projects / linux-2.6-block.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Bluetooth: Save remote L2CAP fixed channel mask
[linux-2.6-block.git] / net / bluetooth / mgmt.c
CommitLineData
0381101f
JH		 1/*
2 BlueZ - Bluetooth protocol stack for Linux
ea585ab5 3
0381101f 4 Copyright (C) 2010 Nokia Corporation
ea585ab5 5 Copyright (C) 2011-2012 Intel Corporation
0381101f
JH		 6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
10
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
23*/
24
25/* Bluetooth HCI Management interface */
26
ca69b795 27#include <linux/kernel.h>
72359753 28#include <linux/uaccess.h>
3a9a231d 29#include <linux/module.h>
0381101f
JH		 30#include <asm/unaligned.h>
31
32#include <net/bluetooth/bluetooth.h>
33#include <net/bluetooth/hci_core.h>
34#include <net/bluetooth/mgmt.h>
5fe57d9e 35#include <net/bluetooth/smp.h>
0381101f 36
d7b7e796
MH		 37bool enable_hs;
38bool enable_le;
39
2da9c55c
JH		 40#define MGMT_VERSION 1
41#define MGMT_REVISION 0
02d98129 42
e70bb2e8
JH		 43static const u16 mgmt_commands[] = {
44 MGMT_OP_READ_INDEX_LIST,
45 MGMT_OP_READ_INFO,
46 MGMT_OP_SET_POWERED,
47 MGMT_OP_SET_DISCOVERABLE,
48 MGMT_OP_SET_CONNECTABLE,
49 MGMT_OP_SET_FAST_CONNECTABLE,
50 MGMT_OP_SET_PAIRABLE,
51 MGMT_OP_SET_LINK_SECURITY,
52 MGMT_OP_SET_SSP,
53 MGMT_OP_SET_HS,
54 MGMT_OP_SET_LE,
55 MGMT_OP_SET_DEV_CLASS,
56 MGMT_OP_SET_LOCAL_NAME,
57 MGMT_OP_ADD_UUID,
58 MGMT_OP_REMOVE_UUID,
59 MGMT_OP_LOAD_LINK_KEYS,
60 MGMT_OP_LOAD_LONG_TERM_KEYS,
61 MGMT_OP_DISCONNECT,
62 MGMT_OP_GET_CONNECTIONS,
63 MGMT_OP_PIN_CODE_REPLY,
64 MGMT_OP_PIN_CODE_NEG_REPLY,
65 MGMT_OP_SET_IO_CAPABILITY,
66 MGMT_OP_PAIR_DEVICE,
67 MGMT_OP_CANCEL_PAIR_DEVICE,
68 MGMT_OP_UNPAIR_DEVICE,
69 MGMT_OP_USER_CONFIRM_REPLY,
70 MGMT_OP_USER_CONFIRM_NEG_REPLY,
71 MGMT_OP_USER_PASSKEY_REPLY,
72 MGMT_OP_USER_PASSKEY_NEG_REPLY,
73 MGMT_OP_READ_LOCAL_OOB_DATA,
74 MGMT_OP_ADD_REMOTE_OOB_DATA,
75 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
76 MGMT_OP_START_DISCOVERY,
77 MGMT_OP_STOP_DISCOVERY,
78 MGMT_OP_CONFIRM_NAME,
79 MGMT_OP_BLOCK_DEVICE,
80 MGMT_OP_UNBLOCK_DEVICE,
81};
82
83static const u16 mgmt_events[] = {
84 MGMT_EV_CONTROLLER_ERROR,
85 MGMT_EV_INDEX_ADDED,
86 MGMT_EV_INDEX_REMOVED,
87 MGMT_EV_NEW_SETTINGS,
88 MGMT_EV_CLASS_OF_DEV_CHANGED,
89 MGMT_EV_LOCAL_NAME_CHANGED,
90 MGMT_EV_NEW_LINK_KEY,
91 MGMT_EV_NEW_LONG_TERM_KEY,
92 MGMT_EV_DEVICE_CONNECTED,
93 MGMT_EV_DEVICE_DISCONNECTED,
94 MGMT_EV_CONNECT_FAILED,
95 MGMT_EV_PIN_CODE_REQUEST,
96 MGMT_EV_USER_CONFIRM_REQUEST,
97 MGMT_EV_USER_PASSKEY_REQUEST,
98 MGMT_EV_AUTH_FAILED,
99 MGMT_EV_DEVICE_FOUND,
100 MGMT_EV_DISCOVERING,
101 MGMT_EV_DEVICE_BLOCKED,
102 MGMT_EV_DEVICE_UNBLOCKED,
103 MGMT_EV_DEVICE_UNPAIRED,
104};
105
3fd24153
AG		 106/*
107 * These LE scan and inquiry parameters were chosen according to LE General
108 * Discovery Procedure specification.
109 */
110#define LE_SCAN_TYPE 0x01
111#define LE_SCAN_WIN 0x12
112#define LE_SCAN_INT 0x12
113#define LE_SCAN_TIMEOUT_LE_ONLY 10240 /* TGAP(gen_disc_scan_min) */
5e0452c0 114#define LE_SCAN_TIMEOUT_BREDR_LE 5120 /* TGAP(100)/2 */
3fd24153 115
e8777525 116#define INQUIRY_LEN_BREDR 0x08 /* TGAP(100) */
5e0452c0 117#define INQUIRY_LEN_BREDR_LE 0x04 /* TGAP(100)/2 */
2519a1fc 118
7d78525d
JH		 119#define SERVICE_CACHE_TIMEOUT (5 * 1000)
120
4b34ee78
JH		 121#define hdev_is_powered(hdev) (test_bit(HCI_UP, &hdev->flags) && \
122 !test_bit(HCI_AUTO_OFF, &hdev->dev_flags))
123
eec8d2bc
JH		 124struct pending_cmd {
125 struct list_head list;
fc2f4b13 126 u16 opcode;
eec8d2bc 127 int index;
c68fb7ff 128 void *param;
eec8d2bc 129 struct sock *sk;
e9a416b5 130 void *user_data;
eec8d2bc
JH		 131};
132
ca69b795
JH		 133/* HCI to MGMT error code conversion table */
134static u8 mgmt_status_table[] = {
135 MGMT_STATUS_SUCCESS,
136 MGMT_STATUS_UNKNOWN_COMMAND, /* Unknown Command */
137 MGMT_STATUS_NOT_CONNECTED, /* No Connection */
138 MGMT_STATUS_FAILED, /* Hardware Failure */
139 MGMT_STATUS_CONNECT_FAILED, /* Page Timeout */
140 MGMT_STATUS_AUTH_FAILED, /* Authentication Failed */
141 MGMT_STATUS_NOT_PAIRED, /* PIN or Key Missing */
142 MGMT_STATUS_NO_RESOURCES, /* Memory Full */
143 MGMT_STATUS_TIMEOUT, /* Connection Timeout */
144 MGMT_STATUS_NO_RESOURCES, /* Max Number of Connections */
145 MGMT_STATUS_NO_RESOURCES, /* Max Number of SCO Connections */
146 MGMT_STATUS_ALREADY_CONNECTED, /* ACL Connection Exists */
147 MGMT_STATUS_BUSY, /* Command Disallowed */
148 MGMT_STATUS_NO_RESOURCES, /* Rejected Limited Resources */
149 MGMT_STATUS_REJECTED, /* Rejected Security */
150 MGMT_STATUS_REJECTED, /* Rejected Personal */
151 MGMT_STATUS_TIMEOUT, /* Host Timeout */
152 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Feature */
153 MGMT_STATUS_INVALID_PARAMS, /* Invalid Parameters */
154 MGMT_STATUS_DISCONNECTED, /* OE User Ended Connection */
155 MGMT_STATUS_NO_RESOURCES, /* OE Low Resources */
156 MGMT_STATUS_DISCONNECTED, /* OE Power Off */
157 MGMT_STATUS_DISCONNECTED, /* Connection Terminated */
158 MGMT_STATUS_BUSY, /* Repeated Attempts */
159 MGMT_STATUS_REJECTED, /* Pairing Not Allowed */
160 MGMT_STATUS_FAILED, /* Unknown LMP PDU */
161 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Remote Feature */
162 MGMT_STATUS_REJECTED, /* SCO Offset Rejected */
163 MGMT_STATUS_REJECTED, /* SCO Interval Rejected */
164 MGMT_STATUS_REJECTED, /* Air Mode Rejected */
165 MGMT_STATUS_INVALID_PARAMS, /* Invalid LMP Parameters */
166 MGMT_STATUS_FAILED, /* Unspecified Error */
167 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported LMP Parameter Value */
168 MGMT_STATUS_FAILED, /* Role Change Not Allowed */
169 MGMT_STATUS_TIMEOUT, /* LMP Response Timeout */
170 MGMT_STATUS_FAILED, /* LMP Error Transaction Collision */
171 MGMT_STATUS_FAILED, /* LMP PDU Not Allowed */
172 MGMT_STATUS_REJECTED, /* Encryption Mode Not Accepted */
173 MGMT_STATUS_FAILED, /* Unit Link Key Used */
174 MGMT_STATUS_NOT_SUPPORTED, /* QoS Not Supported */
175 MGMT_STATUS_TIMEOUT, /* Instant Passed */
176 MGMT_STATUS_NOT_SUPPORTED, /* Pairing Not Supported */
177 MGMT_STATUS_FAILED, /* Transaction Collision */
178 MGMT_STATUS_INVALID_PARAMS, /* Unacceptable Parameter */
179 MGMT_STATUS_REJECTED, /* QoS Rejected */
180 MGMT_STATUS_NOT_SUPPORTED, /* Classification Not Supported */
181 MGMT_STATUS_REJECTED, /* Insufficient Security */
182 MGMT_STATUS_INVALID_PARAMS, /* Parameter Out Of Range */
183 MGMT_STATUS_BUSY, /* Role Switch Pending */
184 MGMT_STATUS_FAILED, /* Slot Violation */
185 MGMT_STATUS_FAILED, /* Role Switch Failed */
186 MGMT_STATUS_INVALID_PARAMS, /* EIR Too Large */
187 MGMT_STATUS_NOT_SUPPORTED, /* Simple Pairing Not Supported */
188 MGMT_STATUS_BUSY, /* Host Busy Pairing */
189 MGMT_STATUS_REJECTED, /* Rejected, No Suitable Channel */
190 MGMT_STATUS_BUSY, /* Controller Busy */
191 MGMT_STATUS_INVALID_PARAMS, /* Unsuitable Connection Interval */
192 MGMT_STATUS_TIMEOUT, /* Directed Advertising Timeout */
193 MGMT_STATUS_AUTH_FAILED, /* Terminated Due to MIC Failure */
194 MGMT_STATUS_CONNECT_FAILED, /* Connection Establishment Failed */
195 MGMT_STATUS_CONNECT_FAILED, /* MAC Connection Failed */
196};
197
198static u8 mgmt_status(u8 hci_status)
199{
200 if (hci_status < ARRAY_SIZE(mgmt_status_table))
201 return mgmt_status_table[hci_status];
202
203 return MGMT_STATUS_FAILED;
204}
205
4e51eae9 206static int cmd_status(struct sock *sk, u16 index, u16 cmd, u8 status)
f7b64e69
JH		 207{
208 struct sk_buff *skb;
209 struct mgmt_hdr *hdr;
210 struct mgmt_ev_cmd_status *ev;
56b7d137 211 int err;
f7b64e69 212
34eb525c 213 BT_DBG("sock %p, index %u, cmd %u, status %u", sk, index, cmd, status);
f7b64e69
JH		 214
215 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev), GFP_ATOMIC);
216 if (!skb)
217 return -ENOMEM;
218
219 hdr = (void *) skb_put(skb, sizeof(*hdr));
220
221 hdr->opcode = cpu_to_le16(MGMT_EV_CMD_STATUS);
4e51eae9 222 hdr->index = cpu_to_le16(index);
f7b64e69
JH		 223 hdr->len = cpu_to_le16(sizeof(*ev));
224
225 ev = (void *) skb_put(skb, sizeof(*ev));
226 ev->status = status;
227 put_unaligned_le16(cmd, &ev->opcode);
228
56b7d137
GP		 229 err = sock_queue_rcv_skb(sk, skb);
230 if (err < 0)
f7b64e69
JH		 231 kfree_skb(skb);
232
56b7d137 233 return err;
f7b64e69
JH		 234}
235
aee9b218
JH		 236static int cmd_complete(struct sock *sk, u16 index, u16 cmd, u8 status,
237 void *rp, size_t rp_len)
02d98129
JH		 238{
239 struct sk_buff *skb;
240 struct mgmt_hdr *hdr;
241 struct mgmt_ev_cmd_complete *ev;
56b7d137 242 int err;
02d98129
JH		 243
244 BT_DBG("sock %p", sk);
245
a38528f1 246 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev) + rp_len, GFP_ATOMIC);
02d98129
JH		 247 if (!skb)
248 return -ENOMEM;
249
250 hdr = (void *) skb_put(skb, sizeof(*hdr));
02d98129 251
a38528f1 252 hdr->opcode = cpu_to_le16(MGMT_EV_CMD_COMPLETE);
4e51eae9 253 hdr->index = cpu_to_le16(index);
a38528f1 254 hdr->len = cpu_to_le16(sizeof(*ev) + rp_len);
02d98129 255
a38528f1
JH		 256 ev = (void *) skb_put(skb, sizeof(*ev) + rp_len);
257 put_unaligned_le16(cmd, &ev->opcode);
aee9b218 258 ev->status = status;
8020c16a
SJ		 259
260 if (rp)
261 memcpy(ev->data, rp, rp_len);
02d98129 262
56b7d137
GP		 263 err = sock_queue_rcv_skb(sk, skb);
264 if (err < 0)
02d98129
JH		 265 kfree_skb(skb);
266
e5f0e151 267 return err;
02d98129
JH		 268}
269
a38528f1
JH		 270static int read_version(struct sock *sk)
271{
272 struct mgmt_rp_read_version rp;
273
274 BT_DBG("sock %p", sk);
275
276 rp.version = MGMT_VERSION;
277 put_unaligned_le16(MGMT_REVISION, &rp.revision);
278
aee9b218 279 return cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_VERSION, 0, &rp,
4e51eae9 280 sizeof(rp));
a38528f1
JH		 281}
282
e70bb2e8
JH		 283static int read_commands(struct sock *sk)
284{
285 struct mgmt_rp_read_commands *rp;
286 u16 num_commands = ARRAY_SIZE(mgmt_commands);
287 u16 num_events = ARRAY_SIZE(mgmt_events);
288 u16 *opcode;
289 size_t rp_size;
290 int i, err;
291
292 BT_DBG("sock %p", sk);
293
294 rp_size = sizeof(*rp) + ((num_commands + num_events) * sizeof(u16));
295
296 rp = kmalloc(rp_size, GFP_KERNEL);
297 if (!rp)
298 return -ENOMEM;
299
300 put_unaligned_le16(num_commands, &rp->num_commands);
301 put_unaligned_le16(num_events, &rp->num_events);
302
303 for (i = 0, opcode = rp->opcodes; i < num_commands; i++, opcode++)
304 put_unaligned_le16(mgmt_commands[i], opcode);
305
306 for (i = 0; i < num_events; i++, opcode++)
307 put_unaligned_le16(mgmt_events[i], opcode);
308
aee9b218 309 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_COMMANDS, 0, rp,
e70bb2e8
JH		 310 rp_size);
311 kfree(rp);
312
313 return err;
314}
315
faba42eb
JH		 316static int read_index_list(struct sock *sk)
317{
faba42eb
JH		 318 struct mgmt_rp_read_index_list *rp;
319 struct list_head *p;
8035ded4 320 struct hci_dev *d;
a38528f1 321 size_t rp_len;
faba42eb 322 u16 count;
a38528f1 323 int i, err;
faba42eb
JH		 324
325 BT_DBG("sock %p", sk);
326
327 read_lock(&hci_dev_list_lock);
328
329 count = 0;
330 list_for_each(p, &hci_dev_list) {
331 count++;
332 }
333
a38528f1
JH		 334 rp_len = sizeof(*rp) + (2 * count);
335 rp = kmalloc(rp_len, GFP_ATOMIC);
336 if (!rp) {
b2c60d42 337 read_unlock(&hci_dev_list_lock);
faba42eb 338 return -ENOMEM;
b2c60d42 339 }
faba42eb 340
faba42eb
JH		 341 put_unaligned_le16(count, &rp->num_controllers);
342
343 i = 0;
8035ded4 344 list_for_each_entry(d, &hci_dev_list, list) {
a8b2d5c2 345 if (test_bit(HCI_SETUP, &d->dev_flags))
ab81cbf9
JH		 346 continue;
347
faba42eb
JH		 348 put_unaligned_le16(d->id, &rp->index[i++]);
349 BT_DBG("Added hci%u", d->id);
350 }
351
352 read_unlock(&hci_dev_list_lock);
353
aee9b218 354 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_INDEX_LIST, 0, rp,
4e51eae9 355 rp_len);
faba42eb 356
a38528f1
JH		 357 kfree(rp);
358
359 return err;
faba42eb
JH		 360}
361
69ab39ea
JH		 362static u32 get_supported_settings(struct hci_dev *hdev)
363{
364 u32 settings = 0;
365
366 settings |= MGMT_SETTING_POWERED;
367 settings |= MGMT_SETTING_CONNECTABLE;
368 settings |= MGMT_SETTING_FAST_CONNECTABLE;
369 settings |= MGMT_SETTING_DISCOVERABLE;
370 settings |= MGMT_SETTING_PAIRABLE;
371
372 if (hdev->features[6] & LMP_SIMPLE_PAIR)
373 settings |= MGMT_SETTING_SSP;
374
375 if (!(hdev->features[4] & LMP_NO_BREDR)) {
376 settings |= MGMT_SETTING_BREDR;
377 settings |= MGMT_SETTING_LINK_SECURITY;
378 }
379
d7b7e796
MH		 380 if (enable_hs)
381 settings |= MGMT_SETTING_HS;
382
383 if (enable_le) {
384 if (hdev->features[4] & LMP_LE)
385 settings |= MGMT_SETTING_LE;
386 }
69ab39ea
JH		 387
388 return settings;
389}
390
391static u32 get_current_settings(struct hci_dev *hdev)
392{
393 u32 settings = 0;
394
f1f0eb02 395 if (hdev_is_powered(hdev))
f0d4b78a
MH		 396 settings |= MGMT_SETTING_POWERED;
397
5e5282bb 398 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
69ab39ea
JH		 399 settings |= MGMT_SETTING_CONNECTABLE;
400
5e5282bb 401 if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
69ab39ea
JH		 402 settings |= MGMT_SETTING_DISCOVERABLE;
403
a8b2d5c2 404 if (test_bit(HCI_PAIRABLE, &hdev->dev_flags))
69ab39ea
JH		 405 settings |= MGMT_SETTING_PAIRABLE;
406
407 if (!(hdev->features[4] & LMP_NO_BREDR))
408 settings |= MGMT_SETTING_BREDR;
409
06199cf8 410 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
69ab39ea
JH		 411 settings |= MGMT_SETTING_LE;
412
47990ea0 413 if (test_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
69ab39ea
JH		 414 settings |= MGMT_SETTING_LINK_SECURITY;
415
84bde9d6 416 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
69ab39ea
JH		 417 settings |= MGMT_SETTING_SSP;
418
6d80dfd0
JH		 419 if (test_bit(HCI_HS_ENABLED, &hdev->dev_flags))
420 settings |= MGMT_SETTING_HS;
421
69ab39ea
JH		 422 return settings;
423}
424
ef580372
JH		 425#define PNP_INFO_SVCLASS_ID 0x1200
426
427static u8 bluetooth_base_uuid[] = {
428 0xFB, 0x34, 0x9B, 0x5F, 0x80, 0x00, 0x00, 0x80,
429 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
430};
431
432static u16 get_uuid16(u8 *uuid128)
433{
434 u32 val;
435 int i;
436
437 for (i = 0; i < 12; i++) {
438 if (bluetooth_base_uuid[i] != uuid128[i])
439 return 0;
440 }
441
442 memcpy(&val, &uuid128[12], 4);
443
444 val = le32_to_cpu(val);
445 if (val > 0xffff)
446 return 0;
447
448 return (u16) val;
449}
450
451static void create_eir(struct hci_dev *hdev, u8 *data)
452{
453 u8 *ptr = data;
454 u16 eir_len = 0;
455 u16 uuid16_list[HCI_MAX_EIR_LENGTH / sizeof(u16)];
456 int i, truncated = 0;
457 struct bt_uuid *uuid;
458 size_t name_len;
459
460 name_len = strlen(hdev->dev_name);
461
462 if (name_len > 0) {
463 /* EIR Data type */
464 if (name_len > 48) {
465 name_len = 48;
466 ptr[1] = EIR_NAME_SHORT;
467 } else
468 ptr[1] = EIR_NAME_COMPLETE;
469
470 /* EIR Data length */
471 ptr[0] = name_len + 1;
472
473 memcpy(ptr + 2, hdev->dev_name, name_len);
474
475 eir_len += (name_len + 2);
476 ptr += (name_len + 2);
477 }
478
479 memset(uuid16_list, 0, sizeof(uuid16_list));
480
481 /* Group all UUID16 types */
482 list_for_each_entry(uuid, &hdev->uuids, list) {
483 u16 uuid16;
484
485 uuid16 = get_uuid16(uuid->uuid);
486 if (uuid16 == 0)
487 return;
488
489 if (uuid16 < 0x1100)
490 continue;
491
492 if (uuid16 == PNP_INFO_SVCLASS_ID)
493 continue;
494
495 /* Stop if not enough space to put next UUID */
496 if (eir_len + 2 + sizeof(u16) > HCI_MAX_EIR_LENGTH) {
497 truncated = 1;
498 break;
499 }
500
501 /* Check for duplicates */
502 for (i = 0; uuid16_list[i] != 0; i++)
503 if (uuid16_list[i] == uuid16)
504 break;
505
506 if (uuid16_list[i] == 0) {
507 uuid16_list[i] = uuid16;
508 eir_len += sizeof(u16);
509 }
510 }
511
512 if (uuid16_list[0] != 0) {
513 u8 *length = ptr;
514
515 /* EIR Data type */
516 ptr[1] = truncated ? EIR_UUID16_SOME : EIR_UUID16_ALL;
517
518 ptr += 2;
519 eir_len += 2;
520
521 for (i = 0; uuid16_list[i] != 0; i++) {
522 *ptr++ = (uuid16_list[i] & 0x00ff);
523 *ptr++ = (uuid16_list[i] & 0xff00) >> 8;
524 }
525
526 /* EIR Data length */
527 *length = (i * sizeof(u16)) + 1;
528 }
529}
530
531static int update_eir(struct hci_dev *hdev)
532{
533 struct hci_cp_write_eir cp;
534
504c8dcd 535 if (!hdev_is_powered(hdev))
7770c4aa
JH		 536 return 0;
537
ef580372
JH		 538 if (!(hdev->features[6] & LMP_EXT_INQ))
539 return 0;
540
84bde9d6 541 if (!test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
ef580372
JH		 542 return 0;
543
a8b2d5c2 544 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
ef580372
JH		 545 return 0;
546
547 memset(&cp, 0, sizeof(cp));
548
549 create_eir(hdev, cp.data);
550
551 if (memcmp(cp.data, hdev->eir, sizeof(cp.data)) == 0)
552 return 0;
553
554 memcpy(hdev->eir, cp.data, sizeof(cp.data));
555
556 return hci_send_cmd(hdev, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
557}
558
559static u8 get_service_classes(struct hci_dev *hdev)
560{
561 struct bt_uuid *uuid;
562 u8 val = 0;
563
564 list_for_each_entry(uuid, &hdev->uuids, list)
565 val |= uuid->svc_hint;
566
567 return val;
568}
569
570static int update_class(struct hci_dev *hdev)
571{
572 u8 cod[3];
c95f0ba7 573 int err;
ef580372
JH		 574
575 BT_DBG("%s", hdev->name);
576
504c8dcd 577 if (!hdev_is_powered(hdev))
7770c4aa
JH		 578 return 0;
579
a8b2d5c2 580 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
ef580372
JH		 581 return 0;
582
583 cod[0] = hdev->minor_class;
584 cod[1] = hdev->major_class;
585 cod[2] = get_service_classes(hdev);
586
587 if (memcmp(cod, hdev->dev_class, 3) == 0)
588 return 0;
589
c95f0ba7
JH		 590 err = hci_send_cmd(hdev, HCI_OP_WRITE_CLASS_OF_DEV, sizeof(cod), cod);
591 if (err == 0)
592 set_bit(HCI_PENDING_CLASS, &hdev->dev_flags);
593
594 return err;
ef580372
JH		 595}
596
7d78525d
JH		 597static void service_cache_off(struct work_struct *work)
598{
599 struct hci_dev *hdev = container_of(work, struct hci_dev,
600 service_cache.work);
601
a8b2d5c2 602 if (!test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
7d78525d
JH		 603 return;
604
605 hci_dev_lock(hdev);
606
607 update_eir(hdev);
608 update_class(hdev);
609
610 hci_dev_unlock(hdev);
611}
612
613static void mgmt_init_hdev(struct hci_dev *hdev)
614{
0cbf4ed6 615 if (!test_and_set_bit(HCI_MGMT, &hdev->dev_flags)) {
7d78525d
JH		 616 INIT_DELAYED_WORK(&hdev->service_cache, service_cache_off);
617
0cbf4ed6
JH		 618 /* Non-mgmt controlled devices get this bit set
619 * implicitly so that pairing works for them, however
620 * for mgmt we require user-space to explicitly enable
621 * it
622 */
623 clear_bit(HCI_PAIRABLE, &hdev->dev_flags);
624 }
7d78525d
JH		 625}
626
4e51eae9 627static int read_controller_info(struct sock *sk, u16 index)
0381101f 628{
a38528f1 629 struct mgmt_rp_read_info rp;
f7b64e69 630 struct hci_dev *hdev;
0381101f 631
4e51eae9 632 BT_DBG("sock %p hci%u", sk, index);
f7b64e69 633
4e51eae9 634 hdev = hci_dev_get(index);
a38528f1 635 if (!hdev)
ca69b795
JH		 636 return cmd_status(sk, index, MGMT_OP_READ_INFO,
637 MGMT_STATUS_INVALID_PARAMS);
f7b64e69 638
09fd0de5 639 hci_dev_lock(hdev);
f7b64e69 640
7d78525d
JH		 641 if (test_and_clear_bit(HCI_PI_MGMT_INIT, &hci_pi(sk)->flags))
642 mgmt_init_hdev(hdev);
ebc99feb 643
dc4fe30b
JH		 644 memset(&rp, 0, sizeof(rp));
645
69ab39ea 646 bacpy(&rp.bdaddr, &hdev->bdaddr);
f7b64e69 647
69ab39ea 648 rp.version = hdev->hci_ver;
f7b64e69 649
69ab39ea
JH		 650 put_unaligned_le16(hdev->manufacturer, &rp.manufacturer);
651
652 rp.supported_settings = cpu_to_le32(get_supported_settings(hdev));
653 rp.current_settings = cpu_to_le32(get_current_settings(hdev));
f7b64e69 654
a38528f1 655 memcpy(rp.dev_class, hdev->dev_class, 3);
f7b64e69 656
dc4fe30b 657 memcpy(rp.name, hdev->dev_name, sizeof(hdev->dev_name));
27fcc362 658 memcpy(rp.short_name, hdev->short_name, sizeof(hdev->short_name));
dc4fe30b 659
09fd0de5 660 hci_dev_unlock(hdev);
f7b64e69 661 hci_dev_put(hdev);
0381101f 662
aee9b218 663 return cmd_complete(sk, index, MGMT_OP_READ_INFO, 0, &rp, sizeof(rp));
0381101f
JH		 664}
665
eec8d2bc
JH		 666static void mgmt_pending_free(struct pending_cmd *cmd)
667{
668 sock_put(cmd->sk);
c68fb7ff 669 kfree(cmd->param);
eec8d2bc
JH		 670 kfree(cmd);
671}
672
366a0336 673static struct pending_cmd *mgmt_pending_add(struct sock *sk, u16 opcode,
2e58ef3e
JH		 674 struct hci_dev *hdev,
675 void *data, u16 len)
eec8d2bc
JH		 676{
677 struct pending_cmd *cmd;
678
679 cmd = kmalloc(sizeof(*cmd), GFP_ATOMIC);
680 if (!cmd)
366a0336 681 return NULL;
eec8d2bc
JH		 682
683 cmd->opcode = opcode;
2e58ef3e 684 cmd->index = hdev->id;
eec8d2bc 685
c68fb7ff
SJ		 686 cmd->param = kmalloc(len, GFP_ATOMIC);
687 if (!cmd->param) {
eec8d2bc 688 kfree(cmd);
366a0336 689 return NULL;
eec8d2bc
JH		 690 }
691
8fce6357
SJ		 692 if (data)
693 memcpy(cmd->param, data, len);
eec8d2bc
JH		 694
695 cmd->sk = sk;
696 sock_hold(sk);
697
2e58ef3e 698 list_add(&cmd->list, &hdev->mgmt_pending);
eec8d2bc 699
366a0336 700 return cmd;
eec8d2bc
JH		 701}
702
744cf19e 703static void mgmt_pending_foreach(u16 opcode, struct hci_dev *hdev,
eec8d2bc
JH		 704 void (*cb)(struct pending_cmd *cmd, void *data),
705 void *data)
706{
707 struct list_head *p, *n;
708
2e58ef3e 709 list_for_each_safe(p, n, &hdev->mgmt_pending) {
eec8d2bc
JH		 710 struct pending_cmd *cmd;
711
712 cmd = list_entry(p, struct pending_cmd, list);
713
b24752fe 714 if (opcode > 0 && cmd->opcode != opcode)
eec8d2bc
JH		 715 continue;
716
eec8d2bc
JH		 717 cb(cmd, data);
718 }
719}
720
2e58ef3e 721static struct pending_cmd *mgmt_pending_find(u16 opcode, struct hci_dev *hdev)
eec8d2bc 722{
8035ded4 723 struct pending_cmd *cmd;
eec8d2bc 724
2e58ef3e 725 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
2aeabcbe
JH		 726 if (cmd->opcode == opcode)
727 return cmd;
eec8d2bc
JH		 728 }
729
730 return NULL;
731}
732
a664b5bc 733static void mgmt_pending_remove(struct pending_cmd *cmd)
73f22f62 734{
73f22f62
JH		 735 list_del(&cmd->list);
736 mgmt_pending_free(cmd);
737}
738
69ab39ea 739static int send_settings_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
8680570b 740{
69ab39ea 741 __le32 settings = cpu_to_le32(get_current_settings(hdev));
8680570b 742
aee9b218
JH		 743 return cmd_complete(sk, hdev->id, opcode, 0, &settings,
744 sizeof(settings));
8680570b
JH		 745}
746
650f726d 747static int set_powered(struct sock *sk, u16 index, void *data, u16 len)
eec8d2bc 748{
650f726d 749 struct mgmt_mode *cp = data;
eec8d2bc 750 struct hci_dev *hdev;
366a0336 751 struct pending_cmd *cmd;
4b34ee78 752 int err;
eec8d2bc 753
4e51eae9 754 BT_DBG("request for hci%u", index);
eec8d2bc 755
bdce7baf 756 if (len != sizeof(*cp))
ca69b795
JH		 757 return cmd_status(sk, index, MGMT_OP_SET_POWERED,
758 MGMT_STATUS_INVALID_PARAMS);
bdce7baf 759
4e51eae9 760 hdev = hci_dev_get(index);
eec8d2bc 761 if (!hdev)
ca69b795
JH		 762 return cmd_status(sk, index, MGMT_OP_SET_POWERED,
763 MGMT_STATUS_INVALID_PARAMS);
eec8d2bc 764
09fd0de5 765 hci_dev_lock(hdev);
eec8d2bc 766
f0d4b78a
MH		 767 if (test_and_clear_bit(HCI_AUTO_OFF, &hdev->dev_flags)) {
768 cancel_delayed_work(&hdev->power_off);
769
770 if (cp->val) {
771 err = send_settings_rsp(sk, MGMT_OP_SET_POWERED, hdev);
772 mgmt_powered(hdev, 1);
773 goto failed;
774 }
775 }
776
4b34ee78 777 if (!!cp->val == hdev_is_powered(hdev)) {
69ab39ea 778 err = send_settings_rsp(sk, MGMT_OP_SET_POWERED, hdev);
eec8d2bc
JH		 779 goto failed;
780 }
781
2e58ef3e 782 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev)) {
ca69b795
JH		 783 err = cmd_status(sk, index, MGMT_OP_SET_POWERED,
784 MGMT_STATUS_BUSY);
eec8d2bc
JH		 785 goto failed;
786 }
787
2e58ef3e 788 cmd = mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev, data, len);
366a0336
JH		 789 if (!cmd) {
790 err = -ENOMEM;
eec8d2bc 791 goto failed;
366a0336 792 }
eec8d2bc 793
72a734ec 794 if (cp->val)
7f971041 795 schedule_work(&hdev->power_on);
eec8d2bc 796 else
80b7ab33 797 schedule_work(&hdev->power_off.work);
eec8d2bc 798
366a0336 799 err = 0;
eec8d2bc
JH		 800
801failed:
09fd0de5 802 hci_dev_unlock(hdev);
eec8d2bc 803 hci_dev_put(hdev);
366a0336 804 return err;
eec8d2bc
JH		 805}
806
beadb2bd
JH		 807static int mgmt_event(u16 event, struct hci_dev *hdev, void *data,
808 u16 data_len, struct sock *skip_sk)
809{
810 struct sk_buff *skb;
811 struct mgmt_hdr *hdr;
812
813 skb = alloc_skb(sizeof(*hdr) + data_len, GFP_ATOMIC);
814 if (!skb)
815 return -ENOMEM;
816
817 hdr = (void *) skb_put(skb, sizeof(*hdr));
818 hdr->opcode = cpu_to_le16(event);
819 if (hdev)
820 hdr->index = cpu_to_le16(hdev->id);
821 else
822 hdr->index = cpu_to_le16(MGMT_INDEX_NONE);
823 hdr->len = cpu_to_le16(data_len);
824
825 if (data)
826 memcpy(skb_put(skb, data_len), data, data_len);
827
97e0bdeb
MH		 828 /* Time stamp */
829 __net_timestamp(skb);
830
beadb2bd
JH		 831 hci_send_to_control(skb, skip_sk);
832 kfree_skb(skb);
833
834 return 0;
835}
836
837static int new_settings(struct hci_dev *hdev, struct sock *skip)
838{
839 __le32 ev;
840
841 ev = cpu_to_le32(get_current_settings(hdev));
842
843 return mgmt_event(MGMT_EV_NEW_SETTINGS, hdev, &ev, sizeof(ev), skip);
844}
845
650f726d 846static int set_discoverable(struct sock *sk, u16 index, void *data, u16 len)
73f22f62 847{
650f726d 848 struct mgmt_cp_set_discoverable *cp = data;
73f22f62 849 struct hci_dev *hdev;
366a0336 850 struct pending_cmd *cmd;
5e5282bb 851 u16 timeout;
73f22f62
JH		 852 u8 scan;
853 int err;
854
4e51eae9 855 BT_DBG("request for hci%u", index);
73f22f62 856
bdce7baf 857 if (len != sizeof(*cp))
ca69b795
JH		 858 return cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE,
859 MGMT_STATUS_INVALID_PARAMS);
bdce7baf 860
24c54a90
MH		 861 timeout = get_unaligned_le16(&cp->timeout);
862 if (!cp->val && timeout > 0)
863 return cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE,
864 MGMT_STATUS_INVALID_PARAMS);
865
4e51eae9 866 hdev = hci_dev_get(index);
73f22f62 867 if (!hdev)
ca69b795
JH		 868 return cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE,
869 MGMT_STATUS_INVALID_PARAMS);
73f22f62 870
09fd0de5 871 hci_dev_lock(hdev);
73f22f62 872
5e5282bb 873 if (!hdev_is_powered(hdev) && timeout > 0) {
ca69b795
JH		 874 err = cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE,
875 MGMT_STATUS_NOT_POWERED);
73f22f62
JH		 876 goto failed;
877 }
878
2e58ef3e
JH		 879 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
880 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
ca69b795
JH		 881 err = cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE,
882 MGMT_STATUS_BUSY);
73f22f62
JH		 883 goto failed;
884 }
885
5e5282bb
JH		 886 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags)) {
887 err = cmd_status(sk, index, MGMT_OP_SET_DISCOVERABLE,
888 MGMT_STATUS_REJECTED);
889 goto failed;
890 }
891
892 if (!hdev_is_powered(hdev)) {
0224d2fa
JH		 893 bool changed = false;
894
895 if (!!cp->val != test_bit(HCI_DISCOVERABLE, &hdev->dev_flags)) {
896 change_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
897 changed = true;
898 }
899
5e5282bb 900 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
0224d2fa
JH		 901 if (err < 0)
902 goto failed;
903
904 if (changed)
905 err = new_settings(hdev, sk);
906
5e5282bb
JH		 907 goto failed;
908 }
909
910 if (!!cp->val == test_bit(HCI_DISCOVERABLE, &hdev->dev_flags)) {
955638ec
MH		 911 if (hdev->discov_timeout > 0) {
912 cancel_delayed_work(&hdev->discov_off);
913 hdev->discov_timeout = 0;
914 }
915
916 if (cp->val && timeout > 0) {
917 hdev->discov_timeout = timeout;
918 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
919 msecs_to_jiffies(hdev->discov_timeout * 1000));
920 }
921
69ab39ea 922 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
73f22f62
JH		 923 goto failed;
924 }
925
2e58ef3e 926 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DISCOVERABLE, hdev, data, len);
366a0336
JH		 927 if (!cmd) {
928 err = -ENOMEM;
73f22f62 929 goto failed;
366a0336 930 }
73f22f62
JH		 931
932 scan = SCAN_PAGE;
933
72a734ec 934 if (cp->val)
73f22f62 935 scan |= SCAN_INQUIRY;
16ab91ab 936 else
e0f9309f 937 cancel_delayed_work(&hdev->discov_off);
73f22f62
JH		 938
939 err = hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
940 if (err < 0)
a664b5bc 941 mgmt_pending_remove(cmd);
73f22f62 942
16ab91ab 943 if (cp->val)
5e5282bb 944 hdev->discov_timeout = timeout;
16ab91ab 945
73f22f62 946failed:
09fd0de5 947 hci_dev_unlock(hdev);
73f22f62
JH		 948 hci_dev_put(hdev);
949
950 return err;
951}
952
650f726d 953static int set_connectable(struct sock *sk, u16 index, void *data, u16 len)
9fbcbb45 954{
650f726d 955 struct mgmt_mode *cp = data;
9fbcbb45 956 struct hci_dev *hdev;
366a0336 957 struct pending_cmd *cmd;
9fbcbb45
JH		 958 u8 scan;
959 int err;
960
4e51eae9 961 BT_DBG("request for hci%u", index);
9fbcbb45 962
bdce7baf 963 if (len != sizeof(*cp))
ca69b795
JH		 964 return cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE,
965 MGMT_STATUS_INVALID_PARAMS);
bdce7baf 966
4e51eae9 967 hdev = hci_dev_get(index);
9fbcbb45 968 if (!hdev)
ca69b795
JH		 969 return cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE,
970 MGMT_STATUS_INVALID_PARAMS);
9fbcbb45 971
09fd0de5 972 hci_dev_lock(hdev);
9fbcbb45 973
4b34ee78 974 if (!hdev_is_powered(hdev)) {
0224d2fa
JH		 975 bool changed = false;
976
977 if (!!cp->val != test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
978 changed = true;
979
6bf0e469 980 if (cp->val) {
5e5282bb 981 set_bit(HCI_CONNECTABLE, &hdev->dev_flags);
6bf0e469 982 } else {
5e5282bb
JH		 983 clear_bit(HCI_CONNECTABLE, &hdev->dev_flags);
984 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
985 }
0224d2fa 986
5e5282bb 987 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
0224d2fa
JH		 988 if (err < 0)
989 goto failed;
990
991 if (changed)
992 err = new_settings(hdev, sk);
993
9fbcbb45
JH		 994 goto failed;
995 }
996
2e58ef3e
JH		 997 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
998 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
ca69b795
JH		 999 err = cmd_status(sk, index, MGMT_OP_SET_CONNECTABLE,
1000 MGMT_STATUS_BUSY);
9fbcbb45
JH		 1001 goto failed;
1002 }
1003
5e5282bb 1004 if (!!cp->val == test_bit(HCI_PSCAN, &hdev->flags)) {
69ab39ea 1005 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
9fbcbb45
JH		 1006 goto failed;
1007 }
1008
2e58ef3e 1009 cmd = mgmt_pending_add(sk, MGMT_OP_SET_CONNECTABLE, hdev, data, len);
366a0336
JH		 1010 if (!cmd) {
1011 err = -ENOMEM;
9fbcbb45 1012 goto failed;
366a0336 1013 }
9fbcbb45 1014
6bf0e469 1015 if (cp->val) {
9fbcbb45 1016 scan = SCAN_PAGE;
6bf0e469 1017 } else {
9fbcbb45
JH		 1018 scan = 0;
1019
df2c6c5e
JH		 1020 if (test_bit(HCI_ISCAN, &hdev->flags) &&
1021 hdev->discov_timeout > 0)
1022 cancel_delayed_work(&hdev->discov_off);
1023 }
1024
9fbcbb45
JH		 1025 err = hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1026 if (err < 0)
a664b5bc 1027 mgmt_pending_remove(cmd);
9fbcbb45
JH		 1028
1029failed:
09fd0de5 1030 hci_dev_unlock(hdev);
9fbcbb45
JH		 1031 hci_dev_put(hdev);
1032
1033 return err;
1034}
1035
650f726d 1036static int set_pairable(struct sock *sk, u16 index, void *data, u16 len)
c542a06c 1037{
650f726d 1038 struct mgmt_mode *cp = data;
c542a06c 1039 struct hci_dev *hdev;
c542a06c
JH		 1040 int err;
1041
4e51eae9 1042 BT_DBG("request for hci%u", index);
c542a06c 1043
bdce7baf 1044 if (len != sizeof(*cp))
ca69b795
JH		 1045 return cmd_status(sk, index, MGMT_OP_SET_PAIRABLE,
1046 MGMT_STATUS_INVALID_PARAMS);
bdce7baf 1047
4e51eae9 1048 hdev = hci_dev_get(index);
c542a06c 1049 if (!hdev)
ca69b795
JH		 1050 return cmd_status(sk, index, MGMT_OP_SET_PAIRABLE,
1051 MGMT_STATUS_INVALID_PARAMS);
c542a06c 1052
09fd0de5 1053 hci_dev_lock(hdev);
c542a06c
JH		 1054
1055 if (cp->val)
a8b2d5c2 1056 set_bit(HCI_PAIRABLE, &hdev->dev_flags);
c542a06c 1057 else
a8b2d5c2 1058 clear_bit(HCI_PAIRABLE, &hdev->dev_flags);
c542a06c 1059
69ab39ea 1060 err = send_settings_rsp(sk, MGMT_OP_SET_PAIRABLE, hdev);
c542a06c
JH		 1061 if (err < 0)
1062 goto failed;
1063
beadb2bd 1064 err = new_settings(hdev, sk);
c542a06c
JH		 1065
1066failed:
09fd0de5 1067 hci_dev_unlock(hdev);
c542a06c
JH		 1068 hci_dev_put(hdev);
1069
1070 return err;
1071}
1072
33ef95ed
JH		 1073static int set_link_security(struct sock *sk, u16 index, void *data, u16 len)
1074{
1075 struct mgmt_mode *cp = data;
1076 struct pending_cmd *cmd;
1077 struct hci_dev *hdev;
816a11d5 1078 u8 val;
33ef95ed
JH		 1079 int err;
1080
1081 BT_DBG("request for hci%u", index);
1082
1083 if (len != sizeof(*cp))
1084 return cmd_status(sk, index, MGMT_OP_SET_LINK_SECURITY,
1085 MGMT_STATUS_INVALID_PARAMS);
1086
1087 hdev = hci_dev_get(index);
1088 if (!hdev)
1089 return cmd_status(sk, index, MGMT_OP_SET_LINK_SECURITY,
1090 MGMT_STATUS_INVALID_PARAMS);
1091
1092 hci_dev_lock(hdev);
1093
4b34ee78 1094 if (!hdev_is_powered(hdev)) {
47990ea0
JH		 1095 bool changed = false;
1096
1097 if (!!cp->val != test_bit(HCI_LINK_SECURITY,
1098 &hdev->dev_flags)) {
1099 change_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
1100 changed = true;
1101 }
1102
1103 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1104 if (err < 0)
1105 goto failed;
1106
1107 if (changed)
1108 err = new_settings(hdev, sk);
1109
33ef95ed
JH		 1110 goto failed;
1111 }
1112
1113 if (mgmt_pending_find(MGMT_OP_SET_LINK_SECURITY, hdev)) {
1114 err = cmd_status(sk, index, MGMT_OP_SET_LINK_SECURITY,
1115 MGMT_STATUS_BUSY);
1116 goto failed;
1117 }
1118
1119 val = !!cp->val;
1120
1121 if (test_bit(HCI_AUTH, &hdev->flags) == val) {
1122 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1123 goto failed;
1124 }
1125
1126 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LINK_SECURITY, hdev, data, len);
1127 if (!cmd) {
1128 err = -ENOMEM;
1129 goto failed;
1130 }
1131
1132 err = hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE, sizeof(val), &val);
1133 if (err < 0) {
1134 mgmt_pending_remove(cmd);
1135 goto failed;
1136 }
1137
1138failed:
1139 hci_dev_unlock(hdev);
1140 hci_dev_put(hdev);
1141
1142 return err;
1143}
1144
ed2c4ee3
JH		 1145static int set_ssp(struct sock *sk, u16 index, void *data, u16 len)
1146{
1147 struct mgmt_mode *cp = data;
1148 struct pending_cmd *cmd;
1149 struct hci_dev *hdev;
816a11d5 1150 u8 val;
ed2c4ee3
JH		 1151 int err;
1152
1153 BT_DBG("request for hci%u", index);
1154
1155 if (len != sizeof(*cp))
1156 return cmd_status(sk, index, MGMT_OP_SET_SSP,
1157 MGMT_STATUS_INVALID_PARAMS);
1158
1159 hdev = hci_dev_get(index);
1160 if (!hdev)
1161 return cmd_status(sk, index, MGMT_OP_SET_SSP,
1162 MGMT_STATUS_INVALID_PARAMS);
1163
1164 hci_dev_lock(hdev);
1165
6c8f12c1
JH		 1166 if (!(hdev->features[6] & LMP_SIMPLE_PAIR)) {
1167 err = cmd_status(sk, index, MGMT_OP_SET_SSP,
1168 MGMT_STATUS_NOT_SUPPORTED);
1169 goto failed;
1170 }
1171
c0ecddc2
JH		 1172 val = !!cp->val;
1173
4b34ee78 1174 if (!hdev_is_powered(hdev)) {
c0ecddc2
JH		 1175 bool changed = false;
1176
1177 if (val != test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) {
1178 change_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
1179 changed = true;
1180 }
1181
1182 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1183 if (err < 0)
1184 goto failed;
1185
1186 if (changed)
1187 err = new_settings(hdev, sk);
1188
ed2c4ee3
JH		 1189 goto failed;
1190 }
1191
1192 if (mgmt_pending_find(MGMT_OP_SET_SSP, hdev)) {
1193 err = cmd_status(sk, index, MGMT_OP_SET_SSP, MGMT_STATUS_BUSY);
1194 goto failed;
1195 }
1196
ed2c4ee3
JH		 1197 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags) == val) {
1198 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1199 goto failed;
1200 }
1201
1202 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SSP, hdev, data, len);
1203 if (!cmd) {
1204 err = -ENOMEM;
1205 goto failed;
1206 }
1207
1208 err = hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, sizeof(val), &val);
1209 if (err < 0) {
1210 mgmt_pending_remove(cmd);
1211 goto failed;
1212 }
1213
1214failed:
1215 hci_dev_unlock(hdev);
1216 hci_dev_put(hdev);
1217
1218 return err;
1219}
1220
6d80dfd0
JH		 1221static int set_hs(struct sock *sk, u16 index, void *data, u16 len)
1222{
1223 struct mgmt_mode *cp = data;
1224 struct hci_dev *hdev;
1225 int err;
1226
1227 BT_DBG("request for hci%u", index);
1228
1229 if (len != sizeof(*cp))
1230 return cmd_status(sk, index, MGMT_OP_SET_HS,
1231 MGMT_STATUS_INVALID_PARAMS);
1232
1233 hdev = hci_dev_get(index);
1234 if (!hdev)
1235 return cmd_status(sk, index, MGMT_OP_SET_HS,
1236 MGMT_STATUS_INVALID_PARAMS);
1237
1238 if (!enable_hs) {
1239 err = cmd_status(sk, index, MGMT_OP_SET_HS,
1240 MGMT_STATUS_NOT_SUPPORTED);
1241 goto failed;
1242 }
1243
1244 if (cp->val)
1245 set_bit(HCI_HS_ENABLED, &hdev->dev_flags);
1246 else
1247 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
1248
1249 err = send_settings_rsp(sk, MGMT_OP_SET_HS, hdev);
1250
1251failed:
1252 hci_dev_put(hdev);
1253 return err;
1254}
1255
06199cf8
JH		 1256static int set_le(struct sock *sk, u16 index, void *data, u16 len)
1257{
1258 struct mgmt_mode *cp = data;
1259 struct hci_cp_write_le_host_supported hci_cp;
1260 struct pending_cmd *cmd;
1261 struct hci_dev *hdev;
1262 int err;
0b60eba1 1263 u8 val, enabled;
06199cf8
JH		 1264
1265 BT_DBG("request for hci%u", index);
1266
1267 if (len != sizeof(*cp))
1268 return cmd_status(sk, index, MGMT_OP_SET_LE,
1269 MGMT_STATUS_INVALID_PARAMS);
1270
1271 hdev = hci_dev_get(index);
1272 if (!hdev)
1273 return cmd_status(sk, index, MGMT_OP_SET_LE,
1274 MGMT_STATUS_INVALID_PARAMS);
1275
1276 if (!enable_le || !(hdev->features[4] & LMP_LE)) {
1277 err = cmd_status(sk, index, MGMT_OP_SET_LE,
1278 MGMT_STATUS_NOT_SUPPORTED);
1279 goto failed;
1280 }
1281
1282 val = !!cp->val;
0b60eba1 1283 enabled = !!(hdev->host_features[0] & LMP_HOST_LE);
06199cf8 1284
0b60eba1 1285 if (!hdev_is_powered(hdev) || val == enabled) {
06199cf8
JH		 1286 bool changed = false;
1287
1288 if (val != test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
1289 change_bit(HCI_LE_ENABLED, &hdev->dev_flags);
1290 changed = true;
1291 }
1292
1293 err = send_settings_rsp(sk, MGMT_OP_SET_LE, hdev);
1294 if (err < 0)
1295 goto failed;
1296
1297 if (changed)
1298 err = new_settings(hdev, sk);
1299
1300 goto failed;
1301 }
1302
1303 if (mgmt_pending_find(MGMT_OP_SET_LE, hdev)) {
1304 err = cmd_status(sk, index, MGMT_OP_SET_LE, MGMT_STATUS_BUSY);
1305 goto failed;
1306 }
1307
1308 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LE, hdev, data, len);
1309 if (!cmd) {
1310 err = -ENOMEM;
1311 goto failed;
1312 }
1313
1314 memset(&hci_cp, 0, sizeof(hci_cp));
1315
1316 if (val) {
1317 hci_cp.le = val;
1318 hci_cp.simul = !!(hdev->features[6] & LMP_SIMUL_LE_BR);
1319 }
1320
1321 err = hci_send_cmd(hdev, HCI_OP_WRITE_LE_HOST_SUPPORTED,
1322 sizeof(hci_cp), &hci_cp);
1323 if (err < 0) {
1324 mgmt_pending_remove(cmd);
1325 goto failed;
1326 }
1327
1328failed:
1329 hci_dev_put(hdev);
1330 return err;
1331}
1332
650f726d 1333static int add_uuid(struct sock *sk, u16 index, void *data, u16 len)
2aeb9a1a 1334{
650f726d 1335 struct mgmt_cp_add_uuid *cp = data;
90e70454 1336 struct pending_cmd *cmd;
2aeb9a1a
JH		 1337 struct hci_dev *hdev;
1338 struct bt_uuid *uuid;
2aeb9a1a
JH		 1339 int err;
1340
4e51eae9 1341 BT_DBG("request for hci%u", index);
2aeb9a1a 1342
bdce7baf 1343 if (len != sizeof(*cp))
ca69b795
JH		 1344 return cmd_status(sk, index, MGMT_OP_ADD_UUID,
1345 MGMT_STATUS_INVALID_PARAMS);
bdce7baf 1346
4e51eae9 1347 hdev = hci_dev_get(index);
2aeb9a1a 1348 if (!hdev)
ca69b795
JH		 1349 return cmd_status(sk, index, MGMT_OP_ADD_UUID,
1350 MGMT_STATUS_INVALID_PARAMS);
2aeb9a1a 1351
09fd0de5 1352 hci_dev_lock(hdev);
2aeb9a1a 1353
c95f0ba7
JH		 1354 if (test_bit(HCI_PENDING_CLASS, &hdev->dev_flags)) {
1355 err = cmd_status(sk, index, MGMT_OP_ADD_UUID,
1356 MGMT_STATUS_BUSY);
1357 goto failed;
1358 }
1359
2aeb9a1a
JH		 1360 uuid = kmalloc(sizeof(*uuid), GFP_ATOMIC);
1361 if (!uuid) {
1362 err = -ENOMEM;
1363 goto failed;
1364 }
1365
1366 memcpy(uuid->uuid, cp->uuid, 16);
1aff6f09 1367 uuid->svc_hint = cp->svc_hint;
2aeb9a1a
JH		 1368
1369 list_add(&uuid->list, &hdev->uuids);
1370
1aff6f09
JH		 1371 err = update_class(hdev);
1372 if (err < 0)
1373 goto failed;
1374
80a1e1db
JH		 1375 err = update_eir(hdev);
1376 if (err < 0)
1377 goto failed;
1378
90e70454
JH		 1379 if (!test_bit(HCI_PENDING_CLASS, &hdev->dev_flags)) {
1380 err = cmd_complete(sk, index, MGMT_OP_ADD_UUID, 0,
1381 hdev->dev_class, 3);
1382 goto failed;
1383 }
1384
1385 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_UUID, hdev, data, len);
1386 if (!cmd) {
1387 err = -ENOMEM;
1388 goto failed;
1389 }
2aeb9a1a
JH		 1390
1391failed:
09fd0de5 1392 hci_dev_unlock(hdev);
2aeb9a1a
JH		 1393 hci_dev_put(hdev);
1394
1395 return err;
1396}
1397
24b78d0f
JH		 1398static bool enable_service_cache(struct hci_dev *hdev)
1399{
1400 if (!hdev_is_powered(hdev))
1401 return false;
1402
1403 if (!test_and_set_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
1404 schedule_delayed_work(&hdev->service_cache,
1405 msecs_to_jiffies(SERVICE_CACHE_TIMEOUT));
1406 return true;
1407 }
1408
1409 return false;
1410}
1411
650f726d 1412static int remove_uuid(struct sock *sk, u16 index, void *data, u16 len)
2aeb9a1a 1413{
650f726d 1414 struct mgmt_cp_remove_uuid *cp = data;
90e70454 1415 struct pending_cmd *cmd;
2aeb9a1a 1416 struct list_head *p, *n;
2aeb9a1a
JH		 1417 struct hci_dev *hdev;
1418 u8 bt_uuid_any[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
2aeb9a1a
JH		 1419 int err, found;
1420
4e51eae9 1421 BT_DBG("request for hci%u", index);
2aeb9a1a 1422
bdce7baf 1423 if (len != sizeof(*cp))
ca69b795
JH		 1424 return cmd_status(sk, index, MGMT_OP_REMOVE_UUID,
1425 MGMT_STATUS_INVALID_PARAMS);
bdce7baf 1426
4e51eae9 1427 hdev = hci_dev_get(index);
2aeb9a1a 1428 if (!hdev)
ca69b795
JH		 1429 return cmd_status(sk, index, MGMT_OP_REMOVE_UUID,
1430 MGMT_STATUS_INVALID_PARAMS);
2aeb9a1a 1431
09fd0de5 1432 hci_dev_lock(hdev);
2aeb9a1a 1433
c95f0ba7
JH		 1434 if (test_bit(HCI_PENDING_CLASS, &hdev->dev_flags)) {
1435 err = cmd_status(sk, index, MGMT_OP_REMOVE_UUID,
1436 MGMT_STATUS_BUSY);
1437 goto unlock;
1438 }
1439
2aeb9a1a
JH		 1440 if (memcmp(cp->uuid, bt_uuid_any, 16) == 0) {
1441 err = hci_uuids_clear(hdev);
4004b6d9 1442
24b78d0f
JH		 1443 if (enable_service_cache(hdev)) {
1444 err = cmd_complete(sk, index, MGMT_OP_REMOVE_UUID, 0,
1445 hdev->dev_class, 3);
1446 goto unlock;
1447 }
4004b6d9 1448
9246a869 1449 goto update_class;
2aeb9a1a
JH		 1450 }
1451
1452 found = 0;
1453
1454 list_for_each_safe(p, n, &hdev->uuids) {
1455 struct bt_uuid *match = list_entry(p, struct bt_uuid, list);
1456
1457 if (memcmp(match->uuid, cp->uuid, 16) != 0)
1458 continue;
1459
1460 list_del(&match->list);
1461 found++;
1462 }
1463
1464 if (found == 0) {
ca69b795
JH		 1465 err = cmd_status(sk, index, MGMT_OP_REMOVE_UUID,
1466 MGMT_STATUS_INVALID_PARAMS);
2aeb9a1a
JH		 1467 goto unlock;
1468 }
1469
9246a869 1470update_class:
1aff6f09
JH		 1471 err = update_class(hdev);
1472 if (err < 0)
1473 goto unlock;
1474
80a1e1db
JH		 1475 err = update_eir(hdev);
1476 if (err < 0)
1477 goto unlock;
1478
90e70454
JH		 1479 if (!test_bit(HCI_PENDING_CLASS, &hdev->dev_flags)) {
1480 err = cmd_complete(sk, index, MGMT_OP_REMOVE_UUID, 0,
9997a533 1481 hdev->dev_class, 3);
90e70454
JH		 1482 goto unlock;
1483 }
1484
1485 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_UUID, hdev, data, len);
1486 if (!cmd) {
1487 err = -ENOMEM;
1488 goto unlock;
1489 }
2aeb9a1a
JH		 1490
1491unlock:
09fd0de5 1492 hci_dev_unlock(hdev);
2aeb9a1a
JH		 1493 hci_dev_put(hdev);
1494
1495 return err;
1496}
1497
650f726d 1498static int set_dev_class(struct sock *sk, u16 index, void *data, u16 len)
1aff6f09
JH		 1499{
1500 struct hci_dev *hdev;
650f726d 1501 struct mgmt_cp_set_dev_class *cp = data;
90e70454 1502 struct pending_cmd *cmd;
1aff6f09
JH		 1503 int err;
1504
4e51eae9 1505 BT_DBG("request for hci%u", index);
1aff6f09 1506
bdce7baf 1507 if (len != sizeof(*cp))
ca69b795
JH		 1508 return cmd_status(sk, index, MGMT_OP_SET_DEV_CLASS,
1509 MGMT_STATUS_INVALID_PARAMS);
bdce7baf 1510
4e51eae9 1511 hdev = hci_dev_get(index);
1aff6f09 1512 if (!hdev)
ca69b795
JH		 1513 return cmd_status(sk, index, MGMT_OP_SET_DEV_CLASS,
1514 MGMT_STATUS_INVALID_PARAMS);
1aff6f09 1515
09fd0de5 1516 hci_dev_lock(hdev);
1aff6f09 1517
c95f0ba7
JH		 1518 if (test_bit(HCI_PENDING_CLASS, &hdev->dev_flags)) {
1519 err = cmd_status(sk, index, MGMT_OP_SET_DEV_CLASS,
1520 MGMT_STATUS_BUSY);
1521 goto unlock;
1522 }
1523
932f5ff5
JH		 1524 hdev->major_class = cp->major;
1525 hdev->minor_class = cp->minor;
1526
b5235a65 1527 if (!hdev_is_powered(hdev)) {
932f5ff5
JH		 1528 err = cmd_complete(sk, index, MGMT_OP_SET_DEV_CLASS, 0,
1529 hdev->dev_class, 3);
b5235a65
JH		 1530 goto unlock;
1531 }
1532
a8b2d5c2 1533 if (test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
7d78525d
JH		 1534 hci_dev_unlock(hdev);
1535 cancel_delayed_work_sync(&hdev->service_cache);
1536 hci_dev_lock(hdev);
14c0b608 1537 update_eir(hdev);
7d78525d 1538 }
14c0b608 1539
1aff6f09 1540 err = update_class(hdev);
90e70454
JH		 1541 if (err < 0)
1542 goto unlock;
1aff6f09 1543
90e70454 1544 if (!test_bit(HCI_PENDING_CLASS, &hdev->dev_flags)) {
aee9b218 1545 err = cmd_complete(sk, index, MGMT_OP_SET_DEV_CLASS, 0,
8ec37034 1546 hdev->dev_class, 3);
90e70454
JH		 1547 goto unlock;
1548 }
1549
1550 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DEV_CLASS, hdev, data, len);
1551 if (!cmd) {
1552 err = -ENOMEM;
1553 goto unlock;
1554 }
1aff6f09 1555
b5235a65 1556unlock:
09fd0de5 1557 hci_dev_unlock(hdev);
1aff6f09
JH		 1558 hci_dev_put(hdev);
1559
1560 return err;
1561}
1562
650f726d 1563static int load_link_keys(struct sock *sk, u16 index, void *data, u16 len)
55ed8ca1
JH		 1564{
1565 struct hci_dev *hdev;
650f726d 1566 struct mgmt_cp_load_link_keys *cp = data;
4e51eae9 1567 u16 key_count, expected_len;
a492cd52 1568 int i;
55ed8ca1 1569
bdce7baf 1570 if (len < sizeof(*cp))
ca69b795
JH		 1571 return cmd_status(sk, index, MGMT_OP_LOAD_LINK_KEYS,
1572 MGMT_STATUS_INVALID_PARAMS);
bdce7baf 1573
55ed8ca1
JH		 1574 key_count = get_unaligned_le16(&cp->key_count);
1575
86742e1e
JH		 1576 expected_len = sizeof(*cp) + key_count *
1577 sizeof(struct mgmt_link_key_info);
a492cd52 1578 if (expected_len != len) {
86742e1e 1579 BT_ERR("load_link_keys: expected %u bytes, got %u bytes",
a492cd52 1580 len, expected_len);
ca69b795
JH		 1581 return cmd_status(sk, index, MGMT_OP_LOAD_LINK_KEYS,
1582 MGMT_STATUS_INVALID_PARAMS);
55ed8ca1
JH		 1583 }
1584
4e51eae9 1585 hdev = hci_dev_get(index);
55ed8ca1 1586 if (!hdev)
ca69b795
JH		 1587 return cmd_status(sk, index, MGMT_OP_LOAD_LINK_KEYS,
1588 MGMT_STATUS_INVALID_PARAMS);
55ed8ca1 1589
4e51eae9 1590 BT_DBG("hci%u debug_keys %u key_count %u", index, cp->debug_keys,
55ed8ca1
JH		 1591 key_count);
1592
09fd0de5 1593 hci_dev_lock(hdev);
55ed8ca1
JH		 1594
1595 hci_link_keys_clear(hdev);
1596
a8b2d5c2 1597 set_bit(HCI_LINK_KEYS, &hdev->dev_flags);
55ed8ca1
JH		 1598
1599 if (cp->debug_keys)
a8b2d5c2 1600 set_bit(HCI_DEBUG_KEYS, &hdev->dev_flags);
55ed8ca1 1601 else
a8b2d5c2 1602 clear_bit(HCI_DEBUG_KEYS, &hdev->dev_flags);
55ed8ca1 1603
a492cd52 1604 for (i = 0; i < key_count; i++) {
86742e1e 1605 struct mgmt_link_key_info *key = &cp->keys[i];
55ed8ca1 1606
d753fdc4
JH		 1607 hci_add_link_key(hdev, NULL, 0, &key->addr.bdaddr, key->val,
1608 key->type, key->pin_len);
55ed8ca1
JH		 1609 }
1610
aee9b218 1611 cmd_complete(sk, index, MGMT_OP_LOAD_LINK_KEYS, 0, NULL, 0);
0e5f875a 1612
09fd0de5 1613 hci_dev_unlock(hdev);
55ed8ca1
JH		 1614 hci_dev_put(hdev);
1615
a492cd52 1616 return 0;
55ed8ca1
JH		 1617}
1618
b1078ad0
JH		 1619static int device_unpaired(struct hci_dev *hdev, bdaddr_t *bdaddr,
1620 u8 addr_type, struct sock *skip_sk)
1621{
1622 struct mgmt_ev_device_unpaired ev;
1623
1624 bacpy(&ev.addr.bdaddr, bdaddr);
1625 ev.addr.type = addr_type;
1626
1627 return mgmt_event(MGMT_EV_DEVICE_UNPAIRED, hdev, &ev, sizeof(ev),
1628 skip_sk);
1629}
1630
124f6e35 1631static int unpair_device(struct sock *sk, u16 index, void *data, u16 len)
55ed8ca1
JH		 1632{
1633 struct hci_dev *hdev;
124f6e35
JH		 1634 struct mgmt_cp_unpair_device *cp = data;
1635 struct mgmt_rp_unpair_device rp;
a8a1d19e
JH		 1636 struct hci_cp_disconnect dc;
1637 struct pending_cmd *cmd;
55ed8ca1 1638 struct hci_conn *conn;
55ed8ca1
JH		 1639 int err;
1640
bdce7baf 1641 if (len != sizeof(*cp))
124f6e35 1642 return cmd_status(sk, index, MGMT_OP_UNPAIR_DEVICE,
ca69b795 1643 MGMT_STATUS_INVALID_PARAMS);
bdce7baf 1644
4e51eae9 1645 hdev = hci_dev_get(index);
55ed8ca1 1646 if (!hdev)
124f6e35 1647 return cmd_status(sk, index, MGMT_OP_UNPAIR_DEVICE,
ca69b795 1648 MGMT_STATUS_INVALID_PARAMS);
55ed8ca1 1649
09fd0de5 1650 hci_dev_lock(hdev);
55ed8ca1 1651
a8a1d19e 1652 memset(&rp, 0, sizeof(rp));
124f6e35
JH		 1653 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
1654 rp.addr.type = cp->addr.type;
a8a1d19e 1655
86a8cfc6
JH		 1656 if (!hdev_is_powered(hdev)) {
1657 err = cmd_complete(sk, index, MGMT_OP_UNPAIR_DEVICE,
1658 MGMT_STATUS_NOT_POWERED,
1659 &rp, sizeof(rp));
1660 goto unlock;
1661 }
1662
124f6e35
JH		 1663 if (cp->addr.type == MGMT_ADDR_BREDR)
1664 err = hci_remove_link_key(hdev, &cp->addr.bdaddr);
1665 else
1666 err = hci_remove_ltk(hdev, &cp->addr.bdaddr);
b0dbfb46 1667
55ed8ca1 1668 if (err < 0) {
86a8cfc6
JH		 1669 err = cmd_complete(sk, index, MGMT_OP_UNPAIR_DEVICE,
1670 MGMT_STATUS_NOT_PAIRED,
1671 &rp, sizeof(rp));
55ed8ca1
JH		 1672 goto unlock;
1673 }
1674
86a8cfc6
JH		 1675 if (cp->disconnect) {
1676 if (cp->addr.type == MGMT_ADDR_BREDR)
1677 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
124f6e35 1678 &cp->addr.bdaddr);
86a8cfc6
JH		 1679 else
1680 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK,
124f6e35 1681 &cp->addr.bdaddr);
86a8cfc6
JH		 1682 } else {
1683 conn = NULL;
1684 }
124f6e35 1685
a8a1d19e 1686 if (!conn) {
86a8cfc6 1687 err = cmd_complete(sk, index, MGMT_OP_UNPAIR_DEVICE, 0,
aee9b218 1688 &rp, sizeof(rp));
b1078ad0 1689 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, sk);
a8a1d19e
JH		 1690 goto unlock;
1691 }
55ed8ca1 1692
124f6e35
JH		 1693 cmd = mgmt_pending_add(sk, MGMT_OP_UNPAIR_DEVICE, hdev, cp,
1694 sizeof(*cp));
a8a1d19e
JH		 1695 if (!cmd) {
1696 err = -ENOMEM;
1697 goto unlock;
55ed8ca1
JH		 1698 }
1699
a8a1d19e
JH		 1700 put_unaligned_le16(conn->handle, &dc.handle);
1701 dc.reason = 0x13; /* Remote User Terminated Connection */
1702 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
1703 if (err < 0)
1704 mgmt_pending_remove(cmd);
1705
55ed8ca1 1706unlock:
09fd0de5 1707 hci_dev_unlock(hdev);
55ed8ca1
JH		 1708 hci_dev_put(hdev);
1709
1710 return err;
1711}
1712
650f726d 1713static int disconnect(struct sock *sk, u16 index, void *data, u16 len)
8962ee74
JH		 1714{
1715 struct hci_dev *hdev;
650f726d 1716 struct mgmt_cp_disconnect *cp = data;
8962ee74 1717 struct hci_cp_disconnect dc;
366a0336 1718 struct pending_cmd *cmd;
8962ee74 1719 struct hci_conn *conn;
8962ee74
JH		 1720 int err;
1721
1722 BT_DBG("");
1723
bdce7baf 1724 if (len != sizeof(*cp))
ca69b795
JH		 1725 return cmd_status(sk, index, MGMT_OP_DISCONNECT,
1726 MGMT_STATUS_INVALID_PARAMS);
bdce7baf 1727
4e51eae9 1728 hdev = hci_dev_get(index);
8962ee74 1729 if (!hdev)
ca69b795
JH		 1730 return cmd_status(sk, index, MGMT_OP_DISCONNECT,
1731 MGMT_STATUS_INVALID_PARAMS);
8962ee74 1732
09fd0de5 1733 hci_dev_lock(hdev);
8962ee74
JH		 1734
1735 if (!test_bit(HCI_UP, &hdev->flags)) {
ca69b795
JH		 1736 err = cmd_status(sk, index, MGMT_OP_DISCONNECT,
1737 MGMT_STATUS_NOT_POWERED);
8962ee74
JH		 1738 goto failed;
1739 }
1740
2e58ef3e 1741 if (mgmt_pending_find(MGMT_OP_DISCONNECT, hdev)) {
ca69b795
JH		 1742 err = cmd_status(sk, index, MGMT_OP_DISCONNECT,
1743 MGMT_STATUS_BUSY);
8962ee74
JH		 1744 goto failed;
1745 }
1746
88c3df13
JH		 1747 if (cp->addr.type == MGMT_ADDR_BREDR)
1748 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->addr.bdaddr);
1749 else
1750 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
365227e5 1751
8962ee74 1752 if (!conn) {
ca69b795
JH		 1753 err = cmd_status(sk, index, MGMT_OP_DISCONNECT,
1754 MGMT_STATUS_NOT_CONNECTED);
8962ee74
JH		 1755 goto failed;
1756 }
1757
2e58ef3e 1758 cmd = mgmt_pending_add(sk, MGMT_OP_DISCONNECT, hdev, data, len);
366a0336
JH		 1759 if (!cmd) {
1760 err = -ENOMEM;
8962ee74 1761 goto failed;
366a0336 1762 }
8962ee74
JH		 1763
1764 put_unaligned_le16(conn->handle, &dc.handle);
1765 dc.reason = 0x13; /* Remote User Terminated Connection */
1766
1767 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
1768 if (err < 0)
a664b5bc 1769 mgmt_pending_remove(cmd);
8962ee74
JH		 1770
1771failed:
09fd0de5 1772 hci_dev_unlock(hdev);
8962ee74
JH		 1773 hci_dev_put(hdev);
1774
1775 return err;
1776}
1777
48264f06 1778static u8 link_to_mgmt(u8 link_type, u8 addr_type)
4c659c39
JH		 1779{
1780 switch (link_type) {
1781 case LE_LINK:
48264f06
JH		 1782 switch (addr_type) {
1783 case ADDR_LE_DEV_PUBLIC:
1784 return MGMT_ADDR_LE_PUBLIC;
1785 case ADDR_LE_DEV_RANDOM:
1786 return MGMT_ADDR_LE_RANDOM;
1787 default:
1788 return MGMT_ADDR_INVALID;
1789 }
4c659c39
JH		 1790 case ACL_LINK:
1791 return MGMT_ADDR_BREDR;
1792 default:
1793 return MGMT_ADDR_INVALID;
1794 }
1795}
1796
8ce6284e 1797static int get_connections(struct sock *sk, u16 index)
2784eb41 1798{
2784eb41
JH		 1799 struct mgmt_rp_get_connections *rp;
1800 struct hci_dev *hdev;
8035ded4 1801 struct hci_conn *c;
a38528f1 1802 size_t rp_len;
60fc5fb6
JH		 1803 int err;
1804 u16 i;
2784eb41
JH		 1805
1806 BT_DBG("");
1807
4e51eae9 1808 hdev = hci_dev_get(index);
2784eb41 1809 if (!hdev)
ca69b795
JH		 1810 return cmd_status(sk, index, MGMT_OP_GET_CONNECTIONS,
1811 MGMT_STATUS_INVALID_PARAMS);
2784eb41 1812
09fd0de5 1813 hci_dev_lock(hdev);
2784eb41 1814
5f97c1df
JH		 1815 if (!hdev_is_powered(hdev)) {
1816 err = cmd_status(sk, index, MGMT_OP_GET_CONNECTIONS,
1817 MGMT_STATUS_NOT_POWERED);
1818 goto unlock;
1819 }
1820
60fc5fb6 1821 i = 0;
b644ba33
JH		 1822 list_for_each_entry(c, &hdev->conn_hash.list, list) {
1823 if (test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
60fc5fb6 1824 i++;
2784eb41
JH		 1825 }
1826
60fc5fb6 1827 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
a38528f1
JH		 1828 rp = kmalloc(rp_len, GFP_ATOMIC);
1829 if (!rp) {
2784eb41
JH		 1830 err = -ENOMEM;
1831 goto unlock;
1832 }
1833
2784eb41 1834 i = 0;
4c659c39 1835 list_for_each_entry(c, &hdev->conn_hash.list, list) {
b644ba33
JH		 1836 if (!test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
1837 continue;
4c659c39 1838 bacpy(&rp->addr[i].bdaddr, &c->dst);
48264f06 1839 rp->addr[i].type = link_to_mgmt(c->type, c->dst_type);
4c659c39
JH		 1840 if (rp->addr[i].type == MGMT_ADDR_INVALID)
1841 continue;
1842 i++;
1843 }
1844
60fc5fb6
JH		 1845 put_unaligned_le16(i, &rp->conn_count);
1846
4c659c39
JH		 1847 /* Recalculate length in case of filtered SCO connections, etc */
1848 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
2784eb41 1849
aee9b218 1850 err = cmd_complete(sk, index, MGMT_OP_GET_CONNECTIONS, 0, rp, rp_len);
2784eb41 1851
a38528f1 1852 kfree(rp);
5f97c1df
JH		 1853
1854unlock:
09fd0de5 1855 hci_dev_unlock(hdev);
2784eb41
JH		 1856 hci_dev_put(hdev);
1857 return err;
1858}
1859
96d97a67
WR		 1860static int send_pin_code_neg_reply(struct sock *sk, u16 index,
1861 struct hci_dev *hdev, struct mgmt_cp_pin_code_neg_reply *cp)
1862{
1863 struct pending_cmd *cmd;
1864 int err;
1865
2e58ef3e 1866 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_NEG_REPLY, hdev, cp,
96d97a67
WR		 1867 sizeof(*cp));
1868 if (!cmd)
1869 return -ENOMEM;
1870
d8457698
JH		 1871 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
1872 sizeof(cp->addr.bdaddr), &cp->addr.bdaddr);
96d97a67
WR		 1873 if (err < 0)
1874 mgmt_pending_remove(cmd);
1875
1876 return err;
1877}
1878
650f726d 1879static int pin_code_reply(struct sock *sk, u16 index, void *data, u16 len)
980e1a53
JH		 1880{
1881 struct hci_dev *hdev;
96d97a67 1882 struct hci_conn *conn;
650f726d 1883 struct mgmt_cp_pin_code_reply *cp = data;
980e1a53 1884 struct hci_cp_pin_code_reply reply;
366a0336 1885 struct pending_cmd *cmd;
980e1a53
JH		 1886 int err;
1887
1888 BT_DBG("");
1889
bdce7baf 1890 if (len != sizeof(*cp))
ca69b795
JH		 1891 return cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY,
1892 MGMT_STATUS_INVALID_PARAMS);
bdce7baf 1893
4e51eae9 1894 hdev = hci_dev_get(index);
980e1a53 1895 if (!hdev)
ca69b795
JH		 1896 return cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY,
1897 MGMT_STATUS_INVALID_PARAMS);
980e1a53 1898
09fd0de5 1899 hci_dev_lock(hdev);
980e1a53 1900
4b34ee78 1901 if (!hdev_is_powered(hdev)) {
ca69b795
JH		 1902 err = cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY,
1903 MGMT_STATUS_NOT_POWERED);
980e1a53
JH		 1904 goto failed;
1905 }
1906
d8457698 1907 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->addr.bdaddr);
96d97a67 1908 if (!conn) {
ca69b795
JH		 1909 err = cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY,
1910 MGMT_STATUS_NOT_CONNECTED);
96d97a67
WR		 1911 goto failed;
1912 }
1913
1914 if (conn->pending_sec_level == BT_SECURITY_HIGH && cp->pin_len != 16) {
d8457698
JH		 1915 struct mgmt_cp_pin_code_neg_reply ncp;
1916
1917 memcpy(&ncp.addr, &cp->addr, sizeof(ncp.addr));
96d97a67
WR		 1918
1919 BT_ERR("PIN code is not 16 bytes long");
1920
1921 err = send_pin_code_neg_reply(sk, index, hdev, &ncp);
1922 if (err >= 0)
1923 err = cmd_status(sk, index, MGMT_OP_PIN_CODE_REPLY,
ca69b795 1924 MGMT_STATUS_INVALID_PARAMS);
96d97a67
WR		 1925
1926 goto failed;
1927 }
1928
650f726d
VCG		 1929 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_REPLY, hdev, data,
1930 len);
366a0336
JH		 1931 if (!cmd) {
1932 err = -ENOMEM;
980e1a53 1933 goto failed;
366a0336 1934 }
980e1a53 1935
d8457698 1936 bacpy(&reply.bdaddr, &cp->addr.bdaddr);
980e1a53 1937 reply.pin_len = cp->pin_len;
24718ca5 1938 memcpy(reply.pin_code, cp->pin_code, sizeof(reply.pin_code));
980e1a53
JH		 1939
1940 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_REPLY, sizeof(reply), &reply);
1941 if (err < 0)
a664b5bc 1942 mgmt_pending_remove(cmd);
980e1a53
JH		 1943
1944failed:
09fd0de5 1945 hci_dev_unlock(hdev);
980e1a53
JH		 1946 hci_dev_put(hdev);
1947
1948 return err;
1949}
1950
650f726d 1951static int pin_code_neg_reply(struct sock *sk, u16 index, void *data, u16 len)
980e1a53
JH		 1952{
1953 struct hci_dev *hdev;
650f726d 1954 struct mgmt_cp_pin_code_neg_reply *cp = data;
980e1a53
JH		 1955 int err;
1956
1957 BT_DBG("");
1958
bdce7baf
SJ		 1959 if (len != sizeof(*cp))
1960 return cmd_status(sk, index, MGMT_OP_PIN_CODE_NEG_REPLY,
ca69b795 1961 MGMT_STATUS_INVALID_PARAMS);
bdce7baf 1962
4e51eae9 1963 hdev = hci_dev_get(index);
980e1a53 1964 if (!hdev)
4e51eae9 1965 return cmd_status(sk, index, MGMT_OP_PIN_CODE_NEG_REPLY,
ca69b795 1966 MGMT_STATUS_INVALID_PARAMS);
980e1a53 1967
09fd0de5 1968 hci_dev_lock(hdev);
980e1a53 1969
4b34ee78 1970 if (!hdev_is_powered(hdev)) {
4e51eae9 1971 err = cmd_status(sk, index, MGMT_OP_PIN_CODE_NEG_REPLY,
ca69b795 1972 MGMT_STATUS_NOT_POWERED);
980e1a53
JH		 1973 goto failed;
1974 }
1975
96d97a67 1976 err = send_pin_code_neg_reply(sk, index, hdev, cp);
980e1a53
JH		 1977
1978failed:
09fd0de5 1979 hci_dev_unlock(hdev);
980e1a53
JH		 1980 hci_dev_put(hdev);
1981
1982 return err;
1983}
1984
650f726d 1985static int set_io_capability(struct sock *sk, u16 index, void *data, u16 len)
17fa4b9d
JH		 1986{
1987 struct hci_dev *hdev;
650f726d 1988 struct mgmt_cp_set_io_capability *cp = data;
17fa4b9d
JH		 1989
1990 BT_DBG("");
1991
bdce7baf 1992 if (len != sizeof(*cp))
ca69b795
JH		 1993 return cmd_status(sk, index, MGMT_OP_SET_IO_CAPABILITY,
1994 MGMT_STATUS_INVALID_PARAMS);
bdce7baf 1995
4e51eae9 1996 hdev = hci_dev_get(index);
17fa4b9d 1997 if (!hdev)
ca69b795
JH		 1998 return cmd_status(sk, index, MGMT_OP_SET_IO_CAPABILITY,
1999 MGMT_STATUS_INVALID_PARAMS);
17fa4b9d 2000
09fd0de5 2001 hci_dev_lock(hdev);
17fa4b9d
JH		 2002
2003 hdev->io_capability = cp->io_capability;
2004
2005 BT_DBG("%s IO capability set to 0x%02x", hdev->name,
b8534e0f 2006 hdev->io_capability);
17fa4b9d 2007
09fd0de5 2008 hci_dev_unlock(hdev);
17fa4b9d
JH		 2009 hci_dev_put(hdev);
2010
aee9b218 2011 return cmd_complete(sk, index, MGMT_OP_SET_IO_CAPABILITY, 0, NULL, 0);
17fa4b9d
JH		 2012}
2013
e9a416b5
JH		 2014static inline struct pending_cmd *find_pairing(struct hci_conn *conn)
2015{
2016 struct hci_dev *hdev = conn->hdev;
8035ded4 2017 struct pending_cmd *cmd;
e9a416b5 2018
2e58ef3e 2019 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
e9a416b5
JH		 2020 if (cmd->opcode != MGMT_OP_PAIR_DEVICE)
2021 continue;
2022
e9a416b5
JH		 2023 if (cmd->user_data != conn)
2024 continue;
2025
2026 return cmd;
2027 }
2028
2029 return NULL;
2030}
2031
2032static void pairing_complete(struct pending_cmd *cmd, u8 status)
2033{
2034 struct mgmt_rp_pair_device rp;
2035 struct hci_conn *conn = cmd->user_data;
2036
ba4e564f
JH		 2037 bacpy(&rp.addr.bdaddr, &conn->dst);
2038 rp.addr.type = link_to_mgmt(conn->type, conn->dst_type);
e9a416b5 2039
aee9b218
JH		 2040 cmd_complete(cmd->sk, cmd->index, MGMT_OP_PAIR_DEVICE, status,
2041 &rp, sizeof(rp));
e9a416b5
JH		 2042
2043 /* So we don't get further callbacks for this connection */
2044 conn->connect_cfm_cb = NULL;
2045 conn->security_cfm_cb = NULL;
2046 conn->disconn_cfm_cb = NULL;
2047
2048 hci_conn_put(conn);
2049
a664b5bc 2050 mgmt_pending_remove(cmd);
e9a416b5
JH		 2051}
2052
2053static void pairing_complete_cb(struct hci_conn *conn, u8 status)
2054{
2055 struct pending_cmd *cmd;
2056
2057 BT_DBG("status %u", status);
2058
2059 cmd = find_pairing(conn);
56e5cb86 2060 if (!cmd)
e9a416b5 2061 BT_DBG("Unable to find a pending command");
56e5cb86 2062 else
e211326c 2063 pairing_complete(cmd, mgmt_status(status));
e9a416b5
JH		 2064}
2065
650f726d 2066static int pair_device(struct sock *sk, u16 index, void *data, u16 len)
e9a416b5
JH		 2067{
2068 struct hci_dev *hdev;
650f726d 2069 struct mgmt_cp_pair_device *cp = data;
1425acb7 2070 struct mgmt_rp_pair_device rp;
e9a416b5
JH		 2071 struct pending_cmd *cmd;
2072 u8 sec_level, auth_type;
2073 struct hci_conn *conn;
e9a416b5
JH		 2074 int err;
2075
2076 BT_DBG("");
2077
bdce7baf 2078 if (len != sizeof(*cp))
ca69b795
JH		 2079 return cmd_status(sk, index, MGMT_OP_PAIR_DEVICE,
2080 MGMT_STATUS_INVALID_PARAMS);
bdce7baf 2081
4e51eae9 2082 hdev = hci_dev_get(index);
e9a416b5 2083 if (!hdev)
ca69b795
JH		 2084 return cmd_status(sk, index, MGMT_OP_PAIR_DEVICE,
2085 MGMT_STATUS_INVALID_PARAMS);
e9a416b5 2086
09fd0de5 2087 hci_dev_lock(hdev);
e9a416b5 2088
5f97c1df
JH		 2089 if (!hdev_is_powered(hdev)) {
2090 err = cmd_status(sk, index, MGMT_OP_PAIR_DEVICE,
2091 MGMT_STATUS_NOT_POWERED);
2092 goto unlock;
2093 }
2094
c908df36
VCG		 2095 sec_level = BT_SECURITY_MEDIUM;
2096 if (cp->io_cap == 0x03)
e9a416b5 2097 auth_type = HCI_AT_DEDICATED_BONDING;
c908df36 2098 else
e9a416b5 2099 auth_type = HCI_AT_DEDICATED_BONDING_MITM;
e9a416b5 2100
ba4e564f
JH		 2101 if (cp->addr.type == MGMT_ADDR_BREDR)
2102 conn = hci_connect(hdev, ACL_LINK, &cp->addr.bdaddr, sec_level,
7a512d01
VCG		 2103 auth_type);
2104 else
ba4e564f 2105 conn = hci_connect(hdev, LE_LINK, &cp->addr.bdaddr, sec_level,
7a512d01
VCG		 2106 auth_type);
2107
1425acb7
JH		 2108 memset(&rp, 0, sizeof(rp));
2109 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2110 rp.addr.type = cp->addr.type;
2111
30e76272 2112 if (IS_ERR(conn)) {
e211326c
JH		 2113 err = cmd_complete(sk, index, MGMT_OP_PAIR_DEVICE,
2114 MGMT_STATUS_CONNECT_FAILED,
2115 &rp, sizeof(rp));
e9a416b5
JH		 2116 goto unlock;
2117 }
2118
2119 if (conn->connect_cfm_cb) {
2120 hci_conn_put(conn);
e211326c
JH		 2121 err = cmd_complete(sk, index, MGMT_OP_PAIR_DEVICE,
2122 MGMT_STATUS_BUSY, &rp, sizeof(rp));
e9a416b5
JH		 2123 goto unlock;
2124 }
2125
2e58ef3e 2126 cmd = mgmt_pending_add(sk, MGMT_OP_PAIR_DEVICE, hdev, data, len);
e9a416b5
JH		 2127 if (!cmd) {
2128 err = -ENOMEM;
2129 hci_conn_put(conn);
2130 goto unlock;
2131 }
2132
7a512d01 2133 /* For LE, just connecting isn't a proof that the pairing finished */
ba4e564f 2134 if (cp->addr.type == MGMT_ADDR_BREDR)
7a512d01
VCG		 2135 conn->connect_cfm_cb = pairing_complete_cb;
2136
e9a416b5
JH		 2137 conn->security_cfm_cb = pairing_complete_cb;
2138 conn->disconn_cfm_cb = pairing_complete_cb;
2139 conn->io_capability = cp->io_cap;
2140 cmd->user_data = conn;
2141
2142 if (conn->state == BT_CONNECTED &&
2143 hci_conn_security(conn, sec_level, auth_type))
2144 pairing_complete(cmd, 0);
2145
2146 err = 0;
2147
2148unlock:
09fd0de5 2149 hci_dev_unlock(hdev);
e9a416b5
JH		 2150 hci_dev_put(hdev);
2151
2152 return err;
2153}
2154
28424707
JH		 2155static int cancel_pair_device(struct sock *sk, u16 index,
2156 unsigned char *data, u16 len)
2157{
2158 struct mgmt_addr_info *addr = (void *) data;
2159 struct hci_dev *hdev;
2160 struct pending_cmd *cmd;
2161 struct hci_conn *conn;
2162 int err;
2163
2164 BT_DBG("");
2165
2166 if (len != sizeof(*addr))
2167 return cmd_status(sk, index, MGMT_OP_CANCEL_PAIR_DEVICE,
2168 MGMT_STATUS_INVALID_PARAMS);
2169
2170 hdev = hci_dev_get(index);
2171 if (!hdev)
2172 return cmd_status(sk, index, MGMT_OP_CANCEL_PAIR_DEVICE,
2173 MGMT_STATUS_INVALID_PARAMS);
2174
2175 hci_dev_lock(hdev);
2176
5f97c1df
JH		 2177 if (!hdev_is_powered(hdev)) {
2178 err = cmd_status(sk, index, MGMT_OP_CANCEL_PAIR_DEVICE,
2179 MGMT_STATUS_NOT_POWERED);
2180 goto unlock;
2181 }
2182
28424707
JH		 2183 cmd = mgmt_pending_find(MGMT_OP_PAIR_DEVICE, hdev);
2184 if (!cmd) {
2185 err = cmd_status(sk, index, MGMT_OP_CANCEL_PAIR_DEVICE,
2186 MGMT_STATUS_INVALID_PARAMS);
2187 goto unlock;
2188 }
2189
2190 conn = cmd->user_data;
2191
2192 if (bacmp(&addr->bdaddr, &conn->dst) != 0) {
2193 err = cmd_status(sk, index, MGMT_OP_CANCEL_PAIR_DEVICE,
2194 MGMT_STATUS_INVALID_PARAMS);
2195 goto unlock;
2196 }
2197
2198 pairing_complete(cmd, MGMT_STATUS_CANCELLED);
2199
aee9b218 2200 err = cmd_complete(sk, index, MGMT_OP_CANCEL_PAIR_DEVICE, 0, addr,
28424707
JH		 2201 sizeof(*addr));
2202unlock:
2203 hci_dev_unlock(hdev);
2204 hci_dev_put(hdev);
2205
2206 return err;
2207}
2208
0df4c185 2209static int user_pairing_resp(struct sock *sk, u16 index, bdaddr_t *bdaddr,
272d90df
JH		 2210 u8 type, u16 mgmt_op, u16 hci_op,
2211 __le32 passkey)
a5c29683 2212{
a5c29683
JH		 2213 struct pending_cmd *cmd;
2214 struct hci_dev *hdev;
0df4c185 2215 struct hci_conn *conn;
a5c29683
JH		 2216 int err;
2217
4e51eae9 2218 hdev = hci_dev_get(index);
a5c29683 2219 if (!hdev)
ca69b795
JH		 2220 return cmd_status(sk, index, mgmt_op,
2221 MGMT_STATUS_INVALID_PARAMS);
a5c29683 2222
09fd0de5 2223 hci_dev_lock(hdev);
08ba5382 2224
4b34ee78 2225 if (!hdev_is_powered(hdev)) {
0df4c185
BG		 2226 err = cmd_status(sk, index, mgmt_op, MGMT_STATUS_NOT_POWERED);
2227 goto done;
a5c29683
JH		 2228 }
2229
272d90df
JH		 2230 if (type == MGMT_ADDR_BREDR)
2231 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, bdaddr);
2232 else
47c15e2b 2233 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, bdaddr);
272d90df
JH		 2234
2235 if (!conn) {
2236 err = cmd_status(sk, index, mgmt_op,
47c15e2b 2237 MGMT_STATUS_NOT_CONNECTED);
272d90df
JH		 2238 goto done;
2239 }
47c15e2b 2240
272d90df 2241 if (type == MGMT_ADDR_LE_PUBLIC || type == MGMT_ADDR_LE_RANDOM) {
47c15e2b 2242 /* Continue with pairing via SMP */
5fe57d9e
BG		 2243 err = smp_user_confirm_reply(conn, mgmt_op, passkey);
2244
2245 if (!err)
2246 err = cmd_status(sk, index, mgmt_op,
2247 MGMT_STATUS_SUCCESS);
2248 else
2249 err = cmd_status(sk, index, mgmt_op,
2250 MGMT_STATUS_FAILED);
47c15e2b 2251
47c15e2b
BG		 2252 goto done;
2253 }
2254
0df4c185 2255 cmd = mgmt_pending_add(sk, mgmt_op, hdev, bdaddr, sizeof(*bdaddr));
a5c29683
JH		 2256 if (!cmd) {
2257 err = -ENOMEM;
0df4c185 2258 goto done;
a5c29683
JH		 2259 }
2260
0df4c185 2261 /* Continue with pairing via HCI */
604086b7
BG		 2262 if (hci_op == HCI_OP_USER_PASSKEY_REPLY) {
2263 struct hci_cp_user_passkey_reply cp;
2264
2265 bacpy(&cp.bdaddr, bdaddr);
2266 cp.passkey = passkey;
2267 err = hci_send_cmd(hdev, hci_op, sizeof(cp), &cp);
2268 } else
2269 err = hci_send_cmd(hdev, hci_op, sizeof(*bdaddr), bdaddr);
2270
a664b5bc
JH		 2271 if (err < 0)
2272 mgmt_pending_remove(cmd);
a5c29683 2273
0df4c185 2274done:
09fd0de5 2275 hci_dev_unlock(hdev);
a5c29683
JH		 2276 hci_dev_put(hdev);
2277
2278 return err;
2279}
2280
0df4c185
BG		 2281static int user_confirm_reply(struct sock *sk, u16 index, void *data, u16 len)
2282{
650f726d 2283 struct mgmt_cp_user_confirm_reply *cp = data;
0df4c185
BG		 2284
2285 BT_DBG("");
2286
2287 if (len != sizeof(*cp))
2288 return cmd_status(sk, index, MGMT_OP_USER_CONFIRM_REPLY,
2289 MGMT_STATUS_INVALID_PARAMS);
2290
272d90df
JH		 2291 return user_pairing_resp(sk, index, &cp->addr.bdaddr, cp->addr.type,
2292 MGMT_OP_USER_CONFIRM_REPLY,
2293 HCI_OP_USER_CONFIRM_REPLY, 0);
0df4c185
BG		 2294}
2295
2296static int user_confirm_neg_reply(struct sock *sk, u16 index, void *data,
2297 u16 len)
2298{
c9c2659f 2299 struct mgmt_cp_user_confirm_neg_reply *cp = data;
0df4c185
BG		 2300
2301 BT_DBG("");
2302
2303 if (len != sizeof(*cp))
2304 return cmd_status(sk, index, MGMT_OP_USER_CONFIRM_NEG_REPLY,
2305 MGMT_STATUS_INVALID_PARAMS);
2306
272d90df
JH		 2307 return user_pairing_resp(sk, index, &cp->addr.bdaddr, cp->addr.type,
2308 MGMT_OP_USER_CONFIRM_NEG_REPLY,
2309 HCI_OP_USER_CONFIRM_NEG_REPLY, 0);
0df4c185
BG		 2310}
2311
604086b7
BG		 2312static int user_passkey_reply(struct sock *sk, u16 index, void *data, u16 len)
2313{
650f726d 2314 struct mgmt_cp_user_passkey_reply *cp = data;
604086b7
BG		 2315
2316 BT_DBG("");
2317
2318 if (len != sizeof(*cp))
2319 return cmd_status(sk, index, MGMT_OP_USER_PASSKEY_REPLY,
2320 EINVAL);
2321
272d90df
JH		 2322 return user_pairing_resp(sk, index, &cp->addr.bdaddr, cp->addr.type,
2323 MGMT_OP_USER_PASSKEY_REPLY,
2324 HCI_OP_USER_PASSKEY_REPLY,
2325 cp->passkey);
604086b7
BG		 2326}
2327
2328static int user_passkey_neg_reply(struct sock *sk, u16 index, void *data,
2329 u16 len)
2330{
650f726d 2331 struct mgmt_cp_user_passkey_neg_reply *cp = data;
604086b7
BG		 2332
2333 BT_DBG("");
2334
2335 if (len != sizeof(*cp))
2336 return cmd_status(sk, index, MGMT_OP_USER_PASSKEY_NEG_REPLY,
2337 EINVAL);
2338
272d90df
JH		 2339 return user_pairing_resp(sk, index, &cp->addr.bdaddr, cp->addr.type,
2340 MGMT_OP_USER_PASSKEY_NEG_REPLY,
2341 HCI_OP_USER_PASSKEY_NEG_REPLY, 0);
604086b7
BG		 2342}
2343
650f726d 2344static int set_local_name(struct sock *sk, u16 index, void *data,
b312b161
JH		 2345 u16 len)
2346{
650f726d 2347 struct mgmt_cp_set_local_name *mgmt_cp = data;
b312b161
JH		 2348 struct hci_cp_write_local_name hci_cp;
2349 struct hci_dev *hdev;
2350 struct pending_cmd *cmd;
2351 int err;
2352
2353 BT_DBG("");
2354
2355 if (len != sizeof(*mgmt_cp))
ca69b795
JH		 2356 return cmd_status(sk, index, MGMT_OP_SET_LOCAL_NAME,
2357 MGMT_STATUS_INVALID_PARAMS);
b312b161
JH		 2358
2359 hdev = hci_dev_get(index);
2360 if (!hdev)
ca69b795
JH		 2361 return cmd_status(sk, index, MGMT_OP_SET_LOCAL_NAME,
2362 MGMT_STATUS_INVALID_PARAMS);
b312b161 2363
09fd0de5 2364 hci_dev_lock(hdev);
b312b161 2365
28cc7bde
JH		 2366 memcpy(hdev->short_name, mgmt_cp->short_name,
2367 sizeof(hdev->short_name));
2368
b5235a65 2369 if (!hdev_is_powered(hdev)) {
28cc7bde
JH		 2370 memcpy(hdev->dev_name, mgmt_cp->name, sizeof(hdev->dev_name));
2371
2372 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
2373 data, len);
2374 if (err < 0)
2375 goto failed;
2376
2377 err = mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, data, len,
2378 sk);
2379
b5235a65
JH		 2380 goto failed;
2381 }
2382
28cc7bde 2383 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LOCAL_NAME, hdev, data, len);
b312b161
JH		 2384 if (!cmd) {
2385 err = -ENOMEM;
2386 goto failed;
2387 }
2388
2389 memcpy(hci_cp.name, mgmt_cp->name, sizeof(hci_cp.name));
2390 err = hci_send_cmd(hdev, HCI_OP_WRITE_LOCAL_NAME, sizeof(hci_cp),
2391 &hci_cp);
2392 if (err < 0)
2393 mgmt_pending_remove(cmd);
2394
2395failed:
09fd0de5 2396 hci_dev_unlock(hdev);
b312b161
JH		 2397 hci_dev_put(hdev);
2398
2399 return err;
2400}
2401
c35938b2
SJ		 2402static int read_local_oob_data(struct sock *sk, u16 index)
2403{
2404 struct hci_dev *hdev;
2405 struct pending_cmd *cmd;
2406 int err;
2407
2408 BT_DBG("hci%u", index);
2409
2410 hdev = hci_dev_get(index);
2411 if (!hdev)
2412 return cmd_status(sk, index, MGMT_OP_READ_LOCAL_OOB_DATA,
ca69b795 2413 MGMT_STATUS_INVALID_PARAMS);
c35938b2 2414
09fd0de5 2415 hci_dev_lock(hdev);
c35938b2 2416
4b34ee78 2417 if (!hdev_is_powered(hdev)) {
c35938b2 2418 err = cmd_status(sk, index, MGMT_OP_READ_LOCAL_OOB_DATA,
ca69b795 2419 MGMT_STATUS_NOT_POWERED);
c35938b2
SJ		 2420 goto unlock;
2421 }
2422
2423 if (!(hdev->features[6] & LMP_SIMPLE_PAIR)) {
2424 err = cmd_status(sk, index, MGMT_OP_READ_LOCAL_OOB_DATA,
ca69b795 2425 MGMT_STATUS_NOT_SUPPORTED);
c35938b2
SJ		 2426 goto unlock;
2427 }
2428
2e58ef3e 2429 if (mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev)) {
ca69b795
JH		 2430 err = cmd_status(sk, index, MGMT_OP_READ_LOCAL_OOB_DATA,
2431 MGMT_STATUS_BUSY);
c35938b2
SJ		 2432 goto unlock;
2433 }
2434
2e58ef3e 2435 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_DATA, hdev, NULL, 0);
c35938b2
SJ		 2436 if (!cmd) {
2437 err = -ENOMEM;
2438 goto unlock;
2439 }
2440
2441 err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL);
2442 if (err < 0)
2443 mgmt_pending_remove(cmd);
2444
2445unlock:
09fd0de5 2446 hci_dev_unlock(hdev);
c35938b2
SJ		 2447 hci_dev_put(hdev);
2448
2449 return err;
2450}
2451
650f726d
VCG		 2452static int add_remote_oob_data(struct sock *sk, u16 index, void *data,
2453 u16 len)
2763eda6
SJ		 2454{
2455 struct hci_dev *hdev;
650f726d 2456 struct mgmt_cp_add_remote_oob_data *cp = data;
bf1e3541 2457 u8 status;
2763eda6
SJ		 2458 int err;
2459
2460 BT_DBG("hci%u ", index);
2461
2462 if (len != sizeof(*cp))
2463 return cmd_status(sk, index, MGMT_OP_ADD_REMOTE_OOB_DATA,
ca69b795 2464 MGMT_STATUS_INVALID_PARAMS);
2763eda6
SJ		 2465
2466 hdev = hci_dev_get(index);
2467 if (!hdev)
bf1e3541
JH		 2468 return cmd_complete(sk, index, MGMT_OP_ADD_REMOTE_OOB_DATA,
2469 MGMT_STATUS_INVALID_PARAMS,
2470 &cp->addr, sizeof(cp->addr));
2763eda6 2471
09fd0de5 2472 hci_dev_lock(hdev);
2763eda6 2473
5f97c1df
JH		 2474 if (!hdev_is_powered(hdev)) {
2475 err = cmd_complete(sk, index, MGMT_OP_ADD_REMOTE_OOB_DATA,
2476 MGMT_STATUS_NOT_POWERED,
2477 &cp->addr, sizeof(cp->addr));
2478 goto unlock;
2479 }
2480
664ce4cc 2481 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr, cp->hash,
2763eda6
SJ		 2482 cp->randomizer);
2483 if (err < 0)
bf1e3541 2484 status = MGMT_STATUS_FAILED;
2763eda6 2485 else
bf1e3541
JH		 2486 status = 0;
2487
2488 err = cmd_complete(sk, index, MGMT_OP_ADD_REMOTE_OOB_DATA, status,
2489 &cp->addr, sizeof(cp->addr));
2763eda6 2490
5f97c1df 2491unlock:
09fd0de5 2492 hci_dev_unlock(hdev);
2763eda6
SJ		 2493 hci_dev_put(hdev);
2494
2495 return err;
2496}
2497
2498static int remove_remote_oob_data(struct sock *sk, u16 index,
650f726d 2499 void *data, u16 len)
2763eda6
SJ		 2500{
2501 struct hci_dev *hdev;
650f726d 2502 struct mgmt_cp_remove_remote_oob_data *cp = data;
bf1e3541 2503 u8 status;
2763eda6
SJ		 2504 int err;
2505
2506 BT_DBG("hci%u ", index);
2507
2508 if (len != sizeof(*cp))
2509 return cmd_status(sk, index, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
ca69b795 2510 MGMT_STATUS_INVALID_PARAMS);
2763eda6
SJ		 2511
2512 hdev = hci_dev_get(index);
2513 if (!hdev)
bf1e3541
JH		 2514 return cmd_complete(sk, index, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
2515 MGMT_STATUS_INVALID_PARAMS,
2516 &cp->addr, sizeof(cp->addr));
2763eda6 2517
09fd0de5 2518 hci_dev_lock(hdev);
2763eda6 2519
5f97c1df
JH		 2520 if (!hdev_is_powered(hdev)) {
2521 err = cmd_complete(sk, index, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
2522 MGMT_STATUS_NOT_POWERED,
2523 &cp->addr, sizeof(cp->addr));
2524 goto unlock;
2525 }
2526
664ce4cc 2527 err = hci_remove_remote_oob_data(hdev, &cp->addr.bdaddr);
2763eda6 2528 if (err < 0)
bf1e3541 2529 status = MGMT_STATUS_INVALID_PARAMS;
2763eda6 2530 else
bf1e3541
JH		 2531 status = 0;
2532
2533 err = cmd_complete(sk, index, MGMT_OP_REMOVE_REMOTE_OOB_DATA, status,
2534 &cp->addr, sizeof(cp->addr));
2763eda6 2535
5f97c1df 2536unlock:
09fd0de5 2537 hci_dev_unlock(hdev);
2763eda6
SJ		 2538 hci_dev_put(hdev);
2539
2540 return err;
2541}
2542
5e0452c0
AG		 2543static int discovery(struct hci_dev *hdev)
2544{
2545 int err;
2546
2547 if (lmp_host_le_capable(hdev)) {
2548 if (lmp_bredr_capable(hdev)) {
2549 err = hci_le_scan(hdev, LE_SCAN_TYPE,
2550 LE_SCAN_INT, LE_SCAN_WIN,
2551 LE_SCAN_TIMEOUT_BREDR_LE);
2552 } else {
2553 hdev->discovery.type = DISCOV_TYPE_LE;
2554 err = hci_le_scan(hdev, LE_SCAN_TYPE,
2555 LE_SCAN_INT, LE_SCAN_WIN,
2556 LE_SCAN_TIMEOUT_LE_ONLY);
2557 }
2558 } else {
2559 hdev->discovery.type = DISCOV_TYPE_BREDR;
2560 err = hci_do_inquiry(hdev, INQUIRY_LEN_BREDR);
2561 }
2562
2563 return err;
2564}
2565
2566int mgmt_interleaved_discovery(struct hci_dev *hdev)
2567{
2568 int err;
2569
2570 BT_DBG("%s", hdev->name);
2571
2572 hci_dev_lock(hdev);
2573
2574 err = hci_do_inquiry(hdev, INQUIRY_LEN_BREDR_LE);
2575 if (err < 0)
2576 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
2577
2578 hci_dev_unlock(hdev);
2579
2580 return err;
2581}
2582
450dfdaf 2583static int start_discovery(struct sock *sk, u16 index,
650f726d 2584 void *data, u16 len)
14a53664 2585{
650f726d 2586 struct mgmt_cp_start_discovery *cp = data;
14a53664
JH		 2587 struct pending_cmd *cmd;
2588 struct hci_dev *hdev;
2589 int err;
2590
2591 BT_DBG("hci%u", index);
2592
450dfdaf
JH		 2593 if (len != sizeof(*cp))
2594 return cmd_status(sk, index, MGMT_OP_START_DISCOVERY,
2595 MGMT_STATUS_INVALID_PARAMS);
2596
14a53664
JH		 2597 hdev = hci_dev_get(index);
2598 if (!hdev)
ca69b795
JH		 2599 return cmd_status(sk, index, MGMT_OP_START_DISCOVERY,
2600 MGMT_STATUS_INVALID_PARAMS);
14a53664 2601
09fd0de5 2602 hci_dev_lock(hdev);
14a53664 2603
4b34ee78 2604 if (!hdev_is_powered(hdev)) {
ca69b795
JH		 2605 err = cmd_status(sk, index, MGMT_OP_START_DISCOVERY,
2606 MGMT_STATUS_NOT_POWERED);
bd2d1334
JH		 2607 goto failed;
2608 }
2609
ff9ef578
JH		 2610 if (hdev->discovery.state != DISCOVERY_STOPPED) {
2611 err = cmd_status(sk, index, MGMT_OP_START_DISCOVERY,
2612 MGMT_STATUS_BUSY);
2613 goto failed;
2614 }
2615
2e58ef3e 2616 cmd = mgmt_pending_add(sk, MGMT_OP_START_DISCOVERY, hdev, NULL, 0);
14a53664
JH		 2617 if (!cmd) {
2618 err = -ENOMEM;
2619 goto failed;
2620 }
2621
4aab14e5
AG		 2622 hdev->discovery.type = cp->type;
2623
2624 switch (hdev->discovery.type) {
f39799f5 2625 case DISCOV_TYPE_BREDR:
3fd24153 2626 err = hci_do_inquiry(hdev, INQUIRY_LEN_BREDR);
f39799f5
AG		 2627 break;
2628
2629 case DISCOV_TYPE_LE:
3fd24153
AG		 2630 err = hci_le_scan(hdev, LE_SCAN_TYPE, LE_SCAN_INT,
2631 LE_SCAN_WIN, LE_SCAN_TIMEOUT_LE_ONLY);
f39799f5
AG		 2632 break;
2633
5e0452c0
AG		 2634 case DISCOV_TYPE_INTERLEAVED:
2635 err = discovery(hdev);
2636 break;
2637
f39799f5 2638 default:
3fd24153 2639 err = -EINVAL;
f39799f5 2640 }
3fd24153 2641
14a53664
JH		 2642 if (err < 0)
2643 mgmt_pending_remove(cmd);
ff9ef578
JH		 2644 else
2645 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
14a53664
JH		 2646
2647failed:
09fd0de5 2648 hci_dev_unlock(hdev);
14a53664
JH		 2649 hci_dev_put(hdev);
2650
2651 return err;
2652}
2653
d930650b 2654static int stop_discovery(struct sock *sk, u16 index, void *data, u16 len)
14a53664 2655{
d930650b 2656 struct mgmt_cp_stop_discovery *mgmt_cp = data;
14a53664
JH		 2657 struct hci_dev *hdev;
2658 struct pending_cmd *cmd;
30dc78e1
JH		 2659 struct hci_cp_remote_name_req_cancel cp;
2660 struct inquiry_entry *e;
14a53664
JH		 2661 int err;
2662
2663 BT_DBG("hci%u", index);
2664
d930650b
JH		 2665 if (len != sizeof(*mgmt_cp))
2666 return cmd_status(sk, index, MGMT_OP_STOP_DISCOVERY,
2667 MGMT_STATUS_INVALID_PARAMS);
2668
14a53664
JH		 2669 hdev = hci_dev_get(index);
2670 if (!hdev)
ca69b795
JH		 2671 return cmd_status(sk, index, MGMT_OP_STOP_DISCOVERY,
2672 MGMT_STATUS_INVALID_PARAMS);
14a53664 2673
09fd0de5 2674 hci_dev_lock(hdev);
14a53664 2675
30dc78e1 2676 if (!hci_discovery_active(hdev)) {
d930650b
JH		 2677 err = cmd_complete(sk, index, MGMT_OP_STOP_DISCOVERY,
2678 MGMT_STATUS_REJECTED,
2679 &mgmt_cp->type, sizeof(mgmt_cp->type));
2680 goto unlock;
2681 }
2682
2683 if (hdev->discovery.type != mgmt_cp->type) {
2684 err = cmd_complete(sk, index, MGMT_OP_STOP_DISCOVERY,
2685 MGMT_STATUS_INVALID_PARAMS,
2686 &mgmt_cp->type, sizeof(mgmt_cp->type));
30dc78e1 2687 goto unlock;
ff9ef578
JH		 2688 }
2689
2e58ef3e 2690 cmd = mgmt_pending_add(sk, MGMT_OP_STOP_DISCOVERY, hdev, NULL, 0);
14a53664
JH		 2691 if (!cmd) {
2692 err = -ENOMEM;
30dc78e1
JH		 2693 goto unlock;
2694 }
2695
343f935b 2696 if (hdev->discovery.state == DISCOVERY_FINDING) {
30dc78e1
JH		 2697 err = hci_cancel_inquiry(hdev);
2698 if (err < 0)
2699 mgmt_pending_remove(cmd);
2700 else
2701 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
2702 goto unlock;
2703 }
2704
2705 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY, NAME_PENDING);
2706 if (!e) {
2707 mgmt_pending_remove(cmd);
aee9b218 2708 err = cmd_complete(sk, index, MGMT_OP_STOP_DISCOVERY, 0,
d930650b 2709 &mgmt_cp->type, sizeof(mgmt_cp->type));
30dc78e1
JH		 2710 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
2711 goto unlock;
14a53664
JH		 2712 }
2713
30dc78e1
JH		 2714 bacpy(&cp.bdaddr, &e->data.bdaddr);
2715 err = hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ_CANCEL,
2716 sizeof(cp), &cp);
14a53664
JH		 2717 if (err < 0)
2718 mgmt_pending_remove(cmd);
ff9ef578
JH		 2719 else
2720 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
14a53664 2721
30dc78e1 2722unlock:
09fd0de5 2723 hci_dev_unlock(hdev);
14a53664
JH		 2724 hci_dev_put(hdev);
2725
2726 return err;
2727}
2728
650f726d 2729static int confirm_name(struct sock *sk, u16 index, void *data, u16 len)
561aafbc 2730{
650f726d 2731 struct mgmt_cp_confirm_name *cp = data;
561aafbc
JH		 2732 struct inquiry_entry *e;
2733 struct hci_dev *hdev;
2734 int err;
2735
2736 BT_DBG("hci%u", index);
2737
2738 if (len != sizeof(*cp))
2739 return cmd_status(sk, index, MGMT_OP_CONFIRM_NAME,
2740 MGMT_STATUS_INVALID_PARAMS);
2741
2742 hdev = hci_dev_get(index);
2743 if (!hdev)
2744 return cmd_status(sk, index, MGMT_OP_CONFIRM_NAME,
2745 MGMT_STATUS_INVALID_PARAMS);
2746
2747 hci_dev_lock(hdev);
2748
30dc78e1
JH		 2749 if (!hci_discovery_active(hdev)) {
2750 err = cmd_status(sk, index, MGMT_OP_CONFIRM_NAME,
2751 MGMT_STATUS_FAILED);
2752 goto failed;
2753 }
2754
a198e7b1 2755 e = hci_inquiry_cache_lookup_unknown(hdev, &cp->addr.bdaddr);
561aafbc 2756 if (!e) {
e5f0e151 2757 err = cmd_status(sk, index, MGMT_OP_CONFIRM_NAME,
561aafbc
JH		 2758 MGMT_STATUS_INVALID_PARAMS);
2759 goto failed;
2760 }
2761
2762 if (cp->name_known) {
2763 e->name_state = NAME_KNOWN;
2764 list_del(&e->list);
2765 } else {
2766 e->name_state = NAME_NEEDED;
a3d4e20a 2767 hci_inquiry_cache_update_resolve(hdev, e);
561aafbc
JH		 2768 }
2769
2770 err = 0;
2771
2772failed:
2773 hci_dev_unlock(hdev);
2774
2775 return err;
2776}
2777
650f726d 2778static int block_device(struct sock *sk, u16 index, void *data, u16 len)
7fbec224
AJ		 2779{
2780 struct hci_dev *hdev;
650f726d 2781 struct mgmt_cp_block_device *cp = data;
f0eeea8b 2782 u8 status;
7fbec224
AJ		 2783 int err;
2784
2785 BT_DBG("hci%u", index);
2786
7fbec224
AJ		 2787 if (len != sizeof(*cp))
2788 return cmd_status(sk, index, MGMT_OP_BLOCK_DEVICE,
ca69b795 2789 MGMT_STATUS_INVALID_PARAMS);
7fbec224
AJ		 2790
2791 hdev = hci_dev_get(index);
2792 if (!hdev)
f0eeea8b
JH		 2793 return cmd_complete(sk, index, MGMT_OP_BLOCK_DEVICE,
2794 MGMT_STATUS_INVALID_PARAMS,
2795 &cp->addr, sizeof(cp->addr));
7fbec224 2796
09fd0de5 2797 hci_dev_lock(hdev);
5e762444 2798
88c1fe4b 2799 err = hci_blacklist_add(hdev, &cp->addr.bdaddr, cp->addr.type);
7fbec224 2800 if (err < 0)
f0eeea8b 2801 status = MGMT_STATUS_FAILED;
7fbec224 2802 else
f0eeea8b
JH		 2803 status = 0;
2804
2805 err = cmd_complete(sk, index, MGMT_OP_BLOCK_DEVICE, status,
2806 &cp->addr, sizeof(cp->addr));
5e762444 2807
09fd0de5 2808 hci_dev_unlock(hdev);
7fbec224
AJ		 2809 hci_dev_put(hdev);
2810
2811 return err;
2812}
2813
650f726d 2814static int unblock_device(struct sock *sk, u16 index, void *data, u16 len)
7fbec224
AJ		 2815{
2816 struct hci_dev *hdev;
650f726d 2817 struct mgmt_cp_unblock_device *cp = data;
f0eeea8b 2818 u8 status;
7fbec224
AJ		 2819 int err;
2820
2821 BT_DBG("hci%u", index);
2822
7fbec224
AJ		 2823 if (len != sizeof(*cp))
2824 return cmd_status(sk, index, MGMT_OP_UNBLOCK_DEVICE,
ca69b795 2825 MGMT_STATUS_INVALID_PARAMS);
7fbec224
AJ		 2826
2827 hdev = hci_dev_get(index);
2828 if (!hdev)
f0eeea8b
JH		 2829 return cmd_complete(sk, index, MGMT_OP_UNBLOCK_DEVICE,
2830 MGMT_STATUS_INVALID_PARAMS,
2831 &cp->addr, sizeof(cp->addr));
7fbec224 2832
09fd0de5 2833 hci_dev_lock(hdev);
5e762444 2834
88c1fe4b 2835 err = hci_blacklist_del(hdev, &cp->addr.bdaddr, cp->addr.type);
7fbec224 2836 if (err < 0)
f0eeea8b 2837 status = MGMT_STATUS_INVALID_PARAMS;
7fbec224 2838 else
f0eeea8b
JH		 2839 status = 0;
2840
2841 err = cmd_complete(sk, index, MGMT_OP_UNBLOCK_DEVICE, status,
2842 &cp->addr, sizeof(cp->addr));
5e762444 2843
09fd0de5 2844 hci_dev_unlock(hdev);
7fbec224
AJ		 2845 hci_dev_put(hdev);
2846
2847 return err;
2848}
2849
f6422ec6 2850static int set_fast_connectable(struct sock *sk, u16 index,
650f726d 2851 void *data, u16 len)
f6422ec6
AJ		 2852{
2853 struct hci_dev *hdev;
650f726d 2854 struct mgmt_mode *cp = data;
f6422ec6
AJ		 2855 struct hci_cp_write_page_scan_activity acp;
2856 u8 type;
2857 int err;
2858
2859 BT_DBG("hci%u", index);
2860
2861 if (len != sizeof(*cp))
2862 return cmd_status(sk, index, MGMT_OP_SET_FAST_CONNECTABLE,
ca69b795 2863 MGMT_STATUS_INVALID_PARAMS);
f6422ec6
AJ		 2864
2865 hdev = hci_dev_get(index);
2866 if (!hdev)
2867 return cmd_status(sk, index, MGMT_OP_SET_FAST_CONNECTABLE,
ca69b795 2868 MGMT_STATUS_INVALID_PARAMS);
5400c044
JH		 2869 if (!hdev_is_powered(hdev))
2870 return cmd_status(sk, index, MGMT_OP_SET_FAST_CONNECTABLE,
2871 MGMT_STATUS_NOT_POWERED);
2872
2873 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
2874 return cmd_status(sk, index, MGMT_OP_SET_FAST_CONNECTABLE,
2875 MGMT_STATUS_REJECTED);
f6422ec6
AJ		 2876
2877 hci_dev_lock(hdev);
2878
f7c6869c 2879 if (cp->val) {
f6422ec6
AJ		 2880 type = PAGE_SCAN_TYPE_INTERLACED;
2881 acp.interval = 0x0024; /* 22.5 msec page scan interval */
2882 } else {
2883 type = PAGE_SCAN_TYPE_STANDARD; /* default */
2884 acp.interval = 0x0800; /* default 1.28 sec page scan */
2885 }
2886
2887 acp.window = 0x0012; /* default 11.25 msec page scan window */
2888
2889 err = hci_send_cmd(hdev, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY,
2890 sizeof(acp), &acp);
2891 if (err < 0) {
2892 err = cmd_status(sk, index, MGMT_OP_SET_FAST_CONNECTABLE,
ca69b795 2893 MGMT_STATUS_FAILED);
f6422ec6
AJ		 2894 goto done;
2895 }
2896
2897 err = hci_send_cmd(hdev, HCI_OP_WRITE_PAGE_SCAN_TYPE, 1, &type);
2898 if (err < 0) {
2899 err = cmd_status(sk, index, MGMT_OP_SET_FAST_CONNECTABLE,
ca69b795 2900 MGMT_STATUS_FAILED);
f6422ec6
AJ		 2901 goto done;
2902 }
2903
aee9b218
JH		 2904 err = cmd_complete(sk, index, MGMT_OP_SET_FAST_CONNECTABLE, 0,
2905 NULL, 0);
f6422ec6
AJ		 2906done:
2907 hci_dev_unlock(hdev);
2908 hci_dev_put(hdev);
2909
2910 return err;
2911}
2912
346af67b
VCG		 2913static int load_long_term_keys(struct sock *sk, u16 index,
2914 void *cp_data, u16 len)
2915{
2916 struct hci_dev *hdev;
2917 struct mgmt_cp_load_long_term_keys *cp = cp_data;
2918 u16 key_count, expected_len;
2919 int i;
2920
2921 if (len < sizeof(*cp))
2922 return cmd_status(sk, index, MGMT_OP_LOAD_LONG_TERM_KEYS,
2923 EINVAL);
2924
2925 key_count = get_unaligned_le16(&cp->key_count);
2926
2927 expected_len = sizeof(*cp) + key_count *
2928 sizeof(struct mgmt_ltk_info);
2929 if (expected_len != len) {
2930 BT_ERR("load_keys: expected %u bytes, got %u bytes",
2931 len, expected_len);
2932 return cmd_status(sk, index, MGMT_OP_LOAD_LONG_TERM_KEYS,
2933 EINVAL);
2934 }
2935
2936 hdev = hci_dev_get(index);
2937 if (!hdev)
2938 return cmd_status(sk, index, MGMT_OP_LOAD_LONG_TERM_KEYS,
2939 ENODEV);
2940
2941 BT_DBG("hci%u key_count %u", index, key_count);
2942
2943 hci_dev_lock(hdev);
2944
2945 hci_smp_ltks_clear(hdev);
2946
2947 for (i = 0; i < key_count; i++) {
2948 struct mgmt_ltk_info *key = &cp->keys[i];
2949 u8 type;
2950
2951 if (key->master)
2952 type = HCI_SMP_LTK;
2953 else
2954 type = HCI_SMP_LTK_SLAVE;
2955
2956 hci_add_ltk(hdev, &key->addr.bdaddr, key->addr.type,
2957 type, 0, key->authenticated, key->val,
2958 key->enc_size, key->ediv, key->rand);
2959 }
2960
2961 hci_dev_unlock(hdev);
2962 hci_dev_put(hdev);
2963
2964 return 0;
2965}
2966
0381101f
JH		 2967int mgmt_control(struct sock *sk, struct msghdr *msg, size_t msglen)
2968{
650f726d
VCG		 2969 void *buf;
2970 u8 *cp;
0381101f 2971 struct mgmt_hdr *hdr;
4e51eae9 2972 u16 opcode, index, len;
0381101f
JH		 2973 int err;
2974
2975 BT_DBG("got %zu bytes", msglen);
2976
2977 if (msglen < sizeof(*hdr))
2978 return -EINVAL;
2979
e63a15ec 2980 buf = kmalloc(msglen, GFP_KERNEL);
0381101f
JH		 2981 if (!buf)
2982 return -ENOMEM;
2983
2984 if (memcpy_fromiovec(buf, msg->msg_iov, msglen)) {
2985 err = -EFAULT;
2986 goto done;
2987 }
2988
650f726d 2989 hdr = buf;
0381101f 2990 opcode = get_unaligned_le16(&hdr->opcode);
4e51eae9 2991 index = get_unaligned_le16(&hdr->index);
0381101f
JH		 2992 len = get_unaligned_le16(&hdr->len);
2993
2994 if (len != msglen - sizeof(*hdr)) {
2995 err = -EINVAL;
2996 goto done;
2997 }
2998
650f726d
VCG		 2999 cp = buf + sizeof(*hdr);
3000
0381101f 3001 switch (opcode) {
02d98129
JH		 3002 case MGMT_OP_READ_VERSION:
3003 err = read_version(sk);
3004 break;
e70bb2e8
JH		 3005 case MGMT_OP_READ_COMMANDS:
3006 err = read_commands(sk);
3007 break;
faba42eb
JH		 3008 case MGMT_OP_READ_INDEX_LIST:
3009 err = read_index_list(sk);
3010 break;
f7b64e69 3011 case MGMT_OP_READ_INFO:
4e51eae9 3012 err = read_controller_info(sk, index);
f7b64e69 3013 break;
eec8d2bc 3014 case MGMT_OP_SET_POWERED:
650f726d 3015 err = set_powered(sk, index, cp, len);
eec8d2bc 3016 break;
73f22f62 3017 case MGMT_OP_SET_DISCOVERABLE:
650f726d 3018 err = set_discoverable(sk, index, cp, len);
73f22f62 3019 break;
9fbcbb45 3020 case MGMT_OP_SET_CONNECTABLE:
650f726d 3021 err = set_connectable(sk, index, cp, len);
9fbcbb45 3022 break;
f7c6869c 3023 case MGMT_OP_SET_FAST_CONNECTABLE:
650f726d 3024 err = set_fast_connectable(sk, index, cp, len);
f7c6869c 3025 break;
c542a06c 3026 case MGMT_OP_SET_PAIRABLE:
650f726d 3027 err = set_pairable(sk, index, cp, len);
c542a06c 3028 break;
33ef95ed
JH		 3029 case MGMT_OP_SET_LINK_SECURITY:
3030 err = set_link_security(sk, index, cp, len);
3031 break;
ed2c4ee3
JH		 3032 case MGMT_OP_SET_SSP:
3033 err = set_ssp(sk, index, cp, len);
3034 break;
6d80dfd0
JH		 3035 case MGMT_OP_SET_HS:
3036 err = set_hs(sk, index, cp, len);
3037 break;
06199cf8
JH		 3038 case MGMT_OP_SET_LE:
3039 err = set_le(sk, index, cp, len);
3040 break;
2aeb9a1a 3041 case MGMT_OP_ADD_UUID:
650f726d 3042 err = add_uuid(sk, index, cp, len);
2aeb9a1a
JH		 3043 break;
3044 case MGMT_OP_REMOVE_UUID:
650f726d 3045 err = remove_uuid(sk, index, cp, len);
2aeb9a1a 3046 break;
1aff6f09 3047 case MGMT_OP_SET_DEV_CLASS:
650f726d 3048 err = set_dev_class(sk, index, cp, len);
1aff6f09 3049 break;
86742e1e 3050 case MGMT_OP_LOAD_LINK_KEYS:
650f726d 3051 err = load_link_keys(sk, index, cp, len);
55ed8ca1 3052 break;
8962ee74 3053 case MGMT_OP_DISCONNECT:
650f726d 3054 err = disconnect(sk, index, cp, len);
8962ee74 3055 break;
2784eb41 3056 case MGMT_OP_GET_CONNECTIONS:
8ce6284e 3057 err = get_connections(sk, index);
2784eb41 3058 break;
980e1a53 3059 case MGMT_OP_PIN_CODE_REPLY:
650f726d 3060 err = pin_code_reply(sk, index, cp, len);
980e1a53
JH		 3061 break;
3062 case MGMT_OP_PIN_CODE_NEG_REPLY:
650f726d 3063 err = pin_code_neg_reply(sk, index, cp, len);
980e1a53 3064 break;
17fa4b9d 3065 case MGMT_OP_SET_IO_CAPABILITY:
650f726d 3066 err = set_io_capability(sk, index, cp, len);
17fa4b9d 3067 break;
e9a416b5 3068 case MGMT_OP_PAIR_DEVICE:
650f726d 3069 err = pair_device(sk, index, cp, len);
e9a416b5 3070 break;
28424707
JH		 3071 case MGMT_OP_CANCEL_PAIR_DEVICE:
3072 err = cancel_pair_device(sk, index, buf + sizeof(*hdr), len);
3073 break;
124f6e35
JH		 3074 case MGMT_OP_UNPAIR_DEVICE:
3075 err = unpair_device(sk, index, cp, len);
3076 break;
a5c29683 3077 case MGMT_OP_USER_CONFIRM_REPLY:
650f726d 3078 err = user_confirm_reply(sk, index, cp, len);
a5c29683
JH		 3079 break;
3080 case MGMT_OP_USER_CONFIRM_NEG_REPLY:
650f726d 3081 err = user_confirm_neg_reply(sk, index, cp, len);
a5c29683 3082 break;
604086b7 3083 case MGMT_OP_USER_PASSKEY_REPLY:
650f726d 3084 err = user_passkey_reply(sk, index, cp, len);
604086b7
BG		 3085 break;
3086 case MGMT_OP_USER_PASSKEY_NEG_REPLY:
650f726d 3087 err = user_passkey_neg_reply(sk, index, cp, len);
a5c29683 3088 break;
b312b161 3089 case MGMT_OP_SET_LOCAL_NAME:
650f726d 3090 err = set_local_name(sk, index, cp, len);
b312b161 3091 break;
c35938b2
SJ		 3092 case MGMT_OP_READ_LOCAL_OOB_DATA:
3093 err = read_local_oob_data(sk, index);
3094 break;
2763eda6 3095 case MGMT_OP_ADD_REMOTE_OOB_DATA:
650f726d 3096 err = add_remote_oob_data(sk, index, cp, len);
2763eda6
SJ		 3097 break;
3098 case MGMT_OP_REMOVE_REMOTE_OOB_DATA:
650f726d 3099 err = remove_remote_oob_data(sk, index, cp, len);
2763eda6 3100 break;
14a53664 3101 case MGMT_OP_START_DISCOVERY:
650f726d 3102 err = start_discovery(sk, index, cp, len);
14a53664
JH		 3103 break;
3104 case MGMT_OP_STOP_DISCOVERY:
d930650b 3105 err = stop_discovery(sk, index, cp, len);
14a53664 3106 break;
561aafbc 3107 case MGMT_OP_CONFIRM_NAME:
650f726d 3108 err = confirm_name(sk, index, cp, len);
561aafbc 3109 break;
7fbec224 3110 case MGMT_OP_BLOCK_DEVICE:
650f726d 3111 err = block_device(sk, index, cp, len);
7fbec224
AJ		 3112 break;
3113 case MGMT_OP_UNBLOCK_DEVICE:
650f726d 3114 err = unblock_device(sk, index, cp, len);
7fbec224 3115 break;
346af67b
VCG		 3116 case MGMT_OP_LOAD_LONG_TERM_KEYS:
3117 err = load_long_term_keys(sk, index, cp, len);
3118 break;
0381101f
JH		 3119 default:
3120 BT_DBG("Unknown op %u", opcode);
ca69b795
JH		 3121 err = cmd_status(sk, index, opcode,
3122 MGMT_STATUS_UNKNOWN_COMMAND);
0381101f
JH		 3123 break;
3124 }
3125
e41d8b4e
JH		 3126 if (err < 0)
3127 goto done;
3128
0381101f
JH		 3129 err = msglen;
3130
3131done:
3132 kfree(buf);
3133 return err;
3134}
c71e97bf 3135
b24752fe
JH		 3136static void cmd_status_rsp(struct pending_cmd *cmd, void *data)
3137{
3138 u8 *status = data;
3139
3140 cmd_status(cmd->sk, cmd->index, cmd->opcode, *status);
3141 mgmt_pending_remove(cmd);
3142}
3143
744cf19e 3144int mgmt_index_added(struct hci_dev *hdev)
c71e97bf 3145{
744cf19e 3146 return mgmt_event(MGMT_EV_INDEX_ADDED, hdev, NULL, 0, NULL);
c71e97bf
JH		 3147}
3148
744cf19e 3149int mgmt_index_removed(struct hci_dev *hdev)
c71e97bf 3150{
b24752fe
JH		 3151 u8 status = ENODEV;
3152
744cf19e 3153 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status);
b24752fe 3154
744cf19e 3155 return mgmt_event(MGMT_EV_INDEX_REMOVED, hdev, NULL, 0, NULL);
eec8d2bc
JH		 3156}
3157
73f22f62 3158struct cmd_lookup {
eec8d2bc 3159 struct sock *sk;
69ab39ea 3160 struct hci_dev *hdev;
90e70454 3161 u8 mgmt_status;
eec8d2bc
JH		 3162};
3163
69ab39ea 3164static void settings_rsp(struct pending_cmd *cmd, void *data)
eec8d2bc 3165{
73f22f62 3166 struct cmd_lookup *match = data;
eec8d2bc 3167
69ab39ea 3168 send_settings_rsp(cmd->sk, cmd->opcode, match->hdev);
eec8d2bc
JH		 3169
3170 list_del(&cmd->list);
3171
3172 if (match->sk == NULL) {
3173 match->sk = cmd->sk;
3174 sock_hold(match->sk);
3175 }
3176
3177 mgmt_pending_free(cmd);
c71e97bf 3178}
5add6af8 3179
744cf19e 3180int mgmt_powered(struct hci_dev *hdev, u8 powered)
5add6af8 3181{
76a7f3a4 3182 struct cmd_lookup match = { NULL, hdev };
7bb895d6 3183 int err;
5add6af8 3184
5e5282bb
JH		 3185 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
3186 return 0;
3187
69ab39ea 3188 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
5add6af8 3189
5e5282bb
JH		 3190 if (powered) {
3191 u8 scan = 0;
3192
3193 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
3194 scan |= SCAN_PAGE;
3195 if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
3196 scan |= SCAN_INQUIRY;
3197
3198 if (scan)
3199 hci_send_cmd(hdev, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
504c8dcd
JH		 3200
3201 update_class(hdev);
3202 update_eir(hdev);
5e5282bb 3203 } else {
b24752fe 3204 u8 status = ENETDOWN;
744cf19e 3205 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status);
b24752fe
JH		 3206 }
3207
beadb2bd 3208 err = new_settings(hdev, match.sk);
eec8d2bc
JH		 3209
3210 if (match.sk)
3211 sock_put(match.sk);
3212
7bb895d6 3213 return err;
5add6af8 3214}
73f22f62 3215
744cf19e 3216int mgmt_discoverable(struct hci_dev *hdev, u8 discoverable)
73f22f62 3217{
76a7f3a4 3218 struct cmd_lookup match = { NULL, hdev };
5e5282bb
JH		 3219 bool changed = false;
3220 int err = 0;
73f22f62 3221
5e5282bb
JH		 3222 if (discoverable) {
3223 if (!test_and_set_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
3224 changed = true;
3225 } else {
3226 if (test_and_clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
3227 changed = true;
3228 }
73f22f62 3229
ed9b5f2f
JH		 3230 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, hdev, settings_rsp,
3231 &match);
3232
beadb2bd
JH		 3233 if (changed)
3234 err = new_settings(hdev, match.sk);
5e5282bb 3235
73f22f62
JH		 3236 if (match.sk)
3237 sock_put(match.sk);
3238
7bb895d6 3239 return err;
73f22f62 3240}
9fbcbb45 3241
744cf19e 3242int mgmt_connectable(struct hci_dev *hdev, u8 connectable)
9fbcbb45 3243{
76a7f3a4 3244 struct cmd_lookup match = { NULL, hdev };
5e5282bb
JH		 3245 bool changed = false;
3246 int err = 0;
9fbcbb45 3247
5e5282bb
JH		 3248 if (connectable) {
3249 if (!test_and_set_bit(HCI_CONNECTABLE, &hdev->dev_flags))
3250 changed = true;
3251 } else {
3252 if (test_and_clear_bit(HCI_CONNECTABLE, &hdev->dev_flags))
3253 changed = true;
3254 }
9fbcbb45 3255
ed9b5f2f
JH		 3256 mgmt_pending_foreach(MGMT_OP_SET_CONNECTABLE, hdev, settings_rsp,
3257 &match);
3258
beadb2bd
JH		 3259 if (changed)
3260 err = new_settings(hdev, match.sk);
9fbcbb45
JH		 3261
3262 if (match.sk)
3263 sock_put(match.sk);
3264
7bb895d6 3265 return err;
9fbcbb45 3266}
55ed8ca1 3267
744cf19e 3268int mgmt_write_scan_failed(struct hci_dev *hdev, u8 scan, u8 status)
2d7cee58 3269{
ca69b795
JH		 3270 u8 mgmt_err = mgmt_status(status);
3271
2d7cee58 3272 if (scan & SCAN_PAGE)
744cf19e 3273 mgmt_pending_foreach(MGMT_OP_SET_CONNECTABLE, hdev,
ca69b795 3274 cmd_status_rsp, &mgmt_err);
2d7cee58
JH		 3275
3276 if (scan & SCAN_INQUIRY)
744cf19e 3277 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, hdev,
ca69b795 3278 cmd_status_rsp, &mgmt_err);
2d7cee58
JH		 3279
3280 return 0;
3281}
3282
744cf19e
JH		 3283int mgmt_new_link_key(struct hci_dev *hdev, struct link_key *key,
3284 u8 persistent)
55ed8ca1 3285{
86742e1e 3286 struct mgmt_ev_new_link_key ev;
55ed8ca1 3287
a492cd52 3288 memset(&ev, 0, sizeof(ev));
55ed8ca1 3289
a492cd52 3290 ev.store_hint = persistent;
d753fdc4
JH		 3291 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
3292 ev.key.addr.type = MGMT_ADDR_BREDR;
a492cd52
VCG		 3293 ev.key.type = key->type;
3294 memcpy(ev.key.val, key->val, 16);
3295 ev.key.pin_len = key->pin_len;
55ed8ca1 3296
744cf19e 3297 return mgmt_event(MGMT_EV_NEW_LINK_KEY, hdev, &ev, sizeof(ev), NULL);
55ed8ca1 3298}
f7520543 3299
346af67b
VCG		 3300int mgmt_new_ltk(struct hci_dev *hdev, struct smp_ltk *key, u8 persistent)
3301{
3302 struct mgmt_ev_new_long_term_key ev;
3303
3304 memset(&ev, 0, sizeof(ev));
3305
3306 ev.store_hint = persistent;
3307 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
3308 ev.key.addr.type = key->bdaddr_type;
3309 ev.key.authenticated = key->authenticated;
3310 ev.key.enc_size = key->enc_size;
3311 ev.key.ediv = key->ediv;
3312
3313 if (key->type == HCI_SMP_LTK)
3314 ev.key.master = 1;
3315
3316 memcpy(ev.key.rand, key->rand, sizeof(key->rand));
3317 memcpy(ev.key.val, key->val, sizeof(key->val));
3318
3319 return mgmt_event(MGMT_EV_NEW_LONG_TERM_KEY, hdev,
3320 &ev, sizeof(ev), NULL);
3321}
3322
afc747a6 3323int mgmt_device_connected(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
08c79b61
JH		 3324 u8 addr_type, u32 flags, u8 *name,
3325 u8 name_len, u8 *dev_class)
f7520543 3326{
b644ba33
JH		 3327 char buf[512];
3328 struct mgmt_ev_device_connected *ev = (void *) buf;
3329 u16 eir_len = 0;
f7520543 3330
b644ba33
JH		 3331 bacpy(&ev->addr.bdaddr, bdaddr);
3332 ev->addr.type = link_to_mgmt(link_type, addr_type);
f7520543 3333
c95f0ba7 3334 ev->flags = __cpu_to_le32(flags);
08c79b61 3335
b644ba33
JH		 3336 if (name_len > 0)
3337 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE,
3338 name, name_len);
3339
3340 if (dev_class && memcmp(dev_class, "\0\0\0", 3) != 0)
3341 eir_len = eir_append_data(&ev->eir[eir_len], eir_len,
3342 EIR_CLASS_OF_DEV, dev_class, 3);
3343
3344 put_unaligned_le16(eir_len, &ev->eir_len);
3345
3346 return mgmt_event(MGMT_EV_DEVICE_CONNECTED, hdev, buf,
3347 sizeof(*ev) + eir_len, NULL);
f7520543
JH		 3348}
3349
8962ee74
JH		 3350static void disconnect_rsp(struct pending_cmd *cmd, void *data)
3351{
c68fb7ff 3352 struct mgmt_cp_disconnect *cp = cmd->param;
8962ee74 3353 struct sock **sk = data;
a38528f1 3354 struct mgmt_rp_disconnect rp;
8962ee74 3355
88c3df13
JH		 3356 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
3357 rp.addr.type = cp->addr.type;
8962ee74 3358
aee9b218
JH		 3359 cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT, 0, &rp,
3360 sizeof(rp));
8962ee74
JH		 3361
3362 *sk = cmd->sk;
3363 sock_hold(*sk);
3364
a664b5bc 3365 mgmt_pending_remove(cmd);
8962ee74
JH		 3366}
3367
124f6e35 3368static void unpair_device_rsp(struct pending_cmd *cmd, void *data)
a8a1d19e 3369{
b1078ad0 3370 struct hci_dev *hdev = data;
124f6e35
JH		 3371 struct mgmt_cp_unpair_device *cp = cmd->param;
3372 struct mgmt_rp_unpair_device rp;
a8a1d19e
JH		 3373
3374 memset(&rp, 0, sizeof(rp));
124f6e35
JH		 3375 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
3376 rp.addr.type = cp->addr.type;
a8a1d19e 3377
b1078ad0
JH		 3378 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, cmd->sk);
3379
aee9b218 3380 cmd_complete(cmd->sk, cmd->index, cmd->opcode, 0, &rp, sizeof(rp));
a8a1d19e
JH		 3381
3382 mgmt_pending_remove(cmd);
3383}
3384
afc747a6
JH		 3385int mgmt_device_disconnected(struct hci_dev *hdev, bdaddr_t *bdaddr,
3386 u8 link_type, u8 addr_type)
f7520543 3387{
4c659c39 3388 struct mgmt_addr_info ev;
8962ee74
JH		 3389 struct sock *sk = NULL;
3390 int err;
3391
744cf19e 3392 mgmt_pending_foreach(MGMT_OP_DISCONNECT, hdev, disconnect_rsp, &sk);
f7520543 3393
f7520543 3394 bacpy(&ev.bdaddr, bdaddr);
48264f06 3395 ev.type = link_to_mgmt(link_type, addr_type);
f7520543 3396
afc747a6
JH		 3397 err = mgmt_event(MGMT_EV_DEVICE_DISCONNECTED, hdev, &ev, sizeof(ev),
3398 sk);
8962ee74
JH		 3399
3400 if (sk)
3401 sock_put(sk);
3402
124f6e35 3403 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
b1078ad0 3404 hdev);
a8a1d19e 3405
8962ee74
JH		 3406 return err;
3407}
3408
88c3df13
JH		 3409int mgmt_disconnect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr,
3410 u8 link_type, u8 addr_type, u8 status)
8962ee74 3411{
88c3df13 3412 struct mgmt_rp_disconnect rp;
8962ee74
JH		 3413 struct pending_cmd *cmd;
3414 int err;
3415
2e58ef3e 3416 cmd = mgmt_pending_find(MGMT_OP_DISCONNECT, hdev);
8962ee74
JH		 3417 if (!cmd)
3418 return -ENOENT;
3419
88c3df13
JH		 3420 bacpy(&rp.addr.bdaddr, bdaddr);
3421 rp.addr.type = link_to_mgmt(link_type, addr_type);
37d9ef76 3422
88c3df13 3423 err = cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT,
aee9b218 3424 mgmt_status(status), &rp, sizeof(rp));
8962ee74 3425
a664b5bc 3426 mgmt_pending_remove(cmd);
8962ee74 3427
b1078ad0
JH		 3428 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
3429 hdev);
8962ee74 3430 return err;
f7520543 3431}
17d5c04c 3432
48264f06
JH		 3433int mgmt_connect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
3434 u8 addr_type, u8 status)
17d5c04c
JH		 3435{
3436 struct mgmt_ev_connect_failed ev;
3437
4c659c39 3438 bacpy(&ev.addr.bdaddr, bdaddr);
48264f06 3439 ev.addr.type = link_to_mgmt(link_type, addr_type);
ca69b795 3440 ev.status = mgmt_status(status);
17d5c04c 3441
744cf19e 3442 return mgmt_event(MGMT_EV_CONNECT_FAILED, hdev, &ev, sizeof(ev), NULL);
17d5c04c 3443}
980e1a53 3444
744cf19e 3445int mgmt_pin_code_request(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 secure)
980e1a53
JH		 3446{
3447 struct mgmt_ev_pin_code_request ev;
3448
d8457698
JH		 3449 bacpy(&ev.addr.bdaddr, bdaddr);
3450 ev.addr.type = MGMT_ADDR_BREDR;
a770bb5a 3451 ev.secure = secure;
980e1a53 3452
744cf19e 3453 return mgmt_event(MGMT_EV_PIN_CODE_REQUEST, hdev, &ev, sizeof(ev),
4e51eae9 3454 NULL);
980e1a53
JH		 3455}
3456
744cf19e
JH		 3457int mgmt_pin_code_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
3458 u8 status)
980e1a53
JH		 3459{
3460 struct pending_cmd *cmd;
ac56fb13 3461 struct mgmt_rp_pin_code_reply rp;
980e1a53
JH		 3462 int err;
3463
2e58ef3e 3464 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_REPLY, hdev);
980e1a53
JH		 3465 if (!cmd)
3466 return -ENOENT;
3467
d8457698
JH		 3468 bacpy(&rp.addr.bdaddr, bdaddr);
3469 rp.addr.type = MGMT_ADDR_BREDR;
ac56fb13 3470
aee9b218
JH		 3471 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
3472 mgmt_status(status), &rp, sizeof(rp));
980e1a53 3473
a664b5bc 3474 mgmt_pending_remove(cmd);
980e1a53
JH		 3475
3476 return err;
3477}
3478
744cf19e
JH		 3479int mgmt_pin_code_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
3480 u8 status)
980e1a53
JH		 3481{
3482 struct pending_cmd *cmd;
ac56fb13 3483 struct mgmt_rp_pin_code_reply rp;
980e1a53
JH		 3484 int err;
3485
2e58ef3e 3486 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_NEG_REPLY, hdev);
980e1a53
JH		 3487 if (!cmd)
3488 return -ENOENT;
3489
d8457698
JH		 3490 bacpy(&rp.addr.bdaddr, bdaddr);
3491 rp.addr.type = MGMT_ADDR_BREDR;
ac56fb13 3492
aee9b218
JH		 3493 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_NEG_REPLY,
3494 mgmt_status(status), &rp, sizeof(rp));
980e1a53 3495
a664b5bc 3496 mgmt_pending_remove(cmd);
980e1a53
JH		 3497
3498 return err;
3499}
a5c29683 3500
744cf19e 3501int mgmt_user_confirm_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
272d90df
JH		 3502 u8 link_type, u8 addr_type, __le32 value,
3503 u8 confirm_hint)
a5c29683
JH		 3504{
3505 struct mgmt_ev_user_confirm_request ev;
3506
744cf19e 3507 BT_DBG("%s", hdev->name);
a5c29683 3508
272d90df
JH		 3509 bacpy(&ev.addr.bdaddr, bdaddr);
3510 ev.addr.type = link_to_mgmt(link_type, addr_type);
55bc1a37 3511 ev.confirm_hint = confirm_hint;
a5c29683
JH		 3512 put_unaligned_le32(value, &ev.value);
3513
744cf19e 3514 return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST, hdev, &ev, sizeof(ev),
4e51eae9 3515 NULL);
a5c29683
JH		 3516}
3517
272d90df
JH		 3518int mgmt_user_passkey_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
3519 u8 link_type, u8 addr_type)
604086b7
BG		 3520{
3521 struct mgmt_ev_user_passkey_request ev;
3522
3523 BT_DBG("%s", hdev->name);
3524
272d90df
JH		 3525 bacpy(&ev.addr.bdaddr, bdaddr);
3526 ev.addr.type = link_to_mgmt(link_type, addr_type);
604086b7
BG		 3527
3528 return mgmt_event(MGMT_EV_USER_PASSKEY_REQUEST, hdev, &ev, sizeof(ev),
3529 NULL);
3530}
3531
0df4c185 3532static int user_pairing_resp_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
272d90df
JH		 3533 u8 link_type, u8 addr_type, u8 status,
3534 u8 opcode)
a5c29683
JH		 3535{
3536 struct pending_cmd *cmd;
3537 struct mgmt_rp_user_confirm_reply rp;
3538 int err;
3539
2e58ef3e 3540 cmd = mgmt_pending_find(opcode, hdev);
a5c29683
JH		 3541 if (!cmd)
3542 return -ENOENT;
3543
272d90df
JH		 3544 bacpy(&rp.addr.bdaddr, bdaddr);
3545 rp.addr.type = link_to_mgmt(link_type, addr_type);
aee9b218
JH		 3546 err = cmd_complete(cmd->sk, hdev->id, opcode, mgmt_status(status),
3547 &rp, sizeof(rp));
a5c29683 3548
a664b5bc 3549 mgmt_pending_remove(cmd);
a5c29683
JH		 3550
3551 return err;
3552}
3553
744cf19e 3554int mgmt_user_confirm_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
272d90df 3555 u8 link_type, u8 addr_type, u8 status)
a5c29683 3556{
272d90df
JH		 3557 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
3558 status, MGMT_OP_USER_CONFIRM_REPLY);
a5c29683
JH		 3559}
3560
272d90df
JH		 3561int mgmt_user_confirm_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
3562 u8 link_type, u8 addr_type, u8 status)
a5c29683 3563{
272d90df
JH		 3564 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
3565 status, MGMT_OP_USER_CONFIRM_NEG_REPLY);
a5c29683 3566}
2a611692 3567
604086b7 3568int mgmt_user_passkey_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
272d90df 3569 u8 link_type, u8 addr_type, u8 status)
604086b7 3570{
272d90df
JH		 3571 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
3572 status, MGMT_OP_USER_PASSKEY_REPLY);
604086b7
BG		 3573}
3574
272d90df
JH		 3575int mgmt_user_passkey_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
3576 u8 link_type, u8 addr_type, u8 status)
604086b7 3577{
272d90df
JH		 3578 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
3579 status, MGMT_OP_USER_PASSKEY_NEG_REPLY);
604086b7
BG		 3580}
3581
bab73cb6
JH		 3582int mgmt_auth_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
3583 u8 addr_type, u8 status)
2a611692
JH		 3584{
3585 struct mgmt_ev_auth_failed ev;
3586
bab73cb6
JH		 3587 bacpy(&ev.addr.bdaddr, bdaddr);
3588 ev.addr.type = link_to_mgmt(link_type, addr_type);
ca69b795 3589 ev.status = mgmt_status(status);
2a611692 3590
744cf19e 3591 return mgmt_event(MGMT_EV_AUTH_FAILED, hdev, &ev, sizeof(ev), NULL);
2a611692 3592}
b312b161 3593
33ef95ed
JH		 3594int mgmt_auth_enable_complete(struct hci_dev *hdev, u8 status)
3595{
3596 struct cmd_lookup match = { NULL, hdev };
47990ea0
JH		 3597 bool changed = false;
3598 int err = 0;
33ef95ed
JH		 3599
3600 if (status) {
3601 u8 mgmt_err = mgmt_status(status);
3602 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev,
3603 cmd_status_rsp, &mgmt_err);
3604 return 0;
3605 }
3606
47990ea0
JH		 3607 if (test_bit(HCI_AUTH, &hdev->flags)) {
3608 if (!test_and_set_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
3609 changed = true;
3610 } else {
3611 if (test_and_clear_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
3612 changed = true;
3613 }
3614
33ef95ed
JH		 3615 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev, settings_rsp,
3616 &match);
3617
47990ea0
JH		 3618 if (changed)
3619 err = new_settings(hdev, match.sk);
33ef95ed
JH		 3620
3621 if (match.sk)
3622 sock_put(match.sk);
3623
3624 return err;
3625}
3626
cacaf52f
JH		 3627static int clear_eir(struct hci_dev *hdev)
3628{
3629 struct hci_cp_write_eir cp;
3630
3631 if (!(hdev->features[6] & LMP_EXT_INQ))
3632 return 0;
3633
c80da27e
JH		 3634 memset(hdev->eir, 0, sizeof(hdev->eir));
3635
cacaf52f
JH		 3636 memset(&cp, 0, sizeof(cp));
3637
3638 return hci_send_cmd(hdev, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
3639}
3640
c0ecddc2 3641int mgmt_ssp_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
ed2c4ee3
JH		 3642{
3643 struct cmd_lookup match = { NULL, hdev };
c0ecddc2
JH		 3644 bool changed = false;
3645 int err = 0;
ed2c4ee3
JH		 3646
3647 if (status) {
3648 u8 mgmt_err = mgmt_status(status);
c0ecddc2
JH		 3649
3650 if (enable && test_and_clear_bit(HCI_SSP_ENABLED,
3651 &hdev->dev_flags))
3652 err = new_settings(hdev, NULL);
3653
ed2c4ee3
JH		 3654 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev,
3655 cmd_status_rsp, &mgmt_err);
c0ecddc2
JH		 3656
3657 return err;
3658 }
3659
3660 if (enable) {
3661 if (!test_and_set_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
3662 changed = true;
3663 } else {
3664 if (test_and_clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
3665 changed = true;
ed2c4ee3
JH		 3666 }
3667
3668 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, settings_rsp, &match);
3669
c0ecddc2
JH		 3670 if (changed)
3671 err = new_settings(hdev, match.sk);
ed2c4ee3 3672
5fc6ebb1 3673 if (match.sk)
ed2c4ee3
JH		 3674 sock_put(match.sk);
3675
5fc6ebb1
JH		 3676 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
3677 update_eir(hdev);
3678 else
3679 clear_eir(hdev);
cacaf52f 3680
ed2c4ee3
JH		 3681 return err;
3682}
3683
90e70454
JH		 3684static void class_rsp(struct pending_cmd *cmd, void *data)
3685{
3686 struct cmd_lookup *match = data;
3687
3688 cmd_complete(cmd->sk, cmd->index, cmd->opcode, match->mgmt_status,
3689 match->hdev->dev_class, 3);
3690
3691 list_del(&cmd->list);
3692
3693 if (match->sk == NULL) {
3694 match->sk = cmd->sk;
3695 sock_hold(match->sk);
3696 }
3697
3698 mgmt_pending_free(cmd);
3699}
3700
7f9a903c
MH		 3701int mgmt_set_class_of_dev_complete(struct hci_dev *hdev, u8 *dev_class,
3702 u8 status)
3703{
90e70454
JH		 3704 struct cmd_lookup match = { NULL, hdev, mgmt_status(status) };
3705 int err = 0;
7f9a903c 3706
c95f0ba7
JH		 3707 clear_bit(HCI_PENDING_CLASS, &hdev->dev_flags);
3708
90e70454
JH		 3709 mgmt_pending_foreach(MGMT_OP_SET_DEV_CLASS, hdev, class_rsp, &match);
3710 mgmt_pending_foreach(MGMT_OP_ADD_UUID, hdev, class_rsp, &match);
3711 mgmt_pending_foreach(MGMT_OP_REMOVE_UUID, hdev, class_rsp, &match);
3712
3713 if (!status)
3714 err = mgmt_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev,
3715 dev_class, 3, NULL);
3716
3717 if (match.sk)
3718 sock_put(match.sk);
7f9a903c
MH		 3719
3720 return err;
3721}
3722
744cf19e 3723int mgmt_set_local_name_complete(struct hci_dev *hdev, u8 *name, u8 status)
b312b161
JH		 3724{
3725 struct pending_cmd *cmd;
3726 struct mgmt_cp_set_local_name ev;
28cc7bde
JH		 3727 bool changed = false;
3728 int err = 0;
3729
3730 if (memcmp(name, hdev->dev_name, sizeof(hdev->dev_name)) != 0) {
3731 memcpy(hdev->dev_name, name, sizeof(hdev->dev_name));
3732 changed = true;
3733 }
b312b161
JH		 3734
3735 memset(&ev, 0, sizeof(ev));
3736 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH);
28cc7bde 3737 memcpy(ev.short_name, hdev->short_name, HCI_MAX_SHORT_NAME_LENGTH);
b312b161 3738
2e58ef3e 3739 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
b312b161
JH		 3740 if (!cmd)
3741 goto send_event;
3742
7bdaae4a
JH		 3743 /* Always assume that either the short or the complete name has
3744 * changed if there was a pending mgmt command */
3745 changed = true;
3746
b312b161 3747 if (status) {
744cf19e 3748 err = cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME,
ca69b795 3749 mgmt_status(status));
b312b161
JH		 3750 goto failed;
3751 }
3752
aee9b218 3753 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0, &ev,
b312b161
JH		 3754 sizeof(ev));
3755 if (err < 0)
3756 goto failed;
3757
3758send_event:
28cc7bde
JH		 3759 if (changed)
3760 err = mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, &ev,
3761 sizeof(ev), cmd ? cmd->sk : NULL);
3762
f51d5b24 3763 update_eir(hdev);
b312b161
JH		 3764
3765failed:
3766 if (cmd)
3767 mgmt_pending_remove(cmd);
3768 return err;
3769}
c35938b2 3770
744cf19e
JH		 3771int mgmt_read_local_oob_data_reply_complete(struct hci_dev *hdev, u8 *hash,
3772 u8 *randomizer, u8 status)
c35938b2
SJ		 3773{
3774 struct pending_cmd *cmd;
3775 int err;
3776
744cf19e 3777 BT_DBG("%s status %u", hdev->name, status);
c35938b2 3778
2e58ef3e 3779 cmd = mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev);
c35938b2
SJ		 3780 if (!cmd)
3781 return -ENOENT;
3782
3783 if (status) {
744cf19e 3784 err = cmd_status(cmd->sk, hdev->id,
ca69b795
JH		 3785 MGMT_OP_READ_LOCAL_OOB_DATA,
3786 mgmt_status(status));
c35938b2
SJ		 3787 } else {
3788 struct mgmt_rp_read_local_oob_data rp;
3789
3790 memcpy(rp.hash, hash, sizeof(rp.hash));
3791 memcpy(rp.randomizer, randomizer, sizeof(rp.randomizer));
3792
744cf19e
JH		 3793 err = cmd_complete(cmd->sk, hdev->id,
3794 MGMT_OP_READ_LOCAL_OOB_DATA,
aee9b218 3795 0, &rp, sizeof(rp));
c35938b2
SJ		 3796 }
3797
3798 mgmt_pending_remove(cmd);
3799
3800 return err;
3801}
e17acd40 3802
06199cf8
JH		 3803int mgmt_le_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
3804{
3805 struct cmd_lookup match = { NULL, hdev };
3806 bool changed = false;
3807 int err = 0;
3808
3809 if (status) {
3810 u8 mgmt_err = mgmt_status(status);
3811
3812 if (enable && test_and_clear_bit(HCI_LE_ENABLED,
3813 &hdev->dev_flags))
3814 err = new_settings(hdev, NULL);
3815
3816 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev,
3817 cmd_status_rsp, &mgmt_err);
3818
3819 return err;
3820 }
3821
3822 if (enable) {
3823 if (!test_and_set_bit(HCI_LE_ENABLED, &hdev->dev_flags))
3824 changed = true;
3825 } else {
3826 if (test_and_clear_bit(HCI_LE_ENABLED, &hdev->dev_flags))
3827 changed = true;
3828 }
3829
3830 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, settings_rsp, &match);
3831
3832 if (changed)
3833 err = new_settings(hdev, match.sk);
3834
3835 if (match.sk)
3836 sock_put(match.sk);
3837
3838 return err;
3839}
3840
48264f06 3841int mgmt_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
561aafbc 3842 u8 addr_type, u8 *dev_class, s8 rssi,
388fc8fa 3843 u8 cfm_name, u8 ssp, u8 *eir, u16 eir_len)
e17acd40 3844{
e319d2e7
JH		 3845 char buf[512];
3846 struct mgmt_ev_device_found *ev = (void *) buf;
1dc06093 3847 size_t ev_size;
e17acd40 3848
1dc06093
JH		 3849 /* Leave 5 bytes for a potential CoD field */
3850 if (sizeof(*ev) + eir_len + 5 > sizeof(buf))
7d262f86
AG		 3851 return -EINVAL;
3852
1dc06093
JH		 3853 memset(buf, 0, sizeof(buf));
3854
e319d2e7
JH		 3855 bacpy(&ev->addr.bdaddr, bdaddr);
3856 ev->addr.type = link_to_mgmt(link_type, addr_type);
3857 ev->rssi = rssi;
9a395a80
JH		 3858 if (cfm_name)
3859 ev->flags[0] |= MGMT_DEV_FOUND_CONFIRM_NAME;
388fc8fa
JH		 3860 if (!ssp)
3861 ev->flags[0] |= MGMT_DEV_FOUND_LEGACY_PAIRING;
e17acd40 3862
1dc06093 3863 if (eir_len > 0)
e319d2e7 3864 memcpy(ev->eir, eir, eir_len);
e17acd40 3865
1dc06093
JH		 3866 if (dev_class && !eir_has_data_type(ev->eir, eir_len, EIR_CLASS_OF_DEV))
3867 eir_len = eir_append_data(ev->eir, eir_len, EIR_CLASS_OF_DEV,
3868 dev_class, 3);
3869
3870 put_unaligned_le16(eir_len, &ev->eir_len);
3871
3872 ev_size = sizeof(*ev) + eir_len;
f8523598 3873
e319d2e7 3874 return mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, ev_size, NULL);
e17acd40 3875}
a88a9652 3876
b644ba33
JH		 3877int mgmt_remote_name(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
3878 u8 addr_type, s8 rssi, u8 *name, u8 name_len)
a88a9652 3879{
b644ba33
JH		 3880 struct mgmt_ev_device_found *ev;
3881 char buf[sizeof(*ev) + HCI_MAX_NAME_LENGTH + 2];
3882 u16 eir_len;
a88a9652 3883
b644ba33 3884 ev = (struct mgmt_ev_device_found *) buf;
a88a9652 3885
b644ba33
JH		 3886 memset(buf, 0, sizeof(buf));
3887
3888 bacpy(&ev->addr.bdaddr, bdaddr);
3889 ev->addr.type = link_to_mgmt(link_type, addr_type);
3890 ev->rssi = rssi;
3891
3892 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE, name,
3893 name_len);
3894
3895 put_unaligned_le16(eir_len, &ev->eir_len);
a88a9652 3896
053c7e0c
JH		 3897 return mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev,
3898 sizeof(*ev) + eir_len, NULL);
a88a9652 3899}
314b2381 3900
7a135109 3901int mgmt_start_discovery_failed(struct hci_dev *hdev, u8 status)
164a6e78
JH		 3902{
3903 struct pending_cmd *cmd;
f808e166 3904 u8 type;
164a6e78
JH		 3905 int err;
3906
203159d4
AG		 3907 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
3908
2e58ef3e 3909 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
164a6e78
JH		 3910 if (!cmd)
3911 return -ENOENT;
3912
f808e166
JH		 3913 type = hdev->discovery.type;
3914
3915 err = cmd_complete(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status),
3916 &type, sizeof(type));
164a6e78
JH		 3917 mgmt_pending_remove(cmd);
3918
3919 return err;
3920}
3921
e6d465cb
AG		 3922int mgmt_stop_discovery_failed(struct hci_dev *hdev, u8 status)
3923{
3924 struct pending_cmd *cmd;
3925 int err;
3926
3927 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
3928 if (!cmd)
3929 return -ENOENT;
3930
d930650b
JH		 3931 err = cmd_complete(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status),
3932 &hdev->discovery.type,
3933 sizeof(hdev->discovery.type));
164a6e78
JH		 3934 mgmt_pending_remove(cmd);
3935
3936 return err;
3937}
3938
744cf19e 3939int mgmt_discovering(struct hci_dev *hdev, u8 discovering)
314b2381 3940{
f963e8e9 3941 struct mgmt_ev_discovering ev;
164a6e78
JH		 3942 struct pending_cmd *cmd;
3943
343fb145
AG		 3944 BT_DBG("%s discovering %u", hdev->name, discovering);
3945
164a6e78 3946 if (discovering)
2e58ef3e 3947 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
164a6e78 3948 else
2e58ef3e 3949 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
164a6e78
JH		 3950
3951 if (cmd != NULL) {
f808e166
JH		 3952 u8 type = hdev->discovery.type;
3953
d930650b 3954 cmd_complete(cmd->sk, hdev->id, cmd->opcode, 0,
f808e166 3955 &type, sizeof(type));
164a6e78
JH		 3956 mgmt_pending_remove(cmd);
3957 }
3958
f963e8e9
JH		 3959 memset(&ev, 0, sizeof(ev));
3960 ev.type = hdev->discovery.type;
3961 ev.discovering = discovering;
3962
3963 return mgmt_event(MGMT_EV_DISCOVERING, hdev, &ev, sizeof(ev), NULL);
314b2381 3964}
5e762444 3965
88c1fe4b 3966int mgmt_device_blocked(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
5e762444
AJ		 3967{
3968 struct pending_cmd *cmd;
3969 struct mgmt_ev_device_blocked ev;
3970
2e58ef3e 3971 cmd = mgmt_pending_find(MGMT_OP_BLOCK_DEVICE, hdev);
5e762444 3972
88c1fe4b
JH		 3973 bacpy(&ev.addr.bdaddr, bdaddr);
3974 ev.addr.type = type;
5e762444 3975
744cf19e
JH		 3976 return mgmt_event(MGMT_EV_DEVICE_BLOCKED, hdev, &ev, sizeof(ev),
3977 cmd ? cmd->sk : NULL);
5e762444
AJ		 3978}
3979
88c1fe4b 3980int mgmt_device_unblocked(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
5e762444
AJ		 3981{
3982 struct pending_cmd *cmd;
3983 struct mgmt_ev_device_unblocked ev;
3984
2e58ef3e 3985 cmd = mgmt_pending_find(MGMT_OP_UNBLOCK_DEVICE, hdev);
5e762444 3986
88c1fe4b
JH		 3987 bacpy(&ev.addr.bdaddr, bdaddr);
3988 ev.addr.type = type;
5e762444 3989
744cf19e
JH		 3990 return mgmt_event(MGMT_EV_DEVICE_UNBLOCKED, hdev, &ev, sizeof(ev),
3991 cmd ? cmd->sk : NULL);
5e762444 3992}
d7b7e796
MH		 3993
3994module_param(enable_hs, bool, 0644);
3995MODULE_PARM_DESC(enable_hs, "Enable High Speed support");
3996
3997module_param(enable_le, bool, 0644);
3998MODULE_PARM_DESC(enable_le, "Enable Low Energy support");
Linux 6.x block layer and io_uring tree(s)