projects / linux-2.6-block.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Bluetooth: Make mgmt_connectable() return void
[linux-2.6-block.git] / net / bluetooth / mgmt.c
CommitLineData
0381101f
JH		 1/*
2 BlueZ - Bluetooth protocol stack for Linux
ea585ab5 3
0381101f 4 Copyright (C) 2010 Nokia Corporation
ea585ab5 5 Copyright (C) 2011-2012 Intel Corporation
0381101f
JH		 6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
10
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
23*/
24
25/* Bluetooth HCI Management interface */
26
3a9a231d 27#include <linux/module.h>
0381101f
JH		 28#include <asm/unaligned.h>
29
30#include <net/bluetooth/bluetooth.h>
31#include <net/bluetooth/hci_core.h>
32#include <net/bluetooth/mgmt.h>
ac4b7236
MH		 33
34#include "smp.h"
0381101f 35
2da9c55c 36#define MGMT_VERSION 1
9ab8cf37 37#define MGMT_REVISION 4
02d98129 38
e70bb2e8
JH		 39static const u16 mgmt_commands[] = {
40 MGMT_OP_READ_INDEX_LIST,
41 MGMT_OP_READ_INFO,
42 MGMT_OP_SET_POWERED,
43 MGMT_OP_SET_DISCOVERABLE,
44 MGMT_OP_SET_CONNECTABLE,
45 MGMT_OP_SET_FAST_CONNECTABLE,
46 MGMT_OP_SET_PAIRABLE,
47 MGMT_OP_SET_LINK_SECURITY,
48 MGMT_OP_SET_SSP,
49 MGMT_OP_SET_HS,
50 MGMT_OP_SET_LE,
51 MGMT_OP_SET_DEV_CLASS,
52 MGMT_OP_SET_LOCAL_NAME,
53 MGMT_OP_ADD_UUID,
54 MGMT_OP_REMOVE_UUID,
55 MGMT_OP_LOAD_LINK_KEYS,
56 MGMT_OP_LOAD_LONG_TERM_KEYS,
57 MGMT_OP_DISCONNECT,
58 MGMT_OP_GET_CONNECTIONS,
59 MGMT_OP_PIN_CODE_REPLY,
60 MGMT_OP_PIN_CODE_NEG_REPLY,
61 MGMT_OP_SET_IO_CAPABILITY,
62 MGMT_OP_PAIR_DEVICE,
63 MGMT_OP_CANCEL_PAIR_DEVICE,
64 MGMT_OP_UNPAIR_DEVICE,
65 MGMT_OP_USER_CONFIRM_REPLY,
66 MGMT_OP_USER_CONFIRM_NEG_REPLY,
67 MGMT_OP_USER_PASSKEY_REPLY,
68 MGMT_OP_USER_PASSKEY_NEG_REPLY,
69 MGMT_OP_READ_LOCAL_OOB_DATA,
70 MGMT_OP_ADD_REMOTE_OOB_DATA,
71 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
72 MGMT_OP_START_DISCOVERY,
73 MGMT_OP_STOP_DISCOVERY,
74 MGMT_OP_CONFIRM_NAME,
75 MGMT_OP_BLOCK_DEVICE,
76 MGMT_OP_UNBLOCK_DEVICE,
cdbaccca 77 MGMT_OP_SET_DEVICE_ID,
4375f103 78 MGMT_OP_SET_ADVERTISING,
0663ca2a 79 MGMT_OP_SET_BREDR,
d13eafce 80 MGMT_OP_SET_STATIC_ADDRESS,
7f72134e 81 MGMT_OP_SET_SCAN_PARAMS,
e70bb2e8
JH		 82};
83
84static const u16 mgmt_events[] = {
85 MGMT_EV_CONTROLLER_ERROR,
86 MGMT_EV_INDEX_ADDED,
87 MGMT_EV_INDEX_REMOVED,
88 MGMT_EV_NEW_SETTINGS,
89 MGMT_EV_CLASS_OF_DEV_CHANGED,
90 MGMT_EV_LOCAL_NAME_CHANGED,
91 MGMT_EV_NEW_LINK_KEY,
92 MGMT_EV_NEW_LONG_TERM_KEY,
93 MGMT_EV_DEVICE_CONNECTED,
94 MGMT_EV_DEVICE_DISCONNECTED,
95 MGMT_EV_CONNECT_FAILED,
96 MGMT_EV_PIN_CODE_REQUEST,
97 MGMT_EV_USER_CONFIRM_REQUEST,
98 MGMT_EV_USER_PASSKEY_REQUEST,
99 MGMT_EV_AUTH_FAILED,
100 MGMT_EV_DEVICE_FOUND,
101 MGMT_EV_DISCOVERING,
102 MGMT_EV_DEVICE_BLOCKED,
103 MGMT_EV_DEVICE_UNBLOCKED,
104 MGMT_EV_DEVICE_UNPAIRED,
92a25256 105 MGMT_EV_PASSKEY_NOTIFY,
e70bb2e8
JH		 106};
107
17b02e62 108#define CACHE_TIMEOUT msecs_to_jiffies(2 * 1000)
7d78525d 109
4b34ee78
JH		 110#define hdev_is_powered(hdev) (test_bit(HCI_UP, &hdev->flags) && \
111 !test_bit(HCI_AUTO_OFF, &hdev->dev_flags))
112
eec8d2bc
JH		 113struct pending_cmd {
114 struct list_head list;
fc2f4b13 115 u16 opcode;
eec8d2bc 116 int index;
c68fb7ff 117 void *param;
eec8d2bc 118 struct sock *sk;
e9a416b5 119 void *user_data;
eec8d2bc
JH		 120};
121
ca69b795
JH		 122/* HCI to MGMT error code conversion table */
123static u8 mgmt_status_table[] = {
124 MGMT_STATUS_SUCCESS,
125 MGMT_STATUS_UNKNOWN_COMMAND, /* Unknown Command */
126 MGMT_STATUS_NOT_CONNECTED, /* No Connection */
127 MGMT_STATUS_FAILED, /* Hardware Failure */
128 MGMT_STATUS_CONNECT_FAILED, /* Page Timeout */
129 MGMT_STATUS_AUTH_FAILED, /* Authentication Failed */
130 MGMT_STATUS_NOT_PAIRED, /* PIN or Key Missing */
131 MGMT_STATUS_NO_RESOURCES, /* Memory Full */
132 MGMT_STATUS_TIMEOUT, /* Connection Timeout */
133 MGMT_STATUS_NO_RESOURCES, /* Max Number of Connections */
134 MGMT_STATUS_NO_RESOURCES, /* Max Number of SCO Connections */
135 MGMT_STATUS_ALREADY_CONNECTED, /* ACL Connection Exists */
136 MGMT_STATUS_BUSY, /* Command Disallowed */
137 MGMT_STATUS_NO_RESOURCES, /* Rejected Limited Resources */
138 MGMT_STATUS_REJECTED, /* Rejected Security */
139 MGMT_STATUS_REJECTED, /* Rejected Personal */
140 MGMT_STATUS_TIMEOUT, /* Host Timeout */
141 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Feature */
142 MGMT_STATUS_INVALID_PARAMS, /* Invalid Parameters */
143 MGMT_STATUS_DISCONNECTED, /* OE User Ended Connection */
144 MGMT_STATUS_NO_RESOURCES, /* OE Low Resources */
145 MGMT_STATUS_DISCONNECTED, /* OE Power Off */
146 MGMT_STATUS_DISCONNECTED, /* Connection Terminated */
147 MGMT_STATUS_BUSY, /* Repeated Attempts */
148 MGMT_STATUS_REJECTED, /* Pairing Not Allowed */
149 MGMT_STATUS_FAILED, /* Unknown LMP PDU */
150 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Remote Feature */
151 MGMT_STATUS_REJECTED, /* SCO Offset Rejected */
152 MGMT_STATUS_REJECTED, /* SCO Interval Rejected */
153 MGMT_STATUS_REJECTED, /* Air Mode Rejected */
154 MGMT_STATUS_INVALID_PARAMS, /* Invalid LMP Parameters */
155 MGMT_STATUS_FAILED, /* Unspecified Error */
156 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported LMP Parameter Value */
157 MGMT_STATUS_FAILED, /* Role Change Not Allowed */
158 MGMT_STATUS_TIMEOUT, /* LMP Response Timeout */
159 MGMT_STATUS_FAILED, /* LMP Error Transaction Collision */
160 MGMT_STATUS_FAILED, /* LMP PDU Not Allowed */
161 MGMT_STATUS_REJECTED, /* Encryption Mode Not Accepted */
162 MGMT_STATUS_FAILED, /* Unit Link Key Used */
163 MGMT_STATUS_NOT_SUPPORTED, /* QoS Not Supported */
164 MGMT_STATUS_TIMEOUT, /* Instant Passed */
165 MGMT_STATUS_NOT_SUPPORTED, /* Pairing Not Supported */
166 MGMT_STATUS_FAILED, /* Transaction Collision */
167 MGMT_STATUS_INVALID_PARAMS, /* Unacceptable Parameter */
168 MGMT_STATUS_REJECTED, /* QoS Rejected */
169 MGMT_STATUS_NOT_SUPPORTED, /* Classification Not Supported */
170 MGMT_STATUS_REJECTED, /* Insufficient Security */
171 MGMT_STATUS_INVALID_PARAMS, /* Parameter Out Of Range */
172 MGMT_STATUS_BUSY, /* Role Switch Pending */
173 MGMT_STATUS_FAILED, /* Slot Violation */
174 MGMT_STATUS_FAILED, /* Role Switch Failed */
175 MGMT_STATUS_INVALID_PARAMS, /* EIR Too Large */
176 MGMT_STATUS_NOT_SUPPORTED, /* Simple Pairing Not Supported */
177 MGMT_STATUS_BUSY, /* Host Busy Pairing */
178 MGMT_STATUS_REJECTED, /* Rejected, No Suitable Channel */
179 MGMT_STATUS_BUSY, /* Controller Busy */
180 MGMT_STATUS_INVALID_PARAMS, /* Unsuitable Connection Interval */
181 MGMT_STATUS_TIMEOUT, /* Directed Advertising Timeout */
182 MGMT_STATUS_AUTH_FAILED, /* Terminated Due to MIC Failure */
183 MGMT_STATUS_CONNECT_FAILED, /* Connection Establishment Failed */
184 MGMT_STATUS_CONNECT_FAILED, /* MAC Connection Failed */
185};
186
187static u8 mgmt_status(u8 hci_status)
188{
189 if (hci_status < ARRAY_SIZE(mgmt_status_table))
190 return mgmt_status_table[hci_status];
191
192 return MGMT_STATUS_FAILED;
193}
194
4e51eae9 195static int cmd_status(struct sock *sk, u16 index, u16 cmd, u8 status)
f7b64e69
JH		 196{
197 struct sk_buff *skb;
198 struct mgmt_hdr *hdr;
199 struct mgmt_ev_cmd_status *ev;
56b7d137 200 int err;
f7b64e69 201
34eb525c 202 BT_DBG("sock %p, index %u, cmd %u, status %u", sk, index, cmd, status);
f7b64e69 203
790eff44 204 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev), GFP_KERNEL);
f7b64e69
JH		 205 if (!skb)
206 return -ENOMEM;
207
208 hdr = (void *) skb_put(skb, sizeof(*hdr));
209
612dfce9 210 hdr->opcode = __constant_cpu_to_le16(MGMT_EV_CMD_STATUS);
4e51eae9 211 hdr->index = cpu_to_le16(index);
f7b64e69
JH		 212 hdr->len = cpu_to_le16(sizeof(*ev));
213
214 ev = (void *) skb_put(skb, sizeof(*ev));
215 ev->status = status;
eb55ef07 216 ev->opcode = cpu_to_le16(cmd);
f7b64e69 217
56b7d137
GP		 218 err = sock_queue_rcv_skb(sk, skb);
219 if (err < 0)
f7b64e69
JH		 220 kfree_skb(skb);
221
56b7d137 222 return err;
f7b64e69
JH		 223}
224
aee9b218 225static int cmd_complete(struct sock *sk, u16 index, u16 cmd, u8 status,
04124681 226 void *rp, size_t rp_len)
02d98129
JH		 227{
228 struct sk_buff *skb;
229 struct mgmt_hdr *hdr;
230 struct mgmt_ev_cmd_complete *ev;
56b7d137 231 int err;
02d98129
JH		 232
233 BT_DBG("sock %p", sk);
234
790eff44 235 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev) + rp_len, GFP_KERNEL);
02d98129
JH		 236 if (!skb)
237 return -ENOMEM;
238
239 hdr = (void *) skb_put(skb, sizeof(*hdr));
02d98129 240
612dfce9 241 hdr->opcode = __constant_cpu_to_le16(MGMT_EV_CMD_COMPLETE);
4e51eae9 242 hdr->index = cpu_to_le16(index);
a38528f1 243 hdr->len = cpu_to_le16(sizeof(*ev) + rp_len);
02d98129 244
a38528f1 245 ev = (void *) skb_put(skb, sizeof(*ev) + rp_len);
eb55ef07 246 ev->opcode = cpu_to_le16(cmd);
aee9b218 247 ev->status = status;
8020c16a
SJ		 248
249 if (rp)
250 memcpy(ev->data, rp, rp_len);
02d98129 251
56b7d137
GP		 252 err = sock_queue_rcv_skb(sk, skb);
253 if (err < 0)
02d98129
JH		 254 kfree_skb(skb);
255
e5f0e151 256 return err;
02d98129
JH		 257}
258
04124681
GP		 259static int read_version(struct sock *sk, struct hci_dev *hdev, void *data,
260 u16 data_len)
a38528f1
JH		 261{
262 struct mgmt_rp_read_version rp;
263
264 BT_DBG("sock %p", sk);
265
266 rp.version = MGMT_VERSION;
eb55ef07 267 rp.revision = __constant_cpu_to_le16(MGMT_REVISION);
a38528f1 268
aee9b218 269 return cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_VERSION, 0, &rp,
04124681 270 sizeof(rp));
a38528f1
JH		 271}
272
04124681
GP		 273static int read_commands(struct sock *sk, struct hci_dev *hdev, void *data,
274 u16 data_len)
e70bb2e8
JH		 275{
276 struct mgmt_rp_read_commands *rp;
eb55ef07
MH		 277 const u16 num_commands = ARRAY_SIZE(mgmt_commands);
278 const u16 num_events = ARRAY_SIZE(mgmt_events);
2e3c35ea 279 __le16 *opcode;
e70bb2e8
JH		 280 size_t rp_size;
281 int i, err;
282
283 BT_DBG("sock %p", sk);
284
285 rp_size = sizeof(*rp) + ((num_commands + num_events) * sizeof(u16));
286
287 rp = kmalloc(rp_size, GFP_KERNEL);
288 if (!rp)
289 return -ENOMEM;
290
eb55ef07
MH		 291 rp->num_commands = __constant_cpu_to_le16(num_commands);
292 rp->num_events = __constant_cpu_to_le16(num_events);
e70bb2e8
JH		 293
294 for (i = 0, opcode = rp->opcodes; i < num_commands; i++, opcode++)
295 put_unaligned_le16(mgmt_commands[i], opcode);
296
297 for (i = 0; i < num_events; i++, opcode++)
298 put_unaligned_le16(mgmt_events[i], opcode);
299
aee9b218 300 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_COMMANDS, 0, rp,
04124681 301 rp_size);
e70bb2e8
JH		 302 kfree(rp);
303
304 return err;
305}
306
04124681
GP		 307static int read_index_list(struct sock *sk, struct hci_dev *hdev, void *data,
308 u16 data_len)
faba42eb 309{
faba42eb 310 struct mgmt_rp_read_index_list *rp;
8035ded4 311 struct hci_dev *d;
a38528f1 312 size_t rp_len;
faba42eb 313 u16 count;
476e44cb 314 int err;
faba42eb
JH		 315
316 BT_DBG("sock %p", sk);
317
318 read_lock(&hci_dev_list_lock);
319
320 count = 0;
bb4b2a9a 321 list_for_each_entry(d, &hci_dev_list, list) {
1514b892
MH		 322 if (d->dev_type == HCI_BREDR)
323 count++;
faba42eb
JH		 324 }
325
a38528f1
JH		 326 rp_len = sizeof(*rp) + (2 * count);
327 rp = kmalloc(rp_len, GFP_ATOMIC);
328 if (!rp) {
b2c60d42 329 read_unlock(&hci_dev_list_lock);
faba42eb 330 return -ENOMEM;
b2c60d42 331 }
faba42eb 332
476e44cb 333 count = 0;
8035ded4 334 list_for_each_entry(d, &hci_dev_list, list) {
a8b2d5c2 335 if (test_bit(HCI_SETUP, &d->dev_flags))
ab81cbf9
JH		 336 continue;
337
0736cfa8
MH		 338 if (test_bit(HCI_USER_CHANNEL, &d->dev_flags))
339 continue;
340
1514b892
MH		 341 if (d->dev_type == HCI_BREDR) {
342 rp->index[count++] = cpu_to_le16(d->id);
343 BT_DBG("Added hci%u", d->id);
344 }
faba42eb
JH		 345 }
346
476e44cb
JH		 347 rp->num_controllers = cpu_to_le16(count);
348 rp_len = sizeof(*rp) + (2 * count);
349
faba42eb
JH		 350 read_unlock(&hci_dev_list_lock);
351
aee9b218 352 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_INDEX_LIST, 0, rp,
04124681 353 rp_len);
faba42eb 354
a38528f1
JH		 355 kfree(rp);
356
357 return err;
faba42eb
JH		 358}
359
69ab39ea
JH		 360static u32 get_supported_settings(struct hci_dev *hdev)
361{
362 u32 settings = 0;
363
364 settings |= MGMT_SETTING_POWERED;
69ab39ea
JH		 365 settings |= MGMT_SETTING_PAIRABLE;
366
ed3fa31f 367 if (lmp_bredr_capable(hdev)) {
33c525c0 368 settings |= MGMT_SETTING_CONNECTABLE;
1a47aee8
JH		 369 if (hdev->hci_ver >= BLUETOOTH_VER_1_2)
370 settings |= MGMT_SETTING_FAST_CONNECTABLE;
33c525c0 371 settings |= MGMT_SETTING_DISCOVERABLE;
69ab39ea
JH		 372 settings |= MGMT_SETTING_BREDR;
373 settings |= MGMT_SETTING_LINK_SECURITY;
a82974c9
MH		 374
375 if (lmp_ssp_capable(hdev)) {
376 settings |= MGMT_SETTING_SSP;
377 settings |= MGMT_SETTING_HS;
378 }
848566b3 379 }
d7b7e796 380
eeca6f89 381 if (lmp_le_capable(hdev)) {
9d42820f 382 settings |= MGMT_SETTING_LE;
eeca6f89
JH		 383 settings |= MGMT_SETTING_ADVERTISING;
384 }
69ab39ea
JH		 385
386 return settings;
387}
388
389static u32 get_current_settings(struct hci_dev *hdev)
390{
391 u32 settings = 0;
392
f1f0eb02 393 if (hdev_is_powered(hdev))
f0d4b78a
MH		 394 settings |= MGMT_SETTING_POWERED;
395
5e5282bb 396 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
69ab39ea
JH		 397 settings |= MGMT_SETTING_CONNECTABLE;
398
1a4d3c4b
JH		 399 if (test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags))
400 settings |= MGMT_SETTING_FAST_CONNECTABLE;
401
5e5282bb 402 if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
69ab39ea
JH		 403 settings |= MGMT_SETTING_DISCOVERABLE;
404
a8b2d5c2 405 if (test_bit(HCI_PAIRABLE, &hdev->dev_flags))
69ab39ea
JH		 406 settings |= MGMT_SETTING_PAIRABLE;
407
56f87901 408 if (test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
69ab39ea
JH		 409 settings |= MGMT_SETTING_BREDR;
410
06199cf8 411 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
69ab39ea
JH		 412 settings |= MGMT_SETTING_LE;
413
47990ea0 414 if (test_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
69ab39ea
JH		 415 settings |= MGMT_SETTING_LINK_SECURITY;
416
84bde9d6 417 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
69ab39ea
JH		 418 settings |= MGMT_SETTING_SSP;
419
6d80dfd0
JH		 420 if (test_bit(HCI_HS_ENABLED, &hdev->dev_flags))
421 settings |= MGMT_SETTING_HS;
422
f3d3444a 423 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags))
eeca6f89
JH		 424 settings |= MGMT_SETTING_ADVERTISING;
425
69ab39ea
JH		 426 return settings;
427}
428
ef580372
JH		 429#define PNP_INFO_SVCLASS_ID 0x1200
430
213202ed
JH		 431static u8 *create_uuid16_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
432{
433 u8 *ptr = data, *uuids_start = NULL;
434 struct bt_uuid *uuid;
435
436 if (len < 4)
437 return ptr;
438
439 list_for_each_entry(uuid, &hdev->uuids, list) {
440 u16 uuid16;
441
442 if (uuid->size != 16)
443 continue;
444
445 uuid16 = get_unaligned_le16(&uuid->uuid[12]);
446 if (uuid16 < 0x1100)
447 continue;
448
449 if (uuid16 == PNP_INFO_SVCLASS_ID)
450 continue;
451
452 if (!uuids_start) {
453 uuids_start = ptr;
454 uuids_start[0] = 1;
455 uuids_start[1] = EIR_UUID16_ALL;
456 ptr += 2;
457 }
458
459 /* Stop if not enough space to put next UUID */
460 if ((ptr - data) + sizeof(u16) > len) {
461 uuids_start[1] = EIR_UUID16_SOME;
462 break;
463 }
464
465 *ptr++ = (uuid16 & 0x00ff);
466 *ptr++ = (uuid16 & 0xff00) >> 8;
467 uuids_start[0] += sizeof(uuid16);
468 }
469
470 return ptr;
471}
472
cdf1963f
JH		 473static u8 *create_uuid32_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
474{
475 u8 *ptr = data, *uuids_start = NULL;
476 struct bt_uuid *uuid;
477
478 if (len < 6)
479 return ptr;
480
481 list_for_each_entry(uuid, &hdev->uuids, list) {
482 if (uuid->size != 32)
483 continue;
484
485 if (!uuids_start) {
486 uuids_start = ptr;
487 uuids_start[0] = 1;
488 uuids_start[1] = EIR_UUID32_ALL;
489 ptr += 2;
490 }
491
492 /* Stop if not enough space to put next UUID */
493 if ((ptr - data) + sizeof(u32) > len) {
494 uuids_start[1] = EIR_UUID32_SOME;
495 break;
496 }
497
498 memcpy(ptr, &uuid->uuid[12], sizeof(u32));
499 ptr += sizeof(u32);
500 uuids_start[0] += sizeof(u32);
501 }
502
503 return ptr;
504}
505
c00d575b
JH		 506static u8 *create_uuid128_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
507{
508 u8 *ptr = data, *uuids_start = NULL;
509 struct bt_uuid *uuid;
510
511 if (len < 18)
512 return ptr;
513
514 list_for_each_entry(uuid, &hdev->uuids, list) {
515 if (uuid->size != 128)
516 continue;
517
518 if (!uuids_start) {
519 uuids_start = ptr;
520 uuids_start[0] = 1;
521 uuids_start[1] = EIR_UUID128_ALL;
522 ptr += 2;
523 }
524
525 /* Stop if not enough space to put next UUID */
526 if ((ptr - data) + 16 > len) {
527 uuids_start[1] = EIR_UUID128_SOME;
528 break;
529 }
530
531 memcpy(ptr, uuid->uuid, 16);
532 ptr += 16;
533 uuids_start[0] += 16;
534 }
535
536 return ptr;
537}
538
441ad2d0
MH		 539static u8 create_ad(struct hci_dev *hdev, u8 *ptr)
540{
541 u8 ad_len = 0, flags = 0;
542 size_t name_len;
543
544 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags))
545 flags |= LE_AD_GENERAL;
546
547 if (test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
548 if (lmp_le_br_capable(hdev))
549 flags |= LE_AD_SIM_LE_BREDR_CTRL;
550 if (lmp_host_le_br_capable(hdev))
551 flags |= LE_AD_SIM_LE_BREDR_HOST;
552 } else {
553 flags |= LE_AD_NO_BREDR;
554 }
555
556 if (flags) {
557 BT_DBG("adv flags 0x%02x", flags);
558
559 ptr[0] = 2;
560 ptr[1] = EIR_FLAGS;
561 ptr[2] = flags;
562
563 ad_len += 3;
564 ptr += 3;
565 }
566
567 if (hdev->adv_tx_power != HCI_TX_POWER_INVALID) {
568 ptr[0] = 2;
569 ptr[1] = EIR_TX_POWER;
570 ptr[2] = (u8) hdev->adv_tx_power;
571
572 ad_len += 3;
573 ptr += 3;
574 }
575
576 name_len = strlen(hdev->dev_name);
577 if (name_len > 0) {
578 size_t max_len = HCI_MAX_AD_LENGTH - ad_len - 2;
579
580 if (name_len > max_len) {
581 name_len = max_len;
582 ptr[1] = EIR_NAME_SHORT;
583 } else
584 ptr[1] = EIR_NAME_COMPLETE;
585
586 ptr[0] = name_len + 1;
587
588 memcpy(ptr + 2, hdev->dev_name, name_len);
589
590 ad_len += (name_len + 2);
591 ptr += (name_len + 2);
592 }
593
594 return ad_len;
595}
596
597static void update_ad(struct hci_request *req)
598{
599 struct hci_dev *hdev = req->hdev;
600 struct hci_cp_le_set_adv_data cp;
601 u8 len;
602
603 if (!lmp_le_capable(hdev))
604 return;
605
606 memset(&cp, 0, sizeof(cp));
607
608 len = create_ad(hdev, cp.data);
609
610 if (hdev->adv_data_len == len &&
611 memcmp(cp.data, hdev->adv_data, len) == 0)
612 return;
613
614 memcpy(hdev->adv_data, cp.data, sizeof(cp.data));
615 hdev->adv_data_len = len;
616
617 cp.length = len;
618
619 hci_req_add(req, HCI_OP_LE_SET_ADV_DATA, sizeof(cp), &cp);
620}
621
ef580372
JH		 622static void create_eir(struct hci_dev *hdev, u8 *data)
623{
624 u8 *ptr = data;
ef580372
JH		 625 size_t name_len;
626
627 name_len = strlen(hdev->dev_name);
628
629 if (name_len > 0) {
630 /* EIR Data type */
631 if (name_len > 48) {
632 name_len = 48;
633 ptr[1] = EIR_NAME_SHORT;
634 } else
635 ptr[1] = EIR_NAME_COMPLETE;
636
637 /* EIR Data length */
638 ptr[0] = name_len + 1;
639
640 memcpy(ptr + 2, hdev->dev_name, name_len);
641
ef580372
JH		 642 ptr += (name_len + 2);
643 }
644
bbaf444a 645 if (hdev->inq_tx_power != HCI_TX_POWER_INVALID) {
91c4e9b1
MH		 646 ptr[0] = 2;
647 ptr[1] = EIR_TX_POWER;
648 ptr[2] = (u8) hdev->inq_tx_power;
649
91c4e9b1
MH		 650 ptr += 3;
651 }
652
2b9be137
MH		 653 if (hdev->devid_source > 0) {
654 ptr[0] = 9;
655 ptr[1] = EIR_DEVICE_ID;
656
657 put_unaligned_le16(hdev->devid_source, ptr + 2);
658 put_unaligned_le16(hdev->devid_vendor, ptr + 4);
659 put_unaligned_le16(hdev->devid_product, ptr + 6);
660 put_unaligned_le16(hdev->devid_version, ptr + 8);
661
2b9be137
MH		 662 ptr += 10;
663 }
664
213202ed 665 ptr = create_uuid16_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
cdf1963f 666 ptr = create_uuid32_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
c00d575b 667 ptr = create_uuid128_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
ef580372
JH		 668}
669
890ea898 670static void update_eir(struct hci_request *req)
ef580372 671{
890ea898 672 struct hci_dev *hdev = req->hdev;
ef580372
JH		 673 struct hci_cp_write_eir cp;
674
504c8dcd 675 if (!hdev_is_powered(hdev))
890ea898 676 return;
7770c4aa 677
976eb20e 678 if (!lmp_ext_inq_capable(hdev))
890ea898 679 return;
ef580372 680
84bde9d6 681 if (!test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
890ea898 682 return;
ef580372 683
a8b2d5c2 684 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
890ea898 685 return;
ef580372
JH		 686
687 memset(&cp, 0, sizeof(cp));
688
689 create_eir(hdev, cp.data);
690
691 if (memcmp(cp.data, hdev->eir, sizeof(cp.data)) == 0)
890ea898 692 return;
ef580372
JH		 693
694 memcpy(hdev->eir, cp.data, sizeof(cp.data));
695
890ea898 696 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
ef580372
JH		 697}
698
699static u8 get_service_classes(struct hci_dev *hdev)
700{
701 struct bt_uuid *uuid;
702 u8 val = 0;
703
704 list_for_each_entry(uuid, &hdev->uuids, list)
705 val |= uuid->svc_hint;
706
707 return val;
708}
709
890ea898 710static void update_class(struct hci_request *req)
ef580372 711{
890ea898 712 struct hci_dev *hdev = req->hdev;
ef580372
JH		 713 u8 cod[3];
714
715 BT_DBG("%s", hdev->name);
716
504c8dcd 717 if (!hdev_is_powered(hdev))
890ea898 718 return;
7770c4aa 719
a8b2d5c2 720 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
890ea898 721 return;
ef580372
JH		 722
723 cod[0] = hdev->minor_class;
724 cod[1] = hdev->major_class;
725 cod[2] = get_service_classes(hdev);
726
6acd7db4
MH		 727 if (test_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags))
728 cod[1] |= 0x20;
729
ef580372 730 if (memcmp(cod, hdev->dev_class, 3) == 0)
890ea898 731 return;
ef580372 732
890ea898 733 hci_req_add(req, HCI_OP_WRITE_CLASS_OF_DEV, sizeof(cod), cod);
ef580372
JH		 734}
735
7d78525d
JH		 736static void service_cache_off(struct work_struct *work)
737{
738 struct hci_dev *hdev = container_of(work, struct hci_dev,
04124681 739 service_cache.work);
890ea898 740 struct hci_request req;
7d78525d 741
a8b2d5c2 742 if (!test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
7d78525d
JH		 743 return;
744
890ea898
JH		 745 hci_req_init(&req, hdev);
746
7d78525d
JH		 747 hci_dev_lock(hdev);
748
890ea898
JH		 749 update_eir(&req);
750 update_class(&req);
7d78525d
JH		 751
752 hci_dev_unlock(hdev);
890ea898
JH		 753
754 hci_req_run(&req, NULL);
7d78525d
JH		 755}
756
6a919082 757static void mgmt_init_hdev(struct sock *sk, struct hci_dev *hdev)
7d78525d 758{
4f87da80 759 if (test_and_set_bit(HCI_MGMT, &hdev->dev_flags))
6a919082
JH		 760 return;
761
4f87da80 762 INIT_DELAYED_WORK(&hdev->service_cache, service_cache_off);
7d78525d 763
4f87da80
JH		 764 /* Non-mgmt controlled devices get this bit set
765 * implicitly so that pairing works for them, however
766 * for mgmt we require user-space to explicitly enable
767 * it
768 */
769 clear_bit(HCI_PAIRABLE, &hdev->dev_flags);
7d78525d
JH		 770}
771
0f4e68cf 772static int read_controller_info(struct sock *sk, struct hci_dev *hdev,
04124681 773 void *data, u16 data_len)
0381101f 774{
a38528f1 775 struct mgmt_rp_read_info rp;
f7b64e69 776
bdb6d971 777 BT_DBG("sock %p %s", sk, hdev->name);
f7b64e69 778
09fd0de5 779 hci_dev_lock(hdev);
f7b64e69 780
dc4fe30b
JH		 781 memset(&rp, 0, sizeof(rp));
782
69ab39ea 783 bacpy(&rp.bdaddr, &hdev->bdaddr);
f7b64e69 784
69ab39ea 785 rp.version = hdev->hci_ver;
eb55ef07 786 rp.manufacturer = cpu_to_le16(hdev->manufacturer);
69ab39ea
JH		 787
788 rp.supported_settings = cpu_to_le32(get_supported_settings(hdev));
789 rp.current_settings = cpu_to_le32(get_current_settings(hdev));
f7b64e69 790
a38528f1 791 memcpy(rp.dev_class, hdev->dev_class, 3);
f7b64e69 792
dc4fe30b 793 memcpy(rp.name, hdev->dev_name, sizeof(hdev->dev_name));
27fcc362 794 memcpy(rp.short_name, hdev->short_name, sizeof(hdev->short_name));
dc4fe30b 795
09fd0de5 796 hci_dev_unlock(hdev);
0381101f 797
bdb6d971 798 return cmd_complete(sk, hdev->id, MGMT_OP_READ_INFO, 0, &rp,
04124681 799 sizeof(rp));
0381101f
JH		 800}
801
eec8d2bc
JH		 802static void mgmt_pending_free(struct pending_cmd *cmd)
803{
804 sock_put(cmd->sk);
c68fb7ff 805 kfree(cmd->param);
eec8d2bc
JH		 806 kfree(cmd);
807}
808
366a0336 809static struct pending_cmd *mgmt_pending_add(struct sock *sk, u16 opcode,
04124681
GP		 810 struct hci_dev *hdev, void *data,
811 u16 len)
eec8d2bc
JH		 812{
813 struct pending_cmd *cmd;
814
12b94565 815 cmd = kmalloc(sizeof(*cmd), GFP_KERNEL);
eec8d2bc 816 if (!cmd)
366a0336 817 return NULL;
eec8d2bc
JH		 818
819 cmd->opcode = opcode;
2e58ef3e 820 cmd->index = hdev->id;
eec8d2bc 821
12b94565 822 cmd->param = kmalloc(len, GFP_KERNEL);
c68fb7ff 823 if (!cmd->param) {
eec8d2bc 824 kfree(cmd);
366a0336 825 return NULL;
eec8d2bc
JH		 826 }
827
8fce6357
SJ		 828 if (data)
829 memcpy(cmd->param, data, len);
eec8d2bc
JH		 830
831 cmd->sk = sk;
832 sock_hold(sk);
833
2e58ef3e 834 list_add(&cmd->list, &hdev->mgmt_pending);
eec8d2bc 835
366a0336 836 return cmd;
eec8d2bc
JH		 837}
838
744cf19e 839static void mgmt_pending_foreach(u16 opcode, struct hci_dev *hdev,
8fc9ced3
GP		 840 void (*cb)(struct pending_cmd *cmd,
841 void *data),
04124681 842 void *data)
eec8d2bc 843{
a3d09356 844 struct pending_cmd *cmd, *tmp;
eec8d2bc 845
a3d09356 846 list_for_each_entry_safe(cmd, tmp, &hdev->mgmt_pending, list) {
b24752fe 847 if (opcode > 0 && cmd->opcode != opcode)
eec8d2bc
JH		 848 continue;
849
eec8d2bc
JH		 850 cb(cmd, data);
851 }
852}
853
2e58ef3e 854static struct pending_cmd *mgmt_pending_find(u16 opcode, struct hci_dev *hdev)
eec8d2bc 855{
8035ded4 856 struct pending_cmd *cmd;
eec8d2bc 857
2e58ef3e 858 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
2aeabcbe
JH		 859 if (cmd->opcode == opcode)
860 return cmd;
eec8d2bc
JH		 861 }
862
863 return NULL;
864}
865
a664b5bc 866static void mgmt_pending_remove(struct pending_cmd *cmd)
73f22f62 867{
73f22f62
JH		 868 list_del(&cmd->list);
869 mgmt_pending_free(cmd);
870}
871
69ab39ea 872static int send_settings_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
8680570b 873{
69ab39ea 874 __le32 settings = cpu_to_le32(get_current_settings(hdev));
8680570b 875
aee9b218 876 return cmd_complete(sk, hdev->id, opcode, 0, &settings,
04124681 877 sizeof(settings));
8680570b
JH		 878}
879
bdb6d971 880static int set_powered(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 881 u16 len)
eec8d2bc 882{
650f726d 883 struct mgmt_mode *cp = data;
366a0336 884 struct pending_cmd *cmd;
4b34ee78 885 int err;
eec8d2bc 886
bdb6d971 887 BT_DBG("request for %s", hdev->name);
eec8d2bc 888
a7e80f25
JH		 889 if (cp->val != 0x00 && cp->val != 0x01)
890 return cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
891 MGMT_STATUS_INVALID_PARAMS);
892
09fd0de5 893 hci_dev_lock(hdev);
eec8d2bc 894
87b95ba6
JH		 895 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev)) {
896 err = cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
897 MGMT_STATUS_BUSY);
898 goto failed;
899 }
900
f0d4b78a
MH		 901 if (test_and_clear_bit(HCI_AUTO_OFF, &hdev->dev_flags)) {
902 cancel_delayed_work(&hdev->power_off);
903
904 if (cp->val) {
a1d70450
JH		 905 mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev,
906 data, len);
907 err = mgmt_powered(hdev, 1);
f0d4b78a
MH		 908 goto failed;
909 }
910 }
911
4b34ee78 912 if (!!cp->val == hdev_is_powered(hdev)) {
69ab39ea 913 err = send_settings_rsp(sk, MGMT_OP_SET_POWERED, hdev);
eec8d2bc
JH		 914 goto failed;
915 }
916
2e58ef3e 917 cmd = mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev, data, len);
366a0336
JH		 918 if (!cmd) {
919 err = -ENOMEM;
eec8d2bc 920 goto failed;
366a0336 921 }
eec8d2bc 922
72a734ec 923 if (cp->val)
19202573 924 queue_work(hdev->req_workqueue, &hdev->power_on);
eec8d2bc 925 else
19202573 926 queue_work(hdev->req_workqueue, &hdev->power_off.work);
eec8d2bc 927
366a0336 928 err = 0;
eec8d2bc
JH		 929
930failed:
09fd0de5 931 hci_dev_unlock(hdev);
366a0336 932 return err;
eec8d2bc
JH		 933}
934
04124681
GP		 935static int mgmt_event(u16 event, struct hci_dev *hdev, void *data, u16 data_len,
936 struct sock *skip_sk)
beadb2bd
JH		 937{
938 struct sk_buff *skb;
939 struct mgmt_hdr *hdr;
940
790eff44 941 skb = alloc_skb(sizeof(*hdr) + data_len, GFP_KERNEL);
beadb2bd
JH		 942 if (!skb)
943 return -ENOMEM;
944
945 hdr = (void *) skb_put(skb, sizeof(*hdr));
946 hdr->opcode = cpu_to_le16(event);
947 if (hdev)
948 hdr->index = cpu_to_le16(hdev->id);
949 else
612dfce9 950 hdr->index = __constant_cpu_to_le16(MGMT_INDEX_NONE);
beadb2bd
JH		 951 hdr->len = cpu_to_le16(data_len);
952
953 if (data)
954 memcpy(skb_put(skb, data_len), data, data_len);
955
97e0bdeb
MH		 956 /* Time stamp */
957 __net_timestamp(skb);
958
beadb2bd
JH		 959 hci_send_to_control(skb, skip_sk);
960 kfree_skb(skb);
961
962 return 0;
963}
964
965static int new_settings(struct hci_dev *hdev, struct sock *skip)
966{
967 __le32 ev;
968
969 ev = cpu_to_le32(get_current_settings(hdev));
970
971 return mgmt_event(MGMT_EV_NEW_SETTINGS, hdev, &ev, sizeof(ev), skip);
972}
973
bd99abdd
JH		 974struct cmd_lookup {
975 struct sock *sk;
976 struct hci_dev *hdev;
977 u8 mgmt_status;
978};
979
980static void settings_rsp(struct pending_cmd *cmd, void *data)
981{
982 struct cmd_lookup *match = data;
983
984 send_settings_rsp(cmd->sk, cmd->opcode, match->hdev);
985
986 list_del(&cmd->list);
987
988 if (match->sk == NULL) {
989 match->sk = cmd->sk;
990 sock_hold(match->sk);
991 }
992
993 mgmt_pending_free(cmd);
994}
995
996static void cmd_status_rsp(struct pending_cmd *cmd, void *data)
997{
998 u8 *status = data;
999
1000 cmd_status(cmd->sk, cmd->index, cmd->opcode, *status);
1001 mgmt_pending_remove(cmd);
1002}
1003
e6fe7986
JH		 1004static u8 mgmt_bredr_support(struct hci_dev *hdev)
1005{
1006 if (!lmp_bredr_capable(hdev))
1007 return MGMT_STATUS_NOT_SUPPORTED;
1008 else if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
1009 return MGMT_STATUS_REJECTED;
1010 else
1011 return MGMT_STATUS_SUCCESS;
1012}
1013
1014static u8 mgmt_le_support(struct hci_dev *hdev)
1015{
1016 if (!lmp_le_capable(hdev))
1017 return MGMT_STATUS_NOT_SUPPORTED;
1018 else if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
1019 return MGMT_STATUS_REJECTED;
1020 else
1021 return MGMT_STATUS_SUCCESS;
1022}
1023
bfaf8c9f
JH		 1024static void set_discoverable_complete(struct hci_dev *hdev, u8 status)
1025{
1026 struct pending_cmd *cmd;
1027 struct mgmt_mode *cp;
1028 bool changed;
1029
1030 BT_DBG("status 0x%02x", status);
1031
1032 hci_dev_lock(hdev);
1033
1034 cmd = mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev);
1035 if (!cmd)
1036 goto unlock;
1037
1038 if (status) {
1039 u8 mgmt_err = mgmt_status(status);
1040 cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
1041 goto remove_cmd;
1042 }
1043
1044 cp = cmd->param;
1045 if (cp->val)
1046 changed = !test_and_set_bit(HCI_DISCOVERABLE,
1047 &hdev->dev_flags);
1048 else
1049 changed = test_and_clear_bit(HCI_DISCOVERABLE,
1050 &hdev->dev_flags);
1051
1052 send_settings_rsp(cmd->sk, MGMT_OP_SET_DISCOVERABLE, hdev);
1053
1054 if (changed)
1055 new_settings(hdev, cmd->sk);
1056
1057remove_cmd:
1058 mgmt_pending_remove(cmd);
1059
1060unlock:
1061 hci_dev_unlock(hdev);
1062}
1063
bdb6d971 1064static int set_discoverable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1065 u16 len)
73f22f62 1066{
650f726d 1067 struct mgmt_cp_set_discoverable *cp = data;
366a0336 1068 struct pending_cmd *cmd;
bfaf8c9f 1069 struct hci_request req;
5e5282bb 1070 u16 timeout;
e6fe7986 1071 u8 scan, status;
73f22f62
JH		 1072 int err;
1073
bdb6d971 1074 BT_DBG("request for %s", hdev->name);
73f22f62 1075
e6fe7986
JH		 1076 status = mgmt_bredr_support(hdev);
1077 if (status)
33c525c0 1078 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
e6fe7986 1079 status);
33c525c0 1080
a7e80f25
JH		 1081 if (cp->val != 0x00 && cp->val != 0x01)
1082 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1083 MGMT_STATUS_INVALID_PARAMS);
1084
1f350c87 1085 timeout = __le16_to_cpu(cp->timeout);
24c54a90 1086 if (!cp->val && timeout > 0)
bdb6d971 1087 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 1088 MGMT_STATUS_INVALID_PARAMS);
73f22f62 1089
09fd0de5 1090 hci_dev_lock(hdev);
73f22f62 1091
5e5282bb 1092 if (!hdev_is_powered(hdev) && timeout > 0) {
bdb6d971 1093 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 1094 MGMT_STATUS_NOT_POWERED);
73f22f62
JH		 1095 goto failed;
1096 }
1097
2e58ef3e 1098 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
8ce8e2b5 1099 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
bdb6d971 1100 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 1101 MGMT_STATUS_BUSY);
73f22f62
JH		 1102 goto failed;
1103 }
1104
5e5282bb 1105 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags)) {
bdb6d971 1106 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 1107 MGMT_STATUS_REJECTED);
5e5282bb
JH		 1108 goto failed;
1109 }
1110
1111 if (!hdev_is_powered(hdev)) {
0224d2fa
JH		 1112 bool changed = false;
1113
1114 if (!!cp->val != test_bit(HCI_DISCOVERABLE, &hdev->dev_flags)) {
1115 change_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
1116 changed = true;
1117 }
1118
5e5282bb 1119 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
0224d2fa
JH		 1120 if (err < 0)
1121 goto failed;
1122
1123 if (changed)
1124 err = new_settings(hdev, sk);
1125
5e5282bb
JH		 1126 goto failed;
1127 }
1128
1129 if (!!cp->val == test_bit(HCI_DISCOVERABLE, &hdev->dev_flags)) {
955638ec
MH		 1130 if (hdev->discov_timeout > 0) {
1131 cancel_delayed_work(&hdev->discov_off);
1132 hdev->discov_timeout = 0;
1133 }
1134
1135 if (cp->val && timeout > 0) {
1136 hdev->discov_timeout = timeout;
1137 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
1138 msecs_to_jiffies(hdev->discov_timeout * 1000));
1139 }
1140
69ab39ea 1141 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
73f22f62
JH		 1142 goto failed;
1143 }
1144
2e58ef3e 1145 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DISCOVERABLE, hdev, data, len);
366a0336
JH		 1146 if (!cmd) {
1147 err = -ENOMEM;
73f22f62 1148 goto failed;
366a0336 1149 }
73f22f62 1150
bfaf8c9f
JH		 1151 hci_req_init(&req, hdev);
1152
73f22f62
JH		 1153 scan = SCAN_PAGE;
1154
72a734ec 1155 if (cp->val)
73f22f62 1156 scan |= SCAN_INQUIRY;
16ab91ab 1157 else
e0f9309f 1158 cancel_delayed_work(&hdev->discov_off);
73f22f62 1159
bfaf8c9f
JH		 1160 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1161
1162 err = hci_req_run(&req, set_discoverable_complete);
73f22f62 1163 if (err < 0)
a664b5bc 1164 mgmt_pending_remove(cmd);
73f22f62 1165
16ab91ab 1166 if (cp->val)
5e5282bb 1167 hdev->discov_timeout = timeout;
16ab91ab 1168
73f22f62 1169failed:
09fd0de5 1170 hci_dev_unlock(hdev);
73f22f62
JH		 1171 return err;
1172}
1173
406d7804
JH		 1174static void write_fast_connectable(struct hci_request *req, bool enable)
1175{
bd98b996 1176 struct hci_dev *hdev = req->hdev;
406d7804
JH		 1177 struct hci_cp_write_page_scan_activity acp;
1178 u8 type;
1179
4c01f8b8
JH		 1180 if (hdev->hci_ver < BLUETOOTH_VER_1_2)
1181 return;
1182
406d7804
JH		 1183 if (enable) {
1184 type = PAGE_SCAN_TYPE_INTERLACED;
1185
1186 /* 160 msec page scan interval */
1187 acp.interval = __constant_cpu_to_le16(0x0100);
1188 } else {
1189 type = PAGE_SCAN_TYPE_STANDARD; /* default */
1190
1191 /* default 1.28 sec page scan */
1192 acp.interval = __constant_cpu_to_le16(0x0800);
1193 }
1194
1195 acp.window = __constant_cpu_to_le16(0x0012);
1196
bd98b996
JH		 1197 if (__cpu_to_le16(hdev->page_scan_interval) != acp.interval ||
1198 __cpu_to_le16(hdev->page_scan_window) != acp.window)
1199 hci_req_add(req, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY,
1200 sizeof(acp), &acp);
1201
1202 if (hdev->page_scan_type != type)
1203 hci_req_add(req, HCI_OP_WRITE_PAGE_SCAN_TYPE, 1, &type);
406d7804
JH		 1204}
1205
1987fdc7
JH		 1206static u8 get_adv_type(struct hci_dev *hdev)
1207{
1208 struct pending_cmd *cmd;
1209 bool connectable;
1210
1211 /* If there's a pending mgmt command the flag will not yet have
1212 * it's final value, so check for this first.
1213 */
1214 cmd = mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
1215 if (cmd) {
1216 struct mgmt_mode *cp = cmd->param;
1217 connectable = !!cp->val;
1218 } else {
1219 connectable = test_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1220 }
1221
1222 return connectable ? LE_ADV_IND : LE_ADV_NONCONN_IND;
1223}
1224
95c66e75
JH		 1225static void enable_advertising(struct hci_request *req)
1226{
1227 struct hci_dev *hdev = req->hdev;
1228 struct hci_cp_le_set_adv_param cp;
1229 u8 enable = 0x01;
1230
1231 memset(&cp, 0, sizeof(cp));
1232 cp.min_interval = __constant_cpu_to_le16(0x0800);
1233 cp.max_interval = __constant_cpu_to_le16(0x0800);
1987fdc7 1234 cp.type = get_adv_type(hdev);
95c66e75
JH		 1235 if (bacmp(&hdev->bdaddr, BDADDR_ANY))
1236 cp.own_address_type = ADDR_LE_DEV_PUBLIC;
1237 else
1238 cp.own_address_type = ADDR_LE_DEV_RANDOM;
1239 cp.channel_map = 0x07;
1240
1241 hci_req_add(req, HCI_OP_LE_SET_ADV_PARAM, sizeof(cp), &cp);
1242
1243 hci_req_add(req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable), &enable);
1244}
1245
1246static void disable_advertising(struct hci_request *req)
1247{
1248 u8 enable = 0x00;
1249
1250 hci_req_add(req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable), &enable);
1251}
1252
2b76f453
JH		 1253static void set_connectable_complete(struct hci_dev *hdev, u8 status)
1254{
1255 struct pending_cmd *cmd;
d7b856f9
JH		 1256 struct mgmt_mode *cp;
1257 bool changed;
2b76f453
JH		 1258
1259 BT_DBG("status 0x%02x", status);
1260
1261 hci_dev_lock(hdev);
1262
1263 cmd = mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
1264 if (!cmd)
1265 goto unlock;
1266
37438c1f
JH		 1267 if (status) {
1268 u8 mgmt_err = mgmt_status(status);
1269 cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
1270 goto remove_cmd;
1271 }
1272
d7b856f9
JH		 1273 cp = cmd->param;
1274 if (cp->val)
1275 changed = !test_and_set_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1276 else
1277 changed = test_and_clear_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1278
2b76f453
JH		 1279 send_settings_rsp(cmd->sk, MGMT_OP_SET_CONNECTABLE, hdev);
1280
d7b856f9
JH		 1281 if (changed)
1282 new_settings(hdev, cmd->sk);
1283
37438c1f 1284remove_cmd:
2b76f453
JH		 1285 mgmt_pending_remove(cmd);
1286
1287unlock:
1288 hci_dev_unlock(hdev);
1289}
1290
bdb6d971 1291static int set_connectable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1292 u16 len)
9fbcbb45 1293{
650f726d 1294 struct mgmt_mode *cp = data;
366a0336 1295 struct pending_cmd *cmd;
2b76f453 1296 struct hci_request req;
1987fdc7 1297 u8 scan;
9fbcbb45
JH		 1298 int err;
1299
bdb6d971 1300 BT_DBG("request for %s", hdev->name);
9fbcbb45 1301
1987fdc7
JH		 1302 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags) &&
1303 !test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
33c525c0 1304 return cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1987fdc7 1305 MGMT_STATUS_REJECTED);
33c525c0 1306
a7e80f25
JH		 1307 if (cp->val != 0x00 && cp->val != 0x01)
1308 return cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1309 MGMT_STATUS_INVALID_PARAMS);
1310
09fd0de5 1311 hci_dev_lock(hdev);
9fbcbb45 1312
4b34ee78 1313 if (!hdev_is_powered(hdev)) {
0224d2fa
JH		 1314 bool changed = false;
1315
1316 if (!!cp->val != test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
1317 changed = true;
1318
6bf0e469 1319 if (cp->val) {
5e5282bb 1320 set_bit(HCI_CONNECTABLE, &hdev->dev_flags);
6bf0e469 1321 } else {
5e5282bb
JH		 1322 clear_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1323 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
1324 }
0224d2fa 1325
5e5282bb 1326 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
0224d2fa
JH		 1327 if (err < 0)
1328 goto failed;
1329
1330 if (changed)
1331 err = new_settings(hdev, sk);
1332
9fbcbb45
JH		 1333 goto failed;
1334 }
1335
2e58ef3e 1336 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
8ce8e2b5 1337 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
bdb6d971 1338 err = cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
04124681 1339 MGMT_STATUS_BUSY);
9fbcbb45
JH		 1340 goto failed;
1341 }
1342
2e58ef3e 1343 cmd = mgmt_pending_add(sk, MGMT_OP_SET_CONNECTABLE, hdev, data, len);
366a0336
JH		 1344 if (!cmd) {
1345 err = -ENOMEM;
9fbcbb45 1346 goto failed;
366a0336 1347 }
9fbcbb45 1348
9b74246f 1349 hci_req_init(&req, hdev);
9fbcbb45 1350
9b74246f
JH		 1351 if (test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags) &&
1352 cp->val != test_bit(HCI_PSCAN, &hdev->flags)) {
9b74246f
JH		 1353 if (cp->val) {
1354 scan = SCAN_PAGE;
1355 } else {
1356 scan = 0;
1357
1358 if (test_bit(HCI_ISCAN, &hdev->flags) &&
8d6083fe 1359 hdev->discov_timeout > 0)
9b74246f
JH		 1360 cancel_delayed_work(&hdev->discov_off);
1361 }
2b76f453 1362
9b74246f
JH		 1363 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1364 }
2b76f453 1365
4c01f8b8
JH		 1366 /* If we're going from non-connectable to connectable or
1367 * vice-versa when fast connectable is enabled ensure that fast
1368 * connectable gets disabled. write_fast_connectable won't do
1369 * anything if the page scan parameters are already what they
1370 * should be.
1371 */
1372 if (cp->val || test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags))
e36a3769
JH		 1373 write_fast_connectable(&req, false);
1374
1987fdc7
JH		 1375 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags) &&
1376 hci_conn_num(hdev, LE_LINK) == 0) {
1377 disable_advertising(&req);
1378 enable_advertising(&req);
1379 }
1380
2b76f453 1381 err = hci_req_run(&req, set_connectable_complete);
9b74246f 1382 if (err < 0) {
a664b5bc 1383 mgmt_pending_remove(cmd);
9b74246f
JH		 1384 if (err == -ENODATA)
1385 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE,
1386 hdev);
1387 goto failed;
1388 }
9fbcbb45
JH		 1389
1390failed:
09fd0de5 1391 hci_dev_unlock(hdev);
9fbcbb45
JH		 1392 return err;
1393}
1394
bdb6d971 1395static int set_pairable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1396 u16 len)
c542a06c 1397{
650f726d 1398 struct mgmt_mode *cp = data;
55594356 1399 bool changed;
c542a06c
JH		 1400 int err;
1401
bdb6d971 1402 BT_DBG("request for %s", hdev->name);
c542a06c 1403
a7e80f25
JH		 1404 if (cp->val != 0x00 && cp->val != 0x01)
1405 return cmd_status(sk, hdev->id, MGMT_OP_SET_PAIRABLE,
1406 MGMT_STATUS_INVALID_PARAMS);
1407
09fd0de5 1408 hci_dev_lock(hdev);
c542a06c
JH		 1409
1410 if (cp->val)
55594356 1411 changed = !test_and_set_bit(HCI_PAIRABLE, &hdev->dev_flags);
c542a06c 1412 else
55594356 1413 changed = test_and_clear_bit(HCI_PAIRABLE, &hdev->dev_flags);
c542a06c 1414
69ab39ea 1415 err = send_settings_rsp(sk, MGMT_OP_SET_PAIRABLE, hdev);
c542a06c 1416 if (err < 0)
55594356 1417 goto unlock;
c542a06c 1418
55594356
MH		 1419 if (changed)
1420 err = new_settings(hdev, sk);
c542a06c 1421
55594356 1422unlock:
09fd0de5 1423 hci_dev_unlock(hdev);
c542a06c
JH		 1424 return err;
1425}
1426
04124681
GP		 1427static int set_link_security(struct sock *sk, struct hci_dev *hdev, void *data,
1428 u16 len)
33ef95ed
JH		 1429{
1430 struct mgmt_mode *cp = data;
1431 struct pending_cmd *cmd;
e6fe7986 1432 u8 val, status;
33ef95ed
JH		 1433 int err;
1434
bdb6d971 1435 BT_DBG("request for %s", hdev->name);
33ef95ed 1436
e6fe7986
JH		 1437 status = mgmt_bredr_support(hdev);
1438 if (status)
33c525c0 1439 return cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
e6fe7986 1440 status);
33c525c0 1441
a7e80f25
JH		 1442 if (cp->val != 0x00 && cp->val != 0x01)
1443 return cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1444 MGMT_STATUS_INVALID_PARAMS);
1445
33ef95ed
JH		 1446 hci_dev_lock(hdev);
1447
4b34ee78 1448 if (!hdev_is_powered(hdev)) {
47990ea0
JH		 1449 bool changed = false;
1450
1451 if (!!cp->val != test_bit(HCI_LINK_SECURITY,
8ce8e2b5 1452 &hdev->dev_flags)) {
47990ea0
JH		 1453 change_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
1454 changed = true;
1455 }
1456
1457 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1458 if (err < 0)
1459 goto failed;
1460
1461 if (changed)
1462 err = new_settings(hdev, sk);
1463
33ef95ed
JH		 1464 goto failed;
1465 }
1466
1467 if (mgmt_pending_find(MGMT_OP_SET_LINK_SECURITY, hdev)) {
bdb6d971 1468 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
04124681 1469 MGMT_STATUS_BUSY);
33ef95ed
JH		 1470 goto failed;
1471 }
1472
1473 val = !!cp->val;
1474
1475 if (test_bit(HCI_AUTH, &hdev->flags) == val) {
1476 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1477 goto failed;
1478 }
1479
1480 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LINK_SECURITY, hdev, data, len);
1481 if (!cmd) {
1482 err = -ENOMEM;
1483 goto failed;
1484 }
1485
1486 err = hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE, sizeof(val), &val);
1487 if (err < 0) {
1488 mgmt_pending_remove(cmd);
1489 goto failed;
1490 }
1491
1492failed:
1493 hci_dev_unlock(hdev);
33ef95ed
JH		 1494 return err;
1495}
1496
bdb6d971 1497static int set_ssp(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
ed2c4ee3
JH		 1498{
1499 struct mgmt_mode *cp = data;
1500 struct pending_cmd *cmd;
72ef0c1a 1501 u8 status;
ed2c4ee3
JH		 1502 int err;
1503
bdb6d971 1504 BT_DBG("request for %s", hdev->name);
ed2c4ee3 1505
cdba5281
MH		 1506 status = mgmt_bredr_support(hdev);
1507 if (status)
1508 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP, status);
1509
13ecd8b6
JH		 1510 if (!lmp_ssp_capable(hdev))
1511 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1512 MGMT_STATUS_NOT_SUPPORTED);
ed2c4ee3 1513
a7e80f25
JH		 1514 if (cp->val != 0x00 && cp->val != 0x01)
1515 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1516 MGMT_STATUS_INVALID_PARAMS);
1517
13ecd8b6 1518 hci_dev_lock(hdev);
6c8f12c1 1519
4b34ee78 1520 if (!hdev_is_powered(hdev)) {
9ecb3e24 1521 bool changed;
c0ecddc2 1522
9ecb3e24
MH		 1523 if (cp->val) {
1524 changed = !test_and_set_bit(HCI_SSP_ENABLED,
1525 &hdev->dev_flags);
1526 } else {
1527 changed = test_and_clear_bit(HCI_SSP_ENABLED,
1528 &hdev->dev_flags);
1529 if (!changed)
1530 changed = test_and_clear_bit(HCI_HS_ENABLED,
1531 &hdev->dev_flags);
1532 else
1533 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
c0ecddc2
JH		 1534 }
1535
1536 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1537 if (err < 0)
1538 goto failed;
1539
1540 if (changed)
1541 err = new_settings(hdev, sk);
1542
ed2c4ee3
JH		 1543 goto failed;
1544 }
1545
9ecb3e24
MH		 1546 if (mgmt_pending_find(MGMT_OP_SET_SSP, hdev) ||
1547 mgmt_pending_find(MGMT_OP_SET_HS, hdev)) {
d97dcb66
SJ		 1548 err = cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1549 MGMT_STATUS_BUSY);
ed2c4ee3
JH		 1550 goto failed;
1551 }
1552
72ef0c1a 1553 if (!!cp->val == test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) {
ed2c4ee3
JH		 1554 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1555 goto failed;
1556 }
1557
1558 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SSP, hdev, data, len);
1559 if (!cmd) {
1560 err = -ENOMEM;
1561 goto failed;
1562 }
1563
72ef0c1a 1564 err = hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, 1, &cp->val);
ed2c4ee3
JH		 1565 if (err < 0) {
1566 mgmt_pending_remove(cmd);
1567 goto failed;
1568 }
1569
1570failed:
1571 hci_dev_unlock(hdev);
ed2c4ee3
JH		 1572 return err;
1573}
1574
bdb6d971 1575static int set_hs(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
6d80dfd0
JH		 1576{
1577 struct mgmt_mode *cp = data;
ee392693 1578 bool changed;
e6fe7986 1579 u8 status;
ee392693 1580 int err;
6d80dfd0 1581
bdb6d971 1582 BT_DBG("request for %s", hdev->name);
6d80dfd0 1583
e6fe7986
JH		 1584 status = mgmt_bredr_support(hdev);
1585 if (status)
1586 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS, status);
6d80dfd0 1587
9ecb3e24
MH		 1588 if (!lmp_ssp_capable(hdev))
1589 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1590 MGMT_STATUS_NOT_SUPPORTED);
1591
1592 if (!test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
1593 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1594 MGMT_STATUS_REJECTED);
1595
a7e80f25
JH		 1596 if (cp->val != 0x00 && cp->val != 0x01)
1597 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1598 MGMT_STATUS_INVALID_PARAMS);
1599
ee392693
MH		 1600 hci_dev_lock(hdev);
1601
a0cdf960 1602 if (cp->val) {
ee392693 1603 changed = !test_and_set_bit(HCI_HS_ENABLED, &hdev->dev_flags);
a0cdf960
MH		 1604 } else {
1605 if (hdev_is_powered(hdev)) {
1606 err = cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1607 MGMT_STATUS_REJECTED);
1608 goto unlock;
1609 }
1610
ee392693 1611 changed = test_and_clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
a0cdf960 1612 }
ee392693
MH		 1613
1614 err = send_settings_rsp(sk, MGMT_OP_SET_HS, hdev);
1615 if (err < 0)
1616 goto unlock;
1617
1618 if (changed)
1619 err = new_settings(hdev, sk);
6d80dfd0 1620
ee392693
MH		 1621unlock:
1622 hci_dev_unlock(hdev);
1623 return err;
6d80dfd0
JH		 1624}
1625
416a4ae5
JH		 1626static void le_enable_complete(struct hci_dev *hdev, u8 status)
1627{
1628 struct cmd_lookup match = { NULL, hdev };
1629
1630 if (status) {
1631 u8 mgmt_err = mgmt_status(status);
1632
1633 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, cmd_status_rsp,
1634 &mgmt_err);
1635 return;
1636 }
1637
1638 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, settings_rsp, &match);
1639
1640 new_settings(hdev, match.sk);
1641
1642 if (match.sk)
1643 sock_put(match.sk);
441ad2d0
MH		 1644
1645 /* Make sure the controller has a good default for
1646 * advertising data. Restrict the update to when LE
1647 * has actually been enabled. During power on, the
1648 * update in powered_update_hci will take care of it.
1649 */
1650 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
1651 struct hci_request req;
1652
1653 hci_dev_lock(hdev);
1654
1655 hci_req_init(&req, hdev);
1656 update_ad(&req);
1657 hci_req_run(&req, NULL);
1658
1659 hci_dev_unlock(hdev);
1660 }
416a4ae5
JH		 1661}
1662
bdb6d971 1663static int set_le(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
06199cf8
JH		 1664{
1665 struct mgmt_mode *cp = data;
1666 struct hci_cp_write_le_host_supported hci_cp;
1667 struct pending_cmd *cmd;
416a4ae5 1668 struct hci_request req;
06199cf8 1669 int err;
0b60eba1 1670 u8 val, enabled;
06199cf8 1671
bdb6d971 1672 BT_DBG("request for %s", hdev->name);
06199cf8 1673
13ecd8b6
JH		 1674 if (!lmp_le_capable(hdev))
1675 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1676 MGMT_STATUS_NOT_SUPPORTED);
1de028ce 1677
a7e80f25
JH		 1678 if (cp->val != 0x00 && cp->val != 0x01)
1679 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1680 MGMT_STATUS_INVALID_PARAMS);
1681
c73eee91 1682 /* LE-only devices do not allow toggling LE on/off */
56f87901 1683 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
c73eee91
JH		 1684 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1685 MGMT_STATUS_REJECTED);
1686
13ecd8b6 1687 hci_dev_lock(hdev);
06199cf8
JH		 1688
1689 val = !!cp->val;
ffa88e02 1690 enabled = lmp_host_le_capable(hdev);
06199cf8 1691
0b60eba1 1692 if (!hdev_is_powered(hdev) || val == enabled) {
06199cf8
JH		 1693 bool changed = false;
1694
1695 if (val != test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
1696 change_bit(HCI_LE_ENABLED, &hdev->dev_flags);
1697 changed = true;
1698 }
1699
f3d3444a
JH		 1700 if (!val && test_bit(HCI_ADVERTISING, &hdev->dev_flags)) {
1701 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
eeca6f89
JH		 1702 changed = true;
1703 }
1704
06199cf8
JH		 1705 err = send_settings_rsp(sk, MGMT_OP_SET_LE, hdev);
1706 if (err < 0)
1de028ce 1707 goto unlock;
06199cf8
JH		 1708
1709 if (changed)
1710 err = new_settings(hdev, sk);
1711
1de028ce 1712 goto unlock;
06199cf8
JH		 1713 }
1714
4375f103
JH		 1715 if (mgmt_pending_find(MGMT_OP_SET_LE, hdev) ||
1716 mgmt_pending_find(MGMT_OP_SET_ADVERTISING, hdev)) {
bdb6d971 1717 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
04124681 1718 MGMT_STATUS_BUSY);
1de028ce 1719 goto unlock;
06199cf8
JH		 1720 }
1721
1722 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LE, hdev, data, len);
1723 if (!cmd) {
1724 err = -ENOMEM;
1de028ce 1725 goto unlock;
06199cf8
JH		 1726 }
1727
441ad2d0
MH		 1728 hci_req_init(&req, hdev);
1729
06199cf8
JH		 1730 memset(&hci_cp, 0, sizeof(hci_cp));
1731
1732 if (val) {
1733 hci_cp.le = val;
ffa88e02 1734 hci_cp.simul = lmp_le_br_capable(hdev);
441ad2d0
MH		 1735 } else {
1736 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags))
1737 disable_advertising(&req);
06199cf8
JH		 1738 }
1739
416a4ae5
JH		 1740 hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(hci_cp),
1741 &hci_cp);
1742
1743 err = hci_req_run(&req, le_enable_complete);
0c01bc48 1744 if (err < 0)
06199cf8 1745 mgmt_pending_remove(cmd);
06199cf8 1746
1de028ce
JH		 1747unlock:
1748 hci_dev_unlock(hdev);
06199cf8
JH		 1749 return err;
1750}
1751
0cab9c80
JH		 1752/* This is a helper function to test for pending mgmt commands that can
1753 * cause CoD or EIR HCI commands. We can only allow one such pending
1754 * mgmt command at a time since otherwise we cannot easily track what
1755 * the current values are, will be, and based on that calculate if a new
1756 * HCI command needs to be sent and if yes with what value.
1757 */
1758static bool pending_eir_or_class(struct hci_dev *hdev)
1759{
1760 struct pending_cmd *cmd;
1761
1762 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
1763 switch (cmd->opcode) {
1764 case MGMT_OP_ADD_UUID:
1765 case MGMT_OP_REMOVE_UUID:
1766 case MGMT_OP_SET_DEV_CLASS:
1767 case MGMT_OP_SET_POWERED:
1768 return true;
1769 }
1770 }
1771
1772 return false;
1773}
1774
83be8eca
JH		 1775static const u8 bluetooth_base_uuid[] = {
1776 0xfb, 0x34, 0x9b, 0x5f, 0x80, 0x00, 0x00, 0x80,
1777 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1778};
1779
1780static u8 get_uuid_size(const u8 *uuid)
1781{
1782 u32 val;
1783
1784 if (memcmp(uuid, bluetooth_base_uuid, 12))
1785 return 128;
1786
1787 val = get_unaligned_le32(&uuid[12]);
1788 if (val > 0xffff)
1789 return 32;
1790
1791 return 16;
1792}
1793
92da6097
JH		 1794static void mgmt_class_complete(struct hci_dev *hdev, u16 mgmt_op, u8 status)
1795{
1796 struct pending_cmd *cmd;
1797
1798 hci_dev_lock(hdev);
1799
1800 cmd = mgmt_pending_find(mgmt_op, hdev);
1801 if (!cmd)
1802 goto unlock;
1803
1804 cmd_complete(cmd->sk, cmd->index, cmd->opcode, mgmt_status(status),
1805 hdev->dev_class, 3);
1806
1807 mgmt_pending_remove(cmd);
1808
1809unlock:
1810 hci_dev_unlock(hdev);
1811}
1812
1813static void add_uuid_complete(struct hci_dev *hdev, u8 status)
1814{
1815 BT_DBG("status 0x%02x", status);
1816
1817 mgmt_class_complete(hdev, MGMT_OP_ADD_UUID, status);
1818}
1819
bdb6d971 1820static int add_uuid(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
2aeb9a1a 1821{
650f726d 1822 struct mgmt_cp_add_uuid *cp = data;
90e70454 1823 struct pending_cmd *cmd;
890ea898 1824 struct hci_request req;
2aeb9a1a 1825 struct bt_uuid *uuid;
2aeb9a1a
JH		 1826 int err;
1827
bdb6d971 1828 BT_DBG("request for %s", hdev->name);
2aeb9a1a 1829
09fd0de5 1830 hci_dev_lock(hdev);
2aeb9a1a 1831
0cab9c80 1832 if (pending_eir_or_class(hdev)) {
bdb6d971 1833 err = cmd_status(sk, hdev->id, MGMT_OP_ADD_UUID,
04124681 1834 MGMT_STATUS_BUSY);
c95f0ba7
JH		 1835 goto failed;
1836 }
1837
92c4c204 1838 uuid = kmalloc(sizeof(*uuid), GFP_KERNEL);
2aeb9a1a
JH		 1839 if (!uuid) {
1840 err = -ENOMEM;
1841 goto failed;
1842 }
1843
1844 memcpy(uuid->uuid, cp->uuid, 16);
1aff6f09 1845 uuid->svc_hint = cp->svc_hint;
83be8eca 1846 uuid->size = get_uuid_size(cp->uuid);
2aeb9a1a 1847
de66aa63 1848 list_add_tail(&uuid->list, &hdev->uuids);
2aeb9a1a 1849
890ea898 1850 hci_req_init(&req, hdev);
1aff6f09 1851
890ea898
JH		 1852 update_class(&req);
1853 update_eir(&req);
1854
92da6097
JH		 1855 err = hci_req_run(&req, add_uuid_complete);
1856 if (err < 0) {
1857 if (err != -ENODATA)
1858 goto failed;
80a1e1db 1859
bdb6d971 1860 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_UUID, 0,
04124681 1861 hdev->dev_class, 3);
90e70454
JH		 1862 goto failed;
1863 }
1864
1865 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_UUID, hdev, data, len);
890ea898 1866 if (!cmd) {
90e70454 1867 err = -ENOMEM;
890ea898
JH		 1868 goto failed;
1869 }
1870
1871 err = 0;
2aeb9a1a
JH		 1872
1873failed:
09fd0de5 1874 hci_dev_unlock(hdev);
2aeb9a1a
JH		 1875 return err;
1876}
1877
24b78d0f
JH		 1878static bool enable_service_cache(struct hci_dev *hdev)
1879{
1880 if (!hdev_is_powered(hdev))
1881 return false;
1882
1883 if (!test_and_set_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
46818ed5
JH		 1884 queue_delayed_work(hdev->workqueue, &hdev->service_cache,
1885 CACHE_TIMEOUT);
24b78d0f
JH		 1886 return true;
1887 }
1888
1889 return false;
1890}
1891
92da6097
JH		 1892static void remove_uuid_complete(struct hci_dev *hdev, u8 status)
1893{
1894 BT_DBG("status 0x%02x", status);
1895
1896 mgmt_class_complete(hdev, MGMT_OP_REMOVE_UUID, status);
1897}
1898
bdb6d971 1899static int remove_uuid(struct sock *sk, struct hci_dev *hdev, void *data,
8ce8e2b5 1900 u16 len)
2aeb9a1a 1901{
650f726d 1902 struct mgmt_cp_remove_uuid *cp = data;
90e70454 1903 struct pending_cmd *cmd;
056341c8 1904 struct bt_uuid *match, *tmp;
2aeb9a1a 1905 u8 bt_uuid_any[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
890ea898 1906 struct hci_request req;
2aeb9a1a
JH		 1907 int err, found;
1908
bdb6d971 1909 BT_DBG("request for %s", hdev->name);
2aeb9a1a 1910
09fd0de5 1911 hci_dev_lock(hdev);
2aeb9a1a 1912
0cab9c80 1913 if (pending_eir_or_class(hdev)) {
bdb6d971 1914 err = cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
04124681 1915 MGMT_STATUS_BUSY);
c95f0ba7
JH		 1916 goto unlock;
1917 }
1918
2aeb9a1a
JH		 1919 if (memcmp(cp->uuid, bt_uuid_any, 16) == 0) {
1920 err = hci_uuids_clear(hdev);
4004b6d9 1921
24b78d0f 1922 if (enable_service_cache(hdev)) {
bdb6d971 1923 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID,
04124681 1924 0, hdev->dev_class, 3);
24b78d0f
JH		 1925 goto unlock;
1926 }
4004b6d9 1927
9246a869 1928 goto update_class;
2aeb9a1a
JH		 1929 }
1930
1931 found = 0;
1932
056341c8 1933 list_for_each_entry_safe(match, tmp, &hdev->uuids, list) {
2aeb9a1a
JH		 1934 if (memcmp(match->uuid, cp->uuid, 16) != 0)
1935 continue;
1936
1937 list_del(&match->list);
482049f7 1938 kfree(match);
2aeb9a1a
JH		 1939 found++;
1940 }
1941
1942 if (found == 0) {
bdb6d971 1943 err = cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
04124681 1944 MGMT_STATUS_INVALID_PARAMS);
2aeb9a1a
JH		 1945 goto unlock;
1946 }
1947
9246a869 1948update_class:
890ea898 1949 hci_req_init(&req, hdev);
1aff6f09 1950
890ea898
JH		 1951 update_class(&req);
1952 update_eir(&req);
1953
92da6097
JH		 1954 err = hci_req_run(&req, remove_uuid_complete);
1955 if (err < 0) {
1956 if (err != -ENODATA)
1957 goto unlock;
80a1e1db 1958
bdb6d971 1959 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID, 0,
04124681 1960 hdev->dev_class, 3);
90e70454
JH		 1961 goto unlock;
1962 }
1963
1964 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_UUID, hdev, data, len);
890ea898 1965 if (!cmd) {
90e70454 1966 err = -ENOMEM;
890ea898
JH		 1967 goto unlock;
1968 }
1969
1970 err = 0;
2aeb9a1a
JH		 1971
1972unlock:
09fd0de5 1973 hci_dev_unlock(hdev);
2aeb9a1a
JH		 1974 return err;
1975}
1976
92da6097
JH		 1977static void set_class_complete(struct hci_dev *hdev, u8 status)
1978{
1979 BT_DBG("status 0x%02x", status);
1980
1981 mgmt_class_complete(hdev, MGMT_OP_SET_DEV_CLASS, status);
1982}
1983
bdb6d971 1984static int set_dev_class(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1985 u16 len)
1aff6f09 1986{
650f726d 1987 struct mgmt_cp_set_dev_class *cp = data;
90e70454 1988 struct pending_cmd *cmd;
890ea898 1989 struct hci_request req;
1aff6f09
JH		 1990 int err;
1991
bdb6d971 1992 BT_DBG("request for %s", hdev->name);
1aff6f09 1993
6203fc98 1994 if (!lmp_bredr_capable(hdev))
13ecd8b6
JH		 1995 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
1996 MGMT_STATUS_NOT_SUPPORTED);
1aff6f09 1997
0cab9c80 1998 hci_dev_lock(hdev);
ee98f473 1999
0cab9c80
JH		 2000 if (pending_eir_or_class(hdev)) {
2001 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2002 MGMT_STATUS_BUSY);
2003 goto unlock;
2004 }
c95f0ba7 2005
0cab9c80
JH		 2006 if ((cp->minor & 0x03) != 0 || (cp->major & 0xe0) != 0) {
2007 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2008 MGMT_STATUS_INVALID_PARAMS);
2009 goto unlock;
2010 }
575b3a02 2011
932f5ff5
JH		 2012 hdev->major_class = cp->major;
2013 hdev->minor_class = cp->minor;
2014
b5235a65 2015 if (!hdev_is_powered(hdev)) {
bdb6d971 2016 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
04124681 2017 hdev->dev_class, 3);
b5235a65
JH		 2018 goto unlock;
2019 }
2020
890ea898
JH		 2021 hci_req_init(&req, hdev);
2022
a8b2d5c2 2023 if (test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
7d78525d
JH		 2024 hci_dev_unlock(hdev);
2025 cancel_delayed_work_sync(&hdev->service_cache);
2026 hci_dev_lock(hdev);
890ea898 2027 update_eir(&req);
7d78525d 2028 }
14c0b608 2029
890ea898
JH		 2030 update_class(&req);
2031
92da6097
JH		 2032 err = hci_req_run(&req, set_class_complete);
2033 if (err < 0) {
2034 if (err != -ENODATA)
2035 goto unlock;
1aff6f09 2036
bdb6d971 2037 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
04124681 2038 hdev->dev_class, 3);
90e70454
JH		 2039 goto unlock;
2040 }
2041
2042 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DEV_CLASS, hdev, data, len);
890ea898 2043 if (!cmd) {
90e70454 2044 err = -ENOMEM;
890ea898
JH		 2045 goto unlock;
2046 }
2047
2048 err = 0;
1aff6f09 2049
b5235a65 2050unlock:
09fd0de5 2051 hci_dev_unlock(hdev);
1aff6f09
JH		 2052 return err;
2053}
2054
bdb6d971 2055static int load_link_keys(struct sock *sk, struct hci_dev *hdev, void *data,
8ce8e2b5 2056 u16 len)
55ed8ca1 2057{
650f726d 2058 struct mgmt_cp_load_link_keys *cp = data;
4e51eae9 2059 u16 key_count, expected_len;
a492cd52 2060 int i;
55ed8ca1 2061
9060d5cf
MH		 2062 BT_DBG("request for %s", hdev->name);
2063
2064 if (!lmp_bredr_capable(hdev))
2065 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2066 MGMT_STATUS_NOT_SUPPORTED);
2067
1f350c87 2068 key_count = __le16_to_cpu(cp->key_count);
55ed8ca1 2069
86742e1e
JH		 2070 expected_len = sizeof(*cp) + key_count *
2071 sizeof(struct mgmt_link_key_info);
a492cd52 2072 if (expected_len != len) {
86742e1e 2073 BT_ERR("load_link_keys: expected %u bytes, got %u bytes",
8ce8e2b5 2074 len, expected_len);
bdb6d971 2075 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
04124681 2076 MGMT_STATUS_INVALID_PARAMS);
55ed8ca1
JH		 2077 }
2078
4ae14301
JH		 2079 if (cp->debug_keys != 0x00 && cp->debug_keys != 0x01)
2080 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2081 MGMT_STATUS_INVALID_PARAMS);
2082
bdb6d971 2083 BT_DBG("%s debug_keys %u key_count %u", hdev->name, cp->debug_keys,
8ce8e2b5 2084 key_count);
55ed8ca1 2085
4ee71b20
JH		 2086 for (i = 0; i < key_count; i++) {
2087 struct mgmt_link_key_info *key = &cp->keys[i];
2088
2089 if (key->addr.type != BDADDR_BREDR)
2090 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2091 MGMT_STATUS_INVALID_PARAMS);
2092 }
2093
09fd0de5 2094 hci_dev_lock(hdev);
55ed8ca1
JH		 2095
2096 hci_link_keys_clear(hdev);
2097
55ed8ca1 2098 if (cp->debug_keys)
a8b2d5c2 2099 set_bit(HCI_DEBUG_KEYS, &hdev->dev_flags);
55ed8ca1 2100 else
a8b2d5c2 2101 clear_bit(HCI_DEBUG_KEYS, &hdev->dev_flags);
55ed8ca1 2102
a492cd52 2103 for (i = 0; i < key_count; i++) {
86742e1e 2104 struct mgmt_link_key_info *key = &cp->keys[i];
55ed8ca1 2105
d753fdc4 2106 hci_add_link_key(hdev, NULL, 0, &key->addr.bdaddr, key->val,
04124681 2107 key->type, key->pin_len);
55ed8ca1
JH		 2108 }
2109
bdb6d971 2110 cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS, 0, NULL, 0);
0e5f875a 2111
09fd0de5 2112 hci_dev_unlock(hdev);
55ed8ca1 2113
a492cd52 2114 return 0;
55ed8ca1
JH		 2115}
2116
b1078ad0 2117static int device_unpaired(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 2118 u8 addr_type, struct sock *skip_sk)
b1078ad0
JH		 2119{
2120 struct mgmt_ev_device_unpaired ev;
2121
2122 bacpy(&ev.addr.bdaddr, bdaddr);
2123 ev.addr.type = addr_type;
2124
2125 return mgmt_event(MGMT_EV_DEVICE_UNPAIRED, hdev, &ev, sizeof(ev),
04124681 2126 skip_sk);
b1078ad0
JH		 2127}
2128
bdb6d971 2129static int unpair_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2130 u16 len)
55ed8ca1 2131{
124f6e35
JH		 2132 struct mgmt_cp_unpair_device *cp = data;
2133 struct mgmt_rp_unpair_device rp;
a8a1d19e
JH		 2134 struct hci_cp_disconnect dc;
2135 struct pending_cmd *cmd;
55ed8ca1 2136 struct hci_conn *conn;
55ed8ca1
JH		 2137 int err;
2138
a8a1d19e 2139 memset(&rp, 0, sizeof(rp));
124f6e35
JH		 2140 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2141 rp.addr.type = cp->addr.type;
a8a1d19e 2142
4ee71b20
JH		 2143 if (!bdaddr_type_is_valid(cp->addr.type))
2144 return cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2145 MGMT_STATUS_INVALID_PARAMS,
2146 &rp, sizeof(rp));
2147
118da70b
JH		 2148 if (cp->disconnect != 0x00 && cp->disconnect != 0x01)
2149 return cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2150 MGMT_STATUS_INVALID_PARAMS,
2151 &rp, sizeof(rp));
2152
4ee71b20
JH		 2153 hci_dev_lock(hdev);
2154
86a8cfc6 2155 if (!hdev_is_powered(hdev)) {
bdb6d971 2156 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
04124681 2157 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
86a8cfc6
JH		 2158 goto unlock;
2159 }
2160
591f47f3 2161 if (cp->addr.type == BDADDR_BREDR)
124f6e35
JH		 2162 err = hci_remove_link_key(hdev, &cp->addr.bdaddr);
2163 else
2164 err = hci_remove_ltk(hdev, &cp->addr.bdaddr);
b0dbfb46 2165
55ed8ca1 2166 if (err < 0) {
bdb6d971 2167 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
04124681 2168 MGMT_STATUS_NOT_PAIRED, &rp, sizeof(rp));
55ed8ca1
JH		 2169 goto unlock;
2170 }
2171
86a8cfc6 2172 if (cp->disconnect) {
591f47f3 2173 if (cp->addr.type == BDADDR_BREDR)
86a8cfc6 2174 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
8ce8e2b5 2175 &cp->addr.bdaddr);
86a8cfc6
JH		 2176 else
2177 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK,
8ce8e2b5 2178 &cp->addr.bdaddr);
86a8cfc6
JH		 2179 } else {
2180 conn = NULL;
2181 }
124f6e35 2182
a8a1d19e 2183 if (!conn) {
bdb6d971 2184 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE, 0,
04124681 2185 &rp, sizeof(rp));
b1078ad0 2186 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, sk);
a8a1d19e
JH		 2187 goto unlock;
2188 }
55ed8ca1 2189
124f6e35 2190 cmd = mgmt_pending_add(sk, MGMT_OP_UNPAIR_DEVICE, hdev, cp,
04124681 2191 sizeof(*cp));
a8a1d19e
JH		 2192 if (!cmd) {
2193 err = -ENOMEM;
2194 goto unlock;
55ed8ca1
JH		 2195 }
2196
eb55ef07 2197 dc.handle = cpu_to_le16(conn->handle);
a8a1d19e
JH		 2198 dc.reason = 0x13; /* Remote User Terminated Connection */
2199 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
2200 if (err < 0)
2201 mgmt_pending_remove(cmd);
2202
55ed8ca1 2203unlock:
09fd0de5 2204 hci_dev_unlock(hdev);
55ed8ca1
JH		 2205 return err;
2206}
2207
bdb6d971 2208static int disconnect(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2209 u16 len)
8962ee74 2210{
650f726d 2211 struct mgmt_cp_disconnect *cp = data;
06a63b19 2212 struct mgmt_rp_disconnect rp;
8962ee74 2213 struct hci_cp_disconnect dc;
366a0336 2214 struct pending_cmd *cmd;
8962ee74 2215 struct hci_conn *conn;
8962ee74
JH		 2216 int err;
2217
2218 BT_DBG("");
2219
06a63b19
JH		 2220 memset(&rp, 0, sizeof(rp));
2221 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2222 rp.addr.type = cp->addr.type;
2223
4ee71b20 2224 if (!bdaddr_type_is_valid(cp->addr.type))
06a63b19
JH		 2225 return cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2226 MGMT_STATUS_INVALID_PARAMS,
2227 &rp, sizeof(rp));
4ee71b20 2228
09fd0de5 2229 hci_dev_lock(hdev);
8962ee74
JH		 2230
2231 if (!test_bit(HCI_UP, &hdev->flags)) {
06a63b19
JH		 2232 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2233 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
8962ee74
JH		 2234 goto failed;
2235 }
2236
2e58ef3e 2237 if (mgmt_pending_find(MGMT_OP_DISCONNECT, hdev)) {
06a63b19
JH		 2238 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2239 MGMT_STATUS_BUSY, &rp, sizeof(rp));
8962ee74
JH		 2240 goto failed;
2241 }
2242
591f47f3 2243 if (cp->addr.type == BDADDR_BREDR)
8fc9ced3
GP		 2244 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
2245 &cp->addr.bdaddr);
88c3df13
JH		 2246 else
2247 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
365227e5 2248
f960727e 2249 if (!conn || conn->state == BT_OPEN || conn->state == BT_CLOSED) {
06a63b19
JH		 2250 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2251 MGMT_STATUS_NOT_CONNECTED, &rp, sizeof(rp));
8962ee74
JH		 2252 goto failed;
2253 }
2254
2e58ef3e 2255 cmd = mgmt_pending_add(sk, MGMT_OP_DISCONNECT, hdev, data, len);
366a0336
JH		 2256 if (!cmd) {
2257 err = -ENOMEM;
8962ee74 2258 goto failed;
366a0336 2259 }
8962ee74 2260
eb55ef07 2261 dc.handle = cpu_to_le16(conn->handle);
3701f944 2262 dc.reason = HCI_ERROR_REMOTE_USER_TERM;
8962ee74
JH		 2263
2264 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
2265 if (err < 0)
a664b5bc 2266 mgmt_pending_remove(cmd);
8962ee74
JH		 2267
2268failed:
09fd0de5 2269 hci_dev_unlock(hdev);
8962ee74
JH		 2270 return err;
2271}
2272
57c1477c 2273static u8 link_to_bdaddr(u8 link_type, u8 addr_type)
4c659c39
JH		 2274{
2275 switch (link_type) {
2276 case LE_LINK:
48264f06
JH		 2277 switch (addr_type) {
2278 case ADDR_LE_DEV_PUBLIC:
591f47f3 2279 return BDADDR_LE_PUBLIC;
0ed09148 2280
48264f06 2281 default:
0ed09148 2282 /* Fallback to LE Random address type */
591f47f3 2283 return BDADDR_LE_RANDOM;
48264f06 2284 }
0ed09148 2285
4c659c39 2286 default:
0ed09148 2287 /* Fallback to BR/EDR type */
591f47f3 2288 return BDADDR_BREDR;
4c659c39
JH		 2289 }
2290}
2291
04124681
GP		 2292static int get_connections(struct sock *sk, struct hci_dev *hdev, void *data,
2293 u16 data_len)
2784eb41 2294{
2784eb41 2295 struct mgmt_rp_get_connections *rp;
8035ded4 2296 struct hci_conn *c;
a38528f1 2297 size_t rp_len;
60fc5fb6
JH		 2298 int err;
2299 u16 i;
2784eb41
JH		 2300
2301 BT_DBG("");
2302
09fd0de5 2303 hci_dev_lock(hdev);
2784eb41 2304
5f97c1df 2305 if (!hdev_is_powered(hdev)) {
bdb6d971 2306 err = cmd_status(sk, hdev->id, MGMT_OP_GET_CONNECTIONS,
04124681 2307 MGMT_STATUS_NOT_POWERED);
5f97c1df
JH		 2308 goto unlock;
2309 }
2310
60fc5fb6 2311 i = 0;
b644ba33
JH		 2312 list_for_each_entry(c, &hdev->conn_hash.list, list) {
2313 if (test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
60fc5fb6 2314 i++;
2784eb41
JH		 2315 }
2316
60fc5fb6 2317 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
92c4c204 2318 rp = kmalloc(rp_len, GFP_KERNEL);
a38528f1 2319 if (!rp) {
2784eb41
JH		 2320 err = -ENOMEM;
2321 goto unlock;
2322 }
2323
2784eb41 2324 i = 0;
4c659c39 2325 list_for_each_entry(c, &hdev->conn_hash.list, list) {
b644ba33
JH		 2326 if (!test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
2327 continue;
4c659c39 2328 bacpy(&rp->addr[i].bdaddr, &c->dst);
57c1477c 2329 rp->addr[i].type = link_to_bdaddr(c->type, c->dst_type);
0ed09148 2330 if (c->type == SCO_LINK || c->type == ESCO_LINK)
4c659c39
JH		 2331 continue;
2332 i++;
2333 }
2334
eb55ef07 2335 rp->conn_count = cpu_to_le16(i);
60fc5fb6 2336
4c659c39
JH		 2337 /* Recalculate length in case of filtered SCO connections, etc */
2338 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
2784eb41 2339
bdb6d971 2340 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CONNECTIONS, 0, rp,
04124681 2341 rp_len);
2784eb41 2342
a38528f1 2343 kfree(rp);
5f97c1df
JH		 2344
2345unlock:
09fd0de5 2346 hci_dev_unlock(hdev);
2784eb41
JH		 2347 return err;
2348}
2349
bdb6d971 2350static int send_pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 2351 struct mgmt_cp_pin_code_neg_reply *cp)
96d97a67
WR		 2352{
2353 struct pending_cmd *cmd;
2354 int err;
2355
2e58ef3e 2356 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_NEG_REPLY, hdev, cp,
04124681 2357 sizeof(*cp));
96d97a67
WR		 2358 if (!cmd)
2359 return -ENOMEM;
2360
d8457698 2361 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
04124681 2362 sizeof(cp->addr.bdaddr), &cp->addr.bdaddr);
96d97a67
WR		 2363 if (err < 0)
2364 mgmt_pending_remove(cmd);
2365
2366 return err;
2367}
2368
bdb6d971 2369static int pin_code_reply(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2370 u16 len)
980e1a53 2371{
96d97a67 2372 struct hci_conn *conn;
650f726d 2373 struct mgmt_cp_pin_code_reply *cp = data;
980e1a53 2374 struct hci_cp_pin_code_reply reply;
366a0336 2375 struct pending_cmd *cmd;
980e1a53
JH		 2376 int err;
2377
2378 BT_DBG("");
2379
09fd0de5 2380 hci_dev_lock(hdev);
980e1a53 2381
4b34ee78 2382 if (!hdev_is_powered(hdev)) {
bdb6d971 2383 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
04124681 2384 MGMT_STATUS_NOT_POWERED);
980e1a53
JH		 2385 goto failed;
2386 }
2387
d8457698 2388 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->addr.bdaddr);
96d97a67 2389 if (!conn) {
bdb6d971 2390 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
04124681 2391 MGMT_STATUS_NOT_CONNECTED);
96d97a67
WR		 2392 goto failed;
2393 }
2394
2395 if (conn->pending_sec_level == BT_SECURITY_HIGH && cp->pin_len != 16) {
d8457698
JH		 2396 struct mgmt_cp_pin_code_neg_reply ncp;
2397
2398 memcpy(&ncp.addr, &cp->addr, sizeof(ncp.addr));
96d97a67
WR		 2399
2400 BT_ERR("PIN code is not 16 bytes long");
2401
bdb6d971 2402 err = send_pin_code_neg_reply(sk, hdev, &ncp);
96d97a67 2403 if (err >= 0)
bdb6d971 2404 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
04124681 2405 MGMT_STATUS_INVALID_PARAMS);
96d97a67
WR		 2406
2407 goto failed;
2408 }
2409
00abfe44 2410 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_REPLY, hdev, data, len);
366a0336
JH		 2411 if (!cmd) {
2412 err = -ENOMEM;
980e1a53 2413 goto failed;
366a0336 2414 }
980e1a53 2415
d8457698 2416 bacpy(&reply.bdaddr, &cp->addr.bdaddr);
980e1a53 2417 reply.pin_len = cp->pin_len;
24718ca5 2418 memcpy(reply.pin_code, cp->pin_code, sizeof(reply.pin_code));
980e1a53
JH		 2419
2420 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_REPLY, sizeof(reply), &reply);
2421 if (err < 0)
a664b5bc 2422 mgmt_pending_remove(cmd);
980e1a53
JH		 2423
2424failed:
09fd0de5 2425 hci_dev_unlock(hdev);
980e1a53
JH		 2426 return err;
2427}
2428
04124681
GP		 2429static int set_io_capability(struct sock *sk, struct hci_dev *hdev, void *data,
2430 u16 len)
17fa4b9d 2431{
650f726d 2432 struct mgmt_cp_set_io_capability *cp = data;
17fa4b9d
JH		 2433
2434 BT_DBG("");
2435
09fd0de5 2436 hci_dev_lock(hdev);
17fa4b9d
JH		 2437
2438 hdev->io_capability = cp->io_capability;
2439
2440 BT_DBG("%s IO capability set to 0x%02x", hdev->name,
8ce8e2b5 2441 hdev->io_capability);
17fa4b9d 2442
09fd0de5 2443 hci_dev_unlock(hdev);
17fa4b9d 2444
04124681
GP		 2445 return cmd_complete(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY, 0, NULL,
2446 0);
17fa4b9d
JH		 2447}
2448
6039aa73 2449static struct pending_cmd *find_pairing(struct hci_conn *conn)
e9a416b5
JH		 2450{
2451 struct hci_dev *hdev = conn->hdev;
8035ded4 2452 struct pending_cmd *cmd;
e9a416b5 2453
2e58ef3e 2454 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
e9a416b5
JH		 2455 if (cmd->opcode != MGMT_OP_PAIR_DEVICE)
2456 continue;
2457
e9a416b5
JH		 2458 if (cmd->user_data != conn)
2459 continue;
2460
2461 return cmd;
2462 }
2463
2464 return NULL;
2465}
2466
2467static void pairing_complete(struct pending_cmd *cmd, u8 status)
2468{
2469 struct mgmt_rp_pair_device rp;
2470 struct hci_conn *conn = cmd->user_data;
2471
ba4e564f 2472 bacpy(&rp.addr.bdaddr, &conn->dst);
57c1477c 2473 rp.addr.type = link_to_bdaddr(conn->type, conn->dst_type);
e9a416b5 2474
aee9b218 2475 cmd_complete(cmd->sk, cmd->index, MGMT_OP_PAIR_DEVICE, status,
04124681 2476 &rp, sizeof(rp));
e9a416b5
JH		 2477
2478 /* So we don't get further callbacks for this connection */
2479 conn->connect_cfm_cb = NULL;
2480 conn->security_cfm_cb = NULL;
2481 conn->disconn_cfm_cb = NULL;
2482
76a68ba0 2483 hci_conn_drop(conn);
e9a416b5 2484
a664b5bc 2485 mgmt_pending_remove(cmd);
e9a416b5
JH		 2486}
2487
2488static void pairing_complete_cb(struct hci_conn *conn, u8 status)
2489{
2490 struct pending_cmd *cmd;
2491
2492 BT_DBG("status %u", status);
2493
2494 cmd = find_pairing(conn);
56e5cb86 2495 if (!cmd)
e9a416b5 2496 BT_DBG("Unable to find a pending command");
56e5cb86 2497 else
e211326c 2498 pairing_complete(cmd, mgmt_status(status));
e9a416b5
JH		 2499}
2500
4c47d739
VA		 2501static void le_connect_complete_cb(struct hci_conn *conn, u8 status)
2502{
2503 struct pending_cmd *cmd;
2504
2505 BT_DBG("status %u", status);
2506
2507 if (!status)
2508 return;
2509
2510 cmd = find_pairing(conn);
2511 if (!cmd)
2512 BT_DBG("Unable to find a pending command");
2513 else
2514 pairing_complete(cmd, mgmt_status(status));
2515}
2516
bdb6d971 2517static int pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2518 u16 len)
e9a416b5 2519{
650f726d 2520 struct mgmt_cp_pair_device *cp = data;
1425acb7 2521 struct mgmt_rp_pair_device rp;
e9a416b5
JH		 2522 struct pending_cmd *cmd;
2523 u8 sec_level, auth_type;
2524 struct hci_conn *conn;
e9a416b5
JH		 2525 int err;
2526
2527 BT_DBG("");
2528
f950a30e
SJ		 2529 memset(&rp, 0, sizeof(rp));
2530 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2531 rp.addr.type = cp->addr.type;
2532
4ee71b20
JH		 2533 if (!bdaddr_type_is_valid(cp->addr.type))
2534 return cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2535 MGMT_STATUS_INVALID_PARAMS,
2536 &rp, sizeof(rp));
2537
09fd0de5 2538 hci_dev_lock(hdev);
e9a416b5 2539
5f97c1df 2540 if (!hdev_is_powered(hdev)) {
f950a30e
SJ		 2541 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2542 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
5f97c1df
JH		 2543 goto unlock;
2544 }
2545
c908df36
VCG		 2546 sec_level = BT_SECURITY_MEDIUM;
2547 if (cp->io_cap == 0x03)
e9a416b5 2548 auth_type = HCI_AT_DEDICATED_BONDING;
c908df36 2549 else
e9a416b5 2550 auth_type = HCI_AT_DEDICATED_BONDING_MITM;
e9a416b5 2551
591f47f3 2552 if (cp->addr.type == BDADDR_BREDR)
b12f62cf
AG		 2553 conn = hci_connect(hdev, ACL_LINK, &cp->addr.bdaddr,
2554 cp->addr.type, sec_level, auth_type);
7a512d01 2555 else
b12f62cf
AG		 2556 conn = hci_connect(hdev, LE_LINK, &cp->addr.bdaddr,
2557 cp->addr.type, sec_level, auth_type);
7a512d01 2558
30e76272 2559 if (IS_ERR(conn)) {
489dc48e
AK		 2560 int status;
2561
2562 if (PTR_ERR(conn) == -EBUSY)
2563 status = MGMT_STATUS_BUSY;
2564 else
2565 status = MGMT_STATUS_CONNECT_FAILED;
2566
bdb6d971 2567 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
489dc48e 2568 status, &rp,
04124681 2569 sizeof(rp));
e9a416b5
JH		 2570 goto unlock;
2571 }
2572
2573 if (conn->connect_cfm_cb) {
76a68ba0 2574 hci_conn_drop(conn);
bdb6d971 2575 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
04124681 2576 MGMT_STATUS_BUSY, &rp, sizeof(rp));
e9a416b5
JH		 2577 goto unlock;
2578 }
2579
2e58ef3e 2580 cmd = mgmt_pending_add(sk, MGMT_OP_PAIR_DEVICE, hdev, data, len);
e9a416b5
JH		 2581 if (!cmd) {
2582 err = -ENOMEM;
76a68ba0 2583 hci_conn_drop(conn);
e9a416b5
JH		 2584 goto unlock;
2585 }
2586
7a512d01 2587 /* For LE, just connecting isn't a proof that the pairing finished */
591f47f3 2588 if (cp->addr.type == BDADDR_BREDR)
7a512d01 2589 conn->connect_cfm_cb = pairing_complete_cb;
4c47d739
VA		 2590 else
2591 conn->connect_cfm_cb = le_connect_complete_cb;
7a512d01 2592
e9a416b5
JH		 2593 conn->security_cfm_cb = pairing_complete_cb;
2594 conn->disconn_cfm_cb = pairing_complete_cb;
2595 conn->io_capability = cp->io_cap;
2596 cmd->user_data = conn;
2597
2598 if (conn->state == BT_CONNECTED &&
8ce8e2b5 2599 hci_conn_security(conn, sec_level, auth_type))
e9a416b5
JH		 2600 pairing_complete(cmd, 0);
2601
2602 err = 0;
2603
2604unlock:
09fd0de5 2605 hci_dev_unlock(hdev);
e9a416b5
JH		 2606 return err;
2607}
2608
04124681
GP		 2609static int cancel_pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
2610 u16 len)
28424707 2611{
0f4e68cf 2612 struct mgmt_addr_info *addr = data;
28424707
JH		 2613 struct pending_cmd *cmd;
2614 struct hci_conn *conn;
2615 int err;
2616
2617 BT_DBG("");
2618
28424707
JH		 2619 hci_dev_lock(hdev);
2620
5f97c1df 2621 if (!hdev_is_powered(hdev)) {
bdb6d971 2622 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
04124681 2623 MGMT_STATUS_NOT_POWERED);
5f97c1df
JH		 2624 goto unlock;
2625 }
2626
28424707
JH		 2627 cmd = mgmt_pending_find(MGMT_OP_PAIR_DEVICE, hdev);
2628 if (!cmd) {
bdb6d971 2629 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
04124681 2630 MGMT_STATUS_INVALID_PARAMS);
28424707
JH		 2631 goto unlock;
2632 }
2633
2634 conn = cmd->user_data;
2635
2636 if (bacmp(&addr->bdaddr, &conn->dst) != 0) {
bdb6d971 2637 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
04124681 2638 MGMT_STATUS_INVALID_PARAMS);
28424707
JH		 2639 goto unlock;
2640 }
2641
2642 pairing_complete(cmd, MGMT_STATUS_CANCELLED);
2643
bdb6d971 2644 err = cmd_complete(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE, 0,
04124681 2645 addr, sizeof(*addr));
28424707
JH		 2646unlock:
2647 hci_dev_unlock(hdev);
28424707
JH		 2648 return err;
2649}
2650
bdb6d971 2651static int user_pairing_resp(struct sock *sk, struct hci_dev *hdev,
1707c60e 2652 struct mgmt_addr_info *addr, u16 mgmt_op,
04124681 2653 u16 hci_op, __le32 passkey)
a5c29683 2654{
a5c29683 2655 struct pending_cmd *cmd;
0df4c185 2656 struct hci_conn *conn;
a5c29683
JH		 2657 int err;
2658
09fd0de5 2659 hci_dev_lock(hdev);
08ba5382 2660
4b34ee78 2661 if (!hdev_is_powered(hdev)) {
feb94d3d
JH		 2662 err = cmd_complete(sk, hdev->id, mgmt_op,
2663 MGMT_STATUS_NOT_POWERED, addr,
2664 sizeof(*addr));
0df4c185 2665 goto done;
a5c29683
JH		 2666 }
2667
1707c60e
JH		 2668 if (addr->type == BDADDR_BREDR)
2669 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &addr->bdaddr);
272d90df 2670 else
1707c60e 2671 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &addr->bdaddr);
272d90df
JH		 2672
2673 if (!conn) {
feb94d3d
JH		 2674 err = cmd_complete(sk, hdev->id, mgmt_op,
2675 MGMT_STATUS_NOT_CONNECTED, addr,
2676 sizeof(*addr));
272d90df
JH		 2677 goto done;
2678 }
47c15e2b 2679
1707c60e 2680 if (addr->type == BDADDR_LE_PUBLIC || addr->type == BDADDR_LE_RANDOM) {
47c15e2b 2681 /* Continue with pairing via SMP */
5fe57d9e
BG		 2682 err = smp_user_confirm_reply(conn, mgmt_op, passkey);
2683
2684 if (!err)
feb94d3d
JH		 2685 err = cmd_complete(sk, hdev->id, mgmt_op,
2686 MGMT_STATUS_SUCCESS, addr,
2687 sizeof(*addr));
5fe57d9e 2688 else
feb94d3d
JH		 2689 err = cmd_complete(sk, hdev->id, mgmt_op,
2690 MGMT_STATUS_FAILED, addr,
2691 sizeof(*addr));
47c15e2b 2692
47c15e2b
BG		 2693 goto done;
2694 }
2695
1707c60e 2696 cmd = mgmt_pending_add(sk, mgmt_op, hdev, addr, sizeof(*addr));
a5c29683
JH		 2697 if (!cmd) {
2698 err = -ENOMEM;
0df4c185 2699 goto done;
a5c29683
JH		 2700 }
2701
0df4c185 2702 /* Continue with pairing via HCI */
604086b7
BG		 2703 if (hci_op == HCI_OP_USER_PASSKEY_REPLY) {
2704 struct hci_cp_user_passkey_reply cp;
2705
1707c60e 2706 bacpy(&cp.bdaddr, &addr->bdaddr);
604086b7
BG		 2707 cp.passkey = passkey;
2708 err = hci_send_cmd(hdev, hci_op, sizeof(cp), &cp);
2709 } else
1707c60e
JH		 2710 err = hci_send_cmd(hdev, hci_op, sizeof(addr->bdaddr),
2711 &addr->bdaddr);
604086b7 2712
a664b5bc
JH		 2713 if (err < 0)
2714 mgmt_pending_remove(cmd);
a5c29683 2715
0df4c185 2716done:
09fd0de5 2717 hci_dev_unlock(hdev);
a5c29683
JH		 2718 return err;
2719}
2720
afeb019d
JK		 2721static int pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
2722 void *data, u16 len)
2723{
2724 struct mgmt_cp_pin_code_neg_reply *cp = data;
2725
2726 BT_DBG("");
2727
1707c60e 2728 return user_pairing_resp(sk, hdev, &cp->addr,
afeb019d
JK		 2729 MGMT_OP_PIN_CODE_NEG_REPLY,
2730 HCI_OP_PIN_CODE_NEG_REPLY, 0);
2731}
2732
04124681
GP		 2733static int user_confirm_reply(struct sock *sk, struct hci_dev *hdev, void *data,
2734 u16 len)
0df4c185 2735{
650f726d 2736 struct mgmt_cp_user_confirm_reply *cp = data;
0df4c185
BG		 2737
2738 BT_DBG("");
2739
2740 if (len != sizeof(*cp))
bdb6d971 2741 return cmd_status(sk, hdev->id, MGMT_OP_USER_CONFIRM_REPLY,
04124681 2742 MGMT_STATUS_INVALID_PARAMS);
0df4c185 2743
1707c60e 2744 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 2745 MGMT_OP_USER_CONFIRM_REPLY,
2746 HCI_OP_USER_CONFIRM_REPLY, 0);
0df4c185
BG		 2747}
2748
bdb6d971 2749static int user_confirm_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 2750 void *data, u16 len)
0df4c185 2751{
c9c2659f 2752 struct mgmt_cp_user_confirm_neg_reply *cp = data;
0df4c185
BG		 2753
2754 BT_DBG("");
2755
1707c60e 2756 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 2757 MGMT_OP_USER_CONFIRM_NEG_REPLY,
2758 HCI_OP_USER_CONFIRM_NEG_REPLY, 0);
0df4c185
BG		 2759}
2760
04124681
GP		 2761static int user_passkey_reply(struct sock *sk, struct hci_dev *hdev, void *data,
2762 u16 len)
604086b7 2763{
650f726d 2764 struct mgmt_cp_user_passkey_reply *cp = data;
604086b7
BG		 2765
2766 BT_DBG("");
2767
1707c60e 2768 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 2769 MGMT_OP_USER_PASSKEY_REPLY,
2770 HCI_OP_USER_PASSKEY_REPLY, cp->passkey);
604086b7
BG		 2771}
2772
bdb6d971 2773static int user_passkey_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 2774 void *data, u16 len)
604086b7 2775{
650f726d 2776 struct mgmt_cp_user_passkey_neg_reply *cp = data;
604086b7
BG		 2777
2778 BT_DBG("");
2779
1707c60e 2780 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 2781 MGMT_OP_USER_PASSKEY_NEG_REPLY,
2782 HCI_OP_USER_PASSKEY_NEG_REPLY, 0);
604086b7
BG		 2783}
2784
13928971 2785static void update_name(struct hci_request *req)
2b4bf397 2786{
13928971 2787 struct hci_dev *hdev = req->hdev;
2b4bf397
JH		 2788 struct hci_cp_write_local_name cp;
2789
13928971 2790 memcpy(cp.name, hdev->dev_name, sizeof(cp.name));
2b4bf397 2791
890ea898 2792 hci_req_add(req, HCI_OP_WRITE_LOCAL_NAME, sizeof(cp), &cp);
2b4bf397
JH		 2793}
2794
13928971
JH		 2795static void set_name_complete(struct hci_dev *hdev, u8 status)
2796{
2797 struct mgmt_cp_set_local_name *cp;
2798 struct pending_cmd *cmd;
2799
2800 BT_DBG("status 0x%02x", status);
2801
2802 hci_dev_lock(hdev);
2803
2804 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
2805 if (!cmd)
2806 goto unlock;
2807
2808 cp = cmd->param;
2809
2810 if (status)
2811 cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME,
2812 mgmt_status(status));
2813 else
2814 cmd_complete(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
2815 cp, sizeof(*cp));
2816
2817 mgmt_pending_remove(cmd);
2818
2819unlock:
2820 hci_dev_unlock(hdev);
2821}
2822
bdb6d971 2823static int set_local_name(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2824 u16 len)
b312b161 2825{
2b4bf397 2826 struct mgmt_cp_set_local_name *cp = data;
b312b161 2827 struct pending_cmd *cmd;
890ea898 2828 struct hci_request req;
b312b161
JH		 2829 int err;
2830
2831 BT_DBG("");
2832
09fd0de5 2833 hci_dev_lock(hdev);
b312b161 2834
b3f2ca94
JH		 2835 /* If the old values are the same as the new ones just return a
2836 * direct command complete event.
2837 */
2838 if (!memcmp(hdev->dev_name, cp->name, sizeof(hdev->dev_name)) &&
2839 !memcmp(hdev->short_name, cp->short_name,
2840 sizeof(hdev->short_name))) {
2841 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
2842 data, len);
2843 goto failed;
2844 }
2845
2b4bf397 2846 memcpy(hdev->short_name, cp->short_name, sizeof(hdev->short_name));
28cc7bde 2847
b5235a65 2848 if (!hdev_is_powered(hdev)) {
2b4bf397 2849 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
28cc7bde
JH		 2850
2851 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
04124681 2852 data, len);
28cc7bde
JH		 2853 if (err < 0)
2854 goto failed;
2855
2856 err = mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, data, len,
04124681 2857 sk);
28cc7bde 2858
b5235a65
JH		 2859 goto failed;
2860 }
2861
28cc7bde 2862 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LOCAL_NAME, hdev, data, len);
b312b161
JH		 2863 if (!cmd) {
2864 err = -ENOMEM;
2865 goto failed;
2866 }
2867
13928971
JH		 2868 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
2869
890ea898 2870 hci_req_init(&req, hdev);
3f985050
JH		 2871
2872 if (lmp_bredr_capable(hdev)) {
2873 update_name(&req);
2874 update_eir(&req);
2875 }
2876
2877 if (lmp_le_capable(hdev))
441ad2d0 2878 update_ad(&req);
3f985050 2879
13928971 2880 err = hci_req_run(&req, set_name_complete);
b312b161
JH		 2881 if (err < 0)
2882 mgmt_pending_remove(cmd);
2883
2884failed:
09fd0de5 2885 hci_dev_unlock(hdev);
b312b161
JH		 2886 return err;
2887}
2888
0f4e68cf 2889static int read_local_oob_data(struct sock *sk, struct hci_dev *hdev,
04124681 2890 void *data, u16 data_len)
c35938b2 2891{
c35938b2
SJ		 2892 struct pending_cmd *cmd;
2893 int err;
2894
bdb6d971 2895 BT_DBG("%s", hdev->name);
c35938b2 2896
09fd0de5 2897 hci_dev_lock(hdev);
c35938b2 2898
4b34ee78 2899 if (!hdev_is_powered(hdev)) {
bdb6d971 2900 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
04124681 2901 MGMT_STATUS_NOT_POWERED);
c35938b2
SJ		 2902 goto unlock;
2903 }
2904
9a1a1996 2905 if (!lmp_ssp_capable(hdev)) {
bdb6d971 2906 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
04124681 2907 MGMT_STATUS_NOT_SUPPORTED);
c35938b2
SJ		 2908 goto unlock;
2909 }
2910
2e58ef3e 2911 if (mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev)) {
bdb6d971 2912 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
04124681 2913 MGMT_STATUS_BUSY);
c35938b2
SJ		 2914 goto unlock;
2915 }
2916
2e58ef3e 2917 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_DATA, hdev, NULL, 0);
c35938b2
SJ		 2918 if (!cmd) {
2919 err = -ENOMEM;
2920 goto unlock;
2921 }
2922
2923 err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL);
2924 if (err < 0)
2925 mgmt_pending_remove(cmd);
2926
2927unlock:
09fd0de5 2928 hci_dev_unlock(hdev);
c35938b2
SJ		 2929 return err;
2930}
2931
bdb6d971 2932static int add_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
04124681 2933 void *data, u16 len)
2763eda6 2934{
650f726d 2935 struct mgmt_cp_add_remote_oob_data *cp = data;
bf1e3541 2936 u8 status;
2763eda6
SJ		 2937 int err;
2938
bdb6d971 2939 BT_DBG("%s ", hdev->name);
2763eda6 2940
09fd0de5 2941 hci_dev_lock(hdev);
2763eda6 2942
664ce4cc 2943 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr, cp->hash,
04124681 2944 cp->randomizer);
2763eda6 2945 if (err < 0)
bf1e3541 2946 status = MGMT_STATUS_FAILED;
2763eda6 2947 else
a6785be2 2948 status = MGMT_STATUS_SUCCESS;
bf1e3541 2949
bdb6d971 2950 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA, status,
04124681 2951 &cp->addr, sizeof(cp->addr));
2763eda6 2952
09fd0de5 2953 hci_dev_unlock(hdev);
2763eda6
SJ		 2954 return err;
2955}
2956
bdb6d971 2957static int remove_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
8ce8e2b5 2958 void *data, u16 len)
2763eda6 2959{
650f726d 2960 struct mgmt_cp_remove_remote_oob_data *cp = data;
bf1e3541 2961 u8 status;
2763eda6
SJ		 2962 int err;
2963
bdb6d971 2964 BT_DBG("%s", hdev->name);
2763eda6 2965
09fd0de5 2966 hci_dev_lock(hdev);
2763eda6 2967
664ce4cc 2968 err = hci_remove_remote_oob_data(hdev, &cp->addr.bdaddr);
2763eda6 2969 if (err < 0)
bf1e3541 2970 status = MGMT_STATUS_INVALID_PARAMS;
2763eda6 2971 else
a6785be2 2972 status = MGMT_STATUS_SUCCESS;
bf1e3541 2973
bdb6d971 2974 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
04124681 2975 status, &cp->addr, sizeof(cp->addr));
2763eda6 2976
09fd0de5 2977 hci_dev_unlock(hdev);
2763eda6
SJ		 2978 return err;
2979}
2980
41dc2bd6
AG		 2981static int mgmt_start_discovery_failed(struct hci_dev *hdev, u8 status)
2982{
2983 struct pending_cmd *cmd;
2984 u8 type;
2985 int err;
2986
2987 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
2988
2989 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
2990 if (!cmd)
2991 return -ENOENT;
2992
2993 type = hdev->discovery.type;
2994
2995 err = cmd_complete(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status),
2996 &type, sizeof(type));
2997 mgmt_pending_remove(cmd);
2998
2999 return err;
3000}
3001
7c307720
AG		 3002static void start_discovery_complete(struct hci_dev *hdev, u8 status)
3003{
3004 BT_DBG("status %d", status);
3005
3006 if (status) {
3007 hci_dev_lock(hdev);
3008 mgmt_start_discovery_failed(hdev, status);
3009 hci_dev_unlock(hdev);
3010 return;
3011 }
3012
3013 hci_dev_lock(hdev);
3014 hci_discovery_set_state(hdev, DISCOVERY_FINDING);
3015 hci_dev_unlock(hdev);
3016
3017 switch (hdev->discovery.type) {
3018 case DISCOV_TYPE_LE:
3019 queue_delayed_work(hdev->workqueue, &hdev->le_scan_disable,
0d8cc935 3020 DISCOV_LE_TIMEOUT);
7c307720
AG		 3021 break;
3022
3023 case DISCOV_TYPE_INTERLEAVED:
3024 queue_delayed_work(hdev->workqueue, &hdev->le_scan_disable,
0d8cc935 3025 DISCOV_INTERLEAVED_TIMEOUT);
7c307720
AG		 3026 break;
3027
3028 case DISCOV_TYPE_BREDR:
3029 break;
3030
3031 default:
3032 BT_ERR("Invalid discovery type %d", hdev->discovery.type);
3033 }
3034}
3035
bdb6d971 3036static int start_discovery(struct sock *sk, struct hci_dev *hdev,
04124681 3037 void *data, u16 len)
14a53664 3038{
650f726d 3039 struct mgmt_cp_start_discovery *cp = data;
14a53664 3040 struct pending_cmd *cmd;
7c307720
AG		 3041 struct hci_cp_le_set_scan_param param_cp;
3042 struct hci_cp_le_set_scan_enable enable_cp;
3043 struct hci_cp_inquiry inq_cp;
3044 struct hci_request req;
3045 /* General inquiry access code (GIAC) */
3046 u8 lap[3] = { 0x33, 0x8b, 0x9e };
e6fe7986 3047 u8 status;
14a53664
JH		 3048 int err;
3049
bdb6d971 3050 BT_DBG("%s", hdev->name);
14a53664 3051
09fd0de5 3052 hci_dev_lock(hdev);
14a53664 3053
4b34ee78 3054 if (!hdev_is_powered(hdev)) {
bdb6d971 3055 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
04124681 3056 MGMT_STATUS_NOT_POWERED);
bd2d1334
JH		 3057 goto failed;
3058 }
3059
642be6c7
AG		 3060 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags)) {
3061 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3062 MGMT_STATUS_BUSY);
3063 goto failed;
3064 }
3065
ff9ef578 3066 if (hdev->discovery.state != DISCOVERY_STOPPED) {
bdb6d971 3067 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
04124681 3068 MGMT_STATUS_BUSY);
ff9ef578
JH		 3069 goto failed;
3070 }
3071
2e58ef3e 3072 cmd = mgmt_pending_add(sk, MGMT_OP_START_DISCOVERY, hdev, NULL, 0);
14a53664
JH		 3073 if (!cmd) {
3074 err = -ENOMEM;
3075 goto failed;
3076 }
3077
4aab14e5
AG		 3078 hdev->discovery.type = cp->type;
3079
7c307720
AG		 3080 hci_req_init(&req, hdev);
3081
4aab14e5 3082 switch (hdev->discovery.type) {
f39799f5 3083 case DISCOV_TYPE_BREDR:
e6fe7986
JH		 3084 status = mgmt_bredr_support(hdev);
3085 if (status) {
04106755 3086 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
e6fe7986 3087 status);
04106755
JH		 3088 mgmt_pending_remove(cmd);
3089 goto failed;
3090 }
3091
7c307720
AG		 3092 if (test_bit(HCI_INQUIRY, &hdev->flags)) {
3093 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3094 MGMT_STATUS_BUSY);
3095 mgmt_pending_remove(cmd);
3096 goto failed;
3097 }
3098
3099 hci_inquiry_cache_flush(hdev);
3100
3101 memset(&inq_cp, 0, sizeof(inq_cp));
3102 memcpy(&inq_cp.lap, lap, sizeof(inq_cp.lap));
0d8cc935 3103 inq_cp.length = DISCOV_BREDR_INQUIRY_LEN;
7c307720 3104 hci_req_add(&req, HCI_OP_INQUIRY, sizeof(inq_cp), &inq_cp);
f39799f5
AG		 3105 break;
3106
3107 case DISCOV_TYPE_LE:
7c307720 3108 case DISCOV_TYPE_INTERLEAVED:
e6fe7986
JH		 3109 status = mgmt_le_support(hdev);
3110 if (status) {
04106755 3111 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
e6fe7986 3112 status);
04106755
JH		 3113 mgmt_pending_remove(cmd);
3114 goto failed;
3115 }
3116
7c307720 3117 if (hdev->discovery.type == DISCOV_TYPE_INTERLEAVED &&
56f87901 3118 !test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
04106755
JH		 3119 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3120 MGMT_STATUS_NOT_SUPPORTED);
3121 mgmt_pending_remove(cmd);
3122 goto failed;
3123 }
3124
f3d3444a 3125 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags)) {
7c307720
AG		 3126 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3127 MGMT_STATUS_REJECTED);
3128 mgmt_pending_remove(cmd);
3129 goto failed;
3130 }
3131
3132 if (test_bit(HCI_LE_SCAN, &hdev->dev_flags)) {
3133 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3134 MGMT_STATUS_BUSY);
3135 mgmt_pending_remove(cmd);
3136 goto failed;
3137 }
3138
3139 memset(&param_cp, 0, sizeof(param_cp));
3140 param_cp.type = LE_SCAN_ACTIVE;
0d8cc935
AG		 3141 param_cp.interval = cpu_to_le16(DISCOV_LE_SCAN_INT);
3142 param_cp.window = cpu_to_le16(DISCOV_LE_SCAN_WIN);
c25dfc61
MH		 3143 if (bacmp(&hdev->bdaddr, BDADDR_ANY))
3144 param_cp.own_address_type = ADDR_LE_DEV_PUBLIC;
3145 else
3146 param_cp.own_address_type = ADDR_LE_DEV_RANDOM;
7c307720
AG		 3147 hci_req_add(&req, HCI_OP_LE_SET_SCAN_PARAM, sizeof(param_cp),
3148 &param_cp);
3149
3150 memset(&enable_cp, 0, sizeof(enable_cp));
3151 enable_cp.enable = LE_SCAN_ENABLE;
3152 enable_cp.filter_dup = LE_SCAN_FILTER_DUP_ENABLE;
3153 hci_req_add(&req, HCI_OP_LE_SET_SCAN_ENABLE, sizeof(enable_cp),
3154 &enable_cp);
5e0452c0
AG		 3155 break;
3156
f39799f5 3157 default:
04106755
JH		 3158 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3159 MGMT_STATUS_INVALID_PARAMS);
3160 mgmt_pending_remove(cmd);
3161 goto failed;
f39799f5 3162 }
3fd24153 3163
7c307720 3164 err = hci_req_run(&req, start_discovery_complete);
14a53664
JH		 3165 if (err < 0)
3166 mgmt_pending_remove(cmd);
ff9ef578
JH		 3167 else
3168 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
14a53664
JH		 3169
3170failed:
09fd0de5 3171 hci_dev_unlock(hdev);
14a53664
JH		 3172 return err;
3173}
3174
1183fdca
AG		 3175static int mgmt_stop_discovery_failed(struct hci_dev *hdev, u8 status)
3176{
3177 struct pending_cmd *cmd;
3178 int err;
3179
3180 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
3181 if (!cmd)
3182 return -ENOENT;
3183
3184 err = cmd_complete(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status),
3185 &hdev->discovery.type, sizeof(hdev->discovery.type));
3186 mgmt_pending_remove(cmd);
3187
3188 return err;
3189}
3190
0e05bba6
AG		 3191static void stop_discovery_complete(struct hci_dev *hdev, u8 status)
3192{
3193 BT_DBG("status %d", status);
3194
3195 hci_dev_lock(hdev);
3196
3197 if (status) {
3198 mgmt_stop_discovery_failed(hdev, status);
3199 goto unlock;
3200 }
3201
3202 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
3203
3204unlock:
3205 hci_dev_unlock(hdev);
3206}
3207
bdb6d971 3208static int stop_discovery(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3209 u16 len)
14a53664 3210{
d930650b 3211 struct mgmt_cp_stop_discovery *mgmt_cp = data;
14a53664 3212 struct pending_cmd *cmd;
30dc78e1
JH		 3213 struct hci_cp_remote_name_req_cancel cp;
3214 struct inquiry_entry *e;
0e05bba6
AG		 3215 struct hci_request req;
3216 struct hci_cp_le_set_scan_enable enable_cp;
14a53664
JH		 3217 int err;
3218
bdb6d971 3219 BT_DBG("%s", hdev->name);
14a53664 3220
09fd0de5 3221 hci_dev_lock(hdev);
14a53664 3222
30dc78e1 3223 if (!hci_discovery_active(hdev)) {
bdb6d971 3224 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
04124681
GP		 3225 MGMT_STATUS_REJECTED, &mgmt_cp->type,
3226 sizeof(mgmt_cp->type));
d930650b
JH		 3227 goto unlock;
3228 }
3229
3230 if (hdev->discovery.type != mgmt_cp->type) {
bdb6d971 3231 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
04124681
GP		 3232 MGMT_STATUS_INVALID_PARAMS, &mgmt_cp->type,
3233 sizeof(mgmt_cp->type));
30dc78e1 3234 goto unlock;
ff9ef578
JH		 3235 }
3236
2e58ef3e 3237 cmd = mgmt_pending_add(sk, MGMT_OP_STOP_DISCOVERY, hdev, NULL, 0);
14a53664
JH		 3238 if (!cmd) {
3239 err = -ENOMEM;
30dc78e1
JH		 3240 goto unlock;
3241 }
3242
0e05bba6
AG		 3243 hci_req_init(&req, hdev);
3244
e0d9727e
AG		 3245 switch (hdev->discovery.state) {
3246 case DISCOVERY_FINDING:
0e05bba6
AG		 3247 if (test_bit(HCI_INQUIRY, &hdev->flags)) {
3248 hci_req_add(&req, HCI_OP_INQUIRY_CANCEL, 0, NULL);
3249 } else {
3250 cancel_delayed_work(&hdev->le_scan_disable);
3251
3252 memset(&enable_cp, 0, sizeof(enable_cp));
3253 enable_cp.enable = LE_SCAN_DISABLE;
3254 hci_req_add(&req, HCI_OP_LE_SET_SCAN_ENABLE,
3255 sizeof(enable_cp), &enable_cp);
3256 }
c9ecc48e 3257
e0d9727e
AG		 3258 break;
3259
3260 case DISCOVERY_RESOLVING:
3261 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY,
8ce8e2b5 3262 NAME_PENDING);
e0d9727e 3263 if (!e) {
30dc78e1 3264 mgmt_pending_remove(cmd);
e0d9727e
AG		 3265 err = cmd_complete(sk, hdev->id,
3266 MGMT_OP_STOP_DISCOVERY, 0,
3267 &mgmt_cp->type,
3268 sizeof(mgmt_cp->type));
3269 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
3270 goto unlock;
3271 }
30dc78e1 3272
e0d9727e 3273 bacpy(&cp.bdaddr, &e->data.bdaddr);
0e05bba6
AG		 3274 hci_req_add(&req, HCI_OP_REMOTE_NAME_REQ_CANCEL, sizeof(cp),
3275 &cp);
e0d9727e
AG		 3276
3277 break;
3278
3279 default:
3280 BT_DBG("unknown discovery state %u", hdev->discovery.state);
0e05bba6
AG		 3281
3282 mgmt_pending_remove(cmd);
3283 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
3284 MGMT_STATUS_FAILED, &mgmt_cp->type,
3285 sizeof(mgmt_cp->type));
3286 goto unlock;
14a53664
JH		 3287 }
3288
0e05bba6 3289 err = hci_req_run(&req, stop_discovery_complete);
14a53664
JH		 3290 if (err < 0)
3291 mgmt_pending_remove(cmd);
ff9ef578
JH		 3292 else
3293 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
14a53664 3294
30dc78e1 3295unlock:
09fd0de5 3296 hci_dev_unlock(hdev);
14a53664
JH		 3297 return err;
3298}
3299
bdb6d971 3300static int confirm_name(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3301 u16 len)
561aafbc 3302{
650f726d 3303 struct mgmt_cp_confirm_name *cp = data;
561aafbc 3304 struct inquiry_entry *e;
561aafbc
JH		 3305 int err;
3306
bdb6d971 3307 BT_DBG("%s", hdev->name);
561aafbc 3308
561aafbc
JH		 3309 hci_dev_lock(hdev);
3310
30dc78e1 3311 if (!hci_discovery_active(hdev)) {
bdb6d971 3312 err = cmd_status(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
04124681 3313 MGMT_STATUS_FAILED);
30dc78e1
JH		 3314 goto failed;
3315 }
3316
a198e7b1 3317 e = hci_inquiry_cache_lookup_unknown(hdev, &cp->addr.bdaddr);
561aafbc 3318 if (!e) {
bdb6d971 3319 err = cmd_status(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
04124681 3320 MGMT_STATUS_INVALID_PARAMS);
561aafbc
JH		 3321 goto failed;
3322 }
3323
3324 if (cp->name_known) {
3325 e->name_state = NAME_KNOWN;
3326 list_del(&e->list);
3327 } else {
3328 e->name_state = NAME_NEEDED;
a3d4e20a 3329 hci_inquiry_cache_update_resolve(hdev, e);
561aafbc
JH		 3330 }
3331
e384662b
JH		 3332 err = cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME, 0, &cp->addr,
3333 sizeof(cp->addr));
561aafbc
JH		 3334
3335failed:
3336 hci_dev_unlock(hdev);
561aafbc
JH		 3337 return err;
3338}
3339
bdb6d971 3340static int block_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3341 u16 len)
7fbec224 3342{
650f726d 3343 struct mgmt_cp_block_device *cp = data;
f0eeea8b 3344 u8 status;
7fbec224
AJ		 3345 int err;
3346
bdb6d971 3347 BT_DBG("%s", hdev->name);
7fbec224 3348
4ee71b20 3349 if (!bdaddr_type_is_valid(cp->addr.type))
5d0846d4
JH		 3350 return cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE,
3351 MGMT_STATUS_INVALID_PARAMS,
3352 &cp->addr, sizeof(cp->addr));
4ee71b20 3353
09fd0de5 3354 hci_dev_lock(hdev);
5e762444 3355
88c1fe4b 3356 err = hci_blacklist_add(hdev, &cp->addr.bdaddr, cp->addr.type);
7fbec224 3357 if (err < 0)
f0eeea8b 3358 status = MGMT_STATUS_FAILED;
7fbec224 3359 else
a6785be2 3360 status = MGMT_STATUS_SUCCESS;
f0eeea8b 3361
bdb6d971 3362 err = cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE, status,
04124681 3363 &cp->addr, sizeof(cp->addr));
5e762444 3364
09fd0de5 3365 hci_dev_unlock(hdev);
7fbec224
AJ		 3366
3367 return err;
3368}
3369
bdb6d971 3370static int unblock_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3371 u16 len)
7fbec224 3372{
650f726d 3373 struct mgmt_cp_unblock_device *cp = data;
f0eeea8b 3374 u8 status;
7fbec224
AJ		 3375 int err;
3376
bdb6d971 3377 BT_DBG("%s", hdev->name);
7fbec224 3378
4ee71b20 3379 if (!bdaddr_type_is_valid(cp->addr.type))
5d0846d4
JH		 3380 return cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE,
3381 MGMT_STATUS_INVALID_PARAMS,
3382 &cp->addr, sizeof(cp->addr));
4ee71b20 3383
09fd0de5 3384 hci_dev_lock(hdev);
5e762444 3385
88c1fe4b 3386 err = hci_blacklist_del(hdev, &cp->addr.bdaddr, cp->addr.type);
7fbec224 3387 if (err < 0)
f0eeea8b 3388 status = MGMT_STATUS_INVALID_PARAMS;
7fbec224 3389 else
a6785be2 3390 status = MGMT_STATUS_SUCCESS;
f0eeea8b 3391
bdb6d971 3392 err = cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE, status,
04124681 3393 &cp->addr, sizeof(cp->addr));
5e762444 3394
09fd0de5 3395 hci_dev_unlock(hdev);
7fbec224
AJ		 3396
3397 return err;
3398}
3399
cdbaccca
MH		 3400static int set_device_id(struct sock *sk, struct hci_dev *hdev, void *data,
3401 u16 len)
3402{
3403 struct mgmt_cp_set_device_id *cp = data;
890ea898 3404 struct hci_request req;
cdbaccca 3405 int err;
c72d4b8a 3406 __u16 source;
cdbaccca
MH		 3407
3408 BT_DBG("%s", hdev->name);
3409
c72d4b8a
SJ		 3410 source = __le16_to_cpu(cp->source);
3411
3412 if (source > 0x0002)
3413 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEVICE_ID,
3414 MGMT_STATUS_INVALID_PARAMS);
3415
cdbaccca
MH		 3416 hci_dev_lock(hdev);
3417
c72d4b8a 3418 hdev->devid_source = source;
cdbaccca
MH		 3419 hdev->devid_vendor = __le16_to_cpu(cp->vendor);
3420 hdev->devid_product = __le16_to_cpu(cp->product);
3421 hdev->devid_version = __le16_to_cpu(cp->version);
3422
3423 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEVICE_ID, 0, NULL, 0);
3424
890ea898
JH		 3425 hci_req_init(&req, hdev);
3426 update_eir(&req);
3427 hci_req_run(&req, NULL);
cdbaccca
MH		 3428
3429 hci_dev_unlock(hdev);
3430
3431 return err;
3432}
3433
4375f103
JH		 3434static void set_advertising_complete(struct hci_dev *hdev, u8 status)
3435{
3436 struct cmd_lookup match = { NULL, hdev };
3437
3438 if (status) {
3439 u8 mgmt_err = mgmt_status(status);
3440
3441 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev,
3442 cmd_status_rsp, &mgmt_err);
3443 return;
3444 }
3445
3446 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev, settings_rsp,
3447 &match);
3448
3449 new_settings(hdev, match.sk);
3450
3451 if (match.sk)
3452 sock_put(match.sk);
3453}
3454
21b5187f
MH		 3455static int set_advertising(struct sock *sk, struct hci_dev *hdev, void *data,
3456 u16 len)
4375f103
JH		 3457{
3458 struct mgmt_mode *cp = data;
3459 struct pending_cmd *cmd;
3460 struct hci_request req;
e6fe7986 3461 u8 val, enabled, status;
4375f103
JH		 3462 int err;
3463
3464 BT_DBG("request for %s", hdev->name);
3465
e6fe7986
JH		 3466 status = mgmt_le_support(hdev);
3467 if (status)
4375f103 3468 return cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
e6fe7986 3469 status);
4375f103
JH		 3470
3471 if (cp->val != 0x00 && cp->val != 0x01)
3472 return cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
3473 MGMT_STATUS_INVALID_PARAMS);
3474
3475 hci_dev_lock(hdev);
3476
3477 val = !!cp->val;
f3d3444a 3478 enabled = test_bit(HCI_ADVERTISING, &hdev->dev_flags);
4375f103 3479
f74ca9b8
JH		 3480 /* The following conditions are ones which mean that we should
3481 * not do any HCI communication but directly send a mgmt
3482 * response to user space (after toggling the flag if
3483 * necessary).
3484 */
3485 if (!hdev_is_powered(hdev) || val == enabled ||
b145edcd 3486 hci_conn_num(hdev, LE_LINK) > 0) {
4375f103
JH		 3487 bool changed = false;
3488
f3d3444a
JH		 3489 if (val != test_bit(HCI_ADVERTISING, &hdev->dev_flags)) {
3490 change_bit(HCI_ADVERTISING, &hdev->dev_flags);
4375f103
JH		 3491 changed = true;
3492 }
3493
3494 err = send_settings_rsp(sk, MGMT_OP_SET_ADVERTISING, hdev);
3495 if (err < 0)
3496 goto unlock;
3497
3498 if (changed)
3499 err = new_settings(hdev, sk);
3500
3501 goto unlock;
3502 }
3503
3504 if (mgmt_pending_find(MGMT_OP_SET_ADVERTISING, hdev) ||
3505 mgmt_pending_find(MGMT_OP_SET_LE, hdev)) {
3506 err = cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
3507 MGMT_STATUS_BUSY);
3508 goto unlock;
3509 }
3510
3511 cmd = mgmt_pending_add(sk, MGMT_OP_SET_ADVERTISING, hdev, data, len);
3512 if (!cmd) {
3513 err = -ENOMEM;
3514 goto unlock;
3515 }
3516
3517 hci_req_init(&req, hdev);
3518
bba3aa55
MH		 3519 if (val)
3520 enable_advertising(&req);
3521 else
3522 disable_advertising(&req);
4375f103
JH		 3523
3524 err = hci_req_run(&req, set_advertising_complete);
3525 if (err < 0)
3526 mgmt_pending_remove(cmd);
3527
3528unlock:
3529 hci_dev_unlock(hdev);
3530 return err;
3531}
3532
d13eafce
MH		 3533static int set_static_address(struct sock *sk, struct hci_dev *hdev,
3534 void *data, u16 len)
3535{
3536 struct mgmt_cp_set_static_address *cp = data;
3537 int err;
3538
3539 BT_DBG("%s", hdev->name);
3540
62af4443 3541 if (!lmp_le_capable(hdev))
d13eafce 3542 return cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
62af4443 3543 MGMT_STATUS_NOT_SUPPORTED);
d13eafce
MH		 3544
3545 if (hdev_is_powered(hdev))
3546 return cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
3547 MGMT_STATUS_REJECTED);
3548
3549 if (bacmp(&cp->bdaddr, BDADDR_ANY)) {
3550 if (!bacmp(&cp->bdaddr, BDADDR_NONE))
3551 return cmd_status(sk, hdev->id,
3552 MGMT_OP_SET_STATIC_ADDRESS,
3553 MGMT_STATUS_INVALID_PARAMS);
3554
3555 /* Two most significant bits shall be set */
3556 if ((cp->bdaddr.b[5] & 0xc0) != 0xc0)
3557 return cmd_status(sk, hdev->id,
3558 MGMT_OP_SET_STATIC_ADDRESS,
3559 MGMT_STATUS_INVALID_PARAMS);
3560 }
3561
3562 hci_dev_lock(hdev);
3563
3564 bacpy(&hdev->static_addr, &cp->bdaddr);
3565
3566 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS, 0, NULL, 0);
3567
3568 hci_dev_unlock(hdev);
3569
3570 return err;
3571}
3572
14b49b9a
MH		 3573static int set_scan_params(struct sock *sk, struct hci_dev *hdev,
3574 void *data, u16 len)
3575{
3576 struct mgmt_cp_set_scan_params *cp = data;
3577 __u16 interval, window;
3578 int err;
3579
3580 BT_DBG("%s", hdev->name);
3581
3582 if (!lmp_le_capable(hdev))
3583 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
3584 MGMT_STATUS_NOT_SUPPORTED);
3585
3586 interval = __le16_to_cpu(cp->interval);
3587
3588 if (interval < 0x0004 || interval > 0x4000)
3589 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
3590 MGMT_STATUS_INVALID_PARAMS);
3591
3592 window = __le16_to_cpu(cp->window);
3593
3594 if (window < 0x0004 || window > 0x4000)
3595 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
3596 MGMT_STATUS_INVALID_PARAMS);
3597
899e1075
MH		 3598 if (window > interval)
3599 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
3600 MGMT_STATUS_INVALID_PARAMS);
3601
14b49b9a
MH		 3602 hci_dev_lock(hdev);
3603
3604 hdev->le_scan_interval = interval;
3605 hdev->le_scan_window = window;
3606
3607 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS, 0, NULL, 0);
3608
3609 hci_dev_unlock(hdev);
3610
3611 return err;
3612}
3613
33e38b3e
JH		 3614static void fast_connectable_complete(struct hci_dev *hdev, u8 status)
3615{
3616 struct pending_cmd *cmd;
3617
3618 BT_DBG("status 0x%02x", status);
3619
3620 hci_dev_lock(hdev);
3621
3622 cmd = mgmt_pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev);
3623 if (!cmd)
3624 goto unlock;
3625
3626 if (status) {
3627 cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
3628 mgmt_status(status));
3629 } else {
1a4d3c4b
JH		 3630 struct mgmt_mode *cp = cmd->param;
3631
3632 if (cp->val)
3633 set_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
3634 else
3635 clear_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
3636
33e38b3e
JH		 3637 send_settings_rsp(cmd->sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev);
3638 new_settings(hdev, cmd->sk);
3639 }
3640
3641 mgmt_pending_remove(cmd);
3642
3643unlock:
3644 hci_dev_unlock(hdev);
3645}
3646
bdb6d971 3647static int set_fast_connectable(struct sock *sk, struct hci_dev *hdev,
04124681 3648 void *data, u16 len)
f6422ec6 3649{
650f726d 3650 struct mgmt_mode *cp = data;
33e38b3e
JH		 3651 struct pending_cmd *cmd;
3652 struct hci_request req;
f6422ec6
AJ		 3653 int err;
3654
bdb6d971 3655 BT_DBG("%s", hdev->name);
f6422ec6 3656
56f87901
JH		 3657 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags) ||
3658 hdev->hci_ver < BLUETOOTH_VER_1_2)
33c525c0
JH		 3659 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
3660 MGMT_STATUS_NOT_SUPPORTED);
3661
a7e80f25
JH		 3662 if (cp->val != 0x00 && cp->val != 0x01)
3663 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
3664 MGMT_STATUS_INVALID_PARAMS);
3665
5400c044 3666 if (!hdev_is_powered(hdev))
bdb6d971 3667 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
04124681 3668 MGMT_STATUS_NOT_POWERED);
5400c044
JH		 3669
3670 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
bdb6d971 3671 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
04124681 3672 MGMT_STATUS_REJECTED);
f6422ec6
AJ		 3673
3674 hci_dev_lock(hdev);
3675
05cbf29f
JH		 3676 if (mgmt_pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev)) {
3677 err = cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
3678 MGMT_STATUS_BUSY);
3679 goto unlock;
3680 }
3681
1a4d3c4b
JH		 3682 if (!!cp->val == test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags)) {
3683 err = send_settings_rsp(sk, MGMT_OP_SET_FAST_CONNECTABLE,
3684 hdev);
3685 goto unlock;
3686 }
3687
33e38b3e
JH		 3688 cmd = mgmt_pending_add(sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev,
3689 data, len);
3690 if (!cmd) {
3691 err = -ENOMEM;
3692 goto unlock;
f6422ec6
AJ		 3693 }
3694
33e38b3e
JH		 3695 hci_req_init(&req, hdev);
3696
406d7804 3697 write_fast_connectable(&req, cp->val);
33e38b3e
JH		 3698
3699 err = hci_req_run(&req, fast_connectable_complete);
f6422ec6 3700 if (err < 0) {
bdb6d971 3701 err = cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
04124681 3702 MGMT_STATUS_FAILED);
33e38b3e 3703 mgmt_pending_remove(cmd);
f6422ec6
AJ		 3704 }
3705
33e38b3e 3706unlock:
f6422ec6 3707 hci_dev_unlock(hdev);
33e38b3e 3708
f6422ec6
AJ		 3709 return err;
3710}
3711
67e5a7a3
JH		 3712static void set_bredr_scan(struct hci_request *req)
3713{
3714 struct hci_dev *hdev = req->hdev;
3715 u8 scan = 0;
3716
3717 /* Ensure that fast connectable is disabled. This function will
3718 * not do anything if the page scan parameters are already what
3719 * they should be.
3720 */
3721 write_fast_connectable(req, false);
3722
3723 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
3724 scan |= SCAN_PAGE;
3725 if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
3726 scan |= SCAN_INQUIRY;
3727
3728 if (scan)
3729 hci_req_add(req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
3730}
3731
0663ca2a
JH		 3732static void set_bredr_complete(struct hci_dev *hdev, u8 status)
3733{
3734 struct pending_cmd *cmd;
3735
3736 BT_DBG("status 0x%02x", status);
3737
3738 hci_dev_lock(hdev);
3739
3740 cmd = mgmt_pending_find(MGMT_OP_SET_BREDR, hdev);
3741 if (!cmd)
3742 goto unlock;
3743
3744 if (status) {
3745 u8 mgmt_err = mgmt_status(status);
3746
3747 /* We need to restore the flag if related HCI commands
3748 * failed.
3749 */
3750 clear_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
3751
3752 cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
3753 } else {
3754 send_settings_rsp(cmd->sk, MGMT_OP_SET_BREDR, hdev);
3755 new_settings(hdev, cmd->sk);
3756 }
3757
3758 mgmt_pending_remove(cmd);
3759
3760unlock:
3761 hci_dev_unlock(hdev);
3762}
3763
3764static int set_bredr(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
3765{
3766 struct mgmt_mode *cp = data;
3767 struct pending_cmd *cmd;
3768 struct hci_request req;
3769 int err;
3770
3771 BT_DBG("request for %s", hdev->name);
3772
3773 if (!lmp_bredr_capable(hdev) || !lmp_le_capable(hdev))
3774 return cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
3775 MGMT_STATUS_NOT_SUPPORTED);
3776
3777 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
3778 return cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
3779 MGMT_STATUS_REJECTED);
3780
3781 if (cp->val != 0x00 && cp->val != 0x01)
3782 return cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
3783 MGMT_STATUS_INVALID_PARAMS);
3784
3785 hci_dev_lock(hdev);
3786
3787 if (cp->val == test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
3788 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
3789 goto unlock;
3790 }
3791
3792 if (!hdev_is_powered(hdev)) {
3793 if (!cp->val) {
0663ca2a
JH		 3794 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
3795 clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
3796 clear_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
3797 clear_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
3798 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
3799 }
3800
3801 change_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
3802
3803 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
3804 if (err < 0)
3805 goto unlock;
3806
3807 err = new_settings(hdev, sk);
3808 goto unlock;
3809 }
3810
3811 /* Reject disabling when powered on */
3812 if (!cp->val) {
3813 err = cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
3814 MGMT_STATUS_REJECTED);
3815 goto unlock;
3816 }
3817
3818 if (mgmt_pending_find(MGMT_OP_SET_BREDR, hdev)) {
3819 err = cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
3820 MGMT_STATUS_BUSY);
3821 goto unlock;
3822 }
3823
3824 cmd = mgmt_pending_add(sk, MGMT_OP_SET_BREDR, hdev, data, len);
3825 if (!cmd) {
3826 err = -ENOMEM;
3827 goto unlock;
3828 }
3829
441ad2d0 3830 /* We need to flip the bit already here so that update_ad
0663ca2a
JH		 3831 * generates the correct flags.
3832 */
3833 set_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
3834
3835 hci_req_init(&req, hdev);
aa8af46e
JH		 3836
3837 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
3838 set_bredr_scan(&req);
3839
441ad2d0 3840 update_ad(&req);
aa8af46e 3841
0663ca2a
JH		 3842 err = hci_req_run(&req, set_bredr_complete);
3843 if (err < 0)
3844 mgmt_pending_remove(cmd);
3845
3846unlock:
3847 hci_dev_unlock(hdev);
3848 return err;
3849}
3850
3f706b72
JH		 3851static bool ltk_is_valid(struct mgmt_ltk_info *key)
3852{
44b20d33
JH		 3853 if (key->authenticated != 0x00 && key->authenticated != 0x01)
3854 return false;
3f706b72
JH		 3855 if (key->master != 0x00 && key->master != 0x01)
3856 return false;
4ee71b20
JH		 3857 if (!bdaddr_type_is_le(key->addr.type))
3858 return false;
3f706b72
JH		 3859 return true;
3860}
3861
bdb6d971 3862static int load_long_term_keys(struct sock *sk, struct hci_dev *hdev,
04124681 3863 void *cp_data, u16 len)
346af67b 3864{
346af67b
VCG		 3865 struct mgmt_cp_load_long_term_keys *cp = cp_data;
3866 u16 key_count, expected_len;
715a5bf2 3867 int i, err;
346af67b 3868
cf99ba13
MH		 3869 BT_DBG("request for %s", hdev->name);
3870
3871 if (!lmp_le_capable(hdev))
3872 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
3873 MGMT_STATUS_NOT_SUPPORTED);
3874
1f350c87 3875 key_count = __le16_to_cpu(cp->key_count);
346af67b
VCG		 3876
3877 expected_len = sizeof(*cp) + key_count *
3878 sizeof(struct mgmt_ltk_info);
3879 if (expected_len != len) {
3880 BT_ERR("load_keys: expected %u bytes, got %u bytes",
8ce8e2b5 3881 len, expected_len);
bdb6d971 3882 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
e57e619f 3883 MGMT_STATUS_INVALID_PARAMS);
346af67b
VCG		 3884 }
3885
bdb6d971 3886 BT_DBG("%s key_count %u", hdev->name, key_count);
346af67b 3887
54ad6d8a
JH		 3888 for (i = 0; i < key_count; i++) {
3889 struct mgmt_ltk_info *key = &cp->keys[i];
3890
3f706b72 3891 if (!ltk_is_valid(key))
54ad6d8a
JH		 3892 return cmd_status(sk, hdev->id,
3893 MGMT_OP_LOAD_LONG_TERM_KEYS,
3894 MGMT_STATUS_INVALID_PARAMS);
3895 }
3896
346af67b
VCG		 3897 hci_dev_lock(hdev);
3898
3899 hci_smp_ltks_clear(hdev);
3900
3901 for (i = 0; i < key_count; i++) {
3902 struct mgmt_ltk_info *key = &cp->keys[i];
79d95a19
MH		 3903 u8 type, addr_type;
3904
3905 if (key->addr.type == BDADDR_LE_PUBLIC)
3906 addr_type = ADDR_LE_DEV_PUBLIC;
3907 else
3908 addr_type = ADDR_LE_DEV_RANDOM;
346af67b
VCG		 3909
3910 if (key->master)
3911 type = HCI_SMP_LTK;
3912 else
3913 type = HCI_SMP_LTK_SLAVE;
3914
79d95a19 3915 hci_add_ltk(hdev, &key->addr.bdaddr, addr_type,
04124681
GP		 3916 type, 0, key->authenticated, key->val,
3917 key->enc_size, key->ediv, key->rand);
346af67b
VCG		 3918 }
3919
715a5bf2
JH		 3920 err = cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS, 0,
3921 NULL, 0);
3922
346af67b 3923 hci_dev_unlock(hdev);
346af67b 3924
715a5bf2 3925 return err;
346af67b
VCG		 3926}
3927
2e3c35ea 3928static const struct mgmt_handler {
04124681
GP		 3929 int (*func) (struct sock *sk, struct hci_dev *hdev, void *data,
3930 u16 data_len);
be22b54e
JH		 3931 bool var_len;
3932 size_t data_len;
0f4e68cf
JH		 3933} mgmt_handlers[] = {
3934 { NULL }, /* 0x0000 (no command) */
be22b54e
JH		 3935 { read_version, false, MGMT_READ_VERSION_SIZE },
3936 { read_commands, false, MGMT_READ_COMMANDS_SIZE },
3937 { read_index_list, false, MGMT_READ_INDEX_LIST_SIZE },
3938 { read_controller_info, false, MGMT_READ_INFO_SIZE },
3939 { set_powered, false, MGMT_SETTING_SIZE },
3940 { set_discoverable, false, MGMT_SET_DISCOVERABLE_SIZE },
3941 { set_connectable, false, MGMT_SETTING_SIZE },
3942 { set_fast_connectable, false, MGMT_SETTING_SIZE },
3943 { set_pairable, false, MGMT_SETTING_SIZE },
3944 { set_link_security, false, MGMT_SETTING_SIZE },
3945 { set_ssp, false, MGMT_SETTING_SIZE },
3946 { set_hs, false, MGMT_SETTING_SIZE },
3947 { set_le, false, MGMT_SETTING_SIZE },
3948 { set_dev_class, false, MGMT_SET_DEV_CLASS_SIZE },
3949 { set_local_name, false, MGMT_SET_LOCAL_NAME_SIZE },
3950 { add_uuid, false, MGMT_ADD_UUID_SIZE },
3951 { remove_uuid, false, MGMT_REMOVE_UUID_SIZE },
3952 { load_link_keys, true, MGMT_LOAD_LINK_KEYS_SIZE },
3953 { load_long_term_keys, true, MGMT_LOAD_LONG_TERM_KEYS_SIZE },
3954 { disconnect, false, MGMT_DISCONNECT_SIZE },
3955 { get_connections, false, MGMT_GET_CONNECTIONS_SIZE },
3956 { pin_code_reply, false, MGMT_PIN_CODE_REPLY_SIZE },
3957 { pin_code_neg_reply, false, MGMT_PIN_CODE_NEG_REPLY_SIZE },
3958 { set_io_capability, false, MGMT_SET_IO_CAPABILITY_SIZE },
3959 { pair_device, false, MGMT_PAIR_DEVICE_SIZE },
3960 { cancel_pair_device, false, MGMT_CANCEL_PAIR_DEVICE_SIZE },
3961 { unpair_device, false, MGMT_UNPAIR_DEVICE_SIZE },
3962 { user_confirm_reply, false, MGMT_USER_CONFIRM_REPLY_SIZE },
3963 { user_confirm_neg_reply, false, MGMT_USER_CONFIRM_NEG_REPLY_SIZE },
3964 { user_passkey_reply, false, MGMT_USER_PASSKEY_REPLY_SIZE },
3965 { user_passkey_neg_reply, false, MGMT_USER_PASSKEY_NEG_REPLY_SIZE },
3966 { read_local_oob_data, false, MGMT_READ_LOCAL_OOB_DATA_SIZE },
3967 { add_remote_oob_data, false, MGMT_ADD_REMOTE_OOB_DATA_SIZE },
3968 { remove_remote_oob_data, false, MGMT_REMOVE_REMOTE_OOB_DATA_SIZE },
3969 { start_discovery, false, MGMT_START_DISCOVERY_SIZE },
3970 { stop_discovery, false, MGMT_STOP_DISCOVERY_SIZE },
3971 { confirm_name, false, MGMT_CONFIRM_NAME_SIZE },
3972 { block_device, false, MGMT_BLOCK_DEVICE_SIZE },
3973 { unblock_device, false, MGMT_UNBLOCK_DEVICE_SIZE },
cdbaccca 3974 { set_device_id, false, MGMT_SET_DEVICE_ID_SIZE },
4375f103 3975 { set_advertising, false, MGMT_SETTING_SIZE },
0663ca2a 3976 { set_bredr, false, MGMT_SETTING_SIZE },
d13eafce 3977 { set_static_address, false, MGMT_SET_STATIC_ADDRESS_SIZE },
14b49b9a 3978 { set_scan_params, false, MGMT_SET_SCAN_PARAMS_SIZE },
0f4e68cf
JH		 3979};
3980
3981
0381101f
JH		 3982int mgmt_control(struct sock *sk, struct msghdr *msg, size_t msglen)
3983{
650f726d
VCG		 3984 void *buf;
3985 u8 *cp;
0381101f 3986 struct mgmt_hdr *hdr;
4e51eae9 3987 u16 opcode, index, len;
bdb6d971 3988 struct hci_dev *hdev = NULL;
2e3c35ea 3989 const struct mgmt_handler *handler;
0381101f
JH		 3990 int err;
3991
3992 BT_DBG("got %zu bytes", msglen);
3993
3994 if (msglen < sizeof(*hdr))
3995 return -EINVAL;
3996
e63a15ec 3997 buf = kmalloc(msglen, GFP_KERNEL);
0381101f
JH		 3998 if (!buf)
3999 return -ENOMEM;
4000
4001 if (memcpy_fromiovec(buf, msg->msg_iov, msglen)) {
4002 err = -EFAULT;
4003 goto done;
4004 }
4005
650f726d 4006 hdr = buf;
1f350c87
MH		 4007 opcode = __le16_to_cpu(hdr->opcode);
4008 index = __le16_to_cpu(hdr->index);
4009 len = __le16_to_cpu(hdr->len);
0381101f
JH		 4010
4011 if (len != msglen - sizeof(*hdr)) {
4012 err = -EINVAL;
4013 goto done;
4014 }
4015
0f4e68cf 4016 if (index != MGMT_INDEX_NONE) {
bdb6d971
JH		 4017 hdev = hci_dev_get(index);
4018 if (!hdev) {
4019 err = cmd_status(sk, index, opcode,
04124681 4020 MGMT_STATUS_INVALID_INDEX);
bdb6d971
JH		 4021 goto done;
4022 }
0736cfa8 4023
cebf4cfd
JH		 4024 if (test_bit(HCI_SETUP, &hdev->dev_flags) ||
4025 test_bit(HCI_USER_CHANNEL, &hdev->dev_flags)) {
0736cfa8
MH		 4026 err = cmd_status(sk, index, opcode,
4027 MGMT_STATUS_INVALID_INDEX);
4028 goto done;
4029 }
bdb6d971
JH		 4030 }
4031
0f4e68cf 4032 if (opcode >= ARRAY_SIZE(mgmt_handlers) ||
8ce8e2b5 4033 mgmt_handlers[opcode].func == NULL) {
0381101f 4034 BT_DBG("Unknown op %u", opcode);
ca69b795 4035 err = cmd_status(sk, index, opcode,
04124681 4036 MGMT_STATUS_UNKNOWN_COMMAND);
0f4e68cf
JH		 4037 goto done;
4038 }
4039
4040 if ((hdev && opcode < MGMT_OP_READ_INFO) ||
8ce8e2b5 4041 (!hdev && opcode >= MGMT_OP_READ_INFO)) {
0f4e68cf 4042 err = cmd_status(sk, index, opcode,
04124681 4043 MGMT_STATUS_INVALID_INDEX);
0f4e68cf 4044 goto done;
0381101f
JH		 4045 }
4046
be22b54e
JH		 4047 handler = &mgmt_handlers[opcode];
4048
4049 if ((handler->var_len && len < handler->data_len) ||
8ce8e2b5 4050 (!handler->var_len && len != handler->data_len)) {
be22b54e 4051 err = cmd_status(sk, index, opcode,
04124681 4052 MGMT_STATUS_INVALID_PARAMS);
be22b54e
JH		 4053 goto done;
4054 }
4055
0f4e68cf
JH		 4056 if (hdev)
4057 mgmt_init_hdev(sk, hdev);
4058
4059 cp = buf + sizeof(*hdr);
4060
be22b54e 4061 err = handler->func(sk, hdev, cp, len);
e41d8b4e
JH		 4062 if (err < 0)
4063 goto done;
4064
0381101f
JH		 4065 err = msglen;
4066
4067done:
bdb6d971
JH		 4068 if (hdev)
4069 hci_dev_put(hdev);
4070
0381101f
JH		 4071 kfree(buf);
4072 return err;
4073}
c71e97bf 4074
bf6b56db 4075void mgmt_index_added(struct hci_dev *hdev)
c71e97bf 4076{
1514b892 4077 if (hdev->dev_type != HCI_BREDR)
bf6b56db 4078 return;
bb4b2a9a 4079
bf6b56db 4080 mgmt_event(MGMT_EV_INDEX_ADDED, hdev, NULL, 0, NULL);
c71e97bf
JH		 4081}
4082
bf6b56db 4083void mgmt_index_removed(struct hci_dev *hdev)
c71e97bf 4084{
5f159032 4085 u8 status = MGMT_STATUS_INVALID_INDEX;
b24752fe 4086
1514b892 4087 if (hdev->dev_type != HCI_BREDR)
bf6b56db 4088 return;
bb4b2a9a 4089
744cf19e 4090 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status);
b24752fe 4091
bf6b56db 4092 mgmt_event(MGMT_EV_INDEX_REMOVED, hdev, NULL, 0, NULL);
eec8d2bc
JH		 4093}
4094
229ab39c
JH		 4095static void powered_complete(struct hci_dev *hdev, u8 status)
4096{
4097 struct cmd_lookup match = { NULL, hdev };
4098
4099 BT_DBG("status 0x%02x", status);
4100
4101 hci_dev_lock(hdev);
4102
4103 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
4104
4105 new_settings(hdev, match.sk);
4106
4107 hci_dev_unlock(hdev);
4108
4109 if (match.sk)
4110 sock_put(match.sk);
4111}
4112
70da6243 4113static int powered_update_hci(struct hci_dev *hdev)
5add6af8 4114{
890ea898 4115 struct hci_request req;
70da6243 4116 u8 link_sec;
5add6af8 4117
890ea898
JH		 4118 hci_req_init(&req, hdev);
4119
70da6243
JH		 4120 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags) &&
4121 !lmp_host_ssp_capable(hdev)) {
4122 u8 ssp = 1;
5e5282bb 4123
890ea898 4124 hci_req_add(&req, HCI_OP_WRITE_SSP_MODE, 1, &ssp);
70da6243 4125 }
5add6af8 4126
c73eee91
JH		 4127 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags) &&
4128 lmp_bredr_capable(hdev)) {
70da6243 4129 struct hci_cp_write_le_host_supported cp;
f0ff92fb 4130
70da6243
JH		 4131 cp.le = 1;
4132 cp.simul = lmp_le_br_capable(hdev);
3d1cbdd6 4133
70da6243
JH		 4134 /* Check first if we already have the right
4135 * host state (host features set)
4136 */
4137 if (cp.le != lmp_host_le_capable(hdev) ||
4138 cp.simul != lmp_host_le_br_capable(hdev))
890ea898
JH		 4139 hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED,
4140 sizeof(cp), &cp);
70da6243 4141 }
3d1cbdd6 4142
d13eafce
MH		 4143 if (lmp_le_capable(hdev)) {
4144 /* Set random address to static address if configured */
4145 if (bacmp(&hdev->static_addr, BDADDR_ANY))
4146 hci_req_add(&req, HCI_OP_LE_SET_RANDOM_ADDR, 6,
4147 &hdev->static_addr);
eeca6f89 4148
441ad2d0
MH		 4149 /* Make sure the controller has a good default for
4150 * advertising data. This also applies to the case
4151 * where BR/EDR was toggled during the AUTO_OFF phase.
4152 */
4153 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
4154 update_ad(&req);
4155
bba3aa55
MH		 4156 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags))
4157 enable_advertising(&req);
eeca6f89
JH		 4158 }
4159
70da6243
JH		 4160 link_sec = test_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
4161 if (link_sec != test_bit(HCI_AUTH, &hdev->flags))
890ea898
JH		 4162 hci_req_add(&req, HCI_OP_WRITE_AUTH_ENABLE,
4163 sizeof(link_sec), &link_sec);
562fcc24 4164
70da6243 4165 if (lmp_bredr_capable(hdev)) {
56f87901
JH		 4166 if (test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
4167 set_bredr_scan(&req);
890ea898 4168 update_class(&req);
13928971 4169 update_name(&req);
890ea898 4170 update_eir(&req);
70da6243 4171 }
562fcc24 4172
229ab39c 4173 return hci_req_run(&req, powered_complete);
70da6243 4174}
562fcc24 4175
70da6243
JH		 4176int mgmt_powered(struct hci_dev *hdev, u8 powered)
4177{
4178 struct cmd_lookup match = { NULL, hdev };
229ab39c
JH		 4179 u8 status_not_powered = MGMT_STATUS_NOT_POWERED;
4180 u8 zero_cod[] = { 0, 0, 0 };
70da6243 4181 int err;
f0ff92fb 4182
70da6243
JH		 4183 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
4184 return 0;
4185
70da6243 4186 if (powered) {
229ab39c
JH		 4187 if (powered_update_hci(hdev) == 0)
4188 return 0;
fe038884 4189
229ab39c
JH		 4190 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp,
4191 &match);
4192 goto new_settings;
b24752fe
JH		 4193 }
4194
229ab39c
JH		 4195 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
4196 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status_not_powered);
4197
4198 if (memcmp(hdev->dev_class, zero_cod, sizeof(zero_cod)) != 0)
4199 mgmt_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev,
4200 zero_cod, sizeof(zero_cod), NULL);
4201
4202new_settings:
beadb2bd 4203 err = new_settings(hdev, match.sk);
eec8d2bc
JH		 4204
4205 if (match.sk)
4206 sock_put(match.sk);
4207
7bb895d6 4208 return err;
5add6af8 4209}
73f22f62 4210
3eec705e 4211void mgmt_set_powered_failed(struct hci_dev *hdev, int err)
96570ffc
JH		 4212{
4213 struct pending_cmd *cmd;
4214 u8 status;
4215
4216 cmd = mgmt_pending_find(MGMT_OP_SET_POWERED, hdev);
4217 if (!cmd)
3eec705e 4218 return;
96570ffc
JH		 4219
4220 if (err == -ERFKILL)
4221 status = MGMT_STATUS_RFKILLED;
4222 else
4223 status = MGMT_STATUS_FAILED;
4224
3eec705e 4225 cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_POWERED, status);
96570ffc
JH		 4226
4227 mgmt_pending_remove(cmd);
96570ffc
JH		 4228}
4229
86a75645 4230void mgmt_discoverable(struct hci_dev *hdev, u8 discoverable)
73f22f62 4231{
86a75645 4232 bool changed;
73f22f62 4233
bfaf8c9f
JH		 4234 /* Nothing needed here if there's a pending command since that
4235 * commands request completion callback takes care of everything
4236 * necessary.
4237 */
4238 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev))
86a75645 4239 return;
bfaf8c9f 4240
86a75645
MH		 4241 if (discoverable)
4242 changed = !test_and_set_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
4243 else
4244 changed = test_and_clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
73f22f62 4245
beadb2bd 4246 if (changed)
86a75645 4247 new_settings(hdev, NULL);
73f22f62 4248}
9fbcbb45 4249
a330916c 4250void mgmt_connectable(struct hci_dev *hdev, u8 connectable)
9fbcbb45 4251{
a330916c 4252 bool changed;
9fbcbb45 4253
d7b856f9
JH		 4254 /* Nothing needed here if there's a pending command since that
4255 * commands request completion callback takes care of everything
4256 * necessary.
4257 */
4258 if (mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev))
a330916c 4259 return;
d7b856f9 4260
a330916c
MH		 4261 if (connectable)
4262 changed = !test_and_set_bit(HCI_CONNECTABLE, &hdev->dev_flags);
4263 else
4264 changed = test_and_clear_bit(HCI_CONNECTABLE, &hdev->dev_flags);
9fbcbb45 4265
beadb2bd 4266 if (changed)
a330916c 4267 new_settings(hdev, NULL);
9fbcbb45 4268}
55ed8ca1 4269
744cf19e 4270int mgmt_write_scan_failed(struct hci_dev *hdev, u8 scan, u8 status)
2d7cee58 4271{
ca69b795
JH		 4272 u8 mgmt_err = mgmt_status(status);
4273
2d7cee58 4274 if (scan & SCAN_PAGE)
744cf19e 4275 mgmt_pending_foreach(MGMT_OP_SET_CONNECTABLE, hdev,
04124681 4276 cmd_status_rsp, &mgmt_err);
2d7cee58
JH		 4277
4278 if (scan & SCAN_INQUIRY)
744cf19e 4279 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, hdev,
04124681 4280 cmd_status_rsp, &mgmt_err);
2d7cee58
JH		 4281
4282 return 0;
4283}
4284
53168e5b
CC		 4285int mgmt_new_link_key(struct hci_dev *hdev, struct link_key *key,
4286 bool persistent)
55ed8ca1 4287{
86742e1e 4288 struct mgmt_ev_new_link_key ev;
55ed8ca1 4289
a492cd52 4290 memset(&ev, 0, sizeof(ev));
55ed8ca1 4291
a492cd52 4292 ev.store_hint = persistent;
d753fdc4 4293 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
591f47f3 4294 ev.key.addr.type = BDADDR_BREDR;
a492cd52 4295 ev.key.type = key->type;
9b3b4460 4296 memcpy(ev.key.val, key->val, HCI_LINK_KEY_SIZE);
a492cd52 4297 ev.key.pin_len = key->pin_len;
55ed8ca1 4298
744cf19e 4299 return mgmt_event(MGMT_EV_NEW_LINK_KEY, hdev, &ev, sizeof(ev), NULL);
55ed8ca1 4300}
f7520543 4301
346af67b
VCG		 4302int mgmt_new_ltk(struct hci_dev *hdev, struct smp_ltk *key, u8 persistent)
4303{
4304 struct mgmt_ev_new_long_term_key ev;
4305
4306 memset(&ev, 0, sizeof(ev));
4307
4308 ev.store_hint = persistent;
4309 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
57c1477c 4310 ev.key.addr.type = link_to_bdaddr(LE_LINK, key->bdaddr_type);
346af67b
VCG		 4311 ev.key.authenticated = key->authenticated;
4312 ev.key.enc_size = key->enc_size;
4313 ev.key.ediv = key->ediv;
4314
4315 if (key->type == HCI_SMP_LTK)
4316 ev.key.master = 1;
4317
4318 memcpy(ev.key.rand, key->rand, sizeof(key->rand));
4319 memcpy(ev.key.val, key->val, sizeof(key->val));
4320
04124681
GP		 4321 return mgmt_event(MGMT_EV_NEW_LONG_TERM_KEY, hdev, &ev, sizeof(ev),
4322 NULL);
346af67b
VCG		 4323}
4324
ecd90ae7
MH		 4325void mgmt_device_connected(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
4326 u8 addr_type, u32 flags, u8 *name, u8 name_len,
4327 u8 *dev_class)
f7520543 4328{
b644ba33
JH		 4329 char buf[512];
4330 struct mgmt_ev_device_connected *ev = (void *) buf;
4331 u16 eir_len = 0;
f7520543 4332
b644ba33 4333 bacpy(&ev->addr.bdaddr, bdaddr);
57c1477c 4334 ev->addr.type = link_to_bdaddr(link_type, addr_type);
f7520543 4335
c95f0ba7 4336 ev->flags = __cpu_to_le32(flags);
08c79b61 4337
b644ba33
JH		 4338 if (name_len > 0)
4339 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE,
04124681 4340 name, name_len);
b644ba33
JH		 4341
4342 if (dev_class && memcmp(dev_class, "\0\0\0", 3) != 0)
53156385 4343 eir_len = eir_append_data(ev->eir, eir_len,
04124681 4344 EIR_CLASS_OF_DEV, dev_class, 3);
b644ba33 4345
eb55ef07 4346 ev->eir_len = cpu_to_le16(eir_len);
b644ba33 4347
ecd90ae7
MH		 4348 mgmt_event(MGMT_EV_DEVICE_CONNECTED, hdev, buf,
4349 sizeof(*ev) + eir_len, NULL);
f7520543
JH		 4350}
4351
8962ee74
JH		 4352static void disconnect_rsp(struct pending_cmd *cmd, void *data)
4353{
c68fb7ff 4354 struct mgmt_cp_disconnect *cp = cmd->param;
8962ee74 4355 struct sock **sk = data;
a38528f1 4356 struct mgmt_rp_disconnect rp;
8962ee74 4357
88c3df13
JH		 4358 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
4359 rp.addr.type = cp->addr.type;
8962ee74 4360
aee9b218 4361 cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT, 0, &rp,
04124681 4362 sizeof(rp));
8962ee74
JH		 4363
4364 *sk = cmd->sk;
4365 sock_hold(*sk);
4366
a664b5bc 4367 mgmt_pending_remove(cmd);
8962ee74
JH		 4368}
4369
124f6e35 4370static void unpair_device_rsp(struct pending_cmd *cmd, void *data)
a8a1d19e 4371{
b1078ad0 4372 struct hci_dev *hdev = data;
124f6e35
JH		 4373 struct mgmt_cp_unpair_device *cp = cmd->param;
4374 struct mgmt_rp_unpair_device rp;
a8a1d19e
JH		 4375
4376 memset(&rp, 0, sizeof(rp));
124f6e35
JH		 4377 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
4378 rp.addr.type = cp->addr.type;
a8a1d19e 4379
b1078ad0
JH		 4380 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, cmd->sk);
4381
aee9b218 4382 cmd_complete(cmd->sk, cmd->index, cmd->opcode, 0, &rp, sizeof(rp));
a8a1d19e
JH		 4383
4384 mgmt_pending_remove(cmd);
4385}
4386
9b80ec5e
MH		 4387void mgmt_device_disconnected(struct hci_dev *hdev, bdaddr_t *bdaddr,
4388 u8 link_type, u8 addr_type, u8 reason)
f7520543 4389{
f0d6a0ea 4390 struct mgmt_ev_device_disconnected ev;
8962ee74 4391 struct sock *sk = NULL;
8962ee74 4392
744cf19e 4393 mgmt_pending_foreach(MGMT_OP_DISCONNECT, hdev, disconnect_rsp, &sk);
f7520543 4394
f0d6a0ea
MA		 4395 bacpy(&ev.addr.bdaddr, bdaddr);
4396 ev.addr.type = link_to_bdaddr(link_type, addr_type);
4397 ev.reason = reason;
f7520543 4398
9b80ec5e 4399 mgmt_event(MGMT_EV_DEVICE_DISCONNECTED, hdev, &ev, sizeof(ev), sk);
8962ee74
JH		 4400
4401 if (sk)
d97dcb66 4402 sock_put(sk);
8962ee74 4403
124f6e35 4404 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
04124681 4405 hdev);
8962ee74
JH		 4406}
4407
7892924c
MH		 4408void mgmt_disconnect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr,
4409 u8 link_type, u8 addr_type, u8 status)
8962ee74 4410{
88c3df13 4411 struct mgmt_rp_disconnect rp;
8962ee74 4412 struct pending_cmd *cmd;
8962ee74 4413
36a75f1b
JD		 4414 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
4415 hdev);
4416
2e58ef3e 4417 cmd = mgmt_pending_find(MGMT_OP_DISCONNECT, hdev);
8962ee74 4418 if (!cmd)
7892924c 4419 return;
8962ee74 4420
88c3df13 4421 bacpy(&rp.addr.bdaddr, bdaddr);
57c1477c 4422 rp.addr.type = link_to_bdaddr(link_type, addr_type);
37d9ef76 4423
7892924c
MH		 4424 cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT,
4425 mgmt_status(status), &rp, sizeof(rp));
8962ee74 4426
a664b5bc 4427 mgmt_pending_remove(cmd);
f7520543 4428}
17d5c04c 4429
445608d0
MH		 4430void mgmt_connect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
4431 u8 addr_type, u8 status)
17d5c04c
JH		 4432{
4433 struct mgmt_ev_connect_failed ev;
4434
4c659c39 4435 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 4436 ev.addr.type = link_to_bdaddr(link_type, addr_type);
ca69b795 4437 ev.status = mgmt_status(status);
17d5c04c 4438
445608d0 4439 mgmt_event(MGMT_EV_CONNECT_FAILED, hdev, &ev, sizeof(ev), NULL);
17d5c04c 4440}
980e1a53 4441
744cf19e 4442int mgmt_pin_code_request(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 secure)
980e1a53
JH		 4443{
4444 struct mgmt_ev_pin_code_request ev;
4445
d8457698 4446 bacpy(&ev.addr.bdaddr, bdaddr);
591f47f3 4447 ev.addr.type = BDADDR_BREDR;
a770bb5a 4448 ev.secure = secure;
980e1a53 4449
744cf19e 4450 return mgmt_event(MGMT_EV_PIN_CODE_REQUEST, hdev, &ev, sizeof(ev),
04124681 4451 NULL);
980e1a53
JH		 4452}
4453
744cf19e 4454int mgmt_pin_code_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 4455 u8 status)
980e1a53
JH		 4456{
4457 struct pending_cmd *cmd;
ac56fb13 4458 struct mgmt_rp_pin_code_reply rp;
980e1a53
JH		 4459 int err;
4460
2e58ef3e 4461 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_REPLY, hdev);
980e1a53
JH		 4462 if (!cmd)
4463 return -ENOENT;
4464
d8457698 4465 bacpy(&rp.addr.bdaddr, bdaddr);
591f47f3 4466 rp.addr.type = BDADDR_BREDR;
ac56fb13 4467
aee9b218 4468 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
04124681 4469 mgmt_status(status), &rp, sizeof(rp));
980e1a53 4470
a664b5bc 4471 mgmt_pending_remove(cmd);
980e1a53
JH		 4472
4473 return err;
4474}
4475
744cf19e 4476int mgmt_pin_code_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 4477 u8 status)
980e1a53
JH		 4478{
4479 struct pending_cmd *cmd;
ac56fb13 4480 struct mgmt_rp_pin_code_reply rp;
980e1a53
JH		 4481 int err;
4482
2e58ef3e 4483 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_NEG_REPLY, hdev);
980e1a53
JH		 4484 if (!cmd)
4485 return -ENOENT;
4486
d8457698 4487 bacpy(&rp.addr.bdaddr, bdaddr);
591f47f3 4488 rp.addr.type = BDADDR_BREDR;
ac56fb13 4489
aee9b218 4490 err = cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_NEG_REPLY,
04124681 4491 mgmt_status(status), &rp, sizeof(rp));
980e1a53 4492
a664b5bc 4493 mgmt_pending_remove(cmd);
980e1a53
JH		 4494
4495 return err;
4496}
a5c29683 4497
744cf19e 4498int mgmt_user_confirm_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681
GP		 4499 u8 link_type, u8 addr_type, __le32 value,
4500 u8 confirm_hint)
a5c29683
JH		 4501{
4502 struct mgmt_ev_user_confirm_request ev;
4503
744cf19e 4504 BT_DBG("%s", hdev->name);
a5c29683 4505
272d90df 4506 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 4507 ev.addr.type = link_to_bdaddr(link_type, addr_type);
55bc1a37 4508 ev.confirm_hint = confirm_hint;
78e8098e 4509 ev.value = value;
a5c29683 4510
744cf19e 4511 return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST, hdev, &ev, sizeof(ev),
04124681 4512 NULL);
a5c29683
JH		 4513}
4514
272d90df 4515int mgmt_user_passkey_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
8ce8e2b5 4516 u8 link_type, u8 addr_type)
604086b7
BG		 4517{
4518 struct mgmt_ev_user_passkey_request ev;
4519
4520 BT_DBG("%s", hdev->name);
4521
272d90df 4522 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 4523 ev.addr.type = link_to_bdaddr(link_type, addr_type);
604086b7
BG		 4524
4525 return mgmt_event(MGMT_EV_USER_PASSKEY_REQUEST, hdev, &ev, sizeof(ev),
04124681 4526 NULL);
604086b7
BG		 4527}
4528
0df4c185 4529static int user_pairing_resp_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
8ce8e2b5
GP		 4530 u8 link_type, u8 addr_type, u8 status,
4531 u8 opcode)
a5c29683
JH		 4532{
4533 struct pending_cmd *cmd;
4534 struct mgmt_rp_user_confirm_reply rp;
4535 int err;
4536
2e58ef3e 4537 cmd = mgmt_pending_find(opcode, hdev);
a5c29683
JH		 4538 if (!cmd)
4539 return -ENOENT;
4540
272d90df 4541 bacpy(&rp.addr.bdaddr, bdaddr);
57c1477c 4542 rp.addr.type = link_to_bdaddr(link_type, addr_type);
aee9b218 4543 err = cmd_complete(cmd->sk, hdev->id, opcode, mgmt_status(status),
04124681 4544 &rp, sizeof(rp));
a5c29683 4545
a664b5bc 4546 mgmt_pending_remove(cmd);
a5c29683
JH		 4547
4548 return err;
4549}
4550
744cf19e 4551int mgmt_user_confirm_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 4552 u8 link_type, u8 addr_type, u8 status)
a5c29683 4553{
272d90df 4554 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
04124681 4555 status, MGMT_OP_USER_CONFIRM_REPLY);
a5c29683
JH		 4556}
4557
272d90df 4558int mgmt_user_confirm_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 4559 u8 link_type, u8 addr_type, u8 status)
a5c29683 4560{
272d90df 4561 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
8fc9ced3
GP		 4562 status,
4563 MGMT_OP_USER_CONFIRM_NEG_REPLY);
a5c29683 4564}
2a611692 4565
604086b7 4566int mgmt_user_passkey_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 4567 u8 link_type, u8 addr_type, u8 status)
604086b7 4568{
272d90df 4569 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
04124681 4570 status, MGMT_OP_USER_PASSKEY_REPLY);
604086b7
BG		 4571}
4572
272d90df 4573int mgmt_user_passkey_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 4574 u8 link_type, u8 addr_type, u8 status)
604086b7 4575{
272d90df 4576 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
8fc9ced3
GP		 4577 status,
4578 MGMT_OP_USER_PASSKEY_NEG_REPLY);
604086b7
BG		 4579}
4580
92a25256
JH		 4581int mgmt_user_passkey_notify(struct hci_dev *hdev, bdaddr_t *bdaddr,
4582 u8 link_type, u8 addr_type, u32 passkey,
4583 u8 entered)
4584{
4585 struct mgmt_ev_passkey_notify ev;
4586
4587 BT_DBG("%s", hdev->name);
4588
4589 bacpy(&ev.addr.bdaddr, bdaddr);
4590 ev.addr.type = link_to_bdaddr(link_type, addr_type);
4591 ev.passkey = __cpu_to_le32(passkey);
4592 ev.entered = entered;
4593
4594 return mgmt_event(MGMT_EV_PASSKEY_NOTIFY, hdev, &ev, sizeof(ev), NULL);
4595}
4596
bab73cb6 4597int mgmt_auth_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
04124681 4598 u8 addr_type, u8 status)
2a611692
JH		 4599{
4600 struct mgmt_ev_auth_failed ev;
4601
bab73cb6 4602 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 4603 ev.addr.type = link_to_bdaddr(link_type, addr_type);
ca69b795 4604 ev.status = mgmt_status(status);
2a611692 4605
744cf19e 4606 return mgmt_event(MGMT_EV_AUTH_FAILED, hdev, &ev, sizeof(ev), NULL);
2a611692 4607}
b312b161 4608
33ef95ed
JH		 4609int mgmt_auth_enable_complete(struct hci_dev *hdev, u8 status)
4610{
4611 struct cmd_lookup match = { NULL, hdev };
47990ea0
JH		 4612 bool changed = false;
4613 int err = 0;
33ef95ed
JH		 4614
4615 if (status) {
4616 u8 mgmt_err = mgmt_status(status);
4617 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev,
04124681 4618 cmd_status_rsp, &mgmt_err);
33ef95ed
JH		 4619 return 0;
4620 }
4621
47990ea0
JH		 4622 if (test_bit(HCI_AUTH, &hdev->flags)) {
4623 if (!test_and_set_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
4624 changed = true;
4625 } else {
4626 if (test_and_clear_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
4627 changed = true;
4628 }
4629
33ef95ed 4630 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev, settings_rsp,
04124681 4631 &match);
33ef95ed 4632
47990ea0
JH		 4633 if (changed)
4634 err = new_settings(hdev, match.sk);
33ef95ed
JH		 4635
4636 if (match.sk)
4637 sock_put(match.sk);
4638
4639 return err;
4640}
4641
890ea898 4642static void clear_eir(struct hci_request *req)
cacaf52f 4643{
890ea898 4644 struct hci_dev *hdev = req->hdev;
cacaf52f
JH		 4645 struct hci_cp_write_eir cp;
4646
976eb20e 4647 if (!lmp_ext_inq_capable(hdev))
890ea898 4648 return;
cacaf52f 4649
c80da27e
JH		 4650 memset(hdev->eir, 0, sizeof(hdev->eir));
4651
cacaf52f
JH		 4652 memset(&cp, 0, sizeof(cp));
4653
890ea898 4654 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
cacaf52f
JH		 4655}
4656
c0ecddc2 4657int mgmt_ssp_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
ed2c4ee3
JH		 4658{
4659 struct cmd_lookup match = { NULL, hdev };
890ea898 4660 struct hci_request req;
c0ecddc2
JH		 4661 bool changed = false;
4662 int err = 0;
ed2c4ee3
JH		 4663
4664 if (status) {
4665 u8 mgmt_err = mgmt_status(status);
c0ecddc2
JH		 4666
4667 if (enable && test_and_clear_bit(HCI_SSP_ENABLED,
9ecb3e24
MH		 4668 &hdev->dev_flags)) {
4669 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
c0ecddc2 4670 err = new_settings(hdev, NULL);
9ecb3e24 4671 }
c0ecddc2 4672
04124681
GP		 4673 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, cmd_status_rsp,
4674 &mgmt_err);
c0ecddc2
JH		 4675
4676 return err;
4677 }
4678
4679 if (enable) {
9ecb3e24 4680 changed = !test_and_set_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
c0ecddc2 4681 } else {
9ecb3e24
MH		 4682 changed = test_and_clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
4683 if (!changed)
4684 changed = test_and_clear_bit(HCI_HS_ENABLED,
4685 &hdev->dev_flags);
4686 else
4687 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
ed2c4ee3
JH		 4688 }
4689
4690 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, settings_rsp, &match);
4691
c0ecddc2
JH		 4692 if (changed)
4693 err = new_settings(hdev, match.sk);
ed2c4ee3 4694
5fc6ebb1 4695 if (match.sk)
ed2c4ee3
JH		 4696 sock_put(match.sk);
4697
890ea898
JH		 4698 hci_req_init(&req, hdev);
4699
5fc6ebb1 4700 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
890ea898 4701 update_eir(&req);
5fc6ebb1 4702 else
890ea898
JH		 4703 clear_eir(&req);
4704
4705 hci_req_run(&req, NULL);
cacaf52f 4706
ed2c4ee3
JH		 4707 return err;
4708}
4709
92da6097 4710static void sk_lookup(struct pending_cmd *cmd, void *data)
90e70454
JH		 4711{
4712 struct cmd_lookup *match = data;
4713
90e70454
JH		 4714 if (match->sk == NULL) {
4715 match->sk = cmd->sk;
4716 sock_hold(match->sk);
4717 }
90e70454
JH		 4718}
4719
7f9a903c 4720int mgmt_set_class_of_dev_complete(struct hci_dev *hdev, u8 *dev_class,
04124681 4721 u8 status)
7f9a903c 4722{
90e70454
JH		 4723 struct cmd_lookup match = { NULL, hdev, mgmt_status(status) };
4724 int err = 0;
7f9a903c 4725
92da6097
JH		 4726 mgmt_pending_foreach(MGMT_OP_SET_DEV_CLASS, hdev, sk_lookup, &match);
4727 mgmt_pending_foreach(MGMT_OP_ADD_UUID, hdev, sk_lookup, &match);
4728 mgmt_pending_foreach(MGMT_OP_REMOVE_UUID, hdev, sk_lookup, &match);
90e70454
JH		 4729
4730 if (!status)
04124681
GP		 4731 err = mgmt_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev, dev_class,
4732 3, NULL);
90e70454
JH		 4733
4734 if (match.sk)
4735 sock_put(match.sk);
7f9a903c
MH		 4736
4737 return err;
4738}
4739
744cf19e 4740int mgmt_set_local_name_complete(struct hci_dev *hdev, u8 *name, u8 status)
b312b161 4741{
b312b161 4742 struct mgmt_cp_set_local_name ev;
13928971 4743 struct pending_cmd *cmd;
28cc7bde 4744
13928971
JH		 4745 if (status)
4746 return 0;
b312b161
JH		 4747
4748 memset(&ev, 0, sizeof(ev));
4749 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH);
28cc7bde 4750 memcpy(ev.short_name, hdev->short_name, HCI_MAX_SHORT_NAME_LENGTH);
b312b161 4751
2e58ef3e 4752 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
13928971
JH		 4753 if (!cmd) {
4754 memcpy(hdev->dev_name, name, sizeof(hdev->dev_name));
28cc7bde 4755
13928971
JH		 4756 /* If this is a HCI command related to powering on the
4757 * HCI dev don't send any mgmt signals.
4758 */
4759 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev))
4760 return 0;
890ea898 4761 }
b312b161 4762
13928971
JH		 4763 return mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, &ev, sizeof(ev),
4764 cmd ? cmd->sk : NULL);
b312b161 4765}
c35938b2 4766
744cf19e 4767int mgmt_read_local_oob_data_reply_complete(struct hci_dev *hdev, u8 *hash,
04124681 4768 u8 *randomizer, u8 status)
c35938b2
SJ		 4769{
4770 struct pending_cmd *cmd;
4771 int err;
4772
744cf19e 4773 BT_DBG("%s status %u", hdev->name, status);
c35938b2 4774
2e58ef3e 4775 cmd = mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev);
c35938b2
SJ		 4776 if (!cmd)
4777 return -ENOENT;
4778
4779 if (status) {
04124681
GP		 4780 err = cmd_status(cmd->sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
4781 mgmt_status(status));
c35938b2
SJ		 4782 } else {
4783 struct mgmt_rp_read_local_oob_data rp;
4784
4785 memcpy(rp.hash, hash, sizeof(rp.hash));
4786 memcpy(rp.randomizer, randomizer, sizeof(rp.randomizer));
4787
744cf19e 4788 err = cmd_complete(cmd->sk, hdev->id,
04124681
GP		 4789 MGMT_OP_READ_LOCAL_OOB_DATA, 0, &rp,
4790 sizeof(rp));
c35938b2
SJ		 4791 }
4792
4793 mgmt_pending_remove(cmd);
4794
4795 return err;
4796}
e17acd40 4797
901801b9
MH		 4798void mgmt_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
4799 u8 addr_type, u8 *dev_class, s8 rssi, u8 cfm_name, u8
4800 ssp, u8 *eir, u16 eir_len)
e17acd40 4801{
e319d2e7
JH		 4802 char buf[512];
4803 struct mgmt_ev_device_found *ev = (void *) buf;
1dc06093 4804 size_t ev_size;
e17acd40 4805
12602d0c 4806 if (!hci_discovery_active(hdev))
901801b9 4807 return;
12602d0c 4808
1dc06093
JH		 4809 /* Leave 5 bytes for a potential CoD field */
4810 if (sizeof(*ev) + eir_len + 5 > sizeof(buf))
901801b9 4811 return;
7d262f86 4812
1dc06093
JH		 4813 memset(buf, 0, sizeof(buf));
4814
e319d2e7 4815 bacpy(&ev->addr.bdaddr, bdaddr);
57c1477c 4816 ev->addr.type = link_to_bdaddr(link_type, addr_type);
e319d2e7 4817 ev->rssi = rssi;
9a395a80 4818 if (cfm_name)
612dfce9 4819 ev->flags |= __constant_cpu_to_le32(MGMT_DEV_FOUND_CONFIRM_NAME);
388fc8fa 4820 if (!ssp)
612dfce9 4821 ev->flags |= __constant_cpu_to_le32(MGMT_DEV_FOUND_LEGACY_PAIRING);
e17acd40 4822
1dc06093 4823 if (eir_len > 0)
e319d2e7 4824 memcpy(ev->eir, eir, eir_len);
e17acd40 4825
1dc06093
JH		 4826 if (dev_class && !eir_has_data_type(ev->eir, eir_len, EIR_CLASS_OF_DEV))
4827 eir_len = eir_append_data(ev->eir, eir_len, EIR_CLASS_OF_DEV,
04124681 4828 dev_class, 3);
1dc06093 4829
eb55ef07 4830 ev->eir_len = cpu_to_le16(eir_len);
1dc06093 4831 ev_size = sizeof(*ev) + eir_len;
f8523598 4832
901801b9 4833 mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, ev_size, NULL);
e17acd40 4834}
a88a9652 4835
9cf12aee
MH		 4836void mgmt_remote_name(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
4837 u8 addr_type, s8 rssi, u8 *name, u8 name_len)
a88a9652 4838{
b644ba33
JH		 4839 struct mgmt_ev_device_found *ev;
4840 char buf[sizeof(*ev) + HCI_MAX_NAME_LENGTH + 2];
4841 u16 eir_len;
a88a9652 4842
b644ba33 4843 ev = (struct mgmt_ev_device_found *) buf;
a88a9652 4844
b644ba33
JH		 4845 memset(buf, 0, sizeof(buf));
4846
4847 bacpy(&ev->addr.bdaddr, bdaddr);
57c1477c 4848 ev->addr.type = link_to_bdaddr(link_type, addr_type);
b644ba33
JH		 4849 ev->rssi = rssi;
4850
4851 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE, name,
04124681 4852 name_len);
b644ba33 4853
eb55ef07 4854 ev->eir_len = cpu_to_le16(eir_len);
a88a9652 4855
9cf12aee 4856 mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, sizeof(*ev) + eir_len, NULL);
a88a9652 4857}
314b2381 4858
2f1e063b 4859void mgmt_discovering(struct hci_dev *hdev, u8 discovering)
314b2381 4860{
f963e8e9 4861 struct mgmt_ev_discovering ev;
164a6e78
JH		 4862 struct pending_cmd *cmd;
4863
343fb145
AG		 4864 BT_DBG("%s discovering %u", hdev->name, discovering);
4865
164a6e78 4866 if (discovering)
2e58ef3e 4867 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
164a6e78 4868 else
2e58ef3e 4869 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
164a6e78
JH		 4870
4871 if (cmd != NULL) {
f808e166
JH		 4872 u8 type = hdev->discovery.type;
4873
04124681
GP		 4874 cmd_complete(cmd->sk, hdev->id, cmd->opcode, 0, &type,
4875 sizeof(type));
164a6e78
JH		 4876 mgmt_pending_remove(cmd);
4877 }
4878
f963e8e9
JH		 4879 memset(&ev, 0, sizeof(ev));
4880 ev.type = hdev->discovery.type;
4881 ev.discovering = discovering;
4882
2f1e063b 4883 mgmt_event(MGMT_EV_DISCOVERING, hdev, &ev, sizeof(ev), NULL);
314b2381 4884}
5e762444 4885
88c1fe4b 4886int mgmt_device_blocked(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
5e762444
AJ		 4887{
4888 struct pending_cmd *cmd;
4889 struct mgmt_ev_device_blocked ev;
4890
2e58ef3e 4891 cmd = mgmt_pending_find(MGMT_OP_BLOCK_DEVICE, hdev);
5e762444 4892
88c1fe4b
JH		 4893 bacpy(&ev.addr.bdaddr, bdaddr);
4894 ev.addr.type = type;
5e762444 4895
744cf19e 4896 return mgmt_event(MGMT_EV_DEVICE_BLOCKED, hdev, &ev, sizeof(ev),
04124681 4897 cmd ? cmd->sk : NULL);
5e762444
AJ		 4898}
4899
88c1fe4b 4900int mgmt_device_unblocked(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
5e762444
AJ		 4901{
4902 struct pending_cmd *cmd;
4903 struct mgmt_ev_device_unblocked ev;
4904
2e58ef3e 4905 cmd = mgmt_pending_find(MGMT_OP_UNBLOCK_DEVICE, hdev);
5e762444 4906
88c1fe4b
JH		 4907 bacpy(&ev.addr.bdaddr, bdaddr);
4908 ev.addr.type = type;
5e762444 4909
744cf19e 4910 return mgmt_event(MGMT_EV_DEVICE_UNBLOCKED, hdev, &ev, sizeof(ev),
04124681 4911 cmd ? cmd->sk : NULL);
5e762444 4912}
5976e608
MH		 4913
4914static void adv_enable_complete(struct hci_dev *hdev, u8 status)
4915{
4916 BT_DBG("%s status %u", hdev->name, status);
4917
4918 /* Clear the advertising mgmt setting if we failed to re-enable it */
4919 if (status) {
4920 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
a6d811ed 4921 new_settings(hdev, NULL);
5976e608
MH		 4922 }
4923}
4924
4925void mgmt_reenable_advertising(struct hci_dev *hdev)
4926{
4927 struct hci_request req;
4928
b145edcd 4929 if (hci_conn_num(hdev, LE_LINK) > 0)
5976e608
MH		 4930 return;
4931
4932 if (!test_bit(HCI_ADVERTISING, &hdev->dev_flags))
4933 return;
4934
4935 hci_req_init(&req, hdev);
4936 enable_advertising(&req);
4937
4938 /* If this fails we have no option but to let user space know
4939 * that we've disabled advertising.
4940 */
4941 if (hci_req_run(&req, adv_enable_complete) < 0) {
4942 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
a6d811ed 4943 new_settings(hdev, NULL);
5976e608
MH		 4944 }
4945}
Linux 6.x block layer and io_uring tree(s)