projects / GitHub / mt8127 / android_kernel_alcatel_ttab.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Bluetooth: Fix processing A2MP chan in security_cfm
[GitHub/mt8127/android_kernel_alcatel_ttab.git] / net / bluetooth / mgmt.c
CommitLineData
0381101f
JH		 1/*
2 BlueZ - Bluetooth protocol stack for Linux
ea585ab5 3
0381101f 4 Copyright (C) 2010 Nokia Corporation
ea585ab5 5 Copyright (C) 2011-2012 Intel Corporation
0381101f
JH		 6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
10
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
23*/
24
25/* Bluetooth HCI Management interface */
26
3a9a231d 27#include <linux/module.h>
0381101f
JH		 28#include <asm/unaligned.h>
29
30#include <net/bluetooth/bluetooth.h>
31#include <net/bluetooth/hci_core.h>
32#include <net/bluetooth/mgmt.h>
5fe57d9e 33#include <net/bluetooth/smp.h>
0381101f 34
d7b7e796 35bool enable_hs;
d7b7e796 36
2da9c55c 37#define MGMT_VERSION 1
053262dc 38#define MGMT_REVISION 1
02d98129 39
e70bb2e8
JH		 40static const u16 mgmt_commands[] = {
41 MGMT_OP_READ_INDEX_LIST,
42 MGMT_OP_READ_INFO,
43 MGMT_OP_SET_POWERED,
44 MGMT_OP_SET_DISCOVERABLE,
45 MGMT_OP_SET_CONNECTABLE,
46 MGMT_OP_SET_FAST_CONNECTABLE,
47 MGMT_OP_SET_PAIRABLE,
48 MGMT_OP_SET_LINK_SECURITY,
49 MGMT_OP_SET_SSP,
50 MGMT_OP_SET_HS,
51 MGMT_OP_SET_LE,
52 MGMT_OP_SET_DEV_CLASS,
53 MGMT_OP_SET_LOCAL_NAME,
54 MGMT_OP_ADD_UUID,
55 MGMT_OP_REMOVE_UUID,
56 MGMT_OP_LOAD_LINK_KEYS,
57 MGMT_OP_LOAD_LONG_TERM_KEYS,
58 MGMT_OP_DISCONNECT,
59 MGMT_OP_GET_CONNECTIONS,
60 MGMT_OP_PIN_CODE_REPLY,
61 MGMT_OP_PIN_CODE_NEG_REPLY,
62 MGMT_OP_SET_IO_CAPABILITY,
63 MGMT_OP_PAIR_DEVICE,
64 MGMT_OP_CANCEL_PAIR_DEVICE,
65 MGMT_OP_UNPAIR_DEVICE,
66 MGMT_OP_USER_CONFIRM_REPLY,
67 MGMT_OP_USER_CONFIRM_NEG_REPLY,
68 MGMT_OP_USER_PASSKEY_REPLY,
69 MGMT_OP_USER_PASSKEY_NEG_REPLY,
70 MGMT_OP_READ_LOCAL_OOB_DATA,
71 MGMT_OP_ADD_REMOTE_OOB_DATA,
72 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
73 MGMT_OP_START_DISCOVERY,
74 MGMT_OP_STOP_DISCOVERY,
75 MGMT_OP_CONFIRM_NAME,
76 MGMT_OP_BLOCK_DEVICE,
77 MGMT_OP_UNBLOCK_DEVICE,
cdbaccca 78 MGMT_OP_SET_DEVICE_ID,
e70bb2e8
JH		 79};
80
81static const u16 mgmt_events[] = {
82 MGMT_EV_CONTROLLER_ERROR,
83 MGMT_EV_INDEX_ADDED,
84 MGMT_EV_INDEX_REMOVED,
85 MGMT_EV_NEW_SETTINGS,
86 MGMT_EV_CLASS_OF_DEV_CHANGED,
87 MGMT_EV_LOCAL_NAME_CHANGED,
88 MGMT_EV_NEW_LINK_KEY,
89 MGMT_EV_NEW_LONG_TERM_KEY,
90 MGMT_EV_DEVICE_CONNECTED,
91 MGMT_EV_DEVICE_DISCONNECTED,
92 MGMT_EV_CONNECT_FAILED,
93 MGMT_EV_PIN_CODE_REQUEST,
94 MGMT_EV_USER_CONFIRM_REQUEST,
95 MGMT_EV_USER_PASSKEY_REQUEST,
96 MGMT_EV_AUTH_FAILED,
97 MGMT_EV_DEVICE_FOUND,
98 MGMT_EV_DISCOVERING,
99 MGMT_EV_DEVICE_BLOCKED,
100 MGMT_EV_DEVICE_UNBLOCKED,
101 MGMT_EV_DEVICE_UNPAIRED,
102};
103
3fd24153
AG		 104/*
105 * These LE scan and inquiry parameters were chosen according to LE General
106 * Discovery Procedure specification.
107 */
108#define LE_SCAN_TYPE 0x01
109#define LE_SCAN_WIN 0x12
110#define LE_SCAN_INT 0x12
111#define LE_SCAN_TIMEOUT_LE_ONLY 10240 /* TGAP(gen_disc_scan_min) */
5e0452c0 112#define LE_SCAN_TIMEOUT_BREDR_LE 5120 /* TGAP(100)/2 */
3fd24153 113
e8777525 114#define INQUIRY_LEN_BREDR 0x08 /* TGAP(100) */
5e0452c0 115#define INQUIRY_LEN_BREDR_LE 0x04 /* TGAP(100)/2 */
2519a1fc 116
17b02e62 117#define CACHE_TIMEOUT msecs_to_jiffies(2 * 1000)
7d78525d 118
4b34ee78
JH		 119#define hdev_is_powered(hdev) (test_bit(HCI_UP, &hdev->flags) && \
120 !test_bit(HCI_AUTO_OFF, &hdev->dev_flags))
121
eec8d2bc
JH		 122struct pending_cmd {
123 struct list_head list;
fc2f4b13 124 u16 opcode;
eec8d2bc 125 int index;
c68fb7ff 126 void *param;
eec8d2bc 127 struct sock *sk;
e9a416b5 128 void *user_data;
eec8d2bc
JH		 129};
130
ca69b795
JH		 131/* HCI to MGMT error code conversion table */
132static u8 mgmt_status_table[] = {
133 MGMT_STATUS_SUCCESS,
134 MGMT_STATUS_UNKNOWN_COMMAND, /* Unknown Command */
135 MGMT_STATUS_NOT_CONNECTED, /* No Connection */
136 MGMT_STATUS_FAILED, /* Hardware Failure */
137 MGMT_STATUS_CONNECT_FAILED, /* Page Timeout */
138 MGMT_STATUS_AUTH_FAILED, /* Authentication Failed */
139 MGMT_STATUS_NOT_PAIRED, /* PIN or Key Missing */
140 MGMT_STATUS_NO_RESOURCES, /* Memory Full */
141 MGMT_STATUS_TIMEOUT, /* Connection Timeout */
142 MGMT_STATUS_NO_RESOURCES, /* Max Number of Connections */
143 MGMT_STATUS_NO_RESOURCES, /* Max Number of SCO Connections */
144 MGMT_STATUS_ALREADY_CONNECTED, /* ACL Connection Exists */
145 MGMT_STATUS_BUSY, /* Command Disallowed */
146 MGMT_STATUS_NO_RESOURCES, /* Rejected Limited Resources */
147 MGMT_STATUS_REJECTED, /* Rejected Security */
148 MGMT_STATUS_REJECTED, /* Rejected Personal */
149 MGMT_STATUS_TIMEOUT, /* Host Timeout */
150 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Feature */
151 MGMT_STATUS_INVALID_PARAMS, /* Invalid Parameters */
152 MGMT_STATUS_DISCONNECTED, /* OE User Ended Connection */
153 MGMT_STATUS_NO_RESOURCES, /* OE Low Resources */
154 MGMT_STATUS_DISCONNECTED, /* OE Power Off */
155 MGMT_STATUS_DISCONNECTED, /* Connection Terminated */
156 MGMT_STATUS_BUSY, /* Repeated Attempts */
157 MGMT_STATUS_REJECTED, /* Pairing Not Allowed */
158 MGMT_STATUS_FAILED, /* Unknown LMP PDU */
159 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Remote Feature */
160 MGMT_STATUS_REJECTED, /* SCO Offset Rejected */
161 MGMT_STATUS_REJECTED, /* SCO Interval Rejected */
162 MGMT_STATUS_REJECTED, /* Air Mode Rejected */
163 MGMT_STATUS_INVALID_PARAMS, /* Invalid LMP Parameters */
164 MGMT_STATUS_FAILED, /* Unspecified Error */
165 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported LMP Parameter Value */
166 MGMT_STATUS_FAILED, /* Role Change Not Allowed */
167 MGMT_STATUS_TIMEOUT, /* LMP Response Timeout */
168 MGMT_STATUS_FAILED, /* LMP Error Transaction Collision */
169 MGMT_STATUS_FAILED, /* LMP PDU Not Allowed */
170 MGMT_STATUS_REJECTED, /* Encryption Mode Not Accepted */
171 MGMT_STATUS_FAILED, /* Unit Link Key Used */
172 MGMT_STATUS_NOT_SUPPORTED, /* QoS Not Supported */
173 MGMT_STATUS_TIMEOUT, /* Instant Passed */
174 MGMT_STATUS_NOT_SUPPORTED, /* Pairing Not Supported */
175 MGMT_STATUS_FAILED, /* Transaction Collision */
176 MGMT_STATUS_INVALID_PARAMS, /* Unacceptable Parameter */
177 MGMT_STATUS_REJECTED, /* QoS Rejected */
178 MGMT_STATUS_NOT_SUPPORTED, /* Classification Not Supported */
179 MGMT_STATUS_REJECTED, /* Insufficient Security */
180 MGMT_STATUS_INVALID_PARAMS, /* Parameter Out Of Range */
181 MGMT_STATUS_BUSY, /* Role Switch Pending */
182 MGMT_STATUS_FAILED, /* Slot Violation */
183 MGMT_STATUS_FAILED, /* Role Switch Failed */
184 MGMT_STATUS_INVALID_PARAMS, /* EIR Too Large */
185 MGMT_STATUS_NOT_SUPPORTED, /* Simple Pairing Not Supported */
186 MGMT_STATUS_BUSY, /* Host Busy Pairing */
187 MGMT_STATUS_REJECTED, /* Rejected, No Suitable Channel */
188 MGMT_STATUS_BUSY, /* Controller Busy */
189 MGMT_STATUS_INVALID_PARAMS, /* Unsuitable Connection Interval */
190 MGMT_STATUS_TIMEOUT, /* Directed Advertising Timeout */
191 MGMT_STATUS_AUTH_FAILED, /* Terminated Due to MIC Failure */
192 MGMT_STATUS_CONNECT_FAILED, /* Connection Establishment Failed */
193 MGMT_STATUS_CONNECT_FAILED, /* MAC Connection Failed */
194};
195
bb4b2a9a
AE		 196bool mgmt_valid_hdev(struct hci_dev *hdev)
197{
198 return hdev->dev_type == HCI_BREDR;
199}
200
ca69b795
JH		 201static u8 mgmt_status(u8 hci_status)
202{
203 if (hci_status < ARRAY_SIZE(mgmt_status_table))
204 return mgmt_status_table[hci_status];
205
206 return MGMT_STATUS_FAILED;
207}
208
4e51eae9 209static int cmd_status(struct sock *sk, u16 index, u16 cmd, u8 status)
f7b64e69
JH		 210{
211 struct sk_buff *skb;
212 struct mgmt_hdr *hdr;
213 struct mgmt_ev_cmd_status *ev;
56b7d137 214 int err;
f7b64e69 215
34eb525c 216 BT_DBG("sock %p, index %u, cmd %u, status %u", sk, index, cmd, status);
f7b64e69 217
790eff44 218 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev), GFP_KERNEL);
f7b64e69
JH		 219 if (!skb)
220 return -ENOMEM;
221
222 hdr = (void *) skb_put(skb, sizeof(*hdr));
223
224 hdr->opcode = cpu_to_le16(MGMT_EV_CMD_STATUS);
4e51eae9 225 hdr->index = cpu_to_le16(index);
f7b64e69
JH		 226 hdr->len = cpu_to_le16(sizeof(*ev));
227
228 ev = (void *) skb_put(skb, sizeof(*ev));
229 ev->status = status;
eb55ef07 230 ev->opcode = cpu_to_le16(cmd);
f7b64e69 231
56b7d137
GP		 232 err = sock_queue_rcv_skb(sk, skb);
233 if (err < 0)
f7b64e69
JH		 234 kfree_skb(skb);
235
56b7d137 236 return err;
f7b64e69
JH		 237}
238
aee9b218 239static int cmd_complete(struct sock *sk, u16 index, u16 cmd, u8 status,
04124681 240 void *rp, size_t rp_len)
02d98129
JH		 241{
242 struct sk_buff *skb;
243 struct mgmt_hdr *hdr;
244 struct mgmt_ev_cmd_complete *ev;
56b7d137 245 int err;
02d98129
JH		 246
247 BT_DBG("sock %p", sk);
248
790eff44 249 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev) + rp_len, GFP_KERNEL);
02d98129
JH		 250 if (!skb)
251 return -ENOMEM;
252
253 hdr = (void *) skb_put(skb, sizeof(*hdr));
02d98129 254
a38528f1 255 hdr->opcode = cpu_to_le16(MGMT_EV_CMD_COMPLETE);
4e51eae9 256 hdr->index = cpu_to_le16(index);
a38528f1 257 hdr->len = cpu_to_le16(sizeof(*ev) + rp_len);
02d98129 258
a38528f1 259 ev = (void *) skb_put(skb, sizeof(*ev) + rp_len);
eb55ef07 260 ev->opcode = cpu_to_le16(cmd);
aee9b218 261 ev->status = status;
8020c16a
SJ		 262
263 if (rp)
264 memcpy(ev->data, rp, rp_len);
02d98129 265
56b7d137
GP		 266 err = sock_queue_rcv_skb(sk, skb);
267 if (err < 0)
02d98129
JH		 268 kfree_skb(skb);
269
e5f0e151 270 return err;
02d98129
JH		 271}
272
04124681
GP		 273static int read_version(struct sock *sk, struct hci_dev *hdev, void *data,
274 u16 data_len)
a38528f1
JH		 275{
276 struct mgmt_rp_read_version rp;
277
278 BT_DBG("sock %p", sk);
279
280 rp.version = MGMT_VERSION;
eb55ef07 281 rp.revision = __constant_cpu_to_le16(MGMT_REVISION);
a38528f1 282
aee9b218 283 return cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_VERSION, 0, &rp,
04124681 284 sizeof(rp));
a38528f1
JH		 285}
286
04124681
GP		 287static int read_commands(struct sock *sk, struct hci_dev *hdev, void *data,
288 u16 data_len)
e70bb2e8
JH		 289{
290 struct mgmt_rp_read_commands *rp;
eb55ef07
MH		 291 const u16 num_commands = ARRAY_SIZE(mgmt_commands);
292 const u16 num_events = ARRAY_SIZE(mgmt_events);
2e3c35ea 293 __le16 *opcode;
e70bb2e8
JH		 294 size_t rp_size;
295 int i, err;
296
297 BT_DBG("sock %p", sk);
298
299 rp_size = sizeof(*rp) + ((num_commands + num_events) * sizeof(u16));
300
301 rp = kmalloc(rp_size, GFP_KERNEL);
302 if (!rp)
303 return -ENOMEM;
304
eb55ef07
MH		 305 rp->num_commands = __constant_cpu_to_le16(num_commands);
306 rp->num_events = __constant_cpu_to_le16(num_events);
e70bb2e8
JH		 307
308 for (i = 0, opcode = rp->opcodes; i < num_commands; i++, opcode++)
309 put_unaligned_le16(mgmt_commands[i], opcode);
310
311 for (i = 0; i < num_events; i++, opcode++)
312 put_unaligned_le16(mgmt_events[i], opcode);
313
aee9b218 314 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_COMMANDS, 0, rp,
04124681 315 rp_size);
e70bb2e8
JH		 316 kfree(rp);
317
318 return err;
319}
320
04124681
GP		 321static int read_index_list(struct sock *sk, struct hci_dev *hdev, void *data,
322 u16 data_len)
faba42eb 323{
faba42eb 324 struct mgmt_rp_read_index_list *rp;
8035ded4 325 struct hci_dev *d;
a38528f1 326 size_t rp_len;
faba42eb 327 u16 count;
a38528f1 328 int i, err;
faba42eb
JH		 329
330 BT_DBG("sock %p", sk);
331
332 read_lock(&hci_dev_list_lock);
333
334 count = 0;
bb4b2a9a
AE		 335 list_for_each_entry(d, &hci_dev_list, list) {
336 if (!mgmt_valid_hdev(d))
337 continue;
338
faba42eb
JH		 339 count++;
340 }
341
a38528f1
JH		 342 rp_len = sizeof(*rp) + (2 * count);
343 rp = kmalloc(rp_len, GFP_ATOMIC);
344 if (!rp) {
b2c60d42 345 read_unlock(&hci_dev_list_lock);
faba42eb 346 return -ENOMEM;
b2c60d42 347 }
faba42eb 348
eb55ef07 349 rp->num_controllers = cpu_to_le16(count);
faba42eb
JH		 350
351 i = 0;
8035ded4 352 list_for_each_entry(d, &hci_dev_list, list) {
a8b2d5c2 353 if (test_bit(HCI_SETUP, &d->dev_flags))
ab81cbf9
JH		 354 continue;
355
bb4b2a9a
AE		 356 if (!mgmt_valid_hdev(d))
357 continue;
358
eb55ef07 359 rp->index[i++] = cpu_to_le16(d->id);
faba42eb
JH		 360 BT_DBG("Added hci%u", d->id);
361 }
362
363 read_unlock(&hci_dev_list_lock);
364
aee9b218 365 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_INDEX_LIST, 0, rp,
04124681 366 rp_len);
faba42eb 367
a38528f1
JH		 368 kfree(rp);
369
370 return err;
faba42eb
JH		 371}
372
69ab39ea
JH		 373static u32 get_supported_settings(struct hci_dev *hdev)
374{
375 u32 settings = 0;
376
377 settings |= MGMT_SETTING_POWERED;
378 settings |= MGMT_SETTING_CONNECTABLE;
379 settings |= MGMT_SETTING_FAST_CONNECTABLE;
380 settings |= MGMT_SETTING_DISCOVERABLE;
381 settings |= MGMT_SETTING_PAIRABLE;
382
383 if (hdev->features[6] & LMP_SIMPLE_PAIR)
384 settings |= MGMT_SETTING_SSP;
385
386 if (!(hdev->features[4] & LMP_NO_BREDR)) {
387 settings |= MGMT_SETTING_BREDR;
388 settings |= MGMT_SETTING_LINK_SECURITY;
389 }
390
d7b7e796
MH		 391 if (enable_hs)
392 settings |= MGMT_SETTING_HS;
393
9d42820f
MH		 394 if (hdev->features[4] & LMP_LE)
395 settings |= MGMT_SETTING_LE;
69ab39ea
JH		 396
397 return settings;
398}
399
400static u32 get_current_settings(struct hci_dev *hdev)
401{
402 u32 settings = 0;
403
f1f0eb02 404 if (hdev_is_powered(hdev))
f0d4b78a
MH		 405 settings |= MGMT_SETTING_POWERED;
406
5e5282bb 407 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
69ab39ea
JH		 408 settings |= MGMT_SETTING_CONNECTABLE;
409
5e5282bb 410 if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
69ab39ea
JH		 411 settings |= MGMT_SETTING_DISCOVERABLE;
412
a8b2d5c2 413 if (test_bit(HCI_PAIRABLE, &hdev->dev_flags))
69ab39ea
JH		 414 settings |= MGMT_SETTING_PAIRABLE;
415
416 if (!(hdev->features[4] & LMP_NO_BREDR))
417 settings |= MGMT_SETTING_BREDR;
418
06199cf8 419 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
69ab39ea
JH		 420 settings |= MGMT_SETTING_LE;
421
47990ea0 422 if (test_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
69ab39ea
JH		 423 settings |= MGMT_SETTING_LINK_SECURITY;
424
84bde9d6 425 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
69ab39ea
JH		 426 settings |= MGMT_SETTING_SSP;
427
6d80dfd0
JH		 428 if (test_bit(HCI_HS_ENABLED, &hdev->dev_flags))
429 settings |= MGMT_SETTING_HS;
430
69ab39ea
JH		 431 return settings;
432}
433
ef580372
JH		 434#define PNP_INFO_SVCLASS_ID 0x1200
435
436static u8 bluetooth_base_uuid[] = {
437 0xFB, 0x34, 0x9B, 0x5F, 0x80, 0x00, 0x00, 0x80,
438 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
439};
440
441static u16 get_uuid16(u8 *uuid128)
442{
443 u32 val;
444 int i;
445
446 for (i = 0; i < 12; i++) {
447 if (bluetooth_base_uuid[i] != uuid128[i])
448 return 0;
449 }
450
3e9fb6d8 451 val = get_unaligned_le32(&uuid128[12]);
ef580372
JH		 452 if (val > 0xffff)
453 return 0;
454
455 return (u16) val;
456}
457
458static void create_eir(struct hci_dev *hdev, u8 *data)
459{
460 u8 *ptr = data;
461 u16 eir_len = 0;
462 u16 uuid16_list[HCI_MAX_EIR_LENGTH / sizeof(u16)];
463 int i, truncated = 0;
464 struct bt_uuid *uuid;
465 size_t name_len;
466
467 name_len = strlen(hdev->dev_name);
468
469 if (name_len > 0) {
470 /* EIR Data type */
471 if (name_len > 48) {
472 name_len = 48;
473 ptr[1] = EIR_NAME_SHORT;
474 } else
475 ptr[1] = EIR_NAME_COMPLETE;
476
477 /* EIR Data length */
478 ptr[0] = name_len + 1;
479
480 memcpy(ptr + 2, hdev->dev_name, name_len);
481
482 eir_len += (name_len + 2);
483 ptr += (name_len + 2);
484 }
485
91c4e9b1
MH		 486 if (hdev->inq_tx_power) {
487 ptr[0] = 2;
488 ptr[1] = EIR_TX_POWER;
489 ptr[2] = (u8) hdev->inq_tx_power;
490
491 eir_len += 3;
492 ptr += 3;
493 }
494
2b9be137
MH		 495 if (hdev->devid_source > 0) {
496 ptr[0] = 9;
497 ptr[1] = EIR_DEVICE_ID;
498
499 put_unaligned_le16(hdev->devid_source, ptr + 2);
500 put_unaligned_le16(hdev->devid_vendor, ptr + 4);
501 put_unaligned_le16(hdev->devid_product, ptr + 6);
502 put_unaligned_le16(hdev->devid_version, ptr + 8);
503
504 eir_len += 10;
505 ptr += 10;
506 }
507
ef580372
JH		 508 memset(uuid16_list, 0, sizeof(uuid16_list));
509
510 /* Group all UUID16 types */
511 list_for_each_entry(uuid, &hdev->uuids, list) {
512 u16 uuid16;
513
514 uuid16 = get_uuid16(uuid->uuid);
515 if (uuid16 == 0)
516 return;
517
518 if (uuid16 < 0x1100)
519 continue;
520
521 if (uuid16 == PNP_INFO_SVCLASS_ID)
522 continue;
523
524 /* Stop if not enough space to put next UUID */
525 if (eir_len + 2 + sizeof(u16) > HCI_MAX_EIR_LENGTH) {
526 truncated = 1;
527 break;
528 }
529
530 /* Check for duplicates */
531 for (i = 0; uuid16_list[i] != 0; i++)
532 if (uuid16_list[i] == uuid16)
533 break;
534
535 if (uuid16_list[i] == 0) {
536 uuid16_list[i] = uuid16;
537 eir_len += sizeof(u16);
538 }
539 }
540
541 if (uuid16_list[0] != 0) {
542 u8 *length = ptr;
543
544 /* EIR Data type */
545 ptr[1] = truncated ? EIR_UUID16_SOME : EIR_UUID16_ALL;
546
547 ptr += 2;
548 eir_len += 2;
549
550 for (i = 0; uuid16_list[i] != 0; i++) {
551 *ptr++ = (uuid16_list[i] & 0x00ff);
552 *ptr++ = (uuid16_list[i] & 0xff00) >> 8;
553 }
554
555 /* EIR Data length */
556 *length = (i * sizeof(u16)) + 1;
557 }
558}
559
560static int update_eir(struct hci_dev *hdev)
561{
562 struct hci_cp_write_eir cp;
563
504c8dcd 564 if (!hdev_is_powered(hdev))
7770c4aa
JH		 565 return 0;
566
ef580372
JH		 567 if (!(hdev->features[6] & LMP_EXT_INQ))
568 return 0;
569
84bde9d6 570 if (!test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
ef580372
JH		 571 return 0;
572
a8b2d5c2 573 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
ef580372
JH		 574 return 0;
575
576 memset(&cp, 0, sizeof(cp));
577
578 create_eir(hdev, cp.data);
579
580 if (memcmp(cp.data, hdev->eir, sizeof(cp.data)) == 0)
581 return 0;
582
583 memcpy(hdev->eir, cp.data, sizeof(cp.data));
584
585 return hci_send_cmd(hdev, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
586}
587
588static u8 get_service_classes(struct hci_dev *hdev)
589{
590 struct bt_uuid *uuid;
591 u8 val = 0;
592
593 list_for_each_entry(uuid, &hdev->uuids, list)
594 val |= uuid->svc_hint;
595
596 return val;
597}
598
599static int update_class(struct hci_dev *hdev)
600{
601 u8 cod[3];
c95f0ba7 602 int err;
ef580372
JH		 603
604 BT_DBG("%s", hdev->name);
605
504c8dcd 606 if (!hdev_is_powered(hdev))
7770c4aa
JH		 607 return 0;
608
a8b2d5c2 609 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
ef580372
JH		 610 return 0;
611
612 cod[0] = hdev->minor_class;
613 cod[1] = hdev->major_class;
614 cod[2] = get_service_classes(hdev);
615
616 if (memcmp(cod, hdev->dev_class, 3) == 0)
617 return 0;
618
c95f0ba7
JH		 619 err = hci_send_cmd(hdev, HCI_OP_WRITE_CLASS_OF_DEV, sizeof(cod), cod);
620 if (err == 0)
621 set_bit(HCI_PENDING_CLASS, &hdev->dev_flags);
622
623 return err;
ef580372
JH		 624}
625
7d78525d
JH		 626static void service_cache_off(struct work_struct *work)
627{
628 struct hci_dev *hdev = container_of(work, struct hci_dev,
04124681 629 service_cache.work);
7d78525d 630
a8b2d5c2 631 if (!test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
7d78525d
JH		 632 return;
633
634 hci_dev_lock(hdev);
635
636 update_eir(hdev);
637 update_class(hdev);
638
639 hci_dev_unlock(hdev);
640}
641
6a919082 642static void mgmt_init_hdev(struct sock *sk, struct hci_dev *hdev)
7d78525d 643{
4f87da80 644 if (test_and_set_bit(HCI_MGMT, &hdev->dev_flags))
6a919082
JH		 645 return;
646
4f87da80 647 INIT_DELAYED_WORK(&hdev->service_cache, service_cache_off);
7d78525d 648
4f87da80
JH		 649 /* Non-mgmt controlled devices get this bit set
650 * implicitly so that pairing works for them, however
651 * for mgmt we require user-space to explicitly enable
652 * it
653 */
654 clear_bit(HCI_PAIRABLE, &hdev->dev_flags);
7d78525d
JH		 655}
656
0f4e68cf 657static int read_controller_info(struct sock *sk, struct hci_dev *hdev,
04124681 658 void *data, u16 data_len)
0381101f 659{
a38528f1 660 struct mgmt_rp_read_info rp;
f7b64e69 661
bdb6d971 662 BT_DBG("sock %p %s", sk, hdev->name);
f7b64e69 663
09fd0de5 664 hci_dev_lock(hdev);
f7b64e69 665
dc4fe30b
JH		 666 memset(&rp, 0, sizeof(rp));
667
69ab39ea 668 bacpy(&rp.bdaddr, &hdev->bdaddr);
f7b64e69 669
69ab39ea 670 rp.version = hdev->hci_ver;
eb55ef07 671 rp.manufacturer = cpu_to_le16(hdev->manufacturer);
69ab39ea
JH		 672
673 rp.supported_settings = cpu_to_le32(get_supported_settings(hdev));
674 rp.current_settings = cpu_to_le32(get_current_settings(hdev));
f7b64e69 675
a38528f1 676 memcpy(rp.dev_class, hdev->dev_class, 3);
f7b64e69 677
dc4fe30b 678 memcpy(rp.name, hdev->dev_name, sizeof(hdev->dev_name));
27fcc362 679 memcpy(rp.short_name, hdev->short_name, sizeof(hdev->short_name));
dc4fe30b 680
09fd0de5 681 hci_dev_unlock(hdev);
0381101f 682
bdb6d971 683 return cmd_complete(sk, hdev->id, MGMT_OP_READ_INFO, 0, &rp,
04124681 684 sizeof(rp));
0381101f
JH		 685}
686
eec8d2bc
JH		 687static void mgmt_pending_free(struct pending_cmd *cmd)
688{
689 sock_put(cmd->sk);
c68fb7ff 690 kfree(cmd->param);
eec8d2bc
JH		 691 kfree(cmd);
692}
693
366a0336 694static struct pending_cmd *mgmt_pending_add(struct sock *sk, u16 opcode,
04124681
GP		 695 struct hci_dev *hdev, void *data,
696 u16 len)
eec8d2bc
JH		 697{
698 struct pending_cmd *cmd;
699
12b94565 700 cmd = kmalloc(sizeof(*cmd), GFP_KERNEL);
eec8d2bc 701 if (!cmd)
366a0336 702 return NULL;
eec8d2bc
JH		 703
704 cmd->opcode = opcode;
2e58ef3e 705 cmd->index = hdev->id;
eec8d2bc 706
12b94565 707 cmd->param = kmalloc(len, GFP_KERNEL);
c68fb7ff 708 if (!cmd->param) {
eec8d2bc 709 kfree(cmd);
366a0336 710 return NULL;
eec8d2bc
JH		 711 }
712
8fce6357
SJ		 713 if (data)
714 memcpy(cmd->param, data, len);
eec8d2bc
JH		 715
716 cmd->sk = sk;
717 sock_hold(sk);
718
2e58ef3e 719 list_add(&cmd->list, &hdev->mgmt_pending);
eec8d2bc 720
366a0336 721 return cmd;
eec8d2bc
JH		 722}
723
744cf19e 724static void mgmt_pending_foreach(u16 opcode, struct hci_dev *hdev,
8fc9ced3
GP		 725 void (*cb)(struct pending_cmd *cmd,
726 void *data),
04124681 727 void *data)
eec8d2bc
JH		 728{
729 struct list_head *p, *n;
730
2e58ef3e 731 list_for_each_safe(p, n, &hdev->mgmt_pending) {
eec8d2bc
JH		 732 struct pending_cmd *cmd;
733
734 cmd = list_entry(p, struct pending_cmd, list);
735
b24752fe 736 if (opcode > 0 && cmd->opcode != opcode)
eec8d2bc
JH		 737 continue;
738
eec8d2bc
JH		 739 cb(cmd, data);
740 }
741}
742
2e58ef3e 743static struct pending_cmd *mgmt_pending_find(u16 opcode, struct hci_dev *hdev)
eec8d2bc 744{
8035ded4 745 struct pending_cmd *cmd;
eec8d2bc 746
2e58ef3e 747 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
2aeabcbe
JH		 748 if (cmd->opcode == opcode)
749 return cmd;
eec8d2bc
JH		 750 }
751
752 return NULL;
753}
754
a664b5bc 755static void mgmt_pending_remove(struct pending_cmd *cmd)
73f22f62 756{
73f22f62
JH		 757 list_del(&cmd->list);
758 mgmt_pending_free(cmd);
759}
760
69ab39ea 761static int send_settings_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
8680570b 762{
69ab39ea 763 __le32 settings = cpu_to_le32(get_current_settings(hdev));
8680570b 764
aee9b218 765 return cmd_complete(sk, hdev->id, opcode, 0, &settings,
04124681 766 sizeof(settings));
8680570b
JH		 767}
768
bdb6d971 769static int set_powered(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 770 u16 len)
eec8d2bc 771{
650f726d 772 struct mgmt_mode *cp = data;
366a0336 773 struct pending_cmd *cmd;
4b34ee78 774 int err;
eec8d2bc 775
bdb6d971 776 BT_DBG("request for %s", hdev->name);
eec8d2bc 777
09fd0de5 778 hci_dev_lock(hdev);
eec8d2bc 779
f0d4b78a
MH		 780 if (test_and_clear_bit(HCI_AUTO_OFF, &hdev->dev_flags)) {
781 cancel_delayed_work(&hdev->power_off);
782
783 if (cp->val) {
784 err = send_settings_rsp(sk, MGMT_OP_SET_POWERED, hdev);
785 mgmt_powered(hdev, 1);
786 goto failed;
787 }
788 }
789
4b34ee78 790 if (!!cp->val == hdev_is_powered(hdev)) {
69ab39ea 791 err = send_settings_rsp(sk, MGMT_OP_SET_POWERED, hdev);
eec8d2bc
JH		 792 goto failed;
793 }
794
2e58ef3e 795 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev)) {
bdb6d971 796 err = cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
04124681 797 MGMT_STATUS_BUSY);
eec8d2bc
JH		 798 goto failed;
799 }
800
2e58ef3e 801 cmd = mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev, data, len);
366a0336
JH		 802 if (!cmd) {
803 err = -ENOMEM;
eec8d2bc 804 goto failed;
366a0336 805 }
eec8d2bc 806
72a734ec 807 if (cp->val)
7f971041 808 schedule_work(&hdev->power_on);
eec8d2bc 809 else
80b7ab33 810 schedule_work(&hdev->power_off.work);
eec8d2bc 811
366a0336 812 err = 0;
eec8d2bc
JH		 813
814failed:
09fd0de5 815 hci_dev_unlock(hdev);
366a0336 816 return err;
eec8d2bc
JH		 817}
818
04124681
GP		 819static int mgmt_event(u16 event, struct hci_dev *hdev, void *data, u16 data_len,
820 struct sock *skip_sk)
beadb2bd
JH		 821{
822 struct sk_buff *skb;
823 struct mgmt_hdr *hdr;
824
790eff44 825 skb = alloc_skb(sizeof(*hdr) + data_len, GFP_KERNEL);
beadb2bd
JH		 826 if (!skb)
827 return -ENOMEM;
828
829 hdr = (void *) skb_put(skb, sizeof(*hdr));
830 hdr->opcode = cpu_to_le16(event);
831 if (hdev)
832 hdr->index = cpu_to_le16(hdev->id);
833 else
834 hdr->index = cpu_to_le16(MGMT_INDEX_NONE);
835 hdr->len = cpu_to_le16(data_len);
836
837 if (data)
838 memcpy(skb_put(skb, data_len), data, data_len);
839
97e0bdeb
MH		 840 /* Time stamp */
841 __net_timestamp(skb);
842
beadb2bd
JH		 843 hci_send_to_control(skb, skip_sk);
844 kfree_skb(skb);
845
846 return 0;
847}
848
849static int new_settings(struct hci_dev *hdev, struct sock *skip)
850{
851 __le32 ev;
852
853 ev = cpu_to_le32(get_current_settings(hdev));
854
855 return mgmt_event(MGMT_EV_NEW_SETTINGS, hdev, &ev, sizeof(ev), skip);
856}
857
bdb6d971 858static int set_discoverable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 859 u16 len)
73f22f62 860{
650f726d 861 struct mgmt_cp_set_discoverable *cp = data;
366a0336 862 struct pending_cmd *cmd;
5e5282bb 863 u16 timeout;
73f22f62
JH		 864 u8 scan;
865 int err;
866
bdb6d971 867 BT_DBG("request for %s", hdev->name);
73f22f62 868
1f350c87 869 timeout = __le16_to_cpu(cp->timeout);
24c54a90 870 if (!cp->val && timeout > 0)
bdb6d971 871 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 872 MGMT_STATUS_INVALID_PARAMS);
73f22f62 873
09fd0de5 874 hci_dev_lock(hdev);
73f22f62 875
5e5282bb 876 if (!hdev_is_powered(hdev) && timeout > 0) {
bdb6d971 877 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 878 MGMT_STATUS_NOT_POWERED);
73f22f62
JH		 879 goto failed;
880 }
881
2e58ef3e 882 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
8ce8e2b5 883 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
bdb6d971 884 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 885 MGMT_STATUS_BUSY);
73f22f62
JH		 886 goto failed;
887 }
888
5e5282bb 889 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags)) {
bdb6d971 890 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 891 MGMT_STATUS_REJECTED);
5e5282bb
JH		 892 goto failed;
893 }
894
895 if (!hdev_is_powered(hdev)) {
0224d2fa
JH		 896 bool changed = false;
897
898 if (!!cp->val != test_bit(HCI_DISCOVERABLE, &hdev->dev_flags)) {
899 change_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
900 changed = true;
901 }
902
5e5282bb 903 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
0224d2fa
JH		 904 if (err < 0)
905 goto failed;
906
907 if (changed)
908 err = new_settings(hdev, sk);
909
5e5282bb
JH		 910 goto failed;
911 }
912
913 if (!!cp->val == test_bit(HCI_DISCOVERABLE, &hdev->dev_flags)) {
955638ec
MH		 914 if (hdev->discov_timeout > 0) {
915 cancel_delayed_work(&hdev->discov_off);
916 hdev->discov_timeout = 0;
917 }
918
919 if (cp->val && timeout > 0) {
920 hdev->discov_timeout = timeout;
921 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
922 msecs_to_jiffies(hdev->discov_timeout * 1000));
923 }
924
69ab39ea 925 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
73f22f62
JH		 926 goto failed;
927 }
928
2e58ef3e 929 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DISCOVERABLE, hdev, data, len);
366a0336
JH		 930 if (!cmd) {
931 err = -ENOMEM;
73f22f62 932 goto failed;
366a0336 933 }
73f22f62
JH		 934
935 scan = SCAN_PAGE;
936
72a734ec 937 if (cp->val)
73f22f62 938 scan |= SCAN_INQUIRY;
16ab91ab 939 else
e0f9309f 940 cancel_delayed_work(&hdev->discov_off);
73f22f62
JH		 941
942 err = hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
943 if (err < 0)
a664b5bc 944 mgmt_pending_remove(cmd);
73f22f62 945
16ab91ab 946 if (cp->val)
5e5282bb 947 hdev->discov_timeout = timeout;
16ab91ab 948
73f22f62 949failed:
09fd0de5 950 hci_dev_unlock(hdev);
73f22f62
JH		 951 return err;
952}
953
bdb6d971 954static int set_connectable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 955 u16 len)
9fbcbb45 956{
650f726d 957 struct mgmt_mode *cp = data;
366a0336 958 struct pending_cmd *cmd;
9fbcbb45
JH		 959 u8 scan;
960 int err;
961
bdb6d971 962 BT_DBG("request for %s", hdev->name);
9fbcbb45 963
09fd0de5 964 hci_dev_lock(hdev);
9fbcbb45 965
4b34ee78 966 if (!hdev_is_powered(hdev)) {
0224d2fa
JH		 967 bool changed = false;
968
969 if (!!cp->val != test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
970 changed = true;
971
6bf0e469 972 if (cp->val) {
5e5282bb 973 set_bit(HCI_CONNECTABLE, &hdev->dev_flags);
6bf0e469 974 } else {
5e5282bb
JH		 975 clear_bit(HCI_CONNECTABLE, &hdev->dev_flags);
976 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
977 }
0224d2fa 978
5e5282bb 979 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
0224d2fa
JH		 980 if (err < 0)
981 goto failed;
982
983 if (changed)
984 err = new_settings(hdev, sk);
985
9fbcbb45
JH		 986 goto failed;
987 }
988
2e58ef3e 989 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
8ce8e2b5 990 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
bdb6d971 991 err = cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
04124681 992 MGMT_STATUS_BUSY);
9fbcbb45
JH		 993 goto failed;
994 }
995
5e5282bb 996 if (!!cp->val == test_bit(HCI_PSCAN, &hdev->flags)) {
69ab39ea 997 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
9fbcbb45
JH		 998 goto failed;
999 }
1000
2e58ef3e 1001 cmd = mgmt_pending_add(sk, MGMT_OP_SET_CONNECTABLE, hdev, data, len);
366a0336
JH		 1002 if (!cmd) {
1003 err = -ENOMEM;
9fbcbb45 1004 goto failed;
366a0336 1005 }
9fbcbb45 1006
6bf0e469 1007 if (cp->val) {
9fbcbb45 1008 scan = SCAN_PAGE;
6bf0e469 1009 } else {
9fbcbb45
JH		 1010 scan = 0;
1011
df2c6c5e 1012 if (test_bit(HCI_ISCAN, &hdev->flags) &&
8ce8e2b5 1013 hdev->discov_timeout > 0)
df2c6c5e
JH		 1014 cancel_delayed_work(&hdev->discov_off);
1015 }
1016
9fbcbb45
JH		 1017 err = hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1018 if (err < 0)
a664b5bc 1019 mgmt_pending_remove(cmd);
9fbcbb45
JH		 1020
1021failed:
09fd0de5 1022 hci_dev_unlock(hdev);
9fbcbb45
JH		 1023 return err;
1024}
1025
bdb6d971 1026static int set_pairable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1027 u16 len)
c542a06c 1028{
650f726d 1029 struct mgmt_mode *cp = data;
c542a06c
JH		 1030 int err;
1031
bdb6d971 1032 BT_DBG("request for %s", hdev->name);
c542a06c 1033
09fd0de5 1034 hci_dev_lock(hdev);
c542a06c
JH		 1035
1036 if (cp->val)
a8b2d5c2 1037 set_bit(HCI_PAIRABLE, &hdev->dev_flags);
c542a06c 1038 else
a8b2d5c2 1039 clear_bit(HCI_PAIRABLE, &hdev->dev_flags);
c542a06c 1040
69ab39ea 1041 err = send_settings_rsp(sk, MGMT_OP_SET_PAIRABLE, hdev);
c542a06c
JH		 1042 if (err < 0)
1043 goto failed;
1044
beadb2bd 1045 err = new_settings(hdev, sk);
c542a06c
JH		 1046
1047failed:
09fd0de5 1048 hci_dev_unlock(hdev);
c542a06c
JH		 1049 return err;
1050}
1051
04124681
GP		 1052static int set_link_security(struct sock *sk, struct hci_dev *hdev, void *data,
1053 u16 len)
33ef95ed
JH		 1054{
1055 struct mgmt_mode *cp = data;
1056 struct pending_cmd *cmd;
816a11d5 1057 u8 val;
33ef95ed
JH		 1058 int err;
1059
bdb6d971 1060 BT_DBG("request for %s", hdev->name);
33ef95ed 1061
33ef95ed
JH		 1062 hci_dev_lock(hdev);
1063
4b34ee78 1064 if (!hdev_is_powered(hdev)) {
47990ea0
JH		 1065 bool changed = false;
1066
1067 if (!!cp->val != test_bit(HCI_LINK_SECURITY,
8ce8e2b5 1068 &hdev->dev_flags)) {
47990ea0
JH		 1069 change_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
1070 changed = true;
1071 }
1072
1073 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1074 if (err < 0)
1075 goto failed;
1076
1077 if (changed)
1078 err = new_settings(hdev, sk);
1079
33ef95ed
JH		 1080 goto failed;
1081 }
1082
1083 if (mgmt_pending_find(MGMT_OP_SET_LINK_SECURITY, hdev)) {
bdb6d971 1084 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
04124681 1085 MGMT_STATUS_BUSY);
33ef95ed
JH		 1086 goto failed;
1087 }
1088
1089 val = !!cp->val;
1090
1091 if (test_bit(HCI_AUTH, &hdev->flags) == val) {
1092 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1093 goto failed;
1094 }
1095
1096 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LINK_SECURITY, hdev, data, len);
1097 if (!cmd) {
1098 err = -ENOMEM;
1099 goto failed;
1100 }
1101
1102 err = hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE, sizeof(val), &val);
1103 if (err < 0) {
1104 mgmt_pending_remove(cmd);
1105 goto failed;
1106 }
1107
1108failed:
1109 hci_dev_unlock(hdev);
33ef95ed
JH		 1110 return err;
1111}
1112
bdb6d971 1113static int set_ssp(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
ed2c4ee3
JH		 1114{
1115 struct mgmt_mode *cp = data;
1116 struct pending_cmd *cmd;
816a11d5 1117 u8 val;
ed2c4ee3
JH		 1118 int err;
1119
bdb6d971 1120 BT_DBG("request for %s", hdev->name);
ed2c4ee3 1121
ed2c4ee3
JH		 1122 hci_dev_lock(hdev);
1123
6c8f12c1 1124 if (!(hdev->features[6] & LMP_SIMPLE_PAIR)) {
bdb6d971 1125 err = cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
04124681 1126 MGMT_STATUS_NOT_SUPPORTED);
6c8f12c1
JH		 1127 goto failed;
1128 }
1129
c0ecddc2
JH		 1130 val = !!cp->val;
1131
4b34ee78 1132 if (!hdev_is_powered(hdev)) {
c0ecddc2
JH		 1133 bool changed = false;
1134
1135 if (val != test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) {
1136 change_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
1137 changed = true;
1138 }
1139
1140 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1141 if (err < 0)
1142 goto failed;
1143
1144 if (changed)
1145 err = new_settings(hdev, sk);
1146
ed2c4ee3
JH		 1147 goto failed;
1148 }
1149
1150 if (mgmt_pending_find(MGMT_OP_SET_SSP, hdev)) {
d97dcb66
SJ		 1151 err = cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1152 MGMT_STATUS_BUSY);
ed2c4ee3
JH		 1153 goto failed;
1154 }
1155
ed2c4ee3
JH		 1156 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags) == val) {
1157 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1158 goto failed;
1159 }
1160
1161 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SSP, hdev, data, len);
1162 if (!cmd) {
1163 err = -ENOMEM;
1164 goto failed;
1165 }
1166
1167 err = hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, sizeof(val), &val);
1168 if (err < 0) {
1169 mgmt_pending_remove(cmd);
1170 goto failed;
1171 }
1172
1173failed:
1174 hci_dev_unlock(hdev);
ed2c4ee3
JH		 1175 return err;
1176}
1177
bdb6d971 1178static int set_hs(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
6d80dfd0
JH		 1179{
1180 struct mgmt_mode *cp = data;
6d80dfd0 1181
bdb6d971 1182 BT_DBG("request for %s", hdev->name);
6d80dfd0 1183
bdb6d971
JH		 1184 if (!enable_hs)
1185 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
04124681 1186 MGMT_STATUS_NOT_SUPPORTED);
6d80dfd0
JH		 1187
1188 if (cp->val)
1189 set_bit(HCI_HS_ENABLED, &hdev->dev_flags);
1190 else
1191 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
1192
bdb6d971 1193 return send_settings_rsp(sk, MGMT_OP_SET_HS, hdev);
6d80dfd0
JH		 1194}
1195
bdb6d971 1196static int set_le(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
06199cf8
JH		 1197{
1198 struct mgmt_mode *cp = data;
1199 struct hci_cp_write_le_host_supported hci_cp;
1200 struct pending_cmd *cmd;
06199cf8 1201 int err;
0b60eba1 1202 u8 val, enabled;
06199cf8 1203
bdb6d971 1204 BT_DBG("request for %s", hdev->name);
06199cf8 1205
1de028ce
JH		 1206 hci_dev_lock(hdev);
1207
9d42820f 1208 if (!(hdev->features[4] & LMP_LE)) {
bdb6d971 1209 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
04124681 1210 MGMT_STATUS_NOT_SUPPORTED);
1de028ce 1211 goto unlock;
06199cf8
JH		 1212 }
1213
1214 val = !!cp->val;
0b60eba1 1215 enabled = !!(hdev->host_features[0] & LMP_HOST_LE);
06199cf8 1216
0b60eba1 1217 if (!hdev_is_powered(hdev) || val == enabled) {
06199cf8
JH		 1218 bool changed = false;
1219
1220 if (val != test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
1221 change_bit(HCI_LE_ENABLED, &hdev->dev_flags);
1222 changed = true;
1223 }
1224
1225 err = send_settings_rsp(sk, MGMT_OP_SET_LE, hdev);
1226 if (err < 0)
1de028ce 1227 goto unlock;
06199cf8
JH		 1228
1229 if (changed)
1230 err = new_settings(hdev, sk);
1231
1de028ce 1232 goto unlock;
06199cf8
JH		 1233 }
1234
1235 if (mgmt_pending_find(MGMT_OP_SET_LE, hdev)) {
bdb6d971 1236 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
04124681 1237 MGMT_STATUS_BUSY);
1de028ce 1238 goto unlock;
06199cf8
JH		 1239 }
1240
1241 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LE, hdev, data, len);
1242 if (!cmd) {
1243 err = -ENOMEM;
1de028ce 1244 goto unlock;
06199cf8
JH		 1245 }
1246
1247 memset(&hci_cp, 0, sizeof(hci_cp));
1248
1249 if (val) {
1250 hci_cp.le = val;
1251 hci_cp.simul = !!(hdev->features[6] & LMP_SIMUL_LE_BR);
1252 }
1253
04124681
GP		 1254 err = hci_send_cmd(hdev, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(hci_cp),
1255 &hci_cp);
0c01bc48 1256 if (err < 0)
06199cf8 1257 mgmt_pending_remove(cmd);
06199cf8 1258
1de028ce
JH		 1259unlock:
1260 hci_dev_unlock(hdev);
06199cf8
JH		 1261 return err;
1262}
1263
bdb6d971 1264static int add_uuid(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
2aeb9a1a 1265{
650f726d 1266 struct mgmt_cp_add_uuid *cp = data;
90e70454 1267 struct pending_cmd *cmd;
2aeb9a1a 1268 struct bt_uuid *uuid;
2aeb9a1a
JH		 1269 int err;
1270
bdb6d971 1271 BT_DBG("request for %s", hdev->name);
2aeb9a1a 1272
09fd0de5 1273 hci_dev_lock(hdev);
2aeb9a1a 1274
c95f0ba7 1275 if (test_bit(HCI_PENDING_CLASS, &hdev->dev_flags)) {
bdb6d971 1276 err = cmd_status(sk, hdev->id, MGMT_OP_ADD_UUID,
04124681 1277 MGMT_STATUS_BUSY);
c95f0ba7
JH		 1278 goto failed;
1279 }
1280
92c4c204 1281 uuid = kmalloc(sizeof(*uuid), GFP_KERNEL);
2aeb9a1a
JH		 1282 if (!uuid) {
1283 err = -ENOMEM;
1284 goto failed;
1285 }
1286
1287 memcpy(uuid->uuid, cp->uuid, 16);
1aff6f09 1288 uuid->svc_hint = cp->svc_hint;
2aeb9a1a
JH		 1289
1290 list_add(&uuid->list, &hdev->uuids);
1291
1aff6f09
JH		 1292 err = update_class(hdev);
1293 if (err < 0)
1294 goto failed;
1295
80a1e1db
JH		 1296 err = update_eir(hdev);
1297 if (err < 0)
1298 goto failed;
1299
90e70454 1300 if (!test_bit(HCI_PENDING_CLASS, &hdev->dev_flags)) {
bdb6d971 1301 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_UUID, 0,
04124681 1302 hdev->dev_class, 3);
90e70454
JH		 1303 goto failed;
1304 }
1305
1306 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_UUID, hdev, data, len);
0c01bc48 1307 if (!cmd)
90e70454 1308 err = -ENOMEM;
2aeb9a1a
JH		 1309
1310failed:
09fd0de5 1311 hci_dev_unlock(hdev);
2aeb9a1a
JH		 1312 return err;
1313}
1314
24b78d0f
JH		 1315static bool enable_service_cache(struct hci_dev *hdev)
1316{
1317 if (!hdev_is_powered(hdev))
1318 return false;
1319
1320 if (!test_and_set_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
17b02e62 1321 schedule_delayed_work(&hdev->service_cache, CACHE_TIMEOUT);
24b78d0f
JH		 1322 return true;
1323 }
1324
1325 return false;
1326}
1327
bdb6d971 1328static int remove_uuid(struct sock *sk, struct hci_dev *hdev, void *data,
8ce8e2b5 1329 u16 len)
2aeb9a1a 1330{
650f726d 1331 struct mgmt_cp_remove_uuid *cp = data;
90e70454 1332 struct pending_cmd *cmd;
2aeb9a1a 1333 struct list_head *p, *n;
2aeb9a1a 1334 u8 bt_uuid_any[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
2aeb9a1a
JH		 1335 int err, found;
1336
bdb6d971 1337 BT_DBG("request for %s", hdev->name);
2aeb9a1a 1338
09fd0de5 1339 hci_dev_lock(hdev);
2aeb9a1a 1340
c95f0ba7 1341 if (test_bit(HCI_PENDING_CLASS, &hdev->dev_flags)) {
bdb6d971 1342 err = cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
04124681 1343 MGMT_STATUS_BUSY);
c95f0ba7
JH		 1344 goto unlock;
1345 }
1346
2aeb9a1a
JH		 1347 if (memcmp(cp->uuid, bt_uuid_any, 16) == 0) {
1348 err = hci_uuids_clear(hdev);
4004b6d9 1349
24b78d0f 1350 if (enable_service_cache(hdev)) {
bdb6d971 1351 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID,
04124681 1352 0, hdev->dev_class, 3);
24b78d0f
JH		 1353 goto unlock;
1354 }
4004b6d9 1355
9246a869 1356 goto update_class;
2aeb9a1a
JH		 1357 }
1358
1359 found = 0;
1360
1361 list_for_each_safe(p, n, &hdev->uuids) {
1362 struct bt_uuid *match = list_entry(p, struct bt_uuid, list);
1363
1364 if (memcmp(match->uuid, cp->uuid, 16) != 0)
1365 continue;
1366
1367 list_del(&match->list);
1368 found++;
1369 }
1370
1371 if (found == 0) {
bdb6d971 1372 err = cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
04124681 1373 MGMT_STATUS_INVALID_PARAMS);
2aeb9a1a
JH		 1374 goto unlock;
1375 }
1376
9246a869 1377update_class:
1aff6f09
JH		 1378 err = update_class(hdev);
1379 if (err < 0)
1380 goto unlock;
1381
80a1e1db
JH		 1382 err = update_eir(hdev);
1383 if (err < 0)
1384 goto unlock;
1385
90e70454 1386 if (!test_bit(HCI_PENDING_CLASS, &hdev->dev_flags)) {
bdb6d971 1387 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID, 0,
04124681 1388 hdev->dev_class, 3);
90e70454
JH		 1389 goto unlock;
1390 }
1391
1392 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_UUID, hdev, data, len);
0c01bc48 1393 if (!cmd)
90e70454 1394 err = -ENOMEM;
2aeb9a1a
JH		 1395
1396unlock:
09fd0de5 1397 hci_dev_unlock(hdev);
2aeb9a1a
JH		 1398 return err;
1399}
1400
bdb6d971 1401static int set_dev_class(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1402 u16 len)
1aff6f09 1403{
650f726d 1404 struct mgmt_cp_set_dev_class *cp = data;
90e70454 1405 struct pending_cmd *cmd;
1aff6f09
JH		 1406 int err;
1407
bdb6d971 1408 BT_DBG("request for %s", hdev->name);
1aff6f09 1409
09fd0de5 1410 hci_dev_lock(hdev);
1aff6f09 1411
c95f0ba7 1412 if (test_bit(HCI_PENDING_CLASS, &hdev->dev_flags)) {
bdb6d971 1413 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
04124681 1414 MGMT_STATUS_BUSY);
c95f0ba7
JH		 1415 goto unlock;
1416 }
1417
932f5ff5
JH		 1418 hdev->major_class = cp->major;
1419 hdev->minor_class = cp->minor;
1420
b5235a65 1421 if (!hdev_is_powered(hdev)) {
bdb6d971 1422 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
04124681 1423 hdev->dev_class, 3);
b5235a65
JH		 1424 goto unlock;
1425 }
1426
a8b2d5c2 1427 if (test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
7d78525d
JH		 1428 hci_dev_unlock(hdev);
1429 cancel_delayed_work_sync(&hdev->service_cache);
1430 hci_dev_lock(hdev);
14c0b608 1431 update_eir(hdev);
7d78525d 1432 }
14c0b608 1433
1aff6f09 1434 err = update_class(hdev);
90e70454
JH		 1435 if (err < 0)
1436 goto unlock;
1aff6f09 1437
90e70454 1438 if (!test_bit(HCI_PENDING_CLASS, &hdev->dev_flags)) {
bdb6d971 1439 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
04124681 1440 hdev->dev_class, 3);
90e70454
JH		 1441 goto unlock;
1442 }
1443
1444 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DEV_CLASS, hdev, data, len);
0c01bc48 1445 if (!cmd)
90e70454 1446 err = -ENOMEM;
1aff6f09 1447
b5235a65 1448unlock:
09fd0de5 1449 hci_dev_unlock(hdev);
1aff6f09
JH		 1450 return err;
1451}
1452
bdb6d971 1453static int load_link_keys(struct sock *sk, struct hci_dev *hdev, void *data,
8ce8e2b5 1454 u16 len)
55ed8ca1 1455{
650f726d 1456 struct mgmt_cp_load_link_keys *cp = data;
4e51eae9 1457 u16 key_count, expected_len;
a492cd52 1458 int i;
55ed8ca1 1459
1f350c87 1460 key_count = __le16_to_cpu(cp->key_count);
55ed8ca1 1461
86742e1e
JH		 1462 expected_len = sizeof(*cp) + key_count *
1463 sizeof(struct mgmt_link_key_info);
a492cd52 1464 if (expected_len != len) {
86742e1e 1465 BT_ERR("load_link_keys: expected %u bytes, got %u bytes",
8ce8e2b5 1466 len, expected_len);
bdb6d971 1467 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
04124681 1468 MGMT_STATUS_INVALID_PARAMS);
55ed8ca1
JH		 1469 }
1470
bdb6d971 1471 BT_DBG("%s debug_keys %u key_count %u", hdev->name, cp->debug_keys,
8ce8e2b5 1472 key_count);
55ed8ca1 1473
09fd0de5 1474 hci_dev_lock(hdev);
55ed8ca1
JH		 1475
1476 hci_link_keys_clear(hdev);
1477
a8b2d5c2 1478 set_bit(HCI_LINK_KEYS, &hdev->dev_flags);
55ed8ca1
JH		 1479
1480 if (cp->debug_keys)
a8b2d5c2 1481 set_bit(HCI_DEBUG_KEYS, &hdev->dev_flags);
55ed8ca1 1482 else
a8b2d5c2 1483 clear_bit(HCI_DEBUG_KEYS, &hdev->dev_flags);
55ed8ca1 1484
a492cd52 1485 for (i = 0; i < key_count; i++) {
86742e1e 1486 struct mgmt_link_key_info *key = &cp->keys[i];
55ed8ca1 1487
d753fdc4 1488 hci_add_link_key(hdev, NULL, 0, &key->addr.bdaddr, key->val,
04124681 1489 key->type, key->pin_len);
55ed8ca1
JH		 1490 }
1491
bdb6d971 1492 cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS, 0, NULL, 0);
0e5f875a 1493
09fd0de5 1494 hci_dev_unlock(hdev);
55ed8ca1 1495
a492cd52 1496 return 0;
55ed8ca1
JH		 1497}
1498
b1078ad0 1499static int device_unpaired(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 1500 u8 addr_type, struct sock *skip_sk)
b1078ad0
JH		 1501{
1502 struct mgmt_ev_device_unpaired ev;
1503
1504 bacpy(&ev.addr.bdaddr, bdaddr);
1505 ev.addr.type = addr_type;
1506
1507 return mgmt_event(MGMT_EV_DEVICE_UNPAIRED, hdev, &ev, sizeof(ev),
04124681 1508 skip_sk);
b1078ad0
JH		 1509}
1510
bdb6d971 1511static int unpair_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1512 u16 len)
55ed8ca1 1513{
124f6e35
JH		 1514 struct mgmt_cp_unpair_device *cp = data;
1515 struct mgmt_rp_unpair_device rp;
a8a1d19e
JH		 1516 struct hci_cp_disconnect dc;
1517 struct pending_cmd *cmd;
55ed8ca1 1518 struct hci_conn *conn;
55ed8ca1
JH		 1519 int err;
1520
09fd0de5 1521 hci_dev_lock(hdev);
55ed8ca1 1522
a8a1d19e 1523 memset(&rp, 0, sizeof(rp));
124f6e35
JH		 1524 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
1525 rp.addr.type = cp->addr.type;
a8a1d19e 1526
86a8cfc6 1527 if (!hdev_is_powered(hdev)) {
bdb6d971 1528 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
04124681 1529 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
86a8cfc6
JH		 1530 goto unlock;
1531 }
1532
591f47f3 1533 if (cp->addr.type == BDADDR_BREDR)
124f6e35
JH		 1534 err = hci_remove_link_key(hdev, &cp->addr.bdaddr);
1535 else
1536 err = hci_remove_ltk(hdev, &cp->addr.bdaddr);
b0dbfb46 1537
55ed8ca1 1538 if (err < 0) {
bdb6d971 1539 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
04124681 1540 MGMT_STATUS_NOT_PAIRED, &rp, sizeof(rp));
55ed8ca1
JH		 1541 goto unlock;
1542 }
1543
86a8cfc6 1544 if (cp->disconnect) {
591f47f3 1545 if (cp->addr.type == BDADDR_BREDR)
86a8cfc6 1546 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
8ce8e2b5 1547 &cp->addr.bdaddr);
86a8cfc6
JH		 1548 else
1549 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK,
8ce8e2b5 1550 &cp->addr.bdaddr);
86a8cfc6
JH		 1551 } else {
1552 conn = NULL;
1553 }
124f6e35 1554
a8a1d19e 1555 if (!conn) {
bdb6d971 1556 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE, 0,
04124681 1557 &rp, sizeof(rp));
b1078ad0 1558 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, sk);
a8a1d19e
JH		 1559 goto unlock;
1560 }
55ed8ca1 1561
124f6e35 1562 cmd = mgmt_pending_add(sk, MGMT_OP_UNPAIR_DEVICE, hdev, cp,
04124681 1563 sizeof(*cp));
a8a1d19e
JH		 1564 if (!cmd) {
1565 err = -ENOMEM;
1566 goto unlock;
55ed8ca1
JH		 1567 }
1568
eb55ef07 1569 dc.handle = cpu_to_le16(conn->handle);
a8a1d19e
JH		 1570 dc.reason = 0x13; /* Remote User Terminated Connection */
1571 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
1572 if (err < 0)
1573 mgmt_pending_remove(cmd);
1574
55ed8ca1 1575unlock:
09fd0de5 1576 hci_dev_unlock(hdev);
55ed8ca1
JH		 1577 return err;
1578}
1579
bdb6d971 1580static int disconnect(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1581 u16 len)
8962ee74 1582{
650f726d 1583 struct mgmt_cp_disconnect *cp = data;
8962ee74 1584 struct hci_cp_disconnect dc;
366a0336 1585 struct pending_cmd *cmd;
8962ee74 1586 struct hci_conn *conn;
8962ee74
JH		 1587 int err;
1588
1589 BT_DBG("");
1590
09fd0de5 1591 hci_dev_lock(hdev);
8962ee74
JH		 1592
1593 if (!test_bit(HCI_UP, &hdev->flags)) {
bdb6d971 1594 err = cmd_status(sk, hdev->id, MGMT_OP_DISCONNECT,
04124681 1595 MGMT_STATUS_NOT_POWERED);
8962ee74
JH		 1596 goto failed;
1597 }
1598
2e58ef3e 1599 if (mgmt_pending_find(MGMT_OP_DISCONNECT, hdev)) {
bdb6d971 1600 err = cmd_status(sk, hdev->id, MGMT_OP_DISCONNECT,
04124681 1601 MGMT_STATUS_BUSY);
8962ee74
JH		 1602 goto failed;
1603 }
1604
591f47f3 1605 if (cp->addr.type == BDADDR_BREDR)
8fc9ced3
GP		 1606 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
1607 &cp->addr.bdaddr);
88c3df13
JH		 1608 else
1609 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
365227e5 1610
f960727e 1611 if (!conn || conn->state == BT_OPEN || conn->state == BT_CLOSED) {
bdb6d971 1612 err = cmd_status(sk, hdev->id, MGMT_OP_DISCONNECT,
04124681 1613 MGMT_STATUS_NOT_CONNECTED);
8962ee74
JH		 1614 goto failed;
1615 }
1616
2e58ef3e 1617 cmd = mgmt_pending_add(sk, MGMT_OP_DISCONNECT, hdev, data, len);
366a0336
JH		 1618 if (!cmd) {
1619 err = -ENOMEM;
8962ee74 1620 goto failed;
366a0336 1621 }
8962ee74 1622
eb55ef07 1623 dc.handle = cpu_to_le16(conn->handle);
3701f944 1624 dc.reason = HCI_ERROR_REMOTE_USER_TERM;
8962ee74
JH		 1625
1626 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
1627 if (err < 0)
a664b5bc 1628 mgmt_pending_remove(cmd);
8962ee74
JH		 1629
1630failed:
09fd0de5 1631 hci_dev_unlock(hdev);
8962ee74
JH		 1632 return err;
1633}
1634
57c1477c 1635static u8 link_to_bdaddr(u8 link_type, u8 addr_type)
4c659c39
JH		 1636{
1637 switch (link_type) {
1638 case LE_LINK:
48264f06
JH		 1639 switch (addr_type) {
1640 case ADDR_LE_DEV_PUBLIC:
591f47f3 1641 return BDADDR_LE_PUBLIC;
0ed09148 1642
48264f06 1643 default:
0ed09148 1644 /* Fallback to LE Random address type */
591f47f3 1645 return BDADDR_LE_RANDOM;
48264f06 1646 }
0ed09148 1647
4c659c39 1648 default:
0ed09148 1649 /* Fallback to BR/EDR type */
591f47f3 1650 return BDADDR_BREDR;
4c659c39
JH		 1651 }
1652}
1653
04124681
GP		 1654static int get_connections(struct sock *sk, struct hci_dev *hdev, void *data,
1655 u16 data_len)
2784eb41 1656{
2784eb41 1657 struct mgmt_rp_get_connections *rp;
8035ded4 1658 struct hci_conn *c;
a38528f1 1659 size_t rp_len;
60fc5fb6
JH		 1660 int err;
1661 u16 i;
2784eb41
JH		 1662
1663 BT_DBG("");
1664
09fd0de5 1665 hci_dev_lock(hdev);
2784eb41 1666
5f97c1df 1667 if (!hdev_is_powered(hdev)) {
bdb6d971 1668 err = cmd_status(sk, hdev->id, MGMT_OP_GET_CONNECTIONS,
04124681 1669 MGMT_STATUS_NOT_POWERED);
5f97c1df
JH		 1670 goto unlock;
1671 }
1672
60fc5fb6 1673 i = 0;
b644ba33
JH		 1674 list_for_each_entry(c, &hdev->conn_hash.list, list) {
1675 if (test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
60fc5fb6 1676 i++;
2784eb41
JH		 1677 }
1678
60fc5fb6 1679 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
92c4c204 1680 rp = kmalloc(rp_len, GFP_KERNEL);
a38528f1 1681 if (!rp) {
2784eb41
JH		 1682 err = -ENOMEM;
1683 goto unlock;
1684 }
1685
2784eb41 1686 i = 0;
4c659c39 1687 list_for_each_entry(c, &hdev->conn_hash.list, list) {
b644ba33
JH		 1688 if (!test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
1689 continue;
4c659c39 1690 bacpy(&rp->addr[i].bdaddr, &c->dst);
57c1477c 1691 rp->addr[i].type = link_to_bdaddr(c->type, c->dst_type);
0ed09148 1692 if (c->type == SCO_LINK || c->type == ESCO_LINK)
4c659c39
JH		 1693 continue;
1694 i++;
1695 }
1696
eb55ef07 1697 rp->conn_count = cpu_to_le16(i);
60fc5fb6 1698
4c659c39
JH		 1699 /* Recalculate length in case of filtered SCO connections, etc */
1700 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
2784eb41 1701
bdb6d971 1702 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CONNECTIONS, 0, rp,
04124681 1703 rp_len);
2784eb41 1704
a38528f1 1705 kfree(rp);
5f97c1df
JH		 1706
1707unlock:
09fd0de5 1708 hci_dev_unlock(hdev);
2784eb41
JH		 1709 return err;
1710}
1711
bdb6d971 1712static int send_pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 1713 struct mgmt_cp_pin_code_neg_reply *cp)
96d97a67
WR		 1714{
1715 struct pending_cmd *cmd;
1716 int err;
1717
2e58ef3e 1718 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_NEG_REPLY, hdev, cp,
04124681 1719 sizeof(*cp));
96d97a67
WR		 1720 if (!cmd)
1721 return -ENOMEM;
1722
d8457698 1723 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
04124681 1724 sizeof(cp->addr.bdaddr), &cp->addr.bdaddr);
96d97a67
WR		 1725 if (err < 0)
1726 mgmt_pending_remove(cmd);
1727
1728 return err;
1729}
1730
bdb6d971 1731static int pin_code_reply(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1732 u16 len)
980e1a53 1733{
96d97a67 1734 struct hci_conn *conn;
650f726d 1735 struct mgmt_cp_pin_code_reply *cp = data;
980e1a53 1736 struct hci_cp_pin_code_reply reply;
366a0336 1737 struct pending_cmd *cmd;
980e1a53
JH		 1738 int err;
1739
1740 BT_DBG("");
1741
09fd0de5 1742 hci_dev_lock(hdev);
980e1a53 1743
4b34ee78 1744 if (!hdev_is_powered(hdev)) {
bdb6d971 1745 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
04124681 1746 MGMT_STATUS_NOT_POWERED);
980e1a53
JH		 1747 goto failed;
1748 }
1749
d8457698 1750 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->addr.bdaddr);
96d97a67 1751 if (!conn) {
bdb6d971 1752 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
04124681 1753 MGMT_STATUS_NOT_CONNECTED);
96d97a67
WR		 1754 goto failed;
1755 }
1756
1757 if (conn->pending_sec_level == BT_SECURITY_HIGH && cp->pin_len != 16) {
d8457698
JH		 1758 struct mgmt_cp_pin_code_neg_reply ncp;
1759
1760 memcpy(&ncp.addr, &cp->addr, sizeof(ncp.addr));
96d97a67
WR		 1761
1762 BT_ERR("PIN code is not 16 bytes long");
1763
bdb6d971 1764 err = send_pin_code_neg_reply(sk, hdev, &ncp);
96d97a67 1765 if (err >= 0)
bdb6d971 1766 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
04124681 1767 MGMT_STATUS_INVALID_PARAMS);
96d97a67
WR		 1768
1769 goto failed;
1770 }
1771
00abfe44 1772 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_REPLY, hdev, data, len);
366a0336
JH		 1773 if (!cmd) {
1774 err = -ENOMEM;
980e1a53 1775 goto failed;
366a0336 1776 }
980e1a53 1777
d8457698 1778 bacpy(&reply.bdaddr, &cp->addr.bdaddr);
980e1a53 1779 reply.pin_len = cp->pin_len;
24718ca5 1780 memcpy(reply.pin_code, cp->pin_code, sizeof(reply.pin_code));
980e1a53
JH		 1781
1782 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_REPLY, sizeof(reply), &reply);
1783 if (err < 0)
a664b5bc 1784 mgmt_pending_remove(cmd);
980e1a53
JH		 1785
1786failed:
09fd0de5 1787 hci_dev_unlock(hdev);
980e1a53
JH		 1788 return err;
1789}
1790
04124681
GP		 1791static int set_io_capability(struct sock *sk, struct hci_dev *hdev, void *data,
1792 u16 len)
17fa4b9d 1793{
650f726d 1794 struct mgmt_cp_set_io_capability *cp = data;
17fa4b9d
JH		 1795
1796 BT_DBG("");
1797
09fd0de5 1798 hci_dev_lock(hdev);
17fa4b9d
JH		 1799
1800 hdev->io_capability = cp->io_capability;
1801
1802 BT_DBG("%s IO capability set to 0x%02x", hdev->name,
8ce8e2b5 1803 hdev->io_capability);
17fa4b9d 1804
09fd0de5 1805 hci_dev_unlock(hdev);
17fa4b9d 1806
04124681
GP		 1807 return cmd_complete(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY, 0, NULL,
1808 0);
17fa4b9d
JH		 1809}
1810
6039aa73 1811static struct pending_cmd *find_pairing(struct hci_conn *conn)
e9a416b5
JH		 1812{
1813 struct hci_dev *hdev = conn->hdev;
8035ded4 1814 struct pending_cmd *cmd;
e9a416b5 1815
2e58ef3e 1816 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
e9a416b5
JH		 1817 if (cmd->opcode != MGMT_OP_PAIR_DEVICE)
1818 continue;
1819
e9a416b5
JH		 1820 if (cmd->user_data != conn)
1821 continue;
1822
1823 return cmd;
1824 }
1825
1826 return NULL;
1827}
1828
1829static void pairing_complete(struct pending_cmd *cmd, u8 status)
1830{
1831 struct mgmt_rp_pair_device rp;
1832 struct hci_conn *conn = cmd->user_data;
1833
ba4e564f 1834 bacpy(&rp.addr.bdaddr, &conn->dst);
57c1477c 1835 rp.addr.type = link_to_bdaddr(conn->type, conn->dst_type);
e9a416b5 1836
aee9b218 1837 cmd_complete(cmd->sk, cmd->index, MGMT_OP_PAIR_DEVICE, status,
04124681 1838 &rp, sizeof(rp));
e9a416b5
JH		 1839
1840 /* So we don't get further callbacks for this connection */
1841 conn->connect_cfm_cb = NULL;
1842 conn->security_cfm_cb = NULL;
1843 conn->disconn_cfm_cb = NULL;
1844
1845 hci_conn_put(conn);
1846
a664b5bc 1847 mgmt_pending_remove(cmd);
e9a416b5
JH		 1848}
1849
1850static void pairing_complete_cb(struct hci_conn *conn, u8 status)
1851{
1852 struct pending_cmd *cmd;
1853
1854 BT_DBG("status %u", status);
1855
1856 cmd = find_pairing(conn);
56e5cb86 1857 if (!cmd)
e9a416b5 1858 BT_DBG("Unable to find a pending command");
56e5cb86 1859 else
e211326c 1860 pairing_complete(cmd, mgmt_status(status));
e9a416b5
JH		 1861}
1862
4c47d739
VA		 1863static void le_connect_complete_cb(struct hci_conn *conn, u8 status)
1864{
1865 struct pending_cmd *cmd;
1866
1867 BT_DBG("status %u", status);
1868
1869 if (!status)
1870 return;
1871
1872 cmd = find_pairing(conn);
1873 if (!cmd)
1874 BT_DBG("Unable to find a pending command");
1875 else
1876 pairing_complete(cmd, mgmt_status(status));
1877}
1878
bdb6d971 1879static int pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1880 u16 len)
e9a416b5 1881{
650f726d 1882 struct mgmt_cp_pair_device *cp = data;
1425acb7 1883 struct mgmt_rp_pair_device rp;
e9a416b5
JH		 1884 struct pending_cmd *cmd;
1885 u8 sec_level, auth_type;
1886 struct hci_conn *conn;
e9a416b5
JH		 1887 int err;
1888
1889 BT_DBG("");
1890
09fd0de5 1891 hci_dev_lock(hdev);
e9a416b5 1892
5f97c1df 1893 if (!hdev_is_powered(hdev)) {
bdb6d971 1894 err = cmd_status(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
04124681 1895 MGMT_STATUS_NOT_POWERED);
5f97c1df
JH		 1896 goto unlock;
1897 }
1898
c908df36
VCG		 1899 sec_level = BT_SECURITY_MEDIUM;
1900 if (cp->io_cap == 0x03)
e9a416b5 1901 auth_type = HCI_AT_DEDICATED_BONDING;
c908df36 1902 else
e9a416b5 1903 auth_type = HCI_AT_DEDICATED_BONDING_MITM;
e9a416b5 1904
591f47f3 1905 if (cp->addr.type == BDADDR_BREDR)
b12f62cf
AG		 1906 conn = hci_connect(hdev, ACL_LINK, &cp->addr.bdaddr,
1907 cp->addr.type, sec_level, auth_type);
7a512d01 1908 else
b12f62cf
AG		 1909 conn = hci_connect(hdev, LE_LINK, &cp->addr.bdaddr,
1910 cp->addr.type, sec_level, auth_type);
7a512d01 1911
1425acb7
JH		 1912 memset(&rp, 0, sizeof(rp));
1913 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
1914 rp.addr.type = cp->addr.type;
1915
30e76272 1916 if (IS_ERR(conn)) {
489dc48e
AK		 1917 int status;
1918
1919 if (PTR_ERR(conn) == -EBUSY)
1920 status = MGMT_STATUS_BUSY;
1921 else
1922 status = MGMT_STATUS_CONNECT_FAILED;
1923
bdb6d971 1924 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
489dc48e 1925 status, &rp,
04124681 1926 sizeof(rp));
e9a416b5
JH		 1927 goto unlock;
1928 }
1929
1930 if (conn->connect_cfm_cb) {
1931 hci_conn_put(conn);
bdb6d971 1932 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
04124681 1933 MGMT_STATUS_BUSY, &rp, sizeof(rp));
e9a416b5
JH		 1934 goto unlock;
1935 }
1936
2e58ef3e 1937 cmd = mgmt_pending_add(sk, MGMT_OP_PAIR_DEVICE, hdev, data, len);
e9a416b5
JH		 1938 if (!cmd) {
1939 err = -ENOMEM;
1940 hci_conn_put(conn);
1941 goto unlock;
1942 }
1943
7a512d01 1944 /* For LE, just connecting isn't a proof that the pairing finished */
591f47f3 1945 if (cp->addr.type == BDADDR_BREDR)
7a512d01 1946 conn->connect_cfm_cb = pairing_complete_cb;
4c47d739
VA		 1947 else
1948 conn->connect_cfm_cb = le_connect_complete_cb;
7a512d01 1949
e9a416b5
JH		 1950 conn->security_cfm_cb = pairing_complete_cb;
1951 conn->disconn_cfm_cb = pairing_complete_cb;
1952 conn->io_capability = cp->io_cap;
1953 cmd->user_data = conn;
1954
1955 if (conn->state == BT_CONNECTED &&
8ce8e2b5 1956 hci_conn_security(conn, sec_level, auth_type))
e9a416b5
JH		 1957 pairing_complete(cmd, 0);
1958
1959 err = 0;
1960
1961unlock:
09fd0de5 1962 hci_dev_unlock(hdev);
e9a416b5
JH		 1963 return err;
1964}
1965
04124681
GP		 1966static int cancel_pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
1967 u16 len)
28424707 1968{
0f4e68cf 1969 struct mgmt_addr_info *addr = data;
28424707
JH		 1970 struct pending_cmd *cmd;
1971 struct hci_conn *conn;
1972 int err;
1973
1974 BT_DBG("");
1975
28424707
JH		 1976 hci_dev_lock(hdev);
1977
5f97c1df 1978 if (!hdev_is_powered(hdev)) {
bdb6d971 1979 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
04124681 1980 MGMT_STATUS_NOT_POWERED);
5f97c1df
JH		 1981 goto unlock;
1982 }
1983
28424707
JH		 1984 cmd = mgmt_pending_find(MGMT_OP_PAIR_DEVICE, hdev);
1985 if (!cmd) {
bdb6d971 1986 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
04124681 1987 MGMT_STATUS_INVALID_PARAMS);
28424707
JH		 1988 goto unlock;
1989 }
1990
1991 conn = cmd->user_data;
1992
1993 if (bacmp(&addr->bdaddr, &conn->dst) != 0) {
bdb6d971 1994 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
04124681 1995 MGMT_STATUS_INVALID_PARAMS);
28424707
JH		 1996 goto unlock;
1997 }
1998
1999 pairing_complete(cmd, MGMT_STATUS_CANCELLED);
2000
bdb6d971 2001 err = cmd_complete(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE, 0,
04124681 2002 addr, sizeof(*addr));
28424707
JH		 2003unlock:
2004 hci_dev_unlock(hdev);
28424707
JH		 2005 return err;
2006}
2007
bdb6d971 2008static int user_pairing_resp(struct sock *sk, struct hci_dev *hdev,
04124681
GP		 2009 bdaddr_t *bdaddr, u8 type, u16 mgmt_op,
2010 u16 hci_op, __le32 passkey)
a5c29683 2011{
a5c29683 2012 struct pending_cmd *cmd;
0df4c185 2013 struct hci_conn *conn;
a5c29683
JH		 2014 int err;
2015
09fd0de5 2016 hci_dev_lock(hdev);
08ba5382 2017
4b34ee78 2018 if (!hdev_is_powered(hdev)) {
bdb6d971 2019 err = cmd_status(sk, hdev->id, mgmt_op,
04124681 2020 MGMT_STATUS_NOT_POWERED);
0df4c185 2021 goto done;
a5c29683
JH		 2022 }
2023
591f47f3 2024 if (type == BDADDR_BREDR)
272d90df
JH		 2025 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, bdaddr);
2026 else
47c15e2b 2027 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, bdaddr);
272d90df
JH		 2028
2029 if (!conn) {
bdb6d971 2030 err = cmd_status(sk, hdev->id, mgmt_op,
04124681 2031 MGMT_STATUS_NOT_CONNECTED);
272d90df
JH		 2032 goto done;
2033 }
47c15e2b 2034
591f47f3 2035 if (type == BDADDR_LE_PUBLIC || type == BDADDR_LE_RANDOM) {
47c15e2b 2036 /* Continue with pairing via SMP */
5fe57d9e
BG		 2037 err = smp_user_confirm_reply(conn, mgmt_op, passkey);
2038
2039 if (!err)
bdb6d971 2040 err = cmd_status(sk, hdev->id, mgmt_op,
04124681 2041 MGMT_STATUS_SUCCESS);
5fe57d9e 2042 else
bdb6d971 2043 err = cmd_status(sk, hdev->id, mgmt_op,
04124681 2044 MGMT_STATUS_FAILED);
47c15e2b 2045
47c15e2b
BG		 2046 goto done;
2047 }
2048
0df4c185 2049 cmd = mgmt_pending_add(sk, mgmt_op, hdev, bdaddr, sizeof(*bdaddr));
a5c29683
JH		 2050 if (!cmd) {
2051 err = -ENOMEM;
0df4c185 2052 goto done;
a5c29683
JH		 2053 }
2054
0df4c185 2055 /* Continue with pairing via HCI */
604086b7
BG		 2056 if (hci_op == HCI_OP_USER_PASSKEY_REPLY) {
2057 struct hci_cp_user_passkey_reply cp;
2058
2059 bacpy(&cp.bdaddr, bdaddr);
2060 cp.passkey = passkey;
2061 err = hci_send_cmd(hdev, hci_op, sizeof(cp), &cp);
2062 } else
2063 err = hci_send_cmd(hdev, hci_op, sizeof(*bdaddr), bdaddr);
2064
a664b5bc
JH		 2065 if (err < 0)
2066 mgmt_pending_remove(cmd);
a5c29683 2067
0df4c185 2068done:
09fd0de5 2069 hci_dev_unlock(hdev);
a5c29683
JH		 2070 return err;
2071}
2072
afeb019d
JK		 2073static int pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
2074 void *data, u16 len)
2075{
2076 struct mgmt_cp_pin_code_neg_reply *cp = data;
2077
2078 BT_DBG("");
2079
2080 return user_pairing_resp(sk, hdev, &cp->addr.bdaddr, cp->addr.type,
2081 MGMT_OP_PIN_CODE_NEG_REPLY,
2082 HCI_OP_PIN_CODE_NEG_REPLY, 0);
2083}
2084
04124681
GP		 2085static int user_confirm_reply(struct sock *sk, struct hci_dev *hdev, void *data,
2086 u16 len)
0df4c185 2087{
650f726d 2088 struct mgmt_cp_user_confirm_reply *cp = data;
0df4c185
BG		 2089
2090 BT_DBG("");
2091
2092 if (len != sizeof(*cp))
bdb6d971 2093 return cmd_status(sk, hdev->id, MGMT_OP_USER_CONFIRM_REPLY,
04124681 2094 MGMT_STATUS_INVALID_PARAMS);
0df4c185 2095
bdb6d971 2096 return user_pairing_resp(sk, hdev, &cp->addr.bdaddr, cp->addr.type,
04124681
GP		 2097 MGMT_OP_USER_CONFIRM_REPLY,
2098 HCI_OP_USER_CONFIRM_REPLY, 0);
0df4c185
BG		 2099}
2100
bdb6d971 2101static int user_confirm_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 2102 void *data, u16 len)
0df4c185 2103{
c9c2659f 2104 struct mgmt_cp_user_confirm_neg_reply *cp = data;
0df4c185
BG		 2105
2106 BT_DBG("");
2107
bdb6d971 2108 return user_pairing_resp(sk, hdev, &cp->addr.bdaddr, cp->addr.type,
04124681
GP		 2109 MGMT_OP_USER_CONFIRM_NEG_REPLY,
2110 HCI_OP_USER_CONFIRM_NEG_REPLY, 0);
0df4c185
BG		 2111}
2112
04124681
GP		 2113static int user_passkey_reply(struct sock *sk, struct hci_dev *hdev, void *data,
2114 u16 len)
604086b7 2115{
650f726d 2116 struct mgmt_cp_user_passkey_reply *cp = data;
604086b7
BG		 2117
2118 BT_DBG("");
2119
bdb6d971 2120 return user_pairing_resp(sk, hdev, &cp->addr.bdaddr, cp->addr.type,
04124681
GP		 2121 MGMT_OP_USER_PASSKEY_REPLY,
2122 HCI_OP_USER_PASSKEY_REPLY, cp->passkey);
604086b7
BG		 2123}
2124
bdb6d971 2125static int user_passkey_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 2126 void *data, u16 len)
604086b7 2127{
650f726d 2128 struct mgmt_cp_user_passkey_neg_reply *cp = data;
604086b7
BG		 2129
2130 BT_DBG("");
2131
bdb6d971 2132 return user_pairing_resp(sk, hdev, &cp->addr.bdaddr, cp->addr.type,
04124681
GP		 2133 MGMT_OP_USER_PASSKEY_NEG_REPLY,
2134 HCI_OP_USER_PASSKEY_NEG_REPLY, 0);
604086b7
BG		 2135}
2136
2b4bf397
JH		 2137static int update_name(struct hci_dev *hdev, const char *name)
2138{
2139 struct hci_cp_write_local_name cp;
2140
2141 memcpy(cp.name, name, sizeof(cp.name));
2142
2143 return hci_send_cmd(hdev, HCI_OP_WRITE_LOCAL_NAME, sizeof(cp), &cp);
2144}
2145
bdb6d971 2146static int set_local_name(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2147 u16 len)
b312b161 2148{
2b4bf397 2149 struct mgmt_cp_set_local_name *cp = data;
b312b161
JH		 2150 struct pending_cmd *cmd;
2151 int err;
2152
2153 BT_DBG("");
2154
09fd0de5 2155 hci_dev_lock(hdev);
b312b161 2156
2b4bf397 2157 memcpy(hdev->short_name, cp->short_name, sizeof(hdev->short_name));
28cc7bde 2158
b5235a65 2159 if (!hdev_is_powered(hdev)) {
2b4bf397 2160 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
28cc7bde
JH		 2161
2162 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
04124681 2163 data, len);
28cc7bde
JH		 2164 if (err < 0)
2165 goto failed;
2166
2167 err = mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, data, len,
04124681 2168 sk);
28cc7bde 2169
b5235a65
JH		 2170 goto failed;
2171 }
2172
28cc7bde 2173 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LOCAL_NAME, hdev, data, len);
b312b161
JH		 2174 if (!cmd) {
2175 err = -ENOMEM;
2176 goto failed;
2177 }
2178
2b4bf397 2179 err = update_name(hdev, cp->name);
b312b161
JH		 2180 if (err < 0)
2181 mgmt_pending_remove(cmd);
2182
2183failed:
09fd0de5 2184 hci_dev_unlock(hdev);
b312b161
JH		 2185 return err;
2186}
2187
0f4e68cf 2188static int read_local_oob_data(struct sock *sk, struct hci_dev *hdev,
04124681 2189 void *data, u16 data_len)
c35938b2 2190{
c35938b2
SJ		 2191 struct pending_cmd *cmd;
2192 int err;
2193
bdb6d971 2194 BT_DBG("%s", hdev->name);
c35938b2 2195
09fd0de5 2196 hci_dev_lock(hdev);
c35938b2 2197
4b34ee78 2198 if (!hdev_is_powered(hdev)) {
bdb6d971 2199 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
04124681 2200 MGMT_STATUS_NOT_POWERED);
c35938b2
SJ		 2201 goto unlock;
2202 }
2203
2204 if (!(hdev->features[6] & LMP_SIMPLE_PAIR)) {
bdb6d971 2205 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
04124681 2206 MGMT_STATUS_NOT_SUPPORTED);
c35938b2
SJ		 2207 goto unlock;
2208 }
2209
2e58ef3e 2210 if (mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev)) {
bdb6d971 2211 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
04124681 2212 MGMT_STATUS_BUSY);
c35938b2
SJ		 2213 goto unlock;
2214 }
2215
2e58ef3e 2216 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_DATA, hdev, NULL, 0);
c35938b2
SJ		 2217 if (!cmd) {
2218 err = -ENOMEM;
2219 goto unlock;
2220 }
2221
2222 err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL);
2223 if (err < 0)
2224 mgmt_pending_remove(cmd);
2225
2226unlock:
09fd0de5 2227 hci_dev_unlock(hdev);
c35938b2
SJ		 2228 return err;
2229}
2230
bdb6d971 2231static int add_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
04124681 2232 void *data, u16 len)
2763eda6 2233{
650f726d 2234 struct mgmt_cp_add_remote_oob_data *cp = data;
bf1e3541 2235 u8 status;
2763eda6
SJ		 2236 int err;
2237
bdb6d971 2238 BT_DBG("%s ", hdev->name);
2763eda6 2239
09fd0de5 2240 hci_dev_lock(hdev);
2763eda6 2241
5f97c1df 2242 if (!hdev_is_powered(hdev)) {
bdb6d971 2243 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA,
04124681
GP		 2244 MGMT_STATUS_NOT_POWERED, &cp->addr,
2245 sizeof(cp->addr));
5f97c1df
JH		 2246 goto unlock;
2247 }
2248
664ce4cc 2249 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr, cp->hash,
04124681 2250 cp->randomizer);
2763eda6 2251 if (err < 0)
bf1e3541 2252 status = MGMT_STATUS_FAILED;
2763eda6 2253 else
bf1e3541
JH		 2254 status = 0;
2255
bdb6d971 2256 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA, status,
04124681 2257 &cp->addr, sizeof(cp->addr));
2763eda6 2258
5f97c1df 2259unlock:
09fd0de5 2260 hci_dev_unlock(hdev);
2763eda6
SJ		 2261 return err;
2262}
2263
bdb6d971 2264static int remove_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
8ce8e2b5 2265 void *data, u16 len)
2763eda6 2266{
650f726d 2267 struct mgmt_cp_remove_remote_oob_data *cp = data;
bf1e3541 2268 u8 status;
2763eda6
SJ		 2269 int err;
2270
bdb6d971 2271 BT_DBG("%s", hdev->name);
2763eda6 2272
09fd0de5 2273 hci_dev_lock(hdev);
2763eda6 2274
5f97c1df 2275 if (!hdev_is_powered(hdev)) {
bdb6d971 2276 err = cmd_complete(sk, hdev->id,
04124681
GP		 2277 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
2278 MGMT_STATUS_NOT_POWERED, &cp->addr,
2279 sizeof(cp->addr));
5f97c1df
JH		 2280 goto unlock;
2281 }
2282
664ce4cc 2283 err = hci_remove_remote_oob_data(hdev, &cp->addr.bdaddr);
2763eda6 2284 if (err < 0)
bf1e3541 2285 status = MGMT_STATUS_INVALID_PARAMS;
2763eda6 2286 else
bf1e3541
JH		 2287 status = 0;
2288
bdb6d971 2289 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
04124681 2290 status, &cp->addr, sizeof(cp->addr));
2763eda6 2291
5f97c1df 2292unlock:
09fd0de5 2293 hci_dev_unlock(hdev);
2763eda6
SJ		 2294 return err;
2295}
2296
5e0452c0
AG		 2297int mgmt_interleaved_discovery(struct hci_dev *hdev)
2298{
2299 int err;
2300
2301 BT_DBG("%s", hdev->name);
2302
2303 hci_dev_lock(hdev);
2304
2305 err = hci_do_inquiry(hdev, INQUIRY_LEN_BREDR_LE);
2306 if (err < 0)
2307 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
2308
2309 hci_dev_unlock(hdev);
2310
2311 return err;
2312}
2313
bdb6d971 2314static int start_discovery(struct sock *sk, struct hci_dev *hdev,
04124681 2315 void *data, u16 len)
14a53664 2316{
650f726d 2317 struct mgmt_cp_start_discovery *cp = data;
14a53664 2318 struct pending_cmd *cmd;
14a53664
JH		 2319 int err;
2320
bdb6d971 2321 BT_DBG("%s", hdev->name);
14a53664 2322
09fd0de5 2323 hci_dev_lock(hdev);
14a53664 2324
4b34ee78 2325 if (!hdev_is_powered(hdev)) {
bdb6d971 2326 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
04124681 2327 MGMT_STATUS_NOT_POWERED);
bd2d1334
JH		 2328 goto failed;
2329 }
2330
642be6c7
AG		 2331 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags)) {
2332 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2333 MGMT_STATUS_BUSY);
2334 goto failed;
2335 }
2336
ff9ef578 2337 if (hdev->discovery.state != DISCOVERY_STOPPED) {
bdb6d971 2338 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
04124681 2339 MGMT_STATUS_BUSY);
ff9ef578
JH		 2340 goto failed;
2341 }
2342
2e58ef3e 2343 cmd = mgmt_pending_add(sk, MGMT_OP_START_DISCOVERY, hdev, NULL, 0);
14a53664
JH		 2344 if (!cmd) {
2345 err = -ENOMEM;
2346 goto failed;
2347 }
2348
4aab14e5
AG		 2349 hdev->discovery.type = cp->type;
2350
2351 switch (hdev->discovery.type) {
f39799f5 2352 case DISCOV_TYPE_BREDR:
8b90129c
AG		 2353 if (lmp_bredr_capable(hdev))
2354 err = hci_do_inquiry(hdev, INQUIRY_LEN_BREDR);
2355 else
2356 err = -ENOTSUPP;
f39799f5
AG		 2357 break;
2358
2359 case DISCOV_TYPE_LE:
8b90129c
AG		 2360 if (lmp_host_le_capable(hdev))
2361 err = hci_le_scan(hdev, LE_SCAN_TYPE, LE_SCAN_INT,
04124681 2362 LE_SCAN_WIN, LE_SCAN_TIMEOUT_LE_ONLY);
8b90129c
AG		 2363 else
2364 err = -ENOTSUPP;
f39799f5
AG		 2365 break;
2366
5e0452c0 2367 case DISCOV_TYPE_INTERLEAVED:
426c189a
AG		 2368 if (lmp_host_le_capable(hdev) && lmp_bredr_capable(hdev))
2369 err = hci_le_scan(hdev, LE_SCAN_TYPE, LE_SCAN_INT,
04124681
GP		 2370 LE_SCAN_WIN,
2371 LE_SCAN_TIMEOUT_BREDR_LE);
426c189a
AG		 2372 else
2373 err = -ENOTSUPP;
5e0452c0
AG		 2374 break;
2375
f39799f5 2376 default:
3fd24153 2377 err = -EINVAL;
f39799f5 2378 }
3fd24153 2379
14a53664
JH		 2380 if (err < 0)
2381 mgmt_pending_remove(cmd);
ff9ef578
JH		 2382 else
2383 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
14a53664
JH		 2384
2385failed:
09fd0de5 2386 hci_dev_unlock(hdev);
14a53664
JH		 2387 return err;
2388}
2389
bdb6d971 2390static int stop_discovery(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2391 u16 len)
14a53664 2392{
d930650b 2393 struct mgmt_cp_stop_discovery *mgmt_cp = data;
14a53664 2394 struct pending_cmd *cmd;
30dc78e1
JH		 2395 struct hci_cp_remote_name_req_cancel cp;
2396 struct inquiry_entry *e;
14a53664
JH		 2397 int err;
2398
bdb6d971 2399 BT_DBG("%s", hdev->name);
14a53664 2400
09fd0de5 2401 hci_dev_lock(hdev);
14a53664 2402
30dc78e1 2403 if (!hci_discovery_active(hdev)) {
bdb6d971 2404 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
04124681
GP		 2405 MGMT_STATUS_REJECTED, &mgmt_cp->type,
2406 sizeof(mgmt_cp->type));
d930650b
JH		 2407 goto unlock;
2408 }
2409
2410 if (hdev->discovery.type != mgmt_cp->type) {
bdb6d971 2411 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
04124681
GP		 2412 MGMT_STATUS_INVALID_PARAMS, &mgmt_cp->type,
2413 sizeof(mgmt_cp->type));
30dc78e1 2414 goto unlock;
ff9ef578
JH		 2415 }
2416
2e58ef3e 2417 cmd = mgmt_pending_add(sk, MGMT_OP_STOP_DISCOVERY, hdev, NULL, 0);
14a53664
JH		 2418 if (!cmd) {
2419 err = -ENOMEM;
30dc78e1
JH		 2420 goto unlock;
2421 }
2422
e0d9727e
AG		 2423 switch (hdev->discovery.state) {
2424 case DISCOVERY_FINDING:
c9ecc48e
AG		 2425 if (test_bit(HCI_INQUIRY, &hdev->flags))
2426 err = hci_cancel_inquiry(hdev);
2427 else
2428 err = hci_cancel_le_scan(hdev);
2429
e0d9727e
AG		 2430 break;
2431
2432 case DISCOVERY_RESOLVING:
2433 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY,
8ce8e2b5 2434 NAME_PENDING);
e0d9727e 2435 if (!e) {
30dc78e1 2436 mgmt_pending_remove(cmd);
e0d9727e
AG		 2437 err = cmd_complete(sk, hdev->id,
2438 MGMT_OP_STOP_DISCOVERY, 0,
2439 &mgmt_cp->type,
2440 sizeof(mgmt_cp->type));
2441 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
2442 goto unlock;
2443 }
30dc78e1 2444
e0d9727e
AG		 2445 bacpy(&cp.bdaddr, &e->data.bdaddr);
2446 err = hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ_CANCEL,
2447 sizeof(cp), &cp);
2448
2449 break;
2450
2451 default:
2452 BT_DBG("unknown discovery state %u", hdev->discovery.state);
2453 err = -EFAULT;
14a53664
JH		 2454 }
2455
14a53664
JH		 2456 if (err < 0)
2457 mgmt_pending_remove(cmd);
ff9ef578
JH		 2458 else
2459 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
14a53664 2460
30dc78e1 2461unlock:
09fd0de5 2462 hci_dev_unlock(hdev);
14a53664
JH		 2463 return err;
2464}
2465
bdb6d971 2466static int confirm_name(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2467 u16 len)
561aafbc 2468{
650f726d 2469 struct mgmt_cp_confirm_name *cp = data;
561aafbc 2470 struct inquiry_entry *e;
561aafbc
JH		 2471 int err;
2472
bdb6d971 2473 BT_DBG("%s", hdev->name);
561aafbc 2474
561aafbc
JH		 2475 hci_dev_lock(hdev);
2476
30dc78e1 2477 if (!hci_discovery_active(hdev)) {
bdb6d971 2478 err = cmd_status(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
04124681 2479 MGMT_STATUS_FAILED);
30dc78e1
JH		 2480 goto failed;
2481 }
2482
a198e7b1 2483 e = hci_inquiry_cache_lookup_unknown(hdev, &cp->addr.bdaddr);
561aafbc 2484 if (!e) {
bdb6d971 2485 err = cmd_status(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
04124681 2486 MGMT_STATUS_INVALID_PARAMS);
561aafbc
JH		 2487 goto failed;
2488 }
2489
2490 if (cp->name_known) {
2491 e->name_state = NAME_KNOWN;
2492 list_del(&e->list);
2493 } else {
2494 e->name_state = NAME_NEEDED;
a3d4e20a 2495 hci_inquiry_cache_update_resolve(hdev, e);
561aafbc
JH		 2496 }
2497
2498 err = 0;
2499
2500failed:
2501 hci_dev_unlock(hdev);
561aafbc
JH		 2502 return err;
2503}
2504
bdb6d971 2505static int block_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2506 u16 len)
7fbec224 2507{
650f726d 2508 struct mgmt_cp_block_device *cp = data;
f0eeea8b 2509 u8 status;
7fbec224
AJ		 2510 int err;
2511
bdb6d971 2512 BT_DBG("%s", hdev->name);
7fbec224 2513
09fd0de5 2514 hci_dev_lock(hdev);
5e762444 2515
88c1fe4b 2516 err = hci_blacklist_add(hdev, &cp->addr.bdaddr, cp->addr.type);
7fbec224 2517 if (err < 0)
f0eeea8b 2518 status = MGMT_STATUS_FAILED;
7fbec224 2519 else
f0eeea8b
JH		 2520 status = 0;
2521
bdb6d971 2522 err = cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE, status,
04124681 2523 &cp->addr, sizeof(cp->addr));
5e762444 2524
09fd0de5 2525 hci_dev_unlock(hdev);
7fbec224
AJ		 2526
2527 return err;
2528}
2529
bdb6d971 2530static int unblock_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2531 u16 len)
7fbec224 2532{
650f726d 2533 struct mgmt_cp_unblock_device *cp = data;
f0eeea8b 2534 u8 status;
7fbec224
AJ		 2535 int err;
2536
bdb6d971 2537 BT_DBG("%s", hdev->name);
7fbec224 2538
09fd0de5 2539 hci_dev_lock(hdev);
5e762444 2540
88c1fe4b 2541 err = hci_blacklist_del(hdev, &cp->addr.bdaddr, cp->addr.type);
7fbec224 2542 if (err < 0)
f0eeea8b 2543 status = MGMT_STATUS_INVALID_PARAMS;
7fbec224 2544 else
f0eeea8b
JH		 2545 status = 0;
2546
bdb6d971 2547 err = cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE, status,
04124681 2548 &cp->addr, sizeof(cp->addr));
5e762444 2549
09fd0de5 2550 hci_dev_unlock(hdev);
7fbec224
AJ		 2551
2552 return err;
2553}
2554
cdbaccca
MH		 2555static int set_device_id(struct sock *sk, struct hci_dev *hdev, void *data,
2556 u16 len)
2557{
2558 struct mgmt_cp_set_device_id *cp = data;
2559 int err;
c72d4b8a 2560 __u16 source;
cdbaccca
MH		 2561
2562 BT_DBG("%s", hdev->name);
2563
c72d4b8a
SJ		 2564 source = __le16_to_cpu(cp->source);
2565
2566 if (source > 0x0002)
2567 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEVICE_ID,
2568 MGMT_STATUS_INVALID_PARAMS);
2569
cdbaccca
MH		 2570 hci_dev_lock(hdev);
2571
c72d4b8a 2572 hdev->devid_source = source;
cdbaccca
MH		 2573 hdev->devid_vendor = __le16_to_cpu(cp->vendor);
2574 hdev->devid_product = __le16_to_cpu(cp->product);
2575 hdev->devid_version = __le16_to_cpu(cp->version);
2576
2577 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEVICE_ID, 0, NULL, 0);
2578
2579 update_eir(hdev);
2580
2581 hci_dev_unlock(hdev);
2582
2583 return err;
2584}
2585
bdb6d971 2586static int set_fast_connectable(struct sock *sk, struct hci_dev *hdev,
04124681 2587 void *data, u16 len)
f6422ec6 2588{
650f726d 2589 struct mgmt_mode *cp = data;
f6422ec6
AJ		 2590 struct hci_cp_write_page_scan_activity acp;
2591 u8 type;
2592 int err;
2593
bdb6d971 2594 BT_DBG("%s", hdev->name);
f6422ec6 2595
5400c044 2596 if (!hdev_is_powered(hdev))
bdb6d971 2597 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
04124681 2598 MGMT_STATUS_NOT_POWERED);
5400c044
JH		 2599
2600 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
bdb6d971 2601 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
04124681 2602 MGMT_STATUS_REJECTED);
f6422ec6
AJ		 2603
2604 hci_dev_lock(hdev);
2605
f7c6869c 2606 if (cp->val) {
f6422ec6 2607 type = PAGE_SCAN_TYPE_INTERLACED;
76ec9de8 2608
83ce9a06
JH		 2609 /* 160 msec page scan interval */
2610 acp.interval = __constant_cpu_to_le16(0x0100);
f6422ec6
AJ		 2611 } else {
2612 type = PAGE_SCAN_TYPE_STANDARD; /* default */
76ec9de8
AE		 2613
2614 /* default 1.28 sec page scan */
2615 acp.interval = __constant_cpu_to_le16(0x0800);
f6422ec6
AJ		 2616 }
2617
76ec9de8
AE		 2618 /* default 11.25 msec page scan window */
2619 acp.window = __constant_cpu_to_le16(0x0012);
f6422ec6 2620
04124681
GP		 2621 err = hci_send_cmd(hdev, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY, sizeof(acp),
2622 &acp);
f6422ec6 2623 if (err < 0) {
bdb6d971 2624 err = cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
04124681 2625 MGMT_STATUS_FAILED);
f6422ec6
AJ		 2626 goto done;
2627 }
2628
2629 err = hci_send_cmd(hdev, HCI_OP_WRITE_PAGE_SCAN_TYPE, 1, &type);
2630 if (err < 0) {
bdb6d971 2631 err = cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
04124681 2632 MGMT_STATUS_FAILED);
f6422ec6
AJ		 2633 goto done;
2634 }
2635
bdb6d971 2636 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE, 0,
04124681 2637 NULL, 0);
f6422ec6
AJ		 2638done:
2639 hci_dev_unlock(hdev);
f6422ec6
AJ		 2640 return err;
2641}
2642
bdb6d971 2643static int load_long_term_keys(struct sock *sk, struct hci_dev *hdev,
04124681 2644 void *cp_data, u16 len)
346af67b 2645{
346af67b
VCG		 2646 struct mgmt_cp_load_long_term_keys *cp = cp_data;
2647 u16 key_count, expected_len;
2648 int i;
2649
1f350c87 2650 key_count = __le16_to_cpu(cp->key_count);
346af67b
VCG		 2651
2652 expected_len = sizeof(*cp) + key_count *
2653 sizeof(struct mgmt_ltk_info);
2654 if (expected_len != len) {
2655 BT_ERR("load_keys: expected %u bytes, got %u bytes",
8ce8e2b5 2656 len, expected_len);
bdb6d971 2657 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
04124681 2658 EINVAL);
346af67b
VCG		 2659 }
2660
bdb6d971 2661 BT_DBG("%s key_count %u", hdev->name, key_count);
346af67b
VCG		 2662
2663 hci_dev_lock(hdev);
2664
2665 hci_smp_ltks_clear(hdev);
2666
2667 for (i = 0; i < key_count; i++) {
2668 struct mgmt_ltk_info *key = &cp->keys[i];
2669 u8 type;
2670
2671 if (key->master)
2672 type = HCI_SMP_LTK;
2673 else
2674 type = HCI_SMP_LTK_SLAVE;
2675
4596fde5 2676 hci_add_ltk(hdev, &key->addr.bdaddr,
378b5b7e 2677 bdaddr_to_le(key->addr.type),
04124681
GP		 2678 type, 0, key->authenticated, key->val,
2679 key->enc_size, key->ediv, key->rand);
346af67b
VCG		 2680 }
2681
2682 hci_dev_unlock(hdev);
346af67b
VCG		 2683
2684 return 0;
2685}
2686
2e3c35ea 2687static const struct mgmt_handler {
04124681
GP		 2688 int (*func) (struct sock *sk, struct hci_dev *hdev, void *data,
2689 u16 data_len);
be22b54e
JH		 2690 bool var_len;
2691 size_t data_len;
0f4e68cf
JH		 2692} mgmt_handlers[] = {
2693 { NULL }, /* 0x0000 (no command) */
be22b54e
JH		 2694 { read_version, false, MGMT_READ_VERSION_SIZE },
2695 { read_commands, false, MGMT_READ_COMMANDS_SIZE },
2696 { read_index_list, false, MGMT_READ_INDEX_LIST_SIZE },
2697 { read_controller_info, false, MGMT_READ_INFO_SIZE },
2698 { set_powered, false, MGMT_SETTING_SIZE },
2699 { set_discoverable, false, MGMT_SET_DISCOVERABLE_SIZE },
2700 { set_connectable, false, MGMT_SETTING_SIZE },
2701 { set_fast_connectable, false, MGMT_SETTING_SIZE },
2702 { set_pairable, false, MGMT_SETTING_SIZE },
2703 { set_link_security, false, MGMT_SETTING_SIZE },
2704 { set_ssp, false, MGMT_SETTING_SIZE },
2705 { set_hs, false, MGMT_SETTING_SIZE },
2706 { set_le, false, MGMT_SETTING_SIZE },
2707 { set_dev_class, false, MGMT_SET_DEV_CLASS_SIZE },
2708 { set_local_name, false, MGMT_SET_LOCAL_NAME_SIZE },
2709 { add_uuid, false, MGMT_ADD_UUID_SIZE },
2710 { remove_uuid, false, MGMT_REMOVE_UUID_SIZE },
2711 { load_link_keys, true, MGMT_LOAD_LINK_KEYS_SIZE },
2712 { load_long_term_keys, true, MGMT_LOAD_LONG_TERM_KEYS_SIZE },
2713 { disconnect, false, MGMT_DISCONNECT_SIZE },
2714 { get_connections, false, MGMT_GET_CONNECTIONS_SIZE },
2715 { pin_code_reply, false, MGMT_PIN_CODE_REPLY_SIZE },
2716 { pin_code_neg_reply, false, MGMT_PIN_CODE_NEG_REPLY_SIZE },
2717 { set_io_capability, false, MGMT_SET_IO_CAPABILITY_SIZE },
2718 { pair_device, false, MGMT_PAIR_DEVICE_SIZE },
2719 { cancel_pair_device, false, MGMT_CANCEL_PAIR_DEVICE_SIZE },
2720 { unpair_device, false, MGMT_UNPAIR_DEVICE_SIZE },
2721 { user_confirm_reply, false, MGMT_USER_CONFIRM_REPLY_SIZE },
2722 { user_confirm_neg_reply, false, MGMT_USER_CONFIRM_NEG_REPLY_SIZE },
2723 { user_passkey_reply, false, MGMT_USER_PASSKEY_REPLY_SIZE },
2724 { user_passkey_neg_reply, false, MGMT_USER_PASSKEY_NEG_REPLY_SIZE },
2725 { read_local_oob_data, false, MGMT_READ_LOCAL_OOB_DATA_SIZE },
2726 { add_remote_oob_data, false, MGMT_ADD_REMOTE_OOB_DATA_SIZE },
2727 { remove_remote_oob_data, false, MGMT_REMOVE_REMOTE_OOB_DATA_SIZE },
2728 { start_discovery, false, MGMT_START_DISCOVERY_SIZE },
2729 { stop_discovery, false, MGMT_STOP_DISCOVERY_SIZE },
2730 { confirm_name, false, MGMT_CONFIRM_NAME_SIZE },
2731 { block_device, false, MGMT_BLOCK_DEVICE_SIZE },
2732 { unblock_device, false, MGMT_UNBLOCK_DEVICE_SIZE },
cdbaccca 2733 { set_device_id, false, MGMT_SET_DEVICE_ID_SIZE },
0f4e68cf
JH		 2734};
2735
2736
0381101f
JH		 2737int mgmt_control(struct sock *sk, struct msghdr *msg, size_t msglen)
2738{
650f726d
VCG		 2739 void *buf;
2740 u8 *cp;
0381101f 2741 struct mgmt_hdr *hdr;
4e51eae9 2742 u16 opcode, index, len;
bdb6d971 2743 struct hci_dev *hdev = NULL;
2e3c35ea 2744 const struct mgmt_handler *handler;
0381101f
JH		 2745 int err;
2746
2747 BT_DBG("got %zu bytes", msglen);
2748
2749 if (msglen < sizeof(*hdr))
2750 return -EINVAL;
2751
e63a15ec 2752 buf = kmalloc(msglen, GFP_KERNEL);
0381101f
JH		 2753 if (!buf)
2754 return -ENOMEM;
2755
2756 if (memcpy_fromiovec(buf, msg->msg_iov, msglen)) {
2757 err = -EFAULT;
2758 goto done;
2759 }
2760
650f726d 2761 hdr = buf;
1f350c87
MH		 2762 opcode = __le16_to_cpu(hdr->opcode);
2763 index = __le16_to_cpu(hdr->index);
2764 len = __le16_to_cpu(hdr->len);
0381101f
JH		 2765
2766 if (len != msglen - sizeof(*hdr)) {
2767 err = -EINVAL;
2768 goto done;
2769 }
2770
0f4e68cf 2771 if (index != MGMT_INDEX_NONE) {
bdb6d971
JH		 2772 hdev = hci_dev_get(index);
2773 if (!hdev) {
2774 err = cmd_status(sk, index, opcode,
04124681 2775 MGMT_STATUS_INVALID_INDEX);
bdb6d971
JH		 2776 goto done;
2777 }
2778 }
2779
0f4e68cf 2780 if (opcode >= ARRAY_SIZE(mgmt_handlers) ||
8ce8e2b5 2781 mgmt_handlers[opcode].func == NULL) {
0381101f 2782 BT_DBG("Unknown op %u", opcode);
ca69b795 2783 err = cmd_status(sk, index, opcode,
04124681 2784 MGMT_STATUS_UNKNOWN_COMMAND);
0f4e68cf
JH		 2785 goto done;
2786 }
2787
2788 if ((hdev && opcode < MGMT_OP_READ_INFO) ||
8ce8e2b5 2789 (!hdev && opcode >= MGMT_OP_READ_INFO)) {
0f4e68cf 2790 err = cmd_status(sk, index, opcode,
04124681 2791 MGMT_STATUS_INVALID_INDEX);
0f4e68cf 2792 goto done;
0381101f
JH		 2793 }
2794
be22b54e
JH		 2795 handler = &mgmt_handlers[opcode];
2796
2797 if ((handler->var_len && len < handler->data_len) ||
8ce8e2b5 2798 (!handler->var_len && len != handler->data_len)) {
be22b54e 2799 err = cmd_status(sk, index, opcode,
04124681 2800 MGMT_STATUS_INVALID_PARAMS);
be22b54e
JH		 2801 goto done;
2802 }
2803
0f4e68cf
JH		 2804 if (hdev)
2805 mgmt_init_hdev(sk, hdev);
2806
2807 cp = buf + sizeof(*hdr);
2808
be22b54e 2809 err = handler->func(sk, hdev, cp, len);
e41d8b4e
JH		 2810 if (err < 0)
2811 goto done;
2812
0381101f
JH		 2813 err = msglen;
2814
2815done:
bdb6d971
JH		 2816 if (hdev)
2817 hci_dev_put(hdev);
2818
0381101f
JH		 2819 kfree(buf);
2820 return err;
2821}
c71e97bf 2822
b24752fe
JH		 2823static void cmd_status_rsp(struct pending_cmd *cmd, void *data)
2824{
2825 u8 *status = data;
2826
2827 cmd_status(cmd->sk, cmd->index, cmd->opcode, *status);
2828 mgmt_pending_remove(cmd);
2829}
2830
744cf19e 2831int mgmt_index_added(struct hci_dev *hdev)
c71e97bf 2832{
bb4b2a9a
AE		 2833 if (!mgmt_valid_hdev(hdev))
2834 return -ENOTSUPP;
2835
744cf19e 2836 return mgmt_event(MGMT_EV_INDEX_ADDED, hdev, NULL, 0, NULL);
c71e97bf
JH		 2837}
2838
744cf19e 2839int mgmt_index_removed(struct hci_dev *hdev)
c71e97bf 2840{
5f159032 2841 u8 status = MGMT_STATUS_INVALID_INDEX;
b24752fe 2842
bb4b2a9a
AE		 2843 if (!mgmt_valid_hdev(hdev))
2844 return -ENOTSUPP;
2845
744cf19e 2846 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status);
b24752fe 2847
744cf19e 2848 return mgmt_event(MGMT_EV_INDEX_REMOVED, hdev, NULL, 0, NULL);
eec8d2bc
JH		 2849}
2850
73f22f62 2851struct cmd_lookup {
eec8d2bc 2852 struct sock *sk;
69ab39ea 2853 struct hci_dev *hdev;
90e70454 2854 u8 mgmt_status;
eec8d2bc
JH		 2855};
2856
69ab39ea 2857static void settings_rsp(struct pending_cmd *cmd, void *data)
eec8d2bc 2858{
73f22f62 2859 struct cmd_lookup *match = data;
eec8d2bc 2860
69ab39ea 2861 send_settings_rsp(cmd->sk, cmd->opcode, match->hdev);
eec8d2bc
JH		 2862
2863 list_del(&cmd->list);
2864
2865 if (match->sk == NULL) {
2866 match->sk = cmd->sk;
2867 sock_hold(match->sk);
2868 }
2869
2870 mgmt_pending_free(cmd);
c71e97bf 2871}
5add6af8 2872
744cf19e 2873int mgmt_powered(struct hci_dev *hdev, u8 powered)
5add6af8 2874{
76a7f3a4 2875 struct cmd_lookup match = { NULL, hdev };
7bb895d6 2876 int err;
5add6af8 2877
5e5282bb
JH		 2878 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
2879 return 0;
2880
69ab39ea 2881 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
5add6af8 2882
5e5282bb
JH		 2883 if (powered) {
2884 u8 scan = 0;
2885
2886 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
2887 scan |= SCAN_PAGE;
2888 if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
2889 scan |= SCAN_INQUIRY;
2890
2891 if (scan)
2892 hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
504c8dcd
JH		 2893
2894 update_class(hdev);
2b4bf397 2895 update_name(hdev, hdev->dev_name);
504c8dcd 2896 update_eir(hdev);
5e5282bb 2897 } else {
d4f68526 2898 u8 status = MGMT_STATUS_NOT_POWERED;
744cf19e 2899 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status);
b24752fe
JH		 2900 }
2901
beadb2bd 2902 err = new_settings(hdev, match.sk);
eec8d2bc
JH		 2903
2904 if (match.sk)
2905 sock_put(match.sk);
2906
7bb895d6 2907 return err;
5add6af8 2908}
73f22f62 2909
744cf19e 2910int mgmt_discoverable(struct hci_dev *hdev, u8 discoverable)
73f22f62 2911{
76a7f3a4 2912 struct cmd_lookup match = { NULL, hdev };
5e5282bb
JH		 2913 bool changed = false;
2914 int err = 0;
73f22f62 2915
5e5282bb
JH		 2916 if (discoverable) {
2917 if (!test_and_set_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
2918 changed = true;
2919 } else {
2920 if (test_and_clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
2921 changed = true;
2922 }
73f22f62 2923
ed9b5f2f 2924 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, hdev, settings_rsp,
04124681 2925 &match);
ed9b5f2f 2926
beadb2bd
JH		 2927 if (changed)
2928 err = new_settings(hdev, match.sk);
5e5282bb 2929
73f22f62
JH		 2930 if (match.sk)
2931 sock_put(match.sk);
2932
7bb895d6 2933 return err;
73f22f62 2934}
9fbcbb45 2935
744cf19e 2936int mgmt_connectable(struct hci_dev *hdev, u8 connectable)
9fbcbb45 2937{
76a7f3a4 2938 struct cmd_lookup match = { NULL, hdev };
5e5282bb
JH		 2939 bool changed = false;
2940 int err = 0;
9fbcbb45 2941
5e5282bb
JH		 2942 if (connectable) {
2943 if (!test_and_set_bit(HCI_CONNECTABLE, &hdev->dev_flags))
2944 changed = true;
2945 } else {
2946 if (test_and_clear_bit(HCI_CONNECTABLE, &hdev->dev_flags))
2947 changed = true;
2948 }
9fbcbb45 2949
ed9b5f2f 2950 mgmt_pending_foreach(MGMT_OP_SET_CONNECTABLE, hdev, settings_rsp,
04124681 2951 &match);
ed9b5f2f 2952
beadb2bd
JH		 2953 if (changed)
2954 err = new_settings(hdev, match.sk);
9fbcbb45
JH		 2955
2956 if (match.sk)
2957 sock_put(match.sk);
2958
7bb895d6 2959 return err;
9fbcbb45 2960}
55ed8ca1 2961
744cf19e 2962int mgmt_write_scan_failed(struct hci_dev *hdev, u8 scan, u8 status)
2d7cee58 2963{
ca69b795
JH		 2964 u8 mgmt_err = mgmt_status(status);
2965
2d7cee58 2966 if (scan & SCAN_PAGE)
744cf19e 2967 mgmt_pending_foreach(MGMT_OP_SET_CONNECTABLE, hdev,
04124681 2968 cmd_status_rsp, &mgmt_err);
2d7cee58
JH		 2969
2970 if (scan & SCAN_INQUIRY)
744cf19e 2971 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, hdev,
04124681 2972 cmd_status_rsp, &mgmt_err);
2d7cee58
JH		 2973
2974 return 0;
2975}
2976
53168e5b
CC		 2977int mgmt_new_link_key(struct hci_dev *hdev, struct link_key *key,
2978 bool persistent)
55ed8ca1 2979{
86742e1e 2980 struct mgmt_ev_new_link_key ev;
55ed8ca1 2981
a492cd52 2982 memset(&ev, 0, sizeof(ev));
55ed8ca1 2983
a492cd52 2984 ev.store_hint = persistent;
d753fdc4 2985 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
591f47f3 2986 ev.key.addr.type = BDADDR_BREDR;
a492cd52 2987 ev.key.type = key->type;
9b3b4460 2988 memcpy(ev.key.val, key->val, HCI_LINK_KEY_SIZE);
a492cd52 2989 ev.key.pin_len = key->pin_len;
55ed8ca1 2990
744cf19e 2991 return mgmt_event(MGMT_EV_NEW_LINK_KEY, hdev, &ev, sizeof(ev), NULL);
55ed8ca1 2992}
f7520543 2993
346af67b
VCG		 2994int mgmt_new_ltk(struct hci_dev *hdev, struct smp_ltk *key, u8 persistent)
2995{
2996 struct mgmt_ev_new_long_term_key ev;
2997
2998 memset(&ev, 0, sizeof(ev));
2999
3000 ev.store_hint = persistent;
3001 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
57c1477c 3002 ev.key.addr.type = link_to_bdaddr(LE_LINK, key->bdaddr_type);
346af67b
VCG		 3003 ev.key.authenticated = key->authenticated;
3004 ev.key.enc_size = key->enc_size;
3005 ev.key.ediv = key->ediv;
3006
3007 if (key->type == HCI_SMP_LTK)
3008 ev.key.master = 1;
3009
3010 memcpy(ev.key.rand, key->rand, sizeof(key->rand));
3011 memcpy(ev.key.val, key->val, sizeof(key->val));
3012
04124681
GP		 3013 return mgmt_event(MGMT_EV_NEW_LONG_TERM_KEY, hdev, &ev, sizeof(ev),
3014 NULL);
346af67b
VCG		 3015}
3016
afc747a6 3017int mgmt_device_connected(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
04124681
GP		 3018 u8 addr_type, u32 flags, u8 *name, u8 name_len,
3019 u8 *dev_class)
f7520543 3020{
b644ba33
JH		 3021 char buf[512];
3022 struct mgmt_ev_device_connected *ev = (void *) buf;
3023 u16 eir_len = 0;
f7520543 3024
b644ba33 3025 bacpy(&ev->addr.bdaddr, bdaddr);
57c1477c 3026 ev->addr.type = link_to_bdaddr(link_type, addr_type);
f7520543 3027
c95f0ba7 3028 ev->flags = __cpu_to_le32(flags);
08c79b61 3029
b644ba33
JH		 3030 if (name_len > 0)
3031 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE,
04124681 3032 name, name_len);
b644ba33
JH		 3033
3034 if (dev_class && memcmp(dev_class, "\0\0\0", 3) != 0)
53156385 3035 eir_len = eir_append_data(ev->eir, eir_len,
04124681 3036 EIR_CLASS_OF_DEV, dev_class, 3);
b644ba33 3037
eb55ef07 3038 ev->eir_len = cpu_to_le16(eir_len);
b644ba33
JH		 3039
3040 return mgmt_event(MGMT_EV_DEVICE_CONNECTED, hdev, buf,
04124681 3041 sizeof(*ev) + eir_len, NULL);
f7520543
JH		 3042}
3043
8962ee74
JH		 3044static void disconnect_rsp(struct pending_cmd *cmd, void *data)
3045{
c68fb7ff 3046 struct mgmt_cp_disconnect *cp = cmd->param;
8962ee74 3047 struct sock **sk = data;
a38528f1 3048 struct mgmt_rp_disconnect rp;
8962ee74 3049
88c3df13
JH		 3050 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
3051 rp.addr.type = cp->addr.type;
8962ee74 3052
aee9b218 3053 cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT, 0, &rp,
04124681 3054 sizeof(rp));
8962ee74
JH		 3055
3056 *sk = cmd->sk;
3057 sock_hold(*sk);
3058
a664b5bc 3059 mgmt_pending_remove(cmd);
8962ee74
JH		 3060}
3061
124f6e35 3062static void unpair_device_rsp(struct pending_cmd *cmd, void *data)
a8a1d19e 3063{
b1078ad0 3064 struct hci_dev *hdev = data;
124f6e35
JH		 3065 struct mgmt_cp_unpair_device *cp = cmd->param;
3066 struct mgmt_rp_unpair_device rp;
a8a1d19e
JH		 3067
3068 memset(&rp, 0, sizeof(rp));
124f6e35
JH		 3069 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
3070 rp.addr.type = cp->addr.type;
a8a1d19e 3071
b1078ad0
JH		 3072 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, cmd->sk);
3073
aee9b218 3074 cmd_complete(cmd->sk, cmd->index, cmd->opcode, 0, &rp, sizeof(rp));
a8a1d19e
JH		 3075
3076 mgmt_pending_remove(cmd);
3077}
3078
afc747a6 3079int mgmt_device_disconnected(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 3080 u8 link_type, u8 addr_type)
f7520543 3081{
4c659c39 3082 struct mgmt_addr_info ev;
8962ee74
JH		 3083 struct sock *sk = NULL;
3084 int err;
3085
744cf19e 3086 mgmt_pending_foreach(MGMT_OP_DISCONNECT, hdev, disconnect_rsp, &sk);
f7520543 3087
f7520543 3088 bacpy(&ev.bdaddr, bdaddr);
57c1477c 3089 ev.type = link_to_bdaddr(link_type, addr_type);
f7520543 3090
afc747a6 3091 err = mgmt_event(MGMT_EV_DEVICE_DISCONNECTED, hdev, &ev, sizeof(ev),
04124681 3092 sk);
8962ee74
JH		 3093
3094 if (sk)
d97dcb66 3095 sock_put(sk);
8962ee74 3096
124f6e35 3097 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
04124681 3098 hdev);
a8a1d19e 3099
8962ee74
JH		 3100 return err;
3101}
3102
88c3df13 3103int mgmt_disconnect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 3104 u8 link_type, u8 addr_type, u8 status)
8962ee74 3105{
88c3df13 3106 struct mgmt_rp_disconnect rp;
8962ee74
JH		 3107 struct pending_cmd *cmd;
3108 int err;
3109
2e58ef3e 3110 cmd = mgmt_pending_find(MGMT_OP_DISCONNECT, hdev);
8962ee74
JH		 3111 if (!cmd)
3112 return -ENOENT;
3113
88c3df13 3114 bacpy(&rp.addr.bdaddr, bdaddr);
57c1477c 3115 rp.addr.type = link_to_bdaddr(link_type, addr_type);
37d9ef76 3116
88c3df13 3117 err = cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT,
04124681 3118 mgmt_status(status), &rp, sizeof(rp));
8962ee74 3119
a664b5bc 3120 mgmt_pending_remove(cmd);
8962ee74 3121
b1078ad0 3122 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
8ce8e2b5 3123 hdev);
8962ee74 3124 return err;
f7520543 3125}
17d5c04c 3126
48264f06 3127int mgmt_connect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
04124681 3128 u8 addr_type, u8 status)
17d5c04c
JH		 3129{
3130 struct mgmt_ev_connect_failed ev;
3131
4c659c39 3132 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 3133 ev.addr.type = link_to_bdaddr(link_type, addr_type);
ca69b795 3134 ev.status = mgmt_status(status);
17d5c04c 3135
744cf19e 3136 return mgmt_event(MGMT_EV_CONNECT_FAILED, hdev, &ev, sizeof(ev), NULL);
17d5c04c 3137}
980e1a53 3138
744cf19e 3139int mgmt_pin_code_request(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 secure)
980e1a53
JH		 3140{
3141 struct mgmt_ev_pin_code_request ev;
3142
d8457698 3143 bacpy(&ev.addr.bdaddr, bdaddr);
591f47f3 3144 ev.addr.type = BDADDR_BREDR;
a770bb5a 3145 ev.secure = secure;
980e1a53 3146
744cf19e 3147 return mgmt_event(MGMT_EV_PIN_CODE_REQUEST, hdev, &ev, sizeof(ev),
04124681 3148 NULL);
980e1a53
JH		 3149}
3150
744cf19e 3151int mgmt_pin_code_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 3152 u8 status)
980e1a53
JH		 3153{
3154 struct pending_cmd *cmd;
ac56fb13 3155 struct mgmt_rp_pin_code_reply rp;
980e1a53
JH		 3156 int err;
3157
2e58ef3e 3158 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_REPLY, hdev);
980e1a53
JH		 3159 if (!cmd)
3160 return -ENOENT;
3161
d8457698 3162 bacpy(&rp.addr.bdaddr, bdaddr);
591f47f3 3163 rp.addr.type = BDADDR_BREDR;
ac56fb13 3164
aee9b218 3165 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
04124681 3166 mgmt_status(status), &rp, sizeof(rp));
980e1a53 3167
a664b5bc 3168 mgmt_pending_remove(cmd);
980e1a53
JH		 3169
3170 return err;
3171}
3172
744cf19e 3173int mgmt_pin_code_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 3174 u8 status)
980e1a53
JH		 3175{
3176 struct pending_cmd *cmd;
ac56fb13 3177 struct mgmt_rp_pin_code_reply rp;
980e1a53
JH		 3178 int err;
3179
2e58ef3e 3180 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_NEG_REPLY, hdev);
980e1a53
JH		 3181 if (!cmd)
3182 return -ENOENT;
3183
d8457698 3184 bacpy(&rp.addr.bdaddr, bdaddr);
591f47f3 3185 rp.addr.type = BDADDR_BREDR;
ac56fb13 3186
aee9b218 3187 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_NEG_REPLY,
04124681 3188 mgmt_status(status), &rp, sizeof(rp));
980e1a53 3189
a664b5bc 3190 mgmt_pending_remove(cmd);
980e1a53
JH		 3191
3192 return err;
3193}
a5c29683 3194
744cf19e 3195int mgmt_user_confirm_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681
GP		 3196 u8 link_type, u8 addr_type, __le32 value,
3197 u8 confirm_hint)
a5c29683
JH		 3198{
3199 struct mgmt_ev_user_confirm_request ev;
3200
744cf19e 3201 BT_DBG("%s", hdev->name);
a5c29683 3202
272d90df 3203 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 3204 ev.addr.type = link_to_bdaddr(link_type, addr_type);
55bc1a37 3205 ev.confirm_hint = confirm_hint;
78e8098e 3206 ev.value = value;
a5c29683 3207
744cf19e 3208 return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST, hdev, &ev, sizeof(ev),
04124681 3209 NULL);
a5c29683
JH		 3210}
3211
272d90df 3212int mgmt_user_passkey_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
8ce8e2b5 3213 u8 link_type, u8 addr_type)
604086b7
BG		 3214{
3215 struct mgmt_ev_user_passkey_request ev;
3216
3217 BT_DBG("%s", hdev->name);
3218
272d90df 3219 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 3220 ev.addr.type = link_to_bdaddr(link_type, addr_type);
604086b7
BG		 3221
3222 return mgmt_event(MGMT_EV_USER_PASSKEY_REQUEST, hdev, &ev, sizeof(ev),
04124681 3223 NULL);
604086b7
BG		 3224}
3225
0df4c185 3226static int user_pairing_resp_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
8ce8e2b5
GP		 3227 u8 link_type, u8 addr_type, u8 status,
3228 u8 opcode)
a5c29683
JH		 3229{
3230 struct pending_cmd *cmd;
3231 struct mgmt_rp_user_confirm_reply rp;
3232 int err;
3233
2e58ef3e 3234 cmd = mgmt_pending_find(opcode, hdev);
a5c29683
JH		 3235 if (!cmd)
3236 return -ENOENT;
3237
272d90df 3238 bacpy(&rp.addr.bdaddr, bdaddr);
57c1477c 3239 rp.addr.type = link_to_bdaddr(link_type, addr_type);
aee9b218 3240 err = cmd_complete(cmd->sk, hdev->id, opcode, mgmt_status(status),
04124681 3241 &rp, sizeof(rp));
a5c29683 3242
a664b5bc 3243 mgmt_pending_remove(cmd);
a5c29683
JH		 3244
3245 return err;
3246}
3247
744cf19e 3248int mgmt_user_confirm_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 3249 u8 link_type, u8 addr_type, u8 status)
a5c29683 3250{
272d90df 3251 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
04124681 3252 status, MGMT_OP_USER_CONFIRM_REPLY);
a5c29683
JH		 3253}
3254
272d90df 3255int mgmt_user_confirm_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 3256 u8 link_type, u8 addr_type, u8 status)
a5c29683 3257{
272d90df 3258 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
8fc9ced3
GP		 3259 status,
3260 MGMT_OP_USER_CONFIRM_NEG_REPLY);
a5c29683 3261}
2a611692 3262
604086b7 3263int mgmt_user_passkey_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 3264 u8 link_type, u8 addr_type, u8 status)
604086b7 3265{
272d90df 3266 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
04124681 3267 status, MGMT_OP_USER_PASSKEY_REPLY);
604086b7
BG		 3268}
3269
272d90df 3270int mgmt_user_passkey_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 3271 u8 link_type, u8 addr_type, u8 status)
604086b7 3272{
272d90df 3273 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
8fc9ced3
GP		 3274 status,
3275 MGMT_OP_USER_PASSKEY_NEG_REPLY);
604086b7
BG		 3276}
3277
bab73cb6 3278int mgmt_auth_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
04124681 3279 u8 addr_type, u8 status)
2a611692
JH		 3280{
3281 struct mgmt_ev_auth_failed ev;
3282
bab73cb6 3283 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 3284 ev.addr.type = link_to_bdaddr(link_type, addr_type);
ca69b795 3285 ev.status = mgmt_status(status);
2a611692 3286
744cf19e 3287 return mgmt_event(MGMT_EV_AUTH_FAILED, hdev, &ev, sizeof(ev), NULL);
2a611692 3288}
b312b161 3289
33ef95ed
JH		 3290int mgmt_auth_enable_complete(struct hci_dev *hdev, u8 status)
3291{
3292 struct cmd_lookup match = { NULL, hdev };
47990ea0
JH		 3293 bool changed = false;
3294 int err = 0;
33ef95ed
JH		 3295
3296 if (status) {
3297 u8 mgmt_err = mgmt_status(status);
3298 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev,
04124681 3299 cmd_status_rsp, &mgmt_err);
33ef95ed
JH		 3300 return 0;
3301 }
3302
47990ea0
JH		 3303 if (test_bit(HCI_AUTH, &hdev->flags)) {
3304 if (!test_and_set_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
3305 changed = true;
3306 } else {
3307 if (test_and_clear_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
3308 changed = true;
3309 }
3310
33ef95ed 3311 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev, settings_rsp,
04124681 3312 &match);
33ef95ed 3313
47990ea0
JH		 3314 if (changed)
3315 err = new_settings(hdev, match.sk);
33ef95ed
JH		 3316
3317 if (match.sk)
3318 sock_put(match.sk);
3319
3320 return err;
3321}
3322
cacaf52f
JH		 3323static int clear_eir(struct hci_dev *hdev)
3324{
3325 struct hci_cp_write_eir cp;
3326
3327 if (!(hdev->features[6] & LMP_EXT_INQ))
3328 return 0;
3329
c80da27e
JH		 3330 memset(hdev->eir, 0, sizeof(hdev->eir));
3331
cacaf52f
JH		 3332 memset(&cp, 0, sizeof(cp));
3333
3334 return hci_send_cmd(hdev, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
3335}
3336
c0ecddc2 3337int mgmt_ssp_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
ed2c4ee3
JH		 3338{
3339 struct cmd_lookup match = { NULL, hdev };
c0ecddc2
JH		 3340 bool changed = false;
3341 int err = 0;
ed2c4ee3
JH		 3342
3343 if (status) {
3344 u8 mgmt_err = mgmt_status(status);
c0ecddc2
JH		 3345
3346 if (enable && test_and_clear_bit(HCI_SSP_ENABLED,
04124681 3347 &hdev->dev_flags))
c0ecddc2
JH		 3348 err = new_settings(hdev, NULL);
3349
04124681
GP		 3350 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, cmd_status_rsp,
3351 &mgmt_err);
c0ecddc2
JH		 3352
3353 return err;
3354 }
3355
3356 if (enable) {
3357 if (!test_and_set_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
3358 changed = true;
3359 } else {
3360 if (test_and_clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
3361 changed = true;
ed2c4ee3
JH		 3362 }
3363
3364 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, settings_rsp, &match);
3365
c0ecddc2
JH		 3366 if (changed)
3367 err = new_settings(hdev, match.sk);
ed2c4ee3 3368
5fc6ebb1 3369 if (match.sk)
ed2c4ee3
JH		 3370 sock_put(match.sk);
3371
5fc6ebb1
JH		 3372 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
3373 update_eir(hdev);
3374 else
3375 clear_eir(hdev);
cacaf52f 3376
ed2c4ee3
JH		 3377 return err;
3378}
3379
90e70454
JH		 3380static void class_rsp(struct pending_cmd *cmd, void *data)
3381{
3382 struct cmd_lookup *match = data;
3383
3384 cmd_complete(cmd->sk, cmd->index, cmd->opcode, match->mgmt_status,
04124681 3385 match->hdev->dev_class, 3);
90e70454
JH		 3386
3387 list_del(&cmd->list);
3388
3389 if (match->sk == NULL) {
3390 match->sk = cmd->sk;
3391 sock_hold(match->sk);
3392 }
3393
3394 mgmt_pending_free(cmd);
3395}
3396
7f9a903c 3397int mgmt_set_class_of_dev_complete(struct hci_dev *hdev, u8 *dev_class,
04124681 3398 u8 status)
7f9a903c 3399{
90e70454
JH		 3400 struct cmd_lookup match = { NULL, hdev, mgmt_status(status) };
3401 int err = 0;
7f9a903c 3402
c95f0ba7
JH		 3403 clear_bit(HCI_PENDING_CLASS, &hdev->dev_flags);
3404
90e70454
JH		 3405 mgmt_pending_foreach(MGMT_OP_SET_DEV_CLASS, hdev, class_rsp, &match);
3406 mgmt_pending_foreach(MGMT_OP_ADD_UUID, hdev, class_rsp, &match);
3407 mgmt_pending_foreach(MGMT_OP_REMOVE_UUID, hdev, class_rsp, &match);
3408
3409 if (!status)
04124681
GP		 3410 err = mgmt_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev, dev_class,
3411 3, NULL);
90e70454
JH		 3412
3413 if (match.sk)
3414 sock_put(match.sk);
7f9a903c
MH		 3415
3416 return err;
3417}
3418
744cf19e 3419int mgmt_set_local_name_complete(struct hci_dev *hdev, u8 *name, u8 status)
b312b161
JH		 3420{
3421 struct pending_cmd *cmd;
3422 struct mgmt_cp_set_local_name ev;
28cc7bde
JH		 3423 bool changed = false;
3424 int err = 0;
3425
3426 if (memcmp(name, hdev->dev_name, sizeof(hdev->dev_name)) != 0) {
3427 memcpy(hdev->dev_name, name, sizeof(hdev->dev_name));
3428 changed = true;
3429 }
b312b161
JH		 3430
3431 memset(&ev, 0, sizeof(ev));
3432 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH);
28cc7bde 3433 memcpy(ev.short_name, hdev->short_name, HCI_MAX_SHORT_NAME_LENGTH);
b312b161 3434
2e58ef3e 3435 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
b312b161
JH		 3436 if (!cmd)
3437 goto send_event;
3438
7bdaae4a
JH		 3439 /* Always assume that either the short or the complete name has
3440 * changed if there was a pending mgmt command */
3441 changed = true;
3442
b312b161 3443 if (status) {
744cf19e 3444 err = cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME,
04124681 3445 mgmt_status(status));
b312b161
JH		 3446 goto failed;
3447 }
3448
aee9b218 3449 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0, &ev,
04124681 3450 sizeof(ev));
b312b161
JH		 3451 if (err < 0)
3452 goto failed;
3453
3454send_event:
28cc7bde
JH		 3455 if (changed)
3456 err = mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, &ev,
04124681 3457 sizeof(ev), cmd ? cmd->sk : NULL);
28cc7bde 3458
f51d5b24 3459 update_eir(hdev);
b312b161
JH		 3460
3461failed:
3462 if (cmd)
3463 mgmt_pending_remove(cmd);
3464 return err;
3465}
c35938b2 3466
744cf19e 3467int mgmt_read_local_oob_data_reply_complete(struct hci_dev *hdev, u8 *hash,
04124681 3468 u8 *randomizer, u8 status)
c35938b2
SJ		 3469{
3470 struct pending_cmd *cmd;
3471 int err;
3472
744cf19e 3473 BT_DBG("%s status %u", hdev->name, status);
c35938b2 3474
2e58ef3e 3475 cmd = mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev);
c35938b2
SJ		 3476 if (!cmd)
3477 return -ENOENT;
3478
3479 if (status) {
04124681
GP		 3480 err = cmd_status(cmd->sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3481 mgmt_status(status));
c35938b2
SJ		 3482 } else {
3483 struct mgmt_rp_read_local_oob_data rp;
3484
3485 memcpy(rp.hash, hash, sizeof(rp.hash));
3486 memcpy(rp.randomizer, randomizer, sizeof(rp.randomizer));
3487
744cf19e 3488 err = cmd_complete(cmd->sk, hdev->id,
04124681
GP		 3489 MGMT_OP_READ_LOCAL_OOB_DATA, 0, &rp,
3490 sizeof(rp));
c35938b2
SJ		 3491 }
3492
3493 mgmt_pending_remove(cmd);
3494
3495 return err;
3496}
e17acd40 3497
06199cf8
JH		 3498int mgmt_le_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
3499{
3500 struct cmd_lookup match = { NULL, hdev };
3501 bool changed = false;
3502 int err = 0;
3503
3504 if (status) {
3505 u8 mgmt_err = mgmt_status(status);
3506
3507 if (enable && test_and_clear_bit(HCI_LE_ENABLED,
04124681 3508 &hdev->dev_flags))
d97dcb66 3509 err = new_settings(hdev, NULL);
06199cf8 3510
d97dcb66
SJ		 3511 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, cmd_status_rsp,
3512 &mgmt_err);
06199cf8
JH		 3513
3514 return err;
3515 }
3516
3517 if (enable) {
3518 if (!test_and_set_bit(HCI_LE_ENABLED, &hdev->dev_flags))
3519 changed = true;
3520 } else {
3521 if (test_and_clear_bit(HCI_LE_ENABLED, &hdev->dev_flags))
3522 changed = true;
3523 }
3524
3525 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, settings_rsp, &match);
3526
3527 if (changed)
3528 err = new_settings(hdev, match.sk);
3529
3530 if (match.sk)
3531 sock_put(match.sk);
3532
3533 return err;
3534}
3535
48264f06 3536int mgmt_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
04124681
GP		 3537 u8 addr_type, u8 *dev_class, s8 rssi, u8 cfm_name, u8
3538 ssp, u8 *eir, u16 eir_len)
e17acd40 3539{
e319d2e7
JH		 3540 char buf[512];
3541 struct mgmt_ev_device_found *ev = (void *) buf;
1dc06093 3542 size_t ev_size;
e17acd40 3543
1dc06093
JH		 3544 /* Leave 5 bytes for a potential CoD field */
3545 if (sizeof(*ev) + eir_len + 5 > sizeof(buf))
7d262f86
AG		 3546 return -EINVAL;
3547
1dc06093
JH		 3548 memset(buf, 0, sizeof(buf));
3549
e319d2e7 3550 bacpy(&ev->addr.bdaddr, bdaddr);
57c1477c 3551 ev->addr.type = link_to_bdaddr(link_type, addr_type);
e319d2e7 3552 ev->rssi = rssi;
9a395a80 3553 if (cfm_name)
33cef264 3554 ev->flags |= cpu_to_le32(MGMT_DEV_FOUND_CONFIRM_NAME);
388fc8fa 3555 if (!ssp)
33cef264 3556 ev->flags |= cpu_to_le32(MGMT_DEV_FOUND_LEGACY_PAIRING);
e17acd40 3557
1dc06093 3558 if (eir_len > 0)
e319d2e7 3559 memcpy(ev->eir, eir, eir_len);
e17acd40 3560
1dc06093
JH		 3561 if (dev_class && !eir_has_data_type(ev->eir, eir_len, EIR_CLASS_OF_DEV))
3562 eir_len = eir_append_data(ev->eir, eir_len, EIR_CLASS_OF_DEV,
04124681 3563 dev_class, 3);
1dc06093 3564
eb55ef07 3565 ev->eir_len = cpu_to_le16(eir_len);
1dc06093 3566 ev_size = sizeof(*ev) + eir_len;
f8523598 3567
e319d2e7 3568 return mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, ev_size, NULL);
e17acd40 3569}
a88a9652 3570
b644ba33 3571int mgmt_remote_name(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
04124681 3572 u8 addr_type, s8 rssi, u8 *name, u8 name_len)
a88a9652 3573{
b644ba33
JH		 3574 struct mgmt_ev_device_found *ev;
3575 char buf[sizeof(*ev) + HCI_MAX_NAME_LENGTH + 2];
3576 u16 eir_len;
a88a9652 3577
b644ba33 3578 ev = (struct mgmt_ev_device_found *) buf;
a88a9652 3579
b644ba33
JH		 3580 memset(buf, 0, sizeof(buf));
3581
3582 bacpy(&ev->addr.bdaddr, bdaddr);
57c1477c 3583 ev->addr.type = link_to_bdaddr(link_type, addr_type);
b644ba33
JH		 3584 ev->rssi = rssi;
3585
3586 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE, name,
04124681 3587 name_len);
b644ba33 3588
eb55ef07 3589 ev->eir_len = cpu_to_le16(eir_len);
a88a9652 3590
053c7e0c 3591 return mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev,
04124681 3592 sizeof(*ev) + eir_len, NULL);
a88a9652 3593}
314b2381 3594
7a135109 3595int mgmt_start_discovery_failed(struct hci_dev *hdev, u8 status)
164a6e78
JH		 3596{
3597 struct pending_cmd *cmd;
f808e166 3598 u8 type;
164a6e78
JH		 3599 int err;
3600
203159d4
AG		 3601 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
3602
2e58ef3e 3603 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
164a6e78
JH		 3604 if (!cmd)
3605 return -ENOENT;
3606
f808e166
JH		 3607 type = hdev->discovery.type;
3608
3609 err = cmd_complete(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status),
04124681 3610 &type, sizeof(type));
164a6e78
JH		 3611 mgmt_pending_remove(cmd);
3612
3613 return err;
3614}
3615
e6d465cb
AG		 3616int mgmt_stop_discovery_failed(struct hci_dev *hdev, u8 status)
3617{
3618 struct pending_cmd *cmd;
3619 int err;
3620
3621 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
3622 if (!cmd)
3623 return -ENOENT;
3624
d930650b 3625 err = cmd_complete(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status),
04124681 3626 &hdev->discovery.type, sizeof(hdev->discovery.type));
164a6e78
JH		 3627 mgmt_pending_remove(cmd);
3628
3629 return err;
3630}
3631
744cf19e 3632int mgmt_discovering(struct hci_dev *hdev, u8 discovering)
314b2381 3633{
f963e8e9 3634 struct mgmt_ev_discovering ev;
164a6e78
JH		 3635 struct pending_cmd *cmd;
3636
343fb145
AG		 3637 BT_DBG("%s discovering %u", hdev->name, discovering);
3638
164a6e78 3639 if (discovering)
2e58ef3e 3640 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
164a6e78 3641 else
2e58ef3e 3642 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
164a6e78
JH		 3643
3644 if (cmd != NULL) {
f808e166
JH		 3645 u8 type = hdev->discovery.type;
3646
04124681
GP		 3647 cmd_complete(cmd->sk, hdev->id, cmd->opcode, 0, &type,
3648 sizeof(type));
164a6e78
JH		 3649 mgmt_pending_remove(cmd);
3650 }
3651
f963e8e9
JH		 3652 memset(&ev, 0, sizeof(ev));
3653 ev.type = hdev->discovery.type;
3654 ev.discovering = discovering;
3655
3656 return mgmt_event(MGMT_EV_DISCOVERING, hdev, &ev, sizeof(ev), NULL);
314b2381 3657}
5e762444 3658
88c1fe4b 3659int mgmt_device_blocked(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
5e762444
AJ		 3660{
3661 struct pending_cmd *cmd;
3662 struct mgmt_ev_device_blocked ev;
3663
2e58ef3e 3664 cmd = mgmt_pending_find(MGMT_OP_BLOCK_DEVICE, hdev);
5e762444 3665
88c1fe4b
JH		 3666 bacpy(&ev.addr.bdaddr, bdaddr);
3667 ev.addr.type = type;
5e762444 3668
744cf19e 3669 return mgmt_event(MGMT_EV_DEVICE_BLOCKED, hdev, &ev, sizeof(ev),
04124681 3670 cmd ? cmd->sk : NULL);
5e762444
AJ		 3671}
3672
88c1fe4b 3673int mgmt_device_unblocked(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
5e762444
AJ		 3674{
3675 struct pending_cmd *cmd;
3676 struct mgmt_ev_device_unblocked ev;
3677
2e58ef3e 3678 cmd = mgmt_pending_find(MGMT_OP_UNBLOCK_DEVICE, hdev);
5e762444 3679
88c1fe4b
JH		 3680 bacpy(&ev.addr.bdaddr, bdaddr);
3681 ev.addr.type = type;
5e762444 3682
744cf19e 3683 return mgmt_event(MGMT_EV_DEVICE_UNBLOCKED, hdev, &ev, sizeof(ev),
04124681 3684 cmd ? cmd->sk : NULL);
5e762444 3685}
d7b7e796
MH		 3686
3687module_param(enable_hs, bool, 0644);
3688MODULE_PARM_DESC(enable_hs, "Enable High Speed support");
kernel source for telekom puls (alcatel/mediatek)