projects / linux-2.6-block.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
genetlink: remove genl_unregister_mc_group()
[linux-2.6-block.git] / net / bluetooth / mgmt.c
CommitLineData
0381101f
JH		 1/*
2 BlueZ - Bluetooth protocol stack for Linux
ea585ab5 3
0381101f 4 Copyright (C) 2010 Nokia Corporation
ea585ab5 5 Copyright (C) 2011-2012 Intel Corporation
0381101f
JH		 6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
10
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
23*/
24
25/* Bluetooth HCI Management interface */
26
3a9a231d 27#include <linux/module.h>
0381101f
JH		 28#include <asm/unaligned.h>
29
30#include <net/bluetooth/bluetooth.h>
31#include <net/bluetooth/hci_core.h>
32#include <net/bluetooth/mgmt.h>
ac4b7236
MH		 33
34#include "smp.h"
0381101f 35
2da9c55c 36#define MGMT_VERSION 1
9ab8cf37 37#define MGMT_REVISION 4
02d98129 38
e70bb2e8
JH		 39static const u16 mgmt_commands[] = {
40 MGMT_OP_READ_INDEX_LIST,
41 MGMT_OP_READ_INFO,
42 MGMT_OP_SET_POWERED,
43 MGMT_OP_SET_DISCOVERABLE,
44 MGMT_OP_SET_CONNECTABLE,
45 MGMT_OP_SET_FAST_CONNECTABLE,
46 MGMT_OP_SET_PAIRABLE,
47 MGMT_OP_SET_LINK_SECURITY,
48 MGMT_OP_SET_SSP,
49 MGMT_OP_SET_HS,
50 MGMT_OP_SET_LE,
51 MGMT_OP_SET_DEV_CLASS,
52 MGMT_OP_SET_LOCAL_NAME,
53 MGMT_OP_ADD_UUID,
54 MGMT_OP_REMOVE_UUID,
55 MGMT_OP_LOAD_LINK_KEYS,
56 MGMT_OP_LOAD_LONG_TERM_KEYS,
57 MGMT_OP_DISCONNECT,
58 MGMT_OP_GET_CONNECTIONS,
59 MGMT_OP_PIN_CODE_REPLY,
60 MGMT_OP_PIN_CODE_NEG_REPLY,
61 MGMT_OP_SET_IO_CAPABILITY,
62 MGMT_OP_PAIR_DEVICE,
63 MGMT_OP_CANCEL_PAIR_DEVICE,
64 MGMT_OP_UNPAIR_DEVICE,
65 MGMT_OP_USER_CONFIRM_REPLY,
66 MGMT_OP_USER_CONFIRM_NEG_REPLY,
67 MGMT_OP_USER_PASSKEY_REPLY,
68 MGMT_OP_USER_PASSKEY_NEG_REPLY,
69 MGMT_OP_READ_LOCAL_OOB_DATA,
70 MGMT_OP_ADD_REMOTE_OOB_DATA,
71 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
72 MGMT_OP_START_DISCOVERY,
73 MGMT_OP_STOP_DISCOVERY,
74 MGMT_OP_CONFIRM_NAME,
75 MGMT_OP_BLOCK_DEVICE,
76 MGMT_OP_UNBLOCK_DEVICE,
cdbaccca 77 MGMT_OP_SET_DEVICE_ID,
4375f103 78 MGMT_OP_SET_ADVERTISING,
0663ca2a 79 MGMT_OP_SET_BREDR,
d13eafce 80 MGMT_OP_SET_STATIC_ADDRESS,
7f72134e 81 MGMT_OP_SET_SCAN_PARAMS,
e70bb2e8
JH		 82};
83
84static const u16 mgmt_events[] = {
85 MGMT_EV_CONTROLLER_ERROR,
86 MGMT_EV_INDEX_ADDED,
87 MGMT_EV_INDEX_REMOVED,
88 MGMT_EV_NEW_SETTINGS,
89 MGMT_EV_CLASS_OF_DEV_CHANGED,
90 MGMT_EV_LOCAL_NAME_CHANGED,
91 MGMT_EV_NEW_LINK_KEY,
92 MGMT_EV_NEW_LONG_TERM_KEY,
93 MGMT_EV_DEVICE_CONNECTED,
94 MGMT_EV_DEVICE_DISCONNECTED,
95 MGMT_EV_CONNECT_FAILED,
96 MGMT_EV_PIN_CODE_REQUEST,
97 MGMT_EV_USER_CONFIRM_REQUEST,
98 MGMT_EV_USER_PASSKEY_REQUEST,
99 MGMT_EV_AUTH_FAILED,
100 MGMT_EV_DEVICE_FOUND,
101 MGMT_EV_DISCOVERING,
102 MGMT_EV_DEVICE_BLOCKED,
103 MGMT_EV_DEVICE_UNBLOCKED,
104 MGMT_EV_DEVICE_UNPAIRED,
92a25256 105 MGMT_EV_PASSKEY_NOTIFY,
e70bb2e8
JH		 106};
107
17b02e62 108#define CACHE_TIMEOUT msecs_to_jiffies(2 * 1000)
7d78525d 109
4b34ee78
JH		 110#define hdev_is_powered(hdev) (test_bit(HCI_UP, &hdev->flags) && \
111 !test_bit(HCI_AUTO_OFF, &hdev->dev_flags))
112
eec8d2bc
JH		 113struct pending_cmd {
114 struct list_head list;
fc2f4b13 115 u16 opcode;
eec8d2bc 116 int index;
c68fb7ff 117 void *param;
eec8d2bc 118 struct sock *sk;
e9a416b5 119 void *user_data;
eec8d2bc
JH		 120};
121
ca69b795
JH		 122/* HCI to MGMT error code conversion table */
123static u8 mgmt_status_table[] = {
124 MGMT_STATUS_SUCCESS,
125 MGMT_STATUS_UNKNOWN_COMMAND, /* Unknown Command */
126 MGMT_STATUS_NOT_CONNECTED, /* No Connection */
127 MGMT_STATUS_FAILED, /* Hardware Failure */
128 MGMT_STATUS_CONNECT_FAILED, /* Page Timeout */
129 MGMT_STATUS_AUTH_FAILED, /* Authentication Failed */
130 MGMT_STATUS_NOT_PAIRED, /* PIN or Key Missing */
131 MGMT_STATUS_NO_RESOURCES, /* Memory Full */
132 MGMT_STATUS_TIMEOUT, /* Connection Timeout */
133 MGMT_STATUS_NO_RESOURCES, /* Max Number of Connections */
134 MGMT_STATUS_NO_RESOURCES, /* Max Number of SCO Connections */
135 MGMT_STATUS_ALREADY_CONNECTED, /* ACL Connection Exists */
136 MGMT_STATUS_BUSY, /* Command Disallowed */
137 MGMT_STATUS_NO_RESOURCES, /* Rejected Limited Resources */
138 MGMT_STATUS_REJECTED, /* Rejected Security */
139 MGMT_STATUS_REJECTED, /* Rejected Personal */
140 MGMT_STATUS_TIMEOUT, /* Host Timeout */
141 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Feature */
142 MGMT_STATUS_INVALID_PARAMS, /* Invalid Parameters */
143 MGMT_STATUS_DISCONNECTED, /* OE User Ended Connection */
144 MGMT_STATUS_NO_RESOURCES, /* OE Low Resources */
145 MGMT_STATUS_DISCONNECTED, /* OE Power Off */
146 MGMT_STATUS_DISCONNECTED, /* Connection Terminated */
147 MGMT_STATUS_BUSY, /* Repeated Attempts */
148 MGMT_STATUS_REJECTED, /* Pairing Not Allowed */
149 MGMT_STATUS_FAILED, /* Unknown LMP PDU */
150 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Remote Feature */
151 MGMT_STATUS_REJECTED, /* SCO Offset Rejected */
152 MGMT_STATUS_REJECTED, /* SCO Interval Rejected */
153 MGMT_STATUS_REJECTED, /* Air Mode Rejected */
154 MGMT_STATUS_INVALID_PARAMS, /* Invalid LMP Parameters */
155 MGMT_STATUS_FAILED, /* Unspecified Error */
156 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported LMP Parameter Value */
157 MGMT_STATUS_FAILED, /* Role Change Not Allowed */
158 MGMT_STATUS_TIMEOUT, /* LMP Response Timeout */
159 MGMT_STATUS_FAILED, /* LMP Error Transaction Collision */
160 MGMT_STATUS_FAILED, /* LMP PDU Not Allowed */
161 MGMT_STATUS_REJECTED, /* Encryption Mode Not Accepted */
162 MGMT_STATUS_FAILED, /* Unit Link Key Used */
163 MGMT_STATUS_NOT_SUPPORTED, /* QoS Not Supported */
164 MGMT_STATUS_TIMEOUT, /* Instant Passed */
165 MGMT_STATUS_NOT_SUPPORTED, /* Pairing Not Supported */
166 MGMT_STATUS_FAILED, /* Transaction Collision */
167 MGMT_STATUS_INVALID_PARAMS, /* Unacceptable Parameter */
168 MGMT_STATUS_REJECTED, /* QoS Rejected */
169 MGMT_STATUS_NOT_SUPPORTED, /* Classification Not Supported */
170 MGMT_STATUS_REJECTED, /* Insufficient Security */
171 MGMT_STATUS_INVALID_PARAMS, /* Parameter Out Of Range */
172 MGMT_STATUS_BUSY, /* Role Switch Pending */
173 MGMT_STATUS_FAILED, /* Slot Violation */
174 MGMT_STATUS_FAILED, /* Role Switch Failed */
175 MGMT_STATUS_INVALID_PARAMS, /* EIR Too Large */
176 MGMT_STATUS_NOT_SUPPORTED, /* Simple Pairing Not Supported */
177 MGMT_STATUS_BUSY, /* Host Busy Pairing */
178 MGMT_STATUS_REJECTED, /* Rejected, No Suitable Channel */
179 MGMT_STATUS_BUSY, /* Controller Busy */
180 MGMT_STATUS_INVALID_PARAMS, /* Unsuitable Connection Interval */
181 MGMT_STATUS_TIMEOUT, /* Directed Advertising Timeout */
182 MGMT_STATUS_AUTH_FAILED, /* Terminated Due to MIC Failure */
183 MGMT_STATUS_CONNECT_FAILED, /* Connection Establishment Failed */
184 MGMT_STATUS_CONNECT_FAILED, /* MAC Connection Failed */
185};
186
187static u8 mgmt_status(u8 hci_status)
188{
189 if (hci_status < ARRAY_SIZE(mgmt_status_table))
190 return mgmt_status_table[hci_status];
191
192 return MGMT_STATUS_FAILED;
193}
194
4e51eae9 195static int cmd_status(struct sock *sk, u16 index, u16 cmd, u8 status)
f7b64e69
JH		 196{
197 struct sk_buff *skb;
198 struct mgmt_hdr *hdr;
199 struct mgmt_ev_cmd_status *ev;
56b7d137 200 int err;
f7b64e69 201
34eb525c 202 BT_DBG("sock %p, index %u, cmd %u, status %u", sk, index, cmd, status);
f7b64e69 203
790eff44 204 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev), GFP_KERNEL);
f7b64e69
JH		 205 if (!skb)
206 return -ENOMEM;
207
208 hdr = (void *) skb_put(skb, sizeof(*hdr));
209
612dfce9 210 hdr->opcode = __constant_cpu_to_le16(MGMT_EV_CMD_STATUS);
4e51eae9 211 hdr->index = cpu_to_le16(index);
f7b64e69
JH		 212 hdr->len = cpu_to_le16(sizeof(*ev));
213
214 ev = (void *) skb_put(skb, sizeof(*ev));
215 ev->status = status;
eb55ef07 216 ev->opcode = cpu_to_le16(cmd);
f7b64e69 217
56b7d137
GP		 218 err = sock_queue_rcv_skb(sk, skb);
219 if (err < 0)
f7b64e69
JH		 220 kfree_skb(skb);
221
56b7d137 222 return err;
f7b64e69
JH		 223}
224
aee9b218 225static int cmd_complete(struct sock *sk, u16 index, u16 cmd, u8 status,
04124681 226 void *rp, size_t rp_len)
02d98129
JH		 227{
228 struct sk_buff *skb;
229 struct mgmt_hdr *hdr;
230 struct mgmt_ev_cmd_complete *ev;
56b7d137 231 int err;
02d98129
JH		 232
233 BT_DBG("sock %p", sk);
234
790eff44 235 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev) + rp_len, GFP_KERNEL);
02d98129
JH		 236 if (!skb)
237 return -ENOMEM;
238
239 hdr = (void *) skb_put(skb, sizeof(*hdr));
02d98129 240
612dfce9 241 hdr->opcode = __constant_cpu_to_le16(MGMT_EV_CMD_COMPLETE);
4e51eae9 242 hdr->index = cpu_to_le16(index);
a38528f1 243 hdr->len = cpu_to_le16(sizeof(*ev) + rp_len);
02d98129 244
a38528f1 245 ev = (void *) skb_put(skb, sizeof(*ev) + rp_len);
eb55ef07 246 ev->opcode = cpu_to_le16(cmd);
aee9b218 247 ev->status = status;
8020c16a
SJ		 248
249 if (rp)
250 memcpy(ev->data, rp, rp_len);
02d98129 251
56b7d137
GP		 252 err = sock_queue_rcv_skb(sk, skb);
253 if (err < 0)
02d98129
JH		 254 kfree_skb(skb);
255
e5f0e151 256 return err;
02d98129
JH		 257}
258
04124681
GP		 259static int read_version(struct sock *sk, struct hci_dev *hdev, void *data,
260 u16 data_len)
a38528f1
JH		 261{
262 struct mgmt_rp_read_version rp;
263
264 BT_DBG("sock %p", sk);
265
266 rp.version = MGMT_VERSION;
eb55ef07 267 rp.revision = __constant_cpu_to_le16(MGMT_REVISION);
a38528f1 268
aee9b218 269 return cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_VERSION, 0, &rp,
04124681 270 sizeof(rp));
a38528f1
JH		 271}
272
04124681
GP		 273static int read_commands(struct sock *sk, struct hci_dev *hdev, void *data,
274 u16 data_len)
e70bb2e8
JH		 275{
276 struct mgmt_rp_read_commands *rp;
eb55ef07
MH		 277 const u16 num_commands = ARRAY_SIZE(mgmt_commands);
278 const u16 num_events = ARRAY_SIZE(mgmt_events);
2e3c35ea 279 __le16 *opcode;
e70bb2e8
JH		 280 size_t rp_size;
281 int i, err;
282
283 BT_DBG("sock %p", sk);
284
285 rp_size = sizeof(*rp) + ((num_commands + num_events) * sizeof(u16));
286
287 rp = kmalloc(rp_size, GFP_KERNEL);
288 if (!rp)
289 return -ENOMEM;
290
eb55ef07
MH		 291 rp->num_commands = __constant_cpu_to_le16(num_commands);
292 rp->num_events = __constant_cpu_to_le16(num_events);
e70bb2e8
JH		 293
294 for (i = 0, opcode = rp->opcodes; i < num_commands; i++, opcode++)
295 put_unaligned_le16(mgmt_commands[i], opcode);
296
297 for (i = 0; i < num_events; i++, opcode++)
298 put_unaligned_le16(mgmt_events[i], opcode);
299
aee9b218 300 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_COMMANDS, 0, rp,
04124681 301 rp_size);
e70bb2e8
JH		 302 kfree(rp);
303
304 return err;
305}
306
04124681
GP		 307static int read_index_list(struct sock *sk, struct hci_dev *hdev, void *data,
308 u16 data_len)
faba42eb 309{
faba42eb 310 struct mgmt_rp_read_index_list *rp;
8035ded4 311 struct hci_dev *d;
a38528f1 312 size_t rp_len;
faba42eb 313 u16 count;
476e44cb 314 int err;
faba42eb
JH		 315
316 BT_DBG("sock %p", sk);
317
318 read_lock(&hci_dev_list_lock);
319
320 count = 0;
bb4b2a9a 321 list_for_each_entry(d, &hci_dev_list, list) {
1514b892
MH		 322 if (d->dev_type == HCI_BREDR)
323 count++;
faba42eb
JH		 324 }
325
a38528f1
JH		 326 rp_len = sizeof(*rp) + (2 * count);
327 rp = kmalloc(rp_len, GFP_ATOMIC);
328 if (!rp) {
b2c60d42 329 read_unlock(&hci_dev_list_lock);
faba42eb 330 return -ENOMEM;
b2c60d42 331 }
faba42eb 332
476e44cb 333 count = 0;
8035ded4 334 list_for_each_entry(d, &hci_dev_list, list) {
a8b2d5c2 335 if (test_bit(HCI_SETUP, &d->dev_flags))
ab81cbf9
JH		 336 continue;
337
0736cfa8
MH		 338 if (test_bit(HCI_USER_CHANNEL, &d->dev_flags))
339 continue;
340
1514b892
MH		 341 if (d->dev_type == HCI_BREDR) {
342 rp->index[count++] = cpu_to_le16(d->id);
343 BT_DBG("Added hci%u", d->id);
344 }
faba42eb
JH		 345 }
346
476e44cb
JH		 347 rp->num_controllers = cpu_to_le16(count);
348 rp_len = sizeof(*rp) + (2 * count);
349
faba42eb
JH		 350 read_unlock(&hci_dev_list_lock);
351
aee9b218 352 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_INDEX_LIST, 0, rp,
04124681 353 rp_len);
faba42eb 354
a38528f1
JH		 355 kfree(rp);
356
357 return err;
faba42eb
JH		 358}
359
69ab39ea
JH		 360static u32 get_supported_settings(struct hci_dev *hdev)
361{
362 u32 settings = 0;
363
364 settings |= MGMT_SETTING_POWERED;
69ab39ea
JH		 365 settings |= MGMT_SETTING_PAIRABLE;
366
ed3fa31f 367 if (lmp_bredr_capable(hdev)) {
33c525c0 368 settings |= MGMT_SETTING_CONNECTABLE;
1a47aee8
JH		 369 if (hdev->hci_ver >= BLUETOOTH_VER_1_2)
370 settings |= MGMT_SETTING_FAST_CONNECTABLE;
33c525c0 371 settings |= MGMT_SETTING_DISCOVERABLE;
69ab39ea
JH		 372 settings |= MGMT_SETTING_BREDR;
373 settings |= MGMT_SETTING_LINK_SECURITY;
a82974c9
MH		 374
375 if (lmp_ssp_capable(hdev)) {
376 settings |= MGMT_SETTING_SSP;
377 settings |= MGMT_SETTING_HS;
378 }
848566b3 379 }
d7b7e796 380
eeca6f89 381 if (lmp_le_capable(hdev)) {
9d42820f 382 settings |= MGMT_SETTING_LE;
eeca6f89
JH		 383 settings |= MGMT_SETTING_ADVERTISING;
384 }
69ab39ea
JH		 385
386 return settings;
387}
388
389static u32 get_current_settings(struct hci_dev *hdev)
390{
391 u32 settings = 0;
392
f1f0eb02 393 if (hdev_is_powered(hdev))
f0d4b78a
MH		 394 settings |= MGMT_SETTING_POWERED;
395
5e5282bb 396 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
69ab39ea
JH		 397 settings |= MGMT_SETTING_CONNECTABLE;
398
1a4d3c4b
JH		 399 if (test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags))
400 settings |= MGMT_SETTING_FAST_CONNECTABLE;
401
5e5282bb 402 if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
69ab39ea
JH		 403 settings |= MGMT_SETTING_DISCOVERABLE;
404
a8b2d5c2 405 if (test_bit(HCI_PAIRABLE, &hdev->dev_flags))
69ab39ea
JH		 406 settings |= MGMT_SETTING_PAIRABLE;
407
56f87901 408 if (test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
69ab39ea
JH		 409 settings |= MGMT_SETTING_BREDR;
410
06199cf8 411 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
69ab39ea
JH		 412 settings |= MGMT_SETTING_LE;
413
47990ea0 414 if (test_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
69ab39ea
JH		 415 settings |= MGMT_SETTING_LINK_SECURITY;
416
84bde9d6 417 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
69ab39ea
JH		 418 settings |= MGMT_SETTING_SSP;
419
6d80dfd0
JH		 420 if (test_bit(HCI_HS_ENABLED, &hdev->dev_flags))
421 settings |= MGMT_SETTING_HS;
422
f3d3444a 423 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags))
eeca6f89
JH		 424 settings |= MGMT_SETTING_ADVERTISING;
425
69ab39ea
JH		 426 return settings;
427}
428
ef580372
JH		 429#define PNP_INFO_SVCLASS_ID 0x1200
430
213202ed
JH		 431static u8 *create_uuid16_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
432{
433 u8 *ptr = data, *uuids_start = NULL;
434 struct bt_uuid *uuid;
435
436 if (len < 4)
437 return ptr;
438
439 list_for_each_entry(uuid, &hdev->uuids, list) {
440 u16 uuid16;
441
442 if (uuid->size != 16)
443 continue;
444
445 uuid16 = get_unaligned_le16(&uuid->uuid[12]);
446 if (uuid16 < 0x1100)
447 continue;
448
449 if (uuid16 == PNP_INFO_SVCLASS_ID)
450 continue;
451
452 if (!uuids_start) {
453 uuids_start = ptr;
454 uuids_start[0] = 1;
455 uuids_start[1] = EIR_UUID16_ALL;
456 ptr += 2;
457 }
458
459 /* Stop if not enough space to put next UUID */
460 if ((ptr - data) + sizeof(u16) > len) {
461 uuids_start[1] = EIR_UUID16_SOME;
462 break;
463 }
464
465 *ptr++ = (uuid16 & 0x00ff);
466 *ptr++ = (uuid16 & 0xff00) >> 8;
467 uuids_start[0] += sizeof(uuid16);
468 }
469
470 return ptr;
471}
472
cdf1963f
JH		 473static u8 *create_uuid32_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
474{
475 u8 *ptr = data, *uuids_start = NULL;
476 struct bt_uuid *uuid;
477
478 if (len < 6)
479 return ptr;
480
481 list_for_each_entry(uuid, &hdev->uuids, list) {
482 if (uuid->size != 32)
483 continue;
484
485 if (!uuids_start) {
486 uuids_start = ptr;
487 uuids_start[0] = 1;
488 uuids_start[1] = EIR_UUID32_ALL;
489 ptr += 2;
490 }
491
492 /* Stop if not enough space to put next UUID */
493 if ((ptr - data) + sizeof(u32) > len) {
494 uuids_start[1] = EIR_UUID32_SOME;
495 break;
496 }
497
498 memcpy(ptr, &uuid->uuid[12], sizeof(u32));
499 ptr += sizeof(u32);
500 uuids_start[0] += sizeof(u32);
501 }
502
503 return ptr;
504}
505
c00d575b
JH		 506static u8 *create_uuid128_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
507{
508 u8 *ptr = data, *uuids_start = NULL;
509 struct bt_uuid *uuid;
510
511 if (len < 18)
512 return ptr;
513
514 list_for_each_entry(uuid, &hdev->uuids, list) {
515 if (uuid->size != 128)
516 continue;
517
518 if (!uuids_start) {
519 uuids_start = ptr;
520 uuids_start[0] = 1;
521 uuids_start[1] = EIR_UUID128_ALL;
522 ptr += 2;
523 }
524
525 /* Stop if not enough space to put next UUID */
526 if ((ptr - data) + 16 > len) {
527 uuids_start[1] = EIR_UUID128_SOME;
528 break;
529 }
530
531 memcpy(ptr, uuid->uuid, 16);
532 ptr += 16;
533 uuids_start[0] += 16;
534 }
535
536 return ptr;
537}
538
eb2a8d20
JH		 539static struct pending_cmd *mgmt_pending_find(u16 opcode, struct hci_dev *hdev)
540{
541 struct pending_cmd *cmd;
542
543 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
544 if (cmd->opcode == opcode)
545 return cmd;
546 }
547
548 return NULL;
549}
550
f14d8f64
MH		 551static u8 create_scan_rsp_data(struct hci_dev *hdev, u8 *ptr)
552{
7a5f4990
MH		 553 u8 ad_len = 0;
554 size_t name_len;
555
556 name_len = strlen(hdev->dev_name);
557 if (name_len > 0) {
558 size_t max_len = HCI_MAX_AD_LENGTH - ad_len - 2;
559
560 if (name_len > max_len) {
561 name_len = max_len;
562 ptr[1] = EIR_NAME_SHORT;
563 } else
564 ptr[1] = EIR_NAME_COMPLETE;
565
566 ptr[0] = name_len + 1;
567
568 memcpy(ptr + 2, hdev->dev_name, name_len);
569
570 ad_len += (name_len + 2);
571 ptr += (name_len + 2);
572 }
573
574 return ad_len;
f14d8f64
MH		 575}
576
577static void update_scan_rsp_data(struct hci_request *req)
578{
579 struct hci_dev *hdev = req->hdev;
580 struct hci_cp_le_set_scan_rsp_data cp;
581 u8 len;
582
7751ef1b 583 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
f14d8f64
MH		 584 return;
585
586 memset(&cp, 0, sizeof(cp));
587
588 len = create_scan_rsp_data(hdev, cp.data);
589
eb438b5f
JH		 590 if (hdev->scan_rsp_data_len == len &&
591 memcmp(cp.data, hdev->scan_rsp_data, len) == 0)
f14d8f64
MH		 592 return;
593
eb438b5f
JH		 594 memcpy(hdev->scan_rsp_data, cp.data, sizeof(cp.data));
595 hdev->scan_rsp_data_len = len;
f14d8f64
MH		 596
597 cp.length = len;
598
599 hci_req_add(req, HCI_OP_LE_SET_SCAN_RSP_DATA, sizeof(cp), &cp);
600}
601
9a43e25f
JH		 602static u8 get_adv_discov_flags(struct hci_dev *hdev)
603{
604 struct pending_cmd *cmd;
605
606 /* If there's a pending mgmt command the flags will not yet have
607 * their final values, so check for this first.
608 */
609 cmd = mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev);
610 if (cmd) {
611 struct mgmt_mode *cp = cmd->param;
612 if (cp->val == 0x01)
613 return LE_AD_GENERAL;
614 else if (cp->val == 0x02)
615 return LE_AD_LIMITED;
616 } else {
617 if (test_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags))
618 return LE_AD_LIMITED;
619 else if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
620 return LE_AD_GENERAL;
621 }
622
623 return 0;
624}
625
46cad2ed 626static u8 create_adv_data(struct hci_dev *hdev, u8 *ptr)
441ad2d0
MH		 627{
628 u8 ad_len = 0, flags = 0;
441ad2d0 629
9a43e25f 630 flags |= get_adv_discov_flags(hdev);
441ad2d0
MH		 631
632 if (test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
633 if (lmp_le_br_capable(hdev))
634 flags |= LE_AD_SIM_LE_BREDR_CTRL;
635 if (lmp_host_le_br_capable(hdev))
636 flags |= LE_AD_SIM_LE_BREDR_HOST;
637 } else {
638 flags |= LE_AD_NO_BREDR;
639 }
640
641 if (flags) {
642 BT_DBG("adv flags 0x%02x", flags);
643
644 ptr[0] = 2;
645 ptr[1] = EIR_FLAGS;
646 ptr[2] = flags;
647
648 ad_len += 3;
649 ptr += 3;
650 }
651
652 if (hdev->adv_tx_power != HCI_TX_POWER_INVALID) {
653 ptr[0] = 2;
654 ptr[1] = EIR_TX_POWER;
655 ptr[2] = (u8) hdev->adv_tx_power;
656
657 ad_len += 3;
658 ptr += 3;
659 }
660
441ad2d0
MH		 661 return ad_len;
662}
663
5947f4bc 664static void update_adv_data(struct hci_request *req)
441ad2d0
MH		 665{
666 struct hci_dev *hdev = req->hdev;
667 struct hci_cp_le_set_adv_data cp;
668 u8 len;
669
10994ce6 670 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
441ad2d0
MH		 671 return;
672
673 memset(&cp, 0, sizeof(cp));
674
46cad2ed 675 len = create_adv_data(hdev, cp.data);
441ad2d0
MH		 676
677 if (hdev->adv_data_len == len &&
678 memcmp(cp.data, hdev->adv_data, len) == 0)
679 return;
680
681 memcpy(hdev->adv_data, cp.data, sizeof(cp.data));
682 hdev->adv_data_len = len;
683
684 cp.length = len;
685
686 hci_req_add(req, HCI_OP_LE_SET_ADV_DATA, sizeof(cp), &cp);
687}
688
ef580372
JH		 689static void create_eir(struct hci_dev *hdev, u8 *data)
690{
691 u8 *ptr = data;
ef580372
JH		 692 size_t name_len;
693
694 name_len = strlen(hdev->dev_name);
695
696 if (name_len > 0) {
697 /* EIR Data type */
698 if (name_len > 48) {
699 name_len = 48;
700 ptr[1] = EIR_NAME_SHORT;
701 } else
702 ptr[1] = EIR_NAME_COMPLETE;
703
704 /* EIR Data length */
705 ptr[0] = name_len + 1;
706
707 memcpy(ptr + 2, hdev->dev_name, name_len);
708
ef580372
JH		 709 ptr += (name_len + 2);
710 }
711
bbaf444a 712 if (hdev->inq_tx_power != HCI_TX_POWER_INVALID) {
91c4e9b1
MH		 713 ptr[0] = 2;
714 ptr[1] = EIR_TX_POWER;
715 ptr[2] = (u8) hdev->inq_tx_power;
716
91c4e9b1
MH		 717 ptr += 3;
718 }
719
2b9be137
MH		 720 if (hdev->devid_source > 0) {
721 ptr[0] = 9;
722 ptr[1] = EIR_DEVICE_ID;
723
724 put_unaligned_le16(hdev->devid_source, ptr + 2);
725 put_unaligned_le16(hdev->devid_vendor, ptr + 4);
726 put_unaligned_le16(hdev->devid_product, ptr + 6);
727 put_unaligned_le16(hdev->devid_version, ptr + 8);
728
2b9be137
MH		 729 ptr += 10;
730 }
731
213202ed 732 ptr = create_uuid16_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
cdf1963f 733 ptr = create_uuid32_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
c00d575b 734 ptr = create_uuid128_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
ef580372
JH		 735}
736
890ea898 737static void update_eir(struct hci_request *req)
ef580372 738{
890ea898 739 struct hci_dev *hdev = req->hdev;
ef580372
JH		 740 struct hci_cp_write_eir cp;
741
504c8dcd 742 if (!hdev_is_powered(hdev))
890ea898 743 return;
7770c4aa 744
976eb20e 745 if (!lmp_ext_inq_capable(hdev))
890ea898 746 return;
ef580372 747
84bde9d6 748 if (!test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
890ea898 749 return;
ef580372 750
a8b2d5c2 751 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
890ea898 752 return;
ef580372
JH		 753
754 memset(&cp, 0, sizeof(cp));
755
756 create_eir(hdev, cp.data);
757
758 if (memcmp(cp.data, hdev->eir, sizeof(cp.data)) == 0)
890ea898 759 return;
ef580372
JH		 760
761 memcpy(hdev->eir, cp.data, sizeof(cp.data));
762
890ea898 763 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
ef580372
JH		 764}
765
766static u8 get_service_classes(struct hci_dev *hdev)
767{
768 struct bt_uuid *uuid;
769 u8 val = 0;
770
771 list_for_each_entry(uuid, &hdev->uuids, list)
772 val |= uuid->svc_hint;
773
774 return val;
775}
776
890ea898 777static void update_class(struct hci_request *req)
ef580372 778{
890ea898 779 struct hci_dev *hdev = req->hdev;
ef580372
JH		 780 u8 cod[3];
781
782 BT_DBG("%s", hdev->name);
783
504c8dcd 784 if (!hdev_is_powered(hdev))
890ea898 785 return;
7770c4aa 786
f87ea1da
JH		 787 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
788 return;
789
a8b2d5c2 790 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
890ea898 791 return;
ef580372
JH		 792
793 cod[0] = hdev->minor_class;
794 cod[1] = hdev->major_class;
795 cod[2] = get_service_classes(hdev);
796
6acd7db4
MH		 797 if (test_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags))
798 cod[1] |= 0x20;
799
ef580372 800 if (memcmp(cod, hdev->dev_class, 3) == 0)
890ea898 801 return;
ef580372 802
890ea898 803 hci_req_add(req, HCI_OP_WRITE_CLASS_OF_DEV, sizeof(cod), cod);
ef580372
JH		 804}
805
7d78525d
JH		 806static void service_cache_off(struct work_struct *work)
807{
808 struct hci_dev *hdev = container_of(work, struct hci_dev,
04124681 809 service_cache.work);
890ea898 810 struct hci_request req;
7d78525d 811
a8b2d5c2 812 if (!test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
7d78525d
JH		 813 return;
814
890ea898
JH		 815 hci_req_init(&req, hdev);
816
7d78525d
JH		 817 hci_dev_lock(hdev);
818
890ea898
JH		 819 update_eir(&req);
820 update_class(&req);
7d78525d
JH		 821
822 hci_dev_unlock(hdev);
890ea898
JH		 823
824 hci_req_run(&req, NULL);
7d78525d
JH		 825}
826
6a919082 827static void mgmt_init_hdev(struct sock *sk, struct hci_dev *hdev)
7d78525d 828{
4f87da80 829 if (test_and_set_bit(HCI_MGMT, &hdev->dev_flags))
6a919082
JH		 830 return;
831
4f87da80 832 INIT_DELAYED_WORK(&hdev->service_cache, service_cache_off);
7d78525d 833
4f87da80
JH		 834 /* Non-mgmt controlled devices get this bit set
835 * implicitly so that pairing works for them, however
836 * for mgmt we require user-space to explicitly enable
837 * it
838 */
839 clear_bit(HCI_PAIRABLE, &hdev->dev_flags);
7d78525d
JH		 840}
841
0f4e68cf 842static int read_controller_info(struct sock *sk, struct hci_dev *hdev,
04124681 843 void *data, u16 data_len)
0381101f 844{
a38528f1 845 struct mgmt_rp_read_info rp;
f7b64e69 846
bdb6d971 847 BT_DBG("sock %p %s", sk, hdev->name);
f7b64e69 848
09fd0de5 849 hci_dev_lock(hdev);
f7b64e69 850
dc4fe30b
JH		 851 memset(&rp, 0, sizeof(rp));
852
69ab39ea 853 bacpy(&rp.bdaddr, &hdev->bdaddr);
f7b64e69 854
69ab39ea 855 rp.version = hdev->hci_ver;
eb55ef07 856 rp.manufacturer = cpu_to_le16(hdev->manufacturer);
69ab39ea
JH		 857
858 rp.supported_settings = cpu_to_le32(get_supported_settings(hdev));
859 rp.current_settings = cpu_to_le32(get_current_settings(hdev));
f7b64e69 860
a38528f1 861 memcpy(rp.dev_class, hdev->dev_class, 3);
f7b64e69 862
dc4fe30b 863 memcpy(rp.name, hdev->dev_name, sizeof(hdev->dev_name));
27fcc362 864 memcpy(rp.short_name, hdev->short_name, sizeof(hdev->short_name));
dc4fe30b 865
09fd0de5 866 hci_dev_unlock(hdev);
0381101f 867
bdb6d971 868 return cmd_complete(sk, hdev->id, MGMT_OP_READ_INFO, 0, &rp,
04124681 869 sizeof(rp));
0381101f
JH		 870}
871
eec8d2bc
JH		 872static void mgmt_pending_free(struct pending_cmd *cmd)
873{
874 sock_put(cmd->sk);
c68fb7ff 875 kfree(cmd->param);
eec8d2bc
JH		 876 kfree(cmd);
877}
878
366a0336 879static struct pending_cmd *mgmt_pending_add(struct sock *sk, u16 opcode,
04124681
GP		 880 struct hci_dev *hdev, void *data,
881 u16 len)
eec8d2bc
JH		 882{
883 struct pending_cmd *cmd;
884
12b94565 885 cmd = kmalloc(sizeof(*cmd), GFP_KERNEL);
eec8d2bc 886 if (!cmd)
366a0336 887 return NULL;
eec8d2bc
JH		 888
889 cmd->opcode = opcode;
2e58ef3e 890 cmd->index = hdev->id;
eec8d2bc 891
12b94565 892 cmd->param = kmalloc(len, GFP_KERNEL);
c68fb7ff 893 if (!cmd->param) {
eec8d2bc 894 kfree(cmd);
366a0336 895 return NULL;
eec8d2bc
JH		 896 }
897
8fce6357
SJ		 898 if (data)
899 memcpy(cmd->param, data, len);
eec8d2bc
JH		 900
901 cmd->sk = sk;
902 sock_hold(sk);
903
2e58ef3e 904 list_add(&cmd->list, &hdev->mgmt_pending);
eec8d2bc 905
366a0336 906 return cmd;
eec8d2bc
JH		 907}
908
744cf19e 909static void mgmt_pending_foreach(u16 opcode, struct hci_dev *hdev,
8fc9ced3
GP		 910 void (*cb)(struct pending_cmd *cmd,
911 void *data),
04124681 912 void *data)
eec8d2bc 913{
a3d09356 914 struct pending_cmd *cmd, *tmp;
eec8d2bc 915
a3d09356 916 list_for_each_entry_safe(cmd, tmp, &hdev->mgmt_pending, list) {
b24752fe 917 if (opcode > 0 && cmd->opcode != opcode)
eec8d2bc
JH		 918 continue;
919
eec8d2bc
JH		 920 cb(cmd, data);
921 }
922}
923
a664b5bc 924static void mgmt_pending_remove(struct pending_cmd *cmd)
73f22f62 925{
73f22f62
JH		 926 list_del(&cmd->list);
927 mgmt_pending_free(cmd);
928}
929
69ab39ea 930static int send_settings_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
8680570b 931{
69ab39ea 932 __le32 settings = cpu_to_le32(get_current_settings(hdev));
8680570b 933
aee9b218 934 return cmd_complete(sk, hdev->id, opcode, 0, &settings,
04124681 935 sizeof(settings));
8680570b
JH		 936}
937
bdb6d971 938static int set_powered(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 939 u16 len)
eec8d2bc 940{
650f726d 941 struct mgmt_mode *cp = data;
366a0336 942 struct pending_cmd *cmd;
4b34ee78 943 int err;
eec8d2bc 944
bdb6d971 945 BT_DBG("request for %s", hdev->name);
eec8d2bc 946
a7e80f25
JH		 947 if (cp->val != 0x00 && cp->val != 0x01)
948 return cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
949 MGMT_STATUS_INVALID_PARAMS);
950
09fd0de5 951 hci_dev_lock(hdev);
eec8d2bc 952
87b95ba6
JH		 953 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev)) {
954 err = cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
955 MGMT_STATUS_BUSY);
956 goto failed;
957 }
958
f0d4b78a
MH		 959 if (test_and_clear_bit(HCI_AUTO_OFF, &hdev->dev_flags)) {
960 cancel_delayed_work(&hdev->power_off);
961
962 if (cp->val) {
a1d70450
JH		 963 mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev,
964 data, len);
965 err = mgmt_powered(hdev, 1);
f0d4b78a
MH		 966 goto failed;
967 }
968 }
969
4b34ee78 970 if (!!cp->val == hdev_is_powered(hdev)) {
69ab39ea 971 err = send_settings_rsp(sk, MGMT_OP_SET_POWERED, hdev);
eec8d2bc
JH		 972 goto failed;
973 }
974
2e58ef3e 975 cmd = mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev, data, len);
366a0336
JH		 976 if (!cmd) {
977 err = -ENOMEM;
eec8d2bc 978 goto failed;
366a0336 979 }
eec8d2bc 980
72a734ec 981 if (cp->val)
19202573 982 queue_work(hdev->req_workqueue, &hdev->power_on);
eec8d2bc 983 else
19202573 984 queue_work(hdev->req_workqueue, &hdev->power_off.work);
eec8d2bc 985
366a0336 986 err = 0;
eec8d2bc
JH		 987
988failed:
09fd0de5 989 hci_dev_unlock(hdev);
366a0336 990 return err;
eec8d2bc
JH		 991}
992
04124681
GP		 993static int mgmt_event(u16 event, struct hci_dev *hdev, void *data, u16 data_len,
994 struct sock *skip_sk)
beadb2bd
JH		 995{
996 struct sk_buff *skb;
997 struct mgmt_hdr *hdr;
998
790eff44 999 skb = alloc_skb(sizeof(*hdr) + data_len, GFP_KERNEL);
beadb2bd
JH		 1000 if (!skb)
1001 return -ENOMEM;
1002
1003 hdr = (void *) skb_put(skb, sizeof(*hdr));
1004 hdr->opcode = cpu_to_le16(event);
1005 if (hdev)
1006 hdr->index = cpu_to_le16(hdev->id);
1007 else
612dfce9 1008 hdr->index = __constant_cpu_to_le16(MGMT_INDEX_NONE);
beadb2bd
JH		 1009 hdr->len = cpu_to_le16(data_len);
1010
1011 if (data)
1012 memcpy(skb_put(skb, data_len), data, data_len);
1013
97e0bdeb
MH		 1014 /* Time stamp */
1015 __net_timestamp(skb);
1016
beadb2bd
JH		 1017 hci_send_to_control(skb, skip_sk);
1018 kfree_skb(skb);
1019
1020 return 0;
1021}
1022
1023static int new_settings(struct hci_dev *hdev, struct sock *skip)
1024{
1025 __le32 ev;
1026
1027 ev = cpu_to_le32(get_current_settings(hdev));
1028
1029 return mgmt_event(MGMT_EV_NEW_SETTINGS, hdev, &ev, sizeof(ev), skip);
1030}
1031
bd99abdd
JH		 1032struct cmd_lookup {
1033 struct sock *sk;
1034 struct hci_dev *hdev;
1035 u8 mgmt_status;
1036};
1037
1038static void settings_rsp(struct pending_cmd *cmd, void *data)
1039{
1040 struct cmd_lookup *match = data;
1041
1042 send_settings_rsp(cmd->sk, cmd->opcode, match->hdev);
1043
1044 list_del(&cmd->list);
1045
1046 if (match->sk == NULL) {
1047 match->sk = cmd->sk;
1048 sock_hold(match->sk);
1049 }
1050
1051 mgmt_pending_free(cmd);
1052}
1053
1054static void cmd_status_rsp(struct pending_cmd *cmd, void *data)
1055{
1056 u8 *status = data;
1057
1058 cmd_status(cmd->sk, cmd->index, cmd->opcode, *status);
1059 mgmt_pending_remove(cmd);
1060}
1061
e6fe7986
JH		 1062static u8 mgmt_bredr_support(struct hci_dev *hdev)
1063{
1064 if (!lmp_bredr_capable(hdev))
1065 return MGMT_STATUS_NOT_SUPPORTED;
1066 else if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
1067 return MGMT_STATUS_REJECTED;
1068 else
1069 return MGMT_STATUS_SUCCESS;
1070}
1071
1072static u8 mgmt_le_support(struct hci_dev *hdev)
1073{
1074 if (!lmp_le_capable(hdev))
1075 return MGMT_STATUS_NOT_SUPPORTED;
1076 else if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
1077 return MGMT_STATUS_REJECTED;
1078 else
1079 return MGMT_STATUS_SUCCESS;
1080}
1081
bfaf8c9f
JH		 1082static void set_discoverable_complete(struct hci_dev *hdev, u8 status)
1083{
1084 struct pending_cmd *cmd;
1085 struct mgmt_mode *cp;
970ba524 1086 struct hci_request req;
bfaf8c9f
JH		 1087 bool changed;
1088
1089 BT_DBG("status 0x%02x", status);
1090
1091 hci_dev_lock(hdev);
1092
1093 cmd = mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev);
1094 if (!cmd)
1095 goto unlock;
1096
1097 if (status) {
1098 u8 mgmt_err = mgmt_status(status);
1099 cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
310a3d48 1100 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
bfaf8c9f
JH		 1101 goto remove_cmd;
1102 }
1103
1104 cp = cmd->param;
d4462a07 1105 if (cp->val) {
bfaf8c9f
JH		 1106 changed = !test_and_set_bit(HCI_DISCOVERABLE,
1107 &hdev->dev_flags);
d4462a07
MH		 1108
1109 if (hdev->discov_timeout > 0) {
1110 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
1111 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
1112 to);
1113 }
1114 } else {
bfaf8c9f
JH		 1115 changed = test_and_clear_bit(HCI_DISCOVERABLE,
1116 &hdev->dev_flags);
d4462a07 1117 }
bfaf8c9f
JH		 1118
1119 send_settings_rsp(cmd->sk, MGMT_OP_SET_DISCOVERABLE, hdev);
1120
1121 if (changed)
1122 new_settings(hdev, cmd->sk);
1123
970ba524
MH		 1124 /* When the discoverable mode gets changed, make sure
1125 * that class of device has the limited discoverable
1126 * bit correctly set.
1127 */
1128 hci_req_init(&req, hdev);
1129 update_class(&req);
1130 hci_req_run(&req, NULL);
1131
bfaf8c9f
JH		 1132remove_cmd:
1133 mgmt_pending_remove(cmd);
1134
1135unlock:
1136 hci_dev_unlock(hdev);
1137}
1138
bdb6d971 1139static int set_discoverable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1140 u16 len)
73f22f62 1141{
650f726d 1142 struct mgmt_cp_set_discoverable *cp = data;
366a0336 1143 struct pending_cmd *cmd;
bfaf8c9f 1144 struct hci_request req;
5e5282bb 1145 u16 timeout;
9a43e25f 1146 u8 scan;
73f22f62
JH		 1147 int err;
1148
bdb6d971 1149 BT_DBG("request for %s", hdev->name);
73f22f62 1150
9a43e25f
JH		 1151 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags) &&
1152 !test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
33c525c0 1153 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
9a43e25f 1154 MGMT_STATUS_REJECTED);
33c525c0 1155
310a3d48 1156 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
a7e80f25
JH		 1157 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1158 MGMT_STATUS_INVALID_PARAMS);
1159
1f350c87 1160 timeout = __le16_to_cpu(cp->timeout);
310a3d48
MH		 1161
1162 /* Disabling discoverable requires that no timeout is set,
1163 * and enabling limited discoverable requires a timeout.
1164 */
1165 if ((cp->val == 0x00 && timeout > 0) ||
1166 (cp->val == 0x02 && timeout == 0))
bdb6d971 1167 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 1168 MGMT_STATUS_INVALID_PARAMS);
73f22f62 1169
09fd0de5 1170 hci_dev_lock(hdev);
73f22f62 1171
5e5282bb 1172 if (!hdev_is_powered(hdev) && timeout > 0) {
bdb6d971 1173 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 1174 MGMT_STATUS_NOT_POWERED);
73f22f62
JH		 1175 goto failed;
1176 }
1177
2e58ef3e 1178 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
8ce8e2b5 1179 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
bdb6d971 1180 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 1181 MGMT_STATUS_BUSY);
73f22f62
JH		 1182 goto failed;
1183 }
1184
5e5282bb 1185 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags)) {
bdb6d971 1186 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 1187 MGMT_STATUS_REJECTED);
5e5282bb
JH		 1188 goto failed;
1189 }
1190
1191 if (!hdev_is_powered(hdev)) {
0224d2fa
JH		 1192 bool changed = false;
1193
310a3d48
MH		 1194 /* Setting limited discoverable when powered off is
1195 * not a valid operation since it requires a timeout
1196 * and so no need to check HCI_LIMITED_DISCOVERABLE.
1197 */
0224d2fa
JH		 1198 if (!!cp->val != test_bit(HCI_DISCOVERABLE, &hdev->dev_flags)) {
1199 change_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
1200 changed = true;
1201 }
1202
5e5282bb 1203 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
0224d2fa
JH		 1204 if (err < 0)
1205 goto failed;
1206
1207 if (changed)
1208 err = new_settings(hdev, sk);
1209
5e5282bb
JH		 1210 goto failed;
1211 }
1212
310a3d48
MH		 1213 /* If the current mode is the same, then just update the timeout
1214 * value with the new value. And if only the timeout gets updated,
1215 * then no need for any HCI transactions.
1216 */
1217 if (!!cp->val == test_bit(HCI_DISCOVERABLE, &hdev->dev_flags) &&
1218 (cp->val == 0x02) == test_bit(HCI_LIMITED_DISCOVERABLE,
1219 &hdev->dev_flags)) {
36261547
MH		 1220 cancel_delayed_work(&hdev->discov_off);
1221 hdev->discov_timeout = timeout;
955638ec 1222
36261547
MH		 1223 if (cp->val && hdev->discov_timeout > 0) {
1224 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
955638ec 1225 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
36261547 1226 to);
955638ec
MH		 1227 }
1228
69ab39ea 1229 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
73f22f62
JH		 1230 goto failed;
1231 }
1232
2e58ef3e 1233 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DISCOVERABLE, hdev, data, len);
366a0336
JH		 1234 if (!cmd) {
1235 err = -ENOMEM;
73f22f62 1236 goto failed;
366a0336 1237 }
73f22f62 1238
310a3d48
MH		 1239 /* Cancel any potential discoverable timeout that might be
1240 * still active and store new timeout value. The arming of
1241 * the timeout happens in the complete handler.
1242 */
1243 cancel_delayed_work(&hdev->discov_off);
1244 hdev->discov_timeout = timeout;
1245
b456f87c
JH		 1246 /* Limited discoverable mode */
1247 if (cp->val == 0x02)
1248 set_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
1249 else
1250 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
1251
bfaf8c9f
JH		 1252 hci_req_init(&req, hdev);
1253
9a43e25f
JH		 1254 /* The procedure for LE-only controllers is much simpler - just
1255 * update the advertising data.
1256 */
1257 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
1258 goto update_ad;
1259
73f22f62
JH		 1260 scan = SCAN_PAGE;
1261
310a3d48
MH		 1262 if (cp->val) {
1263 struct hci_cp_write_current_iac_lap hci_cp;
1264
1265 if (cp->val == 0x02) {
1266 /* Limited discoverable mode */
310a3d48
MH		 1267 hci_cp.num_iac = 2;
1268 hci_cp.iac_lap[0] = 0x00; /* LIAC */
1269 hci_cp.iac_lap[1] = 0x8b;
1270 hci_cp.iac_lap[2] = 0x9e;
1271 hci_cp.iac_lap[3] = 0x33; /* GIAC */
1272 hci_cp.iac_lap[4] = 0x8b;
1273 hci_cp.iac_lap[5] = 0x9e;
1274 } else {
1275 /* General discoverable mode */
310a3d48
MH		 1276 hci_cp.num_iac = 1;
1277 hci_cp.iac_lap[0] = 0x33; /* GIAC */
1278 hci_cp.iac_lap[1] = 0x8b;
1279 hci_cp.iac_lap[2] = 0x9e;
1280 }
1281
1282 hci_req_add(&req, HCI_OP_WRITE_CURRENT_IAC_LAP,
1283 (hci_cp.num_iac * 3) + 1, &hci_cp);
1284
73f22f62 1285 scan |= SCAN_INQUIRY;
310a3d48
MH		 1286 } else {
1287 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
1288 }
73f22f62 1289
310a3d48 1290 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, sizeof(scan), &scan);
bfaf8c9f 1291
9a43e25f
JH		 1292update_ad:
1293 update_adv_data(&req);
1294
bfaf8c9f 1295 err = hci_req_run(&req, set_discoverable_complete);
73f22f62 1296 if (err < 0)
a664b5bc 1297 mgmt_pending_remove(cmd);
73f22f62
JH		 1298
1299failed:
09fd0de5 1300 hci_dev_unlock(hdev);
73f22f62
JH		 1301 return err;
1302}
1303
406d7804
JH		 1304static void write_fast_connectable(struct hci_request *req, bool enable)
1305{
bd98b996 1306 struct hci_dev *hdev = req->hdev;
406d7804
JH		 1307 struct hci_cp_write_page_scan_activity acp;
1308 u8 type;
1309
547003b1
JH		 1310 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
1311 return;
1312
4c01f8b8
JH		 1313 if (hdev->hci_ver < BLUETOOTH_VER_1_2)
1314 return;
1315
406d7804
JH		 1316 if (enable) {
1317 type = PAGE_SCAN_TYPE_INTERLACED;
1318
1319 /* 160 msec page scan interval */
1320 acp.interval = __constant_cpu_to_le16(0x0100);
1321 } else {
1322 type = PAGE_SCAN_TYPE_STANDARD; /* default */
1323
1324 /* default 1.28 sec page scan */
1325 acp.interval = __constant_cpu_to_le16(0x0800);
1326 }
1327
1328 acp.window = __constant_cpu_to_le16(0x0012);
1329
bd98b996
JH		 1330 if (__cpu_to_le16(hdev->page_scan_interval) != acp.interval ||
1331 __cpu_to_le16(hdev->page_scan_window) != acp.window)
1332 hci_req_add(req, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY,
1333 sizeof(acp), &acp);
1334
1335 if (hdev->page_scan_type != type)
1336 hci_req_add(req, HCI_OP_WRITE_PAGE_SCAN_TYPE, 1, &type);
406d7804
JH		 1337}
1338
1987fdc7
JH		 1339static u8 get_adv_type(struct hci_dev *hdev)
1340{
1341 struct pending_cmd *cmd;
1342 bool connectable;
1343
1344 /* If there's a pending mgmt command the flag will not yet have
1345 * it's final value, so check for this first.
1346 */
1347 cmd = mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
1348 if (cmd) {
1349 struct mgmt_mode *cp = cmd->param;
1350 connectable = !!cp->val;
1351 } else {
1352 connectable = test_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1353 }
1354
1355 return connectable ? LE_ADV_IND : LE_ADV_NONCONN_IND;
1356}
1357
95c66e75
JH		 1358static void enable_advertising(struct hci_request *req)
1359{
1360 struct hci_dev *hdev = req->hdev;
1361 struct hci_cp_le_set_adv_param cp;
1362 u8 enable = 0x01;
1363
1364 memset(&cp, 0, sizeof(cp));
1365 cp.min_interval = __constant_cpu_to_le16(0x0800);
1366 cp.max_interval = __constant_cpu_to_le16(0x0800);
1987fdc7 1367 cp.type = get_adv_type(hdev);
79830f66 1368 cp.own_address_type = hdev->own_addr_type;
95c66e75
JH		 1369 cp.channel_map = 0x07;
1370
1371 hci_req_add(req, HCI_OP_LE_SET_ADV_PARAM, sizeof(cp), &cp);
1372
1373 hci_req_add(req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable), &enable);
1374}
1375
1376static void disable_advertising(struct hci_request *req)
1377{
1378 u8 enable = 0x00;
1379
1380 hci_req_add(req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable), &enable);
1381}
1382
2b76f453
JH		 1383static void set_connectable_complete(struct hci_dev *hdev, u8 status)
1384{
1385 struct pending_cmd *cmd;
d7b856f9
JH		 1386 struct mgmt_mode *cp;
1387 bool changed;
2b76f453
JH		 1388
1389 BT_DBG("status 0x%02x", status);
1390
1391 hci_dev_lock(hdev);
1392
1393 cmd = mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
1394 if (!cmd)
1395 goto unlock;
1396
37438c1f
JH		 1397 if (status) {
1398 u8 mgmt_err = mgmt_status(status);
1399 cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
1400 goto remove_cmd;
1401 }
1402
d7b856f9
JH		 1403 cp = cmd->param;
1404 if (cp->val)
1405 changed = !test_and_set_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1406 else
1407 changed = test_and_clear_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1408
2b76f453
JH		 1409 send_settings_rsp(cmd->sk, MGMT_OP_SET_CONNECTABLE, hdev);
1410
d7b856f9
JH		 1411 if (changed)
1412 new_settings(hdev, cmd->sk);
1413
37438c1f 1414remove_cmd:
2b76f453
JH		 1415 mgmt_pending_remove(cmd);
1416
1417unlock:
1418 hci_dev_unlock(hdev);
1419}
1420
e8ba3a1f
JH		 1421static int set_connectable_update_settings(struct hci_dev *hdev,
1422 struct sock *sk, u8 val)
1423{
1424 bool changed = false;
1425 int err;
1426
1427 if (!!val != test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
1428 changed = true;
1429
1430 if (val) {
1431 set_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1432 } else {
1433 clear_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1434 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
1435 }
1436
1437 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
1438 if (err < 0)
1439 return err;
1440
1441 if (changed)
1442 return new_settings(hdev, sk);
1443
1444 return 0;
1445}
1446
bdb6d971 1447static int set_connectable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1448 u16 len)
9fbcbb45 1449{
650f726d 1450 struct mgmt_mode *cp = data;
366a0336 1451 struct pending_cmd *cmd;
2b76f453 1452 struct hci_request req;
1987fdc7 1453 u8 scan;
9fbcbb45
JH		 1454 int err;
1455
bdb6d971 1456 BT_DBG("request for %s", hdev->name);
9fbcbb45 1457
1987fdc7
JH		 1458 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags) &&
1459 !test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
33c525c0 1460 return cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1987fdc7 1461 MGMT_STATUS_REJECTED);
33c525c0 1462
a7e80f25
JH		 1463 if (cp->val != 0x00 && cp->val != 0x01)
1464 return cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1465 MGMT_STATUS_INVALID_PARAMS);
1466
09fd0de5 1467 hci_dev_lock(hdev);
9fbcbb45 1468
4b34ee78 1469 if (!hdev_is_powered(hdev)) {
e8ba3a1f 1470 err = set_connectable_update_settings(hdev, sk, cp->val);
9fbcbb45
JH		 1471 goto failed;
1472 }
1473
2e58ef3e 1474 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
8ce8e2b5 1475 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
bdb6d971 1476 err = cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
04124681 1477 MGMT_STATUS_BUSY);
9fbcbb45
JH		 1478 goto failed;
1479 }
1480
2e58ef3e 1481 cmd = mgmt_pending_add(sk, MGMT_OP_SET_CONNECTABLE, hdev, data, len);
366a0336
JH		 1482 if (!cmd) {
1483 err = -ENOMEM;
9fbcbb45 1484 goto failed;
366a0336 1485 }
9fbcbb45 1486
9b74246f 1487 hci_req_init(&req, hdev);
9fbcbb45 1488
9a43e25f
JH		 1489 /* If BR/EDR is not enabled and we disable advertising as a
1490 * by-product of disabling connectable, we need to update the
1491 * advertising flags.
1492 */
1493 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
1494 if (!cp->val) {
1495 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
1496 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
1497 }
1498 update_adv_data(&req);
1499 } else if (cp->val != test_bit(HCI_PSCAN, &hdev->flags)) {
9b74246f
JH		 1500 if (cp->val) {
1501 scan = SCAN_PAGE;
1502 } else {
1503 scan = 0;
1504
1505 if (test_bit(HCI_ISCAN, &hdev->flags) &&
8d6083fe 1506 hdev->discov_timeout > 0)
9b74246f
JH		 1507 cancel_delayed_work(&hdev->discov_off);
1508 }
2b76f453 1509
9b74246f
JH		 1510 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1511 }
2b76f453 1512
4c01f8b8
JH		 1513 /* If we're going from non-connectable to connectable or
1514 * vice-versa when fast connectable is enabled ensure that fast
1515 * connectable gets disabled. write_fast_connectable won't do
1516 * anything if the page scan parameters are already what they
1517 * should be.
1518 */
1519 if (cp->val || test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags))
e36a3769
JH		 1520 write_fast_connectable(&req, false);
1521
1987fdc7
JH		 1522 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags) &&
1523 hci_conn_num(hdev, LE_LINK) == 0) {
1524 disable_advertising(&req);
1525 enable_advertising(&req);
1526 }
1527
2b76f453 1528 err = hci_req_run(&req, set_connectable_complete);
9b74246f 1529 if (err < 0) {
a664b5bc 1530 mgmt_pending_remove(cmd);
9b74246f 1531 if (err == -ENODATA)
a81070ba
JH		 1532 err = set_connectable_update_settings(hdev, sk,
1533 cp->val);
9b74246f
JH		 1534 goto failed;
1535 }
9fbcbb45
JH		 1536
1537failed:
09fd0de5 1538 hci_dev_unlock(hdev);
9fbcbb45
JH		 1539 return err;
1540}
1541
bdb6d971 1542static int set_pairable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1543 u16 len)
c542a06c 1544{
650f726d 1545 struct mgmt_mode *cp = data;
55594356 1546 bool changed;
c542a06c
JH		 1547 int err;
1548
bdb6d971 1549 BT_DBG("request for %s", hdev->name);
c542a06c 1550
a7e80f25
JH		 1551 if (cp->val != 0x00 && cp->val != 0x01)
1552 return cmd_status(sk, hdev->id, MGMT_OP_SET_PAIRABLE,
1553 MGMT_STATUS_INVALID_PARAMS);
1554
09fd0de5 1555 hci_dev_lock(hdev);
c542a06c
JH		 1556
1557 if (cp->val)
55594356 1558 changed = !test_and_set_bit(HCI_PAIRABLE, &hdev->dev_flags);
c542a06c 1559 else
55594356 1560 changed = test_and_clear_bit(HCI_PAIRABLE, &hdev->dev_flags);
c542a06c 1561
69ab39ea 1562 err = send_settings_rsp(sk, MGMT_OP_SET_PAIRABLE, hdev);
c542a06c 1563 if (err < 0)
55594356 1564 goto unlock;
c542a06c 1565
55594356
MH		 1566 if (changed)
1567 err = new_settings(hdev, sk);
c542a06c 1568
55594356 1569unlock:
09fd0de5 1570 hci_dev_unlock(hdev);
c542a06c
JH		 1571 return err;
1572}
1573
04124681
GP		 1574static int set_link_security(struct sock *sk, struct hci_dev *hdev, void *data,
1575 u16 len)
33ef95ed
JH		 1576{
1577 struct mgmt_mode *cp = data;
1578 struct pending_cmd *cmd;
e6fe7986 1579 u8 val, status;
33ef95ed
JH		 1580 int err;
1581
bdb6d971 1582 BT_DBG("request for %s", hdev->name);
33ef95ed 1583
e6fe7986
JH		 1584 status = mgmt_bredr_support(hdev);
1585 if (status)
33c525c0 1586 return cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
e6fe7986 1587 status);
33c525c0 1588
a7e80f25
JH		 1589 if (cp->val != 0x00 && cp->val != 0x01)
1590 return cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1591 MGMT_STATUS_INVALID_PARAMS);
1592
33ef95ed
JH		 1593 hci_dev_lock(hdev);
1594
4b34ee78 1595 if (!hdev_is_powered(hdev)) {
47990ea0
JH		 1596 bool changed = false;
1597
1598 if (!!cp->val != test_bit(HCI_LINK_SECURITY,
8ce8e2b5 1599 &hdev->dev_flags)) {
47990ea0
JH		 1600 change_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
1601 changed = true;
1602 }
1603
1604 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1605 if (err < 0)
1606 goto failed;
1607
1608 if (changed)
1609 err = new_settings(hdev, sk);
1610
33ef95ed
JH		 1611 goto failed;
1612 }
1613
1614 if (mgmt_pending_find(MGMT_OP_SET_LINK_SECURITY, hdev)) {
bdb6d971 1615 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
04124681 1616 MGMT_STATUS_BUSY);
33ef95ed
JH		 1617 goto failed;
1618 }
1619
1620 val = !!cp->val;
1621
1622 if (test_bit(HCI_AUTH, &hdev->flags) == val) {
1623 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1624 goto failed;
1625 }
1626
1627 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LINK_SECURITY, hdev, data, len);
1628 if (!cmd) {
1629 err = -ENOMEM;
1630 goto failed;
1631 }
1632
1633 err = hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE, sizeof(val), &val);
1634 if (err < 0) {
1635 mgmt_pending_remove(cmd);
1636 goto failed;
1637 }
1638
1639failed:
1640 hci_dev_unlock(hdev);
33ef95ed
JH		 1641 return err;
1642}
1643
bdb6d971 1644static int set_ssp(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
ed2c4ee3
JH		 1645{
1646 struct mgmt_mode *cp = data;
1647 struct pending_cmd *cmd;
72ef0c1a 1648 u8 status;
ed2c4ee3
JH		 1649 int err;
1650
bdb6d971 1651 BT_DBG("request for %s", hdev->name);
ed2c4ee3 1652
cdba5281
MH		 1653 status = mgmt_bredr_support(hdev);
1654 if (status)
1655 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP, status);
1656
13ecd8b6
JH		 1657 if (!lmp_ssp_capable(hdev))
1658 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1659 MGMT_STATUS_NOT_SUPPORTED);
ed2c4ee3 1660
a7e80f25
JH		 1661 if (cp->val != 0x00 && cp->val != 0x01)
1662 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1663 MGMT_STATUS_INVALID_PARAMS);
1664
13ecd8b6 1665 hci_dev_lock(hdev);
6c8f12c1 1666
4b34ee78 1667 if (!hdev_is_powered(hdev)) {
9ecb3e24 1668 bool changed;
c0ecddc2 1669
9ecb3e24
MH		 1670 if (cp->val) {
1671 changed = !test_and_set_bit(HCI_SSP_ENABLED,
1672 &hdev->dev_flags);
1673 } else {
1674 changed = test_and_clear_bit(HCI_SSP_ENABLED,
1675 &hdev->dev_flags);
1676 if (!changed)
1677 changed = test_and_clear_bit(HCI_HS_ENABLED,
1678 &hdev->dev_flags);
1679 else
1680 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
c0ecddc2
JH		 1681 }
1682
1683 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1684 if (err < 0)
1685 goto failed;
1686
1687 if (changed)
1688 err = new_settings(hdev, sk);
1689
ed2c4ee3
JH		 1690 goto failed;
1691 }
1692
9ecb3e24
MH		 1693 if (mgmt_pending_find(MGMT_OP_SET_SSP, hdev) ||
1694 mgmt_pending_find(MGMT_OP_SET_HS, hdev)) {
d97dcb66
SJ		 1695 err = cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1696 MGMT_STATUS_BUSY);
ed2c4ee3
JH		 1697 goto failed;
1698 }
1699
72ef0c1a 1700 if (!!cp->val == test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) {
ed2c4ee3
JH		 1701 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1702 goto failed;
1703 }
1704
1705 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SSP, hdev, data, len);
1706 if (!cmd) {
1707 err = -ENOMEM;
1708 goto failed;
1709 }
1710
72ef0c1a 1711 err = hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, 1, &cp->val);
ed2c4ee3
JH		 1712 if (err < 0) {
1713 mgmt_pending_remove(cmd);
1714 goto failed;
1715 }
1716
1717failed:
1718 hci_dev_unlock(hdev);
ed2c4ee3
JH		 1719 return err;
1720}
1721
bdb6d971 1722static int set_hs(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
6d80dfd0
JH		 1723{
1724 struct mgmt_mode *cp = data;
ee392693 1725 bool changed;
e6fe7986 1726 u8 status;
ee392693 1727 int err;
6d80dfd0 1728
bdb6d971 1729 BT_DBG("request for %s", hdev->name);
6d80dfd0 1730
e6fe7986
JH		 1731 status = mgmt_bredr_support(hdev);
1732 if (status)
1733 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS, status);
6d80dfd0 1734
9ecb3e24
MH		 1735 if (!lmp_ssp_capable(hdev))
1736 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1737 MGMT_STATUS_NOT_SUPPORTED);
1738
1739 if (!test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
1740 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1741 MGMT_STATUS_REJECTED);
1742
a7e80f25
JH		 1743 if (cp->val != 0x00 && cp->val != 0x01)
1744 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1745 MGMT_STATUS_INVALID_PARAMS);
1746
ee392693
MH		 1747 hci_dev_lock(hdev);
1748
a0cdf960 1749 if (cp->val) {
ee392693 1750 changed = !test_and_set_bit(HCI_HS_ENABLED, &hdev->dev_flags);
a0cdf960
MH		 1751 } else {
1752 if (hdev_is_powered(hdev)) {
1753 err = cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1754 MGMT_STATUS_REJECTED);
1755 goto unlock;
1756 }
1757
ee392693 1758 changed = test_and_clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
a0cdf960 1759 }
ee392693
MH		 1760
1761 err = send_settings_rsp(sk, MGMT_OP_SET_HS, hdev);
1762 if (err < 0)
1763 goto unlock;
1764
1765 if (changed)
1766 err = new_settings(hdev, sk);
6d80dfd0 1767
ee392693
MH		 1768unlock:
1769 hci_dev_unlock(hdev);
1770 return err;
6d80dfd0
JH		 1771}
1772
416a4ae5
JH		 1773static void le_enable_complete(struct hci_dev *hdev, u8 status)
1774{
1775 struct cmd_lookup match = { NULL, hdev };
1776
1777 if (status) {
1778 u8 mgmt_err = mgmt_status(status);
1779
1780 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, cmd_status_rsp,
1781 &mgmt_err);
1782 return;
1783 }
1784
1785 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, settings_rsp, &match);
1786
1787 new_settings(hdev, match.sk);
1788
1789 if (match.sk)
1790 sock_put(match.sk);
441ad2d0
MH		 1791
1792 /* Make sure the controller has a good default for
1793 * advertising data. Restrict the update to when LE
1794 * has actually been enabled. During power on, the
1795 * update in powered_update_hci will take care of it.
1796 */
1797 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
1798 struct hci_request req;
1799
1800 hci_dev_lock(hdev);
1801
1802 hci_req_init(&req, hdev);
5947f4bc 1803 update_adv_data(&req);
f14d8f64 1804 update_scan_rsp_data(&req);
441ad2d0
MH		 1805 hci_req_run(&req, NULL);
1806
1807 hci_dev_unlock(hdev);
1808 }
416a4ae5
JH		 1809}
1810
bdb6d971 1811static int set_le(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
06199cf8
JH		 1812{
1813 struct mgmt_mode *cp = data;
1814 struct hci_cp_write_le_host_supported hci_cp;
1815 struct pending_cmd *cmd;
416a4ae5 1816 struct hci_request req;
06199cf8 1817 int err;
0b60eba1 1818 u8 val, enabled;
06199cf8 1819
bdb6d971 1820 BT_DBG("request for %s", hdev->name);
06199cf8 1821
13ecd8b6
JH		 1822 if (!lmp_le_capable(hdev))
1823 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1824 MGMT_STATUS_NOT_SUPPORTED);
1de028ce 1825
a7e80f25
JH		 1826 if (cp->val != 0x00 && cp->val != 0x01)
1827 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1828 MGMT_STATUS_INVALID_PARAMS);
1829
c73eee91 1830 /* LE-only devices do not allow toggling LE on/off */
56f87901 1831 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
c73eee91
JH		 1832 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1833 MGMT_STATUS_REJECTED);
1834
13ecd8b6 1835 hci_dev_lock(hdev);
06199cf8
JH		 1836
1837 val = !!cp->val;
ffa88e02 1838 enabled = lmp_host_le_capable(hdev);
06199cf8 1839
0b60eba1 1840 if (!hdev_is_powered(hdev) || val == enabled) {
06199cf8
JH		 1841 bool changed = false;
1842
1843 if (val != test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
1844 change_bit(HCI_LE_ENABLED, &hdev->dev_flags);
1845 changed = true;
1846 }
1847
f3d3444a
JH		 1848 if (!val && test_bit(HCI_ADVERTISING, &hdev->dev_flags)) {
1849 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
eeca6f89
JH		 1850 changed = true;
1851 }
1852
06199cf8
JH		 1853 err = send_settings_rsp(sk, MGMT_OP_SET_LE, hdev);
1854 if (err < 0)
1de028ce 1855 goto unlock;
06199cf8
JH		 1856
1857 if (changed)
1858 err = new_settings(hdev, sk);
1859
1de028ce 1860 goto unlock;
06199cf8
JH		 1861 }
1862
4375f103
JH		 1863 if (mgmt_pending_find(MGMT_OP_SET_LE, hdev) ||
1864 mgmt_pending_find(MGMT_OP_SET_ADVERTISING, hdev)) {
bdb6d971 1865 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
04124681 1866 MGMT_STATUS_BUSY);
1de028ce 1867 goto unlock;
06199cf8
JH		 1868 }
1869
1870 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LE, hdev, data, len);
1871 if (!cmd) {
1872 err = -ENOMEM;
1de028ce 1873 goto unlock;
06199cf8
JH		 1874 }
1875
441ad2d0
MH		 1876 hci_req_init(&req, hdev);
1877
06199cf8
JH		 1878 memset(&hci_cp, 0, sizeof(hci_cp));
1879
1880 if (val) {
1881 hci_cp.le = val;
ffa88e02 1882 hci_cp.simul = lmp_le_br_capable(hdev);
441ad2d0
MH		 1883 } else {
1884 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags))
1885 disable_advertising(&req);
06199cf8
JH		 1886 }
1887
416a4ae5
JH		 1888 hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(hci_cp),
1889 &hci_cp);
1890
1891 err = hci_req_run(&req, le_enable_complete);
0c01bc48 1892 if (err < 0)
06199cf8 1893 mgmt_pending_remove(cmd);
06199cf8 1894
1de028ce
JH		 1895unlock:
1896 hci_dev_unlock(hdev);
06199cf8
JH		 1897 return err;
1898}
1899
0cab9c80
JH		 1900/* This is a helper function to test for pending mgmt commands that can
1901 * cause CoD or EIR HCI commands. We can only allow one such pending
1902 * mgmt command at a time since otherwise we cannot easily track what
1903 * the current values are, will be, and based on that calculate if a new
1904 * HCI command needs to be sent and if yes with what value.
1905 */
1906static bool pending_eir_or_class(struct hci_dev *hdev)
1907{
1908 struct pending_cmd *cmd;
1909
1910 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
1911 switch (cmd->opcode) {
1912 case MGMT_OP_ADD_UUID:
1913 case MGMT_OP_REMOVE_UUID:
1914 case MGMT_OP_SET_DEV_CLASS:
1915 case MGMT_OP_SET_POWERED:
1916 return true;
1917 }
1918 }
1919
1920 return false;
1921}
1922
83be8eca
JH		 1923static const u8 bluetooth_base_uuid[] = {
1924 0xfb, 0x34, 0x9b, 0x5f, 0x80, 0x00, 0x00, 0x80,
1925 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1926};
1927
1928static u8 get_uuid_size(const u8 *uuid)
1929{
1930 u32 val;
1931
1932 if (memcmp(uuid, bluetooth_base_uuid, 12))
1933 return 128;
1934
1935 val = get_unaligned_le32(&uuid[12]);
1936 if (val > 0xffff)
1937 return 32;
1938
1939 return 16;
1940}
1941
92da6097
JH		 1942static void mgmt_class_complete(struct hci_dev *hdev, u16 mgmt_op, u8 status)
1943{
1944 struct pending_cmd *cmd;
1945
1946 hci_dev_lock(hdev);
1947
1948 cmd = mgmt_pending_find(mgmt_op, hdev);
1949 if (!cmd)
1950 goto unlock;
1951
1952 cmd_complete(cmd->sk, cmd->index, cmd->opcode, mgmt_status(status),
1953 hdev->dev_class, 3);
1954
1955 mgmt_pending_remove(cmd);
1956
1957unlock:
1958 hci_dev_unlock(hdev);
1959}
1960
1961static void add_uuid_complete(struct hci_dev *hdev, u8 status)
1962{
1963 BT_DBG("status 0x%02x", status);
1964
1965 mgmt_class_complete(hdev, MGMT_OP_ADD_UUID, status);
1966}
1967
bdb6d971 1968static int add_uuid(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
2aeb9a1a 1969{
650f726d 1970 struct mgmt_cp_add_uuid *cp = data;
90e70454 1971 struct pending_cmd *cmd;
890ea898 1972 struct hci_request req;
2aeb9a1a 1973 struct bt_uuid *uuid;
2aeb9a1a
JH		 1974 int err;
1975
bdb6d971 1976 BT_DBG("request for %s", hdev->name);
2aeb9a1a 1977
09fd0de5 1978 hci_dev_lock(hdev);
2aeb9a1a 1979
0cab9c80 1980 if (pending_eir_or_class(hdev)) {
bdb6d971 1981 err = cmd_status(sk, hdev->id, MGMT_OP_ADD_UUID,
04124681 1982 MGMT_STATUS_BUSY);
c95f0ba7
JH		 1983 goto failed;
1984 }
1985
92c4c204 1986 uuid = kmalloc(sizeof(*uuid), GFP_KERNEL);
2aeb9a1a
JH		 1987 if (!uuid) {
1988 err = -ENOMEM;
1989 goto failed;
1990 }
1991
1992 memcpy(uuid->uuid, cp->uuid, 16);
1aff6f09 1993 uuid->svc_hint = cp->svc_hint;
83be8eca 1994 uuid->size = get_uuid_size(cp->uuid);
2aeb9a1a 1995
de66aa63 1996 list_add_tail(&uuid->list, &hdev->uuids);
2aeb9a1a 1997
890ea898 1998 hci_req_init(&req, hdev);
1aff6f09 1999
890ea898
JH		 2000 update_class(&req);
2001 update_eir(&req);
2002
92da6097
JH		 2003 err = hci_req_run(&req, add_uuid_complete);
2004 if (err < 0) {
2005 if (err != -ENODATA)
2006 goto failed;
80a1e1db 2007
bdb6d971 2008 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_UUID, 0,
04124681 2009 hdev->dev_class, 3);
90e70454
JH		 2010 goto failed;
2011 }
2012
2013 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_UUID, hdev, data, len);
890ea898 2014 if (!cmd) {
90e70454 2015 err = -ENOMEM;
890ea898
JH		 2016 goto failed;
2017 }
2018
2019 err = 0;
2aeb9a1a
JH		 2020
2021failed:
09fd0de5 2022 hci_dev_unlock(hdev);
2aeb9a1a
JH		 2023 return err;
2024}
2025
24b78d0f
JH		 2026static bool enable_service_cache(struct hci_dev *hdev)
2027{
2028 if (!hdev_is_powered(hdev))
2029 return false;
2030
2031 if (!test_and_set_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
46818ed5
JH		 2032 queue_delayed_work(hdev->workqueue, &hdev->service_cache,
2033 CACHE_TIMEOUT);
24b78d0f
JH		 2034 return true;
2035 }
2036
2037 return false;
2038}
2039
92da6097
JH		 2040static void remove_uuid_complete(struct hci_dev *hdev, u8 status)
2041{
2042 BT_DBG("status 0x%02x", status);
2043
2044 mgmt_class_complete(hdev, MGMT_OP_REMOVE_UUID, status);
2045}
2046
bdb6d971 2047static int remove_uuid(struct sock *sk, struct hci_dev *hdev, void *data,
8ce8e2b5 2048 u16 len)
2aeb9a1a 2049{
650f726d 2050 struct mgmt_cp_remove_uuid *cp = data;
90e70454 2051 struct pending_cmd *cmd;
056341c8 2052 struct bt_uuid *match, *tmp;
2aeb9a1a 2053 u8 bt_uuid_any[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
890ea898 2054 struct hci_request req;
2aeb9a1a
JH		 2055 int err, found;
2056
bdb6d971 2057 BT_DBG("request for %s", hdev->name);
2aeb9a1a 2058
09fd0de5 2059 hci_dev_lock(hdev);
2aeb9a1a 2060
0cab9c80 2061 if (pending_eir_or_class(hdev)) {
bdb6d971 2062 err = cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
04124681 2063 MGMT_STATUS_BUSY);
c95f0ba7
JH		 2064 goto unlock;
2065 }
2066
2aeb9a1a
JH		 2067 if (memcmp(cp->uuid, bt_uuid_any, 16) == 0) {
2068 err = hci_uuids_clear(hdev);
4004b6d9 2069
24b78d0f 2070 if (enable_service_cache(hdev)) {
bdb6d971 2071 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID,
04124681 2072 0, hdev->dev_class, 3);
24b78d0f
JH		 2073 goto unlock;
2074 }
4004b6d9 2075
9246a869 2076 goto update_class;
2aeb9a1a
JH		 2077 }
2078
2079 found = 0;
2080
056341c8 2081 list_for_each_entry_safe(match, tmp, &hdev->uuids, list) {
2aeb9a1a
JH		 2082 if (memcmp(match->uuid, cp->uuid, 16) != 0)
2083 continue;
2084
2085 list_del(&match->list);
482049f7 2086 kfree(match);
2aeb9a1a
JH		 2087 found++;
2088 }
2089
2090 if (found == 0) {
bdb6d971 2091 err = cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
04124681 2092 MGMT_STATUS_INVALID_PARAMS);
2aeb9a1a
JH		 2093 goto unlock;
2094 }
2095
9246a869 2096update_class:
890ea898 2097 hci_req_init(&req, hdev);
1aff6f09 2098
890ea898
JH		 2099 update_class(&req);
2100 update_eir(&req);
2101
92da6097
JH		 2102 err = hci_req_run(&req, remove_uuid_complete);
2103 if (err < 0) {
2104 if (err != -ENODATA)
2105 goto unlock;
80a1e1db 2106
bdb6d971 2107 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID, 0,
04124681 2108 hdev->dev_class, 3);
90e70454
JH		 2109 goto unlock;
2110 }
2111
2112 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_UUID, hdev, data, len);
890ea898 2113 if (!cmd) {
90e70454 2114 err = -ENOMEM;
890ea898
JH		 2115 goto unlock;
2116 }
2117
2118 err = 0;
2aeb9a1a
JH		 2119
2120unlock:
09fd0de5 2121 hci_dev_unlock(hdev);
2aeb9a1a
JH		 2122 return err;
2123}
2124
92da6097
JH		 2125static void set_class_complete(struct hci_dev *hdev, u8 status)
2126{
2127 BT_DBG("status 0x%02x", status);
2128
2129 mgmt_class_complete(hdev, MGMT_OP_SET_DEV_CLASS, status);
2130}
2131
bdb6d971 2132static int set_dev_class(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2133 u16 len)
1aff6f09 2134{
650f726d 2135 struct mgmt_cp_set_dev_class *cp = data;
90e70454 2136 struct pending_cmd *cmd;
890ea898 2137 struct hci_request req;
1aff6f09
JH		 2138 int err;
2139
bdb6d971 2140 BT_DBG("request for %s", hdev->name);
1aff6f09 2141
6203fc98 2142 if (!lmp_bredr_capable(hdev))
13ecd8b6
JH		 2143 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2144 MGMT_STATUS_NOT_SUPPORTED);
1aff6f09 2145
0cab9c80 2146 hci_dev_lock(hdev);
ee98f473 2147
0cab9c80
JH		 2148 if (pending_eir_or_class(hdev)) {
2149 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2150 MGMT_STATUS_BUSY);
2151 goto unlock;
2152 }
c95f0ba7 2153
0cab9c80
JH		 2154 if ((cp->minor & 0x03) != 0 || (cp->major & 0xe0) != 0) {
2155 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2156 MGMT_STATUS_INVALID_PARAMS);
2157 goto unlock;
2158 }
575b3a02 2159
932f5ff5
JH		 2160 hdev->major_class = cp->major;
2161 hdev->minor_class = cp->minor;
2162
b5235a65 2163 if (!hdev_is_powered(hdev)) {
bdb6d971 2164 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
04124681 2165 hdev->dev_class, 3);
b5235a65
JH		 2166 goto unlock;
2167 }
2168
890ea898
JH		 2169 hci_req_init(&req, hdev);
2170
a8b2d5c2 2171 if (test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
7d78525d
JH		 2172 hci_dev_unlock(hdev);
2173 cancel_delayed_work_sync(&hdev->service_cache);
2174 hci_dev_lock(hdev);
890ea898 2175 update_eir(&req);
7d78525d 2176 }
14c0b608 2177
890ea898
JH		 2178 update_class(&req);
2179
92da6097
JH		 2180 err = hci_req_run(&req, set_class_complete);
2181 if (err < 0) {
2182 if (err != -ENODATA)
2183 goto unlock;
1aff6f09 2184
bdb6d971 2185 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
04124681 2186 hdev->dev_class, 3);
90e70454
JH		 2187 goto unlock;
2188 }
2189
2190 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DEV_CLASS, hdev, data, len);
890ea898 2191 if (!cmd) {
90e70454 2192 err = -ENOMEM;
890ea898
JH		 2193 goto unlock;
2194 }
2195
2196 err = 0;
1aff6f09 2197
b5235a65 2198unlock:
09fd0de5 2199 hci_dev_unlock(hdev);
1aff6f09
JH		 2200 return err;
2201}
2202
bdb6d971 2203static int load_link_keys(struct sock *sk, struct hci_dev *hdev, void *data,
8ce8e2b5 2204 u16 len)
55ed8ca1 2205{
650f726d 2206 struct mgmt_cp_load_link_keys *cp = data;
4e51eae9 2207 u16 key_count, expected_len;
a492cd52 2208 int i;
55ed8ca1 2209
9060d5cf
MH		 2210 BT_DBG("request for %s", hdev->name);
2211
2212 if (!lmp_bredr_capable(hdev))
2213 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2214 MGMT_STATUS_NOT_SUPPORTED);
2215
1f350c87 2216 key_count = __le16_to_cpu(cp->key_count);
55ed8ca1 2217
86742e1e
JH		 2218 expected_len = sizeof(*cp) + key_count *
2219 sizeof(struct mgmt_link_key_info);
a492cd52 2220 if (expected_len != len) {
86742e1e 2221 BT_ERR("load_link_keys: expected %u bytes, got %u bytes",
8ce8e2b5 2222 len, expected_len);
bdb6d971 2223 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
04124681 2224 MGMT_STATUS_INVALID_PARAMS);
55ed8ca1
JH		 2225 }
2226
4ae14301
JH		 2227 if (cp->debug_keys != 0x00 && cp->debug_keys != 0x01)
2228 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2229 MGMT_STATUS_INVALID_PARAMS);
2230
bdb6d971 2231 BT_DBG("%s debug_keys %u key_count %u", hdev->name, cp->debug_keys,
8ce8e2b5 2232 key_count);
55ed8ca1 2233
4ee71b20
JH		 2234 for (i = 0; i < key_count; i++) {
2235 struct mgmt_link_key_info *key = &cp->keys[i];
2236
2237 if (key->addr.type != BDADDR_BREDR)
2238 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2239 MGMT_STATUS_INVALID_PARAMS);
2240 }
2241
09fd0de5 2242 hci_dev_lock(hdev);
55ed8ca1
JH		 2243
2244 hci_link_keys_clear(hdev);
2245
55ed8ca1 2246 if (cp->debug_keys)
a8b2d5c2 2247 set_bit(HCI_DEBUG_KEYS, &hdev->dev_flags);
55ed8ca1 2248 else
a8b2d5c2 2249 clear_bit(HCI_DEBUG_KEYS, &hdev->dev_flags);
55ed8ca1 2250
a492cd52 2251 for (i = 0; i < key_count; i++) {
86742e1e 2252 struct mgmt_link_key_info *key = &cp->keys[i];
55ed8ca1 2253
d753fdc4 2254 hci_add_link_key(hdev, NULL, 0, &key->addr.bdaddr, key->val,
04124681 2255 key->type, key->pin_len);
55ed8ca1
JH		 2256 }
2257
bdb6d971 2258 cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS, 0, NULL, 0);
0e5f875a 2259
09fd0de5 2260 hci_dev_unlock(hdev);
55ed8ca1 2261
a492cd52 2262 return 0;
55ed8ca1
JH		 2263}
2264
b1078ad0 2265static int device_unpaired(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 2266 u8 addr_type, struct sock *skip_sk)
b1078ad0
JH		 2267{
2268 struct mgmt_ev_device_unpaired ev;
2269
2270 bacpy(&ev.addr.bdaddr, bdaddr);
2271 ev.addr.type = addr_type;
2272
2273 return mgmt_event(MGMT_EV_DEVICE_UNPAIRED, hdev, &ev, sizeof(ev),
04124681 2274 skip_sk);
b1078ad0
JH		 2275}
2276
bdb6d971 2277static int unpair_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2278 u16 len)
55ed8ca1 2279{
124f6e35
JH		 2280 struct mgmt_cp_unpair_device *cp = data;
2281 struct mgmt_rp_unpair_device rp;
a8a1d19e
JH		 2282 struct hci_cp_disconnect dc;
2283 struct pending_cmd *cmd;
55ed8ca1 2284 struct hci_conn *conn;
55ed8ca1
JH		 2285 int err;
2286
a8a1d19e 2287 memset(&rp, 0, sizeof(rp));
124f6e35
JH		 2288 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2289 rp.addr.type = cp->addr.type;
a8a1d19e 2290
4ee71b20
JH		 2291 if (!bdaddr_type_is_valid(cp->addr.type))
2292 return cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2293 MGMT_STATUS_INVALID_PARAMS,
2294 &rp, sizeof(rp));
2295
118da70b
JH		 2296 if (cp->disconnect != 0x00 && cp->disconnect != 0x01)
2297 return cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2298 MGMT_STATUS_INVALID_PARAMS,
2299 &rp, sizeof(rp));
2300
4ee71b20
JH		 2301 hci_dev_lock(hdev);
2302
86a8cfc6 2303 if (!hdev_is_powered(hdev)) {
bdb6d971 2304 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
04124681 2305 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
86a8cfc6
JH		 2306 goto unlock;
2307 }
2308
591f47f3 2309 if (cp->addr.type == BDADDR_BREDR)
124f6e35
JH		 2310 err = hci_remove_link_key(hdev, &cp->addr.bdaddr);
2311 else
2312 err = hci_remove_ltk(hdev, &cp->addr.bdaddr);
b0dbfb46 2313
55ed8ca1 2314 if (err < 0) {
bdb6d971 2315 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
04124681 2316 MGMT_STATUS_NOT_PAIRED, &rp, sizeof(rp));
55ed8ca1
JH		 2317 goto unlock;
2318 }
2319
86a8cfc6 2320 if (cp->disconnect) {
591f47f3 2321 if (cp->addr.type == BDADDR_BREDR)
86a8cfc6 2322 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
8ce8e2b5 2323 &cp->addr.bdaddr);
86a8cfc6
JH		 2324 else
2325 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK,
8ce8e2b5 2326 &cp->addr.bdaddr);
86a8cfc6
JH		 2327 } else {
2328 conn = NULL;
2329 }
124f6e35 2330
a8a1d19e 2331 if (!conn) {
bdb6d971 2332 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE, 0,
04124681 2333 &rp, sizeof(rp));
b1078ad0 2334 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, sk);
a8a1d19e
JH		 2335 goto unlock;
2336 }
55ed8ca1 2337
124f6e35 2338 cmd = mgmt_pending_add(sk, MGMT_OP_UNPAIR_DEVICE, hdev, cp,
04124681 2339 sizeof(*cp));
a8a1d19e
JH		 2340 if (!cmd) {
2341 err = -ENOMEM;
2342 goto unlock;
55ed8ca1
JH		 2343 }
2344
eb55ef07 2345 dc.handle = cpu_to_le16(conn->handle);
a8a1d19e
JH		 2346 dc.reason = 0x13; /* Remote User Terminated Connection */
2347 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
2348 if (err < 0)
2349 mgmt_pending_remove(cmd);
2350
55ed8ca1 2351unlock:
09fd0de5 2352 hci_dev_unlock(hdev);
55ed8ca1
JH		 2353 return err;
2354}
2355
bdb6d971 2356static int disconnect(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2357 u16 len)
8962ee74 2358{
650f726d 2359 struct mgmt_cp_disconnect *cp = data;
06a63b19 2360 struct mgmt_rp_disconnect rp;
8962ee74 2361 struct hci_cp_disconnect dc;
366a0336 2362 struct pending_cmd *cmd;
8962ee74 2363 struct hci_conn *conn;
8962ee74
JH		 2364 int err;
2365
2366 BT_DBG("");
2367
06a63b19
JH		 2368 memset(&rp, 0, sizeof(rp));
2369 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2370 rp.addr.type = cp->addr.type;
2371
4ee71b20 2372 if (!bdaddr_type_is_valid(cp->addr.type))
06a63b19
JH		 2373 return cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2374 MGMT_STATUS_INVALID_PARAMS,
2375 &rp, sizeof(rp));
4ee71b20 2376
09fd0de5 2377 hci_dev_lock(hdev);
8962ee74
JH		 2378
2379 if (!test_bit(HCI_UP, &hdev->flags)) {
06a63b19
JH		 2380 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2381 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
8962ee74
JH		 2382 goto failed;
2383 }
2384
2e58ef3e 2385 if (mgmt_pending_find(MGMT_OP_DISCONNECT, hdev)) {
06a63b19
JH		 2386 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2387 MGMT_STATUS_BUSY, &rp, sizeof(rp));
8962ee74
JH		 2388 goto failed;
2389 }
2390
591f47f3 2391 if (cp->addr.type == BDADDR_BREDR)
8fc9ced3
GP		 2392 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
2393 &cp->addr.bdaddr);
88c3df13
JH		 2394 else
2395 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
365227e5 2396
f960727e 2397 if (!conn || conn->state == BT_OPEN || conn->state == BT_CLOSED) {
06a63b19
JH		 2398 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2399 MGMT_STATUS_NOT_CONNECTED, &rp, sizeof(rp));
8962ee74
JH		 2400 goto failed;
2401 }
2402
2e58ef3e 2403 cmd = mgmt_pending_add(sk, MGMT_OP_DISCONNECT, hdev, data, len);
366a0336
JH		 2404 if (!cmd) {
2405 err = -ENOMEM;
8962ee74 2406 goto failed;
366a0336 2407 }
8962ee74 2408
eb55ef07 2409 dc.handle = cpu_to_le16(conn->handle);
3701f944 2410 dc.reason = HCI_ERROR_REMOTE_USER_TERM;
8962ee74
JH		 2411
2412 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
2413 if (err < 0)
a664b5bc 2414 mgmt_pending_remove(cmd);
8962ee74
JH		 2415
2416failed:
09fd0de5 2417 hci_dev_unlock(hdev);
8962ee74
JH		 2418 return err;
2419}
2420
57c1477c 2421static u8 link_to_bdaddr(u8 link_type, u8 addr_type)
4c659c39
JH		 2422{
2423 switch (link_type) {
2424 case LE_LINK:
48264f06
JH		 2425 switch (addr_type) {
2426 case ADDR_LE_DEV_PUBLIC:
591f47f3 2427 return BDADDR_LE_PUBLIC;
0ed09148 2428
48264f06 2429 default:
0ed09148 2430 /* Fallback to LE Random address type */
591f47f3 2431 return BDADDR_LE_RANDOM;
48264f06 2432 }
0ed09148 2433
4c659c39 2434 default:
0ed09148 2435 /* Fallback to BR/EDR type */
591f47f3 2436 return BDADDR_BREDR;
4c659c39
JH		 2437 }
2438}
2439
04124681
GP		 2440static int get_connections(struct sock *sk, struct hci_dev *hdev, void *data,
2441 u16 data_len)
2784eb41 2442{
2784eb41 2443 struct mgmt_rp_get_connections *rp;
8035ded4 2444 struct hci_conn *c;
a38528f1 2445 size_t rp_len;
60fc5fb6
JH		 2446 int err;
2447 u16 i;
2784eb41
JH		 2448
2449 BT_DBG("");
2450
09fd0de5 2451 hci_dev_lock(hdev);
2784eb41 2452
5f97c1df 2453 if (!hdev_is_powered(hdev)) {
bdb6d971 2454 err = cmd_status(sk, hdev->id, MGMT_OP_GET_CONNECTIONS,
04124681 2455 MGMT_STATUS_NOT_POWERED);
5f97c1df
JH		 2456 goto unlock;
2457 }
2458
60fc5fb6 2459 i = 0;
b644ba33
JH		 2460 list_for_each_entry(c, &hdev->conn_hash.list, list) {
2461 if (test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
60fc5fb6 2462 i++;
2784eb41
JH		 2463 }
2464
60fc5fb6 2465 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
92c4c204 2466 rp = kmalloc(rp_len, GFP_KERNEL);
a38528f1 2467 if (!rp) {
2784eb41
JH		 2468 err = -ENOMEM;
2469 goto unlock;
2470 }
2471
2784eb41 2472 i = 0;
4c659c39 2473 list_for_each_entry(c, &hdev->conn_hash.list, list) {
b644ba33
JH		 2474 if (!test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
2475 continue;
4c659c39 2476 bacpy(&rp->addr[i].bdaddr, &c->dst);
57c1477c 2477 rp->addr[i].type = link_to_bdaddr(c->type, c->dst_type);
0ed09148 2478 if (c->type == SCO_LINK || c->type == ESCO_LINK)
4c659c39
JH		 2479 continue;
2480 i++;
2481 }
2482
eb55ef07 2483 rp->conn_count = cpu_to_le16(i);
60fc5fb6 2484
4c659c39
JH		 2485 /* Recalculate length in case of filtered SCO connections, etc */
2486 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
2784eb41 2487
bdb6d971 2488 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CONNECTIONS, 0, rp,
04124681 2489 rp_len);
2784eb41 2490
a38528f1 2491 kfree(rp);
5f97c1df
JH		 2492
2493unlock:
09fd0de5 2494 hci_dev_unlock(hdev);
2784eb41
JH		 2495 return err;
2496}
2497
bdb6d971 2498static int send_pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 2499 struct mgmt_cp_pin_code_neg_reply *cp)
96d97a67
WR		 2500{
2501 struct pending_cmd *cmd;
2502 int err;
2503
2e58ef3e 2504 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_NEG_REPLY, hdev, cp,
04124681 2505 sizeof(*cp));
96d97a67
WR		 2506 if (!cmd)
2507 return -ENOMEM;
2508
d8457698 2509 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
04124681 2510 sizeof(cp->addr.bdaddr), &cp->addr.bdaddr);
96d97a67
WR		 2511 if (err < 0)
2512 mgmt_pending_remove(cmd);
2513
2514 return err;
2515}
2516
bdb6d971 2517static int pin_code_reply(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2518 u16 len)
980e1a53 2519{
96d97a67 2520 struct hci_conn *conn;
650f726d 2521 struct mgmt_cp_pin_code_reply *cp = data;
980e1a53 2522 struct hci_cp_pin_code_reply reply;
366a0336 2523 struct pending_cmd *cmd;
980e1a53
JH		 2524 int err;
2525
2526 BT_DBG("");
2527
09fd0de5 2528 hci_dev_lock(hdev);
980e1a53 2529
4b34ee78 2530 if (!hdev_is_powered(hdev)) {
bdb6d971 2531 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
04124681 2532 MGMT_STATUS_NOT_POWERED);
980e1a53
JH		 2533 goto failed;
2534 }
2535
d8457698 2536 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->addr.bdaddr);
96d97a67 2537 if (!conn) {
bdb6d971 2538 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
04124681 2539 MGMT_STATUS_NOT_CONNECTED);
96d97a67
WR		 2540 goto failed;
2541 }
2542
2543 if (conn->pending_sec_level == BT_SECURITY_HIGH && cp->pin_len != 16) {
d8457698
JH		 2544 struct mgmt_cp_pin_code_neg_reply ncp;
2545
2546 memcpy(&ncp.addr, &cp->addr, sizeof(ncp.addr));
96d97a67
WR		 2547
2548 BT_ERR("PIN code is not 16 bytes long");
2549
bdb6d971 2550 err = send_pin_code_neg_reply(sk, hdev, &ncp);
96d97a67 2551 if (err >= 0)
bdb6d971 2552 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
04124681 2553 MGMT_STATUS_INVALID_PARAMS);
96d97a67
WR		 2554
2555 goto failed;
2556 }
2557
00abfe44 2558 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_REPLY, hdev, data, len);
366a0336
JH		 2559 if (!cmd) {
2560 err = -ENOMEM;
980e1a53 2561 goto failed;
366a0336 2562 }
980e1a53 2563
d8457698 2564 bacpy(&reply.bdaddr, &cp->addr.bdaddr);
980e1a53 2565 reply.pin_len = cp->pin_len;
24718ca5 2566 memcpy(reply.pin_code, cp->pin_code, sizeof(reply.pin_code));
980e1a53
JH		 2567
2568 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_REPLY, sizeof(reply), &reply);
2569 if (err < 0)
a664b5bc 2570 mgmt_pending_remove(cmd);
980e1a53
JH		 2571
2572failed:
09fd0de5 2573 hci_dev_unlock(hdev);
980e1a53
JH		 2574 return err;
2575}
2576
04124681
GP		 2577static int set_io_capability(struct sock *sk, struct hci_dev *hdev, void *data,
2578 u16 len)
17fa4b9d 2579{
650f726d 2580 struct mgmt_cp_set_io_capability *cp = data;
17fa4b9d
JH		 2581
2582 BT_DBG("");
2583
09fd0de5 2584 hci_dev_lock(hdev);
17fa4b9d
JH		 2585
2586 hdev->io_capability = cp->io_capability;
2587
2588 BT_DBG("%s IO capability set to 0x%02x", hdev->name,
8ce8e2b5 2589 hdev->io_capability);
17fa4b9d 2590
09fd0de5 2591 hci_dev_unlock(hdev);
17fa4b9d 2592
04124681
GP		 2593 return cmd_complete(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY, 0, NULL,
2594 0);
17fa4b9d
JH		 2595}
2596
6039aa73 2597static struct pending_cmd *find_pairing(struct hci_conn *conn)
e9a416b5
JH		 2598{
2599 struct hci_dev *hdev = conn->hdev;
8035ded4 2600 struct pending_cmd *cmd;
e9a416b5 2601
2e58ef3e 2602 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
e9a416b5
JH		 2603 if (cmd->opcode != MGMT_OP_PAIR_DEVICE)
2604 continue;
2605
e9a416b5
JH		 2606 if (cmd->user_data != conn)
2607 continue;
2608
2609 return cmd;
2610 }
2611
2612 return NULL;
2613}
2614
2615static void pairing_complete(struct pending_cmd *cmd, u8 status)
2616{
2617 struct mgmt_rp_pair_device rp;
2618 struct hci_conn *conn = cmd->user_data;
2619
ba4e564f 2620 bacpy(&rp.addr.bdaddr, &conn->dst);
57c1477c 2621 rp.addr.type = link_to_bdaddr(conn->type, conn->dst_type);
e9a416b5 2622
aee9b218 2623 cmd_complete(cmd->sk, cmd->index, MGMT_OP_PAIR_DEVICE, status,
04124681 2624 &rp, sizeof(rp));
e9a416b5
JH		 2625
2626 /* So we don't get further callbacks for this connection */
2627 conn->connect_cfm_cb = NULL;
2628 conn->security_cfm_cb = NULL;
2629 conn->disconn_cfm_cb = NULL;
2630
76a68ba0 2631 hci_conn_drop(conn);
e9a416b5 2632
a664b5bc 2633 mgmt_pending_remove(cmd);
e9a416b5
JH		 2634}
2635
2636static void pairing_complete_cb(struct hci_conn *conn, u8 status)
2637{
2638 struct pending_cmd *cmd;
2639
2640 BT_DBG("status %u", status);
2641
2642 cmd = find_pairing(conn);
56e5cb86 2643 if (!cmd)
e9a416b5 2644 BT_DBG("Unable to find a pending command");
56e5cb86 2645 else
e211326c 2646 pairing_complete(cmd, mgmt_status(status));
e9a416b5
JH		 2647}
2648
4c47d739
VA		 2649static void le_connect_complete_cb(struct hci_conn *conn, u8 status)
2650{
2651 struct pending_cmd *cmd;
2652
2653 BT_DBG("status %u", status);
2654
2655 if (!status)
2656 return;
2657
2658 cmd = find_pairing(conn);
2659 if (!cmd)
2660 BT_DBG("Unable to find a pending command");
2661 else
2662 pairing_complete(cmd, mgmt_status(status));
2663}
2664
bdb6d971 2665static int pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2666 u16 len)
e9a416b5 2667{
650f726d 2668 struct mgmt_cp_pair_device *cp = data;
1425acb7 2669 struct mgmt_rp_pair_device rp;
e9a416b5
JH		 2670 struct pending_cmd *cmd;
2671 u8 sec_level, auth_type;
2672 struct hci_conn *conn;
e9a416b5
JH		 2673 int err;
2674
2675 BT_DBG("");
2676
f950a30e
SJ		 2677 memset(&rp, 0, sizeof(rp));
2678 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2679 rp.addr.type = cp->addr.type;
2680
4ee71b20
JH		 2681 if (!bdaddr_type_is_valid(cp->addr.type))
2682 return cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2683 MGMT_STATUS_INVALID_PARAMS,
2684 &rp, sizeof(rp));
2685
09fd0de5 2686 hci_dev_lock(hdev);
e9a416b5 2687
5f97c1df 2688 if (!hdev_is_powered(hdev)) {
f950a30e
SJ		 2689 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2690 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
5f97c1df
JH		 2691 goto unlock;
2692 }
2693
c908df36
VCG		 2694 sec_level = BT_SECURITY_MEDIUM;
2695 if (cp->io_cap == 0x03)
e9a416b5 2696 auth_type = HCI_AT_DEDICATED_BONDING;
c908df36 2697 else
e9a416b5 2698 auth_type = HCI_AT_DEDICATED_BONDING_MITM;
e9a416b5 2699
591f47f3 2700 if (cp->addr.type == BDADDR_BREDR)
b12f62cf
AG		 2701 conn = hci_connect(hdev, ACL_LINK, &cp->addr.bdaddr,
2702 cp->addr.type, sec_level, auth_type);
7a512d01 2703 else
b12f62cf
AG		 2704 conn = hci_connect(hdev, LE_LINK, &cp->addr.bdaddr,
2705 cp->addr.type, sec_level, auth_type);
7a512d01 2706
30e76272 2707 if (IS_ERR(conn)) {
489dc48e
AK		 2708 int status;
2709
2710 if (PTR_ERR(conn) == -EBUSY)
2711 status = MGMT_STATUS_BUSY;
2712 else
2713 status = MGMT_STATUS_CONNECT_FAILED;
2714
bdb6d971 2715 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
489dc48e 2716 status, &rp,
04124681 2717 sizeof(rp));
e9a416b5
JH		 2718 goto unlock;
2719 }
2720
2721 if (conn->connect_cfm_cb) {
76a68ba0 2722 hci_conn_drop(conn);
bdb6d971 2723 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
04124681 2724 MGMT_STATUS_BUSY, &rp, sizeof(rp));
e9a416b5
JH		 2725 goto unlock;
2726 }
2727
2e58ef3e 2728 cmd = mgmt_pending_add(sk, MGMT_OP_PAIR_DEVICE, hdev, data, len);
e9a416b5
JH		 2729 if (!cmd) {
2730 err = -ENOMEM;
76a68ba0 2731 hci_conn_drop(conn);
e9a416b5
JH		 2732 goto unlock;
2733 }
2734
7a512d01 2735 /* For LE, just connecting isn't a proof that the pairing finished */
591f47f3 2736 if (cp->addr.type == BDADDR_BREDR)
7a512d01 2737 conn->connect_cfm_cb = pairing_complete_cb;
4c47d739
VA		 2738 else
2739 conn->connect_cfm_cb = le_connect_complete_cb;
7a512d01 2740
e9a416b5
JH		 2741 conn->security_cfm_cb = pairing_complete_cb;
2742 conn->disconn_cfm_cb = pairing_complete_cb;
2743 conn->io_capability = cp->io_cap;
2744 cmd->user_data = conn;
2745
2746 if (conn->state == BT_CONNECTED &&
8ce8e2b5 2747 hci_conn_security(conn, sec_level, auth_type))
e9a416b5
JH		 2748 pairing_complete(cmd, 0);
2749
2750 err = 0;
2751
2752unlock:
09fd0de5 2753 hci_dev_unlock(hdev);
e9a416b5
JH		 2754 return err;
2755}
2756
04124681
GP		 2757static int cancel_pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
2758 u16 len)
28424707 2759{
0f4e68cf 2760 struct mgmt_addr_info *addr = data;
28424707
JH		 2761 struct pending_cmd *cmd;
2762 struct hci_conn *conn;
2763 int err;
2764
2765 BT_DBG("");
2766
28424707
JH		 2767 hci_dev_lock(hdev);
2768
5f97c1df 2769 if (!hdev_is_powered(hdev)) {
bdb6d971 2770 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
04124681 2771 MGMT_STATUS_NOT_POWERED);
5f97c1df
JH		 2772 goto unlock;
2773 }
2774
28424707
JH		 2775 cmd = mgmt_pending_find(MGMT_OP_PAIR_DEVICE, hdev);
2776 if (!cmd) {
bdb6d971 2777 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
04124681 2778 MGMT_STATUS_INVALID_PARAMS);
28424707
JH		 2779 goto unlock;
2780 }
2781
2782 conn = cmd->user_data;
2783
2784 if (bacmp(&addr->bdaddr, &conn->dst) != 0) {
bdb6d971 2785 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
04124681 2786 MGMT_STATUS_INVALID_PARAMS);
28424707
JH		 2787 goto unlock;
2788 }
2789
2790 pairing_complete(cmd, MGMT_STATUS_CANCELLED);
2791
bdb6d971 2792 err = cmd_complete(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE, 0,
04124681 2793 addr, sizeof(*addr));
28424707
JH		 2794unlock:
2795 hci_dev_unlock(hdev);
28424707
JH		 2796 return err;
2797}
2798
bdb6d971 2799static int user_pairing_resp(struct sock *sk, struct hci_dev *hdev,
1707c60e 2800 struct mgmt_addr_info *addr, u16 mgmt_op,
04124681 2801 u16 hci_op, __le32 passkey)
a5c29683 2802{
a5c29683 2803 struct pending_cmd *cmd;
0df4c185 2804 struct hci_conn *conn;
a5c29683
JH		 2805 int err;
2806
09fd0de5 2807 hci_dev_lock(hdev);
08ba5382 2808
4b34ee78 2809 if (!hdev_is_powered(hdev)) {
feb94d3d
JH		 2810 err = cmd_complete(sk, hdev->id, mgmt_op,
2811 MGMT_STATUS_NOT_POWERED, addr,
2812 sizeof(*addr));
0df4c185 2813 goto done;
a5c29683
JH		 2814 }
2815
1707c60e
JH		 2816 if (addr->type == BDADDR_BREDR)
2817 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &addr->bdaddr);
272d90df 2818 else
1707c60e 2819 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &addr->bdaddr);
272d90df
JH		 2820
2821 if (!conn) {
feb94d3d
JH		 2822 err = cmd_complete(sk, hdev->id, mgmt_op,
2823 MGMT_STATUS_NOT_CONNECTED, addr,
2824 sizeof(*addr));
272d90df
JH		 2825 goto done;
2826 }
47c15e2b 2827
1707c60e 2828 if (addr->type == BDADDR_LE_PUBLIC || addr->type == BDADDR_LE_RANDOM) {
47c15e2b 2829 /* Continue with pairing via SMP */
5fe57d9e
BG		 2830 err = smp_user_confirm_reply(conn, mgmt_op, passkey);
2831
2832 if (!err)
feb94d3d
JH		 2833 err = cmd_complete(sk, hdev->id, mgmt_op,
2834 MGMT_STATUS_SUCCESS, addr,
2835 sizeof(*addr));
5fe57d9e 2836 else
feb94d3d
JH		 2837 err = cmd_complete(sk, hdev->id, mgmt_op,
2838 MGMT_STATUS_FAILED, addr,
2839 sizeof(*addr));
47c15e2b 2840
47c15e2b
BG		 2841 goto done;
2842 }
2843
1707c60e 2844 cmd = mgmt_pending_add(sk, mgmt_op, hdev, addr, sizeof(*addr));
a5c29683
JH		 2845 if (!cmd) {
2846 err = -ENOMEM;
0df4c185 2847 goto done;
a5c29683
JH		 2848 }
2849
0df4c185 2850 /* Continue with pairing via HCI */
604086b7
BG		 2851 if (hci_op == HCI_OP_USER_PASSKEY_REPLY) {
2852 struct hci_cp_user_passkey_reply cp;
2853
1707c60e 2854 bacpy(&cp.bdaddr, &addr->bdaddr);
604086b7
BG		 2855 cp.passkey = passkey;
2856 err = hci_send_cmd(hdev, hci_op, sizeof(cp), &cp);
2857 } else
1707c60e
JH		 2858 err = hci_send_cmd(hdev, hci_op, sizeof(addr->bdaddr),
2859 &addr->bdaddr);
604086b7 2860
a664b5bc
JH		 2861 if (err < 0)
2862 mgmt_pending_remove(cmd);
a5c29683 2863
0df4c185 2864done:
09fd0de5 2865 hci_dev_unlock(hdev);
a5c29683
JH		 2866 return err;
2867}
2868
afeb019d
JK		 2869static int pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
2870 void *data, u16 len)
2871{
2872 struct mgmt_cp_pin_code_neg_reply *cp = data;
2873
2874 BT_DBG("");
2875
1707c60e 2876 return user_pairing_resp(sk, hdev, &cp->addr,
afeb019d
JK		 2877 MGMT_OP_PIN_CODE_NEG_REPLY,
2878 HCI_OP_PIN_CODE_NEG_REPLY, 0);
2879}
2880
04124681
GP		 2881static int user_confirm_reply(struct sock *sk, struct hci_dev *hdev, void *data,
2882 u16 len)
0df4c185 2883{
650f726d 2884 struct mgmt_cp_user_confirm_reply *cp = data;
0df4c185
BG		 2885
2886 BT_DBG("");
2887
2888 if (len != sizeof(*cp))
bdb6d971 2889 return cmd_status(sk, hdev->id, MGMT_OP_USER_CONFIRM_REPLY,
04124681 2890 MGMT_STATUS_INVALID_PARAMS);
0df4c185 2891
1707c60e 2892 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 2893 MGMT_OP_USER_CONFIRM_REPLY,
2894 HCI_OP_USER_CONFIRM_REPLY, 0);
0df4c185
BG		 2895}
2896
bdb6d971 2897static int user_confirm_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 2898 void *data, u16 len)
0df4c185 2899{
c9c2659f 2900 struct mgmt_cp_user_confirm_neg_reply *cp = data;
0df4c185
BG		 2901
2902 BT_DBG("");
2903
1707c60e 2904 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 2905 MGMT_OP_USER_CONFIRM_NEG_REPLY,
2906 HCI_OP_USER_CONFIRM_NEG_REPLY, 0);
0df4c185
BG		 2907}
2908
04124681
GP		 2909static int user_passkey_reply(struct sock *sk, struct hci_dev *hdev, void *data,
2910 u16 len)
604086b7 2911{
650f726d 2912 struct mgmt_cp_user_passkey_reply *cp = data;
604086b7
BG		 2913
2914 BT_DBG("");
2915
1707c60e 2916 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 2917 MGMT_OP_USER_PASSKEY_REPLY,
2918 HCI_OP_USER_PASSKEY_REPLY, cp->passkey);
604086b7
BG		 2919}
2920
bdb6d971 2921static int user_passkey_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 2922 void *data, u16 len)
604086b7 2923{
650f726d 2924 struct mgmt_cp_user_passkey_neg_reply *cp = data;
604086b7
BG		 2925
2926 BT_DBG("");
2927
1707c60e 2928 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 2929 MGMT_OP_USER_PASSKEY_NEG_REPLY,
2930 HCI_OP_USER_PASSKEY_NEG_REPLY, 0);
604086b7
BG		 2931}
2932
13928971 2933static void update_name(struct hci_request *req)
2b4bf397 2934{
13928971 2935 struct hci_dev *hdev = req->hdev;
2b4bf397
JH		 2936 struct hci_cp_write_local_name cp;
2937
13928971 2938 memcpy(cp.name, hdev->dev_name, sizeof(cp.name));
2b4bf397 2939
890ea898 2940 hci_req_add(req, HCI_OP_WRITE_LOCAL_NAME, sizeof(cp), &cp);
2b4bf397
JH		 2941}
2942
13928971
JH		 2943static void set_name_complete(struct hci_dev *hdev, u8 status)
2944{
2945 struct mgmt_cp_set_local_name *cp;
2946 struct pending_cmd *cmd;
2947
2948 BT_DBG("status 0x%02x", status);
2949
2950 hci_dev_lock(hdev);
2951
2952 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
2953 if (!cmd)
2954 goto unlock;
2955
2956 cp = cmd->param;
2957
2958 if (status)
2959 cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME,
2960 mgmt_status(status));
2961 else
2962 cmd_complete(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
2963 cp, sizeof(*cp));
2964
2965 mgmt_pending_remove(cmd);
2966
2967unlock:
2968 hci_dev_unlock(hdev);
2969}
2970
bdb6d971 2971static int set_local_name(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2972 u16 len)
b312b161 2973{
2b4bf397 2974 struct mgmt_cp_set_local_name *cp = data;
b312b161 2975 struct pending_cmd *cmd;
890ea898 2976 struct hci_request req;
b312b161
JH		 2977 int err;
2978
2979 BT_DBG("");
2980
09fd0de5 2981 hci_dev_lock(hdev);
b312b161 2982
b3f2ca94
JH		 2983 /* If the old values are the same as the new ones just return a
2984 * direct command complete event.
2985 */
2986 if (!memcmp(hdev->dev_name, cp->name, sizeof(hdev->dev_name)) &&
2987 !memcmp(hdev->short_name, cp->short_name,
2988 sizeof(hdev->short_name))) {
2989 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
2990 data, len);
2991 goto failed;
2992 }
2993
2b4bf397 2994 memcpy(hdev->short_name, cp->short_name, sizeof(hdev->short_name));
28cc7bde 2995
b5235a65 2996 if (!hdev_is_powered(hdev)) {
2b4bf397 2997 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
28cc7bde
JH		 2998
2999 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
04124681 3000 data, len);
28cc7bde
JH		 3001 if (err < 0)
3002 goto failed;
3003
3004 err = mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, data, len,
04124681 3005 sk);
28cc7bde 3006
b5235a65
JH		 3007 goto failed;
3008 }
3009
28cc7bde 3010 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LOCAL_NAME, hdev, data, len);
b312b161
JH		 3011 if (!cmd) {
3012 err = -ENOMEM;
3013 goto failed;
3014 }
3015
13928971
JH		 3016 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
3017
890ea898 3018 hci_req_init(&req, hdev);
3f985050
JH		 3019
3020 if (lmp_bredr_capable(hdev)) {
3021 update_name(&req);
3022 update_eir(&req);
3023 }
3024
7a5f4990
MH		 3025 /* The name is stored in the scan response data and so
3026 * no need to udpate the advertising data here.
3027 */
3f985050 3028 if (lmp_le_capable(hdev))
7a5f4990 3029 update_scan_rsp_data(&req);
3f985050 3030
13928971 3031 err = hci_req_run(&req, set_name_complete);
b312b161
JH		 3032 if (err < 0)
3033 mgmt_pending_remove(cmd);
3034
3035failed:
09fd0de5 3036 hci_dev_unlock(hdev);
b312b161
JH		 3037 return err;
3038}
3039
0f4e68cf 3040static int read_local_oob_data(struct sock *sk, struct hci_dev *hdev,
04124681 3041 void *data, u16 data_len)
c35938b2 3042{
c35938b2
SJ		 3043 struct pending_cmd *cmd;
3044 int err;
3045
bdb6d971 3046 BT_DBG("%s", hdev->name);
c35938b2 3047
09fd0de5 3048 hci_dev_lock(hdev);
c35938b2 3049
4b34ee78 3050 if (!hdev_is_powered(hdev)) {
bdb6d971 3051 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
04124681 3052 MGMT_STATUS_NOT_POWERED);
c35938b2
SJ		 3053 goto unlock;
3054 }
3055
9a1a1996 3056 if (!lmp_ssp_capable(hdev)) {
bdb6d971 3057 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
04124681 3058 MGMT_STATUS_NOT_SUPPORTED);
c35938b2
SJ		 3059 goto unlock;
3060 }
3061
2e58ef3e 3062 if (mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev)) {
bdb6d971 3063 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
04124681 3064 MGMT_STATUS_BUSY);
c35938b2
SJ		 3065 goto unlock;
3066 }
3067
2e58ef3e 3068 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_DATA, hdev, NULL, 0);
c35938b2
SJ		 3069 if (!cmd) {
3070 err = -ENOMEM;
3071 goto unlock;
3072 }
3073
3074 err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL);
3075 if (err < 0)
3076 mgmt_pending_remove(cmd);
3077
3078unlock:
09fd0de5 3079 hci_dev_unlock(hdev);
c35938b2
SJ		 3080 return err;
3081}
3082
bdb6d971 3083static int add_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
04124681 3084 void *data, u16 len)
2763eda6 3085{
650f726d 3086 struct mgmt_cp_add_remote_oob_data *cp = data;
bf1e3541 3087 u8 status;
2763eda6
SJ		 3088 int err;
3089
bdb6d971 3090 BT_DBG("%s ", hdev->name);
2763eda6 3091
09fd0de5 3092 hci_dev_lock(hdev);
2763eda6 3093
664ce4cc 3094 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr, cp->hash,
04124681 3095 cp->randomizer);
2763eda6 3096 if (err < 0)
bf1e3541 3097 status = MGMT_STATUS_FAILED;
2763eda6 3098 else
a6785be2 3099 status = MGMT_STATUS_SUCCESS;
bf1e3541 3100
bdb6d971 3101 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA, status,
04124681 3102 &cp->addr, sizeof(cp->addr));
2763eda6 3103
09fd0de5 3104 hci_dev_unlock(hdev);
2763eda6
SJ		 3105 return err;
3106}
3107
bdb6d971 3108static int remove_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
8ce8e2b5 3109 void *data, u16 len)
2763eda6 3110{
650f726d 3111 struct mgmt_cp_remove_remote_oob_data *cp = data;
bf1e3541 3112 u8 status;
2763eda6
SJ		 3113 int err;
3114
bdb6d971 3115 BT_DBG("%s", hdev->name);
2763eda6 3116
09fd0de5 3117 hci_dev_lock(hdev);
2763eda6 3118
664ce4cc 3119 err = hci_remove_remote_oob_data(hdev, &cp->addr.bdaddr);
2763eda6 3120 if (err < 0)
bf1e3541 3121 status = MGMT_STATUS_INVALID_PARAMS;
2763eda6 3122 else
a6785be2 3123 status = MGMT_STATUS_SUCCESS;
bf1e3541 3124
bdb6d971 3125 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
04124681 3126 status, &cp->addr, sizeof(cp->addr));
2763eda6 3127
09fd0de5 3128 hci_dev_unlock(hdev);
2763eda6
SJ		 3129 return err;
3130}
3131
41dc2bd6
AG		 3132static int mgmt_start_discovery_failed(struct hci_dev *hdev, u8 status)
3133{
3134 struct pending_cmd *cmd;
3135 u8 type;
3136 int err;
3137
3138 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
3139
3140 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
3141 if (!cmd)
3142 return -ENOENT;
3143
3144 type = hdev->discovery.type;
3145
3146 err = cmd_complete(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status),
3147 &type, sizeof(type));
3148 mgmt_pending_remove(cmd);
3149
3150 return err;
3151}
3152
7c307720
AG		 3153static void start_discovery_complete(struct hci_dev *hdev, u8 status)
3154{
3155 BT_DBG("status %d", status);
3156
3157 if (status) {
3158 hci_dev_lock(hdev);
3159 mgmt_start_discovery_failed(hdev, status);
3160 hci_dev_unlock(hdev);
3161 return;
3162 }
3163
3164 hci_dev_lock(hdev);
3165 hci_discovery_set_state(hdev, DISCOVERY_FINDING);
3166 hci_dev_unlock(hdev);
3167
3168 switch (hdev->discovery.type) {
3169 case DISCOV_TYPE_LE:
3170 queue_delayed_work(hdev->workqueue, &hdev->le_scan_disable,
0d8cc935 3171 DISCOV_LE_TIMEOUT);
7c307720
AG		 3172 break;
3173
3174 case DISCOV_TYPE_INTERLEAVED:
3175 queue_delayed_work(hdev->workqueue, &hdev->le_scan_disable,
0d8cc935 3176 DISCOV_INTERLEAVED_TIMEOUT);
7c307720
AG		 3177 break;
3178
3179 case DISCOV_TYPE_BREDR:
3180 break;
3181
3182 default:
3183 BT_ERR("Invalid discovery type %d", hdev->discovery.type);
3184 }
3185}
3186
bdb6d971 3187static int start_discovery(struct sock *sk, struct hci_dev *hdev,
04124681 3188 void *data, u16 len)
14a53664 3189{
650f726d 3190 struct mgmt_cp_start_discovery *cp = data;
14a53664 3191 struct pending_cmd *cmd;
7c307720
AG		 3192 struct hci_cp_le_set_scan_param param_cp;
3193 struct hci_cp_le_set_scan_enable enable_cp;
3194 struct hci_cp_inquiry inq_cp;
3195 struct hci_request req;
3196 /* General inquiry access code (GIAC) */
3197 u8 lap[3] = { 0x33, 0x8b, 0x9e };
e6fe7986 3198 u8 status;
14a53664
JH		 3199 int err;
3200
bdb6d971 3201 BT_DBG("%s", hdev->name);
14a53664 3202
09fd0de5 3203 hci_dev_lock(hdev);
14a53664 3204
4b34ee78 3205 if (!hdev_is_powered(hdev)) {
bdb6d971 3206 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
04124681 3207 MGMT_STATUS_NOT_POWERED);
bd2d1334
JH		 3208 goto failed;
3209 }
3210
642be6c7
AG		 3211 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags)) {
3212 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3213 MGMT_STATUS_BUSY);
3214 goto failed;
3215 }
3216
ff9ef578 3217 if (hdev->discovery.state != DISCOVERY_STOPPED) {
bdb6d971 3218 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
04124681 3219 MGMT_STATUS_BUSY);
ff9ef578
JH		 3220 goto failed;
3221 }
3222
2e58ef3e 3223 cmd = mgmt_pending_add(sk, MGMT_OP_START_DISCOVERY, hdev, NULL, 0);
14a53664
JH		 3224 if (!cmd) {
3225 err = -ENOMEM;
3226 goto failed;
3227 }
3228
4aab14e5
AG		 3229 hdev->discovery.type = cp->type;
3230
7c307720
AG		 3231 hci_req_init(&req, hdev);
3232
4aab14e5 3233 switch (hdev->discovery.type) {
f39799f5 3234 case DISCOV_TYPE_BREDR:
e6fe7986
JH		 3235 status = mgmt_bredr_support(hdev);
3236 if (status) {
04106755 3237 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
e6fe7986 3238 status);
04106755
JH		 3239 mgmt_pending_remove(cmd);
3240 goto failed;
3241 }
3242
7c307720
AG		 3243 if (test_bit(HCI_INQUIRY, &hdev->flags)) {
3244 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3245 MGMT_STATUS_BUSY);
3246 mgmt_pending_remove(cmd);
3247 goto failed;
3248 }
3249
3250 hci_inquiry_cache_flush(hdev);
3251
3252 memset(&inq_cp, 0, sizeof(inq_cp));
3253 memcpy(&inq_cp.lap, lap, sizeof(inq_cp.lap));
0d8cc935 3254 inq_cp.length = DISCOV_BREDR_INQUIRY_LEN;
7c307720 3255 hci_req_add(&req, HCI_OP_INQUIRY, sizeof(inq_cp), &inq_cp);
f39799f5
AG		 3256 break;
3257
3258 case DISCOV_TYPE_LE:
7c307720 3259 case DISCOV_TYPE_INTERLEAVED:
e6fe7986
JH		 3260 status = mgmt_le_support(hdev);
3261 if (status) {
04106755 3262 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
e6fe7986 3263 status);
04106755
JH		 3264 mgmt_pending_remove(cmd);
3265 goto failed;
3266 }
3267
7c307720 3268 if (hdev->discovery.type == DISCOV_TYPE_INTERLEAVED &&
56f87901 3269 !test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
04106755
JH		 3270 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3271 MGMT_STATUS_NOT_SUPPORTED);
3272 mgmt_pending_remove(cmd);
3273 goto failed;
3274 }
3275
f3d3444a 3276 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags)) {
7c307720
AG		 3277 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3278 MGMT_STATUS_REJECTED);
3279 mgmt_pending_remove(cmd);
3280 goto failed;
3281 }
3282
3283 if (test_bit(HCI_LE_SCAN, &hdev->dev_flags)) {
3284 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3285 MGMT_STATUS_BUSY);
3286 mgmt_pending_remove(cmd);
3287 goto failed;
3288 }
3289
3290 memset(&param_cp, 0, sizeof(param_cp));
3291 param_cp.type = LE_SCAN_ACTIVE;
0d8cc935
AG		 3292 param_cp.interval = cpu_to_le16(DISCOV_LE_SCAN_INT);
3293 param_cp.window = cpu_to_le16(DISCOV_LE_SCAN_WIN);
79830f66 3294 param_cp.own_address_type = hdev->own_addr_type;
7c307720
AG		 3295 hci_req_add(&req, HCI_OP_LE_SET_SCAN_PARAM, sizeof(param_cp),
3296 &param_cp);
3297
3298 memset(&enable_cp, 0, sizeof(enable_cp));
3299 enable_cp.enable = LE_SCAN_ENABLE;
3300 enable_cp.filter_dup = LE_SCAN_FILTER_DUP_ENABLE;
3301 hci_req_add(&req, HCI_OP_LE_SET_SCAN_ENABLE, sizeof(enable_cp),
3302 &enable_cp);
5e0452c0
AG		 3303 break;
3304
f39799f5 3305 default:
04106755
JH		 3306 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3307 MGMT_STATUS_INVALID_PARAMS);
3308 mgmt_pending_remove(cmd);
3309 goto failed;
f39799f5 3310 }
3fd24153 3311
7c307720 3312 err = hci_req_run(&req, start_discovery_complete);
14a53664
JH		 3313 if (err < 0)
3314 mgmt_pending_remove(cmd);
ff9ef578
JH		 3315 else
3316 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
14a53664
JH		 3317
3318failed:
09fd0de5 3319 hci_dev_unlock(hdev);
14a53664
JH		 3320 return err;
3321}
3322
1183fdca
AG		 3323static int mgmt_stop_discovery_failed(struct hci_dev *hdev, u8 status)
3324{
3325 struct pending_cmd *cmd;
3326 int err;
3327
3328 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
3329 if (!cmd)
3330 return -ENOENT;
3331
3332 err = cmd_complete(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status),
3333 &hdev->discovery.type, sizeof(hdev->discovery.type));
3334 mgmt_pending_remove(cmd);
3335
3336 return err;
3337}
3338
0e05bba6
AG		 3339static void stop_discovery_complete(struct hci_dev *hdev, u8 status)
3340{
3341 BT_DBG("status %d", status);
3342
3343 hci_dev_lock(hdev);
3344
3345 if (status) {
3346 mgmt_stop_discovery_failed(hdev, status);
3347 goto unlock;
3348 }
3349
3350 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
3351
3352unlock:
3353 hci_dev_unlock(hdev);
3354}
3355
bdb6d971 3356static int stop_discovery(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3357 u16 len)
14a53664 3358{
d930650b 3359 struct mgmt_cp_stop_discovery *mgmt_cp = data;
14a53664 3360 struct pending_cmd *cmd;
30dc78e1
JH		 3361 struct hci_cp_remote_name_req_cancel cp;
3362 struct inquiry_entry *e;
0e05bba6
AG		 3363 struct hci_request req;
3364 struct hci_cp_le_set_scan_enable enable_cp;
14a53664
JH		 3365 int err;
3366
bdb6d971 3367 BT_DBG("%s", hdev->name);
14a53664 3368
09fd0de5 3369 hci_dev_lock(hdev);
14a53664 3370
30dc78e1 3371 if (!hci_discovery_active(hdev)) {
bdb6d971 3372 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
04124681
GP		 3373 MGMT_STATUS_REJECTED, &mgmt_cp->type,
3374 sizeof(mgmt_cp->type));
d930650b
JH		 3375 goto unlock;
3376 }
3377
3378 if (hdev->discovery.type != mgmt_cp->type) {
bdb6d971 3379 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
04124681
GP		 3380 MGMT_STATUS_INVALID_PARAMS, &mgmt_cp->type,
3381 sizeof(mgmt_cp->type));
30dc78e1 3382 goto unlock;
ff9ef578
JH		 3383 }
3384
2e58ef3e 3385 cmd = mgmt_pending_add(sk, MGMT_OP_STOP_DISCOVERY, hdev, NULL, 0);
14a53664
JH		 3386 if (!cmd) {
3387 err = -ENOMEM;
30dc78e1
JH		 3388 goto unlock;
3389 }
3390
0e05bba6
AG		 3391 hci_req_init(&req, hdev);
3392
e0d9727e
AG		 3393 switch (hdev->discovery.state) {
3394 case DISCOVERY_FINDING:
0e05bba6
AG		 3395 if (test_bit(HCI_INQUIRY, &hdev->flags)) {
3396 hci_req_add(&req, HCI_OP_INQUIRY_CANCEL, 0, NULL);
3397 } else {
3398 cancel_delayed_work(&hdev->le_scan_disable);
3399
3400 memset(&enable_cp, 0, sizeof(enable_cp));
3401 enable_cp.enable = LE_SCAN_DISABLE;
3402 hci_req_add(&req, HCI_OP_LE_SET_SCAN_ENABLE,
3403 sizeof(enable_cp), &enable_cp);
3404 }
c9ecc48e 3405
e0d9727e
AG		 3406 break;
3407
3408 case DISCOVERY_RESOLVING:
3409 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY,
8ce8e2b5 3410 NAME_PENDING);
e0d9727e 3411 if (!e) {
30dc78e1 3412 mgmt_pending_remove(cmd);
e0d9727e
AG		 3413 err = cmd_complete(sk, hdev->id,
3414 MGMT_OP_STOP_DISCOVERY, 0,
3415 &mgmt_cp->type,
3416 sizeof(mgmt_cp->type));
3417 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
3418 goto unlock;
3419 }
30dc78e1 3420
e0d9727e 3421 bacpy(&cp.bdaddr, &e->data.bdaddr);
0e05bba6
AG		 3422 hci_req_add(&req, HCI_OP_REMOTE_NAME_REQ_CANCEL, sizeof(cp),
3423 &cp);
e0d9727e
AG		 3424
3425 break;
3426
3427 default:
3428 BT_DBG("unknown discovery state %u", hdev->discovery.state);
0e05bba6
AG		 3429
3430 mgmt_pending_remove(cmd);
3431 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
3432 MGMT_STATUS_FAILED, &mgmt_cp->type,
3433 sizeof(mgmt_cp->type));
3434 goto unlock;
14a53664
JH		 3435 }
3436
0e05bba6 3437 err = hci_req_run(&req, stop_discovery_complete);
14a53664
JH		 3438 if (err < 0)
3439 mgmt_pending_remove(cmd);
ff9ef578
JH		 3440 else
3441 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
14a53664 3442
30dc78e1 3443unlock:
09fd0de5 3444 hci_dev_unlock(hdev);
14a53664
JH		 3445 return err;
3446}
3447
bdb6d971 3448static int confirm_name(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3449 u16 len)
561aafbc 3450{
650f726d 3451 struct mgmt_cp_confirm_name *cp = data;
561aafbc 3452 struct inquiry_entry *e;
561aafbc
JH		 3453 int err;
3454
bdb6d971 3455 BT_DBG("%s", hdev->name);
561aafbc 3456
561aafbc
JH		 3457 hci_dev_lock(hdev);
3458
30dc78e1 3459 if (!hci_discovery_active(hdev)) {
bdb6d971 3460 err = cmd_status(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
04124681 3461 MGMT_STATUS_FAILED);
30dc78e1
JH		 3462 goto failed;
3463 }
3464
a198e7b1 3465 e = hci_inquiry_cache_lookup_unknown(hdev, &cp->addr.bdaddr);
561aafbc 3466 if (!e) {
bdb6d971 3467 err = cmd_status(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
04124681 3468 MGMT_STATUS_INVALID_PARAMS);
561aafbc
JH		 3469 goto failed;
3470 }
3471
3472 if (cp->name_known) {
3473 e->name_state = NAME_KNOWN;
3474 list_del(&e->list);
3475 } else {
3476 e->name_state = NAME_NEEDED;
a3d4e20a 3477 hci_inquiry_cache_update_resolve(hdev, e);
561aafbc
JH		 3478 }
3479
e384662b
JH		 3480 err = cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME, 0, &cp->addr,
3481 sizeof(cp->addr));
561aafbc
JH		 3482
3483failed:
3484 hci_dev_unlock(hdev);
561aafbc
JH		 3485 return err;
3486}
3487
bdb6d971 3488static int block_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3489 u16 len)
7fbec224 3490{
650f726d 3491 struct mgmt_cp_block_device *cp = data;
f0eeea8b 3492 u8 status;
7fbec224
AJ		 3493 int err;
3494
bdb6d971 3495 BT_DBG("%s", hdev->name);
7fbec224 3496
4ee71b20 3497 if (!bdaddr_type_is_valid(cp->addr.type))
5d0846d4
JH		 3498 return cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE,
3499 MGMT_STATUS_INVALID_PARAMS,
3500 &cp->addr, sizeof(cp->addr));
4ee71b20 3501
09fd0de5 3502 hci_dev_lock(hdev);
5e762444 3503
88c1fe4b 3504 err = hci_blacklist_add(hdev, &cp->addr.bdaddr, cp->addr.type);
7fbec224 3505 if (err < 0)
f0eeea8b 3506 status = MGMT_STATUS_FAILED;
7fbec224 3507 else
a6785be2 3508 status = MGMT_STATUS_SUCCESS;
f0eeea8b 3509
bdb6d971 3510 err = cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE, status,
04124681 3511 &cp->addr, sizeof(cp->addr));
5e762444 3512
09fd0de5 3513 hci_dev_unlock(hdev);
7fbec224
AJ		 3514
3515 return err;
3516}
3517
bdb6d971 3518static int unblock_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3519 u16 len)
7fbec224 3520{
650f726d 3521 struct mgmt_cp_unblock_device *cp = data;
f0eeea8b 3522 u8 status;
7fbec224
AJ		 3523 int err;
3524
bdb6d971 3525 BT_DBG("%s", hdev->name);
7fbec224 3526
4ee71b20 3527 if (!bdaddr_type_is_valid(cp->addr.type))
5d0846d4
JH		 3528 return cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE,
3529 MGMT_STATUS_INVALID_PARAMS,
3530 &cp->addr, sizeof(cp->addr));
4ee71b20 3531
09fd0de5 3532 hci_dev_lock(hdev);
5e762444 3533
88c1fe4b 3534 err = hci_blacklist_del(hdev, &cp->addr.bdaddr, cp->addr.type);
7fbec224 3535 if (err < 0)
f0eeea8b 3536 status = MGMT_STATUS_INVALID_PARAMS;
7fbec224 3537 else
a6785be2 3538 status = MGMT_STATUS_SUCCESS;
f0eeea8b 3539
bdb6d971 3540 err = cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE, status,
04124681 3541 &cp->addr, sizeof(cp->addr));
5e762444 3542
09fd0de5 3543 hci_dev_unlock(hdev);
7fbec224
AJ		 3544
3545 return err;
3546}
3547
cdbaccca
MH		 3548static int set_device_id(struct sock *sk, struct hci_dev *hdev, void *data,
3549 u16 len)
3550{
3551 struct mgmt_cp_set_device_id *cp = data;
890ea898 3552 struct hci_request req;
cdbaccca 3553 int err;
c72d4b8a 3554 __u16 source;
cdbaccca
MH		 3555
3556 BT_DBG("%s", hdev->name);
3557
c72d4b8a
SJ		 3558 source = __le16_to_cpu(cp->source);
3559
3560 if (source > 0x0002)
3561 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEVICE_ID,
3562 MGMT_STATUS_INVALID_PARAMS);
3563
cdbaccca
MH		 3564 hci_dev_lock(hdev);
3565
c72d4b8a 3566 hdev->devid_source = source;
cdbaccca
MH		 3567 hdev->devid_vendor = __le16_to_cpu(cp->vendor);
3568 hdev->devid_product = __le16_to_cpu(cp->product);
3569 hdev->devid_version = __le16_to_cpu(cp->version);
3570
3571 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEVICE_ID, 0, NULL, 0);
3572
890ea898
JH		 3573 hci_req_init(&req, hdev);
3574 update_eir(&req);
3575 hci_req_run(&req, NULL);
cdbaccca
MH		 3576
3577 hci_dev_unlock(hdev);
3578
3579 return err;
3580}
3581
4375f103
JH		 3582static void set_advertising_complete(struct hci_dev *hdev, u8 status)
3583{
3584 struct cmd_lookup match = { NULL, hdev };
3585
3586 if (status) {
3587 u8 mgmt_err = mgmt_status(status);
3588
3589 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev,
3590 cmd_status_rsp, &mgmt_err);
3591 return;
3592 }
3593
3594 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev, settings_rsp,
3595 &match);
3596
3597 new_settings(hdev, match.sk);
3598
3599 if (match.sk)
3600 sock_put(match.sk);
3601}
3602
21b5187f
MH		 3603static int set_advertising(struct sock *sk, struct hci_dev *hdev, void *data,
3604 u16 len)
4375f103
JH		 3605{
3606 struct mgmt_mode *cp = data;
3607 struct pending_cmd *cmd;
3608 struct hci_request req;
e6fe7986 3609 u8 val, enabled, status;
4375f103
JH		 3610 int err;
3611
3612 BT_DBG("request for %s", hdev->name);
3613
e6fe7986
JH		 3614 status = mgmt_le_support(hdev);
3615 if (status)
4375f103 3616 return cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
e6fe7986 3617 status);
4375f103
JH		 3618
3619 if (cp->val != 0x00 && cp->val != 0x01)
3620 return cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
3621 MGMT_STATUS_INVALID_PARAMS);
3622
3623 hci_dev_lock(hdev);
3624
3625 val = !!cp->val;
f3d3444a 3626 enabled = test_bit(HCI_ADVERTISING, &hdev->dev_flags);
4375f103 3627
f74ca9b8
JH		 3628 /* The following conditions are ones which mean that we should
3629 * not do any HCI communication but directly send a mgmt
3630 * response to user space (after toggling the flag if
3631 * necessary).
3632 */
3633 if (!hdev_is_powered(hdev) || val == enabled ||
b145edcd 3634 hci_conn_num(hdev, LE_LINK) > 0) {
4375f103
JH		 3635 bool changed = false;
3636
f3d3444a
JH		 3637 if (val != test_bit(HCI_ADVERTISING, &hdev->dev_flags)) {
3638 change_bit(HCI_ADVERTISING, &hdev->dev_flags);
4375f103
JH		 3639 changed = true;
3640 }
3641
3642 err = send_settings_rsp(sk, MGMT_OP_SET_ADVERTISING, hdev);
3643 if (err < 0)
3644 goto unlock;
3645
3646 if (changed)
3647 err = new_settings(hdev, sk);
3648
3649 goto unlock;
3650 }
3651
3652 if (mgmt_pending_find(MGMT_OP_SET_ADVERTISING, hdev) ||
3653 mgmt_pending_find(MGMT_OP_SET_LE, hdev)) {
3654 err = cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
3655 MGMT_STATUS_BUSY);
3656 goto unlock;
3657 }
3658
3659 cmd = mgmt_pending_add(sk, MGMT_OP_SET_ADVERTISING, hdev, data, len);
3660 if (!cmd) {
3661 err = -ENOMEM;
3662 goto unlock;
3663 }
3664
3665 hci_req_init(&req, hdev);
3666
bba3aa55
MH		 3667 if (val)
3668 enable_advertising(&req);
3669 else
3670 disable_advertising(&req);
4375f103
JH		 3671
3672 err = hci_req_run(&req, set_advertising_complete);
3673 if (err < 0)
3674 mgmt_pending_remove(cmd);
3675
3676unlock:
3677 hci_dev_unlock(hdev);
3678 return err;
3679}
3680
d13eafce
MH		 3681static int set_static_address(struct sock *sk, struct hci_dev *hdev,
3682 void *data, u16 len)
3683{
3684 struct mgmt_cp_set_static_address *cp = data;
3685 int err;
3686
3687 BT_DBG("%s", hdev->name);
3688
62af4443 3689 if (!lmp_le_capable(hdev))
d13eafce 3690 return cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
62af4443 3691 MGMT_STATUS_NOT_SUPPORTED);
d13eafce
MH		 3692
3693 if (hdev_is_powered(hdev))
3694 return cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
3695 MGMT_STATUS_REJECTED);
3696
3697 if (bacmp(&cp->bdaddr, BDADDR_ANY)) {
3698 if (!bacmp(&cp->bdaddr, BDADDR_NONE))
3699 return cmd_status(sk, hdev->id,
3700 MGMT_OP_SET_STATIC_ADDRESS,
3701 MGMT_STATUS_INVALID_PARAMS);
3702
3703 /* Two most significant bits shall be set */
3704 if ((cp->bdaddr.b[5] & 0xc0) != 0xc0)
3705 return cmd_status(sk, hdev->id,
3706 MGMT_OP_SET_STATIC_ADDRESS,
3707 MGMT_STATUS_INVALID_PARAMS);
3708 }
3709
3710 hci_dev_lock(hdev);
3711
3712 bacpy(&hdev->static_addr, &cp->bdaddr);
3713
3714 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS, 0, NULL, 0);
3715
3716 hci_dev_unlock(hdev);
3717
3718 return err;
3719}
3720
14b49b9a
MH		 3721static int set_scan_params(struct sock *sk, struct hci_dev *hdev,
3722 void *data, u16 len)
3723{
3724 struct mgmt_cp_set_scan_params *cp = data;
3725 __u16 interval, window;
3726 int err;
3727
3728 BT_DBG("%s", hdev->name);
3729
3730 if (!lmp_le_capable(hdev))
3731 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
3732 MGMT_STATUS_NOT_SUPPORTED);
3733
3734 interval = __le16_to_cpu(cp->interval);
3735
3736 if (interval < 0x0004 || interval > 0x4000)
3737 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
3738 MGMT_STATUS_INVALID_PARAMS);
3739
3740 window = __le16_to_cpu(cp->window);
3741
3742 if (window < 0x0004 || window > 0x4000)
3743 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
3744 MGMT_STATUS_INVALID_PARAMS);
3745
899e1075
MH		 3746 if (window > interval)
3747 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
3748 MGMT_STATUS_INVALID_PARAMS);
3749
14b49b9a
MH		 3750 hci_dev_lock(hdev);
3751
3752 hdev->le_scan_interval = interval;
3753 hdev->le_scan_window = window;
3754
3755 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS, 0, NULL, 0);
3756
3757 hci_dev_unlock(hdev);
3758
3759 return err;
3760}
3761
33e38b3e
JH		 3762static void fast_connectable_complete(struct hci_dev *hdev, u8 status)
3763{
3764 struct pending_cmd *cmd;
3765
3766 BT_DBG("status 0x%02x", status);
3767
3768 hci_dev_lock(hdev);
3769
3770 cmd = mgmt_pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev);
3771 if (!cmd)
3772 goto unlock;
3773
3774 if (status) {
3775 cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
3776 mgmt_status(status));
3777 } else {
1a4d3c4b
JH		 3778 struct mgmt_mode *cp = cmd->param;
3779
3780 if (cp->val)
3781 set_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
3782 else
3783 clear_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
3784
33e38b3e
JH		 3785 send_settings_rsp(cmd->sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev);
3786 new_settings(hdev, cmd->sk);
3787 }
3788
3789 mgmt_pending_remove(cmd);
3790
3791unlock:
3792 hci_dev_unlock(hdev);
3793}
3794
bdb6d971 3795static int set_fast_connectable(struct sock *sk, struct hci_dev *hdev,
04124681 3796 void *data, u16 len)
f6422ec6 3797{
650f726d 3798 struct mgmt_mode *cp = data;
33e38b3e
JH		 3799 struct pending_cmd *cmd;
3800 struct hci_request req;
f6422ec6
AJ		 3801 int err;
3802
bdb6d971 3803 BT_DBG("%s", hdev->name);
f6422ec6 3804
56f87901
JH		 3805 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags) ||
3806 hdev->hci_ver < BLUETOOTH_VER_1_2)
33c525c0
JH		 3807 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
3808 MGMT_STATUS_NOT_SUPPORTED);
3809
a7e80f25
JH		 3810 if (cp->val != 0x00 && cp->val != 0x01)
3811 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
3812 MGMT_STATUS_INVALID_PARAMS);
3813
5400c044 3814 if (!hdev_is_powered(hdev))
bdb6d971 3815 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
04124681 3816 MGMT_STATUS_NOT_POWERED);
5400c044
JH		 3817
3818 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
bdb6d971 3819 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
04124681 3820 MGMT_STATUS_REJECTED);
f6422ec6
AJ		 3821
3822 hci_dev_lock(hdev);
3823
05cbf29f
JH		 3824 if (mgmt_pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev)) {
3825 err = cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
3826 MGMT_STATUS_BUSY);
3827 goto unlock;
3828 }
3829
1a4d3c4b
JH		 3830 if (!!cp->val == test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags)) {
3831 err = send_settings_rsp(sk, MGMT_OP_SET_FAST_CONNECTABLE,
3832 hdev);
3833 goto unlock;
3834 }
3835
33e38b3e
JH		 3836 cmd = mgmt_pending_add(sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev,
3837 data, len);
3838 if (!cmd) {
3839 err = -ENOMEM;
3840 goto unlock;
f6422ec6
AJ		 3841 }
3842
33e38b3e
JH		 3843 hci_req_init(&req, hdev);
3844
406d7804 3845 write_fast_connectable(&req, cp->val);
33e38b3e
JH		 3846
3847 err = hci_req_run(&req, fast_connectable_complete);
f6422ec6 3848 if (err < 0) {
bdb6d971 3849 err = cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
04124681 3850 MGMT_STATUS_FAILED);
33e38b3e 3851 mgmt_pending_remove(cmd);
f6422ec6
AJ		 3852 }
3853
33e38b3e 3854unlock:
f6422ec6 3855 hci_dev_unlock(hdev);
33e38b3e 3856
f6422ec6
AJ		 3857 return err;
3858}
3859
67e5a7a3
JH		 3860static void set_bredr_scan(struct hci_request *req)
3861{
3862 struct hci_dev *hdev = req->hdev;
3863 u8 scan = 0;
3864
3865 /* Ensure that fast connectable is disabled. This function will
3866 * not do anything if the page scan parameters are already what
3867 * they should be.
3868 */
3869 write_fast_connectable(req, false);
3870
3871 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
3872 scan |= SCAN_PAGE;
3873 if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
3874 scan |= SCAN_INQUIRY;
3875
3876 if (scan)
3877 hci_req_add(req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
3878}
3879
0663ca2a
JH		 3880static void set_bredr_complete(struct hci_dev *hdev, u8 status)
3881{
3882 struct pending_cmd *cmd;
3883
3884 BT_DBG("status 0x%02x", status);
3885
3886 hci_dev_lock(hdev);
3887
3888 cmd = mgmt_pending_find(MGMT_OP_SET_BREDR, hdev);
3889 if (!cmd)
3890 goto unlock;
3891
3892 if (status) {
3893 u8 mgmt_err = mgmt_status(status);
3894
3895 /* We need to restore the flag if related HCI commands
3896 * failed.
3897 */
3898 clear_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
3899
3900 cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
3901 } else {
3902 send_settings_rsp(cmd->sk, MGMT_OP_SET_BREDR, hdev);
3903 new_settings(hdev, cmd->sk);
3904 }
3905
3906 mgmt_pending_remove(cmd);
3907
3908unlock:
3909 hci_dev_unlock(hdev);
3910}
3911
3912static int set_bredr(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
3913{
3914 struct mgmt_mode *cp = data;
3915 struct pending_cmd *cmd;
3916 struct hci_request req;
3917 int err;
3918
3919 BT_DBG("request for %s", hdev->name);
3920
3921 if (!lmp_bredr_capable(hdev) || !lmp_le_capable(hdev))
3922 return cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
3923 MGMT_STATUS_NOT_SUPPORTED);
3924
3925 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
3926 return cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
3927 MGMT_STATUS_REJECTED);
3928
3929 if (cp->val != 0x00 && cp->val != 0x01)
3930 return cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
3931 MGMT_STATUS_INVALID_PARAMS);
3932
3933 hci_dev_lock(hdev);
3934
3935 if (cp->val == test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
3936 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
3937 goto unlock;
3938 }
3939
3940 if (!hdev_is_powered(hdev)) {
3941 if (!cp->val) {
0663ca2a
JH		 3942 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
3943 clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
3944 clear_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
3945 clear_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
3946 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
3947 }
3948
3949 change_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
3950
3951 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
3952 if (err < 0)
3953 goto unlock;
3954
3955 err = new_settings(hdev, sk);
3956 goto unlock;
3957 }
3958
3959 /* Reject disabling when powered on */
3960 if (!cp->val) {
3961 err = cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
3962 MGMT_STATUS_REJECTED);
3963 goto unlock;
3964 }
3965
3966 if (mgmt_pending_find(MGMT_OP_SET_BREDR, hdev)) {
3967 err = cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
3968 MGMT_STATUS_BUSY);
3969 goto unlock;
3970 }
3971
3972 cmd = mgmt_pending_add(sk, MGMT_OP_SET_BREDR, hdev, data, len);
3973 if (!cmd) {
3974 err = -ENOMEM;
3975 goto unlock;
3976 }
3977
5947f4bc 3978 /* We need to flip the bit already here so that update_adv_data
0663ca2a
JH		 3979 * generates the correct flags.
3980 */
3981 set_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
3982
3983 hci_req_init(&req, hdev);
aa8af46e
JH		 3984
3985 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
3986 set_bredr_scan(&req);
3987
f14d8f64
MH		 3988 /* Since only the advertising data flags will change, there
3989 * is no need to update the scan response data.
3990 */
5947f4bc 3991 update_adv_data(&req);
aa8af46e 3992
0663ca2a
JH		 3993 err = hci_req_run(&req, set_bredr_complete);
3994 if (err < 0)
3995 mgmt_pending_remove(cmd);
3996
3997unlock:
3998 hci_dev_unlock(hdev);
3999 return err;
4000}
4001
3f706b72
JH		 4002static bool ltk_is_valid(struct mgmt_ltk_info *key)
4003{
44b20d33
JH		 4004 if (key->authenticated != 0x00 && key->authenticated != 0x01)
4005 return false;
3f706b72
JH		 4006 if (key->master != 0x00 && key->master != 0x01)
4007 return false;
4ee71b20
JH		 4008 if (!bdaddr_type_is_le(key->addr.type))
4009 return false;
3f706b72
JH		 4010 return true;
4011}
4012
bdb6d971 4013static int load_long_term_keys(struct sock *sk, struct hci_dev *hdev,
04124681 4014 void *cp_data, u16 len)
346af67b 4015{
346af67b
VCG		 4016 struct mgmt_cp_load_long_term_keys *cp = cp_data;
4017 u16 key_count, expected_len;
715a5bf2 4018 int i, err;
346af67b 4019
cf99ba13
MH		 4020 BT_DBG("request for %s", hdev->name);
4021
4022 if (!lmp_le_capable(hdev))
4023 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
4024 MGMT_STATUS_NOT_SUPPORTED);
4025
1f350c87 4026 key_count = __le16_to_cpu(cp->key_count);
346af67b
VCG		 4027
4028 expected_len = sizeof(*cp) + key_count *
4029 sizeof(struct mgmt_ltk_info);
4030 if (expected_len != len) {
4031 BT_ERR("load_keys: expected %u bytes, got %u bytes",
8ce8e2b5 4032 len, expected_len);
bdb6d971 4033 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
e57e619f 4034 MGMT_STATUS_INVALID_PARAMS);
346af67b
VCG		 4035 }
4036
bdb6d971 4037 BT_DBG("%s key_count %u", hdev->name, key_count);
346af67b 4038
54ad6d8a
JH		 4039 for (i = 0; i < key_count; i++) {
4040 struct mgmt_ltk_info *key = &cp->keys[i];
4041
3f706b72 4042 if (!ltk_is_valid(key))
54ad6d8a
JH		 4043 return cmd_status(sk, hdev->id,
4044 MGMT_OP_LOAD_LONG_TERM_KEYS,
4045 MGMT_STATUS_INVALID_PARAMS);
4046 }
4047
346af67b
VCG		 4048 hci_dev_lock(hdev);
4049
4050 hci_smp_ltks_clear(hdev);
4051
4052 for (i = 0; i < key_count; i++) {
4053 struct mgmt_ltk_info *key = &cp->keys[i];
79d95a19
MH		 4054 u8 type, addr_type;
4055
4056 if (key->addr.type == BDADDR_LE_PUBLIC)
4057 addr_type = ADDR_LE_DEV_PUBLIC;
4058 else
4059 addr_type = ADDR_LE_DEV_RANDOM;
346af67b
VCG		 4060
4061 if (key->master)
4062 type = HCI_SMP_LTK;
4063 else
4064 type = HCI_SMP_LTK_SLAVE;
4065
79d95a19 4066 hci_add_ltk(hdev, &key->addr.bdaddr, addr_type,
04124681
GP		 4067 type, 0, key->authenticated, key->val,
4068 key->enc_size, key->ediv, key->rand);
346af67b
VCG		 4069 }
4070
715a5bf2
JH		 4071 err = cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS, 0,
4072 NULL, 0);
4073
346af67b 4074 hci_dev_unlock(hdev);
346af67b 4075
715a5bf2 4076 return err;
346af67b
VCG		 4077}
4078
2e3c35ea 4079static const struct mgmt_handler {
04124681
GP		 4080 int (*func) (struct sock *sk, struct hci_dev *hdev, void *data,
4081 u16 data_len);
be22b54e
JH		 4082 bool var_len;
4083 size_t data_len;
0f4e68cf
JH		 4084} mgmt_handlers[] = {
4085 { NULL }, /* 0x0000 (no command) */
be22b54e
JH		 4086 { read_version, false, MGMT_READ_VERSION_SIZE },
4087 { read_commands, false, MGMT_READ_COMMANDS_SIZE },
4088 { read_index_list, false, MGMT_READ_INDEX_LIST_SIZE },
4089 { read_controller_info, false, MGMT_READ_INFO_SIZE },
4090 { set_powered, false, MGMT_SETTING_SIZE },
4091 { set_discoverable, false, MGMT_SET_DISCOVERABLE_SIZE },
4092 { set_connectable, false, MGMT_SETTING_SIZE },
4093 { set_fast_connectable, false, MGMT_SETTING_SIZE },
4094 { set_pairable, false, MGMT_SETTING_SIZE },
4095 { set_link_security, false, MGMT_SETTING_SIZE },
4096 { set_ssp, false, MGMT_SETTING_SIZE },
4097 { set_hs, false, MGMT_SETTING_SIZE },
4098 { set_le, false, MGMT_SETTING_SIZE },
4099 { set_dev_class, false, MGMT_SET_DEV_CLASS_SIZE },
4100 { set_local_name, false, MGMT_SET_LOCAL_NAME_SIZE },
4101 { add_uuid, false, MGMT_ADD_UUID_SIZE },
4102 { remove_uuid, false, MGMT_REMOVE_UUID_SIZE },
4103 { load_link_keys, true, MGMT_LOAD_LINK_KEYS_SIZE },
4104 { load_long_term_keys, true, MGMT_LOAD_LONG_TERM_KEYS_SIZE },
4105 { disconnect, false, MGMT_DISCONNECT_SIZE },
4106 { get_connections, false, MGMT_GET_CONNECTIONS_SIZE },
4107 { pin_code_reply, false, MGMT_PIN_CODE_REPLY_SIZE },
4108 { pin_code_neg_reply, false, MGMT_PIN_CODE_NEG_REPLY_SIZE },
4109 { set_io_capability, false, MGMT_SET_IO_CAPABILITY_SIZE },
4110 { pair_device, false, MGMT_PAIR_DEVICE_SIZE },
4111 { cancel_pair_device, false, MGMT_CANCEL_PAIR_DEVICE_SIZE },
4112 { unpair_device, false, MGMT_UNPAIR_DEVICE_SIZE },
4113 { user_confirm_reply, false, MGMT_USER_CONFIRM_REPLY_SIZE },
4114 { user_confirm_neg_reply, false, MGMT_USER_CONFIRM_NEG_REPLY_SIZE },
4115 { user_passkey_reply, false, MGMT_USER_PASSKEY_REPLY_SIZE },
4116 { user_passkey_neg_reply, false, MGMT_USER_PASSKEY_NEG_REPLY_SIZE },
4117 { read_local_oob_data, false, MGMT_READ_LOCAL_OOB_DATA_SIZE },
4118 { add_remote_oob_data, false, MGMT_ADD_REMOTE_OOB_DATA_SIZE },
4119 { remove_remote_oob_data, false, MGMT_REMOVE_REMOTE_OOB_DATA_SIZE },
4120 { start_discovery, false, MGMT_START_DISCOVERY_SIZE },
4121 { stop_discovery, false, MGMT_STOP_DISCOVERY_SIZE },
4122 { confirm_name, false, MGMT_CONFIRM_NAME_SIZE },
4123 { block_device, false, MGMT_BLOCK_DEVICE_SIZE },
4124 { unblock_device, false, MGMT_UNBLOCK_DEVICE_SIZE },
cdbaccca 4125 { set_device_id, false, MGMT_SET_DEVICE_ID_SIZE },
4375f103 4126 { set_advertising, false, MGMT_SETTING_SIZE },
0663ca2a 4127 { set_bredr, false, MGMT_SETTING_SIZE },
d13eafce 4128 { set_static_address, false, MGMT_SET_STATIC_ADDRESS_SIZE },
14b49b9a 4129 { set_scan_params, false, MGMT_SET_SCAN_PARAMS_SIZE },
0f4e68cf
JH		 4130};
4131
4132
0381101f
JH		 4133int mgmt_control(struct sock *sk, struct msghdr *msg, size_t msglen)
4134{
650f726d
VCG		 4135 void *buf;
4136 u8 *cp;
0381101f 4137 struct mgmt_hdr *hdr;
4e51eae9 4138 u16 opcode, index, len;
bdb6d971 4139 struct hci_dev *hdev = NULL;
2e3c35ea 4140 const struct mgmt_handler *handler;
0381101f
JH		 4141 int err;
4142
4143 BT_DBG("got %zu bytes", msglen);
4144
4145 if (msglen < sizeof(*hdr))
4146 return -EINVAL;
4147
e63a15ec 4148 buf = kmalloc(msglen, GFP_KERNEL);
0381101f
JH		 4149 if (!buf)
4150 return -ENOMEM;
4151
4152 if (memcpy_fromiovec(buf, msg->msg_iov, msglen)) {
4153 err = -EFAULT;
4154 goto done;
4155 }
4156
650f726d 4157 hdr = buf;
1f350c87
MH		 4158 opcode = __le16_to_cpu(hdr->opcode);
4159 index = __le16_to_cpu(hdr->index);
4160 len = __le16_to_cpu(hdr->len);
0381101f
JH		 4161
4162 if (len != msglen - sizeof(*hdr)) {
4163 err = -EINVAL;
4164 goto done;
4165 }
4166
0f4e68cf 4167 if (index != MGMT_INDEX_NONE) {
bdb6d971
JH		 4168 hdev = hci_dev_get(index);
4169 if (!hdev) {
4170 err = cmd_status(sk, index, opcode,
04124681 4171 MGMT_STATUS_INVALID_INDEX);
bdb6d971
JH		 4172 goto done;
4173 }
0736cfa8 4174
cebf4cfd
JH		 4175 if (test_bit(HCI_SETUP, &hdev->dev_flags) ||
4176 test_bit(HCI_USER_CHANNEL, &hdev->dev_flags)) {
0736cfa8
MH		 4177 err = cmd_status(sk, index, opcode,
4178 MGMT_STATUS_INVALID_INDEX);
4179 goto done;
4180 }
bdb6d971
JH		 4181 }
4182
0f4e68cf 4183 if (opcode >= ARRAY_SIZE(mgmt_handlers) ||
8ce8e2b5 4184 mgmt_handlers[opcode].func == NULL) {
0381101f 4185 BT_DBG("Unknown op %u", opcode);
ca69b795 4186 err = cmd_status(sk, index, opcode,
04124681 4187 MGMT_STATUS_UNKNOWN_COMMAND);
0f4e68cf
JH		 4188 goto done;
4189 }
4190
4191 if ((hdev && opcode < MGMT_OP_READ_INFO) ||
8ce8e2b5 4192 (!hdev && opcode >= MGMT_OP_READ_INFO)) {
0f4e68cf 4193 err = cmd_status(sk, index, opcode,
04124681 4194 MGMT_STATUS_INVALID_INDEX);
0f4e68cf 4195 goto done;
0381101f
JH		 4196 }
4197
be22b54e
JH		 4198 handler = &mgmt_handlers[opcode];
4199
4200 if ((handler->var_len && len < handler->data_len) ||
8ce8e2b5 4201 (!handler->var_len && len != handler->data_len)) {
be22b54e 4202 err = cmd_status(sk, index, opcode,
04124681 4203 MGMT_STATUS_INVALID_PARAMS);
be22b54e
JH		 4204 goto done;
4205 }
4206
0f4e68cf
JH		 4207 if (hdev)
4208 mgmt_init_hdev(sk, hdev);
4209
4210 cp = buf + sizeof(*hdr);
4211
be22b54e 4212 err = handler->func(sk, hdev, cp, len);
e41d8b4e
JH		 4213 if (err < 0)
4214 goto done;
4215
0381101f
JH		 4216 err = msglen;
4217
4218done:
bdb6d971
JH		 4219 if (hdev)
4220 hci_dev_put(hdev);
4221
0381101f
JH		 4222 kfree(buf);
4223 return err;
4224}
c71e97bf 4225
bf6b56db 4226void mgmt_index_added(struct hci_dev *hdev)
c71e97bf 4227{
1514b892 4228 if (hdev->dev_type != HCI_BREDR)
bf6b56db 4229 return;
bb4b2a9a 4230
bf6b56db 4231 mgmt_event(MGMT_EV_INDEX_ADDED, hdev, NULL, 0, NULL);
c71e97bf
JH		 4232}
4233
bf6b56db 4234void mgmt_index_removed(struct hci_dev *hdev)
c71e97bf 4235{
5f159032 4236 u8 status = MGMT_STATUS_INVALID_INDEX;
b24752fe 4237
1514b892 4238 if (hdev->dev_type != HCI_BREDR)
bf6b56db 4239 return;
bb4b2a9a 4240
744cf19e 4241 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status);
b24752fe 4242
bf6b56db 4243 mgmt_event(MGMT_EV_INDEX_REMOVED, hdev, NULL, 0, NULL);
eec8d2bc
JH		 4244}
4245
229ab39c
JH		 4246static void powered_complete(struct hci_dev *hdev, u8 status)
4247{
4248 struct cmd_lookup match = { NULL, hdev };
4249
4250 BT_DBG("status 0x%02x", status);
4251
4252 hci_dev_lock(hdev);
4253
4254 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
4255
4256 new_settings(hdev, match.sk);
4257
4258 hci_dev_unlock(hdev);
4259
4260 if (match.sk)
4261 sock_put(match.sk);
4262}
4263
70da6243 4264static int powered_update_hci(struct hci_dev *hdev)
5add6af8 4265{
890ea898 4266 struct hci_request req;
70da6243 4267 u8 link_sec;
5add6af8 4268
890ea898
JH		 4269 hci_req_init(&req, hdev);
4270
70da6243
JH		 4271 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags) &&
4272 !lmp_host_ssp_capable(hdev)) {
4273 u8 ssp = 1;
5e5282bb 4274
890ea898 4275 hci_req_add(&req, HCI_OP_WRITE_SSP_MODE, 1, &ssp);
70da6243 4276 }
5add6af8 4277
c73eee91
JH		 4278 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags) &&
4279 lmp_bredr_capable(hdev)) {
70da6243 4280 struct hci_cp_write_le_host_supported cp;
f0ff92fb 4281
70da6243
JH		 4282 cp.le = 1;
4283 cp.simul = lmp_le_br_capable(hdev);
3d1cbdd6 4284
70da6243
JH		 4285 /* Check first if we already have the right
4286 * host state (host features set)
4287 */
4288 if (cp.le != lmp_host_le_capable(hdev) ||
4289 cp.simul != lmp_host_le_br_capable(hdev))
890ea898
JH		 4290 hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED,
4291 sizeof(cp), &cp);
70da6243 4292 }
3d1cbdd6 4293
d13eafce
MH		 4294 if (lmp_le_capable(hdev)) {
4295 /* Set random address to static address if configured */
4296 if (bacmp(&hdev->static_addr, BDADDR_ANY))
4297 hci_req_add(&req, HCI_OP_LE_SET_RANDOM_ADDR, 6,
4298 &hdev->static_addr);
eeca6f89 4299
441ad2d0
MH		 4300 /* Make sure the controller has a good default for
4301 * advertising data. This also applies to the case
4302 * where BR/EDR was toggled during the AUTO_OFF phase.
4303 */
f14d8f64 4304 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
5947f4bc 4305 update_adv_data(&req);
f14d8f64
MH		 4306 update_scan_rsp_data(&req);
4307 }
441ad2d0 4308
bba3aa55
MH		 4309 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags))
4310 enable_advertising(&req);
eeca6f89
JH		 4311 }
4312
70da6243
JH		 4313 link_sec = test_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
4314 if (link_sec != test_bit(HCI_AUTH, &hdev->flags))
890ea898
JH		 4315 hci_req_add(&req, HCI_OP_WRITE_AUTH_ENABLE,
4316 sizeof(link_sec), &link_sec);
562fcc24 4317
70da6243 4318 if (lmp_bredr_capable(hdev)) {
56f87901
JH		 4319 if (test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
4320 set_bredr_scan(&req);
890ea898 4321 update_class(&req);
13928971 4322 update_name(&req);
890ea898 4323 update_eir(&req);
70da6243 4324 }
562fcc24 4325
229ab39c 4326 return hci_req_run(&req, powered_complete);
70da6243 4327}
562fcc24 4328
70da6243
JH		 4329int mgmt_powered(struct hci_dev *hdev, u8 powered)
4330{
4331 struct cmd_lookup match = { NULL, hdev };
229ab39c
JH		 4332 u8 status_not_powered = MGMT_STATUS_NOT_POWERED;
4333 u8 zero_cod[] = { 0, 0, 0 };
70da6243 4334 int err;
f0ff92fb 4335
70da6243
JH		 4336 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
4337 return 0;
4338
70da6243 4339 if (powered) {
229ab39c
JH		 4340 if (powered_update_hci(hdev) == 0)
4341 return 0;
fe038884 4342
229ab39c
JH		 4343 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp,
4344 &match);
4345 goto new_settings;
b24752fe
JH		 4346 }
4347
229ab39c
JH		 4348 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
4349 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status_not_powered);
4350
4351 if (memcmp(hdev->dev_class, zero_cod, sizeof(zero_cod)) != 0)
4352 mgmt_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev,
4353 zero_cod, sizeof(zero_cod), NULL);
4354
4355new_settings:
beadb2bd 4356 err = new_settings(hdev, match.sk);
eec8d2bc
JH		 4357
4358 if (match.sk)
4359 sock_put(match.sk);
4360
7bb895d6 4361 return err;
5add6af8 4362}
73f22f62 4363
3eec705e 4364void mgmt_set_powered_failed(struct hci_dev *hdev, int err)
96570ffc
JH		 4365{
4366 struct pending_cmd *cmd;
4367 u8 status;
4368
4369 cmd = mgmt_pending_find(MGMT_OP_SET_POWERED, hdev);
4370 if (!cmd)
3eec705e 4371 return;
96570ffc
JH		 4372
4373 if (err == -ERFKILL)
4374 status = MGMT_STATUS_RFKILLED;
4375 else
4376 status = MGMT_STATUS_FAILED;
4377
3eec705e 4378 cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_POWERED, status);
96570ffc
JH		 4379
4380 mgmt_pending_remove(cmd);
96570ffc
JH		 4381}
4382
d1967ff8
MH		 4383void mgmt_discoverable_timeout(struct hci_dev *hdev)
4384{
4385 struct hci_request req;
d1967ff8
MH		 4386
4387 hci_dev_lock(hdev);
4388
4389 /* When discoverable timeout triggers, then just make sure
4390 * the limited discoverable flag is cleared. Even in the case
4391 * of a timeout triggered from general discoverable, it is
4392 * safe to unconditionally clear the flag.
4393 */
4394 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
9a43e25f 4395 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
d1967ff8
MH		 4396
4397 hci_req_init(&req, hdev);
4b580614
JH		 4398 if (test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
4399 u8 scan = SCAN_PAGE;
4400 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE,
4401 sizeof(scan), &scan);
4402 }
d1967ff8 4403 update_class(&req);
9a43e25f 4404 update_adv_data(&req);
d1967ff8
MH		 4405 hci_req_run(&req, NULL);
4406
4407 hdev->discov_timeout = 0;
4408
9a43e25f
JH		 4409 new_settings(hdev, NULL);
4410
d1967ff8
MH		 4411 hci_dev_unlock(hdev);
4412}
4413
86a75645 4414void mgmt_discoverable(struct hci_dev *hdev, u8 discoverable)
73f22f62 4415{
86a75645 4416 bool changed;
73f22f62 4417
bfaf8c9f
JH		 4418 /* Nothing needed here if there's a pending command since that
4419 * commands request completion callback takes care of everything
4420 * necessary.
4421 */
4422 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev))
86a75645 4423 return;
bfaf8c9f 4424
9a43e25f 4425 if (discoverable) {
86a75645 4426 changed = !test_and_set_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
9a43e25f
JH		 4427 } else {
4428 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
86a75645 4429 changed = test_and_clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
9a43e25f
JH		 4430 }
4431
4432 if (changed) {
4433 struct hci_request req;
4434
4435 /* In case this change in discoverable was triggered by
4436 * a disabling of connectable there could be a need to
4437 * update the advertising flags.
4438 */
4439 hci_req_init(&req, hdev);
4440 update_adv_data(&req);
4441 hci_req_run(&req, NULL);
73f22f62 4442
86a75645 4443 new_settings(hdev, NULL);
9a43e25f 4444 }
73f22f62 4445}
9fbcbb45 4446
a330916c 4447void mgmt_connectable(struct hci_dev *hdev, u8 connectable)
9fbcbb45 4448{
a330916c 4449 bool changed;
9fbcbb45 4450
d7b856f9
JH		 4451 /* Nothing needed here if there's a pending command since that
4452 * commands request completion callback takes care of everything
4453 * necessary.
4454 */
4455 if (mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev))
a330916c 4456 return;
d7b856f9 4457
a330916c
MH		 4458 if (connectable)
4459 changed = !test_and_set_bit(HCI_CONNECTABLE, &hdev->dev_flags);
4460 else
4461 changed = test_and_clear_bit(HCI_CONNECTABLE, &hdev->dev_flags);
9fbcbb45 4462
beadb2bd 4463 if (changed)
a330916c 4464 new_settings(hdev, NULL);
9fbcbb45 4465}
55ed8ca1 4466
4796e8af 4467void mgmt_write_scan_failed(struct hci_dev *hdev, u8 scan, u8 status)
2d7cee58 4468{
ca69b795
JH		 4469 u8 mgmt_err = mgmt_status(status);
4470
2d7cee58 4471 if (scan & SCAN_PAGE)
744cf19e 4472 mgmt_pending_foreach(MGMT_OP_SET_CONNECTABLE, hdev,
04124681 4473 cmd_status_rsp, &mgmt_err);
2d7cee58
JH		 4474
4475 if (scan & SCAN_INQUIRY)
744cf19e 4476 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, hdev,
04124681 4477 cmd_status_rsp, &mgmt_err);
2d7cee58
JH		 4478}
4479
dc4a5ee2
MH		 4480void mgmt_new_link_key(struct hci_dev *hdev, struct link_key *key,
4481 bool persistent)
55ed8ca1 4482{
86742e1e 4483 struct mgmt_ev_new_link_key ev;
55ed8ca1 4484
a492cd52 4485 memset(&ev, 0, sizeof(ev));
55ed8ca1 4486
a492cd52 4487 ev.store_hint = persistent;
d753fdc4 4488 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
591f47f3 4489 ev.key.addr.type = BDADDR_BREDR;
a492cd52 4490 ev.key.type = key->type;
9b3b4460 4491 memcpy(ev.key.val, key->val, HCI_LINK_KEY_SIZE);
a492cd52 4492 ev.key.pin_len = key->pin_len;
55ed8ca1 4493
dc4a5ee2 4494 mgmt_event(MGMT_EV_NEW_LINK_KEY, hdev, &ev, sizeof(ev), NULL);
55ed8ca1 4495}
f7520543 4496
083368f7 4497void mgmt_new_ltk(struct hci_dev *hdev, struct smp_ltk *key, u8 persistent)
346af67b
VCG		 4498{
4499 struct mgmt_ev_new_long_term_key ev;
4500
4501 memset(&ev, 0, sizeof(ev));
4502
4503 ev.store_hint = persistent;
4504 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
57c1477c 4505 ev.key.addr.type = link_to_bdaddr(LE_LINK, key->bdaddr_type);
346af67b
VCG		 4506 ev.key.authenticated = key->authenticated;
4507 ev.key.enc_size = key->enc_size;
4508 ev.key.ediv = key->ediv;
4509
4510 if (key->type == HCI_SMP_LTK)
4511 ev.key.master = 1;
4512
4513 memcpy(ev.key.rand, key->rand, sizeof(key->rand));
4514 memcpy(ev.key.val, key->val, sizeof(key->val));
4515
083368f7 4516 mgmt_event(MGMT_EV_NEW_LONG_TERM_KEY, hdev, &ev, sizeof(ev), NULL);
346af67b
VCG		 4517}
4518
94933991
MH		 4519static inline u16 eir_append_data(u8 *eir, u16 eir_len, u8 type, u8 *data,
4520 u8 data_len)
4521{
4522 eir[eir_len++] = sizeof(type) + data_len;
4523 eir[eir_len++] = type;
4524 memcpy(&eir[eir_len], data, data_len);
4525 eir_len += data_len;
4526
4527 return eir_len;
4528}
4529
ecd90ae7
MH		 4530void mgmt_device_connected(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
4531 u8 addr_type, u32 flags, u8 *name, u8 name_len,
4532 u8 *dev_class)
f7520543 4533{
b644ba33
JH		 4534 char buf[512];
4535 struct mgmt_ev_device_connected *ev = (void *) buf;
4536 u16 eir_len = 0;
f7520543 4537
b644ba33 4538 bacpy(&ev->addr.bdaddr, bdaddr);
57c1477c 4539 ev->addr.type = link_to_bdaddr(link_type, addr_type);
f7520543 4540
c95f0ba7 4541 ev->flags = __cpu_to_le32(flags);
08c79b61 4542
b644ba33
JH		 4543 if (name_len > 0)
4544 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE,
04124681 4545 name, name_len);
b644ba33
JH		 4546
4547 if (dev_class && memcmp(dev_class, "\0\0\0", 3) != 0)
53156385 4548 eir_len = eir_append_data(ev->eir, eir_len,
04124681 4549 EIR_CLASS_OF_DEV, dev_class, 3);
b644ba33 4550
eb55ef07 4551 ev->eir_len = cpu_to_le16(eir_len);
b644ba33 4552
ecd90ae7
MH		 4553 mgmt_event(MGMT_EV_DEVICE_CONNECTED, hdev, buf,
4554 sizeof(*ev) + eir_len, NULL);
f7520543
JH		 4555}
4556
8962ee74
JH		 4557static void disconnect_rsp(struct pending_cmd *cmd, void *data)
4558{
c68fb7ff 4559 struct mgmt_cp_disconnect *cp = cmd->param;
8962ee74 4560 struct sock **sk = data;
a38528f1 4561 struct mgmt_rp_disconnect rp;
8962ee74 4562
88c3df13
JH		 4563 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
4564 rp.addr.type = cp->addr.type;
8962ee74 4565
aee9b218 4566 cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT, 0, &rp,
04124681 4567 sizeof(rp));
8962ee74
JH		 4568
4569 *sk = cmd->sk;
4570 sock_hold(*sk);
4571
a664b5bc 4572 mgmt_pending_remove(cmd);
8962ee74
JH		 4573}
4574
124f6e35 4575static void unpair_device_rsp(struct pending_cmd *cmd, void *data)
a8a1d19e 4576{
b1078ad0 4577 struct hci_dev *hdev = data;
124f6e35
JH		 4578 struct mgmt_cp_unpair_device *cp = cmd->param;
4579 struct mgmt_rp_unpair_device rp;
a8a1d19e
JH		 4580
4581 memset(&rp, 0, sizeof(rp));
124f6e35
JH		 4582 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
4583 rp.addr.type = cp->addr.type;
a8a1d19e 4584
b1078ad0
JH		 4585 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, cmd->sk);
4586
aee9b218 4587 cmd_complete(cmd->sk, cmd->index, cmd->opcode, 0, &rp, sizeof(rp));
a8a1d19e
JH		 4588
4589 mgmt_pending_remove(cmd);
4590}
4591
9b80ec5e
MH		 4592void mgmt_device_disconnected(struct hci_dev *hdev, bdaddr_t *bdaddr,
4593 u8 link_type, u8 addr_type, u8 reason)
f7520543 4594{
f0d6a0ea 4595 struct mgmt_ev_device_disconnected ev;
8962ee74 4596 struct sock *sk = NULL;
8962ee74 4597
744cf19e 4598 mgmt_pending_foreach(MGMT_OP_DISCONNECT, hdev, disconnect_rsp, &sk);
f7520543 4599
f0d6a0ea
MA		 4600 bacpy(&ev.addr.bdaddr, bdaddr);
4601 ev.addr.type = link_to_bdaddr(link_type, addr_type);
4602 ev.reason = reason;
f7520543 4603
9b80ec5e 4604 mgmt_event(MGMT_EV_DEVICE_DISCONNECTED, hdev, &ev, sizeof(ev), sk);
8962ee74
JH		 4605
4606 if (sk)
d97dcb66 4607 sock_put(sk);
8962ee74 4608
124f6e35 4609 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
04124681 4610 hdev);
8962ee74
JH		 4611}
4612
7892924c
MH		 4613void mgmt_disconnect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr,
4614 u8 link_type, u8 addr_type, u8 status)
8962ee74 4615{
88c3df13 4616 struct mgmt_rp_disconnect rp;
8962ee74 4617 struct pending_cmd *cmd;
8962ee74 4618
36a75f1b
JD		 4619 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
4620 hdev);
4621
2e58ef3e 4622 cmd = mgmt_pending_find(MGMT_OP_DISCONNECT, hdev);
8962ee74 4623 if (!cmd)
7892924c 4624 return;
8962ee74 4625
88c3df13 4626 bacpy(&rp.addr.bdaddr, bdaddr);
57c1477c 4627 rp.addr.type = link_to_bdaddr(link_type, addr_type);
37d9ef76 4628
7892924c
MH		 4629 cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT,
4630 mgmt_status(status), &rp, sizeof(rp));
8962ee74 4631
a664b5bc 4632 mgmt_pending_remove(cmd);
f7520543 4633}
17d5c04c 4634
445608d0
MH		 4635void mgmt_connect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
4636 u8 addr_type, u8 status)
17d5c04c
JH		 4637{
4638 struct mgmt_ev_connect_failed ev;
4639
4c659c39 4640 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 4641 ev.addr.type = link_to_bdaddr(link_type, addr_type);
ca69b795 4642 ev.status = mgmt_status(status);
17d5c04c 4643
445608d0 4644 mgmt_event(MGMT_EV_CONNECT_FAILED, hdev, &ev, sizeof(ev), NULL);
17d5c04c 4645}
980e1a53 4646
ce0e4a0d 4647void mgmt_pin_code_request(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 secure)
980e1a53
JH		 4648{
4649 struct mgmt_ev_pin_code_request ev;
4650
d8457698 4651 bacpy(&ev.addr.bdaddr, bdaddr);
591f47f3 4652 ev.addr.type = BDADDR_BREDR;
a770bb5a 4653 ev.secure = secure;
980e1a53 4654
ce0e4a0d 4655 mgmt_event(MGMT_EV_PIN_CODE_REQUEST, hdev, &ev, sizeof(ev), NULL);
980e1a53
JH		 4656}
4657
e669cf80
MH		 4658void mgmt_pin_code_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
4659 u8 status)
980e1a53
JH		 4660{
4661 struct pending_cmd *cmd;
ac56fb13 4662 struct mgmt_rp_pin_code_reply rp;
980e1a53 4663
2e58ef3e 4664 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_REPLY, hdev);
980e1a53 4665 if (!cmd)
e669cf80 4666 return;
980e1a53 4667
d8457698 4668 bacpy(&rp.addr.bdaddr, bdaddr);
591f47f3 4669 rp.addr.type = BDADDR_BREDR;
ac56fb13 4670
e669cf80
MH		 4671 cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
4672 mgmt_status(status), &rp, sizeof(rp));
980e1a53 4673
a664b5bc 4674 mgmt_pending_remove(cmd);
980e1a53
JH		 4675}
4676
3eb38528
MH		 4677void mgmt_pin_code_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
4678 u8 status)
980e1a53
JH		 4679{
4680 struct pending_cmd *cmd;
ac56fb13 4681 struct mgmt_rp_pin_code_reply rp;
980e1a53 4682
2e58ef3e 4683 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_NEG_REPLY, hdev);
980e1a53 4684 if (!cmd)
3eb38528 4685 return;
980e1a53 4686
d8457698 4687 bacpy(&rp.addr.bdaddr, bdaddr);
591f47f3 4688 rp.addr.type = BDADDR_BREDR;
ac56fb13 4689
3eb38528
MH		 4690 cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_NEG_REPLY,
4691 mgmt_status(status), &rp, sizeof(rp));
980e1a53 4692
a664b5bc 4693 mgmt_pending_remove(cmd);
980e1a53 4694}
a5c29683 4695
744cf19e 4696int mgmt_user_confirm_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681
GP		 4697 u8 link_type, u8 addr_type, __le32 value,
4698 u8 confirm_hint)
a5c29683
JH		 4699{
4700 struct mgmt_ev_user_confirm_request ev;
4701
744cf19e 4702 BT_DBG("%s", hdev->name);
a5c29683 4703
272d90df 4704 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 4705 ev.addr.type = link_to_bdaddr(link_type, addr_type);
55bc1a37 4706 ev.confirm_hint = confirm_hint;
78e8098e 4707 ev.value = value;
a5c29683 4708
744cf19e 4709 return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST, hdev, &ev, sizeof(ev),
04124681 4710 NULL);
a5c29683
JH		 4711}
4712
272d90df 4713int mgmt_user_passkey_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
8ce8e2b5 4714 u8 link_type, u8 addr_type)
604086b7
BG		 4715{
4716 struct mgmt_ev_user_passkey_request ev;
4717
4718 BT_DBG("%s", hdev->name);
4719
272d90df 4720 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 4721 ev.addr.type = link_to_bdaddr(link_type, addr_type);
604086b7
BG		 4722
4723 return mgmt_event(MGMT_EV_USER_PASSKEY_REQUEST, hdev, &ev, sizeof(ev),
04124681 4724 NULL);
604086b7
BG		 4725}
4726
0df4c185 4727static int user_pairing_resp_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
8ce8e2b5
GP		 4728 u8 link_type, u8 addr_type, u8 status,
4729 u8 opcode)
a5c29683
JH		 4730{
4731 struct pending_cmd *cmd;
4732 struct mgmt_rp_user_confirm_reply rp;
4733 int err;
4734
2e58ef3e 4735 cmd = mgmt_pending_find(opcode, hdev);
a5c29683
JH		 4736 if (!cmd)
4737 return -ENOENT;
4738
272d90df 4739 bacpy(&rp.addr.bdaddr, bdaddr);
57c1477c 4740 rp.addr.type = link_to_bdaddr(link_type, addr_type);
aee9b218 4741 err = cmd_complete(cmd->sk, hdev->id, opcode, mgmt_status(status),
04124681 4742 &rp, sizeof(rp));
a5c29683 4743
a664b5bc 4744 mgmt_pending_remove(cmd);
a5c29683
JH		 4745
4746 return err;
4747}
4748
744cf19e 4749int mgmt_user_confirm_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 4750 u8 link_type, u8 addr_type, u8 status)
a5c29683 4751{
272d90df 4752 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
04124681 4753 status, MGMT_OP_USER_CONFIRM_REPLY);
a5c29683
JH		 4754}
4755
272d90df 4756int mgmt_user_confirm_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 4757 u8 link_type, u8 addr_type, u8 status)
a5c29683 4758{
272d90df 4759 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
8fc9ced3
GP		 4760 status,
4761 MGMT_OP_USER_CONFIRM_NEG_REPLY);
a5c29683 4762}
2a611692 4763
604086b7 4764int mgmt_user_passkey_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 4765 u8 link_type, u8 addr_type, u8 status)
604086b7 4766{
272d90df 4767 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
04124681 4768 status, MGMT_OP_USER_PASSKEY_REPLY);
604086b7
BG		 4769}
4770
272d90df 4771int mgmt_user_passkey_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 4772 u8 link_type, u8 addr_type, u8 status)
604086b7 4773{
272d90df 4774 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
8fc9ced3
GP		 4775 status,
4776 MGMT_OP_USER_PASSKEY_NEG_REPLY);
604086b7
BG		 4777}
4778
92a25256
JH		 4779int mgmt_user_passkey_notify(struct hci_dev *hdev, bdaddr_t *bdaddr,
4780 u8 link_type, u8 addr_type, u32 passkey,
4781 u8 entered)
4782{
4783 struct mgmt_ev_passkey_notify ev;
4784
4785 BT_DBG("%s", hdev->name);
4786
4787 bacpy(&ev.addr.bdaddr, bdaddr);
4788 ev.addr.type = link_to_bdaddr(link_type, addr_type);
4789 ev.passkey = __cpu_to_le32(passkey);
4790 ev.entered = entered;
4791
4792 return mgmt_event(MGMT_EV_PASSKEY_NOTIFY, hdev, &ev, sizeof(ev), NULL);
4793}
4794
e546099c
MH		 4795void mgmt_auth_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
4796 u8 addr_type, u8 status)
2a611692
JH		 4797{
4798 struct mgmt_ev_auth_failed ev;
4799
bab73cb6 4800 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 4801 ev.addr.type = link_to_bdaddr(link_type, addr_type);
ca69b795 4802 ev.status = mgmt_status(status);
2a611692 4803
e546099c 4804 mgmt_event(MGMT_EV_AUTH_FAILED, hdev, &ev, sizeof(ev), NULL);
2a611692 4805}
b312b161 4806
464996ae 4807void mgmt_auth_enable_complete(struct hci_dev *hdev, u8 status)
33ef95ed
JH		 4808{
4809 struct cmd_lookup match = { NULL, hdev };
464996ae 4810 bool changed;
33ef95ed
JH		 4811
4812 if (status) {
4813 u8 mgmt_err = mgmt_status(status);
4814 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev,
04124681 4815 cmd_status_rsp, &mgmt_err);
464996ae 4816 return;
33ef95ed
JH		 4817 }
4818
464996ae
MH		 4819 if (test_bit(HCI_AUTH, &hdev->flags))
4820 changed = !test_and_set_bit(HCI_LINK_SECURITY,
4821 &hdev->dev_flags);
4822 else
4823 changed = test_and_clear_bit(HCI_LINK_SECURITY,
4824 &hdev->dev_flags);
47990ea0 4825
33ef95ed 4826 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev, settings_rsp,
04124681 4827 &match);
33ef95ed 4828
47990ea0 4829 if (changed)
464996ae 4830 new_settings(hdev, match.sk);
33ef95ed
JH		 4831
4832 if (match.sk)
4833 sock_put(match.sk);
33ef95ed
JH		 4834}
4835
890ea898 4836static void clear_eir(struct hci_request *req)
cacaf52f 4837{
890ea898 4838 struct hci_dev *hdev = req->hdev;
cacaf52f
JH		 4839 struct hci_cp_write_eir cp;
4840
976eb20e 4841 if (!lmp_ext_inq_capable(hdev))
890ea898 4842 return;
cacaf52f 4843
c80da27e
JH		 4844 memset(hdev->eir, 0, sizeof(hdev->eir));
4845
cacaf52f
JH		 4846 memset(&cp, 0, sizeof(cp));
4847
890ea898 4848 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
cacaf52f
JH		 4849}
4850
3e248560 4851void mgmt_ssp_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
ed2c4ee3
JH		 4852{
4853 struct cmd_lookup match = { NULL, hdev };
890ea898 4854 struct hci_request req;
c0ecddc2 4855 bool changed = false;
ed2c4ee3
JH		 4856
4857 if (status) {
4858 u8 mgmt_err = mgmt_status(status);
c0ecddc2
JH		 4859
4860 if (enable && test_and_clear_bit(HCI_SSP_ENABLED,
9ecb3e24
MH		 4861 &hdev->dev_flags)) {
4862 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
3e248560 4863 new_settings(hdev, NULL);
9ecb3e24 4864 }
c0ecddc2 4865
04124681
GP		 4866 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, cmd_status_rsp,
4867 &mgmt_err);
3e248560 4868 return;
c0ecddc2
JH		 4869 }
4870
4871 if (enable) {
9ecb3e24 4872 changed = !test_and_set_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
c0ecddc2 4873 } else {
9ecb3e24
MH		 4874 changed = test_and_clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
4875 if (!changed)
4876 changed = test_and_clear_bit(HCI_HS_ENABLED,
4877 &hdev->dev_flags);
4878 else
4879 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
ed2c4ee3
JH		 4880 }
4881
4882 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, settings_rsp, &match);
4883
c0ecddc2 4884 if (changed)
3e248560 4885 new_settings(hdev, match.sk);
ed2c4ee3 4886
5fc6ebb1 4887 if (match.sk)
ed2c4ee3
JH		 4888 sock_put(match.sk);
4889
890ea898
JH		 4890 hci_req_init(&req, hdev);
4891
5fc6ebb1 4892 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
890ea898 4893 update_eir(&req);
5fc6ebb1 4894 else
890ea898
JH		 4895 clear_eir(&req);
4896
4897 hci_req_run(&req, NULL);
ed2c4ee3
JH		 4898}
4899
92da6097 4900static void sk_lookup(struct pending_cmd *cmd, void *data)
90e70454
JH		 4901{
4902 struct cmd_lookup *match = data;
4903
90e70454
JH		 4904 if (match->sk == NULL) {
4905 match->sk = cmd->sk;
4906 sock_hold(match->sk);
4907 }
90e70454
JH		 4908}
4909
4e1b0245
MH		 4910void mgmt_set_class_of_dev_complete(struct hci_dev *hdev, u8 *dev_class,
4911 u8 status)
7f9a903c 4912{
90e70454 4913 struct cmd_lookup match = { NULL, hdev, mgmt_status(status) };
7f9a903c 4914
92da6097
JH		 4915 mgmt_pending_foreach(MGMT_OP_SET_DEV_CLASS, hdev, sk_lookup, &match);
4916 mgmt_pending_foreach(MGMT_OP_ADD_UUID, hdev, sk_lookup, &match);
4917 mgmt_pending_foreach(MGMT_OP_REMOVE_UUID, hdev, sk_lookup, &match);
90e70454
JH		 4918
4919 if (!status)
4e1b0245
MH		 4920 mgmt_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev, dev_class, 3,
4921 NULL);
90e70454
JH		 4922
4923 if (match.sk)
4924 sock_put(match.sk);
7f9a903c
MH		 4925}
4926
7667da34 4927void mgmt_set_local_name_complete(struct hci_dev *hdev, u8 *name, u8 status)
b312b161 4928{
b312b161 4929 struct mgmt_cp_set_local_name ev;
13928971 4930 struct pending_cmd *cmd;
28cc7bde 4931
13928971 4932 if (status)
7667da34 4933 return;
b312b161
JH		 4934
4935 memset(&ev, 0, sizeof(ev));
4936 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH);
28cc7bde 4937 memcpy(ev.short_name, hdev->short_name, HCI_MAX_SHORT_NAME_LENGTH);
b312b161 4938
2e58ef3e 4939 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
13928971
JH		 4940 if (!cmd) {
4941 memcpy(hdev->dev_name, name, sizeof(hdev->dev_name));
28cc7bde 4942
13928971
JH		 4943 /* If this is a HCI command related to powering on the
4944 * HCI dev don't send any mgmt signals.
4945 */
4946 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev))
7667da34 4947 return;
890ea898 4948 }
b312b161 4949
7667da34
MH		 4950 mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, &ev, sizeof(ev),
4951 cmd ? cmd->sk : NULL);
b312b161 4952}
c35938b2 4953
3edaf092
MH		 4954void mgmt_read_local_oob_data_reply_complete(struct hci_dev *hdev, u8 *hash,
4955 u8 *randomizer, u8 status)
c35938b2
SJ		 4956{
4957 struct pending_cmd *cmd;
c35938b2 4958
744cf19e 4959 BT_DBG("%s status %u", hdev->name, status);
c35938b2 4960
2e58ef3e 4961 cmd = mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev);
c35938b2 4962 if (!cmd)
3edaf092 4963 return;
c35938b2
SJ		 4964
4965 if (status) {
3edaf092
MH		 4966 cmd_status(cmd->sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
4967 mgmt_status(status));
c35938b2
SJ		 4968 } else {
4969 struct mgmt_rp_read_local_oob_data rp;
4970
4971 memcpy(rp.hash, hash, sizeof(rp.hash));
4972 memcpy(rp.randomizer, randomizer, sizeof(rp.randomizer));
4973
3edaf092
MH		 4974 cmd_complete(cmd->sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
4975 0, &rp, sizeof(rp));
c35938b2
SJ		 4976 }
4977
4978 mgmt_pending_remove(cmd);
c35938b2 4979}
e17acd40 4980
901801b9
MH		 4981void mgmt_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
4982 u8 addr_type, u8 *dev_class, s8 rssi, u8 cfm_name, u8
4983 ssp, u8 *eir, u16 eir_len)
e17acd40 4984{
e319d2e7
JH		 4985 char buf[512];
4986 struct mgmt_ev_device_found *ev = (void *) buf;
1dc06093 4987 size_t ev_size;
e17acd40 4988
12602d0c 4989 if (!hci_discovery_active(hdev))
901801b9 4990 return;
12602d0c 4991
1dc06093
JH		 4992 /* Leave 5 bytes for a potential CoD field */
4993 if (sizeof(*ev) + eir_len + 5 > sizeof(buf))
901801b9 4994 return;
7d262f86 4995
1dc06093
JH		 4996 memset(buf, 0, sizeof(buf));
4997
e319d2e7 4998 bacpy(&ev->addr.bdaddr, bdaddr);
57c1477c 4999 ev->addr.type = link_to_bdaddr(link_type, addr_type);
e319d2e7 5000 ev->rssi = rssi;
9a395a80 5001 if (cfm_name)
612dfce9 5002 ev->flags |= __constant_cpu_to_le32(MGMT_DEV_FOUND_CONFIRM_NAME);
388fc8fa 5003 if (!ssp)
612dfce9 5004 ev->flags |= __constant_cpu_to_le32(MGMT_DEV_FOUND_LEGACY_PAIRING);
e17acd40 5005
1dc06093 5006 if (eir_len > 0)
e319d2e7 5007 memcpy(ev->eir, eir, eir_len);
e17acd40 5008
1dc06093
JH		 5009 if (dev_class && !eir_has_data_type(ev->eir, eir_len, EIR_CLASS_OF_DEV))
5010 eir_len = eir_append_data(ev->eir, eir_len, EIR_CLASS_OF_DEV,
04124681 5011 dev_class, 3);
1dc06093 5012
eb55ef07 5013 ev->eir_len = cpu_to_le16(eir_len);
1dc06093 5014 ev_size = sizeof(*ev) + eir_len;
f8523598 5015
901801b9 5016 mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, ev_size, NULL);
e17acd40 5017}
a88a9652 5018
9cf12aee
MH		 5019void mgmt_remote_name(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
5020 u8 addr_type, s8 rssi, u8 *name, u8 name_len)
a88a9652 5021{
b644ba33
JH		 5022 struct mgmt_ev_device_found *ev;
5023 char buf[sizeof(*ev) + HCI_MAX_NAME_LENGTH + 2];
5024 u16 eir_len;
a88a9652 5025
b644ba33 5026 ev = (struct mgmt_ev_device_found *) buf;
a88a9652 5027
b644ba33
JH		 5028 memset(buf, 0, sizeof(buf));
5029
5030 bacpy(&ev->addr.bdaddr, bdaddr);
57c1477c 5031 ev->addr.type = link_to_bdaddr(link_type, addr_type);
b644ba33
JH		 5032 ev->rssi = rssi;
5033
5034 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE, name,
04124681 5035 name_len);
b644ba33 5036
eb55ef07 5037 ev->eir_len = cpu_to_le16(eir_len);
a88a9652 5038
9cf12aee 5039 mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, sizeof(*ev) + eir_len, NULL);
a88a9652 5040}
314b2381 5041
2f1e063b 5042void mgmt_discovering(struct hci_dev *hdev, u8 discovering)
314b2381 5043{
f963e8e9 5044 struct mgmt_ev_discovering ev;
164a6e78
JH		 5045 struct pending_cmd *cmd;
5046
343fb145
AG		 5047 BT_DBG("%s discovering %u", hdev->name, discovering);
5048
164a6e78 5049 if (discovering)
2e58ef3e 5050 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
164a6e78 5051 else
2e58ef3e 5052 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
164a6e78
JH		 5053
5054 if (cmd != NULL) {
f808e166
JH		 5055 u8 type = hdev->discovery.type;
5056
04124681
GP		 5057 cmd_complete(cmd->sk, hdev->id, cmd->opcode, 0, &type,
5058 sizeof(type));
164a6e78
JH		 5059 mgmt_pending_remove(cmd);
5060 }
5061
f963e8e9
JH		 5062 memset(&ev, 0, sizeof(ev));
5063 ev.type = hdev->discovery.type;
5064 ev.discovering = discovering;
5065
2f1e063b 5066 mgmt_event(MGMT_EV_DISCOVERING, hdev, &ev, sizeof(ev), NULL);
314b2381 5067}
5e762444 5068
88c1fe4b 5069int mgmt_device_blocked(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
5e762444
AJ		 5070{
5071 struct pending_cmd *cmd;
5072 struct mgmt_ev_device_blocked ev;
5073
2e58ef3e 5074 cmd = mgmt_pending_find(MGMT_OP_BLOCK_DEVICE, hdev);
5e762444 5075
88c1fe4b
JH		 5076 bacpy(&ev.addr.bdaddr, bdaddr);
5077 ev.addr.type = type;
5e762444 5078
744cf19e 5079 return mgmt_event(MGMT_EV_DEVICE_BLOCKED, hdev, &ev, sizeof(ev),
04124681 5080 cmd ? cmd->sk : NULL);
5e762444
AJ		 5081}
5082
88c1fe4b 5083int mgmt_device_unblocked(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
5e762444
AJ		 5084{
5085 struct pending_cmd *cmd;
5086 struct mgmt_ev_device_unblocked ev;
5087
2e58ef3e 5088 cmd = mgmt_pending_find(MGMT_OP_UNBLOCK_DEVICE, hdev);
5e762444 5089
88c1fe4b
JH		 5090 bacpy(&ev.addr.bdaddr, bdaddr);
5091 ev.addr.type = type;
5e762444 5092
744cf19e 5093 return mgmt_event(MGMT_EV_DEVICE_UNBLOCKED, hdev, &ev, sizeof(ev),
04124681 5094 cmd ? cmd->sk : NULL);
5e762444 5095}
5976e608
MH		 5096
5097static void adv_enable_complete(struct hci_dev *hdev, u8 status)
5098{
5099 BT_DBG("%s status %u", hdev->name, status);
5100
5101 /* Clear the advertising mgmt setting if we failed to re-enable it */
5102 if (status) {
5103 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
a6d811ed 5104 new_settings(hdev, NULL);
5976e608
MH		 5105 }
5106}
5107
5108void mgmt_reenable_advertising(struct hci_dev *hdev)
5109{
5110 struct hci_request req;
5111
b145edcd 5112 if (hci_conn_num(hdev, LE_LINK) > 0)
5976e608
MH		 5113 return;
5114
5115 if (!test_bit(HCI_ADVERTISING, &hdev->dev_flags))
5116 return;
5117
5118 hci_req_init(&req, hdev);
5119 enable_advertising(&req);
5120
5121 /* If this fails we have no option but to let user space know
5122 * that we've disabled advertising.
5123 */
5124 if (hci_req_run(&req, adv_enable_complete) < 0) {
5125 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
a6d811ed 5126 new_settings(hdev, NULL);
5976e608
MH		 5127 }
5128}
Linux 6.x block layer and io_uring tree(s)