projects / GitHub / mt8127 / android_kernel_alcatel_ttab.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Bluetooth: Remove unused hci_le_ltk_neg_reply()
[GitHub/mt8127/android_kernel_alcatel_ttab.git] / net / bluetooth / mgmt.c
CommitLineData
0381101f
JH		 1/*
2 BlueZ - Bluetooth protocol stack for Linux
ea585ab5 3
0381101f 4 Copyright (C) 2010 Nokia Corporation
ea585ab5 5 Copyright (C) 2011-2012 Intel Corporation
0381101f
JH		 6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
10
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
23*/
24
25/* Bluetooth HCI Management interface */
26
ca69b795 27#include <linux/kernel.h>
72359753 28#include <linux/uaccess.h>
3a9a231d 29#include <linux/module.h>
0381101f
JH		 30#include <asm/unaligned.h>
31
32#include <net/bluetooth/bluetooth.h>
33#include <net/bluetooth/hci_core.h>
34#include <net/bluetooth/mgmt.h>
5fe57d9e 35#include <net/bluetooth/smp.h>
0381101f 36
d7b7e796
MH		 37bool enable_hs;
38bool enable_le;
39
2da9c55c 40#define MGMT_VERSION 1
053262dc 41#define MGMT_REVISION 1
02d98129 42
e70bb2e8
JH		 43static const u16 mgmt_commands[] = {
44 MGMT_OP_READ_INDEX_LIST,
45 MGMT_OP_READ_INFO,
46 MGMT_OP_SET_POWERED,
47 MGMT_OP_SET_DISCOVERABLE,
48 MGMT_OP_SET_CONNECTABLE,
49 MGMT_OP_SET_FAST_CONNECTABLE,
50 MGMT_OP_SET_PAIRABLE,
51 MGMT_OP_SET_LINK_SECURITY,
52 MGMT_OP_SET_SSP,
53 MGMT_OP_SET_HS,
54 MGMT_OP_SET_LE,
55 MGMT_OP_SET_DEV_CLASS,
56 MGMT_OP_SET_LOCAL_NAME,
57 MGMT_OP_ADD_UUID,
58 MGMT_OP_REMOVE_UUID,
59 MGMT_OP_LOAD_LINK_KEYS,
60 MGMT_OP_LOAD_LONG_TERM_KEYS,
61 MGMT_OP_DISCONNECT,
62 MGMT_OP_GET_CONNECTIONS,
63 MGMT_OP_PIN_CODE_REPLY,
64 MGMT_OP_PIN_CODE_NEG_REPLY,
65 MGMT_OP_SET_IO_CAPABILITY,
66 MGMT_OP_PAIR_DEVICE,
67 MGMT_OP_CANCEL_PAIR_DEVICE,
68 MGMT_OP_UNPAIR_DEVICE,
69 MGMT_OP_USER_CONFIRM_REPLY,
70 MGMT_OP_USER_CONFIRM_NEG_REPLY,
71 MGMT_OP_USER_PASSKEY_REPLY,
72 MGMT_OP_USER_PASSKEY_NEG_REPLY,
73 MGMT_OP_READ_LOCAL_OOB_DATA,
74 MGMT_OP_ADD_REMOTE_OOB_DATA,
75 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
76 MGMT_OP_START_DISCOVERY,
77 MGMT_OP_STOP_DISCOVERY,
78 MGMT_OP_CONFIRM_NAME,
79 MGMT_OP_BLOCK_DEVICE,
80 MGMT_OP_UNBLOCK_DEVICE,
cdbaccca 81 MGMT_OP_SET_DEVICE_ID,
e70bb2e8
JH		 82};
83
84static const u16 mgmt_events[] = {
85 MGMT_EV_CONTROLLER_ERROR,
86 MGMT_EV_INDEX_ADDED,
87 MGMT_EV_INDEX_REMOVED,
88 MGMT_EV_NEW_SETTINGS,
89 MGMT_EV_CLASS_OF_DEV_CHANGED,
90 MGMT_EV_LOCAL_NAME_CHANGED,
91 MGMT_EV_NEW_LINK_KEY,
92 MGMT_EV_NEW_LONG_TERM_KEY,
93 MGMT_EV_DEVICE_CONNECTED,
94 MGMT_EV_DEVICE_DISCONNECTED,
95 MGMT_EV_CONNECT_FAILED,
96 MGMT_EV_PIN_CODE_REQUEST,
97 MGMT_EV_USER_CONFIRM_REQUEST,
98 MGMT_EV_USER_PASSKEY_REQUEST,
99 MGMT_EV_AUTH_FAILED,
100 MGMT_EV_DEVICE_FOUND,
101 MGMT_EV_DISCOVERING,
102 MGMT_EV_DEVICE_BLOCKED,
103 MGMT_EV_DEVICE_UNBLOCKED,
104 MGMT_EV_DEVICE_UNPAIRED,
105};
106
3fd24153
AG		 107/*
108 * These LE scan and inquiry parameters were chosen according to LE General
109 * Discovery Procedure specification.
110 */
111#define LE_SCAN_TYPE 0x01
112#define LE_SCAN_WIN 0x12
113#define LE_SCAN_INT 0x12
114#define LE_SCAN_TIMEOUT_LE_ONLY 10240 /* TGAP(gen_disc_scan_min) */
5e0452c0 115#define LE_SCAN_TIMEOUT_BREDR_LE 5120 /* TGAP(100)/2 */
3fd24153 116
e8777525 117#define INQUIRY_LEN_BREDR 0x08 /* TGAP(100) */
5e0452c0 118#define INQUIRY_LEN_BREDR_LE 0x04 /* TGAP(100)/2 */
2519a1fc 119
17b02e62 120#define CACHE_TIMEOUT msecs_to_jiffies(2 * 1000)
7d78525d 121
4b34ee78
JH		 122#define hdev_is_powered(hdev) (test_bit(HCI_UP, &hdev->flags) && \
123 !test_bit(HCI_AUTO_OFF, &hdev->dev_flags))
124
eec8d2bc
JH		 125struct pending_cmd {
126 struct list_head list;
fc2f4b13 127 u16 opcode;
eec8d2bc 128 int index;
c68fb7ff 129 void *param;
eec8d2bc 130 struct sock *sk;
e9a416b5 131 void *user_data;
eec8d2bc
JH		 132};
133
ca69b795
JH		 134/* HCI to MGMT error code conversion table */
135static u8 mgmt_status_table[] = {
136 MGMT_STATUS_SUCCESS,
137 MGMT_STATUS_UNKNOWN_COMMAND, /* Unknown Command */
138 MGMT_STATUS_NOT_CONNECTED, /* No Connection */
139 MGMT_STATUS_FAILED, /* Hardware Failure */
140 MGMT_STATUS_CONNECT_FAILED, /* Page Timeout */
141 MGMT_STATUS_AUTH_FAILED, /* Authentication Failed */
142 MGMT_STATUS_NOT_PAIRED, /* PIN or Key Missing */
143 MGMT_STATUS_NO_RESOURCES, /* Memory Full */
144 MGMT_STATUS_TIMEOUT, /* Connection Timeout */
145 MGMT_STATUS_NO_RESOURCES, /* Max Number of Connections */
146 MGMT_STATUS_NO_RESOURCES, /* Max Number of SCO Connections */
147 MGMT_STATUS_ALREADY_CONNECTED, /* ACL Connection Exists */
148 MGMT_STATUS_BUSY, /* Command Disallowed */
149 MGMT_STATUS_NO_RESOURCES, /* Rejected Limited Resources */
150 MGMT_STATUS_REJECTED, /* Rejected Security */
151 MGMT_STATUS_REJECTED, /* Rejected Personal */
152 MGMT_STATUS_TIMEOUT, /* Host Timeout */
153 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Feature */
154 MGMT_STATUS_INVALID_PARAMS, /* Invalid Parameters */
155 MGMT_STATUS_DISCONNECTED, /* OE User Ended Connection */
156 MGMT_STATUS_NO_RESOURCES, /* OE Low Resources */
157 MGMT_STATUS_DISCONNECTED, /* OE Power Off */
158 MGMT_STATUS_DISCONNECTED, /* Connection Terminated */
159 MGMT_STATUS_BUSY, /* Repeated Attempts */
160 MGMT_STATUS_REJECTED, /* Pairing Not Allowed */
161 MGMT_STATUS_FAILED, /* Unknown LMP PDU */
162 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Remote Feature */
163 MGMT_STATUS_REJECTED, /* SCO Offset Rejected */
164 MGMT_STATUS_REJECTED, /* SCO Interval Rejected */
165 MGMT_STATUS_REJECTED, /* Air Mode Rejected */
166 MGMT_STATUS_INVALID_PARAMS, /* Invalid LMP Parameters */
167 MGMT_STATUS_FAILED, /* Unspecified Error */
168 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported LMP Parameter Value */
169 MGMT_STATUS_FAILED, /* Role Change Not Allowed */
170 MGMT_STATUS_TIMEOUT, /* LMP Response Timeout */
171 MGMT_STATUS_FAILED, /* LMP Error Transaction Collision */
172 MGMT_STATUS_FAILED, /* LMP PDU Not Allowed */
173 MGMT_STATUS_REJECTED, /* Encryption Mode Not Accepted */
174 MGMT_STATUS_FAILED, /* Unit Link Key Used */
175 MGMT_STATUS_NOT_SUPPORTED, /* QoS Not Supported */
176 MGMT_STATUS_TIMEOUT, /* Instant Passed */
177 MGMT_STATUS_NOT_SUPPORTED, /* Pairing Not Supported */
178 MGMT_STATUS_FAILED, /* Transaction Collision */
179 MGMT_STATUS_INVALID_PARAMS, /* Unacceptable Parameter */
180 MGMT_STATUS_REJECTED, /* QoS Rejected */
181 MGMT_STATUS_NOT_SUPPORTED, /* Classification Not Supported */
182 MGMT_STATUS_REJECTED, /* Insufficient Security */
183 MGMT_STATUS_INVALID_PARAMS, /* Parameter Out Of Range */
184 MGMT_STATUS_BUSY, /* Role Switch Pending */
185 MGMT_STATUS_FAILED, /* Slot Violation */
186 MGMT_STATUS_FAILED, /* Role Switch Failed */
187 MGMT_STATUS_INVALID_PARAMS, /* EIR Too Large */
188 MGMT_STATUS_NOT_SUPPORTED, /* Simple Pairing Not Supported */
189 MGMT_STATUS_BUSY, /* Host Busy Pairing */
190 MGMT_STATUS_REJECTED, /* Rejected, No Suitable Channel */
191 MGMT_STATUS_BUSY, /* Controller Busy */
192 MGMT_STATUS_INVALID_PARAMS, /* Unsuitable Connection Interval */
193 MGMT_STATUS_TIMEOUT, /* Directed Advertising Timeout */
194 MGMT_STATUS_AUTH_FAILED, /* Terminated Due to MIC Failure */
195 MGMT_STATUS_CONNECT_FAILED, /* Connection Establishment Failed */
196 MGMT_STATUS_CONNECT_FAILED, /* MAC Connection Failed */
197};
198
199static u8 mgmt_status(u8 hci_status)
200{
201 if (hci_status < ARRAY_SIZE(mgmt_status_table))
202 return mgmt_status_table[hci_status];
203
204 return MGMT_STATUS_FAILED;
205}
206
4e51eae9 207static int cmd_status(struct sock *sk, u16 index, u16 cmd, u8 status)
f7b64e69
JH		 208{
209 struct sk_buff *skb;
210 struct mgmt_hdr *hdr;
211 struct mgmt_ev_cmd_status *ev;
56b7d137 212 int err;
f7b64e69 213
34eb525c 214 BT_DBG("sock %p, index %u, cmd %u, status %u", sk, index, cmd, status);
f7b64e69
JH		 215
216 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev), GFP_ATOMIC);
217 if (!skb)
218 return -ENOMEM;
219
220 hdr = (void *) skb_put(skb, sizeof(*hdr));
221
222 hdr->opcode = cpu_to_le16(MGMT_EV_CMD_STATUS);
4e51eae9 223 hdr->index = cpu_to_le16(index);
f7b64e69
JH		 224 hdr->len = cpu_to_le16(sizeof(*ev));
225
226 ev = (void *) skb_put(skb, sizeof(*ev));
227 ev->status = status;
eb55ef07 228 ev->opcode = cpu_to_le16(cmd);
f7b64e69 229
56b7d137
GP		 230 err = sock_queue_rcv_skb(sk, skb);
231 if (err < 0)
f7b64e69
JH		 232 kfree_skb(skb);
233
56b7d137 234 return err;
f7b64e69
JH		 235}
236
aee9b218 237static int cmd_complete(struct sock *sk, u16 index, u16 cmd, u8 status,
04124681 238 void *rp, size_t rp_len)
02d98129
JH		 239{
240 struct sk_buff *skb;
241 struct mgmt_hdr *hdr;
242 struct mgmt_ev_cmd_complete *ev;
56b7d137 243 int err;
02d98129
JH		 244
245 BT_DBG("sock %p", sk);
246
a38528f1 247 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev) + rp_len, GFP_ATOMIC);
02d98129
JH		 248 if (!skb)
249 return -ENOMEM;
250
251 hdr = (void *) skb_put(skb, sizeof(*hdr));
02d98129 252
a38528f1 253 hdr->opcode = cpu_to_le16(MGMT_EV_CMD_COMPLETE);
4e51eae9 254 hdr->index = cpu_to_le16(index);
a38528f1 255 hdr->len = cpu_to_le16(sizeof(*ev) + rp_len);
02d98129 256
a38528f1 257 ev = (void *) skb_put(skb, sizeof(*ev) + rp_len);
eb55ef07 258 ev->opcode = cpu_to_le16(cmd);
aee9b218 259 ev->status = status;
8020c16a
SJ		 260
261 if (rp)
262 memcpy(ev->data, rp, rp_len);
02d98129 263
56b7d137
GP		 264 err = sock_queue_rcv_skb(sk, skb);
265 if (err < 0)
02d98129
JH		 266 kfree_skb(skb);
267
e5f0e151 268 return err;
02d98129
JH		 269}
270
04124681
GP		 271static int read_version(struct sock *sk, struct hci_dev *hdev, void *data,
272 u16 data_len)
a38528f1
JH		 273{
274 struct mgmt_rp_read_version rp;
275
276 BT_DBG("sock %p", sk);
277
278 rp.version = MGMT_VERSION;
eb55ef07 279 rp.revision = __constant_cpu_to_le16(MGMT_REVISION);
a38528f1 280
aee9b218 281 return cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_VERSION, 0, &rp,
04124681 282 sizeof(rp));
a38528f1
JH		 283}
284
04124681
GP		 285static int read_commands(struct sock *sk, struct hci_dev *hdev, void *data,
286 u16 data_len)
e70bb2e8
JH		 287{
288 struct mgmt_rp_read_commands *rp;
eb55ef07
MH		 289 const u16 num_commands = ARRAY_SIZE(mgmt_commands);
290 const u16 num_events = ARRAY_SIZE(mgmt_events);
2e3c35ea 291 __le16 *opcode;
e70bb2e8
JH		 292 size_t rp_size;
293 int i, err;
294
295 BT_DBG("sock %p", sk);
296
297 rp_size = sizeof(*rp) + ((num_commands + num_events) * sizeof(u16));
298
299 rp = kmalloc(rp_size, GFP_KERNEL);
300 if (!rp)
301 return -ENOMEM;
302
eb55ef07
MH		 303 rp->num_commands = __constant_cpu_to_le16(num_commands);
304 rp->num_events = __constant_cpu_to_le16(num_events);
e70bb2e8
JH		 305
306 for (i = 0, opcode = rp->opcodes; i < num_commands; i++, opcode++)
307 put_unaligned_le16(mgmt_commands[i], opcode);
308
309 for (i = 0; i < num_events; i++, opcode++)
310 put_unaligned_le16(mgmt_events[i], opcode);
311
aee9b218 312 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_COMMANDS, 0, rp,
04124681 313 rp_size);
e70bb2e8
JH		 314 kfree(rp);
315
316 return err;
317}
318
04124681
GP		 319static int read_index_list(struct sock *sk, struct hci_dev *hdev, void *data,
320 u16 data_len)
faba42eb 321{
faba42eb
JH		 322 struct mgmt_rp_read_index_list *rp;
323 struct list_head *p;
8035ded4 324 struct hci_dev *d;
a38528f1 325 size_t rp_len;
faba42eb 326 u16 count;
a38528f1 327 int i, err;
faba42eb
JH		 328
329 BT_DBG("sock %p", sk);
330
331 read_lock(&hci_dev_list_lock);
332
333 count = 0;
334 list_for_each(p, &hci_dev_list) {
335 count++;
336 }
337
a38528f1
JH		 338 rp_len = sizeof(*rp) + (2 * count);
339 rp = kmalloc(rp_len, GFP_ATOMIC);
340 if (!rp) {
b2c60d42 341 read_unlock(&hci_dev_list_lock);
faba42eb 342 return -ENOMEM;
b2c60d42 343 }
faba42eb 344
eb55ef07 345 rp->num_controllers = cpu_to_le16(count);
faba42eb
JH		 346
347 i = 0;
8035ded4 348 list_for_each_entry(d, &hci_dev_list, list) {
a8b2d5c2 349 if (test_bit(HCI_SETUP, &d->dev_flags))
ab81cbf9
JH		 350 continue;
351
eb55ef07 352 rp->index[i++] = cpu_to_le16(d->id);
faba42eb
JH		 353 BT_DBG("Added hci%u", d->id);
354 }
355
356 read_unlock(&hci_dev_list_lock);
357
aee9b218 358 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_INDEX_LIST, 0, rp,
04124681 359 rp_len);
faba42eb 360
a38528f1
JH		 361 kfree(rp);
362
363 return err;
faba42eb
JH		 364}
365
69ab39ea
JH		 366static u32 get_supported_settings(struct hci_dev *hdev)
367{
368 u32 settings = 0;
369
370 settings |= MGMT_SETTING_POWERED;
371 settings |= MGMT_SETTING_CONNECTABLE;
372 settings |= MGMT_SETTING_FAST_CONNECTABLE;
373 settings |= MGMT_SETTING_DISCOVERABLE;
374 settings |= MGMT_SETTING_PAIRABLE;
375
376 if (hdev->features[6] & LMP_SIMPLE_PAIR)
377 settings |= MGMT_SETTING_SSP;
378
379 if (!(hdev->features[4] & LMP_NO_BREDR)) {
380 settings |= MGMT_SETTING_BREDR;
381 settings |= MGMT_SETTING_LINK_SECURITY;
382 }
383
d7b7e796
MH		 384 if (enable_hs)
385 settings |= MGMT_SETTING_HS;
386
387 if (enable_le) {
388 if (hdev->features[4] & LMP_LE)
389 settings |= MGMT_SETTING_LE;
390 }
69ab39ea
JH		 391
392 return settings;
393}
394
395static u32 get_current_settings(struct hci_dev *hdev)
396{
397 u32 settings = 0;
398
f1f0eb02 399 if (hdev_is_powered(hdev))
f0d4b78a
MH		 400 settings |= MGMT_SETTING_POWERED;
401
5e5282bb 402 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
69ab39ea
JH		 403 settings |= MGMT_SETTING_CONNECTABLE;
404
5e5282bb 405 if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
69ab39ea
JH		 406 settings |= MGMT_SETTING_DISCOVERABLE;
407
a8b2d5c2 408 if (test_bit(HCI_PAIRABLE, &hdev->dev_flags))
69ab39ea
JH		 409 settings |= MGMT_SETTING_PAIRABLE;
410
411 if (!(hdev->features[4] & LMP_NO_BREDR))
412 settings |= MGMT_SETTING_BREDR;
413
06199cf8 414 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
69ab39ea
JH		 415 settings |= MGMT_SETTING_LE;
416
47990ea0 417 if (test_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
69ab39ea
JH		 418 settings |= MGMT_SETTING_LINK_SECURITY;
419
84bde9d6 420 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
69ab39ea
JH		 421 settings |= MGMT_SETTING_SSP;
422
6d80dfd0
JH		 423 if (test_bit(HCI_HS_ENABLED, &hdev->dev_flags))
424 settings |= MGMT_SETTING_HS;
425
69ab39ea
JH		 426 return settings;
427}
428
ef580372
JH		 429#define PNP_INFO_SVCLASS_ID 0x1200
430
431static u8 bluetooth_base_uuid[] = {
432 0xFB, 0x34, 0x9B, 0x5F, 0x80, 0x00, 0x00, 0x80,
433 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
434};
435
436static u16 get_uuid16(u8 *uuid128)
437{
438 u32 val;
439 int i;
440
441 for (i = 0; i < 12; i++) {
442 if (bluetooth_base_uuid[i] != uuid128[i])
443 return 0;
444 }
445
3e9fb6d8 446 val = get_unaligned_le32(&uuid128[12]);
ef580372
JH		 447 if (val > 0xffff)
448 return 0;
449
450 return (u16) val;
451}
452
453static void create_eir(struct hci_dev *hdev, u8 *data)
454{
455 u8 *ptr = data;
456 u16 eir_len = 0;
457 u16 uuid16_list[HCI_MAX_EIR_LENGTH / sizeof(u16)];
458 int i, truncated = 0;
459 struct bt_uuid *uuid;
460 size_t name_len;
461
462 name_len = strlen(hdev->dev_name);
463
464 if (name_len > 0) {
465 /* EIR Data type */
466 if (name_len > 48) {
467 name_len = 48;
468 ptr[1] = EIR_NAME_SHORT;
469 } else
470 ptr[1] = EIR_NAME_COMPLETE;
471
472 /* EIR Data length */
473 ptr[0] = name_len + 1;
474
475 memcpy(ptr + 2, hdev->dev_name, name_len);
476
477 eir_len += (name_len + 2);
478 ptr += (name_len + 2);
479 }
480
91c4e9b1
MH		 481 if (hdev->inq_tx_power) {
482 ptr[0] = 2;
483 ptr[1] = EIR_TX_POWER;
484 ptr[2] = (u8) hdev->inq_tx_power;
485
486 eir_len += 3;
487 ptr += 3;
488 }
489
2b9be137
MH		 490 if (hdev->devid_source > 0) {
491 ptr[0] = 9;
492 ptr[1] = EIR_DEVICE_ID;
493
494 put_unaligned_le16(hdev->devid_source, ptr + 2);
495 put_unaligned_le16(hdev->devid_vendor, ptr + 4);
496 put_unaligned_le16(hdev->devid_product, ptr + 6);
497 put_unaligned_le16(hdev->devid_version, ptr + 8);
498
499 eir_len += 10;
500 ptr += 10;
501 }
502
ef580372
JH		 503 memset(uuid16_list, 0, sizeof(uuid16_list));
504
505 /* Group all UUID16 types */
506 list_for_each_entry(uuid, &hdev->uuids, list) {
507 u16 uuid16;
508
509 uuid16 = get_uuid16(uuid->uuid);
510 if (uuid16 == 0)
511 return;
512
513 if (uuid16 < 0x1100)
514 continue;
515
516 if (uuid16 == PNP_INFO_SVCLASS_ID)
517 continue;
518
519 /* Stop if not enough space to put next UUID */
520 if (eir_len + 2 + sizeof(u16) > HCI_MAX_EIR_LENGTH) {
521 truncated = 1;
522 break;
523 }
524
525 /* Check for duplicates */
526 for (i = 0; uuid16_list[i] != 0; i++)
527 if (uuid16_list[i] == uuid16)
528 break;
529
530 if (uuid16_list[i] == 0) {
531 uuid16_list[i] = uuid16;
532 eir_len += sizeof(u16);
533 }
534 }
535
536 if (uuid16_list[0] != 0) {
537 u8 *length = ptr;
538
539 /* EIR Data type */
540 ptr[1] = truncated ? EIR_UUID16_SOME : EIR_UUID16_ALL;
541
542 ptr += 2;
543 eir_len += 2;
544
545 for (i = 0; uuid16_list[i] != 0; i++) {
546 *ptr++ = (uuid16_list[i] & 0x00ff);
547 *ptr++ = (uuid16_list[i] & 0xff00) >> 8;
548 }
549
550 /* EIR Data length */
551 *length = (i * sizeof(u16)) + 1;
552 }
553}
554
555static int update_eir(struct hci_dev *hdev)
556{
557 struct hci_cp_write_eir cp;
558
504c8dcd 559 if (!hdev_is_powered(hdev))
7770c4aa
JH		 560 return 0;
561
ef580372
JH		 562 if (!(hdev->features[6] & LMP_EXT_INQ))
563 return 0;
564
84bde9d6 565 if (!test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
ef580372
JH		 566 return 0;
567
a8b2d5c2 568 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
ef580372
JH		 569 return 0;
570
571 memset(&cp, 0, sizeof(cp));
572
573 create_eir(hdev, cp.data);
574
575 if (memcmp(cp.data, hdev->eir, sizeof(cp.data)) == 0)
576 return 0;
577
578 memcpy(hdev->eir, cp.data, sizeof(cp.data));
579
580 return hci_send_cmd(hdev, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
581}
582
583static u8 get_service_classes(struct hci_dev *hdev)
584{
585 struct bt_uuid *uuid;
586 u8 val = 0;
587
588 list_for_each_entry(uuid, &hdev->uuids, list)
589 val |= uuid->svc_hint;
590
591 return val;
592}
593
594static int update_class(struct hci_dev *hdev)
595{
596 u8 cod[3];
c95f0ba7 597 int err;
ef580372
JH		 598
599 BT_DBG("%s", hdev->name);
600
504c8dcd 601 if (!hdev_is_powered(hdev))
7770c4aa
JH		 602 return 0;
603
a8b2d5c2 604 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
ef580372
JH		 605 return 0;
606
607 cod[0] = hdev->minor_class;
608 cod[1] = hdev->major_class;
609 cod[2] = get_service_classes(hdev);
610
611 if (memcmp(cod, hdev->dev_class, 3) == 0)
612 return 0;
613
c95f0ba7
JH		 614 err = hci_send_cmd(hdev, HCI_OP_WRITE_CLASS_OF_DEV, sizeof(cod), cod);
615 if (err == 0)
616 set_bit(HCI_PENDING_CLASS, &hdev->dev_flags);
617
618 return err;
ef580372
JH		 619}
620
7d78525d
JH		 621static void service_cache_off(struct work_struct *work)
622{
623 struct hci_dev *hdev = container_of(work, struct hci_dev,
04124681 624 service_cache.work);
7d78525d 625
a8b2d5c2 626 if (!test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
7d78525d
JH		 627 return;
628
629 hci_dev_lock(hdev);
630
631 update_eir(hdev);
632 update_class(hdev);
633
634 hci_dev_unlock(hdev);
635}
636
6a919082 637static void mgmt_init_hdev(struct sock *sk, struct hci_dev *hdev)
7d78525d 638{
4f87da80 639 if (test_and_set_bit(HCI_MGMT, &hdev->dev_flags))
6a919082
JH		 640 return;
641
4f87da80 642 INIT_DELAYED_WORK(&hdev->service_cache, service_cache_off);
7d78525d 643
4f87da80
JH		 644 /* Non-mgmt controlled devices get this bit set
645 * implicitly so that pairing works for them, however
646 * for mgmt we require user-space to explicitly enable
647 * it
648 */
649 clear_bit(HCI_PAIRABLE, &hdev->dev_flags);
7d78525d
JH		 650}
651
0f4e68cf 652static int read_controller_info(struct sock *sk, struct hci_dev *hdev,
04124681 653 void *data, u16 data_len)
0381101f 654{
a38528f1 655 struct mgmt_rp_read_info rp;
f7b64e69 656
bdb6d971 657 BT_DBG("sock %p %s", sk, hdev->name);
f7b64e69 658
09fd0de5 659 hci_dev_lock(hdev);
f7b64e69 660
dc4fe30b
JH		 661 memset(&rp, 0, sizeof(rp));
662
69ab39ea 663 bacpy(&rp.bdaddr, &hdev->bdaddr);
f7b64e69 664
69ab39ea 665 rp.version = hdev->hci_ver;
eb55ef07 666 rp.manufacturer = cpu_to_le16(hdev->manufacturer);
69ab39ea
JH		 667
668 rp.supported_settings = cpu_to_le32(get_supported_settings(hdev));
669 rp.current_settings = cpu_to_le32(get_current_settings(hdev));
f7b64e69 670
a38528f1 671 memcpy(rp.dev_class, hdev->dev_class, 3);
f7b64e69 672
dc4fe30b 673 memcpy(rp.name, hdev->dev_name, sizeof(hdev->dev_name));
27fcc362 674 memcpy(rp.short_name, hdev->short_name, sizeof(hdev->short_name));
dc4fe30b 675
09fd0de5 676 hci_dev_unlock(hdev);
0381101f 677
bdb6d971 678 return cmd_complete(sk, hdev->id, MGMT_OP_READ_INFO, 0, &rp,
04124681 679 sizeof(rp));
0381101f
JH		 680}
681
eec8d2bc
JH		 682static void mgmt_pending_free(struct pending_cmd *cmd)
683{
684 sock_put(cmd->sk);
c68fb7ff 685 kfree(cmd->param);
eec8d2bc
JH		 686 kfree(cmd);
687}
688
366a0336 689static struct pending_cmd *mgmt_pending_add(struct sock *sk, u16 opcode,
04124681
GP		 690 struct hci_dev *hdev, void *data,
691 u16 len)
eec8d2bc
JH		 692{
693 struct pending_cmd *cmd;
694
695 cmd = kmalloc(sizeof(*cmd), GFP_ATOMIC);
696 if (!cmd)
366a0336 697 return NULL;
eec8d2bc
JH		 698
699 cmd->opcode = opcode;
2e58ef3e 700 cmd->index = hdev->id;
eec8d2bc 701
c68fb7ff
SJ		 702 cmd->param = kmalloc(len, GFP_ATOMIC);
703 if (!cmd->param) {
eec8d2bc 704 kfree(cmd);
366a0336 705 return NULL;
eec8d2bc
JH		 706 }
707
8fce6357
SJ		 708 if (data)
709 memcpy(cmd->param, data, len);
eec8d2bc
JH		 710
711 cmd->sk = sk;
712 sock_hold(sk);
713
2e58ef3e 714 list_add(&cmd->list, &hdev->mgmt_pending);
eec8d2bc 715
366a0336 716 return cmd;
eec8d2bc
JH		 717}
718
744cf19e 719static void mgmt_pending_foreach(u16 opcode, struct hci_dev *hdev,
04124681
GP		 720 void (*cb)(struct pending_cmd *cmd, void *data),
721 void *data)
eec8d2bc
JH		 722{
723 struct list_head *p, *n;
724
2e58ef3e 725 list_for_each_safe(p, n, &hdev->mgmt_pending) {
eec8d2bc
JH		 726 struct pending_cmd *cmd;
727
728 cmd = list_entry(p, struct pending_cmd, list);
729
b24752fe 730 if (opcode > 0 && cmd->opcode != opcode)
eec8d2bc
JH		 731 continue;
732
eec8d2bc
JH		 733 cb(cmd, data);
734 }
735}
736
2e58ef3e 737static struct pending_cmd *mgmt_pending_find(u16 opcode, struct hci_dev *hdev)
eec8d2bc 738{
8035ded4 739 struct pending_cmd *cmd;
eec8d2bc 740
2e58ef3e 741 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
2aeabcbe
JH		 742 if (cmd->opcode == opcode)
743 return cmd;
eec8d2bc
JH		 744 }
745
746 return NULL;
747}
748
a664b5bc 749static void mgmt_pending_remove(struct pending_cmd *cmd)
73f22f62 750{
73f22f62
JH		 751 list_del(&cmd->list);
752 mgmt_pending_free(cmd);
753}
754
69ab39ea 755static int send_settings_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
8680570b 756{
69ab39ea 757 __le32 settings = cpu_to_le32(get_current_settings(hdev));
8680570b 758
aee9b218 759 return cmd_complete(sk, hdev->id, opcode, 0, &settings,
04124681 760 sizeof(settings));
8680570b
JH		 761}
762
bdb6d971 763static int set_powered(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 764 u16 len)
eec8d2bc 765{
650f726d 766 struct mgmt_mode *cp = data;
366a0336 767 struct pending_cmd *cmd;
4b34ee78 768 int err;
eec8d2bc 769
bdb6d971 770 BT_DBG("request for %s", hdev->name);
eec8d2bc 771
09fd0de5 772 hci_dev_lock(hdev);
eec8d2bc 773
f0d4b78a
MH		 774 if (test_and_clear_bit(HCI_AUTO_OFF, &hdev->dev_flags)) {
775 cancel_delayed_work(&hdev->power_off);
776
777 if (cp->val) {
778 err = send_settings_rsp(sk, MGMT_OP_SET_POWERED, hdev);
779 mgmt_powered(hdev, 1);
780 goto failed;
781 }
782 }
783
4b34ee78 784 if (!!cp->val == hdev_is_powered(hdev)) {
69ab39ea 785 err = send_settings_rsp(sk, MGMT_OP_SET_POWERED, hdev);
eec8d2bc
JH		 786 goto failed;
787 }
788
2e58ef3e 789 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev)) {
bdb6d971 790 err = cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
04124681 791 MGMT_STATUS_BUSY);
eec8d2bc
JH		 792 goto failed;
793 }
794
2e58ef3e 795 cmd = mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev, data, len);
366a0336
JH		 796 if (!cmd) {
797 err = -ENOMEM;
eec8d2bc 798 goto failed;
366a0336 799 }
eec8d2bc 800
72a734ec 801 if (cp->val)
7f971041 802 schedule_work(&hdev->power_on);
eec8d2bc 803 else
80b7ab33 804 schedule_work(&hdev->power_off.work);
eec8d2bc 805
366a0336 806 err = 0;
eec8d2bc
JH		 807
808failed:
09fd0de5 809 hci_dev_unlock(hdev);
366a0336 810 return err;
eec8d2bc
JH		 811}
812
04124681
GP		 813static int mgmt_event(u16 event, struct hci_dev *hdev, void *data, u16 data_len,
814 struct sock *skip_sk)
beadb2bd
JH		 815{
816 struct sk_buff *skb;
817 struct mgmt_hdr *hdr;
818
819 skb = alloc_skb(sizeof(*hdr) + data_len, GFP_ATOMIC);
820 if (!skb)
821 return -ENOMEM;
822
823 hdr = (void *) skb_put(skb, sizeof(*hdr));
824 hdr->opcode = cpu_to_le16(event);
825 if (hdev)
826 hdr->index = cpu_to_le16(hdev->id);
827 else
828 hdr->index = cpu_to_le16(MGMT_INDEX_NONE);
829 hdr->len = cpu_to_le16(data_len);
830
831 if (data)
832 memcpy(skb_put(skb, data_len), data, data_len);
833
97e0bdeb
MH		 834 /* Time stamp */
835 __net_timestamp(skb);
836
beadb2bd
JH		 837 hci_send_to_control(skb, skip_sk);
838 kfree_skb(skb);
839
840 return 0;
841}
842
843static int new_settings(struct hci_dev *hdev, struct sock *skip)
844{
845 __le32 ev;
846
847 ev = cpu_to_le32(get_current_settings(hdev));
848
849 return mgmt_event(MGMT_EV_NEW_SETTINGS, hdev, &ev, sizeof(ev), skip);
850}
851
bdb6d971 852static int set_discoverable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 853 u16 len)
73f22f62 854{
650f726d 855 struct mgmt_cp_set_discoverable *cp = data;
366a0336 856 struct pending_cmd *cmd;
5e5282bb 857 u16 timeout;
73f22f62
JH		 858 u8 scan;
859 int err;
860
bdb6d971 861 BT_DBG("request for %s", hdev->name);
73f22f62 862
1f350c87 863 timeout = __le16_to_cpu(cp->timeout);
24c54a90 864 if (!cp->val && timeout > 0)
bdb6d971 865 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 866 MGMT_STATUS_INVALID_PARAMS);
73f22f62 867
09fd0de5 868 hci_dev_lock(hdev);
73f22f62 869
5e5282bb 870 if (!hdev_is_powered(hdev) && timeout > 0) {
bdb6d971 871 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 872 MGMT_STATUS_NOT_POWERED);
73f22f62
JH		 873 goto failed;
874 }
875
2e58ef3e
JH		 876 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
877 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
bdb6d971 878 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 879 MGMT_STATUS_BUSY);
73f22f62
JH		 880 goto failed;
881 }
882
5e5282bb 883 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags)) {
bdb6d971 884 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 885 MGMT_STATUS_REJECTED);
5e5282bb
JH		 886 goto failed;
887 }
888
889 if (!hdev_is_powered(hdev)) {
0224d2fa
JH		 890 bool changed = false;
891
892 if (!!cp->val != test_bit(HCI_DISCOVERABLE, &hdev->dev_flags)) {
893 change_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
894 changed = true;
895 }
896
5e5282bb 897 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
0224d2fa
JH		 898 if (err < 0)
899 goto failed;
900
901 if (changed)
902 err = new_settings(hdev, sk);
903
5e5282bb
JH		 904 goto failed;
905 }
906
907 if (!!cp->val == test_bit(HCI_DISCOVERABLE, &hdev->dev_flags)) {
955638ec
MH		 908 if (hdev->discov_timeout > 0) {
909 cancel_delayed_work(&hdev->discov_off);
910 hdev->discov_timeout = 0;
911 }
912
913 if (cp->val && timeout > 0) {
914 hdev->discov_timeout = timeout;
915 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
916 msecs_to_jiffies(hdev->discov_timeout * 1000));
917 }
918
69ab39ea 919 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
73f22f62
JH		 920 goto failed;
921 }
922
2e58ef3e 923 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DISCOVERABLE, hdev, data, len);
366a0336
JH		 924 if (!cmd) {
925 err = -ENOMEM;
73f22f62 926 goto failed;
366a0336 927 }
73f22f62
JH		 928
929 scan = SCAN_PAGE;
930
72a734ec 931 if (cp->val)
73f22f62 932 scan |= SCAN_INQUIRY;
16ab91ab 933 else
e0f9309f 934 cancel_delayed_work(&hdev->discov_off);
73f22f62
JH		 935
936 err = hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
937 if (err < 0)
a664b5bc 938 mgmt_pending_remove(cmd);
73f22f62 939
16ab91ab 940 if (cp->val)
5e5282bb 941 hdev->discov_timeout = timeout;
16ab91ab 942
73f22f62 943failed:
09fd0de5 944 hci_dev_unlock(hdev);
73f22f62
JH		 945 return err;
946}
947
bdb6d971 948static int set_connectable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 949 u16 len)
9fbcbb45 950{
650f726d 951 struct mgmt_mode *cp = data;
366a0336 952 struct pending_cmd *cmd;
9fbcbb45
JH		 953 u8 scan;
954 int err;
955
bdb6d971 956 BT_DBG("request for %s", hdev->name);
9fbcbb45 957
09fd0de5 958 hci_dev_lock(hdev);
9fbcbb45 959
4b34ee78 960 if (!hdev_is_powered(hdev)) {
0224d2fa
JH		 961 bool changed = false;
962
963 if (!!cp->val != test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
964 changed = true;
965
6bf0e469 966 if (cp->val) {
5e5282bb 967 set_bit(HCI_CONNECTABLE, &hdev->dev_flags);
6bf0e469 968 } else {
5e5282bb
JH		 969 clear_bit(HCI_CONNECTABLE, &hdev->dev_flags);
970 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
971 }
0224d2fa 972
5e5282bb 973 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
0224d2fa
JH		 974 if (err < 0)
975 goto failed;
976
977 if (changed)
978 err = new_settings(hdev, sk);
979
9fbcbb45
JH		 980 goto failed;
981 }
982
2e58ef3e
JH		 983 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
984 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
bdb6d971 985 err = cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
04124681 986 MGMT_STATUS_BUSY);
9fbcbb45
JH		 987 goto failed;
988 }
989
5e5282bb 990 if (!!cp->val == test_bit(HCI_PSCAN, &hdev->flags)) {
69ab39ea 991 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
9fbcbb45
JH		 992 goto failed;
993 }
994
2e58ef3e 995 cmd = mgmt_pending_add(sk, MGMT_OP_SET_CONNECTABLE, hdev, data, len);
366a0336
JH		 996 if (!cmd) {
997 err = -ENOMEM;
9fbcbb45 998 goto failed;
366a0336 999 }
9fbcbb45 1000
6bf0e469 1001 if (cp->val) {
9fbcbb45 1002 scan = SCAN_PAGE;
6bf0e469 1003 } else {
9fbcbb45
JH		 1004 scan = 0;
1005
df2c6c5e
JH		 1006 if (test_bit(HCI_ISCAN, &hdev->flags) &&
1007 hdev->discov_timeout > 0)
1008 cancel_delayed_work(&hdev->discov_off);
1009 }
1010
9fbcbb45
JH		 1011 err = hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1012 if (err < 0)
a664b5bc 1013 mgmt_pending_remove(cmd);
9fbcbb45
JH		 1014
1015failed:
09fd0de5 1016 hci_dev_unlock(hdev);
9fbcbb45
JH		 1017 return err;
1018}
1019
bdb6d971 1020static int set_pairable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1021 u16 len)
c542a06c 1022{
650f726d 1023 struct mgmt_mode *cp = data;
c542a06c
JH		 1024 int err;
1025
bdb6d971 1026 BT_DBG("request for %s", hdev->name);
c542a06c 1027
09fd0de5 1028 hci_dev_lock(hdev);
c542a06c
JH		 1029
1030 if (cp->val)
a8b2d5c2 1031 set_bit(HCI_PAIRABLE, &hdev->dev_flags);
c542a06c 1032 else
a8b2d5c2 1033 clear_bit(HCI_PAIRABLE, &hdev->dev_flags);
c542a06c 1034
69ab39ea 1035 err = send_settings_rsp(sk, MGMT_OP_SET_PAIRABLE, hdev);
c542a06c
JH		 1036 if (err < 0)
1037 goto failed;
1038
beadb2bd 1039 err = new_settings(hdev, sk);
c542a06c
JH		 1040
1041failed:
09fd0de5 1042 hci_dev_unlock(hdev);
c542a06c
JH		 1043 return err;
1044}
1045
04124681
GP		 1046static int set_link_security(struct sock *sk, struct hci_dev *hdev, void *data,
1047 u16 len)
33ef95ed
JH		 1048{
1049 struct mgmt_mode *cp = data;
1050 struct pending_cmd *cmd;
816a11d5 1051 u8 val;
33ef95ed
JH		 1052 int err;
1053
bdb6d971 1054 BT_DBG("request for %s", hdev->name);
33ef95ed 1055
33ef95ed
JH		 1056 hci_dev_lock(hdev);
1057
4b34ee78 1058 if (!hdev_is_powered(hdev)) {
47990ea0
JH		 1059 bool changed = false;
1060
1061 if (!!cp->val != test_bit(HCI_LINK_SECURITY,
1062 &hdev->dev_flags)) {
1063 change_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
1064 changed = true;
1065 }
1066
1067 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1068 if (err < 0)
1069 goto failed;
1070
1071 if (changed)
1072 err = new_settings(hdev, sk);
1073
33ef95ed
JH		 1074 goto failed;
1075 }
1076
1077 if (mgmt_pending_find(MGMT_OP_SET_LINK_SECURITY, hdev)) {
bdb6d971 1078 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
04124681 1079 MGMT_STATUS_BUSY);
33ef95ed
JH		 1080 goto failed;
1081 }
1082
1083 val = !!cp->val;
1084
1085 if (test_bit(HCI_AUTH, &hdev->flags) == val) {
1086 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1087 goto failed;
1088 }
1089
1090 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LINK_SECURITY, hdev, data, len);
1091 if (!cmd) {
1092 err = -ENOMEM;
1093 goto failed;
1094 }
1095
1096 err = hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE, sizeof(val), &val);
1097 if (err < 0) {
1098 mgmt_pending_remove(cmd);
1099 goto failed;
1100 }
1101
1102failed:
1103 hci_dev_unlock(hdev);
33ef95ed
JH		 1104 return err;
1105}
1106
bdb6d971 1107static int set_ssp(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
ed2c4ee3
JH		 1108{
1109 struct mgmt_mode *cp = data;
1110 struct pending_cmd *cmd;
816a11d5 1111 u8 val;
ed2c4ee3
JH		 1112 int err;
1113
bdb6d971 1114 BT_DBG("request for %s", hdev->name);
ed2c4ee3 1115
ed2c4ee3
JH		 1116 hci_dev_lock(hdev);
1117
6c8f12c1 1118 if (!(hdev->features[6] & LMP_SIMPLE_PAIR)) {
bdb6d971 1119 err = cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
04124681 1120 MGMT_STATUS_NOT_SUPPORTED);
6c8f12c1
JH		 1121 goto failed;
1122 }
1123
c0ecddc2
JH		 1124 val = !!cp->val;
1125
4b34ee78 1126 if (!hdev_is_powered(hdev)) {
c0ecddc2
JH		 1127 bool changed = false;
1128
1129 if (val != test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) {
1130 change_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
1131 changed = true;
1132 }
1133
1134 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1135 if (err < 0)
1136 goto failed;
1137
1138 if (changed)
1139 err = new_settings(hdev, sk);
1140
ed2c4ee3
JH		 1141 goto failed;
1142 }
1143
1144 if (mgmt_pending_find(MGMT_OP_SET_SSP, hdev)) {
d97dcb66
SJ		 1145 err = cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1146 MGMT_STATUS_BUSY);
ed2c4ee3
JH		 1147 goto failed;
1148 }
1149
ed2c4ee3
JH		 1150 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags) == val) {
1151 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1152 goto failed;
1153 }
1154
1155 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SSP, hdev, data, len);
1156 if (!cmd) {
1157 err = -ENOMEM;
1158 goto failed;
1159 }
1160
1161 err = hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, sizeof(val), &val);
1162 if (err < 0) {
1163 mgmt_pending_remove(cmd);
1164 goto failed;
1165 }
1166
1167failed:
1168 hci_dev_unlock(hdev);
ed2c4ee3
JH		 1169 return err;
1170}
1171
bdb6d971 1172static int set_hs(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
6d80dfd0
JH		 1173{
1174 struct mgmt_mode *cp = data;
6d80dfd0 1175
bdb6d971 1176 BT_DBG("request for %s", hdev->name);
6d80dfd0 1177
bdb6d971
JH		 1178 if (!enable_hs)
1179 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
04124681 1180 MGMT_STATUS_NOT_SUPPORTED);
6d80dfd0
JH		 1181
1182 if (cp->val)
1183 set_bit(HCI_HS_ENABLED, &hdev->dev_flags);
1184 else
1185 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
1186
bdb6d971 1187 return send_settings_rsp(sk, MGMT_OP_SET_HS, hdev);
6d80dfd0
JH		 1188}
1189
bdb6d971 1190static int set_le(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
06199cf8
JH		 1191{
1192 struct mgmt_mode *cp = data;
1193 struct hci_cp_write_le_host_supported hci_cp;
1194 struct pending_cmd *cmd;
06199cf8 1195 int err;
0b60eba1 1196 u8 val, enabled;
06199cf8 1197
bdb6d971 1198 BT_DBG("request for %s", hdev->name);
06199cf8 1199
1de028ce
JH		 1200 hci_dev_lock(hdev);
1201
06199cf8 1202 if (!enable_le || !(hdev->features[4] & LMP_LE)) {
bdb6d971 1203 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
04124681 1204 MGMT_STATUS_NOT_SUPPORTED);
1de028ce 1205 goto unlock;
06199cf8
JH		 1206 }
1207
1208 val = !!cp->val;
0b60eba1 1209 enabled = !!(hdev->host_features[0] & LMP_HOST_LE);
06199cf8 1210
0b60eba1 1211 if (!hdev_is_powered(hdev) || val == enabled) {
06199cf8
JH		 1212 bool changed = false;
1213
1214 if (val != test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
1215 change_bit(HCI_LE_ENABLED, &hdev->dev_flags);
1216 changed = true;
1217 }
1218
1219 err = send_settings_rsp(sk, MGMT_OP_SET_LE, hdev);
1220 if (err < 0)
1de028ce 1221 goto unlock;
06199cf8
JH		 1222
1223 if (changed)
1224 err = new_settings(hdev, sk);
1225
1de028ce 1226 goto unlock;
06199cf8
JH		 1227 }
1228
1229 if (mgmt_pending_find(MGMT_OP_SET_LE, hdev)) {
bdb6d971 1230 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
04124681 1231 MGMT_STATUS_BUSY);
1de028ce 1232 goto unlock;
06199cf8
JH		 1233 }
1234
1235 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LE, hdev, data, len);
1236 if (!cmd) {
1237 err = -ENOMEM;
1de028ce 1238 goto unlock;
06199cf8
JH		 1239 }
1240
1241 memset(&hci_cp, 0, sizeof(hci_cp));
1242
1243 if (val) {
1244 hci_cp.le = val;
1245 hci_cp.simul = !!(hdev->features[6] & LMP_SIMUL_LE_BR);
1246 }
1247
04124681
GP		 1248 err = hci_send_cmd(hdev, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(hci_cp),
1249 &hci_cp);
0c01bc48 1250 if (err < 0)
06199cf8 1251 mgmt_pending_remove(cmd);
06199cf8 1252
1de028ce
JH		 1253unlock:
1254 hci_dev_unlock(hdev);
06199cf8
JH		 1255 return err;
1256}
1257
bdb6d971 1258static int add_uuid(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
2aeb9a1a 1259{
650f726d 1260 struct mgmt_cp_add_uuid *cp = data;
90e70454 1261 struct pending_cmd *cmd;
2aeb9a1a 1262 struct bt_uuid *uuid;
2aeb9a1a
JH		 1263 int err;
1264
bdb6d971 1265 BT_DBG("request for %s", hdev->name);
2aeb9a1a 1266
09fd0de5 1267 hci_dev_lock(hdev);
2aeb9a1a 1268
c95f0ba7 1269 if (test_bit(HCI_PENDING_CLASS, &hdev->dev_flags)) {
bdb6d971 1270 err = cmd_status(sk, hdev->id, MGMT_OP_ADD_UUID,
04124681 1271 MGMT_STATUS_BUSY);
c95f0ba7
JH		 1272 goto failed;
1273 }
1274
2aeb9a1a
JH		 1275 uuid = kmalloc(sizeof(*uuid), GFP_ATOMIC);
1276 if (!uuid) {
1277 err = -ENOMEM;
1278 goto failed;
1279 }
1280
1281 memcpy(uuid->uuid, cp->uuid, 16);
1aff6f09 1282 uuid->svc_hint = cp->svc_hint;
2aeb9a1a
JH		 1283
1284 list_add(&uuid->list, &hdev->uuids);
1285
1aff6f09
JH		 1286 err = update_class(hdev);
1287 if (err < 0)
1288 goto failed;
1289
80a1e1db
JH		 1290 err = update_eir(hdev);
1291 if (err < 0)
1292 goto failed;
1293
90e70454 1294 if (!test_bit(HCI_PENDING_CLASS, &hdev->dev_flags)) {
bdb6d971 1295 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_UUID, 0,
04124681 1296 hdev->dev_class, 3);
90e70454
JH		 1297 goto failed;
1298 }
1299
1300 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_UUID, hdev, data, len);
0c01bc48 1301 if (!cmd)
90e70454 1302 err = -ENOMEM;
2aeb9a1a
JH		 1303
1304failed:
09fd0de5 1305 hci_dev_unlock(hdev);
2aeb9a1a
JH		 1306 return err;
1307}
1308
24b78d0f
JH		 1309static bool enable_service_cache(struct hci_dev *hdev)
1310{
1311 if (!hdev_is_powered(hdev))
1312 return false;
1313
1314 if (!test_and_set_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
17b02e62 1315 schedule_delayed_work(&hdev->service_cache, CACHE_TIMEOUT);
24b78d0f
JH		 1316 return true;
1317 }
1318
1319 return false;
1320}
1321
bdb6d971
JH		 1322static int remove_uuid(struct sock *sk, struct hci_dev *hdev, void *data,
1323 u16 len)
2aeb9a1a 1324{
650f726d 1325 struct mgmt_cp_remove_uuid *cp = data;
90e70454 1326 struct pending_cmd *cmd;
2aeb9a1a 1327 struct list_head *p, *n;
2aeb9a1a 1328 u8 bt_uuid_any[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
2aeb9a1a
JH		 1329 int err, found;
1330
bdb6d971 1331 BT_DBG("request for %s", hdev->name);
2aeb9a1a 1332
09fd0de5 1333 hci_dev_lock(hdev);
2aeb9a1a 1334
c95f0ba7 1335 if (test_bit(HCI_PENDING_CLASS, &hdev->dev_flags)) {
bdb6d971 1336 err = cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
04124681 1337 MGMT_STATUS_BUSY);
c95f0ba7
JH		 1338 goto unlock;
1339 }
1340
2aeb9a1a
JH		 1341 if (memcmp(cp->uuid, bt_uuid_any, 16) == 0) {
1342 err = hci_uuids_clear(hdev);
4004b6d9 1343
24b78d0f 1344 if (enable_service_cache(hdev)) {
bdb6d971 1345 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID,
04124681 1346 0, hdev->dev_class, 3);
24b78d0f
JH		 1347 goto unlock;
1348 }
4004b6d9 1349
9246a869 1350 goto update_class;
2aeb9a1a
JH		 1351 }
1352
1353 found = 0;
1354
1355 list_for_each_safe(p, n, &hdev->uuids) {
1356 struct bt_uuid *match = list_entry(p, struct bt_uuid, list);
1357
1358 if (memcmp(match->uuid, cp->uuid, 16) != 0)
1359 continue;
1360
1361 list_del(&match->list);
1362 found++;
1363 }
1364
1365 if (found == 0) {
bdb6d971 1366 err = cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
04124681 1367 MGMT_STATUS_INVALID_PARAMS);
2aeb9a1a
JH		 1368 goto unlock;
1369 }
1370
9246a869 1371update_class:
1aff6f09
JH		 1372 err = update_class(hdev);
1373 if (err < 0)
1374 goto unlock;
1375
80a1e1db
JH		 1376 err = update_eir(hdev);
1377 if (err < 0)
1378 goto unlock;
1379
90e70454 1380 if (!test_bit(HCI_PENDING_CLASS, &hdev->dev_flags)) {
bdb6d971 1381 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID, 0,
04124681 1382 hdev->dev_class, 3);
90e70454
JH		 1383 goto unlock;
1384 }
1385
1386 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_UUID, hdev, data, len);
0c01bc48 1387 if (!cmd)
90e70454 1388 err = -ENOMEM;
2aeb9a1a
JH		 1389
1390unlock:
09fd0de5 1391 hci_dev_unlock(hdev);
2aeb9a1a
JH		 1392 return err;
1393}
1394
bdb6d971 1395static int set_dev_class(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1396 u16 len)
1aff6f09 1397{
650f726d 1398 struct mgmt_cp_set_dev_class *cp = data;
90e70454 1399 struct pending_cmd *cmd;
1aff6f09
JH		 1400 int err;
1401
bdb6d971 1402 BT_DBG("request for %s", hdev->name);
1aff6f09 1403
09fd0de5 1404 hci_dev_lock(hdev);
1aff6f09 1405
c95f0ba7 1406 if (test_bit(HCI_PENDING_CLASS, &hdev->dev_flags)) {
bdb6d971 1407 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
04124681 1408 MGMT_STATUS_BUSY);
c95f0ba7
JH		 1409 goto unlock;
1410 }
1411
932f5ff5
JH		 1412 hdev->major_class = cp->major;
1413 hdev->minor_class = cp->minor;
1414
b5235a65 1415 if (!hdev_is_powered(hdev)) {
bdb6d971 1416 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
04124681 1417 hdev->dev_class, 3);
b5235a65
JH		 1418 goto unlock;
1419 }
1420
a8b2d5c2 1421 if (test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
7d78525d
JH		 1422 hci_dev_unlock(hdev);
1423 cancel_delayed_work_sync(&hdev->service_cache);
1424 hci_dev_lock(hdev);
14c0b608 1425 update_eir(hdev);
7d78525d 1426 }
14c0b608 1427
1aff6f09 1428 err = update_class(hdev);
90e70454
JH		 1429 if (err < 0)
1430 goto unlock;
1aff6f09 1431
90e70454 1432 if (!test_bit(HCI_PENDING_CLASS, &hdev->dev_flags)) {
bdb6d971 1433 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
04124681 1434 hdev->dev_class, 3);
90e70454
JH		 1435 goto unlock;
1436 }
1437
1438 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DEV_CLASS, hdev, data, len);
0c01bc48 1439 if (!cmd)
90e70454 1440 err = -ENOMEM;
1aff6f09 1441
b5235a65 1442unlock:
09fd0de5 1443 hci_dev_unlock(hdev);
1aff6f09
JH		 1444 return err;
1445}
1446
bdb6d971
JH		 1447static int load_link_keys(struct sock *sk, struct hci_dev *hdev, void *data,
1448 u16 len)
55ed8ca1 1449{
650f726d 1450 struct mgmt_cp_load_link_keys *cp = data;
4e51eae9 1451 u16 key_count, expected_len;
a492cd52 1452 int i;
55ed8ca1 1453
1f350c87 1454 key_count = __le16_to_cpu(cp->key_count);
55ed8ca1 1455
86742e1e
JH		 1456 expected_len = sizeof(*cp) + key_count *
1457 sizeof(struct mgmt_link_key_info);
a492cd52 1458 if (expected_len != len) {
86742e1e 1459 BT_ERR("load_link_keys: expected %u bytes, got %u bytes",
a492cd52 1460 len, expected_len);
bdb6d971 1461 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
04124681 1462 MGMT_STATUS_INVALID_PARAMS);
55ed8ca1
JH		 1463 }
1464
bdb6d971 1465 BT_DBG("%s debug_keys %u key_count %u", hdev->name, cp->debug_keys,
55ed8ca1
JH		 1466 key_count);
1467
09fd0de5 1468 hci_dev_lock(hdev);
55ed8ca1
JH		 1469
1470 hci_link_keys_clear(hdev);
1471
a8b2d5c2 1472 set_bit(HCI_LINK_KEYS, &hdev->dev_flags);
55ed8ca1
JH		 1473
1474 if (cp->debug_keys)
a8b2d5c2 1475 set_bit(HCI_DEBUG_KEYS, &hdev->dev_flags);
55ed8ca1 1476 else
a8b2d5c2 1477 clear_bit(HCI_DEBUG_KEYS, &hdev->dev_flags);
55ed8ca1 1478
a492cd52 1479 for (i = 0; i < key_count; i++) {
86742e1e 1480 struct mgmt_link_key_info *key = &cp->keys[i];
55ed8ca1 1481
d753fdc4 1482 hci_add_link_key(hdev, NULL, 0, &key->addr.bdaddr, key->val,
04124681 1483 key->type, key->pin_len);
55ed8ca1
JH		 1484 }
1485
bdb6d971 1486 cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS, 0, NULL, 0);
0e5f875a 1487
09fd0de5 1488 hci_dev_unlock(hdev);
55ed8ca1 1489
a492cd52 1490 return 0;
55ed8ca1
JH		 1491}
1492
b1078ad0 1493static int device_unpaired(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 1494 u8 addr_type, struct sock *skip_sk)
b1078ad0
JH		 1495{
1496 struct mgmt_ev_device_unpaired ev;
1497
1498 bacpy(&ev.addr.bdaddr, bdaddr);
1499 ev.addr.type = addr_type;
1500
1501 return mgmt_event(MGMT_EV_DEVICE_UNPAIRED, hdev, &ev, sizeof(ev),
04124681 1502 skip_sk);
b1078ad0
JH		 1503}
1504
bdb6d971 1505static int unpair_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1506 u16 len)
55ed8ca1 1507{
124f6e35
JH		 1508 struct mgmt_cp_unpair_device *cp = data;
1509 struct mgmt_rp_unpair_device rp;
a8a1d19e
JH		 1510 struct hci_cp_disconnect dc;
1511 struct pending_cmd *cmd;
55ed8ca1 1512 struct hci_conn *conn;
55ed8ca1
JH		 1513 int err;
1514
09fd0de5 1515 hci_dev_lock(hdev);
55ed8ca1 1516
a8a1d19e 1517 memset(&rp, 0, sizeof(rp));
124f6e35
JH		 1518 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
1519 rp.addr.type = cp->addr.type;
a8a1d19e 1520
86a8cfc6 1521 if (!hdev_is_powered(hdev)) {
bdb6d971 1522 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
04124681 1523 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
86a8cfc6
JH		 1524 goto unlock;
1525 }
1526
591f47f3 1527 if (cp->addr.type == BDADDR_BREDR)
124f6e35
JH		 1528 err = hci_remove_link_key(hdev, &cp->addr.bdaddr);
1529 else
1530 err = hci_remove_ltk(hdev, &cp->addr.bdaddr);
b0dbfb46 1531
55ed8ca1 1532 if (err < 0) {
bdb6d971 1533 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
04124681 1534 MGMT_STATUS_NOT_PAIRED, &rp, sizeof(rp));
55ed8ca1
JH		 1535 goto unlock;
1536 }
1537
86a8cfc6 1538 if (cp->disconnect) {
591f47f3 1539 if (cp->addr.type == BDADDR_BREDR)
86a8cfc6 1540 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
124f6e35 1541 &cp->addr.bdaddr);
86a8cfc6
JH		 1542 else
1543 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK,
124f6e35 1544 &cp->addr.bdaddr);
86a8cfc6
JH		 1545 } else {
1546 conn = NULL;
1547 }
124f6e35 1548
a8a1d19e 1549 if (!conn) {
bdb6d971 1550 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE, 0,
04124681 1551 &rp, sizeof(rp));
b1078ad0 1552 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, sk);
a8a1d19e
JH		 1553 goto unlock;
1554 }
55ed8ca1 1555
124f6e35 1556 cmd = mgmt_pending_add(sk, MGMT_OP_UNPAIR_DEVICE, hdev, cp,
04124681 1557 sizeof(*cp));
a8a1d19e
JH		 1558 if (!cmd) {
1559 err = -ENOMEM;
1560 goto unlock;
55ed8ca1
JH		 1561 }
1562
eb55ef07 1563 dc.handle = cpu_to_le16(conn->handle);
a8a1d19e
JH		 1564 dc.reason = 0x13; /* Remote User Terminated Connection */
1565 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
1566 if (err < 0)
1567 mgmt_pending_remove(cmd);
1568
55ed8ca1 1569unlock:
09fd0de5 1570 hci_dev_unlock(hdev);
55ed8ca1
JH		 1571 return err;
1572}
1573
bdb6d971 1574static int disconnect(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1575 u16 len)
8962ee74 1576{
650f726d 1577 struct mgmt_cp_disconnect *cp = data;
8962ee74 1578 struct hci_cp_disconnect dc;
366a0336 1579 struct pending_cmd *cmd;
8962ee74 1580 struct hci_conn *conn;
8962ee74
JH		 1581 int err;
1582
1583 BT_DBG("");
1584
09fd0de5 1585 hci_dev_lock(hdev);
8962ee74
JH		 1586
1587 if (!test_bit(HCI_UP, &hdev->flags)) {
bdb6d971 1588 err = cmd_status(sk, hdev->id, MGMT_OP_DISCONNECT,
04124681 1589 MGMT_STATUS_NOT_POWERED);
8962ee74
JH		 1590 goto failed;
1591 }
1592
2e58ef3e 1593 if (mgmt_pending_find(MGMT_OP_DISCONNECT, hdev)) {
bdb6d971 1594 err = cmd_status(sk, hdev->id, MGMT_OP_DISCONNECT,
04124681 1595 MGMT_STATUS_BUSY);
8962ee74
JH		 1596 goto failed;
1597 }
1598
591f47f3 1599 if (cp->addr.type == BDADDR_BREDR)
88c3df13
JH		 1600 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->addr.bdaddr);
1601 else
1602 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
365227e5 1603
8962ee74 1604 if (!conn) {
bdb6d971 1605 err = cmd_status(sk, hdev->id, MGMT_OP_DISCONNECT,
04124681 1606 MGMT_STATUS_NOT_CONNECTED);
8962ee74
JH		 1607 goto failed;
1608 }
1609
2e58ef3e 1610 cmd = mgmt_pending_add(sk, MGMT_OP_DISCONNECT, hdev, data, len);
366a0336
JH		 1611 if (!cmd) {
1612 err = -ENOMEM;
8962ee74 1613 goto failed;
366a0336 1614 }
8962ee74 1615
eb55ef07 1616 dc.handle = cpu_to_le16(conn->handle);
8962ee74
JH		 1617 dc.reason = 0x13; /* Remote User Terminated Connection */
1618
1619 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
1620 if (err < 0)
a664b5bc 1621 mgmt_pending_remove(cmd);
8962ee74
JH		 1622
1623failed:
09fd0de5 1624 hci_dev_unlock(hdev);
8962ee74
JH		 1625 return err;
1626}
1627
57c1477c 1628static u8 link_to_bdaddr(u8 link_type, u8 addr_type)
4c659c39
JH		 1629{
1630 switch (link_type) {
1631 case LE_LINK:
48264f06
JH		 1632 switch (addr_type) {
1633 case ADDR_LE_DEV_PUBLIC:
591f47f3 1634 return BDADDR_LE_PUBLIC;
0ed09148 1635
48264f06 1636 default:
0ed09148 1637 /* Fallback to LE Random address type */
591f47f3 1638 return BDADDR_LE_RANDOM;
48264f06 1639 }
0ed09148 1640
4c659c39 1641 default:
0ed09148 1642 /* Fallback to BR/EDR type */
591f47f3 1643 return BDADDR_BREDR;
4c659c39
JH		 1644 }
1645}
1646
04124681
GP		 1647static int get_connections(struct sock *sk, struct hci_dev *hdev, void *data,
1648 u16 data_len)
2784eb41 1649{
2784eb41 1650 struct mgmt_rp_get_connections *rp;
8035ded4 1651 struct hci_conn *c;
a38528f1 1652 size_t rp_len;
60fc5fb6
JH		 1653 int err;
1654 u16 i;
2784eb41
JH		 1655
1656 BT_DBG("");
1657
09fd0de5 1658 hci_dev_lock(hdev);
2784eb41 1659
5f97c1df 1660 if (!hdev_is_powered(hdev)) {
bdb6d971 1661 err = cmd_status(sk, hdev->id, MGMT_OP_GET_CONNECTIONS,
04124681 1662 MGMT_STATUS_NOT_POWERED);
5f97c1df
JH		 1663 goto unlock;
1664 }
1665
60fc5fb6 1666 i = 0;
b644ba33
JH		 1667 list_for_each_entry(c, &hdev->conn_hash.list, list) {
1668 if (test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
60fc5fb6 1669 i++;
2784eb41
JH		 1670 }
1671
60fc5fb6 1672 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
a38528f1
JH		 1673 rp = kmalloc(rp_len, GFP_ATOMIC);
1674 if (!rp) {
2784eb41
JH		 1675 err = -ENOMEM;
1676 goto unlock;
1677 }
1678
2784eb41 1679 i = 0;
4c659c39 1680 list_for_each_entry(c, &hdev->conn_hash.list, list) {
b644ba33
JH		 1681 if (!test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
1682 continue;
4c659c39 1683 bacpy(&rp->addr[i].bdaddr, &c->dst);
57c1477c 1684 rp->addr[i].type = link_to_bdaddr(c->type, c->dst_type);
0ed09148 1685 if (c->type == SCO_LINK || c->type == ESCO_LINK)
4c659c39
JH		 1686 continue;
1687 i++;
1688 }
1689
eb55ef07 1690 rp->conn_count = cpu_to_le16(i);
60fc5fb6 1691
4c659c39
JH		 1692 /* Recalculate length in case of filtered SCO connections, etc */
1693 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
2784eb41 1694
bdb6d971 1695 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CONNECTIONS, 0, rp,
04124681 1696 rp_len);
2784eb41 1697
a38528f1 1698 kfree(rp);
5f97c1df
JH		 1699
1700unlock:
09fd0de5 1701 hci_dev_unlock(hdev);
2784eb41
JH		 1702 return err;
1703}
1704
bdb6d971 1705static int send_pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 1706 struct mgmt_cp_pin_code_neg_reply *cp)
96d97a67
WR		 1707{
1708 struct pending_cmd *cmd;
1709 int err;
1710
2e58ef3e 1711 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_NEG_REPLY, hdev, cp,
04124681 1712 sizeof(*cp));
96d97a67
WR		 1713 if (!cmd)
1714 return -ENOMEM;
1715
d8457698 1716 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
04124681 1717 sizeof(cp->addr.bdaddr), &cp->addr.bdaddr);
96d97a67
WR		 1718 if (err < 0)
1719 mgmt_pending_remove(cmd);
1720
1721 return err;
1722}
1723
bdb6d971 1724static int pin_code_reply(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1725 u16 len)
980e1a53 1726{
96d97a67 1727 struct hci_conn *conn;
650f726d 1728 struct mgmt_cp_pin_code_reply *cp = data;
980e1a53 1729 struct hci_cp_pin_code_reply reply;
366a0336 1730 struct pending_cmd *cmd;
980e1a53
JH		 1731 int err;
1732
1733 BT_DBG("");
1734
09fd0de5 1735 hci_dev_lock(hdev);
980e1a53 1736
4b34ee78 1737 if (!hdev_is_powered(hdev)) {
bdb6d971 1738 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
04124681 1739 MGMT_STATUS_NOT_POWERED);
980e1a53
JH		 1740 goto failed;
1741 }
1742
d8457698 1743 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->addr.bdaddr);
96d97a67 1744 if (!conn) {
bdb6d971 1745 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
04124681 1746 MGMT_STATUS_NOT_CONNECTED);
96d97a67
WR		 1747 goto failed;
1748 }
1749
1750 if (conn->pending_sec_level == BT_SECURITY_HIGH && cp->pin_len != 16) {
d8457698
JH		 1751 struct mgmt_cp_pin_code_neg_reply ncp;
1752
1753 memcpy(&ncp.addr, &cp->addr, sizeof(ncp.addr));
96d97a67
WR		 1754
1755 BT_ERR("PIN code is not 16 bytes long");
1756
bdb6d971 1757 err = send_pin_code_neg_reply(sk, hdev, &ncp);
96d97a67 1758 if (err >= 0)
bdb6d971 1759 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
04124681 1760 MGMT_STATUS_INVALID_PARAMS);
96d97a67
WR		 1761
1762 goto failed;
1763 }
1764
00abfe44 1765 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_REPLY, hdev, data, len);
366a0336
JH		 1766 if (!cmd) {
1767 err = -ENOMEM;
980e1a53 1768 goto failed;
366a0336 1769 }
980e1a53 1770
d8457698 1771 bacpy(&reply.bdaddr, &cp->addr.bdaddr);
980e1a53 1772 reply.pin_len = cp->pin_len;
24718ca5 1773 memcpy(reply.pin_code, cp->pin_code, sizeof(reply.pin_code));
980e1a53
JH		 1774
1775 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_REPLY, sizeof(reply), &reply);
1776 if (err < 0)
a664b5bc 1777 mgmt_pending_remove(cmd);
980e1a53
JH		 1778
1779failed:
09fd0de5 1780 hci_dev_unlock(hdev);
980e1a53
JH		 1781 return err;
1782}
1783
bdb6d971 1784static int pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 1785 void *data, u16 len)
980e1a53 1786{
650f726d 1787 struct mgmt_cp_pin_code_neg_reply *cp = data;
980e1a53
JH		 1788 int err;
1789
1790 BT_DBG("");
1791
09fd0de5 1792 hci_dev_lock(hdev);
980e1a53 1793
4b34ee78 1794 if (!hdev_is_powered(hdev)) {
bdb6d971 1795 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_NEG_REPLY,
04124681 1796 MGMT_STATUS_NOT_POWERED);
980e1a53
JH		 1797 goto failed;
1798 }
1799
bdb6d971 1800 err = send_pin_code_neg_reply(sk, hdev, cp);
980e1a53
JH		 1801
1802failed:
09fd0de5 1803 hci_dev_unlock(hdev);
980e1a53
JH		 1804 return err;
1805}
1806
04124681
GP		 1807static int set_io_capability(struct sock *sk, struct hci_dev *hdev, void *data,
1808 u16 len)
17fa4b9d 1809{
650f726d 1810 struct mgmt_cp_set_io_capability *cp = data;
17fa4b9d
JH		 1811
1812 BT_DBG("");
1813
09fd0de5 1814 hci_dev_lock(hdev);
17fa4b9d
JH		 1815
1816 hdev->io_capability = cp->io_capability;
1817
1818 BT_DBG("%s IO capability set to 0x%02x", hdev->name,
b8534e0f 1819 hdev->io_capability);
17fa4b9d 1820
09fd0de5 1821 hci_dev_unlock(hdev);
17fa4b9d 1822
04124681
GP		 1823 return cmd_complete(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY, 0, NULL,
1824 0);
17fa4b9d
JH		 1825}
1826
e9a416b5
JH		 1827static inline struct pending_cmd *find_pairing(struct hci_conn *conn)
1828{
1829 struct hci_dev *hdev = conn->hdev;
8035ded4 1830 struct pending_cmd *cmd;
e9a416b5 1831
2e58ef3e 1832 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
e9a416b5
JH		 1833 if (cmd->opcode != MGMT_OP_PAIR_DEVICE)
1834 continue;
1835
e9a416b5
JH		 1836 if (cmd->user_data != conn)
1837 continue;
1838
1839 return cmd;
1840 }
1841
1842 return NULL;
1843}
1844
1845static void pairing_complete(struct pending_cmd *cmd, u8 status)
1846{
1847 struct mgmt_rp_pair_device rp;
1848 struct hci_conn *conn = cmd->user_data;
1849
ba4e564f 1850 bacpy(&rp.addr.bdaddr, &conn->dst);
57c1477c 1851 rp.addr.type = link_to_bdaddr(conn->type, conn->dst_type);
e9a416b5 1852
aee9b218 1853 cmd_complete(cmd->sk, cmd->index, MGMT_OP_PAIR_DEVICE, status,
04124681 1854 &rp, sizeof(rp));
e9a416b5
JH		 1855
1856 /* So we don't get further callbacks for this connection */
1857 conn->connect_cfm_cb = NULL;
1858 conn->security_cfm_cb = NULL;
1859 conn->disconn_cfm_cb = NULL;
1860
1861 hci_conn_put(conn);
1862
a664b5bc 1863 mgmt_pending_remove(cmd);
e9a416b5
JH		 1864}
1865
1866static void pairing_complete_cb(struct hci_conn *conn, u8 status)
1867{
1868 struct pending_cmd *cmd;
1869
1870 BT_DBG("status %u", status);
1871
1872 cmd = find_pairing(conn);
56e5cb86 1873 if (!cmd)
e9a416b5 1874 BT_DBG("Unable to find a pending command");
56e5cb86 1875 else
e211326c 1876 pairing_complete(cmd, mgmt_status(status));
e9a416b5
JH		 1877}
1878
bdb6d971 1879static int pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1880 u16 len)
e9a416b5 1881{
650f726d 1882 struct mgmt_cp_pair_device *cp = data;
1425acb7 1883 struct mgmt_rp_pair_device rp;
e9a416b5
JH		 1884 struct pending_cmd *cmd;
1885 u8 sec_level, auth_type;
1886 struct hci_conn *conn;
e9a416b5
JH		 1887 int err;
1888
1889 BT_DBG("");
1890
09fd0de5 1891 hci_dev_lock(hdev);
e9a416b5 1892
5f97c1df 1893 if (!hdev_is_powered(hdev)) {
bdb6d971 1894 err = cmd_status(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
04124681 1895 MGMT_STATUS_NOT_POWERED);
5f97c1df
JH		 1896 goto unlock;
1897 }
1898
c908df36
VCG		 1899 sec_level = BT_SECURITY_MEDIUM;
1900 if (cp->io_cap == 0x03)
e9a416b5 1901 auth_type = HCI_AT_DEDICATED_BONDING;
c908df36 1902 else
e9a416b5 1903 auth_type = HCI_AT_DEDICATED_BONDING_MITM;
e9a416b5 1904
591f47f3 1905 if (cp->addr.type == BDADDR_BREDR)
b12f62cf
AG		 1906 conn = hci_connect(hdev, ACL_LINK, &cp->addr.bdaddr,
1907 cp->addr.type, sec_level, auth_type);
7a512d01 1908 else
b12f62cf
AG		 1909 conn = hci_connect(hdev, LE_LINK, &cp->addr.bdaddr,
1910 cp->addr.type, sec_level, auth_type);
7a512d01 1911
1425acb7
JH		 1912 memset(&rp, 0, sizeof(rp));
1913 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
1914 rp.addr.type = cp->addr.type;
1915
30e76272 1916 if (IS_ERR(conn)) {
bdb6d971 1917 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
04124681
GP		 1918 MGMT_STATUS_CONNECT_FAILED, &rp,
1919 sizeof(rp));
e9a416b5
JH		 1920 goto unlock;
1921 }
1922
1923 if (conn->connect_cfm_cb) {
1924 hci_conn_put(conn);
bdb6d971 1925 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
04124681 1926 MGMT_STATUS_BUSY, &rp, sizeof(rp));
e9a416b5
JH		 1927 goto unlock;
1928 }
1929
2e58ef3e 1930 cmd = mgmt_pending_add(sk, MGMT_OP_PAIR_DEVICE, hdev, data, len);
e9a416b5
JH		 1931 if (!cmd) {
1932 err = -ENOMEM;
1933 hci_conn_put(conn);
1934 goto unlock;
1935 }
1936
7a512d01 1937 /* For LE, just connecting isn't a proof that the pairing finished */
591f47f3 1938 if (cp->addr.type == BDADDR_BREDR)
7a512d01
VCG		 1939 conn->connect_cfm_cb = pairing_complete_cb;
1940
e9a416b5
JH		 1941 conn->security_cfm_cb = pairing_complete_cb;
1942 conn->disconn_cfm_cb = pairing_complete_cb;
1943 conn->io_capability = cp->io_cap;
1944 cmd->user_data = conn;
1945
1946 if (conn->state == BT_CONNECTED &&
1947 hci_conn_security(conn, sec_level, auth_type))
1948 pairing_complete(cmd, 0);
1949
1950 err = 0;
1951
1952unlock:
09fd0de5 1953 hci_dev_unlock(hdev);
e9a416b5
JH		 1954 return err;
1955}
1956
04124681
GP		 1957static int cancel_pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
1958 u16 len)
28424707 1959{
0f4e68cf 1960 struct mgmt_addr_info *addr = data;
28424707
JH		 1961 struct pending_cmd *cmd;
1962 struct hci_conn *conn;
1963 int err;
1964
1965 BT_DBG("");
1966
28424707
JH		 1967 hci_dev_lock(hdev);
1968
5f97c1df 1969 if (!hdev_is_powered(hdev)) {
bdb6d971 1970 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
04124681 1971 MGMT_STATUS_NOT_POWERED);
5f97c1df
JH		 1972 goto unlock;
1973 }
1974
28424707
JH		 1975 cmd = mgmt_pending_find(MGMT_OP_PAIR_DEVICE, hdev);
1976 if (!cmd) {
bdb6d971 1977 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
04124681 1978 MGMT_STATUS_INVALID_PARAMS);
28424707
JH		 1979 goto unlock;
1980 }
1981
1982 conn = cmd->user_data;
1983
1984 if (bacmp(&addr->bdaddr, &conn->dst) != 0) {
bdb6d971 1985 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
04124681 1986 MGMT_STATUS_INVALID_PARAMS);
28424707
JH		 1987 goto unlock;
1988 }
1989
1990 pairing_complete(cmd, MGMT_STATUS_CANCELLED);
1991
bdb6d971 1992 err = cmd_complete(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE, 0,
04124681 1993 addr, sizeof(*addr));
28424707
JH		 1994unlock:
1995 hci_dev_unlock(hdev);
28424707
JH		 1996 return err;
1997}
1998
bdb6d971 1999static int user_pairing_resp(struct sock *sk, struct hci_dev *hdev,
04124681
GP		 2000 bdaddr_t *bdaddr, u8 type, u16 mgmt_op,
2001 u16 hci_op, __le32 passkey)
a5c29683 2002{
a5c29683 2003 struct pending_cmd *cmd;
0df4c185 2004 struct hci_conn *conn;
a5c29683
JH		 2005 int err;
2006
09fd0de5 2007 hci_dev_lock(hdev);
08ba5382 2008
4b34ee78 2009 if (!hdev_is_powered(hdev)) {
bdb6d971 2010 err = cmd_status(sk, hdev->id, mgmt_op,
04124681 2011 MGMT_STATUS_NOT_POWERED);
0df4c185 2012 goto done;
a5c29683
JH		 2013 }
2014
591f47f3 2015 if (type == BDADDR_BREDR)
272d90df
JH		 2016 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, bdaddr);
2017 else
47c15e2b 2018 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, bdaddr);
272d90df
JH		 2019
2020 if (!conn) {
bdb6d971 2021 err = cmd_status(sk, hdev->id, mgmt_op,
04124681 2022 MGMT_STATUS_NOT_CONNECTED);
272d90df
JH		 2023 goto done;
2024 }
47c15e2b 2025
591f47f3 2026 if (type == BDADDR_LE_PUBLIC || type == BDADDR_LE_RANDOM) {
47c15e2b 2027 /* Continue with pairing via SMP */
5fe57d9e
BG		 2028 err = smp_user_confirm_reply(conn, mgmt_op, passkey);
2029
2030 if (!err)
bdb6d971 2031 err = cmd_status(sk, hdev->id, mgmt_op,
04124681 2032 MGMT_STATUS_SUCCESS);
5fe57d9e 2033 else
bdb6d971 2034 err = cmd_status(sk, hdev->id, mgmt_op,
04124681 2035 MGMT_STATUS_FAILED);
47c15e2b 2036
47c15e2b
BG		 2037 goto done;
2038 }
2039
0df4c185 2040 cmd = mgmt_pending_add(sk, mgmt_op, hdev, bdaddr, sizeof(*bdaddr));
a5c29683
JH		 2041 if (!cmd) {
2042 err = -ENOMEM;
0df4c185 2043 goto done;
a5c29683
JH		 2044 }
2045
0df4c185 2046 /* Continue with pairing via HCI */
604086b7
BG		 2047 if (hci_op == HCI_OP_USER_PASSKEY_REPLY) {
2048 struct hci_cp_user_passkey_reply cp;
2049
2050 bacpy(&cp.bdaddr, bdaddr);
2051 cp.passkey = passkey;
2052 err = hci_send_cmd(hdev, hci_op, sizeof(cp), &cp);
2053 } else
2054 err = hci_send_cmd(hdev, hci_op, sizeof(*bdaddr), bdaddr);
2055
a664b5bc
JH		 2056 if (err < 0)
2057 mgmt_pending_remove(cmd);
a5c29683 2058
0df4c185 2059done:
09fd0de5 2060 hci_dev_unlock(hdev);
a5c29683
JH		 2061 return err;
2062}
2063
04124681
GP		 2064static int user_confirm_reply(struct sock *sk, struct hci_dev *hdev, void *data,
2065 u16 len)
0df4c185 2066{
650f726d 2067 struct mgmt_cp_user_confirm_reply *cp = data;
0df4c185
BG		 2068
2069 BT_DBG("");
2070
2071 if (len != sizeof(*cp))
bdb6d971 2072 return cmd_status(sk, hdev->id, MGMT_OP_USER_CONFIRM_REPLY,
04124681 2073 MGMT_STATUS_INVALID_PARAMS);
0df4c185 2074
bdb6d971 2075 return user_pairing_resp(sk, hdev, &cp->addr.bdaddr, cp->addr.type,
04124681
GP		 2076 MGMT_OP_USER_CONFIRM_REPLY,
2077 HCI_OP_USER_CONFIRM_REPLY, 0);
0df4c185
BG		 2078}
2079
bdb6d971 2080static int user_confirm_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 2081 void *data, u16 len)
0df4c185 2082{
c9c2659f 2083 struct mgmt_cp_user_confirm_neg_reply *cp = data;
0df4c185
BG		 2084
2085 BT_DBG("");
2086
bdb6d971 2087 return user_pairing_resp(sk, hdev, &cp->addr.bdaddr, cp->addr.type,
04124681
GP		 2088 MGMT_OP_USER_CONFIRM_NEG_REPLY,
2089 HCI_OP_USER_CONFIRM_NEG_REPLY, 0);
0df4c185
BG		 2090}
2091
04124681
GP		 2092static int user_passkey_reply(struct sock *sk, struct hci_dev *hdev, void *data,
2093 u16 len)
604086b7 2094{
650f726d 2095 struct mgmt_cp_user_passkey_reply *cp = data;
604086b7
BG		 2096
2097 BT_DBG("");
2098
bdb6d971 2099 return user_pairing_resp(sk, hdev, &cp->addr.bdaddr, cp->addr.type,
04124681
GP		 2100 MGMT_OP_USER_PASSKEY_REPLY,
2101 HCI_OP_USER_PASSKEY_REPLY, cp->passkey);
604086b7
BG		 2102}
2103
bdb6d971 2104static int user_passkey_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 2105 void *data, u16 len)
604086b7 2106{
650f726d 2107 struct mgmt_cp_user_passkey_neg_reply *cp = data;
604086b7
BG		 2108
2109 BT_DBG("");
2110
bdb6d971 2111 return user_pairing_resp(sk, hdev, &cp->addr.bdaddr, cp->addr.type,
04124681
GP		 2112 MGMT_OP_USER_PASSKEY_NEG_REPLY,
2113 HCI_OP_USER_PASSKEY_NEG_REPLY, 0);
604086b7
BG		 2114}
2115
2b4bf397
JH		 2116static int update_name(struct hci_dev *hdev, const char *name)
2117{
2118 struct hci_cp_write_local_name cp;
2119
2120 memcpy(cp.name, name, sizeof(cp.name));
2121
2122 return hci_send_cmd(hdev, HCI_OP_WRITE_LOCAL_NAME, sizeof(cp), &cp);
2123}
2124
bdb6d971 2125static int set_local_name(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2126 u16 len)
b312b161 2127{
2b4bf397 2128 struct mgmt_cp_set_local_name *cp = data;
b312b161
JH		 2129 struct pending_cmd *cmd;
2130 int err;
2131
2132 BT_DBG("");
2133
09fd0de5 2134 hci_dev_lock(hdev);
b312b161 2135
2b4bf397 2136 memcpy(hdev->short_name, cp->short_name, sizeof(hdev->short_name));
28cc7bde 2137
b5235a65 2138 if (!hdev_is_powered(hdev)) {
2b4bf397 2139 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
28cc7bde
JH		 2140
2141 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
04124681 2142 data, len);
28cc7bde
JH		 2143 if (err < 0)
2144 goto failed;
2145
2146 err = mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, data, len,
04124681 2147 sk);
28cc7bde 2148
b5235a65
JH		 2149 goto failed;
2150 }
2151
28cc7bde 2152 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LOCAL_NAME, hdev, data, len);
b312b161
JH		 2153 if (!cmd) {
2154 err = -ENOMEM;
2155 goto failed;
2156 }
2157
2b4bf397 2158 err = update_name(hdev, cp->name);
b312b161
JH		 2159 if (err < 0)
2160 mgmt_pending_remove(cmd);
2161
2162failed:
09fd0de5 2163 hci_dev_unlock(hdev);
b312b161
JH		 2164 return err;
2165}
2166
0f4e68cf 2167static int read_local_oob_data(struct sock *sk, struct hci_dev *hdev,
04124681 2168 void *data, u16 data_len)
c35938b2 2169{
c35938b2
SJ		 2170 struct pending_cmd *cmd;
2171 int err;
2172
bdb6d971 2173 BT_DBG("%s", hdev->name);
c35938b2 2174
09fd0de5 2175 hci_dev_lock(hdev);
c35938b2 2176
4b34ee78 2177 if (!hdev_is_powered(hdev)) {
bdb6d971 2178 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
04124681 2179 MGMT_STATUS_NOT_POWERED);
c35938b2
SJ		 2180 goto unlock;
2181 }
2182
2183 if (!(hdev->features[6] & LMP_SIMPLE_PAIR)) {
bdb6d971 2184 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
04124681 2185 MGMT_STATUS_NOT_SUPPORTED);
c35938b2
SJ		 2186 goto unlock;
2187 }
2188
2e58ef3e 2189 if (mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev)) {
bdb6d971 2190 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
04124681 2191 MGMT_STATUS_BUSY);
c35938b2
SJ		 2192 goto unlock;
2193 }
2194
2e58ef3e 2195 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_DATA, hdev, NULL, 0);
c35938b2
SJ		 2196 if (!cmd) {
2197 err = -ENOMEM;
2198 goto unlock;
2199 }
2200
2201 err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL);
2202 if (err < 0)
2203 mgmt_pending_remove(cmd);
2204
2205unlock:
09fd0de5 2206 hci_dev_unlock(hdev);
c35938b2
SJ		 2207 return err;
2208}
2209
bdb6d971 2210static int add_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
04124681 2211 void *data, u16 len)
2763eda6 2212{
650f726d 2213 struct mgmt_cp_add_remote_oob_data *cp = data;
bf1e3541 2214 u8 status;
2763eda6
SJ		 2215 int err;
2216
bdb6d971 2217 BT_DBG("%s ", hdev->name);
2763eda6 2218
09fd0de5 2219 hci_dev_lock(hdev);
2763eda6 2220
5f97c1df 2221 if (!hdev_is_powered(hdev)) {
bdb6d971 2222 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA,
04124681
GP		 2223 MGMT_STATUS_NOT_POWERED, &cp->addr,
2224 sizeof(cp->addr));
5f97c1df
JH		 2225 goto unlock;
2226 }
2227
664ce4cc 2228 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr, cp->hash,
04124681 2229 cp->randomizer);
2763eda6 2230 if (err < 0)
bf1e3541 2231 status = MGMT_STATUS_FAILED;
2763eda6 2232 else
bf1e3541
JH		 2233 status = 0;
2234
bdb6d971 2235 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA, status,
04124681 2236 &cp->addr, sizeof(cp->addr));
2763eda6 2237
5f97c1df 2238unlock:
09fd0de5 2239 hci_dev_unlock(hdev);
2763eda6
SJ		 2240 return err;
2241}
2242
bdb6d971 2243static int remove_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
650f726d 2244 void *data, u16 len)
2763eda6 2245{
650f726d 2246 struct mgmt_cp_remove_remote_oob_data *cp = data;
bf1e3541 2247 u8 status;
2763eda6
SJ		 2248 int err;
2249
bdb6d971 2250 BT_DBG("%s", hdev->name);
2763eda6 2251
09fd0de5 2252 hci_dev_lock(hdev);
2763eda6 2253
5f97c1df 2254 if (!hdev_is_powered(hdev)) {
bdb6d971 2255 err = cmd_complete(sk, hdev->id,
04124681
GP		 2256 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
2257 MGMT_STATUS_NOT_POWERED, &cp->addr,
2258 sizeof(cp->addr));
5f97c1df
JH		 2259 goto unlock;
2260 }
2261
664ce4cc 2262 err = hci_remove_remote_oob_data(hdev, &cp->addr.bdaddr);
2763eda6 2263 if (err < 0)
bf1e3541 2264 status = MGMT_STATUS_INVALID_PARAMS;
2763eda6 2265 else
bf1e3541
JH		 2266 status = 0;
2267
bdb6d971 2268 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
04124681 2269 status, &cp->addr, sizeof(cp->addr));
2763eda6 2270
5f97c1df 2271unlock:
09fd0de5 2272 hci_dev_unlock(hdev);
2763eda6
SJ		 2273 return err;
2274}
2275
5e0452c0
AG		 2276int mgmt_interleaved_discovery(struct hci_dev *hdev)
2277{
2278 int err;
2279
2280 BT_DBG("%s", hdev->name);
2281
2282 hci_dev_lock(hdev);
2283
2284 err = hci_do_inquiry(hdev, INQUIRY_LEN_BREDR_LE);
2285 if (err < 0)
2286 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
2287
2288 hci_dev_unlock(hdev);
2289
2290 return err;
2291}
2292
bdb6d971 2293static int start_discovery(struct sock *sk, struct hci_dev *hdev,
04124681 2294 void *data, u16 len)
14a53664 2295{
650f726d 2296 struct mgmt_cp_start_discovery *cp = data;
14a53664 2297 struct pending_cmd *cmd;
14a53664
JH		 2298 int err;
2299
bdb6d971 2300 BT_DBG("%s", hdev->name);
14a53664 2301
09fd0de5 2302 hci_dev_lock(hdev);
14a53664 2303
4b34ee78 2304 if (!hdev_is_powered(hdev)) {
bdb6d971 2305 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
04124681 2306 MGMT_STATUS_NOT_POWERED);
bd2d1334
JH		 2307 goto failed;
2308 }
2309
642be6c7
AG		 2310 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags)) {
2311 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2312 MGMT_STATUS_BUSY);
2313 goto failed;
2314 }
2315
ff9ef578 2316 if (hdev->discovery.state != DISCOVERY_STOPPED) {
bdb6d971 2317 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
04124681 2318 MGMT_STATUS_BUSY);
ff9ef578
JH		 2319 goto failed;
2320 }
2321
2e58ef3e 2322 cmd = mgmt_pending_add(sk, MGMT_OP_START_DISCOVERY, hdev, NULL, 0);
14a53664
JH		 2323 if (!cmd) {
2324 err = -ENOMEM;
2325 goto failed;
2326 }
2327
4aab14e5
AG		 2328 hdev->discovery.type = cp->type;
2329
2330 switch (hdev->discovery.type) {
f39799f5 2331 case DISCOV_TYPE_BREDR:
8b90129c
AG		 2332 if (lmp_bredr_capable(hdev))
2333 err = hci_do_inquiry(hdev, INQUIRY_LEN_BREDR);
2334 else
2335 err = -ENOTSUPP;
f39799f5
AG		 2336 break;
2337
2338 case DISCOV_TYPE_LE:
8b90129c
AG		 2339 if (lmp_host_le_capable(hdev))
2340 err = hci_le_scan(hdev, LE_SCAN_TYPE, LE_SCAN_INT,
04124681 2341 LE_SCAN_WIN, LE_SCAN_TIMEOUT_LE_ONLY);
8b90129c
AG		 2342 else
2343 err = -ENOTSUPP;
f39799f5
AG		 2344 break;
2345
5e0452c0 2346 case DISCOV_TYPE_INTERLEAVED:
426c189a
AG		 2347 if (lmp_host_le_capable(hdev) && lmp_bredr_capable(hdev))
2348 err = hci_le_scan(hdev, LE_SCAN_TYPE, LE_SCAN_INT,
04124681
GP		 2349 LE_SCAN_WIN,
2350 LE_SCAN_TIMEOUT_BREDR_LE);
426c189a
AG		 2351 else
2352 err = -ENOTSUPP;
5e0452c0
AG		 2353 break;
2354
f39799f5 2355 default:
3fd24153 2356 err = -EINVAL;
f39799f5 2357 }
3fd24153 2358
14a53664
JH		 2359 if (err < 0)
2360 mgmt_pending_remove(cmd);
ff9ef578
JH		 2361 else
2362 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
14a53664
JH		 2363
2364failed:
09fd0de5 2365 hci_dev_unlock(hdev);
14a53664
JH		 2366 return err;
2367}
2368
bdb6d971 2369static int stop_discovery(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2370 u16 len)
14a53664 2371{
d930650b 2372 struct mgmt_cp_stop_discovery *mgmt_cp = data;
14a53664 2373 struct pending_cmd *cmd;
30dc78e1
JH		 2374 struct hci_cp_remote_name_req_cancel cp;
2375 struct inquiry_entry *e;
14a53664
JH		 2376 int err;
2377
bdb6d971 2378 BT_DBG("%s", hdev->name);
14a53664 2379
09fd0de5 2380 hci_dev_lock(hdev);
14a53664 2381
30dc78e1 2382 if (!hci_discovery_active(hdev)) {
bdb6d971 2383 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
04124681
GP		 2384 MGMT_STATUS_REJECTED, &mgmt_cp->type,
2385 sizeof(mgmt_cp->type));
d930650b
JH		 2386 goto unlock;
2387 }
2388
2389 if (hdev->discovery.type != mgmt_cp->type) {
bdb6d971 2390 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
04124681
GP		 2391 MGMT_STATUS_INVALID_PARAMS, &mgmt_cp->type,
2392 sizeof(mgmt_cp->type));
30dc78e1 2393 goto unlock;
ff9ef578
JH		 2394 }
2395
2e58ef3e 2396 cmd = mgmt_pending_add(sk, MGMT_OP_STOP_DISCOVERY, hdev, NULL, 0);
14a53664
JH		 2397 if (!cmd) {
2398 err = -ENOMEM;
30dc78e1
JH		 2399 goto unlock;
2400 }
2401
e0d9727e
AG		 2402 switch (hdev->discovery.state) {
2403 case DISCOVERY_FINDING:
c9ecc48e
AG		 2404 if (test_bit(HCI_INQUIRY, &hdev->flags))
2405 err = hci_cancel_inquiry(hdev);
2406 else
2407 err = hci_cancel_le_scan(hdev);
2408
e0d9727e
AG		 2409 break;
2410
2411 case DISCOVERY_RESOLVING:
2412 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY,
2413 NAME_PENDING);
2414 if (!e) {
30dc78e1 2415 mgmt_pending_remove(cmd);
e0d9727e
AG		 2416 err = cmd_complete(sk, hdev->id,
2417 MGMT_OP_STOP_DISCOVERY, 0,
2418 &mgmt_cp->type,
2419 sizeof(mgmt_cp->type));
2420 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
2421 goto unlock;
2422 }
30dc78e1 2423
e0d9727e
AG		 2424 bacpy(&cp.bdaddr, &e->data.bdaddr);
2425 err = hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ_CANCEL,
2426 sizeof(cp), &cp);
2427
2428 break;
2429
2430 default:
2431 BT_DBG("unknown discovery state %u", hdev->discovery.state);
2432 err = -EFAULT;
14a53664
JH		 2433 }
2434
14a53664
JH		 2435 if (err < 0)
2436 mgmt_pending_remove(cmd);
ff9ef578
JH		 2437 else
2438 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
14a53664 2439
30dc78e1 2440unlock:
09fd0de5 2441 hci_dev_unlock(hdev);
14a53664
JH		 2442 return err;
2443}
2444
bdb6d971 2445static int confirm_name(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2446 u16 len)
561aafbc 2447{
650f726d 2448 struct mgmt_cp_confirm_name *cp = data;
561aafbc 2449 struct inquiry_entry *e;
561aafbc
JH		 2450 int err;
2451
bdb6d971 2452 BT_DBG("%s", hdev->name);
561aafbc 2453
561aafbc
JH		 2454 hci_dev_lock(hdev);
2455
30dc78e1 2456 if (!hci_discovery_active(hdev)) {
bdb6d971 2457 err = cmd_status(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
04124681 2458 MGMT_STATUS_FAILED);
30dc78e1
JH		 2459 goto failed;
2460 }
2461
a198e7b1 2462 e = hci_inquiry_cache_lookup_unknown(hdev, &cp->addr.bdaddr);
561aafbc 2463 if (!e) {
bdb6d971 2464 err = cmd_status(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
04124681 2465 MGMT_STATUS_INVALID_PARAMS);
561aafbc
JH		 2466 goto failed;
2467 }
2468
2469 if (cp->name_known) {
2470 e->name_state = NAME_KNOWN;
2471 list_del(&e->list);
2472 } else {
2473 e->name_state = NAME_NEEDED;
a3d4e20a 2474 hci_inquiry_cache_update_resolve(hdev, e);
561aafbc
JH		 2475 }
2476
2477 err = 0;
2478
2479failed:
2480 hci_dev_unlock(hdev);
561aafbc
JH		 2481 return err;
2482}
2483
bdb6d971 2484static int block_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2485 u16 len)
7fbec224 2486{
650f726d 2487 struct mgmt_cp_block_device *cp = data;
f0eeea8b 2488 u8 status;
7fbec224
AJ		 2489 int err;
2490
bdb6d971 2491 BT_DBG("%s", hdev->name);
7fbec224 2492
09fd0de5 2493 hci_dev_lock(hdev);
5e762444 2494
88c1fe4b 2495 err = hci_blacklist_add(hdev, &cp->addr.bdaddr, cp->addr.type);
7fbec224 2496 if (err < 0)
f0eeea8b 2497 status = MGMT_STATUS_FAILED;
7fbec224 2498 else
f0eeea8b
JH		 2499 status = 0;
2500
bdb6d971 2501 err = cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE, status,
04124681 2502 &cp->addr, sizeof(cp->addr));
5e762444 2503
09fd0de5 2504 hci_dev_unlock(hdev);
7fbec224
AJ		 2505
2506 return err;
2507}
2508
bdb6d971 2509static int unblock_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2510 u16 len)
7fbec224 2511{
650f726d 2512 struct mgmt_cp_unblock_device *cp = data;
f0eeea8b 2513 u8 status;
7fbec224
AJ		 2514 int err;
2515
bdb6d971 2516 BT_DBG("%s", hdev->name);
7fbec224 2517
09fd0de5 2518 hci_dev_lock(hdev);
5e762444 2519
88c1fe4b 2520 err = hci_blacklist_del(hdev, &cp->addr.bdaddr, cp->addr.type);
7fbec224 2521 if (err < 0)
f0eeea8b 2522 status = MGMT_STATUS_INVALID_PARAMS;
7fbec224 2523 else
f0eeea8b
JH		 2524 status = 0;
2525
bdb6d971 2526 err = cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE, status,
04124681 2527 &cp->addr, sizeof(cp->addr));
5e762444 2528
09fd0de5 2529 hci_dev_unlock(hdev);
7fbec224
AJ		 2530
2531 return err;
2532}
2533
cdbaccca
MH		 2534static int set_device_id(struct sock *sk, struct hci_dev *hdev, void *data,
2535 u16 len)
2536{
2537 struct mgmt_cp_set_device_id *cp = data;
2538 int err;
c72d4b8a 2539 __u16 source;
cdbaccca
MH		 2540
2541 BT_DBG("%s", hdev->name);
2542
c72d4b8a
SJ		 2543 source = __le16_to_cpu(cp->source);
2544
2545 if (source > 0x0002)
2546 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEVICE_ID,
2547 MGMT_STATUS_INVALID_PARAMS);
2548
cdbaccca
MH		 2549 hci_dev_lock(hdev);
2550
c72d4b8a 2551 hdev->devid_source = source;
cdbaccca
MH		 2552 hdev->devid_vendor = __le16_to_cpu(cp->vendor);
2553 hdev->devid_product = __le16_to_cpu(cp->product);
2554 hdev->devid_version = __le16_to_cpu(cp->version);
2555
2556 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEVICE_ID, 0, NULL, 0);
2557
2558 update_eir(hdev);
2559
2560 hci_dev_unlock(hdev);
2561
2562 return err;
2563}
2564
bdb6d971 2565static int set_fast_connectable(struct sock *sk, struct hci_dev *hdev,
04124681 2566 void *data, u16 len)
f6422ec6 2567{
650f726d 2568 struct mgmt_mode *cp = data;
f6422ec6
AJ		 2569 struct hci_cp_write_page_scan_activity acp;
2570 u8 type;
2571 int err;
2572
bdb6d971 2573 BT_DBG("%s", hdev->name);
f6422ec6 2574
5400c044 2575 if (!hdev_is_powered(hdev))
bdb6d971 2576 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
04124681 2577 MGMT_STATUS_NOT_POWERED);
5400c044
JH		 2578
2579 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
bdb6d971 2580 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
04124681 2581 MGMT_STATUS_REJECTED);
f6422ec6
AJ		 2582
2583 hci_dev_lock(hdev);
2584
f7c6869c 2585 if (cp->val) {
f6422ec6 2586 type = PAGE_SCAN_TYPE_INTERLACED;
76ec9de8
AE		 2587
2588 /* 22.5 msec page scan interval */
2589 acp.interval = __constant_cpu_to_le16(0x0024);
f6422ec6
AJ		 2590 } else {
2591 type = PAGE_SCAN_TYPE_STANDARD; /* default */
76ec9de8
AE		 2592
2593 /* default 1.28 sec page scan */
2594 acp.interval = __constant_cpu_to_le16(0x0800);
f6422ec6
AJ		 2595 }
2596
76ec9de8
AE		 2597 /* default 11.25 msec page scan window */
2598 acp.window = __constant_cpu_to_le16(0x0012);
f6422ec6 2599
04124681
GP		 2600 err = hci_send_cmd(hdev, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY, sizeof(acp),
2601 &acp);
f6422ec6 2602 if (err < 0) {
bdb6d971 2603 err = cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
04124681 2604 MGMT_STATUS_FAILED);
f6422ec6
AJ		 2605 goto done;
2606 }
2607
2608 err = hci_send_cmd(hdev, HCI_OP_WRITE_PAGE_SCAN_TYPE, 1, &type);
2609 if (err < 0) {
bdb6d971 2610 err = cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
04124681 2611 MGMT_STATUS_FAILED);
f6422ec6
AJ		 2612 goto done;
2613 }
2614
bdb6d971 2615 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE, 0,
04124681 2616 NULL, 0);
f6422ec6
AJ		 2617done:
2618 hci_dev_unlock(hdev);
f6422ec6
AJ		 2619 return err;
2620}
2621
bdb6d971 2622static int load_long_term_keys(struct sock *sk, struct hci_dev *hdev,
04124681 2623 void *cp_data, u16 len)
346af67b 2624{
346af67b
VCG		 2625 struct mgmt_cp_load_long_term_keys *cp = cp_data;
2626 u16 key_count, expected_len;
2627 int i;
2628
1f350c87 2629 key_count = __le16_to_cpu(cp->key_count);
346af67b
VCG		 2630
2631 expected_len = sizeof(*cp) + key_count *
2632 sizeof(struct mgmt_ltk_info);
2633 if (expected_len != len) {
2634 BT_ERR("load_keys: expected %u bytes, got %u bytes",
2635 len, expected_len);
bdb6d971 2636 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
04124681 2637 EINVAL);
346af67b
VCG		 2638 }
2639
bdb6d971 2640 BT_DBG("%s key_count %u", hdev->name, key_count);
346af67b
VCG		 2641
2642 hci_dev_lock(hdev);
2643
2644 hci_smp_ltks_clear(hdev);
2645
2646 for (i = 0; i < key_count; i++) {
2647 struct mgmt_ltk_info *key = &cp->keys[i];
2648 u8 type;
2649
2650 if (key->master)
2651 type = HCI_SMP_LTK;
2652 else
2653 type = HCI_SMP_LTK_SLAVE;
2654
4596fde5 2655 hci_add_ltk(hdev, &key->addr.bdaddr,
378b5b7e 2656 bdaddr_to_le(key->addr.type),
04124681
GP		 2657 type, 0, key->authenticated, key->val,
2658 key->enc_size, key->ediv, key->rand);
346af67b
VCG		 2659 }
2660
2661 hci_dev_unlock(hdev);
346af67b
VCG		 2662
2663 return 0;
2664}
2665
2e3c35ea 2666static const struct mgmt_handler {
04124681
GP		 2667 int (*func) (struct sock *sk, struct hci_dev *hdev, void *data,
2668 u16 data_len);
be22b54e
JH		 2669 bool var_len;
2670 size_t data_len;
0f4e68cf
JH		 2671} mgmt_handlers[] = {
2672 { NULL }, /* 0x0000 (no command) */
be22b54e
JH		 2673 { read_version, false, MGMT_READ_VERSION_SIZE },
2674 { read_commands, false, MGMT_READ_COMMANDS_SIZE },
2675 { read_index_list, false, MGMT_READ_INDEX_LIST_SIZE },
2676 { read_controller_info, false, MGMT_READ_INFO_SIZE },
2677 { set_powered, false, MGMT_SETTING_SIZE },
2678 { set_discoverable, false, MGMT_SET_DISCOVERABLE_SIZE },
2679 { set_connectable, false, MGMT_SETTING_SIZE },
2680 { set_fast_connectable, false, MGMT_SETTING_SIZE },
2681 { set_pairable, false, MGMT_SETTING_SIZE },
2682 { set_link_security, false, MGMT_SETTING_SIZE },
2683 { set_ssp, false, MGMT_SETTING_SIZE },
2684 { set_hs, false, MGMT_SETTING_SIZE },
2685 { set_le, false, MGMT_SETTING_SIZE },
2686 { set_dev_class, false, MGMT_SET_DEV_CLASS_SIZE },
2687 { set_local_name, false, MGMT_SET_LOCAL_NAME_SIZE },
2688 { add_uuid, false, MGMT_ADD_UUID_SIZE },
2689 { remove_uuid, false, MGMT_REMOVE_UUID_SIZE },
2690 { load_link_keys, true, MGMT_LOAD_LINK_KEYS_SIZE },
2691 { load_long_term_keys, true, MGMT_LOAD_LONG_TERM_KEYS_SIZE },
2692 { disconnect, false, MGMT_DISCONNECT_SIZE },
2693 { get_connections, false, MGMT_GET_CONNECTIONS_SIZE },
2694 { pin_code_reply, false, MGMT_PIN_CODE_REPLY_SIZE },
2695 { pin_code_neg_reply, false, MGMT_PIN_CODE_NEG_REPLY_SIZE },
2696 { set_io_capability, false, MGMT_SET_IO_CAPABILITY_SIZE },
2697 { pair_device, false, MGMT_PAIR_DEVICE_SIZE },
2698 { cancel_pair_device, false, MGMT_CANCEL_PAIR_DEVICE_SIZE },
2699 { unpair_device, false, MGMT_UNPAIR_DEVICE_SIZE },
2700 { user_confirm_reply, false, MGMT_USER_CONFIRM_REPLY_SIZE },
2701 { user_confirm_neg_reply, false, MGMT_USER_CONFIRM_NEG_REPLY_SIZE },
2702 { user_passkey_reply, false, MGMT_USER_PASSKEY_REPLY_SIZE },
2703 { user_passkey_neg_reply, false, MGMT_USER_PASSKEY_NEG_REPLY_SIZE },
2704 { read_local_oob_data, false, MGMT_READ_LOCAL_OOB_DATA_SIZE },
2705 { add_remote_oob_data, false, MGMT_ADD_REMOTE_OOB_DATA_SIZE },
2706 { remove_remote_oob_data, false, MGMT_REMOVE_REMOTE_OOB_DATA_SIZE },
2707 { start_discovery, false, MGMT_START_DISCOVERY_SIZE },
2708 { stop_discovery, false, MGMT_STOP_DISCOVERY_SIZE },
2709 { confirm_name, false, MGMT_CONFIRM_NAME_SIZE },
2710 { block_device, false, MGMT_BLOCK_DEVICE_SIZE },
2711 { unblock_device, false, MGMT_UNBLOCK_DEVICE_SIZE },
cdbaccca 2712 { set_device_id, false, MGMT_SET_DEVICE_ID_SIZE },
0f4e68cf
JH		 2713};
2714
2715
0381101f
JH		 2716int mgmt_control(struct sock *sk, struct msghdr *msg, size_t msglen)
2717{
650f726d
VCG		 2718 void *buf;
2719 u8 *cp;
0381101f 2720 struct mgmt_hdr *hdr;
4e51eae9 2721 u16 opcode, index, len;
bdb6d971 2722 struct hci_dev *hdev = NULL;
2e3c35ea 2723 const struct mgmt_handler *handler;
0381101f
JH		 2724 int err;
2725
2726 BT_DBG("got %zu bytes", msglen);
2727
2728 if (msglen < sizeof(*hdr))
2729 return -EINVAL;
2730
e63a15ec 2731 buf = kmalloc(msglen, GFP_KERNEL);
0381101f
JH		 2732 if (!buf)
2733 return -ENOMEM;
2734
2735 if (memcpy_fromiovec(buf, msg->msg_iov, msglen)) {
2736 err = -EFAULT;
2737 goto done;
2738 }
2739
650f726d 2740 hdr = buf;
1f350c87
MH		 2741 opcode = __le16_to_cpu(hdr->opcode);
2742 index = __le16_to_cpu(hdr->index);
2743 len = __le16_to_cpu(hdr->len);
0381101f
JH		 2744
2745 if (len != msglen - sizeof(*hdr)) {
2746 err = -EINVAL;
2747 goto done;
2748 }
2749
0f4e68cf 2750 if (index != MGMT_INDEX_NONE) {
bdb6d971
JH		 2751 hdev = hci_dev_get(index);
2752 if (!hdev) {
2753 err = cmd_status(sk, index, opcode,
04124681 2754 MGMT_STATUS_INVALID_INDEX);
bdb6d971
JH		 2755 goto done;
2756 }
2757 }
2758
0f4e68cf
JH		 2759 if (opcode >= ARRAY_SIZE(mgmt_handlers) ||
2760 mgmt_handlers[opcode].func == NULL) {
0381101f 2761 BT_DBG("Unknown op %u", opcode);
ca69b795 2762 err = cmd_status(sk, index, opcode,
04124681 2763 MGMT_STATUS_UNKNOWN_COMMAND);
0f4e68cf
JH		 2764 goto done;
2765 }
2766
2767 if ((hdev && opcode < MGMT_OP_READ_INFO) ||
2768 (!hdev && opcode >= MGMT_OP_READ_INFO)) {
2769 err = cmd_status(sk, index, opcode,
04124681 2770 MGMT_STATUS_INVALID_INDEX);
0f4e68cf 2771 goto done;
0381101f
JH		 2772 }
2773
be22b54e
JH		 2774 handler = &mgmt_handlers[opcode];
2775
2776 if ((handler->var_len && len < handler->data_len) ||
2777 (!handler->var_len && len != handler->data_len)) {
2778 err = cmd_status(sk, index, opcode,
04124681 2779 MGMT_STATUS_INVALID_PARAMS);
be22b54e
JH		 2780 goto done;
2781 }
2782
0f4e68cf
JH		 2783 if (hdev)
2784 mgmt_init_hdev(sk, hdev);
2785
2786 cp = buf + sizeof(*hdr);
2787
be22b54e 2788 err = handler->func(sk, hdev, cp, len);
e41d8b4e
JH		 2789 if (err < 0)
2790 goto done;
2791
0381101f
JH		 2792 err = msglen;
2793
2794done:
bdb6d971
JH		 2795 if (hdev)
2796 hci_dev_put(hdev);
2797
0381101f
JH		 2798 kfree(buf);
2799 return err;
2800}
c71e97bf 2801
b24752fe
JH		 2802static void cmd_status_rsp(struct pending_cmd *cmd, void *data)
2803{
2804 u8 *status = data;
2805
2806 cmd_status(cmd->sk, cmd->index, cmd->opcode, *status);
2807 mgmt_pending_remove(cmd);
2808}
2809
744cf19e 2810int mgmt_index_added(struct hci_dev *hdev)
c71e97bf 2811{
744cf19e 2812 return mgmt_event(MGMT_EV_INDEX_ADDED, hdev, NULL, 0, NULL);
c71e97bf
JH		 2813}
2814
744cf19e 2815int mgmt_index_removed(struct hci_dev *hdev)
c71e97bf 2816{
5f159032 2817 u8 status = MGMT_STATUS_INVALID_INDEX;
b24752fe 2818
744cf19e 2819 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status);
b24752fe 2820
744cf19e 2821 return mgmt_event(MGMT_EV_INDEX_REMOVED, hdev, NULL, 0, NULL);
eec8d2bc
JH		 2822}
2823
73f22f62 2824struct cmd_lookup {
eec8d2bc 2825 struct sock *sk;
69ab39ea 2826 struct hci_dev *hdev;
90e70454 2827 u8 mgmt_status;
eec8d2bc
JH		 2828};
2829
69ab39ea 2830static void settings_rsp(struct pending_cmd *cmd, void *data)
eec8d2bc 2831{
73f22f62 2832 struct cmd_lookup *match = data;
eec8d2bc 2833
69ab39ea 2834 send_settings_rsp(cmd->sk, cmd->opcode, match->hdev);
eec8d2bc
JH		 2835
2836 list_del(&cmd->list);
2837
2838 if (match->sk == NULL) {
2839 match->sk = cmd->sk;
2840 sock_hold(match->sk);
2841 }
2842
2843 mgmt_pending_free(cmd);
c71e97bf 2844}
5add6af8 2845
744cf19e 2846int mgmt_powered(struct hci_dev *hdev, u8 powered)
5add6af8 2847{
76a7f3a4 2848 struct cmd_lookup match = { NULL, hdev };
7bb895d6 2849 int err;
5add6af8 2850
5e5282bb
JH		 2851 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
2852 return 0;
2853
69ab39ea 2854 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
5add6af8 2855
5e5282bb
JH		 2856 if (powered) {
2857 u8 scan = 0;
2858
2859 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
2860 scan |= SCAN_PAGE;
2861 if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
2862 scan |= SCAN_INQUIRY;
2863
2864 if (scan)
2865 hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
504c8dcd
JH		 2866
2867 update_class(hdev);
2b4bf397 2868 update_name(hdev, hdev->dev_name);
504c8dcd 2869 update_eir(hdev);
5e5282bb 2870 } else {
d4f68526 2871 u8 status = MGMT_STATUS_NOT_POWERED;
744cf19e 2872 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status);
b24752fe
JH		 2873 }
2874
beadb2bd 2875 err = new_settings(hdev, match.sk);
eec8d2bc
JH		 2876
2877 if (match.sk)
2878 sock_put(match.sk);
2879
7bb895d6 2880 return err;
5add6af8 2881}
73f22f62 2882
744cf19e 2883int mgmt_discoverable(struct hci_dev *hdev, u8 discoverable)
73f22f62 2884{
76a7f3a4 2885 struct cmd_lookup match = { NULL, hdev };
5e5282bb
JH		 2886 bool changed = false;
2887 int err = 0;
73f22f62 2888
5e5282bb
JH		 2889 if (discoverable) {
2890 if (!test_and_set_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
2891 changed = true;
2892 } else {
2893 if (test_and_clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
2894 changed = true;
2895 }
73f22f62 2896
ed9b5f2f 2897 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, hdev, settings_rsp,
04124681 2898 &match);
ed9b5f2f 2899
beadb2bd
JH		 2900 if (changed)
2901 err = new_settings(hdev, match.sk);
5e5282bb 2902
73f22f62
JH		 2903 if (match.sk)
2904 sock_put(match.sk);
2905
7bb895d6 2906 return err;
73f22f62 2907}
9fbcbb45 2908
744cf19e 2909int mgmt_connectable(struct hci_dev *hdev, u8 connectable)
9fbcbb45 2910{
76a7f3a4 2911 struct cmd_lookup match = { NULL, hdev };
5e5282bb
JH		 2912 bool changed = false;
2913 int err = 0;
9fbcbb45 2914
5e5282bb
JH		 2915 if (connectable) {
2916 if (!test_and_set_bit(HCI_CONNECTABLE, &hdev->dev_flags))
2917 changed = true;
2918 } else {
2919 if (test_and_clear_bit(HCI_CONNECTABLE, &hdev->dev_flags))
2920 changed = true;
2921 }
9fbcbb45 2922
ed9b5f2f 2923 mgmt_pending_foreach(MGMT_OP_SET_CONNECTABLE, hdev, settings_rsp,
04124681 2924 &match);
ed9b5f2f 2925
beadb2bd
JH		 2926 if (changed)
2927 err = new_settings(hdev, match.sk);
9fbcbb45
JH		 2928
2929 if (match.sk)
2930 sock_put(match.sk);
2931
7bb895d6 2932 return err;
9fbcbb45 2933}
55ed8ca1 2934
744cf19e 2935int mgmt_write_scan_failed(struct hci_dev *hdev, u8 scan, u8 status)
2d7cee58 2936{
ca69b795
JH		 2937 u8 mgmt_err = mgmt_status(status);
2938
2d7cee58 2939 if (scan & SCAN_PAGE)
744cf19e 2940 mgmt_pending_foreach(MGMT_OP_SET_CONNECTABLE, hdev,
04124681 2941 cmd_status_rsp, &mgmt_err);
2d7cee58
JH		 2942
2943 if (scan & SCAN_INQUIRY)
744cf19e 2944 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, hdev,
04124681 2945 cmd_status_rsp, &mgmt_err);
2d7cee58
JH		 2946
2947 return 0;
2948}
2949
745c0ce3 2950int mgmt_new_link_key(struct hci_dev *hdev, struct link_key *key, bool persistent)
55ed8ca1 2951{
86742e1e 2952 struct mgmt_ev_new_link_key ev;
55ed8ca1 2953
a492cd52 2954 memset(&ev, 0, sizeof(ev));
55ed8ca1 2955
a492cd52 2956 ev.store_hint = persistent;
d753fdc4 2957 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
591f47f3 2958 ev.key.addr.type = BDADDR_BREDR;
a492cd52
VCG		 2959 ev.key.type = key->type;
2960 memcpy(ev.key.val, key->val, 16);
2961 ev.key.pin_len = key->pin_len;
55ed8ca1 2962
744cf19e 2963 return mgmt_event(MGMT_EV_NEW_LINK_KEY, hdev, &ev, sizeof(ev), NULL);
55ed8ca1 2964}
f7520543 2965
346af67b
VCG		 2966int mgmt_new_ltk(struct hci_dev *hdev, struct smp_ltk *key, u8 persistent)
2967{
2968 struct mgmt_ev_new_long_term_key ev;
2969
2970 memset(&ev, 0, sizeof(ev));
2971
2972 ev.store_hint = persistent;
2973 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
57c1477c 2974 ev.key.addr.type = link_to_bdaddr(LE_LINK, key->bdaddr_type);
346af67b
VCG		 2975 ev.key.authenticated = key->authenticated;
2976 ev.key.enc_size = key->enc_size;
2977 ev.key.ediv = key->ediv;
2978
2979 if (key->type == HCI_SMP_LTK)
2980 ev.key.master = 1;
2981
2982 memcpy(ev.key.rand, key->rand, sizeof(key->rand));
2983 memcpy(ev.key.val, key->val, sizeof(key->val));
2984
04124681
GP		 2985 return mgmt_event(MGMT_EV_NEW_LONG_TERM_KEY, hdev, &ev, sizeof(ev),
2986 NULL);
346af67b
VCG		 2987}
2988
afc747a6 2989int mgmt_device_connected(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
04124681
GP		 2990 u8 addr_type, u32 flags, u8 *name, u8 name_len,
2991 u8 *dev_class)
f7520543 2992{
b644ba33
JH		 2993 char buf[512];
2994 struct mgmt_ev_device_connected *ev = (void *) buf;
2995 u16 eir_len = 0;
f7520543 2996
b644ba33 2997 bacpy(&ev->addr.bdaddr, bdaddr);
57c1477c 2998 ev->addr.type = link_to_bdaddr(link_type, addr_type);
f7520543 2999
c95f0ba7 3000 ev->flags = __cpu_to_le32(flags);
08c79b61 3001
b644ba33
JH		 3002 if (name_len > 0)
3003 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE,
04124681 3004 name, name_len);
b644ba33
JH		 3005
3006 if (dev_class && memcmp(dev_class, "\0\0\0", 3) != 0)
53156385 3007 eir_len = eir_append_data(ev->eir, eir_len,
04124681 3008 EIR_CLASS_OF_DEV, dev_class, 3);
b644ba33 3009
eb55ef07 3010 ev->eir_len = cpu_to_le16(eir_len);
b644ba33
JH		 3011
3012 return mgmt_event(MGMT_EV_DEVICE_CONNECTED, hdev, buf,
04124681 3013 sizeof(*ev) + eir_len, NULL);
f7520543
JH		 3014}
3015
8962ee74
JH		 3016static void disconnect_rsp(struct pending_cmd *cmd, void *data)
3017{
c68fb7ff 3018 struct mgmt_cp_disconnect *cp = cmd->param;
8962ee74 3019 struct sock **sk = data;
a38528f1 3020 struct mgmt_rp_disconnect rp;
8962ee74 3021
88c3df13
JH		 3022 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
3023 rp.addr.type = cp->addr.type;
8962ee74 3024
aee9b218 3025 cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT, 0, &rp,
04124681 3026 sizeof(rp));
8962ee74
JH		 3027
3028 *sk = cmd->sk;
3029 sock_hold(*sk);
3030
a664b5bc 3031 mgmt_pending_remove(cmd);
8962ee74
JH		 3032}
3033
124f6e35 3034static void unpair_device_rsp(struct pending_cmd *cmd, void *data)
a8a1d19e 3035{
b1078ad0 3036 struct hci_dev *hdev = data;
124f6e35
JH		 3037 struct mgmt_cp_unpair_device *cp = cmd->param;
3038 struct mgmt_rp_unpair_device rp;
a8a1d19e
JH		 3039
3040 memset(&rp, 0, sizeof(rp));
124f6e35
JH		 3041 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
3042 rp.addr.type = cp->addr.type;
a8a1d19e 3043
b1078ad0
JH		 3044 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, cmd->sk);
3045
aee9b218 3046 cmd_complete(cmd->sk, cmd->index, cmd->opcode, 0, &rp, sizeof(rp));
a8a1d19e
JH		 3047
3048 mgmt_pending_remove(cmd);
3049}
3050
afc747a6 3051int mgmt_device_disconnected(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 3052 u8 link_type, u8 addr_type)
f7520543 3053{
4c659c39 3054 struct mgmt_addr_info ev;
8962ee74
JH		 3055 struct sock *sk = NULL;
3056 int err;
3057
744cf19e 3058 mgmt_pending_foreach(MGMT_OP_DISCONNECT, hdev, disconnect_rsp, &sk);
f7520543 3059
f7520543 3060 bacpy(&ev.bdaddr, bdaddr);
57c1477c 3061 ev.type = link_to_bdaddr(link_type, addr_type);
f7520543 3062
afc747a6 3063 err = mgmt_event(MGMT_EV_DEVICE_DISCONNECTED, hdev, &ev, sizeof(ev),
04124681 3064 sk);
8962ee74
JH		 3065
3066 if (sk)
d97dcb66 3067 sock_put(sk);
8962ee74 3068
124f6e35 3069 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
04124681 3070 hdev);
a8a1d19e 3071
8962ee74
JH		 3072 return err;
3073}
3074
88c3df13 3075int mgmt_disconnect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 3076 u8 link_type, u8 addr_type, u8 status)
8962ee74 3077{
88c3df13 3078 struct mgmt_rp_disconnect rp;
8962ee74
JH		 3079 struct pending_cmd *cmd;
3080 int err;
3081
2e58ef3e 3082 cmd = mgmt_pending_find(MGMT_OP_DISCONNECT, hdev);
8962ee74
JH		 3083 if (!cmd)
3084 return -ENOENT;
3085
88c3df13 3086 bacpy(&rp.addr.bdaddr, bdaddr);
57c1477c 3087 rp.addr.type = link_to_bdaddr(link_type, addr_type);
37d9ef76 3088
88c3df13 3089 err = cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT,
04124681 3090 mgmt_status(status), &rp, sizeof(rp));
8962ee74 3091
a664b5bc 3092 mgmt_pending_remove(cmd);
8962ee74 3093
b1078ad0
JH		 3094 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
3095 hdev);
8962ee74 3096 return err;
f7520543 3097}
17d5c04c 3098
48264f06 3099int mgmt_connect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
04124681 3100 u8 addr_type, u8 status)
17d5c04c
JH		 3101{
3102 struct mgmt_ev_connect_failed ev;
3103
4c659c39 3104 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 3105 ev.addr.type = link_to_bdaddr(link_type, addr_type);
ca69b795 3106 ev.status = mgmt_status(status);
17d5c04c 3107
744cf19e 3108 return mgmt_event(MGMT_EV_CONNECT_FAILED, hdev, &ev, sizeof(ev), NULL);
17d5c04c 3109}
980e1a53 3110
744cf19e 3111int mgmt_pin_code_request(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 secure)
980e1a53
JH		 3112{
3113 struct mgmt_ev_pin_code_request ev;
3114
d8457698 3115 bacpy(&ev.addr.bdaddr, bdaddr);
591f47f3 3116 ev.addr.type = BDADDR_BREDR;
a770bb5a 3117 ev.secure = secure;
980e1a53 3118
744cf19e 3119 return mgmt_event(MGMT_EV_PIN_CODE_REQUEST, hdev, &ev, sizeof(ev),
04124681 3120 NULL);
980e1a53
JH		 3121}
3122
744cf19e 3123int mgmt_pin_code_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 3124 u8 status)
980e1a53
JH		 3125{
3126 struct pending_cmd *cmd;
ac56fb13 3127 struct mgmt_rp_pin_code_reply rp;
980e1a53
JH		 3128 int err;
3129
2e58ef3e 3130 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_REPLY, hdev);
980e1a53
JH		 3131 if (!cmd)
3132 return -ENOENT;
3133
d8457698 3134 bacpy(&rp.addr.bdaddr, bdaddr);
591f47f3 3135 rp.addr.type = BDADDR_BREDR;
ac56fb13 3136
aee9b218 3137 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
04124681 3138 mgmt_status(status), &rp, sizeof(rp));
980e1a53 3139
a664b5bc 3140 mgmt_pending_remove(cmd);
980e1a53
JH		 3141
3142 return err;
3143}
3144
744cf19e 3145int mgmt_pin_code_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 3146 u8 status)
980e1a53
JH		 3147{
3148 struct pending_cmd *cmd;
ac56fb13 3149 struct mgmt_rp_pin_code_reply rp;
980e1a53
JH		 3150 int err;
3151
2e58ef3e 3152 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_NEG_REPLY, hdev);
980e1a53
JH		 3153 if (!cmd)
3154 return -ENOENT;
3155
d8457698 3156 bacpy(&rp.addr.bdaddr, bdaddr);
591f47f3 3157 rp.addr.type = BDADDR_BREDR;
ac56fb13 3158
aee9b218 3159 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_NEG_REPLY,
04124681 3160 mgmt_status(status), &rp, sizeof(rp));
980e1a53 3161
a664b5bc 3162 mgmt_pending_remove(cmd);
980e1a53
JH		 3163
3164 return err;
3165}
a5c29683 3166
744cf19e 3167int mgmt_user_confirm_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681
GP		 3168 u8 link_type, u8 addr_type, __le32 value,
3169 u8 confirm_hint)
a5c29683
JH		 3170{
3171 struct mgmt_ev_user_confirm_request ev;
3172
744cf19e 3173 BT_DBG("%s", hdev->name);
a5c29683 3174
272d90df 3175 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 3176 ev.addr.type = link_to_bdaddr(link_type, addr_type);
55bc1a37 3177 ev.confirm_hint = confirm_hint;
78e8098e 3178 ev.value = value;
a5c29683 3179
744cf19e 3180 return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST, hdev, &ev, sizeof(ev),
04124681 3181 NULL);
a5c29683
JH		 3182}
3183
272d90df
JH		 3184int mgmt_user_passkey_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
3185 u8 link_type, u8 addr_type)
604086b7
BG		 3186{
3187 struct mgmt_ev_user_passkey_request ev;
3188
3189 BT_DBG("%s", hdev->name);
3190
272d90df 3191 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 3192 ev.addr.type = link_to_bdaddr(link_type, addr_type);
604086b7
BG		 3193
3194 return mgmt_event(MGMT_EV_USER_PASSKEY_REQUEST, hdev, &ev, sizeof(ev),
04124681 3195 NULL);
604086b7
BG		 3196}
3197
0df4c185 3198static int user_pairing_resp_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
272d90df
JH		 3199 u8 link_type, u8 addr_type, u8 status,
3200 u8 opcode)
a5c29683
JH		 3201{
3202 struct pending_cmd *cmd;
3203 struct mgmt_rp_user_confirm_reply rp;
3204 int err;
3205
2e58ef3e 3206 cmd = mgmt_pending_find(opcode, hdev);
a5c29683
JH		 3207 if (!cmd)
3208 return -ENOENT;
3209
272d90df 3210 bacpy(&rp.addr.bdaddr, bdaddr);
57c1477c 3211 rp.addr.type = link_to_bdaddr(link_type, addr_type);
aee9b218 3212 err = cmd_complete(cmd->sk, hdev->id, opcode, mgmt_status(status),
04124681 3213 &rp, sizeof(rp));
a5c29683 3214
a664b5bc 3215 mgmt_pending_remove(cmd);
a5c29683
JH		 3216
3217 return err;
3218}
3219
744cf19e 3220int mgmt_user_confirm_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 3221 u8 link_type, u8 addr_type, u8 status)
a5c29683 3222{
272d90df 3223 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
04124681 3224 status, MGMT_OP_USER_CONFIRM_REPLY);
a5c29683
JH		 3225}
3226
272d90df 3227int mgmt_user_confirm_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 3228 u8 link_type, u8 addr_type, u8 status)
a5c29683 3229{
272d90df 3230 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
04124681 3231 status, MGMT_OP_USER_CONFIRM_NEG_REPLY);
a5c29683 3232}
2a611692 3233
604086b7 3234int mgmt_user_passkey_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 3235 u8 link_type, u8 addr_type, u8 status)
604086b7 3236{
272d90df 3237 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
04124681 3238 status, MGMT_OP_USER_PASSKEY_REPLY);
604086b7
BG		 3239}
3240
272d90df 3241int mgmt_user_passkey_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 3242 u8 link_type, u8 addr_type, u8 status)
604086b7 3243{
272d90df 3244 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
04124681 3245 status, MGMT_OP_USER_PASSKEY_NEG_REPLY);
604086b7
BG		 3246}
3247
bab73cb6 3248int mgmt_auth_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
04124681 3249 u8 addr_type, u8 status)
2a611692
JH		 3250{
3251 struct mgmt_ev_auth_failed ev;
3252
bab73cb6 3253 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 3254 ev.addr.type = link_to_bdaddr(link_type, addr_type);
ca69b795 3255 ev.status = mgmt_status(status);
2a611692 3256
744cf19e 3257 return mgmt_event(MGMT_EV_AUTH_FAILED, hdev, &ev, sizeof(ev), NULL);
2a611692 3258}
b312b161 3259
33ef95ed
JH		 3260int mgmt_auth_enable_complete(struct hci_dev *hdev, u8 status)
3261{
3262 struct cmd_lookup match = { NULL, hdev };
47990ea0
JH		 3263 bool changed = false;
3264 int err = 0;
33ef95ed
JH		 3265
3266 if (status) {
3267 u8 mgmt_err = mgmt_status(status);
3268 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev,
04124681 3269 cmd_status_rsp, &mgmt_err);
33ef95ed
JH		 3270 return 0;
3271 }
3272
47990ea0
JH		 3273 if (test_bit(HCI_AUTH, &hdev->flags)) {
3274 if (!test_and_set_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
3275 changed = true;
3276 } else {
3277 if (test_and_clear_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
3278 changed = true;
3279 }
3280
33ef95ed 3281 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev, settings_rsp,
04124681 3282 &match);
33ef95ed 3283
47990ea0
JH		 3284 if (changed)
3285 err = new_settings(hdev, match.sk);
33ef95ed
JH		 3286
3287 if (match.sk)
3288 sock_put(match.sk);
3289
3290 return err;
3291}
3292
cacaf52f
JH		 3293static int clear_eir(struct hci_dev *hdev)
3294{
3295 struct hci_cp_write_eir cp;
3296
3297 if (!(hdev->features[6] & LMP_EXT_INQ))
3298 return 0;
3299
c80da27e
JH		 3300 memset(hdev->eir, 0, sizeof(hdev->eir));
3301
cacaf52f
JH		 3302 memset(&cp, 0, sizeof(cp));
3303
3304 return hci_send_cmd(hdev, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
3305}
3306
c0ecddc2 3307int mgmt_ssp_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
ed2c4ee3
JH		 3308{
3309 struct cmd_lookup match = { NULL, hdev };
c0ecddc2
JH		 3310 bool changed = false;
3311 int err = 0;
ed2c4ee3
JH		 3312
3313 if (status) {
3314 u8 mgmt_err = mgmt_status(status);
c0ecddc2
JH		 3315
3316 if (enable && test_and_clear_bit(HCI_SSP_ENABLED,
04124681 3317 &hdev->dev_flags))
c0ecddc2
JH		 3318 err = new_settings(hdev, NULL);
3319
04124681
GP		 3320 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, cmd_status_rsp,
3321 &mgmt_err);
c0ecddc2
JH		 3322
3323 return err;
3324 }
3325
3326 if (enable) {
3327 if (!test_and_set_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
3328 changed = true;
3329 } else {
3330 if (test_and_clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
3331 changed = true;
ed2c4ee3
JH		 3332 }
3333
3334 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, settings_rsp, &match);
3335
c0ecddc2
JH		 3336 if (changed)
3337 err = new_settings(hdev, match.sk);
ed2c4ee3 3338
5fc6ebb1 3339 if (match.sk)
ed2c4ee3
JH		 3340 sock_put(match.sk);
3341
5fc6ebb1
JH		 3342 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
3343 update_eir(hdev);
3344 else
3345 clear_eir(hdev);
cacaf52f 3346
ed2c4ee3
JH		 3347 return err;
3348}
3349
90e70454
JH		 3350static void class_rsp(struct pending_cmd *cmd, void *data)
3351{
3352 struct cmd_lookup *match = data;
3353
3354 cmd_complete(cmd->sk, cmd->index, cmd->opcode, match->mgmt_status,
04124681 3355 match->hdev->dev_class, 3);
90e70454
JH		 3356
3357 list_del(&cmd->list);
3358
3359 if (match->sk == NULL) {
3360 match->sk = cmd->sk;
3361 sock_hold(match->sk);
3362 }
3363
3364 mgmt_pending_free(cmd);
3365}
3366
7f9a903c 3367int mgmt_set_class_of_dev_complete(struct hci_dev *hdev, u8 *dev_class,
04124681 3368 u8 status)
7f9a903c 3369{
90e70454
JH		 3370 struct cmd_lookup match = { NULL, hdev, mgmt_status(status) };
3371 int err = 0;
7f9a903c 3372
c95f0ba7
JH		 3373 clear_bit(HCI_PENDING_CLASS, &hdev->dev_flags);
3374
90e70454
JH		 3375 mgmt_pending_foreach(MGMT_OP_SET_DEV_CLASS, hdev, class_rsp, &match);
3376 mgmt_pending_foreach(MGMT_OP_ADD_UUID, hdev, class_rsp, &match);
3377 mgmt_pending_foreach(MGMT_OP_REMOVE_UUID, hdev, class_rsp, &match);
3378
3379 if (!status)
04124681
GP		 3380 err = mgmt_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev, dev_class,
3381 3, NULL);
90e70454
JH		 3382
3383 if (match.sk)
3384 sock_put(match.sk);
7f9a903c
MH		 3385
3386 return err;
3387}
3388
744cf19e 3389int mgmt_set_local_name_complete(struct hci_dev *hdev, u8 *name, u8 status)
b312b161
JH		 3390{
3391 struct pending_cmd *cmd;
3392 struct mgmt_cp_set_local_name ev;
28cc7bde
JH		 3393 bool changed = false;
3394 int err = 0;
3395
3396 if (memcmp(name, hdev->dev_name, sizeof(hdev->dev_name)) != 0) {
3397 memcpy(hdev->dev_name, name, sizeof(hdev->dev_name));
3398 changed = true;
3399 }
b312b161
JH		 3400
3401 memset(&ev, 0, sizeof(ev));
3402 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH);
28cc7bde 3403 memcpy(ev.short_name, hdev->short_name, HCI_MAX_SHORT_NAME_LENGTH);
b312b161 3404
2e58ef3e 3405 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
b312b161
JH		 3406 if (!cmd)
3407 goto send_event;
3408
7bdaae4a
JH		 3409 /* Always assume that either the short or the complete name has
3410 * changed if there was a pending mgmt command */
3411 changed = true;
3412
b312b161 3413 if (status) {
744cf19e 3414 err = cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME,
04124681 3415 mgmt_status(status));
b312b161
JH		 3416 goto failed;
3417 }
3418
aee9b218 3419 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0, &ev,
04124681 3420 sizeof(ev));
b312b161
JH		 3421 if (err < 0)
3422 goto failed;
3423
3424send_event:
28cc7bde
JH		 3425 if (changed)
3426 err = mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, &ev,
04124681 3427 sizeof(ev), cmd ? cmd->sk : NULL);
28cc7bde 3428
f51d5b24 3429 update_eir(hdev);
b312b161
JH		 3430
3431failed:
3432 if (cmd)
3433 mgmt_pending_remove(cmd);
3434 return err;
3435}
c35938b2 3436
744cf19e 3437int mgmt_read_local_oob_data_reply_complete(struct hci_dev *hdev, u8 *hash,
04124681 3438 u8 *randomizer, u8 status)
c35938b2
SJ		 3439{
3440 struct pending_cmd *cmd;
3441 int err;
3442
744cf19e 3443 BT_DBG("%s status %u", hdev->name, status);
c35938b2 3444
2e58ef3e 3445 cmd = mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev);
c35938b2
SJ		 3446 if (!cmd)
3447 return -ENOENT;
3448
3449 if (status) {
04124681
GP		 3450 err = cmd_status(cmd->sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3451 mgmt_status(status));
c35938b2
SJ		 3452 } else {
3453 struct mgmt_rp_read_local_oob_data rp;
3454
3455 memcpy(rp.hash, hash, sizeof(rp.hash));
3456 memcpy(rp.randomizer, randomizer, sizeof(rp.randomizer));
3457
744cf19e 3458 err = cmd_complete(cmd->sk, hdev->id,
04124681
GP		 3459 MGMT_OP_READ_LOCAL_OOB_DATA, 0, &rp,
3460 sizeof(rp));
c35938b2
SJ		 3461 }
3462
3463 mgmt_pending_remove(cmd);
3464
3465 return err;
3466}
e17acd40 3467
06199cf8
JH		 3468int mgmt_le_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
3469{
3470 struct cmd_lookup match = { NULL, hdev };
3471 bool changed = false;
3472 int err = 0;
3473
3474 if (status) {
3475 u8 mgmt_err = mgmt_status(status);
3476
3477 if (enable && test_and_clear_bit(HCI_LE_ENABLED,
04124681 3478 &hdev->dev_flags))
d97dcb66 3479 err = new_settings(hdev, NULL);
06199cf8 3480
d97dcb66
SJ		 3481 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, cmd_status_rsp,
3482 &mgmt_err);
06199cf8
JH		 3483
3484 return err;
3485 }
3486
3487 if (enable) {
3488 if (!test_and_set_bit(HCI_LE_ENABLED, &hdev->dev_flags))
3489 changed = true;
3490 } else {
3491 if (test_and_clear_bit(HCI_LE_ENABLED, &hdev->dev_flags))
3492 changed = true;
3493 }
3494
3495 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, settings_rsp, &match);
3496
3497 if (changed)
3498 err = new_settings(hdev, match.sk);
3499
3500 if (match.sk)
3501 sock_put(match.sk);
3502
3503 return err;
3504}
3505
48264f06 3506int mgmt_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
04124681
GP		 3507 u8 addr_type, u8 *dev_class, s8 rssi, u8 cfm_name, u8
3508 ssp, u8 *eir, u16 eir_len)
e17acd40 3509{
e319d2e7
JH		 3510 char buf[512];
3511 struct mgmt_ev_device_found *ev = (void *) buf;
1dc06093 3512 size_t ev_size;
e17acd40 3513
1dc06093
JH		 3514 /* Leave 5 bytes for a potential CoD field */
3515 if (sizeof(*ev) + eir_len + 5 > sizeof(buf))
7d262f86
AG		 3516 return -EINVAL;
3517
1dc06093
JH		 3518 memset(buf, 0, sizeof(buf));
3519
e319d2e7 3520 bacpy(&ev->addr.bdaddr, bdaddr);
57c1477c 3521 ev->addr.type = link_to_bdaddr(link_type, addr_type);
e319d2e7 3522 ev->rssi = rssi;
9a395a80
JH		 3523 if (cfm_name)
3524 ev->flags[0] |= MGMT_DEV_FOUND_CONFIRM_NAME;
388fc8fa
JH		 3525 if (!ssp)
3526 ev->flags[0] |= MGMT_DEV_FOUND_LEGACY_PAIRING;
e17acd40 3527
1dc06093 3528 if (eir_len > 0)
e319d2e7 3529 memcpy(ev->eir, eir, eir_len);
e17acd40 3530
1dc06093
JH		 3531 if (dev_class && !eir_has_data_type(ev->eir, eir_len, EIR_CLASS_OF_DEV))
3532 eir_len = eir_append_data(ev->eir, eir_len, EIR_CLASS_OF_DEV,
04124681 3533 dev_class, 3);
1dc06093 3534
eb55ef07 3535 ev->eir_len = cpu_to_le16(eir_len);
1dc06093
JH		 3536
3537 ev_size = sizeof(*ev) + eir_len;
f8523598 3538
e319d2e7 3539 return mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, ev_size, NULL);
e17acd40 3540}
a88a9652 3541
b644ba33 3542int mgmt_remote_name(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
04124681 3543 u8 addr_type, s8 rssi, u8 *name, u8 name_len)
a88a9652 3544{
b644ba33
JH		 3545 struct mgmt_ev_device_found *ev;
3546 char buf[sizeof(*ev) + HCI_MAX_NAME_LENGTH + 2];
3547 u16 eir_len;
a88a9652 3548
b644ba33 3549 ev = (struct mgmt_ev_device_found *) buf;
a88a9652 3550
b644ba33
JH		 3551 memset(buf, 0, sizeof(buf));
3552
3553 bacpy(&ev->addr.bdaddr, bdaddr);
57c1477c 3554 ev->addr.type = link_to_bdaddr(link_type, addr_type);
b644ba33
JH		 3555 ev->rssi = rssi;
3556
3557 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE, name,
04124681 3558 name_len);
b644ba33 3559
eb55ef07 3560 ev->eir_len = cpu_to_le16(eir_len);
a88a9652 3561
053c7e0c 3562 return mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev,
04124681 3563 sizeof(*ev) + eir_len, NULL);
a88a9652 3564}
314b2381 3565
7a135109 3566int mgmt_start_discovery_failed(struct hci_dev *hdev, u8 status)
164a6e78
JH		 3567{
3568 struct pending_cmd *cmd;
f808e166 3569 u8 type;
164a6e78
JH		 3570 int err;
3571
203159d4
AG		 3572 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
3573
2e58ef3e 3574 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
164a6e78
JH		 3575 if (!cmd)
3576 return -ENOENT;
3577
f808e166
JH		 3578 type = hdev->discovery.type;
3579
3580 err = cmd_complete(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status),
04124681 3581 &type, sizeof(type));
164a6e78
JH		 3582 mgmt_pending_remove(cmd);
3583
3584 return err;
3585}
3586
e6d465cb
AG		 3587int mgmt_stop_discovery_failed(struct hci_dev *hdev, u8 status)
3588{
3589 struct pending_cmd *cmd;
3590 int err;
3591
3592 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
3593 if (!cmd)
3594 return -ENOENT;
3595
d930650b 3596 err = cmd_complete(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status),
04124681 3597 &hdev->discovery.type, sizeof(hdev->discovery.type));
164a6e78
JH		 3598 mgmt_pending_remove(cmd);
3599
3600 return err;
3601}
3602
744cf19e 3603int mgmt_discovering(struct hci_dev *hdev, u8 discovering)
314b2381 3604{
f963e8e9 3605 struct mgmt_ev_discovering ev;
164a6e78
JH		 3606 struct pending_cmd *cmd;
3607
343fb145
AG		 3608 BT_DBG("%s discovering %u", hdev->name, discovering);
3609
164a6e78 3610 if (discovering)
2e58ef3e 3611 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
164a6e78 3612 else
2e58ef3e 3613 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
164a6e78
JH		 3614
3615 if (cmd != NULL) {
f808e166
JH		 3616 u8 type = hdev->discovery.type;
3617
04124681
GP		 3618 cmd_complete(cmd->sk, hdev->id, cmd->opcode, 0, &type,
3619 sizeof(type));
164a6e78
JH		 3620 mgmt_pending_remove(cmd);
3621 }
3622
f963e8e9
JH		 3623 memset(&ev, 0, sizeof(ev));
3624 ev.type = hdev->discovery.type;
3625 ev.discovering = discovering;
3626
3627 return mgmt_event(MGMT_EV_DISCOVERING, hdev, &ev, sizeof(ev), NULL);
314b2381 3628}
5e762444 3629
88c1fe4b 3630int mgmt_device_blocked(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
5e762444
AJ		 3631{
3632 struct pending_cmd *cmd;
3633 struct mgmt_ev_device_blocked ev;
3634
2e58ef3e 3635 cmd = mgmt_pending_find(MGMT_OP_BLOCK_DEVICE, hdev);
5e762444 3636
88c1fe4b
JH		 3637 bacpy(&ev.addr.bdaddr, bdaddr);
3638 ev.addr.type = type;
5e762444 3639
744cf19e 3640 return mgmt_event(MGMT_EV_DEVICE_BLOCKED, hdev, &ev, sizeof(ev),
04124681 3641 cmd ? cmd->sk : NULL);
5e762444
AJ		 3642}
3643
88c1fe4b 3644int mgmt_device_unblocked(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
5e762444
AJ		 3645{
3646 struct pending_cmd *cmd;
3647 struct mgmt_ev_device_unblocked ev;
3648
2e58ef3e 3649 cmd = mgmt_pending_find(MGMT_OP_UNBLOCK_DEVICE, hdev);
5e762444 3650
88c1fe4b
JH		 3651 bacpy(&ev.addr.bdaddr, bdaddr);
3652 ev.addr.type = type;
5e762444 3653
744cf19e 3654 return mgmt_event(MGMT_EV_DEVICE_UNBLOCKED, hdev, &ev, sizeof(ev),
04124681 3655 cmd ? cmd->sk : NULL);
5e762444 3656}
d7b7e796
MH		 3657
3658module_param(enable_hs, bool, 0644);
3659MODULE_PARM_DESC(enable_hs, "Enable High Speed support");
3660
3661module_param(enable_le, bool, 0644);
3662MODULE_PARM_DESC(enable_le, "Enable Low Energy support");
kernel source for telekom puls (alcatel/mediatek)