projects / linux-2.6-block.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Bluetooth: Make it clear that disabling LE disables advertising
[linux-2.6-block.git] / net / bluetooth / mgmt.c
CommitLineData
0381101f
JH		 1/*
2 BlueZ - Bluetooth protocol stack for Linux
ea585ab5 3
0381101f 4 Copyright (C) 2010 Nokia Corporation
ea585ab5 5 Copyright (C) 2011-2012 Intel Corporation
0381101f
JH		 6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
10
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
23*/
24
25/* Bluetooth HCI Management interface */
26
3a9a231d 27#include <linux/module.h>
0381101f
JH		 28#include <asm/unaligned.h>
29
30#include <net/bluetooth/bluetooth.h>
31#include <net/bluetooth/hci_core.h>
32#include <net/bluetooth/mgmt.h>
5fe57d9e 33#include <net/bluetooth/smp.h>
0381101f 34
2da9c55c 35#define MGMT_VERSION 1
9ab8cf37 36#define MGMT_REVISION 4
02d98129 37
e70bb2e8
JH		 38static const u16 mgmt_commands[] = {
39 MGMT_OP_READ_INDEX_LIST,
40 MGMT_OP_READ_INFO,
41 MGMT_OP_SET_POWERED,
42 MGMT_OP_SET_DISCOVERABLE,
43 MGMT_OP_SET_CONNECTABLE,
44 MGMT_OP_SET_FAST_CONNECTABLE,
45 MGMT_OP_SET_PAIRABLE,
46 MGMT_OP_SET_LINK_SECURITY,
47 MGMT_OP_SET_SSP,
48 MGMT_OP_SET_HS,
49 MGMT_OP_SET_LE,
50 MGMT_OP_SET_DEV_CLASS,
51 MGMT_OP_SET_LOCAL_NAME,
52 MGMT_OP_ADD_UUID,
53 MGMT_OP_REMOVE_UUID,
54 MGMT_OP_LOAD_LINK_KEYS,
55 MGMT_OP_LOAD_LONG_TERM_KEYS,
56 MGMT_OP_DISCONNECT,
57 MGMT_OP_GET_CONNECTIONS,
58 MGMT_OP_PIN_CODE_REPLY,
59 MGMT_OP_PIN_CODE_NEG_REPLY,
60 MGMT_OP_SET_IO_CAPABILITY,
61 MGMT_OP_PAIR_DEVICE,
62 MGMT_OP_CANCEL_PAIR_DEVICE,
63 MGMT_OP_UNPAIR_DEVICE,
64 MGMT_OP_USER_CONFIRM_REPLY,
65 MGMT_OP_USER_CONFIRM_NEG_REPLY,
66 MGMT_OP_USER_PASSKEY_REPLY,
67 MGMT_OP_USER_PASSKEY_NEG_REPLY,
68 MGMT_OP_READ_LOCAL_OOB_DATA,
69 MGMT_OP_ADD_REMOTE_OOB_DATA,
70 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
71 MGMT_OP_START_DISCOVERY,
72 MGMT_OP_STOP_DISCOVERY,
73 MGMT_OP_CONFIRM_NAME,
74 MGMT_OP_BLOCK_DEVICE,
75 MGMT_OP_UNBLOCK_DEVICE,
cdbaccca 76 MGMT_OP_SET_DEVICE_ID,
4375f103 77 MGMT_OP_SET_ADVERTISING,
0663ca2a 78 MGMT_OP_SET_BREDR,
d13eafce 79 MGMT_OP_SET_STATIC_ADDRESS,
e70bb2e8
JH		 80};
81
82static const u16 mgmt_events[] = {
83 MGMT_EV_CONTROLLER_ERROR,
84 MGMT_EV_INDEX_ADDED,
85 MGMT_EV_INDEX_REMOVED,
86 MGMT_EV_NEW_SETTINGS,
87 MGMT_EV_CLASS_OF_DEV_CHANGED,
88 MGMT_EV_LOCAL_NAME_CHANGED,
89 MGMT_EV_NEW_LINK_KEY,
90 MGMT_EV_NEW_LONG_TERM_KEY,
91 MGMT_EV_DEVICE_CONNECTED,
92 MGMT_EV_DEVICE_DISCONNECTED,
93 MGMT_EV_CONNECT_FAILED,
94 MGMT_EV_PIN_CODE_REQUEST,
95 MGMT_EV_USER_CONFIRM_REQUEST,
96 MGMT_EV_USER_PASSKEY_REQUEST,
97 MGMT_EV_AUTH_FAILED,
98 MGMT_EV_DEVICE_FOUND,
99 MGMT_EV_DISCOVERING,
100 MGMT_EV_DEVICE_BLOCKED,
101 MGMT_EV_DEVICE_UNBLOCKED,
102 MGMT_EV_DEVICE_UNPAIRED,
92a25256 103 MGMT_EV_PASSKEY_NOTIFY,
e70bb2e8
JH		 104};
105
17b02e62 106#define CACHE_TIMEOUT msecs_to_jiffies(2 * 1000)
7d78525d 107
4b34ee78
JH		 108#define hdev_is_powered(hdev) (test_bit(HCI_UP, &hdev->flags) && \
109 !test_bit(HCI_AUTO_OFF, &hdev->dev_flags))
110
eec8d2bc
JH		 111struct pending_cmd {
112 struct list_head list;
fc2f4b13 113 u16 opcode;
eec8d2bc 114 int index;
c68fb7ff 115 void *param;
eec8d2bc 116 struct sock *sk;
e9a416b5 117 void *user_data;
eec8d2bc
JH		 118};
119
ca69b795
JH		 120/* HCI to MGMT error code conversion table */
121static u8 mgmt_status_table[] = {
122 MGMT_STATUS_SUCCESS,
123 MGMT_STATUS_UNKNOWN_COMMAND, /* Unknown Command */
124 MGMT_STATUS_NOT_CONNECTED, /* No Connection */
125 MGMT_STATUS_FAILED, /* Hardware Failure */
126 MGMT_STATUS_CONNECT_FAILED, /* Page Timeout */
127 MGMT_STATUS_AUTH_FAILED, /* Authentication Failed */
128 MGMT_STATUS_NOT_PAIRED, /* PIN or Key Missing */
129 MGMT_STATUS_NO_RESOURCES, /* Memory Full */
130 MGMT_STATUS_TIMEOUT, /* Connection Timeout */
131 MGMT_STATUS_NO_RESOURCES, /* Max Number of Connections */
132 MGMT_STATUS_NO_RESOURCES, /* Max Number of SCO Connections */
133 MGMT_STATUS_ALREADY_CONNECTED, /* ACL Connection Exists */
134 MGMT_STATUS_BUSY, /* Command Disallowed */
135 MGMT_STATUS_NO_RESOURCES, /* Rejected Limited Resources */
136 MGMT_STATUS_REJECTED, /* Rejected Security */
137 MGMT_STATUS_REJECTED, /* Rejected Personal */
138 MGMT_STATUS_TIMEOUT, /* Host Timeout */
139 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Feature */
140 MGMT_STATUS_INVALID_PARAMS, /* Invalid Parameters */
141 MGMT_STATUS_DISCONNECTED, /* OE User Ended Connection */
142 MGMT_STATUS_NO_RESOURCES, /* OE Low Resources */
143 MGMT_STATUS_DISCONNECTED, /* OE Power Off */
144 MGMT_STATUS_DISCONNECTED, /* Connection Terminated */
145 MGMT_STATUS_BUSY, /* Repeated Attempts */
146 MGMT_STATUS_REJECTED, /* Pairing Not Allowed */
147 MGMT_STATUS_FAILED, /* Unknown LMP PDU */
148 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Remote Feature */
149 MGMT_STATUS_REJECTED, /* SCO Offset Rejected */
150 MGMT_STATUS_REJECTED, /* SCO Interval Rejected */
151 MGMT_STATUS_REJECTED, /* Air Mode Rejected */
152 MGMT_STATUS_INVALID_PARAMS, /* Invalid LMP Parameters */
153 MGMT_STATUS_FAILED, /* Unspecified Error */
154 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported LMP Parameter Value */
155 MGMT_STATUS_FAILED, /* Role Change Not Allowed */
156 MGMT_STATUS_TIMEOUT, /* LMP Response Timeout */
157 MGMT_STATUS_FAILED, /* LMP Error Transaction Collision */
158 MGMT_STATUS_FAILED, /* LMP PDU Not Allowed */
159 MGMT_STATUS_REJECTED, /* Encryption Mode Not Accepted */
160 MGMT_STATUS_FAILED, /* Unit Link Key Used */
161 MGMT_STATUS_NOT_SUPPORTED, /* QoS Not Supported */
162 MGMT_STATUS_TIMEOUT, /* Instant Passed */
163 MGMT_STATUS_NOT_SUPPORTED, /* Pairing Not Supported */
164 MGMT_STATUS_FAILED, /* Transaction Collision */
165 MGMT_STATUS_INVALID_PARAMS, /* Unacceptable Parameter */
166 MGMT_STATUS_REJECTED, /* QoS Rejected */
167 MGMT_STATUS_NOT_SUPPORTED, /* Classification Not Supported */
168 MGMT_STATUS_REJECTED, /* Insufficient Security */
169 MGMT_STATUS_INVALID_PARAMS, /* Parameter Out Of Range */
170 MGMT_STATUS_BUSY, /* Role Switch Pending */
171 MGMT_STATUS_FAILED, /* Slot Violation */
172 MGMT_STATUS_FAILED, /* Role Switch Failed */
173 MGMT_STATUS_INVALID_PARAMS, /* EIR Too Large */
174 MGMT_STATUS_NOT_SUPPORTED, /* Simple Pairing Not Supported */
175 MGMT_STATUS_BUSY, /* Host Busy Pairing */
176 MGMT_STATUS_REJECTED, /* Rejected, No Suitable Channel */
177 MGMT_STATUS_BUSY, /* Controller Busy */
178 MGMT_STATUS_INVALID_PARAMS, /* Unsuitable Connection Interval */
179 MGMT_STATUS_TIMEOUT, /* Directed Advertising Timeout */
180 MGMT_STATUS_AUTH_FAILED, /* Terminated Due to MIC Failure */
181 MGMT_STATUS_CONNECT_FAILED, /* Connection Establishment Failed */
182 MGMT_STATUS_CONNECT_FAILED, /* MAC Connection Failed */
183};
184
bb4b2a9a
AE		 185bool mgmt_valid_hdev(struct hci_dev *hdev)
186{
187 return hdev->dev_type == HCI_BREDR;
188}
189
ca69b795
JH		 190static u8 mgmt_status(u8 hci_status)
191{
192 if (hci_status < ARRAY_SIZE(mgmt_status_table))
193 return mgmt_status_table[hci_status];
194
195 return MGMT_STATUS_FAILED;
196}
197
4e51eae9 198static int cmd_status(struct sock *sk, u16 index, u16 cmd, u8 status)
f7b64e69
JH		 199{
200 struct sk_buff *skb;
201 struct mgmt_hdr *hdr;
202 struct mgmt_ev_cmd_status *ev;
56b7d137 203 int err;
f7b64e69 204
34eb525c 205 BT_DBG("sock %p, index %u, cmd %u, status %u", sk, index, cmd, status);
f7b64e69 206
790eff44 207 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev), GFP_KERNEL);
f7b64e69
JH		 208 if (!skb)
209 return -ENOMEM;
210
211 hdr = (void *) skb_put(skb, sizeof(*hdr));
212
612dfce9 213 hdr->opcode = __constant_cpu_to_le16(MGMT_EV_CMD_STATUS);
4e51eae9 214 hdr->index = cpu_to_le16(index);
f7b64e69
JH		 215 hdr->len = cpu_to_le16(sizeof(*ev));
216
217 ev = (void *) skb_put(skb, sizeof(*ev));
218 ev->status = status;
eb55ef07 219 ev->opcode = cpu_to_le16(cmd);
f7b64e69 220
56b7d137
GP		 221 err = sock_queue_rcv_skb(sk, skb);
222 if (err < 0)
f7b64e69
JH		 223 kfree_skb(skb);
224
56b7d137 225 return err;
f7b64e69
JH		 226}
227
aee9b218 228static int cmd_complete(struct sock *sk, u16 index, u16 cmd, u8 status,
04124681 229 void *rp, size_t rp_len)
02d98129
JH		 230{
231 struct sk_buff *skb;
232 struct mgmt_hdr *hdr;
233 struct mgmt_ev_cmd_complete *ev;
56b7d137 234 int err;
02d98129
JH		 235
236 BT_DBG("sock %p", sk);
237
790eff44 238 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev) + rp_len, GFP_KERNEL);
02d98129
JH		 239 if (!skb)
240 return -ENOMEM;
241
242 hdr = (void *) skb_put(skb, sizeof(*hdr));
02d98129 243
612dfce9 244 hdr->opcode = __constant_cpu_to_le16(MGMT_EV_CMD_COMPLETE);
4e51eae9 245 hdr->index = cpu_to_le16(index);
a38528f1 246 hdr->len = cpu_to_le16(sizeof(*ev) + rp_len);
02d98129 247
a38528f1 248 ev = (void *) skb_put(skb, sizeof(*ev) + rp_len);
eb55ef07 249 ev->opcode = cpu_to_le16(cmd);
aee9b218 250 ev->status = status;
8020c16a
SJ		 251
252 if (rp)
253 memcpy(ev->data, rp, rp_len);
02d98129 254
56b7d137
GP		 255 err = sock_queue_rcv_skb(sk, skb);
256 if (err < 0)
02d98129
JH		 257 kfree_skb(skb);
258
e5f0e151 259 return err;
02d98129
JH		 260}
261
04124681
GP		 262static int read_version(struct sock *sk, struct hci_dev *hdev, void *data,
263 u16 data_len)
a38528f1
JH		 264{
265 struct mgmt_rp_read_version rp;
266
267 BT_DBG("sock %p", sk);
268
269 rp.version = MGMT_VERSION;
eb55ef07 270 rp.revision = __constant_cpu_to_le16(MGMT_REVISION);
a38528f1 271
aee9b218 272 return cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_VERSION, 0, &rp,
04124681 273 sizeof(rp));
a38528f1
JH		 274}
275
04124681
GP		 276static int read_commands(struct sock *sk, struct hci_dev *hdev, void *data,
277 u16 data_len)
e70bb2e8
JH		 278{
279 struct mgmt_rp_read_commands *rp;
eb55ef07
MH		 280 const u16 num_commands = ARRAY_SIZE(mgmt_commands);
281 const u16 num_events = ARRAY_SIZE(mgmt_events);
2e3c35ea 282 __le16 *opcode;
e70bb2e8
JH		 283 size_t rp_size;
284 int i, err;
285
286 BT_DBG("sock %p", sk);
287
288 rp_size = sizeof(*rp) + ((num_commands + num_events) * sizeof(u16));
289
290 rp = kmalloc(rp_size, GFP_KERNEL);
291 if (!rp)
292 return -ENOMEM;
293
eb55ef07
MH		 294 rp->num_commands = __constant_cpu_to_le16(num_commands);
295 rp->num_events = __constant_cpu_to_le16(num_events);
e70bb2e8
JH		 296
297 for (i = 0, opcode = rp->opcodes; i < num_commands; i++, opcode++)
298 put_unaligned_le16(mgmt_commands[i], opcode);
299
300 for (i = 0; i < num_events; i++, opcode++)
301 put_unaligned_le16(mgmt_events[i], opcode);
302
aee9b218 303 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_COMMANDS, 0, rp,
04124681 304 rp_size);
e70bb2e8
JH		 305 kfree(rp);
306
307 return err;
308}
309
04124681
GP		 310static int read_index_list(struct sock *sk, struct hci_dev *hdev, void *data,
311 u16 data_len)
faba42eb 312{
faba42eb 313 struct mgmt_rp_read_index_list *rp;
8035ded4 314 struct hci_dev *d;
a38528f1 315 size_t rp_len;
faba42eb 316 u16 count;
476e44cb 317 int err;
faba42eb
JH		 318
319 BT_DBG("sock %p", sk);
320
321 read_lock(&hci_dev_list_lock);
322
323 count = 0;
bb4b2a9a
AE		 324 list_for_each_entry(d, &hci_dev_list, list) {
325 if (!mgmt_valid_hdev(d))
326 continue;
327
faba42eb
JH		 328 count++;
329 }
330
a38528f1
JH		 331 rp_len = sizeof(*rp) + (2 * count);
332 rp = kmalloc(rp_len, GFP_ATOMIC);
333 if (!rp) {
b2c60d42 334 read_unlock(&hci_dev_list_lock);
faba42eb 335 return -ENOMEM;
b2c60d42 336 }
faba42eb 337
476e44cb 338 count = 0;
8035ded4 339 list_for_each_entry(d, &hci_dev_list, list) {
a8b2d5c2 340 if (test_bit(HCI_SETUP, &d->dev_flags))
ab81cbf9
JH		 341 continue;
342
0736cfa8
MH		 343 if (test_bit(HCI_USER_CHANNEL, &d->dev_flags))
344 continue;
345
bb4b2a9a
AE		 346 if (!mgmt_valid_hdev(d))
347 continue;
348
476e44cb 349 rp->index[count++] = cpu_to_le16(d->id);
faba42eb
JH		 350 BT_DBG("Added hci%u", d->id);
351 }
352
476e44cb
JH		 353 rp->num_controllers = cpu_to_le16(count);
354 rp_len = sizeof(*rp) + (2 * count);
355
faba42eb
JH		 356 read_unlock(&hci_dev_list_lock);
357
aee9b218 358 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_INDEX_LIST, 0, rp,
04124681 359 rp_len);
faba42eb 360
a38528f1
JH		 361 kfree(rp);
362
363 return err;
faba42eb
JH		 364}
365
69ab39ea
JH		 366static u32 get_supported_settings(struct hci_dev *hdev)
367{
368 u32 settings = 0;
369
370 settings |= MGMT_SETTING_POWERED;
69ab39ea
JH		 371 settings |= MGMT_SETTING_PAIRABLE;
372
9a1a1996 373 if (lmp_ssp_capable(hdev))
69ab39ea
JH		 374 settings |= MGMT_SETTING_SSP;
375
ed3fa31f 376 if (lmp_bredr_capable(hdev)) {
33c525c0 377 settings |= MGMT_SETTING_CONNECTABLE;
1a47aee8
JH		 378 if (hdev->hci_ver >= BLUETOOTH_VER_1_2)
379 settings |= MGMT_SETTING_FAST_CONNECTABLE;
33c525c0 380 settings |= MGMT_SETTING_DISCOVERABLE;
69ab39ea
JH		 381 settings |= MGMT_SETTING_BREDR;
382 settings |= MGMT_SETTING_LINK_SECURITY;
d7b7e796 383 settings |= MGMT_SETTING_HS;
848566b3 384 }
d7b7e796 385
eeca6f89 386 if (lmp_le_capable(hdev)) {
9d42820f 387 settings |= MGMT_SETTING_LE;
eeca6f89
JH		 388 settings |= MGMT_SETTING_ADVERTISING;
389 }
69ab39ea
JH		 390
391 return settings;
392}
393
394static u32 get_current_settings(struct hci_dev *hdev)
395{
396 u32 settings = 0;
397
f1f0eb02 398 if (hdev_is_powered(hdev))
f0d4b78a
MH		 399 settings |= MGMT_SETTING_POWERED;
400
5e5282bb 401 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
69ab39ea
JH		 402 settings |= MGMT_SETTING_CONNECTABLE;
403
1a4d3c4b
JH		 404 if (test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags))
405 settings |= MGMT_SETTING_FAST_CONNECTABLE;
406
5e5282bb 407 if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
69ab39ea
JH		 408 settings |= MGMT_SETTING_DISCOVERABLE;
409
a8b2d5c2 410 if (test_bit(HCI_PAIRABLE, &hdev->dev_flags))
69ab39ea
JH		 411 settings |= MGMT_SETTING_PAIRABLE;
412
56f87901 413 if (test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
69ab39ea
JH		 414 settings |= MGMT_SETTING_BREDR;
415
06199cf8 416 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
69ab39ea
JH		 417 settings |= MGMT_SETTING_LE;
418
47990ea0 419 if (test_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
69ab39ea
JH		 420 settings |= MGMT_SETTING_LINK_SECURITY;
421
84bde9d6 422 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
69ab39ea
JH		 423 settings |= MGMT_SETTING_SSP;
424
6d80dfd0
JH		 425 if (test_bit(HCI_HS_ENABLED, &hdev->dev_flags))
426 settings |= MGMT_SETTING_HS;
427
f3d3444a 428 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags))
eeca6f89
JH		 429 settings |= MGMT_SETTING_ADVERTISING;
430
69ab39ea
JH		 431 return settings;
432}
433
ef580372
JH		 434#define PNP_INFO_SVCLASS_ID 0x1200
435
213202ed
JH		 436static u8 *create_uuid16_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
437{
438 u8 *ptr = data, *uuids_start = NULL;
439 struct bt_uuid *uuid;
440
441 if (len < 4)
442 return ptr;
443
444 list_for_each_entry(uuid, &hdev->uuids, list) {
445 u16 uuid16;
446
447 if (uuid->size != 16)
448 continue;
449
450 uuid16 = get_unaligned_le16(&uuid->uuid[12]);
451 if (uuid16 < 0x1100)
452 continue;
453
454 if (uuid16 == PNP_INFO_SVCLASS_ID)
455 continue;
456
457 if (!uuids_start) {
458 uuids_start = ptr;
459 uuids_start[0] = 1;
460 uuids_start[1] = EIR_UUID16_ALL;
461 ptr += 2;
462 }
463
464 /* Stop if not enough space to put next UUID */
465 if ((ptr - data) + sizeof(u16) > len) {
466 uuids_start[1] = EIR_UUID16_SOME;
467 break;
468 }
469
470 *ptr++ = (uuid16 & 0x00ff);
471 *ptr++ = (uuid16 & 0xff00) >> 8;
472 uuids_start[0] += sizeof(uuid16);
473 }
474
475 return ptr;
476}
477
cdf1963f
JH		 478static u8 *create_uuid32_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
479{
480 u8 *ptr = data, *uuids_start = NULL;
481 struct bt_uuid *uuid;
482
483 if (len < 6)
484 return ptr;
485
486 list_for_each_entry(uuid, &hdev->uuids, list) {
487 if (uuid->size != 32)
488 continue;
489
490 if (!uuids_start) {
491 uuids_start = ptr;
492 uuids_start[0] = 1;
493 uuids_start[1] = EIR_UUID32_ALL;
494 ptr += 2;
495 }
496
497 /* Stop if not enough space to put next UUID */
498 if ((ptr - data) + sizeof(u32) > len) {
499 uuids_start[1] = EIR_UUID32_SOME;
500 break;
501 }
502
503 memcpy(ptr, &uuid->uuid[12], sizeof(u32));
504 ptr += sizeof(u32);
505 uuids_start[0] += sizeof(u32);
506 }
507
508 return ptr;
509}
510
c00d575b
JH		 511static u8 *create_uuid128_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
512{
513 u8 *ptr = data, *uuids_start = NULL;
514 struct bt_uuid *uuid;
515
516 if (len < 18)
517 return ptr;
518
519 list_for_each_entry(uuid, &hdev->uuids, list) {
520 if (uuid->size != 128)
521 continue;
522
523 if (!uuids_start) {
524 uuids_start = ptr;
525 uuids_start[0] = 1;
526 uuids_start[1] = EIR_UUID128_ALL;
527 ptr += 2;
528 }
529
530 /* Stop if not enough space to put next UUID */
531 if ((ptr - data) + 16 > len) {
532 uuids_start[1] = EIR_UUID128_SOME;
533 break;
534 }
535
536 memcpy(ptr, uuid->uuid, 16);
537 ptr += 16;
538 uuids_start[0] += 16;
539 }
540
541 return ptr;
542}
543
ef580372
JH		 544static void create_eir(struct hci_dev *hdev, u8 *data)
545{
546 u8 *ptr = data;
ef580372
JH		 547 size_t name_len;
548
549 name_len = strlen(hdev->dev_name);
550
551 if (name_len > 0) {
552 /* EIR Data type */
553 if (name_len > 48) {
554 name_len = 48;
555 ptr[1] = EIR_NAME_SHORT;
556 } else
557 ptr[1] = EIR_NAME_COMPLETE;
558
559 /* EIR Data length */
560 ptr[0] = name_len + 1;
561
562 memcpy(ptr + 2, hdev->dev_name, name_len);
563
ef580372
JH		 564 ptr += (name_len + 2);
565 }
566
bbaf444a 567 if (hdev->inq_tx_power != HCI_TX_POWER_INVALID) {
91c4e9b1
MH		 568 ptr[0] = 2;
569 ptr[1] = EIR_TX_POWER;
570 ptr[2] = (u8) hdev->inq_tx_power;
571
91c4e9b1
MH		 572 ptr += 3;
573 }
574
2b9be137
MH		 575 if (hdev->devid_source > 0) {
576 ptr[0] = 9;
577 ptr[1] = EIR_DEVICE_ID;
578
579 put_unaligned_le16(hdev->devid_source, ptr + 2);
580 put_unaligned_le16(hdev->devid_vendor, ptr + 4);
581 put_unaligned_le16(hdev->devid_product, ptr + 6);
582 put_unaligned_le16(hdev->devid_version, ptr + 8);
583
2b9be137
MH		 584 ptr += 10;
585 }
586
213202ed 587 ptr = create_uuid16_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
cdf1963f 588 ptr = create_uuid32_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
c00d575b 589 ptr = create_uuid128_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
ef580372
JH		 590}
591
890ea898 592static void update_eir(struct hci_request *req)
ef580372 593{
890ea898 594 struct hci_dev *hdev = req->hdev;
ef580372
JH		 595 struct hci_cp_write_eir cp;
596
504c8dcd 597 if (!hdev_is_powered(hdev))
890ea898 598 return;
7770c4aa 599
976eb20e 600 if (!lmp_ext_inq_capable(hdev))
890ea898 601 return;
ef580372 602
84bde9d6 603 if (!test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
890ea898 604 return;
ef580372 605
a8b2d5c2 606 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
890ea898 607 return;
ef580372
JH		 608
609 memset(&cp, 0, sizeof(cp));
610
611 create_eir(hdev, cp.data);
612
613 if (memcmp(cp.data, hdev->eir, sizeof(cp.data)) == 0)
890ea898 614 return;
ef580372
JH		 615
616 memcpy(hdev->eir, cp.data, sizeof(cp.data));
617
890ea898 618 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
ef580372
JH		 619}
620
621static u8 get_service_classes(struct hci_dev *hdev)
622{
623 struct bt_uuid *uuid;
624 u8 val = 0;
625
626 list_for_each_entry(uuid, &hdev->uuids, list)
627 val |= uuid->svc_hint;
628
629 return val;
630}
631
890ea898 632static void update_class(struct hci_request *req)
ef580372 633{
890ea898 634 struct hci_dev *hdev = req->hdev;
ef580372
JH		 635 u8 cod[3];
636
637 BT_DBG("%s", hdev->name);
638
504c8dcd 639 if (!hdev_is_powered(hdev))
890ea898 640 return;
7770c4aa 641
a8b2d5c2 642 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
890ea898 643 return;
ef580372
JH		 644
645 cod[0] = hdev->minor_class;
646 cod[1] = hdev->major_class;
647 cod[2] = get_service_classes(hdev);
648
649 if (memcmp(cod, hdev->dev_class, 3) == 0)
890ea898 650 return;
ef580372 651
890ea898 652 hci_req_add(req, HCI_OP_WRITE_CLASS_OF_DEV, sizeof(cod), cod);
ef580372
JH		 653}
654
7d78525d
JH		 655static void service_cache_off(struct work_struct *work)
656{
657 struct hci_dev *hdev = container_of(work, struct hci_dev,
04124681 658 service_cache.work);
890ea898 659 struct hci_request req;
7d78525d 660
a8b2d5c2 661 if (!test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
7d78525d
JH		 662 return;
663
890ea898
JH		 664 hci_req_init(&req, hdev);
665
7d78525d
JH		 666 hci_dev_lock(hdev);
667
890ea898
JH		 668 update_eir(&req);
669 update_class(&req);
7d78525d
JH		 670
671 hci_dev_unlock(hdev);
890ea898
JH		 672
673 hci_req_run(&req, NULL);
7d78525d
JH		 674}
675
6a919082 676static void mgmt_init_hdev(struct sock *sk, struct hci_dev *hdev)
7d78525d 677{
4f87da80 678 if (test_and_set_bit(HCI_MGMT, &hdev->dev_flags))
6a919082
JH		 679 return;
680
4f87da80 681 INIT_DELAYED_WORK(&hdev->service_cache, service_cache_off);
7d78525d 682
4f87da80
JH		 683 /* Non-mgmt controlled devices get this bit set
684 * implicitly so that pairing works for them, however
685 * for mgmt we require user-space to explicitly enable
686 * it
687 */
688 clear_bit(HCI_PAIRABLE, &hdev->dev_flags);
7d78525d
JH		 689}
690
0f4e68cf 691static int read_controller_info(struct sock *sk, struct hci_dev *hdev,
04124681 692 void *data, u16 data_len)
0381101f 693{
a38528f1 694 struct mgmt_rp_read_info rp;
f7b64e69 695
bdb6d971 696 BT_DBG("sock %p %s", sk, hdev->name);
f7b64e69 697
09fd0de5 698 hci_dev_lock(hdev);
f7b64e69 699
dc4fe30b
JH		 700 memset(&rp, 0, sizeof(rp));
701
69ab39ea 702 bacpy(&rp.bdaddr, &hdev->bdaddr);
f7b64e69 703
69ab39ea 704 rp.version = hdev->hci_ver;
eb55ef07 705 rp.manufacturer = cpu_to_le16(hdev->manufacturer);
69ab39ea
JH		 706
707 rp.supported_settings = cpu_to_le32(get_supported_settings(hdev));
708 rp.current_settings = cpu_to_le32(get_current_settings(hdev));
f7b64e69 709
a38528f1 710 memcpy(rp.dev_class, hdev->dev_class, 3);
f7b64e69 711
dc4fe30b 712 memcpy(rp.name, hdev->dev_name, sizeof(hdev->dev_name));
27fcc362 713 memcpy(rp.short_name, hdev->short_name, sizeof(hdev->short_name));
dc4fe30b 714
09fd0de5 715 hci_dev_unlock(hdev);
0381101f 716
bdb6d971 717 return cmd_complete(sk, hdev->id, MGMT_OP_READ_INFO, 0, &rp,
04124681 718 sizeof(rp));
0381101f
JH		 719}
720
eec8d2bc
JH		 721static void mgmt_pending_free(struct pending_cmd *cmd)
722{
723 sock_put(cmd->sk);
c68fb7ff 724 kfree(cmd->param);
eec8d2bc
JH		 725 kfree(cmd);
726}
727
366a0336 728static struct pending_cmd *mgmt_pending_add(struct sock *sk, u16 opcode,
04124681
GP		 729 struct hci_dev *hdev, void *data,
730 u16 len)
eec8d2bc
JH		 731{
732 struct pending_cmd *cmd;
733
12b94565 734 cmd = kmalloc(sizeof(*cmd), GFP_KERNEL);
eec8d2bc 735 if (!cmd)
366a0336 736 return NULL;
eec8d2bc
JH		 737
738 cmd->opcode = opcode;
2e58ef3e 739 cmd->index = hdev->id;
eec8d2bc 740
12b94565 741 cmd->param = kmalloc(len, GFP_KERNEL);
c68fb7ff 742 if (!cmd->param) {
eec8d2bc 743 kfree(cmd);
366a0336 744 return NULL;
eec8d2bc
JH		 745 }
746
8fce6357
SJ		 747 if (data)
748 memcpy(cmd->param, data, len);
eec8d2bc
JH		 749
750 cmd->sk = sk;
751 sock_hold(sk);
752
2e58ef3e 753 list_add(&cmd->list, &hdev->mgmt_pending);
eec8d2bc 754
366a0336 755 return cmd;
eec8d2bc
JH		 756}
757
744cf19e 758static void mgmt_pending_foreach(u16 opcode, struct hci_dev *hdev,
8fc9ced3
GP		 759 void (*cb)(struct pending_cmd *cmd,
760 void *data),
04124681 761 void *data)
eec8d2bc 762{
a3d09356 763 struct pending_cmd *cmd, *tmp;
eec8d2bc 764
a3d09356 765 list_for_each_entry_safe(cmd, tmp, &hdev->mgmt_pending, list) {
b24752fe 766 if (opcode > 0 && cmd->opcode != opcode)
eec8d2bc
JH		 767 continue;
768
eec8d2bc
JH		 769 cb(cmd, data);
770 }
771}
772
2e58ef3e 773static struct pending_cmd *mgmt_pending_find(u16 opcode, struct hci_dev *hdev)
eec8d2bc 774{
8035ded4 775 struct pending_cmd *cmd;
eec8d2bc 776
2e58ef3e 777 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
2aeabcbe
JH		 778 if (cmd->opcode == opcode)
779 return cmd;
eec8d2bc
JH		 780 }
781
782 return NULL;
783}
784
a664b5bc 785static void mgmt_pending_remove(struct pending_cmd *cmd)
73f22f62 786{
73f22f62
JH		 787 list_del(&cmd->list);
788 mgmt_pending_free(cmd);
789}
790
69ab39ea 791static int send_settings_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
8680570b 792{
69ab39ea 793 __le32 settings = cpu_to_le32(get_current_settings(hdev));
8680570b 794
aee9b218 795 return cmd_complete(sk, hdev->id, opcode, 0, &settings,
04124681 796 sizeof(settings));
8680570b
JH		 797}
798
bdb6d971 799static int set_powered(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 800 u16 len)
eec8d2bc 801{
650f726d 802 struct mgmt_mode *cp = data;
366a0336 803 struct pending_cmd *cmd;
4b34ee78 804 int err;
eec8d2bc 805
bdb6d971 806 BT_DBG("request for %s", hdev->name);
eec8d2bc 807
a7e80f25
JH		 808 if (cp->val != 0x00 && cp->val != 0x01)
809 return cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
810 MGMT_STATUS_INVALID_PARAMS);
811
09fd0de5 812 hci_dev_lock(hdev);
eec8d2bc 813
87b95ba6
JH		 814 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev)) {
815 err = cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
816 MGMT_STATUS_BUSY);
817 goto failed;
818 }
819
f0d4b78a
MH		 820 if (test_and_clear_bit(HCI_AUTO_OFF, &hdev->dev_flags)) {
821 cancel_delayed_work(&hdev->power_off);
822
823 if (cp->val) {
a1d70450
JH		 824 mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev,
825 data, len);
826 err = mgmt_powered(hdev, 1);
f0d4b78a
MH		 827 goto failed;
828 }
829 }
830
4b34ee78 831 if (!!cp->val == hdev_is_powered(hdev)) {
69ab39ea 832 err = send_settings_rsp(sk, MGMT_OP_SET_POWERED, hdev);
eec8d2bc
JH		 833 goto failed;
834 }
835
2e58ef3e 836 cmd = mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev, data, len);
366a0336
JH		 837 if (!cmd) {
838 err = -ENOMEM;
eec8d2bc 839 goto failed;
366a0336 840 }
eec8d2bc 841
72a734ec 842 if (cp->val)
19202573 843 queue_work(hdev->req_workqueue, &hdev->power_on);
eec8d2bc 844 else
19202573 845 queue_work(hdev->req_workqueue, &hdev->power_off.work);
eec8d2bc 846
366a0336 847 err = 0;
eec8d2bc
JH		 848
849failed:
09fd0de5 850 hci_dev_unlock(hdev);
366a0336 851 return err;
eec8d2bc
JH		 852}
853
04124681
GP		 854static int mgmt_event(u16 event, struct hci_dev *hdev, void *data, u16 data_len,
855 struct sock *skip_sk)
beadb2bd
JH		 856{
857 struct sk_buff *skb;
858 struct mgmt_hdr *hdr;
859
790eff44 860 skb = alloc_skb(sizeof(*hdr) + data_len, GFP_KERNEL);
beadb2bd
JH		 861 if (!skb)
862 return -ENOMEM;
863
864 hdr = (void *) skb_put(skb, sizeof(*hdr));
865 hdr->opcode = cpu_to_le16(event);
866 if (hdev)
867 hdr->index = cpu_to_le16(hdev->id);
868 else
612dfce9 869 hdr->index = __constant_cpu_to_le16(MGMT_INDEX_NONE);
beadb2bd
JH		 870 hdr->len = cpu_to_le16(data_len);
871
872 if (data)
873 memcpy(skb_put(skb, data_len), data, data_len);
874
97e0bdeb
MH		 875 /* Time stamp */
876 __net_timestamp(skb);
877
beadb2bd
JH		 878 hci_send_to_control(skb, skip_sk);
879 kfree_skb(skb);
880
881 return 0;
882}
883
884static int new_settings(struct hci_dev *hdev, struct sock *skip)
885{
886 __le32 ev;
887
888 ev = cpu_to_le32(get_current_settings(hdev));
889
890 return mgmt_event(MGMT_EV_NEW_SETTINGS, hdev, &ev, sizeof(ev), skip);
891}
892
d2f5a196
JH		 893int mgmt_new_settings(struct hci_dev *hdev)
894{
895 return new_settings(hdev, NULL);
896}
897
bd99abdd
JH		 898struct cmd_lookup {
899 struct sock *sk;
900 struct hci_dev *hdev;
901 u8 mgmt_status;
902};
903
904static void settings_rsp(struct pending_cmd *cmd, void *data)
905{
906 struct cmd_lookup *match = data;
907
908 send_settings_rsp(cmd->sk, cmd->opcode, match->hdev);
909
910 list_del(&cmd->list);
911
912 if (match->sk == NULL) {
913 match->sk = cmd->sk;
914 sock_hold(match->sk);
915 }
916
917 mgmt_pending_free(cmd);
918}
919
920static void cmd_status_rsp(struct pending_cmd *cmd, void *data)
921{
922 u8 *status = data;
923
924 cmd_status(cmd->sk, cmd->index, cmd->opcode, *status);
925 mgmt_pending_remove(cmd);
926}
927
e6fe7986
JH		 928static u8 mgmt_bredr_support(struct hci_dev *hdev)
929{
930 if (!lmp_bredr_capable(hdev))
931 return MGMT_STATUS_NOT_SUPPORTED;
932 else if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
933 return MGMT_STATUS_REJECTED;
934 else
935 return MGMT_STATUS_SUCCESS;
936}
937
938static u8 mgmt_le_support(struct hci_dev *hdev)
939{
940 if (!lmp_le_capable(hdev))
941 return MGMT_STATUS_NOT_SUPPORTED;
942 else if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
943 return MGMT_STATUS_REJECTED;
944 else
945 return MGMT_STATUS_SUCCESS;
946}
947
bdb6d971 948static int set_discoverable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 949 u16 len)
73f22f62 950{
650f726d 951 struct mgmt_cp_set_discoverable *cp = data;
366a0336 952 struct pending_cmd *cmd;
5e5282bb 953 u16 timeout;
e6fe7986 954 u8 scan, status;
73f22f62
JH		 955 int err;
956
bdb6d971 957 BT_DBG("request for %s", hdev->name);
73f22f62 958
e6fe7986
JH		 959 status = mgmt_bredr_support(hdev);
960 if (status)
33c525c0 961 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
e6fe7986 962 status);
33c525c0 963
a7e80f25
JH		 964 if (cp->val != 0x00 && cp->val != 0x01)
965 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
966 MGMT_STATUS_INVALID_PARAMS);
967
1f350c87 968 timeout = __le16_to_cpu(cp->timeout);
24c54a90 969 if (!cp->val && timeout > 0)
bdb6d971 970 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 971 MGMT_STATUS_INVALID_PARAMS);
73f22f62 972
09fd0de5 973 hci_dev_lock(hdev);
73f22f62 974
5e5282bb 975 if (!hdev_is_powered(hdev) && timeout > 0) {
bdb6d971 976 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 977 MGMT_STATUS_NOT_POWERED);
73f22f62
JH		 978 goto failed;
979 }
980
2e58ef3e 981 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
8ce8e2b5 982 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
bdb6d971 983 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 984 MGMT_STATUS_BUSY);
73f22f62
JH		 985 goto failed;
986 }
987
5e5282bb 988 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags)) {
bdb6d971 989 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 990 MGMT_STATUS_REJECTED);
5e5282bb
JH		 991 goto failed;
992 }
993
994 if (!hdev_is_powered(hdev)) {
0224d2fa
JH		 995 bool changed = false;
996
997 if (!!cp->val != test_bit(HCI_DISCOVERABLE, &hdev->dev_flags)) {
998 change_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
999 changed = true;
1000 }
1001
5e5282bb 1002 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
0224d2fa
JH		 1003 if (err < 0)
1004 goto failed;
1005
1006 if (changed)
1007 err = new_settings(hdev, sk);
1008
5e5282bb
JH		 1009 goto failed;
1010 }
1011
1012 if (!!cp->val == test_bit(HCI_DISCOVERABLE, &hdev->dev_flags)) {
955638ec
MH		 1013 if (hdev->discov_timeout > 0) {
1014 cancel_delayed_work(&hdev->discov_off);
1015 hdev->discov_timeout = 0;
1016 }
1017
1018 if (cp->val && timeout > 0) {
1019 hdev->discov_timeout = timeout;
1020 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
1021 msecs_to_jiffies(hdev->discov_timeout * 1000));
1022 }
1023
69ab39ea 1024 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
73f22f62
JH		 1025 goto failed;
1026 }
1027
2e58ef3e 1028 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DISCOVERABLE, hdev, data, len);
366a0336
JH		 1029 if (!cmd) {
1030 err = -ENOMEM;
73f22f62 1031 goto failed;
366a0336 1032 }
73f22f62
JH		 1033
1034 scan = SCAN_PAGE;
1035
72a734ec 1036 if (cp->val)
73f22f62 1037 scan |= SCAN_INQUIRY;
16ab91ab 1038 else
e0f9309f 1039 cancel_delayed_work(&hdev->discov_off);
73f22f62
JH		 1040
1041 err = hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1042 if (err < 0)
a664b5bc 1043 mgmt_pending_remove(cmd);
73f22f62 1044
16ab91ab 1045 if (cp->val)
5e5282bb 1046 hdev->discov_timeout = timeout;
16ab91ab 1047
73f22f62 1048failed:
09fd0de5 1049 hci_dev_unlock(hdev);
73f22f62
JH		 1050 return err;
1051}
1052
406d7804
JH		 1053static void write_fast_connectable(struct hci_request *req, bool enable)
1054{
bd98b996 1055 struct hci_dev *hdev = req->hdev;
406d7804
JH		 1056 struct hci_cp_write_page_scan_activity acp;
1057 u8 type;
1058
4c01f8b8
JH		 1059 if (hdev->hci_ver < BLUETOOTH_VER_1_2)
1060 return;
1061
406d7804
JH		 1062 if (enable) {
1063 type = PAGE_SCAN_TYPE_INTERLACED;
1064
1065 /* 160 msec page scan interval */
1066 acp.interval = __constant_cpu_to_le16(0x0100);
1067 } else {
1068 type = PAGE_SCAN_TYPE_STANDARD; /* default */
1069
1070 /* default 1.28 sec page scan */
1071 acp.interval = __constant_cpu_to_le16(0x0800);
1072 }
1073
1074 acp.window = __constant_cpu_to_le16(0x0012);
1075
bd98b996
JH		 1076 if (__cpu_to_le16(hdev->page_scan_interval) != acp.interval ||
1077 __cpu_to_le16(hdev->page_scan_window) != acp.window)
1078 hci_req_add(req, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY,
1079 sizeof(acp), &acp);
1080
1081 if (hdev->page_scan_type != type)
1082 hci_req_add(req, HCI_OP_WRITE_PAGE_SCAN_TYPE, 1, &type);
406d7804
JH		 1083}
1084
2b76f453
JH		 1085static void set_connectable_complete(struct hci_dev *hdev, u8 status)
1086{
1087 struct pending_cmd *cmd;
1088
1089 BT_DBG("status 0x%02x", status);
1090
1091 hci_dev_lock(hdev);
1092
1093 cmd = mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
1094 if (!cmd)
1095 goto unlock;
1096
1097 send_settings_rsp(cmd->sk, MGMT_OP_SET_CONNECTABLE, hdev);
1098
1099 mgmt_pending_remove(cmd);
1100
1101unlock:
1102 hci_dev_unlock(hdev);
1103}
1104
bdb6d971 1105static int set_connectable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1106 u16 len)
9fbcbb45 1107{
650f726d 1108 struct mgmt_mode *cp = data;
366a0336 1109 struct pending_cmd *cmd;
2b76f453 1110 struct hci_request req;
e6fe7986 1111 u8 scan, status;
9fbcbb45
JH		 1112 int err;
1113
bdb6d971 1114 BT_DBG("request for %s", hdev->name);
9fbcbb45 1115
e6fe7986
JH		 1116 status = mgmt_bredr_support(hdev);
1117 if (status)
33c525c0 1118 return cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
e6fe7986 1119 status);
33c525c0 1120
a7e80f25
JH		 1121 if (cp->val != 0x00 && cp->val != 0x01)
1122 return cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1123 MGMT_STATUS_INVALID_PARAMS);
1124
09fd0de5 1125 hci_dev_lock(hdev);
9fbcbb45 1126
4b34ee78 1127 if (!hdev_is_powered(hdev)) {
0224d2fa
JH		 1128 bool changed = false;
1129
1130 if (!!cp->val != test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
1131 changed = true;
1132
6bf0e469 1133 if (cp->val) {
5e5282bb 1134 set_bit(HCI_CONNECTABLE, &hdev->dev_flags);
6bf0e469 1135 } else {
5e5282bb
JH		 1136 clear_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1137 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
1138 }
0224d2fa 1139
5e5282bb 1140 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
0224d2fa
JH		 1141 if (err < 0)
1142 goto failed;
1143
1144 if (changed)
1145 err = new_settings(hdev, sk);
1146
9fbcbb45
JH		 1147 goto failed;
1148 }
1149
2e58ef3e 1150 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
8ce8e2b5 1151 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
bdb6d971 1152 err = cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
04124681 1153 MGMT_STATUS_BUSY);
9fbcbb45
JH		 1154 goto failed;
1155 }
1156
5e5282bb 1157 if (!!cp->val == test_bit(HCI_PSCAN, &hdev->flags)) {
69ab39ea 1158 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
9fbcbb45
JH		 1159 goto failed;
1160 }
1161
2e58ef3e 1162 cmd = mgmt_pending_add(sk, MGMT_OP_SET_CONNECTABLE, hdev, data, len);
366a0336
JH		 1163 if (!cmd) {
1164 err = -ENOMEM;
9fbcbb45 1165 goto failed;
366a0336 1166 }
9fbcbb45 1167
6bf0e469 1168 if (cp->val) {
9fbcbb45 1169 scan = SCAN_PAGE;
6bf0e469 1170 } else {
9fbcbb45
JH		 1171 scan = 0;
1172
df2c6c5e 1173 if (test_bit(HCI_ISCAN, &hdev->flags) &&
8ce8e2b5 1174 hdev->discov_timeout > 0)
df2c6c5e
JH		 1175 cancel_delayed_work(&hdev->discov_off);
1176 }
1177
2b76f453
JH		 1178 hci_req_init(&req, hdev);
1179
1180 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1181
4c01f8b8
JH		 1182 /* If we're going from non-connectable to connectable or
1183 * vice-versa when fast connectable is enabled ensure that fast
1184 * connectable gets disabled. write_fast_connectable won't do
1185 * anything if the page scan parameters are already what they
1186 * should be.
1187 */
1188 if (cp->val || test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags))
e36a3769
JH		 1189 write_fast_connectable(&req, false);
1190
2b76f453 1191 err = hci_req_run(&req, set_connectable_complete);
9fbcbb45 1192 if (err < 0)
a664b5bc 1193 mgmt_pending_remove(cmd);
9fbcbb45
JH		 1194
1195failed:
09fd0de5 1196 hci_dev_unlock(hdev);
9fbcbb45
JH		 1197 return err;
1198}
1199
bdb6d971 1200static int set_pairable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1201 u16 len)
c542a06c 1202{
650f726d 1203 struct mgmt_mode *cp = data;
c542a06c
JH		 1204 int err;
1205
bdb6d971 1206 BT_DBG("request for %s", hdev->name);
c542a06c 1207
a7e80f25
JH		 1208 if (cp->val != 0x00 && cp->val != 0x01)
1209 return cmd_status(sk, hdev->id, MGMT_OP_SET_PAIRABLE,
1210 MGMT_STATUS_INVALID_PARAMS);
1211
09fd0de5 1212 hci_dev_lock(hdev);
c542a06c
JH		 1213
1214 if (cp->val)
a8b2d5c2 1215 set_bit(HCI_PAIRABLE, &hdev->dev_flags);
c542a06c 1216 else
a8b2d5c2 1217 clear_bit(HCI_PAIRABLE, &hdev->dev_flags);
c542a06c 1218
69ab39ea 1219 err = send_settings_rsp(sk, MGMT_OP_SET_PAIRABLE, hdev);
c542a06c
JH		 1220 if (err < 0)
1221 goto failed;
1222
beadb2bd 1223 err = new_settings(hdev, sk);
c542a06c
JH		 1224
1225failed:
09fd0de5 1226 hci_dev_unlock(hdev);
c542a06c
JH		 1227 return err;
1228}
1229
04124681
GP		 1230static int set_link_security(struct sock *sk, struct hci_dev *hdev, void *data,
1231 u16 len)
33ef95ed
JH		 1232{
1233 struct mgmt_mode *cp = data;
1234 struct pending_cmd *cmd;
e6fe7986 1235 u8 val, status;
33ef95ed
JH		 1236 int err;
1237
bdb6d971 1238 BT_DBG("request for %s", hdev->name);
33ef95ed 1239
e6fe7986
JH		 1240 status = mgmt_bredr_support(hdev);
1241 if (status)
33c525c0 1242 return cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
e6fe7986 1243 status);
33c525c0 1244
a7e80f25
JH		 1245 if (cp->val != 0x00 && cp->val != 0x01)
1246 return cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1247 MGMT_STATUS_INVALID_PARAMS);
1248
33ef95ed
JH		 1249 hci_dev_lock(hdev);
1250
4b34ee78 1251 if (!hdev_is_powered(hdev)) {
47990ea0
JH		 1252 bool changed = false;
1253
1254 if (!!cp->val != test_bit(HCI_LINK_SECURITY,
8ce8e2b5 1255 &hdev->dev_flags)) {
47990ea0
JH		 1256 change_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
1257 changed = true;
1258 }
1259
1260 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1261 if (err < 0)
1262 goto failed;
1263
1264 if (changed)
1265 err = new_settings(hdev, sk);
1266
33ef95ed
JH		 1267 goto failed;
1268 }
1269
1270 if (mgmt_pending_find(MGMT_OP_SET_LINK_SECURITY, hdev)) {
bdb6d971 1271 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
04124681 1272 MGMT_STATUS_BUSY);
33ef95ed
JH		 1273 goto failed;
1274 }
1275
1276 val = !!cp->val;
1277
1278 if (test_bit(HCI_AUTH, &hdev->flags) == val) {
1279 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1280 goto failed;
1281 }
1282
1283 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LINK_SECURITY, hdev, data, len);
1284 if (!cmd) {
1285 err = -ENOMEM;
1286 goto failed;
1287 }
1288
1289 err = hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE, sizeof(val), &val);
1290 if (err < 0) {
1291 mgmt_pending_remove(cmd);
1292 goto failed;
1293 }
1294
1295failed:
1296 hci_dev_unlock(hdev);
33ef95ed
JH		 1297 return err;
1298}
1299
bdb6d971 1300static int set_ssp(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
ed2c4ee3
JH		 1301{
1302 struct mgmt_mode *cp = data;
1303 struct pending_cmd *cmd;
cdba5281 1304 u8 val, status;
ed2c4ee3
JH		 1305 int err;
1306
bdb6d971 1307 BT_DBG("request for %s", hdev->name);
ed2c4ee3 1308
cdba5281
MH		 1309 status = mgmt_bredr_support(hdev);
1310 if (status)
1311 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP, status);
1312
13ecd8b6
JH		 1313 if (!lmp_ssp_capable(hdev))
1314 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1315 MGMT_STATUS_NOT_SUPPORTED);
ed2c4ee3 1316
a7e80f25
JH		 1317 if (cp->val != 0x00 && cp->val != 0x01)
1318 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1319 MGMT_STATUS_INVALID_PARAMS);
1320
13ecd8b6 1321 hci_dev_lock(hdev);
6c8f12c1 1322
c0ecddc2
JH		 1323 val = !!cp->val;
1324
4b34ee78 1325 if (!hdev_is_powered(hdev)) {
c0ecddc2
JH		 1326 bool changed = false;
1327
1328 if (val != test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) {
1329 change_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
1330 changed = true;
1331 }
1332
1333 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1334 if (err < 0)
1335 goto failed;
1336
1337 if (changed)
1338 err = new_settings(hdev, sk);
1339
ed2c4ee3
JH		 1340 goto failed;
1341 }
1342
1343 if (mgmt_pending_find(MGMT_OP_SET_SSP, hdev)) {
d97dcb66
SJ		 1344 err = cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1345 MGMT_STATUS_BUSY);
ed2c4ee3
JH		 1346 goto failed;
1347 }
1348
ed2c4ee3
JH		 1349 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags) == val) {
1350 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1351 goto failed;
1352 }
1353
1354 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SSP, hdev, data, len);
1355 if (!cmd) {
1356 err = -ENOMEM;
1357 goto failed;
1358 }
1359
1360 err = hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, sizeof(val), &val);
1361 if (err < 0) {
1362 mgmt_pending_remove(cmd);
1363 goto failed;
1364 }
1365
1366failed:
1367 hci_dev_unlock(hdev);
ed2c4ee3
JH		 1368 return err;
1369}
1370
bdb6d971 1371static int set_hs(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
6d80dfd0
JH		 1372{
1373 struct mgmt_mode *cp = data;
ee392693 1374 bool changed;
e6fe7986 1375 u8 status;
ee392693 1376 int err;
6d80dfd0 1377
bdb6d971 1378 BT_DBG("request for %s", hdev->name);
6d80dfd0 1379
e6fe7986
JH		 1380 status = mgmt_bredr_support(hdev);
1381 if (status)
1382 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS, status);
6d80dfd0 1383
a7e80f25
JH		 1384 if (cp->val != 0x00 && cp->val != 0x01)
1385 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1386 MGMT_STATUS_INVALID_PARAMS);
1387
ee392693
MH		 1388 hci_dev_lock(hdev);
1389
a0cdf960 1390 if (cp->val) {
ee392693 1391 changed = !test_and_set_bit(HCI_HS_ENABLED, &hdev->dev_flags);
a0cdf960
MH		 1392 } else {
1393 if (hdev_is_powered(hdev)) {
1394 err = cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1395 MGMT_STATUS_REJECTED);
1396 goto unlock;
1397 }
1398
ee392693 1399 changed = test_and_clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
a0cdf960 1400 }
ee392693
MH		 1401
1402 err = send_settings_rsp(sk, MGMT_OP_SET_HS, hdev);
1403 if (err < 0)
1404 goto unlock;
1405
1406 if (changed)
1407 err = new_settings(hdev, sk);
6d80dfd0 1408
ee392693
MH		 1409unlock:
1410 hci_dev_unlock(hdev);
1411 return err;
6d80dfd0
JH		 1412}
1413
416a4ae5
JH		 1414static void le_enable_complete(struct hci_dev *hdev, u8 status)
1415{
1416 struct cmd_lookup match = { NULL, hdev };
1417
1418 if (status) {
1419 u8 mgmt_err = mgmt_status(status);
1420
1421 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, cmd_status_rsp,
1422 &mgmt_err);
1423 return;
1424 }
1425
1426 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, settings_rsp, &match);
1427
1428 new_settings(hdev, match.sk);
1429
1430 if (match.sk)
1431 sock_put(match.sk);
1432}
1433
bdb6d971 1434static int set_le(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
06199cf8
JH		 1435{
1436 struct mgmt_mode *cp = data;
1437 struct hci_cp_write_le_host_supported hci_cp;
1438 struct pending_cmd *cmd;
416a4ae5 1439 struct hci_request req;
06199cf8 1440 int err;
0b60eba1 1441 u8 val, enabled;
06199cf8 1442
bdb6d971 1443 BT_DBG("request for %s", hdev->name);
06199cf8 1444
13ecd8b6
JH		 1445 if (!lmp_le_capable(hdev))
1446 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1447 MGMT_STATUS_NOT_SUPPORTED);
1de028ce 1448
a7e80f25
JH		 1449 if (cp->val != 0x00 && cp->val != 0x01)
1450 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1451 MGMT_STATUS_INVALID_PARAMS);
1452
c73eee91 1453 /* LE-only devices do not allow toggling LE on/off */
56f87901 1454 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
c73eee91
JH		 1455 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1456 MGMT_STATUS_REJECTED);
1457
13ecd8b6 1458 hci_dev_lock(hdev);
06199cf8
JH		 1459
1460 val = !!cp->val;
ffa88e02 1461 enabled = lmp_host_le_capable(hdev);
06199cf8 1462
0b60eba1 1463 if (!hdev_is_powered(hdev) || val == enabled) {
06199cf8
JH		 1464 bool changed = false;
1465
1466 if (val != test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
1467 change_bit(HCI_LE_ENABLED, &hdev->dev_flags);
1468 changed = true;
1469 }
1470
f3d3444a
JH		 1471 if (!val && test_bit(HCI_ADVERTISING, &hdev->dev_flags)) {
1472 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
eeca6f89
JH		 1473 changed = true;
1474 }
1475
06199cf8
JH		 1476 err = send_settings_rsp(sk, MGMT_OP_SET_LE, hdev);
1477 if (err < 0)
1de028ce 1478 goto unlock;
06199cf8
JH		 1479
1480 if (changed)
1481 err = new_settings(hdev, sk);
1482
1de028ce 1483 goto unlock;
06199cf8
JH		 1484 }
1485
4375f103
JH		 1486 if (mgmt_pending_find(MGMT_OP_SET_LE, hdev) ||
1487 mgmt_pending_find(MGMT_OP_SET_ADVERTISING, hdev)) {
bdb6d971 1488 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
04124681 1489 MGMT_STATUS_BUSY);
1de028ce 1490 goto unlock;
06199cf8
JH		 1491 }
1492
1493 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LE, hdev, data, len);
1494 if (!cmd) {
1495 err = -ENOMEM;
1de028ce 1496 goto unlock;
06199cf8
JH		 1497 }
1498
1499 memset(&hci_cp, 0, sizeof(hci_cp));
1500
1501 if (val) {
1502 hci_cp.le = val;
ffa88e02 1503 hci_cp.simul = lmp_le_br_capable(hdev);
06199cf8
JH		 1504 }
1505
416a4ae5
JH		 1506 hci_req_init(&req, hdev);
1507
03d87419
MH		 1508 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags) && !val) {
1509 u8 adv = 0x00;
1510
1511 hci_req_add(&req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(adv), &adv);
1512 }
eeca6f89 1513
416a4ae5
JH		 1514 hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(hci_cp),
1515 &hci_cp);
1516
1517 err = hci_req_run(&req, le_enable_complete);
0c01bc48 1518 if (err < 0)
06199cf8 1519 mgmt_pending_remove(cmd);
06199cf8 1520
1de028ce
JH		 1521unlock:
1522 hci_dev_unlock(hdev);
06199cf8
JH		 1523 return err;
1524}
1525
0cab9c80
JH		 1526/* This is a helper function to test for pending mgmt commands that can
1527 * cause CoD or EIR HCI commands. We can only allow one such pending
1528 * mgmt command at a time since otherwise we cannot easily track what
1529 * the current values are, will be, and based on that calculate if a new
1530 * HCI command needs to be sent and if yes with what value.
1531 */
1532static bool pending_eir_or_class(struct hci_dev *hdev)
1533{
1534 struct pending_cmd *cmd;
1535
1536 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
1537 switch (cmd->opcode) {
1538 case MGMT_OP_ADD_UUID:
1539 case MGMT_OP_REMOVE_UUID:
1540 case MGMT_OP_SET_DEV_CLASS:
1541 case MGMT_OP_SET_POWERED:
1542 return true;
1543 }
1544 }
1545
1546 return false;
1547}
1548
83be8eca
JH		 1549static const u8 bluetooth_base_uuid[] = {
1550 0xfb, 0x34, 0x9b, 0x5f, 0x80, 0x00, 0x00, 0x80,
1551 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1552};
1553
1554static u8 get_uuid_size(const u8 *uuid)
1555{
1556 u32 val;
1557
1558 if (memcmp(uuid, bluetooth_base_uuid, 12))
1559 return 128;
1560
1561 val = get_unaligned_le32(&uuid[12]);
1562 if (val > 0xffff)
1563 return 32;
1564
1565 return 16;
1566}
1567
92da6097
JH		 1568static void mgmt_class_complete(struct hci_dev *hdev, u16 mgmt_op, u8 status)
1569{
1570 struct pending_cmd *cmd;
1571
1572 hci_dev_lock(hdev);
1573
1574 cmd = mgmt_pending_find(mgmt_op, hdev);
1575 if (!cmd)
1576 goto unlock;
1577
1578 cmd_complete(cmd->sk, cmd->index, cmd->opcode, mgmt_status(status),
1579 hdev->dev_class, 3);
1580
1581 mgmt_pending_remove(cmd);
1582
1583unlock:
1584 hci_dev_unlock(hdev);
1585}
1586
1587static void add_uuid_complete(struct hci_dev *hdev, u8 status)
1588{
1589 BT_DBG("status 0x%02x", status);
1590
1591 mgmt_class_complete(hdev, MGMT_OP_ADD_UUID, status);
1592}
1593
bdb6d971 1594static int add_uuid(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
2aeb9a1a 1595{
650f726d 1596 struct mgmt_cp_add_uuid *cp = data;
90e70454 1597 struct pending_cmd *cmd;
890ea898 1598 struct hci_request req;
2aeb9a1a 1599 struct bt_uuid *uuid;
2aeb9a1a
JH		 1600 int err;
1601
bdb6d971 1602 BT_DBG("request for %s", hdev->name);
2aeb9a1a 1603
09fd0de5 1604 hci_dev_lock(hdev);
2aeb9a1a 1605
0cab9c80 1606 if (pending_eir_or_class(hdev)) {
bdb6d971 1607 err = cmd_status(sk, hdev->id, MGMT_OP_ADD_UUID,
04124681 1608 MGMT_STATUS_BUSY);
c95f0ba7
JH		 1609 goto failed;
1610 }
1611
92c4c204 1612 uuid = kmalloc(sizeof(*uuid), GFP_KERNEL);
2aeb9a1a
JH		 1613 if (!uuid) {
1614 err = -ENOMEM;
1615 goto failed;
1616 }
1617
1618 memcpy(uuid->uuid, cp->uuid, 16);
1aff6f09 1619 uuid->svc_hint = cp->svc_hint;
83be8eca 1620 uuid->size = get_uuid_size(cp->uuid);
2aeb9a1a 1621
de66aa63 1622 list_add_tail(&uuid->list, &hdev->uuids);
2aeb9a1a 1623
890ea898 1624 hci_req_init(&req, hdev);
1aff6f09 1625
890ea898
JH		 1626 update_class(&req);
1627 update_eir(&req);
1628
92da6097
JH		 1629 err = hci_req_run(&req, add_uuid_complete);
1630 if (err < 0) {
1631 if (err != -ENODATA)
1632 goto failed;
80a1e1db 1633
bdb6d971 1634 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_UUID, 0,
04124681 1635 hdev->dev_class, 3);
90e70454
JH		 1636 goto failed;
1637 }
1638
1639 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_UUID, hdev, data, len);
890ea898 1640 if (!cmd) {
90e70454 1641 err = -ENOMEM;
890ea898
JH		 1642 goto failed;
1643 }
1644
1645 err = 0;
2aeb9a1a
JH		 1646
1647failed:
09fd0de5 1648 hci_dev_unlock(hdev);
2aeb9a1a
JH		 1649 return err;
1650}
1651
24b78d0f
JH		 1652static bool enable_service_cache(struct hci_dev *hdev)
1653{
1654 if (!hdev_is_powered(hdev))
1655 return false;
1656
1657 if (!test_and_set_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
46818ed5
JH		 1658 queue_delayed_work(hdev->workqueue, &hdev->service_cache,
1659 CACHE_TIMEOUT);
24b78d0f
JH		 1660 return true;
1661 }
1662
1663 return false;
1664}
1665
92da6097
JH		 1666static void remove_uuid_complete(struct hci_dev *hdev, u8 status)
1667{
1668 BT_DBG("status 0x%02x", status);
1669
1670 mgmt_class_complete(hdev, MGMT_OP_REMOVE_UUID, status);
1671}
1672
bdb6d971 1673static int remove_uuid(struct sock *sk, struct hci_dev *hdev, void *data,
8ce8e2b5 1674 u16 len)
2aeb9a1a 1675{
650f726d 1676 struct mgmt_cp_remove_uuid *cp = data;
90e70454 1677 struct pending_cmd *cmd;
056341c8 1678 struct bt_uuid *match, *tmp;
2aeb9a1a 1679 u8 bt_uuid_any[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
890ea898 1680 struct hci_request req;
2aeb9a1a
JH		 1681 int err, found;
1682
bdb6d971 1683 BT_DBG("request for %s", hdev->name);
2aeb9a1a 1684
09fd0de5 1685 hci_dev_lock(hdev);
2aeb9a1a 1686
0cab9c80 1687 if (pending_eir_or_class(hdev)) {
bdb6d971 1688 err = cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
04124681 1689 MGMT_STATUS_BUSY);
c95f0ba7
JH		 1690 goto unlock;
1691 }
1692
2aeb9a1a
JH		 1693 if (memcmp(cp->uuid, bt_uuid_any, 16) == 0) {
1694 err = hci_uuids_clear(hdev);
4004b6d9 1695
24b78d0f 1696 if (enable_service_cache(hdev)) {
bdb6d971 1697 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID,
04124681 1698 0, hdev->dev_class, 3);
24b78d0f
JH		 1699 goto unlock;
1700 }
4004b6d9 1701
9246a869 1702 goto update_class;
2aeb9a1a
JH		 1703 }
1704
1705 found = 0;
1706
056341c8 1707 list_for_each_entry_safe(match, tmp, &hdev->uuids, list) {
2aeb9a1a
JH		 1708 if (memcmp(match->uuid, cp->uuid, 16) != 0)
1709 continue;
1710
1711 list_del(&match->list);
482049f7 1712 kfree(match);
2aeb9a1a
JH		 1713 found++;
1714 }
1715
1716 if (found == 0) {
bdb6d971 1717 err = cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
04124681 1718 MGMT_STATUS_INVALID_PARAMS);
2aeb9a1a
JH		 1719 goto unlock;
1720 }
1721
9246a869 1722update_class:
890ea898 1723 hci_req_init(&req, hdev);
1aff6f09 1724
890ea898
JH		 1725 update_class(&req);
1726 update_eir(&req);
1727
92da6097
JH		 1728 err = hci_req_run(&req, remove_uuid_complete);
1729 if (err < 0) {
1730 if (err != -ENODATA)
1731 goto unlock;
80a1e1db 1732
bdb6d971 1733 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID, 0,
04124681 1734 hdev->dev_class, 3);
90e70454
JH		 1735 goto unlock;
1736 }
1737
1738 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_UUID, hdev, data, len);
890ea898 1739 if (!cmd) {
90e70454 1740 err = -ENOMEM;
890ea898
JH		 1741 goto unlock;
1742 }
1743
1744 err = 0;
2aeb9a1a
JH		 1745
1746unlock:
09fd0de5 1747 hci_dev_unlock(hdev);
2aeb9a1a
JH		 1748 return err;
1749}
1750
92da6097
JH		 1751static void set_class_complete(struct hci_dev *hdev, u8 status)
1752{
1753 BT_DBG("status 0x%02x", status);
1754
1755 mgmt_class_complete(hdev, MGMT_OP_SET_DEV_CLASS, status);
1756}
1757
bdb6d971 1758static int set_dev_class(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1759 u16 len)
1aff6f09 1760{
650f726d 1761 struct mgmt_cp_set_dev_class *cp = data;
90e70454 1762 struct pending_cmd *cmd;
890ea898 1763 struct hci_request req;
1aff6f09
JH		 1764 int err;
1765
bdb6d971 1766 BT_DBG("request for %s", hdev->name);
1aff6f09 1767
6203fc98 1768 if (!lmp_bredr_capable(hdev))
13ecd8b6
JH		 1769 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
1770 MGMT_STATUS_NOT_SUPPORTED);
1aff6f09 1771
0cab9c80 1772 hci_dev_lock(hdev);
ee98f473 1773
0cab9c80
JH		 1774 if (pending_eir_or_class(hdev)) {
1775 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
1776 MGMT_STATUS_BUSY);
1777 goto unlock;
1778 }
c95f0ba7 1779
0cab9c80
JH		 1780 if ((cp->minor & 0x03) != 0 || (cp->major & 0xe0) != 0) {
1781 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
1782 MGMT_STATUS_INVALID_PARAMS);
1783 goto unlock;
1784 }
575b3a02 1785
932f5ff5
JH		 1786 hdev->major_class = cp->major;
1787 hdev->minor_class = cp->minor;
1788
b5235a65 1789 if (!hdev_is_powered(hdev)) {
bdb6d971 1790 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
04124681 1791 hdev->dev_class, 3);
b5235a65
JH		 1792 goto unlock;
1793 }
1794
890ea898
JH		 1795 hci_req_init(&req, hdev);
1796
a8b2d5c2 1797 if (test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
7d78525d
JH		 1798 hci_dev_unlock(hdev);
1799 cancel_delayed_work_sync(&hdev->service_cache);
1800 hci_dev_lock(hdev);
890ea898 1801 update_eir(&req);
7d78525d 1802 }
14c0b608 1803
890ea898
JH		 1804 update_class(&req);
1805
92da6097
JH		 1806 err = hci_req_run(&req, set_class_complete);
1807 if (err < 0) {
1808 if (err != -ENODATA)
1809 goto unlock;
1aff6f09 1810
bdb6d971 1811 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
04124681 1812 hdev->dev_class, 3);
90e70454
JH		 1813 goto unlock;
1814 }
1815
1816 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DEV_CLASS, hdev, data, len);
890ea898 1817 if (!cmd) {
90e70454 1818 err = -ENOMEM;
890ea898
JH		 1819 goto unlock;
1820 }
1821
1822 err = 0;
1aff6f09 1823
b5235a65 1824unlock:
09fd0de5 1825 hci_dev_unlock(hdev);
1aff6f09
JH		 1826 return err;
1827}
1828
bdb6d971 1829static int load_link_keys(struct sock *sk, struct hci_dev *hdev, void *data,
8ce8e2b5 1830 u16 len)
55ed8ca1 1831{
650f726d 1832 struct mgmt_cp_load_link_keys *cp = data;
4e51eae9 1833 u16 key_count, expected_len;
a492cd52 1834 int i;
55ed8ca1 1835
9060d5cf
MH		 1836 BT_DBG("request for %s", hdev->name);
1837
1838 if (!lmp_bredr_capable(hdev))
1839 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
1840 MGMT_STATUS_NOT_SUPPORTED);
1841
1f350c87 1842 key_count = __le16_to_cpu(cp->key_count);
55ed8ca1 1843
86742e1e
JH		 1844 expected_len = sizeof(*cp) + key_count *
1845 sizeof(struct mgmt_link_key_info);
a492cd52 1846 if (expected_len != len) {
86742e1e 1847 BT_ERR("load_link_keys: expected %u bytes, got %u bytes",
8ce8e2b5 1848 len, expected_len);
bdb6d971 1849 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
04124681 1850 MGMT_STATUS_INVALID_PARAMS);
55ed8ca1
JH		 1851 }
1852
4ae14301
JH		 1853 if (cp->debug_keys != 0x00 && cp->debug_keys != 0x01)
1854 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
1855 MGMT_STATUS_INVALID_PARAMS);
1856
bdb6d971 1857 BT_DBG("%s debug_keys %u key_count %u", hdev->name, cp->debug_keys,
8ce8e2b5 1858 key_count);
55ed8ca1 1859
4ee71b20
JH		 1860 for (i = 0; i < key_count; i++) {
1861 struct mgmt_link_key_info *key = &cp->keys[i];
1862
1863 if (key->addr.type != BDADDR_BREDR)
1864 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
1865 MGMT_STATUS_INVALID_PARAMS);
1866 }
1867
09fd0de5 1868 hci_dev_lock(hdev);
55ed8ca1
JH		 1869
1870 hci_link_keys_clear(hdev);
1871
55ed8ca1 1872 if (cp->debug_keys)
a8b2d5c2 1873 set_bit(HCI_DEBUG_KEYS, &hdev->dev_flags);
55ed8ca1 1874 else
a8b2d5c2 1875 clear_bit(HCI_DEBUG_KEYS, &hdev->dev_flags);
55ed8ca1 1876
a492cd52 1877 for (i = 0; i < key_count; i++) {
86742e1e 1878 struct mgmt_link_key_info *key = &cp->keys[i];
55ed8ca1 1879
d753fdc4 1880 hci_add_link_key(hdev, NULL, 0, &key->addr.bdaddr, key->val,
04124681 1881 key->type, key->pin_len);
55ed8ca1
JH		 1882 }
1883
bdb6d971 1884 cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS, 0, NULL, 0);
0e5f875a 1885
09fd0de5 1886 hci_dev_unlock(hdev);
55ed8ca1 1887
a492cd52 1888 return 0;
55ed8ca1
JH		 1889}
1890
b1078ad0 1891static int device_unpaired(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 1892 u8 addr_type, struct sock *skip_sk)
b1078ad0
JH		 1893{
1894 struct mgmt_ev_device_unpaired ev;
1895
1896 bacpy(&ev.addr.bdaddr, bdaddr);
1897 ev.addr.type = addr_type;
1898
1899 return mgmt_event(MGMT_EV_DEVICE_UNPAIRED, hdev, &ev, sizeof(ev),
04124681 1900 skip_sk);
b1078ad0
JH		 1901}
1902
bdb6d971 1903static int unpair_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1904 u16 len)
55ed8ca1 1905{
124f6e35
JH		 1906 struct mgmt_cp_unpair_device *cp = data;
1907 struct mgmt_rp_unpair_device rp;
a8a1d19e
JH		 1908 struct hci_cp_disconnect dc;
1909 struct pending_cmd *cmd;
55ed8ca1 1910 struct hci_conn *conn;
55ed8ca1
JH		 1911 int err;
1912
a8a1d19e 1913 memset(&rp, 0, sizeof(rp));
124f6e35
JH		 1914 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
1915 rp.addr.type = cp->addr.type;
a8a1d19e 1916
4ee71b20
JH		 1917 if (!bdaddr_type_is_valid(cp->addr.type))
1918 return cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
1919 MGMT_STATUS_INVALID_PARAMS,
1920 &rp, sizeof(rp));
1921
118da70b
JH		 1922 if (cp->disconnect != 0x00 && cp->disconnect != 0x01)
1923 return cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
1924 MGMT_STATUS_INVALID_PARAMS,
1925 &rp, sizeof(rp));
1926
4ee71b20
JH		 1927 hci_dev_lock(hdev);
1928
86a8cfc6 1929 if (!hdev_is_powered(hdev)) {
bdb6d971 1930 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
04124681 1931 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
86a8cfc6
JH		 1932 goto unlock;
1933 }
1934
591f47f3 1935 if (cp->addr.type == BDADDR_BREDR)
124f6e35
JH		 1936 err = hci_remove_link_key(hdev, &cp->addr.bdaddr);
1937 else
1938 err = hci_remove_ltk(hdev, &cp->addr.bdaddr);
b0dbfb46 1939
55ed8ca1 1940 if (err < 0) {
bdb6d971 1941 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
04124681 1942 MGMT_STATUS_NOT_PAIRED, &rp, sizeof(rp));
55ed8ca1
JH		 1943 goto unlock;
1944 }
1945
86a8cfc6 1946 if (cp->disconnect) {
591f47f3 1947 if (cp->addr.type == BDADDR_BREDR)
86a8cfc6 1948 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
8ce8e2b5 1949 &cp->addr.bdaddr);
86a8cfc6
JH		 1950 else
1951 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK,
8ce8e2b5 1952 &cp->addr.bdaddr);
86a8cfc6
JH		 1953 } else {
1954 conn = NULL;
1955 }
124f6e35 1956
a8a1d19e 1957 if (!conn) {
bdb6d971 1958 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE, 0,
04124681 1959 &rp, sizeof(rp));
b1078ad0 1960 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, sk);
a8a1d19e
JH		 1961 goto unlock;
1962 }
55ed8ca1 1963
124f6e35 1964 cmd = mgmt_pending_add(sk, MGMT_OP_UNPAIR_DEVICE, hdev, cp,
04124681 1965 sizeof(*cp));
a8a1d19e
JH		 1966 if (!cmd) {
1967 err = -ENOMEM;
1968 goto unlock;
55ed8ca1
JH		 1969 }
1970
eb55ef07 1971 dc.handle = cpu_to_le16(conn->handle);
a8a1d19e
JH		 1972 dc.reason = 0x13; /* Remote User Terminated Connection */
1973 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
1974 if (err < 0)
1975 mgmt_pending_remove(cmd);
1976
55ed8ca1 1977unlock:
09fd0de5 1978 hci_dev_unlock(hdev);
55ed8ca1
JH		 1979 return err;
1980}
1981
bdb6d971 1982static int disconnect(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1983 u16 len)
8962ee74 1984{
650f726d 1985 struct mgmt_cp_disconnect *cp = data;
06a63b19 1986 struct mgmt_rp_disconnect rp;
8962ee74 1987 struct hci_cp_disconnect dc;
366a0336 1988 struct pending_cmd *cmd;
8962ee74 1989 struct hci_conn *conn;
8962ee74
JH		 1990 int err;
1991
1992 BT_DBG("");
1993
06a63b19
JH		 1994 memset(&rp, 0, sizeof(rp));
1995 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
1996 rp.addr.type = cp->addr.type;
1997
4ee71b20 1998 if (!bdaddr_type_is_valid(cp->addr.type))
06a63b19
JH		 1999 return cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2000 MGMT_STATUS_INVALID_PARAMS,
2001 &rp, sizeof(rp));
4ee71b20 2002
09fd0de5 2003 hci_dev_lock(hdev);
8962ee74
JH		 2004
2005 if (!test_bit(HCI_UP, &hdev->flags)) {
06a63b19
JH		 2006 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2007 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
8962ee74
JH		 2008 goto failed;
2009 }
2010
2e58ef3e 2011 if (mgmt_pending_find(MGMT_OP_DISCONNECT, hdev)) {
06a63b19
JH		 2012 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2013 MGMT_STATUS_BUSY, &rp, sizeof(rp));
8962ee74
JH		 2014 goto failed;
2015 }
2016
591f47f3 2017 if (cp->addr.type == BDADDR_BREDR)
8fc9ced3
GP		 2018 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
2019 &cp->addr.bdaddr);
88c3df13
JH		 2020 else
2021 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
365227e5 2022
f960727e 2023 if (!conn || conn->state == BT_OPEN || conn->state == BT_CLOSED) {
06a63b19
JH		 2024 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2025 MGMT_STATUS_NOT_CONNECTED, &rp, sizeof(rp));
8962ee74
JH		 2026 goto failed;
2027 }
2028
2e58ef3e 2029 cmd = mgmt_pending_add(sk, MGMT_OP_DISCONNECT, hdev, data, len);
366a0336
JH		 2030 if (!cmd) {
2031 err = -ENOMEM;
8962ee74 2032 goto failed;
366a0336 2033 }
8962ee74 2034
eb55ef07 2035 dc.handle = cpu_to_le16(conn->handle);
3701f944 2036 dc.reason = HCI_ERROR_REMOTE_USER_TERM;
8962ee74
JH		 2037
2038 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
2039 if (err < 0)
a664b5bc 2040 mgmt_pending_remove(cmd);
8962ee74
JH		 2041
2042failed:
09fd0de5 2043 hci_dev_unlock(hdev);
8962ee74
JH		 2044 return err;
2045}
2046
57c1477c 2047static u8 link_to_bdaddr(u8 link_type, u8 addr_type)
4c659c39
JH		 2048{
2049 switch (link_type) {
2050 case LE_LINK:
48264f06
JH		 2051 switch (addr_type) {
2052 case ADDR_LE_DEV_PUBLIC:
591f47f3 2053 return BDADDR_LE_PUBLIC;
0ed09148 2054
48264f06 2055 default:
0ed09148 2056 /* Fallback to LE Random address type */
591f47f3 2057 return BDADDR_LE_RANDOM;
48264f06 2058 }
0ed09148 2059
4c659c39 2060 default:
0ed09148 2061 /* Fallback to BR/EDR type */
591f47f3 2062 return BDADDR_BREDR;
4c659c39
JH		 2063 }
2064}
2065
04124681
GP		 2066static int get_connections(struct sock *sk, struct hci_dev *hdev, void *data,
2067 u16 data_len)
2784eb41 2068{
2784eb41 2069 struct mgmt_rp_get_connections *rp;
8035ded4 2070 struct hci_conn *c;
a38528f1 2071 size_t rp_len;
60fc5fb6
JH		 2072 int err;
2073 u16 i;
2784eb41
JH		 2074
2075 BT_DBG("");
2076
09fd0de5 2077 hci_dev_lock(hdev);
2784eb41 2078
5f97c1df 2079 if (!hdev_is_powered(hdev)) {
bdb6d971 2080 err = cmd_status(sk, hdev->id, MGMT_OP_GET_CONNECTIONS,
04124681 2081 MGMT_STATUS_NOT_POWERED);
5f97c1df
JH		 2082 goto unlock;
2083 }
2084
60fc5fb6 2085 i = 0;
b644ba33
JH		 2086 list_for_each_entry(c, &hdev->conn_hash.list, list) {
2087 if (test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
60fc5fb6 2088 i++;
2784eb41
JH		 2089 }
2090
60fc5fb6 2091 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
92c4c204 2092 rp = kmalloc(rp_len, GFP_KERNEL);
a38528f1 2093 if (!rp) {
2784eb41
JH		 2094 err = -ENOMEM;
2095 goto unlock;
2096 }
2097
2784eb41 2098 i = 0;
4c659c39 2099 list_for_each_entry(c, &hdev->conn_hash.list, list) {
b644ba33
JH		 2100 if (!test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
2101 continue;
4c659c39 2102 bacpy(&rp->addr[i].bdaddr, &c->dst);
57c1477c 2103 rp->addr[i].type = link_to_bdaddr(c->type, c->dst_type);
0ed09148 2104 if (c->type == SCO_LINK || c->type == ESCO_LINK)
4c659c39
JH		 2105 continue;
2106 i++;
2107 }
2108
eb55ef07 2109 rp->conn_count = cpu_to_le16(i);
60fc5fb6 2110
4c659c39
JH		 2111 /* Recalculate length in case of filtered SCO connections, etc */
2112 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
2784eb41 2113
bdb6d971 2114 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CONNECTIONS, 0, rp,
04124681 2115 rp_len);
2784eb41 2116
a38528f1 2117 kfree(rp);
5f97c1df
JH		 2118
2119unlock:
09fd0de5 2120 hci_dev_unlock(hdev);
2784eb41
JH		 2121 return err;
2122}
2123
bdb6d971 2124static int send_pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 2125 struct mgmt_cp_pin_code_neg_reply *cp)
96d97a67
WR		 2126{
2127 struct pending_cmd *cmd;
2128 int err;
2129
2e58ef3e 2130 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_NEG_REPLY, hdev, cp,
04124681 2131 sizeof(*cp));
96d97a67
WR		 2132 if (!cmd)
2133 return -ENOMEM;
2134
d8457698 2135 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
04124681 2136 sizeof(cp->addr.bdaddr), &cp->addr.bdaddr);
96d97a67
WR		 2137 if (err < 0)
2138 mgmt_pending_remove(cmd);
2139
2140 return err;
2141}
2142
bdb6d971 2143static int pin_code_reply(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2144 u16 len)
980e1a53 2145{
96d97a67 2146 struct hci_conn *conn;
650f726d 2147 struct mgmt_cp_pin_code_reply *cp = data;
980e1a53 2148 struct hci_cp_pin_code_reply reply;
366a0336 2149 struct pending_cmd *cmd;
980e1a53
JH		 2150 int err;
2151
2152 BT_DBG("");
2153
09fd0de5 2154 hci_dev_lock(hdev);
980e1a53 2155
4b34ee78 2156 if (!hdev_is_powered(hdev)) {
bdb6d971 2157 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
04124681 2158 MGMT_STATUS_NOT_POWERED);
980e1a53
JH		 2159 goto failed;
2160 }
2161
d8457698 2162 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->addr.bdaddr);
96d97a67 2163 if (!conn) {
bdb6d971 2164 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
04124681 2165 MGMT_STATUS_NOT_CONNECTED);
96d97a67
WR		 2166 goto failed;
2167 }
2168
2169 if (conn->pending_sec_level == BT_SECURITY_HIGH && cp->pin_len != 16) {
d8457698
JH		 2170 struct mgmt_cp_pin_code_neg_reply ncp;
2171
2172 memcpy(&ncp.addr, &cp->addr, sizeof(ncp.addr));
96d97a67
WR		 2173
2174 BT_ERR("PIN code is not 16 bytes long");
2175
bdb6d971 2176 err = send_pin_code_neg_reply(sk, hdev, &ncp);
96d97a67 2177 if (err >= 0)
bdb6d971 2178 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
04124681 2179 MGMT_STATUS_INVALID_PARAMS);
96d97a67
WR		 2180
2181 goto failed;
2182 }
2183
00abfe44 2184 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_REPLY, hdev, data, len);
366a0336
JH		 2185 if (!cmd) {
2186 err = -ENOMEM;
980e1a53 2187 goto failed;
366a0336 2188 }
980e1a53 2189
d8457698 2190 bacpy(&reply.bdaddr, &cp->addr.bdaddr);
980e1a53 2191 reply.pin_len = cp->pin_len;
24718ca5 2192 memcpy(reply.pin_code, cp->pin_code, sizeof(reply.pin_code));
980e1a53
JH		 2193
2194 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_REPLY, sizeof(reply), &reply);
2195 if (err < 0)
a664b5bc 2196 mgmt_pending_remove(cmd);
980e1a53
JH		 2197
2198failed:
09fd0de5 2199 hci_dev_unlock(hdev);
980e1a53
JH		 2200 return err;
2201}
2202
04124681
GP		 2203static int set_io_capability(struct sock *sk, struct hci_dev *hdev, void *data,
2204 u16 len)
17fa4b9d 2205{
650f726d 2206 struct mgmt_cp_set_io_capability *cp = data;
17fa4b9d
JH		 2207
2208 BT_DBG("");
2209
09fd0de5 2210 hci_dev_lock(hdev);
17fa4b9d
JH		 2211
2212 hdev->io_capability = cp->io_capability;
2213
2214 BT_DBG("%s IO capability set to 0x%02x", hdev->name,
8ce8e2b5 2215 hdev->io_capability);
17fa4b9d 2216
09fd0de5 2217 hci_dev_unlock(hdev);
17fa4b9d 2218
04124681
GP		 2219 return cmd_complete(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY, 0, NULL,
2220 0);
17fa4b9d
JH		 2221}
2222
6039aa73 2223static struct pending_cmd *find_pairing(struct hci_conn *conn)
e9a416b5
JH		 2224{
2225 struct hci_dev *hdev = conn->hdev;
8035ded4 2226 struct pending_cmd *cmd;
e9a416b5 2227
2e58ef3e 2228 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
e9a416b5
JH		 2229 if (cmd->opcode != MGMT_OP_PAIR_DEVICE)
2230 continue;
2231
e9a416b5
JH		 2232 if (cmd->user_data != conn)
2233 continue;
2234
2235 return cmd;
2236 }
2237
2238 return NULL;
2239}
2240
2241static void pairing_complete(struct pending_cmd *cmd, u8 status)
2242{
2243 struct mgmt_rp_pair_device rp;
2244 struct hci_conn *conn = cmd->user_data;
2245
ba4e564f 2246 bacpy(&rp.addr.bdaddr, &conn->dst);
57c1477c 2247 rp.addr.type = link_to_bdaddr(conn->type, conn->dst_type);
e9a416b5 2248
aee9b218 2249 cmd_complete(cmd->sk, cmd->index, MGMT_OP_PAIR_DEVICE, status,
04124681 2250 &rp, sizeof(rp));
e9a416b5
JH		 2251
2252 /* So we don't get further callbacks for this connection */
2253 conn->connect_cfm_cb = NULL;
2254 conn->security_cfm_cb = NULL;
2255 conn->disconn_cfm_cb = NULL;
2256
76a68ba0 2257 hci_conn_drop(conn);
e9a416b5 2258
a664b5bc 2259 mgmt_pending_remove(cmd);
e9a416b5
JH		 2260}
2261
2262static void pairing_complete_cb(struct hci_conn *conn, u8 status)
2263{
2264 struct pending_cmd *cmd;
2265
2266 BT_DBG("status %u", status);
2267
2268 cmd = find_pairing(conn);
56e5cb86 2269 if (!cmd)
e9a416b5 2270 BT_DBG("Unable to find a pending command");
56e5cb86 2271 else
e211326c 2272 pairing_complete(cmd, mgmt_status(status));
e9a416b5
JH		 2273}
2274
4c47d739
VA		 2275static void le_connect_complete_cb(struct hci_conn *conn, u8 status)
2276{
2277 struct pending_cmd *cmd;
2278
2279 BT_DBG("status %u", status);
2280
2281 if (!status)
2282 return;
2283
2284 cmd = find_pairing(conn);
2285 if (!cmd)
2286 BT_DBG("Unable to find a pending command");
2287 else
2288 pairing_complete(cmd, mgmt_status(status));
2289}
2290
bdb6d971 2291static int pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2292 u16 len)
e9a416b5 2293{
650f726d 2294 struct mgmt_cp_pair_device *cp = data;
1425acb7 2295 struct mgmt_rp_pair_device rp;
e9a416b5
JH		 2296 struct pending_cmd *cmd;
2297 u8 sec_level, auth_type;
2298 struct hci_conn *conn;
e9a416b5
JH		 2299 int err;
2300
2301 BT_DBG("");
2302
f950a30e
SJ		 2303 memset(&rp, 0, sizeof(rp));
2304 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2305 rp.addr.type = cp->addr.type;
2306
4ee71b20
JH		 2307 if (!bdaddr_type_is_valid(cp->addr.type))
2308 return cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2309 MGMT_STATUS_INVALID_PARAMS,
2310 &rp, sizeof(rp));
2311
09fd0de5 2312 hci_dev_lock(hdev);
e9a416b5 2313
5f97c1df 2314 if (!hdev_is_powered(hdev)) {
f950a30e
SJ		 2315 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2316 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
5f97c1df
JH		 2317 goto unlock;
2318 }
2319
c908df36
VCG		 2320 sec_level = BT_SECURITY_MEDIUM;
2321 if (cp->io_cap == 0x03)
e9a416b5 2322 auth_type = HCI_AT_DEDICATED_BONDING;
c908df36 2323 else
e9a416b5 2324 auth_type = HCI_AT_DEDICATED_BONDING_MITM;
e9a416b5 2325
591f47f3 2326 if (cp->addr.type == BDADDR_BREDR)
b12f62cf
AG		 2327 conn = hci_connect(hdev, ACL_LINK, &cp->addr.bdaddr,
2328 cp->addr.type, sec_level, auth_type);
7a512d01 2329 else
b12f62cf
AG		 2330 conn = hci_connect(hdev, LE_LINK, &cp->addr.bdaddr,
2331 cp->addr.type, sec_level, auth_type);
7a512d01 2332
30e76272 2333 if (IS_ERR(conn)) {
489dc48e
AK		 2334 int status;
2335
2336 if (PTR_ERR(conn) == -EBUSY)
2337 status = MGMT_STATUS_BUSY;
2338 else
2339 status = MGMT_STATUS_CONNECT_FAILED;
2340
bdb6d971 2341 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
489dc48e 2342 status, &rp,
04124681 2343 sizeof(rp));
e9a416b5
JH		 2344 goto unlock;
2345 }
2346
2347 if (conn->connect_cfm_cb) {
76a68ba0 2348 hci_conn_drop(conn);
bdb6d971 2349 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
04124681 2350 MGMT_STATUS_BUSY, &rp, sizeof(rp));
e9a416b5
JH		 2351 goto unlock;
2352 }
2353
2e58ef3e 2354 cmd = mgmt_pending_add(sk, MGMT_OP_PAIR_DEVICE, hdev, data, len);
e9a416b5
JH		 2355 if (!cmd) {
2356 err = -ENOMEM;
76a68ba0 2357 hci_conn_drop(conn);
e9a416b5
JH		 2358 goto unlock;
2359 }
2360
7a512d01 2361 /* For LE, just connecting isn't a proof that the pairing finished */
591f47f3 2362 if (cp->addr.type == BDADDR_BREDR)
7a512d01 2363 conn->connect_cfm_cb = pairing_complete_cb;
4c47d739
VA		 2364 else
2365 conn->connect_cfm_cb = le_connect_complete_cb;
7a512d01 2366
e9a416b5
JH		 2367 conn->security_cfm_cb = pairing_complete_cb;
2368 conn->disconn_cfm_cb = pairing_complete_cb;
2369 conn->io_capability = cp->io_cap;
2370 cmd->user_data = conn;
2371
2372 if (conn->state == BT_CONNECTED &&
8ce8e2b5 2373 hci_conn_security(conn, sec_level, auth_type))
e9a416b5
JH		 2374 pairing_complete(cmd, 0);
2375
2376 err = 0;
2377
2378unlock:
09fd0de5 2379 hci_dev_unlock(hdev);
e9a416b5
JH		 2380 return err;
2381}
2382
04124681
GP		 2383static int cancel_pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
2384 u16 len)
28424707 2385{
0f4e68cf 2386 struct mgmt_addr_info *addr = data;
28424707
JH		 2387 struct pending_cmd *cmd;
2388 struct hci_conn *conn;
2389 int err;
2390
2391 BT_DBG("");
2392
28424707
JH		 2393 hci_dev_lock(hdev);
2394
5f97c1df 2395 if (!hdev_is_powered(hdev)) {
bdb6d971 2396 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
04124681 2397 MGMT_STATUS_NOT_POWERED);
5f97c1df
JH		 2398 goto unlock;
2399 }
2400
28424707
JH		 2401 cmd = mgmt_pending_find(MGMT_OP_PAIR_DEVICE, hdev);
2402 if (!cmd) {
bdb6d971 2403 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
04124681 2404 MGMT_STATUS_INVALID_PARAMS);
28424707
JH		 2405 goto unlock;
2406 }
2407
2408 conn = cmd->user_data;
2409
2410 if (bacmp(&addr->bdaddr, &conn->dst) != 0) {
bdb6d971 2411 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
04124681 2412 MGMT_STATUS_INVALID_PARAMS);
28424707
JH		 2413 goto unlock;
2414 }
2415
2416 pairing_complete(cmd, MGMT_STATUS_CANCELLED);
2417
bdb6d971 2418 err = cmd_complete(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE, 0,
04124681 2419 addr, sizeof(*addr));
28424707
JH		 2420unlock:
2421 hci_dev_unlock(hdev);
28424707
JH		 2422 return err;
2423}
2424
bdb6d971 2425static int user_pairing_resp(struct sock *sk, struct hci_dev *hdev,
1707c60e 2426 struct mgmt_addr_info *addr, u16 mgmt_op,
04124681 2427 u16 hci_op, __le32 passkey)
a5c29683 2428{
a5c29683 2429 struct pending_cmd *cmd;
0df4c185 2430 struct hci_conn *conn;
a5c29683
JH		 2431 int err;
2432
09fd0de5 2433 hci_dev_lock(hdev);
08ba5382 2434
4b34ee78 2435 if (!hdev_is_powered(hdev)) {
feb94d3d
JH		 2436 err = cmd_complete(sk, hdev->id, mgmt_op,
2437 MGMT_STATUS_NOT_POWERED, addr,
2438 sizeof(*addr));
0df4c185 2439 goto done;
a5c29683
JH		 2440 }
2441
1707c60e
JH		 2442 if (addr->type == BDADDR_BREDR)
2443 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &addr->bdaddr);
272d90df 2444 else
1707c60e 2445 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &addr->bdaddr);
272d90df
JH		 2446
2447 if (!conn) {
feb94d3d
JH		 2448 err = cmd_complete(sk, hdev->id, mgmt_op,
2449 MGMT_STATUS_NOT_CONNECTED, addr,
2450 sizeof(*addr));
272d90df
JH		 2451 goto done;
2452 }
47c15e2b 2453
1707c60e 2454 if (addr->type == BDADDR_LE_PUBLIC || addr->type == BDADDR_LE_RANDOM) {
47c15e2b 2455 /* Continue with pairing via SMP */
5fe57d9e
BG		 2456 err = smp_user_confirm_reply(conn, mgmt_op, passkey);
2457
2458 if (!err)
feb94d3d
JH		 2459 err = cmd_complete(sk, hdev->id, mgmt_op,
2460 MGMT_STATUS_SUCCESS, addr,
2461 sizeof(*addr));
5fe57d9e 2462 else
feb94d3d
JH		 2463 err = cmd_complete(sk, hdev->id, mgmt_op,
2464 MGMT_STATUS_FAILED, addr,
2465 sizeof(*addr));
47c15e2b 2466
47c15e2b
BG		 2467 goto done;
2468 }
2469
1707c60e 2470 cmd = mgmt_pending_add(sk, mgmt_op, hdev, addr, sizeof(*addr));
a5c29683
JH		 2471 if (!cmd) {
2472 err = -ENOMEM;
0df4c185 2473 goto done;
a5c29683
JH		 2474 }
2475
0df4c185 2476 /* Continue with pairing via HCI */
604086b7
BG		 2477 if (hci_op == HCI_OP_USER_PASSKEY_REPLY) {
2478 struct hci_cp_user_passkey_reply cp;
2479
1707c60e 2480 bacpy(&cp.bdaddr, &addr->bdaddr);
604086b7
BG		 2481 cp.passkey = passkey;
2482 err = hci_send_cmd(hdev, hci_op, sizeof(cp), &cp);
2483 } else
1707c60e
JH		 2484 err = hci_send_cmd(hdev, hci_op, sizeof(addr->bdaddr),
2485 &addr->bdaddr);
604086b7 2486
a664b5bc
JH		 2487 if (err < 0)
2488 mgmt_pending_remove(cmd);
a5c29683 2489
0df4c185 2490done:
09fd0de5 2491 hci_dev_unlock(hdev);
a5c29683
JH		 2492 return err;
2493}
2494
afeb019d
JK		 2495static int pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
2496 void *data, u16 len)
2497{
2498 struct mgmt_cp_pin_code_neg_reply *cp = data;
2499
2500 BT_DBG("");
2501
1707c60e 2502 return user_pairing_resp(sk, hdev, &cp->addr,
afeb019d
JK		 2503 MGMT_OP_PIN_CODE_NEG_REPLY,
2504 HCI_OP_PIN_CODE_NEG_REPLY, 0);
2505}
2506
04124681
GP		 2507static int user_confirm_reply(struct sock *sk, struct hci_dev *hdev, void *data,
2508 u16 len)
0df4c185 2509{
650f726d 2510 struct mgmt_cp_user_confirm_reply *cp = data;
0df4c185
BG		 2511
2512 BT_DBG("");
2513
2514 if (len != sizeof(*cp))
bdb6d971 2515 return cmd_status(sk, hdev->id, MGMT_OP_USER_CONFIRM_REPLY,
04124681 2516 MGMT_STATUS_INVALID_PARAMS);
0df4c185 2517
1707c60e 2518 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 2519 MGMT_OP_USER_CONFIRM_REPLY,
2520 HCI_OP_USER_CONFIRM_REPLY, 0);
0df4c185
BG		 2521}
2522
bdb6d971 2523static int user_confirm_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 2524 void *data, u16 len)
0df4c185 2525{
c9c2659f 2526 struct mgmt_cp_user_confirm_neg_reply *cp = data;
0df4c185
BG		 2527
2528 BT_DBG("");
2529
1707c60e 2530 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 2531 MGMT_OP_USER_CONFIRM_NEG_REPLY,
2532 HCI_OP_USER_CONFIRM_NEG_REPLY, 0);
0df4c185
BG		 2533}
2534
04124681
GP		 2535static int user_passkey_reply(struct sock *sk, struct hci_dev *hdev, void *data,
2536 u16 len)
604086b7 2537{
650f726d 2538 struct mgmt_cp_user_passkey_reply *cp = data;
604086b7
BG		 2539
2540 BT_DBG("");
2541
1707c60e 2542 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 2543 MGMT_OP_USER_PASSKEY_REPLY,
2544 HCI_OP_USER_PASSKEY_REPLY, cp->passkey);
604086b7
BG		 2545}
2546
bdb6d971 2547static int user_passkey_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 2548 void *data, u16 len)
604086b7 2549{
650f726d 2550 struct mgmt_cp_user_passkey_neg_reply *cp = data;
604086b7
BG		 2551
2552 BT_DBG("");
2553
1707c60e 2554 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 2555 MGMT_OP_USER_PASSKEY_NEG_REPLY,
2556 HCI_OP_USER_PASSKEY_NEG_REPLY, 0);
604086b7
BG		 2557}
2558
13928971 2559static void update_name(struct hci_request *req)
2b4bf397 2560{
13928971 2561 struct hci_dev *hdev = req->hdev;
2b4bf397
JH		 2562 struct hci_cp_write_local_name cp;
2563
13928971 2564 memcpy(cp.name, hdev->dev_name, sizeof(cp.name));
2b4bf397 2565
890ea898 2566 hci_req_add(req, HCI_OP_WRITE_LOCAL_NAME, sizeof(cp), &cp);
2b4bf397
JH		 2567}
2568
13928971
JH		 2569static void set_name_complete(struct hci_dev *hdev, u8 status)
2570{
2571 struct mgmt_cp_set_local_name *cp;
2572 struct pending_cmd *cmd;
2573
2574 BT_DBG("status 0x%02x", status);
2575
2576 hci_dev_lock(hdev);
2577
2578 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
2579 if (!cmd)
2580 goto unlock;
2581
2582 cp = cmd->param;
2583
2584 if (status)
2585 cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME,
2586 mgmt_status(status));
2587 else
2588 cmd_complete(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
2589 cp, sizeof(*cp));
2590
2591 mgmt_pending_remove(cmd);
2592
2593unlock:
2594 hci_dev_unlock(hdev);
2595}
2596
bdb6d971 2597static int set_local_name(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2598 u16 len)
b312b161 2599{
2b4bf397 2600 struct mgmt_cp_set_local_name *cp = data;
b312b161 2601 struct pending_cmd *cmd;
890ea898 2602 struct hci_request req;
b312b161
JH		 2603 int err;
2604
2605 BT_DBG("");
2606
09fd0de5 2607 hci_dev_lock(hdev);
b312b161 2608
b3f2ca94
JH		 2609 /* If the old values are the same as the new ones just return a
2610 * direct command complete event.
2611 */
2612 if (!memcmp(hdev->dev_name, cp->name, sizeof(hdev->dev_name)) &&
2613 !memcmp(hdev->short_name, cp->short_name,
2614 sizeof(hdev->short_name))) {
2615 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
2616 data, len);
2617 goto failed;
2618 }
2619
2b4bf397 2620 memcpy(hdev->short_name, cp->short_name, sizeof(hdev->short_name));
28cc7bde 2621
b5235a65 2622 if (!hdev_is_powered(hdev)) {
2b4bf397 2623 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
28cc7bde
JH		 2624
2625 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
04124681 2626 data, len);
28cc7bde
JH		 2627 if (err < 0)
2628 goto failed;
2629
2630 err = mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, data, len,
04124681 2631 sk);
28cc7bde 2632
b5235a65
JH		 2633 goto failed;
2634 }
2635
28cc7bde 2636 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LOCAL_NAME, hdev, data, len);
b312b161
JH		 2637 if (!cmd) {
2638 err = -ENOMEM;
2639 goto failed;
2640 }
2641
13928971
JH		 2642 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
2643
890ea898 2644 hci_req_init(&req, hdev);
3f985050
JH		 2645
2646 if (lmp_bredr_capable(hdev)) {
2647 update_name(&req);
2648 update_eir(&req);
2649 }
2650
2651 if (lmp_le_capable(hdev))
2652 hci_update_ad(&req);
2653
13928971 2654 err = hci_req_run(&req, set_name_complete);
b312b161
JH		 2655 if (err < 0)
2656 mgmt_pending_remove(cmd);
2657
2658failed:
09fd0de5 2659 hci_dev_unlock(hdev);
b312b161
JH		 2660 return err;
2661}
2662
0f4e68cf 2663static int read_local_oob_data(struct sock *sk, struct hci_dev *hdev,
04124681 2664 void *data, u16 data_len)
c35938b2 2665{
c35938b2
SJ		 2666 struct pending_cmd *cmd;
2667 int err;
2668
bdb6d971 2669 BT_DBG("%s", hdev->name);
c35938b2 2670
09fd0de5 2671 hci_dev_lock(hdev);
c35938b2 2672
4b34ee78 2673 if (!hdev_is_powered(hdev)) {
bdb6d971 2674 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
04124681 2675 MGMT_STATUS_NOT_POWERED);
c35938b2
SJ		 2676 goto unlock;
2677 }
2678
9a1a1996 2679 if (!lmp_ssp_capable(hdev)) {
bdb6d971 2680 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
04124681 2681 MGMT_STATUS_NOT_SUPPORTED);
c35938b2
SJ		 2682 goto unlock;
2683 }
2684
2e58ef3e 2685 if (mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev)) {
bdb6d971 2686 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
04124681 2687 MGMT_STATUS_BUSY);
c35938b2
SJ		 2688 goto unlock;
2689 }
2690
2e58ef3e 2691 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_DATA, hdev, NULL, 0);
c35938b2
SJ		 2692 if (!cmd) {
2693 err = -ENOMEM;
2694 goto unlock;
2695 }
2696
2697 err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL);
2698 if (err < 0)
2699 mgmt_pending_remove(cmd);
2700
2701unlock:
09fd0de5 2702 hci_dev_unlock(hdev);
c35938b2
SJ		 2703 return err;
2704}
2705
bdb6d971 2706static int add_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
04124681 2707 void *data, u16 len)
2763eda6 2708{
650f726d 2709 struct mgmt_cp_add_remote_oob_data *cp = data;
bf1e3541 2710 u8 status;
2763eda6
SJ		 2711 int err;
2712
bdb6d971 2713 BT_DBG("%s ", hdev->name);
2763eda6 2714
09fd0de5 2715 hci_dev_lock(hdev);
2763eda6 2716
664ce4cc 2717 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr, cp->hash,
04124681 2718 cp->randomizer);
2763eda6 2719 if (err < 0)
bf1e3541 2720 status = MGMT_STATUS_FAILED;
2763eda6 2721 else
a6785be2 2722 status = MGMT_STATUS_SUCCESS;
bf1e3541 2723
bdb6d971 2724 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA, status,
04124681 2725 &cp->addr, sizeof(cp->addr));
2763eda6 2726
09fd0de5 2727 hci_dev_unlock(hdev);
2763eda6
SJ		 2728 return err;
2729}
2730
bdb6d971 2731static int remove_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
8ce8e2b5 2732 void *data, u16 len)
2763eda6 2733{
650f726d 2734 struct mgmt_cp_remove_remote_oob_data *cp = data;
bf1e3541 2735 u8 status;
2763eda6
SJ		 2736 int err;
2737
bdb6d971 2738 BT_DBG("%s", hdev->name);
2763eda6 2739
09fd0de5 2740 hci_dev_lock(hdev);
2763eda6 2741
664ce4cc 2742 err = hci_remove_remote_oob_data(hdev, &cp->addr.bdaddr);
2763eda6 2743 if (err < 0)
bf1e3541 2744 status = MGMT_STATUS_INVALID_PARAMS;
2763eda6 2745 else
a6785be2 2746 status = MGMT_STATUS_SUCCESS;
bf1e3541 2747
bdb6d971 2748 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
04124681 2749 status, &cp->addr, sizeof(cp->addr));
2763eda6 2750
09fd0de5 2751 hci_dev_unlock(hdev);
2763eda6
SJ		 2752 return err;
2753}
2754
41dc2bd6
AG		 2755static int mgmt_start_discovery_failed(struct hci_dev *hdev, u8 status)
2756{
2757 struct pending_cmd *cmd;
2758 u8 type;
2759 int err;
2760
2761 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
2762
2763 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
2764 if (!cmd)
2765 return -ENOENT;
2766
2767 type = hdev->discovery.type;
2768
2769 err = cmd_complete(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status),
2770 &type, sizeof(type));
2771 mgmt_pending_remove(cmd);
2772
2773 return err;
2774}
2775
7c307720
AG		 2776static void start_discovery_complete(struct hci_dev *hdev, u8 status)
2777{
2778 BT_DBG("status %d", status);
2779
2780 if (status) {
2781 hci_dev_lock(hdev);
2782 mgmt_start_discovery_failed(hdev, status);
2783 hci_dev_unlock(hdev);
2784 return;
2785 }
2786
2787 hci_dev_lock(hdev);
2788 hci_discovery_set_state(hdev, DISCOVERY_FINDING);
2789 hci_dev_unlock(hdev);
2790
2791 switch (hdev->discovery.type) {
2792 case DISCOV_TYPE_LE:
2793 queue_delayed_work(hdev->workqueue, &hdev->le_scan_disable,
0d8cc935 2794 DISCOV_LE_TIMEOUT);
7c307720
AG		 2795 break;
2796
2797 case DISCOV_TYPE_INTERLEAVED:
2798 queue_delayed_work(hdev->workqueue, &hdev->le_scan_disable,
0d8cc935 2799 DISCOV_INTERLEAVED_TIMEOUT);
7c307720
AG		 2800 break;
2801
2802 case DISCOV_TYPE_BREDR:
2803 break;
2804
2805 default:
2806 BT_ERR("Invalid discovery type %d", hdev->discovery.type);
2807 }
2808}
2809
bdb6d971 2810static int start_discovery(struct sock *sk, struct hci_dev *hdev,
04124681 2811 void *data, u16 len)
14a53664 2812{
650f726d 2813 struct mgmt_cp_start_discovery *cp = data;
14a53664 2814 struct pending_cmd *cmd;
7c307720
AG		 2815 struct hci_cp_le_set_scan_param param_cp;
2816 struct hci_cp_le_set_scan_enable enable_cp;
2817 struct hci_cp_inquiry inq_cp;
2818 struct hci_request req;
2819 /* General inquiry access code (GIAC) */
2820 u8 lap[3] = { 0x33, 0x8b, 0x9e };
e6fe7986 2821 u8 status;
14a53664
JH		 2822 int err;
2823
bdb6d971 2824 BT_DBG("%s", hdev->name);
14a53664 2825
09fd0de5 2826 hci_dev_lock(hdev);
14a53664 2827
4b34ee78 2828 if (!hdev_is_powered(hdev)) {
bdb6d971 2829 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
04124681 2830 MGMT_STATUS_NOT_POWERED);
bd2d1334
JH		 2831 goto failed;
2832 }
2833
642be6c7
AG		 2834 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags)) {
2835 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2836 MGMT_STATUS_BUSY);
2837 goto failed;
2838 }
2839
ff9ef578 2840 if (hdev->discovery.state != DISCOVERY_STOPPED) {
bdb6d971 2841 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
04124681 2842 MGMT_STATUS_BUSY);
ff9ef578
JH		 2843 goto failed;
2844 }
2845
2e58ef3e 2846 cmd = mgmt_pending_add(sk, MGMT_OP_START_DISCOVERY, hdev, NULL, 0);
14a53664
JH		 2847 if (!cmd) {
2848 err = -ENOMEM;
2849 goto failed;
2850 }
2851
4aab14e5
AG		 2852 hdev->discovery.type = cp->type;
2853
7c307720
AG		 2854 hci_req_init(&req, hdev);
2855
4aab14e5 2856 switch (hdev->discovery.type) {
f39799f5 2857 case DISCOV_TYPE_BREDR:
e6fe7986
JH		 2858 status = mgmt_bredr_support(hdev);
2859 if (status) {
04106755 2860 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
e6fe7986 2861 status);
04106755
JH		 2862 mgmt_pending_remove(cmd);
2863 goto failed;
2864 }
2865
7c307720
AG		 2866 if (test_bit(HCI_INQUIRY, &hdev->flags)) {
2867 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2868 MGMT_STATUS_BUSY);
2869 mgmt_pending_remove(cmd);
2870 goto failed;
2871 }
2872
2873 hci_inquiry_cache_flush(hdev);
2874
2875 memset(&inq_cp, 0, sizeof(inq_cp));
2876 memcpy(&inq_cp.lap, lap, sizeof(inq_cp.lap));
0d8cc935 2877 inq_cp.length = DISCOV_BREDR_INQUIRY_LEN;
7c307720 2878 hci_req_add(&req, HCI_OP_INQUIRY, sizeof(inq_cp), &inq_cp);
f39799f5
AG		 2879 break;
2880
2881 case DISCOV_TYPE_LE:
7c307720 2882 case DISCOV_TYPE_INTERLEAVED:
e6fe7986
JH		 2883 status = mgmt_le_support(hdev);
2884 if (status) {
04106755 2885 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
e6fe7986 2886 status);
04106755
JH		 2887 mgmt_pending_remove(cmd);
2888 goto failed;
2889 }
2890
7c307720 2891 if (hdev->discovery.type == DISCOV_TYPE_INTERLEAVED &&
56f87901 2892 !test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
04106755
JH		 2893 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2894 MGMT_STATUS_NOT_SUPPORTED);
2895 mgmt_pending_remove(cmd);
2896 goto failed;
2897 }
2898
f3d3444a 2899 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags)) {
7c307720
AG		 2900 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2901 MGMT_STATUS_REJECTED);
2902 mgmt_pending_remove(cmd);
2903 goto failed;
2904 }
2905
2906 if (test_bit(HCI_LE_SCAN, &hdev->dev_flags)) {
2907 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2908 MGMT_STATUS_BUSY);
2909 mgmt_pending_remove(cmd);
2910 goto failed;
2911 }
2912
2913 memset(&param_cp, 0, sizeof(param_cp));
2914 param_cp.type = LE_SCAN_ACTIVE;
0d8cc935
AG		 2915 param_cp.interval = cpu_to_le16(DISCOV_LE_SCAN_INT);
2916 param_cp.window = cpu_to_le16(DISCOV_LE_SCAN_WIN);
c25dfc61
MH		 2917 if (bacmp(&hdev->bdaddr, BDADDR_ANY))
2918 param_cp.own_address_type = ADDR_LE_DEV_PUBLIC;
2919 else
2920 param_cp.own_address_type = ADDR_LE_DEV_RANDOM;
7c307720
AG		 2921 hci_req_add(&req, HCI_OP_LE_SET_SCAN_PARAM, sizeof(param_cp),
2922 &param_cp);
2923
2924 memset(&enable_cp, 0, sizeof(enable_cp));
2925 enable_cp.enable = LE_SCAN_ENABLE;
2926 enable_cp.filter_dup = LE_SCAN_FILTER_DUP_ENABLE;
2927 hci_req_add(&req, HCI_OP_LE_SET_SCAN_ENABLE, sizeof(enable_cp),
2928 &enable_cp);
5e0452c0
AG		 2929 break;
2930
f39799f5 2931 default:
04106755
JH		 2932 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2933 MGMT_STATUS_INVALID_PARAMS);
2934 mgmt_pending_remove(cmd);
2935 goto failed;
f39799f5 2936 }
3fd24153 2937
7c307720 2938 err = hci_req_run(&req, start_discovery_complete);
14a53664
JH		 2939 if (err < 0)
2940 mgmt_pending_remove(cmd);
ff9ef578
JH		 2941 else
2942 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
14a53664
JH		 2943
2944failed:
09fd0de5 2945 hci_dev_unlock(hdev);
14a53664
JH		 2946 return err;
2947}
2948
1183fdca
AG		 2949static int mgmt_stop_discovery_failed(struct hci_dev *hdev, u8 status)
2950{
2951 struct pending_cmd *cmd;
2952 int err;
2953
2954 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
2955 if (!cmd)
2956 return -ENOENT;
2957
2958 err = cmd_complete(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status),
2959 &hdev->discovery.type, sizeof(hdev->discovery.type));
2960 mgmt_pending_remove(cmd);
2961
2962 return err;
2963}
2964
0e05bba6
AG		 2965static void stop_discovery_complete(struct hci_dev *hdev, u8 status)
2966{
2967 BT_DBG("status %d", status);
2968
2969 hci_dev_lock(hdev);
2970
2971 if (status) {
2972 mgmt_stop_discovery_failed(hdev, status);
2973 goto unlock;
2974 }
2975
2976 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
2977
2978unlock:
2979 hci_dev_unlock(hdev);
2980}
2981
bdb6d971 2982static int stop_discovery(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2983 u16 len)
14a53664 2984{
d930650b 2985 struct mgmt_cp_stop_discovery *mgmt_cp = data;
14a53664 2986 struct pending_cmd *cmd;
30dc78e1
JH		 2987 struct hci_cp_remote_name_req_cancel cp;
2988 struct inquiry_entry *e;
0e05bba6
AG		 2989 struct hci_request req;
2990 struct hci_cp_le_set_scan_enable enable_cp;
14a53664
JH		 2991 int err;
2992
bdb6d971 2993 BT_DBG("%s", hdev->name);
14a53664 2994
09fd0de5 2995 hci_dev_lock(hdev);
14a53664 2996
30dc78e1 2997 if (!hci_discovery_active(hdev)) {
bdb6d971 2998 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
04124681
GP		 2999 MGMT_STATUS_REJECTED, &mgmt_cp->type,
3000 sizeof(mgmt_cp->type));
d930650b
JH		 3001 goto unlock;
3002 }
3003
3004 if (hdev->discovery.type != mgmt_cp->type) {
bdb6d971 3005 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
04124681
GP		 3006 MGMT_STATUS_INVALID_PARAMS, &mgmt_cp->type,
3007 sizeof(mgmt_cp->type));
30dc78e1 3008 goto unlock;
ff9ef578
JH		 3009 }
3010
2e58ef3e 3011 cmd = mgmt_pending_add(sk, MGMT_OP_STOP_DISCOVERY, hdev, NULL, 0);
14a53664
JH		 3012 if (!cmd) {
3013 err = -ENOMEM;
30dc78e1
JH		 3014 goto unlock;
3015 }
3016
0e05bba6
AG		 3017 hci_req_init(&req, hdev);
3018
e0d9727e
AG		 3019 switch (hdev->discovery.state) {
3020 case DISCOVERY_FINDING:
0e05bba6
AG		 3021 if (test_bit(HCI_INQUIRY, &hdev->flags)) {
3022 hci_req_add(&req, HCI_OP_INQUIRY_CANCEL, 0, NULL);
3023 } else {
3024 cancel_delayed_work(&hdev->le_scan_disable);
3025
3026 memset(&enable_cp, 0, sizeof(enable_cp));
3027 enable_cp.enable = LE_SCAN_DISABLE;
3028 hci_req_add(&req, HCI_OP_LE_SET_SCAN_ENABLE,
3029 sizeof(enable_cp), &enable_cp);
3030 }
c9ecc48e 3031
e0d9727e
AG		 3032 break;
3033
3034 case DISCOVERY_RESOLVING:
3035 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY,
8ce8e2b5 3036 NAME_PENDING);
e0d9727e 3037 if (!e) {
30dc78e1 3038 mgmt_pending_remove(cmd);
e0d9727e
AG		 3039 err = cmd_complete(sk, hdev->id,
3040 MGMT_OP_STOP_DISCOVERY, 0,
3041 &mgmt_cp->type,
3042 sizeof(mgmt_cp->type));
3043 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
3044 goto unlock;
3045 }
30dc78e1 3046
e0d9727e 3047 bacpy(&cp.bdaddr, &e->data.bdaddr);
0e05bba6
AG		 3048 hci_req_add(&req, HCI_OP_REMOTE_NAME_REQ_CANCEL, sizeof(cp),
3049 &cp);
e0d9727e
AG		 3050
3051 break;
3052
3053 default:
3054 BT_DBG("unknown discovery state %u", hdev->discovery.state);
0e05bba6
AG		 3055
3056 mgmt_pending_remove(cmd);
3057 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
3058 MGMT_STATUS_FAILED, &mgmt_cp->type,
3059 sizeof(mgmt_cp->type));
3060 goto unlock;
14a53664
JH		 3061 }
3062
0e05bba6 3063 err = hci_req_run(&req, stop_discovery_complete);
14a53664
JH		 3064 if (err < 0)
3065 mgmt_pending_remove(cmd);
ff9ef578
JH		 3066 else
3067 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
14a53664 3068
30dc78e1 3069unlock:
09fd0de5 3070 hci_dev_unlock(hdev);
14a53664
JH		 3071 return err;
3072}
3073
bdb6d971 3074static int confirm_name(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3075 u16 len)
561aafbc 3076{
650f726d 3077 struct mgmt_cp_confirm_name *cp = data;
561aafbc 3078 struct inquiry_entry *e;
561aafbc
JH		 3079 int err;
3080
bdb6d971 3081 BT_DBG("%s", hdev->name);
561aafbc 3082
561aafbc
JH		 3083 hci_dev_lock(hdev);
3084
30dc78e1 3085 if (!hci_discovery_active(hdev)) {
bdb6d971 3086 err = cmd_status(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
04124681 3087 MGMT_STATUS_FAILED);
30dc78e1
JH		 3088 goto failed;
3089 }
3090
a198e7b1 3091 e = hci_inquiry_cache_lookup_unknown(hdev, &cp->addr.bdaddr);
561aafbc 3092 if (!e) {
bdb6d971 3093 err = cmd_status(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
04124681 3094 MGMT_STATUS_INVALID_PARAMS);
561aafbc
JH		 3095 goto failed;
3096 }
3097
3098 if (cp->name_known) {
3099 e->name_state = NAME_KNOWN;
3100 list_del(&e->list);
3101 } else {
3102 e->name_state = NAME_NEEDED;
a3d4e20a 3103 hci_inquiry_cache_update_resolve(hdev, e);
561aafbc
JH		 3104 }
3105
e384662b
JH		 3106 err = cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME, 0, &cp->addr,
3107 sizeof(cp->addr));
561aafbc
JH		 3108
3109failed:
3110 hci_dev_unlock(hdev);
561aafbc
JH		 3111 return err;
3112}
3113
bdb6d971 3114static int block_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3115 u16 len)
7fbec224 3116{
650f726d 3117 struct mgmt_cp_block_device *cp = data;
f0eeea8b 3118 u8 status;
7fbec224
AJ		 3119 int err;
3120
bdb6d971 3121 BT_DBG("%s", hdev->name);
7fbec224 3122
4ee71b20 3123 if (!bdaddr_type_is_valid(cp->addr.type))
5d0846d4
JH		 3124 return cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE,
3125 MGMT_STATUS_INVALID_PARAMS,
3126 &cp->addr, sizeof(cp->addr));
4ee71b20 3127
09fd0de5 3128 hci_dev_lock(hdev);
5e762444 3129
88c1fe4b 3130 err = hci_blacklist_add(hdev, &cp->addr.bdaddr, cp->addr.type);
7fbec224 3131 if (err < 0)
f0eeea8b 3132 status = MGMT_STATUS_FAILED;
7fbec224 3133 else
a6785be2 3134 status = MGMT_STATUS_SUCCESS;
f0eeea8b 3135
bdb6d971 3136 err = cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE, status,
04124681 3137 &cp->addr, sizeof(cp->addr));
5e762444 3138
09fd0de5 3139 hci_dev_unlock(hdev);
7fbec224
AJ		 3140
3141 return err;
3142}
3143
bdb6d971 3144static int unblock_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3145 u16 len)
7fbec224 3146{
650f726d 3147 struct mgmt_cp_unblock_device *cp = data;
f0eeea8b 3148 u8 status;
7fbec224
AJ		 3149 int err;
3150
bdb6d971 3151 BT_DBG("%s", hdev->name);
7fbec224 3152
4ee71b20 3153 if (!bdaddr_type_is_valid(cp->addr.type))
5d0846d4
JH		 3154 return cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE,
3155 MGMT_STATUS_INVALID_PARAMS,
3156 &cp->addr, sizeof(cp->addr));
4ee71b20 3157
09fd0de5 3158 hci_dev_lock(hdev);
5e762444 3159
88c1fe4b 3160 err = hci_blacklist_del(hdev, &cp->addr.bdaddr, cp->addr.type);
7fbec224 3161 if (err < 0)
f0eeea8b 3162 status = MGMT_STATUS_INVALID_PARAMS;
7fbec224 3163 else
a6785be2 3164 status = MGMT_STATUS_SUCCESS;
f0eeea8b 3165
bdb6d971 3166 err = cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE, status,
04124681 3167 &cp->addr, sizeof(cp->addr));
5e762444 3168
09fd0de5 3169 hci_dev_unlock(hdev);
7fbec224
AJ		 3170
3171 return err;
3172}
3173
cdbaccca
MH		 3174static int set_device_id(struct sock *sk, struct hci_dev *hdev, void *data,
3175 u16 len)
3176{
3177 struct mgmt_cp_set_device_id *cp = data;
890ea898 3178 struct hci_request req;
cdbaccca 3179 int err;
c72d4b8a 3180 __u16 source;
cdbaccca
MH		 3181
3182 BT_DBG("%s", hdev->name);
3183
c72d4b8a
SJ		 3184 source = __le16_to_cpu(cp->source);
3185
3186 if (source > 0x0002)
3187 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEVICE_ID,
3188 MGMT_STATUS_INVALID_PARAMS);
3189
cdbaccca
MH		 3190 hci_dev_lock(hdev);
3191
c72d4b8a 3192 hdev->devid_source = source;
cdbaccca
MH		 3193 hdev->devid_vendor = __le16_to_cpu(cp->vendor);
3194 hdev->devid_product = __le16_to_cpu(cp->product);
3195 hdev->devid_version = __le16_to_cpu(cp->version);
3196
3197 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEVICE_ID, 0, NULL, 0);
3198
890ea898
JH		 3199 hci_req_init(&req, hdev);
3200 update_eir(&req);
3201 hci_req_run(&req, NULL);
cdbaccca
MH		 3202
3203 hci_dev_unlock(hdev);
3204
3205 return err;
3206}
3207
4375f103
JH		 3208static void set_advertising_complete(struct hci_dev *hdev, u8 status)
3209{
3210 struct cmd_lookup match = { NULL, hdev };
3211
3212 if (status) {
3213 u8 mgmt_err = mgmt_status(status);
3214
3215 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev,
3216 cmd_status_rsp, &mgmt_err);
3217 return;
3218 }
3219
3220 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev, settings_rsp,
3221 &match);
3222
3223 new_settings(hdev, match.sk);
3224
3225 if (match.sk)
3226 sock_put(match.sk);
3227}
3228
3229static int set_advertising(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
3230{
3231 struct mgmt_mode *cp = data;
3232 struct pending_cmd *cmd;
3233 struct hci_request req;
e6fe7986 3234 u8 val, enabled, status;
4375f103
JH		 3235 int err;
3236
3237 BT_DBG("request for %s", hdev->name);
3238
e6fe7986
JH		 3239 status = mgmt_le_support(hdev);
3240 if (status)
4375f103 3241 return cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
e6fe7986 3242 status);
4375f103
JH		 3243
3244 if (cp->val != 0x00 && cp->val != 0x01)
3245 return cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
3246 MGMT_STATUS_INVALID_PARAMS);
3247
3248 hci_dev_lock(hdev);
3249
3250 val = !!cp->val;
f3d3444a 3251 enabled = test_bit(HCI_ADVERTISING, &hdev->dev_flags);
4375f103
JH		 3252
3253 if (!hdev_is_powered(hdev) || val == enabled) {
3254 bool changed = false;
3255
f3d3444a
JH		 3256 if (val != test_bit(HCI_ADVERTISING, &hdev->dev_flags)) {
3257 change_bit(HCI_ADVERTISING, &hdev->dev_flags);
4375f103
JH		 3258 changed = true;
3259 }
3260
3261 err = send_settings_rsp(sk, MGMT_OP_SET_ADVERTISING, hdev);
3262 if (err < 0)
3263 goto unlock;
3264
3265 if (changed)
3266 err = new_settings(hdev, sk);
3267
3268 goto unlock;
3269 }
3270
3271 if (mgmt_pending_find(MGMT_OP_SET_ADVERTISING, hdev) ||
3272 mgmt_pending_find(MGMT_OP_SET_LE, hdev)) {
3273 err = cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
3274 MGMT_STATUS_BUSY);
3275 goto unlock;
3276 }
3277
3278 cmd = mgmt_pending_add(sk, MGMT_OP_SET_ADVERTISING, hdev, data, len);
3279 if (!cmd) {
3280 err = -ENOMEM;
3281 goto unlock;
3282 }
3283
3284 hci_req_init(&req, hdev);
3285
3286 hci_req_add(&req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(val), &val);
3287
3288 err = hci_req_run(&req, set_advertising_complete);
3289 if (err < 0)
3290 mgmt_pending_remove(cmd);
3291
3292unlock:
3293 hci_dev_unlock(hdev);
3294 return err;
3295}
3296
d13eafce
MH		 3297static int set_static_address(struct sock *sk, struct hci_dev *hdev,
3298 void *data, u16 len)
3299{
3300 struct mgmt_cp_set_static_address *cp = data;
3301 int err;
3302
3303 BT_DBG("%s", hdev->name);
3304
62af4443 3305 if (!lmp_le_capable(hdev))
d13eafce 3306 return cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
62af4443 3307 MGMT_STATUS_NOT_SUPPORTED);
d13eafce
MH		 3308
3309 if (hdev_is_powered(hdev))
3310 return cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
3311 MGMT_STATUS_REJECTED);
3312
3313 if (bacmp(&cp->bdaddr, BDADDR_ANY)) {
3314 if (!bacmp(&cp->bdaddr, BDADDR_NONE))
3315 return cmd_status(sk, hdev->id,
3316 MGMT_OP_SET_STATIC_ADDRESS,
3317 MGMT_STATUS_INVALID_PARAMS);
3318
3319 /* Two most significant bits shall be set */
3320 if ((cp->bdaddr.b[5] & 0xc0) != 0xc0)
3321 return cmd_status(sk, hdev->id,
3322 MGMT_OP_SET_STATIC_ADDRESS,
3323 MGMT_STATUS_INVALID_PARAMS);
3324 }
3325
3326 hci_dev_lock(hdev);
3327
3328 bacpy(&hdev->static_addr, &cp->bdaddr);
3329
3330 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS, 0, NULL, 0);
3331
3332 hci_dev_unlock(hdev);
3333
3334 return err;
3335}
3336
33e38b3e
JH		 3337static void fast_connectable_complete(struct hci_dev *hdev, u8 status)
3338{
3339 struct pending_cmd *cmd;
3340
3341 BT_DBG("status 0x%02x", status);
3342
3343 hci_dev_lock(hdev);
3344
3345 cmd = mgmt_pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev);
3346 if (!cmd)
3347 goto unlock;
3348
3349 if (status) {
3350 cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
3351 mgmt_status(status));
3352 } else {
1a4d3c4b
JH		 3353 struct mgmt_mode *cp = cmd->param;
3354
3355 if (cp->val)
3356 set_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
3357 else
3358 clear_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
3359
33e38b3e
JH		 3360 send_settings_rsp(cmd->sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev);
3361 new_settings(hdev, cmd->sk);
3362 }
3363
3364 mgmt_pending_remove(cmd);
3365
3366unlock:
3367 hci_dev_unlock(hdev);
3368}
3369
bdb6d971 3370static int set_fast_connectable(struct sock *sk, struct hci_dev *hdev,
04124681 3371 void *data, u16 len)
f6422ec6 3372{
650f726d 3373 struct mgmt_mode *cp = data;
33e38b3e
JH		 3374 struct pending_cmd *cmd;
3375 struct hci_request req;
f6422ec6
AJ		 3376 int err;
3377
bdb6d971 3378 BT_DBG("%s", hdev->name);
f6422ec6 3379
56f87901
JH		 3380 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags) ||
3381 hdev->hci_ver < BLUETOOTH_VER_1_2)
33c525c0
JH		 3382 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
3383 MGMT_STATUS_NOT_SUPPORTED);
3384
a7e80f25
JH		 3385 if (cp->val != 0x00 && cp->val != 0x01)
3386 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
3387 MGMT_STATUS_INVALID_PARAMS);
3388
5400c044 3389 if (!hdev_is_powered(hdev))
bdb6d971 3390 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
04124681 3391 MGMT_STATUS_NOT_POWERED);
5400c044
JH		 3392
3393 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
bdb6d971 3394 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
04124681 3395 MGMT_STATUS_REJECTED);
f6422ec6
AJ		 3396
3397 hci_dev_lock(hdev);
3398
05cbf29f
JH		 3399 if (mgmt_pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev)) {
3400 err = cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
3401 MGMT_STATUS_BUSY);
3402 goto unlock;
3403 }
3404
1a4d3c4b
JH		 3405 if (!!cp->val == test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags)) {
3406 err = send_settings_rsp(sk, MGMT_OP_SET_FAST_CONNECTABLE,
3407 hdev);
3408 goto unlock;
3409 }
3410
33e38b3e
JH		 3411 cmd = mgmt_pending_add(sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev,
3412 data, len);
3413 if (!cmd) {
3414 err = -ENOMEM;
3415 goto unlock;
f6422ec6
AJ		 3416 }
3417
33e38b3e
JH		 3418 hci_req_init(&req, hdev);
3419
406d7804 3420 write_fast_connectable(&req, cp->val);
33e38b3e
JH		 3421
3422 err = hci_req_run(&req, fast_connectable_complete);
f6422ec6 3423 if (err < 0) {
bdb6d971 3424 err = cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
04124681 3425 MGMT_STATUS_FAILED);
33e38b3e 3426 mgmt_pending_remove(cmd);
f6422ec6
AJ		 3427 }
3428
33e38b3e 3429unlock:
f6422ec6 3430 hci_dev_unlock(hdev);
33e38b3e 3431
f6422ec6
AJ		 3432 return err;
3433}
3434
0663ca2a
JH		 3435static void set_bredr_complete(struct hci_dev *hdev, u8 status)
3436{
3437 struct pending_cmd *cmd;
3438
3439 BT_DBG("status 0x%02x", status);
3440
3441 hci_dev_lock(hdev);
3442
3443 cmd = mgmt_pending_find(MGMT_OP_SET_BREDR, hdev);
3444 if (!cmd)
3445 goto unlock;
3446
3447 if (status) {
3448 u8 mgmt_err = mgmt_status(status);
3449
3450 /* We need to restore the flag if related HCI commands
3451 * failed.
3452 */
3453 clear_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
3454
3455 cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
3456 } else {
3457 send_settings_rsp(cmd->sk, MGMT_OP_SET_BREDR, hdev);
3458 new_settings(hdev, cmd->sk);
3459 }
3460
3461 mgmt_pending_remove(cmd);
3462
3463unlock:
3464 hci_dev_unlock(hdev);
3465}
3466
3467static int set_bredr(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
3468{
3469 struct mgmt_mode *cp = data;
3470 struct pending_cmd *cmd;
3471 struct hci_request req;
3472 int err;
3473
3474 BT_DBG("request for %s", hdev->name);
3475
3476 if (!lmp_bredr_capable(hdev) || !lmp_le_capable(hdev))
3477 return cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
3478 MGMT_STATUS_NOT_SUPPORTED);
3479
3480 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
3481 return cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
3482 MGMT_STATUS_REJECTED);
3483
3484 if (cp->val != 0x00 && cp->val != 0x01)
3485 return cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
3486 MGMT_STATUS_INVALID_PARAMS);
3487
3488 hci_dev_lock(hdev);
3489
3490 if (cp->val == test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
3491 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
3492 goto unlock;
3493 }
3494
3495 if (!hdev_is_powered(hdev)) {
3496 if (!cp->val) {
3497 clear_bit(HCI_CONNECTABLE, &hdev->dev_flags);
3498 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
3499 clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
3500 clear_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
3501 clear_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
3502 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
3503 }
3504
3505 change_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
3506
3507 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
3508 if (err < 0)
3509 goto unlock;
3510
3511 err = new_settings(hdev, sk);
3512 goto unlock;
3513 }
3514
3515 /* Reject disabling when powered on */
3516 if (!cp->val) {
3517 err = cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
3518 MGMT_STATUS_REJECTED);
3519 goto unlock;
3520 }
3521
3522 if (mgmt_pending_find(MGMT_OP_SET_BREDR, hdev)) {
3523 err = cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
3524 MGMT_STATUS_BUSY);
3525 goto unlock;
3526 }
3527
3528 cmd = mgmt_pending_add(sk, MGMT_OP_SET_BREDR, hdev, data, len);
3529 if (!cmd) {
3530 err = -ENOMEM;
3531 goto unlock;
3532 }
3533
3534 /* We need to flip the bit already here so that hci_update_ad
3535 * generates the correct flags.
3536 */
3537 set_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
3538
3539 hci_req_init(&req, hdev);
3540 hci_update_ad(&req);
3541 err = hci_req_run(&req, set_bredr_complete);
3542 if (err < 0)
3543 mgmt_pending_remove(cmd);
3544
3545unlock:
3546 hci_dev_unlock(hdev);
3547 return err;
3548}
3549
3f706b72
JH		 3550static bool ltk_is_valid(struct mgmt_ltk_info *key)
3551{
44b20d33
JH		 3552 if (key->authenticated != 0x00 && key->authenticated != 0x01)
3553 return false;
3f706b72
JH		 3554 if (key->master != 0x00 && key->master != 0x01)
3555 return false;
4ee71b20
JH		 3556 if (!bdaddr_type_is_le(key->addr.type))
3557 return false;
3f706b72
JH		 3558 return true;
3559}
3560
bdb6d971 3561static int load_long_term_keys(struct sock *sk, struct hci_dev *hdev,
04124681 3562 void *cp_data, u16 len)
346af67b 3563{
346af67b
VCG		 3564 struct mgmt_cp_load_long_term_keys *cp = cp_data;
3565 u16 key_count, expected_len;
715a5bf2 3566 int i, err;
346af67b 3567
cf99ba13
MH		 3568 BT_DBG("request for %s", hdev->name);
3569
3570 if (!lmp_le_capable(hdev))
3571 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
3572 MGMT_STATUS_NOT_SUPPORTED);
3573
1f350c87 3574 key_count = __le16_to_cpu(cp->key_count);
346af67b
VCG		 3575
3576 expected_len = sizeof(*cp) + key_count *
3577 sizeof(struct mgmt_ltk_info);
3578 if (expected_len != len) {
3579 BT_ERR("load_keys: expected %u bytes, got %u bytes",
8ce8e2b5 3580 len, expected_len);
bdb6d971 3581 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
e57e619f 3582 MGMT_STATUS_INVALID_PARAMS);
346af67b
VCG		 3583 }
3584
bdb6d971 3585 BT_DBG("%s key_count %u", hdev->name, key_count);
346af67b 3586
54ad6d8a
JH		 3587 for (i = 0; i < key_count; i++) {
3588 struct mgmt_ltk_info *key = &cp->keys[i];
3589
3f706b72 3590 if (!ltk_is_valid(key))
54ad6d8a
JH		 3591 return cmd_status(sk, hdev->id,
3592 MGMT_OP_LOAD_LONG_TERM_KEYS,
3593 MGMT_STATUS_INVALID_PARAMS);
3594 }
3595
346af67b
VCG		 3596 hci_dev_lock(hdev);
3597
3598 hci_smp_ltks_clear(hdev);
3599
3600 for (i = 0; i < key_count; i++) {
3601 struct mgmt_ltk_info *key = &cp->keys[i];
3602 u8 type;
3603
3604 if (key->master)
3605 type = HCI_SMP_LTK;
3606 else
3607 type = HCI_SMP_LTK_SLAVE;
3608
4596fde5 3609 hci_add_ltk(hdev, &key->addr.bdaddr,
378b5b7e 3610 bdaddr_to_le(key->addr.type),
04124681
GP		 3611 type, 0, key->authenticated, key->val,
3612 key->enc_size, key->ediv, key->rand);
346af67b
VCG		 3613 }
3614
715a5bf2
JH		 3615 err = cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS, 0,
3616 NULL, 0);
3617
346af67b 3618 hci_dev_unlock(hdev);
346af67b 3619
715a5bf2 3620 return err;
346af67b
VCG		 3621}
3622
2e3c35ea 3623static const struct mgmt_handler {
04124681
GP		 3624 int (*func) (struct sock *sk, struct hci_dev *hdev, void *data,
3625 u16 data_len);
be22b54e
JH		 3626 bool var_len;
3627 size_t data_len;
0f4e68cf
JH		 3628} mgmt_handlers[] = {
3629 { NULL }, /* 0x0000 (no command) */
be22b54e
JH		 3630 { read_version, false, MGMT_READ_VERSION_SIZE },
3631 { read_commands, false, MGMT_READ_COMMANDS_SIZE },
3632 { read_index_list, false, MGMT_READ_INDEX_LIST_SIZE },
3633 { read_controller_info, false, MGMT_READ_INFO_SIZE },
3634 { set_powered, false, MGMT_SETTING_SIZE },
3635 { set_discoverable, false, MGMT_SET_DISCOVERABLE_SIZE },
3636 { set_connectable, false, MGMT_SETTING_SIZE },
3637 { set_fast_connectable, false, MGMT_SETTING_SIZE },
3638 { set_pairable, false, MGMT_SETTING_SIZE },
3639 { set_link_security, false, MGMT_SETTING_SIZE },
3640 { set_ssp, false, MGMT_SETTING_SIZE },
3641 { set_hs, false, MGMT_SETTING_SIZE },
3642 { set_le, false, MGMT_SETTING_SIZE },
3643 { set_dev_class, false, MGMT_SET_DEV_CLASS_SIZE },
3644 { set_local_name, false, MGMT_SET_LOCAL_NAME_SIZE },
3645 { add_uuid, false, MGMT_ADD_UUID_SIZE },
3646 { remove_uuid, false, MGMT_REMOVE_UUID_SIZE },
3647 { load_link_keys, true, MGMT_LOAD_LINK_KEYS_SIZE },
3648 { load_long_term_keys, true, MGMT_LOAD_LONG_TERM_KEYS_SIZE },
3649 { disconnect, false, MGMT_DISCONNECT_SIZE },
3650 { get_connections, false, MGMT_GET_CONNECTIONS_SIZE },
3651 { pin_code_reply, false, MGMT_PIN_CODE_REPLY_SIZE },
3652 { pin_code_neg_reply, false, MGMT_PIN_CODE_NEG_REPLY_SIZE },
3653 { set_io_capability, false, MGMT_SET_IO_CAPABILITY_SIZE },
3654 { pair_device, false, MGMT_PAIR_DEVICE_SIZE },
3655 { cancel_pair_device, false, MGMT_CANCEL_PAIR_DEVICE_SIZE },
3656 { unpair_device, false, MGMT_UNPAIR_DEVICE_SIZE },
3657 { user_confirm_reply, false, MGMT_USER_CONFIRM_REPLY_SIZE },
3658 { user_confirm_neg_reply, false, MGMT_USER_CONFIRM_NEG_REPLY_SIZE },
3659 { user_passkey_reply, false, MGMT_USER_PASSKEY_REPLY_SIZE },
3660 { user_passkey_neg_reply, false, MGMT_USER_PASSKEY_NEG_REPLY_SIZE },
3661 { read_local_oob_data, false, MGMT_READ_LOCAL_OOB_DATA_SIZE },
3662 { add_remote_oob_data, false, MGMT_ADD_REMOTE_OOB_DATA_SIZE },
3663 { remove_remote_oob_data, false, MGMT_REMOVE_REMOTE_OOB_DATA_SIZE },
3664 { start_discovery, false, MGMT_START_DISCOVERY_SIZE },
3665 { stop_discovery, false, MGMT_STOP_DISCOVERY_SIZE },
3666 { confirm_name, false, MGMT_CONFIRM_NAME_SIZE },
3667 { block_device, false, MGMT_BLOCK_DEVICE_SIZE },
3668 { unblock_device, false, MGMT_UNBLOCK_DEVICE_SIZE },
cdbaccca 3669 { set_device_id, false, MGMT_SET_DEVICE_ID_SIZE },
4375f103 3670 { set_advertising, false, MGMT_SETTING_SIZE },
0663ca2a 3671 { set_bredr, false, MGMT_SETTING_SIZE },
d13eafce 3672 { set_static_address, false, MGMT_SET_STATIC_ADDRESS_SIZE },
0f4e68cf
JH		 3673};
3674
3675
0381101f
JH		 3676int mgmt_control(struct sock *sk, struct msghdr *msg, size_t msglen)
3677{
650f726d
VCG		 3678 void *buf;
3679 u8 *cp;
0381101f 3680 struct mgmt_hdr *hdr;
4e51eae9 3681 u16 opcode, index, len;
bdb6d971 3682 struct hci_dev *hdev = NULL;
2e3c35ea 3683 const struct mgmt_handler *handler;
0381101f
JH		 3684 int err;
3685
3686 BT_DBG("got %zu bytes", msglen);
3687
3688 if (msglen < sizeof(*hdr))
3689 return -EINVAL;
3690
e63a15ec 3691 buf = kmalloc(msglen, GFP_KERNEL);
0381101f
JH		 3692 if (!buf)
3693 return -ENOMEM;
3694
3695 if (memcpy_fromiovec(buf, msg->msg_iov, msglen)) {
3696 err = -EFAULT;
3697 goto done;
3698 }
3699
650f726d 3700 hdr = buf;
1f350c87
MH		 3701 opcode = __le16_to_cpu(hdr->opcode);
3702 index = __le16_to_cpu(hdr->index);
3703 len = __le16_to_cpu(hdr->len);
0381101f
JH		 3704
3705 if (len != msglen - sizeof(*hdr)) {
3706 err = -EINVAL;
3707 goto done;
3708 }
3709
0f4e68cf 3710 if (index != MGMT_INDEX_NONE) {
bdb6d971
JH		 3711 hdev = hci_dev_get(index);
3712 if (!hdev) {
3713 err = cmd_status(sk, index, opcode,
04124681 3714 MGMT_STATUS_INVALID_INDEX);
bdb6d971
JH		 3715 goto done;
3716 }
0736cfa8
MH		 3717
3718 if (test_bit(HCI_USER_CHANNEL, &hdev->dev_flags)) {
3719 err = cmd_status(sk, index, opcode,
3720 MGMT_STATUS_INVALID_INDEX);
3721 goto done;
3722 }
bdb6d971
JH		 3723 }
3724
0f4e68cf 3725 if (opcode >= ARRAY_SIZE(mgmt_handlers) ||
8ce8e2b5 3726 mgmt_handlers[opcode].func == NULL) {
0381101f 3727 BT_DBG("Unknown op %u", opcode);
ca69b795 3728 err = cmd_status(sk, index, opcode,
04124681 3729 MGMT_STATUS_UNKNOWN_COMMAND);
0f4e68cf
JH		 3730 goto done;
3731 }
3732
3733 if ((hdev && opcode < MGMT_OP_READ_INFO) ||
8ce8e2b5 3734 (!hdev && opcode >= MGMT_OP_READ_INFO)) {
0f4e68cf 3735 err = cmd_status(sk, index, opcode,
04124681 3736 MGMT_STATUS_INVALID_INDEX);
0f4e68cf 3737 goto done;
0381101f
JH		 3738 }
3739
be22b54e
JH		 3740 handler = &mgmt_handlers[opcode];
3741
3742 if ((handler->var_len && len < handler->data_len) ||
8ce8e2b5 3743 (!handler->var_len && len != handler->data_len)) {
be22b54e 3744 err = cmd_status(sk, index, opcode,
04124681 3745 MGMT_STATUS_INVALID_PARAMS);
be22b54e
JH		 3746 goto done;
3747 }
3748
0f4e68cf
JH		 3749 if (hdev)
3750 mgmt_init_hdev(sk, hdev);
3751
3752 cp = buf + sizeof(*hdr);
3753
be22b54e 3754 err = handler->func(sk, hdev, cp, len);
e41d8b4e
JH		 3755 if (err < 0)
3756 goto done;
3757
0381101f
JH		 3758 err = msglen;
3759
3760done:
bdb6d971
JH		 3761 if (hdev)
3762 hci_dev_put(hdev);
3763
0381101f
JH		 3764 kfree(buf);
3765 return err;
3766}
c71e97bf 3767
744cf19e 3768int mgmt_index_added(struct hci_dev *hdev)
c71e97bf 3769{
bb4b2a9a
AE		 3770 if (!mgmt_valid_hdev(hdev))
3771 return -ENOTSUPP;
3772
744cf19e 3773 return mgmt_event(MGMT_EV_INDEX_ADDED, hdev, NULL, 0, NULL);
c71e97bf
JH		 3774}
3775
744cf19e 3776int mgmt_index_removed(struct hci_dev *hdev)
c71e97bf 3777{
5f159032 3778 u8 status = MGMT_STATUS_INVALID_INDEX;
b24752fe 3779
bb4b2a9a
AE		 3780 if (!mgmt_valid_hdev(hdev))
3781 return -ENOTSUPP;
3782
744cf19e 3783 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status);
b24752fe 3784
744cf19e 3785 return mgmt_event(MGMT_EV_INDEX_REMOVED, hdev, NULL, 0, NULL);
eec8d2bc
JH		 3786}
3787
890ea898 3788static void set_bredr_scan(struct hci_request *req)
7f0ae647 3789{
890ea898 3790 struct hci_dev *hdev = req->hdev;
7f0ae647
JH		 3791 u8 scan = 0;
3792
4c01f8b8
JH		 3793 /* Ensure that fast connectable is disabled. This function will
3794 * not do anything if the page scan parameters are already what
3795 * they should be.
3796 */
3797 write_fast_connectable(req, false);
3798
7f0ae647
JH		 3799 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
3800 scan |= SCAN_PAGE;
3801 if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
3802 scan |= SCAN_INQUIRY;
3803
890ea898
JH		 3804 if (scan)
3805 hci_req_add(req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
7f0ae647
JH		 3806}
3807
229ab39c
JH		 3808static void powered_complete(struct hci_dev *hdev, u8 status)
3809{
3810 struct cmd_lookup match = { NULL, hdev };
3811
3812 BT_DBG("status 0x%02x", status);
3813
3814 hci_dev_lock(hdev);
3815
3816 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
3817
3818 new_settings(hdev, match.sk);
3819
3820 hci_dev_unlock(hdev);
3821
3822 if (match.sk)
3823 sock_put(match.sk);
3824}
3825
70da6243 3826static int powered_update_hci(struct hci_dev *hdev)
5add6af8 3827{
890ea898 3828 struct hci_request req;
70da6243 3829 u8 link_sec;
5add6af8 3830
890ea898
JH		 3831 hci_req_init(&req, hdev);
3832
70da6243
JH		 3833 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags) &&
3834 !lmp_host_ssp_capable(hdev)) {
3835 u8 ssp = 1;
5e5282bb 3836
890ea898 3837 hci_req_add(&req, HCI_OP_WRITE_SSP_MODE, 1, &ssp);
70da6243 3838 }
5add6af8 3839
c73eee91
JH		 3840 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags) &&
3841 lmp_bredr_capable(hdev)) {
70da6243 3842 struct hci_cp_write_le_host_supported cp;
f0ff92fb 3843
70da6243
JH		 3844 cp.le = 1;
3845 cp.simul = lmp_le_br_capable(hdev);
3d1cbdd6 3846
70da6243
JH		 3847 /* Check first if we already have the right
3848 * host state (host features set)
3849 */
3850 if (cp.le != lmp_host_le_capable(hdev) ||
3851 cp.simul != lmp_host_le_br_capable(hdev))
890ea898
JH		 3852 hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED,
3853 sizeof(cp), &cp);
0663ca2a
JH		 3854
3855 /* In case BR/EDR was toggled during the AUTO_OFF phase */
3856 hci_update_ad(&req);
70da6243 3857 }
3d1cbdd6 3858
d13eafce
MH		 3859 if (lmp_le_capable(hdev)) {
3860 /* Set random address to static address if configured */
3861 if (bacmp(&hdev->static_addr, BDADDR_ANY))
3862 hci_req_add(&req, HCI_OP_LE_SET_RANDOM_ADDR, 6,
3863 &hdev->static_addr);
3864 }
3865
f3d3444a 3866 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags)) {
eeca6f89
JH		 3867 u8 adv = 0x01;
3868
3869 hci_req_add(&req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(adv), &adv);
3870 }
3871
70da6243
JH		 3872 link_sec = test_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
3873 if (link_sec != test_bit(HCI_AUTH, &hdev->flags))
890ea898
JH		 3874 hci_req_add(&req, HCI_OP_WRITE_AUTH_ENABLE,
3875 sizeof(link_sec), &link_sec);
562fcc24 3876
70da6243 3877 if (lmp_bredr_capable(hdev)) {
56f87901
JH		 3878 if (test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
3879 set_bredr_scan(&req);
890ea898 3880 update_class(&req);
13928971 3881 update_name(&req);
890ea898 3882 update_eir(&req);
70da6243 3883 }
562fcc24 3884
229ab39c 3885 return hci_req_run(&req, powered_complete);
70da6243 3886}
562fcc24 3887
70da6243
JH		 3888int mgmt_powered(struct hci_dev *hdev, u8 powered)
3889{
3890 struct cmd_lookup match = { NULL, hdev };
229ab39c
JH		 3891 u8 status_not_powered = MGMT_STATUS_NOT_POWERED;
3892 u8 zero_cod[] = { 0, 0, 0 };
70da6243 3893 int err;
f0ff92fb 3894
70da6243
JH		 3895 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
3896 return 0;
3897
70da6243 3898 if (powered) {
229ab39c
JH		 3899 if (powered_update_hci(hdev) == 0)
3900 return 0;
fe038884 3901
229ab39c
JH		 3902 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp,
3903 &match);
3904 goto new_settings;
b24752fe
JH		 3905 }
3906
229ab39c
JH		 3907 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
3908 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status_not_powered);
3909
3910 if (memcmp(hdev->dev_class, zero_cod, sizeof(zero_cod)) != 0)
3911 mgmt_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev,
3912 zero_cod, sizeof(zero_cod), NULL);
3913
3914new_settings:
beadb2bd 3915 err = new_settings(hdev, match.sk);
eec8d2bc
JH		 3916
3917 if (match.sk)
3918 sock_put(match.sk);
3919
7bb895d6 3920 return err;
5add6af8 3921}
73f22f62 3922
96570ffc
JH		 3923int mgmt_set_powered_failed(struct hci_dev *hdev, int err)
3924{
3925 struct pending_cmd *cmd;
3926 u8 status;
3927
3928 cmd = mgmt_pending_find(MGMT_OP_SET_POWERED, hdev);
3929 if (!cmd)
3930 return -ENOENT;
3931
3932 if (err == -ERFKILL)
3933 status = MGMT_STATUS_RFKILLED;
3934 else
3935 status = MGMT_STATUS_FAILED;
3936
3937 err = cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_POWERED, status);
3938
3939 mgmt_pending_remove(cmd);
3940
3941 return err;
3942}
3943
744cf19e 3944int mgmt_discoverable(struct hci_dev *hdev, u8 discoverable)
73f22f62 3945{
76a7f3a4 3946 struct cmd_lookup match = { NULL, hdev };
5e5282bb
JH		 3947 bool changed = false;
3948 int err = 0;
73f22f62 3949
5e5282bb
JH		 3950 if (discoverable) {
3951 if (!test_and_set_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
3952 changed = true;
3953 } else {
3954 if (test_and_clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
3955 changed = true;
3956 }
73f22f62 3957
ed9b5f2f 3958 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, hdev, settings_rsp,
04124681 3959 &match);
ed9b5f2f 3960
beadb2bd
JH		 3961 if (changed)
3962 err = new_settings(hdev, match.sk);
5e5282bb 3963
73f22f62
JH		 3964 if (match.sk)
3965 sock_put(match.sk);
3966
7bb895d6 3967 return err;
73f22f62 3968}
9fbcbb45 3969
744cf19e 3970int mgmt_connectable(struct hci_dev *hdev, u8 connectable)
9fbcbb45 3971{
2b76f453 3972 struct pending_cmd *cmd;
5e5282bb
JH		 3973 bool changed = false;
3974 int err = 0;
9fbcbb45 3975
5e5282bb
JH		 3976 if (connectable) {
3977 if (!test_and_set_bit(HCI_CONNECTABLE, &hdev->dev_flags))
3978 changed = true;
3979 } else {
3980 if (test_and_clear_bit(HCI_CONNECTABLE, &hdev->dev_flags))
3981 changed = true;
3982 }
9fbcbb45 3983
2b76f453 3984 cmd = mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
ed9b5f2f 3985
beadb2bd 3986 if (changed)
2b76f453 3987 err = new_settings(hdev, cmd ? cmd->sk : NULL);
9fbcbb45 3988
7bb895d6 3989 return err;
9fbcbb45 3990}
55ed8ca1 3991
744cf19e 3992int mgmt_write_scan_failed(struct hci_dev *hdev, u8 scan, u8 status)
2d7cee58 3993{
ca69b795
JH		 3994 u8 mgmt_err = mgmt_status(status);
3995
2d7cee58 3996 if (scan & SCAN_PAGE)
744cf19e 3997 mgmt_pending_foreach(MGMT_OP_SET_CONNECTABLE, hdev,
04124681 3998 cmd_status_rsp, &mgmt_err);
2d7cee58
JH		 3999
4000 if (scan & SCAN_INQUIRY)
744cf19e 4001 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, hdev,
04124681 4002 cmd_status_rsp, &mgmt_err);
2d7cee58
JH		 4003
4004 return 0;
4005}
4006
53168e5b
CC		 4007int mgmt_new_link_key(struct hci_dev *hdev, struct link_key *key,
4008 bool persistent)
55ed8ca1 4009{
86742e1e 4010 struct mgmt_ev_new_link_key ev;
55ed8ca1 4011
a492cd52 4012 memset(&ev, 0, sizeof(ev));
55ed8ca1 4013
a492cd52 4014 ev.store_hint = persistent;
d753fdc4 4015 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
591f47f3 4016 ev.key.addr.type = BDADDR_BREDR;
a492cd52 4017 ev.key.type = key->type;
9b3b4460 4018 memcpy(ev.key.val, key->val, HCI_LINK_KEY_SIZE);
a492cd52 4019 ev.key.pin_len = key->pin_len;
55ed8ca1 4020
744cf19e 4021 return mgmt_event(MGMT_EV_NEW_LINK_KEY, hdev, &ev, sizeof(ev), NULL);
55ed8ca1 4022}
f7520543 4023
346af67b
VCG		 4024int mgmt_new_ltk(struct hci_dev *hdev, struct smp_ltk *key, u8 persistent)
4025{
4026 struct mgmt_ev_new_long_term_key ev;
4027
4028 memset(&ev, 0, sizeof(ev));
4029
4030 ev.store_hint = persistent;
4031 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
57c1477c 4032 ev.key.addr.type = link_to_bdaddr(LE_LINK, key->bdaddr_type);
346af67b
VCG		 4033 ev.key.authenticated = key->authenticated;
4034 ev.key.enc_size = key->enc_size;
4035 ev.key.ediv = key->ediv;
4036
4037 if (key->type == HCI_SMP_LTK)
4038 ev.key.master = 1;
4039
4040 memcpy(ev.key.rand, key->rand, sizeof(key->rand));
4041 memcpy(ev.key.val, key->val, sizeof(key->val));
4042
04124681
GP		 4043 return mgmt_event(MGMT_EV_NEW_LONG_TERM_KEY, hdev, &ev, sizeof(ev),
4044 NULL);
346af67b
VCG		 4045}
4046
afc747a6 4047int mgmt_device_connected(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
04124681
GP		 4048 u8 addr_type, u32 flags, u8 *name, u8 name_len,
4049 u8 *dev_class)
f7520543 4050{
b644ba33
JH		 4051 char buf[512];
4052 struct mgmt_ev_device_connected *ev = (void *) buf;
4053 u16 eir_len = 0;
f7520543 4054
b644ba33 4055 bacpy(&ev->addr.bdaddr, bdaddr);
57c1477c 4056 ev->addr.type = link_to_bdaddr(link_type, addr_type);
f7520543 4057
c95f0ba7 4058 ev->flags = __cpu_to_le32(flags);
08c79b61 4059
b644ba33
JH		 4060 if (name_len > 0)
4061 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE,
04124681 4062 name, name_len);
b644ba33
JH		 4063
4064 if (dev_class && memcmp(dev_class, "\0\0\0", 3) != 0)
53156385 4065 eir_len = eir_append_data(ev->eir, eir_len,
04124681 4066 EIR_CLASS_OF_DEV, dev_class, 3);
b644ba33 4067
eb55ef07 4068 ev->eir_len = cpu_to_le16(eir_len);
b644ba33
JH		 4069
4070 return mgmt_event(MGMT_EV_DEVICE_CONNECTED, hdev, buf,
04124681 4071 sizeof(*ev) + eir_len, NULL);
f7520543
JH		 4072}
4073
8962ee74
JH		 4074static void disconnect_rsp(struct pending_cmd *cmd, void *data)
4075{
c68fb7ff 4076 struct mgmt_cp_disconnect *cp = cmd->param;
8962ee74 4077 struct sock **sk = data;
a38528f1 4078 struct mgmt_rp_disconnect rp;
8962ee74 4079
88c3df13
JH		 4080 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
4081 rp.addr.type = cp->addr.type;
8962ee74 4082
aee9b218 4083 cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT, 0, &rp,
04124681 4084 sizeof(rp));
8962ee74
JH		 4085
4086 *sk = cmd->sk;
4087 sock_hold(*sk);
4088
a664b5bc 4089 mgmt_pending_remove(cmd);
8962ee74
JH		 4090}
4091
124f6e35 4092static void unpair_device_rsp(struct pending_cmd *cmd, void *data)
a8a1d19e 4093{
b1078ad0 4094 struct hci_dev *hdev = data;
124f6e35
JH		 4095 struct mgmt_cp_unpair_device *cp = cmd->param;
4096 struct mgmt_rp_unpair_device rp;
a8a1d19e
JH		 4097
4098 memset(&rp, 0, sizeof(rp));
124f6e35
JH		 4099 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
4100 rp.addr.type = cp->addr.type;
a8a1d19e 4101
b1078ad0
JH		 4102 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, cmd->sk);
4103
aee9b218 4104 cmd_complete(cmd->sk, cmd->index, cmd->opcode, 0, &rp, sizeof(rp));
a8a1d19e
JH		 4105
4106 mgmt_pending_remove(cmd);
4107}
4108
afc747a6 4109int mgmt_device_disconnected(struct hci_dev *hdev, bdaddr_t *bdaddr,
f0d6a0ea 4110 u8 link_type, u8 addr_type, u8 reason)
f7520543 4111{
f0d6a0ea 4112 struct mgmt_ev_device_disconnected ev;
8962ee74
JH		 4113 struct sock *sk = NULL;
4114 int err;
4115
744cf19e 4116 mgmt_pending_foreach(MGMT_OP_DISCONNECT, hdev, disconnect_rsp, &sk);
f7520543 4117
f0d6a0ea
MA		 4118 bacpy(&ev.addr.bdaddr, bdaddr);
4119 ev.addr.type = link_to_bdaddr(link_type, addr_type);
4120 ev.reason = reason;
f7520543 4121
afc747a6 4122 err = mgmt_event(MGMT_EV_DEVICE_DISCONNECTED, hdev, &ev, sizeof(ev),
04124681 4123 sk);
8962ee74
JH		 4124
4125 if (sk)
d97dcb66 4126 sock_put(sk);
8962ee74 4127
124f6e35 4128 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
04124681 4129 hdev);
a8a1d19e 4130
8962ee74
JH		 4131 return err;
4132}
4133
88c3df13 4134int mgmt_disconnect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 4135 u8 link_type, u8 addr_type, u8 status)
8962ee74 4136{
88c3df13 4137 struct mgmt_rp_disconnect rp;
8962ee74
JH		 4138 struct pending_cmd *cmd;
4139 int err;
4140
36a75f1b
JD		 4141 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
4142 hdev);
4143
2e58ef3e 4144 cmd = mgmt_pending_find(MGMT_OP_DISCONNECT, hdev);
8962ee74
JH		 4145 if (!cmd)
4146 return -ENOENT;
4147
88c3df13 4148 bacpy(&rp.addr.bdaddr, bdaddr);
57c1477c 4149 rp.addr.type = link_to_bdaddr(link_type, addr_type);
37d9ef76 4150
88c3df13 4151 err = cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT,
04124681 4152 mgmt_status(status), &rp, sizeof(rp));
8962ee74 4153
a664b5bc 4154 mgmt_pending_remove(cmd);
8962ee74
JH		 4155
4156 return err;
f7520543 4157}
17d5c04c 4158
48264f06 4159int mgmt_connect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
04124681 4160 u8 addr_type, u8 status)
17d5c04c
JH		 4161{
4162 struct mgmt_ev_connect_failed ev;
4163
4c659c39 4164 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 4165 ev.addr.type = link_to_bdaddr(link_type, addr_type);
ca69b795 4166 ev.status = mgmt_status(status);
17d5c04c 4167
744cf19e 4168 return mgmt_event(MGMT_EV_CONNECT_FAILED, hdev, &ev, sizeof(ev), NULL);
17d5c04c 4169}
980e1a53 4170
744cf19e 4171int mgmt_pin_code_request(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 secure)
980e1a53
JH		 4172{
4173 struct mgmt_ev_pin_code_request ev;
4174
d8457698 4175 bacpy(&ev.addr.bdaddr, bdaddr);
591f47f3 4176 ev.addr.type = BDADDR_BREDR;
a770bb5a 4177 ev.secure = secure;
980e1a53 4178
744cf19e 4179 return mgmt_event(MGMT_EV_PIN_CODE_REQUEST, hdev, &ev, sizeof(ev),
04124681 4180 NULL);
980e1a53
JH		 4181}
4182
744cf19e 4183int mgmt_pin_code_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 4184 u8 status)
980e1a53
JH		 4185{
4186 struct pending_cmd *cmd;
ac56fb13 4187 struct mgmt_rp_pin_code_reply rp;
980e1a53
JH		 4188 int err;
4189
2e58ef3e 4190 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_REPLY, hdev);
980e1a53
JH		 4191 if (!cmd)
4192 return -ENOENT;
4193
d8457698 4194 bacpy(&rp.addr.bdaddr, bdaddr);
591f47f3 4195 rp.addr.type = BDADDR_BREDR;
ac56fb13 4196
aee9b218 4197 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
04124681 4198 mgmt_status(status), &rp, sizeof(rp));
980e1a53 4199
a664b5bc 4200 mgmt_pending_remove(cmd);
980e1a53
JH		 4201
4202 return err;
4203}
4204
744cf19e 4205int mgmt_pin_code_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 4206 u8 status)
980e1a53
JH		 4207{
4208 struct pending_cmd *cmd;
ac56fb13 4209 struct mgmt_rp_pin_code_reply rp;
980e1a53
JH		 4210 int err;
4211
2e58ef3e 4212 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_NEG_REPLY, hdev);
980e1a53
JH		 4213 if (!cmd)
4214 return -ENOENT;
4215
d8457698 4216 bacpy(&rp.addr.bdaddr, bdaddr);
591f47f3 4217 rp.addr.type = BDADDR_BREDR;
ac56fb13 4218
aee9b218 4219 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_NEG_REPLY,
04124681 4220 mgmt_status(status), &rp, sizeof(rp));
980e1a53 4221
a664b5bc 4222 mgmt_pending_remove(cmd);
980e1a53
JH		 4223
4224 return err;
4225}
a5c29683 4226
744cf19e 4227int mgmt_user_confirm_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681
GP		 4228 u8 link_type, u8 addr_type, __le32 value,
4229 u8 confirm_hint)
a5c29683
JH		 4230{
4231 struct mgmt_ev_user_confirm_request ev;
4232
744cf19e 4233 BT_DBG("%s", hdev->name);
a5c29683 4234
272d90df 4235 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 4236 ev.addr.type = link_to_bdaddr(link_type, addr_type);
55bc1a37 4237 ev.confirm_hint = confirm_hint;
78e8098e 4238 ev.value = value;
a5c29683 4239
744cf19e 4240 return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST, hdev, &ev, sizeof(ev),
04124681 4241 NULL);
a5c29683
JH		 4242}
4243
272d90df 4244int mgmt_user_passkey_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
8ce8e2b5 4245 u8 link_type, u8 addr_type)
604086b7
BG		 4246{
4247 struct mgmt_ev_user_passkey_request ev;
4248
4249 BT_DBG("%s", hdev->name);
4250
272d90df 4251 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 4252 ev.addr.type = link_to_bdaddr(link_type, addr_type);
604086b7
BG		 4253
4254 return mgmt_event(MGMT_EV_USER_PASSKEY_REQUEST, hdev, &ev, sizeof(ev),
04124681 4255 NULL);
604086b7
BG		 4256}
4257
0df4c185 4258static int user_pairing_resp_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
8ce8e2b5
GP		 4259 u8 link_type, u8 addr_type, u8 status,
4260 u8 opcode)
a5c29683
JH		 4261{
4262 struct pending_cmd *cmd;
4263 struct mgmt_rp_user_confirm_reply rp;
4264 int err;
4265
2e58ef3e 4266 cmd = mgmt_pending_find(opcode, hdev);
a5c29683
JH		 4267 if (!cmd)
4268 return -ENOENT;
4269
272d90df 4270 bacpy(&rp.addr.bdaddr, bdaddr);
57c1477c 4271 rp.addr.type = link_to_bdaddr(link_type, addr_type);
aee9b218 4272 err = cmd_complete(cmd->sk, hdev->id, opcode, mgmt_status(status),
04124681 4273 &rp, sizeof(rp));
a5c29683 4274
a664b5bc 4275 mgmt_pending_remove(cmd);
a5c29683
JH		 4276
4277 return err;
4278}
4279
744cf19e 4280int mgmt_user_confirm_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 4281 u8 link_type, u8 addr_type, u8 status)
a5c29683 4282{
272d90df 4283 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
04124681 4284 status, MGMT_OP_USER_CONFIRM_REPLY);
a5c29683
JH		 4285}
4286
272d90df 4287int mgmt_user_confirm_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 4288 u8 link_type, u8 addr_type, u8 status)
a5c29683 4289{
272d90df 4290 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
8fc9ced3
GP		 4291 status,
4292 MGMT_OP_USER_CONFIRM_NEG_REPLY);
a5c29683 4293}
2a611692 4294
604086b7 4295int mgmt_user_passkey_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 4296 u8 link_type, u8 addr_type, u8 status)
604086b7 4297{
272d90df 4298 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
04124681 4299 status, MGMT_OP_USER_PASSKEY_REPLY);
604086b7
BG		 4300}
4301
272d90df 4302int mgmt_user_passkey_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 4303 u8 link_type, u8 addr_type, u8 status)
604086b7 4304{
272d90df 4305 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
8fc9ced3
GP		 4306 status,
4307 MGMT_OP_USER_PASSKEY_NEG_REPLY);
604086b7
BG		 4308}
4309
92a25256
JH		 4310int mgmt_user_passkey_notify(struct hci_dev *hdev, bdaddr_t *bdaddr,
4311 u8 link_type, u8 addr_type, u32 passkey,
4312 u8 entered)
4313{
4314 struct mgmt_ev_passkey_notify ev;
4315
4316 BT_DBG("%s", hdev->name);
4317
4318 bacpy(&ev.addr.bdaddr, bdaddr);
4319 ev.addr.type = link_to_bdaddr(link_type, addr_type);
4320 ev.passkey = __cpu_to_le32(passkey);
4321 ev.entered = entered;
4322
4323 return mgmt_event(MGMT_EV_PASSKEY_NOTIFY, hdev, &ev, sizeof(ev), NULL);
4324}
4325
bab73cb6 4326int mgmt_auth_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
04124681 4327 u8 addr_type, u8 status)
2a611692
JH		 4328{
4329 struct mgmt_ev_auth_failed ev;
4330
bab73cb6 4331 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 4332 ev.addr.type = link_to_bdaddr(link_type, addr_type);
ca69b795 4333 ev.status = mgmt_status(status);
2a611692 4334
744cf19e 4335 return mgmt_event(MGMT_EV_AUTH_FAILED, hdev, &ev, sizeof(ev), NULL);
2a611692 4336}
b312b161 4337
33ef95ed
JH		 4338int mgmt_auth_enable_complete(struct hci_dev *hdev, u8 status)
4339{
4340 struct cmd_lookup match = { NULL, hdev };
47990ea0
JH		 4341 bool changed = false;
4342 int err = 0;
33ef95ed
JH		 4343
4344 if (status) {
4345 u8 mgmt_err = mgmt_status(status);
4346 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev,
04124681 4347 cmd_status_rsp, &mgmt_err);
33ef95ed
JH		 4348 return 0;
4349 }
4350
47990ea0
JH		 4351 if (test_bit(HCI_AUTH, &hdev->flags)) {
4352 if (!test_and_set_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
4353 changed = true;
4354 } else {
4355 if (test_and_clear_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
4356 changed = true;
4357 }
4358
33ef95ed 4359 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev, settings_rsp,
04124681 4360 &match);
33ef95ed 4361
47990ea0
JH		 4362 if (changed)
4363 err = new_settings(hdev, match.sk);
33ef95ed
JH		 4364
4365 if (match.sk)
4366 sock_put(match.sk);
4367
4368 return err;
4369}
4370
890ea898 4371static void clear_eir(struct hci_request *req)
cacaf52f 4372{
890ea898 4373 struct hci_dev *hdev = req->hdev;
cacaf52f
JH		 4374 struct hci_cp_write_eir cp;
4375
976eb20e 4376 if (!lmp_ext_inq_capable(hdev))
890ea898 4377 return;
cacaf52f 4378
c80da27e
JH		 4379 memset(hdev->eir, 0, sizeof(hdev->eir));
4380
cacaf52f
JH		 4381 memset(&cp, 0, sizeof(cp));
4382
890ea898 4383 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
cacaf52f
JH		 4384}
4385
c0ecddc2 4386int mgmt_ssp_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
ed2c4ee3
JH		 4387{
4388 struct cmd_lookup match = { NULL, hdev };
890ea898 4389 struct hci_request req;
c0ecddc2
JH		 4390 bool changed = false;
4391 int err = 0;
ed2c4ee3
JH		 4392
4393 if (status) {
4394 u8 mgmt_err = mgmt_status(status);
c0ecddc2
JH		 4395
4396 if (enable && test_and_clear_bit(HCI_SSP_ENABLED,
04124681 4397 &hdev->dev_flags))
c0ecddc2
JH		 4398 err = new_settings(hdev, NULL);
4399
04124681
GP		 4400 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, cmd_status_rsp,
4401 &mgmt_err);
c0ecddc2
JH		 4402
4403 return err;
4404 }
4405
4406 if (enable) {
4407 if (!test_and_set_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
4408 changed = true;
4409 } else {
4410 if (test_and_clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
4411 changed = true;
ed2c4ee3
JH		 4412 }
4413
4414 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, settings_rsp, &match);
4415
c0ecddc2
JH		 4416 if (changed)
4417 err = new_settings(hdev, match.sk);
ed2c4ee3 4418
5fc6ebb1 4419 if (match.sk)
ed2c4ee3
JH		 4420 sock_put(match.sk);
4421
890ea898
JH		 4422 hci_req_init(&req, hdev);
4423
5fc6ebb1 4424 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
890ea898 4425 update_eir(&req);
5fc6ebb1 4426 else
890ea898
JH		 4427 clear_eir(&req);
4428
4429 hci_req_run(&req, NULL);
cacaf52f 4430
ed2c4ee3
JH		 4431 return err;
4432}
4433
92da6097 4434static void sk_lookup(struct pending_cmd *cmd, void *data)
90e70454
JH		 4435{
4436 struct cmd_lookup *match = data;
4437
90e70454
JH		 4438 if (match->sk == NULL) {
4439 match->sk = cmd->sk;
4440 sock_hold(match->sk);
4441 }
90e70454
JH		 4442}
4443
7f9a903c 4444int mgmt_set_class_of_dev_complete(struct hci_dev *hdev, u8 *dev_class,
04124681 4445 u8 status)
7f9a903c 4446{
90e70454
JH		 4447 struct cmd_lookup match = { NULL, hdev, mgmt_status(status) };
4448 int err = 0;
7f9a903c 4449
92da6097
JH		 4450 mgmt_pending_foreach(MGMT_OP_SET_DEV_CLASS, hdev, sk_lookup, &match);
4451 mgmt_pending_foreach(MGMT_OP_ADD_UUID, hdev, sk_lookup, &match);
4452 mgmt_pending_foreach(MGMT_OP_REMOVE_UUID, hdev, sk_lookup, &match);
90e70454
JH		 4453
4454 if (!status)
04124681
GP		 4455 err = mgmt_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev, dev_class,
4456 3, NULL);
90e70454
JH		 4457
4458 if (match.sk)
4459 sock_put(match.sk);
7f9a903c
MH		 4460
4461 return err;
4462}
4463
744cf19e 4464int mgmt_set_local_name_complete(struct hci_dev *hdev, u8 *name, u8 status)
b312b161 4465{
b312b161 4466 struct mgmt_cp_set_local_name ev;
13928971 4467 struct pending_cmd *cmd;
28cc7bde 4468
13928971
JH		 4469 if (status)
4470 return 0;
b312b161
JH		 4471
4472 memset(&ev, 0, sizeof(ev));
4473 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH);
28cc7bde 4474 memcpy(ev.short_name, hdev->short_name, HCI_MAX_SHORT_NAME_LENGTH);
b312b161 4475
2e58ef3e 4476 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
13928971
JH		 4477 if (!cmd) {
4478 memcpy(hdev->dev_name, name, sizeof(hdev->dev_name));
28cc7bde 4479
13928971
JH		 4480 /* If this is a HCI command related to powering on the
4481 * HCI dev don't send any mgmt signals.
4482 */
4483 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev))
4484 return 0;
890ea898 4485 }
b312b161 4486
13928971
JH		 4487 return mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, &ev, sizeof(ev),
4488 cmd ? cmd->sk : NULL);
b312b161 4489}
c35938b2 4490
744cf19e 4491int mgmt_read_local_oob_data_reply_complete(struct hci_dev *hdev, u8 *hash,
04124681 4492 u8 *randomizer, u8 status)
c35938b2
SJ		 4493{
4494 struct pending_cmd *cmd;
4495 int err;
4496
744cf19e 4497 BT_DBG("%s status %u", hdev->name, status);
c35938b2 4498
2e58ef3e 4499 cmd = mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev);
c35938b2
SJ		 4500 if (!cmd)
4501 return -ENOENT;
4502
4503 if (status) {
04124681
GP		 4504 err = cmd_status(cmd->sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
4505 mgmt_status(status));
c35938b2
SJ		 4506 } else {
4507 struct mgmt_rp_read_local_oob_data rp;
4508
4509 memcpy(rp.hash, hash, sizeof(rp.hash));
4510 memcpy(rp.randomizer, randomizer, sizeof(rp.randomizer));
4511
744cf19e 4512 err = cmd_complete(cmd->sk, hdev->id,
04124681
GP		 4513 MGMT_OP_READ_LOCAL_OOB_DATA, 0, &rp,
4514 sizeof(rp));
c35938b2
SJ		 4515 }
4516
4517 mgmt_pending_remove(cmd);
4518
4519 return err;
4520}
e17acd40 4521
48264f06 4522int mgmt_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
04124681
GP		 4523 u8 addr_type, u8 *dev_class, s8 rssi, u8 cfm_name, u8
4524 ssp, u8 *eir, u16 eir_len)
e17acd40 4525{
e319d2e7
JH		 4526 char buf[512];
4527 struct mgmt_ev_device_found *ev = (void *) buf;
1dc06093 4528 size_t ev_size;
e17acd40 4529
12602d0c
AG		 4530 if (!hci_discovery_active(hdev))
4531 return -EPERM;
4532
1dc06093
JH		 4533 /* Leave 5 bytes for a potential CoD field */
4534 if (sizeof(*ev) + eir_len + 5 > sizeof(buf))
7d262f86
AG		 4535 return -EINVAL;
4536
1dc06093
JH		 4537 memset(buf, 0, sizeof(buf));
4538
e319d2e7 4539 bacpy(&ev->addr.bdaddr, bdaddr);
57c1477c 4540 ev->addr.type = link_to_bdaddr(link_type, addr_type);
e319d2e7 4541 ev->rssi = rssi;
9a395a80 4542 if (cfm_name)
612dfce9 4543 ev->flags |= __constant_cpu_to_le32(MGMT_DEV_FOUND_CONFIRM_NAME);
388fc8fa 4544 if (!ssp)
612dfce9 4545 ev->flags |= __constant_cpu_to_le32(MGMT_DEV_FOUND_LEGACY_PAIRING);
e17acd40 4546
1dc06093 4547 if (eir_len > 0)
e319d2e7 4548 memcpy(ev->eir, eir, eir_len);
e17acd40 4549
1dc06093
JH		 4550 if (dev_class && !eir_has_data_type(ev->eir, eir_len, EIR_CLASS_OF_DEV))
4551 eir_len = eir_append_data(ev->eir, eir_len, EIR_CLASS_OF_DEV,
04124681 4552 dev_class, 3);
1dc06093 4553
eb55ef07 4554 ev->eir_len = cpu_to_le16(eir_len);
1dc06093 4555 ev_size = sizeof(*ev) + eir_len;
f8523598 4556
e319d2e7 4557 return mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, ev_size, NULL);
e17acd40 4558}
a88a9652 4559
b644ba33 4560int mgmt_remote_name(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
04124681 4561 u8 addr_type, s8 rssi, u8 *name, u8 name_len)
a88a9652 4562{
b644ba33
JH		 4563 struct mgmt_ev_device_found *ev;
4564 char buf[sizeof(*ev) + HCI_MAX_NAME_LENGTH + 2];
4565 u16 eir_len;
a88a9652 4566
b644ba33 4567 ev = (struct mgmt_ev_device_found *) buf;
a88a9652 4568
b644ba33
JH		 4569 memset(buf, 0, sizeof(buf));
4570
4571 bacpy(&ev->addr.bdaddr, bdaddr);
57c1477c 4572 ev->addr.type = link_to_bdaddr(link_type, addr_type);
b644ba33
JH		 4573 ev->rssi = rssi;
4574
4575 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE, name,
04124681 4576 name_len);
b644ba33 4577
eb55ef07 4578 ev->eir_len = cpu_to_le16(eir_len);
a88a9652 4579
053c7e0c 4580 return mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev,
04124681 4581 sizeof(*ev) + eir_len, NULL);
a88a9652 4582}
314b2381 4583
744cf19e 4584int mgmt_discovering(struct hci_dev *hdev, u8 discovering)
314b2381 4585{
f963e8e9 4586 struct mgmt_ev_discovering ev;
164a6e78
JH		 4587 struct pending_cmd *cmd;
4588
343fb145
AG		 4589 BT_DBG("%s discovering %u", hdev->name, discovering);
4590
164a6e78 4591 if (discovering)
2e58ef3e 4592 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
164a6e78 4593 else
2e58ef3e 4594 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
164a6e78
JH		 4595
4596 if (cmd != NULL) {
f808e166
JH		 4597 u8 type = hdev->discovery.type;
4598
04124681
GP		 4599 cmd_complete(cmd->sk, hdev->id, cmd->opcode, 0, &type,
4600 sizeof(type));
164a6e78
JH		 4601 mgmt_pending_remove(cmd);
4602 }
4603
f963e8e9
JH		 4604 memset(&ev, 0, sizeof(ev));
4605 ev.type = hdev->discovery.type;
4606 ev.discovering = discovering;
4607
4608 return mgmt_event(MGMT_EV_DISCOVERING, hdev, &ev, sizeof(ev), NULL);
314b2381 4609}
5e762444 4610
88c1fe4b 4611int mgmt_device_blocked(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
5e762444
AJ		 4612{
4613 struct pending_cmd *cmd;
4614 struct mgmt_ev_device_blocked ev;
4615
2e58ef3e 4616 cmd = mgmt_pending_find(MGMT_OP_BLOCK_DEVICE, hdev);
5e762444 4617
88c1fe4b
JH		 4618 bacpy(&ev.addr.bdaddr, bdaddr);
4619 ev.addr.type = type;
5e762444 4620
744cf19e 4621 return mgmt_event(MGMT_EV_DEVICE_BLOCKED, hdev, &ev, sizeof(ev),
04124681 4622 cmd ? cmd->sk : NULL);
5e762444
AJ		 4623}
4624
88c1fe4b 4625int mgmt_device_unblocked(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
5e762444
AJ		 4626{
4627 struct pending_cmd *cmd;
4628 struct mgmt_ev_device_unblocked ev;
4629
2e58ef3e 4630 cmd = mgmt_pending_find(MGMT_OP_UNBLOCK_DEVICE, hdev);
5e762444 4631
88c1fe4b
JH		 4632 bacpy(&ev.addr.bdaddr, bdaddr);
4633 ev.addr.type = type;
5e762444 4634
744cf19e 4635 return mgmt_event(MGMT_EV_DEVICE_UNBLOCKED, hdev, &ev, sizeof(ev),
04124681 4636 cmd ? cmd->sk : NULL);
5e762444 4637}
Linux 6.x block layer and io_uring tree(s)