projects / deliverable / linux.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Bluetooth: Simplify read_adv_features code
[deliverable/linux.git] / net / bluetooth / mgmt.c
CommitLineData
0381101f
JH		 1/*
2 BlueZ - Bluetooth protocol stack for Linux
ea585ab5 3
0381101f 4 Copyright (C) 2010 Nokia Corporation
ea585ab5 5 Copyright (C) 2011-2012 Intel Corporation
0381101f
JH		 6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
10
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
23*/
24
25/* Bluetooth HCI Management interface */
26
3a9a231d 27#include <linux/module.h>
0381101f
JH		 28#include <asm/unaligned.h>
29
30#include <net/bluetooth/bluetooth.h>
31#include <net/bluetooth/hci_core.h>
7129069e 32#include <net/bluetooth/hci_sock.h>
4bc58f51 33#include <net/bluetooth/l2cap.h>
0381101f 34#include <net/bluetooth/mgmt.h>
ac4b7236 35
0857dd3b 36#include "hci_request.h"
ac4b7236 37#include "smp.h"
a380b6cf 38#include "mgmt_util.h"
0381101f 39
2da9c55c 40#define MGMT_VERSION 1
dc4270c0 41#define MGMT_REVISION 11
02d98129 42
e70bb2e8
JH		 43static const u16 mgmt_commands[] = {
44 MGMT_OP_READ_INDEX_LIST,
45 MGMT_OP_READ_INFO,
46 MGMT_OP_SET_POWERED,
47 MGMT_OP_SET_DISCOVERABLE,
48 MGMT_OP_SET_CONNECTABLE,
49 MGMT_OP_SET_FAST_CONNECTABLE,
b2939475 50 MGMT_OP_SET_BONDABLE,
e70bb2e8
JH		 51 MGMT_OP_SET_LINK_SECURITY,
52 MGMT_OP_SET_SSP,
53 MGMT_OP_SET_HS,
54 MGMT_OP_SET_LE,
55 MGMT_OP_SET_DEV_CLASS,
56 MGMT_OP_SET_LOCAL_NAME,
57 MGMT_OP_ADD_UUID,
58 MGMT_OP_REMOVE_UUID,
59 MGMT_OP_LOAD_LINK_KEYS,
60 MGMT_OP_LOAD_LONG_TERM_KEYS,
61 MGMT_OP_DISCONNECT,
62 MGMT_OP_GET_CONNECTIONS,
63 MGMT_OP_PIN_CODE_REPLY,
64 MGMT_OP_PIN_CODE_NEG_REPLY,
65 MGMT_OP_SET_IO_CAPABILITY,
66 MGMT_OP_PAIR_DEVICE,
67 MGMT_OP_CANCEL_PAIR_DEVICE,
68 MGMT_OP_UNPAIR_DEVICE,
69 MGMT_OP_USER_CONFIRM_REPLY,
70 MGMT_OP_USER_CONFIRM_NEG_REPLY,
71 MGMT_OP_USER_PASSKEY_REPLY,
72 MGMT_OP_USER_PASSKEY_NEG_REPLY,
73 MGMT_OP_READ_LOCAL_OOB_DATA,
74 MGMT_OP_ADD_REMOTE_OOB_DATA,
75 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
76 MGMT_OP_START_DISCOVERY,
77 MGMT_OP_STOP_DISCOVERY,
78 MGMT_OP_CONFIRM_NAME,
79 MGMT_OP_BLOCK_DEVICE,
80 MGMT_OP_UNBLOCK_DEVICE,
cdbaccca 81 MGMT_OP_SET_DEVICE_ID,
4375f103 82 MGMT_OP_SET_ADVERTISING,
0663ca2a 83 MGMT_OP_SET_BREDR,
d13eafce 84 MGMT_OP_SET_STATIC_ADDRESS,
7f72134e 85 MGMT_OP_SET_SCAN_PARAMS,
e98d2ce2 86 MGMT_OP_SET_SECURE_CONN,
4e39ac81 87 MGMT_OP_SET_DEBUG_KEYS,
62b04cd1 88 MGMT_OP_SET_PRIVACY,
41edf160 89 MGMT_OP_LOAD_IRKS,
dd983808 90 MGMT_OP_GET_CONN_INFO,
95868426 91 MGMT_OP_GET_CLOCK_INFO,
2faade53
MH		 92 MGMT_OP_ADD_DEVICE,
93 MGMT_OP_REMOVE_DEVICE,
a26f3dcf 94 MGMT_OP_LOAD_CONN_PARAM,
73d1df2a 95 MGMT_OP_READ_UNCONF_INDEX_LIST,
9fc3bfb6 96 MGMT_OP_READ_CONFIG_INFO,
dbece37a 97 MGMT_OP_SET_EXTERNAL_CONFIG,
9713c17b 98 MGMT_OP_SET_PUBLIC_ADDRESS,
66ea9427 99 MGMT_OP_START_SERVICE_DISCOVERY,
4f0f155c 100 MGMT_OP_READ_LOCAL_OOB_EXT_DATA,
96f1474a 101 MGMT_OP_READ_EXT_INDEX_LIST,
d3d5305b 102 MGMT_OP_READ_ADV_FEATURES,
24b4f38f 103 MGMT_OP_ADD_ADVERTISING,
da929335 104 MGMT_OP_REMOVE_ADVERTISING,
40b25fe5 105 MGMT_OP_GET_ADV_SIZE_INFO,
e70bb2e8
JH		 106};
107
108static const u16 mgmt_events[] = {
109 MGMT_EV_CONTROLLER_ERROR,
110 MGMT_EV_INDEX_ADDED,
111 MGMT_EV_INDEX_REMOVED,
112 MGMT_EV_NEW_SETTINGS,
113 MGMT_EV_CLASS_OF_DEV_CHANGED,
114 MGMT_EV_LOCAL_NAME_CHANGED,
115 MGMT_EV_NEW_LINK_KEY,
116 MGMT_EV_NEW_LONG_TERM_KEY,
117 MGMT_EV_DEVICE_CONNECTED,
118 MGMT_EV_DEVICE_DISCONNECTED,
119 MGMT_EV_CONNECT_FAILED,
120 MGMT_EV_PIN_CODE_REQUEST,
121 MGMT_EV_USER_CONFIRM_REQUEST,
122 MGMT_EV_USER_PASSKEY_REQUEST,
123 MGMT_EV_AUTH_FAILED,
124 MGMT_EV_DEVICE_FOUND,
125 MGMT_EV_DISCOVERING,
126 MGMT_EV_DEVICE_BLOCKED,
127 MGMT_EV_DEVICE_UNBLOCKED,
128 MGMT_EV_DEVICE_UNPAIRED,
92a25256 129 MGMT_EV_PASSKEY_NOTIFY,
1b60ef21 130 MGMT_EV_NEW_IRK,
7ee4ea36 131 MGMT_EV_NEW_CSRK,
8afef092
MH		 132 MGMT_EV_DEVICE_ADDED,
133 MGMT_EV_DEVICE_REMOVED,
ffb5a827 134 MGMT_EV_NEW_CONN_PARAM,
0602a8ad 135 MGMT_EV_UNCONF_INDEX_ADDED,
edd3896b 136 MGMT_EV_UNCONF_INDEX_REMOVED,
f4537c04 137 MGMT_EV_NEW_CONFIG_OPTIONS,
ced85549
MH		 138 MGMT_EV_EXT_INDEX_ADDED,
139 MGMT_EV_EXT_INDEX_REMOVED,
72000df2 140 MGMT_EV_LOCAL_OOB_DATA_UPDATED,
24b4f38f
AU		 141 MGMT_EV_ADVERTISING_ADDED,
142 MGMT_EV_ADVERTISING_REMOVED,
e70bb2e8
JH		 143};
144
99c679ac
MH		 145static const u16 mgmt_untrusted_commands[] = {
146 MGMT_OP_READ_INDEX_LIST,
147 MGMT_OP_READ_INFO,
148 MGMT_OP_READ_UNCONF_INDEX_LIST,
149 MGMT_OP_READ_CONFIG_INFO,
150 MGMT_OP_READ_EXT_INDEX_LIST,
151};
152
153static const u16 mgmt_untrusted_events[] = {
154 MGMT_EV_INDEX_ADDED,
155 MGMT_EV_INDEX_REMOVED,
156 MGMT_EV_NEW_SETTINGS,
157 MGMT_EV_CLASS_OF_DEV_CHANGED,
158 MGMT_EV_LOCAL_NAME_CHANGED,
159 MGMT_EV_UNCONF_INDEX_ADDED,
160 MGMT_EV_UNCONF_INDEX_REMOVED,
161 MGMT_EV_NEW_CONFIG_OPTIONS,
162 MGMT_EV_EXT_INDEX_ADDED,
163 MGMT_EV_EXT_INDEX_REMOVED,
164};
165
17b02e62 166#define CACHE_TIMEOUT msecs_to_jiffies(2 * 1000)
7d78525d 167
d25b78e2
JH		 168#define ZERO_KEY "\x00\x00\x00\x00\x00\x00\x00\x00" \
169 "\x00\x00\x00\x00\x00\x00\x00\x00"
170
ca69b795
JH		 171/* HCI to MGMT error code conversion table */
172static u8 mgmt_status_table[] = {
173 MGMT_STATUS_SUCCESS,
174 MGMT_STATUS_UNKNOWN_COMMAND, /* Unknown Command */
175 MGMT_STATUS_NOT_CONNECTED, /* No Connection */
176 MGMT_STATUS_FAILED, /* Hardware Failure */
177 MGMT_STATUS_CONNECT_FAILED, /* Page Timeout */
178 MGMT_STATUS_AUTH_FAILED, /* Authentication Failed */
eadd663a 179 MGMT_STATUS_AUTH_FAILED, /* PIN or Key Missing */
ca69b795
JH		 180 MGMT_STATUS_NO_RESOURCES, /* Memory Full */
181 MGMT_STATUS_TIMEOUT, /* Connection Timeout */
182 MGMT_STATUS_NO_RESOURCES, /* Max Number of Connections */
183 MGMT_STATUS_NO_RESOURCES, /* Max Number of SCO Connections */
184 MGMT_STATUS_ALREADY_CONNECTED, /* ACL Connection Exists */
185 MGMT_STATUS_BUSY, /* Command Disallowed */
186 MGMT_STATUS_NO_RESOURCES, /* Rejected Limited Resources */
187 MGMT_STATUS_REJECTED, /* Rejected Security */
188 MGMT_STATUS_REJECTED, /* Rejected Personal */
189 MGMT_STATUS_TIMEOUT, /* Host Timeout */
190 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Feature */
191 MGMT_STATUS_INVALID_PARAMS, /* Invalid Parameters */
192 MGMT_STATUS_DISCONNECTED, /* OE User Ended Connection */
193 MGMT_STATUS_NO_RESOURCES, /* OE Low Resources */
194 MGMT_STATUS_DISCONNECTED, /* OE Power Off */
195 MGMT_STATUS_DISCONNECTED, /* Connection Terminated */
196 MGMT_STATUS_BUSY, /* Repeated Attempts */
197 MGMT_STATUS_REJECTED, /* Pairing Not Allowed */
198 MGMT_STATUS_FAILED, /* Unknown LMP PDU */
199 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Remote Feature */
200 MGMT_STATUS_REJECTED, /* SCO Offset Rejected */
201 MGMT_STATUS_REJECTED, /* SCO Interval Rejected */
202 MGMT_STATUS_REJECTED, /* Air Mode Rejected */
203 MGMT_STATUS_INVALID_PARAMS, /* Invalid LMP Parameters */
204 MGMT_STATUS_FAILED, /* Unspecified Error */
205 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported LMP Parameter Value */
206 MGMT_STATUS_FAILED, /* Role Change Not Allowed */
207 MGMT_STATUS_TIMEOUT, /* LMP Response Timeout */
208 MGMT_STATUS_FAILED, /* LMP Error Transaction Collision */
209 MGMT_STATUS_FAILED, /* LMP PDU Not Allowed */
210 MGMT_STATUS_REJECTED, /* Encryption Mode Not Accepted */
211 MGMT_STATUS_FAILED, /* Unit Link Key Used */
212 MGMT_STATUS_NOT_SUPPORTED, /* QoS Not Supported */
213 MGMT_STATUS_TIMEOUT, /* Instant Passed */
214 MGMT_STATUS_NOT_SUPPORTED, /* Pairing Not Supported */
215 MGMT_STATUS_FAILED, /* Transaction Collision */
216 MGMT_STATUS_INVALID_PARAMS, /* Unacceptable Parameter */
217 MGMT_STATUS_REJECTED, /* QoS Rejected */
218 MGMT_STATUS_NOT_SUPPORTED, /* Classification Not Supported */
219 MGMT_STATUS_REJECTED, /* Insufficient Security */
220 MGMT_STATUS_INVALID_PARAMS, /* Parameter Out Of Range */
221 MGMT_STATUS_BUSY, /* Role Switch Pending */
222 MGMT_STATUS_FAILED, /* Slot Violation */
223 MGMT_STATUS_FAILED, /* Role Switch Failed */
224 MGMT_STATUS_INVALID_PARAMS, /* EIR Too Large */
225 MGMT_STATUS_NOT_SUPPORTED, /* Simple Pairing Not Supported */
226 MGMT_STATUS_BUSY, /* Host Busy Pairing */
227 MGMT_STATUS_REJECTED, /* Rejected, No Suitable Channel */
228 MGMT_STATUS_BUSY, /* Controller Busy */
229 MGMT_STATUS_INVALID_PARAMS, /* Unsuitable Connection Interval */
230 MGMT_STATUS_TIMEOUT, /* Directed Advertising Timeout */
231 MGMT_STATUS_AUTH_FAILED, /* Terminated Due to MIC Failure */
232 MGMT_STATUS_CONNECT_FAILED, /* Connection Establishment Failed */
233 MGMT_STATUS_CONNECT_FAILED, /* MAC Connection Failed */
234};
235
236static u8 mgmt_status(u8 hci_status)
237{
238 if (hci_status < ARRAY_SIZE(mgmt_status_table))
239 return mgmt_status_table[hci_status];
240
241 return MGMT_STATUS_FAILED;
242}
243
c08b1a1d
MH		 244static int mgmt_index_event(u16 event, struct hci_dev *hdev, void *data,
245 u16 len, int flag)
f9207338 246{
c08b1a1d
MH		 247 return mgmt_send_event(event, hdev, HCI_CHANNEL_CONTROL, data, len,
248 flag, NULL);
f9207338
MH		 249}
250
72000df2
MH		 251static int mgmt_limited_event(u16 event, struct hci_dev *hdev, void *data,
252 u16 len, int flag, struct sock *skip_sk)
253{
254 return mgmt_send_event(event, hdev, HCI_CHANNEL_CONTROL, data, len,
255 flag, skip_sk);
256}
257
f6b7712e
MH		 258static int mgmt_generic_event(u16 event, struct hci_dev *hdev, void *data,
259 u16 len, struct sock *skip_sk)
260{
261 return mgmt_send_event(event, hdev, HCI_CHANNEL_CONTROL, data, len,
262 HCI_MGMT_GENERIC_EVENTS, skip_sk);
263}
264
7a00ff44
JH		 265static int mgmt_event(u16 event, struct hci_dev *hdev, void *data, u16 len,
266 struct sock *skip_sk)
267{
268 return mgmt_send_event(event, hdev, HCI_CHANNEL_CONTROL, data, len,
c08b1a1d 269 HCI_SOCK_TRUSTED, skip_sk);
7a00ff44
JH		 270}
271
85813a7e
JH		 272static u8 le_addr_type(u8 mgmt_addr_type)
273{
274 if (mgmt_addr_type == BDADDR_LE_PUBLIC)
275 return ADDR_LE_DEV_PUBLIC;
276 else
277 return ADDR_LE_DEV_RANDOM;
278}
279
04124681
GP		 280static int read_version(struct sock *sk, struct hci_dev *hdev, void *data,
281 u16 data_len)
a38528f1
JH		 282{
283 struct mgmt_rp_read_version rp;
284
285 BT_DBG("sock %p", sk);
286
287 rp.version = MGMT_VERSION;
dcf4adbf 288 rp.revision = cpu_to_le16(MGMT_REVISION);
a38528f1 289
2a1afb5a
JH		 290 return mgmt_cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_VERSION, 0,
291 &rp, sizeof(rp));
a38528f1
JH		 292}
293
04124681
GP		 294static int read_commands(struct sock *sk, struct hci_dev *hdev, void *data,
295 u16 data_len)
e70bb2e8
JH		 296{
297 struct mgmt_rp_read_commands *rp;
99c679ac 298 u16 num_commands, num_events;
e70bb2e8
JH		 299 size_t rp_size;
300 int i, err;
301
302 BT_DBG("sock %p", sk);
303
99c679ac
MH		 304 if (hci_sock_test_flag(sk, HCI_SOCK_TRUSTED)) {
305 num_commands = ARRAY_SIZE(mgmt_commands);
306 num_events = ARRAY_SIZE(mgmt_events);
307 } else {
308 num_commands = ARRAY_SIZE(mgmt_untrusted_commands);
309 num_events = ARRAY_SIZE(mgmt_untrusted_events);
310 }
311
e70bb2e8
JH		 312 rp_size = sizeof(*rp) + ((num_commands + num_events) * sizeof(u16));
313
314 rp = kmalloc(rp_size, GFP_KERNEL);
315 if (!rp)
316 return -ENOMEM;
317
dcf4adbf
JP		 318 rp->num_commands = cpu_to_le16(num_commands);
319 rp->num_events = cpu_to_le16(num_events);
e70bb2e8 320
99c679ac
MH		 321 if (hci_sock_test_flag(sk, HCI_SOCK_TRUSTED)) {
322 __le16 *opcode = rp->opcodes;
323
324 for (i = 0; i < num_commands; i++, opcode++)
325 put_unaligned_le16(mgmt_commands[i], opcode);
e70bb2e8 326
99c679ac
MH		 327 for (i = 0; i < num_events; i++, opcode++)
328 put_unaligned_le16(mgmt_events[i], opcode);
329 } else {
330 __le16 *opcode = rp->opcodes;
331
332 for (i = 0; i < num_commands; i++, opcode++)
333 put_unaligned_le16(mgmt_untrusted_commands[i], opcode);
334
335 for (i = 0; i < num_events; i++, opcode++)
336 put_unaligned_le16(mgmt_untrusted_events[i], opcode);
337 }
e70bb2e8 338
2a1afb5a
JH		 339 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_COMMANDS, 0,
340 rp, rp_size);
e70bb2e8
JH		 341 kfree(rp);
342
343 return err;
344}
345
04124681
GP		 346static int read_index_list(struct sock *sk, struct hci_dev *hdev, void *data,
347 u16 data_len)
faba42eb 348{
faba42eb 349 struct mgmt_rp_read_index_list *rp;
8035ded4 350 struct hci_dev *d;
a38528f1 351 size_t rp_len;
faba42eb 352 u16 count;
476e44cb 353 int err;
faba42eb
JH		 354
355 BT_DBG("sock %p", sk);
356
357 read_lock(&hci_dev_list_lock);
358
359 count = 0;
bb4b2a9a 360 list_for_each_entry(d, &hci_dev_list, list) {
73d1df2a 361 if (d->dev_type == HCI_BREDR &&
d7a5a11d 362 !hci_dev_test_flag(d, HCI_UNCONFIGURED))
1514b892 363 count++;
faba42eb
JH		 364 }
365
a38528f1
JH		 366 rp_len = sizeof(*rp) + (2 * count);
367 rp = kmalloc(rp_len, GFP_ATOMIC);
368 if (!rp) {
b2c60d42 369 read_unlock(&hci_dev_list_lock);
faba42eb 370 return -ENOMEM;
b2c60d42 371 }
faba42eb 372
476e44cb 373 count = 0;
8035ded4 374 list_for_each_entry(d, &hci_dev_list, list) {
d7a5a11d
MH		 375 if (hci_dev_test_flag(d, HCI_SETUP) ||
376 hci_dev_test_flag(d, HCI_CONFIG) ||
377 hci_dev_test_flag(d, HCI_USER_CHANNEL))
ab81cbf9
JH		 378 continue;
379
73d1df2a
MH		 380 /* Devices marked as raw-only are neither configured
381 * nor unconfigured controllers.
382 */
383 if (test_bit(HCI_QUIRK_RAW_DEVICE, &d->quirks))
fee746b0
MH		 384 continue;
385
73d1df2a 386 if (d->dev_type == HCI_BREDR &&
d7a5a11d 387 !hci_dev_test_flag(d, HCI_UNCONFIGURED)) {
1514b892
MH		 388 rp->index[count++] = cpu_to_le16(d->id);
389 BT_DBG("Added hci%u", d->id);
390 }
faba42eb
JH		 391 }
392
476e44cb
JH		 393 rp->num_controllers = cpu_to_le16(count);
394 rp_len = sizeof(*rp) + (2 * count);
395
faba42eb
JH		 396 read_unlock(&hci_dev_list_lock);
397
2a1afb5a
JH		 398 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_INDEX_LIST,
399 0, rp, rp_len);
faba42eb 400
a38528f1
JH		 401 kfree(rp);
402
403 return err;
faba42eb
JH		 404}
405
73d1df2a
MH		 406static int read_unconf_index_list(struct sock *sk, struct hci_dev *hdev,
407 void *data, u16 data_len)
408{
409 struct mgmt_rp_read_unconf_index_list *rp;
410 struct hci_dev *d;
411 size_t rp_len;
412 u16 count;
413 int err;
414
415 BT_DBG("sock %p", sk);
416
417 read_lock(&hci_dev_list_lock);
418
419 count = 0;
420 list_for_each_entry(d, &hci_dev_list, list) {
421 if (d->dev_type == HCI_BREDR &&
d7a5a11d 422 hci_dev_test_flag(d, HCI_UNCONFIGURED))
73d1df2a
MH		 423 count++;
424 }
425
426 rp_len = sizeof(*rp) + (2 * count);
427 rp = kmalloc(rp_len, GFP_ATOMIC);
428 if (!rp) {
429 read_unlock(&hci_dev_list_lock);
430 return -ENOMEM;
431 }
432
433 count = 0;
434 list_for_each_entry(d, &hci_dev_list, list) {
d7a5a11d
MH		 435 if (hci_dev_test_flag(d, HCI_SETUP) ||
436 hci_dev_test_flag(d, HCI_CONFIG) ||
437 hci_dev_test_flag(d, HCI_USER_CHANNEL))
73d1df2a
MH		 438 continue;
439
440 /* Devices marked as raw-only are neither configured
441 * nor unconfigured controllers.
442 */
443 if (test_bit(HCI_QUIRK_RAW_DEVICE, &d->quirks))
444 continue;
445
446 if (d->dev_type == HCI_BREDR &&
d7a5a11d 447 hci_dev_test_flag(d, HCI_UNCONFIGURED)) {
73d1df2a
MH		 448 rp->index[count++] = cpu_to_le16(d->id);
449 BT_DBG("Added hci%u", d->id);
450 }
451 }
452
453 rp->num_controllers = cpu_to_le16(count);
454 rp_len = sizeof(*rp) + (2 * count);
455
456 read_unlock(&hci_dev_list_lock);
457
2a1afb5a
JH		 458 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE,
459 MGMT_OP_READ_UNCONF_INDEX_LIST, 0, rp, rp_len);
73d1df2a
MH		 460
461 kfree(rp);
462
463 return err;
464}
465
96f1474a
MH		 466static int read_ext_index_list(struct sock *sk, struct hci_dev *hdev,
467 void *data, u16 data_len)
468{
469 struct mgmt_rp_read_ext_index_list *rp;
470 struct hci_dev *d;
471 size_t rp_len;
472 u16 count;
473 int err;
474
475 BT_DBG("sock %p", sk);
476
477 read_lock(&hci_dev_list_lock);
478
479 count = 0;
480 list_for_each_entry(d, &hci_dev_list, list) {
481 if (d->dev_type == HCI_BREDR || d->dev_type == HCI_AMP)
482 count++;
483 }
484
485 rp_len = sizeof(*rp) + (sizeof(rp->entry[0]) * count);
486 rp = kmalloc(rp_len, GFP_ATOMIC);
487 if (!rp) {
488 read_unlock(&hci_dev_list_lock);
489 return -ENOMEM;
490 }
491
492 count = 0;
493 list_for_each_entry(d, &hci_dev_list, list) {
494 if (hci_dev_test_flag(d, HCI_SETUP) ||
495 hci_dev_test_flag(d, HCI_CONFIG) ||
496 hci_dev_test_flag(d, HCI_USER_CHANNEL))
497 continue;
498
499 /* Devices marked as raw-only are neither configured
500 * nor unconfigured controllers.
501 */
502 if (test_bit(HCI_QUIRK_RAW_DEVICE, &d->quirks))
503 continue;
504
505 if (d->dev_type == HCI_BREDR) {
506 if (hci_dev_test_flag(d, HCI_UNCONFIGURED))
507 rp->entry[count].type = 0x01;
508 else
509 rp->entry[count].type = 0x00;
510 } else if (d->dev_type == HCI_AMP) {
511 rp->entry[count].type = 0x02;
512 } else {
513 continue;
514 }
515
516 rp->entry[count].bus = d->bus;
517 rp->entry[count++].index = cpu_to_le16(d->id);
518 BT_DBG("Added hci%u", d->id);
519 }
520
521 rp->num_controllers = cpu_to_le16(count);
522 rp_len = sizeof(*rp) + (sizeof(rp->entry[0]) * count);
523
524 read_unlock(&hci_dev_list_lock);
525
526 /* If this command is called at least once, then all the
527 * default index and unconfigured index events are disabled
528 * and from now on only extended index events are used.
529 */
530 hci_sock_set_flag(sk, HCI_MGMT_EXT_INDEX_EVENTS);
531 hci_sock_clear_flag(sk, HCI_MGMT_INDEX_EVENTS);
532 hci_sock_clear_flag(sk, HCI_MGMT_UNCONF_INDEX_EVENTS);
533
534 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE,
535 MGMT_OP_READ_EXT_INDEX_LIST, 0, rp, rp_len);
536
537 kfree(rp);
538
539 return err;
540}
541
dbece37a
MH		 542static bool is_configured(struct hci_dev *hdev)
543{
544 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) &&
d7a5a11d 545 !hci_dev_test_flag(hdev, HCI_EXT_CONFIGURED))
dbece37a
MH		 546 return false;
547
548 if (test_bit(HCI_QUIRK_INVALID_BDADDR, &hdev->quirks) &&
549 !bacmp(&hdev->public_addr, BDADDR_ANY))
550 return false;
551
552 return true;
553}
554
89bc22d2
MH		 555static __le32 get_missing_options(struct hci_dev *hdev)
556{
557 u32 options = 0;
558
dbece37a 559 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) &&
d7a5a11d 560 !hci_dev_test_flag(hdev, HCI_EXT_CONFIGURED))
eb1904f4
MH		 561 options |= MGMT_OPTION_EXTERNAL_CONFIG;
562
89bc22d2
MH		 563 if (test_bit(HCI_QUIRK_INVALID_BDADDR, &hdev->quirks) &&
564 !bacmp(&hdev->public_addr, BDADDR_ANY))
565 options |= MGMT_OPTION_PUBLIC_ADDRESS;
566
567 return cpu_to_le32(options);
568}
569
f4537c04
MH		 570static int new_options(struct hci_dev *hdev, struct sock *skip)
571{
572 __le32 options = get_missing_options(hdev);
573
f6b7712e
MH		 574 return mgmt_generic_event(MGMT_EV_NEW_CONFIG_OPTIONS, hdev, &options,
575 sizeof(options), skip);
f4537c04
MH		 576}
577
dbece37a
MH		 578static int send_options_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
579{
580 __le32 options = get_missing_options(hdev);
581
2a1afb5a
JH		 582 return mgmt_cmd_complete(sk, hdev->id, opcode, 0, &options,
583 sizeof(options));
dbece37a
MH		 584}
585
9fc3bfb6
MH		 586static int read_config_info(struct sock *sk, struct hci_dev *hdev,
587 void *data, u16 data_len)
588{
589 struct mgmt_rp_read_config_info rp;
89bc22d2 590 u32 options = 0;
9fc3bfb6
MH		 591
592 BT_DBG("sock %p %s", sk, hdev->name);
593
594 hci_dev_lock(hdev);
595
596 memset(&rp, 0, sizeof(rp));
597 rp.manufacturer = cpu_to_le16(hdev->manufacturer);
89bc22d2 598
eb1904f4
MH		 599 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks))
600 options |= MGMT_OPTION_EXTERNAL_CONFIG;
601
9fc3bfb6 602 if (hdev->set_bdaddr)
89bc22d2
MH		 603 options |= MGMT_OPTION_PUBLIC_ADDRESS;
604
605 rp.supported_options = cpu_to_le32(options);
606 rp.missing_options = get_missing_options(hdev);
9fc3bfb6
MH		 607
608 hci_dev_unlock(hdev);
609
2a1afb5a
JH		 610 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_CONFIG_INFO, 0,
611 &rp, sizeof(rp));
9fc3bfb6
MH		 612}
613
69ab39ea
JH		 614static u32 get_supported_settings(struct hci_dev *hdev)
615{
616 u32 settings = 0;
617
618 settings |= MGMT_SETTING_POWERED;
b2939475 619 settings |= MGMT_SETTING_BONDABLE;
b1de97d8 620 settings |= MGMT_SETTING_DEBUG_KEYS;
3742abfc
JH		 621 settings |= MGMT_SETTING_CONNECTABLE;
622 settings |= MGMT_SETTING_DISCOVERABLE;
69ab39ea 623
ed3fa31f 624 if (lmp_bredr_capable(hdev)) {
1a47aee8
JH		 625 if (hdev->hci_ver >= BLUETOOTH_VER_1_2)
626 settings |= MGMT_SETTING_FAST_CONNECTABLE;
69ab39ea
JH		 627 settings |= MGMT_SETTING_BREDR;
628 settings |= MGMT_SETTING_LINK_SECURITY;
a82974c9
MH		 629
630 if (lmp_ssp_capable(hdev)) {
631 settings |= MGMT_SETTING_SSP;
632 settings |= MGMT_SETTING_HS;
633 }
e98d2ce2 634
05b3c3e7 635 if (lmp_sc_capable(hdev))
e98d2ce2 636 settings |= MGMT_SETTING_SECURE_CONN;
848566b3 637 }
d7b7e796 638
eeca6f89 639 if (lmp_le_capable(hdev)) {
9d42820f 640 settings |= MGMT_SETTING_LE;
eeca6f89 641 settings |= MGMT_SETTING_ADVERTISING;
a3209694 642 settings |= MGMT_SETTING_SECURE_CONN;
0f4bd942 643 settings |= MGMT_SETTING_PRIVACY;
93690c22 644 settings |= MGMT_SETTING_STATIC_ADDRESS;
eeca6f89 645 }
69ab39ea 646
eb1904f4
MH		 647 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) ||
648 hdev->set_bdaddr)
9fc3bfb6
MH		 649 settings |= MGMT_SETTING_CONFIGURATION;
650
69ab39ea
JH		 651 return settings;
652}
653
654static u32 get_current_settings(struct hci_dev *hdev)
655{
656 u32 settings = 0;
657
f1f0eb02 658 if (hdev_is_powered(hdev))
f0d4b78a
MH		 659 settings |= MGMT_SETTING_POWERED;
660
d7a5a11d 661 if (hci_dev_test_flag(hdev, HCI_CONNECTABLE))
69ab39ea
JH		 662 settings |= MGMT_SETTING_CONNECTABLE;
663
d7a5a11d 664 if (hci_dev_test_flag(hdev, HCI_FAST_CONNECTABLE))
1a4d3c4b
JH		 665 settings |= MGMT_SETTING_FAST_CONNECTABLE;
666
d7a5a11d 667 if (hci_dev_test_flag(hdev, HCI_DISCOVERABLE))
69ab39ea
JH		 668 settings |= MGMT_SETTING_DISCOVERABLE;
669
d7a5a11d 670 if (hci_dev_test_flag(hdev, HCI_BONDABLE))
b2939475 671 settings |= MGMT_SETTING_BONDABLE;
69ab39ea 672
d7a5a11d 673 if (hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
69ab39ea
JH		 674 settings |= MGMT_SETTING_BREDR;
675
d7a5a11d 676 if (hci_dev_test_flag(hdev, HCI_LE_ENABLED))
69ab39ea
JH		 677 settings |= MGMT_SETTING_LE;
678
d7a5a11d 679 if (hci_dev_test_flag(hdev, HCI_LINK_SECURITY))
69ab39ea
JH		 680 settings |= MGMT_SETTING_LINK_SECURITY;
681
d7a5a11d 682 if (hci_dev_test_flag(hdev, HCI_SSP_ENABLED))
69ab39ea
JH		 683 settings |= MGMT_SETTING_SSP;
684
d7a5a11d 685 if (hci_dev_test_flag(hdev, HCI_HS_ENABLED))
6d80dfd0
JH		 686 settings |= MGMT_SETTING_HS;
687
d7a5a11d 688 if (hci_dev_test_flag(hdev, HCI_ADVERTISING))
eeca6f89
JH		 689 settings |= MGMT_SETTING_ADVERTISING;
690
d7a5a11d 691 if (hci_dev_test_flag(hdev, HCI_SC_ENABLED))
e98d2ce2
MH		 692 settings |= MGMT_SETTING_SECURE_CONN;
693
d7a5a11d 694 if (hci_dev_test_flag(hdev, HCI_KEEP_DEBUG_KEYS))
b1de97d8
MH		 695 settings |= MGMT_SETTING_DEBUG_KEYS;
696
d7a5a11d 697 if (hci_dev_test_flag(hdev, HCI_PRIVACY))
0f4bd942
JH		 698 settings |= MGMT_SETTING_PRIVACY;
699
93690c22
MH		 700 /* The current setting for static address has two purposes. The
701 * first is to indicate if the static address will be used and
702 * the second is to indicate if it is actually set.
703 *
704 * This means if the static address is not configured, this flag
08dc0e98 705 * will never be set. If the address is configured, then if the
93690c22
MH		 706 * address is actually used decides if the flag is set or not.
707 *
708 * For single mode LE only controllers and dual-mode controllers
709 * with BR/EDR disabled, the existence of the static address will
710 * be evaluated.
711 */
b7cb93e5 712 if (hci_dev_test_flag(hdev, HCI_FORCE_STATIC_ADDR) ||
d7a5a11d 713 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) ||
93690c22
MH		 714 !bacmp(&hdev->bdaddr, BDADDR_ANY)) {
715 if (bacmp(&hdev->static_addr, BDADDR_ANY))
716 settings |= MGMT_SETTING_STATIC_ADDRESS;
717 }
718
69ab39ea
JH		 719 return settings;
720}
721
333ae95d
JH		 722static struct mgmt_pending_cmd *pending_find(u16 opcode, struct hci_dev *hdev)
723{
724 return mgmt_pending_find(HCI_CHANNEL_CONTROL, opcode, hdev);
725}
726
333ae95d
JH		 727static struct mgmt_pending_cmd *pending_find_data(u16 opcode,
728 struct hci_dev *hdev,
729 const void *data)
730{
731 return mgmt_pending_find_data(HCI_CHANNEL_CONTROL, opcode, hdev, data);
732}
733
f2252570 734u8 mgmt_get_adv_discov_flags(struct hci_dev *hdev)
9a43e25f 735{
3b0602cd 736 struct mgmt_pending_cmd *cmd;
9a43e25f
JH		 737
738 /* If there's a pending mgmt command the flags will not yet have
739 * their final values, so check for this first.
740 */
333ae95d 741 cmd = pending_find(MGMT_OP_SET_DISCOVERABLE, hdev);
9a43e25f
JH		 742 if (cmd) {
743 struct mgmt_mode *cp = cmd->param;
744 if (cp->val == 0x01)
745 return LE_AD_GENERAL;
746 else if (cp->val == 0x02)
747 return LE_AD_LIMITED;
748 } else {
d7a5a11d 749 if (hci_dev_test_flag(hdev, HCI_LIMITED_DISCOVERABLE))
9a43e25f 750 return LE_AD_LIMITED;
d7a5a11d 751 else if (hci_dev_test_flag(hdev, HCI_DISCOVERABLE))
9a43e25f
JH		 752 return LE_AD_GENERAL;
753 }
754
755 return 0;
756}
757
f2252570 758bool mgmt_get_connectable(struct hci_dev *hdev)
fdf51784
AU		 759{
760 struct mgmt_pending_cmd *cmd;
441ad2d0 761
fdf51784
AU		 762 /* If there's a pending mgmt command the flag will not yet have
763 * it's final value, so check for this first.
764 */
765 cmd = pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
766 if (cmd) {
767 struct mgmt_mode *cp = cmd->param;
441ad2d0 768
fdf51784 769 return cp->val;
441ad2d0
MH		 770 }
771
fdf51784
AU		 772 return hci_dev_test_flag(hdev, HCI_CONNECTABLE);
773}
441ad2d0 774
7d78525d
JH		 775static void service_cache_off(struct work_struct *work)
776{
777 struct hci_dev *hdev = container_of(work, struct hci_dev,
04124681 778 service_cache.work);
890ea898 779 struct hci_request req;
7d78525d 780
a69d8927 781 if (!hci_dev_test_and_clear_flag(hdev, HCI_SERVICE_CACHE))
7d78525d
JH		 782 return;
783
890ea898
JH		 784 hci_req_init(&req, hdev);
785
7d78525d
JH		 786 hci_dev_lock(hdev);
787
b1a8917c 788 __hci_req_update_eir(&req);
14bf5eac 789 __hci_req_update_class(&req);
7d78525d
JH		 790
791 hci_dev_unlock(hdev);
890ea898
JH		 792
793 hci_req_run(&req, NULL);
7d78525d
JH		 794}
795
d6bfd59c
JH		 796static void rpa_expired(struct work_struct *work)
797{
798 struct hci_dev *hdev = container_of(work, struct hci_dev,
799 rpa_expired.work);
800 struct hci_request req;
801
802 BT_DBG("");
803
a1536da2 804 hci_dev_set_flag(hdev, HCI_RPA_EXPIRED);
d6bfd59c 805
d7a5a11d 806 if (!hci_dev_test_flag(hdev, HCI_ADVERTISING))
d6bfd59c
JH		 807 return;
808
809 /* The generation of a new RPA and programming it into the
f2252570
JH		 810 * controller happens in the hci_req_enable_advertising()
811 * function.
d6bfd59c 812 */
d6bfd59c 813 hci_req_init(&req, hdev);
f2252570 814 __hci_req_enable_advertising(&req);
d6bfd59c
JH		 815 hci_req_run(&req, NULL);
816}
817
6a919082 818static void mgmt_init_hdev(struct sock *sk, struct hci_dev *hdev)
7d78525d 819{
238be788 820 if (hci_dev_test_and_set_flag(hdev, HCI_MGMT))
6a919082
JH		 821 return;
822
4f87da80 823 INIT_DELAYED_WORK(&hdev->service_cache, service_cache_off);
d6bfd59c 824 INIT_DELAYED_WORK(&hdev->rpa_expired, rpa_expired);
7d78525d 825
4f87da80
JH		 826 /* Non-mgmt controlled devices get this bit set
827 * implicitly so that pairing works for them, however
828 * for mgmt we require user-space to explicitly enable
829 * it
830 */
a358dc11 831 hci_dev_clear_flag(hdev, HCI_BONDABLE);
7d78525d
JH		 832}
833
0f4e68cf 834static int read_controller_info(struct sock *sk, struct hci_dev *hdev,
04124681 835 void *data, u16 data_len)
0381101f 836{
a38528f1 837 struct mgmt_rp_read_info rp;
f7b64e69 838
bdb6d971 839 BT_DBG("sock %p %s", sk, hdev->name);
f7b64e69 840
09fd0de5 841 hci_dev_lock(hdev);
f7b64e69 842
dc4fe30b
JH		 843 memset(&rp, 0, sizeof(rp));
844
69ab39ea 845 bacpy(&rp.bdaddr, &hdev->bdaddr);
f7b64e69 846
69ab39ea 847 rp.version = hdev->hci_ver;
eb55ef07 848 rp.manufacturer = cpu_to_le16(hdev->manufacturer);
69ab39ea
JH		 849
850 rp.supported_settings = cpu_to_le32(get_supported_settings(hdev));
851 rp.current_settings = cpu_to_le32(get_current_settings(hdev));
f7b64e69 852
a38528f1 853 memcpy(rp.dev_class, hdev->dev_class, 3);
f7b64e69 854
dc4fe30b 855 memcpy(rp.name, hdev->dev_name, sizeof(hdev->dev_name));
27fcc362 856 memcpy(rp.short_name, hdev->short_name, sizeof(hdev->short_name));
dc4fe30b 857
09fd0de5 858 hci_dev_unlock(hdev);
0381101f 859
2a1afb5a
JH		 860 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_INFO, 0, &rp,
861 sizeof(rp));
0381101f
JH		 862}
863
69ab39ea 864static int send_settings_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
8680570b 865{
69ab39ea 866 __le32 settings = cpu_to_le32(get_current_settings(hdev));
8680570b 867
2a1afb5a
JH		 868 return mgmt_cmd_complete(sk, hdev->id, opcode, 0, &settings,
869 sizeof(settings));
8680570b
JH		 870}
871
1904a853 872static void clean_up_hci_complete(struct hci_dev *hdev, u8 status, u16 opcode)
8b064a3a
JH		 873{
874 BT_DBG("%s status 0x%02x", hdev->name, status);
875
a3172b7e
JH		 876 if (hci_conn_count(hdev) == 0) {
877 cancel_delayed_work(&hdev->power_off);
8b064a3a 878 queue_work(hdev->req_workqueue, &hdev->power_off.work);
a3172b7e 879 }
8b064a3a
JH		 880}
881
f2252570 882void mgmt_advertising_added(struct sock *sk, struct hci_dev *hdev, u8 instance)
912098a6
AU		 883{
884 struct mgmt_ev_advertising_added ev;
885
886 ev.instance = instance;
887
888 mgmt_event(MGMT_EV_ADVERTISING_ADDED, hdev, &ev, sizeof(ev), sk);
889}
890
f2252570
JH		 891void mgmt_advertising_removed(struct sock *sk, struct hci_dev *hdev,
892 u8 instance)
912098a6
AU		 893{
894 struct mgmt_ev_advertising_removed ev;
895
896 ev.instance = instance;
897
898 mgmt_event(MGMT_EV_ADVERTISING_REMOVED, hdev, &ev, sizeof(ev), sk);
899}
900
7816b820
FG		 901static void cancel_adv_timeout(struct hci_dev *hdev)
902{
903 if (hdev->adv_instance_timeout) {
904 hdev->adv_instance_timeout = 0;
905 cancel_delayed_work(&hdev->adv_instance_expire);
906 }
907}
908
8b064a3a
JH		 909static int clean_up_hci_state(struct hci_dev *hdev)
910{
911 struct hci_request req;
912 struct hci_conn *conn;
23a48093
JH		 913 bool discov_stopped;
914 int err;
8b064a3a
JH		 915
916 hci_req_init(&req, hdev);
917
918 if (test_bit(HCI_ISCAN, &hdev->flags) ||
919 test_bit(HCI_PSCAN, &hdev->flags)) {
920 u8 scan = 0x00;
921 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
922 }
923
f2252570 924 hci_req_clear_adv_instance(hdev, NULL, 0x00, false);
912098a6 925
d7a5a11d 926 if (hci_dev_test_flag(hdev, HCI_LE_ADV))
f2252570 927 __hci_req_disable_advertising(&req);
8b064a3a 928
2154d3f4 929 discov_stopped = hci_req_stop_discovery(&req);
8b064a3a
JH		 930
931 list_for_each_entry(conn, &hdev->conn_hash.list, list) {
89e0ccc8
JH		 932 /* 0x15 == Terminated due to Power Off */
933 __hci_abort_conn(&req, conn, 0x15);
8b064a3a
JH		 934 }
935
23a48093
JH		 936 err = hci_req_run(&req, clean_up_hci_complete);
937 if (!err && discov_stopped)
938 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
939
940 return err;
8b064a3a
JH		 941}
942
bdb6d971 943static int set_powered(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 944 u16 len)
eec8d2bc 945{
650f726d 946 struct mgmt_mode *cp = data;
3b0602cd 947 struct mgmt_pending_cmd *cmd;
4b34ee78 948 int err;
eec8d2bc 949
bdb6d971 950 BT_DBG("request for %s", hdev->name);
eec8d2bc 951
a7e80f25 952 if (cp->val != 0x00 && cp->val != 0x01)
a69e8375
JH		 953 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
954 MGMT_STATUS_INVALID_PARAMS);
a7e80f25 955
09fd0de5 956 hci_dev_lock(hdev);
eec8d2bc 957
333ae95d 958 if (pending_find(MGMT_OP_SET_POWERED, hdev)) {
a69e8375
JH		 959 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
960 MGMT_STATUS_BUSY);
87b95ba6
JH		 961 goto failed;
962 }
963
4b34ee78 964 if (!!cp->val == hdev_is_powered(hdev)) {
69ab39ea 965 err = send_settings_rsp(sk, MGMT_OP_SET_POWERED, hdev);
eec8d2bc
JH		 966 goto failed;
967 }
968
2e58ef3e 969 cmd = mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev, data, len);
366a0336
JH		 970 if (!cmd) {
971 err = -ENOMEM;
eec8d2bc 972 goto failed;
366a0336 973 }
eec8d2bc 974
8b064a3a 975 if (cp->val) {
19202573 976 queue_work(hdev->req_workqueue, &hdev->power_on);
8b064a3a
JH		 977 err = 0;
978 } else {
979 /* Disconnect connections, stop scans, etc */
980 err = clean_up_hci_state(hdev);
a3172b7e
JH		 981 if (!err)
982 queue_delayed_work(hdev->req_workqueue, &hdev->power_off,
983 HCI_POWER_OFF_TIMEOUT);
eec8d2bc 984
8b064a3a
JH		 985 /* ENODATA means there were no HCI commands queued */
986 if (err == -ENODATA) {
a3172b7e 987 cancel_delayed_work(&hdev->power_off);
8b064a3a
JH		 988 queue_work(hdev->req_workqueue, &hdev->power_off.work);
989 err = 0;
990 }
991 }
eec8d2bc
JH		 992
993failed:
09fd0de5 994 hci_dev_unlock(hdev);
366a0336 995 return err;
eec8d2bc
JH		 996}
997
beadb2bd
JH		 998static int new_settings(struct hci_dev *hdev, struct sock *skip)
999{
f6b7712e 1000 __le32 ev = cpu_to_le32(get_current_settings(hdev));
beadb2bd 1001
f6b7712e
MH		 1002 return mgmt_generic_event(MGMT_EV_NEW_SETTINGS, hdev, &ev,
1003 sizeof(ev), skip);
beadb2bd
JH		 1004}
1005
91a668b0
JH		 1006int mgmt_new_settings(struct hci_dev *hdev)
1007{
1008 return new_settings(hdev, NULL);
1009}
1010
bd99abdd
JH		 1011struct cmd_lookup {
1012 struct sock *sk;
1013 struct hci_dev *hdev;
1014 u8 mgmt_status;
1015};
1016
3b0602cd 1017static void settings_rsp(struct mgmt_pending_cmd *cmd, void *data)
bd99abdd
JH		 1018{
1019 struct cmd_lookup *match = data;
1020
1021 send_settings_rsp(cmd->sk, cmd->opcode, match->hdev);
1022
1023 list_del(&cmd->list);
1024
1025 if (match->sk == NULL) {
1026 match->sk = cmd->sk;
1027 sock_hold(match->sk);
1028 }
1029
1030 mgmt_pending_free(cmd);
1031}
1032
3b0602cd 1033static void cmd_status_rsp(struct mgmt_pending_cmd *cmd, void *data)
bd99abdd
JH		 1034{
1035 u8 *status = data;
1036
a69e8375 1037 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, *status);
bd99abdd
JH		 1038 mgmt_pending_remove(cmd);
1039}
1040
3b0602cd 1041static void cmd_complete_rsp(struct mgmt_pending_cmd *cmd, void *data)
1b9b5ee5
JH		 1042{
1043 if (cmd->cmd_complete) {
1044 u8 *status = data;
1045
1046 cmd->cmd_complete(cmd, *status);
1047 mgmt_pending_remove(cmd);
1048
1049 return;
1050 }
1051
1052 cmd_status_rsp(cmd, data);
1053}
1054
3b0602cd 1055static int generic_cmd_complete(struct mgmt_pending_cmd *cmd, u8 status)
f5818c22 1056{
2a1afb5a
JH		 1057 return mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, status,
1058 cmd->param, cmd->param_len);
f5818c22
JH		 1059}
1060
3b0602cd 1061static int addr_cmd_complete(struct mgmt_pending_cmd *cmd, u8 status)
7776d1d8 1062{
2a1afb5a
JH		 1063 return mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, status,
1064 cmd->param, sizeof(struct mgmt_addr_info));
7776d1d8
JH		 1065}
1066
e6fe7986
JH		 1067static u8 mgmt_bredr_support(struct hci_dev *hdev)
1068{
1069 if (!lmp_bredr_capable(hdev))
1070 return MGMT_STATUS_NOT_SUPPORTED;
d7a5a11d 1071 else if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
e6fe7986
JH		 1072 return MGMT_STATUS_REJECTED;
1073 else
1074 return MGMT_STATUS_SUCCESS;
1075}
1076
1077static u8 mgmt_le_support(struct hci_dev *hdev)
1078{
1079 if (!lmp_le_capable(hdev))
1080 return MGMT_STATUS_NOT_SUPPORTED;
d7a5a11d 1081 else if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED))
e6fe7986
JH		 1082 return MGMT_STATUS_REJECTED;
1083 else
1084 return MGMT_STATUS_SUCCESS;
1085}
1086
aed1a885 1087void mgmt_set_discoverable_complete(struct hci_dev *hdev, u8 status)
bfaf8c9f 1088{
3b0602cd 1089 struct mgmt_pending_cmd *cmd;
bfaf8c9f
JH		 1090
1091 BT_DBG("status 0x%02x", status);
1092
1093 hci_dev_lock(hdev);
1094
333ae95d 1095 cmd = pending_find(MGMT_OP_SET_DISCOVERABLE, hdev);
bfaf8c9f
JH		 1096 if (!cmd)
1097 goto unlock;
1098
1099 if (status) {
1100 u8 mgmt_err = mgmt_status(status);
a69e8375 1101 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
a358dc11 1102 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE);
bfaf8c9f
JH		 1103 goto remove_cmd;
1104 }
1105
aed1a885
JH		 1106 if (hci_dev_test_flag(hdev, HCI_DISCOVERABLE) &&
1107 hdev->discov_timeout > 0) {
1108 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
1109 queue_delayed_work(hdev->req_workqueue, &hdev->discov_off, to);
d4462a07 1110 }
bfaf8c9f
JH		 1111
1112 send_settings_rsp(cmd->sk, MGMT_OP_SET_DISCOVERABLE, hdev);
aed1a885 1113 new_settings(hdev, cmd->sk);
970ba524 1114
bfaf8c9f
JH		 1115remove_cmd:
1116 mgmt_pending_remove(cmd);
1117
1118unlock:
1119 hci_dev_unlock(hdev);
1120}
1121
bdb6d971 1122static int set_discoverable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1123 u16 len)
73f22f62 1124{
650f726d 1125 struct mgmt_cp_set_discoverable *cp = data;
3b0602cd 1126 struct mgmt_pending_cmd *cmd;
5e5282bb 1127 u16 timeout;
73f22f62
JH		 1128 int err;
1129
bdb6d971 1130 BT_DBG("request for %s", hdev->name);
73f22f62 1131
d7a5a11d
MH		 1132 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED) &&
1133 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
a69e8375
JH		 1134 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1135 MGMT_STATUS_REJECTED);
33c525c0 1136
310a3d48 1137 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
a69e8375
JH		 1138 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1139 MGMT_STATUS_INVALID_PARAMS);
a7e80f25 1140
1f350c87 1141 timeout = __le16_to_cpu(cp->timeout);
310a3d48
MH		 1142
1143 /* Disabling discoverable requires that no timeout is set,
1144 * and enabling limited discoverable requires a timeout.
1145 */
1146 if ((cp->val == 0x00 && timeout > 0) ||
1147 (cp->val == 0x02 && timeout == 0))
a69e8375
JH		 1148 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1149 MGMT_STATUS_INVALID_PARAMS);
73f22f62 1150
09fd0de5 1151 hci_dev_lock(hdev);
73f22f62 1152
5e5282bb 1153 if (!hdev_is_powered(hdev) && timeout > 0) {
a69e8375
JH		 1154 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1155 MGMT_STATUS_NOT_POWERED);
73f22f62
JH		 1156 goto failed;
1157 }
1158
333ae95d
JH		 1159 if (pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
1160 pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
a69e8375
JH		 1161 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1162 MGMT_STATUS_BUSY);
73f22f62
JH		 1163 goto failed;
1164 }
1165
d7a5a11d 1166 if (!hci_dev_test_flag(hdev, HCI_CONNECTABLE)) {
a69e8375
JH		 1167 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1168 MGMT_STATUS_REJECTED);
5e5282bb
JH		 1169 goto failed;
1170 }
1171
1172 if (!hdev_is_powered(hdev)) {
0224d2fa
JH		 1173 bool changed = false;
1174
310a3d48
MH		 1175 /* Setting limited discoverable when powered off is
1176 * not a valid operation since it requires a timeout
1177 * and so no need to check HCI_LIMITED_DISCOVERABLE.
1178 */
d7a5a11d 1179 if (!!cp->val != hci_dev_test_flag(hdev, HCI_DISCOVERABLE)) {
ce05d603 1180 hci_dev_change_flag(hdev, HCI_DISCOVERABLE);
0224d2fa
JH		 1181 changed = true;
1182 }
1183
5e5282bb 1184 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
0224d2fa
JH		 1185 if (err < 0)
1186 goto failed;
1187
1188 if (changed)
1189 err = new_settings(hdev, sk);
1190
5e5282bb
JH		 1191 goto failed;
1192 }
1193
310a3d48
MH		 1194 /* If the current mode is the same, then just update the timeout
1195 * value with the new value. And if only the timeout gets updated,
1196 * then no need for any HCI transactions.
1197 */
d7a5a11d
MH		 1198 if (!!cp->val == hci_dev_test_flag(hdev, HCI_DISCOVERABLE) &&
1199 (cp->val == 0x02) == hci_dev_test_flag(hdev,
1200 HCI_LIMITED_DISCOVERABLE)) {
36261547
MH		 1201 cancel_delayed_work(&hdev->discov_off);
1202 hdev->discov_timeout = timeout;
955638ec 1203
36261547
MH		 1204 if (cp->val && hdev->discov_timeout > 0) {
1205 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
c366f555
JH		 1206 queue_delayed_work(hdev->req_workqueue,
1207 &hdev->discov_off, to);
955638ec
MH		 1208 }
1209
69ab39ea 1210 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
73f22f62
JH		 1211 goto failed;
1212 }
1213
2e58ef3e 1214 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DISCOVERABLE, hdev, data, len);
366a0336
JH		 1215 if (!cmd) {
1216 err = -ENOMEM;
73f22f62 1217 goto failed;
366a0336 1218 }
73f22f62 1219
310a3d48
MH		 1220 /* Cancel any potential discoverable timeout that might be
1221 * still active and store new timeout value. The arming of
1222 * the timeout happens in the complete handler.
1223 */
1224 cancel_delayed_work(&hdev->discov_off);
1225 hdev->discov_timeout = timeout;
1226
aed1a885
JH		 1227 if (cp->val)
1228 hci_dev_set_flag(hdev, HCI_DISCOVERABLE);
1229 else
1230 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE);
1231
b456f87c
JH		 1232 /* Limited discoverable mode */
1233 if (cp->val == 0x02)
a1536da2 1234 hci_dev_set_flag(hdev, HCI_LIMITED_DISCOVERABLE);
b456f87c 1235 else
a358dc11 1236 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE);
b456f87c 1237
aed1a885
JH		 1238 queue_work(hdev->req_workqueue, &hdev->discoverable_update);
1239 err = 0;
73f22f62
JH		 1240
1241failed:
09fd0de5 1242 hci_dev_unlock(hdev);
73f22f62
JH		 1243 return err;
1244}
1245
53c0ba74 1246void mgmt_set_connectable_complete(struct hci_dev *hdev, u8 status)
2b76f453 1247{
3b0602cd 1248 struct mgmt_pending_cmd *cmd;
2b76f453
JH		 1249
1250 BT_DBG("status 0x%02x", status);
1251
1252 hci_dev_lock(hdev);
1253
333ae95d 1254 cmd = pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
2b76f453
JH		 1255 if (!cmd)
1256 goto unlock;
1257
37438c1f
JH		 1258 if (status) {
1259 u8 mgmt_err = mgmt_status(status);
a69e8375 1260 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
37438c1f
JH		 1261 goto remove_cmd;
1262 }
1263
2b76f453 1264 send_settings_rsp(cmd->sk, MGMT_OP_SET_CONNECTABLE, hdev);
53c0ba74 1265 new_settings(hdev, cmd->sk);
d7b856f9 1266
37438c1f 1267remove_cmd:
2b76f453
JH		 1268 mgmt_pending_remove(cmd);
1269
1270unlock:
1271 hci_dev_unlock(hdev);
1272}
1273
e8ba3a1f
JH		 1274static int set_connectable_update_settings(struct hci_dev *hdev,
1275 struct sock *sk, u8 val)
1276{
1277 bool changed = false;
1278 int err;
1279
d7a5a11d 1280 if (!!val != hci_dev_test_flag(hdev, HCI_CONNECTABLE))
e8ba3a1f
JH		 1281 changed = true;
1282
1283 if (val) {
a1536da2 1284 hci_dev_set_flag(hdev, HCI_CONNECTABLE);
e8ba3a1f 1285 } else {
a358dc11
MH		 1286 hci_dev_clear_flag(hdev, HCI_CONNECTABLE);
1287 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE);
e8ba3a1f
JH		 1288 }
1289
1290 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
1291 if (err < 0)
1292 return err;
1293
562064e6 1294 if (changed) {
01b1cb87 1295 hci_req_update_scan(hdev);
562064e6 1296 hci_update_background_scan(hdev);
e8ba3a1f 1297 return new_settings(hdev, sk);
562064e6 1298 }
e8ba3a1f
JH		 1299
1300 return 0;
1301}
1302
bdb6d971 1303static int set_connectable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1304 u16 len)
9fbcbb45 1305{
650f726d 1306 struct mgmt_mode *cp = data;
3b0602cd 1307 struct mgmt_pending_cmd *cmd;
9fbcbb45
JH		 1308 int err;
1309
bdb6d971 1310 BT_DBG("request for %s", hdev->name);
9fbcbb45 1311
d7a5a11d
MH		 1312 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED) &&
1313 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
a69e8375
JH		 1314 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1315 MGMT_STATUS_REJECTED);
33c525c0 1316
a7e80f25 1317 if (cp->val != 0x00 && cp->val != 0x01)
a69e8375
JH		 1318 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1319 MGMT_STATUS_INVALID_PARAMS);
a7e80f25 1320
09fd0de5 1321 hci_dev_lock(hdev);
9fbcbb45 1322
4b34ee78 1323 if (!hdev_is_powered(hdev)) {
e8ba3a1f 1324 err = set_connectable_update_settings(hdev, sk, cp->val);
9fbcbb45
JH		 1325 goto failed;
1326 }
1327
333ae95d
JH		 1328 if (pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
1329 pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
a69e8375
JH		 1330 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1331 MGMT_STATUS_BUSY);
9fbcbb45
JH		 1332 goto failed;
1333 }
1334
2e58ef3e 1335 cmd = mgmt_pending_add(sk, MGMT_OP_SET_CONNECTABLE, hdev, data, len);
366a0336
JH		 1336 if (!cmd) {
1337 err = -ENOMEM;
9fbcbb45 1338 goto failed;
366a0336 1339 }
9fbcbb45 1340
53c0ba74
JH		 1341 if (cp->val) {
1342 hci_dev_set_flag(hdev, HCI_CONNECTABLE);
1343 } else {
1344 if (hdev->discov_timeout > 0)
1345 cancel_delayed_work(&hdev->discov_off);
2b76f453 1346
53c0ba74
JH		 1347 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE);
1348 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE);
1349 hci_dev_clear_flag(hdev, HCI_CONNECTABLE);
9b74246f 1350 }
2b76f453 1351
53c0ba74
JH		 1352 queue_work(hdev->req_workqueue, &hdev->connectable_update);
1353 err = 0;
9fbcbb45
JH		 1354
1355failed:
09fd0de5 1356 hci_dev_unlock(hdev);
9fbcbb45
JH		 1357 return err;
1358}
1359
b2939475 1360static int set_bondable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1361 u16 len)
c542a06c 1362{
650f726d 1363 struct mgmt_mode *cp = data;
55594356 1364 bool changed;
c542a06c
JH		 1365 int err;
1366
bdb6d971 1367 BT_DBG("request for %s", hdev->name);
c542a06c 1368
a7e80f25 1369 if (cp->val != 0x00 && cp->val != 0x01)
a69e8375
JH		 1370 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BONDABLE,
1371 MGMT_STATUS_INVALID_PARAMS);
a7e80f25 1372
09fd0de5 1373 hci_dev_lock(hdev);
c542a06c
JH		 1374
1375 if (cp->val)
238be788 1376 changed = !hci_dev_test_and_set_flag(hdev, HCI_BONDABLE);
c542a06c 1377 else
a69d8927 1378 changed = hci_dev_test_and_clear_flag(hdev, HCI_BONDABLE);
c542a06c 1379
b2939475 1380 err = send_settings_rsp(sk, MGMT_OP_SET_BONDABLE, hdev);
c542a06c 1381 if (err < 0)
55594356 1382 goto unlock;
c542a06c 1383
55594356
MH		 1384 if (changed)
1385 err = new_settings(hdev, sk);
c542a06c 1386
55594356 1387unlock:
09fd0de5 1388 hci_dev_unlock(hdev);
c542a06c
JH		 1389 return err;
1390}
1391
04124681
GP		 1392static int set_link_security(struct sock *sk, struct hci_dev *hdev, void *data,
1393 u16 len)
33ef95ed
JH		 1394{
1395 struct mgmt_mode *cp = data;
3b0602cd 1396 struct mgmt_pending_cmd *cmd;
e6fe7986 1397 u8 val, status;
33ef95ed
JH		 1398 int err;
1399
bdb6d971 1400 BT_DBG("request for %s", hdev->name);
33ef95ed 1401
e6fe7986
JH		 1402 status = mgmt_bredr_support(hdev);
1403 if (status)
a69e8375
JH		 1404 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1405 status);
33c525c0 1406
a7e80f25 1407 if (cp->val != 0x00 && cp->val != 0x01)
a69e8375
JH		 1408 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1409 MGMT_STATUS_INVALID_PARAMS);
a7e80f25 1410
33ef95ed
JH		 1411 hci_dev_lock(hdev);
1412
4b34ee78 1413 if (!hdev_is_powered(hdev)) {
47990ea0
JH		 1414 bool changed = false;
1415
d7a5a11d 1416 if (!!cp->val != hci_dev_test_flag(hdev, HCI_LINK_SECURITY)) {
ce05d603 1417 hci_dev_change_flag(hdev, HCI_LINK_SECURITY);
47990ea0
JH		 1418 changed = true;
1419 }
1420
1421 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1422 if (err < 0)
1423 goto failed;
1424
1425 if (changed)
1426 err = new_settings(hdev, sk);
1427
33ef95ed
JH		 1428 goto failed;
1429 }
1430
333ae95d 1431 if (pending_find(MGMT_OP_SET_LINK_SECURITY, hdev)) {
a69e8375
JH		 1432 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1433 MGMT_STATUS_BUSY);
33ef95ed
JH		 1434 goto failed;
1435 }
1436
1437 val = !!cp->val;
1438
1439 if (test_bit(HCI_AUTH, &hdev->flags) == val) {
1440 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1441 goto failed;
1442 }
1443
1444 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LINK_SECURITY, hdev, data, len);
1445 if (!cmd) {
1446 err = -ENOMEM;
1447 goto failed;
1448 }
1449
1450 err = hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE, sizeof(val), &val);
1451 if (err < 0) {
1452 mgmt_pending_remove(cmd);
1453 goto failed;
1454 }
1455
1456failed:
1457 hci_dev_unlock(hdev);
33ef95ed
JH		 1458 return err;
1459}
1460
bdb6d971 1461static int set_ssp(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
ed2c4ee3
JH		 1462{
1463 struct mgmt_mode *cp = data;
3b0602cd 1464 struct mgmt_pending_cmd *cmd;
72ef0c1a 1465 u8 status;
ed2c4ee3
JH		 1466 int err;
1467
bdb6d971 1468 BT_DBG("request for %s", hdev->name);
ed2c4ee3 1469
cdba5281
MH		 1470 status = mgmt_bredr_support(hdev);
1471 if (status)
a69e8375 1472 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP, status);
cdba5281 1473
13ecd8b6 1474 if (!lmp_ssp_capable(hdev))
a69e8375
JH		 1475 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1476 MGMT_STATUS_NOT_SUPPORTED);
ed2c4ee3 1477
a7e80f25 1478 if (cp->val != 0x00 && cp->val != 0x01)
a69e8375
JH		 1479 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1480 MGMT_STATUS_INVALID_PARAMS);
a7e80f25 1481
13ecd8b6 1482 hci_dev_lock(hdev);
6c8f12c1 1483
4b34ee78 1484 if (!hdev_is_powered(hdev)) {
9ecb3e24 1485 bool changed;
c0ecddc2 1486
9ecb3e24 1487 if (cp->val) {
238be788
MH		 1488 changed = !hci_dev_test_and_set_flag(hdev,
1489 HCI_SSP_ENABLED);
9ecb3e24 1490 } else {
a69d8927
MH		 1491 changed = hci_dev_test_and_clear_flag(hdev,
1492 HCI_SSP_ENABLED);
9ecb3e24 1493 if (!changed)
a69d8927
MH		 1494 changed = hci_dev_test_and_clear_flag(hdev,
1495 HCI_HS_ENABLED);
9ecb3e24 1496 else
a358dc11 1497 hci_dev_clear_flag(hdev, HCI_HS_ENABLED);
c0ecddc2
JH		 1498 }
1499
1500 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1501 if (err < 0)
1502 goto failed;
1503
1504 if (changed)
1505 err = new_settings(hdev, sk);
1506
ed2c4ee3
JH		 1507 goto failed;
1508 }
1509
333ae95d 1510 if (pending_find(MGMT_OP_SET_SSP, hdev)) {
a69e8375
JH		 1511 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1512 MGMT_STATUS_BUSY);
ed2c4ee3
JH		 1513 goto failed;
1514 }
1515
d7a5a11d 1516 if (!!cp->val == hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) {
ed2c4ee3
JH		 1517 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1518 goto failed;
1519 }
1520
1521 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SSP, hdev, data, len);
1522 if (!cmd) {
1523 err = -ENOMEM;
1524 goto failed;
1525 }
1526
d7a5a11d 1527 if (!cp->val && hci_dev_test_flag(hdev, HCI_USE_DEBUG_KEYS))
3769972b
JH		 1528 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_DEBUG_MODE,
1529 sizeof(cp->val), &cp->val);
1530
72ef0c1a 1531 err = hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, 1, &cp->val);
ed2c4ee3
JH		 1532 if (err < 0) {
1533 mgmt_pending_remove(cmd);
1534 goto failed;
1535 }
1536
1537failed:
1538 hci_dev_unlock(hdev);
ed2c4ee3
JH		 1539 return err;
1540}
1541
bdb6d971 1542static int set_hs(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
6d80dfd0
JH		 1543{
1544 struct mgmt_mode *cp = data;
ee392693 1545 bool changed;
e6fe7986 1546 u8 status;
ee392693 1547 int err;
6d80dfd0 1548
bdb6d971 1549 BT_DBG("request for %s", hdev->name);
6d80dfd0 1550
e6fe7986
JH		 1551 status = mgmt_bredr_support(hdev);
1552 if (status)
a69e8375 1553 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS, status);
6d80dfd0 1554
9ecb3e24 1555 if (!lmp_ssp_capable(hdev))
a69e8375
JH		 1556 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1557 MGMT_STATUS_NOT_SUPPORTED);
9ecb3e24 1558
d7a5a11d 1559 if (!hci_dev_test_flag(hdev, HCI_SSP_ENABLED))
a69e8375
JH		 1560 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1561 MGMT_STATUS_REJECTED);
9ecb3e24 1562
a7e80f25 1563 if (cp->val != 0x00 && cp->val != 0x01)
a69e8375
JH		 1564 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1565 MGMT_STATUS_INVALID_PARAMS);
a7e80f25 1566
ee392693
MH		 1567 hci_dev_lock(hdev);
1568
333ae95d 1569 if (pending_find(MGMT_OP_SET_SSP, hdev)) {
a69e8375
JH		 1570 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1571 MGMT_STATUS_BUSY);
a2cb01de
JH		 1572 goto unlock;
1573 }
1574
a0cdf960 1575 if (cp->val) {
238be788 1576 changed = !hci_dev_test_and_set_flag(hdev, HCI_HS_ENABLED);
a0cdf960
MH		 1577 } else {
1578 if (hdev_is_powered(hdev)) {
a69e8375
JH		 1579 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1580 MGMT_STATUS_REJECTED);
a0cdf960
MH		 1581 goto unlock;
1582 }
1583
a69d8927 1584 changed = hci_dev_test_and_clear_flag(hdev, HCI_HS_ENABLED);
a0cdf960 1585 }
ee392693
MH		 1586
1587 err = send_settings_rsp(sk, MGMT_OP_SET_HS, hdev);
1588 if (err < 0)
1589 goto unlock;
1590
1591 if (changed)
1592 err = new_settings(hdev, sk);
6d80dfd0 1593
ee392693
MH		 1594unlock:
1595 hci_dev_unlock(hdev);
1596 return err;
6d80dfd0
JH		 1597}
1598
1904a853 1599static void le_enable_complete(struct hci_dev *hdev, u8 status, u16 opcode)
416a4ae5
JH		 1600{
1601 struct cmd_lookup match = { NULL, hdev };
1602
3ad67582
JK		 1603 hci_dev_lock(hdev);
1604
416a4ae5
JH		 1605 if (status) {
1606 u8 mgmt_err = mgmt_status(status);
1607
1608 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, cmd_status_rsp,
1609 &mgmt_err);
3ad67582 1610 goto unlock;
416a4ae5
JH		 1611 }
1612
1613 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, settings_rsp, &match);
1614
1615 new_settings(hdev, match.sk);
1616
1617 if (match.sk)
1618 sock_put(match.sk);
441ad2d0
MH		 1619
1620 /* Make sure the controller has a good default for
1621 * advertising data. Restrict the update to when LE
1622 * has actually been enabled. During power on, the
1623 * update in powered_update_hci will take care of it.
1624 */
d7a5a11d 1625 if (hci_dev_test_flag(hdev, HCI_LE_ENABLED)) {
441ad2d0
MH		 1626 struct hci_request req;
1627
441ad2d0 1628 hci_req_init(&req, hdev);
f2252570
JH		 1629 __hci_req_update_adv_data(&req, HCI_ADV_CURRENT);
1630 __hci_req_update_scan_rsp_data(&req, HCI_ADV_CURRENT);
441ad2d0 1631 hci_req_run(&req, NULL);
2e93e53b 1632 hci_update_background_scan(hdev);
441ad2d0 1633 }
3ad67582
JK		 1634
1635unlock:
1636 hci_dev_unlock(hdev);
416a4ae5
JH		 1637}
1638
bdb6d971 1639static int set_le(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
06199cf8
JH		 1640{
1641 struct mgmt_mode *cp = data;
1642 struct hci_cp_write_le_host_supported hci_cp;
3b0602cd 1643 struct mgmt_pending_cmd *cmd;
416a4ae5 1644 struct hci_request req;
06199cf8 1645 int err;
0b60eba1 1646 u8 val, enabled;
06199cf8 1647
bdb6d971 1648 BT_DBG("request for %s", hdev->name);
06199cf8 1649
13ecd8b6 1650 if (!lmp_le_capable(hdev))
a69e8375
JH		 1651 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1652 MGMT_STATUS_NOT_SUPPORTED);
1de028ce 1653
a7e80f25 1654 if (cp->val != 0x00 && cp->val != 0x01)
a69e8375
JH		 1655 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1656 MGMT_STATUS_INVALID_PARAMS);
a7e80f25 1657
e7844ee5
MH		 1658 /* Bluetooth single mode LE only controllers or dual-mode
1659 * controllers configured as LE only devices, do not allow
1660 * switching LE off. These have either LE enabled explicitly
1661 * or BR/EDR has been previously switched off.
1662 *
1663 * When trying to enable an already enabled LE, then gracefully
1664 * send a positive response. Trying to disable it however will
1665 * result into rejection.
1666 */
1667 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) {
1668 if (cp->val == 0x01)
1669 return send_settings_rsp(sk, MGMT_OP_SET_LE, hdev);
1670
a69e8375
JH		 1671 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1672 MGMT_STATUS_REJECTED);
e7844ee5 1673 }
c73eee91 1674
13ecd8b6 1675 hci_dev_lock(hdev);
06199cf8
JH		 1676
1677 val = !!cp->val;
ffa88e02 1678 enabled = lmp_host_le_capable(hdev);
06199cf8 1679
847818d9 1680 if (!val)
f2252570 1681 hci_req_clear_adv_instance(hdev, NULL, 0x00, true);
847818d9 1682
0b60eba1 1683 if (!hdev_is_powered(hdev) || val == enabled) {
06199cf8
JH		 1684 bool changed = false;
1685
d7a5a11d 1686 if (val != hci_dev_test_flag(hdev, HCI_LE_ENABLED)) {
ce05d603 1687 hci_dev_change_flag(hdev, HCI_LE_ENABLED);
06199cf8
JH		 1688 changed = true;
1689 }
1690
d7a5a11d 1691 if (!val && hci_dev_test_flag(hdev, HCI_ADVERTISING)) {
a358dc11 1692 hci_dev_clear_flag(hdev, HCI_ADVERTISING);
eeca6f89
JH		 1693 changed = true;
1694 }
1695
06199cf8
JH		 1696 err = send_settings_rsp(sk, MGMT_OP_SET_LE, hdev);
1697 if (err < 0)
1de028ce 1698 goto unlock;
06199cf8
JH		 1699
1700 if (changed)
1701 err = new_settings(hdev, sk);
1702
1de028ce 1703 goto unlock;
06199cf8
JH		 1704 }
1705
333ae95d
JH		 1706 if (pending_find(MGMT_OP_SET_LE, hdev) ||
1707 pending_find(MGMT_OP_SET_ADVERTISING, hdev)) {
a69e8375
JH		 1708 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1709 MGMT_STATUS_BUSY);
1de028ce 1710 goto unlock;
06199cf8
JH		 1711 }
1712
1713 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LE, hdev, data, len);
1714 if (!cmd) {
1715 err = -ENOMEM;
1de028ce 1716 goto unlock;
06199cf8
JH		 1717 }
1718
441ad2d0
MH		 1719 hci_req_init(&req, hdev);
1720
06199cf8
JH		 1721 memset(&hci_cp, 0, sizeof(hci_cp));
1722
1723 if (val) {
1724 hci_cp.le = val;
32226e4f 1725 hci_cp.simul = 0x00;
441ad2d0 1726 } else {
d7a5a11d 1727 if (hci_dev_test_flag(hdev, HCI_LE_ADV))
f2252570 1728 __hci_req_disable_advertising(&req);
06199cf8
JH		 1729 }
1730
416a4ae5
JH		 1731 hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(hci_cp),
1732 &hci_cp);
1733
1734 err = hci_req_run(&req, le_enable_complete);
0c01bc48 1735 if (err < 0)
06199cf8 1736 mgmt_pending_remove(cmd);
06199cf8 1737
1de028ce
JH		 1738unlock:
1739 hci_dev_unlock(hdev);
06199cf8
JH		 1740 return err;
1741}
1742
0cab9c80
JH		 1743/* This is a helper function to test for pending mgmt commands that can
1744 * cause CoD or EIR HCI commands. We can only allow one such pending
1745 * mgmt command at a time since otherwise we cannot easily track what
1746 * the current values are, will be, and based on that calculate if a new
1747 * HCI command needs to be sent and if yes with what value.
1748 */
1749static bool pending_eir_or_class(struct hci_dev *hdev)
1750{
3b0602cd 1751 struct mgmt_pending_cmd *cmd;
0cab9c80
JH		 1752
1753 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
1754 switch (cmd->opcode) {
1755 case MGMT_OP_ADD_UUID:
1756 case MGMT_OP_REMOVE_UUID:
1757 case MGMT_OP_SET_DEV_CLASS:
1758 case MGMT_OP_SET_POWERED:
1759 return true;
1760 }
1761 }
1762
1763 return false;
1764}
1765
83be8eca
JH		 1766static const u8 bluetooth_base_uuid[] = {
1767 0xfb, 0x34, 0x9b, 0x5f, 0x80, 0x00, 0x00, 0x80,
1768 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1769};
1770
1771static u8 get_uuid_size(const u8 *uuid)
1772{
1773 u32 val;
1774
1775 if (memcmp(uuid, bluetooth_base_uuid, 12))
1776 return 128;
1777
1778 val = get_unaligned_le32(&uuid[12]);
1779 if (val > 0xffff)
1780 return 32;
1781
1782 return 16;
1783}
1784
92da6097
JH		 1785static void mgmt_class_complete(struct hci_dev *hdev, u16 mgmt_op, u8 status)
1786{
3b0602cd 1787 struct mgmt_pending_cmd *cmd;
92da6097
JH		 1788
1789 hci_dev_lock(hdev);
1790
333ae95d 1791 cmd = pending_find(mgmt_op, hdev);
92da6097
JH		 1792 if (!cmd)
1793 goto unlock;
1794
2a1afb5a
JH		 1795 mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode,
1796 mgmt_status(status), hdev->dev_class, 3);
92da6097
JH		 1797
1798 mgmt_pending_remove(cmd);
1799
1800unlock:
1801 hci_dev_unlock(hdev);
1802}
1803
1904a853 1804static void add_uuid_complete(struct hci_dev *hdev, u8 status, u16 opcode)
92da6097
JH		 1805{
1806 BT_DBG("status 0x%02x", status);
1807
1808 mgmt_class_complete(hdev, MGMT_OP_ADD_UUID, status);
1809}
1810
bdb6d971 1811static int add_uuid(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
2aeb9a1a 1812{
650f726d 1813 struct mgmt_cp_add_uuid *cp = data;
3b0602cd 1814 struct mgmt_pending_cmd *cmd;
890ea898 1815 struct hci_request req;
2aeb9a1a 1816 struct bt_uuid *uuid;
2aeb9a1a
JH		 1817 int err;
1818
bdb6d971 1819 BT_DBG("request for %s", hdev->name);
2aeb9a1a 1820
09fd0de5 1821 hci_dev_lock(hdev);
2aeb9a1a 1822
0cab9c80 1823 if (pending_eir_or_class(hdev)) {
a69e8375
JH		 1824 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_UUID,
1825 MGMT_STATUS_BUSY);
c95f0ba7
JH		 1826 goto failed;
1827 }
1828
92c4c204 1829 uuid = kmalloc(sizeof(*uuid), GFP_KERNEL);
2aeb9a1a
JH		 1830 if (!uuid) {
1831 err = -ENOMEM;
1832 goto failed;
1833 }
1834
1835 memcpy(uuid->uuid, cp->uuid, 16);
1aff6f09 1836 uuid->svc_hint = cp->svc_hint;
83be8eca 1837 uuid->size = get_uuid_size(cp->uuid);
2aeb9a1a 1838
de66aa63 1839 list_add_tail(&uuid->list, &hdev->uuids);
2aeb9a1a 1840
890ea898 1841 hci_req_init(&req, hdev);
1aff6f09 1842
14bf5eac 1843 __hci_req_update_class(&req);
b1a8917c 1844 __hci_req_update_eir(&req);
890ea898 1845
92da6097
JH		 1846 err = hci_req_run(&req, add_uuid_complete);
1847 if (err < 0) {
1848 if (err != -ENODATA)
1849 goto failed;
80a1e1db 1850
2a1afb5a
JH		 1851 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_UUID, 0,
1852 hdev->dev_class, 3);
90e70454
JH		 1853 goto failed;
1854 }
1855
1856 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_UUID, hdev, data, len);
890ea898 1857 if (!cmd) {
90e70454 1858 err = -ENOMEM;
890ea898
JH		 1859 goto failed;
1860 }
1861
1862 err = 0;
2aeb9a1a
JH		 1863
1864failed:
09fd0de5 1865 hci_dev_unlock(hdev);
2aeb9a1a
JH		 1866 return err;
1867}
1868
24b78d0f
JH		 1869static bool enable_service_cache(struct hci_dev *hdev)
1870{
1871 if (!hdev_is_powered(hdev))
1872 return false;
1873
238be788 1874 if (!hci_dev_test_and_set_flag(hdev, HCI_SERVICE_CACHE)) {
46818ed5
JH		 1875 queue_delayed_work(hdev->workqueue, &hdev->service_cache,
1876 CACHE_TIMEOUT);
24b78d0f
JH		 1877 return true;
1878 }
1879
1880 return false;
1881}
1882
1904a853 1883static void remove_uuid_complete(struct hci_dev *hdev, u8 status, u16 opcode)
92da6097
JH		 1884{
1885 BT_DBG("status 0x%02x", status);
1886
1887 mgmt_class_complete(hdev, MGMT_OP_REMOVE_UUID, status);
1888}
1889
bdb6d971 1890static int remove_uuid(struct sock *sk, struct hci_dev *hdev, void *data,
8ce8e2b5 1891 u16 len)
2aeb9a1a 1892{
650f726d 1893 struct mgmt_cp_remove_uuid *cp = data;
3b0602cd 1894 struct mgmt_pending_cmd *cmd;
056341c8 1895 struct bt_uuid *match, *tmp;
2aeb9a1a 1896 u8 bt_uuid_any[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
890ea898 1897 struct hci_request req;
2aeb9a1a
JH		 1898 int err, found;
1899
bdb6d971 1900 BT_DBG("request for %s", hdev->name);
2aeb9a1a 1901
09fd0de5 1902 hci_dev_lock(hdev);
2aeb9a1a 1903
0cab9c80 1904 if (pending_eir_or_class(hdev)) {
a69e8375
JH		 1905 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
1906 MGMT_STATUS_BUSY);
c95f0ba7
JH		 1907 goto unlock;
1908 }
1909
2aeb9a1a 1910 if (memcmp(cp->uuid, bt_uuid_any, 16) == 0) {
35f7498a 1911 hci_uuids_clear(hdev);
4004b6d9 1912
24b78d0f 1913 if (enable_service_cache(hdev)) {
2a1afb5a
JH		 1914 err = mgmt_cmd_complete(sk, hdev->id,
1915 MGMT_OP_REMOVE_UUID,
1916 0, hdev->dev_class, 3);
24b78d0f
JH		 1917 goto unlock;
1918 }
4004b6d9 1919
9246a869 1920 goto update_class;
2aeb9a1a
JH		 1921 }
1922
1923 found = 0;
1924
056341c8 1925 list_for_each_entry_safe(match, tmp, &hdev->uuids, list) {
2aeb9a1a
JH		 1926 if (memcmp(match->uuid, cp->uuid, 16) != 0)
1927 continue;
1928
1929 list_del(&match->list);
482049f7 1930 kfree(match);
2aeb9a1a
JH		 1931 found++;
1932 }
1933
1934 if (found == 0) {
a69e8375
JH		 1935 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
1936 MGMT_STATUS_INVALID_PARAMS);
2aeb9a1a
JH		 1937 goto unlock;
1938 }
1939
9246a869 1940update_class:
890ea898 1941 hci_req_init(&req, hdev);
1aff6f09 1942
14bf5eac 1943 __hci_req_update_class(&req);
b1a8917c 1944 __hci_req_update_eir(&req);
890ea898 1945
92da6097
JH		 1946 err = hci_req_run(&req, remove_uuid_complete);
1947 if (err < 0) {
1948 if (err != -ENODATA)
1949 goto unlock;
80a1e1db 1950
2a1afb5a
JH		 1951 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID, 0,
1952 hdev->dev_class, 3);
90e70454
JH		 1953 goto unlock;
1954 }
1955
1956 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_UUID, hdev, data, len);
890ea898 1957 if (!cmd) {
90e70454 1958 err = -ENOMEM;
890ea898
JH		 1959 goto unlock;
1960 }
1961
1962 err = 0;
2aeb9a1a
JH		 1963
1964unlock:
09fd0de5 1965 hci_dev_unlock(hdev);
2aeb9a1a
JH		 1966 return err;
1967}
1968
1904a853 1969static void set_class_complete(struct hci_dev *hdev, u8 status, u16 opcode)
92da6097
JH		 1970{
1971 BT_DBG("status 0x%02x", status);
1972
1973 mgmt_class_complete(hdev, MGMT_OP_SET_DEV_CLASS, status);
1974}
1975
bdb6d971 1976static int set_dev_class(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1977 u16 len)
1aff6f09 1978{
650f726d 1979 struct mgmt_cp_set_dev_class *cp = data;
3b0602cd 1980 struct mgmt_pending_cmd *cmd;
890ea898 1981 struct hci_request req;
1aff6f09
JH		 1982 int err;
1983
bdb6d971 1984 BT_DBG("request for %s", hdev->name);
1aff6f09 1985
6203fc98 1986 if (!lmp_bredr_capable(hdev))
a69e8375
JH		 1987 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
1988 MGMT_STATUS_NOT_SUPPORTED);
1aff6f09 1989
0cab9c80 1990 hci_dev_lock(hdev);
ee98f473 1991
0cab9c80 1992 if (pending_eir_or_class(hdev)) {
a69e8375
JH		 1993 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
1994 MGMT_STATUS_BUSY);
0cab9c80
JH		 1995 goto unlock;
1996 }
c95f0ba7 1997
0cab9c80 1998 if ((cp->minor & 0x03) != 0 || (cp->major & 0xe0) != 0) {
a69e8375
JH		 1999 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2000 MGMT_STATUS_INVALID_PARAMS);
0cab9c80
JH		 2001 goto unlock;
2002 }
575b3a02 2003
932f5ff5
JH		 2004 hdev->major_class = cp->major;
2005 hdev->minor_class = cp->minor;
2006
b5235a65 2007 if (!hdev_is_powered(hdev)) {
2a1afb5a
JH		 2008 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
2009 hdev->dev_class, 3);
b5235a65
JH		 2010 goto unlock;
2011 }
2012
890ea898
JH		 2013 hci_req_init(&req, hdev);
2014
a69d8927 2015 if (hci_dev_test_and_clear_flag(hdev, HCI_SERVICE_CACHE)) {
7d78525d
JH		 2016 hci_dev_unlock(hdev);
2017 cancel_delayed_work_sync(&hdev->service_cache);
2018 hci_dev_lock(hdev);
b1a8917c 2019 __hci_req_update_eir(&req);
7d78525d 2020 }
14c0b608 2021
14bf5eac 2022 __hci_req_update_class(&req);
890ea898 2023
92da6097
JH		 2024 err = hci_req_run(&req, set_class_complete);
2025 if (err < 0) {
2026 if (err != -ENODATA)
2027 goto unlock;
1aff6f09 2028
2a1afb5a
JH		 2029 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
2030 hdev->dev_class, 3);
90e70454
JH		 2031 goto unlock;
2032 }
2033
2034 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DEV_CLASS, hdev, data, len);
890ea898 2035 if (!cmd) {
90e70454 2036 err = -ENOMEM;
890ea898
JH		 2037 goto unlock;
2038 }
2039
2040 err = 0;
1aff6f09 2041
b5235a65 2042unlock:
09fd0de5 2043 hci_dev_unlock(hdev);
1aff6f09
JH		 2044 return err;
2045}
2046
bdb6d971 2047static int load_link_keys(struct sock *sk, struct hci_dev *hdev, void *data,
8ce8e2b5 2048 u16 len)
55ed8ca1 2049{
650f726d 2050 struct mgmt_cp_load_link_keys *cp = data;
ba1d6936
JH		 2051 const u16 max_key_count = ((U16_MAX - sizeof(*cp)) /
2052 sizeof(struct mgmt_link_key_info));
4e51eae9 2053 u16 key_count, expected_len;
b1de97d8 2054 bool changed;
a492cd52 2055 int i;
55ed8ca1 2056
9060d5cf
MH		 2057 BT_DBG("request for %s", hdev->name);
2058
2059 if (!lmp_bredr_capable(hdev))
a69e8375
JH		 2060 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2061 MGMT_STATUS_NOT_SUPPORTED);
9060d5cf 2062
1f350c87 2063 key_count = __le16_to_cpu(cp->key_count);
ba1d6936
JH		 2064 if (key_count > max_key_count) {
2065 BT_ERR("load_link_keys: too big key_count value %u",
2066 key_count);
a69e8375
JH		 2067 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2068 MGMT_STATUS_INVALID_PARAMS);
ba1d6936 2069 }
55ed8ca1 2070
86742e1e
JH		 2071 expected_len = sizeof(*cp) + key_count *
2072 sizeof(struct mgmt_link_key_info);
a492cd52 2073 if (expected_len != len) {
86742e1e 2074 BT_ERR("load_link_keys: expected %u bytes, got %u bytes",
2606ecbc 2075 expected_len, len);
a69e8375
JH		 2076 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2077 MGMT_STATUS_INVALID_PARAMS);
55ed8ca1
JH		 2078 }
2079
4ae14301 2080 if (cp->debug_keys != 0x00 && cp->debug_keys != 0x01)
a69e8375
JH		 2081 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2082 MGMT_STATUS_INVALID_PARAMS);
4ae14301 2083
bdb6d971 2084 BT_DBG("%s debug_keys %u key_count %u", hdev->name, cp->debug_keys,
8ce8e2b5 2085 key_count);
55ed8ca1 2086
4ee71b20
JH		 2087 for (i = 0; i < key_count; i++) {
2088 struct mgmt_link_key_info *key = &cp->keys[i];
2089
8e991132 2090 if (key->addr.type != BDADDR_BREDR || key->type > 0x08)
a69e8375
JH		 2091 return mgmt_cmd_status(sk, hdev->id,
2092 MGMT_OP_LOAD_LINK_KEYS,
2093 MGMT_STATUS_INVALID_PARAMS);
4ee71b20
JH		 2094 }
2095
09fd0de5 2096 hci_dev_lock(hdev);
55ed8ca1
JH		 2097
2098 hci_link_keys_clear(hdev);
2099
55ed8ca1 2100 if (cp->debug_keys)
238be788 2101 changed = !hci_dev_test_and_set_flag(hdev, HCI_KEEP_DEBUG_KEYS);
55ed8ca1 2102 else
a69d8927
MH		 2103 changed = hci_dev_test_and_clear_flag(hdev,
2104 HCI_KEEP_DEBUG_KEYS);
b1de97d8
MH		 2105
2106 if (changed)
2107 new_settings(hdev, NULL);
55ed8ca1 2108
a492cd52 2109 for (i = 0; i < key_count; i++) {
86742e1e 2110 struct mgmt_link_key_info *key = &cp->keys[i];
55ed8ca1 2111
58e9293c
JH		 2112 /* Always ignore debug keys and require a new pairing if
2113 * the user wants to use them.
2114 */
2115 if (key->type == HCI_LK_DEBUG_COMBINATION)
2116 continue;
2117
7652ff6a
JH		 2118 hci_add_link_key(hdev, NULL, &key->addr.bdaddr, key->val,
2119 key->type, key->pin_len, NULL);
55ed8ca1
JH		 2120 }
2121
2a1afb5a 2122 mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS, 0, NULL, 0);
0e5f875a 2123
09fd0de5 2124 hci_dev_unlock(hdev);
55ed8ca1 2125
a492cd52 2126 return 0;
55ed8ca1
JH		 2127}
2128
b1078ad0 2129static int device_unpaired(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 2130 u8 addr_type, struct sock *skip_sk)
b1078ad0
JH		 2131{
2132 struct mgmt_ev_device_unpaired ev;
2133
2134 bacpy(&ev.addr.bdaddr, bdaddr);
2135 ev.addr.type = addr_type;
2136
2137 return mgmt_event(MGMT_EV_DEVICE_UNPAIRED, hdev, &ev, sizeof(ev),
04124681 2138 skip_sk);
b1078ad0
JH		 2139}
2140
bdb6d971 2141static int unpair_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2142 u16 len)
55ed8ca1 2143{
124f6e35
JH		 2144 struct mgmt_cp_unpair_device *cp = data;
2145 struct mgmt_rp_unpair_device rp;
fc64361a 2146 struct hci_conn_params *params;
3b0602cd 2147 struct mgmt_pending_cmd *cmd;
55ed8ca1 2148 struct hci_conn *conn;
ec182f03 2149 u8 addr_type;
55ed8ca1
JH		 2150 int err;
2151
a8a1d19e 2152 memset(&rp, 0, sizeof(rp));
124f6e35
JH		 2153 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2154 rp.addr.type = cp->addr.type;
a8a1d19e 2155
4ee71b20 2156 if (!bdaddr_type_is_valid(cp->addr.type))
2a1afb5a
JH		 2157 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2158 MGMT_STATUS_INVALID_PARAMS,
2159 &rp, sizeof(rp));
4ee71b20 2160
118da70b 2161 if (cp->disconnect != 0x00 && cp->disconnect != 0x01)
2a1afb5a
JH		 2162 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2163 MGMT_STATUS_INVALID_PARAMS,
2164 &rp, sizeof(rp));
118da70b 2165
4ee71b20
JH		 2166 hci_dev_lock(hdev);
2167
86a8cfc6 2168 if (!hdev_is_powered(hdev)) {
2a1afb5a
JH		 2169 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2170 MGMT_STATUS_NOT_POWERED, &rp,
2171 sizeof(rp));
86a8cfc6
JH		 2172 goto unlock;
2173 }
2174
e0b2b27e 2175 if (cp->addr.type == BDADDR_BREDR) {
89cbb063
AA		 2176 /* If disconnection is requested, then look up the
2177 * connection. If the remote device is connected, it
2178 * will be later used to terminate the link.
2179 *
2180 * Setting it to NULL explicitly will cause no
2181 * termination of the link.
2182 */
2183 if (cp->disconnect)
2184 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
2185 &cp->addr.bdaddr);
2186 else
2187 conn = NULL;
2188
124f6e35 2189 err = hci_remove_link_key(hdev, &cp->addr.bdaddr);
ec182f03
JH		 2190 if (err < 0) {
2191 err = mgmt_cmd_complete(sk, hdev->id,
2192 MGMT_OP_UNPAIR_DEVICE,
2193 MGMT_STATUS_NOT_PAIRED, &rp,
2194 sizeof(rp));
2195 goto unlock;
89cbb063
AA		 2196 }
2197
ec182f03 2198 goto done;
e0b2b27e 2199 }
b0dbfb46 2200
ec182f03
JH		 2201 /* LE address type */
2202 addr_type = le_addr_type(cp->addr.type);
2203
2204 hci_remove_irk(hdev, &cp->addr.bdaddr, addr_type);
2205
2206 err = hci_remove_ltk(hdev, &cp->addr.bdaddr, addr_type);
55ed8ca1 2207 if (err < 0) {
2a1afb5a
JH		 2208 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2209 MGMT_STATUS_NOT_PAIRED, &rp,
2210 sizeof(rp));
55ed8ca1
JH		 2211 goto unlock;
2212 }
2213
ec182f03
JH		 2214 conn = hci_conn_hash_lookup_le(hdev, &cp->addr.bdaddr, addr_type);
2215 if (!conn) {
2216 hci_conn_params_del(hdev, &cp->addr.bdaddr, addr_type);
2217 goto done;
2218 }
2219
c81d555a
JH		 2220 /* Abort any ongoing SMP pairing */
2221 smp_cancel_pairing(conn);
2222
ec182f03
JH		 2223 /* Defer clearing up the connection parameters until closing to
2224 * give a chance of keeping them if a repairing happens.
2225 */
2226 set_bit(HCI_CONN_PARAM_REMOVAL_PEND, &conn->flags);
2227
fc64361a
JH		 2228 /* Disable auto-connection parameters if present */
2229 params = hci_conn_params_lookup(hdev, &cp->addr.bdaddr, addr_type);
2230 if (params) {
2231 if (params->explicit_connect)
2232 params->auto_connect = HCI_AUTO_CONN_EXPLICIT;
2233 else
2234 params->auto_connect = HCI_AUTO_CONN_DISABLED;
2235 }
2236
ec182f03
JH		 2237 /* If disconnection is not requested, then clear the connection
2238 * variable so that the link is not terminated.
2239 */
2240 if (!cp->disconnect)
2241 conn = NULL;
2242
2243done:
89cbb063
AA		 2244 /* If the connection variable is set, then termination of the
2245 * link is requested.
2246 */
a8a1d19e 2247 if (!conn) {
2a1afb5a
JH		 2248 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE, 0,
2249 &rp, sizeof(rp));
b1078ad0 2250 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, sk);
a8a1d19e
JH		 2251 goto unlock;
2252 }
55ed8ca1 2253
124f6e35 2254 cmd = mgmt_pending_add(sk, MGMT_OP_UNPAIR_DEVICE, hdev, cp,
04124681 2255 sizeof(*cp));
a8a1d19e
JH		 2256 if (!cmd) {
2257 err = -ENOMEM;
2258 goto unlock;
55ed8ca1
JH		 2259 }
2260
d8b7b1e4
JH		 2261 cmd->cmd_complete = addr_cmd_complete;
2262
89e0ccc8 2263 err = hci_abort_conn(conn, HCI_ERROR_REMOTE_USER_TERM);
a8a1d19e
JH		 2264 if (err < 0)
2265 mgmt_pending_remove(cmd);
2266
55ed8ca1 2267unlock:
09fd0de5 2268 hci_dev_unlock(hdev);
55ed8ca1
JH		 2269 return err;
2270}
2271
bdb6d971 2272static int disconnect(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2273 u16 len)
8962ee74 2274{
650f726d 2275 struct mgmt_cp_disconnect *cp = data;
06a63b19 2276 struct mgmt_rp_disconnect rp;
3b0602cd 2277 struct mgmt_pending_cmd *cmd;
8962ee74 2278 struct hci_conn *conn;
8962ee74
JH		 2279 int err;
2280
2281 BT_DBG("");
2282
06a63b19
JH		 2283 memset(&rp, 0, sizeof(rp));
2284 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2285 rp.addr.type = cp->addr.type;
2286
4ee71b20 2287 if (!bdaddr_type_is_valid(cp->addr.type))
2a1afb5a
JH		 2288 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2289 MGMT_STATUS_INVALID_PARAMS,
2290 &rp, sizeof(rp));
4ee71b20 2291
09fd0de5 2292 hci_dev_lock(hdev);
8962ee74
JH		 2293
2294 if (!test_bit(HCI_UP, &hdev->flags)) {
2a1afb5a
JH		 2295 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2296 MGMT_STATUS_NOT_POWERED, &rp,
2297 sizeof(rp));
8962ee74
JH		 2298 goto failed;
2299 }
2300
333ae95d 2301 if (pending_find(MGMT_OP_DISCONNECT, hdev)) {
2a1afb5a
JH		 2302 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2303 MGMT_STATUS_BUSY, &rp, sizeof(rp));
8962ee74
JH		 2304 goto failed;
2305 }
2306
591f47f3 2307 if (cp->addr.type == BDADDR_BREDR)
8fc9ced3
GP		 2308 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
2309 &cp->addr.bdaddr);
88c3df13 2310 else
9d4c1cc1
JH		 2311 conn = hci_conn_hash_lookup_le(hdev, &cp->addr.bdaddr,
2312 le_addr_type(cp->addr.type));
365227e5 2313
f960727e 2314 if (!conn || conn->state == BT_OPEN || conn->state == BT_CLOSED) {
2a1afb5a
JH		 2315 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2316 MGMT_STATUS_NOT_CONNECTED, &rp,
2317 sizeof(rp));
8962ee74
JH		 2318 goto failed;
2319 }
2320
2e58ef3e 2321 cmd = mgmt_pending_add(sk, MGMT_OP_DISCONNECT, hdev, data, len);
366a0336
JH		 2322 if (!cmd) {
2323 err = -ENOMEM;
8962ee74 2324 goto failed;
366a0336 2325 }
8962ee74 2326
f5818c22
JH		 2327 cmd->cmd_complete = generic_cmd_complete;
2328
e3f2f92a 2329 err = hci_disconnect(conn, HCI_ERROR_REMOTE_USER_TERM);
8962ee74 2330 if (err < 0)
a664b5bc 2331 mgmt_pending_remove(cmd);
8962ee74
JH		 2332
2333failed:
09fd0de5 2334 hci_dev_unlock(hdev);
8962ee74
JH		 2335 return err;
2336}
2337
57c1477c 2338static u8 link_to_bdaddr(u8 link_type, u8 addr_type)
4c659c39
JH		 2339{
2340 switch (link_type) {
2341 case LE_LINK:
48264f06
JH		 2342 switch (addr_type) {
2343 case ADDR_LE_DEV_PUBLIC:
591f47f3 2344 return BDADDR_LE_PUBLIC;
0ed09148 2345
48264f06 2346 default:
0ed09148 2347 /* Fallback to LE Random address type */
591f47f3 2348 return BDADDR_LE_RANDOM;
48264f06 2349 }
0ed09148 2350
4c659c39 2351 default:
0ed09148 2352 /* Fallback to BR/EDR type */
591f47f3 2353 return BDADDR_BREDR;
4c659c39
JH		 2354 }
2355}
2356
04124681
GP		 2357static int get_connections(struct sock *sk, struct hci_dev *hdev, void *data,
2358 u16 data_len)
2784eb41 2359{
2784eb41 2360 struct mgmt_rp_get_connections *rp;
8035ded4 2361 struct hci_conn *c;
a38528f1 2362 size_t rp_len;
60fc5fb6
JH		 2363 int err;
2364 u16 i;
2784eb41
JH		 2365
2366 BT_DBG("");
2367
09fd0de5 2368 hci_dev_lock(hdev);
2784eb41 2369
5f97c1df 2370 if (!hdev_is_powered(hdev)) {
a69e8375
JH		 2371 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_GET_CONNECTIONS,
2372 MGMT_STATUS_NOT_POWERED);
5f97c1df
JH		 2373 goto unlock;
2374 }
2375
60fc5fb6 2376 i = 0;
b644ba33
JH		 2377 list_for_each_entry(c, &hdev->conn_hash.list, list) {
2378 if (test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
60fc5fb6 2379 i++;
2784eb41
JH		 2380 }
2381
60fc5fb6 2382 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
92c4c204 2383 rp = kmalloc(rp_len, GFP_KERNEL);
a38528f1 2384 if (!rp) {
2784eb41
JH		 2385 err = -ENOMEM;
2386 goto unlock;
2387 }
2388
2784eb41 2389 i = 0;
4c659c39 2390 list_for_each_entry(c, &hdev->conn_hash.list, list) {
b644ba33
JH		 2391 if (!test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
2392 continue;
4c659c39 2393 bacpy(&rp->addr[i].bdaddr, &c->dst);
57c1477c 2394 rp->addr[i].type = link_to_bdaddr(c->type, c->dst_type);
0ed09148 2395 if (c->type == SCO_LINK || c->type == ESCO_LINK)
4c659c39
JH		 2396 continue;
2397 i++;
2398 }
2399
eb55ef07 2400 rp->conn_count = cpu_to_le16(i);
60fc5fb6 2401
4c659c39
JH		 2402 /* Recalculate length in case of filtered SCO connections, etc */
2403 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
2784eb41 2404
2a1afb5a
JH		 2405 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONNECTIONS, 0, rp,
2406 rp_len);
2784eb41 2407
a38528f1 2408 kfree(rp);
5f97c1df
JH		 2409
2410unlock:
09fd0de5 2411 hci_dev_unlock(hdev);
2784eb41
JH		 2412 return err;
2413}
2414
bdb6d971 2415static int send_pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 2416 struct mgmt_cp_pin_code_neg_reply *cp)
96d97a67 2417{
3b0602cd 2418 struct mgmt_pending_cmd *cmd;
96d97a67
WR		 2419 int err;
2420
2e58ef3e 2421 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_NEG_REPLY, hdev, cp,
04124681 2422 sizeof(*cp));
96d97a67
WR		 2423 if (!cmd)
2424 return -ENOMEM;
2425
d8457698 2426 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
04124681 2427 sizeof(cp->addr.bdaddr), &cp->addr.bdaddr);
96d97a67
WR		 2428 if (err < 0)
2429 mgmt_pending_remove(cmd);
2430
2431 return err;
2432}
2433
bdb6d971 2434static int pin_code_reply(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2435 u16 len)
980e1a53 2436{
96d97a67 2437 struct hci_conn *conn;
650f726d 2438 struct mgmt_cp_pin_code_reply *cp = data;
980e1a53 2439 struct hci_cp_pin_code_reply reply;
3b0602cd 2440 struct mgmt_pending_cmd *cmd;
980e1a53
JH		 2441 int err;
2442
2443 BT_DBG("");
2444
09fd0de5 2445 hci_dev_lock(hdev);
980e1a53 2446
4b34ee78 2447 if (!hdev_is_powered(hdev)) {
a69e8375
JH		 2448 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
2449 MGMT_STATUS_NOT_POWERED);
980e1a53
JH		 2450 goto failed;
2451 }
2452
d8457698 2453 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->addr.bdaddr);
96d97a67 2454 if (!conn) {
a69e8375
JH		 2455 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
2456 MGMT_STATUS_NOT_CONNECTED);
96d97a67
WR		 2457 goto failed;
2458 }
2459
2460 if (conn->pending_sec_level == BT_SECURITY_HIGH && cp->pin_len != 16) {
d8457698
JH		 2461 struct mgmt_cp_pin_code_neg_reply ncp;
2462
2463 memcpy(&ncp.addr, &cp->addr, sizeof(ncp.addr));
96d97a67
WR		 2464
2465 BT_ERR("PIN code is not 16 bytes long");
2466
bdb6d971 2467 err = send_pin_code_neg_reply(sk, hdev, &ncp);
96d97a67 2468 if (err >= 0)
a69e8375
JH		 2469 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
2470 MGMT_STATUS_INVALID_PARAMS);
96d97a67
WR		 2471
2472 goto failed;
2473 }
2474
00abfe44 2475 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_REPLY, hdev, data, len);
366a0336
JH		 2476 if (!cmd) {
2477 err = -ENOMEM;
980e1a53 2478 goto failed;
366a0336 2479 }
980e1a53 2480
7776d1d8
JH		 2481 cmd->cmd_complete = addr_cmd_complete;
2482
d8457698 2483 bacpy(&reply.bdaddr, &cp->addr.bdaddr);
980e1a53 2484 reply.pin_len = cp->pin_len;
24718ca5 2485 memcpy(reply.pin_code, cp->pin_code, sizeof(reply.pin_code));
980e1a53
JH		 2486
2487 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_REPLY, sizeof(reply), &reply);
2488 if (err < 0)
a664b5bc 2489 mgmt_pending_remove(cmd);
980e1a53
JH		 2490
2491failed:
09fd0de5 2492 hci_dev_unlock(hdev);
980e1a53
JH		 2493 return err;
2494}
2495
04124681
GP		 2496static int set_io_capability(struct sock *sk, struct hci_dev *hdev, void *data,
2497 u16 len)
17fa4b9d 2498{
650f726d 2499 struct mgmt_cp_set_io_capability *cp = data;
17fa4b9d
JH		 2500
2501 BT_DBG("");
2502
4ec86d4c 2503 if (cp->io_capability > SMP_IO_KEYBOARD_DISPLAY)
2a1afb5a
JH		 2504 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY,
2505 MGMT_STATUS_INVALID_PARAMS, NULL, 0);
4ec86d4c 2506
09fd0de5 2507 hci_dev_lock(hdev);
17fa4b9d
JH		 2508
2509 hdev->io_capability = cp->io_capability;
2510
2511 BT_DBG("%s IO capability set to 0x%02x", hdev->name,
8ce8e2b5 2512 hdev->io_capability);
17fa4b9d 2513
09fd0de5 2514 hci_dev_unlock(hdev);
17fa4b9d 2515
2a1afb5a
JH		 2516 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY, 0,
2517 NULL, 0);
17fa4b9d
JH		 2518}
2519
3b0602cd 2520static struct mgmt_pending_cmd *find_pairing(struct hci_conn *conn)
e9a416b5
JH		 2521{
2522 struct hci_dev *hdev = conn->hdev;
3b0602cd 2523 struct mgmt_pending_cmd *cmd;
e9a416b5 2524
2e58ef3e 2525 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
e9a416b5
JH		 2526 if (cmd->opcode != MGMT_OP_PAIR_DEVICE)
2527 continue;
2528
e9a416b5
JH		 2529 if (cmd->user_data != conn)
2530 continue;
2531
2532 return cmd;
2533 }
2534
2535 return NULL;
2536}
2537
3b0602cd 2538static int pairing_complete(struct mgmt_pending_cmd *cmd, u8 status)
e9a416b5
JH		 2539{
2540 struct mgmt_rp_pair_device rp;
2541 struct hci_conn *conn = cmd->user_data;
9df74653 2542 int err;
e9a416b5 2543
61b1a7fb
JH		 2544 bacpy(&rp.addr.bdaddr, &conn->dst);
2545 rp.addr.type = link_to_bdaddr(conn->type, conn->dst_type);
e9a416b5 2546
2a1afb5a
JH		 2547 err = mgmt_cmd_complete(cmd->sk, cmd->index, MGMT_OP_PAIR_DEVICE,
2548 status, &rp, sizeof(rp));
e9a416b5
JH		 2549
2550 /* So we don't get further callbacks for this connection */
2551 conn->connect_cfm_cb = NULL;
2552 conn->security_cfm_cb = NULL;
2553 conn->disconn_cfm_cb = NULL;
2554
76a68ba0 2555 hci_conn_drop(conn);
89cbb063
AA		 2556
2557 /* The device is paired so there is no need to remove
2558 * its connection parameters anymore.
2559 */
2560 clear_bit(HCI_CONN_PARAM_REMOVAL_PEND, &conn->flags);
15013aeb
JH		 2561
2562 hci_conn_put(conn);
9df74653
JH		 2563
2564 return err;
e9a416b5
JH		 2565}
2566
f4a407be
JH		 2567void mgmt_smp_complete(struct hci_conn *conn, bool complete)
2568{
2569 u8 status = complete ? MGMT_STATUS_SUCCESS : MGMT_STATUS_FAILED;
3b0602cd 2570 struct mgmt_pending_cmd *cmd;
f4a407be
JH		 2571
2572 cmd = find_pairing(conn);
a511b35b 2573 if (cmd) {
04ab2749 2574 cmd->cmd_complete(cmd, status);
a511b35b
JH		 2575 mgmt_pending_remove(cmd);
2576 }
f4a407be
JH		 2577}
2578
e9a416b5
JH		 2579static void pairing_complete_cb(struct hci_conn *conn, u8 status)
2580{
3b0602cd 2581 struct mgmt_pending_cmd *cmd;
e9a416b5
JH		 2582
2583 BT_DBG("status %u", status);
2584
2585 cmd = find_pairing(conn);
a511b35b 2586 if (!cmd) {
e9a416b5 2587 BT_DBG("Unable to find a pending command");
a511b35b
JH		 2588 return;
2589 }
2590
2591 cmd->cmd_complete(cmd, mgmt_status(status));
2592 mgmt_pending_remove(cmd);
e9a416b5
JH		 2593}
2594
f4a407be 2595static void le_pairing_complete_cb(struct hci_conn *conn, u8 status)
4c47d739 2596{
3b0602cd 2597 struct mgmt_pending_cmd *cmd;
4c47d739
VA		 2598
2599 BT_DBG("status %u", status);
2600
2601 if (!status)
2602 return;
2603
2604 cmd = find_pairing(conn);
a511b35b 2605 if (!cmd) {
4c47d739 2606 BT_DBG("Unable to find a pending command");
a511b35b
JH		 2607 return;
2608 }
2609
2610 cmd->cmd_complete(cmd, mgmt_status(status));
2611 mgmt_pending_remove(cmd);
4c47d739
VA		 2612}
2613
bdb6d971 2614static int pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2615 u16 len)
e9a416b5 2616{
650f726d 2617 struct mgmt_cp_pair_device *cp = data;
1425acb7 2618 struct mgmt_rp_pair_device rp;
3b0602cd 2619 struct mgmt_pending_cmd *cmd;
e9a416b5
JH		 2620 u8 sec_level, auth_type;
2621 struct hci_conn *conn;
e9a416b5
JH		 2622 int err;
2623
2624 BT_DBG("");
2625
f950a30e
SJ		 2626 memset(&rp, 0, sizeof(rp));
2627 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2628 rp.addr.type = cp->addr.type;
2629
4ee71b20 2630 if (!bdaddr_type_is_valid(cp->addr.type))
2a1afb5a
JH		 2631 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2632 MGMT_STATUS_INVALID_PARAMS,
2633 &rp, sizeof(rp));
4ee71b20 2634
4ec86d4c 2635 if (cp->io_cap > SMP_IO_KEYBOARD_DISPLAY)
2a1afb5a
JH		 2636 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2637 MGMT_STATUS_INVALID_PARAMS,
2638 &rp, sizeof(rp));
4ec86d4c 2639
09fd0de5 2640 hci_dev_lock(hdev);
e9a416b5 2641
5f97c1df 2642 if (!hdev_is_powered(hdev)) {
2a1afb5a
JH		 2643 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2644 MGMT_STATUS_NOT_POWERED, &rp,
2645 sizeof(rp));
5f97c1df
JH		 2646 goto unlock;
2647 }
2648
55e76b38
JH		 2649 if (hci_bdaddr_is_paired(hdev, &cp->addr.bdaddr, cp->addr.type)) {
2650 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2651 MGMT_STATUS_ALREADY_PAIRED, &rp,
2652 sizeof(rp));
2653 goto unlock;
2654 }
2655
c908df36 2656 sec_level = BT_SECURITY_MEDIUM;
6fd6b915 2657 auth_type = HCI_AT_DEDICATED_BONDING;
e9a416b5 2658
6f77d8c7 2659 if (cp->addr.type == BDADDR_BREDR) {
04a6c589
AG		 2660 conn = hci_connect_acl(hdev, &cp->addr.bdaddr, sec_level,
2661 auth_type);
6f77d8c7 2662 } else {
85813a7e 2663 u8 addr_type = le_addr_type(cp->addr.type);
5157b8a5 2664 struct hci_conn_params *p;
6f77d8c7 2665
7c264b10
MH		 2666 /* When pairing a new device, it is expected to remember
2667 * this device for future connections. Adding the connection
2668 * parameter information ahead of time allows tracking
2669 * of the slave preferred values and will speed up any
2670 * further connection establishment.
2671 *
2672 * If connection parameters already exist, then they
2673 * will be kept and this function does nothing.
2674 */
5157b8a5
JP		 2675 p = hci_conn_params_add(hdev, &cp->addr.bdaddr, addr_type);
2676
2677 if (p->auto_connect == HCI_AUTO_CONN_EXPLICIT)
2678 p->auto_connect = HCI_AUTO_CONN_DISABLED;
7c264b10 2679
fa142220
JP		 2680 conn = hci_connect_le_scan(hdev, &cp->addr.bdaddr,
2681 addr_type, sec_level,
0ad06aa6 2682 HCI_LE_CONN_TIMEOUT);
6f77d8c7 2683 }
7a512d01 2684
30e76272 2685 if (IS_ERR(conn)) {
489dc48e
AK		 2686 int status;
2687
2688 if (PTR_ERR(conn) == -EBUSY)
2689 status = MGMT_STATUS_BUSY;
faa81030
LR		 2690 else if (PTR_ERR(conn) == -EOPNOTSUPP)
2691 status = MGMT_STATUS_NOT_SUPPORTED;
2692 else if (PTR_ERR(conn) == -ECONNREFUSED)
2693 status = MGMT_STATUS_REJECTED;
489dc48e
AK		 2694 else
2695 status = MGMT_STATUS_CONNECT_FAILED;
2696
2a1afb5a
JH		 2697 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2698 status, &rp, sizeof(rp));
e9a416b5
JH		 2699 goto unlock;
2700 }
2701
2702 if (conn->connect_cfm_cb) {
76a68ba0 2703 hci_conn_drop(conn);
2a1afb5a
JH		 2704 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2705 MGMT_STATUS_BUSY, &rp, sizeof(rp));
e9a416b5
JH		 2706 goto unlock;
2707 }
2708
2e58ef3e 2709 cmd = mgmt_pending_add(sk, MGMT_OP_PAIR_DEVICE, hdev, data, len);
e9a416b5
JH		 2710 if (!cmd) {
2711 err = -ENOMEM;
76a68ba0 2712 hci_conn_drop(conn);
e9a416b5
JH		 2713 goto unlock;
2714 }
2715
04ab2749
JH		 2716 cmd->cmd_complete = pairing_complete;
2717
7a512d01 2718 /* For LE, just connecting isn't a proof that the pairing finished */
f4a407be 2719 if (cp->addr.type == BDADDR_BREDR) {
7a512d01 2720 conn->connect_cfm_cb = pairing_complete_cb;
f4a407be
JH		 2721 conn->security_cfm_cb = pairing_complete_cb;
2722 conn->disconn_cfm_cb = pairing_complete_cb;
2723 } else {
2724 conn->connect_cfm_cb = le_pairing_complete_cb;
2725 conn->security_cfm_cb = le_pairing_complete_cb;
2726 conn->disconn_cfm_cb = le_pairing_complete_cb;
2727 }
7a512d01 2728
e9a416b5 2729 conn->io_capability = cp->io_cap;
f8aaf9b6 2730 cmd->user_data = hci_conn_get(conn);
e9a416b5 2731
6f78fd4b 2732 if ((conn->state == BT_CONNECTED || conn->state == BT_CONFIG) &&
a511b35b
JH		 2733 hci_conn_security(conn, sec_level, auth_type, true)) {
2734 cmd->cmd_complete(cmd, 0);
2735 mgmt_pending_remove(cmd);
2736 }
e9a416b5
JH		 2737
2738 err = 0;
2739
2740unlock:
09fd0de5 2741 hci_dev_unlock(hdev);
e9a416b5
JH		 2742 return err;
2743}
2744
04124681
GP		 2745static int cancel_pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
2746 u16 len)
28424707 2747{
0f4e68cf 2748 struct mgmt_addr_info *addr = data;
3b0602cd 2749 struct mgmt_pending_cmd *cmd;
28424707
JH		 2750 struct hci_conn *conn;
2751 int err;
2752
2753 BT_DBG("");
2754
28424707
JH		 2755 hci_dev_lock(hdev);
2756
5f97c1df 2757 if (!hdev_is_powered(hdev)) {
a69e8375
JH		 2758 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
2759 MGMT_STATUS_NOT_POWERED);
5f97c1df
JH		 2760 goto unlock;
2761 }
2762
333ae95d 2763 cmd = pending_find(MGMT_OP_PAIR_DEVICE, hdev);
28424707 2764 if (!cmd) {
a69e8375
JH		 2765 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
2766 MGMT_STATUS_INVALID_PARAMS);
28424707
JH		 2767 goto unlock;
2768 }
2769
2770 conn = cmd->user_data;
2771
2772 if (bacmp(&addr->bdaddr, &conn->dst) != 0) {
a69e8375
JH		 2773 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
2774 MGMT_STATUS_INVALID_PARAMS);
28424707
JH		 2775 goto unlock;
2776 }
2777
a511b35b
JH		 2778 cmd->cmd_complete(cmd, MGMT_STATUS_CANCELLED);
2779 mgmt_pending_remove(cmd);
28424707 2780
2a1afb5a
JH		 2781 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE, 0,
2782 addr, sizeof(*addr));
28424707
JH		 2783unlock:
2784 hci_dev_unlock(hdev);
28424707
JH		 2785 return err;
2786}
2787
bdb6d971 2788static int user_pairing_resp(struct sock *sk, struct hci_dev *hdev,
1707c60e 2789 struct mgmt_addr_info *addr, u16 mgmt_op,
04124681 2790 u16 hci_op, __le32 passkey)
a5c29683 2791{
3b0602cd 2792 struct mgmt_pending_cmd *cmd;
0df4c185 2793 struct hci_conn *conn;
a5c29683
JH		 2794 int err;
2795
09fd0de5 2796 hci_dev_lock(hdev);
08ba5382 2797
4b34ee78 2798 if (!hdev_is_powered(hdev)) {
2a1afb5a
JH		 2799 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op,
2800 MGMT_STATUS_NOT_POWERED, addr,
2801 sizeof(*addr));
0df4c185 2802 goto done;
a5c29683
JH		 2803 }
2804
1707c60e
JH		 2805 if (addr->type == BDADDR_BREDR)
2806 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &addr->bdaddr);
272d90df 2807 else
9d4c1cc1
JH		 2808 conn = hci_conn_hash_lookup_le(hdev, &addr->bdaddr,
2809 le_addr_type(addr->type));
272d90df
JH		 2810
2811 if (!conn) {
2a1afb5a
JH		 2812 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op,
2813 MGMT_STATUS_NOT_CONNECTED, addr,
2814 sizeof(*addr));
272d90df
JH		 2815 goto done;
2816 }
47c15e2b 2817
1707c60e 2818 if (addr->type == BDADDR_LE_PUBLIC || addr->type == BDADDR_LE_RANDOM) {
5fe57d9e 2819 err = smp_user_confirm_reply(conn, mgmt_op, passkey);
5fe57d9e 2820 if (!err)
2a1afb5a
JH		 2821 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op,
2822 MGMT_STATUS_SUCCESS, addr,
2823 sizeof(*addr));
5fe57d9e 2824 else
2a1afb5a
JH		 2825 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op,
2826 MGMT_STATUS_FAILED, addr,
2827 sizeof(*addr));
47c15e2b 2828
47c15e2b
BG		 2829 goto done;
2830 }
2831
1707c60e 2832 cmd = mgmt_pending_add(sk, mgmt_op, hdev, addr, sizeof(*addr));
a5c29683
JH		 2833 if (!cmd) {
2834 err = -ENOMEM;
0df4c185 2835 goto done;
a5c29683
JH		 2836 }
2837
7776d1d8
JH		 2838 cmd->cmd_complete = addr_cmd_complete;
2839
0df4c185 2840 /* Continue with pairing via HCI */
604086b7
BG		 2841 if (hci_op == HCI_OP_USER_PASSKEY_REPLY) {
2842 struct hci_cp_user_passkey_reply cp;
2843
1707c60e 2844 bacpy(&cp.bdaddr, &addr->bdaddr);
604086b7
BG		 2845 cp.passkey = passkey;
2846 err = hci_send_cmd(hdev, hci_op, sizeof(cp), &cp);
2847 } else
1707c60e
JH		 2848 err = hci_send_cmd(hdev, hci_op, sizeof(addr->bdaddr),
2849 &addr->bdaddr);
604086b7 2850
a664b5bc
JH		 2851 if (err < 0)
2852 mgmt_pending_remove(cmd);
a5c29683 2853
0df4c185 2854done:
09fd0de5 2855 hci_dev_unlock(hdev);
a5c29683
JH		 2856 return err;
2857}
2858
afeb019d
JK		 2859static int pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
2860 void *data, u16 len)
2861{
2862 struct mgmt_cp_pin_code_neg_reply *cp = data;
2863
2864 BT_DBG("");
2865
1707c60e 2866 return user_pairing_resp(sk, hdev, &cp->addr,
afeb019d
JK		 2867 MGMT_OP_PIN_CODE_NEG_REPLY,
2868 HCI_OP_PIN_CODE_NEG_REPLY, 0);
2869}
2870
04124681
GP		 2871static int user_confirm_reply(struct sock *sk, struct hci_dev *hdev, void *data,
2872 u16 len)
0df4c185 2873{
650f726d 2874 struct mgmt_cp_user_confirm_reply *cp = data;
0df4c185
BG		 2875
2876 BT_DBG("");
2877
2878 if (len != sizeof(*cp))
a69e8375
JH		 2879 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_USER_CONFIRM_REPLY,
2880 MGMT_STATUS_INVALID_PARAMS);
0df4c185 2881
1707c60e 2882 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 2883 MGMT_OP_USER_CONFIRM_REPLY,
2884 HCI_OP_USER_CONFIRM_REPLY, 0);
0df4c185
BG		 2885}
2886
bdb6d971 2887static int user_confirm_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 2888 void *data, u16 len)
0df4c185 2889{
c9c2659f 2890 struct mgmt_cp_user_confirm_neg_reply *cp = data;
0df4c185
BG		 2891
2892 BT_DBG("");
2893
1707c60e 2894 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 2895 MGMT_OP_USER_CONFIRM_NEG_REPLY,
2896 HCI_OP_USER_CONFIRM_NEG_REPLY, 0);
0df4c185
BG		 2897}
2898
04124681
GP		 2899static int user_passkey_reply(struct sock *sk, struct hci_dev *hdev, void *data,
2900 u16 len)
604086b7 2901{
650f726d 2902 struct mgmt_cp_user_passkey_reply *cp = data;
604086b7
BG		 2903
2904 BT_DBG("");
2905
1707c60e 2906 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 2907 MGMT_OP_USER_PASSKEY_REPLY,
2908 HCI_OP_USER_PASSKEY_REPLY, cp->passkey);
604086b7
BG		 2909}
2910
bdb6d971 2911static int user_passkey_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 2912 void *data, u16 len)
604086b7 2913{
650f726d 2914 struct mgmt_cp_user_passkey_neg_reply *cp = data;
604086b7
BG		 2915
2916 BT_DBG("");
2917
1707c60e 2918 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 2919 MGMT_OP_USER_PASSKEY_NEG_REPLY,
2920 HCI_OP_USER_PASSKEY_NEG_REPLY, 0);
604086b7
BG		 2921}
2922
1904a853 2923static void set_name_complete(struct hci_dev *hdev, u8 status, u16 opcode)
13928971
JH		 2924{
2925 struct mgmt_cp_set_local_name *cp;
3b0602cd 2926 struct mgmt_pending_cmd *cmd;
13928971
JH		 2927
2928 BT_DBG("status 0x%02x", status);
2929
2930 hci_dev_lock(hdev);
2931
333ae95d 2932 cmd = pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
13928971
JH		 2933 if (!cmd)
2934 goto unlock;
2935
2936 cp = cmd->param;
2937
2938 if (status)
a69e8375
JH		 2939 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME,
2940 mgmt_status(status));
13928971 2941 else
2a1afb5a
JH		 2942 mgmt_cmd_complete(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
2943 cp, sizeof(*cp));
13928971
JH		 2944
2945 mgmt_pending_remove(cmd);
2946
2947unlock:
2948 hci_dev_unlock(hdev);
2949}
2950
bdb6d971 2951static int set_local_name(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2952 u16 len)
b312b161 2953{
2b4bf397 2954 struct mgmt_cp_set_local_name *cp = data;
3b0602cd 2955 struct mgmt_pending_cmd *cmd;
890ea898 2956 struct hci_request req;
b312b161
JH		 2957 int err;
2958
2959 BT_DBG("");
2960
09fd0de5 2961 hci_dev_lock(hdev);
b312b161 2962
b3f2ca94
JH		 2963 /* If the old values are the same as the new ones just return a
2964 * direct command complete event.
2965 */
2966 if (!memcmp(hdev->dev_name, cp->name, sizeof(hdev->dev_name)) &&
2967 !memcmp(hdev->short_name, cp->short_name,
2968 sizeof(hdev->short_name))) {
2a1afb5a
JH		 2969 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
2970 data, len);
b3f2ca94
JH		 2971 goto failed;
2972 }
2973
2b4bf397 2974 memcpy(hdev->short_name, cp->short_name, sizeof(hdev->short_name));
28cc7bde 2975
b5235a65 2976 if (!hdev_is_powered(hdev)) {
2b4bf397 2977 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
28cc7bde 2978
2a1afb5a
JH		 2979 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
2980 data, len);
28cc7bde
JH		 2981 if (err < 0)
2982 goto failed;
2983
f6b7712e
MH		 2984 err = mgmt_generic_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev,
2985 data, len, sk);
28cc7bde 2986
b5235a65
JH		 2987 goto failed;
2988 }
2989
28cc7bde 2990 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LOCAL_NAME, hdev, data, len);
b312b161
JH		 2991 if (!cmd) {
2992 err = -ENOMEM;
2993 goto failed;
2994 }
2995
13928971
JH		 2996 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
2997
890ea898 2998 hci_req_init(&req, hdev);
3f985050
JH		 2999
3000 if (lmp_bredr_capable(hdev)) {
00cf5040 3001 __hci_req_update_name(&req);
b1a8917c 3002 __hci_req_update_eir(&req);
3f985050
JH		 3003 }
3004
7a5f4990
MH		 3005 /* The name is stored in the scan response data and so
3006 * no need to udpate the advertising data here.
3007 */
3f985050 3008 if (lmp_le_capable(hdev))
f2252570 3009 __hci_req_update_scan_rsp_data(&req, HCI_ADV_CURRENT);
3f985050 3010
13928971 3011 err = hci_req_run(&req, set_name_complete);
b312b161
JH		 3012 if (err < 0)
3013 mgmt_pending_remove(cmd);
3014
3015failed:
09fd0de5 3016 hci_dev_unlock(hdev);
b312b161
JH		 3017 return err;
3018}
3019
1b9441f8
JH		 3020static void read_local_oob_data_complete(struct hci_dev *hdev, u8 status,
3021 u16 opcode, struct sk_buff *skb)
3022{
3023 struct mgmt_rp_read_local_oob_data mgmt_rp;
3024 size_t rp_size = sizeof(mgmt_rp);
3025 struct mgmt_pending_cmd *cmd;
3026
3027 BT_DBG("%s status %u", hdev->name, status);
3028
3029 cmd = pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev);
3030 if (!cmd)
3031 return;
3032
3033 if (status || !skb) {
3034 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3035 status ? mgmt_status(status) : MGMT_STATUS_FAILED);
3036 goto remove;
3037 }
3038
3039 memset(&mgmt_rp, 0, sizeof(mgmt_rp));
3040
3041 if (opcode == HCI_OP_READ_LOCAL_OOB_DATA) {
3042 struct hci_rp_read_local_oob_data *rp = (void *) skb->data;
3043
3044 if (skb->len < sizeof(*rp)) {
3045 mgmt_cmd_status(cmd->sk, hdev->id,
3046 MGMT_OP_READ_LOCAL_OOB_DATA,
3047 MGMT_STATUS_FAILED);
3048 goto remove;
3049 }
3050
3051 memcpy(mgmt_rp.hash192, rp->hash, sizeof(rp->hash));
3052 memcpy(mgmt_rp.rand192, rp->rand, sizeof(rp->rand));
3053
3054 rp_size -= sizeof(mgmt_rp.hash256) + sizeof(mgmt_rp.rand256);
3055 } else {
3056 struct hci_rp_read_local_oob_ext_data *rp = (void *) skb->data;
3057
3058 if (skb->len < sizeof(*rp)) {
3059 mgmt_cmd_status(cmd->sk, hdev->id,
3060 MGMT_OP_READ_LOCAL_OOB_DATA,
3061 MGMT_STATUS_FAILED);
3062 goto remove;
3063 }
3064
3065 memcpy(mgmt_rp.hash192, rp->hash192, sizeof(rp->hash192));
3066 memcpy(mgmt_rp.rand192, rp->rand192, sizeof(rp->rand192));
3067
3068 memcpy(mgmt_rp.hash256, rp->hash256, sizeof(rp->hash256));
3069 memcpy(mgmt_rp.rand256, rp->rand256, sizeof(rp->rand256));
3070 }
3071
3072 mgmt_cmd_complete(cmd->sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3073 MGMT_STATUS_SUCCESS, &mgmt_rp, rp_size);
3074
3075remove:
3076 mgmt_pending_remove(cmd);
3077}
3078
0f4e68cf 3079static int read_local_oob_data(struct sock *sk, struct hci_dev *hdev,
04124681 3080 void *data, u16 data_len)
c35938b2 3081{
3b0602cd 3082 struct mgmt_pending_cmd *cmd;
1b9441f8 3083 struct hci_request req;
c35938b2
SJ		 3084 int err;
3085
bdb6d971 3086 BT_DBG("%s", hdev->name);
c35938b2 3087
09fd0de5 3088 hci_dev_lock(hdev);
c35938b2 3089
4b34ee78 3090 if (!hdev_is_powered(hdev)) {
a69e8375
JH		 3091 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3092 MGMT_STATUS_NOT_POWERED);
c35938b2
SJ		 3093 goto unlock;
3094 }
3095
9a1a1996 3096 if (!lmp_ssp_capable(hdev)) {
a69e8375
JH		 3097 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3098 MGMT_STATUS_NOT_SUPPORTED);
c35938b2
SJ		 3099 goto unlock;
3100 }
3101
333ae95d 3102 if (pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev)) {
a69e8375
JH		 3103 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3104 MGMT_STATUS_BUSY);
c35938b2
SJ		 3105 goto unlock;
3106 }
3107
2e58ef3e 3108 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_DATA, hdev, NULL, 0);
c35938b2
SJ		 3109 if (!cmd) {
3110 err = -ENOMEM;
3111 goto unlock;
3112 }
3113
1b9441f8
JH		 3114 hci_req_init(&req, hdev);
3115
710f11c0 3116 if (bredr_sc_enabled(hdev))
1b9441f8 3117 hci_req_add(&req, HCI_OP_READ_LOCAL_OOB_EXT_DATA, 0, NULL);
4d2d2796 3118 else
1b9441f8 3119 hci_req_add(&req, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL);
4d2d2796 3120
1b9441f8 3121 err = hci_req_run_skb(&req, read_local_oob_data_complete);
c35938b2
SJ		 3122 if (err < 0)
3123 mgmt_pending_remove(cmd);
3124
3125unlock:
09fd0de5 3126 hci_dev_unlock(hdev);
c35938b2
SJ		 3127 return err;
3128}
3129
bdb6d971 3130static int add_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
04124681 3131 void *data, u16 len)
2763eda6 3132{
5d57e796 3133 struct mgmt_addr_info *addr = data;
2763eda6
SJ		 3134 int err;
3135
bdb6d971 3136 BT_DBG("%s ", hdev->name);
2763eda6 3137
5d57e796 3138 if (!bdaddr_type_is_valid(addr->type))
2a1afb5a
JH		 3139 return mgmt_cmd_complete(sk, hdev->id,
3140 MGMT_OP_ADD_REMOTE_OOB_DATA,
3141 MGMT_STATUS_INVALID_PARAMS,
3142 addr, sizeof(*addr));
5d57e796 3143
09fd0de5 3144 hci_dev_lock(hdev);
2763eda6 3145
ec109113
MH		 3146 if (len == MGMT_ADD_REMOTE_OOB_DATA_SIZE) {
3147 struct mgmt_cp_add_remote_oob_data *cp = data;
3148 u8 status;
bf1e3541 3149
c19a495c 3150 if (cp->addr.type != BDADDR_BREDR) {
2a1afb5a
JH		 3151 err = mgmt_cmd_complete(sk, hdev->id,
3152 MGMT_OP_ADD_REMOTE_OOB_DATA,
3153 MGMT_STATUS_INVALID_PARAMS,
3154 &cp->addr, sizeof(cp->addr));
c19a495c
JH		 3155 goto unlock;
3156 }
3157
ec109113 3158 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr,
6928a924
JH		 3159 cp->addr.type, cp->hash,
3160 cp->rand, NULL, NULL);
ec109113
MH		 3161 if (err < 0)
3162 status = MGMT_STATUS_FAILED;
3163 else
3164 status = MGMT_STATUS_SUCCESS;
3165
2a1afb5a
JH		 3166 err = mgmt_cmd_complete(sk, hdev->id,
3167 MGMT_OP_ADD_REMOTE_OOB_DATA, status,
3168 &cp->addr, sizeof(cp->addr));
ec109113
MH		 3169 } else if (len == MGMT_ADD_REMOTE_OOB_EXT_DATA_SIZE) {
3170 struct mgmt_cp_add_remote_oob_ext_data *cp = data;
41bcfd50 3171 u8 *rand192, *hash192, *rand256, *hash256;
ec109113
MH		 3172 u8 status;
3173
86df9200 3174 if (bdaddr_type_is_le(cp->addr.type)) {
d25b78e2
JH		 3175 /* Enforce zero-valued 192-bit parameters as
3176 * long as legacy SMP OOB isn't implemented.
3177 */
3178 if (memcmp(cp->rand192, ZERO_KEY, 16) ||
3179 memcmp(cp->hash192, ZERO_KEY, 16)) {
2a1afb5a
JH		 3180 err = mgmt_cmd_complete(sk, hdev->id,
3181 MGMT_OP_ADD_REMOTE_OOB_DATA,
3182 MGMT_STATUS_INVALID_PARAMS,
3183 addr, sizeof(*addr));
d25b78e2
JH		 3184 goto unlock;
3185 }
3186
86df9200
JH		 3187 rand192 = NULL;
3188 hash192 = NULL;
3189 } else {
41bcfd50
MH		 3190 /* In case one of the P-192 values is set to zero,
3191 * then just disable OOB data for P-192.
3192 */
3193 if (!memcmp(cp->rand192, ZERO_KEY, 16) ||
3194 !memcmp(cp->hash192, ZERO_KEY, 16)) {
3195 rand192 = NULL;
3196 hash192 = NULL;
3197 } else {
3198 rand192 = cp->rand192;
3199 hash192 = cp->hash192;
3200 }
3201 }
3202
3203 /* In case one of the P-256 values is set to zero, then just
3204 * disable OOB data for P-256.
3205 */
3206 if (!memcmp(cp->rand256, ZERO_KEY, 16) ||
3207 !memcmp(cp->hash256, ZERO_KEY, 16)) {
3208 rand256 = NULL;
3209 hash256 = NULL;
3210 } else {
3211 rand256 = cp->rand256;
3212 hash256 = cp->hash256;
86df9200
JH		 3213 }
3214
81328d5c 3215 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr,
86df9200 3216 cp->addr.type, hash192, rand192,
41bcfd50 3217 hash256, rand256);
ec109113
MH		 3218 if (err < 0)
3219 status = MGMT_STATUS_FAILED;
3220 else
3221 status = MGMT_STATUS_SUCCESS;
3222
2a1afb5a
JH		 3223 err = mgmt_cmd_complete(sk, hdev->id,
3224 MGMT_OP_ADD_REMOTE_OOB_DATA,
3225 status, &cp->addr, sizeof(cp->addr));
ec109113
MH		 3226 } else {
3227 BT_ERR("add_remote_oob_data: invalid length of %u bytes", len);
a69e8375
JH		 3228 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA,
3229 MGMT_STATUS_INVALID_PARAMS);
ec109113 3230 }
2763eda6 3231
c19a495c 3232unlock:
09fd0de5 3233 hci_dev_unlock(hdev);
2763eda6
SJ		 3234 return err;
3235}
3236
bdb6d971 3237static int remove_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
8ce8e2b5 3238 void *data, u16 len)
2763eda6 3239{
650f726d 3240 struct mgmt_cp_remove_remote_oob_data *cp = data;
bf1e3541 3241 u8 status;
2763eda6
SJ		 3242 int err;
3243
bdb6d971 3244 BT_DBG("%s", hdev->name);
2763eda6 3245
c19a495c 3246 if (cp->addr.type != BDADDR_BREDR)
2a1afb5a
JH		 3247 return mgmt_cmd_complete(sk, hdev->id,
3248 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
3249 MGMT_STATUS_INVALID_PARAMS,
3250 &cp->addr, sizeof(cp->addr));
c19a495c 3251
09fd0de5 3252 hci_dev_lock(hdev);
2763eda6 3253
eedbd581
JH		 3254 if (!bacmp(&cp->addr.bdaddr, BDADDR_ANY)) {
3255 hci_remote_oob_data_clear(hdev);
3256 status = MGMT_STATUS_SUCCESS;
3257 goto done;
3258 }
3259
6928a924 3260 err = hci_remove_remote_oob_data(hdev, &cp->addr.bdaddr, cp->addr.type);
2763eda6 3261 if (err < 0)
bf1e3541 3262 status = MGMT_STATUS_INVALID_PARAMS;
2763eda6 3263 else
a6785be2 3264 status = MGMT_STATUS_SUCCESS;
bf1e3541 3265
eedbd581 3266done:
2a1afb5a
JH		 3267 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
3268 status, &cp->addr, sizeof(cp->addr));
2763eda6 3269
09fd0de5 3270 hci_dev_unlock(hdev);
2763eda6
SJ		 3271 return err;
3272}
3273
e68f072b 3274void mgmt_start_discovery_complete(struct hci_dev *hdev, u8 status)
7c307720 3275{
3b0602cd 3276 struct mgmt_pending_cmd *cmd;
ae55f598 3277
7c307720
AG		 3278 BT_DBG("status %d", status);
3279
11e6e25d 3280 hci_dev_lock(hdev);
41dc2bd6 3281
333ae95d 3282 cmd = pending_find(MGMT_OP_START_DISCOVERY, hdev);
66ea9427 3283 if (!cmd)
333ae95d 3284 cmd = pending_find(MGMT_OP_START_SERVICE_DISCOVERY, hdev);
66ea9427 3285
11e6e25d 3286 if (cmd) {
2922a94f 3287 cmd->cmd_complete(cmd, mgmt_status(status));
11e6e25d
MH		 3288 mgmt_pending_remove(cmd);
3289 }
7c307720 3290
11e6e25d 3291 hci_dev_unlock(hdev);
7c307720
AG		 3292}
3293
591752af
JH		 3294static bool discovery_type_is_valid(struct hci_dev *hdev, uint8_t type,
3295 uint8_t *mgmt_status)
3296{
3297 switch (type) {
3298 case DISCOV_TYPE_LE:
3299 *mgmt_status = mgmt_le_support(hdev);
3300 if (*mgmt_status)
3301 return false;
3302 break;
3303 case DISCOV_TYPE_INTERLEAVED:
3304 *mgmt_status = mgmt_le_support(hdev);
3305 if (*mgmt_status)
3306 return false;
3307 /* Intentional fall-through */
3308 case DISCOV_TYPE_BREDR:
3309 *mgmt_status = mgmt_bredr_support(hdev);
3310 if (*mgmt_status)
3311 return false;
3312 break;
3313 default:
3314 *mgmt_status = MGMT_STATUS_INVALID_PARAMS;
3315 return false;
3316 }
3317
3318 return true;
3319}
3320
bdb6d971 3321static int start_discovery(struct sock *sk, struct hci_dev *hdev,
04124681 3322 void *data, u16 len)
14a53664 3323{
650f726d 3324 struct mgmt_cp_start_discovery *cp = data;
3b0602cd 3325 struct mgmt_pending_cmd *cmd;
8019044d 3326 u8 status;
14a53664
JH		 3327 int err;
3328
bdb6d971 3329 BT_DBG("%s", hdev->name);
14a53664 3330
09fd0de5 3331 hci_dev_lock(hdev);
14a53664 3332
4b34ee78 3333 if (!hdev_is_powered(hdev)) {
2a1afb5a
JH		 3334 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3335 MGMT_STATUS_NOT_POWERED,
3336 &cp->type, sizeof(cp->type));
bd2d1334
JH		 3337 goto failed;
3338 }
3339
f5a969f2 3340 if (hdev->discovery.state != DISCOVERY_STOPPED ||
d7a5a11d 3341 hci_dev_test_flag(hdev, HCI_PERIODIC_INQ)) {
2a1afb5a
JH		 3342 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3343 MGMT_STATUS_BUSY, &cp->type,
3344 sizeof(cp->type));
642be6c7
AG		 3345 goto failed;
3346 }
3347
591752af
JH		 3348 if (!discovery_type_is_valid(hdev, cp->type, &status)) {
3349 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3350 status, &cp->type, sizeof(cp->type));
3351 goto failed;
3352 }
3353
22078800
MH		 3354 /* Clear the discovery filter first to free any previously
3355 * allocated memory for the UUID list.
3356 */
3357 hci_discovery_filter_clear(hdev);
3358
4aab14e5 3359 hdev->discovery.type = cp->type;
da25cf6a 3360 hdev->discovery.report_invalid_rssi = false;
4aab14e5 3361
e68f072b
JH		 3362 cmd = mgmt_pending_add(sk, MGMT_OP_START_DISCOVERY, hdev, data, len);
3363 if (!cmd) {
3364 err = -ENOMEM;
04106755 3365 goto failed;
f39799f5 3366 }
04106755 3367
e68f072b 3368 cmd->cmd_complete = generic_cmd_complete;
7c307720 3369
f5a969f2 3370 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
e68f072b
JH		 3371 queue_work(hdev->req_workqueue, &hdev->discov_update);
3372 err = 0;
7c307720 3373
14a53664 3374failed:
09fd0de5 3375 hci_dev_unlock(hdev);
14a53664
JH		 3376 return err;
3377}
f39799f5 3378
3b0602cd
JH		 3379static int service_discovery_cmd_complete(struct mgmt_pending_cmd *cmd,
3380 u8 status)
2922a94f 3381{
2a1afb5a
JH		 3382 return mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, status,
3383 cmd->param, 1);
2922a94f 3384}
04106755 3385
66ea9427
JP		 3386static int start_service_discovery(struct sock *sk, struct hci_dev *hdev,
3387 void *data, u16 len)
3388{
3389 struct mgmt_cp_start_service_discovery *cp = data;
3b0602cd 3390 struct mgmt_pending_cmd *cmd;
66ea9427
JP		 3391 const u16 max_uuid_count = ((U16_MAX - sizeof(*cp)) / 16);
3392 u16 uuid_count, expected_len;
3393 u8 status;
3394 int err;
04106755 3395
66ea9427 3396 BT_DBG("%s", hdev->name);
e8bb6b97 3397
66ea9427 3398 hci_dev_lock(hdev);
7c307720 3399
66ea9427 3400 if (!hdev_is_powered(hdev)) {
2a1afb5a
JH		 3401 err = mgmt_cmd_complete(sk, hdev->id,
3402 MGMT_OP_START_SERVICE_DISCOVERY,
3403 MGMT_STATUS_NOT_POWERED,
3404 &cp->type, sizeof(cp->type));
66ea9427
JP		 3405 goto failed;
3406 }
7c307720 3407
66ea9427 3408 if (hdev->discovery.state != DISCOVERY_STOPPED ||
d7a5a11d 3409 hci_dev_test_flag(hdev, HCI_PERIODIC_INQ)) {
2a1afb5a
JH		 3410 err = mgmt_cmd_complete(sk, hdev->id,
3411 MGMT_OP_START_SERVICE_DISCOVERY,
3412 MGMT_STATUS_BUSY, &cp->type,
3413 sizeof(cp->type));
66ea9427
JP		 3414 goto failed;
3415 }
d9483943 3416
66ea9427
JP		 3417 uuid_count = __le16_to_cpu(cp->uuid_count);
3418 if (uuid_count > max_uuid_count) {
3419 BT_ERR("service_discovery: too big uuid_count value %u",
3420 uuid_count);
2a1afb5a
JH		 3421 err = mgmt_cmd_complete(sk, hdev->id,
3422 MGMT_OP_START_SERVICE_DISCOVERY,
3423 MGMT_STATUS_INVALID_PARAMS, &cp->type,
3424 sizeof(cp->type));
66ea9427
JP		 3425 goto failed;
3426 }
3427
3428 expected_len = sizeof(*cp) + uuid_count * 16;
3429 if (expected_len != len) {
3430 BT_ERR("service_discovery: expected %u bytes, got %u bytes",
3431 expected_len, len);
2a1afb5a
JH		 3432 err = mgmt_cmd_complete(sk, hdev->id,
3433 MGMT_OP_START_SERVICE_DISCOVERY,
3434 MGMT_STATUS_INVALID_PARAMS, &cp->type,
3435 sizeof(cp->type));
66ea9427
JP		 3436 goto failed;
3437 }
3438
591752af
JH		 3439 if (!discovery_type_is_valid(hdev, cp->type, &status)) {
3440 err = mgmt_cmd_complete(sk, hdev->id,
3441 MGMT_OP_START_SERVICE_DISCOVERY,
3442 status, &cp->type, sizeof(cp->type));
3443 goto failed;
3444 }
3445
66ea9427 3446 cmd = mgmt_pending_add(sk, MGMT_OP_START_SERVICE_DISCOVERY,
2922a94f 3447 hdev, data, len);
66ea9427
JP		 3448 if (!cmd) {
3449 err = -ENOMEM;
3450 goto failed;
3451 }
3452
2922a94f
JH		 3453 cmd->cmd_complete = service_discovery_cmd_complete;
3454
22078800
MH		 3455 /* Clear the discovery filter first to free any previously
3456 * allocated memory for the UUID list.
3457 */
3458 hci_discovery_filter_clear(hdev);
3459
82f8b651 3460 hdev->discovery.result_filtering = true;
66ea9427
JP		 3461 hdev->discovery.type = cp->type;
3462 hdev->discovery.rssi = cp->rssi;
3463 hdev->discovery.uuid_count = uuid_count;
3464
3465 if (uuid_count > 0) {
3466 hdev->discovery.uuids = kmemdup(cp->uuids, uuid_count * 16,
3467 GFP_KERNEL);
3468 if (!hdev->discovery.uuids) {
2a1afb5a
JH		 3469 err = mgmt_cmd_complete(sk, hdev->id,
3470 MGMT_OP_START_SERVICE_DISCOVERY,
3471 MGMT_STATUS_FAILED,
3472 &cp->type, sizeof(cp->type));
d9483943
JH		 3473 mgmt_pending_remove(cmd);
3474 goto failed;
3475 }
66ea9427 3476 }
d9483943 3477
66ea9427 3478 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
e68f072b
JH		 3479 queue_work(hdev->req_workqueue, &hdev->discov_update);
3480 err = 0;
14a53664
JH		 3481
3482failed:
09fd0de5 3483 hci_dev_unlock(hdev);
14a53664
JH		 3484 return err;
3485}
3486
2154d3f4 3487void mgmt_stop_discovery_complete(struct hci_dev *hdev, u8 status)
1183fdca 3488{
3b0602cd 3489 struct mgmt_pending_cmd *cmd;
1183fdca 3490
0e05bba6
AG		 3491 BT_DBG("status %d", status);
3492
3493 hci_dev_lock(hdev);
3494
333ae95d 3495 cmd = pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
11e6e25d 3496 if (cmd) {
2922a94f 3497 cmd->cmd_complete(cmd, mgmt_status(status));
11e6e25d 3498 mgmt_pending_remove(cmd);
0e05bba6
AG		 3499 }
3500
0e05bba6
AG		 3501 hci_dev_unlock(hdev);
3502}
3503
bdb6d971 3504static int stop_discovery(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3505 u16 len)
14a53664 3506{
d930650b 3507 struct mgmt_cp_stop_discovery *mgmt_cp = data;
3b0602cd 3508 struct mgmt_pending_cmd *cmd;
14a53664
JH		 3509 int err;
3510
bdb6d971 3511 BT_DBG("%s", hdev->name);
14a53664 3512
09fd0de5 3513 hci_dev_lock(hdev);
14a53664 3514
30dc78e1 3515 if (!hci_discovery_active(hdev)) {
2a1afb5a
JH		 3516 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
3517 MGMT_STATUS_REJECTED, &mgmt_cp->type,
3518 sizeof(mgmt_cp->type));
d930650b
JH		 3519 goto unlock;
3520 }
3521
3522 if (hdev->discovery.type != mgmt_cp->type) {
2a1afb5a
JH		 3523 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
3524 MGMT_STATUS_INVALID_PARAMS,
3525 &mgmt_cp->type, sizeof(mgmt_cp->type));
30dc78e1 3526 goto unlock;
ff9ef578
JH		 3527 }
3528
2922a94f 3529 cmd = mgmt_pending_add(sk, MGMT_OP_STOP_DISCOVERY, hdev, data, len);
14a53664
JH		 3530 if (!cmd) {
3531 err = -ENOMEM;
30dc78e1
JH		 3532 goto unlock;
3533 }
3534
2922a94f
JH		 3535 cmd->cmd_complete = generic_cmd_complete;
3536
2154d3f4
JH		 3537 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
3538 queue_work(hdev->req_workqueue, &hdev->discov_update);
3539 err = 0;
14a53664 3540
30dc78e1 3541unlock:
09fd0de5 3542 hci_dev_unlock(hdev);
14a53664
JH		 3543 return err;
3544}
3545
bdb6d971 3546static int confirm_name(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3547 u16 len)
561aafbc 3548{
650f726d 3549 struct mgmt_cp_confirm_name *cp = data;
561aafbc 3550 struct inquiry_entry *e;
561aafbc
JH		 3551 int err;
3552
bdb6d971 3553 BT_DBG("%s", hdev->name);
561aafbc 3554
561aafbc
JH		 3555 hci_dev_lock(hdev);
3556
30dc78e1 3557 if (!hci_discovery_active(hdev)) {
2a1afb5a
JH		 3558 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
3559 MGMT_STATUS_FAILED, &cp->addr,
3560 sizeof(cp->addr));
30dc78e1
JH		 3561 goto failed;
3562 }
3563
a198e7b1 3564 e = hci_inquiry_cache_lookup_unknown(hdev, &cp->addr.bdaddr);
561aafbc 3565 if (!e) {
2a1afb5a
JH		 3566 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
3567 MGMT_STATUS_INVALID_PARAMS, &cp->addr,
3568 sizeof(cp->addr));
561aafbc
JH		 3569 goto failed;
3570 }
3571
3572 if (cp->name_known) {
3573 e->name_state = NAME_KNOWN;
3574 list_del(&e->list);
3575 } else {
3576 e->name_state = NAME_NEEDED;
a3d4e20a 3577 hci_inquiry_cache_update_resolve(hdev, e);
561aafbc
JH		 3578 }
3579
2a1afb5a
JH		 3580 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME, 0,
3581 &cp->addr, sizeof(cp->addr));
561aafbc
JH		 3582
3583failed:
3584 hci_dev_unlock(hdev);
561aafbc
JH		 3585 return err;
3586}
3587
bdb6d971 3588static int block_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3589 u16 len)
7fbec224 3590{
650f726d 3591 struct mgmt_cp_block_device *cp = data;
f0eeea8b 3592 u8 status;
7fbec224
AJ		 3593 int err;
3594
bdb6d971 3595 BT_DBG("%s", hdev->name);
7fbec224 3596
4ee71b20 3597 if (!bdaddr_type_is_valid(cp->addr.type))
2a1afb5a
JH		 3598 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE,
3599 MGMT_STATUS_INVALID_PARAMS,
3600 &cp->addr, sizeof(cp->addr));
4ee71b20 3601
09fd0de5 3602 hci_dev_lock(hdev);
5e762444 3603
dcc36c16
JH		 3604 err = hci_bdaddr_list_add(&hdev->blacklist, &cp->addr.bdaddr,
3605 cp->addr.type);
2a8357f2 3606 if (err < 0) {
f0eeea8b 3607 status = MGMT_STATUS_FAILED;
2a8357f2
JH		 3608 goto done;
3609 }
3610
3611 mgmt_event(MGMT_EV_DEVICE_BLOCKED, hdev, &cp->addr, sizeof(cp->addr),
3612 sk);
3613 status = MGMT_STATUS_SUCCESS;
f0eeea8b 3614
2a8357f2 3615done:
2a1afb5a
JH		 3616 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE, status,
3617 &cp->addr, sizeof(cp->addr));
5e762444 3618
09fd0de5 3619 hci_dev_unlock(hdev);
7fbec224
AJ		 3620
3621 return err;
3622}
3623
bdb6d971 3624static int unblock_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3625 u16 len)
7fbec224 3626{
650f726d 3627 struct mgmt_cp_unblock_device *cp = data;
f0eeea8b 3628 u8 status;
7fbec224
AJ		 3629 int err;
3630
bdb6d971 3631 BT_DBG("%s", hdev->name);
7fbec224 3632
4ee71b20 3633 if (!bdaddr_type_is_valid(cp->addr.type))
2a1afb5a
JH		 3634 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE,
3635 MGMT_STATUS_INVALID_PARAMS,
3636 &cp->addr, sizeof(cp->addr));
4ee71b20 3637
09fd0de5 3638 hci_dev_lock(hdev);
5e762444 3639
dcc36c16
JH		 3640 err = hci_bdaddr_list_del(&hdev->blacklist, &cp->addr.bdaddr,
3641 cp->addr.type);
2a8357f2 3642 if (err < 0) {
f0eeea8b 3643 status = MGMT_STATUS_INVALID_PARAMS;
2a8357f2
JH		 3644 goto done;
3645 }
3646
3647 mgmt_event(MGMT_EV_DEVICE_UNBLOCKED, hdev, &cp->addr, sizeof(cp->addr),
3648 sk);
3649 status = MGMT_STATUS_SUCCESS;
f0eeea8b 3650
2a8357f2 3651done:
2a1afb5a
JH		 3652 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE, status,
3653 &cp->addr, sizeof(cp->addr));
5e762444 3654
09fd0de5 3655 hci_dev_unlock(hdev);
7fbec224
AJ		 3656
3657 return err;
3658}
3659
cdbaccca
MH		 3660static int set_device_id(struct sock *sk, struct hci_dev *hdev, void *data,
3661 u16 len)
3662{
3663 struct mgmt_cp_set_device_id *cp = data;
890ea898 3664 struct hci_request req;
cdbaccca 3665 int err;
c72d4b8a 3666 __u16 source;
cdbaccca
MH		 3667
3668 BT_DBG("%s", hdev->name);
3669
c72d4b8a
SJ		 3670 source = __le16_to_cpu(cp->source);
3671
3672 if (source > 0x0002)
a69e8375
JH		 3673 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEVICE_ID,
3674 MGMT_STATUS_INVALID_PARAMS);
c72d4b8a 3675
cdbaccca
MH		 3676 hci_dev_lock(hdev);
3677
c72d4b8a 3678 hdev->devid_source = source;
cdbaccca
MH		 3679 hdev->devid_vendor = __le16_to_cpu(cp->vendor);
3680 hdev->devid_product = __le16_to_cpu(cp->product);
3681 hdev->devid_version = __le16_to_cpu(cp->version);
3682
2a1afb5a
JH		 3683 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_DEVICE_ID, 0,
3684 NULL, 0);
cdbaccca 3685
890ea898 3686 hci_req_init(&req, hdev);
b1a8917c 3687 __hci_req_update_eir(&req);
890ea898 3688 hci_req_run(&req, NULL);
cdbaccca
MH		 3689
3690 hci_dev_unlock(hdev);
3691
3692 return err;
3693}
3694
24b4f38f
AU		 3695static void enable_advertising_instance(struct hci_dev *hdev, u8 status,
3696 u16 opcode)
3697{
3698 BT_DBG("status %d", status);
3699}
3700
1904a853
MH		 3701static void set_advertising_complete(struct hci_dev *hdev, u8 status,
3702 u16 opcode)
4375f103
JH		 3703{
3704 struct cmd_lookup match = { NULL, hdev };
24b4f38f 3705 struct hci_request req;
7816b820
FG		 3706 u8 instance;
3707 struct adv_info *adv_instance;
3708 int err;
4375f103 3709
3ad67582
JK		 3710 hci_dev_lock(hdev);
3711
4375f103
JH		 3712 if (status) {
3713 u8 mgmt_err = mgmt_status(status);
3714
3715 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev,
3716 cmd_status_rsp, &mgmt_err);
3ad67582 3717 goto unlock;
4375f103
JH		 3718 }
3719
d7a5a11d 3720 if (hci_dev_test_flag(hdev, HCI_LE_ADV))
a1536da2 3721 hci_dev_set_flag(hdev, HCI_ADVERTISING);
c93bd150 3722 else
a358dc11 3723 hci_dev_clear_flag(hdev, HCI_ADVERTISING);
c93bd150 3724
4375f103
JH		 3725 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev, settings_rsp,
3726 &match);
3727
3728 new_settings(hdev, match.sk);
3729
3730 if (match.sk)
3731 sock_put(match.sk);
3ad67582 3732
24b4f38f 3733 /* If "Set Advertising" was just disabled and instance advertising was
7816b820 3734 * set up earlier, then re-enable multi-instance advertising.
24b4f38f
AU		 3735 */
3736 if (hci_dev_test_flag(hdev, HCI_ADVERTISING) ||
7816b820
FG		 3737 !hci_dev_test_flag(hdev, HCI_ADVERTISING_INSTANCE) ||
3738 list_empty(&hdev->adv_instances))
24b4f38f
AU		 3739 goto unlock;
3740
7816b820
FG		 3741 instance = hdev->cur_adv_instance;
3742 if (!instance) {
3743 adv_instance = list_first_entry_or_null(&hdev->adv_instances,
3744 struct adv_info, list);
3745 if (!adv_instance)
3746 goto unlock;
3747
3748 instance = adv_instance->instance;
3749 }
3750
24b4f38f
AU		 3751 hci_req_init(&req, hdev);
3752
f2252570 3753 err = __hci_req_schedule_adv_instance(&req, instance, true);
7816b820
FG		 3754
3755 if (!err)
3756 err = hci_req_run(&req, enable_advertising_instance);
24b4f38f 3757
7816b820 3758 if (err)
24b4f38f
AU		 3759 BT_ERR("Failed to re-configure advertising");
3760
3ad67582
JK		 3761unlock:
3762 hci_dev_unlock(hdev);
4375f103
JH		 3763}
3764
21b5187f
MH		 3765static int set_advertising(struct sock *sk, struct hci_dev *hdev, void *data,
3766 u16 len)
4375f103
JH		 3767{
3768 struct mgmt_mode *cp = data;
3b0602cd 3769 struct mgmt_pending_cmd *cmd;
4375f103 3770 struct hci_request req;
cc91cb04 3771 u8 val, status;
4375f103
JH		 3772 int err;
3773
3774 BT_DBG("request for %s", hdev->name);
3775
e6fe7986
JH		 3776 status = mgmt_le_support(hdev);
3777 if (status)
a69e8375
JH		 3778 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
3779 status);
4375f103 3780
cc91cb04 3781 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
a69e8375
JH		 3782 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
3783 MGMT_STATUS_INVALID_PARAMS);
4375f103
JH		 3784
3785 hci_dev_lock(hdev);
3786
3787 val = !!cp->val;
4375f103 3788
f74ca9b8
JH		 3789 /* The following conditions are ones which mean that we should
3790 * not do any HCI communication but directly send a mgmt
3791 * response to user space (after toggling the flag if
3792 * necessary).
3793 */
cc91cb04 3794 if (!hdev_is_powered(hdev) ||
d7a5a11d
MH		 3795 (val == hci_dev_test_flag(hdev, HCI_ADVERTISING) &&
3796 (cp->val == 0x02) == hci_dev_test_flag(hdev, HCI_ADVERTISING_CONNECTABLE)) ||
e8bb6b97 3797 hci_conn_num(hdev, LE_LINK) > 0 ||
d7a5a11d 3798 (hci_dev_test_flag(hdev, HCI_LE_SCAN) &&
e8bb6b97 3799 hdev->le_scan_type == LE_SCAN_ACTIVE)) {
cc91cb04 3800 bool changed;
4375f103 3801
cc91cb04 3802 if (cp->val) {
238be788 3803 changed = !hci_dev_test_and_set_flag(hdev, HCI_ADVERTISING);
cc91cb04 3804 if (cp->val == 0x02)
a1536da2 3805 hci_dev_set_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
cc91cb04 3806 else
a358dc11 3807 hci_dev_clear_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
cc91cb04 3808 } else {
a69d8927 3809 changed = hci_dev_test_and_clear_flag(hdev, HCI_ADVERTISING);
a358dc11 3810 hci_dev_clear_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
4375f103
JH		 3811 }
3812
3813 err = send_settings_rsp(sk, MGMT_OP_SET_ADVERTISING, hdev);
3814 if (err < 0)
3815 goto unlock;
3816
3817 if (changed)
3818 err = new_settings(hdev, sk);
3819
3820 goto unlock;
3821 }
3822
333ae95d
JH		 3823 if (pending_find(MGMT_OP_SET_ADVERTISING, hdev) ||
3824 pending_find(MGMT_OP_SET_LE, hdev)) {
a69e8375
JH		 3825 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
3826 MGMT_STATUS_BUSY);
4375f103
JH		 3827 goto unlock;
3828 }
3829
3830 cmd = mgmt_pending_add(sk, MGMT_OP_SET_ADVERTISING, hdev, data, len);
3831 if (!cmd) {
3832 err = -ENOMEM;
3833 goto unlock;
3834 }
3835
3836 hci_req_init(&req, hdev);
3837
cc91cb04 3838 if (cp->val == 0x02)
a1536da2 3839 hci_dev_set_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
cc91cb04 3840 else
a358dc11 3841 hci_dev_clear_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
cc91cb04 3842
7816b820
FG		 3843 cancel_adv_timeout(hdev);
3844
24b4f38f 3845 if (val) {
7816b820
FG		 3846 /* Switch to instance "0" for the Set Advertising setting.
3847 * We cannot use update_[adv|scan_rsp]_data() here as the
3848 * HCI_ADVERTISING flag is not yet set.
3849 */
f2252570
JH		 3850 __hci_req_update_adv_data(&req, 0x00);
3851 __hci_req_update_scan_rsp_data(&req, 0x00);
3852 __hci_req_enable_advertising(&req);
24b4f38f 3853 } else {
f2252570 3854 __hci_req_disable_advertising(&req);
24b4f38f 3855 }
4375f103
JH		 3856
3857 err = hci_req_run(&req, set_advertising_complete);
3858 if (err < 0)
3859 mgmt_pending_remove(cmd);
3860
3861unlock:
3862 hci_dev_unlock(hdev);
3863 return err;
3864}
3865
d13eafce
MH		 3866static int set_static_address(struct sock *sk, struct hci_dev *hdev,
3867 void *data, u16 len)
3868{
3869 struct mgmt_cp_set_static_address *cp = data;
3870 int err;
3871
3872 BT_DBG("%s", hdev->name);
3873
62af4443 3874 if (!lmp_le_capable(hdev))
a69e8375
JH		 3875 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
3876 MGMT_STATUS_NOT_SUPPORTED);
d13eafce
MH		 3877
3878 if (hdev_is_powered(hdev))
a69e8375
JH		 3879 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
3880 MGMT_STATUS_REJECTED);
d13eafce
MH		 3881
3882 if (bacmp(&cp->bdaddr, BDADDR_ANY)) {
3883 if (!bacmp(&cp->bdaddr, BDADDR_NONE))
a69e8375
JH		 3884 return mgmt_cmd_status(sk, hdev->id,
3885 MGMT_OP_SET_STATIC_ADDRESS,
3886 MGMT_STATUS_INVALID_PARAMS);
d13eafce
MH		 3887
3888 /* Two most significant bits shall be set */
3889 if ((cp->bdaddr.b[5] & 0xc0) != 0xc0)
a69e8375
JH		 3890 return mgmt_cmd_status(sk, hdev->id,
3891 MGMT_OP_SET_STATIC_ADDRESS,
3892 MGMT_STATUS_INVALID_PARAMS);
d13eafce
MH		 3893 }
3894
3895 hci_dev_lock(hdev);
3896
3897 bacpy(&hdev->static_addr, &cp->bdaddr);
3898
93690c22
MH		 3899 err = send_settings_rsp(sk, MGMT_OP_SET_STATIC_ADDRESS, hdev);
3900 if (err < 0)
3901 goto unlock;
3902
3903 err = new_settings(hdev, sk);
d13eafce 3904
93690c22 3905unlock:
d13eafce 3906 hci_dev_unlock(hdev);
d13eafce
MH		 3907 return err;
3908}
3909
14b49b9a
MH		 3910static int set_scan_params(struct sock *sk, struct hci_dev *hdev,
3911 void *data, u16 len)
3912{
3913 struct mgmt_cp_set_scan_params *cp = data;
3914 __u16 interval, window;
3915 int err;
3916
3917 BT_DBG("%s", hdev->name);
3918
3919 if (!lmp_le_capable(hdev))
a69e8375
JH		 3920 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
3921 MGMT_STATUS_NOT_SUPPORTED);
14b49b9a
MH		 3922
3923 interval = __le16_to_cpu(cp->interval);
3924
3925 if (interval < 0x0004 || interval > 0x4000)
a69e8375
JH		 3926 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
3927 MGMT_STATUS_INVALID_PARAMS);
14b49b9a
MH		 3928
3929 window = __le16_to_cpu(cp->window);
3930
3931 if (window < 0x0004 || window > 0x4000)
a69e8375
JH		 3932 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
3933 MGMT_STATUS_INVALID_PARAMS);
14b49b9a 3934
899e1075 3935 if (window > interval)
a69e8375
JH		 3936 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
3937 MGMT_STATUS_INVALID_PARAMS);
899e1075 3938
14b49b9a
MH		 3939 hci_dev_lock(hdev);
3940
3941 hdev->le_scan_interval = interval;
3942 hdev->le_scan_window = window;
3943
2a1afb5a
JH		 3944 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS, 0,
3945 NULL, 0);
14b49b9a 3946
dd2ef8e2
AG		 3947 /* If background scan is running, restart it so new parameters are
3948 * loaded.
3949 */
d7a5a11d 3950 if (hci_dev_test_flag(hdev, HCI_LE_SCAN) &&
dd2ef8e2
AG		 3951 hdev->discovery.state == DISCOVERY_STOPPED) {
3952 struct hci_request req;
3953
3954 hci_req_init(&req, hdev);
3955
3956 hci_req_add_le_scan_disable(&req);
3957 hci_req_add_le_passive_scan(&req);
3958
3959 hci_req_run(&req, NULL);
3960 }
3961
14b49b9a
MH		 3962 hci_dev_unlock(hdev);
3963
3964 return err;
3965}
3966
1904a853
MH		 3967static void fast_connectable_complete(struct hci_dev *hdev, u8 status,
3968 u16 opcode)
33e38b3e 3969{
3b0602cd 3970 struct mgmt_pending_cmd *cmd;
33e38b3e
JH		 3971
3972 BT_DBG("status 0x%02x", status);
3973
3974 hci_dev_lock(hdev);
3975
333ae95d 3976 cmd = pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev);
33e38b3e
JH		 3977 if (!cmd)
3978 goto unlock;
3979
3980 if (status) {
a69e8375
JH		 3981 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
3982 mgmt_status(status));
33e38b3e 3983 } else {
1a4d3c4b
JH		 3984 struct mgmt_mode *cp = cmd->param;
3985
3986 if (cp->val)
a1536da2 3987 hci_dev_set_flag(hdev, HCI_FAST_CONNECTABLE);
1a4d3c4b 3988 else
a358dc11 3989 hci_dev_clear_flag(hdev, HCI_FAST_CONNECTABLE);
1a4d3c4b 3990
33e38b3e
JH		 3991 send_settings_rsp(cmd->sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev);
3992 new_settings(hdev, cmd->sk);
3993 }
3994
3995 mgmt_pending_remove(cmd);
3996
3997unlock:
3998 hci_dev_unlock(hdev);
3999}
4000
bdb6d971 4001static int set_fast_connectable(struct sock *sk, struct hci_dev *hdev,
04124681 4002 void *data, u16 len)
f6422ec6 4003{
650f726d 4004 struct mgmt_mode *cp = data;
3b0602cd 4005 struct mgmt_pending_cmd *cmd;
33e38b3e 4006 struct hci_request req;
f6422ec6
AJ		 4007 int err;
4008
bdb6d971 4009 BT_DBG("%s", hdev->name);
f6422ec6 4010
d7a5a11d 4011 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) ||
56f87901 4012 hdev->hci_ver < BLUETOOTH_VER_1_2)
a69e8375
JH		 4013 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4014 MGMT_STATUS_NOT_SUPPORTED);
33c525c0 4015
a7e80f25 4016 if (cp->val != 0x00 && cp->val != 0x01)
a69e8375
JH		 4017 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4018 MGMT_STATUS_INVALID_PARAMS);
a7e80f25 4019
f6422ec6
AJ		 4020 hci_dev_lock(hdev);
4021
333ae95d 4022 if (pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev)) {
a69e8375
JH		 4023 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4024 MGMT_STATUS_BUSY);
05cbf29f
JH		 4025 goto unlock;
4026 }
4027
d7a5a11d 4028 if (!!cp->val == hci_dev_test_flag(hdev, HCI_FAST_CONNECTABLE)) {
1a4d3c4b
JH		 4029 err = send_settings_rsp(sk, MGMT_OP_SET_FAST_CONNECTABLE,
4030 hdev);
4031 goto unlock;
4032 }
4033
406ef2a6 4034 if (!hdev_is_powered(hdev)) {
ce05d603 4035 hci_dev_change_flag(hdev, HCI_FAST_CONNECTABLE);
406ef2a6
JH		 4036 err = send_settings_rsp(sk, MGMT_OP_SET_FAST_CONNECTABLE,
4037 hdev);
4038 new_settings(hdev, sk);
4039 goto unlock;
4040 }
4041
33e38b3e
JH		 4042 cmd = mgmt_pending_add(sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev,
4043 data, len);
4044 if (!cmd) {
4045 err = -ENOMEM;
4046 goto unlock;
f6422ec6
AJ		 4047 }
4048
33e38b3e
JH		 4049 hci_req_init(&req, hdev);
4050
bf943cbf 4051 __hci_req_write_fast_connectable(&req, cp->val);
33e38b3e
JH		 4052
4053 err = hci_req_run(&req, fast_connectable_complete);
f6422ec6 4054 if (err < 0) {
a69e8375
JH		 4055 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4056 MGMT_STATUS_FAILED);
33e38b3e 4057 mgmt_pending_remove(cmd);
f6422ec6
AJ		 4058 }
4059
33e38b3e 4060unlock:
f6422ec6 4061 hci_dev_unlock(hdev);
33e38b3e 4062
f6422ec6
AJ		 4063 return err;
4064}
4065
1904a853 4066static void set_bredr_complete(struct hci_dev *hdev, u8 status, u16 opcode)
0663ca2a 4067{
3b0602cd 4068 struct mgmt_pending_cmd *cmd;
0663ca2a
JH		 4069
4070 BT_DBG("status 0x%02x", status);
4071
4072 hci_dev_lock(hdev);
4073
333ae95d 4074 cmd = pending_find(MGMT_OP_SET_BREDR, hdev);
0663ca2a
JH		 4075 if (!cmd)
4076 goto unlock;
4077
4078 if (status) {
4079 u8 mgmt_err = mgmt_status(status);
4080
4081 /* We need to restore the flag if related HCI commands
4082 * failed.
4083 */
a358dc11 4084 hci_dev_clear_flag(hdev, HCI_BREDR_ENABLED);
0663ca2a 4085
a69e8375 4086 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
0663ca2a
JH		 4087 } else {
4088 send_settings_rsp(cmd->sk, MGMT_OP_SET_BREDR, hdev);
4089 new_settings(hdev, cmd->sk);
4090 }
4091
4092 mgmt_pending_remove(cmd);
4093
4094unlock:
4095 hci_dev_unlock(hdev);
4096}
4097
4098static int set_bredr(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
4099{
4100 struct mgmt_mode *cp = data;
3b0602cd 4101 struct mgmt_pending_cmd *cmd;
0663ca2a
JH		 4102 struct hci_request req;
4103 int err;
4104
4105 BT_DBG("request for %s", hdev->name);
4106
4107 if (!lmp_bredr_capable(hdev) || !lmp_le_capable(hdev))
a69e8375
JH		 4108 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4109 MGMT_STATUS_NOT_SUPPORTED);
0663ca2a 4110
d7a5a11d 4111 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED))
a69e8375
JH		 4112 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4113 MGMT_STATUS_REJECTED);
0663ca2a
JH		 4114
4115 if (cp->val != 0x00 && cp->val != 0x01)
a69e8375
JH		 4116 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4117 MGMT_STATUS_INVALID_PARAMS);
0663ca2a
JH		 4118
4119 hci_dev_lock(hdev);
4120
d7a5a11d 4121 if (cp->val == hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) {
0663ca2a
JH		 4122 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
4123 goto unlock;
4124 }
4125
4126 if (!hdev_is_powered(hdev)) {
4127 if (!cp->val) {
a358dc11
MH		 4128 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE);
4129 hci_dev_clear_flag(hdev, HCI_SSP_ENABLED);
4130 hci_dev_clear_flag(hdev, HCI_LINK_SECURITY);
4131 hci_dev_clear_flag(hdev, HCI_FAST_CONNECTABLE);
4132 hci_dev_clear_flag(hdev, HCI_HS_ENABLED);
0663ca2a
JH		 4133 }
4134
ce05d603 4135 hci_dev_change_flag(hdev, HCI_BREDR_ENABLED);
0663ca2a
JH		 4136
4137 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
4138 if (err < 0)
4139 goto unlock;
4140
4141 err = new_settings(hdev, sk);
4142 goto unlock;
4143 }
4144
4145 /* Reject disabling when powered on */
4146 if (!cp->val) {
a69e8375
JH		 4147 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4148 MGMT_STATUS_REJECTED);
0663ca2a 4149 goto unlock;
111e4bcc
MH		 4150 } else {
4151 /* When configuring a dual-mode controller to operate
4152 * with LE only and using a static address, then switching
4153 * BR/EDR back on is not allowed.
4154 *
4155 * Dual-mode controllers shall operate with the public
4156 * address as its identity address for BR/EDR and LE. So
4157 * reject the attempt to create an invalid configuration.
3a5486e1
MH		 4158 *
4159 * The same restrictions applies when secure connections
4160 * has been enabled. For BR/EDR this is a controller feature
4161 * while for LE it is a host stack feature. This means that
4162 * switching BR/EDR back on when secure connections has been
4163 * enabled is not a supported transaction.
111e4bcc 4164 */
d7a5a11d 4165 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) &&
3a5486e1 4166 (bacmp(&hdev->static_addr, BDADDR_ANY) ||
d7a5a11d 4167 hci_dev_test_flag(hdev, HCI_SC_ENABLED))) {
a69e8375
JH		 4168 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4169 MGMT_STATUS_REJECTED);
111e4bcc
MH		 4170 goto unlock;
4171 }
0663ca2a
JH		 4172 }
4173
333ae95d 4174 if (pending_find(MGMT_OP_SET_BREDR, hdev)) {
a69e8375
JH		 4175 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4176 MGMT_STATUS_BUSY);
0663ca2a
JH		 4177 goto unlock;
4178 }
4179
4180 cmd = mgmt_pending_add(sk, MGMT_OP_SET_BREDR, hdev, data, len);
4181 if (!cmd) {
4182 err = -ENOMEM;
4183 goto unlock;
4184 }
4185
f2252570
JH		 4186 /* We need to flip the bit already here so that
4187 * hci_req_update_adv_data generates the correct flags.
0663ca2a 4188 */
a1536da2 4189 hci_dev_set_flag(hdev, HCI_BREDR_ENABLED);
0663ca2a
JH		 4190
4191 hci_req_init(&req, hdev);
aa8af46e 4192
bf943cbf 4193 __hci_req_write_fast_connectable(&req, false);
01b1cb87 4194 __hci_req_update_scan(&req);
aa8af46e 4195
f14d8f64
MH		 4196 /* Since only the advertising data flags will change, there
4197 * is no need to update the scan response data.
4198 */
f2252570 4199 __hci_req_update_adv_data(&req, HCI_ADV_CURRENT);
aa8af46e 4200
0663ca2a
JH		 4201 err = hci_req_run(&req, set_bredr_complete);
4202 if (err < 0)
4203 mgmt_pending_remove(cmd);
4204
4205unlock:
4206 hci_dev_unlock(hdev);
4207 return err;
4208}
4209
a1443f5a
JH		 4210static void sc_enable_complete(struct hci_dev *hdev, u8 status, u16 opcode)
4211{
3b0602cd 4212 struct mgmt_pending_cmd *cmd;
a1443f5a
JH		 4213 struct mgmt_mode *cp;
4214
4215 BT_DBG("%s status %u", hdev->name, status);
4216
4217 hci_dev_lock(hdev);
4218
333ae95d 4219 cmd = pending_find(MGMT_OP_SET_SECURE_CONN, hdev);
a1443f5a
JH		 4220 if (!cmd)
4221 goto unlock;
4222
4223 if (status) {
a69e8375
JH		 4224 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode,
4225 mgmt_status(status));
a1443f5a
JH		 4226 goto remove;
4227 }
4228
4229 cp = cmd->param;
4230
4231 switch (cp->val) {
4232 case 0x00:
a358dc11
MH		 4233 hci_dev_clear_flag(hdev, HCI_SC_ENABLED);
4234 hci_dev_clear_flag(hdev, HCI_SC_ONLY);
a1443f5a
JH		 4235 break;
4236 case 0x01:
a1536da2 4237 hci_dev_set_flag(hdev, HCI_SC_ENABLED);
a358dc11 4238 hci_dev_clear_flag(hdev, HCI_SC_ONLY);
a1443f5a
JH		 4239 break;
4240 case 0x02:
a1536da2
MH		 4241 hci_dev_set_flag(hdev, HCI_SC_ENABLED);
4242 hci_dev_set_flag(hdev, HCI_SC_ONLY);
a1443f5a
JH		 4243 break;
4244 }
4245
4246 send_settings_rsp(cmd->sk, MGMT_OP_SET_SECURE_CONN, hdev);
4247 new_settings(hdev, cmd->sk);
4248
4249remove:
4250 mgmt_pending_remove(cmd);
4251unlock:
4252 hci_dev_unlock(hdev);
4253}
4254
eac83dc6
MH		 4255static int set_secure_conn(struct sock *sk, struct hci_dev *hdev,
4256 void *data, u16 len)
4257{
4258 struct mgmt_mode *cp = data;
3b0602cd 4259 struct mgmt_pending_cmd *cmd;
a1443f5a 4260 struct hci_request req;
a3209694 4261 u8 val;
eac83dc6
MH		 4262 int err;
4263
4264 BT_DBG("request for %s", hdev->name);
4265
05b3c3e7 4266 if (!lmp_sc_capable(hdev) &&
d7a5a11d 4267 !hci_dev_test_flag(hdev, HCI_LE_ENABLED))
a69e8375
JH		 4268 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4269 MGMT_STATUS_NOT_SUPPORTED);
eac83dc6 4270
d7a5a11d 4271 if (hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) &&
59200286 4272 lmp_sc_capable(hdev) &&
d7a5a11d 4273 !hci_dev_test_flag(hdev, HCI_SSP_ENABLED))
a69e8375
JH		 4274 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4275 MGMT_STATUS_REJECTED);
ed93ec69 4276
0ab04a9c 4277 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
a69e8375 4278 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
eac83dc6
MH		 4279 MGMT_STATUS_INVALID_PARAMS);
4280
4281 hci_dev_lock(hdev);
4282
05b3c3e7 4283 if (!hdev_is_powered(hdev) || !lmp_sc_capable(hdev) ||
d7a5a11d 4284 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) {
eac83dc6
MH		 4285 bool changed;
4286
0ab04a9c 4287 if (cp->val) {
238be788
MH		 4288 changed = !hci_dev_test_and_set_flag(hdev,
4289 HCI_SC_ENABLED);
0ab04a9c 4290 if (cp->val == 0x02)
a1536da2 4291 hci_dev_set_flag(hdev, HCI_SC_ONLY);
0ab04a9c 4292 else
a358dc11 4293 hci_dev_clear_flag(hdev, HCI_SC_ONLY);
0ab04a9c 4294 } else {
a69d8927
MH		 4295 changed = hci_dev_test_and_clear_flag(hdev,
4296 HCI_SC_ENABLED);
a358dc11 4297 hci_dev_clear_flag(hdev, HCI_SC_ONLY);
0ab04a9c 4298 }
eac83dc6
MH		 4299
4300 err = send_settings_rsp(sk, MGMT_OP_SET_SECURE_CONN, hdev);
4301 if (err < 0)
4302 goto failed;
4303
4304 if (changed)
4305 err = new_settings(hdev, sk);
4306
4307 goto failed;
4308 }
4309
333ae95d 4310 if (pending_find(MGMT_OP_SET_SECURE_CONN, hdev)) {
a69e8375
JH		 4311 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4312 MGMT_STATUS_BUSY);
eac83dc6
MH		 4313 goto failed;
4314 }
4315
0ab04a9c
MH		 4316 val = !!cp->val;
4317
d7a5a11d
MH		 4318 if (val == hci_dev_test_flag(hdev, HCI_SC_ENABLED) &&
4319 (cp->val == 0x02) == hci_dev_test_flag(hdev, HCI_SC_ONLY)) {
eac83dc6
MH		 4320 err = send_settings_rsp(sk, MGMT_OP_SET_SECURE_CONN, hdev);
4321 goto failed;
4322 }
4323
4324 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SECURE_CONN, hdev, data, len);
4325 if (!cmd) {
4326 err = -ENOMEM;
4327 goto failed;
4328 }
4329
a1443f5a
JH		 4330 hci_req_init(&req, hdev);
4331 hci_req_add(&req, HCI_OP_WRITE_SC_SUPPORT, 1, &val);
4332 err = hci_req_run(&req, sc_enable_complete);
eac83dc6
MH		 4333 if (err < 0) {
4334 mgmt_pending_remove(cmd);
4335 goto failed;
4336 }
4337
4338failed:
4339 hci_dev_unlock(hdev);
4340 return err;
4341}
4342
4e39ac81
MH		 4343static int set_debug_keys(struct sock *sk, struct hci_dev *hdev,
4344 void *data, u16 len)
4345{
4346 struct mgmt_mode *cp = data;
b9710979 4347 bool changed, use_changed;
4e39ac81
MH		 4348 int err;
4349
4350 BT_DBG("request for %s", hdev->name);
4351
b9710979 4352 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
a69e8375
JH		 4353 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEBUG_KEYS,
4354 MGMT_STATUS_INVALID_PARAMS);
4e39ac81
MH		 4355
4356 hci_dev_lock(hdev);
4357
4358 if (cp->val)
238be788 4359 changed = !hci_dev_test_and_set_flag(hdev, HCI_KEEP_DEBUG_KEYS);
4e39ac81 4360 else
a69d8927
MH		 4361 changed = hci_dev_test_and_clear_flag(hdev,
4362 HCI_KEEP_DEBUG_KEYS);
4e39ac81 4363
b9710979 4364 if (cp->val == 0x02)
238be788
MH		 4365 use_changed = !hci_dev_test_and_set_flag(hdev,
4366 HCI_USE_DEBUG_KEYS);
b9710979 4367 else
a69d8927
MH		 4368 use_changed = hci_dev_test_and_clear_flag(hdev,
4369 HCI_USE_DEBUG_KEYS);
b9710979
JH		 4370
4371 if (hdev_is_powered(hdev) && use_changed &&
d7a5a11d 4372 hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) {
b9710979
JH		 4373 u8 mode = (cp->val == 0x02) ? 0x01 : 0x00;
4374 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_DEBUG_MODE,
4375 sizeof(mode), &mode);
4376 }
4377
4e39ac81
MH		 4378 err = send_settings_rsp(sk, MGMT_OP_SET_DEBUG_KEYS, hdev);
4379 if (err < 0)
4380 goto unlock;
4381
4382 if (changed)
4383 err = new_settings(hdev, sk);
4384
4385unlock:
4386 hci_dev_unlock(hdev);
4387 return err;
4388}
4389
62b04cd1
JH		 4390static int set_privacy(struct sock *sk, struct hci_dev *hdev, void *cp_data,
4391 u16 len)
4392{
4393 struct mgmt_cp_set_privacy *cp = cp_data;
4394 bool changed;
4395 int err;
4396
4397 BT_DBG("request for %s", hdev->name);
4398
4399 if (!lmp_le_capable(hdev))
a69e8375
JH		 4400 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
4401 MGMT_STATUS_NOT_SUPPORTED);
62b04cd1
JH		 4402
4403 if (cp->privacy != 0x00 && cp->privacy != 0x01)
a69e8375
JH		 4404 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
4405 MGMT_STATUS_INVALID_PARAMS);
62b04cd1
JH		 4406
4407 if (hdev_is_powered(hdev))
a69e8375
JH		 4408 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
4409 MGMT_STATUS_REJECTED);
62b04cd1
JH		 4410
4411 hci_dev_lock(hdev);
4412
c21c0ea0
JH		 4413 /* If user space supports this command it is also expected to
4414 * handle IRKs. Therefore, set the HCI_RPA_RESOLVING flag.
4415 */
a1536da2 4416 hci_dev_set_flag(hdev, HCI_RPA_RESOLVING);
c21c0ea0 4417
62b04cd1 4418 if (cp->privacy) {
238be788 4419 changed = !hci_dev_test_and_set_flag(hdev, HCI_PRIVACY);
62b04cd1 4420 memcpy(hdev->irk, cp->irk, sizeof(hdev->irk));
a1536da2 4421 hci_dev_set_flag(hdev, HCI_RPA_EXPIRED);
62b04cd1 4422 } else {
a69d8927 4423 changed = hci_dev_test_and_clear_flag(hdev, HCI_PRIVACY);
62b04cd1 4424 memset(hdev->irk, 0, sizeof(hdev->irk));
a358dc11 4425 hci_dev_clear_flag(hdev, HCI_RPA_EXPIRED);
62b04cd1
JH		 4426 }
4427
4428 err = send_settings_rsp(sk, MGMT_OP_SET_PRIVACY, hdev);
4429 if (err < 0)
4430 goto unlock;
4431
4432 if (changed)
4433 err = new_settings(hdev, sk);
4434
4435unlock:
4436 hci_dev_unlock(hdev);
4437 return err;
4438}
4439
41edf160
JH		 4440static bool irk_is_valid(struct mgmt_irk_info *irk)
4441{
4442 switch (irk->addr.type) {
4443 case BDADDR_LE_PUBLIC:
4444 return true;
4445
4446 case BDADDR_LE_RANDOM:
4447 /* Two most significant bits shall be set */
4448 if ((irk->addr.bdaddr.b[5] & 0xc0) != 0xc0)
4449 return false;
4450 return true;
4451 }
4452
4453 return false;
4454}
4455
4456static int load_irks(struct sock *sk, struct hci_dev *hdev, void *cp_data,
4457 u16 len)
4458{
4459 struct mgmt_cp_load_irks *cp = cp_data;
ba1d6936
JH		 4460 const u16 max_irk_count = ((U16_MAX - sizeof(*cp)) /
4461 sizeof(struct mgmt_irk_info));
41edf160
JH		 4462 u16 irk_count, expected_len;
4463 int i, err;
4464
4465 BT_DBG("request for %s", hdev->name);
4466
4467 if (!lmp_le_capable(hdev))
a69e8375
JH		 4468 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
4469 MGMT_STATUS_NOT_SUPPORTED);
41edf160
JH		 4470
4471 irk_count = __le16_to_cpu(cp->irk_count);
ba1d6936
JH		 4472 if (irk_count > max_irk_count) {
4473 BT_ERR("load_irks: too big irk_count value %u", irk_count);
a69e8375
JH		 4474 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
4475 MGMT_STATUS_INVALID_PARAMS);
ba1d6936 4476 }
41edf160
JH		 4477
4478 expected_len = sizeof(*cp) + irk_count * sizeof(struct mgmt_irk_info);
4479 if (expected_len != len) {
4480 BT_ERR("load_irks: expected %u bytes, got %u bytes",
2606ecbc 4481 expected_len, len);
a69e8375
JH		 4482 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
4483 MGMT_STATUS_INVALID_PARAMS);
41edf160
JH		 4484 }
4485
4486 BT_DBG("%s irk_count %u", hdev->name, irk_count);
4487
4488 for (i = 0; i < irk_count; i++) {
4489 struct mgmt_irk_info *key = &cp->irks[i];
4490
4491 if (!irk_is_valid(key))
a69e8375
JH		 4492 return mgmt_cmd_status(sk, hdev->id,
4493 MGMT_OP_LOAD_IRKS,
4494 MGMT_STATUS_INVALID_PARAMS);
41edf160
JH		 4495 }
4496
4497 hci_dev_lock(hdev);
4498
4499 hci_smp_irks_clear(hdev);
4500
4501 for (i = 0; i < irk_count; i++) {
4502 struct mgmt_irk_info *irk = &cp->irks[i];
41edf160 4503
85813a7e
JH		 4504 hci_add_irk(hdev, &irk->addr.bdaddr,
4505 le_addr_type(irk->addr.type), irk->val,
41edf160
JH		 4506 BDADDR_ANY);
4507 }
4508
a1536da2 4509 hci_dev_set_flag(hdev, HCI_RPA_RESOLVING);
41edf160 4510
2a1afb5a 4511 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_IRKS, 0, NULL, 0);
41edf160
JH		 4512
4513 hci_dev_unlock(hdev);
4514
4515 return err;
4516}
4517
3f706b72
JH		 4518static bool ltk_is_valid(struct mgmt_ltk_info *key)
4519{
4520 if (key->master != 0x00 && key->master != 0x01)
4521 return false;
490cb0b3
MH		 4522
4523 switch (key->addr.type) {
4524 case BDADDR_LE_PUBLIC:
4525 return true;
4526
4527 case BDADDR_LE_RANDOM:
4528 /* Two most significant bits shall be set */
4529 if ((key->addr.bdaddr.b[5] & 0xc0) != 0xc0)
4530 return false;
4531 return true;
4532 }
4533
4534 return false;
3f706b72
JH		 4535}
4536
bdb6d971 4537static int load_long_term_keys(struct sock *sk, struct hci_dev *hdev,
04124681 4538 void *cp_data, u16 len)
346af67b 4539{
346af67b 4540 struct mgmt_cp_load_long_term_keys *cp = cp_data;
ba1d6936
JH		 4541 const u16 max_key_count = ((U16_MAX - sizeof(*cp)) /
4542 sizeof(struct mgmt_ltk_info));
346af67b 4543 u16 key_count, expected_len;
715a5bf2 4544 int i, err;
346af67b 4545
cf99ba13
MH		 4546 BT_DBG("request for %s", hdev->name);
4547
4548 if (!lmp_le_capable(hdev))
a69e8375
JH		 4549 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
4550 MGMT_STATUS_NOT_SUPPORTED);
cf99ba13 4551
1f350c87 4552 key_count = __le16_to_cpu(cp->key_count);
ba1d6936
JH		 4553 if (key_count > max_key_count) {
4554 BT_ERR("load_ltks: too big key_count value %u", key_count);
a69e8375
JH		 4555 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
4556 MGMT_STATUS_INVALID_PARAMS);
ba1d6936 4557 }
346af67b
VCG		 4558
4559 expected_len = sizeof(*cp) + key_count *
4560 sizeof(struct mgmt_ltk_info);
4561 if (expected_len != len) {
4562 BT_ERR("load_keys: expected %u bytes, got %u bytes",
2606ecbc 4563 expected_len, len);
a69e8375
JH		 4564 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
4565 MGMT_STATUS_INVALID_PARAMS);
346af67b
VCG		 4566 }
4567
bdb6d971 4568 BT_DBG("%s key_count %u", hdev->name, key_count);
346af67b 4569
54ad6d8a
JH		 4570 for (i = 0; i < key_count; i++) {
4571 struct mgmt_ltk_info *key = &cp->keys[i];
4572
3f706b72 4573 if (!ltk_is_valid(key))
a69e8375
JH		 4574 return mgmt_cmd_status(sk, hdev->id,
4575 MGMT_OP_LOAD_LONG_TERM_KEYS,
4576 MGMT_STATUS_INVALID_PARAMS);
54ad6d8a
JH		 4577 }
4578
346af67b
VCG		 4579 hci_dev_lock(hdev);
4580
4581 hci_smp_ltks_clear(hdev);
4582
4583 for (i = 0; i < key_count; i++) {
4584 struct mgmt_ltk_info *key = &cp->keys[i];
85813a7e 4585 u8 type, authenticated;
346af67b 4586
61b43357
JH		 4587 switch (key->type) {
4588 case MGMT_LTK_UNAUTHENTICATED:
d7b25450 4589 authenticated = 0x00;
23fb8de3 4590 type = key->master ? SMP_LTK : SMP_LTK_SLAVE;
61b43357
JH		 4591 break;
4592 case MGMT_LTK_AUTHENTICATED:
d7b25450 4593 authenticated = 0x01;
23fb8de3
JH		 4594 type = key->master ? SMP_LTK : SMP_LTK_SLAVE;
4595 break;
4596 case MGMT_LTK_P256_UNAUTH:
4597 authenticated = 0x00;
4598 type = SMP_LTK_P256;
61b43357 4599 break;
23fb8de3
JH		 4600 case MGMT_LTK_P256_AUTH:
4601 authenticated = 0x01;
4602 type = SMP_LTK_P256;
61b43357 4603 break;
23fb8de3
JH		 4604 case MGMT_LTK_P256_DEBUG:
4605 authenticated = 0x00;
4606 type = SMP_LTK_P256_DEBUG;
61b43357
JH		 4607 default:
4608 continue;
4609 }
d7b25450 4610
85813a7e
JH		 4611 hci_add_ltk(hdev, &key->addr.bdaddr,
4612 le_addr_type(key->addr.type), type, authenticated,
4613 key->val, key->enc_size, key->ediv, key->rand);
346af67b
VCG		 4614 }
4615
2a1afb5a 4616 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS, 0,
715a5bf2
JH		 4617 NULL, 0);
4618
346af67b 4619 hci_dev_unlock(hdev);
346af67b 4620
715a5bf2 4621 return err;
346af67b
VCG		 4622}
4623
3b0602cd 4624static int conn_info_cmd_complete(struct mgmt_pending_cmd *cmd, u8 status)
dd983808 4625{
dd983808 4626 struct hci_conn *conn = cmd->user_data;
9981bdb0 4627 struct mgmt_rp_get_conn_info rp;
9df74653 4628 int err;
dd983808 4629
9981bdb0 4630 memcpy(&rp.addr, cmd->param, sizeof(rp.addr));
dd983808 4631
9981bdb0 4632 if (status == MGMT_STATUS_SUCCESS) {
dd983808 4633 rp.rssi = conn->rssi;
9981bdb0
JH		 4634 rp.tx_power = conn->tx_power;
4635 rp.max_tx_power = conn->max_tx_power;
4636 } else {
4637 rp.rssi = HCI_RSSI_INVALID;
4638 rp.tx_power = HCI_TX_POWER_INVALID;
4639 rp.max_tx_power = HCI_TX_POWER_INVALID;
dd983808
AK		 4640 }
4641
2a1afb5a
JH		 4642 err = mgmt_cmd_complete(cmd->sk, cmd->index, MGMT_OP_GET_CONN_INFO,
4643 status, &rp, sizeof(rp));
dd983808
AK		 4644
4645 hci_conn_drop(conn);
f8aaf9b6 4646 hci_conn_put(conn);
9df74653
JH		 4647
4648 return err;
dd983808
AK		 4649}
4650
1904a853
MH		 4651static void conn_info_refresh_complete(struct hci_dev *hdev, u8 hci_status,
4652 u16 opcode)
dd983808
AK		 4653{
4654 struct hci_cp_read_rssi *cp;
3b0602cd 4655 struct mgmt_pending_cmd *cmd;
dd983808 4656 struct hci_conn *conn;
dd983808 4657 u16 handle;
9981bdb0 4658 u8 status;
dd983808 4659
9981bdb0 4660 BT_DBG("status 0x%02x", hci_status);
dd983808
AK		 4661
4662 hci_dev_lock(hdev);
4663
dd983808
AK		 4664 /* Commands sent in request are either Read RSSI or Read Transmit Power
4665 * Level so we check which one was last sent to retrieve connection
4666 * handle. Both commands have handle as first parameter so it's safe to
4667 * cast data on the same command struct.
4668 *
4669 * First command sent is always Read RSSI and we fail only if it fails.
4670 * In other case we simply override error to indicate success as we
4671 * already remembered if TX power value is actually valid.
4672 */
4673 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_RSSI);
4674 if (!cp) {
4675 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_TX_POWER);
9981bdb0
JH		 4676 status = MGMT_STATUS_SUCCESS;
4677 } else {
4678 status = mgmt_status(hci_status);
dd983808
AK		 4679 }
4680
4681 if (!cp) {
9981bdb0 4682 BT_ERR("invalid sent_cmd in conn_info response");
dd983808
AK		 4683 goto unlock;
4684 }
4685
4686 handle = __le16_to_cpu(cp->handle);
4687 conn = hci_conn_hash_lookup_handle(hdev, handle);
4688 if (!conn) {
9981bdb0 4689 BT_ERR("unknown handle (%d) in conn_info response", handle);
dd983808
AK		 4690 goto unlock;
4691 }
4692
333ae95d 4693 cmd = pending_find_data(MGMT_OP_GET_CONN_INFO, hdev, conn);
9981bdb0
JH		 4694 if (!cmd)
4695 goto unlock;
dd983808 4696
9981bdb0
JH		 4697 cmd->cmd_complete(cmd, status);
4698 mgmt_pending_remove(cmd);
dd983808
AK		 4699
4700unlock:
4701 hci_dev_unlock(hdev);
4702}
4703
4704static int get_conn_info(struct sock *sk, struct hci_dev *hdev, void *data,
4705 u16 len)
4706{
4707 struct mgmt_cp_get_conn_info *cp = data;
4708 struct mgmt_rp_get_conn_info rp;
4709 struct hci_conn *conn;
4710 unsigned long conn_info_age;
4711 int err = 0;
4712
4713 BT_DBG("%s", hdev->name);
4714
4715 memset(&rp, 0, sizeof(rp));
4716 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
4717 rp.addr.type = cp->addr.type;
4718
4719 if (!bdaddr_type_is_valid(cp->addr.type))
2a1afb5a
JH		 4720 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
4721 MGMT_STATUS_INVALID_PARAMS,
4722 &rp, sizeof(rp));
dd983808
AK		 4723
4724 hci_dev_lock(hdev);
4725
4726 if (!hdev_is_powered(hdev)) {
2a1afb5a
JH		 4727 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
4728 MGMT_STATUS_NOT_POWERED, &rp,
4729 sizeof(rp));
dd983808
AK		 4730 goto unlock;
4731 }
4732
4733 if (cp->addr.type == BDADDR_BREDR)
4734 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
4735 &cp->addr.bdaddr);
4736 else
4737 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
4738
4739 if (!conn || conn->state != BT_CONNECTED) {
2a1afb5a
JH		 4740 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
4741 MGMT_STATUS_NOT_CONNECTED, &rp,
4742 sizeof(rp));
dd983808
AK		 4743 goto unlock;
4744 }
4745
333ae95d 4746 if (pending_find_data(MGMT_OP_GET_CONN_INFO, hdev, conn)) {
2a1afb5a
JH		 4747 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
4748 MGMT_STATUS_BUSY, &rp, sizeof(rp));
9981bdb0
JH		 4749 goto unlock;
4750 }
4751
dd983808
AK		 4752 /* To avoid client trying to guess when to poll again for information we
4753 * calculate conn info age as random value between min/max set in hdev.
4754 */
4755 conn_info_age = hdev->conn_info_min_age +
4756 prandom_u32_max(hdev->conn_info_max_age -
4757 hdev->conn_info_min_age);
4758
4759 /* Query controller to refresh cached values if they are too old or were
4760 * never read.
4761 */
f4e2dd53
AK		 4762 if (time_after(jiffies, conn->conn_info_timestamp +
4763 msecs_to_jiffies(conn_info_age)) ||
dd983808
AK		 4764 !conn->conn_info_timestamp) {
4765 struct hci_request req;
4766 struct hci_cp_read_tx_power req_txp_cp;
4767 struct hci_cp_read_rssi req_rssi_cp;
3b0602cd 4768 struct mgmt_pending_cmd *cmd;
dd983808
AK		 4769
4770 hci_req_init(&req, hdev);
4771 req_rssi_cp.handle = cpu_to_le16(conn->handle);
4772 hci_req_add(&req, HCI_OP_READ_RSSI, sizeof(req_rssi_cp),
4773 &req_rssi_cp);
4774
f7faab0c
AK		 4775 /* For LE links TX power does not change thus we don't need to
4776 * query for it once value is known.
4777 */
4778 if (!bdaddr_type_is_le(cp->addr.type) ||
4779 conn->tx_power == HCI_TX_POWER_INVALID) {
4780 req_txp_cp.handle = cpu_to_le16(conn->handle);
4781 req_txp_cp.type = 0x00;
4782 hci_req_add(&req, HCI_OP_READ_TX_POWER,
4783 sizeof(req_txp_cp), &req_txp_cp);
4784 }
dd983808 4785
eed5daf3
AK		 4786 /* Max TX power needs to be read only once per connection */
4787 if (conn->max_tx_power == HCI_TX_POWER_INVALID) {
4788 req_txp_cp.handle = cpu_to_le16(conn->handle);
4789 req_txp_cp.type = 0x01;
4790 hci_req_add(&req, HCI_OP_READ_TX_POWER,
4791 sizeof(req_txp_cp), &req_txp_cp);
4792 }
4793
dd983808
AK		 4794 err = hci_req_run(&req, conn_info_refresh_complete);
4795 if (err < 0)
4796 goto unlock;
4797
4798 cmd = mgmt_pending_add(sk, MGMT_OP_GET_CONN_INFO, hdev,
4799 data, len);
4800 if (!cmd) {
4801 err = -ENOMEM;
4802 goto unlock;
4803 }
4804
4805 hci_conn_hold(conn);
f8aaf9b6 4806 cmd->user_data = hci_conn_get(conn);
9981bdb0 4807 cmd->cmd_complete = conn_info_cmd_complete;
dd983808
AK		 4808
4809 conn->conn_info_timestamp = jiffies;
4810 } else {
4811 /* Cache is valid, just reply with values cached in hci_conn */
4812 rp.rssi = conn->rssi;
4813 rp.tx_power = conn->tx_power;
eed5daf3 4814 rp.max_tx_power = conn->max_tx_power;
dd983808 4815
2a1afb5a
JH		 4816 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
4817 MGMT_STATUS_SUCCESS, &rp, sizeof(rp));
dd983808
AK		 4818 }
4819
4820unlock:
4821 hci_dev_unlock(hdev);
4822 return err;
4823}
4824
3b0602cd 4825static int clock_info_cmd_complete(struct mgmt_pending_cmd *cmd, u8 status)
95868426 4826{
69487371 4827 struct hci_conn *conn = cmd->user_data;
95868426 4828 struct mgmt_rp_get_clock_info rp;
69487371 4829 struct hci_dev *hdev;
9df74653 4830 int err;
69487371
JH		 4831
4832 memset(&rp, 0, sizeof(rp));
4833 memcpy(&rp.addr, &cmd->param, sizeof(rp.addr));
4834
4835 if (status)
4836 goto complete;
4837
4838 hdev = hci_dev_get(cmd->index);
4839 if (hdev) {
4840 rp.local_clock = cpu_to_le32(hdev->clock);
4841 hci_dev_put(hdev);
4842 }
4843
4844 if (conn) {
4845 rp.piconet_clock = cpu_to_le32(conn->clock);
4846 rp.accuracy = cpu_to_le16(conn->clock_accuracy);
4847 }
4848
4849complete:
2a1afb5a
JH		 4850 err = mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, status, &rp,
4851 sizeof(rp));
69487371
JH		 4852
4853 if (conn) {
4854 hci_conn_drop(conn);
4855 hci_conn_put(conn);
4856 }
9df74653
JH		 4857
4858 return err;
69487371
JH		 4859}
4860
1904a853 4861static void get_clock_info_complete(struct hci_dev *hdev, u8 status, u16 opcode)
69487371 4862{
95868426 4863 struct hci_cp_read_clock *hci_cp;
3b0602cd 4864 struct mgmt_pending_cmd *cmd;
95868426
JH		 4865 struct hci_conn *conn;
4866
4867 BT_DBG("%s status %u", hdev->name, status);
4868
4869 hci_dev_lock(hdev);
4870
4871 hci_cp = hci_sent_cmd_data(hdev, HCI_OP_READ_CLOCK);
4872 if (!hci_cp)
4873 goto unlock;
4874
4875 if (hci_cp->which) {
4876 u16 handle = __le16_to_cpu(hci_cp->handle);
4877 conn = hci_conn_hash_lookup_handle(hdev, handle);
4878 } else {
4879 conn = NULL;
4880 }
4881
333ae95d 4882 cmd = pending_find_data(MGMT_OP_GET_CLOCK_INFO, hdev, conn);
95868426
JH		 4883 if (!cmd)
4884 goto unlock;
4885
69487371 4886 cmd->cmd_complete(cmd, mgmt_status(status));
95868426 4887 mgmt_pending_remove(cmd);
95868426
JH		 4888
4889unlock:
4890 hci_dev_unlock(hdev);
4891}
4892
4893static int get_clock_info(struct sock *sk, struct hci_dev *hdev, void *data,
4894 u16 len)
4895{
4896 struct mgmt_cp_get_clock_info *cp = data;
4897 struct mgmt_rp_get_clock_info rp;
4898 struct hci_cp_read_clock hci_cp;
3b0602cd 4899 struct mgmt_pending_cmd *cmd;
95868426
JH		 4900 struct hci_request req;
4901 struct hci_conn *conn;
4902 int err;
4903
4904 BT_DBG("%s", hdev->name);
4905
4906 memset(&rp, 0, sizeof(rp));
4907 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
4908 rp.addr.type = cp->addr.type;
4909
4910 if (cp->addr.type != BDADDR_BREDR)
2a1afb5a
JH		 4911 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CLOCK_INFO,
4912 MGMT_STATUS_INVALID_PARAMS,
4913 &rp, sizeof(rp));
95868426
JH		 4914
4915 hci_dev_lock(hdev);
4916
4917 if (!hdev_is_powered(hdev)) {
2a1afb5a
JH		 4918 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CLOCK_INFO,
4919 MGMT_STATUS_NOT_POWERED, &rp,
4920 sizeof(rp));
95868426
JH		 4921 goto unlock;
4922 }
4923
4924 if (bacmp(&cp->addr.bdaddr, BDADDR_ANY)) {
4925 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
4926 &cp->addr.bdaddr);
4927 if (!conn || conn->state != BT_CONNECTED) {
2a1afb5a
JH		 4928 err = mgmt_cmd_complete(sk, hdev->id,
4929 MGMT_OP_GET_CLOCK_INFO,
4930 MGMT_STATUS_NOT_CONNECTED,
4931 &rp, sizeof(rp));
95868426
JH		 4932 goto unlock;
4933 }
4934 } else {
4935 conn = NULL;
4936 }
4937
4938 cmd = mgmt_pending_add(sk, MGMT_OP_GET_CLOCK_INFO, hdev, data, len);
4939 if (!cmd) {
4940 err = -ENOMEM;
4941 goto unlock;
4942 }
4943
69487371
JH		 4944 cmd->cmd_complete = clock_info_cmd_complete;
4945
95868426
JH		 4946 hci_req_init(&req, hdev);
4947
4948 memset(&hci_cp, 0, sizeof(hci_cp));
4949 hci_req_add(&req, HCI_OP_READ_CLOCK, sizeof(hci_cp), &hci_cp);
4950
4951 if (conn) {
4952 hci_conn_hold(conn);
f8aaf9b6 4953 cmd->user_data = hci_conn_get(conn);
95868426
JH		 4954
4955 hci_cp.handle = cpu_to_le16(conn->handle);
4956 hci_cp.which = 0x01; /* Piconet clock */
4957 hci_req_add(&req, HCI_OP_READ_CLOCK, sizeof(hci_cp), &hci_cp);
4958 }
4959
4960 err = hci_req_run(&req, get_clock_info_complete);
4961 if (err < 0)
4962 mgmt_pending_remove(cmd);
4963
4964unlock:
4965 hci_dev_unlock(hdev);
4966 return err;
4967}
4968
5a154e6f
JH		 4969static bool is_connected(struct hci_dev *hdev, bdaddr_t *addr, u8 type)
4970{
4971 struct hci_conn *conn;
4972
4973 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, addr);
4974 if (!conn)
4975 return false;
4976
4977 if (conn->dst_type != type)
4978 return false;
4979
4980 if (conn->state != BT_CONNECTED)
4981 return false;
4982
4983 return true;
4984}
4985
4986/* This function requires the caller holds hdev->lock */
51d7a94d 4987static int hci_conn_params_set(struct hci_dev *hdev, bdaddr_t *addr,
5a154e6f
JH		 4988 u8 addr_type, u8 auto_connect)
4989{
5a154e6f
JH		 4990 struct hci_conn_params *params;
4991
4992 params = hci_conn_params_add(hdev, addr, addr_type);
4993 if (!params)
4994 return -EIO;
4995
4996 if (params->auto_connect == auto_connect)
4997 return 0;
4998
4999 list_del_init(&params->action);
5000
5001 switch (auto_connect) {
5002 case HCI_AUTO_CONN_DISABLED:
5003 case HCI_AUTO_CONN_LINK_LOSS:
28a667c9
JP		 5004 /* If auto connect is being disabled when we're trying to
5005 * connect to device, keep connecting.
5006 */
5007 if (params->explicit_connect)
5008 list_add(&params->action, &hdev->pend_le_conns);
5a154e6f
JH		 5009 break;
5010 case HCI_AUTO_CONN_REPORT:
49c50922
JH		 5011 if (params->explicit_connect)
5012 list_add(&params->action, &hdev->pend_le_conns);
5013 else
5014 list_add(&params->action, &hdev->pend_le_reports);
5a154e6f
JH		 5015 break;
5016 case HCI_AUTO_CONN_DIRECT:
5017 case HCI_AUTO_CONN_ALWAYS:
51d7a94d 5018 if (!is_connected(hdev, addr, addr_type))
5a154e6f 5019 list_add(&params->action, &hdev->pend_le_conns);
5a154e6f
JH		 5020 break;
5021 }
5022
5023 params->auto_connect = auto_connect;
5024
5025 BT_DBG("addr %pMR (type %u) auto_connect %u", addr, addr_type,
5026 auto_connect);
5027
5028 return 0;
5029}
5030
8afef092
MH		 5031static void device_added(struct sock *sk, struct hci_dev *hdev,
5032 bdaddr_t *bdaddr, u8 type, u8 action)
5033{
5034 struct mgmt_ev_device_added ev;
5035
5036 bacpy(&ev.addr.bdaddr, bdaddr);
5037 ev.addr.type = type;
5038 ev.action = action;
5039
5040 mgmt_event(MGMT_EV_DEVICE_ADDED, hdev, &ev, sizeof(ev), sk);
5041}
5042
2faade53
MH		 5043static int add_device(struct sock *sk, struct hci_dev *hdev,
5044 void *data, u16 len)
5045{
5046 struct mgmt_cp_add_device *cp = data;
5047 u8 auto_conn, addr_type;
5048 int err;
5049
5050 BT_DBG("%s", hdev->name);
5051
6659358e 5052 if (!bdaddr_type_is_valid(cp->addr.type) ||
2faade53 5053 !bacmp(&cp->addr.bdaddr, BDADDR_ANY))
2a1afb5a
JH		 5054 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
5055 MGMT_STATUS_INVALID_PARAMS,
5056 &cp->addr, sizeof(cp->addr));
2faade53 5057
4b9e7e75 5058 if (cp->action != 0x00 && cp->action != 0x01 && cp->action != 0x02)
2a1afb5a
JH		 5059 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
5060 MGMT_STATUS_INVALID_PARAMS,
5061 &cp->addr, sizeof(cp->addr));
2faade53
MH		 5062
5063 hci_dev_lock(hdev);
5064
6659358e 5065 if (cp->addr.type == BDADDR_BREDR) {
4b9e7e75 5066 /* Only incoming connections action is supported for now */
6659358e 5067 if (cp->action != 0x01) {
51d7a94d
JH		 5068 err = mgmt_cmd_complete(sk, hdev->id,
5069 MGMT_OP_ADD_DEVICE,
5070 MGMT_STATUS_INVALID_PARAMS,
5071 &cp->addr, sizeof(cp->addr));
6659358e
JH		 5072 goto unlock;
5073 }
5074
5075 err = hci_bdaddr_list_add(&hdev->whitelist, &cp->addr.bdaddr,
5076 cp->addr.type);
5077 if (err)
5078 goto unlock;
a397407f 5079
01b1cb87 5080 hci_req_update_scan(hdev);
a397407f 5081
6659358e
JH		 5082 goto added;
5083 }
5084
85813a7e 5085 addr_type = le_addr_type(cp->addr.type);
2faade53 5086
4b9e7e75 5087 if (cp->action == 0x02)
2faade53 5088 auto_conn = HCI_AUTO_CONN_ALWAYS;
4b9e7e75
MH		 5089 else if (cp->action == 0x01)
5090 auto_conn = HCI_AUTO_CONN_DIRECT;
2faade53 5091 else
a3451d27 5092 auto_conn = HCI_AUTO_CONN_REPORT;
2faade53 5093
9a0a8a8e
JP		 5094 /* Kernel internally uses conn_params with resolvable private
5095 * address, but Add Device allows only identity addresses.
5096 * Make sure it is enforced before calling
5097 * hci_conn_params_lookup.
5098 */
5099 if (!hci_is_identity_address(&cp->addr.bdaddr, addr_type)) {
51d7a94d
JH		 5100 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
5101 MGMT_STATUS_INVALID_PARAMS,
5102 &cp->addr, sizeof(cp->addr));
9a0a8a8e
JP		 5103 goto unlock;
5104 }
5105
bf5b3c8b
MH		 5106 /* If the connection parameters don't exist for this device,
5107 * they will be created and configured with defaults.
5108 */
51d7a94d 5109 if (hci_conn_params_set(hdev, &cp->addr.bdaddr, addr_type,
d06b50ce 5110 auto_conn) < 0) {
51d7a94d
JH		 5111 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
5112 MGMT_STATUS_FAILED, &cp->addr,
5113 sizeof(cp->addr));
2faade53
MH		 5114 goto unlock;
5115 }
5116
51d7a94d
JH		 5117 hci_update_background_scan(hdev);
5118
6659358e 5119added:
8afef092
MH		 5120 device_added(sk, hdev, &cp->addr.bdaddr, cp->addr.type, cp->action);
5121
51d7a94d
JH		 5122 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
5123 MGMT_STATUS_SUCCESS, &cp->addr,
5124 sizeof(cp->addr));
2faade53
MH		 5125
5126unlock:
5127 hci_dev_unlock(hdev);
5128 return err;
5129}
5130
8afef092
MH		 5131static void device_removed(struct sock *sk, struct hci_dev *hdev,
5132 bdaddr_t *bdaddr, u8 type)
5133{
5134 struct mgmt_ev_device_removed ev;
5135
5136 bacpy(&ev.addr.bdaddr, bdaddr);
5137 ev.addr.type = type;
5138
5139 mgmt_event(MGMT_EV_DEVICE_REMOVED, hdev, &ev, sizeof(ev), sk);
5140}
5141
2faade53
MH		 5142static int remove_device(struct sock *sk, struct hci_dev *hdev,
5143 void *data, u16 len)
5144{
5145 struct mgmt_cp_remove_device *cp = data;
5146 int err;
5147
5148 BT_DBG("%s", hdev->name);
5149
5150 hci_dev_lock(hdev);
5151
5152 if (bacmp(&cp->addr.bdaddr, BDADDR_ANY)) {
c71593dd 5153 struct hci_conn_params *params;
2faade53
MH		 5154 u8 addr_type;
5155
6659358e 5156 if (!bdaddr_type_is_valid(cp->addr.type)) {
51d7a94d
JH		 5157 err = mgmt_cmd_complete(sk, hdev->id,
5158 MGMT_OP_REMOVE_DEVICE,
5159 MGMT_STATUS_INVALID_PARAMS,
5160 &cp->addr, sizeof(cp->addr));
2faade53
MH		 5161 goto unlock;
5162 }
5163
6659358e
JH		 5164 if (cp->addr.type == BDADDR_BREDR) {
5165 err = hci_bdaddr_list_del(&hdev->whitelist,
5166 &cp->addr.bdaddr,
5167 cp->addr.type);
5168 if (err) {
51d7a94d
JH		 5169 err = mgmt_cmd_complete(sk, hdev->id,
5170 MGMT_OP_REMOVE_DEVICE,
5171 MGMT_STATUS_INVALID_PARAMS,
5172 &cp->addr,
5173 sizeof(cp->addr));
6659358e
JH		 5174 goto unlock;
5175 }
5176
01b1cb87 5177 hci_req_update_scan(hdev);
a397407f 5178
6659358e
JH		 5179 device_removed(sk, hdev, &cp->addr.bdaddr,
5180 cp->addr.type);
5181 goto complete;
5182 }
5183
85813a7e 5184 addr_type = le_addr_type(cp->addr.type);
2faade53 5185
9a0a8a8e
JP		 5186 /* Kernel internally uses conn_params with resolvable private
5187 * address, but Remove Device allows only identity addresses.
5188 * Make sure it is enforced before calling
5189 * hci_conn_params_lookup.
5190 */
5191 if (!hci_is_identity_address(&cp->addr.bdaddr, addr_type)) {
51d7a94d
JH		 5192 err = mgmt_cmd_complete(sk, hdev->id,
5193 MGMT_OP_REMOVE_DEVICE,
5194 MGMT_STATUS_INVALID_PARAMS,
5195 &cp->addr, sizeof(cp->addr));
9a0a8a8e
JP		 5196 goto unlock;
5197 }
5198
c71593dd
JH		 5199 params = hci_conn_params_lookup(hdev, &cp->addr.bdaddr,
5200 addr_type);
5201 if (!params) {
51d7a94d
JH		 5202 err = mgmt_cmd_complete(sk, hdev->id,
5203 MGMT_OP_REMOVE_DEVICE,
5204 MGMT_STATUS_INVALID_PARAMS,
5205 &cp->addr, sizeof(cp->addr));
c71593dd
JH		 5206 goto unlock;
5207 }
5208
679d2b6f
JH		 5209 if (params->auto_connect == HCI_AUTO_CONN_DISABLED ||
5210 params->auto_connect == HCI_AUTO_CONN_EXPLICIT) {
51d7a94d
JH		 5211 err = mgmt_cmd_complete(sk, hdev->id,
5212 MGMT_OP_REMOVE_DEVICE,
5213 MGMT_STATUS_INVALID_PARAMS,
5214 &cp->addr, sizeof(cp->addr));
c71593dd
JH		 5215 goto unlock;
5216 }
5217
d1dbf12e 5218 list_del(&params->action);
c71593dd
JH		 5219 list_del(&params->list);
5220 kfree(params);
51d7a94d 5221 hci_update_background_scan(hdev);
8afef092
MH		 5222
5223 device_removed(sk, hdev, &cp->addr.bdaddr, cp->addr.type);
2faade53 5224 } else {
19de0825 5225 struct hci_conn_params *p, *tmp;
6659358e 5226 struct bdaddr_list *b, *btmp;
19de0825 5227
2faade53 5228 if (cp->addr.type) {
51d7a94d
JH		 5229 err = mgmt_cmd_complete(sk, hdev->id,
5230 MGMT_OP_REMOVE_DEVICE,
5231 MGMT_STATUS_INVALID_PARAMS,
5232 &cp->addr, sizeof(cp->addr));
2faade53
MH		 5233 goto unlock;
5234 }
5235
6659358e
JH		 5236 list_for_each_entry_safe(b, btmp, &hdev->whitelist, list) {
5237 device_removed(sk, hdev, &b->bdaddr, b->bdaddr_type);
5238 list_del(&b->list);
5239 kfree(b);
5240 }
5241
01b1cb87 5242 hci_req_update_scan(hdev);
a397407f 5243
19de0825
JH		 5244 list_for_each_entry_safe(p, tmp, &hdev->le_conn_params, list) {
5245 if (p->auto_connect == HCI_AUTO_CONN_DISABLED)
5246 continue;
5247 device_removed(sk, hdev, &p->addr, p->addr_type);
679d2b6f
JH		 5248 if (p->explicit_connect) {
5249 p->auto_connect = HCI_AUTO_CONN_EXPLICIT;
5250 continue;
5251 }
19de0825
JH		 5252 list_del(&p->action);
5253 list_del(&p->list);
5254 kfree(p);
5255 }
5256
5257 BT_DBG("All LE connection parameters were removed");
5258
51d7a94d 5259 hci_update_background_scan(hdev);
2faade53
MH		 5260 }
5261
6659358e 5262complete:
51d7a94d
JH		 5263 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_DEVICE,
5264 MGMT_STATUS_SUCCESS, &cp->addr,
5265 sizeof(cp->addr));
2faade53
MH		 5266unlock:
5267 hci_dev_unlock(hdev);
5268 return err;
5269}
5270
a26f3dcf
JH		 5271static int load_conn_param(struct sock *sk, struct hci_dev *hdev, void *data,
5272 u16 len)
5273{
5274 struct mgmt_cp_load_conn_param *cp = data;
ba1d6936
JH		 5275 const u16 max_param_count = ((U16_MAX - sizeof(*cp)) /
5276 sizeof(struct mgmt_conn_param));
a26f3dcf
JH		 5277 u16 param_count, expected_len;
5278 int i;
5279
5280 if (!lmp_le_capable(hdev))
a69e8375
JH		 5281 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM,
5282 MGMT_STATUS_NOT_SUPPORTED);
a26f3dcf
JH		 5283
5284 param_count = __le16_to_cpu(cp->param_count);
ba1d6936
JH		 5285 if (param_count > max_param_count) {
5286 BT_ERR("load_conn_param: too big param_count value %u",
5287 param_count);
a69e8375
JH		 5288 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM,
5289 MGMT_STATUS_INVALID_PARAMS);
ba1d6936 5290 }
a26f3dcf
JH		 5291
5292 expected_len = sizeof(*cp) + param_count *
5293 sizeof(struct mgmt_conn_param);
5294 if (expected_len != len) {
5295 BT_ERR("load_conn_param: expected %u bytes, got %u bytes",
5296 expected_len, len);
a69e8375
JH		 5297 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM,
5298 MGMT_STATUS_INVALID_PARAMS);
a26f3dcf
JH		 5299 }
5300
5301 BT_DBG("%s param_count %u", hdev->name, param_count);
5302
5303 hci_dev_lock(hdev);
5304
5305 hci_conn_params_clear_disabled(hdev);
5306
5307 for (i = 0; i < param_count; i++) {
5308 struct mgmt_conn_param *param = &cp->params[i];
5309 struct hci_conn_params *hci_param;
5310 u16 min, max, latency, timeout;
5311 u8 addr_type;
5312
5313 BT_DBG("Adding %pMR (type %u)", &param->addr.bdaddr,
5314 param->addr.type);
5315
5316 if (param->addr.type == BDADDR_LE_PUBLIC) {
5317 addr_type = ADDR_LE_DEV_PUBLIC;
5318 } else if (param->addr.type == BDADDR_LE_RANDOM) {
5319 addr_type = ADDR_LE_DEV_RANDOM;
5320 } else {
5321 BT_ERR("Ignoring invalid connection parameters");
5322 continue;
5323 }
5324
5325 min = le16_to_cpu(param->min_interval);
5326 max = le16_to_cpu(param->max_interval);
5327 latency = le16_to_cpu(param->latency);
5328 timeout = le16_to_cpu(param->timeout);
5329
5330 BT_DBG("min 0x%04x max 0x%04x latency 0x%04x timeout 0x%04x",
5331 min, max, latency, timeout);
5332
5333 if (hci_check_conn_params(min, max, latency, timeout) < 0) {
5334 BT_ERR("Ignoring invalid connection parameters");
5335 continue;
5336 }
5337
5338 hci_param = hci_conn_params_add(hdev, &param->addr.bdaddr,
5339 addr_type);
5340 if (!hci_param) {
5341 BT_ERR("Failed to add connection parameters");
5342 continue;
5343 }
5344
5345 hci_param->conn_min_interval = min;
5346 hci_param->conn_max_interval = max;
5347 hci_param->conn_latency = latency;
5348 hci_param->supervision_timeout = timeout;
5349 }
5350
5351 hci_dev_unlock(hdev);
5352
2a1afb5a
JH		 5353 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM, 0,
5354 NULL, 0);
a26f3dcf
JH		 5355}
5356
dbece37a
MH		 5357static int set_external_config(struct sock *sk, struct hci_dev *hdev,
5358 void *data, u16 len)
5359{
5360 struct mgmt_cp_set_external_config *cp = data;
5361 bool changed;
5362 int err;
5363
5364 BT_DBG("%s", hdev->name);
5365
5366 if (hdev_is_powered(hdev))
a69e8375
JH		 5367 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG,
5368 MGMT_STATUS_REJECTED);
dbece37a
MH		 5369
5370 if (cp->config != 0x00 && cp->config != 0x01)
a69e8375
JH		 5371 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG,
5372 MGMT_STATUS_INVALID_PARAMS);
dbece37a
MH		 5373
5374 if (!test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks))
a69e8375
JH		 5375 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG,
5376 MGMT_STATUS_NOT_SUPPORTED);
dbece37a
MH		 5377
5378 hci_dev_lock(hdev);
5379
5380 if (cp->config)
238be788 5381 changed = !hci_dev_test_and_set_flag(hdev, HCI_EXT_CONFIGURED);
dbece37a 5382 else
a69d8927 5383 changed = hci_dev_test_and_clear_flag(hdev, HCI_EXT_CONFIGURED);
dbece37a
MH		 5384
5385 err = send_options_rsp(sk, MGMT_OP_SET_EXTERNAL_CONFIG, hdev);
5386 if (err < 0)
5387 goto unlock;
5388
5389 if (!changed)
5390 goto unlock;
5391
f4537c04
MH		 5392 err = new_options(hdev, sk);
5393
d7a5a11d 5394 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED) == is_configured(hdev)) {
dbece37a 5395 mgmt_index_removed(hdev);
d603b76b 5396
516018a9 5397 if (hci_dev_test_and_change_flag(hdev, HCI_UNCONFIGURED)) {
a1536da2
MH		 5398 hci_dev_set_flag(hdev, HCI_CONFIG);
5399 hci_dev_set_flag(hdev, HCI_AUTO_OFF);
d603b76b
MH		 5400
5401 queue_work(hdev->req_workqueue, &hdev->power_on);
5402 } else {
5ea234d3 5403 set_bit(HCI_RAW, &hdev->flags);
d603b76b
MH		 5404 mgmt_index_added(hdev);
5405 }
dbece37a
MH		 5406 }
5407
5408unlock:
5409 hci_dev_unlock(hdev);
5410 return err;
5411}
5412
9713c17b
MH		 5413static int set_public_address(struct sock *sk, struct hci_dev *hdev,
5414 void *data, u16 len)
5415{
5416 struct mgmt_cp_set_public_address *cp = data;
5417 bool changed;
5418 int err;
5419
5420 BT_DBG("%s", hdev->name);
5421
5422 if (hdev_is_powered(hdev))
a69e8375
JH		 5423 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS,
5424 MGMT_STATUS_REJECTED);
9713c17b
MH		 5425
5426 if (!bacmp(&cp->bdaddr, BDADDR_ANY))
a69e8375
JH		 5427 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS,
5428 MGMT_STATUS_INVALID_PARAMS);
9713c17b
MH		 5429
5430 if (!hdev->set_bdaddr)
a69e8375
JH		 5431 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS,
5432 MGMT_STATUS_NOT_SUPPORTED);
9713c17b
MH		 5433
5434 hci_dev_lock(hdev);
5435
5436 changed = !!bacmp(&hdev->public_addr, &cp->bdaddr);
5437 bacpy(&hdev->public_addr, &cp->bdaddr);
5438
5439 err = send_options_rsp(sk, MGMT_OP_SET_PUBLIC_ADDRESS, hdev);
5440 if (err < 0)
5441 goto unlock;
5442
5443 if (!changed)
5444 goto unlock;
5445
d7a5a11d 5446 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED))
9713c17b
MH		 5447 err = new_options(hdev, sk);
5448
5449 if (is_configured(hdev)) {
5450 mgmt_index_removed(hdev);
5451
a358dc11 5452 hci_dev_clear_flag(hdev, HCI_UNCONFIGURED);
9713c17b 5453
a1536da2
MH		 5454 hci_dev_set_flag(hdev, HCI_CONFIG);
5455 hci_dev_set_flag(hdev, HCI_AUTO_OFF);
9713c17b
MH		 5456
5457 queue_work(hdev->req_workqueue, &hdev->power_on);
5458 }
5459
5460unlock:
5461 hci_dev_unlock(hdev);
5462 return err;
5463}
5464
bea41609
MH		 5465static inline u16 eir_append_data(u8 *eir, u16 eir_len, u8 type, u8 *data,
5466 u8 data_len)
5467{
5468 eir[eir_len++] = sizeof(type) + data_len;
5469 eir[eir_len++] = type;
5470 memcpy(&eir[eir_len], data, data_len);
5471 eir_len += data_len;
5472
5473 return eir_len;
5474}
5475
40f66c05
JH		 5476static void read_local_oob_ext_data_complete(struct hci_dev *hdev, u8 status,
5477 u16 opcode, struct sk_buff *skb)
5478{
5479 const struct mgmt_cp_read_local_oob_ext_data *mgmt_cp;
5480 struct mgmt_rp_read_local_oob_ext_data *mgmt_rp;
5481 u8 *h192, *r192, *h256, *r256;
5482 struct mgmt_pending_cmd *cmd;
5483 u16 eir_len;
5484 int err;
5485
5486 BT_DBG("%s status %u", hdev->name, status);
5487
5488 cmd = pending_find(MGMT_OP_READ_LOCAL_OOB_EXT_DATA, hdev);
5489 if (!cmd)
5490 return;
5491
5492 mgmt_cp = cmd->param;
5493
5494 if (status) {
5495 status = mgmt_status(status);
5496 eir_len = 0;
5497
5498 h192 = NULL;
5499 r192 = NULL;
5500 h256 = NULL;
5501 r256 = NULL;
5502 } else if (opcode == HCI_OP_READ_LOCAL_OOB_DATA) {
5503 struct hci_rp_read_local_oob_data *rp;
5504
5505 if (skb->len != sizeof(*rp)) {
5506 status = MGMT_STATUS_FAILED;
5507 eir_len = 0;
5508 } else {
5509 status = MGMT_STATUS_SUCCESS;
5510 rp = (void *)skb->data;
5511
5512 eir_len = 5 + 18 + 18;
5513 h192 = rp->hash;
5514 r192 = rp->rand;
5515 h256 = NULL;
5516 r256 = NULL;
5517 }
5518 } else {
5519 struct hci_rp_read_local_oob_ext_data *rp;
5520
5521 if (skb->len != sizeof(*rp)) {
5522 status = MGMT_STATUS_FAILED;
5523 eir_len = 0;
5524 } else {
5525 status = MGMT_STATUS_SUCCESS;
5526 rp = (void *)skb->data;
5527
5528 if (hci_dev_test_flag(hdev, HCI_SC_ONLY)) {
5529 eir_len = 5 + 18 + 18;
5530 h192 = NULL;
5531 r192 = NULL;
5532 } else {
5533 eir_len = 5 + 18 + 18 + 18 + 18;
5534 h192 = rp->hash192;
5535 r192 = rp->rand192;
5536 }
5537
5538 h256 = rp->hash256;
5539 r256 = rp->rand256;
5540 }
5541 }
5542
5543 mgmt_rp = kmalloc(sizeof(*mgmt_rp) + eir_len, GFP_KERNEL);
5544 if (!mgmt_rp)
5545 goto done;
5546
5547 if (status)
5548 goto send_rsp;
5549
5550 eir_len = eir_append_data(mgmt_rp->eir, 0, EIR_CLASS_OF_DEV,
5551 hdev->dev_class, 3);
5552
5553 if (h192 && r192) {
5554 eir_len = eir_append_data(mgmt_rp->eir, eir_len,
5555 EIR_SSP_HASH_C192, h192, 16);
5556 eir_len = eir_append_data(mgmt_rp->eir, eir_len,
5557 EIR_SSP_RAND_R192, r192, 16);
5558 }
5559
5560 if (h256 && r256) {
5561 eir_len = eir_append_data(mgmt_rp->eir, eir_len,
5562 EIR_SSP_HASH_C256, h256, 16);
5563 eir_len = eir_append_data(mgmt_rp->eir, eir_len,
5564 EIR_SSP_RAND_R256, r256, 16);
5565 }
5566
5567send_rsp:
5568 mgmt_rp->type = mgmt_cp->type;
5569 mgmt_rp->eir_len = cpu_to_le16(eir_len);
5570
5571 err = mgmt_cmd_complete(cmd->sk, hdev->id,
5572 MGMT_OP_READ_LOCAL_OOB_EXT_DATA, status,
5573 mgmt_rp, sizeof(*mgmt_rp) + eir_len);
5574 if (err < 0 || status)
5575 goto done;
5576
5577 hci_sock_set_flag(cmd->sk, HCI_MGMT_OOB_DATA_EVENTS);
5578
5579 err = mgmt_limited_event(MGMT_EV_LOCAL_OOB_DATA_UPDATED, hdev,
5580 mgmt_rp, sizeof(*mgmt_rp) + eir_len,
5581 HCI_MGMT_OOB_DATA_EVENTS, cmd->sk);
5582done:
5583 kfree(mgmt_rp);
5584 mgmt_pending_remove(cmd);
5585}
5586
5587static int read_local_ssp_oob_req(struct hci_dev *hdev, struct sock *sk,
5588 struct mgmt_cp_read_local_oob_ext_data *cp)
5589{
5590 struct mgmt_pending_cmd *cmd;
5591 struct hci_request req;
5592 int err;
5593
5594 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_EXT_DATA, hdev,
5595 cp, sizeof(*cp));
5596 if (!cmd)
5597 return -ENOMEM;
5598
5599 hci_req_init(&req, hdev);
5600
5601 if (bredr_sc_enabled(hdev))
5602 hci_req_add(&req, HCI_OP_READ_LOCAL_OOB_EXT_DATA, 0, NULL);
5603 else
5604 hci_req_add(&req, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL);
5605
5606 err = hci_req_run_skb(&req, read_local_oob_ext_data_complete);
5607 if (err < 0) {
5608 mgmt_pending_remove(cmd);
5609 return err;
5610 }
5611
5612 return 0;
5613}
5614
4f0f155c
MH		 5615static int read_local_oob_ext_data(struct sock *sk, struct hci_dev *hdev,
5616 void *data, u16 data_len)
5617{
5618 struct mgmt_cp_read_local_oob_ext_data *cp = data;
5619 struct mgmt_rp_read_local_oob_ext_data *rp;
5620 size_t rp_len;
5621 u16 eir_len;
0821a2c5 5622 u8 status, flags, role, addr[7], hash[16], rand[16];
4f0f155c
MH		 5623 int err;
5624
5625 BT_DBG("%s", hdev->name);
5626
57b0d3e8
MH		 5627 if (hdev_is_powered(hdev)) {
5628 switch (cp->type) {
5629 case BIT(BDADDR_BREDR):
5630 status = mgmt_bredr_support(hdev);
5631 if (status)
5632 eir_len = 0;
5633 else
5634 eir_len = 5;
5635 break;
5636 case (BIT(BDADDR_LE_PUBLIC) | BIT(BDADDR_LE_RANDOM)):
5637 status = mgmt_le_support(hdev);
5638 if (status)
5639 eir_len = 0;
5640 else
5641 eir_len = 9 + 3 + 18 + 18 + 3;
5642 break;
5643 default:
5644 status = MGMT_STATUS_INVALID_PARAMS;
5645 eir_len = 0;
5646 break;
5647 }
5648 } else {
5649 status = MGMT_STATUS_NOT_POWERED;
5650 eir_len = 0;
4f0f155c
MH		 5651 }
5652
4f0f155c
MH		 5653 rp_len = sizeof(*rp) + eir_len;
5654 rp = kmalloc(rp_len, GFP_ATOMIC);
efcd8c98 5655 if (!rp)
4f0f155c 5656 return -ENOMEM;
efcd8c98 5657
57b0d3e8
MH		 5658 if (status)
5659 goto complete;
5660
efcd8c98 5661 hci_dev_lock(hdev);
4f0f155c
MH		 5662
5663 eir_len = 0;
5664 switch (cp->type) {
5665 case BIT(BDADDR_BREDR):
40f66c05
JH		 5666 if (hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) {
5667 err = read_local_ssp_oob_req(hdev, sk, cp);
5668 hci_dev_unlock(hdev);
5669 if (!err)
5670 goto done;
5671
5672 status = MGMT_STATUS_FAILED;
5673 goto complete;
5674 } else {
5675 eir_len = eir_append_data(rp->eir, eir_len,
5676 EIR_CLASS_OF_DEV,
5677 hdev->dev_class, 3);
5678 }
4f0f155c
MH		 5679 break;
5680 case (BIT(BDADDR_LE_PUBLIC) | BIT(BDADDR_LE_RANDOM)):
5082a599
MH		 5681 if (hci_dev_test_flag(hdev, HCI_SC_ENABLED) &&
5682 smp_generate_oob(hdev, hash, rand) < 0) {
0821a2c5 5683 hci_dev_unlock(hdev);
57b0d3e8
MH		 5684 status = MGMT_STATUS_FAILED;
5685 goto complete;
0821a2c5
MH		 5686 }
5687
e213568a
MH		 5688 /* This should return the active RPA, but since the RPA
5689 * is only programmed on demand, it is really hard to fill
5690 * this in at the moment. For now disallow retrieving
5691 * local out-of-band data when privacy is in use.
5692 *
5693 * Returning the identity address will not help here since
5694 * pairing happens before the identity resolving key is
5695 * known and thus the connection establishment happens
5696 * based on the RPA and not the identity address.
5697 */
4f0f155c 5698 if (hci_dev_test_flag(hdev, HCI_PRIVACY)) {
e213568a
MH		 5699 hci_dev_unlock(hdev);
5700 status = MGMT_STATUS_REJECTED;
5701 goto complete;
5702 }
5703
5704 if (hci_dev_test_flag(hdev, HCI_FORCE_STATIC_ADDR) ||
5705 !bacmp(&hdev->bdaddr, BDADDR_ANY) ||
5706 (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) &&
5707 bacmp(&hdev->static_addr, BDADDR_ANY))) {
4f0f155c
MH		 5708 memcpy(addr, &hdev->static_addr, 6);
5709 addr[6] = 0x01;
5710 } else {
5711 memcpy(addr, &hdev->bdaddr, 6);
5712 addr[6] = 0x00;
5713 }
5714
5715 eir_len = eir_append_data(rp->eir, eir_len, EIR_LE_BDADDR,
5716 addr, sizeof(addr));
5717
5718 if (hci_dev_test_flag(hdev, HCI_ADVERTISING))
5719 role = 0x02;
5720 else
5721 role = 0x01;
5722
5723 eir_len = eir_append_data(rp->eir, eir_len, EIR_LE_ROLE,
5724 &role, sizeof(role));
5725
5082a599
MH		 5726 if (hci_dev_test_flag(hdev, HCI_SC_ENABLED)) {
5727 eir_len = eir_append_data(rp->eir, eir_len,
5728 EIR_LE_SC_CONFIRM,
5729 hash, sizeof(hash));
0821a2c5 5730
5082a599
MH		 5731 eir_len = eir_append_data(rp->eir, eir_len,
5732 EIR_LE_SC_RANDOM,
5733 rand, sizeof(rand));
5734 }
0821a2c5 5735
f2252570 5736 flags = mgmt_get_adv_discov_flags(hdev);
4f0f155c
MH		 5737
5738 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
5739 flags |= LE_AD_NO_BREDR;
5740
5741 eir_len = eir_append_data(rp->eir, eir_len, EIR_FLAGS,
5742 &flags, sizeof(flags));
5743 break;
5744 }
5745
4f0f155c
MH		 5746 hci_dev_unlock(hdev);
5747
72000df2
MH		 5748 hci_sock_set_flag(sk, HCI_MGMT_OOB_DATA_EVENTS);
5749
57b0d3e8
MH		 5750 status = MGMT_STATUS_SUCCESS;
5751
5752complete:
efcd8c98
MH		 5753 rp->type = cp->type;
5754 rp->eir_len = cpu_to_le16(eir_len);
5755
4f0f155c 5756 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_EXT_DATA,
57b0d3e8
MH		 5757 status, rp, sizeof(*rp) + eir_len);
5758 if (err < 0 || status)
72000df2
MH		 5759 goto done;
5760
5761 err = mgmt_limited_event(MGMT_EV_LOCAL_OOB_DATA_UPDATED, hdev,
5762 rp, sizeof(*rp) + eir_len,
5763 HCI_MGMT_OOB_DATA_EVENTS, sk);
4f0f155c 5764
0821a2c5 5765done:
4f0f155c
MH		 5766 kfree(rp);
5767
5768 return err;
5769}
5770
089fa8c0
AU		 5771static u32 get_supported_adv_flags(struct hci_dev *hdev)
5772{
5773 u32 flags = 0;
5774
5775 flags |= MGMT_ADV_FLAG_CONNECTABLE;
5776 flags |= MGMT_ADV_FLAG_DISCOV;
5777 flags |= MGMT_ADV_FLAG_LIMITED_DISCOV;
5778 flags |= MGMT_ADV_FLAG_MANAGED_FLAGS;
5779
5780 if (hdev->adv_tx_power != HCI_TX_POWER_INVALID)
5781 flags |= MGMT_ADV_FLAG_TX_POWER;
5782
5783 return flags;
5784}
5785
d3d5305b
MH		 5786static int read_adv_features(struct sock *sk, struct hci_dev *hdev,
5787 void *data, u16 data_len)
5788{
5789 struct mgmt_rp_read_adv_features *rp;
5790 size_t rp_len;
02c04afe 5791 int err;
286e0c83 5792 struct adv_info *adv_instance;
089fa8c0 5793 u32 supported_flags;
02c04afe 5794 u8 *instance;
d3d5305b
MH		 5795
5796 BT_DBG("%s", hdev->name);
5797
089fa8c0
AU		 5798 if (!lmp_le_capable(hdev))
5799 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_ADV_FEATURES,
5800 MGMT_STATUS_REJECTED);
5801
d3d5305b
MH		 5802 hci_dev_lock(hdev);
5803
02c04afe 5804 rp_len = sizeof(*rp) + hdev->adv_instance_cnt;
d3d5305b
MH		 5805 rp = kmalloc(rp_len, GFP_ATOMIC);
5806 if (!rp) {
5807 hci_dev_unlock(hdev);
5808 return -ENOMEM;
5809 }
5810
089fa8c0
AU		 5811 supported_flags = get_supported_adv_flags(hdev);
5812
5813 rp->supported_flags = cpu_to_le32(supported_flags);
dc5d82a9
MH		 5814 rp->max_adv_data_len = HCI_MAX_AD_LENGTH;
5815 rp->max_scan_rsp_len = HCI_MAX_AD_LENGTH;
d2609b34 5816 rp->max_instances = HCI_MAX_ADV_INSTANCES;
02c04afe 5817 rp->num_instances = hdev->adv_instance_cnt;
24b4f38f 5818
02c04afe
JH		 5819 instance = rp->instance;
5820 list_for_each_entry(adv_instance, &hdev->adv_instances, list) {
5821 *instance = adv_instance->instance;
5822 instance++;
24b4f38f 5823 }
d3d5305b
MH		 5824
5825 hci_dev_unlock(hdev);
5826
5827 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_ADV_FEATURES,
5828 MGMT_STATUS_SUCCESS, rp, rp_len);
5829
5830 kfree(rp);
5831
5832 return err;
5833}
5834
4117ed70 5835static bool tlv_data_is_valid(struct hci_dev *hdev, u32 adv_flags, u8 *data,
b44133ff 5836 u8 len, bool is_adv_data)
24b4f38f 5837{
4117ed70 5838 u8 max_len = HCI_MAX_AD_LENGTH;
24b4f38f 5839 int i, cur_len;
b44133ff 5840 bool flags_managed = false;
5507e358 5841 bool tx_power_managed = false;
24b4f38f 5842
31a3248d
MH		 5843 if (is_adv_data) {
5844 if (adv_flags & (MGMT_ADV_FLAG_DISCOV |
5845 MGMT_ADV_FLAG_LIMITED_DISCOV |
5846 MGMT_ADV_FLAG_MANAGED_FLAGS)) {
5847 flags_managed = true;
5848 max_len -= 3;
5849 }
24b4f38f 5850
31a3248d
MH		 5851 if (adv_flags & MGMT_ADV_FLAG_TX_POWER) {
5852 tx_power_managed = true;
5853 max_len -= 3;
5854 }
5507e358
AU		 5855 }
5856
4117ed70 5857 if (len > max_len)
24b4f38f
AU		 5858 return false;
5859
4117ed70
AU		 5860 /* Make sure that the data is correctly formatted. */
5861 for (i = 0, cur_len = 0; i < len; i += (cur_len + 1)) {
5862 cur_len = data[i];
24b4f38f 5863
b44133ff
AU		 5864 if (flags_managed && data[i + 1] == EIR_FLAGS)
5865 return false;
5866
5507e358
AU		 5867 if (tx_power_managed && data[i + 1] == EIR_TX_POWER)
5868 return false;
5869
24b4f38f
AU		 5870 /* If the current field length would exceed the total data
5871 * length, then it's invalid.
5872 */
4117ed70 5873 if (i + cur_len >= len)
24b4f38f
AU		 5874 return false;
5875 }
5876
5877 return true;
5878}
5879
24b4f38f
AU		 5880static void add_advertising_complete(struct hci_dev *hdev, u8 status,
5881 u16 opcode)
5882{
5883 struct mgmt_pending_cmd *cmd;
fffd38bc 5884 struct mgmt_cp_add_advertising *cp;
24b4f38f 5885 struct mgmt_rp_add_advertising rp;
fffd38bc
FG		 5886 struct adv_info *adv_instance, *n;
5887 u8 instance;
24b4f38f
AU		 5888
5889 BT_DBG("status %d", status);
5890
5891 hci_dev_lock(hdev);
5892
5893 cmd = pending_find(MGMT_OP_ADD_ADVERTISING, hdev);
5894
fffd38bc 5895 if (status)
24b4f38f 5896 hci_dev_clear_flag(hdev, HCI_ADVERTISING_INSTANCE);
fffd38bc
FG		 5897
5898 list_for_each_entry_safe(adv_instance, n, &hdev->adv_instances, list) {
5899 if (!adv_instance->pending)
5900 continue;
5901
5902 if (!status) {
5903 adv_instance->pending = false;
5904 continue;
5905 }
5906
5907 instance = adv_instance->instance;
5908
5909 if (hdev->cur_adv_instance == instance)
5910 cancel_adv_timeout(hdev);
5911
5912 hci_remove_adv_instance(hdev, instance);
f2252570 5913 mgmt_advertising_removed(cmd ? cmd->sk : NULL, hdev, instance);
24b4f38f
AU		 5914 }
5915
5916 if (!cmd)
5917 goto unlock;
5918
fffd38bc
FG		 5919 cp = cmd->param;
5920 rp.instance = cp->instance;
24b4f38f
AU		 5921
5922 if (status)
5923 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode,
5924 mgmt_status(status));
5925 else
5926 mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode,
5927 mgmt_status(status), &rp, sizeof(rp));
5928
5929 mgmt_pending_remove(cmd);
5930
5931unlock:
5932 hci_dev_unlock(hdev);
5933}
5934
5935static int add_advertising(struct sock *sk, struct hci_dev *hdev,
5936 void *data, u16 data_len)
5937{
5938 struct mgmt_cp_add_advertising *cp = data;
5939 struct mgmt_rp_add_advertising rp;
5940 u32 flags;
089fa8c0 5941 u32 supported_flags;
24b4f38f 5942 u8 status;
fffd38bc
FG		 5943 u16 timeout, duration;
5944 unsigned int prev_instance_cnt = hdev->adv_instance_cnt;
5945 u8 schedule_instance = 0;
5946 struct adv_info *next_instance;
24b4f38f
AU		 5947 int err;
5948 struct mgmt_pending_cmd *cmd;
5949 struct hci_request req;
5950
5951 BT_DBG("%s", hdev->name);
5952
5953 status = mgmt_le_support(hdev);
5954 if (status)
5955 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
5956 status);
5957
ceff86af
MH		 5958 if (cp->instance < 1 || cp->instance > HCI_MAX_ADV_INSTANCES)
5959 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
5960 MGMT_STATUS_INVALID_PARAMS);
5961
24b4f38f 5962 flags = __le32_to_cpu(cp->flags);
912098a6 5963 timeout = __le16_to_cpu(cp->timeout);
fffd38bc 5964 duration = __le16_to_cpu(cp->duration);
24b4f38f 5965
fffd38bc
FG		 5966 /* The current implementation only supports a subset of the specified
5967 * flags.
089fa8c0
AU		 5968 */
5969 supported_flags = get_supported_adv_flags(hdev);
fffd38bc 5970 if (flags & ~supported_flags)
24b4f38f
AU		 5971 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
5972 MGMT_STATUS_INVALID_PARAMS);
5973
5974 hci_dev_lock(hdev);
5975
912098a6
AU		 5976 if (timeout && !hdev_is_powered(hdev)) {
5977 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
5978 MGMT_STATUS_REJECTED);
5979 goto unlock;
5980 }
5981
24b4f38f 5982 if (pending_find(MGMT_OP_ADD_ADVERTISING, hdev) ||
da929335 5983 pending_find(MGMT_OP_REMOVE_ADVERTISING, hdev) ||
24b4f38f
AU		 5984 pending_find(MGMT_OP_SET_LE, hdev)) {
5985 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
5986 MGMT_STATUS_BUSY);
5987 goto unlock;
5988 }
5989
b44133ff 5990 if (!tlv_data_is_valid(hdev, flags, cp->data, cp->adv_data_len, true) ||
4117ed70 5991 !tlv_data_is_valid(hdev, flags, cp->data + cp->adv_data_len,
b44133ff 5992 cp->scan_rsp_len, false)) {
24b4f38f
AU		 5993 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
5994 MGMT_STATUS_INVALID_PARAMS);
5995 goto unlock;
5996 }
5997
fffd38bc
FG		 5998 err = hci_add_adv_instance(hdev, cp->instance, flags,
5999 cp->adv_data_len, cp->data,
6000 cp->scan_rsp_len,
6001 cp->data + cp->adv_data_len,
6002 timeout, duration);
6003 if (err < 0) {
6004 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
6005 MGMT_STATUS_FAILED);
6006 goto unlock;
6007 }
24b4f38f 6008
fffd38bc
FG		 6009 /* Only trigger an advertising added event if a new instance was
6010 * actually added.
6011 */
6012 if (hdev->adv_instance_cnt > prev_instance_cnt)
f2252570 6013 mgmt_advertising_added(sk, hdev, cp->instance);
912098a6 6014
fffd38bc 6015 hci_dev_set_flag(hdev, HCI_ADVERTISING_INSTANCE);
912098a6 6016
fffd38bc
FG		 6017 if (hdev->cur_adv_instance == cp->instance) {
6018 /* If the currently advertised instance is being changed then
6019 * cancel the current advertising and schedule the next
6020 * instance. If there is only one instance then the overridden
6021 * advertising data will be visible right away.
6022 */
6023 cancel_adv_timeout(hdev);
912098a6 6024
fffd38bc
FG		 6025 next_instance = hci_get_next_instance(hdev, cp->instance);
6026 if (next_instance)
6027 schedule_instance = next_instance->instance;
6028 } else if (!hdev->adv_instance_timeout) {
6029 /* Immediately advertise the new instance if no other
6030 * instance is currently being advertised.
6031 */
6032 schedule_instance = cp->instance;
6033 }
24b4f38f 6034
fffd38bc
FG		 6035 /* If the HCI_ADVERTISING flag is set or the device isn't powered or
6036 * there is no instance to be advertised then we have no HCI
6037 * communication to make. Simply return.
24b4f38f
AU		 6038 */
6039 if (!hdev_is_powered(hdev) ||
fffd38bc
FG		 6040 hci_dev_test_flag(hdev, HCI_ADVERTISING) ||
6041 !schedule_instance) {
6042 rp.instance = cp->instance;
24b4f38f
AU		 6043 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
6044 MGMT_STATUS_SUCCESS, &rp, sizeof(rp));
6045 goto unlock;
6046 }
6047
6048 /* We're good to go, update advertising data, parameters, and start
6049 * advertising.
6050 */
6051 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_ADVERTISING, hdev, data,
6052 data_len);
6053 if (!cmd) {
6054 err = -ENOMEM;
6055 goto unlock;
6056 }
6057
6058 hci_req_init(&req, hdev);
6059
f2252570 6060 err = __hci_req_schedule_adv_instance(&req, schedule_instance, true);
fffd38bc
FG		 6061
6062 if (!err)
6063 err = hci_req_run(&req, add_advertising_complete);
24b4f38f 6064
24b4f38f
AU		 6065 if (err < 0)
6066 mgmt_pending_remove(cmd);
6067
6068unlock:
6069 hci_dev_unlock(hdev);
6070
6071 return err;
6072}
6073
da929335
AU		 6074static void remove_advertising_complete(struct hci_dev *hdev, u8 status,
6075 u16 opcode)
6076{
6077 struct mgmt_pending_cmd *cmd;
01948331 6078 struct mgmt_cp_remove_advertising *cp;
da929335
AU		 6079 struct mgmt_rp_remove_advertising rp;
6080
6081 BT_DBG("status %d", status);
6082
6083 hci_dev_lock(hdev);
6084
6085 /* A failure status here only means that we failed to disable
6086 * advertising. Otherwise, the advertising instance has been removed,
6087 * so report success.
6088 */
6089 cmd = pending_find(MGMT_OP_REMOVE_ADVERTISING, hdev);
6090 if (!cmd)
6091 goto unlock;
6092
01948331
FG		 6093 cp = cmd->param;
6094 rp.instance = cp->instance;
da929335
AU		 6095
6096 mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, MGMT_STATUS_SUCCESS,
6097 &rp, sizeof(rp));
6098 mgmt_pending_remove(cmd);
6099
6100unlock:
6101 hci_dev_unlock(hdev);
6102}
6103
6104static int remove_advertising(struct sock *sk, struct hci_dev *hdev,
6105 void *data, u16 data_len)
6106{
6107 struct mgmt_cp_remove_advertising *cp = data;
6108 struct mgmt_rp_remove_advertising rp;
da929335
AU		 6109 struct mgmt_pending_cmd *cmd;
6110 struct hci_request req;
952497b1 6111 int err;
da929335
AU		 6112
6113 BT_DBG("%s", hdev->name);
6114
da929335
AU		 6115 hci_dev_lock(hdev);
6116
952497b1 6117 if (cp->instance && !hci_find_adv_instance(hdev, cp->instance)) {
01948331
FG		 6118 err = mgmt_cmd_status(sk, hdev->id,
6119 MGMT_OP_REMOVE_ADVERTISING,
6120 MGMT_STATUS_INVALID_PARAMS);
6121 goto unlock;
6122 }
6123
da929335
AU		 6124 if (pending_find(MGMT_OP_ADD_ADVERTISING, hdev) ||
6125 pending_find(MGMT_OP_REMOVE_ADVERTISING, hdev) ||
6126 pending_find(MGMT_OP_SET_LE, hdev)) {
6127 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_ADVERTISING,
6128 MGMT_STATUS_BUSY);
6129 goto unlock;
6130 }
6131
6132 if (!hci_dev_test_flag(hdev, HCI_ADVERTISING_INSTANCE)) {
6133 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_ADVERTISING,
6134 MGMT_STATUS_INVALID_PARAMS);
6135 goto unlock;
6136 }
6137
01948331 6138 hci_req_init(&req, hdev);
da929335 6139
f2252570 6140 hci_req_clear_adv_instance(hdev, &req, cp->instance, true);
da929335 6141
01948331 6142 if (list_empty(&hdev->adv_instances))
f2252570 6143 __hci_req_disable_advertising(&req);
da929335 6144
01948331
FG		 6145 /* If no HCI commands have been collected so far or the HCI_ADVERTISING
6146 * flag is set or the device isn't powered then we have no HCI
6147 * communication to make. Simply return.
da929335 6148 */
01948331
FG		 6149 if (skb_queue_empty(&req.cmd_q) ||
6150 !hdev_is_powered(hdev) ||
da929335 6151 hci_dev_test_flag(hdev, HCI_ADVERTISING)) {
01948331 6152 rp.instance = cp->instance;
da929335
AU		 6153 err = mgmt_cmd_complete(sk, hdev->id,
6154 MGMT_OP_REMOVE_ADVERTISING,
6155 MGMT_STATUS_SUCCESS, &rp, sizeof(rp));
6156 goto unlock;
6157 }
6158
6159 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_ADVERTISING, hdev, data,
6160 data_len);
6161 if (!cmd) {
6162 err = -ENOMEM;
6163 goto unlock;
6164 }
6165
da929335
AU		 6166 err = hci_req_run(&req, remove_advertising_complete);
6167 if (err < 0)
6168 mgmt_pending_remove(cmd);
6169
6170unlock:
6171 hci_dev_unlock(hdev);
6172
6173 return err;
6174}
6175
40b25fe5
MH		 6176static u8 tlv_data_max_len(u32 adv_flags, bool is_adv_data)
6177{
6178 u8 max_len = HCI_MAX_AD_LENGTH;
6179
6180 if (is_adv_data) {
6181 if (adv_flags & (MGMT_ADV_FLAG_DISCOV |
6182 MGMT_ADV_FLAG_LIMITED_DISCOV |
6183 MGMT_ADV_FLAG_MANAGED_FLAGS))
6184 max_len -= 3;
6185
6186 if (adv_flags & MGMT_ADV_FLAG_TX_POWER)
6187 max_len -= 3;
6188 }
6189
6190 return max_len;
6191}
6192
6193static int get_adv_size_info(struct sock *sk, struct hci_dev *hdev,
6194 void *data, u16 data_len)
6195{
6196 struct mgmt_cp_get_adv_size_info *cp = data;
6197 struct mgmt_rp_get_adv_size_info rp;
6198 u32 flags, supported_flags;
6199 int err;
6200
6201 BT_DBG("%s", hdev->name);
6202
6203 if (!lmp_le_capable(hdev))
6204 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_GET_ADV_SIZE_INFO,
6205 MGMT_STATUS_REJECTED);
6206
6207 if (cp->instance < 1 || cp->instance > HCI_MAX_ADV_INSTANCES)
6208 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_GET_ADV_SIZE_INFO,
6209 MGMT_STATUS_INVALID_PARAMS);
6210
6211 flags = __le32_to_cpu(cp->flags);
6212
6213 /* The current implementation only supports a subset of the specified
6214 * flags.
6215 */
6216 supported_flags = get_supported_adv_flags(hdev);
6217 if (flags & ~supported_flags)
6218 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_GET_ADV_SIZE_INFO,
6219 MGMT_STATUS_INVALID_PARAMS);
6220
6221 rp.instance = cp->instance;
6222 rp.flags = cp->flags;
6223 rp.max_adv_data_len = tlv_data_max_len(flags, true);
6224 rp.max_scan_rsp_len = tlv_data_max_len(flags, false);
6225
6226 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_ADV_SIZE_INFO,
6227 MGMT_STATUS_SUCCESS, &rp, sizeof(rp));
6228
6229 return err;
6230}
6231
6d785aa3 6232static const struct hci_mgmt_handler mgmt_handlers[] = {
0f4e68cf 6233 { NULL }, /* 0x0000 (no command) */
b9a245fb 6234 { read_version, MGMT_READ_VERSION_SIZE,
c91041dc
MH		 6235 HCI_MGMT_NO_HDEV |
6236 HCI_MGMT_UNTRUSTED },
b9a245fb 6237 { read_commands, MGMT_READ_COMMANDS_SIZE,
c91041dc
MH		 6238 HCI_MGMT_NO_HDEV |
6239 HCI_MGMT_UNTRUSTED },
b9a245fb 6240 { read_index_list, MGMT_READ_INDEX_LIST_SIZE,
c91041dc
MH		 6241 HCI_MGMT_NO_HDEV |
6242 HCI_MGMT_UNTRUSTED },
6243 { read_controller_info, MGMT_READ_INFO_SIZE,
6244 HCI_MGMT_UNTRUSTED },
7aea8616
MH		 6245 { set_powered, MGMT_SETTING_SIZE },
6246 { set_discoverable, MGMT_SET_DISCOVERABLE_SIZE },
6247 { set_connectable, MGMT_SETTING_SIZE },
6248 { set_fast_connectable, MGMT_SETTING_SIZE },
6249 { set_bondable, MGMT_SETTING_SIZE },
6250 { set_link_security, MGMT_SETTING_SIZE },
6251 { set_ssp, MGMT_SETTING_SIZE },
6252 { set_hs, MGMT_SETTING_SIZE },
6253 { set_le, MGMT_SETTING_SIZE },
6254 { set_dev_class, MGMT_SET_DEV_CLASS_SIZE },
6255 { set_local_name, MGMT_SET_LOCAL_NAME_SIZE },
6256 { add_uuid, MGMT_ADD_UUID_SIZE },
6257 { remove_uuid, MGMT_REMOVE_UUID_SIZE },
b9a245fb
JH		 6258 { load_link_keys, MGMT_LOAD_LINK_KEYS_SIZE,
6259 HCI_MGMT_VAR_LEN },
6260 { load_long_term_keys, MGMT_LOAD_LONG_TERM_KEYS_SIZE,
6261 HCI_MGMT_VAR_LEN },
7aea8616
MH		 6262 { disconnect, MGMT_DISCONNECT_SIZE },
6263 { get_connections, MGMT_GET_CONNECTIONS_SIZE },
6264 { pin_code_reply, MGMT_PIN_CODE_REPLY_SIZE },
6265 { pin_code_neg_reply, MGMT_PIN_CODE_NEG_REPLY_SIZE },
6266 { set_io_capability, MGMT_SET_IO_CAPABILITY_SIZE },
6267 { pair_device, MGMT_PAIR_DEVICE_SIZE },
6268 { cancel_pair_device, MGMT_CANCEL_PAIR_DEVICE_SIZE },
6269 { unpair_device, MGMT_UNPAIR_DEVICE_SIZE },
6270 { user_confirm_reply, MGMT_USER_CONFIRM_REPLY_SIZE },
6271 { user_confirm_neg_reply, MGMT_USER_CONFIRM_NEG_REPLY_SIZE },
6272 { user_passkey_reply, MGMT_USER_PASSKEY_REPLY_SIZE },
6273 { user_passkey_neg_reply, MGMT_USER_PASSKEY_NEG_REPLY_SIZE },
b9a245fb
JH		 6274 { read_local_oob_data, MGMT_READ_LOCAL_OOB_DATA_SIZE },
6275 { add_remote_oob_data, MGMT_ADD_REMOTE_OOB_DATA_SIZE,
6276 HCI_MGMT_VAR_LEN },
7aea8616
MH		 6277 { remove_remote_oob_data, MGMT_REMOVE_REMOTE_OOB_DATA_SIZE },
6278 { start_discovery, MGMT_START_DISCOVERY_SIZE },
6279 { stop_discovery, MGMT_STOP_DISCOVERY_SIZE },
6280 { confirm_name, MGMT_CONFIRM_NAME_SIZE },
6281 { block_device, MGMT_BLOCK_DEVICE_SIZE },
6282 { unblock_device, MGMT_UNBLOCK_DEVICE_SIZE },
6283 { set_device_id, MGMT_SET_DEVICE_ID_SIZE },
6284 { set_advertising, MGMT_SETTING_SIZE },
6285 { set_bredr, MGMT_SETTING_SIZE },
6286 { set_static_address, MGMT_SET_STATIC_ADDRESS_SIZE },
6287 { set_scan_params, MGMT_SET_SCAN_PARAMS_SIZE },
6288 { set_secure_conn, MGMT_SETTING_SIZE },
6289 { set_debug_keys, MGMT_SETTING_SIZE },
6290 { set_privacy, MGMT_SET_PRIVACY_SIZE },
b9a245fb
JH		 6291 { load_irks, MGMT_LOAD_IRKS_SIZE,
6292 HCI_MGMT_VAR_LEN },
7aea8616
MH		 6293 { get_conn_info, MGMT_GET_CONN_INFO_SIZE },
6294 { get_clock_info, MGMT_GET_CLOCK_INFO_SIZE },
6295 { add_device, MGMT_ADD_DEVICE_SIZE },
6296 { remove_device, MGMT_REMOVE_DEVICE_SIZE },
b9a245fb
JH		 6297 { load_conn_param, MGMT_LOAD_CONN_PARAM_SIZE,
6298 HCI_MGMT_VAR_LEN },
6299 { read_unconf_index_list, MGMT_READ_UNCONF_INDEX_LIST_SIZE,
c91041dc
MH		 6300 HCI_MGMT_NO_HDEV |
6301 HCI_MGMT_UNTRUSTED },
b9a245fb 6302 { read_config_info, MGMT_READ_CONFIG_INFO_SIZE,
c91041dc
MH		 6303 HCI_MGMT_UNCONFIGURED |
6304 HCI_MGMT_UNTRUSTED },
b9a245fb
JH		 6305 { set_external_config, MGMT_SET_EXTERNAL_CONFIG_SIZE,
6306 HCI_MGMT_UNCONFIGURED },
6307 { set_public_address, MGMT_SET_PUBLIC_ADDRESS_SIZE,
6308 HCI_MGMT_UNCONFIGURED },
6309 { start_service_discovery, MGMT_START_SERVICE_DISCOVERY_SIZE,
6310 HCI_MGMT_VAR_LEN },
4f0f155c 6311 { read_local_oob_ext_data, MGMT_READ_LOCAL_OOB_EXT_DATA_SIZE },
96f1474a 6312 { read_ext_index_list, MGMT_READ_EXT_INDEX_LIST_SIZE,
c91041dc
MH		 6313 HCI_MGMT_NO_HDEV |
6314 HCI_MGMT_UNTRUSTED },
d3d5305b 6315 { read_adv_features, MGMT_READ_ADV_FEATURES_SIZE },
24b4f38f
AU		 6316 { add_advertising, MGMT_ADD_ADVERTISING_SIZE,
6317 HCI_MGMT_VAR_LEN },
da929335 6318 { remove_advertising, MGMT_REMOVE_ADVERTISING_SIZE },
40b25fe5 6319 { get_adv_size_info, MGMT_GET_ADV_SIZE_INFO_SIZE },
0f4e68cf
JH		 6320};
6321
bf6b56db 6322void mgmt_index_added(struct hci_dev *hdev)
c71e97bf 6323{
ced85549 6324 struct mgmt_ev_ext_index ev;
bb4b2a9a 6325
0602a8ad
MH		 6326 if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks))
6327 return;
6328
f9207338
MH		 6329 switch (hdev->dev_type) {
6330 case HCI_BREDR:
6331 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED)) {
6332 mgmt_index_event(MGMT_EV_UNCONF_INDEX_ADDED, hdev,
6333 NULL, 0, HCI_MGMT_UNCONF_INDEX_EVENTS);
ced85549 6334 ev.type = 0x01;
f9207338
MH		 6335 } else {
6336 mgmt_index_event(MGMT_EV_INDEX_ADDED, hdev, NULL, 0,
6337 HCI_MGMT_INDEX_EVENTS);
ced85549 6338 ev.type = 0x00;
f9207338
MH		 6339 }
6340 break;
ced85549
MH		 6341 case HCI_AMP:
6342 ev.type = 0x02;
6343 break;
6344 default:
6345 return;
f9207338 6346 }
ced85549
MH		 6347
6348 ev.bus = hdev->bus;
6349
6350 mgmt_index_event(MGMT_EV_EXT_INDEX_ADDED, hdev, &ev, sizeof(ev),
6351 HCI_MGMT_EXT_INDEX_EVENTS);
c71e97bf
JH		 6352}
6353
bf6b56db 6354void mgmt_index_removed(struct hci_dev *hdev)
c71e97bf 6355{
ced85549 6356 struct mgmt_ev_ext_index ev;
5f159032 6357 u8 status = MGMT_STATUS_INVALID_INDEX;
b24752fe 6358
0602a8ad
MH		 6359 if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks))
6360 return;
6361
f9207338
MH		 6362 switch (hdev->dev_type) {
6363 case HCI_BREDR:
6364 mgmt_pending_foreach(0, hdev, cmd_complete_rsp, &status);
b24752fe 6365
f9207338
MH		 6366 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED)) {
6367 mgmt_index_event(MGMT_EV_UNCONF_INDEX_REMOVED, hdev,
6368 NULL, 0, HCI_MGMT_UNCONF_INDEX_EVENTS);
ced85549 6369 ev.type = 0x01;
f9207338
MH		 6370 } else {
6371 mgmt_index_event(MGMT_EV_INDEX_REMOVED, hdev, NULL, 0,
6372 HCI_MGMT_INDEX_EVENTS);
ced85549 6373 ev.type = 0x00;
f9207338
MH		 6374 }
6375 break;
ced85549
MH		 6376 case HCI_AMP:
6377 ev.type = 0x02;
6378 break;
6379 default:
6380 return;
f9207338 6381 }
ced85549
MH		 6382
6383 ev.bus = hdev->bus;
6384
6385 mgmt_index_event(MGMT_EV_EXT_INDEX_REMOVED, hdev, &ev, sizeof(ev),
6386 HCI_MGMT_EXT_INDEX_EVENTS);
eec8d2bc
JH		 6387}
6388
6046dc3e 6389/* This function requires the caller holds hdev->lock */
af02dd44 6390static void restart_le_actions(struct hci_dev *hdev)
6046dc3e
AG		 6391{
6392 struct hci_conn_params *p;
6393
6394 list_for_each_entry(p, &hdev->le_conn_params, list) {
d7347f3c
JH		 6395 /* Needed for AUTO_OFF case where might not "really"
6396 * have been powered off.
6397 */
6398 list_del_init(&p->action);
6399
6400 switch (p->auto_connect) {
4b9e7e75 6401 case HCI_AUTO_CONN_DIRECT:
d7347f3c
JH		 6402 case HCI_AUTO_CONN_ALWAYS:
6403 list_add(&p->action, &hdev->pend_le_conns);
6404 break;
6405 case HCI_AUTO_CONN_REPORT:
6406 list_add(&p->action, &hdev->pend_le_reports);
6407 break;
6408 default:
6409 break;
c83ed19d 6410 }
6046dc3e
AG		 6411 }
6412}
6413
2ff13894 6414void mgmt_power_on(struct hci_dev *hdev, int err)
229ab39c
JH		 6415{
6416 struct cmd_lookup match = { NULL, hdev };
6417
2ff13894 6418 BT_DBG("err %d", err);
229ab39c 6419
2ff13894
JH		 6420 hci_dev_lock(hdev);
6421
6422 if (!err) {
af02dd44
JH		 6423 restart_le_actions(hdev);
6424 hci_update_background_scan(hdev);
162a3bac
MH		 6425 }
6426
229ab39c
JH		 6427 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
6428
6429 new_settings(hdev, match.sk);
6430
229ab39c
JH		 6431 if (match.sk)
6432 sock_put(match.sk);
229ab39c 6433
2ff13894 6434 hci_dev_unlock(hdev);
70da6243 6435}
562fcc24 6436
2ff13894 6437void __mgmt_power_off(struct hci_dev *hdev)
70da6243
JH		 6438{
6439 struct cmd_lookup match = { NULL, hdev };
9845904f 6440 u8 status, zero_cod[] = { 0, 0, 0 };
b24752fe 6441
229ab39c 6442 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
9845904f
JH		 6443
6444 /* If the power off is because of hdev unregistration let
6445 * use the appropriate INVALID_INDEX status. Otherwise use
6446 * NOT_POWERED. We cover both scenarios here since later in
6447 * mgmt_index_removed() any hci_conn callbacks will have already
6448 * been triggered, potentially causing misleading DISCONNECTED
6449 * status responses.
6450 */
d7a5a11d 6451 if (hci_dev_test_flag(hdev, HCI_UNREGISTER))
9845904f
JH		 6452 status = MGMT_STATUS_INVALID_INDEX;
6453 else
6454 status = MGMT_STATUS_NOT_POWERED;
6455
6456 mgmt_pending_foreach(0, hdev, cmd_complete_rsp, &status);
229ab39c
JH		 6457
6458 if (memcmp(hdev->dev_class, zero_cod, sizeof(zero_cod)) != 0)
f6b7712e
MH		 6459 mgmt_generic_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev,
6460 zero_cod, sizeof(zero_cod), NULL);
229ab39c 6461
2ff13894 6462 new_settings(hdev, match.sk);
eec8d2bc
JH		 6463
6464 if (match.sk)
6465 sock_put(match.sk);
5add6af8 6466}
73f22f62 6467
3eec705e 6468void mgmt_set_powered_failed(struct hci_dev *hdev, int err)
96570ffc 6469{
3b0602cd 6470 struct mgmt_pending_cmd *cmd;
96570ffc
JH		 6471 u8 status;
6472
333ae95d 6473 cmd = pending_find(MGMT_OP_SET_POWERED, hdev);
96570ffc 6474 if (!cmd)
3eec705e 6475 return;
96570ffc
JH		 6476
6477 if (err == -ERFKILL)
6478 status = MGMT_STATUS_RFKILLED;
6479 else
6480 status = MGMT_STATUS_FAILED;
6481
a69e8375 6482 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_POWERED, status);
96570ffc
JH		 6483
6484 mgmt_pending_remove(cmd);
96570ffc
JH		 6485}
6486
dc4a5ee2
MH		 6487void mgmt_new_link_key(struct hci_dev *hdev, struct link_key *key,
6488 bool persistent)
55ed8ca1 6489{
86742e1e 6490 struct mgmt_ev_new_link_key ev;
55ed8ca1 6491
a492cd52 6492 memset(&ev, 0, sizeof(ev));
55ed8ca1 6493
a492cd52 6494 ev.store_hint = persistent;
d753fdc4 6495 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
591f47f3 6496 ev.key.addr.type = BDADDR_BREDR;
a492cd52 6497 ev.key.type = key->type;
9b3b4460 6498 memcpy(ev.key.val, key->val, HCI_LINK_KEY_SIZE);
a492cd52 6499 ev.key.pin_len = key->pin_len;
55ed8ca1 6500
dc4a5ee2 6501 mgmt_event(MGMT_EV_NEW_LINK_KEY, hdev, &ev, sizeof(ev), NULL);
55ed8ca1 6502}
f7520543 6503
d7b25450
JH		 6504static u8 mgmt_ltk_type(struct smp_ltk *ltk)
6505{
23fb8de3
JH		 6506 switch (ltk->type) {
6507 case SMP_LTK:
6508 case SMP_LTK_SLAVE:
6509 if (ltk->authenticated)
6510 return MGMT_LTK_AUTHENTICATED;
6511 return MGMT_LTK_UNAUTHENTICATED;
6512 case SMP_LTK_P256:
6513 if (ltk->authenticated)
6514 return MGMT_LTK_P256_AUTH;
6515 return MGMT_LTK_P256_UNAUTH;
6516 case SMP_LTK_P256_DEBUG:
6517 return MGMT_LTK_P256_DEBUG;
6518 }
d7b25450
JH		 6519
6520 return MGMT_LTK_UNAUTHENTICATED;
6521}
6522
53ac6ab6 6523void mgmt_new_ltk(struct hci_dev *hdev, struct smp_ltk *key, bool persistent)
346af67b
VCG		 6524{
6525 struct mgmt_ev_new_long_term_key ev;
6526
6527 memset(&ev, 0, sizeof(ev));
6528
5192d301 6529 /* Devices using resolvable or non-resolvable random addresses
f72186d2 6530 * without providing an identity resolving key don't require
5192d301
MH		 6531 * to store long term keys. Their addresses will change the
6532 * next time around.
6533 *
6534 * Only when a remote device provides an identity address
6535 * make sure the long term key is stored. If the remote
6536 * identity is known, the long term keys are internally
6537 * mapped to the identity address. So allow static random
6538 * and public addresses here.
6539 */
ba74b666
JH		 6540 if (key->bdaddr_type == ADDR_LE_DEV_RANDOM &&
6541 (key->bdaddr.b[5] & 0xc0) != 0xc0)
6542 ev.store_hint = 0x00;
6543 else
53ac6ab6 6544 ev.store_hint = persistent;
ba74b666 6545
346af67b 6546 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
57c1477c 6547 ev.key.addr.type = link_to_bdaddr(LE_LINK, key->bdaddr_type);
d7b25450 6548 ev.key.type = mgmt_ltk_type(key);
346af67b
VCG		 6549 ev.key.enc_size = key->enc_size;
6550 ev.key.ediv = key->ediv;
fe39c7b2 6551 ev.key.rand = key->rand;
346af67b 6552
2ceba539 6553 if (key->type == SMP_LTK)
346af67b
VCG		 6554 ev.key.master = 1;
6555
1fc62c52
JH		 6556 /* Make sure we copy only the significant bytes based on the
6557 * encryption key size, and set the rest of the value to zeroes.
6558 */
cb92205b 6559 memcpy(ev.key.val, key->val, key->enc_size);
1fc62c52
JH		 6560 memset(ev.key.val + key->enc_size, 0,
6561 sizeof(ev.key.val) - key->enc_size);
346af67b 6562
083368f7 6563 mgmt_event(MGMT_EV_NEW_LONG_TERM_KEY, hdev, &ev, sizeof(ev), NULL);
346af67b
VCG		 6564}
6565
cad20c27 6566void mgmt_new_irk(struct hci_dev *hdev, struct smp_irk *irk, bool persistent)
95fbac8a
JH		 6567{
6568 struct mgmt_ev_new_irk ev;
6569
6570 memset(&ev, 0, sizeof(ev));
6571
cad20c27 6572 ev.store_hint = persistent;
bab6d1e5 6573
95fbac8a
JH		 6574 bacpy(&ev.rpa, &irk->rpa);
6575 bacpy(&ev.irk.addr.bdaddr, &irk->bdaddr);
6576 ev.irk.addr.type = link_to_bdaddr(LE_LINK, irk->addr_type);
6577 memcpy(ev.irk.val, irk->val, sizeof(irk->val));
6578
6579 mgmt_event(MGMT_EV_NEW_IRK, hdev, &ev, sizeof(ev), NULL);
6580}
6581
53ac6ab6
MH		 6582void mgmt_new_csrk(struct hci_dev *hdev, struct smp_csrk *csrk,
6583 bool persistent)
7ee4ea36
MH		 6584{
6585 struct mgmt_ev_new_csrk ev;
6586
6587 memset(&ev, 0, sizeof(ev));
6588
6589 /* Devices using resolvable or non-resolvable random addresses
f72186d2 6590 * without providing an identity resolving key don't require
7ee4ea36
MH		 6591 * to store signature resolving keys. Their addresses will change
6592 * the next time around.
6593 *
6594 * Only when a remote device provides an identity address
6595 * make sure the signature resolving key is stored. So allow
6596 * static random and public addresses here.
6597 */
6598 if (csrk->bdaddr_type == ADDR_LE_DEV_RANDOM &&
6599 (csrk->bdaddr.b[5] & 0xc0) != 0xc0)
6600 ev.store_hint = 0x00;
6601 else
53ac6ab6 6602 ev.store_hint = persistent;
7ee4ea36
MH		 6603
6604 bacpy(&ev.key.addr.bdaddr, &csrk->bdaddr);
6605 ev.key.addr.type = link_to_bdaddr(LE_LINK, csrk->bdaddr_type);
4cd3928a 6606 ev.key.type = csrk->type;
7ee4ea36
MH		 6607 memcpy(ev.key.val, csrk->val, sizeof(csrk->val));
6608
6609 mgmt_event(MGMT_EV_NEW_CSRK, hdev, &ev, sizeof(ev), NULL);
6610}
6611
ffb5a827 6612void mgmt_new_conn_param(struct hci_dev *hdev, bdaddr_t *bdaddr,
f4869e2a
JH		 6613 u8 bdaddr_type, u8 store_hint, u16 min_interval,
6614 u16 max_interval, u16 latency, u16 timeout)
ffb5a827
AG		 6615{
6616 struct mgmt_ev_new_conn_param ev;
6617
c103aea6
JH		 6618 if (!hci_is_identity_address(bdaddr, bdaddr_type))
6619 return;
6620
ffb5a827
AG		 6621 memset(&ev, 0, sizeof(ev));
6622 bacpy(&ev.addr.bdaddr, bdaddr);
6623 ev.addr.type = link_to_bdaddr(LE_LINK, bdaddr_type);
f4869e2a 6624 ev.store_hint = store_hint;
ffb5a827
AG		 6625 ev.min_interval = cpu_to_le16(min_interval);
6626 ev.max_interval = cpu_to_le16(max_interval);
6627 ev.latency = cpu_to_le16(latency);
6628 ev.timeout = cpu_to_le16(timeout);
6629
6630 mgmt_event(MGMT_EV_NEW_CONN_PARAM, hdev, &ev, sizeof(ev), NULL);
6631}
6632
48ec92fa
AA		 6633void mgmt_device_connected(struct hci_dev *hdev, struct hci_conn *conn,
6634 u32 flags, u8 *name, u8 name_len)
f7520543 6635{
b644ba33
JH		 6636 char buf[512];
6637 struct mgmt_ev_device_connected *ev = (void *) buf;
6638 u16 eir_len = 0;
f7520543 6639
48ec92fa
AA		 6640 bacpy(&ev->addr.bdaddr, &conn->dst);
6641 ev->addr.type = link_to_bdaddr(conn->type, conn->dst_type);
f7520543 6642
c95f0ba7 6643 ev->flags = __cpu_to_le32(flags);
08c79b61 6644
fd45ada9
AA		 6645 /* We must ensure that the EIR Data fields are ordered and
6646 * unique. Keep it simple for now and avoid the problem by not
6647 * adding any BR/EDR data to the LE adv.
6648 */
6649 if (conn->le_adv_data_len > 0) {
6650 memcpy(&ev->eir[eir_len],
6651 conn->le_adv_data, conn->le_adv_data_len);
6652 eir_len = conn->le_adv_data_len;
6653 } else {
6654 if (name_len > 0)
6655 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE,
6656 name, name_len);
b644ba33 6657
ddbea5cf 6658 if (memcmp(conn->dev_class, "\0\0\0", 3) != 0)
fd45ada9
AA		 6659 eir_len = eir_append_data(ev->eir, eir_len,
6660 EIR_CLASS_OF_DEV,
6661 conn->dev_class, 3);
6662 }
b644ba33 6663
eb55ef07 6664 ev->eir_len = cpu_to_le16(eir_len);
b644ba33 6665
ecd90ae7
MH		 6666 mgmt_event(MGMT_EV_DEVICE_CONNECTED, hdev, buf,
6667 sizeof(*ev) + eir_len, NULL);
f7520543
JH		 6668}
6669
3b0602cd 6670static void disconnect_rsp(struct mgmt_pending_cmd *cmd, void *data)
8962ee74 6671{
8962ee74 6672 struct sock **sk = data;
8962ee74 6673
f5818c22 6674 cmd->cmd_complete(cmd, 0);
8962ee74
JH		 6675
6676 *sk = cmd->sk;
6677 sock_hold(*sk);
6678
a664b5bc 6679 mgmt_pending_remove(cmd);
8962ee74
JH		 6680}
6681
3b0602cd 6682static void unpair_device_rsp(struct mgmt_pending_cmd *cmd, void *data)
a8a1d19e 6683{
b1078ad0 6684 struct hci_dev *hdev = data;
124f6e35 6685 struct mgmt_cp_unpair_device *cp = cmd->param;
a8a1d19e 6686
b1078ad0
JH		 6687 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, cmd->sk);
6688
d8b7b1e4 6689 cmd->cmd_complete(cmd, 0);
a8a1d19e
JH		 6690 mgmt_pending_remove(cmd);
6691}
6692
84c61d92
JH		 6693bool mgmt_powering_down(struct hci_dev *hdev)
6694{
3b0602cd 6695 struct mgmt_pending_cmd *cmd;
84c61d92
JH		 6696 struct mgmt_mode *cp;
6697
333ae95d 6698 cmd = pending_find(MGMT_OP_SET_POWERED, hdev);
84c61d92
JH		 6699 if (!cmd)
6700 return false;
6701
6702 cp = cmd->param;
6703 if (!cp->val)
6704 return true;
6705
6706 return false;
6707}
6708
9b80ec5e 6709void mgmt_device_disconnected(struct hci_dev *hdev, bdaddr_t *bdaddr,
12d4a3b2
JH		 6710 u8 link_type, u8 addr_type, u8 reason,
6711 bool mgmt_connected)
f7520543 6712{
f0d6a0ea 6713 struct mgmt_ev_device_disconnected ev;
8962ee74 6714 struct sock *sk = NULL;
8962ee74 6715
84c61d92
JH		 6716 /* The connection is still in hci_conn_hash so test for 1
6717 * instead of 0 to know if this is the last one.
6718 */
6719 if (mgmt_powering_down(hdev) && hci_conn_count(hdev) == 1) {
6720 cancel_delayed_work(&hdev->power_off);
6721 queue_work(hdev->req_workqueue, &hdev->power_off.work);
8b064a3a
JH		 6722 }
6723
12d4a3b2
JH		 6724 if (!mgmt_connected)
6725 return;
6726
57eb776f
AG		 6727 if (link_type != ACL_LINK && link_type != LE_LINK)
6728 return;
6729
744cf19e 6730 mgmt_pending_foreach(MGMT_OP_DISCONNECT, hdev, disconnect_rsp, &sk);
f7520543 6731
f0d6a0ea
MA		 6732 bacpy(&ev.addr.bdaddr, bdaddr);
6733 ev.addr.type = link_to_bdaddr(link_type, addr_type);
6734 ev.reason = reason;
f7520543 6735
9b80ec5e 6736 mgmt_event(MGMT_EV_DEVICE_DISCONNECTED, hdev, &ev, sizeof(ev), sk);
8962ee74
JH		 6737
6738 if (sk)
d97dcb66 6739 sock_put(sk);
8962ee74 6740
124f6e35 6741 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
04124681 6742 hdev);
8962ee74
JH		 6743}
6744
7892924c
MH		 6745void mgmt_disconnect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr,
6746 u8 link_type, u8 addr_type, u8 status)
8962ee74 6747{
3655bba8
AG		 6748 u8 bdaddr_type = link_to_bdaddr(link_type, addr_type);
6749 struct mgmt_cp_disconnect *cp;
3b0602cd 6750 struct mgmt_pending_cmd *cmd;
8962ee74 6751
36a75f1b
JD		 6752 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
6753 hdev);
6754
333ae95d 6755 cmd = pending_find(MGMT_OP_DISCONNECT, hdev);
8962ee74 6756 if (!cmd)
7892924c 6757 return;
8962ee74 6758
3655bba8
AG		 6759 cp = cmd->param;
6760
6761 if (bacmp(bdaddr, &cp->addr.bdaddr))
6762 return;
6763
6764 if (cp->addr.type != bdaddr_type)
6765 return;
6766
f5818c22 6767 cmd->cmd_complete(cmd, mgmt_status(status));
a664b5bc 6768 mgmt_pending_remove(cmd);
f7520543 6769}
17d5c04c 6770
445608d0
MH		 6771void mgmt_connect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
6772 u8 addr_type, u8 status)
17d5c04c
JH		 6773{
6774 struct mgmt_ev_connect_failed ev;
c9910d0f 6775
84c61d92
JH		 6776 /* The connection is still in hci_conn_hash so test for 1
6777 * instead of 0 to know if this is the last one.
6778 */
6779 if (mgmt_powering_down(hdev) && hci_conn_count(hdev) == 1) {
6780 cancel_delayed_work(&hdev->power_off);
6781 queue_work(hdev->req_workqueue, &hdev->power_off.work);
c9910d0f 6782 }
17d5c04c 6783
4c659c39 6784 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 6785 ev.addr.type = link_to_bdaddr(link_type, addr_type);
ca69b795 6786 ev.status = mgmt_status(status);
17d5c04c 6787
445608d0 6788 mgmt_event(MGMT_EV_CONNECT_FAILED, hdev, &ev, sizeof(ev), NULL);
17d5c04c 6789}
980e1a53 6790
ce0e4a0d 6791void mgmt_pin_code_request(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 secure)
980e1a53
JH		 6792{
6793 struct mgmt_ev_pin_code_request ev;
6794
d8457698 6795 bacpy(&ev.addr.bdaddr, bdaddr);
591f47f3 6796 ev.addr.type = BDADDR_BREDR;
a770bb5a 6797 ev.secure = secure;
980e1a53 6798
ce0e4a0d 6799 mgmt_event(MGMT_EV_PIN_CODE_REQUEST, hdev, &ev, sizeof(ev), NULL);
980e1a53
JH		 6800}
6801
e669cf80
MH		 6802void mgmt_pin_code_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
6803 u8 status)
980e1a53 6804{
3b0602cd 6805 struct mgmt_pending_cmd *cmd;
980e1a53 6806
333ae95d 6807 cmd = pending_find(MGMT_OP_PIN_CODE_REPLY, hdev);
980e1a53 6808 if (!cmd)
e669cf80 6809 return;
980e1a53 6810
7776d1d8 6811 cmd->cmd_complete(cmd, mgmt_status(status));
a664b5bc 6812 mgmt_pending_remove(cmd);
980e1a53
JH		 6813}
6814
3eb38528
MH		 6815void mgmt_pin_code_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
6816 u8 status)
980e1a53 6817{
3b0602cd 6818 struct mgmt_pending_cmd *cmd;
980e1a53 6819
333ae95d 6820 cmd = pending_find(MGMT_OP_PIN_CODE_NEG_REPLY, hdev);
980e1a53 6821 if (!cmd)
3eb38528 6822 return;
980e1a53 6823
7776d1d8 6824 cmd->cmd_complete(cmd, mgmt_status(status));
a664b5bc 6825 mgmt_pending_remove(cmd);
980e1a53 6826}
a5c29683 6827
744cf19e 6828int mgmt_user_confirm_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
39adbffe 6829 u8 link_type, u8 addr_type, u32 value,
04124681 6830 u8 confirm_hint)
a5c29683
JH		 6831{
6832 struct mgmt_ev_user_confirm_request ev;
6833
744cf19e 6834 BT_DBG("%s", hdev->name);
a5c29683 6835
272d90df 6836 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 6837 ev.addr.type = link_to_bdaddr(link_type, addr_type);
55bc1a37 6838 ev.confirm_hint = confirm_hint;
39adbffe 6839 ev.value = cpu_to_le32(value);
a5c29683 6840
744cf19e 6841 return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST, hdev, &ev, sizeof(ev),
04124681 6842 NULL);
a5c29683
JH		 6843}
6844
272d90df 6845int mgmt_user_passkey_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
8ce8e2b5 6846 u8 link_type, u8 addr_type)
604086b7
BG		 6847{
6848 struct mgmt_ev_user_passkey_request ev;
6849
6850 BT_DBG("%s", hdev->name);
6851
272d90df 6852 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 6853 ev.addr.type = link_to_bdaddr(link_type, addr_type);
604086b7
BG		 6854
6855 return mgmt_event(MGMT_EV_USER_PASSKEY_REQUEST, hdev, &ev, sizeof(ev),
04124681 6856 NULL);
604086b7
BG		 6857}
6858
0df4c185 6859static int user_pairing_resp_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
8ce8e2b5
GP		 6860 u8 link_type, u8 addr_type, u8 status,
6861 u8 opcode)
a5c29683 6862{
3b0602cd 6863 struct mgmt_pending_cmd *cmd;
a5c29683 6864
333ae95d 6865 cmd = pending_find(opcode, hdev);
a5c29683
JH		 6866 if (!cmd)
6867 return -ENOENT;
6868
7776d1d8 6869 cmd->cmd_complete(cmd, mgmt_status(status));
a664b5bc 6870 mgmt_pending_remove(cmd);
a5c29683 6871
7776d1d8 6872 return 0;
a5c29683
JH		 6873}
6874
744cf19e 6875int mgmt_user_confirm_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 6876 u8 link_type, u8 addr_type, u8 status)
a5c29683 6877{
272d90df 6878 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
04124681 6879 status, MGMT_OP_USER_CONFIRM_REPLY);
a5c29683
JH		 6880}
6881
272d90df 6882int mgmt_user_confirm_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 6883 u8 link_type, u8 addr_type, u8 status)
a5c29683 6884{
272d90df 6885 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
8fc9ced3
GP		 6886 status,
6887 MGMT_OP_USER_CONFIRM_NEG_REPLY);
a5c29683 6888}
2a611692 6889
604086b7 6890int mgmt_user_passkey_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 6891 u8 link_type, u8 addr_type, u8 status)
604086b7 6892{
272d90df 6893 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
04124681 6894 status, MGMT_OP_USER_PASSKEY_REPLY);
604086b7
BG		 6895}
6896
272d90df 6897int mgmt_user_passkey_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 6898 u8 link_type, u8 addr_type, u8 status)
604086b7 6899{
272d90df 6900 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
8fc9ced3
GP		 6901 status,
6902 MGMT_OP_USER_PASSKEY_NEG_REPLY);
604086b7
BG		 6903}
6904
92a25256
JH		 6905int mgmt_user_passkey_notify(struct hci_dev *hdev, bdaddr_t *bdaddr,
6906 u8 link_type, u8 addr_type, u32 passkey,
6907 u8 entered)
6908{
6909 struct mgmt_ev_passkey_notify ev;
6910
6911 BT_DBG("%s", hdev->name);
6912
6913 bacpy(&ev.addr.bdaddr, bdaddr);
6914 ev.addr.type = link_to_bdaddr(link_type, addr_type);
6915 ev.passkey = __cpu_to_le32(passkey);
6916 ev.entered = entered;
6917
6918 return mgmt_event(MGMT_EV_PASSKEY_NOTIFY, hdev, &ev, sizeof(ev), NULL);
6919}
6920
e1e930f5 6921void mgmt_auth_failed(struct hci_conn *conn, u8 hci_status)
2a611692
JH		 6922{
6923 struct mgmt_ev_auth_failed ev;
3b0602cd 6924 struct mgmt_pending_cmd *cmd;
e1e930f5 6925 u8 status = mgmt_status(hci_status);
2a611692 6926
e1e930f5
JH		 6927 bacpy(&ev.addr.bdaddr, &conn->dst);
6928 ev.addr.type = link_to_bdaddr(conn->type, conn->dst_type);
6929 ev.status = status;
2a611692 6930
e1e930f5
JH		 6931 cmd = find_pairing(conn);
6932
6933 mgmt_event(MGMT_EV_AUTH_FAILED, conn->hdev, &ev, sizeof(ev),
6934 cmd ? cmd->sk : NULL);
6935
a511b35b
JH		 6936 if (cmd) {
6937 cmd->cmd_complete(cmd, status);
6938 mgmt_pending_remove(cmd);
6939 }
2a611692 6940}
b312b161 6941
464996ae 6942void mgmt_auth_enable_complete(struct hci_dev *hdev, u8 status)
33ef95ed
JH		 6943{
6944 struct cmd_lookup match = { NULL, hdev };
464996ae 6945 bool changed;
33ef95ed
JH		 6946
6947 if (status) {
6948 u8 mgmt_err = mgmt_status(status);
6949 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev,
04124681 6950 cmd_status_rsp, &mgmt_err);
464996ae 6951 return;
33ef95ed
JH		 6952 }
6953
464996ae 6954 if (test_bit(HCI_AUTH, &hdev->flags))
238be788 6955 changed = !hci_dev_test_and_set_flag(hdev, HCI_LINK_SECURITY);
464996ae 6956 else
a69d8927 6957 changed = hci_dev_test_and_clear_flag(hdev, HCI_LINK_SECURITY);
47990ea0 6958
33ef95ed 6959 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev, settings_rsp,
04124681 6960 &match);
33ef95ed 6961
47990ea0 6962 if (changed)
464996ae 6963 new_settings(hdev, match.sk);
33ef95ed
JH		 6964
6965 if (match.sk)
6966 sock_put(match.sk);
33ef95ed
JH		 6967}
6968
890ea898 6969static void clear_eir(struct hci_request *req)
cacaf52f 6970{
890ea898 6971 struct hci_dev *hdev = req->hdev;
cacaf52f
JH		 6972 struct hci_cp_write_eir cp;
6973
976eb20e 6974 if (!lmp_ext_inq_capable(hdev))
890ea898 6975 return;
cacaf52f 6976
c80da27e
JH		 6977 memset(hdev->eir, 0, sizeof(hdev->eir));
6978
cacaf52f
JH		 6979 memset(&cp, 0, sizeof(cp));
6980
890ea898 6981 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
cacaf52f
JH		 6982}
6983
3e248560 6984void mgmt_ssp_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
ed2c4ee3
JH		 6985{
6986 struct cmd_lookup match = { NULL, hdev };
890ea898 6987 struct hci_request req;
c0ecddc2 6988 bool changed = false;
ed2c4ee3
JH		 6989
6990 if (status) {
6991 u8 mgmt_err = mgmt_status(status);
c0ecddc2 6992
a69d8927
MH		 6993 if (enable && hci_dev_test_and_clear_flag(hdev,
6994 HCI_SSP_ENABLED)) {
a358dc11 6995 hci_dev_clear_flag(hdev, HCI_HS_ENABLED);
3e248560 6996 new_settings(hdev, NULL);
9ecb3e24 6997 }
c0ecddc2 6998
04124681
GP		 6999 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, cmd_status_rsp,
7000 &mgmt_err);
3e248560 7001 return;
c0ecddc2
JH		 7002 }
7003
7004 if (enable) {
238be788 7005 changed = !hci_dev_test_and_set_flag(hdev, HCI_SSP_ENABLED);
c0ecddc2 7006 } else {
a69d8927 7007 changed = hci_dev_test_and_clear_flag(hdev, HCI_SSP_ENABLED);
9ecb3e24 7008 if (!changed)
a69d8927
MH		 7009 changed = hci_dev_test_and_clear_flag(hdev,
7010 HCI_HS_ENABLED);
9ecb3e24 7011 else
a358dc11 7012 hci_dev_clear_flag(hdev, HCI_HS_ENABLED);
ed2c4ee3
JH		 7013 }
7014
7015 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, settings_rsp, &match);
7016
c0ecddc2 7017 if (changed)
3e248560 7018 new_settings(hdev, match.sk);
ed2c4ee3 7019
5fc6ebb1 7020 if (match.sk)
ed2c4ee3
JH		 7021 sock_put(match.sk);
7022
890ea898
JH		 7023 hci_req_init(&req, hdev);
7024
d7a5a11d
MH		 7025 if (hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) {
7026 if (hci_dev_test_flag(hdev, HCI_USE_DEBUG_KEYS))
3769972b
JH		 7027 hci_req_add(&req, HCI_OP_WRITE_SSP_DEBUG_MODE,
7028 sizeof(enable), &enable);
b1a8917c 7029 __hci_req_update_eir(&req);
3769972b 7030 } else {
890ea898 7031 clear_eir(&req);
3769972b 7032 }
890ea898
JH		 7033
7034 hci_req_run(&req, NULL);
ed2c4ee3
JH		 7035}
7036
3b0602cd 7037static void sk_lookup(struct mgmt_pending_cmd *cmd, void *data)
90e70454
JH		 7038{
7039 struct cmd_lookup *match = data;
7040
90e70454
JH		 7041 if (match->sk == NULL) {
7042 match->sk = cmd->sk;
7043 sock_hold(match->sk);
7044 }
90e70454
JH		 7045}
7046
4e1b0245
MH		 7047void mgmt_set_class_of_dev_complete(struct hci_dev *hdev, u8 *dev_class,
7048 u8 status)
7f9a903c 7049{
90e70454 7050 struct cmd_lookup match = { NULL, hdev, mgmt_status(status) };
7f9a903c 7051
92da6097
JH		 7052 mgmt_pending_foreach(MGMT_OP_SET_DEV_CLASS, hdev, sk_lookup, &match);
7053 mgmt_pending_foreach(MGMT_OP_ADD_UUID, hdev, sk_lookup, &match);
7054 mgmt_pending_foreach(MGMT_OP_REMOVE_UUID, hdev, sk_lookup, &match);
90e70454
JH		 7055
7056 if (!status)
f6b7712e
MH		 7057 mgmt_generic_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev,
7058 dev_class, 3, NULL);
90e70454
JH		 7059
7060 if (match.sk)
7061 sock_put(match.sk);
7f9a903c
MH		 7062}
7063
7667da34 7064void mgmt_set_local_name_complete(struct hci_dev *hdev, u8 *name, u8 status)
b312b161 7065{
b312b161 7066 struct mgmt_cp_set_local_name ev;
3b0602cd 7067 struct mgmt_pending_cmd *cmd;
28cc7bde 7068
13928971 7069 if (status)
7667da34 7070 return;
b312b161
JH		 7071
7072 memset(&ev, 0, sizeof(ev));
7073 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH);
28cc7bde 7074 memcpy(ev.short_name, hdev->short_name, HCI_MAX_SHORT_NAME_LENGTH);
b312b161 7075
333ae95d 7076 cmd = pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
13928971
JH		 7077 if (!cmd) {
7078 memcpy(hdev->dev_name, name, sizeof(hdev->dev_name));
28cc7bde 7079
13928971
JH		 7080 /* If this is a HCI command related to powering on the
7081 * HCI dev don't send any mgmt signals.
7082 */
333ae95d 7083 if (pending_find(MGMT_OP_SET_POWERED, hdev))
7667da34 7084 return;
890ea898 7085 }
b312b161 7086
f6b7712e
MH		 7087 mgmt_generic_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, &ev, sizeof(ev),
7088 cmd ? cmd->sk : NULL);
b312b161 7089}
c35938b2 7090
799ce93d
JP		 7091static inline bool has_uuid(u8 *uuid, u16 uuid_count, u8 (*uuids)[16])
7092{
7093 int i;
7094
7095 for (i = 0; i < uuid_count; i++) {
7096 if (!memcmp(uuid, uuids[i], 16))
7097 return true;
7098 }
7099
7100 return false;
7101}
7102
b487b9ce
MH		 7103static bool eir_has_uuids(u8 *eir, u16 eir_len, u16 uuid_count, u8 (*uuids)[16])
7104{
799ce93d
JP		 7105 u16 parsed = 0;
7106
7107 while (parsed < eir_len) {
7108 u8 field_len = eir[0];
7109 u8 uuid[16];
7110 int i;
7111
7112 if (field_len == 0)
7113 break;
7114
7115 if (eir_len - parsed < field_len + 1)
7116 break;
7117
7118 switch (eir[1]) {
7119 case EIR_UUID16_ALL:
7120 case EIR_UUID16_SOME:
7121 for (i = 0; i + 3 <= field_len; i += 2) {
189f6ad2 7122 memcpy(uuid, bluetooth_base_uuid, 16);
799ce93d
JP		 7123 uuid[13] = eir[i + 3];
7124 uuid[12] = eir[i + 2];
7125 if (has_uuid(uuid, uuid_count, uuids))
7126 return true;
7127 }
7128 break;
7129 case EIR_UUID32_ALL:
7130 case EIR_UUID32_SOME:
7131 for (i = 0; i + 5 <= field_len; i += 4) {
189f6ad2 7132 memcpy(uuid, bluetooth_base_uuid, 16);
799ce93d
JP		 7133 uuid[15] = eir[i + 5];
7134 uuid[14] = eir[i + 4];
7135 uuid[13] = eir[i + 3];
7136 uuid[12] = eir[i + 2];
7137 if (has_uuid(uuid, uuid_count, uuids))
7138 return true;
7139 }
7140 break;
7141 case EIR_UUID128_ALL:
7142 case EIR_UUID128_SOME:
7143 for (i = 0; i + 17 <= field_len; i += 16) {
7144 memcpy(uuid, eir + i + 2, 16);
7145 if (has_uuid(uuid, uuid_count, uuids))
7146 return true;
7147 }
7148 break;
7149 }
7150
7151 parsed += field_len + 1;
7152 eir += field_len + 1;
7153 }
7154
b487b9ce
MH		 7155 return false;
7156}
7157
4b0e0ced
JP		 7158static void restart_le_scan(struct hci_dev *hdev)
7159{
7160 /* If controller is not scanning we are done. */
d7a5a11d 7161 if (!hci_dev_test_flag(hdev, HCI_LE_SCAN))
4b0e0ced
JP		 7162 return;
7163
7164 if (time_after(jiffies + DISCOV_LE_RESTART_DELAY,
7165 hdev->discovery.scan_start +
7166 hdev->discovery.scan_duration))
7167 return;
7168
7c1fbed2 7169 queue_delayed_work(hdev->req_workqueue, &hdev->le_scan_restart,
4b0e0ced
JP		 7170 DISCOV_LE_RESTART_DELAY);
7171}
7172
48f86b7f
JP		 7173static bool is_filter_match(struct hci_dev *hdev, s8 rssi, u8 *eir,
7174 u16 eir_len, u8 *scan_rsp, u8 scan_rsp_len)
e17acd40 7175{
48f86b7f
JP		 7176 /* If a RSSI threshold has been specified, and
7177 * HCI_QUIRK_STRICT_DUPLICATE_FILTER is not set, then all results with
7178 * a RSSI smaller than the RSSI threshold will be dropped. If the quirk
7179 * is set, let it through for further processing, as we might need to
7180 * restart the scan.
efb2513f
MH		 7181 *
7182 * For BR/EDR devices (pre 1.2) providing no RSSI during inquiry,
7183 * the results are also dropped.
bda157a4
MH		 7184 */
7185 if (hdev->discovery.rssi != HCI_RSSI_INVALID &&
4b0e0ced
JP		 7186 (rssi == HCI_RSSI_INVALID ||
7187 (rssi < hdev->discovery.rssi &&
7188 !test_bit(HCI_QUIRK_STRICT_DUPLICATE_FILTER, &hdev->quirks))))
48f86b7f 7189 return false;
efb2513f 7190
2976cdeb
JP		 7191 if (hdev->discovery.uuid_count != 0) {
7192 /* If a list of UUIDs is provided in filter, results with no
7193 * matching UUID should be dropped.
b487b9ce 7194 */
2976cdeb
JP		 7195 if (!eir_has_uuids(eir, eir_len, hdev->discovery.uuid_count,
7196 hdev->discovery.uuids) &&
7197 !eir_has_uuids(scan_rsp, scan_rsp_len,
7198 hdev->discovery.uuid_count,
7199 hdev->discovery.uuids))
7200 return false;
b487b9ce 7201 }
5d2e9fad 7202
2976cdeb
JP		 7203 /* If duplicate filtering does not report RSSI changes, then restart
7204 * scanning to ensure updated result with updated RSSI values.
4b0e0ced 7205 */
2976cdeb
JP		 7206 if (test_bit(HCI_QUIRK_STRICT_DUPLICATE_FILTER, &hdev->quirks)) {
7207 restart_le_scan(hdev);
7208
7209 /* Validate RSSI value against the RSSI threshold once more. */
7210 if (hdev->discovery.rssi != HCI_RSSI_INVALID &&
7211 rssi < hdev->discovery.rssi)
7212 return false;
7213 }
48f86b7f
JP		 7214
7215 return true;
7216}
7217
7218void mgmt_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
7219 u8 addr_type, u8 *dev_class, s8 rssi, u32 flags,
7220 u8 *eir, u16 eir_len, u8 *scan_rsp, u8 scan_rsp_len)
7221{
7222 char buf[512];
7223 struct mgmt_ev_device_found *ev = (void *)buf;
7224 size_t ev_size;
7225
7226 /* Don't send events for a non-kernel initiated discovery. With
7227 * LE one exception is if we have pend_le_reports > 0 in which
7228 * case we're doing passive scanning and want these events.
7229 */
7230 if (!hci_discovery_active(hdev)) {
7231 if (link_type == ACL_LINK)
7232 return;
7233 if (link_type == LE_LINK && list_empty(&hdev->pend_le_reports))
7234 return;
7235 }
7236
82f8b651 7237 if (hdev->discovery.result_filtering) {
48f86b7f
JP		 7238 /* We are using service discovery */
7239 if (!is_filter_match(hdev, rssi, eir, eir_len, scan_rsp,
7240 scan_rsp_len))
7241 return;
7242 }
7243
7244 /* Make sure that the buffer is big enough. The 5 extra bytes
7245 * are for the potential CoD field.
7246 */
7247 if (sizeof(*ev) + eir_len + scan_rsp_len + 5 > sizeof(buf))
4b0e0ced
JP		 7248 return;
7249
48f86b7f
JP		 7250 memset(buf, 0, sizeof(buf));
7251
7252 /* In case of device discovery with BR/EDR devices (pre 1.2), the
7253 * RSSI value was reported as 0 when not available. This behavior
7254 * is kept when using device discovery. This is required for full
7255 * backwards compatibility with the API.
7256 *
7257 * However when using service discovery, the value 127 will be
7258 * returned when the RSSI is not available.
7259 */
7260 if (rssi == HCI_RSSI_INVALID && !hdev->discovery.report_invalid_rssi &&
7261 link_type == ACL_LINK)
7262 rssi = 0;
7263
7264 bacpy(&ev->addr.bdaddr, bdaddr);
7265 ev->addr.type = link_to_bdaddr(link_type, addr_type);
7266 ev->rssi = rssi;
7267 ev->flags = cpu_to_le32(flags);
7268
7269 if (eir_len > 0)
7270 /* Copy EIR or advertising data into event */
7271 memcpy(ev->eir, eir, eir_len);
7272
7273 if (dev_class && !eir_has_data_type(ev->eir, eir_len, EIR_CLASS_OF_DEV))
7274 eir_len = eir_append_data(ev->eir, eir_len, EIR_CLASS_OF_DEV,
7275 dev_class, 3);
7276
7277 if (scan_rsp_len > 0)
7278 /* Append scan response data to event */
7279 memcpy(ev->eir + eir_len, scan_rsp, scan_rsp_len);
7280
5d2e9fad
JH		 7281 ev->eir_len = cpu_to_le16(eir_len + scan_rsp_len);
7282 ev_size = sizeof(*ev) + eir_len + scan_rsp_len;
f8523598 7283
901801b9 7284 mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, ev_size, NULL);
e17acd40 7285}
a88a9652 7286
9cf12aee
MH		 7287void mgmt_remote_name(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
7288 u8 addr_type, s8 rssi, u8 *name, u8 name_len)
a88a9652 7289{
b644ba33
JH		 7290 struct mgmt_ev_device_found *ev;
7291 char buf[sizeof(*ev) + HCI_MAX_NAME_LENGTH + 2];
7292 u16 eir_len;
a88a9652 7293
b644ba33 7294 ev = (struct mgmt_ev_device_found *) buf;
a88a9652 7295
b644ba33
JH		 7296 memset(buf, 0, sizeof(buf));
7297
7298 bacpy(&ev->addr.bdaddr, bdaddr);
57c1477c 7299 ev->addr.type = link_to_bdaddr(link_type, addr_type);
b644ba33
JH		 7300 ev->rssi = rssi;
7301
7302 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE, name,
04124681 7303 name_len);
b644ba33 7304
eb55ef07 7305 ev->eir_len = cpu_to_le16(eir_len);
a88a9652 7306
9cf12aee 7307 mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, sizeof(*ev) + eir_len, NULL);
a88a9652 7308}
314b2381 7309
2f1e063b 7310void mgmt_discovering(struct hci_dev *hdev, u8 discovering)
314b2381 7311{
f963e8e9 7312 struct mgmt_ev_discovering ev;
164a6e78 7313
343fb145
AG		 7314 BT_DBG("%s discovering %u", hdev->name, discovering);
7315
f963e8e9
JH		 7316 memset(&ev, 0, sizeof(ev));
7317 ev.type = hdev->discovery.type;
7318 ev.discovering = discovering;
7319
2f1e063b 7320 mgmt_event(MGMT_EV_DISCOVERING, hdev, &ev, sizeof(ev), NULL);
314b2381 7321}
5e762444 7322
6d785aa3
JH		 7323static struct hci_mgmt_chan chan = {
7324 .channel = HCI_CHANNEL_CONTROL,
7325 .handler_count = ARRAY_SIZE(mgmt_handlers),
7326 .handlers = mgmt_handlers,
88b94ce9 7327 .hdev_init = mgmt_init_hdev,
6d785aa3
JH		 7328};
7329
7330int mgmt_init(void)
7331{
7332 return hci_mgmt_chan_register(&chan);
7333}
7334
7335void mgmt_exit(void)
7336{
7337 hci_mgmt_chan_unregister(&chan);
7338}
Linux kernel - Deliverables
This page took 1.038038 seconds and 5 git commands to generate.