projects / GitHub / mt8127 / android_kernel_alcatel_ttab.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Bluetooth: Remove redundant hdev->parent field
[GitHub/mt8127/android_kernel_alcatel_ttab.git] / net / bluetooth / mgmt.c
CommitLineData
0381101f
JH		 1/*
2 BlueZ - Bluetooth protocol stack for Linux
ea585ab5 3
0381101f 4 Copyright (C) 2010 Nokia Corporation
ea585ab5 5 Copyright (C) 2011-2012 Intel Corporation
0381101f
JH		 6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
10
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
23*/
24
25/* Bluetooth HCI Management interface */
26
ca69b795 27#include <linux/kernel.h>
72359753 28#include <linux/uaccess.h>
3a9a231d 29#include <linux/module.h>
0381101f
JH		 30#include <asm/unaligned.h>
31
32#include <net/bluetooth/bluetooth.h>
33#include <net/bluetooth/hci_core.h>
34#include <net/bluetooth/mgmt.h>
5fe57d9e 35#include <net/bluetooth/smp.h>
0381101f 36
d7b7e796
MH		 37bool enable_hs;
38bool enable_le;
39
2da9c55c
JH		 40#define MGMT_VERSION 1
41#define MGMT_REVISION 0
02d98129 42
e70bb2e8
JH		 43static const u16 mgmt_commands[] = {
44 MGMT_OP_READ_INDEX_LIST,
45 MGMT_OP_READ_INFO,
46 MGMT_OP_SET_POWERED,
47 MGMT_OP_SET_DISCOVERABLE,
48 MGMT_OP_SET_CONNECTABLE,
49 MGMT_OP_SET_FAST_CONNECTABLE,
50 MGMT_OP_SET_PAIRABLE,
51 MGMT_OP_SET_LINK_SECURITY,
52 MGMT_OP_SET_SSP,
53 MGMT_OP_SET_HS,
54 MGMT_OP_SET_LE,
55 MGMT_OP_SET_DEV_CLASS,
56 MGMT_OP_SET_LOCAL_NAME,
57 MGMT_OP_ADD_UUID,
58 MGMT_OP_REMOVE_UUID,
59 MGMT_OP_LOAD_LINK_KEYS,
60 MGMT_OP_LOAD_LONG_TERM_KEYS,
61 MGMT_OP_DISCONNECT,
62 MGMT_OP_GET_CONNECTIONS,
63 MGMT_OP_PIN_CODE_REPLY,
64 MGMT_OP_PIN_CODE_NEG_REPLY,
65 MGMT_OP_SET_IO_CAPABILITY,
66 MGMT_OP_PAIR_DEVICE,
67 MGMT_OP_CANCEL_PAIR_DEVICE,
68 MGMT_OP_UNPAIR_DEVICE,
69 MGMT_OP_USER_CONFIRM_REPLY,
70 MGMT_OP_USER_CONFIRM_NEG_REPLY,
71 MGMT_OP_USER_PASSKEY_REPLY,
72 MGMT_OP_USER_PASSKEY_NEG_REPLY,
73 MGMT_OP_READ_LOCAL_OOB_DATA,
74 MGMT_OP_ADD_REMOTE_OOB_DATA,
75 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
76 MGMT_OP_START_DISCOVERY,
77 MGMT_OP_STOP_DISCOVERY,
78 MGMT_OP_CONFIRM_NAME,
79 MGMT_OP_BLOCK_DEVICE,
80 MGMT_OP_UNBLOCK_DEVICE,
81};
82
83static const u16 mgmt_events[] = {
84 MGMT_EV_CONTROLLER_ERROR,
85 MGMT_EV_INDEX_ADDED,
86 MGMT_EV_INDEX_REMOVED,
87 MGMT_EV_NEW_SETTINGS,
88 MGMT_EV_CLASS_OF_DEV_CHANGED,
89 MGMT_EV_LOCAL_NAME_CHANGED,
90 MGMT_EV_NEW_LINK_KEY,
91 MGMT_EV_NEW_LONG_TERM_KEY,
92 MGMT_EV_DEVICE_CONNECTED,
93 MGMT_EV_DEVICE_DISCONNECTED,
94 MGMT_EV_CONNECT_FAILED,
95 MGMT_EV_PIN_CODE_REQUEST,
96 MGMT_EV_USER_CONFIRM_REQUEST,
97 MGMT_EV_USER_PASSKEY_REQUEST,
98 MGMT_EV_AUTH_FAILED,
99 MGMT_EV_DEVICE_FOUND,
100 MGMT_EV_DISCOVERING,
101 MGMT_EV_DEVICE_BLOCKED,
102 MGMT_EV_DEVICE_UNBLOCKED,
103 MGMT_EV_DEVICE_UNPAIRED,
104};
105
3fd24153
AG		 106/*
107 * These LE scan and inquiry parameters were chosen according to LE General
108 * Discovery Procedure specification.
109 */
110#define LE_SCAN_TYPE 0x01
111#define LE_SCAN_WIN 0x12
112#define LE_SCAN_INT 0x12
113#define LE_SCAN_TIMEOUT_LE_ONLY 10240 /* TGAP(gen_disc_scan_min) */
5e0452c0 114#define LE_SCAN_TIMEOUT_BREDR_LE 5120 /* TGAP(100)/2 */
3fd24153 115
e8777525 116#define INQUIRY_LEN_BREDR 0x08 /* TGAP(100) */
5e0452c0 117#define INQUIRY_LEN_BREDR_LE 0x04 /* TGAP(100)/2 */
2519a1fc 118
17b02e62 119#define CACHE_TIMEOUT msecs_to_jiffies(2 * 1000)
7d78525d 120
4b34ee78
JH		 121#define hdev_is_powered(hdev) (test_bit(HCI_UP, &hdev->flags) && \
122 !test_bit(HCI_AUTO_OFF, &hdev->dev_flags))
123
eec8d2bc
JH		 124struct pending_cmd {
125 struct list_head list;
fc2f4b13 126 u16 opcode;
eec8d2bc 127 int index;
c68fb7ff 128 void *param;
eec8d2bc 129 struct sock *sk;
e9a416b5 130 void *user_data;
eec8d2bc
JH		 131};
132
ca69b795
JH		 133/* HCI to MGMT error code conversion table */
134static u8 mgmt_status_table[] = {
135 MGMT_STATUS_SUCCESS,
136 MGMT_STATUS_UNKNOWN_COMMAND, /* Unknown Command */
137 MGMT_STATUS_NOT_CONNECTED, /* No Connection */
138 MGMT_STATUS_FAILED, /* Hardware Failure */
139 MGMT_STATUS_CONNECT_FAILED, /* Page Timeout */
140 MGMT_STATUS_AUTH_FAILED, /* Authentication Failed */
141 MGMT_STATUS_NOT_PAIRED, /* PIN or Key Missing */
142 MGMT_STATUS_NO_RESOURCES, /* Memory Full */
143 MGMT_STATUS_TIMEOUT, /* Connection Timeout */
144 MGMT_STATUS_NO_RESOURCES, /* Max Number of Connections */
145 MGMT_STATUS_NO_RESOURCES, /* Max Number of SCO Connections */
146 MGMT_STATUS_ALREADY_CONNECTED, /* ACL Connection Exists */
147 MGMT_STATUS_BUSY, /* Command Disallowed */
148 MGMT_STATUS_NO_RESOURCES, /* Rejected Limited Resources */
149 MGMT_STATUS_REJECTED, /* Rejected Security */
150 MGMT_STATUS_REJECTED, /* Rejected Personal */
151 MGMT_STATUS_TIMEOUT, /* Host Timeout */
152 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Feature */
153 MGMT_STATUS_INVALID_PARAMS, /* Invalid Parameters */
154 MGMT_STATUS_DISCONNECTED, /* OE User Ended Connection */
155 MGMT_STATUS_NO_RESOURCES, /* OE Low Resources */
156 MGMT_STATUS_DISCONNECTED, /* OE Power Off */
157 MGMT_STATUS_DISCONNECTED, /* Connection Terminated */
158 MGMT_STATUS_BUSY, /* Repeated Attempts */
159 MGMT_STATUS_REJECTED, /* Pairing Not Allowed */
160 MGMT_STATUS_FAILED, /* Unknown LMP PDU */
161 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Remote Feature */
162 MGMT_STATUS_REJECTED, /* SCO Offset Rejected */
163 MGMT_STATUS_REJECTED, /* SCO Interval Rejected */
164 MGMT_STATUS_REJECTED, /* Air Mode Rejected */
165 MGMT_STATUS_INVALID_PARAMS, /* Invalid LMP Parameters */
166 MGMT_STATUS_FAILED, /* Unspecified Error */
167 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported LMP Parameter Value */
168 MGMT_STATUS_FAILED, /* Role Change Not Allowed */
169 MGMT_STATUS_TIMEOUT, /* LMP Response Timeout */
170 MGMT_STATUS_FAILED, /* LMP Error Transaction Collision */
171 MGMT_STATUS_FAILED, /* LMP PDU Not Allowed */
172 MGMT_STATUS_REJECTED, /* Encryption Mode Not Accepted */
173 MGMT_STATUS_FAILED, /* Unit Link Key Used */
174 MGMT_STATUS_NOT_SUPPORTED, /* QoS Not Supported */
175 MGMT_STATUS_TIMEOUT, /* Instant Passed */
176 MGMT_STATUS_NOT_SUPPORTED, /* Pairing Not Supported */
177 MGMT_STATUS_FAILED, /* Transaction Collision */
178 MGMT_STATUS_INVALID_PARAMS, /* Unacceptable Parameter */
179 MGMT_STATUS_REJECTED, /* QoS Rejected */
180 MGMT_STATUS_NOT_SUPPORTED, /* Classification Not Supported */
181 MGMT_STATUS_REJECTED, /* Insufficient Security */
182 MGMT_STATUS_INVALID_PARAMS, /* Parameter Out Of Range */
183 MGMT_STATUS_BUSY, /* Role Switch Pending */
184 MGMT_STATUS_FAILED, /* Slot Violation */
185 MGMT_STATUS_FAILED, /* Role Switch Failed */
186 MGMT_STATUS_INVALID_PARAMS, /* EIR Too Large */
187 MGMT_STATUS_NOT_SUPPORTED, /* Simple Pairing Not Supported */
188 MGMT_STATUS_BUSY, /* Host Busy Pairing */
189 MGMT_STATUS_REJECTED, /* Rejected, No Suitable Channel */
190 MGMT_STATUS_BUSY, /* Controller Busy */
191 MGMT_STATUS_INVALID_PARAMS, /* Unsuitable Connection Interval */
192 MGMT_STATUS_TIMEOUT, /* Directed Advertising Timeout */
193 MGMT_STATUS_AUTH_FAILED, /* Terminated Due to MIC Failure */
194 MGMT_STATUS_CONNECT_FAILED, /* Connection Establishment Failed */
195 MGMT_STATUS_CONNECT_FAILED, /* MAC Connection Failed */
196};
197
198static u8 mgmt_status(u8 hci_status)
199{
200 if (hci_status < ARRAY_SIZE(mgmt_status_table))
201 return mgmt_status_table[hci_status];
202
203 return MGMT_STATUS_FAILED;
204}
205
4e51eae9 206static int cmd_status(struct sock *sk, u16 index, u16 cmd, u8 status)
f7b64e69
JH		 207{
208 struct sk_buff *skb;
209 struct mgmt_hdr *hdr;
210 struct mgmt_ev_cmd_status *ev;
56b7d137 211 int err;
f7b64e69 212
34eb525c 213 BT_DBG("sock %p, index %u, cmd %u, status %u", sk, index, cmd, status);
f7b64e69
JH		 214
215 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev), GFP_ATOMIC);
216 if (!skb)
217 return -ENOMEM;
218
219 hdr = (void *) skb_put(skb, sizeof(*hdr));
220
221 hdr->opcode = cpu_to_le16(MGMT_EV_CMD_STATUS);
4e51eae9 222 hdr->index = cpu_to_le16(index);
f7b64e69
JH		 223 hdr->len = cpu_to_le16(sizeof(*ev));
224
225 ev = (void *) skb_put(skb, sizeof(*ev));
226 ev->status = status;
227 put_unaligned_le16(cmd, &ev->opcode);
228
56b7d137
GP		 229 err = sock_queue_rcv_skb(sk, skb);
230 if (err < 0)
f7b64e69
JH		 231 kfree_skb(skb);
232
56b7d137 233 return err;
f7b64e69
JH		 234}
235
aee9b218 236static int cmd_complete(struct sock *sk, u16 index, u16 cmd, u8 status,
04124681 237 void *rp, size_t rp_len)
02d98129
JH		 238{
239 struct sk_buff *skb;
240 struct mgmt_hdr *hdr;
241 struct mgmt_ev_cmd_complete *ev;
56b7d137 242 int err;
02d98129
JH		 243
244 BT_DBG("sock %p", sk);
245
a38528f1 246 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev) + rp_len, GFP_ATOMIC);
02d98129
JH		 247 if (!skb)
248 return -ENOMEM;
249
250 hdr = (void *) skb_put(skb, sizeof(*hdr));
02d98129 251
a38528f1 252 hdr->opcode = cpu_to_le16(MGMT_EV_CMD_COMPLETE);
4e51eae9 253 hdr->index = cpu_to_le16(index);
a38528f1 254 hdr->len = cpu_to_le16(sizeof(*ev) + rp_len);
02d98129 255
a38528f1
JH		 256 ev = (void *) skb_put(skb, sizeof(*ev) + rp_len);
257 put_unaligned_le16(cmd, &ev->opcode);
aee9b218 258 ev->status = status;
8020c16a
SJ		 259
260 if (rp)
261 memcpy(ev->data, rp, rp_len);
02d98129 262
56b7d137
GP		 263 err = sock_queue_rcv_skb(sk, skb);
264 if (err < 0)
02d98129
JH		 265 kfree_skb(skb);
266
e5f0e151 267 return err;
02d98129
JH		 268}
269
04124681
GP		 270static int read_version(struct sock *sk, struct hci_dev *hdev, void *data,
271 u16 data_len)
a38528f1
JH		 272{
273 struct mgmt_rp_read_version rp;
274
275 BT_DBG("sock %p", sk);
276
277 rp.version = MGMT_VERSION;
278 put_unaligned_le16(MGMT_REVISION, &rp.revision);
279
aee9b218 280 return cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_VERSION, 0, &rp,
04124681 281 sizeof(rp));
a38528f1
JH		 282}
283
04124681
GP		 284static int read_commands(struct sock *sk, struct hci_dev *hdev, void *data,
285 u16 data_len)
e70bb2e8
JH		 286{
287 struct mgmt_rp_read_commands *rp;
288 u16 num_commands = ARRAY_SIZE(mgmt_commands);
289 u16 num_events = ARRAY_SIZE(mgmt_events);
290 u16 *opcode;
291 size_t rp_size;
292 int i, err;
293
294 BT_DBG("sock %p", sk);
295
296 rp_size = sizeof(*rp) + ((num_commands + num_events) * sizeof(u16));
297
298 rp = kmalloc(rp_size, GFP_KERNEL);
299 if (!rp)
300 return -ENOMEM;
301
302 put_unaligned_le16(num_commands, &rp->num_commands);
303 put_unaligned_le16(num_events, &rp->num_events);
304
305 for (i = 0, opcode = rp->opcodes; i < num_commands; i++, opcode++)
306 put_unaligned_le16(mgmt_commands[i], opcode);
307
308 for (i = 0; i < num_events; i++, opcode++)
309 put_unaligned_le16(mgmt_events[i], opcode);
310
aee9b218 311 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_COMMANDS, 0, rp,
04124681 312 rp_size);
e70bb2e8
JH		 313 kfree(rp);
314
315 return err;
316}
317
04124681
GP		 318static int read_index_list(struct sock *sk, struct hci_dev *hdev, void *data,
319 u16 data_len)
faba42eb 320{
faba42eb
JH		 321 struct mgmt_rp_read_index_list *rp;
322 struct list_head *p;
8035ded4 323 struct hci_dev *d;
a38528f1 324 size_t rp_len;
faba42eb 325 u16 count;
a38528f1 326 int i, err;
faba42eb
JH		 327
328 BT_DBG("sock %p", sk);
329
330 read_lock(&hci_dev_list_lock);
331
332 count = 0;
333 list_for_each(p, &hci_dev_list) {
334 count++;
335 }
336
a38528f1
JH		 337 rp_len = sizeof(*rp) + (2 * count);
338 rp = kmalloc(rp_len, GFP_ATOMIC);
339 if (!rp) {
b2c60d42 340 read_unlock(&hci_dev_list_lock);
faba42eb 341 return -ENOMEM;
b2c60d42 342 }
faba42eb 343
faba42eb
JH		 344 put_unaligned_le16(count, &rp->num_controllers);
345
346 i = 0;
8035ded4 347 list_for_each_entry(d, &hci_dev_list, list) {
a8b2d5c2 348 if (test_bit(HCI_SETUP, &d->dev_flags))
ab81cbf9
JH		 349 continue;
350
faba42eb
JH		 351 put_unaligned_le16(d->id, &rp->index[i++]);
352 BT_DBG("Added hci%u", d->id);
353 }
354
355 read_unlock(&hci_dev_list_lock);
356
aee9b218 357 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_INDEX_LIST, 0, rp,
04124681 358 rp_len);
faba42eb 359
a38528f1
JH		 360 kfree(rp);
361
362 return err;
faba42eb
JH		 363}
364
69ab39ea
JH		 365static u32 get_supported_settings(struct hci_dev *hdev)
366{
367 u32 settings = 0;
368
369 settings |= MGMT_SETTING_POWERED;
370 settings |= MGMT_SETTING_CONNECTABLE;
371 settings |= MGMT_SETTING_FAST_CONNECTABLE;
372 settings |= MGMT_SETTING_DISCOVERABLE;
373 settings |= MGMT_SETTING_PAIRABLE;
374
375 if (hdev->features[6] & LMP_SIMPLE_PAIR)
376 settings |= MGMT_SETTING_SSP;
377
378 if (!(hdev->features[4] & LMP_NO_BREDR)) {
379 settings |= MGMT_SETTING_BREDR;
380 settings |= MGMT_SETTING_LINK_SECURITY;
381 }
382
d7b7e796
MH		 383 if (enable_hs)
384 settings |= MGMT_SETTING_HS;
385
386 if (enable_le) {
387 if (hdev->features[4] & LMP_LE)
388 settings |= MGMT_SETTING_LE;
389 }
69ab39ea
JH		 390
391 return settings;
392}
393
394static u32 get_current_settings(struct hci_dev *hdev)
395{
396 u32 settings = 0;
397
f1f0eb02 398 if (hdev_is_powered(hdev))
f0d4b78a
MH		 399 settings |= MGMT_SETTING_POWERED;
400
5e5282bb 401 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
69ab39ea
JH		 402 settings |= MGMT_SETTING_CONNECTABLE;
403
5e5282bb 404 if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
69ab39ea
JH		 405 settings |= MGMT_SETTING_DISCOVERABLE;
406
a8b2d5c2 407 if (test_bit(HCI_PAIRABLE, &hdev->dev_flags))
69ab39ea
JH		 408 settings |= MGMT_SETTING_PAIRABLE;
409
410 if (!(hdev->features[4] & LMP_NO_BREDR))
411 settings |= MGMT_SETTING_BREDR;
412
06199cf8 413 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
69ab39ea
JH		 414 settings |= MGMT_SETTING_LE;
415
47990ea0 416 if (test_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
69ab39ea
JH		 417 settings |= MGMT_SETTING_LINK_SECURITY;
418
84bde9d6 419 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
69ab39ea
JH		 420 settings |= MGMT_SETTING_SSP;
421
6d80dfd0
JH		 422 if (test_bit(HCI_HS_ENABLED, &hdev->dev_flags))
423 settings |= MGMT_SETTING_HS;
424
69ab39ea
JH		 425 return settings;
426}
427
ef580372
JH		 428#define PNP_INFO_SVCLASS_ID 0x1200
429
430static u8 bluetooth_base_uuid[] = {
431 0xFB, 0x34, 0x9B, 0x5F, 0x80, 0x00, 0x00, 0x80,
432 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
433};
434
435static u16 get_uuid16(u8 *uuid128)
436{
437 u32 val;
438 int i;
439
440 for (i = 0; i < 12; i++) {
441 if (bluetooth_base_uuid[i] != uuid128[i])
442 return 0;
443 }
444
445 memcpy(&val, &uuid128[12], 4);
446
447 val = le32_to_cpu(val);
448 if (val > 0xffff)
449 return 0;
450
451 return (u16) val;
452}
453
454static void create_eir(struct hci_dev *hdev, u8 *data)
455{
456 u8 *ptr = data;
457 u16 eir_len = 0;
458 u16 uuid16_list[HCI_MAX_EIR_LENGTH / sizeof(u16)];
459 int i, truncated = 0;
460 struct bt_uuid *uuid;
461 size_t name_len;
462
463 name_len = strlen(hdev->dev_name);
464
465 if (name_len > 0) {
466 /* EIR Data type */
467 if (name_len > 48) {
468 name_len = 48;
469 ptr[1] = EIR_NAME_SHORT;
470 } else
471 ptr[1] = EIR_NAME_COMPLETE;
472
473 /* EIR Data length */
474 ptr[0] = name_len + 1;
475
476 memcpy(ptr + 2, hdev->dev_name, name_len);
477
478 eir_len += (name_len + 2);
479 ptr += (name_len + 2);
480 }
481
482 memset(uuid16_list, 0, sizeof(uuid16_list));
483
484 /* Group all UUID16 types */
485 list_for_each_entry(uuid, &hdev->uuids, list) {
486 u16 uuid16;
487
488 uuid16 = get_uuid16(uuid->uuid);
489 if (uuid16 == 0)
490 return;
491
492 if (uuid16 < 0x1100)
493 continue;
494
495 if (uuid16 == PNP_INFO_SVCLASS_ID)
496 continue;
497
498 /* Stop if not enough space to put next UUID */
499 if (eir_len + 2 + sizeof(u16) > HCI_MAX_EIR_LENGTH) {
500 truncated = 1;
501 break;
502 }
503
504 /* Check for duplicates */
505 for (i = 0; uuid16_list[i] != 0; i++)
506 if (uuid16_list[i] == uuid16)
507 break;
508
509 if (uuid16_list[i] == 0) {
510 uuid16_list[i] = uuid16;
511 eir_len += sizeof(u16);
512 }
513 }
514
515 if (uuid16_list[0] != 0) {
516 u8 *length = ptr;
517
518 /* EIR Data type */
519 ptr[1] = truncated ? EIR_UUID16_SOME : EIR_UUID16_ALL;
520
521 ptr += 2;
522 eir_len += 2;
523
524 for (i = 0; uuid16_list[i] != 0; i++) {
525 *ptr++ = (uuid16_list[i] & 0x00ff);
526 *ptr++ = (uuid16_list[i] & 0xff00) >> 8;
527 }
528
529 /* EIR Data length */
530 *length = (i * sizeof(u16)) + 1;
531 }
532}
533
534static int update_eir(struct hci_dev *hdev)
535{
536 struct hci_cp_write_eir cp;
537
504c8dcd 538 if (!hdev_is_powered(hdev))
7770c4aa
JH		 539 return 0;
540
ef580372
JH		 541 if (!(hdev->features[6] & LMP_EXT_INQ))
542 return 0;
543
84bde9d6 544 if (!test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
ef580372
JH		 545 return 0;
546
a8b2d5c2 547 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
ef580372
JH		 548 return 0;
549
550 memset(&cp, 0, sizeof(cp));
551
552 create_eir(hdev, cp.data);
553
554 if (memcmp(cp.data, hdev->eir, sizeof(cp.data)) == 0)
555 return 0;
556
557 memcpy(hdev->eir, cp.data, sizeof(cp.data));
558
559 return hci_send_cmd(hdev, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
560}
561
562static u8 get_service_classes(struct hci_dev *hdev)
563{
564 struct bt_uuid *uuid;
565 u8 val = 0;
566
567 list_for_each_entry(uuid, &hdev->uuids, list)
568 val |= uuid->svc_hint;
569
570 return val;
571}
572
573static int update_class(struct hci_dev *hdev)
574{
575 u8 cod[3];
c95f0ba7 576 int err;
ef580372
JH		 577
578 BT_DBG("%s", hdev->name);
579
504c8dcd 580 if (!hdev_is_powered(hdev))
7770c4aa
JH		 581 return 0;
582
a8b2d5c2 583 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
ef580372
JH		 584 return 0;
585
586 cod[0] = hdev->minor_class;
587 cod[1] = hdev->major_class;
588 cod[2] = get_service_classes(hdev);
589
590 if (memcmp(cod, hdev->dev_class, 3) == 0)
591 return 0;
592
c95f0ba7
JH		 593 err = hci_send_cmd(hdev, HCI_OP_WRITE_CLASS_OF_DEV, sizeof(cod), cod);
594 if (err == 0)
595 set_bit(HCI_PENDING_CLASS, &hdev->dev_flags);
596
597 return err;
ef580372
JH		 598}
599
7d78525d
JH		 600static void service_cache_off(struct work_struct *work)
601{
602 struct hci_dev *hdev = container_of(work, struct hci_dev,
04124681 603 service_cache.work);
7d78525d 604
a8b2d5c2 605 if (!test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
7d78525d
JH		 606 return;
607
608 hci_dev_lock(hdev);
609
610 update_eir(hdev);
611 update_class(hdev);
612
613 hci_dev_unlock(hdev);
614}
615
6a919082 616static void mgmt_init_hdev(struct sock *sk, struct hci_dev *hdev)
7d78525d 617{
4f87da80 618 if (test_and_set_bit(HCI_MGMT, &hdev->dev_flags))
6a919082
JH		 619 return;
620
4f87da80 621 INIT_DELAYED_WORK(&hdev->service_cache, service_cache_off);
7d78525d 622
4f87da80
JH		 623 /* Non-mgmt controlled devices get this bit set
624 * implicitly so that pairing works for them, however
625 * for mgmt we require user-space to explicitly enable
626 * it
627 */
628 clear_bit(HCI_PAIRABLE, &hdev->dev_flags);
7d78525d
JH		 629}
630
0f4e68cf 631static int read_controller_info(struct sock *sk, struct hci_dev *hdev,
04124681 632 void *data, u16 data_len)
0381101f 633{
a38528f1 634 struct mgmt_rp_read_info rp;
f7b64e69 635
bdb6d971 636 BT_DBG("sock %p %s", sk, hdev->name);
f7b64e69 637
09fd0de5 638 hci_dev_lock(hdev);
f7b64e69 639
dc4fe30b
JH		 640 memset(&rp, 0, sizeof(rp));
641
69ab39ea 642 bacpy(&rp.bdaddr, &hdev->bdaddr);
f7b64e69 643
69ab39ea 644 rp.version = hdev->hci_ver;
f7b64e69 645
69ab39ea
JH		 646 put_unaligned_le16(hdev->manufacturer, &rp.manufacturer);
647
648 rp.supported_settings = cpu_to_le32(get_supported_settings(hdev));
649 rp.current_settings = cpu_to_le32(get_current_settings(hdev));
f7b64e69 650
a38528f1 651 memcpy(rp.dev_class, hdev->dev_class, 3);
f7b64e69 652
dc4fe30b 653 memcpy(rp.name, hdev->dev_name, sizeof(hdev->dev_name));
27fcc362 654 memcpy(rp.short_name, hdev->short_name, sizeof(hdev->short_name));
dc4fe30b 655
09fd0de5 656 hci_dev_unlock(hdev);
0381101f 657
bdb6d971 658 return cmd_complete(sk, hdev->id, MGMT_OP_READ_INFO, 0, &rp,
04124681 659 sizeof(rp));
0381101f
JH		 660}
661
eec8d2bc
JH		 662static void mgmt_pending_free(struct pending_cmd *cmd)
663{
664 sock_put(cmd->sk);
c68fb7ff 665 kfree(cmd->param);
eec8d2bc
JH		 666 kfree(cmd);
667}
668
366a0336 669static struct pending_cmd *mgmt_pending_add(struct sock *sk, u16 opcode,
04124681
GP		 670 struct hci_dev *hdev, void *data,
671 u16 len)
eec8d2bc
JH		 672{
673 struct pending_cmd *cmd;
674
675 cmd = kmalloc(sizeof(*cmd), GFP_ATOMIC);
676 if (!cmd)
366a0336 677 return NULL;
eec8d2bc
JH		 678
679 cmd->opcode = opcode;
2e58ef3e 680 cmd->index = hdev->id;
eec8d2bc 681
c68fb7ff
SJ		 682 cmd->param = kmalloc(len, GFP_ATOMIC);
683 if (!cmd->param) {
eec8d2bc 684 kfree(cmd);
366a0336 685 return NULL;
eec8d2bc
JH		 686 }
687
8fce6357
SJ		 688 if (data)
689 memcpy(cmd->param, data, len);
eec8d2bc
JH		 690
691 cmd->sk = sk;
692 sock_hold(sk);
693
2e58ef3e 694 list_add(&cmd->list, &hdev->mgmt_pending);
eec8d2bc 695
366a0336 696 return cmd;
eec8d2bc
JH		 697}
698
744cf19e 699static void mgmt_pending_foreach(u16 opcode, struct hci_dev *hdev,
04124681
GP		 700 void (*cb)(struct pending_cmd *cmd, void *data),
701 void *data)
eec8d2bc
JH		 702{
703 struct list_head *p, *n;
704
2e58ef3e 705 list_for_each_safe(p, n, &hdev->mgmt_pending) {
eec8d2bc
JH		 706 struct pending_cmd *cmd;
707
708 cmd = list_entry(p, struct pending_cmd, list);
709
b24752fe 710 if (opcode > 0 && cmd->opcode != opcode)
eec8d2bc
JH		 711 continue;
712
eec8d2bc
JH		 713 cb(cmd, data);
714 }
715}
716
2e58ef3e 717static struct pending_cmd *mgmt_pending_find(u16 opcode, struct hci_dev *hdev)
eec8d2bc 718{
8035ded4 719 struct pending_cmd *cmd;
eec8d2bc 720
2e58ef3e 721 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
2aeabcbe
JH		 722 if (cmd->opcode == opcode)
723 return cmd;
eec8d2bc
JH		 724 }
725
726 return NULL;
727}
728
a664b5bc 729static void mgmt_pending_remove(struct pending_cmd *cmd)
73f22f62 730{
73f22f62
JH		 731 list_del(&cmd->list);
732 mgmt_pending_free(cmd);
733}
734
69ab39ea 735static int send_settings_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
8680570b 736{
69ab39ea 737 __le32 settings = cpu_to_le32(get_current_settings(hdev));
8680570b 738
aee9b218 739 return cmd_complete(sk, hdev->id, opcode, 0, &settings,
04124681 740 sizeof(settings));
8680570b
JH		 741}
742
bdb6d971 743static int set_powered(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 744 u16 len)
eec8d2bc 745{
650f726d 746 struct mgmt_mode *cp = data;
366a0336 747 struct pending_cmd *cmd;
4b34ee78 748 int err;
eec8d2bc 749
bdb6d971 750 BT_DBG("request for %s", hdev->name);
eec8d2bc 751
09fd0de5 752 hci_dev_lock(hdev);
eec8d2bc 753
f0d4b78a
MH		 754 if (test_and_clear_bit(HCI_AUTO_OFF, &hdev->dev_flags)) {
755 cancel_delayed_work(&hdev->power_off);
756
757 if (cp->val) {
758 err = send_settings_rsp(sk, MGMT_OP_SET_POWERED, hdev);
759 mgmt_powered(hdev, 1);
760 goto failed;
761 }
762 }
763
4b34ee78 764 if (!!cp->val == hdev_is_powered(hdev)) {
69ab39ea 765 err = send_settings_rsp(sk, MGMT_OP_SET_POWERED, hdev);
eec8d2bc
JH		 766 goto failed;
767 }
768
2e58ef3e 769 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev)) {
bdb6d971 770 err = cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
04124681 771 MGMT_STATUS_BUSY);
eec8d2bc
JH		 772 goto failed;
773 }
774
2e58ef3e 775 cmd = mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev, data, len);
366a0336
JH		 776 if (!cmd) {
777 err = -ENOMEM;
eec8d2bc 778 goto failed;
366a0336 779 }
eec8d2bc 780
72a734ec 781 if (cp->val)
7f971041 782 schedule_work(&hdev->power_on);
eec8d2bc 783 else
80b7ab33 784 schedule_work(&hdev->power_off.work);
eec8d2bc 785
366a0336 786 err = 0;
eec8d2bc
JH		 787
788failed:
09fd0de5 789 hci_dev_unlock(hdev);
366a0336 790 return err;
eec8d2bc
JH		 791}
792
04124681
GP		 793static int mgmt_event(u16 event, struct hci_dev *hdev, void *data, u16 data_len,
794 struct sock *skip_sk)
beadb2bd
JH		 795{
796 struct sk_buff *skb;
797 struct mgmt_hdr *hdr;
798
799 skb = alloc_skb(sizeof(*hdr) + data_len, GFP_ATOMIC);
800 if (!skb)
801 return -ENOMEM;
802
803 hdr = (void *) skb_put(skb, sizeof(*hdr));
804 hdr->opcode = cpu_to_le16(event);
805 if (hdev)
806 hdr->index = cpu_to_le16(hdev->id);
807 else
808 hdr->index = cpu_to_le16(MGMT_INDEX_NONE);
809 hdr->len = cpu_to_le16(data_len);
810
811 if (data)
812 memcpy(skb_put(skb, data_len), data, data_len);
813
97e0bdeb
MH		 814 /* Time stamp */
815 __net_timestamp(skb);
816
beadb2bd
JH		 817 hci_send_to_control(skb, skip_sk);
818 kfree_skb(skb);
819
820 return 0;
821}
822
823static int new_settings(struct hci_dev *hdev, struct sock *skip)
824{
825 __le32 ev;
826
827 ev = cpu_to_le32(get_current_settings(hdev));
828
829 return mgmt_event(MGMT_EV_NEW_SETTINGS, hdev, &ev, sizeof(ev), skip);
830}
831
bdb6d971 832static int set_discoverable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 833 u16 len)
73f22f62 834{
650f726d 835 struct mgmt_cp_set_discoverable *cp = data;
366a0336 836 struct pending_cmd *cmd;
5e5282bb 837 u16 timeout;
73f22f62
JH		 838 u8 scan;
839 int err;
840
bdb6d971 841 BT_DBG("request for %s", hdev->name);
73f22f62 842
24c54a90
MH		 843 timeout = get_unaligned_le16(&cp->timeout);
844 if (!cp->val && timeout > 0)
bdb6d971 845 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 846 MGMT_STATUS_INVALID_PARAMS);
73f22f62 847
09fd0de5 848 hci_dev_lock(hdev);
73f22f62 849
5e5282bb 850 if (!hdev_is_powered(hdev) && timeout > 0) {
bdb6d971 851 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 852 MGMT_STATUS_NOT_POWERED);
73f22f62
JH		 853 goto failed;
854 }
855
2e58ef3e
JH		 856 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
857 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
bdb6d971 858 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 859 MGMT_STATUS_BUSY);
73f22f62
JH		 860 goto failed;
861 }
862
5e5282bb 863 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags)) {
bdb6d971 864 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 865 MGMT_STATUS_REJECTED);
5e5282bb
JH		 866 goto failed;
867 }
868
869 if (!hdev_is_powered(hdev)) {
0224d2fa
JH		 870 bool changed = false;
871
872 if (!!cp->val != test_bit(HCI_DISCOVERABLE, &hdev->dev_flags)) {
873 change_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
874 changed = true;
875 }
876
5e5282bb 877 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
0224d2fa
JH		 878 if (err < 0)
879 goto failed;
880
881 if (changed)
882 err = new_settings(hdev, sk);
883
5e5282bb
JH		 884 goto failed;
885 }
886
887 if (!!cp->val == test_bit(HCI_DISCOVERABLE, &hdev->dev_flags)) {
955638ec
MH		 888 if (hdev->discov_timeout > 0) {
889 cancel_delayed_work(&hdev->discov_off);
890 hdev->discov_timeout = 0;
891 }
892
893 if (cp->val && timeout > 0) {
894 hdev->discov_timeout = timeout;
895 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
896 msecs_to_jiffies(hdev->discov_timeout * 1000));
897 }
898
69ab39ea 899 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
73f22f62
JH		 900 goto failed;
901 }
902
2e58ef3e 903 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DISCOVERABLE, hdev, data, len);
366a0336
JH		 904 if (!cmd) {
905 err = -ENOMEM;
73f22f62 906 goto failed;
366a0336 907 }
73f22f62
JH		 908
909 scan = SCAN_PAGE;
910
72a734ec 911 if (cp->val)
73f22f62 912 scan |= SCAN_INQUIRY;
16ab91ab 913 else
e0f9309f 914 cancel_delayed_work(&hdev->discov_off);
73f22f62
JH		 915
916 err = hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
917 if (err < 0)
a664b5bc 918 mgmt_pending_remove(cmd);
73f22f62 919
16ab91ab 920 if (cp->val)
5e5282bb 921 hdev->discov_timeout = timeout;
16ab91ab 922
73f22f62 923failed:
09fd0de5 924 hci_dev_unlock(hdev);
73f22f62
JH		 925 return err;
926}
927
bdb6d971 928static int set_connectable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 929 u16 len)
9fbcbb45 930{
650f726d 931 struct mgmt_mode *cp = data;
366a0336 932 struct pending_cmd *cmd;
9fbcbb45
JH		 933 u8 scan;
934 int err;
935
bdb6d971 936 BT_DBG("request for %s", hdev->name);
9fbcbb45 937
09fd0de5 938 hci_dev_lock(hdev);
9fbcbb45 939
4b34ee78 940 if (!hdev_is_powered(hdev)) {
0224d2fa
JH		 941 bool changed = false;
942
943 if (!!cp->val != test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
944 changed = true;
945
6bf0e469 946 if (cp->val) {
5e5282bb 947 set_bit(HCI_CONNECTABLE, &hdev->dev_flags);
6bf0e469 948 } else {
5e5282bb
JH		 949 clear_bit(HCI_CONNECTABLE, &hdev->dev_flags);
950 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
951 }
0224d2fa 952
5e5282bb 953 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
0224d2fa
JH		 954 if (err < 0)
955 goto failed;
956
957 if (changed)
958 err = new_settings(hdev, sk);
959
9fbcbb45
JH		 960 goto failed;
961 }
962
2e58ef3e
JH		 963 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
964 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
bdb6d971 965 err = cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
04124681 966 MGMT_STATUS_BUSY);
9fbcbb45
JH		 967 goto failed;
968 }
969
5e5282bb 970 if (!!cp->val == test_bit(HCI_PSCAN, &hdev->flags)) {
69ab39ea 971 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
9fbcbb45
JH		 972 goto failed;
973 }
974
2e58ef3e 975 cmd = mgmt_pending_add(sk, MGMT_OP_SET_CONNECTABLE, hdev, data, len);
366a0336
JH		 976 if (!cmd) {
977 err = -ENOMEM;
9fbcbb45 978 goto failed;
366a0336 979 }
9fbcbb45 980
6bf0e469 981 if (cp->val) {
9fbcbb45 982 scan = SCAN_PAGE;
6bf0e469 983 } else {
9fbcbb45
JH		 984 scan = 0;
985
df2c6c5e
JH		 986 if (test_bit(HCI_ISCAN, &hdev->flags) &&
987 hdev->discov_timeout > 0)
988 cancel_delayed_work(&hdev->discov_off);
989 }
990
9fbcbb45
JH		 991 err = hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
992 if (err < 0)
a664b5bc 993 mgmt_pending_remove(cmd);
9fbcbb45
JH		 994
995failed:
09fd0de5 996 hci_dev_unlock(hdev);
9fbcbb45
JH		 997 return err;
998}
999
bdb6d971 1000static int set_pairable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1001 u16 len)
c542a06c 1002{
650f726d 1003 struct mgmt_mode *cp = data;
c542a06c
JH		 1004 int err;
1005
bdb6d971 1006 BT_DBG("request for %s", hdev->name);
c542a06c 1007
09fd0de5 1008 hci_dev_lock(hdev);
c542a06c
JH		 1009
1010 if (cp->val)
a8b2d5c2 1011 set_bit(HCI_PAIRABLE, &hdev->dev_flags);
c542a06c 1012 else
a8b2d5c2 1013 clear_bit(HCI_PAIRABLE, &hdev->dev_flags);
c542a06c 1014
69ab39ea 1015 err = send_settings_rsp(sk, MGMT_OP_SET_PAIRABLE, hdev);
c542a06c
JH		 1016 if (err < 0)
1017 goto failed;
1018
beadb2bd 1019 err = new_settings(hdev, sk);
c542a06c
JH		 1020
1021failed:
09fd0de5 1022 hci_dev_unlock(hdev);
c542a06c
JH		 1023 return err;
1024}
1025
04124681
GP		 1026static int set_link_security(struct sock *sk, struct hci_dev *hdev, void *data,
1027 u16 len)
33ef95ed
JH		 1028{
1029 struct mgmt_mode *cp = data;
1030 struct pending_cmd *cmd;
816a11d5 1031 u8 val;
33ef95ed
JH		 1032 int err;
1033
bdb6d971 1034 BT_DBG("request for %s", hdev->name);
33ef95ed 1035
33ef95ed
JH		 1036 hci_dev_lock(hdev);
1037
4b34ee78 1038 if (!hdev_is_powered(hdev)) {
47990ea0
JH		 1039 bool changed = false;
1040
1041 if (!!cp->val != test_bit(HCI_LINK_SECURITY,
1042 &hdev->dev_flags)) {
1043 change_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
1044 changed = true;
1045 }
1046
1047 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1048 if (err < 0)
1049 goto failed;
1050
1051 if (changed)
1052 err = new_settings(hdev, sk);
1053
33ef95ed
JH		 1054 goto failed;
1055 }
1056
1057 if (mgmt_pending_find(MGMT_OP_SET_LINK_SECURITY, hdev)) {
bdb6d971 1058 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
04124681 1059 MGMT_STATUS_BUSY);
33ef95ed
JH		 1060 goto failed;
1061 }
1062
1063 val = !!cp->val;
1064
1065 if (test_bit(HCI_AUTH, &hdev->flags) == val) {
1066 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1067 goto failed;
1068 }
1069
1070 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LINK_SECURITY, hdev, data, len);
1071 if (!cmd) {
1072 err = -ENOMEM;
1073 goto failed;
1074 }
1075
1076 err = hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE, sizeof(val), &val);
1077 if (err < 0) {
1078 mgmt_pending_remove(cmd);
1079 goto failed;
1080 }
1081
1082failed:
1083 hci_dev_unlock(hdev);
33ef95ed
JH		 1084 return err;
1085}
1086
bdb6d971 1087static int set_ssp(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
ed2c4ee3
JH		 1088{
1089 struct mgmt_mode *cp = data;
1090 struct pending_cmd *cmd;
816a11d5 1091 u8 val;
ed2c4ee3
JH		 1092 int err;
1093
bdb6d971 1094 BT_DBG("request for %s", hdev->name);
ed2c4ee3 1095
ed2c4ee3
JH		 1096 hci_dev_lock(hdev);
1097
6c8f12c1 1098 if (!(hdev->features[6] & LMP_SIMPLE_PAIR)) {
bdb6d971 1099 err = cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
04124681 1100 MGMT_STATUS_NOT_SUPPORTED);
6c8f12c1
JH		 1101 goto failed;
1102 }
1103
c0ecddc2
JH		 1104 val = !!cp->val;
1105
4b34ee78 1106 if (!hdev_is_powered(hdev)) {
c0ecddc2
JH		 1107 bool changed = false;
1108
1109 if (val != test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) {
1110 change_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
1111 changed = true;
1112 }
1113
1114 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1115 if (err < 0)
1116 goto failed;
1117
1118 if (changed)
1119 err = new_settings(hdev, sk);
1120
ed2c4ee3
JH		 1121 goto failed;
1122 }
1123
1124 if (mgmt_pending_find(MGMT_OP_SET_SSP, hdev)) {
04124681
GP		 1125 err = cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1126 MGMT_STATUS_BUSY);
ed2c4ee3
JH		 1127 goto failed;
1128 }
1129
ed2c4ee3
JH		 1130 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags) == val) {
1131 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1132 goto failed;
1133 }
1134
1135 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SSP, hdev, data, len);
1136 if (!cmd) {
1137 err = -ENOMEM;
1138 goto failed;
1139 }
1140
1141 err = hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, sizeof(val), &val);
1142 if (err < 0) {
1143 mgmt_pending_remove(cmd);
1144 goto failed;
1145 }
1146
1147failed:
1148 hci_dev_unlock(hdev);
ed2c4ee3
JH		 1149 return err;
1150}
1151
bdb6d971 1152static int set_hs(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
6d80dfd0
JH		 1153{
1154 struct mgmt_mode *cp = data;
6d80dfd0 1155
bdb6d971 1156 BT_DBG("request for %s", hdev->name);
6d80dfd0 1157
bdb6d971
JH		 1158 if (!enable_hs)
1159 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
04124681 1160 MGMT_STATUS_NOT_SUPPORTED);
6d80dfd0
JH		 1161
1162 if (cp->val)
1163 set_bit(HCI_HS_ENABLED, &hdev->dev_flags);
1164 else
1165 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
1166
bdb6d971 1167 return send_settings_rsp(sk, MGMT_OP_SET_HS, hdev);
6d80dfd0
JH		 1168}
1169
bdb6d971 1170static int set_le(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
06199cf8
JH		 1171{
1172 struct mgmt_mode *cp = data;
1173 struct hci_cp_write_le_host_supported hci_cp;
1174 struct pending_cmd *cmd;
06199cf8 1175 int err;
0b60eba1 1176 u8 val, enabled;
06199cf8 1177
bdb6d971 1178 BT_DBG("request for %s", hdev->name);
06199cf8 1179
1de028ce
JH		 1180 hci_dev_lock(hdev);
1181
06199cf8 1182 if (!enable_le || !(hdev->features[4] & LMP_LE)) {
bdb6d971 1183 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
04124681 1184 MGMT_STATUS_NOT_SUPPORTED);
1de028ce 1185 goto unlock;
06199cf8
JH		 1186 }
1187
1188 val = !!cp->val;
0b60eba1 1189 enabled = !!(hdev->host_features[0] & LMP_HOST_LE);
06199cf8 1190
0b60eba1 1191 if (!hdev_is_powered(hdev) || val == enabled) {
06199cf8
JH		 1192 bool changed = false;
1193
1194 if (val != test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
1195 change_bit(HCI_LE_ENABLED, &hdev->dev_flags);
1196 changed = true;
1197 }
1198
1199 err = send_settings_rsp(sk, MGMT_OP_SET_LE, hdev);
1200 if (err < 0)
1de028ce 1201 goto unlock;
06199cf8
JH		 1202
1203 if (changed)
1204 err = new_settings(hdev, sk);
1205
1de028ce 1206 goto unlock;
06199cf8
JH		 1207 }
1208
1209 if (mgmt_pending_find(MGMT_OP_SET_LE, hdev)) {
bdb6d971 1210 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
04124681 1211 MGMT_STATUS_BUSY);
1de028ce 1212 goto unlock;
06199cf8
JH		 1213 }
1214
1215 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LE, hdev, data, len);
1216 if (!cmd) {
1217 err = -ENOMEM;
1de028ce 1218 goto unlock;
06199cf8
JH		 1219 }
1220
1221 memset(&hci_cp, 0, sizeof(hci_cp));
1222
1223 if (val) {
1224 hci_cp.le = val;
1225 hci_cp.simul = !!(hdev->features[6] & LMP_SIMUL_LE_BR);
1226 }
1227
04124681
GP		 1228 err = hci_send_cmd(hdev, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(hci_cp),
1229 &hci_cp);
06199cf8
JH		 1230 if (err < 0) {
1231 mgmt_pending_remove(cmd);
1de028ce 1232 goto unlock;
06199cf8
JH		 1233 }
1234
1de028ce
JH		 1235unlock:
1236 hci_dev_unlock(hdev);
06199cf8
JH		 1237 return err;
1238}
1239
bdb6d971 1240static int add_uuid(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
2aeb9a1a 1241{
650f726d 1242 struct mgmt_cp_add_uuid *cp = data;
90e70454 1243 struct pending_cmd *cmd;
2aeb9a1a 1244 struct bt_uuid *uuid;
2aeb9a1a
JH		 1245 int err;
1246
bdb6d971 1247 BT_DBG("request for %s", hdev->name);
2aeb9a1a 1248
09fd0de5 1249 hci_dev_lock(hdev);
2aeb9a1a 1250
c95f0ba7 1251 if (test_bit(HCI_PENDING_CLASS, &hdev->dev_flags)) {
bdb6d971 1252 err = cmd_status(sk, hdev->id, MGMT_OP_ADD_UUID,
04124681 1253 MGMT_STATUS_BUSY);
c95f0ba7
JH		 1254 goto failed;
1255 }
1256
2aeb9a1a
JH		 1257 uuid = kmalloc(sizeof(*uuid), GFP_ATOMIC);
1258 if (!uuid) {
1259 err = -ENOMEM;
1260 goto failed;
1261 }
1262
1263 memcpy(uuid->uuid, cp->uuid, 16);
1aff6f09 1264 uuid->svc_hint = cp->svc_hint;
2aeb9a1a
JH		 1265
1266 list_add(&uuid->list, &hdev->uuids);
1267
1aff6f09
JH		 1268 err = update_class(hdev);
1269 if (err < 0)
1270 goto failed;
1271
80a1e1db
JH		 1272 err = update_eir(hdev);
1273 if (err < 0)
1274 goto failed;
1275
90e70454 1276 if (!test_bit(HCI_PENDING_CLASS, &hdev->dev_flags)) {
bdb6d971 1277 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_UUID, 0,
04124681 1278 hdev->dev_class, 3);
90e70454
JH		 1279 goto failed;
1280 }
1281
1282 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_UUID, hdev, data, len);
1283 if (!cmd) {
1284 err = -ENOMEM;
1285 goto failed;
1286 }
2aeb9a1a
JH		 1287
1288failed:
09fd0de5 1289 hci_dev_unlock(hdev);
2aeb9a1a
JH		 1290 return err;
1291}
1292
24b78d0f
JH		 1293static bool enable_service_cache(struct hci_dev *hdev)
1294{
1295 if (!hdev_is_powered(hdev))
1296 return false;
1297
1298 if (!test_and_set_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
17b02e62 1299 schedule_delayed_work(&hdev->service_cache, CACHE_TIMEOUT);
24b78d0f
JH		 1300 return true;
1301 }
1302
1303 return false;
1304}
1305
bdb6d971
JH		 1306static int remove_uuid(struct sock *sk, struct hci_dev *hdev, void *data,
1307 u16 len)
2aeb9a1a 1308{
650f726d 1309 struct mgmt_cp_remove_uuid *cp = data;
90e70454 1310 struct pending_cmd *cmd;
2aeb9a1a 1311 struct list_head *p, *n;
2aeb9a1a 1312 u8 bt_uuid_any[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
2aeb9a1a
JH		 1313 int err, found;
1314
bdb6d971 1315 BT_DBG("request for %s", hdev->name);
2aeb9a1a 1316
09fd0de5 1317 hci_dev_lock(hdev);
2aeb9a1a 1318
c95f0ba7 1319 if (test_bit(HCI_PENDING_CLASS, &hdev->dev_flags)) {
bdb6d971 1320 err = cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
04124681 1321 MGMT_STATUS_BUSY);
c95f0ba7
JH		 1322 goto unlock;
1323 }
1324
2aeb9a1a
JH		 1325 if (memcmp(cp->uuid, bt_uuid_any, 16) == 0) {
1326 err = hci_uuids_clear(hdev);
4004b6d9 1327
24b78d0f 1328 if (enable_service_cache(hdev)) {
bdb6d971 1329 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID,
04124681 1330 0, hdev->dev_class, 3);
24b78d0f
JH		 1331 goto unlock;
1332 }
4004b6d9 1333
9246a869 1334 goto update_class;
2aeb9a1a
JH		 1335 }
1336
1337 found = 0;
1338
1339 list_for_each_safe(p, n, &hdev->uuids) {
1340 struct bt_uuid *match = list_entry(p, struct bt_uuid, list);
1341
1342 if (memcmp(match->uuid, cp->uuid, 16) != 0)
1343 continue;
1344
1345 list_del(&match->list);
1346 found++;
1347 }
1348
1349 if (found == 0) {
bdb6d971 1350 err = cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
04124681 1351 MGMT_STATUS_INVALID_PARAMS);
2aeb9a1a
JH		 1352 goto unlock;
1353 }
1354
9246a869 1355update_class:
1aff6f09
JH		 1356 err = update_class(hdev);
1357 if (err < 0)
1358 goto unlock;
1359
80a1e1db
JH		 1360 err = update_eir(hdev);
1361 if (err < 0)
1362 goto unlock;
1363
90e70454 1364 if (!test_bit(HCI_PENDING_CLASS, &hdev->dev_flags)) {
bdb6d971 1365 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID, 0,
04124681 1366 hdev->dev_class, 3);
90e70454
JH		 1367 goto unlock;
1368 }
1369
1370 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_UUID, hdev, data, len);
1371 if (!cmd) {
1372 err = -ENOMEM;
1373 goto unlock;
1374 }
2aeb9a1a
JH		 1375
1376unlock:
09fd0de5 1377 hci_dev_unlock(hdev);
2aeb9a1a
JH		 1378 return err;
1379}
1380
bdb6d971 1381static int set_dev_class(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1382 u16 len)
1aff6f09 1383{
650f726d 1384 struct mgmt_cp_set_dev_class *cp = data;
90e70454 1385 struct pending_cmd *cmd;
1aff6f09
JH		 1386 int err;
1387
bdb6d971 1388 BT_DBG("request for %s", hdev->name);
1aff6f09 1389
09fd0de5 1390 hci_dev_lock(hdev);
1aff6f09 1391
c95f0ba7 1392 if (test_bit(HCI_PENDING_CLASS, &hdev->dev_flags)) {
bdb6d971 1393 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
04124681 1394 MGMT_STATUS_BUSY);
c95f0ba7
JH		 1395 goto unlock;
1396 }
1397
932f5ff5
JH		 1398 hdev->major_class = cp->major;
1399 hdev->minor_class = cp->minor;
1400
b5235a65 1401 if (!hdev_is_powered(hdev)) {
bdb6d971 1402 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
04124681 1403 hdev->dev_class, 3);
b5235a65
JH		 1404 goto unlock;
1405 }
1406
a8b2d5c2 1407 if (test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
7d78525d
JH		 1408 hci_dev_unlock(hdev);
1409 cancel_delayed_work_sync(&hdev->service_cache);
1410 hci_dev_lock(hdev);
14c0b608 1411 update_eir(hdev);
7d78525d 1412 }
14c0b608 1413
1aff6f09 1414 err = update_class(hdev);
90e70454
JH		 1415 if (err < 0)
1416 goto unlock;
1aff6f09 1417
90e70454 1418 if (!test_bit(HCI_PENDING_CLASS, &hdev->dev_flags)) {
bdb6d971 1419 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
04124681 1420 hdev->dev_class, 3);
90e70454
JH		 1421 goto unlock;
1422 }
1423
1424 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DEV_CLASS, hdev, data, len);
1425 if (!cmd) {
1426 err = -ENOMEM;
1427 goto unlock;
1428 }
1aff6f09 1429
b5235a65 1430unlock:
09fd0de5 1431 hci_dev_unlock(hdev);
1aff6f09
JH		 1432 return err;
1433}
1434
bdb6d971
JH		 1435static int load_link_keys(struct sock *sk, struct hci_dev *hdev, void *data,
1436 u16 len)
55ed8ca1 1437{
650f726d 1438 struct mgmt_cp_load_link_keys *cp = data;
4e51eae9 1439 u16 key_count, expected_len;
a492cd52 1440 int i;
55ed8ca1 1441
55ed8ca1
JH		 1442 key_count = get_unaligned_le16(&cp->key_count);
1443
86742e1e
JH		 1444 expected_len = sizeof(*cp) + key_count *
1445 sizeof(struct mgmt_link_key_info);
a492cd52 1446 if (expected_len != len) {
86742e1e 1447 BT_ERR("load_link_keys: expected %u bytes, got %u bytes",
a492cd52 1448 len, expected_len);
bdb6d971 1449 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
04124681 1450 MGMT_STATUS_INVALID_PARAMS);
55ed8ca1
JH		 1451 }
1452
bdb6d971 1453 BT_DBG("%s debug_keys %u key_count %u", hdev->name, cp->debug_keys,
55ed8ca1
JH		 1454 key_count);
1455
09fd0de5 1456 hci_dev_lock(hdev);
55ed8ca1
JH		 1457
1458 hci_link_keys_clear(hdev);
1459
a8b2d5c2 1460 set_bit(HCI_LINK_KEYS, &hdev->dev_flags);
55ed8ca1
JH		 1461
1462 if (cp->debug_keys)
a8b2d5c2 1463 set_bit(HCI_DEBUG_KEYS, &hdev->dev_flags);
55ed8ca1 1464 else
a8b2d5c2 1465 clear_bit(HCI_DEBUG_KEYS, &hdev->dev_flags);
55ed8ca1 1466
a492cd52 1467 for (i = 0; i < key_count; i++) {
86742e1e 1468 struct mgmt_link_key_info *key = &cp->keys[i];
55ed8ca1 1469
d753fdc4 1470 hci_add_link_key(hdev, NULL, 0, &key->addr.bdaddr, key->val,
04124681 1471 key->type, key->pin_len);
55ed8ca1
JH		 1472 }
1473
bdb6d971 1474 cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS, 0, NULL, 0);
0e5f875a 1475
09fd0de5 1476 hci_dev_unlock(hdev);
55ed8ca1 1477
a492cd52 1478 return 0;
55ed8ca1
JH		 1479}
1480
b1078ad0 1481static int device_unpaired(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 1482 u8 addr_type, struct sock *skip_sk)
b1078ad0
JH		 1483{
1484 struct mgmt_ev_device_unpaired ev;
1485
1486 bacpy(&ev.addr.bdaddr, bdaddr);
1487 ev.addr.type = addr_type;
1488
1489 return mgmt_event(MGMT_EV_DEVICE_UNPAIRED, hdev, &ev, sizeof(ev),
04124681 1490 skip_sk);
b1078ad0
JH		 1491}
1492
bdb6d971 1493static int unpair_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1494 u16 len)
55ed8ca1 1495{
124f6e35
JH		 1496 struct mgmt_cp_unpair_device *cp = data;
1497 struct mgmt_rp_unpair_device rp;
a8a1d19e
JH		 1498 struct hci_cp_disconnect dc;
1499 struct pending_cmd *cmd;
55ed8ca1 1500 struct hci_conn *conn;
55ed8ca1
JH		 1501 int err;
1502
09fd0de5 1503 hci_dev_lock(hdev);
55ed8ca1 1504
a8a1d19e 1505 memset(&rp, 0, sizeof(rp));
124f6e35
JH		 1506 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
1507 rp.addr.type = cp->addr.type;
a8a1d19e 1508
86a8cfc6 1509 if (!hdev_is_powered(hdev)) {
bdb6d971 1510 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
04124681 1511 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
86a8cfc6
JH		 1512 goto unlock;
1513 }
1514
124f6e35
JH		 1515 if (cp->addr.type == MGMT_ADDR_BREDR)
1516 err = hci_remove_link_key(hdev, &cp->addr.bdaddr);
1517 else
1518 err = hci_remove_ltk(hdev, &cp->addr.bdaddr);
b0dbfb46 1519
55ed8ca1 1520 if (err < 0) {
bdb6d971 1521 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
04124681 1522 MGMT_STATUS_NOT_PAIRED, &rp, sizeof(rp));
55ed8ca1
JH		 1523 goto unlock;
1524 }
1525
86a8cfc6
JH		 1526 if (cp->disconnect) {
1527 if (cp->addr.type == MGMT_ADDR_BREDR)
1528 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
124f6e35 1529 &cp->addr.bdaddr);
86a8cfc6
JH		 1530 else
1531 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK,
124f6e35 1532 &cp->addr.bdaddr);
86a8cfc6
JH		 1533 } else {
1534 conn = NULL;
1535 }
124f6e35 1536
a8a1d19e 1537 if (!conn) {
bdb6d971 1538 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE, 0,
04124681 1539 &rp, sizeof(rp));
b1078ad0 1540 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, sk);
a8a1d19e
JH		 1541 goto unlock;
1542 }
55ed8ca1 1543
124f6e35 1544 cmd = mgmt_pending_add(sk, MGMT_OP_UNPAIR_DEVICE, hdev, cp,
04124681 1545 sizeof(*cp));
a8a1d19e
JH		 1546 if (!cmd) {
1547 err = -ENOMEM;
1548 goto unlock;
55ed8ca1
JH		 1549 }
1550
a8a1d19e
JH		 1551 put_unaligned_le16(conn->handle, &dc.handle);
1552 dc.reason = 0x13; /* Remote User Terminated Connection */
1553 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
1554 if (err < 0)
1555 mgmt_pending_remove(cmd);
1556
55ed8ca1 1557unlock:
09fd0de5 1558 hci_dev_unlock(hdev);
55ed8ca1
JH		 1559 return err;
1560}
1561
bdb6d971 1562static int disconnect(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1563 u16 len)
8962ee74 1564{
650f726d 1565 struct mgmt_cp_disconnect *cp = data;
8962ee74 1566 struct hci_cp_disconnect dc;
366a0336 1567 struct pending_cmd *cmd;
8962ee74 1568 struct hci_conn *conn;
8962ee74
JH		 1569 int err;
1570
1571 BT_DBG("");
1572
09fd0de5 1573 hci_dev_lock(hdev);
8962ee74
JH		 1574
1575 if (!test_bit(HCI_UP, &hdev->flags)) {
bdb6d971 1576 err = cmd_status(sk, hdev->id, MGMT_OP_DISCONNECT,
04124681 1577 MGMT_STATUS_NOT_POWERED);
8962ee74
JH		 1578 goto failed;
1579 }
1580
2e58ef3e 1581 if (mgmt_pending_find(MGMT_OP_DISCONNECT, hdev)) {
bdb6d971 1582 err = cmd_status(sk, hdev->id, MGMT_OP_DISCONNECT,
04124681 1583 MGMT_STATUS_BUSY);
8962ee74
JH		 1584 goto failed;
1585 }
1586
88c3df13
JH		 1587 if (cp->addr.type == MGMT_ADDR_BREDR)
1588 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->addr.bdaddr);
1589 else
1590 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
365227e5 1591
8962ee74 1592 if (!conn) {
bdb6d971 1593 err = cmd_status(sk, hdev->id, MGMT_OP_DISCONNECT,
04124681 1594 MGMT_STATUS_NOT_CONNECTED);
8962ee74
JH		 1595 goto failed;
1596 }
1597
2e58ef3e 1598 cmd = mgmt_pending_add(sk, MGMT_OP_DISCONNECT, hdev, data, len);
366a0336
JH		 1599 if (!cmd) {
1600 err = -ENOMEM;
8962ee74 1601 goto failed;
366a0336 1602 }
8962ee74
JH		 1603
1604 put_unaligned_le16(conn->handle, &dc.handle);
1605 dc.reason = 0x13; /* Remote User Terminated Connection */
1606
1607 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
1608 if (err < 0)
a664b5bc 1609 mgmt_pending_remove(cmd);
8962ee74
JH		 1610
1611failed:
09fd0de5 1612 hci_dev_unlock(hdev);
8962ee74
JH		 1613 return err;
1614}
1615
48264f06 1616static u8 link_to_mgmt(u8 link_type, u8 addr_type)
4c659c39
JH		 1617{
1618 switch (link_type) {
1619 case LE_LINK:
48264f06
JH		 1620 switch (addr_type) {
1621 case ADDR_LE_DEV_PUBLIC:
1622 return MGMT_ADDR_LE_PUBLIC;
1623 case ADDR_LE_DEV_RANDOM:
1624 return MGMT_ADDR_LE_RANDOM;
1625 default:
1626 return MGMT_ADDR_INVALID;
1627 }
4c659c39
JH		 1628 case ACL_LINK:
1629 return MGMT_ADDR_BREDR;
1630 default:
1631 return MGMT_ADDR_INVALID;
1632 }
1633}
1634
04124681
GP		 1635static int get_connections(struct sock *sk, struct hci_dev *hdev, void *data,
1636 u16 data_len)
2784eb41 1637{
2784eb41 1638 struct mgmt_rp_get_connections *rp;
8035ded4 1639 struct hci_conn *c;
a38528f1 1640 size_t rp_len;
60fc5fb6
JH		 1641 int err;
1642 u16 i;
2784eb41
JH		 1643
1644 BT_DBG("");
1645
09fd0de5 1646 hci_dev_lock(hdev);
2784eb41 1647
5f97c1df 1648 if (!hdev_is_powered(hdev)) {
bdb6d971 1649 err = cmd_status(sk, hdev->id, MGMT_OP_GET_CONNECTIONS,
04124681 1650 MGMT_STATUS_NOT_POWERED);
5f97c1df
JH		 1651 goto unlock;
1652 }
1653
60fc5fb6 1654 i = 0;
b644ba33
JH		 1655 list_for_each_entry(c, &hdev->conn_hash.list, list) {
1656 if (test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
60fc5fb6 1657 i++;
2784eb41
JH		 1658 }
1659
60fc5fb6 1660 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
a38528f1
JH		 1661 rp = kmalloc(rp_len, GFP_ATOMIC);
1662 if (!rp) {
2784eb41
JH		 1663 err = -ENOMEM;
1664 goto unlock;
1665 }
1666
2784eb41 1667 i = 0;
4c659c39 1668 list_for_each_entry(c, &hdev->conn_hash.list, list) {
b644ba33
JH		 1669 if (!test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
1670 continue;
4c659c39 1671 bacpy(&rp->addr[i].bdaddr, &c->dst);
48264f06 1672 rp->addr[i].type = link_to_mgmt(c->type, c->dst_type);
4c659c39
JH		 1673 if (rp->addr[i].type == MGMT_ADDR_INVALID)
1674 continue;
1675 i++;
1676 }
1677
60fc5fb6
JH		 1678 put_unaligned_le16(i, &rp->conn_count);
1679
4c659c39
JH		 1680 /* Recalculate length in case of filtered SCO connections, etc */
1681 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
2784eb41 1682
bdb6d971 1683 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CONNECTIONS, 0, rp,
04124681 1684 rp_len);
2784eb41 1685
a38528f1 1686 kfree(rp);
5f97c1df
JH		 1687
1688unlock:
09fd0de5 1689 hci_dev_unlock(hdev);
2784eb41
JH		 1690 return err;
1691}
1692
bdb6d971 1693static int send_pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 1694 struct mgmt_cp_pin_code_neg_reply *cp)
96d97a67
WR		 1695{
1696 struct pending_cmd *cmd;
1697 int err;
1698
2e58ef3e 1699 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_NEG_REPLY, hdev, cp,
04124681 1700 sizeof(*cp));
96d97a67
WR		 1701 if (!cmd)
1702 return -ENOMEM;
1703
d8457698 1704 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
04124681 1705 sizeof(cp->addr.bdaddr), &cp->addr.bdaddr);
96d97a67
WR		 1706 if (err < 0)
1707 mgmt_pending_remove(cmd);
1708
1709 return err;
1710}
1711
bdb6d971 1712static int pin_code_reply(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1713 u16 len)
980e1a53 1714{
96d97a67 1715 struct hci_conn *conn;
650f726d 1716 struct mgmt_cp_pin_code_reply *cp = data;
980e1a53 1717 struct hci_cp_pin_code_reply reply;
366a0336 1718 struct pending_cmd *cmd;
980e1a53
JH		 1719 int err;
1720
1721 BT_DBG("");
1722
09fd0de5 1723 hci_dev_lock(hdev);
980e1a53 1724
4b34ee78 1725 if (!hdev_is_powered(hdev)) {
bdb6d971 1726 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
04124681 1727 MGMT_STATUS_NOT_POWERED);
980e1a53
JH		 1728 goto failed;
1729 }
1730
d8457698 1731 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->addr.bdaddr);
96d97a67 1732 if (!conn) {
bdb6d971 1733 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
04124681 1734 MGMT_STATUS_NOT_CONNECTED);
96d97a67
WR		 1735 goto failed;
1736 }
1737
1738 if (conn->pending_sec_level == BT_SECURITY_HIGH && cp->pin_len != 16) {
d8457698
JH		 1739 struct mgmt_cp_pin_code_neg_reply ncp;
1740
1741 memcpy(&ncp.addr, &cp->addr, sizeof(ncp.addr));
96d97a67
WR		 1742
1743 BT_ERR("PIN code is not 16 bytes long");
1744
bdb6d971 1745 err = send_pin_code_neg_reply(sk, hdev, &ncp);
96d97a67 1746 if (err >= 0)
bdb6d971 1747 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
04124681 1748 MGMT_STATUS_INVALID_PARAMS);
96d97a67
WR		 1749
1750 goto failed;
1751 }
1752
00abfe44 1753 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_REPLY, hdev, data, len);
366a0336
JH		 1754 if (!cmd) {
1755 err = -ENOMEM;
980e1a53 1756 goto failed;
366a0336 1757 }
980e1a53 1758
d8457698 1759 bacpy(&reply.bdaddr, &cp->addr.bdaddr);
980e1a53 1760 reply.pin_len = cp->pin_len;
24718ca5 1761 memcpy(reply.pin_code, cp->pin_code, sizeof(reply.pin_code));
980e1a53
JH		 1762
1763 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_REPLY, sizeof(reply), &reply);
1764 if (err < 0)
a664b5bc 1765 mgmt_pending_remove(cmd);
980e1a53
JH		 1766
1767failed:
09fd0de5 1768 hci_dev_unlock(hdev);
980e1a53
JH		 1769 return err;
1770}
1771
bdb6d971 1772static int pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 1773 void *data, u16 len)
980e1a53 1774{
650f726d 1775 struct mgmt_cp_pin_code_neg_reply *cp = data;
980e1a53
JH		 1776 int err;
1777
1778 BT_DBG("");
1779
09fd0de5 1780 hci_dev_lock(hdev);
980e1a53 1781
4b34ee78 1782 if (!hdev_is_powered(hdev)) {
bdb6d971 1783 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_NEG_REPLY,
04124681 1784 MGMT_STATUS_NOT_POWERED);
980e1a53
JH		 1785 goto failed;
1786 }
1787
bdb6d971 1788 err = send_pin_code_neg_reply(sk, hdev, cp);
980e1a53
JH		 1789
1790failed:
09fd0de5 1791 hci_dev_unlock(hdev);
980e1a53
JH		 1792 return err;
1793}
1794
04124681
GP		 1795static int set_io_capability(struct sock *sk, struct hci_dev *hdev, void *data,
1796 u16 len)
17fa4b9d 1797{
650f726d 1798 struct mgmt_cp_set_io_capability *cp = data;
17fa4b9d
JH		 1799
1800 BT_DBG("");
1801
09fd0de5 1802 hci_dev_lock(hdev);
17fa4b9d
JH		 1803
1804 hdev->io_capability = cp->io_capability;
1805
1806 BT_DBG("%s IO capability set to 0x%02x", hdev->name,
b8534e0f 1807 hdev->io_capability);
17fa4b9d 1808
09fd0de5 1809 hci_dev_unlock(hdev);
17fa4b9d 1810
04124681
GP		 1811 return cmd_complete(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY, 0, NULL,
1812 0);
17fa4b9d
JH		 1813}
1814
e9a416b5
JH		 1815static inline struct pending_cmd *find_pairing(struct hci_conn *conn)
1816{
1817 struct hci_dev *hdev = conn->hdev;
8035ded4 1818 struct pending_cmd *cmd;
e9a416b5 1819
2e58ef3e 1820 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
e9a416b5
JH		 1821 if (cmd->opcode != MGMT_OP_PAIR_DEVICE)
1822 continue;
1823
e9a416b5
JH		 1824 if (cmd->user_data != conn)
1825 continue;
1826
1827 return cmd;
1828 }
1829
1830 return NULL;
1831}
1832
1833static void pairing_complete(struct pending_cmd *cmd, u8 status)
1834{
1835 struct mgmt_rp_pair_device rp;
1836 struct hci_conn *conn = cmd->user_data;
1837
ba4e564f
JH		 1838 bacpy(&rp.addr.bdaddr, &conn->dst);
1839 rp.addr.type = link_to_mgmt(conn->type, conn->dst_type);
e9a416b5 1840
aee9b218 1841 cmd_complete(cmd->sk, cmd->index, MGMT_OP_PAIR_DEVICE, status,
04124681 1842 &rp, sizeof(rp));
e9a416b5
JH		 1843
1844 /* So we don't get further callbacks for this connection */
1845 conn->connect_cfm_cb = NULL;
1846 conn->security_cfm_cb = NULL;
1847 conn->disconn_cfm_cb = NULL;
1848
1849 hci_conn_put(conn);
1850
a664b5bc 1851 mgmt_pending_remove(cmd);
e9a416b5
JH		 1852}
1853
1854static void pairing_complete_cb(struct hci_conn *conn, u8 status)
1855{
1856 struct pending_cmd *cmd;
1857
1858 BT_DBG("status %u", status);
1859
1860 cmd = find_pairing(conn);
56e5cb86 1861 if (!cmd)
e9a416b5 1862 BT_DBG("Unable to find a pending command");
56e5cb86 1863 else
e211326c 1864 pairing_complete(cmd, mgmt_status(status));
e9a416b5
JH		 1865}
1866
bdb6d971 1867static int pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1868 u16 len)
e9a416b5 1869{
650f726d 1870 struct mgmt_cp_pair_device *cp = data;
1425acb7 1871 struct mgmt_rp_pair_device rp;
e9a416b5
JH		 1872 struct pending_cmd *cmd;
1873 u8 sec_level, auth_type;
1874 struct hci_conn *conn;
e9a416b5
JH		 1875 int err;
1876
1877 BT_DBG("");
1878
09fd0de5 1879 hci_dev_lock(hdev);
e9a416b5 1880
5f97c1df 1881 if (!hdev_is_powered(hdev)) {
bdb6d971 1882 err = cmd_status(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
04124681 1883 MGMT_STATUS_NOT_POWERED);
5f97c1df
JH		 1884 goto unlock;
1885 }
1886
c908df36
VCG		 1887 sec_level = BT_SECURITY_MEDIUM;
1888 if (cp->io_cap == 0x03)
e9a416b5 1889 auth_type = HCI_AT_DEDICATED_BONDING;
c908df36 1890 else
e9a416b5 1891 auth_type = HCI_AT_DEDICATED_BONDING_MITM;
e9a416b5 1892
ba4e564f
JH		 1893 if (cp->addr.type == MGMT_ADDR_BREDR)
1894 conn = hci_connect(hdev, ACL_LINK, &cp->addr.bdaddr, sec_level,
04124681 1895 auth_type);
7a512d01 1896 else
ba4e564f 1897 conn = hci_connect(hdev, LE_LINK, &cp->addr.bdaddr, sec_level,
04124681 1898 auth_type);
7a512d01 1899
1425acb7
JH		 1900 memset(&rp, 0, sizeof(rp));
1901 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
1902 rp.addr.type = cp->addr.type;
1903
30e76272 1904 if (IS_ERR(conn)) {
bdb6d971 1905 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
04124681
GP		 1906 MGMT_STATUS_CONNECT_FAILED, &rp,
1907 sizeof(rp));
e9a416b5
JH		 1908 goto unlock;
1909 }
1910
1911 if (conn->connect_cfm_cb) {
1912 hci_conn_put(conn);
bdb6d971 1913 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
04124681 1914 MGMT_STATUS_BUSY, &rp, sizeof(rp));
e9a416b5
JH		 1915 goto unlock;
1916 }
1917
2e58ef3e 1918 cmd = mgmt_pending_add(sk, MGMT_OP_PAIR_DEVICE, hdev, data, len);
e9a416b5
JH		 1919 if (!cmd) {
1920 err = -ENOMEM;
1921 hci_conn_put(conn);
1922 goto unlock;
1923 }
1924
7a512d01 1925 /* For LE, just connecting isn't a proof that the pairing finished */
ba4e564f 1926 if (cp->addr.type == MGMT_ADDR_BREDR)
7a512d01
VCG		 1927 conn->connect_cfm_cb = pairing_complete_cb;
1928
e9a416b5
JH		 1929 conn->security_cfm_cb = pairing_complete_cb;
1930 conn->disconn_cfm_cb = pairing_complete_cb;
1931 conn->io_capability = cp->io_cap;
1932 cmd->user_data = conn;
1933
1934 if (conn->state == BT_CONNECTED &&
1935 hci_conn_security(conn, sec_level, auth_type))
1936 pairing_complete(cmd, 0);
1937
1938 err = 0;
1939
1940unlock:
09fd0de5 1941 hci_dev_unlock(hdev);
e9a416b5
JH		 1942 return err;
1943}
1944
04124681
GP		 1945static int cancel_pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
1946 u16 len)
28424707 1947{
0f4e68cf 1948 struct mgmt_addr_info *addr = data;
28424707
JH		 1949 struct pending_cmd *cmd;
1950 struct hci_conn *conn;
1951 int err;
1952
1953 BT_DBG("");
1954
28424707
JH		 1955 hci_dev_lock(hdev);
1956
5f97c1df 1957 if (!hdev_is_powered(hdev)) {
bdb6d971 1958 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
04124681 1959 MGMT_STATUS_NOT_POWERED);
5f97c1df
JH		 1960 goto unlock;
1961 }
1962
28424707
JH		 1963 cmd = mgmt_pending_find(MGMT_OP_PAIR_DEVICE, hdev);
1964 if (!cmd) {
bdb6d971 1965 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
04124681 1966 MGMT_STATUS_INVALID_PARAMS);
28424707
JH		 1967 goto unlock;
1968 }
1969
1970 conn = cmd->user_data;
1971
1972 if (bacmp(&addr->bdaddr, &conn->dst) != 0) {
bdb6d971 1973 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
04124681 1974 MGMT_STATUS_INVALID_PARAMS);
28424707
JH		 1975 goto unlock;
1976 }
1977
1978 pairing_complete(cmd, MGMT_STATUS_CANCELLED);
1979
bdb6d971 1980 err = cmd_complete(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE, 0,
04124681 1981 addr, sizeof(*addr));
28424707
JH		 1982unlock:
1983 hci_dev_unlock(hdev);
28424707
JH		 1984 return err;
1985}
1986
bdb6d971 1987static int user_pairing_resp(struct sock *sk, struct hci_dev *hdev,
04124681
GP		 1988 bdaddr_t *bdaddr, u8 type, u16 mgmt_op,
1989 u16 hci_op, __le32 passkey)
a5c29683 1990{
a5c29683 1991 struct pending_cmd *cmd;
0df4c185 1992 struct hci_conn *conn;
a5c29683
JH		 1993 int err;
1994
09fd0de5 1995 hci_dev_lock(hdev);
08ba5382 1996
4b34ee78 1997 if (!hdev_is_powered(hdev)) {
bdb6d971 1998 err = cmd_status(sk, hdev->id, mgmt_op,
04124681 1999 MGMT_STATUS_NOT_POWERED);
0df4c185 2000 goto done;
a5c29683
JH		 2001 }
2002
272d90df
JH		 2003 if (type == MGMT_ADDR_BREDR)
2004 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, bdaddr);
2005 else
47c15e2b 2006 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, bdaddr);
272d90df
JH		 2007
2008 if (!conn) {
bdb6d971 2009 err = cmd_status(sk, hdev->id, mgmt_op,
04124681 2010 MGMT_STATUS_NOT_CONNECTED);
272d90df
JH		 2011 goto done;
2012 }
47c15e2b 2013
272d90df 2014 if (type == MGMT_ADDR_LE_PUBLIC || type == MGMT_ADDR_LE_RANDOM) {
47c15e2b 2015 /* Continue with pairing via SMP */
5fe57d9e
BG		 2016 err = smp_user_confirm_reply(conn, mgmt_op, passkey);
2017
2018 if (!err)
bdb6d971 2019 err = cmd_status(sk, hdev->id, mgmt_op,
04124681 2020 MGMT_STATUS_SUCCESS);
5fe57d9e 2021 else
bdb6d971 2022 err = cmd_status(sk, hdev->id, mgmt_op,
04124681 2023 MGMT_STATUS_FAILED);
47c15e2b 2024
47c15e2b
BG		 2025 goto done;
2026 }
2027
0df4c185 2028 cmd = mgmt_pending_add(sk, mgmt_op, hdev, bdaddr, sizeof(*bdaddr));
a5c29683
JH		 2029 if (!cmd) {
2030 err = -ENOMEM;
0df4c185 2031 goto done;
a5c29683
JH		 2032 }
2033
0df4c185 2034 /* Continue with pairing via HCI */
604086b7
BG		 2035 if (hci_op == HCI_OP_USER_PASSKEY_REPLY) {
2036 struct hci_cp_user_passkey_reply cp;
2037
2038 bacpy(&cp.bdaddr, bdaddr);
2039 cp.passkey = passkey;
2040 err = hci_send_cmd(hdev, hci_op, sizeof(cp), &cp);
2041 } else
2042 err = hci_send_cmd(hdev, hci_op, sizeof(*bdaddr), bdaddr);
2043
a664b5bc
JH		 2044 if (err < 0)
2045 mgmt_pending_remove(cmd);
a5c29683 2046
0df4c185 2047done:
09fd0de5 2048 hci_dev_unlock(hdev);
a5c29683
JH		 2049 return err;
2050}
2051
04124681
GP		 2052static int user_confirm_reply(struct sock *sk, struct hci_dev *hdev, void *data,
2053 u16 len)
0df4c185 2054{
650f726d 2055 struct mgmt_cp_user_confirm_reply *cp = data;
0df4c185
BG		 2056
2057 BT_DBG("");
2058
2059 if (len != sizeof(*cp))
bdb6d971 2060 return cmd_status(sk, hdev->id, MGMT_OP_USER_CONFIRM_REPLY,
04124681 2061 MGMT_STATUS_INVALID_PARAMS);
0df4c185 2062
bdb6d971 2063 return user_pairing_resp(sk, hdev, &cp->addr.bdaddr, cp->addr.type,
04124681
GP		 2064 MGMT_OP_USER_CONFIRM_REPLY,
2065 HCI_OP_USER_CONFIRM_REPLY, 0);
0df4c185
BG		 2066}
2067
bdb6d971 2068static int user_confirm_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 2069 void *data, u16 len)
0df4c185 2070{
c9c2659f 2071 struct mgmt_cp_user_confirm_neg_reply *cp = data;
0df4c185
BG		 2072
2073 BT_DBG("");
2074
bdb6d971 2075 return user_pairing_resp(sk, hdev, &cp->addr.bdaddr, cp->addr.type,
04124681
GP		 2076 MGMT_OP_USER_CONFIRM_NEG_REPLY,
2077 HCI_OP_USER_CONFIRM_NEG_REPLY, 0);
0df4c185
BG		 2078}
2079
04124681
GP		 2080static int user_passkey_reply(struct sock *sk, struct hci_dev *hdev, void *data,
2081 u16 len)
604086b7 2082{
650f726d 2083 struct mgmt_cp_user_passkey_reply *cp = data;
604086b7
BG		 2084
2085 BT_DBG("");
2086
bdb6d971 2087 return user_pairing_resp(sk, hdev, &cp->addr.bdaddr, cp->addr.type,
04124681
GP		 2088 MGMT_OP_USER_PASSKEY_REPLY,
2089 HCI_OP_USER_PASSKEY_REPLY, cp->passkey);
604086b7
BG		 2090}
2091
bdb6d971 2092static int user_passkey_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 2093 void *data, u16 len)
604086b7 2094{
650f726d 2095 struct mgmt_cp_user_passkey_neg_reply *cp = data;
604086b7
BG		 2096
2097 BT_DBG("");
2098
bdb6d971 2099 return user_pairing_resp(sk, hdev, &cp->addr.bdaddr, cp->addr.type,
04124681
GP		 2100 MGMT_OP_USER_PASSKEY_NEG_REPLY,
2101 HCI_OP_USER_PASSKEY_NEG_REPLY, 0);
604086b7
BG		 2102}
2103
2b4bf397
JH		 2104static int update_name(struct hci_dev *hdev, const char *name)
2105{
2106 struct hci_cp_write_local_name cp;
2107
2108 memcpy(cp.name, name, sizeof(cp.name));
2109
2110 return hci_send_cmd(hdev, HCI_OP_WRITE_LOCAL_NAME, sizeof(cp), &cp);
2111}
2112
bdb6d971 2113static int set_local_name(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2114 u16 len)
b312b161 2115{
2b4bf397 2116 struct mgmt_cp_set_local_name *cp = data;
b312b161
JH		 2117 struct pending_cmd *cmd;
2118 int err;
2119
2120 BT_DBG("");
2121
09fd0de5 2122 hci_dev_lock(hdev);
b312b161 2123
2b4bf397 2124 memcpy(hdev->short_name, cp->short_name, sizeof(hdev->short_name));
28cc7bde 2125
b5235a65 2126 if (!hdev_is_powered(hdev)) {
2b4bf397 2127 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
28cc7bde
JH		 2128
2129 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
04124681 2130 data, len);
28cc7bde
JH		 2131 if (err < 0)
2132 goto failed;
2133
2134 err = mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, data, len,
04124681 2135 sk);
28cc7bde 2136
b5235a65
JH		 2137 goto failed;
2138 }
2139
28cc7bde 2140 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LOCAL_NAME, hdev, data, len);
b312b161
JH		 2141 if (!cmd) {
2142 err = -ENOMEM;
2143 goto failed;
2144 }
2145
2b4bf397 2146 err = update_name(hdev, cp->name);
b312b161
JH		 2147 if (err < 0)
2148 mgmt_pending_remove(cmd);
2149
2150failed:
09fd0de5 2151 hci_dev_unlock(hdev);
b312b161
JH		 2152 return err;
2153}
2154
0f4e68cf 2155static int read_local_oob_data(struct sock *sk, struct hci_dev *hdev,
04124681 2156 void *data, u16 data_len)
c35938b2 2157{
c35938b2
SJ		 2158 struct pending_cmd *cmd;
2159 int err;
2160
bdb6d971 2161 BT_DBG("%s", hdev->name);
c35938b2 2162
09fd0de5 2163 hci_dev_lock(hdev);
c35938b2 2164
4b34ee78 2165 if (!hdev_is_powered(hdev)) {
bdb6d971 2166 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
04124681 2167 MGMT_STATUS_NOT_POWERED);
c35938b2
SJ		 2168 goto unlock;
2169 }
2170
2171 if (!(hdev->features[6] & LMP_SIMPLE_PAIR)) {
bdb6d971 2172 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
04124681 2173 MGMT_STATUS_NOT_SUPPORTED);
c35938b2
SJ		 2174 goto unlock;
2175 }
2176
2e58ef3e 2177 if (mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev)) {
bdb6d971 2178 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
04124681 2179 MGMT_STATUS_BUSY);
c35938b2
SJ		 2180 goto unlock;
2181 }
2182
2e58ef3e 2183 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_DATA, hdev, NULL, 0);
c35938b2
SJ		 2184 if (!cmd) {
2185 err = -ENOMEM;
2186 goto unlock;
2187 }
2188
2189 err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL);
2190 if (err < 0)
2191 mgmt_pending_remove(cmd);
2192
2193unlock:
09fd0de5 2194 hci_dev_unlock(hdev);
c35938b2
SJ		 2195 return err;
2196}
2197
bdb6d971 2198static int add_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
04124681 2199 void *data, u16 len)
2763eda6 2200{
650f726d 2201 struct mgmt_cp_add_remote_oob_data *cp = data;
bf1e3541 2202 u8 status;
2763eda6
SJ		 2203 int err;
2204
bdb6d971 2205 BT_DBG("%s ", hdev->name);
2763eda6 2206
09fd0de5 2207 hci_dev_lock(hdev);
2763eda6 2208
5f97c1df 2209 if (!hdev_is_powered(hdev)) {
bdb6d971 2210 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA,
04124681
GP		 2211 MGMT_STATUS_NOT_POWERED, &cp->addr,
2212 sizeof(cp->addr));
5f97c1df
JH		 2213 goto unlock;
2214 }
2215
664ce4cc 2216 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr, cp->hash,
04124681 2217 cp->randomizer);
2763eda6 2218 if (err < 0)
bf1e3541 2219 status = MGMT_STATUS_FAILED;
2763eda6 2220 else
bf1e3541
JH		 2221 status = 0;
2222
bdb6d971 2223 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA, status,
04124681 2224 &cp->addr, sizeof(cp->addr));
2763eda6 2225
5f97c1df 2226unlock:
09fd0de5 2227 hci_dev_unlock(hdev);
2763eda6
SJ		 2228 return err;
2229}
2230
bdb6d971 2231static int remove_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
650f726d 2232 void *data, u16 len)
2763eda6 2233{
650f726d 2234 struct mgmt_cp_remove_remote_oob_data *cp = data;
bf1e3541 2235 u8 status;
2763eda6
SJ		 2236 int err;
2237
bdb6d971 2238 BT_DBG("%s", hdev->name);
2763eda6 2239
09fd0de5 2240 hci_dev_lock(hdev);
2763eda6 2241
5f97c1df 2242 if (!hdev_is_powered(hdev)) {
bdb6d971 2243 err = cmd_complete(sk, hdev->id,
04124681
GP		 2244 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
2245 MGMT_STATUS_NOT_POWERED, &cp->addr,
2246 sizeof(cp->addr));
5f97c1df
JH		 2247 goto unlock;
2248 }
2249
664ce4cc 2250 err = hci_remove_remote_oob_data(hdev, &cp->addr.bdaddr);
2763eda6 2251 if (err < 0)
bf1e3541 2252 status = MGMT_STATUS_INVALID_PARAMS;
2763eda6 2253 else
bf1e3541
JH		 2254 status = 0;
2255
bdb6d971 2256 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
04124681 2257 status, &cp->addr, sizeof(cp->addr));
2763eda6 2258
5f97c1df 2259unlock:
09fd0de5 2260 hci_dev_unlock(hdev);
2763eda6
SJ		 2261 return err;
2262}
2263
5e0452c0
AG		 2264int mgmt_interleaved_discovery(struct hci_dev *hdev)
2265{
2266 int err;
2267
2268 BT_DBG("%s", hdev->name);
2269
2270 hci_dev_lock(hdev);
2271
2272 err = hci_do_inquiry(hdev, INQUIRY_LEN_BREDR_LE);
2273 if (err < 0)
2274 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
2275
2276 hci_dev_unlock(hdev);
2277
2278 return err;
2279}
2280
bdb6d971 2281static int start_discovery(struct sock *sk, struct hci_dev *hdev,
04124681 2282 void *data, u16 len)
14a53664 2283{
650f726d 2284 struct mgmt_cp_start_discovery *cp = data;
14a53664 2285 struct pending_cmd *cmd;
14a53664
JH		 2286 int err;
2287
bdb6d971 2288 BT_DBG("%s", hdev->name);
14a53664 2289
09fd0de5 2290 hci_dev_lock(hdev);
14a53664 2291
4b34ee78 2292 if (!hdev_is_powered(hdev)) {
bdb6d971 2293 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
04124681 2294 MGMT_STATUS_NOT_POWERED);
bd2d1334
JH		 2295 goto failed;
2296 }
2297
ff9ef578 2298 if (hdev->discovery.state != DISCOVERY_STOPPED) {
bdb6d971 2299 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
04124681 2300 MGMT_STATUS_BUSY);
ff9ef578
JH		 2301 goto failed;
2302 }
2303
2e58ef3e 2304 cmd = mgmt_pending_add(sk, MGMT_OP_START_DISCOVERY, hdev, NULL, 0);
14a53664
JH		 2305 if (!cmd) {
2306 err = -ENOMEM;
2307 goto failed;
2308 }
2309
4aab14e5
AG		 2310 hdev->discovery.type = cp->type;
2311
2312 switch (hdev->discovery.type) {
f39799f5 2313 case DISCOV_TYPE_BREDR:
8b90129c
AG		 2314 if (lmp_bredr_capable(hdev))
2315 err = hci_do_inquiry(hdev, INQUIRY_LEN_BREDR);
2316 else
2317 err = -ENOTSUPP;
f39799f5
AG		 2318 break;
2319
2320 case DISCOV_TYPE_LE:
8b90129c
AG		 2321 if (lmp_host_le_capable(hdev))
2322 err = hci_le_scan(hdev, LE_SCAN_TYPE, LE_SCAN_INT,
04124681 2323 LE_SCAN_WIN, LE_SCAN_TIMEOUT_LE_ONLY);
8b90129c
AG		 2324 else
2325 err = -ENOTSUPP;
f39799f5
AG		 2326 break;
2327
5e0452c0 2328 case DISCOV_TYPE_INTERLEAVED:
426c189a
AG		 2329 if (lmp_host_le_capable(hdev) && lmp_bredr_capable(hdev))
2330 err = hci_le_scan(hdev, LE_SCAN_TYPE, LE_SCAN_INT,
04124681
GP		 2331 LE_SCAN_WIN,
2332 LE_SCAN_TIMEOUT_BREDR_LE);
426c189a
AG		 2333 else
2334 err = -ENOTSUPP;
5e0452c0
AG		 2335 break;
2336
f39799f5 2337 default:
3fd24153 2338 err = -EINVAL;
f39799f5 2339 }
3fd24153 2340
14a53664
JH		 2341 if (err < 0)
2342 mgmt_pending_remove(cmd);
ff9ef578
JH		 2343 else
2344 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
14a53664
JH		 2345
2346failed:
09fd0de5 2347 hci_dev_unlock(hdev);
14a53664
JH		 2348 return err;
2349}
2350
bdb6d971 2351static int stop_discovery(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2352 u16 len)
14a53664 2353{
d930650b 2354 struct mgmt_cp_stop_discovery *mgmt_cp = data;
14a53664 2355 struct pending_cmd *cmd;
30dc78e1
JH		 2356 struct hci_cp_remote_name_req_cancel cp;
2357 struct inquiry_entry *e;
14a53664
JH		 2358 int err;
2359
bdb6d971 2360 BT_DBG("%s", hdev->name);
14a53664 2361
09fd0de5 2362 hci_dev_lock(hdev);
14a53664 2363
30dc78e1 2364 if (!hci_discovery_active(hdev)) {
bdb6d971 2365 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
04124681
GP		 2366 MGMT_STATUS_REJECTED, &mgmt_cp->type,
2367 sizeof(mgmt_cp->type));
d930650b
JH		 2368 goto unlock;
2369 }
2370
2371 if (hdev->discovery.type != mgmt_cp->type) {
bdb6d971 2372 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
04124681
GP		 2373 MGMT_STATUS_INVALID_PARAMS, &mgmt_cp->type,
2374 sizeof(mgmt_cp->type));
30dc78e1 2375 goto unlock;
ff9ef578
JH		 2376 }
2377
2e58ef3e 2378 cmd = mgmt_pending_add(sk, MGMT_OP_STOP_DISCOVERY, hdev, NULL, 0);
14a53664
JH		 2379 if (!cmd) {
2380 err = -ENOMEM;
30dc78e1
JH		 2381 goto unlock;
2382 }
2383
343f935b 2384 if (hdev->discovery.state == DISCOVERY_FINDING) {
30dc78e1
JH		 2385 err = hci_cancel_inquiry(hdev);
2386 if (err < 0)
2387 mgmt_pending_remove(cmd);
2388 else
2389 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
2390 goto unlock;
2391 }
2392
2393 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY, NAME_PENDING);
2394 if (!e) {
2395 mgmt_pending_remove(cmd);
bdb6d971 2396 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY, 0,
04124681 2397 &mgmt_cp->type, sizeof(mgmt_cp->type));
30dc78e1
JH		 2398 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
2399 goto unlock;
14a53664
JH		 2400 }
2401
30dc78e1 2402 bacpy(&cp.bdaddr, &e->data.bdaddr);
04124681
GP		 2403 err = hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ_CANCEL, sizeof(cp),
2404 &cp);
14a53664
JH		 2405 if (err < 0)
2406 mgmt_pending_remove(cmd);
ff9ef578
JH		 2407 else
2408 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
14a53664 2409
30dc78e1 2410unlock:
09fd0de5 2411 hci_dev_unlock(hdev);
14a53664
JH		 2412 return err;
2413}
2414
bdb6d971 2415static int confirm_name(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2416 u16 len)
561aafbc 2417{
650f726d 2418 struct mgmt_cp_confirm_name *cp = data;
561aafbc 2419 struct inquiry_entry *e;
561aafbc
JH		 2420 int err;
2421
bdb6d971 2422 BT_DBG("%s", hdev->name);
561aafbc 2423
561aafbc
JH		 2424 hci_dev_lock(hdev);
2425
30dc78e1 2426 if (!hci_discovery_active(hdev)) {
bdb6d971 2427 err = cmd_status(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
04124681 2428 MGMT_STATUS_FAILED);
30dc78e1
JH		 2429 goto failed;
2430 }
2431
a198e7b1 2432 e = hci_inquiry_cache_lookup_unknown(hdev, &cp->addr.bdaddr);
561aafbc 2433 if (!e) {
bdb6d971 2434 err = cmd_status(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
04124681 2435 MGMT_STATUS_INVALID_PARAMS);
561aafbc
JH		 2436 goto failed;
2437 }
2438
2439 if (cp->name_known) {
2440 e->name_state = NAME_KNOWN;
2441 list_del(&e->list);
2442 } else {
2443 e->name_state = NAME_NEEDED;
a3d4e20a 2444 hci_inquiry_cache_update_resolve(hdev, e);
561aafbc
JH		 2445 }
2446
2447 err = 0;
2448
2449failed:
2450 hci_dev_unlock(hdev);
561aafbc
JH		 2451 return err;
2452}
2453
bdb6d971 2454static int block_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2455 u16 len)
7fbec224 2456{
650f726d 2457 struct mgmt_cp_block_device *cp = data;
f0eeea8b 2458 u8 status;
7fbec224
AJ		 2459 int err;
2460
bdb6d971 2461 BT_DBG("%s", hdev->name);
7fbec224 2462
09fd0de5 2463 hci_dev_lock(hdev);
5e762444 2464
88c1fe4b 2465 err = hci_blacklist_add(hdev, &cp->addr.bdaddr, cp->addr.type);
7fbec224 2466 if (err < 0)
f0eeea8b 2467 status = MGMT_STATUS_FAILED;
7fbec224 2468 else
f0eeea8b
JH		 2469 status = 0;
2470
bdb6d971 2471 err = cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE, status,
04124681 2472 &cp->addr, sizeof(cp->addr));
5e762444 2473
09fd0de5 2474 hci_dev_unlock(hdev);
7fbec224
AJ		 2475
2476 return err;
2477}
2478
bdb6d971 2479static int unblock_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2480 u16 len)
7fbec224 2481{
650f726d 2482 struct mgmt_cp_unblock_device *cp = data;
f0eeea8b 2483 u8 status;
7fbec224
AJ		 2484 int err;
2485
bdb6d971 2486 BT_DBG("%s", hdev->name);
7fbec224 2487
09fd0de5 2488 hci_dev_lock(hdev);
5e762444 2489
88c1fe4b 2490 err = hci_blacklist_del(hdev, &cp->addr.bdaddr, cp->addr.type);
7fbec224 2491 if (err < 0)
f0eeea8b 2492 status = MGMT_STATUS_INVALID_PARAMS;
7fbec224 2493 else
f0eeea8b
JH		 2494 status = 0;
2495
bdb6d971 2496 err = cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE, status,
04124681 2497 &cp->addr, sizeof(cp->addr));
5e762444 2498
09fd0de5 2499 hci_dev_unlock(hdev);
7fbec224
AJ		 2500
2501 return err;
2502}
2503
bdb6d971 2504static int set_fast_connectable(struct sock *sk, struct hci_dev *hdev,
04124681 2505 void *data, u16 len)
f6422ec6 2506{
650f726d 2507 struct mgmt_mode *cp = data;
f6422ec6
AJ		 2508 struct hci_cp_write_page_scan_activity acp;
2509 u8 type;
2510 int err;
2511
bdb6d971 2512 BT_DBG("%s", hdev->name);
f6422ec6 2513
5400c044 2514 if (!hdev_is_powered(hdev))
bdb6d971 2515 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
04124681 2516 MGMT_STATUS_NOT_POWERED);
5400c044
JH		 2517
2518 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
bdb6d971 2519 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
04124681 2520 MGMT_STATUS_REJECTED);
f6422ec6
AJ		 2521
2522 hci_dev_lock(hdev);
2523
f7c6869c 2524 if (cp->val) {
f6422ec6 2525 type = PAGE_SCAN_TYPE_INTERLACED;
76ec9de8
AE		 2526
2527 /* 22.5 msec page scan interval */
2528 acp.interval = __constant_cpu_to_le16(0x0024);
f6422ec6
AJ		 2529 } else {
2530 type = PAGE_SCAN_TYPE_STANDARD; /* default */
76ec9de8
AE		 2531
2532 /* default 1.28 sec page scan */
2533 acp.interval = __constant_cpu_to_le16(0x0800);
f6422ec6
AJ		 2534 }
2535
76ec9de8
AE		 2536 /* default 11.25 msec page scan window */
2537 acp.window = __constant_cpu_to_le16(0x0012);
f6422ec6 2538
04124681
GP		 2539 err = hci_send_cmd(hdev, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY, sizeof(acp),
2540 &acp);
f6422ec6 2541 if (err < 0) {
bdb6d971 2542 err = cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
04124681 2543 MGMT_STATUS_FAILED);
f6422ec6
AJ		 2544 goto done;
2545 }
2546
2547 err = hci_send_cmd(hdev, HCI_OP_WRITE_PAGE_SCAN_TYPE, 1, &type);
2548 if (err < 0) {
bdb6d971 2549 err = cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
04124681 2550 MGMT_STATUS_FAILED);
f6422ec6
AJ		 2551 goto done;
2552 }
2553
bdb6d971 2554 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE, 0,
04124681 2555 NULL, 0);
f6422ec6
AJ		 2556done:
2557 hci_dev_unlock(hdev);
f6422ec6
AJ		 2558 return err;
2559}
2560
bdb6d971 2561static int load_long_term_keys(struct sock *sk, struct hci_dev *hdev,
04124681 2562 void *cp_data, u16 len)
346af67b 2563{
346af67b
VCG		 2564 struct mgmt_cp_load_long_term_keys *cp = cp_data;
2565 u16 key_count, expected_len;
2566 int i;
2567
346af67b
VCG		 2568 key_count = get_unaligned_le16(&cp->key_count);
2569
2570 expected_len = sizeof(*cp) + key_count *
2571 sizeof(struct mgmt_ltk_info);
2572 if (expected_len != len) {
2573 BT_ERR("load_keys: expected %u bytes, got %u bytes",
2574 len, expected_len);
bdb6d971 2575 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
04124681 2576 EINVAL);
346af67b
VCG		 2577 }
2578
bdb6d971 2579 BT_DBG("%s key_count %u", hdev->name, key_count);
346af67b
VCG		 2580
2581 hci_dev_lock(hdev);
2582
2583 hci_smp_ltks_clear(hdev);
2584
2585 for (i = 0; i < key_count; i++) {
2586 struct mgmt_ltk_info *key = &cp->keys[i];
2587 u8 type;
2588
2589 if (key->master)
2590 type = HCI_SMP_LTK;
2591 else
2592 type = HCI_SMP_LTK_SLAVE;
2593
2594 hci_add_ltk(hdev, &key->addr.bdaddr, key->addr.type,
04124681
GP		 2595 type, 0, key->authenticated, key->val,
2596 key->enc_size, key->ediv, key->rand);
346af67b
VCG		 2597 }
2598
2599 hci_dev_unlock(hdev);
346af67b
VCG		 2600
2601 return 0;
2602}
2603
0f4e68cf 2604struct mgmt_handler {
04124681
GP		 2605 int (*func) (struct sock *sk, struct hci_dev *hdev, void *data,
2606 u16 data_len);
be22b54e
JH		 2607 bool var_len;
2608 size_t data_len;
0f4e68cf
JH		 2609} mgmt_handlers[] = {
2610 { NULL }, /* 0x0000 (no command) */
be22b54e
JH		 2611 { read_version, false, MGMT_READ_VERSION_SIZE },
2612 { read_commands, false, MGMT_READ_COMMANDS_SIZE },
2613 { read_index_list, false, MGMT_READ_INDEX_LIST_SIZE },
2614 { read_controller_info, false, MGMT_READ_INFO_SIZE },
2615 { set_powered, false, MGMT_SETTING_SIZE },
2616 { set_discoverable, false, MGMT_SET_DISCOVERABLE_SIZE },
2617 { set_connectable, false, MGMT_SETTING_SIZE },
2618 { set_fast_connectable, false, MGMT_SETTING_SIZE },
2619 { set_pairable, false, MGMT_SETTING_SIZE },
2620 { set_link_security, false, MGMT_SETTING_SIZE },
2621 { set_ssp, false, MGMT_SETTING_SIZE },
2622 { set_hs, false, MGMT_SETTING_SIZE },
2623 { set_le, false, MGMT_SETTING_SIZE },
2624 { set_dev_class, false, MGMT_SET_DEV_CLASS_SIZE },
2625 { set_local_name, false, MGMT_SET_LOCAL_NAME_SIZE },
2626 { add_uuid, false, MGMT_ADD_UUID_SIZE },
2627 { remove_uuid, false, MGMT_REMOVE_UUID_SIZE },
2628 { load_link_keys, true, MGMT_LOAD_LINK_KEYS_SIZE },
2629 { load_long_term_keys, true, MGMT_LOAD_LONG_TERM_KEYS_SIZE },
2630 { disconnect, false, MGMT_DISCONNECT_SIZE },
2631 { get_connections, false, MGMT_GET_CONNECTIONS_SIZE },
2632 { pin_code_reply, false, MGMT_PIN_CODE_REPLY_SIZE },
2633 { pin_code_neg_reply, false, MGMT_PIN_CODE_NEG_REPLY_SIZE },
2634 { set_io_capability, false, MGMT_SET_IO_CAPABILITY_SIZE },
2635 { pair_device, false, MGMT_PAIR_DEVICE_SIZE },
2636 { cancel_pair_device, false, MGMT_CANCEL_PAIR_DEVICE_SIZE },
2637 { unpair_device, false, MGMT_UNPAIR_DEVICE_SIZE },
2638 { user_confirm_reply, false, MGMT_USER_CONFIRM_REPLY_SIZE },
2639 { user_confirm_neg_reply, false, MGMT_USER_CONFIRM_NEG_REPLY_SIZE },
2640 { user_passkey_reply, false, MGMT_USER_PASSKEY_REPLY_SIZE },
2641 { user_passkey_neg_reply, false, MGMT_USER_PASSKEY_NEG_REPLY_SIZE },
2642 { read_local_oob_data, false, MGMT_READ_LOCAL_OOB_DATA_SIZE },
2643 { add_remote_oob_data, false, MGMT_ADD_REMOTE_OOB_DATA_SIZE },
2644 { remove_remote_oob_data, false, MGMT_REMOVE_REMOTE_OOB_DATA_SIZE },
2645 { start_discovery, false, MGMT_START_DISCOVERY_SIZE },
2646 { stop_discovery, false, MGMT_STOP_DISCOVERY_SIZE },
2647 { confirm_name, false, MGMT_CONFIRM_NAME_SIZE },
2648 { block_device, false, MGMT_BLOCK_DEVICE_SIZE },
2649 { unblock_device, false, MGMT_UNBLOCK_DEVICE_SIZE },
0f4e68cf
JH		 2650};
2651
2652
0381101f
JH		 2653int mgmt_control(struct sock *sk, struct msghdr *msg, size_t msglen)
2654{
650f726d
VCG		 2655 void *buf;
2656 u8 *cp;
0381101f 2657 struct mgmt_hdr *hdr;
4e51eae9 2658 u16 opcode, index, len;
bdb6d971 2659 struct hci_dev *hdev = NULL;
be22b54e 2660 struct mgmt_handler *handler;
0381101f
JH		 2661 int err;
2662
2663 BT_DBG("got %zu bytes", msglen);
2664
2665 if (msglen < sizeof(*hdr))
2666 return -EINVAL;
2667
e63a15ec 2668 buf = kmalloc(msglen, GFP_KERNEL);
0381101f
JH		 2669 if (!buf)
2670 return -ENOMEM;
2671
2672 if (memcpy_fromiovec(buf, msg->msg_iov, msglen)) {
2673 err = -EFAULT;
2674 goto done;
2675 }
2676
650f726d 2677 hdr = buf;
0381101f 2678 opcode = get_unaligned_le16(&hdr->opcode);
4e51eae9 2679 index = get_unaligned_le16(&hdr->index);
0381101f
JH		 2680 len = get_unaligned_le16(&hdr->len);
2681
2682 if (len != msglen - sizeof(*hdr)) {
2683 err = -EINVAL;
2684 goto done;
2685 }
2686
0f4e68cf 2687 if (index != MGMT_INDEX_NONE) {
bdb6d971
JH		 2688 hdev = hci_dev_get(index);
2689 if (!hdev) {
2690 err = cmd_status(sk, index, opcode,
04124681 2691 MGMT_STATUS_INVALID_INDEX);
bdb6d971
JH		 2692 goto done;
2693 }
2694 }
2695
0f4e68cf
JH		 2696 if (opcode >= ARRAY_SIZE(mgmt_handlers) ||
2697 mgmt_handlers[opcode].func == NULL) {
0381101f 2698 BT_DBG("Unknown op %u", opcode);
ca69b795 2699 err = cmd_status(sk, index, opcode,
04124681 2700 MGMT_STATUS_UNKNOWN_COMMAND);
0f4e68cf
JH		 2701 goto done;
2702 }
2703
2704 if ((hdev && opcode < MGMT_OP_READ_INFO) ||
2705 (!hdev && opcode >= MGMT_OP_READ_INFO)) {
2706 err = cmd_status(sk, index, opcode,
04124681 2707 MGMT_STATUS_INVALID_INDEX);
0f4e68cf 2708 goto done;
0381101f
JH		 2709 }
2710
be22b54e
JH		 2711 handler = &mgmt_handlers[opcode];
2712
2713 if ((handler->var_len && len < handler->data_len) ||
2714 (!handler->var_len && len != handler->data_len)) {
2715 err = cmd_status(sk, index, opcode,
04124681 2716 MGMT_STATUS_INVALID_PARAMS);
be22b54e
JH		 2717 goto done;
2718 }
2719
0f4e68cf
JH		 2720 if (hdev)
2721 mgmt_init_hdev(sk, hdev);
2722
2723 cp = buf + sizeof(*hdr);
2724
be22b54e 2725 err = handler->func(sk, hdev, cp, len);
e41d8b4e
JH		 2726 if (err < 0)
2727 goto done;
2728
0381101f
JH		 2729 err = msglen;
2730
2731done:
bdb6d971
JH		 2732 if (hdev)
2733 hci_dev_put(hdev);
2734
0381101f
JH		 2735 kfree(buf);
2736 return err;
2737}
c71e97bf 2738
b24752fe
JH		 2739static void cmd_status_rsp(struct pending_cmd *cmd, void *data)
2740{
2741 u8 *status = data;
2742
2743 cmd_status(cmd->sk, cmd->index, cmd->opcode, *status);
2744 mgmt_pending_remove(cmd);
2745}
2746
744cf19e 2747int mgmt_index_added(struct hci_dev *hdev)
c71e97bf 2748{
744cf19e 2749 return mgmt_event(MGMT_EV_INDEX_ADDED, hdev, NULL, 0, NULL);
c71e97bf
JH		 2750}
2751
744cf19e 2752int mgmt_index_removed(struct hci_dev *hdev)
c71e97bf 2753{
5f159032 2754 u8 status = MGMT_STATUS_INVALID_INDEX;
b24752fe 2755
744cf19e 2756 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status);
b24752fe 2757
744cf19e 2758 return mgmt_event(MGMT_EV_INDEX_REMOVED, hdev, NULL, 0, NULL);
eec8d2bc
JH		 2759}
2760
73f22f62 2761struct cmd_lookup {
eec8d2bc 2762 struct sock *sk;
69ab39ea 2763 struct hci_dev *hdev;
90e70454 2764 u8 mgmt_status;
eec8d2bc
JH		 2765};
2766
69ab39ea 2767static void settings_rsp(struct pending_cmd *cmd, void *data)
eec8d2bc 2768{
73f22f62 2769 struct cmd_lookup *match = data;
eec8d2bc 2770
69ab39ea 2771 send_settings_rsp(cmd->sk, cmd->opcode, match->hdev);
eec8d2bc
JH		 2772
2773 list_del(&cmd->list);
2774
2775 if (match->sk == NULL) {
2776 match->sk = cmd->sk;
2777 sock_hold(match->sk);
2778 }
2779
2780 mgmt_pending_free(cmd);
c71e97bf 2781}
5add6af8 2782
744cf19e 2783int mgmt_powered(struct hci_dev *hdev, u8 powered)
5add6af8 2784{
76a7f3a4 2785 struct cmd_lookup match = { NULL, hdev };
7bb895d6 2786 int err;
5add6af8 2787
5e5282bb
JH		 2788 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
2789 return 0;
2790
69ab39ea 2791 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
5add6af8 2792
5e5282bb
JH		 2793 if (powered) {
2794 u8 scan = 0;
2795
2796 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
2797 scan |= SCAN_PAGE;
2798 if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
2799 scan |= SCAN_INQUIRY;
2800
2801 if (scan)
2802 hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
504c8dcd
JH		 2803
2804 update_class(hdev);
2b4bf397 2805 update_name(hdev, hdev->dev_name);
504c8dcd 2806 update_eir(hdev);
5e5282bb 2807 } else {
d4f68526 2808 u8 status = MGMT_STATUS_NOT_POWERED;
744cf19e 2809 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status);
b24752fe
JH		 2810 }
2811
beadb2bd 2812 err = new_settings(hdev, match.sk);
eec8d2bc
JH		 2813
2814 if (match.sk)
2815 sock_put(match.sk);
2816
7bb895d6 2817 return err;
5add6af8 2818}
73f22f62 2819
744cf19e 2820int mgmt_discoverable(struct hci_dev *hdev, u8 discoverable)
73f22f62 2821{
76a7f3a4 2822 struct cmd_lookup match = { NULL, hdev };
5e5282bb
JH		 2823 bool changed = false;
2824 int err = 0;
73f22f62 2825
5e5282bb
JH		 2826 if (discoverable) {
2827 if (!test_and_set_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
2828 changed = true;
2829 } else {
2830 if (test_and_clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
2831 changed = true;
2832 }
73f22f62 2833
ed9b5f2f 2834 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, hdev, settings_rsp,
04124681 2835 &match);
ed9b5f2f 2836
beadb2bd
JH		 2837 if (changed)
2838 err = new_settings(hdev, match.sk);
5e5282bb 2839
73f22f62
JH		 2840 if (match.sk)
2841 sock_put(match.sk);
2842
7bb895d6 2843 return err;
73f22f62 2844}
9fbcbb45 2845
744cf19e 2846int mgmt_connectable(struct hci_dev *hdev, u8 connectable)
9fbcbb45 2847{
76a7f3a4 2848 struct cmd_lookup match = { NULL, hdev };
5e5282bb
JH		 2849 bool changed = false;
2850 int err = 0;
9fbcbb45 2851
5e5282bb
JH		 2852 if (connectable) {
2853 if (!test_and_set_bit(HCI_CONNECTABLE, &hdev->dev_flags))
2854 changed = true;
2855 } else {
2856 if (test_and_clear_bit(HCI_CONNECTABLE, &hdev->dev_flags))
2857 changed = true;
2858 }
9fbcbb45 2859
ed9b5f2f 2860 mgmt_pending_foreach(MGMT_OP_SET_CONNECTABLE, hdev, settings_rsp,
04124681 2861 &match);
ed9b5f2f 2862
beadb2bd
JH		 2863 if (changed)
2864 err = new_settings(hdev, match.sk);
9fbcbb45
JH		 2865
2866 if (match.sk)
2867 sock_put(match.sk);
2868
7bb895d6 2869 return err;
9fbcbb45 2870}
55ed8ca1 2871
744cf19e 2872int mgmt_write_scan_failed(struct hci_dev *hdev, u8 scan, u8 status)
2d7cee58 2873{
ca69b795
JH		 2874 u8 mgmt_err = mgmt_status(status);
2875
2d7cee58 2876 if (scan & SCAN_PAGE)
744cf19e 2877 mgmt_pending_foreach(MGMT_OP_SET_CONNECTABLE, hdev,
04124681 2878 cmd_status_rsp, &mgmt_err);
2d7cee58
JH		 2879
2880 if (scan & SCAN_INQUIRY)
744cf19e 2881 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, hdev,
04124681 2882 cmd_status_rsp, &mgmt_err);
2d7cee58
JH		 2883
2884 return 0;
2885}
2886
745c0ce3 2887int mgmt_new_link_key(struct hci_dev *hdev, struct link_key *key, bool persistent)
55ed8ca1 2888{
86742e1e 2889 struct mgmt_ev_new_link_key ev;
55ed8ca1 2890
a492cd52 2891 memset(&ev, 0, sizeof(ev));
55ed8ca1 2892
a492cd52 2893 ev.store_hint = persistent;
d753fdc4
JH		 2894 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
2895 ev.key.addr.type = MGMT_ADDR_BREDR;
a492cd52
VCG		 2896 ev.key.type = key->type;
2897 memcpy(ev.key.val, key->val, 16);
2898 ev.key.pin_len = key->pin_len;
55ed8ca1 2899
744cf19e 2900 return mgmt_event(MGMT_EV_NEW_LINK_KEY, hdev, &ev, sizeof(ev), NULL);
55ed8ca1 2901}
f7520543 2902
346af67b
VCG		 2903int mgmt_new_ltk(struct hci_dev *hdev, struct smp_ltk *key, u8 persistent)
2904{
2905 struct mgmt_ev_new_long_term_key ev;
2906
2907 memset(&ev, 0, sizeof(ev));
2908
2909 ev.store_hint = persistent;
2910 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
2911 ev.key.addr.type = key->bdaddr_type;
2912 ev.key.authenticated = key->authenticated;
2913 ev.key.enc_size = key->enc_size;
2914 ev.key.ediv = key->ediv;
2915
2916 if (key->type == HCI_SMP_LTK)
2917 ev.key.master = 1;
2918
2919 memcpy(ev.key.rand, key->rand, sizeof(key->rand));
2920 memcpy(ev.key.val, key->val, sizeof(key->val));
2921
04124681
GP		 2922 return mgmt_event(MGMT_EV_NEW_LONG_TERM_KEY, hdev, &ev, sizeof(ev),
2923 NULL);
346af67b
VCG		 2924}
2925
afc747a6 2926int mgmt_device_connected(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
04124681
GP		 2927 u8 addr_type, u32 flags, u8 *name, u8 name_len,
2928 u8 *dev_class)
f7520543 2929{
b644ba33
JH		 2930 char buf[512];
2931 struct mgmt_ev_device_connected *ev = (void *) buf;
2932 u16 eir_len = 0;
f7520543 2933
b644ba33
JH		 2934 bacpy(&ev->addr.bdaddr, bdaddr);
2935 ev->addr.type = link_to_mgmt(link_type, addr_type);
f7520543 2936
c95f0ba7 2937 ev->flags = __cpu_to_le32(flags);
08c79b61 2938
b644ba33
JH		 2939 if (name_len > 0)
2940 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE,
04124681 2941 name, name_len);
b644ba33
JH		 2942
2943 if (dev_class && memcmp(dev_class, "\0\0\0", 3) != 0)
53156385 2944 eir_len = eir_append_data(ev->eir, eir_len,
04124681 2945 EIR_CLASS_OF_DEV, dev_class, 3);
b644ba33
JH		 2946
2947 put_unaligned_le16(eir_len, &ev->eir_len);
2948
2949 return mgmt_event(MGMT_EV_DEVICE_CONNECTED, hdev, buf,
04124681 2950 sizeof(*ev) + eir_len, NULL);
f7520543
JH		 2951}
2952
8962ee74
JH		 2953static void disconnect_rsp(struct pending_cmd *cmd, void *data)
2954{
c68fb7ff 2955 struct mgmt_cp_disconnect *cp = cmd->param;
8962ee74 2956 struct sock **sk = data;
a38528f1 2957 struct mgmt_rp_disconnect rp;
8962ee74 2958
88c3df13
JH		 2959 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2960 rp.addr.type = cp->addr.type;
8962ee74 2961
aee9b218 2962 cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT, 0, &rp,
04124681 2963 sizeof(rp));
8962ee74
JH		 2964
2965 *sk = cmd->sk;
2966 sock_hold(*sk);
2967
a664b5bc 2968 mgmt_pending_remove(cmd);
8962ee74
JH		 2969}
2970
124f6e35 2971static void unpair_device_rsp(struct pending_cmd *cmd, void *data)
a8a1d19e 2972{
b1078ad0 2973 struct hci_dev *hdev = data;
124f6e35
JH		 2974 struct mgmt_cp_unpair_device *cp = cmd->param;
2975 struct mgmt_rp_unpair_device rp;
a8a1d19e
JH		 2976
2977 memset(&rp, 0, sizeof(rp));
124f6e35
JH		 2978 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2979 rp.addr.type = cp->addr.type;
a8a1d19e 2980
b1078ad0
JH		 2981 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, cmd->sk);
2982
aee9b218 2983 cmd_complete(cmd->sk, cmd->index, cmd->opcode, 0, &rp, sizeof(rp));
a8a1d19e
JH		 2984
2985 mgmt_pending_remove(cmd);
2986}
2987
afc747a6 2988int mgmt_device_disconnected(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 2989 u8 link_type, u8 addr_type)
f7520543 2990{
4c659c39 2991 struct mgmt_addr_info ev;
8962ee74
JH		 2992 struct sock *sk = NULL;
2993 int err;
2994
744cf19e 2995 mgmt_pending_foreach(MGMT_OP_DISCONNECT, hdev, disconnect_rsp, &sk);
f7520543 2996
f7520543 2997 bacpy(&ev.bdaddr, bdaddr);
48264f06 2998 ev.type = link_to_mgmt(link_type, addr_type);
f7520543 2999
afc747a6 3000 err = mgmt_event(MGMT_EV_DEVICE_DISCONNECTED, hdev, &ev, sizeof(ev),
04124681 3001 sk);
8962ee74
JH		 3002
3003 if (sk)
04124681 3004 sock_put(sk);
8962ee74 3005
124f6e35 3006 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
04124681 3007 hdev);
a8a1d19e 3008
8962ee74
JH		 3009 return err;
3010}
3011
88c3df13 3012int mgmt_disconnect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 3013 u8 link_type, u8 addr_type, u8 status)
8962ee74 3014{
88c3df13 3015 struct mgmt_rp_disconnect rp;
8962ee74
JH		 3016 struct pending_cmd *cmd;
3017 int err;
3018
2e58ef3e 3019 cmd = mgmt_pending_find(MGMT_OP_DISCONNECT, hdev);
8962ee74
JH		 3020 if (!cmd)
3021 return -ENOENT;
3022
88c3df13
JH		 3023 bacpy(&rp.addr.bdaddr, bdaddr);
3024 rp.addr.type = link_to_mgmt(link_type, addr_type);
37d9ef76 3025
88c3df13 3026 err = cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT,
04124681 3027 mgmt_status(status), &rp, sizeof(rp));
8962ee74 3028
a664b5bc 3029 mgmt_pending_remove(cmd);
8962ee74 3030
b1078ad0
JH		 3031 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
3032 hdev);
8962ee74 3033 return err;
f7520543 3034}
17d5c04c 3035
48264f06 3036int mgmt_connect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
04124681 3037 u8 addr_type, u8 status)
17d5c04c
JH		 3038{
3039 struct mgmt_ev_connect_failed ev;
3040
4c659c39 3041 bacpy(&ev.addr.bdaddr, bdaddr);
48264f06 3042 ev.addr.type = link_to_mgmt(link_type, addr_type);
ca69b795 3043 ev.status = mgmt_status(status);
17d5c04c 3044
744cf19e 3045 return mgmt_event(MGMT_EV_CONNECT_FAILED, hdev, &ev, sizeof(ev), NULL);
17d5c04c 3046}
980e1a53 3047
744cf19e 3048int mgmt_pin_code_request(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 secure)
980e1a53
JH		 3049{
3050 struct mgmt_ev_pin_code_request ev;
3051
d8457698
JH		 3052 bacpy(&ev.addr.bdaddr, bdaddr);
3053 ev.addr.type = MGMT_ADDR_BREDR;
a770bb5a 3054 ev.secure = secure;
980e1a53 3055
744cf19e 3056 return mgmt_event(MGMT_EV_PIN_CODE_REQUEST, hdev, &ev, sizeof(ev),
04124681 3057 NULL);
980e1a53
JH		 3058}
3059
744cf19e 3060int mgmt_pin_code_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 3061 u8 status)
980e1a53
JH		 3062{
3063 struct pending_cmd *cmd;
ac56fb13 3064 struct mgmt_rp_pin_code_reply rp;
980e1a53
JH		 3065 int err;
3066
2e58ef3e 3067 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_REPLY, hdev);
980e1a53
JH		 3068 if (!cmd)
3069 return -ENOENT;
3070
d8457698
JH		 3071 bacpy(&rp.addr.bdaddr, bdaddr);
3072 rp.addr.type = MGMT_ADDR_BREDR;
ac56fb13 3073
aee9b218 3074 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
04124681 3075 mgmt_status(status), &rp, sizeof(rp));
980e1a53 3076
a664b5bc 3077 mgmt_pending_remove(cmd);
980e1a53
JH		 3078
3079 return err;
3080}
3081
744cf19e 3082int mgmt_pin_code_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 3083 u8 status)
980e1a53
JH		 3084{
3085 struct pending_cmd *cmd;
ac56fb13 3086 struct mgmt_rp_pin_code_reply rp;
980e1a53
JH		 3087 int err;
3088
2e58ef3e 3089 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_NEG_REPLY, hdev);
980e1a53
JH		 3090 if (!cmd)
3091 return -ENOENT;
3092
d8457698
JH		 3093 bacpy(&rp.addr.bdaddr, bdaddr);
3094 rp.addr.type = MGMT_ADDR_BREDR;
ac56fb13 3095
aee9b218 3096 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_NEG_REPLY,
04124681 3097 mgmt_status(status), &rp, sizeof(rp));
980e1a53 3098
a664b5bc 3099 mgmt_pending_remove(cmd);
980e1a53
JH		 3100
3101 return err;
3102}
a5c29683 3103
744cf19e 3104int mgmt_user_confirm_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681
GP		 3105 u8 link_type, u8 addr_type, __le32 value,
3106 u8 confirm_hint)
a5c29683
JH		 3107{
3108 struct mgmt_ev_user_confirm_request ev;
3109
744cf19e 3110 BT_DBG("%s", hdev->name);
a5c29683 3111
272d90df
JH		 3112 bacpy(&ev.addr.bdaddr, bdaddr);
3113 ev.addr.type = link_to_mgmt(link_type, addr_type);
55bc1a37 3114 ev.confirm_hint = confirm_hint;
78e8098e 3115 ev.value = value;
a5c29683 3116
744cf19e 3117 return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST, hdev, &ev, sizeof(ev),
04124681 3118 NULL);
a5c29683
JH		 3119}
3120
272d90df
JH		 3121int mgmt_user_passkey_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
3122 u8 link_type, u8 addr_type)
604086b7
BG		 3123{
3124 struct mgmt_ev_user_passkey_request ev;
3125
3126 BT_DBG("%s", hdev->name);
3127
272d90df
JH		 3128 bacpy(&ev.addr.bdaddr, bdaddr);
3129 ev.addr.type = link_to_mgmt(link_type, addr_type);
604086b7
BG		 3130
3131 return mgmt_event(MGMT_EV_USER_PASSKEY_REQUEST, hdev, &ev, sizeof(ev),
04124681 3132 NULL);
604086b7
BG		 3133}
3134
0df4c185 3135static int user_pairing_resp_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
272d90df
JH		 3136 u8 link_type, u8 addr_type, u8 status,
3137 u8 opcode)
a5c29683
JH		 3138{
3139 struct pending_cmd *cmd;
3140 struct mgmt_rp_user_confirm_reply rp;
3141 int err;
3142
2e58ef3e 3143 cmd = mgmt_pending_find(opcode, hdev);
a5c29683
JH		 3144 if (!cmd)
3145 return -ENOENT;
3146
272d90df
JH		 3147 bacpy(&rp.addr.bdaddr, bdaddr);
3148 rp.addr.type = link_to_mgmt(link_type, addr_type);
aee9b218 3149 err = cmd_complete(cmd->sk, hdev->id, opcode, mgmt_status(status),
04124681 3150 &rp, sizeof(rp));
a5c29683 3151
a664b5bc 3152 mgmt_pending_remove(cmd);
a5c29683
JH		 3153
3154 return err;
3155}
3156
744cf19e 3157int mgmt_user_confirm_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 3158 u8 link_type, u8 addr_type, u8 status)
a5c29683 3159{
272d90df 3160 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
04124681 3161 status, MGMT_OP_USER_CONFIRM_REPLY);
a5c29683
JH		 3162}
3163
272d90df 3164int mgmt_user_confirm_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 3165 u8 link_type, u8 addr_type, u8 status)
a5c29683 3166{
272d90df 3167 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
04124681 3168 status, MGMT_OP_USER_CONFIRM_NEG_REPLY);
a5c29683 3169}
2a611692 3170
604086b7 3171int mgmt_user_passkey_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 3172 u8 link_type, u8 addr_type, u8 status)
604086b7 3173{
272d90df 3174 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
04124681 3175 status, MGMT_OP_USER_PASSKEY_REPLY);
604086b7
BG		 3176}
3177
272d90df 3178int mgmt_user_passkey_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 3179 u8 link_type, u8 addr_type, u8 status)
604086b7 3180{
272d90df 3181 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
04124681 3182 status, MGMT_OP_USER_PASSKEY_NEG_REPLY);
604086b7
BG		 3183}
3184
bab73cb6 3185int mgmt_auth_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
04124681 3186 u8 addr_type, u8 status)
2a611692
JH		 3187{
3188 struct mgmt_ev_auth_failed ev;
3189
bab73cb6
JH		 3190 bacpy(&ev.addr.bdaddr, bdaddr);
3191 ev.addr.type = link_to_mgmt(link_type, addr_type);
ca69b795 3192 ev.status = mgmt_status(status);
2a611692 3193
744cf19e 3194 return mgmt_event(MGMT_EV_AUTH_FAILED, hdev, &ev, sizeof(ev), NULL);
2a611692 3195}
b312b161 3196
33ef95ed
JH		 3197int mgmt_auth_enable_complete(struct hci_dev *hdev, u8 status)
3198{
3199 struct cmd_lookup match = { NULL, hdev };
47990ea0
JH		 3200 bool changed = false;
3201 int err = 0;
33ef95ed
JH		 3202
3203 if (status) {
3204 u8 mgmt_err = mgmt_status(status);
3205 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev,
04124681 3206 cmd_status_rsp, &mgmt_err);
33ef95ed
JH		 3207 return 0;
3208 }
3209
47990ea0
JH		 3210 if (test_bit(HCI_AUTH, &hdev->flags)) {
3211 if (!test_and_set_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
3212 changed = true;
3213 } else {
3214 if (test_and_clear_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
3215 changed = true;
3216 }
3217
33ef95ed 3218 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev, settings_rsp,
04124681 3219 &match);
33ef95ed 3220
47990ea0
JH		 3221 if (changed)
3222 err = new_settings(hdev, match.sk);
33ef95ed
JH		 3223
3224 if (match.sk)
3225 sock_put(match.sk);
3226
3227 return err;
3228}
3229
cacaf52f
JH		 3230static int clear_eir(struct hci_dev *hdev)
3231{
3232 struct hci_cp_write_eir cp;
3233
3234 if (!(hdev->features[6] & LMP_EXT_INQ))
3235 return 0;
3236
c80da27e
JH		 3237 memset(hdev->eir, 0, sizeof(hdev->eir));
3238
cacaf52f
JH		 3239 memset(&cp, 0, sizeof(cp));
3240
3241 return hci_send_cmd(hdev, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
3242}
3243
c0ecddc2 3244int mgmt_ssp_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
ed2c4ee3
JH		 3245{
3246 struct cmd_lookup match = { NULL, hdev };
c0ecddc2
JH		 3247 bool changed = false;
3248 int err = 0;
ed2c4ee3
JH		 3249
3250 if (status) {
3251 u8 mgmt_err = mgmt_status(status);
c0ecddc2
JH		 3252
3253 if (enable && test_and_clear_bit(HCI_SSP_ENABLED,
04124681 3254 &hdev->dev_flags))
c0ecddc2
JH		 3255 err = new_settings(hdev, NULL);
3256
04124681
GP		 3257 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, cmd_status_rsp,
3258 &mgmt_err);
c0ecddc2
JH		 3259
3260 return err;
3261 }
3262
3263 if (enable) {
3264 if (!test_and_set_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
3265 changed = true;
3266 } else {
3267 if (test_and_clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
3268 changed = true;
ed2c4ee3
JH		 3269 }
3270
3271 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, settings_rsp, &match);
3272
c0ecddc2
JH		 3273 if (changed)
3274 err = new_settings(hdev, match.sk);
ed2c4ee3 3275
5fc6ebb1 3276 if (match.sk)
ed2c4ee3
JH		 3277 sock_put(match.sk);
3278
5fc6ebb1
JH		 3279 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
3280 update_eir(hdev);
3281 else
3282 clear_eir(hdev);
cacaf52f 3283
ed2c4ee3
JH		 3284 return err;
3285}
3286
90e70454
JH		 3287static void class_rsp(struct pending_cmd *cmd, void *data)
3288{
3289 struct cmd_lookup *match = data;
3290
3291 cmd_complete(cmd->sk, cmd->index, cmd->opcode, match->mgmt_status,
04124681 3292 match->hdev->dev_class, 3);
90e70454
JH		 3293
3294 list_del(&cmd->list);
3295
3296 if (match->sk == NULL) {
3297 match->sk = cmd->sk;
3298 sock_hold(match->sk);
3299 }
3300
3301 mgmt_pending_free(cmd);
3302}
3303
7f9a903c 3304int mgmt_set_class_of_dev_complete(struct hci_dev *hdev, u8 *dev_class,
04124681 3305 u8 status)
7f9a903c 3306{
90e70454
JH		 3307 struct cmd_lookup match = { NULL, hdev, mgmt_status(status) };
3308 int err = 0;
7f9a903c 3309
c95f0ba7
JH		 3310 clear_bit(HCI_PENDING_CLASS, &hdev->dev_flags);
3311
90e70454
JH		 3312 mgmt_pending_foreach(MGMT_OP_SET_DEV_CLASS, hdev, class_rsp, &match);
3313 mgmt_pending_foreach(MGMT_OP_ADD_UUID, hdev, class_rsp, &match);
3314 mgmt_pending_foreach(MGMT_OP_REMOVE_UUID, hdev, class_rsp, &match);
3315
3316 if (!status)
04124681
GP		 3317 err = mgmt_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev, dev_class,
3318 3, NULL);
90e70454
JH		 3319
3320 if (match.sk)
3321 sock_put(match.sk);
7f9a903c
MH		 3322
3323 return err;
3324}
3325
744cf19e 3326int mgmt_set_local_name_complete(struct hci_dev *hdev, u8 *name, u8 status)
b312b161
JH		 3327{
3328 struct pending_cmd *cmd;
3329 struct mgmt_cp_set_local_name ev;
28cc7bde
JH		 3330 bool changed = false;
3331 int err = 0;
3332
3333 if (memcmp(name, hdev->dev_name, sizeof(hdev->dev_name)) != 0) {
3334 memcpy(hdev->dev_name, name, sizeof(hdev->dev_name));
3335 changed = true;
3336 }
b312b161
JH		 3337
3338 memset(&ev, 0, sizeof(ev));
3339 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH);
28cc7bde 3340 memcpy(ev.short_name, hdev->short_name, HCI_MAX_SHORT_NAME_LENGTH);
b312b161 3341
2e58ef3e 3342 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
b312b161
JH		 3343 if (!cmd)
3344 goto send_event;
3345
7bdaae4a
JH		 3346 /* Always assume that either the short or the complete name has
3347 * changed if there was a pending mgmt command */
3348 changed = true;
3349
b312b161 3350 if (status) {
744cf19e 3351 err = cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME,
04124681 3352 mgmt_status(status));
b312b161
JH		 3353 goto failed;
3354 }
3355
aee9b218 3356 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0, &ev,
04124681 3357 sizeof(ev));
b312b161
JH		 3358 if (err < 0)
3359 goto failed;
3360
3361send_event:
28cc7bde
JH		 3362 if (changed)
3363 err = mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, &ev,
04124681 3364 sizeof(ev), cmd ? cmd->sk : NULL);
28cc7bde 3365
f51d5b24 3366 update_eir(hdev);
b312b161
JH		 3367
3368failed:
3369 if (cmd)
3370 mgmt_pending_remove(cmd);
3371 return err;
3372}
c35938b2 3373
744cf19e 3374int mgmt_read_local_oob_data_reply_complete(struct hci_dev *hdev, u8 *hash,
04124681 3375 u8 *randomizer, u8 status)
c35938b2
SJ		 3376{
3377 struct pending_cmd *cmd;
3378 int err;
3379
744cf19e 3380 BT_DBG("%s status %u", hdev->name, status);
c35938b2 3381
2e58ef3e 3382 cmd = mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev);
c35938b2
SJ		 3383 if (!cmd)
3384 return -ENOENT;
3385
3386 if (status) {
04124681
GP		 3387 err = cmd_status(cmd->sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3388 mgmt_status(status));
c35938b2
SJ		 3389 } else {
3390 struct mgmt_rp_read_local_oob_data rp;
3391
3392 memcpy(rp.hash, hash, sizeof(rp.hash));
3393 memcpy(rp.randomizer, randomizer, sizeof(rp.randomizer));
3394
744cf19e 3395 err = cmd_complete(cmd->sk, hdev->id,
04124681
GP		 3396 MGMT_OP_READ_LOCAL_OOB_DATA, 0, &rp,
3397 sizeof(rp));
c35938b2
SJ		 3398 }
3399
3400 mgmt_pending_remove(cmd);
3401
3402 return err;
3403}
e17acd40 3404
06199cf8
JH		 3405int mgmt_le_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
3406{
3407 struct cmd_lookup match = { NULL, hdev };
3408 bool changed = false;
3409 int err = 0;
3410
3411 if (status) {
3412 u8 mgmt_err = mgmt_status(status);
3413
3414 if (enable && test_and_clear_bit(HCI_LE_ENABLED,
04124681
GP		 3415 &hdev->dev_flags))
3416 err = new_settings(hdev, NULL);
06199cf8
JH		 3417
3418 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev,
04124681 3419 cmd_status_rsp, &mgmt_err);
06199cf8
JH		 3420
3421 return err;
3422 }
3423
3424 if (enable) {
3425 if (!test_and_set_bit(HCI_LE_ENABLED, &hdev->dev_flags))
3426 changed = true;
3427 } else {
3428 if (test_and_clear_bit(HCI_LE_ENABLED, &hdev->dev_flags))
3429 changed = true;
3430 }
3431
3432 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, settings_rsp, &match);
3433
3434 if (changed)
3435 err = new_settings(hdev, match.sk);
3436
3437 if (match.sk)
3438 sock_put(match.sk);
3439
3440 return err;
3441}
3442
48264f06 3443int mgmt_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
04124681
GP		 3444 u8 addr_type, u8 *dev_class, s8 rssi, u8 cfm_name, u8
3445 ssp, u8 *eir, u16 eir_len)
e17acd40 3446{
e319d2e7
JH		 3447 char buf[512];
3448 struct mgmt_ev_device_found *ev = (void *) buf;
1dc06093 3449 size_t ev_size;
e17acd40 3450
1dc06093
JH		 3451 /* Leave 5 bytes for a potential CoD field */
3452 if (sizeof(*ev) + eir_len + 5 > sizeof(buf))
7d262f86
AG		 3453 return -EINVAL;
3454
1dc06093
JH		 3455 memset(buf, 0, sizeof(buf));
3456
e319d2e7
JH		 3457 bacpy(&ev->addr.bdaddr, bdaddr);
3458 ev->addr.type = link_to_mgmt(link_type, addr_type);
3459 ev->rssi = rssi;
9a395a80
JH		 3460 if (cfm_name)
3461 ev->flags[0] |= MGMT_DEV_FOUND_CONFIRM_NAME;
388fc8fa
JH		 3462 if (!ssp)
3463 ev->flags[0] |= MGMT_DEV_FOUND_LEGACY_PAIRING;
e17acd40 3464
1dc06093 3465 if (eir_len > 0)
e319d2e7 3466 memcpy(ev->eir, eir, eir_len);
e17acd40 3467
1dc06093
JH		 3468 if (dev_class && !eir_has_data_type(ev->eir, eir_len, EIR_CLASS_OF_DEV))
3469 eir_len = eir_append_data(ev->eir, eir_len, EIR_CLASS_OF_DEV,
04124681 3470 dev_class, 3);
1dc06093
JH		 3471
3472 put_unaligned_le16(eir_len, &ev->eir_len);
3473
3474 ev_size = sizeof(*ev) + eir_len;
f8523598 3475
e319d2e7 3476 return mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, ev_size, NULL);
e17acd40 3477}
a88a9652 3478
b644ba33 3479int mgmt_remote_name(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
04124681 3480 u8 addr_type, s8 rssi, u8 *name, u8 name_len)
a88a9652 3481{
b644ba33
JH		 3482 struct mgmt_ev_device_found *ev;
3483 char buf[sizeof(*ev) + HCI_MAX_NAME_LENGTH + 2];
3484 u16 eir_len;
a88a9652 3485
b644ba33 3486 ev = (struct mgmt_ev_device_found *) buf;
a88a9652 3487
b644ba33
JH		 3488 memset(buf, 0, sizeof(buf));
3489
3490 bacpy(&ev->addr.bdaddr, bdaddr);
3491 ev->addr.type = link_to_mgmt(link_type, addr_type);
3492 ev->rssi = rssi;
3493
3494 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE, name,
04124681 3495 name_len);
b644ba33
JH		 3496
3497 put_unaligned_le16(eir_len, &ev->eir_len);
a88a9652 3498
053c7e0c 3499 return mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev,
04124681 3500 sizeof(*ev) + eir_len, NULL);
a88a9652 3501}
314b2381 3502
7a135109 3503int mgmt_start_discovery_failed(struct hci_dev *hdev, u8 status)
164a6e78
JH		 3504{
3505 struct pending_cmd *cmd;
f808e166 3506 u8 type;
164a6e78
JH		 3507 int err;
3508
203159d4
AG		 3509 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
3510
2e58ef3e 3511 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
164a6e78
JH		 3512 if (!cmd)
3513 return -ENOENT;
3514
f808e166
JH		 3515 type = hdev->discovery.type;
3516
3517 err = cmd_complete(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status),
04124681 3518 &type, sizeof(type));
164a6e78
JH		 3519 mgmt_pending_remove(cmd);
3520
3521 return err;
3522}
3523
e6d465cb
AG		 3524int mgmt_stop_discovery_failed(struct hci_dev *hdev, u8 status)
3525{
3526 struct pending_cmd *cmd;
3527 int err;
3528
3529 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
3530 if (!cmd)
3531 return -ENOENT;
3532
d930650b 3533 err = cmd_complete(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status),
04124681 3534 &hdev->discovery.type, sizeof(hdev->discovery.type));
164a6e78
JH		 3535 mgmt_pending_remove(cmd);
3536
3537 return err;
3538}
3539
744cf19e 3540int mgmt_discovering(struct hci_dev *hdev, u8 discovering)
314b2381 3541{
f963e8e9 3542 struct mgmt_ev_discovering ev;
164a6e78
JH		 3543 struct pending_cmd *cmd;
3544
343fb145
AG		 3545 BT_DBG("%s discovering %u", hdev->name, discovering);
3546
164a6e78 3547 if (discovering)
2e58ef3e 3548 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
164a6e78 3549 else
2e58ef3e 3550 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
164a6e78
JH		 3551
3552 if (cmd != NULL) {
f808e166
JH		 3553 u8 type = hdev->discovery.type;
3554
04124681
GP		 3555 cmd_complete(cmd->sk, hdev->id, cmd->opcode, 0, &type,
3556 sizeof(type));
164a6e78
JH		 3557 mgmt_pending_remove(cmd);
3558 }
3559
f963e8e9
JH		 3560 memset(&ev, 0, sizeof(ev));
3561 ev.type = hdev->discovery.type;
3562 ev.discovering = discovering;
3563
3564 return mgmt_event(MGMT_EV_DISCOVERING, hdev, &ev, sizeof(ev), NULL);
314b2381 3565}
5e762444 3566
88c1fe4b 3567int mgmt_device_blocked(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
5e762444
AJ		 3568{
3569 struct pending_cmd *cmd;
3570 struct mgmt_ev_device_blocked ev;
3571
2e58ef3e 3572 cmd = mgmt_pending_find(MGMT_OP_BLOCK_DEVICE, hdev);
5e762444 3573
88c1fe4b
JH		 3574 bacpy(&ev.addr.bdaddr, bdaddr);
3575 ev.addr.type = type;
5e762444 3576
744cf19e 3577 return mgmt_event(MGMT_EV_DEVICE_BLOCKED, hdev, &ev, sizeof(ev),
04124681 3578 cmd ? cmd->sk : NULL);
5e762444
AJ		 3579}
3580
88c1fe4b 3581int mgmt_device_unblocked(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
5e762444
AJ		 3582{
3583 struct pending_cmd *cmd;
3584 struct mgmt_ev_device_unblocked ev;
3585
2e58ef3e 3586 cmd = mgmt_pending_find(MGMT_OP_UNBLOCK_DEVICE, hdev);
5e762444 3587
88c1fe4b
JH		 3588 bacpy(&ev.addr.bdaddr, bdaddr);
3589 ev.addr.type = type;
5e762444 3590
744cf19e 3591 return mgmt_event(MGMT_EV_DEVICE_UNBLOCKED, hdev, &ev, sizeof(ev),
04124681 3592 cmd ? cmd->sk : NULL);
5e762444 3593}
d7b7e796
MH		 3594
3595module_param(enable_hs, bool, 0644);
3596MODULE_PARM_DESC(enable_hs, "Enable High Speed support");
3597
3598module_param(enable_le, bool, 0644);
3599MODULE_PARM_DESC(enable_le, "Enable Low Energy support");
kernel source for telekom puls (alcatel/mediatek)