
14a53664
JH		 2442 int err;
2443
2444 BT_DBG("hci%u", index);
2445
d930650b
JH		 2446 if (len != sizeof(*mgmt_cp))
2447 return cmd_status(sk, index, MGMT_OP_STOP_DISCOVERY,
2448 MGMT_STATUS_INVALID_PARAMS);
2449
14a53664
JH		 2450 hdev = hci_dev_get(index);
2451 if (!hdev)
ca69b795
JH		 2452 return cmd_status(sk, index, MGMT_OP_STOP_DISCOVERY,
2453 MGMT_STATUS_INVALID_PARAMS);
14a53664 2454
09fd0de5 2455 hci_dev_lock(hdev);
14a53664 2456
30dc78e1 2457 if (!hci_discovery_active(hdev)) {
d930650b
JH		 2458 err = cmd_complete(sk, index, MGMT_OP_STOP_DISCOVERY,
2459 MGMT_STATUS_REJECTED,
2460 &mgmt_cp->type, sizeof(mgmt_cp->type));
2461 goto unlock;
2462 }
2463
2464 if (hdev->discovery.type != mgmt_cp->type) {
2465 err = cmd_complete(sk, index, MGMT_OP_STOP_DISCOVERY,
2466 MGMT_STATUS_INVALID_PARAMS,
2467 &mgmt_cp->type, sizeof(mgmt_cp->type));
30dc78e1 2468 goto unlock;
ff9ef578
JH		 2469 }
2470
2e58ef3e 2471 cmd = mgmt_pending_add(sk, MGMT_OP_STOP_DISCOVERY, hdev, NULL, 0);
14a53664
JH		 2472 if (!cmd) {
2473 err = -ENOMEM;
30dc78e1
JH		 2474 goto unlock;
2475 }
2476
343f935b 2477 if (hdev->discovery.state == DISCOVERY_FINDING) {
30dc78e1
JH		 2478 err = hci_cancel_inquiry(hdev);
2479 if (err < 0)
2480 mgmt_pending_remove(cmd);
2481 else
2482 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
2483 goto unlock;
2484 }
2485
2486 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY, NAME_PENDING);
2487 if (!e) {
2488 mgmt_pending_remove(cmd);
aee9b218 2489 err = cmd_complete(sk, index, MGMT_OP_STOP_DISCOVERY, 0,
d930650b 2490 &mgmt_cp->type, sizeof(mgmt_cp->type));
30dc78e1
JH		 2491 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
2492 goto unlock;
14a53664
JH		 2493 }
2494
30dc78e1
JH		 2495 bacpy(&cp.bdaddr, &e->data.bdaddr);
2496 err = hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ_CANCEL,
2497 sizeof(cp), &cp);
14a53664
JH		 2498 if (err < 0)
2499 mgmt_pending_remove(cmd);
ff9ef578
JH		 2500 else
2501 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
14a53664 2502
30dc78e1 2503unlock:
09fd0de5 2504 hci_dev_unlock(hdev);
14a53664
JH		 2505 hci_dev_put(hdev);
2506
2507 return err;
2508}
2509
650f726d 2510static int confirm_name(struct sock *sk, u16 index, void *data, u16 len)
561aafbc 2511{
650f726d 2512 struct mgmt_cp_confirm_name *cp = data;
561aafbc
JH		 2513 struct inquiry_entry *e;
2514 struct hci_dev *hdev;
2515 int err;
2516
2517 BT_DBG("hci%u", index);
2518
2519 if (len != sizeof(*cp))
2520 return cmd_status(sk, index, MGMT_OP_CONFIRM_NAME,
2521 MGMT_STATUS_INVALID_PARAMS);
2522
2523 hdev = hci_dev_get(index);
2524 if (!hdev)
2525 return cmd_status(sk, index, MGMT_OP_CONFIRM_NAME,
2526 MGMT_STATUS_INVALID_PARAMS);
2527
2528 hci_dev_lock(hdev);
2529
30dc78e1
JH		 2530 if (!hci_discovery_active(hdev)) {
2531 err = cmd_status(sk, index, MGMT_OP_CONFIRM_NAME,
2532 MGMT_STATUS_FAILED);
2533 goto failed;
2534 }
2535
a198e7b1 2536 e = hci_inquiry_cache_lookup_unknown(hdev, &cp->addr.bdaddr);
561aafbc 2537 if (!e) {
e5f0e151 2538 err = cmd_status(sk, index, MGMT_OP_CONFIRM_NAME,
561aafbc
JH		 2539 MGMT_STATUS_INVALID_PARAMS);
2540 goto failed;
2541 }
2542
2543 if (cp->name_known) {
2544 e->name_state = NAME_KNOWN;
2545 list_del(&e->list);
2546 } else {
2547 e->name_state = NAME_NEEDED;
a3d4e20a 2548 hci_inquiry_cache_update_resolve(hdev, e);
561aafbc
JH		 2549 }
2550
2551 err = 0;
2552
2553failed:
2554 hci_dev_unlock(hdev);
2555
2556 return err;
2557}
2558
650f726d 2559static int block_device(struct sock *sk, u16 index, void *data, u16 len)
7fbec224
AJ		 2560{
2561 struct hci_dev *hdev;
650f726d 2562 struct mgmt_cp_block_device *cp = data;
f0eeea8b 2563 u8 status;
7fbec224
AJ		 2564 int err;
2565
2566 BT_DBG("hci%u", index);
2567
7fbec224
AJ		 2568 if (len != sizeof(*cp))
2569 return cmd_status(sk, index, MGMT_OP_BLOCK_DEVICE,
ca69b795 2570 MGMT_STATUS_INVALID_PARAMS);
7fbec224
AJ		 2571
2572 hdev = hci_dev_get(index);
2573 if (!hdev)
f0eeea8b
JH		 2574 return cmd_complete(sk, index, MGMT_OP_BLOCK_DEVICE,
2575 MGMT_STATUS_INVALID_PARAMS,
2576 &cp->addr, sizeof(cp->addr));
7fbec224 2577
09fd0de5 2578 hci_dev_lock(hdev);
5e762444 2579
88c1fe4b 2580 err = hci_blacklist_add(hdev, &cp->addr.bdaddr, cp->addr.type);
7fbec224 2581 if (err < 0)
f0eeea8b 2582 status = MGMT_STATUS_FAILED;
7fbec224 2583 else
f0eeea8b
JH		 2584 status = 0;
2585
2586 err = cmd_complete(sk, index, MGMT_OP_BLOCK_DEVICE, status,
2587 &cp->addr, sizeof(cp->addr));
5e762444 2588
09fd0de5 2589 hci_dev_unlock(hdev);
7fbec224
AJ		 2590 hci_dev_put(hdev);
2591
2592 return err;
2593}
2594
650f726d 2595static int unblock_device(struct sock *sk, u16 index, void *data, u16 len)
7fbec224
AJ		 2596{
2597 struct hci_dev *hdev;
650f726d 2598 struct mgmt_cp_unblock_device *cp = data;
f0eeea8b 2599 u8 status;
7fbec224
AJ		 2600 int err;
2601
2602 BT_DBG("hci%u", index);
2603
7fbec224
AJ		 2604 if (len != sizeof(*cp))
2605 return cmd_status(sk, index, MGMT_OP_UNBLOCK_DEVICE,
ca69b795 2606 MGMT_STATUS_INVALID_PARAMS);
7fbec224
AJ		 2607
2608 hdev = hci_dev_get(index);
2609 if (!hdev)
f0eeea8b
JH		 2610 return cmd_complete(sk, index, MGMT_OP_UNBLOCK_DEVICE,
2611 MGMT_STATUS_INVALID_PARAMS,
2612 &cp->addr, sizeof(cp->addr));
7fbec224 2613
09fd0de5 2614 hci_dev_lock(hdev);
5e762444 2615
88c1fe4b 2616 err = hci_blacklist_del(hdev, &cp->addr.bdaddr, cp->addr.type);
7fbec224 2617 if (err < 0)
f0eeea8b 2618 status = MGMT_STATUS_INVALID_PARAMS;
7fbec224 2619 else
f0eeea8b
JH		 2620 status = 0;
2621
2622 err = cmd_complete(sk, index, MGMT_OP_UNBLOCK_DEVICE, status,
2623 &cp->addr, sizeof(cp->addr));
5e762444 2624
09fd0de5 2625 hci_dev_unlock(hdev);
7fbec224
AJ		 2626 hci_dev_put(hdev);
2627
2628 return err;
2629}
2630
f6422ec6 2631static int set_fast_connectable(struct sock *sk, u16 index,
650f726d 2632 void *data, u16 len)
f6422ec6
AJ		 2633{
2634 struct hci_dev *hdev;
650f726d 2635 struct mgmt_mode *cp = data;
f6422ec6
AJ		 2636 struct hci_cp_write_page_scan_activity acp;
2637 u8 type;
2638 int err;
2639
2640 BT_DBG("hci%u", index);
2641
2642 if (len != sizeof(*cp))
2643 return cmd_status(sk, index, MGMT_OP_SET_FAST_CONNECTABLE,
ca69b795 2644 MGMT_STATUS_INVALID_PARAMS);
f6422ec6
AJ		 2645
2646 hdev = hci_dev_get(index);
2647 if (!hdev)
2648 return cmd_status(sk, index, MGMT_OP_SET_FAST_CONNECTABLE,
ca69b795 2649 MGMT_STATUS_INVALID_PARAMS);
5400c044
JH		 2650 if (!hdev_is_powered(hdev))
2651 return cmd_status(sk, index, MGMT_OP_SET_FAST_CONNECTABLE,
2652 MGMT_STATUS_NOT_POWERED);
2653
2654 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
2655 return cmd_status(sk, index, MGMT_OP_SET_FAST_CONNECTABLE,
2656 MGMT_STATUS_REJECTED);
f6422ec6
AJ		 2657
2658 hci_dev_lock(hdev);
2659
f7c6869c 2660 if (cp->val) {
f6422ec6
AJ		 2661 type = PAGE_SCAN_TYPE_INTERLACED;
2662 acp.interval = 0x0024; /* 22.5 msec page scan interval */
2663 } else {
2664 type = PAGE_SCAN_TYPE_STANDARD; /* default */
2665 acp.interval = 0x0800; /* default 1.28 sec page scan */
2666 }
2667
2668 acp.window = 0x0012; /* default 11.25 msec page scan window */
2669
2670 err = hci_send_cmd(hdev, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY,
2671 sizeof(acp), &acp);
2672 if (err < 0) {
2673 err = cmd_status(sk, index, MGMT_OP_SET_FAST_CONNECTABLE,
ca69b795 2674 MGMT_STATUS_FAILED);
f6422ec6
AJ		 2675 goto done;
2676 }
2677
2678 err = hci_send_cmd(hdev, HCI_OP_WRITE_PAGE_SCAN_TYPE, 1, &type);
2679 if (err < 0) {
2680 err = cmd_status(sk, index, MGMT_OP_SET_FAST_CONNECTABLE,
ca69b795 2681 MGMT_STATUS_FAILED);
f6422ec6
AJ		 2682 goto done;
2683 }
2684
aee9b218
JH		 2685 err = cmd_complete(sk, index, MGMT_OP_SET_FAST_CONNECTABLE, 0,
2686 NULL, 0);
f6422ec6
AJ		 2687done:
2688 hci_dev_unlock(hdev);
2689 hci_dev_put(hdev);
2690
2691 return err;
2692}
2693
346af67b
VCG		 2694static int load_long_term_keys(struct sock *sk, u16 index,
2695 void *cp_data, u16 len)
2696{
2697 struct hci_dev *hdev;
2698 struct mgmt_cp_load_long_term_keys *cp = cp_data;
2699 u16 key_count, expected_len;
2700 int i;
2701
2702 if (len < sizeof(*cp))
2703 return cmd_status(sk, index, MGMT_OP_LOAD_LONG_TERM_KEYS,
2704 EINVAL);
2705
2706 key_count = get_unaligned_le16(&cp->key_count);
2707
2708 expected_len = sizeof(*cp) + key_count *
2709 sizeof(struct mgmt_ltk_info);
2710 if (expected_len != len) {
2711 BT_ERR("load_keys: expected %u bytes, got %u bytes",
2712 len, expected_len);
2713 return cmd_status(sk, index, MGMT_OP_LOAD_LONG_TERM_KEYS,
2714 EINVAL);
2715 }
2716
2717 hdev = hci_dev_get(index);
2718 if (!hdev)
2719 return cmd_status(sk, index, MGMT_OP_LOAD_LONG_TERM_KEYS,
2720 ENODEV);
2721
2722 BT_DBG("hci%u key_count %u", index, key_count);
2723
2724 hci_dev_lock(hdev);
2725
2726 hci_smp_ltks_clear(hdev);
2727
2728 for (i = 0; i < key_count; i++) {
2729 struct mgmt_ltk_info *key = &cp->keys[i];
2730 u8 type;
2731
2732 if (key->master)
2733 type = HCI_SMP_LTK;
2734 else
2735 type = HCI_SMP_LTK_SLAVE;
2736
2737 hci_add_ltk(hdev, &key->addr.bdaddr, key->addr.type,
2738 type, 0, key->authenticated, key->val,
2739 key->enc_size, key->ediv, key->rand);
2740 }
2741
2742 hci_dev_unlock(hdev);
2743 hci_dev_put(hdev);
2744
2745 return 0;
2746}
2747
0381101f
JH		 2748int mgmt_control(struct sock *sk, struct msghdr *msg, size_t msglen)
2749{
650f726d
VCG		 2750 void *buf;
2751 u8 *cp;
0381101f 2752 struct mgmt_hdr *hdr;
4e51eae9 2753 u16 opcode, index, len;
0381101f
JH		 2754 int err;
2755
2756 BT_DBG("got %zu bytes", msglen);
2757
2758 if (msglen < sizeof(*hdr))
2759 return -EINVAL;
2760
e63a15ec 2761 buf = kmalloc(msglen, GFP_KERNEL);
0381101f
JH		 2762 if (!buf)
2763 return -ENOMEM;
2764
2765 if (memcpy_fromiovec(buf, msg->msg_iov, msglen)) {
2766 err = -EFAULT;
2767 goto done;
2768 }
2769
650f726d 2770 hdr = buf;
0381101f 2771 opcode = get_unaligned_le16(&hdr->opcode);
4e51eae9 2772 index = get_unaligned_le16(&hdr->index);
0381101f
JH		 2773 len = get_unaligned_le16(&hdr->len);
2774
2775 if (len != msglen - sizeof(*hdr)) {
2776 err = -EINVAL;
2777 goto done;
2778 }
2779
650f726d
VCG		 2780 cp = buf + sizeof(*hdr);
2781
0381101f 2782 switch (opcode) {
02d98129
JH		 2783 case MGMT_OP_READ_VERSION:
2784 err = read_version(sk);
2785 break;
e70bb2e8
JH		 2786 case MGMT_OP_READ_COMMANDS:
2787 err = read_commands(sk);
2788 break;
faba42eb
JH		 2789 case MGMT_OP_READ_INDEX_LIST:
2790 err = read_index_list(sk);
2791 break;
f7b64e69 2792 case MGMT_OP_READ_INFO:
4e51eae9 2793 err = read_controller_info(sk, index);
f7b64e69 2794 break;
eec8d2bc 2795 case MGMT_OP_SET_POWERED:
650f726d 2796 err = set_powered(sk, index, cp, len);
eec8d2bc 2797 break;
73f22f62 2798 case MGMT_OP_SET_DISCOVERABLE:
650f726d 2799 err = set_discoverable(sk, index, cp, len);
73f22f62 2800 break;
9fbcbb45 2801 case MGMT_OP_SET_CONNECTABLE:
650f726d 2802 err = set_connectable(sk, index, cp, len);
9fbcbb45 2803 break;
f7c6869c 2804 case MGMT_OP_SET_FAST_CONNECTABLE:
650f726d 2805 err = set_fast_connectable(sk, index, cp, len);
f7c6869c 2806 break;
c542a06c 2807 case MGMT_OP_SET_PAIRABLE:
650f726d 2808 err = set_pairable(sk, index, cp, len);
c542a06c 2809 break;
33ef95ed
JH		 2810 case MGMT_OP_SET_LINK_SECURITY:
2811 err = set_link_security(sk, index, cp, len);
2812 break;
ed2c4ee3
JH		 2813 case MGMT_OP_SET_SSP:
2814 err = set_ssp(sk, index, cp, len);
2815 break;
6d80dfd0
JH		 2816 case MGMT_OP_SET_HS:
2817 err = set_hs(sk, index, cp, len);
2818 break;
2aeb9a1a 2819 case MGMT_OP_ADD_UUID:
650f726d 2820 err = add_uuid(sk, index, cp, len);
2aeb9a1a
JH		 2821 break;
2822 case MGMT_OP_REMOVE_UUID:
650f726d 2823 err = remove_uuid(sk, index, cp, len);
2aeb9a1a 2824 break;
1aff6f09 2825 case MGMT_OP_SET_DEV_CLASS:
650f726d 2826 err = set_dev_class(sk, index, cp, len);
1aff6f09 2827 break;
86742e1e 2828 case MGMT_OP_LOAD_LINK_KEYS:
650f726d 2829 err = load_link_keys(sk, index, cp, len);
55ed8ca1 2830 break;
8962ee74 2831 case MGMT_OP_DISCONNECT:
650f726d 2832 err = disconnect(sk, index, cp, len);
8962ee74 2833 break;
2784eb41 2834 case MGMT_OP_GET_CONNECTIONS:
8ce6284e 2835 err = get_connections(sk, index);
2784eb41 2836 break;
980e1a53 2837 case MGMT_OP_PIN_CODE_REPLY:
650f726d 2838 err = pin_code_reply(sk, index, cp, len);
980e1a53
JH		 2839 break;
2840 case MGMT_OP_PIN_CODE_NEG_REPLY:
650f726d 2841 err = pin_code_neg_reply(sk, index, cp, len);
980e1a53 2842 break;
17fa4b9d 2843 case MGMT_OP_SET_IO_CAPABILITY:
650f726d 2844 err = set_io_capability(sk, index, cp, len);
17fa4b9d 2845 break;
e9a416b5 2846 case MGMT_OP_PAIR_DEVICE:
650f726d 2847 err = pair_device(sk, index, cp, len);
e9a416b5 2848 break;
28424707
JH		 2849 case MGMT_OP_CANCEL_PAIR_DEVICE:
2850 err = cancel_pair_device(sk, index, buf + sizeof(*hdr), len);
2851 break;
124f6e35
JH		 2852 case MGMT_OP_UNPAIR_DEVICE:
2853 err = unpair_device(sk, index, cp, len);
2854 break;
a5c29683 2855 case MGMT_OP_USER_CONFIRM_REPLY:
650f726d 2856 err = user_confirm_reply(sk, index, cp, len);
a5c29683
JH		 2857 break;
2858 case MGMT_OP_USER_CONFIRM_NEG_REPLY:
650f726d 2859 err = user_confirm_neg_reply(sk, index, cp, len);
a5c29683 2860 break;
604086b7 2861 case MGMT_OP_USER_PASSKEY_REPLY:
650f726d 2862 err = user_passkey_reply(sk, index, cp, len);
604086b7
BG		 2863 break;
2864 case MGMT_OP_USER_PASSKEY_NEG_REPLY:
650f726d 2865 err = user_passkey_neg_reply(sk, index, cp, len);
a5c29683 2866 break;
b312b161 2867 case MGMT_OP_SET_LOCAL_NAME:
650f726d 2868 err = set_local_name(sk, index, cp, len);
b312b161 2869 break;
c35938b2
SJ		 2870 case MGMT_OP_READ_LOCAL_OOB_DATA:
2871 err = read_local_oob_data(sk, index);
2872 break;
2763eda6 2873 case MGMT_OP_ADD_REMOTE_OOB_DATA:
650f726d 2874 err = add_remote_oob_data(sk, index, cp, len);
2763eda6
SJ		 2875 break;
2876 case MGMT_OP_REMOVE_REMOTE_OOB_DATA:
650f726d 2877 err = remove_remote_oob_data(sk, index, cp, len);
2763eda6 2878 break;
14a53664 2879 case MGMT_OP_START_DISCOVERY:
650f726d 2880 err = start_discovery(sk, index, cp, len);
14a53664
JH		 2881 break;
2882 case MGMT_OP_STOP_DISCOVERY:
d930650b 2883 err = stop_discovery(sk, index, cp, len);
14a53664 2884 break;
561aafbc 2885 case MGMT_OP_CONFIRM_NAME:
650f726d 2886 err = confirm_name(sk, index, cp, len);
561aafbc 2887 break;
7fbec224 2888 case MGMT_OP_BLOCK_DEVICE:
650f726d 2889 err = block_device(sk, index, cp, len);
7fbec224
AJ		 2890 break;
2891 case MGMT_OP_UNBLOCK_DEVICE:
650f726d 2892 err = unblock_device(sk, index, cp, len);
7fbec224 2893 break;
346af67b
VCG		 2894 case MGMT_OP_LOAD_LONG_TERM_KEYS:
2895 err = load_long_term_keys(sk, index, cp, len);
2896 break;
0381101f
JH		 2897 default:
2898 BT_DBG("Unknown op %u", opcode);
ca69b795
JH		 2899 err = cmd_status(sk, index, opcode,
2900 MGMT_STATUS_UNKNOWN_COMMAND);
0381101f
JH		 2901 break;
2902 }
2903
e41d8b4e
JH		 2904 if (err < 0)
2905 goto done;
2906
0381101f
JH		 2907 err = msglen;
2908
2909done:
2910 kfree(buf);
2911 return err;
2912}
c71e97bf 2913
b24752fe
JH		 2914static void cmd_status_rsp(struct pending_cmd *cmd, void *data)
2915{
2916 u8 *status = data;
2917
2918 cmd_status(cmd->sk, cmd->index, cmd->opcode, *status);
2919 mgmt_pending_remove(cmd);
2920}
2921
744cf19e 2922int mgmt_index_added(struct hci_dev *hdev)
c71e97bf 2923{
744cf19e 2924 return mgmt_event(MGMT_EV_INDEX_ADDED, hdev, NULL, 0, NULL);
c71e97bf
JH		 2925}
2926
744cf19e 2927int mgmt_index_removed(struct hci_dev *hdev)
c71e97bf 2928{
b24752fe
JH		 2929 u8 status = ENODEV;
2930
744cf19e 2931 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status);
b24752fe 2932
744cf19e 2933 return mgmt_event(MGMT_EV_INDEX_REMOVED, hdev, NULL, 0, NULL);
eec8d2bc
JH		 2934}
2935
73f22f62 2936struct cmd_lookup {
eec8d2bc 2937 struct sock *sk;
69ab39ea 2938 struct hci_dev *hdev;
eec8d2bc
JH		 2939};
2940
69ab39ea 2941static void settings_rsp(struct pending_cmd *cmd, void *data)
eec8d2bc 2942{
73f22f62 2943 struct cmd_lookup *match = data;
eec8d2bc 2944
69ab39ea 2945 send_settings_rsp(cmd->sk, cmd->opcode, match->hdev);
eec8d2bc
JH		 2946
2947 list_del(&cmd->list);
2948
2949 if (match->sk == NULL) {
2950 match->sk = cmd->sk;
2951 sock_hold(match->sk);
2952 }
2953
2954 mgmt_pending_free(cmd);
c71e97bf 2955}
5add6af8 2956
744cf19e 2957int mgmt_powered(struct hci_dev *hdev, u8 powered)
5add6af8 2958{
76a7f3a4 2959 struct cmd_lookup match = { NULL, hdev };
7bb895d6 2960 int err;
5add6af8 2961
5e5282bb
JH		 2962 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
2963 return 0;
2964
69ab39ea 2965 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
5add6af8 2966
5e5282bb
JH		 2967 if (powered) {
2968 u8 scan = 0;
2969
2970 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
2971 scan |= SCAN_PAGE;
2972 if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
2973 scan |= SCAN_INQUIRY;
2974
2975 if (scan)
2976 hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
2977 } else {
b24752fe 2978 u8 status = ENETDOWN;
744cf19e 2979 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status);
b24752fe
JH		 2980 }
2981
beadb2bd 2982 err = new_settings(hdev, match.sk);
eec8d2bc
JH		 2983
2984 if (match.sk)
2985 sock_put(match.sk);
2986
7bb895d6 2987 return err;
5add6af8 2988}
73f22f62 2989
744cf19e 2990int mgmt_discoverable(struct hci_dev *hdev, u8 discoverable)
73f22f62 2991{
76a7f3a4 2992 struct cmd_lookup match = { NULL, hdev };
5e5282bb
JH		 2993 bool changed = false;
2994 int err = 0;
73f22f62 2995
5e5282bb
JH		 2996 if (discoverable) {
2997 if (!test_and_set_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
2998 changed = true;
2999 } else {
3000 if (test_and_clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
3001 changed = true;
3002 }
73f22f62 3003
ed9b5f2f
JH		 3004 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, hdev, settings_rsp,
3005 &match);
3006
beadb2bd
JH		 3007 if (changed)
3008 err = new_settings(hdev, match.sk);
5e5282bb 3009
73f22f62
JH		 3010 if (match.sk)
3011 sock_put(match.sk);
3012
7bb895d6 3013 return err;
73f22f62 3014}
9fbcbb45 3015
744cf19e 3016int mgmt_connectable(struct hci_dev *hdev, u8 connectable)
9fbcbb45 3017{
76a7f3a4 3018 struct cmd_lookup match = { NULL, hdev };
5e5282bb
JH		 3019 bool changed = false;
3020 int err = 0;
9fbcbb45 3021
5e5282bb
JH		 3022 if (connectable) {
3023 if (!test_and_set_bit(HCI_CONNECTABLE, &hdev->dev_flags))
3024 changed = true;
3025 } else {
3026 if (test_and_clear_bit(HCI_CONNECTABLE, &hdev->dev_flags))
3027 changed = true;
3028 }
9fbcbb45 3029
ed9b5f2f
JH		 3030 mgmt_pending_foreach(MGMT_OP_SET_CONNECTABLE, hdev, settings_rsp,
3031 &match);
3032
beadb2bd
JH		 3033 if (changed)
3034 err = new_settings(hdev, match.sk);
9fbcbb45
JH		 3035
3036 if (match.sk)
3037 sock_put(match.sk);
3038
7bb895d6 3039 return err;
9fbcbb45 3040}
55ed8ca1 3041
744cf19e 3042int mgmt_write_scan_failed(struct hci_dev *hdev, u8 scan, u8 status)
2d7cee58 3043{
ca69b795
JH		 3044 u8 mgmt_err = mgmt_status(status);
3045
2d7cee58 3046 if (scan & SCAN_PAGE)
744cf19e 3047 mgmt_pending_foreach(MGMT_OP_SET_CONNECTABLE, hdev,
ca69b795 3048 cmd_status_rsp, &mgmt_err);
2d7cee58
JH		 3049
3050 if (scan & SCAN_INQUIRY)
744cf19e 3051 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, hdev,
ca69b795 3052 cmd_status_rsp, &mgmt_err);
2d7cee58
JH		 3053
3054 return 0;
3055}
3056
744cf19e
JH		 3057int mgmt_new_link_key(struct hci_dev *hdev, struct link_key *key,
3058 u8 persistent)
55ed8ca1 3059{
86742e1e 3060 struct mgmt_ev_new_link_key ev;
55ed8ca1 3061
a492cd52 3062 memset(&ev, 0, sizeof(ev));
55ed8ca1 3063
a492cd52 3064 ev.store_hint = persistent;
d753fdc4
JH		 3065 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
3066 ev.key.addr.type = MGMT_ADDR_BREDR;
a492cd52
VCG		 3067 ev.key.type = key->type;
3068 memcpy(ev.key.val, key->val, 16);
3069 ev.key.pin_len = key->pin_len;
55ed8ca1 3070
744cf19e 3071 return mgmt_event(MGMT_EV_NEW_LINK_KEY, hdev, &ev, sizeof(ev), NULL);
55ed8ca1 3072}
f7520543 3073
346af67b
VCG		 3074int mgmt_new_ltk(struct hci_dev *hdev, struct smp_ltk *key, u8 persistent)
3075{
3076 struct mgmt_ev_new_long_term_key ev;
3077
3078 memset(&ev, 0, sizeof(ev));
3079
3080 ev.store_hint = persistent;
3081 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
3082 ev.key.addr.type = key->bdaddr_type;
3083 ev.key.authenticated = key->authenticated;
3084 ev.key.enc_size = key->enc_size;
3085 ev.key.ediv = key->ediv;
3086
3087 if (key->type == HCI_SMP_LTK)
3088 ev.key.master = 1;
3089
3090 memcpy(ev.key.rand, key->rand, sizeof(key->rand));
3091 memcpy(ev.key.val, key->val, sizeof(key->val));
3092
3093 return mgmt_event(MGMT_EV_NEW_LONG_TERM_KEY, hdev,
3094 &ev, sizeof(ev), NULL);
3095}
3096
afc747a6 3097int mgmt_device_connected(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
b644ba33
JH		 3098 u8 addr_type, u8 *name, u8 name_len,
3099 u8 *dev_class)
f7520543 3100{
b644ba33
JH		 3101 char buf[512];
3102 struct mgmt_ev_device_connected *ev = (void *) buf;
3103 u16 eir_len = 0;
f7520543 3104
b644ba33
JH		 3105 bacpy(&ev->addr.bdaddr, bdaddr);
3106 ev->addr.type = link_to_mgmt(link_type, addr_type);
f7520543 3107
b644ba33
JH		 3108 if (name_len > 0)
3109 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE,
3110 name, name_len);
3111
3112 if (dev_class && memcmp(dev_class, "\0\0\0", 3) != 0)
3113 eir_len = eir_append_data(&ev->eir[eir_len], eir_len,
3114 EIR_CLASS_OF_DEV, dev_class, 3);
3115
3116 put_unaligned_le16(eir_len, &ev->eir_len);
3117
3118 return mgmt_event(MGMT_EV_DEVICE_CONNECTED, hdev, buf,
3119 sizeof(*ev) + eir_len, NULL);
f7520543
JH		 3120}
3121
8962ee74
JH		 3122static void disconnect_rsp(struct pending_cmd *cmd, void *data)
3123{
c68fb7ff 3124 struct mgmt_cp_disconnect *cp = cmd->param;
8962ee74 3125 struct sock **sk = data;
a38528f1 3126 struct mgmt_rp_disconnect rp;
8962ee74 3127
88c3df13
JH		 3128 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
3129 rp.addr.type = cp->addr.type;
8962ee74 3130
aee9b218
JH		 3131 cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT, 0, &rp,
3132 sizeof(rp));
8962ee74
JH		 3133
3134 *sk = cmd->sk;
3135 sock_hold(*sk);
3136
a664b5bc 3137 mgmt_pending_remove(cmd);
8962ee74
JH		 3138}
3139
124f6e35 3140static void unpair_device_rsp(struct pending_cmd *cmd, void *data)
a8a1d19e 3141{
b1078ad0 3142 struct hci_dev *hdev = data;
124f6e35
JH		 3143 struct mgmt_cp_unpair_device *cp = cmd->param;
3144 struct mgmt_rp_unpair_device rp;
a8a1d19e
JH		 3145
3146 memset(&rp, 0, sizeof(rp));
124f6e35
JH		 3147 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
3148 rp.addr.type = cp->addr.type;
a8a1d19e 3149
b1078ad0
JH		 3150 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, cmd->sk);
3151
aee9b218 3152 cmd_complete(cmd->sk, cmd->index, cmd->opcode, 0, &rp, sizeof(rp));
a8a1d19e
JH		 3153
3154 mgmt_pending_remove(cmd);
3155}
3156
afc747a6
JH		 3157int mgmt_device_disconnected(struct hci_dev *hdev, bdaddr_t *bdaddr,
3158 u8 link_type, u8 addr_type)
f7520543 3159{
4c659c39 3160 struct mgmt_addr_info ev;
8962ee74
JH		 3161 struct sock *sk = NULL;
3162 int err;
3163
744cf19e 3164 mgmt_pending_foreach(MGMT_OP_DISCONNECT, hdev, disconnect_rsp, &sk);
f7520543 3165
f7520543 3166 bacpy(&ev.bdaddr, bdaddr);
48264f06 3167 ev.type = link_to_mgmt(link_type, addr_type);
f7520543 3168
afc747a6
JH		 3169 err = mgmt_event(MGMT_EV_DEVICE_DISCONNECTED, hdev, &ev, sizeof(ev),
3170 sk);
8962ee74
JH		 3171
3172 if (sk)
3173 sock_put(sk);
3174
124f6e35 3175 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
b1078ad0 3176 hdev);
a8a1d19e 3177
8962ee74
JH		 3178 return err;
3179}
3180
88c3df13
JH		 3181int mgmt_disconnect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr,
3182 u8 link_type, u8 addr_type, u8 status)
8962ee74 3183{
88c3df13 3184 struct mgmt_rp_disconnect rp;
8962ee74
JH		 3185 struct pending_cmd *cmd;
3186 int err;
3187
2e58ef3e 3188 cmd = mgmt_pending_find(MGMT_OP_DISCONNECT, hdev);
8962ee74
JH		 3189 if (!cmd)
3190 return -ENOENT;
3191
88c3df13
JH		 3192 bacpy(&rp.addr.bdaddr, bdaddr);
3193 rp.addr.type = link_to_mgmt(link_type, addr_type);
37d9ef76 3194
88c3df13 3195 err = cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT,
aee9b218 3196 mgmt_status(status), &rp, sizeof(rp));
8962ee74 3197
a664b5bc 3198 mgmt_pending_remove(cmd);
8962ee74 3199
b1078ad0
JH		 3200 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
3201 hdev);
8962ee74 3202 return err;
f7520543 3203}
17d5c04c 3204
48264f06
JH		 3205int mgmt_connect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
3206 u8 addr_type, u8 status)
17d5c04c
JH		 3207{
3208 struct mgmt_ev_connect_failed ev;
3209
4c659c39 3210 bacpy(&ev.addr.bdaddr, bdaddr);
48264f06 3211 ev.addr.type = link_to_mgmt(link_type, addr_type);
ca69b795 3212 ev.status = mgmt_status(status);
17d5c04c 3213
744cf19e 3214 return mgmt_event(MGMT_EV_CONNECT_FAILED, hdev, &ev, sizeof(ev), NULL);
17d5c04c 3215}
980e1a53 3216
744cf19e 3217int mgmt_pin_code_request(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 secure)
980e1a53
JH		 3218{
3219 struct mgmt_ev_pin_code_request ev;
3220
d8457698
JH		 3221 bacpy(&ev.addr.bdaddr, bdaddr);
3222 ev.addr.type = MGMT_ADDR_BREDR;
a770bb5a 3223 ev.secure = secure;
980e1a53 3224
744cf19e 3225 return mgmt_event(MGMT_EV_PIN_CODE_REQUEST, hdev, &ev, sizeof(ev),
4e51eae9 3226 NULL);
980e1a53
JH		 3227}
3228
744cf19e
JH		 3229int mgmt_pin_code_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
3230 u8 status)
980e1a53
JH		 3231{
3232 struct pending_cmd *cmd;
ac56fb13 3233 struct mgmt_rp_pin_code_reply rp;
980e1a53
JH		 3234 int err;
3235
2e58ef3e 3236 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_REPLY, hdev);
980e1a53
JH		 3237 if (!cmd)
3238 return -ENOENT;
3239
d8457698
JH		 3240 bacpy(&rp.addr.bdaddr, bdaddr);
3241 rp.addr.type = MGMT_ADDR_BREDR;
ac56fb13 3242
aee9b218
JH		 3243 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
3244 mgmt_status(status), &rp, sizeof(rp));
980e1a53 3245
a664b5bc 3246 mgmt_pending_remove(cmd);
980e1a53
JH		 3247
3248 return err;
3249}
3250
744cf19e
JH		 3251int mgmt_pin_code_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
3252 u8 status)
980e1a53
JH		 3253{
3254 struct pending_cmd *cmd;
ac56fb13 3255 struct mgmt_rp_pin_code_reply rp;
980e1a53
JH		 3256 int err;
3257
2e58ef3e 3258 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_NEG_REPLY, hdev);
980e1a53
JH		 3259 if (!cmd)
3260 return -ENOENT;
3261
d8457698
JH		 3262 bacpy(&rp.addr.bdaddr, bdaddr);
3263 rp.addr.type = MGMT_ADDR_BREDR;
ac56fb13 3264
aee9b218
JH		 3265 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_NEG_REPLY,
3266 mgmt_status(status), &rp, sizeof(rp));
980e1a53 3267
a664b5bc 3268 mgmt_pending_remove(cmd);
980e1a53
JH		 3269
3270 return err;
3271}
a5c29683 3272
744cf19e 3273int mgmt_user_confirm_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
272d90df
JH		 3274 u8 link_type, u8 addr_type, __le32 value,
3275 u8 confirm_hint)
a5c29683
JH		 3276{
3277 struct mgmt_ev_user_confirm_request ev;
3278
744cf19e 3279 BT_DBG("%s", hdev->name);
a5c29683 3280
272d90df
JH		 3281 bacpy(&ev.addr.bdaddr, bdaddr);
3282 ev.addr.type = link_to_mgmt(link_type, addr_type);
55bc1a37 3283 ev.confirm_hint = confirm_hint;
a5c29683
JH		 3284 put_unaligned_le32(value, &ev.value);
3285
744cf19e 3286 return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST, hdev, &ev, sizeof(ev),
4e51eae9 3287 NULL);
a5c29683
JH		 3288}
3289
272d90df
JH		 3290int mgmt_user_passkey_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
3291 u8 link_type, u8 addr_type)
604086b7
BG		 3292{
3293 struct mgmt_ev_user_passkey_request ev;
3294
3295 BT_DBG("%s", hdev->name);
3296
272d90df
JH		 3297 bacpy(&ev.addr.bdaddr, bdaddr);
3298 ev.addr.type = link_to_mgmt(link_type, addr_type);
604086b7
BG		 3299
3300 return mgmt_event(MGMT_EV_USER_PASSKEY_REQUEST, hdev, &ev, sizeof(ev),
3301 NULL);
3302}
3303
0df4c185 3304static int user_pairing_resp_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
272d90df
JH		 3305 u8 link_type, u8 addr_type, u8 status,
3306 u8 opcode)
a5c29683
JH		 3307{
3308 struct pending_cmd *cmd;
3309 struct mgmt_rp_user_confirm_reply rp;
3310 int err;
3311
2e58ef3e 3312 cmd = mgmt_pending_find(opcode, hdev);
a5c29683
JH		 3313 if (!cmd)
3314 return -ENOENT;
3315
272d90df
JH		 3316 bacpy(&rp.addr.bdaddr, bdaddr);
3317 rp.addr.type = link_to_mgmt(link_type, addr_type);
aee9b218
JH		 3318 err = cmd_complete(cmd->sk, hdev->id, opcode, mgmt_status(status),
3319 &rp, sizeof(rp));
a5c29683 3320
a664b5bc 3321 mgmt_pending_remove(cmd);
a5c29683
JH		 3322
3323 return err;
3324}
3325
744cf19e 3326int mgmt_user_confirm_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
272d90df 3327 u8 link_type, u8 addr_type, u8 status)
a5c29683 3328{
272d90df
JH		 3329 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
3330 status, MGMT_OP_USER_CONFIRM_REPLY);
a5c29683
JH		 3331}
3332
272d90df
JH		 3333int mgmt_user_confirm_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
3334 u8 link_type, u8 addr_type, u8 status)
a5c29683 3335{
272d90df
JH		 3336 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
3337 status, MGMT_OP_USER_CONFIRM_NEG_REPLY);
a5c29683 3338}
2a611692 3339
604086b7 3340int mgmt_user_passkey_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
272d90df 3341 u8 link_type, u8 addr_type, u8 status)
604086b7 3342{
272d90df
JH		 3343 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
3344 status, MGMT_OP_USER_PASSKEY_REPLY);
604086b7
BG		 3345}
3346
272d90df
JH		 3347int mgmt_user_passkey_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
3348 u8 link_type, u8 addr_type, u8 status)
604086b7 3349{
272d90df
JH		 3350 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
3351 status, MGMT_OP_USER_PASSKEY_NEG_REPLY);
604086b7
BG		 3352}
3353
bab73cb6
JH		 3354int mgmt_auth_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
3355 u8 addr_type, u8 status)
2a611692
JH		 3356{
3357 struct mgmt_ev_auth_failed ev;
3358
bab73cb6
JH		 3359 bacpy(&ev.addr.bdaddr, bdaddr);
3360 ev.addr.type = link_to_mgmt(link_type, addr_type);
ca69b795 3361 ev.status = mgmt_status(status);
2a611692 3362
744cf19e 3363 return mgmt_event(MGMT_EV_AUTH_FAILED, hdev, &ev, sizeof(ev), NULL);
2a611692 3364}
b312b161 3365
33ef95ed
JH		 3366int mgmt_auth_enable_complete(struct hci_dev *hdev, u8 status)
3367{
3368 struct cmd_lookup match = { NULL, hdev };
47990ea0
JH		 3369 bool changed = false;
3370 int err = 0;
33ef95ed
JH		 3371
3372 if (status) {
3373 u8 mgmt_err = mgmt_status(status);
3374 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev,
3375 cmd_status_rsp, &mgmt_err);
3376 return 0;
3377 }
3378
47990ea0
JH		 3379 if (test_bit(HCI_AUTH, &hdev->flags)) {
3380 if (!test_and_set_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
3381 changed = true;
3382 } else {
3383 if (test_and_clear_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
3384 changed = true;
3385 }
3386
33ef95ed
JH		 3387 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev, settings_rsp,
3388 &match);
3389
47990ea0
JH		 3390 if (changed)
3391 err = new_settings(hdev, match.sk);
33ef95ed
JH		 3392
3393 if (match.sk)
3394 sock_put(match.sk);
3395
3396 return err;
3397}
3398
cacaf52f
JH		 3399static int clear_eir(struct hci_dev *hdev)
3400{
3401 struct hci_cp_write_eir cp;
3402
3403 if (!(hdev->features[6] & LMP_EXT_INQ))
3404 return 0;
3405
c80da27e
JH		 3406 memset(hdev->eir, 0, sizeof(hdev->eir));
3407
cacaf52f
JH		 3408 memset(&cp, 0, sizeof(cp));
3409
3410 return hci_send_cmd(hdev, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
3411}
3412
c0ecddc2 3413int mgmt_ssp_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
ed2c4ee3
JH		 3414{
3415 struct cmd_lookup match = { NULL, hdev };
c0ecddc2
JH		 3416 bool changed = false;
3417 int err = 0;
ed2c4ee3
JH		 3418
3419 if (status) {
3420 u8 mgmt_err = mgmt_status(status);
c0ecddc2
JH		 3421
3422 if (enable && test_and_clear_bit(HCI_SSP_ENABLED,
3423 &hdev->dev_flags))
3424 err = new_settings(hdev, NULL);
3425
ed2c4ee3
JH		 3426 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev,
3427 cmd_status_rsp, &mgmt_err);
c0ecddc2
JH		 3428
3429 return err;
3430 }
3431
3432 if (enable) {
3433 if (!test_and_set_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
3434 changed = true;
3435 } else {
3436 if (test_and_clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
3437 changed = true;
ed2c4ee3
JH		 3438 }
3439
3440 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, settings_rsp, &match);
3441
c0ecddc2
JH		 3442 if (changed)
3443 err = new_settings(hdev, match.sk);
ed2c4ee3 3444
5fc6ebb1 3445 if (match.sk)
ed2c4ee3
JH		 3446 sock_put(match.sk);
3447
5fc6ebb1
JH		 3448 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
3449 update_eir(hdev);
3450 else
3451 clear_eir(hdev);
cacaf52f 3452
ed2c4ee3
JH		 3453 return err;
3454}
3455
744cf19e 3456int mgmt_set_local_name_complete(struct hci_dev *hdev, u8 *name, u8 status)
b312b161
JH		 3457{
3458 struct pending_cmd *cmd;
3459 struct mgmt_cp_set_local_name ev;
3460 int err;
3461
3462 memset(&ev, 0, sizeof(ev));
3463 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH);
3464
2e58ef3e 3465 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
b312b161
JH		 3466 if (!cmd)
3467 goto send_event;
3468
3469 if (status) {
744cf19e 3470 err = cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME,
ca69b795 3471 mgmt_status(status));
b312b161
JH		 3472 goto failed;
3473 }
3474
744cf19e 3475 update_eir(hdev);
80a1e1db 3476
aee9b218 3477 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0, &ev,
b312b161
JH		 3478 sizeof(ev));
3479 if (err < 0)
3480 goto failed;
3481
3482send_event:
744cf19e 3483 err = mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, &ev, sizeof(ev),
b312b161
JH		 3484 cmd ? cmd->sk : NULL);
3485
3486failed:
3487 if (cmd)
3488 mgmt_pending_remove(cmd);
3489 return err;
3490}
c35938b2 3491
744cf19e
JH		 3492int mgmt_read_local_oob_data_reply_complete(struct hci_dev *hdev, u8 *hash,
3493 u8 *randomizer, u8 status)
c35938b2
SJ		 3494{
3495 struct pending_cmd *cmd;
3496 int err;
3497
744cf19e 3498 BT_DBG("%s status %u", hdev->name, status);
c35938b2 3499
2e58ef3e 3500 cmd = mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev);
c35938b2
SJ		 3501 if (!cmd)
3502 return -ENOENT;
3503
3504 if (status) {
744cf19e 3505 err = cmd_status(cmd->sk, hdev->id,
ca69b795
JH		 3506 MGMT_OP_READ_LOCAL_OOB_DATA,
3507 mgmt_status(status));
c35938b2
SJ		 3508 } else {
3509 struct mgmt_rp_read_local_oob_data rp;
3510
3511 memcpy(rp.hash, hash, sizeof(rp.hash));
3512 memcpy(rp.randomizer, randomizer, sizeof(rp.randomizer));
3513
744cf19e
JH		 3514 err = cmd_complete(cmd->sk, hdev->id,
3515 MGMT_OP_READ_LOCAL_OOB_DATA,
aee9b218 3516 0, &rp, sizeof(rp));
c35938b2
SJ		 3517 }
3518
3519 mgmt_pending_remove(cmd);
3520
3521 return err;
3522}
e17acd40 3523
48264f06 3524int mgmt_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
561aafbc 3525 u8 addr_type, u8 *dev_class, s8 rssi,
e319d2e7 3526 u8 cfm_name, u8 *eir, u16 eir_len)
e17acd40 3527{
e319d2e7
JH		 3528 char buf[512];
3529 struct mgmt_ev_device_found *ev = (void *) buf;
1dc06093 3530 size_t ev_size;
e17acd40 3531
1dc06093
JH		 3532 /* Leave 5 bytes for a potential CoD field */
3533 if (sizeof(*ev) + eir_len + 5 > sizeof(buf))
7d262f86
AG		 3534 return -EINVAL;
3535
1dc06093
JH		 3536 memset(buf, 0, sizeof(buf));
3537
e319d2e7
JH		 3538 bacpy(&ev->addr.bdaddr, bdaddr);
3539 ev->addr.type = link_to_mgmt(link_type, addr_type);
3540 ev->rssi = rssi;
3541 ev->confirm_name = cfm_name;
e17acd40 3542
1dc06093 3543 if (eir_len > 0)
e319d2e7 3544 memcpy(ev->eir, eir, eir_len);
e17acd40 3545
1dc06093
JH		 3546 if (dev_class && !eir_has_data_type(ev->eir, eir_len, EIR_CLASS_OF_DEV))
3547 eir_len = eir_append_data(ev->eir, eir_len, EIR_CLASS_OF_DEV,
3548 dev_class, 3);
3549
3550 put_unaligned_le16(eir_len, &ev->eir_len);
3551
3552 ev_size = sizeof(*ev) + eir_len;
f8523598 3553
e319d2e7 3554 return mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, ev_size, NULL);
e17acd40 3555}
a88a9652 3556
b644ba33
JH		 3557int mgmt_remote_name(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
3558 u8 addr_type, s8 rssi, u8 *name, u8 name_len)
a88a9652 3559{
b644ba33
JH		 3560 struct mgmt_ev_device_found *ev;
3561 char buf[sizeof(*ev) + HCI_MAX_NAME_LENGTH + 2];
3562 u16 eir_len;
a88a9652 3563
b644ba33 3564 ev = (struct mgmt_ev_device_found *) buf;
a88a9652 3565
b644ba33
JH		 3566 memset(buf, 0, sizeof(buf));
3567
3568 bacpy(&ev->addr.bdaddr, bdaddr);
3569 ev->addr.type = link_to_mgmt(link_type, addr_type);
3570 ev->rssi = rssi;
3571
3572 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE, name,
3573 name_len);
3574
3575 put_unaligned_le16(eir_len, &ev->eir_len);
a88a9652 3576
053c7e0c
JH		 3577 return mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev,
3578 sizeof(*ev) + eir_len, NULL);
a88a9652 3579}
314b2381 3580
7a135109 3581int mgmt_start_discovery_failed(struct hci_dev *hdev, u8 status)
164a6e78
JH		 3582{
3583 struct pending_cmd *cmd;
f808e166 3584 u8 type;
164a6e78
JH		 3585 int err;
3586
203159d4
AG		 3587 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
3588
2e58ef3e 3589 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
164a6e78
JH		 3590 if (!cmd)
3591 return -ENOENT;
3592
f808e166
JH		 3593 type = hdev->discovery.type;
3594
3595 err = cmd_complete(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status),
3596 &type, sizeof(type));
164a6e78
JH		 3597 mgmt_pending_remove(cmd);
3598
3599 return err;
3600}
3601
e6d465cb
AG		 3602int mgmt_stop_discovery_failed(struct hci_dev *hdev, u8 status)
3603{
3604 struct pending_cmd *cmd;
3605 int err;
3606
3607 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
3608 if (!cmd)
3609 return -ENOENT;
3610
d930650b
JH		 3611 err = cmd_complete(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status),
3612 &hdev->discovery.type,
3613 sizeof(hdev->discovery.type));
164a6e78
JH		 3614 mgmt_pending_remove(cmd);
3615
3616 return err;
3617}
3618
744cf19e 3619int mgmt_discovering(struct hci_dev *hdev, u8 discovering)
314b2381 3620{
f963e8e9 3621 struct mgmt_ev_discovering ev;
164a6e78
JH		 3622 struct pending_cmd *cmd;
3623
343fb145
AG		 3624 BT_DBG("%s discovering %u", hdev->name, discovering);
3625
164a6e78 3626 if (discovering)
2e58ef3e 3627 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
164a6e78 3628 else
2e58ef3e 3629 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
164a6e78
JH		 3630
3631 if (cmd != NULL) {
f808e166
JH		 3632 u8 type = hdev->discovery.type;
3633
d930650b 3634 cmd_complete(cmd->sk, hdev->id, cmd->opcode, 0,
f808e166 3635 &type, sizeof(type));
164a6e78
JH		 3636 mgmt_pending_remove(cmd);
3637 }
3638
f963e8e9
JH		 3639 memset(&ev, 0, sizeof(ev));
3640 ev.type = hdev->discovery.type;
3641 ev.discovering = discovering;
3642
3643 return mgmt_event(MGMT_EV_DISCOVERING, hdev, &ev, sizeof(ev), NULL);
314b2381 3644}
5e762444 3645
88c1fe4b 3646int mgmt_device_blocked(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
5e762444
AJ		 3647{
3648 struct pending_cmd *cmd;
3649 struct mgmt_ev_device_blocked ev;
3650
2e58ef3e 3651 cmd = mgmt_pending_find(MGMT_OP_BLOCK_DEVICE, hdev);
5e762444 3652
88c1fe4b
JH		 3653 bacpy(&ev.addr.bdaddr, bdaddr);
3654 ev.addr.type = type;
5e762444 3655
744cf19e
JH		 3656 return mgmt_event(MGMT_EV_DEVICE_BLOCKED, hdev, &ev, sizeof(ev),
3657 cmd ? cmd->sk : NULL);
5e762444
AJ		 3658}
3659
88c1fe4b 3660int mgmt_device_unblocked(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
5e762444
AJ		 3661{
3662 struct pending_cmd *cmd;
3663 struct mgmt_ev_device_unblocked ev;
3664
2e58ef3e 3665 cmd = mgmt_pending_find(MGMT_OP_UNBLOCK_DEVICE, hdev);
5e762444 3666
88c1fe4b
JH		 3667 bacpy(&ev.addr.bdaddr, bdaddr);
3668 ev.addr.type = type;
5e762444 3669
744cf19e
JH		 3670 return mgmt_event(MGMT_EV_DEVICE_UNBLOCKED, hdev, &ev, sizeof(ev),
3671 cmd ? cmd->sk : NULL);
5e762444 3672}
d7b7e796
MH		 3673
3674module_param(enable_hs, bool, 0644);
3675MODULE_PARM_DESC(enable_hs, "Enable High Speed support");
3676
3677module_param(enable_le, bool, 0644);
3678MODULE_PARM_DESC(enable_le, "Enable Low Energy support");
kernel source for telekom puls (alcatel/mediatek)