projects / GitHub / mt8127 / android_kernel_alcatel_ttab.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/lliubbo...
[GitHub/mt8127/android_kernel_alcatel_ttab.git] / net / bluetooth / mgmt.c
CommitLineData
0381101f
JH		 1/*
2 BlueZ - Bluetooth protocol stack for Linux
ea585ab5 3
0381101f 4 Copyright (C) 2010 Nokia Corporation
ea585ab5 5 Copyright (C) 2011-2012 Intel Corporation
0381101f
JH		 6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
10
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
23*/
24
25/* Bluetooth HCI Management interface */
26
3a9a231d 27#include <linux/module.h>
0381101f
JH		 28#include <asm/unaligned.h>
29
30#include <net/bluetooth/bluetooth.h>
31#include <net/bluetooth/hci_core.h>
32#include <net/bluetooth/mgmt.h>
5fe57d9e 33#include <net/bluetooth/smp.h>
0381101f 34
d7b7e796 35bool enable_hs;
d7b7e796 36
2da9c55c 37#define MGMT_VERSION 1
23b3b133 38#define MGMT_REVISION 2
02d98129 39
e70bb2e8
JH		 40static const u16 mgmt_commands[] = {
41 MGMT_OP_READ_INDEX_LIST,
42 MGMT_OP_READ_INFO,
43 MGMT_OP_SET_POWERED,
44 MGMT_OP_SET_DISCOVERABLE,
45 MGMT_OP_SET_CONNECTABLE,
46 MGMT_OP_SET_FAST_CONNECTABLE,
47 MGMT_OP_SET_PAIRABLE,
48 MGMT_OP_SET_LINK_SECURITY,
49 MGMT_OP_SET_SSP,
50 MGMT_OP_SET_HS,
51 MGMT_OP_SET_LE,
52 MGMT_OP_SET_DEV_CLASS,
53 MGMT_OP_SET_LOCAL_NAME,
54 MGMT_OP_ADD_UUID,
55 MGMT_OP_REMOVE_UUID,
56 MGMT_OP_LOAD_LINK_KEYS,
57 MGMT_OP_LOAD_LONG_TERM_KEYS,
58 MGMT_OP_DISCONNECT,
59 MGMT_OP_GET_CONNECTIONS,
60 MGMT_OP_PIN_CODE_REPLY,
61 MGMT_OP_PIN_CODE_NEG_REPLY,
62 MGMT_OP_SET_IO_CAPABILITY,
63 MGMT_OP_PAIR_DEVICE,
64 MGMT_OP_CANCEL_PAIR_DEVICE,
65 MGMT_OP_UNPAIR_DEVICE,
66 MGMT_OP_USER_CONFIRM_REPLY,
67 MGMT_OP_USER_CONFIRM_NEG_REPLY,
68 MGMT_OP_USER_PASSKEY_REPLY,
69 MGMT_OP_USER_PASSKEY_NEG_REPLY,
70 MGMT_OP_READ_LOCAL_OOB_DATA,
71 MGMT_OP_ADD_REMOTE_OOB_DATA,
72 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
73 MGMT_OP_START_DISCOVERY,
74 MGMT_OP_STOP_DISCOVERY,
75 MGMT_OP_CONFIRM_NAME,
76 MGMT_OP_BLOCK_DEVICE,
77 MGMT_OP_UNBLOCK_DEVICE,
cdbaccca 78 MGMT_OP_SET_DEVICE_ID,
e70bb2e8
JH		 79};
80
81static const u16 mgmt_events[] = {
82 MGMT_EV_CONTROLLER_ERROR,
83 MGMT_EV_INDEX_ADDED,
84 MGMT_EV_INDEX_REMOVED,
85 MGMT_EV_NEW_SETTINGS,
86 MGMT_EV_CLASS_OF_DEV_CHANGED,
87 MGMT_EV_LOCAL_NAME_CHANGED,
88 MGMT_EV_NEW_LINK_KEY,
89 MGMT_EV_NEW_LONG_TERM_KEY,
90 MGMT_EV_DEVICE_CONNECTED,
91 MGMT_EV_DEVICE_DISCONNECTED,
92 MGMT_EV_CONNECT_FAILED,
93 MGMT_EV_PIN_CODE_REQUEST,
94 MGMT_EV_USER_CONFIRM_REQUEST,
95 MGMT_EV_USER_PASSKEY_REQUEST,
96 MGMT_EV_AUTH_FAILED,
97 MGMT_EV_DEVICE_FOUND,
98 MGMT_EV_DISCOVERING,
99 MGMT_EV_DEVICE_BLOCKED,
100 MGMT_EV_DEVICE_UNBLOCKED,
101 MGMT_EV_DEVICE_UNPAIRED,
92a25256 102 MGMT_EV_PASSKEY_NOTIFY,
e70bb2e8
JH		 103};
104
3fd24153
AG		 105/*
106 * These LE scan and inquiry parameters were chosen according to LE General
107 * Discovery Procedure specification.
108 */
109#define LE_SCAN_TYPE 0x01
110#define LE_SCAN_WIN 0x12
111#define LE_SCAN_INT 0x12
112#define LE_SCAN_TIMEOUT_LE_ONLY 10240 /* TGAP(gen_disc_scan_min) */
5e0452c0 113#define LE_SCAN_TIMEOUT_BREDR_LE 5120 /* TGAP(100)/2 */
3fd24153 114
e8777525 115#define INQUIRY_LEN_BREDR 0x08 /* TGAP(100) */
5e0452c0 116#define INQUIRY_LEN_BREDR_LE 0x04 /* TGAP(100)/2 */
2519a1fc 117
17b02e62 118#define CACHE_TIMEOUT msecs_to_jiffies(2 * 1000)
7d78525d 119
4b34ee78
JH		 120#define hdev_is_powered(hdev) (test_bit(HCI_UP, &hdev->flags) && \
121 !test_bit(HCI_AUTO_OFF, &hdev->dev_flags))
122
eec8d2bc
JH		 123struct pending_cmd {
124 struct list_head list;
fc2f4b13 125 u16 opcode;
eec8d2bc 126 int index;
c68fb7ff 127 void *param;
eec8d2bc 128 struct sock *sk;
e9a416b5 129 void *user_data;
eec8d2bc
JH		 130};
131
ca69b795
JH		 132/* HCI to MGMT error code conversion table */
133static u8 mgmt_status_table[] = {
134 MGMT_STATUS_SUCCESS,
135 MGMT_STATUS_UNKNOWN_COMMAND, /* Unknown Command */
136 MGMT_STATUS_NOT_CONNECTED, /* No Connection */
137 MGMT_STATUS_FAILED, /* Hardware Failure */
138 MGMT_STATUS_CONNECT_FAILED, /* Page Timeout */
139 MGMT_STATUS_AUTH_FAILED, /* Authentication Failed */
140 MGMT_STATUS_NOT_PAIRED, /* PIN or Key Missing */
141 MGMT_STATUS_NO_RESOURCES, /* Memory Full */
142 MGMT_STATUS_TIMEOUT, /* Connection Timeout */
143 MGMT_STATUS_NO_RESOURCES, /* Max Number of Connections */
144 MGMT_STATUS_NO_RESOURCES, /* Max Number of SCO Connections */
145 MGMT_STATUS_ALREADY_CONNECTED, /* ACL Connection Exists */
146 MGMT_STATUS_BUSY, /* Command Disallowed */
147 MGMT_STATUS_NO_RESOURCES, /* Rejected Limited Resources */
148 MGMT_STATUS_REJECTED, /* Rejected Security */
149 MGMT_STATUS_REJECTED, /* Rejected Personal */
150 MGMT_STATUS_TIMEOUT, /* Host Timeout */
151 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Feature */
152 MGMT_STATUS_INVALID_PARAMS, /* Invalid Parameters */
153 MGMT_STATUS_DISCONNECTED, /* OE User Ended Connection */
154 MGMT_STATUS_NO_RESOURCES, /* OE Low Resources */
155 MGMT_STATUS_DISCONNECTED, /* OE Power Off */
156 MGMT_STATUS_DISCONNECTED, /* Connection Terminated */
157 MGMT_STATUS_BUSY, /* Repeated Attempts */
158 MGMT_STATUS_REJECTED, /* Pairing Not Allowed */
159 MGMT_STATUS_FAILED, /* Unknown LMP PDU */
160 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Remote Feature */
161 MGMT_STATUS_REJECTED, /* SCO Offset Rejected */
162 MGMT_STATUS_REJECTED, /* SCO Interval Rejected */
163 MGMT_STATUS_REJECTED, /* Air Mode Rejected */
164 MGMT_STATUS_INVALID_PARAMS, /* Invalid LMP Parameters */
165 MGMT_STATUS_FAILED, /* Unspecified Error */
166 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported LMP Parameter Value */
167 MGMT_STATUS_FAILED, /* Role Change Not Allowed */
168 MGMT_STATUS_TIMEOUT, /* LMP Response Timeout */
169 MGMT_STATUS_FAILED, /* LMP Error Transaction Collision */
170 MGMT_STATUS_FAILED, /* LMP PDU Not Allowed */
171 MGMT_STATUS_REJECTED, /* Encryption Mode Not Accepted */
172 MGMT_STATUS_FAILED, /* Unit Link Key Used */
173 MGMT_STATUS_NOT_SUPPORTED, /* QoS Not Supported */
174 MGMT_STATUS_TIMEOUT, /* Instant Passed */
175 MGMT_STATUS_NOT_SUPPORTED, /* Pairing Not Supported */
176 MGMT_STATUS_FAILED, /* Transaction Collision */
177 MGMT_STATUS_INVALID_PARAMS, /* Unacceptable Parameter */
178 MGMT_STATUS_REJECTED, /* QoS Rejected */
179 MGMT_STATUS_NOT_SUPPORTED, /* Classification Not Supported */
180 MGMT_STATUS_REJECTED, /* Insufficient Security */
181 MGMT_STATUS_INVALID_PARAMS, /* Parameter Out Of Range */
182 MGMT_STATUS_BUSY, /* Role Switch Pending */
183 MGMT_STATUS_FAILED, /* Slot Violation */
184 MGMT_STATUS_FAILED, /* Role Switch Failed */
185 MGMT_STATUS_INVALID_PARAMS, /* EIR Too Large */
186 MGMT_STATUS_NOT_SUPPORTED, /* Simple Pairing Not Supported */
187 MGMT_STATUS_BUSY, /* Host Busy Pairing */
188 MGMT_STATUS_REJECTED, /* Rejected, No Suitable Channel */
189 MGMT_STATUS_BUSY, /* Controller Busy */
190 MGMT_STATUS_INVALID_PARAMS, /* Unsuitable Connection Interval */
191 MGMT_STATUS_TIMEOUT, /* Directed Advertising Timeout */
192 MGMT_STATUS_AUTH_FAILED, /* Terminated Due to MIC Failure */
193 MGMT_STATUS_CONNECT_FAILED, /* Connection Establishment Failed */
194 MGMT_STATUS_CONNECT_FAILED, /* MAC Connection Failed */
195};
196
bb4b2a9a
AE		 197bool mgmt_valid_hdev(struct hci_dev *hdev)
198{
199 return hdev->dev_type == HCI_BREDR;
200}
201
ca69b795
JH		 202static u8 mgmt_status(u8 hci_status)
203{
204 if (hci_status < ARRAY_SIZE(mgmt_status_table))
205 return mgmt_status_table[hci_status];
206
207 return MGMT_STATUS_FAILED;
208}
209
4e51eae9 210static int cmd_status(struct sock *sk, u16 index, u16 cmd, u8 status)
f7b64e69
JH		 211{
212 struct sk_buff *skb;
213 struct mgmt_hdr *hdr;
214 struct mgmt_ev_cmd_status *ev;
56b7d137 215 int err;
f7b64e69 216
34eb525c 217 BT_DBG("sock %p, index %u, cmd %u, status %u", sk, index, cmd, status);
f7b64e69 218
790eff44 219 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev), GFP_KERNEL);
f7b64e69
JH		 220 if (!skb)
221 return -ENOMEM;
222
223 hdr = (void *) skb_put(skb, sizeof(*hdr));
224
612dfce9 225 hdr->opcode = __constant_cpu_to_le16(MGMT_EV_CMD_STATUS);
4e51eae9 226 hdr->index = cpu_to_le16(index);
f7b64e69
JH		 227 hdr->len = cpu_to_le16(sizeof(*ev));
228
229 ev = (void *) skb_put(skb, sizeof(*ev));
230 ev->status = status;
eb55ef07 231 ev->opcode = cpu_to_le16(cmd);
f7b64e69 232
56b7d137
GP		 233 err = sock_queue_rcv_skb(sk, skb);
234 if (err < 0)
f7b64e69
JH		 235 kfree_skb(skb);
236
56b7d137 237 return err;
f7b64e69
JH		 238}
239
aee9b218 240static int cmd_complete(struct sock *sk, u16 index, u16 cmd, u8 status,
04124681 241 void *rp, size_t rp_len)
02d98129
JH		 242{
243 struct sk_buff *skb;
244 struct mgmt_hdr *hdr;
245 struct mgmt_ev_cmd_complete *ev;
56b7d137 246 int err;
02d98129
JH		 247
248 BT_DBG("sock %p", sk);
249
790eff44 250 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev) + rp_len, GFP_KERNEL);
02d98129
JH		 251 if (!skb)
252 return -ENOMEM;
253
254 hdr = (void *) skb_put(skb, sizeof(*hdr));
02d98129 255
612dfce9 256 hdr->opcode = __constant_cpu_to_le16(MGMT_EV_CMD_COMPLETE);
4e51eae9 257 hdr->index = cpu_to_le16(index);
a38528f1 258 hdr->len = cpu_to_le16(sizeof(*ev) + rp_len);
02d98129 259
a38528f1 260 ev = (void *) skb_put(skb, sizeof(*ev) + rp_len);
eb55ef07 261 ev->opcode = cpu_to_le16(cmd);
aee9b218 262 ev->status = status;
8020c16a
SJ		 263
264 if (rp)
265 memcpy(ev->data, rp, rp_len);
02d98129 266
56b7d137
GP		 267 err = sock_queue_rcv_skb(sk, skb);
268 if (err < 0)
02d98129
JH		 269 kfree_skb(skb);
270
e5f0e151 271 return err;
02d98129
JH		 272}
273
04124681
GP		 274static int read_version(struct sock *sk, struct hci_dev *hdev, void *data,
275 u16 data_len)
a38528f1
JH		 276{
277 struct mgmt_rp_read_version rp;
278
279 BT_DBG("sock %p", sk);
280
281 rp.version = MGMT_VERSION;
eb55ef07 282 rp.revision = __constant_cpu_to_le16(MGMT_REVISION);
a38528f1 283
aee9b218 284 return cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_VERSION, 0, &rp,
04124681 285 sizeof(rp));
a38528f1
JH		 286}
287
04124681
GP		 288static int read_commands(struct sock *sk, struct hci_dev *hdev, void *data,
289 u16 data_len)
e70bb2e8
JH		 290{
291 struct mgmt_rp_read_commands *rp;
eb55ef07
MH		 292 const u16 num_commands = ARRAY_SIZE(mgmt_commands);
293 const u16 num_events = ARRAY_SIZE(mgmt_events);
2e3c35ea 294 __le16 *opcode;
e70bb2e8
JH		 295 size_t rp_size;
296 int i, err;
297
298 BT_DBG("sock %p", sk);
299
300 rp_size = sizeof(*rp) + ((num_commands + num_events) * sizeof(u16));
301
302 rp = kmalloc(rp_size, GFP_KERNEL);
303 if (!rp)
304 return -ENOMEM;
305
eb55ef07
MH		 306 rp->num_commands = __constant_cpu_to_le16(num_commands);
307 rp->num_events = __constant_cpu_to_le16(num_events);
e70bb2e8
JH		 308
309 for (i = 0, opcode = rp->opcodes; i < num_commands; i++, opcode++)
310 put_unaligned_le16(mgmt_commands[i], opcode);
311
312 for (i = 0; i < num_events; i++, opcode++)
313 put_unaligned_le16(mgmt_events[i], opcode);
314
aee9b218 315 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_COMMANDS, 0, rp,
04124681 316 rp_size);
e70bb2e8
JH		 317 kfree(rp);
318
319 return err;
320}
321
04124681
GP		 322static int read_index_list(struct sock *sk, struct hci_dev *hdev, void *data,
323 u16 data_len)
faba42eb 324{
faba42eb 325 struct mgmt_rp_read_index_list *rp;
8035ded4 326 struct hci_dev *d;
a38528f1 327 size_t rp_len;
faba42eb 328 u16 count;
476e44cb 329 int err;
faba42eb
JH		 330
331 BT_DBG("sock %p", sk);
332
333 read_lock(&hci_dev_list_lock);
334
335 count = 0;
bb4b2a9a
AE		 336 list_for_each_entry(d, &hci_dev_list, list) {
337 if (!mgmt_valid_hdev(d))
338 continue;
339
faba42eb
JH		 340 count++;
341 }
342
a38528f1
JH		 343 rp_len = sizeof(*rp) + (2 * count);
344 rp = kmalloc(rp_len, GFP_ATOMIC);
345 if (!rp) {
b2c60d42 346 read_unlock(&hci_dev_list_lock);
faba42eb 347 return -ENOMEM;
b2c60d42 348 }
faba42eb 349
476e44cb 350 count = 0;
8035ded4 351 list_for_each_entry(d, &hci_dev_list, list) {
a8b2d5c2 352 if (test_bit(HCI_SETUP, &d->dev_flags))
ab81cbf9
JH		 353 continue;
354
bb4b2a9a
AE		 355 if (!mgmt_valid_hdev(d))
356 continue;
357
476e44cb 358 rp->index[count++] = cpu_to_le16(d->id);
faba42eb
JH		 359 BT_DBG("Added hci%u", d->id);
360 }
361
476e44cb
JH		 362 rp->num_controllers = cpu_to_le16(count);
363 rp_len = sizeof(*rp) + (2 * count);
364
faba42eb
JH		 365 read_unlock(&hci_dev_list_lock);
366
aee9b218 367 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_INDEX_LIST, 0, rp,
04124681 368 rp_len);
faba42eb 369
a38528f1
JH		 370 kfree(rp);
371
372 return err;
faba42eb
JH		 373}
374
69ab39ea
JH		 375static u32 get_supported_settings(struct hci_dev *hdev)
376{
377 u32 settings = 0;
378
379 settings |= MGMT_SETTING_POWERED;
69ab39ea
JH		 380 settings |= MGMT_SETTING_PAIRABLE;
381
9a1a1996 382 if (lmp_ssp_capable(hdev))
69ab39ea
JH		 383 settings |= MGMT_SETTING_SSP;
384
ed3fa31f 385 if (lmp_bredr_capable(hdev)) {
33c525c0
JH		 386 settings |= MGMT_SETTING_CONNECTABLE;
387 settings |= MGMT_SETTING_FAST_CONNECTABLE;
388 settings |= MGMT_SETTING_DISCOVERABLE;
69ab39ea
JH		 389 settings |= MGMT_SETTING_BREDR;
390 settings |= MGMT_SETTING_LINK_SECURITY;
391 }
392
d7b7e796
MH		 393 if (enable_hs)
394 settings |= MGMT_SETTING_HS;
395
c383ddc4 396 if (lmp_le_capable(hdev))
9d42820f 397 settings |= MGMT_SETTING_LE;
69ab39ea
JH		 398
399 return settings;
400}
401
402static u32 get_current_settings(struct hci_dev *hdev)
403{
404 u32 settings = 0;
405
f1f0eb02 406 if (hdev_is_powered(hdev))
f0d4b78a
MH		 407 settings |= MGMT_SETTING_POWERED;
408
5e5282bb 409 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
69ab39ea
JH		 410 settings |= MGMT_SETTING_CONNECTABLE;
411
5e5282bb 412 if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
69ab39ea
JH		 413 settings |= MGMT_SETTING_DISCOVERABLE;
414
a8b2d5c2 415 if (test_bit(HCI_PAIRABLE, &hdev->dev_flags))
69ab39ea
JH		 416 settings |= MGMT_SETTING_PAIRABLE;
417
ed3fa31f 418 if (lmp_bredr_capable(hdev))
69ab39ea
JH		 419 settings |= MGMT_SETTING_BREDR;
420
06199cf8 421 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
69ab39ea
JH		 422 settings |= MGMT_SETTING_LE;
423
47990ea0 424 if (test_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
69ab39ea
JH		 425 settings |= MGMT_SETTING_LINK_SECURITY;
426
84bde9d6 427 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
69ab39ea
JH		 428 settings |= MGMT_SETTING_SSP;
429
6d80dfd0
JH		 430 if (test_bit(HCI_HS_ENABLED, &hdev->dev_flags))
431 settings |= MGMT_SETTING_HS;
432
69ab39ea
JH		 433 return settings;
434}
435
ef580372
JH		 436#define PNP_INFO_SVCLASS_ID 0x1200
437
438static u8 bluetooth_base_uuid[] = {
439 0xFB, 0x34, 0x9B, 0x5F, 0x80, 0x00, 0x00, 0x80,
440 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
441};
442
443static u16 get_uuid16(u8 *uuid128)
444{
445 u32 val;
446 int i;
447
448 for (i = 0; i < 12; i++) {
449 if (bluetooth_base_uuid[i] != uuid128[i])
450 return 0;
451 }
452
3e9fb6d8 453 val = get_unaligned_le32(&uuid128[12]);
ef580372
JH		 454 if (val > 0xffff)
455 return 0;
456
457 return (u16) val;
458}
459
460static void create_eir(struct hci_dev *hdev, u8 *data)
461{
462 u8 *ptr = data;
463 u16 eir_len = 0;
464 u16 uuid16_list[HCI_MAX_EIR_LENGTH / sizeof(u16)];
465 int i, truncated = 0;
466 struct bt_uuid *uuid;
467 size_t name_len;
468
469 name_len = strlen(hdev->dev_name);
470
471 if (name_len > 0) {
472 /* EIR Data type */
473 if (name_len > 48) {
474 name_len = 48;
475 ptr[1] = EIR_NAME_SHORT;
476 } else
477 ptr[1] = EIR_NAME_COMPLETE;
478
479 /* EIR Data length */
480 ptr[0] = name_len + 1;
481
482 memcpy(ptr + 2, hdev->dev_name, name_len);
483
484 eir_len += (name_len + 2);
485 ptr += (name_len + 2);
486 }
487
bbaf444a 488 if (hdev->inq_tx_power != HCI_TX_POWER_INVALID) {
91c4e9b1
MH		 489 ptr[0] = 2;
490 ptr[1] = EIR_TX_POWER;
491 ptr[2] = (u8) hdev->inq_tx_power;
492
493 eir_len += 3;
494 ptr += 3;
495 }
496
2b9be137
MH		 497 if (hdev->devid_source > 0) {
498 ptr[0] = 9;
499 ptr[1] = EIR_DEVICE_ID;
500
501 put_unaligned_le16(hdev->devid_source, ptr + 2);
502 put_unaligned_le16(hdev->devid_vendor, ptr + 4);
503 put_unaligned_le16(hdev->devid_product, ptr + 6);
504 put_unaligned_le16(hdev->devid_version, ptr + 8);
505
506 eir_len += 10;
507 ptr += 10;
508 }
509
ef580372
JH		 510 memset(uuid16_list, 0, sizeof(uuid16_list));
511
512 /* Group all UUID16 types */
513 list_for_each_entry(uuid, &hdev->uuids, list) {
514 u16 uuid16;
515
516 uuid16 = get_uuid16(uuid->uuid);
517 if (uuid16 == 0)
518 return;
519
520 if (uuid16 < 0x1100)
521 continue;
522
523 if (uuid16 == PNP_INFO_SVCLASS_ID)
524 continue;
525
526 /* Stop if not enough space to put next UUID */
527 if (eir_len + 2 + sizeof(u16) > HCI_MAX_EIR_LENGTH) {
528 truncated = 1;
529 break;
530 }
531
532 /* Check for duplicates */
533 for (i = 0; uuid16_list[i] != 0; i++)
534 if (uuid16_list[i] == uuid16)
535 break;
536
537 if (uuid16_list[i] == 0) {
538 uuid16_list[i] = uuid16;
539 eir_len += sizeof(u16);
540 }
541 }
542
543 if (uuid16_list[0] != 0) {
544 u8 *length = ptr;
545
546 /* EIR Data type */
547 ptr[1] = truncated ? EIR_UUID16_SOME : EIR_UUID16_ALL;
548
549 ptr += 2;
550 eir_len += 2;
551
552 for (i = 0; uuid16_list[i] != 0; i++) {
553 *ptr++ = (uuid16_list[i] & 0x00ff);
554 *ptr++ = (uuid16_list[i] & 0xff00) >> 8;
555 }
556
557 /* EIR Data length */
558 *length = (i * sizeof(u16)) + 1;
559 }
560}
561
562static int update_eir(struct hci_dev *hdev)
563{
564 struct hci_cp_write_eir cp;
565
504c8dcd 566 if (!hdev_is_powered(hdev))
7770c4aa
JH		 567 return 0;
568
976eb20e 569 if (!lmp_ext_inq_capable(hdev))
ef580372
JH		 570 return 0;
571
84bde9d6 572 if (!test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
ef580372
JH		 573 return 0;
574
a8b2d5c2 575 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
ef580372
JH		 576 return 0;
577
578 memset(&cp, 0, sizeof(cp));
579
580 create_eir(hdev, cp.data);
581
582 if (memcmp(cp.data, hdev->eir, sizeof(cp.data)) == 0)
583 return 0;
584
585 memcpy(hdev->eir, cp.data, sizeof(cp.data));
586
587 return hci_send_cmd(hdev, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
588}
589
590static u8 get_service_classes(struct hci_dev *hdev)
591{
592 struct bt_uuid *uuid;
593 u8 val = 0;
594
595 list_for_each_entry(uuid, &hdev->uuids, list)
596 val |= uuid->svc_hint;
597
598 return val;
599}
600
601static int update_class(struct hci_dev *hdev)
602{
603 u8 cod[3];
c95f0ba7 604 int err;
ef580372
JH		 605
606 BT_DBG("%s", hdev->name);
607
504c8dcd 608 if (!hdev_is_powered(hdev))
7770c4aa
JH		 609 return 0;
610
a8b2d5c2 611 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
ef580372
JH		 612 return 0;
613
614 cod[0] = hdev->minor_class;
615 cod[1] = hdev->major_class;
616 cod[2] = get_service_classes(hdev);
617
618 if (memcmp(cod, hdev->dev_class, 3) == 0)
619 return 0;
620
c95f0ba7
JH		 621 err = hci_send_cmd(hdev, HCI_OP_WRITE_CLASS_OF_DEV, sizeof(cod), cod);
622 if (err == 0)
623 set_bit(HCI_PENDING_CLASS, &hdev->dev_flags);
624
625 return err;
ef580372
JH		 626}
627
7d78525d
JH		 628static void service_cache_off(struct work_struct *work)
629{
630 struct hci_dev *hdev = container_of(work, struct hci_dev,
04124681 631 service_cache.work);
7d78525d 632
a8b2d5c2 633 if (!test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
7d78525d
JH		 634 return;
635
636 hci_dev_lock(hdev);
637
638 update_eir(hdev);
639 update_class(hdev);
640
641 hci_dev_unlock(hdev);
642}
643
6a919082 644static void mgmt_init_hdev(struct sock *sk, struct hci_dev *hdev)
7d78525d 645{
4f87da80 646 if (test_and_set_bit(HCI_MGMT, &hdev->dev_flags))
6a919082
JH		 647 return;
648
4f87da80 649 INIT_DELAYED_WORK(&hdev->service_cache, service_cache_off);
7d78525d 650
4f87da80
JH		 651 /* Non-mgmt controlled devices get this bit set
652 * implicitly so that pairing works for them, however
653 * for mgmt we require user-space to explicitly enable
654 * it
655 */
656 clear_bit(HCI_PAIRABLE, &hdev->dev_flags);
7d78525d
JH		 657}
658
0f4e68cf 659static int read_controller_info(struct sock *sk, struct hci_dev *hdev,
04124681 660 void *data, u16 data_len)
0381101f 661{
a38528f1 662 struct mgmt_rp_read_info rp;
f7b64e69 663
bdb6d971 664 BT_DBG("sock %p %s", sk, hdev->name);
f7b64e69 665
09fd0de5 666 hci_dev_lock(hdev);
f7b64e69 667
dc4fe30b
JH		 668 memset(&rp, 0, sizeof(rp));
669
69ab39ea 670 bacpy(&rp.bdaddr, &hdev->bdaddr);
f7b64e69 671
69ab39ea 672 rp.version = hdev->hci_ver;
eb55ef07 673 rp.manufacturer = cpu_to_le16(hdev->manufacturer);
69ab39ea
JH		 674
675 rp.supported_settings = cpu_to_le32(get_supported_settings(hdev));
676 rp.current_settings = cpu_to_le32(get_current_settings(hdev));
f7b64e69 677
a38528f1 678 memcpy(rp.dev_class, hdev->dev_class, 3);
f7b64e69 679
dc4fe30b 680 memcpy(rp.name, hdev->dev_name, sizeof(hdev->dev_name));
27fcc362 681 memcpy(rp.short_name, hdev->short_name, sizeof(hdev->short_name));
dc4fe30b 682
09fd0de5 683 hci_dev_unlock(hdev);
0381101f 684
bdb6d971 685 return cmd_complete(sk, hdev->id, MGMT_OP_READ_INFO, 0, &rp,
04124681 686 sizeof(rp));
0381101f
JH		 687}
688
eec8d2bc
JH		 689static void mgmt_pending_free(struct pending_cmd *cmd)
690{
691 sock_put(cmd->sk);
c68fb7ff 692 kfree(cmd->param);
eec8d2bc
JH		 693 kfree(cmd);
694}
695
366a0336 696static struct pending_cmd *mgmt_pending_add(struct sock *sk, u16 opcode,
04124681
GP		 697 struct hci_dev *hdev, void *data,
698 u16 len)
eec8d2bc
JH		 699{
700 struct pending_cmd *cmd;
701
12b94565 702 cmd = kmalloc(sizeof(*cmd), GFP_KERNEL);
eec8d2bc 703 if (!cmd)
366a0336 704 return NULL;
eec8d2bc
JH		 705
706 cmd->opcode = opcode;
2e58ef3e 707 cmd->index = hdev->id;
eec8d2bc 708
12b94565 709 cmd->param = kmalloc(len, GFP_KERNEL);
c68fb7ff 710 if (!cmd->param) {
eec8d2bc 711 kfree(cmd);
366a0336 712 return NULL;
eec8d2bc
JH		 713 }
714
8fce6357
SJ		 715 if (data)
716 memcpy(cmd->param, data, len);
eec8d2bc
JH		 717
718 cmd->sk = sk;
719 sock_hold(sk);
720
2e58ef3e 721 list_add(&cmd->list, &hdev->mgmt_pending);
eec8d2bc 722
366a0336 723 return cmd;
eec8d2bc
JH		 724}
725
744cf19e 726static void mgmt_pending_foreach(u16 opcode, struct hci_dev *hdev,
8fc9ced3
GP		 727 void (*cb)(struct pending_cmd *cmd,
728 void *data),
04124681 729 void *data)
eec8d2bc
JH		 730{
731 struct list_head *p, *n;
732
2e58ef3e 733 list_for_each_safe(p, n, &hdev->mgmt_pending) {
eec8d2bc
JH		 734 struct pending_cmd *cmd;
735
736 cmd = list_entry(p, struct pending_cmd, list);
737
b24752fe 738 if (opcode > 0 && cmd->opcode != opcode)
eec8d2bc
JH		 739 continue;
740
eec8d2bc
JH		 741 cb(cmd, data);
742 }
743}
744
2e58ef3e 745static struct pending_cmd *mgmt_pending_find(u16 opcode, struct hci_dev *hdev)
eec8d2bc 746{
8035ded4 747 struct pending_cmd *cmd;
eec8d2bc 748
2e58ef3e 749 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
2aeabcbe
JH		 750 if (cmd->opcode == opcode)
751 return cmd;
eec8d2bc
JH		 752 }
753
754 return NULL;
755}
756
a664b5bc 757static void mgmt_pending_remove(struct pending_cmd *cmd)
73f22f62 758{
73f22f62
JH		 759 list_del(&cmd->list);
760 mgmt_pending_free(cmd);
761}
762
69ab39ea 763static int send_settings_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
8680570b 764{
69ab39ea 765 __le32 settings = cpu_to_le32(get_current_settings(hdev));
8680570b 766
aee9b218 767 return cmd_complete(sk, hdev->id, opcode, 0, &settings,
04124681 768 sizeof(settings));
8680570b
JH		 769}
770
bdb6d971 771static int set_powered(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 772 u16 len)
eec8d2bc 773{
650f726d 774 struct mgmt_mode *cp = data;
366a0336 775 struct pending_cmd *cmd;
4b34ee78 776 int err;
eec8d2bc 777
bdb6d971 778 BT_DBG("request for %s", hdev->name);
eec8d2bc 779
09fd0de5 780 hci_dev_lock(hdev);
eec8d2bc 781
f0d4b78a
MH		 782 if (test_and_clear_bit(HCI_AUTO_OFF, &hdev->dev_flags)) {
783 cancel_delayed_work(&hdev->power_off);
784
785 if (cp->val) {
786 err = send_settings_rsp(sk, MGMT_OP_SET_POWERED, hdev);
787 mgmt_powered(hdev, 1);
788 goto failed;
789 }
790 }
791
4b34ee78 792 if (!!cp->val == hdev_is_powered(hdev)) {
69ab39ea 793 err = send_settings_rsp(sk, MGMT_OP_SET_POWERED, hdev);
eec8d2bc
JH		 794 goto failed;
795 }
796
2e58ef3e 797 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev)) {
bdb6d971 798 err = cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
04124681 799 MGMT_STATUS_BUSY);
eec8d2bc
JH		 800 goto failed;
801 }
802
2e58ef3e 803 cmd = mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev, data, len);
366a0336
JH		 804 if (!cmd) {
805 err = -ENOMEM;
eec8d2bc 806 goto failed;
366a0336 807 }
eec8d2bc 808
72a734ec 809 if (cp->val)
7f971041 810 schedule_work(&hdev->power_on);
eec8d2bc 811 else
80b7ab33 812 schedule_work(&hdev->power_off.work);
eec8d2bc 813
366a0336 814 err = 0;
eec8d2bc
JH		 815
816failed:
09fd0de5 817 hci_dev_unlock(hdev);
366a0336 818 return err;
eec8d2bc
JH		 819}
820
04124681
GP		 821static int mgmt_event(u16 event, struct hci_dev *hdev, void *data, u16 data_len,
822 struct sock *skip_sk)
beadb2bd
JH		 823{
824 struct sk_buff *skb;
825 struct mgmt_hdr *hdr;
826
790eff44 827 skb = alloc_skb(sizeof(*hdr) + data_len, GFP_KERNEL);
beadb2bd
JH		 828 if (!skb)
829 return -ENOMEM;
830
831 hdr = (void *) skb_put(skb, sizeof(*hdr));
832 hdr->opcode = cpu_to_le16(event);
833 if (hdev)
834 hdr->index = cpu_to_le16(hdev->id);
835 else
612dfce9 836 hdr->index = __constant_cpu_to_le16(MGMT_INDEX_NONE);
beadb2bd
JH		 837 hdr->len = cpu_to_le16(data_len);
838
839 if (data)
840 memcpy(skb_put(skb, data_len), data, data_len);
841
97e0bdeb
MH		 842 /* Time stamp */
843 __net_timestamp(skb);
844
beadb2bd
JH		 845 hci_send_to_control(skb, skip_sk);
846 kfree_skb(skb);
847
848 return 0;
849}
850
851static int new_settings(struct hci_dev *hdev, struct sock *skip)
852{
853 __le32 ev;
854
855 ev = cpu_to_le32(get_current_settings(hdev));
856
857 return mgmt_event(MGMT_EV_NEW_SETTINGS, hdev, &ev, sizeof(ev), skip);
858}
859
bdb6d971 860static int set_discoverable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 861 u16 len)
73f22f62 862{
650f726d 863 struct mgmt_cp_set_discoverable *cp = data;
366a0336 864 struct pending_cmd *cmd;
5e5282bb 865 u16 timeout;
73f22f62
JH		 866 u8 scan;
867 int err;
868
bdb6d971 869 BT_DBG("request for %s", hdev->name);
73f22f62 870
33c525c0
JH		 871 if (!lmp_bredr_capable(hdev))
872 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
873 MGMT_STATUS_NOT_SUPPORTED);
874
1f350c87 875 timeout = __le16_to_cpu(cp->timeout);
24c54a90 876 if (!cp->val && timeout > 0)
bdb6d971 877 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 878 MGMT_STATUS_INVALID_PARAMS);
73f22f62 879
09fd0de5 880 hci_dev_lock(hdev);
73f22f62 881
5e5282bb 882 if (!hdev_is_powered(hdev) && timeout > 0) {
bdb6d971 883 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 884 MGMT_STATUS_NOT_POWERED);
73f22f62
JH		 885 goto failed;
886 }
887
2e58ef3e 888 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
8ce8e2b5 889 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
bdb6d971 890 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 891 MGMT_STATUS_BUSY);
73f22f62
JH		 892 goto failed;
893 }
894
5e5282bb 895 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags)) {
bdb6d971 896 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 897 MGMT_STATUS_REJECTED);
5e5282bb
JH		 898 goto failed;
899 }
900
901 if (!hdev_is_powered(hdev)) {
0224d2fa
JH		 902 bool changed = false;
903
904 if (!!cp->val != test_bit(HCI_DISCOVERABLE, &hdev->dev_flags)) {
905 change_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
906 changed = true;
907 }
908
5e5282bb 909 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
0224d2fa
JH		 910 if (err < 0)
911 goto failed;
912
913 if (changed)
914 err = new_settings(hdev, sk);
915
5e5282bb
JH		 916 goto failed;
917 }
918
919 if (!!cp->val == test_bit(HCI_DISCOVERABLE, &hdev->dev_flags)) {
955638ec
MH		 920 if (hdev->discov_timeout > 0) {
921 cancel_delayed_work(&hdev->discov_off);
922 hdev->discov_timeout = 0;
923 }
924
925 if (cp->val && timeout > 0) {
926 hdev->discov_timeout = timeout;
927 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
928 msecs_to_jiffies(hdev->discov_timeout * 1000));
929 }
930
69ab39ea 931 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
73f22f62
JH		 932 goto failed;
933 }
934
2e58ef3e 935 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DISCOVERABLE, hdev, data, len);
366a0336
JH		 936 if (!cmd) {
937 err = -ENOMEM;
73f22f62 938 goto failed;
366a0336 939 }
73f22f62
JH		 940
941 scan = SCAN_PAGE;
942
72a734ec 943 if (cp->val)
73f22f62 944 scan |= SCAN_INQUIRY;
16ab91ab 945 else
e0f9309f 946 cancel_delayed_work(&hdev->discov_off);
73f22f62
JH		 947
948 err = hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
949 if (err < 0)
a664b5bc 950 mgmt_pending_remove(cmd);
73f22f62 951
16ab91ab 952 if (cp->val)
5e5282bb 953 hdev->discov_timeout = timeout;
16ab91ab 954
73f22f62 955failed:
09fd0de5 956 hci_dev_unlock(hdev);
73f22f62
JH		 957 return err;
958}
959
bdb6d971 960static int set_connectable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 961 u16 len)
9fbcbb45 962{
650f726d 963 struct mgmt_mode *cp = data;
366a0336 964 struct pending_cmd *cmd;
9fbcbb45
JH		 965 u8 scan;
966 int err;
967
bdb6d971 968 BT_DBG("request for %s", hdev->name);
9fbcbb45 969
33c525c0
JH		 970 if (!lmp_bredr_capable(hdev))
971 return cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
972 MGMT_STATUS_NOT_SUPPORTED);
973
09fd0de5 974 hci_dev_lock(hdev);
9fbcbb45 975
4b34ee78 976 if (!hdev_is_powered(hdev)) {
0224d2fa
JH		 977 bool changed = false;
978
979 if (!!cp->val != test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
980 changed = true;
981
6bf0e469 982 if (cp->val) {
5e5282bb 983 set_bit(HCI_CONNECTABLE, &hdev->dev_flags);
6bf0e469 984 } else {
5e5282bb
JH		 985 clear_bit(HCI_CONNECTABLE, &hdev->dev_flags);
986 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
987 }
0224d2fa 988
5e5282bb 989 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
0224d2fa
JH		 990 if (err < 0)
991 goto failed;
992
993 if (changed)
994 err = new_settings(hdev, sk);
995
9fbcbb45
JH		 996 goto failed;
997 }
998
2e58ef3e 999 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
8ce8e2b5 1000 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
bdb6d971 1001 err = cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
04124681 1002 MGMT_STATUS_BUSY);
9fbcbb45
JH		 1003 goto failed;
1004 }
1005
5e5282bb 1006 if (!!cp->val == test_bit(HCI_PSCAN, &hdev->flags)) {
69ab39ea 1007 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
9fbcbb45
JH		 1008 goto failed;
1009 }
1010
2e58ef3e 1011 cmd = mgmt_pending_add(sk, MGMT_OP_SET_CONNECTABLE, hdev, data, len);
366a0336
JH		 1012 if (!cmd) {
1013 err = -ENOMEM;
9fbcbb45 1014 goto failed;
366a0336 1015 }
9fbcbb45 1016
6bf0e469 1017 if (cp->val) {
9fbcbb45 1018 scan = SCAN_PAGE;
6bf0e469 1019 } else {
9fbcbb45
JH		 1020 scan = 0;
1021
df2c6c5e 1022 if (test_bit(HCI_ISCAN, &hdev->flags) &&
8ce8e2b5 1023 hdev->discov_timeout > 0)
df2c6c5e
JH		 1024 cancel_delayed_work(&hdev->discov_off);
1025 }
1026
9fbcbb45
JH		 1027 err = hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1028 if (err < 0)
a664b5bc 1029 mgmt_pending_remove(cmd);
9fbcbb45
JH		 1030
1031failed:
09fd0de5 1032 hci_dev_unlock(hdev);
9fbcbb45
JH		 1033 return err;
1034}
1035
bdb6d971 1036static int set_pairable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1037 u16 len)
c542a06c 1038{
650f726d 1039 struct mgmt_mode *cp = data;
c542a06c
JH		 1040 int err;
1041
bdb6d971 1042 BT_DBG("request for %s", hdev->name);
c542a06c 1043
09fd0de5 1044 hci_dev_lock(hdev);
c542a06c
JH		 1045
1046 if (cp->val)
a8b2d5c2 1047 set_bit(HCI_PAIRABLE, &hdev->dev_flags);
c542a06c 1048 else
a8b2d5c2 1049 clear_bit(HCI_PAIRABLE, &hdev->dev_flags);
c542a06c 1050
69ab39ea 1051 err = send_settings_rsp(sk, MGMT_OP_SET_PAIRABLE, hdev);
c542a06c
JH		 1052 if (err < 0)
1053 goto failed;
1054
beadb2bd 1055 err = new_settings(hdev, sk);
c542a06c
JH		 1056
1057failed:
09fd0de5 1058 hci_dev_unlock(hdev);
c542a06c
JH		 1059 return err;
1060}
1061
04124681
GP		 1062static int set_link_security(struct sock *sk, struct hci_dev *hdev, void *data,
1063 u16 len)
33ef95ed
JH		 1064{
1065 struct mgmt_mode *cp = data;
1066 struct pending_cmd *cmd;
816a11d5 1067 u8 val;
33ef95ed
JH		 1068 int err;
1069
bdb6d971 1070 BT_DBG("request for %s", hdev->name);
33ef95ed 1071
33c525c0
JH		 1072 if (!lmp_bredr_capable(hdev))
1073 return cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1074 MGMT_STATUS_NOT_SUPPORTED);
1075
33ef95ed
JH		 1076 hci_dev_lock(hdev);
1077
4b34ee78 1078 if (!hdev_is_powered(hdev)) {
47990ea0
JH		 1079 bool changed = false;
1080
1081 if (!!cp->val != test_bit(HCI_LINK_SECURITY,
8ce8e2b5 1082 &hdev->dev_flags)) {
47990ea0
JH		 1083 change_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
1084 changed = true;
1085 }
1086
1087 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1088 if (err < 0)
1089 goto failed;
1090
1091 if (changed)
1092 err = new_settings(hdev, sk);
1093
33ef95ed
JH		 1094 goto failed;
1095 }
1096
1097 if (mgmt_pending_find(MGMT_OP_SET_LINK_SECURITY, hdev)) {
bdb6d971 1098 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
04124681 1099 MGMT_STATUS_BUSY);
33ef95ed
JH		 1100 goto failed;
1101 }
1102
1103 val = !!cp->val;
1104
1105 if (test_bit(HCI_AUTH, &hdev->flags) == val) {
1106 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1107 goto failed;
1108 }
1109
1110 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LINK_SECURITY, hdev, data, len);
1111 if (!cmd) {
1112 err = -ENOMEM;
1113 goto failed;
1114 }
1115
1116 err = hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE, sizeof(val), &val);
1117 if (err < 0) {
1118 mgmt_pending_remove(cmd);
1119 goto failed;
1120 }
1121
1122failed:
1123 hci_dev_unlock(hdev);
33ef95ed
JH		 1124 return err;
1125}
1126
bdb6d971 1127static int set_ssp(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
ed2c4ee3
JH		 1128{
1129 struct mgmt_mode *cp = data;
1130 struct pending_cmd *cmd;
816a11d5 1131 u8 val;
ed2c4ee3
JH		 1132 int err;
1133
bdb6d971 1134 BT_DBG("request for %s", hdev->name);
ed2c4ee3 1135
ed2c4ee3
JH		 1136 hci_dev_lock(hdev);
1137
9a1a1996 1138 if (!lmp_ssp_capable(hdev)) {
bdb6d971 1139 err = cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
04124681 1140 MGMT_STATUS_NOT_SUPPORTED);
6c8f12c1
JH		 1141 goto failed;
1142 }
1143
c0ecddc2
JH		 1144 val = !!cp->val;
1145
4b34ee78 1146 if (!hdev_is_powered(hdev)) {
c0ecddc2
JH		 1147 bool changed = false;
1148
1149 if (val != test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) {
1150 change_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
1151 changed = true;
1152 }
1153
1154 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1155 if (err < 0)
1156 goto failed;
1157
1158 if (changed)
1159 err = new_settings(hdev, sk);
1160
ed2c4ee3
JH		 1161 goto failed;
1162 }
1163
1164 if (mgmt_pending_find(MGMT_OP_SET_SSP, hdev)) {
d97dcb66
SJ		 1165 err = cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1166 MGMT_STATUS_BUSY);
ed2c4ee3
JH		 1167 goto failed;
1168 }
1169
ed2c4ee3
JH		 1170 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags) == val) {
1171 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1172 goto failed;
1173 }
1174
1175 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SSP, hdev, data, len);
1176 if (!cmd) {
1177 err = -ENOMEM;
1178 goto failed;
1179 }
1180
1181 err = hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, sizeof(val), &val);
1182 if (err < 0) {
1183 mgmt_pending_remove(cmd);
1184 goto failed;
1185 }
1186
1187failed:
1188 hci_dev_unlock(hdev);
ed2c4ee3
JH		 1189 return err;
1190}
1191
bdb6d971 1192static int set_hs(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
6d80dfd0
JH		 1193{
1194 struct mgmt_mode *cp = data;
6d80dfd0 1195
bdb6d971 1196 BT_DBG("request for %s", hdev->name);
6d80dfd0 1197
bdb6d971
JH		 1198 if (!enable_hs)
1199 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
04124681 1200 MGMT_STATUS_NOT_SUPPORTED);
6d80dfd0
JH		 1201
1202 if (cp->val)
1203 set_bit(HCI_HS_ENABLED, &hdev->dev_flags);
1204 else
1205 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
1206
bdb6d971 1207 return send_settings_rsp(sk, MGMT_OP_SET_HS, hdev);
6d80dfd0
JH		 1208}
1209
bdb6d971 1210static int set_le(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
06199cf8
JH		 1211{
1212 struct mgmt_mode *cp = data;
1213 struct hci_cp_write_le_host_supported hci_cp;
1214 struct pending_cmd *cmd;
06199cf8 1215 int err;
0b60eba1 1216 u8 val, enabled;
06199cf8 1217
bdb6d971 1218 BT_DBG("request for %s", hdev->name);
06199cf8 1219
1de028ce
JH		 1220 hci_dev_lock(hdev);
1221
c383ddc4 1222 if (!lmp_le_capable(hdev)) {
bdb6d971 1223 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
04124681 1224 MGMT_STATUS_NOT_SUPPORTED);
1de028ce 1225 goto unlock;
06199cf8
JH		 1226 }
1227
1228 val = !!cp->val;
ffa88e02 1229 enabled = lmp_host_le_capable(hdev);
06199cf8 1230
0b60eba1 1231 if (!hdev_is_powered(hdev) || val == enabled) {
06199cf8
JH		 1232 bool changed = false;
1233
1234 if (val != test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
1235 change_bit(HCI_LE_ENABLED, &hdev->dev_flags);
1236 changed = true;
1237 }
1238
1239 err = send_settings_rsp(sk, MGMT_OP_SET_LE, hdev);
1240 if (err < 0)
1de028ce 1241 goto unlock;
06199cf8
JH		 1242
1243 if (changed)
1244 err = new_settings(hdev, sk);
1245
1de028ce 1246 goto unlock;
06199cf8
JH		 1247 }
1248
1249 if (mgmt_pending_find(MGMT_OP_SET_LE, hdev)) {
bdb6d971 1250 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
04124681 1251 MGMT_STATUS_BUSY);
1de028ce 1252 goto unlock;
06199cf8
JH		 1253 }
1254
1255 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LE, hdev, data, len);
1256 if (!cmd) {
1257 err = -ENOMEM;
1de028ce 1258 goto unlock;
06199cf8
JH		 1259 }
1260
1261 memset(&hci_cp, 0, sizeof(hci_cp));
1262
1263 if (val) {
1264 hci_cp.le = val;
ffa88e02 1265 hci_cp.simul = lmp_le_br_capable(hdev);
06199cf8
JH		 1266 }
1267
04124681
GP		 1268 err = hci_send_cmd(hdev, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(hci_cp),
1269 &hci_cp);
0c01bc48 1270 if (err < 0)
06199cf8 1271 mgmt_pending_remove(cmd);
06199cf8 1272
1de028ce
JH		 1273unlock:
1274 hci_dev_unlock(hdev);
06199cf8
JH		 1275 return err;
1276}
1277
bdb6d971 1278static int add_uuid(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
2aeb9a1a 1279{
650f726d 1280 struct mgmt_cp_add_uuid *cp = data;
90e70454 1281 struct pending_cmd *cmd;
2aeb9a1a 1282 struct bt_uuid *uuid;
2aeb9a1a
JH		 1283 int err;
1284
bdb6d971 1285 BT_DBG("request for %s", hdev->name);
2aeb9a1a 1286
09fd0de5 1287 hci_dev_lock(hdev);
2aeb9a1a 1288
c95f0ba7 1289 if (test_bit(HCI_PENDING_CLASS, &hdev->dev_flags)) {
bdb6d971 1290 err = cmd_status(sk, hdev->id, MGMT_OP_ADD_UUID,
04124681 1291 MGMT_STATUS_BUSY);
c95f0ba7
JH		 1292 goto failed;
1293 }
1294
92c4c204 1295 uuid = kmalloc(sizeof(*uuid), GFP_KERNEL);
2aeb9a1a
JH		 1296 if (!uuid) {
1297 err = -ENOMEM;
1298 goto failed;
1299 }
1300
1301 memcpy(uuid->uuid, cp->uuid, 16);
1aff6f09 1302 uuid->svc_hint = cp->svc_hint;
2aeb9a1a
JH		 1303
1304 list_add(&uuid->list, &hdev->uuids);
1305
1aff6f09
JH		 1306 err = update_class(hdev);
1307 if (err < 0)
1308 goto failed;
1309
80a1e1db
JH		 1310 err = update_eir(hdev);
1311 if (err < 0)
1312 goto failed;
1313
90e70454 1314 if (!test_bit(HCI_PENDING_CLASS, &hdev->dev_flags)) {
bdb6d971 1315 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_UUID, 0,
04124681 1316 hdev->dev_class, 3);
90e70454
JH		 1317 goto failed;
1318 }
1319
1320 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_UUID, hdev, data, len);
0c01bc48 1321 if (!cmd)
90e70454 1322 err = -ENOMEM;
2aeb9a1a
JH		 1323
1324failed:
09fd0de5 1325 hci_dev_unlock(hdev);
2aeb9a1a
JH		 1326 return err;
1327}
1328
24b78d0f
JH		 1329static bool enable_service_cache(struct hci_dev *hdev)
1330{
1331 if (!hdev_is_powered(hdev))
1332 return false;
1333
1334 if (!test_and_set_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
17b02e62 1335 schedule_delayed_work(&hdev->service_cache, CACHE_TIMEOUT);
24b78d0f
JH		 1336 return true;
1337 }
1338
1339 return false;
1340}
1341
bdb6d971 1342static int remove_uuid(struct sock *sk, struct hci_dev *hdev, void *data,
8ce8e2b5 1343 u16 len)
2aeb9a1a 1344{
650f726d 1345 struct mgmt_cp_remove_uuid *cp = data;
90e70454 1346 struct pending_cmd *cmd;
2aeb9a1a 1347 struct list_head *p, *n;
2aeb9a1a 1348 u8 bt_uuid_any[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
2aeb9a1a
JH		 1349 int err, found;
1350
bdb6d971 1351 BT_DBG("request for %s", hdev->name);
2aeb9a1a 1352
09fd0de5 1353 hci_dev_lock(hdev);
2aeb9a1a 1354
c95f0ba7 1355 if (test_bit(HCI_PENDING_CLASS, &hdev->dev_flags)) {
bdb6d971 1356 err = cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
04124681 1357 MGMT_STATUS_BUSY);
c95f0ba7
JH		 1358 goto unlock;
1359 }
1360
2aeb9a1a
JH		 1361 if (memcmp(cp->uuid, bt_uuid_any, 16) == 0) {
1362 err = hci_uuids_clear(hdev);
4004b6d9 1363
24b78d0f 1364 if (enable_service_cache(hdev)) {
bdb6d971 1365 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID,
04124681 1366 0, hdev->dev_class, 3);
24b78d0f
JH		 1367 goto unlock;
1368 }
4004b6d9 1369
9246a869 1370 goto update_class;
2aeb9a1a
JH		 1371 }
1372
1373 found = 0;
1374
1375 list_for_each_safe(p, n, &hdev->uuids) {
1376 struct bt_uuid *match = list_entry(p, struct bt_uuid, list);
1377
1378 if (memcmp(match->uuid, cp->uuid, 16) != 0)
1379 continue;
1380
1381 list_del(&match->list);
482049f7 1382 kfree(match);
2aeb9a1a
JH		 1383 found++;
1384 }
1385
1386 if (found == 0) {
bdb6d971 1387 err = cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
04124681 1388 MGMT_STATUS_INVALID_PARAMS);
2aeb9a1a
JH		 1389 goto unlock;
1390 }
1391
9246a869 1392update_class:
1aff6f09
JH		 1393 err = update_class(hdev);
1394 if (err < 0)
1395 goto unlock;
1396
80a1e1db
JH		 1397 err = update_eir(hdev);
1398 if (err < 0)
1399 goto unlock;
1400
90e70454 1401 if (!test_bit(HCI_PENDING_CLASS, &hdev->dev_flags)) {
bdb6d971 1402 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID, 0,
04124681 1403 hdev->dev_class, 3);
90e70454
JH		 1404 goto unlock;
1405 }
1406
1407 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_UUID, hdev, data, len);
0c01bc48 1408 if (!cmd)
90e70454 1409 err = -ENOMEM;
2aeb9a1a
JH		 1410
1411unlock:
09fd0de5 1412 hci_dev_unlock(hdev);
2aeb9a1a
JH		 1413 return err;
1414}
1415
bdb6d971 1416static int set_dev_class(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1417 u16 len)
1aff6f09 1418{
650f726d 1419 struct mgmt_cp_set_dev_class *cp = data;
90e70454 1420 struct pending_cmd *cmd;
1aff6f09
JH		 1421 int err;
1422
bdb6d971 1423 BT_DBG("request for %s", hdev->name);
1aff6f09 1424
09fd0de5 1425 hci_dev_lock(hdev);
1aff6f09 1426
c95f0ba7 1427 if (test_bit(HCI_PENDING_CLASS, &hdev->dev_flags)) {
bdb6d971 1428 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
04124681 1429 MGMT_STATUS_BUSY);
c95f0ba7
JH		 1430 goto unlock;
1431 }
1432
932f5ff5
JH		 1433 hdev->major_class = cp->major;
1434 hdev->minor_class = cp->minor;
1435
b5235a65 1436 if (!hdev_is_powered(hdev)) {
bdb6d971 1437 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
04124681 1438 hdev->dev_class, 3);
b5235a65
JH		 1439 goto unlock;
1440 }
1441
a8b2d5c2 1442 if (test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
7d78525d
JH		 1443 hci_dev_unlock(hdev);
1444 cancel_delayed_work_sync(&hdev->service_cache);
1445 hci_dev_lock(hdev);
14c0b608 1446 update_eir(hdev);
7d78525d 1447 }
14c0b608 1448
1aff6f09 1449 err = update_class(hdev);
90e70454
JH		 1450 if (err < 0)
1451 goto unlock;
1aff6f09 1452
90e70454 1453 if (!test_bit(HCI_PENDING_CLASS, &hdev->dev_flags)) {
bdb6d971 1454 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
04124681 1455 hdev->dev_class, 3);
90e70454
JH		 1456 goto unlock;
1457 }
1458
1459 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DEV_CLASS, hdev, data, len);
0c01bc48 1460 if (!cmd)
90e70454 1461 err = -ENOMEM;
1aff6f09 1462
b5235a65 1463unlock:
09fd0de5 1464 hci_dev_unlock(hdev);
1aff6f09
JH		 1465 return err;
1466}
1467
bdb6d971 1468static int load_link_keys(struct sock *sk, struct hci_dev *hdev, void *data,
8ce8e2b5 1469 u16 len)
55ed8ca1 1470{
650f726d 1471 struct mgmt_cp_load_link_keys *cp = data;
4e51eae9 1472 u16 key_count, expected_len;
a492cd52 1473 int i;
55ed8ca1 1474
1f350c87 1475 key_count = __le16_to_cpu(cp->key_count);
55ed8ca1 1476
86742e1e
JH		 1477 expected_len = sizeof(*cp) + key_count *
1478 sizeof(struct mgmt_link_key_info);
a492cd52 1479 if (expected_len != len) {
86742e1e 1480 BT_ERR("load_link_keys: expected %u bytes, got %u bytes",
8ce8e2b5 1481 len, expected_len);
bdb6d971 1482 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
04124681 1483 MGMT_STATUS_INVALID_PARAMS);
55ed8ca1
JH		 1484 }
1485
bdb6d971 1486 BT_DBG("%s debug_keys %u key_count %u", hdev->name, cp->debug_keys,
8ce8e2b5 1487 key_count);
55ed8ca1 1488
09fd0de5 1489 hci_dev_lock(hdev);
55ed8ca1
JH		 1490
1491 hci_link_keys_clear(hdev);
1492
a8b2d5c2 1493 set_bit(HCI_LINK_KEYS, &hdev->dev_flags);
55ed8ca1
JH		 1494
1495 if (cp->debug_keys)
a8b2d5c2 1496 set_bit(HCI_DEBUG_KEYS, &hdev->dev_flags);
55ed8ca1 1497 else
a8b2d5c2 1498 clear_bit(HCI_DEBUG_KEYS, &hdev->dev_flags);
55ed8ca1 1499
a492cd52 1500 for (i = 0; i < key_count; i++) {
86742e1e 1501 struct mgmt_link_key_info *key = &cp->keys[i];
55ed8ca1 1502
d753fdc4 1503 hci_add_link_key(hdev, NULL, 0, &key->addr.bdaddr, key->val,
04124681 1504 key->type, key->pin_len);
55ed8ca1
JH		 1505 }
1506
bdb6d971 1507 cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS, 0, NULL, 0);
0e5f875a 1508
09fd0de5 1509 hci_dev_unlock(hdev);
55ed8ca1 1510
a492cd52 1511 return 0;
55ed8ca1
JH		 1512}
1513
b1078ad0 1514static int device_unpaired(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 1515 u8 addr_type, struct sock *skip_sk)
b1078ad0
JH		 1516{
1517 struct mgmt_ev_device_unpaired ev;
1518
1519 bacpy(&ev.addr.bdaddr, bdaddr);
1520 ev.addr.type = addr_type;
1521
1522 return mgmt_event(MGMT_EV_DEVICE_UNPAIRED, hdev, &ev, sizeof(ev),
04124681 1523 skip_sk);
b1078ad0
JH		 1524}
1525
bdb6d971 1526static int unpair_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1527 u16 len)
55ed8ca1 1528{
124f6e35
JH		 1529 struct mgmt_cp_unpair_device *cp = data;
1530 struct mgmt_rp_unpair_device rp;
a8a1d19e
JH		 1531 struct hci_cp_disconnect dc;
1532 struct pending_cmd *cmd;
55ed8ca1 1533 struct hci_conn *conn;
55ed8ca1
JH		 1534 int err;
1535
09fd0de5 1536 hci_dev_lock(hdev);
55ed8ca1 1537
a8a1d19e 1538 memset(&rp, 0, sizeof(rp));
124f6e35
JH		 1539 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
1540 rp.addr.type = cp->addr.type;
a8a1d19e 1541
86a8cfc6 1542 if (!hdev_is_powered(hdev)) {
bdb6d971 1543 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
04124681 1544 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
86a8cfc6
JH		 1545 goto unlock;
1546 }
1547
591f47f3 1548 if (cp->addr.type == BDADDR_BREDR)
124f6e35
JH		 1549 err = hci_remove_link_key(hdev, &cp->addr.bdaddr);
1550 else
1551 err = hci_remove_ltk(hdev, &cp->addr.bdaddr);
b0dbfb46 1552
55ed8ca1 1553 if (err < 0) {
bdb6d971 1554 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
04124681 1555 MGMT_STATUS_NOT_PAIRED, &rp, sizeof(rp));
55ed8ca1
JH		 1556 goto unlock;
1557 }
1558
86a8cfc6 1559 if (cp->disconnect) {
591f47f3 1560 if (cp->addr.type == BDADDR_BREDR)
86a8cfc6 1561 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
8ce8e2b5 1562 &cp->addr.bdaddr);
86a8cfc6
JH		 1563 else
1564 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK,
8ce8e2b5 1565 &cp->addr.bdaddr);
86a8cfc6
JH		 1566 } else {
1567 conn = NULL;
1568 }
124f6e35 1569
a8a1d19e 1570 if (!conn) {
bdb6d971 1571 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE, 0,
04124681 1572 &rp, sizeof(rp));
b1078ad0 1573 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, sk);
a8a1d19e
JH		 1574 goto unlock;
1575 }
55ed8ca1 1576
124f6e35 1577 cmd = mgmt_pending_add(sk, MGMT_OP_UNPAIR_DEVICE, hdev, cp,
04124681 1578 sizeof(*cp));
a8a1d19e
JH		 1579 if (!cmd) {
1580 err = -ENOMEM;
1581 goto unlock;
55ed8ca1
JH		 1582 }
1583
eb55ef07 1584 dc.handle = cpu_to_le16(conn->handle);
a8a1d19e
JH		 1585 dc.reason = 0x13; /* Remote User Terminated Connection */
1586 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
1587 if (err < 0)
1588 mgmt_pending_remove(cmd);
1589
55ed8ca1 1590unlock:
09fd0de5 1591 hci_dev_unlock(hdev);
55ed8ca1
JH		 1592 return err;
1593}
1594
bdb6d971 1595static int disconnect(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1596 u16 len)
8962ee74 1597{
650f726d 1598 struct mgmt_cp_disconnect *cp = data;
8962ee74 1599 struct hci_cp_disconnect dc;
366a0336 1600 struct pending_cmd *cmd;
8962ee74 1601 struct hci_conn *conn;
8962ee74
JH		 1602 int err;
1603
1604 BT_DBG("");
1605
09fd0de5 1606 hci_dev_lock(hdev);
8962ee74
JH		 1607
1608 if (!test_bit(HCI_UP, &hdev->flags)) {
bdb6d971 1609 err = cmd_status(sk, hdev->id, MGMT_OP_DISCONNECT,
04124681 1610 MGMT_STATUS_NOT_POWERED);
8962ee74
JH		 1611 goto failed;
1612 }
1613
2e58ef3e 1614 if (mgmt_pending_find(MGMT_OP_DISCONNECT, hdev)) {
bdb6d971 1615 err = cmd_status(sk, hdev->id, MGMT_OP_DISCONNECT,
04124681 1616 MGMT_STATUS_BUSY);
8962ee74
JH		 1617 goto failed;
1618 }
1619
591f47f3 1620 if (cp->addr.type == BDADDR_BREDR)
8fc9ced3
GP		 1621 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
1622 &cp->addr.bdaddr);
88c3df13
JH		 1623 else
1624 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
365227e5 1625
f960727e 1626 if (!conn || conn->state == BT_OPEN || conn->state == BT_CLOSED) {
bdb6d971 1627 err = cmd_status(sk, hdev->id, MGMT_OP_DISCONNECT,
04124681 1628 MGMT_STATUS_NOT_CONNECTED);
8962ee74
JH		 1629 goto failed;
1630 }
1631
2e58ef3e 1632 cmd = mgmt_pending_add(sk, MGMT_OP_DISCONNECT, hdev, data, len);
366a0336
JH		 1633 if (!cmd) {
1634 err = -ENOMEM;
8962ee74 1635 goto failed;
366a0336 1636 }
8962ee74 1637
eb55ef07 1638 dc.handle = cpu_to_le16(conn->handle);
3701f944 1639 dc.reason = HCI_ERROR_REMOTE_USER_TERM;
8962ee74
JH		 1640
1641 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
1642 if (err < 0)
a664b5bc 1643 mgmt_pending_remove(cmd);
8962ee74
JH		 1644
1645failed:
09fd0de5 1646 hci_dev_unlock(hdev);
8962ee74
JH		 1647 return err;
1648}
1649
57c1477c 1650static u8 link_to_bdaddr(u8 link_type, u8 addr_type)
4c659c39
JH		 1651{
1652 switch (link_type) {
1653 case LE_LINK:
48264f06
JH		 1654 switch (addr_type) {
1655 case ADDR_LE_DEV_PUBLIC:
591f47f3 1656 return BDADDR_LE_PUBLIC;
0ed09148 1657
48264f06 1658 default:
0ed09148 1659 /* Fallback to LE Random address type */
591f47f3 1660 return BDADDR_LE_RANDOM;
48264f06 1661 }
0ed09148 1662
4c659c39 1663 default:
0ed09148 1664 /* Fallback to BR/EDR type */
591f47f3 1665 return BDADDR_BREDR;
4c659c39
JH		 1666 }
1667}
1668
04124681
GP		 1669static int get_connections(struct sock *sk, struct hci_dev *hdev, void *data,
1670 u16 data_len)
2784eb41 1671{
2784eb41 1672 struct mgmt_rp_get_connections *rp;
8035ded4 1673 struct hci_conn *c;
a38528f1 1674 size_t rp_len;
60fc5fb6
JH		 1675 int err;
1676 u16 i;
2784eb41
JH		 1677
1678 BT_DBG("");
1679
09fd0de5 1680 hci_dev_lock(hdev);
2784eb41 1681
5f97c1df 1682 if (!hdev_is_powered(hdev)) {
bdb6d971 1683 err = cmd_status(sk, hdev->id, MGMT_OP_GET_CONNECTIONS,
04124681 1684 MGMT_STATUS_NOT_POWERED);
5f97c1df
JH		 1685 goto unlock;
1686 }
1687
60fc5fb6 1688 i = 0;
b644ba33
JH		 1689 list_for_each_entry(c, &hdev->conn_hash.list, list) {
1690 if (test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
60fc5fb6 1691 i++;
2784eb41
JH		 1692 }
1693
60fc5fb6 1694 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
92c4c204 1695 rp = kmalloc(rp_len, GFP_KERNEL);
a38528f1 1696 if (!rp) {
2784eb41
JH		 1697 err = -ENOMEM;
1698 goto unlock;
1699 }
1700
2784eb41 1701 i = 0;
4c659c39 1702 list_for_each_entry(c, &hdev->conn_hash.list, list) {
b644ba33
JH		 1703 if (!test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
1704 continue;
4c659c39 1705 bacpy(&rp->addr[i].bdaddr, &c->dst);
57c1477c 1706 rp->addr[i].type = link_to_bdaddr(c->type, c->dst_type);
0ed09148 1707 if (c->type == SCO_LINK || c->type == ESCO_LINK)
4c659c39
JH		 1708 continue;
1709 i++;
1710 }
1711
eb55ef07 1712 rp->conn_count = cpu_to_le16(i);
60fc5fb6 1713
4c659c39
JH		 1714 /* Recalculate length in case of filtered SCO connections, etc */
1715 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
2784eb41 1716
bdb6d971 1717 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CONNECTIONS, 0, rp,
04124681 1718 rp_len);
2784eb41 1719
a38528f1 1720 kfree(rp);
5f97c1df
JH		 1721
1722unlock:
09fd0de5 1723 hci_dev_unlock(hdev);
2784eb41
JH		 1724 return err;
1725}
1726
bdb6d971 1727static int send_pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 1728 struct mgmt_cp_pin_code_neg_reply *cp)
96d97a67
WR		 1729{
1730 struct pending_cmd *cmd;
1731 int err;
1732
2e58ef3e 1733 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_NEG_REPLY, hdev, cp,
04124681 1734 sizeof(*cp));
96d97a67
WR		 1735 if (!cmd)
1736 return -ENOMEM;
1737
d8457698 1738 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
04124681 1739 sizeof(cp->addr.bdaddr), &cp->addr.bdaddr);
96d97a67
WR		 1740 if (err < 0)
1741 mgmt_pending_remove(cmd);
1742
1743 return err;
1744}
1745
bdb6d971 1746static int pin_code_reply(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1747 u16 len)
980e1a53 1748{
96d97a67 1749 struct hci_conn *conn;
650f726d 1750 struct mgmt_cp_pin_code_reply *cp = data;
980e1a53 1751 struct hci_cp_pin_code_reply reply;
366a0336 1752 struct pending_cmd *cmd;
980e1a53
JH		 1753 int err;
1754
1755 BT_DBG("");
1756
09fd0de5 1757 hci_dev_lock(hdev);
980e1a53 1758
4b34ee78 1759 if (!hdev_is_powered(hdev)) {
bdb6d971 1760 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
04124681 1761 MGMT_STATUS_NOT_POWERED);
980e1a53
JH		 1762 goto failed;
1763 }
1764
d8457698 1765 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->addr.bdaddr);
96d97a67 1766 if (!conn) {
bdb6d971 1767 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
04124681 1768 MGMT_STATUS_NOT_CONNECTED);
96d97a67
WR		 1769 goto failed;
1770 }
1771
1772 if (conn->pending_sec_level == BT_SECURITY_HIGH && cp->pin_len != 16) {
d8457698
JH		 1773 struct mgmt_cp_pin_code_neg_reply ncp;
1774
1775 memcpy(&ncp.addr, &cp->addr, sizeof(ncp.addr));
96d97a67
WR		 1776
1777 BT_ERR("PIN code is not 16 bytes long");
1778
bdb6d971 1779 err = send_pin_code_neg_reply(sk, hdev, &ncp);
96d97a67 1780 if (err >= 0)
bdb6d971 1781 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
04124681 1782 MGMT_STATUS_INVALID_PARAMS);
96d97a67
WR		 1783
1784 goto failed;
1785 }
1786
00abfe44 1787 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_REPLY, hdev, data, len);
366a0336
JH		 1788 if (!cmd) {
1789 err = -ENOMEM;
980e1a53 1790 goto failed;
366a0336 1791 }
980e1a53 1792
d8457698 1793 bacpy(&reply.bdaddr, &cp->addr.bdaddr);
980e1a53 1794 reply.pin_len = cp->pin_len;
24718ca5 1795 memcpy(reply.pin_code, cp->pin_code, sizeof(reply.pin_code));
980e1a53
JH		 1796
1797 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_REPLY, sizeof(reply), &reply);
1798 if (err < 0)
a664b5bc 1799 mgmt_pending_remove(cmd);
980e1a53
JH		 1800
1801failed:
09fd0de5 1802 hci_dev_unlock(hdev);
980e1a53
JH		 1803 return err;
1804}
1805
04124681
GP		 1806static int set_io_capability(struct sock *sk, struct hci_dev *hdev, void *data,
1807 u16 len)
17fa4b9d 1808{
650f726d 1809 struct mgmt_cp_set_io_capability *cp = data;
17fa4b9d
JH		 1810
1811 BT_DBG("");
1812
09fd0de5 1813 hci_dev_lock(hdev);
17fa4b9d
JH		 1814
1815 hdev->io_capability = cp->io_capability;
1816
1817 BT_DBG("%s IO capability set to 0x%02x", hdev->name,
8ce8e2b5 1818 hdev->io_capability);
17fa4b9d 1819
09fd0de5 1820 hci_dev_unlock(hdev);
17fa4b9d 1821
04124681
GP		 1822 return cmd_complete(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY, 0, NULL,
1823 0);
17fa4b9d
JH		 1824}
1825
6039aa73 1826static struct pending_cmd *find_pairing(struct hci_conn *conn)
e9a416b5
JH		 1827{
1828 struct hci_dev *hdev = conn->hdev;
8035ded4 1829 struct pending_cmd *cmd;
e9a416b5 1830
2e58ef3e 1831 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
e9a416b5
JH		 1832 if (cmd->opcode != MGMT_OP_PAIR_DEVICE)
1833 continue;
1834
e9a416b5
JH		 1835 if (cmd->user_data != conn)
1836 continue;
1837
1838 return cmd;
1839 }
1840
1841 return NULL;
1842}
1843
1844static void pairing_complete(struct pending_cmd *cmd, u8 status)
1845{
1846 struct mgmt_rp_pair_device rp;
1847 struct hci_conn *conn = cmd->user_data;
1848
ba4e564f 1849 bacpy(&rp.addr.bdaddr, &conn->dst);
57c1477c 1850 rp.addr.type = link_to_bdaddr(conn->type, conn->dst_type);
e9a416b5 1851
aee9b218 1852 cmd_complete(cmd->sk, cmd->index, MGMT_OP_PAIR_DEVICE, status,
04124681 1853 &rp, sizeof(rp));
e9a416b5
JH		 1854
1855 /* So we don't get further callbacks for this connection */
1856 conn->connect_cfm_cb = NULL;
1857 conn->security_cfm_cb = NULL;
1858 conn->disconn_cfm_cb = NULL;
1859
1860 hci_conn_put(conn);
1861
a664b5bc 1862 mgmt_pending_remove(cmd);
e9a416b5
JH		 1863}
1864
1865static void pairing_complete_cb(struct hci_conn *conn, u8 status)
1866{
1867 struct pending_cmd *cmd;
1868
1869 BT_DBG("status %u", status);
1870
1871 cmd = find_pairing(conn);
56e5cb86 1872 if (!cmd)
e9a416b5 1873 BT_DBG("Unable to find a pending command");
56e5cb86 1874 else
e211326c 1875 pairing_complete(cmd, mgmt_status(status));
e9a416b5
JH		 1876}
1877
4c47d739
VA		 1878static void le_connect_complete_cb(struct hci_conn *conn, u8 status)
1879{
1880 struct pending_cmd *cmd;
1881
1882 BT_DBG("status %u", status);
1883
1884 if (!status)
1885 return;
1886
1887 cmd = find_pairing(conn);
1888 if (!cmd)
1889 BT_DBG("Unable to find a pending command");
1890 else
1891 pairing_complete(cmd, mgmt_status(status));
1892}
1893
bdb6d971 1894static int pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1895 u16 len)
e9a416b5 1896{
650f726d 1897 struct mgmt_cp_pair_device *cp = data;
1425acb7 1898 struct mgmt_rp_pair_device rp;
e9a416b5
JH		 1899 struct pending_cmd *cmd;
1900 u8 sec_level, auth_type;
1901 struct hci_conn *conn;
e9a416b5
JH		 1902 int err;
1903
1904 BT_DBG("");
1905
09fd0de5 1906 hci_dev_lock(hdev);
e9a416b5 1907
5f97c1df 1908 if (!hdev_is_powered(hdev)) {
bdb6d971 1909 err = cmd_status(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
04124681 1910 MGMT_STATUS_NOT_POWERED);
5f97c1df
JH		 1911 goto unlock;
1912 }
1913
c908df36
VCG		 1914 sec_level = BT_SECURITY_MEDIUM;
1915 if (cp->io_cap == 0x03)
e9a416b5 1916 auth_type = HCI_AT_DEDICATED_BONDING;
c908df36 1917 else
e9a416b5 1918 auth_type = HCI_AT_DEDICATED_BONDING_MITM;
e9a416b5 1919
591f47f3 1920 if (cp->addr.type == BDADDR_BREDR)
b12f62cf
AG		 1921 conn = hci_connect(hdev, ACL_LINK, &cp->addr.bdaddr,
1922 cp->addr.type, sec_level, auth_type);
7a512d01 1923 else
b12f62cf
AG		 1924 conn = hci_connect(hdev, LE_LINK, &cp->addr.bdaddr,
1925 cp->addr.type, sec_level, auth_type);
7a512d01 1926
1425acb7
JH		 1927 memset(&rp, 0, sizeof(rp));
1928 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
1929 rp.addr.type = cp->addr.type;
1930
30e76272 1931 if (IS_ERR(conn)) {
489dc48e
AK		 1932 int status;
1933
1934 if (PTR_ERR(conn) == -EBUSY)
1935 status = MGMT_STATUS_BUSY;
1936 else
1937 status = MGMT_STATUS_CONNECT_FAILED;
1938
bdb6d971 1939 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
489dc48e 1940 status, &rp,
04124681 1941 sizeof(rp));
e9a416b5
JH		 1942 goto unlock;
1943 }
1944
1945 if (conn->connect_cfm_cb) {
1946 hci_conn_put(conn);
bdb6d971 1947 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
04124681 1948 MGMT_STATUS_BUSY, &rp, sizeof(rp));
e9a416b5
JH		 1949 goto unlock;
1950 }
1951
2e58ef3e 1952 cmd = mgmt_pending_add(sk, MGMT_OP_PAIR_DEVICE, hdev, data, len);
e9a416b5
JH		 1953 if (!cmd) {
1954 err = -ENOMEM;
1955 hci_conn_put(conn);
1956 goto unlock;
1957 }
1958
7a512d01 1959 /* For LE, just connecting isn't a proof that the pairing finished */
591f47f3 1960 if (cp->addr.type == BDADDR_BREDR)
7a512d01 1961 conn->connect_cfm_cb = pairing_complete_cb;
4c47d739
VA		 1962 else
1963 conn->connect_cfm_cb = le_connect_complete_cb;
7a512d01 1964
e9a416b5
JH		 1965 conn->security_cfm_cb = pairing_complete_cb;
1966 conn->disconn_cfm_cb = pairing_complete_cb;
1967 conn->io_capability = cp->io_cap;
1968 cmd->user_data = conn;
1969
1970 if (conn->state == BT_CONNECTED &&
8ce8e2b5 1971 hci_conn_security(conn, sec_level, auth_type))
e9a416b5
JH		 1972 pairing_complete(cmd, 0);
1973
1974 err = 0;
1975
1976unlock:
09fd0de5 1977 hci_dev_unlock(hdev);
e9a416b5
JH		 1978 return err;
1979}
1980
04124681
GP		 1981static int cancel_pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
1982 u16 len)
28424707 1983{
0f4e68cf 1984 struct mgmt_addr_info *addr = data;
28424707
JH		 1985 struct pending_cmd *cmd;
1986 struct hci_conn *conn;
1987 int err;
1988
1989 BT_DBG("");
1990
28424707
JH		 1991 hci_dev_lock(hdev);
1992
5f97c1df 1993 if (!hdev_is_powered(hdev)) {
bdb6d971 1994 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
04124681 1995 MGMT_STATUS_NOT_POWERED);
5f97c1df
JH		 1996 goto unlock;
1997 }
1998
28424707
JH		 1999 cmd = mgmt_pending_find(MGMT_OP_PAIR_DEVICE, hdev);
2000 if (!cmd) {
bdb6d971 2001 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
04124681 2002 MGMT_STATUS_INVALID_PARAMS);
28424707
JH		 2003 goto unlock;
2004 }
2005
2006 conn = cmd->user_data;
2007
2008 if (bacmp(&addr->bdaddr, &conn->dst) != 0) {
bdb6d971 2009 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
04124681 2010 MGMT_STATUS_INVALID_PARAMS);
28424707
JH		 2011 goto unlock;
2012 }
2013
2014 pairing_complete(cmd, MGMT_STATUS_CANCELLED);
2015
bdb6d971 2016 err = cmd_complete(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE, 0,
04124681 2017 addr, sizeof(*addr));
28424707
JH		 2018unlock:
2019 hci_dev_unlock(hdev);
28424707
JH		 2020 return err;
2021}
2022
bdb6d971 2023static int user_pairing_resp(struct sock *sk, struct hci_dev *hdev,
04124681
GP		 2024 bdaddr_t *bdaddr, u8 type, u16 mgmt_op,
2025 u16 hci_op, __le32 passkey)
a5c29683 2026{
a5c29683 2027 struct pending_cmd *cmd;
0df4c185 2028 struct hci_conn *conn;
a5c29683
JH		 2029 int err;
2030
09fd0de5 2031 hci_dev_lock(hdev);
08ba5382 2032
4b34ee78 2033 if (!hdev_is_powered(hdev)) {
bdb6d971 2034 err = cmd_status(sk, hdev->id, mgmt_op,
04124681 2035 MGMT_STATUS_NOT_POWERED);
0df4c185 2036 goto done;
a5c29683
JH		 2037 }
2038
591f47f3 2039 if (type == BDADDR_BREDR)
272d90df
JH		 2040 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, bdaddr);
2041 else
47c15e2b 2042 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, bdaddr);
272d90df
JH		 2043
2044 if (!conn) {
bdb6d971 2045 err = cmd_status(sk, hdev->id, mgmt_op,
04124681 2046 MGMT_STATUS_NOT_CONNECTED);
272d90df
JH		 2047 goto done;
2048 }
47c15e2b 2049
591f47f3 2050 if (type == BDADDR_LE_PUBLIC || type == BDADDR_LE_RANDOM) {
47c15e2b 2051 /* Continue with pairing via SMP */
5fe57d9e
BG		 2052 err = smp_user_confirm_reply(conn, mgmt_op, passkey);
2053
2054 if (!err)
bdb6d971 2055 err = cmd_status(sk, hdev->id, mgmt_op,
04124681 2056 MGMT_STATUS_SUCCESS);
5fe57d9e 2057 else
bdb6d971 2058 err = cmd_status(sk, hdev->id, mgmt_op,
04124681 2059 MGMT_STATUS_FAILED);
47c15e2b 2060
47c15e2b
BG		 2061 goto done;
2062 }
2063
0df4c185 2064 cmd = mgmt_pending_add(sk, mgmt_op, hdev, bdaddr, sizeof(*bdaddr));
a5c29683
JH		 2065 if (!cmd) {
2066 err = -ENOMEM;
0df4c185 2067 goto done;
a5c29683
JH		 2068 }
2069
0df4c185 2070 /* Continue with pairing via HCI */
604086b7
BG		 2071 if (hci_op == HCI_OP_USER_PASSKEY_REPLY) {
2072 struct hci_cp_user_passkey_reply cp;
2073
2074 bacpy(&cp.bdaddr, bdaddr);
2075 cp.passkey = passkey;
2076 err = hci_send_cmd(hdev, hci_op, sizeof(cp), &cp);
2077 } else
2078 err = hci_send_cmd(hdev, hci_op, sizeof(*bdaddr), bdaddr);
2079
a664b5bc
JH		 2080 if (err < 0)
2081 mgmt_pending_remove(cmd);
a5c29683 2082
0df4c185 2083done:
09fd0de5 2084 hci_dev_unlock(hdev);
a5c29683
JH		 2085 return err;
2086}
2087
afeb019d
JK		 2088static int pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
2089 void *data, u16 len)
2090{
2091 struct mgmt_cp_pin_code_neg_reply *cp = data;
2092
2093 BT_DBG("");
2094
2095 return user_pairing_resp(sk, hdev, &cp->addr.bdaddr, cp->addr.type,
2096 MGMT_OP_PIN_CODE_NEG_REPLY,
2097 HCI_OP_PIN_CODE_NEG_REPLY, 0);
2098}
2099
04124681
GP		 2100static int user_confirm_reply(struct sock *sk, struct hci_dev *hdev, void *data,
2101 u16 len)
0df4c185 2102{
650f726d 2103 struct mgmt_cp_user_confirm_reply *cp = data;
0df4c185
BG		 2104
2105 BT_DBG("");
2106
2107 if (len != sizeof(*cp))
bdb6d971 2108 return cmd_status(sk, hdev->id, MGMT_OP_USER_CONFIRM_REPLY,
04124681 2109 MGMT_STATUS_INVALID_PARAMS);
0df4c185 2110
bdb6d971 2111 return user_pairing_resp(sk, hdev, &cp->addr.bdaddr, cp->addr.type,
04124681
GP		 2112 MGMT_OP_USER_CONFIRM_REPLY,
2113 HCI_OP_USER_CONFIRM_REPLY, 0);
0df4c185
BG		 2114}
2115
bdb6d971 2116static int user_confirm_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 2117 void *data, u16 len)
0df4c185 2118{
c9c2659f 2119 struct mgmt_cp_user_confirm_neg_reply *cp = data;
0df4c185
BG		 2120
2121 BT_DBG("");
2122
bdb6d971 2123 return user_pairing_resp(sk, hdev, &cp->addr.bdaddr, cp->addr.type,
04124681
GP		 2124 MGMT_OP_USER_CONFIRM_NEG_REPLY,
2125 HCI_OP_USER_CONFIRM_NEG_REPLY, 0);
0df4c185
BG		 2126}
2127
04124681
GP		 2128static int user_passkey_reply(struct sock *sk, struct hci_dev *hdev, void *data,
2129 u16 len)
604086b7 2130{
650f726d 2131 struct mgmt_cp_user_passkey_reply *cp = data;
604086b7
BG		 2132
2133 BT_DBG("");
2134
bdb6d971 2135 return user_pairing_resp(sk, hdev, &cp->addr.bdaddr, cp->addr.type,
04124681
GP		 2136 MGMT_OP_USER_PASSKEY_REPLY,
2137 HCI_OP_USER_PASSKEY_REPLY, cp->passkey);
604086b7
BG		 2138}
2139
bdb6d971 2140static int user_passkey_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 2141 void *data, u16 len)
604086b7 2142{
650f726d 2143 struct mgmt_cp_user_passkey_neg_reply *cp = data;
604086b7
BG		 2144
2145 BT_DBG("");
2146
bdb6d971 2147 return user_pairing_resp(sk, hdev, &cp->addr.bdaddr, cp->addr.type,
04124681
GP		 2148 MGMT_OP_USER_PASSKEY_NEG_REPLY,
2149 HCI_OP_USER_PASSKEY_NEG_REPLY, 0);
604086b7
BG		 2150}
2151
2b4bf397
JH		 2152static int update_name(struct hci_dev *hdev, const char *name)
2153{
2154 struct hci_cp_write_local_name cp;
2155
2156 memcpy(cp.name, name, sizeof(cp.name));
2157
2158 return hci_send_cmd(hdev, HCI_OP_WRITE_LOCAL_NAME, sizeof(cp), &cp);
2159}
2160
bdb6d971 2161static int set_local_name(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2162 u16 len)
b312b161 2163{
2b4bf397 2164 struct mgmt_cp_set_local_name *cp = data;
b312b161
JH		 2165 struct pending_cmd *cmd;
2166 int err;
2167
2168 BT_DBG("");
2169
09fd0de5 2170 hci_dev_lock(hdev);
b312b161 2171
2b4bf397 2172 memcpy(hdev->short_name, cp->short_name, sizeof(hdev->short_name));
28cc7bde 2173
b5235a65 2174 if (!hdev_is_powered(hdev)) {
2b4bf397 2175 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
28cc7bde
JH		 2176
2177 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
04124681 2178 data, len);
28cc7bde
JH		 2179 if (err < 0)
2180 goto failed;
2181
2182 err = mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, data, len,
04124681 2183 sk);
28cc7bde 2184
b5235a65
JH		 2185 goto failed;
2186 }
2187
28cc7bde 2188 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LOCAL_NAME, hdev, data, len);
b312b161
JH		 2189 if (!cmd) {
2190 err = -ENOMEM;
2191 goto failed;
2192 }
2193
2b4bf397 2194 err = update_name(hdev, cp->name);
b312b161
JH		 2195 if (err < 0)
2196 mgmt_pending_remove(cmd);
2197
2198failed:
09fd0de5 2199 hci_dev_unlock(hdev);
b312b161
JH		 2200 return err;
2201}
2202
0f4e68cf 2203static int read_local_oob_data(struct sock *sk, struct hci_dev *hdev,
04124681 2204 void *data, u16 data_len)
c35938b2 2205{
c35938b2
SJ		 2206 struct pending_cmd *cmd;
2207 int err;
2208
bdb6d971 2209 BT_DBG("%s", hdev->name);
c35938b2 2210
09fd0de5 2211 hci_dev_lock(hdev);
c35938b2 2212
4b34ee78 2213 if (!hdev_is_powered(hdev)) {
bdb6d971 2214 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
04124681 2215 MGMT_STATUS_NOT_POWERED);
c35938b2
SJ		 2216 goto unlock;
2217 }
2218
9a1a1996 2219 if (!lmp_ssp_capable(hdev)) {
bdb6d971 2220 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
04124681 2221 MGMT_STATUS_NOT_SUPPORTED);
c35938b2
SJ		 2222 goto unlock;
2223 }
2224
2e58ef3e 2225 if (mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev)) {
bdb6d971 2226 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
04124681 2227 MGMT_STATUS_BUSY);
c35938b2
SJ		 2228 goto unlock;
2229 }
2230
2e58ef3e 2231 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_DATA, hdev, NULL, 0);
c35938b2
SJ		 2232 if (!cmd) {
2233 err = -ENOMEM;
2234 goto unlock;
2235 }
2236
2237 err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL);
2238 if (err < 0)
2239 mgmt_pending_remove(cmd);
2240
2241unlock:
09fd0de5 2242 hci_dev_unlock(hdev);
c35938b2
SJ		 2243 return err;
2244}
2245
bdb6d971 2246static int add_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
04124681 2247 void *data, u16 len)
2763eda6 2248{
650f726d 2249 struct mgmt_cp_add_remote_oob_data *cp = data;
bf1e3541 2250 u8 status;
2763eda6
SJ		 2251 int err;
2252
bdb6d971 2253 BT_DBG("%s ", hdev->name);
2763eda6 2254
09fd0de5 2255 hci_dev_lock(hdev);
2763eda6 2256
5f97c1df 2257 if (!hdev_is_powered(hdev)) {
bdb6d971 2258 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA,
04124681
GP		 2259 MGMT_STATUS_NOT_POWERED, &cp->addr,
2260 sizeof(cp->addr));
5f97c1df
JH		 2261 goto unlock;
2262 }
2263
664ce4cc 2264 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr, cp->hash,
04124681 2265 cp->randomizer);
2763eda6 2266 if (err < 0)
bf1e3541 2267 status = MGMT_STATUS_FAILED;
2763eda6 2268 else
bf1e3541
JH		 2269 status = 0;
2270
bdb6d971 2271 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA, status,
04124681 2272 &cp->addr, sizeof(cp->addr));
2763eda6 2273
5f97c1df 2274unlock:
09fd0de5 2275 hci_dev_unlock(hdev);
2763eda6
SJ		 2276 return err;
2277}
2278
bdb6d971 2279static int remove_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
8ce8e2b5 2280 void *data, u16 len)
2763eda6 2281{
650f726d 2282 struct mgmt_cp_remove_remote_oob_data *cp = data;
bf1e3541 2283 u8 status;
2763eda6
SJ		 2284 int err;
2285
bdb6d971 2286 BT_DBG("%s", hdev->name);
2763eda6 2287
09fd0de5 2288 hci_dev_lock(hdev);
2763eda6 2289
5f97c1df 2290 if (!hdev_is_powered(hdev)) {
bdb6d971 2291 err = cmd_complete(sk, hdev->id,
04124681
GP		 2292 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
2293 MGMT_STATUS_NOT_POWERED, &cp->addr,
2294 sizeof(cp->addr));
5f97c1df
JH		 2295 goto unlock;
2296 }
2297
664ce4cc 2298 err = hci_remove_remote_oob_data(hdev, &cp->addr.bdaddr);
2763eda6 2299 if (err < 0)
bf1e3541 2300 status = MGMT_STATUS_INVALID_PARAMS;
2763eda6 2301 else
bf1e3541
JH		 2302 status = 0;
2303
bdb6d971 2304 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
04124681 2305 status, &cp->addr, sizeof(cp->addr));
2763eda6 2306
5f97c1df 2307unlock:
09fd0de5 2308 hci_dev_unlock(hdev);
2763eda6
SJ		 2309 return err;
2310}
2311
5e0452c0
AG		 2312int mgmt_interleaved_discovery(struct hci_dev *hdev)
2313{
2314 int err;
2315
2316 BT_DBG("%s", hdev->name);
2317
2318 hci_dev_lock(hdev);
2319
2320 err = hci_do_inquiry(hdev, INQUIRY_LEN_BREDR_LE);
2321 if (err < 0)
2322 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
2323
2324 hci_dev_unlock(hdev);
2325
2326 return err;
2327}
2328
bdb6d971 2329static int start_discovery(struct sock *sk, struct hci_dev *hdev,
04124681 2330 void *data, u16 len)
14a53664 2331{
650f726d 2332 struct mgmt_cp_start_discovery *cp = data;
14a53664 2333 struct pending_cmd *cmd;
14a53664
JH		 2334 int err;
2335
bdb6d971 2336 BT_DBG("%s", hdev->name);
14a53664 2337
09fd0de5 2338 hci_dev_lock(hdev);
14a53664 2339
4b34ee78 2340 if (!hdev_is_powered(hdev)) {
bdb6d971 2341 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
04124681 2342 MGMT_STATUS_NOT_POWERED);
bd2d1334
JH		 2343 goto failed;
2344 }
2345
642be6c7
AG		 2346 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags)) {
2347 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2348 MGMT_STATUS_BUSY);
2349 goto failed;
2350 }
2351
ff9ef578 2352 if (hdev->discovery.state != DISCOVERY_STOPPED) {
bdb6d971 2353 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
04124681 2354 MGMT_STATUS_BUSY);
ff9ef578
JH		 2355 goto failed;
2356 }
2357
2e58ef3e 2358 cmd = mgmt_pending_add(sk, MGMT_OP_START_DISCOVERY, hdev, NULL, 0);
14a53664
JH		 2359 if (!cmd) {
2360 err = -ENOMEM;
2361 goto failed;
2362 }
2363
4aab14e5
AG		 2364 hdev->discovery.type = cp->type;
2365
2366 switch (hdev->discovery.type) {
f39799f5 2367 case DISCOV_TYPE_BREDR:
8b90129c
AG		 2368 if (lmp_bredr_capable(hdev))
2369 err = hci_do_inquiry(hdev, INQUIRY_LEN_BREDR);
2370 else
2371 err = -ENOTSUPP;
f39799f5
AG		 2372 break;
2373
2374 case DISCOV_TYPE_LE:
8b90129c
AG		 2375 if (lmp_host_le_capable(hdev))
2376 err = hci_le_scan(hdev, LE_SCAN_TYPE, LE_SCAN_INT,
04124681 2377 LE_SCAN_WIN, LE_SCAN_TIMEOUT_LE_ONLY);
8b90129c
AG		 2378 else
2379 err = -ENOTSUPP;
f39799f5
AG		 2380 break;
2381
5e0452c0 2382 case DISCOV_TYPE_INTERLEAVED:
426c189a
AG		 2383 if (lmp_host_le_capable(hdev) && lmp_bredr_capable(hdev))
2384 err = hci_le_scan(hdev, LE_SCAN_TYPE, LE_SCAN_INT,
04124681
GP		 2385 LE_SCAN_WIN,
2386 LE_SCAN_TIMEOUT_BREDR_LE);
426c189a
AG		 2387 else
2388 err = -ENOTSUPP;
5e0452c0
AG		 2389 break;
2390
f39799f5 2391 default:
3fd24153 2392 err = -EINVAL;
f39799f5 2393 }
3fd24153 2394
14a53664
JH		 2395 if (err < 0)
2396 mgmt_pending_remove(cmd);
ff9ef578
JH		 2397 else
2398 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
14a53664
JH		 2399
2400failed:
09fd0de5 2401 hci_dev_unlock(hdev);
14a53664
JH		 2402 return err;
2403}
2404
bdb6d971 2405static int stop_discovery(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2406 u16 len)
14a53664 2407{
d930650b 2408 struct mgmt_cp_stop_discovery *mgmt_cp = data;
14a53664 2409 struct pending_cmd *cmd;
30dc78e1
JH		 2410 struct hci_cp_remote_name_req_cancel cp;
2411 struct inquiry_entry *e;
14a53664
JH		 2412 int err;
2413
bdb6d971 2414 BT_DBG("%s", hdev->name);
14a53664 2415
09fd0de5 2416 hci_dev_lock(hdev);
14a53664 2417
30dc78e1 2418 if (!hci_discovery_active(hdev)) {
bdb6d971 2419 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
04124681
GP		 2420 MGMT_STATUS_REJECTED, &mgmt_cp->type,
2421 sizeof(mgmt_cp->type));
d930650b
JH		 2422 goto unlock;
2423 }
2424
2425 if (hdev->discovery.type != mgmt_cp->type) {
bdb6d971 2426 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
04124681
GP		 2427 MGMT_STATUS_INVALID_PARAMS, &mgmt_cp->type,
2428 sizeof(mgmt_cp->type));
30dc78e1 2429 goto unlock;
ff9ef578
JH		 2430 }
2431
2e58ef3e 2432 cmd = mgmt_pending_add(sk, MGMT_OP_STOP_DISCOVERY, hdev, NULL, 0);
14a53664
JH		 2433 if (!cmd) {
2434 err = -ENOMEM;
30dc78e1
JH		 2435 goto unlock;
2436 }
2437
e0d9727e
AG		 2438 switch (hdev->discovery.state) {
2439 case DISCOVERY_FINDING:
c9ecc48e
AG		 2440 if (test_bit(HCI_INQUIRY, &hdev->flags))
2441 err = hci_cancel_inquiry(hdev);
2442 else
2443 err = hci_cancel_le_scan(hdev);
2444
e0d9727e
AG		 2445 break;
2446
2447 case DISCOVERY_RESOLVING:
2448 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY,
8ce8e2b5 2449 NAME_PENDING);
e0d9727e 2450 if (!e) {
30dc78e1 2451 mgmt_pending_remove(cmd);
e0d9727e
AG		 2452 err = cmd_complete(sk, hdev->id,
2453 MGMT_OP_STOP_DISCOVERY, 0,
2454 &mgmt_cp->type,
2455 sizeof(mgmt_cp->type));
2456 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
2457 goto unlock;
2458 }
30dc78e1 2459
e0d9727e
AG		 2460 bacpy(&cp.bdaddr, &e->data.bdaddr);
2461 err = hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ_CANCEL,
2462 sizeof(cp), &cp);
2463
2464 break;
2465
2466 default:
2467 BT_DBG("unknown discovery state %u", hdev->discovery.state);
2468 err = -EFAULT;
14a53664
JH		 2469 }
2470
14a53664
JH		 2471 if (err < 0)
2472 mgmt_pending_remove(cmd);
ff9ef578
JH		 2473 else
2474 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
14a53664 2475
30dc78e1 2476unlock:
09fd0de5 2477 hci_dev_unlock(hdev);
14a53664
JH		 2478 return err;
2479}
2480
bdb6d971 2481static int confirm_name(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2482 u16 len)
561aafbc 2483{
650f726d 2484 struct mgmt_cp_confirm_name *cp = data;
561aafbc 2485 struct inquiry_entry *e;
561aafbc
JH		 2486 int err;
2487
bdb6d971 2488 BT_DBG("%s", hdev->name);
561aafbc 2489
561aafbc
JH		 2490 hci_dev_lock(hdev);
2491
30dc78e1 2492 if (!hci_discovery_active(hdev)) {
bdb6d971 2493 err = cmd_status(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
04124681 2494 MGMT_STATUS_FAILED);
30dc78e1
JH		 2495 goto failed;
2496 }
2497
a198e7b1 2498 e = hci_inquiry_cache_lookup_unknown(hdev, &cp->addr.bdaddr);
561aafbc 2499 if (!e) {
bdb6d971 2500 err = cmd_status(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
04124681 2501 MGMT_STATUS_INVALID_PARAMS);
561aafbc
JH		 2502 goto failed;
2503 }
2504
2505 if (cp->name_known) {
2506 e->name_state = NAME_KNOWN;
2507 list_del(&e->list);
2508 } else {
2509 e->name_state = NAME_NEEDED;
a3d4e20a 2510 hci_inquiry_cache_update_resolve(hdev, e);
561aafbc
JH		 2511 }
2512
2513 err = 0;
2514
2515failed:
2516 hci_dev_unlock(hdev);
561aafbc
JH		 2517 return err;
2518}
2519
bdb6d971 2520static int block_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2521 u16 len)
7fbec224 2522{
650f726d 2523 struct mgmt_cp_block_device *cp = data;
f0eeea8b 2524 u8 status;
7fbec224
AJ		 2525 int err;
2526
bdb6d971 2527 BT_DBG("%s", hdev->name);
7fbec224 2528
09fd0de5 2529 hci_dev_lock(hdev);
5e762444 2530
88c1fe4b 2531 err = hci_blacklist_add(hdev, &cp->addr.bdaddr, cp->addr.type);
7fbec224 2532 if (err < 0)
f0eeea8b 2533 status = MGMT_STATUS_FAILED;
7fbec224 2534 else
f0eeea8b
JH		 2535 status = 0;
2536
bdb6d971 2537 err = cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE, status,
04124681 2538 &cp->addr, sizeof(cp->addr));
5e762444 2539
09fd0de5 2540 hci_dev_unlock(hdev);
7fbec224
AJ		 2541
2542 return err;
2543}
2544
bdb6d971 2545static int unblock_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2546 u16 len)
7fbec224 2547{
650f726d 2548 struct mgmt_cp_unblock_device *cp = data;
f0eeea8b 2549 u8 status;
7fbec224
AJ		 2550 int err;
2551
bdb6d971 2552 BT_DBG("%s", hdev->name);
7fbec224 2553
09fd0de5 2554 hci_dev_lock(hdev);
5e762444 2555
88c1fe4b 2556 err = hci_blacklist_del(hdev, &cp->addr.bdaddr, cp->addr.type);
7fbec224 2557 if (err < 0)
f0eeea8b 2558 status = MGMT_STATUS_INVALID_PARAMS;
7fbec224 2559 else
f0eeea8b
JH		 2560 status = 0;
2561
bdb6d971 2562 err = cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE, status,
04124681 2563 &cp->addr, sizeof(cp->addr));
5e762444 2564
09fd0de5 2565 hci_dev_unlock(hdev);
7fbec224
AJ		 2566
2567 return err;
2568}
2569
cdbaccca
MH		 2570static int set_device_id(struct sock *sk, struct hci_dev *hdev, void *data,
2571 u16 len)
2572{
2573 struct mgmt_cp_set_device_id *cp = data;
2574 int err;
c72d4b8a 2575 __u16 source;
cdbaccca
MH		 2576
2577 BT_DBG("%s", hdev->name);
2578
c72d4b8a
SJ		 2579 source = __le16_to_cpu(cp->source);
2580
2581 if (source > 0x0002)
2582 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEVICE_ID,
2583 MGMT_STATUS_INVALID_PARAMS);
2584
cdbaccca
MH		 2585 hci_dev_lock(hdev);
2586
c72d4b8a 2587 hdev->devid_source = source;
cdbaccca
MH		 2588 hdev->devid_vendor = __le16_to_cpu(cp->vendor);
2589 hdev->devid_product = __le16_to_cpu(cp->product);
2590 hdev->devid_version = __le16_to_cpu(cp->version);
2591
2592 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEVICE_ID, 0, NULL, 0);
2593
2594 update_eir(hdev);
2595
2596 hci_dev_unlock(hdev);
2597
2598 return err;
2599}
2600
bdb6d971 2601static int set_fast_connectable(struct sock *sk, struct hci_dev *hdev,
04124681 2602 void *data, u16 len)
f6422ec6 2603{
650f726d 2604 struct mgmt_mode *cp = data;
f6422ec6
AJ		 2605 struct hci_cp_write_page_scan_activity acp;
2606 u8 type;
2607 int err;
2608
bdb6d971 2609 BT_DBG("%s", hdev->name);
f6422ec6 2610
33c525c0
JH		 2611 if (!lmp_bredr_capable(hdev))
2612 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
2613 MGMT_STATUS_NOT_SUPPORTED);
2614
5400c044 2615 if (!hdev_is_powered(hdev))
bdb6d971 2616 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
04124681 2617 MGMT_STATUS_NOT_POWERED);
5400c044
JH		 2618
2619 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
bdb6d971 2620 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
04124681 2621 MGMT_STATUS_REJECTED);
f6422ec6
AJ		 2622
2623 hci_dev_lock(hdev);
2624
f7c6869c 2625 if (cp->val) {
f6422ec6 2626 type = PAGE_SCAN_TYPE_INTERLACED;
76ec9de8 2627
83ce9a06
JH		 2628 /* 160 msec page scan interval */
2629 acp.interval = __constant_cpu_to_le16(0x0100);
f6422ec6
AJ		 2630 } else {
2631 type = PAGE_SCAN_TYPE_STANDARD; /* default */
76ec9de8
AE		 2632
2633 /* default 1.28 sec page scan */
2634 acp.interval = __constant_cpu_to_le16(0x0800);
f6422ec6
AJ		 2635 }
2636
76ec9de8
AE		 2637 /* default 11.25 msec page scan window */
2638 acp.window = __constant_cpu_to_le16(0x0012);
f6422ec6 2639
04124681
GP		 2640 err = hci_send_cmd(hdev, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY, sizeof(acp),
2641 &acp);
f6422ec6 2642 if (err < 0) {
bdb6d971 2643 err = cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
04124681 2644 MGMT_STATUS_FAILED);
f6422ec6
AJ		 2645 goto done;
2646 }
2647
2648 err = hci_send_cmd(hdev, HCI_OP_WRITE_PAGE_SCAN_TYPE, 1, &type);
2649 if (err < 0) {
bdb6d971 2650 err = cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
04124681 2651 MGMT_STATUS_FAILED);
f6422ec6
AJ		 2652 goto done;
2653 }
2654
bdb6d971 2655 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE, 0,
04124681 2656 NULL, 0);
f6422ec6
AJ		 2657done:
2658 hci_dev_unlock(hdev);
f6422ec6
AJ		 2659 return err;
2660}
2661
bdb6d971 2662static int load_long_term_keys(struct sock *sk, struct hci_dev *hdev,
04124681 2663 void *cp_data, u16 len)
346af67b 2664{
346af67b
VCG		 2665 struct mgmt_cp_load_long_term_keys *cp = cp_data;
2666 u16 key_count, expected_len;
2667 int i;
2668
1f350c87 2669 key_count = __le16_to_cpu(cp->key_count);
346af67b
VCG		 2670
2671 expected_len = sizeof(*cp) + key_count *
2672 sizeof(struct mgmt_ltk_info);
2673 if (expected_len != len) {
2674 BT_ERR("load_keys: expected %u bytes, got %u bytes",
8ce8e2b5 2675 len, expected_len);
bdb6d971 2676 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
04124681 2677 EINVAL);
346af67b
VCG		 2678 }
2679
bdb6d971 2680 BT_DBG("%s key_count %u", hdev->name, key_count);
346af67b
VCG		 2681
2682 hci_dev_lock(hdev);
2683
2684 hci_smp_ltks_clear(hdev);
2685
2686 for (i = 0; i < key_count; i++) {
2687 struct mgmt_ltk_info *key = &cp->keys[i];
2688 u8 type;
2689
2690 if (key->master)
2691 type = HCI_SMP_LTK;
2692 else
2693 type = HCI_SMP_LTK_SLAVE;
2694
4596fde5 2695 hci_add_ltk(hdev, &key->addr.bdaddr,
378b5b7e 2696 bdaddr_to_le(key->addr.type),
04124681
GP		 2697 type, 0, key->authenticated, key->val,
2698 key->enc_size, key->ediv, key->rand);
346af67b
VCG		 2699 }
2700
2701 hci_dev_unlock(hdev);
346af67b
VCG		 2702
2703 return 0;
2704}
2705
2e3c35ea 2706static const struct mgmt_handler {
04124681
GP		 2707 int (*func) (struct sock *sk, struct hci_dev *hdev, void *data,
2708 u16 data_len);
be22b54e
JH		 2709 bool var_len;
2710 size_t data_len;
0f4e68cf
JH		 2711} mgmt_handlers[] = {
2712 { NULL }, /* 0x0000 (no command) */
be22b54e
JH		 2713 { read_version, false, MGMT_READ_VERSION_SIZE },
2714 { read_commands, false, MGMT_READ_COMMANDS_SIZE },
2715 { read_index_list, false, MGMT_READ_INDEX_LIST_SIZE },
2716 { read_controller_info, false, MGMT_READ_INFO_SIZE },
2717 { set_powered, false, MGMT_SETTING_SIZE },
2718 { set_discoverable, false, MGMT_SET_DISCOVERABLE_SIZE },
2719 { set_connectable, false, MGMT_SETTING_SIZE },
2720 { set_fast_connectable, false, MGMT_SETTING_SIZE },
2721 { set_pairable, false, MGMT_SETTING_SIZE },
2722 { set_link_security, false, MGMT_SETTING_SIZE },
2723 { set_ssp, false, MGMT_SETTING_SIZE },
2724 { set_hs, false, MGMT_SETTING_SIZE },
2725 { set_le, false, MGMT_SETTING_SIZE },
2726 { set_dev_class, false, MGMT_SET_DEV_CLASS_SIZE },
2727 { set_local_name, false, MGMT_SET_LOCAL_NAME_SIZE },
2728 { add_uuid, false, MGMT_ADD_UUID_SIZE },
2729 { remove_uuid, false, MGMT_REMOVE_UUID_SIZE },
2730 { load_link_keys, true, MGMT_LOAD_LINK_KEYS_SIZE },
2731 { load_long_term_keys, true, MGMT_LOAD_LONG_TERM_KEYS_SIZE },
2732 { disconnect, false, MGMT_DISCONNECT_SIZE },
2733 { get_connections, false, MGMT_GET_CONNECTIONS_SIZE },
2734 { pin_code_reply, false, MGMT_PIN_CODE_REPLY_SIZE },
2735 { pin_code_neg_reply, false, MGMT_PIN_CODE_NEG_REPLY_SIZE },
2736 { set_io_capability, false, MGMT_SET_IO_CAPABILITY_SIZE },
2737 { pair_device, false, MGMT_PAIR_DEVICE_SIZE },
2738 { cancel_pair_device, false, MGMT_CANCEL_PAIR_DEVICE_SIZE },
2739 { unpair_device, false, MGMT_UNPAIR_DEVICE_SIZE },
2740 { user_confirm_reply, false, MGMT_USER_CONFIRM_REPLY_SIZE },
2741 { user_confirm_neg_reply, false, MGMT_USER_CONFIRM_NEG_REPLY_SIZE },
2742 { user_passkey_reply, false, MGMT_USER_PASSKEY_REPLY_SIZE },
2743 { user_passkey_neg_reply, false, MGMT_USER_PASSKEY_NEG_REPLY_SIZE },
2744 { read_local_oob_data, false, MGMT_READ_LOCAL_OOB_DATA_SIZE },
2745 { add_remote_oob_data, false, MGMT_ADD_REMOTE_OOB_DATA_SIZE },
2746 { remove_remote_oob_data, false, MGMT_REMOVE_REMOTE_OOB_DATA_SIZE },
2747 { start_discovery, false, MGMT_START_DISCOVERY_SIZE },
2748 { stop_discovery, false, MGMT_STOP_DISCOVERY_SIZE },
2749 { confirm_name, false, MGMT_CONFIRM_NAME_SIZE },
2750 { block_device, false, MGMT_BLOCK_DEVICE_SIZE },
2751 { unblock_device, false, MGMT_UNBLOCK_DEVICE_SIZE },
cdbaccca 2752 { set_device_id, false, MGMT_SET_DEVICE_ID_SIZE },
0f4e68cf
JH		 2753};
2754
2755
0381101f
JH		 2756int mgmt_control(struct sock *sk, struct msghdr *msg, size_t msglen)
2757{
650f726d
VCG		 2758 void *buf;
2759 u8 *cp;
0381101f 2760 struct mgmt_hdr *hdr;
4e51eae9 2761 u16 opcode, index, len;
bdb6d971 2762 struct hci_dev *hdev = NULL;
2e3c35ea 2763 const struct mgmt_handler *handler;
0381101f
JH		 2764 int err;
2765
2766 BT_DBG("got %zu bytes", msglen);
2767
2768 if (msglen < sizeof(*hdr))
2769 return -EINVAL;
2770
e63a15ec 2771 buf = kmalloc(msglen, GFP_KERNEL);
0381101f
JH		 2772 if (!buf)
2773 return -ENOMEM;
2774
2775 if (memcpy_fromiovec(buf, msg->msg_iov, msglen)) {
2776 err = -EFAULT;
2777 goto done;
2778 }
2779
650f726d 2780 hdr = buf;
1f350c87
MH		 2781 opcode = __le16_to_cpu(hdr->opcode);
2782 index = __le16_to_cpu(hdr->index);
2783 len = __le16_to_cpu(hdr->len);
0381101f
JH		 2784
2785 if (len != msglen - sizeof(*hdr)) {
2786 err = -EINVAL;
2787 goto done;
2788 }
2789
0f4e68cf 2790 if (index != MGMT_INDEX_NONE) {
bdb6d971
JH		 2791 hdev = hci_dev_get(index);
2792 if (!hdev) {
2793 err = cmd_status(sk, index, opcode,
04124681 2794 MGMT_STATUS_INVALID_INDEX);
bdb6d971
JH		 2795 goto done;
2796 }
2797 }
2798
0f4e68cf 2799 if (opcode >= ARRAY_SIZE(mgmt_handlers) ||
8ce8e2b5 2800 mgmt_handlers[opcode].func == NULL) {
0381101f 2801 BT_DBG("Unknown op %u", opcode);
ca69b795 2802 err = cmd_status(sk, index, opcode,
04124681 2803 MGMT_STATUS_UNKNOWN_COMMAND);
0f4e68cf
JH		 2804 goto done;
2805 }
2806
2807 if ((hdev && opcode < MGMT_OP_READ_INFO) ||
8ce8e2b5 2808 (!hdev && opcode >= MGMT_OP_READ_INFO)) {
0f4e68cf 2809 err = cmd_status(sk, index, opcode,
04124681 2810 MGMT_STATUS_INVALID_INDEX);
0f4e68cf 2811 goto done;
0381101f
JH		 2812 }
2813
be22b54e
JH		 2814 handler = &mgmt_handlers[opcode];
2815
2816 if ((handler->var_len && len < handler->data_len) ||
8ce8e2b5 2817 (!handler->var_len && len != handler->data_len)) {
be22b54e 2818 err = cmd_status(sk, index, opcode,
04124681 2819 MGMT_STATUS_INVALID_PARAMS);
be22b54e
JH		 2820 goto done;
2821 }
2822
0f4e68cf
JH		 2823 if (hdev)
2824 mgmt_init_hdev(sk, hdev);
2825
2826 cp = buf + sizeof(*hdr);
2827
be22b54e 2828 err = handler->func(sk, hdev, cp, len);
e41d8b4e
JH		 2829 if (err < 0)
2830 goto done;
2831
0381101f
JH		 2832 err = msglen;
2833
2834done:
bdb6d971
JH		 2835 if (hdev)
2836 hci_dev_put(hdev);
2837
0381101f
JH		 2838 kfree(buf);
2839 return err;
2840}
c71e97bf 2841
b24752fe
JH		 2842static void cmd_status_rsp(struct pending_cmd *cmd, void *data)
2843{
2844 u8 *status = data;
2845
2846 cmd_status(cmd->sk, cmd->index, cmd->opcode, *status);
2847 mgmt_pending_remove(cmd);
2848}
2849
744cf19e 2850int mgmt_index_added(struct hci_dev *hdev)
c71e97bf 2851{
bb4b2a9a
AE		 2852 if (!mgmt_valid_hdev(hdev))
2853 return -ENOTSUPP;
2854
744cf19e 2855 return mgmt_event(MGMT_EV_INDEX_ADDED, hdev, NULL, 0, NULL);
c71e97bf
JH		 2856}
2857
744cf19e 2858int mgmt_index_removed(struct hci_dev *hdev)
c71e97bf 2859{
5f159032 2860 u8 status = MGMT_STATUS_INVALID_INDEX;
b24752fe 2861
bb4b2a9a
AE		 2862 if (!mgmt_valid_hdev(hdev))
2863 return -ENOTSUPP;
2864
744cf19e 2865 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status);
b24752fe 2866
744cf19e 2867 return mgmt_event(MGMT_EV_INDEX_REMOVED, hdev, NULL, 0, NULL);
eec8d2bc
JH		 2868}
2869
73f22f62 2870struct cmd_lookup {
eec8d2bc 2871 struct sock *sk;
69ab39ea 2872 struct hci_dev *hdev;
90e70454 2873 u8 mgmt_status;
eec8d2bc
JH		 2874};
2875
69ab39ea 2876static void settings_rsp(struct pending_cmd *cmd, void *data)
eec8d2bc 2877{
73f22f62 2878 struct cmd_lookup *match = data;
eec8d2bc 2879
69ab39ea 2880 send_settings_rsp(cmd->sk, cmd->opcode, match->hdev);
eec8d2bc
JH		 2881
2882 list_del(&cmd->list);
2883
2884 if (match->sk == NULL) {
2885 match->sk = cmd->sk;
2886 sock_hold(match->sk);
2887 }
2888
2889 mgmt_pending_free(cmd);
c71e97bf 2890}
5add6af8 2891
7f0ae647
JH		 2892static int set_bredr_scan(struct hci_dev *hdev)
2893{
2894 u8 scan = 0;
2895
2896 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
2897 scan |= SCAN_PAGE;
2898 if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
2899 scan |= SCAN_INQUIRY;
2900
2901 if (!scan)
2902 return 0;
2903
2904 return hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
2905}
2906
744cf19e 2907int mgmt_powered(struct hci_dev *hdev, u8 powered)
5add6af8 2908{
76a7f3a4 2909 struct cmd_lookup match = { NULL, hdev };
7bb895d6 2910 int err;
5add6af8 2911
5e5282bb
JH		 2912 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
2913 return 0;
2914
69ab39ea 2915 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
5add6af8 2916
5e5282bb 2917 if (powered) {
6b4b73ee
JH		 2918 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags) &&
2919 !lmp_host_ssp_capable(hdev)) {
3d1cbdd6
AK		 2920 u8 ssp = 1;
2921
2922 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, 1, &ssp);
2923 }
2924
562fcc24
AK		 2925 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
2926 struct hci_cp_write_le_host_supported cp;
2927
2928 cp.le = 1;
ffa88e02 2929 cp.simul = lmp_le_br_capable(hdev);
562fcc24 2930
430a61b8
JH		 2931 /* Check first if we already have the right
2932 * host state (host features set)
2933 */
ffa88e02
GP		 2934 if (cp.le != lmp_host_le_capable(hdev) ||
2935 cp.simul != lmp_host_le_br_capable(hdev))
430a61b8
JH		 2936 hci_send_cmd(hdev,
2937 HCI_OP_WRITE_LE_HOST_SUPPORTED,
2938 sizeof(cp), &cp);
562fcc24
AK		 2939 }
2940
7f0ae647
JH		 2941 if (lmp_bredr_capable(hdev)) {
2942 set_bredr_scan(hdev);
2943 update_class(hdev);
2944 update_name(hdev, hdev->dev_name);
2945 update_eir(hdev);
2946 }
5e5282bb 2947 } else {
d4f68526 2948 u8 status = MGMT_STATUS_NOT_POWERED;
744cf19e 2949 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status);
b24752fe
JH		 2950 }
2951
beadb2bd 2952 err = new_settings(hdev, match.sk);
eec8d2bc
JH		 2953
2954 if (match.sk)
2955 sock_put(match.sk);
2956
7bb895d6 2957 return err;
5add6af8 2958}
73f22f62 2959
744cf19e 2960int mgmt_discoverable(struct hci_dev *hdev, u8 discoverable)
73f22f62 2961{
76a7f3a4 2962 struct cmd_lookup match = { NULL, hdev };
5e5282bb
JH		 2963 bool changed = false;
2964 int err = 0;
73f22f62 2965
5e5282bb
JH		 2966 if (discoverable) {
2967 if (!test_and_set_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
2968 changed = true;
2969 } else {
2970 if (test_and_clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
2971 changed = true;
2972 }
73f22f62 2973
ed9b5f2f 2974 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, hdev, settings_rsp,
04124681 2975 &match);
ed9b5f2f 2976
beadb2bd
JH		 2977 if (changed)
2978 err = new_settings(hdev, match.sk);
5e5282bb 2979
73f22f62
JH		 2980 if (match.sk)
2981 sock_put(match.sk);
2982
7bb895d6 2983 return err;
73f22f62 2984}
9fbcbb45 2985
744cf19e 2986int mgmt_connectable(struct hci_dev *hdev, u8 connectable)
9fbcbb45 2987{
76a7f3a4 2988 struct cmd_lookup match = { NULL, hdev };
5e5282bb
JH		 2989 bool changed = false;
2990 int err = 0;
9fbcbb45 2991
5e5282bb
JH		 2992 if (connectable) {
2993 if (!test_and_set_bit(HCI_CONNECTABLE, &hdev->dev_flags))
2994 changed = true;
2995 } else {
2996 if (test_and_clear_bit(HCI_CONNECTABLE, &hdev->dev_flags))
2997 changed = true;
2998 }
9fbcbb45 2999
ed9b5f2f 3000 mgmt_pending_foreach(MGMT_OP_SET_CONNECTABLE, hdev, settings_rsp,
04124681 3001 &match);
ed9b5f2f 3002
beadb2bd
JH		 3003 if (changed)
3004 err = new_settings(hdev, match.sk);
9fbcbb45
JH		 3005
3006 if (match.sk)
3007 sock_put(match.sk);
3008
7bb895d6 3009 return err;
9fbcbb45 3010}
55ed8ca1 3011
744cf19e 3012int mgmt_write_scan_failed(struct hci_dev *hdev, u8 scan, u8 status)
2d7cee58 3013{
ca69b795
JH		 3014 u8 mgmt_err = mgmt_status(status);
3015
2d7cee58 3016 if (scan & SCAN_PAGE)
744cf19e 3017 mgmt_pending_foreach(MGMT_OP_SET_CONNECTABLE, hdev,
04124681 3018 cmd_status_rsp, &mgmt_err);
2d7cee58
JH		 3019
3020 if (scan & SCAN_INQUIRY)
744cf19e 3021 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, hdev,
04124681 3022 cmd_status_rsp, &mgmt_err);
2d7cee58
JH		 3023
3024 return 0;
3025}
3026
53168e5b
CC		 3027int mgmt_new_link_key(struct hci_dev *hdev, struct link_key *key,
3028 bool persistent)
55ed8ca1 3029{
86742e1e 3030 struct mgmt_ev_new_link_key ev;
55ed8ca1 3031
a492cd52 3032 memset(&ev, 0, sizeof(ev));
55ed8ca1 3033
a492cd52 3034 ev.store_hint = persistent;
d753fdc4 3035 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
591f47f3 3036 ev.key.addr.type = BDADDR_BREDR;
a492cd52 3037 ev.key.type = key->type;
9b3b4460 3038 memcpy(ev.key.val, key->val, HCI_LINK_KEY_SIZE);
a492cd52 3039 ev.key.pin_len = key->pin_len;
55ed8ca1 3040
744cf19e 3041 return mgmt_event(MGMT_EV_NEW_LINK_KEY, hdev, &ev, sizeof(ev), NULL);
55ed8ca1 3042}
f7520543 3043
346af67b
VCG		 3044int mgmt_new_ltk(struct hci_dev *hdev, struct smp_ltk *key, u8 persistent)
3045{
3046 struct mgmt_ev_new_long_term_key ev;
3047
3048 memset(&ev, 0, sizeof(ev));
3049
3050 ev.store_hint = persistent;
3051 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
57c1477c 3052 ev.key.addr.type = link_to_bdaddr(LE_LINK, key->bdaddr_type);
346af67b
VCG		 3053 ev.key.authenticated = key->authenticated;
3054 ev.key.enc_size = key->enc_size;
3055 ev.key.ediv = key->ediv;
3056
3057 if (key->type == HCI_SMP_LTK)
3058 ev.key.master = 1;
3059
3060 memcpy(ev.key.rand, key->rand, sizeof(key->rand));
3061 memcpy(ev.key.val, key->val, sizeof(key->val));
3062
04124681
GP		 3063 return mgmt_event(MGMT_EV_NEW_LONG_TERM_KEY, hdev, &ev, sizeof(ev),
3064 NULL);
346af67b
VCG		 3065}
3066
afc747a6 3067int mgmt_device_connected(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
04124681
GP		 3068 u8 addr_type, u32 flags, u8 *name, u8 name_len,
3069 u8 *dev_class)
f7520543 3070{
b644ba33
JH		 3071 char buf[512];
3072 struct mgmt_ev_device_connected *ev = (void *) buf;
3073 u16 eir_len = 0;
f7520543 3074
b644ba33 3075 bacpy(&ev->addr.bdaddr, bdaddr);
57c1477c 3076 ev->addr.type = link_to_bdaddr(link_type, addr_type);
f7520543 3077
c95f0ba7 3078 ev->flags = __cpu_to_le32(flags);
08c79b61 3079
b644ba33
JH		 3080 if (name_len > 0)
3081 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE,
04124681 3082 name, name_len);
b644ba33
JH		 3083
3084 if (dev_class && memcmp(dev_class, "\0\0\0", 3) != 0)
53156385 3085 eir_len = eir_append_data(ev->eir, eir_len,
04124681 3086 EIR_CLASS_OF_DEV, dev_class, 3);
b644ba33 3087
eb55ef07 3088 ev->eir_len = cpu_to_le16(eir_len);
b644ba33
JH		 3089
3090 return mgmt_event(MGMT_EV_DEVICE_CONNECTED, hdev, buf,
04124681 3091 sizeof(*ev) + eir_len, NULL);
f7520543
JH		 3092}
3093
8962ee74
JH		 3094static void disconnect_rsp(struct pending_cmd *cmd, void *data)
3095{
c68fb7ff 3096 struct mgmt_cp_disconnect *cp = cmd->param;
8962ee74 3097 struct sock **sk = data;
a38528f1 3098 struct mgmt_rp_disconnect rp;
8962ee74 3099
88c3df13
JH		 3100 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
3101 rp.addr.type = cp->addr.type;
8962ee74 3102
aee9b218 3103 cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT, 0, &rp,
04124681 3104 sizeof(rp));
8962ee74
JH		 3105
3106 *sk = cmd->sk;
3107 sock_hold(*sk);
3108
a664b5bc 3109 mgmt_pending_remove(cmd);
8962ee74
JH		 3110}
3111
124f6e35 3112static void unpair_device_rsp(struct pending_cmd *cmd, void *data)
a8a1d19e 3113{
b1078ad0 3114 struct hci_dev *hdev = data;
124f6e35
JH		 3115 struct mgmt_cp_unpair_device *cp = cmd->param;
3116 struct mgmt_rp_unpair_device rp;
a8a1d19e
JH		 3117
3118 memset(&rp, 0, sizeof(rp));
124f6e35
JH		 3119 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
3120 rp.addr.type = cp->addr.type;
a8a1d19e 3121
b1078ad0
JH		 3122 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, cmd->sk);
3123
aee9b218 3124 cmd_complete(cmd->sk, cmd->index, cmd->opcode, 0, &rp, sizeof(rp));
a8a1d19e
JH		 3125
3126 mgmt_pending_remove(cmd);
3127}
3128
afc747a6 3129int mgmt_device_disconnected(struct hci_dev *hdev, bdaddr_t *bdaddr,
f0d6a0ea 3130 u8 link_type, u8 addr_type, u8 reason)
f7520543 3131{
f0d6a0ea 3132 struct mgmt_ev_device_disconnected ev;
8962ee74
JH		 3133 struct sock *sk = NULL;
3134 int err;
3135
744cf19e 3136 mgmt_pending_foreach(MGMT_OP_DISCONNECT, hdev, disconnect_rsp, &sk);
f7520543 3137
f0d6a0ea
MA		 3138 bacpy(&ev.addr.bdaddr, bdaddr);
3139 ev.addr.type = link_to_bdaddr(link_type, addr_type);
3140 ev.reason = reason;
f7520543 3141
afc747a6 3142 err = mgmt_event(MGMT_EV_DEVICE_DISCONNECTED, hdev, &ev, sizeof(ev),
04124681 3143 sk);
8962ee74
JH		 3144
3145 if (sk)
d97dcb66 3146 sock_put(sk);
8962ee74 3147
124f6e35 3148 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
04124681 3149 hdev);
a8a1d19e 3150
8962ee74
JH		 3151 return err;
3152}
3153
88c3df13 3154int mgmt_disconnect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 3155 u8 link_type, u8 addr_type, u8 status)
8962ee74 3156{
88c3df13 3157 struct mgmt_rp_disconnect rp;
8962ee74
JH		 3158 struct pending_cmd *cmd;
3159 int err;
3160
36a75f1b
JD		 3161 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
3162 hdev);
3163
2e58ef3e 3164 cmd = mgmt_pending_find(MGMT_OP_DISCONNECT, hdev);
8962ee74
JH		 3165 if (!cmd)
3166 return -ENOENT;
3167
88c3df13 3168 bacpy(&rp.addr.bdaddr, bdaddr);
57c1477c 3169 rp.addr.type = link_to_bdaddr(link_type, addr_type);
37d9ef76 3170
88c3df13 3171 err = cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT,
04124681 3172 mgmt_status(status), &rp, sizeof(rp));
8962ee74 3173
a664b5bc 3174 mgmt_pending_remove(cmd);
8962ee74
JH		 3175
3176 return err;
f7520543 3177}
17d5c04c 3178
48264f06 3179int mgmt_connect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
04124681 3180 u8 addr_type, u8 status)
17d5c04c
JH		 3181{
3182 struct mgmt_ev_connect_failed ev;
3183
4c659c39 3184 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 3185 ev.addr.type = link_to_bdaddr(link_type, addr_type);
ca69b795 3186 ev.status = mgmt_status(status);
17d5c04c 3187
744cf19e 3188 return mgmt_event(MGMT_EV_CONNECT_FAILED, hdev, &ev, sizeof(ev), NULL);
17d5c04c 3189}
980e1a53 3190
744cf19e 3191int mgmt_pin_code_request(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 secure)
980e1a53
JH		 3192{
3193 struct mgmt_ev_pin_code_request ev;
3194
d8457698 3195 bacpy(&ev.addr.bdaddr, bdaddr);
591f47f3 3196 ev.addr.type = BDADDR_BREDR;
a770bb5a 3197 ev.secure = secure;
980e1a53 3198
744cf19e 3199 return mgmt_event(MGMT_EV_PIN_CODE_REQUEST, hdev, &ev, sizeof(ev),
04124681 3200 NULL);
980e1a53
JH		 3201}
3202
744cf19e 3203int mgmt_pin_code_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 3204 u8 status)
980e1a53
JH		 3205{
3206 struct pending_cmd *cmd;
ac56fb13 3207 struct mgmt_rp_pin_code_reply rp;
980e1a53
JH		 3208 int err;
3209
2e58ef3e 3210 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_REPLY, hdev);
980e1a53
JH		 3211 if (!cmd)
3212 return -ENOENT;
3213
d8457698 3214 bacpy(&rp.addr.bdaddr, bdaddr);
591f47f3 3215 rp.addr.type = BDADDR_BREDR;
ac56fb13 3216
aee9b218 3217 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
04124681 3218 mgmt_status(status), &rp, sizeof(rp));
980e1a53 3219
a664b5bc 3220 mgmt_pending_remove(cmd);
980e1a53
JH		 3221
3222 return err;
3223}
3224
744cf19e 3225int mgmt_pin_code_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 3226 u8 status)
980e1a53
JH		 3227{
3228 struct pending_cmd *cmd;
ac56fb13 3229 struct mgmt_rp_pin_code_reply rp;
980e1a53
JH		 3230 int err;
3231
2e58ef3e 3232 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_NEG_REPLY, hdev);
980e1a53
JH		 3233 if (!cmd)
3234 return -ENOENT;
3235
d8457698 3236 bacpy(&rp.addr.bdaddr, bdaddr);
591f47f3 3237 rp.addr.type = BDADDR_BREDR;
ac56fb13 3238
aee9b218 3239 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_NEG_REPLY,
04124681 3240 mgmt_status(status), &rp, sizeof(rp));
980e1a53 3241
a664b5bc 3242 mgmt_pending_remove(cmd);
980e1a53
JH		 3243
3244 return err;
3245}
a5c29683 3246
744cf19e 3247int mgmt_user_confirm_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681
GP		 3248 u8 link_type, u8 addr_type, __le32 value,
3249 u8 confirm_hint)
a5c29683
JH		 3250{
3251 struct mgmt_ev_user_confirm_request ev;
3252
744cf19e 3253 BT_DBG("%s", hdev->name);
a5c29683 3254
272d90df 3255 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 3256 ev.addr.type = link_to_bdaddr(link_type, addr_type);
55bc1a37 3257 ev.confirm_hint = confirm_hint;
78e8098e 3258 ev.value = value;
a5c29683 3259
744cf19e 3260 return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST, hdev, &ev, sizeof(ev),
04124681 3261 NULL);
a5c29683
JH		 3262}
3263
272d90df 3264int mgmt_user_passkey_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
8ce8e2b5 3265 u8 link_type, u8 addr_type)
604086b7
BG		 3266{
3267 struct mgmt_ev_user_passkey_request ev;
3268
3269 BT_DBG("%s", hdev->name);
3270
272d90df 3271 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 3272 ev.addr.type = link_to_bdaddr(link_type, addr_type);
604086b7
BG		 3273
3274 return mgmt_event(MGMT_EV_USER_PASSKEY_REQUEST, hdev, &ev, sizeof(ev),
04124681 3275 NULL);
604086b7
BG		 3276}
3277
0df4c185 3278static int user_pairing_resp_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
8ce8e2b5
GP		 3279 u8 link_type, u8 addr_type, u8 status,
3280 u8 opcode)
a5c29683
JH		 3281{
3282 struct pending_cmd *cmd;
3283 struct mgmt_rp_user_confirm_reply rp;
3284 int err;
3285
2e58ef3e 3286 cmd = mgmt_pending_find(opcode, hdev);
a5c29683
JH		 3287 if (!cmd)
3288 return -ENOENT;
3289
272d90df 3290 bacpy(&rp.addr.bdaddr, bdaddr);
57c1477c 3291 rp.addr.type = link_to_bdaddr(link_type, addr_type);
aee9b218 3292 err = cmd_complete(cmd->sk, hdev->id, opcode, mgmt_status(status),
04124681 3293 &rp, sizeof(rp));
a5c29683 3294
a664b5bc 3295 mgmt_pending_remove(cmd);
a5c29683
JH		 3296
3297 return err;
3298}
3299
744cf19e 3300int mgmt_user_confirm_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 3301 u8 link_type, u8 addr_type, u8 status)
a5c29683 3302{
272d90df 3303 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
04124681 3304 status, MGMT_OP_USER_CONFIRM_REPLY);
a5c29683
JH		 3305}
3306
272d90df 3307int mgmt_user_confirm_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 3308 u8 link_type, u8 addr_type, u8 status)
a5c29683 3309{
272d90df 3310 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
8fc9ced3
GP		 3311 status,
3312 MGMT_OP_USER_CONFIRM_NEG_REPLY);
a5c29683 3313}
2a611692 3314
604086b7 3315int mgmt_user_passkey_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 3316 u8 link_type, u8 addr_type, u8 status)
604086b7 3317{
272d90df 3318 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
04124681 3319 status, MGMT_OP_USER_PASSKEY_REPLY);
604086b7
BG		 3320}
3321
272d90df 3322int mgmt_user_passkey_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 3323 u8 link_type, u8 addr_type, u8 status)
604086b7 3324{
272d90df 3325 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
8fc9ced3
GP		 3326 status,
3327 MGMT_OP_USER_PASSKEY_NEG_REPLY);
604086b7
BG		 3328}
3329
92a25256
JH		 3330int mgmt_user_passkey_notify(struct hci_dev *hdev, bdaddr_t *bdaddr,
3331 u8 link_type, u8 addr_type, u32 passkey,
3332 u8 entered)
3333{
3334 struct mgmt_ev_passkey_notify ev;
3335
3336 BT_DBG("%s", hdev->name);
3337
3338 bacpy(&ev.addr.bdaddr, bdaddr);
3339 ev.addr.type = link_to_bdaddr(link_type, addr_type);
3340 ev.passkey = __cpu_to_le32(passkey);
3341 ev.entered = entered;
3342
3343 return mgmt_event(MGMT_EV_PASSKEY_NOTIFY, hdev, &ev, sizeof(ev), NULL);
3344}
3345
bab73cb6 3346int mgmt_auth_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
04124681 3347 u8 addr_type, u8 status)
2a611692
JH		 3348{
3349 struct mgmt_ev_auth_failed ev;
3350
bab73cb6 3351 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 3352 ev.addr.type = link_to_bdaddr(link_type, addr_type);
ca69b795 3353 ev.status = mgmt_status(status);
2a611692 3354
744cf19e 3355 return mgmt_event(MGMT_EV_AUTH_FAILED, hdev, &ev, sizeof(ev), NULL);
2a611692 3356}
b312b161 3357
33ef95ed
JH		 3358int mgmt_auth_enable_complete(struct hci_dev *hdev, u8 status)
3359{
3360 struct cmd_lookup match = { NULL, hdev };
47990ea0
JH		 3361 bool changed = false;
3362 int err = 0;
33ef95ed
JH		 3363
3364 if (status) {
3365 u8 mgmt_err = mgmt_status(status);
3366 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev,
04124681 3367 cmd_status_rsp, &mgmt_err);
33ef95ed
JH		 3368 return 0;
3369 }
3370
47990ea0
JH		 3371 if (test_bit(HCI_AUTH, &hdev->flags)) {
3372 if (!test_and_set_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
3373 changed = true;
3374 } else {
3375 if (test_and_clear_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
3376 changed = true;
3377 }
3378
33ef95ed 3379 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev, settings_rsp,
04124681 3380 &match);
33ef95ed 3381
47990ea0
JH		 3382 if (changed)
3383 err = new_settings(hdev, match.sk);
33ef95ed
JH		 3384
3385 if (match.sk)
3386 sock_put(match.sk);
3387
3388 return err;
3389}
3390
cacaf52f
JH		 3391static int clear_eir(struct hci_dev *hdev)
3392{
3393 struct hci_cp_write_eir cp;
3394
976eb20e 3395 if (!lmp_ext_inq_capable(hdev))
cacaf52f
JH		 3396 return 0;
3397
c80da27e
JH		 3398 memset(hdev->eir, 0, sizeof(hdev->eir));
3399
cacaf52f
JH		 3400 memset(&cp, 0, sizeof(cp));
3401
3402 return hci_send_cmd(hdev, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
3403}
3404
c0ecddc2 3405int mgmt_ssp_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
ed2c4ee3
JH		 3406{
3407 struct cmd_lookup match = { NULL, hdev };
c0ecddc2
JH		 3408 bool changed = false;
3409 int err = 0;
ed2c4ee3
JH		 3410
3411 if (status) {
3412 u8 mgmt_err = mgmt_status(status);
c0ecddc2
JH		 3413
3414 if (enable && test_and_clear_bit(HCI_SSP_ENABLED,
04124681 3415 &hdev->dev_flags))
c0ecddc2
JH		 3416 err = new_settings(hdev, NULL);
3417
04124681
GP		 3418 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, cmd_status_rsp,
3419 &mgmt_err);
c0ecddc2
JH		 3420
3421 return err;
3422 }
3423
3424 if (enable) {
3425 if (!test_and_set_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
3426 changed = true;
3427 } else {
3428 if (test_and_clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
3429 changed = true;
ed2c4ee3
JH		 3430 }
3431
3432 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, settings_rsp, &match);
3433
c0ecddc2
JH		 3434 if (changed)
3435 err = new_settings(hdev, match.sk);
ed2c4ee3 3436
5fc6ebb1 3437 if (match.sk)
ed2c4ee3
JH		 3438 sock_put(match.sk);
3439
5fc6ebb1
JH		 3440 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
3441 update_eir(hdev);
3442 else
3443 clear_eir(hdev);
cacaf52f 3444
ed2c4ee3
JH		 3445 return err;
3446}
3447
90e70454
JH		 3448static void class_rsp(struct pending_cmd *cmd, void *data)
3449{
3450 struct cmd_lookup *match = data;
3451
3452 cmd_complete(cmd->sk, cmd->index, cmd->opcode, match->mgmt_status,
04124681 3453 match->hdev->dev_class, 3);
90e70454
JH		 3454
3455 list_del(&cmd->list);
3456
3457 if (match->sk == NULL) {
3458 match->sk = cmd->sk;
3459 sock_hold(match->sk);
3460 }
3461
3462 mgmt_pending_free(cmd);
3463}
3464
7f9a903c 3465int mgmt_set_class_of_dev_complete(struct hci_dev *hdev, u8 *dev_class,
04124681 3466 u8 status)
7f9a903c 3467{
90e70454
JH		 3468 struct cmd_lookup match = { NULL, hdev, mgmt_status(status) };
3469 int err = 0;
7f9a903c 3470
c95f0ba7
JH		 3471 clear_bit(HCI_PENDING_CLASS, &hdev->dev_flags);
3472
90e70454
JH		 3473 mgmt_pending_foreach(MGMT_OP_SET_DEV_CLASS, hdev, class_rsp, &match);
3474 mgmt_pending_foreach(MGMT_OP_ADD_UUID, hdev, class_rsp, &match);
3475 mgmt_pending_foreach(MGMT_OP_REMOVE_UUID, hdev, class_rsp, &match);
3476
3477 if (!status)
04124681
GP		 3478 err = mgmt_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev, dev_class,
3479 3, NULL);
90e70454
JH		 3480
3481 if (match.sk)
3482 sock_put(match.sk);
7f9a903c
MH		 3483
3484 return err;
3485}
3486
744cf19e 3487int mgmt_set_local_name_complete(struct hci_dev *hdev, u8 *name, u8 status)
b312b161
JH		 3488{
3489 struct pending_cmd *cmd;
3490 struct mgmt_cp_set_local_name ev;
28cc7bde
JH		 3491 bool changed = false;
3492 int err = 0;
3493
3494 if (memcmp(name, hdev->dev_name, sizeof(hdev->dev_name)) != 0) {
3495 memcpy(hdev->dev_name, name, sizeof(hdev->dev_name));
3496 changed = true;
3497 }
b312b161
JH		 3498
3499 memset(&ev, 0, sizeof(ev));
3500 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH);
28cc7bde 3501 memcpy(ev.short_name, hdev->short_name, HCI_MAX_SHORT_NAME_LENGTH);
b312b161 3502
2e58ef3e 3503 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
b312b161
JH		 3504 if (!cmd)
3505 goto send_event;
3506
7bdaae4a
JH		 3507 /* Always assume that either the short or the complete name has
3508 * changed if there was a pending mgmt command */
3509 changed = true;
3510
b312b161 3511 if (status) {
744cf19e 3512 err = cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME,
04124681 3513 mgmt_status(status));
b312b161
JH		 3514 goto failed;
3515 }
3516
aee9b218 3517 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0, &ev,
04124681 3518 sizeof(ev));
b312b161
JH		 3519 if (err < 0)
3520 goto failed;
3521
3522send_event:
28cc7bde
JH		 3523 if (changed)
3524 err = mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, &ev,
04124681 3525 sizeof(ev), cmd ? cmd->sk : NULL);
28cc7bde 3526
1225a6bd
JH		 3527 /* EIR is taken care of separately when powering on the
3528 * adapter so only update them here if this is a name change
3529 * unrelated to power on.
3530 */
3531 if (!test_bit(HCI_INIT, &hdev->flags))
3532 update_eir(hdev);
b312b161
JH		 3533
3534failed:
3535 if (cmd)
3536 mgmt_pending_remove(cmd);
3537 return err;
3538}
c35938b2 3539
744cf19e 3540int mgmt_read_local_oob_data_reply_complete(struct hci_dev *hdev, u8 *hash,
04124681 3541 u8 *randomizer, u8 status)
c35938b2
SJ		 3542{
3543 struct pending_cmd *cmd;
3544 int err;
3545
744cf19e 3546 BT_DBG("%s status %u", hdev->name, status);
c35938b2 3547
2e58ef3e 3548 cmd = mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev);
c35938b2
SJ		 3549 if (!cmd)
3550 return -ENOENT;
3551
3552 if (status) {
04124681
GP		 3553 err = cmd_status(cmd->sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3554 mgmt_status(status));
c35938b2
SJ		 3555 } else {
3556 struct mgmt_rp_read_local_oob_data rp;
3557
3558 memcpy(rp.hash, hash, sizeof(rp.hash));
3559 memcpy(rp.randomizer, randomizer, sizeof(rp.randomizer));
3560
744cf19e 3561 err = cmd_complete(cmd->sk, hdev->id,
04124681
GP		 3562 MGMT_OP_READ_LOCAL_OOB_DATA, 0, &rp,
3563 sizeof(rp));
c35938b2
SJ		 3564 }
3565
3566 mgmt_pending_remove(cmd);
3567
3568 return err;
3569}
e17acd40 3570
06199cf8
JH		 3571int mgmt_le_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
3572{
3573 struct cmd_lookup match = { NULL, hdev };
3574 bool changed = false;
3575 int err = 0;
3576
3577 if (status) {
3578 u8 mgmt_err = mgmt_status(status);
3579
3580 if (enable && test_and_clear_bit(HCI_LE_ENABLED,
04124681 3581 &hdev->dev_flags))
d97dcb66 3582 err = new_settings(hdev, NULL);
06199cf8 3583
d97dcb66
SJ		 3584 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, cmd_status_rsp,
3585 &mgmt_err);
06199cf8
JH		 3586
3587 return err;
3588 }
3589
3590 if (enable) {
3591 if (!test_and_set_bit(HCI_LE_ENABLED, &hdev->dev_flags))
3592 changed = true;
3593 } else {
3594 if (test_and_clear_bit(HCI_LE_ENABLED, &hdev->dev_flags))
3595 changed = true;
3596 }
3597
3598 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, settings_rsp, &match);
3599
3600 if (changed)
3601 err = new_settings(hdev, match.sk);
3602
3603 if (match.sk)
3604 sock_put(match.sk);
3605
3606 return err;
3607}
3608
48264f06 3609int mgmt_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
04124681
GP		 3610 u8 addr_type, u8 *dev_class, s8 rssi, u8 cfm_name, u8
3611 ssp, u8 *eir, u16 eir_len)
e17acd40 3612{
e319d2e7
JH		 3613 char buf[512];
3614 struct mgmt_ev_device_found *ev = (void *) buf;
1dc06093 3615 size_t ev_size;
e17acd40 3616
1dc06093
JH		 3617 /* Leave 5 bytes for a potential CoD field */
3618 if (sizeof(*ev) + eir_len + 5 > sizeof(buf))
7d262f86
AG		 3619 return -EINVAL;
3620
1dc06093
JH		 3621 memset(buf, 0, sizeof(buf));
3622
e319d2e7 3623 bacpy(&ev->addr.bdaddr, bdaddr);
57c1477c 3624 ev->addr.type = link_to_bdaddr(link_type, addr_type);
e319d2e7 3625 ev->rssi = rssi;
9a395a80 3626 if (cfm_name)
612dfce9 3627 ev->flags |= __constant_cpu_to_le32(MGMT_DEV_FOUND_CONFIRM_NAME);
388fc8fa 3628 if (!ssp)
612dfce9 3629 ev->flags |= __constant_cpu_to_le32(MGMT_DEV_FOUND_LEGACY_PAIRING);
e17acd40 3630
1dc06093 3631 if (eir_len > 0)
e319d2e7 3632 memcpy(ev->eir, eir, eir_len);
e17acd40 3633
1dc06093
JH		 3634 if (dev_class && !eir_has_data_type(ev->eir, eir_len, EIR_CLASS_OF_DEV))
3635 eir_len = eir_append_data(ev->eir, eir_len, EIR_CLASS_OF_DEV,
04124681 3636 dev_class, 3);
1dc06093 3637
eb55ef07 3638 ev->eir_len = cpu_to_le16(eir_len);
1dc06093 3639 ev_size = sizeof(*ev) + eir_len;
f8523598 3640
e319d2e7 3641 return mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, ev_size, NULL);
e17acd40 3642}
a88a9652 3643
b644ba33 3644int mgmt_remote_name(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
04124681 3645 u8 addr_type, s8 rssi, u8 *name, u8 name_len)
a88a9652 3646{
b644ba33
JH		 3647 struct mgmt_ev_device_found *ev;
3648 char buf[sizeof(*ev) + HCI_MAX_NAME_LENGTH + 2];
3649 u16 eir_len;
a88a9652 3650
b644ba33 3651 ev = (struct mgmt_ev_device_found *) buf;
a88a9652 3652
b644ba33
JH		 3653 memset(buf, 0, sizeof(buf));
3654
3655 bacpy(&ev->addr.bdaddr, bdaddr);
57c1477c 3656 ev->addr.type = link_to_bdaddr(link_type, addr_type);
b644ba33
JH		 3657 ev->rssi = rssi;
3658
3659 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE, name,
04124681 3660 name_len);
b644ba33 3661
eb55ef07 3662 ev->eir_len = cpu_to_le16(eir_len);
a88a9652 3663
053c7e0c 3664 return mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev,
04124681 3665 sizeof(*ev) + eir_len, NULL);
a88a9652 3666}
314b2381 3667
7a135109 3668int mgmt_start_discovery_failed(struct hci_dev *hdev, u8 status)
164a6e78
JH		 3669{
3670 struct pending_cmd *cmd;
f808e166 3671 u8 type;
164a6e78
JH		 3672 int err;
3673
203159d4
AG		 3674 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
3675
2e58ef3e 3676 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
164a6e78
JH		 3677 if (!cmd)
3678 return -ENOENT;
3679
f808e166
JH		 3680 type = hdev->discovery.type;
3681
3682 err = cmd_complete(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status),
04124681 3683 &type, sizeof(type));
164a6e78
JH		 3684 mgmt_pending_remove(cmd);
3685
3686 return err;
3687}
3688
e6d465cb
AG		 3689int mgmt_stop_discovery_failed(struct hci_dev *hdev, u8 status)
3690{
3691 struct pending_cmd *cmd;
3692 int err;
3693
3694 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
3695 if (!cmd)
3696 return -ENOENT;
3697
d930650b 3698 err = cmd_complete(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status),
04124681 3699 &hdev->discovery.type, sizeof(hdev->discovery.type));
164a6e78
JH		 3700 mgmt_pending_remove(cmd);
3701
3702 return err;
3703}
3704
744cf19e 3705int mgmt_discovering(struct hci_dev *hdev, u8 discovering)
314b2381 3706{
f963e8e9 3707 struct mgmt_ev_discovering ev;
164a6e78
JH		 3708 struct pending_cmd *cmd;
3709
343fb145
AG		 3710 BT_DBG("%s discovering %u", hdev->name, discovering);
3711
164a6e78 3712 if (discovering)
2e58ef3e 3713 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
164a6e78 3714 else
2e58ef3e 3715 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
164a6e78
JH		 3716
3717 if (cmd != NULL) {
f808e166
JH		 3718 u8 type = hdev->discovery.type;
3719
04124681
GP		 3720 cmd_complete(cmd->sk, hdev->id, cmd->opcode, 0, &type,
3721 sizeof(type));
164a6e78
JH		 3722 mgmt_pending_remove(cmd);
3723 }
3724
f963e8e9
JH		 3725 memset(&ev, 0, sizeof(ev));
3726 ev.type = hdev->discovery.type;
3727 ev.discovering = discovering;
3728
3729 return mgmt_event(MGMT_EV_DISCOVERING, hdev, &ev, sizeof(ev), NULL);
314b2381 3730}
5e762444 3731
88c1fe4b 3732int mgmt_device_blocked(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
5e762444
AJ		 3733{
3734 struct pending_cmd *cmd;
3735 struct mgmt_ev_device_blocked ev;
3736
2e58ef3e 3737 cmd = mgmt_pending_find(MGMT_OP_BLOCK_DEVICE, hdev);
5e762444 3738
88c1fe4b
JH		 3739 bacpy(&ev.addr.bdaddr, bdaddr);
3740 ev.addr.type = type;
5e762444 3741
744cf19e 3742 return mgmt_event(MGMT_EV_DEVICE_BLOCKED, hdev, &ev, sizeof(ev),
04124681 3743 cmd ? cmd->sk : NULL);
5e762444
AJ		 3744}
3745
88c1fe4b 3746int mgmt_device_unblocked(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
5e762444
AJ		 3747{
3748 struct pending_cmd *cmd;
3749 struct mgmt_ev_device_unblocked ev;
3750
2e58ef3e 3751 cmd = mgmt_pending_find(MGMT_OP_UNBLOCK_DEVICE, hdev);
5e762444 3752
88c1fe4b
JH		 3753 bacpy(&ev.addr.bdaddr, bdaddr);
3754 ev.addr.type = type;
5e762444 3755
744cf19e 3756 return mgmt_event(MGMT_EV_DEVICE_UNBLOCKED, hdev, &ev, sizeof(ev),
04124681 3757 cmd ? cmd->sk : NULL);
5e762444 3758}
d7b7e796
MH		 3759
3760module_param(enable_hs, bool, 0644);
3761MODULE_PARM_DESC(enable_hs, "Enable High Speed support");
kernel source for telekom puls (alcatel/mediatek)