projects / linux-2.6-block.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Bluetooth: Fix checking for correct mgmt_load_link_keys parameters
[linux-2.6-block.git] / net / bluetooth / mgmt.c
CommitLineData
0381101f
JH		 1/*
2 BlueZ - Bluetooth protocol stack for Linux
ea585ab5 3
0381101f 4 Copyright (C) 2010 Nokia Corporation
ea585ab5 5 Copyright (C) 2011-2012 Intel Corporation
0381101f
JH		 6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
10
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
23*/
24
25/* Bluetooth HCI Management interface */
26
3a9a231d 27#include <linux/module.h>
0381101f
JH		 28#include <asm/unaligned.h>
29
30#include <net/bluetooth/bluetooth.h>
31#include <net/bluetooth/hci_core.h>
32#include <net/bluetooth/mgmt.h>
5fe57d9e 33#include <net/bluetooth/smp.h>
0381101f 34
d7b7e796 35bool enable_hs;
d7b7e796 36
2da9c55c 37#define MGMT_VERSION 1
23b3b133 38#define MGMT_REVISION 2
02d98129 39
e70bb2e8
JH		 40static const u16 mgmt_commands[] = {
41 MGMT_OP_READ_INDEX_LIST,
42 MGMT_OP_READ_INFO,
43 MGMT_OP_SET_POWERED,
44 MGMT_OP_SET_DISCOVERABLE,
45 MGMT_OP_SET_CONNECTABLE,
46 MGMT_OP_SET_FAST_CONNECTABLE,
47 MGMT_OP_SET_PAIRABLE,
48 MGMT_OP_SET_LINK_SECURITY,
49 MGMT_OP_SET_SSP,
50 MGMT_OP_SET_HS,
51 MGMT_OP_SET_LE,
52 MGMT_OP_SET_DEV_CLASS,
53 MGMT_OP_SET_LOCAL_NAME,
54 MGMT_OP_ADD_UUID,
55 MGMT_OP_REMOVE_UUID,
56 MGMT_OP_LOAD_LINK_KEYS,
57 MGMT_OP_LOAD_LONG_TERM_KEYS,
58 MGMT_OP_DISCONNECT,
59 MGMT_OP_GET_CONNECTIONS,
60 MGMT_OP_PIN_CODE_REPLY,
61 MGMT_OP_PIN_CODE_NEG_REPLY,
62 MGMT_OP_SET_IO_CAPABILITY,
63 MGMT_OP_PAIR_DEVICE,
64 MGMT_OP_CANCEL_PAIR_DEVICE,
65 MGMT_OP_UNPAIR_DEVICE,
66 MGMT_OP_USER_CONFIRM_REPLY,
67 MGMT_OP_USER_CONFIRM_NEG_REPLY,
68 MGMT_OP_USER_PASSKEY_REPLY,
69 MGMT_OP_USER_PASSKEY_NEG_REPLY,
70 MGMT_OP_READ_LOCAL_OOB_DATA,
71 MGMT_OP_ADD_REMOTE_OOB_DATA,
72 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
73 MGMT_OP_START_DISCOVERY,
74 MGMT_OP_STOP_DISCOVERY,
75 MGMT_OP_CONFIRM_NAME,
76 MGMT_OP_BLOCK_DEVICE,
77 MGMT_OP_UNBLOCK_DEVICE,
cdbaccca 78 MGMT_OP_SET_DEVICE_ID,
e70bb2e8
JH		 79};
80
81static const u16 mgmt_events[] = {
82 MGMT_EV_CONTROLLER_ERROR,
83 MGMT_EV_INDEX_ADDED,
84 MGMT_EV_INDEX_REMOVED,
85 MGMT_EV_NEW_SETTINGS,
86 MGMT_EV_CLASS_OF_DEV_CHANGED,
87 MGMT_EV_LOCAL_NAME_CHANGED,
88 MGMT_EV_NEW_LINK_KEY,
89 MGMT_EV_NEW_LONG_TERM_KEY,
90 MGMT_EV_DEVICE_CONNECTED,
91 MGMT_EV_DEVICE_DISCONNECTED,
92 MGMT_EV_CONNECT_FAILED,
93 MGMT_EV_PIN_CODE_REQUEST,
94 MGMT_EV_USER_CONFIRM_REQUEST,
95 MGMT_EV_USER_PASSKEY_REQUEST,
96 MGMT_EV_AUTH_FAILED,
97 MGMT_EV_DEVICE_FOUND,
98 MGMT_EV_DISCOVERING,
99 MGMT_EV_DEVICE_BLOCKED,
100 MGMT_EV_DEVICE_UNBLOCKED,
101 MGMT_EV_DEVICE_UNPAIRED,
92a25256 102 MGMT_EV_PASSKEY_NOTIFY,
e70bb2e8
JH		 103};
104
3fd24153
AG		 105/*
106 * These LE scan and inquiry parameters were chosen according to LE General
107 * Discovery Procedure specification.
108 */
109#define LE_SCAN_TYPE 0x01
110#define LE_SCAN_WIN 0x12
111#define LE_SCAN_INT 0x12
112#define LE_SCAN_TIMEOUT_LE_ONLY 10240 /* TGAP(gen_disc_scan_min) */
5e0452c0 113#define LE_SCAN_TIMEOUT_BREDR_LE 5120 /* TGAP(100)/2 */
3fd24153 114
e8777525 115#define INQUIRY_LEN_BREDR 0x08 /* TGAP(100) */
5e0452c0 116#define INQUIRY_LEN_BREDR_LE 0x04 /* TGAP(100)/2 */
2519a1fc 117
17b02e62 118#define CACHE_TIMEOUT msecs_to_jiffies(2 * 1000)
7d78525d 119
4b34ee78
JH		 120#define hdev_is_powered(hdev) (test_bit(HCI_UP, &hdev->flags) && \
121 !test_bit(HCI_AUTO_OFF, &hdev->dev_flags))
122
eec8d2bc
JH		 123struct pending_cmd {
124 struct list_head list;
fc2f4b13 125 u16 opcode;
eec8d2bc 126 int index;
c68fb7ff 127 void *param;
eec8d2bc 128 struct sock *sk;
e9a416b5 129 void *user_data;
eec8d2bc
JH		 130};
131
ca69b795
JH		 132/* HCI to MGMT error code conversion table */
133static u8 mgmt_status_table[] = {
134 MGMT_STATUS_SUCCESS,
135 MGMT_STATUS_UNKNOWN_COMMAND, /* Unknown Command */
136 MGMT_STATUS_NOT_CONNECTED, /* No Connection */
137 MGMT_STATUS_FAILED, /* Hardware Failure */
138 MGMT_STATUS_CONNECT_FAILED, /* Page Timeout */
139 MGMT_STATUS_AUTH_FAILED, /* Authentication Failed */
140 MGMT_STATUS_NOT_PAIRED, /* PIN or Key Missing */
141 MGMT_STATUS_NO_RESOURCES, /* Memory Full */
142 MGMT_STATUS_TIMEOUT, /* Connection Timeout */
143 MGMT_STATUS_NO_RESOURCES, /* Max Number of Connections */
144 MGMT_STATUS_NO_RESOURCES, /* Max Number of SCO Connections */
145 MGMT_STATUS_ALREADY_CONNECTED, /* ACL Connection Exists */
146 MGMT_STATUS_BUSY, /* Command Disallowed */
147 MGMT_STATUS_NO_RESOURCES, /* Rejected Limited Resources */
148 MGMT_STATUS_REJECTED, /* Rejected Security */
149 MGMT_STATUS_REJECTED, /* Rejected Personal */
150 MGMT_STATUS_TIMEOUT, /* Host Timeout */
151 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Feature */
152 MGMT_STATUS_INVALID_PARAMS, /* Invalid Parameters */
153 MGMT_STATUS_DISCONNECTED, /* OE User Ended Connection */
154 MGMT_STATUS_NO_RESOURCES, /* OE Low Resources */
155 MGMT_STATUS_DISCONNECTED, /* OE Power Off */
156 MGMT_STATUS_DISCONNECTED, /* Connection Terminated */
157 MGMT_STATUS_BUSY, /* Repeated Attempts */
158 MGMT_STATUS_REJECTED, /* Pairing Not Allowed */
159 MGMT_STATUS_FAILED, /* Unknown LMP PDU */
160 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Remote Feature */
161 MGMT_STATUS_REJECTED, /* SCO Offset Rejected */
162 MGMT_STATUS_REJECTED, /* SCO Interval Rejected */
163 MGMT_STATUS_REJECTED, /* Air Mode Rejected */
164 MGMT_STATUS_INVALID_PARAMS, /* Invalid LMP Parameters */
165 MGMT_STATUS_FAILED, /* Unspecified Error */
166 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported LMP Parameter Value */
167 MGMT_STATUS_FAILED, /* Role Change Not Allowed */
168 MGMT_STATUS_TIMEOUT, /* LMP Response Timeout */
169 MGMT_STATUS_FAILED, /* LMP Error Transaction Collision */
170 MGMT_STATUS_FAILED, /* LMP PDU Not Allowed */
171 MGMT_STATUS_REJECTED, /* Encryption Mode Not Accepted */
172 MGMT_STATUS_FAILED, /* Unit Link Key Used */
173 MGMT_STATUS_NOT_SUPPORTED, /* QoS Not Supported */
174 MGMT_STATUS_TIMEOUT, /* Instant Passed */
175 MGMT_STATUS_NOT_SUPPORTED, /* Pairing Not Supported */
176 MGMT_STATUS_FAILED, /* Transaction Collision */
177 MGMT_STATUS_INVALID_PARAMS, /* Unacceptable Parameter */
178 MGMT_STATUS_REJECTED, /* QoS Rejected */
179 MGMT_STATUS_NOT_SUPPORTED, /* Classification Not Supported */
180 MGMT_STATUS_REJECTED, /* Insufficient Security */
181 MGMT_STATUS_INVALID_PARAMS, /* Parameter Out Of Range */
182 MGMT_STATUS_BUSY, /* Role Switch Pending */
183 MGMT_STATUS_FAILED, /* Slot Violation */
184 MGMT_STATUS_FAILED, /* Role Switch Failed */
185 MGMT_STATUS_INVALID_PARAMS, /* EIR Too Large */
186 MGMT_STATUS_NOT_SUPPORTED, /* Simple Pairing Not Supported */
187 MGMT_STATUS_BUSY, /* Host Busy Pairing */
188 MGMT_STATUS_REJECTED, /* Rejected, No Suitable Channel */
189 MGMT_STATUS_BUSY, /* Controller Busy */
190 MGMT_STATUS_INVALID_PARAMS, /* Unsuitable Connection Interval */
191 MGMT_STATUS_TIMEOUT, /* Directed Advertising Timeout */
192 MGMT_STATUS_AUTH_FAILED, /* Terminated Due to MIC Failure */
193 MGMT_STATUS_CONNECT_FAILED, /* Connection Establishment Failed */
194 MGMT_STATUS_CONNECT_FAILED, /* MAC Connection Failed */
195};
196
bb4b2a9a
AE		 197bool mgmt_valid_hdev(struct hci_dev *hdev)
198{
199 return hdev->dev_type == HCI_BREDR;
200}
201
ca69b795
JH		 202static u8 mgmt_status(u8 hci_status)
203{
204 if (hci_status < ARRAY_SIZE(mgmt_status_table))
205 return mgmt_status_table[hci_status];
206
207 return MGMT_STATUS_FAILED;
208}
209
4e51eae9 210static int cmd_status(struct sock *sk, u16 index, u16 cmd, u8 status)
f7b64e69
JH		 211{
212 struct sk_buff *skb;
213 struct mgmt_hdr *hdr;
214 struct mgmt_ev_cmd_status *ev;
56b7d137 215 int err;
f7b64e69 216
34eb525c 217 BT_DBG("sock %p, index %u, cmd %u, status %u", sk, index, cmd, status);
f7b64e69 218
790eff44 219 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev), GFP_KERNEL);
f7b64e69
JH		 220 if (!skb)
221 return -ENOMEM;
222
223 hdr = (void *) skb_put(skb, sizeof(*hdr));
224
612dfce9 225 hdr->opcode = __constant_cpu_to_le16(MGMT_EV_CMD_STATUS);
4e51eae9 226 hdr->index = cpu_to_le16(index);
f7b64e69
JH		 227 hdr->len = cpu_to_le16(sizeof(*ev));
228
229 ev = (void *) skb_put(skb, sizeof(*ev));
230 ev->status = status;
eb55ef07 231 ev->opcode = cpu_to_le16(cmd);
f7b64e69 232
56b7d137
GP		 233 err = sock_queue_rcv_skb(sk, skb);
234 if (err < 0)
f7b64e69
JH		 235 kfree_skb(skb);
236
56b7d137 237 return err;
f7b64e69
JH		 238}
239
aee9b218 240static int cmd_complete(struct sock *sk, u16 index, u16 cmd, u8 status,
04124681 241 void *rp, size_t rp_len)
02d98129
JH		 242{
243 struct sk_buff *skb;
244 struct mgmt_hdr *hdr;
245 struct mgmt_ev_cmd_complete *ev;
56b7d137 246 int err;
02d98129
JH		 247
248 BT_DBG("sock %p", sk);
249
790eff44 250 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev) + rp_len, GFP_KERNEL);
02d98129
JH		 251 if (!skb)
252 return -ENOMEM;
253
254 hdr = (void *) skb_put(skb, sizeof(*hdr));
02d98129 255
612dfce9 256 hdr->opcode = __constant_cpu_to_le16(MGMT_EV_CMD_COMPLETE);
4e51eae9 257 hdr->index = cpu_to_le16(index);
a38528f1 258 hdr->len = cpu_to_le16(sizeof(*ev) + rp_len);
02d98129 259
a38528f1 260 ev = (void *) skb_put(skb, sizeof(*ev) + rp_len);
eb55ef07 261 ev->opcode = cpu_to_le16(cmd);
aee9b218 262 ev->status = status;
8020c16a
SJ		 263
264 if (rp)
265 memcpy(ev->data, rp, rp_len);
02d98129 266
56b7d137
GP		 267 err = sock_queue_rcv_skb(sk, skb);
268 if (err < 0)
02d98129
JH		 269 kfree_skb(skb);
270
e5f0e151 271 return err;
02d98129
JH		 272}
273
04124681
GP		 274static int read_version(struct sock *sk, struct hci_dev *hdev, void *data,
275 u16 data_len)
a38528f1
JH		 276{
277 struct mgmt_rp_read_version rp;
278
279 BT_DBG("sock %p", sk);
280
281 rp.version = MGMT_VERSION;
eb55ef07 282 rp.revision = __constant_cpu_to_le16(MGMT_REVISION);
a38528f1 283
aee9b218 284 return cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_VERSION, 0, &rp,
04124681 285 sizeof(rp));
a38528f1
JH		 286}
287
04124681
GP		 288static int read_commands(struct sock *sk, struct hci_dev *hdev, void *data,
289 u16 data_len)
e70bb2e8
JH		 290{
291 struct mgmt_rp_read_commands *rp;
eb55ef07
MH		 292 const u16 num_commands = ARRAY_SIZE(mgmt_commands);
293 const u16 num_events = ARRAY_SIZE(mgmt_events);
2e3c35ea 294 __le16 *opcode;
e70bb2e8
JH		 295 size_t rp_size;
296 int i, err;
297
298 BT_DBG("sock %p", sk);
299
300 rp_size = sizeof(*rp) + ((num_commands + num_events) * sizeof(u16));
301
302 rp = kmalloc(rp_size, GFP_KERNEL);
303 if (!rp)
304 return -ENOMEM;
305
eb55ef07
MH		 306 rp->num_commands = __constant_cpu_to_le16(num_commands);
307 rp->num_events = __constant_cpu_to_le16(num_events);
e70bb2e8
JH		 308
309 for (i = 0, opcode = rp->opcodes; i < num_commands; i++, opcode++)
310 put_unaligned_le16(mgmt_commands[i], opcode);
311
312 for (i = 0; i < num_events; i++, opcode++)
313 put_unaligned_le16(mgmt_events[i], opcode);
314
aee9b218 315 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_COMMANDS, 0, rp,
04124681 316 rp_size);
e70bb2e8
JH		 317 kfree(rp);
318
319 return err;
320}
321
04124681
GP		 322static int read_index_list(struct sock *sk, struct hci_dev *hdev, void *data,
323 u16 data_len)
faba42eb 324{
faba42eb 325 struct mgmt_rp_read_index_list *rp;
8035ded4 326 struct hci_dev *d;
a38528f1 327 size_t rp_len;
faba42eb 328 u16 count;
476e44cb 329 int err;
faba42eb
JH		 330
331 BT_DBG("sock %p", sk);
332
333 read_lock(&hci_dev_list_lock);
334
335 count = 0;
bb4b2a9a
AE		 336 list_for_each_entry(d, &hci_dev_list, list) {
337 if (!mgmt_valid_hdev(d))
338 continue;
339
faba42eb
JH		 340 count++;
341 }
342
a38528f1
JH		 343 rp_len = sizeof(*rp) + (2 * count);
344 rp = kmalloc(rp_len, GFP_ATOMIC);
345 if (!rp) {
b2c60d42 346 read_unlock(&hci_dev_list_lock);
faba42eb 347 return -ENOMEM;
b2c60d42 348 }
faba42eb 349
476e44cb 350 count = 0;
8035ded4 351 list_for_each_entry(d, &hci_dev_list, list) {
a8b2d5c2 352 if (test_bit(HCI_SETUP, &d->dev_flags))
ab81cbf9
JH		 353 continue;
354
bb4b2a9a
AE		 355 if (!mgmt_valid_hdev(d))
356 continue;
357
476e44cb 358 rp->index[count++] = cpu_to_le16(d->id);
faba42eb
JH		 359 BT_DBG("Added hci%u", d->id);
360 }
361
476e44cb
JH		 362 rp->num_controllers = cpu_to_le16(count);
363 rp_len = sizeof(*rp) + (2 * count);
364
faba42eb
JH		 365 read_unlock(&hci_dev_list_lock);
366
aee9b218 367 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_INDEX_LIST, 0, rp,
04124681 368 rp_len);
faba42eb 369
a38528f1
JH		 370 kfree(rp);
371
372 return err;
faba42eb
JH		 373}
374
69ab39ea
JH		 375static u32 get_supported_settings(struct hci_dev *hdev)
376{
377 u32 settings = 0;
378
379 settings |= MGMT_SETTING_POWERED;
69ab39ea
JH		 380 settings |= MGMT_SETTING_PAIRABLE;
381
9a1a1996 382 if (lmp_ssp_capable(hdev))
69ab39ea
JH		 383 settings |= MGMT_SETTING_SSP;
384
ed3fa31f 385 if (lmp_bredr_capable(hdev)) {
33c525c0
JH		 386 settings |= MGMT_SETTING_CONNECTABLE;
387 settings |= MGMT_SETTING_FAST_CONNECTABLE;
388 settings |= MGMT_SETTING_DISCOVERABLE;
69ab39ea
JH		 389 settings |= MGMT_SETTING_BREDR;
390 settings |= MGMT_SETTING_LINK_SECURITY;
391 }
392
d7b7e796
MH		 393 if (enable_hs)
394 settings |= MGMT_SETTING_HS;
395
c383ddc4 396 if (lmp_le_capable(hdev))
9d42820f 397 settings |= MGMT_SETTING_LE;
69ab39ea
JH		 398
399 return settings;
400}
401
402static u32 get_current_settings(struct hci_dev *hdev)
403{
404 u32 settings = 0;
405
f1f0eb02 406 if (hdev_is_powered(hdev))
f0d4b78a
MH		 407 settings |= MGMT_SETTING_POWERED;
408
5e5282bb 409 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
69ab39ea
JH		 410 settings |= MGMT_SETTING_CONNECTABLE;
411
5e5282bb 412 if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
69ab39ea
JH		 413 settings |= MGMT_SETTING_DISCOVERABLE;
414
a8b2d5c2 415 if (test_bit(HCI_PAIRABLE, &hdev->dev_flags))
69ab39ea
JH		 416 settings |= MGMT_SETTING_PAIRABLE;
417
ed3fa31f 418 if (lmp_bredr_capable(hdev))
69ab39ea
JH		 419 settings |= MGMT_SETTING_BREDR;
420
06199cf8 421 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
69ab39ea
JH		 422 settings |= MGMT_SETTING_LE;
423
47990ea0 424 if (test_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
69ab39ea
JH		 425 settings |= MGMT_SETTING_LINK_SECURITY;
426
84bde9d6 427 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
69ab39ea
JH		 428 settings |= MGMT_SETTING_SSP;
429
6d80dfd0
JH		 430 if (test_bit(HCI_HS_ENABLED, &hdev->dev_flags))
431 settings |= MGMT_SETTING_HS;
432
69ab39ea
JH		 433 return settings;
434}
435
ef580372
JH		 436#define PNP_INFO_SVCLASS_ID 0x1200
437
438static u8 bluetooth_base_uuid[] = {
439 0xFB, 0x34, 0x9B, 0x5F, 0x80, 0x00, 0x00, 0x80,
440 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
441};
442
443static u16 get_uuid16(u8 *uuid128)
444{
445 u32 val;
446 int i;
447
448 for (i = 0; i < 12; i++) {
449 if (bluetooth_base_uuid[i] != uuid128[i])
450 return 0;
451 }
452
3e9fb6d8 453 val = get_unaligned_le32(&uuid128[12]);
ef580372
JH		 454 if (val > 0xffff)
455 return 0;
456
457 return (u16) val;
458}
459
460static void create_eir(struct hci_dev *hdev, u8 *data)
461{
462 u8 *ptr = data;
463 u16 eir_len = 0;
464 u16 uuid16_list[HCI_MAX_EIR_LENGTH / sizeof(u16)];
465 int i, truncated = 0;
466 struct bt_uuid *uuid;
467 size_t name_len;
468
469 name_len = strlen(hdev->dev_name);
470
471 if (name_len > 0) {
472 /* EIR Data type */
473 if (name_len > 48) {
474 name_len = 48;
475 ptr[1] = EIR_NAME_SHORT;
476 } else
477 ptr[1] = EIR_NAME_COMPLETE;
478
479 /* EIR Data length */
480 ptr[0] = name_len + 1;
481
482 memcpy(ptr + 2, hdev->dev_name, name_len);
483
484 eir_len += (name_len + 2);
485 ptr += (name_len + 2);
486 }
487
bbaf444a 488 if (hdev->inq_tx_power != HCI_TX_POWER_INVALID) {
91c4e9b1
MH		 489 ptr[0] = 2;
490 ptr[1] = EIR_TX_POWER;
491 ptr[2] = (u8) hdev->inq_tx_power;
492
493 eir_len += 3;
494 ptr += 3;
495 }
496
2b9be137
MH		 497 if (hdev->devid_source > 0) {
498 ptr[0] = 9;
499 ptr[1] = EIR_DEVICE_ID;
500
501 put_unaligned_le16(hdev->devid_source, ptr + 2);
502 put_unaligned_le16(hdev->devid_vendor, ptr + 4);
503 put_unaligned_le16(hdev->devid_product, ptr + 6);
504 put_unaligned_le16(hdev->devid_version, ptr + 8);
505
506 eir_len += 10;
507 ptr += 10;
508 }
509
ef580372
JH		 510 memset(uuid16_list, 0, sizeof(uuid16_list));
511
512 /* Group all UUID16 types */
513 list_for_each_entry(uuid, &hdev->uuids, list) {
514 u16 uuid16;
515
516 uuid16 = get_uuid16(uuid->uuid);
517 if (uuid16 == 0)
518 return;
519
520 if (uuid16 < 0x1100)
521 continue;
522
523 if (uuid16 == PNP_INFO_SVCLASS_ID)
524 continue;
525
526 /* Stop if not enough space to put next UUID */
527 if (eir_len + 2 + sizeof(u16) > HCI_MAX_EIR_LENGTH) {
528 truncated = 1;
529 break;
530 }
531
532 /* Check for duplicates */
533 for (i = 0; uuid16_list[i] != 0; i++)
534 if (uuid16_list[i] == uuid16)
535 break;
536
537 if (uuid16_list[i] == 0) {
538 uuid16_list[i] = uuid16;
539 eir_len += sizeof(u16);
540 }
541 }
542
543 if (uuid16_list[0] != 0) {
544 u8 *length = ptr;
545
546 /* EIR Data type */
547 ptr[1] = truncated ? EIR_UUID16_SOME : EIR_UUID16_ALL;
548
549 ptr += 2;
550 eir_len += 2;
551
552 for (i = 0; uuid16_list[i] != 0; i++) {
553 *ptr++ = (uuid16_list[i] & 0x00ff);
554 *ptr++ = (uuid16_list[i] & 0xff00) >> 8;
555 }
556
557 /* EIR Data length */
558 *length = (i * sizeof(u16)) + 1;
559 }
560}
561
562static int update_eir(struct hci_dev *hdev)
563{
564 struct hci_cp_write_eir cp;
565
504c8dcd 566 if (!hdev_is_powered(hdev))
7770c4aa
JH		 567 return 0;
568
976eb20e 569 if (!lmp_ext_inq_capable(hdev))
ef580372
JH		 570 return 0;
571
84bde9d6 572 if (!test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
ef580372
JH		 573 return 0;
574
a8b2d5c2 575 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
ef580372
JH		 576 return 0;
577
578 memset(&cp, 0, sizeof(cp));
579
580 create_eir(hdev, cp.data);
581
582 if (memcmp(cp.data, hdev->eir, sizeof(cp.data)) == 0)
583 return 0;
584
585 memcpy(hdev->eir, cp.data, sizeof(cp.data));
586
587 return hci_send_cmd(hdev, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
588}
589
590static u8 get_service_classes(struct hci_dev *hdev)
591{
592 struct bt_uuid *uuid;
593 u8 val = 0;
594
595 list_for_each_entry(uuid, &hdev->uuids, list)
596 val |= uuid->svc_hint;
597
598 return val;
599}
600
601static int update_class(struct hci_dev *hdev)
602{
603 u8 cod[3];
c95f0ba7 604 int err;
ef580372
JH		 605
606 BT_DBG("%s", hdev->name);
607
504c8dcd 608 if (!hdev_is_powered(hdev))
7770c4aa
JH		 609 return 0;
610
a8b2d5c2 611 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
ef580372
JH		 612 return 0;
613
614 cod[0] = hdev->minor_class;
615 cod[1] = hdev->major_class;
616 cod[2] = get_service_classes(hdev);
617
618 if (memcmp(cod, hdev->dev_class, 3) == 0)
619 return 0;
620
c95f0ba7
JH		 621 err = hci_send_cmd(hdev, HCI_OP_WRITE_CLASS_OF_DEV, sizeof(cod), cod);
622 if (err == 0)
623 set_bit(HCI_PENDING_CLASS, &hdev->dev_flags);
624
625 return err;
ef580372
JH		 626}
627
7d78525d
JH		 628static void service_cache_off(struct work_struct *work)
629{
630 struct hci_dev *hdev = container_of(work, struct hci_dev,
04124681 631 service_cache.work);
7d78525d 632
a8b2d5c2 633 if (!test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
7d78525d
JH		 634 return;
635
636 hci_dev_lock(hdev);
637
638 update_eir(hdev);
639 update_class(hdev);
640
641 hci_dev_unlock(hdev);
642}
643
6a919082 644static void mgmt_init_hdev(struct sock *sk, struct hci_dev *hdev)
7d78525d 645{
4f87da80 646 if (test_and_set_bit(HCI_MGMT, &hdev->dev_flags))
6a919082
JH		 647 return;
648
4f87da80 649 INIT_DELAYED_WORK(&hdev->service_cache, service_cache_off);
7d78525d 650
4f87da80
JH		 651 /* Non-mgmt controlled devices get this bit set
652 * implicitly so that pairing works for them, however
653 * for mgmt we require user-space to explicitly enable
654 * it
655 */
656 clear_bit(HCI_PAIRABLE, &hdev->dev_flags);
7d78525d
JH		 657}
658
0f4e68cf 659static int read_controller_info(struct sock *sk, struct hci_dev *hdev,
04124681 660 void *data, u16 data_len)
0381101f 661{
a38528f1 662 struct mgmt_rp_read_info rp;
f7b64e69 663
bdb6d971 664 BT_DBG("sock %p %s", sk, hdev->name);
f7b64e69 665
09fd0de5 666 hci_dev_lock(hdev);
f7b64e69 667
dc4fe30b
JH		 668 memset(&rp, 0, sizeof(rp));
669
69ab39ea 670 bacpy(&rp.bdaddr, &hdev->bdaddr);
f7b64e69 671
69ab39ea 672 rp.version = hdev->hci_ver;
eb55ef07 673 rp.manufacturer = cpu_to_le16(hdev->manufacturer);
69ab39ea
JH		 674
675 rp.supported_settings = cpu_to_le32(get_supported_settings(hdev));
676 rp.current_settings = cpu_to_le32(get_current_settings(hdev));
f7b64e69 677
a38528f1 678 memcpy(rp.dev_class, hdev->dev_class, 3);
f7b64e69 679
dc4fe30b 680 memcpy(rp.name, hdev->dev_name, sizeof(hdev->dev_name));
27fcc362 681 memcpy(rp.short_name, hdev->short_name, sizeof(hdev->short_name));
dc4fe30b 682
09fd0de5 683 hci_dev_unlock(hdev);
0381101f 684
bdb6d971 685 return cmd_complete(sk, hdev->id, MGMT_OP_READ_INFO, 0, &rp,
04124681 686 sizeof(rp));
0381101f
JH		 687}
688
eec8d2bc
JH		 689static void mgmt_pending_free(struct pending_cmd *cmd)
690{
691 sock_put(cmd->sk);
c68fb7ff 692 kfree(cmd->param);
eec8d2bc
JH		 693 kfree(cmd);
694}
695
366a0336 696static struct pending_cmd *mgmt_pending_add(struct sock *sk, u16 opcode,
04124681
GP		 697 struct hci_dev *hdev, void *data,
698 u16 len)
eec8d2bc
JH		 699{
700 struct pending_cmd *cmd;
701
12b94565 702 cmd = kmalloc(sizeof(*cmd), GFP_KERNEL);
eec8d2bc 703 if (!cmd)
366a0336 704 return NULL;
eec8d2bc
JH		 705
706 cmd->opcode = opcode;
2e58ef3e 707 cmd->index = hdev->id;
eec8d2bc 708
12b94565 709 cmd->param = kmalloc(len, GFP_KERNEL);
c68fb7ff 710 if (!cmd->param) {
eec8d2bc 711 kfree(cmd);
366a0336 712 return NULL;
eec8d2bc
JH		 713 }
714
8fce6357
SJ		 715 if (data)
716 memcpy(cmd->param, data, len);
eec8d2bc
JH		 717
718 cmd->sk = sk;
719 sock_hold(sk);
720
2e58ef3e 721 list_add(&cmd->list, &hdev->mgmt_pending);
eec8d2bc 722
366a0336 723 return cmd;
eec8d2bc
JH		 724}
725
744cf19e 726static void mgmt_pending_foreach(u16 opcode, struct hci_dev *hdev,
8fc9ced3
GP		 727 void (*cb)(struct pending_cmd *cmd,
728 void *data),
04124681 729 void *data)
eec8d2bc
JH		 730{
731 struct list_head *p, *n;
732
2e58ef3e 733 list_for_each_safe(p, n, &hdev->mgmt_pending) {
eec8d2bc
JH		 734 struct pending_cmd *cmd;
735
736 cmd = list_entry(p, struct pending_cmd, list);
737
b24752fe 738 if (opcode > 0 && cmd->opcode != opcode)
eec8d2bc
JH		 739 continue;
740
eec8d2bc
JH		 741 cb(cmd, data);
742 }
743}
744
2e58ef3e 745static struct pending_cmd *mgmt_pending_find(u16 opcode, struct hci_dev *hdev)
eec8d2bc 746{
8035ded4 747 struct pending_cmd *cmd;
eec8d2bc 748
2e58ef3e 749 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
2aeabcbe
JH		 750 if (cmd->opcode == opcode)
751 return cmd;
eec8d2bc
JH		 752 }
753
754 return NULL;
755}
756
a664b5bc 757static void mgmt_pending_remove(struct pending_cmd *cmd)
73f22f62 758{
73f22f62
JH		 759 list_del(&cmd->list);
760 mgmt_pending_free(cmd);
761}
762
69ab39ea 763static int send_settings_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
8680570b 764{
69ab39ea 765 __le32 settings = cpu_to_le32(get_current_settings(hdev));
8680570b 766
aee9b218 767 return cmd_complete(sk, hdev->id, opcode, 0, &settings,
04124681 768 sizeof(settings));
8680570b
JH		 769}
770
bdb6d971 771static int set_powered(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 772 u16 len)
eec8d2bc 773{
650f726d 774 struct mgmt_mode *cp = data;
366a0336 775 struct pending_cmd *cmd;
4b34ee78 776 int err;
eec8d2bc 777
bdb6d971 778 BT_DBG("request for %s", hdev->name);
eec8d2bc 779
a7e80f25
JH		 780 if (cp->val != 0x00 && cp->val != 0x01)
781 return cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
782 MGMT_STATUS_INVALID_PARAMS);
783
09fd0de5 784 hci_dev_lock(hdev);
eec8d2bc 785
f0d4b78a
MH		 786 if (test_and_clear_bit(HCI_AUTO_OFF, &hdev->dev_flags)) {
787 cancel_delayed_work(&hdev->power_off);
788
789 if (cp->val) {
a1d70450
JH		 790 mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev,
791 data, len);
792 err = mgmt_powered(hdev, 1);
f0d4b78a
MH		 793 goto failed;
794 }
795 }
796
4b34ee78 797 if (!!cp->val == hdev_is_powered(hdev)) {
69ab39ea 798 err = send_settings_rsp(sk, MGMT_OP_SET_POWERED, hdev);
eec8d2bc
JH		 799 goto failed;
800 }
801
2e58ef3e 802 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev)) {
bdb6d971 803 err = cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
04124681 804 MGMT_STATUS_BUSY);
eec8d2bc
JH		 805 goto failed;
806 }
807
2e58ef3e 808 cmd = mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev, data, len);
366a0336
JH		 809 if (!cmd) {
810 err = -ENOMEM;
eec8d2bc 811 goto failed;
366a0336 812 }
eec8d2bc 813
72a734ec 814 if (cp->val)
19202573 815 queue_work(hdev->req_workqueue, &hdev->power_on);
eec8d2bc 816 else
19202573 817 queue_work(hdev->req_workqueue, &hdev->power_off.work);
eec8d2bc 818
366a0336 819 err = 0;
eec8d2bc
JH		 820
821failed:
09fd0de5 822 hci_dev_unlock(hdev);
366a0336 823 return err;
eec8d2bc
JH		 824}
825
04124681
GP		 826static int mgmt_event(u16 event, struct hci_dev *hdev, void *data, u16 data_len,
827 struct sock *skip_sk)
beadb2bd
JH		 828{
829 struct sk_buff *skb;
830 struct mgmt_hdr *hdr;
831
790eff44 832 skb = alloc_skb(sizeof(*hdr) + data_len, GFP_KERNEL);
beadb2bd
JH		 833 if (!skb)
834 return -ENOMEM;
835
836 hdr = (void *) skb_put(skb, sizeof(*hdr));
837 hdr->opcode = cpu_to_le16(event);
838 if (hdev)
839 hdr->index = cpu_to_le16(hdev->id);
840 else
612dfce9 841 hdr->index = __constant_cpu_to_le16(MGMT_INDEX_NONE);
beadb2bd
JH		 842 hdr->len = cpu_to_le16(data_len);
843
844 if (data)
845 memcpy(skb_put(skb, data_len), data, data_len);
846
97e0bdeb
MH		 847 /* Time stamp */
848 __net_timestamp(skb);
849
beadb2bd
JH		 850 hci_send_to_control(skb, skip_sk);
851 kfree_skb(skb);
852
853 return 0;
854}
855
856static int new_settings(struct hci_dev *hdev, struct sock *skip)
857{
858 __le32 ev;
859
860 ev = cpu_to_le32(get_current_settings(hdev));
861
862 return mgmt_event(MGMT_EV_NEW_SETTINGS, hdev, &ev, sizeof(ev), skip);
863}
864
bdb6d971 865static int set_discoverable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 866 u16 len)
73f22f62 867{
650f726d 868 struct mgmt_cp_set_discoverable *cp = data;
366a0336 869 struct pending_cmd *cmd;
5e5282bb 870 u16 timeout;
73f22f62
JH		 871 u8 scan;
872 int err;
873
bdb6d971 874 BT_DBG("request for %s", hdev->name);
73f22f62 875
33c525c0
JH		 876 if (!lmp_bredr_capable(hdev))
877 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
878 MGMT_STATUS_NOT_SUPPORTED);
879
a7e80f25
JH		 880 if (cp->val != 0x00 && cp->val != 0x01)
881 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
882 MGMT_STATUS_INVALID_PARAMS);
883
1f350c87 884 timeout = __le16_to_cpu(cp->timeout);
24c54a90 885 if (!cp->val && timeout > 0)
bdb6d971 886 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 887 MGMT_STATUS_INVALID_PARAMS);
73f22f62 888
09fd0de5 889 hci_dev_lock(hdev);
73f22f62 890
5e5282bb 891 if (!hdev_is_powered(hdev) && timeout > 0) {
bdb6d971 892 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 893 MGMT_STATUS_NOT_POWERED);
73f22f62
JH		 894 goto failed;
895 }
896
2e58ef3e 897 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
8ce8e2b5 898 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
bdb6d971 899 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 900 MGMT_STATUS_BUSY);
73f22f62
JH		 901 goto failed;
902 }
903
5e5282bb 904 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags)) {
bdb6d971 905 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 906 MGMT_STATUS_REJECTED);
5e5282bb
JH		 907 goto failed;
908 }
909
910 if (!hdev_is_powered(hdev)) {
0224d2fa
JH		 911 bool changed = false;
912
913 if (!!cp->val != test_bit(HCI_DISCOVERABLE, &hdev->dev_flags)) {
914 change_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
915 changed = true;
916 }
917
5e5282bb 918 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
0224d2fa
JH		 919 if (err < 0)
920 goto failed;
921
922 if (changed)
923 err = new_settings(hdev, sk);
924
5e5282bb
JH		 925 goto failed;
926 }
927
928 if (!!cp->val == test_bit(HCI_DISCOVERABLE, &hdev->dev_flags)) {
955638ec
MH		 929 if (hdev->discov_timeout > 0) {
930 cancel_delayed_work(&hdev->discov_off);
931 hdev->discov_timeout = 0;
932 }
933
934 if (cp->val && timeout > 0) {
935 hdev->discov_timeout = timeout;
936 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
937 msecs_to_jiffies(hdev->discov_timeout * 1000));
938 }
939
69ab39ea 940 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
73f22f62
JH		 941 goto failed;
942 }
943
2e58ef3e 944 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DISCOVERABLE, hdev, data, len);
366a0336
JH		 945 if (!cmd) {
946 err = -ENOMEM;
73f22f62 947 goto failed;
366a0336 948 }
73f22f62
JH		 949
950 scan = SCAN_PAGE;
951
72a734ec 952 if (cp->val)
73f22f62 953 scan |= SCAN_INQUIRY;
16ab91ab 954 else
e0f9309f 955 cancel_delayed_work(&hdev->discov_off);
73f22f62
JH		 956
957 err = hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
958 if (err < 0)
a664b5bc 959 mgmt_pending_remove(cmd);
73f22f62 960
16ab91ab 961 if (cp->val)
5e5282bb 962 hdev->discov_timeout = timeout;
16ab91ab 963
73f22f62 964failed:
09fd0de5 965 hci_dev_unlock(hdev);
73f22f62
JH		 966 return err;
967}
968
bdb6d971 969static int set_connectable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 970 u16 len)
9fbcbb45 971{
650f726d 972 struct mgmt_mode *cp = data;
366a0336 973 struct pending_cmd *cmd;
9fbcbb45
JH		 974 u8 scan;
975 int err;
976
bdb6d971 977 BT_DBG("request for %s", hdev->name);
9fbcbb45 978
33c525c0
JH		 979 if (!lmp_bredr_capable(hdev))
980 return cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
981 MGMT_STATUS_NOT_SUPPORTED);
982
a7e80f25
JH		 983 if (cp->val != 0x00 && cp->val != 0x01)
984 return cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
985 MGMT_STATUS_INVALID_PARAMS);
986
09fd0de5 987 hci_dev_lock(hdev);
9fbcbb45 988
4b34ee78 989 if (!hdev_is_powered(hdev)) {
0224d2fa
JH		 990 bool changed = false;
991
992 if (!!cp->val != test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
993 changed = true;
994
6bf0e469 995 if (cp->val) {
5e5282bb 996 set_bit(HCI_CONNECTABLE, &hdev->dev_flags);
6bf0e469 997 } else {
5e5282bb
JH		 998 clear_bit(HCI_CONNECTABLE, &hdev->dev_flags);
999 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
1000 }
0224d2fa 1001
5e5282bb 1002 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
0224d2fa
JH		 1003 if (err < 0)
1004 goto failed;
1005
1006 if (changed)
1007 err = new_settings(hdev, sk);
1008
9fbcbb45
JH		 1009 goto failed;
1010 }
1011
2e58ef3e 1012 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
8ce8e2b5 1013 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
bdb6d971 1014 err = cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
04124681 1015 MGMT_STATUS_BUSY);
9fbcbb45
JH		 1016 goto failed;
1017 }
1018
5e5282bb 1019 if (!!cp->val == test_bit(HCI_PSCAN, &hdev->flags)) {
69ab39ea 1020 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
9fbcbb45
JH		 1021 goto failed;
1022 }
1023
2e58ef3e 1024 cmd = mgmt_pending_add(sk, MGMT_OP_SET_CONNECTABLE, hdev, data, len);
366a0336
JH		 1025 if (!cmd) {
1026 err = -ENOMEM;
9fbcbb45 1027 goto failed;
366a0336 1028 }
9fbcbb45 1029
6bf0e469 1030 if (cp->val) {
9fbcbb45 1031 scan = SCAN_PAGE;
6bf0e469 1032 } else {
9fbcbb45
JH		 1033 scan = 0;
1034
df2c6c5e 1035 if (test_bit(HCI_ISCAN, &hdev->flags) &&
8ce8e2b5 1036 hdev->discov_timeout > 0)
df2c6c5e
JH		 1037 cancel_delayed_work(&hdev->discov_off);
1038 }
1039
9fbcbb45
JH		 1040 err = hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1041 if (err < 0)
a664b5bc 1042 mgmt_pending_remove(cmd);
9fbcbb45
JH		 1043
1044failed:
09fd0de5 1045 hci_dev_unlock(hdev);
9fbcbb45
JH		 1046 return err;
1047}
1048
bdb6d971 1049static int set_pairable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1050 u16 len)
c542a06c 1051{
650f726d 1052 struct mgmt_mode *cp = data;
c542a06c
JH		 1053 int err;
1054
bdb6d971 1055 BT_DBG("request for %s", hdev->name);
c542a06c 1056
a7e80f25
JH		 1057 if (cp->val != 0x00 && cp->val != 0x01)
1058 return cmd_status(sk, hdev->id, MGMT_OP_SET_PAIRABLE,
1059 MGMT_STATUS_INVALID_PARAMS);
1060
09fd0de5 1061 hci_dev_lock(hdev);
c542a06c
JH		 1062
1063 if (cp->val)
a8b2d5c2 1064 set_bit(HCI_PAIRABLE, &hdev->dev_flags);
c542a06c 1065 else
a8b2d5c2 1066 clear_bit(HCI_PAIRABLE, &hdev->dev_flags);
c542a06c 1067
69ab39ea 1068 err = send_settings_rsp(sk, MGMT_OP_SET_PAIRABLE, hdev);
c542a06c
JH		 1069 if (err < 0)
1070 goto failed;
1071
beadb2bd 1072 err = new_settings(hdev, sk);
c542a06c
JH		 1073
1074failed:
09fd0de5 1075 hci_dev_unlock(hdev);
c542a06c
JH		 1076 return err;
1077}
1078
04124681
GP		 1079static int set_link_security(struct sock *sk, struct hci_dev *hdev, void *data,
1080 u16 len)
33ef95ed
JH		 1081{
1082 struct mgmt_mode *cp = data;
1083 struct pending_cmd *cmd;
816a11d5 1084 u8 val;
33ef95ed
JH		 1085 int err;
1086
bdb6d971 1087 BT_DBG("request for %s", hdev->name);
33ef95ed 1088
33c525c0
JH		 1089 if (!lmp_bredr_capable(hdev))
1090 return cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1091 MGMT_STATUS_NOT_SUPPORTED);
1092
a7e80f25
JH		 1093 if (cp->val != 0x00 && cp->val != 0x01)
1094 return cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1095 MGMT_STATUS_INVALID_PARAMS);
1096
33ef95ed
JH		 1097 hci_dev_lock(hdev);
1098
4b34ee78 1099 if (!hdev_is_powered(hdev)) {
47990ea0
JH		 1100 bool changed = false;
1101
1102 if (!!cp->val != test_bit(HCI_LINK_SECURITY,
8ce8e2b5 1103 &hdev->dev_flags)) {
47990ea0
JH		 1104 change_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
1105 changed = true;
1106 }
1107
1108 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1109 if (err < 0)
1110 goto failed;
1111
1112 if (changed)
1113 err = new_settings(hdev, sk);
1114
33ef95ed
JH		 1115 goto failed;
1116 }
1117
1118 if (mgmt_pending_find(MGMT_OP_SET_LINK_SECURITY, hdev)) {
bdb6d971 1119 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
04124681 1120 MGMT_STATUS_BUSY);
33ef95ed
JH		 1121 goto failed;
1122 }
1123
1124 val = !!cp->val;
1125
1126 if (test_bit(HCI_AUTH, &hdev->flags) == val) {
1127 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1128 goto failed;
1129 }
1130
1131 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LINK_SECURITY, hdev, data, len);
1132 if (!cmd) {
1133 err = -ENOMEM;
1134 goto failed;
1135 }
1136
1137 err = hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE, sizeof(val), &val);
1138 if (err < 0) {
1139 mgmt_pending_remove(cmd);
1140 goto failed;
1141 }
1142
1143failed:
1144 hci_dev_unlock(hdev);
33ef95ed
JH		 1145 return err;
1146}
1147
bdb6d971 1148static int set_ssp(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
ed2c4ee3
JH		 1149{
1150 struct mgmt_mode *cp = data;
1151 struct pending_cmd *cmd;
816a11d5 1152 u8 val;
ed2c4ee3
JH		 1153 int err;
1154
bdb6d971 1155 BT_DBG("request for %s", hdev->name);
ed2c4ee3 1156
13ecd8b6
JH		 1157 if (!lmp_ssp_capable(hdev))
1158 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1159 MGMT_STATUS_NOT_SUPPORTED);
ed2c4ee3 1160
a7e80f25
JH		 1161 if (cp->val != 0x00 && cp->val != 0x01)
1162 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1163 MGMT_STATUS_INVALID_PARAMS);
1164
13ecd8b6 1165 hci_dev_lock(hdev);
6c8f12c1 1166
c0ecddc2
JH		 1167 val = !!cp->val;
1168
4b34ee78 1169 if (!hdev_is_powered(hdev)) {
c0ecddc2
JH		 1170 bool changed = false;
1171
1172 if (val != test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) {
1173 change_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
1174 changed = true;
1175 }
1176
1177 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1178 if (err < 0)
1179 goto failed;
1180
1181 if (changed)
1182 err = new_settings(hdev, sk);
1183
ed2c4ee3
JH		 1184 goto failed;
1185 }
1186
1187 if (mgmt_pending_find(MGMT_OP_SET_SSP, hdev)) {
d97dcb66
SJ		 1188 err = cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1189 MGMT_STATUS_BUSY);
ed2c4ee3
JH		 1190 goto failed;
1191 }
1192
ed2c4ee3
JH		 1193 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags) == val) {
1194 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1195 goto failed;
1196 }
1197
1198 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SSP, hdev, data, len);
1199 if (!cmd) {
1200 err = -ENOMEM;
1201 goto failed;
1202 }
1203
1204 err = hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, sizeof(val), &val);
1205 if (err < 0) {
1206 mgmt_pending_remove(cmd);
1207 goto failed;
1208 }
1209
1210failed:
1211 hci_dev_unlock(hdev);
ed2c4ee3
JH		 1212 return err;
1213}
1214
bdb6d971 1215static int set_hs(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
6d80dfd0
JH		 1216{
1217 struct mgmt_mode *cp = data;
6d80dfd0 1218
bdb6d971 1219 BT_DBG("request for %s", hdev->name);
6d80dfd0 1220
bdb6d971
JH		 1221 if (!enable_hs)
1222 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
04124681 1223 MGMT_STATUS_NOT_SUPPORTED);
6d80dfd0 1224
a7e80f25
JH		 1225 if (cp->val != 0x00 && cp->val != 0x01)
1226 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1227 MGMT_STATUS_INVALID_PARAMS);
1228
6d80dfd0
JH		 1229 if (cp->val)
1230 set_bit(HCI_HS_ENABLED, &hdev->dev_flags);
1231 else
1232 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
1233
bdb6d971 1234 return send_settings_rsp(sk, MGMT_OP_SET_HS, hdev);
6d80dfd0
JH		 1235}
1236
bdb6d971 1237static int set_le(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
06199cf8
JH		 1238{
1239 struct mgmt_mode *cp = data;
1240 struct hci_cp_write_le_host_supported hci_cp;
1241 struct pending_cmd *cmd;
06199cf8 1242 int err;
0b60eba1 1243 u8 val, enabled;
06199cf8 1244
bdb6d971 1245 BT_DBG("request for %s", hdev->name);
06199cf8 1246
13ecd8b6
JH		 1247 if (!lmp_le_capable(hdev))
1248 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1249 MGMT_STATUS_NOT_SUPPORTED);
1de028ce 1250
a7e80f25
JH		 1251 if (cp->val != 0x00 && cp->val != 0x01)
1252 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1253 MGMT_STATUS_INVALID_PARAMS);
1254
13ecd8b6 1255 hci_dev_lock(hdev);
06199cf8
JH		 1256
1257 val = !!cp->val;
ffa88e02 1258 enabled = lmp_host_le_capable(hdev);
06199cf8 1259
0b60eba1 1260 if (!hdev_is_powered(hdev) || val == enabled) {
06199cf8
JH		 1261 bool changed = false;
1262
1263 if (val != test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
1264 change_bit(HCI_LE_ENABLED, &hdev->dev_flags);
1265 changed = true;
1266 }
1267
1268 err = send_settings_rsp(sk, MGMT_OP_SET_LE, hdev);
1269 if (err < 0)
1de028ce 1270 goto unlock;
06199cf8
JH		 1271
1272 if (changed)
1273 err = new_settings(hdev, sk);
1274
1de028ce 1275 goto unlock;
06199cf8
JH		 1276 }
1277
1278 if (mgmt_pending_find(MGMT_OP_SET_LE, hdev)) {
bdb6d971 1279 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
04124681 1280 MGMT_STATUS_BUSY);
1de028ce 1281 goto unlock;
06199cf8
JH		 1282 }
1283
1284 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LE, hdev, data, len);
1285 if (!cmd) {
1286 err = -ENOMEM;
1de028ce 1287 goto unlock;
06199cf8
JH		 1288 }
1289
1290 memset(&hci_cp, 0, sizeof(hci_cp));
1291
1292 if (val) {
1293 hci_cp.le = val;
ffa88e02 1294 hci_cp.simul = lmp_le_br_capable(hdev);
06199cf8
JH		 1295 }
1296
04124681
GP		 1297 err = hci_send_cmd(hdev, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(hci_cp),
1298 &hci_cp);
0c01bc48 1299 if (err < 0)
06199cf8 1300 mgmt_pending_remove(cmd);
06199cf8 1301
1de028ce
JH		 1302unlock:
1303 hci_dev_unlock(hdev);
06199cf8
JH		 1304 return err;
1305}
1306
bdb6d971 1307static int add_uuid(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
2aeb9a1a 1308{
650f726d 1309 struct mgmt_cp_add_uuid *cp = data;
90e70454 1310 struct pending_cmd *cmd;
2aeb9a1a 1311 struct bt_uuid *uuid;
2aeb9a1a
JH		 1312 int err;
1313
bdb6d971 1314 BT_DBG("request for %s", hdev->name);
2aeb9a1a 1315
09fd0de5 1316 hci_dev_lock(hdev);
2aeb9a1a 1317
c95f0ba7 1318 if (test_bit(HCI_PENDING_CLASS, &hdev->dev_flags)) {
bdb6d971 1319 err = cmd_status(sk, hdev->id, MGMT_OP_ADD_UUID,
04124681 1320 MGMT_STATUS_BUSY);
c95f0ba7
JH		 1321 goto failed;
1322 }
1323
92c4c204 1324 uuid = kmalloc(sizeof(*uuid), GFP_KERNEL);
2aeb9a1a
JH		 1325 if (!uuid) {
1326 err = -ENOMEM;
1327 goto failed;
1328 }
1329
1330 memcpy(uuid->uuid, cp->uuid, 16);
1aff6f09 1331 uuid->svc_hint = cp->svc_hint;
2aeb9a1a
JH		 1332
1333 list_add(&uuid->list, &hdev->uuids);
1334
1aff6f09
JH		 1335 err = update_class(hdev);
1336 if (err < 0)
1337 goto failed;
1338
80a1e1db
JH		 1339 err = update_eir(hdev);
1340 if (err < 0)
1341 goto failed;
1342
90e70454 1343 if (!test_bit(HCI_PENDING_CLASS, &hdev->dev_flags)) {
bdb6d971 1344 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_UUID, 0,
04124681 1345 hdev->dev_class, 3);
90e70454
JH		 1346 goto failed;
1347 }
1348
1349 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_UUID, hdev, data, len);
0c01bc48 1350 if (!cmd)
90e70454 1351 err = -ENOMEM;
2aeb9a1a
JH		 1352
1353failed:
09fd0de5 1354 hci_dev_unlock(hdev);
2aeb9a1a
JH		 1355 return err;
1356}
1357
24b78d0f
JH		 1358static bool enable_service_cache(struct hci_dev *hdev)
1359{
1360 if (!hdev_is_powered(hdev))
1361 return false;
1362
1363 if (!test_and_set_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
46818ed5
JH		 1364 queue_delayed_work(hdev->workqueue, &hdev->service_cache,
1365 CACHE_TIMEOUT);
24b78d0f
JH		 1366 return true;
1367 }
1368
1369 return false;
1370}
1371
bdb6d971 1372static int remove_uuid(struct sock *sk, struct hci_dev *hdev, void *data,
8ce8e2b5 1373 u16 len)
2aeb9a1a 1374{
650f726d 1375 struct mgmt_cp_remove_uuid *cp = data;
90e70454 1376 struct pending_cmd *cmd;
2aeb9a1a 1377 struct list_head *p, *n;
2aeb9a1a 1378 u8 bt_uuid_any[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
2aeb9a1a
JH		 1379 int err, found;
1380
bdb6d971 1381 BT_DBG("request for %s", hdev->name);
2aeb9a1a 1382
09fd0de5 1383 hci_dev_lock(hdev);
2aeb9a1a 1384
c95f0ba7 1385 if (test_bit(HCI_PENDING_CLASS, &hdev->dev_flags)) {
bdb6d971 1386 err = cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
04124681 1387 MGMT_STATUS_BUSY);
c95f0ba7
JH		 1388 goto unlock;
1389 }
1390
2aeb9a1a
JH		 1391 if (memcmp(cp->uuid, bt_uuid_any, 16) == 0) {
1392 err = hci_uuids_clear(hdev);
4004b6d9 1393
24b78d0f 1394 if (enable_service_cache(hdev)) {
bdb6d971 1395 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID,
04124681 1396 0, hdev->dev_class, 3);
24b78d0f
JH		 1397 goto unlock;
1398 }
4004b6d9 1399
9246a869 1400 goto update_class;
2aeb9a1a
JH		 1401 }
1402
1403 found = 0;
1404
1405 list_for_each_safe(p, n, &hdev->uuids) {
1406 struct bt_uuid *match = list_entry(p, struct bt_uuid, list);
1407
1408 if (memcmp(match->uuid, cp->uuid, 16) != 0)
1409 continue;
1410
1411 list_del(&match->list);
482049f7 1412 kfree(match);
2aeb9a1a
JH		 1413 found++;
1414 }
1415
1416 if (found == 0) {
bdb6d971 1417 err = cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
04124681 1418 MGMT_STATUS_INVALID_PARAMS);
2aeb9a1a
JH		 1419 goto unlock;
1420 }
1421
9246a869 1422update_class:
1aff6f09
JH		 1423 err = update_class(hdev);
1424 if (err < 0)
1425 goto unlock;
1426
80a1e1db
JH		 1427 err = update_eir(hdev);
1428 if (err < 0)
1429 goto unlock;
1430
90e70454 1431 if (!test_bit(HCI_PENDING_CLASS, &hdev->dev_flags)) {
bdb6d971 1432 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID, 0,
04124681 1433 hdev->dev_class, 3);
90e70454
JH		 1434 goto unlock;
1435 }
1436
1437 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_UUID, hdev, data, len);
0c01bc48 1438 if (!cmd)
90e70454 1439 err = -ENOMEM;
2aeb9a1a
JH		 1440
1441unlock:
09fd0de5 1442 hci_dev_unlock(hdev);
2aeb9a1a
JH		 1443 return err;
1444}
1445
bdb6d971 1446static int set_dev_class(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1447 u16 len)
1aff6f09 1448{
650f726d 1449 struct mgmt_cp_set_dev_class *cp = data;
90e70454 1450 struct pending_cmd *cmd;
1aff6f09
JH		 1451 int err;
1452
bdb6d971 1453 BT_DBG("request for %s", hdev->name);
1aff6f09 1454
13ecd8b6
JH		 1455 if (!lmp_bredr_capable(hdev))
1456 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
1457 MGMT_STATUS_NOT_SUPPORTED);
1aff6f09 1458
13ecd8b6
JH		 1459 if (test_bit(HCI_PENDING_CLASS, &hdev->dev_flags))
1460 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
1461 MGMT_STATUS_BUSY);
ee98f473 1462
13ecd8b6
JH		 1463 if ((cp->minor & 0x03) != 0 || (cp->major & 0xe0) != 0)
1464 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
1465 MGMT_STATUS_INVALID_PARAMS);
c95f0ba7 1466
13ecd8b6 1467 hci_dev_lock(hdev);
575b3a02 1468
932f5ff5
JH		 1469 hdev->major_class = cp->major;
1470 hdev->minor_class = cp->minor;
1471
b5235a65 1472 if (!hdev_is_powered(hdev)) {
bdb6d971 1473 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
04124681 1474 hdev->dev_class, 3);
b5235a65
JH		 1475 goto unlock;
1476 }
1477
a8b2d5c2 1478 if (test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
7d78525d
JH		 1479 hci_dev_unlock(hdev);
1480 cancel_delayed_work_sync(&hdev->service_cache);
1481 hci_dev_lock(hdev);
14c0b608 1482 update_eir(hdev);
7d78525d 1483 }
14c0b608 1484
1aff6f09 1485 err = update_class(hdev);
90e70454
JH		 1486 if (err < 0)
1487 goto unlock;
1aff6f09 1488
90e70454 1489 if (!test_bit(HCI_PENDING_CLASS, &hdev->dev_flags)) {
bdb6d971 1490 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
04124681 1491 hdev->dev_class, 3);
90e70454
JH		 1492 goto unlock;
1493 }
1494
1495 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DEV_CLASS, hdev, data, len);
0c01bc48 1496 if (!cmd)
90e70454 1497 err = -ENOMEM;
1aff6f09 1498
b5235a65 1499unlock:
09fd0de5 1500 hci_dev_unlock(hdev);
1aff6f09
JH		 1501 return err;
1502}
1503
bdb6d971 1504static int load_link_keys(struct sock *sk, struct hci_dev *hdev, void *data,
8ce8e2b5 1505 u16 len)
55ed8ca1 1506{
650f726d 1507 struct mgmt_cp_load_link_keys *cp = data;
4e51eae9 1508 u16 key_count, expected_len;
a492cd52 1509 int i;
55ed8ca1 1510
1f350c87 1511 key_count = __le16_to_cpu(cp->key_count);
55ed8ca1 1512
86742e1e
JH		 1513 expected_len = sizeof(*cp) + key_count *
1514 sizeof(struct mgmt_link_key_info);
a492cd52 1515 if (expected_len != len) {
86742e1e 1516 BT_ERR("load_link_keys: expected %u bytes, got %u bytes",
8ce8e2b5 1517 len, expected_len);
bdb6d971 1518 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
04124681 1519 MGMT_STATUS_INVALID_PARAMS);
55ed8ca1
JH		 1520 }
1521
4ae14301
JH		 1522 if (cp->debug_keys != 0x00 && cp->debug_keys != 0x01)
1523 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
1524 MGMT_STATUS_INVALID_PARAMS);
1525
bdb6d971 1526 BT_DBG("%s debug_keys %u key_count %u", hdev->name, cp->debug_keys,
8ce8e2b5 1527 key_count);
55ed8ca1 1528
09fd0de5 1529 hci_dev_lock(hdev);
55ed8ca1
JH		 1530
1531 hci_link_keys_clear(hdev);
1532
a8b2d5c2 1533 set_bit(HCI_LINK_KEYS, &hdev->dev_flags);
55ed8ca1
JH		 1534
1535 if (cp->debug_keys)
a8b2d5c2 1536 set_bit(HCI_DEBUG_KEYS, &hdev->dev_flags);
55ed8ca1 1537 else
a8b2d5c2 1538 clear_bit(HCI_DEBUG_KEYS, &hdev->dev_flags);
55ed8ca1 1539
a492cd52 1540 for (i = 0; i < key_count; i++) {
86742e1e 1541 struct mgmt_link_key_info *key = &cp->keys[i];
55ed8ca1 1542
d753fdc4 1543 hci_add_link_key(hdev, NULL, 0, &key->addr.bdaddr, key->val,
04124681 1544 key->type, key->pin_len);
55ed8ca1
JH		 1545 }
1546
bdb6d971 1547 cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS, 0, NULL, 0);
0e5f875a 1548
09fd0de5 1549 hci_dev_unlock(hdev);
55ed8ca1 1550
a492cd52 1551 return 0;
55ed8ca1
JH		 1552}
1553
b1078ad0 1554static int device_unpaired(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 1555 u8 addr_type, struct sock *skip_sk)
b1078ad0
JH		 1556{
1557 struct mgmt_ev_device_unpaired ev;
1558
1559 bacpy(&ev.addr.bdaddr, bdaddr);
1560 ev.addr.type = addr_type;
1561
1562 return mgmt_event(MGMT_EV_DEVICE_UNPAIRED, hdev, &ev, sizeof(ev),
04124681 1563 skip_sk);
b1078ad0
JH		 1564}
1565
bdb6d971 1566static int unpair_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1567 u16 len)
55ed8ca1 1568{
124f6e35
JH		 1569 struct mgmt_cp_unpair_device *cp = data;
1570 struct mgmt_rp_unpair_device rp;
a8a1d19e
JH		 1571 struct hci_cp_disconnect dc;
1572 struct pending_cmd *cmd;
55ed8ca1 1573 struct hci_conn *conn;
55ed8ca1
JH		 1574 int err;
1575
09fd0de5 1576 hci_dev_lock(hdev);
55ed8ca1 1577
a8a1d19e 1578 memset(&rp, 0, sizeof(rp));
124f6e35
JH		 1579 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
1580 rp.addr.type = cp->addr.type;
a8a1d19e 1581
86a8cfc6 1582 if (!hdev_is_powered(hdev)) {
bdb6d971 1583 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
04124681 1584 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
86a8cfc6
JH		 1585 goto unlock;
1586 }
1587
591f47f3 1588 if (cp->addr.type == BDADDR_BREDR)
124f6e35
JH		 1589 err = hci_remove_link_key(hdev, &cp->addr.bdaddr);
1590 else
1591 err = hci_remove_ltk(hdev, &cp->addr.bdaddr);
b0dbfb46 1592
55ed8ca1 1593 if (err < 0) {
bdb6d971 1594 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
04124681 1595 MGMT_STATUS_NOT_PAIRED, &rp, sizeof(rp));
55ed8ca1
JH		 1596 goto unlock;
1597 }
1598
86a8cfc6 1599 if (cp->disconnect) {
591f47f3 1600 if (cp->addr.type == BDADDR_BREDR)
86a8cfc6 1601 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
8ce8e2b5 1602 &cp->addr.bdaddr);
86a8cfc6
JH		 1603 else
1604 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK,
8ce8e2b5 1605 &cp->addr.bdaddr);
86a8cfc6
JH		 1606 } else {
1607 conn = NULL;
1608 }
124f6e35 1609
a8a1d19e 1610 if (!conn) {
bdb6d971 1611 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE, 0,
04124681 1612 &rp, sizeof(rp));
b1078ad0 1613 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, sk);
a8a1d19e
JH		 1614 goto unlock;
1615 }
55ed8ca1 1616
124f6e35 1617 cmd = mgmt_pending_add(sk, MGMT_OP_UNPAIR_DEVICE, hdev, cp,
04124681 1618 sizeof(*cp));
a8a1d19e
JH		 1619 if (!cmd) {
1620 err = -ENOMEM;
1621 goto unlock;
55ed8ca1
JH		 1622 }
1623
eb55ef07 1624 dc.handle = cpu_to_le16(conn->handle);
a8a1d19e
JH		 1625 dc.reason = 0x13; /* Remote User Terminated Connection */
1626 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
1627 if (err < 0)
1628 mgmt_pending_remove(cmd);
1629
55ed8ca1 1630unlock:
09fd0de5 1631 hci_dev_unlock(hdev);
55ed8ca1
JH		 1632 return err;
1633}
1634
bdb6d971 1635static int disconnect(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1636 u16 len)
8962ee74 1637{
650f726d 1638 struct mgmt_cp_disconnect *cp = data;
8962ee74 1639 struct hci_cp_disconnect dc;
366a0336 1640 struct pending_cmd *cmd;
8962ee74 1641 struct hci_conn *conn;
8962ee74
JH		 1642 int err;
1643
1644 BT_DBG("");
1645
09fd0de5 1646 hci_dev_lock(hdev);
8962ee74
JH		 1647
1648 if (!test_bit(HCI_UP, &hdev->flags)) {
bdb6d971 1649 err = cmd_status(sk, hdev->id, MGMT_OP_DISCONNECT,
04124681 1650 MGMT_STATUS_NOT_POWERED);
8962ee74
JH		 1651 goto failed;
1652 }
1653
2e58ef3e 1654 if (mgmt_pending_find(MGMT_OP_DISCONNECT, hdev)) {
bdb6d971 1655 err = cmd_status(sk, hdev->id, MGMT_OP_DISCONNECT,
04124681 1656 MGMT_STATUS_BUSY);
8962ee74
JH		 1657 goto failed;
1658 }
1659
591f47f3 1660 if (cp->addr.type == BDADDR_BREDR)
8fc9ced3
GP		 1661 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
1662 &cp->addr.bdaddr);
88c3df13
JH		 1663 else
1664 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
365227e5 1665
f960727e 1666 if (!conn || conn->state == BT_OPEN || conn->state == BT_CLOSED) {
bdb6d971 1667 err = cmd_status(sk, hdev->id, MGMT_OP_DISCONNECT,
04124681 1668 MGMT_STATUS_NOT_CONNECTED);
8962ee74
JH		 1669 goto failed;
1670 }
1671
2e58ef3e 1672 cmd = mgmt_pending_add(sk, MGMT_OP_DISCONNECT, hdev, data, len);
366a0336
JH		 1673 if (!cmd) {
1674 err = -ENOMEM;
8962ee74 1675 goto failed;
366a0336 1676 }
8962ee74 1677
eb55ef07 1678 dc.handle = cpu_to_le16(conn->handle);
3701f944 1679 dc.reason = HCI_ERROR_REMOTE_USER_TERM;
8962ee74
JH		 1680
1681 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
1682 if (err < 0)
a664b5bc 1683 mgmt_pending_remove(cmd);
8962ee74
JH		 1684
1685failed:
09fd0de5 1686 hci_dev_unlock(hdev);
8962ee74
JH		 1687 return err;
1688}
1689
57c1477c 1690static u8 link_to_bdaddr(u8 link_type, u8 addr_type)
4c659c39
JH		 1691{
1692 switch (link_type) {
1693 case LE_LINK:
48264f06
JH		 1694 switch (addr_type) {
1695 case ADDR_LE_DEV_PUBLIC:
591f47f3 1696 return BDADDR_LE_PUBLIC;
0ed09148 1697
48264f06 1698 default:
0ed09148 1699 /* Fallback to LE Random address type */
591f47f3 1700 return BDADDR_LE_RANDOM;
48264f06 1701 }
0ed09148 1702
4c659c39 1703 default:
0ed09148 1704 /* Fallback to BR/EDR type */
591f47f3 1705 return BDADDR_BREDR;
4c659c39
JH		 1706 }
1707}
1708
04124681
GP		 1709static int get_connections(struct sock *sk, struct hci_dev *hdev, void *data,
1710 u16 data_len)
2784eb41 1711{
2784eb41 1712 struct mgmt_rp_get_connections *rp;
8035ded4 1713 struct hci_conn *c;
a38528f1 1714 size_t rp_len;
60fc5fb6
JH		 1715 int err;
1716 u16 i;
2784eb41
JH		 1717
1718 BT_DBG("");
1719
09fd0de5 1720 hci_dev_lock(hdev);
2784eb41 1721
5f97c1df 1722 if (!hdev_is_powered(hdev)) {
bdb6d971 1723 err = cmd_status(sk, hdev->id, MGMT_OP_GET_CONNECTIONS,
04124681 1724 MGMT_STATUS_NOT_POWERED);
5f97c1df
JH		 1725 goto unlock;
1726 }
1727
60fc5fb6 1728 i = 0;
b644ba33
JH		 1729 list_for_each_entry(c, &hdev->conn_hash.list, list) {
1730 if (test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
60fc5fb6 1731 i++;
2784eb41
JH		 1732 }
1733
60fc5fb6 1734 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
92c4c204 1735 rp = kmalloc(rp_len, GFP_KERNEL);
a38528f1 1736 if (!rp) {
2784eb41
JH		 1737 err = -ENOMEM;
1738 goto unlock;
1739 }
1740
2784eb41 1741 i = 0;
4c659c39 1742 list_for_each_entry(c, &hdev->conn_hash.list, list) {
b644ba33
JH		 1743 if (!test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
1744 continue;
4c659c39 1745 bacpy(&rp->addr[i].bdaddr, &c->dst);
57c1477c 1746 rp->addr[i].type = link_to_bdaddr(c->type, c->dst_type);
0ed09148 1747 if (c->type == SCO_LINK || c->type == ESCO_LINK)
4c659c39
JH		 1748 continue;
1749 i++;
1750 }
1751
eb55ef07 1752 rp->conn_count = cpu_to_le16(i);
60fc5fb6 1753
4c659c39
JH		 1754 /* Recalculate length in case of filtered SCO connections, etc */
1755 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
2784eb41 1756
bdb6d971 1757 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CONNECTIONS, 0, rp,
04124681 1758 rp_len);
2784eb41 1759
a38528f1 1760 kfree(rp);
5f97c1df
JH		 1761
1762unlock:
09fd0de5 1763 hci_dev_unlock(hdev);
2784eb41
JH		 1764 return err;
1765}
1766
bdb6d971 1767static int send_pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 1768 struct mgmt_cp_pin_code_neg_reply *cp)
96d97a67
WR		 1769{
1770 struct pending_cmd *cmd;
1771 int err;
1772
2e58ef3e 1773 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_NEG_REPLY, hdev, cp,
04124681 1774 sizeof(*cp));
96d97a67
WR		 1775 if (!cmd)
1776 return -ENOMEM;
1777
d8457698 1778 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
04124681 1779 sizeof(cp->addr.bdaddr), &cp->addr.bdaddr);
96d97a67
WR		 1780 if (err < 0)
1781 mgmt_pending_remove(cmd);
1782
1783 return err;
1784}
1785
bdb6d971 1786static int pin_code_reply(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1787 u16 len)
980e1a53 1788{
96d97a67 1789 struct hci_conn *conn;
650f726d 1790 struct mgmt_cp_pin_code_reply *cp = data;
980e1a53 1791 struct hci_cp_pin_code_reply reply;
366a0336 1792 struct pending_cmd *cmd;
980e1a53
JH		 1793 int err;
1794
1795 BT_DBG("");
1796
09fd0de5 1797 hci_dev_lock(hdev);
980e1a53 1798
4b34ee78 1799 if (!hdev_is_powered(hdev)) {
bdb6d971 1800 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
04124681 1801 MGMT_STATUS_NOT_POWERED);
980e1a53
JH		 1802 goto failed;
1803 }
1804
d8457698 1805 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->addr.bdaddr);
96d97a67 1806 if (!conn) {
bdb6d971 1807 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
04124681 1808 MGMT_STATUS_NOT_CONNECTED);
96d97a67
WR		 1809 goto failed;
1810 }
1811
1812 if (conn->pending_sec_level == BT_SECURITY_HIGH && cp->pin_len != 16) {
d8457698
JH		 1813 struct mgmt_cp_pin_code_neg_reply ncp;
1814
1815 memcpy(&ncp.addr, &cp->addr, sizeof(ncp.addr));
96d97a67
WR		 1816
1817 BT_ERR("PIN code is not 16 bytes long");
1818
bdb6d971 1819 err = send_pin_code_neg_reply(sk, hdev, &ncp);
96d97a67 1820 if (err >= 0)
bdb6d971 1821 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
04124681 1822 MGMT_STATUS_INVALID_PARAMS);
96d97a67
WR		 1823
1824 goto failed;
1825 }
1826
00abfe44 1827 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_REPLY, hdev, data, len);
366a0336
JH		 1828 if (!cmd) {
1829 err = -ENOMEM;
980e1a53 1830 goto failed;
366a0336 1831 }
980e1a53 1832
d8457698 1833 bacpy(&reply.bdaddr, &cp->addr.bdaddr);
980e1a53 1834 reply.pin_len = cp->pin_len;
24718ca5 1835 memcpy(reply.pin_code, cp->pin_code, sizeof(reply.pin_code));
980e1a53
JH		 1836
1837 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_REPLY, sizeof(reply), &reply);
1838 if (err < 0)
a664b5bc 1839 mgmt_pending_remove(cmd);
980e1a53
JH		 1840
1841failed:
09fd0de5 1842 hci_dev_unlock(hdev);
980e1a53
JH		 1843 return err;
1844}
1845
04124681
GP		 1846static int set_io_capability(struct sock *sk, struct hci_dev *hdev, void *data,
1847 u16 len)
17fa4b9d 1848{
650f726d 1849 struct mgmt_cp_set_io_capability *cp = data;
17fa4b9d
JH		 1850
1851 BT_DBG("");
1852
09fd0de5 1853 hci_dev_lock(hdev);
17fa4b9d
JH		 1854
1855 hdev->io_capability = cp->io_capability;
1856
1857 BT_DBG("%s IO capability set to 0x%02x", hdev->name,
8ce8e2b5 1858 hdev->io_capability);
17fa4b9d 1859
09fd0de5 1860 hci_dev_unlock(hdev);
17fa4b9d 1861
04124681
GP		 1862 return cmd_complete(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY, 0, NULL,
1863 0);
17fa4b9d
JH		 1864}
1865
6039aa73 1866static struct pending_cmd *find_pairing(struct hci_conn *conn)
e9a416b5
JH		 1867{
1868 struct hci_dev *hdev = conn->hdev;
8035ded4 1869 struct pending_cmd *cmd;
e9a416b5 1870
2e58ef3e 1871 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
e9a416b5
JH		 1872 if (cmd->opcode != MGMT_OP_PAIR_DEVICE)
1873 continue;
1874
e9a416b5
JH		 1875 if (cmd->user_data != conn)
1876 continue;
1877
1878 return cmd;
1879 }
1880
1881 return NULL;
1882}
1883
1884static void pairing_complete(struct pending_cmd *cmd, u8 status)
1885{
1886 struct mgmt_rp_pair_device rp;
1887 struct hci_conn *conn = cmd->user_data;
1888
ba4e564f 1889 bacpy(&rp.addr.bdaddr, &conn->dst);
57c1477c 1890 rp.addr.type = link_to_bdaddr(conn->type, conn->dst_type);
e9a416b5 1891
aee9b218 1892 cmd_complete(cmd->sk, cmd->index, MGMT_OP_PAIR_DEVICE, status,
04124681 1893 &rp, sizeof(rp));
e9a416b5
JH		 1894
1895 /* So we don't get further callbacks for this connection */
1896 conn->connect_cfm_cb = NULL;
1897 conn->security_cfm_cb = NULL;
1898 conn->disconn_cfm_cb = NULL;
1899
1900 hci_conn_put(conn);
1901
a664b5bc 1902 mgmt_pending_remove(cmd);
e9a416b5
JH		 1903}
1904
1905static void pairing_complete_cb(struct hci_conn *conn, u8 status)
1906{
1907 struct pending_cmd *cmd;
1908
1909 BT_DBG("status %u", status);
1910
1911 cmd = find_pairing(conn);
56e5cb86 1912 if (!cmd)
e9a416b5 1913 BT_DBG("Unable to find a pending command");
56e5cb86 1914 else
e211326c 1915 pairing_complete(cmd, mgmt_status(status));
e9a416b5
JH		 1916}
1917
4c47d739
VA		 1918static void le_connect_complete_cb(struct hci_conn *conn, u8 status)
1919{
1920 struct pending_cmd *cmd;
1921
1922 BT_DBG("status %u", status);
1923
1924 if (!status)
1925 return;
1926
1927 cmd = find_pairing(conn);
1928 if (!cmd)
1929 BT_DBG("Unable to find a pending command");
1930 else
1931 pairing_complete(cmd, mgmt_status(status));
1932}
1933
bdb6d971 1934static int pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1935 u16 len)
e9a416b5 1936{
650f726d 1937 struct mgmt_cp_pair_device *cp = data;
1425acb7 1938 struct mgmt_rp_pair_device rp;
e9a416b5
JH		 1939 struct pending_cmd *cmd;
1940 u8 sec_level, auth_type;
1941 struct hci_conn *conn;
e9a416b5
JH		 1942 int err;
1943
1944 BT_DBG("");
1945
f950a30e
SJ		 1946 memset(&rp, 0, sizeof(rp));
1947 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
1948 rp.addr.type = cp->addr.type;
1949
09fd0de5 1950 hci_dev_lock(hdev);
e9a416b5 1951
5f97c1df 1952 if (!hdev_is_powered(hdev)) {
f950a30e
SJ		 1953 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
1954 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
5f97c1df
JH		 1955 goto unlock;
1956 }
1957
c908df36
VCG		 1958 sec_level = BT_SECURITY_MEDIUM;
1959 if (cp->io_cap == 0x03)
e9a416b5 1960 auth_type = HCI_AT_DEDICATED_BONDING;
c908df36 1961 else
e9a416b5 1962 auth_type = HCI_AT_DEDICATED_BONDING_MITM;
e9a416b5 1963
591f47f3 1964 if (cp->addr.type == BDADDR_BREDR)
b12f62cf
AG		 1965 conn = hci_connect(hdev, ACL_LINK, &cp->addr.bdaddr,
1966 cp->addr.type, sec_level, auth_type);
7a512d01 1967 else
b12f62cf
AG		 1968 conn = hci_connect(hdev, LE_LINK, &cp->addr.bdaddr,
1969 cp->addr.type, sec_level, auth_type);
7a512d01 1970
30e76272 1971 if (IS_ERR(conn)) {
489dc48e
AK		 1972 int status;
1973
1974 if (PTR_ERR(conn) == -EBUSY)
1975 status = MGMT_STATUS_BUSY;
1976 else
1977 status = MGMT_STATUS_CONNECT_FAILED;
1978
bdb6d971 1979 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
489dc48e 1980 status, &rp,
04124681 1981 sizeof(rp));
e9a416b5
JH		 1982 goto unlock;
1983 }
1984
1985 if (conn->connect_cfm_cb) {
1986 hci_conn_put(conn);
bdb6d971 1987 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
04124681 1988 MGMT_STATUS_BUSY, &rp, sizeof(rp));
e9a416b5
JH		 1989 goto unlock;
1990 }
1991
2e58ef3e 1992 cmd = mgmt_pending_add(sk, MGMT_OP_PAIR_DEVICE, hdev, data, len);
e9a416b5
JH		 1993 if (!cmd) {
1994 err = -ENOMEM;
1995 hci_conn_put(conn);
1996 goto unlock;
1997 }
1998
7a512d01 1999 /* For LE, just connecting isn't a proof that the pairing finished */
591f47f3 2000 if (cp->addr.type == BDADDR_BREDR)
7a512d01 2001 conn->connect_cfm_cb = pairing_complete_cb;
4c47d739
VA		 2002 else
2003 conn->connect_cfm_cb = le_connect_complete_cb;
7a512d01 2004
e9a416b5
JH		 2005 conn->security_cfm_cb = pairing_complete_cb;
2006 conn->disconn_cfm_cb = pairing_complete_cb;
2007 conn->io_capability = cp->io_cap;
2008 cmd->user_data = conn;
2009
2010 if (conn->state == BT_CONNECTED &&
8ce8e2b5 2011 hci_conn_security(conn, sec_level, auth_type))
e9a416b5
JH		 2012 pairing_complete(cmd, 0);
2013
2014 err = 0;
2015
2016unlock:
09fd0de5 2017 hci_dev_unlock(hdev);
e9a416b5
JH		 2018 return err;
2019}
2020
04124681
GP		 2021static int cancel_pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
2022 u16 len)
28424707 2023{
0f4e68cf 2024 struct mgmt_addr_info *addr = data;
28424707
JH		 2025 struct pending_cmd *cmd;
2026 struct hci_conn *conn;
2027 int err;
2028
2029 BT_DBG("");
2030
28424707
JH		 2031 hci_dev_lock(hdev);
2032
5f97c1df 2033 if (!hdev_is_powered(hdev)) {
bdb6d971 2034 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
04124681 2035 MGMT_STATUS_NOT_POWERED);
5f97c1df
JH		 2036 goto unlock;
2037 }
2038
28424707
JH		 2039 cmd = mgmt_pending_find(MGMT_OP_PAIR_DEVICE, hdev);
2040 if (!cmd) {
bdb6d971 2041 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
04124681 2042 MGMT_STATUS_INVALID_PARAMS);
28424707
JH		 2043 goto unlock;
2044 }
2045
2046 conn = cmd->user_data;
2047
2048 if (bacmp(&addr->bdaddr, &conn->dst) != 0) {
bdb6d971 2049 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
04124681 2050 MGMT_STATUS_INVALID_PARAMS);
28424707
JH		 2051 goto unlock;
2052 }
2053
2054 pairing_complete(cmd, MGMT_STATUS_CANCELLED);
2055
bdb6d971 2056 err = cmd_complete(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE, 0,
04124681 2057 addr, sizeof(*addr));
28424707
JH		 2058unlock:
2059 hci_dev_unlock(hdev);
28424707
JH		 2060 return err;
2061}
2062
bdb6d971 2063static int user_pairing_resp(struct sock *sk, struct hci_dev *hdev,
04124681
GP		 2064 bdaddr_t *bdaddr, u8 type, u16 mgmt_op,
2065 u16 hci_op, __le32 passkey)
a5c29683 2066{
a5c29683 2067 struct pending_cmd *cmd;
0df4c185 2068 struct hci_conn *conn;
a5c29683
JH		 2069 int err;
2070
09fd0de5 2071 hci_dev_lock(hdev);
08ba5382 2072
4b34ee78 2073 if (!hdev_is_powered(hdev)) {
bdb6d971 2074 err = cmd_status(sk, hdev->id, mgmt_op,
04124681 2075 MGMT_STATUS_NOT_POWERED);
0df4c185 2076 goto done;
a5c29683
JH		 2077 }
2078
591f47f3 2079 if (type == BDADDR_BREDR)
272d90df
JH		 2080 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, bdaddr);
2081 else
47c15e2b 2082 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, bdaddr);
272d90df
JH		 2083
2084 if (!conn) {
bdb6d971 2085 err = cmd_status(sk, hdev->id, mgmt_op,
04124681 2086 MGMT_STATUS_NOT_CONNECTED);
272d90df
JH		 2087 goto done;
2088 }
47c15e2b 2089
591f47f3 2090 if (type == BDADDR_LE_PUBLIC || type == BDADDR_LE_RANDOM) {
47c15e2b 2091 /* Continue with pairing via SMP */
5fe57d9e
BG		 2092 err = smp_user_confirm_reply(conn, mgmt_op, passkey);
2093
2094 if (!err)
bdb6d971 2095 err = cmd_status(sk, hdev->id, mgmt_op,
04124681 2096 MGMT_STATUS_SUCCESS);
5fe57d9e 2097 else
bdb6d971 2098 err = cmd_status(sk, hdev->id, mgmt_op,
04124681 2099 MGMT_STATUS_FAILED);
47c15e2b 2100
47c15e2b
BG		 2101 goto done;
2102 }
2103
0df4c185 2104 cmd = mgmt_pending_add(sk, mgmt_op, hdev, bdaddr, sizeof(*bdaddr));
a5c29683
JH		 2105 if (!cmd) {
2106 err = -ENOMEM;
0df4c185 2107 goto done;
a5c29683
JH		 2108 }
2109
0df4c185 2110 /* Continue with pairing via HCI */
604086b7
BG		 2111 if (hci_op == HCI_OP_USER_PASSKEY_REPLY) {
2112 struct hci_cp_user_passkey_reply cp;
2113
2114 bacpy(&cp.bdaddr, bdaddr);
2115 cp.passkey = passkey;
2116 err = hci_send_cmd(hdev, hci_op, sizeof(cp), &cp);
2117 } else
2118 err = hci_send_cmd(hdev, hci_op, sizeof(*bdaddr), bdaddr);
2119
a664b5bc
JH		 2120 if (err < 0)
2121 mgmt_pending_remove(cmd);
a5c29683 2122
0df4c185 2123done:
09fd0de5 2124 hci_dev_unlock(hdev);
a5c29683
JH		 2125 return err;
2126}
2127
afeb019d
JK		 2128static int pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
2129 void *data, u16 len)
2130{
2131 struct mgmt_cp_pin_code_neg_reply *cp = data;
2132
2133 BT_DBG("");
2134
2135 return user_pairing_resp(sk, hdev, &cp->addr.bdaddr, cp->addr.type,
2136 MGMT_OP_PIN_CODE_NEG_REPLY,
2137 HCI_OP_PIN_CODE_NEG_REPLY, 0);
2138}
2139
04124681
GP		 2140static int user_confirm_reply(struct sock *sk, struct hci_dev *hdev, void *data,
2141 u16 len)
0df4c185 2142{
650f726d 2143 struct mgmt_cp_user_confirm_reply *cp = data;
0df4c185
BG		 2144
2145 BT_DBG("");
2146
2147 if (len != sizeof(*cp))
bdb6d971 2148 return cmd_status(sk, hdev->id, MGMT_OP_USER_CONFIRM_REPLY,
04124681 2149 MGMT_STATUS_INVALID_PARAMS);
0df4c185 2150
bdb6d971 2151 return user_pairing_resp(sk, hdev, &cp->addr.bdaddr, cp->addr.type,
04124681
GP		 2152 MGMT_OP_USER_CONFIRM_REPLY,
2153 HCI_OP_USER_CONFIRM_REPLY, 0);
0df4c185
BG		 2154}
2155
bdb6d971 2156static int user_confirm_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 2157 void *data, u16 len)
0df4c185 2158{
c9c2659f 2159 struct mgmt_cp_user_confirm_neg_reply *cp = data;
0df4c185
BG		 2160
2161 BT_DBG("");
2162
bdb6d971 2163 return user_pairing_resp(sk, hdev, &cp->addr.bdaddr, cp->addr.type,
04124681
GP		 2164 MGMT_OP_USER_CONFIRM_NEG_REPLY,
2165 HCI_OP_USER_CONFIRM_NEG_REPLY, 0);
0df4c185
BG		 2166}
2167
04124681
GP		 2168static int user_passkey_reply(struct sock *sk, struct hci_dev *hdev, void *data,
2169 u16 len)
604086b7 2170{
650f726d 2171 struct mgmt_cp_user_passkey_reply *cp = data;
604086b7
BG		 2172
2173 BT_DBG("");
2174
bdb6d971 2175 return user_pairing_resp(sk, hdev, &cp->addr.bdaddr, cp->addr.type,
04124681
GP		 2176 MGMT_OP_USER_PASSKEY_REPLY,
2177 HCI_OP_USER_PASSKEY_REPLY, cp->passkey);
604086b7
BG		 2178}
2179
bdb6d971 2180static int user_passkey_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 2181 void *data, u16 len)
604086b7 2182{
650f726d 2183 struct mgmt_cp_user_passkey_neg_reply *cp = data;
604086b7
BG		 2184
2185 BT_DBG("");
2186
bdb6d971 2187 return user_pairing_resp(sk, hdev, &cp->addr.bdaddr, cp->addr.type,
04124681
GP		 2188 MGMT_OP_USER_PASSKEY_NEG_REPLY,
2189 HCI_OP_USER_PASSKEY_NEG_REPLY, 0);
604086b7
BG		 2190}
2191
2b4bf397
JH		 2192static int update_name(struct hci_dev *hdev, const char *name)
2193{
2194 struct hci_cp_write_local_name cp;
2195
2196 memcpy(cp.name, name, sizeof(cp.name));
2197
2198 return hci_send_cmd(hdev, HCI_OP_WRITE_LOCAL_NAME, sizeof(cp), &cp);
2199}
2200
bdb6d971 2201static int set_local_name(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2202 u16 len)
b312b161 2203{
2b4bf397 2204 struct mgmt_cp_set_local_name *cp = data;
b312b161
JH		 2205 struct pending_cmd *cmd;
2206 int err;
2207
2208 BT_DBG("");
2209
09fd0de5 2210 hci_dev_lock(hdev);
b312b161 2211
2b4bf397 2212 memcpy(hdev->short_name, cp->short_name, sizeof(hdev->short_name));
28cc7bde 2213
b5235a65 2214 if (!hdev_is_powered(hdev)) {
2b4bf397 2215 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
28cc7bde
JH		 2216
2217 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
04124681 2218 data, len);
28cc7bde
JH		 2219 if (err < 0)
2220 goto failed;
2221
2222 err = mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, data, len,
04124681 2223 sk);
28cc7bde 2224
b5235a65
JH		 2225 goto failed;
2226 }
2227
28cc7bde 2228 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LOCAL_NAME, hdev, data, len);
b312b161
JH		 2229 if (!cmd) {
2230 err = -ENOMEM;
2231 goto failed;
2232 }
2233
2b4bf397 2234 err = update_name(hdev, cp->name);
b312b161
JH		 2235 if (err < 0)
2236 mgmt_pending_remove(cmd);
2237
2238failed:
09fd0de5 2239 hci_dev_unlock(hdev);
b312b161
JH		 2240 return err;
2241}
2242
0f4e68cf 2243static int read_local_oob_data(struct sock *sk, struct hci_dev *hdev,
04124681 2244 void *data, u16 data_len)
c35938b2 2245{
c35938b2
SJ		 2246 struct pending_cmd *cmd;
2247 int err;
2248
bdb6d971 2249 BT_DBG("%s", hdev->name);
c35938b2 2250
09fd0de5 2251 hci_dev_lock(hdev);
c35938b2 2252
4b34ee78 2253 if (!hdev_is_powered(hdev)) {
bdb6d971 2254 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
04124681 2255 MGMT_STATUS_NOT_POWERED);
c35938b2
SJ		 2256 goto unlock;
2257 }
2258
9a1a1996 2259 if (!lmp_ssp_capable(hdev)) {
bdb6d971 2260 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
04124681 2261 MGMT_STATUS_NOT_SUPPORTED);
c35938b2
SJ		 2262 goto unlock;
2263 }
2264
2e58ef3e 2265 if (mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev)) {
bdb6d971 2266 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
04124681 2267 MGMT_STATUS_BUSY);
c35938b2
SJ		 2268 goto unlock;
2269 }
2270
2e58ef3e 2271 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_DATA, hdev, NULL, 0);
c35938b2
SJ		 2272 if (!cmd) {
2273 err = -ENOMEM;
2274 goto unlock;
2275 }
2276
2277 err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL);
2278 if (err < 0)
2279 mgmt_pending_remove(cmd);
2280
2281unlock:
09fd0de5 2282 hci_dev_unlock(hdev);
c35938b2
SJ		 2283 return err;
2284}
2285
bdb6d971 2286static int add_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
04124681 2287 void *data, u16 len)
2763eda6 2288{
650f726d 2289 struct mgmt_cp_add_remote_oob_data *cp = data;
bf1e3541 2290 u8 status;
2763eda6
SJ		 2291 int err;
2292
bdb6d971 2293 BT_DBG("%s ", hdev->name);
2763eda6 2294
09fd0de5 2295 hci_dev_lock(hdev);
2763eda6 2296
664ce4cc 2297 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr, cp->hash,
04124681 2298 cp->randomizer);
2763eda6 2299 if (err < 0)
bf1e3541 2300 status = MGMT_STATUS_FAILED;
2763eda6 2301 else
a6785be2 2302 status = MGMT_STATUS_SUCCESS;
bf1e3541 2303
bdb6d971 2304 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA, status,
04124681 2305 &cp->addr, sizeof(cp->addr));
2763eda6 2306
09fd0de5 2307 hci_dev_unlock(hdev);
2763eda6
SJ		 2308 return err;
2309}
2310
bdb6d971 2311static int remove_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
8ce8e2b5 2312 void *data, u16 len)
2763eda6 2313{
650f726d 2314 struct mgmt_cp_remove_remote_oob_data *cp = data;
bf1e3541 2315 u8 status;
2763eda6
SJ		 2316 int err;
2317
bdb6d971 2318 BT_DBG("%s", hdev->name);
2763eda6 2319
09fd0de5 2320 hci_dev_lock(hdev);
2763eda6 2321
664ce4cc 2322 err = hci_remove_remote_oob_data(hdev, &cp->addr.bdaddr);
2763eda6 2323 if (err < 0)
bf1e3541 2324 status = MGMT_STATUS_INVALID_PARAMS;
2763eda6 2325 else
a6785be2 2326 status = MGMT_STATUS_SUCCESS;
bf1e3541 2327
bdb6d971 2328 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
04124681 2329 status, &cp->addr, sizeof(cp->addr));
2763eda6 2330
09fd0de5 2331 hci_dev_unlock(hdev);
2763eda6
SJ		 2332 return err;
2333}
2334
5e0452c0
AG		 2335int mgmt_interleaved_discovery(struct hci_dev *hdev)
2336{
2337 int err;
2338
2339 BT_DBG("%s", hdev->name);
2340
2341 hci_dev_lock(hdev);
2342
2343 err = hci_do_inquiry(hdev, INQUIRY_LEN_BREDR_LE);
2344 if (err < 0)
2345 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
2346
2347 hci_dev_unlock(hdev);
2348
2349 return err;
2350}
2351
bdb6d971 2352static int start_discovery(struct sock *sk, struct hci_dev *hdev,
04124681 2353 void *data, u16 len)
14a53664 2354{
650f726d 2355 struct mgmt_cp_start_discovery *cp = data;
14a53664 2356 struct pending_cmd *cmd;
14a53664
JH		 2357 int err;
2358
bdb6d971 2359 BT_DBG("%s", hdev->name);
14a53664 2360
09fd0de5 2361 hci_dev_lock(hdev);
14a53664 2362
4b34ee78 2363 if (!hdev_is_powered(hdev)) {
bdb6d971 2364 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
04124681 2365 MGMT_STATUS_NOT_POWERED);
bd2d1334
JH		 2366 goto failed;
2367 }
2368
642be6c7
AG		 2369 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags)) {
2370 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2371 MGMT_STATUS_BUSY);
2372 goto failed;
2373 }
2374
ff9ef578 2375 if (hdev->discovery.state != DISCOVERY_STOPPED) {
bdb6d971 2376 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
04124681 2377 MGMT_STATUS_BUSY);
ff9ef578
JH		 2378 goto failed;
2379 }
2380
2e58ef3e 2381 cmd = mgmt_pending_add(sk, MGMT_OP_START_DISCOVERY, hdev, NULL, 0);
14a53664
JH		 2382 if (!cmd) {
2383 err = -ENOMEM;
2384 goto failed;
2385 }
2386
4aab14e5
AG		 2387 hdev->discovery.type = cp->type;
2388
2389 switch (hdev->discovery.type) {
f39799f5 2390 case DISCOV_TYPE_BREDR:
04106755
JH		 2391 if (!lmp_bredr_capable(hdev)) {
2392 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2393 MGMT_STATUS_NOT_SUPPORTED);
2394 mgmt_pending_remove(cmd);
2395 goto failed;
2396 }
2397
2398 err = hci_do_inquiry(hdev, INQUIRY_LEN_BREDR);
f39799f5
AG		 2399 break;
2400
2401 case DISCOV_TYPE_LE:
04106755
JH		 2402 if (!lmp_host_le_capable(hdev)) {
2403 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2404 MGMT_STATUS_NOT_SUPPORTED);
2405 mgmt_pending_remove(cmd);
2406 goto failed;
2407 }
2408
2409 err = hci_le_scan(hdev, LE_SCAN_TYPE, LE_SCAN_INT,
2410 LE_SCAN_WIN, LE_SCAN_TIMEOUT_LE_ONLY);
f39799f5
AG		 2411 break;
2412
5e0452c0 2413 case DISCOV_TYPE_INTERLEAVED:
04106755
JH		 2414 if (!lmp_host_le_capable(hdev) || !lmp_bredr_capable(hdev)) {
2415 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2416 MGMT_STATUS_NOT_SUPPORTED);
2417 mgmt_pending_remove(cmd);
2418 goto failed;
2419 }
2420
2421 err = hci_le_scan(hdev, LE_SCAN_TYPE, LE_SCAN_INT, LE_SCAN_WIN,
2422 LE_SCAN_TIMEOUT_BREDR_LE);
5e0452c0
AG		 2423 break;
2424
f39799f5 2425 default:
04106755
JH		 2426 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
2427 MGMT_STATUS_INVALID_PARAMS);
2428 mgmt_pending_remove(cmd);
2429 goto failed;
f39799f5 2430 }
3fd24153 2431
14a53664
JH		 2432 if (err < 0)
2433 mgmt_pending_remove(cmd);
ff9ef578
JH		 2434 else
2435 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
14a53664
JH		 2436
2437failed:
09fd0de5 2438 hci_dev_unlock(hdev);
14a53664
JH		 2439 return err;
2440}
2441
bdb6d971 2442static int stop_discovery(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2443 u16 len)
14a53664 2444{
d930650b 2445 struct mgmt_cp_stop_discovery *mgmt_cp = data;
14a53664 2446 struct pending_cmd *cmd;
30dc78e1
JH		 2447 struct hci_cp_remote_name_req_cancel cp;
2448 struct inquiry_entry *e;
14a53664
JH		 2449 int err;
2450
bdb6d971 2451 BT_DBG("%s", hdev->name);
14a53664 2452
09fd0de5 2453 hci_dev_lock(hdev);
14a53664 2454
30dc78e1 2455 if (!hci_discovery_active(hdev)) {
bdb6d971 2456 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
04124681
GP		 2457 MGMT_STATUS_REJECTED, &mgmt_cp->type,
2458 sizeof(mgmt_cp->type));
d930650b
JH		 2459 goto unlock;
2460 }
2461
2462 if (hdev->discovery.type != mgmt_cp->type) {
bdb6d971 2463 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
04124681
GP		 2464 MGMT_STATUS_INVALID_PARAMS, &mgmt_cp->type,
2465 sizeof(mgmt_cp->type));
30dc78e1 2466 goto unlock;
ff9ef578
JH		 2467 }
2468
2e58ef3e 2469 cmd = mgmt_pending_add(sk, MGMT_OP_STOP_DISCOVERY, hdev, NULL, 0);
14a53664
JH		 2470 if (!cmd) {
2471 err = -ENOMEM;
30dc78e1
JH		 2472 goto unlock;
2473 }
2474
e0d9727e
AG		 2475 switch (hdev->discovery.state) {
2476 case DISCOVERY_FINDING:
c9ecc48e
AG		 2477 if (test_bit(HCI_INQUIRY, &hdev->flags))
2478 err = hci_cancel_inquiry(hdev);
2479 else
2480 err = hci_cancel_le_scan(hdev);
2481
e0d9727e
AG		 2482 break;
2483
2484 case DISCOVERY_RESOLVING:
2485 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY,
8ce8e2b5 2486 NAME_PENDING);
e0d9727e 2487 if (!e) {
30dc78e1 2488 mgmt_pending_remove(cmd);
e0d9727e
AG		 2489 err = cmd_complete(sk, hdev->id,
2490 MGMT_OP_STOP_DISCOVERY, 0,
2491 &mgmt_cp->type,
2492 sizeof(mgmt_cp->type));
2493 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
2494 goto unlock;
2495 }
30dc78e1 2496
e0d9727e
AG		 2497 bacpy(&cp.bdaddr, &e->data.bdaddr);
2498 err = hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ_CANCEL,
2499 sizeof(cp), &cp);
2500
2501 break;
2502
2503 default:
2504 BT_DBG("unknown discovery state %u", hdev->discovery.state);
2505 err = -EFAULT;
14a53664
JH		 2506 }
2507
14a53664
JH		 2508 if (err < 0)
2509 mgmt_pending_remove(cmd);
ff9ef578
JH		 2510 else
2511 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
14a53664 2512
30dc78e1 2513unlock:
09fd0de5 2514 hci_dev_unlock(hdev);
14a53664
JH		 2515 return err;
2516}
2517
bdb6d971 2518static int confirm_name(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2519 u16 len)
561aafbc 2520{
650f726d 2521 struct mgmt_cp_confirm_name *cp = data;
561aafbc 2522 struct inquiry_entry *e;
561aafbc
JH		 2523 int err;
2524
bdb6d971 2525 BT_DBG("%s", hdev->name);
561aafbc 2526
561aafbc
JH		 2527 hci_dev_lock(hdev);
2528
30dc78e1 2529 if (!hci_discovery_active(hdev)) {
bdb6d971 2530 err = cmd_status(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
04124681 2531 MGMT_STATUS_FAILED);
30dc78e1
JH		 2532 goto failed;
2533 }
2534
a198e7b1 2535 e = hci_inquiry_cache_lookup_unknown(hdev, &cp->addr.bdaddr);
561aafbc 2536 if (!e) {
bdb6d971 2537 err = cmd_status(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
04124681 2538 MGMT_STATUS_INVALID_PARAMS);
561aafbc
JH		 2539 goto failed;
2540 }
2541
2542 if (cp->name_known) {
2543 e->name_state = NAME_KNOWN;
2544 list_del(&e->list);
2545 } else {
2546 e->name_state = NAME_NEEDED;
a3d4e20a 2547 hci_inquiry_cache_update_resolve(hdev, e);
561aafbc
JH		 2548 }
2549
e384662b
JH		 2550 err = cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME, 0, &cp->addr,
2551 sizeof(cp->addr));
561aafbc
JH		 2552
2553failed:
2554 hci_dev_unlock(hdev);
561aafbc
JH		 2555 return err;
2556}
2557
bdb6d971 2558static int block_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2559 u16 len)
7fbec224 2560{
650f726d 2561 struct mgmt_cp_block_device *cp = data;
f0eeea8b 2562 u8 status;
7fbec224
AJ		 2563 int err;
2564
bdb6d971 2565 BT_DBG("%s", hdev->name);
7fbec224 2566
09fd0de5 2567 hci_dev_lock(hdev);
5e762444 2568
88c1fe4b 2569 err = hci_blacklist_add(hdev, &cp->addr.bdaddr, cp->addr.type);
7fbec224 2570 if (err < 0)
f0eeea8b 2571 status = MGMT_STATUS_FAILED;
7fbec224 2572 else
a6785be2 2573 status = MGMT_STATUS_SUCCESS;
f0eeea8b 2574
bdb6d971 2575 err = cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE, status,
04124681 2576 &cp->addr, sizeof(cp->addr));
5e762444 2577
09fd0de5 2578 hci_dev_unlock(hdev);
7fbec224
AJ		 2579
2580 return err;
2581}
2582
bdb6d971 2583static int unblock_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2584 u16 len)
7fbec224 2585{
650f726d 2586 struct mgmt_cp_unblock_device *cp = data;
f0eeea8b 2587 u8 status;
7fbec224
AJ		 2588 int err;
2589
bdb6d971 2590 BT_DBG("%s", hdev->name);
7fbec224 2591
09fd0de5 2592 hci_dev_lock(hdev);
5e762444 2593
88c1fe4b 2594 err = hci_blacklist_del(hdev, &cp->addr.bdaddr, cp->addr.type);
7fbec224 2595 if (err < 0)
f0eeea8b 2596 status = MGMT_STATUS_INVALID_PARAMS;
7fbec224 2597 else
a6785be2 2598 status = MGMT_STATUS_SUCCESS;
f0eeea8b 2599
bdb6d971 2600 err = cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE, status,
04124681 2601 &cp->addr, sizeof(cp->addr));
5e762444 2602
09fd0de5 2603 hci_dev_unlock(hdev);
7fbec224
AJ		 2604
2605 return err;
2606}
2607
cdbaccca
MH		 2608static int set_device_id(struct sock *sk, struct hci_dev *hdev, void *data,
2609 u16 len)
2610{
2611 struct mgmt_cp_set_device_id *cp = data;
2612 int err;
c72d4b8a 2613 __u16 source;
cdbaccca
MH		 2614
2615 BT_DBG("%s", hdev->name);
2616
c72d4b8a
SJ		 2617 source = __le16_to_cpu(cp->source);
2618
2619 if (source > 0x0002)
2620 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEVICE_ID,
2621 MGMT_STATUS_INVALID_PARAMS);
2622
cdbaccca
MH		 2623 hci_dev_lock(hdev);
2624
c72d4b8a 2625 hdev->devid_source = source;
cdbaccca
MH		 2626 hdev->devid_vendor = __le16_to_cpu(cp->vendor);
2627 hdev->devid_product = __le16_to_cpu(cp->product);
2628 hdev->devid_version = __le16_to_cpu(cp->version);
2629
2630 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEVICE_ID, 0, NULL, 0);
2631
2632 update_eir(hdev);
2633
2634 hci_dev_unlock(hdev);
2635
2636 return err;
2637}
2638
bdb6d971 2639static int set_fast_connectable(struct sock *sk, struct hci_dev *hdev,
04124681 2640 void *data, u16 len)
f6422ec6 2641{
650f726d 2642 struct mgmt_mode *cp = data;
f6422ec6
AJ		 2643 struct hci_cp_write_page_scan_activity acp;
2644 u8 type;
2645 int err;
2646
bdb6d971 2647 BT_DBG("%s", hdev->name);
f6422ec6 2648
33c525c0
JH		 2649 if (!lmp_bredr_capable(hdev))
2650 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
2651 MGMT_STATUS_NOT_SUPPORTED);
2652
a7e80f25
JH		 2653 if (cp->val != 0x00 && cp->val != 0x01)
2654 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
2655 MGMT_STATUS_INVALID_PARAMS);
2656
5400c044 2657 if (!hdev_is_powered(hdev))
bdb6d971 2658 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
04124681 2659 MGMT_STATUS_NOT_POWERED);
5400c044
JH		 2660
2661 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
bdb6d971 2662 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
04124681 2663 MGMT_STATUS_REJECTED);
f6422ec6
AJ		 2664
2665 hci_dev_lock(hdev);
2666
f7c6869c 2667 if (cp->val) {
f6422ec6 2668 type = PAGE_SCAN_TYPE_INTERLACED;
76ec9de8 2669
83ce9a06
JH		 2670 /* 160 msec page scan interval */
2671 acp.interval = __constant_cpu_to_le16(0x0100);
f6422ec6
AJ		 2672 } else {
2673 type = PAGE_SCAN_TYPE_STANDARD; /* default */
76ec9de8
AE		 2674
2675 /* default 1.28 sec page scan */
2676 acp.interval = __constant_cpu_to_le16(0x0800);
f6422ec6
AJ		 2677 }
2678
76ec9de8
AE		 2679 /* default 11.25 msec page scan window */
2680 acp.window = __constant_cpu_to_le16(0x0012);
f6422ec6 2681
04124681
GP		 2682 err = hci_send_cmd(hdev, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY, sizeof(acp),
2683 &acp);
f6422ec6 2684 if (err < 0) {
bdb6d971 2685 err = cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
04124681 2686 MGMT_STATUS_FAILED);
f6422ec6
AJ		 2687 goto done;
2688 }
2689
2690 err = hci_send_cmd(hdev, HCI_OP_WRITE_PAGE_SCAN_TYPE, 1, &type);
2691 if (err < 0) {
bdb6d971 2692 err = cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
04124681 2693 MGMT_STATUS_FAILED);
f6422ec6
AJ		 2694 goto done;
2695 }
2696
bdb6d971 2697 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE, 0,
04124681 2698 NULL, 0);
f6422ec6
AJ		 2699done:
2700 hci_dev_unlock(hdev);
f6422ec6
AJ		 2701 return err;
2702}
2703
bdb6d971 2704static int load_long_term_keys(struct sock *sk, struct hci_dev *hdev,
04124681 2705 void *cp_data, u16 len)
346af67b 2706{
346af67b
VCG		 2707 struct mgmt_cp_load_long_term_keys *cp = cp_data;
2708 u16 key_count, expected_len;
715a5bf2 2709 int i, err;
346af67b 2710
1f350c87 2711 key_count = __le16_to_cpu(cp->key_count);
346af67b
VCG		 2712
2713 expected_len = sizeof(*cp) + key_count *
2714 sizeof(struct mgmt_ltk_info);
2715 if (expected_len != len) {
2716 BT_ERR("load_keys: expected %u bytes, got %u bytes",
8ce8e2b5 2717 len, expected_len);
bdb6d971 2718 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
04124681 2719 EINVAL);
346af67b
VCG		 2720 }
2721
bdb6d971 2722 BT_DBG("%s key_count %u", hdev->name, key_count);
346af67b
VCG		 2723
2724 hci_dev_lock(hdev);
2725
2726 hci_smp_ltks_clear(hdev);
2727
2728 for (i = 0; i < key_count; i++) {
2729 struct mgmt_ltk_info *key = &cp->keys[i];
2730 u8 type;
2731
2732 if (key->master)
2733 type = HCI_SMP_LTK;
2734 else
2735 type = HCI_SMP_LTK_SLAVE;
2736
4596fde5 2737 hci_add_ltk(hdev, &key->addr.bdaddr,
378b5b7e 2738 bdaddr_to_le(key->addr.type),
04124681
GP		 2739 type, 0, key->authenticated, key->val,
2740 key->enc_size, key->ediv, key->rand);
346af67b
VCG		 2741 }
2742
715a5bf2
JH		 2743 err = cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS, 0,
2744 NULL, 0);
2745
346af67b 2746 hci_dev_unlock(hdev);
346af67b 2747
715a5bf2 2748 return err;
346af67b
VCG		 2749}
2750
2e3c35ea 2751static const struct mgmt_handler {
04124681
GP		 2752 int (*func) (struct sock *sk, struct hci_dev *hdev, void *data,
2753 u16 data_len);
be22b54e
JH		 2754 bool var_len;
2755 size_t data_len;
0f4e68cf
JH		 2756} mgmt_handlers[] = {
2757 { NULL }, /* 0x0000 (no command) */
be22b54e
JH		 2758 { read_version, false, MGMT_READ_VERSION_SIZE },
2759 { read_commands, false, MGMT_READ_COMMANDS_SIZE },
2760 { read_index_list, false, MGMT_READ_INDEX_LIST_SIZE },
2761 { read_controller_info, false, MGMT_READ_INFO_SIZE },
2762 { set_powered, false, MGMT_SETTING_SIZE },
2763 { set_discoverable, false, MGMT_SET_DISCOVERABLE_SIZE },
2764 { set_connectable, false, MGMT_SETTING_SIZE },
2765 { set_fast_connectable, false, MGMT_SETTING_SIZE },
2766 { set_pairable, false, MGMT_SETTING_SIZE },
2767 { set_link_security, false, MGMT_SETTING_SIZE },
2768 { set_ssp, false, MGMT_SETTING_SIZE },
2769 { set_hs, false, MGMT_SETTING_SIZE },
2770 { set_le, false, MGMT_SETTING_SIZE },
2771 { set_dev_class, false, MGMT_SET_DEV_CLASS_SIZE },
2772 { set_local_name, false, MGMT_SET_LOCAL_NAME_SIZE },
2773 { add_uuid, false, MGMT_ADD_UUID_SIZE },
2774 { remove_uuid, false, MGMT_REMOVE_UUID_SIZE },
2775 { load_link_keys, true, MGMT_LOAD_LINK_KEYS_SIZE },
2776 { load_long_term_keys, true, MGMT_LOAD_LONG_TERM_KEYS_SIZE },
2777 { disconnect, false, MGMT_DISCONNECT_SIZE },
2778 { get_connections, false, MGMT_GET_CONNECTIONS_SIZE },
2779 { pin_code_reply, false, MGMT_PIN_CODE_REPLY_SIZE },
2780 { pin_code_neg_reply, false, MGMT_PIN_CODE_NEG_REPLY_SIZE },
2781 { set_io_capability, false, MGMT_SET_IO_CAPABILITY_SIZE },
2782 { pair_device, false, MGMT_PAIR_DEVICE_SIZE },
2783 { cancel_pair_device, false, MGMT_CANCEL_PAIR_DEVICE_SIZE },
2784 { unpair_device, false, MGMT_UNPAIR_DEVICE_SIZE },
2785 { user_confirm_reply, false, MGMT_USER_CONFIRM_REPLY_SIZE },
2786 { user_confirm_neg_reply, false, MGMT_USER_CONFIRM_NEG_REPLY_SIZE },
2787 { user_passkey_reply, false, MGMT_USER_PASSKEY_REPLY_SIZE },
2788 { user_passkey_neg_reply, false, MGMT_USER_PASSKEY_NEG_REPLY_SIZE },
2789 { read_local_oob_data, false, MGMT_READ_LOCAL_OOB_DATA_SIZE },
2790 { add_remote_oob_data, false, MGMT_ADD_REMOTE_OOB_DATA_SIZE },
2791 { remove_remote_oob_data, false, MGMT_REMOVE_REMOTE_OOB_DATA_SIZE },
2792 { start_discovery, false, MGMT_START_DISCOVERY_SIZE },
2793 { stop_discovery, false, MGMT_STOP_DISCOVERY_SIZE },
2794 { confirm_name, false, MGMT_CONFIRM_NAME_SIZE },
2795 { block_device, false, MGMT_BLOCK_DEVICE_SIZE },
2796 { unblock_device, false, MGMT_UNBLOCK_DEVICE_SIZE },
cdbaccca 2797 { set_device_id, false, MGMT_SET_DEVICE_ID_SIZE },
0f4e68cf
JH		 2798};
2799
2800
0381101f
JH		 2801int mgmt_control(struct sock *sk, struct msghdr *msg, size_t msglen)
2802{
650f726d
VCG		 2803 void *buf;
2804 u8 *cp;
0381101f 2805 struct mgmt_hdr *hdr;
4e51eae9 2806 u16 opcode, index, len;
bdb6d971 2807 struct hci_dev *hdev = NULL;
2e3c35ea 2808 const struct mgmt_handler *handler;
0381101f
JH		 2809 int err;
2810
2811 BT_DBG("got %zu bytes", msglen);
2812
2813 if (msglen < sizeof(*hdr))
2814 return -EINVAL;
2815
e63a15ec 2816 buf = kmalloc(msglen, GFP_KERNEL);
0381101f
JH		 2817 if (!buf)
2818 return -ENOMEM;
2819
2820 if (memcpy_fromiovec(buf, msg->msg_iov, msglen)) {
2821 err = -EFAULT;
2822 goto done;
2823 }
2824
650f726d 2825 hdr = buf;
1f350c87
MH		 2826 opcode = __le16_to_cpu(hdr->opcode);
2827 index = __le16_to_cpu(hdr->index);
2828 len = __le16_to_cpu(hdr->len);
0381101f
JH		 2829
2830 if (len != msglen - sizeof(*hdr)) {
2831 err = -EINVAL;
2832 goto done;
2833 }
2834
0f4e68cf 2835 if (index != MGMT_INDEX_NONE) {
bdb6d971
JH		 2836 hdev = hci_dev_get(index);
2837 if (!hdev) {
2838 err = cmd_status(sk, index, opcode,
04124681 2839 MGMT_STATUS_INVALID_INDEX);
bdb6d971
JH		 2840 goto done;
2841 }
2842 }
2843
0f4e68cf 2844 if (opcode >= ARRAY_SIZE(mgmt_handlers) ||
8ce8e2b5 2845 mgmt_handlers[opcode].func == NULL) {
0381101f 2846 BT_DBG("Unknown op %u", opcode);
ca69b795 2847 err = cmd_status(sk, index, opcode,
04124681 2848 MGMT_STATUS_UNKNOWN_COMMAND);
0f4e68cf
JH		 2849 goto done;
2850 }
2851
2852 if ((hdev && opcode < MGMT_OP_READ_INFO) ||
8ce8e2b5 2853 (!hdev && opcode >= MGMT_OP_READ_INFO)) {
0f4e68cf 2854 err = cmd_status(sk, index, opcode,
04124681 2855 MGMT_STATUS_INVALID_INDEX);
0f4e68cf 2856 goto done;
0381101f
JH		 2857 }
2858
be22b54e
JH		 2859 handler = &mgmt_handlers[opcode];
2860
2861 if ((handler->var_len && len < handler->data_len) ||
8ce8e2b5 2862 (!handler->var_len && len != handler->data_len)) {
be22b54e 2863 err = cmd_status(sk, index, opcode,
04124681 2864 MGMT_STATUS_INVALID_PARAMS);
be22b54e
JH		 2865 goto done;
2866 }
2867
0f4e68cf
JH		 2868 if (hdev)
2869 mgmt_init_hdev(sk, hdev);
2870
2871 cp = buf + sizeof(*hdr);
2872
be22b54e 2873 err = handler->func(sk, hdev, cp, len);
e41d8b4e
JH		 2874 if (err < 0)
2875 goto done;
2876
0381101f
JH		 2877 err = msglen;
2878
2879done:
bdb6d971
JH		 2880 if (hdev)
2881 hci_dev_put(hdev);
2882
0381101f
JH		 2883 kfree(buf);
2884 return err;
2885}
c71e97bf 2886
b24752fe
JH		 2887static void cmd_status_rsp(struct pending_cmd *cmd, void *data)
2888{
2889 u8 *status = data;
2890
2891 cmd_status(cmd->sk, cmd->index, cmd->opcode, *status);
2892 mgmt_pending_remove(cmd);
2893}
2894
744cf19e 2895int mgmt_index_added(struct hci_dev *hdev)
c71e97bf 2896{
bb4b2a9a
AE		 2897 if (!mgmt_valid_hdev(hdev))
2898 return -ENOTSUPP;
2899
744cf19e 2900 return mgmt_event(MGMT_EV_INDEX_ADDED, hdev, NULL, 0, NULL);
c71e97bf
JH		 2901}
2902
744cf19e 2903int mgmt_index_removed(struct hci_dev *hdev)
c71e97bf 2904{
5f159032 2905 u8 status = MGMT_STATUS_INVALID_INDEX;
b24752fe 2906
bb4b2a9a
AE		 2907 if (!mgmt_valid_hdev(hdev))
2908 return -ENOTSUPP;
2909
744cf19e 2910 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status);
b24752fe 2911
744cf19e 2912 return mgmt_event(MGMT_EV_INDEX_REMOVED, hdev, NULL, 0, NULL);
eec8d2bc
JH		 2913}
2914
73f22f62 2915struct cmd_lookup {
eec8d2bc 2916 struct sock *sk;
69ab39ea 2917 struct hci_dev *hdev;
90e70454 2918 u8 mgmt_status;
eec8d2bc
JH		 2919};
2920
69ab39ea 2921static void settings_rsp(struct pending_cmd *cmd, void *data)
eec8d2bc 2922{
73f22f62 2923 struct cmd_lookup *match = data;
eec8d2bc 2924
69ab39ea 2925 send_settings_rsp(cmd->sk, cmd->opcode, match->hdev);
eec8d2bc
JH		 2926
2927 list_del(&cmd->list);
2928
2929 if (match->sk == NULL) {
2930 match->sk = cmd->sk;
2931 sock_hold(match->sk);
2932 }
2933
2934 mgmt_pending_free(cmd);
c71e97bf 2935}
5add6af8 2936
7f0ae647
JH		 2937static int set_bredr_scan(struct hci_dev *hdev)
2938{
2939 u8 scan = 0;
2940
2941 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
2942 scan |= SCAN_PAGE;
2943 if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
2944 scan |= SCAN_INQUIRY;
2945
2946 if (!scan)
2947 return 0;
2948
2949 return hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
2950}
2951
744cf19e 2952int mgmt_powered(struct hci_dev *hdev, u8 powered)
5add6af8 2953{
76a7f3a4 2954 struct cmd_lookup match = { NULL, hdev };
7bb895d6 2955 int err;
5add6af8 2956
5e5282bb
JH		 2957 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
2958 return 0;
2959
69ab39ea 2960 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
5add6af8 2961
5e5282bb 2962 if (powered) {
6b4b73ee
JH		 2963 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags) &&
2964 !lmp_host_ssp_capable(hdev)) {
3d1cbdd6
AK		 2965 u8 ssp = 1;
2966
2967 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, 1, &ssp);
2968 }
2969
562fcc24
AK		 2970 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
2971 struct hci_cp_write_le_host_supported cp;
2972
2973 cp.le = 1;
ffa88e02 2974 cp.simul = lmp_le_br_capable(hdev);
562fcc24 2975
430a61b8
JH		 2976 /* Check first if we already have the right
2977 * host state (host features set)
2978 */
ffa88e02
GP		 2979 if (cp.le != lmp_host_le_capable(hdev) ||
2980 cp.simul != lmp_host_le_br_capable(hdev))
430a61b8
JH		 2981 hci_send_cmd(hdev,
2982 HCI_OP_WRITE_LE_HOST_SUPPORTED,
2983 sizeof(cp), &cp);
562fcc24
AK		 2984 }
2985
7f0ae647
JH		 2986 if (lmp_bredr_capable(hdev)) {
2987 set_bredr_scan(hdev);
2988 update_class(hdev);
2989 update_name(hdev, hdev->dev_name);
2990 update_eir(hdev);
2991 }
5e5282bb 2992 } else {
d4f68526 2993 u8 status = MGMT_STATUS_NOT_POWERED;
fe038884
JH		 2994 u8 zero_cod[] = { 0, 0, 0 };
2995
744cf19e 2996 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status);
fe038884
JH		 2997
2998 if (memcmp(hdev->dev_class, zero_cod, sizeof(zero_cod)) != 0)
2999 mgmt_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev,
3000 zero_cod, sizeof(zero_cod), NULL);
b24752fe
JH		 3001 }
3002
beadb2bd 3003 err = new_settings(hdev, match.sk);
eec8d2bc
JH		 3004
3005 if (match.sk)
3006 sock_put(match.sk);
3007
7bb895d6 3008 return err;
5add6af8 3009}
73f22f62 3010
744cf19e 3011int mgmt_discoverable(struct hci_dev *hdev, u8 discoverable)
73f22f62 3012{
76a7f3a4 3013 struct cmd_lookup match = { NULL, hdev };
5e5282bb
JH		 3014 bool changed = false;
3015 int err = 0;
73f22f62 3016
5e5282bb
JH		 3017 if (discoverable) {
3018 if (!test_and_set_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
3019 changed = true;
3020 } else {
3021 if (test_and_clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
3022 changed = true;
3023 }
73f22f62 3024
ed9b5f2f 3025 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, hdev, settings_rsp,
04124681 3026 &match);
ed9b5f2f 3027
beadb2bd
JH		 3028 if (changed)
3029 err = new_settings(hdev, match.sk);
5e5282bb 3030
73f22f62
JH		 3031 if (match.sk)
3032 sock_put(match.sk);
3033
7bb895d6 3034 return err;
73f22f62 3035}
9fbcbb45 3036
744cf19e 3037int mgmt_connectable(struct hci_dev *hdev, u8 connectable)
9fbcbb45 3038{
76a7f3a4 3039 struct cmd_lookup match = { NULL, hdev };
5e5282bb
JH		 3040 bool changed = false;
3041 int err = 0;
9fbcbb45 3042
5e5282bb
JH		 3043 if (connectable) {
3044 if (!test_and_set_bit(HCI_CONNECTABLE, &hdev->dev_flags))
3045 changed = true;
3046 } else {
3047 if (test_and_clear_bit(HCI_CONNECTABLE, &hdev->dev_flags))
3048 changed = true;
3049 }
9fbcbb45 3050
ed9b5f2f 3051 mgmt_pending_foreach(MGMT_OP_SET_CONNECTABLE, hdev, settings_rsp,
04124681 3052 &match);
ed9b5f2f 3053
beadb2bd
JH		 3054 if (changed)
3055 err = new_settings(hdev, match.sk);
9fbcbb45
JH		 3056
3057 if (match.sk)
3058 sock_put(match.sk);
3059
7bb895d6 3060 return err;
9fbcbb45 3061}
55ed8ca1 3062
744cf19e 3063int mgmt_write_scan_failed(struct hci_dev *hdev, u8 scan, u8 status)
2d7cee58 3064{
ca69b795
JH		 3065 u8 mgmt_err = mgmt_status(status);
3066
2d7cee58 3067 if (scan & SCAN_PAGE)
744cf19e 3068 mgmt_pending_foreach(MGMT_OP_SET_CONNECTABLE, hdev,
04124681 3069 cmd_status_rsp, &mgmt_err);
2d7cee58
JH		 3070
3071 if (scan & SCAN_INQUIRY)
744cf19e 3072 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, hdev,
04124681 3073 cmd_status_rsp, &mgmt_err);
2d7cee58
JH		 3074
3075 return 0;
3076}
3077
53168e5b
CC		 3078int mgmt_new_link_key(struct hci_dev *hdev, struct link_key *key,
3079 bool persistent)
55ed8ca1 3080{
86742e1e 3081 struct mgmt_ev_new_link_key ev;
55ed8ca1 3082
a492cd52 3083 memset(&ev, 0, sizeof(ev));
55ed8ca1 3084
a492cd52 3085 ev.store_hint = persistent;
d753fdc4 3086 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
591f47f3 3087 ev.key.addr.type = BDADDR_BREDR;
a492cd52 3088 ev.key.type = key->type;
9b3b4460 3089 memcpy(ev.key.val, key->val, HCI_LINK_KEY_SIZE);
a492cd52 3090 ev.key.pin_len = key->pin_len;
55ed8ca1 3091
744cf19e 3092 return mgmt_event(MGMT_EV_NEW_LINK_KEY, hdev, &ev, sizeof(ev), NULL);
55ed8ca1 3093}
f7520543 3094
346af67b
VCG		 3095int mgmt_new_ltk(struct hci_dev *hdev, struct smp_ltk *key, u8 persistent)
3096{
3097 struct mgmt_ev_new_long_term_key ev;
3098
3099 memset(&ev, 0, sizeof(ev));
3100
3101 ev.store_hint = persistent;
3102 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
57c1477c 3103 ev.key.addr.type = link_to_bdaddr(LE_LINK, key->bdaddr_type);
346af67b
VCG		 3104 ev.key.authenticated = key->authenticated;
3105 ev.key.enc_size = key->enc_size;
3106 ev.key.ediv = key->ediv;
3107
3108 if (key->type == HCI_SMP_LTK)
3109 ev.key.master = 1;
3110
3111 memcpy(ev.key.rand, key->rand, sizeof(key->rand));
3112 memcpy(ev.key.val, key->val, sizeof(key->val));
3113
04124681
GP		 3114 return mgmt_event(MGMT_EV_NEW_LONG_TERM_KEY, hdev, &ev, sizeof(ev),
3115 NULL);
346af67b
VCG		 3116}
3117
afc747a6 3118int mgmt_device_connected(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
04124681
GP		 3119 u8 addr_type, u32 flags, u8 *name, u8 name_len,
3120 u8 *dev_class)
f7520543 3121{
b644ba33
JH		 3122 char buf[512];
3123 struct mgmt_ev_device_connected *ev = (void *) buf;
3124 u16 eir_len = 0;
f7520543 3125
b644ba33 3126 bacpy(&ev->addr.bdaddr, bdaddr);
57c1477c 3127 ev->addr.type = link_to_bdaddr(link_type, addr_type);
f7520543 3128
c95f0ba7 3129 ev->flags = __cpu_to_le32(flags);
08c79b61 3130
b644ba33
JH		 3131 if (name_len > 0)
3132 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE,
04124681 3133 name, name_len);
b644ba33
JH		 3134
3135 if (dev_class && memcmp(dev_class, "\0\0\0", 3) != 0)
53156385 3136 eir_len = eir_append_data(ev->eir, eir_len,
04124681 3137 EIR_CLASS_OF_DEV, dev_class, 3);
b644ba33 3138
eb55ef07 3139 ev->eir_len = cpu_to_le16(eir_len);
b644ba33
JH		 3140
3141 return mgmt_event(MGMT_EV_DEVICE_CONNECTED, hdev, buf,
04124681 3142 sizeof(*ev) + eir_len, NULL);
f7520543
JH		 3143}
3144
8962ee74
JH		 3145static void disconnect_rsp(struct pending_cmd *cmd, void *data)
3146{
c68fb7ff 3147 struct mgmt_cp_disconnect *cp = cmd->param;
8962ee74 3148 struct sock **sk = data;
a38528f1 3149 struct mgmt_rp_disconnect rp;
8962ee74 3150
88c3df13
JH		 3151 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
3152 rp.addr.type = cp->addr.type;
8962ee74 3153
aee9b218 3154 cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT, 0, &rp,
04124681 3155 sizeof(rp));
8962ee74
JH		 3156
3157 *sk = cmd->sk;
3158 sock_hold(*sk);
3159
a664b5bc 3160 mgmt_pending_remove(cmd);
8962ee74
JH		 3161}
3162
124f6e35 3163static void unpair_device_rsp(struct pending_cmd *cmd, void *data)
a8a1d19e 3164{
b1078ad0 3165 struct hci_dev *hdev = data;
124f6e35
JH		 3166 struct mgmt_cp_unpair_device *cp = cmd->param;
3167 struct mgmt_rp_unpair_device rp;
a8a1d19e
JH		 3168
3169 memset(&rp, 0, sizeof(rp));
124f6e35
JH		 3170 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
3171 rp.addr.type = cp->addr.type;
a8a1d19e 3172
b1078ad0
JH		 3173 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, cmd->sk);
3174
aee9b218 3175 cmd_complete(cmd->sk, cmd->index, cmd->opcode, 0, &rp, sizeof(rp));
a8a1d19e
JH		 3176
3177 mgmt_pending_remove(cmd);
3178}
3179
afc747a6 3180int mgmt_device_disconnected(struct hci_dev *hdev, bdaddr_t *bdaddr,
f0d6a0ea 3181 u8 link_type, u8 addr_type, u8 reason)
f7520543 3182{
f0d6a0ea 3183 struct mgmt_ev_device_disconnected ev;
8962ee74
JH		 3184 struct sock *sk = NULL;
3185 int err;
3186
744cf19e 3187 mgmt_pending_foreach(MGMT_OP_DISCONNECT, hdev, disconnect_rsp, &sk);
f7520543 3188
f0d6a0ea
MA		 3189 bacpy(&ev.addr.bdaddr, bdaddr);
3190 ev.addr.type = link_to_bdaddr(link_type, addr_type);
3191 ev.reason = reason;
f7520543 3192
afc747a6 3193 err = mgmt_event(MGMT_EV_DEVICE_DISCONNECTED, hdev, &ev, sizeof(ev),
04124681 3194 sk);
8962ee74
JH		 3195
3196 if (sk)
d97dcb66 3197 sock_put(sk);
8962ee74 3198
124f6e35 3199 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
04124681 3200 hdev);
a8a1d19e 3201
8962ee74
JH		 3202 return err;
3203}
3204
88c3df13 3205int mgmt_disconnect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 3206 u8 link_type, u8 addr_type, u8 status)
8962ee74 3207{
88c3df13 3208 struct mgmt_rp_disconnect rp;
8962ee74
JH		 3209 struct pending_cmd *cmd;
3210 int err;
3211
36a75f1b
JD		 3212 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
3213 hdev);
3214
2e58ef3e 3215 cmd = mgmt_pending_find(MGMT_OP_DISCONNECT, hdev);
8962ee74
JH		 3216 if (!cmd)
3217 return -ENOENT;
3218
88c3df13 3219 bacpy(&rp.addr.bdaddr, bdaddr);
57c1477c 3220 rp.addr.type = link_to_bdaddr(link_type, addr_type);
37d9ef76 3221
88c3df13 3222 err = cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT,
04124681 3223 mgmt_status(status), &rp, sizeof(rp));
8962ee74 3224
a664b5bc 3225 mgmt_pending_remove(cmd);
8962ee74
JH		 3226
3227 return err;
f7520543 3228}
17d5c04c 3229
48264f06 3230int mgmt_connect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
04124681 3231 u8 addr_type, u8 status)
17d5c04c
JH		 3232{
3233 struct mgmt_ev_connect_failed ev;
3234
4c659c39 3235 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 3236 ev.addr.type = link_to_bdaddr(link_type, addr_type);
ca69b795 3237 ev.status = mgmt_status(status);
17d5c04c 3238
744cf19e 3239 return mgmt_event(MGMT_EV_CONNECT_FAILED, hdev, &ev, sizeof(ev), NULL);
17d5c04c 3240}
980e1a53 3241
744cf19e 3242int mgmt_pin_code_request(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 secure)
980e1a53
JH		 3243{
3244 struct mgmt_ev_pin_code_request ev;
3245
d8457698 3246 bacpy(&ev.addr.bdaddr, bdaddr);
591f47f3 3247 ev.addr.type = BDADDR_BREDR;
a770bb5a 3248 ev.secure = secure;
980e1a53 3249
744cf19e 3250 return mgmt_event(MGMT_EV_PIN_CODE_REQUEST, hdev, &ev, sizeof(ev),
04124681 3251 NULL);
980e1a53
JH		 3252}
3253
744cf19e 3254int mgmt_pin_code_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 3255 u8 status)
980e1a53
JH		 3256{
3257 struct pending_cmd *cmd;
ac56fb13 3258 struct mgmt_rp_pin_code_reply rp;
980e1a53
JH		 3259 int err;
3260
2e58ef3e 3261 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_REPLY, hdev);
980e1a53
JH		 3262 if (!cmd)
3263 return -ENOENT;
3264
d8457698 3265 bacpy(&rp.addr.bdaddr, bdaddr);
591f47f3 3266 rp.addr.type = BDADDR_BREDR;
ac56fb13 3267
aee9b218 3268 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
04124681 3269 mgmt_status(status), &rp, sizeof(rp));
980e1a53 3270
a664b5bc 3271 mgmt_pending_remove(cmd);
980e1a53
JH		 3272
3273 return err;
3274}
3275
744cf19e 3276int mgmt_pin_code_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 3277 u8 status)
980e1a53
JH		 3278{
3279 struct pending_cmd *cmd;
ac56fb13 3280 struct mgmt_rp_pin_code_reply rp;
980e1a53
JH		 3281 int err;
3282
2e58ef3e 3283 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_NEG_REPLY, hdev);
980e1a53
JH		 3284 if (!cmd)
3285 return -ENOENT;
3286
d8457698 3287 bacpy(&rp.addr.bdaddr, bdaddr);
591f47f3 3288 rp.addr.type = BDADDR_BREDR;
ac56fb13 3289
aee9b218 3290 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_NEG_REPLY,
04124681 3291 mgmt_status(status), &rp, sizeof(rp));
980e1a53 3292
a664b5bc 3293 mgmt_pending_remove(cmd);
980e1a53
JH		 3294
3295 return err;
3296}
a5c29683 3297
744cf19e 3298int mgmt_user_confirm_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681
GP		 3299 u8 link_type, u8 addr_type, __le32 value,
3300 u8 confirm_hint)
a5c29683
JH		 3301{
3302 struct mgmt_ev_user_confirm_request ev;
3303
744cf19e 3304 BT_DBG("%s", hdev->name);
a5c29683 3305
272d90df 3306 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 3307 ev.addr.type = link_to_bdaddr(link_type, addr_type);
55bc1a37 3308 ev.confirm_hint = confirm_hint;
78e8098e 3309 ev.value = value;
a5c29683 3310
744cf19e 3311 return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST, hdev, &ev, sizeof(ev),
04124681 3312 NULL);
a5c29683
JH		 3313}
3314
272d90df 3315int mgmt_user_passkey_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
8ce8e2b5 3316 u8 link_type, u8 addr_type)
604086b7
BG		 3317{
3318 struct mgmt_ev_user_passkey_request ev;
3319
3320 BT_DBG("%s", hdev->name);
3321
272d90df 3322 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 3323 ev.addr.type = link_to_bdaddr(link_type, addr_type);
604086b7
BG		 3324
3325 return mgmt_event(MGMT_EV_USER_PASSKEY_REQUEST, hdev, &ev, sizeof(ev),
04124681 3326 NULL);
604086b7
BG		 3327}
3328
0df4c185 3329static int user_pairing_resp_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
8ce8e2b5
GP		 3330 u8 link_type, u8 addr_type, u8 status,
3331 u8 opcode)
a5c29683
JH		 3332{
3333 struct pending_cmd *cmd;
3334 struct mgmt_rp_user_confirm_reply rp;
3335 int err;
3336
2e58ef3e 3337 cmd = mgmt_pending_find(opcode, hdev);
a5c29683
JH		 3338 if (!cmd)
3339 return -ENOENT;
3340
272d90df 3341 bacpy(&rp.addr.bdaddr, bdaddr);
57c1477c 3342 rp.addr.type = link_to_bdaddr(link_type, addr_type);
aee9b218 3343 err = cmd_complete(cmd->sk, hdev->id, opcode, mgmt_status(status),
04124681 3344 &rp, sizeof(rp));
a5c29683 3345
a664b5bc 3346 mgmt_pending_remove(cmd);
a5c29683
JH		 3347
3348 return err;
3349}
3350
744cf19e 3351int mgmt_user_confirm_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 3352 u8 link_type, u8 addr_type, u8 status)
a5c29683 3353{
272d90df 3354 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
04124681 3355 status, MGMT_OP_USER_CONFIRM_REPLY);
a5c29683
JH		 3356}
3357
272d90df 3358int mgmt_user_confirm_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 3359 u8 link_type, u8 addr_type, u8 status)
a5c29683 3360{
272d90df 3361 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
8fc9ced3
GP		 3362 status,
3363 MGMT_OP_USER_CONFIRM_NEG_REPLY);
a5c29683 3364}
2a611692 3365
604086b7 3366int mgmt_user_passkey_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 3367 u8 link_type, u8 addr_type, u8 status)
604086b7 3368{
272d90df 3369 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
04124681 3370 status, MGMT_OP_USER_PASSKEY_REPLY);
604086b7
BG		 3371}
3372
272d90df 3373int mgmt_user_passkey_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 3374 u8 link_type, u8 addr_type, u8 status)
604086b7 3375{
272d90df 3376 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
8fc9ced3
GP		 3377 status,
3378 MGMT_OP_USER_PASSKEY_NEG_REPLY);
604086b7
BG		 3379}
3380
92a25256
JH		 3381int mgmt_user_passkey_notify(struct hci_dev *hdev, bdaddr_t *bdaddr,
3382 u8 link_type, u8 addr_type, u32 passkey,
3383 u8 entered)
3384{
3385 struct mgmt_ev_passkey_notify ev;
3386
3387 BT_DBG("%s", hdev->name);
3388
3389 bacpy(&ev.addr.bdaddr, bdaddr);
3390 ev.addr.type = link_to_bdaddr(link_type, addr_type);
3391 ev.passkey = __cpu_to_le32(passkey);
3392 ev.entered = entered;
3393
3394 return mgmt_event(MGMT_EV_PASSKEY_NOTIFY, hdev, &ev, sizeof(ev), NULL);
3395}
3396
bab73cb6 3397int mgmt_auth_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
04124681 3398 u8 addr_type, u8 status)
2a611692
JH		 3399{
3400 struct mgmt_ev_auth_failed ev;
3401
bab73cb6 3402 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 3403 ev.addr.type = link_to_bdaddr(link_type, addr_type);
ca69b795 3404 ev.status = mgmt_status(status);
2a611692 3405
744cf19e 3406 return mgmt_event(MGMT_EV_AUTH_FAILED, hdev, &ev, sizeof(ev), NULL);
2a611692 3407}
b312b161 3408
33ef95ed
JH		 3409int mgmt_auth_enable_complete(struct hci_dev *hdev, u8 status)
3410{
3411 struct cmd_lookup match = { NULL, hdev };
47990ea0
JH		 3412 bool changed = false;
3413 int err = 0;
33ef95ed
JH		 3414
3415 if (status) {
3416 u8 mgmt_err = mgmt_status(status);
3417 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev,
04124681 3418 cmd_status_rsp, &mgmt_err);
33ef95ed
JH		 3419 return 0;
3420 }
3421
47990ea0
JH		 3422 if (test_bit(HCI_AUTH, &hdev->flags)) {
3423 if (!test_and_set_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
3424 changed = true;
3425 } else {
3426 if (test_and_clear_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
3427 changed = true;
3428 }
3429
33ef95ed 3430 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev, settings_rsp,
04124681 3431 &match);
33ef95ed 3432
47990ea0
JH		 3433 if (changed)
3434 err = new_settings(hdev, match.sk);
33ef95ed
JH		 3435
3436 if (match.sk)
3437 sock_put(match.sk);
3438
3439 return err;
3440}
3441
cacaf52f
JH		 3442static int clear_eir(struct hci_dev *hdev)
3443{
3444 struct hci_cp_write_eir cp;
3445
976eb20e 3446 if (!lmp_ext_inq_capable(hdev))
cacaf52f
JH		 3447 return 0;
3448
c80da27e
JH		 3449 memset(hdev->eir, 0, sizeof(hdev->eir));
3450
cacaf52f
JH		 3451 memset(&cp, 0, sizeof(cp));
3452
3453 return hci_send_cmd(hdev, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
3454}
3455
c0ecddc2 3456int mgmt_ssp_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
ed2c4ee3
JH		 3457{
3458 struct cmd_lookup match = { NULL, hdev };
c0ecddc2
JH		 3459 bool changed = false;
3460 int err = 0;
ed2c4ee3
JH		 3461
3462 if (status) {
3463 u8 mgmt_err = mgmt_status(status);
c0ecddc2
JH		 3464
3465 if (enable && test_and_clear_bit(HCI_SSP_ENABLED,
04124681 3466 &hdev->dev_flags))
c0ecddc2
JH		 3467 err = new_settings(hdev, NULL);
3468
04124681
GP		 3469 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, cmd_status_rsp,
3470 &mgmt_err);
c0ecddc2
JH		 3471
3472 return err;
3473 }
3474
3475 if (enable) {
3476 if (!test_and_set_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
3477 changed = true;
3478 } else {
3479 if (test_and_clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
3480 changed = true;
ed2c4ee3
JH		 3481 }
3482
3483 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, settings_rsp, &match);
3484
c0ecddc2
JH		 3485 if (changed)
3486 err = new_settings(hdev, match.sk);
ed2c4ee3 3487
5fc6ebb1 3488 if (match.sk)
ed2c4ee3
JH		 3489 sock_put(match.sk);
3490
5fc6ebb1
JH		 3491 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
3492 update_eir(hdev);
3493 else
3494 clear_eir(hdev);
cacaf52f 3495
ed2c4ee3
JH		 3496 return err;
3497}
3498
90e70454
JH		 3499static void class_rsp(struct pending_cmd *cmd, void *data)
3500{
3501 struct cmd_lookup *match = data;
3502
3503 cmd_complete(cmd->sk, cmd->index, cmd->opcode, match->mgmt_status,
04124681 3504 match->hdev->dev_class, 3);
90e70454
JH		 3505
3506 list_del(&cmd->list);
3507
3508 if (match->sk == NULL) {
3509 match->sk = cmd->sk;
3510 sock_hold(match->sk);
3511 }
3512
3513 mgmt_pending_free(cmd);
3514}
3515
7f9a903c 3516int mgmt_set_class_of_dev_complete(struct hci_dev *hdev, u8 *dev_class,
04124681 3517 u8 status)
7f9a903c 3518{
90e70454
JH		 3519 struct cmd_lookup match = { NULL, hdev, mgmt_status(status) };
3520 int err = 0;
7f9a903c 3521
c95f0ba7
JH		 3522 clear_bit(HCI_PENDING_CLASS, &hdev->dev_flags);
3523
90e70454
JH		 3524 mgmt_pending_foreach(MGMT_OP_SET_DEV_CLASS, hdev, class_rsp, &match);
3525 mgmt_pending_foreach(MGMT_OP_ADD_UUID, hdev, class_rsp, &match);
3526 mgmt_pending_foreach(MGMT_OP_REMOVE_UUID, hdev, class_rsp, &match);
3527
3528 if (!status)
04124681
GP		 3529 err = mgmt_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev, dev_class,
3530 3, NULL);
90e70454
JH		 3531
3532 if (match.sk)
3533 sock_put(match.sk);
7f9a903c
MH		 3534
3535 return err;
3536}
3537
744cf19e 3538int mgmt_set_local_name_complete(struct hci_dev *hdev, u8 *name, u8 status)
b312b161
JH		 3539{
3540 struct pending_cmd *cmd;
3541 struct mgmt_cp_set_local_name ev;
28cc7bde
JH		 3542 bool changed = false;
3543 int err = 0;
3544
3545 if (memcmp(name, hdev->dev_name, sizeof(hdev->dev_name)) != 0) {
3546 memcpy(hdev->dev_name, name, sizeof(hdev->dev_name));
3547 changed = true;
3548 }
b312b161
JH		 3549
3550 memset(&ev, 0, sizeof(ev));
3551 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH);
28cc7bde 3552 memcpy(ev.short_name, hdev->short_name, HCI_MAX_SHORT_NAME_LENGTH);
b312b161 3553
2e58ef3e 3554 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
b312b161
JH		 3555 if (!cmd)
3556 goto send_event;
3557
7bdaae4a
JH		 3558 /* Always assume that either the short or the complete name has
3559 * changed if there was a pending mgmt command */
3560 changed = true;
3561
b312b161 3562 if (status) {
744cf19e 3563 err = cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME,
04124681 3564 mgmt_status(status));
b312b161
JH		 3565 goto failed;
3566 }
3567
aee9b218 3568 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0, &ev,
04124681 3569 sizeof(ev));
b312b161
JH		 3570 if (err < 0)
3571 goto failed;
3572
3573send_event:
28cc7bde
JH		 3574 if (changed)
3575 err = mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, &ev,
04124681 3576 sizeof(ev), cmd ? cmd->sk : NULL);
28cc7bde 3577
1225a6bd
JH		 3578 /* EIR is taken care of separately when powering on the
3579 * adapter so only update them here if this is a name change
3580 * unrelated to power on.
3581 */
3582 if (!test_bit(HCI_INIT, &hdev->flags))
3583 update_eir(hdev);
b312b161
JH		 3584
3585failed:
3586 if (cmd)
3587 mgmt_pending_remove(cmd);
3588 return err;
3589}
c35938b2 3590
744cf19e 3591int mgmt_read_local_oob_data_reply_complete(struct hci_dev *hdev, u8 *hash,
04124681 3592 u8 *randomizer, u8 status)
c35938b2
SJ		 3593{
3594 struct pending_cmd *cmd;
3595 int err;
3596
744cf19e 3597 BT_DBG("%s status %u", hdev->name, status);
c35938b2 3598
2e58ef3e 3599 cmd = mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev);
c35938b2
SJ		 3600 if (!cmd)
3601 return -ENOENT;
3602
3603 if (status) {
04124681
GP		 3604 err = cmd_status(cmd->sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3605 mgmt_status(status));
c35938b2
SJ		 3606 } else {
3607 struct mgmt_rp_read_local_oob_data rp;
3608
3609 memcpy(rp.hash, hash, sizeof(rp.hash));
3610 memcpy(rp.randomizer, randomizer, sizeof(rp.randomizer));
3611
744cf19e 3612 err = cmd_complete(cmd->sk, hdev->id,
04124681
GP		 3613 MGMT_OP_READ_LOCAL_OOB_DATA, 0, &rp,
3614 sizeof(rp));
c35938b2
SJ		 3615 }
3616
3617 mgmt_pending_remove(cmd);
3618
3619 return err;
3620}
e17acd40 3621
06199cf8
JH		 3622int mgmt_le_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
3623{
3624 struct cmd_lookup match = { NULL, hdev };
3625 bool changed = false;
3626 int err = 0;
3627
3628 if (status) {
3629 u8 mgmt_err = mgmt_status(status);
3630
3631 if (enable && test_and_clear_bit(HCI_LE_ENABLED,
04124681 3632 &hdev->dev_flags))
d97dcb66 3633 err = new_settings(hdev, NULL);
06199cf8 3634
d97dcb66
SJ		 3635 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, cmd_status_rsp,
3636 &mgmt_err);
06199cf8
JH		 3637
3638 return err;
3639 }
3640
3641 if (enable) {
3642 if (!test_and_set_bit(HCI_LE_ENABLED, &hdev->dev_flags))
3643 changed = true;
3644 } else {
3645 if (test_and_clear_bit(HCI_LE_ENABLED, &hdev->dev_flags))
3646 changed = true;
3647 }
3648
3649 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, settings_rsp, &match);
3650
3651 if (changed)
3652 err = new_settings(hdev, match.sk);
3653
3654 if (match.sk)
3655 sock_put(match.sk);
3656
3657 return err;
3658}
3659
48264f06 3660int mgmt_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
04124681
GP		 3661 u8 addr_type, u8 *dev_class, s8 rssi, u8 cfm_name, u8
3662 ssp, u8 *eir, u16 eir_len)
e17acd40 3663{
e319d2e7
JH		 3664 char buf[512];
3665 struct mgmt_ev_device_found *ev = (void *) buf;
1dc06093 3666 size_t ev_size;
e17acd40 3667
1dc06093
JH		 3668 /* Leave 5 bytes for a potential CoD field */
3669 if (sizeof(*ev) + eir_len + 5 > sizeof(buf))
7d262f86
AG		 3670 return -EINVAL;
3671
1dc06093
JH		 3672 memset(buf, 0, sizeof(buf));
3673
e319d2e7 3674 bacpy(&ev->addr.bdaddr, bdaddr);
57c1477c 3675 ev->addr.type = link_to_bdaddr(link_type, addr_type);
e319d2e7 3676 ev->rssi = rssi;
9a395a80 3677 if (cfm_name)
612dfce9 3678 ev->flags |= __constant_cpu_to_le32(MGMT_DEV_FOUND_CONFIRM_NAME);
388fc8fa 3679 if (!ssp)
612dfce9 3680 ev->flags |= __constant_cpu_to_le32(MGMT_DEV_FOUND_LEGACY_PAIRING);
e17acd40 3681
1dc06093 3682 if (eir_len > 0)
e319d2e7 3683 memcpy(ev->eir, eir, eir_len);
e17acd40 3684
1dc06093
JH		 3685 if (dev_class && !eir_has_data_type(ev->eir, eir_len, EIR_CLASS_OF_DEV))
3686 eir_len = eir_append_data(ev->eir, eir_len, EIR_CLASS_OF_DEV,
04124681 3687 dev_class, 3);
1dc06093 3688
eb55ef07 3689 ev->eir_len = cpu_to_le16(eir_len);
1dc06093 3690 ev_size = sizeof(*ev) + eir_len;
f8523598 3691
e319d2e7 3692 return mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, ev_size, NULL);
e17acd40 3693}
a88a9652 3694
b644ba33 3695int mgmt_remote_name(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
04124681 3696 u8 addr_type, s8 rssi, u8 *name, u8 name_len)
a88a9652 3697{
b644ba33
JH		 3698 struct mgmt_ev_device_found *ev;
3699 char buf[sizeof(*ev) + HCI_MAX_NAME_LENGTH + 2];
3700 u16 eir_len;
a88a9652 3701
b644ba33 3702 ev = (struct mgmt_ev_device_found *) buf;
a88a9652 3703
b644ba33
JH		 3704 memset(buf, 0, sizeof(buf));
3705
3706 bacpy(&ev->addr.bdaddr, bdaddr);
57c1477c 3707 ev->addr.type = link_to_bdaddr(link_type, addr_type);
b644ba33
JH		 3708 ev->rssi = rssi;
3709
3710 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE, name,
04124681 3711 name_len);
b644ba33 3712
eb55ef07 3713 ev->eir_len = cpu_to_le16(eir_len);
a88a9652 3714
053c7e0c 3715 return mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev,
04124681 3716 sizeof(*ev) + eir_len, NULL);
a88a9652 3717}
314b2381 3718
7a135109 3719int mgmt_start_discovery_failed(struct hci_dev *hdev, u8 status)
164a6e78
JH		 3720{
3721 struct pending_cmd *cmd;
f808e166 3722 u8 type;
164a6e78
JH		 3723 int err;
3724
203159d4
AG		 3725 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
3726
2e58ef3e 3727 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
164a6e78
JH		 3728 if (!cmd)
3729 return -ENOENT;
3730
f808e166
JH		 3731 type = hdev->discovery.type;
3732
3733 err = cmd_complete(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status),
04124681 3734 &type, sizeof(type));
164a6e78
JH		 3735 mgmt_pending_remove(cmd);
3736
3737 return err;
3738}
3739
e6d465cb
AG		 3740int mgmt_stop_discovery_failed(struct hci_dev *hdev, u8 status)
3741{
3742 struct pending_cmd *cmd;
3743 int err;
3744
3745 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
3746 if (!cmd)
3747 return -ENOENT;
3748
d930650b 3749 err = cmd_complete(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status),
04124681 3750 &hdev->discovery.type, sizeof(hdev->discovery.type));
164a6e78
JH		 3751 mgmt_pending_remove(cmd);
3752
3753 return err;
3754}
3755
744cf19e 3756int mgmt_discovering(struct hci_dev *hdev, u8 discovering)
314b2381 3757{
f963e8e9 3758 struct mgmt_ev_discovering ev;
164a6e78
JH		 3759 struct pending_cmd *cmd;
3760
343fb145
AG		 3761 BT_DBG("%s discovering %u", hdev->name, discovering);
3762
164a6e78 3763 if (discovering)
2e58ef3e 3764 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
164a6e78 3765 else
2e58ef3e 3766 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
164a6e78
JH		 3767
3768 if (cmd != NULL) {
f808e166
JH		 3769 u8 type = hdev->discovery.type;
3770
04124681
GP		 3771 cmd_complete(cmd->sk, hdev->id, cmd->opcode, 0, &type,
3772 sizeof(type));
164a6e78
JH		 3773 mgmt_pending_remove(cmd);
3774 }
3775
f963e8e9
JH		 3776 memset(&ev, 0, sizeof(ev));
3777 ev.type = hdev->discovery.type;
3778 ev.discovering = discovering;
3779
3780 return mgmt_event(MGMT_EV_DISCOVERING, hdev, &ev, sizeof(ev), NULL);
314b2381 3781}
5e762444 3782
88c1fe4b 3783int mgmt_device_blocked(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
5e762444
AJ		 3784{
3785 struct pending_cmd *cmd;
3786 struct mgmt_ev_device_blocked ev;
3787
2e58ef3e 3788 cmd = mgmt_pending_find(MGMT_OP_BLOCK_DEVICE, hdev);
5e762444 3789
88c1fe4b
JH		 3790 bacpy(&ev.addr.bdaddr, bdaddr);
3791 ev.addr.type = type;
5e762444 3792
744cf19e 3793 return mgmt_event(MGMT_EV_DEVICE_BLOCKED, hdev, &ev, sizeof(ev),
04124681 3794 cmd ? cmd->sk : NULL);
5e762444
AJ		 3795}
3796
88c1fe4b 3797int mgmt_device_unblocked(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
5e762444
AJ		 3798{
3799 struct pending_cmd *cmd;
3800 struct mgmt_ev_device_unblocked ev;
3801
2e58ef3e 3802 cmd = mgmt_pending_find(MGMT_OP_UNBLOCK_DEVICE, hdev);
5e762444 3803
88c1fe4b
JH		 3804 bacpy(&ev.addr.bdaddr, bdaddr);
3805 ev.addr.type = type;
5e762444 3806
744cf19e 3807 return mgmt_event(MGMT_EV_DEVICE_UNBLOCKED, hdev, &ev, sizeof(ev),
04124681 3808 cmd ? cmd->sk : NULL);
5e762444 3809}
d7b7e796
MH		 3810
3811module_param(enable_hs, bool, 0644);
3812MODULE_PARM_DESC(enable_hs, "Enable High Speed support");
Linux 6.x block layer and io_uring tree(s)