projects / linux-2.6-block.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Bluetooth: Fix sending write_scan_enable when BR/EDR is disabled
[linux-2.6-block.git] / net / bluetooth / mgmt.c
CommitLineData
0381101f
JH		 1/*
2 BlueZ - Bluetooth protocol stack for Linux
ea585ab5 3
0381101f 4 Copyright (C) 2010 Nokia Corporation
ea585ab5 5 Copyright (C) 2011-2012 Intel Corporation
0381101f
JH		 6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
10
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
23*/
24
25/* Bluetooth HCI Management interface */
26
3a9a231d 27#include <linux/module.h>
0381101f
JH		 28#include <asm/unaligned.h>
29
30#include <net/bluetooth/bluetooth.h>
31#include <net/bluetooth/hci_core.h>
32#include <net/bluetooth/mgmt.h>
ac4b7236
MH		 33
34#include "smp.h"
0381101f 35
2da9c55c 36#define MGMT_VERSION 1
9ab8cf37 37#define MGMT_REVISION 4
02d98129 38
e70bb2e8
JH		 39static const u16 mgmt_commands[] = {
40 MGMT_OP_READ_INDEX_LIST,
41 MGMT_OP_READ_INFO,
42 MGMT_OP_SET_POWERED,
43 MGMT_OP_SET_DISCOVERABLE,
44 MGMT_OP_SET_CONNECTABLE,
45 MGMT_OP_SET_FAST_CONNECTABLE,
46 MGMT_OP_SET_PAIRABLE,
47 MGMT_OP_SET_LINK_SECURITY,
48 MGMT_OP_SET_SSP,
49 MGMT_OP_SET_HS,
50 MGMT_OP_SET_LE,
51 MGMT_OP_SET_DEV_CLASS,
52 MGMT_OP_SET_LOCAL_NAME,
53 MGMT_OP_ADD_UUID,
54 MGMT_OP_REMOVE_UUID,
55 MGMT_OP_LOAD_LINK_KEYS,
56 MGMT_OP_LOAD_LONG_TERM_KEYS,
57 MGMT_OP_DISCONNECT,
58 MGMT_OP_GET_CONNECTIONS,
59 MGMT_OP_PIN_CODE_REPLY,
60 MGMT_OP_PIN_CODE_NEG_REPLY,
61 MGMT_OP_SET_IO_CAPABILITY,
62 MGMT_OP_PAIR_DEVICE,
63 MGMT_OP_CANCEL_PAIR_DEVICE,
64 MGMT_OP_UNPAIR_DEVICE,
65 MGMT_OP_USER_CONFIRM_REPLY,
66 MGMT_OP_USER_CONFIRM_NEG_REPLY,
67 MGMT_OP_USER_PASSKEY_REPLY,
68 MGMT_OP_USER_PASSKEY_NEG_REPLY,
69 MGMT_OP_READ_LOCAL_OOB_DATA,
70 MGMT_OP_ADD_REMOTE_OOB_DATA,
71 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
72 MGMT_OP_START_DISCOVERY,
73 MGMT_OP_STOP_DISCOVERY,
74 MGMT_OP_CONFIRM_NAME,
75 MGMT_OP_BLOCK_DEVICE,
76 MGMT_OP_UNBLOCK_DEVICE,
cdbaccca 77 MGMT_OP_SET_DEVICE_ID,
4375f103 78 MGMT_OP_SET_ADVERTISING,
0663ca2a 79 MGMT_OP_SET_BREDR,
d13eafce 80 MGMT_OP_SET_STATIC_ADDRESS,
7f72134e 81 MGMT_OP_SET_SCAN_PARAMS,
e70bb2e8
JH		 82};
83
84static const u16 mgmt_events[] = {
85 MGMT_EV_CONTROLLER_ERROR,
86 MGMT_EV_INDEX_ADDED,
87 MGMT_EV_INDEX_REMOVED,
88 MGMT_EV_NEW_SETTINGS,
89 MGMT_EV_CLASS_OF_DEV_CHANGED,
90 MGMT_EV_LOCAL_NAME_CHANGED,
91 MGMT_EV_NEW_LINK_KEY,
92 MGMT_EV_NEW_LONG_TERM_KEY,
93 MGMT_EV_DEVICE_CONNECTED,
94 MGMT_EV_DEVICE_DISCONNECTED,
95 MGMT_EV_CONNECT_FAILED,
96 MGMT_EV_PIN_CODE_REQUEST,
97 MGMT_EV_USER_CONFIRM_REQUEST,
98 MGMT_EV_USER_PASSKEY_REQUEST,
99 MGMT_EV_AUTH_FAILED,
100 MGMT_EV_DEVICE_FOUND,
101 MGMT_EV_DISCOVERING,
102 MGMT_EV_DEVICE_BLOCKED,
103 MGMT_EV_DEVICE_UNBLOCKED,
104 MGMT_EV_DEVICE_UNPAIRED,
92a25256 105 MGMT_EV_PASSKEY_NOTIFY,
e70bb2e8
JH		 106};
107
17b02e62 108#define CACHE_TIMEOUT msecs_to_jiffies(2 * 1000)
7d78525d 109
4b34ee78
JH		 110#define hdev_is_powered(hdev) (test_bit(HCI_UP, &hdev->flags) && \
111 !test_bit(HCI_AUTO_OFF, &hdev->dev_flags))
112
eec8d2bc
JH		 113struct pending_cmd {
114 struct list_head list;
fc2f4b13 115 u16 opcode;
eec8d2bc 116 int index;
c68fb7ff 117 void *param;
eec8d2bc 118 struct sock *sk;
e9a416b5 119 void *user_data;
eec8d2bc
JH		 120};
121
ca69b795
JH		 122/* HCI to MGMT error code conversion table */
123static u8 mgmt_status_table[] = {
124 MGMT_STATUS_SUCCESS,
125 MGMT_STATUS_UNKNOWN_COMMAND, /* Unknown Command */
126 MGMT_STATUS_NOT_CONNECTED, /* No Connection */
127 MGMT_STATUS_FAILED, /* Hardware Failure */
128 MGMT_STATUS_CONNECT_FAILED, /* Page Timeout */
129 MGMT_STATUS_AUTH_FAILED, /* Authentication Failed */
130 MGMT_STATUS_NOT_PAIRED, /* PIN or Key Missing */
131 MGMT_STATUS_NO_RESOURCES, /* Memory Full */
132 MGMT_STATUS_TIMEOUT, /* Connection Timeout */
133 MGMT_STATUS_NO_RESOURCES, /* Max Number of Connections */
134 MGMT_STATUS_NO_RESOURCES, /* Max Number of SCO Connections */
135 MGMT_STATUS_ALREADY_CONNECTED, /* ACL Connection Exists */
136 MGMT_STATUS_BUSY, /* Command Disallowed */
137 MGMT_STATUS_NO_RESOURCES, /* Rejected Limited Resources */
138 MGMT_STATUS_REJECTED, /* Rejected Security */
139 MGMT_STATUS_REJECTED, /* Rejected Personal */
140 MGMT_STATUS_TIMEOUT, /* Host Timeout */
141 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Feature */
142 MGMT_STATUS_INVALID_PARAMS, /* Invalid Parameters */
143 MGMT_STATUS_DISCONNECTED, /* OE User Ended Connection */
144 MGMT_STATUS_NO_RESOURCES, /* OE Low Resources */
145 MGMT_STATUS_DISCONNECTED, /* OE Power Off */
146 MGMT_STATUS_DISCONNECTED, /* Connection Terminated */
147 MGMT_STATUS_BUSY, /* Repeated Attempts */
148 MGMT_STATUS_REJECTED, /* Pairing Not Allowed */
149 MGMT_STATUS_FAILED, /* Unknown LMP PDU */
150 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Remote Feature */
151 MGMT_STATUS_REJECTED, /* SCO Offset Rejected */
152 MGMT_STATUS_REJECTED, /* SCO Interval Rejected */
153 MGMT_STATUS_REJECTED, /* Air Mode Rejected */
154 MGMT_STATUS_INVALID_PARAMS, /* Invalid LMP Parameters */
155 MGMT_STATUS_FAILED, /* Unspecified Error */
156 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported LMP Parameter Value */
157 MGMT_STATUS_FAILED, /* Role Change Not Allowed */
158 MGMT_STATUS_TIMEOUT, /* LMP Response Timeout */
159 MGMT_STATUS_FAILED, /* LMP Error Transaction Collision */
160 MGMT_STATUS_FAILED, /* LMP PDU Not Allowed */
161 MGMT_STATUS_REJECTED, /* Encryption Mode Not Accepted */
162 MGMT_STATUS_FAILED, /* Unit Link Key Used */
163 MGMT_STATUS_NOT_SUPPORTED, /* QoS Not Supported */
164 MGMT_STATUS_TIMEOUT, /* Instant Passed */
165 MGMT_STATUS_NOT_SUPPORTED, /* Pairing Not Supported */
166 MGMT_STATUS_FAILED, /* Transaction Collision */
167 MGMT_STATUS_INVALID_PARAMS, /* Unacceptable Parameter */
168 MGMT_STATUS_REJECTED, /* QoS Rejected */
169 MGMT_STATUS_NOT_SUPPORTED, /* Classification Not Supported */
170 MGMT_STATUS_REJECTED, /* Insufficient Security */
171 MGMT_STATUS_INVALID_PARAMS, /* Parameter Out Of Range */
172 MGMT_STATUS_BUSY, /* Role Switch Pending */
173 MGMT_STATUS_FAILED, /* Slot Violation */
174 MGMT_STATUS_FAILED, /* Role Switch Failed */
175 MGMT_STATUS_INVALID_PARAMS, /* EIR Too Large */
176 MGMT_STATUS_NOT_SUPPORTED, /* Simple Pairing Not Supported */
177 MGMT_STATUS_BUSY, /* Host Busy Pairing */
178 MGMT_STATUS_REJECTED, /* Rejected, No Suitable Channel */
179 MGMT_STATUS_BUSY, /* Controller Busy */
180 MGMT_STATUS_INVALID_PARAMS, /* Unsuitable Connection Interval */
181 MGMT_STATUS_TIMEOUT, /* Directed Advertising Timeout */
182 MGMT_STATUS_AUTH_FAILED, /* Terminated Due to MIC Failure */
183 MGMT_STATUS_CONNECT_FAILED, /* Connection Establishment Failed */
184 MGMT_STATUS_CONNECT_FAILED, /* MAC Connection Failed */
185};
186
187static u8 mgmt_status(u8 hci_status)
188{
189 if (hci_status < ARRAY_SIZE(mgmt_status_table))
190 return mgmt_status_table[hci_status];
191
192 return MGMT_STATUS_FAILED;
193}
194
4e51eae9 195static int cmd_status(struct sock *sk, u16 index, u16 cmd, u8 status)
f7b64e69
JH		 196{
197 struct sk_buff *skb;
198 struct mgmt_hdr *hdr;
199 struct mgmt_ev_cmd_status *ev;
56b7d137 200 int err;
f7b64e69 201
34eb525c 202 BT_DBG("sock %p, index %u, cmd %u, status %u", sk, index, cmd, status);
f7b64e69 203
790eff44 204 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev), GFP_KERNEL);
f7b64e69
JH		 205 if (!skb)
206 return -ENOMEM;
207
208 hdr = (void *) skb_put(skb, sizeof(*hdr));
209
612dfce9 210 hdr->opcode = __constant_cpu_to_le16(MGMT_EV_CMD_STATUS);
4e51eae9 211 hdr->index = cpu_to_le16(index);
f7b64e69
JH		 212 hdr->len = cpu_to_le16(sizeof(*ev));
213
214 ev = (void *) skb_put(skb, sizeof(*ev));
215 ev->status = status;
eb55ef07 216 ev->opcode = cpu_to_le16(cmd);
f7b64e69 217
56b7d137
GP		 218 err = sock_queue_rcv_skb(sk, skb);
219 if (err < 0)
f7b64e69
JH		 220 kfree_skb(skb);
221
56b7d137 222 return err;
f7b64e69
JH		 223}
224
aee9b218 225static int cmd_complete(struct sock *sk, u16 index, u16 cmd, u8 status,
04124681 226 void *rp, size_t rp_len)
02d98129
JH		 227{
228 struct sk_buff *skb;
229 struct mgmt_hdr *hdr;
230 struct mgmt_ev_cmd_complete *ev;
56b7d137 231 int err;
02d98129
JH		 232
233 BT_DBG("sock %p", sk);
234
790eff44 235 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev) + rp_len, GFP_KERNEL);
02d98129
JH		 236 if (!skb)
237 return -ENOMEM;
238
239 hdr = (void *) skb_put(skb, sizeof(*hdr));
02d98129 240
612dfce9 241 hdr->opcode = __constant_cpu_to_le16(MGMT_EV_CMD_COMPLETE);
4e51eae9 242 hdr->index = cpu_to_le16(index);
a38528f1 243 hdr->len = cpu_to_le16(sizeof(*ev) + rp_len);
02d98129 244
a38528f1 245 ev = (void *) skb_put(skb, sizeof(*ev) + rp_len);
eb55ef07 246 ev->opcode = cpu_to_le16(cmd);
aee9b218 247 ev->status = status;
8020c16a
SJ		 248
249 if (rp)
250 memcpy(ev->data, rp, rp_len);
02d98129 251
56b7d137
GP		 252 err = sock_queue_rcv_skb(sk, skb);
253 if (err < 0)
02d98129
JH		 254 kfree_skb(skb);
255
e5f0e151 256 return err;
02d98129
JH		 257}
258
04124681
GP		 259static int read_version(struct sock *sk, struct hci_dev *hdev, void *data,
260 u16 data_len)
a38528f1
JH		 261{
262 struct mgmt_rp_read_version rp;
263
264 BT_DBG("sock %p", sk);
265
266 rp.version = MGMT_VERSION;
eb55ef07 267 rp.revision = __constant_cpu_to_le16(MGMT_REVISION);
a38528f1 268
aee9b218 269 return cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_VERSION, 0, &rp,
04124681 270 sizeof(rp));
a38528f1
JH		 271}
272
04124681
GP		 273static int read_commands(struct sock *sk, struct hci_dev *hdev, void *data,
274 u16 data_len)
e70bb2e8
JH		 275{
276 struct mgmt_rp_read_commands *rp;
eb55ef07
MH		 277 const u16 num_commands = ARRAY_SIZE(mgmt_commands);
278 const u16 num_events = ARRAY_SIZE(mgmt_events);
2e3c35ea 279 __le16 *opcode;
e70bb2e8
JH		 280 size_t rp_size;
281 int i, err;
282
283 BT_DBG("sock %p", sk);
284
285 rp_size = sizeof(*rp) + ((num_commands + num_events) * sizeof(u16));
286
287 rp = kmalloc(rp_size, GFP_KERNEL);
288 if (!rp)
289 return -ENOMEM;
290
eb55ef07
MH		 291 rp->num_commands = __constant_cpu_to_le16(num_commands);
292 rp->num_events = __constant_cpu_to_le16(num_events);
e70bb2e8
JH		 293
294 for (i = 0, opcode = rp->opcodes; i < num_commands; i++, opcode++)
295 put_unaligned_le16(mgmt_commands[i], opcode);
296
297 for (i = 0; i < num_events; i++, opcode++)
298 put_unaligned_le16(mgmt_events[i], opcode);
299
aee9b218 300 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_COMMANDS, 0, rp,
04124681 301 rp_size);
e70bb2e8
JH		 302 kfree(rp);
303
304 return err;
305}
306
04124681
GP		 307static int read_index_list(struct sock *sk, struct hci_dev *hdev, void *data,
308 u16 data_len)
faba42eb 309{
faba42eb 310 struct mgmt_rp_read_index_list *rp;
8035ded4 311 struct hci_dev *d;
a38528f1 312 size_t rp_len;
faba42eb 313 u16 count;
476e44cb 314 int err;
faba42eb
JH		 315
316 BT_DBG("sock %p", sk);
317
318 read_lock(&hci_dev_list_lock);
319
320 count = 0;
bb4b2a9a 321 list_for_each_entry(d, &hci_dev_list, list) {
1514b892
MH		 322 if (d->dev_type == HCI_BREDR)
323 count++;
faba42eb
JH		 324 }
325
a38528f1
JH		 326 rp_len = sizeof(*rp) + (2 * count);
327 rp = kmalloc(rp_len, GFP_ATOMIC);
328 if (!rp) {
b2c60d42 329 read_unlock(&hci_dev_list_lock);
faba42eb 330 return -ENOMEM;
b2c60d42 331 }
faba42eb 332
476e44cb 333 count = 0;
8035ded4 334 list_for_each_entry(d, &hci_dev_list, list) {
a8b2d5c2 335 if (test_bit(HCI_SETUP, &d->dev_flags))
ab81cbf9
JH		 336 continue;
337
0736cfa8
MH		 338 if (test_bit(HCI_USER_CHANNEL, &d->dev_flags))
339 continue;
340
1514b892
MH		 341 if (d->dev_type == HCI_BREDR) {
342 rp->index[count++] = cpu_to_le16(d->id);
343 BT_DBG("Added hci%u", d->id);
344 }
faba42eb
JH		 345 }
346
476e44cb
JH		 347 rp->num_controllers = cpu_to_le16(count);
348 rp_len = sizeof(*rp) + (2 * count);
349
faba42eb
JH		 350 read_unlock(&hci_dev_list_lock);
351
aee9b218 352 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_INDEX_LIST, 0, rp,
04124681 353 rp_len);
faba42eb 354
a38528f1
JH		 355 kfree(rp);
356
357 return err;
faba42eb
JH		 358}
359
69ab39ea
JH		 360static u32 get_supported_settings(struct hci_dev *hdev)
361{
362 u32 settings = 0;
363
364 settings |= MGMT_SETTING_POWERED;
69ab39ea
JH		 365 settings |= MGMT_SETTING_PAIRABLE;
366
ed3fa31f 367 if (lmp_bredr_capable(hdev)) {
33c525c0 368 settings |= MGMT_SETTING_CONNECTABLE;
1a47aee8
JH		 369 if (hdev->hci_ver >= BLUETOOTH_VER_1_2)
370 settings |= MGMT_SETTING_FAST_CONNECTABLE;
33c525c0 371 settings |= MGMT_SETTING_DISCOVERABLE;
69ab39ea
JH		 372 settings |= MGMT_SETTING_BREDR;
373 settings |= MGMT_SETTING_LINK_SECURITY;
a82974c9
MH		 374
375 if (lmp_ssp_capable(hdev)) {
376 settings |= MGMT_SETTING_SSP;
377 settings |= MGMT_SETTING_HS;
378 }
848566b3 379 }
d7b7e796 380
eeca6f89 381 if (lmp_le_capable(hdev)) {
9d42820f 382 settings |= MGMT_SETTING_LE;
eeca6f89
JH		 383 settings |= MGMT_SETTING_ADVERTISING;
384 }
69ab39ea
JH		 385
386 return settings;
387}
388
389static u32 get_current_settings(struct hci_dev *hdev)
390{
391 u32 settings = 0;
392
f1f0eb02 393 if (hdev_is_powered(hdev))
f0d4b78a
MH		 394 settings |= MGMT_SETTING_POWERED;
395
5e5282bb 396 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
69ab39ea
JH		 397 settings |= MGMT_SETTING_CONNECTABLE;
398
1a4d3c4b
JH		 399 if (test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags))
400 settings |= MGMT_SETTING_FAST_CONNECTABLE;
401
5e5282bb 402 if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
69ab39ea
JH		 403 settings |= MGMT_SETTING_DISCOVERABLE;
404
a8b2d5c2 405 if (test_bit(HCI_PAIRABLE, &hdev->dev_flags))
69ab39ea
JH		 406 settings |= MGMT_SETTING_PAIRABLE;
407
56f87901 408 if (test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
69ab39ea
JH		 409 settings |= MGMT_SETTING_BREDR;
410
06199cf8 411 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
69ab39ea
JH		 412 settings |= MGMT_SETTING_LE;
413
47990ea0 414 if (test_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
69ab39ea
JH		 415 settings |= MGMT_SETTING_LINK_SECURITY;
416
84bde9d6 417 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
69ab39ea
JH		 418 settings |= MGMT_SETTING_SSP;
419
6d80dfd0
JH		 420 if (test_bit(HCI_HS_ENABLED, &hdev->dev_flags))
421 settings |= MGMT_SETTING_HS;
422
f3d3444a 423 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags))
eeca6f89
JH		 424 settings |= MGMT_SETTING_ADVERTISING;
425
69ab39ea
JH		 426 return settings;
427}
428
ef580372
JH		 429#define PNP_INFO_SVCLASS_ID 0x1200
430
213202ed
JH		 431static u8 *create_uuid16_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
432{
433 u8 *ptr = data, *uuids_start = NULL;
434 struct bt_uuid *uuid;
435
436 if (len < 4)
437 return ptr;
438
439 list_for_each_entry(uuid, &hdev->uuids, list) {
440 u16 uuid16;
441
442 if (uuid->size != 16)
443 continue;
444
445 uuid16 = get_unaligned_le16(&uuid->uuid[12]);
446 if (uuid16 < 0x1100)
447 continue;
448
449 if (uuid16 == PNP_INFO_SVCLASS_ID)
450 continue;
451
452 if (!uuids_start) {
453 uuids_start = ptr;
454 uuids_start[0] = 1;
455 uuids_start[1] = EIR_UUID16_ALL;
456 ptr += 2;
457 }
458
459 /* Stop if not enough space to put next UUID */
460 if ((ptr - data) + sizeof(u16) > len) {
461 uuids_start[1] = EIR_UUID16_SOME;
462 break;
463 }
464
465 *ptr++ = (uuid16 & 0x00ff);
466 *ptr++ = (uuid16 & 0xff00) >> 8;
467 uuids_start[0] += sizeof(uuid16);
468 }
469
470 return ptr;
471}
472
cdf1963f
JH		 473static u8 *create_uuid32_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
474{
475 u8 *ptr = data, *uuids_start = NULL;
476 struct bt_uuid *uuid;
477
478 if (len < 6)
479 return ptr;
480
481 list_for_each_entry(uuid, &hdev->uuids, list) {
482 if (uuid->size != 32)
483 continue;
484
485 if (!uuids_start) {
486 uuids_start = ptr;
487 uuids_start[0] = 1;
488 uuids_start[1] = EIR_UUID32_ALL;
489 ptr += 2;
490 }
491
492 /* Stop if not enough space to put next UUID */
493 if ((ptr - data) + sizeof(u32) > len) {
494 uuids_start[1] = EIR_UUID32_SOME;
495 break;
496 }
497
498 memcpy(ptr, &uuid->uuid[12], sizeof(u32));
499 ptr += sizeof(u32);
500 uuids_start[0] += sizeof(u32);
501 }
502
503 return ptr;
504}
505
c00d575b
JH		 506static u8 *create_uuid128_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
507{
508 u8 *ptr = data, *uuids_start = NULL;
509 struct bt_uuid *uuid;
510
511 if (len < 18)
512 return ptr;
513
514 list_for_each_entry(uuid, &hdev->uuids, list) {
515 if (uuid->size != 128)
516 continue;
517
518 if (!uuids_start) {
519 uuids_start = ptr;
520 uuids_start[0] = 1;
521 uuids_start[1] = EIR_UUID128_ALL;
522 ptr += 2;
523 }
524
525 /* Stop if not enough space to put next UUID */
526 if ((ptr - data) + 16 > len) {
527 uuids_start[1] = EIR_UUID128_SOME;
528 break;
529 }
530
531 memcpy(ptr, uuid->uuid, 16);
532 ptr += 16;
533 uuids_start[0] += 16;
534 }
535
536 return ptr;
537}
538
eb2a8d20
JH		 539static struct pending_cmd *mgmt_pending_find(u16 opcode, struct hci_dev *hdev)
540{
541 struct pending_cmd *cmd;
542
543 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
544 if (cmd->opcode == opcode)
545 return cmd;
546 }
547
548 return NULL;
549}
550
f14d8f64
MH		 551static u8 create_scan_rsp_data(struct hci_dev *hdev, u8 *ptr)
552{
7a5f4990
MH		 553 u8 ad_len = 0;
554 size_t name_len;
555
556 name_len = strlen(hdev->dev_name);
557 if (name_len > 0) {
558 size_t max_len = HCI_MAX_AD_LENGTH - ad_len - 2;
559
560 if (name_len > max_len) {
561 name_len = max_len;
562 ptr[1] = EIR_NAME_SHORT;
563 } else
564 ptr[1] = EIR_NAME_COMPLETE;
565
566 ptr[0] = name_len + 1;
567
568 memcpy(ptr + 2, hdev->dev_name, name_len);
569
570 ad_len += (name_len + 2);
571 ptr += (name_len + 2);
572 }
573
574 return ad_len;
f14d8f64
MH		 575}
576
577static void update_scan_rsp_data(struct hci_request *req)
578{
579 struct hci_dev *hdev = req->hdev;
580 struct hci_cp_le_set_scan_rsp_data cp;
581 u8 len;
582
7751ef1b 583 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
f14d8f64
MH		 584 return;
585
586 memset(&cp, 0, sizeof(cp));
587
588 len = create_scan_rsp_data(hdev, cp.data);
589
eb438b5f
JH		 590 if (hdev->scan_rsp_data_len == len &&
591 memcmp(cp.data, hdev->scan_rsp_data, len) == 0)
f14d8f64
MH		 592 return;
593
eb438b5f
JH		 594 memcpy(hdev->scan_rsp_data, cp.data, sizeof(cp.data));
595 hdev->scan_rsp_data_len = len;
f14d8f64
MH		 596
597 cp.length = len;
598
599 hci_req_add(req, HCI_OP_LE_SET_SCAN_RSP_DATA, sizeof(cp), &cp);
600}
601
46cad2ed 602static u8 create_adv_data(struct hci_dev *hdev, u8 *ptr)
441ad2d0
MH		 603{
604 u8 ad_len = 0, flags = 0;
441ad2d0
MH		 605
606 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags))
607 flags |= LE_AD_GENERAL;
608
609 if (test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
610 if (lmp_le_br_capable(hdev))
611 flags |= LE_AD_SIM_LE_BREDR_CTRL;
612 if (lmp_host_le_br_capable(hdev))
613 flags |= LE_AD_SIM_LE_BREDR_HOST;
614 } else {
615 flags |= LE_AD_NO_BREDR;
616 }
617
618 if (flags) {
619 BT_DBG("adv flags 0x%02x", flags);
620
621 ptr[0] = 2;
622 ptr[1] = EIR_FLAGS;
623 ptr[2] = flags;
624
625 ad_len += 3;
626 ptr += 3;
627 }
628
629 if (hdev->adv_tx_power != HCI_TX_POWER_INVALID) {
630 ptr[0] = 2;
631 ptr[1] = EIR_TX_POWER;
632 ptr[2] = (u8) hdev->adv_tx_power;
633
634 ad_len += 3;
635 ptr += 3;
636 }
637
441ad2d0
MH		 638 return ad_len;
639}
640
5947f4bc 641static void update_adv_data(struct hci_request *req)
441ad2d0
MH		 642{
643 struct hci_dev *hdev = req->hdev;
644 struct hci_cp_le_set_adv_data cp;
645 u8 len;
646
10994ce6 647 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
441ad2d0
MH		 648 return;
649
650 memset(&cp, 0, sizeof(cp));
651
46cad2ed 652 len = create_adv_data(hdev, cp.data);
441ad2d0
MH		 653
654 if (hdev->adv_data_len == len &&
655 memcmp(cp.data, hdev->adv_data, len) == 0)
656 return;
657
658 memcpy(hdev->adv_data, cp.data, sizeof(cp.data));
659 hdev->adv_data_len = len;
660
661 cp.length = len;
662
663 hci_req_add(req, HCI_OP_LE_SET_ADV_DATA, sizeof(cp), &cp);
664}
665
ef580372
JH		 666static void create_eir(struct hci_dev *hdev, u8 *data)
667{
668 u8 *ptr = data;
ef580372
JH		 669 size_t name_len;
670
671 name_len = strlen(hdev->dev_name);
672
673 if (name_len > 0) {
674 /* EIR Data type */
675 if (name_len > 48) {
676 name_len = 48;
677 ptr[1] = EIR_NAME_SHORT;
678 } else
679 ptr[1] = EIR_NAME_COMPLETE;
680
681 /* EIR Data length */
682 ptr[0] = name_len + 1;
683
684 memcpy(ptr + 2, hdev->dev_name, name_len);
685
ef580372
JH		 686 ptr += (name_len + 2);
687 }
688
bbaf444a 689 if (hdev->inq_tx_power != HCI_TX_POWER_INVALID) {
91c4e9b1
MH		 690 ptr[0] = 2;
691 ptr[1] = EIR_TX_POWER;
692 ptr[2] = (u8) hdev->inq_tx_power;
693
91c4e9b1
MH		 694 ptr += 3;
695 }
696
2b9be137
MH		 697 if (hdev->devid_source > 0) {
698 ptr[0] = 9;
699 ptr[1] = EIR_DEVICE_ID;
700
701 put_unaligned_le16(hdev->devid_source, ptr + 2);
702 put_unaligned_le16(hdev->devid_vendor, ptr + 4);
703 put_unaligned_le16(hdev->devid_product, ptr + 6);
704 put_unaligned_le16(hdev->devid_version, ptr + 8);
705
2b9be137
MH		 706 ptr += 10;
707 }
708
213202ed 709 ptr = create_uuid16_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
cdf1963f 710 ptr = create_uuid32_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
c00d575b 711 ptr = create_uuid128_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
ef580372
JH		 712}
713
890ea898 714static void update_eir(struct hci_request *req)
ef580372 715{
890ea898 716 struct hci_dev *hdev = req->hdev;
ef580372
JH		 717 struct hci_cp_write_eir cp;
718
504c8dcd 719 if (!hdev_is_powered(hdev))
890ea898 720 return;
7770c4aa 721
976eb20e 722 if (!lmp_ext_inq_capable(hdev))
890ea898 723 return;
ef580372 724
84bde9d6 725 if (!test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
890ea898 726 return;
ef580372 727
a8b2d5c2 728 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
890ea898 729 return;
ef580372
JH		 730
731 memset(&cp, 0, sizeof(cp));
732
733 create_eir(hdev, cp.data);
734
735 if (memcmp(cp.data, hdev->eir, sizeof(cp.data)) == 0)
890ea898 736 return;
ef580372
JH		 737
738 memcpy(hdev->eir, cp.data, sizeof(cp.data));
739
890ea898 740 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
ef580372
JH		 741}
742
743static u8 get_service_classes(struct hci_dev *hdev)
744{
745 struct bt_uuid *uuid;
746 u8 val = 0;
747
748 list_for_each_entry(uuid, &hdev->uuids, list)
749 val |= uuid->svc_hint;
750
751 return val;
752}
753
890ea898 754static void update_class(struct hci_request *req)
ef580372 755{
890ea898 756 struct hci_dev *hdev = req->hdev;
ef580372
JH		 757 u8 cod[3];
758
759 BT_DBG("%s", hdev->name);
760
504c8dcd 761 if (!hdev_is_powered(hdev))
890ea898 762 return;
7770c4aa 763
f87ea1da
JH		 764 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
765 return;
766
a8b2d5c2 767 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
890ea898 768 return;
ef580372
JH		 769
770 cod[0] = hdev->minor_class;
771 cod[1] = hdev->major_class;
772 cod[2] = get_service_classes(hdev);
773
6acd7db4
MH		 774 if (test_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags))
775 cod[1] |= 0x20;
776
ef580372 777 if (memcmp(cod, hdev->dev_class, 3) == 0)
890ea898 778 return;
ef580372 779
890ea898 780 hci_req_add(req, HCI_OP_WRITE_CLASS_OF_DEV, sizeof(cod), cod);
ef580372
JH		 781}
782
7d78525d
JH		 783static void service_cache_off(struct work_struct *work)
784{
785 struct hci_dev *hdev = container_of(work, struct hci_dev,
04124681 786 service_cache.work);
890ea898 787 struct hci_request req;
7d78525d 788
a8b2d5c2 789 if (!test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
7d78525d
JH		 790 return;
791
890ea898
JH		 792 hci_req_init(&req, hdev);
793
7d78525d
JH		 794 hci_dev_lock(hdev);
795
890ea898
JH		 796 update_eir(&req);
797 update_class(&req);
7d78525d
JH		 798
799 hci_dev_unlock(hdev);
890ea898
JH		 800
801 hci_req_run(&req, NULL);
7d78525d
JH		 802}
803
6a919082 804static void mgmt_init_hdev(struct sock *sk, struct hci_dev *hdev)
7d78525d 805{
4f87da80 806 if (test_and_set_bit(HCI_MGMT, &hdev->dev_flags))
6a919082
JH		 807 return;
808
4f87da80 809 INIT_DELAYED_WORK(&hdev->service_cache, service_cache_off);
7d78525d 810
4f87da80
JH		 811 /* Non-mgmt controlled devices get this bit set
812 * implicitly so that pairing works for them, however
813 * for mgmt we require user-space to explicitly enable
814 * it
815 */
816 clear_bit(HCI_PAIRABLE, &hdev->dev_flags);
7d78525d
JH		 817}
818
0f4e68cf 819static int read_controller_info(struct sock *sk, struct hci_dev *hdev,
04124681 820 void *data, u16 data_len)
0381101f 821{
a38528f1 822 struct mgmt_rp_read_info rp;
f7b64e69 823
bdb6d971 824 BT_DBG("sock %p %s", sk, hdev->name);
f7b64e69 825
09fd0de5 826 hci_dev_lock(hdev);
f7b64e69 827
dc4fe30b
JH		 828 memset(&rp, 0, sizeof(rp));
829
69ab39ea 830 bacpy(&rp.bdaddr, &hdev->bdaddr);
f7b64e69 831
69ab39ea 832 rp.version = hdev->hci_ver;
eb55ef07 833 rp.manufacturer = cpu_to_le16(hdev->manufacturer);
69ab39ea
JH		 834
835 rp.supported_settings = cpu_to_le32(get_supported_settings(hdev));
836 rp.current_settings = cpu_to_le32(get_current_settings(hdev));
f7b64e69 837
a38528f1 838 memcpy(rp.dev_class, hdev->dev_class, 3);
f7b64e69 839
dc4fe30b 840 memcpy(rp.name, hdev->dev_name, sizeof(hdev->dev_name));
27fcc362 841 memcpy(rp.short_name, hdev->short_name, sizeof(hdev->short_name));
dc4fe30b 842
09fd0de5 843 hci_dev_unlock(hdev);
0381101f 844
bdb6d971 845 return cmd_complete(sk, hdev->id, MGMT_OP_READ_INFO, 0, &rp,
04124681 846 sizeof(rp));
0381101f
JH		 847}
848
eec8d2bc
JH		 849static void mgmt_pending_free(struct pending_cmd *cmd)
850{
851 sock_put(cmd->sk);
c68fb7ff 852 kfree(cmd->param);
eec8d2bc
JH		 853 kfree(cmd);
854}
855
366a0336 856static struct pending_cmd *mgmt_pending_add(struct sock *sk, u16 opcode,
04124681
GP		 857 struct hci_dev *hdev, void *data,
858 u16 len)
eec8d2bc
JH		 859{
860 struct pending_cmd *cmd;
861
12b94565 862 cmd = kmalloc(sizeof(*cmd), GFP_KERNEL);
eec8d2bc 863 if (!cmd)
366a0336 864 return NULL;
eec8d2bc
JH		 865
866 cmd->opcode = opcode;
2e58ef3e 867 cmd->index = hdev->id;
eec8d2bc 868
12b94565 869 cmd->param = kmalloc(len, GFP_KERNEL);
c68fb7ff 870 if (!cmd->param) {
eec8d2bc 871 kfree(cmd);
366a0336 872 return NULL;
eec8d2bc
JH		 873 }
874
8fce6357
SJ		 875 if (data)
876 memcpy(cmd->param, data, len);
eec8d2bc
JH		 877
878 cmd->sk = sk;
879 sock_hold(sk);
880
2e58ef3e 881 list_add(&cmd->list, &hdev->mgmt_pending);
eec8d2bc 882
366a0336 883 return cmd;
eec8d2bc
JH		 884}
885
744cf19e 886static void mgmt_pending_foreach(u16 opcode, struct hci_dev *hdev,
8fc9ced3
GP		 887 void (*cb)(struct pending_cmd *cmd,
888 void *data),
04124681 889 void *data)
eec8d2bc 890{
a3d09356 891 struct pending_cmd *cmd, *tmp;
eec8d2bc 892
a3d09356 893 list_for_each_entry_safe(cmd, tmp, &hdev->mgmt_pending, list) {
b24752fe 894 if (opcode > 0 && cmd->opcode != opcode)
eec8d2bc
JH		 895 continue;
896
eec8d2bc
JH		 897 cb(cmd, data);
898 }
899}
900
a664b5bc 901static void mgmt_pending_remove(struct pending_cmd *cmd)
73f22f62 902{
73f22f62
JH		 903 list_del(&cmd->list);
904 mgmt_pending_free(cmd);
905}
906
69ab39ea 907static int send_settings_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
8680570b 908{
69ab39ea 909 __le32 settings = cpu_to_le32(get_current_settings(hdev));
8680570b 910
aee9b218 911 return cmd_complete(sk, hdev->id, opcode, 0, &settings,
04124681 912 sizeof(settings));
8680570b
JH		 913}
914
bdb6d971 915static int set_powered(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 916 u16 len)
eec8d2bc 917{
650f726d 918 struct mgmt_mode *cp = data;
366a0336 919 struct pending_cmd *cmd;
4b34ee78 920 int err;
eec8d2bc 921
bdb6d971 922 BT_DBG("request for %s", hdev->name);
eec8d2bc 923
a7e80f25
JH		 924 if (cp->val != 0x00 && cp->val != 0x01)
925 return cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
926 MGMT_STATUS_INVALID_PARAMS);
927
09fd0de5 928 hci_dev_lock(hdev);
eec8d2bc 929
87b95ba6
JH		 930 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev)) {
931 err = cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
932 MGMT_STATUS_BUSY);
933 goto failed;
934 }
935
f0d4b78a
MH		 936 if (test_and_clear_bit(HCI_AUTO_OFF, &hdev->dev_flags)) {
937 cancel_delayed_work(&hdev->power_off);
938
939 if (cp->val) {
a1d70450
JH		 940 mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev,
941 data, len);
942 err = mgmt_powered(hdev, 1);
f0d4b78a
MH		 943 goto failed;
944 }
945 }
946
4b34ee78 947 if (!!cp->val == hdev_is_powered(hdev)) {
69ab39ea 948 err = send_settings_rsp(sk, MGMT_OP_SET_POWERED, hdev);
eec8d2bc
JH		 949 goto failed;
950 }
951
2e58ef3e 952 cmd = mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev, data, len);
366a0336
JH		 953 if (!cmd) {
954 err = -ENOMEM;
eec8d2bc 955 goto failed;
366a0336 956 }
eec8d2bc 957
72a734ec 958 if (cp->val)
19202573 959 queue_work(hdev->req_workqueue, &hdev->power_on);
eec8d2bc 960 else
19202573 961 queue_work(hdev->req_workqueue, &hdev->power_off.work);
eec8d2bc 962
366a0336 963 err = 0;
eec8d2bc
JH		 964
965failed:
09fd0de5 966 hci_dev_unlock(hdev);
366a0336 967 return err;
eec8d2bc
JH		 968}
969
04124681
GP		 970static int mgmt_event(u16 event, struct hci_dev *hdev, void *data, u16 data_len,
971 struct sock *skip_sk)
beadb2bd
JH		 972{
973 struct sk_buff *skb;
974 struct mgmt_hdr *hdr;
975
790eff44 976 skb = alloc_skb(sizeof(*hdr) + data_len, GFP_KERNEL);
beadb2bd
JH		 977 if (!skb)
978 return -ENOMEM;
979
980 hdr = (void *) skb_put(skb, sizeof(*hdr));
981 hdr->opcode = cpu_to_le16(event);
982 if (hdev)
983 hdr->index = cpu_to_le16(hdev->id);
984 else
612dfce9 985 hdr->index = __constant_cpu_to_le16(MGMT_INDEX_NONE);
beadb2bd
JH		 986 hdr->len = cpu_to_le16(data_len);
987
988 if (data)
989 memcpy(skb_put(skb, data_len), data, data_len);
990
97e0bdeb
MH		 991 /* Time stamp */
992 __net_timestamp(skb);
993
beadb2bd
JH		 994 hci_send_to_control(skb, skip_sk);
995 kfree_skb(skb);
996
997 return 0;
998}
999
1000static int new_settings(struct hci_dev *hdev, struct sock *skip)
1001{
1002 __le32 ev;
1003
1004 ev = cpu_to_le32(get_current_settings(hdev));
1005
1006 return mgmt_event(MGMT_EV_NEW_SETTINGS, hdev, &ev, sizeof(ev), skip);
1007}
1008
bd99abdd
JH		 1009struct cmd_lookup {
1010 struct sock *sk;
1011 struct hci_dev *hdev;
1012 u8 mgmt_status;
1013};
1014
1015static void settings_rsp(struct pending_cmd *cmd, void *data)
1016{
1017 struct cmd_lookup *match = data;
1018
1019 send_settings_rsp(cmd->sk, cmd->opcode, match->hdev);
1020
1021 list_del(&cmd->list);
1022
1023 if (match->sk == NULL) {
1024 match->sk = cmd->sk;
1025 sock_hold(match->sk);
1026 }
1027
1028 mgmt_pending_free(cmd);
1029}
1030
1031static void cmd_status_rsp(struct pending_cmd *cmd, void *data)
1032{
1033 u8 *status = data;
1034
1035 cmd_status(cmd->sk, cmd->index, cmd->opcode, *status);
1036 mgmt_pending_remove(cmd);
1037}
1038
e6fe7986
JH		 1039static u8 mgmt_bredr_support(struct hci_dev *hdev)
1040{
1041 if (!lmp_bredr_capable(hdev))
1042 return MGMT_STATUS_NOT_SUPPORTED;
1043 else if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
1044 return MGMT_STATUS_REJECTED;
1045 else
1046 return MGMT_STATUS_SUCCESS;
1047}
1048
1049static u8 mgmt_le_support(struct hci_dev *hdev)
1050{
1051 if (!lmp_le_capable(hdev))
1052 return MGMT_STATUS_NOT_SUPPORTED;
1053 else if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
1054 return MGMT_STATUS_REJECTED;
1055 else
1056 return MGMT_STATUS_SUCCESS;
1057}
1058
bfaf8c9f
JH		 1059static void set_discoverable_complete(struct hci_dev *hdev, u8 status)
1060{
1061 struct pending_cmd *cmd;
1062 struct mgmt_mode *cp;
970ba524 1063 struct hci_request req;
bfaf8c9f
JH		 1064 bool changed;
1065
1066 BT_DBG("status 0x%02x", status);
1067
1068 hci_dev_lock(hdev);
1069
1070 cmd = mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev);
1071 if (!cmd)
1072 goto unlock;
1073
1074 if (status) {
1075 u8 mgmt_err = mgmt_status(status);
1076 cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
310a3d48 1077 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
bfaf8c9f
JH		 1078 goto remove_cmd;
1079 }
1080
1081 cp = cmd->param;
d4462a07 1082 if (cp->val) {
bfaf8c9f
JH		 1083 changed = !test_and_set_bit(HCI_DISCOVERABLE,
1084 &hdev->dev_flags);
d4462a07
MH		 1085
1086 if (hdev->discov_timeout > 0) {
1087 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
1088 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
1089 to);
1090 }
1091 } else {
bfaf8c9f
JH		 1092 changed = test_and_clear_bit(HCI_DISCOVERABLE,
1093 &hdev->dev_flags);
d4462a07 1094 }
bfaf8c9f
JH		 1095
1096 send_settings_rsp(cmd->sk, MGMT_OP_SET_DISCOVERABLE, hdev);
1097
1098 if (changed)
1099 new_settings(hdev, cmd->sk);
1100
970ba524
MH		 1101 /* When the discoverable mode gets changed, make sure
1102 * that class of device has the limited discoverable
1103 * bit correctly set.
1104 */
1105 hci_req_init(&req, hdev);
1106 update_class(&req);
1107 hci_req_run(&req, NULL);
1108
bfaf8c9f
JH		 1109remove_cmd:
1110 mgmt_pending_remove(cmd);
1111
1112unlock:
1113 hci_dev_unlock(hdev);
1114}
1115
bdb6d971 1116static int set_discoverable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1117 u16 len)
73f22f62 1118{
650f726d 1119 struct mgmt_cp_set_discoverable *cp = data;
366a0336 1120 struct pending_cmd *cmd;
bfaf8c9f 1121 struct hci_request req;
5e5282bb 1122 u16 timeout;
e6fe7986 1123 u8 scan, status;
73f22f62
JH		 1124 int err;
1125
bdb6d971 1126 BT_DBG("request for %s", hdev->name);
73f22f62 1127
e6fe7986
JH		 1128 status = mgmt_bredr_support(hdev);
1129 if (status)
33c525c0 1130 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
e6fe7986 1131 status);
33c525c0 1132
310a3d48 1133 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
a7e80f25
JH		 1134 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1135 MGMT_STATUS_INVALID_PARAMS);
1136
1f350c87 1137 timeout = __le16_to_cpu(cp->timeout);
310a3d48
MH		 1138
1139 /* Disabling discoverable requires that no timeout is set,
1140 * and enabling limited discoverable requires a timeout.
1141 */
1142 if ((cp->val == 0x00 && timeout > 0) ||
1143 (cp->val == 0x02 && timeout == 0))
bdb6d971 1144 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 1145 MGMT_STATUS_INVALID_PARAMS);
73f22f62 1146
09fd0de5 1147 hci_dev_lock(hdev);
73f22f62 1148
5e5282bb 1149 if (!hdev_is_powered(hdev) && timeout > 0) {
bdb6d971 1150 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 1151 MGMT_STATUS_NOT_POWERED);
73f22f62
JH		 1152 goto failed;
1153 }
1154
2e58ef3e 1155 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
8ce8e2b5 1156 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
bdb6d971 1157 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 1158 MGMT_STATUS_BUSY);
73f22f62
JH		 1159 goto failed;
1160 }
1161
5e5282bb 1162 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags)) {
bdb6d971 1163 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 1164 MGMT_STATUS_REJECTED);
5e5282bb
JH		 1165 goto failed;
1166 }
1167
1168 if (!hdev_is_powered(hdev)) {
0224d2fa
JH		 1169 bool changed = false;
1170
310a3d48
MH		 1171 /* Setting limited discoverable when powered off is
1172 * not a valid operation since it requires a timeout
1173 * and so no need to check HCI_LIMITED_DISCOVERABLE.
1174 */
0224d2fa
JH		 1175 if (!!cp->val != test_bit(HCI_DISCOVERABLE, &hdev->dev_flags)) {
1176 change_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
1177 changed = true;
1178 }
1179
5e5282bb 1180 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
0224d2fa
JH		 1181 if (err < 0)
1182 goto failed;
1183
1184 if (changed)
1185 err = new_settings(hdev, sk);
1186
5e5282bb
JH		 1187 goto failed;
1188 }
1189
310a3d48
MH		 1190 /* If the current mode is the same, then just update the timeout
1191 * value with the new value. And if only the timeout gets updated,
1192 * then no need for any HCI transactions.
1193 */
1194 if (!!cp->val == test_bit(HCI_DISCOVERABLE, &hdev->dev_flags) &&
1195 (cp->val == 0x02) == test_bit(HCI_LIMITED_DISCOVERABLE,
1196 &hdev->dev_flags)) {
36261547
MH		 1197 cancel_delayed_work(&hdev->discov_off);
1198 hdev->discov_timeout = timeout;
955638ec 1199
36261547
MH		 1200 if (cp->val && hdev->discov_timeout > 0) {
1201 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
955638ec 1202 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
36261547 1203 to);
955638ec
MH		 1204 }
1205
69ab39ea 1206 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
73f22f62
JH		 1207 goto failed;
1208 }
1209
2e58ef3e 1210 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DISCOVERABLE, hdev, data, len);
366a0336
JH		 1211 if (!cmd) {
1212 err = -ENOMEM;
73f22f62 1213 goto failed;
366a0336 1214 }
73f22f62 1215
310a3d48
MH		 1216 /* Cancel any potential discoverable timeout that might be
1217 * still active and store new timeout value. The arming of
1218 * the timeout happens in the complete handler.
1219 */
1220 cancel_delayed_work(&hdev->discov_off);
1221 hdev->discov_timeout = timeout;
1222
bfaf8c9f
JH		 1223 hci_req_init(&req, hdev);
1224
73f22f62
JH		 1225 scan = SCAN_PAGE;
1226
310a3d48
MH		 1227 if (cp->val) {
1228 struct hci_cp_write_current_iac_lap hci_cp;
1229
1230 if (cp->val == 0x02) {
1231 /* Limited discoverable mode */
1232 set_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
1233
1234 hci_cp.num_iac = 2;
1235 hci_cp.iac_lap[0] = 0x00; /* LIAC */
1236 hci_cp.iac_lap[1] = 0x8b;
1237 hci_cp.iac_lap[2] = 0x9e;
1238 hci_cp.iac_lap[3] = 0x33; /* GIAC */
1239 hci_cp.iac_lap[4] = 0x8b;
1240 hci_cp.iac_lap[5] = 0x9e;
1241 } else {
1242 /* General discoverable mode */
1243 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
1244
1245 hci_cp.num_iac = 1;
1246 hci_cp.iac_lap[0] = 0x33; /* GIAC */
1247 hci_cp.iac_lap[1] = 0x8b;
1248 hci_cp.iac_lap[2] = 0x9e;
1249 }
1250
1251 hci_req_add(&req, HCI_OP_WRITE_CURRENT_IAC_LAP,
1252 (hci_cp.num_iac * 3) + 1, &hci_cp);
1253
73f22f62 1254 scan |= SCAN_INQUIRY;
310a3d48
MH		 1255 } else {
1256 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
1257 }
73f22f62 1258
310a3d48 1259 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, sizeof(scan), &scan);
bfaf8c9f
JH		 1260
1261 err = hci_req_run(&req, set_discoverable_complete);
73f22f62 1262 if (err < 0)
a664b5bc 1263 mgmt_pending_remove(cmd);
73f22f62
JH		 1264
1265failed:
09fd0de5 1266 hci_dev_unlock(hdev);
73f22f62
JH		 1267 return err;
1268}
1269
406d7804
JH		 1270static void write_fast_connectable(struct hci_request *req, bool enable)
1271{
bd98b996 1272 struct hci_dev *hdev = req->hdev;
406d7804
JH		 1273 struct hci_cp_write_page_scan_activity acp;
1274 u8 type;
1275
4c01f8b8
JH		 1276 if (hdev->hci_ver < BLUETOOTH_VER_1_2)
1277 return;
1278
406d7804
JH		 1279 if (enable) {
1280 type = PAGE_SCAN_TYPE_INTERLACED;
1281
1282 /* 160 msec page scan interval */
1283 acp.interval = __constant_cpu_to_le16(0x0100);
1284 } else {
1285 type = PAGE_SCAN_TYPE_STANDARD; /* default */
1286
1287 /* default 1.28 sec page scan */
1288 acp.interval = __constant_cpu_to_le16(0x0800);
1289 }
1290
1291 acp.window = __constant_cpu_to_le16(0x0012);
1292
bd98b996
JH		 1293 if (__cpu_to_le16(hdev->page_scan_interval) != acp.interval ||
1294 __cpu_to_le16(hdev->page_scan_window) != acp.window)
1295 hci_req_add(req, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY,
1296 sizeof(acp), &acp);
1297
1298 if (hdev->page_scan_type != type)
1299 hci_req_add(req, HCI_OP_WRITE_PAGE_SCAN_TYPE, 1, &type);
406d7804
JH		 1300}
1301
1987fdc7
JH		 1302static u8 get_adv_type(struct hci_dev *hdev)
1303{
1304 struct pending_cmd *cmd;
1305 bool connectable;
1306
1307 /* If there's a pending mgmt command the flag will not yet have
1308 * it's final value, so check for this first.
1309 */
1310 cmd = mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
1311 if (cmd) {
1312 struct mgmt_mode *cp = cmd->param;
1313 connectable = !!cp->val;
1314 } else {
1315 connectable = test_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1316 }
1317
1318 return connectable ? LE_ADV_IND : LE_ADV_NONCONN_IND;
1319}
1320
95c66e75
JH		 1321static void enable_advertising(struct hci_request *req)
1322{
1323 struct hci_dev *hdev = req->hdev;
1324 struct hci_cp_le_set_adv_param cp;
1325 u8 enable = 0x01;
1326
1327 memset(&cp, 0, sizeof(cp));
1328 cp.min_interval = __constant_cpu_to_le16(0x0800);
1329 cp.max_interval = __constant_cpu_to_le16(0x0800);
1987fdc7 1330 cp.type = get_adv_type(hdev);
79830f66 1331 cp.own_address_type = hdev->own_addr_type;
95c66e75
JH		 1332 cp.channel_map = 0x07;
1333
1334 hci_req_add(req, HCI_OP_LE_SET_ADV_PARAM, sizeof(cp), &cp);
1335
1336 hci_req_add(req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable), &enable);
1337}
1338
1339static void disable_advertising(struct hci_request *req)
1340{
1341 u8 enable = 0x00;
1342
1343 hci_req_add(req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable), &enable);
1344}
1345
2b76f453
JH		 1346static void set_connectable_complete(struct hci_dev *hdev, u8 status)
1347{
1348 struct pending_cmd *cmd;
d7b856f9
JH		 1349 struct mgmt_mode *cp;
1350 bool changed;
2b76f453
JH		 1351
1352 BT_DBG("status 0x%02x", status);
1353
1354 hci_dev_lock(hdev);
1355
1356 cmd = mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
1357 if (!cmd)
1358 goto unlock;
1359
37438c1f
JH		 1360 if (status) {
1361 u8 mgmt_err = mgmt_status(status);
1362 cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
1363 goto remove_cmd;
1364 }
1365
d7b856f9
JH		 1366 cp = cmd->param;
1367 if (cp->val)
1368 changed = !test_and_set_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1369 else
1370 changed = test_and_clear_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1371
2b76f453
JH		 1372 send_settings_rsp(cmd->sk, MGMT_OP_SET_CONNECTABLE, hdev);
1373
d7b856f9
JH		 1374 if (changed)
1375 new_settings(hdev, cmd->sk);
1376
37438c1f 1377remove_cmd:
2b76f453
JH		 1378 mgmt_pending_remove(cmd);
1379
1380unlock:
1381 hci_dev_unlock(hdev);
1382}
1383
e8ba3a1f
JH		 1384static int set_connectable_update_settings(struct hci_dev *hdev,
1385 struct sock *sk, u8 val)
1386{
1387 bool changed = false;
1388 int err;
1389
1390 if (!!val != test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
1391 changed = true;
1392
1393 if (val) {
1394 set_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1395 } else {
1396 clear_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1397 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
1398 }
1399
1400 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
1401 if (err < 0)
1402 return err;
1403
1404 if (changed)
1405 return new_settings(hdev, sk);
1406
1407 return 0;
1408}
1409
bdb6d971 1410static int set_connectable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1411 u16 len)
9fbcbb45 1412{
650f726d 1413 struct mgmt_mode *cp = data;
366a0336 1414 struct pending_cmd *cmd;
2b76f453 1415 struct hci_request req;
1987fdc7 1416 u8 scan;
9fbcbb45
JH		 1417 int err;
1418
bdb6d971 1419 BT_DBG("request for %s", hdev->name);
9fbcbb45 1420
1987fdc7
JH		 1421 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags) &&
1422 !test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
33c525c0 1423 return cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1987fdc7 1424 MGMT_STATUS_REJECTED);
33c525c0 1425
a7e80f25
JH		 1426 if (cp->val != 0x00 && cp->val != 0x01)
1427 return cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1428 MGMT_STATUS_INVALID_PARAMS);
1429
09fd0de5 1430 hci_dev_lock(hdev);
9fbcbb45 1431
4b34ee78 1432 if (!hdev_is_powered(hdev)) {
e8ba3a1f 1433 err = set_connectable_update_settings(hdev, sk, cp->val);
9fbcbb45
JH		 1434 goto failed;
1435 }
1436
2e58ef3e 1437 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
8ce8e2b5 1438 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
bdb6d971 1439 err = cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
04124681 1440 MGMT_STATUS_BUSY);
9fbcbb45
JH		 1441 goto failed;
1442 }
1443
2e58ef3e 1444 cmd = mgmt_pending_add(sk, MGMT_OP_SET_CONNECTABLE, hdev, data, len);
366a0336
JH		 1445 if (!cmd) {
1446 err = -ENOMEM;
9fbcbb45 1447 goto failed;
366a0336 1448 }
9fbcbb45 1449
9b74246f 1450 hci_req_init(&req, hdev);
9fbcbb45 1451
9b74246f
JH		 1452 if (test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags) &&
1453 cp->val != test_bit(HCI_PSCAN, &hdev->flags)) {
9b74246f
JH		 1454 if (cp->val) {
1455 scan = SCAN_PAGE;
1456 } else {
1457 scan = 0;
1458
1459 if (test_bit(HCI_ISCAN, &hdev->flags) &&
8d6083fe 1460 hdev->discov_timeout > 0)
9b74246f
JH		 1461 cancel_delayed_work(&hdev->discov_off);
1462 }
2b76f453 1463
9b74246f
JH		 1464 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1465 }
2b76f453 1466
4c01f8b8
JH		 1467 /* If we're going from non-connectable to connectable or
1468 * vice-versa when fast connectable is enabled ensure that fast
1469 * connectable gets disabled. write_fast_connectable won't do
1470 * anything if the page scan parameters are already what they
1471 * should be.
1472 */
1473 if (cp->val || test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags))
e36a3769
JH		 1474 write_fast_connectable(&req, false);
1475
1987fdc7
JH		 1476 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags) &&
1477 hci_conn_num(hdev, LE_LINK) == 0) {
1478 disable_advertising(&req);
1479 enable_advertising(&req);
1480 }
1481
2b76f453 1482 err = hci_req_run(&req, set_connectable_complete);
9b74246f 1483 if (err < 0) {
a664b5bc 1484 mgmt_pending_remove(cmd);
9b74246f 1485 if (err == -ENODATA)
a81070ba
JH		 1486 err = set_connectable_update_settings(hdev, sk,
1487 cp->val);
9b74246f
JH		 1488 goto failed;
1489 }
9fbcbb45
JH		 1490
1491failed:
09fd0de5 1492 hci_dev_unlock(hdev);
9fbcbb45
JH		 1493 return err;
1494}
1495
bdb6d971 1496static int set_pairable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1497 u16 len)
c542a06c 1498{
650f726d 1499 struct mgmt_mode *cp = data;
55594356 1500 bool changed;
c542a06c
JH		 1501 int err;
1502
bdb6d971 1503 BT_DBG("request for %s", hdev->name);
c542a06c 1504
a7e80f25
JH		 1505 if (cp->val != 0x00 && cp->val != 0x01)
1506 return cmd_status(sk, hdev->id, MGMT_OP_SET_PAIRABLE,
1507 MGMT_STATUS_INVALID_PARAMS);
1508
09fd0de5 1509 hci_dev_lock(hdev);
c542a06c
JH		 1510
1511 if (cp->val)
55594356 1512 changed = !test_and_set_bit(HCI_PAIRABLE, &hdev->dev_flags);
c542a06c 1513 else
55594356 1514 changed = test_and_clear_bit(HCI_PAIRABLE, &hdev->dev_flags);
c542a06c 1515
69ab39ea 1516 err = send_settings_rsp(sk, MGMT_OP_SET_PAIRABLE, hdev);
c542a06c 1517 if (err < 0)
55594356 1518 goto unlock;
c542a06c 1519
55594356
MH		 1520 if (changed)
1521 err = new_settings(hdev, sk);
c542a06c 1522
55594356 1523unlock:
09fd0de5 1524 hci_dev_unlock(hdev);
c542a06c
JH		 1525 return err;
1526}
1527
04124681
GP		 1528static int set_link_security(struct sock *sk, struct hci_dev *hdev, void *data,
1529 u16 len)
33ef95ed
JH		 1530{
1531 struct mgmt_mode *cp = data;
1532 struct pending_cmd *cmd;
e6fe7986 1533 u8 val, status;
33ef95ed
JH		 1534 int err;
1535
bdb6d971 1536 BT_DBG("request for %s", hdev->name);
33ef95ed 1537
e6fe7986
JH		 1538 status = mgmt_bredr_support(hdev);
1539 if (status)
33c525c0 1540 return cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
e6fe7986 1541 status);
33c525c0 1542
a7e80f25
JH		 1543 if (cp->val != 0x00 && cp->val != 0x01)
1544 return cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1545 MGMT_STATUS_INVALID_PARAMS);
1546
33ef95ed
JH		 1547 hci_dev_lock(hdev);
1548
4b34ee78 1549 if (!hdev_is_powered(hdev)) {
47990ea0
JH		 1550 bool changed = false;
1551
1552 if (!!cp->val != test_bit(HCI_LINK_SECURITY,
8ce8e2b5 1553 &hdev->dev_flags)) {
47990ea0
JH		 1554 change_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
1555 changed = true;
1556 }
1557
1558 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1559 if (err < 0)
1560 goto failed;
1561
1562 if (changed)
1563 err = new_settings(hdev, sk);
1564
33ef95ed
JH		 1565 goto failed;
1566 }
1567
1568 if (mgmt_pending_find(MGMT_OP_SET_LINK_SECURITY, hdev)) {
bdb6d971 1569 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
04124681 1570 MGMT_STATUS_BUSY);
33ef95ed
JH		 1571 goto failed;
1572 }
1573
1574 val = !!cp->val;
1575
1576 if (test_bit(HCI_AUTH, &hdev->flags) == val) {
1577 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1578 goto failed;
1579 }
1580
1581 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LINK_SECURITY, hdev, data, len);
1582 if (!cmd) {
1583 err = -ENOMEM;
1584 goto failed;
1585 }
1586
1587 err = hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE, sizeof(val), &val);
1588 if (err < 0) {
1589 mgmt_pending_remove(cmd);
1590 goto failed;
1591 }
1592
1593failed:
1594 hci_dev_unlock(hdev);
33ef95ed
JH		 1595 return err;
1596}
1597
bdb6d971 1598static int set_ssp(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
ed2c4ee3
JH		 1599{
1600 struct mgmt_mode *cp = data;
1601 struct pending_cmd *cmd;
72ef0c1a 1602 u8 status;
ed2c4ee3
JH		 1603 int err;
1604
bdb6d971 1605 BT_DBG("request for %s", hdev->name);
ed2c4ee3 1606
cdba5281
MH		 1607 status = mgmt_bredr_support(hdev);
1608 if (status)
1609 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP, status);
1610
13ecd8b6
JH		 1611 if (!lmp_ssp_capable(hdev))
1612 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1613 MGMT_STATUS_NOT_SUPPORTED);
ed2c4ee3 1614
a7e80f25
JH		 1615 if (cp->val != 0x00 && cp->val != 0x01)
1616 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1617 MGMT_STATUS_INVALID_PARAMS);
1618
13ecd8b6 1619 hci_dev_lock(hdev);
6c8f12c1 1620
4b34ee78 1621 if (!hdev_is_powered(hdev)) {
9ecb3e24 1622 bool changed;
c0ecddc2 1623
9ecb3e24
MH		 1624 if (cp->val) {
1625 changed = !test_and_set_bit(HCI_SSP_ENABLED,
1626 &hdev->dev_flags);
1627 } else {
1628 changed = test_and_clear_bit(HCI_SSP_ENABLED,
1629 &hdev->dev_flags);
1630 if (!changed)
1631 changed = test_and_clear_bit(HCI_HS_ENABLED,
1632 &hdev->dev_flags);
1633 else
1634 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
c0ecddc2
JH		 1635 }
1636
1637 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1638 if (err < 0)
1639 goto failed;
1640
1641 if (changed)
1642 err = new_settings(hdev, sk);
1643
ed2c4ee3
JH		 1644 goto failed;
1645 }
1646
9ecb3e24
MH		 1647 if (mgmt_pending_find(MGMT_OP_SET_SSP, hdev) ||
1648 mgmt_pending_find(MGMT_OP_SET_HS, hdev)) {
d97dcb66
SJ		 1649 err = cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1650 MGMT_STATUS_BUSY);
ed2c4ee3
JH		 1651 goto failed;
1652 }
1653
72ef0c1a 1654 if (!!cp->val == test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) {
ed2c4ee3
JH		 1655 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1656 goto failed;
1657 }
1658
1659 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SSP, hdev, data, len);
1660 if (!cmd) {
1661 err = -ENOMEM;
1662 goto failed;
1663 }
1664
72ef0c1a 1665 err = hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, 1, &cp->val);
ed2c4ee3
JH		 1666 if (err < 0) {
1667 mgmt_pending_remove(cmd);
1668 goto failed;
1669 }
1670
1671failed:
1672 hci_dev_unlock(hdev);
ed2c4ee3
JH		 1673 return err;
1674}
1675
bdb6d971 1676static int set_hs(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
6d80dfd0
JH		 1677{
1678 struct mgmt_mode *cp = data;
ee392693 1679 bool changed;
e6fe7986 1680 u8 status;
ee392693 1681 int err;
6d80dfd0 1682
bdb6d971 1683 BT_DBG("request for %s", hdev->name);
6d80dfd0 1684
e6fe7986
JH		 1685 status = mgmt_bredr_support(hdev);
1686 if (status)
1687 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS, status);
6d80dfd0 1688
9ecb3e24
MH		 1689 if (!lmp_ssp_capable(hdev))
1690 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1691 MGMT_STATUS_NOT_SUPPORTED);
1692
1693 if (!test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
1694 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1695 MGMT_STATUS_REJECTED);
1696
a7e80f25
JH		 1697 if (cp->val != 0x00 && cp->val != 0x01)
1698 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1699 MGMT_STATUS_INVALID_PARAMS);
1700
ee392693
MH		 1701 hci_dev_lock(hdev);
1702
a0cdf960 1703 if (cp->val) {
ee392693 1704 changed = !test_and_set_bit(HCI_HS_ENABLED, &hdev->dev_flags);
a0cdf960
MH		 1705 } else {
1706 if (hdev_is_powered(hdev)) {
1707 err = cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1708 MGMT_STATUS_REJECTED);
1709 goto unlock;
1710 }
1711
ee392693 1712 changed = test_and_clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
a0cdf960 1713 }
ee392693
MH		 1714
1715 err = send_settings_rsp(sk, MGMT_OP_SET_HS, hdev);
1716 if (err < 0)
1717 goto unlock;
1718
1719 if (changed)
1720 err = new_settings(hdev, sk);
6d80dfd0 1721
ee392693
MH		 1722unlock:
1723 hci_dev_unlock(hdev);
1724 return err;
6d80dfd0
JH		 1725}
1726
416a4ae5
JH		 1727static void le_enable_complete(struct hci_dev *hdev, u8 status)
1728{
1729 struct cmd_lookup match = { NULL, hdev };
1730
1731 if (status) {
1732 u8 mgmt_err = mgmt_status(status);
1733
1734 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, cmd_status_rsp,
1735 &mgmt_err);
1736 return;
1737 }
1738
1739 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, settings_rsp, &match);
1740
1741 new_settings(hdev, match.sk);
1742
1743 if (match.sk)
1744 sock_put(match.sk);
441ad2d0
MH		 1745
1746 /* Make sure the controller has a good default for
1747 * advertising data. Restrict the update to when LE
1748 * has actually been enabled. During power on, the
1749 * update in powered_update_hci will take care of it.
1750 */
1751 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
1752 struct hci_request req;
1753
1754 hci_dev_lock(hdev);
1755
1756 hci_req_init(&req, hdev);
5947f4bc 1757 update_adv_data(&req);
f14d8f64 1758 update_scan_rsp_data(&req);
441ad2d0
MH		 1759 hci_req_run(&req, NULL);
1760
1761 hci_dev_unlock(hdev);
1762 }
416a4ae5
JH		 1763}
1764
bdb6d971 1765static int set_le(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
06199cf8
JH		 1766{
1767 struct mgmt_mode *cp = data;
1768 struct hci_cp_write_le_host_supported hci_cp;
1769 struct pending_cmd *cmd;
416a4ae5 1770 struct hci_request req;
06199cf8 1771 int err;
0b60eba1 1772 u8 val, enabled;
06199cf8 1773
bdb6d971 1774 BT_DBG("request for %s", hdev->name);
06199cf8 1775
13ecd8b6
JH		 1776 if (!lmp_le_capable(hdev))
1777 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1778 MGMT_STATUS_NOT_SUPPORTED);
1de028ce 1779
a7e80f25
JH		 1780 if (cp->val != 0x00 && cp->val != 0x01)
1781 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1782 MGMT_STATUS_INVALID_PARAMS);
1783
c73eee91 1784 /* LE-only devices do not allow toggling LE on/off */
56f87901 1785 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
c73eee91
JH		 1786 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1787 MGMT_STATUS_REJECTED);
1788
13ecd8b6 1789 hci_dev_lock(hdev);
06199cf8
JH		 1790
1791 val = !!cp->val;
ffa88e02 1792 enabled = lmp_host_le_capable(hdev);
06199cf8 1793
0b60eba1 1794 if (!hdev_is_powered(hdev) || val == enabled) {
06199cf8
JH		 1795 bool changed = false;
1796
1797 if (val != test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
1798 change_bit(HCI_LE_ENABLED, &hdev->dev_flags);
1799 changed = true;
1800 }
1801
f3d3444a
JH		 1802 if (!val && test_bit(HCI_ADVERTISING, &hdev->dev_flags)) {
1803 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
eeca6f89
JH		 1804 changed = true;
1805 }
1806
06199cf8
JH		 1807 err = send_settings_rsp(sk, MGMT_OP_SET_LE, hdev);
1808 if (err < 0)
1de028ce 1809 goto unlock;
06199cf8
JH		 1810
1811 if (changed)
1812 err = new_settings(hdev, sk);
1813
1de028ce 1814 goto unlock;
06199cf8
JH		 1815 }
1816
4375f103
JH		 1817 if (mgmt_pending_find(MGMT_OP_SET_LE, hdev) ||
1818 mgmt_pending_find(MGMT_OP_SET_ADVERTISING, hdev)) {
bdb6d971 1819 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
04124681 1820 MGMT_STATUS_BUSY);
1de028ce 1821 goto unlock;
06199cf8
JH		 1822 }
1823
1824 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LE, hdev, data, len);
1825 if (!cmd) {
1826 err = -ENOMEM;
1de028ce 1827 goto unlock;
06199cf8
JH		 1828 }
1829
441ad2d0
MH		 1830 hci_req_init(&req, hdev);
1831
06199cf8
JH		 1832 memset(&hci_cp, 0, sizeof(hci_cp));
1833
1834 if (val) {
1835 hci_cp.le = val;
ffa88e02 1836 hci_cp.simul = lmp_le_br_capable(hdev);
441ad2d0
MH		 1837 } else {
1838 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags))
1839 disable_advertising(&req);
06199cf8
JH		 1840 }
1841
416a4ae5
JH		 1842 hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(hci_cp),
1843 &hci_cp);
1844
1845 err = hci_req_run(&req, le_enable_complete);
0c01bc48 1846 if (err < 0)
06199cf8 1847 mgmt_pending_remove(cmd);
06199cf8 1848
1de028ce
JH		 1849unlock:
1850 hci_dev_unlock(hdev);
06199cf8
JH		 1851 return err;
1852}
1853
0cab9c80
JH		 1854/* This is a helper function to test for pending mgmt commands that can
1855 * cause CoD or EIR HCI commands. We can only allow one such pending
1856 * mgmt command at a time since otherwise we cannot easily track what
1857 * the current values are, will be, and based on that calculate if a new
1858 * HCI command needs to be sent and if yes with what value.
1859 */
1860static bool pending_eir_or_class(struct hci_dev *hdev)
1861{
1862 struct pending_cmd *cmd;
1863
1864 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
1865 switch (cmd->opcode) {
1866 case MGMT_OP_ADD_UUID:
1867 case MGMT_OP_REMOVE_UUID:
1868 case MGMT_OP_SET_DEV_CLASS:
1869 case MGMT_OP_SET_POWERED:
1870 return true;
1871 }
1872 }
1873
1874 return false;
1875}
1876
83be8eca
JH		 1877static const u8 bluetooth_base_uuid[] = {
1878 0xfb, 0x34, 0x9b, 0x5f, 0x80, 0x00, 0x00, 0x80,
1879 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1880};
1881
1882static u8 get_uuid_size(const u8 *uuid)
1883{
1884 u32 val;
1885
1886 if (memcmp(uuid, bluetooth_base_uuid, 12))
1887 return 128;
1888
1889 val = get_unaligned_le32(&uuid[12]);
1890 if (val > 0xffff)
1891 return 32;
1892
1893 return 16;
1894}
1895
92da6097
JH		 1896static void mgmt_class_complete(struct hci_dev *hdev, u16 mgmt_op, u8 status)
1897{
1898 struct pending_cmd *cmd;
1899
1900 hci_dev_lock(hdev);
1901
1902 cmd = mgmt_pending_find(mgmt_op, hdev);
1903 if (!cmd)
1904 goto unlock;
1905
1906 cmd_complete(cmd->sk, cmd->index, cmd->opcode, mgmt_status(status),
1907 hdev->dev_class, 3);
1908
1909 mgmt_pending_remove(cmd);
1910
1911unlock:
1912 hci_dev_unlock(hdev);
1913}
1914
1915static void add_uuid_complete(struct hci_dev *hdev, u8 status)
1916{
1917 BT_DBG("status 0x%02x", status);
1918
1919 mgmt_class_complete(hdev, MGMT_OP_ADD_UUID, status);
1920}
1921
bdb6d971 1922static int add_uuid(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
2aeb9a1a 1923{
650f726d 1924 struct mgmt_cp_add_uuid *cp = data;
90e70454 1925 struct pending_cmd *cmd;
890ea898 1926 struct hci_request req;
2aeb9a1a 1927 struct bt_uuid *uuid;
2aeb9a1a
JH		 1928 int err;
1929
bdb6d971 1930 BT_DBG("request for %s", hdev->name);
2aeb9a1a 1931
09fd0de5 1932 hci_dev_lock(hdev);
2aeb9a1a 1933
0cab9c80 1934 if (pending_eir_or_class(hdev)) {
bdb6d971 1935 err = cmd_status(sk, hdev->id, MGMT_OP_ADD_UUID,
04124681 1936 MGMT_STATUS_BUSY);
c95f0ba7
JH		 1937 goto failed;
1938 }
1939
92c4c204 1940 uuid = kmalloc(sizeof(*uuid), GFP_KERNEL);
2aeb9a1a
JH		 1941 if (!uuid) {
1942 err = -ENOMEM;
1943 goto failed;
1944 }
1945
1946 memcpy(uuid->uuid, cp->uuid, 16);
1aff6f09 1947 uuid->svc_hint = cp->svc_hint;
83be8eca 1948 uuid->size = get_uuid_size(cp->uuid);
2aeb9a1a 1949
de66aa63 1950 list_add_tail(&uuid->list, &hdev->uuids);
2aeb9a1a 1951
890ea898 1952 hci_req_init(&req, hdev);
1aff6f09 1953
890ea898
JH		 1954 update_class(&req);
1955 update_eir(&req);
1956
92da6097
JH		 1957 err = hci_req_run(&req, add_uuid_complete);
1958 if (err < 0) {
1959 if (err != -ENODATA)
1960 goto failed;
80a1e1db 1961
bdb6d971 1962 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_UUID, 0,
04124681 1963 hdev->dev_class, 3);
90e70454
JH		 1964 goto failed;
1965 }
1966
1967 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_UUID, hdev, data, len);
890ea898 1968 if (!cmd) {
90e70454 1969 err = -ENOMEM;
890ea898
JH		 1970 goto failed;
1971 }
1972
1973 err = 0;
2aeb9a1a
JH		 1974
1975failed:
09fd0de5 1976 hci_dev_unlock(hdev);
2aeb9a1a
JH		 1977 return err;
1978}
1979
24b78d0f
JH		 1980static bool enable_service_cache(struct hci_dev *hdev)
1981{
1982 if (!hdev_is_powered(hdev))
1983 return false;
1984
1985 if (!test_and_set_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
46818ed5
JH		 1986 queue_delayed_work(hdev->workqueue, &hdev->service_cache,
1987 CACHE_TIMEOUT);
24b78d0f
JH		 1988 return true;
1989 }
1990
1991 return false;
1992}
1993
92da6097
JH		 1994static void remove_uuid_complete(struct hci_dev *hdev, u8 status)
1995{
1996 BT_DBG("status 0x%02x", status);
1997
1998 mgmt_class_complete(hdev, MGMT_OP_REMOVE_UUID, status);
1999}
2000
bdb6d971 2001static int remove_uuid(struct sock *sk, struct hci_dev *hdev, void *data,
8ce8e2b5 2002 u16 len)
2aeb9a1a 2003{
650f726d 2004 struct mgmt_cp_remove_uuid *cp = data;
90e70454 2005 struct pending_cmd *cmd;
056341c8 2006 struct bt_uuid *match, *tmp;
2aeb9a1a 2007 u8 bt_uuid_any[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
890ea898 2008 struct hci_request req;
2aeb9a1a
JH		 2009 int err, found;
2010
bdb6d971 2011 BT_DBG("request for %s", hdev->name);
2aeb9a1a 2012
09fd0de5 2013 hci_dev_lock(hdev);
2aeb9a1a 2014
0cab9c80 2015 if (pending_eir_or_class(hdev)) {
bdb6d971 2016 err = cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
04124681 2017 MGMT_STATUS_BUSY);
c95f0ba7
JH		 2018 goto unlock;
2019 }
2020
2aeb9a1a
JH		 2021 if (memcmp(cp->uuid, bt_uuid_any, 16) == 0) {
2022 err = hci_uuids_clear(hdev);
4004b6d9 2023
24b78d0f 2024 if (enable_service_cache(hdev)) {
bdb6d971 2025 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID,
04124681 2026 0, hdev->dev_class, 3);
24b78d0f
JH		 2027 goto unlock;
2028 }
4004b6d9 2029
9246a869 2030 goto update_class;
2aeb9a1a
JH		 2031 }
2032
2033 found = 0;
2034
056341c8 2035 list_for_each_entry_safe(match, tmp, &hdev->uuids, list) {
2aeb9a1a
JH		 2036 if (memcmp(match->uuid, cp->uuid, 16) != 0)
2037 continue;
2038
2039 list_del(&match->list);
482049f7 2040 kfree(match);
2aeb9a1a
JH		 2041 found++;
2042 }
2043
2044 if (found == 0) {
bdb6d971 2045 err = cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
04124681 2046 MGMT_STATUS_INVALID_PARAMS);
2aeb9a1a
JH		 2047 goto unlock;
2048 }
2049
9246a869 2050update_class:
890ea898 2051 hci_req_init(&req, hdev);
1aff6f09 2052
890ea898
JH		 2053 update_class(&req);
2054 update_eir(&req);
2055
92da6097
JH		 2056 err = hci_req_run(&req, remove_uuid_complete);
2057 if (err < 0) {
2058 if (err != -ENODATA)
2059 goto unlock;
80a1e1db 2060
bdb6d971 2061 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID, 0,
04124681 2062 hdev->dev_class, 3);
90e70454
JH		 2063 goto unlock;
2064 }
2065
2066 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_UUID, hdev, data, len);
890ea898 2067 if (!cmd) {
90e70454 2068 err = -ENOMEM;
890ea898
JH		 2069 goto unlock;
2070 }
2071
2072 err = 0;
2aeb9a1a
JH		 2073
2074unlock:
09fd0de5 2075 hci_dev_unlock(hdev);
2aeb9a1a
JH		 2076 return err;
2077}
2078
92da6097
JH		 2079static void set_class_complete(struct hci_dev *hdev, u8 status)
2080{
2081 BT_DBG("status 0x%02x", status);
2082
2083 mgmt_class_complete(hdev, MGMT_OP_SET_DEV_CLASS, status);
2084}
2085
bdb6d971 2086static int set_dev_class(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2087 u16 len)
1aff6f09 2088{
650f726d 2089 struct mgmt_cp_set_dev_class *cp = data;
90e70454 2090 struct pending_cmd *cmd;
890ea898 2091 struct hci_request req;
1aff6f09
JH		 2092 int err;
2093
bdb6d971 2094 BT_DBG("request for %s", hdev->name);
1aff6f09 2095
6203fc98 2096 if (!lmp_bredr_capable(hdev))
13ecd8b6
JH		 2097 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2098 MGMT_STATUS_NOT_SUPPORTED);
1aff6f09 2099
0cab9c80 2100 hci_dev_lock(hdev);
ee98f473 2101
0cab9c80
JH		 2102 if (pending_eir_or_class(hdev)) {
2103 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2104 MGMT_STATUS_BUSY);
2105 goto unlock;
2106 }
c95f0ba7 2107
0cab9c80
JH		 2108 if ((cp->minor & 0x03) != 0 || (cp->major & 0xe0) != 0) {
2109 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2110 MGMT_STATUS_INVALID_PARAMS);
2111 goto unlock;
2112 }
575b3a02 2113
932f5ff5
JH		 2114 hdev->major_class = cp->major;
2115 hdev->minor_class = cp->minor;
2116
b5235a65 2117 if (!hdev_is_powered(hdev)) {
bdb6d971 2118 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
04124681 2119 hdev->dev_class, 3);
b5235a65
JH		 2120 goto unlock;
2121 }
2122
890ea898
JH		 2123 hci_req_init(&req, hdev);
2124
a8b2d5c2 2125 if (test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
7d78525d
JH		 2126 hci_dev_unlock(hdev);
2127 cancel_delayed_work_sync(&hdev->service_cache);
2128 hci_dev_lock(hdev);
890ea898 2129 update_eir(&req);
7d78525d 2130 }
14c0b608 2131
890ea898
JH		 2132 update_class(&req);
2133
92da6097
JH		 2134 err = hci_req_run(&req, set_class_complete);
2135 if (err < 0) {
2136 if (err != -ENODATA)
2137 goto unlock;
1aff6f09 2138
bdb6d971 2139 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
04124681 2140 hdev->dev_class, 3);
90e70454
JH		 2141 goto unlock;
2142 }
2143
2144 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DEV_CLASS, hdev, data, len);
890ea898 2145 if (!cmd) {
90e70454 2146 err = -ENOMEM;
890ea898
JH		 2147 goto unlock;
2148 }
2149
2150 err = 0;
1aff6f09 2151
b5235a65 2152unlock:
09fd0de5 2153 hci_dev_unlock(hdev);
1aff6f09
JH		 2154 return err;
2155}
2156
bdb6d971 2157static int load_link_keys(struct sock *sk, struct hci_dev *hdev, void *data,
8ce8e2b5 2158 u16 len)
55ed8ca1 2159{
650f726d 2160 struct mgmt_cp_load_link_keys *cp = data;
4e51eae9 2161 u16 key_count, expected_len;
a492cd52 2162 int i;
55ed8ca1 2163
9060d5cf
MH		 2164 BT_DBG("request for %s", hdev->name);
2165
2166 if (!lmp_bredr_capable(hdev))
2167 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2168 MGMT_STATUS_NOT_SUPPORTED);
2169
1f350c87 2170 key_count = __le16_to_cpu(cp->key_count);
55ed8ca1 2171
86742e1e
JH		 2172 expected_len = sizeof(*cp) + key_count *
2173 sizeof(struct mgmt_link_key_info);
a492cd52 2174 if (expected_len != len) {
86742e1e 2175 BT_ERR("load_link_keys: expected %u bytes, got %u bytes",
8ce8e2b5 2176 len, expected_len);
bdb6d971 2177 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
04124681 2178 MGMT_STATUS_INVALID_PARAMS);
55ed8ca1
JH		 2179 }
2180
4ae14301
JH		 2181 if (cp->debug_keys != 0x00 && cp->debug_keys != 0x01)
2182 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2183 MGMT_STATUS_INVALID_PARAMS);
2184
bdb6d971 2185 BT_DBG("%s debug_keys %u key_count %u", hdev->name, cp->debug_keys,
8ce8e2b5 2186 key_count);
55ed8ca1 2187
4ee71b20
JH		 2188 for (i = 0; i < key_count; i++) {
2189 struct mgmt_link_key_info *key = &cp->keys[i];
2190
2191 if (key->addr.type != BDADDR_BREDR)
2192 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2193 MGMT_STATUS_INVALID_PARAMS);
2194 }
2195
09fd0de5 2196 hci_dev_lock(hdev);
55ed8ca1
JH		 2197
2198 hci_link_keys_clear(hdev);
2199
55ed8ca1 2200 if (cp->debug_keys)
a8b2d5c2 2201 set_bit(HCI_DEBUG_KEYS, &hdev->dev_flags);
55ed8ca1 2202 else
a8b2d5c2 2203 clear_bit(HCI_DEBUG_KEYS, &hdev->dev_flags);
55ed8ca1 2204
a492cd52 2205 for (i = 0; i < key_count; i++) {
86742e1e 2206 struct mgmt_link_key_info *key = &cp->keys[i];
55ed8ca1 2207
d753fdc4 2208 hci_add_link_key(hdev, NULL, 0, &key->addr.bdaddr, key->val,
04124681 2209 key->type, key->pin_len);
55ed8ca1
JH		 2210 }
2211
bdb6d971 2212 cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS, 0, NULL, 0);
0e5f875a 2213
09fd0de5 2214 hci_dev_unlock(hdev);
55ed8ca1 2215
a492cd52 2216 return 0;
55ed8ca1
JH		 2217}
2218
b1078ad0 2219static int device_unpaired(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 2220 u8 addr_type, struct sock *skip_sk)
b1078ad0
JH		 2221{
2222 struct mgmt_ev_device_unpaired ev;
2223
2224 bacpy(&ev.addr.bdaddr, bdaddr);
2225 ev.addr.type = addr_type;
2226
2227 return mgmt_event(MGMT_EV_DEVICE_UNPAIRED, hdev, &ev, sizeof(ev),
04124681 2228 skip_sk);
b1078ad0
JH		 2229}
2230
bdb6d971 2231static int unpair_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2232 u16 len)
55ed8ca1 2233{
124f6e35
JH		 2234 struct mgmt_cp_unpair_device *cp = data;
2235 struct mgmt_rp_unpair_device rp;
a8a1d19e
JH		 2236 struct hci_cp_disconnect dc;
2237 struct pending_cmd *cmd;
55ed8ca1 2238 struct hci_conn *conn;
55ed8ca1
JH		 2239 int err;
2240
a8a1d19e 2241 memset(&rp, 0, sizeof(rp));
124f6e35
JH		 2242 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2243 rp.addr.type = cp->addr.type;
a8a1d19e 2244
4ee71b20
JH		 2245 if (!bdaddr_type_is_valid(cp->addr.type))
2246 return cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2247 MGMT_STATUS_INVALID_PARAMS,
2248 &rp, sizeof(rp));
2249
118da70b
JH		 2250 if (cp->disconnect != 0x00 && cp->disconnect != 0x01)
2251 return cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2252 MGMT_STATUS_INVALID_PARAMS,
2253 &rp, sizeof(rp));
2254
4ee71b20
JH		 2255 hci_dev_lock(hdev);
2256
86a8cfc6 2257 if (!hdev_is_powered(hdev)) {
bdb6d971 2258 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
04124681 2259 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
86a8cfc6
JH		 2260 goto unlock;
2261 }
2262
591f47f3 2263 if (cp->addr.type == BDADDR_BREDR)
124f6e35
JH		 2264 err = hci_remove_link_key(hdev, &cp->addr.bdaddr);
2265 else
2266 err = hci_remove_ltk(hdev, &cp->addr.bdaddr);
b0dbfb46 2267
55ed8ca1 2268 if (err < 0) {
bdb6d971 2269 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
04124681 2270 MGMT_STATUS_NOT_PAIRED, &rp, sizeof(rp));
55ed8ca1
JH		 2271 goto unlock;
2272 }
2273
86a8cfc6 2274 if (cp->disconnect) {
591f47f3 2275 if (cp->addr.type == BDADDR_BREDR)
86a8cfc6 2276 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
8ce8e2b5 2277 &cp->addr.bdaddr);
86a8cfc6
JH		 2278 else
2279 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK,
8ce8e2b5 2280 &cp->addr.bdaddr);
86a8cfc6
JH		 2281 } else {
2282 conn = NULL;
2283 }
124f6e35 2284
a8a1d19e 2285 if (!conn) {
bdb6d971 2286 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE, 0,
04124681 2287 &rp, sizeof(rp));
b1078ad0 2288 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, sk);
a8a1d19e
JH		 2289 goto unlock;
2290 }
55ed8ca1 2291
124f6e35 2292 cmd = mgmt_pending_add(sk, MGMT_OP_UNPAIR_DEVICE, hdev, cp,
04124681 2293 sizeof(*cp));
a8a1d19e
JH		 2294 if (!cmd) {
2295 err = -ENOMEM;
2296 goto unlock;
55ed8ca1
JH		 2297 }
2298
eb55ef07 2299 dc.handle = cpu_to_le16(conn->handle);
a8a1d19e
JH		 2300 dc.reason = 0x13; /* Remote User Terminated Connection */
2301 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
2302 if (err < 0)
2303 mgmt_pending_remove(cmd);
2304
55ed8ca1 2305unlock:
09fd0de5 2306 hci_dev_unlock(hdev);
55ed8ca1
JH		 2307 return err;
2308}
2309
bdb6d971 2310static int disconnect(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2311 u16 len)
8962ee74 2312{
650f726d 2313 struct mgmt_cp_disconnect *cp = data;
06a63b19 2314 struct mgmt_rp_disconnect rp;
8962ee74 2315 struct hci_cp_disconnect dc;
366a0336 2316 struct pending_cmd *cmd;
8962ee74 2317 struct hci_conn *conn;
8962ee74
JH		 2318 int err;
2319
2320 BT_DBG("");
2321
06a63b19
JH		 2322 memset(&rp, 0, sizeof(rp));
2323 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2324 rp.addr.type = cp->addr.type;
2325
4ee71b20 2326 if (!bdaddr_type_is_valid(cp->addr.type))
06a63b19
JH		 2327 return cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2328 MGMT_STATUS_INVALID_PARAMS,
2329 &rp, sizeof(rp));
4ee71b20 2330
09fd0de5 2331 hci_dev_lock(hdev);
8962ee74
JH		 2332
2333 if (!test_bit(HCI_UP, &hdev->flags)) {
06a63b19
JH		 2334 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2335 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
8962ee74
JH		 2336 goto failed;
2337 }
2338
2e58ef3e 2339 if (mgmt_pending_find(MGMT_OP_DISCONNECT, hdev)) {
06a63b19
JH		 2340 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2341 MGMT_STATUS_BUSY, &rp, sizeof(rp));
8962ee74
JH		 2342 goto failed;
2343 }
2344
591f47f3 2345 if (cp->addr.type == BDADDR_BREDR)
8fc9ced3
GP		 2346 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
2347 &cp->addr.bdaddr);
88c3df13
JH		 2348 else
2349 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
365227e5 2350
f960727e 2351 if (!conn || conn->state == BT_OPEN || conn->state == BT_CLOSED) {
06a63b19
JH		 2352 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2353 MGMT_STATUS_NOT_CONNECTED, &rp, sizeof(rp));
8962ee74
JH		 2354 goto failed;
2355 }
2356
2e58ef3e 2357 cmd = mgmt_pending_add(sk, MGMT_OP_DISCONNECT, hdev, data, len);
366a0336
JH		 2358 if (!cmd) {
2359 err = -ENOMEM;
8962ee74 2360 goto failed;
366a0336 2361 }
8962ee74 2362
eb55ef07 2363 dc.handle = cpu_to_le16(conn->handle);
3701f944 2364 dc.reason = HCI_ERROR_REMOTE_USER_TERM;
8962ee74
JH		 2365
2366 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
2367 if (err < 0)
a664b5bc 2368 mgmt_pending_remove(cmd);
8962ee74
JH		 2369
2370failed:
09fd0de5 2371 hci_dev_unlock(hdev);
8962ee74
JH		 2372 return err;
2373}
2374
57c1477c 2375static u8 link_to_bdaddr(u8 link_type, u8 addr_type)
4c659c39
JH		 2376{
2377 switch (link_type) {
2378 case LE_LINK:
48264f06
JH		 2379 switch (addr_type) {
2380 case ADDR_LE_DEV_PUBLIC:
591f47f3 2381 return BDADDR_LE_PUBLIC;
0ed09148 2382
48264f06 2383 default:
0ed09148 2384 /* Fallback to LE Random address type */
591f47f3 2385 return BDADDR_LE_RANDOM;
48264f06 2386 }
0ed09148 2387
4c659c39 2388 default:
0ed09148 2389 /* Fallback to BR/EDR type */
591f47f3 2390 return BDADDR_BREDR;
4c659c39
JH		 2391 }
2392}
2393
04124681
GP		 2394static int get_connections(struct sock *sk, struct hci_dev *hdev, void *data,
2395 u16 data_len)
2784eb41 2396{
2784eb41 2397 struct mgmt_rp_get_connections *rp;
8035ded4 2398 struct hci_conn *c;
a38528f1 2399 size_t rp_len;
60fc5fb6
JH		 2400 int err;
2401 u16 i;
2784eb41
JH		 2402
2403 BT_DBG("");
2404
09fd0de5 2405 hci_dev_lock(hdev);
2784eb41 2406
5f97c1df 2407 if (!hdev_is_powered(hdev)) {
bdb6d971 2408 err = cmd_status(sk, hdev->id, MGMT_OP_GET_CONNECTIONS,
04124681 2409 MGMT_STATUS_NOT_POWERED);
5f97c1df
JH		 2410 goto unlock;
2411 }
2412
60fc5fb6 2413 i = 0;
b644ba33
JH		 2414 list_for_each_entry(c, &hdev->conn_hash.list, list) {
2415 if (test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
60fc5fb6 2416 i++;
2784eb41
JH		 2417 }
2418
60fc5fb6 2419 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
92c4c204 2420 rp = kmalloc(rp_len, GFP_KERNEL);
a38528f1 2421 if (!rp) {
2784eb41
JH		 2422 err = -ENOMEM;
2423 goto unlock;
2424 }
2425
2784eb41 2426 i = 0;
4c659c39 2427 list_for_each_entry(c, &hdev->conn_hash.list, list) {
b644ba33
JH		 2428 if (!test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
2429 continue;
4c659c39 2430 bacpy(&rp->addr[i].bdaddr, &c->dst);
57c1477c 2431 rp->addr[i].type = link_to_bdaddr(c->type, c->dst_type);
0ed09148 2432 if (c->type == SCO_LINK || c->type == ESCO_LINK)
4c659c39
JH		 2433 continue;
2434 i++;
2435 }
2436
eb55ef07 2437 rp->conn_count = cpu_to_le16(i);
60fc5fb6 2438
4c659c39
JH		 2439 /* Recalculate length in case of filtered SCO connections, etc */
2440 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
2784eb41 2441
bdb6d971 2442 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CONNECTIONS, 0, rp,
04124681 2443 rp_len);
2784eb41 2444
a38528f1 2445 kfree(rp);
5f97c1df
JH		 2446
2447unlock:
09fd0de5 2448 hci_dev_unlock(hdev);
2784eb41
JH		 2449 return err;
2450}
2451
bdb6d971 2452static int send_pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 2453 struct mgmt_cp_pin_code_neg_reply *cp)
96d97a67
WR		 2454{
2455 struct pending_cmd *cmd;
2456 int err;
2457
2e58ef3e 2458 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_NEG_REPLY, hdev, cp,
04124681 2459 sizeof(*cp));
96d97a67
WR		 2460 if (!cmd)
2461 return -ENOMEM;
2462
d8457698 2463 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
04124681 2464 sizeof(cp->addr.bdaddr), &cp->addr.bdaddr);
96d97a67
WR		 2465 if (err < 0)
2466 mgmt_pending_remove(cmd);
2467
2468 return err;
2469}
2470
bdb6d971 2471static int pin_code_reply(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2472 u16 len)
980e1a53 2473{
96d97a67 2474 struct hci_conn *conn;
650f726d 2475 struct mgmt_cp_pin_code_reply *cp = data;
980e1a53 2476 struct hci_cp_pin_code_reply reply;
366a0336 2477 struct pending_cmd *cmd;
980e1a53
JH		 2478 int err;
2479
2480 BT_DBG("");
2481
09fd0de5 2482 hci_dev_lock(hdev);
980e1a53 2483
4b34ee78 2484 if (!hdev_is_powered(hdev)) {
bdb6d971 2485 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
04124681 2486 MGMT_STATUS_NOT_POWERED);
980e1a53
JH		 2487 goto failed;
2488 }
2489
d8457698 2490 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->addr.bdaddr);
96d97a67 2491 if (!conn) {
bdb6d971 2492 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
04124681 2493 MGMT_STATUS_NOT_CONNECTED);
96d97a67
WR		 2494 goto failed;
2495 }
2496
2497 if (conn->pending_sec_level == BT_SECURITY_HIGH && cp->pin_len != 16) {
d8457698
JH		 2498 struct mgmt_cp_pin_code_neg_reply ncp;
2499
2500 memcpy(&ncp.addr, &cp->addr, sizeof(ncp.addr));
96d97a67
WR		 2501
2502 BT_ERR("PIN code is not 16 bytes long");
2503
bdb6d971 2504 err = send_pin_code_neg_reply(sk, hdev, &ncp);
96d97a67 2505 if (err >= 0)
bdb6d971 2506 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
04124681 2507 MGMT_STATUS_INVALID_PARAMS);
96d97a67
WR		 2508
2509 goto failed;
2510 }
2511
00abfe44 2512 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_REPLY, hdev, data, len);
366a0336
JH		 2513 if (!cmd) {
2514 err = -ENOMEM;
980e1a53 2515 goto failed;
366a0336 2516 }
980e1a53 2517
d8457698 2518 bacpy(&reply.bdaddr, &cp->addr.bdaddr);
980e1a53 2519 reply.pin_len = cp->pin_len;
24718ca5 2520 memcpy(reply.pin_code, cp->pin_code, sizeof(reply.pin_code));
980e1a53
JH		 2521
2522 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_REPLY, sizeof(reply), &reply);
2523 if (err < 0)
a664b5bc 2524 mgmt_pending_remove(cmd);
980e1a53
JH		 2525
2526failed:
09fd0de5 2527 hci_dev_unlock(hdev);
980e1a53
JH		 2528 return err;
2529}
2530
04124681
GP		 2531static int set_io_capability(struct sock *sk, struct hci_dev *hdev, void *data,
2532 u16 len)
17fa4b9d 2533{
650f726d 2534 struct mgmt_cp_set_io_capability *cp = data;
17fa4b9d
JH		 2535
2536 BT_DBG("");
2537
09fd0de5 2538 hci_dev_lock(hdev);
17fa4b9d
JH		 2539
2540 hdev->io_capability = cp->io_capability;
2541
2542 BT_DBG("%s IO capability set to 0x%02x", hdev->name,
8ce8e2b5 2543 hdev->io_capability);
17fa4b9d 2544
09fd0de5 2545 hci_dev_unlock(hdev);
17fa4b9d 2546
04124681
GP		 2547 return cmd_complete(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY, 0, NULL,
2548 0);
17fa4b9d
JH		 2549}
2550
6039aa73 2551static struct pending_cmd *find_pairing(struct hci_conn *conn)
e9a416b5
JH		 2552{
2553 struct hci_dev *hdev = conn->hdev;
8035ded4 2554 struct pending_cmd *cmd;
e9a416b5 2555
2e58ef3e 2556 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
e9a416b5
JH		 2557 if (cmd->opcode != MGMT_OP_PAIR_DEVICE)
2558 continue;
2559
e9a416b5
JH		 2560 if (cmd->user_data != conn)
2561 continue;
2562
2563 return cmd;
2564 }
2565
2566 return NULL;
2567}
2568
2569static void pairing_complete(struct pending_cmd *cmd, u8 status)
2570{
2571 struct mgmt_rp_pair_device rp;
2572 struct hci_conn *conn = cmd->user_data;
2573
ba4e564f 2574 bacpy(&rp.addr.bdaddr, &conn->dst);
57c1477c 2575 rp.addr.type = link_to_bdaddr(conn->type, conn->dst_type);
e9a416b5 2576
aee9b218 2577 cmd_complete(cmd->sk, cmd->index, MGMT_OP_PAIR_DEVICE, status,
04124681 2578 &rp, sizeof(rp));
e9a416b5
JH		 2579
2580 /* So we don't get further callbacks for this connection */
2581 conn->connect_cfm_cb = NULL;
2582 conn->security_cfm_cb = NULL;
2583 conn->disconn_cfm_cb = NULL;
2584
76a68ba0 2585 hci_conn_drop(conn);
e9a416b5 2586
a664b5bc 2587 mgmt_pending_remove(cmd);
e9a416b5
JH		 2588}
2589
2590static void pairing_complete_cb(struct hci_conn *conn, u8 status)
2591{
2592 struct pending_cmd *cmd;
2593
2594 BT_DBG("status %u", status);
2595
2596 cmd = find_pairing(conn);
56e5cb86 2597 if (!cmd)
e9a416b5 2598 BT_DBG("Unable to find a pending command");
56e5cb86 2599 else
e211326c 2600 pairing_complete(cmd, mgmt_status(status));
e9a416b5
JH		 2601}
2602
4c47d739
VA		 2603static void le_connect_complete_cb(struct hci_conn *conn, u8 status)
2604{
2605 struct pending_cmd *cmd;
2606
2607 BT_DBG("status %u", status);
2608
2609 if (!status)
2610 return;
2611
2612 cmd = find_pairing(conn);
2613 if (!cmd)
2614 BT_DBG("Unable to find a pending command");
2615 else
2616 pairing_complete(cmd, mgmt_status(status));
2617}
2618
bdb6d971 2619static int pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2620 u16 len)
e9a416b5 2621{
650f726d 2622 struct mgmt_cp_pair_device *cp = data;
1425acb7 2623 struct mgmt_rp_pair_device rp;
e9a416b5
JH		 2624 struct pending_cmd *cmd;
2625 u8 sec_level, auth_type;
2626 struct hci_conn *conn;
e9a416b5
JH		 2627 int err;
2628
2629 BT_DBG("");
2630
f950a30e
SJ		 2631 memset(&rp, 0, sizeof(rp));
2632 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2633 rp.addr.type = cp->addr.type;
2634
4ee71b20
JH		 2635 if (!bdaddr_type_is_valid(cp->addr.type))
2636 return cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2637 MGMT_STATUS_INVALID_PARAMS,
2638 &rp, sizeof(rp));
2639
09fd0de5 2640 hci_dev_lock(hdev);
e9a416b5 2641
5f97c1df 2642 if (!hdev_is_powered(hdev)) {
f950a30e
SJ		 2643 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2644 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
5f97c1df
JH		 2645 goto unlock;
2646 }
2647
c908df36
VCG		 2648 sec_level = BT_SECURITY_MEDIUM;
2649 if (cp->io_cap == 0x03)
e9a416b5 2650 auth_type = HCI_AT_DEDICATED_BONDING;
c908df36 2651 else
e9a416b5 2652 auth_type = HCI_AT_DEDICATED_BONDING_MITM;
e9a416b5 2653
591f47f3 2654 if (cp->addr.type == BDADDR_BREDR)
b12f62cf
AG		 2655 conn = hci_connect(hdev, ACL_LINK, &cp->addr.bdaddr,
2656 cp->addr.type, sec_level, auth_type);
7a512d01 2657 else
b12f62cf
AG		 2658 conn = hci_connect(hdev, LE_LINK, &cp->addr.bdaddr,
2659 cp->addr.type, sec_level, auth_type);
7a512d01 2660
30e76272 2661 if (IS_ERR(conn)) {
489dc48e
AK		 2662 int status;
2663
2664 if (PTR_ERR(conn) == -EBUSY)
2665 status = MGMT_STATUS_BUSY;
2666 else
2667 status = MGMT_STATUS_CONNECT_FAILED;
2668
bdb6d971 2669 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
489dc48e 2670 status, &rp,
04124681 2671 sizeof(rp));
e9a416b5
JH		 2672 goto unlock;
2673 }
2674
2675 if (conn->connect_cfm_cb) {
76a68ba0 2676 hci_conn_drop(conn);
bdb6d971 2677 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
04124681 2678 MGMT_STATUS_BUSY, &rp, sizeof(rp));
e9a416b5
JH		 2679 goto unlock;
2680 }
2681
2e58ef3e 2682 cmd = mgmt_pending_add(sk, MGMT_OP_PAIR_DEVICE, hdev, data, len);
e9a416b5
JH		 2683 if (!cmd) {
2684 err = -ENOMEM;
76a68ba0 2685 hci_conn_drop(conn);
e9a416b5
JH		 2686 goto unlock;
2687 }
2688
7a512d01 2689 /* For LE, just connecting isn't a proof that the pairing finished */
591f47f3 2690 if (cp->addr.type == BDADDR_BREDR)
7a512d01 2691 conn->connect_cfm_cb = pairing_complete_cb;
4c47d739
VA		 2692 else
2693 conn->connect_cfm_cb = le_connect_complete_cb;
7a512d01 2694
e9a416b5
JH		 2695 conn->security_cfm_cb = pairing_complete_cb;
2696 conn->disconn_cfm_cb = pairing_complete_cb;
2697 conn->io_capability = cp->io_cap;
2698 cmd->user_data = conn;
2699
2700 if (conn->state == BT_CONNECTED &&
8ce8e2b5 2701 hci_conn_security(conn, sec_level, auth_type))
e9a416b5
JH		 2702 pairing_complete(cmd, 0);
2703
2704 err = 0;
2705
2706unlock:
09fd0de5 2707 hci_dev_unlock(hdev);
e9a416b5
JH		 2708 return err;
2709}
2710
04124681
GP		 2711static int cancel_pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
2712 u16 len)
28424707 2713{
0f4e68cf 2714 struct mgmt_addr_info *addr = data;
28424707
JH		 2715 struct pending_cmd *cmd;
2716 struct hci_conn *conn;
2717 int err;
2718
2719 BT_DBG("");
2720
28424707
JH		 2721 hci_dev_lock(hdev);
2722
5f97c1df 2723 if (!hdev_is_powered(hdev)) {
bdb6d971 2724 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
04124681 2725 MGMT_STATUS_NOT_POWERED);
5f97c1df
JH		 2726 goto unlock;
2727 }
2728
28424707
JH		 2729 cmd = mgmt_pending_find(MGMT_OP_PAIR_DEVICE, hdev);
2730 if (!cmd) {
bdb6d971 2731 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
04124681 2732 MGMT_STATUS_INVALID_PARAMS);
28424707
JH		 2733 goto unlock;
2734 }
2735
2736 conn = cmd->user_data;
2737
2738 if (bacmp(&addr->bdaddr, &conn->dst) != 0) {
bdb6d971 2739 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
04124681 2740 MGMT_STATUS_INVALID_PARAMS);
28424707
JH		 2741 goto unlock;
2742 }
2743
2744 pairing_complete(cmd, MGMT_STATUS_CANCELLED);
2745
bdb6d971 2746 err = cmd_complete(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE, 0,
04124681 2747 addr, sizeof(*addr));
28424707
JH		 2748unlock:
2749 hci_dev_unlock(hdev);
28424707
JH		 2750 return err;
2751}
2752
bdb6d971 2753static int user_pairing_resp(struct sock *sk, struct hci_dev *hdev,
1707c60e 2754 struct mgmt_addr_info *addr, u16 mgmt_op,
04124681 2755 u16 hci_op, __le32 passkey)
a5c29683 2756{
a5c29683 2757 struct pending_cmd *cmd;
0df4c185 2758 struct hci_conn *conn;
a5c29683
JH		 2759 int err;
2760
09fd0de5 2761 hci_dev_lock(hdev);
08ba5382 2762
4b34ee78 2763 if (!hdev_is_powered(hdev)) {
feb94d3d
JH		 2764 err = cmd_complete(sk, hdev->id, mgmt_op,
2765 MGMT_STATUS_NOT_POWERED, addr,
2766 sizeof(*addr));
0df4c185 2767 goto done;
a5c29683
JH		 2768 }
2769
1707c60e
JH		 2770 if (addr->type == BDADDR_BREDR)
2771 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &addr->bdaddr);
272d90df 2772 else
1707c60e 2773 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &addr->bdaddr);
272d90df
JH		 2774
2775 if (!conn) {
feb94d3d
JH		 2776 err = cmd_complete(sk, hdev->id, mgmt_op,
2777 MGMT_STATUS_NOT_CONNECTED, addr,
2778 sizeof(*addr));
272d90df
JH		 2779 goto done;
2780 }
47c15e2b 2781
1707c60e 2782 if (addr->type == BDADDR_LE_PUBLIC || addr->type == BDADDR_LE_RANDOM) {
47c15e2b 2783 /* Continue with pairing via SMP */
5fe57d9e
BG		 2784 err = smp_user_confirm_reply(conn, mgmt_op, passkey);
2785
2786 if (!err)
feb94d3d
JH		 2787 err = cmd_complete(sk, hdev->id, mgmt_op,
2788 MGMT_STATUS_SUCCESS, addr,
2789 sizeof(*addr));
5fe57d9e 2790 else
feb94d3d
JH		 2791 err = cmd_complete(sk, hdev->id, mgmt_op,
2792 MGMT_STATUS_FAILED, addr,
2793 sizeof(*addr));
47c15e2b 2794
47c15e2b
BG		 2795 goto done;
2796 }
2797
1707c60e 2798 cmd = mgmt_pending_add(sk, mgmt_op, hdev, addr, sizeof(*addr));
a5c29683
JH		 2799 if (!cmd) {
2800 err = -ENOMEM;
0df4c185 2801 goto done;
a5c29683
JH		 2802 }
2803
0df4c185 2804 /* Continue with pairing via HCI */
604086b7
BG		 2805 if (hci_op == HCI_OP_USER_PASSKEY_REPLY) {
2806 struct hci_cp_user_passkey_reply cp;
2807
1707c60e 2808 bacpy(&cp.bdaddr, &addr->bdaddr);
604086b7
BG		 2809 cp.passkey = passkey;
2810 err = hci_send_cmd(hdev, hci_op, sizeof(cp), &cp);
2811 } else
1707c60e
JH		 2812 err = hci_send_cmd(hdev, hci_op, sizeof(addr->bdaddr),
2813 &addr->bdaddr);
604086b7 2814
a664b5bc
JH		 2815 if (err < 0)
2816 mgmt_pending_remove(cmd);
a5c29683 2817
0df4c185 2818done:
09fd0de5 2819 hci_dev_unlock(hdev);
a5c29683
JH		 2820 return err;
2821}
2822
afeb019d
JK		 2823static int pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
2824 void *data, u16 len)
2825{
2826 struct mgmt_cp_pin_code_neg_reply *cp = data;
2827
2828 BT_DBG("");
2829
1707c60e 2830 return user_pairing_resp(sk, hdev, &cp->addr,
afeb019d
JK		 2831 MGMT_OP_PIN_CODE_NEG_REPLY,
2832 HCI_OP_PIN_CODE_NEG_REPLY, 0);
2833}
2834
04124681
GP		 2835static int user_confirm_reply(struct sock *sk, struct hci_dev *hdev, void *data,
2836 u16 len)
0df4c185 2837{
650f726d 2838 struct mgmt_cp_user_confirm_reply *cp = data;
0df4c185
BG		 2839
2840 BT_DBG("");
2841
2842 if (len != sizeof(*cp))
bdb6d971 2843 return cmd_status(sk, hdev->id, MGMT_OP_USER_CONFIRM_REPLY,
04124681 2844 MGMT_STATUS_INVALID_PARAMS);
0df4c185 2845
1707c60e 2846 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 2847 MGMT_OP_USER_CONFIRM_REPLY,
2848 HCI_OP_USER_CONFIRM_REPLY, 0);
0df4c185
BG		 2849}
2850
bdb6d971 2851static int user_confirm_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 2852 void *data, u16 len)
0df4c185 2853{
c9c2659f 2854 struct mgmt_cp_user_confirm_neg_reply *cp = data;
0df4c185
BG		 2855
2856 BT_DBG("");
2857
1707c60e 2858 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 2859 MGMT_OP_USER_CONFIRM_NEG_REPLY,
2860 HCI_OP_USER_CONFIRM_NEG_REPLY, 0);
0df4c185
BG		 2861}
2862
04124681
GP		 2863static int user_passkey_reply(struct sock *sk, struct hci_dev *hdev, void *data,
2864 u16 len)
604086b7 2865{
650f726d 2866 struct mgmt_cp_user_passkey_reply *cp = data;
604086b7
BG		 2867
2868 BT_DBG("");
2869
1707c60e 2870 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 2871 MGMT_OP_USER_PASSKEY_REPLY,
2872 HCI_OP_USER_PASSKEY_REPLY, cp->passkey);
604086b7
BG		 2873}
2874
bdb6d971 2875static int user_passkey_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 2876 void *data, u16 len)
604086b7 2877{
650f726d 2878 struct mgmt_cp_user_passkey_neg_reply *cp = data;
604086b7
BG		 2879
2880 BT_DBG("");
2881
1707c60e 2882 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 2883 MGMT_OP_USER_PASSKEY_NEG_REPLY,
2884 HCI_OP_USER_PASSKEY_NEG_REPLY, 0);
604086b7
BG		 2885}
2886
13928971 2887static void update_name(struct hci_request *req)
2b4bf397 2888{
13928971 2889 struct hci_dev *hdev = req->hdev;
2b4bf397
JH		 2890 struct hci_cp_write_local_name cp;
2891
13928971 2892 memcpy(cp.name, hdev->dev_name, sizeof(cp.name));
2b4bf397 2893
890ea898 2894 hci_req_add(req, HCI_OP_WRITE_LOCAL_NAME, sizeof(cp), &cp);
2b4bf397
JH		 2895}
2896
13928971
JH		 2897static void set_name_complete(struct hci_dev *hdev, u8 status)
2898{
2899 struct mgmt_cp_set_local_name *cp;
2900 struct pending_cmd *cmd;
2901
2902 BT_DBG("status 0x%02x", status);
2903
2904 hci_dev_lock(hdev);
2905
2906 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
2907 if (!cmd)
2908 goto unlock;
2909
2910 cp = cmd->param;
2911
2912 if (status)
2913 cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME,
2914 mgmt_status(status));
2915 else
2916 cmd_complete(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
2917 cp, sizeof(*cp));
2918
2919 mgmt_pending_remove(cmd);
2920
2921unlock:
2922 hci_dev_unlock(hdev);
2923}
2924
bdb6d971 2925static int set_local_name(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2926 u16 len)
b312b161 2927{
2b4bf397 2928 struct mgmt_cp_set_local_name *cp = data;
b312b161 2929 struct pending_cmd *cmd;
890ea898 2930 struct hci_request req;
b312b161
JH		 2931 int err;
2932
2933 BT_DBG("");
2934
09fd0de5 2935 hci_dev_lock(hdev);
b312b161 2936
b3f2ca94
JH		 2937 /* If the old values are the same as the new ones just return a
2938 * direct command complete event.
2939 */
2940 if (!memcmp(hdev->dev_name, cp->name, sizeof(hdev->dev_name)) &&
2941 !memcmp(hdev->short_name, cp->short_name,
2942 sizeof(hdev->short_name))) {
2943 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
2944 data, len);
2945 goto failed;
2946 }
2947
2b4bf397 2948 memcpy(hdev->short_name, cp->short_name, sizeof(hdev->short_name));
28cc7bde 2949
b5235a65 2950 if (!hdev_is_powered(hdev)) {
2b4bf397 2951 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
28cc7bde
JH		 2952
2953 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
04124681 2954 data, len);
28cc7bde
JH		 2955 if (err < 0)
2956 goto failed;
2957
2958 err = mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, data, len,
04124681 2959 sk);
28cc7bde 2960
b5235a65
JH		 2961 goto failed;
2962 }
2963
28cc7bde 2964 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LOCAL_NAME, hdev, data, len);
b312b161
JH		 2965 if (!cmd) {
2966 err = -ENOMEM;
2967 goto failed;
2968 }
2969
13928971
JH		 2970 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
2971
890ea898 2972 hci_req_init(&req, hdev);
3f985050
JH		 2973
2974 if (lmp_bredr_capable(hdev)) {
2975 update_name(&req);
2976 update_eir(&req);
2977 }
2978
7a5f4990
MH		 2979 /* The name is stored in the scan response data and so
2980 * no need to udpate the advertising data here.
2981 */
3f985050 2982 if (lmp_le_capable(hdev))
7a5f4990 2983 update_scan_rsp_data(&req);
3f985050 2984
13928971 2985 err = hci_req_run(&req, set_name_complete);
b312b161
JH		 2986 if (err < 0)
2987 mgmt_pending_remove(cmd);
2988
2989failed:
09fd0de5 2990 hci_dev_unlock(hdev);
b312b161
JH		 2991 return err;
2992}
2993
0f4e68cf 2994static int read_local_oob_data(struct sock *sk, struct hci_dev *hdev,
04124681 2995 void *data, u16 data_len)
c35938b2 2996{
c35938b2
SJ		 2997 struct pending_cmd *cmd;
2998 int err;
2999
bdb6d971 3000 BT_DBG("%s", hdev->name);
c35938b2 3001
09fd0de5 3002 hci_dev_lock(hdev);
c35938b2 3003
4b34ee78 3004 if (!hdev_is_powered(hdev)) {
bdb6d971 3005 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
04124681 3006 MGMT_STATUS_NOT_POWERED);
c35938b2
SJ		 3007 goto unlock;
3008 }
3009
9a1a1996 3010 if (!lmp_ssp_capable(hdev)) {
bdb6d971 3011 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
04124681 3012 MGMT_STATUS_NOT_SUPPORTED);
c35938b2
SJ		 3013 goto unlock;
3014 }
3015
2e58ef3e 3016 if (mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev)) {
bdb6d971 3017 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
04124681 3018 MGMT_STATUS_BUSY);
c35938b2
SJ		 3019 goto unlock;
3020 }
3021
2e58ef3e 3022 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_DATA, hdev, NULL, 0);
c35938b2
SJ		 3023 if (!cmd) {
3024 err = -ENOMEM;
3025 goto unlock;
3026 }
3027
3028 err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL);
3029 if (err < 0)
3030 mgmt_pending_remove(cmd);
3031
3032unlock:
09fd0de5 3033 hci_dev_unlock(hdev);
c35938b2
SJ		 3034 return err;
3035}
3036
bdb6d971 3037static int add_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
04124681 3038 void *data, u16 len)
2763eda6 3039{
650f726d 3040 struct mgmt_cp_add_remote_oob_data *cp = data;
bf1e3541 3041 u8 status;
2763eda6
SJ		 3042 int err;
3043
bdb6d971 3044 BT_DBG("%s ", hdev->name);
2763eda6 3045
09fd0de5 3046 hci_dev_lock(hdev);
2763eda6 3047
664ce4cc 3048 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr, cp->hash,
04124681 3049 cp->randomizer);
2763eda6 3050 if (err < 0)
bf1e3541 3051 status = MGMT_STATUS_FAILED;
2763eda6 3052 else
a6785be2 3053 status = MGMT_STATUS_SUCCESS;
bf1e3541 3054
bdb6d971 3055 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA, status,
04124681 3056 &cp->addr, sizeof(cp->addr));
2763eda6 3057
09fd0de5 3058 hci_dev_unlock(hdev);
2763eda6
SJ		 3059 return err;
3060}
3061
bdb6d971 3062static int remove_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
8ce8e2b5 3063 void *data, u16 len)
2763eda6 3064{
650f726d 3065 struct mgmt_cp_remove_remote_oob_data *cp = data;
bf1e3541 3066 u8 status;
2763eda6
SJ		 3067 int err;
3068
bdb6d971 3069 BT_DBG("%s", hdev->name);
2763eda6 3070
09fd0de5 3071 hci_dev_lock(hdev);
2763eda6 3072
664ce4cc 3073 err = hci_remove_remote_oob_data(hdev, &cp->addr.bdaddr);
2763eda6 3074 if (err < 0)
bf1e3541 3075 status = MGMT_STATUS_INVALID_PARAMS;
2763eda6 3076 else
a6785be2 3077 status = MGMT_STATUS_SUCCESS;
bf1e3541 3078
bdb6d971 3079 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
04124681 3080 status, &cp->addr, sizeof(cp->addr));
2763eda6 3081
09fd0de5 3082 hci_dev_unlock(hdev);
2763eda6
SJ		 3083 return err;
3084}
3085
41dc2bd6
AG		 3086static int mgmt_start_discovery_failed(struct hci_dev *hdev, u8 status)
3087{
3088 struct pending_cmd *cmd;
3089 u8 type;
3090 int err;
3091
3092 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
3093
3094 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
3095 if (!cmd)
3096 return -ENOENT;
3097
3098 type = hdev->discovery.type;
3099
3100 err = cmd_complete(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status),
3101 &type, sizeof(type));
3102 mgmt_pending_remove(cmd);
3103
3104 return err;
3105}
3106
7c307720
AG		 3107static void start_discovery_complete(struct hci_dev *hdev, u8 status)
3108{
3109 BT_DBG("status %d", status);
3110
3111 if (status) {
3112 hci_dev_lock(hdev);
3113 mgmt_start_discovery_failed(hdev, status);
3114 hci_dev_unlock(hdev);
3115 return;
3116 }
3117
3118 hci_dev_lock(hdev);
3119 hci_discovery_set_state(hdev, DISCOVERY_FINDING);
3120 hci_dev_unlock(hdev);
3121
3122 switch (hdev->discovery.type) {
3123 case DISCOV_TYPE_LE:
3124 queue_delayed_work(hdev->workqueue, &hdev->le_scan_disable,
0d8cc935 3125 DISCOV_LE_TIMEOUT);
7c307720
AG		 3126 break;
3127
3128 case DISCOV_TYPE_INTERLEAVED:
3129 queue_delayed_work(hdev->workqueue, &hdev->le_scan_disable,
0d8cc935 3130 DISCOV_INTERLEAVED_TIMEOUT);
7c307720
AG		 3131 break;
3132
3133 case DISCOV_TYPE_BREDR:
3134 break;
3135
3136 default:
3137 BT_ERR("Invalid discovery type %d", hdev->discovery.type);
3138 }
3139}
3140
bdb6d971 3141static int start_discovery(struct sock *sk, struct hci_dev *hdev,
04124681 3142 void *data, u16 len)
14a53664 3143{
650f726d 3144 struct mgmt_cp_start_discovery *cp = data;
14a53664 3145 struct pending_cmd *cmd;
7c307720
AG		 3146 struct hci_cp_le_set_scan_param param_cp;
3147 struct hci_cp_le_set_scan_enable enable_cp;
3148 struct hci_cp_inquiry inq_cp;
3149 struct hci_request req;
3150 /* General inquiry access code (GIAC) */
3151 u8 lap[3] = { 0x33, 0x8b, 0x9e };
e6fe7986 3152 u8 status;
14a53664
JH		 3153 int err;
3154
bdb6d971 3155 BT_DBG("%s", hdev->name);
14a53664 3156
09fd0de5 3157 hci_dev_lock(hdev);
14a53664 3158
4b34ee78 3159 if (!hdev_is_powered(hdev)) {
bdb6d971 3160 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
04124681 3161 MGMT_STATUS_NOT_POWERED);
bd2d1334
JH		 3162 goto failed;
3163 }
3164
642be6c7
AG		 3165 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags)) {
3166 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3167 MGMT_STATUS_BUSY);
3168 goto failed;
3169 }
3170
ff9ef578 3171 if (hdev->discovery.state != DISCOVERY_STOPPED) {
bdb6d971 3172 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
04124681 3173 MGMT_STATUS_BUSY);
ff9ef578
JH		 3174 goto failed;
3175 }
3176
2e58ef3e 3177 cmd = mgmt_pending_add(sk, MGMT_OP_START_DISCOVERY, hdev, NULL, 0);
14a53664
JH		 3178 if (!cmd) {
3179 err = -ENOMEM;
3180 goto failed;
3181 }
3182
4aab14e5
AG		 3183 hdev->discovery.type = cp->type;
3184
7c307720
AG		 3185 hci_req_init(&req, hdev);
3186
4aab14e5 3187 switch (hdev->discovery.type) {
f39799f5 3188 case DISCOV_TYPE_BREDR:
e6fe7986
JH		 3189 status = mgmt_bredr_support(hdev);
3190 if (status) {
04106755 3191 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
e6fe7986 3192 status);
04106755
JH		 3193 mgmt_pending_remove(cmd);
3194 goto failed;
3195 }
3196
7c307720
AG		 3197 if (test_bit(HCI_INQUIRY, &hdev->flags)) {
3198 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3199 MGMT_STATUS_BUSY);
3200 mgmt_pending_remove(cmd);
3201 goto failed;
3202 }
3203
3204 hci_inquiry_cache_flush(hdev);
3205
3206 memset(&inq_cp, 0, sizeof(inq_cp));
3207 memcpy(&inq_cp.lap, lap, sizeof(inq_cp.lap));
0d8cc935 3208 inq_cp.length = DISCOV_BREDR_INQUIRY_LEN;
7c307720 3209 hci_req_add(&req, HCI_OP_INQUIRY, sizeof(inq_cp), &inq_cp);
f39799f5
AG		 3210 break;
3211
3212 case DISCOV_TYPE_LE:
7c307720 3213 case DISCOV_TYPE_INTERLEAVED:
e6fe7986
JH		 3214 status = mgmt_le_support(hdev);
3215 if (status) {
04106755 3216 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
e6fe7986 3217 status);
04106755
JH		 3218 mgmt_pending_remove(cmd);
3219 goto failed;
3220 }
3221
7c307720 3222 if (hdev->discovery.type == DISCOV_TYPE_INTERLEAVED &&
56f87901 3223 !test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
04106755
JH		 3224 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3225 MGMT_STATUS_NOT_SUPPORTED);
3226 mgmt_pending_remove(cmd);
3227 goto failed;
3228 }
3229
f3d3444a 3230 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags)) {
7c307720
AG		 3231 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3232 MGMT_STATUS_REJECTED);
3233 mgmt_pending_remove(cmd);
3234 goto failed;
3235 }
3236
3237 if (test_bit(HCI_LE_SCAN, &hdev->dev_flags)) {
3238 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3239 MGMT_STATUS_BUSY);
3240 mgmt_pending_remove(cmd);
3241 goto failed;
3242 }
3243
3244 memset(&param_cp, 0, sizeof(param_cp));
3245 param_cp.type = LE_SCAN_ACTIVE;
0d8cc935
AG		 3246 param_cp.interval = cpu_to_le16(DISCOV_LE_SCAN_INT);
3247 param_cp.window = cpu_to_le16(DISCOV_LE_SCAN_WIN);
79830f66 3248 param_cp.own_address_type = hdev->own_addr_type;
7c307720
AG		 3249 hci_req_add(&req, HCI_OP_LE_SET_SCAN_PARAM, sizeof(param_cp),
3250 &param_cp);
3251
3252 memset(&enable_cp, 0, sizeof(enable_cp));
3253 enable_cp.enable = LE_SCAN_ENABLE;
3254 enable_cp.filter_dup = LE_SCAN_FILTER_DUP_ENABLE;
3255 hci_req_add(&req, HCI_OP_LE_SET_SCAN_ENABLE, sizeof(enable_cp),
3256 &enable_cp);
5e0452c0
AG		 3257 break;
3258
f39799f5 3259 default:
04106755
JH		 3260 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3261 MGMT_STATUS_INVALID_PARAMS);
3262 mgmt_pending_remove(cmd);
3263 goto failed;
f39799f5 3264 }
3fd24153 3265
7c307720 3266 err = hci_req_run(&req, start_discovery_complete);
14a53664
JH		 3267 if (err < 0)
3268 mgmt_pending_remove(cmd);
ff9ef578
JH		 3269 else
3270 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
14a53664
JH		 3271
3272failed:
09fd0de5 3273 hci_dev_unlock(hdev);
14a53664
JH		 3274 return err;
3275}
3276
1183fdca
AG		 3277static int mgmt_stop_discovery_failed(struct hci_dev *hdev, u8 status)
3278{
3279 struct pending_cmd *cmd;
3280 int err;
3281
3282 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
3283 if (!cmd)
3284 return -ENOENT;
3285
3286 err = cmd_complete(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status),
3287 &hdev->discovery.type, sizeof(hdev->discovery.type));
3288 mgmt_pending_remove(cmd);
3289
3290 return err;
3291}
3292
0e05bba6
AG		 3293static void stop_discovery_complete(struct hci_dev *hdev, u8 status)
3294{
3295 BT_DBG("status %d", status);
3296
3297 hci_dev_lock(hdev);
3298
3299 if (status) {
3300 mgmt_stop_discovery_failed(hdev, status);
3301 goto unlock;
3302 }
3303
3304 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
3305
3306unlock:
3307 hci_dev_unlock(hdev);
3308}
3309
bdb6d971 3310static int stop_discovery(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3311 u16 len)
14a53664 3312{
d930650b 3313 struct mgmt_cp_stop_discovery *mgmt_cp = data;
14a53664 3314 struct pending_cmd *cmd;
30dc78e1
JH		 3315 struct hci_cp_remote_name_req_cancel cp;
3316 struct inquiry_entry *e;
0e05bba6
AG		 3317 struct hci_request req;
3318 struct hci_cp_le_set_scan_enable enable_cp;
14a53664
JH		 3319 int err;
3320
bdb6d971 3321 BT_DBG("%s", hdev->name);
14a53664 3322
09fd0de5 3323 hci_dev_lock(hdev);
14a53664 3324
30dc78e1 3325 if (!hci_discovery_active(hdev)) {
bdb6d971 3326 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
04124681
GP		 3327 MGMT_STATUS_REJECTED, &mgmt_cp->type,
3328 sizeof(mgmt_cp->type));
d930650b
JH		 3329 goto unlock;
3330 }
3331
3332 if (hdev->discovery.type != mgmt_cp->type) {
bdb6d971 3333 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
04124681
GP		 3334 MGMT_STATUS_INVALID_PARAMS, &mgmt_cp->type,
3335 sizeof(mgmt_cp->type));
30dc78e1 3336 goto unlock;
ff9ef578
JH		 3337 }
3338
2e58ef3e 3339 cmd = mgmt_pending_add(sk, MGMT_OP_STOP_DISCOVERY, hdev, NULL, 0);
14a53664
JH		 3340 if (!cmd) {
3341 err = -ENOMEM;
30dc78e1
JH		 3342 goto unlock;
3343 }
3344
0e05bba6
AG		 3345 hci_req_init(&req, hdev);
3346
e0d9727e
AG		 3347 switch (hdev->discovery.state) {
3348 case DISCOVERY_FINDING:
0e05bba6
AG		 3349 if (test_bit(HCI_INQUIRY, &hdev->flags)) {
3350 hci_req_add(&req, HCI_OP_INQUIRY_CANCEL, 0, NULL);
3351 } else {
3352 cancel_delayed_work(&hdev->le_scan_disable);
3353
3354 memset(&enable_cp, 0, sizeof(enable_cp));
3355 enable_cp.enable = LE_SCAN_DISABLE;
3356 hci_req_add(&req, HCI_OP_LE_SET_SCAN_ENABLE,
3357 sizeof(enable_cp), &enable_cp);
3358 }
c9ecc48e 3359
e0d9727e
AG		 3360 break;
3361
3362 case DISCOVERY_RESOLVING:
3363 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY,
8ce8e2b5 3364 NAME_PENDING);
e0d9727e 3365 if (!e) {
30dc78e1 3366 mgmt_pending_remove(cmd);
e0d9727e
AG		 3367 err = cmd_complete(sk, hdev->id,
3368 MGMT_OP_STOP_DISCOVERY, 0,
3369 &mgmt_cp->type,
3370 sizeof(mgmt_cp->type));
3371 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
3372 goto unlock;
3373 }
30dc78e1 3374
e0d9727e 3375 bacpy(&cp.bdaddr, &e->data.bdaddr);
0e05bba6
AG		 3376 hci_req_add(&req, HCI_OP_REMOTE_NAME_REQ_CANCEL, sizeof(cp),
3377 &cp);
e0d9727e
AG		 3378
3379 break;
3380
3381 default:
3382 BT_DBG("unknown discovery state %u", hdev->discovery.state);
0e05bba6
AG		 3383
3384 mgmt_pending_remove(cmd);
3385 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
3386 MGMT_STATUS_FAILED, &mgmt_cp->type,
3387 sizeof(mgmt_cp->type));
3388 goto unlock;
14a53664
JH		 3389 }
3390
0e05bba6 3391 err = hci_req_run(&req, stop_discovery_complete);
14a53664
JH		 3392 if (err < 0)
3393 mgmt_pending_remove(cmd);
ff9ef578
JH		 3394 else
3395 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
14a53664 3396
30dc78e1 3397unlock:
09fd0de5 3398 hci_dev_unlock(hdev);
14a53664
JH		 3399 return err;
3400}
3401
bdb6d971 3402static int confirm_name(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3403 u16 len)
561aafbc 3404{
650f726d 3405 struct mgmt_cp_confirm_name *cp = data;
561aafbc 3406 struct inquiry_entry *e;
561aafbc
JH		 3407 int err;
3408
bdb6d971 3409 BT_DBG("%s", hdev->name);
561aafbc 3410
561aafbc
JH		 3411 hci_dev_lock(hdev);
3412
30dc78e1 3413 if (!hci_discovery_active(hdev)) {
bdb6d971 3414 err = cmd_status(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
04124681 3415 MGMT_STATUS_FAILED);
30dc78e1
JH		 3416 goto failed;
3417 }
3418
a198e7b1 3419 e = hci_inquiry_cache_lookup_unknown(hdev, &cp->addr.bdaddr);
561aafbc 3420 if (!e) {
bdb6d971 3421 err = cmd_status(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
04124681 3422 MGMT_STATUS_INVALID_PARAMS);
561aafbc
JH		 3423 goto failed;
3424 }
3425
3426 if (cp->name_known) {
3427 e->name_state = NAME_KNOWN;
3428 list_del(&e->list);
3429 } else {
3430 e->name_state = NAME_NEEDED;
a3d4e20a 3431 hci_inquiry_cache_update_resolve(hdev, e);
561aafbc
JH		 3432 }
3433
e384662b
JH		 3434 err = cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME, 0, &cp->addr,
3435 sizeof(cp->addr));
561aafbc
JH		 3436
3437failed:
3438 hci_dev_unlock(hdev);
561aafbc
JH		 3439 return err;
3440}
3441
bdb6d971 3442static int block_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3443 u16 len)
7fbec224 3444{
650f726d 3445 struct mgmt_cp_block_device *cp = data;
f0eeea8b 3446 u8 status;
7fbec224
AJ		 3447 int err;
3448
bdb6d971 3449 BT_DBG("%s", hdev->name);
7fbec224 3450
4ee71b20 3451 if (!bdaddr_type_is_valid(cp->addr.type))
5d0846d4
JH		 3452 return cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE,
3453 MGMT_STATUS_INVALID_PARAMS,
3454 &cp->addr, sizeof(cp->addr));
4ee71b20 3455
09fd0de5 3456 hci_dev_lock(hdev);
5e762444 3457
88c1fe4b 3458 err = hci_blacklist_add(hdev, &cp->addr.bdaddr, cp->addr.type);
7fbec224 3459 if (err < 0)
f0eeea8b 3460 status = MGMT_STATUS_FAILED;
7fbec224 3461 else
a6785be2 3462 status = MGMT_STATUS_SUCCESS;
f0eeea8b 3463
bdb6d971 3464 err = cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE, status,
04124681 3465 &cp->addr, sizeof(cp->addr));
5e762444 3466
09fd0de5 3467 hci_dev_unlock(hdev);
7fbec224
AJ		 3468
3469 return err;
3470}
3471
bdb6d971 3472static int unblock_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3473 u16 len)
7fbec224 3474{
650f726d 3475 struct mgmt_cp_unblock_device *cp = data;
f0eeea8b 3476 u8 status;
7fbec224
AJ		 3477 int err;
3478
bdb6d971 3479 BT_DBG("%s", hdev->name);
7fbec224 3480
4ee71b20 3481 if (!bdaddr_type_is_valid(cp->addr.type))
5d0846d4
JH		 3482 return cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE,
3483 MGMT_STATUS_INVALID_PARAMS,
3484 &cp->addr, sizeof(cp->addr));
4ee71b20 3485
09fd0de5 3486 hci_dev_lock(hdev);
5e762444 3487
88c1fe4b 3488 err = hci_blacklist_del(hdev, &cp->addr.bdaddr, cp->addr.type);
7fbec224 3489 if (err < 0)
f0eeea8b 3490 status = MGMT_STATUS_INVALID_PARAMS;
7fbec224 3491 else
a6785be2 3492 status = MGMT_STATUS_SUCCESS;
f0eeea8b 3493
bdb6d971 3494 err = cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE, status,
04124681 3495 &cp->addr, sizeof(cp->addr));
5e762444 3496
09fd0de5 3497 hci_dev_unlock(hdev);
7fbec224
AJ		 3498
3499 return err;
3500}
3501
cdbaccca
MH		 3502static int set_device_id(struct sock *sk, struct hci_dev *hdev, void *data,
3503 u16 len)
3504{
3505 struct mgmt_cp_set_device_id *cp = data;
890ea898 3506 struct hci_request req;
cdbaccca 3507 int err;
c72d4b8a 3508 __u16 source;
cdbaccca
MH		 3509
3510 BT_DBG("%s", hdev->name);
3511
c72d4b8a
SJ		 3512 source = __le16_to_cpu(cp->source);
3513
3514 if (source > 0x0002)
3515 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEVICE_ID,
3516 MGMT_STATUS_INVALID_PARAMS);
3517
cdbaccca
MH		 3518 hci_dev_lock(hdev);
3519
c72d4b8a 3520 hdev->devid_source = source;
cdbaccca
MH		 3521 hdev->devid_vendor = __le16_to_cpu(cp->vendor);
3522 hdev->devid_product = __le16_to_cpu(cp->product);
3523 hdev->devid_version = __le16_to_cpu(cp->version);
3524
3525 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEVICE_ID, 0, NULL, 0);
3526
890ea898
JH		 3527 hci_req_init(&req, hdev);
3528 update_eir(&req);
3529 hci_req_run(&req, NULL);
cdbaccca
MH		 3530
3531 hci_dev_unlock(hdev);
3532
3533 return err;
3534}
3535
4375f103
JH		 3536static void set_advertising_complete(struct hci_dev *hdev, u8 status)
3537{
3538 struct cmd_lookup match = { NULL, hdev };
3539
3540 if (status) {
3541 u8 mgmt_err = mgmt_status(status);
3542
3543 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev,
3544 cmd_status_rsp, &mgmt_err);
3545 return;
3546 }
3547
3548 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev, settings_rsp,
3549 &match);
3550
3551 new_settings(hdev, match.sk);
3552
3553 if (match.sk)
3554 sock_put(match.sk);
3555}
3556
21b5187f
MH		 3557static int set_advertising(struct sock *sk, struct hci_dev *hdev, void *data,
3558 u16 len)
4375f103
JH		 3559{
3560 struct mgmt_mode *cp = data;
3561 struct pending_cmd *cmd;
3562 struct hci_request req;
e6fe7986 3563 u8 val, enabled, status;
4375f103
JH		 3564 int err;
3565
3566 BT_DBG("request for %s", hdev->name);
3567
e6fe7986
JH		 3568 status = mgmt_le_support(hdev);
3569 if (status)
4375f103 3570 return cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
e6fe7986 3571 status);
4375f103
JH		 3572
3573 if (cp->val != 0x00 && cp->val != 0x01)
3574 return cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
3575 MGMT_STATUS_INVALID_PARAMS);
3576
3577 hci_dev_lock(hdev);
3578
3579 val = !!cp->val;
f3d3444a 3580 enabled = test_bit(HCI_ADVERTISING, &hdev->dev_flags);
4375f103 3581
f74ca9b8
JH		 3582 /* The following conditions are ones which mean that we should
3583 * not do any HCI communication but directly send a mgmt
3584 * response to user space (after toggling the flag if
3585 * necessary).
3586 */
3587 if (!hdev_is_powered(hdev) || val == enabled ||
b145edcd 3588 hci_conn_num(hdev, LE_LINK) > 0) {
4375f103
JH		 3589 bool changed = false;
3590
f3d3444a
JH		 3591 if (val != test_bit(HCI_ADVERTISING, &hdev->dev_flags)) {
3592 change_bit(HCI_ADVERTISING, &hdev->dev_flags);
4375f103
JH		 3593 changed = true;
3594 }
3595
3596 err = send_settings_rsp(sk, MGMT_OP_SET_ADVERTISING, hdev);
3597 if (err < 0)
3598 goto unlock;
3599
3600 if (changed)
3601 err = new_settings(hdev, sk);
3602
3603 goto unlock;
3604 }
3605
3606 if (mgmt_pending_find(MGMT_OP_SET_ADVERTISING, hdev) ||
3607 mgmt_pending_find(MGMT_OP_SET_LE, hdev)) {
3608 err = cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
3609 MGMT_STATUS_BUSY);
3610 goto unlock;
3611 }
3612
3613 cmd = mgmt_pending_add(sk, MGMT_OP_SET_ADVERTISING, hdev, data, len);
3614 if (!cmd) {
3615 err = -ENOMEM;
3616 goto unlock;
3617 }
3618
3619 hci_req_init(&req, hdev);
3620
bba3aa55
MH		 3621 if (val)
3622 enable_advertising(&req);
3623 else
3624 disable_advertising(&req);
4375f103
JH		 3625
3626 err = hci_req_run(&req, set_advertising_complete);
3627 if (err < 0)
3628 mgmt_pending_remove(cmd);
3629
3630unlock:
3631 hci_dev_unlock(hdev);
3632 return err;
3633}
3634
d13eafce
MH		 3635static int set_static_address(struct sock *sk, struct hci_dev *hdev,
3636 void *data, u16 len)
3637{
3638 struct mgmt_cp_set_static_address *cp = data;
3639 int err;
3640
3641 BT_DBG("%s", hdev->name);
3642
62af4443 3643 if (!lmp_le_capable(hdev))
d13eafce 3644 return cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
62af4443 3645 MGMT_STATUS_NOT_SUPPORTED);
d13eafce
MH		 3646
3647 if (hdev_is_powered(hdev))
3648 return cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
3649 MGMT_STATUS_REJECTED);
3650
3651 if (bacmp(&cp->bdaddr, BDADDR_ANY)) {
3652 if (!bacmp(&cp->bdaddr, BDADDR_NONE))
3653 return cmd_status(sk, hdev->id,
3654 MGMT_OP_SET_STATIC_ADDRESS,
3655 MGMT_STATUS_INVALID_PARAMS);
3656
3657 /* Two most significant bits shall be set */
3658 if ((cp->bdaddr.b[5] & 0xc0) != 0xc0)
3659 return cmd_status(sk, hdev->id,
3660 MGMT_OP_SET_STATIC_ADDRESS,
3661 MGMT_STATUS_INVALID_PARAMS);
3662 }
3663
3664 hci_dev_lock(hdev);
3665
3666 bacpy(&hdev->static_addr, &cp->bdaddr);
3667
3668 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS, 0, NULL, 0);
3669
3670 hci_dev_unlock(hdev);
3671
3672 return err;
3673}
3674
14b49b9a
MH		 3675static int set_scan_params(struct sock *sk, struct hci_dev *hdev,
3676 void *data, u16 len)
3677{
3678 struct mgmt_cp_set_scan_params *cp = data;
3679 __u16 interval, window;
3680 int err;
3681
3682 BT_DBG("%s", hdev->name);
3683
3684 if (!lmp_le_capable(hdev))
3685 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
3686 MGMT_STATUS_NOT_SUPPORTED);
3687
3688 interval = __le16_to_cpu(cp->interval);
3689
3690 if (interval < 0x0004 || interval > 0x4000)
3691 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
3692 MGMT_STATUS_INVALID_PARAMS);
3693
3694 window = __le16_to_cpu(cp->window);
3695
3696 if (window < 0x0004 || window > 0x4000)
3697 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
3698 MGMT_STATUS_INVALID_PARAMS);
3699
899e1075
MH		 3700 if (window > interval)
3701 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
3702 MGMT_STATUS_INVALID_PARAMS);
3703
14b49b9a
MH		 3704 hci_dev_lock(hdev);
3705
3706 hdev->le_scan_interval = interval;
3707 hdev->le_scan_window = window;
3708
3709 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS, 0, NULL, 0);
3710
3711 hci_dev_unlock(hdev);
3712
3713 return err;
3714}
3715
33e38b3e
JH		 3716static void fast_connectable_complete(struct hci_dev *hdev, u8 status)
3717{
3718 struct pending_cmd *cmd;
3719
3720 BT_DBG("status 0x%02x", status);
3721
3722 hci_dev_lock(hdev);
3723
3724 cmd = mgmt_pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev);
3725 if (!cmd)
3726 goto unlock;
3727
3728 if (status) {
3729 cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
3730 mgmt_status(status));
3731 } else {
1a4d3c4b
JH		 3732 struct mgmt_mode *cp = cmd->param;
3733
3734 if (cp->val)
3735 set_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
3736 else
3737 clear_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
3738
33e38b3e
JH		 3739 send_settings_rsp(cmd->sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev);
3740 new_settings(hdev, cmd->sk);
3741 }
3742
3743 mgmt_pending_remove(cmd);
3744
3745unlock:
3746 hci_dev_unlock(hdev);
3747}
3748
bdb6d971 3749static int set_fast_connectable(struct sock *sk, struct hci_dev *hdev,
04124681 3750 void *data, u16 len)
f6422ec6 3751{
650f726d 3752 struct mgmt_mode *cp = data;
33e38b3e
JH		 3753 struct pending_cmd *cmd;
3754 struct hci_request req;
f6422ec6
AJ		 3755 int err;
3756
bdb6d971 3757 BT_DBG("%s", hdev->name);
f6422ec6 3758
56f87901
JH		 3759 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags) ||
3760 hdev->hci_ver < BLUETOOTH_VER_1_2)
33c525c0
JH		 3761 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
3762 MGMT_STATUS_NOT_SUPPORTED);
3763
a7e80f25
JH		 3764 if (cp->val != 0x00 && cp->val != 0x01)
3765 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
3766 MGMT_STATUS_INVALID_PARAMS);
3767
5400c044 3768 if (!hdev_is_powered(hdev))
bdb6d971 3769 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
04124681 3770 MGMT_STATUS_NOT_POWERED);
5400c044
JH		 3771
3772 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
bdb6d971 3773 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
04124681 3774 MGMT_STATUS_REJECTED);
f6422ec6
AJ		 3775
3776 hci_dev_lock(hdev);
3777
05cbf29f
JH		 3778 if (mgmt_pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev)) {
3779 err = cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
3780 MGMT_STATUS_BUSY);
3781 goto unlock;
3782 }
3783
1a4d3c4b
JH		 3784 if (!!cp->val == test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags)) {
3785 err = send_settings_rsp(sk, MGMT_OP_SET_FAST_CONNECTABLE,
3786 hdev);
3787 goto unlock;
3788 }
3789
33e38b3e
JH		 3790 cmd = mgmt_pending_add(sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev,
3791 data, len);
3792 if (!cmd) {
3793 err = -ENOMEM;
3794 goto unlock;
f6422ec6
AJ		 3795 }
3796
33e38b3e
JH		 3797 hci_req_init(&req, hdev);
3798
406d7804 3799 write_fast_connectable(&req, cp->val);
33e38b3e
JH		 3800
3801 err = hci_req_run(&req, fast_connectable_complete);
f6422ec6 3802 if (err < 0) {
bdb6d971 3803 err = cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
04124681 3804 MGMT_STATUS_FAILED);
33e38b3e 3805 mgmt_pending_remove(cmd);
f6422ec6
AJ		 3806 }
3807
33e38b3e 3808unlock:
f6422ec6 3809 hci_dev_unlock(hdev);
33e38b3e 3810
f6422ec6
AJ		 3811 return err;
3812}
3813
67e5a7a3
JH		 3814static void set_bredr_scan(struct hci_request *req)
3815{
3816 struct hci_dev *hdev = req->hdev;
3817 u8 scan = 0;
3818
3819 /* Ensure that fast connectable is disabled. This function will
3820 * not do anything if the page scan parameters are already what
3821 * they should be.
3822 */
3823 write_fast_connectable(req, false);
3824
3825 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
3826 scan |= SCAN_PAGE;
3827 if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
3828 scan |= SCAN_INQUIRY;
3829
3830 if (scan)
3831 hci_req_add(req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
3832}
3833
0663ca2a
JH		 3834static void set_bredr_complete(struct hci_dev *hdev, u8 status)
3835{
3836 struct pending_cmd *cmd;
3837
3838 BT_DBG("status 0x%02x", status);
3839
3840 hci_dev_lock(hdev);
3841
3842 cmd = mgmt_pending_find(MGMT_OP_SET_BREDR, hdev);
3843 if (!cmd)
3844 goto unlock;
3845
3846 if (status) {
3847 u8 mgmt_err = mgmt_status(status);
3848
3849 /* We need to restore the flag if related HCI commands
3850 * failed.
3851 */
3852 clear_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
3853
3854 cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
3855 } else {
3856 send_settings_rsp(cmd->sk, MGMT_OP_SET_BREDR, hdev);
3857 new_settings(hdev, cmd->sk);
3858 }
3859
3860 mgmt_pending_remove(cmd);
3861
3862unlock:
3863 hci_dev_unlock(hdev);
3864}
3865
3866static int set_bredr(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
3867{
3868 struct mgmt_mode *cp = data;
3869 struct pending_cmd *cmd;
3870 struct hci_request req;
3871 int err;
3872
3873 BT_DBG("request for %s", hdev->name);
3874
3875 if (!lmp_bredr_capable(hdev) || !lmp_le_capable(hdev))
3876 return cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
3877 MGMT_STATUS_NOT_SUPPORTED);
3878
3879 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
3880 return cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
3881 MGMT_STATUS_REJECTED);
3882
3883 if (cp->val != 0x00 && cp->val != 0x01)
3884 return cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
3885 MGMT_STATUS_INVALID_PARAMS);
3886
3887 hci_dev_lock(hdev);
3888
3889 if (cp->val == test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
3890 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
3891 goto unlock;
3892 }
3893
3894 if (!hdev_is_powered(hdev)) {
3895 if (!cp->val) {
0663ca2a
JH		 3896 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
3897 clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
3898 clear_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
3899 clear_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
3900 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
3901 }
3902
3903 change_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
3904
3905 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
3906 if (err < 0)
3907 goto unlock;
3908
3909 err = new_settings(hdev, sk);
3910 goto unlock;
3911 }
3912
3913 /* Reject disabling when powered on */
3914 if (!cp->val) {
3915 err = cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
3916 MGMT_STATUS_REJECTED);
3917 goto unlock;
3918 }
3919
3920 if (mgmt_pending_find(MGMT_OP_SET_BREDR, hdev)) {
3921 err = cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
3922 MGMT_STATUS_BUSY);
3923 goto unlock;
3924 }
3925
3926 cmd = mgmt_pending_add(sk, MGMT_OP_SET_BREDR, hdev, data, len);
3927 if (!cmd) {
3928 err = -ENOMEM;
3929 goto unlock;
3930 }
3931
5947f4bc 3932 /* We need to flip the bit already here so that update_adv_data
0663ca2a
JH		 3933 * generates the correct flags.
3934 */
3935 set_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
3936
3937 hci_req_init(&req, hdev);
aa8af46e
JH		 3938
3939 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
3940 set_bredr_scan(&req);
3941
f14d8f64
MH		 3942 /* Since only the advertising data flags will change, there
3943 * is no need to update the scan response data.
3944 */
5947f4bc 3945 update_adv_data(&req);
aa8af46e 3946
0663ca2a
JH		 3947 err = hci_req_run(&req, set_bredr_complete);
3948 if (err < 0)
3949 mgmt_pending_remove(cmd);
3950
3951unlock:
3952 hci_dev_unlock(hdev);
3953 return err;
3954}
3955
3f706b72
JH		 3956static bool ltk_is_valid(struct mgmt_ltk_info *key)
3957{
44b20d33
JH		 3958 if (key->authenticated != 0x00 && key->authenticated != 0x01)
3959 return false;
3f706b72
JH		 3960 if (key->master != 0x00 && key->master != 0x01)
3961 return false;
4ee71b20
JH		 3962 if (!bdaddr_type_is_le(key->addr.type))
3963 return false;
3f706b72
JH		 3964 return true;
3965}
3966
bdb6d971 3967static int load_long_term_keys(struct sock *sk, struct hci_dev *hdev,
04124681 3968 void *cp_data, u16 len)
346af67b 3969{
346af67b
VCG		 3970 struct mgmt_cp_load_long_term_keys *cp = cp_data;
3971 u16 key_count, expected_len;
715a5bf2 3972 int i, err;
346af67b 3973
cf99ba13
MH		 3974 BT_DBG("request for %s", hdev->name);
3975
3976 if (!lmp_le_capable(hdev))
3977 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
3978 MGMT_STATUS_NOT_SUPPORTED);
3979
1f350c87 3980 key_count = __le16_to_cpu(cp->key_count);
346af67b
VCG		 3981
3982 expected_len = sizeof(*cp) + key_count *
3983 sizeof(struct mgmt_ltk_info);
3984 if (expected_len != len) {
3985 BT_ERR("load_keys: expected %u bytes, got %u bytes",
8ce8e2b5 3986 len, expected_len);
bdb6d971 3987 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
e57e619f 3988 MGMT_STATUS_INVALID_PARAMS);
346af67b
VCG		 3989 }
3990
bdb6d971 3991 BT_DBG("%s key_count %u", hdev->name, key_count);
346af67b 3992
54ad6d8a
JH		 3993 for (i = 0; i < key_count; i++) {
3994 struct mgmt_ltk_info *key = &cp->keys[i];
3995
3f706b72 3996 if (!ltk_is_valid(key))
54ad6d8a
JH		 3997 return cmd_status(sk, hdev->id,
3998 MGMT_OP_LOAD_LONG_TERM_KEYS,
3999 MGMT_STATUS_INVALID_PARAMS);
4000 }
4001
346af67b
VCG		 4002 hci_dev_lock(hdev);
4003
4004 hci_smp_ltks_clear(hdev);
4005
4006 for (i = 0; i < key_count; i++) {
4007 struct mgmt_ltk_info *key = &cp->keys[i];
79d95a19
MH		 4008 u8 type, addr_type;
4009
4010 if (key->addr.type == BDADDR_LE_PUBLIC)
4011 addr_type = ADDR_LE_DEV_PUBLIC;
4012 else
4013 addr_type = ADDR_LE_DEV_RANDOM;
346af67b
VCG		 4014
4015 if (key->master)
4016 type = HCI_SMP_LTK;
4017 else
4018 type = HCI_SMP_LTK_SLAVE;
4019
79d95a19 4020 hci_add_ltk(hdev, &key->addr.bdaddr, addr_type,
04124681
GP		 4021 type, 0, key->authenticated, key->val,
4022 key->enc_size, key->ediv, key->rand);
346af67b
VCG		 4023 }
4024
715a5bf2
JH		 4025 err = cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS, 0,
4026 NULL, 0);
4027
346af67b 4028 hci_dev_unlock(hdev);
346af67b 4029
715a5bf2 4030 return err;
346af67b
VCG		 4031}
4032
2e3c35ea 4033static const struct mgmt_handler {
04124681
GP		 4034 int (*func) (struct sock *sk, struct hci_dev *hdev, void *data,
4035 u16 data_len);
be22b54e
JH		 4036 bool var_len;
4037 size_t data_len;
0f4e68cf
JH		 4038} mgmt_handlers[] = {
4039 { NULL }, /* 0x0000 (no command) */
be22b54e
JH		 4040 { read_version, false, MGMT_READ_VERSION_SIZE },
4041 { read_commands, false, MGMT_READ_COMMANDS_SIZE },
4042 { read_index_list, false, MGMT_READ_INDEX_LIST_SIZE },
4043 { read_controller_info, false, MGMT_READ_INFO_SIZE },
4044 { set_powered, false, MGMT_SETTING_SIZE },
4045 { set_discoverable, false, MGMT_SET_DISCOVERABLE_SIZE },
4046 { set_connectable, false, MGMT_SETTING_SIZE },
4047 { set_fast_connectable, false, MGMT_SETTING_SIZE },
4048 { set_pairable, false, MGMT_SETTING_SIZE },
4049 { set_link_security, false, MGMT_SETTING_SIZE },
4050 { set_ssp, false, MGMT_SETTING_SIZE },
4051 { set_hs, false, MGMT_SETTING_SIZE },
4052 { set_le, false, MGMT_SETTING_SIZE },
4053 { set_dev_class, false, MGMT_SET_DEV_CLASS_SIZE },
4054 { set_local_name, false, MGMT_SET_LOCAL_NAME_SIZE },
4055 { add_uuid, false, MGMT_ADD_UUID_SIZE },
4056 { remove_uuid, false, MGMT_REMOVE_UUID_SIZE },
4057 { load_link_keys, true, MGMT_LOAD_LINK_KEYS_SIZE },
4058 { load_long_term_keys, true, MGMT_LOAD_LONG_TERM_KEYS_SIZE },
4059 { disconnect, false, MGMT_DISCONNECT_SIZE },
4060 { get_connections, false, MGMT_GET_CONNECTIONS_SIZE },
4061 { pin_code_reply, false, MGMT_PIN_CODE_REPLY_SIZE },
4062 { pin_code_neg_reply, false, MGMT_PIN_CODE_NEG_REPLY_SIZE },
4063 { set_io_capability, false, MGMT_SET_IO_CAPABILITY_SIZE },
4064 { pair_device, false, MGMT_PAIR_DEVICE_SIZE },
4065 { cancel_pair_device, false, MGMT_CANCEL_PAIR_DEVICE_SIZE },
4066 { unpair_device, false, MGMT_UNPAIR_DEVICE_SIZE },
4067 { user_confirm_reply, false, MGMT_USER_CONFIRM_REPLY_SIZE },
4068 { user_confirm_neg_reply, false, MGMT_USER_CONFIRM_NEG_REPLY_SIZE },
4069 { user_passkey_reply, false, MGMT_USER_PASSKEY_REPLY_SIZE },
4070 { user_passkey_neg_reply, false, MGMT_USER_PASSKEY_NEG_REPLY_SIZE },
4071 { read_local_oob_data, false, MGMT_READ_LOCAL_OOB_DATA_SIZE },
4072 { add_remote_oob_data, false, MGMT_ADD_REMOTE_OOB_DATA_SIZE },
4073 { remove_remote_oob_data, false, MGMT_REMOVE_REMOTE_OOB_DATA_SIZE },
4074 { start_discovery, false, MGMT_START_DISCOVERY_SIZE },
4075 { stop_discovery, false, MGMT_STOP_DISCOVERY_SIZE },
4076 { confirm_name, false, MGMT_CONFIRM_NAME_SIZE },
4077 { block_device, false, MGMT_BLOCK_DEVICE_SIZE },
4078 { unblock_device, false, MGMT_UNBLOCK_DEVICE_SIZE },
cdbaccca 4079 { set_device_id, false, MGMT_SET_DEVICE_ID_SIZE },
4375f103 4080 { set_advertising, false, MGMT_SETTING_SIZE },
0663ca2a 4081 { set_bredr, false, MGMT_SETTING_SIZE },
d13eafce 4082 { set_static_address, false, MGMT_SET_STATIC_ADDRESS_SIZE },
14b49b9a 4083 { set_scan_params, false, MGMT_SET_SCAN_PARAMS_SIZE },
0f4e68cf
JH		 4084};
4085
4086
0381101f
JH		 4087int mgmt_control(struct sock *sk, struct msghdr *msg, size_t msglen)
4088{
650f726d
VCG		 4089 void *buf;
4090 u8 *cp;
0381101f 4091 struct mgmt_hdr *hdr;
4e51eae9 4092 u16 opcode, index, len;
bdb6d971 4093 struct hci_dev *hdev = NULL;
2e3c35ea 4094 const struct mgmt_handler *handler;
0381101f
JH		 4095 int err;
4096
4097 BT_DBG("got %zu bytes", msglen);
4098
4099 if (msglen < sizeof(*hdr))
4100 return -EINVAL;
4101
e63a15ec 4102 buf = kmalloc(msglen, GFP_KERNEL);
0381101f
JH		 4103 if (!buf)
4104 return -ENOMEM;
4105
4106 if (memcpy_fromiovec(buf, msg->msg_iov, msglen)) {
4107 err = -EFAULT;
4108 goto done;
4109 }
4110
650f726d 4111 hdr = buf;
1f350c87
MH		 4112 opcode = __le16_to_cpu(hdr->opcode);
4113 index = __le16_to_cpu(hdr->index);
4114 len = __le16_to_cpu(hdr->len);
0381101f
JH		 4115
4116 if (len != msglen - sizeof(*hdr)) {
4117 err = -EINVAL;
4118 goto done;
4119 }
4120
0f4e68cf 4121 if (index != MGMT_INDEX_NONE) {
bdb6d971
JH		 4122 hdev = hci_dev_get(index);
4123 if (!hdev) {
4124 err = cmd_status(sk, index, opcode,
04124681 4125 MGMT_STATUS_INVALID_INDEX);
bdb6d971
JH		 4126 goto done;
4127 }
0736cfa8 4128
cebf4cfd
JH		 4129 if (test_bit(HCI_SETUP, &hdev->dev_flags) ||
4130 test_bit(HCI_USER_CHANNEL, &hdev->dev_flags)) {
0736cfa8
MH		 4131 err = cmd_status(sk, index, opcode,
4132 MGMT_STATUS_INVALID_INDEX);
4133 goto done;
4134 }
bdb6d971
JH		 4135 }
4136
0f4e68cf 4137 if (opcode >= ARRAY_SIZE(mgmt_handlers) ||
8ce8e2b5 4138 mgmt_handlers[opcode].func == NULL) {
0381101f 4139 BT_DBG("Unknown op %u", opcode);
ca69b795 4140 err = cmd_status(sk, index, opcode,
04124681 4141 MGMT_STATUS_UNKNOWN_COMMAND);
0f4e68cf
JH		 4142 goto done;
4143 }
4144
4145 if ((hdev && opcode < MGMT_OP_READ_INFO) ||
8ce8e2b5 4146 (!hdev && opcode >= MGMT_OP_READ_INFO)) {
0f4e68cf 4147 err = cmd_status(sk, index, opcode,
04124681 4148 MGMT_STATUS_INVALID_INDEX);
0f4e68cf 4149 goto done;
0381101f
JH		 4150 }
4151
be22b54e
JH		 4152 handler = &mgmt_handlers[opcode];
4153
4154 if ((handler->var_len && len < handler->data_len) ||
8ce8e2b5 4155 (!handler->var_len && len != handler->data_len)) {
be22b54e 4156 err = cmd_status(sk, index, opcode,
04124681 4157 MGMT_STATUS_INVALID_PARAMS);
be22b54e
JH		 4158 goto done;
4159 }
4160
0f4e68cf
JH		 4161 if (hdev)
4162 mgmt_init_hdev(sk, hdev);
4163
4164 cp = buf + sizeof(*hdr);
4165
be22b54e 4166 err = handler->func(sk, hdev, cp, len);
e41d8b4e
JH		 4167 if (err < 0)
4168 goto done;
4169
0381101f
JH		 4170 err = msglen;
4171
4172done:
bdb6d971
JH		 4173 if (hdev)
4174 hci_dev_put(hdev);
4175
0381101f
JH		 4176 kfree(buf);
4177 return err;
4178}
c71e97bf 4179
bf6b56db 4180void mgmt_index_added(struct hci_dev *hdev)
c71e97bf 4181{
1514b892 4182 if (hdev->dev_type != HCI_BREDR)
bf6b56db 4183 return;
bb4b2a9a 4184
bf6b56db 4185 mgmt_event(MGMT_EV_INDEX_ADDED, hdev, NULL, 0, NULL);
c71e97bf
JH		 4186}
4187
bf6b56db 4188void mgmt_index_removed(struct hci_dev *hdev)
c71e97bf 4189{
5f159032 4190 u8 status = MGMT_STATUS_INVALID_INDEX;
b24752fe 4191
1514b892 4192 if (hdev->dev_type != HCI_BREDR)
bf6b56db 4193 return;
bb4b2a9a 4194
744cf19e 4195 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status);
b24752fe 4196
bf6b56db 4197 mgmt_event(MGMT_EV_INDEX_REMOVED, hdev, NULL, 0, NULL);
eec8d2bc
JH		 4198}
4199
229ab39c
JH		 4200static void powered_complete(struct hci_dev *hdev, u8 status)
4201{
4202 struct cmd_lookup match = { NULL, hdev };
4203
4204 BT_DBG("status 0x%02x", status);
4205
4206 hci_dev_lock(hdev);
4207
4208 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
4209
4210 new_settings(hdev, match.sk);
4211
4212 hci_dev_unlock(hdev);
4213
4214 if (match.sk)
4215 sock_put(match.sk);
4216}
4217
70da6243 4218static int powered_update_hci(struct hci_dev *hdev)
5add6af8 4219{
890ea898 4220 struct hci_request req;
70da6243 4221 u8 link_sec;
5add6af8 4222
890ea898
JH		 4223 hci_req_init(&req, hdev);
4224
70da6243
JH		 4225 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags) &&
4226 !lmp_host_ssp_capable(hdev)) {
4227 u8 ssp = 1;
5e5282bb 4228
890ea898 4229 hci_req_add(&req, HCI_OP_WRITE_SSP_MODE, 1, &ssp);
70da6243 4230 }
5add6af8 4231
c73eee91
JH		 4232 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags) &&
4233 lmp_bredr_capable(hdev)) {
70da6243 4234 struct hci_cp_write_le_host_supported cp;
f0ff92fb 4235
70da6243
JH		 4236 cp.le = 1;
4237 cp.simul = lmp_le_br_capable(hdev);
3d1cbdd6 4238
70da6243
JH		 4239 /* Check first if we already have the right
4240 * host state (host features set)
4241 */
4242 if (cp.le != lmp_host_le_capable(hdev) ||
4243 cp.simul != lmp_host_le_br_capable(hdev))
890ea898
JH		 4244 hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED,
4245 sizeof(cp), &cp);
70da6243 4246 }
3d1cbdd6 4247
d13eafce
MH		 4248 if (lmp_le_capable(hdev)) {
4249 /* Set random address to static address if configured */
4250 if (bacmp(&hdev->static_addr, BDADDR_ANY))
4251 hci_req_add(&req, HCI_OP_LE_SET_RANDOM_ADDR, 6,
4252 &hdev->static_addr);
eeca6f89 4253
441ad2d0
MH		 4254 /* Make sure the controller has a good default for
4255 * advertising data. This also applies to the case
4256 * where BR/EDR was toggled during the AUTO_OFF phase.
4257 */
f14d8f64 4258 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
5947f4bc 4259 update_adv_data(&req);
f14d8f64
MH		 4260 update_scan_rsp_data(&req);
4261 }
441ad2d0 4262
bba3aa55
MH		 4263 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags))
4264 enable_advertising(&req);
eeca6f89
JH		 4265 }
4266
70da6243
JH		 4267 link_sec = test_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
4268 if (link_sec != test_bit(HCI_AUTH, &hdev->flags))
890ea898
JH		 4269 hci_req_add(&req, HCI_OP_WRITE_AUTH_ENABLE,
4270 sizeof(link_sec), &link_sec);
562fcc24 4271
70da6243 4272 if (lmp_bredr_capable(hdev)) {
56f87901
JH		 4273 if (test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
4274 set_bredr_scan(&req);
890ea898 4275 update_class(&req);
13928971 4276 update_name(&req);
890ea898 4277 update_eir(&req);
70da6243 4278 }
562fcc24 4279
229ab39c 4280 return hci_req_run(&req, powered_complete);
70da6243 4281}
562fcc24 4282
70da6243
JH		 4283int mgmt_powered(struct hci_dev *hdev, u8 powered)
4284{
4285 struct cmd_lookup match = { NULL, hdev };
229ab39c
JH		 4286 u8 status_not_powered = MGMT_STATUS_NOT_POWERED;
4287 u8 zero_cod[] = { 0, 0, 0 };
70da6243 4288 int err;
f0ff92fb 4289
70da6243
JH		 4290 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
4291 return 0;
4292
70da6243 4293 if (powered) {
229ab39c
JH		 4294 if (powered_update_hci(hdev) == 0)
4295 return 0;
fe038884 4296
229ab39c
JH		 4297 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp,
4298 &match);
4299 goto new_settings;
b24752fe
JH		 4300 }
4301
229ab39c
JH		 4302 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
4303 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status_not_powered);
4304
4305 if (memcmp(hdev->dev_class, zero_cod, sizeof(zero_cod)) != 0)
4306 mgmt_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev,
4307 zero_cod, sizeof(zero_cod), NULL);
4308
4309new_settings:
beadb2bd 4310 err = new_settings(hdev, match.sk);
eec8d2bc
JH		 4311
4312 if (match.sk)
4313 sock_put(match.sk);
4314
7bb895d6 4315 return err;
5add6af8 4316}
73f22f62 4317
3eec705e 4318void mgmt_set_powered_failed(struct hci_dev *hdev, int err)
96570ffc
JH		 4319{
4320 struct pending_cmd *cmd;
4321 u8 status;
4322
4323 cmd = mgmt_pending_find(MGMT_OP_SET_POWERED, hdev);
4324 if (!cmd)
3eec705e 4325 return;
96570ffc
JH		 4326
4327 if (err == -ERFKILL)
4328 status = MGMT_STATUS_RFKILLED;
4329 else
4330 status = MGMT_STATUS_FAILED;
4331
3eec705e 4332 cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_POWERED, status);
96570ffc
JH		 4333
4334 mgmt_pending_remove(cmd);
96570ffc
JH		 4335}
4336
d1967ff8
MH		 4337void mgmt_discoverable_timeout(struct hci_dev *hdev)
4338{
4339 struct hci_request req;
d1967ff8
MH		 4340
4341 hci_dev_lock(hdev);
4342
4343 /* When discoverable timeout triggers, then just make sure
4344 * the limited discoverable flag is cleared. Even in the case
4345 * of a timeout triggered from general discoverable, it is
4346 * safe to unconditionally clear the flag.
4347 */
4348 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
4349
4350 hci_req_init(&req, hdev);
4b580614
JH		 4351 if (test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
4352 u8 scan = SCAN_PAGE;
4353 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE,
4354 sizeof(scan), &scan);
4355 }
d1967ff8
MH		 4356 update_class(&req);
4357 hci_req_run(&req, NULL);
4358
4359 hdev->discov_timeout = 0;
4360
4361 hci_dev_unlock(hdev);
4362}
4363
86a75645 4364void mgmt_discoverable(struct hci_dev *hdev, u8 discoverable)
73f22f62 4365{
86a75645 4366 bool changed;
73f22f62 4367
bfaf8c9f
JH		 4368 /* Nothing needed here if there's a pending command since that
4369 * commands request completion callback takes care of everything
4370 * necessary.
4371 */
4372 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev))
86a75645 4373 return;
bfaf8c9f 4374
86a75645
MH		 4375 if (discoverable)
4376 changed = !test_and_set_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
4377 else
4378 changed = test_and_clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
73f22f62 4379
beadb2bd 4380 if (changed)
86a75645 4381 new_settings(hdev, NULL);
73f22f62 4382}
9fbcbb45 4383
a330916c 4384void mgmt_connectable(struct hci_dev *hdev, u8 connectable)
9fbcbb45 4385{
a330916c 4386 bool changed;
9fbcbb45 4387
d7b856f9
JH		 4388 /* Nothing needed here if there's a pending command since that
4389 * commands request completion callback takes care of everything
4390 * necessary.
4391 */
4392 if (mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev))
a330916c 4393 return;
d7b856f9 4394
a330916c
MH		 4395 if (connectable)
4396 changed = !test_and_set_bit(HCI_CONNECTABLE, &hdev->dev_flags);
4397 else
4398 changed = test_and_clear_bit(HCI_CONNECTABLE, &hdev->dev_flags);
9fbcbb45 4399
beadb2bd 4400 if (changed)
a330916c 4401 new_settings(hdev, NULL);
9fbcbb45 4402}
55ed8ca1 4403
4796e8af 4404void mgmt_write_scan_failed(struct hci_dev *hdev, u8 scan, u8 status)
2d7cee58 4405{
ca69b795
JH		 4406 u8 mgmt_err = mgmt_status(status);
4407
2d7cee58 4408 if (scan & SCAN_PAGE)
744cf19e 4409 mgmt_pending_foreach(MGMT_OP_SET_CONNECTABLE, hdev,
04124681 4410 cmd_status_rsp, &mgmt_err);
2d7cee58
JH		 4411
4412 if (scan & SCAN_INQUIRY)
744cf19e 4413 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, hdev,
04124681 4414 cmd_status_rsp, &mgmt_err);
2d7cee58
JH		 4415}
4416
dc4a5ee2
MH		 4417void mgmt_new_link_key(struct hci_dev *hdev, struct link_key *key,
4418 bool persistent)
55ed8ca1 4419{
86742e1e 4420 struct mgmt_ev_new_link_key ev;
55ed8ca1 4421
a492cd52 4422 memset(&ev, 0, sizeof(ev));
55ed8ca1 4423
a492cd52 4424 ev.store_hint = persistent;
d753fdc4 4425 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
591f47f3 4426 ev.key.addr.type = BDADDR_BREDR;
a492cd52 4427 ev.key.type = key->type;
9b3b4460 4428 memcpy(ev.key.val, key->val, HCI_LINK_KEY_SIZE);
a492cd52 4429 ev.key.pin_len = key->pin_len;
55ed8ca1 4430
dc4a5ee2 4431 mgmt_event(MGMT_EV_NEW_LINK_KEY, hdev, &ev, sizeof(ev), NULL);
55ed8ca1 4432}
f7520543 4433
083368f7 4434void mgmt_new_ltk(struct hci_dev *hdev, struct smp_ltk *key, u8 persistent)
346af67b
VCG		 4435{
4436 struct mgmt_ev_new_long_term_key ev;
4437
4438 memset(&ev, 0, sizeof(ev));
4439
4440 ev.store_hint = persistent;
4441 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
57c1477c 4442 ev.key.addr.type = link_to_bdaddr(LE_LINK, key->bdaddr_type);
346af67b
VCG		 4443 ev.key.authenticated = key->authenticated;
4444 ev.key.enc_size = key->enc_size;
4445 ev.key.ediv = key->ediv;
4446
4447 if (key->type == HCI_SMP_LTK)
4448 ev.key.master = 1;
4449
4450 memcpy(ev.key.rand, key->rand, sizeof(key->rand));
4451 memcpy(ev.key.val, key->val, sizeof(key->val));
4452
083368f7 4453 mgmt_event(MGMT_EV_NEW_LONG_TERM_KEY, hdev, &ev, sizeof(ev), NULL);
346af67b
VCG		 4454}
4455
94933991
MH		 4456static inline u16 eir_append_data(u8 *eir, u16 eir_len, u8 type, u8 *data,
4457 u8 data_len)
4458{
4459 eir[eir_len++] = sizeof(type) + data_len;
4460 eir[eir_len++] = type;
4461 memcpy(&eir[eir_len], data, data_len);
4462 eir_len += data_len;
4463
4464 return eir_len;
4465}
4466
ecd90ae7
MH		 4467void mgmt_device_connected(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
4468 u8 addr_type, u32 flags, u8 *name, u8 name_len,
4469 u8 *dev_class)
f7520543 4470{
b644ba33
JH		 4471 char buf[512];
4472 struct mgmt_ev_device_connected *ev = (void *) buf;
4473 u16 eir_len = 0;
f7520543 4474
b644ba33 4475 bacpy(&ev->addr.bdaddr, bdaddr);
57c1477c 4476 ev->addr.type = link_to_bdaddr(link_type, addr_type);
f7520543 4477
c95f0ba7 4478 ev->flags = __cpu_to_le32(flags);
08c79b61 4479
b644ba33
JH		 4480 if (name_len > 0)
4481 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE,
04124681 4482 name, name_len);
b644ba33
JH		 4483
4484 if (dev_class && memcmp(dev_class, "\0\0\0", 3) != 0)
53156385 4485 eir_len = eir_append_data(ev->eir, eir_len,
04124681 4486 EIR_CLASS_OF_DEV, dev_class, 3);
b644ba33 4487
eb55ef07 4488 ev->eir_len = cpu_to_le16(eir_len);
b644ba33 4489
ecd90ae7
MH		 4490 mgmt_event(MGMT_EV_DEVICE_CONNECTED, hdev, buf,
4491 sizeof(*ev) + eir_len, NULL);
f7520543
JH		 4492}
4493
8962ee74
JH		 4494static void disconnect_rsp(struct pending_cmd *cmd, void *data)
4495{
c68fb7ff 4496 struct mgmt_cp_disconnect *cp = cmd->param;
8962ee74 4497 struct sock **sk = data;
a38528f1 4498 struct mgmt_rp_disconnect rp;
8962ee74 4499
88c3df13
JH		 4500 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
4501 rp.addr.type = cp->addr.type;
8962ee74 4502
aee9b218 4503 cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT, 0, &rp,
04124681 4504 sizeof(rp));
8962ee74
JH		 4505
4506 *sk = cmd->sk;
4507 sock_hold(*sk);
4508
a664b5bc 4509 mgmt_pending_remove(cmd);
8962ee74
JH		 4510}
4511
124f6e35 4512static void unpair_device_rsp(struct pending_cmd *cmd, void *data)
a8a1d19e 4513{
b1078ad0 4514 struct hci_dev *hdev = data;
124f6e35
JH		 4515 struct mgmt_cp_unpair_device *cp = cmd->param;
4516 struct mgmt_rp_unpair_device rp;
a8a1d19e
JH		 4517
4518 memset(&rp, 0, sizeof(rp));
124f6e35
JH		 4519 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
4520 rp.addr.type = cp->addr.type;
a8a1d19e 4521
b1078ad0
JH		 4522 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, cmd->sk);
4523
aee9b218 4524 cmd_complete(cmd->sk, cmd->index, cmd->opcode, 0, &rp, sizeof(rp));
a8a1d19e
JH		 4525
4526 mgmt_pending_remove(cmd);
4527}
4528
9b80ec5e
MH		 4529void mgmt_device_disconnected(struct hci_dev *hdev, bdaddr_t *bdaddr,
4530 u8 link_type, u8 addr_type, u8 reason)
f7520543 4531{
f0d6a0ea 4532 struct mgmt_ev_device_disconnected ev;
8962ee74 4533 struct sock *sk = NULL;
8962ee74 4534
744cf19e 4535 mgmt_pending_foreach(MGMT_OP_DISCONNECT, hdev, disconnect_rsp, &sk);
f7520543 4536
f0d6a0ea
MA		 4537 bacpy(&ev.addr.bdaddr, bdaddr);
4538 ev.addr.type = link_to_bdaddr(link_type, addr_type);
4539 ev.reason = reason;
f7520543 4540
9b80ec5e 4541 mgmt_event(MGMT_EV_DEVICE_DISCONNECTED, hdev, &ev, sizeof(ev), sk);
8962ee74
JH		 4542
4543 if (sk)
d97dcb66 4544 sock_put(sk);
8962ee74 4545
124f6e35 4546 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
04124681 4547 hdev);
8962ee74
JH		 4548}
4549
7892924c
MH		 4550void mgmt_disconnect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr,
4551 u8 link_type, u8 addr_type, u8 status)
8962ee74 4552{
88c3df13 4553 struct mgmt_rp_disconnect rp;
8962ee74 4554 struct pending_cmd *cmd;
8962ee74 4555
36a75f1b
JD		 4556 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
4557 hdev);
4558
2e58ef3e 4559 cmd = mgmt_pending_find(MGMT_OP_DISCONNECT, hdev);
8962ee74 4560 if (!cmd)
7892924c 4561 return;
8962ee74 4562
88c3df13 4563 bacpy(&rp.addr.bdaddr, bdaddr);
57c1477c 4564 rp.addr.type = link_to_bdaddr(link_type, addr_type);
37d9ef76 4565
7892924c
MH		 4566 cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT,
4567 mgmt_status(status), &rp, sizeof(rp));
8962ee74 4568
a664b5bc 4569 mgmt_pending_remove(cmd);
f7520543 4570}
17d5c04c 4571
445608d0
MH		 4572void mgmt_connect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
4573 u8 addr_type, u8 status)
17d5c04c
JH		 4574{
4575 struct mgmt_ev_connect_failed ev;
4576
4c659c39 4577 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 4578 ev.addr.type = link_to_bdaddr(link_type, addr_type);
ca69b795 4579 ev.status = mgmt_status(status);
17d5c04c 4580
445608d0 4581 mgmt_event(MGMT_EV_CONNECT_FAILED, hdev, &ev, sizeof(ev), NULL);
17d5c04c 4582}
980e1a53 4583
ce0e4a0d 4584void mgmt_pin_code_request(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 secure)
980e1a53
JH		 4585{
4586 struct mgmt_ev_pin_code_request ev;
4587
d8457698 4588 bacpy(&ev.addr.bdaddr, bdaddr);
591f47f3 4589 ev.addr.type = BDADDR_BREDR;
a770bb5a 4590 ev.secure = secure;
980e1a53 4591
ce0e4a0d 4592 mgmt_event(MGMT_EV_PIN_CODE_REQUEST, hdev, &ev, sizeof(ev), NULL);
980e1a53
JH		 4593}
4594
e669cf80
MH		 4595void mgmt_pin_code_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
4596 u8 status)
980e1a53
JH		 4597{
4598 struct pending_cmd *cmd;
ac56fb13 4599 struct mgmt_rp_pin_code_reply rp;
980e1a53 4600
2e58ef3e 4601 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_REPLY, hdev);
980e1a53 4602 if (!cmd)
e669cf80 4603 return;
980e1a53 4604
d8457698 4605 bacpy(&rp.addr.bdaddr, bdaddr);
591f47f3 4606 rp.addr.type = BDADDR_BREDR;
ac56fb13 4607
e669cf80
MH		 4608 cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
4609 mgmt_status(status), &rp, sizeof(rp));
980e1a53 4610
a664b5bc 4611 mgmt_pending_remove(cmd);
980e1a53
JH		 4612}
4613
3eb38528
MH		 4614void mgmt_pin_code_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
4615 u8 status)
980e1a53
JH		 4616{
4617 struct pending_cmd *cmd;
ac56fb13 4618 struct mgmt_rp_pin_code_reply rp;
980e1a53 4619
2e58ef3e 4620 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_NEG_REPLY, hdev);
980e1a53 4621 if (!cmd)
3eb38528 4622 return;
980e1a53 4623
d8457698 4624 bacpy(&rp.addr.bdaddr, bdaddr);
591f47f3 4625 rp.addr.type = BDADDR_BREDR;
ac56fb13 4626
3eb38528
MH		 4627 cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_NEG_REPLY,
4628 mgmt_status(status), &rp, sizeof(rp));
980e1a53 4629
a664b5bc 4630 mgmt_pending_remove(cmd);
980e1a53 4631}
a5c29683 4632
744cf19e 4633int mgmt_user_confirm_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681
GP		 4634 u8 link_type, u8 addr_type, __le32 value,
4635 u8 confirm_hint)
a5c29683
JH		 4636{
4637 struct mgmt_ev_user_confirm_request ev;
4638
744cf19e 4639 BT_DBG("%s", hdev->name);
a5c29683 4640
272d90df 4641 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 4642 ev.addr.type = link_to_bdaddr(link_type, addr_type);
55bc1a37 4643 ev.confirm_hint = confirm_hint;
78e8098e 4644 ev.value = value;
a5c29683 4645
744cf19e 4646 return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST, hdev, &ev, sizeof(ev),
04124681 4647 NULL);
a5c29683
JH		 4648}
4649
272d90df 4650int mgmt_user_passkey_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
8ce8e2b5 4651 u8 link_type, u8 addr_type)
604086b7
BG		 4652{
4653 struct mgmt_ev_user_passkey_request ev;
4654
4655 BT_DBG("%s", hdev->name);
4656
272d90df 4657 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 4658 ev.addr.type = link_to_bdaddr(link_type, addr_type);
604086b7
BG		 4659
4660 return mgmt_event(MGMT_EV_USER_PASSKEY_REQUEST, hdev, &ev, sizeof(ev),
04124681 4661 NULL);
604086b7
BG		 4662}
4663
0df4c185 4664static int user_pairing_resp_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
8ce8e2b5
GP		 4665 u8 link_type, u8 addr_type, u8 status,
4666 u8 opcode)
a5c29683
JH		 4667{
4668 struct pending_cmd *cmd;
4669 struct mgmt_rp_user_confirm_reply rp;
4670 int err;
4671
2e58ef3e 4672 cmd = mgmt_pending_find(opcode, hdev);
a5c29683
JH		 4673 if (!cmd)
4674 return -ENOENT;
4675
272d90df 4676 bacpy(&rp.addr.bdaddr, bdaddr);
57c1477c 4677 rp.addr.type = link_to_bdaddr(link_type, addr_type);
aee9b218 4678 err = cmd_complete(cmd->sk, hdev->id, opcode, mgmt_status(status),
04124681 4679 &rp, sizeof(rp));
a5c29683 4680
a664b5bc 4681 mgmt_pending_remove(cmd);
a5c29683
JH		 4682
4683 return err;
4684}
4685
744cf19e 4686int mgmt_user_confirm_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 4687 u8 link_type, u8 addr_type, u8 status)
a5c29683 4688{
272d90df 4689 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
04124681 4690 status, MGMT_OP_USER_CONFIRM_REPLY);
a5c29683
JH		 4691}
4692
272d90df 4693int mgmt_user_confirm_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 4694 u8 link_type, u8 addr_type, u8 status)
a5c29683 4695{
272d90df 4696 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
8fc9ced3
GP		 4697 status,
4698 MGMT_OP_USER_CONFIRM_NEG_REPLY);
a5c29683 4699}
2a611692 4700
604086b7 4701int mgmt_user_passkey_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 4702 u8 link_type, u8 addr_type, u8 status)
604086b7 4703{
272d90df 4704 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
04124681 4705 status, MGMT_OP_USER_PASSKEY_REPLY);
604086b7
BG		 4706}
4707
272d90df 4708int mgmt_user_passkey_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 4709 u8 link_type, u8 addr_type, u8 status)
604086b7 4710{
272d90df 4711 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
8fc9ced3
GP		 4712 status,
4713 MGMT_OP_USER_PASSKEY_NEG_REPLY);
604086b7
BG		 4714}
4715
92a25256
JH		 4716int mgmt_user_passkey_notify(struct hci_dev *hdev, bdaddr_t *bdaddr,
4717 u8 link_type, u8 addr_type, u32 passkey,
4718 u8 entered)
4719{
4720 struct mgmt_ev_passkey_notify ev;
4721
4722 BT_DBG("%s", hdev->name);
4723
4724 bacpy(&ev.addr.bdaddr, bdaddr);
4725 ev.addr.type = link_to_bdaddr(link_type, addr_type);
4726 ev.passkey = __cpu_to_le32(passkey);
4727 ev.entered = entered;
4728
4729 return mgmt_event(MGMT_EV_PASSKEY_NOTIFY, hdev, &ev, sizeof(ev), NULL);
4730}
4731
e546099c
MH		 4732void mgmt_auth_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
4733 u8 addr_type, u8 status)
2a611692
JH		 4734{
4735 struct mgmt_ev_auth_failed ev;
4736
bab73cb6 4737 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 4738 ev.addr.type = link_to_bdaddr(link_type, addr_type);
ca69b795 4739 ev.status = mgmt_status(status);
2a611692 4740
e546099c 4741 mgmt_event(MGMT_EV_AUTH_FAILED, hdev, &ev, sizeof(ev), NULL);
2a611692 4742}
b312b161 4743
464996ae 4744void mgmt_auth_enable_complete(struct hci_dev *hdev, u8 status)
33ef95ed
JH		 4745{
4746 struct cmd_lookup match = { NULL, hdev };
464996ae 4747 bool changed;
33ef95ed
JH		 4748
4749 if (status) {
4750 u8 mgmt_err = mgmt_status(status);
4751 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev,
04124681 4752 cmd_status_rsp, &mgmt_err);
464996ae 4753 return;
33ef95ed
JH		 4754 }
4755
464996ae
MH		 4756 if (test_bit(HCI_AUTH, &hdev->flags))
4757 changed = !test_and_set_bit(HCI_LINK_SECURITY,
4758 &hdev->dev_flags);
4759 else
4760 changed = test_and_clear_bit(HCI_LINK_SECURITY,
4761 &hdev->dev_flags);
47990ea0 4762
33ef95ed 4763 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev, settings_rsp,
04124681 4764 &match);
33ef95ed 4765
47990ea0 4766 if (changed)
464996ae 4767 new_settings(hdev, match.sk);
33ef95ed
JH		 4768
4769 if (match.sk)
4770 sock_put(match.sk);
33ef95ed
JH		 4771}
4772
890ea898 4773static void clear_eir(struct hci_request *req)
cacaf52f 4774{
890ea898 4775 struct hci_dev *hdev = req->hdev;
cacaf52f
JH		 4776 struct hci_cp_write_eir cp;
4777
976eb20e 4778 if (!lmp_ext_inq_capable(hdev))
890ea898 4779 return;
cacaf52f 4780
c80da27e
JH		 4781 memset(hdev->eir, 0, sizeof(hdev->eir));
4782
cacaf52f
JH		 4783 memset(&cp, 0, sizeof(cp));
4784
890ea898 4785 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
cacaf52f
JH		 4786}
4787
3e248560 4788void mgmt_ssp_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
ed2c4ee3
JH		 4789{
4790 struct cmd_lookup match = { NULL, hdev };
890ea898 4791 struct hci_request req;
c0ecddc2 4792 bool changed = false;
ed2c4ee3
JH		 4793
4794 if (status) {
4795 u8 mgmt_err = mgmt_status(status);
c0ecddc2
JH		 4796
4797 if (enable && test_and_clear_bit(HCI_SSP_ENABLED,
9ecb3e24
MH		 4798 &hdev->dev_flags)) {
4799 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
3e248560 4800 new_settings(hdev, NULL);
9ecb3e24 4801 }
c0ecddc2 4802
04124681
GP		 4803 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, cmd_status_rsp,
4804 &mgmt_err);
3e248560 4805 return;
c0ecddc2
JH		 4806 }
4807
4808 if (enable) {
9ecb3e24 4809 changed = !test_and_set_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
c0ecddc2 4810 } else {
9ecb3e24
MH		 4811 changed = test_and_clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
4812 if (!changed)
4813 changed = test_and_clear_bit(HCI_HS_ENABLED,
4814 &hdev->dev_flags);
4815 else
4816 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
ed2c4ee3
JH		 4817 }
4818
4819 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, settings_rsp, &match);
4820
c0ecddc2 4821 if (changed)
3e248560 4822 new_settings(hdev, match.sk);
ed2c4ee3 4823
5fc6ebb1 4824 if (match.sk)
ed2c4ee3
JH		 4825 sock_put(match.sk);
4826
890ea898
JH		 4827 hci_req_init(&req, hdev);
4828
5fc6ebb1 4829 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
890ea898 4830 update_eir(&req);
5fc6ebb1 4831 else
890ea898
JH		 4832 clear_eir(&req);
4833
4834 hci_req_run(&req, NULL);
ed2c4ee3
JH		 4835}
4836
92da6097 4837static void sk_lookup(struct pending_cmd *cmd, void *data)
90e70454
JH		 4838{
4839 struct cmd_lookup *match = data;
4840
90e70454
JH		 4841 if (match->sk == NULL) {
4842 match->sk = cmd->sk;
4843 sock_hold(match->sk);
4844 }
90e70454
JH		 4845}
4846
4e1b0245
MH		 4847void mgmt_set_class_of_dev_complete(struct hci_dev *hdev, u8 *dev_class,
4848 u8 status)
7f9a903c 4849{
90e70454 4850 struct cmd_lookup match = { NULL, hdev, mgmt_status(status) };
7f9a903c 4851
92da6097
JH		 4852 mgmt_pending_foreach(MGMT_OP_SET_DEV_CLASS, hdev, sk_lookup, &match);
4853 mgmt_pending_foreach(MGMT_OP_ADD_UUID, hdev, sk_lookup, &match);
4854 mgmt_pending_foreach(MGMT_OP_REMOVE_UUID, hdev, sk_lookup, &match);
90e70454
JH		 4855
4856 if (!status)
4e1b0245
MH		 4857 mgmt_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev, dev_class, 3,
4858 NULL);
90e70454
JH		 4859
4860 if (match.sk)
4861 sock_put(match.sk);
7f9a903c
MH		 4862}
4863
7667da34 4864void mgmt_set_local_name_complete(struct hci_dev *hdev, u8 *name, u8 status)
b312b161 4865{
b312b161 4866 struct mgmt_cp_set_local_name ev;
13928971 4867 struct pending_cmd *cmd;
28cc7bde 4868
13928971 4869 if (status)
7667da34 4870 return;
b312b161
JH		 4871
4872 memset(&ev, 0, sizeof(ev));
4873 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH);
28cc7bde 4874 memcpy(ev.short_name, hdev->short_name, HCI_MAX_SHORT_NAME_LENGTH);
b312b161 4875
2e58ef3e 4876 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
13928971
JH		 4877 if (!cmd) {
4878 memcpy(hdev->dev_name, name, sizeof(hdev->dev_name));
28cc7bde 4879
13928971
JH		 4880 /* If this is a HCI command related to powering on the
4881 * HCI dev don't send any mgmt signals.
4882 */
4883 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev))
7667da34 4884 return;
890ea898 4885 }
b312b161 4886
7667da34
MH		 4887 mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, &ev, sizeof(ev),
4888 cmd ? cmd->sk : NULL);
b312b161 4889}
c35938b2 4890
3edaf092
MH		 4891void mgmt_read_local_oob_data_reply_complete(struct hci_dev *hdev, u8 *hash,
4892 u8 *randomizer, u8 status)
c35938b2
SJ		 4893{
4894 struct pending_cmd *cmd;
c35938b2 4895
744cf19e 4896 BT_DBG("%s status %u", hdev->name, status);
c35938b2 4897
2e58ef3e 4898 cmd = mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev);
c35938b2 4899 if (!cmd)
3edaf092 4900 return;
c35938b2
SJ		 4901
4902 if (status) {
3edaf092
MH		 4903 cmd_status(cmd->sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
4904 mgmt_status(status));
c35938b2
SJ		 4905 } else {
4906 struct mgmt_rp_read_local_oob_data rp;
4907
4908 memcpy(rp.hash, hash, sizeof(rp.hash));
4909 memcpy(rp.randomizer, randomizer, sizeof(rp.randomizer));
4910
3edaf092
MH		 4911 cmd_complete(cmd->sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
4912 0, &rp, sizeof(rp));
c35938b2
SJ		 4913 }
4914
4915 mgmt_pending_remove(cmd);
c35938b2 4916}
e17acd40 4917
901801b9
MH		 4918void mgmt_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
4919 u8 addr_type, u8 *dev_class, s8 rssi, u8 cfm_name, u8
4920 ssp, u8 *eir, u16 eir_len)
e17acd40 4921{
e319d2e7
JH		 4922 char buf[512];
4923 struct mgmt_ev_device_found *ev = (void *) buf;
1dc06093 4924 size_t ev_size;
e17acd40 4925
12602d0c 4926 if (!hci_discovery_active(hdev))
901801b9 4927 return;
12602d0c 4928
1dc06093
JH		 4929 /* Leave 5 bytes for a potential CoD field */
4930 if (sizeof(*ev) + eir_len + 5 > sizeof(buf))
901801b9 4931 return;
7d262f86 4932
1dc06093
JH		 4933 memset(buf, 0, sizeof(buf));
4934
e319d2e7 4935 bacpy(&ev->addr.bdaddr, bdaddr);
57c1477c 4936 ev->addr.type = link_to_bdaddr(link_type, addr_type);
e319d2e7 4937 ev->rssi = rssi;
9a395a80 4938 if (cfm_name)
612dfce9 4939 ev->flags |= __constant_cpu_to_le32(MGMT_DEV_FOUND_CONFIRM_NAME);
388fc8fa 4940 if (!ssp)
612dfce9 4941 ev->flags |= __constant_cpu_to_le32(MGMT_DEV_FOUND_LEGACY_PAIRING);
e17acd40 4942
1dc06093 4943 if (eir_len > 0)
e319d2e7 4944 memcpy(ev->eir, eir, eir_len);
e17acd40 4945
1dc06093
JH		 4946 if (dev_class && !eir_has_data_type(ev->eir, eir_len, EIR_CLASS_OF_DEV))
4947 eir_len = eir_append_data(ev->eir, eir_len, EIR_CLASS_OF_DEV,
04124681 4948 dev_class, 3);
1dc06093 4949
eb55ef07 4950 ev->eir_len = cpu_to_le16(eir_len);
1dc06093 4951 ev_size = sizeof(*ev) + eir_len;
f8523598 4952
901801b9 4953 mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, ev_size, NULL);
e17acd40 4954}
a88a9652 4955
9cf12aee
MH		 4956void mgmt_remote_name(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
4957 u8 addr_type, s8 rssi, u8 *name, u8 name_len)
a88a9652 4958{
b644ba33
JH		 4959 struct mgmt_ev_device_found *ev;
4960 char buf[sizeof(*ev) + HCI_MAX_NAME_LENGTH + 2];
4961 u16 eir_len;
a88a9652 4962
b644ba33 4963 ev = (struct mgmt_ev_device_found *) buf;
a88a9652 4964
b644ba33
JH		 4965 memset(buf, 0, sizeof(buf));
4966
4967 bacpy(&ev->addr.bdaddr, bdaddr);
57c1477c 4968 ev->addr.type = link_to_bdaddr(link_type, addr_type);
b644ba33
JH		 4969 ev->rssi = rssi;
4970
4971 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE, name,
04124681 4972 name_len);
b644ba33 4973
eb55ef07 4974 ev->eir_len = cpu_to_le16(eir_len);
a88a9652 4975
9cf12aee 4976 mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, sizeof(*ev) + eir_len, NULL);
a88a9652 4977}
314b2381 4978
2f1e063b 4979void mgmt_discovering(struct hci_dev *hdev, u8 discovering)
314b2381 4980{
f963e8e9 4981 struct mgmt_ev_discovering ev;
164a6e78
JH		 4982 struct pending_cmd *cmd;
4983
343fb145
AG		 4984 BT_DBG("%s discovering %u", hdev->name, discovering);
4985
164a6e78 4986 if (discovering)
2e58ef3e 4987 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
164a6e78 4988 else
2e58ef3e 4989 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
164a6e78
JH		 4990
4991 if (cmd != NULL) {
f808e166
JH		 4992 u8 type = hdev->discovery.type;
4993
04124681
GP		 4994 cmd_complete(cmd->sk, hdev->id, cmd->opcode, 0, &type,
4995 sizeof(type));
164a6e78
JH		 4996 mgmt_pending_remove(cmd);
4997 }
4998
f963e8e9
JH		 4999 memset(&ev, 0, sizeof(ev));
5000 ev.type = hdev->discovery.type;
5001 ev.discovering = discovering;
5002
2f1e063b 5003 mgmt_event(MGMT_EV_DISCOVERING, hdev, &ev, sizeof(ev), NULL);
314b2381 5004}
5e762444 5005
88c1fe4b 5006int mgmt_device_blocked(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
5e762444
AJ		 5007{
5008 struct pending_cmd *cmd;
5009 struct mgmt_ev_device_blocked ev;
5010
2e58ef3e 5011 cmd = mgmt_pending_find(MGMT_OP_BLOCK_DEVICE, hdev);
5e762444 5012
88c1fe4b
JH		 5013 bacpy(&ev.addr.bdaddr, bdaddr);
5014 ev.addr.type = type;
5e762444 5015
744cf19e 5016 return mgmt_event(MGMT_EV_DEVICE_BLOCKED, hdev, &ev, sizeof(ev),
04124681 5017 cmd ? cmd->sk : NULL);
5e762444
AJ		 5018}
5019
88c1fe4b 5020int mgmt_device_unblocked(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
5e762444
AJ		 5021{
5022 struct pending_cmd *cmd;
5023 struct mgmt_ev_device_unblocked ev;
5024
2e58ef3e 5025 cmd = mgmt_pending_find(MGMT_OP_UNBLOCK_DEVICE, hdev);
5e762444 5026
88c1fe4b
JH		 5027 bacpy(&ev.addr.bdaddr, bdaddr);
5028 ev.addr.type = type;
5e762444 5029
744cf19e 5030 return mgmt_event(MGMT_EV_DEVICE_UNBLOCKED, hdev, &ev, sizeof(ev),
04124681 5031 cmd ? cmd->sk : NULL);
5e762444 5032}
5976e608
MH		 5033
5034static void adv_enable_complete(struct hci_dev *hdev, u8 status)
5035{
5036 BT_DBG("%s status %u", hdev->name, status);
5037
5038 /* Clear the advertising mgmt setting if we failed to re-enable it */
5039 if (status) {
5040 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
a6d811ed 5041 new_settings(hdev, NULL);
5976e608
MH		 5042 }
5043}
5044
5045void mgmt_reenable_advertising(struct hci_dev *hdev)
5046{
5047 struct hci_request req;
5048
b145edcd 5049 if (hci_conn_num(hdev, LE_LINK) > 0)
5976e608
MH		 5050 return;
5051
5052 if (!test_bit(HCI_ADVERTISING, &hdev->dev_flags))
5053 return;
5054
5055 hci_req_init(&req, hdev);
5056 enable_advertising(&req);
5057
5058 /* If this fails we have no option but to let user space know
5059 * that we've disabled advertising.
5060 */
5061 if (hci_req_run(&req, adv_enable_complete) < 0) {
5062 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
a6d811ed 5063 new_settings(hdev, NULL);
5976e608
MH		 5064 }
5065}
Linux 6.x block layer and io_uring tree(s)